Dealing with an insecure Struts application on Tomcat

[Alan F]

I am looking at security steps to mitigate issues with a 1.x Struts based app.

I have recommended the following until an upgrade resource is available

Remove application from current shared datasource
Remediate high risk CVE scored vulnerabilities (x4 with high EPSS rating)
Reduce exposure to internal audience.
Create new db and instance for above isolated datasource

Would you take it further and ensure this runs on it's own separate Tomcat 
instance?
Any other recommendations?

Where do find debug logging

[Alan F]

We have some applications which are pushing out to their own applogs clearly 
showing 'Debug' on most lines with a large amount of data and CI.

I would like to find out where the app team are setting this level, I have 
check in the obvious in the war files as it's a Spring Boot app in 
application.properties and logback.xml but mention error only there. Any advice 
appreciated thanks

RE: Tomcat Deployment scripts

[Alan F]

This is great thankyou Thomas. Just wondering how secure this is, prefer to be 
able to deploy with a non 'admin' account does this support a deploy only 
profile there?



-Original Message-
From: Thomas Hoffmann (Speed4Trade GmbH) 
 
Sent: 29 June 2023 09:08
To: Tomcat Users List 
Subject: AW: Tomcat Deployment scripts

Hello Alan,

> Von: Alan F  
> Gesendet: Mittwoch, 28. Juni 2023 18:24
> An: users@tomcat.apache.org
> Betreff: Tomcat Deployment scripts
>
> Anyone have an example deployment script or method used to deploy a simple 
> war and context root, also with rollback preferably. 
>
> Thanks

you could use tomcat-manager.
A war file can be deployed using curl for example:
https://stackoverflow.com/questions/4432684/tomcat-manager-remote-deploy-script

Greetings, Thomas

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat Deployment scripts

[Alan F]

Anyone have an example deployment script or method used to deploy a simple war 
and context root, also with rollback preferably.

Thanks

tomcat logging

[Alan F]

Tomcat logging

I would like to add a delimiter or characters " "  around {user-agent} for 
logging,  I wanted it in double quotes for example "Mozilla 5.0.."  but can't 
seem to make it work. Or even adding a # symbol before would help any ideas?

Thanks

 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Constant errors in Tomcat logs

[Alan F]

HI I have a Tomcat clustered pair running, I see this 3 times a minute in the 
logs. I don't see this IP in server.xml I do have a DEV Tomcat pair is this 
somehow interfering? 

06-Jun-2022 11:15:18.836 WARNING [Catalina-utility-2] 
org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.performBasicCheck
 Member added, even though we weren't 
notified:[org.apache.catalina.tribes.membership.MemberImpl[tcp://{192, 168, 
217, 57}:4102,{192, 168, 217, 57},4102, alive=3547745427, securePort=-1, UDP 
Port=-1, id={-119 -107 23 88 119 -39 74 -49 -118 57 -61 -49 -28 -91 11 43 }, 
payload={}, command={}, domain={}]]

403 whilst reading from ROOT

[Alan F]

Im trying to read robots.txt from '/' on a few tomcat servers to block web 
search engines. Obviously placed the txt file in ./webapps/ROOT/

Works fine on a few tomcat hosts that have identical server.xml / web.xml  so 
im puzzled as to why these two Tomcat servers are blocking requests, obviously 
something is different. Ive checked ./Catalina/localhost and see some 
restrictions here but only apply to /webapps/manager

Im not sure where else to look?



The error im seeing is:

HTTP Status 403 - Forbidden

Type Status Report
Description The server understood the request but refuses to authorize it.

RE: help with high cpu usage

[Alan F]

Hello Thomas,

Thanks for your input here, what's your weapon of choice to identify this 
thread bar thread dump? I just downloaded jvmtop from github but that didn't 
seem to give me any clue at all about independent threads.

Cheers

Alan

-Original Message-
From: Thomas Hoffmann (Speed4Trade GmbH) 
 
Sent: 04 February 2022 09:18
To: Tomcat Users List 
Subject: AW: help with high cpu usage

Hello,

when I encounter high CPU usage, it's best to identify the thread Id which is 
eating CPU.
Making a thread dump, you can then search for  the thread id within this dump.
This works good for long lasting threads. If the CPU eating thread changes 
quickly, it's harder to figure out.

Greetings,
Thomas

Von: Alan F 
Gesendet: Freitag, 4. Februar 2022 00:02:49
An: Tomcat Users List
Betreff: Re: help with high cpu usage

John thanks so much !! Will pass this on tomorrow. Cheers.

From: john.e.gr...@wellsfargo.com.INVALID 
Sent: 03 February 2022 22:45
To: users@tomcat.apache.org 
Subject: RE: help with high cpu usage

Alan,


> -Original Message-
> From: Alan F 
> Sent: Thursday, February 03, 2022 2:51 PM
> To: Tomcat Users List 
> Subject: RE: help with high cpu usage
>
> My bad here are the correct dumps 10 secs apart
>
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyL
> TRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0&__;!!F9svGWnIaVPGSwU!-
> fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG
> st67ghaaLsg$
>
>
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRi
> LTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0&__;!!F9svGWnIaVPGSwU!-
> fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG
> st67j-3O5xU$
>
>
>
>
> -Original Message-
> From: john.e.gr...@wellsfargo.com.INVALID
> 
> Sent: 03 February 2022 19:33
> To: users@tomcat.apache.org
> Subject: RE: help with high cpu usage
>
> Alan,
>
>
> > -Original Message-
> > From: Alan F 
> > Sent: Thursday, February 03, 2022 12:19 PM
> > To: Tomcat Users List 
> > Subject: help with high cpu usage
> >
> > Had some issues today with one prod host. One is fine the other has 
> > stuck around 80%Cpu.
> > Ive taken a thread dump from both hosts and would appreciate someone 
> > give a once over what it may be before I kill and restart. They are 
> > clustered nodes so running identical apps and loadbalanced by a 
> > hardware
> balancer.
> >
> > Node1 is ok (relatively!)
> > https://urldefense.com/v3/__https://fastthread.io/my-thread-
> >
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ
> >
> 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc
> > RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl-
> > Fk2pQ$
> >
> >
> > Node 2 still has high CPU usage
> > https://urldefense.com/v3/__https://fastthread.io/my-thread-
> >
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL
> >
> TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9
> > 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-
> > mDKbTl_dmUSa0LaAolXlhipkmLFr3E$
>
> Taking thread dumps was a good idea but I see very little activity on node 2.
> It looks like two threads are in Hibernate's
> EntityEntryContext.downgradeLocks() method, one is taking the thread 
> dump itself, and another is reading a request from a client, I think.  
> I would not expect this to add up to 80% CPU usage unless one of those 
> threads is stuck in a loop.  Comparing multiple thread dumps taken 
> 5-10 seconds apart would help answer this question.  How much GC is 
> there?  Could these Hibernate queries be pulling a huge amount of data 
> from the DB, thus causing a lot of GC activity?
>
> Node 1 looks idle except for the thread taking the thread dump.
>
> Do you know for sure that it's the Tomcat process that is using the CPU?

Of the 3 dumps from the same node, the first two are 3 hours apart, yet the two 
query threads seem to still be doing the same thing.  (I verified that the 
timestamps in the dumps are different but maybe I made a mistake.)  They are 
both making the Hibernate downgradeLocks call.  This is occurring in the 
context of committing a transaction.  That definitely makes it look like those 
threads are somehow either stuck or are looping.

The 3rd dump has those same two threads actually making queries to Oracle.  So 
within about 10 seconds, we have two threads committing transactions followed 
by making additional queries.

Definitely show these to the developers if you haven't already.

I didn't fo

Re: help with high cpu usage

[Alan F]

John thanks so much !! Will pass this on tomorrow. Cheers.

From: john.e.gr...@wellsfargo.com.INVALID 
Sent: 03 February 2022 22:45
To: users@tomcat.apache.org 
Subject: RE: help with high cpu usage

Alan,


> -Original Message-
> From: Alan F 
> Sent: Thursday, February 03, 2022 2:51 PM
> To: Tomcat Users List 
> Subject: RE: help with high cpu usage
>
> My bad here are the correct dumps 10 secs apart
>
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyL
> TRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0&__;!!F9svGWnIaVPGSwU!-
> fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG
> st67ghaaLsg$
>
>
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRi
> LTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0&__;!!F9svGWnIaVPGSwU!-
> fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG
> st67j-3O5xU$
>
>
>
>
> -Original Message-
> From: john.e.gr...@wellsfargo.com.INVALID
> 
> Sent: 03 February 2022 19:33
> To: users@tomcat.apache.org
> Subject: RE: help with high cpu usage
>
> Alan,
>
>
> > -Original Message-
> > From: Alan F 
> > Sent: Thursday, February 03, 2022 12:19 PM
> > To: Tomcat Users List 
> > Subject: help with high cpu usage
> >
> > Had some issues today with one prod host. One is fine the other has
> > stuck around 80%Cpu.
> > Ive taken a thread dump from both hosts and would appreciate someone
> > give a once over what it may be before I kill and restart. They are
> > clustered nodes so running identical apps and loadbalanced by a hardware
> balancer.
> >
> > Node1 is ok (relatively!)
> > https://urldefense.com/v3/__https://fastthread.io/my-thread-
> >
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ
> >
> 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc
> > RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl-
> > Fk2pQ$
> >
> >
> > Node 2 still has high CPU usage
> > https://urldefense.com/v3/__https://fastthread.io/my-thread-
> >
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL
> >
> TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9
> > 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-
> > mDKbTl_dmUSa0LaAolXlhipkmLFr3E$
>
> Taking thread dumps was a good idea but I see very little activity on node 2.
> It looks like two threads are in Hibernate's
> EntityEntryContext.downgradeLocks() method, one is taking the thread
> dump itself, and another is reading a request from a client, I think.  I would
> not expect this to add up to 80% CPU usage unless one of those threads is
> stuck in a loop.  Comparing multiple thread dumps taken 5-10 seconds apart
> would help answer this question.  How much GC is there?  Could these
> Hibernate queries be pulling a huge amount of data from the DB, thus
> causing a lot of GC activity?
>
> Node 1 looks idle except for the thread taking the thread dump.
>
> Do you know for sure that it's the Tomcat process that is using the CPU?

Of the 3 dumps from the same node, the first two are 3 hours apart, yet the two 
query threads seem to still be doing the same thing.  (I verified that the 
timestamps in the dumps are different but maybe I made a mistake.)  They are 
both making the Hibernate downgradeLocks call.  This is occurring in the 
context of committing a transaction.  That definitely makes it look like those 
threads are somehow either stuck or are looping.

The 3rd dump has those same two threads actually making queries to Oracle.  So 
within about 10 seconds, we have two threads committing transactions followed 
by making additional queries.

Definitely show these to the developers if you haven't already.

I didn't follow what you said about the GC.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: help with high cpu usage

[Alan F]

My bad here are the correct dumps 10 secs apart

https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyLTRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0;


https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRiLTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0;




-Original Message-
From: john.e.gr...@wellsfargo.com.INVALID  
Sent: 03 February 2022 19:33
To: users@tomcat.apache.org
Subject: RE: help with high cpu usage

Alan,


> -Original Message-
> From: Alan F 
> Sent: Thursday, February 03, 2022 12:19 PM
> To: Tomcat Users List 
> Subject: help with high cpu usage
> 
> Had some issues today with one prod host. One is fine the other has 
> stuck around 80%Cpu.
> Ive taken a thread dump from both hosts and would appreciate someone 
> give a once over what it may be before I kill and restart. They are 
> clustered nodes so running identical apps and loadbalanced by a hardware 
> balancer.
> 
> Node1 is ok (relatively!)
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ
> 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc
> RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl-
> Fk2pQ$
> 
> 
> Node 2 still has high CPU usage
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL
> TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9
> 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-
> mDKbTl_dmUSa0LaAolXlhipkmLFr3E$

Taking thread dumps was a good idea but I see very little activity on node 2.  
It looks like two threads are in Hibernate's 
EntityEntryContext.downgradeLocks() method, one is taking the thread dump 
itself, and another is reading a request from a client, I think.  I would not 
expect this to add up to 80% CPU usage unless one of those threads is stuck in 
a loop.  Comparing multiple thread dumps taken 5-10 seconds apart would help 
answer this question.  How much GC is there?  Could these Hibernate queries be 
pulling a huge amount of data from the DB, thus causing a lot of GC activity?

Node 1 looks idle except for the thread taking the thread dump.

Do you know for sure that it's the Tomcat process that is using the CPU?

RE: help with high cpu usage

[Alan F]

HI John,

Thankyou kindly for taking the time here. 

First of all looking back at the historical chart for the day I observed node 2 
rise in cpu activity about 11am this morning and stayed high node1 has dropped 
back to idle.


##Do you know for sure that its the Tomcat process that is using the CPU?##
A simple top -i showing the only process still running here at 189% is a java 
process under tomcat account.

24667 tomcat20   0  365.6g  17.2g  23080 S 189.7 54.9   2663:45 java

I have taken 2 dumps here 10 secs apart if this helps at all? 

https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyLTRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0;


https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yMzFjOGYzZS01MjYzLTRiYWYtOTJjMS1jN2RiMWRlZmEwN2QudHh0;


We do have Prometheus hooked in via jmx with Grafana but im struggling to see 
anything glaring apart from GC I see old Gen taking about 5hrs before it drops 
back one node2 as opposed to 3 on node 1. 



-Original Message-
From: john.e.gr...@wellsfargo.com.INVALID  
Sent: 03 February 2022 19:33
To: users@tomcat.apache.org
Subject: RE: help with high cpu usage

Alan,


> -Original Message-
> From: Alan F 
> Sent: Thursday, February 03, 2022 12:19 PM
> To: Tomcat Users List 
> Subject: help with high cpu usage
> 
> Had some issues today with one prod host. One is fine the other has 
> stuck around 80%Cpu.
> Ive taken a thread dump from both hosts and would appreciate someone 
> give a once over what it may be before I kill and restart. They are 
> clustered nodes so running identical apps and loadbalanced by a hardware 
> balancer.
> 
> Node1 is ok (relatively!)
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ
> 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc
> RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl-
> Fk2pQ$
> 
> 
> Node 2 still has high CPU usage
> https://urldefense.com/v3/__https://fastthread.io/my-thread-
> report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL
> TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9
> 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-
> mDKbTl_dmUSa0LaAolXlhipkmLFr3E$

Taking thread dumps was a good idea but I see very little activity on node 2.  
It looks like two threads are in Hibernate's 
EntityEntryContext.downgradeLocks() method, one is taking the thread dump 
itself, and another is reading a request from a client, I think.  I would not 
expect this to add up to 80% CPU usage unless one of those threads is stuck in 
a loop.  Comparing multiple thread dumps taken 5-10 seconds apart would help 
answer this question.  How much GC is there?  Could these Hibernate queries be 
pulling a huge amount of data from the DB, thus causing a lot of GC activity?

Node 1 looks idle except for the thread taking the thread dump.

Do you know for sure that it's the Tomcat process that is using the CPU?

help with high cpu usage

[Alan F]

Had some issues today with one prod host. One is fine the other has stuck 
around 80%Cpu. 
Ive taken a thread dump from both hosts and would appreciate someone give a 
once over what it may be before I kill and restart. They are clustered nodes so 
running identical apps and loadbalanced by a hardware balancer.

Node1 is ok (relatively!)
https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0;


Node 2 still has high CPU usage
https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhLTQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0;

RE: Tomcat 9 Session replication

[Alan F]

Many thanks Mark! 

-Original Message-
From: Mark Thomas  
Sent: 01 February 2022 09:25
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication

On 31/01/2022 14:54, Alan F wrote:
> Many thanks Chris,
> 
> Don't laugh I was looking at those values after Keiichi kindly mentioned this 
> too (thankyou!)  and was thinking hmm where is 15 no mention! Ok makes sense 
> now.
> 
> Im trying to find out why we chose static, I think it was a guess at trying 
> to stop the multicast interference from other hosts. I think we just had it 
> all set wrong to start with.
> 
> Looking at many online examples like here 
> https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html is what i looked 
> would this suffice?
> 
> If you could recommend the params I need just for two hosts to talk without 
> interference ie specifying group or unique id etc.

This is a working static cluster example from my 4-node test cluster.

https://people.apache.org/~markt/dev/server-static-cluster-example.xml

Things you'll need to change:
- the jvmRoute on the Engine element
   - must be unique for each node
   - must match the reverse proxy config for sticky sessions to work
- you'll only need two members
- LocalMember needs to be correct on each node
- The address attribute of the receiver needs to be correct on each node

Mark

> 
> -Original Message-
> From: Christopher Schultz 
> Sent: 31 January 2022 14:46
> To: users@tomcat.apache.org
> Subject: Re: Tomcat 9 Session replication
> 
> All,
> 
> On 1/31/22 08:04, Keiichi Fujino wrote:
>> If you use StaticMembershipService, you must set 
>> Cluster#channelStartOptions to 15 (default).
> 
> To spell that out (since the docs aren't very explicit), the value of "15" is 
> the combination of the following flags:
> 
> SND_RX_SEQ (1) - Starts the data receiver.
> SND_TX_SEQ (2) - Starts the data transmitter ("sender").
> MBR_RX_SEQ (4) - Starts the membership receiver ("listener").
> MBR_TX_SEQ (8) - Starts the membership transmitter ("broadcaster").
>   |= 15 (0xf)
> 
> I'm curious why, if one is using static membership, are the membership 
> transmitter and receiver flags required? It seems to be that the membership 
> should remain static and therefore no membership comms shuould be required. 
> Are those important to ensure that the cluster members (through static) are 
> actually present during operation?
> 
> -chris
> 
>> 2022年1月31日(月) 16:47 Alan F :
>>
>>> OK with your advice I tried what I thought would work from example 
>>> and doesn't at all. The old example below works but this doesn’t 
>>> even detect members.
>>>
>>> Below is example to which Im using on both nodes which are remote to 
>>> eachother.
>>>
>>>
>>> >>  channelSendOptions="8" channelStartOptions = "3">
>>> >>  expireSessionsOnShutdown="false"
>>>  notifyListenersOnReplication="true"/>
>>>
>>> >> className="org.apache.catalina.tribes.group.GroupChannel">
>>>
>>>   >> className="org.apache.catalina.tribes.membership.StaticMembershipService">
>>>   >> className="org.apache.catalina.tribes.membership.StaticMember"
>>> port="4110"
>>> host="local-tomcat"
>>> domain="tomcat-pc2"
>>>
>>> uniqueId="{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,0}" />
>>>   >> className="org.apache.catalina.tribes.membership.StaticMember"
>>> port="4110"
>>> host="remote-tomcat"
>>> domain="tomcat-pc2"
>>>
>>> uniqueId="{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}" />
>>>   
>>>
>>>  >> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>>>address="local-tomcat"
>>>port="4110"
>>>autoBind="9"
>>>selectorTimeout="2000"
>>>maxThreads="6"/>
>>>
>>>  >> className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>>>   

RE: Tomcat 9 Session replication

[Alan F]

Many thanks Chris,

Don't laugh I was looking at those values after Keiichi kindly mentioned this 
too (thankyou!)  and was thinking hmm where is 15 no mention! Ok makes sense 
now. 

Im trying to find out why we chose static, I think it was a guess at trying to 
stop the multicast interference from other hosts. I think we just had it all 
set wrong to start with. 

Looking at many online examples like here 
https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html is what i looked 
would this suffice? 

If you could recommend the params I need just for two hosts to talk without 
interference ie specifying group or unique id etc. 

-Original Message-
From: Christopher Schultz  
Sent: 31 January 2022 14:46
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication

All,

On 1/31/22 08:04, Keiichi Fujino wrote:
> If you use StaticMembershipService, you must set 
> Cluster#channelStartOptions to 15 (default).

To spell that out (since the docs aren't very explicit), the value of "15" is 
the combination of the following flags:

SND_RX_SEQ (1) - Starts the data receiver.
SND_TX_SEQ (2) - Starts the data transmitter ("sender").
MBR_RX_SEQ (4) - Starts the membership receiver ("listener").
MBR_TX_SEQ (8) - Starts the membership transmitter ("broadcaster").
 |= 15 (0xf)

I'm curious why, if one is using static membership, are the membership 
transmitter and receiver flags required? It seems to be that the membership 
should remain static and therefore no membership comms shuould be required. Are 
those important to ensure that the cluster members (through static) are 
actually present during operation?

-chris

> 2022年1月31日(月) 16:47 Alan F :
> 
>> OK with your advice I tried what I thought would work from example 
>> and doesn't at all. The old example below works but this doesn’t even 
>> detect members.
>>
>> Below is example to which Im using on both nodes which are remote to 
>> eachother.
>>
>>
>> > channelSendOptions="8" channelStartOptions = "3">
>>> expireSessionsOnShutdown="false"
>> notifyListenersOnReplication="true"/>
>>
>>> className="org.apache.catalina.tribes.group.GroupChannel">
>>
>>  > className="org.apache.catalina.tribes.membership.StaticMembershipService">
>>  > className="org.apache.catalina.tribes.membership.StaticMember"
>>port="4110"
>>host="local-tomcat"
>>domain="tomcat-pc2"
>>
>> uniqueId="{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,0}" />
>>  > className="org.apache.catalina.tribes.membership.StaticMember"
>>port="4110"
>>host="remote-tomcat"
>>domain="tomcat-pc2"
>>
>> uniqueId="{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}" />
>>  
>>
>> > className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>>   address="local-tomcat"
>>   port="4110"
>>   autoBind="9"
>>   selectorTimeout="2000"
>>   maxThreads="6"/>
>>
>> > className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>>  > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
>> 
>>
>> > className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor"
>> staticOnly="true"/>
>> > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"
>> />
>> > className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
>> > className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/>
>> > className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor">
>> 
>>
>>
>>
>>> filter=""/>
>>> className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
>>
>>> className="org.apache.catalina.ha.deploy.FarmWarDeployer"
>>  tempDir="/op

RE: Tomcat 9 Session replication

[Alan F]

OK with your advice I tried what I thought would work from example and doesn't 
at all. The old example below works but this doesn’t even detect members. 

Below is example to which Im using on both nodes which are remote to eachother. 
 


  

  






   

   

   

   
   
   
   
   
   

  

  
  
  
  
  
 


-Original Message-
From: Mark Thomas  
Sent: 28 January 2022 18:15
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication

On 28/01/2022 17:05, Alan F wrote:
> We are currently getting traffic from all cluster members in other 
> environments using .staticmember opposed to multicast can I confirm why this 
> is see below.
> 
> What do we need to set here for a clustered pair to make them unique 
> and talk to eachother only without seeing traffic from other members 
> in Catalina.out
> 
> This is how they are currently configured as you can see only difference 
> between nodes is the receiver and member ips are reversed. Im concerned 
> uniqueID is the same, do we also need to specify domain?

uniqueID should be unique at least within the subnet, ideally globally.

Yes, you should use a separate domain for each cluster.

Looking at your config:

You are missing the local member definition 
https://tomcat.apache.org/tomcat-10.0-doc/config/cluster-interceptor.html#Static_Membership

The deployer should be defined under the cluster, not under an interceptor.

Mark

> 
> WE have hostname A and B if you could check below:
> 
> HOSTNAME A config
> 
> 
> 
>  channelSendOptions="8">
> expireSessionsOnShutdown="false"
> notifyListenersOnReplication="true"/>
> 
> 
> 
>   className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>   className="org.apache.catalina.tribes.transport.nio.PooledParallelSender" />
>  
>address="hostnameA"
>  autoBind="0"
>  className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>  maxThreads="6"
>  port="4100"
>  selectorTimeout="5000"
>  />
>  
>   className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor" 
> staticOnly="true"/>
>   className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector" 
> />
>   className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor">
>
> className="org.apache.catalina.tribes.membership.StaticMember"
> port="4100"
>  host="HostnameB"
>  uniqueId="{0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1}"
>  />
>  tempDir="/opt/tomcat/war-temp/"
>   deployDir="/opt/tomcat/war-deploy/"
>  watchDir="/opt/tomcat/war-listen/"
>  watchEnabled="true"/>
> 
>  
>   className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"
>  />
>  
>   
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 9 Session replication

[Alan F]

We are currently getting traffic from all cluster members in other environments 
using .staticmember opposed to multicast can I confirm why this is see below.

What do we need to set here for a clustered pair to make them unique and talk 
to eachother only without seeing traffic from other members in Catalina.out

This is how they are currently configured as you can see only difference 
between nodes is the receiver and member ips are reversed. Im concerned 
uniqueID is the same, do we also need to specify domain? 

WE have hostname A and B if you could check below:

HOSTNAME A config




  












  

RE: Tomcat jdbc connections

[Alan F]

Hi Chris,

Thankyou so much for your time and detail here. I had been working on this 
yesterday and posted my findings below. In the end It turned out to be my lack 
of understanding on Tomcat, but hey we are always learning! 


I would just like to update on my discovery of the issue I had with Tomcat 
resetting connections to DB. Main issue being lack of familiarity of parameters 
and how connection pooling worked. 

One thing I was unable to see without using a DBA admin was the connections 
resetting, no level of logging in Tomcat seemed to reveal this, and in the end 
I used a simple netstat query to check connections. 

watch -n1 "netstat -ant | grep ':1521.*ESTABLISHED' | nl | tail -n20  (last 
number depends on how many connections to monitor.)

Obvs local ports will change outgoing therefore highlighting a new connection 
when these change. 

Once I had this I was able to tinker with current settings until I discovered 
the issue. Which in reality wasn't an issue per se its just that I discovered a 
non live Tomcat was behaving differently with pooled connections over a live 
host! 

Just to Recap

Symptom:
Tomcat closing DBCP pooled connections  to Database every 60 seconds 

Cause:
Tomcat was idle, therefore the configuration param was causing idle connections 
to be reset the period specified below (60 secs)

timeBetweenEvictionRunsMillis=6 

Resolution:
The behaviour above is by design, a busy server will be less likely to trigger 
this due to connections being used! 



-Original Message-
From: Christopher Schultz  
Sent: 24 January 2022 22:42
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections

Alan,

On 1/23/22 09:17, Alan F wrote:
> Can I just follow up here what would be the next steps how would I go 
> about capturing the root cause of these very short connection times to 
> Oracle from Tomcat.

Honestly, I would want to know what query or queries are being run by these 
short-lived connections. Something tells me that if you are able to audit those 
queries, you'll immediately know what's going on.

SELECT * FROM query_details WHERE connection_id='deadbeef'

user   | start_time | end_time | query
zabbix | 12:00:00   | 12:00:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:01:00   | 12:01:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:02:00   | 12:02:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:03:00   | 12:03:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:04:00   | 12:04:00 | SELECT COUNT(*) FROM some_queue
zabbix | 12:05:00   | 12:05:00 | SELECT COUNT(*) FROM some_queue

/me says "Oh, right. We have monitoring."

> Would it be along the lines of Wireshark or TCP dump to see what's 
> occurring as I gather this won't be captured in tomcat logging via 
> Catalina.out? Or can it be.
I would only resort to reading TCP dumps if all else fails. Why?

1. TCP dumps are large and "expensive"
2. You are encrypting connections to your database... right?!

Knowing the nature of the queries will help. If you see no queries being 
executed, then no TCP dump will help you because you won't be able to prove 
what component is making those connection anyway (unless dbcp2 pushes some 
environmental information over to Oracle whenever it makes a connection like 
"I'm connecting to Oracle on behalf of application X on Tomcat, but I'm not 
going to execute any queries mmm'kay"). I don't think dbcp does that kind of 
thing, so you'd have to crank-up the logging level on that application and/or 
Tomcat instance to see what's happening with the connection pool.

Hope that helps,
-chris

> -Original Message-
> From: Phil Steitz 
> Sent: 21 January 2022 17:50
> To: users@tomcat.apache.org
> Subject: Re: Tomcat jdbc connections
> 
> 
> 
> On 1/21/22 9:28 AM, Alan F wrote:
>> Ok thanks Phil ok I checked other connections in the same host and see 
>> minIdle="2" and initialSize="7"
>>
>> Ive run a diff on this server.xml between our active prod hosts which shows 
>> connections on Toad up for at least a day as to this idle server 
>> reconnecting after minutes!  And diff is identical apart from Cluster ips.
> Most likely culprit is network or other issue causing validations to fail.  
> With testWhileIdle on, idle connections in the pool will be tested when 
> visited and closed if validation fails.
> 
> Phil
>>
>>
>>
>>
>> -----Original Message-
>> From: Phil Steitz 
>> Sent: 21 January 2022 16:10
>> To: users@tomcat.apache.org
>> Subject: Re: Tomcat jdbc connections
>>
>>
>>
>> On 1/21/22 8:19 AM, Alan F wrote:
>>> Thanks John,
>>>
>>> Here is an example of a connection below I see 
>>> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the 
>>> server has no traffic does this 

RE: Tomcat jdbc connections

[Alan F]

Can I just follow up here what would be the next steps how would I go about 
capturing the root cause of these very short connection times to Oracle from 
Tomcat. 
Would it be along the lines of Wireshark or TCP dump to see what's occurring as 
I gather this won't be captured in tomcat logging via Catalina.out? Or can it 
be. 



-Original Message-
From: Phil Steitz  
Sent: 21 January 2022 17:50
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections



On 1/21/22 9:28 AM, Alan F wrote:
> Ok thanks Phil ok I checked other connections in the same host and see 
> minIdle="2" and initialSize="7"
>
> Ive run a diff on this server.xml between our active prod hosts which shows 
> connections on Toad up for at least a day as to this idle server reconnecting 
> after minutes!  And diff is identical apart from Cluster ips.
Most likely culprit is network or other issue causing validations to fail.  
With testWhileIdle on, idle connections in the pool will be tested when visited 
and closed if validation fails.

Phil
>
>
>
>
> -Original Message-
> From: Phil Steitz 
> Sent: 21 January 2022 16:10
> To: users@tomcat.apache.org
> Subject: Re: Tomcat jdbc connections
>
>
>
> On 1/21/22 8:19 AM, Alan F wrote:
>> Thanks John,
>>
>> Here is an example of a connection below I see 
>> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the 
>> server has no traffic does this mean
>>
>> > timeBetweenEvictionRunsMillis="6" testWhileIdle="true" 
>> testOnReturn="false"
>> testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" 
>> defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" 
>> maxIdle="5"
>> url="jdbc:oracle:thin:@XXX:X:" username="XXX"
>> password=""  driverClassName="oracle.jdbc.OracleDriver" />
>>
>>
>> So above does that mean every 60 secs Eviction runs, does this mean a server 
>> with no traffic evicts unused connections to DB?
> One more note on this config.  Since you have not specified minIIdle or 
> initialSize, the pool will not create connections until they are requested by 
> clients.
>
> Phil
>>
>> -Original Message-
>> From: john.e.gr...@wellsfargo.com.INVALID
>> 
>> Sent: 21 January 2022 14:50
>> To: users@tomcat.apache.org
>> Subject: RE: Tomcat jdbc connections
>>
>> Alan,
>>
>>
>>> -Original Message-
>>> From: Alan F 
>>> Sent: Friday, January 21, 2022 6:53 AM
>>> To: Tomcat Users List 
>>> Subject: RE: Tomcat jdbc connections
>>>
>>> Hi Christopher
>>>
>>> Thanks for your time here.
>>>
>>> You mean like, a connection is made, no queries are executed, and 
>>> then the connection is terminated?
>>> - ANSWER -  DBAs are saying connections last a minute or so and are 
>>> replaced by a new set of connections 1 session each pool.
>>>
>>>
>>> Presumably, you have an application running on Tomcat with a JDBC 
>>> connection configured. Are you using Tomcat's built-in pooling, or 
>>> is your application managing its own pooling/connections?
>>> - ANSWER we are using dbcp2
>>>
>>>
>>> Do you have any background tasks (in the JVM) that will run even 
>>> when there is no user activity? Cache-management? Lazy-writes?
>>> - ANSWER I don't think so.
>>>
>>>
>>> Are you using Tomcat's clustering? Are you using a database-backed 
>>> session management or any kind? -
>>> - ANSWER YES clustered B node down, A node up this Tomcat node is 
>>> not live or receiving any traffic currently in test.
>>>
>>>
>>> Are the connections definitely being made from the application 
>>> itself and/or Tomcat? Or do you just see those connections coming 
>>> from the IP where the application is running? - ANSWER im assuming 
>>> according to server.xml they are utlising these declared connections via 
>>> Tomcat.
>>>
>>>
>>> Do you have any background tasks (outside the JVM) that will run 
>>> even when there are no user actions? For example, some monitoring 
>>> system that pings the server to say "can you reach the database?" - 
>>> ANSWER NO
>>>
>>>
>>> O
>>>
>> Could your pool be closing the connections after a set time?  Look at 
>> timeBetweenEvict

RE: Tomcat jdbc connections

[Alan F]

Thanks for your input Phil! Arghh will keep looking.

-Original Message-
From: Phil Steitz  
Sent: 21 January 2022 17:50
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections



On 1/21/22 9:28 AM, Alan F wrote:
> Ok thanks Phil ok I checked other connections in the same host and see 
> minIdle="2" and initialSize="7"
>
> Ive run a diff on this server.xml between our active prod hosts which shows 
> connections on Toad up for at least a day as to this idle server reconnecting 
> after minutes!  And diff is identical apart from Cluster ips.
Most likely culprit is network or other issue causing validations to fail.  
With testWhileIdle on, idle connections in the pool will be tested when visited 
and closed if validation fails.

Phil
>
>
>
>
> -Original Message-
> From: Phil Steitz 
> Sent: 21 January 2022 16:10
> To: users@tomcat.apache.org
> Subject: Re: Tomcat jdbc connections
>
>
>
> On 1/21/22 8:19 AM, Alan F wrote:
>> Thanks John,
>>
>> Here is an example of a connection below I see 
>> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the 
>> server has no traffic does this mean
>>
>> > timeBetweenEvictionRunsMillis="6" testWhileIdle="true" 
>> testOnReturn="false"
>> testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" 
>> defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" 
>> maxIdle="5"
>> url="jdbc:oracle:thin:@XXX:X:" username="XXX"
>> password=""  driverClassName="oracle.jdbc.OracleDriver" />
>>
>>
>> So above does that mean every 60 secs Eviction runs, does this mean a server 
>> with no traffic evicts unused connections to DB?
> One more note on this config.  Since you have not specified minIIdle or 
> initialSize, the pool will not create connections until they are requested by 
> clients.
>
> Phil
>>
>> -Original Message-
>> From: john.e.gr...@wellsfargo.com.INVALID
>> 
>> Sent: 21 January 2022 14:50
>> To: users@tomcat.apache.org
>> Subject: RE: Tomcat jdbc connections
>>
>> Alan,
>>
>>
>>> -Original Message-
>>> From: Alan F 
>>> Sent: Friday, January 21, 2022 6:53 AM
>>> To: Tomcat Users List 
>>> Subject: RE: Tomcat jdbc connections
>>>
>>> Hi Christopher
>>>
>>> Thanks for your time here.
>>>
>>> You mean like, a connection is made, no queries are executed, and 
>>> then the connection is terminated?
>>> - ANSWER -  DBAs are saying connections last a minute or so and are 
>>> replaced by a new set of connections 1 session each pool.
>>>
>>>
>>> Presumably, you have an application running on Tomcat with a JDBC 
>>> connection configured. Are you using Tomcat's built-in pooling, or 
>>> is your application managing its own pooling/connections?
>>> - ANSWER we are using dbcp2
>>>
>>>
>>> Do you have any background tasks (in the JVM) that will run even 
>>> when there is no user activity? Cache-management? Lazy-writes?
>>> - ANSWER I don't think so.
>>>
>>>
>>> Are you using Tomcat's clustering? Are you using a database-backed 
>>> session management or any kind? -
>>> - ANSWER YES clustered B node down, A node up this Tomcat node is 
>>> not live or receiving any traffic currently in test.
>>>
>>>
>>> Are the connections definitely being made from the application 
>>> itself and/or Tomcat? Or do you just see those connections coming 
>>> from the IP where the application is running? - ANSWER im assuming 
>>> according to server.xml they are utlising these declared connections via 
>>> Tomcat.
>>>
>>>
>>> Do you have any background tasks (outside the JVM) that will run 
>>> even when there are no user actions? For example, some monitoring 
>>> system that pings the server to say "can you reach the database?" - 
>>> ANSWER NO
>>>
>>>
>>> O
>>>
>> Could your pool be closing the connections after a set time?  Look at 
>> timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here:
>>
>> https://commons.apache.org/proper/commons-dbcp/configuration.html
>> B CB  
>> [  X  ܚX KK[XZ[
>>\ \  ][  X  ܚX P X ]
>>\X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
>>\ \  Z[ X ]
>>\X K ܙ B
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat jdbc connections

[Alan F]

Ok thanks Phil ok I checked other connections in the same host and see 
minIdle="2" and initialSize="7" 

Ive run a diff on this server.xml between our active prod hosts which shows 
connections on Toad up for at least a day as to this idle server reconnecting 
after minutes!  And diff is identical apart from Cluster ips. 




-Original Message-
From: Phil Steitz  
Sent: 21 January 2022 16:10
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections



On 1/21/22 8:19 AM, Alan F wrote:
> Thanks John,
>
> Here is an example of a connection below I see 
> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the 
> server has no traffic does this mean
>
>  timeBetweenEvictionRunsMillis="6" testWhileIdle="true" 
> testOnReturn="false"
> testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" 
> defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" 
> maxIdle="5"
> url="jdbc:oracle:thin:@XXX:X:" username="XXX" 
> password=""  driverClassName="oracle.jdbc.OracleDriver" />
>
>
> So above does that mean every 60 secs Eviction runs, does this mean a server 
> with no traffic evicts unused connections to DB?

One more note on this config.  Since you have not specified minIIdle or 
initialSize, the pool will not create connections until they are requested by 
clients.

Phil
>
>
> -Original Message-
> From: john.e.gr...@wellsfargo.com.INVALID 
> 
> Sent: 21 January 2022 14:50
> To: users@tomcat.apache.org
> Subject: RE: Tomcat jdbc connections
>
> Alan,
>
>
>> -Original Message-
>> From: Alan F 
>> Sent: Friday, January 21, 2022 6:53 AM
>> To: Tomcat Users List 
>> Subject: RE: Tomcat jdbc connections
>>
>> Hi Christopher
>>
>> Thanks for your time here.
>>
>> You mean like, a connection is made, no queries are executed, and 
>> then the connection is terminated?
>> - ANSWER -  DBAs are saying connections last a minute or so and are 
>> replaced by a new set of connections 1 session each pool.
>>
>>
>> Presumably, you have an application running on Tomcat with a JDBC 
>> connection configured. Are you using Tomcat's built-in pooling, or is 
>> your application managing its own pooling/connections?
>> - ANSWER we are using dbcp2
>>
>>
>> Do you have any background tasks (in the JVM) that will run even when 
>> there is no user activity? Cache-management? Lazy-writes?
>> - ANSWER I don't think so.
>>
>>
>> Are you using Tomcat's clustering? Are you using a database-backed 
>> session management or any kind? -
>> - ANSWER YES clustered B node down, A node up this Tomcat node is not 
>> live or receiving any traffic currently in test.
>>
>>
>> Are the connections definitely being made from the application itself 
>> and/or Tomcat? Or do you just see those connections coming from the 
>> IP where the application is running? - ANSWER im assuming according 
>> to server.xml they are utlising these declared connections via Tomcat.
>>
>>
>> Do you have any background tasks (outside the JVM) that will run even 
>> when there are no user actions? For example, some monitoring system 
>> that pings the server to say "can you reach the database?" - ANSWER 
>> NO
>>
>>
>> O
>>
> Could your pool be closing the connections after a set time?  Look at 
> timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here:
>
> https://commons.apache.org/proper/commons-dbcp/configuration.html
> B CB  
> [  X  ܚX KK[XZ[
>   \ \  ][  X  ܚX P X ]
>   \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
>   \ \  Z[ X ]
>   \X K ܙ B
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat jdbc connections

[Alan F]

Thanks John,

Here is an example of a connection below I see timeBetweenEvictionRunsMillis 
but not maxConnLifetimeMillis if the server has no traffic does this mean 




So above does that mean every 60 secs Eviction runs, does this mean a server 
with no traffic evicts unused connections to DB?


-Original Message-
From: john.e.gr...@wellsfargo.com.INVALID  
Sent: 21 January 2022 14:50
To: users@tomcat.apache.org
Subject: RE: Tomcat jdbc connections

Alan,


> -Original Message-
> From: Alan F 
> Sent: Friday, January 21, 2022 6:53 AM
> To: Tomcat Users List 
> Subject: RE: Tomcat jdbc connections
> 
> Hi Christopher
> 
> Thanks for your time here.
> 
> You mean like, a connection is made, no queries are executed, and then 
> the connection is terminated?
> - ANSWER -  DBAs are saying connections last a minute or so and are 
> replaced by a new set of connections 1 session each pool.
> 
> 
> Presumably, you have an application running on Tomcat with a JDBC 
> connection configured. Are you using Tomcat's built-in pooling, or is 
> your application managing its own pooling/connections?
> - ANSWER we are using dbcp2
> 
> 
> Do you have any background tasks (in the JVM) that will run even when 
> there is no user activity? Cache-management? Lazy-writes?
> - ANSWER I don't think so.
> 
> 
> Are you using Tomcat's clustering? Are you using a database-backed 
> session management or any kind? -
> - ANSWER YES clustered B node down, A node up this Tomcat node is not 
> live or receiving any traffic currently in test.
> 
> 
> Are the connections definitely being made from the application itself 
> and/or Tomcat? Or do you just see those connections coming from the IP 
> where the application is running? - ANSWER im assuming according to 
> server.xml they are utlising these declared connections via Tomcat.
> 
> 
> Do you have any background tasks (outside the JVM) that will run even 
> when there are no user actions? For example, some monitoring system 
> that pings the server to say "can you reach the database?" - ANSWER NO
> 
> 
> O
> 

Could your pool be closing the connections after a set time?  Look at 
timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here:

https://commons.apache.org/proper/commons-dbcp/configuration.html
B CB  [  
X  ܚX KK[XZ[
 \ \  ][  X  ܚX P X ]
 \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \  Z[ X ]
 \X K ܙ B 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat jdbc connections

[Alan F]

Hi Christopher

Thanks for your time here.

You mean like, a connection is made, no queries are executed, and then the 
connection is terminated? 
- ANSWER -  DBAs are saying connections last a minute or so and are replaced by 
a new set of connections 1 session each pool. 


Presumably, you have an application running on Tomcat with a JDBC connection 
configured. Are you using Tomcat's built-in pooling, or is your application 
managing its own pooling/connections? 
- ANSWER we are using dbcp2 


Do you have any background tasks (in the JVM) that will run even when there is 
no user activity? Cache-management? Lazy-writes? 
- ANSWER I don't think so. 


Are you using Tomcat's clustering? Are you using a database-backed session 
management or any kind? -  
- ANSWER YES clustered B node down, A node up this Tomcat node is not live or 
receiving any traffic currently in test.


Are the connections definitely being made from the application itself and/or 
Tomcat? Or do you just see those connections coming from the IP where the 
application is running? - ANSWER im assuming according to server.xml they are 
utlising these declared connections via Tomcat. 


Do you have any background tasks (outside the JVM) that will run even when 
there are no user actions? For example, some monitoring system that pings the 
server to say "can you reach the database?" - ANSWER NO


O

-Original Message-
From: Christopher Schultz  
Sent: 20 January 2022 17:34
To: users@tomcat.apache.org
Subject: Re: Tomcat jdbc connections

Alan,

On 1/20/22 09:33, Alan F wrote:
> I have an issue with connections on Tomcat9 Oracle showing connections 
> made for about 2seconds then dropped again. Is this normal when the 
> server is not being used?
You mean like, a connection is made, no queries are executed, and then the 
connection is terminated?

Presumably, you have an application running on Tomcat with a JDBC connection 
configured. Are you using Tomcat's built-in pooling, or is your application 
managing its own pooling/connections?

Do you have any background tasks (in the JVM) that will run even when there is 
no user activity? Cache-management? Lazy-writes?

Are you using Tomcat's clustering? Are you using a database-backed session 
management or any kind?

Are the connections definitely being made from the application itself and/or 
Tomcat? Or do you just see those connections coming from the IP where the 
application is running?

Do you have any background tasks (outside the JVM) that will run even when 
there are no user actions? For example, some monitoring system that pings the 
server to say "can you reach the database?"

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat jdbc connections

[Alan F]

I have an issue with connections on Tomcat9 Oracle showing connections made for 
about 2seconds then dropped again. Is this normal when the server is not being 
used?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 9 Encrpytion of JDBC

[Alan F]

OK thanks Bill! 

-Original Message-
From: Bill Stewart  
Sent: 14 January 2022 19:02
To: Tomcat Users List 
Subject: Re: Tomcat 9 Encrpytion of JDBC

On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote:


> Interested to know your best practices on securing jdbc plain text 
> passwords, in my last place they used a mechanism to encrypt all passwords.
> Is this the best method as I read some people don't recommend this. 
> Any details or procs on best practice appreciated.
>

The "best practice," generally speaking, is that doing so is basically 
pointless from a security perspective.

https://cwiki.apache.org/confluence/display/TOMCAT/Password

Bill

Tomcat 9 Encrpytion of JDBC

[Alan F]

All,

Interested to know your best practices on securing jdbc plain text passwords, 
in my last place they used a mechanism to encrypt all passwords. Is this the 
best method as I read some people don't recommend this. Any details or procs on 
best practice appreciated.

Thanks

Ken

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat Unable to Read JNDI xml file

[Alan Tham]

I have just created a JNDI file for the spring boot application to read in the 
db info





But I have this error during startup:

java.util.InvalidPropertiesFormatException: org.xml.sax.SAXParseException; 
lineNumber: 2; columnNumber: 53; Document root element "Context", must match 
DOCTYPE root "null".

I think there is something wrong with the DOCTYPE. How should I specify it?

Please help. Thanks.

Alan
CONFIDENTIALITY CAUTION: This message is intended only for the use of the 
individual or entity to whom it is addressed and is privileged and 
confidential. If you are not the intended recipient, please notify us 
immediately by return e-mail, delete this message and you should not 
disseminate, distribute or copy any information contained herein.

tomcat session timeout with clustering

[Alan Jechort]

We just enabled clustering for our 3 tomcat servers, and now the sessions 
aren’t expiring. The TTL is negative and the inactive time is very high. We 
have this set as the default of 30 minutes.
We are using Tomcat 7.0.51.
Any ideas?

Thanks

Alan

JNDI Feedback

[alan . farroll]

Hello,

Running Tomcat 7.0.29 on Windows XP Professional Service Pack 3

I have been handed a project developed by a former colleague and I am 
still learning Java and Tomcat.

The project has 4 JNDI's set up, 2 Oracle and 2 SQL Server with validation 
queries set up for the Oracle databases.  I want to set up validation 
queries on the JNDI's for SQL server and also have the JNDI provide 
feedback to the Java application if the database is down.

Can you advise how to do this please?  If not possible, then what is an 
alternative?

Thank you in advance for any assistance.

Regards

Alan Farroll
Analyst Programmer
Finance and Corporate Services
Renfrewshire House
Cotton Street
Paisley
PA1 1HY

0141 618 7961
alan.farr...@renfrewshire.gov.uk
www.renfrewshire.gov.uk

**

Renfrewshire Council Website - http://www.renfrewshire.gov.uk

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they  are addressed. If 
you have received this email in error please notify the system manager.

Renfrewshire Council may, in accordance with  the Telecommunications(Lawful 
Business Practice) (Interception of Communications) Regulations 2000, intercept 
e-mail messages for the purpose of monitoring or keeping a record of 
communications on the Council's system. If a message contains inappropriate 
dialogue it will automatically be intercepted by the Council's Internal Audit 
section who will decide whether or not the e-mail should be onwardly 
transmitted to the intended recipient(s).

This footnote also confirms that this email message has been swept by Sophos 
for the presence of computer viruses.

**

Re: JNDI Feedback

[alan . farroll]

Hi,

As requested, the resource tags from the Context file.  Although I was 
asked by my boss to change password value to password and username value 
to username.

Resource auth=Container 
driverClassName=oracle.jdbc.driver.OracleDriver 
factory=org.moss.jdj.dbcp.EncryptedDataSourceFactory maxActive=100 
maxIdle=30 maxWait=1 name=jdbc/authentication 
password=password type=javax.sql.DataSource 
url=jdbc:oracle:thin:@swtest:1523:TRNG username=username 
validationQuery=select 1 from dual /

Resource auth=Container 
driverClassName=oracle.jdbc.driver.OracleDriver 
factory=org.moss.jdj.dbcp.EncryptedDataSourceFactory maxActive=100 
maxIdle=30 maxWait=1 name=jdbc/swift password=password 
type=javax.sql.DataSource url=jdbc:oracle:thin:@swtest:1523:TRNG 
username=username validationQuery=select 1 from dual /

Resource auth=Container 
driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver 
factory=org.moss.jdj.dbcp.EncryptedDataSourceFactory maxActive=100 
maxIdle=30 maxWait=1 name=jdbc/edrms password=password 
type=javax.sql.DataSource 
url=jdbc:sqlserver://hqdcsqlc2\ngedm:2369;databaseName=ImagesTrainDM 
username=username /

Resource auth=Container 
driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver 
maxActive=100 maxIdle=30 maxWait=1 name=jdbc/audit 
password=password type=javax.sql.DataSource 
url=jdbc:sqlserver://egovsql2005\p40010:1433;databaseName=AuditDEV 
username=username /


Thank you

Regards

Alan Farroll
Analyst Programmer
Finance and Corporate Services
Renfrewshire House
Cotton Street
Paisley
PA1 1HY

0141 618 7961
alan.farr...@renfrewshire.gov.uk
www.renfrewshire.gov.uk



From:   Daniel Mikusa dmik...@vmware.com
To: Tomcat Users List users@tomcat.apache.org
Date:   29/01/2013 17:06
Subject:Re: JNDI Feedback



On Jan 29, 2013, at 11:54 AM, alan.farr...@renfrewshire.gov.uk wrote:

 Hello,
 
 Running Tomcat 7.0.29 on Windows XP Professional Service Pack 3
 
 I have been handed a project developed by a former colleague and I am 
 still learning Java and Tomcat.
 
 The project has 4 JNDI's set up, 2 Oracle and 2 SQL Server with 
validation 
 queries set up for the Oracle databases. 

Please include the configuration for your data sources.  The Resource/ 
tag, minus passwords should be sufficient.

Dan

 I want to set up validation 
 queries on the JNDI's for SQL server and also have the JNDI provide 
 feedback to the Java application if the database is down.
 
 Can you advise how to do this please?  If not possible, then what is an 
 alternative?
 
 Thank you in advance for any assistance.
 
 Regards
 
 Alan Farroll
 Analyst Programmer
 Finance and Corporate Services
 Renfrewshire House
 Cotton Street
 Paisley
 PA1 1HY
 
 0141 618 7961
 alan.farr...@renfrewshire.gov.uk
 www.renfrewshire.gov.uk
 
 **
 
 Renfrewshire Council Website - http://www.renfrewshire.gov.uk
 
 This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they  are 
addressed. If you have received this email in error please notify the 
system manager.
 
 Renfrewshire Council may, in accordance with  the 
Telecommunications(Lawful Business Practice) (Interception of 
Communications) Regulations 2000, intercept e-mail messages for the 
purpose of monitoring or keeping a record of communications on the 
Council's system. If a message contains inappropriate dialogue it will 
automatically be intercepted by the Council's Internal Audit section who 
will decide whether or not the e-mail should be onwardly transmitted to 
the intended recipient(s).
 
 This footnote also confirms that this email message has been swept by 
Sophos for the presence of computer viruses.
 
 **
 
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




**

Renfrewshire Council Website - http://www.renfrewshire.gov.uk

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they  are addressed. If 
you have received this email in error please notify the system manager.

Renfrewshire Council may, in accordance with  the Telecommunications(Lawful 
Business Practice) (Interception of Communications) Regulations 2000, intercept 
e-mail messages for the purpose of monitoring or keeping a record of 
communications on the Council's system. If a message contains inappropriate 
dialogue it will automatically be intercepted by the Council's Internal Audit 
section who will decide whether or not the e-mail should be onwardly 
transmitted to the intended recipient(s).

This footnote also confirms that this email message has been swept by Sophos

Re: JNDI Feedback

[alan . farroll]

Hi,

Thanks for feedback.  If a SQLException can be returned then I could 
probably use that in the Java application to determine if an exception 
occurred.  Can you provide any guidance?

Thank you

Regards

Alan Farroll
Analyst Programmer
Finance and Corporate Services
Renfrewshire House
Cotton Street
Paisley
PA1 1HY

0141 618 7961
alan.farr...@renfrewshire.gov.uk
www.renfrewshire.gov.uk



From:   Christopher Schultz ch...@christopherschultz.net
To: Tomcat Users List users@tomcat.apache.org
Date:   29/01/2013 17:11
Subject:Re: JNDI Feedback



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alan,

On 1/29/13 11:54 AM, alan.farr...@renfrewshire.gov.uk wrote:
 Running Tomcat 7.0.29 on Windows XP Professional Service Pack 3

Ready for a Microsoft upgrade cycle? The clock is ticking...

 I have been handed a project developed by a former colleague and I
 am still learning Java and Tomcat.

Welcome to the community!

 The project has 4 JNDI's set up

Nomenclature nit: that's has 4 JNDI /resources/. JNDI itself is just
a directory interface where you stash stuff.

 2 Oracle and 2 SQL Server with validation queries set up for the
 Oracle databases.  I want to set up validation queries on the
 JNDI's for SQL server and also have the JNDI provide feedback to
 the Java application if the database is down.

The only feedback you are going to get is (eventual) SQLExceptions.

 Can you advise how to do this please?  If not possible, then what
 is an alternative?

Obviously, you can set up a validationQuery in the 2 MS SQL Server
resources by just adding an appropriate query (e.g. SELECT 1 FROM
DUAL or whatever is appropriate in MS SQL Server) to the Resource
attributes.

Were you hoping to get some other behavior than just what
validationQuery already provides?

FYI if you are using Tomcat's default connection pool, then you are
using Apache commons-dbcp, whose configuration guide can be found
here: http://commons.apache.org/dbcp/configuration.html

That will explain all the configuration attributes you can use (right
in the XML) and what they all do.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlEIAq0ACgkQ9CaO5/Lv0PBwvgCfd/QXbOkTEsCA4+dVG3GkhcYu
dOQAn0lAOIdxaok55TJCE5pu7jb+aR4t
=izRU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




**

Renfrewshire Council Website - http://www.renfrewshire.gov.uk

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they  are addressed. If 
you have received this email in error please notify the system manager.

Renfrewshire Council may, in accordance with  the Telecommunications(Lawful 
Business Practice) (Interception of Communications) Regulations 2000, intercept 
e-mail messages for the purpose of monitoring or keeping a record of 
communications on the Council's system. If a message contains inappropriate 
dialogue it will automatically be intercepted by the Council's Internal Audit 
section who will decide whether or not the e-mail should be onwardly 
transmitted to the intended recipient(s).

This footnote also confirms that this email message has been swept by Sophos 
for the presence of computer viruses.

**

Problems trying to disable log rotation within Tomcat 6

[Alan Worstell]

Hello,
I'm using Tomcat 6.0.24-2ubuntu1.10 on Ubuntu 10.04.4 and I am trying to 
disable datestamping and rotation of log files within Tomcat so I can 
use logrotate for everything.

I have added these lines to /etc/tomcat6/logging.properties:
1catalina.org.apache.juli.FileHandler.rotatable = false
2localhost.org.apache.juli.FileHandler.rotatable = false

From what I have read, this will set those files to be written as 
prefix.suffix, rather than prefix.date.suffix as it does by default. 
However, when I reload Tomcat after setting this, it is creating:

catalina.2013-01-23.log
localhost.2013-01-23.log

Any assistance would be greatly appreciated.

Thanks,

--
Alan Worstell
A1 Networks - Systems Administrator
VTSP, dCAA, LPIC-1, Linux+, CLA, DCTS
(707)570-2021 x204
For support issues please email supp...@a-1networks.com or call 707-703-1050


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about config and correct start-up

[Alan Findly]

That context statement is not correct syntax
should be: privileged=true/

...
On 1/14/2013 1:29 PM, Alan Findly wrote:

Mark:
  Thanks for your quick response.  Here are the items  issues:

OKgot the servlet mapping uncommented.

About the context the priviledged attribute must be added to the 
context.xml file, as the documentation says, and, yes, I am reading 
the instructions in


http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html

but the instructions are vague--non-specific for individual attributes.
Should it be stated this way, in the context file:

privilegedtrue/privileged:

It could be thus:

privileged=true/privileged

or, should it be this way:

privileged=true

I'll wait for your reply, but I believe it's the latter.

My testing is with tried  proven code, using the post 
methodscripts that have already worked on other servers.

...

On 1/14/2013 12:30 AM, Mark Thomas wrote:

On 14/01/2013 03:52, Alan Findly wrote:

Forgot to mention version of tomcat .7.0.34 . on WindowsXP


 Original Message 
Subject: Question about config and correct start-up
Date: Sun, 13 Jan 2013 19:52:55 -0700
From: Alan Findly afin...@ronan.net
To: users@tomcat.apache.org



Dear Tomcat user's group:
I'm having a problem getting cgi to work.

snip/

   I've followed all the config instructions for setting it up,
including editing the conf\web.xml file to make the cgi servlet
functional, which just involves removing comment signs from around the
servlet.

You need to remove the comments around the servlet mapping as well.


   Done.  So, what should happen is that when I call a perl script from
html it should fire up  go.

That depends on how you are calling a perl script from html.

   But  still no workey  so digging further I noticed the 
config

document which is a README.xml 
I don't recall any file of that name. What is its exact path on your 
system?



makes a vague reference to having
the correct context for cgi, but seemingly no other dataI'm
missing something??

Have you read the docs?
http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html

You need to mark your context as privileged.


   I've made an assumption that since I'm the only user on my PC that I
do not have to register me in the Tomcat-users.xml  since the
role of manager-gui does not seem to apply to cgi.
Correct, assuming the resources are not protected by security 
constraints.


Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about config and correct start-up

[Alan Findly]

The recommended context ELEMENT caused the following warning:

Jan 16, 2013 9:10:37 AM org.apache.tomcat.util.digester.Digester endElement
WARNING:   No rules found matching 'Context/Context'.

So I changed the ELEMENT to this --as below--
and voila . the warning went away.

My thread seems out of context(no pun intended) because I made the 
unwarranted assumption that the original thread would be included in 
every reply  comment.as it should beotherwise I have to 
re-iterate the problem, ie. thread...every time.


The problem I'm trying to solve is making tomcat do cgi, and the 
Apache.tomcat documentation says to do basically 3 tasks: (1) Uncomment 
the cgi servlet in the conf/web.xm file.  (2) In same file uncomment the 
cgi servlet mappingl.  (3)  Add the context ELEMENT to the context.xml 
file.


So, now, as already covered in the previous parts of this problem's 
thread, the cgi functionality is still not working--at least not for 
perl--cgi files, which are all I've tested since this is my focus.


Question; do I need a Tomcat/lib/servlet-cgi.jar file?  Previous 
versions did -- well, version 5.  I am working with version 7.0.34 and 
there is no such jar file in the downloaded tar.  Now the servlet in 
conf/web.xml could be it instead of a jar file. However, what has me 
questioning -- there is also an api servlet in conf/web.xml--as well as 
a lib/servlet-api.jar file.


I'm thinking now that the REAL problem is Windows XP.always been a 
dogI think it has something missing to purposely lock out cgi. I'm 
thinking i should just throw it away  migrate to a Linux box.


Thanks Mark and Chuck for your help, and I'm still listening if someone 
has a current Tomcat-for-WindowsXP solution.


Peace,
Alan

..

On 1/16/2013 4:27 PM, Caldarale, Charles R wrote:

From: Alan Findly [mailto:afin...@ronan.net]
Subject: Re: Question about config and correct start-up
That context statement is not correct syntax
should be: privileged=true/

Thank you for providing a clear example of why top-posting is evil: no one has any 
idea which of the several Context elements (they're not statements) in the 
message you are referring to.

In any event, the angle brackets should not be present in Context attributes; this 
is standard XML syntax.  The Context element should look like this:

Context privileged=true
   ...
/Context

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about config and correct start-up

[Alan Findly]

Mark:
  Thanks for your quick response.  Here are the items  issues:

OKgot the servlet mapping uncommented.

About the context the priviledged attribute must be added to the 
context.xml file, as the documentation says, and, yes, I am reading the 
instructions in


http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html

but the instructions are vague--non-specific for individual attributes.
Should it be stated this way, in the context file:

privilegedtrue/privileged:

It could be thus:

privileged=true/privileged

or, should it be this way:

privileged=true

I'll wait for your reply, but I believe it's the latter.

My testing is with tried  proven code, using the post methodscripts 
that have already worked on other servers.

...

On 1/14/2013 12:30 AM, Mark Thomas wrote:

On 14/01/2013 03:52, Alan Findly wrote:

Forgot to mention version of tomcat .7.0.34 . on WindowsXP


 Original Message 
Subject: Question about config and correct start-up
Date: Sun, 13 Jan 2013 19:52:55 -0700
From: Alan Findly afin...@ronan.net
To: users@tomcat.apache.org



Dear Tomcat user's group:
I'm having a problem getting cgi to work.

snip/

   I've followed all the config instructions for setting it up,
including editing the conf\web.xml file to make the cgi servlet
functional, which just involves removing comment signs from around the
servlet.

You need to remove the comments around the servlet mapping as well.


   Done.  So, what should happen is that when I call a perl script from
html it should fire up  go.

That depends on how you are calling a perl script from html.


   But  still no workey  so digging further I noticed the config
document which is a README.xml 

I don't recall any file of that name. What is its exact path on your system?


makes a vague reference to having
the correct context for cgi, but seemingly no other dataI'm
missing something??

Have you read the docs?
http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html

You need to mark your context as privileged.


   I've made an assumption that since I'm the only user on my PC that I
do not have to register me in the Tomcat-users.xml  since the
role of manager-gui does not seem to apply to cgi.

Correct, assuming the resources are not protected by security constraints.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question about config and correct start-up

[Alan Findly]

Dear Tomcat user's group:
   I'm having a problem getting cgi to work.  I have Tomcat 
installed--used the installer from download page.  It's working fine for 
java, but I need the web server for my cgi project  running  testing 
perl from html locally on my PC...yea Windows env...ah, well...anyway my 
goal is to develop Perl stuff locally before uploading to regular server.
  I've followed all the config instructions for setting it up, 
including editing the conf\web.xml file to make the cgi servlet 
functional, which just involves removing comment signs from around the 
servlet.
  Done.  So, what should happen is that when I call a perl script from 
html it should fire up  go.
  But  still no workey  so digging further I noticed the config 
document which is a README.xml  makes a vague reference to having 
the correct context for cgi, but seemingly no other dataI'm 
missing something??
  Now, folks, I have no more clues what this refers to ... can someone 
shed some light for me??
  I've made an assumption that since I'm the only user on my PC that I 
do not have to register me in the Tomcat-users.xml  since the 
role of manager-gui does not seem to apply to cgi.

  But I've been wrong before!

Thanks,
Alan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about config and correct start-up

[Alan Findly]

Forgot to mention version of tomcat .7.0.34 . on WindowsXP


 Original Message 
Subject:Question about config and correct start-up
Date:   Sun, 13 Jan 2013 19:52:55 -0700
From:   Alan Findly afin...@ronan.net
To: users@tomcat.apache.org



Dear Tomcat user's group:
   I'm having a problem getting cgi to work.  I have Tomcat
installed--used the installer from download page.  It's working fine for
java, but I need the web server for my cgi project  running  testing
perl from html locally on my PC...yea Windows env...ah, well...anyway my
goal is to develop Perl stuff locally before uploading to regular server.
  I've followed all the config instructions for setting it up,
including editing the conf\web.xml file to make the cgi servlet
functional, which just involves removing comment signs from around the
servlet.
  Done.  So, what should happen is that when I call a perl script from
html it should fire up  go.
  But  still no workey  so digging further I noticed the config
document which is a README.xml  makes a vague reference to having
the correct context for cgi, but seemingly no other dataI'm
missing something??
  Now, folks, I have no more clues what this refers to ... can someone
shed some light for me??
  I've made an assumption that since I'm the only user on my PC that I
do not have to register me in the Tomcat-users.xml  since the
role of manager-gui does not seem to apply to cgi.
  But I've been wrong before!

Thanks,
Alan

Tomcat 4 question - is this a known bug and if so which version is it fixed in?

[Alan Williams]

We have been having occasional content-length mismatch
errors which we now suspect may be linked to Tomcat 4 or the mod_jk
connector. I am trying to find out if this is a known problem and if so
which version of Tomcat and/or mod_jk we need to upgrade too. I have
been looking through the bugs database but have been unable to find it
with any certainty. Could someone help please?

 

The problem : content length mismatches (due to the parameters from 2
different POST requests being mixed up?)

Versions : Tomcat 4.1, Java 1.5.0 on HP-UX. I do not have the version of
mod_jk used on that machine at present but can obtain it. 

 

Could someone tell me if this is a known problem and point
me to its details? If it is a problem with Tomcat/mod_jk could someone
tell me which version it was fixed in?

 

 

More Details on the problem

 

The reason we now suspect Tomcat 4 or mod_jk is because it
appears that the POST parameters from 2 different requests have been
mixed up. This has been recreated internally by a script which was
firing requests for a JSP page Welcome.jsp every 30 seconds with the
same set of POST parameters ALAN=WILLIAMSTEST=1 (length = 20). An error
was reported in a servlet which expected a content length of 183. The
Tomcat logs reported that the parameters it received were
ALAN=WILLIAMSTEST=1 (length =20). Somehow it was accessing the
parameters for a request for a different URL from a different user. The
excerpt from the Tomcat log is below.

 

2010-09-02 10:02:46 HttpRequestBase.parseParameters content length
mismatch

  URL: http://10.16.99.102:16513/RSTES2/servlet/MyServlet Content
Length: 183

Read: 20

  Bytes Read: ALAN=WILLIAMSTEST=1 (These parameters were
for Welcome.jsp not the servlet)

 

I suspect that both requests were sent correctly and have
become entangled. The requests did not originate at the same time. The
access logs show that the last request for the JSP page was 24 seconds
earlier. It's as if the details from an old request were picked up when
processing a new one.

 

10.16.200.54 - - [02/Sep/2010:10:02:22 +0100] POST
/RSTES2/jsp/login/Welcome.jsp HTTP/1.0 200 5631 (most recent request
for JSP page by the script)

10.99.1.4 - - [02/Sep/2010:10:02:24 +0100] POST
/RSTES2/servlet/MyServlet HTTP/1.1 200 42505 (a single user using the
system normally)

10.99.1.4 - - [02/Sep/2010:10:02:30 +0100] POST /RSTES2/servlet/
MyServlet HTTP/1.1 200 42505 (a single user using the system normally)

10.99.1.4 - - [02/Sep/2010:10:02:35 +0100] POST /RSTES2/servlet/
MyServlet HTTP/1.1 200 42505 (a single user using the system normally)

10.99.1.4 - - [02/Sep/2010:10:02:41 +0100] POST /RSTES2/servlet/
MyServlet HTTP/1.1 200 42505 (a single user using the system normally)

10.99.1.4 - - [02/Sep/2010:10:02:43 +0100] POST /RSTES2/servlet/
MyServlet HTTP/1.1 200 206 (a single user using the system normally)

(error occurred at 10:02:46 as above)

10.99.1.4 - - [02/Sep/2010:10:02:47 +0100] POST /RSTES2/servlet/
MyServlet HTTP/1.1 200 42505 (a single user using the system normally)

10.16.200.54 - - [02/Sep/2010:10:02:52 +0100] POST
/RSTES2/jsp/login/Welcome.jsp HTTP/1.0 200 5631 (a later request for
the JSP page by the script)

 

 

 
Alan





 

Alan Williams, Senior Analyst/Programmer, 3i Infotech - Western Europe 
Tel. Direct: + 44 (0)121 260 3346  |  Email: 
alan.willi...@3i-infotech.eu | www.3i-infotech.com 



 

This message is intended for the named recipient only and may be
privileged and/or confidential. If you are not the intended or named
recipient or have received this email in error then you should not copy,
forward or disclose it to any other person. The views and opinions
expressed in this e-mail are those of the sender and may not represent
the views and opinions of 3i Infotech (Western Europe) Limited
(registered number 2760212, with its registered office at Level 35, 25
Canada Square, Canary Wharf, London, E14 5LQ) or any subsidiary or
affiliated company within the 3i Infotech group of companies. If you
have received this email in error you should destroy it or contact
postmas...@3i-infotech.eu so that we may take appropriate action. 

 


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__

NewBie! Need Help to configure FTP/Domain...

[Alan Coyne]

Hi All,
I'm new to TomCat however I have managed to get JDK setup and Tomcat 6 running 
on Linux 64bit server.
I've deployed an app via WAR file and all looks good.

So all that remains for me to do is confirgure a domain name to use the server 
and be able to FTP to the installed app folder.
I've been searching and digging but am a bit lost at this stage. If anyone can 
point me in the right direction it would be great.

Thanks
Alan

Understanding the error cause

[Alan Chandler]

I am moving an application I have had running under tomcat5.5 to tomcat6 
on another computer.


I placed my war file in the webapps directory and tomcat duly 
automatically deployed it.  But as soon as I try to access it, it throws 
an exception - the root cause of which appears to be this line


java.security.AccessControlException: access denied 
(java.io.FilePermission 
/var/lib/tomcat6/webapps/akcmoney/WEB-INF/classes/META-INF/hivemodule.xml 
read)



This file is inside the deployed web app, and exists and has file 
permissions 644 with ownership and group of tomcat6.


I do not understand what is wrong.  Can someone give me some advice as 
to how to understand the problem.



--
Alan Chandler
http://www.chandlerfamily.org.uk


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Understanding the error cause

[Alan Chandler]

Konstantin Kolinko wrote:

2009/12/26 Alan Chandler a...@chandlerfamily.org.uk:

I am moving an application I have had running under tomcat5.5 to tomcat6 on
another computer.

I placed my war file in the webapps directory and tomcat duly automatically
deployed it.  But as soon as I try to access it, it throws an exception -
the root cause of which appears to be this line

java.security.AccessControlException: access denied (java.io.FilePermission
/var/lib/tomcat6/webapps/akcmoney/WEB-INF/classes/META-INF/hivemodule.xml
read)


This file is inside the deployed web app, and exists and has file
permissions 644 with ownership and group of tomcat6.

I do not understand what is wrong.  Can someone give me some advice as to
how to understand the problem.



http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html


Thanks - understand much more now.

--
Alan Chandler
http://www.chandlerfamily.org.uk


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat not listing on ipv4

[Alan Chandler]

I have just upgraded my Debian server to unstable, and now find that 
attempt to connect to my tomcat via ajp fails.


It appears from netstat is tomcat is listing on 8009 but only on ipv6

I have been unable to find out how to change this.  Can someone give me 
a clue.

--
Alan Chandler
http://www.chandlerfamily.org.uk


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat not listing on ipv4

[Alan Chandler]

André Warnier wrote:

Alan Chandler wrote:
I have just upgraded my Debian server to unstable, and now find that 
attempt to connect to my tomcat via ajp fails.


It appears from netstat is tomcat is listing on 8009 but only on ipv6

I have been unable to find out how to change this.  Can someone give 
me a clue.


As a hack : use the Address attribute of the AJP Connector and specify a 
V4 address ? (if only 127.0.0.1)



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

It works at least as far as connecting to Tomcat from apache is 
concerned.  I now have problems accessing the database from tomcat and 
that is throwing an exception



--
Alan Chandler
http://www.chandlerfamily.org.uk



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: What is the difference between running Tomcat 6 as a Windows Service vs. running from the command line?

[Alan Kennedy]

[Alan]
 I need to find out what is the difference between running Tomcat 6 as
 a Windows Service and running it from the command line.

 The reason is that I'm getting a bizarre bug when a jython based
 servlet is run under Tomcat6-as-Service. But the bug does NOT appear
 when Tomcat 6 is run from the command line using bin\startup.bat.

[Earl]
 Was there a solution found for this behavior?

 It is happening to me as well when I try to install Liferay portal as a
 service (Server 2008, 64-bit JVM, Tomcat 6.0.20 zip file installed with
 64-bit tomcat6 and tomcat6w.exe files substituted).

 I also get a stack overflow error when running as a service, but normal
 behavior when using startup.bat .  After getting startup.bat to run, I
 installed the service using service install.
 If I run tomcat6 from the command line still as Administrator, it also
 fails.

Hi Earl,

I'm not sure if we're talking about the same bug, although it's easily
possible that it's the same bug, with differing consequences.

I've made a little more progress on what is happening in jython when
this problem occurs, namely a infinite recursion on method reflection.
I'm guessing that this may be caused by a combination of classloading
and security policies, not sure yet. More details from here

http://bugs.jython.org/issue1489

Note from that bug that we've had a report from a user who saw
identical behaviour when running a minimal jython servlet in BEA
WebLogic on Ubuntu, whereas the Tomcat on Ubuntu runs the code just
fine. So this is not a problem specific to Tomcat or to Tomcat on
Windows.

I'll be continuing my investigations and reports on the jython bug
report. Please feel free to follow that discussion and/or contribute
to it.

Regards,

Alan.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

What is the difference between running Tomcat 6 as a Windows Service vs. running from the command line?

[Alan Kennedy]

Hi all,

I need to find out what is the difference between running Tomcat 6 as
a Windows Service and running it from the command line.

The reason is that I'm getting a bizarre bug when a jython based
servlet is run under Tomcat6-as-Service. But the bug does NOT appear
when Tomcat 6 is run from the command line using bin\startup.bat.

I'm using Windows Server 2003.

Rather than describe the whole thing in this email, I've recorded all
of the details in the jython bug tracker.

Jython crashes in unknown circumstances when running on Tomcat 6 as
Windows Service
http://bugs.jython.org/issue1489

Can anyone point me to documentation which describes the differences
between the two operating modes?

Regards,

Alan Kennedy.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: What is the difference between running Tomcat 6 as a Windows Service vs. running from the command line?

[Alan Kennedy]

[Alan]
 I need to find out what is the difference between running Tomcat 6 as
 a Windows Service and running it from the command line.

 The reason is that I'm getting a bizarre bug when a jython based
 servlet is run under Tomcat6-as-Service. But the bug does NOT appear
 when Tomcat 6 is run from the command line using bin\startup.bat.

[Markus]
 The most prominent difference I can think of is the user account Tomcat
 runs as.
 Although I have no idea why this should cause the endless recursion you
 are seeing, I'd (temporarily) change the user account of the Tomcat
 service to your personal account and see if the problem still exists.

Thanks for the suggestion Markus, it was a good one.

Unfortunately, it did not solve the problem: the behaviour is exactly
the same when running under my own account: the bug still occurs.

Regards,

Alan.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

my webapps and security manager

[Alan]

 playing
with that for more than a week and I'm getting really tired, which is
likely weakening my sense of observation and reason and I am probably
skipping something obvious if not the whole thing at all.

Any help would be very very appreciated.

Many thanks in advance,
Alan
-- 
Alan Wilter Sousa da Silva, D.Sc.
PDBe group, PiMS project http://www.pims-lims.org/
EMBL - EBI, Wellcome Trust Genome Campus, Hinxton, Cambridge CB10 1SD, UK
+44 (0)1223 492 583 (office)

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: webapps examples and security manager

[Alan]

Hallelujah!

I finally figured out what's going on with tomcat 5.5.26 when running
webapps in security mode.

In Ubuntu 9.04, with just the addition of 'permission
java.lang.RuntimePermission setContextClassLoader;' in
catalina.policy solved the problem. This is happen because ubuntu has
its own way of starting the deamon and apparently they fixed some
problems that in tomcat 5.5.26 official distribution is not.

Since Fink also use the official distribution, I found out that I need
to tweak catalina.policy a bit further there. See the patch:

--- catalina.policy 2009-09-24 13:51:41.0 +0100
+++ /Users/alan/SCRIPTS/catalina.policy 2009-09-24 13:50:24.0 +0100
@@ -66,7 +66,7 @@
 };

 // These permissions apply to the commons-logging API
-grant codeBase file:${catalina.home}/bin/commons-logging-api.jar {
+grant codeBase file:${catalina.home}/bin/commons-logging-api-1.1.1.jar {
 permission java.security.AllPermission;
 };

@@ -82,6 +82,7 @@

 // These permissions apply to JULI
 grant codeBase file:${catalina.home}/bin/tomcat-juli.jar {
+permission java.lang.RuntimePermission setContextClassLoader;
 permission java.util.PropertyPermission
java.util.logging.config.class, read;
 permission java.util.PropertyPermission
java.util.logging.config.file, read;
 permission java.lang.RuntimePermission shutdownHooks;
@@ -95,6 +96,8 @@
 // Be sure that the logging configuration is secure before
enabling such access
 // eg for the examples web application:
 // permission java.io.FilePermission
${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties,
read;
+permission java.io.FilePermission
${catalina.base}${file.separator}webapps${file.separator}jsp-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties,
read;
+permission java.io.FilePermission
${catalina.base}${file.separator}webapps${file.separator}servlets-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties,
read;
 };

 // These permissions apply to the servlet API classes


This basic solved my problems.

Alan

On Wed, Sep 23, 2009 at 22:58, Alan alanwil...@gmail.com wrote:
 Many thanks dear Mark.

 It's late here too but I finally, with your diligent and precious
 help, I could figure out what's going on here and even manage to have
 tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but
 not for tomcat5.5.26, last version available for Mac via Fink).

 Thank you very much.

 Alan

 On Wed, Sep 23, 2009 at 21:42, Mark Thomas ma...@apache.org wrote:
 Mark Thomas wrote:
 Mark Thomas wrote:
 Alan wrote:
 Thanks Mark, let's deal by parts:
 OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs
 but not a 1.6.0_00 JVM.

 The latest 1.5 JVM seems OK too.

 Time to check the release notes. I'll hopefully have a workaround (other
 than using Java 1.5) shortly.

 Still not clear why it is required for later JVM versions

 snip/

 It is late and I have been in front my PC for too long today. This has
 already been fixed (by me!) in trunk and proposed for 6.0.x and 5.5.x.
 It looks the implementation of LogManager (ClassLoaderLogManager extends
 LogManager) has changed - hence the need for the new permission.

 Mark



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: webapps examples and security manager

[Alan]

Well, I'll try to make it clearer:

Situation: Ubuntu 9.04 with SUN Java 1.6 and tomcat 5.5.26 with
security mode (default in Debian/Ubuntu).

Testing tomcat-webapps examples.

A clean install and everything seems to work, except that nothing is
written in /var/log/tomcat5.5

To solve this issue, I had to add:

permission java.lang.RuntimePermission setContextClassLoader;

in /etc/tomcat5.5/policy.d/03catalina.policy.

If using openJDK instead of Sun Java, this is not necessary.

The patch I sent before is for those using tomcat5.5.26 in Mac OSX and
Fink use this distribution.

Did it help?

Alan

On Thu, Sep 24, 2009 at 14:57, Pid p...@pidster.com wrote:
 On 24/09/2009 14:11, Alan wrote:

 Hallelujah!

 I finally figured out what's going on with tomcat 5.5.26 when running
 webapps in security mode.

 In Ubuntu 9.04, with just the addition of 'permission
 java.lang.RuntimePermission setContextClassLoader;' in
 catalina.policy solved the problem. This is happen because ubuntu has
 its own way of starting the deamon and apparently they fixed some
 problems that in tomcat 5.5.26 official distribution is not.

 Really?  Could you let us know what?

 p


 Since Fink also use the official distribution, I found out that I need
 to tweak catalina.policy a bit further there. See the patch:

 --- catalina.policy     2009-09-24 13:51:41.0 +0100
 +++ /Users/alan/SCRIPTS/catalina.policy 2009-09-24 13:50:24.0
 +0100
 @@ -66,7 +66,7 @@
  };

  // These permissions apply to the commons-logging API
 -grant codeBase file:${catalina.home}/bin/commons-logging-api.jar {
 +grant codeBase file:${catalina.home}/bin/commons-logging-api-1.1.1.jar
 {
          permission java.security.AllPermission;
  };

 @@ -82,6 +82,7 @@

  // These permissions apply to JULI
  grant codeBase file:${catalina.home}/bin/tomcat-juli.jar {
 +        permission java.lang.RuntimePermission setContextClassLoader;
          permission java.util.PropertyPermission
 java.util.logging.config.class, read;
          permission java.util.PropertyPermission
 java.util.logging.config.file, read;
          permission java.lang.RuntimePermission shutdownHooks;
 @@ -95,6 +96,8 @@
          // Be sure that the logging configuration is secure before
 enabling such access
          // eg for the examples web application:
          // permission java.io.FilePermission

 ${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties,
 read;
 +        permission java.io.FilePermission

 ${catalina.base}${file.separator}webapps${file.separator}jsp-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties,
 read;
 +        permission java.io.FilePermission

 ${catalina.base}${file.separator}webapps${file.separator}servlets-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties,
 read;
  };

  // These permissions apply to the servlet API classes


 This basic solved my problems.

 Alan

 On Wed, Sep 23, 2009 at 22:58, Alanalanwil...@gmail.com  wrote:

 Many thanks dear Mark.

 It's late here too but I finally, with your diligent and precious
 help, I could figure out what's going on here and even manage to have
 tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but
 not for tomcat5.5.26, last version available for Mac via Fink).

 Thank you very much.

 Alan

 On Wed, Sep 23, 2009 at 21:42, Mark Thomasma...@apache.org  wrote:

 Mark Thomas wrote:

 Mark Thomas wrote:

 Alan wrote:

 Thanks Mark, let's deal by parts:

 OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16
 JVMs
 but not a 1.6.0_00 JVM.

 The latest 1.5 JVM seems OK too.

 Time to check the release notes. I'll hopefully have a workaround
 (other
 than using Java 1.5) shortly.

 Still not clear why it is required for later JVM versions

 snip/

 It is late and I have been in front my PC for too long today. This has
 already been fixed (by me!) in trunk and proposed for 6.0.x and 5.5.x.
 It looks the implementation of LogManager (ClassLoaderLogManager extends
 LogManager) has changed - hence the need for the new permission.

 Mark



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: webapps examples and security manager

[Alan]

Ok, I downloaded the latest and did:

wget -c 
http://mirror.ox.ac.uk/sites/rsync.apache.org/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz
tar xvfz apache-tomcat-5.5.28.tar.gz # gnu tar
cd ~/Programmes/apache-tomcat-6.0.20
export CATALINA_HOME=$PWD
amadeus[2161]:~/Programmes/apache-tomcat-6.0.20%
$CATALINA_HOME/bin/catalina.sh run -securityUsing CATALINA_BASE:
/Users/alan/Programmes/apache-tomcat-6.0.20
Using CATALINA_HOME:   /Users/alan/Programmes/apache-tomcat-6.0.20
Using CATALINA_TMPDIR: /Users/alan/Programmes/apache-tomcat-6.0.20/temp
Using JRE_HOME:
/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
Using Security Manager
Please use CMSClassUnloadingEnabled in place of
CMSPermGenSweepingEnabled in the future
Could not load Logmanager org.apache.juli.ClassLoaderLogManager
java.security.AccessControlException: access denied
(java.lang.RuntimePermission setContextClassLoader)
at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[snip]

I got basically the same thing as in tomcat 5.5.

So, how do I do to make at least the webapps examples that come with
tomcat to run smoothly with security manager? How to tweak
catalina.policy in order to not see all this issues in log?

Many thanks in advance,

Alan


On Tue, Sep 22, 2009 at 18:49, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
 From: Alan [mailto:alanwil...@gmail.com]
 Subject: Re: webapps examples and security manager

 Not yet, which one would suggest me please?

 The latest, always (6.0.20).

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
 MATERIAL and is thus for use only by the intended recipient. If you received 
 this in error, please contact the sender and delete the e-mail and its 
 attachments from all computers.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: webapps examples and security manager

[Alan]

Thanks Mark, let's deal by parts:

On Wed, Sep 23, 2009 at 16:33, Mark Thomas ma...@apache.org wrote:
 Alan wrote:
 Ok, I downloaded the latest and did:

 wget -c 
 http://mirror.ox.ac.uk/sites/rsync.apache.org/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz
 tar xvfz apache-tomcat-5.5.28.tar.gz # gnu tar

 What is going on here? Which version of Tomcat are you using?

amadeus[2195]:~/Programmes% $CATALINA_HOME/bin/catalina.sh version
Using CATALINA_BASE:   /Users/alan/Programmes/apache-tomcat-6.0.20
Using CATALINA_HOME:   /Users/alan/Programmes/apache-tomcat-6.0.20
Using CATALINA_TMPDIR: /Users/alan/Programmes/apache-tomcat-6.0.20/temp
Using JRE_HOME:
/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
Server version: Apache Tomcat/6.0.20
Server built:   May 14 2009 01:13:50
Server number:  6.0.20.0
OS Name:Mac OS X
OS Version: 10.6.1
Architecture:   x86_64
JVM Version:1.6.0_15-b03-219
JVM Vendor: Apple Inc.

 cd ~/Programmes/apache-tomcat-6.0.20
 export CATALINA_HOME=$PWD
 amadeus[2161]:~/Programmes/apache-tomcat-6.0.20%
 $CATALINA_HOME/bin/catalina.sh run -securityUsing CATALINA_BASE:
 /Users/alan/Programmes/apache-tomcat-6.0.20
 Using CATALINA_HOME:   /Users/alan/Programmes/apache-tomcat-6.0.20
 Using CATALINA_TMPDIR: /Users/alan/Programmes/apache-tomcat-6.0.20/temp
 Using JRE_HOME:
 /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home

 Which JVM is this? What does:
 java -version
 return?

amadeus[2197]:~/Programmes% java -version
java version 1.6.0_15
Java(TM) SE Runtime Environment (build 1.6.0_15-b03-219)
Java HotSpot(TM) 64-Bit Server VM (build 14.1-b02-90, mixed mode)

 Using Security Manager
 Please use CMSClassUnloadingEnabled in place of
 CMSPermGenSweepingEnabled in the future

 Hmm. You shouldn't see that with a default Tomcat install so it looks
 like you aren't running what you think you are running.

Indeed, testing on Ubuntu, I don't get this message.

More below.

 Could not load Logmanager org.apache.juli.ClassLoaderLogManager
 java.security.AccessControlException: access denied
 (java.lang.RuntimePermission setContextClassLoader)
       at 
 java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
 [snip]

 This works out of the for me on Leopard. I don't have access to a
 machine with Snow Leopard although it is unlikely that is the issue.

 So, how do I do to make at least the webapps examples that come with
 tomcat to run smoothly with security manager? How to tweak
 catalina.policy in order to not see all this issues in log?

 Indications are you aren't running a vanilla Tomcat 6.0.20 install. A
 clean install works for me in Windows, OSX and linux.

 Mark

I frankly don't understand what's going on, so I will put in a sort of
script-like what I did. First I got tomcat from
http://tomcat.apache.org/download-60.cgi (Binary distr. - Core).
Should I get the source code and compile myself?

#--
# commands
cd
# get binary core package from a mirror
wget -c 
http://mirror.lividpenguin.com/pub/apache/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz

# uncompress with gnu tar
tar xvfz apache-tomcat-6.0.20.tar.gz

cd apache-tomcat-6.0.20
export CATALINA_HOME=$PWD

$CATALINA_HOME/bin/catalina.sh version

$CATALINA_HOME/bin/catalina.sh run -security
#--

I did the same commands in a clean install of Ubuntu Linux 9.04 64
bits and got the same problem. I would love to see what you get doing
the commands above, or please tell me what should I change if they are
not OK.

From Ubuntu:

a...@ubuntu:~/apache-tomcat-6.0.20/logs$ $CATALINA_HOME/bin/catalina.sh version
Using CATALINA_BASE:   /home/alan/apache-tomcat-6.0.20
Using CATALINA_HOME:   /home/alan/apache-tomcat-6.0.20
Using CATALINA_TMPDIR: /home/alan/apache-tomcat-6.0.20/temp
Using JRE_HOME:   /usr
Server version: Apache Tomcat/6.0.20
Server built:   May 14 2009 01:13:50
Server number:  6.0.20.0
OS Name:Linux
OS Version: 2.6.28-15-generic
Architecture:   amd64
JVM Version:1.6.0_16-b01
JVM Vendor: Sun Microsystems Inc.

a...@ubuntu:~/apache-tomcat-6.0.20/logs$
$CATALINA_HOME/bin/catalina.sh run -security
Using CATALINA_BASE:   /home/alan/apache-tomcat-6.0.20
Using CATALINA_HOME:   /home/alan/apache-tomcat-6.0.20
Using CATALINA_TMPDIR: /home/alan/apache-tomcat-6.0.20/temp
Using JRE_HOME:   /usr
Using Security Manager
Could not load Logmanager org.apache.juli.ClassLoaderLogManager
java.security.AccessControlException: access denied
(java.lang.RuntimePermission setContextClassLoader)
at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at 
java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[snip]

Cheers,
Alan

Re: webapps examples and security manager

[Alan]

Many thanks dear Mark.

It's late here too but I finally, with your diligent and precious
help, I could figure out what's going on here and even manage to have
tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but
not for tomcat5.5.26, last version available for Mac via Fink).

Thank you very much.

Alan

On Wed, Sep 23, 2009 at 21:42, Mark Thomas ma...@apache.org wrote:
 Mark Thomas wrote:
 Mark Thomas wrote:
 Alan wrote:
 Thanks Mark, let's deal by parts:
 OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs
 but not a 1.6.0_00 JVM.

 The latest 1.5 JVM seems OK too.

 Time to check the release notes. I'll hopefully have a workaround (other
 than using Java 1.5) shortly.

 Still not clear why it is required for later JVM versions

 snip/

 It is late and I have been in front my PC for too long today. This has
 already been fixed (by me!) in trunk and proposed for 6.0.x and 5.5.x.
 It looks the implementation of LogManager (ClassLoaderLogManager extends
 LogManager) has changed - hence the need for the new permission.

 Mark



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

webapps examples and security manager

[Alan]

:${catalina.home}/server/- {
permission java.security.AllPermission;
};

// The permissions granted to the balancer WEB-INF/classes and
WEB-INF/lib directory
grant codeBase file:${catalina.home}/webapps/balancer/- {
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.tomcat.util.digester;
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.tomcat.util.digester.*;
};
// == WEB APPLICATION PERMISSIONS =


// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
// Required for JNDI lookup of named JDBC DataSource's and
// javamail named MimePart DataSource used to send mail
permission java.util.PropertyPermission java.home, read;
permission java.util.PropertyPermission java.naming.*, read;
permission java.util.PropertyPermission javax.sql.*, read;

// OS Specific properties to allow read access
permission java.util.PropertyPermission os.name, read;
permission java.util.PropertyPermission os.version, read;
permission java.util.PropertyPermission os.arch, read;
permission java.util.PropertyPermission file.separator, read;
permission java.util.PropertyPermission path.separator, read;
permission java.util.PropertyPermission line.separator, read;

// JVM properties to allow read access
permission java.util.PropertyPermission java.version, read;
permission java.util.PropertyPermission java.vendor, read;
permission java.util.PropertyPermission java.vendor.url, read;
permission java.util.PropertyPermission java.class.version, read;
permission java.util.PropertyPermission
java.specification.version, read;
permission java.util.PropertyPermission java.specification.vendor, read;
permission java.util.PropertyPermission java.specification.name, read;

permission java.util.PropertyPermission
java.vm.specification.version, read;
permission java.util.PropertyPermission
java.vm.specification.vendor, read;
permission java.util.PropertyPermission
java.vm.specification.name, read;
permission java.util.PropertyPermission java.vm.version, read;
permission java.util.PropertyPermission java.vm.vendor, read;
permission java.util.PropertyPermission java.vm.name, read;

// Required for OpenJMX
permission java.lang.RuntimePermission getAttribute;

// Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission jaxp.debug, read;

// Precompiled JSPs need access to this package.
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.runtime;
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.runtime.*;

// Precompiled JSPs need access to this system property.
permission java.util.PropertyPermission
org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER, read;
};

Any help would be more than appreciated.

Many thanks in advance,

Alan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: webapps examples and security manager

[Alan]

Thanks for your reply.

Not yet, which one would suggest me please?

Alan

On Tue, Sep 22, 2009 at 17:27, Mark Thomas ma...@apache.org wrote:
 Alan wrote:
 snip/
 Any help would be more than appreciated.

 And when you try with a more recent version?

 Mark




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: what is the upper limit of maximum heap memory for Tomcat with 32-bit JVM running on Red Hat Linux 4 (32-bit)

[Alan Chaney]

2. Your other 'workaround' is to install a 64 bit OS and a 64 bit JVM. 
Then you can have 7G+ for the JVM.


Actually, to be totally clear, you can have pretty much as much memory 
as you have physical ram in the machine. In your case that's 7G+


For more info on the 64bit JVM see 
http://java.sun.com/docs/hotspot/HotSpotFAQ.html#64bit_heap


Apparently RHEL 4 x64 supports up to 16GB and RHEL 5 claims 'unlimited'
but I'll bet no-one has actually tried it with 16 TB.






Regards

Alan Chaney



Li,Henry wrote:
My Tomcat is running on 32-bit Red Hat 4 (2.6.9-78.0.1.ELsmp), host 
server has 8G physical memory and 4 processors.

 java version 1.4.2  gcj (GCC) 3.4.6 20060404 (Red Hat 3.4.6-10)
I got java.lang.OutOfMemoryError
Current configuration: -Xms1024M -Xmx2304M
The host server has about 4.5G free memory. When I tried to increase 
-Xmx2304M to -Xmx3000M, I got this error:
Error occurred during initialization of VM, Could not reserve enough 
space for object heap

The maximum # I can reach is -Xmx2680M.
QUESTION: Is there an upper limit for -Xmx? What is the work around? 
How can I use my free memory on the server to

get rid of the OutOfMemoryError?

Thanks,
Henry








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:4a68f4e844863033718476!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: what is the upper limit of maximum heap memory for Tomcat with 32-bit JVM running on Red Hat Linux 4 (32-bit)

[Alan Chaney]

You are using a 32 bit operating system and a 32 bit processor. To make 
more than 4GB of ram available you must ensure that you have PAE support 
enabled in your kernel (search Google for Physical Address Extension) 
which may mean re-compiling for RHEL 4 (see Red Hat). Your processor may 
not support it but I'd suspect that when you say 4 processors you 
probably mean 4 cores and I believe all 4 core Intel CPUs do support 
PAE. Re-reading your email I see that you say that you have 4.5G of free 
memory - how did you determine this? 'top'?



Even so, I cannot find any clear statement on the web that the 32 bit 
JRE will be able to address more than 4G even if you do have PAE 
enabled. I suspect not. Actually, 'suspect' is way too mild a term ... I 
would be completely astounded if you could...


Possible workarounds are:

1. Try running 2 JVMs ( when you have PAE enabled) - of course this may 
not work in your application (you'd have to have two Tomcat instances.)


2. Your other 'workaround' is to install a 64 bit OS and a 64 bit JVM. 
Then you can have 7G+ for the JVM.


Regards

Alan Chaney



Li,Henry wrote:

My Tomcat is running on 32-bit Red Hat 4 (2.6.9-78.0.1.ELsmp), host server has 
8G physical memory and 4 processors.
 java version 1.4.2  gcj (GCC) 3.4.6 20060404 (Red Hat 3.4.6-10)
I got java.lang.OutOfMemoryError
Current configuration: -Xms1024M -Xmx2304M
The host server has about 4.5G free memory. When I tried to increase -Xmx2304M 
to -Xmx3000M, I got this error:
Error occurred during initialization of VM, Could not reserve enough space for 
object heap
The maximum # I can reach is -Xmx2680M.
QUESTION: Is there an upper limit for -Xmx? What is the work around? How can I 
use my free memory on the server to
get rid of the OutOfMemoryError?

Thanks,
Henry




!DSPAM:4a68ee3b41041381456296!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: The best place for implementing context specific behavior?

[Alan Chaney]

Andre

André Warnier wrote:

Pid wrote:


The Filter checks the domain name is suitable, /looks up a config object/
and drops it into the request attributes for use on the page.


Ha ! I believe that this is exactly what Jonathan is (or was originally) 
looking for.

Where is this config object, and when and how is it being initialised ?

One place to keep filter configuration information is as an attribute of 
the ServletContext. This can be obtained with the 
FilterConfig.getServletContext method. The FilterConfig object is a 
parameter of the doFilter method of the Filter. (See 
http://java.sun.com/javaee/5/docs/api/)


This works within any one web app.


I'm continuing for myself right now, just to learn how to do this 
correctly.
Suppose I do want to do something different in my (shared, common, 
whatever) webapp, depending on the Host: header of the request.
And suppose this different thing I want to do, is a bit heavy, so I 
don't want to do it all at each request, I want to do some of that work 
ahead of time, and re-use it for each request afterward.


But the requests come in unpredictable order, all to my same webapp, but 
one for apples.company.com, and the following one for 
bananas.company.com etc.
And when one comes in for bananas, I want to retrieve what I had 
earlier prepared for bananas, and not what I had prepared for lemons.
(In other words, I don't want a fruit salad, I want to enjoy each fruit 
separately).


You can write an object which handles the specific processing for each 
host and then create a Map as the attribute in the ServletContext using 
the host name as the key. At the start of each request in your Filter 
you could retrieve the object by using the host name as the key, do 
whatever host specific processing you need.


You can add a ContextListener in web.xml will will allow you to do any 
servlet startup/shutdown operations.


There are other ways, but the above should work.

Regards

Alan Chaney

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Reading POSTed data

[Alan Chaney]

Caldarale, Charles R wrote:

From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Reading POSTed data

The servlet spec is very clear about when the request is consumed to
fulfill a getParameter call and when the request is specifically /not/
consumed.


What I find problematic is that the spec gives no hint about how to process 
POST data that is not parameterized.  Lack of mentioning any alternative gives 
the impression that parameterization is the only way of handling it, whereas 
real-world practice is quite different.

 - Chuck

I have an application which extensively uses message data in POST 
requests so I was a bit concerned by your comment above.



However, P36 of my copy of the 2.4 servlet spec (sec SRV 4.1.1) says
If [the POST Form data conditions] are not met and the post form data 
is not included in the parameter set, the post data must still be 
available to the servet via the request object's input stream.


I don't want to appear picky, but that doesn't actually seem that 
problematic. If you don't set the content type as 
application/x-ww-form-urlencoded then you should be able to read it via 
the input stream


Regards

Alan Chaney





THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


!DSPAM:4a3bf2e676342136417547!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: how to setup Tomcat 6.x fixes

[Meline, Kirk Alan. (ARC)[PEROT SYSTEMS]]

Thank you Chuck for the advise.  I was told to put the project on hold for now 
but can use your instructions if needed.
Thanks
Kirk

-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] 
Sent: Wednesday, June 03, 2009 8:27 PM
To: Tomcat Users List
Subject: RE: how to setup Tomcat 6.x fixes

 From: Meline, Kirk Alan. (ARC)[PEROT SYSTEMS]
 [mailto:kirk.mel...@nasa.gov]
 Subject: RE: how to setup Tomcat 6.x fixes
 
 I have download all the files from the windows section of
 http://tomcat.apache.org/download-60.cgi#6.0.20

O.k., you went a bit overboard, but there's no damage; I'd recommend just the 
Core .zip file for now.  The Windows Service Installer will also work, but is a 
bit more difficult to use for people just getting started or wanting to run 
multiple Tomcats on the same box.  Unlike the .exe download, the .zip lets you 
install Tomcat wherever you want to, and includes .bat scripts for running 
Tomcat from a command prompt.  You can also install it as a Windows service 
with the .zip's service.bat script if and when you're ready to do that.  Just 
unzip the download to whatever directory is convenient for you, and keep 
reading.

 I just would like to know how to install them while making 
 sure I do not cause problems on apache.

Not sure what you mean by cause problems on apache.  Do you already have some 
other version of Tomcat installed?  Do you already have httpd running on the 
system of interest?  If there are potential conflicts with existing 
installations, you will want to edit the conf/server.xml file to change the 
port numbers to insure the version under test won't bother the current ones.  
The port numbers of interest are given in the Server and Connector 
elements.  Find out what ports are in use (netstat will show you), and make 
sure your test copy of Tomcat doesn't try to use the same ones.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: how to setup Tomcat 6.x fixes

[Meline, Kirk Alan. (ARC)[PEROT SYSTEMS]]

Thank you Mark.  I appreciate it.
Kirk

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Thursday, June 04, 2009 4:24 AM
To: Tomcat Users List
Subject: Re: how to setup Tomcat 6.x fixes

Meline, Kirk Alan. (ARC)[PEROT SYSTEMS] wrote:
 Hi
 
 Where can I get instructions on setting up our Tomcat server with the new 
 fixes?  I have downloaded the new fixes but cannot see any instructions on 
 the web site.

If you mean How do apply the fixes for the security issues fixed in
6.0.20 to my current Tomcat instalation? then the answer is you need to
do a clean 6.0.20 installation and transfer you webapps and
configuration files across to this new installation.

There is no official mechanism provided to patch a previous version.
There are ways you can try and do this but they are reasonably risky and
not recommended.

Mark

 
 
 
 Thanks
 
 Kirk
 
 
 Kirk Meline
 Systems Administrator
 NASA Ames Research Center
 Mail Stop 213-7
 Moffett Field, CA 94035-1000
 1-(650) 604-6868 Office
 
 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

how to setup Tomcat 6.x fixes

[Meline, Kirk Alan. (ARC)[PEROT SYSTEMS]]

Hi



Where can I get instructions on setting up our Tomcat server with the new 
fixes?  I have downloaded the new fixes but cannot see any instructions on the 
web site.



Thanks

Kirk


Kirk Meline
Systems Administrator
NASA Ames Research Center
Mail Stop 213-7
Moffett Field, CA 94035-1000
1-(650) 604-6868 Office

RE: how to setup Tomcat 6.x fixes

[Meline, Kirk Alan. (ARC)[PEROT SYSTEMS]]

Chuck

I have download all the files from the windows section of 
http://tomcat.apache.org/download-60.cgi#6.0.20 
I just would like to know how to install them while making sure I do not cause 
problems on apache.

Thanks

Kirk Meline
Systems Administrator
NASA Ames Research Center
Mail Stop 213-7
Moffett Field, CA 94035-1000
1-(650) 604-6868 Office

-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] 
Sent: Wednesday, June 03, 2009 3:24 PM
To: Tomcat Users List
Subject: RE: how to setup Tomcat 6.x fixes

 From: Meline, Kirk Alan. (ARC)[PEROT SYSTEMS]
 [mailto:kirk.mel...@nasa.gov]
 Subject: how to setup Tomcat 6.x fixes
 
 Where can I get instructions on setting up our Tomcat 
 server with the new fixes?

Download, unzip (or untar), run:
http://tomcat.apache.org/tomcat-6.0-doc/setup.html

 I have downloaded the new fixes but cannot see any
 instructions on the web site.

What exactly did you download, and from where?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: new installation uid / pwd problem

[Alan Chaney]

Hi Ron



Ronald G. Belcher wrote:
I'm a newbie who just installed Tomcat 5.5.  Installation messages told 
me the userid was tomcat55.  When I attempted to view Status, Tomcat 
Administration, or Tomcat Manager from my browser, I was asked for a 
userid and pw.  Of course, not knowing the password, I was treated to a 
message that said Access to the requested resource has been denied.  
Now I can't seem to do anything to get past the error, not even 
rebooting and/or restarting Tomcat.  Help!  Ron


Please specify: tomcat version, jdk version, operating system version.

Did you install tomcat by downloading from the tomcat.apache.org site? 
or is it a linux distro version. If the latter, then probably best to 
install the proper tomcat.apache.org version. You won't get much help on 
this list unless you do...


To give you some guidance on your specific problem above

http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html

which will explain amongst other things that the 'default' security 
realm is controlled by a file called tomcat-users.xml in the 
$TOMCAT_HOME/conf directory.


You will need to edit that file and then restart tomcat. You will also 
need to read (most) of the documents carefully. I guess you've got the 
linux distro because it would be much better to start with the currrent 
release version (6.0) than 5.5


HTH

Alan Chaney





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apache/tomcat communication issues (502 response)

[Alan Chaney]

Hi Andre

André Warnier wrote:

feedly team wrote:
[...]

using netstat, i see a moderate number (~80) of tomcat's sockets in
the CLOSE_WAIT state, not sure if this is relevant.

Approximately, because I am not sure I have this really understood yet 
: a TCP CLOSE_WAIT state happens when the writing side of a TCP 
connection has finished writing and (nicely) closes its side of the 
socket to indicate the fact, but the reading side of the connection 
does not read what is left in the buffers, so there is still some data 
unread in the pipeline, and the reading side never closes the socket.
And now I'm stuck in my explanation, because I am not sure which side 
is seeing the CLOSE_WAIT... ;-)

I think that you are indicating one condition in which you can see a
CLOSE_WAIT but there are many others. I also think that the condition
you indicate is appropriate when the CLOSE_WAIT is observed at the
receiving end of a communication, but is possible for a socket to be in
this state when it has sent data as well, but of course there will be no
outstanding data to send.

More generally CLOSE_WAIT is the state in which a socket is left AFTER
the other end says its finished and BEFORE the application which is
using the socket actually closes the socket. The WAIT refers to the
operating system waiting for the application to finish using the socket.

I think a socket can be in a CLOSE_WAIT state without there being any
further data to read or write - literally just waiting for the calling
application to close it.

Having written socket handling code for both Java and C++ on  a variety
of platforms I don't think there is any particular reason why Java
should be better or worse (in fact, code which uses sockets in Java is
generally pretty easy.) I suspect that your observations may be affected
by local conditions eg one application is badly written but represents
a lot of your network activity, so its behavior is predominant in
conditioning your thinking. Or not! :)

regards

Alan Chaney



But anyway, it indicates a problem somewhere in one of the two 
applications, my guess being the reading one.
It should do more reads to exhaust the remaining data, get an 
end-of-stream, then close its side of the connection, but it never does.
There is apparently no timeout for that, so the OS can never get rid 
of that socket, which probably leaves a bunch of things hanging around 
and consuming resources that they shouldn't.
On one of our systems, I have occasionally seen this issue grow until 
the point where the system seemed unable to accept new connections.
Now whether that has any bearing on your particular issue, I don't 
know.  But it sure indicates a logical problem somewhere.


There is quite a bit on the subject on Google, of unequal quality.
If someone knows a more rigorous explanation, please go ahead.

I will still add a purely sibjective and personal note : from personal 
experience, this phenomenon seems to happens more frequently whith 
Java applications than with others, so I would guess that there might 
be something in the Java handling of sockets that makes it a bit 
harder to write correct socket-handling code.

A Java expert may want to comment on that too.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:49dc6634305142136417547!






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Can only view pages on localhost

[Alan Chaney]

Hi Joel



Joel wrote:

I am a new user of Tomcat.  In my test system I have pc's networked via
a wireless router.  The router assigns the IP address of 192.168.0.2 to the
machine that runs Tomcat.  When I run Tomcat using http://localhost/... or
http://192.168.0.2/... everything works fine when I work on the local
machine.  But when I attempt to view web pages from any other machine on the
network using http://192.168.0.2/... I get timed out.  
 
How should I configure Tomcat so that it accepts requests from other

machines -- not just localhost?
 
You don't mention operating system, tomcat version, jdk version - all of 
which would make it easier to help you.


However, one wild guess is that you have a firewall which is preventing 
the other networked machine(s) from accessing the tomcat instance.


HTH

Alan Chaney



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: not valid Tomcat installation

[Alan Chaney]

Sergey (and FYI Andre)

For each server Eclipse uses, you must create a new entry in the 
'Servers' folder.


I'm assuming that you are using eclipse 3.3+ with WTP (Web Tools 
Project) plugins.


One way to do it is as follows:

From main menu Window-Preferences
Select  'Server'
click on triangle to get the drop down list and then select
'Runtime Environment'

The select 'Add'

You will get a list, the first of which is 'Apache'
select Apache Tomcat v6.0
and then 'Next'
now you will be at a menu called 'Tomcat Server Specify the installation 
directory'


Use Browse to select the folder in which you installed Tomcat. It will
check to see that it has the right files in it.

You can specify the JRE that tomcat is run with below. You may want to 
use a different JRE than the one that you are running Eclipse with. For 
example, I start and run eclipse with a JDK1.5 but compile and run my 
applications with JRE from the 1.6 JDK.


You can have more than one tomcat server defined in eclipse. Its up to 
you to configure them using the Server properties page to ensure that 
they use different ports.


HTH - also see Eclipse Help

Regards

Alan Chaney









Sergey Livanov wrote:

no, I have only tc 6.0.18
CATALINA_HOME points to c:\tomcat

2009/3/21 André Warnier a...@ice-sa.com


2009/3/21 André Warnier a...@ice-sa.com

 Sergey Livanov wrote:

 I install Tomcat 6.0.18 in c:\tomcat.

When add the new server Eclipse writes that tomcat install directory is
not
correct.
It does not point to valid Tomcat installation.
What should I do ?

 I don't now Eclipse at all, but how does it normally find out the path
of


a Tomcat installation ?

  When I add a new server I specify a path where Tomcat installed

before.

Tc5.r  I installed without problems.

If you still have both Tomcats, Eclipse may get confused.
Is there by any chance a CATALINA_HOME variable defined, that points to
something else ?
(open a command window, type set and look)


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





!DSPAM:49c50f9b246552009820482!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: not valid Tomcat installation

[Alan Chaney]

Actually I missed the final step!!

Right click in the Servers panel and New-Server will let you add the 
server.


Then you can add web projects as required.

Regards

Alan


Alan Chaney wrote:

Sergey (and FYI Andre)

For each server Eclipse uses, you must create a new entry in the 
'Servers' folder.


I'm assuming that you are using eclipse 3.3+ with WTP (Web Tools 
Project) plugins.


One way to do it is as follows:

 From main menu Window-Preferences
Select  'Server'
click on triangle to get the drop down list and then select
'Runtime Environment'

The select 'Add'

You will get a list, the first of which is 'Apache'
select Apache Tomcat v6.0
and then 'Next'
now you will be at a menu called 'Tomcat Server Specify the installation 
directory'


Use Browse to select the folder in which you installed Tomcat. It will
check to see that it has the right files in it.

You can specify the JRE that tomcat is run with below. You may want to 
use a different JRE than the one that you are running Eclipse with. For 
example, I start and run eclipse with a JDK1.5 but compile and run my 
applications with JRE from the 1.6 JDK.


You can have more than one tomcat server defined in eclipse. Its up to 
you to configure them using the Server properties page to ensure that 
they use different ports.


HTH - also see Eclipse Help

Regards

Alan Chaney









Sergey Livanov wrote:

no, I have only tc 6.0.18
CATALINA_HOME points to c:\tomcat

2009/3/21 André Warnier a...@ice-sa.com


2009/3/21 André Warnier a...@ice-sa.com

 Sergey Livanov wrote:

 I install Tomcat 6.0.18 in c:\tomcat.
When add the new server Eclipse writes that tomcat install 
directory is

not
correct.
It does not point to valid Tomcat installation.
What should I do ?

 I don't now Eclipse at all, but how does it normally find out the 
path

of


a Tomcat installation ?

  When I add a new server I specify a path where Tomcat installed

before.

Tc5.r  I installed without problems.

If you still have both Tomcats, Eclipse may get confused.
Is there by any chance a CATALINA_HOME variable defined, that points to
something else ?
(open a command window, type set and look)


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org









-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:49c515bf249199080218370!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Vmware Server 2 web interface uses tomcat but hogs 8005 and 8009

[Alan Chaney]

Chris

Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rainer,

On 3/17/2009 4:18 AM, Rainer Frey (Inxmail GmbH) wrote:

On Monday 16 March 2009 22:42:27 Christopher Schultz wrote:

Can you clarify this a bit?
There is no special management instance. VMWare Server is an application that 
runs on a regular host operating system instance (it installs linux kernel 
modules though, and probably also Windows drivers).


Interesting. This used to be called VMWare Workstation.

Rainer's right - there's Vmware Server and Workstation (and others, eg 
the GSX product range.) I've used Server 1 and workstation on several 
machines and several operating systems for four years. My annoyance was 
the configuration of Server 2. Server 1 came with a separate application 
(VMware console) that you could use to connect to both local and remote 
clients. Server 2 has replaced this with a web ui.


They (meaning this user 
on the VMWare community, who might or might not be associated with VMWare) 
say  not to run server software on that host operating system. I take that as 
a recommendation to dedicate a machine to one purpose only  (VM hosting in 
that case), which is  common practice in many production environments, but no 
strict requirement.


Yes, I accept I was a little frustrated at the time - my sentence was 
not intended to imply that Vmware had made the above statement, but more 
that I couldn't find any answer to the problem on their site.



Okay, this makes sense (not the recommendation, just the explanation).

What do you mean with the other end? I use VMWare Server 2 on Ubuntu 
(original tar.gz install from vmware.com), also found that it blocks the said 
ports, and simply changed the server.xml of the VMWare Tomcat.


And how did the client find it? If I missed how to do it, I apologize 
for wasting everybody's time but there is no mention in the docs, I 
could find nothing on Google and my experiments indicated that you need 
to change both client and server and I could only find the server 
configuration.



He still wants the web manager to work, and the /client/ expects to
connect on a certain port. If you change VMWare's server-side ports, the
client can no longer connect.


Correct. I still don't understand why Vmware didn't make this configurable.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Vmware Server 2 web interface uses tomcat but hogs 8005 and 8009

[Alan Chaney]

I've just wasted about a couple of hours sorting out an issue with 
Vmware server 2 and tomcat and I thought I'd pass it along, hoping to 
save someone else a small piece of frustration.


I've been setting up a new development workstation (CentOS 5.2) and 
switched to using vmware server 2 (because version 1 is now moribund).


Version 2 uses a web interface which is apparently 'served' from a local 
tomcat instance. Yay tomcat! However, in their infinite wisdom vmware 
have changed the default http and https ports from 8080 and 8443, but 
left the startup port at 8005 and the mod-jk port at 8009, and, what's 
more, not provided any way to change it.


I spent some time looking to see whether these were configurable, but I 
found nothing, apart from a rather snotty message on the vmware bulletin 
boards stating that they didn't think that you should run a server on 
the same platform as a vmware setup which is odd, because A. I do in 
production all the time and it works fine and B. haven't they heard of 
development environments? I don't know about other people but I have all 
sorts of servers running on my workstation when I'm testing and 
debugging things.


I found the vmware 'local' tomcat installation (6.0.16) and obviously 
you can edit the startup and mod-jk ports there, but then also obviously 
it stops working unless you can edit the 'other end' as it were and that 
doesn't appear possible. I hunted through all the available 
configuration files but the values must be hard-coded.


So it seems that you must reconfigure any other local tomcat(s) on the 
same machine to use (a) different startup port(s).


Hope that someone, someday, finds this helpful. I'd be interested if 
someone else finds out more about this.


Alan Chaney

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: help again... what means these errors?

[Alan Chaney]

Hi Andre

Totally agree with your comments with respect to the OP's first 
exception. However, they actually had two exceptions in their original 
email with completely different time stamps. The 2nd exception appears 
to be a HibernateException


01-Mar-2009 11:36:21 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet HumanReadableLinksServlet threw
exception
org.hibernate.TransactionException: Transaction not successfully started
   at
org.hibernate.transaction.JDBCTransaction.commit(JDBCTransaction.java:100)
   at


The cause of this is probably completely unconnected to a remote client 
disconnect. The error above is thrown under the following conditiions: 
(from

http://www.hibernate.org/hib_docs/v3/api/org/hibernate/TransactionException.html

Indicates that a transaction could not be begun, committed or rolled 
back. 


With the very limited information given it is iimpossible to infer the 
exact cause but I would suspect that likely possibilities are a severe 
resource contention on the database or possibly a transaction timeout.


The OP gave these two errors but didn't indicate whether they were 
happening repeatedly or just one offs. One further possibility is a 
poor network setup causing  failure to access the database and/or 
connection failures with the client. More information would be required 
to correctly diagnose the problem. I doubt very much that the problem or 
problems are directly connected with Tomcat - more likely the 
application or the system configuration.


Regards

Alan


André Warnier wrote:

Laura Bartolomé wrote:

Hi again...

We are going on findind errors and problems... and we wanna cry...


We certainly would not want that to happen, because then your messages 
here would get all mushy and more difficult to read.

And Tomcat would probably not care.


someone could explain what means these errors? The first:

01-Mar-2009 00:08:46 org.apache.catalina.core.StandardWrapperValve 
invoke

SEVERE: Servlet.service() for servlet HumanReadableLinksServlet threw
exception
java.net.SocketException: Connection reset by peer: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(Unknown Source)
at java.net.SocketOutputStream.write(Unknown Source)

The above rather self-explanatory message (Connection reset by peer: 
socket write error) typically means what it says : the client (browser 
?) went away before the server could send a response to it.  That 
usually means :

either
a) the user clicked the stop or cancel button in the browser, 
before he received the answer to his request

or
b) the impatient user clicked on another link on the current page, 
causing the browser to interrupt the current connection to the server 
and load the new page, before the server could send the response to 
the previous request


The above 2 reasons probably cover at least 90% of the cases. It could 
be due to the application being so slow to answer, that the human user 
gets impatient and starts clicking all over.


c) some communication problem occurred between the client and the 
server, causing the TCP connection to be closed prematurely.
From personal experience, that may be due to some proxy or other 
in-between element, closing the connection because nothing happened on 
that connection for some time.


Anyway, with 100% certainty, it means that when the server was ready 
to send the answer to the client, it could not, because the connection 
with the client had been closed for some reason.





and the other:

01-Mar-2009 11:36:21 org.apache.catalina.core.StandardWrapperValve 
invoke

SEVERE: Servlet.service() for servlet HumanReadableLinksServlet threw
exception
org.hibernate.TransactionException: Transaction not successfully started
at


I am no specialist, but according to the above message, that seems to 
be something in the hibernate application, not something coming from 
Tomcat itself.  So you probably should ask in some hibernate forum 
what it means.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:49aaa5fc82807785049143!




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: help again... what means these errors?

[Alan Chaney]

Sorry, didn't see the end!

Alan


André Warnier wrote:

Alan Chaney wrote:

Hi Andre

Totally agree with your comments with respect to the OP's first 
exception. However, they actually had two exceptions in their 
original email with completely different time stamps. The 2nd 
exception appears to be a HibernateException


Yes, which I mentioned also in my answer.  You need to read to the end 
though...

;-)

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:49aad1ae104581527717022!




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: error while building tomcat 5.5

[Alan Chaney]

Do you have write permission to the following directory as the user you 
are using to do the build?


You may have to 'su' or 'sudo' or change the access permissions on 
/usr/share/java to allow the build script to write to it.


Regards

Alan Chaney

h iroshan wrote:

/usr/share/java/tomcat-native-1.1.12/tomcat-native.tar.gz
  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: J2EE on Mac

[Alan Chaney]

Caldarale, Charles R wrote:



That was already specified: the OP wants to compile servlets; nothing beyond a 
JDK is needed.

 - Chuck

Everything said about J2EE, classpaths etc is perfectly correct.

However, the other thing the OP said was that they want to use Eclipse 
on a Mac. To build web applications with eclipse the best thing to do is 
to install the appropriate web development add-ons - we use the Web 
Standard Tools (WST) options.


This is best installed using the software updates option within Eclipse. 
After having done that and configured a local tomcat installation as a 
'Server' within Eclipse you are, as they say, good to go and all you 
need to do is to select a new Dynamic Web Project when creating a new 
project.


Eclipse then takes care of all the library and classpath issues.

There is no need to download or install anything other than a binary 
tomcat, eclipse and then, within that, eclipse WST (or the combined 
package in the first place.)


Let me just add that the above is an abridged summary to try to get the 
OP on the right path, not to start a long flame about the advantages and 
disadvantages of eclipse!


Regards

Alan Chaney




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fwd: J2EE on Mac

[Alan Chaney]

Mighty Tornado wrote:

Hi,

I installed Tomcat on my mac OS X and it's running. I also have Eclipse
Europa. Now I don't think I have J2EE installed - How do I do it?
I went to Sun's website and it gave me an archive with GlassFish which I
don't need.
Can somebody please tell me where I can download the latest J2EE for Mac?
What I need to do to compile servlets with it in Eclipse?

Thank you.


!DSPAM:49a24c91167621527717022!

  

Dear Mighty,

Re-reading your email again, you say that you installed Europa. AFAIK 
Europa comes with WTP installed. All you need to do is to download a 
tomcat release, configure that as a Server and then create a Dynamic Web 
Project. See the tutorials in the eclipse help. Works for Mac, PC, 
Linux, Solaris.


Regards

Alan Chaney

( a long time eclipse user with a major love-hate relationship with eclipse)

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Authenticating Users

[Alan Chaney]

Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mark,
  

I was the OP on this one. Mark just made a couple of suggestions.


On 2/21/2009 4:06 PM, Mark Thomas wrote:
  

5. Patch DataSourceRealm

6. Make case sensitivity configurable and contribute your patch back to
the ASF.



7. Use securityfilter to write your realm, and not be tied to Tomcat.
  
Had a brief look at 'securityfilter' - however we actually do require 
container managed security as we have several applications. Other 
alternative as previously mentioined is acegi.



8. Many databases use case-insensitive string comparisons already.
Case-insensitive passwords (probably a bad idea!) 
Actually, in general, I agree that its a bad idea. However, each case 
has to be handled in the light of the actual users expectations.
In the case of this specific application the users are artists who are 
generally extremely computer naive. We commonly get support enquiries  
I can't log into my account EVEN THOUGH we have sent them their 
account names and passwords because they are not correctly capitalizing 
their usernames or passwords.


It is important to keep to keep the case of usernames because, as I 
said, they are artists, and the capitalization may have significance to 
them as part of their brand.


The information on the site is publically available after it has been 
published. There is no commercial or sensitive information on the site.




will work if you
aren't hashing them. If you are, you'll have to lowercase them or something.

  
Exactly. One problem for a general solution is that there are variations 
in the name of the 'lowercase' function between databases. So far, I've 
found that Postgres, MySQL and Oracle appear to support 'lower()' but 
M/SQL has it as tolower() (thanks again MS)





If you /are/ hashing them, you'll need to do a password migration where
anyone who changes their password gets it lowercased but passwords that
existed beforehand are still case-sensitive. You cannot avoid this, now
matter what your solution is.
  
In this specific case at the moment we aren't hashing them, but you 
raise a good general point about hashing which I'll have to think about.


Regards

Alan



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to close open connections after application stop?

[Alan Chaney]

Edoardo wrote

I have
  resultset.close();
  statement.close();
  connection.close();
in my code.

and
  connection = dataSource.getConnection();
seems very close to my
  ambiente = (Context) new InitialContext().lookup(java:comp/env);
  pool = (DataSource) ambiente.lookup(jdbc/myApp);
  Connection conn = pool.getConnection();
there are a lot of debug information in my code and seems that nothing 
is going wrong (no exceptions).


but... if you post that it means that I am doing something wrong.

Edoardo

I don't think so. Let me recap your problem:

When you undeploy an application from tomcat (using the DBCP pooling 
mechanism) you can't make STRUCTURAL changes to the database because it 
complains that connections are still in use.


This is exactly what one would expect. I've encountered the same 
problem. When an application finishes with a database connection it is 
returned to the pool. That's exactly what a connection pool is for!


As far as I can see by looking at the tomcat source code the connection 
pool is created at startup and remains active until TC shutdown. Once a 
connection has been obtained from the pool it may stay 'active' for the 
entire duration of the TC session (that is, from TC start to TC stop)


Obviously, depending upon your usage, it is possible for more than one 
application in the same container to be reusing the same connection 
pool. Your original post indicates that only one app. is using the database.


It seems to me that:

1. you could just shutdown tomcat! If this is a production site the best 
plan would be to write a script which renames the database and does 
whatever else you need, test it on a development machine and just find a 
'quiet' time to shutdown the site, update the db and restart.


2. Move the connection pool into your application. Thus shutting down 
the application would shutdown the pool.


3. As I assume you are using DBCP in Tomcat, carefully read the DBCP 
docs, configure your system so that you can directly access the POOLED 
connections, keep a list of ALL the connections you use and then shut 
them down at the end. This is fraught with difficulty.



Regards

Alan











-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Authenticating Users

[Alan Chaney]

Gregor Schneider wrote:

To the OP:

1. May I ask what database it is you're using?
  

Postgres - but a more general solution would be nice.

2- I'd go for the following solution:

Create a JSP-page accepting the credentials. The username should be
converted to uppercase. The password should be left as is so that
case-sensivity here is maintained.
  


That doesn't actually fit in with the Servlet CMS. I can easily decode 
the user name and password by your mechanism. However, then I have to 
rather extensively modify my code (covering 3 applications and 4 web 
services) to apply the credentials. What I was looking for was a way of 
extending what I already have.



Don't know if I'm missing something, but to me that looks like a walk
in the park.
  
See above. The problem is not decoding the password, but making sure 
that the container managed security mechanism is maintained.


So far, the best suggestions that I've had are:

1. Modify DataSourceRealm
2. Use secuirityfilter.

From my point of view, as I don't use hashed passwords at the moment 
the easiest thing to do is to modify the DataSourceRealm as suggested by 
Mark Thomas. However, I think that the ability to extend the login 
system to use either a user name or an email address would probably be 
useful for other people. I'll give it some thought.


Regards

Alan

















Rgds

Gregor
  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Authenticating Users

[Alan Chaney]

Martin Gainty wrote:

Which specific attributes are you seeking that are not in DataSourceRealm?
Realm className=org.apache.catalina.realm.DataSourceRealm debug=99
   dataSourceName=jdbc/authority
   userTable=users userNameCol=user_name userCredCol=user_pass
   userRoleTable=user_roles roleNameCol=role_name/
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#DataSourceRealm

?
  

To summarize

I (or,actually my marketing dept')  have the following requirements.

1. password be case insensitive [I may be able to talk them out of this]
2. username be case insensitive.
3. email address can be used as a synonym for the user name.
4. Security managed by Tomcat CMS.

Mark T suggested that I modify DSR appropriately.
Chris Schultz pointed out correctly that it gets a bit more complicated 
if the pwd must be hashed.


I've looked at the code to DSR and it seems to me that the following 
would work.


1. add an 'alternative' userNameCol (eg altNameCol) and in the 
configuration as above point that at the email column.
2. in the code, IF the login fails using the 'user_name' then try it 
with the altNameCol.
3. to make things case insenstive simply convert the username to lower 
case and use a 'lower' function on the column value.
4. to make the thing a bit more flexible an additional boolean parameter 
'isCaseInsensitive' could be added to select the behavior has in 3. above.


Defaults could be chosen such that the current configuration setup still 
works (eg the default value for isCaseInsensitive is false)


Only real gotcha that I can see for making it database independent is 
that the function used to create lower case is not univerally 'lower()' 
(M/SQL appears to be toLower()) so it might be necessary to pass the 
string for the function name as an optional configuration parameter.


I realize that many people would advise against the idea of case 
insensitive passwords - however, despite my personal reservations I am 
willing to accept that in the case of this particular application the 
reduction in security is acceptable.


If hashed pwds are used then there are 3 solutions:

1. don't allow case insensitive passwords - only user names.
2. provide two columns one for lower case versions of the pwd.
3. convert all the existing password HASHES to the lower case equivalent,

but hashed passwords are not my principal concern

I've downloaded and built 6.0.18 and looked at the DSR code - doesn't 
look like a very big job to make the changes that I want so I may have 
go tomorrow. As I use 6.0.18 I can easily test it by just patching in 
the .class file for DataSourceRealm on my dev. system.


Regards

Alan










-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Authenticating Users

[Alan Chaney]

Hi

We have a site which has users log in to create/edit account 
information. Nothing unusual there. Currently this is implemented with a 
JDBCRealm and it all works OK.


However, we have a 'marketing requirement' to remove case sensitivity 
(but NOT case preservation) from user names and passwords. I cannot see 
anyway to do this directly with JDBCRealm or DataSourceRealm. Unless I'm 
missing something, the username and password provided to j_securitycheck 
are explicitly matched for case.


Additionally, we will shortly need to offer an alternative login 
mechanism - using either a login name or an email address in the same field.


So far, I can see the following options:

1. Implement a filter that 'sits around' the login form and translates 
case on password and username to lower case and create a lowercase 
'shadow' password table in my database. So, when a request is received 
for the 'secured' pages this would be fed through this filter. However, 
I don't think this will work, because I suspect that the security check 
is run BEFORE any filters that I have configured in web.xml.


2. Implement some java script to convert entered fields to lower case on 
the login form (GHASTLY!) Still doesn't fix the password thing.


3. Implement my own Realm - intercept the requests - identify the 
supplied string in the username field as an email address (or not), look 
up the user by email address in the database (which in my case must be 
unique). As I use PostgreSQL I can then write a 'like' query to case 
insensitively find matching user and password. Upside - it should work. 
Downside - I then have to add the resulting jar to $TOMCAT_HOME/lib on 
all my servers and update the MBean descriptor (which I don't completely 
understand how to do - advice?)


4. Possibly do something similar to 3 but with a JAAS.

Does anyone have any suggestions or comments? I'm perfectly OK with 
using Acegi - my only issue with that after a browse through the docs I 
don't see how I can meet my requirement of username/email and password 
case insensitive but case preserving without additional code for Acegi 
either. Obviously I can take that issue to the acegi/spring forums if 
acegi is the only solution (that is 1, 3, and 4. above won't work - 2. 
is out)


Thanks in advance

Alan Chaney







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Authenticating Users

[Alan Chaney]

Mark Thomas wrote:


5. Patch DataSourceRealm (should just be a couple of changes to make the
checks case insensitive) and deploy your patched version to each of your
Tomcat instances. To do this you'd put your DataSourceRealm.class file
in CATALINA_HOME/lib/org/apache/catalina/realm

6. Make case sensitivity configurable and contribute your patch back to
the ASF. Providing it is database neutral, there is a good chance it
will be accepted for Tomcat 7 and maybe back-ported to Tomcat 6.

Mark

Ok Mark I'll have a go at 5. and 6. I'll report back in a few days.

Regards

Alan Chaney


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Apache Tom Cat in a VM as VMWARE or Red Hat Virtualization

[Alan Chaney]

Christopher Schultz wrote:


Isn't xen basically dead? Or have rumors about its demise been greatly
exaggerated? I thought everyone was moving to kvm.

Tell that to Citrix? They made revenues of about $620M last year almost 
entirely based on Xen technology.


Still only a fraction of VMWare's t/o, though. ($1,9B)



Alan Chaney

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tom Cat in a VM as VMWARE or Red Hat Virtualization

[Alan Chaney]

I agree with Jorge - I run several Tomcats under VMware for both 
production and development.


However it is worth noting that if you use the appropriate vmware tools 
for your installation (vmware-guestd etc.) you get a significant 
performance boost on network accesses which may well be important for 
tomcat. (See vmxnet) YMMV.


Regards

Alan Chaney




Jorge Medina wrote:

There are no issues on running Tomcat in a VM. Tomcat is unaware of where it is 
running.

Performance depends on the host running your VM. If you compare a VM running application A on host H compared to application A running directly on host H, you will notice that running on the real server is faster. This is true for any application, not just Tomcat. 




-Original Message-
From: acacio costa [mailto:acaciofco...@yahoo.com.br] 
Sent: Wednesday, February 18, 2009 2:33 PM

To: users@tomcat.apache.org
Subject: Apache Tom Cat in a VM as VMWARE or Red Hat Virtualization

Hi,
 
Does anyone use Apache Tom Cat in a VM as VMWARE or Red Hat Virtualization?
 
i apreciate to know if you have issues and a tips to go on.
 
Other things to know, Performance comparative with a real server? as the same? better? 
What the parameters you perceive as better than other environment and what cause as you move Tom Cat to VM.
 
Thanks in advance,
 
Acacio Costa



  Veja quais são os assuntos do momento no Yahoo! +Buscados 
http://br.maisbuscados.yahoo.com

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:499c67d762582136417547!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] of the different methods to get a user-id

[Alan Chaney]

Chris,

I offer my opinions here as a real grey beard (literally). I certainly 
agree with you that people should have

a breath of skills allowing them to use the right tool at the right time.

However, notwithstanding the fact that the other day I worked out that I 
have actually used about 15 different programming languages in anger 
(that is, part of code used by other people) I have to admit that my 
occasional brush with Perl has been unrewarding (for both me and the 
language...)


My biggest problem is that I've never seen a little bit of typing as a 
big issue, but reading and trying to understand something a few 
weeks/months/years later is always fraught with difficulties. The main 
problem with perl is that I can never remember exactly what #...@!$% means 
whereas something like getUserPrincipal() works for me!


Regards

Alan Chaney


Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

André,

What the hell.. let's start a holy war?!

On 2/13/2009 10:25 AM, André Warnier wrote:
  

Their merit is all the greater since
they work in the obscure non-graphical background, they never get any of
the attention, and they have to share machines with some Java programs,
which means they get only the usage of a tiny fraction of the RAM and
CPU cycles, although they do most of the real work and have to do it
with a single thread each.



Hear, hear!

  

Even some of the old-school programmers, mostly in their later years,
succumb to the what-the-heck syndrome and come to appreciate the sense
of security and comfort provided by strongly-typed and rigidly
object-oriented languages



Heck, lots of folks on this list won't even use cron to schedule jobs.
Instead, they write web applications wrapped around Quartz because it's
just easier to deploy or some other such nonsense. IMHO, you either
have control of your production environment yourself (and can do
whatever you want) or you have an ops team with complete control of your
production environment (and they ought to be able to handle scary stuff
like scheduling cron jobs and running shell scripts) or you have no
control whatsoever and therefore do not have a production environment.
There, I said it. :p

On the other hand, seeing object-oriented perl really makes me queasy.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmZ2FIACgkQ9CaO5/Lv0PDOQgCeJno3T9D2GnoWpTFswcvInUCn
zpcAnijMpytndgIfPe6knYmum47WOj56
=QFoD
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:4999da4713771562881678!

  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Internal Buffering with Jython

[Alan Chaney]

Hi Prashant
The first question - which version of Tomcat? What operating sytem? What 
JVM? and in your case which version of Jython?


Secondly please could you clarify exactly how your web is structured?

My understanding from your first email is:

1. servlet is called with request containing a file (presumably 
mutlipart encoded?)
2. the file data is then fed into a python script running either using a 
java6 ScriptManager or similar.
3. and then what? Are you streaming the output from that file straigth 
into the PrintWriter/OutputStream of the HttpServeltResponse?

Or are you trying to save the file locally?

Regards

Alan Chaney


Prashant Golash wrote:

Hi Tomcat-Apache Gurus,
I have a web application where  from the front end user loads a file
and gives it as input to Java classes.The file is given as input to
a python script which converts it into some other format.
Here I have used the concept of jython.
The file is converting properly in the parent
directory of Tomat but with some of the data which is missed.The problem is
when I close the tomcat,then additional data is added to the converted file
which
completes the correct conversion.

I want to know whether some internal buffer of Tomcat is holding the extra
data.
If so how to retrieve it.

Sincerely,
Prashant golash


!DSPAM:4997ebf763341804284693!

  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Internal Buffering with Jython

[Alan Chaney]

Hi Prashant

So the exact problem is that after your jsp page is called and the data 
processed then the file is incomplete?
Presumably then you are using ordinary file I/O to write to this file? 
If that's the case, then I think the answer to your original question is 
No - no internal buffer of tomcat is holding the data


Tomcat's buffering is connected with processing servlet 
request/responses and it doesn't seem that you are using the response 
object to write your data to the output stream. I assume that you have 
checked that all of the data is being read from the request by some 
logging or debugging?


I would suspect that a file or stream is not being flushed/closed and 
that when tomcat is stopped this flushing is happening because the 
streams are being closed automatically.


Maybe you can create some unit tests which can help isolate this 
problem. It may be either in your file writing code or in the way you 
are using the jython libraries. Without seeing your code in detail its 
difficult to be more helpful. I'd guess that you could take your core 
logic and replicate the problem independently of tomcat.


One other point is that saving this file in the tomcat home directory 
doesn't seem particularly elegant. You could use the default work 
directory. I doubt that has any relevance to the problem


HTH

Alan

Prashant Golash wrote:

Hi Alan,
Below are the details for the versions and OS:

Tomcat Version : 6.0
OS : Windows XP
JVM : 1.6

The way web is structured is:

I have some precompiled python scripts which are actually compiled by jython
into java classes(Before deploying).
I have one python script which uses these precompiled python classes.Now I
am giving one file as
input to this python script and it internally produces the output file using
this input file.
This output file is saved locally in the parent directory of Tomcat.

There is one jsp page which takes input from the user and then passes the
request to Java class which actually
calls this Python script.

Note:The python script is actually called using the PythonInterpreter class
and all those Java and Jython integration techniques.

Sincerely,
Prashant golash

On Sun, Feb 15, 2009 at 10:02 PM, Alan Chaney
a...@compulsivecreative.comwrote:

  

Hi Prashant
The first question - which version of Tomcat? What operating sytem? What
JVM? and in your case which version of Jython?

Secondly please could you clarify exactly how your web is structured?

My understanding from your first email is:

1. servlet is called with request containing a file (presumably mutlipart
encoded?)
2. the file data is then fed into a python script running either using a
java6 ScriptManager or similar.
3. and then what? Are you streaming the output from that file straigth into
the PrintWriter/OutputStream of the HttpServeltResponse?
Or are you trying to save the file locally?

Regards

Alan Chaney


Prashant Golash wrote:



Hi Tomcat-Apache Gurus,
I have a web application where  from the front end user loads a file
and gives it as input to Java classes.The file is given as input to
a python script which converts it into some other format.
Here I have used the concept of jython.
The file is converting properly in the parent
directory of Tomat but with some of the data which is missed.The problem
is
when I close the tomcat,then additional data is added to the converted
file
which
completes the correct conversion.

I want to know whether some internal buffer of Tomcat is holding the extra
data.
If so how to retrieve it.

Sincerely,
Prashant golash






  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






!DSPAM:49984b33117283966023671!

  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: starting and stoppping tomcat

[Alan Chaney]

I think you need to rethink your use cases here...

Exactly WHY do you need to start and stop tomcat from a button on a web 
page?

Or do you really need to enable/disable some kind of function?

Generally speaking servers don't expect to be started or stopped by 
their clients - well, ok, sometimes you can stop a service by a client 
but almost by definition you can't start a service from a client...


Typically tomcat provides a way of processing requests received from 
remote web clients and arranges for the requests to be processed by a 
web application. Your application may have state which can be controlled 
by the request. This shouldn't normally affect tomcat's normal operation.


HTH

Alan Chaney


paybackorfail wrote:

That's a good point, what if it was just an html page?


Mark Thomas-18 wrote:
  

paybackorfail wrote:


Hi, I have written a web application in netbeans using java and jsp, and
i am
hosting it on a server using tomcat, i need help on finding a way to
start
and stop the server by the user clicking a button on a jsp page, do i
have
to use the org.apache.catalina.ant.StartTask of the tomcat api? can
anyone
help?
  

If Tomcat is stopped, how is it going to handle a user clicking on a
button on a JSP page to start it?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: starting and stoppping tomcat

[Alan Chaney]

My earlier point was that you need to think about it in a slightly 
different way.


Starting and stopping the server is something that is normally done 
rarely and anyway, you can't start something that is not already started 
by using it to start itself!


What you should do is to add a boolean flag - a state variable to your 
servlet. You can set or clear this flag with your page button.


Use this flag to condition your database access - so when the timer 
event fires, it checks the state flag and then accesses the database.



Regards

Alan


paybackorfail wrote:

Hi, thanks for replying, my application will take some data from a website
and insert this data into a database and i schedule the application to do
this every hour using contextlistener and timertask as a java servlet. At
the moment it starts updating the database as soon as i upload the
application to the server, I need a way to shutdown the server so it will
stop updating the database


Alan Chaney wrote:

I think you need to rethink your use cases here...

Exactly WHY do you need to start and stop tomcat from a button on a web 
page?

Or do you really need to enable/disable some kind of function?

Generally speaking servers don't expect to be started or stopped by 
their clients - well, ok, sometimes you can stop a service by a client 
but almost by definition you can't start a service from a client...


Typically tomcat provides a way of processing requests received from 
remote web clients and arranges for the requests to be processed by a 
web application. Your application may have state which can be controlled 
by the request. This shouldn't normally affect tomcat's normal operation.


HTH

Alan Chaney


paybackorfail wrote:

That's a good point, what if it was just an html page?


Mark Thomas-18 wrote:
  

paybackorfail wrote:


Hi, I have written a web application in netbeans using java and jsp,
and
i am
hosting it on a server using tomcat, i need help on finding a way to
start
and stop the server by the user clicking a button on a jsp page, do i
have
to use the org.apache.catalina.ant.StartTask of the tomcat api? can
anyone
help?
  

If Tomcat is stopped, how is it going to handle a user clicking on a
button on a JSP page to start it?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




  


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fun with the JVM crashing.

[Alan Chaney]

Hi Bill

My development workstation is a 64 bit Ubuntu 8.04. I've had numerous 
problems with SIGSEGV crashes when I run my applications under Eclipse 
3.3, but the same machine also runs the same applications from the same 
version(s) of tomcat (6.0.14,6.0.16 and 6.0.18) I found that what seemed 
to affect the thing the most was 'loading up' the JVM. My app is 
actually 5 different wars - I get the most problems when all of them are 
loaded.


I found it so frustrating that I've actually procured a 2nd 64 bit 
machine to try to see what common factors there are. For example, I was 
going to see if Eclipse 3.4 was better than 3.3.


I tried b4 thru b16 and it seems to have made no difference.

No real answer here, just me giving you some more background data.

Regards

Alan Chaney


Bill Davidson wrote:

I've submitted this to Sun a few times.  No response.  I was hoping
someone here might have an idea of what to look for.

Tomcat 6.0.18
RedHat 5.2Server
Sun JVM

#
# An unexpected error has been detected by Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x2b68e6a1db57, pid=10229, tid=1103006016
#
# Java VM: Java HotSpot(TM) 64-Bit Server VM (11.0-b16 mixed mode 
linux-amd64)

# Problematic frame:
# V  [libjvm.so+0x564b57]
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---  T H R E A D  ---

Current thread (0x4bfe5c00):  JavaThread CompilerThread0 
daemon [_thread_in_native, id=10244, 
stack(0x41ae8000,0x41be9000)]


siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), 
si_addr=0x


.

Current CompileTask:
C2:2525  
com.myCompany.servlets.sales.blah.some.method(Lcom/myCompany/servlets/someClass;Lcom/myCompany/servlets/otherClass;Lcom/oreilly/servlet/ParameterParser;)V 
(425 bytes)


..

-

I'm wondering if that CompileTask is what's causing the problem.
I'm thinking that the JVM shouldn't be getting SIGSEGV's.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:498b962676632009820482!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: PostgreSQL vs MySQL with Tomcat

[Alan Chaney]

I stopped using MySQL when it was at version 4 because the transactional 
locking table (InnoDB) had different licensing restrictions than the 
rest of MySql (I'm not sure if this is true any longer.)


We switched to Postgresql (of comparable price!) and basically found it 
well-documented, reliable and fast (as long as you make sure to 'vacuum' 
it) Postgresql is under the BSD license which suited our needs better 
than the dual-licensing arrangement of MySQL. PGSQL has a very 
comprehensive set of features and I've not had any problems using it in 
conjunction with Hibernate.



MySQL 5 now has better transactional support than 4 - although I am 
personally sceptical of their reliance on 'atomic' locking - I don't 
quite see how that would work with long transactions and an optimistic 
locking strategy.


So, in the end you pays your money and you takes your choice (grin)

Alan Chaney


Terence M. Bandoian wrote:

I don't have a great deal of experience with Postgres but I have been
using MySQL since the days of mSQL and have found it to be fast,
reliable, easy to install on both Linux and Windows and straightforward
to administer.  It provides good support for the ANSI standard and the
documentation is good in identifying extensions to or deviations from
the standard.  All of the basic tools, from query analysis to command
line administration programs, are documented and function reliably. 
Statement syntax is very well documented.  Features include

localization, various character sets (UTF-8 and Unicode), data
encryption, client/server encryption, stored procedures, triggers,
transactions, APIs for a number of programming languages and support for
ODBC, JDBC and .NET.  Configurability is provided mainly through some
250+ system variables which may be set at startup (on the command line
or in the options file) or dynamically with the SET statement.  I have
been very pleased with its performance both administratively and as a
programmer and you can't beat the price.

-Terence M. Bandoian

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:4974eae8230262136417547!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Random Connection Closed Exceptions - Question to the code example

[Alan Chaney]

Hi Stefan

You don't need to repeat the stmt.close();conn.close() etc in the 'try' 
body. The 'finally' by definition is ALWAYS called and that is where you 
should do the tidy up...


Alan Chaney



Stefan Riegel wrote:
I guess I understood the point with the Random Connection Closed 
Exceptions Problem.


See at the end of 
http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html


As I understand, only the connection itself must be protected this way. 
The statement and ResultSet must not. Is the following, simplified code 
also correct?


  Connection conn = null;
  Statement stmt = null;
  ResultSet rs = null;
  try {
conn = ... get connection from connection pool ...
stmt = conn.createStatement(select ...);
rs = stmt.executeQuery();
... iterate through the result set ...


// SUPERFLUsOUS

rs.close();
stmt.close();
conn.close(); // Return to connection pool
conn = null;  // Make sure we don't close it twice

//SUPERFLUOUS



  } catch (SQLException e) {
... deal with errors ...
  } finally {
  try {
rs.close();
  } catch (SQLException e) {
// deal with errors
  }
  try {
stmt.close();
  } catch (SQLException e) {
// deal with errors
  }
if (conn != null) {
  try {
conn.close();
} catch (SQLException e) {
// deal with errors
}
  conn = null;
}
  }

Thanks.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Random Connection Closed Exceptions - Question to the code example

[Alan Chaney]

Hi Stefan

I went and read the comments more carefully and it seems to me that the 
proposed solution is an attempt to avoid a race condition between 
issuing the 'close' in
one thread and then it being  closed again whilst its being used in 
another thread.


If the problem is closing it twice then I can't see why its not just 
closed in the 'finally' block, once for each thread.


If it is a concurrency problem then I suspect that the proposed solution 
in the docs isn't the right one anyway. I'd suspect that the problem is 
more to do with threads not seeing each others memory state properly. 
Isn't this is a case of a variable (in this case 'conn') actually being 
a reference to an object which is shared between threads?
Because of the JVM memory model it is possible for two threads not to be 
properly synchronized - see Doug Lea et.al and 'happens before' . 
Personally, I feel that the correct solution is to synchronize  access 
to the connection object when it is retrieved and closed.


I have to go out now and I don't have any more time to consider this 
today, but I'd be interested to hear other people's comments on this topic.


Regards

Alan Chaney


Stefan Riegel wrote:
Thanks Alan, just to make the thing really clear. You propose code 
like this:


public void execute() {
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
Context envContext = null;
try {
Context initContext = new InitialContext();
envContext = (Context) initContext.lookup(java:/comp/env);
DataSource ds = (DataSource) envContext.lookup(jdbc/swex);
conn = ds.getConnection();
stmt = conn.createStatement();
rs = stmt.executeQuery(some sql);
// iterate through the result set ...
} catch (SQLException e) {
e.printStackTrace();
} catch (NamingException e) {
e.printStackTrace();
} finally {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (stmt != null) {
try {
stmt.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (conn != null) {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (envContext != null) {
try {
envContext.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}


For me this looks fine but I'm still confused, why they complicated 
things in the example of properly written code 
http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html? 



Hmm... frankly the code in the docs you refer to above seems odd to 
me... why repeat in the 'finally' something you've done in the 'try'?


I can see that setting the variables to null would ensure that all 
references were released and the objects were made candidates for garbage
collection but that could be done in the finally block anyway at some 
convenient point.


Obviously in your code you might not want to obtain and release the 
context for every JDBC operation - that would probably be done in some 
kind of start-up/shutdown code for your app, and of course your 
exception handling may need some more work depending upon the way you 
want to present the error
to your users, but I assumed that the issue you are concerned with is 
preventing resource leaks.


Any comments anyone else?

Regards

Alan




Do I miss some important point here?

Stefan


Alan Chaney schrieb:

Hi Stefan

You don't need to repeat the stmt.close();conn.close() etc in the 
'try' body. The 'finally' by definition is ALWAYS called and that is 
where you should do the tidy up...


Alan Chaney



Stefan Riegel wrote:
I guess I understood the point with the Random Connection Closed 
Exceptions Problem.


See at the end of 
http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html 



As I understand, only the connection itself must be protected this 
way. The statement and ResultSet must not. Is the following, 
simplified code also correct?


  Connection conn = null;
  Statement stmt = null;
  ResultSet rs = null;
  try {
conn = ... get connection from connection pool ...
stmt = conn.createStatement(select ...);
rs = stmt.executeQuery();
... iterate through the result set ...


// SUPERFLUsOUS

rs.close();
stmt.close();
conn.close(); // Return to connection pool
conn = null;  // Make sure we don't close it twice

//SUPERFLUOUS



  } catch (SQLException e) {
... deal with errors ...
  } finally {
  try

Re: Tomcat Beginner - Step 2!

[Alan Chaney]

Toriacht

Eclipse wst has a number of dfferent ways of working. It looks like you 
have selected the (default) way in which eclipse
creates its own internal copy of the webapps directory - in your case in 
the folder E:\\ ..\tmp1\service_demo.


What the error is saying is that as tomcat starts it can't find the doc 
base.


This is most likely for the following two reasons:

1. the directory really isn't writeable
2. more likely, you've managed to get eclipse out of sync with your project.

I suggest that you try the following:

Find the 'Server' tab (normally in one of the bottom panes)
Find the tomcat server - right click on in and select 'Clean' and then 
'Refresh'


This will rebuild the internal copy.

Try starting it again.

If this still doesn't work, then please provide the following:

The FULL startup display from the 'console' pane
Your web.xml

Thanks

Alan


Toriacht wrote:

Thanks guys...

I'm not sure if the following is an Eclipse or Tomcat issue. I have a simple
webservices demo written from tuorial. It appeared that teh server was
started up thru server staus window of eclips..console o/p etc but it never
appeared in task manager or the tomcat was not accessable thru a browser. On
closer inspection I found the following error..this happens when i try to
start the server thru eclipse..


SEVERE: Error starting static Resources 
java.lang.IllegalArgumentException: Document base C:\Documents and

Settings\Brian\workspace\ganymede\.metadata\.plugins\org.eclipse.wst.server.core\tmp1\wtpwebapps\service_demo
does not exist or is not a readable directory 
at
org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:141) 

Any ideas? 


T

p.s. I have another thread on web services that ended up asking the same qn
as above. although it started out as a more generic question. I hope this
not against policy. I'll delete other thread if required.



Caldarale, Charles R wrote:
  

From: g f [mailto:gfo...@gmail.com]
Subject: Re: Tomcat Beginner - Step 2!

Change your port forwarding(virtual server) to forward port 80 (on the
outside) to port 8080 on the inside.
  

If your router/modem doesn't support port forwarding, change the
Connector port in conf/server.xml to use 80 rather than 8080.  You must
restart Tomcat whenever you make changes to the server.xml file.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: File upload fails

[Alan Chaney]

How big is the file?

Connection reset is commonly caused by the the client dropping the 
connection. This could be because of connectivity problems - for 
example, issues with the clients ISP.


I have had problems with specific browsers over this as well (our site 
has dozens of large mpeg and jpeg uploads each day). The worst culprit 
proved to be Safari 3 on a Mac. Is the upload done with SSL?


I doubt that restarting the server makes any difference one way or the 
other. Why not get the client to test with a non-urgent file and a 
non-urgent time  when you have a chance to fault-find? Also, you may 
want to watch the upload with something like wireshark to see exactly 
what is happening and when.


Regards

Alan Chaney


javacle wrote:

pWe have a customer who uploads a file on a daily basis.
Usually it works, but about once every two weeks it fails with this error in
the log :
porg.apache.commons.fileupload.FileUploadException: Processing of
multipart/form-data request failed. Connection reset
pAfter restarting tomcat, sometimes three times, it eventually works.
Whether the restarting is significant or just the passage of time that
clears some other fault I dont know .. there is always a panic to get it
working

pThe customer is on the other side of the continent, but today she emailed
the file to me and I had the same error trying to upload her file from the
office the first time (i.e. same building as server). So that would seem to
eliminate long-distance network latency/timeout as a factor.

pNothing I am aware of has changed since the last time it worked, however
something may have changed in the network, or on the server, without being
noticed.

Any advice would be appreciated

tomcat 5.5, jre 1.4.2, Red Hat Enterprise Linux ES release 4 (Nahant) Kernel
2.6.9-5.ELsmp on an i686


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: File upload fails

[Alan Chaney]

javacle wrote:
The file is about 30Mbytes 
.. I get the same error uploading from the office on the same LAN as the

server.

Ok - not likely to be a problem with the remote connection, then.

What do you see in your browser when the upload fails? Have you got any 
browser debugging - if you are using Firefox you can easily add the 
'LiveHttpHeaders' plugin which I find very useful.


What happens inside your application following the upload? Is there a 
significant period of processing in the same thread as the servlet 
doGet? If so, its possible that your connection is timing out.


As you can simulate the problem in your office, what happens if you 
DON'T restart tomcat after you get the connection issue? If you just 
leave it for a little while can you then upload again?





Browser is (I think) always MSIE 6 .. but maybe sometimes Mozilla .. that's
something to check.
I will look into wireshark. 


Having a monitor on the connection will be useful. You should be able to 
install wireshark from your distro. I assume that as you are using MSIE 
then your dev. system is a PC? I develop on linux and don't know of any

particular network monitor to recommend.

HTH

Alan






Alan Chaney wrote:

How big is the file?

Connection reset is commonly caused by the the client dropping the 
connection. This could be because of connectivity problems - for 
example, issues with the clients ISP.


I have had problems with specific browsers over this as well (our site 
has dozens of large mpeg and jpeg uploads each day). The worst culprit 
proved to be Safari 3 on a Mac. Is the upload done with SSL?


I doubt that restarting the server makes any difference one way or the 
other. Why not get the client to test with a non-urgent file and a 
non-urgent time  when you have a chance to fault-find? Also, you may 
want to watch the upload with something like wireshark to see exactly 
what is happening and when.


Regards

Alan Chaney


javacle wrote:

pWe have a customer who uploads a file on a daily basis.
Usually it works, but about once every two weeks it fails with this error
in
the log :
porg.apache.commons.fileupload.FileUploadException: Processing of
multipart/form-data request failed. Connection reset
pAfter restarting tomcat, sometimes three times, it eventually works.
Whether the restarting is significant or just the passage of time that
clears some other fault I dont know .. there is always a panic to get it
working

pThe customer is on the other side of the continent, but today she
emailed
the file to me and I had the same error trying to upload her file from
the
office the first time (i.e. same building as server). So that would seem
to
eliminate long-distance network latency/timeout as a factor.

pNothing I am aware of has changed since the last time it worked,
however
something may have changed in the network, or on the server, without
being
noticed.

Any advice would be appreciated

tomcat 5.5, jre 1.4.2, Red Hat Enterprise Linux ES release 4 (Nahant)
Kernel
2.6.9-5.ELsmp on an i686

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Retrieve User Role

[Alan Chaney]

Hi Ben

You can get it from the request. In JSP you can access the request 
implict object to get the value of the 
HttpServletRequest#getRemoteUser() method ...


Returns the login of the user making this request, if the user has been 
authenticated, or null if the user has not been authenticated.


(quote from j2ee docs for HttpServletRequest)

The exact syntax to use depends upon whether or not you are using EL.
If you are using tags..
% String username = request.getRemoteUser() %

and in EL you can use the 'pageContext'. Try:

${pageContext.request.remoteUser}   /// I think... you may need to check.

and use as you see fit...

Alan


Ben Tomlinson wrote:

I have set up login security for some of the pages in my website.  I
have a JDBCRealm setup and working correctly.  But now I want to
change the layout of my pages (all jsp pages) according to the user
that is logged in.  How do I retrieve information about the user that
is actually logged in?  Mainly I want the user role or the user name
but I can't seem to get it from the session.  Any help would be
appreciated.

Ben

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:49667e4a164556657853550!



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Single WAR to update multiple contexts

[Alan Chaney]

Sean

Wouldn't it be easier to have ONE webapp and determine the database 
from, for example, the URL its invoked with?


Its a little difficult to know exactly how you are doing things but 
instead of having /ctx1 /ctx2 /ctx3 and mapping each one to ctx1.war
why not have a filter in your setup which determines that its invoked 
with /ctx1 and passes a parameter to the actual servlet which selects 
the database you require? You could have one web app as ROOT and do it

that way.

Maybe you could explain further why you need 200 separate versions where 
the only difference is the name of the database?


Regards

Alan Chaney


Sean W wrote:

Greetings!

I have a single war packaged application that needs to have about 200 unique
context paths running (200 copies of the application running - each uses a
different database based on the context name).

I know how to deploy 1 context at a time, but how can I do this so that if I
want to update all these contexts to the next version, I can update them
all at the same time easily?

Any suggests are much appreciated. Thanks!
-Sean W





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Hints on upgrading from 6.0.14 to 6.0.18 on production server

[Alan Chaney]

Hi

I have a 6.0.14 running with Apr 1.1.10 and I seem to be seeing 
instances of CVE-2007-6286: Tomcat duplicate request processing 
vulnerability


(64-Bit Server VM (build 1.6.0_03-b05, mixed mode)
(Centos 5.0 - Linux 2.6.18-8.el5  x86_64 )


The obvious thing to do is to upgrade from 6.0.14 to 6.0.18. Firstly, 
are there any changes in server.xml and web.xml in 6.0.18 that mean I 
can't just use the existing ones in the new installation.


My current installation has $TOMCAT_HOME pointing to /usr/local/tomcat

My intended upgrade sequence is:

1. opy down 6.0.18 and untar it int /usr/local/tomcat18 (after checking 
signatures)


2. copy over the jars that I have placed in the old $TOMCAT_HOME/lib (eg 
postgres jdbc jar) to /usr/local/tomcat18/lib


3. copy over my webapp wars from $TOMCAT_HOME/webapps to the new webapps 
folder.


4. as I am using jsvc to control tomcat, copy over the 'tomcat' file 
from the $TOMCAT_HOME ('tomcat' is actually a shell script which sets up
all the environment variables for jsvc.) jsvc is in 
/usr/lib/tcnative/jsvc so it should be unaffected by the move. However

I do need to copy over the $TOMCAT_HOME/bin/commons-daemon.jar.

5. stop the old server and rename its directory to /usr/local/tomcat.old

6. rename the directory of the new server to that of the current the new 
server.


7. restart the server.


Am I missing anything? What have I overlooked? I need this to go as 
smoothly as possible as there is quite a lot of traffic on this site.


Thanks in advance

Alan Chaney


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Hints on upgrading from 6.0.14 to 6.0.18 on production server

[Alan Chaney]

Or stop using APR...

but that in itself is quite a lot of work as I'll have to reconfigure my 
SSL.


Hmm...



Gregor Schneider wrote:

If I'm not mistaken, the APR has caused the bug, and 6.0.16 contains a
new version of the APR. Since this usually comes as a source, you'll
have to re-compile the APR.

Cheers

Gregor


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Sudden and unexpected exception at Tomcat startup

[Alan Chaney]

Hi Andre

Tomcat DOES in fact rewrite the tomcat-users.xml file during startup. 
This has been mentioned on this list several times as being insecure but 
the general opinion is that you should not be using the 
MemoryUserDatabaseRealm in production.


Actually, I found that not only does it rewrite it, but it also uses the 
current umask so that it is quite likely that the file will become 
world-readable. You should probably do what the gurus suggest and switch 
to a more robust realm (eg JDBC etc)


Here are some suggestions you have probably already tried:


What are the permissions on the /svr/www/tomcat/base/conf folder?

Are you sure that the user that tomcat runs as can write to that folder?

Have you checked that tomcat is running as the user that you expect?

Is it possible that there is a filing system error or even a disk error?




Regards

Alan Chaney


André Warnier wrote:

Hi.

Does someone have an idea of what is going as per the logfile 
catalina.out below ?

What is this IOException all about ?

This is a Tomcat 5.0.x under Suse Enterprise Linux 10.1, which had been 
working fine until now and suddenly logs this at startup.

This Tomcat runs under an IBM JVM 1.5.

Tomcat is started, as per the listening ports and the ps display I can 
see, but apparently the access to Tomcat (through Apache and mod_jk) 
does not work anymore (tells me : The server is temporarily unable to 
service your request due to maintenance downtime or capacity problems. 
Please try again later. )



Additional info :
- the directory /srv/www/tomcat5/base/conf/ is writeable by the user 
tomcat under which Tomcat is started.
- To my knowledge, the server.xml has not been changed since the 
previous succesful restart 2 days ago, and neither has tomcat-users.xml



server.xml (excerpts) :
...
!-- Editable user database that can also be used by
 UserDatabaseRealm to authenticate users --
Resource name=UserDatabase auth=Container
  type=org.apache.catalina.UserDatabase
   description=User database that can be updated and saved
/Resource
ResourceParams name=UserDatabase
  parameter
namefactory/name
valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value
  /parameter
  parameter
namepathname/name
valueconf/tomcat-users.xml/value
  /parameter
/ResourceParams
...
(further under Engine and Host :)

  Realm className=org.apache.catalina.realm.UserDatabaseRealm
 debug=0 resourceName=UserDatabase/
...



catalina.out :

2008-12-28 13:21:58,543 [main] INFO 
org.apache.catalina.core.StandardService - Starting service Catalina
2008-12-28 13:21:58,545 [main] INFO 
org.apache.catalina.core.StandardEngine - Starting Servlet Engine: 
Apache Tomcat/5.0
2008-12-28 13:21:58,548 [main] WARN  org.apache.naming.NamingContext - 
Unexpected exception resolving reference
java.io.IOException: IOException writing to 
/srv/www/tomcat5/base/conf/tomcat-users.xml.new
at 
org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:495) 

at 
org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:98) 

at 
org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:129) 

at 
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)

at org.apache.naming.NamingContext.lookup(NamingContext.java:791)
at org.apache.naming.NamingContext.lookup(NamingContext.java:151)
at 
org.apache.catalina.realm.UserDatabaseRealm.start(UserDatabaseRealm.java:252) 

at 
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1075)
at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at 
org.apache.catalina.core.StandardService.start(StandardService.java:480)
at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)

at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79) 

at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 


at java.lang.reflect.Method.invoke(Method.java:618)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
javax.naming.NamingException: IOException writing to 
/srv/www/tomcat5/base/conf/tomcat-users.xml.new

at org.apache.naming.NamingContext.lookup(NamingContext.java:803)
at org.apache.naming.NamingContext.lookup(NamingContext.java:151)
at 
org.apache.catalina.realm.UserDatabaseRealm.start(UserDatabaseRealm.java:252) 

at 
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1075)
at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at 
org.apache.catalina.core.StandardService.start

Re: Setting /WebContent as ROOT for an application

[Alan Chaney]

In Eclipse, assuming you have the WTP tools installed, you create a 
'Dynamic Web Project.'

This has a folder structure of which the essence is:

MyApp
   src
  com
   mypackage
   Abc.java
   build
  com
 mypackage
Abc.class
 
   WebContent

  index.html (or jsp or whatever)
  WEB-INF
 web.xml
 lib
a.jar
b.jar

In the above com.mypackage.Abc.java is your web application, and a.jar 
and b.jar are any runtime libraries that application requires (NOT stuff 
already in $TOMCAT_HOME/lib)


When you compile and run applications within eclipse it copies the 
WebContent structure to the webapps directory of its (internal) tomcat, 
and in WEB-INF creates a folder called classes and copies the contents 
of the 'build' folder their.


This normally happens automatically every time you start the server 
inside eclipse.


When you want to deploy the project to an external instance of tomcat 
(eg a production server) you right-click on the Export.. option in the 
project context menu and then select WAR (there's a suprise). The war 
file by default has the project name (in the above expample MyApp.war. 
This should be copied to the webapps folder of the tomcat instance and 
if you've stuck to the normal server.xml configuration it should deploy. 
It will be available at http://the.tomcat.instance:8080/MyApp/index.html 
(or jspt or whatever)


This is an incredibly brief summary of what is undoubtedly an obscure 
and complex process for the new-comer (been there.. done that...) and 
which sadly is not especially well EXPLAINED anywhere that I have found. 
There are some 'cookbook' type recipes on the web, which are often 
inconsitent.


Hope that helps

Alan Chaney (a daily eclipse user, but hardly an eclipse guru...)










Markus Schönhaber wrote:

Tom Blank:

  

The reason why I'm asking is, because I'm using eclipse and its
'dynamic web project' structure.



I'm no Eclipse user either, but AFAIR the folder Webapps is part of an
Eclipse Dynamic Web Project. And a project folder is not meant to be
simply copied to Tomcat's appBase (judging from your OP, it seems to me
that's what you've been doing).

You could, for example, export your project to a WAR file and deploy this.
Experienced Eclipse users may know of other/better ways of deployment.
You might consider asking in the appropriate Eclipse mailinglist/newsgroup.

Regards
  mks

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



!DSPAM:4943f4d3100632009820482!

  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Session replication for JPetStore application in tomcat 6

[Alan Chaney]

Anupam

I think this is probably your problem. You create and save information 
in one node and then look to see if it is in the other node. It will 
only be there if you are independently synchronizing the database state, 
because, as you said in your previous emails, they are independent. The 
database state is nothing to do with the http session, you must manage 
that separately.


2) Is it necessary to make the petstore database on each of nodes clustered
for session replication to happen ?

  

Regards

Alan Chaney


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]