Visible passwords in realm
Hi all, Is there any way to not have the password visible in the realm for example for active directory realm? Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://xxx:389; authentication=simple referrals=follow connectionName=cn= CN=xx ,ou=,ou=sasa ,ou=s,ou=xxx,dc=xxx, dc=,dc=net connectionPassword=password userSearch=(sAMAccountName={0}) userBase=DC=xxx,DC=xxx, DC=x userSubtree=true roleSearch=(member={0}) roleName=cn roleSubtree=true roleBase=dc=xx,dc=xxx,dc=xxx/ Thanks William - The information contained in this communication (including any attachments hereto) is confidential and is intended solely for the personal and confidential use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this communication in error and that any review, dissemination, copying, or unauthorized use of this information, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. Thank you
Re: Visible passwords in realm
2013/11/20 williamissey...@tsys.com: Hi all, Is there any way to not have the password visible in the realm for example for active directory realm? Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://xxx:389; authentication=simple referrals=follow connectionName=cn= CN=xx ,ou=,ou=sasa ,ou=s,ou=xxx,dc=xxx, dc=,dc=net connectionPassword=password userSearch=(sAMAccountName={0}) userBase=DC=xxx,DC=xxx, DC=x userSubtree=true roleSearch=(member={0}) roleName=cn roleSubtree=true roleBase=dc=xx,dc=xxx,dc=xxx/ https://wiki.apache.org/tomcat/FAQ/Password - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: setting the text or binary buffer size for websockets
On 19/11/2013 17:12, Johan Compagner wrote: I expect that i can send now 32K at once of text (or binary) withing that continuation frame The buffer sizes control the input buffer - i.e. they control the maximum size of a message that can be received if an application doesn't support partial messages. The output buffers are all 8K. The splitting of a WebSocket message into multiple frames should be transparent to the application. ah thx. But then i think a doc needs to be updated: http://tomcat.apache.org/tomcat-8.0-doc/web-socket-howto.html that doesn't tell me at all that it only input buffers, the property name doesn't say that and also the text doesn't mention that at all it just says: The default buffer size for text messages is 8192 bytes and many times in java that means an output buffer. Done. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: setting the text or binary buffer size for websockets
Konstantin, Right, I also think the calls to getBasicRemote().sendText(...) should be synchronized as multiple threads can concurrently access this method for a particular client (that however could mean that if one client stops receiving from its WebSocket connection, no other client can receive messages - to solve this, e.g. one could use a dedicated thread for each client which takes and sends messages from a queue, or use the RemoteEndpoint.Async). Oracle's javadoc of RemoteEndpoint.Basic says: If the websocket connection underlying this RemoteEndpoint is busy sending a message when a call is made to send another one, for example if two threads attempt to call a send method concurrently, or if a developer attempts to send a new message while in the middle of sending an existing one, the send method called while the connection is already busy may throw an IllegalStateException. ah ok, that makes sense then, i still would say why not make sendText of BasicRemote a synchronized method inside tomcat. Because that is what it really needs to be anyway, but doing a sync around that is fine in our code. But mistakes in this area are easily made, see for example the chat example. That one is not really thread safe, i guess the private static void broadcast(String msg) method should really sync around the connections field. And then i guess that connections doesn't have to be a copyonwritelist (also sync on it when changes to that list are made) What i still don't understand then when, had exactly the same code and instead of getBasicRemote() i do getAsyncRemote() that i also did get the same problems A sync in my code wouldn't fix that at all, because the method returns right away.. So i guess this has to be fixed by tomcat itself? So that asyncremote does take care of of the synchronization? However, even after adding synchronization, I get stability issues and several exceptions on current Tomcat 8 trunk when sending large messages. I have filed a report here (I don't know if these are the same issues that you got): https://issues.apache.org/bugzilla/show_bug.cgi?id=55799 thats quite the same stuff, i only did get some other reported stuff inside the browser, i guess because of the scrambled data. I didn't really see that illegalstate exception showing up in the log. johan
Re: Restrict the use of JDK classes Tomcat 7 or 6
From what I understand in this doc, there is no specific resource management code anywhere and you must ensure that your application will call permission checking every time you are going to access the protected resource. Even for a web application, it must be considered as any other application, and it's in your own code to call such checking. The doc says : Second, include these new classes with the application package. so include your class in your jar or war file. Yes, Tomcat is supposed to behave such any other JVM. However, you need to update the catalina.policy file for your own permission, and don't forget to call the security manager from the startup script ( http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html ) 2013/11/17 ANALIA DE PEDRO SANTAMARIA 100074...@alumnos.uc3m.es: Thank you very much. I have been working in creating my own permission and I have some questions: - In the Java documentation says it is necessary to add a checkPermission in the application's resource management code. My question is, when we are working with web applications, which is the application's resource management code? And where is it? - When I create my own permission class, where do I have to store it? In order to the Security manager can find it. - I have read that it is not necessary to modify the Security Manager, when we are creating a new permission for secure the JVM. When we are working with Tomcat, and not with the JVM directly, is it the same? Or is it necessary to modify the Tomcat's Security Manager? Thank you very much. 2013/11/12 Aurélien Terrestris aterrest...@gmail.com Hello Analia I'm glad that you could play successfully with the Security Manager as I advised first :D About permissions, here you have a doc : http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc3.html#20211 best regards 2013/11/11 ANALIA DE PEDRO SANTAMARIA 100074...@alumnos.uc3m.es: Hello, I have been working with the Security Manager and I think it is a good aproximation of what I need, thank you very much for the advice. I have read that it is possible to create your own Permission class, but I haven't found any documentation or example. Could anybody tell me where I can find information about create a Permission class? Thank you very much. 2013/10/23 Caldarale, Charles R chuck.caldar...@unisys.com From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Restrict the use of JDK classes Tomcat 7 or 6 When you say Java classes, are you talking about re-defining something like java.lang.String? If so, then the servlet spec (3.0: 10.7.2) prohibits web applications from loading classes from any of these packages from a web application class loader. java.* javax.* Looking at current trunk, Tomcat appears to take a lazy view and just look for these two classes: javax.servlet.Servlet javax.el.Expression So it looks like you might be able to redefine java.lang.String if you want. As I recall, the JVM itself prevents loading of java.* classes from anywhere other than the registered JRE jar locations. Not sure about javax.* classes. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat connection pool bleeding under heavy load
Hello The tests are run in the following manner: around 5 min to start the server and connect all clients. Then I can apply load from clients: on the graph I applied only half load for first seven minutes an then full load but this is not required - I can go with full load after all clients connect. So once full load is applied usually in less then 5 minutes pool has no connections (it) - then I can leave it for half hour (tested today) and nothing changes (0 empty and zero active connections). But i didn't have logAbandonded set - I can test this too if you think there will be difference. In the usual test when i saw that there is no connections I turned off server (2 - 5 minutes later). On Wed, Nov 20, 2013 at 2:35 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marko, On 11/19/13, 10:16 AM, marko lugarič wrote: About using useEquals=false property I guess we defined when we started using this pool. After reading the documentation i guess it is better to leave it out (it has no effect on the test - i tested it). Okay. Let me know if you discover a reason to set that option again. We dont have long running queries because there is not much data and all operations are fast (the longest one are ranging from 1 to 2 seconds: i used slowqueryinterceptor and sql server profiler). The test always starts with empty database. Ok. I never got any abandoned messages in the stdout or catalina.out (logabandoned set to true) - I put everything that is not from our application and is at least on INFO level to catalina.out. I added org.apache.tomcat.jdbc.pool package to logs on TRACE level and the only line that is repeating (5 times) is: 2013-11-19 15:25:24,764 DEBUG [main] org.apache.tomcat.jdbc.pool.PooledConnection connectUsingDriver(): Instantiating driver using class: com.microsoft.sqlserver.jdbc.SQLServerDriver [url=jdbc:sqlserver://*;databaseName=chiTestDB] That will be filling the pool. It's clear that the pool is emptying and never re-filling, or you'd get more of the above messages. Dont know if there is really that little logging in connection pool. In that case debugging looks like the only option? Perhaps, but I think you might be able to get more information from the pool. About C3P0 pool:we are under the impression that org.apache.tomcat.jdbc.pool is the only way to go (production quality) after reading The Tomcat JDBC Connection Pool page (after your comment i guess this is not true and commons-dbcp is production quality alternative?). IMO the Tomcat-pool documentation overstates the awfulness of the dbcp-based pool. We use it for production and it works just fine. We've never had a problem with the pool that we didn't cause by our own bad webapp code (e.g. not returning connections) or due to long-running queries triggering the abandoned alarms. OTOH, our site does not run an enormously-high transaction rate, either. So since this did not work for us we started looking for alternative and C3P0 pooped up in connection pool comparisons or in some stackoverflow thread. Just note that C3P0 is self-described beta software. So, back to the problem: how long does your test run? Do you allow the server to cool-down after your tests? I'm wondering if you are shutting-down the server before it has a chance to complain about the abandoned connections. I've never used Tomcat-pool, so I'm not exactly sure what to expect, but the abandoned stuff should probably work exactly as described in the documentation, and roughly equivalently to the dbcp-based pool. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjBHIAAoJEBzwKT+lPKRYQ4AQALKwD6/Cko6t7di8oXZS8sKO pdHc2AQhrPbg95stygZiBm8lH4ds7RhwslD7JcWafSUfln/smLJO0gaV+M3PNDzX gQs/zqZyHtEW4vD2oIiL+CY/I0kbAON3tRbXFBjfJKikeINiIrTYGvm8h2dkhq4X WLijKrsh/qy96RkmUYPd0o1RsmraYCeGdSNpA96vycgrb89YHiJj07BkinKdhxTQ 903huox7ZspSGR0bl/+zEchHKj5AO9D9QELas6Z3qGwd+O7A5rxcX5YHsEXkNX6z mTwvAHzobdLXtu7LS6i+td46hFd0QurutnhrOAIZpoHNz7kItRZGDxYB296A5lY/ xdOzGXKMMaTM854hvLuSPy6zkU2S235+KEA6sVi9HpNtP42yoPbdJfM3thHcKrxB Zm/8z6DrMtHFXBRbCFE7PGds9tymCvZx3/n/Zv5a6jm2iSEOLcSSKGnvQG663029 l2XEGQyZufo+YsY9kQN+zxwSdbBl381PC8YXB+Dh2VR+LYaEuJqpxIkJjR+gIdiT JhXm4qSAYVsPDesG7GwXMwY9oFfpVvOzvv8KbH1AM/GaiLBLclTmHWZ8xw+alD7i HlR0M9gJ2dw6x6hYbv+wguBksqLxhLFOe+j6rekd7esyMP71nZh4TT4rf+r4XrGe 5RkJAULb0vE+ipAgZT/P =Vjf7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Curious difference in connection behaviour on database side DBCP vs. JDBC?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Carl, A late reply, but I believe you have some problems with your code. Mark's comments about Tomcat-pool indicate that certain sloppy resource-management activities may leave resources open on the server, and I'm fairly sure that, given the code you have here, there are likely resource issues in other places, too. Keep reading for some commentary. On 11/19/13, 8:32 AM, Carl Boberg wrote: JDBC: I see the weird behaviour and my DBA is angry Resource name=database1 auth=Container maxActive=50 maxIdle=10 minIdle=2 initialSize=0 username=' password=' driverClassName=com.inet.tds.TdsDriver type=javax.sql.DataSource factory=org.apache.tomcat.jdbc.pool.DataSourceFactory defaultTransactionIsolation=READ_UNCOMMITTED Just curious: under what conditions do you want to use READ_UNCOMMITTED? That would seem to be more appropriate for a particular set of queries and not the application-wide default. defaultAutoCommit=true url=jdbc:inetdae7://devdb12:1433/database1_dev testOnBorrow=true validationQuery=SELECT 1 timeBetweenEvictionRunsMillis=1 removeAbandoned=true removeAbandonedTimeout=600 maxWait=1/ The behaviour applies to ALL queries/statements from the application. I have here an example of the way we close from the application, (the devs have named it dispose). From my untrained non java dev eye we do not seem to be doing statement.Close(); and Im curious if that might be the issue? If so, why does DBCP handle it nicely and not JDBC? public void dispose() { if (connection != null) { try { if (!connection.isClosed()) { // If autoCommit is false, we are most likely using transactions. A rollback will end the transaction // properly even if a pool treats all actual connections to the db as single long transactions. // Examine the connection directly instead of relying on ConnectionManager attribute. if (ROLLBACK_ON_CLOSE !connection.getAutoCommit()) { connection.rollback(); } If you don't have try/catch around the connection.rollback() call, you run the risk of leaking connections. If you leak a connection in this dispose() method, you should be getting a) an exception logged from your own code here: // Close the connection connection.close(); if (traceOpenedConnections) { timeConnectionClosed = System.currentTimeMillis(); } } } catch (java.sql.SQLException sqle) { sqle.printStackTrace(); } ... and b) an abandoned log from Tomcat-pool 5 minutes later (removeAbandonedTimeout=600). this.connection = null; } If you have an object that is retaining a reference to a Connection and the rollback fails, you won't clear this reference. If the connection-wrapping object is not disposed, it might be re-used and the connection either re-used or replaced with another checkout from the pool. Are you always sure to call dispose from a catch block after your JDBC calls have completed? // Deregister this ConnectionManger if (traceOpenedConnections) { deregister(this); } In the event that the Connection is indeed leaked, here you run the risk of another resource leak in your application: presumably you are tracking Connection objects somewhere, and this call removed that stored reference. If the rollback fails, you won't de-register your Connection and, even if removeAbandoned is working properly, those Connection objects will remain in memory indefinitely and never be cleaned-up. I wrote a piece a long time ago about proper JDBC resource management. I recommend that you read it as well: http://blog.christopherschultz.net/index.php/2009/03/16/properly-handling-pooled-jdbc-connections/ - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjLZ6AAoJEBzwKT+lPKRYL0cP/0F9nT8tJlvybVyII/cjXOGY P6TgUUOx79tO/Jw8Q6nbLP0x9yrqD6KyKVnJqlVPaj4055tDJoSa7IZqUYNNN7WX qZcUphI8AeqFC6php8+sofr2Qq1skYFcgiL5xFmdNvGTnfWFVluH1NjUrI6udMol w+5dy418xGnQKxEODLigGC1tJk+1M4q/gFjbj3NhxW6gbzSnlm+Nm+96ZD+q+wU6 UPcP7kZQVol5npAW2st8ki8bbJTLXF7P8ku+vGRQ8e2GvEWXOScrtOVxu0KrS015 DZvFAIPefIjGe7XxHjo7TlfSNymBcZ7y5j5RaN544uwEIr3Yu1dJ3au5HV48u8dO tTEPjMRbGNTqECjjG/eVPohq9SHefWXMYXJCQjbIAnCyO0h7/HQVks1i3sT3doTt b86wIiE94iFXjuz2rTKXR2jsrcOqzPkHoTL0NvkV5wpHsagmIjynKUDb2NjiSjCc 6GFom7ZSF8IYLKdIuT7qaVriYj1FrCCNCiW+giNJGeO7yrRoPiZdQ+NAxaLwpIum l2WUh8JIoGE7v20HXXRFjOrY+iYuZQOu+vrlCah31SpSz291MirB/lZguGR2Yqfg AgKdxHySaOhPOXDDRlHc+6TKtACWKeIsnbZxtqrrZGWYVNLGwoTofWoJc70fPW1v l7s5HBNVhlIWyvKg49XV =ptL4 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Curious difference in connection behaviour on database side DBCP vs. JDBC?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rainer, On 11/20/13, 2:36 AM, Rainer Frey (Inxmail GmbH) wrote: On 19.11.2013, at 14:45, Mark Thomas ma...@apache.org wrote: On 19/11/2013 13:32, Carl Boberg wrote: I have here an example of the way we close from the application, (the devs have named it dispose). From my untrained non java dev eye we do not seem to be doing statement.Close(); and Im curious if that might be the issue? If so, why does DBCP handle it nicely and not JDBC? Commons DBCP tracks Statements and ResultSets when they are created and closes the associated Statements and ResultSets when the connection that created them is returned to the pool. Tomcat's JDBC pool does not do this. This is one of the reasons that Commons DBCP has a larger code base. JDBC spec states (9.4.4): An application calls the method Connection.close() to indicate that it has finished using a connection. All Statement objects created from a given Connection object will be closed when the close method for the Connection object is called. Javadoc of Connection.close() and Statement.close() at least imply that as well. ResultSet’s Javadoc explicitly states that a ResultSet is closed when the statement is closed. FWIW, Connection.close also states this: Releases this Connection object's database and JDBC resources immediately instead of waiting for them to be automatically released. Does that mean that all connection pools by design are in direct violation of the JDBC spec? AFAICT the JDBC pool uses (as most connection pools) the Connection.close() as means to return a connection to the pool. While I understand that the semantics of completely closing a standalone connection and returning a pooled connection is different, this behavior is still a (presumably deliberate) violation of the spec, and makes the usage non-transparent to the application code. IMO this should be clearly stated in the JDBC pool’s docs, in an easily visible way. +1 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjLd2AAoJEBzwKT+lPKRYNNQP/3cfd2vtsqPdLRYca5yVg7cv e+6nLlZtzuCWRA2V0DFS7jLm433qz3ADyvnwlP03luusiAt4ShByQEAIu173Zya3 niQ49e/yJ9R2xBcoyat/Z1Q0YqSjLxh+tniy/RuK/sh6zPhOXL2EqxtRB1I4xNc4 ZywlWdjkqUr5hflUTvfsGv3E+X+b+WhBTxsoKbWK/2ZIWkd7XA9Cyv95qZ/F1srI EQEshMm0uL81CTI7EwsjxqdlJMyAKNQaeVlJnNz/mEtSHeh0Yiv+nBkJ71vcUz87 UtNpSJtCzOpKye6MxOsaTeq8HnJhohA6sbP9EAuAoqLJv+MFlEi0FuQ7/+eTX3vS 2kmielRWIqNFzXZvdNmq2bAvb66H414aGLy5UIjfce7hpYokNGueBZQPtYZgGkyr xV6h7Wj37hwGgJt4eVRe9Jg+UVgalhmdOpGmpjAY7XM1GpWq5P0ZwK8j8fw7smnF xPSskG2ZRCFUkY2VXy11DPxA8bQHTiZoiDwZAumdDRmBmujG3MSogLL6X/b3mDtZ OnqtJ9UC3v15KNTgZDLymK+UKQ+l6SkWOZeS4/R/vOpvnOe/sVboKEGGWBSoMVq6 VRaTv+l3Qi3yJ5K0R4Xauvd8PXO0606xqW3DVqEo/1BOqTap29BxFI2SxuoJUqlX VLxLOnTimqEeXydZ7dP4 =Tm7/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Restrict the use of JDK classes Tomcat 7 or 6
Thank you very much. Your answer has helped me a lot. 2013/11/20 Aurélien Terrestris aterrest...@gmail.com From what I understand in this doc, there is no specific resource management code anywhere and you must ensure that your application will call permission checking every time you are going to access the protected resource. Even for a web application, it must be considered as any other application, and it's in your own code to call such checking. The doc says : Second, include these new classes with the application package. so include your class in your jar or war file. Yes, Tomcat is supposed to behave such any other JVM. However, you need to update the catalina.policy file for your own permission, and don't forget to call the security manager from the startup script ( http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html ) 2013/11/17 ANALIA DE PEDRO SANTAMARIA 100074...@alumnos.uc3m.es: Thank you very much. I have been working in creating my own permission and I have some questions: - In the Java documentation says it is necessary to add a checkPermission in the application's resource management code. My question is, when we are working with web applications, which is the application's resource management code? And where is it? - When I create my own permission class, where do I have to store it? In order to the Security manager can find it. - I have read that it is not necessary to modify the Security Manager, when we are creating a new permission for secure the JVM. When we are working with Tomcat, and not with the JVM directly, is it the same? Or is it necessary to modify the Tomcat's Security Manager? Thank you very much. 2013/11/12 Aurélien Terrestris aterrest...@gmail.com Hello Analia I'm glad that you could play successfully with the Security Manager as I advised first :D About permissions, here you have a doc : http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc3.html#20211 best regards 2013/11/11 ANALIA DE PEDRO SANTAMARIA 100074...@alumnos.uc3m.es: Hello, I have been working with the Security Manager and I think it is a good aproximation of what I need, thank you very much for the advice. I have read that it is possible to create your own Permission class, but I haven't found any documentation or example. Could anybody tell me where I can find information about create a Permission class? Thank you very much. 2013/10/23 Caldarale, Charles R chuck.caldar...@unisys.com From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Restrict the use of JDK classes Tomcat 7 or 6 When you say Java classes, are you talking about re-defining something like java.lang.String? If so, then the servlet spec (3.0: 10.7.2) prohibits web applications from loading classes from any of these packages from a web application class loader. java.* javax.* Looking at current trunk, Tomcat appears to take a lazy view and just look for these two classes: javax.servlet.Servlet javax.el.Expression So it looks like you might be able to redefine java.lang.String if you want. As I recall, the JVM itself prevents loading of java.* classes from anywhere other than the registered JRE jar locations. Not sure about javax.* classes. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat connection pool bleeding under heavy load
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marko, On 11/20/13, 8:14 AM, marko lugarič wrote: Hello The tests are run in the following manner: around 5 min to start the server and connect all clients. Then I can apply load from clients: on the graph I applied only half load for first seven minutes an then full load but this is not required - I can go with full load after all clients connect. So once full load is applied usually in less then 5 minutes pool has no connections (it) - then I can leave it for half hour (tested today) and nothing changes (0 empty and zero active connections). But i didn't have logAbandonded set - I can test this too if you think there will be difference. In the usual test when i saw that there is no connections I turned off server (2 - 5 minutes later). Having logAbandoned set to true is pretty critical, here. Please re-enabled it and re-test. In a separate thread, markt pointed out that Tomcat-pool allows you to leak resources much more readily than the dbcp-based pool if you don't exercise proper resource management. I posted a link to my old blog post on the subject, and I'll post it here again as well: http://blog.christopherschultz.net/index.php/2009/03/16/properly-handling-pooled-jdbc-connections/ If you have sloppy JDBC resource management, you are going to waste resources on both the client and the server unless you have a pool that spends inordinate resources tracking everything to clean up after your sloppy code. Tomcat-pool has a StatementFinalizer interceptor (http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer) that you can use to help clean-up the messes that you create. It would be better, though, to clean-up your resources. Dan Mikasa suggested using a tool like Findbugs on your code, which easily identifies things like potential leaks in JDBC resources. It's well worth the time to download and run it. (Besides, all you need is a JAR file with your code and you can just say scan the JAR file for bugs. It does not require a great deal of setup). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjLjpAAoJEBzwKT+lPKRYdh8QAKuJ95EY3YktG0GsM+Vp/PYK P3y4t88ImLtWYIWo2mfeAUaY5sh371yC8ihGcy2m6d/qv+s+lfWpKf/MlaOycvBk 5203PRPvSSDI9Tlh19IA6/9urf6YsXDcw62j7X6oOoTQN2GoilhovIl7jUPcTc2M dqizRvJDmsWJMODeL0E1Ne1P84AnilNhELL6RPJ09UXYAsbyyFZasALAiwuCXyyt fRblQ4pHMTWWK6e7Hrhp93iK9gE1FGtPoQISq9T2GsazzHr8aFavCthFYq03mzRf WOYrq1lZsycJKgu0+7xm9xv4KCCVbJX/wCyVVuuhF4s/sZWRioWDyAhn3tx88sFM 60u5L95y7zVbxlszE7lmq83B5eyX+3llMIDol32r+T7nJhOo45asyAwOJkF5n8n/ UQFJhl16I5KTnklq0IM1lol5oDjI9qt+wcqolfUD0FWL7Z5IYFnCpNpo9/9kW+gc UNbIbHEm1fOW7bWbpD9KtzLraRLzRS/H9EeVMRr/DRKlna79RYnhi/ErntJrg2cD CzaGRq4y+f7ZkyUmArHio6SpifiQeYUgAhwsP6MH9hxNFleoIDa+Xdp4u4Li8RcM yM8lNRPLw+mo2fultaA8iYRLVWcul/GbJajUbKEwZh0bV/pVAqPU40U5YuAiEnUc qBtkr4U+Lms008/vnc01 =4seS -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Visible passwords in realm
2013/11/20 williamissey...@tsys.com: Is there any way to not have the password visible in the realm for example for active directory realm? . . . On 11/20/13 12:36 AM, Konstantin Kolinko wrote: https://wiki.apache.org/tomcat/FAQ/Password Harrumph. It occurs to me that if Tomcat stored passwords the way OS/400 does (i.e., as a one-way hash), it would solve a multitude of problems. Of course, the far greater problem is that if somebody can get at your password file for nefarious purposes, then they can also most likely get at your SSL keystore for nefarious purposes, and a one-way hash wouldn't work for that. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with cgi/perl webpage
On Wed, Nov 20, 2013 at 12:21 AM, Felipe felipeh...@gmail.com wrote: Neven, First of all, I'd like to thank you for all the help. I can say I have learned a great deal through this experience. To clarify, the choice of using tomcat for this was not mine. I am trying to lend a hand to a professor of mine. This specific exercise is in his Unix class. For some reason he thinks tomcat or at least every time he mentioned this exercise to me he made reference to apache tomcat, is meant to be used in the exercise. The exercise is on hosting a web page with perl scripts/cgi. So in his instructions it's clearly using apache on Ubuntu. So he mentioned to Felipe, just wanted to make sure you are aware, there are two often confused Apache projects: Apache HTTP Server (webserver) - also referred just as 'Apache' - http://httpd.apache.org/ Apache Tomcat (Java appserver) - also referred just as 'Tomcat' - http://tomcat.apache.org/ Searching online, this seems like a very typical CGI programming project many universities use in their curriculum. Also, it seems the examples come from Guide to UNIX Using Linux by Michael Palmer (ISBN: 978-1-4188-3723-5) Thus, Tomcat is not the best web server to serve your CGI scripts, this is usually done using Apache (httpd server) - as Konstantin pointed out - using Tomcat will not give you the most optimal performance. However, if you insist working with Tomcat, here's how you do it: (Thanks Konstantin for pointing that out) You probably should update web.xml of your application and not the global CATALINA_HOME/conf/web.xml... You application then looks like this: /home/luis/tomcat/apache-tomcat-8.0.0-RC5/webapps/FelipeAppWithCgi: META-INF/context.xml (to make your application privileged) WEB-INF/web.xml (to define servlet and servlet mapping) WEB-INF/cgi/projects.cgi (your cgi script) WEB-INF/cgi/subparseform.lib (your cgi library) ProjectAnalysis.html (your html form) index.html (your welcome page that includes) Here's the dropbox link I created that works with Tomcat: https://www.dropbox.com/sh/c32ecuryj2mgb6i/-eC0FQOCbF There are two ways to deploy it: 1) As a unpackaged folder FelipeAppWithCgi - you need to get all the files and directory structure 2) As a packaged WAR file FelipeAppWithCgi.war (WAR is essentially a zip archive with certain directory structure) Ultimately, CGI is a very old technology that had its own share of performance (and security) problems. Usually, CGI scripts were replaced with superior Java Servlet technology (or some other better technology) and hence the need for Tomcat application server (servlet container). Hopefully, the rest of the mailing list members share my sentiments about the CGI :) me that he was having trouble with the exercise and asked if I maybe I had any idea. I'm not in his class, but I love working in linux and more importantly helping out wherever I can. So I took it upon myself to try to learn the material in this exercise and re-write the instructions, but now -once again thanks for all the help No worries. Glad we could shed some light.
Re: Tomcat connection pool bleeding under heavy load
Hello I have repeated the test with logAbandoned set to true and left it half hour after pool is empty. There are a lot of exceptions (Pool empty. Unable to fetch a connection in 15 seconds and Pool wait interrupted) but i don't know what exactly to search (search with Abandoned did not produce anything). I have already tried using StatementFinalizer interceptor but it did not do anything to prevent pool from being empty. regards, marko On Wed, Nov 20, 2013 at 2:28 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marko, On 11/20/13, 8:14 AM, marko lugarič wrote: Hello The tests are run in the following manner: around 5 min to start the server and connect all clients. Then I can apply load from clients: on the graph I applied only half load for first seven minutes an then full load but this is not required - I can go with full load after all clients connect. So once full load is applied usually in less then 5 minutes pool has no connections (it) - then I can leave it for half hour (tested today) and nothing changes (0 empty and zero active connections). But i didn't have logAbandonded set - I can test this too if you think there will be difference. In the usual test when i saw that there is no connections I turned off server (2 - 5 minutes later). Having logAbandoned set to true is pretty critical, here. Please re-enabled it and re-test. In a separate thread, markt pointed out that Tomcat-pool allows you to leak resources much more readily than the dbcp-based pool if you don't exercise proper resource management. I posted a link to my old blog post on the subject, and I'll post it here again as well: http://blog.christopherschultz.net/index.php/2009/03/16/properly-handling-pooled-jdbc-connections/ If you have sloppy JDBC resource management, you are going to waste resources on both the client and the server unless you have a pool that spends inordinate resources tracking everything to clean up after your sloppy code. Tomcat-pool has a StatementFinalizer interceptor ( http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer ) that you can use to help clean-up the messes that you create. It would be better, though, to clean-up your resources. Dan Mikasa suggested using a tool like Findbugs on your code, which easily identifies things like potential leaks in JDBC resources. It's well worth the time to download and run it. (Besides, all you need is a JAR file with your code and you can just say scan the JAR file for bugs. It does not require a great deal of setup). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjLjpAAoJEBzwKT+lPKRYdh8QAKuJ95EY3YktG0GsM+Vp/PYK P3y4t88ImLtWYIWo2mfeAUaY5sh371yC8ihGcy2m6d/qv+s+lfWpKf/MlaOycvBk 5203PRPvSSDI9Tlh19IA6/9urf6YsXDcw62j7X6oOoTQN2GoilhovIl7jUPcTc2M dqizRvJDmsWJMODeL0E1Ne1P84AnilNhELL6RPJ09UXYAsbyyFZasALAiwuCXyyt fRblQ4pHMTWWK6e7Hrhp93iK9gE1FGtPoQISq9T2GsazzHr8aFavCthFYq03mzRf WOYrq1lZsycJKgu0+7xm9xv4KCCVbJX/wCyVVuuhF4s/sZWRioWDyAhn3tx88sFM 60u5L95y7zVbxlszE7lmq83B5eyX+3llMIDol32r+T7nJhOo45asyAwOJkF5n8n/ UQFJhl16I5KTnklq0IM1lol5oDjI9qt+wcqolfUD0FWL7Z5IYFnCpNpo9/9kW+gc UNbIbHEm1fOW7bWbpD9KtzLraRLzRS/H9EeVMRr/DRKlna79RYnhi/ErntJrg2cD CzaGRq4y+f7ZkyUmArHio6SpifiQeYUgAhwsP6MH9hxNFleoIDa+Xdp4u4Li8RcM yM8lNRPLw+mo2fultaA8iYRLVWcul/GbJajUbKEwZh0bV/pVAqPU40U5YuAiEnUc qBtkr4U+Lms008/vnc01 =4seS -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Visible passwords in realm
On 20/11/2013 16:23, James H. H. Lampert wrote: 2013/11/20 williamissey...@tsys.com: Is there any way to not have the password visible in the realm for example for active directory realm? . . . On 11/20/13 12:36 AM, Konstantin Kolinko wrote: https://wiki.apache.org/tomcat/FAQ/Password Harrumph. It occurs to me that if Tomcat stored passwords the way OS/400 does (i.e., as a one-way hash), it would solve a multitude of problems. I suggest you read the original post again more carefully. These are not user passwords that Tomcat needs to validate (Tomcat has supported hashes for that for as long as I remember). This is a password Tomcat needs to use to connect to an external service. As the FAQ makes clear, storing these passwords in plain text is no less secure than any of the various encryption solutions that folks periodically propose. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Visible passwords in realm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James On 11/20/13, 11:23 AM, James H. H. Lampert wrote: 2013/11/20 williamissey...@tsys.com: Is there any way to not have the password visible in the realm for example for active directory realm? . . . On 11/20/13 12:36 AM, Konstantin Kolinko wrote: https://wiki.apache.org/tomcat/FAQ/Password Harrumph. It occurs to me that if Tomcat stored passwords the way OS/400 does (i.e., as a one-way hash), it would solve a multitude of problems. - -1 You evidently don't understand the nature of the problem. First of all, Tomcat does not store the password(s) at all. Second, if Tomcat were to store the passwords as a one-way hash, it wouldn't help at all: you would still supply the password in plain-text, and Tomcat would hash it to compare. Why does Tomcat have to hash the password? Because a) only Tomcat (or the database, directory, etc.) knows the hashing algorithm used, the hash salt and iteration count (you *would* use salted, iterated hashes, right?), etc. If the client could hash the password, then Tomcat would be comparing hashes to hashes, which is just called a new password. Of course, the far greater problem is that if somebody can get at your password file for nefarious purposes, then they can also most likely get at your SSL keystore for nefarious purposes, and a one-way hash wouldn't work for that. One-way hashes work for protecting data in the event of a data theft. They don't at all protect against unauthorized access. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjPWiAAoJEBzwKT+lPKRYg4MQAMOlFmlLtoTO6+mbB3d3VlDY QmXo9rNoYVtWEHBGGsVvTbdNImPXnrK9v2DKEMruj7aykJAafcPzl2a0cT1IS9TQ fvkkGbu90JJPb8W7WJkJbzJ7sT/EQcco+xVIeCdU0uFHqCeXl3MuuVdn9crnroD5 G2voWUm9YKwFVuefjT92BI+UoozBVs5KQk3zFT3mfGlXBMq20kd+/jfRCjuy0k8B LtIQTp/UFY6exVrZupVfbhWqOvd3eCJvWcXLpWotigVNiz4lFA3/+PcXhEa6W3bg j9l1Qw5ijCMFIRB+CG5qY5YSg8daWCr4PCjUmyR96p0rmOqmKwZ4xiXjlziW2UU5 OtjI7RllzTBc0J28JMWDB57Xb/1QjhEGLBeIhbc04W8+jyKLBMV8s8dSmcPgMqzo erlp7nI+3aGlXy2bvQIWcDZSDH7tnTHVZrBcZxdqCfklUVXhmPmSrisEVKG+YJw1 ER6g83iG0OBYmz/C+0gx6K9SvcMMojiWYT7Hxh1QDnuCo742ErzXYqoBY8vKVoLL WBpgbFnm2daGe7wL+2CTWxUrkDodB79GW+XYceVxB4JnmwBd2swH1njb6j8ruVJZ eE538NmyjRr7iCkm32ukTudjRCQSdKpnBjS1brzb0GYmUTYn4ckXmR8PItVqiIvZ 1YLZZf90JK4bdKQIABlr =0SU5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat connection pool bleeding under heavy load
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marko, On 11/20/13, 12:07 PM, marko lugarič wrote: I have repeated the test with logAbandoned set to true and left it half hour after pool is empty. There are a lot of exceptions (Pool empty. Unable to fetch a connection in 15 seconds and Pool wait interrupted) but i don't know what exactly to search (search with Abandoned did not produce anything). I have already tried using StatementFinalizer interceptor but it did not do anything to prevent pool from being empty. Can you work-up a simple testcase webapp and load test to reproduce this problem? If so, please file a bug against tomcat-pool in Bugzilla and attach the simple webapp and test harness. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjPhBAAoJEBzwKT+lPKRYQxIQAMHi+9z9jCbzulHiXns/Mt3p J6w6K6nFCbDOgj7noYfwGf2eBINPQ77ywhF56pzBgn6v2wXWG21NRXTLfHxJJM/s i1Ol9qp9mEUz3gmcumHbXU+RBBn1CbSh6D8cdVZDsX6tGF4BuzNtseZ0PRq7ZI5A fi6dyPA5sZf1skfHIOBhmWT7VB7UGud03YmxnKhe3e7N2ZtDN2AJYNhU0haSHd1m 1DGlCYxmMlK5mbqRA3RGWFTrnDmEvhBnSTLJaLywAojN8XHnNAH4fx4+MCT5GXrV h1EL1PhvFnpbQ5haTOHNIwCNtW3OPwdLsXXVimOVF6UvEZepF3pDJUL0KVV+Kfem p+r5BjkcjZ7LYirDBPFCsIovSwFcLrLScPUKbDHhF0Re5E7K7EtXuVuGGCJqWRsf 8w8Z2pcyBIhX85+D+kBZ2m6MFODXnEqTQeGbFhzffuPXV/DuvipARpFg9s8uo1ws 85NEtFzHjNblgxVxFaEgbbWulKT1ZNZerAMRnGDh9W2ngMjwYuQfevbJghUkM5b4 nMc/aNU2mg10lneRwTUIJ0f/aGfiCQegjSSEYGIDi1LcDHDkI4GPmMz3gGIfItBs yBEWXKn8aqVqVEVKjFzq5tD0kw9zyCEErYJH6N7o0HYmHHYfPxgz5Cr8gnnayUac Ru2Z7Ur1lnZZnC72oUwz =bJFf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Visible passwords in realm
Out of curiosity, what problems do you see hashed passwords resolving in this case? - Milo Hyson Chief Scientist CyberLife Labs, Inc. On Nov 20, 2013, at 8:23 AM, James H. H. Lampert jam...@touchtonecorp.com wrote: Harrumph. It occurs to me that if Tomcat stored passwords the way OS/400 does (i.e., as a one-way hash), it would solve a multitude of problems.
Felix plugin for Tomcat?
All- Is/are there any efforts to integrate Apache Felix OSGI Console Functions (as a TC plugin) into either Tomcat 7.x or Tomcat 8x? http://felix.apache.org/ Thanks, Martin
RE: Visible passwords in realm
On 2013-11-20 williamissey...@tsys.com wrote: Is there any way to not have the password visible in the realm for example for active directory realm? You can extend the default JNDIRealm: import org.apache.catalina.realm.JNDIRealm; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class ADRealm extends JNDIRealm { private static final Logger LOGGER = LoggerFactory.getLogger(ADRealm.class.getName()); private static final String KEY_AD = my.ldap; public ADRealm() { LOGGER.info(My Active Directory Realm initialized...); Credentials credentials = new CredentialsReader().getCredentials(KEY_AD); connectionName = credentials.getUser(); connectionPassword = credentials.getPassword(); } } Credentials reader is another custom class for reading credentials from your central storage. You have to define a combined realm: Realm className=org.apache.catalina.realm.CombinedRealm Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Realm className=my.realm.ADRealm debug=99 connectionURL=... authentication=simple referrals=follow userBase=... userSearch=(mailNickname={0}) userSubtree=true commonRole=Administrator / /Realm And place all libraries to tomcat/lib folder: - realm-1.0.jar (this class) - credentials-util-1.0.jar - slf4j-api-1.6.6.jar - slf4j-jdk14-1.6.6.jar I've implemented it not because of safety, but for my convenience as the password is expiring from time to time and thanks to this it is enough to change it once in the central storage. From there it is used in all my tools (I use it in a local network only). Jan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Visible passwords in realm
On 11/20/13 10:22 AM, Milo Hyson wrote: Out of curiosity, what problems do you see hashed passwords resolving in this case? As others have already pointed out, I was shooting off my mouth without understanding the question. Emily LitellaOh. That's very different. Nevermind./Emily Litella -- JHHL (Now going back to a heated discussion of such subjects as flea erections, violins on television, eagle rights, and endangered feces.) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
404 - Might there be something wrong with my permissions?
Hello Tomcat-experts! I have recently bought some space at a webhotel that uses Apache HTTP server as front before a Tomcat 6.0.37.My account at the webhotel is said to support Struts and Hibernate and such technics.At home I have developed a app that uses those technics and of course it runs fine in a similar environment as the one at the webhotel. I can deploy my app as a ROOT-app or a ordinary app and the Struts works perfectly. At the webhotel I have tried to deploy it booth as a ROOT-app and as a MYAPP-webapp-1.0.0.war-file Now I have stripped the app down to just a struts2-hello-world-app. But at the webhotel I just keep getting this when I try to access the ActionClass through struts.xml: HTTP Status 404 - There is no Action mapped for namespace [/] and action name [welcome] associated with context path [/MYAPP-webapp-1.0.0].type Status reportmessage There is no Action mapped for namespace [/] and action name [welcome] associated with context path [/MYAPP-webapp-1.0.0].description The requested resource is not available. Unfortenatly the support guys at the webhotel says they lack knowledge of Tomcat so they can not help me out.But today I at least found this exception in the catalina.log just after my attempt yo access a struts-path: /-- Encapsulated exception \ java.lang.NullPointerException: permission can't be null at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834) at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1280) at ognl.OgnlRuntime.setMethodValue(OgnlRuntime.java:1481) at ognl.ObjectPropertyAccessor.setPossibleProperty(ObjectPropertyAccessor.java:85) at ognl.ObjectPropertyAccessor.setProperty(ObjectPropertyAccessor.java:162) at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.setProperty(ObjectAccessor.java:27) at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2318) at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.setProperty(CompoundRootAccessor.java:77) at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2318) at ognl.ASTProperty.setValueBody(ASTProperty.java:127) at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) at ognl.SimpleNode.setValue(SimpleNode.java:301) at ognl.Ognl.setValue(Ognl.java:737) at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:217) at com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:186) at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:173) at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:151) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:292) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:203) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:75) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:90) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at
Embedded Tomcat AJP Issue
Hello, I am new to Tomcat and I was wondering if you could help me. I am trying to use tomcat in an embedded scenario, but I am unable to get the tomcat connector to support AJP connections. During startup I get the following messages: ... Nov 20, 2013 4:43:56 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-9010] ... INFO: Starting ProtocolHandler [http-bio-9010] I was expecting it to say [AJP-bio-9010]. And mod_jk2 is unable to connect to it. The code is as follows: void TomcatStartup(TreeMap conf) { Tomcat tomcat = new Tomcat(); tomcat.setHostname(localhost); tomcat.setPort(conf.getInt(Listener.service.port)); org.apache.catalina.connector.Connector ajp = tomcat.getConnector(); ajp.setProtocol(AJP/1.3); ajp.setAttribute(protocol, AJP/1.3); ajp.setAttribute(tomcatAuthentication, false); ajp.setAttribute(port, conf.getInt(Listener.service.port)); tomcat.setConnector(ajp); org.apache.catalina.Context ctx = tomcat.addContext(/, new File(.).getAbsolutePath()); TomcatHandler th = new TomcatHandler(); th.conf = conf; Tomcat.addServlet(ctx, sc, th); ctx.addServletMapping(/*, sc); try { tomcat.start(); } catch(Exception ex) { ex.printStackTrace(); } } What I am doing wrong? Thanks, Edwin S. Ramirez Senior Developer, Information Technology Mount Sinai Medical Center 875 Avenue of the Americas (6th Ave.) New York, NY 10001 Phone: 646-217-3112 Fax: 212-356-0085
Re: Tomcat connection pool bleeding under heavy load
Line 150 of org.apache.tomcat.jdbc.pool.FairBlockingQueue can throw InterruptedException, which should be handled by: catch (InterruptedException e) { lock.lock(); waiters.remove(c); // prevent future threads from offering to this thread, since we are about to die lock.unlock(); if (c.getCount() == 0) { // was given a connection between // when the exception was thrown we acquired // the lock. This seems unlikely, so we are // happy to have let go of the lock and re-acquire // if necessary lock.lock(); items.addFirst(c.getItem()); // return to the head of the queue, as per policy in offer() lock.unlock(); } } You're welcome. cf http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java?revision=1432842view=markup public E poll(long timeout, TimeUnit unit) throws InterruptedException { 135E result = null; 136final ReentrantLock lock = this.lock; 137try { 138//acquire the global lock until we know what to do 139lock.lock(); 140//check to see if we have objects 141result = items.poll(); 142if (result==null timeout0) { 143//the queue is empty we will wait for an object 144ExchangeCountDownLatchE c = new ExchangeCountDownLatch(1); 145//add to the bottom of the wait list 146waiters.addLast(c); 147//unlock the global lock 148lock.unlock(); 149//wait for the specified timeout 150if (!c.await(timeout, unit)) { 151//if we timed out, remove ourselves from the waitlist 152lock.lock(); 153waiters.remove(c); 154lock.unlock(); 155} 156//return the item we received, can be null if we timed out 157result = c.getItem(); 158} else { 159//we have an object, release 160lock.unlock(); 161} 162} finally { 163if (lock.isHeldByCurrentThread()) { 164lock.unlock(); 165} 166} 167return result; 168} David Bullock Machaira Enterprises Pty Ltd PO Box 31 Canowindra NSW 2804 02 6344 1100 http://machaira.com.au/ On 21 November 2013 04:58, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marko, On 11/20/13, 12:07 PM, marko lugarič wrote: I have repeated the test with logAbandoned set to true and left it half hour after pool is empty. There are a lot of exceptions (Pool empty. Unable to fetch a connection in 15 seconds and Pool wait interrupted) but i don't know what exactly to search (search with Abandoned did not produce anything). I have already tried using StatementFinalizer interceptor but it did not do anything to prevent pool from being empty. Can you work-up a simple testcase webapp and load test to reproduce this problem? If so, please file a bug against tomcat-pool in Bugzilla and attach the simple webapp and test harness. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjPhBAAoJEBzwKT+lPKRYQxIQAMHi+9z9jCbzulHiXns/Mt3p J6w6K6nFCbDOgj7noYfwGf2eBINPQ77ywhF56pzBgn6v2wXWG21NRXTLfHxJJM/s i1Ol9qp9mEUz3gmcumHbXU+RBBn1CbSh6D8cdVZDsX6tGF4BuzNtseZ0PRq7ZI5A fi6dyPA5sZf1skfHIOBhmWT7VB7UGud03YmxnKhe3e7N2ZtDN2AJYNhU0haSHd1m 1DGlCYxmMlK5mbqRA3RGWFTrnDmEvhBnSTLJaLywAojN8XHnNAH4fx4+MCT5GXrV h1EL1PhvFnpbQ5haTOHNIwCNtW3OPwdLsXXVimOVF6UvEZepF3pDJUL0KVV+Kfem p+r5BjkcjZ7LYirDBPFCsIovSwFcLrLScPUKbDHhF0Re5E7K7EtXuVuGGCJqWRsf 8w8Z2pcyBIhX85+D+kBZ2m6MFODXnEqTQeGbFhzffuPXV/DuvipARpFg9s8uo1ws 85NEtFzHjNblgxVxFaEgbbWulKT1ZNZerAMRnGDh9W2ngMjwYuQfevbJghUkM5b4 nMc/aNU2mg10lneRwTUIJ0f/aGfiCQegjSSEYGIDi1LcDHDkI4GPmMz3gGIfItBs yBEWXKn8aqVqVEVKjFzq5tD0kw9zyCEErYJH6N7o0HYmHHYfPxgz5Cr8gnnayUac Ru2Z7Ur1lnZZnC72oUwz =bJFf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat connection pool bleeding under heavy load
Oh, and 'throw e;' at the end of the handler :-) David Bullock Machaira Enterprises Pty Ltd PO Box 31 Canowindra NSW 2804 02 6344 1100 http://machaira.com.au/ On 21 November 2013 11:48, David Bullock david.bull...@machaira.com.au wrote: Line 150 of org.apache.tomcat.jdbc.pool.FairBlockingQueue can throw InterruptedException, which should be handled by: catch (InterruptedException e) { lock.lock(); waiters.remove(c); // prevent future threads from offering to this thread, since we are about to die lock.unlock(); if (c.getCount() == 0) { // was given a connection between // when the exception was thrown we acquired // the lock. This seems unlikely, so we are // happy to have let go of the lock and re-acquire // if necessary lock.lock(); items.addFirst(c.getItem()); // return to the head of the queue, as per policy in offer() lock.unlock(); } } You're welcome. cf http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java?revision=1432842view=markup public E poll(long timeout, TimeUnit unit) throws InterruptedException { 135E result = null; 136final ReentrantLock lock = this.lock; 137try { 138//acquire the global lock until we know what to do 139lock.lock(); 140//check to see if we have objects 141result = items.poll(); 142if (result==null timeout0) { 143//the queue is empty we will wait for an object 144ExchangeCountDownLatchE c = new ExchangeCountDownLatch(1); 145//add to the bottom of the wait list 146waiters.addLast(c); 147//unlock the global lock 148lock.unlock(); 149//wait for the specified timeout 150if (!c.await(timeout, unit)) { 151//if we timed out, remove ourselves from the waitlist 152lock.lock(); 153waiters.remove(c); 154lock.unlock(); 155} 156//return the item we received, can be null if we timed out 157result = c.getItem(); 158} else { 159//we have an object, release 160lock.unlock(); 161} 162} finally { 163if (lock.isHeldByCurrentThread()) { 164lock.unlock(); 165} 166} 167return result; 168} David Bullock Machaira Enterprises Pty Ltd PO Box 31 Canowindra NSW 2804 02 6344 1100 http://machaira.com.au/ On 21 November 2013 04:58, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marko, On 11/20/13, 12:07 PM, marko lugarič wrote: I have repeated the test with logAbandoned set to true and left it half hour after pool is empty. There are a lot of exceptions (Pool empty. Unable to fetch a connection in 15 seconds and Pool wait interrupted) but i don't know what exactly to search (search with Abandoned did not produce anything). I have already tried using StatementFinalizer interceptor but it did not do anything to prevent pool from being empty. Can you work-up a simple testcase webapp and load test to reproduce this problem? If so, please file a bug against tomcat-pool in Bugzilla and attach the simple webapp and test harness. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjPhBAAoJEBzwKT+lPKRYQxIQAMHi+9z9jCbzulHiXns/Mt3p J6w6K6nFCbDOgj7noYfwGf2eBINPQ77ywhF56pzBgn6v2wXWG21NRXTLfHxJJM/s i1Ol9qp9mEUz3gmcumHbXU+RBBn1CbSh6D8cdVZDsX6tGF4BuzNtseZ0PRq7ZI5A fi6dyPA5sZf1skfHIOBhmWT7VB7UGud03YmxnKhe3e7N2ZtDN2AJYNhU0haSHd1m 1DGlCYxmMlK5mbqRA3RGWFTrnDmEvhBnSTLJaLywAojN8XHnNAH4fx4+MCT5GXrV h1EL1PhvFnpbQ5haTOHNIwCNtW3OPwdLsXXVimOVF6UvEZepF3pDJUL0KVV+Kfem p+r5BjkcjZ7LYirDBPFCsIovSwFcLrLScPUKbDHhF0Re5E7K7EtXuVuGGCJqWRsf 8w8Z2pcyBIhX85+D+kBZ2m6MFODXnEqTQeGbFhzffuPXV/DuvipARpFg9s8uo1ws 85NEtFzHjNblgxVxFaEgbbWulKT1ZNZerAMRnGDh9W2ngMjwYuQfevbJghUkM5b4 nMc/aNU2mg10lneRwTUIJ0f/aGfiCQegjSSEYGIDi1LcDHDkI4GPmMz3gGIfItBs yBEWXKn8aqVqVEVKjFzq5tD0kw9zyCEErYJH6N7o0HYmHHYfPxgz5Cr8gnnayUac Ru2Z7Ur1lnZZnC72oUwz =bJFf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail:
Re: [OT] Curious difference in connection behaviour on database side DBCP vs. JDBC?
On 20.11.2013, at 14:21, Christopher Schultz ch...@christopherschultz.net wrote: Rainer, FWIW, Connection.close also states this: Releases this Connection object's database and JDBC resources immediately instead of waiting for them to be automatically released. Does that mean that all connection pools by design are in direct violation of the JDBC spec? I assume you’re referring to the Releases this Connection object's database resources” part, then yes, they’re in violation of the letter of the API spec. I’m not sure whether the Javadoc is regarded as binding as the spec document though. And following the letter would indeed defy the very purpose of the pool. The other pools that I know do free the JDBC resources though. And that’s the part of the behavior that is really visible to the application. (And yes, Javadoc says it is best practice to explicitly close the JDBC resources as early as possible, but it also states that one can get away with not doing so). I also think that this is a justifiable spec violation, and all I’m asking is that this fact is shown more prominently, esp. as JDBC pool is advertised as a drop-in replacement for DBCP. Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org