RE: [COMMERCIAL] Re: [COMMERCIAL] Re: Need Help: - jk doesn't work after upgrade to1.2.40 from 1.2.23

2016-03-19 Thread ZHAO Eric 
Andre,
Martin,

Finally I got the problem fixed after further debugging and code reading, I 
need to add "JkMountCopy All" in mod_jk.conf,  no need any other change on the 
old release configuration.

Thanks for your help.

Best Regards,
Eric.

-Original Message-
From: ZHAO Eric 
Sent: Wednesday, March 16, 2016 1:32 PM
To: Tomcat Users List; a...@ice-sa.com; 'knobis...@gmail.com'
Subject: RE: [COMMERCIAL] Re: [COMMERCIAL] Re: Need Help: - jk doesn't work 
after upgrade to1.2.40 from 1.2.23

Andre,
Martin,

Thanks for your reply:
Answer to your previous question:  1). since the loadbalance haven't been 
triggered, so I think we can ignore it now. 
2). You are right "missing uri map" is a debug information, but  in the above 
code I pasted, it will return DECLINED, which is actually an error case.
3). the hostname doesn’t match with the configuration file, since I modified 
some conf, so I tried to copy the original one used on 1.2.32. sorry for the 
confusion.
4). I don't know ajp12, it's not triggered yet in my testing.

I attached the configuration files in my lab, this setting worked if using 
mod_jk 1.2.23 release.  If I replace the mod_jk.so with the version 1.2.40, 
then it failed to open the page /sso/lsm/lsm.jnlp ( I got "Not Found  The 
requested URL /sso/lsm/lsm.jnlp was not found on this server.").

I opened the debug of mod_jk, I noticed it added into some uri work map and 
also it can be dumped into jk.log:

[Wed Mar 16 12:47:17.965 2016] [12184:139831250073568] [debug] 
uri_worker_map_add::jk_uri_worker_map.c (863): exact rule '/sso=csajboss' 
source 'JkMount' was added [Wed Mar 16 12:47:17.965 2016] 
[12184:139831250073568] [debug] uri_worker_map_add::jk_uri_worker_map.c (854): 
wildchar rule '/sso/*=csajboss' source 'JkMount' was added ...
[Wed Mar 16 12:47:17.974 2016] [12185:139831250073568] [debug] 
uri_worker_map_dump::jk_uri_worker_map.c (197): NEXT (1) map #10: uri=/sso/* 
worker=csajboss context=/sso/* source=JkMount type=Wildchar len=6 [Wed Mar 16 
12:47:17.974 2016] [12185:139831250073568] [debug] 
uri_worker_map_dump::jk_uri_worker_map.c (197): NEXT (1) map #20: uri=/sso 
worker=csajboss context=/sso source=JkMount type=Exact len=4


But later when I tried to open the sso/lsm/lsm.jnlp, it should match the 
wildchar /sso/* uri map.  But it was failed, from the code, it's failed in 
mod_jk.c jk_translate method() The conf->wu_map was null(don't know why ??), 

   if (!conf->uw_map) {
if (JK_IS_DEBUG_LEVEL(conf->log))
jk_log(conf->log, JK_LOG_DEBUG,
   "missing uri map for %s:%s",
   conf->s->server_hostname ? conf->s->server_hostname 
: "_default_",
   r->uri);
return DECLINED;
}
else {
rule_extension_t *e;
worker = map_uri_to_worker_ext(conf->uw_map, r->uri,
   NULL, , NULL, conf->log);
rconf->rule_extensions = e;
ap_set_module_config(r->request_config, _module, rconf);
}


Do I need to change some configuration after upgrade to 1.2.40?

Thanks,
Eric.
-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: Monday, March 14, 2016 7:50 PM
To: Tomcat Users List
Subject: [COMMERCIAL] Re: [COMMERCIAL] Re: Need Help: - jk doesn't work after 
upgrade to1.2.40 from 1.2.23

Hi Eric.

A couple of things :
1) Martin is right, in the sense that if a "worker" is mentioned in the 
loadbalancer configuration ("balance_workers"), then normally you should /not/ 
also list it in the list of individual "workers" in the "worker.list" directive.
2) I am not even sure that you really have a problem : the logfile part that 
you are showing, shows "[debug]" lines with the "Missing URI map.." messages.
These are not errors (otherwise they would be marked "[error]"), they are trace 
messages allowing you to figure out what is going on when debugging a problem.
A "missing URI map" just indicates that mod_jk is trying to match the URI of 
the current request with one of the "JkMount" URI's, and failing *for the 
worker which it is now trying to match*.  That does not necessarily mean that 
it will fail to match this URI with some other worker.
3) the debug messages show a prefix like "IBM001OAM01:". What does that 
correspond to ? I do not see this name in the JkMount directives that you show, 
nor in the part of workers.properties that you show.
4) I am a bit puzzled by this section :
 >>> worker.ajp12.port=8007
 >>> worker.ajp12.host=localhost
 >>> worker.ajp12.type=ajp12

What is this type "ajp12" ? As far as I know, this does not exist, see 
http://tomcat.apache.org/connectors-doc/reference/workers.html
Mandatory Directives -> type

And finally, do you have a problem, and what is it ?
What really happens when you try to access a URI like 
"http://(hostname)/sso/lsm/lsm.jnlp" ?

And could you

Re: Multipart form submission does not work over SSL HTTP2 on Tomcat 9

2016-03-19 Thread Mark Olsson 
On Sat, Mar 19, 2016 at 2:21 PM, Ajay Verma 
wrote:

> Hello,
> I'm trying to get multipart forms working in Tomcat 9 over HTTP2 (with TLS
> enabled).
>
> The SSL Connector configuration in server.xml (Tomcat 9) is given
> below protocol="org.apache.coyote.http11.Http11AprProtocol"  maxThreads="150"
> SSLEnabled="true">
> 
> 
>  certificateFile="conf/2_toeflmadeeasy.com.crt"  />
>   Multipart form submission does not work (the form
> variable values are not retrieved on server in the servlet) with above
> connector.The sample multipart form html code is given below name="multiPartForm" method="post" enctype="multipart/form-data">
>  value="test">
> File 1:
> File 2:
> 
> 
> I am trying to get form parameters by using the
> getParameter("form_submission_type") method on HttpServletRequest, and it
> returns null under HTTP2. If I remove the line  className="org.apache.coyote.http2.Http2Protocol" />) it works. But now I
> am not on HTTP2.
>
> Anyone have any ideas how I can get it to work on HTTP2?
> Thanks in advance for any suggestions and comments.
> Ajay
>

I can't speak for Tomcat 9, but for T8 getParameter() won't work on a
multi-part form.  I vaguely recall there's a Tomcat way of getting the
parameters, but I ended up using Apache's FileUpload library which will
generate a list of files and parameters for the request.  Though I have no
idea if FileUpload will work with HTTP2 or not.

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Daniel Savard 
André,

I was just trying to understand why this was a so hard requirement to
run on port 80. The provided answers didn't help to understand why
this was hardly needed. I was just questioning and sometimes, we, yes
I include myself, look at a problem with a narrow view how to solve it
and it may be helpful to be provided alternate solutions.

But, anyway, enough on this.
-
Daniel Savard


2016-03-19 17:02 GMT-04:00 André Warnier (tomcat) :
> Daniel,
>
> first of all, stop top-posting (this applies to both of you). This is not
> the style of posting desired on this list.
> See http://tomcat.apache.org/lists.html#tomcat-users, #6.
>
> Secondly,
> the original poster (lyallex) wants to run Tomcat under Linux, without a
> front-end, as a webserver, listening on port 80, but running as a user which
> is not root.
> This is a legitimate way of running Tomcat, and it is not for you to tell
> him to run it otherwise.  Presumably, he knows what he is doing, under his
> circumstances.
>
> Tomcat by itself cannot do that, because it cannot by itself start as root,
> bind to port 80, and then switch users.
> The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this,
> which is why the OP wants to use it.
> But he has problems configuring this to run under systemd.
> And this was his question : how to run Tomcat as non-root under a JVM under
> jsvc under systemd, listening on port 80.
>
> I have not yet tried it myself, so I cannot really help.
> But I have a feeling that the information that you have provided earlier,
> can be extrapolated to the configuration which lyallex wants.
> So thank you for providing that information, and let's leave it at that.
> There is no need and no point in transforming this conversation into a flame
> now.
>
>
>
> On 19.03.2016 21:33, Daniel Savard wrote:
>>
>> I still don't see how the number of concurrent sessions is related to
>> the port number.
>>
>> The default ports for Tomcat are 8080 and 8443.
>>
>> For huge websites, usually you have a load balancer as a front-end
>> anyway. You then get the capability to distribute the workload on more
>> than one instance of Tomcat and/or servers, so, sticking on a single
>> port isn't desirable since many instances on a single server cannot
>> run on the same port. You get the capability to eliminate any
>> single-point of failure as well as getting the capability to implement
>> a non-stop environment making a Tomcat cluster.
>> -
>> Daniel Savard
>>
>>
>> 2016-03-19 15:40 GMT-04:00 Lyallex :
>>>
>>> 
>>>
>>> On 19 March 2016 at 19:19, Daniel Savard  wrote:

 I see what you were trying to achieve, however I don't see much
 interest in that.
>>>
>>>
>>> Really, I've been running a successful commercial web site for the
>>> last 4 years using Tomcat as a standalone web server
>>> and servlet container using exactly this solution. 1000 concurrent
>>> sessions pose no problem
>>> I mentioned this in my first post, sorry if you missed it.
>>>
 1) Obviously, if you were expecting systemd to solve that problem, you
 were wrong and it is a sane behavir of systemd to not allow that
 neither
>>>
>>>
>>> No, you misunderstood. I was trying to start jsvc from a systemd service
>>> file
>>> Please read more carefully.I never suggested that systemd would solve
>>> the problem
>>>
 2) Your solution to your problem is lying on jsvc alone.
 3) I believe is bad security practice to insist to bind on privileged
 ports for process that don't need that level of privilege.

 Btw, even if you switch to another user to run the code, you actually
 are binding to port 80 as root.

 Maybe you can explain us why you want to do such a thing and using any
 other unprivileged port isn't a solution to your problem.
>>>
>>>
>>> What is the default port for non.-encrypted http traffic to a web server?
>>>
>>> Anyway, I see no reason to start a slanging match, I have better things
>>> to do.
>>> It's all working quite nicely now anyway, thank you for your input.
>>>
>>> To learn about jsvc see
>>> http://commons.apache.org/proper/commons-daemon/jsvc.html
>>> You'll need an up to date ANSI C compiler (I use gcc)
>>>
>>> Lyallex
>>>
>>>

 Regards,
 -
 Daniel Savard


 2016-03-19 12:10 GMT-04:00 Lyallex :
>
> It's the simplest way to find out which port you have Tomcat listening
> on
>
> *NIX based systems don't allow non root uses bind to ports < 1024
>
> jsvc
> http://commons.apache.org/proper/commons-daemon/jsvc.html
>
> solves this problem, nobody seems to have grasped that this is what I
> was asking about.
> I know of no way to start the container, on port 80 using either
> startup.sh or catalina.sh using start, run or anything else.
> If I'm wrong then I would love to see how

Multipart form submission does not work over SSL HTTP2 on Tomcat 9

2016-03-19 Thread Ajay Verma 
Hello,
I'm trying to get multipart forms working in Tomcat 9 over HTTP2 (with TLS 
enabled).

The SSL Connector configuration in server.xml (Tomcat 9) is given 
below  

  
  
  Multipart form submission does not work (the form variable 
values are not retrieved on server in the servlet) with above connector.The 
sample multipart form html code is given below

File 1:
File 2:


I am trying to get form parameters by using the 
getParameter("form_submission_type") method on HttpServletRequest, and it 
returns null under HTTP2. If I remove the line ) it works. But now I am 
not on HTTP2. 

Anyone have any ideas how I can get it to work on HTTP2? 
Thanks in advance for any suggestions and comments.
Ajay

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread tomcat 

On 19.03.2016 22:06, Lyallex wrote:
...



I have it working now, I'd be glad to advise if required


Yes, please describe your solution.  With the increasing footprint of systemd, I am sure 
that this information will be helpful to other tomcat users, when they search the list 
archives.


It could probably usefully be made into a FAQ article too.
http://wiki.apache.org/tomcat/FAQ


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Lyallex 
On 19 March 2016 at 21:02, André Warnier (tomcat)  wrote:
> Daniel,
>
> first of all, stop top-posting (this applies to both of you). This is not
> the style of posting desired on this list.
> See http://tomcat.apache.org/lists.html#tomcat-users, #6.
>
> Secondly,
> the original poster (lyallex) wants to run Tomcat under Linux, without a
> front-end, as a webserver, listening on port 80, but running as a user which
> is not root.
> This is a legitimate way of running Tomcat, and it is not for you to tell
> him to run it otherwise.  Presumably, he knows what he is doing, under his
> circumstances.
>
> Tomcat by itself cannot do that, because it cannot by itself start as root,
> bind to port 80, and then switch users.
> The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this,
> which is why the OP wants to use it.
> But he has problems configuring this to run under systemd.
> And this was his question : how to run Tomcat as non-root under a JVM under
> jsvc under systemd, listening on port 80.
>
> I have not yet tried it myself, so I cannot really help.

I have it working now, I'd be glad to advise if required

> But I have a feeling that the information that you have provided earlier,
> can be extrapolated to the configuration which lyallex wants.
> So thank you for providing that information, and let's leave it at that.
> There is no need and no point in transforming this conversation into a flame
> now.
>

+1


>
>
> On 19.03.2016 21:33, Daniel Savard wrote:
>>
>> I still don't see how the number of concurrent sessions is related to
>> the port number.
>>
>> The default ports for Tomcat are 8080 and 8443.
>>
>> For huge websites, usually you have a load balancer as a front-end
>> anyway. You then get the capability to distribute the workload on more
>> than one instance of Tomcat and/or servers, so, sticking on a single
>> port isn't desirable since many instances on a single server cannot
>> run on the same port. You get the capability to eliminate any
>> single-point of failure as well as getting the capability to implement
>> a non-stop environment making a Tomcat cluster.
>> -
>> Daniel Savard
>>
>>
>> 2016-03-19 15:40 GMT-04:00 Lyallex :
>>>
>>> 
>>>
>>> On 19 March 2016 at 19:19, Daniel Savard  wrote:

 I see what you were trying to achieve, however I don't see much
 interest in that.
>>>
>>>
>>> Really, I've been running a successful commercial web site for the
>>> last 4 years using Tomcat as a standalone web server
>>> and servlet container using exactly this solution. 1000 concurrent
>>> sessions pose no problem
>>> I mentioned this in my first post, sorry if you missed it.
>>>
 1) Obviously, if you were expecting systemd to solve that problem, you
 were wrong and it is a sane behavir of systemd to not allow that
 neither
>>>
>>>
>>> No, you misunderstood. I was trying to start jsvc from a systemd service
>>> file
>>> Please read more carefully.I never suggested that systemd would solve
>>> the problem
>>>
 2) Your solution to your problem is lying on jsvc alone.
 3) I believe is bad security practice to insist to bind on privileged
 ports for process that don't need that level of privilege.

 Btw, even if you switch to another user to run the code, you actually
 are binding to port 80 as root.

 Maybe you can explain us why you want to do such a thing and using any
 other unprivileged port isn't a solution to your problem.
>>>
>>>
>>> What is the default port for non.-encrypted http traffic to a web server?
>>>
>>> Anyway, I see no reason to start a slanging match, I have better things
>>> to do.
>>> It's all working quite nicely now anyway, thank you for your input.
>>>
>>> To learn about jsvc see
>>> http://commons.apache.org/proper/commons-daemon/jsvc.html
>>> You'll need an up to date ANSI C compiler (I use gcc)
>>>
>>> Lyallex
>>>
>>>

 Regards,
 -
 Daniel Savard


 2016-03-19 12:10 GMT-04:00 Lyallex :
>
> It's the simplest way to find out which port you have Tomcat listening
> on
>
> *NIX based systems don't allow non root uses bind to ports < 1024
>
> jsvc
> http://commons.apache.org/proper/commons-daemon/jsvc.html
>
> solves this problem, nobody seems to have grasped that this is what I
> was asking about.
> I know of no way to start the container, on port 80 using either
> startup.sh or catalina.sh using start, run or anything else.
> If I'm wrong then I would love to see how it's done.
>
> CentOS Linux release 7.2.1511 (Core)
>
>
> On 19 March 2016 at 13:46, Daniel Savard 
> wrote:
>>
>> Why? What is the point? The server.xml has nothing to do with
>> integration with systemd.
>> -
>> Daniel Savard
>>
>>
>>

Accessing Tomcat internal components in a web-application

2016-03-19 Thread Chiranga Alwis 
Hi,

I have posted the following question in stackoverflow forum.
http://stackoverflow.com/questions/36106968/accessing-tomcat-internal-components-in-a-web-application

A well explained solution is highly appreciated.

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread tomcat 

Daniel,

first of all, stop top-posting (this applies to both of you). This is not the style of 
posting desired on this list.

See http://tomcat.apache.org/lists.html#tomcat-users, #6.

Secondly,
the original poster (lyallex) wants to run Tomcat under Linux, without a front-end, as a 
webserver, listening on port 80, but running as a user which is not root.
This is a legitimate way of running Tomcat, and it is not for you to tell him to run it 
otherwise.  Presumably, he knows what he is doing, under his circumstances.


Tomcat by itself cannot do that, because it cannot by itself start as root, bind to port 
80, and then switch users.
The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, which is why the 
OP wants to use it.

But he has problems configuring this to run under systemd.
And this was his question : how to run Tomcat as non-root under a JVM under jsvc under 
systemd, listening on port 80.


I have not yet tried it myself, so I cannot really help.
But I have a feeling that the information that you have provided earlier, can be 
extrapolated to the configuration which lyallex wants.

So thank you for providing that information, and let's leave it at that.
There is no need and no point in transforming this conversation into a flame 
now.


On 19.03.2016 21:33, Daniel Savard wrote:

I still don't see how the number of concurrent sessions is related to
the port number.

The default ports for Tomcat are 8080 and 8443.

For huge websites, usually you have a load balancer as a front-end
anyway. You then get the capability to distribute the workload on more
than one instance of Tomcat and/or servers, so, sticking on a single
port isn't desirable since many instances on a single server cannot
run on the same port. You get the capability to eliminate any
single-point of failure as well as getting the capability to implement
a non-stop environment making a Tomcat cluster.
-
Daniel Savard


2016-03-19 15:40 GMT-04:00 Lyallex :



On 19 March 2016 at 19:19, Daniel Savard  wrote:

I see what you were trying to achieve, however I don't see much
interest in that.


Really, I've been running a successful commercial web site for the
last 4 years using Tomcat as a standalone web server
and servlet container using exactly this solution. 1000 concurrent
sessions pose no problem
I mentioned this in my first post, sorry if you missed it.


1) Obviously, if you were expecting systemd to solve that problem, you
were wrong and it is a sane behavir of systemd to not allow that
neither


No, you misunderstood. I was trying to start jsvc from a systemd service file
Please read more carefully.I never suggested that systemd would solve
the problem


2) Your solution to your problem is lying on jsvc alone.
3) I believe is bad security practice to insist to bind on privileged
ports for process that don't need that level of privilege.

Btw, even if you switch to another user to run the code, you actually
are binding to port 80 as root.

Maybe you can explain us why you want to do such a thing and using any
other unprivileged port isn't a solution to your problem.


What is the default port for non.-encrypted http traffic to a web server?

Anyway, I see no reason to start a slanging match, I have better things to do.
It's all working quite nicely now anyway, thank you for your input.

To learn about jsvc see
http://commons.apache.org/proper/commons-daemon/jsvc.html
You'll need an up to date ANSI C compiler (I use gcc)

Lyallex




Regards,
-
Daniel Savard


2016-03-19 12:10 GMT-04:00 Lyallex :

It's the simplest way to find out which port you have Tomcat listening on

*NIX based systems don't allow non root uses bind to ports < 1024

jsvc
http://commons.apache.org/proper/commons-daemon/jsvc.html

solves this problem, nobody seems to have grasped that this is what I
was asking about.
I know of no way to start the container, on port 80 using either
startup.sh or catalina.sh using start, run or anything else.
If I'm wrong then I would love to see how it's done.

CentOS Linux release 7.2.1511 (Core)


On 19 March 2016 at 13:46, Daniel Savard  wrote:

Why? What is the point? The server.xml has nothing to do with
integration with systemd.
-
Daniel Savard


2016-03-19 1:40 GMT-04:00 Lyallex :

Would you mind posting your server.xml, here is the relevant bit from mine.

  

 

 

   

 

   

   

 
   

 
   

On 18 March 2016 at 23:35, Daniel Savard  wrote:

I believe all distros have over engineered the scripts to start
Tomcat. Forget all the scripts from your distro, learn the
signification of the environment variables from the catalina.sh script
shipped with the default Tomcat version. Define your variables in a
file, this file is not a script, so you cannot reuse a previously

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Daniel Savard 
I still don't see how the number of concurrent sessions is related to
the port number.

The default ports for Tomcat are 8080 and 8443.

For huge websites, usually you have a load balancer as a front-end
anyway. You then get the capability to distribute the workload on more
than one instance of Tomcat and/or servers, so, sticking on a single
port isn't desirable since many instances on a single server cannot
run on the same port. You get the capability to eliminate any
single-point of failure as well as getting the capability to implement
a non-stop environment making a Tomcat cluster.
-
Daniel Savard


2016-03-19 15:40 GMT-04:00 Lyallex :
> 
>
> On 19 March 2016 at 19:19, Daniel Savard  wrote:
>> I see what you were trying to achieve, however I don't see much
>> interest in that.
>
> Really, I've been running a successful commercial web site for the
> last 4 years using Tomcat as a standalone web server
> and servlet container using exactly this solution. 1000 concurrent
> sessions pose no problem
> I mentioned this in my first post, sorry if you missed it.
>
>> 1) Obviously, if you were expecting systemd to solve that problem, you
>> were wrong and it is a sane behavir of systemd to not allow that
>> neither
>
> No, you misunderstood. I was trying to start jsvc from a systemd service file
> Please read more carefully.I never suggested that systemd would solve
> the problem
>
>> 2) Your solution to your problem is lying on jsvc alone.
>> 3) I believe is bad security practice to insist to bind on privileged
>> ports for process that don't need that level of privilege.
>>
>> Btw, even if you switch to another user to run the code, you actually
>> are binding to port 80 as root.
>>
>> Maybe you can explain us why you want to do such a thing and using any
>> other unprivileged port isn't a solution to your problem.
>
> What is the default port for non.-encrypted http traffic to a web server?
>
> Anyway, I see no reason to start a slanging match, I have better things to do.
> It's all working quite nicely now anyway, thank you for your input.
>
> To learn about jsvc see
> http://commons.apache.org/proper/commons-daemon/jsvc.html
> You'll need an up to date ANSI C compiler (I use gcc)
>
> Lyallex
>
>
>>
>> Regards,
>> -
>> Daniel Savard
>>
>>
>> 2016-03-19 12:10 GMT-04:00 Lyallex :
>>> It's the simplest way to find out which port you have Tomcat listening on
>>>
>>> *NIX based systems don't allow non root uses bind to ports < 1024
>>>
>>> jsvc
>>> http://commons.apache.org/proper/commons-daemon/jsvc.html
>>>
>>> solves this problem, nobody seems to have grasped that this is what I
>>> was asking about.
>>> I know of no way to start the container, on port 80 using either
>>> startup.sh or catalina.sh using start, run or anything else.
>>> If I'm wrong then I would love to see how it's done.
>>>
>>> CentOS Linux release 7.2.1511 (Core)
>>>
>>>
>>> On 19 March 2016 at 13:46, Daniel Savard  wrote:
 Why? What is the point? The server.xml has nothing to do with
 integration with systemd.
 -
 Daniel Savard


 2016-03-19 1:40 GMT-04:00 Lyallex :
> Would you mind posting your server.xml, here is the relevant bit from 
> mine.
>
>  
>
> connectionTimeout="2"
>redirectPort="8443" />
>
> 
>
>   
>
>  resourceName="UserDatabase"/>
>
>   
>
>    autoDeploy="true">
>
>  directory="logs"
>prefix="localhost_access_log" suffix=".txt"
>rotatable="false" pattern="combined" />
>   
>
> 
>   
>
> On 18 March 2016 at 23:35, Daniel Savard  wrote:
>> I believe all distros have over engineered the scripts to start
>> Tomcat. Forget all the scripts from your distro, learn the
>> signification of the environment variables from the catalina.sh script
>> shipped with the default Tomcat version. Define your variables in a
>> file, this file is not a script, so you cannot reuse a previously
>> defined variable, feed your systemd service definition file with this
>> file in the service section as EnvironmentFile=/path/name/to/your/file
>> ExecStart=/path/to/catalina.sh start
>> ExecStop=/path/to/catalina.sh stop
>>
>> and you are done. You control everything from the environment file,
>> you can easily manage the environment variables without editing the
>> systemd's service file.
>>
>> It is much simpler than the OpenRC set of scripts at my humble
>> opinion. I am running Gentoo at home and RHEL at work and both distros
>> wrapped Tomcat into too many layers of scripts in order to make it
>> working with OpenRC while none of

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Lyallex 


On 19 March 2016 at 19:19, Daniel Savard  wrote:
> I see what you were trying to achieve, however I don't see much
> interest in that.

Really, I've been running a successful commercial web site for the
last 4 years using Tomcat as a standalone web server
and servlet container using exactly this solution. 1000 concurrent
sessions pose no problem
I mentioned this in my first post, sorry if you missed it.

> 1) Obviously, if you were expecting systemd to solve that problem, you
> were wrong and it is a sane behavir of systemd to not allow that
> neither

No, you misunderstood. I was trying to start jsvc from a systemd service file
Please read more carefully.I never suggested that systemd would solve
the problem

> 2) Your solution to your problem is lying on jsvc alone.
> 3) I believe is bad security practice to insist to bind on privileged
> ports for process that don't need that level of privilege.
>
> Btw, even if you switch to another user to run the code, you actually
> are binding to port 80 as root.
>
> Maybe you can explain us why you want to do such a thing and using any
> other unprivileged port isn't a solution to your problem.

What is the default port for non.-encrypted http traffic to a web server?

Anyway, I see no reason to start a slanging match, I have better things to do.
It's all working quite nicely now anyway, thank you for your input.

To learn about jsvc see
http://commons.apache.org/proper/commons-daemon/jsvc.html
You'll need an up to date ANSI C compiler (I use gcc)

Lyallex


>
> Regards,
> -
> Daniel Savard
>
>
> 2016-03-19 12:10 GMT-04:00 Lyallex :
>> It's the simplest way to find out which port you have Tomcat listening on
>>
>> *NIX based systems don't allow non root uses bind to ports < 1024
>>
>> jsvc
>> http://commons.apache.org/proper/commons-daemon/jsvc.html
>>
>> solves this problem, nobody seems to have grasped that this is what I
>> was asking about.
>> I know of no way to start the container, on port 80 using either
>> startup.sh or catalina.sh using start, run or anything else.
>> If I'm wrong then I would love to see how it's done.
>>
>> CentOS Linux release 7.2.1511 (Core)
>>
>>
>> On 19 March 2016 at 13:46, Daniel Savard  wrote:
>>> Why? What is the point? The server.xml has nothing to do with
>>> integration with systemd.
>>> -
>>> Daniel Savard
>>>
>>>
>>> 2016-03-19 1:40 GMT-04:00 Lyallex :
 Would you mind posting your server.xml, here is the relevant bit from mine.

  

 >>>connectionTimeout="2"
redirectPort="8443" />

 

   

 >>> resourceName="UserDatabase"/>

   

   >>> autoDeploy="true">

 >>> directory="logs"
prefix="localhost_access_log" suffix=".txt"
rotatable="false" pattern="combined" />
   

 
   

 On 18 March 2016 at 23:35, Daniel Savard  wrote:
> I believe all distros have over engineered the scripts to start
> Tomcat. Forget all the scripts from your distro, learn the
> signification of the environment variables from the catalina.sh script
> shipped with the default Tomcat version. Define your variables in a
> file, this file is not a script, so you cannot reuse a previously
> defined variable, feed your systemd service definition file with this
> file in the service section as EnvironmentFile=/path/name/to/your/file
> ExecStart=/path/to/catalina.sh start
> ExecStop=/path/to/catalina.sh stop
>
> and you are done. You control everything from the environment file,
> you can easily manage the environment variables without editing the
> systemd's service file.
>
> It is much simpler than the OpenRC set of scripts at my humble
> opinion. I am running Gentoo at home and RHEL at work and both distros
> wrapped Tomcat into too many layers of scripts in order to make it
> working with OpenRC while none of these are required to run and manage
> Tomcat with systemd.
>
> In particular with Gentoo, I no longer use the Tomcat distro packaged
> with Gentoo because they separated the servlet api from Tomcat and you
> need to wrap things into layers of scripts to define the classpath
> properly taking this into account, the vanilla classpath.sh file
> distributed with Tomcat doesn't work and so one. Really, they did a
> very bad job at integrating Tomcat.
>
> Here is my service file:
>
> [Unit]
> Description=Tomcat 8 (Dev)
> After=syslog.target
> After=network.target
>
> [Service]
> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env
> Type=forking
> User=tomcat
> Group=tomcat
>

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Daniel Savard 
I see what you were trying to achieve, however I don't see much
interest in that.

1) Obviously, if you were expecting systemd to solve that problem, you
were wrong and it is a sane behavior of systemd to not allow that
neither.
2) Your solution to your problem is lying on jsvc alone.
3) I believe is bad security practice to insist to bind on privileged
ports for process that don't need that level of privilege.

Btw, even if you switch to another user to run the code, you actually
are binding to port 80 as root.

Maybe you can explain us why you want to do such a thing and using any
other unprivileged port isn't a solution to your problem.

Regards,
-
Daniel Savard


2016-03-19 12:10 GMT-04:00 Lyallex :
> It's the simplest way to find out which port you have Tomcat listening on
>
> *NIX based systems don't allow non root uses bind to ports < 1024
>
> jsvc
> http://commons.apache.org/proper/commons-daemon/jsvc.html
>
> solves this problem, nobody seems to have grasped that this is what I
> was asking about.
> I know of no way to start the container, on port 80 using either
> startup.sh or catalina.sh using start, run or anything else.
> If I'm wrong then I would love to see how it's done.
>
> CentOS Linux release 7.2.1511 (Core)
>
>
> On 19 March 2016 at 13:46, Daniel Savard  wrote:
>> Why? What is the point? The server.xml has nothing to do with
>> integration with systemd.
>> -
>> Daniel Savard
>>
>>
>> 2016-03-19 1:40 GMT-04:00 Lyallex :
>>> Would you mind posting your server.xml, here is the relevant bit from mine.
>>>
>>>  
>>>
>>> >>connectionTimeout="2"
>>>redirectPort="8443" />
>>>
>>> 
>>>
>>>   
>>>
>>> >> resourceName="UserDatabase"/>
>>>
>>>   
>>>
>>>   >> autoDeploy="true">
>>>
>>> >> directory="logs"
>>>prefix="localhost_access_log" suffix=".txt"
>>>rotatable="false" pattern="combined" />
>>>   
>>>
>>> 
>>>   
>>>
>>> On 18 March 2016 at 23:35, Daniel Savard  wrote:
 I believe all distros have over engineered the scripts to start
 Tomcat. Forget all the scripts from your distro, learn the
 signification of the environment variables from the catalina.sh script
 shipped with the default Tomcat version. Define your variables in a
 file, this file is not a script, so you cannot reuse a previously
 defined variable, feed your systemd service definition file with this
 file in the service section as EnvironmentFile=/path/name/to/your/file
 ExecStart=/path/to/catalina.sh start
 ExecStop=/path/to/catalina.sh stop

 and you are done. You control everything from the environment file,
 you can easily manage the environment variables without editing the
 systemd's service file.

 It is much simpler than the OpenRC set of scripts at my humble
 opinion. I am running Gentoo at home and RHEL at work and both distros
 wrapped Tomcat into too many layers of scripts in order to make it
 working with OpenRC while none of these are required to run and manage
 Tomcat with systemd.

 In particular with Gentoo, I no longer use the Tomcat distro packaged
 with Gentoo because they separated the servlet api from Tomcat and you
 need to wrap things into layers of scripts to define the classpath
 properly taking this into account, the vanilla classpath.sh file
 distributed with Tomcat doesn't work and so one. Really, they did a
 very bad job at integrating Tomcat.

 Here is my service file:

 [Unit]
 Description=Tomcat 8 (Dev)
 After=syslog.target
 After=network.target

 [Service]
 EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env
 Type=forking
 User=tomcat
 Group=tomcat
 ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start
 ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop

 [Install]
 WantedBy=multi-user.target


 And here is the content of my EnvironmentFile:

 CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds"
 CATALINA_BASE="/tomcat/tomcat-8-dev"
 CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out"
 JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74"
 CATALINA_PID="/var/run/tomcat-8-dev.pid"


 -
 Daniel Savard


 2016-03-18 13:31 GMT-04:00 Lyallex :
> I thought you might be interested in the resolution to this.
>
> It turns out that we needed to reproduce the environment in tomcat.service
>
> For some reason
>
> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
> (file shown at the end of this message)
>
> Instead, in  /etc/systemd/system/tomcat.service
> we have had to reproduce the environment in longhand to get it to work.

Re: systemd tomcat script for Linux EL7

2016-03-19 Thread Lyallex 
Do you have the answer to my question?

CentOS Linux release 7.2.1511

I think it actually boils down to 'how do you start start Tomcat as a
daemon (using jsvc) on a privileged port (<1024) switching to a no
login user (tomcat)  on a system that uses a systemd init process. The
rant you refer to doesn't explicitly (or implicitly) answer this
question.

The same startup script that starts Tomcat  as above  on CentOS
release 5.2 which uses the 'old'  SysV (I think) init processes using
init.d, rc3.d etc and has done for a number of years fails in systemd
(all details posted earlier)

Has anyone actually got this working or do you all hide behind httpd :-)

TIA
Lyallex

On 17 March 2016 at 00:57, Christopher Schultz
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> jieryn,
>
> On 3/16/16 1:36 PM, jieryn wrote:
>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house
> - -of-horror/tomcat.html
>
> Wow,
>>
> lots of ranting about environment variables and little-used PID
> files.
>
> If the author only understood the reasons behind the way catalina.sh
> works, he might not have embarrassed himself.
>
> It must be hard being so smart and important that you have to quit the
> Internet for good[1].
>
> - -chris
>
> [1]
> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth
> or.html#SMTP
>
>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex 
>> wrote:
>>> Apologies for dredging this up but I'm having some problems with
>>> this. Any ideas much appreciated.
>>>
>>> Ii have been forced to move from a version of centOS the used the
>>> old /etc/rc.d/init.d way of doing things to a new version of
>>> CentOS that uses systemd. The hosts can't or won't help because
>>> I'm using a 'non-standard setup' Basically I'm using tomcat
>>> standalone on port 80 to serve up my site. I use jsvc with a
>>> start/stop script in /etc/rc.d/init.d with symbolic links in
>>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly
>>> for nearly 4 years.
>>>
>>> I have installed Tomcat, Java and all required resources on the
>>> new server, I have dulpicated the configuration in /etc but
>>> needless to say when I restart the server Tomcat doesn't start
>>>
>>> Starting from the command line as root with
>>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts
>>> tomcat as root then switches to an unprivileged, no login user
>>> (tomcat)
>>>
>>> I followed your instructions and came up with the following
>>>
>>> # touch /etc/systemd/system/tomcat.service # nano
>>> /etc/systemd/system/tomcat.service
>>>
>>> tomcat.service looks like this
>>>
>>> [Unit] Description=The Jakarta Apache/Tomcat Server
>>> After=network.target
>>>
>>> [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start
>>> ExecStop=/etc/rc.d/init.d/tomcat7 stop
>>>
>>> [Install] WantedBy=multi-user.target
>>>
>>> # chmod 664 /etc/systemd/system/tomcat.service
>>>
>>> [root@vps init.d]# systemctl daemon-reload
>>>
>>> [root@vps init.d]# systemctl start tomcat.service Job for
>>> tomcat.service failed because the control process exited with
>>> error code. See "systemctl status tomcat.service" and "journalctl
>>> -xe" for details.
>>>
>>> [root@vps init.d]# systemctl status tomcat.service tomcat.service
>>> - The Jakarta Apache/Tomcat Server Loaded: loaded
>>> (/etc/systemd/system/tomcat.service; disabled; vendor preset:
>>> disabled) Active: failed (Result: exit-code) since Wed 2016-03-16
>>> 16:40:55 GMT; 18s ago Process: 4596
>>> ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
>>> status=203/EXEC)
>>>
>>> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
>>> Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com
>>> systemd[1]: tomcat.service: control process exited, code=exited
>>> status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to
>>> start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55
>>> vps.example.com systemd[1]: Unit tomcat.service entered failed
>>> state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service
>>> failed.
>>>
>>> tomcat7 fwiw
>>>
>>>
>>> # chkconfig: - 71 19 # description:  Start up the Tomcat servlet
>>> engine. # this is the startup file for the new version #
>>> 24/10/2013 by lyallex # use java 7 #
>>> JAVA_HOME=/usr/local/java/jdk1.6.0_07 JAVA_HOME=/opt/jdk1.7.0_45
>>> CATALINA_HOME=/opt/apache-tomcat-7.0.42 export JAVA_HOME
>>> CATALINA_HOME
>>> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons
> - -daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
>>>
>>>
> TOMCAT_USER=tomcat
>>> TMPDIR=/var/tmp PIDFILE=/var/run/tc7/jsvc.pid
>>>
>>>
>>> RC=0
>>>
>>> case "$1" in
>>>
>>> start)
>>>
>>> $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42
>>> -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
>>> -Djava.awt.headless=true \ -Xms512m \ -Xmx1024m \ -outfile
>>>

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Lyallex 
It's the simplest way to find out which port you have Tomcat listening on

*NIX based systems don't allow non root uses bind to ports < 1024

jsvc
http://commons.apache.org/proper/commons-daemon/jsvc.html

solves this problem, nobody seems to have grasped that this is what I
was asking about.
I know of no way to start the container, on port 80 using either
startup.sh or catalina.sh using start, run or anything else.
If I'm wrong then I would love to see how it's done.

CentOS Linux release 7.2.1511 (Core)


On 19 March 2016 at 13:46, Daniel Savard  wrote:
> Why? What is the point? The server.xml has nothing to do with
> integration with systemd.
> -
> Daniel Savard
>
>
> 2016-03-19 1:40 GMT-04:00 Lyallex :
>> Would you mind posting your server.xml, here is the relevant bit from mine.
>>
>>  
>>
>> >connectionTimeout="2"
>>redirectPort="8443" />
>>
>> 
>>
>>   
>>
>> > resourceName="UserDatabase"/>
>>
>>   
>>
>>   > autoDeploy="true">
>>
>> > directory="logs"
>>prefix="localhost_access_log" suffix=".txt"
>>rotatable="false" pattern="combined" />
>>   
>>
>> 
>>   
>>
>> On 18 March 2016 at 23:35, Daniel Savard  wrote:
>>> I believe all distros have over engineered the scripts to start
>>> Tomcat. Forget all the scripts from your distro, learn the
>>> signification of the environment variables from the catalina.sh script
>>> shipped with the default Tomcat version. Define your variables in a
>>> file, this file is not a script, so you cannot reuse a previously
>>> defined variable, feed your systemd service definition file with this
>>> file in the service section as EnvironmentFile=/path/name/to/your/file
>>> ExecStart=/path/to/catalina.sh start
>>> ExecStop=/path/to/catalina.sh stop
>>>
>>> and you are done. You control everything from the environment file,
>>> you can easily manage the environment variables without editing the
>>> systemd's service file.
>>>
>>> It is much simpler than the OpenRC set of scripts at my humble
>>> opinion. I am running Gentoo at home and RHEL at work and both distros
>>> wrapped Tomcat into too many layers of scripts in order to make it
>>> working with OpenRC while none of these are required to run and manage
>>> Tomcat with systemd.
>>>
>>> In particular with Gentoo, I no longer use the Tomcat distro packaged
>>> with Gentoo because they separated the servlet api from Tomcat and you
>>> need to wrap things into layers of scripts to define the classpath
>>> properly taking this into account, the vanilla classpath.sh file
>>> distributed with Tomcat doesn't work and so one. Really, they did a
>>> very bad job at integrating Tomcat.
>>>
>>> Here is my service file:
>>>
>>> [Unit]
>>> Description=Tomcat 8 (Dev)
>>> After=syslog.target
>>> After=network.target
>>>
>>> [Service]
>>> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env
>>> Type=forking
>>> User=tomcat
>>> Group=tomcat
>>> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start
>>> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop
>>>
>>> [Install]
>>> WantedBy=multi-user.target
>>>
>>>
>>> And here is the content of my EnvironmentFile:
>>>
>>> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds"
>>> CATALINA_BASE="/tomcat/tomcat-8-dev"
>>> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out"
>>> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74"
>>> CATALINA_PID="/var/run/tomcat-8-dev.pid"
>>>
>>>
>>> -
>>> Daniel Savard
>>>
>>>
>>> 2016-03-18 13:31 GMT-04:00 Lyallex :
 I thought you might be interested in the resolution to this.

 It turns out that we needed to reproduce the environment in tomcat.service

 For some reason

 ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
 (file shown at the end of this message)

 Instead, in  /etc/systemd/system/tomcat.service
 we have had to reproduce the environment in longhand to get it to work.
 It appears that systemd doesn't expand variables so I really need to
 investigate the systemd Environment thing a bit more.
 Anyway, when I shutdown -r now the server comes back up and tomcat is
 running at the unprivileged tomcat user on port 80 so that's a result

 == /etc/systemd/system/tomcat.service 
 [Unit]
 Description=Apache Tomcat Web Application Container
 After=network.target

 [Service]
 Type=forking
 User=root

 ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
 -user tomcat \
 -home /opt/jdk1.7.0_45 \
 -Dcatalina.home=/opt/apache-tomcat-7.0.42 \
 -Dcatalina.base=/opt/apache-tomcat-7.0.42 \
 -Djava.io.tmpdir=/var/tmp \
 -Djava.awt.headless=true \
 -Xms512m \
 -Xmx1024m \
 -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
 -errfile

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Daniel Savard 
Why? What is the point? The server.xml has nothing to do with
integration with systemd.
-
Daniel Savard


2016-03-19 1:40 GMT-04:00 Lyallex :
> Would you mind posting your server.xml, here is the relevant bit from mine.
>
>  
>
> connectionTimeout="2"
>redirectPort="8443" />
>
> 
>
>   
>
>  resourceName="UserDatabase"/>
>
>   
>
>autoDeploy="true">
>
>  directory="logs"
>prefix="localhost_access_log" suffix=".txt"
>rotatable="false" pattern="combined" />
>   
>
> 
>   
>
> On 18 March 2016 at 23:35, Daniel Savard  wrote:
>> I believe all distros have over engineered the scripts to start
>> Tomcat. Forget all the scripts from your distro, learn the
>> signification of the environment variables from the catalina.sh script
>> shipped with the default Tomcat version. Define your variables in a
>> file, this file is not a script, so you cannot reuse a previously
>> defined variable, feed your systemd service definition file with this
>> file in the service section as EnvironmentFile=/path/name/to/your/file
>> ExecStart=/path/to/catalina.sh start
>> ExecStop=/path/to/catalina.sh stop
>>
>> and you are done. You control everything from the environment file,
>> you can easily manage the environment variables without editing the
>> systemd's service file.
>>
>> It is much simpler than the OpenRC set of scripts at my humble
>> opinion. I am running Gentoo at home and RHEL at work and both distros
>> wrapped Tomcat into too many layers of scripts in order to make it
>> working with OpenRC while none of these are required to run and manage
>> Tomcat with systemd.
>>
>> In particular with Gentoo, I no longer use the Tomcat distro packaged
>> with Gentoo because they separated the servlet api from Tomcat and you
>> need to wrap things into layers of scripts to define the classpath
>> properly taking this into account, the vanilla classpath.sh file
>> distributed with Tomcat doesn't work and so one. Really, they did a
>> very bad job at integrating Tomcat.
>>
>> Here is my service file:
>>
>> [Unit]
>> Description=Tomcat 8 (Dev)
>> After=syslog.target
>> After=network.target
>>
>> [Service]
>> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env
>> Type=forking
>> User=tomcat
>> Group=tomcat
>> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start
>> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop
>>
>> [Install]
>> WantedBy=multi-user.target
>>
>>
>> And here is the content of my EnvironmentFile:
>>
>> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds"
>> CATALINA_BASE="/tomcat/tomcat-8-dev"
>> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out"
>> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74"
>> CATALINA_PID="/var/run/tomcat-8-dev.pid"
>>
>>
>> -
>> Daniel Savard
>>
>>
>> 2016-03-18 13:31 GMT-04:00 Lyallex :
>>> I thought you might be interested in the resolution to this.
>>>
>>> It turns out that we needed to reproduce the environment in tomcat.service
>>>
>>> For some reason
>>>
>>> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
>>> (file shown at the end of this message)
>>>
>>> Instead, in  /etc/systemd/system/tomcat.service
>>> we have had to reproduce the environment in longhand to get it to work.
>>> It appears that systemd doesn't expand variables so I really need to
>>> investigate the systemd Environment thing a bit more.
>>> Anyway, when I shutdown -r now the server comes back up and tomcat is
>>> running at the unprivileged tomcat user on port 80 so that's a result
>>>
>>> == /etc/systemd/system/tomcat.service 
>>> [Unit]
>>> Description=Apache Tomcat Web Application Container
>>> After=network.target
>>>
>>> [Service]
>>> Type=forking
>>> User=root
>>>
>>> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
>>> -user tomcat \
>>> -home /opt/jdk1.7.0_45 \
>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \
>>> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \
>>> -Djava.io.tmpdir=/var/tmp \
>>> -Djava.awt.headless=true \
>>> -Xms512m \
>>> -Xmx1024m \
>>> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
>>> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
>>> -pidfile /var/run/tc7/jsvc.pid \
>>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
>>> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
>>> \
>>> -cp 
>>> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
>>> \
>>> org.apache.catalina.startup.Bootstrap
>>>
>>> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
>>> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
>>>
>>> [Install]
>>> WantedBy=multi-user.target
>>>
>>>
>>> Oh happy day
>>> Thanks again to all responders
>>>
>>>

Re: contextDestroyed() method not called

2016-03-19 Thread Daniel Savard 
Hi Chuck,

I'm running it on Window 2012 Server as well as Linux RHEL.

And no, I am not sending a terminate signal with kill -9. That's why I
said I am stopping the application or the instance (both cases depict
the same behavior) rather than saying I am terminating it.

Regards,
-
Daniel Savard


2016-03-16 23:56 GMT-04:00 Caldarale, Charles R :
>> From: Daniel Savard [mailto:daniel.sav...@gmail.com]
>> Subject: contextDestroyed() method not called
>
>> I noticed a problem with one of my web applications which requires
>> some cleanup when shutdown. It seems this cleanup isn't happening even
>> if everything has been put in the contextDestroyed() method of my web
>> listener.
>
>> I find it difficult to believe this is a bug in Tomcat, so, I guess I
>> am doing something wrong. Someone can provide some guidance to
>> identify the cause of such undesirable behavior?
>
> Missing a couple useful bits of information:
>
> 1) What OS are you running on?
>
> 2) More importantly, how are you shutting down Tomcat?  (Using kill -9 would 
> not be a good choice...)
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
> MATERIAL and is thus for use only by the intended recipient. If you received 
> this in error, please contact the sender and delete the e-mail and its 
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

"Distinct and non-overlapping" context roots

2016-03-19 Thread Paul Benedict 
This question is not about Tomcat per se, but it does affect it. It's
really about the EE specification in regards to any servlet container. I'd
like to get professional opinions on this part of the specification.

I am quoting from EE 5.0 (see link below), section 8.3.1, paragraph 3c:

The Deployer must... "Assign a context root for each web module included in
the Java EE application. The context root is a relative name in the web
namespace for the application. Each web module must be given a distinct and
non-overlapping name for its context root."

So given this scenario:
/context/something <-- context is /context
/context/something/somethingelse <-- context is /context/something

The specification puts no limitations on the context root character set (so
it can include a slash). With that said, would you consider these
"overlapping" contexts? I noticed one application server supporting this
paradigm without issue, but it seems like a violation of the specification.
Please advise.

Also, since Tomcat doesn't support "applications" (EAR?), how should the
specification be interpreted in the absence of that artifact?

[1] http://download.oracle.com/otndocs/jcp/javaee-5.0-fr-eval-oth-JSpec/

Cheers,
Paul

[ANN] Apache Tomcat 9.0.0.M4 available

2016-03-19 Thread Mark Thomas 
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M4.

Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 9.0.0.M4 is a milestone release of the 9.0.x branch and
has been made to provide users with early access to the new features in
Apache Tomcat 9.0.x so that they may provide feedback. The notable
changes compared to 9.0.0.M3 include:

- Added JASPIC support

- Switch to the ParallelWebappClassLoader by default

- Reduce runtime memory footprint

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-90.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x, 7.0.x and 8.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about your recent security (CVE-2015-5345) fix in 7.0.68 build

2016-03-19 Thread Harish Krishnan 
Thanks a lot for the clear explanation, Mark. I have all my questions
answered, appreciate your help & you guys are Great!
My apologies for the previous follow-up emails, I am still a novice in
tomcat & failed in understanding the exact fix quicker.


regards
Harish Krishnan

On Wed, Mar 16, 2016 at 4:38 AM, Mark Thomas  wrote:

> On 15/03/2016 20:58, Harish Krishnan wrote:
> > Hello There,
> >
> >  I am kind of blocked here in my project while applying your CVE fix in
> our
> > product & verify the fix. Any guidelines on what i am doing (mentioned in
> > my previous email) wrong is highly appreciated.
>
> You are failing to follow the hints you have been given previously.
>
> > All i am trying to do is, disable the redirect for the root (Ex:
> /manager &
> > /examples in tomcat) of the webapp. If i know how to do this on the
> > mentioned tomcat webapps, then i can apply the same for my webapps too.
> > Looking for your response & help here.
>
> You CAN NOT disable the redirect. As the documentation for the two
> redirect options makes clear, all they do is change WHERE the redirect
> happens.
>
> The key point in all of this is that security constraints are applied
> AFTER the Mapper and BEFORE the DefaultServlet. If the request is for a
> protected resource and the redirects take place in the Mapper, then the
> response will confirm whether that resource exists irrespective of
> whether or not the user is authorized to access the resource. If the
> redirect takes place in the Default Servlet, the response will reflect
> the security constraints and the user's access rights if any.
>
> Again, you need to look at the security constraints for the Manager
> application. /manager is NOT a protected resource so the redirect is
> always going to happen.
>
> Mark
>
>
> >
> >
> > regards
> > Harish Krishnan
> >
> > On Fri, Mar 11, 2016 at 4:05 PM, Harish Krishnan 
> > wrote:
> >
> >> Thanks again for the reply, Chris & Violeta!
> >> Thanks for clarifying what the "protected directory" is, even i guessed
> it
> >> to be same. Now i understood the fix for the directories protected by a
> >> security constraint. I also verified this & the redirect is no more
> >> happening for these protected ones. Really appreciate your help here.
> >>
> >> However, i am still unable to disable the redirect for the root of the
> >> webapp. This is what i did on the latest tomcat build (7.0.68) -
> >>
> >> a) Set the context attribute (mapperContextRootRedirectEnabled) to false
> >> for manager webapp. Here is my context.xml (from
> >> \webapps\manager\META-INF\) file -
> >>
> >>  >> antiResourceLocking="false" privileged="true" >
> >>  
> >>
> >> b) Accessing http://localhost:8080/manager gets redirected to manger/.
> >>
> >> c) I have also set the above context attribute in the default
> context.xml
> >> (from \conf\context.xml) file as well.
> >>
> >> d) Accessing http://localhost:8080/examples gets redirected to
> examples/.
> >>
> >> Not sure what i am missing here. Same behavior is seen on my web
> >> application too.
> >> Please let me know where i am doing wrong & help me on how to disable
> the
> >> redirect for the root of webapps.
> >>
> >>
> >> regards
> >> Harish Krishnan
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Wed, Mar 9, 2016 at 7:29 AM, Christopher Schultz <
> >> ch...@christopherschultz.net> wrote:
> >>
> >>> Harish,
> >>>
> >>> On 3/8/16 5:47 PM, Harish Krishnan wrote:
>  Thanks Chris for the reply.
>  Looks like my understanding of the fix is incorrect.
>  I assumed (my bad) that, with the fix for this CVE in place (tomcat
>  7.0.68) + setting the additional context attribute
>  (mapperContextRootRedirectEnabled="false"), all the redirects for that
>  webapp where context attribute was set, will completely be disabled.
>  You mentioned that only "protected directories" inside the deployed
> web
>  application is covered in this CVE fix.
>  Can you please help me understand what this protected directories are
> &
> >>> how
>  to configure this in tomcat ?
> >>>
> >>> A "protected directory" is one that has a  in
> >>> web.xml. That's not a spec-defined term... just one we've been using
> >>> because it captures the meaning with fewer words.
> >>>
> >>> As for the redirects you are seeing that "expose" the availability of a
> >>> particular web application, those are essentially impossible to
> prevent,
> >>> and not considered a part of the CVE.
> >>>
> >>> -chris
> >>>
> >>> -
> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >>> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>>
> >>>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: systemd tomcat script for Linux EL7

2016-03-19 Thread Me Self 
Hi

I use this Systemd unit file (from
https://sorenpoulsen.com/install-tomcat-8-on-ubuntu) on ubuntu, but it's
probably fairly generic as the unit file just calls tomcats start and stop
scripts directly.

[Unit]

Description=Apache Tomcat
After=syslog.target network.target

[Service]
Type=forking
Environment=CATALINA_HOME=/usr/local/tomcat
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
SuccessExitStatus=143
User=tomcat
Group=tomcat
Umask=027

[Install]
WantedBy=multi-user.target


>Apologies for dredging this up but I'm having some problems with this.
>Any ideas much appreciated.

RE: contextDestroyed() method not called

2016-03-19 Thread Caldarale, Charles R 
> From: Daniel Savard [mailto:daniel.sav...@gmail.com] 
> Subject: Re: contextDestroyed() method not called

Read the mailing list rules: don't top post.
http://tomcat.apache.org/lists.html#tomcat-users

> I'm running it on Window 2012 Server as well as Linux RHEL.

Ok, good to know.

> And no, I am not sending a terminate signal with kill -9. That's why I
> said I am stopping the application or the instance (both cases depict
> the same behavior) rather than saying I am terminating it.

Again, how are you doing this?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: systemd tomcat script for Linux EL7

2016-03-19 Thread jieryn 
Meh. It's short and sweet and working systemd unit file.

[Unit]
Description=Apache Tomcat Web Application Container
[Service]
User=tomcat
Group=tomcat
ExecStart=/usr/share/tomcat/bin/catalina.sh run
[Install]
WantedBy=multi-user.target


On Wed, Mar 16, 2016 at 8:57 PM, Christopher Schultz
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> jieryn,
>
> On 3/16/16 1:36 PM, jieryn wrote:
>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house
> - -of-horror/tomcat.html
>
> Wow,
>>
> lots of ranting about environment variables and little-used PID
> files.
>
> If the author only understood the reasons behind the way catalina.sh
> works, he might not have embarrassed himself.
>
> It must be hard being so smart and important that you have to quit the
> Internet for good[1].
>
> - -chris
>
> [1]
> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth
> or.html#SMTP
>
>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex 
>> wrote:
>>> Apologies for dredging this up but I'm having some problems with
>>> this. Any ideas much appreciated.
>>>
>>> Ii have been forced to move from a version of centOS the used the
>>> old /etc/rc.d/init.d way of doing things to a new version of
>>> CentOS that uses systemd. The hosts can't or won't help because
>>> I'm using a 'non-standard setup' Basically I'm using tomcat
>>> standalone on port 80 to serve up my site. I use jsvc with a
>>> start/stop script in /etc/rc.d/init.d with symbolic links in
>>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly
>>> for nearly 4 years.
>>>
>>> I have installed Tomcat, Java and all required resources on the
>>> new server, I have dulpicated the configuration in /etc but
>>> needless to say when I restart the server Tomcat doesn't start
>>>
>>> Starting from the command line as root with
>>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts
>>> tomcat as root then switches to an unprivileged, no login user
>>> (tomcat)
>>>
>>> I followed your instructions and came up with the following
>>>
>>> # touch /etc/systemd/system/tomcat.service # nano
>>> /etc/systemd/system/tomcat.service
>>>
>>> tomcat.service looks like this
>>>
>>> [Unit] Description=The Jakarta Apache/Tomcat Server
>>> After=network.target
>>>
>>> [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start
>>> ExecStop=/etc/rc.d/init.d/tomcat7 stop
>>>
>>> [Install] WantedBy=multi-user.target
>>>
>>> # chmod 664 /etc/systemd/system/tomcat.service
>>>
>>> [root@vps init.d]# systemctl daemon-reload
>>>
>>> [root@vps init.d]# systemctl start tomcat.service Job for
>>> tomcat.service failed because the control process exited with
>>> error code. See "systemctl status tomcat.service" and "journalctl
>>> -xe" for details.
>>>
>>> [root@vps init.d]# systemctl status tomcat.service tomcat.service
>>> - The Jakarta Apache/Tomcat Server Loaded: loaded
>>> (/etc/systemd/system/tomcat.service; disabled; vendor preset:
>>> disabled) Active: failed (Result: exit-code) since Wed 2016-03-16
>>> 16:40:55 GMT; 18s ago Process: 4596
>>> ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
>>> status=203/EXEC)
>>>
>>> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
>>> Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com
>>> systemd[1]: tomcat.service: control process exited, code=exited
>>> status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to
>>> start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55
>>> vps.example.com systemd[1]: Unit tomcat.service entered failed
>>> state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service
>>> failed.
>>>
>>> tomcat7 fwiw
>>>
>>>
>>> # chkconfig: - 71 19 # description:  Start up the Tomcat servlet
>>> engine. # this is the startup file for the new version #
>>> 24/10/2013 by lyallex # use java 7 #
>>> JAVA_HOME=/usr/local/java/jdk1.6.0_07 JAVA_HOME=/opt/jdk1.7.0_45
>>> CATALINA_HOME=/opt/apache-tomcat-7.0.42 export JAVA_HOME
>>> CATALINA_HOME
>>> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons
> - -daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
>>>
>>>
> TOMCAT_USER=tomcat
>>> TMPDIR=/var/tmp PIDFILE=/var/run/tc7/jsvc.pid
>>>
>>>
>>> RC=0
>>>
>>> case "$1" in
>>>
>>> start)
>>>
>>> $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42
>>> -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
>>> -Djava.awt.headless=true \ -Xms512m \ -Xmx1024m \ -outfile
>>> $CATALINA_HOME/logs/catalina.out \ -errfile
>>> $CATALINA_HOME/logs/catalina.err \ -pidfile
>>> '/var/run/tc7/jsvc.pid' \
>>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
>>> \
>>> -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.propertie
> s
>>> \ -cp $CLASSPATH  \ org.apache.catalina.startup.Bootstrap
>>>
>>> RC=$?
>>>
>>> [ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat echo "starting
>>> tomcat7 on darkstar with:"

RE: contextDestroyed() method not called

2016-03-19 Thread Caldarale, Charles R 
> From: Daniel Savard [mailto:daniel.sav...@gmail.com] 
> Subject: contextDestroyed() method not called

> I noticed a problem with one of my web applications which requires
> some cleanup when shutdown. It seems this cleanup isn't happening even
> if everything has been put in the contextDestroyed() method of my web
> listener.

> I find it difficult to believe this is a bug in Tomcat, so, I guess I
> am doing something wrong. Someone can provide some guidance to
> identify the cause of such undesirable behavior?

Missing a couple useful bits of information:

1) What OS are you running on?

2) More importantly, how are you shutting down Tomcat?  (Using kill -9 would 
not be a good choice...)

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: systemd tomcat script for Linux EL7

2016-03-19 Thread Lyallex 
Apologies for dredging this up but I'm having some problems with this.
Any ideas much appreciated.

Ii have been forced to move from a version of centOS the used the old
/etc/rc.d/init.d
way of doing things to a new version of CentOS that uses systemd. The
hosts can't or won't help because I'm using a 'non-standard setup'
Basically I'm using tomcat standalone on port 80 to serve up my site.
I use jsvc with a start/stop script in /etc/rc.d/init.d with symbolic
links in rc2.d, rc3.d. rc4.d and rc5.d This has been working
faultlessly for nearly 4 years.

I have installed Tomcat, Java and all required resources on the new
server, I have dulpicated the configuration in /etc but needless to
say when I restart the server Tomcat doesn't start

Starting from the command line as root with /etc/rc.d/init.d/tomcat7
works as it has always done and starts tomcat as root then switches to
an unprivileged, no login user (tomcat)

I followed your instructions and came up with the following

# touch /etc/systemd/system/tomcat.service
# nano /etc/systemd/system/tomcat.service

tomcat.service looks like this

 [Unit]
Description=The Jakarta Apache/Tomcat Server
After=network.target

[Service]
Type=forking
ExecStart=/etc/rc.d/init.d/tomcat7 start
ExecStop=/etc/rc.d/init.d/tomcat7 stop

[Install]
WantedBy=multi-user.target

# chmod 664 /etc/systemd/system/tomcat.service

[root@vps init.d]# systemctl daemon-reload

[root@vps init.d]# systemctl start tomcat.service
Job for tomcat.service failed because the control process exited with
error code. See "systemctl status tomcat.service" and "journalctl -xe"
for details.

[root@vps init.d]# systemctl status tomcat.service
 tomcat.service - The Jakarta Apache/Tomcat Server
   Loaded: loaded (/etc/systemd/system/tomcat.service; disabled;
vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2016-03-16 16:40:55 GMT; 18s ago
  Process: 4596 ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
status=203/EXEC)

Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
Apache/Tomcat Server...
Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service: control
process exited, code=exited status=203
Mar 16 16:40:55 vps.example.com systemd[1]: Failed to start The
Jakarta Apache/Tomcat Server.
Mar 16 16:40:55 vps.example.com systemd[1]: Unit tomcat.service
entered failed state.
Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service failed.

tomcat7 fwiw


# chkconfig: - 71 19
# description:  Start up the Tomcat servlet engine.
# this is the startup file for the new version
# 24/10/2013 by lyallex
# use java 7
# JAVA_HOME=/usr/local/java/jdk1.6.0_07
JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid


RC=0

case "$1" in

  start)

   $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
 -Xms512m \
 -Xmx1024m \
 -outfile $CATALINA_HOME/logs/catalina.out \
 -errfile $CATALINA_HOME/logs/catalina.err \
 -pidfile '/var/run/tc7/jsvc.pid' \
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
 -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
 -cp $CLASSPATH  \
 org.apache.catalina.startup.Bootstrap

RC=$?

[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"

   echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;

  stop)

PID=`cat /var/run/tc7/jsvc.pid`
kill $PID

   RC=$?

[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"

echo "tomcat stopped"
;;

  *)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC



TIA
Lyallex


On 5 June 2015 at 13:37, Ray Holme  wrote:
> That looks OK, but I would suggest the following.
> Put all the real stuff in a standard bash script with 3 parameters   start, 
> stop, restart- pretty much like the OLD system 5 way fo doing things.This has 
> the advantage of allowing you to add other things you might want to add AND 
> executing the script as root is pretty obvious. (I needed to add starting an 
> LibreOffice server and a few other daemons to get that going). Embed the 
> catalina start stop in that script.The just make the systemd script VERY 
> SIMPLY call your standard above start/stop script.
> e.g. my script name is S95tomcat and the systemd entry is trivial.
> here

Re: systemd tomcat script for Linux EL7

2016-03-19 Thread jieryn 
ExecStartPre=/usr/sbin/setcap 'cap_net_bind_service=+ep'
/usr/share/tomcat/bin/catalina.sh

I see a lot of advice for start/stop instead of run within systemd
unit files, both here and in the wild. The gem in the rant I linked is
about start vs run. Sorry if you didn't see it.

On Thu, Mar 17, 2016 at 1:42 AM, Lyallex  wrote:
> But that doesn't work for ports < 1024
>
>
> On 17 March 2016 at 01:47, jieryn  wrote:
>> Meh. It's short and sweet and working systemd unit file.
>>
>> [Unit]
>> Description=Apache Tomcat Web Application Container
>> [Service]
>> User=tomcat
>> Group=tomcat
>> ExecStart=/usr/share/tomcat/bin/catalina.sh run
>> [Install]
>> WantedBy=multi-user.target
>>
>>
>> On Wed, Mar 16, 2016 at 8:57 PM, Christopher Schultz
>>  wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> jieryn,
>>>
>>> On 3/16/16 1:36 PM, jieryn wrote:
 http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house
>>> - -of-horror/tomcat.html
>>>
>>> Wow,

>>> lots of ranting about environment variables and little-used PID
>>> files.
>>>
>>> If the author only understood the reasons behind the way catalina.sh
>>> works, he might not have embarrassed himself.
>>>
>>> It must be hard being so smart and important that you have to quit the
>>> Internet for good[1].
>>>
>>> - -chris
>>>
>>> [1]
>>> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth
>>> or.html#SMTP
>>>
 On Wed, Mar 16, 2016 at 1:01 PM, Lyallex 
 wrote:
> Apologies for dredging this up but I'm having some problems with
> this. Any ideas much appreciated.
>
> Ii have been forced to move from a version of centOS the used the
> old /etc/rc.d/init.d way of doing things to a new version of
> CentOS that uses systemd. The hosts can't or won't help because
> I'm using a 'non-standard setup' Basically I'm using tomcat
> standalone on port 80 to serve up my site. I use jsvc with a
> start/stop script in /etc/rc.d/init.d with symbolic links in
> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly
> for nearly 4 years.
>
> I have installed Tomcat, Java and all required resources on the
> new server, I have dulpicated the configuration in /etc but
> needless to say when I restart the server Tomcat doesn't start
>
> Starting from the command line as root with
> /etc/rc.d/init.d/tomcat7 works as it has always done and starts
> tomcat as root then switches to an unprivileged, no login user
> (tomcat)
>
> I followed your instructions and came up with the following
>
> # touch /etc/systemd/system/tomcat.service # nano
> /etc/systemd/system/tomcat.service
>
> tomcat.service looks like this
>
> [Unit] Description=The Jakarta Apache/Tomcat Server
> After=network.target
>
> [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start
> ExecStop=/etc/rc.d/init.d/tomcat7 stop
>
> [Install] WantedBy=multi-user.target
>
> # chmod 664 /etc/systemd/system/tomcat.service
>
> [root@vps init.d]# systemctl daemon-reload
>
> [root@vps init.d]# systemctl start tomcat.service Job for
> tomcat.service failed because the control process exited with
> error code. See "systemctl status tomcat.service" and "journalctl
> -xe" for details.
>
> [root@vps init.d]# systemctl status tomcat.service tomcat.service
> - The Jakarta Apache/Tomcat Server Loaded: loaded
> (/etc/systemd/system/tomcat.service; disabled; vendor preset:
> disabled) Active: failed (Result: exit-code) since Wed 2016-03-16
> 16:40:55 GMT; 18s ago Process: 4596
> ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
> status=203/EXEC)
>
> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
> Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com
> systemd[1]: tomcat.service: control process exited, code=exited
> status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to
> start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55
> vps.example.com systemd[1]: Unit tomcat.service entered failed
> state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service
> failed.
>
> tomcat7 fwiw
>
>
> # chkconfig: - 71 19 # description:  Start up the Tomcat servlet
> engine. # this is the startup file for the new version #
> 24/10/2013 by lyallex # use java 7 #
> JAVA_HOME=/usr/local/java/jdk1.6.0_07 JAVA_HOME=/opt/jdk1.7.0_45
> CATALINA_HOME=/opt/apache-tomcat-7.0.42 export JAVA_HOME
> CATALINA_HOME
> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons
>>> - -daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
>
>
>>> TOMCAT_USER=tomcat
> TMPDIR=/var/tmp PIDFILE=/var/run/tc7/jsvc.pid
>
>
> RC=0
>
> case "$1" in

Re: contextDestroyed() method not called

2016-03-19 Thread Daniel Savard 
>From the manager clicking on the Stop button for the application. For
the instance, on Windows just stop the Tomcat service, on Linux, just
run the catalina.sh stop script.
-
Daniel Savard


2016-03-17 8:47 GMT-04:00 Caldarale, Charles R :
>> From: Daniel Savard [mailto:daniel.sav...@gmail.com]
>> Subject: Re: contextDestroyed() method not called
>
> Read the mailing list rules: don't top post.
> http://tomcat.apache.org/lists.html#tomcat-users
>
>> I'm running it on Window 2012 Server as well as Linux RHEL.
>
> Ok, good to know.
>
>> And no, I am not sending a terminate signal with kill -9. That's why I
>> said I am stopping the application or the instance (both cases depict
>> the same behavior) rather than saying I am terminating it.
>
> Again, how are you doing this?
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
> MATERIAL and is thus for use only by the intended recipient. If you received 
> this in error, please contact the sender and delete the e-mail and its 
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: systemd tomcat script for Linux EL7

2016-03-19 Thread Lyallex 
But that doesn't work for ports < 1024


On 17 March 2016 at 01:47, jieryn  wrote:
> Meh. It's short and sweet and working systemd unit file.
>
> [Unit]
> Description=Apache Tomcat Web Application Container
> [Service]
> User=tomcat
> Group=tomcat
> ExecStart=/usr/share/tomcat/bin/catalina.sh run
> [Install]
> WantedBy=multi-user.target
>
>
> On Wed, Mar 16, 2016 at 8:57 PM, Christopher Schultz
>  wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> jieryn,
>>
>> On 3/16/16 1:36 PM, jieryn wrote:
>>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house
>> - -of-horror/tomcat.html
>>
>> Wow,
>>>
>> lots of ranting about environment variables and little-used PID
>> files.
>>
>> If the author only understood the reasons behind the way catalina.sh
>> works, he might not have embarrassed himself.
>>
>> It must be hard being so smart and important that you have to quit the
>> Internet for good[1].
>>
>> - -chris
>>
>> [1]
>> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth
>> or.html#SMTP
>>
>>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex 
>>> wrote:
 Apologies for dredging this up but I'm having some problems with
 this. Any ideas much appreciated.

 Ii have been forced to move from a version of centOS the used the
 old /etc/rc.d/init.d way of doing things to a new version of
 CentOS that uses systemd. The hosts can't or won't help because
 I'm using a 'non-standard setup' Basically I'm using tomcat
 standalone on port 80 to serve up my site. I use jsvc with a
 start/stop script in /etc/rc.d/init.d with symbolic links in
 rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly
 for nearly 4 years.

 I have installed Tomcat, Java and all required resources on the
 new server, I have dulpicated the configuration in /etc but
 needless to say when I restart the server Tomcat doesn't start

 Starting from the command line as root with
 /etc/rc.d/init.d/tomcat7 works as it has always done and starts
 tomcat as root then switches to an unprivileged, no login user
 (tomcat)

 I followed your instructions and came up with the following

 # touch /etc/systemd/system/tomcat.service # nano
 /etc/systemd/system/tomcat.service

 tomcat.service looks like this

 [Unit] Description=The Jakarta Apache/Tomcat Server
 After=network.target

 [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start
 ExecStop=/etc/rc.d/init.d/tomcat7 stop

 [Install] WantedBy=multi-user.target

 # chmod 664 /etc/systemd/system/tomcat.service

 [root@vps init.d]# systemctl daemon-reload

 [root@vps init.d]# systemctl start tomcat.service Job for
 tomcat.service failed because the control process exited with
 error code. See "systemctl status tomcat.service" and "journalctl
 -xe" for details.

 [root@vps init.d]# systemctl status tomcat.service tomcat.service
 - The Jakarta Apache/Tomcat Server Loaded: loaded
 (/etc/systemd/system/tomcat.service; disabled; vendor preset:
 disabled) Active: failed (Result: exit-code) since Wed 2016-03-16
 16:40:55 GMT; 18s ago Process: 4596
 ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
 status=203/EXEC)

 Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
 Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com
 systemd[1]: tomcat.service: control process exited, code=exited
 status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to
 start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55
 vps.example.com systemd[1]: Unit tomcat.service entered failed
 state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service
 failed.

 tomcat7 fwiw


 # chkconfig: - 71 19 # description:  Start up the Tomcat servlet
 engine. # this is the startup file for the new version #
 24/10/2013 by lyallex # use java 7 #
 JAVA_HOME=/usr/local/java/jdk1.6.0_07 JAVA_HOME=/opt/jdk1.7.0_45
 CATALINA_HOME=/opt/apache-tomcat-7.0.42 export JAVA_HOME
 CATALINA_HOME
 CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons
>> - -daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar


>> TOMCAT_USER=tomcat
 TMPDIR=/var/tmp PIDFILE=/var/run/tc7/jsvc.pid


 RC=0

 case "$1" in

 start)

 $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
 -Dcatalina.home=/opt/apache-tomcat-7.0.42
 -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
 -Djava.awt.headless=true \ -Xms512m \ -Xmx1024m \ -outfile
 $CATALINA_HOME/logs/catalina.out \ -errfile
 $CATALINA_HOME/logs/catalina.err \ -pidfile
 '/var/run/tc7/jsvc.pid' \
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
 \

RE: Tomcat 8 Hung State

2016-03-19 Thread Caldarale, Charles R 
> From: Theo Sweeny [mailto:theo.swe...@avios.com] 
> Subject: Tomcat 8 Hung State

> yesterday Tomcat 8 went into a hung state, because an external API went 
> offline.

> Eventually the external service was restored but Tomcat was unable to 
> recovery from it.

> When a new connection is sent to Tomcat the connection hangs as no additional 
> thread 
> can be allocated to the new request.

> Here is an example of the log -

> com.spring.application.repository.product.price.IlogPriceRepository.getPrices_aroundBody0
> (IlogPriceRepository.java:104)

Note that this is application, not Tomcat, code.

> Are there any ideas as to why Tomcat is unable to free up its threads?

Because your webapp code never returns to Tomcat.  Whatever requests your 
webapp made to the external API were likely lost, but your webapp was still 
expecting response(s).  The webapp needs to include some kind of timeout and 
recovery logic when accessing an external API to make sure it doesn't get stuck 
there forever.  Nothing Tomcat can do about anti-social behavior inside your 
webapp, other than report it.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: systemd tomcat script for Linux EL7

2016-03-19 Thread jieryn 
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house-of-horror/tomcat.html

On Wed, Mar 16, 2016 at 1:01 PM, Lyallex  wrote:
> Apologies for dredging this up but I'm having some problems with this.
> Any ideas much appreciated.
>
> Ii have been forced to move from a version of centOS the used the old
> /etc/rc.d/init.d
> way of doing things to a new version of CentOS that uses systemd. The
> hosts can't or won't help because I'm using a 'non-standard setup'
> Basically I'm using tomcat standalone on port 80 to serve up my site.
> I use jsvc with a start/stop script in /etc/rc.d/init.d with symbolic
> links in rc2.d, rc3.d. rc4.d and rc5.d This has been working
> faultlessly for nearly 4 years.
>
> I have installed Tomcat, Java and all required resources on the new
> server, I have dulpicated the configuration in /etc but needless to
> say when I restart the server Tomcat doesn't start
>
> Starting from the command line as root with /etc/rc.d/init.d/tomcat7
> works as it has always done and starts tomcat as root then switches to
> an unprivileged, no login user (tomcat)
>
> I followed your instructions and came up with the following
>
> # touch /etc/systemd/system/tomcat.service
> # nano /etc/systemd/system/tomcat.service
>
> tomcat.service looks like this
>
>  [Unit]
> Description=The Jakarta Apache/Tomcat Server
> After=network.target
>
> [Service]
> Type=forking
> ExecStart=/etc/rc.d/init.d/tomcat7 start
> ExecStop=/etc/rc.d/init.d/tomcat7 stop
>
> [Install]
> WantedBy=multi-user.target
>
> # chmod 664 /etc/systemd/system/tomcat.service
>
> [root@vps init.d]# systemctl daemon-reload
>
> [root@vps init.d]# systemctl start tomcat.service
> Job for tomcat.service failed because the control process exited with
> error code. See "systemctl status tomcat.service" and "journalctl -xe"
> for details.
>
> [root@vps init.d]# systemctl status tomcat.service
>  tomcat.service - The Jakarta Apache/Tomcat Server
>Loaded: loaded (/etc/systemd/system/tomcat.service; disabled;
> vendor preset: disabled)
>Active: failed (Result: exit-code) since Wed 2016-03-16 16:40:55 GMT; 18s 
> ago
>   Process: 4596 ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
> status=203/EXEC)
>
> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
> Apache/Tomcat Server...
> Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service: control
> process exited, code=exited status=203
> Mar 16 16:40:55 vps.example.com systemd[1]: Failed to start The
> Jakarta Apache/Tomcat Server.
> Mar 16 16:40:55 vps.example.com systemd[1]: Unit tomcat.service
> entered failed state.
> Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service failed.
>
> tomcat7 fwiw
>
>
> # chkconfig: - 71 19
> # description:  Start up the Tomcat servlet engine.
> # this is the startup file for the new version
> # 24/10/2013 by lyallex
> # use java 7
> # JAVA_HOME=/usr/local/java/jdk1.6.0_07
> JAVA_HOME=/opt/jdk1.7.0_45
> CATALINA_HOME=/opt/apache-tomcat-7.0.42
> export JAVA_HOME CATALINA_HOME
> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
> TOMCAT_USER=tomcat
> TMPDIR=/var/tmp
> PIDFILE=/var/run/tc7/jsvc.pid
>
>
> RC=0
>
> case "$1" in
>
>   start)
>
>$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
> -Dcatalina.home=/opt/apache-tomcat-7.0.42
> -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
> -Djava.awt.headless=true \
>  -Xms512m \
>  -Xmx1024m \
>  -outfile $CATALINA_HOME/logs/catalina.out \
>  -errfile $CATALINA_HOME/logs/catalina.err \
>  -pidfile '/var/run/tc7/jsvc.pid' \
>  -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
>  -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
>  -cp $CLASSPATH  \
>  org.apache.catalina.startup.Bootstrap
>
> RC=$?
>
> [ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
> echo "starting tomcat7 on darkstar with:"
> echo "JAVA_HOME=$JAVA_HOME"
> echo "CATALINA_HOME=$CATALINA_HOME"
> echo "CLASSPATH=$CLASSPATH"
> echo "tomcat started"
>
>echo "CLASSPATH=$CLASSPATH"
> echo "tomcat started"
> ;;
>
>   stop)
>
> PID=`cat /var/run/tc7/jsvc.pid`
> kill $PID
>
>RC=$?
>
> [ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
> echo "stopping tomcat7 on darkstar with:"
> echo "JAVA_HOME=$JAVA_HOME"
> echo "CATALINA_HOME=$CATALINA_HOME"
> echo "CLASSPATH=$CLASSPATH"
>
> echo "tomcat stopped"
> ;;
>
>   *)
> echo "Usage: $0 {start|stop}"
> exit 1
> esac
> exit $RC
>
>
>
> TIA
> Lyallex
>
>
> On 5 June 2015 at 13:37, Ray Holme  wrote:
>> That looks OK, but I would suggest the following.
>> Put all the real stuff in a standard bash script with 3 parameters   start, 
>> stop, restart- pretty much like the OLD system 5 way fo doing things.This 
>> has the advantage

Re: Tomcat 8 Hung State

2016-03-19 Thread Mark Thomas 
On 17 March 2016 16:13:28 GMT+00:00, Theo Sweeny  wrote:
>Hello - yesterday Tomcat 8 went into a hung state, because an external
>API went offline.
>
>
>Eventually the external service was restored but Tomcat was unable to
>recovery from it.
>
>
>When a new connection is sent to Tomcat the connection hangs as no
>additional thread can be allocated to the new request.
>
>
>Here is an example of the log -
>
>
>17-Mar-2016 15:53:36.671 WARNING
>[ContainerBackgroundProcessor[StandardEngine[Catalina].StandardHost[localhost]]]
>org.apache.catalina.valves.StuckThreadDetectionValve.notifyStuckThreadDetected
>Thread "http-nio-10180-exec-40" (id=422) has been active for 33,717
>milliseconds (since 3/17/16 3:53 PM) to serve the same request for
>http://localhost:10180/retrieve-1.2/retrieve-prices and may be stuck
>(configured threshold for this StuckThreadDetectionValve is 30
>seconds). There is/are 1 thread(s) in total that are monitored by this
>Valve and may be stuck.
> java.lang.Throwable
>at sun.misc.Unsafe.park(Native Method)
>   at java.util.concurrent.locks.LockSupport.park(LockSupport.java:186)
>at java.util.concurrent.FutureTask.awaitDone(FutureTask.java:425)
>at java.util.concurrent.FutureTask.get(FutureTask.java:187)
>at
>com.spring.application.repository.product.price.IlogPriceRepository.getPrices_aroundBody0(IlogPriceRepository.java:104)
>at
>com.spring.application.repository.product.price.IlogPriceRepository$AjcClosure1.run(IlogPriceRepository.java:1)
>at
>org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>at
>com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
>at
>com.spring.application.repository.product.price.IlogPriceRepository.getPrices(IlogPriceRepository.java:86)
>at
>com.spring.application.repository.product.price.IlogPriceRepository$$FastClassBySpringCGLIB$$142c62f1.invoke()
>at
>org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>at
>org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717)
>at
>org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>at
>org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)
>at
>org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>at
>org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
>at
>com.spring.application.repository.product.price.IlogPriceRepository$$EnhancerBySpringCGLIB$$4fdb7af0.getPrices()
>at
>com.spring.application.service.product.price.RealTimePriceApplicationService.getPrices_aroundBody0(RealTimePriceApplicationService.java:48)
>at
>com.spring.application.service.product.price.RealTimePriceApplicationService$AjcClosure1.run(RealTimePriceApplicationService.java:1)
>at
>org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>at
>com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
>at
>com.spring.application.service.product.price.RealTimePriceApplicationService.getPrices(RealTimePriceApplicationService.java:47)
>at
>com.spring.application.service.product.price.GetPriceApplicationController.getPrices_aroundBody0(GetPriceApplicationController.java:74)
>at
>com.spring.application.service.product.price.GetPriceApplicationController$AjcClosure1.run(GetPriceApplicationController.java:1)
>at
>org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>at
>com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
>at
>com.spring.application.service.product.price.GetPriceApplicationController.getPrices(GetPriceApplicationController.java:70)
>at sun.reflect.GeneratedMethodAccessor1306.invoke(Unknown Source)
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>at java.lang.reflect.Method.invoke(Method.java:606)
>at
>org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
>at
>org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
>at
>org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
>at
>org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:777)
>at
>org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:706)
>at
>org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
>at
>org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:943)
>at

Re: Tomcat 8 Hung State

2016-03-19 Thread Theo Sweeny 
Hi Mark,


From: Mark Thomas 
Sent: 17 March 2016 17:36
To: Tomcat Users List
Subject: Re: Tomcat 8 Hung State

On 17 March 2016 16:13:28 GMT+00:00, Theo Sweeny  wrote:
>Hello - yesterday Tomcat 8 went into a hung state, because an external
>API went offline.
>
>
>Eventually the external service was restored but Tomcat was unable to
>recovery from it.
>
>
>When a new connection is sent to Tomcat the connection hangs as no
>additional thread can be allocated to the new request.
>
>
>Here is an example of the log -
>
>
>17-Mar-2016 15:53:36.671 WARNING
>[ContainerBackgroundProcessor[StandardEngine[Catalina].StandardHost[localhost]]]
>org.apache.catalina.valves.StuckThreadDetectionValve.notifyStuckThreadDetected
>Thread "http-nio-10180-exec-40" (id=422) has been active for 33,717
>milliseconds (since 3/17/16 3:53 PM) to serve the same request for
>http://localhost:10180/retrieve-1.2/retrieve-prices and may be stuck
>(configured threshold for this StuckThreadDetectionValve is 30
>seconds). There is/are 1 thread(s) in total that are monitored by this
>Valve and may be stuck.
> java.lang.Throwable
>at sun.misc.Unsafe.park(Native Method)
>   at java.util.concurrent.locks.LockSupport.park(LockSupport.java:186)
>at java.util.concurrent.FutureTask.awaitDone(FutureTask.java:425)
>at java.util.concurrent.FutureTask.get(FutureTask.java:187)
>at
>com.spring.application.repository.product.price.IlogPriceRepository.getPrices_aroundBody0(IlogPriceRepository.java:104)
>at
>com.spring.application.repository.product.price.IlogPriceRepository$AjcClosure1.run(IlogPriceRepository.java:1)
>at
>org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>at
>com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
>at
>com.spring.application.repository.product.price.IlogPriceRepository.getPrices(IlogPriceRepository.java:86)
>at
>com.spring.application.repository.product.price.IlogPriceRepository$$FastClassBySpringCGLIB$$142c62f1.invoke()
>at
>org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>at
>org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717)
>at
>org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>at
>org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)
>at
>org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>at
>org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
>at
>com.spring.application.repository.product.price.IlogPriceRepository$$EnhancerBySpringCGLIB$$4fdb7af0.getPrices()
>at
>com.spring.application.service.product.price.RealTimePriceApplicationService.getPrices_aroundBody0(RealTimePriceApplicationService.java:48)
>at
>com.spring.application.service.product.price.RealTimePriceApplicationService$AjcClosure1.run(RealTimePriceApplicationService.java:1)
>at
>org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>at
>com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
>at
>com.spring.application.service.product.price.RealTimePriceApplicationService.getPrices(RealTimePriceApplicationService.java:47)
>at
>com.spring.application.service.product.price.GetPriceApplicationController.getPrices_aroundBody0(GetPriceApplicationController.java:74)
>at
>com.spring.application.service.product.price.GetPriceApplicationController$AjcClosure1.run(GetPriceApplicationController.java:1)
>at
>org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>at
>com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
>at
>com.spring.application.service.product.price.GetPriceApplicationController.getPrices(GetPriceApplicationController.java:70)
>at sun.reflect.GeneratedMethodAccessor1306.invoke(Unknown Source)
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>at java.lang.reflect.Method.invoke(Method.java:606)
>at
>org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
>at
>org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
>at
>org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
>at
>org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:777)
>at
>org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:706)
>at

Re: Apache+SSL+Tomcat+WebSocket

2016-03-19 Thread Mark Eggers 
On 3/17/2016 3:30 PM, Edwin Quijada wrote:
> Hi! I am trying to install apache+SSL+Tomcat with my app that use
> websocket. I read that websocket doesnt connect with tomcat and
> apache like proxy.
> 
> I need information where I can connect this now I have installed
> Apache with SSL and Tomcat not connected yet. The scenario is this
> 
> 
> BROWSE ===ssl===> APACHE WEBSERVER >TOMCAT APP
> 
> 
> The app use websocket with the client , Can I use websocket in this
> scenario ?
> 
> What module is better for this job mod_proxy or mod_jk?
> 
> 
> I am using Apache 2.4.7, Tomcat 8.0.32 , Ubuntu Server 14.04
> 
> 
> Thks
> 

LMGTFY:

https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html

I have no idea if this works with a Tomcat 8.0.32 back end.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Tomcat 8 Hung State

2016-03-19 Thread Theo Sweeny 
Hello - yesterday Tomcat 8 went into a hung state, because an external API went 
offline.


Eventually the external service was restored but Tomcat was unable to recovery 
from it.


When a new connection is sent to Tomcat the connection hangs as no additional 
thread can be allocated to the new request.


Here is an example of the log -


17-Mar-2016 15:53:36.671 WARNING 
[ContainerBackgroundProcessor[StandardEngine[Catalina].StandardHost[localhost]]]
 org.apache.catalina.valves.StuckThreadDetectionValve.notifyStuckThreadDetected 
Thread "http-nio-10180-exec-40" (id=422) has been active for 33,717 
milliseconds (since 3/17/16 3:53 PM) to serve the same request for 
http://localhost:10180/retrieve-1.2/retrieve-prices and may be stuck 
(configured threshold for this StuckThreadDetectionValve is 30 seconds). There 
is/are 1 thread(s) in total that are monitored by this Valve and may be stuck.
 java.lang.Throwable
at sun.misc.Unsafe.park(Native Method)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:186)
at java.util.concurrent.FutureTask.awaitDone(FutureTask.java:425)
at java.util.concurrent.FutureTask.get(FutureTask.java:187)
at 
com.spring.application.repository.product.price.IlogPriceRepository.getPrices_aroundBody0(IlogPriceRepository.java:104)
at 
com.spring.application.repository.product.price.IlogPriceRepository$AjcClosure1.run(IlogPriceRepository.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at 
com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
at 
com.spring.application.repository.product.price.IlogPriceRepository.getPrices(IlogPriceRepository.java:86)
at 
com.spring.application.repository.product.price.IlogPriceRepository$$FastClassBySpringCGLIB$$142c62f1.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at 
org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
at 
com.spring.application.repository.product.price.IlogPriceRepository$$EnhancerBySpringCGLIB$$4fdb7af0.getPrices()
at 
com.spring.application.service.product.price.RealTimePriceApplicationService.getPrices_aroundBody0(RealTimePriceApplicationService.java:48)
at 
com.spring.application.service.product.price.RealTimePriceApplicationService$AjcClosure1.run(RealTimePriceApplicationService.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at 
com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
at 
com.spring.application.service.product.price.RealTimePriceApplicationService.getPrices(RealTimePriceApplicationService.java:47)
at 
com.spring.application.service.product.price.GetPriceApplicationController.getPrices_aroundBody0(GetPriceApplicationController.java:74)
at 
com.spring.application.service.product.price.GetPriceApplicationController$AjcClosure1.run(GetPriceApplicationController.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at 
com.spring.framework.aspects.LoggingAspect.logMethodEntryAndExit(LoggingAspect.java:61)
at 
com.spring.application.service.product.price.GetPriceApplicationController.getPrices(GetPriceApplicationController.java:70)
at sun.reflect.GeneratedMethodAccessor1306.invoke(Unknown Source)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at 
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
at 
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
at 
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at 
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:777)
at 
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:706)
at 
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:943)
at

porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Lyallex 
I thought you might be interested in the resolution to this.

It turns out that we needed to reproduce the environment in tomcat.service

For some reason

ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
(file shown at the end of this message)

Instead, in  /etc/systemd/system/tomcat.service
we have had to reproduce the environment in longhand to get it to work.
It appears that systemd doesn't expand variables so I really need to
investigate the systemd Environment thing a bit more.
Anyway, when I shutdown -r now the server comes back up and tomcat is
running at the unprivileged tomcat user on port 80 so that's a result

== /etc/systemd/system/tomcat.service 
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking
User=root

ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
-user tomcat \
-home /opt/jdk1.7.0_45 \
-Dcatalina.home=/opt/apache-tomcat-7.0.42 \
-Dcatalina.base=/opt/apache-tomcat-7.0.42 \
-Djava.io.tmpdir=/var/tmp \
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
-errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
-pidfile /var/run/tc7/jsvc.pid \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
\
-cp 
/opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
\
org.apache.catalina.startup.Bootstrap

ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid

[Install]
WantedBy=multi-user.target


Oh happy day
Thanks again to all responders

Lyallex

= /etc/rc.d/init.d/tomcat7  =

JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid


RC=0

case "$1" in

  start)

   $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
 -Xms512m \
 -Xmx1024m \
 -outfile $CATALINA_HOME/logs/catalina.out \
 -errfile $CATALINA_HOME/logs/catalina.err \
 -pidfile '/var/run/tc7/jsvc.pid' \
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
 -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
 -cp $CLASSPATH  \
 org.apache.catalina.startup.Bootstrap

RC=$?

[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;

  stop)

PID=`cat /var/run/tc7/jsvc.pid`
kill $PID

   RC=$?

[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"

echo "tomcat stopped"
;;

  *)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Apache+SSL+Tomcat+WebSocket

2016-03-19 Thread Edwin Quijada 
Hi!
I am trying to install apache+SSL+Tomcat with my app that use websocket. I read 
that websocket doesnt connect with tomcat and apache like proxy.

 I need information where I can connect this now I have installed Apache with 
SSL and Tomcat not connected yet. The scenario is this


BROWSE ===ssl===> APACHE WEBSERVER >TOMCAT APP


The app use websocket with the client , Can I use websocket in this scenario ?

What module is better for this job mod_proxy or mod_jk?


I am using Apache 2.4.7, Tomcat 8.0.32 , Ubuntu Server 14.04


Thks