Re: javax.servlet vs jakarta.servlet?

[David Kerber]

On 12/29/2021 2:54 PM, Michael B Allen wrote:

On Wed, Dec 29, 2021 at 2:07 PM Mark Thomas  wrote:

One of the advantages of moving to Eclipse is that everyone involved in
the spec, not just the spec lead, has an equal say in what goes into the
spec.

That sounds like design by committee which is my concern. IMO the only
way to design a really good API is for one individual with a vision to
just write it, use it, exercise it and then see what works and what
does not. I routinely re-write things multiple times very slowly
before settling on an API. It's exponentially harder for multiple
people to have the same vision. Design by committee can easily
degenerate into an overly-OOP set of interfaces and classes and enums
to define an API that doesn't actually do that much. Once you lock
into an API, that could be used for decades. So even the slightest
mistake can create seams that transcend every codebase that uses it
with long term consequences.


I think the chances of a single person missing something useful or 
important are greater than the chance of a *small* committee 
over-designing the API. You are correct that CORBA was a big mess due to 
its design by a huge committee, but a smaller group has done will with 
most java APIs.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.54 gives zero-byte .java and .class files for jsp in work directory that cause truncated class error

[David Kerber]

On 8/4/2016 3:18 AM, Rahul Singh wrote:

Dear Christopher,


Thanks you very much for your response !!



Filesystem quota?


Filesystem Quota is not enabled for this disk partition so there is no 
restrictions on disk usage.



Look at the timestamps on the zero-byte files, then find that same
place in catalina.out or one of the other Tomcat-specific log files.
See if there's anything in those log files that gives a reason for the
failure to compile your JSPs.


We have seen the catlina.out and other tomcat logs but no such evidence 
regarding the compilation of JSP.


during googling in various forums, we have observed that the same problem is 
occurred to one of the senior engineer of google, and it is unresolved/open yet.


reference: 
http://stackoverflow.com/questions/8813509/how-does-tomcat-generate-its-work-directory-jsp-java-files-and-what-might-cau


It is very critical problem in our production environments (occurring Many 
production environments),  and it is raised as tomcat specific problem so 
occurrence condition and root cause may be required from tomcat team.


Have you verified that the user TC is running under has permissions to 
write to the directories in question?







Regards,

Rahul Kumar Singh







From: Christopher Schultz 
Sent: Sunday, July 31, 2016 5:38:13 PM
To: Tomcat Users List
Subject: Re: Tomcat 7.0.54 gives zero-byte .java and .class files for jsp in 
work directory that cause truncated class error

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rahul,

On 7/28/16 1:50 AM, Rahul Singh wrote:

Hi tomcat team, Thanks for your continued support and help.

I am facing the a peculiar problem in Tomcat 7.0.54.

Any chance for a Tomcat upgrade? Also, Java 7 has reached End-of-Life.


Configurations: OS: RHEL Tomcat:7.0.54 Java:1.7.79

If you are using RHEL packages, you may not have an upgrade path. :(


A jsp that was running properly gave the following exception after
graceful tomcat restart

 javax.servlet.ServletException:
java.lang.ClassFormatError: Truncated class file at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:343)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli

cationFilterChain.java:303)



at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:208)

at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)



at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:241)

at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi

lterChain.java:208)



at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatc
her.java:748)

at
org.apache.catalina.core.ApplicationDispatcher.processRequest(Applicat

ionDispatcher.java:486)



at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDisp
atcher.java:411)

at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDisp

atcher.java:338)



at
org.apache.struts2.dispatcher.ServletDispatcherResult.doExecute(ServletD
ispatcherResult.java:154)

at
org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResult

Support.java:186)



at
com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultAct
ionInvocation.java:362)

at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionIn

vocation.java:266)

  

On checking the Tomcat work directory we discovered that the
corresponding .java and .class files were of zero byte size. In
other words these files were empty. This was the main reason why
Tomcat gave truncated class error. Corresponding to this we also
checked the disk utilization but it was at 54% only. So any
possibility for disk space are ruled out.

Filesystem quota?


Also that the same jsp had not been modified and was running
properly initially. so after reboot of tomcat what happen? why the
jsp.java and jsp.class size is generated of 0 bytes.

So my question is that what might have caused tomcat to generate
empty *_jsp.java files in its work directory?

Hope tomcat team will help us to finding root cause.

Look at the timestamps on the zero-byte files, then find that same
place in catalina.out or one of the other Tomcat-specific log files.
See if there's anything in those log files that gives a reason for the
failure to compile your JSPs.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAled6i0ACgkQ9CaO5/Lv0PB59ACePn8ro2YsATZjgDFh8lTH1dU/
T5YAnjxaL4LZB4BdfL/wTJuPEeBfT4fh
=pvZ5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: question on Java / Tomcat / GC

[David Kerber]

On 7/14/2016 1:41 PM, André Warnier (tomcat) wrote:

Hi Java GC gurus.

I am coming for a bit of expert advice, not for a problem.

At some customer site, some applications appear to react somewhat 
slowly sometimes, although these are not very heavy applications, and 
traffic on the site is also not very high.


Amog several other things I'm looking at, wondering if this might have 
something to do with Java/Tomcat running out of memory, and perhaps 
doing excessive GC's, I set up GC logging.

Below I am pasting that small Java GC log.
This is running tomcat 6 still, the java versions and tomcat JVM 
relevant switches are shown in the log.
I am starting the tomcat JVM with "-Xms1024M -Xmx1024M", and no other 
non-default settings regarding memory management or GC type.


I take it that in the log below, the first number on the left is a 
timestamp in "seconds , thousands of a second".


What version of java are you running under?  Since you're running a very 
old Tomcat version, you might be running an old java too, and Java 
itself has had some significant performance improvements over the years.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Memory Leak

[David Kerber]

On 6/28/2016 5:57 PM, Roman Gelfand wrote:

I am running a middleware application in the tomcat environment described,
below.  After rebooting the server, the memory consumption is couple of
gigs.  Couple of weeks later, I get a message, I am out of memory.
Moreover, I need to bounce the whole server to start fresh.

Here, the log.  I am quite sure how to go about troubleshooting it.  Any
help is greatly appreciated.


The application has a memory leak.  You need to get it fixed.





catalina.out.prob:SEVERE: The web application [] appears to have started a
thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645',
description='null'}-devnymongodb01.meridiancapital.com:27017] but has
failed to stop it. This is very likely to create a memory leak.


catalina.out.prob:SEVERE: Servlet.service() for servlet [API REST Handler]
in context with path [] threw exception [java.lang.OutOfMemoryError: unable
to create new native thread] with root cause
catalina.out.prob:java.lang.OutOfMemoryError: unable to create new native
thread





Here is my tomcat environment...

Server version: Apache Tomcat/7.0.69
Server built:   Apr 11 2016 07:57:09 UTC
Server number:  7.0.69.0
OS Name:Linux
OS Version: 2.6.32-573.12.1.el6.x86_64
Architecture:   amd64
JVM Version:1.8.0_91-b14
JVM Vendor: Oracle Corporation


uname -a

Linux  2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 21:19:08 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux


Mem info

MemTotal:8061448 kB
MemFree: 5399052 kB
Buffers:  150360 kB
Cached:   388604 kB
SwapCached:0 kB
Active:  2290720 kB
Inactive: 197764 kB
Active(anon):1949532 kB
Inactive(anon):  160 kB
Active(file): 341188 kB
Inactive(file):   197604 kB
Unevictable:   0 kB
Mlocked:   0 kB
SwapTotal:   4128764 kB
SwapFree:4128764 kB
Dirty:40 kB
Writeback: 0 kB
AnonPages:   1949572 kB
Mapped:35900 kB
Shmem:   176 kB
Slab:  87844 kB
SReclaimable:  27304 kB
SUnreclaim:60540 kB
KernelStack:5504 kB
PageTables: 9032 kB
NFS_Unstable:  0 kB
Bounce:0 kB
WritebackTmp:  0 kB
CommitLimit: 8159488 kB
Committed_AS:3091324 kB
VmallocTotal:   34359738367 kB
VmallocUsed:  158244 kB
VmallocChunk:   34359576456 kB
HardwareCorrupted: 0 kB
AnonHugePages:   1767424 kB
HugePages_Total:   0
HugePages_Free:0
HugePages_Rsvd:0
HugePages_Surp:0
Hugepagesize:   2048 kB
DirectMap4k:   10240 kB
DirectMap2M: 8378368 kB


CPU info

processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 44
model name  : Intel(R) Xeon(R) CPU   E5649  @ 2.53GHz
stepping: 2
microcode   : 29
cpu MHz : 2533.423
cache size  : 12288 KB
physical id : 0
siblings: 2
core id : 0
cpu cores   : 2
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 11
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm
constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc
aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt
aes hypervisor lahf_lm ida arat epb dts
bogomips: 5066.84
clflush size: 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

processor   : 1
vendor_id   : GenuineIntel
cpu family  : 6
model   : 44
model name  : Intel(R) Xeon(R) CPU   E5649  @ 2.53GHz
stepping: 2
microcode   : 29
cpu MHz : 2533.423
cache size  : 12288 KB
physical id : 0
siblings: 2
core id : 1
cpu cores   : 2
apicid  : 1
initial apicid  : 1
fpu : yes
fpu_exception   : yes
cpuid level : 11
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm
constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc
aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt
aes hypervisor lahf_lm ida arat epb dts
bogomips: 5066.84
clflush size: 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Runtime Cloning of DataSource for Different DB?

[David Kerber]

On 6/27/2016 1:07 AM, Jerry Malcolm wrote:


On 6/26/2016 8:27 PM, David Kerber wrote:

On 6/26/2016 1:32 AM, Jerry Malcolm wrote:

I have a webapp that runs on a single host.  It has one primary
database.  But it has many secondary databases.  There is one
secondary database for each of my clients that use my app. These
client databases come and go regularly as clients signup and leave.
I don't want to have to edit Tomcat conf files adding and deleting
 tags for the secondary databases and then have to bounce
Tomcat several times a day as clients come onboard or leave.

I have one  tag for the primary database.  The id/pw and
everything else in the resource tag is the same for all of the
databases.  Is there a way to specify/override the url (i.e. the
database name) at runtime to connect to whatever secondary database I
need for the particular client?  Or is there a way to clone a
datasource for a different url/database?  I still would like to use
the one resource tag in the context.xml.default conf file to specify
the id/pw for the secondary DBs.  I'd prefer not to hardcode id/pw in
the java code.  But if that is the only option, I can do it.

Hopefully there is some way to dynamically select the db in a
datasource at runtime... (??) Suggestions?


You can move your authentication code into your application, rather
than having TC handle it.  Then you can pick any database or data
source you want.



I know I can hardcode the connection in the code.  But that is not
going to provide connection pooling.  That 's a huge performance hit.
I really want the same capability I get with jdbc datasources, only
without hardcoding hundreds of them in the conf files.


You would need to handle your own pooling (which isn't particularly 
difficult), but there's certainly no need to hard-code anything. All of 
your db connection info can be in a "master" database, in Tomcat's 
configurations, or anywhere else that is accessible by your code.  If 
you can build connection strings from login information, it would be 
super simple.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Runtime Cloning of DataSource for Different DB?

[David Kerber]

On 6/26/2016 1:32 AM, Jerry Malcolm wrote:

I have a webapp that runs on a single host.  It has one primary
database.  But it has many secondary databases.  There is one
secondary database for each of my clients that use my app. These
client databases come and go regularly as clients signup and leave.
I don't want to have to edit Tomcat conf files adding and deleting
 tags for the secondary databases and then have to bounce
Tomcat several times a day as clients come onboard or leave.

I have one  tag for the primary database.  The id/pw and
everything else in the resource tag is the same for all of the
databases.  Is there a way to specify/override the url (i.e. the
database name) at runtime to connect to whatever secondary database I
need for the particular client?  Or is there a way to clone a
datasource for a different url/database?  I still would like to use
the one resource tag in the context.xml.default conf file to specify
the id/pw for the secondary DBs.  I'd prefer not to hardcode id/pw in
the java code.  But if that is the only option, I can do it.

Hopefully there is some way to dynamically select the db in a
datasource at runtime... (??) Suggestions?


You can move your authentication code into your application, rather than 
having TC handle it.  Then you can pick any database or data source you 
want.





Thanks.

Jerry


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7 on JDK 6 or JDK 7

[David kerber]

On 6/2/2016 6:50 AM, Gokul wrote:

Hello,

I am running tomcat 7.0.65.

Currently the tomcat is running on JDK 1.6. Can someone please confirm if
there is any performance impact if tomcat 7 would run on JDK 1.6.


I have never noticed any, though I haven't done any formal tests.  I 
sincerely doubt there would be any noticeable difference either way.





Thank you
Gokul




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

[David kerber]

On 5/25/2016 11:12 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mark,

On 5/24/16 10:06 AM, Mark Thomas wrote:

TL;DR If you use remote JMX, you need to update your JVM to address
CVE-2016-3427

For the longer version, see the blog post I just published on
this: http://engineering.pivotal.io/post/java-deserialization-jmx/


Okay, I give up: what version of Java 8 actually has this patch?
Oracle's site gives me the runaround and tells me that it's been patched
in April, but I have no idea what version of Java was published in
April, and Oracle's site seems very reticent to tell me :(

The CVEs have virtuall no information other than "something bad exists
in some versions of some stuff, and you should upgrade". Upgrade to what
?


Wouldn't it just be the latest?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7, startup problems

[David kerber]

On 5/17/2016 11:49 AM, André Warnier (tomcat) wrote:

Hello experts.

What does the following mean, and/or (better) what do we have to do to
get rid of these ?

Note : below is only a small sample, there are hundreds of these
in-between (about 2.3 MB of logfile worth of them).


It looks to me like you're building your jar files to a different java 
version standard than you're running them on (Java 4 vs Java 7, or some 
such thing).






INFO: Starting Servlet Engine: Apache Tomcat/7.0.28
May 11, 2016 2:08:18 PM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
May 11, 2016 2:08:18 PM org.apache.catalina.startup.ContextConfig
processAnnotationsJar
SEVERE: Unable to process Jar entry
[jdk/nashorn/internal/objects/NativeString.class] from Jar
[jar:file:/opt/jdk8/jre/lib/ext/nashorn.jar!/] for annotations
org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte
tag in constant pool: 15
at
org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:131)

at
org.apache.tomcat.util.bcel.classfile.ConstantPool.(ConstantPool.java:60)

...
May 11, 2016 2:08:18 PM org.apache.catalina.startup.ContextConfig
processAnnotationsJar
SEVERE: Unable to process Jar entry
[jdk/nashorn/internal/objects/NativeDate$Constructor.class] from Jar
[jar:file:/opt/jdk8/jre/lib/ext/nashorn.jar!/] for annotations
org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte
tag in constant pool: 15
at
org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:131)

...
May 11, 2016 2:08:19 PM org.apache.catalina.startup.ContextConfig
processAnnotationsJar
SEVERE: Unable to process Jar entry [com/sun/glass/ui/Window.class] from
Jar [jar:file:/opt/jdk8/jre/lib/ext/jfxrt.jar!/] for annotations
org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte
tag in constant pool: 18
at
org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:131)

at
org.apache.tomcat.util.bcel.classfile.ConstantPool.(ConstantPool.java:60)


...
May 11, 2016 2:08:19 PM org.apache.catalina.startup.ContextConfig
processAnnotationsJar
SEVERE: Unable to process Jar entry
[com/sun/javafx/css/StyleManager.class] from Jar
[jar:file:/opt/jdk8/jre/lib/ext/jfxrt.jar!/] for annotations
org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte
tag in constant pool: 18
at
org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:131)

at
org.apache.tomcat.util.bcel.classfile.ConstantPool.(ConstantPool.java:60)

...
...
May 11, 2016 2:09:55 PM org.apache.catalina.startup.ContextConfig
processAnnotationsJar
SEVERE: Unable to process Jar entry [javafx/stage/Screen.class] from Jar
[jar:file:/opt/jdk8/jre/lib/ext/jfxrt.jar!/] for annotations
org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte
tag in constant pool: 18
at
org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:131)

at
org.apache.tomcat.util.bcel.classfile.ConstantPool.(ConstantPool.java:60)

at
org.apache.tomcat.util.bcel.classfile.ClassParser.readConstantPool(ClassParser.java:209)

at
org.apache.tomcat.util.bcel.classfile.ClassParser.parse(ClassParser.java:119)

at
org.apache.catalina.startup.ContextConfig.processAnnotationsStream(ContextConfig.java:2049)

at
org.apache.catalina.startup.ContextConfig.processAnnotationsJar(ContextConfig.java:1931)

at
org.apache.catalina.startup.ContextConfig.processAnnotationsUrl(ContextConfig.java:1899)

at
org.apache.catalina.startup.ContextConfig.processAnnotations(ContextConfig.java:1885)

at
org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1281)

at
org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:855)

at
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:346)

at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)

at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)

at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5172)

at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)

at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1100)

at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1618)

at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at

Re: Windows Service won't launch

[David Kerber]

On 5/16/2016 4:25 PM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

I'm upgrading a client's system from Tomcat 7 to Tomcat 8 as part of a
new release of our software. I've got Tomcat 8 installed using the
32-bit ZIP file, and the Windows Services have been re-created from
scratch using tomcat8w.exe. They are running 64-bit Windows but a
32-bit JVM.

When I try to launch the service, I get an error "Incorrect function"
in the event log, and the service does not start. I can launch Tomcat
from the command-line successfully, so this is not a problem with
Tomcat per se, nor my application. It's got to be a problem with my
configuration of the Windows Service.

I'm tempted to tell them "Install a 64-bit JVM" and use the 64-bit
service-runner, but I'd prefer to get it working before I tell them
they have to change everything ;)

Any suggestions for what to look for?


I'd check first for incorrectly-delimited parameters in the service 
definition.  Missing quotes or some such thing.  I would have said in 
any .properties .cfg or .ini files, but you say it runs ok from the cmd 
line.   I've seen this error before, but can't recall the exact 
circumstances at the moment.





Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXOizBAAoJEBzwKT+lPKRYNhkQAKeKijhlZXLjqe/wzk9bKB88
xGyFofi78uGtPI1fgznyjU0RifizVqY3EbuVvpycTCcxutRRhoIxI3HWuEq1ZCB8
nL7VSoA1gAG2d2+Bn/sWH7be6swkUNnUWH90HffdEZCPGMPg61S1EX00pmDDSJyK
UcXLzuPu8FvHdenuxkNFNqvcyjccTSjoZ0h6FF4L7XXxXbsuCosi4fpVabJ5yKq4
AWLlsh3Qwf5cUsneNhmVzMyBrOX/3fHEYixDdKPmcQM5BdaD9Rdfaq9ESH/JVjns
hy4wB/b4YKYWUZB+3iW1Ukav+zwYmRNdRQZdk2P6zQJ6zC8AgF4vHOI8vLsV2fB+
j4w2LmSi4pV8VIW1Sb5UzkPSeMp+r196H1/2PDE8JmXOGKpLXD8wgfY62erCJelF
+np6dTJd/OkTjjVcps3lF9b6bTpcokAu5xRXhjHrlxtq3H/77/ujfcvZ0qz2wlYx
EiG0ZgT8pe2yR4bntdoMIl2xGhBFyw4rmZgRLX9ClMwtMV516N5VTLzitQ7ll5Sf
5MjsYhdIH+Pc8fmUMGqjDiEGMURs2cE2nuIIrcFvDUkaaqYN0v3BegZNStp3Zatq
GjTnGO1ykXF/xi7WwsGc8DgrfpuRYLTAyl9fG13+/9Q2JIQ82xwyh0dIZ6CxB/ph
SHeeYTldIF9sab0F3B40
=BZgJ
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: context root with relative path

[David kerber]

On 5/9/2016 11:34 AM, Dimitar Valov wrote:

Hi,

Have you decided if the proposed fix make since? If the corner case is
:/, then it can be handled as well, not to remove the slash in case
the previous char is :.


IMO, the correct result for this case would most likely be to INCLUDE 
the trailing "/" if the previous character is a ":".  Generally you are 
going to want to end up with "the root of ", not "the default 
directory on ".






Best Regards,
Dimitar

On Thu, Apr 21, 2016 at 7:12 PM, Leo Donahue <donahu...@gmail.com> wrote:


On Apr 21, 2016 10:38 AM, "David kerber" <dcker...@verizon.net> wrote:


On 4/21/2016 11:33 AM, Leo Donahue wrote:


Chris,

On Apr 21, 2016 9:15 AM, "Christopher Schultz" <

ch...@christopherschultz.net>

wrote:



I don't have a Windows machine handy right this minute, but from my
previous experience, "C:" means "the current working directory on the C
drive, from this process's perspective.

For instance:

D:\> DIR C:\
...
Program Files
Windows
...

D:\> DIR C:
...
Program Files
Windows
...

D:\> CD C:\Windows
D:\> DIR C:
...
System
System32
...

So I would think that using "C:" (with no trailing path) from Java

would

behave the same way: the current working directory *on that drive*

would

be the one used.

I would expect it to work just like "." on *NIX.

-chris

--



On Windows 7 from a command prompt:


C:\downloads dir c:


Shows contents of downloads


C:\downloads dir c:\


Shows contents of c drive



Yes, that's all well-known on windows.  The question was, how does the

Java File object handle it?   Does it give the correct result as above?
And going back to the original question, how should these paths be
normalized?

Let's hope this looks right, pasting code from Android device...

*import* java.io.File;

*import* java.net.URI;

*import* java.net.URISyntaxException;

*import* java.util.ArrayList;

*import* java.util.List;



*public* *class* Demo

{

*public* *static* *void* main(String[] args)

{

List paths = *new* ArrayList(2);

paths.add("file:/c:");

paths.add("file:/c:/");



*for* (String x : paths)

{

*try*

{

URI uri = *new* URI(x);

File f = *new* File(uri);

System.*out*.println(f.getAbsolutePath());

}

*catch* (URISyntaxException e)

{

e.printStackTrace();

}

   }

}

}






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Auto-bounce a host or webapp?

[David kerber]

On 5/5/2016 2:56 PM, Jerry Malcolm wrote:

I am not using WAR files for my apps.  I simply copy updated files to
the image in \webapps as changes/updates are required.  I have a server
running on my local dev machine.  When I refresh any webapp file (jars,
jsps, etc) the server detects the changes, refreshes, and everything is
good with the new versions running without further intervention.
However, when I do the exact same thing to my remote server (which is an
identical mirror of the local TC) almost every time there is a refresh,
the server webapp stops, and I have to go the manager and restart all of
the web apps.

I'm suspecting that it might have something to do with the upload
speed.  Where I can pretty much instantly replace a jar file locally, it
may take several seconds to replace the same jar file on the remote
machine due to connection speed to the server.  And I assume TC is ok
with 'instant' jar replacements, but doesn't like it when it takes too
long for a jar to finish updating.

Whatever the cause, I've resigned myself to the fact that I'm going to
have to restart the webapps after every upload.  But I'd love to figure
out a way to do that automatically (preferably as part of my ant 'build'
script).  A full refresh can take 20-30 minutes (I have lots of large
web apps...).  I have to wait around for the upload to complete, else
the server will be down until I can come back and around and refresh.

So, is there a way to bounce an entire host programatically at the end
of the upload?  Or is there a way to remotely via a script to bounce all
of the webapps?


I believe the Manager app can force a reload of your webapps, though I 
never use it.


But what about this, to make the process more closely mirror what you 
see locally:  Upload the updated files to a temporary holding spot on 
the remote server, and then after they're all there, move them en-mass 
to the webapps directory.  That final copy will be very fast, and would 
likely allow the server to pick up the changes just like it does locally.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat8 blocked once reached max thread(s) count

[David kerber]

On 5/2/2016 3:33 AM, Kapilan A wrote:

Hi Folks

I am facing one issue with Apache Tomcat 8.



In 32 GB machine, four instances of tomcat is running and every tomcat has
memory as 512-1024.



In the SQl server, a particular table called "MetaData".



Third party engine will post a http request through tomcat. it accepts max
thread as 150. Savings will happen in MetaData table which is around 8
million records.



After 12 hours continuously posting, then one of the tomcat is freeze. Its
not accepting any more connections from third party


Without knowing anything about your app, I'd guess you have a statement 
or connection leak, causing the db to not accept any more connections.





and not creating sql connections too.



What kind of optimum configurations should i follow up in production machine
?



Please guide me to solve this problem soon.





Thanks & Regards



Kapilan A





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OT if/else or not if/else

[David kerber]

On 4/25/2016 11:44 AM, Leon Rosenberg wrote:

On Mon, Apr 25, 2016 at 5:21 PM, Dougherty, Gregory T., M.S. <
dougherty.greg...@mayo.edu> wrote:




Yes, we do, because, well, it is more informative. :-)

if (a) Š
else if (b) Š
else if (c) Š

Says you have three mutually exclusive options, and implies that a is more
likely / more important than b, than c.

Or, if ³a" is a method call, possibly that ³a² has some setup needed for
³b² and ³c².

All of this is lost with multiple if statements.


Then there¹s the everlasting wisdom of Knuth¹s comment about "premature
optimization is the root of all evil².



Exactly my point.
if (a) Š
if (b) Š
if (c) Š

shorter and therefore easier than the other one ;-) if-else-if is just a
premature optimization to the above statement ;-)


Not necessarily.  Independent IFs have different semantics from an 
if..elseif construct.  In your example, they could all be true, and 
therefore S will be executed 3 times.  In an elseif construct at most 
one will be executed.








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OT if/else or not if/else

[David kerber]

On 4/25/2016 10:38 AM, Leon Rosenberg wrote:

On Mon, Apr 25, 2016 at 4:13 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Leon,

On 4/22/16 12:24 PM, Leon Rosenberg wrote:

Hi guys,



I would always choose the case with the elses.

First, I think it's more clear: if you expect that only one branch of
the code will run, and no others, then the elses tell the reader that
fact without any further commentary. The zero-else case might help you
catch some logic errors (because for example you can log each entry
into a branch) but there are of course other ways to do that.

Second, it's more efficient, regardless of what type of processor you
have. Let's take an example where there are more than 3 branches. How
about something like a million branches (just to accentuate the
point)? If one of the branches runs, the others are skipped. If all
branches have an equal change of being chosen, then the CPU has to
perform on average 50 predicates. If you put the common cases at
the top, you can do even better. Let's assume the 80/20 rule applies,
here, and you can take a guess that, on average, the CPU will only
have to perform 10 predicates on average.



I don't think the example is valid (even if machines with 100.000 cpus and
more actually exist). But I remember from days of my study, which lies way
way back, that languages that are optimized for parallel processing would
be able to tell the compiler to execute all ifs in parallel. So if we stick
with a number of ifs which is less than the number of available cores/pipes
we could run it all in parallel. I don't think it is possible with if else,
unless it is transformed into something else.

The other thing that made me wonder is that most people on the list (or all
except me) actually considered if-else-if-else more readable. It not only
creates a more complex structure (visually and syntactically  (more
letters)). But also the semantics of an *else* are different as of an *if*.
This is like North Carolina ;-)
if (man){ do_man_thing; } else { do_woman_thing(); } doesn't work anymore,
even it worked 20 years ago. Talking about maintaining :-)


I find if...else if...else more readable in that it more clearly 
expresses the programmer's intent that the options are mutually 
exclusive.  If it is done as a series of simple if...end if statements, 
the programmer may know that they're mutually exclusive, but the 
maintainer may not, and will take longer to get up to speed on the code.


If I see independent if...endif statements, I normally assume that 
anywhere from 0 to all of them may be true.




regards
Leon



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OT if/else or not if/else

[David kerber]

On 4/22/2016 12:34 PM, Mark Thomas wrote:

On 22/04/2016 17:24, Leon Rosenberg wrote:

Hi guys,

this is completely off-topic ;-)


Excellent. An almost perfect Friday afternoon distraction. You just
needed some decent troll bait to make it perfect. ;)


I was wondering if using if/else is not actually slowing down your code.
Lets say I have three possible conditions, A, B and C, which are exclusive.
My native approach would be:
if (A){...}
if (B){...}
if (C){...}

now some people would 'optimize' it as
if (A){ ...} else if (B) {} else if (C) { }
and I think in the world of single-cpu computers this optimization could
work.

But what is now, given that compilers can optimize stuff like this and tell
the processor to calculate all 3 branches simultaneously, which is not
possible for ifelse.

Which one would you choose?


If (A){ ...} else if (B) {} else if (C) { }


Equally important, which one do you think is more readable? I would say if
else is hard to read, but this can be just personal impression.


Same one.

Regarding performance it depends on exactly what you are measuring and
how. Testing the conditions in parallel will be quicker if B or C is the
true condition. But, you will be doing more work as a result so in
theory throughput will fall.

Personally, I'd stick if "else if" and order the conditions from most
likely to least likely.

As an aside, why can't the compile optimize to test the three conditions
in parallel with the "else if"?


+1.  I prefer the if ... else if ... construct for readability as long 
as the are mutually exclusive.


But I would add that if the conditions can be reduced to enumerations, a 
Switch would be even faster.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: context root with relative path

[David kerber]

On 4/21/2016 11:33 AM, Leo Donahue wrote:

Chris,

On Apr 21, 2016 9:15 AM, "Christopher Schultz" 
wrote:


I don't have a Windows machine handy right this minute, but from my
previous experience, "C:" means "the current working directory on the C
drive, from this process's perspective.

For instance:

D:\> DIR C:\
...
Program Files
Windows
...

D:\> DIR C:
...
Program Files
Windows
...

D:\> CD C:\Windows
D:\> DIR C:
...
System
System32
...

So I would think that using "C:" (with no trailing path) from Java would
behave the same way: the current working directory *on that drive* would
be the one used.

I would expect it to work just like "." on *NIX.

-chris

--


On Windows 7 from a command prompt:


C:\downloads dir c:

Shows contents of downloads


C:\downloads dir c:\

Shows contents of c drive


Yes, that's all well-known on windows.  The question was, how does the 
Java File object handle it?   Does it give the correct result as above? 
 And going back to the original question, how should these paths be 
normalized?




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: context root with relative path

[David kerber]

On 4/20/2016 12:07 PM, Dimitar Valov wrote:

System.out.println(new File("C:").exists()); prints true, so I guess it
works okay.


All that means is that it does something.  That doesn't means it's doing 
the correct thing.  That *should* be checking the existence of the 
"current" directory, which is always going to succeed.  The question is, 
is it actually checking for the existence of the root directory?  And 
what does


new File("C:\").exists()

give you?  And is it different?





On Wed, Apr 20, 2016 at 3:31 PM, Konstantin Kolinko 
wrote:


2016-04-19 22:42 GMT+03:00 Mark Thomas :

On 19/04/2016 19:38, Dimitar Valov wrote:

All static resources such as index.html will not be found when

application

is added with , for example

tomcat

is put inside the application's META-INF.

I've drilled down that the AbstractFileResourceSet class is responsible

for

this behaviour, inside the protected final File file(String name,

boolean

mustExist) method. There absoluteBase and canonicalBase (absolute,

unique

with resolved symlinks) are used to determine if the file should be
accessed based on a case sensitivity check.

Everything works fine if the docBase is not just path like

../../.././../

but has an actual directory at the end, like ../../../web-app. However

in

this edgy case the difference appears since the behaviour of
the org.apache.tomcat.util.http.RequestUtil.normalize method has

slightly

different behavior than the File.getCanonicalPath.

System.out.println(RequestUtil.normalize("/base/1/2/3/../../../"));
/base/

System.out.println(RequestUtil.normalize("/base/1/2/3/../../.."));
/base/1/..
System.out.println(new

File("/base/1/2/3/../../../").getCanonicalPath());

/base

The added /from RequestUtil breakes the logic inside the file method,

since

when doing the substring operation inside AbstractFileResourceSet.file
method it may or may not have a trailing /. In such situation /index.html substring with the absoluteBase becomes ndex.html. At

the

end the file method returns from here:

 if (!canPath.equals(absPath)) //

!"index.html".equals("ndex.html")

=> true
 return null;

The RequestUtil comes from the http packages and follows their

conventions

when normalizing the path, so an obvious way to fix this is to add and

if

statement after the normalization
inside AbstractFileResourceSet.initInternal.

 this.absoluteBase = normalize(absolutePath);
 if (this.absoluteBase.endsWith("/")) {
 this.absoluteBase = this.absoluteBase.substring(0,
this.absoluteBase.length() - 1);
 }

With Java 7 instead of using the RequestUtil for normalization, Path
java.nio.file.Path.normalize() can accomplish the correct thing.

Do you think that is something that can be fixed? Maybe the above is not
the best approach, however it's the least invasive.


We need to be very careful here since this is security sensitive.

Given that normalize handles URIs, there is an argument for slightly
different handling of trailing '/'. I'm currently of the view (subject
to the results of some local tests I am running) that if the input ends
in '/', so should the output. If the input doesn't end in '/' neither
should the output unless the output is the string "/".

The end result is likely to be that docBase values should not end in "/".



(I have not looked at the context. Just a general comment / review of
r1740134)

There is a risk of normalizing Windows path of "C:\foo\.." into "C:"
which denotes the current directory on drive C:  while the expected
value is the root of the drive, "C:\".

I have not tested how  java.io.File("C:") actually works.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fwd: bug

[David kerber]

On 4/20/2016 3:47 AM, André Warnier (tomcat) wrote:

On 20.04.2016 09:31, Cristian Lorenzetto wrote:

i sincronized the method for sending message but error is the same when
ubuntu is suspended. The connections are not restored correctly when
tomcat
websocket process is wakeup



Ach so ..
You are talking about running Tomcat on an Ubuntu laptop, which goes to
sleep after a while.  That was not clear from your initial explanation,
where it seemed that you were talking about a *client* PC that goes to
sleep.

My personal opinion, is that this case is not really part of the
specification : it is generally assumed that Tomcat is a server-based
process, running on a server with the purpose of serving multiple
clients.  It is not really expected generally that a server would "go to
sleep" in the middle of doing something.


+1.  There is nothing in the spec that mentions how a server should 
handle going to sleep and waking back up, and I would not expect any 
normal service to handle that situation with aplomb.  It's going to be 
up to you to come up with something that serves your needs.








Hi I m using tomcat in ubuntu system. When i leave my pc for 10 mins
  system is suspended. When i return to work i have this exception

java.lang.IllegalStateException: The remote endpoint was in state
[BINARY_PARTIAL_WRITING] which is an invalid state for called method
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase$StateMachine.checkState(WsRemoteEndpointImplBase.java:1213)

at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase$StateMachine.binaryPartialStart(WsRemoteEndpointImplBase.java:1160)

at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialBytes(WsRemoteEndpointImplBase.java:158)

at
org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendBinary(WsRemoteEndpointBasic.java:56)

at
org.springframework.web.socket.adapter.standard.StandardWebSocketSession.sendBinaryMessage(StandardWebSocketSession.java:202)

at
org.springframework.web.socket.adapter.AbstractWebSocketSession.sendMessage(AbstractWebSocketSession.java:108)

at
com.itiboss.utils.FragmentationOutputStream.close(FragmentationOutputStream.java:39)

at com.itiboss.utils.Utils.send(Utils.java:80)
... 21 more




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: context root with relative path

[David kerber]

On 4/19/2016 4:13 PM, Dimitar Valov wrote:

Hi Mark,

Yes, it is sensitive, that's why I'm suggesting such simple solution. For
me the issues comes because of AbstractFileResourceSet::file -> absPath =
absPath.substring(absoluteBase.length() + 1); and if
(!canPath.equals(absPath)). This + 1 should account for the /. However we
cannot count on not having the / at the end of absPath.


Why not explicitly check for the existence of the trailing "\", rather 
than assuming it's (non)existence and just checking the string length?


I think Mark is saying that you have found an inconsistency, and pending 
further testing thinks that there should be changes made so that you get 
back what you supplied to those functions.  I.E., if you gave it a 
trailing "\" as an argument, you'll get one back, and if not, you won't.





I've played with specifying paths that end with / and without, and I think
that there's no way that the current implementation can be configured
correctly:
   * if path like ../../ is used it is normalized to path ending with / =>
the substring will consume the first character of the filename.
   * if path like ../.. is used it is normalized to path ending .. (which is
even worse), but this can be documented out, otherwise a method like
Path.normalize should be used or implemented.
   * if path like ../../app or ../../app/ is used everything works
correctly, but this is bacause StandardContext::fixDocBase takes care to
delete the last /.

I think that if fixDocBase does something to strings like ../../../ it will
break the results returned from RequestUtil.normalize, i.e. deleting the
last / and the normalizing it will produce path ending with /.. which will
once again not work.

The behaviour of org.apache.tomcat.util.http.RequestUtil is quite similar
but different from the one getting unique file path (Path.normalize). And
then if (!canPath.equals(absPath)) is comparing two quite similar things
,but not the same  "things". I think that with java.io.File APIs there's
nothing that can give the needed behaviour (the getCanonicalPath will
resolve symlinks)

Best Regards,
Dimitar Valov

On Tue, Apr 19, 2016 at 10:42 PM, Mark Thomas  wrote:


On 19/04/2016 19:38, Dimitar Valov wrote:

All static resources such as index.html will not be found when

application

is added with , for example tomcat
is put inside the application's META-INF.

I've drilled down that the AbstractFileResourceSet class is responsible

for

this behaviour, inside the protected final File file(String name, boolean
mustExist) method. There absoluteBase and canonicalBase (absolute, unique
with resolved symlinks) are used to determine if the file should be
accessed based on a case sensitivity check.

Everything works fine if the docBase is not just path like ../../.././../
but has an actual directory at the end, like ../../../web-app. However in
this edgy case the difference appears since the behaviour of
the org.apache.tomcat.util.http.RequestUtil.normalize method has slightly
different behavior than the File.getCanonicalPath.

System.out.println(RequestUtil.normalize("/base/1/2/3/../../../"));
/base/

System.out.println(RequestUtil.normalize("/base/1/2/3/../../.."));
/base/1/..
System.out.println(new File("/base/1/2/3/../../../").getCanonicalPath());
/base

The added /from RequestUtil breakes the logic inside the file method,

since

when doing the substring operation inside AbstractFileResourceSet.file
method it may or may not have a trailing /. In such situation /index.html substring with the absoluteBase becomes ndex.html. At

the

end the file method returns from here:

 if (!canPath.equals(absPath)) //

!"index.html".equals("ndex.html")

=> true
 return null;

The RequestUtil comes from the http packages and follows their

conventions

when normalizing the path, so an obvious way to fix this is to add and if
statement after the normalization
inside AbstractFileResourceSet.initInternal.

 this.absoluteBase = normalize(absolutePath);
 if (this.absoluteBase.endsWith("/")) {
 this.absoluteBase = this.absoluteBase.substring(0,
this.absoluteBase.length() - 1);
 }

With Java 7 instead of using the RequestUtil for normalization, Path
java.nio.file.Path.normalize() can accomplish the correct thing.

Do you think that is something that can be fixed? Maybe the above is not
the best approach, however it's the least invasive.


We need to be very careful here since this is security sensitive.

Given that normalize handles URIs, there is an argument for slightly
different handling of trailing '/'. I'm currently of the view (subject
to the results of some local tests I am running) that if the input ends
in '/', so should the output. If the input doesn't end in '/' neither
should the output unless the output is the string "/".

The end result is likely to be that docBase values should not end in "/".

Mark

Re: Tomcat Files and Tools

[David kerber]

On 4/14/2016 10:48 AM, King Kenneth wrote:

All,

I have a few questions listed below please provided insight.

Where do I find the tomcat-user.xml file?

Where do I find the logging properties for Tomcat?

Where is the java security manager, is this component installed by default?

Thanks,


You are asking a bunch of very basic questions.  All of these subjects 
are covered in the Tomcat documentation.  Or just install it and start 
looking; the files are easy to find.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: .htpasswd File

[David kerber]

On 4/14/2016 10:38 AM, King Kenneth wrote:

All,

Where is the .htpasswd File located within the Tomcat folder directory?


Wherever you put it.  It does not exist in a default installation of 
Tomcat.  Are you maybe thinking of Apache httpd?  It's a completely 
different animal...





Thanks,

Kenneth King Jr.
Booz l Allen l Hamilton
Office (202) 317-5593
Cell (203) 450-7941







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 uses high CPU

[David Kerber]

On 4/13/2016 6:04 PM, Josep M Beleta wrote:

Following André suggestion I replaced the connector protocols, both for
HTTP and AJP ports, to force NIO.2. Now Tomcat is working for seven hours
without any problem.

My findings until now are:

1. It is not a Tomcat related problem, WildFly 10 has the same behavior.
The WildFly high CPU threads also
calls sun.nio.ch.WindowsSelectorImpl$SubSelector.poll0(Native Method).
2. When switching from NIO to NIO.2 the problem goes away.
3. It seems clearly a Java 8 for Windows problem that happens in several
versions. I tested 1.8.0_66, 1.8.0_71 and 1.8.0_77.
4. Perhaps the problem is related to Windows 2008 R2 or VMWare ESXi. On
a Windows 10 machine it works like a charm.
5. I cannot imagine what triggered the problem, no change in WIndows or
ESX was made. The only thing that changed was that some new applications
were installed when the problem started to show, but after that I removed
all the applications. In the case of WildFly no application was never
started.

I'll try to fill a bug in the Oracle site if there is not any other
suggestion.
My money would be on VMWare.  I would think that if it occurred in a 
bare metal windows installation, it would have been reported before now.





Thanks again to all.

Josep

2016-04-13 17:06 GMT+02:00 Josep M Beleta :


I'll try it. Thanks a lot.

2016-04-13 15:24 GMT+02:00 André Warnier (tomcat) :


On 13.04.2016 13:55, Josep M Beleta wrote:


Could I find a workaround?

Maybe for the meantime, you could try another Connector protocol ?
http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Common_Attributes
-> protocol

Note: I am not an expert, and not sure that in this particular case it
would help.
But it is very quickly done, and it may provide some additional insight
into the issue.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Help needed

[David kerber]

On 4/12/2016 2:56 PM, Sajin S wrote:

Expection :

at org.apache.coyote.http11.InternalAprOutputBuffer.addToBB(
*InternalAprOutputBuffer.java:186*)


You still missed the exception itself; you need what's before the "at" 
in the above lines.






at org.apache.coyote.http11.InternalAprOutputBuffer.access$000(
*InternalAprOutputBuffer.java:40*)

at
org.apache.coyote.http11.InternalAprOutputBuffer$SocketOutputBuffer.doWrite(
*InternalAprOutputBuffer.java:349*)

at org.apache.coyote.http11.filters.ChunkedOutputFilter.doWrite(
*ChunkedOutputFilter.java:116*)

at org.apache.coyote.http11.AbstractOutputBuffer.doWrite(
*AbstractOutputBuffer.java:256*)

at org.apache.coyote.Response.doWrite(*Response.java:501*)

at org.apache.catalina.connector.OutputBuffer.realWriteBytes(
*OutputBuffer.java:388*)

at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(
*ByteChunk.java:426*)

at org.apache.tomcat.util.buf.ByteChunk.append(*ByteChunk.java:339*)

at org.apache.catalina.connector.OutputBuffer.writeBytes(
*OutputBuffer.java:418*)

at org.apache.catalina.connector.OutputBuffer.write(
*OutputBuffer.java:406*)

at org.apache.catalina.connector.CoyoteOutputStream.write(
*CoyoteOutputStream.java:97*)

at
jp.co.hitachi_ul.mvspf.restbase.service.RestVoiceService$1$1.onChunkReceived(
*RestVoiceService.java:170*)

at
jp.co.hitachi_ul.mvspf.middleware.base.SessionContainer.onChunkReceived(
*SessionContainer.java:106*)

at jp.co.hitachi_ul.mvspf.middleware.util.IpThread.callback(
*IpThread.java:188*)

at jp.co.hitachi_ul.mvspf.middleware.util.IpAdapter$ReadThread.run(
*IpAdapter.java:193*)
On 12-Apr-2016 11:55 pm, "Mark Thomas"  wrote:


On 12/04/2016 18:42, Sajin S wrote:

  I am using tomcat 8.0.33 and getting this issue. Kindly help me.


While doing asynchronous call back and write the output using

outputstream

am getting this issue.


Current protocol is bio. Please help.


You've removed the exception information that would let us help you.

What you have left clearly shows you are not using BIO.

It looks like you need to read this:
http://www.catb.org/esr/faqs/smart-questions.html

Mark





Expection :

at org.apache.coyote.http11.InternalAprOutputBuffer.addToBB(
*InternalAprOutputBuffer.java:186*)

at org.apache.coyote.http11.InternalAprOutputBuffer.access$000(
*InternalAprOutputBuffer.java:40*)

at


org.apache.coyote.http11.InternalAprOutputBuffer$SocketOutputBuffer.doWrite(

*InternalAprOutputBuffer.java:349*)

at org.apache.coyote.http11.filters.ChunkedOutputFilter.doWrite(
*ChunkedOutputFilter.java:116*)

at org.apache.coyote.http11.AbstractOutputBuffer.doWrite(
*AbstractOutputBuffer.java:256*)

at org.apache.coyote.Response.doWrite(*Response.java:501*)

at org.apache.catalina.connector.OutputBuffer.realWriteBytes(
*OutputBuffer.java:388*)

at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(
*ByteChunk.java:426*)

at

org.apache.tomcat.util.buf.ByteChunk.append(*ByteChunk.java:339*)


at org.apache.catalina.connector.OutputBuffer.writeBytes(
*OutputBuffer.java:418*)

at org.apache.catalina.connector.OutputBuffer.write(
*OutputBuffer.java:406*)

at org.apache.catalina.connector.CoyoteOutputStream.write(
*CoyoteOutputStream.java:97*)

at


jp.co.hitachi_ul.mvspf.restbase.service.RestVoiceService$1$1.onChunkReceived(

*RestVoiceService.java:170*)

at
jp.co.hitachi_ul.mvspf.middleware.base.SessionContainer.onChunkReceived(
*SessionContainer.java:106*)

at jp.co.hitachi_ul.mvspf.middleware.util.IpThread.callback(
*IpThread.java:188*)

at

jp.co.hitachi_ul.mvspf.middleware.util.IpAdapter$ReadThread.run(

*IpAdapter.java:193*)
Thanks & Regards,
Sajin S
+919995047208




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat8 with Java8 session mix up issue

[David kerber]

On 4/11/2016 9:07 AM, Nilesh Dabholkar wrote:

So, are we saying that it has more to do with the application itself rather 
than Tomcat?


Yes, that's far more likely.  If Tomcat itself had a bug like that, 
every user would be screaming.  Are you on the latest version of TC 
(8.0.33, I think)?





We're also using Spring MVC framework which handles session management.

Regards,
Nilesh

-Original Message-
From: David kerber [mailto:dcker...@verizon.net]
Sent: 11 April 2016 13:57
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat8 with Java8 session mix up issue

On 4/11/2016 8:54 AM, Olaf Kock wrote:



Am 11.04.2016 um 14:51 schrieb Nilesh Dabholkar:

Hi,

Has anyone come across issues related mixing up user session on Tomcat 8.0.26?

We've been seeing intermittent issues whereby user session are getting mixed up 
after upgrading to Tomcat8 and Java8.


Whenever I've seen content for one user being delivered to another
user in the past, it has always been some overeager cache/proxy
somewhere in the path.

Can you check if that's the case?


Improper use of static variables is another common cause.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat8 with Java8 session mix up issue

[David kerber]

On 4/11/2016 8:54 AM, Olaf Kock wrote:



Am 11.04.2016 um 14:51 schrieb Nilesh Dabholkar:

Hi,

Has anyone come across issues related mixing up user session on Tomcat 8.0.26?

We've been seeing intermittent issues whereby user session are getting mixed up 
after upgrading to Tomcat8 and Java8.


Whenever I've seen content for one user being delivered to another user
in the past, it has always been some overeager cache/proxy somewhere in
the path.

Can you check if that's the case?


Improper use of static variables is another common cause.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat running against Java 1.7 barfs with Java < 1.7 Jasper error

[David kerber]

On 4/8/2016 7:43 AM, Lyallex wrote:

On 8 April 2016 at 12:31, Violeta Georgieva  wrote:

Hi,

2016-04-08 14:28 GMT+03:00 Lyallex :


Apache Tomcat 7.0.42 running under jsvc against jdk1.7.0.45
on 64 bit Ubuntu Linux 12.10 built and deployed with Ant in Eclipse
JUNO set to 1.7 compliance

Please don't moan at me for using JSP scriptlets, I'm just doing some
throwaway prototyping so save the bandwidth. Thank You

I have been switching on Strings in 1.7 projects for a while now, I
use it in application classes running on the above with no problems at
all.

This morning I tried switching on Strings in jsp and got the following
compiler error

org.apache.jasper.JasperException Unable to compile class for JSP
etc etc
Cannot switch on a value of type String for source level below 1.7 ...

Hmm, interesting

Configured Jasper to compile against 1.7 and it all worked fine

It seems a little strange that running Tomcat against 1.7 wouldn't
automatically configure Jasper to compile against 1.7 ... doesn't it ?

Or does it?

I'm sure there is a good reason, I just can't think of it :-(



This behavior is correct. Check this
http://tomcat.apache.org/tomcat-7.0-doc/jasper-howto.html

compilerSourceVM - What JDK version are the source files compatible with?
(Default value: 1.6)
compilerTargetVM - What JDK version are the generated files compatible
with? (Default value: 1.6)

Regards,
Violeta


Well I'm sure it is ... but you miss the point entirely I'm afraid

I'll try again

I said

" It seems a little strange that running Tomcat against 1.7 wouldn't
   automatically configure Jasper to compile against 1.7 ... doesn't it"

I'm not sure how you interpret this statement as an assertion that
the behavior is incorrect.

Once again.

Why is it that when Tomcat is run against Java 1.7 and obviously
interprets classes
written in 1.7 correctly Jasper isn't configure to compile at 1.7
compliance level.

It's just a question, I found it interesting.


And the answer, if I interpret Violeta's response correctly, is that it 
will compile for Java 6 unless you *explicitly* tell it to use something 
else.  It won't know you want to use 7 unless you say so.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Why the tomcat source code uses obsolete ant build configuration? why not maven or gradle?

[David kerber]

On 3/28/2016 2:18 PM, Caldarale, Charles R wrote:

From: George Sexton [mailto:geor...@mhsoftware.com]
Subject: Re: Why the tomcat source code uses obsolete ant build configuration? 
why not maven or gradle?



In my opinion (and it's probably not shared by many, but I don't care),
Maven sucks.


+many to that

Another "solution" in search of a problem.


Yup.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat port listening as SYSTEM

[David kerber]

On 3/28/2016 10:37 AM, SUSIL SAHU wrote:

It's working, server is starting properly as I mentioned. But I've code
that check whether tomcat is running or not using below command:

netstat -ab | grep -B 1 "java" | grep "8080" | grep "LISTEN"

This doesn't return any value bcz it is listening as SYSTEM instead of
java.exe.

[System]
TCP0.0.0.0:8080  Lap80:0   LISTENING

I am not sure how to fix this issue.


There is nothing to fix; that is normal for windows services.  You will 
probably find a tomcat*.exe in your task list, though.





Thanks,
susil


On Mon, Mar 28, 2016 at 7:39 PM, David kerber <dcker...@verizon.net> wrote:


On 3/28/2016 9:58 AM, SUSIL SAHU wrote:


Hello,

I am new to tomcat using version 7.0.28. I am able to start tomcat
successfully using startup.bat in windows 2008.

But when tried to check the port number using netstat -ab, it is listening
as SYSTEM instead of java.exe.

[System]
TCP0.0.0.0:8080  Lap80:0   LISTENING

I need help to fix this issue.



Is it not working properly?  That is normal for a windows service.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat port listening as SYSTEM

[David kerber]

On 3/28/2016 9:58 AM, SUSIL SAHU wrote:

Hello,

I am new to tomcat using version 7.0.28. I am able to start tomcat
successfully using startup.bat in windows 2008.

But when tried to check the port number using netstat -ab, it is listening
as SYSTEM instead of java.exe.

[System]
   TCP0.0.0.0:8080  Lap80:0   LISTENING

I need help to fix this issue.


Is it not working properly?  That is normal for a windows service.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Cluster session replication issue: servlet hang on restart only under load

[David kerber]

On 3/25/2016 9:41 AM, Anthony Sturchio wrote:

Hello

We recently updated our Coldfusion 10 server to update 18, which moved
us up to Tomcat 7.0.64, and we are now experiencing issues when
restarting a CF instance.  I understand that this is not a coldfuison
forum, but since CF10 is based on top of a tomcat back end, which is
where the issue appears to be, I figured I would ask here.  As best I
can figure, it appears that while under moderate load, DeltaManager
sessions dont replicate, and the servlet hangs and never fully starts
up.  Without any load, the CF instance (servlet) starts up perfectly
fine without issue.

I have recently tested on a fresh install of CentOS 6.7 64 Bit, with
newly installed Coldfusion 10 update 18, and JDK 1.7.0_95, and can
confirm this issue happens out of the box.


In windows, there is an option to delay the automatic startup of 
services so that you can be sure all the things it depends on are ready. 
 I have found that it can help with intermittent startup issues.  Is 
there such a thing in CentOS that you could try?




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 -minheap,maxheap size

[David kerber]

On 3/23/2016 9:19 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

On 3/23/16 8:02 AM, David kerber wrote:

On 3/23/2016 3:36 AM, Mahudeswaran A wrote:

Hello All, Is there any recommended maximum setting for tomcat-6
32bit version running on windows 64bit OS


No, there is not.  It all depends on your app's requirements.  I
have applications for which 64MB is plenty, and others which need
1024MB.  I think the max on 32-bit is 2048MB (2GB), but I'm not
sure of that.


Something like that, depending upon a few things. I think I wasn't
able to get above 1520MiB on 32-bit Windows, but that's because of
some weirdness the OS does with kernel-versus-process address space.
Evidently, the process can have 32-bit pointers, but reserves *half*
of that for kernel space. You used to be able to use some kind of boot
parameter to set that kernel/process split to 3GiB/1GiB... not sure if
that works anymore. It doesn't matter, though... everyone should be on
64-bit, now.

If you are running on a 64-bit OS, it *generally* makes sense to use a
64-bit JVM, but I can see lots of reasons to use a 32-bit JVM - if you
can get away with it - mostly memory-related.


We run 32-bit to simplify installations.  We have several non-java 
applications that are still 32-bit, and running 32-bit java lets us get 
away with installing only one set of db drivers and ODBC DSNs, which all 
applications (both java and non-java) can use.  None of them need 64-bit 
java just for memory requirements.





64-bit JVMs can use compressed object pointers (and they do by
default) to take up less memory than if they used native pointers, but
the reality is that a 64-bit JVM simply requires more memory than the
same exact application running under a 32-bit JVM.

If you can get away with less than ~2GiB of heap, then I would say
stick with the 32-bit JVM. You can always move to 64-bit.

Note that Tomcat itself is 100% Java and so there isn't really a
"32-bit Tomcat" though it is packaged that way: the 32-bit package
just has a 32-bit installer and is bundled with the 32-bit Windows
service, a 32-bit tcnative, etc.


We would like to change the default setting and looking for max
size/count for 32bit tomcat-6 running on 64bit windows OS. Min
heap size=? Max heap size=? Max Thread count=?


IMO, you should only use as much memory as you actually need. Some
people like allocating enormous heaps because "more is better", but I
tend to think that if you have a huge heap, it will take you forever
to notice any kinds of memory problems that you have.

- -chris

(Still very happily running in production with 512MiB heaps for our
"biggest" web applications.)
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbyl8QACgkQ9CaO5/Lv0PA6cQCeKkbE2m3MCRfKQyMs3oBRJnYY
misAn0h4wlUWCNx3byztozAZJGmStaZV
=1VG8
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 -minheap,maxheap size

[David kerber]

On 3/23/2016 3:36 AM, Mahudeswaran A wrote:

Hello All,
Is there any recommended maximum setting for tomcat-6 32bit version running on 
windows 64bit OS


No, there is not.  It all depends on your app's requirements.  I have 
applications for which 64MB is plenty, and others which need 1024MB.  I 
think the max on 32-bit is 2048MB (2GB), but I'm not sure of that.




We would like to change the default setting and looking for max size/count for 
32bit tomcat-6 running on 64bit windows OS.
Min heap size=?
Max heap size=?
Max Thread count=?

Thanks and regards




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: "Distinct and non-overlapping" context roots

[David kerber]

On 3/22/2016 12:31 PM, Paul Benedict wrote:

Mark, I did get some clarification. Thanks for asking.

The EE spec states an "application" may not have overlapping context roots.
I got clarification that "application" refers only to an EAR. Therefore, an
EE server should be validating this condition.


I've been following this thread just a bit, and have a question about 
it:  what does "overlapping" mean to them?  To me, if one was a subset 
(completely contained inside) of another one, that would not be 
overlapping.  Overlapping would imply that two apps would both match 
some URLs, while other URLs would only match one or the other.  Is that 
how they define overlapping?





So two inferences follow:
1) In the case of an EAR bundling a WAR that specifies the root context, no
other WAR can be allowed in the EAR since any other context would overlap
with the root context.
2) Without an EAR, there are no overlapping restrictions except for
(obviously) identical context roots.

And two extra pieces of information worth knowing:
a) Supposedly GlassFish imposes the "overlapping" restriction on the entire
application server, not just the EAR.
b) The specification doesn't prevent the slash character in the context
name, but I got the distinct impression that's something to fix in the
future.

Cheers,
Paul

On Tue, Mar 22, 2016 at 11:12 AM, Mark Thomas  wrote:


On 22/03/2016 15:57, Paul Benedict wrote:

FYI, the EE spec lead and Servlet spec lead consulted. They said I should
log a ticket against the Servlet specification on this matter. That is
something I think I shall do. I found some wording in the specification
that should likely have more detail.


Did you get any clarity on what the Java EE spec authours actually meant?

Mark



Cheers,
Paul

On Tue, Mar 22, 2016 at 10:49 AM, Mark Thomas 

wrote:



On 22 March 2016 14:46:31 GMT+00:00, Christopher Schultz <
ch...@christopherschultz.net> wrote:

Mark,

On 3/17/16 1:28 PM, Mark Thomas wrote:

On 17 March 2016 16:06:10 GMT+00:00, Paul Benedict

 wrote:

This question is not about Tomcat per se, but it does affect it.

It's

really about the EE specification in regards to any servlet

container.

I'd
like to get professional opinions on this part of the specification.

I am quoting from EE 5.0 (see link below), section 8.3.1, paragraph

3c:


The Deployer must... "Assign a context root for each web module
included in
the Java EE application. The context root is a relative name in the

web

namespace for the application. Each web module must be given a

distinct

and
non-overlapping name for its context root."

So given this scenario:
/context/something <-- context is /context
/context/something/somethingelse <-- context is /context/something

The specification puts no limitations on the context root character

set

(so
it can include a slash). With that said, would you consider these
"overlapping" contexts? I noticed one application server supporting
this
paradigm without issue, but it seems like a violation of the
specification.
Please advise.

Also, since Tomcat doesn't support "applications" (EAR?), how should
the
specification be interpreted in the absence of that artifact?

[1]
http://download.oracle.com/otndocs/jcp/javaee-5.0-fr-eval-oth-JSpec/

Cheers,
Paul


That requirement makes no sense as I understand it. You always have

overlapping context paths because of the ROOT context.


I think this is one for the EG to clarify what they meant.

It is also worth noting that the servlet spec explicitly states thst
requests are matched against the longest matching context path.


How can Tomcat tell the difference between requests to:

/webappA/someresource/foo (which does exist in webappA path=/webappA)
and
/webappA/someresource/foo (which does not exist in webappB
path="/webappA/someresource)

In the above case, Tomcat should choose the second, because
/webappA/someresource matches webappB's context path, which is longer
than webappA's context path, right?


Correct. That should result in a 404.

We've use this trick to return something useful if a user requests the
docs Web app when it isn't installed.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

[David Kerber]

On 3/19/2016 5:39 PM, Daniel Savard wrote:

André,

I was just trying to understand why this was a so hard requirement to
run on port 80. The provided answers didn't help to understand why
this was hardly needed. I was just questioning and sometimes, we, yes
I include myself, look at a problem with a narrow view how to solve it
and it may be helpful to be provided alternate solutions.


The most common reason to run TC on port 80 is for simplicity of 
configuration, on production, but not huge-traffic web sites which can 
tolerate a small amount of down time.





But, anyway, enough on this.
-
Daniel Savard


2016-03-19 17:02 GMT-04:00 André Warnier (tomcat) :

Daniel,

first of all, stop top-posting (this applies to both of you). This is not
the style of posting desired on this list.
See http://tomcat.apache.org/lists.html#tomcat-users, #6.

Secondly,
the original poster (lyallex) wants to run Tomcat under Linux, without a
front-end, as a webserver, listening on port 80, but running as a user which
is not root.
This is a legitimate way of running Tomcat, and it is not for you to tell
him to run it otherwise.  Presumably, he knows what he is doing, under his
circumstances.

Tomcat by itself cannot do that, because it cannot by itself start as root,
bind to port 80, and then switch users.
The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this,
which is why the OP wants to use it.
But he has problems configuring this to run under systemd.
And this was his question : how to run Tomcat as non-root under a JVM under
jsvc under systemd, listening on port 80.

I have not yet tried it myself, so I cannot really help.
But I have a feeling that the information that you have provided earlier,
can be extrapolated to the configuration which lyallex wants.
So thank you for providing that information, and let's leave it at that.
There is no need and no point in transforming this conversation into a flame
now.



On 19.03.2016 21:33, Daniel Savard wrote:

I still don't see how the number of concurrent sessions is related to
the port number.

The default ports for Tomcat are 8080 and 8443.

For huge websites, usually you have a load balancer as a front-end
anyway. You then get the capability to distribute the workload on more
than one instance of Tomcat and/or servers, so, sticking on a single
port isn't desirable since many instances on a single server cannot
run on the same port. You get the capability to eliminate any
single-point of failure as well as getting the capability to implement
a non-stop environment making a Tomcat cluster.
-
Daniel Savard


2016-03-19 15:40 GMT-04:00 Lyallex :



On 19 March 2016 at 19:19, Daniel Savard  wrote:

I see what you were trying to achieve, however I don't see much
interest in that.


Really, I've been running a successful commercial web site for the
last 4 years using Tomcat as a standalone web server
and servlet container using exactly this solution. 1000 concurrent
sessions pose no problem
I mentioned this in my first post, sorry if you missed it.


1) Obviously, if you were expecting systemd to solve that problem, you
were wrong and it is a sane behavir of systemd to not allow that
neither


No, you misunderstood. I was trying to start jsvc from a systemd service
file
Please read more carefully.I never suggested that systemd would solve
the problem


2) Your solution to your problem is lying on jsvc alone.
3) I believe is bad security practice to insist to bind on privileged
ports for process that don't need that level of privilege.

Btw, even if you switch to another user to run the code, you actually
are binding to port 80 as root.

Maybe you can explain us why you want to do such a thing and using any
other unprivileged port isn't a solution to your problem.


What is the default port for non.-encrypted http traffic to a web server?

Anyway, I see no reason to start a slanging match, I have better things
to do.
It's all working quite nicely now anyway, thank you for your input.

To learn about jsvc see
http://commons.apache.org/proper/commons-daemon/jsvc.html
You'll need an up to date ANSI C compiler (I use gcc)

Lyallex



Regards,
-
Daniel Savard


2016-03-19 12:10 GMT-04:00 Lyallex :

It's the simplest way to find out which port you have Tomcat listening
on

*NIX based systems don't allow non root uses bind to ports < 1024

jsvc
http://commons.apache.org/proper/commons-daemon/jsvc.html

solves this problem, nobody seems to have grasped that this is what I
was asking about.
I know of no way to start the container, on port 80 using either
startup.sh or catalina.sh using start, run or anything else.
If I'm wrong then I would love to see how it's done.

CentOS Linux release 7.2.1511 (Core)


On 19 March 2016 at 13:46, Daniel Savard 
wrote:

Why? What is the point? The server.xml has nothing to do 

Re: Warning response header

[David Kerber]

On 3/7/2016 5:11 PM, Sean Dawson wrote:

On Sun, Mar 6, 2016 at 12:48 PM, Sean Dawson 
wrote:


Tomcat 8_32
Windows 7
Java 8_51
RestEasy 3.0.11.Final
GWT 2.7.0 (Jetty jetty-9.3.5.v20151012)

Servlet code makes a RestEasy call to another servlet (same container) -
second servlet sets the 'Warning' HTTP header on response.  Would like to
access that in first servlet but when running in Tomcat, that header is not
included.

Code to get header in first servlet:

Object headers = ((ClientResponseFailure)
e).getResponse().getResponseHeaders().get("Warning");

Also tried: getHeaders(), getStringHeaders(), and getHeaderString().

When running GWT in superdev mode in IntelliJ (15.0.4) using Jetty, the
above returns a List with one item that contains the warning string.  When
remote debugging Tomcat, that call returns null.

Added this to web app xml, and also tried Tomcat conf/web.xml...

 
 CorsFilter
 org.apache.catalina.filters.CorsFilter
 
 cors.exposed.headers
 Warning
 
 
 
 CorsFilter
 /*
 

Also tried cors.allowed.headers.

Any pointers?



Alright, lets try this again.  Simple reproducible testcase...

- download latest Tomcat 8 for Windows 64-bit zip
http://mirrors.ocf.berkeley.edu/apache/tomcat/tomcat-8/v8.0.32/bin/apache-tomcat-8.0.32-windows-x64.zip
- extract somewhere
- delete everything in webapps folder
- build project below, put in webapps folder
- go to: http://localhost:8080/one
- check response headers... no Warning header

** pom.xml **

http://maven.apache.org/POM/4.0.0;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd;>
 4.0.0

 test
 tcTest
 war
 1.0-SNAPSHOT

 tcTest Maven Webapp
 http://maven.apache.org

 
 
 org.glassfish
 javax.servlet
 3.1.1
 
 
 org.jboss.resteasy
 resteasy-client
 3.0.11.Final
 
 


If you're adding Maven, Glassfish and JBoss, you're adding a LOT of 
complexity to your "simple" reproducible!  I've never used any of them, 
so would have no hope of reproducing your issue.  And there's a fair 
chance that it has nothing to do with Tomcat anyway, given all the other 
stuff around it...





 
 ROOT
 



** web.xml **


http://java.sun.com/dtd/web-app_2_3.dtd; >


 Archetype Created Web Application

 
 One
 pkg.ServletOne
 

 
 One
 /one/*
 

 
 Two
 pkg.ServletTwo
 

 
 Two
 /two/*
 



** index.html **




Hello World!




** Caller interface **


package pkg;

import javax.ws.rs.GET;
import javax.ws.rs.Path;

public interface Caller
{
 @GET
 @Path("two")
 String makeCall();
}



** Servlet one **


package pkg;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.MediaType;

import org.jboss.resteasy.client.ProxyBuilder;

public class ServletOne extends HttpServlet
{
 Caller caller;

 @Override
 public void init() throws ServletException
 {
 caller = ProxyBuilder.build(Caller.class,
"http://localhost:8080;).now();
 }

 @Override
 protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException
 {
 String result = caller.makeCall();
 response.getWriter().println(result);
 }
}


** Servlet two **


package pkg;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class ServletTwo extends HttpServlet
{
 @Override
 protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException
 {
 addHeader(response);
 response.getWriter().println("Ok");
 }

 void addHeader(HttpServletResponse response)
 {
 response.setHeader("Warning", "This is a warning"); // also
tried addHeader()
 }
}




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple domian names one web site different content

[David kerber]

On 3/4/2016 3:46 PM, Jose María Zaragoza wrote:

Maybe my question does't have to do with current thread ( an probably
doesn't have any sense at all) but :

would be possible to define "VirtualHost" according the destination port ?
I know that VirtualHost diferent domain name, but i want to keep the
same domain name
and to define
2 connectors , listening on 8080 and 8081
Requests to 8080 go to /webapps-app1 and requests to 8081 go to /webapps-app2

is it possible in a only one Tomcat instance ? or  I need to configure
2 tomcat instances ?


No, one tomcat instance can't listen on two different ports at the same 
time.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Update path of executeable of a tomcat windows service

[David kerber]

On 2/22/2016 10:12 AM, Fabian Birk wrote:

Hello,

I am using tomcat as a windows service and want to update the path of
executeable during my automated process via command line.
The Reason why I dont want to deinstall / install the service is, that I
want to keep the other informations like service user etc.

I have a tomcat 7 service (should work for all tomcat versions if possible)
and want to update it with the following command:

tomcat8 //US//TestService --DisplayName="TestService2" ^
--Install="..\Tomcat\x64\bin\tomcat8.exe"

The DisplayName is updated, install is not.

Is it even possible to change the path of executeable via tomcat?


I'm not sure about using a tomcat utility to do that, but I believe you 
can use the windows SC command to modify this setting.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat memory

[David kerber]

On 2/22/2016 7:02 AM, Gokul.Baskaran wrote:

The answer I expected is the JVM grows as much as to the available system 
memory of there are m min and max set.


But if you go back and read what others have posted, you will find that 
that is not the case.  Just because that's what you expect, does not 
mean that is what is actually going to happen.





-Gokul

Sent from iPhone


On Feb 22, 2016, at 2:43 AM, André Warnier (tomcat)  wrote:


On 22.02.2016 03:44, Gokul.Baskaran wrote:
Thanks again, to make things clear. When I meant default, what is the default 
min and max that is given to an application if there nothing defined in the JVM 
?


In how many different ways do you need to be told this ?
Re-read the previous answers that you already received.  All the information is 
there.


In my case, the Tomcat is running on windows and I don't have setenv.bat or 
sentenv.sh or even catalina.bat and catalina.conf does not have the OPT config 
for min and max. HTH

Thank you

-Gokul


-Original Message-
From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: Sunday, February 21, 2016 3:04 PM
To: Tomcat Users List 
Subject: Re: Tomcat memory

grep mx bin/* found only settings in setenv.sh in my installation - this lets 
me state that there are no defaults: setenv.sh is not contained in the 
distribution but will be read in case it's found in the file system.
Thus there's no tomcat default that I'm aware of. Anybody who distributes 
tomcat with a setenv.sh might have a sensible default for their embedded 
application, but the raw distribution AFAIK has none.

Safe assumption should be: Whatever the JVM thinks is appropriate is the 
default.

Create a setenv.sh or setenv.bat and set CATALINA_OPTS to the desired value, e.g. 
"-Xms 2048m -Xmx2048m" (but there will probably be more settings, e.g. for 
tuning the garbage collector...

(apologies in case this goes out after the problem has long been solved:
I'm in a hotel that blocks SMTP and have to find a way to send mail from
here)

Olaf


Am 21.02.2016 um 18:23 schrieb Gokul.Baskaran:
Question was for Java 7

It is a Tomcat / Application question as well, as memory default can be 
configured in the application config.

I totally agree that the best practice is to set the Xms and -Xmx. As am going 
to change the config, I would curious to know if the tomcat ui or the catalina 
does not have a Xms and -Xmx, would it default to 400MB? I read this in another 
forum.

-Gokul


-Original Message-
From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: Sunday, February 21, 2016 3:14 AM
To: Tomcat Users List 
Subject: Re: Tomcat memory

This is rather a Java than a tomcat question:

The JVM allocates memory based on whatever default your current JVM
version decides (you don't mention what version of Java you're on)

 From a text on
http://docs.oracle.com/javase/7/docs/technotes/guides/vm/gc-ergonomics
.html
that's linked from my Java's manpage:

 *initial heap size*

 Larger of 1/64th of the machine's physical memory on the machine
 or some reasonable minimum. Before J2SE 5.0, the default initial
 heap size was a reasonable minimum, which varies by platform.
 You can override this default using the |-Xms| command-line option.

 *maximum heap size*

 Smaller of 1/4th of the physical memory or 1GB. Before J2SE 5.0,
 the default maximum heap size was 64MB. You can override this
 default using the |-Xmx| command-line option.

 *Note:* The boundaries and fractions given for the heap size are
 correct for J2SE 5.0. They are likely to be different in subsequent
 releases as computers get more powerful.

Note that this is from JavaSE7 and even mentions 5 - with more power there 
comes more initial and maximum memory defaults.

I'm not aware of the actual development of the default memory - mostly
because I consider it good practice to know what an application uses
and provide it explicitly, rather than relying on defaults. (and
frankly, on the applications that I see, the default typically is not
even enough - let alone a good basis for tuning)

While we're at it: For production systems I consider it good practice to set -Xms and 
-Xmx to the same value. Reason: If you don't have enough memory available, you want to 
know this when the process starts, not days later when it tries to allocate "the 
rest" - typically sunday night at 3am.

Olaf


Am 21.02.2016 um 03:39 schrieb Gokul.Baskaran:
Hi,

I am currently running tomcat 7 in Windows 2012.

The current JVM Heap memory parameters are set to empty, does the JVM Heap 
memory utilize the entire memory of the OS or does it default to a specific 
memory number?

Thank you
-Gokul


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Sessions number issue

[David kerber]

On 2/19/2016 11:20 AM, Qadeer Khan wrote:

Anyone, please throw some insight on the following issue


You need to do the research and answer the questions that Mark asked in 
your other thread.


Since you're using jboss, this may well be a jboss problem, rather than 
tomcat.





-

On clicking on the session number '0', he is getting the following error. Any 
idea?

FAIL - Encountered exception org.apache.jasper.JasperException: Unable to 
compile class for JSP:

An error occurred at line: [18] in the generated java file: 
[/opt/jboss/jws-3.0/tomcat7/work/Catalina/localhost/manager/org/apache/jsp/WEB_002dINF/jsp/sessionsList_jsp.java]
Only a type can be imported. org.apache.catalina.ha.session.DeltaSession 
resolves to a package

An error occurred at line: 109 in the jsp file: /WEB-INF/jsp/sessionsList.jsp
DeltaSession cannot be resolved to a type
106:Session currentSession = (Session) iter.next();
107:String currentSessionId = 
JspHelper.escapeXml(currentSession.getId());
108:String type;
109:if (currentSession instanceof DeltaSession) {
110:if (((DeltaSession) currentSession).isPrimarySession()) {
111:type = "Primary";
112:} else {


An error occurred at line: 110 in the jsp file: /WEB-INF/jsp/sessionsList.jsp
DeltaSession cannot be resolved to a type
107:String currentSessionId = 
JspHelper.escapeXml(currentSession.getId());
108:String type;
109:if (currentSession instanceof DeltaSession) {
110:if (((DeltaSession) currentSession).isPrimarySession()) {
111:type = "Primary";
112:} else {
113:type = "Backup";

Qadeer Khan - RHCJA,RHCSA
RedHat Consulting - Public Sector
Senior Consultant
Mobile: 703-798-5621
Email: qk...@redhat.com
http://www.redhat.com



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Problem with Tomcat 5.5.20.

[David kerber]

On 2/19/2016 6:36 AM, Rogerio da Silva wrote:





Dear ,




I have encountered problem with Apache Tomcat
5.5.20 , suddenly occur slow access in published URLs stay inacessible, looking
memory process in operation system Windows 2008 Enterprise SP2 appearance lock
, restart after OS return with more instability, suggestions?


If nothing else changed in your system, check for hardware problems 
(memory or HD, most likely) or a malware infection.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Session on Tomcat 7 manager screem

[David kerber]

On 2/18/2016 11:55 AM, Qadeer Khan wrote:

I am not sure why so aggravated you get... I am not claiming any bugs or 
anything and I am no expert in Tomcat 7 application server.

I am at client site and they are simply asking me a question as I explained 
before.

They have java applications deployed and creating more than one sessions of 
application and as I said earlier session is not incrementing


And Mark is telling you that most likely, they are not actually creating 
sessions.  "Session" has a specific definition in the http world, and 
not every user, application or call will create a session.





It is as simple as that!!




- Original Message -
From: "Mark Thomas" 
To: "Tomcat Users List" 
Sent: Thursday, February 18, 2016 11:50:24 AM
Subject: Re: Session on Tomcat 7 manager screem

On 18/02/2016 16:45, Qadeer Khan wrote:

Can you tell what a session definition is?


You are claiming there is a bug with session handling yet you don't know
what a session is? Oh dear.

Time for you to spend some time reading the Servlet specification.

Mark





On 18/02/2016 16:28, Qadeer Khan wrote:

Hey Guys,

Someone please throw some light as I am being asked about it several time now


Then maybe try reading the responses you received to your previous post
and answering the questions you were asked.


There is are several running java applications deployed and running on tomcat server 
7 but the 'session' field on the  Manager screen always show a '0".


OK. So there aren't any sessions.


So there are sessions running by users but no increment shown under 'session'


You need to provide some evidence to back up that statement. You have
been asked several times for this and still have not provided any. What
have you done to confirm that sessions are created?


Please throw some light as why it is not increment and what can be done to fix 
it?


You have yet to demonstrate that there is anything to fix.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to set tomcat 8.0.20 container character encoding of request and response to UTF-8 intead of ISO-8859-1

[David kerber]

On 2/16/2016 11:38 PM, Akshat Tandon wrote:

Thanks Chris for the response,

Basically we don't want to do coding around the filter as it will also
bring us an additional overhead of maintaining the code and follow the
quality process , Ideally we want say some setting to say in server.xml to
set request and response character encoding


I think what Chris is saying is that you don't need to do any coding 
with the filter, just configure it.








*Thanks and RegardsAkshat Tandon*

On Tue, Feb 16, 2016 at 8:13 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:


Akshat,

On 2/16/16 7:08 AM, Akshat Tandon wrote:

We need to set tomcat 8.0.20 container character encoding of request and
response to UTF-8 intead of ISO-8859-1 ,

  What is the setting for the same ?

  We tried setting as mentioned below ,
https://wiki.apache.org/tomcat/FAQ/CharacterEncoding#Q1 But that

requires

creating filter etc .

  Is there any elegant way where we can just change some configuration set
to make it applicable at container level ?


What, you don't like the filter already bundled with Tomcat that you can
simply configure? It really can't get any easier than that.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Failure Modes

[David kerber]

On 2/11/2016 2:20 PM, Edward Hart (c) wrote:

Q1:  Can Tomcat be configured to 'roll back' if a patch update causes a TC 
failure on a production server?
Q2:  Can TC be configured to fail to a known safe state in the event of server 
failure during operation?

I am developing a Security Technical Implement Guide (STIG) for Tomcat.  A STIG 
is essentially a detailed checklist for hardening a given technology.  DoD uses 
them to provide cyber defense.

Finding configurable ways to satisfy the below 2 requirements is proving 
difficult.

Req 1 : The web server must augment re-creation to a stable and known baseline.

Req 2 : The web server must be built to fail to a known safe state if system 
initialization fails, shutdown fails, or aborts fail.


Req 1 is intended to provide a means to roll back to a last known stable 
environment in case a patch fails.  Req 2 is intended to provide fail safe 
environments in case something (perhaps an attacker) causes system failure.


#1 is probably doable with some kind of version control.

#2 seems to be to be most easily answered by staying shut down as its 
known stable state.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Http 403: access to requested resource denied

[David kerber]

403 is an authentication/authorization error, which means the logged-in 
user doesn't have permissions to the requested resource.



On 2/3/2016 11:05 AM, prashant sharma wrote:

Hi,
Can someone pls provide any inputs on below.
Thanks

Regards,
Prashant

07440456543
On 2 Feb 2016 18:02, "prashant sharma"  wrote:


Hi,
I am using apache tomcat 7.0.57 and jdk 7 on windows 7.
I have deployed a simple web application inside tomcat webapps folder by
placing the war file directly in webapps.
This is a basic application which exposes an endpoint with put request
method.

When I try to access this endpoint I get 403 access forbidden error.

However If I place war file outside tomcat  and point it by creating
context.xml in conf/Catalina/localhost I am able to access my endpoint.

Can someone pls tell what's wrong with the first approach and why its not
working in that

Regards,
Prashant

07440456543






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Http 403: access to requested resource denied

[David kerber]

On 2/3/2016 12:50 PM, prashant sharma wrote:

On 3 Feb 2016 17:42, "David kerber" <dcker...@verizon.net> wrote:


On 2/3/2016 12:23 PM, prashant sharma wrote:


On 3 Feb 2016 16:38, "Mark Eggers" <its_toas...@yahoo.com.invalid> wrote:



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Quick note - please post at the bottom or inline.

See item 6 of the Tomcat users mailing list here:
http://tomcat.apache.org/lists.html

On 2/3/2016 8:20 AM, prashant sharma wrote:


That's true. But we are not doing any authn/authz in our
application. Its just a simple webapp that exposes 1 endpoint (put
method). Any body should be able to hit that end point.

It works fine if I place my war outside tomcat installation
directory and create a context from Catalina/localhost. But if I
place my war inside webapps then it gives http 403 when I hit my
endpoint.

Regards, Prashant

07440456543 On 3 Feb 2016 16:11, "David kerber"
<dcker...@verizon.net> wrote:


403 is an authentication/authorization error, which means the
logged-in user doesn't have permissions to the requested
resource.


On 2/3/2016 11:05 AM, prashant sharma wrote:


Hi, Can someone pls provide any inputs on below. Thanks

Regards, Prashant

07440456543 On 2 Feb 2016 18:02, "prashant sharma"
<pacificmist.0...@gmail.com> wrote:

Hi,


I am using apache tomcat 7.0.57 and jdk 7 on windows 7. I
have deployed a simple web application inside tomcat webapps
folder by placing the war file directly in webapps. This is a
basic application which exposes an endpoint with put request
method.

When I try to access this endpoint I get 403 access forbidden
error.

However If I place war file outside tomcat  and point it by
creating context.xml in conf/Catalina/localhost I am able to
access my endpoint.

Can someone pls tell what's wrong with the first approach and
why its not working in that

Regards, Prashant

07440456543



With your put method, are you trying to write to a file within the web
application?

. . . just my two cents


This put method updates a record in database.
The same webapp(endpoint) works when I place war outside tomcat.



Check the permissions on the directories where you are placing the .war

file.
.war file is places under tomcat webapps folder.


Yes, I know.  You need to check the permissions that are set on that 
directory.











/mde/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBAgAGBQJWsiy6AAoJEEFGbsYNeTwtQl8IAJyMU5CIE5ex3QTLbnnEzM/P
SCPTn6yTFnMleBtKpKHpiVsc2pc3ebXaSWsWqTId6ahGbDnl6bGUewKfGU/ybeqr
9gxYNj75d3z2xHFaOiVZjf67zGgS7pQ+XUSlIrogrsVQ5mDopRGgdkDsUPnerdlL
w0288AGjnh9IKMXJ3MiFK3qORImjIEINTLDpnAcdoX5fbGwkVKyIF74VNrH2xqot
zI0fglepGn9bk8MB1r+JkRVnrFwhXjfwhCBREnf8+Uy4LrszEF8CVmvNVsAQLxm1
9d6cOPLO4rGv/UGBCrK596vXQOQZ+hg1NpN04Gfd5evLafI0x29bE7AYFmcxKPo=
=ZL/3
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Http 403: access to requested resource denied

[David kerber]

On 2/3/2016 12:23 PM, prashant sharma wrote:

On 3 Feb 2016 16:38, "Mark Eggers" <its_toas...@yahoo.com.invalid> wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Quick note - please post at the bottom or inline.

See item 6 of the Tomcat users mailing list here:
http://tomcat.apache.org/lists.html

On 2/3/2016 8:20 AM, prashant sharma wrote:

That's true. But we are not doing any authn/authz in our
application. Its just a simple webapp that exposes 1 endpoint (put
method). Any body should be able to hit that end point.

It works fine if I place my war outside tomcat installation
directory and create a context from Catalina/localhost. But if I
place my war inside webapps then it gives http 403 when I hit my
endpoint.

Regards, Prashant

07440456543 On 3 Feb 2016 16:11, "David kerber"
<dcker...@verizon.net> wrote:


403 is an authentication/authorization error, which means the
logged-in user doesn't have permissions to the requested
resource.


On 2/3/2016 11:05 AM, prashant sharma wrote:


Hi, Can someone pls provide any inputs on below. Thanks

Regards, Prashant

07440456543 On 2 Feb 2016 18:02, "prashant sharma"
<pacificmist.0...@gmail.com> wrote:

Hi,

I am using apache tomcat 7.0.57 and jdk 7 on windows 7. I
have deployed a simple web application inside tomcat webapps
folder by placing the war file directly in webapps. This is a
basic application which exposes an endpoint with put request
method.

When I try to access this endpoint I get 403 access forbidden
error.

However If I place war file outside tomcat  and point it by
creating context.xml in conf/Catalina/localhost I am able to
access my endpoint.

Can someone pls tell what's wrong with the first approach and
why its not working in that

Regards, Prashant

07440456543


With your put method, are you trying to write to a file within the web
application?

. . . just my two cents

This put method updates a record in database.
The same webapp(endpoint) works when I place war outside tomcat.


Check the permissions on the directories where you are placing the .war 
file.






/mde/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBAgAGBQJWsiy6AAoJEEFGbsYNeTwtQl8IAJyMU5CIE5ex3QTLbnnEzM/P
SCPTn6yTFnMleBtKpKHpiVsc2pc3ebXaSWsWqTId6ahGbDnl6bGUewKfGU/ybeqr
9gxYNj75d3z2xHFaOiVZjf67zGgS7pQ+XUSlIrogrsVQ5mDopRGgdkDsUPnerdlL
w0288AGjnh9IKMXJ3MiFK3qORImjIEINTLDpnAcdoX5fbGwkVKyIF74VNrH2xqot
zI0fglepGn9bk8MB1r+JkRVnrFwhXjfwhCBREnf8+Uy4LrszEF8CVmvNVsAQLxm1
9d6cOPLO4rGv/UGBCrK596vXQOQZ+hg1NpN04Gfd5evLafI0x29bE7AYFmcxKPo=
=ZL/3
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Http 403: access to requested resource denied

[David kerber]

On 2/3/2016 1:16 PM, prashant sharma wrote:

Regards,
Prashant

07440456543
On 3 Feb 2016 18:07, "David kerber" <dcker...@verizon.net> wrote:


On 2/3/2016 12:50 PM, prashant sharma wrote:


On 3 Feb 2016 17:42, "David kerber" <dcker...@verizon.net> wrote:



On 2/3/2016 12:23 PM, prashant sharma wrote:



On 3 Feb 2016 16:38, "Mark Eggers" <its_toas...@yahoo.com.invalid>

wrote:




-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Quick note - please post at the bottom or inline.

See item 6 of the Tomcat users mailing list here:
http://tomcat.apache.org/lists.html

On 2/3/2016 8:20 AM, prashant sharma wrote:



That's true. But we are not doing any authn/authz in our
application. Its just a simple webapp that exposes 1 endpoint (put
method). Any body should be able to hit that end point.

It works fine if I place my war outside tomcat installation
directory and create a context from Catalina/localhost. But if I
place my war inside webapps then it gives http 403 when I hit my
endpoint.

Regards, Prashant

07440456543 On 3 Feb 2016 16:11, "David kerber"
<dcker...@verizon.net> wrote:


403 is an authentication/authorization error, which means the
logged-in user doesn't have permissions to the requested
resource.


On 2/3/2016 11:05 AM, prashant sharma wrote:


Hi, Can someone pls provide any inputs on below. Thanks

Regards, Prashant

07440456543 On 2 Feb 2016 18:02, "prashant sharma"
<pacificmist.0...@gmail.com> wrote:

Hi,



I am using apache tomcat 7.0.57 and jdk 7 on windows 7. I
have deployed a simple web application inside tomcat webapps
folder by placing the war file directly in webapps. This is a
basic application which exposes an endpoint with put request
method.

When I try to access this endpoint I get 403 access forbidden
error.

However If I place war file outside tomcat  and point it by
creating context.xml in conf/Catalina/localhost I am able to
access my endpoint.

Can someone pls tell what's wrong with the first approach and
why its not working in that

Regards, Prashant

07440456543




With your put method, are you trying to write to a file within the web
application?

. . . just my two cents



This put method updates a record in database.
The same webapp(endpoint) works when I place war outside tomcat.




Check the permissions on the directories where you are placing the .war


file.
.war file is places under tomcat webapps folder.



Yes, I know.  You need to check the permissions that are set on that

directory.



There are no special permissions for that directory. Its on my local
machine (localhost).


Have you actually verified that they are correct?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat https answers by hostname, but not by IP number

[David kerber]

On 1/29/2016 12:09 PM, Hubert Hickman wrote:

I am running Tomcat 7.0.67 on RHEL 6.7

I have a tomcat app that is deployed and listening on port 6443 for https
traffic.

tomcat answers fine by request URLS of the form https://hostname:port/rest of
URL/etc. However, it does not answer on https://IP 


That's because 6443 is not the standard port for HTTPS.  If you just say 
https://, without specifying the port, it will go to 443.  It 
will work if you use https://ip:port.




Number:port/rest
of URL/etc EXCEPT for tests I run from the server itself.

[myuser@adifferenthost ~]$  curl -vk https://IP NUMBER:6443/* About to connect() to IP NUMBER port 6443 (#0)*   Trying IP
NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
(#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
#0* SSL connect error
curl: (35) SSL connect error

By convention, the other applications that connect to this port
connect via IP number, not hostname.  Not sure what I am missing in
the setup or certificates ?

Thanks!

Hubert




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: switching between Java8 and Java 7 under tomcat7 leads to error

[David kerber]

On 1/22/2016 8:06 AM, Christoph P.U. Kukulies wrote:

Windows 7:

Today I installed Java 8 on my windows 7 machine and did an upgrade of
the CMS at the same time (from OpenCMS 9.5.2 to 9.5.3).
After the Java update and the CMS update suddenly my tomcat 6.0.39
didn't start any longer. The service gave an error at start time:

Der Dienst "Apache Tomcat 6.0 Tomcat6" wurde mit folgendem
dienstspezifischem Fehler beendet: Unzulässige Funktion..

My thoughts came to tomcat6 possibly not being compatible with Java8 and
so I decided to install tomcat 7.0 which started fine.

When starting my CMS system again I now found that it did some
unpleasant things for which I wanted to rule out tomcat7 being the culprit
and switch the jvm.dll in the tomcat7 configurator to the jre1.7 jvm.dll.

Then suddenly I got the same error as under tomcat6.0 when I tried to
start tomcat7 again.

Could it be that the Java8 installer screws the existing Java 7 ? Or
does it change some global parameters that tomcat reads at start time.


If you take the default installation location and do not allow it to 
remove the old one, Java 8 will not alter your java 7 installation.


However, which java is found if you do not explicitly specify which one 
to run, may change.  Try dropping to a command prompt, and type


java -version


That will tell you which one is the default.  If your app needs a 
different one, you will have to specify it.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: File size >= 2GB not uploaded in application [Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK 1.7.79]

[David kerber]

On 1/15/2016 1:02 AM, Rahul Singh wrote:

Dear Christopher,

Thanks for your guidelines, we have big hope from Apache Tomcat Team to solve 
this problem as this is show stopper for our application, we have also raise 
this question on various forum like stack overflow and other,but no relevant 
reply till now.

Hope you understand my situation,

please refer the below stackoverflow reference for more detail about this issue.

http://stackoverflow.com/questions/34783438/dofilter-fails-to-get-any-request-for-the-file-upload-2gb?noredirect=1#comment57315528_34783438


for more information:

  -No error are printed in tomcat logs.
- how to configure "call HttpServletRequest.getHeader("Content-Length") as a String 
and parse it yourself."


This is straight forward java programming that you should be able to 
handle yourself.  It could be done in one line, though I personally 
wouldn't do it that way.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: File size >= 2GB not uploaded in application [Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK 1.7.79]

[David kerber]

On 1/12/2016 12:01 AM, Rahul Singh wrote:


Hello Apache Tomcat team,

Sending again with some corrections,

File upload in my  application(Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK 
1.7.79) is not successful for greater than 2 gb. After previous discussion here 
on previous thread, I migrated my application to struts 2.3.24 as the only 
possible solution in form of jakarta-stream parser for large size uploads 
(greater than 2gb).
But after successfully migrating to struts 2.3.24 from 2.1.8, file upload 
greater than 2 gb still not supported. I want to use jakarta-streams for this 
purpose.Following is the code
snippet:


In struts.xml:





In JSP:
===




Alongwith with configuring server.xml with maxPostSize element and mutipart-config 
in web.xml But still the file upload request for greater than 2 gb not 
successful.


Define "Not successful"?  Exceptions thrown?  File truncated?  Upload 
never starts?  Never finishes?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.0.30 Session lost

[David kerber]

On 1/12/2016 10:57 AM, Thomas Scheffler wrote:

Am 12.01.16 um 14:41 schrieb Mark Thomas:

1.) are not required as every request belonging to the same session
are
already authenticated. After login() other request of the same session
will not return 'null' on getRemoteUser() or getUserPrincipal()

2.) are not required, as authenticate() use the information
provided by
the first login() call.

3.) do not modify the session ID as the same user was authenticated
before and the session is therefor safe to session fixation attacks


Those 3 all boil down to essentially the same requirement.


Sorry, I do not see this leed to the same requirement.

1.) The Servlet-Spec notes:

13.6.3:
"The login method of the HttpServletRequest interface provides an
alternative means for an application to control the look and feel of
it’s login screens."

13.6.3.1:
"If the user is authenticated using form login and has created an HTTP
session, the timeout or invalidation of that session leads
to the user being logged out in the sense that subsequent requests must
cause the user to be re-authenticated."

This defines a call to login() should be handled like Form-Login and not
as Basic-Authentication - like Tomcat currently does. It further states
the the user is logged-out on session timeout and not with every new
request.


No it doesn't. You are reading more into the specification than is
actually there. The final sentence of 13.6.3 is there to make the reader
aware that the login() method exists as an alternative to using FORM
authentication. Nothing more.


What I read in the specification is that a *fix* could be implemented
that would a allow the bug to disappear. The third point above, changing
the sessionId only if the user is "new" to the session, would fix the
problem, could be integrated easily and would help me and possibly
others. Does it open a new security risk? No. Tracking the user
information in a session is also explicitly allowed by spec.


Requests are populated with cached authentication information from the
session at the start of the request (if the authenticator is configured
to do so - all but DIGEST are by default).


As stated above, if I use the authenticate() method. The user get a
Basic Authentication window asking for a login. At latest there should
be a usage of the already known credentials used by login().


As per the specification, calling that method is required to trigger the
same authentication process and that is exactly what happens.

The authentication process does check for cached credentials but, as
with the other authentication related calls on the request, it checks
the request not the session and the request is populated from the
session at the start of the request processing.


You are right. Again there is nothing that prevents you to help to fix
that issue, neither spec nor anything. If one uses login() on request
and during the request a session is created or already exist use the
FormAuthenticator or create a LoginAuthenticator class instead of
BasicAuthenticator on other request, when authenticate() is executed.
authenticate() could get the Authenticator from an AtomicReference in
the session (if available).


Given that the requested change will add complexity without actually
solving the problem any enhancement request opened asking for such a
change will be resolved as WONTFIX.


Oh come on.


Taking that sort of attitude is going to do nothing to help your case or
encourage anyone here to spend their time helping you.


You don't see the frustration you brought to me but you could read it. I
am sorry for that. In a world of asynchronous request handling and
protocol upgrading you are forcing users to deliver responses
sequentially. Sorry. This is so disappointing.


Not really.  If you ensure that the authentication is done first, before 
requesting any protected resources, you will then be able to deliver 
things in parallel.  It's just the initial request that is messing you 
up, from what I understand of your description.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Context destroy sequence of events

[David kerber]

On 12/11/2015 4:36 PM, Mark Thomas wrote:

On 11/12/2015 16:41, David kerber wrote:

On 12/11/2015 8:30 AM, David kerber wrote:

Running TC 8.0.22 with JRE 1.8.0.60 on Windows 2008 R2, as a windows
service.

Can someone point me to a reference that will tell me exactly what the
sequence of events is when a servlet that is running as a windows
service, is shut down?

My situation is that my application receives data in a continuous stream
and caches them for a period of time.  Then based on a couple of
different triggers, it will write them to disk.

What I need is a way to allow the windows service to be stopped in such
a way that the servlet will not accept any more data while I flush my
caches to disk.  This ensures that I don't lose any data during the
shutdown (the remote clients that are sending the data will not move on
to the next piece of data until they get the correct response from the
server for the previous one).

If I can ensure that (for example) the servlet will not accept any more
connections when contextDestroyed event is triggered, but I will still
be able to call my cache flushing routines, I think that would do what I
need.

Or if I can use the contextDestroyed event to set a flag in my
servlet.doPost method to tell it to stop processing, that would work
too.  Then I can call my cache flushing after that.

Suggestions?


Is Servlet.destroy() the place for this kind of cleanup?


Definitely not. In theory, a Servlet container can take any Servlet out
of service any time it likes (as long as it is not is use) e.g. to
reduce memory pressure.

In a standard container stop the following happens (in this order, not
exhaustive)
- The connectors are paused so no new requests are processed
- Existing requests continue to process
- The Engine, Host and Contexts are stopped
- The Contexts wait a configurable period of time for any running
requests to finish (10s from memory although that might have changed)
- contextDestroyed() is called

So, the short version is call your flushing code from contextDestroyed()
and you should be fine as long as you requests have finished. If they
haven't, increase the wait time.


Thanks, Mark.  My requests only take a fraction of a second to process, 
so I should be good with the default wait time.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Context destroy sequence of events

[David kerber]

Running TC 8.0.22 with JRE 1.8.0.60 on Windows 2008 R2, as a windows 
service.


Can someone point me to a reference that will tell me exactly what the 
sequence of events is when a servlet that is running as a windows 
service, is shut down?


My situation is that my application receives data in a continuous stream 
and caches them for a period of time.  Then based on a couple of 
different triggers, it will write them to disk.


What I need is a way to allow the windows service to be stopped in such 
a way that the servlet will not accept any more data while I flush my 
caches to disk.  This ensures that I don't lose any data during the 
shutdown (the remote clients that are sending the data will not move on 
to the next piece of data until they get the correct response from the 
server for the previous one).


If I can ensure that (for example) the servlet will not accept any more 
connections when contextDestroyed event is triggered, but I will still 
be able to call my cache flushing routines, I think that would do what I 
need.


Or if I can use the contextDestroyed event to set a flag in my 
servlet.doPost method to tell it to stop processing, that would work 
too.  Then I can call my cache flushing after that.


Suggestions?

Dave

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Context destroy sequence of events

[David kerber]

On 12/11/2015 8:30 AM, David kerber wrote:

Running TC 8.0.22 with JRE 1.8.0.60 on Windows 2008 R2, as a windows
service.

Can someone point me to a reference that will tell me exactly what the
sequence of events is when a servlet that is running as a windows
service, is shut down?

My situation is that my application receives data in a continuous stream
and caches them for a period of time.  Then based on a couple of
different triggers, it will write them to disk.

What I need is a way to allow the windows service to be stopped in such
a way that the servlet will not accept any more data while I flush my
caches to disk.  This ensures that I don't lose any data during the
shutdown (the remote clients that are sending the data will not move on
to the next piece of data until they get the correct response from the
server for the previous one).

If I can ensure that (for example) the servlet will not accept any more
connections when contextDestroyed event is triggered, but I will still
be able to call my cache flushing routines, I think that would do what I
need.

Or if I can use the contextDestroyed event to set a flag in my
servlet.doPost method to tell it to stop processing, that would work
too.  Then I can call my cache flushing after that.

Suggestions?


Is Servlet.destroy() the place for this kind of cleanup?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 JAX-WS javax.xml.ws.WebServiceException: java.io.IOException: Error writing to server

[David kerber]

On 12/3/2015 10:48 AM, Christopher Schultz wrote:
...


We have also tried different combinations of Java and Tomcat:
* Tomcat 7/Java 7 = Works
* Tomcat 7/Java 8 = Works
* Tomcat 8/Java 7 = Doesn't Work
* Tomcat 8/Java 8 = Doesn't Work

This leads us to think that the issue is with Tomcat 8.


Really? Java 7 + Tomcat 8 works, so... Tomcat 8 is the problem?


Take another look, Chris - you misread his table.  Both entries with 
Tomcat 8 fail, and both with Tomcat 7 succeed.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] RE: 80ms delay switching between worker threads

[David kerber]

On 10/31/2015 10:51 AM, David Balažic wrote:

Just a note: When most of you say "resolution" what you think about is actually called 
"accuracy".
(also see "precision" , here is a good roundup: 
http://www.tutelman.com/golf/measure/precision.php )


I'm not sure about the others, but as an Electrical Engineer, I know the 
difference between resolution, precision, and accuracy.  In the post I 
made earlier, I said and meant "resolution".






David Balažic
Software Engineer
www.comtrade.com


-Original Message-
From: Konstantin Preißer [mailto:kpreis...@apache.org]
Sent: 31. October 2015 10:27
To: Tomcat Users List
Subject: [OT] RE: 80ms delay switching between worker threads
Importance: Low

Hi Christopher,


-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Saturday, October 31, 2015 3:43 AM

What OS are you using? IIRC, the Windows timer has horrible resolution.
you can call System.currentTimeNanos all you want, but you won't get
anything meaningful lower than some threshold regardless of the actual
least significant digits coming back from those calls.


While that may have been true in ancient versions like XP and Vista, at least
starting with Win7 QueryPerformanceCounter() uses the processor's TSC [1]
(where Vista used the HPET if available) so you should have a very high
resolution here. E.g. running the following Java program:

 int[] iterations = { 100, 120, 150, 250 };

 for (int i = 0; i < iterations.length; i++) {
 for (int j = 0; j < 3; j++) {
 long currentTime = System.nanoTime();
 double startValue = 1000;
 for (int z = 0; z < iterations[i]; z++) {
 startValue = Math.pow(startValue, 0.99);
 }
 long difference = System.nanoTime() - currentTime;
 System.out.println(iterations[i] + " pow iterations ms took " +
(difference / 1000L) + " µs");
 }
 }

prints on my system something like:

100 pow iterations ms took 25 µs
100 pow iterations ms took 7 µs
100 pow iterations ms took 7 µs
120 pow iterations ms took 8 µs
120 pow iterations ms took 9 µs
120 pow iterations ms took 8 µs
150 pow iterations ms took 11 µs
150 pow iterations ms took 10 µs
150 pow iterations ms took 13 µs
250 pow iterations ms took 18 µs
250 pow iterations ms took 17 µs
250 pow iterations ms took 17 µs


So there should at least be a microsecond resolution. On a C# program using
Stopwatch I get similar results in the range from 5 to 12 µs.

Note, QueryPerformanceFrequency() [2] can be used to get the frequency
of the timer which is exposed in .Net through static
System.Diagnostics.Stopwatch.Frequency field as ticks per second. On my
system it prints "3323580" so the resolution should be around ~0.3
microseconds.


Regards,
Konstantin Preißer

[1] https://msdn.microsoft.com/en-
us/library/windows/desktop/dn553408%28v=vs.85%29.aspx
[2] https://msdn.microsoft.com/de-
de/library/windows/desktop/ms644905%28v=vs.85%29.aspx


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] RE: 80ms delay switching between worker threads

[David kerber]

On 11/2/2015 3:09 PM, Farzad Panahi wrote:

Quoting from David Holme's blog:


The nanoTime method uses the highest resolution clock available on the 
platform, and while its return value is in nanoseconds, the update resolution 
is typically only microseconds.

https://blogs.oracle.com/dholmes/entry/inside_the_hotspot_vm_clocks

I think we can rely on nanoTime as a clock with microsecond
resolution. Having said that can't we say printing out nanoTime in
websocket message handler will give us a fair number (with microsecond
accuracy) to measure how quickly the message handler is being called?

All I am saying is that I see an obvious hiccup in order of
milliseconds when threads are switching which I have no explanation
for.

Please advise if you think the way I am measuring is wrong.


I'm with Chris on this one:  I think it's due to running on a VM rather 
than on real hardware.





Cheers

Farzad

On Mon, Nov 2, 2015 at 4:56 AM, David kerber <dcker...@verizon.net> wrote:

On 10/31/2015 10:51 AM, David Balažic wrote:


Just a note: When most of you say "resolution" what you think about is
actually called "accuracy".
(also see "precision" , here is a good roundup:
http://www.tutelman.com/golf/measure/precision.php )



I'm not sure about the others, but as an Electrical Engineer, I know the
difference between resolution, precision, and accuracy.  In the post I made
earlier, I said and meant "resolution".






David Balažic
Software Engineer
www.comtrade.com


-Original Message-
From: Konstantin Preißer [mailto:kpreis...@apache.org]
Sent: 31. October 2015 10:27
To: Tomcat Users List
Subject: [OT] RE: 80ms delay switching between worker threads
Importance: Low

Hi Christopher,


-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Saturday, October 31, 2015 3:43 AM

What OS are you using? IIRC, the Windows timer has horrible resolution.
you can call System.currentTimeNanos all you want, but you won't get
anything meaningful lower than some threshold regardless of the actual
least significant digits coming back from those calls.



While that may have been true in ancient versions like XP and Vista, at
least
starting with Win7 QueryPerformanceCounter() uses the processor's TSC [1]
(where Vista used the HPET if available) so you should have a very high
resolution here. E.g. running the following Java program:

  int[] iterations = { 100, 120, 150, 250 };

  for (int i = 0; i < iterations.length; i++) {
  for (int j = 0; j < 3; j++) {
  long currentTime = System.nanoTime();
  double startValue = 1000;
  for (int z = 0; z < iterations[i]; z++) {
  startValue = Math.pow(startValue, 0.99);
  }
  long difference = System.nanoTime() - currentTime;
  System.out.println(iterations[i] + " pow iterations ms took
" +
(difference / 1000L) + " µs");
  }
  }

prints on my system something like:

100 pow iterations ms took 25 µs
100 pow iterations ms took 7 µs
100 pow iterations ms took 7 µs
120 pow iterations ms took 8 µs
120 pow iterations ms took 9 µs
120 pow iterations ms took 8 µs
150 pow iterations ms took 11 µs
150 pow iterations ms took 10 µs
150 pow iterations ms took 13 µs
250 pow iterations ms took 18 µs
250 pow iterations ms took 17 µs
250 pow iterations ms took 17 µs


So there should at least be a microsecond resolution. On a C# program
using
Stopwatch I get similar results in the range from 5 to 12 µs.

Note, QueryPerformanceFrequency() [2] can be used to get the frequency
of the timer which is exposed in .Net through static
System.Diagnostics.Stopwatch.Frequency field as ticks per second. On my
system it prints "3323580" so the resolution should be around ~0.3
microseconds.


Regards,
Konstantin Preißer

[1] https://msdn.microsoft.com/en-
us/library/windows/desktop/dn553408%28v=vs.85%29.aspx
[2] https://msdn.microsoft.com/de-
de/library/windows/desktop/ms644905%28v=vs.85%29.aspx



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: 80ms delay switching between worker threads

[David kerber]

On 10/30/2015 3:23 PM, Farzad Panahi wrote:

Mark - Could you elaborate a bit more on what you mean by  "resolution
of the timestamps for the log messages"? If you are referring to the
log4j latency (https://logging.apache.org/log4j/2.x/manual/async.html#Latency),
it is in microseconds.

If it has anything to do with the logger why is it happening on thread
switch only and is so consistent? In your opinion what is a good way
to monitor or measure the performance of tomcat websocket message
processing?


It has to do with the resolution of the timer function being called by 
the logger to generate the time stamp, which in turn depends on the OS. 
 I see conflicting values when I search around, but 10ms and 50ms are 
common values I've seen, and also 1/16 of a second, which is ~66ms. 
Different gettime methods have different resolutions too.






Cheers

Farzad

On Fri, Oct 30, 2015 at 3:16 AM, Mark Thomas  wrote:

On 30/10/2015 00:03, Farzad Panahi wrote:

Hi,

I am using tomcat 8.0.23 to terminate my websocket connections. I was
looking at my trace logs and noticed that when tomcat worker thread
responsible for processing websocket messages switches to a different
thread, there is about 80ms delay.


No there isn't. There is about an 80ms resolution of the timestamps for
the log messages.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Java 7 and 8 features

[David kerber]

On 10/27/2015 12:01 PM, Vinicius Corrêa de Almeida wrote:

I analized some releases and i noticed that not using java 7 features like
multi catch and in java 8 do not use lambda expressions and others
features, so i came by this email to know why the developers not using this
features?



Which version of Tomcat were you looking at?  Each version targets a 
certain java version as its minimum, so cannot use feathers which are 
not in that JRE version.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tracking down memory leak

[David kerber]

On 10/21/2015 1:08 PM, Christopher Schultz wrote:

Rallavagu,

On 10/20/15 9:46 AM, Rallavagu wrote:

Please take a look at Memory Analyzer tool
(http://www.eclipse.org/mat/). Run the app and take the heap dump while
app is running and use the tool to analyze it. You could use VisualVM
with plugins to get instrumentation or you could use hprof
(http://docs.oracle.com/javase/7/docs/technotes/samples/hprof.html)


+1

If you have a huge number of a certain type of object, that can help you
understand what is going on. I use YourKit (I get a free license as an
ASF committer) and it can do things like find memory-consuming object
trees, like maybe a cache that is taking up 3GiB when you thought it
would maybe stop at 100MiB.


Thanks for the suggestion, guys!  I used visualvm and was able to get it 
straightened out.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tracking down memory leak

[David kerber]

I'm trying to track down the source of a memory leak in one of my 
applications.  I have examined the code but have been unable to fix it, 
so am looking for some way of instrumenting my app while running on the 
server.  What is the easiest/best (I realize those two criteria may not 
give the same answer!) way?


Running TC 8.0.20-something, JRE 8.0.something recent, on windows Server 
2012 R2.


Thanks for any suggestions!
Dave

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 reliability/performance on Windows 2008 R2 Server vs. RHEL/CentOS

[David kerber]

On 10/2/2015 3:47 AM, Mark Thomas wrote:

On 02/10/2015 00:39, Jason Britton wrote:




And if Mark says there shouldn't
be problems, I think that is some implicit guarantee of free support from
him ;)


:)

Bugs with reproducible tests cases are always welcome.


I have a lot of convenience shell scripts here and there but nothing I
couldn't replicate in powershell I imagine.  I would miss grep and find and
all the other super useful Linux command line operations.  I'm not sure
I've ever been able to successfully search for text in files on a windows
machine server or otherwise (except when using notepad++).


I've had similar problems using the OS provided tools on Windows. I've
long since switched to this:

http://www.wingrep.com/

and never looked back.


AstroGrep!  http://astrogrep.sourceforge.net/



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Parallel deployment version selection

[David kerber]

On 10/2/2015 4:33 AM, l.pe...@senat.fr wrote:

Hi.

I am using parallel deployment to upgrade my webapps with no downtime.

I just have a small issue / question on how the latest version is selected.

As far as I understand, the container select the latest version by
lexicographically ordering the version string.

So if

webapp##1.0.51

and

webapp##1.0.52

are deployed version 1.0.52 will be selected.

I just have a periodic issue with versions ranging from 1.0.1,
1.0.2,...1.0.9 and then jumping to 1.0.10 (same thing for hundreds of
course) : 1.0.9 is prefered to 1.0.10 because 9 is after 1.

Is there a way to configure tomcat so that it analyses the version part
as a triplet of numbers ? And so understand that 10 is more recent than 9 ?


Why not format your versions differently, to see 1.0.09?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 reliability/performance on Windows 2008 R2 Server vs. RHEL/CentOS

[David kerber]

On 10/1/2015 9:57 AM, George Sexton wrote:

...


but I am looking for more concrete information about why this could be
problematic vs. running Tomcat on RHEL/CentOS.  My gut says far more
Tomcat
deployments in production are done on top of Linux based OS's vs.
Windows.
Any thoughts on making an argument for one OS vs another in deploying
Tomcat 8?  Thanks for your thoughts,


To the OP:  I'm sure you're correct that there are more production 
deployments on Linux than Windows, but I'm also sure that's mainly due 
to cost rather than performance and reliability.  IME, *properly 
configured* windows servers are just as reliable as Linux, and hardware 
reliability is the limiting factor on both of them.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7, no_cypher_overlap error, no solutions working, please help.

[David kerber]

On 9/30/2015 11:13 AM, Kernel freak wrote:

Hi guys,

I am trying to setup https on tomcat, but not having much luck since 5
hours. I am always getting no_cypher_overlap errror.


This error means that your server and the client browser don't have any 
cypers in common (there are none that they can both work with).




The certificate is not self-signed, but issued. The crt file I am importing
for both root and tomcat alias.

These are the files I have domainname.ca-bundle, .crt, .csr, .key, .p12,
domainname.jks,

THis is the command I gave :

keytool -import -trustcacerts -alias root -file domainname.crt -keyalg RSA
-keystore domainaname.jks

Connector looks like this :

  

Still it is not working, there are so many users out there, who have the

same problem, and still there is no good solution for this.

I have also posted it on Stackoverflow(Link below), no help there too. If

anyone knows what I can do, kindly let me know. THis is messed up to

configure https for 5 hours with issued certificate. Thanks.

http://stackoverflow.com/questions/32866528/apache-tomcat-importing-already-existing-certificates-into-keystore

Regards,
Kernel




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Intermittent failure while deploying war file on Tomcat 8.0.24

[David kerber]

On 9/11/2015 2:51 PM, prashant gothi wrote:

Hi Mark,

what is slow uploads? I google it couldn't find anything relevant.


It means the process of copying the .war file to the appBase location is 
slow enough that TC tries to load it before the copy is done.





Regards,
Prashant

On Fri, Sep 11, 2015 at 1:11 AM, Mark Thomas  wrote:


On 11/09/2015 08:38, Martijn Bos wrote:

What happens if you do not use a symbolic link?
Are you deploying with the manager web-app?


Good questions.

Slow uploads directly to the appBase can cause this sort of issue.

Mark




Best regards,
Martijn



On 11-09-15 03:31, prashant gothi wrote:

Tomcat version: 8.0.24
OS RHEL 6.6


Just one war file (ascws.war) is deployed under it. We are seeing
intermittent failure while deploying war file, tomcat logs indicates

(zip

file is empty) exception is mentioned below.

We have verified file is correct (non zero), and only way to recover

from

error is manually delete ascws folder (from webapp folder) and restart
tomcat.

FYI.. ascws.war is a symbolic link to other location.

ascws is a spring boot based application.

We are not able to figure out what is wrong, any help is much

appreciated.


==
10-Sep-2015 09:47:32.488 INFO [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployWAR Deploying web

application

archive /opt/apache-tomcat/webapps/ascws.war
10-Sep-2015 09:47:32.628 SEVERE [localhost-startStop-1]
org.apache.catalina.core.ContainerBase.addChildInternal
ContainerBase.addChild: start:
  org.apache.catalina.LifecycleException: Failed to start component


[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/ascws]]

at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at


org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)

at

org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)

at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:945)
at


org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1768)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.catalina.LifecycleException: Failed to start
component [org.apache.catalina.webresources.StandardRoot@1690212]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at


org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4845)

at


org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4975)

at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 10 more
Caused by: org.apache.catalina.LifecycleException: Failed to initialize
component [org.apache.catalina.webresources.JarResourceSet@5dd3221b]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139)
at


org.apache.catalina.webresources.StandardRoot.startInternal(StandardRoot.java:699)

at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 13 more
Caused by: java.lang.IllegalArgumentException:

java.util.zip.ZipException:

zip file is empty
at


org.apache.catalina.webresources.JarResourceSet.initInternal(JarResourceSet.java:96)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 16 more
Caused by: java.util.zip.ZipException: zip file is empty
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.(Unknown Source)
at java.util.zip.ZipFile.(Unknown Source)
at java.util.jar.JarFile.(Unknown Source)
at java.util.jar.JarFile.(Unknown Source)
at


org.apache.catalina.webresources.JarResourceSet.initInternal(JarResourceSet.java:88)

... 17 more

10-Sep-2015 09:47:32.630 SEVERE [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployWAR Error deploying web
application archive /opt/apache-tomcat/webapps/ascws.war
  java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component


[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/ascws]]

at


org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:729)

at

org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)

at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:945)
at


org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1768)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

Re: tomcat deploys only half of the application and starts the server

[David kerber]

On 7/16/2015 9:26 AM, chedana jayasinghe wrote:

tomcat deploys only half of the application and starts. what could be the
reason ? I tried deleting the server and setting up a new tomcat server but
the problem is still the same



Define half the application?  What version of Tomcat?  What operating 
system?  How are you deploying the application?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Java Servlet error with tomcat running on Windows Server 2008 R2

[David kerber]

On 7/16/2015 2:01 PM, Chen Yang wrote:

Hi all,

I'm maintaining a Java servlet which uses for render PDF files. Recently I've 
been tasked to deploy it to run on windows environment.

It works perfectly in our old Linux environment; but I'm having issues in 
windows with the same setup, I can however get a pdf report when there is no 
image included, but no luck when there are images included.

I just want to mention I have checked firewall, file permissions and networking 
on the windows sandbox machine.

I've been asking around for helps, but without any luck so far. If anyone in 
the mailing list can shed some light on it, It would be much appreciated!


I didn't read all your code, but in moving from *nix to Windows, the 
first thing I think of is networking.  Are your image files on the local 
machine, or elsewhere on the network?  By default, the localsystem user 
that services run under won't have access to networked files.  The other 
thing to check is if any of your paths have spaces in them, and if so, 
that they're escaped properly.





Cheers,

Chen


Environment setup:
* JRE 1.8.0_45
* Tomcat 8.0.23
* Windows Server 2008 R2

Error Message from Tomcat:

HTTP Status 500 - javax.xml.transform.TransformerException: org.xml.sax.SAXException: 
The resource path 
[http://testing.mycompany.com/app/client_data/logo.png]http://testing.mycompany.com/app/client_data/logo.png%5d
 is not valid

type Exception report

message javax.xml.transform.TransformerException: org.xml.sax.SAXException: The 
resource path 
[http://testing.mycompany.com/app/client_data/logo.png]http://testing.mycompany.com/app/client_data/logo.png%5d
 is not valid

description The server encountered an internal error that prevented it from 
fulfilling this request.

Servlet Code

package org.apache.fop.servlet;

import java.net.*;
import java.io.*;

import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.URI;
import java.net.URL;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.URIResolver;
import javax.xml.transform.sax.SAXResult;
import javax.xml.transform.stream.StreamSource;

import org.apache.commons.io.output.ByteArrayOutputStream;

import org.apache.xmlgraphics.io.Resource;
import org.apache.xmlgraphics.io.ResourceResolver;

import org.apache.fop.apps.FOPException;
import org.apache.fop.apps.FOUserAgent;
import org.apache.fop.apps.Fop;
import org.apache.fop.apps.FopFactory;
import org.apache.fop.apps.FopFactoryBuilder;
import org.apache.fop.apps.FopConfParser;
import org.apache.fop.apps.MimeConstants;

import java.util.Calendar;
import java.text.SimpleDateFormat;

import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.DefaultConfigurationBuilder;

import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.configuration.DefaultConfiguration;

import org.xml.sax.SAXException;

public class FopServlet extends HttpServlet {

 /** Name of the parameter used for the XSL-FO file */
 protected static final String FO_REQUEST_PARAM = fo;
 /** Name of the parameter used for the XML file */
 protected static final String XML_REQUEST_PARAM = xml;
 /** Name of the parameter used for the XSLT file */
 protected static final String XSLT_REQUEST_PARAM = xslt;
 /** Name of the parameter used for the ROOT URL */
 protected static final String ROOT_REQUEST_PARAM = root_url;

 /** The TransformerFactory used to create Transformer instances */
 protected TransformerFactory transFactory = null;
 /** The FopFactory used to create Fop instances */
 protected FopFactory fopFactory = null;
 /** URIResolver for use by this servlet */
 protected URIResolver uriResolver;

 public void init() throws ServletException {
 this.uriResolver = new ServletContextURIResolver(getServletContext());
 this.transFactory = TransformerFactory.newInstance();
 this.transFactory.setURIResolver(this.uriResolver);
 //Configure FopFactory as desired
 ResourceResolver resolver = new ResourceResolver() {
 public OutputStream getOutputStream(URI uri) throws IOException {
 URL url = getServletContext().getResource(uri.toASCIIString());
 return url.openConnection().getOutputStream();
 }

 public Resource getResource(URI uri) throws IOException {
 return new 

Re: Unable to start service on Windows (Tomcat version 8.00.023)

[David kerber]

This sounds familiar.  Did you just copy your configuration files 
(especially server.xml) from the 7.x installation to the 8.x 
installation?  Been there, done that, got the gray hairs to prove it! 
You need to start with TC's default server.xml and make the mods 
necessary for your configuration.  One 7.x is not valid for 8.x




On 7/14/2015 2:59 AM, Nikitha Benny wrote:

Hi All,

I have installed java JRE version 1.07.079 and Tomcat version 8.00.023.

And it installs and runs fine on all unix platforms (Linux_x64, Linux_x86,
Solaris and HP-UX).

Now when it comes to Windows (both x86 and x64), Tomcat installs fine but
does not run.

Also logs are not being thrown.

But when I do an upgrade from Tomcat 7.00.062 to 8.00.023 it throws the
following error in the logs:

Jul 14, 2015 12:08:33 PM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler [http-apr-0.0.0.0-8081]
Jul 14, 2015 12:08:33 PM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler [http-apr-0:0:0:0:0:0:0:0-8081]
Jul 14, 2015 12:08:33 PM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler [http-bio-0.0.0.0-8444]
Jul 14, 2015 12:08:33 PM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler [http-bio-0:0:0:0:0:0:0:0-8444]
Jul 14, 2015 12:08:33 PM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler [ajp-apr-8010]
Jul 14, 2015 12:08:33 PM org.apache.catalina.core.StandardService
stopInternal
INFO: Stopping service Catalina
Jul 14, 2015 12:08:33 PM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler [http-bio-0.0.0.0-8444]
Jul 14, 2015 12:08:33 PM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler [ajp-apr-8010]

Is it something to with the Jasper Listener not being present in the
server.xml ?

*Listener className=org.apache.catalina.core.JasperListener /* has been
present in Tomcat 7.00.062 but not in 8.00.023.

Please help me out in here.

Thanks in advance.

Regards,
Nikitha




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: What is the utility use to generate source html file for jsp pages in example webapp

[David kerber]

On 7/13/2015 6:03 AM, Thusitha Thilina Dayaratne wrote:

Hi All,

I'm having some jsp pages that I would like to show there source as an html
page like in the example webapp that is provided with tomcat. I have tried
few online java2html converters but couldn't obtain source as in tomcat
example.

e.g cal1.jsp -- source is cal1.jsp.html

Could someone tell me what they have used?


What happens when you just change the extension of the 
automatically-created .java file in your server?


I.E. access the page normally through your browser to your TC server, 
then look for cal1_jsp.java in the /work directory and change its 
extension to .html?




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Access tomcat instance from Java application

[David kerber]

On 6/20/2015 1:57 PM, Daniel Mierswa wrote:

Good afternoon list,

I would like to know how to access a running tomcat installation from
within another
Java application which is not running in the tomcat container.
More specifically I would like to end up using the datasource
which is configured via GlobalNamingResources in the server.xml.
This would allow me to use an existing configuration and so I wouldn't
need to specify
the jdbc parameters and dialect etc. somewhere else to get a connection
pool.


You seem to be mixing two different kinds of connections here.  First 
you say you want to connect to another Tomcat installation.  I do that 
with HTTP connections in Java.


Then you talk about what appear to be database connections.

Or are you trying to use the database connection information in your 
tomcat installation, in a standalone java program?  I think to do that, 
you will need to read in the .xml files and parse out the information 
you want from there.





Thanks for reading.
Daniel

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HOW TO APPLY TOMCAT UPGRADE

[David kerber]

On 6/10/2015 1:51 PM, Salami Kehinde Rasheed wrote:

I need step-by-step to upgrade to apache v7.0.40, what to download and how
to apply this on production environment.

Kindly state all necessary caution to take on WINDOW SERVER 2008 R2 and
WINDOW SERVER 2012 R2 environment.

*SALAMI KEHINDE R*



1.  Why would you upgrade to that particular version rather than the 
latest 7.0 version?


2.  There are documents on the tomcat website that give you all the 
information available on upgrading.  Have you looked there.  Note that 
the details will depend on what your current system configuration is, 
and the current tomcat version.


3.  Given the form of your question, I suspect that you have very little 
experience with Tomcat, and may benefit from purchasing commercial 
support for this exercise.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HOW TO APPLY TOMCAT UPGRADE

[David kerber]

On 6/10/2015 2:28 PM, Salami Kehinde Rasheed wrote:

Upgrade from Apache 7.0.26 to Apache7.0.40, I need to close some
vulnerability on my. server, Window Server 2008 and 2012R2


7.0.40 has known vulnerabilities as well.  Why aren't you upgrading to 
the latest in the 7.0 series?





Thank you.

On Wed, Jun 10, 2015 at 7:01 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:


From: Salami Kehinde Rasheed [mailto:kennysal...@gmail.com]
Subject: HOW TO APPLY TOMCAT UPGRADE



I need step-by-step to upgrade to apache v7.0.40, what to download and

how

to apply this on production environment.



Kindly state all necessary caution to take on WINDOW SERVER 2008 R2 and
WINDOW SERVER 2012 R2 environment.


If you need that degree of hand-holding, best if you hire someone.  This
mailing list is staffed purely by volunteers, with the intent to help
people who are willing to do their homework.

Since you didn't bother to tell us what you're upgrading from, it's rather
difficult to offer any useful advice, other than read the Tomcat
documentation:
http://www.catb.org/~esr/faqs/smart-questions.html
http://tomcat.apache.org/migration.html

  - Chuck

PS.  Shouting is not appreciated.


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail and
its attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to upgrade Tomcat

[David kerber]

On 6/8/2015 8:58 AM, Akbar Thanakalacheruvu wrote:

Hi

How to upgrade Tomcat from 7.0.37 to 7.0.62 ? Are there any instructions or 
document for the same?


If you are using a standard installation from the ASF, then just install 
the newer version over the old one and test your app.





Thanks for the help in advance.

-Akbar

This message and any attachments thereto contain information that may be privileged, 
confidential or otherwise protected from disclosure and is the property of SumTotal 
Systems, LLC  It is intended only for the person to whom it is addressed.  If you are 
not the intended recipient, you are not authorized to read, print, retain, copy, 
disseminate, distribute, or use this message, any attachments thereto or any part 
thereof.  If you receive this message in error, please notify me at 
akb...@sumtotalsystems.commailto:akb...@sumtotalsystems.com and delete all 
copies of this message and attachments.   SumTotal Systems, LLC has implemented 
anti-virus software on its computers and servers, however, it is the recipient's own 
responsibility to ensure that all attachments are scanned for viruses prior to usage.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: jar files - where - please explain

[David kerber]

On 6/2/2015 9:11 AM, Ray Holme wrote:

Currently using apache-tomcat-7.0.35. Not sure that matters as no behavior has 
changed in prior releases.


It does matter, because the directory layouts have changed in the 
various major versions.







  On Tuesday, June 2, 2015 8:56 AM, Mark Thomas ma...@apache.org wrote:


  On 02/06/2015 12:42, Ray Holme wrote:

I have been using tomcat for a while and have several applications. Some jar 
files are specific to an application and make sense to be in 
.../webapps/APPLICATION/WEB-INF/lib and some are used in multiple applications 
so they need to appear in each applications lib. One shared jar file is my own 
common code, but then there are many things that are pulled from the net (e.g. 
mail.jar). In addition I put one jar file in the top tomcate ../lib directory 
as it is used by everything for DB access (jaybird...jar in my case.
Since I use Linux, ALL of these extra jar files are maintained somewhere else 
(same linux file system required) and I hard link them to the above named 
places so I don't need multiple copies and one update serves all (with a web 
restart, natch).
So, here are my questions: 1) Is there any reason why the SQL library (jaybird 
above) needs to be in the .../lib (top tomcat directory) or could it be in the 
WEB-INF/lib directory too? If the latter is OK, then it becomes part of the WAR 
file when I distribute and thus saves an extra step when this jar updates. 
Also, by putting it (logically) there in the application lib(s), it evokes more 
security if I understand the purpose of doing this (see next question).
2) Could I also put my own common jar file in the top tomcat .../lib directory? 
I am confident that it does NOT have insecure code so logic says it could be 
there, but having it in the WAR file might be a better option anyway as I do 
add things to it. In other words, if I were confident in the source for say 
mail.jar and knew it was secure, it too could be in the top directory (with the 
caveat that it no longer is in the WAR file).
Question 1 would be useful as it makes distributions more easy and totally 
effective if all can be in the WAR file. Question 2 is just for me to 
understand better how tomcat works - I don't think I want to move the 
application jars to the tomcat lib.
Many thanks for improving my understanding.



Tomcat version?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Problem specifying cipher suites in tomcat6

[David kerber]

On 5/29/2015 3:32 AM, Ramon Pfeiffer wrote:

Am 28.05.2015 um 18:56 schrieb Caldarale, Charles R:

From: Ramon Pfeiffer [mailto:ramon.pfeif...@uni-tuebingen.de]
Subject: Problem specifying cipher suites in tomcat6



I'm currently trying to specify a list of cipher suites to be used by my
connector in Tomcat 6.0.24.



Anybody can shed some light on what I did wrong?


Using a version of Tomcat that's more than five years old is the first
thing - there have been many, many security fixes since then,
including some related to the ciphers attribute.  You also need to
tell us the JVM version, the platform you're running on, and whether
or not APR is in use for this Connector (it's in the logs).


Sadly, it's a system I inherited last year and now have the pleasure to
work with. I can't update Tomcat for I don't know what will break.


There's a fair chance that you can update to the latest version of TC 6 
without anything breaking, but of course that's not guaranteed.





Anyway, I'm working on a RHEL6 system. A java -version yields
# java -version
java version 1.7.0_79
OpenJDK Runtime Environment (rhel-2.5.5.3.el6_6-x86_64 u79-b14)
OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode)


The fact that you're on a recent Java version will help a lot.




APR is not installed.

Thanks,
Ramon




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: native API - to make Apache/Tomcat faster

[David kerber]

On 5/26/2015 9:36 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-


...




The rebooting the server is a cure.


That seems to be a popular cure with Microsoft Windows servers ;)



But unfortunately, it's only treating the symptoms, not curing the 
disease...   :-(





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: native API - to make Apache/Tomcat faster

[David kerber]

On 5/26/2015 11:26 AM, Christoph P.U. Kukulies wrote:

Am 26.05.2015 um 17:18 schrieb André Warnier:

Christoph P.U. Kukulies wrote:

Am 26.05.2015 um 15:36 schrieb Christopher Schultz:


So you are using either mod_proxy_ajp or mod_proxy?


mod_proxy




I have not yet found the time to debug the connection and to locate
the actual
missing pieces. It just seems that some js or css is not being loaded
since the source
code of the page itself is there.


Now that may be something else entirely.
Did you check your js/css links (in the Tomcat pages) and your proxy
directives in Apache httpd carefully, to see if these (separate)
requests for the js/css pieces are being sent to where these files
really are ?



It's not that the site doesn't work. Normally it works fine (after a
reboot) but after a couple  days of running
this effect occurs (that parts of the page do not appear any longer).


That sounds like you have a resource leak of some kind, which is tying 
up server resources (memory, probably).










Portions of the page do not show and trying to restart the service
results in a time out.

A time out where? The service-restart times out, or after a service
restart, requests time out?


When I type NET STOP tomcat7 on the server to stop the service, it
hangs. Normally
the service should be shut down smoothly.



And that may be a totally separate, unrelated to the first above, issue.


Yes, maybe, or probably.
--
Christoph



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: After applying self-signed certificate, server is up but cannot connect with browser

[David kerber]

On 5/22/2015 8:18 AM, Ori Raz wrote:

Hello experts,

We got an application based on tomcat 7.0.23 and all working fine.

We are trying to apply our self-signed certificate and encountering some
problems.

I hope that the procedure I did is correct :)

This is the procedure we followed:

  1. copy the certificate file under this location:
/opt/primecentral/install/utils/sslgen/vlg-cipr-pcpil1.megafon.ru.cer

2. remove existing entries:
keytool -delete -alias tomcat -keystore
/opt/primecentral/install/utils/sslgen/prime.keystore
keytool -delete -alias tomcat -keystore
/opt/primecentral/XMP_Platform/jre/lib/security/cacerts

3. insert new entries:
 keytool -importcert -file
/opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
-keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias
tomcat
keytool -import -alias tomcat -keystore
/opt/primecentral/XMP_Platform/jre/lib/security/cacerts -trustcacerts -file
/opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer

  once done - restarted the tomcat.



After the restart of tomcat, I get the message that server started and
catalina is empty (normal as there is no error...) hence all looks good.

I can also see that tomcat process is up and port is listening:
tcp0  0 0.0.0.0:84430.0.0.0:*
LISTEN  18724/java

  But, when trying to open browser to the server, then I get This page
cannot be displayed.


What is the full url you're entering in your browser?





I cannot locate any errors/exception in the server side.

Can anyone please assist? we are in a dead end :)

  Thanks a lot,

Barc




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: how to block the duplicated requests?

[David kerber]

On 5/19/2015 1:03 AM, javalishixml wrote:

Thanks a lot for your information.


This solution is based on tomcat level.  If I always handle this issue at java 
level, I'm afraid it has performance issue. Because this web site afford a very 
big concurrency access.


Taking a consideration on its basic architect tomcat+apache, I think the best 
way to move this solution from tomcat to apache. So do you have some good 
solution at apache's configuration?  I understand this is a mail list for 
tomcat.. but just want to get any information


I doubt you're going to be able to do this in httpd, unless you have a 
very simple, straight forward way of identifying the robots.







Thanks,


At 2015-05-19 04:00:28, Christopher Schultz ch...@christopherschultz.net 
wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

To whom it may concern,

On 5/18/15 11:44 AM, javalishixml wrote:

I have a website. It is built by apache + tomcat.

Now we make a lottery activity at this website. But we find that
some robots always raise the duplicated requests to hit this
lottery activity. It causes that robots almost get all the awards.

So we just want to block these kind of duplicated requests at every
interval unit. For example, we set the interval unit is 3 seconds.
The if the robot want to hit the lottery activity in 3 seconds, the
website could block this action.

So how to do it? I suppose if we do it at tomcat level, is it a
very low performance? Can I do it at apache level? how to do it? If
I could not do it apache level, can I do it by setting sth at
tomcat?


If you have a way to identify a duplicate request (e.g. using a
fingerprint of the request that you can check during that 3-second
interval), then this is conceptually very easy.

It may not be great for performance, but you'll have to weigh that
against your own requirements. (For example, which is worse: poor
performance, or a site where only robots ever win the lottery?)

This will not be something you can configure in Apache httpd or
Tomcat. This will have to be an application thing (unless you can
describe the fingerprint technique to some httpd module such as
mod_security or mod_qos and then allow it to discard duplicates).

Back to the solution:

1. Take a fingerprint of the request
2. Lookup the fingerprint in a database of previous requests
   ( fingerprint - latest timestamp )
3. If the fingerprint appears in your database and the timestamp is
less than 3 seconds ago, discard the request
4. Otherwise, store the current timestamp and fingerprint in the databas
e

For a database, I might recommend something like memcached or another
in-memory-style database. An in-memory key-value store is really what
you are looking for. Memcached has a nice feature where values can
automatically time-out (e.g. they are invalid after 3 seconds), so you
can make your application code a bit simpler because you'll never have
a value in the database that is not valid.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVWkTcAAoJEBzwKT+lPKRYnW0QAIeRbfJtsTKtUZHUig9sIRre
y1mgJkPxBXjcRTfoZkZkTPhasYzINE1mb1mTPKfPbQveH+OmpawDREWJxg/6dFeg
af734ZRpBOAs4MtlCyTXgBUWpWka5CcpeIRYeEwx5GKPFLJfTBbGpswV3HwLaoEC
/NqMByVfwHnixBxSTGAM2GIOyrPf+Ii1Z0JpQyDEYcZUS3Dc3IFFeHPTvzQUb1SO
NB84fwjDT6GG/YerrlRV3GHL3WYhAw1n+tQ9cCpSWDvz8/KLUyKXqVjX5s/FbuB+
S+krz2jzKqxG8bdeixW4s0i/9gyA/KcSSDgwmBnRwHsIUDvfF3pzk1Vq7rfGNpmQ
L9V4brxL41H+ZMIDt2NjkVJb/UjgMnL5RpfQ1t+MdNvys/7UYav+vOv8jWqI3Mse
AXNv46mQZAiMFzs/nsR7OIVLLxU70l+wbys4mK6u34uDip5gzxvVSaYKviqgKspx
LT6MUHOpgmBhsiCUxjJ5odA4Q6mYhMfQxOB+6Ej8jRfKMT2uDTlwvU8gZ+/7TcUX
JXngjQLQyjj+gAO+7jS7sWpaakV1ojy8/nFBVWH/3tWoo0YD89DJCRWxA8x8slfx
oI9BGA0T7EwuX1CnqM90OLw7dymMQvwsTlkPAZnIvnWw3Xz29hIRazxQ7NR3AdCk
vNXsseUzO18IJ4n+By1G
=Q/ki
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: how to block the duplicated requests?

[David kerber]

On 5/19/2015 7:53 AM, javalishixml wrote:





I doubt you're going to be able to do this in httpd, unless you have a very 
simple, straight forward way of identifying the robots.

Yes. I just want to have a way to block the duplicated requests at httpd level. 
After all, my website has to face the the big concurrency issue.


I understand that's what you want.  What we're telling you is that you 
probably won't be able to do that.


Let me ask the question again, that Chris asked before:  how do you tell 
that a given request is from a robot?


The answer to that question will determine if you can block it with httpd.







At 2015-05-19 19:35:26, David kerber dcker...@verizon.net wrote:

On 5/19/2015 1:03 AM, javalishixml wrote:

Thanks a lot for your information.


This solution is based on tomcat level.  If I always handle this issue at java 
level, I'm afraid it has performance issue. Because this web site afford a very 
big concurrency access.


Taking a consideration on its basic architect tomcat+apache, I think the best 
way to move this solution from tomcat to apache. So do you have some good 
solution at apache's configuration?  I understand this is a mail list for 
tomcat.. but just want to get any information


I doubt you're going to be able to do this in httpd, unless you have a
very simple, straight forward way of identifying the robots.






Thanks,


At 2015-05-19 04:00:28, Christopher Schultz ch...@christopherschultz.net 
wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

To whom it may concern,

On 5/18/15 11:44 AM, javalishixml wrote:

I have a website. It is built by apache + tomcat.

Now we make a lottery activity at this website. But we find that
some robots always raise the duplicated requests to hit this
lottery activity. It causes that robots almost get all the awards.

So we just want to block these kind of duplicated requests at every
interval unit. For example, we set the interval unit is 3 seconds.
The if the robot want to hit the lottery activity in 3 seconds, the
website could block this action.

So how to do it? I suppose if we do it at tomcat level, is it a
very low performance? Can I do it at apache level? how to do it? If
I could not do it apache level, can I do it by setting sth at
tomcat?


If you have a way to identify a duplicate request (e.g. using a
fingerprint of the request that you can check during that 3-second
interval), then this is conceptually very easy.

It may not be great for performance, but you'll have to weigh that
against your own requirements. (For example, which is worse: poor
performance, or a site where only robots ever win the lottery?)

This will not be something you can configure in Apache httpd or
Tomcat. This will have to be an application thing (unless you can
describe the fingerprint technique to some httpd module such as
mod_security or mod_qos and then allow it to discard duplicates).

Back to the solution:

1. Take a fingerprint of the request
2. Lookup the fingerprint in a database of previous requests
( fingerprint - latest timestamp )
3. If the fingerprint appears in your database and the timestamp is
less than 3 seconds ago, discard the request
4. Otherwise, store the current timestamp and fingerprint in the databas
e

For a database, I might recommend something like memcached or another
in-memory-style database. An in-memory key-value store is really what
you are looking for. Memcached has a nice feature where values can
automatically time-out (e.g. they are invalid after 3 seconds), so you
can make your application code a bit simpler because you'll never have
a value in the database that is not valid.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVWkTcAAoJEBzwKT+lPKRYnW0QAIeRbfJtsTKtUZHUig9sIRre
y1mgJkPxBXjcRTfoZkZkTPhasYzINE1mb1mTPKfPbQveH+OmpawDREWJxg/6dFeg
af734ZRpBOAs4MtlCyTXgBUWpWka5CcpeIRYeEwx5GKPFLJfTBbGpswV3HwLaoEC
/NqMByVfwHnixBxSTGAM2GIOyrPf+Ii1Z0JpQyDEYcZUS3Dc3IFFeHPTvzQUb1SO
NB84fwjDT6GG/YerrlRV3GHL3WYhAw1n+tQ9cCpSWDvz8/KLUyKXqVjX5s/FbuB+
S+krz2jzKqxG8bdeixW4s0i/9gyA/KcSSDgwmBnRwHsIUDvfF3pzk1Vq7rfGNpmQ
L9V4brxL41H+ZMIDt2NjkVJb/UjgMnL5RpfQ1t+MdNvys/7UYav+vOv8jWqI3Mse
AXNv46mQZAiMFzs/nsR7OIVLLxU70l+wbys4mK6u34uDip5gzxvVSaYKviqgKspx
LT6MUHOpgmBhsiCUxjJ5odA4Q6mYhMfQxOB+6Ej8jRfKMT2uDTlwvU8gZ+/7TcUX
JXngjQLQyjj+gAO+7jS7sWpaakV1ojy8/nFBVWH/3tWoo0YD89DJCRWxA8x8slfx
oI9BGA0T7EwuX1CnqM90OLw7dymMQvwsTlkPAZnIvnWw3Xz29hIRazxQ7NR3AdCk
vNXsseUzO18IJ4n+By1G
=Q/ki
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: how to block the duplicated requests?

[David kerber]

On 5/19/2015 8:09 AM, javalishixml wrote:

Just understood you. Really appreciate for your feedback.


How do we judge it's a robot?
item1: we find the request IP is always the same one.
item2: our page may contains several keep-alive connections. But the attack 
connection only focus on connection.

Based on these 2 items, we think the client is a robot.



I think maybe putting these 2 items together to consider it as a robot is a bit 
complex. Let's do it from the simple point.
If we alway find there is a same IP request our website the same url for many 
times, can I block this request at httpd level?


Yes, it's easy to block a request from a specific IP address.  You can 
do it either with httpd, or further upstream at your firewall.  I don't 
use httpd, so can't help you with the specific instructions on how to do 
it, but I know it's not difficult.







Thanks,


At 2015-05-19 20:01:00, David kerber dcker...@verizon.net wrote:

On 5/19/2015 7:53 AM, javalishixml wrote:





I doubt you're going to be able to do this in httpd, unless you have a very 
simple, straight forward way of identifying the robots.

Yes. I just want to have a way to block the duplicated requests at httpd level. 
After all, my website has to face the the big concurrency issue.


I understand that's what you want.  What we're telling you is that you
probably won't be able to do that.

Let me ask the question again, that Chris asked before:  how do you tell
that a given request is from a robot?

The answer to that question will determine if you can block it with httpd.







At 2015-05-19 19:35:26, David kerber dcker...@verizon.net wrote:

On 5/19/2015 1:03 AM, javalishixml wrote:

Thanks a lot for your information.


This solution is based on tomcat level.  If I always handle this issue at java 
level, I'm afraid it has performance issue. Because this web site afford a very 
big concurrency access.


Taking a consideration on its basic architect tomcat+apache, I think the best 
way to move this solution from tomcat to apache. So do you have some good 
solution at apache's configuration?  I understand this is a mail list for 
tomcat.. but just want to get any information


I doubt you're going to be able to do this in httpd, unless you have a
very simple, straight forward way of identifying the robots.






Thanks,


At 2015-05-19 04:00:28, Christopher Schultz ch...@christopherschultz.net 
wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

To whom it may concern,

On 5/18/15 11:44 AM, javalishixml wrote:

I have a website. It is built by apache + tomcat.

Now we make a lottery activity at this website. But we find that
some robots always raise the duplicated requests to hit this
lottery activity. It causes that robots almost get all the awards.

So we just want to block these kind of duplicated requests at every
interval unit. For example, we set the interval unit is 3 seconds.
The if the robot want to hit the lottery activity in 3 seconds, the
website could block this action.

So how to do it? I suppose if we do it at tomcat level, is it a
very low performance? Can I do it at apache level? how to do it? If
I could not do it apache level, can I do it by setting sth at
tomcat?


If you have a way to identify a duplicate request (e.g. using a
fingerprint of the request that you can check during that 3-second
interval), then this is conceptually very easy.

It may not be great for performance, but you'll have to weigh that
against your own requirements. (For example, which is worse: poor
performance, or a site where only robots ever win the lottery?)

This will not be something you can configure in Apache httpd or
Tomcat. This will have to be an application thing (unless you can
describe the fingerprint technique to some httpd module such as
mod_security or mod_qos and then allow it to discard duplicates).

Back to the solution:

1. Take a fingerprint of the request
2. Lookup the fingerprint in a database of previous requests
 ( fingerprint - latest timestamp )
3. If the fingerprint appears in your database and the timestamp is
less than 3 seconds ago, discard the request
4. Otherwise, store the current timestamp and fingerprint in the databas
e

For a database, I might recommend something like memcached or another
in-memory-style database. An in-memory key-value store is really what
you are looking for. Memcached has a nice feature where values can
automatically time-out (e.g. they are invalid after 3 seconds), so you
can make your application code a bit simpler because you'll never have
a value in the database that is not valid.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVWkTcAAoJEBzwKT+lPKRYnW0QAIeRbfJtsTKtUZHUig9sIRre
y1mgJkPxBXjcRTfoZkZkTPhasYzINE1mb1mTPKfPbQveH+OmpawDREWJxg/6dFeg
af734ZRpBOAs4MtlCyTXgBUWpWka5CcpeIRYeEwx5GKPFLJfTBbGpswV3HwLaoEC
/NqMByVfwHnixBxSTGAM2GIOyrPf+Ii1Z0JpQyDEYcZUS3Dc3IFFeHPTvzQUb1SO
NB84fwjDT6GG

Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve

[David kerber]

On 5/19/2015 10:26 AM, Kim Ming Yap wrote:

Sorry .. you can call me Kim.

Yes. I know Mark suggested a custom authenticator .. but how would it help me?

The basic thing which i need is simple.
In the login module, i need access to session, request objects ..
How can having a custom authenticator help me?

What i need is a simple API in the login module to get these objects.
Think of it this way. There's a callback for username and password.
A simple solution is to have a callback for those session, request objects.

Now i know that the standard API security doesn't have this.
Maybe Tomcat can provide this API .. a callback to get this object.

By the way, you mentioned about it's more complicated than that.
Sure.

But here's the point.
The need here is basic and is the most fundamental thing used in any web 
application to do authentication and is used by all world wide application to 
do authentication.


But what you're asking it to do goes way beyond authentication.  All 
authentication does is tell you if a user should be allowed to access 
certain resources.  Nothing more.  Asking it to tell you why they are 
not allowed to access it is an additional function that can hurt your 
security.





Sure, issue of security etc. But your are forgoing the fundamental on account 
of that.

Think of it this way.

You've build some really good math algorithm to solve some advanced issue while 
all i need is 1+1 = 2 and that is not achievable.


Actually, the better analogy is that there is an application that can 
tell you whether or not 1+1=2, and you're asking it to explain why the 
numbers they entered don't total up to 2.





I would get the fundamental rights first before moving on to more advanced 
needs like TLS certificate etc.

That's why when i started looking at this issue, well lots of complaints on 
this. Just google it.

Just my thoughts.



Date: Tue, 19 May 2015 09:10:57 -0400
From: ch...@christopherschultz.net
To: users@tomcat.apache.org
Subject: Re: Tomcat valve JAAS : form error page displayed first before 
response reaches back to Tomcat valve

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ming Yap,

(Please let me know if I'm using your given name properly... you
haven't identified yourself in the body of your messages, so I only
have your email address for identification purposes. I wouldn't want
to be calling you by the wrong name.)

On 5/18/15 6:23 PM, Kim Ming Yap wrote:

I think Tomcat should provide interfaces for different scenarios
.. that's my opinion.


Tomcat can't dictate the JAAS interfaces. It can only implement and/or
call them. You are right that Tomcat might be able to provide some
convenience items for you, but you'd have to be a bit more specific
about what you'd like.


So coming back to my web form-based authentication problem, is
there a solution to it?


Mark suggested a custom Authenticator. I'd start by looking at one of
the existing authenticators -- depending upon the authenticator you
are currently using (likely FormAuthenticator, based upon your initial
post).

Note that FormAuthenticator.authenticate is probably much more
complicated that you imagined.

- -chris


Date: Mon, 18 May 2015 18:01:31 -0400 From:
ch...@christopherschultz.net To: users@tomcat.apache.org Subject:
Re: Tomcat valve JAAS : form error page displayed first before
response reaches back to Tomcat valve


Ming Yap,

On 5/18/15 4:56 PM, Kim Ming Yap wrote:

Now here's comes to crucial point and question when comes to
JAAS.

I know the benefit of JAAS - a pluggable authentication and
authorization module.

Why and in JavaEE's name have a JAAS realm (eg in Tomcat)
where the loginmodule has no access to those most important
objects - sessions, request etc?


... because JAAS does not require you to be running within a web
context. You can use JAAS in a think client. Or from a
command-line client. Or whatever. In those cases, what would you
use for the request or session?


I did a bit of research .. hence other web container like
JBoss, Oracle WebLogic has to build an extended version of
their authentication module to capture those important
objects ..

I just don't comprehend this.This is mind boggling.


Pluggable authentication and authorization is kind of an
unattainable goal when you want it to work across any use case. You
just happen to be thinking of the web-based authentication use
case, here, and it's not matching up with your expectations.

What if you wanted to use some information about a TLS certificate
for authentication? Does the JAAS module now need to have access to
the X.509 certificate as well? What about a Smart Card? Where does
that fit into your web-based view of JAAS?

It's just more complicated than you think, unfortunately.


I have spent almost 4 weeks on trying to solve this basic
problem when comes to form based authentication using JAAS.

1. Valid credential - no issue2. Credential disabled due to
gt 3 retry - This message propagate to the error page3.
Invalid 

Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve

[David kerber]

On 5/19/2015 10:46 AM, Kim Ming Yap wrote:


You said ..

 Actually, the better analogy is that there is an application that can

tell you whether or not 1+1=2, and you're asking it to explain why the
numbers they entered don't total up to 2


when a user account is disabled after exceeded limits retry .. i couldn't display 
account disabled but rather email / password invalid (due to the issue below)

the right analogy is ..

1 (User) +1 (password) = 10 (10 being the incorrect message being displayed due 
to lack of the needed feature).

Sure .. if if i'm the client .. i will ask 1+1 = 10?

That's the issue.


The point we're making is that if a user's authentication is not valid, 
you should NOT be telling them why, just tell them it's invalid and 
maybe tell them to contact the administrator.


Giving them any more information is just setting yourself up to be a 
victim of much quicker brute-force attacks, because you're giving them 
lots of help.







Date: Tue, 19 May 2015 10:34:48 -0400
From: dcker...@verizon.net
To: users@tomcat.apache.org
Subject: Re: Tomcat valve JAAS : form error page displayed first before 
response reaches back to Tomcat valve

On 5/19/2015 10:26 AM, Kim Ming Yap wrote:

Sorry .. you can call me Kim.

Yes. I know Mark suggested a custom authenticator .. but how would it help me?

The basic thing which i need is simple.
In the login module, i need access to session, request objects ..
How can having a custom authenticator help me?

What i need is a simple API in the login module to get these objects.
Think of it this way. There's a callback for username and password.
A simple solution is to have a callback for those session, request objects.

Now i know that the standard API security doesn't have this.
Maybe Tomcat can provide this API .. a callback to get this object.

By the way, you mentioned about it's more complicated than that.
Sure.

But here's the point.
The need here is basic and is the most fundamental thing used in any web 
application to do authentication and is used by all world wide application to 
do authentication.


But what you're asking it to do goes way beyond authentication.  All
authentication does is tell you if a user should be allowed to access
certain resources.  Nothing more.  Asking it to tell you why they are
not allowed to access it is an additional function that can hurt your
security.




Sure, issue of security etc. But your are forgoing the fundamental on account 
of that.

Think of it this way.

You've build some really good math algorithm to solve some advanced issue while 
all i need is 1+1 = 2 and that is not achievable.


Actually, the better analogy is that there is an application that can
tell you whether or not 1+1=2, and you're asking it to explain why the
numbers they entered don't total up to 2.




I would get the fundamental rights first before moving on to more advanced 
needs like TLS certificate etc.

That's why when i started looking at this issue, well lots of complaints on 
this. Just google it.

Just my thoughts.



Date: Tue, 19 May 2015 09:10:57 -0400
From: ch...@christopherschultz.net
To: users@tomcat.apache.org
Subject: Re: Tomcat valve JAAS : form error page displayed first before 
response reaches back to Tomcat valve

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ming Yap,

(Please let me know if I'm using your given name properly... you
haven't identified yourself in the body of your messages, so I only
have your email address for identification purposes. I wouldn't want
to be calling you by the wrong name.)

On 5/18/15 6:23 PM, Kim Ming Yap wrote:

I think Tomcat should provide interfaces for different scenarios
.. that's my opinion.


Tomcat can't dictate the JAAS interfaces. It can only implement and/or
call them. You are right that Tomcat might be able to provide some
convenience items for you, but you'd have to be a bit more specific
about what you'd like.


So coming back to my web form-based authentication problem, is
there a solution to it?


Mark suggested a custom Authenticator. I'd start by looking at one of
the existing authenticators -- depending upon the authenticator you
are currently using (likely FormAuthenticator, based upon your initial
post).

Note that FormAuthenticator.authenticate is probably much more
complicated that you imagined.

- -chris


Date: Mon, 18 May 2015 18:01:31 -0400 From:
ch...@christopherschultz.net To: users@tomcat.apache.org Subject:
Re: Tomcat valve JAAS : form error page displayed first before
response reaches back to Tomcat valve


Ming Yap,

On 5/18/15 4:56 PM, Kim Ming Yap wrote:

Now here's comes to crucial point and question when comes to
JAAS.

I know the benefit of JAAS - a pluggable authentication and
authorization module.

Why and in JavaEE's name have a JAAS realm (eg in Tomcat)
where the loginmodule has no access to those most important
objects - sessions, request etc?


... because JAAS does not require you to be running within a web
context. You can use 

Re: how to block the duplicated requests?

[David kerber]

How would you tell that a request is from a robot?


On 5/18/2015 11:44 AM, javalishixml wrote:

Hi,

I have a website. It is built by apache + tomcat.

Now we make a lottery activity at this website. But we find that some robots 
always raise the duplicated requests to hit this lottery activity. It causes 
that robots almost get all the awards.

So we just want to block these kind of duplicated requests at every interval 
unit.
For example, we set the interval unit is 3 seconds. The if the robot want to 
hit the lottery activity in 3 seconds, the website could block this action.

So how to do it? I suppose if we do it at tomcat level, is it a very low 
performance? Can I do it at apache level? how to do it?
If I could not do it apache level, can I do it by setting sth at tomcat?

Thanks in advance,
Java Coder




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.

[David kerber]

On 5/15/2015 8:23 AM, Penubothu, Srinivasa M wrote:

Here are the details of the vulnerability.

Title: SSL/TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)
CVE ID: CVE-2015-0204
Diagnosis: The remote SSL/TLS server accepts RSA_EXPORT cipher suites which is 
vulnerable to session downgrade vulnerability.
Result: Exploitation allows an attacker to bypass security restrictions on the 
targeted host.
Recommended Solution: Disable RSA_EXPORT cipher suites.

Trying to find how to apply this fix in Tomcat 7. Appreciate your help!


Update to the latest JRE and TC versions.





Regards

Srinivasa(Vasu) Penubothu

Mortgage Build  Deployment Team
• MTGBDT SharePoint Site
• MTGBDT Nexus Engagement Link
Division: Mortgage Technology
Phones: 469-201-8855(Work)
   214-250-8424(Mobile)
Email: srinivasa.penubo...@bankofamerica.com


-Original Message-
From: Neill Lima [mailto:neill.l...@visual-meta.com]
Sent: Friday, May 15, 2015 7:15 AM
To: Tomcat Users List
Subject: Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.

We would love to help but without the bare minimum description we are unable to 
do so.

Sorry!

On Fri, May 15, 2015 at 2:10 PM, Penubothu, Srinivasa M  
srinivasa.penubo...@bankofamerica.commailto:srinivasa.penubo...@bankofamerica.com
 wrote:


Hello, I am looking for help with fixing FREAK vulnerability on tomcat 7.
I am unable to find a solution for tomcat. Any help would be much
appreciated.

Regards

Srinivasa(Vasu) Penubothu

--
This message, and any attachments, is for the intended recipient(s)
only, may contain information that is privileged, confidential and/or
proprietary and subject to important terms and conditions available at
http://www.bankofamerica.com/emaildisclaimer.   If you are not the
intended recipient, please delete this message.




--
This message, and any attachments, is for the intended recipient(s) only, may 
contain information that is privileged, confidential and/or proprietary and 
subject to important terms and conditions available at 
http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended 
recipient, please delete this message.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Vulnerabilities for 6.x and 7.x version

[David kerber]

On 5/12/2015 8:58 AM, Mittal, Paran (Infosys) wrote:

Hi Chuck,

Thanks for your reply.

We have checked the link but are unable to find the exact file name
where changes need to be deploy or steps to follow to apply the fix.


With Tomcat, you don't deploy changes, nor do you apply patches.  To get 
fixes, you update at least to the version of TC that has the fix you 
need.  Or, preferably, you update to the latest version, so you also get 
other fixes that you didn't know you needed, but which are important anyway.





As we are not able to understand the significance of any of the below links:

Thanks  Regards,

Paran Mittal

-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Tuesday, May 12, 2015 12:28 PM
To: Tomcat Users List
Subject: RE: Tomcat Vulnerabilities for 6.x and 7.x version

  From: Mittal, Paran (Infosys) [mailto:paran.mit...@astrazeneca.com]

  Subject: Tomcat Vulnerabilities for 6.x and 7.x version

  We need to understand the fix for tomcat Vulnerabilities for 6.0.29
and 7.0 version.

  We came across a CVE Reference:   CVE-2014-0230 which says

  Could you please provide us with the Fix or patch for the same as we

  could not found same on the apache tomcat site.

Look again.  That one is clearly documented here:

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

Use the current releases if you want that non-problem fixed.

- Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
mailto:users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org
mailto:users-h...@tomcat.apache.org



*Confidentiality Notice: *This message is private and may contain
confidential and proprietary information. If you have received this
message in error, please notify us and remove it from your system and
note that you must not copy, distribute or take any action in reliance
on it. Any unauthorized use or disclosure of the contents of this
message is not permitted and may be unlawful.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting Content-Type for a static resource

[David kerber]

On 5/8/2015 12:48 PM, Peter Rifel wrote:

Chris,

Thanks for the advice but that doesn't seem to help.  It looks like 
ApplicationContext.getMimeType(String) extracts the extension from the file and uses that in 
looking up the context's mime mapping. The .xml extension of the file results in the 
xml mime-mapping's mime-type, and the crossdomain.xml mime-mapping is never 
used.

Any other ideas?


What if you changed the filename so that crossdomain.xml was actually 
an extension:  filename.crossdomain.xml, or something similar?






Peter

On 5/8/15, 5:09 AM, Christopher Schultz ch...@christopherschultz.net wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Peter Rifel,

On 5/7/15 5:06 PM, Peter Rifel wrote:

I'm using Tomcat 8.0.21 and have a static /crossdomain.xml file
that I would like to serve with a Content-Type of
text/x-cross-domain-policy.  I'm using the Tuckey url rewrite
filter to set the response's Content-Type but it appears to be
getting overwritten back to application/xml.  Stepping through the
source code it looks like DefaultServlet.serveResource is grabbing
the mime-type from crossdomain.xml's webResource which I assume
comes from the global web.xml's mime-mappings.  Is there a way to
override this, short of creating a new servlet that responds with
the file's contents?


Try adding this to your META-INF/web.xml:

mime-mapping
extensioncrossdomain.xml/extension
mime-typetext/x-cross-domain-policy/mime-type
/mime-mapping

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVTKeSAAoJEBzwKT+lPKRYBb0P/AubjY5Pqafncs3zecKzw7W1
mdrTO6GeR5UYhimq6YymVOsc9P7y8f4WhAMmymc3WplMVYyE8LUmw3VtixoMTAJs
jral+X7/OHFtWh4P/FhXTizdU5dXEXJrnST/Kyhdol9bd9cJIzW0reWb9jvVphTI
STF8pg0AHN0paJYH7EYq83b3yZl3sLEPZdrtJdOazWbJeDLCS/bYDMZxkjswmTGp
mWVwcSSd8g1uSYvAEPF1f5fwEZlPJiPawQ33IrF41Dk0YNaCpzSulTxLiKTg6gxh
7vAtBbl2m9tVlCYLDCGgm4uFUUc189z0tB0RhHHuoULCSSDNMG89wuav8r+VOBND
9B3d4yTHKoopJqu17QY+Ttjx+aXYkN1Fb1Nr71E3/i2BrSgcOnvvOGNLsSEP2IK3
z6xShMnEynmCx3LK28oaTUkjqE8qpY+LLfTcFB7VH9C016b1FcOGxh87bFbuyIKt
88Etkoq8m6P5Gr2v5v47J7h/tE92BaYkPBS1Iy9hqW6WG5umaWkgHHhgYZd1eOqs
/Ww3iJ5JWXT4kdE/Z5nTSbQ+yxYlNuowPcd/GgoncS8ryruLSu8hpG3hlSilq4ZZ
htN56PRtDDJeioBdWd88eddwFdN6VU76d2lDhmzXqMmAyUsx4PKM/OegnZo63BxU
wDVxpsyhx6xHJt2DlZcs
=VdPD
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Trouble separating catalina_base and catalina_home in TC 8

[David kerber]

On 4/30/2015 2:49 PM, David kerber wrote:

I'm having trouble getting the default webapps to start under TC8 when I
separate catalina_base and catalina_home.  It must be something stupid
I'm missing, but I can't think of any place else to check.

This is a windows server 2012 R2 server, with JRE 7u75, JRE 8u45, TC
7.0.57 and TC 8.0.21 all installed as 32-bit under Program Files (x86).
  TC is as a windows service in both cases, and they were installed
using the windows service installer .exe.  TC7 is set up to use JRE 7,
and TC 8 to use JRE8.  Everything runs fine under TC7, but I appear to
be having some interference when I try to run apps under TC8, not from
catalina_home.  All the following comments are running TC8.


I don't have Konstantin's message on this machine so I can't reply to 
it, but he got me pointed in the correct direction to get this fixed.


The issues was with my set up of the CATALINA_BASE directories.  All the 
install locations were good, but when I set up catalina.base, I also 
happened to copy the /lib directory, which has all the tomcat jars in it 
(catalina.jar, etc), so it was picking the TC7 versions of them instead 
of the ones in the actual install location.  Once I got rid of the extra 
files, everything runs as it should.


Thanks!


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Trouble separating catalina_base and catalina_home in TC 8

[David kerber]

I'm having trouble getting the default webapps to start under TC8 when I 
separate catalina_base and catalina_home.  It must be something stupid 
I'm missing, but I can't think of any place else to check.


This is a windows server 2012 R2 server, with JRE 7u75, JRE 8u45, TC 
7.0.57 and TC 8.0.21 all installed as 32-bit under Program Files (x86). 
 TC is as a windows service in both cases, and they were installed 
using the windows service installer .exe.  TC7 is set up to use JRE 7, 
and TC 8 to use JRE8.  Everything runs fine under TC7, but I appear to 
be having some interference when I try to run apps under TC8, not from 
catalina_home.  All the following comments are running TC8.


Everything works fine when I run the manager app from its original 
(catalina_home) location, but when I try to move it to catalina_base, it 
fails, apparently trying to start TC 7.  These are the first 30 lines 
from the stderr log.  There are more errors later on in the log, but I 
believe they are cascading from the initial problems.  Specifically, 
note that it shows CATALINA_HOME as the correct TC8 location, but it 
says it's starting 7.0.57 (line2).



2015-04-30 18:22:04 Commons Daemon procrun stderr initialized
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server version: 
 Apache Tomcat/7.0.57
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server built: 
 Nov 3 2014 08:39:16 UTC
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server number: 
 7.0.57.0
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS Name: 
 Windows Server 2008 R2
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS Version: 
 6.1
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Architecture: 
 x86
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JAVA_HOME: 
 C:\Program Files (x86)\Java\jre8
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 
 1.8.0_45-b14
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: 
 Oracle Corporation
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: 
 F:\tomcat8_clients
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: 
 C:\Program Files (x86)\Apache Software Foundation\Tomcat 8.0
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Dcatalina.home=C:\Program Files (x86)\Apache Software 
Foundation\Tomcat 8.0
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Dcatalina.base=f:\tomcat8_clients
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djava.endorsed.dirs=C:\Program Files (x86)\Apache Software 
Foundation\Tomcat 8.0\endorsed
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djava.io.tmpdir=f:\tomcat8_clients\temp
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: 
-Djava.util.logging.config.file=f:\tomcat8_clients\conf\logging.properties
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: 
-DWebSira.configFileName=F:\tomcat8_clients\PelicanWebSIRA.properties
30-Apr-2015 18:22:06.092 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: exit
30-Apr-2015 18:22:06.107 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Xms128m
30-Apr-2015 18:22:06.107 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Xmx256m
30-Apr-2015 18:22:06.107 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR 
based Apache Tomcat Native library which allows optimal performance in 
production environments was not found on the java.library.path: 
C:\Program Files (x86)\Apache Software Foundation\Tomcat 
8.0\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program 
Files\SQL Anywhere 12\bin64;C:\Program Files\SQL Anywhere 12\bin32;;.
30-Apr-2015 18:22:06.357 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing 

Re: Where are my non-persistent sessions stored ?

[David kerber]

On 4/24/2015 9:21 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sreyan,

On 4/23/15 9:24 AM, Sreyan Chakravarty wrote:

I beg to differ but every time a new request is sent to the server,
Tomcat creates a new session for it. So yes Tomcat creates a
session even if the application does not ask for it.


This is not true.

If you can demonstrate that Tomcat is creating sessions that should be
created, please provide a small example that does so.


Did you mean ... sessions that should NOT be created...?






Every unique session generates an unique session id on the server.


I should hope so.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVOkNzAAoJEBzwKT+lPKRYxqYQALqzGKeZF/9IXzpuBd91h9oi
fdNBncyrRuMUvN85hzTUl+ry9vevzN4nHZEzN2+oQUzO/+O7gFiET+dQYxR69bl5
A/eL/6pZiXoZQlpuRapVuRQmhphf/7tgQdLolhAXxt8GSeKuYd9fRBK4+cD4o9vZ
udGhhbJzkZ8nKQv8hVA8Gt3tzx7KkcQhRdBZ4EWQQBCd4RO/oe8yViCoglK4DTx5
7RIhTqLeHABZDy0SAisWXUxlv0ajRP5tgSSQEeD0kUe/3DEJQjOuKyCL9WFzwxQU
iFesIYvnE+Lu0759nwkUYTPqY7E5wZeTZyHwl/wnZLGuMzzZLwe4USeZ3QLCieLc
/MSfivIy3VJL8NbPLCtQ2V9zVEht8ljB/D+Sb1zLfc+0jY/OCmWux3ws7KQ6UwdA
pkQheiJaOpnJkxDxwS4yH3dQhr6tFEMO1nOKw40v4TJP3Gvycc/BzCt0zVZV2EcJ
QhQaQJOLG3qtkNz65ybM91MwqnSjDngeVzsEw1zyHIQt497hO8D3jaaMgsSrtAZe
K4kG6Mj+ZcptD4E+FwABdFix/XOhpjdOXlGO/LSmXq0rnpOw0aQOrcadTeUVOrWg
OiLmHbqTJ8U0d7Tys0rEVGi1qdi+z6R5KQ37gXFv6LmC5EjOLkjSlfr26OuHh4JW
AM+vdYLS3qmiX/Ymo44g
=BtTh
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: GC Issue on Tomcat6

[David kerber]

On 4/17/2015 8:32 AM, Subhro Paul wrote:

Hi Team,

For our client website we have two Tomcat servers. Both servers are having
same configuration which is 16GB RAM, 8CPUS and Linux 6.5 OS. Tomcat 6 and
JAVA 6 are installed in both systems.

Yesterday, using Jconsole we observed that frequency of GC on one server
was very high which was 5 GC hit per Minute and on other server it was 1
GC hit per 3 Minutes. But today we observed that on both of the servers GC
frequency is same.

Is this a know secnario or the server is facing any issue?


It was probably just receiving more traffic and/or doing more work of 
some other kind.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

[David kerber]

On 4/15/2015 12:05 PM, Jason Jesso wrote:

I have Tomcat 6.0.41 connector set-up with:


SSLProtocol=TLSv1.1,TLSv1.2
ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
  TLS_RSA_WITH_AES_128_CBC_SHA256,
  TLS_RSA_WITH_AES_128_CBC_SHA,
  TLS_RSA_WITH_AES_256_CBC_SHA256,
  TLS_RSA_WITH_AES_256_CBC_SHA


We are failing our PCI scan for RSA_EXPORT Cipher Suites (FREAK).


I also test my server using openssl like:


openssl s_client -cipher EXPORT -connect localhost:443  /dev/null 2/dev/null

SSL-Session:
 Protocol  : TLSv1
 Cipher: EXP-EDH-RSA-DES-CBC-SHA
 Session-ID: 
552E8BA663CD1406A0483AC1C5EA4625FEAA4728B4CEC0DF9FDB7B1205F34A56
 Session-ID-ctx:
 Master-Key: 
28300592CF17AEB81E3113DBD26A74406729DECDF4274E5181FDFB82896C8039E5B5205965423F162D44A0814892779A
 Key-Arg   : None
 PSK identity: None
 PSK identity hint: None
 SRP username: None
 Start Time: 1429113767
 Timeout   : 300 (sec)
 Verify return code: 19 (self signed certificate in certificate chain)


It still connects with the EXPORT cipher.  I do not know why, since I thought the ciphers 
I specify in the ciphers variable is good.



This is my Tomcat start-up:

bin/startup.sh

Using CATALINA_BASE:   /usr/apache-tomcat-6.0.41
Using CATALINA_HOME:   /usr/apache-tomcat-6.0.41
Using CATALINA_TMPDIR: /usr/apache-tomcat-6.0.41/temp
Using JRE_HOME:/usr/java6
Using CLASSPATH:   /usr/apache-tomcat-6.0.41/bin/bootstrap.jar


What exact version of java?  I think that's your issue.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

[David kerber]

On 4/15/2015 1:17 PM, Jason Jesso wrote:

I am using Java 1.6 on AIX plaform.

/usr/java6/bin/java -version
java version 1.6.0
Java(TM) SE Runtime Environment (build pap3260sr15fp1-20140110_01(SR15 FP1))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc-32 
jvmap3260sr15-20131231_180656 (JIT enabled, AOT enabled)
J9VM - 20131231_180656
JIT  - r9_20130920_46510ifx3
GC   - GA24_Java6_SR15_20131231_1152_B180656)
JCL  - 20140107_01

You think this is the issue?


There's a chance of it, but I don't know how IBM's java versions compare 
to Oracle's.  There were quite a few things that changed in late 
versions of Java 6 and 7 w.r.t. encryption.


What exact version of java 7 do you have?  IMS, you need a late number 
(45, maybe?).






From: David kerber [dcker...@verizon.net]
Sent: Wednesday, April 15, 2015 12:26 PM
To: Tomcat Users List
Subject: Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

On 4/15/2015 12:05 PM, Jason Jesso wrote:

I have Tomcat 6.0.41 connector set-up with:


SSLProtocol=TLSv1.1,TLSv1.2
ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
   TLS_RSA_WITH_AES_128_CBC_SHA256,
   TLS_RSA_WITH_AES_128_CBC_SHA,
   TLS_RSA_WITH_AES_256_CBC_SHA256,
   TLS_RSA_WITH_AES_256_CBC_SHA


We are failing our PCI scan for RSA_EXPORT Cipher Suites (FREAK).


I also test my server using openssl like:


openssl s_client -cipher EXPORT -connect localhost:443  /dev/null 2/dev/null

SSL-Session:
  Protocol  : TLSv1
  Cipher: EXP-EDH-RSA-DES-CBC-SHA
  Session-ID: 
552E8BA663CD1406A0483AC1C5EA4625FEAA4728B4CEC0DF9FDB7B1205F34A56
  Session-ID-ctx:
  Master-Key: 
28300592CF17AEB81E3113DBD26A74406729DECDF4274E5181FDFB82896C8039E5B5205965423F162D44A0814892779A
  Key-Arg   : None
  PSK identity: None
  PSK identity hint: None
  SRP username: None
  Start Time: 1429113767
  Timeout   : 300 (sec)
  Verify return code: 19 (self signed certificate in certificate chain)


It still connects with the EXPORT cipher.  I do not know why, since I thought the ciphers 
I specify in the ciphers variable is good.



This is my Tomcat start-up:

bin/startup.sh

Using CATALINA_BASE:   /usr/apache-tomcat-6.0.41
Using CATALINA_HOME:   /usr/apache-tomcat-6.0.41
Using CATALINA_TMPDIR: /usr/apache-tomcat-6.0.41/temp
Using JRE_HOME:/usr/java6
Using CLASSPATH:   /usr/apache-tomcat-6.0.41/bin/bootstrap.jar


What exact version of java?  I think that's your issue.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

[David kerber]

On 4/15/2015 1:43 PM, Jason Jesso wrote:

Actually my mistake, if I use Java 7 it seems I can't connect using openssl.  
It seems the secure connection does not even work when I point to Java7 .

The TLS works when I used the Java 6, but I'm still stuck with the EXPORT 
ciphers.


Ok, you have exhausted my knowledge of the subject.  Somebody else is 
going to need to chime in here.







From: David kerber [dcker...@verizon.net]
Sent: Wednesday, April 15, 2015 1:34 PM
To: Tomcat Users List
Subject: Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

On 4/15/2015 1:17 PM, Jason Jesso wrote:

I am using Java 1.6 on AIX plaform.

/usr/java6/bin/java -version
java version 1.6.0
Java(TM) SE Runtime Environment (build pap3260sr15fp1-20140110_01(SR15 FP1))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc-32 
jvmap3260sr15-20131231_180656 (JIT enabled, AOT enabled)
J9VM - 20131231_180656
JIT  - r9_20130920_46510ifx3
GC   - GA24_Java6_SR15_20131231_1152_B180656)
JCL  - 20140107_01

You think this is the issue?


There's a chance of it, but I don't know how IBM's java versions compare
to Oracle's.  There were quite a few things that changed in late
versions of Java 6 and 7 w.r.t. encryption.

What exact version of java 7 do you have?  IMS, you need a late number
(45, maybe?).





From: David kerber [dcker...@verizon.net]
Sent: Wednesday, April 15, 2015 12:26 PM
To: Tomcat Users List
Subject: Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

On 4/15/2015 12:05 PM, Jason Jesso wrote:

I have Tomcat 6.0.41 connector set-up with:


SSLProtocol=TLSv1.1,TLSv1.2
ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA


We are failing our PCI scan for RSA_EXPORT Cipher Suites (FREAK).


I also test my server using openssl like:


openssl s_client -cipher EXPORT -connect localhost:443  /dev/null 2/dev/null

SSL-Session:
   Protocol  : TLSv1
   Cipher: EXP-EDH-RSA-DES-CBC-SHA
   Session-ID: 
552E8BA663CD1406A0483AC1C5EA4625FEAA4728B4CEC0DF9FDB7B1205F34A56
   Session-ID-ctx:
   Master-Key: 
28300592CF17AEB81E3113DBD26A74406729DECDF4274E5181FDFB82896C8039E5B5205965423F162D44A0814892779A
   Key-Arg   : None
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   Start Time: 1429113767
   Timeout   : 300 (sec)
   Verify return code: 19 (self signed certificate in certificate chain)


It still connects with the EXPORT cipher.  I do not know why, since I thought the ciphers 
I specify in the ciphers variable is good.



This is my Tomcat start-up:

bin/startup.sh

Using CATALINA_BASE:   /usr/apache-tomcat-6.0.41
Using CATALINA_HOME:   /usr/apache-tomcat-6.0.41
Using CATALINA_TMPDIR: /usr/apache-tomcat-6.0.41/temp
Using JRE_HOME:/usr/java6
Using CLASSPATH:   /usr/apache-tomcat-6.0.41/bin/bootstrap.jar


What exact version of java?  I think that's your issue.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Rendering JSP files through Apache

[David kerber]

On 4/9/2015 3:06 PM, George Sexton wrote:



On 4/9/2015 12:58 PM, Caldarale, Charles R wrote:

From: George Sexton [mailto:geor...@mhsoftware.com]
Subject: Re: Rendering JSP files through Apache
My reading of it says that any request that matches a known context path
must be routed to the web application. It seems pretty cut and dried
to me.

That's true only when the request is processed by the servlet
container.  If the request is handled elsewhere, clearly the servlet
spec clause doesn't apply.


The problem is then that as a system, the container isn't compliant.


No, it's the *system* that is broken.  The container itself is doing 
exactly what it is being told to do.  If you're not telling it to do the 
correct things, that's on you, not on the container.




What you're in essence saying is that the compliance of the system
isn't a concern. My belief is that as a system, the end result has to
be compliant because my application is deployed on a system. If the
system breaks the application, then it's not compliant.

I suppose it's like eating an apple. At what point does the apple become
you?


Once it's inside you, when your body can start processing it.  Just like 
the request must get inside the container for it to be processed IAW the 
spec.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Rendering JSP files through Apache

[David kerber]

On 4/9/2015 3:03 PM, George Sexton wrote:



On 4/9/2015 10:06 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

George,

On 4/9/15 10:52 AM, George Sexton wrote:

On 4/8/2015 6:15 PM, Leggio, Andrew wrote:

This contains both HTML and JSP.  I would like the HTML to be
handled through Apache and JSP pages to be handled by TOMCAT.
How do I accomplish this?

Just my two cents, but any server that works the way you want is
not compliant with the servlet specification. It states that all
requests for a context must be passed to the container.

??

The servlet spec doesn't apply to environments, only containers. If
the OP wants to have Apache httpd serve static files and proxy dynamic
requests, that's perfectly reasonable.

It's also easy to do.


What you're suggesting is what GoDaddy does. The problem is that if
you map requests for things like css, javascript, or even .html
pages to a servlet, then it breaks.

Bad idea.

?

Why would a servlet have a problem handling a request for a .html
file? The DefaultServlet was designed with that explicit purpose in mind


What I'm saying is that having httpd handle request for .html and
everything else handled by the servlet container violates section 4.1 of
Java Servlet Specification 3.0.

The issue is not the servlet handling the request for .html. The issue
is that if the deployment descriptor has an explicit mapping for
/context/foo.html, and the web app is never presented with the request
because it's being done at the higher level of Apache httpd, then it
breaks the web app. httpd is given the request for /context/foo.html,
and there is no corresponding file, and the web app is broken.

You can argue about whether it's smart to map servlets into .html, but
again my reading of the spec is that unequivocally, if the request path
matches a deployed context, the request must be routed to the
context/container.


Then your reading is incorrect.  The spec only applies to requests that 
reach the container in the first place.  If something else handles it 
before it reaches the container, the spec is not applicable.




There are a lot of legitimate reasons to map static resources into
servlets. Things like images, graphs, CSS files, Javascript files, etc.


Certainly, and that's what I do.  But it's for convenience and ease of 
configuration, not because it's what the spec requires.  Other people 
have other needs...



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Rendering JSP files through Apache

[David kerber]

On 4/9/2015 3:18 PM, George Sexton wrote:



On 4/9/2015 1:10 PM, David kerber wrote:

You can argue about whether it's smart to map servlets into .html, but

again my reading of the spec is that unequivocally, if the request path
matches a deployed context, the request must be routed to the
context/container.


Then your reading is incorrect.  The spec only applies to requests
that reach the container in the first place.  If something else
handles it before it reaches the container, the spec is not applicable.



Allow me to re-quote the spec:

A ServletContext is rooted at a known path within a Web server. For
example, a servlet context could be located at
http://www.mycorp.com/catalog. All requests that begin with the /catalog
request path, known as the context path, are routed to the Web
application associated with the ServletContext.

The spec explicitly includes the phrase known path within a web server
and it explicitly also states All requests that begin with the /catalog
request path, known as the context path, are routed to the Web
application associated with the ServletContext.

I don't see any conditionals that would allow violation of this. Arguing
otherwise is really not supported by the language.


There is no violation of this if a request never reaches the container 
in the first place.  The spec only applies to the servlet container 
itself, not to the overall system of which it might be a part.








There are a lot of legitimate reasons to map static resources into
servlets. Things like images, graphs, CSS files, Javascript files, etc.


Certainly, and that's what I do.  But it's for convenience and ease of
configuration, not because it's what the spec requires. Other people
have other needs...


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org