date:20140127

Hi all,
I'm fairly new to Tomcat and to this mailing list, so apologies in
advance if not being clear in explaining my problem.

I'm tasked with the implementation of JAAS for a web application by
leveraging the existing LDAP server (MSAD) present at our company.

The first problem I faced was due to the fact that the bundled
LDAPplugin doesn't support authentication so I needed a enhanced one.
I read that the Geronimo's LDAPLoginModule can be of help and I
decided to follow that path.
- I downloaded the Geronimo's zip file,   [1]
- I extracted the LDAPplugin jar file [2] and copied inside Tomcat's
lib directory
- I configured the jaas.config file [3] and configured it in the
Tomcat startup command line [4]
- I modified the server.xml by defining the Realm [5]
- I modified my test application by requiring BASIC authentication for
the dummy protected resource [6]

I know that the jaas.config file comes read because at first I had
syntax problems reported in catalina.err and now fixed.

Now I can access the application by having a popup asking me to bind,
BUT the application doesn't permit me to access (it asks me to
authenticate again).
With tcpdump I can see that the tcp connection to the LDAP server is
not even tried
However, I can't see any error in catalina.out or catalina.err.

Could you tell me if, in your opinion, I have done something wrong?
What would you suggest to do in order to at least augment the
possibility to see the error logged?

Thanks in advance
Marco






[1] geronimo-tomcat7-javaee6-3.0.1-bin.zip

[2] geronimo-security-3.0.1.jar

[3] This is the (sanitized) content of my jaas.config
GERONIMO {
org.apache.geronimo.security.realm.providers.LDAPLoginModule REQUIRED
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL=ldap://test.com:389;
connectionUsername=uid=test,ou=mycompany,dc=test,dc=com
connectionPassword=test
connectionProtocol=
authentication=simple
userBase=ou=employee,dc=test,dc=com
userSearchMatching=uid={0}
userSearchSubtree=true
roleBase=ou=groups,dc=test,dc=com
roleName=cn
roleSearchMatching=(member={0})
roleSearchSubtree=true
userRoleName=member;
};

[4]  -Djava.security.auth.login.config==/opt/tomcat/conf/jaas.config

[5] This is the line I added inside Engine
Realm className=org.apache.catalina.realm.JAASRealm
appName=testPrincipals debug=9/

[6]
?xml version=1.0 encoding=UTF-8?
web-app xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xmlns=http://java.sun.com/xml/ns/javaee;
xsi:schemaLocation=http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; id=WebApp_ID
version=2.5
  display-nametestPrincipals/display-name
  welcome-file-list
welcome-fileindex.html/welcome-file
welcome-fileindex.htm/welcome-file
welcome-fileindex.jsp/welcome-file
welcome-filedefault.html/welcome-file
welcome-filedefault.htm/welcome-file
welcome-filedefault.jsp/welcome-file
  /welcome-file-list
  security-constraint
display-nameAdminConstraint/display-name
web-resource-collection
  web-resource-nameAdmin/web-resource-name
  descriptionOnly for administrators/description
  url-pattern/*/url-pattern
  http-methodGET/http-method
  http-methodPOST/http-method
/web-resource-collection
auth-constraint
  description/
  role-nameMy_LDAP_Group/role-name
/auth-constraint
  /security-constraint
  login-config
auth-methodBASIC/auth-method
realm-nameGERONIMO/realm-name
  /login-config
  security-role
descriptionAdministrators/description
role-nameMy_LDAP_Group/role-name
  /security-role
/web-app

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Implementing JAAS with Geronimo LDAPPlugin

2014-01-27 Thread Mark Thomas

On 27/01/2014 09:43, Marco Pizzoli wrote:
 Hi all,
 I'm fairly new to Tomcat and to this mailing list, so apologies in
 advance if not being clear in explaining my problem.
 
 I'm tasked with the implementation of JAAS for a web application by
 leveraging the existing LDAP server (MSAD) present at our company.

Do you have to use JAAS? If you used the JNDI Realm you could take
advantage of SPNEGO support.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Implementing JAAS with Geronimo LDAPPlugin

Hi Mark,
Thanks for your reply.

Yes I expressly need JAAS. This is a requirement coming from the
provider of an external software vendor. It leverages principals.

Marco


On Mon, Jan 27, 2014 at 10:47 AM, Mark Thomas ma...@apache.org wrote:
 On 27/01/2014 09:43, Marco Pizzoli wrote:
 Hi all,
 I'm fairly new to Tomcat and to this mailing list, so apologies in
 advance if not being clear in explaining my problem.

 I'm tasked with the implementation of JAAS for a web application by
 leveraging the existing LDAP server (MSAD) present at our company.

 Do you have to use JAAS? If you used the JNDI Realm you could take
 advantage of SPNEGO support.

 Mark


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Implementing JAAS with Geronimo LDAPPlugin

2014-01-27 Thread André Warnier

On this list, please do not top-post. Read the list rules.
Reply below the question, it is easier for everyone to figure out what you are responding
to. See below.

On Mon, Jan 27, 2014 at 10:47 AM, Mark Thomas ma...@apache.org wrote:

On 27/01/2014 09:43, Marco Pizzoli wrote:

Hi all,
I'm fairly new to Tomcat and to this mailing list, so apologies in
advance if not being clear in explaining my problem.

I'm tasked with the implementation of JAAS for a web application by
leveraging the existing LDAP server (MSAD) present at our company.

Do you have to use JAAS? If you used the JNDI Realm you could take
advantage of SPNEGO support.

Marco Pizzoli wrote:
Hi Mark,
Thanks for your reply.

Yes I expressly need JAAS. This is a requirement coming from the
provider of an external software vendor. It leverages principals.

For info :

Quite apart from which solution you are using, there are a number of reasons why a
Windows-domain like authentication may not be working.
- the workstation has to be in the domain (seems evident, but for example that it will not
work if the workstation accesses this server from the Internet; in some VPN cases, it may
also not work)
- the Tomcat server itself has to be recognised as being a member of the same Domain, or a
trusted Domain

- Windows on the workstation must consider the Tomcat server as at least a
trusted host
- the browser used may also have restrictions as to what host it will even attempt to do a
WIA authentication with. (WIA = Windows Integrated Authentication)

In other words : even if the add-on modules server-side should work and even if your
configuration server-side seems to be ok, there might be workstation-side reasons why this
is not working, and you must make sure that these possible reasons are also eliminated.
If the brower, for whatever reason, is not even trying a WIA, then the server side will
not show any attempt to do the corresponding authentication.

Which seems to be your case, as you describe it.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Implementing JAAS with Geronimo LDAPPlugin

On Mon, Jan 27, 2014 at 1:20 PM, André Warnier a...@ice-sa.com wrote:
 On this list, please do not top-post.  Read the list rules.
 Reply below the question, it is easier for everyone to figure out what you
 are responding to. See below.



 On Mon, Jan 27, 2014 at 10:47 AM, Mark Thomas ma...@apache.org wrote:

 On 27/01/2014 09:43, Marco Pizzoli wrote:

 Hi all,
 I'm fairly new to Tomcat and to this mailing list, so apologies in
 advance if not being clear in explaining my problem.

 I'm tasked with the implementation of JAAS for a web application by
 leveraging the existing LDAP server (MSAD) present at our company.

 Do you have to use JAAS? If you used the JNDI Realm you could take
 advantage of SPNEGO support.

 Marco Pizzoli wrote:
 Hi Mark,
 Thanks for your reply.

 Yes I expressly need JAAS. This is a requirement coming from the
 provider of an external software vendor. It leverages principals.


 For info :

 Quite apart from which solution you are using, there are a number of reasons
 why a Windows-domain like authentication may not be working.
 - the workstation has to be in the domain (seems evident, but for example
 that it will not work if the workstation accesses this server from the
 Internet; in some VPN cases, it may also not work)
 - the Tomcat server itself has to be recognised as being a member of the
 same Domain, or a trusted Domain
 - Windows on the workstation must consider the Tomcat server as at least a
 trusted host
 - the browser used may also have restrictions as to what host it will even
 attempt to do a WIA authentication with.  (WIA = Windows Integrated
 Authentication)

 In other words : even if the add-on modules server-side should work and even
 if your configuration server-side seems to be ok, there might be
 workstation-side reasons why this is not working, and you must make sure
 that these possible reasons are also eliminated. If the brower, for whatever
 reason, is not even trying a WIA, then the server side will not show any
 attempt to do the corresponding authentication.
 Which seems to be your case, as you describe it.


Hi Andre',
you're right. Sorry for having top-posted.

Coming to your answer, I never talked about WIA (Windows Integrated
Authentication) but just LDAP.
I'm just interested in learning how to integrate Tomcat with LDAP by
leveraging the JAAS framework.
My MSAD is being used, in this context at least, as a pure LDAP directory.
I'm not interested in leveraging any workstation-side authentication
(kerberos/spnego/etc..).

Thanks for having answered
Marco

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JAVA_OPTS vs CATALINA_OPTS

Hi, Dan. Thanks for replay.

he JVM is only going to accept one value for Xmx and Xms. Specifying the
same options in JAVA_OPTS and CATALINA_OPTS would just be confusing.

As I says before - we have few Java-application on same machine. So - for
them needs to set Xmx 1G, but for Tomcat - 4G.

Don’t set these as system variables. You’d want to define them in
setenv.bat
Again, don’t set system variables for these. There’s no reason to set
them system wide.

Same reason - few Java-applications wich all need same Java_opts (exclude
Tomcat).

Since you’re on Windows, you’re probably running as a service and that’s
going to be a bit different

No, Tomcat started via command line (rather - from .bat script wich call
%catalina_home%/bin/startup.bat).

2014/1/27 Daniel Mikusa dmik...@gopivotal.com

On Jan 27, 2014, at 9:21 AM, Арсений Зинченко setev...@gmail.com wrote:

Hi.

I'm sorry for so kindly question - but needs experts advice...

We have a little dispute with my colleague about using this variables.

So: have Windows-box machine. On it - runing few different
Java-application, including Tomcat.

Needs to set memory for Tomcat other, than for all other
Java-applications.

My proposal is set to System variables:

JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M
CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M”

Don’t set these as system variables. You’d want to define them in
setenv.bat if you’re running from the command prompt or with the Windows
Service utility (either [1] or [2]), if you’re running as a service.

But, as he asserts - this is not correct way:

- CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc;

There are no restrictions to what you can set in CATALINA_OPTS. You could
put your memory setting there if you wanted. Having said that, if you’re
running as a Windows service then you wouldn’t. You'd set your heap memory
settings through the service wrapper (either [1] or [2]).

If you’re running from the console (not likely) or on Linux / Unix then
you’d set your heap settings in the setenv.sh|bat script. Again, you could
put memory settings in CATALINA_OPTS or in JAVA_OPTS. Setting them in
CATALINA_OPTS is generally a better choice though because settings in
CATALINA_OPTS are only applied when Tomcat is started. If you set them in
JAVA_OPTS then they’ll be applied when you start and stop the instance,
something you probably don’t want for your heap settings.

- Java Garbage collector will work differently because JAVA_OPTS have
another opts for memory then CATALINA_OPTS, so - this will worse Tomcat
performance;

I’m not sure I follow your logic here. The JVM is only going to accept
one value for Xmx and Xms. Specifying the same options in JAVA_OPTS and
CATALINA_OPTS would just be confusing.

- and so on

His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat
startup script (not as system variable at all).

Again, don’t set system variables for these. There’s no reason to set
them system wide.

So, my question is: is it correct to set memory limits for Tomcat via
CATALINA_OPTS variable?

Generally, but it depends on how you are starting Tomcat. Since you’re on
Windows, you’re probably running as a service and that’s going to be a bit
different. See above comments.

If in system also present JAVA_OPTS - will it have influence on to
Tomcat's performance?

I think I answered this above. If it’s not clear, let me know.

Thanks.

Dan

[1] -
http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Command_line_parameters
[2] -
http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Tomcat7w_monitor_application

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Out of memory exception - top posting

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Nick,

On 1/25/14, 11:12 AM, Nick Williams wrote:
 
 On Jan 24, 2014, at 12:05 PM, Christopher Schultz wrote:
 
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
 
 Mark,
 
 On 1/24/14, 10:18 AM, Mark H. Wood wrote:
 On Thu, Jan 23, 2014 at 09:24:41PM -0500, Howard W. Smith, Jr. 
 wrote:
 On Thu, Jan 23, 2014 at 2:08 PM, André Warnier
 a...@ice-sa.com wrote:
 Either people don't read the rules, or they do not
 understand the rule, or they just ignore it.
 
 I agree. As a tomcat/tomee user, I joined the list,
 primarily, to listen in on topics (that interest me), so I
 learned, very quickly, that top-posting is not preferred,
 here.
 
 snip /
 
 My biggest problem is that the Apache projects aren't all
 consistent. I'm a contributor to several (including a committer for
 Logging). Some use only top-posting and discourage bottom-posting.
 Others (Tomcat) use only bottom-posting and discourage top-posting.
 It's very frustrating and makes switching between project lists
 error-prone.

I understand. My perspective is that the ASF is not one single
community, but a collection of communities. Each project has its own
community that is free to choose their mailing list policies,
revision-control system (kind of), etc.

Not all ASF projects use the same programming language(s),
documentation strategies, etc. Singling-out mailing lists is kind of
cherry-picking. One could complain about quite a few things. Again, it
goes back to the community and what the general preferences are.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS5n3oAAoJEBzwKT+lPKRYHSEQAMDfKyNHXuFISRmTO0r2i1YI
ljNldMkJGMb0D1EajCqfetzpSGG3X0XLOBmz4xRKzGYm4tbuzY1nvVy2e9vRqL2k
N0rjcajMEvUf4kj+yDHF6ibk1Rqo6TVGcAmfM2gnsdj7Uu0dI/d77ayEeMI9DdhE
xZB5EBbdaCU6Lm6duS88ZzYkNXUsIvxHh1C8MxiTsUGqBZkdd1ERCBHziGPBcuj3
2kVyxuqsZ/pLqasfMSM6fjcHF4ph7wfejidbqHDyn+3Uco4H8y63sljs5rHNPgQn
p773IO+GBhjSjQ8QDv443qMZlItdCSQFyLCMUryrwtMoIjgnVnFxaOfPh9sI1e39
mlS/xZpMc/heCeuIV6fMauft+Zmoq34Z6PkBGZnd0tvmuDZ4B9U3opz8+9UOsjsC
fJKGvaAJ9zlC3ne/PMyNGJ2LK2eDP7hN6+fhHU2LY2po1wwcwltjvfH86KePuA+K
yXjVQmvd2u12fJofn0xnPgDTx/JYCok7r0LTt/d5nBA9OgkuXVlER7uGiAo8Ny1Y
HYsWBb2y68hlCk2LgHsh4py8U3DQZRYpS/bKNKqgRPYDikI4CEQGDyMEsAQZbTjy
PmjhiofvkGdAwvWcxVH1wAhe00fY7UGOi8v7KYs2PYEJq2WR3mXCOLaWWXbPODEn
75Z18Bzq0HlJfd3c+z3S
=TWSF
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JAVA_OPTS vs CATALINA_OPTS

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Арсений,

On 1/27/14, 9:21 AM, Арсений Зинченко wrote:
 We have a little dispute with my colleague about using this
 variables.
 
 So: have Windows-box machine. On it - runing few different 
 Java-application, including Tomcat.
 
 Needs to set memory for Tomcat other, than for all other
 Java-applications.
 
 My proposal is set to System variables:
 
 JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS
 -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M
 
 But, as he asserts - this is not correct way:
 
 
 - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms
 etc; - Java Garbage collector will work differently because
 JAVA_OPTS have another opts for memory then CATALINA_OPTS, so -
 this will worse Tomcat performance; - and so on

Tomcat runs Java roughly in this way:

$JAVA_HOME/bin/java $JAVA_OPTS $CATALINA_OPTS  \
 org.apache.catalina.startup.Bootstrap

If you have these options configured using both environment variables,
then CATALINA_OPTS (the later one) will win because that's how the JVM
parses arguments: the last one on the command-line wins. So, it's
perfectly safe to do what you have described above.

On the other hand, note that since JAVA_OPTS specifies 0.5GiB of heap
space for when you are /not/ launching Tomcat, then running
bin\shutdown.bat will pre-allocate 0.5GiB of heap space just to send
the shutdown command to a running Tomcat instance, and then
terminate. It's kind of a waste.

I totally agree with Dan's comments about how using system
variables: just use bin/setenv.bat and keep everything locally.

 His suggestion is to set JAVA_OPTS with memory limits exactly to
 Tomcat startup script (not as system variable at all).

+1

 So, my question is: is it correct to set memory limits for Tomcat
 via CATALINA_OPTS variable? If in system also present JAVA_OPTS -
 will it have influence on to Tomcat's perfarmance?

See above.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS5n9ZAAoJEBzwKT+lPKRYXJAQAIoI/6t21bVVHXGH+KZDVOvy
e+YsyWJRdRtFCDCIc+Y3YtY+8q+uDQRyqBQyJLNgdmkNEdbrGf1a/n74Mg4bNilA
GxOi7D75tiMni3T4rz4nUc5nyTnCOBNYuitrpjZMWfvd/ajHdSAEWuivGa87A/oL
C7Y4Bu6KB+2dwNifOwYWPzRq9yl+25G7SBo+URH8HMTHVEBVrDYflTudX0q9D4XI
XK5CNTiOQvfKgu/3HCjcZSq75LspTIC0Kw9P+GRX9PoJJCvAlF3TQgLghJ9S3YOT
l0n3A5UE2cZycUv3NEJrdoerWbYsbDexq47eeQ2CMVoHeTBBFDAZK4uR7EneFsea
89WI39tNT0+jrScFQ7eKCv72yxUb05gunOnWMHe23vx10BXVT2at8jvgSlJs2SSy
co2B9PrNqwZRZtzZCS38A5DmXts9KlEFnc7bd5Fu4ME4jEs/sODd8+CXc9Fpsmee
68v2w0avaAKjngvirhMq+X12t+NZSIK5TTsz9XA36AGEnDEAgWZUNQ/6GSG2oA2F
tiQzIKkl/MTl8ZEYbI0ZydQgsdhbdvcQ+51dRsqlk1wj+Rlp9d3rOnUgtHn0w4xO
wUid16DjQyCKiqBw+2ATpf6bK1m/cCKQxbkBmfMUXa4wR9Hok3M0fCwsJrHOt74T
1k9HFMAfUZSNelfdCvsC
=M2Q+
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JAVA_OPTS vs CATALINA_OPTS

2014-01-27 Thread Daniel Mikusa

On Jan 27, 2014, at 10:36 AM, Арсений Зинченко setev...@gmail.com wrote:

Hi, Dan. Thanks for replay.

he JVM is only going to accept one value for Xmx and Xms. Specifying the
same options in JAVA_OPTS and CATALINA_OPTS would just be confusing.

As I says before - we have few Java-application on same machine. So - for
them needs to set Xmx 1G, but for Tomcat - 4G.

I’m not sure how this is relevant. I understand that you have multiple
applications running, but it doesn’t matter. Each application you run will
have it’s own JVM with it’s own Xmx and Xms settings.

If you set Xmx or Xms twice for one JVM, which is essentially what you’re doing
when you put them in both JAVA_OPTS and CATALINA_OPTS that would just be
confusing. It’s won’t directly cause a problem, the JVM will pick one and
ignore the others, but it’s confusing to someone looking at your configuration.

Don’t set these as system variables. You’d want to define them in
setenv.bat
Again, don’t set system variables for these. There’s no reason to set
them system wide.

Same reason - few Java-applications wich all need same Java_opts (exclude
Tomcat).

This is just my opinion. There’s nothing to prevent you from setting these
values system wide. I would suggest that you don’t though. It’s just going to
be confusing. Set the values in the configuration for each Java application /
Tomcat instance. Then it’s immediately clear which value is being used for
which application.

Since you’re on Windows, you’re probably running as a service and that’s
going to be a bit different

No, Tomcat started via command line (rather - from .bat script wich call
%catalina_home%/bin/startup.bat).

Ok then. You’ll want to create the file bin/setenv.bat for each of your Tomcat
instances. In that file, you can set JAVA_OPTS and / or CATALINA_OPTS. As I
mentioned before, I’d suggest putting your heap options in CATALINA_OPTS.

Dan

2014/1/27 Daniel Mikusa dmik...@gopivotal.com

On Jan 27, 2014, at 9:21 AM, Арсений Зинченко setev...@gmail.com wrote:

Hi.

I'm sorry for so kindly question - but needs experts advice...

We have a little dispute with my colleague about using this variables.

So: have Windows-box machine. On it - runing few different
Java-application, including Tomcat.

Needs to set memory for Tomcat other, than for all other
Java-applications.

My proposal is set to System variables:

JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M
CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M”

But, as he asserts - this is not correct way:

- CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc;

- Java Garbage collector will work differently because JAVA_OPTS have
another opts for memory then CATALINA_OPTS, so - this will worse Tomcat
performance;

I’m not sure I follow your logic here. The JVM is only going to accept
one value for Xmx and Xms. Specifying the same options in JAVA_OPTS and
CATALINA_OPTS would just be confusing.

- and so on

His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat
startup script (not as system variable at all).

Again, don’t set system variables for these. There’s no reason to set
them system wide.

So, my question is: is it correct to set memory limits for Tomcat via
CATALINA_OPTS variable?

Generally, but it depends on how you are starting Tomcat. Since you’re on
Windows, you’re probably running as a service and that’s going to be a bit
different. See above comments.

If in system also present JAVA_OPTS - will it have influence on to
Tomcat's performance?

I think I answered this above. If it’s not clear, let me know.

Thanks.

Dan

[1] -
http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Command_line_parameters
[2] -
http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Tomcat7w_monitor_application

Re: JAVA_OPTS vs CATALINA_OPTS

Thanks, Christopher.

OK, what about next:

Set JAVA_OPTS as system variable (for all other applications); and create
setenv.bat in /bin/ directory with CATALINA_OPTS whith Xmx/Xms for Tomcat?

Will it be more correctly than set CATALINA_OPTS as System variable? Or -
by the way, in setevn.bat must be used JAVA_OPTS too?
https://plus.google.com/u/0/113253806461878935497?prsrc=4


2014/1/27 Christopher Schultz ch...@christopherschultz.net

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Арсений,

 On 1/27/14, 9:21 AM, Арсений Зинченко wrote:
  We have a little dispute with my colleague about using this
  variables.
 
  So: have Windows-box machine. On it - runing few different
  Java-application, including Tomcat.
 
  Needs to set memory for Tomcat other, than for all other
  Java-applications.
 
  My proposal is set to System variables:
 
  JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M CATALINA_OPTS
  -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M
 
  But, as he asserts - this is not correct way:
 
 
  - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms
  etc; - Java Garbage collector will work differently because
  JAVA_OPTS have another opts for memory then CATALINA_OPTS, so -
  this will worse Tomcat performance; - and so on

 Tomcat runs Java roughly in this way:

 $JAVA_HOME/bin/java $JAVA_OPTS $CATALINA_OPTS  \
  org.apache.catalina.startup.Bootstrap

 If you have these options configured using both environment variables,
 then CATALINA_OPTS (the later one) will win because that's how the JVM
 parses arguments: the last one on the command-line wins. So, it's
 perfectly safe to do what you have described above.

 On the other hand, note that since JAVA_OPTS specifies 0.5GiB of heap
 space for when you are /not/ launching Tomcat, then running
 bin\shutdown.bat will pre-allocate 0.5GiB of heap space just to send
 the shutdown command to a running Tomcat instance, and then
 terminate. It's kind of a waste.

 I totally agree with Dan's comments about how using system
 variables: just use bin/setenv.bat and keep everything locally.

  His suggestion is to set JAVA_OPTS with memory limits exactly to
  Tomcat startup script (not as system variable at all).

 +1

  So, my question is: is it correct to set memory limits for Tomcat
  via CATALINA_OPTS variable? If in system also present JAVA_OPTS -
  will it have influence on to Tomcat's perfarmance?

 See above.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJS5n9ZAAoJEBzwKT+lPKRYXJAQAIoI/6t21bVVHXGH+KZDVOvy
 e+YsyWJRdRtFCDCIc+Y3YtY+8q+uDQRyqBQyJLNgdmkNEdbrGf1a/n74Mg4bNilA
 GxOi7D75tiMni3T4rz4nUc5nyTnCOBNYuitrpjZMWfvd/ajHdSAEWuivGa87A/oL
 C7Y4Bu6KB+2dwNifOwYWPzRq9yl+25G7SBo+URH8HMTHVEBVrDYflTudX0q9D4XI
 XK5CNTiOQvfKgu/3HCjcZSq75LspTIC0Kw9P+GRX9PoJJCvAlF3TQgLghJ9S3YOT
 l0n3A5UE2cZycUv3NEJrdoerWbYsbDexq47eeQ2CMVoHeTBBFDAZK4uR7EneFsea
 89WI39tNT0+jrScFQ7eKCv72yxUb05gunOnWMHe23vx10BXVT2at8jvgSlJs2SSy
 co2B9PrNqwZRZtzZCS38A5DmXts9KlEFnc7bd5Fu4ME4jEs/sODd8+CXc9Fpsmee
 68v2w0avaAKjngvirhMq+X12t+NZSIK5TTsz9XA36AGEnDEAgWZUNQ/6GSG2oA2F
 tiQzIKkl/MTl8ZEYbI0ZydQgsdhbdvcQ+51dRsqlk1wj+Rlp9d3rOnUgtHn0w4xO
 wUid16DjQyCKiqBw+2ATpf6bK1m/cCKQxbkBmfMUXa4wR9Hok3M0fCwsJrHOt74T
 1k9HFMAfUZSNelfdCvsC
 =M2Q+
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7 not honoring maxThreads configuration in catalina.properties and activeCount not going beyond 200

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

akshay,

On 1/26/14, 2:04 PM, akshay hiremath wrote:
 
 
 On Friday, January 24, 2014 7:04 PM, Konstantin Kolinko
 knst.koli...@gmail.com wrote:
 
 2014/1/24 akshay hiremath akshay...@yahoo.com:
 Through some trials found that its not enough to increase the
 Executors thread count(maxThreads for Executor element) but also
 need to increase the Connectors thread count(maxThreads for
 Connector element). This behavior is not actually clearly
 captured in tomcat documentation says
 
 
 1. The rules: http://tomcat.apache.org/lists.html#tomcat-users
 
 - 6. do not top-post, 7. do not send attachments
 
 2. Are you sure that you are actually using an Executor?
 
 In your original port there is no guarantee that the executor 
 attribute of your Connector matches the name of an Executor that
 you declared.  If the Executor does not exist, the attribute will
 be ignored.
 
 
 -

 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 1. The rules: http://tomcat.apache.org/lists.html#tomcat-users
 
 - 6. do not top-post, 7. do not send attachments
 
 Sorry about Top posting. i didn't know about  top post issue. Now
 I'm taking care of this.
 
 
 In your original port there is no guarantee that the executor 
 attribute of your Connector matches the name of an Executor that
 you declared.  If the Executor does not exist, the attribute will
 be ignored.
 
 I'm using the Executor in the connector. In case if you have missed
 my original post portions because of my wrong top posting.
 
 server.xml content:
 
 Executor name=tomcatThreadPool 
 namePrefix=${server.service-Catalina.executor-tomcatThreadPool.namePrefix}

 
maxThreads=${server.service-Catalina.executor-tomcatThreadPool.maxThreads}
 minSpareThreads=${server.service-Catalina.executor-tomcatThreadPool.minSpareThreads}/

Executor's
 
name: tomcatThreadPool

 Connector
 executor=${server.service-Catalina.connector.http1.1.executor}

Executor reference:
${server.service-Catalina.connector.http1.1.executor}. Depending
upon the value of all that mess, you might not have the right executor
name.

How about showing us the segment of the server.xml that actually gets
used by Tomcat, instead of the ant-processed template file?

 server.service-Catalina.connector.http1.1.executor=tomcatThreadPool

Are
 
you sure?

Try connecting with JMX and taking a look at the connector's executor
name.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS5oJvAAoJEBzwKT+lPKRYjPoP/1zfNtlQ0hgFDcl1mZ2eq+Jj
tqTKF/MsRBAOy+FA/eLp8KOaJpS/JpcjVmf7tXdIykeTCREcIgDUYWVgieOL+Imv
/FhQ2T+upqX0fAzleB3m/WKRMZnH6n9nmL/UpUr/6++L+d+IsCz4KqXSXazgOGIl
vJF9dVW+YcKh8bd43BYSjR/Sj54ucysNjr/OzJipjJFmVuIBa1djR+uCO+732r8A
PQCplEVzGCLDOhZepMc3mBXgBk5fAmTMm4QtCqAP3b2/BSwmi28vvR0Vom2rfnEF
OZXUuyZm++tMPSSRzsLUaCADC9+Dt+qyFvQ2IL7jGmxBrjSBY4jz1QZ8APpG1Kh7
CQXoPyXbJ/iKx/qFvZLscmcnGQZfK4h++lSZNy3Zx8qhD7BgbwKxQRC+c1BzXhgC
SLIeijO+wvcDVipUCYzki5zWDtVgdyGfEDOZ8MhOqrD6VA4hLONVcX4HkQXjqsjB
eB4KWpNJ3+q/rO6nCm8FqReXuawr6y6G9S10ZRrcF+eZj9cbn18G8JcHlE3rhwxh
3UoJDIUfPwyV+0jDc9aAacnzVdn1bQPbxvMxD3bAWFGOLDiQe+fZtEQKnAQnVmUz
1yY/3SWRLfqDZ47BKdMTZ/3rwfh8MZ6US+fBatZTU3AkvQk2k4WYvA4/BxwaoLXo
2V2+2DzR85y3gl0Jqu0W
=Eo47
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Implementing JAAS with Geronimo LDAPPlugin

2014-01-27 Thread Konstantin Kolinko

2014-01-27 Marco Pizzoli marco.pizz...@gmail.com:
 Hi all,
 I'm fairly new to Tomcat and to this mailing list, so apologies in
 advance if not being clear in explaining my problem.

 I'm tasked with the implementation of JAAS for a web application by
 leveraging the existing LDAP server (MSAD) present at our company.

 (...)
 - I modified the server.xml by defining the Realm [5]
 (...)
 [5] This is the line I added inside Engine
 Realm className=org.apache.catalina.realm.JAASRealm
 appName=testPrincipals debug=9/

1. Beware that only one Realm is allowed in an Engine.

There is one defined there by default. You should have replaced it,
not added a new one.

http://svn.apache.org/viewvc?view=revisionrevision=1556784

2. If you want to run with a debugger
https://wiki.apache.org/tomcat/FAQ/Developing#Debugging

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JAVA_OPTS vs CATALINA_OPTS

2014-01-27 Thread Daniel Mikusa

On Jan 27, 2014, at 9:21 AM, Арсений Зинченко setev...@gmail.com wrote:

Hi.

I'm sorry for so kindly question - but needs experts advice...

We have a little dispute with my colleague about using this variables.

So: have Windows-box machine. On it - runing few different
Java-application, including Tomcat.

Needs to set memory for Tomcat other, than for all other Java-applications.

My proposal is set to System variables:

JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M
CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M”

Don’t set these as system variables. You’d want to define them in setenv.bat
if you’re running from the command prompt or with the Windows Service utility
(either [1] or [2]), if you’re running as a service.

But, as he asserts - this is not correct way:

- CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc;

There are no restrictions to what you can set in CATALINA_OPTS. You could put
your memory setting there if you wanted. Having said that, if you’re running
as a Windows service then you wouldn’t. You'd set your heap memory settings
through the service wrapper (either [1] or [2]).

If you’re running from the console (not likely) or on Linux / Unix then you’d
set your heap settings in the setenv.sh|bat script. Again, you could put
memory settings in CATALINA_OPTS or in JAVA_OPTS. Setting them in
CATALINA_OPTS is generally a better choice though because settings in
CATALINA_OPTS are only applied when Tomcat is started. If you set them in
JAVA_OPTS then they’ll be applied when you start and stop the instance,
something you probably don’t want for your heap settings.

- Java Garbage collector will work differently because JAVA_OPTS have
another opts for memory then CATALINA_OPTS, so - this will worse Tomcat
performance;

I’m not sure I follow your logic here. The JVM is only going to accept one
value for Xmx and Xms. Specifying the same options in JAVA_OPTS and
CATALINA_OPTS would just be confusing.

- and so on

His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat
startup script (not as system variable at all).

Again, don’t set system variables for these. There’s no reason to set them
system wide.

So, my question is: is it correct to set memory limits for Tomcat via
CATALINA_OPTS variable?

Generally, but it depends on how you are starting Tomcat. Since you’re on
Windows, you’re probably running as a service and that’s going to be a bit
different. See above comments.

If in system also present JAVA_OPTS - will it have influence on to Tomcat's
performance?

I think I answered this above. If it’s not clear, let me know.

Thanks.

Dan

[1] -
http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Command_line_parameters
[2] -
http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html#Tomcat7w_monitor_application

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

JAVA_OPTS vs CATALINA_OPTS

Hi.

I'm sorry for so kindly question - but needs experts advice...

We have a little dispute with my colleague about using this variables.

So: have Windows-box machine. On it - runing few different
Java-application, including Tomcat.

Needs to set memory for Tomcat other, than for all other Java-applications.

My proposal is set to System variables:

JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M
CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M

But, as he asserts - this is not correct way:


   - CATALINA_OPTS must NOT contain memory limits like Xmx, Xms etc;
   - Java Garbage collector will work differently because JAVA_OPTS have
   another opts for memory then CATALINA_OPTS, so - this will worse Tomcat
   performance;
   - and so on

His suggestion is to set JAVA_OPTS with memory limits exactly to Tomcat
startup script (not as system variable at all).

So, my question is: is it correct to set memory limits for Tomcat via
CATALINA_OPTS variable? If in system also present JAVA_OPTS - will it
have influence
on to Tomcat's perfarmance?

Thanks.

Re: JAVA_OPTS vs CATALINA_OPTS

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Арсений,

On 1/27/14, 10:58 AM, Арсений Зинченко wrote:
 Thanks, Christopher.
 
 OK, what about next:
 
 Set JAVA_OPTS as system variable (for all other applications); and
 create setenv.bat in /bin/ directory with CATALINA_OPTS whith
 Xmx/Xms for Tomcat?
 
 Will it be more correctly than set CATALINA_OPTS as System
 variable? Or - by the way, in setevn.bat must be used JAVA_OPTS
 too? https://plus.google.com/u/0/113253806461878935497?prsrc=4
 
 
 2014/1/27 Christopher Schultz ch...@christopherschultz.net
 
 Арсений,
 
 On 1/27/14, 9:21 AM, Арсений Зинченко wrote:
 We have a little dispute with my colleague about using this 
 variables.
 
 So: have Windows-box machine. On it - runing few different 
 Java-application, including Tomcat.
 
 Needs to set memory for Tomcat other, than for all other 
 Java-applications.
 
 My proposal is set to System variables:
 
 JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M
 CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M
 
 But, as he asserts - this is not correct way:
 
 
 - CATALINA_OPTS must NOT contain memory limits like Xmx,
 Xms etc; - Java Garbage collector will work differently
 because JAVA_OPTS have another opts for memory then
 CATALINA_OPTS, so - this will worse Tomcat performance; - and
 so on
 
 Tomcat runs Java roughly in this way:
 
 $JAVA_HOME/bin/java $JAVA_OPTS $CATALINA_OPTS  \ 
 org.apache.catalina.startup.Bootstrap
 
 If you have these options configured using both environment
 variables, then CATALINA_OPTS (the later one) will win because
 that's how the JVM parses arguments: the last one on the
 command-line wins. So, it's perfectly safe to do what you have
 described above.
 
 On the other hand, note that since JAVA_OPTS specifies 0.5GiB of
 heap space for when you are /not/ launching Tomcat, then running 
 bin\shutdown.bat will pre-allocate 0.5GiB of heap space just to
 send the shutdown command to a running Tomcat instance, and then 
 terminate. It's kind of a waste.
 
 I totally agree with Dan's comments about how using system 
 variables: just use bin/setenv.bat and keep everything locally.
 
 His suggestion is to set JAVA_OPTS with memory limits exactly
 to Tomcat startup script (not as system variable at all).
 
 +1
 
 So, my question is: is it correct to set memory limits for
 Tomcat via CATALINA_OPTS variable? If in system also present
 JAVA_OPTS - will it have influence on to Tomcat's
 perfarmance?
 
 See above.
 
 -chris

I would always recommend that you use bin/setenv.sh (or
bin\setenv.bat) because you can then set the value differently for
each Tomcat instance that you have. This becomes an issue if you have
many different Tomcat instances, which I tend to do.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS5oLSAAoJEBzwKT+lPKRY8BMP/06E75p4L2fx75ekKgyVFuVX
vM/tBcP3ulHlEVHAzcTl+gNui4Px0hjRRdKBxU9in/gSRSsD2xkJJa5eXF0EvSn1
e9BNiVY78JZITSu1wBar0YmIf11EJEtGhhtj/fSkJUxIMhp9YYpM1s9CrxckkIef
WFQZOnLVdWUq2xxkPiY8AbK7h5zDgo+riBd4HcSC6ymPT0oYCldGIZki7nZ8lxMb
G3i52aTCiuaOlKYBhdKBsfDdkFJvqF+zZEXdsw+FKP+mKZvpEt5Fn1cWSTX7FXxS
mWApl7J8FZW+zwX734qUw3ThLIbY2RCwT78VPkPcHK9rbWcKbI4UQ1WIGZeL5U+K
IqX1MOIJ+dVCJ7rgvtjYWYlfDoovYqfJ6vCoPU5I3Xh0CMzGaKMZY/QZ+gFUXtdu
0ym/DQJB13cgjWbOi4YFeL8jNRjgui2UkdtThOzfSzL4eY3C+L5Ca0bb/ExReWTb
X05q1RVeTB6rTScTYiPCNMKfZ7S2JnXcoXgEeHpKoGo8EPClKLGlLRmFplk/U4Do
ZdCLLjCavrkEVg6pUEf7UZDJ/qH/VDC0nyNnqJJQHRhjUBh/bMR1yjrzNOnkLOeV
x0BMEHK8ND76EZ0L5+bwZlAQxvCqjQ/vH1IBmrUsjS60rgMyocJB//UDIZOEOAiq
9MXTB+fLRv2ziADmiWJ1
=QPaR
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JAVA_OPTS vs CATALINA_OPTS

OK, thanks - I'll do it from now (really - never used this file before,
just now found reference to it in catalina.bat) . But - last question,
please: in setenv.bat - must be used CATALINA_OPTS or JAVA_OPTS?


2014/1/27 Christopher Schultz ch...@christopherschultz.net

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Арсений,

 On 1/27/14, 10:58 AM, Арсений Зинченко wrote:
  Thanks, Christopher.
 
  OK, what about next:
 
  Set JAVA_OPTS as system variable (for all other applications); and
  create setenv.bat in /bin/ directory with CATALINA_OPTS whith
  Xmx/Xms for Tomcat?
 
  Will it be more correctly than set CATALINA_OPTS as System
  variable? Or - by the way, in setevn.bat must be used JAVA_OPTS
  too? https://plus.google.com/u/0/113253806461878935497?prsrc=4
 
 
  2014/1/27 Christopher Schultz ch...@christopherschultz.net
 
  Арсений,
 
  On 1/27/14, 9:21 AM, Арсений Зинченко wrote:
  We have a little dispute with my colleague about using this
  variables.
 
  So: have Windows-box machine. On it - runing few different
  Java-application, including Tomcat.
 
  Needs to set memory for Tomcat other, than for all other
  Java-applications.
 
  My proposal is set to System variables:
 
  JAVA_OPTS -Xmx1024M -Xms512M -XX:MaxPermSize512M
  CATALINA_OPTS -Xmx4096M -Xms2048M -XX:MaxPermSize=1024M
 
  But, as he asserts - this is not correct way:
 
 
  - CATALINA_OPTS must NOT contain memory limits like Xmx,
  Xms etc; - Java Garbage collector will work differently
  because JAVA_OPTS have another opts for memory then
  CATALINA_OPTS, so - this will worse Tomcat performance; - and
  so on
 
  Tomcat runs Java roughly in this way:
 
  $JAVA_HOME/bin/java $JAVA_OPTS $CATALINA_OPTS  \
  org.apache.catalina.startup.Bootstrap
 
  If you have these options configured using both environment
  variables, then CATALINA_OPTS (the later one) will win because
  that's how the JVM parses arguments: the last one on the
  command-line wins. So, it's perfectly safe to do what you have
  described above.
 
  On the other hand, note that since JAVA_OPTS specifies 0.5GiB of
  heap space for when you are /not/ launching Tomcat, then running
  bin\shutdown.bat will pre-allocate 0.5GiB of heap space just to
  send the shutdown command to a running Tomcat instance, and then
  terminate. It's kind of a waste.
 
  I totally agree with Dan's comments about how using system
  variables: just use bin/setenv.bat and keep everything locally.
 
  His suggestion is to set JAVA_OPTS with memory limits exactly
  to Tomcat startup script (not as system variable at all).
 
  +1
 
  So, my question is: is it correct to set memory limits for
  Tomcat via CATALINA_OPTS variable? If in system also present
  JAVA_OPTS - will it have influence on to Tomcat's
  perfarmance?
 
  See above.
 
  -chris

 I would always recommend that you use bin/setenv.sh (or
 bin\setenv.bat) because you can then set the value differently for
 each Tomcat instance that you have. This becomes an issue if you have
 many different Tomcat instances, which I tend to do.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJS5oLSAAoJEBzwKT+lPKRY8BMP/06E75p4L2fx75ekKgyVFuVX
 vM/tBcP3ulHlEVHAzcTl+gNui4Px0hjRRdKBxU9in/gSRSsD2xkJJa5eXF0EvSn1
 e9BNiVY78JZITSu1wBar0YmIf11EJEtGhhtj/fSkJUxIMhp9YYpM1s9CrxckkIef
 WFQZOnLVdWUq2xxkPiY8AbK7h5zDgo+riBd4HcSC6ymPT0oYCldGIZki7nZ8lxMb
 G3i52aTCiuaOlKYBhdKBsfDdkFJvqF+zZEXdsw+FKP+mKZvpEt5Fn1cWSTX7FXxS
 mWApl7J8FZW+zwX734qUw3ThLIbY2RCwT78VPkPcHK9rbWcKbI4UQ1WIGZeL5U+K
 IqX1MOIJ+dVCJ7rgvtjYWYlfDoovYqfJ6vCoPU5I3Xh0CMzGaKMZY/QZ+gFUXtdu
 0ym/DQJB13cgjWbOi4YFeL8jNRjgui2UkdtThOzfSzL4eY3C+L5Ca0bb/ExReWTb
 X05q1RVeTB6rTScTYiPCNMKfZ7S2JnXcoXgEeHpKoGo8EPClKLGlLRmFplk/U4Do
 ZdCLLjCavrkEVg6pUEf7UZDJ/qH/VDC0nyNnqJJQHRhjUBh/bMR1yjrzNOnkLOeV
 x0BMEHK8ND76EZ0L5+bwZlAQxvCqjQ/vH1IBmrUsjS60rgMyocJB//UDIZOEOAiq
 9MXTB+fLRv2ziADmiWJ1
 =QPaR
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Implementing JAAS with Geronimo LDAPPlugin

On Mon, Jan 27, 2014 at 3:17 PM, Konstantin Kolinko
knst.koli...@gmail.com wrote:
 2014-01-27 Marco Pizzoli marco.pizz...@gmail.com:
 Hi all,
 I'm fairly new to Tomcat and to this mailing list, so apologies in
 advance if not being clear in explaining my problem.

 I'm tasked with the implementation of JAAS for a web application by
 leveraging the existing LDAP server (MSAD) present at our company.

 (...)
 - I modified the server.xml by defining the Realm [5]
 (...)
 [5] This is the line I added inside Engine
 Realm className=org.apache.catalina.realm.JAASRealm
 appName=testPrincipals debug=9/

 1. Beware that only one Realm is allowed in an Engine.

 There is one defined there by default. You should have replaced it,
 not added a new one.

 http://svn.apache.org/viewvc?view=revisionrevision=1556784

 2. If you want to run with a debugger
 https://wiki.apache.org/tomcat/FAQ/Developing#Debugging

 Best regards,
 Konstantin Kolinko

Thanks Konstantin,
now I made one step further, I think.
I defined a context within my application META-INF/context.xml .

Now in catalina.err I am able to see an error:

[cut]
configfile: reading file:/opt/tomcat/conf/jaas.config
configparser:   Reading next config entry: GERONIMO
configparser:
org.apache.geronimo.security.realm.providers.LDAPLoginModule, REQUIRED
configparser:   connectionPassword=password
configparser:   roleBase=DC=mydc
configparser:
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
configparser:   roleName=cn
configparser:   connectionProtocol=SSL
configparser:   roleSearchMatching=member={0}
configparser:   roleSearchSubtree=true
configparser:   userRoleName=memberOf
configparser:   authentication=simple
configparser:   connectionUrl=ldaps://my.server.prod:636
configparser:   userSearchSubtree=true
configparser:
connectionUsername=CN=my_ldap_read,OU=Service Accounts,DC=mydc
configparser:   userBaseDC=mydc=
configparser:   userSearchMatching=sAMAccountName={0}
configfile: overriding other policies!
Jan 27, 2014 5:18:10 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured
for testPrincipals
at javax.security.auth.login.LoginContext.init(LoginContext.java:273)
at javax.security.auth.login.LoginContext.init(LoginContext.java:418)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
at 
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:166)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at 
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at 
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)

Could you help me understanding what I should check?

Thanks in advance again
Marco

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 7 / Java 7

2014-01-27 Thread Singh, Ragini

Hello,

Is Tomcat 7.0.42  compatible with Java 
7?http://stackoverflow.com/questions/9294355/is-tomcat-7-now-compatible-with-java-7
 If yes, do you know if there is something special to migrate an existing 
installation of Tomcat 7/Java 6 to Tomcat 7/Java 7?


-Ragini

Re: Tomcat 7 / Java 7

2014-01-27 Thread Filip Hanik

Yes it is compatible, and no, there is nothing you really need to do except
to test your applications that they work too.


On Mon, Jan 27, 2014 at 9:37 AM, Singh, Ragini rsi...@central.uh.eduwrote:

 Hello,

 Is Tomcat 7.0.42  compatible with Java 7?
 http://stackoverflow.com/questions/9294355/is-tomcat-7-now-compatible-with-java-7
 If yes, do you know if there is something special to migrate an existing
 installation of Tomcat 7/Java 6 to Tomcat 7/Java 7?


 -Ragini

RE: JAVA_OPTS vs CATALINA_OPTS

2014-01-27 Thread Caldarale, Charles R

 From: Арсений Зинченко [mailto:setev...@gmail.com] 
 Subject: Re: JAVA_OPTS vs CATALINA_OPTS

 in setenv.bat - must be used CATALINA_OPTS or JAVA_OPTS?

Dan already explained this:

Again, you could put memory settings in CATALINA_OPTS or in JAVA_OPTS.
Setting them in CATALINA_OPTS is generally a better choice though because 
settings in CATALINA_OPTS are only applied when Tomcat is started.  If 
you set them in JAVA_OPTS then they'll be applied when you start and stop 
the instance, something you probably don't want for your heap settings.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat JDBC Error

2014-01-27 Thread Leo Medina

Good morning Mark,

Can you please elaborate more as to what you meant by: com.mysql.jdbc.Driver
must be present in one of your webapps. I'd expect
it to be in a JAR that has mysql in the name. If you don't need it remove
it. I meant that we don't have a mysql db. in our original integration.
You also mention that it *must* be present, yet if I don't need it to
remove it. Sorry a little confused on that statement, can you please
clarify.

Thanks and kind regards,

Leo

On Fri, Jan 24, 2014 at 10:31 AM, Mark Thomas ma...@apache.org wrote:

On 24/01/2014 18:24, Leo Medina wrote:
It's been a while since I installed tomcat and having some jdbc errors
with
version 6.0.20.

Time to upgrade.

We don't have a mysql.jdbc.driver

com.mysql.jdbc.Driver must be present in one of your webapps. I'd expect
it to be in a JAR that has mysql in the name. If you don't need it
remove it.

and uncertain why its trying to register this.

Registration happens automatically when the app starts (the JVM does
this). The warning you are seeing is about de-registration when the app
stops.

However we do have the oracle.jdbc.driver and the
connections and driver location are accurate, though still having the
following error and cannot crank start the application.

Same as for mysql but obviously no need to remove it.

Those memory leak problems are not what you need to worry about. They
are triggered when Tomcat is trying to shut the app down after it fails
to start. What you need to worry about is why it fails to start.

Output from the catalina.2014-01-24.log
Jan 24, 2014 9:25:22 AM org.apache.catalina.core.AprLifecycleListener
init
INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path:

/apps/jdk1.6.0_16/jre/lib/amd64/server:/apps/jdk1.6.0_16/jre/lib/amd64:/apps/jdk1.6.0_16/jre/../lib/amd64:/usr/java/packages/lib/amd64:/lib:/usr/lib
Jan 24, 2014 9:25:22 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8081
Jan 24, 2014 9:25:22 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1287 ms
Jan 24, 2014 9:25:22 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Jan 24, 2014 9:25:22 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.26
Jan 24, 2014 9:25:22 AM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Jan 24, 2014 9:25:23 AM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Jan 24, 2014 9:25:23 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive rbacx.war
Jan 24, 2014 9:25:27 AM org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
Jan 24, 2014 9:25:27 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/rbacx] startup failed due to previous errors

^
This is the important bit. If you look in your log files you should see
more detailed errors including stack traces. They will tell you what is
going wrong.

HTH,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: using log4j in a webapp using embedded tomcat