Dealing with an insecure Struts application on Tomcat
I am looking at security steps to mitigate issues with a 1.x Struts based app. I have recommended the following until an upgrade resource is available Remove application from current shared datasource Remediate high risk CVE scored vulnerabilities (x4 with high EPSS rating) Reduce exposure to internal audience. Create new db and instance for above isolated datasource Would you take it further and ensure this runs on it's own separate Tomcat instance? Any other recommendations?
Where do find debug logging
We have some applications which are pushing out to their own applogs clearly showing 'Debug' on most lines with a large amount of data and CI. I would like to find out where the app team are setting this level, I have check in the obvious in the war files as it's a Spring Boot app in application.properties and logback.xml but mention error only there. Any advice appreciated thanks
RE: Tomcat Deployment scripts
This is great thankyou Thomas. Just wondering how secure this is, prefer to be able to deploy with a non 'admin' account does this support a deploy only profile there? -Original Message- From: Thomas Hoffmann (Speed4Trade GmbH) Sent: 29 June 2023 09:08 To: Tomcat Users List Subject: AW: Tomcat Deployment scripts Hello Alan, > Von: Alan F > Gesendet: Mittwoch, 28. Juni 2023 18:24 > An: users@tomcat.apache.org > Betreff: Tomcat Deployment scripts > > Anyone have an example deployment script or method used to deploy a simple > war and context root, also with rollback preferably. > > Thanks you could use tomcat-manager. A war file can be deployed using curl for example: https://stackoverflow.com/questions/4432684/tomcat-manager-remote-deploy-script Greetings, Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Deployment scripts
Anyone have an example deployment script or method used to deploy a simple war and context root, also with rollback preferably. Thanks
tomcat logging
Tomcat logging I would like to add a delimiter or characters " " around {user-agent} for logging, I wanted it in double quotes for example "Mozilla 5.0.." but can't seem to make it work. Or even adding a # symbol before would help any ideas? Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Constant errors in Tomcat logs
HI I have a Tomcat clustered pair running, I see this 3 times a minute in the logs. I don't see this IP in server.xml I do have a DEV Tomcat pair is this somehow interfering? 06-Jun-2022 11:15:18.836 WARNING [Catalina-utility-2] org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.performBasicCheck Member added, even though we weren't notified:[org.apache.catalina.tribes.membership.MemberImpl[tcp://{192, 168, 217, 57}:4102,{192, 168, 217, 57},4102, alive=3547745427, securePort=-1, UDP Port=-1, id={-119 -107 23 88 119 -39 74 -49 -118 57 -61 -49 -28 -91 11 43 }, payload={}, command={}, domain={}]]
403 whilst reading from ROOT
Im trying to read robots.txt from '/' on a few tomcat servers to block web search engines. Obviously placed the txt file in ./webapps/ROOT/ Works fine on a few tomcat hosts that have identical server.xml / web.xml so im puzzled as to why these two Tomcat servers are blocking requests, obviously something is different. Ive checked ./Catalina/localhost and see some restrictions here but only apply to /webapps/manager Im not sure where else to look? The error im seeing is: HTTP Status 403 - Forbidden Type Status Report Description The server understood the request but refuses to authorize it.
RE: help with high cpu usage
Hello Thomas, Thanks for your input here, what's your weapon of choice to identify this thread bar thread dump? I just downloaded jvmtop from github but that didn't seem to give me any clue at all about independent threads. Cheers Alan -Original Message- From: Thomas Hoffmann (Speed4Trade GmbH) Sent: 04 February 2022 09:18 To: Tomcat Users List Subject: AW: help with high cpu usage Hello, when I encounter high CPU usage, it's best to identify the thread Id which is eating CPU. Making a thread dump, you can then search for the thread id within this dump. This works good for long lasting threads. If the CPU eating thread changes quickly, it's harder to figure out. Greetings, Thomas Von: Alan F Gesendet: Freitag, 4. Februar 2022 00:02:49 An: Tomcat Users List Betreff: Re: help with high cpu usage John thanks so much !! Will pass this on tomorrow. Cheers. From: john.e.gr...@wellsfargo.com.INVALID Sent: 03 February 2022 22:45 To: users@tomcat.apache.org Subject: RE: help with high cpu usage Alan, > -Original Message- > From: Alan F > Sent: Thursday, February 03, 2022 2:51 PM > To: Tomcat Users List > Subject: RE: help with high cpu usage > > My bad here are the correct dumps 10 secs apart > > https://urldefense.com/v3/__https://fastthread.io/my-thread- > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyL > TRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0&__;!!F9svGWnIaVPGSwU!- > fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG > st67ghaaLsg$ > > > https://urldefense.com/v3/__https://fastthread.io/my-thread- > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRi > LTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0&__;!!F9svGWnIaVPGSwU!- > fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG > st67j-3O5xU$ > > > > > -Original Message- > From: john.e.gr...@wellsfargo.com.INVALID > > Sent: 03 February 2022 19:33 > To: users@tomcat.apache.org > Subject: RE: help with high cpu usage > > Alan, > > > > -Original Message- > > From: Alan F > > Sent: Thursday, February 03, 2022 12:19 PM > > To: Tomcat Users List > > Subject: help with high cpu usage > > > > Had some issues today with one prod host. One is fine the other has > > stuck around 80%Cpu. > > Ive taken a thread dump from both hosts and would appreciate someone > > give a once over what it may be before I kill and restart. They are > > clustered nodes so running identical apps and loadbalanced by a > > hardware > balancer. > > > > Node1 is ok (relatively!) > > https://urldefense.com/v3/__https://fastthread.io/my-thread- > > > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ > > > 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc > > RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl- > > Fk2pQ$ > > > > > > Node 2 still has high CPU usage > > https://urldefense.com/v3/__https://fastthread.io/my-thread- > > > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL > > > TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9 > > 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn- > > mDKbTl_dmUSa0LaAolXlhipkmLFr3E$ > > Taking thread dumps was a good idea but I see very little activity on node 2. > It looks like two threads are in Hibernate's > EntityEntryContext.downgradeLocks() method, one is taking the thread > dump itself, and another is reading a request from a client, I think. > I would not expect this to add up to 80% CPU usage unless one of those > threads is stuck in a loop. Comparing multiple thread dumps taken > 5-10 seconds apart would help answer this question. How much GC is > there? Could these Hibernate queries be pulling a huge amount of data > from the DB, thus causing a lot of GC activity? > > Node 1 looks idle except for the thread taking the thread dump. > > Do you know for sure that it's the Tomcat process that is using the CPU? Of the 3 dumps from the same node, the first two are 3 hours apart, yet the two query threads seem to still be doing the same thing. (I verified that the timestamps in the dumps are different but maybe I made a mistake.) They are both making the Hibernate downgradeLocks call. This is occurring in the context of committing a transaction. That definitely makes it look like those threads are somehow either stuck or are looping. The 3rd dump has those same two threads actually making queries to Oracle. So within about 10 seconds, we have two threads committing transactions followed by making additional queries. Definitely show these to the developers if you haven't already. I didn't fo
Re: help with high cpu usage
John thanks so much !! Will pass this on tomorrow. Cheers. From: john.e.gr...@wellsfargo.com.INVALID Sent: 03 February 2022 22:45 To: users@tomcat.apache.org Subject: RE: help with high cpu usage Alan, > -Original Message- > From: Alan F > Sent: Thursday, February 03, 2022 2:51 PM > To: Tomcat Users List > Subject: RE: help with high cpu usage > > My bad here are the correct dumps 10 secs apart > > https://urldefense.com/v3/__https://fastthread.io/my-thread- > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyL > TRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0&__;!!F9svGWnIaVPGSwU!- > fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG > st67ghaaLsg$ > > > https://urldefense.com/v3/__https://fastthread.io/my-thread- > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRi > LTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0&__;!!F9svGWnIaVPGSwU!- > fDbBdZmwXsUn9QT9ftL8f4PTLoASDZOXCeB4UEo7qKgcIHhANQVT6VMoGvG > st67j-3O5xU$ > > > > > -Original Message- > From: john.e.gr...@wellsfargo.com.INVALID > > Sent: 03 February 2022 19:33 > To: users@tomcat.apache.org > Subject: RE: help with high cpu usage > > Alan, > > > > -Original Message- > > From: Alan F > > Sent: Thursday, February 03, 2022 12:19 PM > > To: Tomcat Users List > > Subject: help with high cpu usage > > > > Had some issues today with one prod host. One is fine the other has > > stuck around 80%Cpu. > > Ive taken a thread dump from both hosts and would appreciate someone > > give a once over what it may be before I kill and restart. They are > > clustered nodes so running identical apps and loadbalanced by a hardware > balancer. > > > > Node1 is ok (relatively!) > > https://urldefense.com/v3/__https://fastthread.io/my-thread- > > > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ > > > 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc > > RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl- > > Fk2pQ$ > > > > > > Node 2 still has high CPU usage > > https://urldefense.com/v3/__https://fastthread.io/my-thread- > > > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL > > > TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9 > > 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn- > > mDKbTl_dmUSa0LaAolXlhipkmLFr3E$ > > Taking thread dumps was a good idea but I see very little activity on node 2. > It looks like two threads are in Hibernate's > EntityEntryContext.downgradeLocks() method, one is taking the thread > dump itself, and another is reading a request from a client, I think. I would > not expect this to add up to 80% CPU usage unless one of those threads is > stuck in a loop. Comparing multiple thread dumps taken 5-10 seconds apart > would help answer this question. How much GC is there? Could these > Hibernate queries be pulling a huge amount of data from the DB, thus > causing a lot of GC activity? > > Node 1 looks idle except for the thread taking the thread dump. > > Do you know for sure that it's the Tomcat process that is using the CPU? Of the 3 dumps from the same node, the first two are 3 hours apart, yet the two query threads seem to still be doing the same thing. (I verified that the timestamps in the dumps are different but maybe I made a mistake.) They are both making the Hibernate downgradeLocks call. This is occurring in the context of committing a transaction. That definitely makes it look like those threads are somehow either stuck or are looping. The 3rd dump has those same two threads actually making queries to Oracle. So within about 10 seconds, we have two threads committing transactions followed by making additional queries. Definitely show these to the developers if you haven't already. I didn't follow what you said about the GC. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: help with high cpu usage
My bad here are the correct dumps 10 secs apart https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyLTRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0; https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRiLTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0; -Original Message- From: john.e.gr...@wellsfargo.com.INVALID Sent: 03 February 2022 19:33 To: users@tomcat.apache.org Subject: RE: help with high cpu usage Alan, > -Original Message- > From: Alan F > Sent: Thursday, February 03, 2022 12:19 PM > To: Tomcat Users List > Subject: help with high cpu usage > > Had some issues today with one prod host. One is fine the other has > stuck around 80%Cpu. > Ive taken a thread dump from both hosts and would appreciate someone > give a once over what it may be before I kill and restart. They are > clustered nodes so running identical apps and loadbalanced by a hardware > balancer. > > Node1 is ok (relatively!) > https://urldefense.com/v3/__https://fastthread.io/my-thread- > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ > 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc > RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl- > Fk2pQ$ > > > Node 2 still has high CPU usage > https://urldefense.com/v3/__https://fastthread.io/my-thread- > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL > TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9 > 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn- > mDKbTl_dmUSa0LaAolXlhipkmLFr3E$ Taking thread dumps was a good idea but I see very little activity on node 2. It looks like two threads are in Hibernate's EntityEntryContext.downgradeLocks() method, one is taking the thread dump itself, and another is reading a request from a client, I think. I would not expect this to add up to 80% CPU usage unless one of those threads is stuck in a loop. Comparing multiple thread dumps taken 5-10 seconds apart would help answer this question. How much GC is there? Could these Hibernate queries be pulling a huge amount of data from the DB, thus causing a lot of GC activity? Node 1 looks idle except for the thread taking the thread dump. Do you know for sure that it's the Tomcat process that is using the CPU?
RE: help with high cpu usage
HI John, Thankyou kindly for taking the time here. First of all looking back at the historical chart for the day I observed node 2 rise in cpu activity about 11am this morning and stayed high node1 has dropped back to idle. ##Do you know for sure that its the Tomcat process that is using the CPU?## A simple top -i showing the only process still running here at 189% is a java process under tomcat account. 24667 tomcat20 0 365.6g 17.2g 23080 S 189.7 54.9 2663:45 java I have taken 2 dumps here 10 secs apart if this helps at all? https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0zNzY2ZmZmNy0wZDgyLTRhZTItYmE3Mi0zMWQyYTYwN2M1ZjgudHh0; https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yMzFjOGYzZS01MjYzLTRiYWYtOTJjMS1jN2RiMWRlZmEwN2QudHh0; We do have Prometheus hooked in via jmx with Grafana but im struggling to see anything glaring apart from GC I see old Gen taking about 5hrs before it drops back one node2 as opposed to 3 on node 1. -Original Message- From: john.e.gr...@wellsfargo.com.INVALID Sent: 03 February 2022 19:33 To: users@tomcat.apache.org Subject: RE: help with high cpu usage Alan, > -Original Message- > From: Alan F > Sent: Thursday, February 03, 2022 12:19 PM > To: Tomcat Users List > Subject: help with high cpu usage > > Had some issues today with one prod host. One is fine the other has > stuck around 80%Cpu. > Ive taken a thread dump from both hosts and would appreciate someone > give a once over what it may be before I kill and restart. They are > clustered nodes so running identical apps and loadbalanced by a hardware > balancer. > > Node1 is ok (relatively!) > https://urldefense.com/v3/__https://fastthread.io/my-thread- > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ > 2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0&__;!!F9svGWnIaVPGSwU!91fvMc > RzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn-mDKbTl_dmUSa0LaAolXlhipl- > Fk2pQ$ > > > Node 2 still has high CPU usage > https://urldefense.com/v3/__https://fastthread.io/my-thread- > report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhL > TQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0&__;!!F9svGWnIaVPGSwU!9 > 1fvMcRzcMYr95RrClT-eCrcDNp3fKUDpupDSNtn- > mDKbTl_dmUSa0LaAolXlhipkmLFr3E$ Taking thread dumps was a good idea but I see very little activity on node 2. It looks like two threads are in Hibernate's EntityEntryContext.downgradeLocks() method, one is taking the thread dump itself, and another is reading a request from a client, I think. I would not expect this to add up to 80% CPU usage unless one of those threads is stuck in a loop. Comparing multiple thread dumps taken 5-10 seconds apart would help answer this question. How much GC is there? Could these Hibernate queries be pulling a huge amount of data from the DB, thus causing a lot of GC activity? Node 1 looks idle except for the thread taking the thread dump. Do you know for sure that it's the Tomcat process that is using the CPU?
help with high cpu usage
Had some issues today with one prod host. One is fine the other has stuck around 80%Cpu. Ive taken a thread dump from both hosts and would appreciate someone give a once over what it may be before I kill and restart. They are clustered nodes so running identical apps and loadbalanced by a hardware balancer. Node1 is ok (relatively!) https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS1hODllYzBkZS01OGJjLTQ2ZDQtYWRhNS1kYjkxZjM2NjI1ZTAudHh0; Node 2 still has high CPU usage https://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS0yN2I0YWY4Mi05OWFhLTQ3YjYtOGQ2My0wMDMwZjlkNDQzNjMudHh0;
RE: Tomcat 9 Session replication
Many thanks Mark! -Original Message- From: Mark Thomas Sent: 01 February 2022 09:25 To: users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication On 31/01/2022 14:54, Alan F wrote: > Many thanks Chris, > > Don't laugh I was looking at those values after Keiichi kindly mentioned this > too (thankyou!) and was thinking hmm where is 15 no mention! Ok makes sense > now. > > Im trying to find out why we chose static, I think it was a guess at trying > to stop the multicast interference from other hosts. I think we just had it > all set wrong to start with. > > Looking at many online examples like here > https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html is what i looked > would this suffice? > > If you could recommend the params I need just for two hosts to talk without > interference ie specifying group or unique id etc. This is a working static cluster example from my 4-node test cluster. https://people.apache.org/~markt/dev/server-static-cluster-example.xml Things you'll need to change: - the jvmRoute on the Engine element - must be unique for each node - must match the reverse proxy config for sticky sessions to work - you'll only need two members - LocalMember needs to be correct on each node - The address attribute of the receiver needs to be correct on each node Mark > > -Original Message- > From: Christopher Schultz > Sent: 31 January 2022 14:46 > To: users@tomcat.apache.org > Subject: Re: Tomcat 9 Session replication > > All, > > On 1/31/22 08:04, Keiichi Fujino wrote: >> If you use StaticMembershipService, you must set >> Cluster#channelStartOptions to 15 (default). > > To spell that out (since the docs aren't very explicit), the value of "15" is > the combination of the following flags: > > SND_RX_SEQ (1) - Starts the data receiver. > SND_TX_SEQ (2) - Starts the data transmitter ("sender"). > MBR_RX_SEQ (4) - Starts the membership receiver ("listener"). > MBR_TX_SEQ (8) - Starts the membership transmitter ("broadcaster"). > |= 15 (0xf) > > I'm curious why, if one is using static membership, are the membership > transmitter and receiver flags required? It seems to be that the membership > should remain static and therefore no membership comms shuould be required. > Are those important to ensure that the cluster members (through static) are > actually present during operation? > > -chris > >> 2022年1月31日(月) 16:47 Alan F : >> >>> OK with your advice I tried what I thought would work from example >>> and doesn't at all. The old example below works but this doesn’t >>> even detect members. >>> >>> Below is example to which Im using on both nodes which are remote to >>> eachother. >>> >>> >>> >> channelSendOptions="8" channelStartOptions = "3"> >>> >> expireSessionsOnShutdown="false" >>> notifyListenersOnReplication="true"/> >>> >>> >> className="org.apache.catalina.tribes.group.GroupChannel"> >>> >>> >> className="org.apache.catalina.tribes.membership.StaticMembershipService"> >>> >> className="org.apache.catalina.tribes.membership.StaticMember" >>> port="4110" >>> host="local-tomcat" >>> domain="tomcat-pc2" >>> >>> uniqueId="{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,0}" /> >>> >> className="org.apache.catalina.tribes.membership.StaticMember" >>> port="4110" >>> host="remote-tomcat" >>> domain="tomcat-pc2" >>> >>> uniqueId="{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}" /> >>> >>> >>> >> className="org.apache.catalina.tribes.transport.nio.NioReceiver" >>>address="local-tomcat" >>>port="4110" >>>autoBind="9" >>>selectorTimeout="2000" >>>maxThreads="6"/> >>> >>> >> className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> >>>
RE: Tomcat 9 Session replication
Many thanks Chris, Don't laugh I was looking at those values after Keiichi kindly mentioned this too (thankyou!) and was thinking hmm where is 15 no mention! Ok makes sense now. Im trying to find out why we chose static, I think it was a guess at trying to stop the multicast interference from other hosts. I think we just had it all set wrong to start with. Looking at many online examples like here https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html is what i looked would this suffice? If you could recommend the params I need just for two hosts to talk without interference ie specifying group or unique id etc. -Original Message- From: Christopher Schultz Sent: 31 January 2022 14:46 To: users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication All, On 1/31/22 08:04, Keiichi Fujino wrote: > If you use StaticMembershipService, you must set > Cluster#channelStartOptions to 15 (default). To spell that out (since the docs aren't very explicit), the value of "15" is the combination of the following flags: SND_RX_SEQ (1) - Starts the data receiver. SND_TX_SEQ (2) - Starts the data transmitter ("sender"). MBR_RX_SEQ (4) - Starts the membership receiver ("listener"). MBR_TX_SEQ (8) - Starts the membership transmitter ("broadcaster"). |= 15 (0xf) I'm curious why, if one is using static membership, are the membership transmitter and receiver flags required? It seems to be that the membership should remain static and therefore no membership comms shuould be required. Are those important to ensure that the cluster members (through static) are actually present during operation? -chris > 2022年1月31日(月) 16:47 Alan F : > >> OK with your advice I tried what I thought would work from example >> and doesn't at all. The old example below works but this doesn’t even >> detect members. >> >> Below is example to which Im using on both nodes which are remote to >> eachother. >> >> >> > channelSendOptions="8" channelStartOptions = "3"> >>> expireSessionsOnShutdown="false" >> notifyListenersOnReplication="true"/> >> >>> className="org.apache.catalina.tribes.group.GroupChannel"> >> >> > className="org.apache.catalina.tribes.membership.StaticMembershipService"> >> > className="org.apache.catalina.tribes.membership.StaticMember" >>port="4110" >>host="local-tomcat" >>domain="tomcat-pc2" >> >> uniqueId="{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,0}" /> >> > className="org.apache.catalina.tribes.membership.StaticMember" >>port="4110" >>host="remote-tomcat" >>domain="tomcat-pc2" >> >> uniqueId="{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}" /> >> >> >> > className="org.apache.catalina.tribes.transport.nio.NioReceiver" >> address="local-tomcat" >> port="4110" >> autoBind="9" >> selectorTimeout="2000" >> maxThreads="6"/> >> >> > className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> >> > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> >> >> >> > className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor" >> staticOnly="true"/> >> > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector" >> /> >> > className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/> >> > className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/> >> > className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor"> >> >> >> >> >>> filter=""/> >>> className="org.apache.catalina.ha.session.JvmRouteBinderValve"/> >> >>> className="org.apache.catalina.ha.deploy.FarmWarDeployer" >> tempDir="/op
RE: Tomcat 9 Session replication
OK with your advice I tried what I thought would work from example and doesn't at all. The old example below works but this doesn’t even detect members. Below is example to which Im using on both nodes which are remote to eachother. -Original Message- From: Mark Thomas Sent: 28 January 2022 18:15 To: users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication On 28/01/2022 17:05, Alan F wrote: > We are currently getting traffic from all cluster members in other > environments using .staticmember opposed to multicast can I confirm why this > is see below. > > What do we need to set here for a clustered pair to make them unique > and talk to eachother only without seeing traffic from other members > in Catalina.out > > This is how they are currently configured as you can see only difference > between nodes is the receiver and member ips are reversed. Im concerned > uniqueID is the same, do we also need to specify domain? uniqueID should be unique at least within the subnet, ideally globally. Yes, you should use a separate domain for each cluster. Looking at your config: You are missing the local member definition https://tomcat.apache.org/tomcat-10.0-doc/config/cluster-interceptor.html#Static_Membership The deployer should be defined under the cluster, not under an interceptor. Mark > > WE have hostname A and B if you could check below: > > HOSTNAME A config > > > > channelSendOptions="8"> > expireSessionsOnShutdown="false" > notifyListenersOnReplication="true"/> > > > > className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender" /> > >address="hostnameA" > autoBind="0" > className="org.apache.catalina.tribes.transport.nio.NioReceiver" > maxThreads="6" > port="4100" > selectorTimeout="5000" > /> > > className="org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor" > staticOnly="true"/> > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector" > /> > className="org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor"> > > className="org.apache.catalina.tribes.membership.StaticMember" > port="4100" > host="HostnameB" > uniqueId="{0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1}" > /> > tempDir="/opt/tomcat/war-temp/" > deployDir="/opt/tomcat/war-deploy/" > watchDir="/opt/tomcat/war-listen/" > watchEnabled="true"/> > > > className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor" > /> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 9 Session replication
We are currently getting traffic from all cluster members in other environments using .staticmember opposed to multicast can I confirm why this is see below. What do we need to set here for a clustered pair to make them unique and talk to eachother only without seeing traffic from other members in Catalina.out This is how they are currently configured as you can see only difference between nodes is the receiver and member ips are reversed. Im concerned uniqueID is the same, do we also need to specify domain? WE have hostname A and B if you could check below: HOSTNAME A config
RE: Tomcat jdbc connections
Hi Chris, Thankyou so much for your time and detail here. I had been working on this yesterday and posted my findings below. In the end It turned out to be my lack of understanding on Tomcat, but hey we are always learning! I would just like to update on my discovery of the issue I had with Tomcat resetting connections to DB. Main issue being lack of familiarity of parameters and how connection pooling worked. One thing I was unable to see without using a DBA admin was the connections resetting, no level of logging in Tomcat seemed to reveal this, and in the end I used a simple netstat query to check connections. watch -n1 "netstat -ant | grep ':1521.*ESTABLISHED' | nl | tail -n20 (last number depends on how many connections to monitor.) Obvs local ports will change outgoing therefore highlighting a new connection when these change. Once I had this I was able to tinker with current settings until I discovered the issue. Which in reality wasn't an issue per se its just that I discovered a non live Tomcat was behaving differently with pooled connections over a live host! Just to Recap Symptom: Tomcat closing DBCP pooled connections to Database every 60 seconds Cause: Tomcat was idle, therefore the configuration param was causing idle connections to be reset the period specified below (60 secs) timeBetweenEvictionRunsMillis=6 Resolution: The behaviour above is by design, a busy server will be less likely to trigger this due to connections being used! -Original Message- From: Christopher Schultz Sent: 24 January 2022 22:42 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections Alan, On 1/23/22 09:17, Alan F wrote: > Can I just follow up here what would be the next steps how would I go > about capturing the root cause of these very short connection times to > Oracle from Tomcat. Honestly, I would want to know what query or queries are being run by these short-lived connections. Something tells me that if you are able to audit those queries, you'll immediately know what's going on. SELECT * FROM query_details WHERE connection_id='deadbeef' user | start_time | end_time | query zabbix | 12:00:00 | 12:00:00 | SELECT COUNT(*) FROM some_queue zabbix | 12:01:00 | 12:01:00 | SELECT COUNT(*) FROM some_queue zabbix | 12:02:00 | 12:02:00 | SELECT COUNT(*) FROM some_queue zabbix | 12:03:00 | 12:03:00 | SELECT COUNT(*) FROM some_queue zabbix | 12:04:00 | 12:04:00 | SELECT COUNT(*) FROM some_queue zabbix | 12:05:00 | 12:05:00 | SELECT COUNT(*) FROM some_queue /me says "Oh, right. We have monitoring." > Would it be along the lines of Wireshark or TCP dump to see what's > occurring as I gather this won't be captured in tomcat logging via > Catalina.out? Or can it be. I would only resort to reading TCP dumps if all else fails. Why? 1. TCP dumps are large and "expensive" 2. You are encrypting connections to your database... right?! Knowing the nature of the queries will help. If you see no queries being executed, then no TCP dump will help you because you won't be able to prove what component is making those connection anyway (unless dbcp2 pushes some environmental information over to Oracle whenever it makes a connection like "I'm connecting to Oracle on behalf of application X on Tomcat, but I'm not going to execute any queries mmm'kay"). I don't think dbcp does that kind of thing, so you'd have to crank-up the logging level on that application and/or Tomcat instance to see what's happening with the connection pool. Hope that helps, -chris > -Original Message- > From: Phil Steitz > Sent: 21 January 2022 17:50 > To: users@tomcat.apache.org > Subject: Re: Tomcat jdbc connections > > > > On 1/21/22 9:28 AM, Alan F wrote: >> Ok thanks Phil ok I checked other connections in the same host and see >> minIdle="2" and initialSize="7" >> >> Ive run a diff on this server.xml between our active prod hosts which shows >> connections on Toad up for at least a day as to this idle server >> reconnecting after minutes! And diff is identical apart from Cluster ips. > Most likely culprit is network or other issue causing validations to fail. > With testWhileIdle on, idle connections in the pool will be tested when > visited and closed if validation fails. > > Phil >> >> >> >> >> -----Original Message- >> From: Phil Steitz >> Sent: 21 January 2022 16:10 >> To: users@tomcat.apache.org >> Subject: Re: Tomcat jdbc connections >> >> >> >> On 1/21/22 8:19 AM, Alan F wrote: >>> Thanks John, >>> >>> Here is an example of a connection below I see >>> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the >>> server has no traffic does this
RE: Tomcat jdbc connections
Can I just follow up here what would be the next steps how would I go about capturing the root cause of these very short connection times to Oracle from Tomcat. Would it be along the lines of Wireshark or TCP dump to see what's occurring as I gather this won't be captured in tomcat logging via Catalina.out? Or can it be. -Original Message- From: Phil Steitz Sent: 21 January 2022 17:50 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections On 1/21/22 9:28 AM, Alan F wrote: > Ok thanks Phil ok I checked other connections in the same host and see > minIdle="2" and initialSize="7" > > Ive run a diff on this server.xml between our active prod hosts which shows > connections on Toad up for at least a day as to this idle server reconnecting > after minutes! And diff is identical apart from Cluster ips. Most likely culprit is network or other issue causing validations to fail. With testWhileIdle on, idle connections in the pool will be tested when visited and closed if validation fails. Phil > > > > > -Original Message- > From: Phil Steitz > Sent: 21 January 2022 16:10 > To: users@tomcat.apache.org > Subject: Re: Tomcat jdbc connections > > > > On 1/21/22 8:19 AM, Alan F wrote: >> Thanks John, >> >> Here is an example of a connection below I see >> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the >> server has no traffic does this mean >> >> > timeBetweenEvictionRunsMillis="6" testWhileIdle="true" >> testOnReturn="false" >> testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" >> defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" >> maxIdle="5" >> url="jdbc:oracle:thin:@XXX:X:" username="XXX" >> password="" driverClassName="oracle.jdbc.OracleDriver" /> >> >> >> So above does that mean every 60 secs Eviction runs, does this mean a server >> with no traffic evicts unused connections to DB? > One more note on this config. Since you have not specified minIIdle or > initialSize, the pool will not create connections until they are requested by > clients. > > Phil >> >> -Original Message- >> From: john.e.gr...@wellsfargo.com.INVALID >> >> Sent: 21 January 2022 14:50 >> To: users@tomcat.apache.org >> Subject: RE: Tomcat jdbc connections >> >> Alan, >> >> >>> -Original Message- >>> From: Alan F >>> Sent: Friday, January 21, 2022 6:53 AM >>> To: Tomcat Users List >>> Subject: RE: Tomcat jdbc connections >>> >>> Hi Christopher >>> >>> Thanks for your time here. >>> >>> You mean like, a connection is made, no queries are executed, and >>> then the connection is terminated? >>> - ANSWER - DBAs are saying connections last a minute or so and are >>> replaced by a new set of connections 1 session each pool. >>> >>> >>> Presumably, you have an application running on Tomcat with a JDBC >>> connection configured. Are you using Tomcat's built-in pooling, or >>> is your application managing its own pooling/connections? >>> - ANSWER we are using dbcp2 >>> >>> >>> Do you have any background tasks (in the JVM) that will run even >>> when there is no user activity? Cache-management? Lazy-writes? >>> - ANSWER I don't think so. >>> >>> >>> Are you using Tomcat's clustering? Are you using a database-backed >>> session management or any kind? - >>> - ANSWER YES clustered B node down, A node up this Tomcat node is >>> not live or receiving any traffic currently in test. >>> >>> >>> Are the connections definitely being made from the application >>> itself and/or Tomcat? Or do you just see those connections coming >>> from the IP where the application is running? - ANSWER im assuming >>> according to server.xml they are utlising these declared connections via >>> Tomcat. >>> >>> >>> Do you have any background tasks (outside the JVM) that will run >>> even when there are no user actions? For example, some monitoring >>> system that pings the server to say "can you reach the database?" - >>> ANSWER NO >>> >>> >>> O >>> >> Could your pool be closing the connections after a set time? Look at >> timeBetweenEvict
RE: Tomcat jdbc connections
Thanks for your input Phil! Arghh will keep looking. -Original Message- From: Phil Steitz Sent: 21 January 2022 17:50 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections On 1/21/22 9:28 AM, Alan F wrote: > Ok thanks Phil ok I checked other connections in the same host and see > minIdle="2" and initialSize="7" > > Ive run a diff on this server.xml between our active prod hosts which shows > connections on Toad up for at least a day as to this idle server reconnecting > after minutes! And diff is identical apart from Cluster ips. Most likely culprit is network or other issue causing validations to fail. With testWhileIdle on, idle connections in the pool will be tested when visited and closed if validation fails. Phil > > > > > -Original Message- > From: Phil Steitz > Sent: 21 January 2022 16:10 > To: users@tomcat.apache.org > Subject: Re: Tomcat jdbc connections > > > > On 1/21/22 8:19 AM, Alan F wrote: >> Thanks John, >> >> Here is an example of a connection below I see >> timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the >> server has no traffic does this mean >> >> > timeBetweenEvictionRunsMillis="6" testWhileIdle="true" >> testOnReturn="false" >> testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" >> defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" >> maxIdle="5" >> url="jdbc:oracle:thin:@XXX:X:" username="XXX" >> password="" driverClassName="oracle.jdbc.OracleDriver" /> >> >> >> So above does that mean every 60 secs Eviction runs, does this mean a server >> with no traffic evicts unused connections to DB? > One more note on this config. Since you have not specified minIIdle or > initialSize, the pool will not create connections until they are requested by > clients. > > Phil >> >> -Original Message- >> From: john.e.gr...@wellsfargo.com.INVALID >> >> Sent: 21 January 2022 14:50 >> To: users@tomcat.apache.org >> Subject: RE: Tomcat jdbc connections >> >> Alan, >> >> >>> -Original Message- >>> From: Alan F >>> Sent: Friday, January 21, 2022 6:53 AM >>> To: Tomcat Users List >>> Subject: RE: Tomcat jdbc connections >>> >>> Hi Christopher >>> >>> Thanks for your time here. >>> >>> You mean like, a connection is made, no queries are executed, and >>> then the connection is terminated? >>> - ANSWER - DBAs are saying connections last a minute or so and are >>> replaced by a new set of connections 1 session each pool. >>> >>> >>> Presumably, you have an application running on Tomcat with a JDBC >>> connection configured. Are you using Tomcat's built-in pooling, or >>> is your application managing its own pooling/connections? >>> - ANSWER we are using dbcp2 >>> >>> >>> Do you have any background tasks (in the JVM) that will run even >>> when there is no user activity? Cache-management? Lazy-writes? >>> - ANSWER I don't think so. >>> >>> >>> Are you using Tomcat's clustering? Are you using a database-backed >>> session management or any kind? - >>> - ANSWER YES clustered B node down, A node up this Tomcat node is >>> not live or receiving any traffic currently in test. >>> >>> >>> Are the connections definitely being made from the application >>> itself and/or Tomcat? Or do you just see those connections coming >>> from the IP where the application is running? - ANSWER im assuming >>> according to server.xml they are utlising these declared connections via >>> Tomcat. >>> >>> >>> Do you have any background tasks (outside the JVM) that will run >>> even when there are no user actions? For example, some monitoring >>> system that pings the server to say "can you reach the database?" - >>> ANSWER NO >>> >>> >>> O >>> >> Could your pool be closing the connections after a set time? Look at >> timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here: >> >> https://commons.apache.org/proper/commons-dbcp/configuration.html >> B CB >> [ X ܚX KK[XZ[ >>\ \ ][ X ܚX P X ] >>\X K ܙ B ܈Y][ۘ[ [X[ K[XZ[ >>\ \ Z[ X ] >>\X K ܙ B >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat jdbc connections
Ok thanks Phil ok I checked other connections in the same host and see minIdle="2" and initialSize="7" Ive run a diff on this server.xml between our active prod hosts which shows connections on Toad up for at least a day as to this idle server reconnecting after minutes! And diff is identical apart from Cluster ips. -Original Message- From: Phil Steitz Sent: 21 January 2022 16:10 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections On 1/21/22 8:19 AM, Alan F wrote: > Thanks John, > > Here is an example of a connection below I see > timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the > server has no traffic does this mean > > timeBetweenEvictionRunsMillis="6" testWhileIdle="true" > testOnReturn="false" > testOnBorrow="true" removeAbandonedOnBorrow="true" maxWaitmillis="3" > defaultQueryTimeout="30" validationQuery="select * from dual" maxTotal="10" > maxIdle="5" > url="jdbc:oracle:thin:@XXX:X:" username="XXX" > password="" driverClassName="oracle.jdbc.OracleDriver" /> > > > So above does that mean every 60 secs Eviction runs, does this mean a server > with no traffic evicts unused connections to DB? One more note on this config. Since you have not specified minIIdle or initialSize, the pool will not create connections until they are requested by clients. Phil > > > -Original Message- > From: john.e.gr...@wellsfargo.com.INVALID > > Sent: 21 January 2022 14:50 > To: users@tomcat.apache.org > Subject: RE: Tomcat jdbc connections > > Alan, > > >> -Original Message- >> From: Alan F >> Sent: Friday, January 21, 2022 6:53 AM >> To: Tomcat Users List >> Subject: RE: Tomcat jdbc connections >> >> Hi Christopher >> >> Thanks for your time here. >> >> You mean like, a connection is made, no queries are executed, and >> then the connection is terminated? >> - ANSWER - DBAs are saying connections last a minute or so and are >> replaced by a new set of connections 1 session each pool. >> >> >> Presumably, you have an application running on Tomcat with a JDBC >> connection configured. Are you using Tomcat's built-in pooling, or is >> your application managing its own pooling/connections? >> - ANSWER we are using dbcp2 >> >> >> Do you have any background tasks (in the JVM) that will run even when >> there is no user activity? Cache-management? Lazy-writes? >> - ANSWER I don't think so. >> >> >> Are you using Tomcat's clustering? Are you using a database-backed >> session management or any kind? - >> - ANSWER YES clustered B node down, A node up this Tomcat node is not >> live or receiving any traffic currently in test. >> >> >> Are the connections definitely being made from the application itself >> and/or Tomcat? Or do you just see those connections coming from the >> IP where the application is running? - ANSWER im assuming according >> to server.xml they are utlising these declared connections via Tomcat. >> >> >> Do you have any background tasks (outside the JVM) that will run even >> when there are no user actions? For example, some monitoring system >> that pings the server to say "can you reach the database?" - ANSWER >> NO >> >> >> O >> > Could your pool be closing the connections after a set time? Look at > timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here: > > https://commons.apache.org/proper/commons-dbcp/configuration.html > B CB > [ X ܚX KK[XZ[ > \ \ ][ X ܚX P X ] > \X K ܙ B ܈Y][ۘ[ [X[ K[XZ[ > \ \ Z[ X ] > \X K ܙ B > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat jdbc connections
Thanks John, Here is an example of a connection below I see timeBetweenEvictionRunsMillis but not maxConnLifetimeMillis if the server has no traffic does this mean So above does that mean every 60 secs Eviction runs, does this mean a server with no traffic evicts unused connections to DB? -Original Message- From: john.e.gr...@wellsfargo.com.INVALID Sent: 21 January 2022 14:50 To: users@tomcat.apache.org Subject: RE: Tomcat jdbc connections Alan, > -Original Message- > From: Alan F > Sent: Friday, January 21, 2022 6:53 AM > To: Tomcat Users List > Subject: RE: Tomcat jdbc connections > > Hi Christopher > > Thanks for your time here. > > You mean like, a connection is made, no queries are executed, and then > the connection is terminated? > - ANSWER - DBAs are saying connections last a minute or so and are > replaced by a new set of connections 1 session each pool. > > > Presumably, you have an application running on Tomcat with a JDBC > connection configured. Are you using Tomcat's built-in pooling, or is > your application managing its own pooling/connections? > - ANSWER we are using dbcp2 > > > Do you have any background tasks (in the JVM) that will run even when > there is no user activity? Cache-management? Lazy-writes? > - ANSWER I don't think so. > > > Are you using Tomcat's clustering? Are you using a database-backed > session management or any kind? - > - ANSWER YES clustered B node down, A node up this Tomcat node is not > live or receiving any traffic currently in test. > > > Are the connections definitely being made from the application itself > and/or Tomcat? Or do you just see those connections coming from the IP > where the application is running? - ANSWER im assuming according to > server.xml they are utlising these declared connections via Tomcat. > > > Do you have any background tasks (outside the JVM) that will run even > when there are no user actions? For example, some monitoring system > that pings the server to say "can you reach the database?" - ANSWER NO > > > O > Could your pool be closing the connections after a set time? Look at timeBetweenEvictionRunsMillis and maxConnLifetimeMillis here: https://commons.apache.org/proper/commons-dbcp/configuration.html B CB [ X ܚX KK[XZ[ \ \ ][ X ܚX P X ] \X K ܙ B ܈Y][ۘ[ [X[ K[XZ[ \ \ Z[ X ] \X K ܙ B - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat jdbc connections
Hi Christopher Thanks for your time here. You mean like, a connection is made, no queries are executed, and then the connection is terminated? - ANSWER - DBAs are saying connections last a minute or so and are replaced by a new set of connections 1 session each pool. Presumably, you have an application running on Tomcat with a JDBC connection configured. Are you using Tomcat's built-in pooling, or is your application managing its own pooling/connections? - ANSWER we are using dbcp2 Do you have any background tasks (in the JVM) that will run even when there is no user activity? Cache-management? Lazy-writes? - ANSWER I don't think so. Are you using Tomcat's clustering? Are you using a database-backed session management or any kind? - - ANSWER YES clustered B node down, A node up this Tomcat node is not live or receiving any traffic currently in test. Are the connections definitely being made from the application itself and/or Tomcat? Or do you just see those connections coming from the IP where the application is running? - ANSWER im assuming according to server.xml they are utlising these declared connections via Tomcat. Do you have any background tasks (outside the JVM) that will run even when there are no user actions? For example, some monitoring system that pings the server to say "can you reach the database?" - ANSWER NO O -Original Message- From: Christopher Schultz Sent: 20 January 2022 17:34 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections Alan, On 1/20/22 09:33, Alan F wrote: > I have an issue with connections on Tomcat9 Oracle showing connections > made for about 2seconds then dropped again. Is this normal when the > server is not being used? You mean like, a connection is made, no queries are executed, and then the connection is terminated? Presumably, you have an application running on Tomcat with a JDBC connection configured. Are you using Tomcat's built-in pooling, or is your application managing its own pooling/connections? Do you have any background tasks (in the JVM) that will run even when there is no user activity? Cache-management? Lazy-writes? Are you using Tomcat's clustering? Are you using a database-backed session management or any kind? Are the connections definitely being made from the application itself and/or Tomcat? Or do you just see those connections coming from the IP where the application is running? Do you have any background tasks (outside the JVM) that will run even when there are no user actions? For example, some monitoring system that pings the server to say "can you reach the database?" -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat jdbc connections
I have an issue with connections on Tomcat9 Oracle showing connections made for about 2seconds then dropped again. Is this normal when the server is not being used? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 9 Encrpytion of JDBC
OK thanks Bill! -Original Message- From: Bill Stewart Sent: 14 January 2022 19:02 To: Tomcat Users List Subject: Re: Tomcat 9 Encrpytion of JDBC On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote: > Interested to know your best practices on securing jdbc plain text > passwords, in my last place they used a mechanism to encrypt all passwords. > Is this the best method as I read some people don't recommend this. > Any details or procs on best practice appreciated. > The "best practice," generally speaking, is that doing so is basically pointless from a security perspective. https://cwiki.apache.org/confluence/display/TOMCAT/Password Bill
Tomcat 9 Encrpytion of JDBC
All, Interested to know your best practices on securing jdbc plain text passwords, in my last place they used a mechanism to encrypt all passwords. Is this the best method as I read some people don't recommend this. Any details or procs on best practice appreciated. Thanks Ken - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Unable to Read JNDI xml file
I have just created a JNDI file for the spring boot application to read in the db info But I have this error during startup: java.util.InvalidPropertiesFormatException: org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 53; Document root element "Context", must match DOCTYPE root "null". I think there is something wrong with the DOCTYPE. How should I specify it? Please help. Thanks. Alan CONFIDENTIALITY CAUTION: This message is intended only for the use of the individual or entity to whom it is addressed and is privileged and confidential. If you are not the intended recipient, please notify us immediately by return e-mail, delete this message and you should not disseminate, distribute or copy any information contained herein.
tomcat session timeout with clustering
We just enabled clustering for our 3 tomcat servers, and now the sessions aren’t expiring. The TTL is negative and the inactive time is very high. We have this set as the default of 30 minutes. We are using Tomcat 7.0.51. Any ideas? Thanks Alan
JNDI Feedback
Hello, Running Tomcat 7.0.29 on Windows XP Professional Service Pack 3 I have been handed a project developed by a former colleague and I am still learning Java and Tomcat. The project has 4 JNDI's set up, 2 Oracle and 2 SQL Server with validation queries set up for the Oracle databases. I want to set up validation queries on the JNDI's for SQL server and also have the JNDI provide feedback to the Java application if the database is down. Can you advise how to do this please? If not possible, then what is an alternative? Thank you in advance for any assistance. Regards Alan Farroll Analyst Programmer Finance and Corporate Services Renfrewshire House Cotton Street Paisley PA1 1HY 0141 618 7961 alan.farr...@renfrewshire.gov.uk www.renfrewshire.gov.uk ** Renfrewshire Council Website - http://www.renfrewshire.gov.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Renfrewshire Council may, in accordance with the Telecommunications(Lawful Business Practice) (Interception of Communications) Regulations 2000, intercept e-mail messages for the purpose of monitoring or keeping a record of communications on the Council's system. If a message contains inappropriate dialogue it will automatically be intercepted by the Council's Internal Audit section who will decide whether or not the e-mail should be onwardly transmitted to the intended recipient(s). This footnote also confirms that this email message has been swept by Sophos for the presence of computer viruses. **
Re: JNDI Feedback
Hi, As requested, the resource tags from the Context file. Although I was asked by my boss to change password value to password and username value to username. Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver factory=org.moss.jdj.dbcp.EncryptedDataSourceFactory maxActive=100 maxIdle=30 maxWait=1 name=jdbc/authentication password=password type=javax.sql.DataSource url=jdbc:oracle:thin:@swtest:1523:TRNG username=username validationQuery=select 1 from dual / Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver factory=org.moss.jdj.dbcp.EncryptedDataSourceFactory maxActive=100 maxIdle=30 maxWait=1 name=jdbc/swift password=password type=javax.sql.DataSource url=jdbc:oracle:thin:@swtest:1523:TRNG username=username validationQuery=select 1 from dual / Resource auth=Container driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver factory=org.moss.jdj.dbcp.EncryptedDataSourceFactory maxActive=100 maxIdle=30 maxWait=1 name=jdbc/edrms password=password type=javax.sql.DataSource url=jdbc:sqlserver://hqdcsqlc2\ngedm:2369;databaseName=ImagesTrainDM username=username / Resource auth=Container driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver maxActive=100 maxIdle=30 maxWait=1 name=jdbc/audit password=password type=javax.sql.DataSource url=jdbc:sqlserver://egovsql2005\p40010:1433;databaseName=AuditDEV username=username / Thank you Regards Alan Farroll Analyst Programmer Finance and Corporate Services Renfrewshire House Cotton Street Paisley PA1 1HY 0141 618 7961 alan.farr...@renfrewshire.gov.uk www.renfrewshire.gov.uk From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 29/01/2013 17:06 Subject:Re: JNDI Feedback On Jan 29, 2013, at 11:54 AM, alan.farr...@renfrewshire.gov.uk wrote: Hello, Running Tomcat 7.0.29 on Windows XP Professional Service Pack 3 I have been handed a project developed by a former colleague and I am still learning Java and Tomcat. The project has 4 JNDI's set up, 2 Oracle and 2 SQL Server with validation queries set up for the Oracle databases. Please include the configuration for your data sources. The Resource/ tag, minus passwords should be sufficient. Dan I want to set up validation queries on the JNDI's for SQL server and also have the JNDI provide feedback to the Java application if the database is down. Can you advise how to do this please? If not possible, then what is an alternative? Thank you in advance for any assistance. Regards Alan Farroll Analyst Programmer Finance and Corporate Services Renfrewshire House Cotton Street Paisley PA1 1HY 0141 618 7961 alan.farr...@renfrewshire.gov.uk www.renfrewshire.gov.uk ** Renfrewshire Council Website - http://www.renfrewshire.gov.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Renfrewshire Council may, in accordance with the Telecommunications(Lawful Business Practice) (Interception of Communications) Regulations 2000, intercept e-mail messages for the purpose of monitoring or keeping a record of communications on the Council's system. If a message contains inappropriate dialogue it will automatically be intercepted by the Council's Internal Audit section who will decide whether or not the e-mail should be onwardly transmitted to the intended recipient(s). This footnote also confirms that this email message has been swept by Sophos for the presence of computer viruses. ** - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** Renfrewshire Council Website - http://www.renfrewshire.gov.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Renfrewshire Council may, in accordance with the Telecommunications(Lawful Business Practice) (Interception of Communications) Regulations 2000, intercept e-mail messages for the purpose of monitoring or keeping a record of communications on the Council's system. If a message contains inappropriate dialogue it will automatically be intercepted by the Council's Internal Audit section who will decide whether or not the e-mail should be onwardly transmitted to the intended recipient(s). This footnote also confirms that this email message has been swept by Sophos
Re: JNDI Feedback
Hi, Thanks for feedback. If a SQLException can be returned then I could probably use that in the Java application to determine if an exception occurred. Can you provide any guidance? Thank you Regards Alan Farroll Analyst Programmer Finance and Corporate Services Renfrewshire House Cotton Street Paisley PA1 1HY 0141 618 7961 alan.farr...@renfrewshire.gov.uk www.renfrewshire.gov.uk From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Date: 29/01/2013 17:11 Subject:Re: JNDI Feedback -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alan, On 1/29/13 11:54 AM, alan.farr...@renfrewshire.gov.uk wrote: Running Tomcat 7.0.29 on Windows XP Professional Service Pack 3 Ready for a Microsoft upgrade cycle? The clock is ticking... I have been handed a project developed by a former colleague and I am still learning Java and Tomcat. Welcome to the community! The project has 4 JNDI's set up Nomenclature nit: that's has 4 JNDI /resources/. JNDI itself is just a directory interface where you stash stuff. 2 Oracle and 2 SQL Server with validation queries set up for the Oracle databases. I want to set up validation queries on the JNDI's for SQL server and also have the JNDI provide feedback to the Java application if the database is down. The only feedback you are going to get is (eventual) SQLExceptions. Can you advise how to do this please? If not possible, then what is an alternative? Obviously, you can set up a validationQuery in the 2 MS SQL Server resources by just adding an appropriate query (e.g. SELECT 1 FROM DUAL or whatever is appropriate in MS SQL Server) to the Resource attributes. Were you hoping to get some other behavior than just what validationQuery already provides? FYI if you are using Tomcat's default connection pool, then you are using Apache commons-dbcp, whose configuration guide can be found here: http://commons.apache.org/dbcp/configuration.html That will explain all the configuration attributes you can use (right in the XML) and what they all do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEIAq0ACgkQ9CaO5/Lv0PBwvgCfd/QXbOkTEsCA4+dVG3GkhcYu dOQAn0lAOIdxaok55TJCE5pu7jb+aR4t =izRU -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** Renfrewshire Council Website - http://www.renfrewshire.gov.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Renfrewshire Council may, in accordance with the Telecommunications(Lawful Business Practice) (Interception of Communications) Regulations 2000, intercept e-mail messages for the purpose of monitoring or keeping a record of communications on the Council's system. If a message contains inappropriate dialogue it will automatically be intercepted by the Council's Internal Audit section who will decide whether or not the e-mail should be onwardly transmitted to the intended recipient(s). This footnote also confirms that this email message has been swept by Sophos for the presence of computer viruses. **
Problems trying to disable log rotation within Tomcat 6
Hello, I'm using Tomcat 6.0.24-2ubuntu1.10 on Ubuntu 10.04.4 and I am trying to disable datestamping and rotation of log files within Tomcat so I can use logrotate for everything. I have added these lines to /etc/tomcat6/logging.properties: 1catalina.org.apache.juli.FileHandler.rotatable = false 2localhost.org.apache.juli.FileHandler.rotatable = false From what I have read, this will set those files to be written as prefix.suffix, rather than prefix.date.suffix as it does by default. However, when I reload Tomcat after setting this, it is creating: catalina.2013-01-23.log localhost.2013-01-23.log Any assistance would be greatly appreciated. Thanks, -- Alan Worstell A1 Networks - Systems Administrator VTSP, dCAA, LPIC-1, Linux+, CLA, DCTS (707)570-2021 x204 For support issues please email supp...@a-1networks.com or call 707-703-1050 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about config and correct start-up
That context statement is not correct syntax should be: privileged=true/ ... On 1/14/2013 1:29 PM, Alan Findly wrote: Mark: Thanks for your quick response. Here are the items issues: OKgot the servlet mapping uncommented. About the context the priviledged attribute must be added to the context.xml file, as the documentation says, and, yes, I am reading the instructions in http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html but the instructions are vague--non-specific for individual attributes. Should it be stated this way, in the context file: privilegedtrue/privileged: It could be thus: privileged=true/privileged or, should it be this way: privileged=true I'll wait for your reply, but I believe it's the latter. My testing is with tried proven code, using the post methodscripts that have already worked on other servers. ... On 1/14/2013 12:30 AM, Mark Thomas wrote: On 14/01/2013 03:52, Alan Findly wrote: Forgot to mention version of tomcat .7.0.34 . on WindowsXP Original Message Subject: Question about config and correct start-up Date: Sun, 13 Jan 2013 19:52:55 -0700 From: Alan Findly afin...@ronan.net To: users@tomcat.apache.org Dear Tomcat user's group: I'm having a problem getting cgi to work. snip/ I've followed all the config instructions for setting it up, including editing the conf\web.xml file to make the cgi servlet functional, which just involves removing comment signs from around the servlet. You need to remove the comments around the servlet mapping as well. Done. So, what should happen is that when I call a perl script from html it should fire up go. That depends on how you are calling a perl script from html. But still no workey so digging further I noticed the config document which is a README.xml I don't recall any file of that name. What is its exact path on your system? makes a vague reference to having the correct context for cgi, but seemingly no other dataI'm missing something?? Have you read the docs? http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html You need to mark your context as privileged. I've made an assumption that since I'm the only user on my PC that I do not have to register me in the Tomcat-users.xml since the role of manager-gui does not seem to apply to cgi. Correct, assuming the resources are not protected by security constraints. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about config and correct start-up
The recommended context ELEMENT caused the following warning: Jan 16, 2013 9:10:37 AM org.apache.tomcat.util.digester.Digester endElement WARNING: No rules found matching 'Context/Context'. So I changed the ELEMENT to this --as below-- and voila . the warning went away. My thread seems out of context(no pun intended) because I made the unwarranted assumption that the original thread would be included in every reply comment.as it should beotherwise I have to re-iterate the problem, ie. thread...every time. The problem I'm trying to solve is making tomcat do cgi, and the Apache.tomcat documentation says to do basically 3 tasks: (1) Uncomment the cgi servlet in the conf/web.xm file. (2) In same file uncomment the cgi servlet mappingl. (3) Add the context ELEMENT to the context.xml file. So, now, as already covered in the previous parts of this problem's thread, the cgi functionality is still not working--at least not for perl--cgi files, which are all I've tested since this is my focus. Question; do I need a Tomcat/lib/servlet-cgi.jar file? Previous versions did -- well, version 5. I am working with version 7.0.34 and there is no such jar file in the downloaded tar. Now the servlet in conf/web.xml could be it instead of a jar file. However, what has me questioning -- there is also an api servlet in conf/web.xml--as well as a lib/servlet-api.jar file. I'm thinking now that the REAL problem is Windows XP.always been a dogI think it has something missing to purposely lock out cgi. I'm thinking i should just throw it away migrate to a Linux box. Thanks Mark and Chuck for your help, and I'm still listening if someone has a current Tomcat-for-WindowsXP solution. Peace, Alan .. On 1/16/2013 4:27 PM, Caldarale, Charles R wrote: From: Alan Findly [mailto:afin...@ronan.net] Subject: Re: Question about config and correct start-up That context statement is not correct syntax should be: privileged=true/ Thank you for providing a clear example of why top-posting is evil: no one has any idea which of the several Context elements (they're not statements) in the message you are referring to. In any event, the angle brackets should not be present in Context attributes; this is standard XML syntax. The Context element should look like this: Context privileged=true ... /Context - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about config and correct start-up
Mark: Thanks for your quick response. Here are the items issues: OKgot the servlet mapping uncommented. About the context the priviledged attribute must be added to the context.xml file, as the documentation says, and, yes, I am reading the instructions in http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html but the instructions are vague--non-specific for individual attributes. Should it be stated this way, in the context file: privilegedtrue/privileged: It could be thus: privileged=true/privileged or, should it be this way: privileged=true I'll wait for your reply, but I believe it's the latter. My testing is with tried proven code, using the post methodscripts that have already worked on other servers. ... On 1/14/2013 12:30 AM, Mark Thomas wrote: On 14/01/2013 03:52, Alan Findly wrote: Forgot to mention version of tomcat .7.0.34 . on WindowsXP Original Message Subject: Question about config and correct start-up Date: Sun, 13 Jan 2013 19:52:55 -0700 From: Alan Findly afin...@ronan.net To: users@tomcat.apache.org Dear Tomcat user's group: I'm having a problem getting cgi to work. snip/ I've followed all the config instructions for setting it up, including editing the conf\web.xml file to make the cgi servlet functional, which just involves removing comment signs from around the servlet. You need to remove the comments around the servlet mapping as well. Done. So, what should happen is that when I call a perl script from html it should fire up go. That depends on how you are calling a perl script from html. But still no workey so digging further I noticed the config document which is a README.xml I don't recall any file of that name. What is its exact path on your system? makes a vague reference to having the correct context for cgi, but seemingly no other dataI'm missing something?? Have you read the docs? http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html You need to mark your context as privileged. I've made an assumption that since I'm the only user on my PC that I do not have to register me in the Tomcat-users.xml since the role of manager-gui does not seem to apply to cgi. Correct, assuming the resources are not protected by security constraints. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question about config and correct start-up
Dear Tomcat user's group: I'm having a problem getting cgi to work. I have Tomcat installed--used the installer from download page. It's working fine for java, but I need the web server for my cgi project running testing perl from html locally on my PC...yea Windows env...ah, well...anyway my goal is to develop Perl stuff locally before uploading to regular server. I've followed all the config instructions for setting it up, including editing the conf\web.xml file to make the cgi servlet functional, which just involves removing comment signs from around the servlet. Done. So, what should happen is that when I call a perl script from html it should fire up go. But still no workey so digging further I noticed the config document which is a README.xml makes a vague reference to having the correct context for cgi, but seemingly no other dataI'm missing something?? Now, folks, I have no more clues what this refers to ... can someone shed some light for me?? I've made an assumption that since I'm the only user on my PC that I do not have to register me in the Tomcat-users.xml since the role of manager-gui does not seem to apply to cgi. But I've been wrong before! Thanks, Alan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about config and correct start-up
Forgot to mention version of tomcat .7.0.34 . on WindowsXP Original Message Subject:Question about config and correct start-up Date: Sun, 13 Jan 2013 19:52:55 -0700 From: Alan Findly afin...@ronan.net To: users@tomcat.apache.org Dear Tomcat user's group: I'm having a problem getting cgi to work. I have Tomcat installed--used the installer from download page. It's working fine for java, but I need the web server for my cgi project running testing perl from html locally on my PC...yea Windows env...ah, well...anyway my goal is to develop Perl stuff locally before uploading to regular server. I've followed all the config instructions for setting it up, including editing the conf\web.xml file to make the cgi servlet functional, which just involves removing comment signs from around the servlet. Done. So, what should happen is that when I call a perl script from html it should fire up go. But still no workey so digging further I noticed the config document which is a README.xml makes a vague reference to having the correct context for cgi, but seemingly no other dataI'm missing something?? Now, folks, I have no more clues what this refers to ... can someone shed some light for me?? I've made an assumption that since I'm the only user on my PC that I do not have to register me in the Tomcat-users.xml since the role of manager-gui does not seem to apply to cgi. But I've been wrong before! Thanks, Alan
Tomcat 4 question - is this a known bug and if so which version is it fixed in?
We have been having occasional content-length mismatch errors which we now suspect may be linked to Tomcat 4 or the mod_jk connector. I am trying to find out if this is a known problem and if so which version of Tomcat and/or mod_jk we need to upgrade too. I have been looking through the bugs database but have been unable to find it with any certainty. Could someone help please? The problem : content length mismatches (due to the parameters from 2 different POST requests being mixed up?) Versions : Tomcat 4.1, Java 1.5.0 on HP-UX. I do not have the version of mod_jk used on that machine at present but can obtain it. Could someone tell me if this is a known problem and point me to its details? If it is a problem with Tomcat/mod_jk could someone tell me which version it was fixed in? More Details on the problem The reason we now suspect Tomcat 4 or mod_jk is because it appears that the POST parameters from 2 different requests have been mixed up. This has been recreated internally by a script which was firing requests for a JSP page Welcome.jsp every 30 seconds with the same set of POST parameters ALAN=WILLIAMSTEST=1 (length = 20). An error was reported in a servlet which expected a content length of 183. The Tomcat logs reported that the parameters it received were ALAN=WILLIAMSTEST=1 (length =20). Somehow it was accessing the parameters for a request for a different URL from a different user. The excerpt from the Tomcat log is below. 2010-09-02 10:02:46 HttpRequestBase.parseParameters content length mismatch URL: http://10.16.99.102:16513/RSTES2/servlet/MyServlet Content Length: 183 Read: 20 Bytes Read: ALAN=WILLIAMSTEST=1 (These parameters were for Welcome.jsp not the servlet) I suspect that both requests were sent correctly and have become entangled. The requests did not originate at the same time. The access logs show that the last request for the JSP page was 24 seconds earlier. It's as if the details from an old request were picked up when processing a new one. 10.16.200.54 - - [02/Sep/2010:10:02:22 +0100] POST /RSTES2/jsp/login/Welcome.jsp HTTP/1.0 200 5631 (most recent request for JSP page by the script) 10.99.1.4 - - [02/Sep/2010:10:02:24 +0100] POST /RSTES2/servlet/MyServlet HTTP/1.1 200 42505 (a single user using the system normally) 10.99.1.4 - - [02/Sep/2010:10:02:30 +0100] POST /RSTES2/servlet/ MyServlet HTTP/1.1 200 42505 (a single user using the system normally) 10.99.1.4 - - [02/Sep/2010:10:02:35 +0100] POST /RSTES2/servlet/ MyServlet HTTP/1.1 200 42505 (a single user using the system normally) 10.99.1.4 - - [02/Sep/2010:10:02:41 +0100] POST /RSTES2/servlet/ MyServlet HTTP/1.1 200 42505 (a single user using the system normally) 10.99.1.4 - - [02/Sep/2010:10:02:43 +0100] POST /RSTES2/servlet/ MyServlet HTTP/1.1 200 206 (a single user using the system normally) (error occurred at 10:02:46 as above) 10.99.1.4 - - [02/Sep/2010:10:02:47 +0100] POST /RSTES2/servlet/ MyServlet HTTP/1.1 200 42505 (a single user using the system normally) 10.16.200.54 - - [02/Sep/2010:10:02:52 +0100] POST /RSTES2/jsp/login/Welcome.jsp HTTP/1.0 200 5631 (a later request for the JSP page by the script) Alan Alan Williams, Senior Analyst/Programmer, 3i Infotech - Western Europe Tel. Direct: + 44 (0)121 260 3346 | Email: alan.willi...@3i-infotech.eu | www.3i-infotech.com This message is intended for the named recipient only and may be privileged and/or confidential. If you are not the intended or named recipient or have received this email in error then you should not copy, forward or disclose it to any other person. The views and opinions expressed in this e-mail are those of the sender and may not represent the views and opinions of 3i Infotech (Western Europe) Limited (registered number 2760212, with its registered office at Level 35, 25 Canada Square, Canary Wharf, London, E14 5LQ) or any subsidiary or affiliated company within the 3i Infotech group of companies. If you have received this email in error you should destroy it or contact postmas...@3i-infotech.eu so that we may take appropriate action. __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
NewBie! Need Help to configure FTP/Domain...
Hi All, I'm new to TomCat however I have managed to get JDK setup and Tomcat 6 running on Linux 64bit server. I've deployed an app via WAR file and all looks good. So all that remains for me to do is confirgure a domain name to use the server and be able to FTP to the installed app folder. I've been searching and digging but am a bit lost at this stage. If anyone can point me in the right direction it would be great. Thanks Alan
Understanding the error cause
I am moving an application I have had running under tomcat5.5 to tomcat6 on another computer. I placed my war file in the webapps directory and tomcat duly automatically deployed it. But as soon as I try to access it, it throws an exception - the root cause of which appears to be this line java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat6/webapps/akcmoney/WEB-INF/classes/META-INF/hivemodule.xml read) This file is inside the deployed web app, and exists and has file permissions 644 with ownership and group of tomcat6. I do not understand what is wrong. Can someone give me some advice as to how to understand the problem. -- Alan Chandler http://www.chandlerfamily.org.uk - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Understanding the error cause
Konstantin Kolinko wrote: 2009/12/26 Alan Chandler a...@chandlerfamily.org.uk: I am moving an application I have had running under tomcat5.5 to tomcat6 on another computer. I placed my war file in the webapps directory and tomcat duly automatically deployed it. But as soon as I try to access it, it throws an exception - the root cause of which appears to be this line java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat6/webapps/akcmoney/WEB-INF/classes/META-INF/hivemodule.xml read) This file is inside the deployed web app, and exists and has file permissions 644 with ownership and group of tomcat6. I do not understand what is wrong. Can someone give me some advice as to how to understand the problem. http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html Thanks - understand much more now. -- Alan Chandler http://www.chandlerfamily.org.uk - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat not listing on ipv4
I have just upgraded my Debian server to unstable, and now find that attempt to connect to my tomcat via ajp fails. It appears from netstat is tomcat is listing on 8009 but only on ipv6 I have been unable to find out how to change this. Can someone give me a clue. -- Alan Chandler http://www.chandlerfamily.org.uk - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat not listing on ipv4
André Warnier wrote: Alan Chandler wrote: I have just upgraded my Debian server to unstable, and now find that attempt to connect to my tomcat via ajp fails. It appears from netstat is tomcat is listing on 8009 but only on ipv6 I have been unable to find out how to change this. Can someone give me a clue. As a hack : use the Address attribute of the AJP Connector and specify a V4 address ? (if only 127.0.0.1) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org It works at least as far as connecting to Tomcat from apache is concerned. I now have problems accessing the database from tomcat and that is throwing an exception -- Alan Chandler http://www.chandlerfamily.org.uk - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What is the difference between running Tomcat 6 as a Windows Service vs. running from the command line?
[Alan] I need to find out what is the difference between running Tomcat 6 as a Windows Service and running it from the command line. The reason is that I'm getting a bizarre bug when a jython based servlet is run under Tomcat6-as-Service. But the bug does NOT appear when Tomcat 6 is run from the command line using bin\startup.bat. [Earl] Was there a solution found for this behavior? It is happening to me as well when I try to install Liferay portal as a service (Server 2008, 64-bit JVM, Tomcat 6.0.20 zip file installed with 64-bit tomcat6 and tomcat6w.exe files substituted). I also get a stack overflow error when running as a service, but normal behavior when using startup.bat . After getting startup.bat to run, I installed the service using service install. If I run tomcat6 from the command line still as Administrator, it also fails. Hi Earl, I'm not sure if we're talking about the same bug, although it's easily possible that it's the same bug, with differing consequences. I've made a little more progress on what is happening in jython when this problem occurs, namely a infinite recursion on method reflection. I'm guessing that this may be caused by a combination of classloading and security policies, not sure yet. More details from here http://bugs.jython.org/issue1489 Note from that bug that we've had a report from a user who saw identical behaviour when running a minimal jython servlet in BEA WebLogic on Ubuntu, whereas the Tomcat on Ubuntu runs the code just fine. So this is not a problem specific to Tomcat or to Tomcat on Windows. I'll be continuing my investigations and reports on the jython bug report. Please feel free to follow that discussion and/or contribute to it. Regards, Alan. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
What is the difference between running Tomcat 6 as a Windows Service vs. running from the command line?
Hi all, I need to find out what is the difference between running Tomcat 6 as a Windows Service and running it from the command line. The reason is that I'm getting a bizarre bug when a jython based servlet is run under Tomcat6-as-Service. But the bug does NOT appear when Tomcat 6 is run from the command line using bin\startup.bat. I'm using Windows Server 2003. Rather than describe the whole thing in this email, I've recorded all of the details in the jython bug tracker. Jython crashes in unknown circumstances when running on Tomcat 6 as Windows Service http://bugs.jython.org/issue1489 Can anyone point me to documentation which describes the differences between the two operating modes? Regards, Alan Kennedy. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What is the difference between running Tomcat 6 as a Windows Service vs. running from the command line?
[Alan] I need to find out what is the difference between running Tomcat 6 as a Windows Service and running it from the command line. The reason is that I'm getting a bizarre bug when a jython based servlet is run under Tomcat6-as-Service. But the bug does NOT appear when Tomcat 6 is run from the command line using bin\startup.bat. [Markus] The most prominent difference I can think of is the user account Tomcat runs as. Although I have no idea why this should cause the endless recursion you are seeing, I'd (temporarily) change the user account of the Tomcat service to your personal account and see if the problem still exists. Thanks for the suggestion Markus, it was a good one. Unfortunately, it did not solve the problem: the behaviour is exactly the same when running under my own account: the bug still occurs. Regards, Alan. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
my webapps and security manager
playing with that for more than a week and I'm getting really tired, which is likely weakening my sense of observation and reason and I am probably skipping something obvious if not the whole thing at all. Any help would be very very appreciated. Many thanks in advance, Alan -- Alan Wilter Sousa da Silva, D.Sc. PDBe group, PiMS project http://www.pims-lims.org/ EMBL - EBI, Wellcome Trust Genome Campus, Hinxton, Cambridge CB10 1SD, UK +44 (0)1223 492 583 (office) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: webapps examples and security manager
Hallelujah! I finally figured out what's going on with tomcat 5.5.26 when running webapps in security mode. In Ubuntu 9.04, with just the addition of 'permission java.lang.RuntimePermission setContextClassLoader;' in catalina.policy solved the problem. This is happen because ubuntu has its own way of starting the deamon and apparently they fixed some problems that in tomcat 5.5.26 official distribution is not. Since Fink also use the official distribution, I found out that I need to tweak catalina.policy a bit further there. See the patch: --- catalina.policy 2009-09-24 13:51:41.0 +0100 +++ /Users/alan/SCRIPTS/catalina.policy 2009-09-24 13:50:24.0 +0100 @@ -66,7 +66,7 @@ }; // These permissions apply to the commons-logging API -grant codeBase file:${catalina.home}/bin/commons-logging-api.jar { +grant codeBase file:${catalina.home}/bin/commons-logging-api-1.1.1.jar { permission java.security.AllPermission; }; @@ -82,6 +82,7 @@ // These permissions apply to JULI grant codeBase file:${catalina.home}/bin/tomcat-juli.jar { +permission java.lang.RuntimePermission setContextClassLoader; permission java.util.PropertyPermission java.util.logging.config.class, read; permission java.util.PropertyPermission java.util.logging.config.file, read; permission java.lang.RuntimePermission shutdownHooks; @@ -95,6 +96,8 @@ // Be sure that the logging configuration is secure before enabling such access // eg for the examples web application: // permission java.io.FilePermission ${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties, read; +permission java.io.FilePermission ${catalina.base}${file.separator}webapps${file.separator}jsp-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties, read; +permission java.io.FilePermission ${catalina.base}${file.separator}webapps${file.separator}servlets-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties, read; }; // These permissions apply to the servlet API classes This basic solved my problems. Alan On Wed, Sep 23, 2009 at 22:58, Alan alanwil...@gmail.com wrote: Many thanks dear Mark. It's late here too but I finally, with your diligent and precious help, I could figure out what's going on here and even manage to have tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but not for tomcat5.5.26, last version available for Mac via Fink). Thank you very much. Alan On Wed, Sep 23, 2009 at 21:42, Mark Thomas ma...@apache.org wrote: Mark Thomas wrote: Mark Thomas wrote: Alan wrote: Thanks Mark, let's deal by parts: OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs but not a 1.6.0_00 JVM. The latest 1.5 JVM seems OK too. Time to check the release notes. I'll hopefully have a workaround (other than using Java 1.5) shortly. Still not clear why it is required for later JVM versions snip/ It is late and I have been in front my PC for too long today. This has already been fixed (by me!) in trunk and proposed for 6.0.x and 5.5.x. It looks the implementation of LogManager (ClassLoaderLogManager extends LogManager) has changed - hence the need for the new permission. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: webapps examples and security manager
Well, I'll try to make it clearer: Situation: Ubuntu 9.04 with SUN Java 1.6 and tomcat 5.5.26 with security mode (default in Debian/Ubuntu). Testing tomcat-webapps examples. A clean install and everything seems to work, except that nothing is written in /var/log/tomcat5.5 To solve this issue, I had to add: permission java.lang.RuntimePermission setContextClassLoader; in /etc/tomcat5.5/policy.d/03catalina.policy. If using openJDK instead of Sun Java, this is not necessary. The patch I sent before is for those using tomcat5.5.26 in Mac OSX and Fink use this distribution. Did it help? Alan On Thu, Sep 24, 2009 at 14:57, Pid p...@pidster.com wrote: On 24/09/2009 14:11, Alan wrote: Hallelujah! I finally figured out what's going on with tomcat 5.5.26 when running webapps in security mode. In Ubuntu 9.04, with just the addition of 'permission java.lang.RuntimePermission setContextClassLoader;' in catalina.policy solved the problem. This is happen because ubuntu has its own way of starting the deamon and apparently they fixed some problems that in tomcat 5.5.26 official distribution is not. Really? Could you let us know what? p Since Fink also use the official distribution, I found out that I need to tweak catalina.policy a bit further there. See the patch: --- catalina.policy 2009-09-24 13:51:41.0 +0100 +++ /Users/alan/SCRIPTS/catalina.policy 2009-09-24 13:50:24.0 +0100 @@ -66,7 +66,7 @@ }; // These permissions apply to the commons-logging API -grant codeBase file:${catalina.home}/bin/commons-logging-api.jar { +grant codeBase file:${catalina.home}/bin/commons-logging-api-1.1.1.jar { permission java.security.AllPermission; }; @@ -82,6 +82,7 @@ // These permissions apply to JULI grant codeBase file:${catalina.home}/bin/tomcat-juli.jar { + permission java.lang.RuntimePermission setContextClassLoader; permission java.util.PropertyPermission java.util.logging.config.class, read; permission java.util.PropertyPermission java.util.logging.config.file, read; permission java.lang.RuntimePermission shutdownHooks; @@ -95,6 +96,8 @@ // Be sure that the logging configuration is secure before enabling such access // eg for the examples web application: // permission java.io.FilePermission ${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties, read; + permission java.io.FilePermission ${catalina.base}${file.separator}webapps${file.separator}jsp-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties, read; + permission java.io.FilePermission ${catalina.base}${file.separator}webapps${file.separator}servlets-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties, read; }; // These permissions apply to the servlet API classes This basic solved my problems. Alan On Wed, Sep 23, 2009 at 22:58, Alanalanwil...@gmail.com wrote: Many thanks dear Mark. It's late here too but I finally, with your diligent and precious help, I could figure out what's going on here and even manage to have tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but not for tomcat5.5.26, last version available for Mac via Fink). Thank you very much. Alan On Wed, Sep 23, 2009 at 21:42, Mark Thomasma...@apache.org wrote: Mark Thomas wrote: Mark Thomas wrote: Alan wrote: Thanks Mark, let's deal by parts: OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs but not a 1.6.0_00 JVM. The latest 1.5 JVM seems OK too. Time to check the release notes. I'll hopefully have a workaround (other than using Java 1.5) shortly. Still not clear why it is required for later JVM versions snip/ It is late and I have been in front my PC for too long today. This has already been fixed (by me!) in trunk and proposed for 6.0.x and 5.5.x. It looks the implementation of LogManager (ClassLoaderLogManager extends LogManager) has changed - hence the need for the new permission. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: webapps examples and security manager
Ok, I downloaded the latest and did: wget -c http://mirror.ox.ac.uk/sites/rsync.apache.org/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz tar xvfz apache-tomcat-5.5.28.tar.gz # gnu tar cd ~/Programmes/apache-tomcat-6.0.20 export CATALINA_HOME=$PWD amadeus[2161]:~/Programmes/apache-tomcat-6.0.20% $CATALINA_HOME/bin/catalina.sh run -securityUsing CATALINA_BASE: /Users/alan/Programmes/apache-tomcat-6.0.20 Using CATALINA_HOME: /Users/alan/Programmes/apache-tomcat-6.0.20 Using CATALINA_TMPDIR: /Users/alan/Programmes/apache-tomcat-6.0.20/temp Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home Using Security Manager Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future Could not load Logmanager org.apache.juli.ClassLoaderLogManager java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) [snip] I got basically the same thing as in tomcat 5.5. So, how do I do to make at least the webapps examples that come with tomcat to run smoothly with security manager? How to tweak catalina.policy in order to not see all this issues in log? Many thanks in advance, Alan On Tue, Sep 22, 2009 at 18:49, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Alan [mailto:alanwil...@gmail.com] Subject: Re: webapps examples and security manager Not yet, which one would suggest me please? The latest, always (6.0.20). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: webapps examples and security manager
Thanks Mark, let's deal by parts: On Wed, Sep 23, 2009 at 16:33, Mark Thomas ma...@apache.org wrote: Alan wrote: Ok, I downloaded the latest and did: wget -c http://mirror.ox.ac.uk/sites/rsync.apache.org/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz tar xvfz apache-tomcat-5.5.28.tar.gz # gnu tar What is going on here? Which version of Tomcat are you using? amadeus[2195]:~/Programmes% $CATALINA_HOME/bin/catalina.sh version Using CATALINA_BASE: /Users/alan/Programmes/apache-tomcat-6.0.20 Using CATALINA_HOME: /Users/alan/Programmes/apache-tomcat-6.0.20 Using CATALINA_TMPDIR: /Users/alan/Programmes/apache-tomcat-6.0.20/temp Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home Server version: Apache Tomcat/6.0.20 Server built: May 14 2009 01:13:50 Server number: 6.0.20.0 OS Name:Mac OS X OS Version: 10.6.1 Architecture: x86_64 JVM Version:1.6.0_15-b03-219 JVM Vendor: Apple Inc. cd ~/Programmes/apache-tomcat-6.0.20 export CATALINA_HOME=$PWD amadeus[2161]:~/Programmes/apache-tomcat-6.0.20% $CATALINA_HOME/bin/catalina.sh run -securityUsing CATALINA_BASE: /Users/alan/Programmes/apache-tomcat-6.0.20 Using CATALINA_HOME: /Users/alan/Programmes/apache-tomcat-6.0.20 Using CATALINA_TMPDIR: /Users/alan/Programmes/apache-tomcat-6.0.20/temp Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home Which JVM is this? What does: java -version return? amadeus[2197]:~/Programmes% java -version java version 1.6.0_15 Java(TM) SE Runtime Environment (build 1.6.0_15-b03-219) Java HotSpot(TM) 64-Bit Server VM (build 14.1-b02-90, mixed mode) Using Security Manager Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future Hmm. You shouldn't see that with a default Tomcat install so it looks like you aren't running what you think you are running. Indeed, testing on Ubuntu, I don't get this message. More below. Could not load Logmanager org.apache.juli.ClassLoaderLogManager java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) [snip] This works out of the for me on Leopard. I don't have access to a machine with Snow Leopard although it is unlikely that is the issue. So, how do I do to make at least the webapps examples that come with tomcat to run smoothly with security manager? How to tweak catalina.policy in order to not see all this issues in log? Indications are you aren't running a vanilla Tomcat 6.0.20 install. A clean install works for me in Windows, OSX and linux. Mark I frankly don't understand what's going on, so I will put in a sort of script-like what I did. First I got tomcat from http://tomcat.apache.org/download-60.cgi (Binary distr. - Core). Should I get the source code and compile myself? #-- # commands cd # get binary core package from a mirror wget -c http://mirror.lividpenguin.com/pub/apache/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz # uncompress with gnu tar tar xvfz apache-tomcat-6.0.20.tar.gz cd apache-tomcat-6.0.20 export CATALINA_HOME=$PWD $CATALINA_HOME/bin/catalina.sh version $CATALINA_HOME/bin/catalina.sh run -security #-- I did the same commands in a clean install of Ubuntu Linux 9.04 64 bits and got the same problem. I would love to see what you get doing the commands above, or please tell me what should I change if they are not OK. From Ubuntu: a...@ubuntu:~/apache-tomcat-6.0.20/logs$ $CATALINA_HOME/bin/catalina.sh version Using CATALINA_BASE: /home/alan/apache-tomcat-6.0.20 Using CATALINA_HOME: /home/alan/apache-tomcat-6.0.20 Using CATALINA_TMPDIR: /home/alan/apache-tomcat-6.0.20/temp Using JRE_HOME: /usr Server version: Apache Tomcat/6.0.20 Server built: May 14 2009 01:13:50 Server number: 6.0.20.0 OS Name:Linux OS Version: 2.6.28-15-generic Architecture: amd64 JVM Version:1.6.0_16-b01 JVM Vendor: Sun Microsystems Inc. a...@ubuntu:~/apache-tomcat-6.0.20/logs$ $CATALINA_HOME/bin/catalina.sh run -security Using CATALINA_BASE: /home/alan/apache-tomcat-6.0.20 Using CATALINA_HOME: /home/alan/apache-tomcat-6.0.20 Using CATALINA_TMPDIR: /home/alan/apache-tomcat-6.0.20/temp Using JRE_HOME: /usr Using Security Manager Could not load Logmanager org.apache.juli.ClassLoaderLogManager java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) [snip] Cheers, Alan
Re: webapps examples and security manager
Many thanks dear Mark. It's late here too but I finally, with your diligent and precious help, I could figure out what's going on here and even manage to have tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but not for tomcat5.5.26, last version available for Mac via Fink). Thank you very much. Alan On Wed, Sep 23, 2009 at 21:42, Mark Thomas ma...@apache.org wrote: Mark Thomas wrote: Mark Thomas wrote: Alan wrote: Thanks Mark, let's deal by parts: OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs but not a 1.6.0_00 JVM. The latest 1.5 JVM seems OK too. Time to check the release notes. I'll hopefully have a workaround (other than using Java 1.5) shortly. Still not clear why it is required for later JVM versions snip/ It is late and I have been in front my PC for too long today. This has already been fixed (by me!) in trunk and proposed for 6.0.x and 5.5.x. It looks the implementation of LogManager (ClassLoaderLogManager extends LogManager) has changed - hence the need for the new permission. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
webapps examples and security manager
:${catalina.home}/server/- { permission java.security.AllPermission; }; // The permissions granted to the balancer WEB-INF/classes and WEB-INF/lib directory grant codeBase file:${catalina.home}/webapps/balancer/- { permission java.lang.RuntimePermission accessClassInPackage.org.apache.tomcat.util.digester; permission java.lang.RuntimePermission accessClassInPackage.org.apache.tomcat.util.digester.*; }; // == WEB APPLICATION PERMISSIONS = // These permissions are granted by default to all web applications // In addition, a web application will be given a read FilePermission // and JndiPermission for all files and directories in its document root. grant { // Required for JNDI lookup of named JDBC DataSource's and // javamail named MimePart DataSource used to send mail permission java.util.PropertyPermission java.home, read; permission java.util.PropertyPermission java.naming.*, read; permission java.util.PropertyPermission javax.sql.*, read; // OS Specific properties to allow read access permission java.util.PropertyPermission os.name, read; permission java.util.PropertyPermission os.version, read; permission java.util.PropertyPermission os.arch, read; permission java.util.PropertyPermission file.separator, read; permission java.util.PropertyPermission path.separator, read; permission java.util.PropertyPermission line.separator, read; // JVM properties to allow read access permission java.util.PropertyPermission java.version, read; permission java.util.PropertyPermission java.vendor, read; permission java.util.PropertyPermission java.vendor.url, read; permission java.util.PropertyPermission java.class.version, read; permission java.util.PropertyPermission java.specification.version, read; permission java.util.PropertyPermission java.specification.vendor, read; permission java.util.PropertyPermission java.specification.name, read; permission java.util.PropertyPermission java.vm.specification.version, read; permission java.util.PropertyPermission java.vm.specification.vendor, read; permission java.util.PropertyPermission java.vm.specification.name, read; permission java.util.PropertyPermission java.vm.version, read; permission java.util.PropertyPermission java.vm.vendor, read; permission java.util.PropertyPermission java.vm.name, read; // Required for OpenJMX permission java.lang.RuntimePermission getAttribute; // Allow read of JAXP compliant XML parser debug permission java.util.PropertyPermission jaxp.debug, read; // Precompiled JSPs need access to this package. permission java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime; permission java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*; // Precompiled JSPs need access to this system property. permission java.util.PropertyPermission org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER, read; }; Any help would be more than appreciated. Many thanks in advance, Alan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: webapps examples and security manager
Thanks for your reply. Not yet, which one would suggest me please? Alan On Tue, Sep 22, 2009 at 17:27, Mark Thomas ma...@apache.org wrote: Alan wrote: snip/ Any help would be more than appreciated. And when you try with a more recent version? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what is the upper limit of maximum heap memory for Tomcat with 32-bit JVM running on Red Hat Linux 4 (32-bit)
2. Your other 'workaround' is to install a 64 bit OS and a 64 bit JVM. Then you can have 7G+ for the JVM. Actually, to be totally clear, you can have pretty much as much memory as you have physical ram in the machine. In your case that's 7G+ For more info on the 64bit JVM see http://java.sun.com/docs/hotspot/HotSpotFAQ.html#64bit_heap Apparently RHEL 4 x64 supports up to 16GB and RHEL 5 claims 'unlimited' but I'll bet no-one has actually tried it with 16 TB. Regards Alan Chaney Li,Henry wrote: My Tomcat is running on 32-bit Red Hat 4 (2.6.9-78.0.1.ELsmp), host server has 8G physical memory and 4 processors. java version 1.4.2 gcj (GCC) 3.4.6 20060404 (Red Hat 3.4.6-10) I got java.lang.OutOfMemoryError Current configuration: -Xms1024M -Xmx2304M The host server has about 4.5G free memory. When I tried to increase -Xmx2304M to -Xmx3000M, I got this error: Error occurred during initialization of VM, Could not reserve enough space for object heap The maximum # I can reach is -Xmx2680M. QUESTION: Is there an upper limit for -Xmx? What is the work around? How can I use my free memory on the server to get rid of the OutOfMemoryError? Thanks, Henry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:4a68f4e844863033718476! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what is the upper limit of maximum heap memory for Tomcat with 32-bit JVM running on Red Hat Linux 4 (32-bit)
You are using a 32 bit operating system and a 32 bit processor. To make more than 4GB of ram available you must ensure that you have PAE support enabled in your kernel (search Google for Physical Address Extension) which may mean re-compiling for RHEL 4 (see Red Hat). Your processor may not support it but I'd suspect that when you say 4 processors you probably mean 4 cores and I believe all 4 core Intel CPUs do support PAE. Re-reading your email I see that you say that you have 4.5G of free memory - how did you determine this? 'top'? Even so, I cannot find any clear statement on the web that the 32 bit JRE will be able to address more than 4G even if you do have PAE enabled. I suspect not. Actually, 'suspect' is way too mild a term ... I would be completely astounded if you could... Possible workarounds are: 1. Try running 2 JVMs ( when you have PAE enabled) - of course this may not work in your application (you'd have to have two Tomcat instances.) 2. Your other 'workaround' is to install a 64 bit OS and a 64 bit JVM. Then you can have 7G+ for the JVM. Regards Alan Chaney Li,Henry wrote: My Tomcat is running on 32-bit Red Hat 4 (2.6.9-78.0.1.ELsmp), host server has 8G physical memory and 4 processors. java version 1.4.2 gcj (GCC) 3.4.6 20060404 (Red Hat 3.4.6-10) I got java.lang.OutOfMemoryError Current configuration: -Xms1024M -Xmx2304M The host server has about 4.5G free memory. When I tried to increase -Xmx2304M to -Xmx3000M, I got this error: Error occurred during initialization of VM, Could not reserve enough space for object heap The maximum # I can reach is -Xmx2680M. QUESTION: Is there an upper limit for -Xmx? What is the work around? How can I use my free memory on the server to get rid of the OutOfMemoryError? Thanks, Henry !DSPAM:4a68ee3b41041381456296! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The best place for implementing context specific behavior?
Andre André Warnier wrote: Pid wrote: The Filter checks the domain name is suitable, /looks up a config object/ and drops it into the request attributes for use on the page. Ha ! I believe that this is exactly what Jonathan is (or was originally) looking for. Where is this config object, and when and how is it being initialised ? One place to keep filter configuration information is as an attribute of the ServletContext. This can be obtained with the FilterConfig.getServletContext method. The FilterConfig object is a parameter of the doFilter method of the Filter. (See http://java.sun.com/javaee/5/docs/api/) This works within any one web app. I'm continuing for myself right now, just to learn how to do this correctly. Suppose I do want to do something different in my (shared, common, whatever) webapp, depending on the Host: header of the request. And suppose this different thing I want to do, is a bit heavy, so I don't want to do it all at each request, I want to do some of that work ahead of time, and re-use it for each request afterward. But the requests come in unpredictable order, all to my same webapp, but one for apples.company.com, and the following one for bananas.company.com etc. And when one comes in for bananas, I want to retrieve what I had earlier prepared for bananas, and not what I had prepared for lemons. (In other words, I don't want a fruit salad, I want to enjoy each fruit separately). You can write an object which handles the specific processing for each host and then create a Map as the attribute in the ServletContext using the host name as the key. At the start of each request in your Filter you could retrieve the object by using the host name as the key, do whatever host specific processing you need. You can add a ContextListener in web.xml will will allow you to do any servlet startup/shutdown operations. There are other ways, but the above should work. Regards Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Reading POSTed data
Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Reading POSTed data The servlet spec is very clear about when the request is consumed to fulfill a getParameter call and when the request is specifically /not/ consumed. What I find problematic is that the spec gives no hint about how to process POST data that is not parameterized. Lack of mentioning any alternative gives the impression that parameterization is the only way of handling it, whereas real-world practice is quite different. - Chuck I have an application which extensively uses message data in POST requests so I was a bit concerned by your comment above. However, P36 of my copy of the 2.4 servlet spec (sec SRV 4.1.1) says If [the POST Form data conditions] are not met and the post form data is not included in the parameter set, the post data must still be available to the servet via the request object's input stream. I don't want to appear picky, but that doesn't actually seem that problematic. If you don't set the content type as application/x-ww-form-urlencoded then you should be able to read it via the input stream Regards Alan Chaney THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. !DSPAM:4a3bf2e676342136417547! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: how to setup Tomcat 6.x fixes
Thank you Chuck for the advise. I was told to put the project on hold for now but can use your instructions if needed. Thanks Kirk -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Wednesday, June 03, 2009 8:27 PM To: Tomcat Users List Subject: RE: how to setup Tomcat 6.x fixes From: Meline, Kirk Alan. (ARC)[PEROT SYSTEMS] [mailto:kirk.mel...@nasa.gov] Subject: RE: how to setup Tomcat 6.x fixes I have download all the files from the windows section of http://tomcat.apache.org/download-60.cgi#6.0.20 O.k., you went a bit overboard, but there's no damage; I'd recommend just the Core .zip file for now. The Windows Service Installer will also work, but is a bit more difficult to use for people just getting started or wanting to run multiple Tomcats on the same box. Unlike the .exe download, the .zip lets you install Tomcat wherever you want to, and includes .bat scripts for running Tomcat from a command prompt. You can also install it as a Windows service with the .zip's service.bat script if and when you're ready to do that. Just unzip the download to whatever directory is convenient for you, and keep reading. I just would like to know how to install them while making sure I do not cause problems on apache. Not sure what you mean by cause problems on apache. Do you already have some other version of Tomcat installed? Do you already have httpd running on the system of interest? If there are potential conflicts with existing installations, you will want to edit the conf/server.xml file to change the port numbers to insure the version under test won't bother the current ones. The port numbers of interest are given in the Server and Connector elements. Find out what ports are in use (netstat will show you), and make sure your test copy of Tomcat doesn't try to use the same ones. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: how to setup Tomcat 6.x fixes
Thank you Mark. I appreciate it. Kirk -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, June 04, 2009 4:24 AM To: Tomcat Users List Subject: Re: how to setup Tomcat 6.x fixes Meline, Kirk Alan. (ARC)[PEROT SYSTEMS] wrote: Hi Where can I get instructions on setting up our Tomcat server with the new fixes? I have downloaded the new fixes but cannot see any instructions on the web site. If you mean How do apply the fixes for the security issues fixed in 6.0.20 to my current Tomcat instalation? then the answer is you need to do a clean 6.0.20 installation and transfer you webapps and configuration files across to this new installation. There is no official mechanism provided to patch a previous version. There are ways you can try and do this but they are reasonably risky and not recommended. Mark Thanks Kirk Kirk Meline Systems Administrator NASA Ames Research Center Mail Stop 213-7 Moffett Field, CA 94035-1000 1-(650) 604-6868 Office - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
how to setup Tomcat 6.x fixes
Hi Where can I get instructions on setting up our Tomcat server with the new fixes? I have downloaded the new fixes but cannot see any instructions on the web site. Thanks Kirk Kirk Meline Systems Administrator NASA Ames Research Center Mail Stop 213-7 Moffett Field, CA 94035-1000 1-(650) 604-6868 Office
RE: how to setup Tomcat 6.x fixes
Chuck I have download all the files from the windows section of http://tomcat.apache.org/download-60.cgi#6.0.20 I just would like to know how to install them while making sure I do not cause problems on apache. Thanks Kirk Meline Systems Administrator NASA Ames Research Center Mail Stop 213-7 Moffett Field, CA 94035-1000 1-(650) 604-6868 Office -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Wednesday, June 03, 2009 3:24 PM To: Tomcat Users List Subject: RE: how to setup Tomcat 6.x fixes From: Meline, Kirk Alan. (ARC)[PEROT SYSTEMS] [mailto:kirk.mel...@nasa.gov] Subject: how to setup Tomcat 6.x fixes Where can I get instructions on setting up our Tomcat server with the new fixes? Download, unzip (or untar), run: http://tomcat.apache.org/tomcat-6.0-doc/setup.html I have downloaded the new fixes but cannot see any instructions on the web site. What exactly did you download, and from where? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: new installation uid / pwd problem
Hi Ron Ronald G. Belcher wrote: I'm a newbie who just installed Tomcat 5.5. Installation messages told me the userid was tomcat55. When I attempted to view Status, Tomcat Administration, or Tomcat Manager from my browser, I was asked for a userid and pw. Of course, not knowing the password, I was treated to a message that said Access to the requested resource has been denied. Now I can't seem to do anything to get past the error, not even rebooting and/or restarting Tomcat. Help! Ron Please specify: tomcat version, jdk version, operating system version. Did you install tomcat by downloading from the tomcat.apache.org site? or is it a linux distro version. If the latter, then probably best to install the proper tomcat.apache.org version. You won't get much help on this list unless you do... To give you some guidance on your specific problem above http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html which will explain amongst other things that the 'default' security realm is controlled by a file called tomcat-users.xml in the $TOMCAT_HOME/conf directory. You will need to edit that file and then restart tomcat. You will also need to read (most) of the documents carefully. I guess you've got the linux distro because it would be much better to start with the currrent release version (6.0) than 5.5 HTH Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache/tomcat communication issues (502 response)
Hi Andre André Warnier wrote: feedly team wrote: [...] using netstat, i see a moderate number (~80) of tomcat's sockets in the CLOSE_WAIT state, not sure if this is relevant. Approximately, because I am not sure I have this really understood yet : a TCP CLOSE_WAIT state happens when the writing side of a TCP connection has finished writing and (nicely) closes its side of the socket to indicate the fact, but the reading side of the connection does not read what is left in the buffers, so there is still some data unread in the pipeline, and the reading side never closes the socket. And now I'm stuck in my explanation, because I am not sure which side is seeing the CLOSE_WAIT... ;-) I think that you are indicating one condition in which you can see a CLOSE_WAIT but there are many others. I also think that the condition you indicate is appropriate when the CLOSE_WAIT is observed at the receiving end of a communication, but is possible for a socket to be in this state when it has sent data as well, but of course there will be no outstanding data to send. More generally CLOSE_WAIT is the state in which a socket is left AFTER the other end says its finished and BEFORE the application which is using the socket actually closes the socket. The WAIT refers to the operating system waiting for the application to finish using the socket. I think a socket can be in a CLOSE_WAIT state without there being any further data to read or write - literally just waiting for the calling application to close it. Having written socket handling code for both Java and C++ on a variety of platforms I don't think there is any particular reason why Java should be better or worse (in fact, code which uses sockets in Java is generally pretty easy.) I suspect that your observations may be affected by local conditions eg one application is badly written but represents a lot of your network activity, so its behavior is predominant in conditioning your thinking. Or not! :) regards Alan Chaney But anyway, it indicates a problem somewhere in one of the two applications, my guess being the reading one. It should do more reads to exhaust the remaining data, get an end-of-stream, then close its side of the connection, but it never does. There is apparently no timeout for that, so the OS can never get rid of that socket, which probably leaves a bunch of things hanging around and consuming resources that they shouldn't. On one of our systems, I have occasionally seen this issue grow until the point where the system seemed unable to accept new connections. Now whether that has any bearing on your particular issue, I don't know. But it sure indicates a logical problem somewhere. There is quite a bit on the subject on Google, of unequal quality. If someone knows a more rigorous explanation, please go ahead. I will still add a purely sibjective and personal note : from personal experience, this phenomenon seems to happens more frequently whith Java applications than with others, so I would guess that there might be something in the Java handling of sockets that makes it a bit harder to write correct socket-handling code. A Java expert may want to comment on that too. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:49dc6634305142136417547! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Can only view pages on localhost
Hi Joel Joel wrote: I am a new user of Tomcat. In my test system I have pc's networked via a wireless router. The router assigns the IP address of 192.168.0.2 to the machine that runs Tomcat. When I run Tomcat using http://localhost/... or http://192.168.0.2/... everything works fine when I work on the local machine. But when I attempt to view web pages from any other machine on the network using http://192.168.0.2/... I get timed out. How should I configure Tomcat so that it accepts requests from other machines -- not just localhost? You don't mention operating system, tomcat version, jdk version - all of which would make it easier to help you. However, one wild guess is that you have a firewall which is preventing the other networked machine(s) from accessing the tomcat instance. HTH Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: not valid Tomcat installation
Sergey (and FYI Andre) For each server Eclipse uses, you must create a new entry in the 'Servers' folder. I'm assuming that you are using eclipse 3.3+ with WTP (Web Tools Project) plugins. One way to do it is as follows: From main menu Window-Preferences Select 'Server' click on triangle to get the drop down list and then select 'Runtime Environment' The select 'Add' You will get a list, the first of which is 'Apache' select Apache Tomcat v6.0 and then 'Next' now you will be at a menu called 'Tomcat Server Specify the installation directory' Use Browse to select the folder in which you installed Tomcat. It will check to see that it has the right files in it. You can specify the JRE that tomcat is run with below. You may want to use a different JRE than the one that you are running Eclipse with. For example, I start and run eclipse with a JDK1.5 but compile and run my applications with JRE from the 1.6 JDK. You can have more than one tomcat server defined in eclipse. Its up to you to configure them using the Server properties page to ensure that they use different ports. HTH - also see Eclipse Help Regards Alan Chaney Sergey Livanov wrote: no, I have only tc 6.0.18 CATALINA_HOME points to c:\tomcat 2009/3/21 André Warnier a...@ice-sa.com 2009/3/21 André Warnier a...@ice-sa.com Sergey Livanov wrote: I install Tomcat 6.0.18 in c:\tomcat. When add the new server Eclipse writes that tomcat install directory is not correct. It does not point to valid Tomcat installation. What should I do ? I don't now Eclipse at all, but how does it normally find out the path of a Tomcat installation ? When I add a new server I specify a path where Tomcat installed before. Tc5.r I installed without problems. If you still have both Tomcats, Eclipse may get confused. Is there by any chance a CATALINA_HOME variable defined, that points to something else ? (open a command window, type set and look) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:49c50f9b246552009820482! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: not valid Tomcat installation
Actually I missed the final step!! Right click in the Servers panel and New-Server will let you add the server. Then you can add web projects as required. Regards Alan Alan Chaney wrote: Sergey (and FYI Andre) For each server Eclipse uses, you must create a new entry in the 'Servers' folder. I'm assuming that you are using eclipse 3.3+ with WTP (Web Tools Project) plugins. One way to do it is as follows: From main menu Window-Preferences Select 'Server' click on triangle to get the drop down list and then select 'Runtime Environment' The select 'Add' You will get a list, the first of which is 'Apache' select Apache Tomcat v6.0 and then 'Next' now you will be at a menu called 'Tomcat Server Specify the installation directory' Use Browse to select the folder in which you installed Tomcat. It will check to see that it has the right files in it. You can specify the JRE that tomcat is run with below. You may want to use a different JRE than the one that you are running Eclipse with. For example, I start and run eclipse with a JDK1.5 but compile and run my applications with JRE from the 1.6 JDK. You can have more than one tomcat server defined in eclipse. Its up to you to configure them using the Server properties page to ensure that they use different ports. HTH - also see Eclipse Help Regards Alan Chaney Sergey Livanov wrote: no, I have only tc 6.0.18 CATALINA_HOME points to c:\tomcat 2009/3/21 André Warnier a...@ice-sa.com 2009/3/21 André Warnier a...@ice-sa.com Sergey Livanov wrote: I install Tomcat 6.0.18 in c:\tomcat. When add the new server Eclipse writes that tomcat install directory is not correct. It does not point to valid Tomcat installation. What should I do ? I don't now Eclipse at all, but how does it normally find out the path of a Tomcat installation ? When I add a new server I specify a path where Tomcat installed before. Tc5.r I installed without problems. If you still have both Tomcats, Eclipse may get confused. Is there by any chance a CATALINA_HOME variable defined, that points to something else ? (open a command window, type set and look) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:49c515bf249199080218370! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Vmware Server 2 web interface uses tomcat but hogs 8005 and 8009
Chris Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 3/17/2009 4:18 AM, Rainer Frey (Inxmail GmbH) wrote: On Monday 16 March 2009 22:42:27 Christopher Schultz wrote: Can you clarify this a bit? There is no special management instance. VMWare Server is an application that runs on a regular host operating system instance (it installs linux kernel modules though, and probably also Windows drivers). Interesting. This used to be called VMWare Workstation. Rainer's right - there's Vmware Server and Workstation (and others, eg the GSX product range.) I've used Server 1 and workstation on several machines and several operating systems for four years. My annoyance was the configuration of Server 2. Server 1 came with a separate application (VMware console) that you could use to connect to both local and remote clients. Server 2 has replaced this with a web ui. They (meaning this user on the VMWare community, who might or might not be associated with VMWare) say not to run server software on that host operating system. I take that as a recommendation to dedicate a machine to one purpose only (VM hosting in that case), which is common practice in many production environments, but no strict requirement. Yes, I accept I was a little frustrated at the time - my sentence was not intended to imply that Vmware had made the above statement, but more that I couldn't find any answer to the problem on their site. Okay, this makes sense (not the recommendation, just the explanation). What do you mean with the other end? I use VMWare Server 2 on Ubuntu (original tar.gz install from vmware.com), also found that it blocks the said ports, and simply changed the server.xml of the VMWare Tomcat. And how did the client find it? If I missed how to do it, I apologize for wasting everybody's time but there is no mention in the docs, I could find nothing on Google and my experiments indicated that you need to change both client and server and I could only find the server configuration. He still wants the web manager to work, and the /client/ expects to connect on a certain port. If you change VMWare's server-side ports, the client can no longer connect. Correct. I still don't understand why Vmware didn't make this configurable. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Vmware Server 2 web interface uses tomcat but hogs 8005 and 8009
I've just wasted about a couple of hours sorting out an issue with Vmware server 2 and tomcat and I thought I'd pass it along, hoping to save someone else a small piece of frustration. I've been setting up a new development workstation (CentOS 5.2) and switched to using vmware server 2 (because version 1 is now moribund). Version 2 uses a web interface which is apparently 'served' from a local tomcat instance. Yay tomcat! However, in their infinite wisdom vmware have changed the default http and https ports from 8080 and 8443, but left the startup port at 8005 and the mod-jk port at 8009, and, what's more, not provided any way to change it. I spent some time looking to see whether these were configurable, but I found nothing, apart from a rather snotty message on the vmware bulletin boards stating that they didn't think that you should run a server on the same platform as a vmware setup which is odd, because A. I do in production all the time and it works fine and B. haven't they heard of development environments? I don't know about other people but I have all sorts of servers running on my workstation when I'm testing and debugging things. I found the vmware 'local' tomcat installation (6.0.16) and obviously you can edit the startup and mod-jk ports there, but then also obviously it stops working unless you can edit the 'other end' as it were and that doesn't appear possible. I hunted through all the available configuration files but the values must be hard-coded. So it seems that you must reconfigure any other local tomcat(s) on the same machine to use (a) different startup port(s). Hope that someone, someday, finds this helpful. I'd be interested if someone else finds out more about this. Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help again... what means these errors?
Hi Andre Totally agree with your comments with respect to the OP's first exception. However, they actually had two exceptions in their original email with completely different time stamps. The 2nd exception appears to be a HibernateException 01-Mar-2009 11:36:21 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet HumanReadableLinksServlet threw exception org.hibernate.TransactionException: Transaction not successfully started at org.hibernate.transaction.JDBCTransaction.commit(JDBCTransaction.java:100) at The cause of this is probably completely unconnected to a remote client disconnect. The error above is thrown under the following conditiions: (from http://www.hibernate.org/hib_docs/v3/api/org/hibernate/TransactionException.html Indicates that a transaction could not be begun, committed or rolled back. With the very limited information given it is iimpossible to infer the exact cause but I would suspect that likely possibilities are a severe resource contention on the database or possibly a transaction timeout. The OP gave these two errors but didn't indicate whether they were happening repeatedly or just one offs. One further possibility is a poor network setup causing failure to access the database and/or connection failures with the client. More information would be required to correctly diagnose the problem. I doubt very much that the problem or problems are directly connected with Tomcat - more likely the application or the system configuration. Regards Alan André Warnier wrote: Laura Bartolomé wrote: Hi again... We are going on findind errors and problems... and we wanna cry... We certainly would not want that to happen, because then your messages here would get all mushy and more difficult to read. And Tomcat would probably not care. someone could explain what means these errors? The first: 01-Mar-2009 00:08:46 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet HumanReadableLinksServlet threw exception java.net.SocketException: Connection reset by peer: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(Unknown Source) at java.net.SocketOutputStream.write(Unknown Source) The above rather self-explanatory message (Connection reset by peer: socket write error) typically means what it says : the client (browser ?) went away before the server could send a response to it. That usually means : either a) the user clicked the stop or cancel button in the browser, before he received the answer to his request or b) the impatient user clicked on another link on the current page, causing the browser to interrupt the current connection to the server and load the new page, before the server could send the response to the previous request The above 2 reasons probably cover at least 90% of the cases. It could be due to the application being so slow to answer, that the human user gets impatient and starts clicking all over. c) some communication problem occurred between the client and the server, causing the TCP connection to be closed prematurely. From personal experience, that may be due to some proxy or other in-between element, closing the connection because nothing happened on that connection for some time. Anyway, with 100% certainty, it means that when the server was ready to send the answer to the client, it could not, because the connection with the client had been closed for some reason. and the other: 01-Mar-2009 11:36:21 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet HumanReadableLinksServlet threw exception org.hibernate.TransactionException: Transaction not successfully started at I am no specialist, but according to the above message, that seems to be something in the hibernate application, not something coming from Tomcat itself. So you probably should ask in some hibernate forum what it means. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:49aaa5fc82807785049143! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help again... what means these errors?
Sorry, didn't see the end! Alan André Warnier wrote: Alan Chaney wrote: Hi Andre Totally agree with your comments with respect to the OP's first exception. However, they actually had two exceptions in their original email with completely different time stamps. The 2nd exception appears to be a HibernateException Yes, which I mentioned also in my answer. You need to read to the end though... ;-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:49aad1ae104581527717022! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: error while building tomcat 5.5
Do you have write permission to the following directory as the user you are using to do the build? You may have to 'su' or 'sudo' or change the access permissions on /usr/share/java to allow the build script to write to it. Regards Alan Chaney h iroshan wrote: /usr/share/java/tomcat-native-1.1.12/tomcat-native.tar.gz - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: J2EE on Mac
Caldarale, Charles R wrote: That was already specified: the OP wants to compile servlets; nothing beyond a JDK is needed. - Chuck Everything said about J2EE, classpaths etc is perfectly correct. However, the other thing the OP said was that they want to use Eclipse on a Mac. To build web applications with eclipse the best thing to do is to install the appropriate web development add-ons - we use the Web Standard Tools (WST) options. This is best installed using the software updates option within Eclipse. After having done that and configured a local tomcat installation as a 'Server' within Eclipse you are, as they say, good to go and all you need to do is to select a new Dynamic Web Project when creating a new project. Eclipse then takes care of all the library and classpath issues. There is no need to download or install anything other than a binary tomcat, eclipse and then, within that, eclipse WST (or the combined package in the first place.) Let me just add that the above is an abridged summary to try to get the OP on the right path, not to start a long flame about the advantages and disadvantages of eclipse! Regards Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: J2EE on Mac
Mighty Tornado wrote: Hi, I installed Tomcat on my mac OS X and it's running. I also have Eclipse Europa. Now I don't think I have J2EE installed - How do I do it? I went to Sun's website and it gave me an archive with GlassFish which I don't need. Can somebody please tell me where I can download the latest J2EE for Mac? What I need to do to compile servlets with it in Eclipse? Thank you. !DSPAM:49a24c91167621527717022! Dear Mighty, Re-reading your email again, you say that you installed Europa. AFAIK Europa comes with WTP installed. All you need to do is to download a tomcat release, configure that as a Server and then create a Dynamic Web Project. See the tutorials in the eclipse help. Works for Mac, PC, Linux, Solaris. Regards Alan Chaney ( a long time eclipse user with a major love-hate relationship with eclipse) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authenticating Users
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, I was the OP on this one. Mark just made a couple of suggestions. On 2/21/2009 4:06 PM, Mark Thomas wrote: 5. Patch DataSourceRealm 6. Make case sensitivity configurable and contribute your patch back to the ASF. 7. Use securityfilter to write your realm, and not be tied to Tomcat. Had a brief look at 'securityfilter' - however we actually do require container managed security as we have several applications. Other alternative as previously mentioined is acegi. 8. Many databases use case-insensitive string comparisons already. Case-insensitive passwords (probably a bad idea!) Actually, in general, I agree that its a bad idea. However, each case has to be handled in the light of the actual users expectations. In the case of this specific application the users are artists who are generally extremely computer naive. We commonly get support enquiries I can't log into my account EVEN THOUGH we have sent them their account names and passwords because they are not correctly capitalizing their usernames or passwords. It is important to keep to keep the case of usernames because, as I said, they are artists, and the capitalization may have significance to them as part of their brand. The information on the site is publically available after it has been published. There is no commercial or sensitive information on the site. will work if you aren't hashing them. If you are, you'll have to lowercase them or something. Exactly. One problem for a general solution is that there are variations in the name of the 'lowercase' function between databases. So far, I've found that Postgres, MySQL and Oracle appear to support 'lower()' but M/SQL has it as tolower() (thanks again MS) If you /are/ hashing them, you'll need to do a password migration where anyone who changes their password gets it lowercased but passwords that existed beforehand are still case-sensitive. You cannot avoid this, now matter what your solution is. In this specific case at the moment we aren't hashing them, but you raise a good general point about hashing which I'll have to think about. Regards Alan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to close open connections after application stop?
Edoardo wrote I have resultset.close(); statement.close(); connection.close(); in my code. and connection = dataSource.getConnection(); seems very close to my ambiente = (Context) new InitialContext().lookup(java:comp/env); pool = (DataSource) ambiente.lookup(jdbc/myApp); Connection conn = pool.getConnection(); there are a lot of debug information in my code and seems that nothing is going wrong (no exceptions). but... if you post that it means that I am doing something wrong. Edoardo I don't think so. Let me recap your problem: When you undeploy an application from tomcat (using the DBCP pooling mechanism) you can't make STRUCTURAL changes to the database because it complains that connections are still in use. This is exactly what one would expect. I've encountered the same problem. When an application finishes with a database connection it is returned to the pool. That's exactly what a connection pool is for! As far as I can see by looking at the tomcat source code the connection pool is created at startup and remains active until TC shutdown. Once a connection has been obtained from the pool it may stay 'active' for the entire duration of the TC session (that is, from TC start to TC stop) Obviously, depending upon your usage, it is possible for more than one application in the same container to be reusing the same connection pool. Your original post indicates that only one app. is using the database. It seems to me that: 1. you could just shutdown tomcat! If this is a production site the best plan would be to write a script which renames the database and does whatever else you need, test it on a development machine and just find a 'quiet' time to shutdown the site, update the db and restart. 2. Move the connection pool into your application. Thus shutting down the application would shutdown the pool. 3. As I assume you are using DBCP in Tomcat, carefully read the DBCP docs, configure your system so that you can directly access the POOLED connections, keep a list of ALL the connections you use and then shut them down at the end. This is fraught with difficulty. Regards Alan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authenticating Users
Gregor Schneider wrote: To the OP: 1. May I ask what database it is you're using? Postgres - but a more general solution would be nice. 2- I'd go for the following solution: Create a JSP-page accepting the credentials. The username should be converted to uppercase. The password should be left as is so that case-sensivity here is maintained. That doesn't actually fit in with the Servlet CMS. I can easily decode the user name and password by your mechanism. However, then I have to rather extensively modify my code (covering 3 applications and 4 web services) to apply the credentials. What I was looking for was a way of extending what I already have. Don't know if I'm missing something, but to me that looks like a walk in the park. See above. The problem is not decoding the password, but making sure that the container managed security mechanism is maintained. So far, the best suggestions that I've had are: 1. Modify DataSourceRealm 2. Use secuirityfilter. From my point of view, as I don't use hashed passwords at the moment the easiest thing to do is to modify the DataSourceRealm as suggested by Mark Thomas. However, I think that the ability to extend the login system to use either a user name or an email address would probably be useful for other people. I'll give it some thought. Regards Alan Rgds Gregor - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authenticating Users
Martin Gainty wrote: Which specific attributes are you seeking that are not in DataSourceRealm? Realm className=org.apache.catalina.realm.DataSourceRealm debug=99 dataSourceName=jdbc/authority userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#DataSourceRealm ? To summarize I (or,actually my marketing dept') have the following requirements. 1. password be case insensitive [I may be able to talk them out of this] 2. username be case insensitive. 3. email address can be used as a synonym for the user name. 4. Security managed by Tomcat CMS. Mark T suggested that I modify DSR appropriately. Chris Schultz pointed out correctly that it gets a bit more complicated if the pwd must be hashed. I've looked at the code to DSR and it seems to me that the following would work. 1. add an 'alternative' userNameCol (eg altNameCol) and in the configuration as above point that at the email column. 2. in the code, IF the login fails using the 'user_name' then try it with the altNameCol. 3. to make things case insenstive simply convert the username to lower case and use a 'lower' function on the column value. 4. to make the thing a bit more flexible an additional boolean parameter 'isCaseInsensitive' could be added to select the behavior has in 3. above. Defaults could be chosen such that the current configuration setup still works (eg the default value for isCaseInsensitive is false) Only real gotcha that I can see for making it database independent is that the function used to create lower case is not univerally 'lower()' (M/SQL appears to be toLower()) so it might be necessary to pass the string for the function name as an optional configuration parameter. I realize that many people would advise against the idea of case insensitive passwords - however, despite my personal reservations I am willing to accept that in the case of this particular application the reduction in security is acceptable. If hashed pwds are used then there are 3 solutions: 1. don't allow case insensitive passwords - only user names. 2. provide two columns one for lower case versions of the pwd. 3. convert all the existing password HASHES to the lower case equivalent, but hashed passwords are not my principal concern I've downloaded and built 6.0.18 and looked at the DSR code - doesn't look like a very big job to make the changes that I want so I may have go tomorrow. As I use 6.0.18 I can easily test it by just patching in the .class file for DataSourceRealm on my dev. system. Regards Alan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Authenticating Users
Hi We have a site which has users log in to create/edit account information. Nothing unusual there. Currently this is implemented with a JDBCRealm and it all works OK. However, we have a 'marketing requirement' to remove case sensitivity (but NOT case preservation) from user names and passwords. I cannot see anyway to do this directly with JDBCRealm or DataSourceRealm. Unless I'm missing something, the username and password provided to j_securitycheck are explicitly matched for case. Additionally, we will shortly need to offer an alternative login mechanism - using either a login name or an email address in the same field. So far, I can see the following options: 1. Implement a filter that 'sits around' the login form and translates case on password and username to lower case and create a lowercase 'shadow' password table in my database. So, when a request is received for the 'secured' pages this would be fed through this filter. However, I don't think this will work, because I suspect that the security check is run BEFORE any filters that I have configured in web.xml. 2. Implement some java script to convert entered fields to lower case on the login form (GHASTLY!) Still doesn't fix the password thing. 3. Implement my own Realm - intercept the requests - identify the supplied string in the username field as an email address (or not), look up the user by email address in the database (which in my case must be unique). As I use PostgreSQL I can then write a 'like' query to case insensitively find matching user and password. Upside - it should work. Downside - I then have to add the resulting jar to $TOMCAT_HOME/lib on all my servers and update the MBean descriptor (which I don't completely understand how to do - advice?) 4. Possibly do something similar to 3 but with a JAAS. Does anyone have any suggestions or comments? I'm perfectly OK with using Acegi - my only issue with that after a browse through the docs I don't see how I can meet my requirement of username/email and password case insensitive but case preserving without additional code for Acegi either. Obviously I can take that issue to the acegi/spring forums if acegi is the only solution (that is 1, 3, and 4. above won't work - 2. is out) Thanks in advance Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authenticating Users
Mark Thomas wrote: 5. Patch DataSourceRealm (should just be a couple of changes to make the checks case insensitive) and deploy your patched version to each of your Tomcat instances. To do this you'd put your DataSourceRealm.class file in CATALINA_HOME/lib/org/apache/catalina/realm 6. Make case sensitivity configurable and contribute your patch back to the ASF. Providing it is database neutral, there is a good chance it will be accepted for Tomcat 7 and maybe back-ported to Tomcat 6. Mark Ok Mark I'll have a go at 5. and 6. I'll report back in a few days. Regards Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Apache Tom Cat in a VM as VMWARE or Red Hat Virtualization
Christopher Schultz wrote: Isn't xen basically dead? Or have rumors about its demise been greatly exaggerated? I thought everyone was moving to kvm. Tell that to Citrix? They made revenues of about $620M last year almost entirely based on Xen technology. Still only a fraction of VMWare's t/o, though. ($1,9B) Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tom Cat in a VM as VMWARE or Red Hat Virtualization
I agree with Jorge - I run several Tomcats under VMware for both production and development. However it is worth noting that if you use the appropriate vmware tools for your installation (vmware-guestd etc.) you get a significant performance boost on network accesses which may well be important for tomcat. (See vmxnet) YMMV. Regards Alan Chaney Jorge Medina wrote: There are no issues on running Tomcat in a VM. Tomcat is unaware of where it is running. Performance depends on the host running your VM. If you compare a VM running application A on host H compared to application A running directly on host H, you will notice that running on the real server is faster. This is true for any application, not just Tomcat. -Original Message- From: acacio costa [mailto:acaciofco...@yahoo.com.br] Sent: Wednesday, February 18, 2009 2:33 PM To: users@tomcat.apache.org Subject: Apache Tom Cat in a VM as VMWARE or Red Hat Virtualization Hi, Does anyone use Apache Tom Cat in a VM as VMWARE or Red Hat Virtualization? i apreciate to know if you have issues and a tips to go on. Other things to know, Performance comparative with a real server? as the same? better? What the parameters you perceive as better than other environment and what cause as you move Tom Cat to VM. Thanks in advance, Acacio Costa Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:499c67d762582136417547! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] of the different methods to get a user-id
Chris, I offer my opinions here as a real grey beard (literally). I certainly agree with you that people should have a breath of skills allowing them to use the right tool at the right time. However, notwithstanding the fact that the other day I worked out that I have actually used about 15 different programming languages in anger (that is, part of code used by other people) I have to admit that my occasional brush with Perl has been unrewarding (for both me and the language...) My biggest problem is that I've never seen a little bit of typing as a big issue, but reading and trying to understand something a few weeks/months/years later is always fraught with difficulties. The main problem with perl is that I can never remember exactly what #...@!$% means whereas something like getUserPrincipal() works for me! Regards Alan Chaney Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, What the hell.. let's start a holy war?! On 2/13/2009 10:25 AM, André Warnier wrote: Their merit is all the greater since they work in the obscure non-graphical background, they never get any of the attention, and they have to share machines with some Java programs, which means they get only the usage of a tiny fraction of the RAM and CPU cycles, although they do most of the real work and have to do it with a single thread each. Hear, hear! Even some of the old-school programmers, mostly in their later years, succumb to the what-the-heck syndrome and come to appreciate the sense of security and comfort provided by strongly-typed and rigidly object-oriented languages Heck, lots of folks on this list won't even use cron to schedule jobs. Instead, they write web applications wrapped around Quartz because it's just easier to deploy or some other such nonsense. IMHO, you either have control of your production environment yourself (and can do whatever you want) or you have an ops team with complete control of your production environment (and they ought to be able to handle scary stuff like scheduling cron jobs and running shell scripts) or you have no control whatsoever and therefore do not have a production environment. There, I said it. :p On the other hand, seeing object-oriented perl really makes me queasy. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmZ2FIACgkQ9CaO5/Lv0PDOQgCeJno3T9D2GnoWpTFswcvInUCn zpcAnijMpytndgIfPe6knYmum47WOj56 =QFoD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:4999da4713771562881678! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Internal Buffering with Jython
Hi Prashant The first question - which version of Tomcat? What operating sytem? What JVM? and in your case which version of Jython? Secondly please could you clarify exactly how your web is structured? My understanding from your first email is: 1. servlet is called with request containing a file (presumably mutlipart encoded?) 2. the file data is then fed into a python script running either using a java6 ScriptManager or similar. 3. and then what? Are you streaming the output from that file straigth into the PrintWriter/OutputStream of the HttpServeltResponse? Or are you trying to save the file locally? Regards Alan Chaney Prashant Golash wrote: Hi Tomcat-Apache Gurus, I have a web application where from the front end user loads a file and gives it as input to Java classes.The file is given as input to a python script which converts it into some other format. Here I have used the concept of jython. The file is converting properly in the parent directory of Tomat but with some of the data which is missed.The problem is when I close the tomcat,then additional data is added to the converted file which completes the correct conversion. I want to know whether some internal buffer of Tomcat is holding the extra data. If so how to retrieve it. Sincerely, Prashant golash !DSPAM:4997ebf763341804284693! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Internal Buffering with Jython
Hi Prashant So the exact problem is that after your jsp page is called and the data processed then the file is incomplete? Presumably then you are using ordinary file I/O to write to this file? If that's the case, then I think the answer to your original question is No - no internal buffer of tomcat is holding the data Tomcat's buffering is connected with processing servlet request/responses and it doesn't seem that you are using the response object to write your data to the output stream. I assume that you have checked that all of the data is being read from the request by some logging or debugging? I would suspect that a file or stream is not being flushed/closed and that when tomcat is stopped this flushing is happening because the streams are being closed automatically. Maybe you can create some unit tests which can help isolate this problem. It may be either in your file writing code or in the way you are using the jython libraries. Without seeing your code in detail its difficult to be more helpful. I'd guess that you could take your core logic and replicate the problem independently of tomcat. One other point is that saving this file in the tomcat home directory doesn't seem particularly elegant. You could use the default work directory. I doubt that has any relevance to the problem HTH Alan Prashant Golash wrote: Hi Alan, Below are the details for the versions and OS: Tomcat Version : 6.0 OS : Windows XP JVM : 1.6 The way web is structured is: I have some precompiled python scripts which are actually compiled by jython into java classes(Before deploying). I have one python script which uses these precompiled python classes.Now I am giving one file as input to this python script and it internally produces the output file using this input file. This output file is saved locally in the parent directory of Tomcat. There is one jsp page which takes input from the user and then passes the request to Java class which actually calls this Python script. Note:The python script is actually called using the PythonInterpreter class and all those Java and Jython integration techniques. Sincerely, Prashant golash On Sun, Feb 15, 2009 at 10:02 PM, Alan Chaney a...@compulsivecreative.comwrote: Hi Prashant The first question - which version of Tomcat? What operating sytem? What JVM? and in your case which version of Jython? Secondly please could you clarify exactly how your web is structured? My understanding from your first email is: 1. servlet is called with request containing a file (presumably mutlipart encoded?) 2. the file data is then fed into a python script running either using a java6 ScriptManager or similar. 3. and then what? Are you streaming the output from that file straigth into the PrintWriter/OutputStream of the HttpServeltResponse? Or are you trying to save the file locally? Regards Alan Chaney Prashant Golash wrote: Hi Tomcat-Apache Gurus, I have a web application where from the front end user loads a file and gives it as input to Java classes.The file is given as input to a python script which converts it into some other format. Here I have used the concept of jython. The file is converting properly in the parent directory of Tomat but with some of the data which is missed.The problem is when I close the tomcat,then additional data is added to the converted file which completes the correct conversion. I want to know whether some internal buffer of Tomcat is holding the extra data. If so how to retrieve it. Sincerely, Prashant golash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:49984b33117283966023671! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: starting and stoppping tomcat
I think you need to rethink your use cases here... Exactly WHY do you need to start and stop tomcat from a button on a web page? Or do you really need to enable/disable some kind of function? Generally speaking servers don't expect to be started or stopped by their clients - well, ok, sometimes you can stop a service by a client but almost by definition you can't start a service from a client... Typically tomcat provides a way of processing requests received from remote web clients and arranges for the requests to be processed by a web application. Your application may have state which can be controlled by the request. This shouldn't normally affect tomcat's normal operation. HTH Alan Chaney paybackorfail wrote: That's a good point, what if it was just an html page? Mark Thomas-18 wrote: paybackorfail wrote: Hi, I have written a web application in netbeans using java and jsp, and i am hosting it on a server using tomcat, i need help on finding a way to start and stop the server by the user clicking a button on a jsp page, do i have to use the org.apache.catalina.ant.StartTask of the tomcat api? can anyone help? If Tomcat is stopped, how is it going to handle a user clicking on a button on a JSP page to start it? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: starting and stoppping tomcat
My earlier point was that you need to think about it in a slightly different way. Starting and stopping the server is something that is normally done rarely and anyway, you can't start something that is not already started by using it to start itself! What you should do is to add a boolean flag - a state variable to your servlet. You can set or clear this flag with your page button. Use this flag to condition your database access - so when the timer event fires, it checks the state flag and then accesses the database. Regards Alan paybackorfail wrote: Hi, thanks for replying, my application will take some data from a website and insert this data into a database and i schedule the application to do this every hour using contextlistener and timertask as a java servlet. At the moment it starts updating the database as soon as i upload the application to the server, I need a way to shutdown the server so it will stop updating the database Alan Chaney wrote: I think you need to rethink your use cases here... Exactly WHY do you need to start and stop tomcat from a button on a web page? Or do you really need to enable/disable some kind of function? Generally speaking servers don't expect to be started or stopped by their clients - well, ok, sometimes you can stop a service by a client but almost by definition you can't start a service from a client... Typically tomcat provides a way of processing requests received from remote web clients and arranges for the requests to be processed by a web application. Your application may have state which can be controlled by the request. This shouldn't normally affect tomcat's normal operation. HTH Alan Chaney paybackorfail wrote: That's a good point, what if it was just an html page? Mark Thomas-18 wrote: paybackorfail wrote: Hi, I have written a web application in netbeans using java and jsp, and i am hosting it on a server using tomcat, i need help on finding a way to start and stop the server by the user clicking a button on a jsp page, do i have to use the org.apache.catalina.ant.StartTask of the tomcat api? can anyone help? If Tomcat is stopped, how is it going to handle a user clicking on a button on a JSP page to start it? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fun with the JVM crashing.
Hi Bill My development workstation is a 64 bit Ubuntu 8.04. I've had numerous problems with SIGSEGV crashes when I run my applications under Eclipse 3.3, but the same machine also runs the same applications from the same version(s) of tomcat (6.0.14,6.0.16 and 6.0.18) I found that what seemed to affect the thing the most was 'loading up' the JVM. My app is actually 5 different wars - I get the most problems when all of them are loaded. I found it so frustrating that I've actually procured a 2nd 64 bit machine to try to see what common factors there are. For example, I was going to see if Eclipse 3.4 was better than 3.3. I tried b4 thru b16 and it seems to have made no difference. No real answer here, just me giving you some more background data. Regards Alan Chaney Bill Davidson wrote: I've submitted this to Sun a few times. No response. I was hoping someone here might have an idea of what to look for. Tomcat 6.0.18 RedHat 5.2Server Sun JVM # # An unexpected error has been detected by Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x2b68e6a1db57, pid=10229, tid=1103006016 # # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.0-b16 mixed mode linux-amd64) # Problematic frame: # V [libjvm.so+0x564b57] # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # --- T H R E A D --- Current thread (0x4bfe5c00): JavaThread CompilerThread0 daemon [_thread_in_native, id=10244, stack(0x41ae8000,0x41be9000)] siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0x . Current CompileTask: C2:2525 com.myCompany.servlets.sales.blah.some.method(Lcom/myCompany/servlets/someClass;Lcom/myCompany/servlets/otherClass;Lcom/oreilly/servlet/ParameterParser;)V (425 bytes) .. - I'm wondering if that CompileTask is what's causing the problem. I'm thinking that the JVM shouldn't be getting SIGSEGV's. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:498b962676632009820482! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: PostgreSQL vs MySQL with Tomcat
I stopped using MySQL when it was at version 4 because the transactional locking table (InnoDB) had different licensing restrictions than the rest of MySql (I'm not sure if this is true any longer.) We switched to Postgresql (of comparable price!) and basically found it well-documented, reliable and fast (as long as you make sure to 'vacuum' it) Postgresql is under the BSD license which suited our needs better than the dual-licensing arrangement of MySQL. PGSQL has a very comprehensive set of features and I've not had any problems using it in conjunction with Hibernate. MySQL 5 now has better transactional support than 4 - although I am personally sceptical of their reliance on 'atomic' locking - I don't quite see how that would work with long transactions and an optimistic locking strategy. So, in the end you pays your money and you takes your choice (grin) Alan Chaney Terence M. Bandoian wrote: I don't have a great deal of experience with Postgres but I have been using MySQL since the days of mSQL and have found it to be fast, reliable, easy to install on both Linux and Windows and straightforward to administer. It provides good support for the ANSI standard and the documentation is good in identifying extensions to or deviations from the standard. All of the basic tools, from query analysis to command line administration programs, are documented and function reliably. Statement syntax is very well documented. Features include localization, various character sets (UTF-8 and Unicode), data encryption, client/server encryption, stored procedures, triggers, transactions, APIs for a number of programming languages and support for ODBC, JDBC and .NET. Configurability is provided mainly through some 250+ system variables which may be set at startup (on the command line or in the options file) or dynamically with the SET statement. I have been very pleased with its performance both administratively and as a programmer and you can't beat the price. -Terence M. Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:4974eae8230262136417547! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Random Connection Closed Exceptions - Question to the code example
Hi Stefan You don't need to repeat the stmt.close();conn.close() etc in the 'try' body. The 'finally' by definition is ALWAYS called and that is where you should do the tidy up... Alan Chaney Stefan Riegel wrote: I guess I understood the point with the Random Connection Closed Exceptions Problem. See at the end of http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html As I understand, only the connection itself must be protected this way. The statement and ResultSet must not. Is the following, simplified code also correct? Connection conn = null; Statement stmt = null; ResultSet rs = null; try { conn = ... get connection from connection pool ... stmt = conn.createStatement(select ...); rs = stmt.executeQuery(); ... iterate through the result set ... // SUPERFLUsOUS rs.close(); stmt.close(); conn.close(); // Return to connection pool conn = null; // Make sure we don't close it twice //SUPERFLUOUS } catch (SQLException e) { ... deal with errors ... } finally { try { rs.close(); } catch (SQLException e) { // deal with errors } try { stmt.close(); } catch (SQLException e) { // deal with errors } if (conn != null) { try { conn.close(); } catch (SQLException e) { // deal with errors } conn = null; } } Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Random Connection Closed Exceptions - Question to the code example
Hi Stefan I went and read the comments more carefully and it seems to me that the proposed solution is an attempt to avoid a race condition between issuing the 'close' in one thread and then it being closed again whilst its being used in another thread. If the problem is closing it twice then I can't see why its not just closed in the 'finally' block, once for each thread. If it is a concurrency problem then I suspect that the proposed solution in the docs isn't the right one anyway. I'd suspect that the problem is more to do with threads not seeing each others memory state properly. Isn't this is a case of a variable (in this case 'conn') actually being a reference to an object which is shared between threads? Because of the JVM memory model it is possible for two threads not to be properly synchronized - see Doug Lea et.al and 'happens before' . Personally, I feel that the correct solution is to synchronize access to the connection object when it is retrieved and closed. I have to go out now and I don't have any more time to consider this today, but I'd be interested to hear other people's comments on this topic. Regards Alan Chaney Stefan Riegel wrote: Thanks Alan, just to make the thing really clear. You propose code like this: public void execute() { Connection conn = null; Statement stmt = null; ResultSet rs = null; Context envContext = null; try { Context initContext = new InitialContext(); envContext = (Context) initContext.lookup(java:/comp/env); DataSource ds = (DataSource) envContext.lookup(jdbc/swex); conn = ds.getConnection(); stmt = conn.createStatement(); rs = stmt.executeQuery(some sql); // iterate through the result set ... } catch (SQLException e) { e.printStackTrace(); } catch (NamingException e) { e.printStackTrace(); } finally { if (rs != null) { try { rs.close(); } catch (SQLException e) { e.printStackTrace(); } } if (stmt != null) { try { stmt.close(); } catch (SQLException e) { e.printStackTrace(); } } if (conn != null) { try { conn.close(); } catch (SQLException e) { e.printStackTrace(); } } if (envContext != null) { try { envContext.close(); } catch (NamingException e) { e.printStackTrace(); } } } For me this looks fine but I'm still confused, why they complicated things in the example of properly written code http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html? Hmm... frankly the code in the docs you refer to above seems odd to me... why repeat in the 'finally' something you've done in the 'try'? I can see that setting the variables to null would ensure that all references were released and the objects were made candidates for garbage collection but that could be done in the finally block anyway at some convenient point. Obviously in your code you might not want to obtain and release the context for every JDBC operation - that would probably be done in some kind of start-up/shutdown code for your app, and of course your exception handling may need some more work depending upon the way you want to present the error to your users, but I assumed that the issue you are concerned with is preventing resource leaks. Any comments anyone else? Regards Alan Do I miss some important point here? Stefan Alan Chaney schrieb: Hi Stefan You don't need to repeat the stmt.close();conn.close() etc in the 'try' body. The 'finally' by definition is ALWAYS called and that is where you should do the tidy up... Alan Chaney Stefan Riegel wrote: I guess I understood the point with the Random Connection Closed Exceptions Problem. See at the end of http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html As I understand, only the connection itself must be protected this way. The statement and ResultSet must not. Is the following, simplified code also correct? Connection conn = null; Statement stmt = null; ResultSet rs = null; try { conn = ... get connection from connection pool ... stmt = conn.createStatement(select ...); rs = stmt.executeQuery(); ... iterate through the result set ... // SUPERFLUsOUS rs.close(); stmt.close(); conn.close(); // Return to connection pool conn = null; // Make sure we don't close it twice //SUPERFLUOUS } catch (SQLException e) { ... deal with errors ... } finally { try
Re: Tomcat Beginner - Step 2!
Toriacht Eclipse wst has a number of dfferent ways of working. It looks like you have selected the (default) way in which eclipse creates its own internal copy of the webapps directory - in your case in the folder E:\\ ..\tmp1\service_demo. What the error is saying is that as tomcat starts it can't find the doc base. This is most likely for the following two reasons: 1. the directory really isn't writeable 2. more likely, you've managed to get eclipse out of sync with your project. I suggest that you try the following: Find the 'Server' tab (normally in one of the bottom panes) Find the tomcat server - right click on in and select 'Clean' and then 'Refresh' This will rebuild the internal copy. Try starting it again. If this still doesn't work, then please provide the following: The FULL startup display from the 'console' pane Your web.xml Thanks Alan Toriacht wrote: Thanks guys... I'm not sure if the following is an Eclipse or Tomcat issue. I have a simple webservices demo written from tuorial. It appeared that teh server was started up thru server staus window of eclips..console o/p etc but it never appeared in task manager or the tomcat was not accessable thru a browser. On closer inspection I found the following error..this happens when i try to start the server thru eclipse.. SEVERE: Error starting static Resources java.lang.IllegalArgumentException: Document base C:\Documents and Settings\Brian\workspace\ganymede\.metadata\.plugins\org.eclipse.wst.server.core\tmp1\wtpwebapps\service_demo does not exist or is not a readable directory at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:141) Any ideas? T p.s. I have another thread on web services that ended up asking the same qn as above. although it started out as a more generic question. I hope this not against policy. I'll delete other thread if required. Caldarale, Charles R wrote: From: g f [mailto:gfo...@gmail.com] Subject: Re: Tomcat Beginner - Step 2! Change your port forwarding(virtual server) to forward port 80 (on the outside) to port 8080 on the inside. If your router/modem doesn't support port forwarding, change the Connector port in conf/server.xml to use 80 rather than 8080. You must restart Tomcat whenever you make changes to the server.xml file. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: File upload fails
How big is the file? Connection reset is commonly caused by the the client dropping the connection. This could be because of connectivity problems - for example, issues with the clients ISP. I have had problems with specific browsers over this as well (our site has dozens of large mpeg and jpeg uploads each day). The worst culprit proved to be Safari 3 on a Mac. Is the upload done with SSL? I doubt that restarting the server makes any difference one way or the other. Why not get the client to test with a non-urgent file and a non-urgent time when you have a chance to fault-find? Also, you may want to watch the upload with something like wireshark to see exactly what is happening and when. Regards Alan Chaney javacle wrote: pWe have a customer who uploads a file on a daily basis. Usually it works, but about once every two weeks it fails with this error in the log : porg.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Connection reset pAfter restarting tomcat, sometimes three times, it eventually works. Whether the restarting is significant or just the passage of time that clears some other fault I dont know .. there is always a panic to get it working pThe customer is on the other side of the continent, but today she emailed the file to me and I had the same error trying to upload her file from the office the first time (i.e. same building as server). So that would seem to eliminate long-distance network latency/timeout as a factor. pNothing I am aware of has changed since the last time it worked, however something may have changed in the network, or on the server, without being noticed. Any advice would be appreciated tomcat 5.5, jre 1.4.2, Red Hat Enterprise Linux ES release 4 (Nahant) Kernel 2.6.9-5.ELsmp on an i686 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: File upload fails
javacle wrote: The file is about 30Mbytes .. I get the same error uploading from the office on the same LAN as the server. Ok - not likely to be a problem with the remote connection, then. What do you see in your browser when the upload fails? Have you got any browser debugging - if you are using Firefox you can easily add the 'LiveHttpHeaders' plugin which I find very useful. What happens inside your application following the upload? Is there a significant period of processing in the same thread as the servlet doGet? If so, its possible that your connection is timing out. As you can simulate the problem in your office, what happens if you DON'T restart tomcat after you get the connection issue? If you just leave it for a little while can you then upload again? Browser is (I think) always MSIE 6 .. but maybe sometimes Mozilla .. that's something to check. I will look into wireshark. Having a monitor on the connection will be useful. You should be able to install wireshark from your distro. I assume that as you are using MSIE then your dev. system is a PC? I develop on linux and don't know of any particular network monitor to recommend. HTH Alan Alan Chaney wrote: How big is the file? Connection reset is commonly caused by the the client dropping the connection. This could be because of connectivity problems - for example, issues with the clients ISP. I have had problems with specific browsers over this as well (our site has dozens of large mpeg and jpeg uploads each day). The worst culprit proved to be Safari 3 on a Mac. Is the upload done with SSL? I doubt that restarting the server makes any difference one way or the other. Why not get the client to test with a non-urgent file and a non-urgent time when you have a chance to fault-find? Also, you may want to watch the upload with something like wireshark to see exactly what is happening and when. Regards Alan Chaney javacle wrote: pWe have a customer who uploads a file on a daily basis. Usually it works, but about once every two weeks it fails with this error in the log : porg.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Connection reset pAfter restarting tomcat, sometimes three times, it eventually works. Whether the restarting is significant or just the passage of time that clears some other fault I dont know .. there is always a panic to get it working pThe customer is on the other side of the continent, but today she emailed the file to me and I had the same error trying to upload her file from the office the first time (i.e. same building as server). So that would seem to eliminate long-distance network latency/timeout as a factor. pNothing I am aware of has changed since the last time it worked, however something may have changed in the network, or on the server, without being noticed. Any advice would be appreciated tomcat 5.5, jre 1.4.2, Red Hat Enterprise Linux ES release 4 (Nahant) Kernel 2.6.9-5.ELsmp on an i686 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Retrieve User Role
Hi Ben You can get it from the request. In JSP you can access the request implict object to get the value of the HttpServletRequest#getRemoteUser() method ... Returns the login of the user making this request, if the user has been authenticated, or null if the user has not been authenticated. (quote from j2ee docs for HttpServletRequest) The exact syntax to use depends upon whether or not you are using EL. If you are using tags.. % String username = request.getRemoteUser() % and in EL you can use the 'pageContext'. Try: ${pageContext.request.remoteUser} /// I think... you may need to check. and use as you see fit... Alan Ben Tomlinson wrote: I have set up login security for some of the pages in my website. I have a JDBCRealm setup and working correctly. But now I want to change the layout of my pages (all jsp pages) according to the user that is logged in. How do I retrieve information about the user that is actually logged in? Mainly I want the user role or the user name but I can't seem to get it from the session. Any help would be appreciated. Ben - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:49667e4a164556657853550! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Single WAR to update multiple contexts
Sean Wouldn't it be easier to have ONE webapp and determine the database from, for example, the URL its invoked with? Its a little difficult to know exactly how you are doing things but instead of having /ctx1 /ctx2 /ctx3 and mapping each one to ctx1.war why not have a filter in your setup which determines that its invoked with /ctx1 and passes a parameter to the actual servlet which selects the database you require? You could have one web app as ROOT and do it that way. Maybe you could explain further why you need 200 separate versions where the only difference is the name of the database? Regards Alan Chaney Sean W wrote: Greetings! I have a single war packaged application that needs to have about 200 unique context paths running (200 copies of the application running - each uses a different database based on the context name). I know how to deploy 1 context at a time, but how can I do this so that if I want to update all these contexts to the next version, I can update them all at the same time easily? Any suggests are much appreciated. Thanks! -Sean W - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Hints on upgrading from 6.0.14 to 6.0.18 on production server
Hi I have a 6.0.14 running with Apr 1.1.10 and I seem to be seeing instances of CVE-2007-6286: Tomcat duplicate request processing vulnerability (64-Bit Server VM (build 1.6.0_03-b05, mixed mode) (Centos 5.0 - Linux 2.6.18-8.el5 x86_64 ) The obvious thing to do is to upgrade from 6.0.14 to 6.0.18. Firstly, are there any changes in server.xml and web.xml in 6.0.18 that mean I can't just use the existing ones in the new installation. My current installation has $TOMCAT_HOME pointing to /usr/local/tomcat My intended upgrade sequence is: 1. opy down 6.0.18 and untar it int /usr/local/tomcat18 (after checking signatures) 2. copy over the jars that I have placed in the old $TOMCAT_HOME/lib (eg postgres jdbc jar) to /usr/local/tomcat18/lib 3. copy over my webapp wars from $TOMCAT_HOME/webapps to the new webapps folder. 4. as I am using jsvc to control tomcat, copy over the 'tomcat' file from the $TOMCAT_HOME ('tomcat' is actually a shell script which sets up all the environment variables for jsvc.) jsvc is in /usr/lib/tcnative/jsvc so it should be unaffected by the move. However I do need to copy over the $TOMCAT_HOME/bin/commons-daemon.jar. 5. stop the old server and rename its directory to /usr/local/tomcat.old 6. rename the directory of the new server to that of the current the new server. 7. restart the server. Am I missing anything? What have I overlooked? I need this to go as smoothly as possible as there is quite a lot of traffic on this site. Thanks in advance Alan Chaney - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Hints on upgrading from 6.0.14 to 6.0.18 on production server
Or stop using APR... but that in itself is quite a lot of work as I'll have to reconfigure my SSL. Hmm... Gregor Schneider wrote: If I'm not mistaken, the APR has caused the bug, and 6.0.16 contains a new version of the APR. Since this usually comes as a source, you'll have to re-compile the APR. Cheers Gregor - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Sudden and unexpected exception at Tomcat startup
Hi Andre Tomcat DOES in fact rewrite the tomcat-users.xml file during startup. This has been mentioned on this list several times as being insecure but the general opinion is that you should not be using the MemoryUserDatabaseRealm in production. Actually, I found that not only does it rewrite it, but it also uses the current umask so that it is quite likely that the file will become world-readable. You should probably do what the gurus suggest and switch to a more robust realm (eg JDBC etc) Here are some suggestions you have probably already tried: What are the permissions on the /svr/www/tomcat/base/conf folder? Are you sure that the user that tomcat runs as can write to that folder? Have you checked that tomcat is running as the user that you expect? Is it possible that there is a filing system error or even a disk error? Regards Alan Chaney André Warnier wrote: Hi. Does someone have an idea of what is going as per the logfile catalina.out below ? What is this IOException all about ? This is a Tomcat 5.0.x under Suse Enterprise Linux 10.1, which had been working fine until now and suddenly logs this at startup. This Tomcat runs under an IBM JVM 1.5. Tomcat is started, as per the listening ports and the ps display I can see, but apparently the access to Tomcat (through Apache and mod_jk) does not work anymore (tells me : The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. ) Additional info : - the directory /srv/www/tomcat5/base/conf/ is writeable by the user tomcat under which Tomcat is started. - To my knowledge, the server.xml has not been changed since the previous succesful restart 2 days ago, and neither has tomcat-users.xml server.xml (excerpts) : ... !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams ... (further under Engine and Host :) Realm className=org.apache.catalina.realm.UserDatabaseRealm debug=0 resourceName=UserDatabase/ ... catalina.out : 2008-12-28 13:21:58,543 [main] INFO org.apache.catalina.core.StandardService - Starting service Catalina 2008-12-28 13:21:58,545 [main] INFO org.apache.catalina.core.StandardEngine - Starting Servlet Engine: Apache Tomcat/5.0 2008-12-28 13:21:58,548 [main] WARN org.apache.naming.NamingContext - Unexpected exception resolving reference java.io.IOException: IOException writing to /srv/www/tomcat5/base/conf/tomcat-users.xml.new at org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:495) at org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:98) at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:129) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316) at org.apache.naming.NamingContext.lookup(NamingContext.java:791) at org.apache.naming.NamingContext.lookup(NamingContext.java:151) at org.apache.catalina.realm.UserDatabaseRealm.start(UserDatabaseRealm.java:252) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1075) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478) at org.apache.catalina.core.StandardService.start(StandardService.java:480) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:618) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) javax.naming.NamingException: IOException writing to /srv/www/tomcat5/base/conf/tomcat-users.xml.new at org.apache.naming.NamingContext.lookup(NamingContext.java:803) at org.apache.naming.NamingContext.lookup(NamingContext.java:151) at org.apache.catalina.realm.UserDatabaseRealm.start(UserDatabaseRealm.java:252) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1075) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478) at org.apache.catalina.core.StandardService.start
Re: Setting /WebContent as ROOT for an application
In Eclipse, assuming you have the WTP tools installed, you create a 'Dynamic Web Project.' This has a folder structure of which the essence is: MyApp src com mypackage Abc.java build com mypackage Abc.class WebContent index.html (or jsp or whatever) WEB-INF web.xml lib a.jar b.jar In the above com.mypackage.Abc.java is your web application, and a.jar and b.jar are any runtime libraries that application requires (NOT stuff already in $TOMCAT_HOME/lib) When you compile and run applications within eclipse it copies the WebContent structure to the webapps directory of its (internal) tomcat, and in WEB-INF creates a folder called classes and copies the contents of the 'build' folder their. This normally happens automatically every time you start the server inside eclipse. When you want to deploy the project to an external instance of tomcat (eg a production server) you right-click on the Export.. option in the project context menu and then select WAR (there's a suprise). The war file by default has the project name (in the above expample MyApp.war. This should be copied to the webapps folder of the tomcat instance and if you've stuck to the normal server.xml configuration it should deploy. It will be available at http://the.tomcat.instance:8080/MyApp/index.html (or jspt or whatever) This is an incredibly brief summary of what is undoubtedly an obscure and complex process for the new-comer (been there.. done that...) and which sadly is not especially well EXPLAINED anywhere that I have found. There are some 'cookbook' type recipes on the web, which are often inconsitent. Hope that helps Alan Chaney (a daily eclipse user, but hardly an eclipse guru...) Markus Schönhaber wrote: Tom Blank: The reason why I'm asking is, because I'm using eclipse and its 'dynamic web project' structure. I'm no Eclipse user either, but AFAIR the folder Webapps is part of an Eclipse Dynamic Web Project. And a project folder is not meant to be simply copied to Tomcat's appBase (judging from your OP, it seems to me that's what you've been doing). You could, for example, export your project to a WAR file and deploy this. Experienced Eclipse users may know of other/better ways of deployment. You might consider asking in the appropriate Eclipse mailinglist/newsgroup. Regards mks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org !DSPAM:4943f4d3100632009820482! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session replication for JPetStore application in tomcat 6
Anupam I think this is probably your problem. You create and save information in one node and then look to see if it is in the other node. It will only be there if you are independently synchronizing the database state, because, as you said in your previous emails, they are independent. The database state is nothing to do with the http session, you must manage that separately. 2) Is it necessary to make the petstore database on each of nodes clustered for session replication to happen ? Regards Alan Chaney - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]