the session tracking of tomcat 6 and tomcat 7 behaves strangely
In my web application, in a jsp there is a javascript which sends request to a servlet every twenty seconds, so it kills my applications user idle time tracking by resetting the lastAccessed time in session. the funny thing is lastAccessed time doesn't get updated in tomcat 6 and my applications idle time tracking works fine in it, but in 7 it gets updated and kills that functionality of the application . so I'm little bit confused about the changes in the session tracking of tomcat 6 and tomcat 7.
RE: SSL configuration using PFX as keystore
Thanks guys, I was wondering when I'd get a point where it's no longer practical to run the client through Windows, perhaps I'm getting close. I can connect fine over HTTP, but when I put in the SSL/certificate configuration no go - implementing the suggestions made by all. Michael Salisbury Senior Systems Architect | P 07 960 7011 | E mich...@skypoint.co.nz | W skypoint.co.nz Waikato Innovation Park, Ruakura Rd, PO Box 9466, Hamilton 3240, NZ Please send any support enquiries to E supp...@skypoint.co.nz -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, 22 June 2015 11:24 p.m. To: Tomcat Users List Subject: Re: SSL configuration using PFX as keystore Mark Thomas wrote: > On 22/06/2015 09:39, Mark Thomas wrote: >> On 22/06/2015 00:25, Michael Salisbury wrote: > > > >>> When connecting from a Windows client (any Windows client) I get a 'network >>> path not found' error 0x80070035. I know the path is valid as I can reach >>> it via other means, and other WebDAV clients. >>> >>> The main reason I think this is a Tomcat issue is that it was working just >>> fine with v7.0 and no other Windows client changes (updates, software etc.) >>> have been made. There wasn't anything specific in the Tomcat7 config that >>> I needed to get the MS client to work, only on the client itself those >>> registry changes as previously mentioned. >> What about the WebdavFixFilter? Is it configured in Tomcat 7 but not 8? >> >>> I'll run a Wireshark trace and see what comes up, nothing in the Tomcat >>> logs that I can see... >> I'll do a quick test now and see what I can come up with. > > I needed to enable directory listings otherwise I got a 'network name > not found' error 0x80070043. > > With that one change I was able to map a Windows network drive to: > > http:/// > http:///test > http://:8080/ > http://:8080/test > > With https the behaviour is very strange. Windows is prompting me for > credentials even though none are required. I suspect that the > untrusted test certificate may be causing some of these problems. > > I fixed the certificate problem so that IE viewed the site as trusted > and then I could map a network drive to: > > https:/// > https:///test > https://:8443/ > https://:8443/test > > No registry changes were required to get this to work. > > Prompting for authentication in response to an untrusted certificate > is bizarre to say the least. > > Microsoft generously provide MSDN subscriptions for Apache committers > which is why I have the various OS's to hand to test this. The > subscription also comes with tech support. I'll open an incident. It > will be interesting to see if things have improved since I last tried > raising bugs with Microsoft (I filed so many bugs with MS Office and > it took so long for MS to fix them that I hit the limit of issues MS > would let me have open in parallel). > > I was testing with Windows 7, SP1, 64-bit, fully patched > > None of my WebDAV endpoints are configured to require authentication. > > I did not have to use the WebdavFixFilter. > > Note that I do not have MS Office installed on this machine. > > It does look like things have improved with more recent versions of > the Windows clients. I'm not sure what is causing the error you are seeing. > Maybe MS Office ships with a different WebDAV client. From what I remember, yes it does. That is what I was referring to when talking about "depending on what other software is installed on the workstation." As I recall, when installing MS-office, it replaces the "mini-redirector" by its own DLL, and that changes the behaviour in a number of instances. From past > experience, I'd suggest trying some of the following: > - get it working over http before trying https > - get it working at the server root before trying just a context > - get it working without authentication before trying with > authentication > - ensure you have directory listings enabled > - ensure that IE trusts any certificates and no certificate errors are > reported when connecting over https > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: We have a problem involving weird error messages in our Tomcat context, and catalina.out growing to enormous size.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 6/22/15 4:58 PM, James H. H. Lampert wrote: > On 6/22/15 12:11 PM, Christopher Schultz wrote: >> Well... what's in the catalina.out file? Is it huge numbers of >> exceptions of the type described above? > > Still haven't been able to see what's in it (the terminal-based > tools won't handle stream files that big), but when this happened > before, it wasn't 4 gigabytes; it was 6 HUNDRED gigabytes. Wow. Is there an AS/400 version of "head" (or "tail")? Even "dd" would work... just ask for something like bytes 1,000,000 - 2,000,000 and dump that to a file, then look at *that* file. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJViIaFAAoJEBzwKT+lPKRYiXQP/2jptaeBVRpitNQt7F6XtxWa MnUCSZ2ru54pntBnutfJgWMZ0PoYx+6mOf5LboKSMi+FXAGH9hQYmN5x52aqiRPO HR79YwksdsXH1CqJV7rnSbKI3L9uHLboGlA/mwlGDBdwIT+N0faZYGbvIKjDCQEK dnXEMdWudjZG5MNUMIPhcWwKjMu+xsi12XGXbGgdkyEaVPMQqZoTUQPR+BK5eHl0 BqiJSpN6GTC8z4Jk140ErYI8ecxw3bsfyG/ZpX8G06A/r7qt5O8sLHLQxj4B2mV1 /8n5DlAG8Rub7ImxlOmmb221kCDdf990qHB0CN5AuOTNXuygwBM1LodL9bzPFZfJ tVIEZD1kyq/VopQIv3Goe9XNMpbmC5EhecyyUBoW+C2C5iz5FLKVHQpehsK3QD1+ cljodHDOlK302/OHs9sexut4g2HjGYmQ6/fq7fqgILDVELpHhoAl1nxvJB4a6Lgw HqMGr7yOit0vzWcCnVRWInHe683w43AC8N+hSyDB9Lm5mIKOE4qUt3JpuS5zdRRM Y5qDin44mejQnjR9Gq3lOBDIdJFsSj1BSmaiulbo6+eQ3exnueWVNlMihLmjDlL1 k3IU3rfYJIe1W4S5kdpHTNI9AZLohcmc8lLI38w/ibcrpt2sqmJ8HS4xxi8MvFIl 1VQYDJStAvOghF3NF/iH =W8U0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: We have a problem involving weird error messages in our Tomcat context, and catalina.out growing to enormous size.
On 6/22/15 12:11 PM, Christopher Schultz wrote: Well... what's in the catalina.out file? Is it huge numbers of exceptions of the type described above? Still haven't been able to see what's in it (the terminal-based tools won't handle stream files that big), but when this happened before, it wasn't 4 gigabytes; it was 6 HUNDRED gigabytes. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Weird situation
It is a servlet. Manish On Mon, Jun 22, 2015 at 12:01 PM, André Warnier wrote: > Nabusg Tomcat wrote: > >> mod_jk version 1.2.40 >> >> yes there is a jkmount directive to send every requests that start with >> /secure/ to tomcat. >> >> JkMount /secure/* ajp_myhost >> JkMount /secure ajp_myhost >> >> >> "Somehow the association of a "myprog.cgi" on the Apache side, and a >> "request.getParameter()" on the Tomcat side sounds strange" >> >> What part of this is strange? heard of web.xml? >> > > Yes, but what is "myprog.cgi" under Tomcat ? Is that a java webapp/servlet > ? > (You are of course free to map your webapps as you wish. It is just > unusual to see one named this way, which is the reason I asked.) > > > >> >> On Mon, Jun 22, 2015 at 11:00 AM, André Warnier wrote: >> >> Nabusg Tomcat wrote: >>> >>> Apache HTTPD version 2.4.10 Tomcat version apache-tomcat-7.0.61 Ubuntu 12.04.5 16G RAM Dual Core processor 64-bit Lately I am noticing that the request parameters are present when the request hits Apache, but are dropped when request reaches tomcat. for e.g /secure/myprog.cgi?username=user1&masteraccount=master1 (logged in Apache), however tomcat rejects the request as request.getParameter("username") can not be null. I have been running the same code for ages and now I am noticing this. This is happening to roughly 1% of the requests. Following is my Apache config APACHEStartServers15 APACHEMinSpareThreads 25 APACHEMaxSpareThreads 75 APACHEThreadLimit 512 APACHEThreadsPerChild 32 APACHEMaxRequestWorkers 2048 APACHEMaxConnectionsPerChild 2048 APACHEAsyncRequestWorkerFactor 3 APACHEServerLimit 64 And this is my tomcat settings TOMCATprotocol="AJP/1.3" TOMCATpacketSize="32000" TOMCATmaxThreads="800" TOMCATprocessorCache="800" TOMCATacceptCount="300" TOMCATacceptorThreadCount="2" TOMCATminSpareThreads="80" TOMCATmaxSpareThreads="160" TOMCATmaxKeepAliveRequests="-1" TOMCATmaxConnections="8192" TOMCATconnectionTimeout="36" TOMCATcompression="on" TOMCATcompressableMimeType="text/html,text/xml,text/plain" TOMCATredirectPort="8443" Worker.properties config worker.ajp_myhost.port=8009 worker.ajp_myhost.host=localhost worker.ajp_myhost.type=ajp13 worker.ajp_myhost.retries=3 worker.ajp_myhost.recovery_options=27 worker.ajp_myhost.retry_interval=300 worker.ajp_myhost.reply_timeout=2 worker.ajp_myhost.max_packet_size=32000 worker.ajp_myhost.socket_timeout=360 worker.ajp_myhost.socket_connect_timeout=36 worker.ajp_myhost.connection_pool_timeout=360 Can someone please help me with 2 things. 1. Has anyone noticed request parameters dropping in transit ? 2. Help with fine tuning my Apache/Tomcat/mod_jk configs. During peak the server will be handling 50 req/seconds. Please let me know if you need anymore details. Well certainly : >>> There is nothing in the above configuration excerpts, that leads me to >>> believe that a request like >>> "/secure/myprog.cgi?username=user1&masteraccount=master1" is even being >>> forwarded by Apache httpd to Tomcat. >>> So how does that happen ? >>> >>> At the very least, there should be some "jkMount" directive somewhere in >>> the Apache configuration. And then, which webapp under Tomcat is >>> processing this request ? >>> Somehow the association of a "myprog.cgi" on the Apache side, and a >>> "request.getParameter()" on the Tomcat side sounds strange, unless there >>> is >>> some piece in the middle that we are not being told about. >>> >>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: We have a problem involving weird error messages in our Tomcat context, and catalina.out growing to enormous size.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 6/22/15 2:54 PM, James H. H. Lampert wrote: > We have two weird things going on at the same customer > installation. > > First, we have a situation in which catalina.out is inexplicibly > growing to enormous size (4558505886 bytes) in a very short time > (under a week), and growing by 4k in under a minute. And yet the > catalina.[date] files are all of very reasonable size. > > Second, we've been finding a lot of "There is no process to read > data written to a pipe." exceptions. They're apparently being > thrown by our own code, but we haven't been able to determine why, > and while a Google search on that exact phrase turns up hundreds of > references specific to aix, it doesn't turn up any specific to > OS/400 (or whatever IBM is calling it this week). Don't know if > there's any connection between that and the enormous catalina.out. Well... what's in the catalina.out file? Is it huge numbers of exceptions of the type described above? > Tomcat version is 7.0.47, running on an AS/400. You might be able to get some mileage out of using swallowOutput="true" on your . Depending upon the nature of the output being logged, that may direct the tons-of-error-logging to the daily log files, which are easier to manage (compress, delete, etc.) . - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJViF3UAAoJEBzwKT+lPKRYa50QAL4XO58veYR0JgEJ7avjwAMD wQ92F7tEaJJQ5IJB7f5bjDzfO43pZFzWE5g4pVthZt3wi0XdD/QUE6yigtRmPslF UFf7wr4mCox4gWqOQnBoqvLLy9zizQLkC1A6JnUev8IHGG496DeLRPrsxtsmIn+x NzWdRFsP2tgfyyADBagSz+Tg5V1KO0EmEsj+jBLAWGFHcGlqJe7BmGi4CIaiFy0r kZu2YdLlZ+F+ZFoezNophTiXIvNEMjZE5bkUyu0uQNqFbquwuF7yBhIWMcCy9aJF 8OPRiBeBq7fiPcq4U2zTF2+BQ5r9183bGTCJR5G1UsWhMv+ppNCGDVwswdeCu4n7 oT5MaiJ1uQJUq6F8MOlXFJFacvgmVoO7Y9on9FijO+rkdKVFj0wzKEl0iJDLdHY2 5X9GAVl9bF5JHclEFHKE3/rOebQhh1btS+UH/cFkU6en51k7dvlKgNTOVY7U2m3Y JKrtlN3ihBMuYJ0pbp1ioS2ZyqiU9ZVqD4qmJW+jWUTA7wP07EsmZDZm/5acMgxj bdGwQU2+gePKu8AZQDyBmVBgUl5HxLS2Qyh8fR3Ew1QcQ4I+BSTCpCWCWUtqWOU7 /zTA4aS6t6WA7SlGzc8ypL7aflhd2TtNJmMnj11XDUZ6kj5nz7ytwKDCXNjwQETa WkgaOvzGTV2Qy5aw1tAb =8s3O -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: We have a problem involving weird error messages in our Tomcat context, and catalina.out growing to enormous size.
James H. H. Lampert wrote: We have two weird things going on at the same customer installation. First, we have a situation in which catalina.out is inexplicibly growing to enormous size (4558505886 bytes) in a very short time (under a week), and growing by 4k in under a minute. And yet the catalina.[date] files are all of very reasonable size. Second, we've been finding a lot of "There is no process to read data written to a pipe." exceptions. They're apparently being thrown by our own code, but we haven't been able to determine why, and while a Google search on that exact phrase turns up hundreds of references specific to aix, it doesn't turn up any specific to OS/400 (or whatever IBM is calling it this week). Don't know if there's any connection between that and the enormous catalina.out. Tomcat version is 7.0.47, running on an AS/400. Hi. I don't know anything about AS/400 - OS/400. But catalina.out is usually where the output of the *JVM* is being re-directed (such as exceptions in the JVM etc..). Can you see what's being written ? (iow, is there an equivalent to "tail -f filename" under OS/400 ?) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Weird situation
Nabusg Tomcat wrote: mod_jk version 1.2.40 yes there is a jkmount directive to send every requests that start with /secure/ to tomcat. JkMount /secure/* ajp_myhost JkMount /secure ajp_myhost "Somehow the association of a "myprog.cgi" on the Apache side, and a "request.getParameter()" on the Tomcat side sounds strange" What part of this is strange? heard of web.xml? Yes, but what is "myprog.cgi" under Tomcat ? Is that a java webapp/servlet ? (You are of course free to map your webapps as you wish. It is just unusual to see one named this way, which is the reason I asked.) On Mon, Jun 22, 2015 at 11:00 AM, André Warnier wrote: Nabusg Tomcat wrote: Apache HTTPD version 2.4.10 Tomcat version apache-tomcat-7.0.61 Ubuntu 12.04.5 16G RAM Dual Core processor 64-bit Lately I am noticing that the request parameters are present when the request hits Apache, but are dropped when request reaches tomcat. for e.g /secure/myprog.cgi?username=user1&masteraccount=master1 (logged in Apache), however tomcat rejects the request as request.getParameter("username") can not be null. I have been running the same code for ages and now I am noticing this. This is happening to roughly 1% of the requests. Following is my Apache config APACHEStartServers15 APACHEMinSpareThreads 25 APACHEMaxSpareThreads 75 APACHEThreadLimit 512 APACHEThreadsPerChild 32 APACHEMaxRequestWorkers 2048 APACHEMaxConnectionsPerChild 2048 APACHEAsyncRequestWorkerFactor 3 APACHEServerLimit 64 And this is my tomcat settings TOMCATprotocol="AJP/1.3" TOMCATpacketSize="32000" TOMCATmaxThreads="800" TOMCATprocessorCache="800" TOMCATacceptCount="300" TOMCATacceptorThreadCount="2" TOMCATminSpareThreads="80" TOMCATmaxSpareThreads="160" TOMCATmaxKeepAliveRequests="-1" TOMCATmaxConnections="8192" TOMCATconnectionTimeout="36" TOMCATcompression="on" TOMCATcompressableMimeType="text/html,text/xml,text/plain" TOMCATredirectPort="8443" Worker.properties config worker.ajp_myhost.port=8009 worker.ajp_myhost.host=localhost worker.ajp_myhost.type=ajp13 worker.ajp_myhost.retries=3 worker.ajp_myhost.recovery_options=27 worker.ajp_myhost.retry_interval=300 worker.ajp_myhost.reply_timeout=2 worker.ajp_myhost.max_packet_size=32000 worker.ajp_myhost.socket_timeout=360 worker.ajp_myhost.socket_connect_timeout=36 worker.ajp_myhost.connection_pool_timeout=360 Can someone please help me with 2 things. 1. Has anyone noticed request parameters dropping in transit ? 2. Help with fine tuning my Apache/Tomcat/mod_jk configs. During peak the server will be handling 50 req/seconds. Please let me know if you need anymore details. Well certainly : There is nothing in the above configuration excerpts, that leads me to believe that a request like "/secure/myprog.cgi?username=user1&masteraccount=master1" is even being forwarded by Apache httpd to Tomcat. So how does that happen ? At the very least, there should be some "jkMount" directive somewhere in the Apache configuration. And then, which webapp under Tomcat is processing this request ? Somehow the association of a "myprog.cgi" on the Apache side, and a "request.getParameter()" on the Tomcat side sounds strange, unless there is some piece in the middle that we are not being told about. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
We have a problem involving weird error messages in our Tomcat context, and catalina.out growing to enormous size.
We have two weird things going on at the same customer installation. First, we have a situation in which catalina.out is inexplicibly growing to enormous size (4558505886 bytes) in a very short time (under a week), and growing by 4k in under a minute. And yet the catalina.[date] files are all of very reasonable size. Second, we've been finding a lot of "There is no process to read data written to a pipe." exceptions. They're apparently being thrown by our own code, but we haven't been able to determine why, and while a Google search on that exact phrase turns up hundreds of references specific to aix, it doesn't turn up any specific to OS/400 (or whatever IBM is calling it this week). Don't know if there's any connection between that and the enormous catalina.out. Tomcat version is 7.0.47, running on an AS/400. -- James H. H. Lampert Touchtone Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Weird situation
mod_jk version 1.2.40 yes there is a jkmount directive to send every requests that start with /secure/ to tomcat. JkMount /secure/* ajp_myhost JkMount /secure ajp_myhost "Somehow the association of a "myprog.cgi" on the Apache side, and a "request.getParameter()" on the Tomcat side sounds strange" What part of this is strange? heard of web.xml? On Mon, Jun 22, 2015 at 11:00 AM, André Warnier wrote: > Nabusg Tomcat wrote: > >> Apache HTTPD version 2.4.10 >> Tomcat version apache-tomcat-7.0.61 >> Ubuntu 12.04.5 >> 16G RAM >> Dual Core processor 64-bit >> >> >> Lately I am noticing that the request parameters are present when the >> request hits Apache, but are dropped when request reaches tomcat. >> >> for e.g /secure/myprog.cgi?username=user1&masteraccount=master1 (logged in >> Apache), however tomcat rejects the request as >> request.getParameter("username") can not be null. I have been running the >> same code for ages and now I am noticing this. This is happening to >> roughly >> 1% of the requests. >> >> Following is my Apache config >> >> APACHEStartServers15 >> APACHEMinSpareThreads 25 >> APACHEMaxSpareThreads 75 >> APACHEThreadLimit 512 >> APACHEThreadsPerChild 32 >> APACHEMaxRequestWorkers 2048 >> APACHEMaxConnectionsPerChild 2048 >> APACHEAsyncRequestWorkerFactor 3 >> APACHEServerLimit 64 >> >> And this is my tomcat settings >> >> TOMCATprotocol="AJP/1.3" >> TOMCATpacketSize="32000" >> TOMCATmaxThreads="800" >> TOMCATprocessorCache="800" >> TOMCATacceptCount="300" >> TOMCATacceptorThreadCount="2" >> TOMCATminSpareThreads="80" >> TOMCATmaxSpareThreads="160" >> TOMCATmaxKeepAliveRequests="-1" >> TOMCATmaxConnections="8192" >> TOMCATconnectionTimeout="36" >> TOMCATcompression="on" >> TOMCATcompressableMimeType="text/html,text/xml,text/plain" >> TOMCATredirectPort="8443" >> >> Worker.properties config >> >> worker.ajp_myhost.port=8009 >> worker.ajp_myhost.host=localhost >> worker.ajp_myhost.type=ajp13 >> worker.ajp_myhost.retries=3 >> worker.ajp_myhost.recovery_options=27 >> worker.ajp_myhost.retry_interval=300 >> worker.ajp_myhost.reply_timeout=2 >> worker.ajp_myhost.max_packet_size=32000 >> worker.ajp_myhost.socket_timeout=360 >> worker.ajp_myhost.socket_connect_timeout=36 >> worker.ajp_myhost.connection_pool_timeout=360 >> >> >> >> Can someone please help me with 2 things. >> >> 1. Has anyone noticed request parameters dropping in transit ? >> 2. Help with fine tuning my Apache/Tomcat/mod_jk configs. During peak the >> server will be handling 50 req/seconds. >> >> Please let me know if you need anymore details. >> >> > Well certainly : > There is nothing in the above configuration excerpts, that leads me to > believe that a request like > "/secure/myprog.cgi?username=user1&masteraccount=master1" is even being > forwarded by Apache httpd to Tomcat. > So how does that happen ? > > At the very least, there should be some "jkMount" directive somewhere in > the Apache configuration. And then, which webapp under Tomcat is > processing this request ? > Somehow the association of a "myprog.cgi" on the Apache side, and a > "request.getParameter()" on the Tomcat side sounds strange, unless there is > some piece in the middle that we are not being told about. > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Weird situation
Nabusg Tomcat wrote: Apache HTTPD version 2.4.10 Tomcat version apache-tomcat-7.0.61 Ubuntu 12.04.5 16G RAM Dual Core processor 64-bit Lately I am noticing that the request parameters are present when the request hits Apache, but are dropped when request reaches tomcat. for e.g /secure/myprog.cgi?username=user1&masteraccount=master1 (logged in Apache), however tomcat rejects the request as request.getParameter("username") can not be null. I have been running the same code for ages and now I am noticing this. This is happening to roughly 1% of the requests. Following is my Apache config APACHEStartServers15 APACHEMinSpareThreads 25 APACHEMaxSpareThreads 75 APACHEThreadLimit 512 APACHEThreadsPerChild 32 APACHEMaxRequestWorkers 2048 APACHEMaxConnectionsPerChild 2048 APACHEAsyncRequestWorkerFactor 3 APACHEServerLimit 64 And this is my tomcat settings TOMCATprotocol="AJP/1.3" TOMCATpacketSize="32000" TOMCATmaxThreads="800" TOMCATprocessorCache="800" TOMCATacceptCount="300" TOMCATacceptorThreadCount="2" TOMCATminSpareThreads="80" TOMCATmaxSpareThreads="160" TOMCATmaxKeepAliveRequests="-1" TOMCATmaxConnections="8192" TOMCATconnectionTimeout="36" TOMCATcompression="on" TOMCATcompressableMimeType="text/html,text/xml,text/plain" TOMCATredirectPort="8443" Worker.properties config worker.ajp_myhost.port=8009 worker.ajp_myhost.host=localhost worker.ajp_myhost.type=ajp13 worker.ajp_myhost.retries=3 worker.ajp_myhost.recovery_options=27 worker.ajp_myhost.retry_interval=300 worker.ajp_myhost.reply_timeout=2 worker.ajp_myhost.max_packet_size=32000 worker.ajp_myhost.socket_timeout=360 worker.ajp_myhost.socket_connect_timeout=36 worker.ajp_myhost.connection_pool_timeout=360 Can someone please help me with 2 things. 1. Has anyone noticed request parameters dropping in transit ? 2. Help with fine tuning my Apache/Tomcat/mod_jk configs. During peak the server will be handling 50 req/seconds. Please let me know if you need anymore details. Well certainly : There is nothing in the above configuration excerpts, that leads me to believe that a request like "/secure/myprog.cgi?username=user1&masteraccount=master1" is even being forwarded by Apache httpd to Tomcat. So how does that happen ? At the very least, there should be some "jkMount" directive somewhere in the Apache configuration. And then, which webapp under Tomcat is processing this request ? Somehow the association of a "myprog.cgi" on the Apache side, and a "request.getParameter()" on the Tomcat side sounds strange, unless there is some piece in the middle that we are not being told about. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Weird situation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Manish, On 6/22/15 12:40 PM, Nabusg Tomcat wrote: > Apache HTTPD version 2.4.10 Tomcat version apache-tomcat-7.0.61 > Ubuntu 12.04.5 16G RAM Dual Core processor 64-bit > > > Lately I am noticing that the request parameters are present when > the request hits Apache, but are dropped when request reaches > tomcat. > > for e.g /secure/myprog.cgi?username=user1&masteraccount=master1 > (logged in Apache), however tomcat rejects the request as > request.getParameter("username") can not be null. I have been > running the same code for ages and now I am noticing this. This is > happening to roughly 1% of the requests. > > Following is my Apache config > > APACHEStartServers15 APACHEMinSpareThreads > 25 APACHEMaxSpareThreads 75 APACHEThreadLimit > 512 APACHEThreadsPerChild 32 APACHE > MaxRequestWorkers 2048 APACHEMaxConnectionsPerChild > 2048 APACHEAsyncRequestWorkerFactor 3 APACHEServerLimit 64 > > And this is my tomcat settings > > TOMCATprotocol="AJP/1.3" TOMCATpacketSize="32000" TOMCAT > maxThreads="800" TOMCATprocessorCache="800" TOMCAT > acceptCount="300" TOMCATacceptorThreadCount="2" TOMCAT > minSpareThreads="80" TOMCATmaxSpareThreads="160" TOMCAT > maxKeepAliveRequests="-1" TOMCATmaxConnections="8192" TOMCAT > connectionTimeout="36" TOMCATcompression="on" TOMCAT > compressableMimeType="text/html,text/xml,text/plain" TOMCAT > redirectPort="8443" > > Worker.properties config > > worker.ajp_myhost.port=8009 worker.ajp_myhost.host=localhost > worker.ajp_myhost.type=ajp13 worker.ajp_myhost.retries=3 > worker.ajp_myhost.recovery_options=27 > worker.ajp_myhost.retry_interval=300 > worker.ajp_myhost.reply_timeout=2 > worker.ajp_myhost.max_packet_size=32000 > worker.ajp_myhost.socket_timeout=360 > worker.ajp_myhost.socket_connect_timeout=36 > worker.ajp_myhost.connection_pool_timeout=360 > > > > Can someone please help me with 2 things. > > 1. Has anyone noticed request parameters dropping in transit ? 2. > Help with fine tuning my Apache/Tomcat/mod_jk configs. During peak > the server will be handling 50 req/seconds. > > Please let me know if you need anymore details. What version of mod_jk are you using? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJViEXWAAoJEBzwKT+lPKRYCJIQAMMuxCPNWkf3/8Ryq5K6rzcJ 7R8oI146gkUjibXoVwm+q7X2F3II4aMpmgqxLL4Ae7pnkysdqrbs/L1CREJMSizV W0QVkm+Ilhu+Rke0PfSNhshS9GyIBvJkF7OnPF6QgtT3i18/SYTNa/JSIYm1kt1Z pYjOpjwLwKLwNcCaU4Q/GhAVoOEr9DbfqpNgMJyDlQJ9yAqRrsN/h76y05zwNqOp aN0mUQoGeFwlz1OAUrAVa0EfkW4Zs3Gv9s9p5alBUJn0KhLhqTIOt1tpSWhnVe8Y bRBA+7cti1nL/3oVDYri0lzGUnTqBjVZvEvKe7IHRulfhqEitnvWhHMqVBzf39lY lLA3oN/fhpC7/hSLFtoDKyhpdBavA4gNjENJ7srWjIzJFkHelTycXwYh9zM+SObP i/G3Tv10WtgBIYJZJFww/UI3nD5XFkC6/PbD1rY82jGp3ZKuYMXxufZg91RutNEe 2rYUxq5dw9ZCWTLxYHqySYR75VW91xybK1YkNUVTWZ2GVENQ/lSv6UzvciKcNsOC 7lzMew5QMflBvBD1dt9TdJ4npdI/IvXTmjj+JpxxX01wQUCaYsq/MAQ6ac1VfNKz r+QeagXxDjUOn+juvwUJFdCKK9Lutc2seq945sGa5emv5C/oBsuy0hPeWRF7O8iZ CkG4r0BGvxnEEHgcqvQ1 =OC/d -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Weird situation
Apache HTTPD version 2.4.10 Tomcat version apache-tomcat-7.0.61 Ubuntu 12.04.5 16G RAM Dual Core processor 64-bit Lately I am noticing that the request parameters are present when the request hits Apache, but are dropped when request reaches tomcat. for e.g /secure/myprog.cgi?username=user1&masteraccount=master1 (logged in Apache), however tomcat rejects the request as request.getParameter("username") can not be null. I have been running the same code for ages and now I am noticing this. This is happening to roughly 1% of the requests. Following is my Apache config APACHEStartServers15 APACHEMinSpareThreads 25 APACHEMaxSpareThreads 75 APACHEThreadLimit 512 APACHEThreadsPerChild 32 APACHEMaxRequestWorkers 2048 APACHEMaxConnectionsPerChild 2048 APACHEAsyncRequestWorkerFactor 3 APACHEServerLimit 64 And this is my tomcat settings TOMCATprotocol="AJP/1.3" TOMCATpacketSize="32000" TOMCATmaxThreads="800" TOMCATprocessorCache="800" TOMCATacceptCount="300" TOMCATacceptorThreadCount="2" TOMCATminSpareThreads="80" TOMCATmaxSpareThreads="160" TOMCATmaxKeepAliveRequests="-1" TOMCATmaxConnections="8192" TOMCATconnectionTimeout="36" TOMCATcompression="on" TOMCATcompressableMimeType="text/html,text/xml,text/plain" TOMCATredirectPort="8443" Worker.properties config worker.ajp_myhost.port=8009 worker.ajp_myhost.host=localhost worker.ajp_myhost.type=ajp13 worker.ajp_myhost.retries=3 worker.ajp_myhost.recovery_options=27 worker.ajp_myhost.retry_interval=300 worker.ajp_myhost.reply_timeout=2 worker.ajp_myhost.max_packet_size=32000 worker.ajp_myhost.socket_timeout=360 worker.ajp_myhost.socket_connect_timeout=36 worker.ajp_myhost.connection_pool_timeout=360 Can someone please help me with 2 things. 1. Has anyone noticed request parameters dropping in transit ? 2. Help with fine tuning my Apache/Tomcat/mod_jk configs. During peak the server will be handling 50 req/seconds. Please let me know if you need anymore details. Thanks Manish
Re: Apache Tomcat 8.0.22 server on different machines
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 6/20/15 7:34 AM, André Warnier wrote: > André Warnier wrote: >> Christopher Schultz wrote: >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >>> >>> Prarthana, >>> >>> On 6/19/15 5:08 AM, Prarthana Agwania wrote: We have a requirement wherein we would like to know the urls of each of the tomcat instance running on different servers. The scenario is somewhat like, 1. There are multiple servers running on different machines say Server1, Server2, Server3 2. There are multiple Tomcat instances running on each of the machines as independent instances say, Server1--> Tomcat1, Tomcat2, Tomcat3.Server2--> Tomcat5, Tomcat6, Tomcat7.Server3-->Tomcat8, Tomcat9, Tomcat10 P.S. - Tomcat servers are not clustered Now, is there a way that an external user who does not have access to the servers can know the urls for each Tomcat running under different servers? Or, is it possible that Server1 or Tomcat1 can act as the master and have the information about other servers(remember they are not clustered)?Can this information be made available under one hood and used further to deploy wars or modify any configuration etc? >>> >>> This is something you will have to build yourself. You may be >>> able to build something using components Tomcat provides (e.g. >>> Tribes), but there is nothing like this that exists already. >>> >>> Usually, people want to mask the size of their cluster from >>> external users. What's your use case here? >>> >> >> I think that the OP just explained it above, at the end of his >> message. >> >> Prarthana, you may want to have a look at something like Bonjour >> (https://en.wikipedia.org/wiki/Bonjour_%28software%29). >> >> Each Tomcat would have to register with the service when it >> starts up, and de-register when it stops. And then some client >> could find out about the available Tomcats. Looks like something >> for a LifeCycleListener.. >> > > Add-on : as a matter of fact, someone seems to have a similar idea > : http://www.floop.org.uk/projects/tomcat-registry Not much there > yet, but it may be worth talking to them. Also: https://wiki.apache.org/tomcat/TomcatGridDesign Note: that's a design and not a product. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJViBnpAAoJEBzwKT+lPKRYqOMQALdWbqwqaxH2IEaZA39zwx9V JW3MxeBg5uYGlgOFeW2cs3+bJOZ5Vr4agEZWQb0iG17dFVdtuT8d0pqGe2ILeiXl BlkRVM6AYDoGzfzTNw8J2jWYwrZ4vsN7CeX/CqAxbQ1dWA3rBQmWVRsDGgy/r5pP odRtuJoiXT9DproFaOa2/B0K28vLHwzrLXyiUo/O0m+PnaBkA6XdrR4o8vGip8st BxjXZ9Yt1zjfjEzyzfhqmHSXT7na/vlVi2MQ09y0iRTbNYwp/+Eob7d3zk7gtpo+ 6exxz6fvCAjjDveqA7sGMdskdHK8entKKRKjLj/6oWDwhmRwMsNA10mb/lB6/z3B BLS4wVc8iLiPYcMFrbc1WGVmcnhvMAjGZxHKA2x2QPPNlT8W12tlBiLrlEcBbLec QiTEynbsfziPva8L3mMo9BfZpK/KRp6ADwId8cbjktQevOL3NcelWjrt42xKU9bf LFpGxgUnkI1lf35P5/UCKfAZIIWfbtqmd2nnGqMUFU/euQrvoWF+kITyPRSAwD8M ot6070UiZtjFbSU76co4sUbz1OT+uIBE7rztlEsf2YbGECmrZX5dfQkKnkhsJBvl txIZ/5hUPAPZOzXRE9bqyyQAsB/c8upMk+la4shaVrwV7Kp8FCf0GiiLoUAccn2d eKkRsSKPupdzlPzkKk+x =Qiie -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL configuration using PFX as keystore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 6/19/15 9:14 AM, André Warnier wrote: > Daniel Mikusa wrote: >> On Fri, Jun 19, 2015 at 12:42 AM, Michael Salisbury >> wrote: >> >>> Hi there, >>> >>> I’m trying to get the above working using Tomcat 8.0, >>> previously working with 7.0. This is part of a WebDAV >>> connector in Confluence. >>> >>> It seems I can connect from anything other than a Windows Mini >>> Redirector client (Windows 7 or 8.1, x86 or x64). Using a web >>> browser or 3rd party client (CyberDuck for instance) connects >>> OK. >>> > > You should do a search in Google for "Windows and DAV". The various > implementations over the years of DAV in MS Windows are a real > horror story. Since Windows Vista, we've had to resort to using various hacks, then finally gave up and bought a 3rd-party WebDAV filesystem driver which works beautifully (I'll give a shout-out to South River Technologies' WebDrive product -- also does (S)FTP, S3, Google Drive, dropbox, etc.) At some point, an unmodified version of Windows started refusing to connect to a remote WebDAV share unless the type of authentication being used was DIGEST -- no support for BASIC. The restriction was supposed to have been dropped when using BASIC + HTTPS, but it still doesn't seem to work. My conclusion was finally that Microsoft felt no need to support the WebDAV standard while simultaneously advertising such support, so I went elsewhere for my WebDAV needs. (Plus, my Mac works flawlessly, as do the various Linux implementations I've tried.) - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJViBf7AAoJEBzwKT+lPKRYFbwQALoL9ASTz36WQfMHdqdwkm4R ADqlSe8fvl276HjBaL0tmpfj++V/GwDqLM62deDOnSAoQZs+AUzTqUiFaueCuWA4 4eE1AGl4rzT9SRtkUxtoKLC+6Qjzx+TnrQertkdtiDVRgrflKVREX0JfV6YlaDkn ra1JCEYL+nSkTLtuZwfsB/LcUN5qPR6shyw+01nsqoCFP4tL7Eda/O+VrLI5A1Zl a7+BAiUbl0Y5GNoJAIzEhbX/C1a18AoVUbQzlQXxjcOwyylLS/KGo46HSr9P0Gii sBzNE6ePg+UA8R6rTnQ5+fw+Y39FVKZtdzrnVLhwtABhwHG8xAd8FxTeR+ySva4v Rfuh2Nh4Jj8fhncjD9GZWpwpMokYy3ka3qI7hILJDpshboH3pto1cVPZE6PWXDmN 2uSolRulhhtXvx24Jizv1QaMaaUmtjnqQrum70WIhO0mfM8i76wuTNu67yP+N9lv NO0YtDPy1KmPuRd3hpXs6oCnMvFfztrCXy9Ll0XNjal6qXnO9avQwTUmLwDIqJaz vRzniKZmw0USJU+tpCZ8PbpKMVq9fn2MFDKo4MTg0HPrq9T/VUz4D7jn2A52pq1T VK70Vaa7Zn0OvcjWOnrt/bC77nInzyYAUlU0attnAFHL6RjEFpAr1k7qYvOes+bm NW7jYQwhwtt02scp3Fok =wSuW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Access tomcat instance from Java application
On 06/22/2015 02:28 PM, David kerber wrote: Or are you trying to use the database connection information in your tomcat installation, in a standalone java program? I think to do that, you will need to read in the .xml files and parse out the information you want from there. That's precisely what I wanted to do. I ended up writing my database information via custom XML schema into another file, then parse that file and create my own DataSource with the Tomcat DataSourceFactory and provide that to the JNDI of Tomcat. Then I removed the database configuration in Tomcat and the result is: I now have a central point of configuration which my program AND Tomcat can use. Thanks for your response. I thought maybe I overlooked something and I can access the Naming Resources of a running Tomcat instance in my program. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Access tomcat instance from Java application
On 6/20/2015 1:57 PM, Daniel Mierswa wrote: Good afternoon list, I would like to know how to access a running tomcat installation from within another Java application which is not running in the tomcat container. More specifically I would like to end up using the datasource which is configured via in the server.xml. This would allow me to use an existing configuration and so I wouldn't need to specify the jdbc parameters and dialect etc. somewhere else to get a connection pool. You seem to be mixing two different kinds of connections here. First you say you want to connect to another Tomcat installation. I do that with HTTP connections in Java. Then you talk about what appear to be database connections. Or are you trying to use the database connection information in your tomcat installation, in a standalone java program? I think to do that, you will need to read in the .xml files and parse out the information you want from there. Thanks for reading. Daniel - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL configuration using PFX as keystore
Mark Thomas wrote: On 22/06/2015 09:39, Mark Thomas wrote: On 22/06/2015 00:25, Michael Salisbury wrote: When connecting from a Windows client (any Windows client) I get a 'network path not found' error 0x80070035. I know the path is valid as I can reach it via other means, and other WebDAV clients. The main reason I think this is a Tomcat issue is that it was working just fine with v7.0 and no other Windows client changes (updates, software etc.) have been made. There wasn't anything specific in the Tomcat7 config that I needed to get the MS client to work, only on the client itself those registry changes as previously mentioned. What about the WebdavFixFilter? Is it configured in Tomcat 7 but not 8? I'll run a Wireshark trace and see what comes up, nothing in the Tomcat logs that I can see... I'll do a quick test now and see what I can come up with. I needed to enable directory listings otherwise I got a 'network name not found' error 0x80070043. With that one change I was able to map a Windows network drive to: http:/// http:///test http://:8080/ http://:8080/test With https the behaviour is very strange. Windows is prompting me for credentials even though none are required. I suspect that the untrusted test certificate may be causing some of these problems. I fixed the certificate problem so that IE viewed the site as trusted and then I could map a network drive to: https:/// https:///test https://:8443/ https://:8443/test No registry changes were required to get this to work. Prompting for authentication in response to an untrusted certificate is bizarre to say the least. Microsoft generously provide MSDN subscriptions for Apache committers which is why I have the various OS's to hand to test this. The subscription also comes with tech support. I'll open an incident. It will be interesting to see if things have improved since I last tried raising bugs with Microsoft (I filed so many bugs with MS Office and it took so long for MS to fix them that I hit the limit of issues MS would let me have open in parallel). I was testing with Windows 7, SP1, 64-bit, fully patched None of my WebDAV endpoints are configured to require authentication. I did not have to use the WebdavFixFilter. Note that I do not have MS Office installed on this machine. It does look like things have improved with more recent versions of the Windows clients. I'm not sure what is causing the error you are seeing. Maybe MS Office ships with a different WebDAV client. From what I remember, yes it does. That is what I was referring to when talking about "depending on what other software is installed on the workstation." As I recall, when installing MS-office, it replaces the "mini-redirector" by its own DLL, and that changes the behaviour in a number of instances. From past experience, I'd suggest trying some of the following: - get it working over http before trying https - get it working at the server root before trying just a context - get it working without authentication before trying with authentication - ensure you have directory listings enabled - ensure that IE trusts any certificates and no certificate errors are reported when connecting over https Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL configuration using PFX as keystore
On 22/06/2015 09:39, Mark Thomas wrote: > On 22/06/2015 00:25, Michael Salisbury wrote: >> When connecting from a Windows client (any Windows client) I get a 'network >> path not found' error 0x80070035. I know the path is valid as I can reach >> it via other means, and other WebDAV clients. >> >> The main reason I think this is a Tomcat issue is that it was working just >> fine with v7.0 and no other Windows client changes (updates, software etc.) >> have been made. There wasn't anything specific in the Tomcat7 config that I >> needed to get the MS client to work, only on the client itself those >> registry changes as previously mentioned. > > What about the WebdavFixFilter? Is it configured in Tomcat 7 but not 8? > >> I'll run a Wireshark trace and see what comes up, nothing in the Tomcat logs >> that I can see... > > I'll do a quick test now and see what I can come up with. I needed to enable directory listings otherwise I got a 'network name not found' error 0x80070043. With that one change I was able to map a Windows network drive to: http:/// http:///test http://:8080/ http://:8080/test With https the behaviour is very strange. Windows is prompting me for credentials even though none are required. I suspect that the untrusted test certificate may be causing some of these problems. I fixed the certificate problem so that IE viewed the site as trusted and then I could map a network drive to: https:/// https:///test https://:8443/ https://:8443/test No registry changes were required to get this to work. Prompting for authentication in response to an untrusted certificate is bizarre to say the least. Microsoft generously provide MSDN subscriptions for Apache committers which is why I have the various OS's to hand to test this. The subscription also comes with tech support. I'll open an incident. It will be interesting to see if things have improved since I last tried raising bugs with Microsoft (I filed so many bugs with MS Office and it took so long for MS to fix them that I hit the limit of issues MS would let me have open in parallel). I was testing with Windows 7, SP1, 64-bit, fully patched None of my WebDAV endpoints are configured to require authentication. I did not have to use the WebdavFixFilter. Note that I do not have MS Office installed on this machine. It does look like things have improved with more recent versions of the Windows clients. I'm not sure what is causing the error you are seeing. Maybe MS Office ships with a different WebDAV client. From past experience, I'd suggest trying some of the following: - get it working over http before trying https - get it working at the server root before trying just a context - get it working without authentication before trying with authentication - ensure you have directory listings enabled - ensure that IE trusts any certificates and no certificate errors are reported when connecting over https Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL configuration using PFX as keystore
Mark Thomas wrote: On 22/06/2015 00:25, Michael Salisbury wrote: Thanks, I've done much searching - hence why I'm finally posting here. Windows WebDAV is actually quite reasonable Many people would disagree with that statement. It hasn't been updated since the early days of Windows 7 but this site gives you an idea of just what a disaster the Windows WebDAV client has been: http://greenbytes.de/tech/webdav/webdav-redirector-list.html It is possible that things have improved in the last few years but the fact that Tomcat's WebDAV implementation works with a bunch of standards compliant clients and only fails with the Windows client suggests that the Windows client still has some issues. - a lot of what one reads on the internet is because people don't know how to configure it. It won't pass basic authentication across a connection by default, you have to turn it on and there are two different settings for allowing it over SSL only or a non-encrypted connection. When connecting from a Windows client (any Windows client) I get a 'network path not found' error 0x80070035. I know the path is valid as I can reach it via other means, and other WebDAV clients. A good example of the idiosyncracies of the Windows webDAV client : re-enter the same URL, but specifiy the ":port" after the server name (even if it is 80). On some Windows configurations, when not specifying the port, it tries to map this to a "Windows share URL", à la "\\servername\sharename", leading to the error above. My earlier comments were meant in a practical sense. We provide document-management applications, where one of the ways in which a user can file a document into the system is via DAV drag-and-drop directories. We have spent a lot of time trying to debug these issues, to finally come to the conclusion that the only way to insure consistent behaviour among customers who may have different versions of Windows and different software installed on their PCs (sometimes on a PC-by-PC base), was to recommend that they use one of these external WebDav clients. Your situation may be different, and you might be able to enforce some specific Windows version, and/or some specific Registry settings. We could not do that, hence our solution. I was just trying to potentially save you a lot of hassle and loss of time. I don't know if in your case it is practical and/or business-effective to use an additional webDav client, but if it is possible, that would still be my recommendation. Since we do that, we have 0 problems in that area. Before we did that, we had several related support calls per week. Your call. The main reason I think this is a Tomcat issue is that it was working just fine with v7.0 and no other Windows client changes (updates, software etc.) have been made. There wasn't anything specific in the Tomcat7 config that I needed to get the MS client to work, only on the client itself those registry changes as previously mentioned. Not to make this a rant or a flame, but the same issues as described on the greenbytes page mentioned above, also happen with other server-side DAV implementations, such as Apache httpd. So it is not really a Tomcat-only issue. What about the WebdavFixFilter? Is it configured in Tomcat 7 but not 8? I'll run a Wireshark trace and see what comes up, nothing in the Tomcat logs that I can see... I'll do a quick test now and see what I can come up with. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL configuration using PFX as keystore
On 22/06/2015 00:25, Michael Salisbury wrote: > Thanks, I've done much searching - hence why I'm finally posting here. > > Windows WebDAV is actually quite reasonable Many people would disagree with that statement. It hasn't been updated since the early days of Windows 7 but this site gives you an idea of just what a disaster the Windows WebDAV client has been: http://greenbytes.de/tech/webdav/webdav-redirector-list.html It is possible that things have improved in the last few years but the fact that Tomcat's WebDAV implementation works with a bunch of standards compliant clients and only fails with the Windows client suggests that the Windows client still has some issues. > - a lot of what one reads on the internet is because people don't know how to > configure it. It won't pass basic authentication across a connection by > default, you have to turn it on and there are two different settings for > allowing it over SSL only or a non-encrypted connection. > > When connecting from a Windows client (any Windows client) I get a 'network > path not found' error 0x80070035. I know the path is valid as I can reach it > via other means, and other WebDAV clients. > > The main reason I think this is a Tomcat issue is that it was working just > fine with v7.0 and no other Windows client changes (updates, software etc.) > have been made. There wasn't anything specific in the Tomcat7 config that I > needed to get the MS client to work, only on the client itself those registry > changes as previously mentioned. What about the WebdavFixFilter? Is it configured in Tomcat 7 but not 8? > I'll run a Wireshark trace and see what comes up, nothing in the Tomcat logs > that I can see... I'll do a quick test now and see what I can come up with. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org