RE: Tomcat JSessionID regex
Chris, Thanks for the reply! As far as why I was looking a regex to match the session ID, it was more to know what was valid or not. I certainly can match based on anything that isn't a space where I expect it to be. I just wanted to know how large it was so I could allocate enough space to it. Thanks once again, Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Friday, April 04, 2008 2:09 PM To: Tomcat Users List Subject: Re: Tomcat JSessionID regex -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Andrew R Feller wrote: | While working on a trending tool, I decided to capture users' session | IDs. However, I don't know A.) How long they are OR B.) What characters | are valid for a session ID. I have not found any documentation stating | anything about it, so I was hoping someone here knew. The servlet specification does not contain any rules for the session id, other than that it must uniquely identify users. That suggests some minimum length to cover all reasonable numbers of unique visitors. Other than that, there are no constraints. There's nothing that says the session id needs to be a certain length (or even minimum length!), made up of certain characters, etc. Tomcat happens to use a random 16-byte session id that is transmitted as a cookie value by converting it into 32 letters and numbers representing the nibbles in network byte order. So, if the session id is [0x01, 0x23, 0xab, ...] then the cookie value will look like 0123ab You can't write a regexp that will always work, but you can write one that will work on Tomcat. May I ask why you need e regular expression for this value? Why not simply accept all session id values, regardless of their content? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkf2fNYACgkQ9CaO5/Lv0PBR6wCgmxvZ7i69wpKXxV9yDcnqXz+o 5D8AoJvWso+MfjmS7+r+D8HVnMtsAPzS =3mp5 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat JSessionID regex
While working on a trending tool, I decided to capture users' session IDs. However, I don't know A.) How long they are OR B.) What characters are valid for a session ID. I have not found any documentation stating anything about it, so I was hoping someone here knew. Thanks, Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University http://www.lsu.edu/ Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax)
RE: Storing sessions to disk like Apache HTTP server
Thanks for the replies Chuck as always; I meant to say that sooner. =P I am also sorry this reply is a week overdue, however I have been tied up for a week. Let me explain the situation a little more thoroughly and see what your thoughts are then: For several critical applications such as SSO and student registration, we want them clustered over multiple servers behind a load balancer. The SSO application's load consists of users logging in and ticket processing. The student registration application's load consists of thousands of students pounding at a handful of servers constantly in hopes they can schedule their classes before they fill up. It is like people watching an eBay auction and constantly refreshing the page to see if they have the winning bid and upping it whenever they aren't. If a server goes down, the load balancer will forward traffic to the others such that no one will experience interruption of service. Obviously, this requires the application servers to be clustered such that their sessions are replicated with one another. Given that our SSO solution is currently clustered among three machines: 1. Does Tomcat keep all session information strictly in RAM or does it swap out to disk? If it swaps out to disk, is there any way to configure how much session information can be kept in RAM? 2. What commonly used formulas are there to determine sufficient RAM based on load size? I am currently reviewing logs from our peak application usage as well as an average day to determine the number of logins / second. 3. Is it better to split large clusters into smaller ones with a few nodes replicating to the other clusters? (Example below with nodes denoted by O) SSO CLUSTER -- | CLUSTER A | || | O--O | | \/ | |O--O| || || ||--|| || || |O--O| | /\ | | O--O | || | CLUSTER B | -- I posed my original question (Can Tomcat write session information to disk or database like the Apache HTTP) because it seemed more scalable as: 1. Our SAN has several terabytes worth of space so session information can grow easily. 2. Reduces RAM bottleneck 3. Reduces network traffic to replicate session information I would appreciate any thoughts and alternatives you have to offer! Thanks, Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 27, 2008 2:17 PM To: Tomcat Users List Subject: RE: Storing sessions to disk like Apache HTTP server From: Andrew R Feller [mailto:[EMAIL PROTECTED] Subject: RE: Storing sessions to disk like Apache HTTP server Actually, the system we are concerned about will have tens of thousands of concurrent users. Number of users != number of sessions, unless they all log in and stay logged in concurrently (or you have a very high session timeout setting). Regardless, given the price of memory and the ready availability of 64-bit platforms, there's no sense in over-engineering this. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Storing sessions to disk like Apache HTTP server
Is there any way to store sessions to disk like Apache HTTP server? If it isn't possible, is there any reason why this would never make its way into Tomcat? I noticed there is a PersistentManager available with Tomcat, however it appears experimental and only swaps idle sessions to disk. Thanks, Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University http://www.lsu.edu/ Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax)
RE: Storing sessions to disk like Apache HTTP server
Some coworkers had concern that Java applications had difficulties scaling due to session information kept within memory. This was spurned on by an article from when Friendster rewrote their site from Java to PHP. (http://www.oreillynet.com/onlamp/blog/2004/07/php_scales.html) The thought was if Tomcat could store session information to disk, then we could configure some of our Tomcat servers to work with one of our large SANs rather than replicating the session. It could even then be worked into session replication to reduce the amount of traffic needed to replicate session information. Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) -Original Message- From: Stephen More [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 27, 2008 9:36 AM To: Tomcat Users List Subject: Re: Storing sessions to disk like Apache HTTP server On Wed, Feb 27, 2008 at 9:41 AM, Andrew R Feller afe.u wrote: Is there any way to store sessions to disk like Apache HTTP server? Can I ask why do you want to ? -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Storing sessions to disk like Apache HTTP server
Actually, the system we are concerned about will have tens of thousands of concurrent users. We are using a Java-based Single Sign On solution to tie together our various applications. Given that we have 30,000 students and another 5,000 - 7,000 faculty and staff, we can have a lot of activity. Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 27, 2008 1:57 PM To: Tomcat Users List Subject: RE: Storing sessions to disk like Apache HTTP server From: Andrew R Feller [mailto:[EMAIL PROTECTED] Subject: RE: Storing sessions to disk like Apache HTTP server Some coworkers had concern that Java applications had difficulties scaling due to session information kept within memory. Do you really think you're going to have tens of thousands of concurrent sessions? Or is your application designed to load up each session with megabytes of data? Rather than add complexity to handle what is likely a non-issue, why not take the simple and inexpensive route: run a 64-bit environment and add memory as needed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat plans for per-webapp session replication
My apologies; let me clarify: Are there plans for session replication such that configuring server.xml is unnecessary? So rather than configuring it at the server level and simply marking a webapp as distributable, you could configure session replication in a webapp's META-INF or WEB-INF. Thanks, Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 3:45 PM To: Tomcat Users List Subject: Re: Tomcat plans for per-webapp session replication Not sure what you mean by this: session replication is local to webapps. After configuring the cluster element in server.xml, you need to activate replication for each webapp with a distributable element in web.xml and only session changes for those webapps with distributable set get replicated. On the receiving end the replication messages are automatically dispatched to the same webapp. Maybe I din't understand your question? Regards, Rainer Andrew R Feller schrieb: Are there any plans to have Tomcat handle session replication on a per-webapp basis? We currently have several servers configured for session replication because of a single application. Not only do we not want session values from other applications on the machines to be replicated as it is unnecessary, we wanted a way to store that configuration with a webapp's META-INF. Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University http://www.lsu.edu/ Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat plans for per-webapp session replication
Are there any plans to have Tomcat handle session replication on a per-webapp basis? We currently have several servers configured for session replication because of a single application. Not only do we not want session values from other applications on the machines to be replicated as it is unnecessary, we wanted a way to store that configuration with a webapp's META-INF. Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University http://www.lsu.edu/ Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax)
RE: Tomcat DB2 JDBC issue
Thanks for the reply Chuck! Hr, the -cp command-line parameter will include the JARs within Tomcat's System classloader, correct? (http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html) Regardless of whether the class is loaded into System or Common, I fear the issue we are encounter won't be resolved. The issue stems from the manner of how Tomcat handles classloading which throws exceptions when a class is loaded by a different classloader than the one instantiating a value for/to it. Here is another example I am dealing with: The login module and application use Log4J for logging, so there is a private static final Logger member declared within the login module and associated classes (authorization factory to determine which authorization module to use). There are Log4J jars reside in the application as well as the common directory. These login module classes are loaded by the server, however it is not until the web application invokes the initialize/login/commit methods that an instance of Log4J's logger is instantiated and assigned to the member. Because the class was loaded by the standard classloader and being set by the webapp classloader, Log4J fails to log anything from that JAR. Here is the error log: 2007-11-16 07:02:39,011 [http-8080-2] DEBUG edu.lsu.infrastructure.java_web_utils.security.LoginServlet - Redirecting request to j_security_check log4j:ERROR A org.apache.log4j.ConsoleAppender object is not assignable to a org.apache.log4j.Appender variable. log4j:ERROR The class org.apache.log4j.Appender was loaded by log4j:ERROR [EMAIL PROTECTED] whereas object of type log4j:ERROR org.apache.log4j.ConsoleAppender was loaded by [WebappClassLoader delegate: false repositories: /WEB-INF/classes/ -- Parent Classloader: [EMAIL PROTECTED] ]. log4j:ERROR Could not instantiate appender named stdout. log4j:WARN No appenders could be found for logger (edu.lsu.infrastructure.java_authorization.sam_authorization.Authorizati onFactory). log4j:WARN Please initialize the log4j system properly. I realize the solution to this is to remove the log4j JAR from the webapp, however it makes developing applications more difficult as you need to setup JARs for every project you work on, copy these over whenever a new version of Tomcat comes out, etc. /vent Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 3:44 PM To: Tomcat Users List Subject: RE: Tomcat DB2 JDBC issue From: Andrew R Feller [mailto:[EMAIL PROTECTED] Subject: RE: Tomcat DB2 JDBC issue With all of this grief developing a LoginModule that is used invoked on a Context basis, I have noticed there are lots of issues with classes loaded by the server/common classloaders in the LoginModule that are also needed by the webapp. For our custom JAAS login module, we simply follow the rules given at: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JAASRealm In particular: 3. Place the compiled classes on Tomcat's classpath We do this via the -cp used to launch Tomcat. This allows Tomcat and all webapps to see the necessary classes (although I don't think we have any webapps at the moment that actually look). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat DB2 JDBC issue
Thanks Gregor for the help! We were able to get the issue resolved by removing the DB2 driver jar from the web application and keeping it in Tomcat's lib directory, which is picked up by the common classloader. The issue stemmed from having the driver in both the common and webapp lib directories. Once again, thank you for the effort! Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Gregor Schneider [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 2007 9:43 AM To: Tomcat Users List Subject: Re: Tomcat DB2 JDBC issue Hi Andrew, I've just checked the DB2-JDBC-Drivers: You'll need two files: 1. db2jcc_license_cu.jar 2. db2jcc.jar Both files should be somewhere on your copy of DB2 or you should be able to download them via the IBM-website. If you're running Db2 on OS390/zOS, you'll need a certain APAR first - the DB2-docs should give you some information here. Copy those files to $CATALINA_HOME/common/lib Then, create your data-pool in your context.xml-file of the application: ?xml version='1.0' encoding='utf-8'? Context Resource auth=Container description=DB Connection for... name=jdbc/IndexYOUR_DS_NAME type=javax.sql.DataSource factory=org.apache.commons.dbcp.BasicDataSourceFactory driverClassName=com.ibm.db2.jcc.DB2Driver username=YOUR_USER password=YOUR_PASSWORD url=jdbc:db2://host:port/database maxIdle=30 maxWait=1 maxActive=10 validationQuery=SELECT 1 testOnBorrow=true testWhileIdle=true timeBetweenEvictionRunsMillis=1 minEvictableIdleTimeMillis=28800 poolPreparedStatements=true removeAbandoned=true removeAbandonedTimeout=300 logAbandoned=false/ /Context Don't know if validationQuery=SELECT 1 works for DB2 - if not, replace it with a working one. Cheers Gregor On Nov 16, 2007 9:22 AM, Gregor Schneider [EMAIL PROTECTED] wrote: It's quite some time since my last experience with DB2, however, maybe this gives you a start: There are multiple jdbc-drivers available for DB2. Obviously, youÄre using a class3-JDBC-driver, meaning that this is not a plain java-driver but needs some middleware to connect to DB2 (DB2-Connect). However, DB2 also is offering a class4-JDBC-driver that does not make use of any such middleware. We're also using this driver in some client's environments. When I'm in the office later on, I'll lookup the name and the jdbc-url and let you guys know. Cheers Gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat DB2 JDBC issue
We are not explicitly using a SecurityManager; simply created a LoginModule and configured the deployment descriptor for FORM based authentication and a particular role. I realize I should make one other qualification for this thread: this is running on a Windows machine. Though our test and production environments run RHEL 5, individual developers run on Windows. As far as file permissions, read and execute access is granted for all users. Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 9:19 AM To: Tomcat Users List Subject: RE: Tomcat DB2 JDBC issue From: Andrew R Feller [mailto:[EMAIL PROTECTED] Subject: RE: Tomcat DB2 JDBC issue The question now is why Tomcat cannot use the driver if it is in the common directory? By any chance, are you running with a SecurityManager? Any access permission issues that would prevent Tomcat from reading the .jar file? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat DB2 JDBC issue
We just made a little progress though the solution is unacceptable. After placing the DB2Java.jar into the lib/ext of the JDK, the driver is loaded appropriately and a connection is created. The question now is why Tomcat cannot use the driver if it is in the common directory? Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Andrew R Feller [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 8:51 AM To: Tomcat Users List Subject: RE: Tomcat DB2 JDBC issue Marty, AFAIK, those are the only two places to obtain the driver. I currently have DB2 Connect v9 installed on my machine, so I have the driver. So far, we are able to get the driver working from a simple Java app compiled via the command line and an application ran in Eclipse. The issue only occurs when we attempt to run it in Tomcat. Maybe it is a classloader issue? I tried refactoring the code to use the DB2 DataSource directly and receive this error in Tomcat: javax.security.auth.login.LoginException: java.lang.UnsatisfiedLinkError: COM.ibm.db2.jdbc.app.DB2Connection.SQLConnect(Ljava/lang/String;II)I at COM.ibm.db2.jdbc.app.DB2Connection.SQLConnect(Native Method) at COM.ibm.db2.jdbc.app.DB2Connection.connect(Unknown Source) at COM.ibm.db2.jdbc.app.DB2Connection.init(Unknown Source) at COM.ibm.db2.jdbc.app.DB2ReusableConnection.init(Unknown Source) at COM.ibm.db2.jdbc.DB2PooledConnection.getConnection(Unknown Source) at COM.ibm.db2.jdbc.DB2DataSource.getConnection(Unknown Source) at COM.ibm.db2.jdbc.DB2DataSource.getConnection(Unknown Source) at edu.lsu.infrastructure.java_authorization.sam_authorization.JDBCAuthoriz ationModule.getConnection(JDBCAuthorizationModule.java:176) at edu.lsu.infrastructure.java_authorization.sam_authorization.JDBCAuthoriz ationModule.isUserInDirectory(JDBCAuthorizationModule.java:130) at edu.lsu.infrastructure.java_authorization.sam_authorization.LSULoginModu le.login(LSULoginModule.java:138) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:362) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAut henticator.java:258) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2 63) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:84 4) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process( Http11Protocol.java:584) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:362) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAut henticator.java:258) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java
RE: Tomcat DB2 JDBC issue
Trying a few more experiments and made some insights. By blanking out the environment variable for PATH and restarting Tomcat, the application, which was being initialized successfully, now fails in the same way Tomcat was failing originally, so we theorize that Tomcat might be having difficulties finding the DB2 Connect binaries/executables. Does this make any sense? Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 9:19 AM To: Tomcat Users List Subject: RE: Tomcat DB2 JDBC issue From: Andrew R Feller [mailto:[EMAIL PROTECTED] Subject: RE: Tomcat DB2 JDBC issue The question now is why Tomcat cannot use the driver if it is in the common directory? By any chance, are you running with a SecurityManager? Any access permission issues that would prevent Tomcat from reading the .jar file? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat DB2 JDBC issue
Hey Chuck, We had the same idea about the java.library.path property, too. After more fiddling around, I think we figured out what is going on. 1st: Set JAVA_OPTS to include java.library.path to include the SQLLIB/JAVA directory of DB2 Connect 2nd: Removed the DB2java.jar from the web application and have it in common. I think this was a combination of different classloaders loading the JAR and the lack of library path. I am still working on it to see if anything else happens as a result of this. Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 11:22 AM To: Tomcat Users List Subject: RE: Tomcat DB2 JDBC issue From: Andrew R Feller [mailto:[EMAIL PROTECTED] Subject: RE: Tomcat DB2 JDBC issue By blanking out the environment variable for PATH and restarting Tomcat, the application, which was being initialized successfully, now fails in the same way Tomcat was failing originally, so we theorize that Tomcat might be having difficulties finding the DB2 Connect binaries/executables. Maybe, but the error message is one of those catch-all types used to cover a variety of problems. You can check the value of the java.library.path system property in a running Tomcat with Lambda Probe or JConsole; make sure it includes the location of the .dll you need. Is the DB2java.jar in more than one location in the classloader hierarchy? (E.g., in both Tomcat's lib directory and the app's WEB-INF/lib.) Are there any other exceptions thrown besides the No suitable driver one? I would have expected a CNFE or something like that as a root cause. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat DB2 JDBC issue
Chuck, With all of this grief developing a LoginModule that is used invoked on a Context basis, I have noticed there are lots of issues with classes loaded by the server/common classloaders in the LoginModule that are also needed by the webapp. It cannot be this difficult for everyone. What pitfalls / tips can you or anyone give for this scenario? Thank you for all the help, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Andrew R Feller [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 12:59 PM To: Tomcat Users List Subject: RE: Tomcat DB2 JDBC issue Hey Chuck, We had the same idea about the java.library.path property, too. After more fiddling around, I think we figured out what is going on. 1st: Set JAVA_OPTS to include java.library.path to include the SQLLIB/JAVA directory of DB2 Connect 2nd: Removed the DB2java.jar from the web application and have it in common. I think this was a combination of different classloaders loading the JAR and the lack of library path. I am still working on it to see if anything else happens as a result of this. Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 11:22 AM To: Tomcat Users List Subject: RE: Tomcat DB2 JDBC issue From: Andrew R Feller [mailto:[EMAIL PROTECTED] Subject: RE: Tomcat DB2 JDBC issue By blanking out the environment variable for PATH and restarting Tomcat, the application, which was being initialized successfully, now fails in the same way Tomcat was failing originally, so we theorize that Tomcat might be having difficulties finding the DB2 Connect binaries/executables. Maybe, but the error message is one of those catch-all types used to cover a variety of problems. You can check the value of the java.library.path system property in a running Tomcat with Lambda Probe or JConsole; make sure it includes the location of the .dll you need. Is the DB2java.jar in more than one location in the classloader hierarchy? (E.g., in both Tomcat's lib directory and the app's WEB-INF/lib.) Are there any other exceptions thrown besides the No suitable driver one? I would have expected a CNFE or something like that as a root cause. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Web app classloader loading JAAS LoginModule instead of server
While developing a custom JAAS module to use Hibernate for users' authorization profiles on a new application, we found that the Hibernate login module was being initialized not by the server's classloader but the webapp's classloader! As we want to have different Realms declared for each web application, we don't want to set a realm and security constraints at the server level. This issue came up while stepping through Tomcat's log. Whenever the application was being initialized, then its hibernate.cfg.xml was loaded up from /WEB-INF/classes by the webappClassLoader. Later on whenever the protected resource was requested and the JAAS login module was invoked, the login module was ALSO loaded by the webappClassLoader and the hibernate.cfg.xml it requested was loaded from the webappClassLoader's cache instead of searching for the one in server/classes. Questions: 1. Why is the webapp's classloader loading classes for the login module? Is this the intended behavior? 2. How is it possible to make Tomcat initialize the login module without the login module being declared for the entire server? Sincerely, Andrew Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737
j_security_check redirect after login
How does j_security_check know where to redirect users to after they have logged in? I have searched for any documentation related to how j_security_check works but to no avail nor am I able to find out where in the Tomcat source code j_security_check is declared or invoked. Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737
RE: j_security_check redirect after login
Christopher, Please accept my apologies for my poor reactions. Thank you and others (Chuck, Matthias) for taking more time than you had to help me with this issue. Regards, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 3:07 PM To: Tomcat Users List Subject: Re: j_security_check redirect after login -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Andrew R Feller wrote: I'm sorry but maybe I am reading a different version of the servlet specification than you: it only explains the case where you access a container-managed resource and then login. That would be the only case covered by the servlet specification. Your question about what happens when drive-by logins are attempted (trying to submit directly to j_security_check with no prior request for a protected resource) can easily be answered by trying it: you'll find that Tomcat responds with either a 404 NOT FOUND error or something else entirely unhelpful. The specification only provides for a request / challenge / authentication / re-process request cycle. Anything else the servlet container chooses to support is outside of the specification. Since Tomcat does not implement anything outside the specification in this area, there is no further documentation to provide. The question I had was what happens when you directly request the login form and successfully login. As you never requested a container-managed resource, then how does it know where to send you. Not only will it not know where to send you, but it will not work at all. If you want to do unsolicited logins, you will need to use a 3rd-party authentication scheme like securityfilter or ACEGI. David Smith atleast understood it well enough to answer with the thought that the servlet container wouldn't allow you to access the login form directly. I understood. Perhaps my reply was terse, but anything not covered by the servlet specification should be considered undefined behavior by definition. I was trying to point that out, perhaps a bit too subtly. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHM3pk9CaO5/Lv0PARAhzTAKCnK8uLLP1FMcWD50WQ3penMLFKPwCgq4rA gNMqGdTMdSjFRA7CFHe8dUw= =24DQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: j_security_check redirect after login
Christopher, I'm sorry but maybe I am reading a different version of the servlet specification than you: it only explains the case where you access a container-managed resource and then login. The question I had was what happens when you directly request the login form and successfully login. As you never requested a container-managed resource, then how does it know where to send you. David Smith atleast understood it well enough to answer with the thought that the servlet container wouldn't allow you to access the login form directly. If that is the case, then my worries are eased. If not, then I will deal with it then. I've got enough information that I can work out the rest from here; thanks to those that have given some useful information and not just witty remarks. Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 1:40 PM To: Tomcat Users List Subject: Re: j_security_check redirect after login -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Andrew R Feller wrote: 3. It is unclear what happens in the event when a user requests the form- login-page directly instead of going through a container-managed resource. How does j_security_check know where to redirect the user once he has authenticated successfully? If you're still asking, please read section 12.5.3 of the servlet specification: it tells you exactly what the servlet container is expected to do. It's available online from Sun's website. If you want to see /how/ it's done, you're going to have to dig around in the Tomcat source code. Th reason the code is not documented is because the specification outlines the behavior: there's no reason to document the code, etc. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHM2Yq9CaO5/Lv0PARAhzaAJ99NhIYjUUlY0seR/GDElFtDiklJQCfZrDb 5ouywvbE1WtVoKVzOKrV0II= =B+j0 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: j_security_check redirect after login
Thank you Chuck, Matthias; I appreciate the direction. The reasons why I ask are: 1. There were no apparent connections between requesting a container-managed resource, logging in via the form-login-page, and receiving the originally requested container-managed resource. 2. Little documentation on j_security_check from vendors; just assumes people know it is part of the servlet specification. 3. It is unclear what happens in the event when a user requests the form- login-page directly instead of going through a container-managed resource. How does j_security_check know where to redirect the user once he has authenticated successfully? 4. I appreciate understanding exactly what is going on in a system. Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Reich, Matthias [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 12:08 PM To: Tomcat Users List Subject: RE: j_security_check redirect after login You should also have a look at /org/apache/catalina/authenticator/FormAuthenticator.java In this class you can find the details about how requests are saved and restored. When I once digged into the details I wondered whether it is correct to restore all the headers of the original request. E.g., if a user clears the browser cache while the browser shows the login dialog, the resubmit of the original request will not include an 'if-modified-since' header, which was available in the stored request. In such a situation the servlet will see the header from the original request and could decide to return NOT MODIFIED status. The servlet spec does not tell you if this is correct behavior or not, but it may be interesting to know about this behavior. (And that's why we like open source projects where we can look how it really works :-) Regards, Matthias -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 6:02 PM To: Tomcat Users List Subject: RE: j_security_check redirect after login From: Andrew R Feller [mailto:[EMAIL PROTECTED] Subject: j_security_check redirect after login How does j_security_check know where to redirect users to after they have logged in? Read the servlet spec; to quote from SRV.12.5.3.1: If the form based login is invoked because of an HTTP request, the original request parameters must be preserved by the container for use if, on successful authentication, it redirects the call to the requested resource. Unless you are going to muck around with Tomcat internals, what difference does it make how the above is accomplished? nor am I able to find out where in the Tomcat source code j_security_check is declared or invoked. Start with org/apache/catalina/authenticator/AuthenticatorBase.java, in the invoke() method. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat instantiation of JAAS LoginModules
Hello, While writing a custom JAAS module, I wanted to know how Tomcat instantiated these classes. Does Tomcat instantiate a custom JAAS module for each login request? When does an instantiation of a custom JAAS module get garbage collected? Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737
Configuring Tomcat 6 with Hibernate 3 MBean for JAAS LoginModule
Has anyone set up Hibernate's org.hibernate.jmx.HibernateService http://www.hibernate.org/hib_docs/v3/api/org/hibernate/jmx/HibernateSer vice.html as a JNDI resource in Tomcat 6? I am currently using Tomcat 6.0.14 from binaries, which doesn't appear to use MBeans as I cannot find anything related to it. From several Hibernate theads (here http://www.hibernate.org/66.html and here http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch13.html ), it appears to be possible, however my knowledge of MBeans is quite lacking. Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737
RE: RHEL and Tomcat startup/shutdown scripts
Thanks for the reply Ben! Unfortunately due to needing Java 1.5+ (current distro gcj is Java 1.4.2 equivalent) for CAS (http://www.ja-sig.org/products/cas/) and Tomcat 6 (unicast member discovery via static members), I am unable to reply upon Redhat's Tomcat 5.5 package. As such, I have to use the precompiled binaries of Sun's Java 1.6 and Apache's Tomcat 6.0. I have no problems compiling and using the jsvc daemon for Tomcat. I'm just at a loss about whether that is the right route or not. Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Ben Stringer [mailto:[EMAIL PROTECTED] Sent: Saturday, August 11, 2007 9:36 AM To: Tomcat Users List Subject: Re: RHEL and Tomcat startup/shutdown scripts On Wed, 2007-08-08 at 15:17 -0500, Andrew R Feller wrote: Hello everyone, Over the past couple of months, I have been working with some Tomcat instances on RHEL 5 and wondered: what is the recommended method to startup/shutdown Tomcat? After reading the Tomcat documentation, they talk about compiling the jsvc source under the bin directory and using that. Hi Andrew, Redhat package tomcat 5.5 as an RPM (or JPackage package it and Redhat distribute it). This RPM comes with well written init scripts, creates a tomcat user etc. I would recommend you use this. # yum install tomcat5 Cheers, Ben Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RHEL and Tomcat startup/shutdown scripts
Hello everyone, Over the past couple of months, I have been working with some Tomcat instances on RHEL 5 and wondered: what is the recommended method to startup/shutdown Tomcat? After reading the Tomcat documentation, they talk about compiling the jsvc source under the bin directory and using that. Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737
RE: Tomcat 5.5 Clustering issues
Is the multicast heartbeat picked up over the multicast IP or the Receiver address that is broadcasted? I assume it is the multicast IP as the Receiver is supposedly used for replication only. Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 03, 2007 9:55 AM To: Tomcat Users List Subject: Re: Tomcat 5.5 Clustering issues the disappeared message appears 3seconds after the member added message. 3 seconds is the timeout you have set, ie, if no multicast heartbeat is received after 3 seconds, consider the member dead. so it seems like multicasting is not working properly on your system. Filip Andrew R Feller wrote: Good morning everyone, I have been trying to get Tomcat clustering between two Tomcat instances set up, but I have run into some issues. After opening the necessary ports in the firewall, routing the broadcast messages to the correct network interface (eth0), and setting up server.xml with the necessary membership information, I get the following from my Tomcat logs: 2007-07-03 09:16:37,247 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.184.173 :4001,catalina,130.39.184.173,4001, alive=30318] 2007-07-03 09:16:37,256 DEBUG [org.apache.catalina.cluster.tcp.DataSender] - Create sender [/130.39.184.173:4,001] 2007-07-03 09:16:40,724 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Received member disappeared:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.1 84.173:4001,catalina,130.39.184.173,4001, alive=30318] What could be the cause of cluster members disappearing immediately after being added? Am I missing anything necessary for setting up clustering / session replication? Relative information about the server is below. Thank you, Andrew Tomcat: 5.5.23 Server: RHEL 5 Server.xml: Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=239.39.184.173 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000 / Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4001 tcpSelectorTimeout=100 tcpThreadCount=6 / Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=synchronous / Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt; / ClusterListener className=org.apache.catalina.cluster.session.ClusterSessionListener / /Cluster IP table rules: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4001 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 45564 -d 239.39.184.173 -j ACCEPT No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.9.14/884 - Release Date: 7/2/2007 3:35 PM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.5 Clustering issues
Filip, Perhaps you can explain why each of these log messages are happening every 10 minutes? If this isn't controlled behavior, which I doubt, then something is going on here. =P Thanks for the help, Andy 2007-07-09 09:30:09,497 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.186.177 :9001,catalina,130.39.186.177,9001, alive=248399] 2007-07-09 09:30:09,509 DEBUG [org.apache.catalina.cluster.tcp.DataSender] - Create sender [/130.39.186.177:9,001] 2007-07-09 09:30:14,646 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Received member disappeared:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.1 86.177:9001,catalina,130.39.186.177,9001, alive=248399] 2007-07-09 09:40:09,733 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.186.177 :9001,catalina,130.39.186.177,9001, alive=848625] 2007-07-09 09:40:09,733 DEBUG [org.apache.catalina.cluster.tcp.DataSender] - Create sender [/130.39.186.177:9,001] 2007-07-09 09:40:15,064 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Received member disappeared:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.1 86.177:9001,catalina,130.39.186.177,9001, alive=848625] 2007-07-09 09:50:09,935 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.186.177 :9001,catalina,130.39.186.177,9001, alive=150900] 2007-07-09 09:50:09,939 DEBUG [org.apache.catalina.cluster.tcp.DataSender] - Create sender [/130.39.186.177:9,001] 2007-07-09 09:50:15,362 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Received member disappeared:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.1 86.177:9001,catalina,130.39.186.177,9001, alive=150900] 2007-07-09 10:10:10,800 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.186.177 :9001,catalina,130.39.186.177,9001, alive=1351729] 2007-07-09 10:10:10,800 DEBUG [org.apache.catalina.cluster.tcp.DataSender] - Create sender [/130.39.186.177:9,001] 2007-07-09 10:10:15,840 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Received member disappeared:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.1 86.177:9001,catalina,130.39.186.177,9001, alive=1351729] 2007-07-09 10:20:10,832 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.186.177 :9001,catalina,130.39.186.177,9001, alive=1951799] 2007-07-09 10:20:10,833 DEBUG [org.apache.catalina.cluster.tcp.DataSender] - Create sender [/130.39.186.177:9,001] 2007-07-09 10:20:16,061 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Received member disappeared:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.1 86.177:9001,catalina,130.39.186.177,9001, alive=1951799] Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Monday, July 09, 2007 9:34 AM To: Tomcat Users List Subject: Re: Tomcat 5.5 Clustering issues correct, on the multicast IP Filip Andrew R Feller wrote: Is the multicast heartbeat picked up over the multicast IP or the Receiver address that is broadcasted? I assume it is the multicast IP as the Receiver is supposedly used for replication only. Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 03, 2007 9:55 AM To: Tomcat Users List Subject: Re: Tomcat 5.5 Clustering issues the disappeared message appears 3seconds after the member added message. 3 seconds is the timeout you have set, ie, if no multicast heartbeat is received after 3 seconds, consider the member dead. so it seems like multicasting is not working properly on your system. Filip Andrew R Feller wrote: Good morning everyone, I have been trying to get Tomcat clustering between two Tomcat instances set up, but I have run into some issues. After opening the necessary ports in the firewall, routing the broadcast messages to the correct network interface (eth0), and setting up server.xml with the necessary membership information, I get the following from my Tomcat logs: 2007-07-03 09:16:37,247 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.184.173 :4001,catalina,130.39.184.173,4001, alive=30318] 2007-07-03 09:16:37,256 DEBUG
Tomcat 5.5 Clustering issues
Good morning everyone, I have been trying to get Tomcat clustering between two Tomcat instances set up, but I have run into some issues. After opening the necessary ports in the firewall, routing the broadcast messages to the correct network interface (eth0), and setting up server.xml with the necessary membership information, I get the following from my Tomcat logs: 2007-07-03 09:16:37,247 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.184.173 :4001,catalina,130.39.184.173,4001, alive=30318] 2007-07-03 09:16:37,256 DEBUG [org.apache.catalina.cluster.tcp.DataSender] - Create sender [/130.39.184.173:4,001] 2007-07-03 09:16:40,724 INFO [org.apache.catalina.cluster.tcp.SimpleTcpCluster] - Received member disappeared:org.apache.catalina.cluster.mcast.McastMember[tcp://130.39.1 84.173:4001,catalina,130.39.184.173,4001, alive=30318] What could be the cause of cluster members disappearing immediately after being added? Am I missing anything necessary for setting up clustering / session replication? Relative information about the server is below. Thank you, Andrew Tomcat: 5.5.23 Server: RHEL 5 Server.xml: Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=239.39.184.173 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000 / Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4001 tcpSelectorTimeout=100 tcpThreadCount=6 / Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=synchronous / Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt; / ClusterListener className=org.apache.catalina.cluster.session.ClusterSessionListener / /Cluster IP table rules: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4001 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 45564 -d 239.39.184.173 -j ACCEPT
Configuring Tomcat 5.5 to use unicast membership discovery
Hello everyone, Is it possible to configuring Tomcat 5.5 to use unicast for the membership discovery mechanism rather than multicast? I have read through both the Tomcat Clustering/Session Replication (http://tomcat.apache.org/tomcat-5.5-doc/cluster-howto.html) and Configuration Reference (http://tomcat.apache.org/tomcat-5.5-doc/config/index.html), but the only examples presented use multicasting. The reason I ask is because we need to replicate between three sites where one of the sites isn't within the campus network making multicasting difficult. Thank you for the assistance, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737