Re: How to integrate alternative SSLContext?
Hi Mark, On Thu, Aug 24, 2023 at 7:26 AM Mark Thomas wrote: > >> You shouldn't need a custom connector. As things stand currently, you > >> would need a custom SSLImplementation although you should be able to > >> extend the exising JSSE support for most of that. > > > > How can I take the default Connector to use this custom > SSLImplementation? > > https://tomcat.apache.org/tomcat-11.0-doc/config/http.html > > Look for sslImplementationName Thanks for this hint very much! The below line works for me, connector.setProperty("sslImplementationName", AltJSSEImplementation.class.getName()); Best regards, John Jiang
Re: How to integrate alternative SSLContext?
Hi Mark, Thanks for your reply! On Thu, Aug 24, 2023 at 12:15 AM Mark Thomas wrote: > On 23/08/2023 00:44, John Jiang wrote: > > Hi, > > I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19. > > My project needs a custom javax.net.ssl.SSLContext implementation. > > Why? What problem are you trying to solve? > My project needs alternative cipher suites, EC group and signature scheme. > > How can I integrate this custom SSLContext to the embedded Tomcat > > server? > > I don't find any convenient API for this case. > > Do I have to provide a new SSLImplementation, and then pass it to a > > custom > > Connector? > > You shouldn't need a custom connector. As things stand currently, you > would need a custom SSLImplementation although you should be able to > extend the exising JSSE support for most of that. How can I take the default Connector to use this custom SSLImplementation? I didn't find the public APIs or configurations to do that. It looks need to set this new SSLImplementation class name in method Connector::initInternal. Best regards, John Jiang
How to integrate alternative SSLContext?
Hi, I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19. My project needs a custom javax.net.ssl.SSLContext implementation. How can I integrate this custom SSLContext to the embedded Tomcat server? I don't find any convenient API for this case. Do I have to provide a new SSLImplementation, and then pass it to a custom Connector? In addition, I don't meet this problem with Jetty and Netty. Best regards, John Jiang
Re: Database connection pooling ..
Good info here. Commons IS very busy, aren't they. Lots of good tools in there .. John On 4/11/23, Christopher Schultz wrote: > Bruno, > > On 4/11/23 12:51, BRUNO MELLONI wrote: >> I used org.apache.commons.dbcp2.BasicDataSource as my default >> DataSource for over a decade in both Tomcat and standalone apps. >> Very reliable. > Note that you are talking about commons-dbcp2 and John was asking about > tomcat-pool (which is a different product). > > Tomcat uses commons-dbcp2 by default, but can be configured to use its > own tomcat-pool as well. > > IMHO I would prefer commons-dbcp2 over tomcat-pool just because it has > such a huge user-base in comparison, and it's got a dedicated team > working on it. tomcat-pool doesn't get much attention around here... > it's just kind of "done". > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: just wondering.. encryption in context.xml?
This might be one way to elevate compliance. If you can read the database password from the database, you win (some sort of) prizes. :D Search for Plain Ol' Java: http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html JBoss used to compile the password into a runtime IOC pattern, but it could still be hacked, but not as likely to have a day-to-day systems admin stumble upon it. On 4/8/23, Kevin Huntly wrote: > okay that's fair > > On Sat, Apr 8, 2023, 14:31 Thomas Hoffmann (Speed4Trade GmbH) > wrote: > >> Hello, >> >> > -Ursprüngliche Nachricht- >> > Von: Kevin Huntly >> > Gesendet: Samstag, 8. April 2023 19:40 >> > An: users@tomcat.apache.org >> > Betreff: just wondering.. encryption in context.xml? >> > >> > is there currently a method for encrypting or otherwise obfuscating >> passwords >> > (like for MySQL) in the context.mxl >> > >> > >> > Kevin Huntly >> > Email: kmhun...@gmail.com >> > Cell: 716/424-3311 >> > >> >> You might use environment variables or java system properties. >> If someone has access to your context.xml, then your server is >> compromised >> anyway. >> >> Greetings, >> Thomas >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Database connection pooling ..
Has anyone tried using the Tomcat 10 DBCP from a standalone java app? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Logging
Good coding does customer service. I wanted to thank whoever put this in the logs. :) 28-Mar-2023 06:56:26.974 WARNING [main] org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.getObjectInstance Name = model Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored. Sincerely, John Dale, MS MIS DB2DOM.COM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: service() failed with http error 502
yes .. gotta get that port correct. It's been awhile since I've needed to run command line HTTP request. :) On 3/22/23, Kevin Huntly wrote: > Just wondering, are you able to telnet from your webserver into the Tomcat > server over the appropriate port? e.g. 8443 or whatnot - whatever is > configured in Tomcat's server.xml > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Wed, Mar 22, 2023 at 3:22 PM Luis Ramos > wrote: > >> Hi List. >> In and around last windows updates for our WIN2019 box, our tomcat >> connector start to fail with the below error message. >> Setup is IIS 10->ISAPI connector => Tomcat 9 -> >> https://tomcat.apache.org/connectors-doc/webserver_howto/iis.html >> Has someone seen this behaivor? >> To be able to open the system I am bypassing the connector and listening >> in port 443 in server.xml directly. >> >> >> >> [Wed Mar 22 15:08:46.746 2023] [10780:14112] [error] >> ajp_connection_tcp_get_message::jk_ajp_common.c (1408): (tomcat01) wrong >> message size 18441 8192 from ::1:8009 >> [Wed Mar 22 15:08:46.751 2023] [10780:14112] [error] >> ajp_get_reply::jk_ajp_common.c (2285): (tomcat01) Tomcat is down or >> network >> problems. Part of the response has already been sent to the client >> [Wed Mar 22 15:08:46.753 2023] [10780:14112] [info] >> ajp_service::jk_ajp_common.c (2774): (tomcat01) sending request to tomcat >> failed (recoverable), because of protocol error (attempt=1) >> [Wed Mar 22 15:08:46.860 2023] [10780:14112] [error] >> ajp_connection_tcp_get_message::jk_ajp_common.c (1408): (tomcat01) wrong >> message size 18441 8192 from ::1:8009 >> [Wed Mar 22 15:08:46.865 2023] [10780:14112] [error] >> ajp_get_reply::jk_ajp_common.c (2285): (tomcat01) Tomcat is down or >> network >> problems. Part of the response has already been sent to the client >> [Wed Mar 22 15:08:46.868 2023] [10780:14112] [info] >> ajp_service::jk_ajp_common.c (2774): (tomcat01) sending request to tomcat >> failed (recoverable), because of protocol error (attempt=2) >> [Wed Mar 22 15:08:46.871 2023] [10780:14112] [error] >> ajp_service::jk_ajp_common.c (2795): (tomcat01) connecting to tomcat >> failed >> (rc=-11, errors=1, client_errors=0). >> [Wed Mar 22 15:08:46.873 2023] [10780:14112] [error] >> HttpExtensionProc::jk_isapi_plugin.c (2123): service() failed with http >> error 502 >> >> This e-mail message, including any attachment(s), is confidential and may >> also be legally privileged. It is intended solely for the addresse(s) and >> others authorized to receive it. If you are not the intended recipient >> you >> are hereby notified that any disclosure, copying, distribution or taking >> any action in reliance on the contents of this email is strictly >> prohibited >> and may be unlawful. If you have received this e-mail in error you are >> requested to delete it from your system and to notify us by replying to >> this message immediately. CNT Infotech is not liable for the improper >> transmission of this message nor for any damage sustained as a result of >> this message. > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
"WTH" - holy heck! :D Polymorphism, abstraction of interfaces .. standar OO, but definitely not kids stuff to get everything to spec/standard (including the SQL or proc invocations)! :) JDBC has been a very good interface despite/after O/R M challenges met. Sysadmin is my second language to database design and JSON morphism. On 3/21/23, Christopher Schultz wrote: > Kevin, > > On 3/20/23 20:12, Kevin Huntly wrote: >> I actually fixed (well, figured out) the MySQL problem - it looks like >> it's >> hard coded to a 2048b DH key, but I configured my servers for CIS level 2 >> which wants a minimum 3072. I can update the openssl config to utilize a >> lower security level and it works just fine. > > When you say "hard coded" what exactly do you mean? You can change the > key+cert at any time. > >> I don't want to do that, but I don't want to have a nonsecure instance >> either. so im probably going to go with an ssh tunnel since this is just >> dev and it won't be going to production (our prod is db2) > > Sounds like: > 1. This is dev, so you should fix your key+cert instead of hacking stunnel > 2. You are using different databases in different environments. WTH? > > -chris > >> On Mon, Mar 20, 2023, 20:09 Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> >>> Kevin, >>> >>> On 3/18/23 19:04, Kevin Huntly wrote: >>>> I can't use tomcat 10 because of the switch to jakarta for the servlet >>>> container - I'd have to rewrite a lot of code. That being said, I got >>>> it >>>> fixed: >>>> >>>> All JDBC and JNDI lookups were prefixed with "java:comp/env/" and >>>> things >>>> worked. Clearly, IBM's WebSphere does this for you, since that's >>> primarily >>>> what I develop against... >>> >>> I had to read the whole thread to find this ^^^. You are correct, Tomcat >>> gives you an initial context that is rooted at, well, the root of the >>> JNDI tree. IMHO any product that locks you into java:comp/env is doing >>> you a disservice. >>> >>> It wasn't clear to me whether you were using Tomcat's "global naming >>> resources" or per-context resources. Your posted snippets have all >>> expired so I couldn't look at them. >>> >>> But it looks like you have everything working, so ... great! >>> >>> You mentioned having a MySQL/MariaDB admin question. Please post that >>> separately (different thread, different subject) and annotate it with a >>> "[OT]" prefix to indicate that it's off-topic. We may have answers for >>> you (I know a lot about MySQL/MariaDB) but this isn't the "correct" >>> forum for such questions, hence the "off-topic" moniker. >>> >>> -chris >>> >>>> >>>> >>>> Kevin Huntly >>>> Email: kmhun...@gmail.com >>>> Cell: 716/424-3311 >>>> >>>> >>>> -BEGIN GEEK CODE BLOCK- >>>> Version: 1.0 >>>> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >>>> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >>>> PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >>>> G++ e(+) h--- r+++ y+++* >>>> --END GEEK CODE BLOCK-- >>>> >>>> >>>> On Sat, Mar 18, 2023 at 6:31 PM John Dale (DB2DOM) >>>> wrote: >>>> >>>>> Here's what I use for development: >>>>> >>>>> apache-tomcat-10.0.6 >>>>> >>>>> java --version >>>>> openjdk 11.0.9.1 2020-11-04 >>>>> OpenJDK Runtime Environment (build 11.0.9.1+1-post-Raspbian-1deb10u2) >>>>> OpenJDK Server VM (build 11.0.9.1+1-post-Raspbian-1deb10u2, mixed >>>>> mode) >>>>> >>>>> I have tremendous success running this combination. >>>>> >>>>> For production .. >>>>> >>>>> Raspbian flows through to ubuntu/debian with practically no issues >>>>> except Pi has a problem with ipchainining and NAT. >>>>> >>>>> Start firing away to jcdw...@gmail.com with questions regarding MySQL. >>>>> >>>>> I'll do what I can. >>>>> >>>>> John >>>>> >>>>> >>>>> On 3/18/23, Kevin Huntly wrote: >>>>&g
Re: Unable to start application
Glad to hear this was identified and you have a workaround. Software sure does get messy sometimes .. most folks don't appreciate the difficulty of the work. On 3/20/23, Kevin Huntly wrote: > Hey Chris! > > I actually fixed (well, figured out) the MySQL problem - it looks like it's > hard coded to a 2048b DH key, but I configured my servers for CIS level 2 > which wants a minimum 3072. I can update the openssl config to utilize a > lower security level and it works just fine. > > I don't want to do that, but I don't want to have a nonsecure instance > either. so im probably going to go with an ssh tunnel since this is just > dev and it won't be going to production (our prod is db2) > > On Mon, Mar 20, 2023, 20:09 Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> Kevin, >> >> On 3/18/23 19:04, Kevin Huntly wrote: >> > I can't use tomcat 10 because of the switch to jakarta for the servlet >> > container - I'd have to rewrite a lot of code. That being said, I got >> > it >> > fixed: >> > >> > All JDBC and JNDI lookups were prefixed with "java:comp/env/" and >> > things >> > worked. Clearly, IBM's WebSphere does this for you, since that's >> primarily >> > what I develop against... >> >> I had to read the whole thread to find this ^^^. You are correct, Tomcat >> gives you an initial context that is rooted at, well, the root of the >> JNDI tree. IMHO any product that locks you into java:comp/env is doing >> you a disservice. >> >> It wasn't clear to me whether you were using Tomcat's "global naming >> resources" or per-context resources. Your posted snippets have all >> expired so I couldn't look at them. >> >> But it looks like you have everything working, so ... great! >> >> You mentioned having a MySQL/MariaDB admin question. Please post that >> separately (different thread, different subject) and annotate it with a >> "[OT]" prefix to indicate that it's off-topic. We may have answers for >> you (I know a lot about MySQL/MariaDB) but this isn't the "correct" >> forum for such questions, hence the "off-topic" moniker. >> >> -chris >> >> > >> > >> > Kevin Huntly >> > Email: kmhun...@gmail.com >> > Cell: 716/424-3311 >> > >> > >> > -BEGIN GEEK CODE BLOCK- >> > Version: 1.0 >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> > G++ e(+) h--- r+++ y+++* >> > --END GEEK CODE BLOCK-- >> > >> > >> > On Sat, Mar 18, 2023 at 6:31 PM John Dale (DB2DOM) >> > wrote: >> > >> >> Here's what I use for development: >> >> >> >> apache-tomcat-10.0.6 >> >> >> >> java --version >> >> openjdk 11.0.9.1 2020-11-04 >> >> OpenJDK Runtime Environment (build 11.0.9.1+1-post-Raspbian-1deb10u2) >> >> OpenJDK Server VM (build 11.0.9.1+1-post-Raspbian-1deb10u2, mixed >> >> mode) >> >> >> >> I have tremendous success running this combination. >> >> >> >> For production .. >> >> >> >> Raspbian flows through to ubuntu/debian with practically no issues >> >> except Pi has a problem with ipchainining and NAT. >> >> >> >> Start firing away to jcdw...@gmail.com with questions regarding MySQL. >> >> >> >> I'll do what I can. >> >> >> >> John >> >> >> >> >> >> On 3/18/23, Kevin Huntly wrote: >> >>> Hey Everyone, >> >>> >> >>> Is this possibly happening because I'm using JDK19 and not 8 or 9? >> >>> >> >>> >> >>> Kevin Huntly >> >>> Email: kmhun...@gmail.com >> >>> Cell: 716/424-3311 >> >>> >> >>> >> >>> -BEGIN GEEK CODE BLOCK- >> >>> Version: 1.0 >> >>> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> >>> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> >>> PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> >>> G++ e(+) h--- r+++ y+++* >> >>> --END GEEK CODE BLOCK-- >> >>> &
Re: Unable to start application
Here's what I use for development: apache-tomcat-10.0.6 java --version openjdk 11.0.9.1 2020-11-04 OpenJDK Runtime Environment (build 11.0.9.1+1-post-Raspbian-1deb10u2) OpenJDK Server VM (build 11.0.9.1+1-post-Raspbian-1deb10u2, mixed mode) I have tremendous success running this combination. For production .. Raspbian flows through to ubuntu/debian with practically no issues except Pi has a problem with ipchainining and NAT. Start firing away to jcdw...@gmail.com with questions regarding MySQL. I'll do what I can. John On 3/18/23, Kevin Huntly wrote: > Hey Everyone, > > Is this possibly happening because I'm using JDK19 and not 8 or 9? > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Sat, Mar 18, 2023 at 5:10 PM Kevin Huntly wrote: > >> Hey John - if you're out there can you email me direct? I have a MySQL >> admin question if you have the time and the inclination >> >> >> Kevin Huntly >> Email: kmhun...@gmail.com >> Cell: 716/424-3311 >> >> >> -BEGIN GEEK CODE BLOCK- >> Version: 1.0 >> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> G++ e(+) h--- r+++ y+++* >> --END GEEK CODE BLOCK-- >> >> >> On Sat, Mar 18, 2023 at 1:40 PM Kevin Huntly wrote: >> >>> any other ideas guys? I want to migrate a bunch of really awful apps off >>> our primary application server so they don't cause us headaches anymore. >>> if >>> I can't get one app working I have no hope of getting others to work lol >>> >>> On Sat, Mar 18, 2023, 09:16 John Dale (DB2DOM) >>> wrote: >>> >>>> Thanks Mark - are statics reloaded now, too? >>>> >>>> I touch web.xml and it's reloaded successfully hundreds of times. >>>> >>>> But I don't use war files so I can use git to version and transfer my >>>> builds ... maybe that's the reason? >>>> >>>> John >>>> >>>> >>>> On 3/18/23, Mark Thomas wrote: >>>> > On 17/03/2023 23:18, John Dale (DB2DOM) wrote: >>>> >> ok - "mnet" should be "ment" >>>> > >>>> > From the logs excerpt I saw earlier in the thread, that needs fixing >>>> > (although it was only a test element). I don't think it will break >>>> > anything else but better to remove the noise from the logs. >>>> > >>>> >> I figured I'd spell that out and behave like a compiler. :) >>>> >> >>>> >> I would also move that configuration into server.xml (it's a major >>>> >> difference between your configuration and mine). >>>> > >>>> > That configuration style is NOT recommended. It means you have no >>>> choice >>>> > but to restart Tomcat if you change the Context configuration. If it >>>> > is >>>> > in a separate Context file, Tomcat will reload the web application >>>> > automatically if you change the Context file. >>>> > >>>> > Stick with: >>>> > >>>> /opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml >>>> > >>>> > Do NOT specify a path attribute for the Context. It will be ignored. >>>> > >>>> > Where is the JDBC driver located? It needs to be in >>>> ${CATALINA_BASE}/lib >>>> > and not part of the WAR. >>>> > >>>> > Can we see the full logs from a clean start-up please? >>>> > >>>> > Mark >>>> > >>>> > >>>> >> >>>> >> Lastly, maybe to help debug a future issue, did you compile your >>>> >> project files against the tomcat libs included with your >>>> >> distribution, >>>> >> or did you drop them into this version of tomcat from another >>>> >> version? >>>> >> Probably won'
Re: SSL issue
Noted - excellent! On 3/18/23, Kevin Huntly wrote: > I was able to read the keystore with both openssl and keytool, but for some > reason the private key within the pkcs#12 file had a different password > than the keystone password. I ended up just rebuilding the cert and the > keystore, and it's working now. Thanks ! > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Sat, Mar 18, 2023 at 3:27 PM Thomas Hoffmann (Speed4Trade GmbH) > wrote: > >> Hello, >> >> the relevant error is: >> Caused by: javax.crypto.BadPaddingException: Given final block not >> properly padded. Such issues can arise if a bad key is used during >> decryption. >> >> It seems there is something wrong with your keystore. >> Are both, private and public key in the p12 file? >> Can you check the contents with keytool? >> Alternatively, you can also use pem files, they are more readable than >> p12. >> >> Greetings, Thomas >> >> > -Ursprüngliche Nachricht- >> > Von: Kevin Huntly >> > Gesendet: Samstag, 18. März 2023 19:15 >> > An: users@tomcat.apache.org >> > Betreff: SSL issue >> > >> > Hello Everyone, >> > >> > I'm having an issue with my SSL connector: >> > >> > >> > 18-Mar-2023 14:12:46.996 SEVERE [main] >> > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed >> > to >> > initialize component >> [Connector[org.apache.coyote.http11.Http11Nio2Protocol- >> > 8443]] >> > org.apache.catalina.LifecycleException: Protocol handler >> initialization >> > failed >> > at >> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1014) >> > at >> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> > at >> > >> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549 >> > ) >> > at >> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> > at >> > >> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1032) >> > at >> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> > at >> > org.apache.catalina.startup.Catalina.load(Catalina.java:724) >> > at >> > org.apache.catalina.startup.Catalina.load(Catalina.java:746) >> > at >> > >> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMeth >> > odHandleAccessor.java:104) >> > at >> > java.base/java.lang.reflect.Method.invoke(Method.java:578) >> > at >> > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) >> > at >> > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) >> > Caused by: java.lang.IllegalArgumentException: Get Key failed: >> > Given final block not properly padded. Such issues can arise if a bad >> key is used >> > during decryption. >> > at >> > org.apache.tomcat.util.net >> .AbstractJsseEndpoint.createSSLContext(AbstractJsse >> > Endpoint.java:107) >> > at >> > org.apache.tomcat.util.net >> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi >> > nt.java:71) >> > at >> > org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146) >> > at >> > org.apache.tomcat.util.net >> .AbstractEndpoint.bindWithCleanup(AbstractEndpoin >> > t.java:1302) >> > at >> > org.apache.tomcat.util.net >> .AbstractEndpoint.init(AbstractEndpoint.java:1315) >> > at >> > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652) >> > at >> > >> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j >> > ava:75) >> > at >> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) >> > ... 11 more >> > Caused by: java.security.UnrecoverableKeyException: Get Key >> failed: >> > Given final block not properly padded. Such issues can arise if a bad >> key is used >> > during decryption. >> > at >> > >> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.j >> > ava:454) >> > at >> > >> java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator >> > .java:91) >> > at >> > java.base/java.security.KeyStore.getKey(KeyStore.java:1077) >> > at >> > org.apache.tomcat.util.net >> .SSLUtilBase.getKeyManagers(SSLUtilBase.java:353) >> > at >> > org.apache.tomcat.util.net >> .SSLUtilBase.createSSLContext(SSLUtilBase.java:246) >> > at >>
Re: SSL issue
What kind of key are you using? I generate my certs with certbot. The result needs to be converted thusly to be used: openssl pkcs12 -export -out mykey-bundle.pfx -inkey myprivkey.pem -in cert.pem -certfile chain.pem -password pass:superdupersecretnoteventhealiensknow Is this a possible source of the issue? On 3/18/23, Kevin Huntly wrote: > Hello Everyone, > > I'm having an issue with my SSL connector: > > > 18-Mar-2023 14:12:46.996 SEVERE [main] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > initialize component > [Connector[org.apache.coyote.http11.Http11Nio2Protocol-8443]] > org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1014) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1032) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:724) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:746) > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104) > at > java.base/java.lang.reflect.Method.invoke(Method.java:578) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) > Caused by: java.lang.IllegalArgumentException: Get Key failed: > Given final block not properly padded. Such issues can arise if a bad key > is used during decryption. > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) > at > org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146) > at > org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1302) > at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1315) > at > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652) > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75) > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) > ... 11 more > Caused by: java.security.UnrecoverableKeyException: Get Key failed: > Given final block not properly padded. Such issues can arise if a bad key > is used during decryption. > at > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:454) > at > java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:91) > at > java.base/java.security.KeyStore.getKey(KeyStore.java:1077) > at > org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:353) > at > org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105) > ... 18 more > Caused by: javax.crypto.BadPaddingException: Given final block not > properly padded. Such issues can arise if a bad key is used during > decryption. > at > java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:861) > at > java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:941) > at > java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:734) > at > java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:310) > at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2207) > at > java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:370) > at > java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:257) > at > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:361) > ... 23 more > > > And my SSL config: > > > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" > address="0.0.0.0" port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25"
Re: Unable to start application
Thanks Mark - are statics reloaded now, too? I touch web.xml and it's reloaded successfully hundreds of times. But I don't use war files so I can use git to version and transfer my builds ... maybe that's the reason? John On 3/18/23, Mark Thomas wrote: > On 17/03/2023 23:18, John Dale (DB2DOM) wrote: >> ok - "mnet" should be "ment" > > From the logs excerpt I saw earlier in the thread, that needs fixing > (although it was only a test element). I don't think it will break > anything else but better to remove the noise from the logs. > >> I figured I'd spell that out and behave like a compiler. :) >> >> I would also move that configuration into server.xml (it's a major >> difference between your configuration and mine). > > That configuration style is NOT recommended. It means you have no choice > but to restart Tomcat if you change the Context configuration. If it is > in a separate Context file, Tomcat will reload the web application > automatically if you change the Context file. > > Stick with: > /opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml > > Do NOT specify a path attribute for the Context. It will be ignored. > > Where is the JDBC driver located? It needs to be in ${CATALINA_BASE}/lib > and not part of the WAR. > > Can we see the full logs from a clean start-up please? > > Mark > > >> >> Lastly, maybe to help debug a future issue, did you compile your >> project files against the tomcat libs included with your distribution, >> or did you drop them into this version of tomcat from another version? >> Probably won't matter since you should be coded to the interfaces, >> but one never knows. >> >> John >> >> On 3/17/23, Kevin Huntly wrote: >>> no I think it has something to do with it but I'm not sure. I'll try >>> taking >>> out the environment values and see what happens >>> >>> On Fri, Mar 17, 2023, 19:11 John Dale (DB2DOM) >>> wrote: >>> >>>> In the log you sent below, I see a typo: >>>> Context/Environmnet >>>> >>>> Does that have something to do with it, or is this a typo in tomcat >>>> logging? >>>> >>>> >>>> >>>> >>>> On 3/17/23, Kevin Huntly wrote: >>>>> yes, under Catalina/localhost >>>>> >>>>> On Fri, Mar 17, 2023, 19:07 John Dale (DB2DOM) >>>> wrote: >>>>> >>>>>> Are you modifying a context.xml file in the conf folder? >>>>>> >>>>>> On 3/17/23, Kevin Huntly wrote: >>>>>>> Also of note: >>>>>>> >>>>>>> 17-Mar-2023 17:25:42.113 INFO [main] >>>>>>> org.apache.catalina.startup.HostConfig.deployDescriptor Deploying >>>>>>> deployment descriptor >>>>>>> >>>>>> >>>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] >>>>>>> 17-Mar-2023 17:25:42.174 WARNING [main] >>>>>>> org.apache.tomcat.util.digester.Digester.endElement No rules found >>>>>> matching >>>>>>> [Context/Environmnet] >>>>>>> >>>>>>> >>>>>>> Kevin Huntly >>>>>>> Email: kmhun...@gmail.com >>>>>>> Cell: 716/424-3311 >>>>>>> >>>>>>> >>>>>>> -BEGIN GEEK CODE BLOCK- >>>>>>> Version: 1.0 >>>>>>> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >>>>>>> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >>>>>>> PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >>>>>>> G++ e(+) h--- r+++ y+++* >>>>>>> --END GEEK CODE BLOCK-- >>>>>>> >>>>>>> >>>>>>> On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly >>>>>>> wrote: >>>>>>> >>>>>>>> Here's my santized server.xml and context.xml >>>>>>>> >>>>>>>> server.xml -> https://pastebin.com/Bj6Wh0qU >>>>>>>> context.xml -> https://pastebin.com/Z3dBf3eK >>>>>>>> >>>>>>> >>>>>> >>>>>> - >>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>>> >>>>>> >>>>> >>>> >>>> - >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AW: Unable to start application
Still at it I see! :) Would you mind clearing and inspecting all logs very closely after reboot? Maybe it would also be useful to undeploy, capture logs, and diff them (never tried that, seemed like a good idea)? Sometimes it's a single word in the log file that triggers the solution, and doing diligent inspection of the logs after each change is a good idea to avoid compounding variables. John On 3/18/23, Kevin Huntly wrote: > morning all, > > you are correct, i forgot to chmod 644 the jar when I copied it - I did > that, restarted, no change, I turned off selinux and restarted, no change. > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Sat, Mar 18, 2023 at 7:16 AM Simon Matter > wrote: > >> Hi, >> >> > On 18/03/2023 10:43, Thomas Hoffmann (Speed4Trade GmbH) wrote: >> >> Hello, >> >> >> >>> -Ursprüngliche Nachricht- >> >>> Von: Kevin Huntly >> >>> Gesendet: Samstag, 18. März 2023 11:10 >> >>> An: Tomcat Users List >> >>> Betreff: Re: Unable to start application >> >>> >> >>> Here are the logs - >> >>> https://drive.google.com/file/d/1jBsNaW_bQJ4KcDSvucJ5QWo642He6bgb/view >> >>> ?usp=sharing >> >>> >> >>> The JDBC driver is located under /opt/mysql/, and I added that path >> >>> to >> >>> catalina.properties under the common loader. I did try to move it >> >>> into >> >>> ${catalina.home}/lib, this did not change anything. >> >>> >> >> >> >> >> >> This message looks strange: >> >> 18-Mar-2023 06:06:13.305 WARNING [main] >> >> org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem >> >> with >> >> JAR file >> >> >> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/lib/mysql-connector-j-8.0.32.jar], >> >> exists: [true], canRead: [false] >> >> >> >> It seems that it cant load the jdbc driver from that path. >> >> Could you download the jar again from the mysql website and replace >> >> it? >> >> Can you open/unpack the jar without errors? >> > >> > More likely a permissions problem. That warning is generated before >> > Tomcat tries loading the file. It means a call to >> > java.io.File.canRead() >> > returned false. >> > >> > Mark >> >> Since this is on RHEL, it could also be an SELinux problem where access >> to >> the JAR is denied. >> >> Regards, >> Simon >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
Some context regarding context.xml https://serverfault.com/questions/177862/how-to-add-multiple-context-elements-to-conf-context-xml-in-tomcat6 On 3/17/23, Kevin Huntly wrote: > no I think it has something to do with it but I'm not sure. I'll try taking > out the environment values and see what happens > > On Fri, Mar 17, 2023, 19:11 John Dale (DB2DOM) wrote: > >> In the log you sent below, I see a typo: >> Context/Environmnet >> >> Does that have something to do with it, or is this a typo in tomcat >> logging? >> >> >> >> >> On 3/17/23, Kevin Huntly wrote: >> > yes, under Catalina/localhost >> > >> > On Fri, Mar 17, 2023, 19:07 John Dale (DB2DOM) >> wrote: >> > >> >> Are you modifying a context.xml file in the conf folder? >> >> >> >> On 3/17/23, Kevin Huntly wrote: >> >> > Also of note: >> >> > >> >> > 17-Mar-2023 17:25:42.113 INFO [main] >> >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying >> >> > deployment descriptor >> >> > >> >> >> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] >> >> > 17-Mar-2023 17:25:42.174 WARNING [main] >> >> > org.apache.tomcat.util.digester.Digester.endElement No rules found >> >> matching >> >> > [Context/Environmnet] >> >> > >> >> > >> >> > Kevin Huntly >> >> > Email: kmhun...@gmail.com >> >> > Cell: 716/424-3311 >> >> > >> >> > >> >> > -BEGIN GEEK CODE BLOCK- >> >> > Version: 1.0 >> >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> >> > G++ e(+) h--- r+++ y+++* >> >> > --END GEEK CODE BLOCK-- >> >> > >> >> > >> >> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly >> >> > wrote: >> >> > >> >> >> Here's my santized server.xml and context.xml >> >> >> >> >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> >> >> context.xml -> https://pastebin.com/Z3dBf3eK >> >> >> >> >> > >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> >> >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
ok - "mnet" should be "ment" I figured I'd spell that out and behave like a compiler. :) I would also move that configuration into server.xml (it's a major difference between your configuration and mine). I have never used conf/Context.xml to configure my applications. I've always either put it into the webapp, or included it in server.xml Lastly, maybe to help debug a future issue, did you compile your project files against the tomcat libs included with your distribution, or did you drop them into this version of tomcat from another version? Probably won't matter since you should be coded to the interfaces, but one never knows. John On 3/17/23, Kevin Huntly wrote: > no I think it has something to do with it but I'm not sure. I'll try taking > out the environment values and see what happens > > On Fri, Mar 17, 2023, 19:11 John Dale (DB2DOM) wrote: > >> In the log you sent below, I see a typo: >> Context/Environmnet >> >> Does that have something to do with it, or is this a typo in tomcat >> logging? >> >> >> >> >> On 3/17/23, Kevin Huntly wrote: >> > yes, under Catalina/localhost >> > >> > On Fri, Mar 17, 2023, 19:07 John Dale (DB2DOM) >> wrote: >> > >> >> Are you modifying a context.xml file in the conf folder? >> >> >> >> On 3/17/23, Kevin Huntly wrote: >> >> > Also of note: >> >> > >> >> > 17-Mar-2023 17:25:42.113 INFO [main] >> >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying >> >> > deployment descriptor >> >> > >> >> >> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] >> >> > 17-Mar-2023 17:25:42.174 WARNING [main] >> >> > org.apache.tomcat.util.digester.Digester.endElement No rules found >> >> matching >> >> > [Context/Environmnet] >> >> > >> >> > >> >> > Kevin Huntly >> >> > Email: kmhun...@gmail.com >> >> > Cell: 716/424-3311 >> >> > >> >> > >> >> > -BEGIN GEEK CODE BLOCK- >> >> > Version: 1.0 >> >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> >> > G++ e(+) h--- r+++ y+++* >> >> > --END GEEK CODE BLOCK-- >> >> > >> >> > >> >> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly >> >> > wrote: >> >> > >> >> >> Here's my santized server.xml and context.xml >> >> >> >> >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> >> >> context.xml -> https://pastebin.com/Z3dBf3eK >> >> >> >> >> > >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> >> >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
In the log you sent below, I see a typo: Context/Environmnet Does that have something to do with it, or is this a typo in tomcat logging? On 3/17/23, Kevin Huntly wrote: > yes, under Catalina/localhost > > On Fri, Mar 17, 2023, 19:07 John Dale (DB2DOM) wrote: > >> Are you modifying a context.xml file in the conf folder? >> >> On 3/17/23, Kevin Huntly wrote: >> > Also of note: >> > >> > 17-Mar-2023 17:25:42.113 INFO [main] >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying >> > deployment descriptor >> > >> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] >> > 17-Mar-2023 17:25:42.174 WARNING [main] >> > org.apache.tomcat.util.digester.Digester.endElement No rules found >> matching >> > [Context/Environmnet] >> > >> > >> > Kevin Huntly >> > Email: kmhun...@gmail.com >> > Cell: 716/424-3311 >> > >> > >> > -BEGIN GEEK CODE BLOCK- >> > Version: 1.0 >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> > G++ e(+) h--- r+++ y+++* >> > --END GEEK CODE BLOCK-- >> > >> > >> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly >> > wrote: >> > >> >> Here's my santized server.xml and context.xml >> >> >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> >> context.xml -> https://pastebin.com/Z3dBf3eK >> >> >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
Are you modifying a context.xml file in the conf folder? On 3/17/23, Kevin Huntly wrote: > Also of note: > > 17-Mar-2023 17:25:42.113 INFO [main] > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying > deployment descriptor > [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] > 17-Mar-2023 17:25:42.174 WARNING [main] > org.apache.tomcat.util.digester.Digester.endElement No rules found matching > [Context/Environmnet] > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly wrote: > >> Here's my santized server.xml and context.xml >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> context.xml -> https://pastebin.com/Z3dBf3eK >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
Did you try it with your actual context path? path="" would work for localhost:8080 path="mypath" would work for localhost:8080/mypath Obviously, replacing "mypath" with your path. On 3/17/23, Kevin Huntly wrote: > thank you i really appreciate that - and whats wrong with loonies and > toonies?! hahaha > > haven't figured it out yet, I did add the path="" tag, it didn't help at > all. its almost like its just ignoring the actual content of the > context.xml but is reading it, because it is attempting to deploy the app > based off the context - which is good, but bad that it's not reading the > resources. so not really sure what to do. > > on an unrelated note... I'm running this MySQL server right... lol > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Fri, Mar 17, 2023 at 6:30 PM John Dale (DB2DOM) > wrote: > >> Because you seem so humble and are willing to ask a lot of questions, >> I predict you'll be a very good DB2 admin or a very good whatever you >> choose to do. >> >> I do development/design on Oracle, SQL Server, and MariaDB. I haven't >> done anything with DB2 since 2003, and it was short lived. I prefer >> MariaDB these days, and to offload more risky scalability >> responsibilities to my middle ware. I administer MariaDB in the cloud >> and in our development environments. >> >> But since most of the concepts are the same from RDB to RDB, I could >> probably help you out as long as you don't pay in Canadian dollars. >> >> da da, CHING! :D >> >> So, did you figure it out? >> >> Sincerely, >> >> John >> >> >> On 3/17/23, Kevin Huntly wrote: >> > are you a db2 admin? I need one of those too hahaha - I became the db2 >> > admin at my job because I knew the most about it which isn't saying >> > much >> > lol >> > >> > On Fri, Mar 17, 2023, 18:17 John Dale (DB2DOM) >> wrote: >> > >> >> I'm not a guru regarding tomcat system ops .. I'm trying to hold down >> >> the fort until one of the really knowledgeable folks chimes-in if we >> >> can't figure it out. :) >> >> >> >> try setting path = "/mycontext" >> >> >> >> Also, I'm not sure how tomcat is going to resolve the names to service >> >> configurations and whatnot .. I tend to defer to spelling this stuff >> >> out directly when I can. >> >> >> >> Sincerely, >> >> >> >> John >> >> >> >> >> >> On 3/17/23, Kevin Huntly wrote: >> >> > I assumed the context is driven by the xml name - at least that's >> >> > what >> >> I've >> >> > read. happy to add it if it needs to be there >> >> > >> >> > On Fri, Mar 17, 2023, 18:11 John Dale (DB2DOM) >> >> wrote: >> >> > >> >> >> Did I miss something? >> >> >> >> >> >> Isn't there supposed to be a "path" element in your context? >> >> >> >> >> >> I'm seeing session cookie path, but not path. >> >> >> >> >> >> >> >> >> >> >> >> On 3/17/23, Kevin Huntly wrote: >> >> >> > Also of note: >> >> >> > >> >> >> > 17-Mar-2023 17:25:42.113 INFO [main] >> >> >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying >> >> >> > deployment descriptor >> >> >> > >> >> >> >> >> >> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] >> >> >> > 17-Mar-2023 17:25:42.174 WARNING [main] >> >> >> > org.apache.tomcat.util.digester.Digester.endElement No rules >> >> >> > found >> >> >> matching >> >> >> > [Context/Environmnet] >> >> >> > >> >> >> > >> >> >> > Kevin Huntly >> >> >> > Email: kmhun...@gmail.com
Re: Unable to start application
Because you seem so humble and are willing to ask a lot of questions, I predict you'll be a very good DB2 admin or a very good whatever you choose to do. I do development/design on Oracle, SQL Server, and MariaDB. I haven't done anything with DB2 since 2003, and it was short lived. I prefer MariaDB these days, and to offload more risky scalability responsibilities to my middle ware. I administer MariaDB in the cloud and in our development environments. But since most of the concepts are the same from RDB to RDB, I could probably help you out as long as you don't pay in Canadian dollars. da da, CHING! :D So, did you figure it out? Sincerely, John On 3/17/23, Kevin Huntly wrote: > are you a db2 admin? I need one of those too hahaha - I became the db2 > admin at my job because I knew the most about it which isn't saying much > lol > > On Fri, Mar 17, 2023, 18:17 John Dale (DB2DOM) wrote: > >> I'm not a guru regarding tomcat system ops .. I'm trying to hold down >> the fort until one of the really knowledgeable folks chimes-in if we >> can't figure it out. :) >> >> try setting path = "/mycontext" >> >> Also, I'm not sure how tomcat is going to resolve the names to service >> configurations and whatnot .. I tend to defer to spelling this stuff >> out directly when I can. >> >> Sincerely, >> >> John >> >> >> On 3/17/23, Kevin Huntly wrote: >> > I assumed the context is driven by the xml name - at least that's what >> I've >> > read. happy to add it if it needs to be there >> > >> > On Fri, Mar 17, 2023, 18:11 John Dale (DB2DOM) >> wrote: >> > >> >> Did I miss something? >> >> >> >> Isn't there supposed to be a "path" element in your context? >> >> >> >> I'm seeing session cookie path, but not path. >> >> >> >> >> >> >> >> On 3/17/23, Kevin Huntly wrote: >> >> > Also of note: >> >> > >> >> > 17-Mar-2023 17:25:42.113 INFO [main] >> >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying >> >> > deployment descriptor >> >> > >> >> >> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] >> >> > 17-Mar-2023 17:25:42.174 WARNING [main] >> >> > org.apache.tomcat.util.digester.Digester.endElement No rules found >> >> matching >> >> > [Context/Environmnet] >> >> > >> >> > >> >> > Kevin Huntly >> >> > Email: kmhun...@gmail.com >> >> > Cell: 716/424-3311 >> >> > >> >> > >> >> > -BEGIN GEEK CODE BLOCK- >> >> > Version: 1.0 >> >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> >> > G++ e(+) h--- r+++ y+++* >> >> > --END GEEK CODE BLOCK-- >> >> > >> >> > >> >> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly >> >> > wrote: >> >> > >> >> >> Here's my santized server.xml and context.xml >> >> >> >> >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> >> >> context.xml -> https://pastebin.com/Z3dBf3eK >> >> >> >> >> > >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> >> >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
All good information - thank you. In looking over your configuration file, I noticed that "webapps" was specified. I'm not sure about the "installed apps" folder (never used that). My preferred deployment model is to put my app outside tomcat and reference it from server.xml .. I do some limited contexts for file transfer/uploads in webapps that are accessible on all contexts (domain1.com/pdf, domain2.com/pdf, etc). I'm curious what you find out .. On 3/17/23, Kevin Huntly wrote: > also, to answer your other question - the app is installed as an exploded > war under ${catalina.home}/installed apps as specified in the docbase > > On Fri, Mar 17, 2023, 18:12 Kevin Huntly wrote: > >> I assumed the context is driven by the xml name - at least that's what >> I've read. happy to add it if it needs to be there >> >> On Fri, Mar 17, 2023, 18:11 John Dale (DB2DOM) wrote: >> >>> Did I miss something? >>> >>> Isn't there supposed to be a "path" element in your context? >>> >>> I'm seeing session cookie path, but not path. >>> >>> >>> >>> On 3/17/23, Kevin Huntly wrote: >>> > Also of note: >>> > >>> > 17-Mar-2023 17:25:42.113 INFO [main] >>> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying >>> > deployment descriptor >>> > >>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] >>> > 17-Mar-2023 17:25:42.174 WARNING [main] >>> > org.apache.tomcat.util.digester.Digester.endElement No rules found >>> matching >>> > [Context/Environmnet] >>> > >>> > >>> > Kevin Huntly >>> > Email: kmhun...@gmail.com >>> > Cell: 716/424-3311 >>> > >>> > >>> > -BEGIN GEEK CODE BLOCK- >>> > Version: 1.0 >>> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >>> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >>> > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >>> > G++ e(+) h--- r+++ y+++* >>> > --END GEEK CODE BLOCK-- >>> > >>> > >>> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly >>> wrote: >>> > >>> >> Here's my santized server.xml and context.xml >>> >> >>> >> server.xml -> https://pastebin.com/Bj6Wh0qU >>> >> context.xml -> https://pastebin.com/Z3dBf3eK >>> >> >>> > >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
I'm not a guru regarding tomcat system ops .. I'm trying to hold down the fort until one of the really knowledgeable folks chimes-in if we can't figure it out. :) try setting path = "/mycontext" Also, I'm not sure how tomcat is going to resolve the names to service configurations and whatnot .. I tend to defer to spelling this stuff out directly when I can. Sincerely, John On 3/17/23, Kevin Huntly wrote: > I assumed the context is driven by the xml name - at least that's what I've > read. happy to add it if it needs to be there > > On Fri, Mar 17, 2023, 18:11 John Dale (DB2DOM) wrote: > >> Did I miss something? >> >> Isn't there supposed to be a "path" element in your context? >> >> I'm seeing session cookie path, but not path. >> >> >> >> On 3/17/23, Kevin Huntly wrote: >> > Also of note: >> > >> > 17-Mar-2023 17:25:42.113 INFO [main] >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying >> > deployment descriptor >> > >> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] >> > 17-Mar-2023 17:25:42.174 WARNING [main] >> > org.apache.tomcat.util.digester.Digester.endElement No rules found >> matching >> > [Context/Environmnet] >> > >> > >> > Kevin Huntly >> > Email: kmhun...@gmail.com >> > Cell: 716/424-3311 >> > >> > >> > -BEGIN GEEK CODE BLOCK- >> > Version: 1.0 >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> > G++ e(+) h--- r+++ y+++* >> > --END GEEK CODE BLOCK-- >> > >> > >> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly >> > wrote: >> > >> >> Here's my santized server.xml and context.xml >> >> >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> >> context.xml -> https://pastebin.com/Z3dBf3eK >> >> >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
I'm using tomcat 10.x - I have had good luck putting everything into server.xml as such .. Engine Host Parameter Resource Context On 3/17/23, Kevin Huntly wrote: > Also of note: > > 17-Mar-2023 17:25:42.113 INFO [main] > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying > deployment descriptor > [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] > 17-Mar-2023 17:25:42.174 WARNING [main] > org.apache.tomcat.util.digester.Digester.endElement No rules found matching > [Context/Environmnet] > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly wrote: > >> Here's my santized server.xml and context.xml >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> context.xml -> https://pastebin.com/Z3dBf3eK >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
Where are you putting your Context file? Do you have a war file deployed into webapps/some.war? On 3/17/23, Kevin Huntly wrote: > Also of note: > > 17-Mar-2023 17:25:42.113 INFO [main] > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying > deployment descriptor > [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] > 17-Mar-2023 17:25:42.174 WARNING [main] > org.apache.tomcat.util.digester.Digester.endElement No rules found matching > [Context/Environmnet] > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly wrote: > >> Here's my santized server.xml and context.xml >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> context.xml -> https://pastebin.com/Z3dBf3eK >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
Did I miss something? Isn't there supposed to be a "path" element in your context? I'm seeing session cookie path, but not path. On 3/17/23, Kevin Huntly wrote: > Also of note: > > 17-Mar-2023 17:25:42.113 INFO [main] > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying > deployment descriptor > [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml] > 17-Mar-2023 17:25:42.174 WARNING [main] > org.apache.tomcat.util.digester.Digester.endElement No rules found matching > [Context/Environmnet] > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly wrote: > >> Here's my santized server.xml and context.xml >> >> server.xml -> https://pastebin.com/Bj6Wh0qU >> context.xml -> https://pastebin.com/Z3dBf3eK >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
Also, are you deploying a war file referenced outside of the tomcat home folder, or are you referencing an expanded directory? How much have you edited the default server.xml? Were there xml structural changes in the server.xml file or Context element from what you used to configure the server.xml and contex.xml file(s)? My gut is that there is a detail in your startup logs that will give us a critical clue. On 3/17/23, John Dale (DB2DOM) wrote: > Did you recursive file search "context.xml" in the tomcat root after > deployment? > > Maybe we can help narrow things down for Chris et al with a little > back and forth, or perhaps solve it ourselves. :) > > Try tailing the catalina, localhost, and other log files in the logs > directory on startup .. usually it will give you some more detailed > information about startup errors. > > I have luck killing the tomcat java process, then deleting everything > in the logs folder between test runs. > > Sincerely, > > John > > > > > On 3/17/23, Kevin Huntly wrote: >> There's no context.xml in the WAR >> >> >> Kevin Huntly >> Email: kmhun...@gmail.com >> Cell: 716/424-3311 >> >> >> -BEGIN GEEK CODE BLOCK- >> Version: 1.0 >> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> G++ e(+) h--- r+++ y+++* >> --END GEEK CODE BLOCK-- >> >> >> On Fri, Mar 17, 2023 at 5:00 PM John Dale (DB2DOM) >> wrote: >> >>> Dissect your deployment war, but also make sure you aren't defining a >>> context element in server.xml. Lastly, if memory serves, Tomcat also >>> allows context overrides in expanded war files. I eventually just >>> started managing server.xml metadata (context etc) to avoid conflicts >>> and simplify. "Hope dat heps." -- Rizzo >>> >>> On 3/17/23, Kevin Huntly wrote: >>> > Hello, >>> > >>> > I am unable to start my application on Tomcat 9.0.73 with JDK19 on >>> > RHEL >>> > 8.7. It appears to be ignoring everything in my context.xml, for >>> > example: >>> > >>> > >> > override="false" /> >>> > >>> > Code: >>> > >>> > try >>> > >>> > { >>> > >>> > Context initContext = new InitialContext(); >>> > >>> > environment = (String) initContext.lookup("environment"); >>> > >>> > } >>> > >>> > catch (final NamingException nx) >>> > >>> > { >>> > >>> > ERROR_RECORDER.error(nx.getMessage(), nx); >>> > >>> > } >>> > >>> > Exception: >>> > >>> > [2023-03-17T16:47:54.663-0400] GC(3) Concurrent Mark Cycle 89.898ms >>> > SecurityService: xmlURL provided was valid and found, continuing >>> > configuration >>> > Name [jdbc/cwssec] is not bound in this Context. Unable to find >>> > [jdbc]. >>> > eSolutionsCore: xmlURL provided was valid and found, continuing >>> > configuration >>> > Name [jdbc/esolutions] is not bound in this Context. Unable to find >>> [jdbc]. >>> > [Time: 17 Mar 2023 16:47:55,836][Thread: main][Log: >>> ERROR_RECORDER.][Level: >>> > ERROR] - [File: ResponseTimeFilter.java:80] - Name [environment] is >>> > not >>> > bound in this Context. Unable to find [environment]. >>> > javax.naming.NameNotFoundException: Name [environment] is not bound in >>> this >>> > Context. Unable to find [environment]. >>> > >>> > >>> > >>> > This code works just fine in other containers (for example, IBM >>> WebSphere), >>> > >>> > so I must be doing something wrong with the context file. Can anyone >>> > assist? >>> > >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
Did you recursive file search "context.xml" in the tomcat root after deployment? Maybe we can help narrow things down for Chris et al with a little back and forth, or perhaps solve it ourselves. :) Try tailing the catalina, localhost, and other log files in the logs directory on startup .. usually it will give you some more detailed information about startup errors. I have luck killing the tomcat java process, then deleting everything in the logs folder between test runs. Sincerely, John On 3/17/23, Kevin Huntly wrote: > There's no context.xml in the WAR > > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > > > -BEGIN GEEK CODE BLOCK- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > --END GEEK CODE BLOCK-- > > > On Fri, Mar 17, 2023 at 5:00 PM John Dale (DB2DOM) > wrote: > >> Dissect your deployment war, but also make sure you aren't defining a >> context element in server.xml. Lastly, if memory serves, Tomcat also >> allows context overrides in expanded war files. I eventually just >> started managing server.xml metadata (context etc) to avoid conflicts >> and simplify. "Hope dat heps." -- Rizzo >> >> On 3/17/23, Kevin Huntly wrote: >> > Hello, >> > >> > I am unable to start my application on Tomcat 9.0.73 with JDK19 on RHEL >> > 8.7. It appears to be ignoring everything in my context.xml, for >> > example: >> > >> > > > override="false" /> >> > >> > Code: >> > >> > try >> > >> > { >> > >> > Context initContext = new InitialContext(); >> > >> > environment = (String) initContext.lookup("environment"); >> > >> > } >> > >> > catch (final NamingException nx) >> > >> > { >> > >> > ERROR_RECORDER.error(nx.getMessage(), nx); >> > >> > } >> > >> > Exception: >> > >> > [2023-03-17T16:47:54.663-0400] GC(3) Concurrent Mark Cycle 89.898ms >> > SecurityService: xmlURL provided was valid and found, continuing >> > configuration >> > Name [jdbc/cwssec] is not bound in this Context. Unable to find [jdbc]. >> > eSolutionsCore: xmlURL provided was valid and found, continuing >> > configuration >> > Name [jdbc/esolutions] is not bound in this Context. Unable to find >> [jdbc]. >> > [Time: 17 Mar 2023 16:47:55,836][Thread: main][Log: >> ERROR_RECORDER.][Level: >> > ERROR] - [File: ResponseTimeFilter.java:80] - Name [environment] is not >> > bound in this Context. Unable to find [environment]. >> > javax.naming.NameNotFoundException: Name [environment] is not bound in >> this >> > Context. Unable to find [environment]. >> > >> > >> > >> > This code works just fine in other containers (for example, IBM >> WebSphere), >> > >> > so I must be doing something wrong with the context file. Can anyone >> > assist? >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start application
Dissect your deployment war, but also make sure you aren't defining a context element in server.xml. Lastly, if memory serves, Tomcat also allows context overrides in expanded war files. I eventually just started managing server.xml metadata (context etc) to avoid conflicts and simplify. "Hope dat heps." -- Rizzo On 3/17/23, Kevin Huntly wrote: > Hello, > > I am unable to start my application on Tomcat 9.0.73 with JDK19 on RHEL > 8.7. It appears to be ignoring everything in my context.xml, for example: > > override="false" /> > > Code: > > try > > { > > Context initContext = new InitialContext(); > > environment = (String) initContext.lookup("environment"); > > } > > catch (final NamingException nx) > > { > > ERROR_RECORDER.error(nx.getMessage(), nx); > > } > > Exception: > > [2023-03-17T16:47:54.663-0400] GC(3) Concurrent Mark Cycle 89.898ms > SecurityService: xmlURL provided was valid and found, continuing > configuration > Name [jdbc/cwssec] is not bound in this Context. Unable to find [jdbc]. > eSolutionsCore: xmlURL provided was valid and found, continuing > configuration > Name [jdbc/esolutions] is not bound in this Context. Unable to find [jdbc]. > [Time: 17 Mar 2023 16:47:55,836][Thread: main][Log: ERROR_RECORDER.][Level: > ERROR] - [File: ResponseTimeFilter.java:80] - Name [environment] is not > bound in this Context. Unable to find [environment]. > javax.naming.NameNotFoundException: Name [environment] is not bound in this > Context. Unable to find [environment]. > > > > This code works just fine in other containers (for example, IBM WebSphere), > > so I must be doing something wrong with the context file. Can anyone > assist? > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AW: AW: Having trouble with Tomcat crashes. Interesting memory numbers in Manager
I've tried profilers in the past, but I've never had much luck since you need a super computer to run them. Human intelligence rules .. read the code carefully, review it, step it with a debugger, and look for memory leak patterns. Mine have mostly been static and non static collections and HashMaps that keep growing, or rampant string creation wherein the GC couldn't keep up under load. Review the code .. become its master and empath. Memory leaks cause it pain. On 2/9/23, James H. H. Lampert wrote: > I've obtained some heap and CPU numbers, taking data at 15 minute > intervals, heap from WRKJVMJOB and CPU from WRKACTJOB. In two days of > this, I didn't witness any crashes; I did witness a near-miss, in which > heap-in-use hit 5011.938M (out of 5120). > > In discussion with our webapp developer (to whom we sent a catalina.out > excerpt), he observed that they were running Tomcat on a six-year-old > JVM (it identifies in a WRKJVMJOB as "1.8.0_151"; on the Manager page, > it identifies as "8.0.5.5 - pap6480sr5fp5-20171114_01(SR5 FP5)") with a > known issue (on Github, it's listed as 11493). He suggested that the > customer ought to try updating to a more recent Java. > > I've also asked on the IBM Midrange Java List whether we can go any > higher on the heap parameters (currently set at -Xms 4096 -Xmx 5120 for > that particular installation). > > -- > JHHL > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 10.1.4 HTTP Status 404 and 500 Help
Mark, Thanks for your corrections. I have updated my internal "How to" guide that I created when I first used Tomcat to build my servlets and it appears that some of my deductions from that initial research and "getting it to work" were misguided. John On Wed, 11 Jan 2023, 09:28 Mark Thomas, wrote: > > > On 10/01/2023 22:34, John Barrow wrote: > > Hi Anthony, > > > > Not an expert, but have managed to deploy simple servlets. A couple of > > observations, not sure why using ROOT, you should have your own folder > for > > your application (e.g. myFirstApp\...). > > Not true. ROOT is an acceptable option here. > > > Also, I have found that the main app folder (e.g. myFirstApp) must start > > with a lowercase letter (I don't know reason for this but have it in my > > notes) otherwise the servlets won't be found when accessing them through > a > > browser. > > Also not true. You may be mixing the rules for Java package names with > those for context paths. > > > Finally, the default install for TomCat has several example servlets > > already written so check that they work first and then take the sources > and > > clone them, using them as a guide for your own servlets. > > > > John > > > > PS: Probably worth reviewing what file names you use (see your > webapps.xml > > file) when making public requests so as not to inadvertently offend > anyone. > > +1 > > Mark > > > > > On Tue, 10 Jan 2023, 18:59 Anthony Dell'Anno, > > wrote: > > > >> Good afternoon, > >> > >> I'm trying to run my first servlet on Tomcat, and am continually > >> getting an HTTP Status 404 (I've also gotten 500 previously, with the > root > >> cause being an apparent compiler mismatch (it would say that it's being > >> compiled by version 63.0, which is Java 19, but that the latest version > >> that was currently accepted was version 59.0, or Java 15), but then > after > >> upgrading to JDK 19, changing the JAVA_HOME variable and trying to run, > it > >> would still give me the same error)? > >> > >> I have my Servlet, called HelloWorldServlet, located in the > >> "C:\apache-tomcat-10.1.4\webapps\ROOT\WEB-INF\classes\" directory, with > the > >> web.xml file being located outside of the classes folder, directly > inside > >> of the WEB-INF folder. > >> > >> I've included both files. StackOverflow wasn't much help as of > yet, so > >> I'm hoping that the Tomcat Users community can help me solve this so > that I > >> can continue learning servlets. I'm working on building my own software > >> company. > >> > >> Any help is appreciated. > >> > >> Thank you very much, > >> > >> Anthony Dell'Anno > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat 10.1.4 HTTP Status 404 and 500 Help
Hi Anthony, Not an expert, but have managed to deploy simple servlets. A couple of observations, not sure why using ROOT, you should have your own folder for your application (e.g. myFirstApp\...). Also, I have found that the main app folder (e.g. myFirstApp) must start with a lowercase letter (I don't know reason for this but have it in my notes) otherwise the servlets won't be found when accessing them through a browser. Finally, the default install for TomCat has several example servlets already written so check that they work first and then take the sources and clone them, using them as a guide for your own servlets. John PS: Probably worth reviewing what file names you use (see your webapps.xml file) when making public requests so as not to inadvertently offend anyone. On Tue, 10 Jan 2023, 18:59 Anthony Dell'Anno, wrote: > Good afternoon, > > I'm trying to run my first servlet on Tomcat, and am continually > getting an HTTP Status 404 (I've also gotten 500 previously, with the root > cause being an apparent compiler mismatch (it would say that it's being > compiled by version 63.0, which is Java 19, but that the latest version > that was currently accepted was version 59.0, or Java 15), but then after > upgrading to JDK 19, changing the JAVA_HOME variable and trying to run, it > would still give me the same error)? > > I have my Servlet, called HelloWorldServlet, located in the > "C:\apache-tomcat-10.1.4\webapps\ROOT\WEB-INF\classes\" directory, with the > web.xml file being located outside of the classes folder, directly inside > of the WEB-INF folder. > > I've included both files. StackOverflow wasn't much help as of yet, so > I'm hoping that the Tomcat Users community can help me solve this so that I > can continue learning servlets. I'm working on building my own software > company. > > Any help is appreciated. > > Thank you very much, > > Anthony Dell'Anno > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Compatibility, 32 bit ..
Is Tomcat's HTTP/S processing libraries modular and portable? On 11/3/22, Mark Thomas wrote: > On 02/11/2022 18:51, Christopher Schultz wrote: >> John, >> >> On 11/2/22 14:32, John Dale (DB2DOM) wrote: >>> On 11/2/22, Christopher Schultz wrote: >>>> John, >>>> >>>> On 11/2/22 12:44, John Dale (DB2DOM) wrote: >>>>> I'd like to continue to invest in Raspberry Pi, but also try to put >>>>> together a functional 32bit build of my software for those poor old >>>>> neglected closeted towers (really, poor things!). >>>>> >>>>> I should be able to do it, from the looks of this. >>>>> >>>>> Are you guys doing any kind of pruned down version of Tomcat or maybe >>>>> a configurable Tomcat that will only include some bare bones stuff >>>>> like request parsing, connection pooling, and (obviously) threading? >>>> >>>> You might be surprised to learn that Tomcat is pretty stripped-down >>>> already. What do you imagine that Tomcat is doing that is beyond what >>>> you have listed above? >>> >>> Isn't there still a lot of J2E code allowing deployment and processing >>> of J2E standards that aren't necessarily needed? What else? >> >> Well, it supports a few things that you may not use in your >> application(s), such as WebSocket, asynchronous I/O, JSP/EL, and JASPIC. >> Maybe you don't use JSPs, so you can throw-out the JSP and EL >> components. But if you don't use them, they are a few inert kilobytes of >> data on the disk. Same with JASPIC. Removing them would be more work >> than simply ignoring them. >> >> Tomcat 10.1 requires Java 11 because the specs it follows say that's the >> minimum required version, for whatever reason. >> >> The official Tomcat binary releases will be built using Java 11 and thus >> they must be run by Java 11 or later. >> >> But there's nothing stopping you from trying to use the source to build >> a Java-8-compatible build of Tomcat 10.1. I don't think we are using any >> source-level features of Java that actually require anything past Java >> 8. But if it vomits at runtime because something is missing because you >> actually /do/ need Java 11, then we're gonna tell you "don't do that." > > There are a few things that will break - and some of them are fairly > fundamental. > > The simplest way to see what is going to break is to look at the > org.apache.tomcat.util.compat package. Then you need to look at the > JreNCompat classes that have been removed as a result of the increase in > minimum Java version. For 10.0.x to 10.1.x that is Jre9Compat. > > If you want to run 10.1.x on Java 8, in theory you could revert the > commit that removed Jre9Compat but as Chris says you are very much on > your own in terms of support if things go wrong. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Compatibility, 32 bit ..
Greetings - thanks for the pointer below. Brought up some interesting questions below. How do changes at Oracle affect Tomcat? Has OpenJRE sufficiently insulated the risk? What would you say is the best O/R M tool for tomcat that still keeps coding hands-on with respect to connection management and MVC handler deployment/logic? What are some good object databases (are there any) that work well with Tomcat? On 11/3/22, Mark Thomas wrote: > On 02/11/2022 18:51, Christopher Schultz wrote: >> John, >> >> On 11/2/22 14:32, John Dale (DB2DOM) wrote: >>> On 11/2/22, Christopher Schultz wrote: >>>> John, >>>> >>>> On 11/2/22 12:44, John Dale (DB2DOM) wrote: >>>>> I'd like to continue to invest in Raspberry Pi, but also try to put >>>>> together a functional 32bit build of my software for those poor old >>>>> neglected closeted towers (really, poor things!). >>>>> >>>>> I should be able to do it, from the looks of this. >>>>> >>>>> Are you guys doing any kind of pruned down version of Tomcat or maybe >>>>> a configurable Tomcat that will only include some bare bones stuff >>>>> like request parsing, connection pooling, and (obviously) threading? >>>> >>>> You might be surprised to learn that Tomcat is pretty stripped-down >>>> already. What do you imagine that Tomcat is doing that is beyond what >>>> you have listed above? >>> >>> Isn't there still a lot of J2E code allowing deployment and processing >>> of J2E standards that aren't necessarily needed? What else? >> >> Well, it supports a few things that you may not use in your >> application(s), such as WebSocket, asynchronous I/O, JSP/EL, and JASPIC. >> Maybe you don't use JSPs, so you can throw-out the JSP and EL >> components. But if you don't use them, they are a few inert kilobytes of >> data on the disk. Same with JASPIC. Removing them would be more work >> than simply ignoring them. >> >> Tomcat 10.1 requires Java 11 because the specs it follows say that's the >> minimum required version, for whatever reason. >> >> The official Tomcat binary releases will be built using Java 11 and thus >> they must be run by Java 11 or later. >> >> But there's nothing stopping you from trying to use the source to build >> a Java-8-compatible build of Tomcat 10.1. I don't think we are using any >> source-level features of Java that actually require anything past Java >> 8. But if it vomits at runtime because something is missing because you >> actually /do/ need Java 11, then we're gonna tell you "don't do that." > > There are a few things that will break - and some of them are fairly > fundamental. > > The simplest way to see what is going to break is to look at the > org.apache.tomcat.util.compat package. Then you need to look at the > JreNCompat classes that have been removed as a result of the increase in > minimum Java version. For 10.0.x to 10.1.x that is Jre9Compat. > > If you want to run 10.1.x on Java 8, in theory you could revert the > commit that removed Jre9Compat but as Chris says you are very much on > your own in terms of support if things go wrong. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Compatibility, 32 bit ..
On 11/2/22, Christopher Schultz wrote: > John, > > On 11/2/22 12:44, John Dale (DB2DOM) wrote: >> I'd like to continue to invest in Raspberry Pi, but also try to put >> together a functional 32bit build of my software for those poor old >> neglected closeted towers (really, poor things!). >> >> I should be able to do it, from the looks of this. >> >> Are you guys doing any kind of pruned down version of Tomcat or maybe >> a configurable Tomcat that will only include some bare bones stuff >> like request parsing, connection pooling, and (obviously) threading? > > You might be surprised to learn that Tomcat is pretty stripped-down > already. What do you imagine that Tomcat is doing that is beyond what > you have listed above? Isn't there still a lot of J2E code allowing deployment and processing of J2E standards that aren't necessarily needed? What else? I agree that the download is still very reasonable and it's got great support because of you et al; clearly a good thing in the computing world that enabled me to create my DB2DOM doodad. Keep it up and thanks. > >> Thanks for the pointers .. I would like to try to meet you guys in >> person at a conference sometime to swap notes and be pals. > > You just missed your first opportunity in 3 years this past month, in > New Orleans. Well... some of us were there ;) I need to get to more conferences .. hopefully soon. I have so many questions. > > -chris > >> On 11/2/22, Christopher Schultz wrote: >>> John, >>> >>> On 10/28/22 10:46, John Dale (DB2DOM) wrote: >>>> I see .. Mark and/or Christopher - this means that no Tomcat 10, right? >>> >>> https://tomcat.apache.org/whichversion.html >>> >>> Tomcat 10.0, yes. >>> Tomcat 10.1, no. >>> >>> Tomcat 10.0 has been superseded and will not get any further updates, >>> thus you should not use it for any purpose IMO. >>> >>> -chris >>> >>>> On 10/28/22, Konstantin Kolinko wrote: >>>>> чт, 27 окт. 2022 г. в 18:02, John Dale (DB2DOM) : >>>>>> >>>>>> I had the same thought when I saw it. Here is java -version output >>>>>> complete: >>>>>> >>>>>> openjdk version "9-internal" >>>>>> OpenJDK Runtime Environment (build >>>>>> 9-internal+0-2016-04-14-195526.buildd.src) >>>>>> OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src, >>>>>> mixed >>>>>> mode) >>>>> >>>>> The first official release of Java 9 (GA release) was on 21 September >>>>> 2017 [1][2] >>>>> >>>>> What you are seeing here (built in 2016) apparently is some early >>>>> access >>>>> stuff. >>>>> >>>>> As a whole, Java 9 has already reached its end of life. (LTS releases >>>>> are Java 8, 11 and 17). >>>>> >>>>> [1] https://openjdk.org/projects/jdk9/ >>>>> [2[ https://en.wikipedia.org/wiki/Java_version_history >>>>> >>>>> Best regards, >>>>> Konstantin Kolinko >>>>> >>>>> - >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>>> >>>> >>>> - >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Compatibility, 32 bit ..
On 11/2/22, Christopher Schultz wrote: > John, > > On 11/2/22 12:41, John Dale (DB2DOM) wrote: > > > > [snip] > > >> I love some of the newer hardware, too, but even Raspberry Pi is not >> yet 64 bit, is it? > > It depends on which one. The Wikipedia article on RPi lists 4 different > units, 3 of which are 64-bit. > > > [snip] > > >> Can an old 32 bit machine do modern encryption for telecommunications? > > Yes. > >> Why are we still paying so much for phone service? > > Because we (presumably; I do) live in the US. Elsewhere in the world, > it's much better. We are being charged high rates simply because we fail > to refuse to do so. > >> Why aren't our high school grads capable of re-soldering components >> from these old boards and assembling them into something better and >> rewriting the software? > > Some of them are, but most of them are not. It takes knowledge and skill > and desire. Soldering boards isn't on the top-ten list of most > graduating high-school seniors. > > If you are bemoaning the Linux kernel dropping support for i486, you > might want to read about /why/ they are doing it. Honestly I'm not much of a bomoaner. I am pretty conservative when it comes to throwing away useful stuff (as you can imagine). Thanks for the replies and have a good one! :) > > -chris > >> On 11/2/22, Christopher Schultz wrote: >>> John, >>> >>> On 10/27/22 11:03, John Dale (DB2DOM) wrote: >>>> Does anyone know of a report detailing how much of this older hardware >>>> is still out there and floating around? >>> >>> You mean like a list of all pieced of hardware ever sold and never >>> scrapped? >>> >>> I think that would be practically impossible. >>> >>> I have a Palm 7 on a box in my office that has never been inventoried by >>> anybody and could possibly be plugged back in at any moment. There are >>> probably warehouses of stuff like what worldwide and you never know when >>> someone is going to plug-in any one of those devices and start playing >>> with it again. >>> >>>> Big picture: >>>> It's a lot of computer power in the event manufacturing hits a hiccup, >>>> I wouldn't want to be caught flat-footed until it could be >>>> re-established. >>> >>> Are you suggesting that Linux should not drop support for i486 >>> architecture because if new machines aren't available due to >>> supply-chain issues, we might all have to re-rack 486s to keep our >>> services running? That sounds insane. We would simply do without. I'd >>> sooner put my old mobile phones into service supporting my applications >>> than an old i486. They are more powerful and reliable, and use less >>> electricity. >>> >>> There's a reason Linus wants to kill i486 support: >>> >>> "At some point, people have them as museum pieces. They might as well >>> run museum kernels." - Linus Torvalds >>> >>>> I like to build distilled portable stuff for that reason. I think >>>> DB2DOM could run on some really old versions of all of our favorite >>>> software if needed. >>> Great. I'm sure the transactions will only take a couple of seconds to >>> commit. No problem ;) >>> >>> -chris >>> >>>> On 10/26/22, Christopher Schultz wrote: >>>>> Shawn, >>>>> >>>>> On 10/26/22 00:14, Shawn Heisey wrote: >>>>>> The Linux kernel dropped support for 386 and 486 CPUs some time ago. >>>>> >>>>> I was reading about this today, actually. Linux is currently actively >>>>> advocating for dropping 486 support, so it must still be in there. >>>>> >>>>> -chris >>>>> >>>>> - >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>>> >>>> >>>> - >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Compatibility, 32 bit ..
Excellent! My confusion was due to the slow-coming 64 bit OS release. Thanks for clearing that up. I'm using the 64 bit version on most of my devices. John On 11/2/22, Felix Schumacher wrote: > > Am 02.11.22 um 17:41 schrieb John Dale (DB2DOM): >> Chris enters the room, gazes upon seven orcs, draws his sword, and >> opens the can of worms. >> >> Ooooh .. Philosophy. >> >> I love philosophy. >> >> :) >> >> Good philosophy starts with good questions. >> >> I love some of the newer hardware, too, but even Raspberry Pi is not >> yet 64 bit, is it? > Raspberry Pi is 64 Bit, (maybe not all of them), I am running an 64 Bit > OS on an Raspberry Pi 4. >> The dell computer that I'm working with at the moment is my case study >> - it's not slow at all. > > If it's fast enough and reliable enough for you, I think you can still > go (for a long time) with an JDK 8 and Tomcat 9.x. If I remember right, > we settled to support Tomcat 9.x for quite a while and Tomcat has no > requirements of its own to use 64 Bit. > > Felix > >> >> Am I alone in thinking that our technology is trying to leave humanity >> behind before it is truly not useful anymore? >> >> Unlike HAM radio operators, are you one of those crazy people who >> think we're somehow safe from disaster on planet Earth? >> >> I think this universe has much more in store for us. I also like to >> wring out every last bit of use from stuff. I also grind old >> screwdrivers that are "worn-out". >> >> I'll feel more comfortable when our high school grads understand EcE >> and computer manufacturing upon graduation. >> >> If we need faster computers to replace humans, what's the point? >> >> Video games? Meta? AI? >> >> What about baseball, Frisbee, stage productions, and Human Intelligence? >> >> Can an old 32 bit machine do modern encryption for telecommunications? >> >> Why are we still paying so much for phone service? >> >> Why aren't our high school grads capable of re-soldering components >> from these old boards and assembling them into something better and >> rewriting the software? >> >> So, I think it's a worthwhile discussion that I know many thought was >> settled as they gaze across fully stocked Wal Mart computer >> departments and newegg query results. >> >> If for no other reason, shouldn't we pry the specs out of the hands of >> Dell and others to understand and reconfigure and reprogam their >> machines? Or, are they afraid of what we'll discover? >> >> My working hypothesis is that if we remove what was put in there to do >> things we don't know about, these machines will speed-up considerably. >> >> :) >> >> https://en.wikipedia.org/wiki/Clipper_chip >> >> >> >> >> On 11/2/22, Christopher Schultz wrote: >>> John, >>> >>> On 10/27/22 11:03, John Dale (DB2DOM) wrote: >>>> Does anyone know of a report detailing how much of this older hardware >>>> is still out there and floating around? >>> You mean like a list of all pieced of hardware ever sold and never >>> scrapped? >>> >>> I think that would be practically impossible. >>> >>> I have a Palm 7 on a box in my office that has never been inventoried by >>> anybody and could possibly be plugged back in at any moment. There are >>> probably warehouses of stuff like what worldwide and you never know when >>> someone is going to plug-in any one of those devices and start playing >>> with it again. >>> >>>> Big picture: >>>> It's a lot of computer power in the event manufacturing hits a hiccup, >>>> I wouldn't want to be caught flat-footed until it could be >>>> re-established. >>> Are you suggesting that Linux should not drop support for i486 >>> architecture because if new machines aren't available due to >>> supply-chain issues, we might all have to re-rack 486s to keep our >>> services running? That sounds insane. We would simply do without. I'd >>> sooner put my old mobile phones into service supporting my applications >>> than an old i486. They are more powerful and reliable, and use less >>> electricity. >>> >>> There's a reason Linus wants to kill i486 support: >>> >>> "At some point, people have them as museum pieces. They might as well >>> run museum kernels." - Linus Torvalds >>> >>>> I like to build distilled portable stuff for that r
Re: Compatibility, 32 bit ..
I'd like to continue to invest in Raspberry Pi, but also try to put together a functional 32bit build of my software for those poor old neglected closeted towers (really, poor things!). I should be able to do it, from the looks of this. Are you guys doing any kind of pruned down version of Tomcat or maybe a configurable Tomcat that will only include some bare bones stuff like request parsing, connection pooling, and (obviously) threading? Thanks for the pointers .. I would like to try to meet you guys in person at a conference sometime to swap notes and be pals. Anyway, have a great day! Sincerely, John On 11/2/22, Christopher Schultz wrote: > John, > > On 10/28/22 10:46, John Dale (DB2DOM) wrote: >> I see .. Mark and/or Christopher - this means that no Tomcat 10, right? > > https://tomcat.apache.org/whichversion.html > > Tomcat 10.0, yes. > Tomcat 10.1, no. > > Tomcat 10.0 has been superseded and will not get any further updates, > thus you should not use it for any purpose IMO. > > -chris > >> On 10/28/22, Konstantin Kolinko wrote: >>> чт, 27 окт. 2022 г. в 18:02, John Dale (DB2DOM) : >>>> >>>> I had the same thought when I saw it. Here is java -version output >>>> complete: >>>> >>>> openjdk version "9-internal" >>>> OpenJDK Runtime Environment (build >>>> 9-internal+0-2016-04-14-195526.buildd.src) >>>> OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src, >>>> mixed >>>> mode) >>> >>> The first official release of Java 9 (GA release) was on 21 September >>> 2017 [1][2] >>> >>> What you are seeing here (built in 2016) apparently is some early access >>> stuff. >>> >>> As a whole, Java 9 has already reached its end of life. (LTS releases >>> are Java 8, 11 and 17). >>> >>> [1] https://openjdk.org/projects/jdk9/ >>> [2[ https://en.wikipedia.org/wiki/Java_version_history >>> >>> Best regards, >>> Konstantin Kolinko >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Compatibility, 32 bit ..
Chris enters the room, gazes upon seven orcs, draws his sword, and opens the can of worms. Ooooh .. Philosophy. I love philosophy. :) Good philosophy starts with good questions. I love some of the newer hardware, too, but even Raspberry Pi is not yet 64 bit, is it? The dell computer that I'm working with at the moment is my case study - it's not slow at all. Am I alone in thinking that our technology is trying to leave humanity behind before it is truly not useful anymore? Unlike HAM radio operators, are you one of those crazy people who think we're somehow safe from disaster on planet Earth? I think this universe has much more in store for us. I also like to wring out every last bit of use from stuff. I also grind old screwdrivers that are "worn-out". I'll feel more comfortable when our high school grads understand EcE and computer manufacturing upon graduation. If we need faster computers to replace humans, what's the point? Video games? Meta? AI? What about baseball, Frisbee, stage productions, and Human Intelligence? Can an old 32 bit machine do modern encryption for telecommunications? Why are we still paying so much for phone service? Why aren't our high school grads capable of re-soldering components from these old boards and assembling them into something better and rewriting the software? So, I think it's a worthwhile discussion that I know many thought was settled as they gaze across fully stocked Wal Mart computer departments and newegg query results. If for no other reason, shouldn't we pry the specs out of the hands of Dell and others to understand and reconfigure and reprogam their machines? Or, are they afraid of what we'll discover? My working hypothesis is that if we remove what was put in there to do things we don't know about, these machines will speed-up considerably. :) https://en.wikipedia.org/wiki/Clipper_chip On 11/2/22, Christopher Schultz wrote: > John, > > On 10/27/22 11:03, John Dale (DB2DOM) wrote: >> Does anyone know of a report detailing how much of this older hardware >> is still out there and floating around? > > You mean like a list of all pieced of hardware ever sold and never > scrapped? > > I think that would be practically impossible. > > I have a Palm 7 on a box in my office that has never been inventoried by > anybody and could possibly be plugged back in at any moment. There are > probably warehouses of stuff like what worldwide and you never know when > someone is going to plug-in any one of those devices and start playing > with it again. > >> Big picture: >> It's a lot of computer power in the event manufacturing hits a hiccup, >> I wouldn't want to be caught flat-footed until it could be >> re-established. > > Are you suggesting that Linux should not drop support for i486 > architecture because if new machines aren't available due to > supply-chain issues, we might all have to re-rack 486s to keep our > services running? That sounds insane. We would simply do without. I'd > sooner put my old mobile phones into service supporting my applications > than an old i486. They are more powerful and reliable, and use less > electricity. > > There's a reason Linus wants to kill i486 support: > > "At some point, people have them as museum pieces. They might as well > run museum kernels." - Linus Torvalds > >> I like to build distilled portable stuff for that reason. I think >> DB2DOM could run on some really old versions of all of our favorite >> software if needed. > Great. I'm sure the transactions will only take a couple of seconds to > commit. No problem ;) > > -chris > >> On 10/26/22, Christopher Schultz wrote: >>> Shawn, >>> >>> On 10/26/22 00:14, Shawn Heisey wrote: >>>> The Linux kernel dropped support for 386 and 486 CPUs some time ago. >>> >>> I was reading about this today, actually. Linux is currently actively >>> advocating for dropping 486 support, so it must still be in there. >>> >>> -chris >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Compatibility, 32 bit ..
I see .. Mark and/or Christopher - this means that no Tomcat 10, right? On 10/28/22, Konstantin Kolinko wrote: > чт, 27 окт. 2022 г. в 18:02, John Dale (DB2DOM) : >> >> I had the same thought when I saw it. Here is java -version output >> complete: >> >> openjdk version "9-internal" >> OpenJDK Runtime Environment (build >> 9-internal+0-2016-04-14-195526.buildd.src) >> OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src, mixed >> mode) > > The first official release of Java 9 (GA release) was on 21 September > 2017 [1][2] > > What you are seeing here (built in 2016) apparently is some early access > stuff. > > As a whole, Java 9 has already reached its end of life. (LTS releases > are Java 8, 11 and 17). > > [1] https://openjdk.org/projects/jdk9/ > [2[ https://en.wikipedia.org/wiki/Java_version_history > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Compatibility, 32 bit ..
Does anyone know of a report detailing how much of this older hardware is still out there and floating around? Big picture: It's a lot of computer power in the event manufacturing hits a hiccup, I wouldn't want to be caught flat-footed until it could be re-established. I like to build distilled portable stuff for that reason. I think DB2DOM could run on some really old versions of all of our favorite software if needed. On 10/26/22, Christopher Schultz wrote: > Shawn, > > On 10/26/22 00:14, Shawn Heisey wrote: >> The Linux kernel dropped support for 386 and 486 CPUs some time ago. > > I was reading about this today, actually. Linux is currently actively > advocating for dropping 486 support, so it must still be in there. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Compatibility, 32 bit ..
I had the same thought when I saw it. Here is java -version output complete: openjdk version "9-internal" OpenJDK Runtime Environment (build 9-internal+0-2016-04-14-195526.buildd.src) OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src, mixed mode) On 10/26/22, Christopher Schultz wrote: > John, > > On 10/24/22 12:00, John Dale (DB2DOM) wrote: >> Hi Mark; >> Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before >> cli: catalina.sh run) >> java version: openjdk version "9-internal" > > This looks fishy. Version "9-internal"? Is that a real version? > > How about you post the result of: > > $ java -version > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Compatibility, 32 bit ..
Mark and Chris - do you guys have a favorite flavor of Linux that has yielded good results? Anyone else? John On 10/24/22, Mark Thomas wrote: > On 24/10/2022 19:38, John Dale (DB2DOM) wrote: >> Would Tomcat 10 work with Java 8? > > No. Tomcat 10.1.x requires a minimum of Java 11. > > Details of Tomcat versions, minimum Java versions and other useful > information: > > https://tomcat.apache.org/whichversion.html > > Mark > > >> >> Thinking I might downgrade the JDK. >> >> >> On 10/24/22, Mark Thomas wrote: >>> >>> >>> On 24/10/2022 17:00, John Dale (DB2DOM) wrote: >>>> Hi Mark; >>>> >>>> Thanks for taking a look. >>>> >>>> Below is more information. >>>> >>>> Sincerely, >>>> >>>> John Dale, MS MIS >>>> Spearfish, SD USA >>>> >>>> - >>>> >>>> Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before >>>> cli: catalina.sh run) >>>> java version: openjdk version "9-internal" >>>> uname -m: i686 >>>> Ubuntu 18.0.4 >>>> >>>> First error in logs: >>>> 24-Oct-2022 09:52:24.411 SEVERE [main] >>>> org.apache.tomcat.util.compat.Jre9Compat. Failed to create >>>> references to Java 9 classes and methods >>>> java.lang.ClassNotFoundException: java.lang.ModuleLayer >>> >>> You appear to have a broken JRE. That class should always be present in >>> Java 9 onwards. >>> >>> Mark >>> >>> >>>> at >>>> java.net.URLClassLoader.findClass(java.base@9-internal/URLClassLoader.java:384) >>>> at >>>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:486) >>>> at >>>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:419) >>>> at >>>> java.lang.Class.forName0(java.base@9-internal/Native >>>> Method) >>>> at >>>> java.lang.Class.forName(java.base@9-internal/Class.java:294) >>>> at >>>> org.apache.tomcat.util.compat.Jre9Compat.(Jre9Compat.java:85) >>>> at >>>> org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:72) >>>> at >>>> org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:282) >>>> at >>>> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) >>>> at >>>> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) >>>> at >>>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135) >>>> at >>>> org.apache.catalina.startup.Catalina.load(Catalina.java:747) >>>> at >>>> org.apache.catalina.startup.Catalina.load(Catalina.java:769) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native >>>> Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43) >>>> at >>>> java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531) >>>> at >>>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305) >>>> at >>>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) >>>> >>>> >>>> >>>> On 10/24/22, Mark Thomas wrote: >>>>> On 24/10/2022 02:01, John Dale (DB2DOM) wrote: >>>>>> Hi Everyone; >>>>>> >>>>>> I've had a few requests to refurbish some old 32 bit dell towers. >>>>>> >>>>>> So, I'm throwing ubuntu on them and bringing up a >>>>>> MySQL->DB2DOM->Tomcat >>>>>> stack. >>>>>> >>>>>> Unfortunately, Tomcat doesn't want to start with openjdk 9 that is >>>>>> packaged with 32 bit ubuntu. >>>>> >>>&g
Re: Compatibility, 32 bit ..
Thank you. Would you agree with me that this should be an ubuntu bug report? I installed using apt-get. John On 10/24/22, Mark Thomas wrote: > On 24/10/2022 19:38, John Dale (DB2DOM) wrote: >> Would Tomcat 10 work with Java 8? > > No. Tomcat 10.1.x requires a minimum of Java 11. > > Details of Tomcat versions, minimum Java versions and other useful > information: > > https://tomcat.apache.org/whichversion.html > > Mark > > >> >> Thinking I might downgrade the JDK. >> >> >> On 10/24/22, Mark Thomas wrote: >>> >>> >>> On 24/10/2022 17:00, John Dale (DB2DOM) wrote: >>>> Hi Mark; >>>> >>>> Thanks for taking a look. >>>> >>>> Below is more information. >>>> >>>> Sincerely, >>>> >>>> John Dale, MS MIS >>>> Spearfish, SD USA >>>> >>>> - >>>> >>>> Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before >>>> cli: catalina.sh run) >>>> java version: openjdk version "9-internal" >>>> uname -m: i686 >>>> Ubuntu 18.0.4 >>>> >>>> First error in logs: >>>> 24-Oct-2022 09:52:24.411 SEVERE [main] >>>> org.apache.tomcat.util.compat.Jre9Compat. Failed to create >>>> references to Java 9 classes and methods >>>> java.lang.ClassNotFoundException: java.lang.ModuleLayer >>> >>> You appear to have a broken JRE. That class should always be present in >>> Java 9 onwards. >>> >>> Mark >>> >>> >>>> at >>>> java.net.URLClassLoader.findClass(java.base@9-internal/URLClassLoader.java:384) >>>> at >>>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:486) >>>> at >>>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:419) >>>> at >>>> java.lang.Class.forName0(java.base@9-internal/Native >>>> Method) >>>> at >>>> java.lang.Class.forName(java.base@9-internal/Class.java:294) >>>> at >>>> org.apache.tomcat.util.compat.Jre9Compat.(Jre9Compat.java:85) >>>> at >>>> org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:72) >>>> at >>>> org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:282) >>>> at >>>> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) >>>> at >>>> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) >>>> at >>>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135) >>>> at >>>> org.apache.catalina.startup.Catalina.load(Catalina.java:747) >>>> at >>>> org.apache.catalina.startup.Catalina.load(Catalina.java:769) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native >>>> Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43) >>>> at >>>> java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531) >>>> at >>>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305) >>>> at >>>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) >>>> >>>> >>>> >>>> On 10/24/22, Mark Thomas wrote: >>>>> On 24/10/2022 02:01, John Dale (DB2DOM) wrote: >>>>>> Hi Everyone; >>>>>> >>>>>> I've had a few requests to refurbish some old 32 bit dell towers. >>>>>> >>>>>> So, I'm throwing ubuntu on them and bringing up a >>>>>> MySQL->DB2DOM->Tomcat >>>>>> stack. >>>>>> >>>>>> Unfortunately, Tomcat doesn't want to start with openjdk 9 that is >>>>>> packaged with 32 bit ubuntu. >>>>> >>>&g
Re: Compatibility, 32 bit ..
Would Tomcat 10 work with Java 8? Thinking I might downgrade the JDK. On 10/24/22, Mark Thomas wrote: > > > On 24/10/2022 17:00, John Dale (DB2DOM) wrote: >> Hi Mark; >> >> Thanks for taking a look. >> >> Below is more information. >> >> Sincerely, >> >> John Dale, MS MIS >> Spearfish, SD USA >> >> - >> >> Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before >> cli: catalina.sh run) >> java version: openjdk version "9-internal" >> uname -m: i686 >> Ubuntu 18.0.4 >> >> First error in logs: >> 24-Oct-2022 09:52:24.411 SEVERE [main] >> org.apache.tomcat.util.compat.Jre9Compat. Failed to create >> references to Java 9 classes and methods >> java.lang.ClassNotFoundException: java.lang.ModuleLayer > > You appear to have a broken JRE. That class should always be present in > Java 9 onwards. > > Mark > > >> at >> java.net.URLClassLoader.findClass(java.base@9-internal/URLClassLoader.java:384) >> at >> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:486) >> at >> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:419) >> at java.lang.Class.forName0(java.base@9-internal/Native >> Method) >> at >> java.lang.Class.forName(java.base@9-internal/Class.java:294) >> at >> org.apache.tomcat.util.compat.Jre9Compat.(Jre9Compat.java:85) >> at >> org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:72) >> at >> org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:282) >> at >> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) >> at >> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) >> at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135) >> at >> org.apache.catalina.startup.Catalina.load(Catalina.java:747) >> at >> org.apache.catalina.startup.Catalina.load(Catalina.java:769) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native >> Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43) >> at >> java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531) >> at >> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305) >> at >> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) >> >> >> >> On 10/24/22, Mark Thomas wrote: >>> On 24/10/2022 02:01, John Dale (DB2DOM) wrote: >>>> Hi Everyone; >>>> >>>> I've had a few requests to refurbish some old 32 bit dell towers. >>>> >>>> So, I'm throwing ubuntu on them and bringing up a MySQL->DB2DOM->Tomcat >>>> stack. >>>> >>>> Unfortunately, Tomcat doesn't want to start with openjdk 9 that is >>>> packaged with 32 bit ubuntu. >>> >>> Tomcat works happily with 32-bit and 64-bit Java. >>> >>>> Can someone give me a pointer to what works best? >>> Perhaps if you told us what Tomcat version you were using and showed us >>> what the error message was we'd be able to provide slightly more advice >>> than "You are doing something wrong. Don't do that". >>> >>> Mark >>> >>> >>>> Also, any heads up about missing libs or other nuances would also be >>>> appreciated (jax mods were most painful). >>>> >>>> Sincerely, >>>> >>>> John Dale, MS MIS >>>> Spearfish, SD USA >>>> >>>> - >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Compatibility, 32 bit ..
Hi Mark; Thanks for taking a look. Below is more information. Sincerely, John Dale, MS MIS Spearfish, SD USA - Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before cli: catalina.sh run) java version: openjdk version "9-internal" uname -m: i686 Ubuntu 18.0.4 First error in logs: 24-Oct-2022 09:52:24.411 SEVERE [main] org.apache.tomcat.util.compat.Jre9Compat. Failed to create references to Java 9 classes and methods java.lang.ClassNotFoundException: java.lang.ModuleLayer at java.net.URLClassLoader.findClass(java.base@9-internal/URLClassLoader.java:384) at java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:486) at java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:419) at java.lang.Class.forName0(java.base@9-internal/Native Method) at java.lang.Class.forName(java.base@9-internal/Class.java:294) at org.apache.tomcat.util.compat.Jre9Compat.(Jre9Compat.java:85) at org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:72) at org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:282) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135) at org.apache.catalina.startup.Catalina.load(Catalina.java:747) at org.apache.catalina.startup.Catalina.load(Catalina.java:769) at sun.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) On 10/24/22, Mark Thomas wrote: > On 24/10/2022 02:01, John Dale (DB2DOM) wrote: >> Hi Everyone; >> >> I've had a few requests to refurbish some old 32 bit dell towers. >> >> So, I'm throwing ubuntu on them and bringing up a MySQL->DB2DOM->Tomcat >> stack. >> >> Unfortunately, Tomcat doesn't want to start with openjdk 9 that is >> packaged with 32 bit ubuntu. > > Tomcat works happily with 32-bit and 64-bit Java. > >> Can someone give me a pointer to what works best? > Perhaps if you told us what Tomcat version you were using and showed us > what the error message was we'd be able to provide slightly more advice > than "You are doing something wrong. Don't do that". > > Mark > > >> Also, any heads up about missing libs or other nuances would also be >> appreciated (jax mods were most painful). >> >> Sincerely, >> >> John Dale, MS MIS >> Spearfish, SD USA >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Compatibility, 32 bit ..
Hi Everyone; I've had a few requests to refurbish some old 32 bit dell towers. So, I'm throwing ubuntu on them and bringing up a MySQL->DB2DOM->Tomcat stack. Unfortunately, Tomcat doesn't want to start with openjdk 9 that is packaged with 32 bit ubuntu. Can someone give me a pointer to what works best? DB2DOM Also, any heads up about missing libs or other nuances would also be appreciated (jax mods were most painful). Sincerely, John Dale, MS MIS Spearfish, SD USA - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Unexpected messages in commons-daemon.log Tomcat 10.0.17
Hi I recently transitioned from Tomcat Version 10.0.14 to 10.0.17 on Windows 10, server 2016, and server 2019 Version 10.0.14 was good, Version 10.0.17 also has Unexpected messages in commons-daemon.log Is there a fix? John Orendt john.p.ore...@medtronic.com -Original Message- From: Pontus Ågren Sent: Wednesday, May 25, 2022 3:53 AM To: Tomcat Users List Subject: Sv: Unexpected messages in commons-daemon.log There is monitoring of the service so that seems to be the cause. I agree that logging it at TRACE level is a better idea. On INFO level it just adds noice. Pontus [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com
Re: Question about ssl
Hi Chris; I'm measuring the time taken to process a request as reported by inspector-network in brave. SSL time to process through tomcat is 11ms. Same request for a smaller file using a java SSL socket is taking 50ms .. like this: public static SSLServerSocket getServerSocketWithCert(int port, InputStream pathToCert, String passwordFromCert, ServerSecureType type) throws IOException, KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException { X509TrustManager[] tmm; X509KeyManager[] kmm; KeyStore ks = KeyStore.getInstance(instance); ks.load(pathToCert, passwordFromCert.toCharArray()); tmm=tm(ks); kmm=km(ks, passwordFromCert); SSLContext ctx = SSLContext.getInstance(type.getType()); ctx.init(kmm, tmm, null); SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) ctx.getServerSocketFactory(); SSLServerSocket ssocket = (SSLServerSocket) socketFactory.createServerSocket(port); return ssocket; } I'm using the cert at https://db2dom.com It's still a tenth of a second to process the request with this "hand rolled" method, but it's several orders of magnitude slower, and I'm trying to figure out why (I'm obsessive with response times). Sincerely, John On 3/28/22, Christopher Schultz wrote: > John, > > On 3/26/22 22:29, John Dale (DB2DOM) wrote: >> Can you help me understand why Tomcat's SSL handling is so much faster >> than hand rolling it on a regular socket? > > I think you'll need to define some terms. > > For example, what do you mean when you say "faster", and how are you > measuring that? > > What do you mean when you say "hand-rolling" your SSL and what is a > "regular socket"? > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question about ssl
Greetings; Can you help me understand why Tomcat's SSL handling is so much faster than hand rolling it on a regular socket? Sincerely, John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure Tomcat development using NetBeans IDE
Mark, Just as a follow up to the two rogue test files tomcat\test\org\apache\coyote\http2\TestStream.java tomcat\test\util\TestCookieFilter.java I copied the util and trailers folders into the java folder and that didn't make any difference. Also I noticed that, for the TestStream.java source it mentions import trailers.ResponseTrailers; and when I hover over the exception it says that 'package trailers' doesn't exist, whereas there is a POJC in the trailers folder (ResponseTrailers.java). Both these points may be irrelevant or, in the case of the second point - package = java class as far as import goes, but I mention them just in case. John On Thu, 24 Feb 2022 at 15:13, John Barrow wrote: > > Mark, > > I have now got grep working (following a post from another member > indicating that built into git bash!) > > > ant download-test-compile > > This is useful to know as I didn't run the tests script until later. > > > ant download-validate > > This didn't report Checkstyle missing - probably as not needed for > actual development. Running Checkstyle using > > ant -Dexecute.validate=true validate > > did then update the libraries folder > > > I doubt you'll need a release build > > So do I by the sound of it - I will probably come back to the forum > when looking to commit anything for the first time but I assume that I > will just upload any changes that, once approved, will form part of > the next release. Of course I will be able to benefit from the newly > developed time-delay in the meantime :) > > I have passed on your observation "but NetBeans is not taking into > account the isELIgnored="true" page directive" to the NetBeans > community > > > I'd see if you can disable the JSP validation. If it makes you feel better, > > Eclipse's JSP validation has similar issues. > > That has no effect! We can drop the issues over JSP as the NetBeans > community has taken up that baton. > > > That is an abstract base class. You won't be able to run it. > > Trust me to pick that one! I have only ever written simple unit tests > so not needed to create any abstract classes in my testing, but I > should have spent more time looking into your source and then would > have spotted the 'abstract' keyword!! In a very weak defence, I tend > to use interfaces rather than abstract classes. Anyway, thanks for the > naming conventions, that will prove time-saving. For good measure, I > ran TestDefaultServlet and that ran the tests successfully. > > Thanks for the explanation of the dual 'bin' folders. > > > Yes, the Java compiler is smart enough to generate the byte code as if it > > was generated with Java 11 so you are fine to stick with Java 17 as long as > > the build version is 11. > > I have amended my project options to reflect this and rebuilt the > project to check everything still works - it does! > > > Ah. You need to add webapps/examples/WEB-INF/classes as a source folder. > > That should fix the two issues above. > > I must still be missing a link here, I have added that folder to the > list of elements. I also added it to the since, as > the project references files inside this folder, it seemed applicable > to include it. However, it didn't appear to make any difference - i.e. > NetBeans still couldn't tie the source back to those Java classes. > > I have checked that I have typed the paths correctly and I can see the > trailers.ResponseTrailers (& util.CookieFilter) file(s) in the > WEB-APP\classes and visible in the project folders (I assume as added > to ) to back-up paths are valid. NetBeans doesn't let me take > any action to try and find the file to resolve the [!], I assume > because it is a free form Ant project and so configuration is > 'read-only' once loaded (I would have options in Maven to locate the > missing resource). > > I have added my current project.xml and Trailers.ResponseTrailers.jpg > to the DropBox folder in case either of them helps. My only > observation is that, as I can't find a corresponding XSD file for > project.xml, there is another attribute I need to set to indicate that > these are class files in a different folder to the one the other > package files are in, but that seems unlikely. > > > I think you mean 8000 for remote debugging but otherwise great. If you can > > get this working, you are doing really well. > > I was using 8080 and appeared to be working although I have not used > it in anger yet. I had amended the catalina.bat line "set > JPDA_ADDRESS=localhost:8080, because I connect to Tomcat using > http://localhost:8080/examples. Your statement concerned me slightly > in that I now believe that I had made a wrong assumptio
Re: Configure Tomcat development using NetBeans IDE
hores / tasks before getting back on the laptop. Hopefully, we can get these last minor sticking points resolved prior to the 5th. Thanks again for your continued patience and valuable insights. John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: is too quick to respond
Christopher, > You will just change the implementation to answer the question "have any resources been modified, but not-too-recently?" OK > The check must be fast, otherwise it will hang-up other processes on the server. Don't introduce any new loops or stalls. Just return true or false as quickly as possible. The process will be repeated during the "next" check so you only have to decide not to reload "too early"? Not sure that I understand this point (re 'check must be fast'). I wasn't imagining affecting the initial trigger point at all (i.e. Tomcat has detected a change in one of the active files) so shouldn't affect the day-to-day performance. Once Tomcat has decided that a reload is required *and* the user has requested for Tomcat to do the reload (i.e. Context flag is defined to true), prior to actioning the reload, add the additional check (simple user-specified timer delay to allow the external application time to finish deployment, and then let Netbeans carry on. Your additional suggestion that the time-stamps of the amended files should remain consistent over that period also sounds sensible. Given that Tomcat can't implement the event model for reasons you have already explained, I am now thinking that the event that triggers the re-build won't contain details of what files have been amended, simply that there has been a change. Snapshotting all the files within the two folders, noting the timestamps and then polling again after the delay seems to be repeating what Tomcat is probably already doing to trigger the event in the first place. Now that I just about have a development environment I can explore and debug, I think I should spend some time around this class and learn when / why it's called and the calls it makes to do the reload. So far, I have had to imagine how the code is structured and so consider a solution based on that (possibly false hypothesis). Just to be clear from other questions, I have no intention in going anywhere near the 'rebuild' process - that is a black box as far as I am concerned. John PS: Nice suggestion about contacting IT for more cores - unfortunately I am now (recently) retired and so, I am the IT department and the Finance director (wife) hasn't approved the budget :)
Re: Configure Tomcat development using NetBeans IDE
Hi Greg, > You should not need to reload tomcat for code unless NetBeans cannot handle > hot reload. I don't believe that there is a problem with NetBeans, it updates the active code files in the WEB_APP/classes perfectly, but then as previously discussed in the other thread, there is no file locking (not possible) and as soon as multiple files need recompiling (in my case a listener and a class) we risk having an unstable deployment, albeit for a fraction of a second. Tomcat detects the first file change and that triggers the reload of the webapp. However, the listener class (in my case) is still being created / updated and causes Tomcat to crash (understandably so). Weirdly enough, I never had an issue until I upgraded to Tomcat 10, but I suspect that was a fluke of the project I was working on rather than the upgrade. I mainly create Java Servlets (brilliant API by the way) and so am installing many small individual class files. > I would stop and restart tomcat for method signature changes, new classes > etc. It's quick and stops reload issues. You are right, Tomcat is ridiculously fast to Start / Stop (2 mouse clicks for me, 5 seconds). In fact when I first installed Tomcat that is how I operated until I discovered reloadable - and I fall into that historic stereotypical old-school developer type labelled 'lazy', true in my case. I could now halve the number of keystrokes (and shave 5 seconds off my deploy) so now it was F11 (recompile), F5 (browser refresh). Of course, once you have been tempted by the serpent, it is so hard to have your candy taken away from you hence me spending a week attempting to install Tomcat and implement some protection for this scenario :) John On Wed, 23 Feb 2022 at 08:10, Greg Huber wrote: > > There have been lots of emails on this, sorry if I have missed something.. > > Although I don't use net beans, I use Eclipse with the venerable Sysdeo > Tomcat Plugin (modified), and from my experience set reloadable = > "false". I would stop and restart tomcat for method signature changes, > new classes etc. It's quick and stops reload issues. > > You should not need to reload tomcat for code unless, net beans cannot > handle hot reload. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Configure Tomcat development using NetBeans IDE
t is part of a (rather old) tutorial on building a > web application. To do this, I amended the project.xml in nbproject to remove the three references to sample. I also removed the single reference to 'tomcat-lite'. The folder wasn't cloned from git and I could't find any reference to a 'lite' version of Tomcat and so I was wondering if this is an historic / abandoned project. Should the master \tomcat\res\ide-support\netbeans\project.xml file be edited to remove these permanently (again to provide a clean experience for others). In summary, I am assuming from the lack of response from my request about NetBeans, that this is not a favourite environment for Tomcat development. It may just have been a long time since anyone deployed the development framework into NetBeans and so my efforts might be worthwhile as a refresher check on the current documentation. I am keeping notes of the process I have been through so far as well as how to resolve issues I have encountered and so will look to update the README for NetBeans to help future developers. John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: is too quick to respond
Neil, > I think it's a bad idea to design a solution based on the file type. A > webapp can contain all kinds of files. Why is that in this instance when the focus is on deploying to these specific folders as defined by Tomcat? Taken from the Tomcat documentation... - WEB-INF/classes/ - This directory contains any Java class files (and associated resources) required for your application, including both servlet and non-servlet classes, that are not combined into JAR files. If your classes are organized into Java packages, you must reflect this in the directory hierarchy under WEB-INF/classes/. For example, a Java class named com.mycompany.mypackage.MyServlet would need to be stored in a file named WEB-INF/classes/com/mycompany/mypackage/MyServlet.class. - WEB-INF/lib/ - This directory contains JAR files that contain Java class files (and associated resources) required for your application, such as third party class libraries or JDBC drivers. So, while there may be additional resources I would have thought that it would be safe to assume that .war, .jar & .class suffixes contained Java classes / resources, raw (.class) or zipped (.war, .jar). Regarding checking the validity of a .war / .jar, there looks to be a good way of checking validity in the standard java.util.zip.ZipFile class which opens a file for reading and will return an exception if there is a ZIP format error. Of course, if we might expect someone to deploy a file with one of the "reserved" suffixes that does not conform then the file will never pass validation and so either would need to give up after a period of time and let the reload continue or raise an exception reporting that the file did not contain the expected type (i.e. a recognised zip file structure). Given that Tomcat is pretty well defined about what those two folders are for, I would have thought that we should be able to expect that users would confirm to only use the recognised suffixes for the purpose they are intended for and the benefits of a safe deployment outway the outside risk of users abusing the meaning of the suffixes. Of course, only those files with those two suffixes (jar / war) would have the additional validation applied, the rest would simply be subject to the timeout for non activity having expired. John Neil,> I think it's a bad idea to design a solution based on the file type. A webapp can contain all kinds of files.Why is that in this instance when the focus is on deploying to these specific folders as defined by Tomcat? WEB-INF/classes/ - This directory contains any Java class files (and associated resources) required for your application, including both servlet and non-servlet classes, that are not combined into JAR files. If your classes are organized into Java packages, you must reflect this in the directory hierarchy under WEB-INF/classes/. For example, a Java class named com.mycompany.mypackage.MyServlet would need to be stored in a file named WEB-INF/classes/com/mycompany/mypackage/MyServlet.class.WEB-INF/lib/ - This directory contains JAR files that contain Java class files (and associated resources) required for your application, such as third party class libraries or JDBC drivers.So, while there may be additional resources I would have thought that it would be safe to assume that .war, .jar & .class suffixes contained Java classes / resourses, raw (.class) or zipped (.war, .jar).Regarding checking the validity of a .war / .jar, there looks to be a good way of checking validity in the standard java.util.zip.ZipFile class which opens a file for reading and will return an exception if there is a ZIP format error.Of course, if we might expect someone to deploy a file with one of the "reserved" suffixes that does not conform then the file will never pass validation and so either would need to give up after a period of time and let the reload continue or raise an exception reporting that the file did not contain the expected type (i.e. a recognised zip file structure). Given that Tomcat is pretty well defined about what those two folders are for, I would have thought that we should be able to expect that users would confirm to only use the recognised suffixes for the purpose they are intended for and the benefits of a safe deployment outway the outside risk of users abusing the meaning of the suffixes.Of course, only those files with those two suffixes (jar / war) would have the additional validation applied, the rest would simply be subject to the timeout for non activity having expired.John Original message From: Neil Aggarwal Date: 20/02/2022 18:29 (GMT+00:00) To: Tomcat Users List Subject: Re: is too quick to respond I think it's a bad idea to design a solution based on the file type. A webapp can contain all kinds of files. On Sun, Feb 20, 2022, 12:16 PM Simon Matter wrote: > > I may be wrong but I thought .war files are zip files. Wouldn't it be > possibl
Re: is too quick to respond
Simon,That's my understanding as well, just that they have to have a defined folder structure within the zip but can unzip with any utility program. When you say "consistent content", how would you determine that without actually 'suck and see' which would lead to having to interfere with Tomcats reload algorithms, not something I would be comfortable with. Is there a read-only method (e.g. isValidZip() in a Library that is available to Tomcat) that I could call to check this? I will know the file that has been changed / replaced and so know that it has a .war extension.John Original message From: Simon Matter Date: 20/02/2022 18:15 (GMT+00:00) To: Tomcat Users List Subject: Re: is too quick to respond > Not sure about Tomcat, but what IBM Liberty does is:>> It "will" try to redeploy the war when it detects a file change - and it> does fail naturally since the war isn't complete.>> BUT - it will keep trying since during the upload, the timestamp and file> size automatically keeps changing - so at the end, it will succeed in> deploying the whole war file.I may be wrong but I thought .war files are zip files. Wouldn't it bepossible to just wait until the file has a consistent content and thenextract it?Simon>> I wish they would have just monitored the file size for a configurable> "given" time. And lets say - if the file size or timestamp doesn't change> for -say - 15 seconds, then go ahead and do the deployment, but as what> was mentioned earlier, different OS(s) may handle this differently, but> the JAVA NIO API watchevents point you in the right direction in watching> a file/folder in a loop for a "create" or "modify" or "delete" event to> occur and fire off.>> thanks,> jason>> - Original Message -> From: "chris" > To: "users" > Sent: Sunday, February 20, 2022 9:22:17 AM> Subject: Re: is too quick to respond>> John,>> On 2/20/22 05:50, John Barrow wrote:>> Neil,>>>> Thanks for your useful feedback. I am still feeling my way as you can>> probably see from my earlier emails trying to setup a development>> environment.>>>> I did actually think of this but didn't put it in scope for a couple of>> reasons.>>>> Firstly, the Tomcat documentation for readloadable quotes>>>> "Set to true if you want Catalina to monitor classes in>> /WEB-INF/classes/ and /WEB-INF/lib for changes, and automatically>> reload the web application if a change is detected. This feature is>> very useful during application development, but it requires>> significant runtime overhead and is not recommended for use on>> deployed production applications. That's why the default setting for>> this attribute is false. You can use the Manager web application,>> however, to trigger reloads of deployed applications on demand.">>>> Therefore, I took it to mean that this flag was geared at development,>> not production which is what I assume when you would deploy a .war>> file. So Tomcat would be listening to specific changes in .classes and>> .jar files that had just been compiled and these are normally small in>> size. But then I suppose that a single .jar file may be so sized that>> Tomcat could react while the file was still being written to the disk.>> The patch you are currently working on should fix this aspect of the> overall problem you are trying to solve.>>> Secondly, I sort of assumed that since the feature was already in>> place and handles changes to single files that this check for>> completeness has already been implemented, but then as I can't get a>> development environment to run, I don't have enough skills to drill>> into the sources without it being interactive to help me explore and>> learn.>>>> However, it makes sense that your recommendation is implemented,>> although I was imagining setting the delay to (say) 500ms to ensure>> that whatever IDE had time to complete the copying of all the files as>> that is a small price to pay for automatic refresh. Also by resetting>> the timer after each event it would have to be quite a large upload>> for Tomcat to start reacting.>>>> Like you, I am not sure how to formally check that a file has>> completed its copy to the destination. The most common suggestion I>> hear is to try and change its name and then change it back again and>> capture the exception which will be raised if the file is locked. I>> wonder whether attempting to set an attribute (e.g.toggle read-only)>> would have the same effect (i.e. only allow if file wasn't
RE: is too quick to respond
Hi all, I have also uploaded the screenshots that I took within NetBeans illustrating some of my issues with getting Tomcat working within Netbeans. As mentioned previously, when I did my test project using Ant, it created a Libraries folder where I could and add JAR/Folder. This structure is not available for the imported Tomcat project after having run ant ide-netbeans. Not that I would expect to have to do this as I would have thought that all the relevant configuration settings would already be set up in the build.xml file, so I am missing a vital step somewhere. Finally, the failed tests zip is also there in case it was stripped out for anyone else that might be interested. John *From: *Christopher Schultz *Sent: *20 February 2022 14:22 *To: *users@tomcat.apache.org *Subject: *Re: is too quick to respond John, On 2/20/22 05:50, John Barrow wrote: > Neil, > > Thanks for your useful feedback. I am still feeling my way as you can > probably see from my earlier emails trying to setup a development > environment. > > I did actually think of this but didn't put it in scope for a couple of reasons. > > Firstly, the Tomcat documentation for readloadable quotes > > "Set to true if you want Catalina to monitor classes in > /WEB-INF/classes/ and /WEB-INF/lib for changes, and automatically > reload the web application if a change is detected. This feature is > very useful during application development, but it requires > significant runtime overhead and is not recommended for use on > deployed production applications. That's why the default setting for > this attribute is false. You can use the Manager web application, > however, to trigger reloads of deployed applications on demand." > > Therefore, I took it to mean that this flag was geared at development, > not production which is what I assume when you would deploy a .war > file. So Tomcat would be listening to specific changes in .classes and > .jar files that had just been compiled and these are normally small in > size. But then I suppose that a single .jar file may be so sized that > Tomcat could react while the file was still being written to the disk. The patch you are currently working on should fix this aspect of the overall problem you are trying to solve. > Secondly, I sort of assumed that since the feature was already in > place and handles changes to single files that this check for > completeness has already been implemented, but then as I can't get a > development environment to run, I don't have enough skills to drill > into the sources without it being interactive to help me explore and > learn. > > However, it makes sense that your recommendation is implemented, > although I was imagining setting the delay to (say) 500ms to ensure > that whatever IDE had time to complete the copying of all the files as > that is a small price to pay for automatic refresh. Also by resetting > the timer after each event it would have to be quite a large upload > for Tomcat to start reacting. > > Like you, I am not sure how to formally check that a file has > completed its copy to the destination. The most common suggestion I > hear is to try and change its name and then change it back again and > capture the exception which will be raised if the file is locked. I > wonder whether attempting to set an attribute (e.g.toggle read-only) > would have the same effect (i.e. only allow if file wasn't locked) and > be a little more elegant. I would have to try it. Don't do anything like that; it won't work on various environments. For example, Windows obtains exclusive file-locks for even sometimes read-only operations. But *NIX does /not/. So you may develop something that works on Windows but doesn't work at all anywhere else. You basically can't check to see if a file is "done uploading"" or whatever else may be happening. What you *can* do is check to see if any file in the list-of-files-to-be it *too recent* indicating that a compile/copy/upload/whatever may still be in progress. > I assume that Windows has a way of querying a file lock but not sure > (a) whether that is exposed via a Java API and (b) whether that would > apply to Unix as well (as I have only ever used Windows for > development). > >> How does Tomcat test if a file has been updated? It's just relative timestamps. Dive into the code Mark suggested and you'll find it. > Again, I don't know this yet (lack of IDE again), but I assumed that > it would be similar to the method I implemented in the attached source > code, i.e. Create a listener for events being triggered on file > changes to either /WEB-INF/classes/ and /WEB-INF/lib, as they are both > hard-coded file paths. I don't think your attachme
RE: is too quick to respond
Hi all, I will consolidate the comments from the last three emails to keep the thread from splitting too much. > Christopher: I don't think your attachment made it to the list. Maybe you can > host it somewhere else and then post a URL to the list? Attachments tend to > be stripped. I'm actually surprised your ZIP file made it through. Firstly, I wasn’t aware that text attachments would be stripped. I certainly didn’t get any notification although I did get plenty of notifications when I used Windows Mail to reply (no Plain Text support!) The URL for the sources is below which are held in my DropBox account. Hopefully the link below will allow access. Let me know if there are any issues. https://www.dropbox.com/sh/2ewipogzr48qcxi/AAAf3Rqv6WoRO9hyMC0W7P2za?dl=0 > Christopher: Don't do anything like that; it won't work in various > environments. For example, Windows obtains exclusive file-locks for even > sometimes read-only operations. But *NIX does /not/. So you may develop > something that works on Windows but doesn't work at all anywhere else. That was my understanding. When I was working, I remember there not being a comprehensive solution to this requirement and that Unix was very 'flexible' when handling files in flux, hence my query as I was not sure if something more recent had surfaced that I wasn't aware of. I believe that the 'wait a while' approach is (a) practical and (b) minimises conflicts with the way that Tomcat is operating. It is also flexible in that, if you know that you are refreshing large files then giving (say) a minute for the upload to work before Tomcat reloads is reasonable whereas if developing small Servlets then a few microseconds is probably all that is needed so the administrator can tune to the environment. > Christopher: The patch you are currently working on should fix this aspect of > the overall problem you are trying to solve. Thanks for the vote of confidence - hopefully now that you can see / run the sample app, that confidence will remain! > Christopher: It's just relative timestamps. Dive into the code Mark suggested > and you'll find it. That surprises me. I can't wait to dive in once I can get my IDE working. Is Tomcat polling the folder every 'x' microseconds then? That may explain the caution in the Tomcat documentation in that it puts a strain on the server. You will see from the sources that I have uploaded to DropBox, that I mimicked an event model that seemed to work quite well, however I am not sure which model would be more efficient and less intrusive on Tomcat's operation. > Jason: but the JAVA NIO API watchevents point you in the right direction in > watching a file/folder in a loop for a "create" or "modify" or "delete" event > to occur and fire off. As you should now be able to see from my DropBox source files, that is the approach I took although I wasn't looking to implement that, simply mock-up what I thought that Tomcat was already doing to detect the need for a reload. > I wish they would have just monitored the file size for a configurable > "given" time. And lets say - if the file size or timestamp doesn't change > for -say - 15 seconds, then go ahead and do the deployment. That would be easy enough to add in as a fail-safe and while not perfect as it makes assumptions on external factors, we can at least be sure that if either the timestamp or file size has been amended then it is still in flux whilst not offering any guarantees if they are identical. As I get an event for each file/folder that has been amended, I could then add another loop to check stability of these two attributes (say over 10 ms intervals, or add a further parameter to be user configurable) before starting the final 'waitForQuiet' timer prior to notifying Tomcat to start the reload. It is also a read-only query and so has no side-effects as it appears that users have a need to auto-reload after refreshing a larger .war file. Thoughts? Enjoy your evening. John From: Christopher Schultz Sent: 20 February 2022 14:22 To: users@tomcat.apache.org Subject: Re: is too quick to respond John, On 2/20/22 05:50, John Barrow wrote: > Neil, > > Thanks for your useful feedback. I am still feeling my way as you can > probably see from my earlier emails trying to setup a development > environment. > > I did actually think of this but didn't put it in scope for a couple of > reasons. > > Firstly, the Tomcat documentation for readloadable quotes > > "Set to true if you want Catalina to monitor classes in > /WEB-INF/classes/ and /WEB-INF/lib for changes, and automatically > reload the web application if a change is detected. This feature is > very useful during application development, but it requires > significant runtime overhead and is not recommended for use on > deployed production a
Re: is too quick to respond
Neil, Thanks for your useful feedback. I am still feeling my way as you can probably see from my earlier emails trying to setup a development environment. I did actually think of this but didn't put it in scope for a couple of reasons. Firstly, the Tomcat documentation for readloadable quotes "Set to true if you want Catalina to monitor classes in /WEB-INF/classes/ and /WEB-INF/lib for changes, and automatically reload the web application if a change is detected. This feature is very useful during application development, but it requires significant runtime overhead and is not recommended for use on deployed production applications. That's why the default setting for this attribute is false. You can use the Manager web application, however, to trigger reloads of deployed applications on demand." Therefore, I took it to mean that this flag was geared at development, not production which is what I assume when you would deploy a .war file. So Tomcat would be listening to specific changes in .classes and .jar files that had just been compiled and these are normally small in size. But then I suppose that a single .jar file may be so sized that Tomcat could react while the file was still being written to the disk. Secondly, I sort of assumed that since the feature was already in place and handles changes to single files that this check for completeness has already been implemented, but then as I can't get a development environment to run, I don't have enough skills to drill into the sources without it being interactive to help me explore and learn. However, it makes sense that your recommendation is implemented, although I was imagining setting the delay to (say) 500ms to ensure that whatever IDE had time to complete the copying of all the files as that is a small price to pay for automatic refresh. Also by resetting the timer after each event it would have to be quite a large upload for Tomcat to start reacting. Like you, I am not sure how to formally check that a file has completed its copy to the destination. The most common suggestion I hear is to try and change its name and then change it back again and capture the exception which will be raised if the file is locked. I wonder whether attempting to set an attribute (e.g.toggle read-only) would have the same effect (i.e. only allow if file wasn't locked) and be a little more elegant. I would have to try it. I assume that Windows has a way of querying a file lock but not sure (a) whether that is exposed via a Java API and (b) whether that would apply to Unix as well (as I have only ever used Windows for development). > How does Tomcat test if a file has been updated? Again, I don't know this yet (lack of IDE again), but I assumed that it would be similar to the method I implemented in the attached source code, i.e. Create a listener for events being triggered on file changes to either /WEB-INF/classes/ and /WEB-INF/lib, as they are both hard-coded file paths. As an aside, I should have mentioned, for anyone interested in this thread and in case not obvious from the source, but to see the sample source code in action, you need to add, modify, rename or delete files within the specified directory in a File Explorer. John On Sun, 20 Feb 2022 at 00:04, Neil Aggarwal wrote: > > John: > > > If anyone has a moment, can you have a quick look and see if what I am > > proposing seems acceptable. > > Thinking about when a large file (Such as a war file) is being uploaded > to the server, we don't want Tomcat to reload it until after the file has > completed upload and is fully formed. > > How does Tomcat test if a file has been updated? > I assume it uses File.lastModified() or something similar. > > Does anyone know the detailed nuts and bolts of how that works? > Does last modified keep changing as the file is uploading or is it just > changed at the start of the upload? Is the behavior the same or different > across platforms? > > These questions should be taken into account when designing the solution. > > Thank you, > Neil > > -- > Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com > We offer 30 year loans on single family houses! > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: is too quick to respond
Hi, While we continue the investigation into why I can't get Tomcat to run within NetBeans, I thought that I would create a mockup of the functionality that I would look to implement to protect the reloading of the webapp until the files have been rebuilt. I have mimicked the expected Tomcat listener for changes to a folder structure but of course that will already exist within Tomcat and so will only be looking to react to the existing events that are being triggered. If anyone has a moment, can you have a quick look and see if what I am proposing seems acceptable. The source is pretty short. To run this, once compiled, you just need to create a blank folder (or reference an existing one) and then amend the three constants, specifically to reference your folder! static final String folderToWatch = "C:\\Community\\MonitorFolder"; static final int timeToWatchSeconds = 30; // How long to listen for changes to files in the folder static final int timeForQuietMilliseconds = 5000; // How long to wait with no activity before triggering reload (list directory files in my example) The only minor observation is that if the period to listen for changes expires prior to the period of no activity then the 'reload' task (print the files in the directory) won't be triggered but as that would (guessing now) only be when Tomcat was shut down then it would be irrelevant anyway. Thanks John On Fri, 18 Feb 2022 at 17:03, Christopher Schultz wrote: > > John, > > On 2/18/22 10:50, John Barrow wrote: > >>> Would you be interested in looking at the existing algorithm to see if > >>> it would be updated in this way? > > > >> WebappLoader.backgroundProcess() would be a good place to start. > > > > I am sort of interested in looking at this. > > Awesome! > > > I have only been playing > > with Java for about 6 months, having been a Pascal developer most of > > my life (40 odd years). Therefore, I think that I could at least ‘give > > it a look’, if I can get Tomcat installed locally. > > > > However, I appreciate that I could be well out of my depth and there > > are too many unknowns / barriers in order to be of any use. > > > > It is the installation process that I am having issues with. I think > > it is down to lack of experience / knowledge / familiarity with > > commercial strength application. > > > > I use Netbeans 12.6 (Apache loyalty!) on Windows 10 for all my Java > > development using JDK 17. > > > > Unfortunately, I am only ‘sort-of’ familiar with Maven and have never > > touched Ant so I am flying a bit blind here, but that shouldn’t matter > > if it all works as I don't need to touch the build process. > > > > I downloaded the ‘main’ branch from GitHub > > (https://github.com/apache/tomcat) and unzipped it into its own > > folder, again with Ant (apache-ant-1.9.16). > > > > I have managed to get Ant to build it using instructions in > > BUILDING.txt. While it says that Tomcat built successfully, scrolling > > up, I got lots of warnings saying ‘can’t find a module etc so not sure > > if doing something wrong. I can send the results as an attachment if > > that would be useful. > > > > I can also get it to build in Netbeans (I first had to set Project > > > Properties > Java Sources to Source Level 17 which may be a bit of a > > guess as Netbeans complained about default value of 1.7). The java > > files in Netbeans don’t highlight any exceptions, just warnings. > > > > I appear to have issues with the other two folders > > ‘C:\Community\Tomcat\tomcat-main\webapps\docs\appdev\sample\src\mypackage’ > > and ‘C:\Community\Tomcat\tomcat-main\test’ as they don’t seem to be > > able to locate the dependencies (HelloWorld is -e.g. import > > jakarta.servlet.http.HttpServlet & tests is -e.g. import > > org.junit.Assert). In Maven, I would add a dependency to the pom.xml > > file, but not sure what to do in Ant as I would expect the > > configuration to already be set up. > > Try this: > > 1. Close the project in NetBeans > 2. On the command-line, go to the directory where your Tomcat git > checkout is > 3. Run "ant ide-netbeans" > 4. Open the project again in Netbeans > > See if that improves anything. That ant target configures Netbeans in a > way that should be "helpful". I don't use Netbeans myself, but the > equivalent for Eclipse (ide-eclipse) sets up the build-path and lots of > other goodies. > > > I also ran the ‘ant test’, took about 90 minutes and failed a number > > of tests (which I thought was surprising as I would expect sources in > > the repository to pass all the te
Re: is too quick to respond
Hi, I have re-run the Tomcat tests using 4 cores (all my machine has!) and time came down to 35m 33s. Not bad. I have written my own ‘grep’ to review the output directory and I think that the number of failures has come down now using all the cores so some may have been timing issues The 5 that are reported are C:\Community\Tomcat\tomcat-main\output\build\logs\TEST-jakarta.servlet.http.TestHttpServletDoHeadValidWrite513.NIO.txt Tests run: 1152, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 57.275 sec C:\Community\Tomcat\tomcat-main\output\build\logs\TEST-org.apache.coyote.http2.TestStreamProcessor.NIO.txt Tests run: 9, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 4.282 sec C:\Community\Tomcat\tomcat-main\output\build\logs\TEST-org.apache.coyote.http2.TestStreamProcessor.NIO2.txt Tests run: 9, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 4.008 sec C:\Community\Tomcat\tomcat-main\output\build\logs\TEST-org.apache.jasper.runtime.TestJspRuntimeLibrary.NIO.txt Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 3.813 sec C:\Community\Tomcat\tomcat-main\output\build\logs\TEST-org.apache.jasper.runtime.TestJspRuntimeLibrary.NIO2.txt Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 4.242 sec I have attached the 5 txt files as listed above for review (if needed). The first one may still be a timing issue, but I am not in a position to judge! John On Fri, 18 Feb 2022 at 18:16, Mark Thomas wrote: > > > On 18/02/2022 18:01, John Barrow wrote: > >> Do you have a list of the tests which fail? Do you know how to get that > >> list? > > > > Yes, although I am on Windows, not UNIX and so I don't have access to > > grep. I did a simple search within logs for 'FAILED' and it came up > > with about 20 or so. The list of test results has been cleared now > > (probably when I next built Tomcat) and so I will need to run them > > again but will try using the threads at the same time and then send > > you the results in a separate email. > > If you haven't cleared out the results from the logs directory you can do: > > ant test-status > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > <> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: is too quick to respond
HI, As a completely 'left-field' thought and apologies if this next statement is completely naive, if I started a clean Maven project, copied across all the sources for Tomcat and then use NetBeans to add dependencies as required, could that work? I am willing to give it a try as I don't need to deploy my development version of Tomcat, I just need to be able to run it within NetBeans. Once I have finished any changes, I can export the amended sources to the downloaded copy from github, re-apply the changes (they will always be minor!) and then use the ant build script from the CMD to deploy the finished version so I can test it in place of the release version I am currently using for my other web development. Which brings me back to a question raised earlier, confirmation of which source file it is that launches Tomcat to display the CMD like monitor as there are 15 "main" entry points within the Tomcat sources. I am assuming that it is the one in Tomcat.java, which interestingly has the comment /** * Main executable method for use with a Maven packager. * @param args the command line arguments * @throws Exception if an error occurs */ public static void main(String[] args) throws Exception { indicating that perhaps Tomcat has been built using Maven! John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: is too quick to respond
Hi, As mentioned in my last email, I have built a simple ‘Hello World’ Ant project in NetBeans, referencing an external library (GSON in my case) and the project properties looks quite different for the generated Ant project against the one that was created for Tomcat. The attached screenshot illustrates the differences (ignore the other unopened projects!) The 'Hello world' Ant project (source file attached) was created using the tools built into NetBeans so I - Created Java Application with Ant - Project name: HelloWorldAnt - Wrote the attached class - NetBeans flags up that com.google.gson library (jar) not found - Projects > HelloWorldAnt > Libraries - Locate gson-2.9.0.jar and open it - Library is added to the libaries folder within the project (as per screenshot) - Run project - compiles successfully and exports myLog to JSON in c:\Work\UserLogins.json (reproduced below). - I can also add breakpoints and step through the code during execution. The file structure for this simple Ant project looks a lot more complex than the one I am used to for Maven (see below). I am struggling to compare the two structures (HelloWorldAnt & Tomcat) as they look so different. While, I have not included any of the files in the directory structure listed below, happy to or upload the folder to DropBox. However, I think the exercise was more to determine that the Tomcat folder structure isn't as NetBeans would expect it for development to take place. Going to re-run the Tomcat tests and see if I can get a list of the failures in a suitable format. John Directory / File structure for created HelloWorldAnt project C:\Development\Work\HelloWorldAnt\build C:\Development\Work\HelloWorldAnt\build.xml C:\Development\Work\HelloWorldAnt\manifest.mf C:\Development\Work\HelloWorldAnt\nbproject C:\Development\Work\HelloWorldAnt\src C:\Development\Work\HelloWorldAnt\test C:\Development\Work\HelloWorldAnt\build\classes C:\Development\Work\HelloWorldAnt\build\classes\.netbeans_automatic_build C:\Development\Work\HelloWorldAnt\build\classes\.netbeans_update_resources C:\Development\Work\HelloWorldAnt\build\classes\helloworldant C:\Development\Work\HelloWorldAnt\build\classes\helloworldant\HelloWorldAnt.class C:\Development\Work\HelloWorldAnt\build\classes\helloworldant\HelloWorldAnt.rs C:\Development\Work\HelloWorldAnt\build\classes\helloworldant\TransactionLog$LocalDateSerializer.class C:\Development\Work\HelloWorldAnt\build\classes\helloworldant\TransactionLog$Transaction.class C:\Development\Work\HelloWorldAnt\build\classes\helloworldant\TransactionLog.class C:\Development\Work\HelloWorldAnt\nbproject\build-impl.xml C:\Development\Work\HelloWorldAnt\nbproject\genfiles.properties C:\Development\Work\HelloWorldAnt\nbproject\private C:\Development\Work\HelloWorldAnt\nbproject\project.properties C:\Development\Work\HelloWorldAnt\nbproject\project.xml C:\Development\Work\HelloWorldAnt\nbproject\private\private.properties C:\Development\Work\HelloWorldAnt\nbproject\private\private.xml C:\Development\Work\HelloWorldAnt\src\helloworldant C:\Development\Work\HelloWorldAnt\src\helloworldant\HelloWorldAnt.java gson (taken from my Maven .m2\repository) is referenced in project.properties in the following snippet excludes= file.reference.gson-2.9.0.jar=C:\\Users\\John\\.m2\\repository\\com\\google\\code\\gson\\gson\\2.9.0\\gson-2.9.0.jar includes=** jar.compress=false javac.classpath=\ ${file.reference.gson-2.9.0.jar} c:\Work\UserLogins.json file - { "KP": { "reference": "KP", "name": "Kevin Peters", "loggedIn": "2022-02-18" }, "MS": { "reference": "MS", "name": "Mike Smith", "loggedIn": "2022-02-18" }, "JB": { "reference": "JB", "name": "John Barrow", "loggedIn": "2022-02-18" } } From: Mark Thomas Sent: 18 February 2022 18:16 To: users@tomcat.apache.org Subject: Re: is too quick to respond On 18/02/2022 18:01, John Barrow wrote: >> Do you have a list of the tests which fail? Do you know how to get that list? > > Yes, although I am on Windows, not UNIX and so I don't have access to > grep. I did a simple search within logs for 'FAILED' and it came up > with about 20 or so. The list of test results has been cleared now > (probably when I next built Tomcat) and so I will need to run them > again but will try using the threads at the same time and then send > you the results in a separate email. If you haven't cleared out the results from the logs directory you can do: ant test-status Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: is too quick to respond
Mark,I checked the logs folder and it was empty and so I am assuming that Any is clearing it each time I build Tomcat.John Original message From: Mark Thomas Date: 18/02/2022 18:16 (GMT+00:00) To: users@tomcat.apache.org Subject: Re: is too quick to respond On 18/02/2022 18:01, John Barrow wrote:>> Do you have a list of the tests which fail? Do you know how to get that list?> > Yes, although I am on Windows, not UNIX and so I don't have access to> grep. I did a simple search within logs for 'FAILED' and it came up> with about 20 or so. The list of test results has been cleared now> (probably when I next built Tomcat) and so I will need to run them> again but will try using the threads at the same time and then send> you the results in a separate email.If you haven't cleared out the results from the logs directory you can do:ant test-statusMark-To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.orgFor additional commands, e-mail: users-h...@tomcat.apache.org
Re: is too quick to respond
Hi, > 3. Run "ant ide-netbeans" Apologies, I should have made that point clear, I have already run that otherwise Netbeans wouldn't recognise the project at all - i.e. I couldn't open it. In that respect, it was helpful, as in I could now compile and navigate the source files. > The "deploy" target is probably the one you want, or maybe "compile". Perhaps I am expecting a different outcome. The 'clean' + 'deploy' is what happens when I 'Clean and build main project' in Netbeans speak (checking the Projects properties dialog confirms this, see attached screenshot). What I was expecting 'Run project' to do, was locate the source with the "public static void main(final String[] args)" method in it and run the application, hopefully bringing up the Netbeans console window in a CMD like window (similar to running the .bat file %CATALINA_HOME%\bin\startup.bat). In Maven, this is what happens automatically when I 'Run project', I don't believe that I ever configured anything to execute a project from within Netbeans. The only slight variance is if NetBeans finds multiple main() methods, in which case you get a popup allowing you to select the appropriate starting point. So, perhaps, an alternative question would be, how do you go about making an amendment in Eclipse within the Tomcat sources (e.g. add a System.out.println() statement to log a field to the Eclipse 'console window' and then run Tomcat to see the effect. Also how do you run the Eclipse debugger on the Tomcat application? > Do you have a list of the tests which fail? Do you know how to get that list? Yes, although I am on Windows, not UNIX and so I don't have access to grep. I did a simple search within logs for 'FAILED' and it came up with about 20 or so. The list of test results has been cleared now (probably when I next built Tomcat) and so I will need to run them again but will try using the threads at the same time and then send you the results in a separate email. > If you can run the unit tests, then they are compiling and you should be able > to build a binary release (ant deploy) without a problem. I ran the tests from a CMD prompt rather than in NetBeans. NetBeans is telling me that it can't find the resources. A quick Google seems to imply that there should be a project.xml as well as a build.xml but then as I don't know Ant, I am not sure what to expect. I will attempt to create a simple 'Hello World' project in NetBeans using Ant to see what I get so I have a simple project to refer to as a base when trying to relate Tomcat. Without this, I couldn't review or extend the tests that form part of Tomcat as any attempt to run them within Netbeans tells me that the packages don't exist. Is there anyone else in the group that is successfully developing Tomcat using Netbeans? On Fri, 18 Feb 2022 at 17:03, Christopher Schultz wrote: > > John, > > On 2/18/22 10:50, John Barrow wrote: > >>> Would you be interested in looking at the existing algorithm to see if > >>> it would be updated in this way? > > > >> WebappLoader.backgroundProcess() would be a good place to start. > > > > I am sort of interested in looking at this. > > Awesome! > > > I have only been playing > > with Java for about 6 months, having been a Pascal developer most of > > my life (40 odd years). Therefore, I think that I could at least ‘give > > it a look’, if I can get Tomcat installed locally. > > > > However, I appreciate that I could be well out of my depth and there > > are too many unknowns / barriers in order to be of any use. > > > > It is the installation process that I am having issues with. I think > > it is down to lack of experience / knowledge / familiarity with > > commercial strength application. > > > > I use Netbeans 12.6 (Apache loyalty!) on Windows 10 for all my Java > > development using JDK 17. > > > > Unfortunately, I am only ‘sort-of’ familiar with Maven and have never > > touched Ant so I am flying a bit blind here, but that shouldn’t matter > > if it all works as I don't need to touch the build process. > > > > I downloaded the ‘main’ branch from GitHub > > (https://github.com/apache/tomcat) and unzipped it into its own > > folder, again with Ant (apache-ant-1.9.16). > > > > I have managed to get Ant to build it using instructions in > > BUILDING.txt. While it says that Tomcat built successfully, scrolling > > up, I got lots of warnings saying ‘can’t find a module etc so not sure > > if doing something wrong. I can send the results as an attachment if > > that would be useful. > > > > I can also get it to build in Netbeans (I first had to set Project > > > Properties > Java Sources to Source Level 17 which may be a bit of a
RE: is too quick to respond
Hi Mark / Christopher, Firstly, thanks for confirming my analysis on what is happening. >> Would you be interested in looking at the existing algorithm to see if >> it would be updated in this way? > WebappLoader.backgroundProcess() would be a good place to start. I am sort of interested in looking at this. I have only been playing with Java for about 6 months, having been a Pascal developer most of my life (40 odd years). Therefore, I think that I could at least ‘give it a look’, if I can get Tomcat installed locally. However, I appreciate that I could be well out of my depth and there are too many unknowns / barriers in order to be of any use. It is the installation process that I am having issues with. I think it is down to lack of experience / knowledge / familiarity with commercial strength application. I use Netbeans 12.6 (Apache loyalty!) on Windows 10 for all my Java development using JDK 17. Unfortunately, I am only ‘sort-of’ familiar with Maven and have never touched Ant so I am flying a bit blind here, but that shouldn’t matter if it all works as I don't need to touch the build process. I downloaded the ‘main’ branch from GitHub (https://github.com/apache/tomcat) and unzipped it into its own folder, again with Ant (apache-ant-1.9.16). I have managed to get Ant to build it using instructions in BUILDING.txt. While it says that Tomcat built successfully, scrolling up, I got lots of warnings saying ‘can’t find a module etc so not sure if doing something wrong. I can send the results as an attachment if that would be useful. I can also get it to build in Netbeans (I first had to set Project > Properties > Java Sources to Source Level 17 which may be a bit of a guess as Netbeans complained about default value of 1.7). The java files in Netbeans don’t highlight any exceptions, just warnings. I appear to have issues with the other two folders ‘C:\Community\Tomcat\tomcat-main\webapps\docs\appdev\sample\src\mypackage’ and ‘C:\Community\Tomcat\tomcat-main\test’ as they don’t seem to be able to locate the dependencies (HelloWorld is -e.g. import jakarta.servlet.http.HttpServlet & tests is -e.g. import org.junit.Assert). In Maven, I would add a dependency to the pom.xml file, but not sure what to do in Ant as I would expect the configuration to already be set up. I also ran the ‘ant test’, took about 90 minutes and failed a number of tests (which I thought was surprising as I would expect sources in the repository to pass all the tests. I can provide examples if useful as it may indicate that I have done something wrong. I read through the ‘RUNNING.txt’ file, but that assumes a binary to start, rather than following on from BUILDING Tomcat and so I couldn’t relate that to what I was trying to achieve. However, if I launch Tomcat from within Netbeans (F6), I get a dialog which I don’t understand - probably due to my lack of familiarity with Ant. Again, I can include a screenshot if that would help. [Run – Tomcat 8.0] No build target is associated with Run action. The free-form project requires a target Representing the Run action to invoke in Your Ant script. Select the target to invoke. [Dropdown with lots of tasks v] Is there an alternative document I should be reviewing to get me to actually run Tomcat from within Netbeans? I need to be able to run the locally built version of Tomcat so that, as a starting point, I can add some System.out.print() messages around the relevant routines (which I have located – thanks Mark). Of course I am assuming that it is possible to develop Tomcat from within Netbeans. While I would enjoy the challenge of reviewing the existing sources and attempting to incorporate a delay, I may waste more peoples time trying to get off the starting blocks. If that is the case, then I can raise a bug for future inclusion although it will be a pain-in-the-neck having to keep shutting down Tomcat after each compile! John From: Mark Thomas Sent: 17 February 2022 21:47 To: users@tomcat.apache.org Subject: Re: is too quick to respond On 17/02/2022 19:50, Christopher Schultz wrote: > This kind of thing could happen due to a number of different reasons, > such as a slow disk or network share, etc. and ought to be > protected-against. > > I haven't looked at the code, but I would imagine it periodically reads > all relevant files looking for anything that's been updated, but > immediately acts the first time is finds someting worth triggering a > reload. It does. The periodic check is triggered by the background process. > It might make more sense to modify that logic so that *all* files are > checked, but we cancel the reload if there are any files that are "too > new". This would allow us to avoid a reload if some kind of copy is in > progress. So we are looking for "anything newer than > last_reload_timestamp but not if we find anything older than NOW - 10 &
is too quick to respond
Hi, I am now running Tomcat version 10.0.16 having just upgraded from 9.0.41. As a developer, I make use of the META-INF\context.xml feature to detect changes within the classes folder WEB-INF\classes by However, since moving to Tomcat 10.0.16, the reload keeps crashing Tomcat due to the fact that Netbeans is recompiling multiple files and as soon as the first file is completed, I believe that Tomcat triggers its reload process and then fails as one of the listener classes is still in the process of being rebuilt by Netbeans and so Tomcat can’t access it for that split second to install the listener. If I shut down Tomcat and re-open it again, all is well as Netbeans has then had time to finish the re-compile. If I make a change within the implementation of (say) one of the listeners, so that Netbeans only has to re-compile that one .class file, then Tomcat reloads the application perfectly. Therefore, I was looking for the ability to add a delay to force Tomcat, on having detected a change in one of the files, to wait a moment to let Netbeans finish its job. I have researched the relevant help files and read through https://tomcat.apache.org/tomcat-8.0-doc/config/context.html and can’t see any additional attribute that might handle this scenario. If there isn’t an option, is it valid to raise it in the Bug Database? I have searched the existing list and can’t see any previous mention of it. For some reason, I didn’t experience this while using Tomcat 9.0.41, but it may have been slower to react to the .class files being change and so did not have an issue with the files not being available while they were being recompiled. The relevant part of the log is as below 17-Feb-2022 14:47:54.861 SEVERE [Catalina-utility-2] org.apache.catalina.core.StandardContext.listenerStart Error configuring application listener of class [Listener.DataDictionary] java.lang.ClassNotFoundException: Listener.DataDictionary at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1444) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1252) at org.apache.catalina.core.DefaultInstanceManager.loadClass(DefaultInstanceManager.java:535) at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:516) at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:150) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4640) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5179) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardContext.reload(StandardContext.java:3781) at org.apache.catalina.loader.WebappLoader.backgroundProcess(WebappLoader.java:268) at org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5562) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1365) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1369) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1369) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1347) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:833) 17-Feb-2022 14:47:54.861 SEVERE [Catalina-utility-2] org.apache.catalina.core.StandardContext.listenerStart Skipped installing application listeners due to previous error(s) Thanks in advance and here’s hoping to not have to have to keep Stopping & Starting Tomcat for every development change.
RE: AW: Tomcat 9 cannot start on windows 10 as service
Hi I used service.bat with Tomcat 9 & 10. Works well when run as admin John Orendt john.p.ore...@medtronic.com -Original Message- From: Thomas Hoffmann (Speed4Trade GmbH) Sent: Wednesday, February 9, 2022 12:58 PM To: Tomcat Users List ; W Subject: AW: AW: Tomcat 9 cannot start on windows 10 as service Hello, it seems you have a quite rare configuration of your windows system if even procmon is not running. It sounds like the issue might not be Tomcat related. Is any group policy, like Software Restriction Policies in place in your company? Greetings, Thomas -Ursprüngliche Nachricht- Von: W Gesendet: Mittwoch, 9. Februar 2022 18:51 An: Tomcat Users List Betreff: Re: AW: Tomcat 9 cannot start on windows 10 as service Thank you Thomas,I downloaded procmon from microsoft website, unzipped it, tried to run it (as administator), but got error: access was denied.Do you know what was wrong? I searched internet, all search result was talking about how to use it to solve problems, no onetalk the error of access denied from procmon itself. Thanks. On Tuesday, February 8, 2022, 10:00:38 PM PST, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello, you can also use procmon from Microsoft to analyse the access denied message. You will see which user tries to access which directory and which permission was requested and missing. You need to provide filters to the program in order not getting lost in all the messages within procmon. Greetings, Thomas -Ursprüngliche Nachricht- Von: jonmcalexan...@wellsfargo.com.INVALID Gesendet: Mittwoch, 9. Februar 2022 06:11 An: users@tomcat.apache.org; w...@yahoo.com Betreff: RE: Tomcat 9 cannot start on windows 10 as service > -Original Message- > From: W > Sent: Tuesday, February 8, 2022 10:36 PM > To: users@tomcat.apache.org > Subject: Tomcat 9 can not start on windows 10 as service > > Hi, > I install tomcat 9 using downloaded installation package. It was > installed successfully. I made tomcat manager working. I deployed my > application... > Suddenly, tomcat stopped. Then I try to restart it using windows > service. I got error 5: access denied. I uninstalled tomcat and > re-installed it. The same thing happened. Now I can go to tomcat\bin > directory run startup.bat. It works. > What is wrong? How can I run it automatically using windows service? Please. > Any information would be appreciated. Thanks in advance. Hi W, Kindly check which user is setup to run the Tomcat Service and make sure that that user has at least read/execute permissions to your CATALINA_HOME and CATALINA_BASE directory structures. (Note, this may be the same location depending on how you have configured Tomcat.) More than likely it's the Local System account. You will want to make sure that at least the webapps, work, temp, and logs directory have Modify permissions at a minimum for that user. Hope this helps, B CB [ X ܚX KK[XZ[ \ \ ][ X ܚX P X ] \X K ܙ B ܈Y][ۘ[ [X[ K[XZ[ \ \ Z[ X ] \X K ܙ B - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com
RE: Tomcat 9 Encrpytion of JDBC
Hi There are at least two types of mutual authentication. 1. Device Client A and Server B 2. Human A via browser and Server B All the scenarios you mention have been solved. You just need to know how. X509 certs, the chain of trust, TPMs and HSMs are some the of parts of the solution for both types. Internet Banking does exist. John Orendt john.p.ore...@medtronic.com -Original Message- From: Christopher Schultz Sent: Tuesday, January 18, 2022 11:32 AM To: users@tomcat.apache.org Subject: Re: Tomcat 9 Encrpytion of JDBC John, On 1/18/22 08:37, Orendt, John wrote: > Secrets are more secure with the use of a Trusted Platform Module > (TPM) and / or a Hardware Security Module (HSM). > > Secrets need to be protected both at rest and in transit. Sure. Where you put the password for the TPM or HSM? Or do you enter the password for your HSM/TPM every time you start a process that needs access to secrets? How do you handle unattended restarts? How do you handle massive deployments? Do you manually-enter a password on 1000 servers as they all launch together? On all these kinds of deployments, you usually use a key server. But then how do you authenticate to the key server? With another secret. It's secrets all the way down. At some point, you must trust something, and that something you trust can't be a human, because that doesn't scale or isn't practical for some other reason. I'd love to hear a practical solution to the "secret at rest" problem that actually makes some sense and doesn't just hand-wave the problem off to another component that is Somebody Else's Problem. -chris > -Original Message- > From: Alan F > Sent: Friday, January 14, 2022 2:05 PM > To: Tomcat Users List > Subject: RE: Tomcat 9 Encrpytion of JDBC > > OK thanks Bill! > > -Original Message- > From: Bill Stewart > Sent: 14 January 2022 19:02 > To: Tomcat Users List > Subject: Re: Tomcat 9 Encrpytion of JDBC > > On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote: > > >> Interested to know your best practices on securing jdbc plain text >> passwords, in my last place they used a mechanism to encrypt all passwords. >> Is this the best method as I read some people don't recommend this. >> Any details or procs on best practice appreciated. >> > > The "best practice," generally speaking, is that doing so is basically > pointless from a security perspective. > > https://urldefense.com/v3/__https://cwiki.apache.org/confluence/displa > y/TOMCAT/Password__;!!NFcUtLLUcw!Bhr3E8c3AZFikCj4AHarnHl2emUxh99SUwhyn > Fa-FKWZahvlpv0TmiVo5DveVMgMyg3NbQ$ > > Bill > [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this > email is proprietary to Medtronic and is intended for use only by the > individual or entity to which it is addressed, and may contain > information that is private, privileged, confidential or exempt from > disclosure under applicable law. If you are not the intended recipient > or it appears that this mail has been forwarded to you without proper > authority, you are notified that any use or dissemination of this > information in any manner is strictly prohibited. In such cases, > please delete this mail from your records. To view this notice in > other languages you can either select the following link or manually > copy and paste the link into the address bar of a web browser: > http://emaildisclaimer.medtronic.com > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 9 Encrpytion of JDBC
Hi All Secrets are more secure with the use of a Trusted Platform Module (TPM) and / or a Hardware Security Module (HSM). Secrets need to be protected both at rest and in transit. John Orendt john.p.ore...@medtronic.com -Original Message- From: Alan F Sent: Friday, January 14, 2022 2:05 PM To: Tomcat Users List Subject: RE: Tomcat 9 Encrpytion of JDBC OK thanks Bill! -Original Message- From: Bill Stewart Sent: 14 January 2022 19:02 To: Tomcat Users List Subject: Re: Tomcat 9 Encrpytion of JDBC On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote: > Interested to know your best practices on securing jdbc plain text > passwords, in my last place they used a mechanism to encrypt all passwords. > Is this the best method as I read some people don't recommend this. > Any details or procs on best practice appreciated. > The "best practice," generally speaking, is that doing so is basically pointless from a security perspective. https://urldefense.com/v3/__https://cwiki.apache.org/confluence/display/TOMCAT/Password__;!!NFcUtLLUcw!Bhr3E8c3AZFikCj4AHarnHl2emUxh99SUwhynFa-FKWZahvlpv0TmiVo5DveVMgMyg3NbQ$ Bill [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question about directory listing sorting ..
Doesn't seem to work for me on 9.0.41 (it's an older development box). I found these interesting: ow with patch v3: 1. "s=NA" name=asc 2. "s=ND" name=dsc 3. "s=SA" size=asc 4. "s=SD" size=dsc 5. "s=MA" modify=asc 6. "s=MD" modify=dsc >From here: https://bz.apache.org/bugzilla/show_bug.cgi?id=57287 Before I get too far down the road, I thought I would reach out. Params don't seem to affect listing sort order. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 500 instances of tomcat on the same server
No need to be discouraged. Docker is just a set of tools. You can still use docker to create images, but you dont need docker to use those images in a container. K8s is using industry standard containerd. https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/ John Larsen On Mon, Jun 28, 2021 at 2:22 PM Eric Robinson wrote: > Guido, > > I think you intended that message for me, not Brian. Thanks much for the > feedback. I have been reading about Kubernetes, but I got discouraged when > I saw that they dropped Docker support, since Docker seems to be the most > popular containeriziation technology. Also, most of the Kubernetes > tutorials I saw on YouTube seem to approach it as a dev platform, and we're > not developers. > > -Eric > > > > -Original Message- > > From: Guido Jäkel > > Sent: Monday, June 28, 2021 2:43 PM > > To: Brian Wolfe > > Cc: Tomcat Users List > > Subject: Re: 500 instances of tomcat on the same server > > > > Dear Brian, > > > > please take the time to read about Linux Kernel namespaces as the > technical > > base of containers. It's like two viewpoints to one thing. Take the > network > > namespace as an example: From the conceptual point of view it looks like > > you have N indipended, functional identical "IP Stacks". But from the > > technical point of view, it's just the "well known" single instance just > with an > > additional field at all items that need this (packets, routing tables, > ...) to take > > a tag value that identify the namespace instance. > > > > You may use namespaces with the raw tools like enterns or with LXC or > > Dockers. During runtime of a started container, there's nothing more you > > have to trust but the kernel because for the basics, there's no need of > > additional userland processes to keep a container running. > > > > To run an application in a "container", you start it with a bunch of > instances of > > this namespaces, at least the process namespace. You'll probably take the > > same name for the technical namespace instances - from the conceptual > > point of view this is the name of the container. > > > > Most will start something like the init binary located in a directory > tree of a > > small Linux distribution userland. This may "boot" common services and > the > > result may act like an "indipended platfrom". But you may also launch > just > > single high-level applications like a JVM running a Tomcat. > > > > That's very close to your architecture, but much more easy to handle. > For the > > network stack e.g. you may use the same ports for listeners and have the > full > > range of ports available for connections in each namespace. There are > > different ways available to route the traffic, but in any case you may > use > > individual IPs in each namespace. > > > > greetings > > > > Guido > > > > On 2021-06-28 19:22, Brian Wolfe wrote: > > > Generally, I'd agree too. We are considering using containers, but I'm > > > not yet sure what that buys us in terms of stability. > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > Disclaimer : This email and any files transmitted with it are confidential > and intended solely for intended recipients. If you are not the named > addressee you should not disseminate, distribute, copy or alter this email. > Any views or opinions presented in this email are solely those of the > author and might not represent those of Physician Select Management. > Warning: Although Physician Select Management has taken reasonable > precautions to ensure no viruses are present in this email, the company > cannot accept responsibility for any loss or damage arising from the use of > this email or attachments. >
Re: Archive or package install
Because of the way the installation is dissected and distributed, I found it easier to install from a download and use my own service file. Having the installation in one place also allows me to run concurrent instances of Tomcat having different versions, and/or to save old versions for future reference and know it's all self contained. apt-get installations of tomcat required I memorized three different locations for the installation .. that wasn't good in my case. I'm sure others will have alternative opinions. On 6/18/21, tomcat-li...@thomas.freit.ag wrote: > Hi Onno, > > On 18.06.21 07:07, Sugar Moose wrote: >> I am using Ansible role robertdebock.tomcat to install Tomcat. This role >> uses archives from the Tomcat site to install Tomcat. I have always >> thought that this is a fine approach but the customer has pointed out that >> a package install is preferred because it makes installing security >> updates easier. This customer uses Ubuntu 18.04 and the position of the >> InfraOps engineers is that installing Tomcat from the official Ubuntu >> repository is always preferred. > > Installing Tomcat directly from the archives is easy and straight forward, > in my opinion it should be perfectly fine using upstream as source (you > should at least verify the download). > Especially, if Tomcat plays a major role of the system (i.e. running some > business critical applications), I would always stick to the version from > Tomcat archives. You will end up with a more > recent version of Tomcat, as it is actively developed, those versions will > contain all security fixes (directly from the team and without possible > backporting of security fixes). If you use > CATALINA_HOME and CATALINA_BASE variables you can easily switch between > different Tomcat versions, making it very easy to manage updates and > possible necessary rollbacks. > > I would only stick to the distro-provided packages, if it is a small (in > other words not that important) application running in Tomcat. Just for > reference: With Ubuntu 18.04, you would end up > with 9.0.16 vs. 9.0.48 (Tomcat project) or 8.5.39 vs. 8.5.68 (Tomcat > project), which is about 2 years old software. For any errors you might get > on distro packages, first hint would most > likely be to update to a recent Tomcat version. Even if security fixed are > backported by the distro, you would end up with versions missing a lot of > fixes and improvements. > >> I don't know how exactly using apt packages makes life a lot easier when >> it comes to security updates. I think it depends. If Ansible manages the >> version it looks more or less the same to me. The Ansible role would have >> an var for example tomcat_version and the value would determine the what >> version is on the system. Updating Tomcat using Ansible would be same >> proces: update tomcat_version var and provision the node. When Ansible is >> not managing the version but is used for example only for the initial >> install using Ansible package module it becomes a bit of a puzzle to >> figure out how this would work. And also would have some drawbacks. >> Ansible is good at configuration management and orchestration for example. >> Apt not really. > > Yes, Ansible is much more flexible for managing the configuration and > deployment-parts. You will need something for that task, even if you use the > distro-provided packages. > >> What is the position / what are the thoughts on this in the Tomcat >> community? On the Tomcat website I could find no information on package >> install. I don't think a recommended installation approach is mentioned >> there. > > In short: If your application in Tomcat is important, use the Tomcat archive > up to date versions, if not distro packages might be sufficient. This might > be challenging, if Tomcat is managed by > the infrastructure team (from my experience, there is always a trend towards > the distro packages, sometimes with the argument support by the distro). It > might help, if managing the Tomcat can > be done by the applications support/devops team (however, that might depend > on the organisation constraints). > > hth, > Thomas > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat 10.0.7 available
Awesome! John On 6/17/21, Mark Thomas wrote: > The Apache Tomcat team announces the immediate availability of Apache > Tomcat 10.0.7. > > This release is targeted at Jakarta EE 9. > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. This conversion is performed using the Apache Tomcat > migration tool for Jakarta EE tool which is also available as a separate > download for off-line use. > > Apache Tomcat 10 is an open source software implementation of the > Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, > Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations > specifications. > > The notable changes compared to 10.0.6 include: > > - Improve robustness of HTTP/2 HPACK decoding > > - Improvements to the handling of the Transfer-Encoding header > > - Review code used to generate Java source from JSPs and tags and remove >code found to be unnecessary. > > Please refer to the change log for the complete list of changes: > http://tomcat.apache.org/tomcat-10.0-doc/changelog.html > > Downloads: > http://tomcat.apache.org/download-10.cgi > > Migration guides from Apache Tomcat 7.0.x, 8.5.x and 9.0.x: > http://tomcat.apache.org/migration.html > > Enjoy! > > - The Apache Tomcat team > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem posting to Tomcat ssl connector ..
Just to note - this was fixed in the latest release of Tomcat and I'm humming along again .. But it would be good to track down what is happening to help folks who can't just upgrade like me. Side note - you'll recall that in the last year or so I've been on an upgrade tear from 7.x to present including Java versions. So, now I'm all caught up. This year I would like to integrate major release versions of Tomcat into my build so I can debug Tomcat source and help-out more with bugs. Sincerely, John On 6/1/21, Mark H. Wood wrote: > On Fri, May 28, 2021 at 01:32:47PM -0600, John Dale wrote: >> Page loads fine. >> >> Other pages load fine. >> >> SSL handshakes are working until .. >> >> An Ajax post with a base64 encoded image in the data. >> >> I debugged up to the request and it's fine. >> >> I debugged the server and it's not reaching my component. >> >> Tomcat is killing the connection for some reason. >> >> Thought it might be maxSavePostSize .. bumped that up in the SSL >> connector. >> >> No dice. >> >> Request post is around 300K. >> >> What's going on!? > > I suppose there's nothing useful in the logs? Can anyone suggest > adjustments that might log relevant observations? > > -- > Mark H. Wood > Lead Technology Analyst > > University Library > Indiana University - Purdue University Indianapolis > 755 W. Michigan Street > Indianapolis, IN 46202 > 317-274-0749 > www.ulib.iupui.edu > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Pi Based Java Work
The limit query was repeating data at the borders of my pages. I whittled it down to a specific case and it was definitely not sorting properly. Very strange behavior! John On 6/1/21, Christopher Schultz wrote: > John, > > On 5/28/21 20:21, John Dale wrote: >> MariaDB has a sorting/limit problem that I haven't reported, yet (had >> to work around it). > > I'm interested in this. What is happening to you? > > -chris > >> On 5/28/21, Christopher Schultz wrote: >>> John, >>> >>> On 5/28/21 15:32, John Dale wrote: >>>> I debugged the server and it's not reaching my component. >>>> >>> > >>> > >>>> Request post is around 300K. >>>> >>>> Tomcat 9 on a raspberry pi 4 (w00t!). >>> >>> Maybe you are still just waiting around for that tiny CPU to run all >>> that bytecode. >>> >>> /snark >>> >>> Seriously, though, I'd be interested to hear about your pi-based Java >>> work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't >>> managed to do anything with besides running EmulationStation (which I >>> highly recommend for anyone who grew up with an NES. Pew-pew!). >>> >>> -chris >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Solved my Problem posting base64 image to Tomcat ssl connector on raspberry pi with JQuery and Ajax ..
I upgraded DB2DOM to 9.0.41 manually, updated systemd and consolidated all the files that were distributed by apt-get. Once apps were back up and running, still no luck. Upgraded DB2DOM to 9.0.46, same result. Upgraded to 10.0.6, globally searched and replaced javax.websocket and javax.servlet and rebuilt. Reviewed and made configuration changes. It worked-out. Upgrading my ubuntu cloud instance next, which translates really well from the pi (systemd, apt-get etc). Not sure if it was a small configuration change to server.xml's ssl connector, or libraries that were fixed after the version 10 pop. I'm a little bummed it broke backward compatibility (without some gymnastics), but then .. I think DB2DOM doesn't run on really old versions of Java, either (I'm on 8). So, I have the Pi 4 running MariaDB, Tomcat 10, now. So far, all regression tests are passing and it looks like we've got it all figured out. The only browser that would POST a 500k packet was FireFox, which leans me to believe there was maybe a chunking issue or some other platform-specific compatibility issue (like HTTP 2 vs 1.2 vs 1.1). Thanks for the help, John! /snark Sincerely, John DB2DOM On 5/28/21, Christopher Schultz wrote: > John, > > On 5/28/21 15:32, John Dale wrote: >> I debugged the server and it's not reaching my component. >> > > > > >> Request post is around 300K. >> >> Tomcat 9 on a raspberry pi 4 (w00t!). > > Maybe you are still just waiting around for that tiny CPU to run all > that bytecode. > > /snark > > Seriously, though, I'd be interested to hear about your pi-based Java > work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't > managed to do anything with besides running EmulationStation (which I > highly recommend for anyone who grew up with an NES. Pew-pew!). > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Pi Based Java Work
I use ant. And git hooks (sometimes). I don't have many dependencies .. pdfbox, some commons http stuff, mail, jax, jdbc, gson. Dev build builds local expanded directory deployment, touch web.xml to reload the app. Prod build builds the jar/war. DB2DOM provides persistence, vws, security, and other doodads. I've proven the example in a few dozen scenarios including MP3 audio encoding and video streaming from an underground mine (4000+ feet). I run tomcat with DB2DOM in dev .. access and modify css, JS, and Java in a web browser (syntax highlighting is the extent of my coding assistance, DB2DOM makes things pretty routine so I don't need to know many libraries, and the compiler gives me detailed information). I'm doing jdb remote debugging by command line as needed. I have build, buildProd, deployProd scripts that don't completely automate to production server (but could very simply, I just don't so I have some human intervention). The entire solution including DB2DOM, but not the application code is around 250K including scripts of my code for build/deploy. Hey, at least I don't have property files. My properties are stored in the DB. It's pretty simple, lightweight, and fun to save a CSS/JS file to the server and immediately test, and to have lowest common denominator scripts for dev/ops that tend to be easy to troubleshoot (lots of older school script experts out there). The entire thing including a web browser runs on a 3B+, even. It's a little slow, but in terms of what is usually required to support an enterprise development environment, DB2DOM does for software what the CNC machine did for manufacturing (spoiler alert, CNC didn't take over all manufacturing, but did force multiply design capabilities by being able to rough-out 90% of the work for a toolmaker). I create a table, then use a simple API to CRUD tables: Data.create(connection, "Table", populatedHash, catalog); Data.findHash(connection, "Table", "sqlLookup", paramsCollection, catalog); I have created a data navigator that allows me to populate test data through a web browser that keeps all the ID's in synch. It handles blobs, images, audio, boolean, string, and date. So, I have a graph crud'er that is fully functional for tables that I just created (and tables I haven't created, yet). This has been very valuable for new applications, to create test data immediately that has relational integrity. DB2DOM reads db metadata and maintains an in-memory model to drive automation of coding tasks and produce other metadata/compilable code that can be copy/pasted. I once used DB2DOM to auto-generate a complete set of entity beans for an entire schema. It was not a high value proposition, just a challenge issued to me and the challenge was accepted. I also used DB2DOM to create the unicorn of information systems engineering .. the generic entity bean. But it was redundant. DB2DOM did everything better and more lightweight. But it was a nice proof of concept. I built this all myself without some super genius middle manager poking me in the back all the time. Go figure. Sincerely, John On 5/28/21, Rob Sargent wrote: > > > On 5/28/21 6:21 PM, John Dale wrote: >> Tried sending another email .. doesn't appear to have worked. >> Internet hicupped. >> >> It's working just like Ubuntu in the cloud. >> >> Pi 4 is very fast, but I'm also running DB2DOM (middleware microkernel >> miniaturized O/R M, Html5 IDE, and Virtual Web Server). >> >> MariaDB has a sorting/limit problem that I haven't reported, yet (had >> to work around it). >> >> Tomcat, OpenJDK, and Raspbian are all humming along together on a 4gig Pi >> 4. >> >> DB2DOM is stateless so load balancing is pretty straightforward. >> >> Thinking about extending DB2DOM to use an Object Database (oh yeah, I said >> it). >> >> What are you working on? >> >> Hit me back. >> >> John >> >> > What build tool(s) are you using? I'm on an ubu desktop, which may or > may not have tomcat "installed" but I'm developing a standard 3-tier app > with embedded tomcat 9.0.46 (which certainly wouldn't be installed by > apt). I use gradle to manage dependencies, etc. I can get what-ever > version of which-ever shiny object I want. (Then the whole > kit-and-kaboodle get deployed at AWS. And it's working!) > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Pi Based Java Work
Tried sending another email .. doesn't appear to have worked. Internet hicupped. It's working just like Ubuntu in the cloud. Pi 4 is very fast, but I'm also running DB2DOM (middleware microkernel miniaturized O/R M, Html5 IDE, and Virtual Web Server). MariaDB has a sorting/limit problem that I haven't reported, yet (had to work around it). Tomcat, OpenJDK, and Raspbian are all humming along together on a 4gig Pi 4. DB2DOM is stateless so load balancing is pretty straightforward. Thinking about extending DB2DOM to use an Object Database (oh yeah, I said it). What are you working on? Hit me back. John On 5/28/21, Christopher Schultz wrote: > John, > > On 5/28/21 15:32, John Dale wrote: >> I debugged the server and it's not reaching my component. >> > > > > >> Request post is around 300K. >> >> Tomcat 9 on a raspberry pi 4 (w00t!). > > Maybe you are still just waiting around for that tiny CPU to run all > that bytecode. > > /snark > > Seriously, though, I'd be interested to hear about your pi-based Java > work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't > managed to do anything with besides running EmulationStation (which I > highly recommend for anyone who grew up with an NES. Pew-pew!). > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Problem posting to Tomcat ssl connector ..
ran apt-get install tomcat9 and it upgraded these packages: libtomcat9-java tomcat9 tomcat9-common Still did not resolve the issue, however. Looking for a guide to manually upgrade a package installed with apt-get. Suggestions? On 5/28/21, Christopher Schultz wrote: > John, > > On 5/28/21 15:32, John Dale wrote: >> I debugged the server and it's not reaching my component. >> > > > > >> Request post is around 300K. >> >> Tomcat 9 on a raspberry pi 4 (w00t!). > > Maybe you are still just waiting around for that tiny CPU to run all > that bytecode. > > /snark > > Seriously, though, I'd be interested to hear about your pi-based Java > work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't > managed to do anything with besides running EmulationStation (which I > highly recommend for anyone who grew up with an NES. Pew-pew!). > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Problem posting to Tomcat ssl connector ..
The thick plottens. When I do apt-cache show tomcat9: Package: tomcat9 Version: 9.0.31-1~deb10u4 ... S .. simple and good way to upgrade this via apt-get? Or will I have to manually be overwriting stuff (yuck). John On 5/28/21, Christopher Schultz wrote: > John, > > On 5/28/21 15:32, John Dale wrote: >> I debugged the server and it's not reaching my component. >> > > > > >> Request post is around 300K. >> >> Tomcat 9 on a raspberry pi 4 (w00t!). > > Maybe you are still just waiting around for that tiny CPU to run all > that bytecode. > > /snark > > Seriously, though, I'd be interested to hear about your pi-based Java > work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't > managed to do anything with besides running EmulationStation (which I > highly recommend for anyone who grew up with an NES. Pew-pew!). > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Problem posting to Tomcat ssl connector ..
definitely related to the post size .. smaller images work, larger images do not work, but the larger images are only 500k, so it's not a maxpostsize issue. I'm running apache-tomcat-9.0.41, so this shouldn't apply: https://stackoverflow.com/questions/63050276/tomcat-9-long-https-request John On 5/28/21, Christopher Schultz wrote: > John, > > On 5/28/21 15:32, John Dale wrote: >> I debugged the server and it's not reaching my component. >> > > > > >> Request post is around 300K. >> >> Tomcat 9 on a raspberry pi 4 (w00t!). > > Maybe you are still just waiting around for that tiny CPU to run all > that bytecode. > > /snark > > Seriously, though, I'd be interested to hear about your pi-based Java > work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't > managed to do anything with besides running EmulationStation (which I > highly recommend for anyone who grew up with an NES. Pew-pew!). > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problem posting to Tomcat ssl connector ..
Page loads fine. Other pages load fine. SSL handshakes are working until .. An Ajax post with a base64 encoded image in the data. I debugged up to the request and it's fine. I debugged the server and it's not reaching my component. Tomcat is killing the connection for some reason. Thought it might be maxSavePostSize .. bumped that up in the SSL connector. No dice. Request post is around 300K. What's going on!? Tomcat 9 on a raspberry pi 4 (w00t!). Everything is working fantastically save this one item. Sincerely, John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 10 and import org.apache.commons.fileupload.FileItem problem
Hi I found sample code for an UploadServlet with these imports import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; This worked well with Tomcat 9. However, when I switched to a new Windows 10 device, I installed Tomcat 10.05 After, replacing javax with jakara in imports most Servlets worked well, with the exception of UploadServlet Which uses the above imports. I get a compile error : The type javax.servlet.http.HttpServletRequest cannot be resolved. It is indirectly referenced from required .class files Using import jakarta.servlet.http.HttpServletRequest also does not work. I may be on the wrong path. Is there a newer version of jakartaee-migration-0.2.0-shaded.jar available? Your insights are appreciated. John Orendt john.p.ore...@medtronic.com [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com
Tomcat, maybe Apache on Widows 10
Hi My goal is to set up a web server on Windows 10 that supports TLSv1.3 with mutual authentication. I have had success with Apache on Ubuntu 20.04. I was able to generate the server and client x509 leaf certs which apache validates up the chain of trust and actually does refuse the connection if a client cert has been revoked. Very nice. Also, Apache provides these useful environmental variables like REMOTE_ADDR, SSL_CLIENT_VERIFY, SSL_CLIENT_S_DN, and SSL_PROTOCOL. I'm using ProxyPass, ProxyPassReverse as a connector to Tomcat 9. Unfortunately, these env vars do not get through to Tomcat 9. For other reasons, related to TPM, I need to get this to work on Windows 10. So far, my best three options are : 1. Use Tomcat 9 standalone and configure TLSv1.3 2. Use Tomcat 10 standalone and configure TLSv1.3 3. Use Apache2 and Tomcat and find a work around to get the environmental variables To Tomcat For configuring TLS on Tomcat 9 or 10, a working example would be useful. Will standalone Tomcat validate certs up the chain of trust and actually refuse the connection if a client cert has been revoked? Please advise. John Orendt john.p.ore...@medtronic.com [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com
Re: Apology: Sorry ponytail guy
John from DB2DOM.COM also wishes to apologize on their behalf. Really sincere and super apologetic regards from South Dakota, John On 3/29/21, Som Lima wrote: > Hi, > > You suggested using GIT I thought you were suggesting putting my code on > github. > > > Zahid from backbutton.co.uk wishes to apologise for the misunderstanding. > My bad. > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about TLS/SSL setup and SSLHostConfig or not
I usually let the apache webserver or nginx handle the SSL while proxying to the tomcat. To use tomcat's built in server you'll need to import the SSL certificate into the keystore via your jdk. John Larsen On Tue, Mar 2, 2021 at 3:06 PM Alex wrote: > Hi. > > I try to make a "good" tomcat config and read the docs. > > Now in the Connector doc is the following statement. > > http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support > http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support > > Each secure connector must define at least one SSLHostConfig. > > But when I look into the SSL/TLS Configuration How-To is the snipplet > without SSLHostConfig. What's now the "best" way to setup TLS/SSL > with tomcat. I would prefer to put SSLHostConfig but I'm not sure if > it's the way how the developer think to setup the TLS in tomcat? > > I use JSSE as implementation. > > http://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html > http://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html > > ``` > > protocol="org.apache.coyote.http11.Http11NioProtocol" > port="8443" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="${user.home}/.keystore" keystorePass="changeit" > clientAuth="false" sslProtocol="TLS"/> > ``` > > What's your suggestion and opinion to configure the tomcat in a > proper way to use TLS also for the future versions. > > Regards > Alex > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat vs simple hand rolled standalone server ..
Greetings Everyone; I'm writing for small devices with limited power. Last year I wrote a simple web server to receive GET requests to do a handful of commands over the network that included some sound card interfacing among other things. It got me thinking about Tomcat in terms of flood/overflow/security protections. What is tomcat 9x doing if anything for this? Are buffer overflow protections something provided by the JVM/FW/OS alone? What other information does tomcat have beyond declarative security in web archive metadata? Thanks, John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Recognizing Certificate Updates
This is why we set up SSL through the web server instead of tomcat. Apache webserver -> SSL -> Mod_jk <-> Tomcat John Larsen On Sat, Dec 26, 2020 at 10:43 AM Jerry Malcolm wrote: > We have a production environment where we rarely reboot Tomcat. > LetsEncrypt auto-updates the certificates every couple of months. But > the new certificates are not loaded into Tomcat. So when the original > expiration date of the certs arrives, users get "certificate expired" > even though new certs exist. A simple reboot to load the new certs > fixes it. But we want to avoid reboots. Are there any config > parameters that tell TC to check for cert updates and reload the new > certs? Thx > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Something I still don't quite understand, Re: Let's Encrypt with Tomcat behind httpd
I had to write some custom code to look for the lets encrypt headers then respond appropriately for verification. It wasn't too bad, although I don't like having that entity-specific code in there so I've isolated and commented it. On 8/25/20, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > > On 8/24/20 13:24, James H. H. Lampert wrote: >> On 8/24/20 9:57 AM, Christopher Schultz wrote: >>> So your RewriteCond[ition] is expected to always be true? Okay. >>> Maybe remove it, then? BTW I think your rewrite will strip query >>> strings and stuff like that. Maybe you just want >>> RedirectPermanent instead of Rewrite(Cond|Rule)? >>> >>> Okay, so everyone gets redirected from http://exmaple.com/ to >>> https://example.com/. If LE requests >>> http://example.com/.well-known/uherfhuerhfiu then it will be >>> redirected to https://example.com/.well-known/uherfhuerhfiu, >>> presumably locate the correct file and authorize the certificate >>> request, right? >>> >>> But you have said that "everything is unconditionally passed to >>> Tomcat". You posted some config that definitely passes some >>> things to Tomcat, but without seeing the rest of the >>> configuration it's not possible to know for sure >>> nothing else is going on. >> >> Ok. In the original post, I posted the virtual host configuration >> as it was at the time, with meaningful domain names and IP >> addresses redacted, and some commented-out, abandoned-in-place >> lines removed. >> >> Here is what I currently have in place, albeit with names and IP >> addresses "changed to protect the innocent." I'm sending you the >> uncensored version off-List. >> >> ServerName foo.frobozz.com # ServerAlias >> bar.frobozz.com DocumentRoot /var/www/html/test ServerAdmin >> i...@frobozz.com AllowOverride All >> RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. >> [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} >> [R=301,L] >> >> ServerName >> foo.frobozz.com # ServerAlias bar.frobozz.com DocumentRoot >> /var/www/html/test ServerAdmin i...@frobozz.com # > /var/www/html/test> # AllowOverride All # # > "https://foo.frobozz.com/manager/html/*;> # Require ip >> aa.bb.cc.dd # # > "https://bar.frobozz.com/manager/html/*;> # Require ip >> aa.bb.cc.dd #Require ip aa.bb.cc.dd >> ww.xx.yy zz pp.dd.qq.xx >> Require ip aa.bb.cc.dd ww.xx.yy zz pp.dd.qq.xx >> ProxyPass "/" "http://127.0.0.1:8080/; ProxyPassReverse "/" >> "http://127.0.0.1:8080/; ProxyRequests Off Include >> /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile >> /etc/letsencrypt/live/foo.frobozz.com/fullchain.pem >> SSLCertificateKeyFile >> /etc/letsencrypt/live/foo.frobozz.com/privkey.pem >> > > Yeah... that''s pretty straightforward. Hmm. > > No other VirtualHosts? Non other web servers in the mix (e.g. > load-balancer which alreaddy redirects to HTTPS), etc.? > > That seems pretty mysterious to me, too. > > Are you using VH-based authentication with LE? Meaning, you aren't > using DNS authentication or anything like that? > > I think once you have configured the server once with an LE > certificate, renewals can use the existing certificate as > proof-of-ownership without having to put the file into /.well-known. > Or something. I have forgotten the details. > > So maybe that's it: you've already bootstrapped the process and so > it's smoother, now. Maybe? > > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9FHD0ACgkQHPApP6U8 > pFi58xAAvux94C7QCOUkLj8MLGiQV57/ImcTa85nMme2H2ywpZ7JQozlssU6CSpH > FAYFCOP3U3EH6A9AzFeSZhW+sKMeBt6uF3QR/2QF3vGmg5/KcB0srcdBcn6eejVc > KrUnVKx5lcK+hmyXPlIVdGb+koiDl1D1omkeOxdQOaniNfGvW1LgUxouRXpUBTfJ > JK5oe7yV5U8Ge5Wm+pOIrpf/4Y0JqluNJplQIEVWv3x7EsJtSKVKIoCXfPyGf36g > aGmFRsh6XvndllaV/FBxx/K9zh5TG1GijkfO+vsl4l3ZXnljJm1h4Vx/1Y6KEUbM > x9Zv8QgNpXsmZ+ylfi3hK0l9V7rkUB6ZX5mYJa9ABPXYtkE/rvCpG6RijVgY9WA4 > 4LXKW74+QR9R352OLBCgvE2gjRgVTX/KmoGasBrB3mDYd+vELkBCcXlHAQkYBVqw > KL4UIL3SUEnV4jDfrJ/g2ujyPKd9+ED7EECM91lWg6Lcunc5865qJfPvykIDaBnZ > kASElxqRGqmTUEi57z+BKJNRBs+ME9f7JOlT8iaoB2wKJC8CrUnGNtrFpvBxhehb > GY4uPrUZro7NjuJ/jALnb1CeedeL9+OohxqbTYECaoeS4Op8vNNU6/FtUH9BTjWD > mlaXkhrGr7puf4AjPg9geE/0h5Bg+ltTh8yrK1o+4jrct34S438= > =6dbK > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question regarding servlet lifecycle and connection pooling ..
Greetings; We've wrapped my connection pool interface in a Factory. Can you confirm how the current request's thread is used by JDBC connection pooling to MySQL? Sincerely, John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Vulnerability flagged in Nessus Scan
As the concern is that an erro page will show the tomcat version/patch info AND a stacktrace,\ I found the easier/better? solution to be adding . showReport="false" showServerInfo="false" to the Error Report Valve section at the bottom of server.xml (and addin or or uncommenting that valve section...): On Wed, Jun 3, 2020 at 5:40 AM Martin Grigorov wrote: > On Wed, Jun 3, 2020 at 11:14 AM FANG YAP wrote: > > > Hello Martin, > > > > It is to say that I have to declare something like this in web.xml file? > > > > > > java.lang.Exception > > /error.jsp > > > > Better use the error-code ones from the StackOverflow link I gave you. > Your approach will cover only error code 500 (for Exceptions, but not for > java.lang.Error) and won't cover NotFound (404) and the others. > I guess Nessus won't be totally happy with your approach. > > > > > > Regards with Thanks, > > > > Fang > > > > On Wed, 3 Jun 2020, 15:56 Martin Grigorov, wrote: > > > > > Hi, > > > > > > On Wed, Jun 3, 2020 at 5:53 AM FANG YAP wrote: > > > > > > > Resend > > > > > > > > On Wed, 3 Jun 2020, 10:10 FANG YAP, wrote: > > > > > > > > > Hi Tomcat, > > > > > > > > > > Nessus scanned and found issue in Apache Tomcat Port 8080 > > > > > > > > > > Port: 8080 > > > > > Plugin Text: > > > > > The server is not configured to return a custom page in the event > of > > a > > > > > client requesting a non-existent resource. This may result in a > > > potential > > > > > disclosure of sensitive information about the server to attacker. > > > > > > > > > > Apache Tomcat Version: 8.5.43 > > > > > JDK 8: 1.8.0_212 (Will be upgrading to latest soon to latest > > 1.8.0_251) > > > > > > > > > > To configure custom error pages and thus to suppress this issue you > can: > > > 1) use ErrorReportValve > > > < > > > > > > https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Error_Report_Valve > > > > > > > > > > 2) configure error-page elements in your application web.xml - > > > https://stackoverflow.com/a/7066536/497381 > > > > > > > > > > > > > > > > Your assistance would be greatly appreciated > > > > > > > > > > Rgs, > > > > > Fang > > > > > > > > > > > > > > >
Re: CentOS Tomcat install seems to ignore setenv.sh
Should be chmod 644 and also I wouldnt recommend running tomcat as root. John Larsen On Tue, May 12, 2020 at 9:28 AM Patrick Baldwin wrote: > I've gotten passed an odd (to me, anyway) issue with one of our clients > CentOS systems. > > When our webapp starts running, tomcat dies shortly thereafter with an > OutOfMemoryError. This apparently just started a few days ago. > > System info: > > Tomcat Version: Apache Tomcat/7.0.76 > > JVM version: 1.8.0_191-b12 > > OS: CentOS Linux release 7.6.1810 (Core) > > > This seemed to indicate that catalina.sh isn’t the place for environment > variables on Tomcat 7 for Linux: > > https://forums.centos.org/viewtopic.php?t=54207 > > > Since there isn’t a setenv.sh in /usr/local/tomcat/bin, we create one: > > https://stackoverflow.com/questions/9480210/tomcat-7-setenv-sh-is-not-found > > 195$ ls -l /usr/local/tomcat/bin/setenv.sh > > -rwxrwxrwx. 1 root tomcat 110 May 11 12:56 /usr/local/tomcat/bin/setenv.sh > > 45$ cat /usr/local/tomcat/bin/setenv.sh > > export CATALINA_OPTS="-server -Xms2048m -Xmx2048m" > > export JAVA_OPTS="-XX:PermSize=256m -XX:MaxPermSize=2048m" > > 46$ > > > System memory before starting tomcat: > > 188$ free -h > > totalusedfree shared buff/cache > available > > Mem:11G2.3G2.2G2.0G7.1G > 6.7G > > Swap: 8.0G1.0G7.0G > > > Started tomcat, with sudo service tomcat start > > Tomcat journal error: > > > May 11 17:48:59 protrack server[7298]: SEVERE: Unexpected death of > background thread ContainerBackgroundProcessor[StandardEngine[Catalina]] > > May 11 17:48:59 protrack server[7298]: java.lang.OutOfMemoryError: GC > overhead limit exceeded > > May 11 17:48:59 protrack server[7298]: Exception in thread > "ContainerBackgroundProcessor[StandardEngine[Catalina]]" > java.lang.OutOfMemoryError: GC overhead limit exceeded > > May 11 17:49:38 protrack server[7298]: Exception: > java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in > thread "http-bio-8080-AsyncTimeout" > > May 11 17:49:39 protrack server[7298]: Exception: > java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in > thread "ajp-bio-8009-AsyncTimeout" > > May 11 17:49:42 protrack server[7298]: Exception in thread > > "org.springframework.scheduling.quartz.SchedulerFactoryBean#0_QuartzSchedulerThread" > > > Application log error: > > Caused by: java.lang.OutOfMemoryError: GC overhead limit exceeded > > 2020-05-11 17:49:50 > [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-2] > ERROR o.s.t.i.TransactionInterceptor - Application exception overridden by > rollback exception > > java.lang.OutOfMemoryError: GC overhead limit exceeded > > > System memory while tomcat is up, after the OutOfMemoryError pops: > > ksmq_tv 191$ free -h > > totalusedfree shared buff/cache > available > > Mem:11G3.5G1.0G2.0G7.1G > 5.5G > > Swap: 8.0G1.0G7.0G > > > Stopped with sudo service tomcat stop > > > > System memory after tomcat stopped: > > ksmq_tv 194$ free -h > > totalusedfree shared buff/cache > available > > Mem:11G795M3.7G2.0G7.1G > 8.2G > > Swap: 8.0G1.0G7.0G > > > > It sure doesn't look like something is actually running the system out of > memory at a system level; usage is definitely impacted by starting our app, > but that's expected. > > Assuming no one finds any obvious errors with how we implemented setenv.sh, > is there some way to verify what memory limitations tomcat is actually > running under? > > I was also wondering if anyone knew an open source webapp that would be > good to deploy to see if this problem is tomcat specific or an issue with > our webapp? I figure if I deploy something else that doesn't promptly > throw an OutOfMemoryError, then it might be more of a dev issue and less > of a tomcat config issue. Trying to at least figure out what direction I > need to be looking in, any help much appreciated. >
Re: Strange behavior when deploying new war
Turns out the developer was deleting the app dir along with war and restarting. John On Thu, Apr 23, 2020 at 1:19 PM John Larsen wrote: > Ah doing ROOT.war is my pet peeve. I find this bad practice. Its nice to > have ROOT especially when the developer insists theres something wrong with > tomcat when really its their webapp. Having ROOT intact, can show that by > removing their webapp and tomcat works. > > As for "/" vs "" - not sure that would solve the problem - i mean > logically it doesnt make sense, but I will give it a try. > > John Larsen > > > On Thu, Apr 23, 2020 at 1:15 PM Mark Thomas wrote: > >> On 23/04/2020 20:10, John Larsen wrote: >> > Ok so my next question is how to handle this better? The goal here is so >> > that one does not have to enter /webappName/ on the end of the domain. >> > We use the context to tell Tomcat which webapp to load instead of ROOT. >> >> Name the file "ROOT.war" >> >> And if you need some sort of identifier on the file: >> "ROOT##alnomost-any-text-you-like.war" >> >> In the meantime, try specifying the path in server.xml as "" rather than >> "/". >> >> Mark >> >> >> > >> > John Larsen >> > >> > >> > On Thu, Apr 23, 2020 at 12:47 PM Christopher Schultz < >> > ch...@christopherschultz.net> wrote: >> > >> > John, >> > >> > On 4/23/20 14:38, John Larsen wrote: >> >>>> New tomcats 9.0.34 seems to fail when uploading new war when theres >> >>>> a context in server.xml pointing to the particular exploded war. >> >>>> Says 'The main resource set specified is not valid.' It's like hot >> >>>> deploy is deleting the old webapp and restarting tomcat? >> >>>> >> >>>> > >>>> >> >>>> docBase="/home/some/path/tomcat/webapps/webappName"> >> >>>> >> >>>> >> >>>> >> >>>> To work around this one has to comment out the above context, start >> >>>> tomcat so the war will deploy, uncomment and then restart tomcat >> >>>> again. >> > >> > Is there a compelling reason to have in your conf/server.xml >> > file at all? It sounds like it's not doing anything for you; indeed it >> > it giving you a headache. >> > >> > -chris >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> >> >> > >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> -- John Larsen __ <https://javapipe.com/> <https://www.facebook.com/Javapipe/> <https://twitter.com/JavaPipe> <https://www.linkedin.com/company/javapipe-llc>
Re: Strange behavior when deploying new war
Ah doing ROOT.war is my pet peeve. I find this bad practice. Its nice to have ROOT especially when the developer insists theres something wrong with tomcat when really its their webapp. Having ROOT intact, can show that by removing their webapp and tomcat works. As for "/" vs "" - not sure that would solve the problem - i mean logically it doesnt make sense, but I will give it a try. John Larsen On Thu, Apr 23, 2020 at 1:15 PM Mark Thomas wrote: > On 23/04/2020 20:10, John Larsen wrote: > > Ok so my next question is how to handle this better? The goal here is so > > that one does not have to enter /webappName/ on the end of the domain. > > We use the context to tell Tomcat which webapp to load instead of ROOT. > > Name the file "ROOT.war" > > And if you need some sort of identifier on the file: > "ROOT##alnomost-any-text-you-like.war" > > In the meantime, try specifying the path in server.xml as "" rather than > "/". > > Mark > > > > > > John Larsen > > > > > > On Thu, Apr 23, 2020 at 12:47 PM Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > John, > > > > On 4/23/20 14:38, John Larsen wrote: > >>>> New tomcats 9.0.34 seems to fail when uploading new war when theres > >>>> a context in server.xml pointing to the particular exploded war. > >>>> Says 'The main resource set specified is not valid.' It's like hot > >>>> deploy is deleting the old webapp and restarting tomcat? > >>>> > >>>> >>>> > >>>> docBase="/home/some/path/tomcat/webapps/webappName"> > >>>> > >>>> > >>>> > >>>> To work around this one has to comment out the above context, start > >>>> tomcat so the war will deploy, uncomment and then restart tomcat > >>>> again. > > > > Is there a compelling reason to have in your conf/server.xml > > file at all? It sounds like it's not doing anything for you; indeed it > > it giving you a headache. > > > > -chris > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Strange behavior when deploying new war
Ok so my next question is how to handle this better? The goal here is so that one does not have to enter /webappName/ on the end of the domain. We use the context to tell Tomcat which webapp to load instead of ROOT. John Larsen On Thu, Apr 23, 2020 at 12:47 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > John, > > On 4/23/20 14:38, John Larsen wrote: > > New tomcats 9.0.34 seems to fail when uploading new war when theres > > a context in server.xml pointing to the particular exploded war. > > Says 'The main resource set specified is not valid.' It's like hot > > deploy is deleting the old webapp and restarting tomcat? > > > > > > > docBase="/home/some/path/tomcat/webapps/webappName"> > > > > > > > > To work around this one has to comment out the above context, start > > tomcat so the war will deploy, uncomment and then restart tomcat > > again. > > Is there a compelling reason to have in your conf/server.xml > file at all? It sounds like it's not doing anything for you; indeed it > it giving you a headache. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6h4pwACgkQHPApP6U8 > pFgkhw/7BGcgqAHCvwsp9n/ZaO1R9IvWNI2bYaznY/bkrhLjuDMFhcg7AFUUjBR3 > EITRLM5MyBHf1Uo0mdRwVQxkGbpgbgctJ4cdFY+B/cuPZoqNt26xmQO3CW3J8SFO > 7ij5YDos5wIeXBhueQdT9blMFgLAQ/d6tkyRqQSazZlMs5rnXRUcKhU8QLgRXSF0 > 431I3/vQnzekM4eHA8jTe23zPkOVHOfF+LEtWSlVVif+7DaisrKw8DVR62mhrO/U > 3IpPT8xO8Hwj3wglSEslbMV2dIVlUBzLrrMOlXxmkPdbXEZHJEatGoqC35vsJAq4 > Jxp7gbueSTZZKeFaq6nYbV2wwQo4uE5jU95hVe21EMqtFWm+Kx6fzRIqGkcph9IT > A0HYxdi8J61NMMjHkwvaBhHBQscSq5N2P3uPi6WMMxDxKr2TrlggoP+9JfMaLmgP > Z+HIdFB05QxXKJC28LuYbY2LGO87jWl0IHNsV+5/Y0TJDXzaZuLxLPRWTDfzCHkd > d4xknKyfOd+GnZbThtmPSPPX9uZxBc6Yvb77vbjCKWhbtKPSknQrwWoIykQHLwgX > Xghl3asjpDm5nD+ZPEKYZKeEsQVfvGGy1BFv+DncV1RVea0gEhMYlNqv7pUQCyS9 > 6DUNysW7ONkOkdit48W0tnF6xc5Wgzf6hUY8knAexH/LB810TbQ= > =GVSH > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Strange behavior when deploying new war
New tomcats 9.0.34 seems to fail when uploading new war when theres a context in server.xml pointing to the particular exploded war. Says 'The main resource set specified is not valid.' It's like hot deploy is deleting the old webapp and restarting tomcat? To work around this one has to comment out the above context, start tomcat so the war will deploy, uncomment and then restart tomcat again. John Larsen
Re: Why does Tomcat open connections on localhost?
I always appreciate your depth of knowledge, Chris. "hand-wavy device supporting NIO for Java" Could you write us a quick paragraph expanding on this idea? I'm happy to follow a pointer to a well written article (something up to your standards). On 3/31/20, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Frank, > > On 3/31/20 09:30, Frank Tornack wrote: >> Yes, these too are for communication between processes. Only you >> don't use the network stack. This is a special feature of Unix-like >> operating systems. >> >> DGRAM, unlike STREAM, does not know connection states. Therefore >> STREAM is comparable to a local TCP connection. Unix domain sockets >> exist in the file tree as special files. Access is controlled by >> file permissions, as is usual for files. > > Yup. It's helpful to see the column headers for your netstat output, > André: > >> Proto RefCnt Flags Type State I-Node >> PID/Program name Path unix 2 [ ] STREAM >> CONNECTED 167427210 27514/java unix 2 [ ] STREAM >> CONNECTED 167423436 27514/java > > Each "unix" protocol-connection (UNIX domain socket) has an associated > inode on the root filesystem, but no path. Basically, it's magic. :) > > The nice thing on *NIX is that even though there is a hand-wavy device > supporting NIO for Java, it doesn't consume pairs of ports (which are > a limited resource; see our recent discussion on the limits of TCP > port numbers). > > - -chris > >> Am Dienstag, den 31.03.2020, 14:29 +0200 schrieb André Warnier >> (tomcat/perl): >>> On 31.03.2020 14:20, Mark Thomas wrote: On 31/03/2020 11:20, Aditya Kumar wrote: > Tomcat 9.0.30 on Windows Server 2012 / Java 1.8 > > I've noticed on a freshly installed version of tomcat 9, > upon startup there are several connections to and from > localhost on different ports > > For example on my tomcat server there are 4 connections to > and from localhost (output from netstat) > > > TCP0.0.0.0:8080 0.0.0.0:0 > LISTENING 3972 > > TCP127.0.0.1:55618127.0.0.1:55619 > ESTABLISHED 3972 > > TCP127.0.0.1:55619127.0.0.1:55618 > ESTABLISHED 3972 > > TCP127.0.0.1:55620127.0.0.1:55621 > ESTABLISHED 3972 > > TCP127.0.0.1:55621127.0.0.1:55620 > ESTABLISHED 3972 > > TCP[::]:8080 [::]:0 > LISTENING 3972 > > These can grow to a large number (several thousand) on a > busy system. What are these connections used for? What caused > them? What thread are they attributed to? The Java NIO implementation on Windows uses TCP for intra-process signalling. It opens a pair of self-connected sockets for every Selector. Mark >>> >>> While we're at it, under Linux, are the following for a similar >>> reason ? >>> >>> output of : netstat -pan | grep 27514 (tomcat's JVM PID = >>> 27514) [...] unix 2 [ ] STREAM CONNECTED >>> 167427210 27514/java unix 2 [ ] STREAM >>> CONNECTED 167423436 27514/java >>> >>> >>> >>> - >>> >>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> - >> >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6DUP8ACgkQHPApP6U8 > pFgxiBAAkmLWWhwvrLW+RJ5j3ZKEu5cXQ0x3/zsMpFuP2GPok1lemXixa8T91lSO > eGg6W80DhVb76tDJl4Akt3L8ejN2XNgSxnHgGfEiCvTughYryAmHNXxze3ZMj4BQ > pvIO8hCc1nSlti71h6C2vEGYLnwkHyMulIolYaHP+SxKX7PSxXcfo4zD6vvpTvnO > U5Hrk7H8JjXCANrd8LsChN8w8AkWMUJpu/TUXFYy8bWEN9Ui7SdGqfa1t+pwnl8+ > JZqO1moBP9WcMA/XR1msWIbkA8B1r+ICWqlqcdGlvkXrHzkiALdqpxy0WiKAs1Tn > J+uPp0mAGpXRU3NGibr5NMtHLQ3Kl+X821yHYjF0XjqFwjLgvQNrmdYwblqFCUPB > 9sIVr6CuWAxPM61QZ9Bi9fT4MrIA6f8iSEa7BDJmUWhARPQMKn6fjIOMd8Cok882 > cGU1WT8O2SrtQV+y7wJbbq4aP4e6vRi/nSqI2hlSFdTBfD1Grj+t5JPHg35AafR4 > +6qum9rVF3AKf47UoJFrXG9smWLkUVVsJuZbdHLofmQEV0ovOMzAPx2GR9oSR2/M > sCxdUdqrhEW08wwYwIOV59vNa9pn/X/SOEre09yLH/GMV3H03CiQni616luWPrQt > 0BzFi4+8TPVzKCaq88ThyjJnEMuDU9RNeS7IHScHTXQa6rflB7E= > =q/Fd > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: OpenSSL config for Tomcat 7
Thank you " You want SSLCertificateChainFile for the intermediate and root CA certs" was the issue. The intermediate and root certs are now being pulled in. -John -Original Message- From: Mark Thomas Sent: Tuesday, March 3, 2020 2:01 AM To: users@tomcat.apache.org Subject: Re: OpenSSL config for Tomcat 7 On 02/03/2020 17:40, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco) wrote: > Below are the two connector configs I have tested with. > > port="8443" > scheme="https" > secure="true" > protocol="org.apache.coyote.http11.Http11AprProtocol" > SSLEnabled="true" > SSLCertificateFile="/auto/englearn-web/ssl_certificate/englearn.cer" > > SSLCertificateKeyFile="/auto/englearn-web/ssl_certificate/englearn.key" > SSLCACertificateFile="/auto/englearn-web/ssl_certificate/chain.cer" > (intermediate certs cat into pem format file) > SSLCACertificatePath="/auto/englearn-web/ssl_certificate/" > maxThreads="150" > clientAuth="false" > sslProtocol="TLSv1.2" > /> > > port="8443" > scheme="https" > secure="true" > protocol="org.apache.coyote.http11.Http11AprProtocol" > SSLEnabled="true" > SSLCertificateFile="/auto/englearn-web/ssl_certificate/chain.cer" > (server and intermediate certs cat into pem format file) > > SSLCertificateKeyFile="/auto/englearn-web/ssl_certificate/englearn.key" > maxThreads="150" > clientAuth="false" > sslProtocol="TLSv1.2" > /> > The configurations above are not consistent with your original post that quoted the correct configuration attributes. SSLCACertificateFile is for the certs you accept as issuers of client certificates. You want SSLCertificateChainFile for the intermediate and root CA certs. The version of Tomcat 7 you are using is coming up to 7 years old. The EOL for 7.0.x having just been announced for 31 March 2021 now might be a good time to think about upgrading to 9.x. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org