date:20160308

Hi Chris,

thanks for the explanations. I just completed a first dirty test and
it is actually working fine. I believe I did something wrong on my
first trial. I did put the distributable="true" attribute in the
Context element of my context file in
$CATALINA_BASE/conf/[[enginename]/[hostname]/mywebapp.xml instead of
adding the empty element  in
$CATALINA_BASE/webapps/mywebapp/WEB-INF/web.xml.

It seems the former is not working, at least with Tomcat 8.0.32
-
Daniel Savard


2016-03-08 15:08 GMT-05:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Daniel,
>
> On 3/8/16 2:27 PM, Daniel Savard wrote:
>> I wonder how you handle a pool of connections (not necessarily to
>> a database, think about something generic) in a clustered
>> environement.
>
> Generally, there is nothing to be done, here. Each node is considered
> completely separate with the exception of trading HttpSession informatio
> n.
>
>> I defined a pool of connections in my application context and I
>> did put it in the context with the setAttribute() method. Since
>> each instance is doing this, what will happen when an instance is
>> shutdown?
>
> I believe that no context-scoped data is sent between cluster nodes,
> so ... nothing will happen.
>
>> These connections depend on the IP/protocol/port on both sides.
>> So, since the instance is down, one party no longer exists. What
>> is happening if a take over instance receives an incoming request
>> which refers to one of these connections?
>>
>> Do I have to handle this in my code? Do I have to reinitialize the
>> connection pool if such an event happen?
>
> If your application maintains its own connection pool, then you should
> create it with each webapp start and destroy it with each webapp stop.
>
> I don't think there are any cluster-related issues, here.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbfMTIACgkQ9CaO5/Lv0PCL5gCguI2eODlB+8Brz9gpjJZGGzpM
> jD4An1Nag5xcNN+2vXKq7xpw6H8Gdhg/
> =Gx0w
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Modjk surfacing errno 115

2016-03-08 Thread Max Lynch

If we're receiving an error 115, could this mean that any timeout is kind
of irrelevant? The first attempt to create the socket immediately ends with
this code. 100ms later, per retry_interval, the same error is immediately
returned. The code at line 627 tests the return val from this line which
creates the socket:

ret = nb_connect(sd, (struct sockaddr *)addr,  , l);

The third argument is the timeout, which isn't even set. I see it's been
corrected in version 1.2.41, using the var connect_timeout. Since its blank
for us, could this have any effect?

Here are the same log lines bu this time with their timestamp (apologies
for not having this from the start):

[Wed Feb 03 10:15:01.014 2016] [119069:3584969584] [info]
jk_open_socket::jk_connect.c (627): connect to _hostip_port failed
(errno=115)
[Wed Feb 03 10:15:01.014 2016] [119069:3584969584] [info]
ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket to
(_hostip_port) (errno=115)
[Wed Feb 03 10:15:01.014 2016] [119069:3584969584] [error]
ajp_send_request::jk_ajp_common.c (1621): (_hostname_port) connecting to
backend failed. Tomcat is probably not started or is listening on the wrong
port (errno=115)
[Wed Feb 03 10:15:01.014 2016] [119069:3584969584] [info]
ajp_service::jk_ajp_common.c (2614): (_hostname_port) sending request to
tomcat failed (recoverable), because of error during request sending
(attempt=1)
[Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [info]
jk_open_socket::jk_connect.c (627): connect to _hostip_port failed
(errno=115)
[Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [info]
ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket to
(_hostip_port) (errno=115)
[Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [error]
ajp_send_request::jk_ajp_common.c (1621): (_hostname_port) connecting to
backend failed. Tomcat is probably not started or is listening on the wrong
port (errno=115)
[Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [info]
ajp_service::jk_ajp_common.c (2614): (_hostname_port) sending request to
tomcat failed (recoverable), because of error during request sending
(attempt=2)
[Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [error]
ajp_service::jk_ajp_common.c (2634): (_hostname_port) connecting to tomcat
failed.
[Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [info]
service::jk_lb_worker.c (1469): service failed, worker _hostname_port is in
local error state

We don't see this issue in any other environment, and we have several
environments all running the same configuration.

> This means 3 seconds connect timeout. So it seems either your network, an
intermediary between
> Apache and Tomcat, or Tomcat has a problem of allowing to establish a new
connection in 3 seconds.
> Although the connect is typically done by the backend OS, once the
app/TC/JVM gets slow in accepting
> new connections, the accept queue fills up and then new connects will
fail.

We've tried setting socket_connect_timeout to 1 (10s) with no affect,
probably because our code ignore the timeout value as noted above. Do newer
versions fix this, and would this help us here? I'm guessing if no timeout
is passed then the call should waiting forever. We've conducted several
tests with the netcat command, establishing connections to the AJP port
from the Apache server with no errors or latency. While the problem is at
its worst, while traffic is at it's highest, these tests connect
immediately.

> Did you check whether you observe long GC pauses for your Tomcat JVMs?

There were no long pauses, I can see nothing abnormal here. GC behavior is
consistent when problem is introduced to when it is at it's worst. Thread
count in well below limits as well, no abnormal spikes.

I'm trying to create a safe thread dump to send, but there is too much
proprietary data still. Let me know if you'd like still this info if
helpful, and I'll keep pruning it.

On Fri, Mar 4, 2016 at 3:58 PM, Rainer Jung  wrote:

> Am 05.03.2016 um 00:09 schrieb Max Lynch:
>
>> Hi Rainer, I will do my best to provide those things.
>>
>> Here is what looks like the full sequence from the our log:
>>
>> [46055:3512666992] [info] jk_open_socket::jk_connect.c (627): connect to
>> _ip_:12409 failed (errno=115)
>> [46055:3512666992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992):
>> Failed opening socket to (_ip_:12409) (errno=115)
>> [46055:3512666992] [error] ajp_send_request::jk_ajp_common.c (1621):
>> (_hostname_) connecting to backend failed. Tomcat is probably not started
>> or is listening on the wrong port (errno=115)
>> [46055:3512666992] [info] ajp_service::jk_ajp_common.c (2614):
>> (_hostname_)
>> sending request to tomcat failed (recoverable), because of error during
>> request sending (attempt=1)
>> [46055:3512666992] [info] jk_open_socket::jk_connect.c (627): connect to
>> _ip_:12409 failed (errno=115)
>> [46055:3512666992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992):
>> Failed opening socket to

Re: NullPointerException in MemoryRealm after upgrading to Tomcat 8.0.32 from 7.0.26

2016-03-08 Thread Jason Overland

Okay, so I checked out Tomcat 8.0.32 from source control. I then
reverted MemoryRealm's authenticate method to how it was in 7.0.26 and
built Tomcat and now my authentication works.  This of course is not a
solution, but it obviates most of my other questions.  I guess the
important question is: how do I set the CredentialHandler on the
MemoryRealm?

===
--- MemoryRealm.java (revision 1734183)
+++ MemoryRealm.java (working copy)
@@ -115,16 +115,16 @@

 GenericPrincipal principal = principals.get(username);

-boolean validated;
-if (principal == null) {
-validated = false;
-} else {
-if (credentials == null || principal.getPassword() == null) {
-if (log.isDebugEnabled())
-
log.debug(sm.getString("memoryRealm.authenticateFailure", username));
-return (null);
+boolean validated = false;
+if (principal != null && credentials != null) {
+if (hasMessageDigest()) {
+// Hex hashes should be compared case-insensitive
+validated = (digest(credentials)
+ .equalsIgnoreCase(principal.getPassword()));
+} else {
+validated =
+(digest(credentials).equals(principal.getPassword()));
 }
-validated = getCredentialHandler().matches(credentials,
principal.getPassword());
 }

 if (validated) {

On Tue, Mar 8, 2016 at 3:43 PM, Jason Overland  wrote:
> Hi, I'm upgrading an existing Vaadin 6 application from Tomcat 7.0.26
> to Tomcat 8.0.32 and have some questions.  I'm using Windows 7 and
> debugging in Eclipse.
>
> For authentication our configuration is using a MemoryRealm with
> digest="SHA".  We are storing usernames and passwords in a
> tomcat-users.xml file.  We are using a jaas.config which specifies to
> use a org.apache.catalina.realm.JAASMemoryLoginModule.  We have our
> own implementation of a CallbackModule.  For the upgrade I have added
> a CredentialHandler node inside our Realm as suggested in the
> documentation.
>
> server.xml:
>
>   
> 
>  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> name="UserDatabase" pathname="conf/tomcat-users.xml"
> type="org.apache.catalina.UserDatabase"/>
>   
>
>   ...
>
>   
>  className="org.apache.catalina.realm.MessageDigestCredentialHandler"/>
>   
>
>
> jaas.config:
> /** JAAS Login Configuration for the Application **/
>
> JAASTomcat {
>org.apache.catalina.realm.JAASMemoryLoginModule required debug=true;
> };
>
> our LoginController:
>
> callbackHandler = new LoginFormCallBackHandler(user);
> tomcatLoginContext = new LoginContext("JAASTomcat", callbackHandler);
> ...
> tomcatLoginContext.login();
>
>
> our CallbackHandler:
> public class LoginFormCallBackHandler implements CallbackHandler,
> Serializable  {
>
> private static final long serialVersionUID = 1L;
> private LoginEvent logins = null;
> private User user;
> public LoginFormCallBackHandler(User user)
> {
> this.user = user;
> }
>
> public void setLogins(LoginEvent loginEvent) {
> logins = loginEvent;
> }
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> boolean gotName = false;
> for (int i = 0; i < callbacks.length; i++) {
> if (callbacks[i] instanceof NameCallback) {
> // get the username from the loginform event
> NameCallback nc = (NameCallback) callbacks[i];
>
> nc.setName(logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_USERNAME));
> user.username = nc.getName();
> gotName = true;
> } else if (callbacks[i] instanceof TextInputCallback) {
> TextInputCallback cb = (TextInputCallback) callbacks[i];
> if (cb.getPrompt().equals("catalinaBase")) {
> cb.setText(System.getenv("CATALINA_BASE"););
> }
> } else if (callbacks[i] instanceof PasswordCallback) {
> // get the password from the loginform event
> PasswordCallback pc = (PasswordCallback) callbacks[i];
> try {
> MessageDigest md = MessageDigest.getInstance("SHA");
>
> md.update(logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_PASSWORD).getBytes());
> user.password = String.format("%x", new
> BigInteger(1, md.digest()));
> }
> catch (NoSuchAlgorithmException nsae)
> {
> user.password =
> logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_PASSWORD);
> }
> pc.setPassword(user.password.toCharArray());
> } else {
> System.out.println("Unrecognized Callback: " + callbacks[i]);
> }
>

NullPointerException in MemoryRealm after upgrading to Tomcat 8.0.32 from 7.0.26

2016-03-08 Thread Jason Overland

Hi, I'm upgrading an existing Vaadin 6 application from Tomcat 7.0.26
to Tomcat 8.0.32 and have some questions.  I'm using Windows 7 and
debugging in Eclipse.

For authentication our configuration is using a MemoryRealm with
digest="SHA".  We are storing usernames and passwords in a
tomcat-users.xml file.  We are using a jaas.config which specifies to
use a org.apache.catalina.realm.JAASMemoryLoginModule.  We have our
own implementation of a CallbackModule.  For the upgrade I have added
a CredentialHandler node inside our Realm as suggested in the
documentation.

server.xml:

  


  

  ...

  

  


jaas.config:
/** JAAS Login Configuration for the Application **/

JAASTomcat {
   org.apache.catalina.realm.JAASMemoryLoginModule required debug=true;
};

our LoginController:

callbackHandler = new LoginFormCallBackHandler(user);
tomcatLoginContext = new LoginContext("JAASTomcat", callbackHandler);
...
tomcatLoginContext.login();


our CallbackHandler:
public class LoginFormCallBackHandler implements CallbackHandler,
Serializable  {

private static final long serialVersionUID = 1L;
private LoginEvent logins = null;
private User user;
public LoginFormCallBackHandler(User user)
{
this.user = user;
}

public void setLogins(LoginEvent loginEvent) {
logins = loginEvent;
}

public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
boolean gotName = false;
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
// get the username from the loginform event
NameCallback nc = (NameCallback) callbacks[i];

nc.setName(logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_USERNAME));
user.username = nc.getName();
gotName = true;
} else if (callbacks[i] instanceof TextInputCallback) {
TextInputCallback cb = (TextInputCallback) callbacks[i];
if (cb.getPrompt().equals("catalinaBase")) {
cb.setText(System.getenv("CATALINA_BASE"););
}
} else if (callbacks[i] instanceof PasswordCallback) {
// get the password from the loginform event
PasswordCallback pc = (PasswordCallback) callbacks[i];
try {
MessageDigest md = MessageDigest.getInstance("SHA");

md.update(logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_PASSWORD).getBytes());
user.password = String.format("%x", new
BigInteger(1, md.digest()));
}
catch (NoSuchAlgorithmException nsae)
{
user.password =
logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_PASSWORD);
}
pc.setPassword(user.password.toCharArray());
} else {
System.out.println("Unrecognized Callback: " + callbacks[i]);
}
}
if (gotName)
logins = null;
}
}

This all worked in Tomcat 7 but unfortunately isn't working in Tomcat
8.  I was getting "WARNING: Unable to determine Catalina base to load
file conf/tomcat-users.xml" and so I had to start responding to
TextInputCallback "catalinaBase" as required by the new
getCatalinaBase method on JAASMemoryLoginModule.

I got past that and now I'm getting a NullPointerException:
Authentication failed: java.lang.NullPointerException
at org.apache.catalina.realm.MemoryRealm.authenticate(MemoryRealm.java:127)
at 
org.apache.catalina.realm.JAASMemoryLoginModule.login(JAASMemoryLoginModule.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at com.lizardtech.es.adminui.vaadin.jaas.LoginController.onLogin(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.vaadin.event.ListenerMethod.receiveEvent(ListenerMethod.java:510)
at com.vaadin.event.EventRouter.fireEvent(EventRouter.java:164)
at com.vaadin.ui.AbstractComponent.fireEvent(AbstractComponent.java:1219)
at com.vaadin.ui.LoginForm$2.handleParameters(LoginForm.java:103)
at

Re: Mapping servlet to non English url pattern

2016-03-08 Thread Mark Eggers

Yuval,

On 3/8/2016 2:35 PM, Yuval Schwartz wrote:
> On Tue, Mar 8, 2016 at 10:53 PM, Mark Thomas  wrote:
> 
>> On 08/03/2016 20:20, Christopher Schultz wrote:
>>> Yuval,
>>>
>>> On 3/8/16 12:38 PM, Yuval Schwartz wrote:
 Hello Christopher, thanks, responses below.
>>>
 On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz <
 ch...@christopherschultz.net> wrote:
>>>
 Yuval,
>>>
 On 3/8/16 3:14 AM, Yuval Schwartz wrote:
>>> Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux
>>>
>>> Hello,
>>>
>>> I want to map my servlet to a Hebrew url pattern.
>>>
 Hmm.
>>>
>>> I tried placing the hebrew url pattern both in the
>>> "@webservlet" annotation (urlpatterns attribute) and in the
>>> the web.xml file. In both cases it doesn't work, it's as if
>>> there's nothing mapped to the url specified.
>>>
>>> I though to specify the URIEncoding parameter of the
>>> connector but saw that this defaults to "utf-8" in tomcat 8.
>>>
 Yes, it does.
>>>
 So you are trying to set the url-pattern for a servlet mapping?
>>>
 When you do it -- either using @WebServlet or  --
 can you connect via JMX to observe the pattern that's been read
 into the configuration? First, I'd want to make sure that the
 Hebrew characters haven't been destroyed by the loading process of
 the XML file or by the compiler, or even by Tomcat.
>>>
>>>
> Can you give me some direction on how I would do this? Maybe a
> little more detail on jmx? There could be encoding/decoding going
> on in the browser (firefox) and in all the elements you mentioned
> on the server side. Any way to see the final String that the
> server is using to match the Url pattern?
>>>
>>> Yeah, that's why I was suggesting using JMX, since Tomcat exposes all
>>> the configuration through it.
>>>
>>> Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool
>>> that contains a JMX client... both jconsole and VisualVM require that
>>> you go to the "plug-ins" configuration and install an
>>> easy-to-find-and-install plug-in for JMX) on the same machine (it's
>>> easiest this way).
>>>
>>> (I just checked, and VisualVM calls the plug-in
>>> "VisualVM-MBeans".)visualvisual
>>>
>>> Then, connect to the Tomcat instance and go to the BMeans tab.
>>>
>>> You'll find your servlet under /Catalina/Servlet/host/context/[servlet].
>>> ..
>>>
>>>
>>> Aw, crap. The mappings themselves aren't actually published via JMX. Hmm
>>
>> Yes they are.
>>
>> You need to look at the operations. findMappings() will list them.
>>
> 
> I did this and it worked:
> The english patterns show up fine, as expected.
> The hebrew pattern shows up as a bunch of question marks (eg:
> -?-)
> The URLEncoded pattern shows up as wierd symbols (eg: diamond shape, tm
> symbol).
> 
> Could this be something in my IDE (Netbeans) settings? The logs for
> example, display hebrew characters as question marks. Although my project
> encoding is set as UTF-8.
> 
> Thanks.
> 
> 
> 
>>
>> Mark

Are you developing on Windows? (ah, you are)

If so, could you check how you launch NetBeans? My netbeans.conf file
contains this on the netbeans_default_options line:

-J-Dfile.encoding=UTF-8

Also, if you're using Maven with NetBeans, UTF-8 has to be set there as
well. My projects contain the following in pom.xml:


UTF-8



If you have cygwin installed on Windows, you can use the following:

file -bi [filename]

will tell you the encoding and mime-type.

iconv will help you convert from us-ascii to UTF-8. The syntax is:

iconv -f [from-encoding] -t [to-encoding] [input-file] > output-file

I suspect there are native Windows tools to do this, but I'd have to
wander about and find them.

Notepad will tell you when you open a file what encoding the file is.
You could then do a "save as" and select the correct encoding.

Sadly, NetBeans does not have a plugin to do this.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: Mapping servlet to non English url pattern

Sorry, I should also say, I specified in the beginning that I am using
Amazon linux AMI but that is my production server. Right now, I'm testing
in my development environment and this is on a windows system. All the rest
of the versions I mentioned are the same. Could it be something with the
Windows system that is not handling utf8 correctly?

On Wed, Mar 9, 2016 at 12:35 AM, Yuval Schwartz 
wrote:

>
>
> On Tue, Mar 8, 2016 at 10:53 PM, Mark Thomas  wrote:
>
>> On 08/03/2016 20:20, Christopher Schultz wrote:
>> > Yuval,
>> >
>> > On 3/8/16 12:38 PM, Yuval Schwartz wrote:
>> >> Hello Christopher, thanks, responses below.
>> >
>> >> On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz <
>> >> ch...@christopherschultz.net> wrote:
>> >
>> >> Yuval,
>> >
>> >> On 3/8/16 3:14 AM, Yuval Schwartz wrote:
>> > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux
>> >
>> > Hello,
>> >
>> > I want to map my servlet to a Hebrew url pattern.
>> >
>> >> Hmm.
>> >
>> > I tried placing the hebrew url pattern both in the
>> > "@webservlet" annotation (urlpatterns attribute) and in the
>> > the web.xml file. In both cases it doesn't work, it's as if
>> > there's nothing mapped to the url specified.
>> >
>> > I though to specify the URIEncoding parameter of the
>> > connector but saw that this defaults to "utf-8" in tomcat 8.
>> >
>> >> Yes, it does.
>> >
>> >> So you are trying to set the url-pattern for a servlet mapping?
>> >
>> >> When you do it -- either using @WebServlet or  --
>> >> can you connect via JMX to observe the pattern that's been read
>> >> into the configuration? First, I'd want to make sure that the
>> >> Hebrew characters haven't been destroyed by the loading process of
>> >> the XML file or by the compiler, or even by Tomcat.
>> >
>> >
>> >>> Can you give me some direction on how I would do this? Maybe a
>> >>> little more detail on jmx? There could be encoding/decoding going
>> >>> on in the browser (firefox) and in all the elements you mentioned
>> >>> on the server side. Any way to see the final String that the
>> >>> server is using to match the Url pattern?
>> >
>> > Yeah, that's why I was suggesting using JMX, since Tomcat exposes all
>> > the configuration through it.
>> >
>> > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool
>> > that contains a JMX client... both jconsole and VisualVM require that
>> > you go to the "plug-ins" configuration and install an
>> > easy-to-find-and-install plug-in for JMX) on the same machine (it's
>> > easiest this way).
>> >
>> > (I just checked, and VisualVM calls the plug-in
>> > "VisualVM-MBeans".)visualvisual
>> >
>> > Then, connect to the Tomcat instance and go to the BMeans tab.
>> >
>> > You'll find your servlet under /Catalina/Servlet/host/context/[servlet].
>> > ..
>> >
>> >
>> > Aw, crap. The mappings themselves aren't actually published via JMX. Hmm
>>
>> Yes they are.
>>
>> You need to look at the operations. findMappings() will list them.
>>
>
> I did this and it worked:
> The english patterns show up fine, as expected.
> The hebrew pattern shows up as a bunch of question marks (eg:
> -?-)
> The URLEncoded pattern shows up as wierd symbols (eg: diamond shape, tm
> symbol).
>
> Could this be something in my IDE (Netbeans) settings? The logs for
> example, display hebrew characters as question marks. Although my project
> encoding is set as UTF-8.
>
> Thanks.
>
>
>
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Question about your recent security (CVE-2015-5345) fix in 7.0.68 build

2016-03-08 Thread Harish Krishnan

Thanks Chris for the reply.
Looks like my understanding of the fix is incorrect.
I assumed (my bad) that, with the fix for this CVE in place (tomcat
7.0.68) + setting the additional context attribute
(mapperContextRootRedirectEnabled="false"), all the redirects for that
webapp where context attribute was set, will completely be disabled.
You mentioned that only "protected directories" inside the deployed web
application is covered in this CVE fix.
Can you please help me understand what this protected directories are & how
to configure this in tomcat ?


regards
Harish Krishnan

On Tue, Mar 8, 2016 at 7:59 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Harish,
>
> On 3/7/16 6:02 PM, Harish Krishnan wrote:
> > Unfortunately, i still could not verify this vulnerability as it
> > still appears not fixed & my requests get redirected.
>
> What makes you think that the requests should not be redirected?
>
> > Instead of using the manager webapp that comes default in tomcat,
> > we created a sample webapp with the following security constraint
> > -  
> > hello.html 
> >  
> > sercure-hello
> > /* 
> > 
> > NONE
> >   
> >
> > Accessing http://localhost:8080/a (which exist) gets redirected to
> > http://localhost:8080/a/ & then get 404. Accessing
> > http://localhost:8080/b (does not exist) simply gets 404.
>
> Where did you deploy this sample web application?
>
> > I have set the context attribute (mapperContextRootRedirectEnabled)
> > as well -  > antiResourceLocking="false" privileged="true">   
> >
> > My question simply boils down to, What additional setting i need to
> > do for the above redirect to NOT happen.
>
> Which redirect? A redirect for a protected directory inside of a
> deployed web application (which is what this CVE covers) or the
> redirect for a deployed web application (which is not what this CVE
> covers)?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbe9twACgkQ9CaO5/Lv0PBaqQCeMMYqM8+hPnekw1NM8I5NNa0J
> uaQAn2Kp35FIKikIFfZdlao4Un1NCNGe
> =/uiq
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Mapping servlet to non English url pattern

On Tue, Mar 8, 2016 at 10:53 PM, Mark Thomas  wrote:

> On 08/03/2016 20:20, Christopher Schultz wrote:
> > Yuval,
> >
> > On 3/8/16 12:38 PM, Yuval Schwartz wrote:
> >> Hello Christopher, thanks, responses below.
> >
> >> On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz <
> >> ch...@christopherschultz.net> wrote:
> >
> >> Yuval,
> >
> >> On 3/8/16 3:14 AM, Yuval Schwartz wrote:
> > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux
> >
> > Hello,
> >
> > I want to map my servlet to a Hebrew url pattern.
> >
> >> Hmm.
> >
> > I tried placing the hebrew url pattern both in the
> > "@webservlet" annotation (urlpatterns attribute) and in the
> > the web.xml file. In both cases it doesn't work, it's as if
> > there's nothing mapped to the url specified.
> >
> > I though to specify the URIEncoding parameter of the
> > connector but saw that this defaults to "utf-8" in tomcat 8.
> >
> >> Yes, it does.
> >
> >> So you are trying to set the url-pattern for a servlet mapping?
> >
> >> When you do it -- either using @WebServlet or  --
> >> can you connect via JMX to observe the pattern that's been read
> >> into the configuration? First, I'd want to make sure that the
> >> Hebrew characters haven't been destroyed by the loading process of
> >> the XML file or by the compiler, or even by Tomcat.
> >
> >
> >>> Can you give me some direction on how I would do this? Maybe a
> >>> little more detail on jmx? There could be encoding/decoding going
> >>> on in the browser (firefox) and in all the elements you mentioned
> >>> on the server side. Any way to see the final String that the
> >>> server is using to match the Url pattern?
> >
> > Yeah, that's why I was suggesting using JMX, since Tomcat exposes all
> > the configuration through it.
> >
> > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool
> > that contains a JMX client... both jconsole and VisualVM require that
> > you go to the "plug-ins" configuration and install an
> > easy-to-find-and-install plug-in for JMX) on the same machine (it's
> > easiest this way).
> >
> > (I just checked, and VisualVM calls the plug-in
> > "VisualVM-MBeans".)visualvisual
> >
> > Then, connect to the Tomcat instance and go to the BMeans tab.
> >
> > You'll find your servlet under /Catalina/Servlet/host/context/[servlet].
> > ..
> >
> >
> > Aw, crap. The mappings themselves aren't actually published via JMX. Hmm
>
> Yes they are.
>
> You need to look at the operations. findMappings() will list them.
>

I did this and it worked:
The english patterns show up fine, as expected.
The hebrew pattern shows up as a bunch of question marks (eg:
-?-)
The URLEncoded pattern shows up as wierd symbols (eg: diamond shape, tm
symbol).

Could this be something in my IDE (Netbeans) settings? The logs for
example, display hebrew characters as question marks. Although my project
encoding is set as UTF-8.

Thanks.



>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

RE: Advice on Cluster in one machine

2016-03-08 Thread Caldarale, Charles R

> From: Edwin Quijada [mailto:listas_quij...@hotmail.com] 
> Subject: Re: Advice on Cluster in one machine

> Daniel, can you give the idea to do a parallel
> deployment approach? What tools I need ?

No tools, other than possibly changes to your build script.  The doc is here:
http://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Parallel_deployment

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mapping servlet to non English url pattern

On Tue, Mar 8, 2016 at 10:55 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Yuval,
>
> On 3/8/16 3:47 PM, Yuval Schwartz wrote:
> > On Tue, Mar 8, 2016 at 10:20 PM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Yuval,
> >
> > On 3/8/16 12:38 PM, Yuval Schwartz wrote:
>  Hello Christopher, thanks, responses below.
> 
>  On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz <
>  ch...@christopherschultz.net> wrote:
> 
>  Yuval,
> 
>  On 3/8/16 3:14 AM, Yuval Schwartz wrote:
> >>> Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon
> >>> Linux
> >>>
> >>> Hello,
> >>>
> >>> I want to map my servlet to a Hebrew url pattern.
> 
>  Hmm.
> 
> >>> I tried placing the hebrew url pattern both in the
> >>> "@webservlet" annotation (urlpatterns attribute) and in
> >>> the the web.xml file. In both cases it doesn't work,
> >>> it's as if there's nothing mapped to the url
> >>> specified.
> >>>
> >>> I though to specify the URIEncoding parameter of the
> >>> connector but saw that this defaults to "utf-8" in
> >>> tomcat 8.
> 
>  Yes, it does.
> 
>  So you are trying to set the url-pattern for a servlet
>  mapping?
> 
>  When you do it -- either using @WebServlet or
>   -- can you connect via JMX to observe the
>  pattern that's been read into the configuration? First, I'd
>  want to make sure that the Hebrew characters haven't been
>  destroyed by the loading process of the XML file or by the
>  compiler, or even by Tomcat.
> 
> 
> > Can you give me some direction on how I would do this?
> > Maybe a little more detail on jmx? There could be
> > encoding/decoding going on in the browser (firefox) and in
> > all the elements you mentioned on the server side. Any way
> > to see the final String that the server is using to match
> > the Url pattern?
> >
> > Yeah, that's why I was suggesting using JMX, since Tomcat exposes
> > all the configuration through it.
> >
> > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other
> > tool that contains a JMX client... both jconsole and VisualVM
> > require that you go to the "plug-ins" configuration and install an
> > easy-to-find-and-install plug-in for JMX) on the same machine
> > (it's easiest this way).
> >
> > (I just checked, and VisualVM calls the plug-in
> > "VisualVM-MBeans".)visualvisual
> >
> > Then, connect to the Tomcat instance and go to the BMeans tab.
> >
> > You'll find your servlet under
> > /Catalina/Servlet/host/context/[servlet]. ..
> >
> >
> > Aw, crap. The mappings themselves aren't actually published via
> > JMX. Hmm .
> >
> > I've done a lot of guessing and checking. For example, I
> > used the URLEncoder to get the encoded form of my urls and
> > put that in the url pattern.
> >
> > Good. So you have some set of Unicode escapes like \u0fe64 or
> > whatever in the url-pattern string in your annotation?
> >
> >
> >> No, I don't have any unicode escapes. I have (for the purpose of
> >> testing) two strings, one is the string with the utf-8
> >> characters, the other is an encoded form of the url (which is
> >> encoded into a series of "%" followed by two English letters). Do
> >> you recommend having something else here?
>
> Can you copy/paste your @WebServlet annotation into your next post? I
> think that will clear things up.
>

@WebServlet(name="SomeServlet", urlPatterns={"/help/why-no-work",
"/iw/help/למה-לא-עובד",
"/iw/help/%D7%9C%D7%9E%D7%94-%D7%9C%D7%90-%D7%A2%D7%95%D7%91%D7%93"}
(the last pattern is the same as the second to last, just encoded)

I will try the other stuff suggested and get back to you.


>
> >> Some more info: I placed a filter on pattern "/*". When my
> >> request with the UTF-8 url comes in, I call
> >> httpRequest.getServletPath() and httpRequest.getRequestURI(). As
> >> expected, I get the UTF-8 version of the servlet path (ie:
> >> decoded) and the ASCII request URI (ie: encoded) respectively.
>
> Good idea. So, does your application get what you expected in the
> String servlet path?
>
> >> This means that the request is reaching my server. It's the next
> >> step, the step where the servlet path is mapped to my specified
> >> url pattern, that I want to explore. But I don't know how to
> >> explore this. Where can I control how the url pattern is matched
> >> with the incoming url?
>
> You can't, other than following the rules of the servlet spec. Since
> you can get a Filter in the mix, try mapping the filter to "/smaller"
> where "smaller" is something narrower than "*" that gets you closer to
> what you were trying to accomplish. For instance, if you are trying to
> map to /עברית, then try mapping your filter to /ת* or something like
> that. (I have no idea what the left-to-right rules are for
> string-matching, etc. since Hebrew

Re: Advice on Cluster in one machine

Daniel, can you give the idea to do a parallel
deployment approach? What tools I need ?


From: Daniel Savard 
Sent: Tuesday, March 8, 2016 7:20 PM
To: Tomcat Users List
Subject: Re: Advice on Cluster in one machine

On the zero downtime deployments side, I would prefer a parallel
deployment approach. You can deploy a new version within the same
instance and have zero downtime as well without building a cluster.

I haven't experiment yet with this, but it is something I am looking
forward to test in short term.
-
Daniel Savard


2016-03-08 10:48 GMT-05:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Edwin,
>
> On 3/8/16 8:19 AM, Edwin Quijada wrote:
>> I am new using Tomcat so I have a question about performance. I
>> have installed a cluster with 2 tomcats and apache webserver like
>> proxy in front of Tomcat cluster but this whole thing is in one
>> server, somebody tell me that is not useful beacuse is in the same
>> server that is better give more resources to one tomcat and not
>> split the resources in two.
>
> Performance-wise, your friend is right: a two-node cluster on one
> machine is going to use more resources than a single node on that machin
> e.
>
> However, running two cluster nodes on a single server isn't a
> completely stupid idea. If you want to have zero-downtime deployments,
> you can take one node down, upgrade it, then switch. So there's value
> there. As for fault-tolerance, the single point of failure is the
> whole machine: if that server isn't available, no services are available
> .
>
> That's why people usually have a hardware load balancer (fairly
> simple, fairly reliable) and several web/app servers, just in case one
> of them fails. If one node fails, the service is still available.
>
>> Somebody here can give any advice about this configuration what do
>> you think about this ? In this server I have websockets in cluster
>> and I am having problems with websockets in cluster
>
> Clustering and websockets have little to do with one another, since
> the connection goes to one node and the cluster really just manages
> things like sessions (which are orthogonal to connections, protocols,
> etc.).
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbe9DcACgkQ9CaO5/Lv0PCvSACeP5LxHVddVmygYBSDCMy/bzyI
> kcsAoMRRZOREaWubUGJFrviRSx/cVAUK
> =1OIe
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mapping servlet to non English url pattern

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yuval,

On 3/8/16 3:47 PM, Yuval Schwartz wrote:
> On Tue, Mar 8, 2016 at 10:20 PM, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
> Yuval,
> 
> On 3/8/16 12:38 PM, Yuval Schwartz wrote:
 Hello Christopher, thanks, responses below.
 
 On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < 
 ch...@christopherschultz.net> wrote:
 
 Yuval,
 
 On 3/8/16 3:14 AM, Yuval Schwartz wrote:
>>> Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon
>>> Linux
>>> 
>>> Hello,
>>> 
>>> I want to map my servlet to a Hebrew url pattern.
 
 Hmm.
 
>>> I tried placing the hebrew url pattern both in the 
>>> "@webservlet" annotation (urlpatterns attribute) and in
>>> the the web.xml file. In both cases it doesn't work,
>>> it's as if there's nothing mapped to the url
>>> specified.
>>> 
>>> I though to specify the URIEncoding parameter of the 
>>> connector but saw that this defaults to "utf-8" in
>>> tomcat 8.
 
 Yes, it does.
 
 So you are trying to set the url-pattern for a servlet
 mapping?
 
 When you do it -- either using @WebServlet or
  -- can you connect via JMX to observe the
 pattern that's been read into the configuration? First, I'd
 want to make sure that the Hebrew characters haven't been
 destroyed by the loading process of the XML file or by the
 compiler, or even by Tomcat.
 
 
> Can you give me some direction on how I would do this?
> Maybe a little more detail on jmx? There could be
> encoding/decoding going on in the browser (firefox) and in
> all the elements you mentioned on the server side. Any way
> to see the final String that the server is using to match
> the Url pattern?
> 
> Yeah, that's why I was suggesting using JMX, since Tomcat exposes
> all the configuration through it.
> 
> Launch Tomcat, then fire-up jconsole (or VisualVM, or any other
> tool that contains a JMX client... both jconsole and VisualVM
> require that you go to the "plug-ins" configuration and install an 
> easy-to-find-and-install plug-in for JMX) on the same machine
> (it's easiest this way).
> 
> (I just checked, and VisualVM calls the plug-in 
> "VisualVM-MBeans".)visualvisual
> 
> Then, connect to the Tomcat instance and go to the BMeans tab.
> 
> You'll find your servlet under
> /Catalina/Servlet/host/context/[servlet]. ..
> 
> 
> Aw, crap. The mappings themselves aren't actually published via
> JMX. Hmm .
> 
> I've done a lot of guessing and checking. For example, I
> used the URLEncoder to get the encoded form of my urls and
> put that in the url pattern.
> 
> Good. So you have some set of Unicode escapes like \u0fe64 or
> whatever in the url-pattern string in your annotation?
> 
> 
>> No, I don't have any unicode escapes. I have (for the purpose of
>> testing) two strings, one is the string with the utf-8
>> characters, the other is an encoded form of the url (which is
>> encoded into a series of "%" followed by two English letters). Do
>> you recommend having something else here?

Can you copy/paste your @WebServlet annotation into your next post? I
think that will clear things up.

>> Some more info: I placed a filter on pattern "/*". When my
>> request with the UTF-8 url comes in, I call 
>> httpRequest.getServletPath() and httpRequest.getRequestURI(). As
>> expected, I get the UTF-8 version of the servlet path (ie:
>> decoded) and the ASCII request URI (ie: encoded) respectively.

Good idea. So, does your application get what you expected in the
String servlet path?

>> This means that the request is reaching my server. It's the next
>> step, the step where the servlet path is mapped to my specified
>> url pattern, that I want to explore. But I don't know how to
>> explore this. Where can I control how the url pattern is matched
>> with the incoming url?

You can't, other than following the rules of the servlet spec. Since
you can get a Filter in the mix, try mapping the filter to "/smaller"
where "smaller" is something narrower than "*" that gets you closer to
what you were trying to accomplish. For instance, if you are trying to
map to /עברית, then try mapping your filter to /ת* or something like
that. (I have no idea what the left-to-right rules are for
string-matching, etc. since Hebrew should be right-to-left, but
prefix-matching is usually written in a left-to-right fashion).

>> Although I can only conceive two options for how the incoming url
>> is matched with the url pattern and I've tried both (either the
>> UTF-8 version of the request url is matched against the pattern
>> or the encoded version is matched against the pattern).

Tomcat is doing a left-to-right pattern-match, character-by-character,
as long as there wasn't an exact-match that was found (which would
have been done roughly using String.equals, though in Tomcat it's
working with

Re: Mapping servlet to non English url pattern

2016-03-08 Thread Mark Thomas

On 08/03/2016 20:20, Christopher Schultz wrote:
> Yuval,
> 
> On 3/8/16 12:38 PM, Yuval Schwartz wrote:
>> Hello Christopher, thanks, responses below.
> 
>> On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < 
>> ch...@christopherschultz.net> wrote:
> 
>> Yuval,
> 
>> On 3/8/16 3:14 AM, Yuval Schwartz wrote:
> Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux
>
> Hello,
>
> I want to map my servlet to a Hebrew url pattern.
> 
>> Hmm.
> 
> I tried placing the hebrew url pattern both in the
> "@webservlet" annotation (urlpatterns attribute) and in the
> the web.xml file. In both cases it doesn't work, it's as if
> there's nothing mapped to the url specified.
>
> I though to specify the URIEncoding parameter of the
> connector but saw that this defaults to "utf-8" in tomcat 8.
> 
>> Yes, it does.
> 
>> So you are trying to set the url-pattern for a servlet mapping?
> 
>> When you do it -- either using @WebServlet or  --
>> can you connect via JMX to observe the pattern that's been read
>> into the configuration? First, I'd want to make sure that the
>> Hebrew characters haven't been destroyed by the loading process of
>> the XML file or by the compiler, or even by Tomcat.
> 
> 
>>> Can you give me some direction on how I would do this? Maybe a
>>> little more detail on jmx? There could be encoding/decoding going
>>> on in the browser (firefox) and in all the elements you mentioned
>>> on the server side. Any way to see the final String that the
>>> server is using to match the Url pattern?
> 
> Yeah, that's why I was suggesting using JMX, since Tomcat exposes all
> the configuration through it.
> 
> Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool
> that contains a JMX client... both jconsole and VisualVM require that
> you go to the "plug-ins" configuration and install an
> easy-to-find-and-install plug-in for JMX) on the same machine (it's
> easiest this way).
> 
> (I just checked, and VisualVM calls the plug-in
> "VisualVM-MBeans".)visualvisual
> 
> Then, connect to the Tomcat instance and go to the BMeans tab.
> 
> You'll find your servlet under /Catalina/Servlet/host/context/[servlet].
> ..
> 
> 
> Aw, crap. The mappings themselves aren't actually published via JMX. Hmm

Yes they are.

You need to look at the operations. findMappings() will list them.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mapping servlet to non English url pattern

Thanks again, see below...

On Tue, Mar 8, 2016 at 10:20 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Yuval,
>
> On 3/8/16 12:38 PM, Yuval Schwartz wrote:
> > Hello Christopher, thanks, responses below.
> >
> > On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Yuval,
> >
> > On 3/8/16 3:14 AM, Yuval Schwartz wrote:
>  Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux
> 
>  Hello,
> 
>  I want to map my servlet to a Hebrew url pattern.
> >
> > Hmm.
> >
>  I tried placing the hebrew url pattern both in the
>  "@webservlet" annotation (urlpatterns attribute) and in the
>  the web.xml file. In both cases it doesn't work, it's as if
>  there's nothing mapped to the url specified.
> 
>  I though to specify the URIEncoding parameter of the
>  connector but saw that this defaults to "utf-8" in tomcat 8.
> >
> > Yes, it does.
> >
> > So you are trying to set the url-pattern for a servlet mapping?
> >
> > When you do it -- either using @WebServlet or  --
> > can you connect via JMX to observe the pattern that's been read
> > into the configuration? First, I'd want to make sure that the
> > Hebrew characters haven't been destroyed by the loading process of
> > the XML file or by the compiler, or even by Tomcat.
> >
> >
> >> Can you give me some direction on how I would do this? Maybe a
> >> little more detail on jmx? There could be encoding/decoding going
> >> on in the browser (firefox) and in all the elements you mentioned
> >> on the server side. Any way to see the final String that the
> >> server is using to match the Url pattern?
>
> Yeah, that's why I was suggesting using JMX, since Tomcat exposes all
> the configuration through it.
>
> Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool
> that contains a JMX client... both jconsole and VisualVM require that
> you go to the "plug-ins" configuration and install an
> easy-to-find-and-install plug-in for JMX) on the same machine (it's
> easiest this way).
>
> (I just checked, and VisualVM calls the plug-in
> "VisualVM-MBeans".)visualvisual
>
> Then, connect to the Tomcat instance and go to the BMeans tab.
>
> You'll find your servlet under /Catalina/Servlet/host/context/[servlet].
> ..
>
>
> Aw, crap. The mappings themselves aren't actually published via JMX. Hmm
> .
>
> >> I've done a lot of guessing and checking. For example, I used
> >> the URLEncoder to get the encoded form of my urls and put that in
> >> the url pattern.
>
> Good. So you have some set of Unicode escapes like \u0fe64 or whatever
> in the url-pattern string in your annotation?
>

No, I don't have any unicode escapes. I have (for the purpose of testing)
two strings, one is the string with the utf-8 characters, the other is an
encoded form of the url (which is encoded into a series of "%" followed by
two English letters).
Do you recommend having something else here?

Some more info:
I placed a filter on pattern "/*".
When my request with the UTF-8 url comes in, I call
httpRequest.getServletPath() and httpRequest.getRequestURI().
As expected, I get the UTF-8 version of the servlet path (ie: decoded) and
the ASCII request URI (ie: encoded) respectively.

This means that the request is reaching my server. It's the next step, the
step where the servlet path is mapped to my specified url pattern, that I
want to explore. But I don't know how to explore this. Where can I control
how the url pattern is matched with the incoming url?
Although I can only conceive two options for how the incoming url is
matched with the url pattern and I've tried both (either the UTF-8 version
of the request url is matched against the pattern or the encoded version is
matched against the pattern).

>
> >> Therefore, the xml loading process/compiler/tomcat/netbeans
> >> shouldn't do anything to change it (in the case where I encode
> >> the pattern), but the servlet still isn't found.
>
> Well, if you use annotations, the XML shouldn't be a problem at all,
> of course. But you said you were having problems using the
> web.xml-based configuration, too, right?
>
> When you type the URL into your browser, are you just typing the
> Hebrew right into the browser, or have you UTF/URL-escaped it first
> and then copy/pasted it into the browser (or, better yet, provide a
> link from another page that isn't giving you any problems).
>

I load the url into the href attribute of an "a" tag.
I have tried placing the regular hebrew into the attribute as well as
placing the encoded form of the hebrew
(ie: /package/[some hebrew] & /package/%D7%99%D7... respectively).
The latter is how wikipedia does it, inspect the elements to see for
yourself (
https://he.wikipedia.org/wiki/%D7%9E%D7%9C%D7%97%D7%9E%D7%AA_%D7%94%D7%A2%D7%A6%D7%9E%D7%90%D7%95%D7%AA)
(...the browser automatically encodes the link when I copy it :)

>
> You might want to make

Re: Mapping servlet to non English url pattern

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yuval,

On 3/8/16 12:38 PM, Yuval Schwartz wrote:
> Hello Christopher, thanks, responses below.
> 
> On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
> Yuval,
> 
> On 3/8/16 3:14 AM, Yuval Schwartz wrote:
 Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux

 Hello,

 I want to map my servlet to a Hebrew url pattern.
> 
> Hmm.
> 
 I tried placing the hebrew url pattern both in the
 "@webservlet" annotation (urlpatterns attribute) and in the
 the web.xml file. In both cases it doesn't work, it's as if
 there's nothing mapped to the url specified.

 I though to specify the URIEncoding parameter of the
 connector but saw that this defaults to "utf-8" in tomcat 8.
> 
> Yes, it does.
> 
> So you are trying to set the url-pattern for a servlet mapping?
> 
> When you do it -- either using @WebServlet or  --
> can you connect via JMX to observe the pattern that's been read
> into the configuration? First, I'd want to make sure that the
> Hebrew characters haven't been destroyed by the loading process of
> the XML file or by the compiler, or even by Tomcat.
> 
> 
>> Can you give me some direction on how I would do this? Maybe a
>> little more detail on jmx? There could be encoding/decoding going
>> on in the browser (firefox) and in all the elements you mentioned
>> on the server side. Any way to see the final String that the
>> server is using to match the Url pattern?

Yeah, that's why I was suggesting using JMX, since Tomcat exposes all
the configuration through it.

Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool
that contains a JMX client... both jconsole and VisualVM require that
you go to the "plug-ins" configuration and install an
easy-to-find-and-install plug-in for JMX) on the same machine (it's
easiest this way).

(I just checked, and VisualVM calls the plug-in
"VisualVM-MBeans".)visualvisual

Then, connect to the Tomcat instance and go to the BMeans tab.

You'll find your servlet under /Catalina/Servlet/host/context/[servlet].
..

Aw, crap. The mappings themselves aren't actually published via JMX. Hmm
.

>> I've done a lot of guessing and checking. For example, I used
>> the URLEncoder to get the encoded form of my urls and put that in
>> the url pattern.

Good. So you have some set of Unicode escapes like \u0fe64 or whatever
in the url-pattern string in your annotation?

>> Therefore, the xml loading process/compiler/tomcat/netbeans 
>> shouldn't do anything to change it (in the case where I encode
>> the pattern), but the servlet still isn't found.

Well, if you use annotations, the XML shouldn't be a problem at all,
of course. But you said you were having problems using the
web.xml-based configuration, too, right?

When you type the URL into your browser, are you just typing the
Hebrew right into the browser, or have you UTF/URL-escaped it first
and then copy/pasted it into the browser (or, better yet, provide a
link from another page that isn't giving you any problems).

You might want to make sure that Tomcat is delivering all responses in
UTF-8, so that the browser (hopefully) decides to send the URL for the
*next* page in UTF-8 instead of some weird ISO-8859-1 mess.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbfNBIACgkQ9CaO5/Lv0PAEswCcD9K3iwDplOASR81WtIMQZVFb
77YAnisxPAcn8/vuAU1PNDQgnvGuLVlo
=LmWf
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Connection pool in a clustered environment

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Daniel,

On 3/8/16 2:27 PM, Daniel Savard wrote:
> I wonder how you handle a pool of connections (not necessarily to
> a database, think about something generic) in a clustered
> environement.

Generally, there is nothing to be done, here. Each node is considered
completely separate with the exception of trading HttpSession informatio
n.

> I defined a pool of connections in my application context and I
> did put it in the context with the setAttribute() method. Since
> each instance is doing this, what will happen when an instance is
> shutdown?

I believe that no context-scoped data is sent between cluster nodes,
so ... nothing will happen.

> These connections depend on the IP/protocol/port on both sides.
> So, since the instance is down, one party no longer exists. What
> is happening if a take over instance receives an incoming request
> which refers to one of these connections?
> 
> Do I have to handle this in my code? Do I have to reinitialize the 
> connection pool if such an event happen?

If your application maintains its own connection pool, then you should
create it with each webapp start and destroy it with each webapp stop.

I don't think there are any cluster-related issues, here.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbfMTIACgkQ9CaO5/Lv0PCL5gCguI2eODlB+8Brz9gpjJZGGzpM
jD4An1Nag5xcNN+2vXKq7xpw6H8Gdhg/
=Gx0w
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Advice on Cluster in one machine

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Daniel,

On 3/8/16 2:20 PM, Daniel Savard wrote:
> On the zero downtime deployments side, I would prefer a parallel 
> deployment approach. You can deploy a new version within the same 
> instance and have zero downtime as well without building a
> cluster.
> 
> I haven't experiment yet with this, but it is something I am
> looking forward to test in short term.

Having two JVMs also means that you can upgrade Tomcat and/or the JVM
without bringing down the service.

Of course, on a single machine, you would still need to bring down the
service for package updates, etc.

Then of course, there's VMs... it's possible to go completely crazy
unless you take a step back and decide what your uptime requirements
truly are.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbfK3IACgkQ9CaO5/Lv0PACqQCgrf9MsJ2UVfqAcYRur0ilpccb
+JAAnjThwm8Y5yeAvpcSEKtlvyIClwid
=AwVQ
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Connection pool in a clustered environment

Hi everyone,

I wonder how you handle a pool of connections (not necessarily to a
database, think about something generic) in a clustered environement.

I defined a pool of connections in my application context and I did
put it in the context with the setAttribute() method. Since each
instance is doing this, what will happen when an instance is shutdown?
These connections depend on the IP/protocol/port on both sides. So,
since the instance is down, one party no longer exists. What is
happening if a take over instance receives an incoming request which
refers to one of these connections?

Do I have to handle this in my code? Do I have to reinitialize the
connection pool if such an event happen?

Regards,
-
Daniel Savard

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Advice on Cluster in one machine

On the zero downtime deployments side, I would prefer a parallel
deployment approach. You can deploy a new version within the same
instance and have zero downtime as well without building a cluster.

I haven't experiment yet with this, but it is something I am looking
forward to test in short term.
-
Daniel Savard


2016-03-08 10:48 GMT-05:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Edwin,
>
> On 3/8/16 8:19 AM, Edwin Quijada wrote:
>> I am new using Tomcat so I have a question about performance. I
>> have installed a cluster with 2 tomcats and apache webserver like
>> proxy in front of Tomcat cluster but this whole thing is in one
>> server, somebody tell me that is not useful beacuse is in the same
>> server that is better give more resources to one tomcat and not
>> split the resources in two.
>
> Performance-wise, your friend is right: a two-node cluster on one
> machine is going to use more resources than a single node on that machin
> e.
>
> However, running two cluster nodes on a single server isn't a
> completely stupid idea. If you want to have zero-downtime deployments,
> you can take one node down, upgrade it, then switch. So there's value
> there. As for fault-tolerance, the single point of failure is the
> whole machine: if that server isn't available, no services are available
> .
>
> That's why people usually have a hardware load balancer (fairly
> simple, fairly reliable) and several web/app servers, just in case one
> of them fails. If one node fails, the service is still available.
>
>> Somebody here can give any advice about this configuration what do
>> you think about this ? In this server I have websockets in cluster
>> and I am having problems with websockets in cluster
>
> Clustering and websockets have little to do with one another, since
> the connection goes to one node and the cluster really just manages
> things like sessions (which are orthogonal to connections, protocols,
> etc.).
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbe9DcACgkQ9CaO5/Lv0PCvSACeP5LxHVddVmygYBSDCMy/bzyI
> kcsAoMRRZOREaWubUGJFrviRSx/cVAUK
> =1OIe
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Understanding how to controlling what data is written to log4j appenders

2016-03-08 Thread Cris Berneburg - US

Chris

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Tuesday, March 08, 2016 11:36 AM
To: Tomcat Users List
Subject: Re: Understanding how to controlling what data is written to log4j 
appenders

[SNIP]

> Yeah, it's a shame it's the case, but to understand how logging works,
> you also have to understand how the logger configures itself (which isn't
> a big deal), and that also means understanding how Java ClassLoaders work.
>
> I didn't even say anything about ClassLoaders, but that's why this is all
> happening: when log4j is loaded, it only has visibility to the classes
> that have been loaded by its own ClassLoader or those "higher up" in the
> chain of ClassLoaders that go up to the initial ClassLoader that the JVM
> starts to load everything.
>
> You can even break the chain of ClassLoaders a bit if you want.
>
> For example, Tomcat uses its own bootstrap ClassLoader to load some very
> basic things, then loads the container in a separate ClassLoader so that
> it doesn't interfere with anything the web applications are doin g.
>
> Then each web application gets its own ClassLoader which doesn't have
> visibility into the server's ClassLoader. There are some games being
> played with which classes are and are not available to either (or both)
> Tomcat and the applications, much of which is not visible to the user
> unless they (a) understand it and (b) configure it differently from the
> default.

Ah, OK, interesting - thanks for explaining that.

> The upshot is that, if you have your own log4j.jar file bundled with your
> application (which I think you *should*), then when you try to initialize
> it, it will initialize based upon the application's logging configuration
> and basically be completely separate from Tomcat's logging configuration.

That's good to know and makes sense.

> Then there is System.out, which is shared by everyone. So if your web
> application's logger is configure to log to System.out, then Tomcat's logger
> can capture that logging and *also* redirect it to wherever it wants.

Thanks, I did not know that.  Might be handy if refactoring the application to 
replace System.out with logger calls is prohibitive.

> It's kind of like a river, where you can redirect the water almost wherever
> you want (except that this river can also clone water molecules and send
> them in two directions *at once*). Okay, terrible analogy. Sorry.

Ha, ha, ha!  :-)

--
Cris Berneburg, Lead Software Engineer, CACI

Re: Mapping servlet to non English url pattern

Hello Christopher, thanks, responses below.

On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Yuval,
>
> On 3/8/16 3:14 AM, Yuval Schwartz wrote:
> > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux
> >
> > Hello,
> >
> > I want to map my servlet to a Hebrew url pattern.
>
> Hmm.
>
> > I tried placing the hebrew url pattern both in the "@webservlet"
> > annotation (urlpatterns attribute) and in the the web.xml file. In
> > both cases it doesn't work, it's as if there's nothing mapped to
> > the url specified.
> >
> > I though to specify the URIEncoding parameter of the connector but
> > saw that this defaults to "utf-8" in tomcat 8.
>
> Yes, it does.
>
> So you are trying to set the url-pattern for a servlet mapping?
>
> When you do it -- either using @WebServlet or  -- can
> you connect via JMX to observe the pattern that's been read into the
> configuration? First, I'd want to make sure that the Hebrew characters
> haven't been destroyed by the loading process of the XML file or by
> the compiler, or even by Tomcat.
>

Can you give me some direction on how I would do this? Maybe a little more
detail on jmx? There could be encoding/decoding going on in the browser
(firefox) and in all the elements you mentioned on the server side. Any way
to see the final String that the server is using to match the Url pattern?

I've done a lot of guessing and checking. For example, I used the
URLEncoder to get the encoded form of my urls and put that in the url
pattern. Therefore, the xml loading process/compiler/tomcat/netbeans
shouldn't do anything to change it (in the case where I encode the
pattern), but the servlet still isn't found.

Thanks.


> Can you confirm that the browser is sending the URL without ruining it
> as well?
>
> Tomcat's Mapper follows the spec-defined rules for mapping a URL to a
> servlet, so it's possible that another servlet will take-over the
> mapping, depending upon how it's defined. Remember, the spec says that
> an exact-match wins, followed by a prefix-match (/foo/bar/baz/*)
> (longest match wins), followed by an extension-match (*.img), followed
> by things like welcome-file resources, etc.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbe/IMACgkQ9CaO5/Lv0PCupACbBDmQYb9WmxM6R0F+FpKK6bB5
> /DMAnAv7tv6nYOcfQDXFl1NltegV47lA
> =L+ec
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Advice on Cluster in one machine

2016-03-08 Thread Mark Eggers

On 3/8/2016 8:54 AM, Christopher Schultz wrote:
> Edwin,
> 
> On 3/8/16 11:46 AM, Edwin Quijada wrote:
> 
> 
>>  From: Christopher Schultz
>>  Sent: Tuesday, March 8, 2016 3:48
>> PM To: Tomcat Users List Subject: Re: Advice on Cluster in one
>> machine
> 
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
> 
>> Edwin,
> 
>> On 3/8/16 8:19 AM, Edwin Quijada wrote:
>>> I am new using Tomcat so I have a question about performance. I 
>>> have installed a cluster with 2 tomcats and apache webserver
>>> like proxy in front of Tomcat cluster but this whole thing is in
>>> one server, somebody tell me that is not useful beacuse is in the
>>> same server that is better give more resources to one tomcat and
>>> not split the resources in two.
> 
>> Performance-wise, your friend is right: a two-node cluster on one 
>> machine is going to use more resources than a single node on that
>> machin e.
> 
>> However, running two cluster nodes on a single server isn't a 
>> completely stupid idea. If you want to have zero-downtime
>> deployments, you can take one node down, upgrade it, then switch.
>> So there's value there. As for fault-tolerance, the single point of
>> failure is the whole machine: if that server isn't available, no
>> services are available .
> 
>> That's why people usually have a hardware load balancer (fairly 
>> simple, fairly reliable) and several web/app servers, just in case
>> one of them fails. If one node fails, the service is still
>> available.
> 
>>> Somebody here can give any advice about this configuration what
>>> do you think about this ? In this server I have websockets in
>>> cluster and I am having problems with websockets in cluster
> 
>> Clustering and websockets have little to do with one another,
>> since the connection goes to one node and the cluster really just
>> manages things like sessions (which are orthogonal to connections,
>> protocols, etc.).
> 
>> OK, so if I want to run my app like myserver.com I can use apache 
>> like reverse proxy to do this and still working with websockets ,
>> I want to do this something like this
> 
>> Apache -> Tomcat -> DB
> 
>> but the websocket still works ?
> 
> I'm not sure how well websockets work through httpd right now. I'm
> certainly no expert on websocket, so someone else will have to give
> you better information. Note that the database is also not relevant.
> 
> But in general, yes, you can use httpd as a reverse proxy for multiple
> Tomcats.
> 
> -chris

I'm not an expert on websockets either, but it looks like this:

https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html

will work.

I'm not sure how to fit together all of the pieces, but it looks
possible at least.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: Understanding how to controlling what data is written to log4j appenders

2016-03-08 Thread Joleen Barker

Yes, I agree. I changed the file name in the default tomcat appender to be
called tomcat and the one in the log4j file in the classes is called cfcc
which makes more sense as that is the web applications context name.

I'll  keep plugging at it.

I really thank you for your help.

-Joleen

On Tue, Mar 8, 2016 at 11:52 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Joleen,
>
> On 3/8/16 11:44 AM, Joleen Barker wrote:
> > Hello Christopher,
> >
> > I thank you for your comments. I had changed the swallowOutput=true
> > back when I changed the default tomcat logging to use the log4j
> > properties files. I did rename the cfcc log I had to read tomcat
> > and it comes up and captures the starting/stopping details but
> > that's about it. There were a few other things but not many. I am
> > not sure if you saw the 3rd log4j.properties set of details I
> > placed in the email I sent with my configs. That held the changes I
> > made to the vendors log4j. I left the CFCC appender in the classes
> > log4j and changed the "stdout" to read CFCC and any logging that
> > said "stdout" changed to CFCC.
> >
> > It was my hope that all the messages written would then go to my
> > cfcc log but they didn't. I did see a few regarding SSH connections
> > but that was all. The others are still going to the catalina.out.
>
> Remember that having two appenders to the same file is likely to cause
> a problem. Especially if they are from two separate log4j.properties
> files.
>
> You'll likely get two components opening the same file for writing.
> Last one wins, and you'll get zero errors.
>
> > I will continue to work on this and test.
> >
> > If there is anything you think of and want to send it my way to try
> > I will try it right away.
> >
> > I know that was very boring to read all that I posted. I thank
> > everyone for their time. If I make progress and find the missing
> > link I will send the results.
>
> Good luck. This stuff isn't always easy.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbfA2AACgkQ9CaO5/Lv0PAATgCfRXXiwJk8AeeVycCZsAHJjTKu
> uxIAmwWGQ180VdoFPxaadS33kik9xoe2
> =h5HR
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Advice on Cluster in one machine

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Edwin,

On 3/8/16 11:46 AM, Edwin Quijada wrote:
> 
> 
>  From: Christopher Schultz
>  Sent: Tuesday, March 8, 2016 3:48
> PM To: Tomcat Users List Subject: Re: Advice on Cluster in one
> machine
> 
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
> 
> Edwin,
> 
> On 3/8/16 8:19 AM, Edwin Quijada wrote:
>> I am new using Tomcat so I have a question about performance. I 
>> have installed a cluster with 2 tomcats and apache webserver
>> like proxy in front of Tomcat cluster but this whole thing is in
>> one server, somebody tell me that is not useful beacuse is in the
>> same server that is better give more resources to one tomcat and
>> not split the resources in two.
> 
> Performance-wise, your friend is right: a two-node cluster on one 
> machine is going to use more resources than a single node on that
> machin e.
> 
> However, running two cluster nodes on a single server isn't a 
> completely stupid idea. If you want to have zero-downtime
> deployments, you can take one node down, upgrade it, then switch.
> So there's value there. As for fault-tolerance, the single point of
> failure is the whole machine: if that server isn't available, no
> services are available .
> 
> That's why people usually have a hardware load balancer (fairly 
> simple, fairly reliable) and several web/app servers, just in case
> one of them fails. If one node fails, the service is still
> available.
> 
>> Somebody here can give any advice about this configuration what
>> do you think about this ? In this server I have websockets in
>> cluster and I am having problems with websockets in cluster
> 
> Clustering and websockets have little to do with one another,
> since the connection goes to one node and the cluster really just
> manages things like sessions (which are orthogonal to connections,
> protocols, etc.).
> 
> OK, so if I want to run my app like myserver.com I can use apache 
> like reverse proxy to do this and still working with websockets ,
> I want to do this something like this
> 
> Apache -> Tomcat -> DB
> 
> but the websocket still works ?

I'm not sure how well websockets work through httpd right now. I'm
certainly no expert on websocket, so someone else will have to give
you better information. Note that the database is also not relevant.

But in general, yes, you can use httpd as a reverse proxy for multiple
Tomcats.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbfA74ACgkQ9CaO5/Lv0PDVUQCgw6fUafLXMoCKsEGW5ucUxgjx
gfEAoKJHYBWtn7MAdhGYlllsgcSZeuah
=YX3V
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Understanding how to controlling what data is written to log4j appenders

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joleen,

On 3/8/16 11:44 AM, Joleen Barker wrote:
> Hello Christopher,
> 
> I thank you for your comments. I had changed the swallowOutput=true
> back when I changed the default tomcat logging to use the log4j
> properties files. I did rename the cfcc log I had to read tomcat
> and it comes up and captures the starting/stopping details but
> that's about it. There were a few other things but not many. I am
> not sure if you saw the 3rd log4j.properties set of details I
> placed in the email I sent with my configs. That held the changes I
> made to the vendors log4j. I left the CFCC appender in the classes
> log4j and changed the "stdout" to read CFCC and any logging that
> said "stdout" changed to CFCC.
> 
> It was my hope that all the messages written would then go to my
> cfcc log but they didn't. I did see a few regarding SSH connections
> but that was all. The others are still going to the catalina.out.

Remember that having two appenders to the same file is likely to cause
a problem. Especially if they are from two separate log4j.properties
files.

You'll likely get two components opening the same file for writing.
Last one wins, and you'll get zero errors.

> I will continue to work on this and test.
> 
> If there is anything you think of and want to send it my way to try
> I will try it right away.
> 
> I know that was very boring to read all that I posted. I thank
> everyone for their time. If I make progress and find the missing
> link I will send the results.

Good luck. This stuff isn't always easy.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbfA2AACgkQ9CaO5/Lv0PAATgCfRXXiwJk8AeeVycCZsAHJjTKu
uxIAmwWGQ180VdoFPxaadS33kik9xoe2
=h5HR
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Advice on Cluster in one machine

From: Christopher Schultz 
Sent: Tuesday, March 8, 2016 3:48 PM
To: Tomcat Users List
Subject: Re: Advice on Cluster in one machine

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Edwin,

On 3/8/16 8:19 AM, Edwin Quijada wrote:
> I am new using Tomcat so I have a question about performance. I
> have installed a cluster with 2 tomcats and apache webserver like
> proxy in front of Tomcat cluster but this whole thing is in one
> server, somebody tell me that is not useful beacuse is in the same
> server that is better give more resources to one tomcat and not
> split the resources in two.

Performance-wise, your friend is right: a two-node cluster on one
machine is going to use more resources than a single node on that machin
e.

However, running two cluster nodes on a single server isn't a
completely stupid idea. If you want to have zero-downtime deployments,
you can take one node down, upgrade it, then switch. So there's value
there. As for fault-tolerance, the single point of failure is the
whole machine: if that server isn't available, no services are available
.

That's why people usually have a hardware load balancer (fairly
simple, fairly reliable) and several web/app servers, just in case one
of them fails. If one node fails, the service is still available.

> Somebody here can give any advice about this configuration what do
> you think about this ? In this server I have websockets in cluster
> and I am having problems with websockets in cluster

Clustering and websockets have little to do with one another, since
the connection goes to one node and the cluster really just manages
things like sessions (which are orthogonal to connections, protocols,
etc.).

OK, so if I want to run my app like myserver.com I can use apache like reverse 
proxy to do this and still working with websockets , I want to do this 
something like this 

Apache -> Tomcat -> DB

but the websocket still works ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Understanding how to controlling what data is written to log4j appenders

2016-03-08 Thread Joleen Barker

Hello Christopher,

I thank you for your comments. I had changed the swallowOutput=true back
when I changed the default tomcat logging to use the log4j properties
files. I did rename the cfcc log I had to read tomcat and it comes up and
captures the starting/stopping details but that's about it. There were a
few other things but not many. I am not sure if you saw the 3rd
log4j.properties set of details I placed in the email I sent with my
configs. That held the changes I made to the vendors log4j. I left the CFCC
appender in the classes log4j and changed the "stdout" to read CFCC and any
logging that said "stdout" changed to CFCC.

It was my hope that all the messages written would then go to my cfcc log
but they didn't. I did see a few regarding SSH connections but that was
all. The others are still going to the catalina.out.

I will continue to work on this and test.

If there is anything you think of and want to send it my way to try I will
try it right away.

I know that was very boring to read all that I posted. I thank everyone for
their time. If I make progress and find the missing link I will send the
results.

-Joleen

On Tue, Mar 8, 2016 at 11:16 AM, Cris Berneburg - US 
wrote:

> Chris,
>
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Tuesday, March 08, 2016 10:44 AM
> To: Tomcat Users List
> Subject: Re: Understanding how to controlling what data is written to
> log4j appenders
>
> [SNIP]
>
> >> # stdout is set to be a ConsoleAppender.
> >> log4j.appender.stdout=org.apache.log4j.ConsoleAppender
> >
> > This is what is killing you, plus everything that looks like this:
> >
> > log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, stdou
> t
> >
> > Everything that says log4j.logger.[something]=[level], stdout
> >
> > Is going to send those log messages to the "stdout" appender, which is
> tied
> > to System.out. You'll need to do one of two things to dig yourself out:
> >
> > 1. Use swallowOutput="true" on your , which performs some magic
> to take
> > System.out from applications' calls and redirect it elsewhere else (to
> the tomcat-
> > defined loggers that can be configured in Tomcat's log4j.properties
> file).
> >
> > 2. Change the "stdout" appender to be something other than
> ConsoleAppender, and
> > point it at a file on the disk.
> >
> > I'm not a fan of the first option, but it's sometimes the quickest way
> to handle
> > everything all at once, and usually doesn't require any changes to the
> application's
> > configuration.
>
> [SNIP]
>
> >> # Set root logger level to ERROR and its only appender to stdout.
> >> log4j.rootLogger=ERROR, CFCC
> >>
> >> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender
> >
> > That should probably work.
> >
> > But if you removed log4j.jar from the application, only the global
> log4j.properties
> > file will be read. It's okay to have log4j.jar in the bin/ directory as
> well as your
> > webapp's WEB-INF/lib directory. The former will run/configure Tomcat's
> logging, and
> > the latter will run/configure the application's logging. In fact, if the
> application
> > initializes log4j itself (usually by creating a new PropertyConfigurator
> object), then
> > weird things can happen with the application re-defining the global
> configuration for
> > Tomcat.
> >
> > I'd recommend having two .jar files and two .properties files, just to
> be safe.
>
> Thanks for taking the time to explain these 2 concepts.  It has helped me,
> and hopefully the question's originator, understand the interaction between
> Tomcat and log4j a little better.
>
> --
> Cris Berneburg, Lead Software Engineer, CACI
>
>

Re: Understanding how to controlling what data is written to log4j appenders

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Cris,

On 3/8/16 11:16 AM, Cris Berneburg - US wrote:
> Chris,
> 
> -Original Message- From: Christopher Schultz
> [mailto:ch...@christopherschultz.net] Sent: Tuesday, March 08, 2016
> 10:44 AM To: Tomcat Users List Subject: Re: Understanding how to
> controlling what data is written to log4j appenders
> 
> [SNIP]
> 
>>> # stdout is set to be a ConsoleAppender. 
>>> log4j.appender.stdout=org.apache.log4j.ConsoleAppender
>> 
>> This is what is killing you, plus everything that looks like
>> this:
>> 
>> log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level},
>> stdou t
>> 
>> Everything that says log4j.logger.[something]=[level], stdout
>> 
>> Is going to send those log messages to the "stdout" appender,
>> which is tied to System.out. You'll need to do one of two things
>> to dig yourself out:
>> 
>> 1. Use swallowOutput="true" on your , which performs
>> some magic to take System.out from applications' calls and
>> redirect it elsewhere else (to the tomcat- defined loggers that
>> can be configured in Tomcat's log4j.properties file).
>> 
>> 2. Change the "stdout" appender to be something other than
>> ConsoleAppender, and point it at a file on the disk.
>> 
>> I'm not a fan of the first option, but it's sometimes the
>> quickest way to handle everything all at once, and usually
>> doesn't require any changes to the application's configuration.
> 
> [SNIP]
> 
>>> # Set root logger level to ERROR and its only appender to
>>> stdout. log4j.rootLogger=ERROR, CFCC
>>> 
>>> log4j.appender.CFCC =
>>> org.apache.log4j.DailyRollingFileAppender
>> 
>> That should probably work.
>> 
>> But if you removed log4j.jar from the application, only the
>> global log4j.properties file will be read. It's okay to have
>> log4j.jar in the bin/ directory as well as your webapp's
>> WEB-INF/lib directory. The former will run/configure Tomcat's
>> logging, and the latter will run/configure the application's
>> logging. In fact, if the application initializes log4j itself
>> (usually by creating a new PropertyConfigurator object), then 
>> weird things can happen with the application re-defining the
>> global configuration for Tomcat.
>> 
>> I'd recommend having two .jar files and two .properties files,
>> just to be safe.
> 
> Thanks for taking the time to explain these 2 concepts.  It has 
> helped me, and hopefully the question's originator, understand the 
> interaction between Tomcat and log4j a little better.

Yeah, it's a shame it's the case, but to understand how logging works,
you also have to understand how the logger configures itself (which
isn't a big deal), and that also means understanding how Java
ClassLoaders work.

I didn't even say anything about ClassLoaders, but that's why this is
all happening: when log4j is loaded, it only has visibility to the
classes that have been loaded by its own ClassLoader or those "higher
up" in the chain of ClassLoaders that go up to the initial ClassLoader
that the JVM starts to load everything.

You can even break the chain of ClassLoaders a bit if you want.

For example, Tomcat uses its own bootstrap ClassLoader to load some
very basic things, then loads the container in a separate ClassLoader
so that it doesn't interfere with anything the web applications are doin
g.

Then each web application gets its own ClassLoader which doesn't have
visibility into the server's ClassLoader. There are some games being
played with which classes are and are not available to either (or
both) Tomcat and the applications, much of which is not visible to the
user unless they (a) understand it and (b) configure it differently
from the default.

The upshot is that, if you have your own log4j.jar file bundled with
your application (which I think you *should*), then when you try to
initialize it, it will initialize based upon the application's logging
configuration and basically be completely separate from Tomcat's
logging configuration.

Then there is System.out, which is shared by everyone. So if your web
application's logger is configure to log to System.out, then Tomcat's
logger can capture that logging and *also* redirect it to wherever it
wants.

It's kind of like a river, where you can redirect the water almost
wherever you want (except that this river can also clone water
molecules and send them in two directions *at once*). Okay, terrible
analogy. Sorry.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbe/2sACgkQ9CaO5/Lv0PCDFACgoMbWEU6jFVj4sfuw54I/61Ck
WmMAn3ZbQOJQvPmvcu5wdY4zSFXS76Fw
=q5s7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Warning response header

2016-03-08 Thread Sean Dawson

On Tue, Mar 8, 2016 at 10:58 AM, Mark Eggers 
wrote:

> Chris,
>
> On 3/8/2016 7:52 AM, Christopher Schultz wrote:
> > Mark,
> >
> > On 3/7/16 5:47 PM, Mark Eggers wrote:
> >> Sean,
> >
> >> I just noticed something else:
> >
> >> On 3/7/2016 2:11 PM, Sean Dawson wrote:
> >>> On Sun, Mar 6, 2016 at 12:48 PM, Sean Dawson
> >>>  wrote:
> >>>
> 
>  Tomcat 8_32 Windows 7 Java 8_51 RestEasy 3.0.11.Final GWT 2.7.0
>  (Jetty jetty-9.3.5.v20151012)
> 
>  Servlet code makes a RestEasy call to another servlet (same
>  container) - second servlet sets the 'Warning' HTTP header on
>  response.  Would like to access that in first servlet but when
>  running in Tomcat, that header is not included.
> 
>  Code to get header in first servlet:
> 
>  Object headers = ((ClientResponseFailure)
>  e).getResponse().getResponseHeaders().get("Warning");
> 
>  Also tried: getHeaders(), getStringHeaders(), and
>  getHeaderString().
> 
>  When running GWT in superdev mode in IntelliJ (15.0.4) using
>  Jetty, the above returns a List with one item that contains the
>  warning string.  When remote debugging Tomcat, that call
>  returns null.
> 
>  Added this to web app xml, and also tried Tomcat
>  conf/web.xml...
> 
>   CorsFilter
>  org.apache.catalina.filters.CorsFilter
> 
> 
> > 
>  cors.exposed.headers
>  Warning  
>   CorsFilter
>  /* 
> 
>  Also tried cors.allowed.headers.
> 
>  Any pointers?
> 
> 
> >>>
> >>> Alright, lets try this again.  Simple reproducible testcase...
> >>>
> >>> - download latest Tomcat 8 for Windows 64-bit zip
> >>> http://mirrors.ocf.berkeley.edu/apache/tomcat/tomcat-8/v8.0.32/bin/ap
> > ache-tomcat-8.0.32-windows-x64.zip
> >>>
> >>>
> > - extract somewhere
> >>> - delete everything in webapps folder - build project below, put
> >>> in webapps folder - go to: http://localhost:8080/one - check
> >>> response headers... no Warning header
> >>>
> >>> ** pom.xml **
> >>>
> >>> http://maven.apache.org/POM/4.0.0;
> >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
> >>> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> >>> http://maven.apache.org/maven-v4_0_0.xsd;>
> >>> 4.0.0
> >>>
> >>> test tcTest
> >>> war 1.0-SNAPSHOT
> >>>
> >>> tcTest Maven Webapp
> >>> http://maven.apache.org
> >>>
> >>>   org.glassfish
> >>> javax.servlet 3.1.1
> >>>   org.jboss.resteasy
> >>> resteasy-client
> >>> 3.0.11.Final  
> >>>
> >>>  ROOT  
> >>>
> >>>
> >>> ** web.xml **
> >>>
> >>>
> >>>  >>> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd; >
> >>>
> >>>  Archetype Created Web
> >>> Application
> >>>
> >>>  One
> >>> pkg.ServletOne 
> >>>
> >>>  One
> >>> /one/* 
> >>>
> >>>  Two
> >>> pkg.ServletTwo 
> >>>
> >>>  Two
> >>> /two/*  
> >>>
> >>>
> >>> ** index.html **
> >>>
> >>>
> >>>   Hello World!  
> >>>
> >>>
> >>> ** Caller interface **
> >>>
> >>>
> >>> package pkg;
> >>>
> >>> import javax.ws.rs.GET; import javax.ws.rs.Path;
> >>>
> >>> public interface Caller { @GET @Path("two") String makeCall(); }
> >>>
> >>>
> >>>
> >>> ** Servlet one **
> >>>
> >>>
> >>> package pkg;
> >>>
> >>> import java.io.IOException;
> >>>
> >>> import javax.servlet.ServletException; import
> >>> javax.servlet.http.HttpServlet; import
> >>> javax.servlet.http.HttpServletRequest; import
> >>> javax.servlet.http.HttpServletResponse; import
> >>> javax.ws.rs.core.MediaType;
> >>>
> >>> import org.jboss.resteasy.client.ProxyBuilder;
> >>>
> >>> public class ServletOne extends HttpServlet { Caller caller;
> >>>
> >>> @Override public void init() throws ServletException { caller =
> >>> ProxyBuilder.build(Caller.class, "http://localhost:8080;).now();
> >>> }
> >>>
> >>> @Override protected void doGet(HttpServletRequest request,
> >>> HttpServletResponse response) throws ServletException,
> >>> IOException { String result = caller.makeCall();
> >>> response.getWriter().println(result); } }
> >>>
> >>>
> >>> ** Servlet two **
> >>>
> >>>
> >>> package pkg;
> >>>
> >>> import java.io.IOException;
> >>>
> >>> import javax.servlet.ServletException; import
> >>> javax.servlet.http.HttpServlet; import
> >>> javax.servlet.http.HttpServletRequest; import
> >>> javax.servlet.http.HttpServletResponse;
> >>>
> >>> public class ServletTwo extends HttpServlet { @Override protected
> >>> void doGet(HttpServletRequest request, HttpServletResponse
> >>> response) throws ServletException, IOException {
> >>> addHeader(response); response.getWriter().println("Ok"); }
> >>>
> >>> void addHeader(HttpServletResponse response) {
> >>> response.setHeader("Warning", "This is a warning"); // also tried
> >>> addHeader() } }
> >>>
> >
> >>  >> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd; >
> >
> >> Should probably be:
> >
> >> http://xmlns.jcp.org/xml/ns/javaee;
> >>

Re: Mapping servlet to non English url pattern

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yuval,

On 3/8/16 3:14 AM, Yuval Schwartz wrote:
> Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux
> 
> Hello,
> 
> I want to map my servlet to a Hebrew url pattern.

Hmm.

> I tried placing the hebrew url pattern both in the "@webservlet"
> annotation (urlpatterns attribute) and in the the web.xml file. In
> both cases it doesn't work, it's as if there's nothing mapped to
> the url specified.
> 
> I though to specify the URIEncoding parameter of the connector but
> saw that this defaults to "utf-8" in tomcat 8.

Yes, it does.

So you are trying to set the url-pattern for a servlet mapping?

When you do it -- either using @WebServlet or  -- can
you connect via JMX to observe the pattern that's been read into the
configuration? First, I'd want to make sure that the Hebrew characters
haven't been destroyed by the loading process of the XML file or by
the compiler, or even by Tomcat.

Can you confirm that the browser is sending the URL without ruining it
as well?

Tomcat's Mapper follows the spec-defined rules for mapping a URL to a
servlet, so it's possible that another servlet will take-over the
mapping, depending upon how it's defined. Remember, the spec says that
an exact-match wins, followed by a prefix-match (/foo/bar/baz/*)
(longest match wins), followed by an extension-match (*.img), followed
by things like welcome-file resources, etc.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbe/IMACgkQ9CaO5/Lv0PCupACbBDmQYb9WmxM6R0F+FpKK6bB5
/DMAnAv7tv6nYOcfQDXFl1NltegV47lA
=L+ec
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Understanding how to controlling what data is written to log4j appenders

2016-03-08 Thread Cris Berneburg - US

Chris,

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Tuesday, March 08, 2016 10:44 AM
To: Tomcat Users List
Subject: Re: Understanding how to controlling what data is written to log4j 
appenders

[SNIP]

>> # stdout is set to be a ConsoleAppender. 
>> log4j.appender.stdout=org.apache.log4j.ConsoleAppender
>
> This is what is killing you, plus everything that looks like this:
>
> log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, stdou t
>
> Everything that says log4j.logger.[something]=[level], stdout
>
> Is going to send those log messages to the "stdout" appender, which is tied
> to System.out. You'll need to do one of two things to dig yourself out:
>
> 1. Use swallowOutput="true" on your , which performs some magic to 
> take
> System.out from applications' calls and redirect it elsewhere else (to the 
> tomcat-
> defined loggers that can be configured in Tomcat's log4j.properties file).
>
> 2. Change the "stdout" appender to be something other than ConsoleAppender, 
> and
> point it at a file on the disk.
>
> I'm not a fan of the first option, but it's sometimes the quickest way to 
> handle
> everything all at once, and usually doesn't require any changes to the 
> application's
> configuration.

[SNIP]

>> # Set root logger level to ERROR and its only appender to stdout. 
>> log4j.rootLogger=ERROR, CFCC
>> 
>> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender
>
> That should probably work.
>
> But if you removed log4j.jar from the application, only the global 
> log4j.properties
> file will be read. It's okay to have log4j.jar in the bin/ directory as well 
> as your
> webapp's WEB-INF/lib directory. The former will run/configure Tomcat's 
> logging, and
> the latter will run/configure the application's logging. In fact, if the 
> application
> initializes log4j itself (usually by creating a new PropertyConfigurator 
> object), then
> weird things can happen with the application re-defining the global 
> configuration for
> Tomcat.
>
> I'd recommend having two .jar files and two .properties files, just to be 
> safe.

Thanks for taking the time to explain these 2 concepts.  It has helped me, and 
hopefully the question's originator, understand the interaction between Tomcat 
and log4j a little better.

--
Cris Berneburg, Lead Software Engineer, CACI

Re: Question about your recent security (CVE-2015-5345) fix in 7.0.68 build

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harish,

On 3/7/16 6:02 PM, Harish Krishnan wrote:
> Unfortunately, i still could not verify this vulnerability as it
> still appears not fixed & my requests get redirected.

What makes you think that the requests should not be redirected?

> Instead of using the manager webapp that comes default in tomcat,
> we created a sample webapp with the following security constraint
> -   
> hello.html  
>   
> sercure-hello 
> /*  
>  
> NONE 
>   
> 
> Accessing http://localhost:8080/a (which exist) gets redirected to 
> http://localhost:8080/a/ & then get 404. Accessing
> http://localhost:8080/b (does not exist) simply gets 404.

Where did you deploy this sample web application?

> I have set the context attribute (mapperContextRootRedirectEnabled)
> as well -  antiResourceLocking="false" privileged="true">   
> 
> My question simply boils down to, What additional setting i need to
> do for the above redirect to NOT happen.

Which redirect? A redirect for a protected directory inside of a
deployed web application (which is what this CVE covers) or the
redirect for a deployed web application (which is not what this CVE
covers)?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbe9twACgkQ9CaO5/Lv0PBaqQCeMMYqM8+hPnekw1NM8I5NNa0J
uaQAn2Kp35FIKikIFfZdlao4Un1NCNGe
=/uiq
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Warning response header

2016-03-08 Thread Mark Eggers

Chris,

On 3/8/2016 7:52 AM, Christopher Schultz wrote:
> Mark,
> 
> On 3/7/16 5:47 PM, Mark Eggers wrote:
>> Sean,
> 
>> I just noticed something else:
> 
>> On 3/7/2016 2:11 PM, Sean Dawson wrote:
>>> On Sun, Mar 6, 2016 at 12:48 PM, Sean Dawson
>>>  wrote:
>>>

 Tomcat 8_32 Windows 7 Java 8_51 RestEasy 3.0.11.Final GWT 2.7.0
 (Jetty jetty-9.3.5.v20151012)

 Servlet code makes a RestEasy call to another servlet (same
 container) - second servlet sets the 'Warning' HTTP header on
 response.  Would like to access that in first servlet but when
 running in Tomcat, that header is not included.

 Code to get header in first servlet:

 Object headers = ((ClientResponseFailure) 
 e).getResponse().getResponseHeaders().get("Warning");

 Also tried: getHeaders(), getStringHeaders(), and
 getHeaderString().

 When running GWT in superdev mode in IntelliJ (15.0.4) using
 Jetty, the above returns a List with one item that contains the
 warning string.  When remote debugging Tomcat, that call
 returns null.

 Added this to web app xml, and also tried Tomcat
 conf/web.xml...

  CorsFilter 
 org.apache.catalina.filters.CorsFilter


> 
 cors.exposed.headers 
 Warning   
  CorsFilter 
 /* 

 Also tried cors.allowed.headers.

 Any pointers?


>>>
>>> Alright, lets try this again.  Simple reproducible testcase...
>>>
>>> - download latest Tomcat 8 for Windows 64-bit zip 
>>> http://mirrors.ocf.berkeley.edu/apache/tomcat/tomcat-8/v8.0.32/bin/ap
> ache-tomcat-8.0.32-windows-x64.zip
>>>
>>>
> - extract somewhere
>>> - delete everything in webapps folder - build project below, put
>>> in webapps folder - go to: http://localhost:8080/one - check
>>> response headers... no Warning header
>>>
>>> ** pom.xml **
>>>
>>> http://maven.apache.org/POM/4.0.0; 
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
>>> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
>>> http://maven.apache.org/maven-v4_0_0.xsd;> 
>>> 4.0.0
>>>
>>> test tcTest 
>>> war 1.0-SNAPSHOT
>>>
>>> tcTest Maven Webapp 
>>> http://maven.apache.org
>>>
>>>   org.glassfish 
>>> javax.servlet 3.1.1 
>>>   org.jboss.resteasy 
>>> resteasy-client 
>>> 3.0.11.Final  
>>>
>>>  ROOT  
>>>
>>>
>>> ** web.xml **
>>>
>>>
>>> >> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd; >
>>>
>>>  Archetype Created Web
>>> Application
>>>
>>>  One 
>>> pkg.ServletOne 
>>>
>>>  One 
>>> /one/* 
>>>
>>>  Two 
>>> pkg.ServletTwo 
>>>
>>>  Two 
>>> /two/*  
>>>
>>>
>>> ** index.html **
>>>
>>>
>>>   Hello World!  
>>>
>>>
>>> ** Caller interface **
>>>
>>>
>>> package pkg;
>>>
>>> import javax.ws.rs.GET; import javax.ws.rs.Path;
>>>
>>> public interface Caller { @GET @Path("two") String makeCall(); }
>>>
>>>
>>>
>>> ** Servlet one **
>>>
>>>
>>> package pkg;
>>>
>>> import java.io.IOException;
>>>
>>> import javax.servlet.ServletException; import
>>> javax.servlet.http.HttpServlet; import
>>> javax.servlet.http.HttpServletRequest; import
>>> javax.servlet.http.HttpServletResponse; import
>>> javax.ws.rs.core.MediaType;
>>>
>>> import org.jboss.resteasy.client.ProxyBuilder;
>>>
>>> public class ServletOne extends HttpServlet { Caller caller;
>>>
>>> @Override public void init() throws ServletException { caller =
>>> ProxyBuilder.build(Caller.class, "http://localhost:8080;).now(); 
>>> }
>>>
>>> @Override protected void doGet(HttpServletRequest request, 
>>> HttpServletResponse response) throws ServletException,
>>> IOException { String result = caller.makeCall(); 
>>> response.getWriter().println(result); } }
>>>
>>>
>>> ** Servlet two **
>>>
>>>
>>> package pkg;
>>>
>>> import java.io.IOException;
>>>
>>> import javax.servlet.ServletException; import
>>> javax.servlet.http.HttpServlet; import
>>> javax.servlet.http.HttpServletRequest; import
>>> javax.servlet.http.HttpServletResponse;
>>>
>>> public class ServletTwo extends HttpServlet { @Override protected
>>> void doGet(HttpServletRequest request, HttpServletResponse
>>> response) throws ServletException, IOException { 
>>> addHeader(response); response.getWriter().println("Ok"); }
>>>
>>> void addHeader(HttpServletResponse response) { 
>>> response.setHeader("Warning", "This is a warning"); // also tried
>>> addHeader() } }
>>>
> 
>> > Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd; >
> 
>> Should probably be:
> 
>> http://xmlns.jcp.org/xml/ns/javaee; 
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
>> xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
>> http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd; version="3.1">
> 
>> (sorry for the word wrapping).
> 
>> I normally don't use web.xml in my 3.1 applications. I end up
>> using annotations instead.
> 
> It probably doesn't matter, since the servlet EG clarified that a
> container needs to behave the same regardless of the spec-version
> stated in the

Re: Warning response header

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mark,

On 3/7/16 5:47 PM, Mark Eggers wrote:
> Sean,
> 
> I just noticed something else:
> 
> On 3/7/2016 2:11 PM, Sean Dawson wrote:
>> On Sun, Mar 6, 2016 at 12:48 PM, Sean Dawson
>>  wrote:
>> 
>>> 
>>> Tomcat 8_32 Windows 7 Java 8_51 RestEasy 3.0.11.Final GWT 2.7.0
>>> (Jetty jetty-9.3.5.v20151012)
>>> 
>>> Servlet code makes a RestEasy call to another servlet (same
>>> container) - second servlet sets the 'Warning' HTTP header on
>>> response.  Would like to access that in first servlet but when
>>> running in Tomcat, that header is not included.
>>> 
>>> Code to get header in first servlet:
>>> 
>>> Object headers = ((ClientResponseFailure) 
>>> e).getResponse().getResponseHeaders().get("Warning");
>>> 
>>> Also tried: getHeaders(), getStringHeaders(), and
>>> getHeaderString().
>>> 
>>> When running GWT in superdev mode in IntelliJ (15.0.4) using
>>> Jetty, the above returns a List with one item that contains the
>>> warning string.  When remote debugging Tomcat, that call
>>> returns null.
>>> 
>>> Added this to web app xml, and also tried Tomcat
>>> conf/web.xml...
>>> 
>>>  CorsFilter 
>>> org.apache.catalina.filters.CorsFilter
>>>
>>> 

>>> cors.exposed.headers 
>>> Warning   
>>>  CorsFilter 
>>> /* 
>>> 
>>> Also tried cors.allowed.headers.
>>> 
>>> Any pointers?
>>> 
>>> 
>> 
>> Alright, lets try this again.  Simple reproducible testcase...
>> 
>> - download latest Tomcat 8 for Windows 64-bit zip 
>> http://mirrors.ocf.berkeley.edu/apache/tomcat/tomcat-8/v8.0.32/bin/ap
ache-tomcat-8.0.32-windows-x64.zip
>>
>> 
- - extract somewhere
>> - delete everything in webapps folder - build project below, put
>> in webapps folder - go to: http://localhost:8080/one - check
>> response headers... no Warning header
>> 
>> ** pom.xml **
>> 
>> http://maven.apache.org/POM/4.0.0; 
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
>> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
>> http://maven.apache.org/maven-v4_0_0.xsd;> 
>> 4.0.0
>> 
>> test tcTest 
>> war 1.0-SNAPSHOT
>> 
>> tcTest Maven Webapp 
>> http://maven.apache.org
>> 
>>   org.glassfish 
>> javax.servlet 3.1.1 
>>   org.jboss.resteasy 
>> resteasy-client 
>> 3.0.11.Final  
>> 
>>  ROOT  
>> 
>> 
>> ** web.xml **
>> 
>> 
>> > Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd; >
>> 
>>  Archetype Created Web
>> Application
>> 
>>  One 
>> pkg.ServletOne 
>> 
>>  One 
>> /one/* 
>> 
>>  Two 
>> pkg.ServletTwo 
>> 
>>  Two 
>> /two/*  
>> 
>> 
>> ** index.html **
>> 
>> 
>>   Hello World!  
>> 
>> 
>> ** Caller interface **
>> 
>> 
>> package pkg;
>> 
>> import javax.ws.rs.GET; import javax.ws.rs.Path;
>> 
>> public interface Caller { @GET @Path("two") String makeCall(); }
>> 
>> 
>> 
>> ** Servlet one **
>> 
>> 
>> package pkg;
>> 
>> import java.io.IOException;
>> 
>> import javax.servlet.ServletException; import
>> javax.servlet.http.HttpServlet; import
>> javax.servlet.http.HttpServletRequest; import
>> javax.servlet.http.HttpServletResponse; import
>> javax.ws.rs.core.MediaType;
>> 
>> import org.jboss.resteasy.client.ProxyBuilder;
>> 
>> public class ServletOne extends HttpServlet { Caller caller;
>> 
>> @Override public void init() throws ServletException { caller =
>> ProxyBuilder.build(Caller.class, "http://localhost:8080;).now(); 
>> }
>> 
>> @Override protected void doGet(HttpServletRequest request, 
>> HttpServletResponse response) throws ServletException,
>> IOException { String result = caller.makeCall(); 
>> response.getWriter().println(result); } }
>> 
>> 
>> ** Servlet two **
>> 
>> 
>> package pkg;
>> 
>> import java.io.IOException;
>> 
>> import javax.servlet.ServletException; import
>> javax.servlet.http.HttpServlet; import
>> javax.servlet.http.HttpServletRequest; import
>> javax.servlet.http.HttpServletResponse;
>> 
>> public class ServletTwo extends HttpServlet { @Override protected
>> void doGet(HttpServletRequest request, HttpServletResponse
>> response) throws ServletException, IOException { 
>> addHeader(response); response.getWriter().println("Ok"); }
>> 
>> void addHeader(HttpServletResponse response) { 
>> response.setHeader("Warning", "This is a warning"); // also tried
>> addHeader() } }
>> 
> 
>  Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd; >
> 
> Should probably be:
> 
> http://xmlns.jcp.org/xml/ns/javaee; 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
> xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
> http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd; version="3.1">
> 
> (sorry for the word wrapping).
> 
> I normally don't use web.xml in my 3.1 applications. I end up
> using annotations instead.

It probably doesn't matter, since the servlet EG clarified that a
container needs to behave the same regardless of the spec-version
stated in the web.xml file. (Which I think is a very stupid position
to take.)

The behavior is supposed to be whatever the highest spec-compliance

Re: Understanding how to controlling what data is written to log4j appenders

2016-03-08 Thread tomcat

On 08.03.2016 15:15, Joleen Barker wrote:

Thank you for the idea. Worst case scenario, that is what I would have to
do but I'm hoping someone that may have more experience than myself with be
able to see that one thing I am missing. Another pair of eyes is always a
good thing.

Unfortunately Joleen, you are here encountering the typical "irresistible force against
unmovable object" paradigm.
Every programmer in the world suffers from hubris and laziness. Java and Tomcat
programmers are no different.
Logging is boring, and it is thus not something that the average program author thinks
about very much or spends a lot of time on, until their supposedly perfect opus (here the
hubris element) crashes badly, and they are at a loss to explain where or why.
And when that happens, rather than going through the code again, and insert the simple and
explicit logging statements which could have been there in the first place, they would
much rather "delegate" the work to some outside agent, whose setup is preferably to be
done by someone else (here the laziness element).
And since this external logging agent has no idea of the logic of the piece of code it is
supposed to log things about, perforce it has to be some quite complex opus itself, with a
lot of cryptic configuration elements telling it where to insert itself, what to pick up
and where to send it.
Hence something like log4j (which is in itself an admirable piece of work, and may well be
an opus of a magnitude and complexity similar to Tomcat, say. Ok, not quite; it's jar file
is only about 1/3 the size of the Tomcat jars).
So anyway, in the same way that no normal programmer really likes going through the code
of someone else and attempting to understand it, not many people like to go through the
log4j configuration file of someone else (which pretty much looks like its own programming
language).
So unless you find a really empathic soul here, it looks like you may now be pretty much
on your own now, or to say this more canonically : the implementation details are left as
an exercise to the reader.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Advice on Cluster in one machine

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Edwin,

On 3/8/16 8:19 AM, Edwin Quijada wrote:
> I am new using Tomcat so I have a question about performance. I 
> have installed a cluster with 2 tomcats and apache webserver like 
> proxy in front of Tomcat cluster but this whole thing is in one 
> server, somebody tell me that is not useful beacuse is in the same 
> server that is better give more resources to one tomcat and not
> split the resources in two.

Performance-wise, your friend is right: a two-node cluster on one
machine is going to use more resources than a single node on that machin
e.

However, running two cluster nodes on a single server isn't a
completely stupid idea. If you want to have zero-downtime deployments,
you can take one node down, upgrade it, then switch. So there's value
there. As for fault-tolerance, the single point of failure is the
whole machine: if that server isn't available, no services are available
.

That's why people usually have a hardware load balancer (fairly
simple, fairly reliable) and several web/app servers, just in case one
of them fails. If one node fails, the service is still available.

> Somebody here can give any advice about this configuration what do 
> you think about this ? In this server I have websockets in cluster 
> and I am having problems with websockets in cluster

Clustering and websockets have little to do with one another, since
the connection goes to one node and the cluster really just manages
things like sessions (which are orthogonal to connections, protocols,
etc.).

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbe9DcACgkQ9CaO5/Lv0PCvSACeP5LxHVddVmygYBSDCMy/bzyI
kcsAoMRRZOREaWubUGJFrviRSx/cVAUK
=1OIe
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Understanding how to controlling what data is written to log4j appenders

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joleen,

On 3/7/16 12:31 PM, Joleen Barker wrote:
> The only thing I can think of to help you understand where I am at
> is to post the different log4j.properties config files I have. So I
> will post the one I have that went in for my default Tomcat
> messages and is working fine.

Perfect.

> Updated log4j.properties file I now use in my CATALINA/lib
> directory and is my base of my understanding for the changes I made
> to the Vendor's log4j.properties file.
> 
> My appender that rolls daily is CFCC and is getting most of what
> was in the catalina.out log originally (this one I was happy
> with):
> 
> log4j.rootLogger = INFO, CATALINA

This one looks fine.

> Below this line is the Vendor's original one that was in the 
> /classes directory ( I also removed their
> log4j-1.2.8-1.jar that was in the /lib directory folder as
> it was older than the one I was using that is log4j-1.2.17.jar):

 (most of this is boring)

> # Set root logger level to ERROR and its only appender to stdout. 
> log4j.rootLogger=ERROR, stdout

Interesting, but only until:

> # stdout is set to be a ConsoleAppender. 
> log4j.appender.stdout=org.apache.log4j.ConsoleAppender

This is what is killing you, plus everything that looks like this:

log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, stdou
t

Everything that says log4j.logger.[something]=[level], stdout

Is going to send those log messages to the "stdout" appender, which is
tied to System.out. You'll need to do one of two things to dig
yourself out:

1. Use swallowOutput="true" on your , which performs some
magic to take System.out from applications' calls and redirect it
elsewhere else (to the tomcat-defined loggers that can be configured
in Tomcat's log4j.properties file).

2. Change the "stdout" appender to be something other than
ConsoleAppender, and point it at a file on the disk.

I'm not a fan of the first option, but it's sometimes the quickest way
to handle everything all at once, and usually doesn't require any
changes to the application's configuration.

> Below this line is my updated vendor log4j.properties file (I
> really just added my CFCC appender information and changed anything
> that read to use "stdout"  since the log4j.rootLogger was set to
> that to  "CFCC" and then moved any logger and additivity to the
> bottom of the file. But I'm thinking I may need to give the Tomcat
> log4j CFCC appender a different file name to separate the
> application log information from Tomcats log4j output that gets
> written to the CFCC appender now. I also don't know what happens
> to the rollover if the two arr referencing the same file name. I
> was thinking it may roll over twice of something. What do you
> think, can they both use the same one? I was trying to make it
> similar to what happens in the product by default.)
> 
> 
> # Set root logger level to ERROR and its only appender to stdout. 
> log4j.rootLogger=ERROR, CFCC
> 
> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender

That should probably work.

But if you removed log4j.jar from the application, only the global
log4j.properties file will be read. It's okay to have log4j.jar in the
bin/ directory as well as your webapp's WEB-INF/lib directory. The
former will run/configure Tomcat's logging, and the latter will
run/configure the application's logging. In fact, if the application
initializes log4j itself (usually by creating a new
PropertyConfigurator object), then weird things can happen with the
application re-defining the global configuration for Tomcat.

I'd recommend having two .jar files and two .properties files, just to
be safe.

> # stdout is set to be a ConsoleAppender. 
> log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender 
> log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout 
> log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [%t]
> %-5p %c %x - %m%n

The comment is wrong; the ConsuleAppender is called CONSOLE, not stdout.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbe8zIACgkQ9CaO5/Lv0PD6/gCfabK0eTyRhBgC/cNDj8fAV3L0
1csAniZXE2j9DPzqYg2vPEGs+KwzNegn
=PKZ3
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Advice on Cluster in one machine

From: André Warnier (tomcat) 
Sent: Tuesday, March 8, 2016 1:46 PM
To: users@tomcat.apache.org
Subject: Re: Advice on Cluster in one machine

On 08.03.2016 14:19, Edwin Quijada wrote:
> Hi!
> I am new using Tomcat so I have a question about performance. I have 
> installed a cluster with 2 tomcats and apache webserver like proxy in front 
> of Tomcat cluster but this whole thing is in one server, somebody tell me 
> that is not useful beacuse is in the same server that is better give more 
> resources to one tomcat and not split the resources in two.
>
> Somebody here can give any advice about this configuration what do you think 
> about this ? In this server I have websockets in cluster and I am having 
> problems with websockets in cluster
>
>
> Any advice ?
>

Hi.

If you *really* want to test which of the configurations provides the best 
results with
your particular caseload, then you will have a lot of work ahead of you to 
build a
representative workload and an appropriate test/measurement framework.

Non-authoritative advice :

Intuitively, just the fact of having a front-end and a cluster configuration 
all on the
same server, will already introduce a significant overhead which a simpler 
configuration
would not have.

Intuitively thus, I would recommend to try the simplest configuration first, 
and only if
you see problems, then measure what the problem is, and come back for help here.
No need to over-complicate your setup and maintenance before then.

Unless you need it also for something else, forget the httpd front-end and the 
clustered
Tomcats, and have a single Tomcat act directly as the webserver/websocket 
server.

OK, thks. 
I did this configuration because I will use a lot of users to my app . Someboyd 
told me that for this case is much better to use Apache like proxy to redirect 
request to Tomcat besides dont use port 8080 . I have used Tomcat as webapp 
before always using 8080 port but now I wanted dont use the port 8080 just use 
myserver.com/app1 or use subdomains for app.

I take your advice.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Understanding how to controlling what data is written to log4j appenders

2016-03-08 Thread Joleen Barker

Thank you for the idea. Worst case scenario, that is what I would have to
do but I'm hoping someone that may have more experience than myself with be
able to see that one thing I am missing. Another pair of eyes is always a
good thing.

-Joleen

On Tue, Mar 8, 2016 at 8:39 AM, Cris Berneburg - US 
wrote:

> Joleen
>
> >-Original Message-
> >From: Joleen Barker [mailto:oldenuf2no...@gmail.com]
> >Sent: Monday, March 07, 2016 3:54 PM
> >To: Tomcat Users List
> >Subject: Re: Understanding how to controlling what data is written to
> log4j appenders
> >
> >One more thing I tried was to change the parent for the rootlogger from
> CFCC to be CONSOLE to attempt to make it to where my log was not the parent
> and it still didn't change it. I am getting 0 messages in my cfcc log and
> everything still going to catalina.out.
> >
> >I know I'm so close to figuring out what little setting I am missing.
> >
> >
> >
> >On Mon, Mar 7, 2016 at 2:07 PM, Joleen Barker 
> >wrote:
> >
> >> There is a comment that says:
> >>
> >> #stdout is set to be a ConsoleAppender
> >>
> >> But I changed the "stdout" that was set as the parent to CFCC so I
> >> thought then everything would go to the parent but I don't receive any
> of the logs.
> >> My cfcc log is just about empty except for the startup details. So I
> >> went ahead and changed the CATALINABASE/lib log4j.properties file name
> >> appender CFCC to go to a file named tomcat instead so I could
> >> differentiate between the application logs and the tomcat logs.
> >>
> >> Now I get the startup messages in a log called tomcat (this is fine)
> >> and not one message in my cfcc log. Even with my updated
> >> log4j.properties file sitting in the WEB-INF/classes directory so I
> >> must have something configured wrong that they are all still going to
> >> the standard Stdout/Stderr.
> >>
> >>
> >>
> >> On Mon, Mar 7, 2016 at 12:54 PM, Joleen Barker
> >> 
> >> wrote:
> >>
> >>> I forgot to tell Chuck that the swallowOutput parm is set to true in
> >>> the context. When you see the vendor's log4j.properties you will see
> >>> why there were so many messages still going to the catalina.out due
> >>> to them using stdout.
> >>>
> >>> -Joleen
> >>>
> >>> On Mon, Mar 7, 2016 at 12:31 PM, Joleen Barker
> >>> 
> >>> wrote:
> >>>
>  Hello Christopher, Charles, and Cris,
> 
>  Thank you for all the responses. Thank you for the encouragement. I
>  dusted off my pants and went back at it. I made changes to the
>  Vendors log4j.properties file. When I really looked at it I was able
>  to determine they were things I was familiar with and the layout was
>  just throwing me off so I moved things around so the layout was
>  similar to the default log4j.properties I had. So I think I am
>  getting this a lot more. However, there are still some messages
>  going to the catalina.out. I think this will answer Chucks question
> as to if the product was really using log4j.
> 
>  The only thing I can think of to help you understand where I am at
>  is to post the different log4j.properties config files I have. So I
>  will post the one I have that went in for my default Tomcat messages
> and is working fine.
> 
>  Updated log4j.properties file I now use in my CATALINA/lib directory
>  and is my base of my understanding for the changes I made to the
>  Vendor's log4j.properties file.
> 
>  My appender that rolls daily is CFCC and is getting most of what was
>  in the catalina.out log originally (this one I was happy with):
>
> [SNIP]
>
>  Below this line is my updated vendor log4j.properties file (I really
>  just added my CFCC appender information and changed anything that
>  read to use "stdout"  since the log4j.rootLogger was set to that to
>  "CFCC" and then moved any logger and additivity to the bottom of the
>  file. But I'm thinking I may need to give the Tomcat log4j CFCC
>  appender a different file name to separate the application log
>  information from Tomcats log4j output that gets written to the CFCC
>  appender now. I also don't know what happens to the rollover if the
>  two arr referencing the same file name. I was thinking it may roll
>  over twice of something. What do you think, can they both use the
>  same one? I was trying to make it similar to what happens in the
>  product by default.)
>
> [SNIP]
>
>  I know, it's a lot to look at. Thank you for the help.
>
> Exactly what messages are in the default Tomcat logs that are not making
> it into the log4j logs?
>
> As I am new to log4j, I am somewhat intimidated by your configuration, and
> am not sure how much more helpful I can be.  :-)
>
> However, if I were in your shoes, I would try a systematic approach in
> experimentation.  I would comment out everything in all the log
> configurations.

Re: Configuring a custom folder for Tomcat configuration files

2016-03-08 Thread Chiranga Alwis

Hi,

sorry about that but this was answered after I had sent this email to the
mailing list. Pardon me for that.

On Tue, Mar 8, 2016 at 7:06 PM, Daniel Savard 
wrote:

> Your question has been answered and you shouldn't cross post questions.
> -
> Daniel Savard
>
>
> 2016-03-08 3:31 GMT-05:00 Chiranga Alwis :
> > Hi,
> >
> > please refer the question in stackoverflow
> >
> http://stackoverflow.com/questions/35862427/configuring-custom-tomcat-configuration-folder
> > .
> >
> > Is this possible? Any help is highly appreciated.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

QOSFilter in tomcat 8

2016-03-08 Thread Bhuvan Gupta

Hello all,

Is there a QosFilter available for Tomcat 8, like there is one for jetty

Theory: https://www.eclipse.org/jetty/documentation/current/qos-filter.html
Src:
https://github.com/eclipse/jetty.project/blob/ac24196b0d341534793308d585161381d5bca4ac/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/QoSFilter.java



Thanks
Bhuvan

Re: Advice on Cluster in one machine

2016-03-08 Thread tomcat


On 08.03.2016 14:19, Edwin Quijada wrote:

Hi!
I am new using Tomcat so I have a question about performance. I have installed 
a cluster with 2 tomcats and apache webserver like proxy in front of Tomcat 
cluster but this whole thing is in one server, somebody tell me that is not 
useful beacuse is in the same server that is better give more resources to one 
tomcat and not split the resources in two.

Somebody here can give any advice about this configuration what do you think 
about this ? In this server I have websockets in cluster and I am having 
problems with websockets in cluster


Any advice ?



Hi.

If you *really* want to test which of the configurations provides the best results with 
your particular caseload, then you will have a lot of work ahead of you to build a 
representative workload and an appropriate test/measurement framework.


Non-authoritative advice :

Intuitively, just the fact of having a front-end and a cluster configuration all on the 
same server, will already introduce a significant overhead which a simpler configuration 
would not have.


Intuitively thus, I would recommend to try the simplest configuration first, and only if 
you see problems, then measure what the problem is, and come back for help here.

No need to over-complicate your setup and maintenance before then.

Unless you need it also for something else, forget the httpd front-end and the clustered 
Tomcats, and have a single Tomcat act directly as the webserver/websocket server.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Understanding how to controlling what data is written to log4j appenders

2016-03-08 Thread Cris Berneburg - US

Joleen

>-Original Message-
>From: Joleen Barker [mailto:oldenuf2no...@gmail.com] 
>Sent: Monday, March 07, 2016 3:54 PM
>To: Tomcat Users List
>Subject: Re: Understanding how to controlling what data is written to log4j 
>appenders
>
>One more thing I tried was to change the parent for the rootlogger from CFCC 
>to be CONSOLE to attempt to make it to where my log was not the parent and it 
>still didn't change it. I am getting 0 messages in my cfcc log and everything 
>still going to catalina.out.
>
>I know I'm so close to figuring out what little setting I am missing.
>
>
>
>On Mon, Mar 7, 2016 at 2:07 PM, Joleen Barker 
>wrote:
>
>> There is a comment that says:
>>
>> #stdout is set to be a ConsoleAppender
>>
>> But I changed the "stdout" that was set as the parent to CFCC so I 
>> thought then everything would go to the parent but I don't receive any of 
>> the logs.
>> My cfcc log is just about empty except for the startup details. So I 
>> went ahead and changed the CATALINABASE/lib log4j.properties file name 
>> appender CFCC to go to a file named tomcat instead so I could 
>> differentiate between the application logs and the tomcat logs.
>>
>> Now I get the startup messages in a log called tomcat (this is fine) 
>> and not one message in my cfcc log. Even with my updated 
>> log4j.properties file sitting in the WEB-INF/classes directory so I 
>> must have something configured wrong that they are all still going to 
>> the standard Stdout/Stderr.
>>
>>
>>
>> On Mon, Mar 7, 2016 at 12:54 PM, Joleen Barker 
>> 
>> wrote:
>>
>>> I forgot to tell Chuck that the swallowOutput parm is set to true in 
>>> the context. When you see the vendor's log4j.properties you will see 
>>> why there were so many messages still going to the catalina.out due 
>>> to them using stdout.
>>>
>>> -Joleen
>>>
>>> On Mon, Mar 7, 2016 at 12:31 PM, Joleen Barker 
>>> 
>>> wrote:
>>>
 Hello Christopher, Charles, and Cris,

 Thank you for all the responses. Thank you for the encouragement. I 
 dusted off my pants and went back at it. I made changes to the 
 Vendors log4j.properties file. When I really looked at it I was able 
 to determine they were things I was familiar with and the layout was 
 just throwing me off so I moved things around so the layout was 
 similar to the default log4j.properties I had. So I think I am 
 getting this a lot more. However, there are still some messages 
 going to the catalina.out. I think this will answer Chucks question as to 
 if the product was really using log4j.

 The only thing I can think of to help you understand where I am at 
 is to post the different log4j.properties config files I have. So I 
 will post the one I have that went in for my default Tomcat messages and 
 is working fine.

 Updated log4j.properties file I now use in my CATALINA/lib directory 
 and is my base of my understanding for the changes I made to the 
 Vendor's log4j.properties file.

 My appender that rolls daily is CFCC and is getting most of what was 
 in the catalina.out log originally (this one I was happy with):

[SNIP]

 Below this line is my updated vendor log4j.properties file (I really 
 just added my CFCC appender information and changed anything that 
 read to use "stdout"  since the log4j.rootLogger was set to that to  
 "CFCC" and then moved any logger and additivity to the bottom of the 
 file. But I'm thinking I may need to give the Tomcat log4j CFCC 
 appender a different file name to separate the application log 
 information from Tomcats log4j output that gets written to the CFCC 
 appender now. I also don't know what happens to the rollover if the 
 two arr referencing the same file name. I was thinking it may roll 
 over twice of something. What do you think, can they both use the 
 same one? I was trying to make it similar to what happens in the 
 product by default.)

[SNIP]

 I know, it's a lot to look at. Thank you for the help.

Exactly what messages are in the default Tomcat logs that are not making it 
into the log4j logs?

As I am new to log4j, I am somewhat intimidated by your configuration, and am 
not sure how much more helpful I can be.  :-)

However, if I were in your shoes, I would try a systematic approach in 
experimentation.  I would comment out everything in all the log configurations. 
 Then, one at a time, uncomment one logger and one appender, restart the 
container, and see how the logs behave.  If that one piece of the configuration 
does not work, then tweak it and retry.  Once that portion works, then I would 
move onto the next logger and appender and repeat.

To sum up, if the configuration is complex, simplify it.  Once the simple 
configuration works, then adjust to handle a more advanced setup.

 -Joleen

 On Fri, Mar 4,

Re: Configuring a custom folder for Tomcat configuration files

Your question has been answered and you shouldn't cross post questions.
-
Daniel Savard


2016-03-08 3:31 GMT-05:00 Chiranga Alwis :
> Hi,
>
> please refer the question in stackoverflow
> http://stackoverflow.com/questions/35862427/configuring-custom-tomcat-configuration-folder
> .
>
> Is this possible? Any help is highly appreciated.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Advice on Cluster in one machine

Hi!
I am new using Tomcat so I have a question about performance. I have installed 
a cluster with 2 tomcats and apache webserver like proxy in front of Tomcat 
cluster but this whole thing is in one server, somebody tell me that is not 
useful beacuse is in the same server that is better give more resources to one 
tomcat and not split the resources in two.

Somebody here can give any advice about this configuration what do you think 
about this ? In this server I have websockets in cluster and I am having 
problems with websockets in cluster


Any advice ?


Thks In Advance

Re: Tomcat 7.0.63 - socketBuffer "-1" - linux platform behaviour

2016-03-08 Thread Rashmi R Katagall

I realised my attachment didnt go through. Here is my source code:

My adapter service implementation looks like this:
public class dummyAdapter implements Adapter {
  public boolean asyncDispatch(Request arg0, Response arg1, SocketStatus 
arg2)
 throws Exception {
 return false;
 }

 public boolean event(Request arg0, Response arg1, 
SocketStatus arg2)
 throws Exception {
 return false;
 }

 public String getDomain() {
 return null;
 }

 public void log(Request arg0, Response arg1, long arg2) {
 
 }

 public void service(Request req, Response res) throws 
Exception {
 
System.out.println("We got em");
Thread.sleep(6);
 
 String resp = new String("We got request for |" + 
req.requestURI().toString() + "|");
ByteChunk bc = new ByteChunk();
byte[] respBA = resp.getBytes("utf-8");
bc.setBytes(respBA, 0, respBA.length);
res.setContentLength(respBA.length);
res.doWrite(bc);
res.finish();
 }

 public void checkRecycled(Request arg0, Response arg1) {
 
 }

 public void errorDispatch(Request arg0, Response arg1) {
 
 }
}

BrokerProtocolHandler is:
public class BrokerProtocolHandler extends 
org.apache.coyote.http11.Http11Protocol
{
public BrokerProtocolHandler() {
super();
}
 
public AbstractEndpoint getEndpoint() {
return endpoint;
}
}

Cheers,
Rashmi
 

Ms.Rashmi R.Katagall
IBM(ISL),
Rajiv Gandhi Infotech Pk, Phase 2
Hinjewadi, Pune.
Tel: 020-42026585 | Cell: 08380099916 | Email: rashmikatag...@in.ibm.com






From:   Rashmi R Katagall/India/IBM@IBMIN
To: users@tomcat.apache.org
Date:   2016-03-07 04:58 PM
Subject:Tomcat 7.0.63 - socketBuffer "-1" - linux platform 
behaviour



Hi,

I have implemented a service using Http11Protocol and I have disabled the 
socketBuffer for the object by setting its value to "-1". When the client 
disconnects before the server responds, then on windows I see the 
exception:

SEVERE: Error processing request
java.net.SocketException: Unrecognized Windows Sockets error: 0: socket 
write er
ror
   at 
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:125)
   at java.net.SocketOutputStream.write(SocketOutputStream.java:171)
   at 
org.apache.coyote.http11.InternalOutputBuffer$OutputStreamOutputBuffe
r.doWrite(InternalOutputBuffer.java:243)
   at 
org.apache.coyote.http11.filters.IdentityOutputFilter.doWrite(Identit
yOutputFilter.java:84)
   at 
org.apache.coyote.http11.AbstractOutputBuffer.doWrite(AbstractOutputB
uffer.java:192)
   at org.apache.coyote.Response.doWrite(Response.java:499)
   at dummyAdapter.service(dummyAdapter.java:49)

But on linux, I don't see any exception raised.

The source code and jar file- 

To execute the code run: java TomcatCipherTst

This will start the listener on port 7677 and wait for client to connect. 
The server responds only after 60 seconds. So, to recreate the client 
needs to disconnect before 60 seconds.

I am looking for help to understand why there is no exception raised on 
linux when the client disconnects before server responds unlike that on 
windows.


Thanks,
Rashmi




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Configuring a custom folder for Tomcat configuration files

2016-03-08 Thread Chiranga Alwis

Hi,

please refer the question in stackoverflow
http://stackoverflow.com/questions/35862427/configuring-custom-tomcat-configuration-folder
.

Is this possible? Any help is highly appreciated.

Mapping servlet to non English url pattern