Re: Apache Tomcat Summit at ApacheCon NA 2014
2014-01-23 Mark Thomas ma...@apache.org ApacheCon NA will be in Denver 7th to 11th April. The schedule for ApacheCon NA 2014 has been firmed up. There is an opportunity for a project summit on either the Thursday or the Friday. Since the BarCamp has been scheduled for the Thursday the Friday seems like the better option. We have complete flexibility as to the organisation of the Summit. One possible topic is with the Java EE 7 work pretty much complete, what new features is the community interested in between now and when the Java EE 8 work starts? Other suggestions for topics welcome. To get this up and running we need an idea of how many folks might want to attend so please reply to this thread on the users list if: - you are interested in attending - you have a topic / some topics to suggest Thanks, Mark I'm going to participate in ApacheCon. And I'm interested in these events. If these events are to be held, I'm going to join with pleasure. -- Keiichi.Fujino
Tomcat as Windows service under technical user
Hi everybody, I would like to run a Tomcat 7.0.47 as Windows service. But that service shall not be executed as Administrator but as a local technical user. That user is existent, let's call it A. The account is secured with password B. The question is, how do I install Tomcat as a service (that starts at Windows startup) as the technical user A? I tried various commands, but didn't get it working. Any ideas, solutions? Thanks Stefan
Re: Tomcat as Windows service under technical user
2014/1/27 Strobel, Stefan (TS IC) stefan.stro...@hp.com: Hi everybody, I would like to run a Tomcat 7.0.47 as Windows service. But that service shall not be executed as Administrator but as a local technical user. That user is existent, let's call it A. The account is secured with password B. The question is, how do I install Tomcat as a service (that starts at Windows startup) as the technical user A? I tried various commands, but didn't get it working. Any ideas, solutions? Once the service installed, you can change the User with the sc utility : sc.exe config serviceName obj= domain\username password= password Thanks Stefan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Implementing JAAS with Geronimo LDAPPlugin
Hi all, I'm fairly new to Tomcat and to this mailing list, so apologies in advance if not being clear in explaining my problem. I'm tasked with the implementation of JAAS for a web application by leveraging the existing LDAP server (MSAD) present at our company. The first problem I faced was due to the fact that the bundled LDAPplugin doesn't support authentication so I needed a enhanced one. I read that the Geronimo's LDAPLoginModule can be of help and I decided to follow that path. - I downloaded the Geronimo's zip file, [1] - I extracted the LDAPplugin jar file [2] and copied inside Tomcat's lib directory - I configured the jaas.config file [3] and configured it in the Tomcat startup command line [4] - I modified the server.xml by defining the Realm [5] - I modified my test application by requiring BASIC authentication for the dummy protected resource [6] I know that the jaas.config file comes read because at first I had syntax problems reported in catalina.err and now fixed. Now I can access the application by having a popup asking me to bind, BUT the application doesn't permit me to access (it asks me to authenticate again). With tcpdump I can see that the tcp connection to the LDAP server is not even tried However, I can't see any error in catalina.out or catalina.err. Could you tell me if, in your opinion, I have done something wrong? What would you suggest to do in order to at least augment the possibility to see the error logged? Thanks in advance Marco [1] geronimo-tomcat7-javaee6-3.0.1-bin.zip [2] geronimo-security-3.0.1.jar [3] This is the (sanitized) content of my jaas.config GERONIMO { org.apache.geronimo.security.realm.providers.LDAPLoginModule REQUIRED initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connectionURL=ldap://test.com:389; connectionUsername=uid=test,ou=mycompany,dc=test,dc=com connectionPassword=test connectionProtocol= authentication=simple userBase=ou=employee,dc=test,dc=com userSearchMatching=uid={0} userSearchSubtree=true roleBase=ou=groups,dc=test,dc=com roleName=cn roleSearchMatching=(member={0}) roleSearchSubtree=true userRoleName=member; }; [4] -Djava.security.auth.login.config==/opt/tomcat/conf/jaas.config [5] This is the line I added inside Engine Realm className=org.apache.catalina.realm.JAASRealm appName=testPrincipals debug=9/ [6] ?xml version=1.0 encoding=UTF-8? web-app xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns=http://java.sun.com/xml/ns/javaee; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; id=WebApp_ID version=2.5 display-nametestPrincipals/display-name welcome-file-list welcome-fileindex.html/welcome-file welcome-fileindex.htm/welcome-file welcome-fileindex.jsp/welcome-file welcome-filedefault.html/welcome-file welcome-filedefault.htm/welcome-file welcome-filedefault.jsp/welcome-file /welcome-file-list security-constraint display-nameAdminConstraint/display-name web-resource-collection web-resource-nameAdmin/web-resource-name descriptionOnly for administrators/description url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint description/ role-nameMy_LDAP_Group/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameGERONIMO/realm-name /login-config security-role descriptionAdministrators/description role-nameMy_LDAP_Group/role-name /security-role /web-app - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing JAAS with Geronimo LDAPPlugin
On 27/01/2014 09:43, Marco Pizzoli wrote: Hi all, I'm fairly new to Tomcat and to this mailing list, so apologies in advance if not being clear in explaining my problem. I'm tasked with the implementation of JAAS for a web application by leveraging the existing LDAP server (MSAD) present at our company. Do you have to use JAAS? If you used the JNDI Realm you could take advantage of SPNEGO support. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing JAAS with Geronimo LDAPPlugin
Hi Mark, Thanks for your reply. Yes I expressly need JAAS. This is a requirement coming from the provider of an external software vendor. It leverages principals. Marco On Mon, Jan 27, 2014 at 10:47 AM, Mark Thomas ma...@apache.org wrote: On 27/01/2014 09:43, Marco Pizzoli wrote: Hi all, I'm fairly new to Tomcat and to this mailing list, so apologies in advance if not being clear in explaining my problem. I'm tasked with the implementation of JAAS for a web application by leveraging the existing LDAP server (MSAD) present at our company. Do you have to use JAAS? If you used the JNDI Realm you could take advantage of SPNEGO support. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing JAAS with Geronimo LDAPPlugin
On this list, please do not top-post. Read the list rules. Reply below the question, it is easier for everyone to figure out what you are responding to. See below. On Mon, Jan 27, 2014 at 10:47 AM, Mark Thomas ma...@apache.org wrote: On 27/01/2014 09:43, Marco Pizzoli wrote: Hi all, I'm fairly new to Tomcat and to this mailing list, so apologies in advance if not being clear in explaining my problem. I'm tasked with the implementation of JAAS for a web application by leveraging the existing LDAP server (MSAD) present at our company. Do you have to use JAAS? If you used the JNDI Realm you could take advantage of SPNEGO support. Marco Pizzoli wrote: Hi Mark, Thanks for your reply. Yes I expressly need JAAS. This is a requirement coming from the provider of an external software vendor. It leverages principals. For info : Quite apart from which solution you are using, there are a number of reasons why a Windows-domain like authentication may not be working. - the workstation has to be in the domain (seems evident, but for example that it will not work if the workstation accesses this server from the Internet; in some VPN cases, it may also not work) - the Tomcat server itself has to be recognised as being a member of the same Domain, or a trusted Domain - Windows on the workstation must consider the Tomcat server as at least a trusted host - the browser used may also have restrictions as to what host it will even attempt to do a WIA authentication with. (WIA = Windows Integrated Authentication) In other words : even if the add-on modules server-side should work and even if your configuration server-side seems to be ok, there might be workstation-side reasons why this is not working, and you must make sure that these possible reasons are also eliminated. If the brower, for whatever reason, is not even trying a WIA, then the server side will not show any attempt to do the corresponding authentication. Which seems to be your case, as you describe it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing JAAS with Geronimo LDAPPlugin
On Mon, Jan 27, 2014 at 1:20 PM, André Warnier a...@ice-sa.com wrote: On this list, please do not top-post. Read the list rules. Reply below the question, it is easier for everyone to figure out what you are responding to. See below. On Mon, Jan 27, 2014 at 10:47 AM, Mark Thomas ma...@apache.org wrote: On 27/01/2014 09:43, Marco Pizzoli wrote: Hi all, I'm fairly new to Tomcat and to this mailing list, so apologies in advance if not being clear in explaining my problem. I'm tasked with the implementation of JAAS for a web application by leveraging the existing LDAP server (MSAD) present at our company. Do you have to use JAAS? If you used the JNDI Realm you could take advantage of SPNEGO support. Marco Pizzoli wrote: Hi Mark, Thanks for your reply. Yes I expressly need JAAS. This is a requirement coming from the provider of an external software vendor. It leverages principals. For info : Quite apart from which solution you are using, there are a number of reasons why a Windows-domain like authentication may not be working. - the workstation has to be in the domain (seems evident, but for example that it will not work if the workstation accesses this server from the Internet; in some VPN cases, it may also not work) - the Tomcat server itself has to be recognised as being a member of the same Domain, or a trusted Domain - Windows on the workstation must consider the Tomcat server as at least a trusted host - the browser used may also have restrictions as to what host it will even attempt to do a WIA authentication with. (WIA = Windows Integrated Authentication) In other words : even if the add-on modules server-side should work and even if your configuration server-side seems to be ok, there might be workstation-side reasons why this is not working, and you must make sure that these possible reasons are also eliminated. If the brower, for whatever reason, is not even trying a WIA, then the server side will not show any attempt to do the corresponding authentication. Which seems to be your case, as you describe it. Hi Andre', you're right. Sorry for having top-posted. Coming to your answer, I never talked about WIA (Windows Integrated Authentication) but just LDAP. I'm just interested in learning how to integrate Tomcat with LDAP by leveraging the JAAS framework. My MSAD is being used, in this context at least, as a pure LDAP directory. I'm not interested in leveraging any workstation-side authentication (kerberos/spnego/etc..). Thanks for having answered Marco - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JAVA_OPTS vs CATALINA_OPTS
Hi, Dan. Thanks for replay. he JVM is only going to accept one value for Xmx and Xms. Specifying the same options in JAVA_OPTS and CATALINA_OPTS would just be confusing. As I says before - we have few Java-application on same machine. So - for them needs to set Xmx 1G, but for Tomcat - 4G. Don’t set these as system variables. You’d want to define them in setenv.bat Again, don’t set system variables for these. There’s no reason to set them system wide. Same reason - few Java-applications wich all need same Java_opts (exclude Tomcat). Since you’re on Windows, you’re probably running as a service and that’s going to be a bit different No, Tomcat started via command line (rather - from .bat script wich call %catalina_home%/bin/startup.bat). 2014/1/27 Daniel Mikusa dmik...@gopivotal.com On Jan 27, 2014, at 9:21 AM, Арсений Зинченко setev...@gmail.com wrote: Hi. I'm sorry for so kindly question - but needs experts advice... We have a little dispute with my colleague about using this variables. So: have Windows-box machine. On it - runing few different Java-application, including Tomcat. Needs to set memory for Tomcat other, than for all other Java-applications. My proposal is set to System variables: JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M” Don’t set these as system variables. You’d want to define them in setenv.bat if you’re running from the command prompt or with the Windows Service utility (either [1] or [2]), if you’re running as a service. But, as he asserts - this is not correct way: - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc; There are no restrictions to what you can set in CATALINA_OPTS. You could put your memory setting there if you wanted. Having said that, if you’re running as a Windows service then you wouldn’t. You'd set your heap memory settings through the service wrapper (either [1] or [2]). If you’re running from the console (not likely) or on Linux / Unix then you’d set your heap settings in the setenv.sh|bat script. Again, you could put memory settings in CATALINA_OPTS or in JAVA_OPTS. Setting them in CATALINA_OPTS is generally a better choice though because settings in CATALINA_OPTS are only applied when Tomcat is started. If you set them in JAVA_OPTS then they’ll be applied when you start and stop the instance, something you probably don’t want for your heap settings. - Java Garbage collector will work differently because JAVA_OPTS have another opts for memory then CATALINA_OPTS, so - this will worse Tomcat performance; I’m not sure I follow your logic here. The JVM is only going to accept one value for Xmx and Xms. Specifying the same options in JAVA_OPTS and CATALINA_OPTS would just be confusing. - and so on His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat startup script (not as system variable at all). Again, don’t set system variables for these. There’s no reason to set them system wide. So, my question is: is it correct to set memory limits for Tomcat via CATALINA_OPTS variable? Generally, but it depends on how you are starting Tomcat. Since you’re on Windows, you’re probably running as a service and that’s going to be a bit different. See above comments. If in system also present JAVA_OPTS - will it have influence on to Tomcat's performance? I think I answered this above. If it’s not clear, let me know. Thanks. Dan [1] - http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Command_line_parameters [2] - http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Tomcat7w_monitor_application - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nick, On 1/25/14, 11:12 AM, Nick Williams wrote: On Jan 24, 2014, at 12:05 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/24/14, 10:18 AM, Mark H. Wood wrote: On Thu, Jan 23, 2014 at 09:24:41PM -0500, Howard W. Smith, Jr. wrote: On Thu, Jan 23, 2014 at 2:08 PM, André Warnier a...@ice-sa.com wrote: Either people don't read the rules, or they do not understand the rule, or they just ignore it. I agree. As a tomcat/tomee user, I joined the list, primarily, to listen in on topics (that interest me), so I learned, very quickly, that top-posting is not preferred, here. snip / My biggest problem is that the Apache projects aren't all consistent. I'm a contributor to several (including a committer for Logging). Some use only top-posting and discourage bottom-posting. Others (Tomcat) use only bottom-posting and discourage top-posting. It's very frustrating and makes switching between project lists error-prone. I understand. My perspective is that the ASF is not one single community, but a collection of communities. Each project has its own community that is free to choose their mailing list policies, revision-control system (kind of), etc. Not all ASF projects use the same programming language(s), documentation strategies, etc. Singling-out mailing lists is kind of cherry-picking. One could complain about quite a few things. Again, it goes back to the community and what the general preferences are. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS5n3oAAoJEBzwKT+lPKRYHSEQAMDfKyNHXuFISRmTO0r2i1YI ljNldMkJGMb0D1EajCqfetzpSGG3X0XLOBmz4xRKzGYm4tbuzY1nvVy2e9vRqL2k N0rjcajMEvUf4kj+yDHF6ibk1Rqo6TVGcAmfM2gnsdj7Uu0dI/d77ayEeMI9DdhE xZB5EBbdaCU6Lm6duS88ZzYkNXUsIvxHh1C8MxiTsUGqBZkdd1ERCBHziGPBcuj3 2kVyxuqsZ/pLqasfMSM6fjcHF4ph7wfejidbqHDyn+3Uco4H8y63sljs5rHNPgQn p773IO+GBhjSjQ8QDv443qMZlItdCSQFyLCMUryrwtMoIjgnVnFxaOfPh9sI1e39 mlS/xZpMc/heCeuIV6fMauft+Zmoq34Z6PkBGZnd0tvmuDZ4B9U3opz8+9UOsjsC fJKGvaAJ9zlC3ne/PMyNGJ2LK2eDP7hN6+fhHU2LY2po1wwcwltjvfH86KePuA+K yXjVQmvd2u12fJofn0xnPgDTx/JYCok7r0LTt/d5nBA9OgkuXVlER7uGiAo8Ny1Y HYsWBb2y68hlCk2LgHsh4py8U3DQZRYpS/bKNKqgRPYDikI4CEQGDyMEsAQZbTjy PmjhiofvkGdAwvWcxVH1wAhe00fY7UGOi8v7KYs2PYEJq2WR3mXCOLaWWXbPODEn 75Z18Bzq0HlJfd3c+z3S =TWSF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JAVA_OPTS vs CATALINA_OPTS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Арсений, On 1/27/14, 9:21 AM, Арсений Зинченко wrote: We have a little dispute with my colleague about using this variables. So: have Windows-box machine. On it - runing few different Java-application, including Tomcat. Needs to set memory for Tomcat other, than for all other Java-applications. My proposal is set to System variables: JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M But, as he asserts - this is not correct way: - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc; - Java Garbage collector will work differently because JAVA_OPTS have another opts for memory then CATALINA_OPTS, so - this will worse Tomcat performance; - and so on Tomcat runs Java roughly in this way: $JAVA_HOME/bin/java $JAVA_OPTS $CATALINA_OPTS \ org.apache.catalina.startup.Bootstrap If you have these options configured using both environment variables, then CATALINA_OPTS (the later one) will win because that's how the JVM parses arguments: the last one on the command-line wins. So, it's perfectly safe to do what you have described above. On the other hand, note that since JAVA_OPTS specifies 0.5GiB of heap space for when you are /not/ launching Tomcat, then running bin\shutdown.bat will pre-allocate 0.5GiB of heap space just to send the shutdown command to a running Tomcat instance, and then terminate. It's kind of a waste. I totally agree with Dan's comments about how using system variables: just use bin/setenv.bat and keep everything locally. His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat startup script (not as system variable at all). +1 So, my question is: is it correct to set memory limits for Tomcat via CATALINA_OPTS variable? If in system also present JAVA_OPTS - will it have influence on to Tomcat's perfarmance? See above. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS5n9ZAAoJEBzwKT+lPKRYXJAQAIoI/6t21bVVHXGH+KZDVOvy e+YsyWJRdRtFCDCIc+Y3YtY+8q+uDQRyqBQyJLNgdmkNEdbrGf1a/n74Mg4bNilA GxOi7D75tiMni3T4rz4nUc5nyTnCOBNYuitrpjZMWfvd/ajHdSAEWuivGa87A/oL C7Y4Bu6KB+2dwNifOwYWPzRq9yl+25G7SBo+URH8HMTHVEBVrDYflTudX0q9D4XI XK5CNTiOQvfKgu/3HCjcZSq75LspTIC0Kw9P+GRX9PoJJCvAlF3TQgLghJ9S3YOT l0n3A5UE2cZycUv3NEJrdoerWbYsbDexq47eeQ2CMVoHeTBBFDAZK4uR7EneFsea 89WI39tNT0+jrScFQ7eKCv72yxUb05gunOnWMHe23vx10BXVT2at8jvgSlJs2SSy co2B9PrNqwZRZtzZCS38A5DmXts9KlEFnc7bd5Fu4ME4jEs/sODd8+CXc9Fpsmee 68v2w0avaAKjngvirhMq+X12t+NZSIK5TTsz9XA36AGEnDEAgWZUNQ/6GSG2oA2F tiQzIKkl/MTl8ZEYbI0ZydQgsdhbdvcQ+51dRsqlk1wj+Rlp9d3rOnUgtHn0w4xO wUid16DjQyCKiqBw+2ATpf6bK1m/cCKQxbkBmfMUXa4wR9Hok3M0fCwsJrHOt74T 1k9HFMAfUZSNelfdCvsC =M2Q+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JAVA_OPTS vs CATALINA_OPTS
On Jan 27, 2014, at 10:36 AM, Арсений Зинченко setev...@gmail.com wrote: Hi, Dan. Thanks for replay. he JVM is only going to accept one value for Xmx and Xms. Specifying the same options in JAVA_OPTS and CATALINA_OPTS would just be confusing. As I says before - we have few Java-application on same machine. So - for them needs to set Xmx 1G, but for Tomcat - 4G. I’m not sure how this is relevant. I understand that you have multiple applications running, but it doesn’t matter. Each application you run will have it’s own JVM with it’s own Xmx and Xms settings. If you set Xmx or Xms twice for one JVM, which is essentially what you’re doing when you put them in both JAVA_OPTS and CATALINA_OPTS that would just be confusing. It’s won’t directly cause a problem, the JVM will pick one and ignore the others, but it’s confusing to someone looking at your configuration. Don’t set these as system variables. You’d want to define them in setenv.bat Again, don’t set system variables for these. There’s no reason to set them system wide. Same reason - few Java-applications wich all need same Java_opts (exclude Tomcat). This is just my opinion. There’s nothing to prevent you from setting these values system wide. I would suggest that you don’t though. It’s just going to be confusing. Set the values in the configuration for each Java application / Tomcat instance. Then it’s immediately clear which value is being used for which application. Since you’re on Windows, you’re probably running as a service and that’s going to be a bit different No, Tomcat started via command line (rather - from .bat script wich call %catalina_home%/bin/startup.bat). Ok then. You’ll want to create the file bin/setenv.bat for each of your Tomcat instances. In that file, you can set JAVA_OPTS and / or CATALINA_OPTS. As I mentioned before, I’d suggest putting your heap options in CATALINA_OPTS. Dan 2014/1/27 Daniel Mikusa dmik...@gopivotal.com On Jan 27, 2014, at 9:21 AM, Арсений Зинченко setev...@gmail.com wrote: Hi. I'm sorry for so kindly question - but needs experts advice... We have a little dispute with my colleague about using this variables. So: have Windows-box machine. On it - runing few different Java-application, including Tomcat. Needs to set memory for Tomcat other, than for all other Java-applications. My proposal is set to System variables: JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M” Don’t set these as system variables. You’d want to define them in setenv.bat if you’re running from the command prompt or with the Windows Service utility (either [1] or [2]), if you’re running as a service. But, as he asserts - this is not correct way: - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc; There are no restrictions to what you can set in CATALINA_OPTS. You could put your memory setting there if you wanted. Having said that, if you’re running as a Windows service then you wouldn’t. You'd set your heap memory settings through the service wrapper (either [1] or [2]). If you’re running from the console (not likely) or on Linux / Unix then you’d set your heap settings in the setenv.sh|bat script. Again, you could put memory settings in CATALINA_OPTS or in JAVA_OPTS. Setting them in CATALINA_OPTS is generally a better choice though because settings in CATALINA_OPTS are only applied when Tomcat is started. If you set them in JAVA_OPTS then they’ll be applied when you start and stop the instance, something you probably don’t want for your heap settings. - Java Garbage collector will work differently because JAVA_OPTS have another opts for memory then CATALINA_OPTS, so - this will worse Tomcat performance; I’m not sure I follow your logic here. The JVM is only going to accept one value for Xmx and Xms. Specifying the same options in JAVA_OPTS and CATALINA_OPTS would just be confusing. - and so on His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat startup script (not as system variable at all). Again, don’t set system variables for these. There’s no reason to set them system wide. So, my question is: is it correct to set memory limits for Tomcat via CATALINA_OPTS variable? Generally, but it depends on how you are starting Tomcat. Since you’re on Windows, you’re probably running as a service and that’s going to be a bit different. See above comments. If in system also present JAVA_OPTS - will it have influence on to Tomcat's performance? I think I answered this above. If it’s not clear, let me know. Thanks. Dan [1] - http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Command_line_parameters [2] - http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Tomcat7w_monitor_application
Re: JAVA_OPTS vs CATALINA_OPTS
Thanks, Christopher. OK, what about next: Set JAVA_OPTS as system variable (for all other applications); and create setenv.bat in /bin/ directory with CATALINA_OPTS whith Xmx/Xms for Tomcat? Will it be more correctly than set CATALINA_OPTS as System variable? Or - by the way, in setevn.bat must be used JAVA_OPTS too? https://plus.google.com/u/0/113253806461878935497?prsrc=4 2014/1/27 Christopher Schultz ch...@christopherschultz.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Арсений, On 1/27/14, 9:21 AM, Арсений Зинченко wrote: We have a little dispute with my colleague about using this variables. So: have Windows-box machine. On it - runing few different Java-application, including Tomcat. Needs to set memory for Tomcat other, than for all other Java-applications. My proposal is set to System variables: JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M But, as he asserts - this is not correct way: - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc; - Java Garbage collector will work differently because JAVA_OPTS have another opts for memory then CATALINA_OPTS, so - this will worse Tomcat performance; - and so on Tomcat runs Java roughly in this way: $JAVA_HOME/bin/java $JAVA_OPTS $CATALINA_OPTS \ org.apache.catalina.startup.Bootstrap If you have these options configured using both environment variables, then CATALINA_OPTS (the later one) will win because that's how the JVM parses arguments: the last one on the command-line wins. So, it's perfectly safe to do what you have described above. On the other hand, note that since JAVA_OPTS specifies 0.5GiB of heap space for when you are /not/ launching Tomcat, then running bin\shutdown.bat will pre-allocate 0.5GiB of heap space just to send the shutdown command to a running Tomcat instance, and then terminate. It's kind of a waste. I totally agree with Dan's comments about how using system variables: just use bin/setenv.bat and keep everything locally. His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat startup script (not as system variable at all). +1 So, my question is: is it correct to set memory limits for Tomcat via CATALINA_OPTS variable? If in system also present JAVA_OPTS - will it have influence on to Tomcat's perfarmance? See above. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS5n9ZAAoJEBzwKT+lPKRYXJAQAIoI/6t21bVVHXGH+KZDVOvy e+YsyWJRdRtFCDCIc+Y3YtY+8q+uDQRyqBQyJLNgdmkNEdbrGf1a/n74Mg4bNilA GxOi7D75tiMni3T4rz4nUc5nyTnCOBNYuitrpjZMWfvd/ajHdSAEWuivGa87A/oL C7Y4Bu6KB+2dwNifOwYWPzRq9yl+25G7SBo+URH8HMTHVEBVrDYflTudX0q9D4XI XK5CNTiOQvfKgu/3HCjcZSq75LspTIC0Kw9P+GRX9PoJJCvAlF3TQgLghJ9S3YOT l0n3A5UE2cZycUv3NEJrdoerWbYsbDexq47eeQ2CMVoHeTBBFDAZK4uR7EneFsea 89WI39tNT0+jrScFQ7eKCv72yxUb05gunOnWMHe23vx10BXVT2at8jvgSlJs2SSy co2B9PrNqwZRZtzZCS38A5DmXts9KlEFnc7bd5Fu4ME4jEs/sODd8+CXc9Fpsmee 68v2w0avaAKjngvirhMq+X12t+NZSIK5TTsz9XA36AGEnDEAgWZUNQ/6GSG2oA2F tiQzIKkl/MTl8ZEYbI0ZydQgsdhbdvcQ+51dRsqlk1wj+Rlp9d3rOnUgtHn0w4xO wUid16DjQyCKiqBw+2ATpf6bK1m/cCKQxbkBmfMUXa4wR9Hok3M0fCwsJrHOt74T 1k9HFMAfUZSNelfdCvsC =M2Q+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 not honoring maxThreads configuration in catalina.properties and activeCount not going beyond 200
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 akshay, On 1/26/14, 2:04 PM, akshay hiremath wrote: On Friday, January 24, 2014 7:04 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014/1/24 akshay hiremath akshay...@yahoo.com: Through some trials found that its not enough to increase the Executors thread count(maxThreads for Executor element) but also need to increase the Connectors thread count(maxThreads for Connector element). This behavior is not actually clearly captured in tomcat documentation says 1. The rules: http://tomcat.apache.org/lists.html#tomcat-users - 6. do not top-post, 7. do not send attachments 2. Are you sure that you are actually using an Executor? In your original port there is no guarantee that the executor attribute of your Connector matches the name of an Executor that you declared. If the Executor does not exist, the attribute will be ignored. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org 1. The rules: http://tomcat.apache.org/lists.html#tomcat-users - 6. do not top-post, 7. do not send attachments Sorry about Top posting. i didn't know about top post issue. Now I'm taking care of this. In your original port there is no guarantee that the executor attribute of your Connector matches the name of an Executor that you declared. If the Executor does not exist, the attribute will be ignored. I'm using the Executor in the connector. In case if you have missed my original post portions because of my wrong top posting. server.xml content: Executor name=tomcatThreadPool namePrefix=${server.service-Catalina.executor-tomcatThreadPool.namePrefix} maxThreads=${server.service-Catalina.executor-tomcatThreadPool.maxThreads} minSpareThreads=${server.service-Catalina.executor-tomcatThreadPool.minSpareThreads}/ Executor's name: tomcatThreadPool Connector executor=${server.service-Catalina.connector.http1.1.executor} Executor reference: ${server.service-Catalina.connector.http1.1.executor}. Depending upon the value of all that mess, you might not have the right executor name. How about showing us the segment of the server.xml that actually gets used by Tomcat, instead of the ant-processed template file? server.service-Catalina.connector.http1.1.executor=tomcatThreadPool Are you sure? Try connecting with JMX and taking a look at the connector's executor name. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS5oJvAAoJEBzwKT+lPKRYjPoP/1zfNtlQ0hgFDcl1mZ2eq+Jj tqTKF/MsRBAOy+FA/eLp8KOaJpS/JpcjVmf7tXdIykeTCREcIgDUYWVgieOL+Imv /FhQ2T+upqX0fAzleB3m/WKRMZnH6n9nmL/UpUr/6++L+d+IsCz4KqXSXazgOGIl vJF9dVW+YcKh8bd43BYSjR/Sj54ucysNjr/OzJipjJFmVuIBa1djR+uCO+732r8A PQCplEVzGCLDOhZepMc3mBXgBk5fAmTMm4QtCqAP3b2/BSwmi28vvR0Vom2rfnEF OZXUuyZm++tMPSSRzsLUaCADC9+Dt+qyFvQ2IL7jGmxBrjSBY4jz1QZ8APpG1Kh7 CQXoPyXbJ/iKx/qFvZLscmcnGQZfK4h++lSZNy3Zx8qhD7BgbwKxQRC+c1BzXhgC SLIeijO+wvcDVipUCYzki5zWDtVgdyGfEDOZ8MhOqrD6VA4hLONVcX4HkQXjqsjB eB4KWpNJ3+q/rO6nCm8FqReXuawr6y6G9S10ZRrcF+eZj9cbn18G8JcHlE3rhwxh 3UoJDIUfPwyV+0jDc9aAacnzVdn1bQPbxvMxD3bAWFGOLDiQe+fZtEQKnAQnVmUz 1yY/3SWRLfqDZ47BKdMTZ/3rwfh8MZ6US+fBatZTU3AkvQk2k4WYvA4/BxwaoLXo 2V2+2DzR85y3gl0Jqu0W =Eo47 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing JAAS with Geronimo LDAPPlugin
2014-01-27 Marco Pizzoli marco.pizz...@gmail.com: Hi all, I'm fairly new to Tomcat and to this mailing list, so apologies in advance if not being clear in explaining my problem. I'm tasked with the implementation of JAAS for a web application by leveraging the existing LDAP server (MSAD) present at our company. (...) - I modified the server.xml by defining the Realm [5] (...) [5] This is the line I added inside Engine Realm className=org.apache.catalina.realm.JAASRealm appName=testPrincipals debug=9/ 1. Beware that only one Realm is allowed in an Engine. There is one defined there by default. You should have replaced it, not added a new one. http://svn.apache.org/viewvc?view=revisionrevision=1556784 2. If you want to run with a debugger https://wiki.apache.org/tomcat/FAQ/Developing#Debugging Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JAVA_OPTS vs CATALINA_OPTS
On Jan 27, 2014, at 9:21 AM, Арсений Зинченко setev...@gmail.com wrote: Hi. I'm sorry for so kindly question - but needs experts advice... We have a little dispute with my colleague about using this variables. So: have Windows-box machine. On it - runing few different Java-application, including Tomcat. Needs to set memory for Tomcat other, than for all other Java-applications. My proposal is set to System variables: JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M” Don’t set these as system variables. You’d want to define them in setenv.bat if you’re running from the command prompt or with the Windows Service utility (either [1] or [2]), if you’re running as a service. But, as he asserts - this is not correct way: - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc; There are no restrictions to what you can set in CATALINA_OPTS. You could put your memory setting there if you wanted. Having said that, if you’re running as a Windows service then you wouldn’t. You'd set your heap memory settings through the service wrapper (either [1] or [2]). If you’re running from the console (not likely) or on Linux / Unix then you’d set your heap settings in the setenv.sh|bat script. Again, you could put memory settings in CATALINA_OPTS or in JAVA_OPTS. Setting them in CATALINA_OPTS is generally a better choice though because settings in CATALINA_OPTS are only applied when Tomcat is started. If you set them in JAVA_OPTS then they’ll be applied when you start and stop the instance, something you probably don’t want for your heap settings. - Java Garbage collector will work differently because JAVA_OPTS have another opts for memory then CATALINA_OPTS, so - this will worse Tomcat performance; I’m not sure I follow your logic here. The JVM is only going to accept one value for Xmx and Xms. Specifying the same options in JAVA_OPTS and CATALINA_OPTS would just be confusing. - and so on His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat startup script (not as system variable at all). Again, don’t set system variables for these. There’s no reason to set them system wide. So, my question is: is it correct to set memory limits for Tomcat via CATALINA_OPTS variable? Generally, but it depends on how you are starting Tomcat. Since you’re on Windows, you’re probably running as a service and that’s going to be a bit different. See above comments. If in system also present JAVA_OPTS - will it have influence on to Tomcat's performance? I think I answered this above. If it’s not clear, let me know. Thanks. Dan [1] - http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Command_line_parameters [2] - http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Tomcat7w_monitor_application - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JAVA_OPTS vs CATALINA_OPTS
Hi. I'm sorry for so kindly question - but needs experts advice... We have a little dispute with my colleague about using this variables. So: have Windows-box machine. On it - runing few different Java-application, including Tomcat. Needs to set memory for Tomcat other, than for all other Java-applications. My proposal is set to System variables: JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M But, as he asserts - this is not correct way: - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc; - Java Garbage collector will work differently because JAVA_OPTS have another opts for memory then CATALINA_OPTS, so - this will worse Tomcat performance; - and so on His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat startup script (not as system variable at all). So, my question is: is it correct to set memory limits for Tomcat via CATALINA_OPTS variable? If in system also present JAVA_OPTS - will it have influence on to Tomcat's perfarmance? Thanks.
Re: JAVA_OPTS vs CATALINA_OPTS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Арсений, On 1/27/14, 10:58 AM, Арсений Зинченко wrote: Thanks, Christopher. OK, what about next: Set JAVA_OPTS as system variable (for all other applications); and create setenv.bat in /bin/ directory with CATALINA_OPTS whith Xmx/Xms for Tomcat? Will it be more correctly than set CATALINA_OPTS as System variable? Or - by the way, in setevn.bat must be used JAVA_OPTS too? https://plus.google.com/u/0/113253806461878935497?prsrc=4 2014/1/27 Christopher Schultz ch...@christopherschultz.net Арсений, On 1/27/14, 9:21 AM, Арсений Зинченко wrote: We have a little dispute with my colleague about using this variables. So: have Windows-box machine. On it - runing few different Java-application, including Tomcat. Needs to set memory for Tomcat other, than for all other Java-applications. My proposal is set to System variables: JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M But, as he asserts - this is not correct way: - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc; - Java Garbage collector will work differently because JAVA_OPTS have another opts for memory then CATALINA_OPTS, so - this will worse Tomcat performance; - and so on Tomcat runs Java roughly in this way: $JAVA_HOME/bin/java $JAVA_OPTS $CATALINA_OPTS \ org.apache.catalina.startup.Bootstrap If you have these options configured using both environment variables, then CATALINA_OPTS (the later one) will win because that's how the JVM parses arguments: the last one on the command-line wins. So, it's perfectly safe to do what you have described above. On the other hand, note that since JAVA_OPTS specifies 0.5GiB of heap space for when you are /not/ launching Tomcat, then running bin\shutdown.bat will pre-allocate 0.5GiB of heap space just to send the shutdown command to a running Tomcat instance, and then terminate. It's kind of a waste. I totally agree with Dan's comments about how using system variables: just use bin/setenv.bat and keep everything locally. His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat startup script (not as system variable at all). +1 So, my question is: is it correct to set memory limits for Tomcat via CATALINA_OPTS variable? If in system also present JAVA_OPTS - will it have influence on to Tomcat's perfarmance? See above. -chris I would always recommend that you use bin/setenv.sh (or bin\setenv.bat) because you can then set the value differently for each Tomcat instance that you have. This becomes an issue if you have many different Tomcat instances, which I tend to do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS5oLSAAoJEBzwKT+lPKRY8BMP/06E75p4L2fx75ekKgyVFuVX vM/tBcP3ulHlEVHAzcTl+gNui4Px0hjRRdKBxU9in/gSRSsD2xkJJa5eXF0EvSn1 e9BNiVY78JZITSu1wBar0YmIf11EJEtGhhtj/fSkJUxIMhp9YYpM1s9CrxckkIef WFQZOnLVdWUq2xxkPiY8AbK7h5zDgo+riBd4HcSC6ymPT0oYCldGIZki7nZ8lxMb G3i52aTCiuaOlKYBhdKBsfDdkFJvqF+zZEXdsw+FKP+mKZvpEt5Fn1cWSTX7FXxS mWApl7J8FZW+zwX734qUw3ThLIbY2RCwT78VPkPcHK9rbWcKbI4UQ1WIGZeL5U+K IqX1MOIJ+dVCJ7rgvtjYWYlfDoovYqfJ6vCoPU5I3Xh0CMzGaKMZY/QZ+gFUXtdu 0ym/DQJB13cgjWbOi4YFeL8jNRjgui2UkdtThOzfSzL4eY3C+L5Ca0bb/ExReWTb X05q1RVeTB6rTScTYiPCNMKfZ7S2JnXcoXgEeHpKoGo8EPClKLGlLRmFplk/U4Do ZdCLLjCavrkEVg6pUEf7UZDJ/qH/VDC0nyNnqJJQHRhjUBh/bMR1yjrzNOnkLOeV x0BMEHK8ND76EZ0L5+bwZlAQxvCqjQ/vH1IBmrUsjS60rgMyocJB//UDIZOEOAiq 9MXTB+fLRv2ziADmiWJ1 =QPaR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JAVA_OPTS vs CATALINA_OPTS
OK, thanks - I'll do it from now (really - never used this file before, just now found reference to it in catalina.bat) . But - last question, please: in setenv.bat - must be used CATALINA_OPTS or JAVA_OPTS? 2014/1/27 Christopher Schultz ch...@christopherschultz.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Арсений, On 1/27/14, 10:58 AM, Арсений Зинченко wrote: Thanks, Christopher. OK, what about next: Set JAVA_OPTS as system variable (for all other applications); and create setenv.bat in /bin/ directory with CATALINA_OPTS whith Xmx/Xms for Tomcat? Will it be more correctly than set CATALINA_OPTS as System variable? Or - by the way, in setevn.bat must be used JAVA_OPTS too? https://plus.google.com/u/0/113253806461878935497?prsrc=4 2014/1/27 Christopher Schultz ch...@christopherschultz.net Арсений, On 1/27/14, 9:21 AM, Арсений Зинченко wrote: We have a little dispute with my colleague about using this variables. So: have Windows-box machine. On it - runing few different Java-application, including Tomcat. Needs to set memory for Tomcat other, than for all other Java-applications. My proposal is set to System variables: JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M But, as he asserts - this is not correct way: - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc; - Java Garbage collector will work differently because JAVA_OPTS have another opts for memory then CATALINA_OPTS, so - this will worse Tomcat performance; - and so on Tomcat runs Java roughly in this way: $JAVA_HOME/bin/java $JAVA_OPTS $CATALINA_OPTS \ org.apache.catalina.startup.Bootstrap If you have these options configured using both environment variables, then CATALINA_OPTS (the later one) will win because that's how the JVM parses arguments: the last one on the command-line wins. So, it's perfectly safe to do what you have described above. On the other hand, note that since JAVA_OPTS specifies 0.5GiB of heap space for when you are /not/ launching Tomcat, then running bin\shutdown.bat will pre-allocate 0.5GiB of heap space just to send the shutdown command to a running Tomcat instance, and then terminate. It's kind of a waste. I totally agree with Dan's comments about how using system variables: just use bin/setenv.bat and keep everything locally. His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat startup script (not as system variable at all). +1 So, my question is: is it correct to set memory limits for Tomcat via CATALINA_OPTS variable? If in system also present JAVA_OPTS - will it have influence on to Tomcat's perfarmance? See above. -chris I would always recommend that you use bin/setenv.sh (or bin\setenv.bat) because you can then set the value differently for each Tomcat instance that you have. This becomes an issue if you have many different Tomcat instances, which I tend to do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS5oLSAAoJEBzwKT+lPKRY8BMP/06E75p4L2fx75ekKgyVFuVX vM/tBcP3ulHlEVHAzcTl+gNui4Px0hjRRdKBxU9in/gSRSsD2xkJJa5eXF0EvSn1 e9BNiVY78JZITSu1wBar0YmIf11EJEtGhhtj/fSkJUxIMhp9YYpM1s9CrxckkIef WFQZOnLVdWUq2xxkPiY8AbK7h5zDgo+riBd4HcSC6ymPT0oYCldGIZki7nZ8lxMb G3i52aTCiuaOlKYBhdKBsfDdkFJvqF+zZEXdsw+FKP+mKZvpEt5Fn1cWSTX7FXxS mWApl7J8FZW+zwX734qUw3ThLIbY2RCwT78VPkPcHK9rbWcKbI4UQ1WIGZeL5U+K IqX1MOIJ+dVCJ7rgvtjYWYlfDoovYqfJ6vCoPU5I3Xh0CMzGaKMZY/QZ+gFUXtdu 0ym/DQJB13cgjWbOi4YFeL8jNRjgui2UkdtThOzfSzL4eY3C+L5Ca0bb/ExReWTb X05q1RVeTB6rTScTYiPCNMKfZ7S2JnXcoXgEeHpKoGo8EPClKLGlLRmFplk/U4Do ZdCLLjCavrkEVg6pUEf7UZDJ/qH/VDC0nyNnqJJQHRhjUBh/bMR1yjrzNOnkLOeV x0BMEHK8ND76EZ0L5+bwZlAQxvCqjQ/vH1IBmrUsjS60rgMyocJB//UDIZOEOAiq 9MXTB+fLRv2ziADmiWJ1 =QPaR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing JAAS with Geronimo LDAPPlugin
On Mon, Jan 27, 2014 at 3:17 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-01-27 Marco Pizzoli marco.pizz...@gmail.com: Hi all, I'm fairly new to Tomcat and to this mailing list, so apologies in advance if not being clear in explaining my problem. I'm tasked with the implementation of JAAS for a web application by leveraging the existing LDAP server (MSAD) present at our company. (...) - I modified the server.xml by defining the Realm [5] (...) [5] This is the line I added inside Engine Realm className=org.apache.catalina.realm.JAASRealm appName=testPrincipals debug=9/ 1. Beware that only one Realm is allowed in an Engine. There is one defined there by default. You should have replaced it, not added a new one. http://svn.apache.org/viewvc?view=revisionrevision=1556784 2. If you want to run with a debugger https://wiki.apache.org/tomcat/FAQ/Developing#Debugging Best regards, Konstantin Kolinko Thanks Konstantin, now I made one step further, I think. I defined a context within my application META-INF/context.xml . Now in catalina.err I am able to see an error: [cut] configfile: reading file:/opt/tomcat/conf/jaas.config configparser: Reading next config entry: GERONIMO configparser: org.apache.geronimo.security.realm.providers.LDAPLoginModule, REQUIRED configparser: connectionPassword=password configparser: roleBase=DC=mydc configparser: initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory configparser: roleName=cn configparser: connectionProtocol=SSL configparser: roleSearchMatching=member={0} configparser: roleSearchSubtree=true configparser: userRoleName=memberOf configparser: authentication=simple configparser: connectionUrl=ldaps://my.server.prod:636 configparser: userSearchSubtree=true configparser: connectionUsername=CN=my_ldap_read,OU=Service Accounts,DC=mydc configparser: userBaseDC=mydc= configparser: userSearchMatching=sAMAccountName={0} configfile: overriding other policies! Jan 27, 2014 5:18:10 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error javax.security.auth.login.LoginException: No LoginModules configured for testPrincipals at javax.security.auth.login.LoginContext.init(LoginContext.java:273) at javax.security.auth.login.LoginContext.init(LoginContext.java:418) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:166) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:724) Could you help me understanding what I should check? Thanks in advance again Marco - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 / Java 7
Hello, Is Tomcat 7.0.42 compatible with Java 7?http://stackoverflow.com/questions/9294355/is-tomcat-7-now-compatible-with-java-7 If yes, do you know if there is something special to migrate an existing installation of Tomcat 7/Java 6 to Tomcat 7/Java 7? -Ragini
Re: Tomcat 7 / Java 7
Yes it is compatible, and no, there is nothing you really need to do except to test your applications that they work too. On Mon, Jan 27, 2014 at 9:37 AM, Singh, Ragini rsi...@central.uh.eduwrote: Hello, Is Tomcat 7.0.42 compatible with Java 7? http://stackoverflow.com/questions/9294355/is-tomcat-7-now-compatible-with-java-7 If yes, do you know if there is something special to migrate an existing installation of Tomcat 7/Java 6 to Tomcat 7/Java 7? -Ragini
RE: JAVA_OPTS vs CATALINA_OPTS
From: Арсений Зинченко [mailto:setev...@gmail.com] Subject: Re: JAVA_OPTS vs CATALINA_OPTS in setenv.bat - must be used CATALINA_OPTS or JAVA_OPTS? Dan already explained this: Again, you could put memory settings in CATALINA_OPTS or in JAVA_OPTS. Setting them in CATALINA_OPTS is generally a better choice though because settings in CATALINA_OPTS are only applied when Tomcat is started. If you set them in JAVA_OPTS then they'll be applied when you start and stop the instance, something you probably don't want for your heap settings. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat JDBC Error
Good morning Mark, Can you please elaborate more as to what you meant by: com.mysql.jdbc.Driver must be present in one of your webapps. I'd expect it to be in a JAR that has mysql in the name. If you don't need it remove it. I meant that we don't have a mysql db. in our original integration. You also mention that it *must* be present, yet if I don't need it to remove it. Sorry a little confused on that statement, can you please clarify. Thanks and kind regards, Leo On Fri, Jan 24, 2014 at 10:31 AM, Mark Thomas ma...@apache.org wrote: On 24/01/2014 18:24, Leo Medina wrote: It's been a while since I installed tomcat and having some jdbc errors with version 6.0.20. Time to upgrade. We don't have a mysql.jdbc.driver com.mysql.jdbc.Driver must be present in one of your webapps. I'd expect it to be in a JAR that has mysql in the name. If you don't need it remove it. and uncertain why its trying to register this. Registration happens automatically when the app starts (the JVM does this). The warning you are seeing is about de-registration when the app stops. However we do have the oracle.jdbc.driver and the connections and driver location are accurate, though still having the following error and cannot crank start the application. Same as for mysql but obviously no need to remove it. Those memory leak problems are not what you need to worry about. They are triggered when Tomcat is trying to shut the app down after it fails to start. What you need to worry about is why it fails to start. Output from the catalina.2014-01-24.log Jan 24, 2014 9:25:22 AM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /apps/jdk1.6.0_16/jre/lib/amd64/server:/apps/jdk1.6.0_16/jre/lib/amd64:/apps/jdk1.6.0_16/jre/../lib/amd64:/usr/java/packages/lib/amd64:/lib:/usr/lib Jan 24, 2014 9:25:22 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8081 Jan 24, 2014 9:25:22 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1287 ms Jan 24, 2014 9:25:22 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Jan 24, 2014 9:25:22 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.26 Jan 24, 2014 9:25:22 AM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml Jan 24, 2014 9:25:23 AM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml Jan 24, 2014 9:25:23 AM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive rbacx.war Jan 24, 2014 9:25:27 AM org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart Jan 24, 2014 9:25:27 AM org.apache.catalina.core.StandardContext start SEVERE: Context [/rbacx] startup failed due to previous errors ^ This is the important bit. If you look in your log files you should see more detailed errors including stack traces. They will tell you what is going wrong. HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: using log4j in a webapp using embedded tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 1/25/14, 2:32 PM, John Cartwright - NOAA Federal wrote: I have a simple program which uses embedded-tomcat (7.0.50) to host a WAR file. The webapp is using log4j and logs correctly when run inside a standard tomcat container. However, when hosted by the embedded-tomcat, the log4j configuration does not appear to be found. I'm specifying a System property of log4j.configuration, e.g. java -Dlog4j.configuration=/tmp/log4j.properties -jar target/webapp-runner.jar /tmp/quickstart.war Are you running one and only one webapp in your Tomcat instance? If not, then the system property will override it for all webapps, which will probably cause confusion (especially if log4j.jar is in the webapp's WEB-INF/lib directory, since log4j will be initialized more than once). I've ensured that the tomcat-embed-logging-log4j dependency is in the class path during execution. Where exactly in the class path? Any ideas on what I'm doing wrong here? How are you initializing log4j itself? In a ServletContextListener or something similar? Do you manually call new PropertyConfiguration() or something like that? If so, why not simply put log4j.properties into WEB-INF/classes and remove the system property? I think that will simplify things and likely work better. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS5rZCAAoJEBzwKT+lPKRYI3wP/0G4vVvkLLhTOcnMR8gfKN43 whW3Y8tAxOYIHQa44b6jKyjYR4Vt/Or8ekse/JmOoEXIGljQ+4jSe8kCZwVmkCAx OUkSCJPmgUDX9Qyy3ePETFepY+g1QHoM57GHYtUhMk+3nuqtGFQ3eGaMWNlTjBeA DVqQKSNGdm7o69fejvUomJrmFeKM3pSsh+YEJlMOsh5WICxXsHKVlpJjNfZxB3GK Y9dTV+/gFGuWKCmdqGhDm+VyrffV7ooymDHbZWYkm+3LVPQL1qolLWiACmmUaare YgGwTFUpvr9iyGAsxhHtsJc9GU/IukcnRMB+ahUfVwSRRI1jpTv1ywNmlbo5uZw8 Ncw9Bi75psUwyIrgYlgVHN9fT1rxd/pyhtLs2Ff6Td/KVIcHkkSXAZimp3MhJ6rg kaNzswEHvKps8ilXZgNKlHe+3+IY+sSIn8tvL9MAIpd3EqjXXAOPUnjbO2Q/2NcO UEwwdW0eQNCV4KmhSqDDKVxtAAhcFMveU2+KboogeJ34oRPIQVlvwlV0bIZvmKCy SZCTnQDQNhmgUE7qoWB5dNehD6wVWYXprFgxuAjSoMZbtXI8uf6M7FEol7A0v6Us DcaxDmAjRY1TdrkgHuxi8GwbL9/WoIWWXN/S1dckbHnALvfmUfIUSRaqJ3GVCihP xTjC/+hsOS0bvndRNbDB =rWJL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JAVA_OPTS vs CATALINA_OPTS
On Mon, Jan 27, 2014 at 10:58 AM, Арсений Зинченко setev...@gmail.comwrote: Set JAVA_OPTS as system variable (for all other applications); and create setenv.bat in /bin/ directory with CATALINA_OPTS whith Xmx/Xms for Tomcat? Will it be more correctly than set CATALINA_OPTS as System variable? Or - by the way, in setevn.bat must be used JAVA_OPTS too? Others already pointed out, here are few more details: - use bin/setenv.bat(.sh) for customizing tomcat options (CATALINA_OPTS preferably, since JAVA_OPTS will be used for both startup and shutdown of tomcat, CATALINA_OPTS is used only for startup of tomcat) - setting up JAVA_OPTS as a system-wide setting will apply to ALL Java programs running on that box, and you would only want to set things in JAVA_OPTS for settings that you truly want to be set for EVERY Java program (e.g. -Djava.net.preferIPv4Stack=true) - the best would be that each Java application manages its own Xmx and Xms settings from their startup scripts (those other Java apps you were referring to) - so you are not forcing down someone's throat what JAVA_OPTS they would use ... Good luck! n.