Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
We use GIT for deployment. This way you are only uploading the delta. Have a look at how OpenShift does it for the mechanics. I wasn¹t involved in setting up the system we use but I know the team who did leaned heavily on what was done on OpenShift. I can tell you from experience deployments are much faster to upload and deploy. Z. On 26/05/2015 8:21 pm, Aditya Chopra adity...@turvo.com wrote: The reason i am trying to reduce the war file size is because its size has gone upto 55MB and time taken for copying it to the server for deployments has increased. Is there any best practice around this that we should be following? Anyways, i will also check Spring usage to see why the threat context class loader isn¹t being used. Aditya On 26-May-2015, at 3:37 pm, Mark Thomas ma...@apache.org wrote: On 26/05/2015 10:53, Aditya Chopra wrote: This thread does beg the question *why* do you want to reduce the size of your WAR. Doing so creates problems as you have found. In WEB-INF/lib i only have 2 JARs, which are my application JAR¹s. All other dependent JAR¹s i have moved to /mylibs. Below mentioned com.myapp.CustomGrantedAuth class is part of my application JAR present under WEB-INF/lib. You'll need to speak to the Spring folks to see why the thread context class loader isn't being used. Whether that is a Spring bug or a Spring usage error in your part I don't know. Mark Here is the stack trace: DEBUG [http-nio-8080-exec-3] (DefaultExceptionHandler.java:123) - error. java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: com.myapp.CustomGrantedAuth at org.springframework.security.oauth2.common.util.SerializationUtils.deser ialize(SerializationUtils.java:36) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:124) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:1) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(Ro wMapperResultSetExtractor.java:93) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(Ro wMapperResultSetExtractor.java:60) at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcT emplate.java:708) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644 ) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737) at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.j ava:811) at com.arl.mg.services.CustomTokenStore.readAuthentication(CustomTokenStore .java:121) at com.arl.mg.services.CustomTokenServices.loadAuthentication(CustomTokenSe rvices.java:139) at org.springframework.security.oauth2.provider.filter.OAuth2ProtectedResou rceFilter.doFilter(OAuth2ProtectedResourceFilter.java:53) at org.springframework.security.oauth2.provider.filter.CompositeFilter$Virt ualFilterChain.doFilter(CompositeFilter.java:79) at com.arl.mg.error.CustomExceptionHandlerFilter.doFilter(CustomExceptionHa ndlerFilter.java:59) at org.springframework.security.oauth2.provider.filter.CompositeFilter$Virt ualFilterChain.doFilter(CompositeFilter.java:79) at org.springframework.security.oauth2.provider.filter.CompositeFilter.doFi lter(CompositeFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF ilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFil ter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF ilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilte r(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF ilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationF ilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF ilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.rememberme.RememberMeAut henticationFilter.doFilter(RememberMeAuthenticationFilter.java:139) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF ilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRe questFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF ilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.do Filter(RequestCacheAwareFilter.java:45) at
Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
Hi, To reduce the size of my war file, i am trying to put all the jar files being used by my web app in a separate folder /mylibs. I added path to /mylibs folder under shared.loader property in catalina.properties but on runtime i am getting a ClassNotFoundException for one of the classes that is present in one the project module jar under WEB-INF/lib folder. When i add all the libraries required by my project in WEB-INF/lib folder my application works fine. However, when i put the libraries in a separate /mylibs folder i get a ClassNotFoundException on runtime. I suspect that it could be due to order in which the classes are being loaded, so added a Loader component in my context.xml as below, but that too didn’t work. Can someone please help me on this? 19 Context 20 21 !-- Default set of monitored resources. If one of these changes, the -- 22 !-- web application will be reloaded. -- 23 WatchedResourceWEB-INF/web.xml/WatchedResource 24 WatchedResource${catalina.base}/conf/web.xml/WatchedResource 25 Loader className=org.apache.catalina.loader.WebappLoader delegate=true searchExternalFirst=true/ Regards, Aditya
Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
The reason i am trying to reduce the war file size is because its size has gone upto 55MB and time taken for copying it to the server for deployments has increased. Is there any best practice around this that we should be following? Anyways, i will also check Spring usage to see why the threat context class loader isn’t being used. Aditya On 26-May-2015, at 3:37 pm, Mark Thomas ma...@apache.org wrote: On 26/05/2015 10:53, Aditya Chopra wrote: This thread does beg the question *why* do you want to reduce the size of your WAR. Doing so creates problems as you have found. In WEB-INF/lib i only have 2 JARs, which are my application JAR’s. All other dependent JAR’s i have moved to /mylibs. Below mentioned com.myapp.CustomGrantedAuth class is part of my application JAR present under WEB-INF/lib. You'll need to speak to the Spring folks to see why the thread context class loader isn't being used. Whether that is a Spring bug or a Spring usage error in your part I don't know. Mark Here is the stack trace: DEBUG [http-nio-8080-exec-3] (DefaultExceptionHandler.java:123) - error. java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: com.myapp.CustomGrantedAuth at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:36) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:124) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:1) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:708) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737) at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:811) at com.arl.mg.services.CustomTokenStore.readAuthentication(CustomTokenStore.java:121) at com.arl.mg.services.CustomTokenServices.loadAuthentication(CustomTokenServices.java:139) at org.springframework.security.oauth2.provider.filter.OAuth2ProtectedResourceFilter.doFilter(OAuth2ProtectedResourceFilter.java:53) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at com.arl.mg.error.CustomExceptionHandlerFilter.doFilter(CustomExceptionHandlerFilter.java:59) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at org.springframework.security.oauth2.provider.filter.CompositeFilter.doFilter(CompositeFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at
native API - to make Apache/Tomcat faster
There is this native Apache API if I recall correctly to speed up Apache. Is there such for Tomcat too? And should this be established at any rate for production servers? -- Christoph Kukulies - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
Thanks for quick response Mark. JARs in /mylib are not dependent on JARs in web app. In fact its the other way round. /mylib is having all Spring, hibernate jar’s, other common libs and WEB-INF/lib is containing jar of one of my application modules. The class for which i am getting ClassNotFoundException exception is part of JAR present under WEB-INF/lib. I enabled the class loader logs and don’t see that class getting loaded on server startup. However, when i copy all JAR’s from /mylib to WEB-INF/lib, that class is getting loaded and i don’t get the ClassNotFoundException on runtime. Any thoughts what might be causing this? Aditya On 26-May-2015, at 3:04 pm, Mark Thomas ma...@apache.org wrote: On 26/05/2015 08:36, Aditya Chopra wrote: Hi, To reduce the size of my war file, i am trying to put all the jar files being used by my web app in a separate folder /mylibs. I added path to /mylibs folder under shared.loader property in catalina.properties but on runtime i am getting a ClassNotFoundException for one of the classes that is present in one the project module jar under WEB-INF/lib folder. When i add all the libraries required by my project in WEB-INF/lib folder my application works fine. However, when i put the libraries in a separate /mylibs folder i get a ClassNotFoundException on runtime. I suspect that it could be due to order in which the classes are being loaded, so added a Loader component in my context.xml as below, but that too didn’t work. Can someone please help me on this? JARs in /mylibs must not depend on JARs in a web application. There is no configuration option that would enable you to bypass this restriction. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
In WEB-INF/lib i only have 2 JARs, which are my application JAR’s. All other dependent JAR’s i have moved to /mylibs. Below mentioned com.myapp.CustomGrantedAuth class is part of my application JAR present under WEB-INF/lib. Here is the stack trace: DEBUG [http-nio-8080-exec-3] (DefaultExceptionHandler.java:123) - error. java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: com.myapp.CustomGrantedAuth at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:36) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:124) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:1) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:708) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737) at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:811) at com.arl.mg.services.CustomTokenStore.readAuthentication(CustomTokenStore.java:121) at com.arl.mg.services.CustomTokenServices.loadAuthentication(CustomTokenServices.java:139) at org.springframework.security.oauth2.provider.filter.OAuth2ProtectedResourceFilter.doFilter(OAuth2ProtectedResourceFilter.java:53) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at com.arl.mg.error.CustomExceptionHandlerFilter.doFilter(CustomExceptionHandlerFilter.java:59) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at org.springframework.security.oauth2.provider.filter.CompositeFilter.doFilter(CompositeFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at
Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
On 26/05/2015 08:36, Aditya Chopra wrote: Hi, To reduce the size of my war file, i am trying to put all the jar files being used by my web app in a separate folder /mylibs. I added path to /mylibs folder under shared.loader property in catalina.properties but on runtime i am getting a ClassNotFoundException for one of the classes that is present in one the project module jar under WEB-INF/lib folder. When i add all the libraries required by my project in WEB-INF/lib folder my application works fine. However, when i put the libraries in a separate /mylibs folder i get a ClassNotFoundException on runtime. I suspect that it could be due to order in which the classes are being loaded, so added a Loader component in my context.xml as below, but that too didn’t work. Can someone please help me on this? JARs in /mylibs must not depend on JARs in a web application. There is no configuration option that would enable you to bypass this restriction. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
On 26/05/2015 10:44, Aditya Chopra wrote: Thanks for quick response Mark. JARs in /mylib are not dependent on JARs in web app. In fact its the other way round. /mylib is having all Spring, hibernate jar’s, other common libs and WEB-INF/lib is containing jar of one of my application modules. The class for which i am getting ClassNotFoundException exception is part of JAR present under WEB-INF/lib. I enabled the class loader logs and don’t see that class getting loaded on server startup. However, when i copy all JAR’s from /mylib to WEB-INF/lib, that class is getting loaded and i don’t get the ClassNotFoundException on runtime. Any thoughts what might be causing this? Yes. One of the JARs in /mylib depends on one of the JARs in WEB-INF/lib and that is not permitted. The dependency may not be obvious. If you provide the full stack trace we might be able to provide you with some pointers. Mark Aditya On 26-May-2015, at 3:04 pm, Mark Thomas ma...@apache.org wrote: On 26/05/2015 08:36, Aditya Chopra wrote: Hi, To reduce the size of my war file, i am trying to put all the jar files being used by my web app in a separate folder /mylibs. I added path to /mylibs folder under shared.loader property in catalina.properties but on runtime i am getting a ClassNotFoundException for one of the classes that is present in one the project module jar under WEB-INF/lib folder. When i add all the libraries required by my project in WEB-INF/lib folder my application works fine. However, when i put the libraries in a separate /mylibs folder i get a ClassNotFoundException on runtime. I suspect that it could be due to order in which the classes are being loaded, so added a Loader component in my context.xml as below, but that too didn’t work. Can someone please help me on this? JARs in /mylibs must not depend on JARs in a web application. There is no configuration option that would enable you to bypass this restriction. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problem with APR library - Tomcat 7
Hello Chris, I just wanted to notify all that my problem with the APR library has been finally solved. If anyone encounters this problem, please follow the steps (assuming your Linux server already has APR library preinstalled): 1. Install libapr1-dev, libssl-dev, java openjdk and openjre. 2. Download tcnative from here: https://tomcat.apache.org/download-native.cgi 3. Configure it like it is written here: http://tomcat.apache.org/native-doc/ 4. After server reboot, if you still encounter the issue: APR library not found and you have done everything above, mostly likely there is bug in the Linux server you are using. Check here: https://bugs.launchpad.net/ubuntu/+source/tomcat-native/+bug/1326255 and move the required libraries like it is done on the link above. Thank you all for helping me. Regards -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 19 May, 2015 21:16 To: Tomcat Users List Subject: Re: Problem with APR library - Tomcat 7 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dejan, On 5/19/15 2:08 PM, Christopher Schultz wrote: Dejan, On 5/19/15 11:58 AM, Dejan Stamenov wrote: Maybe I have messed up really bad, so I can't solve it now. I will start over with this, can you tell me if this are the steps I need to do for it to work: install libapr1-devinstall tcnativeWill I need to make that specific .sh file in the Tomcat /bin directory after I have done these 2 steps? If it were me, I would: 1. Remove all traces of the APR source and binary that you downloaded and built for yourself. 2. Make sure that the packages libapr1 and libapr1-dev are installed via apt-get 3. Make sure you build tcnative such that, after: $ make distclean $ ./configure [...] $ make ... you have some .so files sitting-around somewhere. 4. Copy those files into CATALINA_BASE/bin 5. When you launch, make sure that java.library.path includes CATALINA_BASE/bin Also, can I use something else than APR library connector? Yes. All Tomcat connectors support TLS. The APR-based connector will outperform all other connectors when using TLS by an order of magnitude. If you are serious about performance, you should either use the APR-based connector or terminate TLS elsewhere (like a reverse proxy) and not have Tomcat do any crypto at all. I have been trying to make it work now with a keystore, but when I access my application I get The connection was reset error. In my keystore, I have my server certificate, my intermediate file and primary cert file which have been given to me (the last 2). Also, when I look into the logs of the server there is no error/warning about using this second Connector, but it still won't work. Taking PEM files and putting them into a keystore is a real pain in the neck. This is the magic formula I've been using for a while, when starting with PEM files and creating a keystore from scratch: $ openssl pkcs12 -export -in ${HOSTNAME}.crt \ -inkey ${HOSTNAME}.key \ -certfile CA-intermediate.crt -out ${HOSTNAME}.p12 -chain $ $JAVA_HOME/bin/keytool -importkeystore \ -srckeystore ${HOSTNAME}.p12 \ -destkeystore ${HOSTNAME}.jks \ -srcstoretype pkcs12 Hope that helps, -chris FWIW, this is the portion of my Tomcat package testing script. This script is completely automated and fetches a release candidate, builds everything, and tests everything. You should be able to see how everything is built and where it all goes. Some environment variables are not set, because this is only the snip of the script that deals with tcnative. Note that I don't show the launch of the JVM, so you don't see where java.library.dir is set. I have also not corrected for line wrapping/formatting. I hope this helps, - -chris echo Building tcnative... mkdir -p ${BASE_SOURCE_DIR}/output/build/bin/native tar xz --directory ${BASE_SOURCE_DIR}/output/build/bin/native -f ${BASE_DIR}/ downloads/tomcat-native*/tomcat-native*.tar.gz if [ 0 != $? ] ; then echo * Failed to unpack tcnative. Quitting. exit fi OWD=`pwd` cd ${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-*/jni/nati ve ./configure --with-apr=/usr/bin --with-ssl=yes - --with-java-home=${TEST_JAVA_HOME} # /usr/lib/jvm/java-6-sun/ result=$? if [ 0 != $result ] ; then echo * !! tcnative configure returned non-zero result ($result). Quitting. exit fi cd ${OWD} make -C ${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-*/jni/native result=$? if [ 0 != $result ] ; then echo * !! tcnative make returned non-zero result ($result). Quitting. exit else echo * tcnative builds cleanly fi cp -d ${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-*/jni/native/ .libs/* ${BASE_SOURCE_DIR}/output/build/bin/native -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVW4vSAAoJEBzwKT+lPKRYRwMQAIWp4DODO4kOyRGXUmpa2WZt
Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
On 26/05/2015 10:53, Aditya Chopra wrote: This thread does beg the question *why* do you want to reduce the size of your WAR. Doing so creates problems as you have found. In WEB-INF/lib i only have 2 JARs, which are my application JAR’s. All other dependent JAR’s i have moved to /mylibs. Below mentioned com.myapp.CustomGrantedAuth class is part of my application JAR present under WEB-INF/lib. You'll need to speak to the Spring folks to see why the thread context class loader isn't being used. Whether that is a Spring bug or a Spring usage error in your part I don't know. Mark Here is the stack trace: DEBUG [http-nio-8080-exec-3] (DefaultExceptionHandler.java:123) - error. java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: com.myapp.CustomGrantedAuth at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:36) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:124) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:1) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:708) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737) at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:811) at com.arl.mg.services.CustomTokenStore.readAuthentication(CustomTokenStore.java:121) at com.arl.mg.services.CustomTokenServices.loadAuthentication(CustomTokenServices.java:139) at org.springframework.security.oauth2.provider.filter.OAuth2ProtectedResourceFilter.doFilter(OAuth2ProtectedResourceFilter.java:53) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at com.arl.mg.error.CustomExceptionHandlerFilter.doFilter(CustomExceptionHandlerFilter.java:59) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at org.springframework.security.oauth2.provider.filter.CompositeFilter.doFilter(CompositeFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at
org.apache.catalina.connector.CoyoteAdapter.checkRecycled Encountered a non-recycled request and recycled it forcedly
Hi, I get this error in my logs: CoyoteAdapter.checkRecycled Encountered a non-recycled request and recycled it forcedly. It happen some hours or even some days ater Tomcat ist starting. I can't reproduce this error and I don't know when it starts to appear. But if it starts, it appears more and more. And everything goes crash. After the error starts to appear, many strange things happen: - there is no Session availabe in jsp (request.getSession() returns null) - filters defined in web.xml are not used - or even on one virtual host appeared a page from another virtual host!!! Then I have to restart Tomcat and everything is all right up to it happen again (some hours, some days). I tried to use the parameter: -Dorg.apache.catalina.connector.RECYCLE_FACADES=true but with no luck. Does someone have any idea what is the reason of the problem? Thank You. Below is the stack of the error, and my Tomcat configuration. 23-May-2015 16:32:37.455 INFO [ajp-nio2-127.0.0.1-8009-exec-159] org.apache.catalina.connector.CoyoteAdapter.checkRecycled Encountered a non-recycled request and recycled it forcedly. org.apache.catalina.connector.CoyoteAdapter$RecycleRequiredException at org.apache.catalina.connector.CoyoteAdapter.checkRecycled(CoyoteAdapter.java:710) at org.apache.coyote.ajp.AbstractAjpProcessor.recycle(AbstractAjpProcessor.java:943) at org.apache.coyote.ajp.AjpNio2Processor.recycle(AjpNio2Processor.java:91) at org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.java:792) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1073) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.run(Nio2Endpoint.java:1032) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) 26-May-2015 08:05:12.890 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.0.22 26-May-2015 08:05:12.893 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Apr 29 2015 11:46:15 UTC 26-May-2015 08:05:12.894 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.0.22.0 26-May-2015 08:05:12.894 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux 26-May-2015 08:05:12.894 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 3.13.0-042stab106.6 26-May-2015 08:05:12.894 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64 26-May-2015 08:05:12.895 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /moje/jdk1.8.0_45/jre 26-May-2015 08:05:12.895 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_45-b14 26-May-2015 08:05:12.895 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation 26-May-2015 08:05:12.895 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /moje/tomcat-base 26-May-2015 08:05:12.896 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /moje/apache-tomcat-8.0.22 26-May-2015 08:05:12.896 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/moje/tomcat-base/conf/logging.properties 26-May-2015 08:05:12.897 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 26-May-2015 08:05:12.897 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+UseConcMarkSweepGC 26-May-2015 08:05:12.897 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.awt.headless=true 26-May-2015 08:05:12.897 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dfile.encoding=UTF8 26-May-2015 08:05:12.898 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dsgen.parametry=/moje/tomcat-base 26-May-2015 08:05:12.898 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx1400M 26-May-2015 08:05:12.898 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.connector.RECYCLE_FACADES=true 26-May-2015 08:05:12.898 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command
Re: Fwd: Fwd:
Hello Yuval. As a kind of generic answer to your previous enquiries : Tomcat is a Servlet Container, and the developers who write Tomcat strive to have it behave in accordance with the applicable Java Servlet Specification. Refer to this page to find out which version of Tomcat matches which version of the Servlet Specification : http://tomcat.apache.org/whichversion.html and then search the web for the appropriate version of the Servlet Specifications. As the name indicates, this document describes in detail what java servlets and servlet containers should and should not do, and in some cases how they should do it. In that specification, there is a chapter entitled Security which among other things covers the various forms of user authentication that should be supported by any specs-respecting servlet container and which you are encouraged to read, as it already contains answers to many of your questions. In summary though, there are essentially 2 sub-categories there : - container-managed (which covers Basic, Digest and Form-based user authentication) - application-managed (which is whatever a developer may choose to implement at application (webapp/servlet) level, e.g. via servlet filters) As far as container-managed Form-based authentication is concerned, what Tomcat provides is what the Servlet Specification says that it should. (And that does not cover the remember me feature as you describe it below). There may be third-parties which offer such enhancements (free or commercial), but you will need to search for them. Note that in addition to the above 3 container-managed authentication mechanisms, Tomcat does also provide some additional options, like SPNEGO, JAAS etc.. See here : http://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html and here : http://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html And what Tomcat does provide is /sessions/, for which you can set yourself the expiration time. It does not really do the same as the remember me feature you are talking about, but it may cover your needs to some extent, depending on your circumstances. Sessions are also explained in a chapter of the Servlet Specification. HTH Yuval Schwartz wrote: Hello Chris, Answers below. Thanks again. On Mon, May 25, 2015 at 3:18 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Yuval, On 5/24/15 5:06 PM, Yuval Schwartz wrote: Firstly, I'd like to clear something up: Is container managed security security only intended for use with administrative users of a web application? No. What would give you that impression? Because I was intending on using it for all users of my web application (eg: customers, students, etc. People with no administrative responsibilities). You can use it with everyone. On Sun, May 24, 2015 at 9:00 PM, Christopher Schultz ch...@christopherschultz.net wrote: Yuval, On 5/23/15 7:15 AM, Yuval Schwartz wrote: I can currently initialize a MessageDigestCredentialHandler object with my desired salt, iteration and algorithm parameters and then call the handler's mutate() method before inserting the password into my database. Good. And, from a servlet, the HttpServletRequest Object's login() (for example) method works when inputting the user_name and plain text password. Good. However, I am still struggling to create my database input ({salt}:{iterations}:{hash}) without inputting my desired parameter (iterations, saltLength, etc.) to a MessageDigestCredentialHandler, but rather by getting these parameters (or the CredentialHandler itself) from the servlet. What have you tried? Do you want the remote user to be able to specify the salt size and iterations? I'd advise against that, since users may intentionally reduce their own security (or, worse, intentionally give you an effectively infinite salt or iteration count, which could represent a DOS vulnerability). Without being able to do this, I don't see the purpose of specifying these parameters in the nested CredentialHandler element within the Realm element of the context.xml file (these parameters are retrieved from the storedCredential when authenticating meaning they're not used when a method such as request.login() is performed). The are absolutely used when HttpServletRequest.login() is called. That login() method ultimately calls Realm.authenticate(), which uses the CredentialHandler. The settings in CredentialHandler entirely handle logins for existing users. Realm.authenticate() calls MessageDigestCredentialHandler.matches(inputCredential, storedCredential) calls DigestCredentialHandlerBase.matchesSaltIterationsEncoded(inputCredent ials, storedCredentials) (line 146 of class MessageDigestCredentialHandler) This method isolates the salt from the storedCredential (line 162) Then isolates the iterations from the storedCredential (line 164) Then uses both these parameters in addition to the
Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
On Tue, May 26, 2015 at 6:21 AM, Aditya Chopra adity...@turvo.com wrote: The reason i am trying to reduce the war file size is because its size has gone upto 55MB and time taken for copying it to the server for deployments has increased. What you're trying to do may seem like a good idea, but in practice is usually not. There are a handful of things that can go wrong with it (library version issues, classpath casting issues, etc...). You're hitting just one of those problems and as you can see it's not easy to debug (none of them are really). All for what? A marginally smaller WAR file. Unless you're on dial-up, it's likely that the time you spend debugging issues will far exceed the time you spend uploading files, and that's something that can be automated. Solutions to the problem of a larger WAR file that I would suggest (I'm sure others can add to this list): a.) just live with the upload time. 55M is not that crazy. run the upload while you're doing something else or at night. b.) get a faster Internet connection c.) build your project on a remote server, possibly a CI server, that has better bandwidth. Is there any best practice around this that we should be following? Put everything into the WAR file. This is my opinion, but I find it makes life a lot easier. Dan Anyways, i will also check Spring usage to see why the threat context class loader isn’t being used. Aditya On 26-May-2015, at 3:37 pm, Mark Thomas ma...@apache.org wrote: On 26/05/2015 10:53, Aditya Chopra wrote: This thread does beg the question *why* do you want to reduce the size of your WAR. Doing so creates problems as you have found. In WEB-INF/lib i only have 2 JARs, which are my application JAR’s. All other dependent JAR’s i have moved to /mylibs. Below mentioned com.myapp.CustomGrantedAuth class is part of my application JAR present under WEB-INF/lib. You'll need to speak to the Spring folks to see why the thread context class loader isn't being used. Whether that is a Spring bug or a Spring usage error in your part I don't know. Mark Here is the stack trace: DEBUG [http-nio-8080-exec-3] (DefaultExceptionHandler.java:123) - error. java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: com.myapp.CustomGrantedAuth at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:36) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:124) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:1) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:708) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737) at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:811) at com.arl.mg.services.CustomTokenStore.readAuthentication(CustomTokenStore.java:121) at com.arl.mg.services.CustomTokenServices.loadAuthentication(CustomTokenServices.java:139) at org.springframework.security.oauth2.provider.filter.OAuth2ProtectedResourceFilter.doFilter(OAuth2ProtectedResourceFilter.java:53) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at com.arl.mg.error.CustomExceptionHandlerFilter.doFilter(CustomExceptionHandlerFilter.java:59) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at org.springframework.security.oauth2.provider.filter.CompositeFilter.doFilter(CompositeFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at
Re: org.apache.catalina.connector.CoyoteAdapter.checkRecycled Encountered a non-recycled request and recycled it forcedly
2015-05-26 14:25 GMT+03:00 Sergiusz Brzeziński sergiusz.brzezin...@supersystem.pl: Hi, I get this error in my logs: CoyoteAdapter.checkRecycled Encountered a non-recycled request and recycled it forcedly. It happen some hours or even some days ater Tomcat ist starting. I can't reproduce this error and I don't know when it starts to appear. But if it starts, it appears more and more. And everything goes crash. After the error starts to appear, many strange things happen: - there is no Session availabe in jsp (request.getSession() returns null) - filters defined in web.xml are not used - or even on one virtual host appeared a page from another virtual host!!! Then I have to restart Tomcat and everything is all right up to it happen again (some hours, some days). I tried to use the parameter: -Dorg.apache.catalina.connector.RECYCLE_FACADES=true but with no luck. Good idea. Thanks for trying. Does someone have any idea what is the reason of the problem? Thank You. Below is the stack of the error, and my Tomcat configuration. 23-May-2015 16:32:37.455 INFO [ajp-nio2-127.0.0.1-8009-exec-159] org.apache.catalina.connector.CoyoteAdapter.checkRecycled Encountered a non-recycled request and recycled it forcedly. org.apache.catalina.connector.CoyoteAdapter$RecycleRequiredException at org.apache.catalina.connector.CoyoteAdapter.checkRecycled(CoyoteAdapter.java:710) at org.apache.coyote.ajp.AbstractAjpProcessor.recycle(AbstractAjpProcessor.java:943) at org.apache.coyote.ajp.AjpNio2Processor.recycle(AjpNio2Processor.java:91) at org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.java:792) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1073) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.run(Nio2Endpoint.java:1032) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) 26-May-2015 08:05:12.890 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.0.22 26-May-2015 08:05:12.893 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Apr 29 2015 11:46:15 UTC 26-May-2015 08:05:12.894 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.0.22.0 26-May-2015 08:05:12.894 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux 26-May-2015 08:05:12.894 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 3.13.0-042stab106.6 26-May-2015 08:05:12.894 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64 26-May-2015 08:05:12.895 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /moje/jdk1.8.0_45/jre 26-May-2015 08:05:12.895 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_45-b14 26-May-2015 08:05:12.895 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation 26-May-2015 08:05:12.895 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /moje/tomcat-base 26-May-2015 08:05:12.896 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /moje/apache-tomcat-8.0.22 26-May-2015 08:05:12.896 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/moje/tomcat-base/conf/logging.properties 26-May-2015 08:05:12.897 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 26-May-2015 08:05:12.897 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+UseConcMarkSweepGC 26-May-2015 08:05:12.897 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.awt.headless=true 26-May-2015 08:05:12.897 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dfile.encoding=UTF8 26-May-2015 08:05:12.898 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dsgen.parametry=/moje/tomcat-base 26-May-2015 08:05:12.898 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx1400M 26-May-2015 08:05:12.898 INFO [main]
Re: org.apache.catalina.connector.CoyoteAdapter.checkRecycled Encountered a non-recycled request and recycled it forcedly
2015-05-26 14:32 GMT+02:00 Konstantin Kolinko knst.koli...@gmail.com: The forced recycling message is not a problem per se, but an indicator of a problem. In the same way as or even on one virtual host appeared a page from another virtual host that you. It signals that a request/response object was not empty at the place where it was supposed to have already been recycled. AJP Nio2 connector... Maybe try with AJP Nio one? I guess that it is more widely used than Nio2 implementation. According to the stack trace, it's just a normal AJP ping message. It does nothing except write a pong and then recycle, so the message is expected in that case. BTW, I am still not convinced by the usefulness of this warning message, which does not indicate a problem but does (you never know :) ). Tomcat 8.0.23 has already been released (is available on download servers), but there have been no announcement yet. Anything unusual in your web applications? Like using asynchronous APIs? Rémy
Re: Tomcat HTTP response chunk size
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Maxim, On 5/25/15 2:22 PM, Maxim Neshcheret wrote: Thank you for reply! Any chance to manage buffer size in Tomcat? Do you now if it is recommended approach? What is the problem you are trying to solve? You can affect the chunk size using either of these techniques: 1. Set the buffer size for the response 2. Call ServletOutputStream.flush() - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVZG6ZAAoJEBzwKT+lPKRYeVwP/12Mkp3CTQ153kIZlyykQTog jcZuz8/MFY5xelIb2p9MmYJlYJK2foA8BZ3uGLE61SCVofbBkIM6HxsgvcaKTov8 eShFaMylO3sqDCtGrYYiev5V18WTlgTOXMDVJXnjqfWLtQRwf3CNSby3tgX7Nwg/ oJ3m3NN1uDSc7frUHJGRXkKy2gJbBWoVroIw+7XMC/mPDSOGKf0Lt5ngGy3TZiTu Fw0+c2hzbOhJKe8YvM1ZFHiXZv4V1RxMXWdc5DfEYV2aKi1qGIcNtEQ49oSxrJzC pzPRg3BjpAcP5c32ovQAu6+d9T/ttR08mecOLugJpZHQTEWfYcR1cP1w1N7VY0JH WqCtB8qj/amForMTiGVExyhayjAYwX5d0COwqUkU4quDflLeDlL9bWD2rD00T3g/ rnQf2sHoN1EgrQAWTMXadPVLAeBfOxxDrapyV/5wEB1hWqPVesxLGUiW5Gt1qk/a s3HF4iH/j6yrH+YHKchg62qgzvajQz71MRCjuPaB0yTScPBe1+2eTV0QhoNusHir 6RNITUaQv+35hWD9mG4CMUwI/vIkeshKLvfZz247x/RTPLJskgeurdQKrezfgFw0 a8aQsSjUhuVM2842mpMdvbdmnptDf6f+fwjONZsJneLjDJayOXZJMzFCkjTkliQP vsO9ZyGYBcPCxm/haPhh =x+4j -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with APR library - Tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dejan, On 5/26/15 6:45 AM, Dejan Stamenov wrote: I just wanted to notify all that my problem with the APR library has been finally solved. If anyone encounters this problem, please follow the steps (assuming your Linux server already has APR library preinstalled): 1. Install libapr1-dev, libssl-dev, java openjdk and openjre. 2. Download tcnative from here: https://tomcat.apache.org/download-native.cgi 3. Configure it like it is written here: http://tomcat.apache.org/native-doc/ 4. After server reboot, if you still encounter the issue: APR library not found and you have done everything above, mostly likely there is bug in the Linux server you are using. Check here: https://bugs.launchpad.net/ubuntu/+source/tomcat-native/+bug/1326255 and move the required libraries like it is done on the link above. The problem in the bug report there was with the libtcnative1 package from Ubuntu, though the solution will work for a self-built tcnative package as well. I'd advise against putting libtcnative*.so into /usr/lib when it's just as easy to set the system property java.library.path to point to a custom location when you launch Tomcat. Note that I've said this in multiple replies as this point. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVZG9XAAoJEBzwKT+lPKRYUPwP/R4lFPGR/eWeldm/9AHJiYtQ FL14b+CTWIyfKaFzgOGhGkLJe9P564bmzz+OGhHbe03K0ovH7Q8jpFItZp13CDb3 WVYnyS4jWr+06nCWAQE31WWc20bNPBWiJ9MLxvbkWNvrHBaSHrk1vbMgQ0nFradJ 6P8+MEGttl2u3yQTqbA7xfFWQ6T/7hnOIdMFepccW4Q6dAChs7ofRm7RYlr7T9Z5 FDBdV5EUYrhSY41cKRtzwsVyG/xn9uDkD5SsJGtQeXRfyq0N5fpdlHG4WQAnVaQe KbXFqlFcKGMUfmROk7ZEygB2sreJ7DuZV6QPHcFLnpbhBh29uPiiJb2Ri62Aqox6 QsLxxMy9EvOPySpf2ftv0LlXA7rb7YooUrYdQwpEBRUczMsfjqRdoqHpApjYpPWT oXx3If3J+fSYOX/pq240LMhTNdvflx1iN4qb43CufQ1UJsMgqxw+OBr9+gPAeNqk Dzpz+gF9dg0UZMErC5MozQk6gLI7cSGbko6FaVuVJZ195I7h57c+vUKWoFT32u4q p6WZiFJsBMRAcAkx6DZb685MryfJCKssq0bsSt7SRi4acCsEW3a1KtBI+8NVC7yq jsSWnswCNbbsIMskTL6U50IrR4ZCtQocjmyXKogLEvsQ5Pf/Ic8dPGi4wOIbipxI 3ACPjb8wCsc3tnVQ+meP =vD0r -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Christoph, On 5/26/15 6:45 AM, Christoph P.U. Kukulies wrote: There is this native Apache API if I recall correctly to speed up Apache. Is there such for Tomcat too? If by Apache you mean Apache httpd, you need to understand that Apache httpd is 100% native, as it's all written in C. Apache Tomcat has a connector which is based upon the Apache Portable Runtime, which is a native library. And should this be established at any rate for production servers? That depends. Are you suffering any performance problems? What does your production deployment look like? There is really only one use-case where the APR-based connector really makes a difference. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVZG+8AAoJEBzwKT+lPKRYQL4P/juPg6C8VhIDg8se3WlBxg6+ RsFkBgKOcYNk/gupCu1EUsGoDQpo2mwnz1uWqlcDU48YhKylxFtWKhas9r7CV6J1 vJhDEV5WkK0c+nffiEi/Hu3tVxRhDBvM1wH4KOfgkEiHFhHur49dQ0Oi3RWXP5KH pbdpgb5Ne4D592/rIhgGlkl0PjbVZzLc045csZYSUb3LqOQWm3m7iJ10DnmP+Qrl yvnKj5D3uR5y8W/2h+Gqq7FWzwFZDjLqGS32X9q6ejSe0qnbouhFEpB9906ZIAAv gPUJrBnVN2wJkrexe9ADnTOFekSuifnhyZZtzUV2nQbB3zRu/qFZmALsp5XUgMD5 H2TY/vN6F9/OykbNxGDyRQrS1qOZi1xkRJNTwr1DhqisPo8gto5tt5vkMShVsSjY 8UuNU0cJrSp09VQQE1/pKNkAoO+n/gMpt6wy4N29b9jmDF14SurMPMhlQeXpqKWB p4iIgYTcMeC/itrlydmk0qqotVtNi7VX1EKgPvbzgYYeQ4lrwgN6W6xU6kBcHLVK 9hbuuIn9rMnEGDD536HEIpY/HxnyTR7dcHseMYDvUtlyijgZslcUxy/1mbE7jJzs I72IK49VQe2IIBgImq449c5RS1WsgZ+EThEzgDqiN6FBNGnmc/djkChl9GLPFND9 cOBsDwsoliP5n+fjYWNB =4WUi -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: Fwd:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Yuval, On 5/25/15 8:58 AM, Yuval Schwartz wrote: On Mon, May 25, 2015 at 3:18 PM, Christopher Schultz ch...@christopherschultz.net wrote: Yuval, On 5/24/15 5:06 PM, Yuval Schwartz wrote: Firstly, I'd like to clear something up: Is container managed security security only intended for use with administrative users of a web application? No. What would give you that impression? Because I was intending on using it for all users of my web application (eg: customers, students, etc. People with no administrative responsibilities). You can use it with everyone. On Sun, May 24, 2015 at 9:00 PM, Christopher Schultz ch...@christopherschultz.net wrote: Yuval, On 5/23/15 7:15 AM, Yuval Schwartz wrote: I can currently initialize a MessageDigestCredentialHandler object with my desired salt, iteration and algorithm parameters and then call the handler's mutate() method before inserting the password into my database. Good. And, from a servlet, the HttpServletRequest Object's login() (for example) method works when inputting the user_name and plain text password. Good. However, I am still struggling to create my database input ({salt}:{iterations}:{hash}) without inputting my desired parameter (iterations, saltLength, etc.) to a MessageDigestCredentialHandler, but rather by getting these parameters (or the CredentialHandler itself) from the servlet. What have you tried? Do you want the remote user to be able to specify the salt size and iterations? I'd advise against that, since users may intentionally reduce their own security (or, worse, intentionally give you an effectively infinite salt or iteration count, which could represent a DOS vulnerability). Without being able to do this, I don't see the purpose of specifying these parameters in the nested CredentialHandler element within the Realm element of the context.xml file (these parameters are retrieved from the storedCredential when authenticating meaning they're not used when a method such as request.login() is performed). The are absolutely used when HttpServletRequest.login() is called. That login() method ultimately calls Realm.authenticate(), which uses the CredentialHandler. The settings in CredentialHandler entirely handle logins for existing users. Realm.authenticate() calls MessageDigestCredentialHandler.matches(inputCredential, storedCredential) calls DigestCredentialHandlerBase.matchesSaltIterationsEncoded(inputCred ent ials, storedCredentials) (line 146 of class MessageDigestCredentialHandler) This method isolates the salt from the storedCredential (line 162) Then isolates the iterations from the storedCredential (line 164) Then uses both these parameters in addition to the inputCredential to call MessageDigestCredentialHandler.mutate( inputCredential, salt, iterations). Then does calls the equals method of String class to compare the mutated results. Therefore I concluded that the salt and iterations are taken from the stored password when authenticate() is called. Correct: both the salt and iteration could is stored in the database along with the actual hashed credential. Also, if I change the iterations and saltLength in my context.xml file, authentication is still successful regardless of the values I input. Correct: the stored credentials still include the salt length and iteration count. If you specify the iterations and saltLength in context.xml, they will be applied to the CredentialHandler object, but no code actually uses that. Note that neither the saltLength nor the iterations attributes are documented in the Tomcat users' guide... because they are unnecessary. Did I configure something incorrectly? It looks like you are struggling to create the stores credentials in the first place (e.g. in a change password or register workflow). I wanted to do it by getting the same MessageDigestCredentialHandler that I defined in the context.xml in my servlet. This is not possible without a great deal of work. I would just instantiate my own MessageDigestCredentialHandler, configure it, and then use it to create new credentials. But since I am not able to, I just initialize a new MessageDigestCredentialHandler and use that to create the stored credentials. Sounds good. Is there any way to authenticate a user using just the stored credential (ie: I don't have the plain text password. I only have the storedCredential and I want to call request.login(). Is that possible? Tomcat can't authenticate without the plain-text credential. That's whe whole point of authentication: to prove that the remote client is who they say they are. Without the plain-text credential, there's nothing to verify. What are you actually trying to do, here... it sounds like you don't want to do standard username/password authentication. I want to
Re: RewriteCond
On Mon, May 25, 2015 at 11:30 AM, Frank Lehmann frank-lehm...@freenet.de wrote: Hi helpers, i want to rewrite my url when a mobile user reaches my homepage. I found this condition on the web after several searchings. But it will not work. All other condition also not working, i have tested many conditions. How can i rewrite a url when a mobile client is getting my homepage ? Hassan mentioned one way, that's the UrlRewrite filter. Since you're on Tomcat 8, there's also a rewrite filter built-in. It uses a similar syntax to HTTPD, which is probably what you found posted on the internet. https://tomcat.apache.org/tomcat-8.0-doc/rewrite.html Thanks for help. RewriteCond %{HTTP_USER_AGENT} (android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|mobile|palmos|webos) [NC] RewriteRule ^(.+)$ http://www.dashandwerk.net/mobile/ [L] Where / how did you attempt to configure this? Dan My environment. Tomcat 8 Windows 2012 R2 Homepage under folder webapps/root - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
Am 26.05.2015 um 15:06 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Christoph, On 5/26/15 6:45 AM, Christoph P.U. Kukulies wrote: There is this native Apache API if I recall correctly to speed up Apache. Is there such for Tomcat too? If by Apache you mean Apache httpd, you need to understand that Apache httpd is 100% native, as it's all written in C. Apache Tomcat has a connector which is based upon the Apache Portable Runtime, which is a native library. Yes, APR, was the term, not API. I'm seeing discussion running on another issue on APR here, BTW. Anyway, we have a production server (Windows 7/64) , that is running a CMS under Tomcat 7.0.61 (64bit jdk 1.8.0_5) and serves a website to the public via Apache 2.4 and connectors (not modjk). We are observing that the server sometimes delivers pages incompletely. Portions of the page do not show and trying to restart the service results in a time out. The rebooting the server is a cure. And should this be established at any rate for production servers? That depends. Are you suffering any performance problems? What does your production deployment look like? There is really only one use-case where the APR-based connector really makes a difference. -- Christoph - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Christoph, On 5/26/15 9:25 AM, Christoph P.U. Kukulies wrote: Am 26.05.2015 um 15:06 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Christoph, On 5/26/15 6:45 AM, Christoph P.U. Kukulies wrote: There is this native Apache API if I recall correctly to speed up Apache. Is there such for Tomcat too? If by Apache you mean Apache httpd, you need to understand that Apache httpd is 100% native, as it's all written in C. Apache Tomcat has a connector which is based upon the Apache Portable Runtime, which is a native library. Yes, APR, was the term, not API. I'm seeing discussion running on another issue on APR here, BTW. Anyway, we have a production server (Windows 7/64) , that is running a CMS under Tomcat 7.0.61 (64bit jdk 1.8.0_5) and serves a website to the public via Apache 2.4 and connectors (not modjk). So you are using either mod_proxy_ajp or mod_proxy? Are you using TLS anywhere in the mix? (I should hope so, since you are deploying a CMS). Does httpd terminate TLS? Do you encrypt the connection(s) between httpd and Tomcat using TLS? We are observing that the server sometimes delivers pages incompletely. Have you been able to determine if Tomcat is not sending the whole page, or if httpd is not proxying the whole page? Portions of the page do not show and trying to restart the service results in a time out. A time out where? The service-restart times out, or after a service restart, requests time out? I'm unaware of any problems when up-to-date versions of all components are being used. The rebooting the server is a cure. That seems to be a popular cure with Microsoft Windows servers ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVZHbHAAoJEBzwKT+lPKRYzaoP/il4ZNLeTUc8XIWuPtGhpsu+ Ecu4KzAJSWlSBpR9Nw2UbPuliwHacXT5762I7b1lxfh5UhZchq47XmAfk09Z1mTO 6RiI9caY1cFzja4QLM0bDnE05XQ5XOkmoY07M13sdkzAyG+IlggNGeYG7U9aVbRt 0/aLURY2LSZ0xjpltbXdO0VWoXH7HMnKFqG8emkfe65MrE/HLpE01fLIGN0tA80Y aTFjGiR2xfjvbyFk44BZjkuU99kGYCGh7C8BvoO/I6EjmZSvpquD3Zfr2raK8fxg 7WieWsR9rntzqgtRJ6J7e+ZN+cUL7XT+5qRPXceyBLObkTJ+yaa5fdIWwb8iDlAH wZPJr9s4u+Nb+g3KIvbnPHhZRJc6R6MD7bHVHlriFgNLYW2vyr+d9dwwzJGSRgGC ab9bLbY5HMj5eTr+A6H/vz2RtidAskMqFV7rHeWxhRzW0lXVZlPS9deZt1vtmTgl 29S0g2LIzMPLkgEY11PLD8rgY5x/Qb4EC2rVyVbINsnSmGZuj8N45dnntMcp1ouX cd4pe6Tl2+pTRA87T2LDZedlq/wxx3D19GX9GvPt6/yPo1G3QUAAE4fAoVxQE5Zj 3qRkyUEC1DPpk+6Fp3VjAh3l13NJZrUaIhPWOCZYWsjPLT5lHKbBauShWU8B/Osr kxutnvsPYAXQ9JGk2rru =12zd -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[ANN] Apache Tomcat 8.0.23 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.0.23. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language and Java WebSocket technologies. Apache Tomcat 8.0.23 includes numerous fixes for issues identified in 8.0.22 as well as a number of other enhancements and changes. The notable changes since 8.0.22 include: - Fixed corruption issues with NIO2 and TLS - Added a workaround for SPNEGO authentication and a JRE regression in Java 8 update 40 onwards - Added the new HttpHeaderSecurityFilter Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-80.cgi Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RewriteCond
Hi Dan, you are right, i have used this documentation for setting the rewrite rule. This doc has is mistake in placing the rewrite.config file, but i solved it. My problem is, that the test condition never works. Every test rule is ignored. So what is the reason why every test condition is ignored ? Regards Frank - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
Am 26.05.2015 um 17:41 schrieb David kerber: On 5/26/2015 11:26 AM, Christoph P.U. Kukulies wrote: Am 26.05.2015 um 17:18 schrieb André Warnier: Christoph P.U. Kukulies wrote: Am 26.05.2015 um 15:36 schrieb Christopher Schultz: So you are using either mod_proxy_ajp or mod_proxy? mod_proxy I have not yet found the time to debug the connection and to locate the actual missing pieces. It just seems that some js or css is not being loaded since the source code of the page itself is there. Now that may be something else entirely. Did you check your js/css links (in the Tomcat pages) and your proxy directives in Apache httpd carefully, to see if these (separate) requests for the js/css pieces are being sent to where these files really are ? It's not that the site doesn't work. Normally it works fine (after a reboot) but after a couple days of running this effect occurs (that parts of the page do not appear any longer). That sounds like you have a resource leak of some kind, which is tying up server resources (memory, probably). This sounds a bit like that but I'm not sure. Anyway, to come back to the use of the APR-library: how can I check whether it is already installed or how can I activate it? -- Christoph - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
On 5/26/2015 9:36 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- ... The rebooting the server is a cure. That seems to be a popular cure with Microsoft Windows servers ;) But unfortunately, it's only treating the symptoms, not curing the disease... :-( - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
David kerber wrote: On 5/26/2015 9:36 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- ... The rebooting the server is a cure. That seems to be a popular cure with Microsoft Windows servers ;) But unfortunately, it's only treating the symptoms, not curing the disease... :-( Wait, I am a bit confused now. Is Microsoft Windows the symptom, or the disease ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
Am 26.05.2015 um 15:36 schrieb Christopher Schultz: So you are using either mod_proxy_ajp or mod_proxy? mod_proxy Are you using TLS anywhere in the mix? (I should hope so, since you are deploying a CMS). Does httpd terminate TLS? Do you encrypt the connection(s) between httpd and Tomcat using TLS? No, not using TSL between Apache and tomcat. Using secure http (https) is planned to be used soon. We are observing that the server sometimes delivers pages incompletely. Have you been able to determine if Tomcat is not sending the whole page, or if httpd is not proxying the whole page? I have not yet found the time to debug the connection and to locate the actual missing pieces. It just seems that some js or css is not being loaded since the source code of the page itself is there. Portions of the page do not show and trying to restart the service results in a time out. A time out where? The service-restart times out, or after a service restart, requests time out? When I type NET STOP tomcat7 on the server to stop the service, it hangs. Normally the service should be shut down smoothly. I'm unaware of any problems when up-to-date versions of all components are being used. The rebooting the server is a cure. That seems to be a popular cure with Microsoft Windows servers ;) -- Christoph - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RewriteCond
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Frank, On 5/25/15 11:30 AM, Frank Lehmann wrote: i want to rewrite my url when a mobile user reaches my homepage. I found this condition on the web after several searchings. But it will not work. All other condition also not working, i have tested many conditions. How can i rewrite a url when a mobile client is getting my homepage ? Thanks for help. RewriteCond %{HTTP_USER_AGENT} (android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|mobile |palmos|webos) [NC] RewriteRule ^(.+)$ http://www.dashandwerk.net/mobile/ [L] Where did you put those directives? Your regular expression is probably not what you want, because it will require that android have a double-quote before it, and that webos have a double-quote after it. My environment. Tomcat 8 Windows 2012 R2 Homepage under folder webapps/root Note that webapps/root will require a request to http://www.dashandwerk.net/root/[whatever]. If you want to use the root context (deployed on /), you'll need to use ROOT (upper-case matters, even on a case-insensitive filesystem). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVZHi8AAoJEBzwKT+lPKRYiawP/0zYgs1D/sPClbu3nGbR8OkD IWOj7CMeqPOitdATySIqImuLsq9xn+dWzgVKDXqL/DiGGcVFn8EpZB11Hp5bxj1q lYqFlA+Iaj/ZMoX5UcyJbmIi33fon8KdAuoaNx9LdQiIdbTVz9x8Q6JwRRNJKrrC QmXLXNdCQOBWGR8UGHPwhVPY2U5GEnuHpB1gmyqTgDsmqj3bZJx6YQIIhg50i7Ik 9EAum5PlrFwHq/FQJT5QORMgbwJcE1YPje/Vne/XSSOHfIWEqlPSIBL2FFkFh30g DE/vwhAO2fS5VBooAKaI/Mt47X9rHN5Q4F/DRwRDYqmcKpCEMk3sVJbL9JkKfsBd 84bWYwT4Q5Ip/3styIvYdhghYyy3H0FTtycDDc0RiK8FDiZD0kIdnRdoCOspsoTh o1hD+eGW2TOSNYnpDCx3lzaZv3z0nBNK4ZLokrdCeqWQp6x3XwsU9fiC19UIkUu9 dv+GXjfPQgx4KDfyxT8hh8tb98WNwthgEzR3W8BvSwWiYdE5M2iAOD75JDKjJkew xhEieVtZ7PP+KsofOvvwr0r/Apbqa0mpTAIPomhgYTzQD2SzxQ0qkFnDZvW8yBNx /0Tvr+AW8bIAwszbSRQxTEqTlQX9ktx7/LzUVijqwkP3IY64DOvRzfH9PQzrEIA0 ddt0DDDepc2Tt5GkkeFa =YJtJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
Christoph P.U. Kukulies wrote: Am 26.05.2015 um 15:36 schrieb Christopher Schultz: So you are using either mod_proxy_ajp or mod_proxy? mod_proxy Are you using TLS anywhere in the mix? (I should hope so, since you are deploying a CMS). Does httpd terminate TLS? Do you encrypt the connection(s) between httpd and Tomcat using TLS? No, not using TSL between Apache and tomcat. Using secure http (https) is planned to be used soon. We are observing that the server sometimes delivers pages incompletely. Have you been able to determine if Tomcat is not sending the whole page, or if httpd is not proxying the whole page? I have not yet found the time to debug the connection and to locate the actual missing pieces. It just seems that some js or css is not being loaded since the source code of the page itself is there. Now that may be something else entirely. Did you check your js/css links (in the Tomcat pages) and your proxy directives in Apache httpd carefully, to see if these (separate) requests for the js/css pieces are being sent to where these files really are ? Portions of the page do not show and trying to restart the service results in a time out. A time out where? The service-restart times out, or after a service restart, requests time out? When I type NET STOP tomcat7 on the server to stop the service, it hangs. Normally the service should be shut down smoothly. And that may be a totally separate, unrelated to the first above, issue. I'm unaware of any problems when up-to-date versions of all components are being used. The rebooting the server is a cure. That seems to be a popular cure with Microsoft Windows servers ;) -- Christoph - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
Am 26.05.2015 um 17:18 schrieb André Warnier: Christoph P.U. Kukulies wrote: Am 26.05.2015 um 15:36 schrieb Christopher Schultz: So you are using either mod_proxy_ajp or mod_proxy? mod_proxy I have not yet found the time to debug the connection and to locate the actual missing pieces. It just seems that some js or css is not being loaded since the source code of the page itself is there. Now that may be something else entirely. Did you check your js/css links (in the Tomcat pages) and your proxy directives in Apache httpd carefully, to see if these (separate) requests for the js/css pieces are being sent to where these files really are ? It's not that the site doesn't work. Normally it works fine (after a reboot) but after a couple days of running this effect occurs (that parts of the page do not appear any longer). Portions of the page do not show and trying to restart the service results in a time out. A time out where? The service-restart times out, or after a service restart, requests time out? When I type NET STOP tomcat7 on the server to stop the service, it hangs. Normally the service should be shut down smoothly. And that may be a totally separate, unrelated to the first above, issue. Yes, maybe, or probably. -- Christoph - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
On 5/26/2015 11:26 AM, Christoph P.U. Kukulies wrote: Am 26.05.2015 um 17:18 schrieb André Warnier: Christoph P.U. Kukulies wrote: Am 26.05.2015 um 15:36 schrieb Christopher Schultz: So you are using either mod_proxy_ajp or mod_proxy? mod_proxy I have not yet found the time to debug the connection and to locate the actual missing pieces. It just seems that some js or css is not being loaded since the source code of the page itself is there. Now that may be something else entirely. Did you check your js/css links (in the Tomcat pages) and your proxy directives in Apache httpd carefully, to see if these (separate) requests for the js/css pieces are being sent to where these files really are ? It's not that the site doesn't work. Normally it works fine (after a reboot) but after a couple days of running this effect occurs (that parts of the page do not appear any longer). That sounds like you have a resource leak of some kind, which is tying up server resources (memory, probably). Portions of the page do not show and trying to restart the service results in a time out. A time out where? The service-restart times out, or after a service restart, requests time out? When I type NET STOP tomcat7 on the server to stop the service, it hangs. Normally the service should be shut down smoothly. And that may be a totally separate, unrelated to the first above, issue. Yes, maybe, or probably. -- Christoph - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: native API - to make Apache/Tomcat faster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Christoph, On 5/26/15 10:36 AM, Christoph P.U. Kukulies wrote: Am 26.05.2015 um 15:36 schrieb Christopher Schultz: So you are using either mod_proxy_ajp or mod_proxy? mod_proxy I meant to say mod_proxy_ajp or mod_proxy_http. I'm assuming the latter is in use. Are you using TLS anywhere in the mix? (I should hope so, since you are deploying a CMS). Does httpd terminate TLS? Do you encrypt the connection(s) between httpd and Tomcat using TLS? No, not using TSL between Apache and tomcat. Using secure http (https) is planned to be used soon. Okay. For now, there's no reason to switch to the APR-based connector because the only real performance benefit is when you are using TLS. But, you might want to start testing with it, now, so that you have everything ready for your switch to TLS. You could also use something like stunnel (or equivalent in the Microsoft Windows world) so that you are using plain-old HTTP between httpd and Tomcat, but the networking itself supplies the encryption. Depending upon your configuration and use case, this may be slightly more efficient. We are observing that the server sometimes delivers pages incompletely. Have you been able to determine if Tomcat is not sending the whole page, or if httpd is not proxying the whole page? I have not yet found the time to debug the connection and to locate the actual missing pieces. It just seems that some js or css is not being loaded since the source code of the page itself is there. You will obviously want to locate the source of the problem, regardless of your choice of connector. Again, I'm not aware of any problems with your version of Tomcat and the Java-based connectors. Portions of the page do not show and trying to restart the service results in a time out. A time out where? The service-restart times out, or after a service restart, requests time out? When I type NET STOP tomcat7 on the server to stop the service, it hangs. Normally the service should be shut down smoothly. My (limited) experience with Windows Services is that they often get cranky with Java-based server processes. Check your Tomcat log files to see if something is shutting-down particularly slowly. Anyway, you can download a binary of the tcnative library here: http://tomcat.apache.org/download-native.cgi Remember to use the proper architecture, and choose whether you want OCSP support. If you don't know what that is, you probably don't need it . - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVZKxxAAoJEBzwKT+lPKRYGb4P/iFxGgrjwv8U2Oxi3RF3htBB PadpBSI83ib3Q8L1gYV0IvMKSICvsse3YPQxl1O1jqWhglSHYfGtGMJjd8B0nN+G uA8wN0nawuoOJyOd47StES9w1nHwE4IqbCQV8X3micflbO/U7GJea9TWulgtL72B HlOEvcn36qcrvHpxPhJbCiINlNcjga+ypmOxha7+NGb+CdU2CcfIoY3Po455gZ16 C1megnxAsM405CO1WRkr0eWAjobYSobiwddv8sBrU8wjC4GtykmUi6Ih6RDj8TeJ Su6FfdnZh0rH3nXTQStIHFvDmI48ihJaBTtgH9Yd0be2GzYfT4jtuAejiQHLRmh9 vnYg0cLrWcNVhTIItTIJHWjjv3MqTQP8/BYDlSBqVoRfB9jnnnjKOfszI5zwURdf OvZ9guStHK+2cPu5TRAzmo4X7l3vU2EN/QMC/t0o2U1RoBARFA+pPiNBugnlvzJx 50KV2+UumR5OBrbJPnAtaOn+OqyZxu7xRn6aEpfRG8nY1rifZ57WEoUY7ZcErAs4 7m5iHjJi+JNsB0GMlD7QHu+gEpuwzyziR/Br9dcLUGNMFoc+kmLRuu+dXhooK32U EXKHWaiquC1bZHuEcZLkHMvRO+PToxXrWWdrlKs+KAQDQNoVbg4+Dfa0G3NLznmj PmA865IGu2cM++lXgYVb =deks -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to configure a TrustManager in code?
Hi I am creating several components for my web application in java code instead of the xml files. For this I am using a privileged servlet that (besides other things) creates a Connector and a Realm. That's working fine. As I can do context.setRealm(...) I can use a Realm that is loaded in my code (thus using my classloader). I can also set the class name for the TrustManager using the following code when creating the Connector instance: nioConnector.setAttribute( trustManagerClassName, mypackage.AcceptingTrustManager ); While this works, it uses the tomcat classloader instead of my own. So I have to public a single class of my application in a jar file inside tomcats lib folder. Is there another way to set the TrustManager - preferably in a way that does not require changes in the classpath for tomcat? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: native API - to make Apache/Tomcat faster
From: Christoph P.U. Kukulies [mailto:k...@kukulies.org] Subject: Re: native API - to make Apache/Tomcat faster That sounds like you have a resource leak of some kind, which is tying up server resources (memory, probably). This sounds a bit like that but I'm not sure. Please stick to one topic per e-mail thread. This one has conflated a performance question (use of APR) with a stability problem. The only relationship between the two is that performance is zero when the system is being restarted. You should start a separate thread for the instability issue if you want help with that. Anyway, to come back to the use of the APR-library: how can I check whether it is already installed or how can I activate it? Look in the Tomcat logs. If APR is enabled it will be noted there during Tomcat startup. The file tcnative-1.dll must be present in Tomcat's bin directory in order to use APR; that file is included in the 64-bit Windows zip download and in the 32-bit/64-bit Windows Service Installer download. By default, APR will be used if tcnative-1.dll is present, but settings in server.xml can prevent that. Look here for details: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org