Issue on configuring Connection Pool and datasource in Tomcat 7.
Man this has been a while since I've reached out to this list, but here it
goes.
I am using Tomcat 7 on Windows 7 64x and trying to configure a datasource
(MySQL DB running on a 2nd box) to use. I am able to connect from my local
to the remote using the mysql command line, so I do know the database is
reachable. I have a vanilla server.xml and I'm putting the configuration
in the context.xml. I've written a class to initialize connection objects
from the datasource. After this configuration, I did something that I
never do and is bad form, but I wrote a jsp that used the sql jstl to do
a test to the database, and it worked, so I thought perfect, the JNDI
lookup must be correct. Once I switched it over to only be used by the
backend code, I get a SQLException being thrown that says:
DataSource invalid: java.sql.SQLException: No suitable driver found for
jdbc/dashboard
While I am not 100% convinced that I need the ResourceLink tag in the
context.xml, but it's been pointed out multiple times that it is needed.
Is there something that I am missing here? Any advice or help you could
provide would be greatly appreciated. I do think it's a configuration
issue, but I've been known to be wrong before.
Here is the snippet from my web.xml -
resource-ref
descriptionDB Connection/description
res-ref-namejdbc/dashboard/res-ref-name
res-typejavax.sql.DataSource/res-type
res-authContainer/res-auth
/resource-ref
Here is my context.xml -
ResourceLink type=javax.sql.DataSource name=jdbc/dashboard
global=jdbc/DB /
Resource name=jdbc/dashboard auth=Container
type=javax.sql.DataSource
maxActive=100 maxIdle=30 maxWait=1
username=p05jg password=testing
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://10.0.48.14:3306/dashboard
poolPreparedStatments=true
maxOpenPreparedStatements=200
removeAbandoned=true logAbandoned=true
removeAbaondonedTimeout=300/
Here is my method for connection initialization -
private static Logger logger =
LoggerFactory.getLogger(ConnectionInitializer.class); private static
final String dbName = jdbc/DB; private static final String envName =
java:/comp/env;
public static Connection initialize () {
Connection connect = null;
Context context;
try {
context = new InitialContext();
DataSource dataSource = (DataSource)context.lookup(dbName);
connect = dataSource.getConnection();
logger.debug(Connection returns schema: + connect.getSchema());
} catch (NamingException nEx) {
logger.error(initialize threw a NamingException: , nEx.getMessage());
nEx.printStackTrace();
return null;
} catch (SQLException sqlEx) {
logger.error(initialize threw a SQLException: , sqlEx.getMessage());
sqlEx.printStackTrace();
return null;
}
return connect;
}
I have also tried another method for returning a connection object (same
method, just modified)
public static Connection initialize () {
Connection connect = null;
Context initContext;
Context envContext;
try {
initContext = new InitialContext();
envContext = (Context)initContext.lookup(dbName);
DataSource dataSource = (DataSource)envContext.lookup(envName + / +
dbName);
connect = dataSource.getConnection();
logger.debug(Connection returns schema: + connect.getSchema());
} catch (NamingException nEx) {
logger.error(Uh-oh! - initializeConnection threw a NamingException: ,
nEx.getMessage());
logger.error({} not found!, dbName);
nEx.printStackTrace();
return null;
} catch (SQLException sqlEx) {
logger.error(Uh-oh - initializeConnection threw a SQLException: ,
sqlEx.getMessage());
sqlEx.printStackTrace();
return null;
}
return connect;
}
Re: Issue on configuring Connection Pool and datasource in Tomcat 7.
On Fri, Feb 21, 2014 at 9:59 AM, Mark Thomas ma...@apache.org wrote: On 21/02/2014 14:49, Josh Gooding wrote: Is there something that I am missing here? Where is the JAR containing your JDBC driver? Mark Mark, It's in the WEB-INF/lib directory with all of the other jars I have for this app. Should this be in the $CATALINA_HOME/lib folder? I to remember at one time that there was an issue with where that jar was put (but I'm not positive). Oh and the tomcat logs are clean as well, except when trying to access the webapp. Startup they are all good.
Re: Issue on configuring Connection Pool and datasource in Tomcat 7.
On Fri, Feb 21, 2014 at 11:21 AM, Mark Thomas ma...@apache.org wrote: On 21/02/2014 16:17, Josh Gooding wrote: On Fri, Feb 21, 2014 at 9:59 AM, Mark Thomas ma...@apache.org wrote: On 21/02/2014 14:49, Josh Gooding wrote: Is there something that I am missing here? Where is the JAR containing your JDBC driver? Mark Mark, It's in the WEB-INF/lib directory with all of the other jars I have for this app. Should this be in the $CATALINA_HOME/lib folder? I to remember at one time that there was an issue with where that jar was put (but I'm not positive). Oh and the tomcat logs are clean as well, except when trying to access the webapp. Startup they are all good. Yes, the JDBC driver needs to be in $CATALINA_[BASE|HOME]/lib. This requirement no longer exists for 8.0.x. Mark - Mark, I'm only using TC7, not 8 yet.
Scenario with Tomcat cluster session management
As usual, I am always working with Tomcat to tweak every ounce of oomph out of it and I ran across this scenario in my configuration trials. At present, I have a small 3 server tomcat cluster running 7.0.30 64-bit on CentOS, and jdk6. I want to move the project from having to use kill -9 (for session persistence) during an update and manual intervention, to automated parallel deployment's and war farming. From the testing I have done, if I use the manager to undeploy and then redeploy the context, it seems to call destroySession on all the sessions across the cluster, not just the node that is being worked on. Is this correct or am I missing something? Is there presently a way to undeploy a context WITHOUT tomcat destroying the sessions and not use kill -9? IMO, using kill -9 seems a bit hacky. - Josh
Re: tomcat7-maven-plugin
On Mon, Dec 17, 2012 at 8:13 AM, Josh Gooding josh.good...@gmail.comwrote: As far as this goes, there is definitely something strange going on, and I think it points to the SSL self signed cert. Can someone verify that the tomcat7 maven plugin works with self signed SSL? I have setup another TC7 server on a remote BSD VM with the absolute basic configuration. Since the first server has the manager application running on a self signed SSL certificate (not sure if I mentioned that before), I decided NOT to set it [SSL] up on the new machine, and it works as expected and can be reproduced on demand. I notice that when I script the command using curl, I have to pass it the -k option to get it to work. I am wondering if that might be the problem that I am seeing, just masked by the 401 error. I'm looking in the tomcat logs and I'm not seeing anything out of the ordinary though. Maybe that error is only returned by maven. Anyone? I solved the problem. It ended up being the self signed cert that I created. Little did I know that the CN had to match the domain name of the server. Had me running around for a few days figuring it out. The minute I changed the CN to do a partial match on the domain name (i.e. *.dev.texas.priv.[companyname].com) and imported everything, restarted tomcat, BLAM. It worked. On Thu, Dec 13, 2012 at 9:48 AM, Josh Gooding josh.good...@gmail.comwrote: On Thu, Dec 13, 2012 at 9:36 AM, Olivier Lamy ol...@apache.org wrote: 2012/12/13 Josh Gooding josh.good...@gmail.com: On Wed, Dec 12, 2012 at 6:05 PM, Olivier Lamy ol...@apache.org wrote: Good detailed description :-). Hey even I get it right once in a while... ;) I just wonder about the cli you are using ? cli as in command line interface? - Win 7, CentOS, and Ubuntu terminals, and yes I get my fair share of flack for not letting Eclipse just do it. Of course I'm a control freak when it comes to my code... :-) I mean mvn tomcat7:deploy or something else ? or you bind deploy to a lifecycle phase ? Oh I gotcha. tomcat7:deploy I didn't bind the deploy to the life-cycle phase yet. I want to get it working first. So let me form possibly some better questions here: 1 - Where does the plug in 2012/12/12 Josh Gooding josh.good...@gmail.com: I didn't want to come here to ask as I always hate to bother anyone, but maybe I should have come here first. I'm coming up short on answers and ideas. I'm having an issue with using maven and the tomcat7 plugin. Maven version -3.0.4 Tomcat version - 7.0.29 .jdk version - 1.6 tomcat7-maven-plugin version - 2.0 Hey group, I am having an issue here with using the tomcat7-maven-plugin in conjunction with the tomcat 7 manager. here's what I have so far. tomcat-users.xml - tomcat-users role rolename=manager-gui/ role rolename=manager-script/ role rolename=admin/ user username=localTomcatAdmin password=password roles=manager-gui,manager-script,admin/ /tomcat-users in my M2_HOME/conf/settings.xml: (note not in my .m2/ directory) (I'll get to this definition in a minute) pluginGroups pluginGrouporg.apache.tomcat.maven/pluginGroup /pluginGroups servers server idLocalTomcatServer/id usernamelocalTomcatAdmin/username passwordpassword/password /server /servers now for the last piece, in my pom-deploy.xml (parent) I have this: plugin groupIdorg.apache.tomcat.maven/groupId artifactIdtomcat7-maven-plugin/artifactId version2.0/version configuration serverLocalTomcatServer/server path/TripTixRX/path port8080/port /configuration /plugin I have verified that the manager works with the applied credentials, I can login and supply the credentials to my local /manager/html. The problem is that when I deploy through maven as mvn tomcat7:deploy and returns me the dreaded 401 - Unauthorized page with the same credentials. It's almost like maven is not parsing the configuration for the plugin maybe? At this point I don't know what to do. I've turned on verbose output in maven and it shows what appears that the plugin is attempting to upload the war file twice and returns the 401 page. I also have a question as to getting this to work initially. I added the pluginGrouporg.apache.tomcat.maven/pluginGroup to my conf/settings.xml to get the tomcat7 plugin to download and work, is this normal or should I not have to define it here? I mean having to change and version maven settings.xml files seems a bit counter intuitive for preserving maximum portability right, or am I looking at this from the wrong angle? Any information anyone can provide as to where to look or what could be causing this issue, I
Re: How to Enable SSL on Tomcat 7 on Linux Test using curl?
I just did this. I have the tomcat manager application running across SSL. Here's what I did On Mon, Dec 17, 2012 at 9:03 PM, James Dekker james.dek...@gmail.comwrote: James said... STUFF: (1) cd $CATALINA_HOME/conf (2) Create a certificate and store it in a new key store. keytool -genkey -alias tomcat -keyalg RSA -keystore .jks ./keytool 0genkey -alias [identifier] -keyalg RSA -keystore .keystore (3) Uncomment the SSL connector configuration in Tomcat's conf/server.xml, specifying your key store file and password. Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=./conf/keystore.jks keystorePass=mypassword / 3 is good. Note I used the .keystore file not .keystore.jks, but it should be all the same. (4) Export the certificate from the key store. keytool -exportcert -alias tomcat -file tomcat.crt -keystore keystore.jks When I tried to (which would have been Step # 5) import the certificate into the trust store. keytool -importcert -alias tomcat -file tomcat.crt -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts try this: $JAVA_JRE_HOME/bin/keytool -import -alias tomcat -file ~/tomcat.crt -keystore $JAVA_HOME/jre/lib/security/cacerts I get the following prompt for my password (after which I entered in mypassword): Enter keystore password: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect If you are using java's default cacerts truststore the password is not the .keystore password, it is changeit if you haven't tampered with it before. (I disregarded this step by the way because I found it on Google but not on the official Tomcat7-SSL-Howto documentation - please let me know if its necessary). restart tomcat at this point and it should work with curl -k option. I usually test the manager app by passing in the /list parameter and testing both SSL and un/pwd all in one. Tomcat's server output: INFO: Initializing ProtocolHandler [http-bio-8080] Dec 17, 2012 5:17:59 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8443] Dec 17, 2012 5:17:59 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] Dec 17, 2012 5:43:08 PM org.apache.catalina.startup.Catalina start Dec 17, 2012 5:43:08 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] Dec 17, 2012 5:43:08 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8443] Dec 17, 2012 5:43:08 PM org.apache.coyote.AbstractP INFO: Server startup in 9611 ms When I go to my bash shell and type this in: curl -X GET https://localhost:8443 I get the following error output: curl: (60) Peer certificate cannot be authenticated with known CA certificates More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a bundle of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Am I missing a step here? - Josh
Re: tomcat7-maven-plugin
As far as this goes, there is definitely something strange going on, and I think it points to the SSL self signed cert. Can someone verify that the tomcat7 maven plugin works with self signed SSL? I have setup another TC7 server on a remote BSD VM with the absolute basic configuration. Since the first server has the manager application running on a self signed SSL certificate (not sure if I mentioned that before), I decided NOT to set it [SSL] up on the new machine, and it works as expected and can be reproduced on demand. I notice that when I script the command using curl, I have to pass it the -k option to get it to work. I am wondering if that might be the problem that I am seeing, just masked by the 401 error. I'm looking in the tomcat logs and I'm not seeing anything out of the ordinary though. Maybe that error is only returned by maven. Anyone? On Thu, Dec 13, 2012 at 9:48 AM, Josh Gooding josh.good...@gmail.comwrote: On Thu, Dec 13, 2012 at 9:36 AM, Olivier Lamy ol...@apache.org wrote: 2012/12/13 Josh Gooding josh.good...@gmail.com: On Wed, Dec 12, 2012 at 6:05 PM, Olivier Lamy ol...@apache.org wrote: Good detailed description :-). Hey even I get it right once in a while... ;) I just wonder about the cli you are using ? cli as in command line interface? - Win 7, CentOS, and Ubuntu terminals, and yes I get my fair share of flack for not letting Eclipse just do it. Of course I'm a control freak when it comes to my code... :-) I mean mvn tomcat7:deploy or something else ? or you bind deploy to a lifecycle phase ? Oh I gotcha. tomcat7:deploy I didn't bind the deploy to the life-cycle phase yet. I want to get it working first. So let me form possibly some better questions here: 1 - Where does the plug in 2012/12/12 Josh Gooding josh.good...@gmail.com: I didn't want to come here to ask as I always hate to bother anyone, but maybe I should have come here first. I'm coming up short on answers and ideas. I'm having an issue with using maven and the tomcat7 plugin. Maven version -3.0.4 Tomcat version - 7.0.29 .jdk version - 1.6 tomcat7-maven-plugin version - 2.0 Hey group, I am having an issue here with using the tomcat7-maven-plugin in conjunction with the tomcat 7 manager. here's what I have so far. tomcat-users.xml - tomcat-users role rolename=manager-gui/ role rolename=manager-script/ role rolename=admin/ user username=localTomcatAdmin password=password roles=manager-gui,manager-script,admin/ /tomcat-users in my M2_HOME/conf/settings.xml: (note not in my .m2/ directory) (I'll get to this definition in a minute) pluginGroups pluginGrouporg.apache.tomcat.maven/pluginGroup /pluginGroups servers server idLocalTomcatServer/id usernamelocalTomcatAdmin/username passwordpassword/password /server /servers now for the last piece, in my pom-deploy.xml (parent) I have this: plugin groupIdorg.apache.tomcat.maven/groupId artifactIdtomcat7-maven-plugin/artifactId version2.0/version configuration serverLocalTomcatServer/server path/TripTixRX/path port8080/port /configuration /plugin I have verified that the manager works with the applied credentials, I can login and supply the credentials to my local /manager/html. The problem is that when I deploy through maven as mvn tomcat7:deploy and returns me the dreaded 401 - Unauthorized page with the same credentials. It's almost like maven is not parsing the configuration for the plugin maybe? At this point I don't know what to do. I've turned on verbose output in maven and it shows what appears that the plugin is attempting to upload the war file twice and returns the 401 page. I also have a question as to getting this to work initially. I added the pluginGrouporg.apache.tomcat.maven/pluginGroup to my conf/settings.xml to get the tomcat7 plugin to download and work, is this normal or should I not have to define it here? I mean having to change and version maven settings.xml files seems a bit counter intuitive for preserving maximum portability right, or am I looking at this from the wrong angle? Any information anyone can provide as to where to look or what could be causing this issue, I would be greatly appreciated. Warmest regards, - Josh -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http
Re: tomcat7-maven-plugin
On Wed, Dec 12, 2012 at 6:05 PM, Olivier Lamy ol...@apache.org wrote: Good detailed description :-). Hey even I get it right once in a while... ;) I just wonder about the cli you are using ? cli as in command line interface? - Win 7, CentOS, and Ubuntu terminals, and yes I get my fair share of flack for not letting Eclipse just do it. Of course I'm a control freak when it comes to my code... 2012/12/12 Josh Gooding josh.good...@gmail.com: I didn't want to come here to ask as I always hate to bother anyone, but maybe I should have come here first. I'm coming up short on answers and ideas. I'm having an issue with using maven and the tomcat7 plugin. Maven version -3.0.4 Tomcat version - 7.0.29 .jdk version - 1.6 tomcat7-maven-plugin version - 2.0 Hey group, I am having an issue here with using the tomcat7-maven-plugin in conjunction with the tomcat 7 manager. here's what I have so far. tomcat-users.xml - tomcat-users role rolename=manager-gui/ role rolename=manager-script/ role rolename=admin/ user username=localTomcatAdmin password=password roles=manager-gui,manager-script,admin/ /tomcat-users in my M2_HOME/conf/settings.xml: (note not in my .m2/ directory) (I'll get to this definition in a minute) pluginGroups pluginGrouporg.apache.tomcat.maven/pluginGroup /pluginGroups servers server idLocalTomcatServer/id usernamelocalTomcatAdmin/username passwordpassword/password /server /servers now for the last piece, in my pom-deploy.xml (parent) I have this: plugin groupIdorg.apache.tomcat.maven/groupId artifactIdtomcat7-maven-plugin/artifactId version2.0/version configuration serverLocalTomcatServer/server path/TripTixRX/path port8080/port /configuration /plugin I have verified that the manager works with the applied credentials, I can login and supply the credentials to my local /manager/html. The problem is that when I deploy through maven as mvn tomcat7:deploy and returns me the dreaded 401 - Unauthorized page with the same credentials. It's almost like maven is not parsing the configuration for the plugin maybe? At this point I don't know what to do. I've turned on verbose output in maven and it shows what appears that the plugin is attempting to upload the war file twice and returns the 401 page. I also have a question as to getting this to work initially. I added the pluginGrouporg.apache.tomcat.maven/pluginGroup to my conf/settings.xml to get the tomcat7 plugin to download and work, is this normal or should I not have to define it here? I mean having to change and version maven settings.xml files seems a bit counter intuitive for preserving maximum portability right, or am I looking at this from the wrong angle? Any information anyone can provide as to where to look or what could be causing this issue, I would be greatly appreciated. Warmest regards, - Josh -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat7-maven-plugin
On Thu, Dec 13, 2012 at 9:36 AM, Olivier Lamy ol...@apache.org wrote: 2012/12/13 Josh Gooding josh.good...@gmail.com: On Wed, Dec 12, 2012 at 6:05 PM, Olivier Lamy ol...@apache.org wrote: Good detailed description :-). Hey even I get it right once in a while... ;) I just wonder about the cli you are using ? cli as in command line interface? - Win 7, CentOS, and Ubuntu terminals, and yes I get my fair share of flack for not letting Eclipse just do it. Of course I'm a control freak when it comes to my code... :-) I mean mvn tomcat7:deploy or something else ? or you bind deploy to a lifecycle phase ? Oh I gotcha. tomcat7:deploy I didn't bind the deploy to the life-cycle phase yet. I want to get it working first. 2012/12/12 Josh Gooding josh.good...@gmail.com: I didn't want to come here to ask as I always hate to bother anyone, but maybe I should have come here first. I'm coming up short on answers and ideas. I'm having an issue with using maven and the tomcat7 plugin. Maven version -3.0.4 Tomcat version - 7.0.29 .jdk version - 1.6 tomcat7-maven-plugin version - 2.0 Hey group, I am having an issue here with using the tomcat7-maven-plugin in conjunction with the tomcat 7 manager. here's what I have so far. tomcat-users.xml - tomcat-users role rolename=manager-gui/ role rolename=manager-script/ role rolename=admin/ user username=localTomcatAdmin password=password roles=manager-gui,manager-script,admin/ /tomcat-users in my M2_HOME/conf/settings.xml: (note not in my .m2/ directory) (I'll get to this definition in a minute) pluginGroups pluginGrouporg.apache.tomcat.maven/pluginGroup /pluginGroups servers server idLocalTomcatServer/id usernamelocalTomcatAdmin/username passwordpassword/password /server /servers now for the last piece, in my pom-deploy.xml (parent) I have this: plugin groupIdorg.apache.tomcat.maven/groupId artifactIdtomcat7-maven-plugin/artifactId version2.0/version configuration serverLocalTomcatServer/server path/TripTixRX/path port8080/port /configuration /plugin I have verified that the manager works with the applied credentials, I can login and supply the credentials to my local /manager/html. The problem is that when I deploy through maven as mvn tomcat7:deploy and returns me the dreaded 401 - Unauthorized page with the same credentials. It's almost like maven is not parsing the configuration for the plugin maybe? At this point I don't know what to do. I've turned on verbose output in maven and it shows what appears that the plugin is attempting to upload the war file twice and returns the 401 page. I also have a question as to getting this to work initially. I added the pluginGrouporg.apache.tomcat.maven/pluginGroup to my conf/settings.xml to get the tomcat7 plugin to download and work, is this normal or should I not have to define it here? I mean having to change and version maven settings.xml files seems a bit counter intuitive for preserving maximum portability right, or am I looking at this from the wrong angle? Any information anyone can provide as to where to look or what could be causing this issue, I would be greatly appreciated. Warmest regards, - Josh -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat7-maven-plugin
I didn't want to come here to ask as I always hate to bother anyone, but maybe I should have come here first. I'm coming up short on answers and ideas. I'm having an issue with using maven and the tomcat7 plugin. Maven version -3.0.4 Tomcat version - 7.0.29 .jdk version - 1.6 tomcat7-maven-plugin version - 2.0 Hey group, I am having an issue here with using the tomcat7-maven-plugin in conjunction with the tomcat 7 manager. here's what I have so far. tomcat-users.xml - tomcat-users role rolename=manager-gui/ role rolename=manager-script/ role rolename=admin/ user username=localTomcatAdmin password=password roles=manager-gui,manager-script,admin/ /tomcat-users in my M2_HOME/conf/settings.xml: (note not in my .m2/ directory) (I'll get to this definition in a minute) pluginGroups pluginGrouporg.apache.tomcat.maven/pluginGroup /pluginGroups servers server idLocalTomcatServer/id usernamelocalTomcatAdmin/username passwordpassword/password /server /servers now for the last piece, in my pom-deploy.xml (parent) I have this: plugin groupIdorg.apache.tomcat.maven/groupId artifactIdtomcat7-maven-plugin/artifactId version2.0/version configuration serverLocalTomcatServer/server path/TripTixRX/path port8080/port /configuration /plugin I have verified that the manager works with the applied credentials, I can login and supply the credentials to my local /manager/html. The problem is that when I deploy through maven as mvn tomcat7:deploy and returns me the dreaded 401 - Unauthorized page with the same credentials. It's almost like maven is not parsing the configuration for the plugin maybe? At this point I don't know what to do. I've turned on verbose output in maven and it shows what appears that the plugin is attempting to upload the war file twice and returns the 401 page. I also have a question as to getting this to work initially. I added the pluginGrouporg.apache.tomcat.maven/pluginGroup to my conf/settings.xml to get the tomcat7 plugin to download and work, is this normal or should I not have to define it here? I mean having to change and version maven settings.xml files seems a bit counter intuitive for preserving maximum portability right, or am I looking at this from the wrong angle? Any information anyone can provide as to where to look or what could be causing this issue, I would be greatly appreciated. Warmest regards, - Josh
Re: Delete catalina.out
Chris, Yes I certainly agree with that. The init.d script should sudo -u tomcat the catalina.sh script. I believe that I have fixed all of them to correctly run as the tomcat user. - Josh On Mon, Nov 19, 2012 at 3:43 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 11/17/12 11:37 PM, Josh Gooding wrote: Moved this to the user list instead of the dev group. Hmmm strangely enough, I tried this on a CentOS system, I believe it forced me to be root over the tomcat user. It all depends upon the file permissions of catalina.out and the directory in which it resides. Deleting catalina.out certainly does not require root access in all cases, but I'm sure there are cases where root is required (e.g. because you are running Tomcat as root). I can re-check that shortly. I know it recreates the file catalina.out next time without any discourse, if I run the startup script as the tomcat user. :: update :: I figured out WHY it forced me to be root. Someone *(may or may not have been me) ran the /etc/init.d/tomcat start script as the root user, not as the tomcat user which I believe would cause this behavior. You should write your /etc/init.d scripts in such a way that they run under the proper user no matter who invokes them. For instance, if you want to run Tomcat as 'tomcat' then your init.d script should probably do sudo -u tomcat $CATALINA_BASE/bin/catalina.sh start or something to that effect. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCqmfEACgkQ9CaO5/Lv0PD8BgCgrexYyS13j84h9SJx4S2/eZl1 ZYUAn0N5SEsmWRJSuO8ezspEbYDl5+f0 =7zTN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Delete catalina.out
Chris, Moved this to the user list instead of the dev group. Hmmm strangely enough, I tried this on a CentOS system, I believe it forced me to be root over the tomcat user. I can re-check that shortly. I know it recreates the file catalina.out next time without any discourse, if I run the startup script as the tomcat user. :: update :: I figured out WHY it forced me to be root. Someone *(may or may not have been me) ran the /etc/init.d/tomcat start script as the root user, not as the tomcat user which I believe would cause this behavior. - Josh On Sat, Nov 17, 2012 at 8:13 PM, Christopher Schultz ch...@christopherschultz.net wrote: Josh, On 11/15/12 2:45 PM, Josh Gooding wrote: That is the tomcat default log file. Nothing server wise will happen if you delete if that is your concern. It just removes that particular log file. I believe that you have to either be root and/or have the server stopped to remove the file however. On a *NIX system, neither of the above statements are true: you may delete the file while a process holds a file handle to the file (the file will no longer be accessible to any other process -- at least under its old name) without harm. I'm not sure what will happen on win32. You'll either fail to delete the file or get the *NIX-style behavior. Once deleted, the file will be re-created when Tomcat next launches, as long as the Tomcat process has create privileges for the CATALINA_BASE/logs directory. -chris
Re: Tomcat 7.0.30 CMA, clustering, and SSO
Haha, Scott you're here too? On Thu, Oct 25, 2012 at 2:06 PM, Scott Carlson scott.a.carl...@gmail.comwrote: We've setup TC 7.0.32 with Clustering and Tomcat Container Managed Authentication. HTTPSessions and SSOSessions are clustered across the wire. With logging turned way up, I can see the synchronization and I can see the sessions in the Tomcat Manager. When I kill -9 one of the tomcats, I'm automatically swapped to the other leg, and I'm still logged in. So it works, unless I do a catalina.sh shutdown. In that case, the SSO session is expired from the other leg. The HTTPSession is still there, but because the SSO session is expired, I'm forced to login again. This doesn't seem correct. The DeltaSession looks at the notifyCluster parameter before sending a message to expire the HTTPSession, but the ClusterSingleSignOn valve has already sent its message to expire the SSO session by then. So the SSO is missing for the session. When shutting down, the stack trace looks like this (with some relevant parameters replaced in line) isExpireSessionsOnShutdown() == false ClusterSingleSignOn.deregister(SSOID) line: 274 ClusterSingleSignOn(SingleSignOn).sessionEvent(SessionEvent) line: 247 DeltaSession(StandardSession).fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null) line: 1752 DeltaSession(StandardSession).expire(true) line: 844 DeltaSession.expire(true, false) line: 462 DeltaManager.stopInternal() line: 967 DeltaManager(LifecycleBase).stop() line: 232 StandardContext.stopInternal() line: 5474 StandardContext(LifecycleBase).stop() line: 232 When doing a normal session invalidation (for logout), it ends up doing the same thing, which is correct. ClusterSingleSignOn.deregister(SSOID) line: 276 ClusterSingleSignOn(SingleSignOn).sessionEvent(SessionEvent) line: 247 DeltaSession(StandardSession).fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null) line: 1752 DeltaSession(StandardSession).expire(true) line: 844 DeltaSession.expire(true, true) line: 462 DeltaSession.expire(true) line: 444 DeltaSession(StandardSession).expire() line: 742 DeltaSession(StandardSession).invalidate() line: 1253 StandardSessionFacade.invalidate() line: 190 So I can't just change the DeltaSession to ignore that event. I can't just have expire not call the super, or the HTTPSessionListeners would not be called. I think this is a bug, but I don't see even a good fix for it. Ideas? If this does look like a bug, I can log an issue for it. Relevant server.xml here: Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.ha.authenticator.ClusterSingleSignOn / Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager / Channel className=org.apache.catalina.tribes.group.GroupChannel /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter= statistics=true / Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve / ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener / ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener / /Cluster /Host The context XML just has a JDBCRealm realm configuration.
Tomcat 7 manager quirk?
Hey group, I'm working with Tomcat 7's manager application for text deployments. I am having a bit of a quirky issue here. I am deploying a web application that is approx 75MB as a war file that uses Tomcat's ROOT context. Is there a way that I can get tomcat to NOT start auto-deploying immediately when the manager is invoked with a deploy / update command? Something like a check to see if the web application has fully uploaded? Is there currently a work around for this? When I run the command: curl -k --upload-file ROOT.war https://[manageruser]:[pwd]@[fqd name]:8443/manager/text/deploy?path=/ROOTwar=ROOT.warupdate=true, I get many different exceptions. If I go to push the webapp as a new application, I an riddled with multiple exceptions: SEVERE: Error starting static Resources java.lang.IllegalArgumentException: Invalid or unreadable WAR file : error in opening zip file at org.apache.naming.resources.WARDirContext.setDocBase(WARDirContext.java:141) SEVERE: Exception fixing docBase for context [] java.util.zip.ZipException: error in opening zip file at java.util.zip.ZipFile.open(Native Method) and of course how could I forget SEVERE: Error deploying web application archive /opt/apache-tomcat-7.0.30/webapps/ROOT.war java.lang.IllegalArgumentException: addChild: Child name '' is not unique. A simple restart fixes this... but that's really counter intuitive and very invasive. Obviously there is something that I am doing wrong, but I can't figure it out. What I see happening is that TC is getting the file, and instead of waiting for the entire file (the web app is 75MB), tries to immediately redeploy it. 1 - Is there a way to force tomcat to wait until the uploading of the application is complete? 2 - If so, how?
Re: Tomcat 7 manager quirk?
Igor, I figured it out. If you set the deployOnStartup attribute to true, but the autoDeploy attribute to false, the war files that are in the webapps folder at the time of startup will load. Then you can run the manager via script (command line). Simply pass the undeploy command to the manager to the context you want to remove and let it finish. It will remove the war and the application directory. Then I ran the command to deploy again via curl. This time it waited until the entire war was uploaded before it deployed it. It took me a while to figure out it was a combination of deployOnStartup and autoDeploy. Of course there was ZERO incling that this was the problem and I had to re-re-re-read the docs very carefully to figure this out. Finally decided to try a hunch and it actually paid off. It might be a good idea to add this to the wiki or some place with common trouble shooting problems. Just my $.02. - Josh On Fri, Oct 26, 2012 at 6:37 PM, Igor Cicimov icici...@gmail.com wrote: On 27/10/2012 5:27 AM, Josh Gooding josh.good...@gmail.com wrote: Hey group, I'm working with Tomcat 7's manager application for text deployments. I am having a bit of a quirky issue here. I am deploying a web application that is approx 75MB as a war file that uses Tomcat's ROOT context. Is there a way that I can get tomcat to NOT start auto-deploying immediately when the manager is invoked with a deploy / update command? Something like a check to see if the web application has fully uploaded? Is there currently a work around for this? When I run the command: curl -k --upload-file ROOT.war https://[manageruser]:[pwd]@[fqd name]:8443/manager/text/deploy?path=/ROOTwar=ROOT.warupdate=true, I get many different exceptions. I dont think its tomcat fault it is you telling it to deploy with the above command while the upload is still in progress. You should search for some kind of delay or timeout in curl or find other way of doing this. If I go to push the webapp as a new application, I an riddled with multiple exceptions: SEVERE: Error starting static Resources java.lang.IllegalArgumentException: Invalid or unreadable WAR file : error in opening zip file at org.apache.naming.resources.WARDirContext.setDocBase(WARDirContext.java:141) SEVERE: Exception fixing docBase for context [] java.util.zip.ZipException: error in opening zip file at java.util.zip.ZipFile.open(Native Method) and of course how could I forget SEVERE: Error deploying web application archive /opt/apache-tomcat-7.0.30/webapps/ROOT.war java.lang.IllegalArgumentException: addChild: Child name '' is not unique. A simple restart fixes this... but that's really counter intuitive and very invasive. Obviously there is something that I am doing wrong, but I can't figure it out. What I see happening is that TC is getting the file, and instead of waiting for the entire file (the web app is 75MB), tries to immediately redeploy it. 1 - Is there a way to force tomcat to wait until the uploading of the application is complete? 2 - If so, how?
Re: Question on realm configuration in TC 6 / 7
Daniel, I have deployed the context.xml to the META-INF location per web application, in the server.xml files I have set the copyXML attribute on the Host declaration to true. I do not configure context's anywhere but there. - Josh On Mon, Oct 1, 2012 at 10:46 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 9/29/12 5:41 PM, Josh Gooding wrote: It seems that I have run into something that seems a bit strange. I have configured 4 separate web applications to each have their own context.xml files. I have also configured one of the web applications to have a realm. It seems to me, when you configure a realm, tomcat forces you to put what ever jdbc driver jar that you need, to be put into the $CATALINA_HOME/lib directory? If this is not how it works, then I'm missing some piece of configuration knowledge. If it is, isn't it a bit counter intuitive in keeping each individual applications jars in the context's own WEB-INF/lib folder? That has been my experience when configuring the Realm from within the Context. IMO, the context should have its resources resolved using the WebappClassLoader for that context, but there is a bit of a chicken-in-an-egg situation with reading the context deployment descriptor which can configure the ClassLoaders. I'm curious about how this is supposed to work. This is a situation not covered by the servlet spec, so how it is supposed to work is whatever the Tomcat devs decide, and can change over time. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBprLYACgkQ9CaO5/Lv0PBUoACfd7MJv91JugFAXPbg405GgHAf oEQAoJjV1t4bRcCmj6wUzh2oJAvVZDtf =Mi5d -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question on realm configuration in TC 6 / 7
It seems that I have run into something that seems a bit strange. I have configured 4 separate web applications to each have their own context.xml files. I have also configured one of the web applications to have a realm. It seems to me, when you configure a realm, tomcat forces you to put what ever jdbc driver jar that you need, to be put into the $CATALINA_HOME/lib directory? If this is not how it works, then I'm missing some piece of configuration knowledge. If it is, isn't it a bit counter intuitive in keeping each individual applications jars in the context's own WEB-INF/lib folder? I'm curious about how this is supposed to work. - Josh
Tomcat 5.5 context.xml question.
Wow, has it really been that long since I've asked questions here? On to the meat and potatoes... I have a tomcat 5.5.23 installation here that I am trying to do some changes too and I am a bit lost.. Let me try to explain what I want to do. The application has both a context defined in the server.xml and in the context.xml file in the META-INF directory. I've currently removed the context in the server.xml and moved it into it's own context.xml file. I have removed all context references in the server.xml so it looks like this now minus the server name for obvious reasons: Server port=8005 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ /GlobalNamingResources Service name=Catalina Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Engine name=Catalina defaultHost=server.com debug=0 Host name=server.com debug=0 appBase=webapps deployOnStartup=true unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false / /Engine /Service /Server It's pretty simple and elegant. Not hard to follow. So in my project, I've created a META-INF/context.xml file with the following declaration: Context Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://dbreader/.. connectionName=emr_jsp connectionPassword=. userTable=TomcatUsers userNameCol=UserID userCredCol=Password userRoleTable=TomcatUserRoles roleNameCol=RoleID digest=MD5/ Manager className=org.apache.catalina.session.PersistentManager saveOnRestart=true distributable=true Store className=org.apache.catalina.session.FileStore directory=/tmp/tc_sessions// /Manager /Context again, not hard to follow. this project is packaged up in the WebEMR.war and resides under the $CATALINA_HOME/webapps/billing-1.0.4 directory I have deleted everything under the $CATALINA_HOME/work directory and also the $CATALINA_HOME/conf/[Engine] directory. The war successfully builds, and I had it deploys with the server.xml configuration below, when the contexts are defined within it. According to the docs, your supposed to remove the path= and docBase= attributes from the new context declaration within the context.xml file, so I have done that. When I start up tomcat, nothing outputs to catalina.out, so I attached log4j to the server and I get this little gem of a message: DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]] org.apache.catalina.startup.HostConfig - Checking context[/billing-1.0.4] redeploy resource /opt/tomcat/webapps/billing-1.0.4/META-INF/context.xml. There's something missing there it appears that the WebEMR.war is not being deployed and it is looking for the files at the billing-1.0.4 directory. I've got to be missing something, but for the life of me I cannot figure out what it is. Can someone give me some insight please? This is the working server.xml file. With this one, the WebEMR.war is sitting in $CATALINA_HOME/webapps/billing-1.0.4/. It deploys out to $CATALINA_HOME/webapps/1.0.4 Server port=8005 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ /GlobalNamingResources Service name=Catalina Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Engine name=Catalina defaultHost=server.com debug=0 Host name=server.com debug=0 appBase=webapps
Re: Tomcat 5.5 context.xml question.
Yeah you see what I'm given to work with. The sever.xml will be cleaned up, but i'm trying to get this fixed to upgrade to 6.0.35 or 7. So let me ask this, given that billing-1.0.4 is a branch that contains 4 war files. Am I able to deploy say billing-1.0.5 on the fly without having to restart tomcat from a CI server like hudson? If I have hudson (as the TC user) make a new directory in tomcat's webapps folder while it was still running and push the 4 wars? The current solution they have, they have locked a single branch to each tomcat server (dumb dumb dumb) and I'm trying to give them access to EVERY development server they have for multiple branches. So I want to have webapps/billing-1.0.4/WebEMR.war, foo.war, bar.war, thing.war. Then also have billing-1.0.5/WebEMR.war, foo.war, etc. It just has to be dynamic enough to not need restarted everytime I need to add a new branch to the server. I want it to be localhost:8080/billing-1.0.4/WebEMR, to locahost:8080/billing-x.n.y/WebEMR According to your configuration (the appBase attribute of Host), every subdirectory and every war file in the $CATALINA_HOME/webapps/ is a web application. So billing-1.0.4 is a web application and WebEMR.war is just a static resource in it, that you can download via http://localhost:8080/billing-1.0.4/WebEMR.warhttp://localhost:8080/billing-1.0.4/WebEMR.war If you want the application to be exposed as .http://localhost:8080/1.0.4/ http://localhost:8080/1.0.4/, rename the war to the same name as the path you are looking for (1.0.4) and place it directly into webapps directory. That would be $CATALINA_HOME/webapps/1.0.4. war Tomcat will autodeploy it (which involves unpacking it into $CATALINA_HOME/webapps/1.0.4). Best regards, Konstantin Kolinko On Fri, Aug 24, 2012 at 2:58 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2012/8/24 Josh Gooding josh.good...@gmail.com: Server port=8005 shutdown=SHUTDOWN debug=0 All those debug= attributes... - Tomcat 5.5 does not support them. See Configuration Reference chapters of documentation, where these attributes are not mentioned. (Well, nothing fatal - they will be just silently ignored). GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Sample value? /GlobalNamingResources Service name=Catalina Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Do you need both connectors? Engine name=Catalina defaultHost=server.com debug=0 Host name=server.com debug=0 appBase=webapps deployOnStartup=true unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false / /Engine /Service /Server It's pretty simple and elegant. Not hard to follow. So in my project, I've created a META-INF/context.xml file with the following declaration: Context Realm className=org.apache.catalina.realm.JDBCRealm It'd be better to use DataSourceRealm instead of JDBCRealm. ... /Context again, not hard to follow. this project is packaged up in the WebEMR.war and resides under the $CATALINA_HOME/webapps/billing-1.0.4 directory According to your configuration (the appBase attribute of Host), every subdirectory and every war file in the $CATALINA_HOME/webapps/ is a web application. So billing-1.0.4 is a web application and WebEMR.war is just a static resource in it, that you can download via http://localhost:8080/billing-1.0.4/WebEMR.war If you want the application to be exposed as http://localhost:8080/1.0.4/, rename the war to the same name as the path you are looking for (1.0.4) and place it directly into webapps directory. That would be $CATALINA_HOME/webapps/1.0.4.war Tomcat will autodeploy it (which involves unpacking it into $CATALINA_HOME/webapps/1.0.4). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5 context.xml question.
Mark, Konstantin, thank you very much. As usual I highly appreciate it. On Fri, Aug 24, 2012 at 4:05 PM, Mark Thomas ma...@apache.org wrote: On 24/08/2012 20:53, Josh Gooding wrote: Yeah you see what I'm given to work with. The sever.xml will be cleaned up, but i'm trying to get this fixed to upgrade to 6.0.35 or 7. So let me ask this, given that billing-1.0.4 is a branch that contains 4 war files. Am I able to deploy say billing-1.0.5 on the fly without having to restart tomcat from a CI server like hudson? If I have hudson (as the TC user) make a new directory in tomcat's webapps folder while it was still running and push the 4 wars? The current solution they have, they have locked a single branch to each tomcat server (dumb dumb dumb) and I'm trying to give them access to EVERY development server they have for multiple branches. So I want to have webapps/billing-1.0.4/WebEMR.war, foo.war, bar.war, thing.war. Then also have billing-1.0.5/WebEMR.war, foo.war, etc. It just has to be dynamic enough to not need restarted everytime I need to add a new branch to the server. I want it to be localhost:8080/billing-1.0.4/WebEMR, to locahost:8080/billing-x.n.y/WebEMR Rename the WAR to billing-x.n.y#WebEMR.war and place it directly in the webapps directory. Providing autoDeploy is enabled (it is by default) it should just work. See http://tomcat.apache.org/tomcat-5.5-doc/config/context.html#Introduction for why this works. (Search for #) Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JMX enabled - not able to monitor connection pooling
Using: Toncat 6.0.35 AND 7.0.latest in a Win32 Environment. My JMX params are as follows: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=6969 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false This is only on my dev box, so I am no so much worried about security at this point, I just want to get it working for now, I'll work on the security as the next piece, where I move it over to SSL and having authentication for a production box. In TC7, I have enabled JMX, and in Hyperic I'm able to monitor the extras except the one thing I need to. I also checked in JConsole, just to make sure it wasn't an initial id10t error. I want to be able to monitor the connection pool. Is there an option that I have to enable to be able to monitor connection pooling in Tomcat via JMX and Hyperic? I checked the Hyp. forums to no real avail. This user group seems to be better with information so I just wanted to see if anyone else out there is using Hyperic, monitoring CP's, and what they did to get it working. As always thanks in advance. Warmest Regards, Josh
unable to set MaxPermSize past 128MB
Hey one more wild question for this sunday evening (I hope) I just upgraded to 6.0.35 running on Win2K3 32 bit platform. I used the Win installer. I tried setting the Initial Pool to 512MB and the MaxPool to 1536MB of ram, however when I pass in the -XX:MaxPermSize:256m in the config - Java - Java Options section, Tomcat appears to start in the services, but the monitor shows that the service is not started. Also in the log: 2012-02-05 21:08:40 Commons Daemon procrun stdout initialized Error occurred during initialization of VM - Could not reserve enough space for object heap However when I bring the MaxPermSize down to 128m, It initializes just fine. Obviously I'm missing something here. Any insight? I'd like to increase the MPS parameter to either 256 or 368m. Thanks in advance as always! - Josh
Re: unable to set MaxPermSize past 128MB
your kidding me right? Why is tweaking the JVM for this so hard? On Sun, Feb 5, 2012 at 11:19 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: David Dabbs [mailto:dmda...@gmail.com] Subject: RE: unable to set MaxPermSize past 128MB I just upgraded to 6.0.35 running on Win2K3 32 bit platform. I believe you need to specify -XX:MaxPermSize=256m and not -XX:MaxPermSize:256m Even when the OP gets the syntax right, it's extremely unlikely that the stated combination of heap and PermGen size will be available on a 32-bit Windows platform. The sum of -Xmx and MaxPermSize, plus code, stacks, non-Java heap, etc., must all fit within the virtual space of the process, which is normally 2 MB. The values will have to be experimented with to find exactly what will work and what won't. The total available space will also vary with the exact JVM version and sometimes even which patches have been applied to Windows. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: unable to set MaxPermSize past 128MB
well because this is for an 15K member organization, and that is a MAJOR change. I'm in charge of the web project, not the hardware, and as much as I've fought that battle, the best I've gotten was virtualization still on a 32-bit OS. I ordered 2 new 2K8 64b systems (still virtualized :: stroke ::) but they should take care of all the users. If I had my way it'd be different, but you know how corporate world is. Just like the military hurry up and wait. :) I DID manage to get everything running mostly optimally. Here's what I did: in the environment variables I set JAVA_OPTS = -XX:MaxPermSize=256m -Xms=256M -Xmx=1536M. Now Tomcat runs FAST and with about 3000 users, it's still blazing along using about 150MB on each of the 4 boxes. Much better than 500MB per box, with 1500 users. If it needs more ram, I change the variables and bounce the TC Server. No biggie. Thanks again Charles! - Josh On Sun, Feb 5, 2012 at 11:37 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: unable to set MaxPermSize past 128MB your kidding me right? Why is tweaking the JVM for this so hard? Why are you still running on ancient hardware and software? Use a 64-bit OS and a 64-bit JVM and you don't have to be concerned with the inherent limits of 32-bit environments. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Upgrading Tomcat need some info
Konstantin - 1. Have you seen the following page? http://tomcat.apache.org/migration.htmlhttp://tomcat.apache.org/migration.html I'm getting there, I'm still perusing the change logs to see what the major differences in between 5.5 and 6 are and from 6 to 7. The application was written in 1.6. Despite the fact that we are a bleeding edge facility, I'd still have to test and try out TC7 pretty heavily to give it my ok. 2. A bad idea. The recommended way is to start from default configuration and port necessary changes from older version (reading the docs in the process). 3. ConnectionPool comes from Apache Commons Pool + Apache Commons DBCP projects. Tomcat 7 comes with two pool implementation. One is DBCP one (default). Another is newer one, Tomcat JDBC pool. Its documentation is included into Tomcat User's guide. If you are satisfied with the old one, there is no need to change. Anyway each connection pool instance can be configured to use different pool implementation independently. (Or a 3rd party pool implementation). I've put 6.0.35 on a staging server and I'll be running the feeds I get in tandem through it to see if I get any memory improvement over the 5.5 server. So as I am thumbing through thr old 5.5 server.xml file I notice something that i've not encountered with 6.x yet. in the Connector declaration, there is a ciphers attribute as well as a compression one. Do these carry over to 6.x?
Upgrading Tomcat need some info
Hey group, I've been tasked here at work to upgrade Tomcat from 5.5 to 6.0 since I'm the Tomcat guru here. Does anyone know, if I take the 5.5 configuration (server and context.xml) and drop them into 6.0, will the 6.0 server start or are there things that have to be changed over? Also were there any ConnectionPool changes between v6 and 7? IIRC there were some changes but darned if I can remember the specifics. Is there a place that I can go to look through the changes? I implemented TC6 with 7's connection pool a few years back, and I cannot remember the reason why or if there were improvements.Any information would be greatly appreciated! - Josh
Grabbing the user's info
Hey guys, Question. I'm developing an application that resides on a network. I wondered if (and how) there was a way to use the users network authentication as a valid authentication into this application? - Josh
Login page not showing up with configured realm.
ok, I swore I wasn't going to bother you guys again on the weekend, but I am running into a little quirk here. I'm running 6.0.29. Here is my webapp's context.xml: ?xml version='1.0' encoding='utf-8'? Context WatchedResourceWEB-INF/web.xml/WatchedResource Resource name=jdbc/RealmDB auth=Container type=javax.sql.DataSource username=root password=password driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/gamedatabase maxActive=-1 maxIdle=5 maxWait=5000 removeAbandoned=true removeAbandonedTimeout=60 testWhileIdle=true timeBetweenEvictionRunsMillis=18/ Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/RealmDB localDataSource=true digest=MD5 userTable=users userNameCol=users_name userCredCol=password userRoleTable=tcrole roleNameCol=role_name / /Context My Database credentials are fine. When I do a select * from users where user_name=JGooding I get the proper things back Here is my web.xml file: ?xml version=1.0 encoding=ISO-8859-1? web-app display-nameMMO/display-name descriptionMMO Testing/description resource-ref res-typejavax.sql.DataSource/res-type res-ref-namejdbc/RealmDB/res-ref-name res-authContainer/res-auth /resource-ref error-page error-code403/error-code location/error/403.jsp/location /error-page error-page error-code404/error-code location/error/404.jsp/location /error-page session-config session-timeout480/session-timeout /session-config welcome-file-list welcome-fileMain.jsp/welcome-file /welcome-file-list !--Constraints to control access to an entire namespace of urls-- security-constraint!--/admin/* limits access to those in admin role.-- web-resource-collection web-resource-nameMMO/web-resource-name url-pattern/admin/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint /security-constraint security-constraint!--/Private/* completely blocks access except by the webserver itself.-- web-resource-collection web-resource-nameMMO/web-resource-name url-pattern/private/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint !--Constraints to limit access to individual urls which are not limited by any namespace in their url-- security-constraint!--/Main.jsp requires login, but then is available to everybody who can login.-- web-resource-collection web-resource-nameMMO/web-resource-name url-pattern/Main.jsp/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nameadmin/role-name role-nameplayer/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameMMO/realm-name form-login-config form-login-page/private/Login.jsp/form-login-page form-error-page/private/Login.jsp/form-error-page /form-login-config /login-config /web-app My Main.jsp is in the root directory of the webapps/[my proj] folder and the Login.jsp is in /webapps/[my proj]/private. So now for the issues. When I login with j_security_check, I get no errors, so as much as I hate making assumptions, I'm going to assume that nothing is wrong with the realm. However what's happening is that when I login, it's just reverting back to the login page. I checked the catalina.out and localhost.[current day] logs and I'm not getting an errors. Any ideas on what could cause this? It's been forever and a day since I set up my last realm. Warmest regards, - Josh
Question on Realm Configuration
Hey guys it's been a while here, but I have some questions on a realm configuration I'm working on. I'm running 6.0.29 and I have setup a realm in my context.xml file as follows: ?xml version='1.0' encoding='utf-8'? Context WatchedResourceWEB-INF/web.xml/WatchedResource Resource name=jdbc/RealmDB auth=Container type=javax.sql.DataSource username=root password=password driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/gamedatabase maxActive=-1 maxIdle=5 maxWait=5000 removeAbandoned=true removeAbandonedTimeout=60 testWhileIdle=true timeBetweenEvictionRunsMillis=18/ Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/RealmDB localDataSource=true digest=MD5 userTable=users userNameCol=users_name userCredCol=password userRoleTable=tcrole roleNameCol=role_name / /Context so everything appears to be configured correctly in the context.xml file. I checked my DB credentials and they are correct as well. I am running a tail -f on the localhost.log file so I can see what is happening, and when I input my credentials and check the log, it says it cannot find password for user JGooding. I am using j_security_check to login. Is there something I am missing? If I remember right, the realm doesn't have to be defined in the server.xml if it is defined in the context.xml. The server is only for global realm (which I do not want). Any help would be greatly appreciated - Josh
Re: Question on Realm Configuration
Ah, thank you Konstantin and Charles, you pointed out something that I didn't have to worry about on a Win based machine. The conf/Catalina/localhost/myappname.xml file was not in sync with the webapps/myapp/META-INF/context.xml file. As soon as I updated the file in the /conf/Catalina... directory, and logged in, the error seemed to have gone by the wayside. Just a few things to get right et, and I should be good to go. Thanks again guys, and sorry to bother everyone on a Saturday. Warmest Regards, Josh On Sat, Feb 26, 2011 at 2:28 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Question on Realm Configuration I'm running 6.0.29 and I have setup a realm in my context.xml file as follows: Exactly which context.xml file? Where is it located? If it's in the webapp's META-INF/context.xml file, and you're not redeploying the webapp properly, it could be getting overridden by a copy of it in conf/Catalina/[host]/[appName].xml, which might not be up to date. If instead you've updated conf/context.xml, you've made an error. Put the Context element where it belongs, not in the global location. when I input my credentials and check the log, it says it cannot find password for user JGooding. Show us the exact log entries, please. If I remember right, the realm doesn't have to be defined in the server.xml if it is defined in the context.xml. Correct; and you've got the localDataSource set, which is what's usually missed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Quick Questions on some Tomcat settings
thank you thank you thank you! I cannot thank you all enough! On Wed, Jan 5, 2011 at 9:53 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: Quick Questions on some Tomcat settings I have: Engine name=Catalina defaultHost=proj-name/ and a Host defined as: Host name=proj-name appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Aliasproj-name/Alias /Host I suggest you undo all that, and put server.xml back the way it was. What you've done is not really useful. should the appBase be defined as: /webapps/proj-name folder? Absolutely not. What you actually need to do is stop Tomcat, restore server.xml, delete Tomcat's ROOT directory, rename webapps/proj-name to webapps/ROOT (case matters), and restart Tomcat. That will make your webapp the default one. (If you want to keep Tomcat's home page for some reason, just rename the original ROOT directory to something else rather than deleting it.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Quick Questions on some Tomcat settings
Hey guys and gals, it's been a while, but I have a question for you. I am setting up a new Tomcat 6.0.29 installation that is for project management software. Here's the scenario. On this server we are currently running Apache 2.2 for our companies wiki on port 80. This is bound to a specific IP address and we can navigate to 'Wiki' in the address of the web browser and viola, it appears. With that in mind, can I: Have tomcat serve on port 80 (bound to a different IP address than the Apache 2.2 installation) on the same machine, and when 'this-name' is entered into the web browser, it will serve it? I am aware that I can forward the tomcat serving through the httpd server, but I am not willing to (unless it's the only way to do so.) Would this be in the virtual hosting section of the documentation by chance? Thanks in advance for any and all information! Josh
Re: Quick Questions on some Tomcat settings
EXCELLENT! Almost there now! Just one more thing. I have it serving to http://proj-name and it is coming up with the tomcat default page. I have to be missing something. I have: Engine name=Catalina defaultHost=proj-name/ and a Host defined as: Host name=proj-name appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Aliasproj-name/Alias /Host should the appBase be defined as: /webapps/proj-name folder? - Thank you all for partially jump starting my brain. On Wed, Jan 5, 2011 at 4:27 PM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: Hey guys and gals, it's been a while, but I have a question for you. I am setting up a new Tomcat 6.0.29 installation that is for project management software. Here's the scenario. On this server we are currently running Apache 2.2 for our companies wiki on port 80. This is bound to a specific IP address and we can navigate to 'Wiki' in the address of the web browser and viola, it appears. With that in mind, can I: Have tomcat serve on port 80 (bound to a different IP address than the Apache 2.2 installation) on the same machine, and when 'this-name' is entered into the web browser, it will serve it? Yes, provided : - the browser, through a query for this-name to its name resolution mechanism (usually DNS), obtains an IP address which actually corresponds to an interface on the server - and the tomcat on that server is actually listening on that IP address As a general proviso, you cannot have two processes on the same host which open the same listening port on the same IP address. I am aware that I can forward the tomcat serving through the httpd server, but I am not willing to (unless it's the only way to do so.) Would this be in the virtual hosting section of the documentation by chance? No, because it has essentially nothing to do with virtual hosts in the HTTP sense. But explaining that would take us much further than needed to answer your question above and would be quite Off-Topic for this list.(*) The scheme you propose above is more similar to the case where you would actually have two separate physical hosts, one running httpd and the other running tomcat. Each would have its own separate IP address, and name. You are just bringing them together into one machine, and setting up two network interfaces on that one machine. (*) read here for more details : http://httpd.apache.org/docs/2.2/vhosts/ (The name-based part) EXCELLENT! Almost there now! Just one more thing. I have it serving to http://proj-name and it is coming up with the tomcat default page. I have to be missing something. I have: Engine name=Catalina defaultHost=proj-name/ and a Host defined as: Host name=proj-name appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Aliasproj-name/Alias /Host should the appBase be defined as: /webapps/proj-name folder? - Thank you all for partially jump starting my brain.
Re: Quick Questions on some Tomcat settings
and sorry for the double posting... I have no idea what happened there. On Wed, Jan 5, 2011 at 8:43 PM, Josh Gooding josh.good...@gmail.com wrote: EXCELLENT! Almost there now! Just one more thing. I have it serving to http://proj-name and it is coming up with the tomcat default page. I have to be missing something. I have: Engine name=Catalina defaultHost=proj-name/ and a Host defined as: Host name=proj-name appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Aliasproj-name/Alias /Host should the appBase be defined as: /webapps/proj-name folder? - Thank you all for partially jump starting my brain. On Wed, Jan 5, 2011 at 4:27 PM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: Hey guys and gals, it's been a while, but I have a question for you. I am setting up a new Tomcat 6.0.29 installation that is for project management software. Here's the scenario. On this server we are currently running Apache 2.2 for our companies wiki on port 80. This is bound to a specific IP address and we can navigate to 'Wiki' in the address of the web browser and viola, it appears. With that in mind, can I: Have tomcat serve on port 80 (bound to a different IP address than the Apache 2.2 installation) on the same machine, and when 'this-name' is entered into the web browser, it will serve it? Yes, provided : - the browser, through a query for this-name to its name resolution mechanism (usually DNS), obtains an IP address which actually corresponds to an interface on the server - and the tomcat on that server is actually listening on that IP address As a general proviso, you cannot have two processes on the same host which open the same listening port on the same IP address. I am aware that I can forward the tomcat serving through the httpd server, but I am not willing to (unless it's the only way to do so.) Would this be in the virtual hosting section of the documentation by chance? No, because it has essentially nothing to do with virtual hosts in the HTTP sense. But explaining that would take us much further than needed to answer your question above and would be quite Off-Topic for this list.(*) The scheme you propose above is more similar to the case where you would actually have two separate physical hosts, one running httpd and the other running tomcat. Each would have its own separate IP address, and name. You are just bringing them together into one machine, and setting up two network interfaces on that one machine. (*) read here for more details : http://httpd.apache.org/docs/2.2/vhosts/ (The name-based part) EXCELLENT! Almost there now! Just one more thing. I have it serving to http://proj-name and it is coming up with the tomcat default page. I have to be missing something. I have: Engine name=Catalina defaultHost=proj-name/ and a Host defined as: Host name=proj-name appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Aliasproj-name/Alias /Host should the appBase be defined as: /webapps/proj-name folder? - Thank you all for partially jump starting my brain.
apr.apache.org problems?
Hey can someone verify if http://apr.apache.org links on the windows sources got changed to something dealing with www.gossipcheck.com/mirrors/apache ?? Something strange happened there. - Josh
Re: Struts 2 help with Tomcat 6
Just one more thing on this. Do you have to download the Javaassist jar separately? I've d/l'd both the libs and the all package, but it is in neither. Does anyone have it to spare by chance for version 2.2.1? On Tue, Oct 19, 2010 at 8:25 AM, Josh Gooding josh.good...@gmail.comwrote: Rock on, Thanks Jason! That was exactly what I was looking for. I was looking under the Apache struts 2 site, and looking through their getting started section, but was not finding this. You the man. - J On Mon, Oct 18, 2010 at 10:41 PM, Jason Britton jbritto...@gmail.comwrote: This gives a little more detail than whatever you're currently looking at http://struts.apache.org/2.2.1/docs/create-struts-2-web-application-with-artifacts-in-web-inf-lib-and-use-ant-to-build-the-application.html On Mon, Oct 18, 2010 at 7:07 PM, Josh Gooding josh.good...@gmail.com wrote: Hello all, I'm trying to get Struts 2.2.1 working with Tomcat 6.0.29. I'm a total newbie to struts. Apache's documentation says copy the struts.jar file into the /lib directory. Since Struts 2.2.1 has no struts.jar file, does anyone happen to know which file(s) is/are supposed to be moved to get Struts 2 to work? Thanks in advance - Josh
Struts 2 help with Tomcat 6
Hello all, I'm trying to get Struts 2.2.1 working with Tomcat 6.0.29. I'm a total newbie to struts. Apache's documentation says copy the struts.jar file into the /lib directory. Since Struts 2.2.1 has no struts.jar file, does anyone happen to know which file(s) is/are supposed to be moved to get Struts 2 to work? Thanks in advance - Josh
Re: Glassfish overriding Tomcat 6.0.24 installation?
Thanks David, I did that and it seemed to work. :: thumbs up :: - Josh On Thu, May 27, 2010 at 2:02 PM, David Smith david.sm...@cornell.eduwrote: On 5/27/2010 1:44 PM, Josh Gooding wrote: Hey guys (and gals). Interesting enough, I installed the Jave EE 5 JDK for windows. I then installed Tomcat 6.0.24, when I navigate to htp://localhost:8080 (which should be the default of Tomcat) I am getting the glassfish junk. How can I remove the glassfish? I don't believe that there is an option to not install glassfish. Any help would be greatly appreciated. - Josh Drop Java EE 5 and install a current version of the java SDK. --David - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Glassfish overriding Tomcat 6.0.24 installation?
Hey guys (and gals). Interesting enough, I installed the Jave EE 5 JDK for windows. I then installed Tomcat 6.0.24, when I navigate to htp://localhost:8080 (which should be the default of Tomcat) I am getting the glassfish junk. How can I remove the glassfish? I don't believe that there is an option to not install glassfish. Any help would be greatly appreciated. - Josh
Re: [OT] ConnectionPool question
Chris, I AM going to use Elli's suggestion. It's going to take some time, but I don't have to worry, once it's done, it'll be done correctly. Not only did I get yelled at for having the audacity to write up procedures for the developers on my team (assuming I ever get a another team), but I told my company that the procedures I wrote up needed to be used on ALL dev teams. I thought 99% of it was common sense, but I guess not. On Tue, Nov 10, 2009 at 3:40 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 11/10/2009 9:18 AM, Josh Gooding wrote: the reason there are multiple recycleConnection methods is because if a RS is passed to the front presentation layer, I have to have a way to close it, I have to be able to get the statement and connection somehow, and I don't want that in my code. I was assuming that you were going to use Elli's suggestion to use a ThreadLocal to capture any allocated Connection objects, and just close everything at the end of the request processing. If you're going to do that, you can be lazy about it and just always close everything. From everything that everyone here has said, to semi fix this right: 1 - Each method that calls the DB for a RS needs to get it's own connection and close the resources itself (keeping it in the same scope) This is, of course, recommended technique. 2 - The CP wrapper that is here, CAN be used, but could end up causing more problems in the long run. Well, yes and no. Yes in the sense that you shouldn't encourage the kind of coding behavior that's been exhibited in the past: by writing such a wrapper and clean-up code, you (might) encourage laziness and make the problem worse rather than better. No in the sense that I don't believe this solution is actually going to exacerbate the actual problem itself. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5z7AACgkQ9CaO5/Lv0PCM5ACfdA3MPnJ/YEeUwIeuNjh9akH7 2X4AoKyfvWVdOv59FJtxMrw4nyLxsrk9 =WWP3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] ConnectionPool question
Yup, No wonder my shop is in so much trouble. No procedures, no brainstorming, no project management, no best practices, just a shoot from the hip, Git-R-Done attitude. I liked that so much it's now hanging in my cube :) - Josh On Wed, Nov 11, 2009 at 3:33 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: [OT] ConnectionPool question Not only did I get yelled at for having the audacity to write up procedures for the developers on my team But we've always done it that way... A long habit of not thinking a thing wrong, gives it a superficial appearance of being right. - Thomas Paine, 1776 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] ConnectionPool question
I'm glad I amuse all of you :P Chris, the reason there are multiple recycleConnection methods is because if a RS is passed to the front presentation layer, I have to have a way to close it, I have to be able to get the statement and connection somehow, and I don't want that in my code. From everything that everyone here has said, to semi fix this right: 1 - Each method that calls the DB for a RS needs to get it's own connection and close the resources itself (keeping it in the same scope) 2 - The CP wrapper that is here, CAN be used, but could end up causing more problems in the long run. Hey again, thanks for everything you all have said. I feel slightly more confident now in fixing this conundrum. :) - Josh On Sat, Nov 7, 2009 at 3:17 AM, Elli Albek e...@sustainlane.com wrote: Chris, as long as we are having fun its all good. I think this question is something many developers ask. I have seen it here and in other forums. You are correct, everything is wrapped. The connection wrapper spawns statment wrappers which spawn result set wrappers, and everything is tracked in parent child relationships. E On Fri, Nov 6, 2009 at 5:54 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Elli, Okay, I think we've hijacked Josh's thread enough to at least mark it as off topic. :) On 11/5/2009 10:37 PM, Elli Albek wrote: Christopher Schultz wrote: Pooled connections are almost certainly not behaving this way. This has been discussed at least twice in the last week or two, and, I believe, already once in this thread. This is certainly not the case for my DBCP library (1.2.2). I just stepped through the source code: Calling connection.close() is closing result sets and statements. I'm not sure how calling Connection.close (where the Connection object is one from DBCP) would possibly be able to close ResultSet and Statement objects created by the underlying connection. Unless, I suppose, they decided to wrap /everything/ and register all the ResultSet and Statement objects handed-out by the underlying Connection for the purposes of (possibly) closing them later. I should really read the source :) Below is the DBCP code that keeps track of open statements/result sets and closes them when the connection is closed (BDCP 1.2.2). Yup: it looks like they do wrap/register everything and then close it for you. It's nice that they followed the spec, here :) - -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
Barry, that's a normal console message when using the DataSource. :) Alright. I have a question. I've finished up the ConnectionPool wrapper class that I found and is being used. I don't need it to run, but I figured it's there why not modify it to handle EVERYTHING dealing with connections. While I have a getConnection(), I have also created many recycleConnection methods that close abandoned Statements, Connections, ResultSets, and DatabaseMetaData's. So my ConnectionPool class is here http://www.realissuesforrealpeople.com/ConnectionPool.java and my DatabaseTransaction class is here http://www.realissuesforrealpeople.com/DatabaseTransaction.java - Thanks for the template for the Transaction Mr. Schultz btw. I haven't worked on the filter as of yet, however, I am being told that the ConnectionPool wrapper is a horrible idea and that I will end up with problems with it. As well as the DatabaseTransaction class. Can anyone forsee any issues with either that I am not forseeing? My ability to use the force is broken at the moment. Im looking at the filter as of right now. Ive never implemented one however. On Thu, Nov 5, 2009 at 4:03 PM, Propes, Barry L barry.l.pro...@citi.comwrote: Oh yeahgood point..I likely don't have many (I have a few) DB errors printing tighto the console. Fortunately, I've shored that area up greatly. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Thursday, November 05, 2009 2:52 PM To: Tomcat Users List Subject: RE: ConnectionPool question From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: ConnectionPool question When I FIRST make a DB query through one of my JSPs/servlets, I get this msg printed to the console. AbandonedObjectPool is used (org.apache.commons.dbcp.abandonedobjectp...@b32627) LogAbandoned: true RemoveAbandoned: true RemoveAbandonedTimeout: 30 The above message is displayed by the constructor for the pool, directly to System.out, when the DataSource is being instantiated. It simply says that your config is using the abandoned pool mechanism, and not an indication that you actually have any abandoned connections at this time. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
HOLY MOLY I am getting a TON of abandoned connection warnings now. I see I have logAbandoned=true. My Catalina log grew fast! Now here is a question, everytime I recycle a connection (close RS, statement, and the connection) does it place it back into the pool or is that what the abandoned connection messages are for letting me know they were abandoned and put back into the pool? On Tue, Nov 3, 2009 at 4:06 PM, Josh Gooding josh.good...@gmail.com wrote: nevermind. I get: javax.servlet.ServletException: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: No operations allowed after connection closed. Guess that answers my question. On Tue, Nov 3, 2009 at 3:24 PM, Josh Gooding josh.good...@gmail.comwrote: If I close the RS, can I still use the MD? On Tue, Nov 3, 2009 at 3:13 PM, Elli Albek e...@sustainlane.com wrote: No, you do not need to close the XXXMetaData classes. E On Tue, Nov 3, 2009 at 12:02 PM, Josh Gooding josh.good...@gmail.com wrote: One more question on bleeding resources. When closing RS / statement / connections. Do I have to do anything with the MetaData if I got that as well? (I.E Do I explicitly have to close the metadata as well?) Josh On Tue, Nov 3, 2009 at 2:01 PM, Josh Gooding josh.good...@gmail.com wrote: Elle, I am going to dig into this code and check it out. I want to know more about how to use threadlocal and filters. (Sorry I'm not as experienced in Tomcat as some for you gurus here). The code looks promising and I like the 2nd option due to the fact that each HTTP req. only has one connection (which should drop the overhead immensely) however for right now, I just want to fix the bleeding issue (which it seems that I have caught a good portion of them), so I'll use my legacy code, but during a minor code release, I can definitely look into rolling this out. I am getting a ton of abandoned connection warnings in the console window, so I need to find out where these are coming from now. I don't know where to begin thanking you guys but thank you. I've gotten more mentoring here on this listing than I have in 2 years at my current employer. Thank you all again. - Josh On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Elli, On 11/2/2009 4:08 AM, Elli Albek wrote: I think you can have a solution without changing your code. Try something like this: getConnection() static method should get the connection, and add it to a list that you keep in threadlocal. recycleConnection() should close the connection and remove the connection object from thread local. Add a servlet filter that closes all connections in thread local. The filter calls next filter, and in a finally block get the connections from thread local, close all of them, and clear the list in thread local. This is a horrible, nasty hack and it's entirely brilliant! I would change Elli's implementation just slightly, and actually write your own DataSource implementation that piggybacks on another one. Basically, you just wrap the DataSource that Tomcat provides either by: a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just writing the plumbing code to pass everything through b. Actually subclass the DataSource class(es) provided by Tomcat and use /those/ in your Resource configuration. I would also not make any of this static... there's just no reason to do so, especially if your DataSource object is in the JNDI context. Although the /real/ solution is to fix the code, I really like this solution for a couple of reasons: 1. It requires no wrapping of Connection, Statement, etc. objects (which is entirely miserable if you've ever had to do it) 2. It requires no changes to your code whatsoever (if you use my DataSource-wrapping suggestion above) 3. You won't end up closing your connection, statement, result set, etc. too early because your code has completed execution (unless you are using JDBC resources across requests, which is another story) What this won't help, unfortunately is: * Closing your ResultSet and Statement objects (though this can be solved by wrapping the Connection, Statement, etc. objects handed- out by your DataSource. Yes, it's miserable.) This will allow you to keep your legacy code. As far as I remember DBCP has an option to close the result sets and statements when you close the connection. If not this will partly work. I don't believe commons-dbcp has this capability at all. I'm willing to read any documentation to the contrary, though. Version 2: Advanced Keep the actual connection in thread local. You
Re: ConnectionPool question
Chris, I would imagine that you are correct, unless I store the RSMD in anther object (like a Map or AL). Now that I have started closing my resources something strange has actually happened now. I've hit the connectionpool limit faster. I was digging and realized that I changed my context.xml file for the new DataSourceFactory, but there is a watched resource in my web.xml that is still pointing to javax.sql.DataSource. should this be changed to the tomcat's DataSourceFactory as well? Here's the snippet from the context.xml: Resource name=jdbc/RealmDB auth=Container type=javax.sql.DataSource factory=org.apache.tomcat.jdbc.pool.DataSourceFactory username=root password=password driverClassName=com.mysql.jdbc.Driver Here's from the web.xml: resource-ref res-typejavax.sql.DataSource/res-type res-ref-namejdbc/RealmDB/res-ref-name res-authContainer/res-auth /resource-ref Do I need to change the res-type to the tomcat's DataSource? On Wed, Nov 4, 2009 at 11:47 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 11/3/2009 3:24 PM, Josh Gooding wrote: If I close the RS, can I still use the MD? I see you've already answered this, but note the error is that the Connection is closed, not the ResultSet. I would expect that ResultSetMetaData requires that the ResultSet itself still be open in order to use it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrxsBUACgkQ9CaO5/Lv0PA9FgCgoK27dFtvbyyF4A6M/LrxviWX OCoAn0Uxn21O6woqtRZMbZKGOcLlHpQS =WlcR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.20 on 64bit Window2003 - 64bit Service CAN'T start
Really? I've never got it to work except through a batch starting. It really could be a plethora of things. (I'd rather have it as that anyways :P) Not a big deal to me, I did get it working :) On Mon, Nov 2, 2009 at 8:20 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: Tomcat 6.0.20 on 64bit Window2003 - 64bit Service CAN'T start EDIT: Don't install tomcat as a service. I've always had trouble running the 64 bit service. Really? Once the modes of tomcat6.exe and the designated JVM match, there shouldn't be any problem. Works fine on my 64-bit systems as a service. To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
If I close the RS, can I still use the MD?
On Tue, Nov 3, 2009 at 3:13 PM, Elli Albek e...@sustainlane.com wrote:
No, you do not need to close the XXXMetaData classes.
E
On Tue, Nov 3, 2009 at 12:02 PM, Josh Gooding josh.good...@gmail.com
wrote:
One more question on bleeding resources. When closing RS / statement /
connections. Do I have to do anything with the MetaData if I got that as
well? (I.E Do I explicitly have to close the metadata as well?)
Josh
On Tue, Nov 3, 2009 at 2:01 PM, Josh Gooding josh.good...@gmail.com
wrote:
Elle,
I am going to dig into this code and check it out. I want to know more
about how to use threadlocal and filters. (Sorry I'm not as
experienced
in
Tomcat as some for you gurus here).
The code looks promising and I like the 2nd option due to the fact that
each HTTP req. only has one connection (which should drop the overhead
immensely) however for right now, I just want to fix the bleeding issue
(which it seems that I have caught a good portion of them), so I'll use
my
legacy code, but during a minor code release, I can definitely look
into
rolling this out. I am getting a ton of abandoned connection
warnings
in
the console window, so I need to find out where these are coming from
now.
I don't know where to begin thanking you guys but thank you. I've
gotten
more mentoring here on this listing than I have in 2 years at my
current
employer. Thank you all again.
- Josh
On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Elli,
On 11/2/2009 4:08 AM, Elli Albek wrote:
I think you can have a solution without changing your code.
Try something like this:
getConnection() static method should get the connection, and add it
to
a
list that you keep in threadlocal.
recycleConnection() should close the connection and remove the
connection
object from thread local.
Add a servlet filter that closes all connections in thread local.
The
filter
calls next filter, and in a finally block get the connections from
thread
local, close all of them, and clear the list in thread local.
This is a horrible, nasty hack and it's entirely brilliant!
I would change Elli's implementation just slightly, and actually write
your own DataSource implementation that piggybacks on another one.
Basically, you just wrap the DataSource that Tomcat provides either
by:
a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just
writing the plumbing code to pass everything through
b. Actually subclass the DataSource class(es) provided by Tomcat and
use /those/ in your Resource configuration.
I would also not make any of this static... there's just no reason to
do
so, especially if your DataSource object is in the JNDI context.
Although the /real/ solution is to fix the code, I really like this
solution for a couple of reasons:
1. It requires no wrapping of Connection, Statement, etc. objects
(which is entirely miserable if you've ever had to do it)
2. It requires no changes to your code whatsoever (if you use my
DataSource-wrapping suggestion above)
3. You won't end up closing your connection, statement, result set,
etc.
too early because your code has completed execution (unless you
are using JDBC resources across requests, which is another story)
What this won't help, unfortunately is:
* Closing your ResultSet and Statement objects (though this can be
solved by wrapping the Connection, Statement, etc. objects handed-
out by your DataSource. Yes, it's miserable.)
This will allow you to keep your legacy code. As far as I remember
DBCP
has
an option to close the result sets and statements when you close the
connection. If not this will partly work.
I don't believe commons-dbcp has this capability at all. I'm willing
to
read any documentation to the contrary, though.
Version 2: Advanced
Keep the actual connection in thread local. You will have one
connection
per
HTTP request. getConnection() should be something like
public static /* NOT synchronized */ Connection getConnection(){
Connection c = ...// get the connection from thread local
if (c != null)
return c;
Connection c = ...// get the connection from JNDI/DBCP
// put connection in thread local
return c;
}
I like this technique, too. You just have to decide if it's acceptable
for your webapp to re-use connections. I can't imagine why that would
be
a problem, but it's worth considering before you blindly do it. This
optimization can save you from deadlock (though you're killing-off
connections after 15 seconds anyway) and should
Re: ConnectionPool question
Elle,
I am going to dig into this code and check it out. I want to know more
about how to use threadlocal and filters. (Sorry I'm not as experienced in
Tomcat as some for you gurus here).
The code looks promising and I like the 2nd option due to the fact that each
HTTP req. only has one connection (which should drop the overhead immensely)
however for right now, I just want to fix the bleeding issue (which it seems
that I have caught a good portion of them), so I'll use my legacy code, but
during a minor code release, I can definitely look into rolling this out.
I am getting a ton of abandoned conenction warnings in the console window,
so I need to find out where these are coming from now.
I don't know where to begin thanking you guys but thank you. I've gotten
more mentoring here on this listing than I have in 2 years at my current
employer. Thank you all again.
- Josh
On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Elli,
On 11/2/2009 4:08 AM, Elli Albek wrote:
I think you can have a solution without changing your code.
Try something like this:
getConnection() static method should get the connection, and add it to a
list that you keep in threadlocal.
recycleConnection() should close the connection and remove the connection
object from thread local.
Add a servlet filter that closes all connections in thread local. The
filter
calls next filter, and in a finally block get the connections from thread
local, close all of them, and clear the list in thread local.
This is a horrible, nasty hack and it's entirely brilliant!
I would change Elli's implementation just slightly, and actually write
your own DataSource implementation that piggybacks on another one.
Basically, you just wrap the DataSource that Tomcat provides either by:
a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just
writing the plumbing code to pass everything through
b. Actually subclass the DataSource class(es) provided by Tomcat and
use /those/ in your Resource configuration.
I would also not make any of this static... there's just no reason to do
so, especially if your DataSource object is in the JNDI context.
Although the /real/ solution is to fix the code, I really like this
solution for a couple of reasons:
1. It requires no wrapping of Connection, Statement, etc. objects
(which is entirely miserable if you've ever had to do it)
2. It requires no changes to your code whatsoever (if you use my
DataSource-wrapping suggestion above)
3. You won't end up closing your connection, statement, result set, etc.
too early because your code has completed execution (unless you
are using JDBC resources across requests, which is another story)
What this won't help, unfortunately is:
* Closing your ResultSet and Statement objects (though this can be
solved by wrapping the Connection, Statement, etc. objects handed-
out by your DataSource. Yes, it's miserable.)
This will allow you to keep your legacy code. As far as I remember DBCP
has
an option to close the result sets and statements when you close the
connection. If not this will partly work.
I don't believe commons-dbcp has this capability at all. I'm willing to
read any documentation to the contrary, though.
Version 2: Advanced
Keep the actual connection in thread local. You will have one connection
per
HTTP request. getConnection() should be something like
public static /* NOT synchronized */ Connection getConnection(){
Connection c = ...// get the connection from thread local
if (c != null)
return c;
Connection c = ...// get the connection from JNDI/DBCP
// put connection in thread local
return c;
}
I like this technique, too. You just have to decide if it's acceptable
for your webapp to re-use connections. I can't imagine why that would be
a problem, but it's worth considering before you blindly do it. This
optimization can save you from deadlock (though you're killing-off
connections after 15 seconds anyway) and should significantly improve
the performance of your webapp because you won't be bleeding so many
connections: you're limited to bleeding one connection per request
instead of potentially dozens.
recycleConnection(){
// empty, connection will be recycled by filter.
}
I would actually allow recycleConnection to close the connection, and
have the filter call recycleConnection. That way, as you improve your
webapp's code, the connections will be closed as soon as possible
instead of waiting until the request is (mostly) finished.
Again, Elli, a great suggestion!
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrvQ8AACgkQ9CaO5/Lv0PDOSACeJfqgaXmrySSKItQHji2K6UzK
hmsAoKIAhRAgwzI/QN8SPdVGkBbewA2a
=Mqjn
-END PGP
Re: ConnectionPool question
nevermind. I get:
javax.servlet.ServletException:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException:
No operations allowed after connection closed.
Guess that answers my question.
On Tue, Nov 3, 2009 at 3:24 PM, Josh Gooding josh.good...@gmail.com wrote:
If I close the RS, can I still use the MD?
On Tue, Nov 3, 2009 at 3:13 PM, Elli Albek e...@sustainlane.com wrote:
No, you do not need to close the XXXMetaData classes.
E
On Tue, Nov 3, 2009 at 12:02 PM, Josh Gooding josh.good...@gmail.com
wrote:
One more question on bleeding resources. When closing RS / statement /
connections. Do I have to do anything with the MetaData if I got that
as
well? (I.E Do I explicitly have to close the metadata as well?)
Josh
On Tue, Nov 3, 2009 at 2:01 PM, Josh Gooding josh.good...@gmail.com
wrote:
Elle,
I am going to dig into this code and check it out. I want to know
more
about how to use threadlocal and filters. (Sorry I'm not as
experienced
in
Tomcat as some for you gurus here).
The code looks promising and I like the 2nd option due to the fact
that
each HTTP req. only has one connection (which should drop the overhead
immensely) however for right now, I just want to fix the bleeding
issue
(which it seems that I have caught a good portion of them), so I'll
use
my
legacy code, but during a minor code release, I can definitely look
into
rolling this out. I am getting a ton of abandoned connection
warnings
in
the console window, so I need to find out where these are coming from
now.
I don't know where to begin thanking you guys but thank you. I've
gotten
more mentoring here on this listing than I have in 2 years at my
current
employer. Thank you all again.
- Josh
On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Elli,
On 11/2/2009 4:08 AM, Elli Albek wrote:
I think you can have a solution without changing your code.
Try something like this:
getConnection() static method should get the connection, and add it
to
a
list that you keep in threadlocal.
recycleConnection() should close the connection and remove the
connection
object from thread local.
Add a servlet filter that closes all connections in thread local.
The
filter
calls next filter, and in a finally block get the connections from
thread
local, close all of them, and clear the list in thread local.
This is a horrible, nasty hack and it's entirely brilliant!
I would change Elli's implementation just slightly, and actually
write
your own DataSource implementation that piggybacks on another one.
Basically, you just wrap the DataSource that Tomcat provides either
by:
a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just
writing the plumbing code to pass everything through
b. Actually subclass the DataSource class(es) provided by Tomcat and
use /those/ in your Resource configuration.
I would also not make any of this static... there's just no reason to
do
so, especially if your DataSource object is in the JNDI context.
Although the /real/ solution is to fix the code, I really like this
solution for a couple of reasons:
1. It requires no wrapping of Connection, Statement, etc. objects
(which is entirely miserable if you've ever had to do it)
2. It requires no changes to your code whatsoever (if you use my
DataSource-wrapping suggestion above)
3. You won't end up closing your connection, statement, result set,
etc.
too early because your code has completed execution (unless you
are using JDBC resources across requests, which is another story)
What this won't help, unfortunately is:
* Closing your ResultSet and Statement objects (though this can be
solved by wrapping the Connection, Statement, etc. objects handed-
out by your DataSource. Yes, it's miserable.)
This will allow you to keep your legacy code. As far as I remember
DBCP
has
an option to close the result sets and statements when you close
the
connection. If not this will partly work.
I don't believe commons-dbcp has this capability at all. I'm willing
to
read any documentation to the contrary, though.
Version 2: Advanced
Keep the actual connection in thread local. You will have one
connection
per
HTTP request. getConnection() should be something like
public static /* NOT synchronized */ Connection getConnection(){
Connection c = ...// get the connection from thread local
if (c != null)
return c;
Connection c = ...// get the connection from JNDI/DBCP
// put connection in thread local
return c;
}
I like this technique, too. You just have to decide if it's
Re: ConnectionPool question
One more question on bleeding resources. When closing RS / statement /
connections. Do I have to do anything with the MetaData if I got that as
well? (I.E Do I explicitly have to close the metadata as well?)
Josh
On Tue, Nov 3, 2009 at 2:01 PM, Josh Gooding josh.good...@gmail.com wrote:
Elle,
I am going to dig into this code and check it out. I want to know more
about how to use threadlocal and filters. (Sorry I'm not as experienced in
Tomcat as some for you gurus here).
The code looks promising and I like the 2nd option due to the fact that
each HTTP req. only has one connection (which should drop the overhead
immensely) however for right now, I just want to fix the bleeding issue
(which it seems that I have caught a good portion of them), so I'll use my
legacy code, but during a minor code release, I can definitely look into
rolling this out. I am getting a ton of abandoned connection warnings in
the console window, so I need to find out where these are coming from now.
I don't know where to begin thanking you guys but thank you. I've gotten
more mentoring here on this listing than I have in 2 years at my current
employer. Thank you all again.
- Josh
On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Elli,
On 11/2/2009 4:08 AM, Elli Albek wrote:
I think you can have a solution without changing your code.
Try something like this:
getConnection() static method should get the connection, and add it to a
list that you keep in threadlocal.
recycleConnection() should close the connection and remove the
connection
object from thread local.
Add a servlet filter that closes all connections in thread local. The
filter
calls next filter, and in a finally block get the connections from
thread
local, close all of them, and clear the list in thread local.
This is a horrible, nasty hack and it's entirely brilliant!
I would change Elli's implementation just slightly, and actually write
your own DataSource implementation that piggybacks on another one.
Basically, you just wrap the DataSource that Tomcat provides either by:
a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just
writing the plumbing code to pass everything through
b. Actually subclass the DataSource class(es) provided by Tomcat and
use /those/ in your Resource configuration.
I would also not make any of this static... there's just no reason to do
so, especially if your DataSource object is in the JNDI context.
Although the /real/ solution is to fix the code, I really like this
solution for a couple of reasons:
1. It requires no wrapping of Connection, Statement, etc. objects
(which is entirely miserable if you've ever had to do it)
2. It requires no changes to your code whatsoever (if you use my
DataSource-wrapping suggestion above)
3. You won't end up closing your connection, statement, result set, etc.
too early because your code has completed execution (unless you
are using JDBC resources across requests, which is another story)
What this won't help, unfortunately is:
* Closing your ResultSet and Statement objects (though this can be
solved by wrapping the Connection, Statement, etc. objects handed-
out by your DataSource. Yes, it's miserable.)
This will allow you to keep your legacy code. As far as I remember DBCP
has
an option to close the result sets and statements when you close the
connection. If not this will partly work.
I don't believe commons-dbcp has this capability at all. I'm willing to
read any documentation to the contrary, though.
Version 2: Advanced
Keep the actual connection in thread local. You will have one connection
per
HTTP request. getConnection() should be something like
public static /* NOT synchronized */ Connection getConnection(){
Connection c = ...// get the connection from thread local
if (c != null)
return c;
Connection c = ...// get the connection from JNDI/DBCP
// put connection in thread local
return c;
}
I like this technique, too. You just have to decide if it's acceptable
for your webapp to re-use connections. I can't imagine why that would be
a problem, but it's worth considering before you blindly do it. This
optimization can save you from deadlock (though you're killing-off
connections after 15 seconds anyway) and should significantly improve
the performance of your webapp because you won't be bleeding so many
connections: you're limited to bleeding one connection per request
instead of potentially dozens.
recycleConnection(){
// empty, connection will be recycled by filter.
}
I would actually allow recycleConnection to close the connection, and
have the filter call recycleConnection. That way, as you improve your
webapp's code, the connections will be closed as soon as possible
instead of waiting until the request is (mostly
Re: ConnectionPool question
It seems as though you cannot set the maxActive to -1 as you can in the javax.sql.ConnectionPool for unlimited. On Mon, Nov 2, 2009 at 4:36 AM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2009/10/31 Josh Gooding josh.good...@gmail.com: (...) and I am getting a tomcat startup exception: WARNING: Unexpected exception resolving reference java.lang.IllegalArgumentException at java.util.concurrent.ArrayBlockingQueue.init(Unknown Source) at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:367) Line 367 in ConnectorPool.java is busy = new ArrayBlockingQueuePooledConnection(properties.getMaxActive(),false); - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Will tomcat allow me to configur access to a single folder?
What I was saying is that in httpd, you can configure httpd to do what I want, but I was unsure if you could in tomcat. Since I'm not using httpd, I just wanted to see if I can configure access to a specific folder in Tomcat. I am setting up a backup site for a group of people on my domain. That's all. On Mon, Nov 2, 2009 at 4:03 AM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: Unlike Apache HTTPD, can Tomcat be configured to allow access to a single directory? Huh ? Which Apache http documentation have you been reading ? Not this one : http://httpd.apache.org/docs/2.2/howto/auth.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Will tomcat allow me to configur access to a single folder?
Basically this is a dump for back up files, that's all. I have a website at the .com level, would I have to put in another entry in the server.xml for this and then populate the (dump) directory with the WEB-INF / META-INF resources? I think I can configure the login with a file instead of having to have a JDBC connection to a database. On Mon, Nov 2, 2009 at 10:51 AM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: What I was saying is that in httpd, you can configure httpd to do what I want, but I was unsure if you could in tomcat. Since I'm not using httpd, I just wanted to see if I can configure access to a specific folder in Tomcat. I am setting up a backup site for a group of people on my domain. That's all. Josh Gooding wrote: Unlike Apache HTTPD, can Tomcat be configured to allow access to a single directory? So, you really meant : Q: Can Tomcat, like httpd, be configured to allow access to a single directory ? A: yes. :-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.20 on 64bit Window2003 - 64bit Service CAN'T start
Did you copy over the 64 bit tomcat files to the tomcat directory? Not the 64 bit java files. On Mon, Nov 2, 2009 at 5:05 PM, tiffany.d...@inovis.com tiffany.d...@inovis.com wrote: I installed Tomcat 6.0.20 on 64bit Window2003. I installed 64 bit tomcat service (64 bit tomcat6.exe and 64bit tomcat6w.exe). I set variable name of JRE_HOME to the path of my 64bit JRE 6.0. However the 64 bit Service can't start and logs below. [2009-11-02 10:31:40] [info] Procrun (2.0.3.0) started [2009-11-02 10:31:40] [info] Running Service... [2009-11-02 10:31:40] [info] Starting service... [2009-11-02 10:31:40] [986 prunsrv.c] [error] Failed creating java [2009-11-02 10:31:40] [1260 prunsrv.c] [error] ServiceStart returned 1 [2009-11-02 10:31:40] [info] Run service finished. [2009-11-02 10:31:40] [info] Procrun finished. Tiffany
Re: Tomcat 6.0.20 on 64bit Window2003 - 64bit Service CAN'T start
EDIT: Don't install tomcat as a service. I've always had trouble running the 64 bit service. On Mon, Nov 2, 2009 at 5:19 PM, Josh Gooding josh.good...@gmail.com wrote: Did you copy over the 64 bit tomcat files to the tomcat directory? Not the 64 bit java files. On Mon, Nov 2, 2009 at 5:05 PM, tiffany.d...@inovis.com tiffany.d...@inovis.com wrote: I installed Tomcat 6.0.20 on 64bit Window2003. I installed 64 bit tomcat service (64 bit tomcat6.exe and 64bit tomcat6w.exe). I set variable name of JRE_HOME to the path of my 64bit JRE 6.0. However the 64 bit Service can't start and logs below. [2009-11-02 10:31:40] [info] Procrun (2.0.3.0) started [2009-11-02 10:31:40] [info] Running Service... [2009-11-02 10:31:40] [info] Starting service... [2009-11-02 10:31:40] [986 prunsrv.c] [error] Failed creating java [2009-11-02 10:31:40] [1260 prunsrv.c] [error] ServiceStart returned 1 [2009-11-02 10:31:40] [info] Run service finished. [2009-11-02 10:31:40] [info] Procrun finished. Tiffany
Will tomcat allow me to configur access to a single folder?
Unlike Apache HTTPD, can Tomcat be configured to allow access to a single directory? I am looking at writing a bit of code to be able to upload spare files to a section on the webserver, and then be able to view them and d/l them. Writing the code for the upload is not hard, but just wondering since I have a .com, if I had say domain.com/external site dump/ Can I configure tomcat so that everytime someone went to the /external site dump section, it would ask for credentials? Is this just a simple realm configuration? Thanks. - Josh
Re: ConnectionPool question
I have been reading it and ALMOST chimed in, but decided to read farther first. While I asked a question about it on the sun forums and got slammed for a class I wrote and posted about why a ConnectionPool would ever have to implement ServletContextListener. basically I was told to write in accordance with what the API's contract is,/ not implementation specific behaviors. Thank goodness I archive the tomcat udev / user listing in my Gmail. The main problem I was having was similar to what he was. I was able to solve my problem by the following: maxActive=-1 maxIdle=5 maxWait=15 removeAbandoned=true removeAbandonedTimeout=15 testWhileIdle=false timeBetweenEvictionRunsMillis=900/ I changed up 4 parameters in the context.xml file. maxWait, removeAbandonedTimeout, testWhileIdle, and timeBetweenEvictionRunsMIllis. The problem was despite me closing the rs's in the program, MySQL Tomcat was still seeing the connections as active and would keep them open. I started by trying to tweak the wait timeout settings in the my.ini file, but that really caused some jams especially if the connections would timeout, then for some reason go to become active again, Tomcat would throw me an error, so changing the settings on MySQL was not the answer. The problem was with how Tomcat was handling the time frame for recycling connections. I cut the time that tomcat held on to the closed connections and the problem remarkably went away. I could also monitor this from the MySQL Administrator panel in real time when I ran heavy load queries to the DB. Now every 15 seconds after a close, the connection is returned to the pool. That seems to be about perfect, just long enough to run gc() and continue on. It took me about a day to figure out, but I did. On Fri, Oct 30, 2009 at 12:58 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 10/29/2009 9:17 PM, Josh Gooding wrote: I wrote some code on top of the Tomcat's ConnectionPool class. In regular Java based programming if I close a ResultSet with connection.close(), this frees up both the statement and resultset's memory associated with the connection if it was still open. If I close a connection with Tomcat's ConnectionPool, does it also close the statement and resultset's associated with that particular connection or do I need to manually close them? This is a good question that was partially discussed over the past few days (see the thread DBCP woes (running out of cursors). for the whole sordid mess, but here's a quote from me: Technically speaking, the JDBC specification requires that calling Connection.close() also close any Statement (and therefore ResultSet) objects that were opened as well. The lines become blurred a bit when you're talking about pooled connections, because Connection.close() doesn't really get called... it's a grey area in the spec if you ask me, but I'd prefer that a pooled connection act like a non-pooled connection in this case, but there's no recycle or reset method in the java.sql.Connection class, and calling Connection.close() on the actual connection is not appropriate (since it's pooled) so there may be no way to actually implement this mimicry. I know best practice is to not rely on anything to be closed automatically, but I inherited a code base and I am looking at making some pretty significant changes to fix some problems, and this is one of them. At the risk of being doubly-self-referential: http://blog.christopherschultz.net/?p=68 Fortunately, clean JDBC code doesn't need to be all that messy (uh... right). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrqcmgACgkQ9CaO5/Lv0PBc/QCdHPc6AFdcLPhxYDU6hpL+mFEP s9gAoJJznfRIoDhFPvm98R8Q9kx6n7Tr =puM5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
AHH, I will read the API for the StatementFinalizer. I was looking at something to do that. Thank you Filip! On Fri, Oct 30, 2009 at 9:53 AM, Filip Hanik - Dev Lists devli...@hanik.com wrote: hi Josh, calling Connection.close() does not close statements and resultsets. There is an interceptor you can configure called StatementFinalizer that does exactly that during the close call. Filip On 10/29/2009 07:17 PM, Josh Gooding wrote: I wrote some code on top of the Tomcat's ConnectionPool class. In regular Java based programming if I close a ResultSet with connection.close(), this frees up both the statement and resultset's memory associated with the connection if it was still open. If I close a connection with Tomcat's ConnectionPool, does it also close the statement and resultset's associated with that particular connection or do I need to manually close them? I know best practice is to not rely on anything to be closed automatically, but I inherited a code base and I am looking at making some pretty significant changes to fix some problems, and this is one of them. Thanks in advance, - Josh - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
Hey what API holds the statementFinalizer? On Fri, Oct 30, 2009 at 9:57 AM, Josh Gooding josh.good...@gmail.comwrote: AHH, I will read the API for the StatementFinalizer. I was looking at something to do that. Thank you Filip! On Fri, Oct 30, 2009 at 9:53 AM, Filip Hanik - Dev Lists devli...@hanik.com wrote: hi Josh, calling Connection.close() does not close statements and resultsets. There is an interceptor you can configure called StatementFinalizer that does exactly that during the close call. Filip On 10/29/2009 07:17 PM, Josh Gooding wrote: I wrote some code on top of the Tomcat's ConnectionPool class. In regular Java based programming if I close a ResultSet with connection.close(), this frees up both the statement and resultset's memory associated with the connection if it was still open. If I close a connection with Tomcat's ConnectionPool, does it also close the statement and resultset's associated with that particular connection or do I need to manually close them? I know best practice is to not rely on anything to be closed automatically, but I inherited a code base and I am looking at making some pretty significant changes to fix some problems, and this is one of them. Thanks in advance, - Josh - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
On Fri, Oct 30, 2009 at 11:33 AM, Christopher Schultz ch...@christopherschultz.net wrote: Heh. Obviously, someone hasn't worked in the real world. Did he realize that writing to the contract in this case could potentially bring-down the database server? Eh, I just let it go. I'm beyond the fact that I know the code I wrote and inherited is wacked. It's not worth starting an internet flame war, especially over a programming topic on the sun board. I respect the other people on there too much to make the guy look like an. well we all get the point. Thank goodness I archive the tomcat udev / user listing in my Gmail. You can always search the archives on markmail, too. There's no need to keep your own archive. I don't actively archive them, I have them auto sorted and split into categories. I have 7GB+ of storage, so all of my Tomcat / PHP / C++ / etc mails are all sent to different folders and marked accordingly. I knew about markmail, The main problem I was having was similar to what he was. I was able to solve my problem by the following: maxActive=-1 maxIdle=5 maxWait=15 removeAbandoned=true removeAbandonedTimeout=15 testWhileIdle=false timeBetweenEvictionRunsMillis=900/ 900ms is a /very/ short time for an eviction run. Given that you have a 15-second timeout, I would probably make your eviction runs somewhere in that range rather than in the sub-second range. Do you really want your DataSource waking up every second to check all the connections? OOPS, good catch, should have been 54000ms (15 sec) I forgot to x by another 60 in there. I changed up 4 parameters in the context.xml file. maxWait, removeAbandonedTimeout, testWhileIdle, and timeBetweenEvictionRunsMIllis. The problem was despite me closing the rs's in the program, MySQL Tomcat was still seeing the connections as active and would keep them open. Well, you have to close all your resources, not just ResultSets. Closing a ResultSet does not close the connection (nor does it return it to the pool, which may have been your whole problem). I started by trying to tweak the wait timeout settings in the my.ini file, but that really caused some jams especially if the connections would timeout, then for some reason go to become active again, Tomcat would throw me an error, so changing the settings on MySQL was not the answer. You really ought to use validationQuery=/* ping */ SELECT 1 as well. Any connection that has been closed while sitting in the pool will be re-checked before it's given-out to the caller. That means that you shouldn't get connection exceptions being thrown when this kind of thing happens. I need to look into this to see how I need to implement it. (there is a nice example down lower in this thread) The problem was with how Tomcat was handling the time frame for recycling connections. I cut the time that tomcat held on to the closed connections and the problem remarkably went away. I could also monitor this from the MySQL Administrator panel in real time when I ran heavy load queries to the DB. Now every 15 seconds after a close, the connection is returned to the pool. That seems to be about perfect, just long enough to run gc() and continue on. Heh. I highly recommend reviewing you code: abandoned expirations and evictions can get you by in a pinch, but it's no way to live long-term. Fix your resource leaks and your server(s) will thank you by increasing their throughput. Oh this code BLEEDS resources. The only semi annoyance is that the methods that get RS's are usually returned like: return ConnectionPool.getConnection().createStatement().executeQuery(sqlCode); This is not bad, but there is NO PLACE in the code that actively closes all of the resources. Sometimes the code is LUCKY to have a call that is to rs.close(); but I am more than positive that there is no statement / connection closing going on. The hardest part is that everything is mixed into the presentation layer. I'll fix the DAO first, then move to more back-end fixing. Thanks for the 411 about the StatementFinalize and the Millis timeout. The millis has been changed to 54000 (15 seconds), and I'll look up more info about the StatementFinalize and the validationQuery. This biggest problem I'm having is that I'm the only coder in a .NET shop (they all run IIS and code in .NET only) and no one has experience with TC except me. Honestly if it wasn't for this list and the sun forums, I'd be sunk on most things Tomcat / java wise. This list with the members have been an invaluable asset to my learning Tomcat. Good luck, - -chris Thanks, Josh
Re: ConnectionPool question
;+
org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer);
DataSource datasource = new DataSource();
datasource.setPoolProperties(p);
Connection con = null;
try {
con = datasource.getConnection();
Statement st = con.createStatement();
ResultSet rs = st.executeQuery(select * from user);
int cnt = 1;
while (rs.next()) {
System.out.println((cnt++)+. Host:
+rs.getString(Host)+
User:+rs.getString(User)+
Password:+rs.getString(Password));
}
rs.close();
st.close();
} finally {
if (con!=null) try {con.close();}catch (Exception ignore)
{}
}
}
}
On 10/30/2009 09:54 AM, Filip Hanik - Dev Lists wrote:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/interceptor/StatementFinalizer.java?view=log
Filip
On 10/30/2009 08:34 AM, Josh Gooding wrote:
Hey what API holds the statementFinalizer?
On Fri, Oct 30, 2009 at 9:57 AM, Josh Goodingjosh.good...@gmail.com
wrote:
AHH, I will read the API for the StatementFinalizer. I was looking
at
something to do that. Thank you Filip!
On Fri, Oct 30, 2009 at 9:53 AM, Filip Hanik - Dev Lists
devli...@hanik.com wrote:
hi Josh, calling Connection.close() does not close statements and
resultsets.
There is an interceptor you can configure called StatementFinalizer
that
does exactly that during the close call.
Filip
On 10/29/2009 07:17 PM, Josh Gooding wrote:
I wrote some code on top of the Tomcat's ConnectionPool class. In
regular
Java based programming if I close a ResultSet with connection.close(),
this
frees up both the statement and resultset's memory associated with the
connection if it was still open. If I close a connection with
Tomcat's
ConnectionPool, does it also close the statement and resultset's
associated
with that particular connection or do I need to manually close them?
I know best practice is to not rely on anything to be closed
automatically,
but I inherited a code base and I am looking at making some pretty
significant changes to fix some problems, and this is one of them.
Thanks in advance,
- Josh
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
I also found this tid bit lying around. It get's a connection, but doesn't
close the statement.
public static void closeResources(ResultSet rs) throws
AardvarkResourceException {
try {
Statement s = rs.getStatement();
if (s != null) { // ResultSets produced by metadata queries do
not have associated statements
Connection c = s.getConnection();
//s.close();
//c.close();
ConnectionPool.recycleConnection(c);
}
rs.close();
} catch (SQLException e) {
throw new AardvarkResourceException(Error closing resources
associated with ResultSet, e);
}
}
It still doesn't close the statement, but closes the connection leaving the
statement hanging I'll fix and make sure to use it.
Re: ConnectionPool question
Hey Filip, I do not have /jdbc/pool/DataSourceFactory in my
tomcat-dbcp.jar. Is there some other place I should look?
My jar's structure goes as:
org/apache/tomcat/
dbcp
jocl
pool
Under the dbcp I have a DataSourceConnectionFactory.class (which I am making
an assumption that is what it is.)
On Fri, Oct 30, 2009 at 12:12 PM, Filip Hanik - Dev Lists
devli...@hanik.com wrote:
look at jdbc-pool.html it has all the info, here are examples out of it
Configuration
Resource name=jdbc/TestDB
auth=Container
type=javax.sql.DataSource
factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
testWhileIdle=true
testOnBorrow=true
testOnReturn=false
validationQuery=SELECT 1
validationInterval=3
timeBetweenEvictionRunsMillis=3
maxActive=100
minIdle=10
maxWait=1
initialSize=10
removeAbandonedTimeout=60
removeAbandoned=true
logAbandoned=true
minEvictableIdleTimeMillis=3
jmxEnabled=true
jdbcInterceptors=
org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer
username=root
password=password
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/mysql/
Code:
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import org.apache.tomcat.jdbc.pool.DataSource;
import org.apache.tomcat.jdbc.pool.PoolProperties;
public class SimplePOJOExample {
public static void main(String[] args) throws Exception {
PoolProperties p = new PoolProperties();
p.setUrl(jdbc:mysql://localhost:3306/mysql);
p.setDriverClassName(com.mysql.jdbc.Driver);
p.setUsername(root);
p.setPassword(password);
p.setJmxEnabled(true);
p.setTestWhileIdle(false);
p.setTestOnBorrow(true);
p.setValidationQuery(SELECT 1);
p.setTestOnReturn(false);
p.setValidationInterval(3);
p.setTimeBetweenEvictionRunsMillis(3);
p.setMaxActive(100);
p.setInitialSize(10);
p.setMaxWait(1);
p.setRemoveAbandonedTimeout(60);
p.setMinEvictableIdleTimeMillis(3);
p.setMinIdle(10);
p.setLogAbandoned(true);
p.setRemoveAbandoned(true);
p.setJdbcInterceptors(org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;+
org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer);
DataSource datasource = new DataSource();
datasource.setPoolProperties(p);
Connection con = null;
try {
con = datasource.getConnection();
Statement st = con.createStatement();
ResultSet rs = st.executeQuery(select * from user);
int cnt = 1;
while (rs.next()) {
System.out.println((cnt++)+. Host:
+rs.getString(Host)+
User:+rs.getString(User)+
Password:+rs.getString(Password));
}
rs.close();
st.close();
} finally {
if (con!=null) try {con.close();}catch (Exception ignore)
{}
}
}
}
On 10/30/2009 09:54 AM, Filip Hanik - Dev Lists wrote:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/interceptor/StatementFinalizer.java?view=log
Filip
On 10/30/2009 08:34 AM, Josh Gooding wrote:
Hey what API holds the statementFinalizer?
On Fri, Oct 30, 2009 at 9:57 AM, Josh Goodingjosh.good...@gmail.com
wrote:
AHH, I will read the API for the StatementFinalizer. I was looking
at
something to do that. Thank you Filip!
On Fri, Oct 30, 2009 at 9:53 AM, Filip Hanik - Dev Lists
devli...@hanik.com wrote:
hi Josh, calling Connection.close() does not close statements and
resultsets.
There is an interceptor you can configure called StatementFinalizer
that
does exactly that during the close call.
Filip
On 10/29/2009 07:17 PM, Josh Gooding wrote:
I wrote some code on top of the Tomcat's ConnectionPool class. In
regular
Java based programming if I close a ResultSet with connection.close(),
this
frees up both the statement and resultset's memory associated with the
connection if it was still open. If I close a connection with
Tomcat's
ConnectionPool, does it also close the statement and resultset's
associated
with that particular connection or do I need to manually close them?
I know best
Re: ConnectionPool question
Barry I changed the code to this:
public static void closeResources(ResultSet rs) throws
AardvarkResourceException {
Statement s = null;
Connection c = null;
try {
s = rs.getStatement();
if (s != null) {
c = s.getConnection();
}
rs.close();
}
catch (SQLException e) {
throw new AardvarkResourceException(Error closing resources
associated with ResultSet, e);
}
finally
{
if(null != rs) try { rs.close(); }
catch (SQLException sqle)
{ sqle.printStackTrace(); }
if(null != s) try { s.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
if(null != c)
try { c.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
}
}
No luck using the DataSoruceConnectionFactory though. I am using 6.0.18.
On Fri, Oct 30, 2009 at 4:28 PM, Propes, Barry L barry.l.pro...@citi.comwrote:
Where does it close the connection? Looks like it gets it, but the close
part is commented out. The rs gets closed, but the connection gets recycled.
Theoretically.
Seems like you put a finally block down there to try catching/closing the
wayward connection.
-Original Message-
From: Josh Gooding [mailto:josh.good...@gmail.com]
Sent: Friday, October 30, 2009 1:43 PM
To: Tomcat Users List
Subject: Re: ConnectionPool question
I also found this tid bit lying around. It get's a connection, but doesn't
close the statement.
public static void closeResources(ResultSet rs) throws
AardvarkResourceException {
try {
Statement s = rs.getStatement();
if (s != null) { // ResultSets produced by metadata queries do
not have associated statements
Connection c = s.getConnection();
//s.close();
//c.close();
ConnectionPool.recycleConnection(c);
}
rs.close();
} catch (SQLException e) {
throw new AardvarkResourceException(Error closing resources
associated with ResultSet, e);
}
}
It still doesn't close the statement, but closes the connection leaving the
statement hanging I'll fix and make sure to use it.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
Yes, but the code for the AardvarkResourceException is a little strange.
public class AardvarkResourceException extends Exception {
//TODO: eventually change this to a logging exception
public AardvarkResourceException() {
}
public AardvarkResourceException(String message) {
super(message);
}
public AardvarkResourceException(Throwable cause) {
super(cause);
}
public AardvarkResourceException(String message, Throwable cause) {
super(message, cause);
}
}
I could just throw the error and not worry about the custom
ResourceException. I don't understand the added value of this class. I
think the other dev was trying to get fancy instead of using the time he had
wisely.
On Fri, Oct 30, 2009 at 4:40 PM, Propes, Barry L barry.l.pro...@citi.comwrote:
THIS looks MUCH better.
Initializing the connections and statements to null outside, then going in
to do the conns and subsequently closing with the try/catch/finally block
like you have.
What did the stack trace show?
I am still on the dinosaur 4 version, getting ready to very soon upgrade to
TC 6.
My Data Source reference in the web.xml looks like this
Resource name=jdbc/myoracle auth=Container
type=javax.sql.DataSource/
Yours, being on TC6, is likely different, and I think might have to be
established in the META-INF file. I only have mine one place in the WEB-INF
folder.
Is the AardvarkResource a previously designated DB datasource class,
written by the previous developer?
-Original Message-
From: Josh Gooding [mailto:josh.good...@gmail.com]
Sent: Friday, October 30, 2009 3:32 PM
To: Tomcat Users List
Subject: Re: ConnectionPool question
Barry I changed the code to this:
public static void closeResources(ResultSet rs) throws
AardvarkResourceException {
Statement s = null;
Connection c = null;
try {
s = rs.getStatement();
if (s != null) {
c = s.getConnection();
}
rs.close();
}
catch (SQLException e) {
throw new AardvarkResourceException(Error closing resources
associated with ResultSet, e);
}
finally
{
if(null != rs) try { rs.close(); }
catch (SQLException sqle)
{ sqle.printStackTrace(); }
if(null != s) try { s.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
if(null != c)
try { c.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
}
}
No luck using the DataSoruceConnectionFactory though. I am using 6.0.18.
On Fri, Oct 30, 2009 at 4:28 PM, Propes, Barry L barry.l.pro...@citi.com
wrote:
Where does it close the connection? Looks like it gets it, but the
close part is commented out. The rs gets closed, but the connection gets
recycled.
Theoretically.
Seems like you put a finally block down there to try catching/closing
the wayward connection.
-Original Message-
From: Josh Gooding [mailto:josh.good...@gmail.com]
Sent: Friday, October 30, 2009 1:43 PM
To: Tomcat Users List
Subject: Re: ConnectionPool question
I also found this tid bit lying around. It get's a connection, but
doesn't close the statement.
public static void closeResources(ResultSet rs) throws
AardvarkResourceException {
try {
Statement s = rs.getStatement();
if (s != null) { // ResultSets produced by metadata queries
do not have associated statements
Connection c = s.getConnection();
//s.close();
//c.close();
ConnectionPool.recycleConnection(c);
}
rs.close();
} catch (SQLException e) {
throw new AardvarkResourceException(Error closing
resources associated with ResultSet, e);
}
}
It still doesn't close the statement, but closes the connection
leaving the statement hanging I'll fix and make sure to use it.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ConnectionPool question
Filip I grabbed the tomcat-jdbc.jar file and included it under the /lib folder in my tomcat installation. I modified my context.xml's resource tag to the following: Resource name=jdbc/RealmDB auth=Container type=javax.sql.DataSource factory=org.apache.tomcat.jdbc.pool.DataSourceFactory username=root password=password driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/monk testWhileIdle=true testOnBorrow=true testOnReturn=false validationQuery=SELECT 1 validationInterval=3 timeBetweenEvictionRunsMillis=3 maxActive=-1 minIdle=10 maxWait=1 initialSize=10 removeAbandonedTimeout=60 removeAbandoned=true logAbandoned=true minEvictableIdleTimeMillis=3 jmxEnabled=true jdbcInterceptors=org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer / and I am getting a tomcat startup exception: WARNING: Unexpected exception resolving reference java.lang.IllegalArgumentException at java.util.concurrent.ArrayBlockingQueue.init(Unknown Source) at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:367) at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:132) at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:95) at org.apache.tomcat.jdbc.pool.DataSourceFactory.createDataSource(DataSourceFactory.java:443) at org.apache.tomcat.jdbc.pool.DataSourceFactory.getObjectInstance(DataSourceFactory.java:204) at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:140) at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source) at org.apache.naming.NamingContext.lookup(NamingContext.java:793) at org.apache.naming.NamingContext.lookup(NamingContext.java:140) at org.apache.naming.NamingContext.lookup(NamingContext.java:781) at org.apache.naming.NamingContext.lookup(NamingContext.java:153) at org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1024) at org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:633) at org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:237) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4252) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Oct 30, 2009 4:59:03 PM org.apache.catalina.core.NamingContextListener addResource WARNING: Failed to register in JMX: javax.naming.NamingException Is there another setting that I need or am missing??
Re: ConnectionPool question
Chris,
I was looking at that earlier, wondering why it was put in there in the
first place. It just doesn't fit in. Sometimes you just hate to inherit
someone else's mess.
While there is another school of thought telling me to re-write the entire
DAO (which I could be willing to later on) for right now, I want to just
tweak and get it to work more efficiently on the server. I think this is a
HUGE improvement over what was there and what actually was going on. Thank
you sir!
On Fri, Oct 30, 2009 at 5:14 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Josh,
On 10/30/2009 4:31 PM, Josh Gooding wrote:
public static void closeResources(ResultSet rs) throws
AardvarkResourceException {
Statement s = null;
Connection c = null;
try {
s = rs.getStatement();
if (s != null) {
c = s.getConnection();
}
rs.close();
}
catch (SQLException e) {
throw new AardvarkResourceException(Error closing resources
associated with ResultSet, e);
}
finally
{
if(null != rs) try { rs.close(); }
catch (SQLException sqle)
{ sqle.printStackTrace(); }
if(null != s) try { s.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
if(null != c)
try { c.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
}
}
I think the finally block does everything you want. You don't really
even need the try portion... I would further simplify it to:
public static void closeResources(ResultSet rs)
// No 'throws' clause... no reason to throw an exception
// here because there's nothing you can do about it: just log it.
{
Statement s = null;
Connection conn = null;
try
{
s = rs.getStatement();
}
catch (SQLException sqle)
{
sqle.printStackTrace();
}
if(null != s)
{
try
{
c = s.getConnection();
}
catch (SQLException sqle)
{
sqle.printStackTrace();
}
}
if(null != rs) try { rs.close(); }
catch (SQLException sqle)
{ sqle.printStackTrace(); }
if(null != s) try { s.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
if(null != c)
try { c.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
}
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrrV1EACgkQ9CaO5/Lv0PDhpQCfSABY67rM0YjoEjXn5H/jT1tQ
ZJIAoLfPGl3Ewk90y6E11sglZkSDaAWH
=Lcer
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
ConnectionPool question
I wrote some code on top of the Tomcat's ConnectionPool class. In regular Java based programming if I close a ResultSet with connection.close(), this frees up both the statement and resultset's memory associated with the connection if it was still open. If I close a connection with Tomcat's ConnectionPool, does it also close the statement and resultset's associated with that particular connection or do I need to manually close them? I know best practice is to not rely on anything to be closed automatically, but I inherited a code base and I am looking at making some pretty significant changes to fix some problems, and this is one of them. Thanks in advance, - Josh
Re: Questions on Single Sign On?
Andre, I am using a realm for this. I decided that the best route to go on this is if a user is actively logged in and tries to log in again (while already authenticated) to invalidate the 'other' session and continue on, that way of the browser dies, they can still get in. I have however not clue one on how to do this. What is put in the session upon authentication that I could have my code look for to invalidate the other live session? - Josh On Mon, Oct 12, 2009 at 10:01 AM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Well, kind of.. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? Either way us fine, i'm just trying to use the server to handle as much of the work load as possible and lessen the actual coding load. It really depends on what kind of login (or rather, user authentication) you have set up. If you are using Tomcat's integrated (or container-based) authentication mechanism, then as far as I know the authenticated user-id is something that will be stored in the session data. As long as the session is valid, the user will not be asked to re-authenticate. As soon as the session is invalidated and they try to access a webapp that is submitted to AAA, they will be asked to login again. This is true for all webapps that are in the same realm. It is fairly well explained here : http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On The keys here are which kind of AAA you are using, the Realm of your webapps, the session and its associated cookie. Note that this kind of SSO is Tomcat-specific, and valid only for a single Tomcat. What many of my customers understand by SSO is a bit different : it means that they wish to login once in the morning when they turn on their workstation, and never again during the day. They then want this single login to be valid, automatically, for all servers and applications they access during the day, whether they are running under Tomcat or not (but also the ones running under Tomcat). That's a different story. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: doubts about tomcat form based authentication
The way I solved the issue was removing he user from the tomcat role table. Tomcat itself will then not allow you to login. I am using a Realm authentication as well. In the user table I specified what role the user had (either plain user, manager, admin, or a trainer), then based off of that, the tomcat role table was populated at create new user time. It will throw your 403 error (which mine does) - Josh On Tue, Oct 20, 2009 at 7:18 PM, Nirvann jatin.kulka...@yahoo.com wrote: Sorry guys to have bothered you with my silly mistake. Actually, I had configured 403 error page in web.xml file but the page was not at proper location. Hence I was getting 404 file not found. Now I can access the role error page for authorization error. Thanks a lot for all your insights. regards, nirvan. -- View this message in context: http://www.nabble.com/doubts-about-tomcat-form-based-authentication-tp25970503p25984106.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Questions on Single Sign On?
To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? Either way us fine, i'm just trying to use the server to handle as much of the work load as possible and lessen the actual coding load. Thanks in advance, - Josh
Re: Questions on Single Sign On?
I know doing this at the application level is probably going to be a little messy and that's ok for now. Since this is for a video training program, yes the requirement is appropriate. As for handling browser crashes, I'll have to set the timeout to an appropriate time, (1/2 hour or so) but if you are watching videos and testing, or reading docs, you can chew up 1/2 hour easily so I haven't really thought it through fully yet. At the moment, I am using Tomcat's Realm's authentication due to the different roles throughout the program. Key pairs to the DB is more overhead than I would like to see, and I'd only like to use that if all else fails. That seems to be, no offense, a bit of resource wasting. What do you mean that valves are going kaput? Is that for the TC7 release? Andre, your talking about something like Active Directory for Windows Domain's to use with say Communicator, Outlook, etc, across windows environments with domain authentication? I understand what the Tomcat's and most org's SSO means, but I am trying to translate into something that I can talk about and not have a huge amount of keystrokes in typing. It's looking more and more like a custom code job (for the most part). I'll continue to do some research on this, but I think that coding is going to be the most direct route so far. Thanks everyone. I appreciate the input. - Josh On Mon, Oct 12, 2009 at 9:50 AM, Pid p...@pidster.com wrote: On 12/10/2009 14:37, Peter Crowther wrote: 2009/10/12 Josh Goodingjosh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? The user can neither log out from the old session nor log into a new session until the server times out the session. The OP could just set a new key value in the session each time a user logs in, and ensure that any user with an old, invalid key is logged out on their next request. You would need to compare the key in the session, on each request, to the key associated with the user in storage somewhere, which is an additional overhead. A Filter in each app would be suitable, (or a Valve though these will soon be going the way of the Dodo, so they're probably not a good long term choice). p - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
Well upon clicking logout the following occurs: session.removeAttribute(User); session.invalidate(); response.sendRedirect(EULA.jsp); If I close the browser window, and reopen it without clicking the logout button, I can still get back into my active session. How would I invalidate the session upon closing the browser window? On Mon, Oct 12, 2009 at 11:02 AM, Andre-John Mas aj...@sympatico.ca wrote: On 12-Oct-2009, at 10:51, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Perter, On 10/12/2009 9:37 AM, Peter Crowther wrote: 2009/10/12 Josh Gooding josh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? Also, if the client loses their session cookie, how will the OP uniquely identify the client in order to apply this policy? The only solution I can think of is a non-session cookie that the web application deals with itself. If it can't find it mapped to the users session-id in the application context, then the user is considered logged out. The catch is if the user opens up a new browser this will kill the existing session, so you would have to back this up with a dialogue warning the user that they are already logged in and logging in again will log out the other session. What is important is to balance the needs of single sign on and the security provided to the user of closing their browser, and thus ending their session. André - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
On Mon, Oct 12, 2009 at 11:03 AM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: ... Andre, your talking about something like Active Directory for Windows Domain's to use with say Communicator, Outlook, etc, across windows environments with domain authentication? Yes, although Windows domain authentication is not the only game in town. ** I know Andre, it was just the first thing that popped into my head. The shop I work for is a Microjunk shop and I am the only dinosaur who codes on OS platforms here after I leave they can claim to be an all .NET shop. However, i'm the only one working on programs that are making the company money... :: shrug :: anywho. I know there are others, WIndows is just one of the most commonly recognized. You also have raduis, NIS, and if I am not mistaken even LDAP. I understand what the Tomcat's and most org's SSO means, but I am trying to translate into something that I can talk about and not have a huge amount of keystrokes in typing. And I suggest that you to think this through from the beginning, and not rush into a Tomcat-only authentication, if your users for instance are going to get weary very quickly to have to login (again!) each time they want to access this application on this host. The other snag is if in order to do your type of authentication you need to have your own store of user-id's and passwords. User-id's are usually OK (they can be the same as the user's usual login), but to get a network admin to give you the users passwords, so that you can store them in your own Tomcat-only store, is going to be more tricky. (Users do not, as a rule, like to have to remember several passwords). There are basically two types of authentication usable in Tomcat : the container-based authentication of which mainly question so far, and the servlet filter based authentication mechanisms. These consist of wrapping all your to-be-protected webapps in a servlet filter, which authenticates each request before it even gets to your webapp. Servlet filters are defined at the Servlet Spec level, so are portable. To the webapp, it is transparent. It just finds an authenticated user whenever it runs. The filter itself determines what kind of authentication happens, using which back-end etc.. Here are two examples : http://securityfilter.sourceforge.net/ http://www.ioplex.com Reading their docs should give you some material to think about. There exists a 3rd way : if you have a webserver in front of Tomcat (IIS or Apache), they can do the user authentication, and via mod_jk (*) pass an authenticated user-id to Tomcat (roles is another story). (* : plus, for Apache only, mod_proxy_ajp) In any case, I don't really think that you will need to create new code. There are enough ready-to-use solutions floating around that this should be unnecessary. And, as some people already indirectly pointed out, coding AAA and doing it right can be very tricky. ** I already removed httpd from the server and am very reluctant to reconfigure / install it. I'll look into those and check. Thanks man, this project is really opening my eyes to a lot of other things that I would have never thought of. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
Ugh... tabs said it all. I didn't take into consideration about them. On Mon, Oct 12, 2009 at 11:41 AM, Andre-John Mas aj...@sympatico.ca wrote: On 12-Oct-2009, at 11:24, Josh Gooding wrote: Well upon clicking logout the following occurs: session.removeAttribute(User); session.invalidate(); response.sendRedirect(EULA.jsp); If I close the browser window, and reopen it without clicking the logout button, I can still get back into my active session. How would I invalidate the session upon closing the browser window? What browser are you using, and how are you reopening the window? If you exit your browser the session should be invalidated, though: - Firefox maintains its state if you make it remember the open tabs/windows - IE will open a separate application instance only if it is launched via the desktop icon. Selecting 'New Window' form the file menu will simply create a new window in the same instance. André - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
configuring multiple domain's and forwarding on Tomcat 6 questions.
My Tomcat configuration as of right now is set to serve on a .com domain. I recently bought 2 more domains and want to host a different .com but use the same installation of tomcat that I am using currently. Is this just another Host declaration or would I need another Enginedeclaration? Also what about forwarding from .net to .com, is it the same thing? Thanks in advance - Josh
Re: configuring multiple domain's and forwarding on Tomcat 6 questions.
Scott, I have my Context config's in the META-INF folder of the first .com's appBase directory. It's under \appBase\META-INF. Is this wrong? There is no httpd involved in the system, only Tomcat (and I'm trying to find the PECL dll's to get PHP to work ;) ) This should be all I have to add correct? Host name=www.realissuesforrealpeople.com appBase=d:/JGSite unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false / - Josh On Sat, Sep 26, 2009 at 10:20 PM, Scott Dunbar sc...@xigole.com wrote: Josh, The second .com would just be another Host entry in server.xml. Don't forget to add any Context configs in conf/Catalina/www.second domain.com just like your first domain. As far as forwarding the .net to the .com, there are two ways of doing that. If Tomcat is fronted by Apache httpd, you'll want something like: VirtualHost * ServerName www.your domain.net Redirect permanent / http://www.your domain.com/ /VirtualHost in your httpd.conf. If you use this method Tomcat doesn't need to know about the .net side at all. If you're not using Apache, a simple way to do it is to create an index.jsp in the .net appBase that does something like: % response.sendRedirect( response.encodeRedirectURL( http://www.your domain.com/ ) ); % This, however, doesn't correctly handle a redirect from something like http://www.your domain.net/blah/blah/blah to http://www.your domain.com/blah/blah/blah. To do it correctly I would implement a global (matching the URL /*) filter on the your domain.net side that sends a redirect to the .com side. Lastly, it is possible to add any number of Alias entries within a Host container. The upside is that it is very easy - have the Host name be www.your domain.com and an Alias entry for your domain.com, www.your domain.net and your domain.net. The downside is that your site will look and behave exactly the same for any of these host names. There may be SEO issues associated with having 4 host names look exactly the same though I'll admit I'm not positive of this. Josh Gooding wrote: My Tomcat configuration as of right now is set to serve on a .com domain. I recently bought 2 more domains and want to host a different .com but use the same installation of tomcat that I am using currently. Is this just another Host declaration or would I need another Enginedeclaration? Also what about forwarding from .net to .com, is it the same thing? Thanks in advance - Josh -- Scott Dunbar Xigole Systems, Inc. Enterprise consulting, development, and hosting 303·667·6343
Re: configuring multiple domain's and forwarding on Tomcat 6 questions.
Then there must be something messed up with my domain and what it is pointing to. It has a different IP address than my server. I pointed the IP address of the domain to the static IP address of my server that I am already running and serving on Tomcat. Realistically I should be seeing something then, I think I might have to call the company I got the domain from to get it pointing to the right server IP. On Sat, Sep 26, 2009 at 11:50 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: configuring multiple domain's and forwarding on Tomcat 6 questions. I have my Context config's in the META-INF folder of the first .com's appBase directory. It's under \appBase\META-INF. Is this wrong? Probably. In the above, is appBase an actual directory name, or is it referring to the value of the appBase attribute of the Host element? I suspect it's the latter, in which case your structure should really be this: D:\JGSite\ ROOT\ (the default webapp for this Host) (first-level .html files, such as index.html) (other first-level resources) WEB-INF\ web.xml (containing servlet mappings for your webapp, etc.) lib\ (containing webapp .jar files) classes\ (containing webapp classes) META-INF\ context.xml (containing the Context element) You may deploy additional webapps for the Host at the same level as ROOT as either expanded directories or .war files. This should be all I have to add correct? Host name=www.realissuesforrealpeople.com appBase=d:/JGSite unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false / You probably don't even have to add that. If you have only one webapp for one domain, you can simply replace the default Tomcat ROOT webapp with your own. If you don't want to disturb the webapps distributed with Tomcat, then an additional Host is one way to segregate your webapps from the standard ones. For a production environment, you probably want to remove all of the Tomcat webapps other than manager. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: php 5 and tomcat 6
Chris, I think you're right about it being a PHP question, I was just inquiring if someone here had the PECL dll files that I need. Here is what I was looking at: http://tojackwu.blogspot.com/2008/10/php-5-on-tomcat-6-installation.html Ziggy - I'm aware of liferay. Off the top of your head do you know if it is DLL based or is it via CGI? If you don't it's not big deal, don't look it up, I just wondered if you had a quick and dirty answer. Tom, as for why would I not install httpd? Had it, configured it, had it running, and then... removed it. It is nothing more than another layer in the mix. I have SSH configured correctly via my tomcat installation, everything is customized to where I need it to be, and my tomcat is ironclad as of now. My attitude is the old KISS mentality. Why would I want to add another possible issue or layer in the mix? Then I'd have 2 web servers running, and the list of what issues could possibly happen more than doubles. Tomcat's performance is just as good as httpd, why would I run and have to cross configure 2 webservers when 1 will do just fine? Security? Not worried, this is a pet project of mine. If I can get a drupal installation running via a tomcat / php port, I'll be happy. If someone hacks it, i'm not worried. Ken - Thanks for the heads up on the other org. I'll look into that as well. - Josh On Thu, Sep 24, 2009 at 6:53 PM, Ken Bowen kbo...@als.com wrote: Argh. Sorry for the list spam. Was sending this to someone interested. On Sep 24, 2009, at 5:28 PM, Ken Bowen wrote: Sorry for dropping the link. The reference showed up in this: http://quercus.caucho.com/casestudies/Caucho_LiveProcess_casestudy.pdf The company is: http://www.liveprocess.com/ On Sep 24, 2009, at 1:36 PM, Hassan Schroeder wrote: On Thu, Sep 24, 2009 at 8:40 AM, Tommy Pham tommy...@yahoo.com wrote: Only way to get PHP running in Tomcat is through CGI. Not true: http://quercus.caucho.com/ -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat, IIS, ISAPI
Joerg, If you want your JSP's protected you can configure that in your web.xml file. I can't fully remember (someone jump in here) but I used role's in tomcat and put the jsp files in a seperate directory, then I added declarations in my web.xml file for it. Here is the snippets from my web.xml: (If you look down through the role-name tags certain roles can access certain JSP's. All the JSP's are locked from the gen-public inside of a Private folder. !--Constraints to control access to an entire namespace of urls-- security-constraint!--/admin/* limits access to those in admin role.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/admin/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint /security-constraint security-constraint!--/trainer/* limits access to those in trainer role.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/trainer/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametrainer/role-name /auth-constraint /security-constraint security-constraint!--/Private/* completely blocks access except by the webserver itself.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/Private/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint !--Constraints to limit access to individual urls which are not limited by any namespace in their url-- security-constraint!--/Main.jsp requires login, but then is available to everybody who can login.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/Main.jsp/url-pattern url-pattern/AutocompleteQuery/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametrainer/role-name role-namemanager/role-name role-nameadmin/role-name role-nameuser/role-name /auth-constraint /security-constraint security-constraint!--/CompanyOverview.jsp requires login, in any non-user role.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/CompanyOverview.jsp/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametrainer/role-name role-namemanager/role-name role-nameadmin/role-name /auth-constraint /security-constraint Hope this helps you. - Josh On Fri, Sep 25, 2009 at 5:46 AM, Buchner, Joerg [T0I] (VW Sachsen) joerg.buch...@volkswagen.de wrote: Hi Rainer, yes, the JSP's should be served by Tomcat! But Tomcat should not work as WebService, Tomcat is only an Engine behind IIS. The protection of the JSP Files should be realized in the NTFS ACL's... Regards, Jörg -UrsprĂ¼ngliche Nachricht- Von: Rainer Jung [mailto:rainer.j...@kippdata.de] Gesendet: Freitag, 25. September 2009 09:07 An: Tomcat Users List Betreff: Re: Apache Tomcat, IIS, ISAPI On 25.09.2009 08:06, Buchner, Joerg [T0I] (VW Sachsen) wrote: Hi, i've got an Problem. We have an Microsoft IIS 6.0 with an Apache Tomcat 5.5.27 with IIS ISAPI 1.2.28. (AMD64). The Website use Integrated Windows Authentication. The SourceCode Files on the server are protected by ActiveDirectory Groups. All works fine. But now the problem. If a user request a html File then the IIS check the NTFS Filesystempermissions. That means, only users have access, which are in the security group on the file system. But, if the same user request a jsp File, then there is no check on the Filesystempermissons. That is not OK. I'ld like to protect my JSP Files with NTFS Rights. Can anybody help me? The JSPs should be served by Tomcat, right? So IIS doesn't need to be able to see them or allowed to actually read them. So do you
php 5 and tomcat 6
Hey gang, Does anyone know where the last release of PECL was that had the tomcat files in it for getting PHP to run with Tomcat? Looks like the version of PHP I have (5.2.11) doesn't include the PECL libraries and from what I have read, the PECL are currently not released. I seem to be coming up a bit short with the pecl.php.net as well since it doesn't include the dll pack for what I am looking for. TIA, Josh
Re: slight problem with Tomcat and Httpd working together.
Chuck, On this: each of those has their own context.xml defined in the META-INF directory of the project. And those will be ignored, since you have them in server.xml. Something that I am not understanding. If the context.xml files are truly ignored how can each of the companies be able to login? Each company has their own DB/DB user/ and password defined in the Resource tag. I think I either did something REALLY weird on my tomcat or otherwise. You're saying if I create the conf/Catalina/[host]/[appName].xml I can add them on the fly? Next Q. would it be something like conf/Catalina/localhost/xyzcompany.xml? Isn't this for JAAS type realm? Means I have to switch my JDBC realm type to JAAS which I know nothing about. Could be a good time to learn it, but I'd rather keep the JDBC realm authentication if possible. I just changed the files (without changing the realm type) and it looks like nothing is going to work / authenticate. I am getting JAAS errors :Aug 26, 2009 10:07:46 AM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:93): Let me ask this I know best practice is keeping the webapps directory inside of $CATALINA_HOME. In my situation, that's just not possible. I have a JDBC realm configured for authentication (not JAAS). I have my webapps stored on a physically separate drive for backup and restore reasons. What would I have to change in my configuration to be able to serve new projects under the new displaced webapps folder, keeping my JDBC realm configuration, and without having to restart tomcat each time I add one. Is it possible? It seems as though when I used the webapps folder in $CATALINA_HOME I could add and remove folders in the webapps folder and I didn't have to restart tomcat each time. - J On Thu, Aug 13, 2009 at 5:33 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. *Wait a sec, illegal as in (will throw an exception) or just bad practice? Illegal in that predictable behavior cannot be guaranteed. Tomcat is pretty good about ignoring invalid attributes, but it's not perfect in that regard, and problems may result. I have a context defined in my server.xml's host for the deployments being hosted outside of $CATALINA_HOME/webapps directory That isn't illegal, but is extremely bad practice, since you can't modify them without restarting Tomcat. By placing the Context elements in conf/Catalina/[host]/[appName].xml, you can modify them as needed while Tomcat is running. each of those has their own context.xml defined in the META-INF directory of the project. And those will be ignored, since you have them in server.xml. Are you saying that, that is wrong? Yup. - Chuck - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
Wait a sec. The only Context element I have defined in my server.xml file is here: Engine name=Catalina defaultHost=localhost Host name=localhost appBase=d:/webapps/ unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context docBase=ROOT path= / /Host So I understand why they are not being ignored. I still figure that I should be able to deploy a new project on the fly though and not have to restart tomcat. On Wed, Aug 26, 2009 at 10:29 AM, Josh Gooding josh.good...@gmail.comwrote: Chuck, On this: each of those has their own context.xml defined in the META-INF directory of the project. And those will be ignored, since you have them in server.xml. Something that I am not understanding. If the context.xml files are truly ignored how can each of the companies be able to login? Each company has their own DB/DB user/ and password defined in the Resource tag. I think I either did something REALLY weird on my tomcat or otherwise. You're saying if I create the conf/Catalina/[host]/[appName].xml I can add them on the fly? Next Q. would it be something like conf/Catalina/localhost/xyzcompany.xml? Isn't this for JAAS type realm? Means I have to switch my JDBC realm type to JAAS which I know nothing about. Could be a good time to learn it, but I'd rather keep the JDBC realm authentication if possible. I just changed the files (without changing the realm type) and it looks like nothing is going to work / authenticate. I am getting JAAS errors :Aug 26, 2009 10:07:46 AM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:93): Let me ask this I know best practice is keeping the webapps directory inside of $CATALINA_HOME. In my situation, that's just not possible. I have a JDBC realm configured for authentication (not JAAS). I have my webapps stored on a physically separate drive for backup and restore reasons. What would I have to change in my configuration to be able to serve new projects under the new displaced webapps folder, keeping my JDBC realm configuration, and without having to restart tomcat each time I add one. Is it possible? It seems as though when I used the webapps folder in $CATALINA_HOME I could add and remove folders in the webapps folder and I didn't have to restart tomcat each time. - J On Thu, Aug 13, 2009 at 5:33 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. *Wait a sec, illegal as in (will throw an exception) or just bad practice? Illegal in that predictable behavior cannot be guaranteed. Tomcat is pretty good about ignoring invalid attributes, but it's not perfect in that regard, and problems may result. I have a context defined in my server.xml's host for the deployments being hosted outside of $CATALINA_HOME/webapps directory That isn't illegal, but is extremely bad practice, since you can't modify them without restarting Tomcat. By placing the Context elements in conf/Catalina/[host]/[appName].xml, you can modify them as needed while Tomcat is running. each of those has their own context.xml defined in the META-INF directory of the project. And those will be ignored, since you have them in server.xml. Are you saying that, that is wrong? Yup. - Chuck - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
You know Chuck, it would probably work if I put Auto-deploy to true instead of false. (tried and it works). On Wed, Aug 26, 2009 at 10:32 AM, Josh Gooding josh.good...@gmail.comwrote: Wait a sec. The only Context element I have defined in my server.xml file is here: Engine name=Catalina defaultHost=localhost Host name=localhost appBase=d:/webapps/ unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context docBase=ROOT path= / /Host So I understand why they are not being ignored. I still figure that I should be able to deploy a new project on the fly though and not have to restart tomcat. On Wed, Aug 26, 2009 at 10:29 AM, Josh Gooding josh.good...@gmail.comwrote: Chuck, On this: each of those has their own context.xml defined in the META-INF directory of the project. And those will be ignored, since you have them in server.xml. Something that I am not understanding. If the context.xml files are truly ignored how can each of the companies be able to login? Each company has their own DB/DB user/ and password defined in the Resource tag. I think I either did something REALLY weird on my tomcat or otherwise. You're saying if I create the conf/Catalina/[host]/[appName].xml I can add them on the fly? Next Q. would it be something like conf/Catalina/localhost/xyzcompany.xml? Isn't this for JAAS type realm? Means I have to switch my JDBC realm type to JAAS which I know nothing about. Could be a good time to learn it, but I'd rather keep the JDBC realm authentication if possible. I just changed the files (without changing the realm type) and it looks like nothing is going to work / authenticate. I am getting JAAS errors :Aug 26, 2009 10:07:46 AM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:93): Let me ask this I know best practice is keeping the webapps directory inside of $CATALINA_HOME. In my situation, that's just not possible. I have a JDBC realm configured for authentication (not JAAS). I have my webapps stored on a physically separate drive for backup and restore reasons. What would I have to change in my configuration to be able to serve new projects under the new displaced webapps folder, keeping my JDBC realm configuration, and without having to restart tomcat each time I add one. Is it possible? It seems as though when I used the webapps folder in $CATALINA_HOME I could add and remove folders in the webapps folder and I didn't have to restart tomcat each time. - J On Thu, Aug 13, 2009 at 5:33 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. *Wait a sec, illegal as in (will throw an exception) or just bad practice? Illegal in that predictable behavior cannot be guaranteed. Tomcat is pretty good about ignoring invalid attributes, but it's not perfect in that regard, and problems may result. I have a context defined in my server.xml's host for the deployments being hosted outside of $CATALINA_HOME/webapps directory That isn't illegal, but is extremely bad practice, since you can't modify them without restarting Tomcat. By placing the Context elements in conf/Catalina/[host]/[appName].xml, you can modify them as needed while Tomcat is running. each of those has their own context.xml defined in the META-INF directory of the project. And those will be ignored, since you have them in server.xml. Are you saying that, that is wrong? Yup. - Chuck - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need some SSL Config help.
Thanks Chris, I appreciate it! On Fri, Aug 14, 2009 at 10:30 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 8/13/2009 2:38 PM, Josh Gooding wrote: So I navigated to https://(domain).com and low and behold it works :). Glad it's working for you. Next few questions: Well, it's your thread, so I guess hijacking isn't that big of a deal... #1 - I have deployed an application that uses a realm and has a Login.jsp page. The Login.jsp is required and you cannot navigate anywhere in the application until you have logged in. How can I make the Login.jsp page fall under the SSL, then drop off after the authentication? This has been covered in the past. Please search the archives for things like https authentication and other things. You can even include my name in that search, since I've given some IMHO relatively comprehensive responses. #2 - Right now when I go to https://(domain).com/company1/ it drops the HTTPS. I don't want that. Any pointers? Uh... you are probably building a URL somewhere in your webapp that redirects to an explicitly non-secure URL. Search your webapp for sendRedirect, or whatever is appropriate if you are using a web application framework that includes similar capabilities. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqFdQ8ACgkQ9CaO5/Lv0PCjnQCgmado+nZVj3+hBB8JjNRxMOb/ PyQAn2ETb6KifsLdCVU3cvY+nMUCUFTC =q3UN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need some SSL Config help.
Ah, I am semi starting to understand now. I was able to use openssl to convert my pfx to a pem file which is part of the battle. From what I have read in the docs, I needed a .crt file as well, which I used the .txt file that the hosting co provided to me. It's nothing but a plain text PGP signature in a text file. So I navigated to https://(domain).com and low and behold it works :). Next few questions: #1 - I have deployed an application that uses a realm and has a Login.jsp page. The Login.jsp is required and you cannot navigate anywhere in the application until you have logged in. How can I make the Login.jsp page fall under the SSL, then drop off after the authentication? https://www.(domain.com)/company1/Login.jsp ~~ [successful authentication!] ~~ http://www.(domain.com)/company1/Main.jsp (Kind of like how my gmail works) #2 - Right now when I go to https://(domain).com/company1/ it drops the HTTPS. I don't want that. Any pointers? Thanks again - Josh On Tue, Aug 11, 2009 at 10:35 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 8/11/2009 4:47 PM, Josh Gooding wrote: ok back to the topic at hand here. I have removed httpd from my server, installed APR, and have gotten my cert file from my hosting company. it is in pfx format. Now I found some information on the net: http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html It was saying that I can just use the pfx file with tomcat 5.5, so I put the file in my $CATALINA_HOME directory just as a test, modified my server.xml file to accept SSL: *Connector protocol=HTTP/1.1 port=443 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=C:/Program Files/[*]/apache-tomcat-6.0.18/[*].com.pfx keystorePass=[*] keystoreType=pkcs12 clientAuth=false sslProtocol=TLS /* *and blamo I get these exceptions:* Not surprising. Read the documentation for the APR connector: http://tomcat.apache.org/tomcat-5.5-doc/apr.html Specifically, search for the term certificate. First of all, your SSL configuration is completely wrong for use with APR. You don't use keystoreFile, keystorePass, and keystoreType. Even if you did, telling Java that the keystore is actually a PKCS12 keystore while providing it is a PFX-encoded SSL certificate should have tipped you off that something was amiss. If you were previously following the standard SSL documentation (http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html), you should have seen this note at the top of the file: IMPORTANT NOTE: This Howto refers to usage of JSSE. When using APR, Tomcat will use OpenSSL, which uses a different configuration. What you want is SSLCertificateFile and friends. SSLCertificateFile is documented to only accept certificates in PEM format. Check out this page for some tricks to converting your certificate files using openssl: http://eoc.eu-eela.eu/doku.php?id=manipulate_your_certificate There is also a Java tool that can do thing like this called Portecle (http://portecle.sourceforge.net/) if you don't have openssl handy. *and these to boot says it cannot bind to port 443 (or 8443 either)* *Aug 11, 2009 4:13:51 PM org.apache.coyote.http11.Http11AprProtocol start SEVERE: Error starting endpoint java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. Do you have multiple Connector elements specified? If so, check all the port numbers. If not, make sure that Tomcat isn't already running. If it's not, make sure Apache httpd isn't running :) Finally, make sure IIS isn't running or using those ports. So it looks like I cannot use a pfx file with tomcat 6.0.18. You should be able to, just not with the APR connector because openssl doesn't grok PKCS12/PFX. Am I able to use the pfx file with tomcat 6? Yes, just not with the APR connector. The socket bind issue I have no clue, it looks like something is already running on port 443, but that is impossible. Really? Try running 'netstat' to find out who is bound to port 443 (or 8443). I only have the tomcat server running, IIS is disabled and httpd has been removed from the system completely. I also tried port 8443 but I am getting the same error message. netstat -a -b -n -o | find 443 (make sure you're an administrator or you'll get no output) Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqCKokACgkQ9CaO5/Lv0PBBxACgjcVaS2sdKa7COzdKnSbAAHun gl0AnRaKPC30C+und74r7tFKuN63OOmq =QIJp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional
Re: slight problem with Tomcat and Httpd working together.
I understand what the appBase is Perhaps you don't; the appBase attribute of a Host is the /default/ deployment directory for its webapps; individual webapps are typically located *under* the appBase directory. I don't understand why the docBase and appBase cannot be the same declaration Because they are quite different; appBase points to the directory under which a *collection* of webapps resides, docBase points to an *individual* webapp. *I kind of figured that one, that the appBase is where the collection of deployable packages resides.* why it is recommended that anything in your appBase shouldn't start with the same string that is defined in your docBase. I haven't read the O'Reilly book so I don't know if it contains confusing or irrelevant information. The real point here is that you can easily get double deployments if you start putting in values for docBase; it's normally not used these days. *This isn't in the O'Reilly book, I found this in multiple places on the net, it was coupled with the double deployment information.* I have my docBase set to ROOT on the data drive and the appBase is just defined as drive:/webapps/ You seem not to be aware that one can have many webapps running under one instance of Tomcat; ROOT is simply the default one. Note that if your Context element is in your webapp's META-INF/context.xml file, it is illegal to set the docBase (or path) attributes. The docBase attribute should only be used when the webapp is located *outside* of the Host appBase directory, and the Context element is in conf/Catalina/[host]/[appName].xml. *Wait a sec, illegal as in (will throw an exception) or just bad practice? I understand the idea of each Host can have it's own different appBase declaration. This cleared up the issue of when the docBase attribute should be set, but my conf/Catalina/[host]/[appName.xml] doesn't exist. I have a context defined in my server.xml's host for the deployments being hosted outside of $CATALINA_HOME/webapps directory, and each of those has their own context.xml defined in the META-INF directory of the project. Are you saying that, that is wrong? I'll post the xml configurations if you want to look at it, but if it is wrong, it's working like expected. * there is really no clear concise This is what the docBase is, does, and means that I can find. To quote from the Tomcat doc: The Document Base (also known as the Context Root) directory for this web application, or the pathname to the web application archive file (if this web application is being executed directly from the WAR file). You may specify an absolute pathname for this directory or WAR file, or a pathname that is relative to the appBase directory of the owning Host. *I'm sorry if I am being thick this is very cryptic to me.* The value of this field must not be set when the Context is configured using a META-INF/context.xml file as it will be inferred by the automatic deployment process. - Chuck *As usual Chuck, thanks for taking the time and trying to explain things for me. From what I am seeing tomcat isn't that bad, it just can be a little more than tricky to configure, and you can get some really interesting errors when things aren't configured properly. - Josh *
Re: slight problem with Tomcat and Httpd working together.
Chris, My thanks to you and Chuck for clarifying that. The reason that I set up httpd on the machine is for PHP and other possible languages. I was trying to be a little more future thinking, however, since PHP is no longer an option for these guys, I'll just nix the httpd server and move back into a solid tomcat install. Moving onto the APR questions I have and SSL. Let me ask this. Does anyone have / use gmail? If so, next time you log in, watch what happens. You log in via SSL, yet when you view everything else your in standard HTML. I downloaded the APR for Tomcat. Dumb question, is there already a binary distribution someplace? If not, what do I use to compile them? I read something about a Win32 Developer Studio? It looks like I might need Visual Studio, which I can do, but is there a way to do this in Eclipse? P.S. I ditched Apache 2.2 for now. I just moved my old server.xml into the conf directory and stopped the httpd service.
Re: slight problem with Tomcat and Httpd working together.
Even better, I got what I was looking for. Where do I put the DLL that I want to use? in wondows or in what tomcat directory? On Tue, Aug 11, 2009 at 10:27 AM, Josh Gooding josh.good...@gmail.comwrote: Chris, My thanks to you and Chuck for clarifying that. The reason that I set up httpd on the machine is for PHP and other possible languages. I was trying to be a little more future thinking, however, since PHP is no longer an option for these guys, I'll just nix the httpd server and move back into a solid tomcat install. Moving onto the APR questions I have and SSL. Let me ask this. Does anyone have / use gmail? If so, next time you log in, watch what happens. You log in via SSL, yet when you view everything else your in standard HTML. I downloaded the APR for Tomcat. Dumb question, is there already a binary distribution someplace? If not, what do I use to compile them? I read something about a Win32 Developer Studio? It looks like I might need Visual Studio, which I can do, but is there a way to do this in Eclipse? P.S. I ditched Apache 2.2 for now. I just moved my old server.xml into the conf directory and stopped the httpd service.
Re: slight problem with Tomcat and Httpd working together.
NVM chuck, I believe it's in the native docs. I looked at the link right after you posted. I couldn't find the native link on apaches site. T/Y sir On Tue, Aug 11, 2009 at 10:46 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. I downloaded the APR for Tomcat. Dumb question, is there already a binary distribution someplace? For Windows, yes; it's in the docs: http://tomcat.apache.org/native-doc/ The 32- and 64-bit DLLs are here: http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/ - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
HEY!!! It's in there and working. Aug 11, 2009 10:58:47 AM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.14. Aug 11, 2009 10:58:47 AM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [false], sendfile [true], accept filters [false], random [true]. Now if I have an SSL cert from Geo-trust / Verisign / whatever, do I still have to install OpenSSL? It's currently residing in the path, I'm just going to read up in the docs and see what the next steps to do are. Thank you guys So much. I really appreciate all of your help. On Tue, Aug 11, 2009 at 10:51 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. Where do I put the DLL that I want to use? In Tomcat's bin directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
Excellent, and just for the record, for those who read this on the archives, be SURE you get the correct version of the binaries for your version of Tomcat (32-bit / 64 bit). Tomcat is running on a dual core opteron (64-bit production server) and has been modified to run with the 64 bit tomcat6.exe and tomcat6w.exe, however it will not recognize the 32-bit library as I expected. Everything is running very smoothly now. I modded the Host to move the sites onto the data drive. So instead of installing and uploading files to the 20GB partition, they all upload to the 500GB partition. Now the only thing I have to do is grab the Geo-trust cert and configure to use. I thank you so much for all the help you've given me so far. I do have one more question however. I've been reading this O'Reilly book and the docs @ tomcat and I am having some trouble understanding what the docBase is. I understand what the appBase is but I don't understand why the docBase and appBase cannot be the same declaration or why it is recommended that anything in your appBase shouldn't start with the same string that is defined in your docBase. I have my docBase set to ROOT on the data drive and the appBase is just defined as drive:/webapps/ It seems to work, just a little confusing not knowing why I am configuring the docBase when there is really no clear concise This is what the docBase is, does, and means that I can find. Can you point me to a good resource for reading up on what the docBase is? On Tue, Aug 11, 2009 at 11:28 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. HEY!!! It's in there and working. Congratulations. INFO: Loaded APR based Apache Tomcat Native library 1.1.14. That version is out of date; the current one is here: http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/ Now if I have an SSL cert from Geo-trust / Verisign / whatever, do I still have to install OpenSSL? No, it's built into tcnative-1.dll, so you've already got it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need some SSL Config help.
ok back to the topic at hand here. I have removed httpd from my server, installed APR, and have gotten my cert file from my hosting company. it is in pfx format. Now I found some information on the net: http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html It was saying that I can just use the pfx file with tomcat 5.5, so I put the file in my $CATALINA_HOME directory just as a test, modified my server.xml file to accept SSL: *Connector protocol=HTTP/1.1 port=443 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=C:/Program Files/[*]/apache-tomcat-6.0.18/[*].com.pfx keystorePass=[*] keystoreType=pkcs12 clientAuth=false sslProtocol=TLS /* *and blamo I get these exceptions:* *Aug 11, 2009 4:13:50 PM org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:684) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107) at org.apache.catalina.connector.Connector.initialize(Connector.java:1058) at org.apache.catalina.core.StandardService.initialize(StandardService.java:677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:530) at org.apache.catalina.startup.Catalina.load(Catalina.java:550) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) Aug 11, 2009 4:13:50 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format at org.apache.catalina.connector.Connector.initialize(Connector.java:1060) at org.apache.catalina.core.StandardService.initialize(StandardService.java:677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:530) at org.apache.catalina.startup.Catalina.load(Catalina.java:550) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) * *and these to boot says it cannot bind to port 443 (or 8443 either)* *Aug 11, 2009 4:13:51 PM org.apache.coyote.http11.Http11AprProtocol start SEVERE: Error starting endpoint java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:612) at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:717) at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137) at org.apache.catalina.connector.Connector.start(Connector.java:1131) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Aug 11, 2009 4:13:51 PM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. at org.apache.catalina.connector.Connector.start(Connector.java:1138) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at
slight problem with Tomcat and Httpd working together.
Interesting situation I have going on here When running Tomcat 6.0.18 as the webserver I have 2 hosts configured one as the .com and it is serving from the webapps folder just fine, the other is serving to a subdomain perfectly. I couldn't be happier in how it is running. Here is where it get's tricky. Since Tomcat is not the most efficient at serving static HTML pages I decided to install httpd v 2.2.11 (w/ SSL) and get it working this evening on my dedicated server. I have Tomcat and Httpd talking to each other because when I goto the main .com, I get the under construction page that is hosted in htdocs/, when I goto (for example) abcapps in tomcat, it forwards correctly and everything is fine. All my tomcat configuration gets forwarded correctly (time to convert the horrible code to taglibs!!), When I go to my subdomain (http://subd.domain.com) I get the default under construction page (now hosted in the htdocs folder moved from $CATALINA_HOME/ROOT). Somewhere along the way did something get crossed and I am not sure what it is, which is why I posted this to both user groups, so sorry if it annoys some of you out there. I'm rather quick to rule out my server.xml configuration due to it working perfectly under tomcat alone. Here's the snippet of my httpd.conf file that should matter : LoadModule jk_module C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_jk.so JkWorkersFile C:\Program Files\apache-tomcat-6.0.18\conf\workers.properties JkLogFile C:\Program Files\apache-tomcat-6.0.18\logs\from_httpd_mod_jk.log JkLogLevel debug JkLogStampFormat [%a %b %d %H:%M:%S %Y] #Send servlet for context /examples to worker named ajp13 JkMount /* ajp13 #Send JSP's for context /examples/* to worker named ajp13 JkMount /*/* ajp13 Since I have virtual hosting on tomcat serving to a subdomain, do I have to do anything with virtual hosting on httpd to forward subdomain to httpd? Any insight would be very much appreciated. If you need more information, please let me know and I'll provide. Warmest regards, Josh
moving webapps directory to another location
Hello folks, I am running Tomcat 6.0.18 on a dedicated server at a hosting company. I have ported Apache HTTPD and Tomcat to talk to each other quite nicely. I have ran into a small dilemma. I noticed that I have a 20GB windows / program partition and a 500GB data partition. Am I able to create a directory on the data partition and have Tomcat host out of it instead of the default webapps folder? If so that is just a server.xml configuration I'm assuming? - Josh
Re: Need some SSL Config help.
*Andre wrote: The above is assuming that you would want all accesses which eventually go to Tomcat, to be under SSL from the client point of view. The idea is : SSL creates an overhead (encryption). If the link between Apache and Tomcat is secure (such as, they both run on the same host, or they run on separate hosts, but both inside of your secure network), then you do not want to have an additional overhead by encrypting/decrypting the communications between Apache and Tomcat.* This is true. Next question then. Is there a way to make just the login page (login.jsp) go through the SSL and nothing more? On Tue, Aug 4, 2009 at 4:18 PM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: Update: So after re-re-reading the docs, since TC is not my standalone webserver, I should configure Apache (httpd) for SSL. That seems to be what I am reading. Yes. Client - SSL - Apache - Ap/To Connector - non-SSL - Tomcat (e.g. mod_jk)AJP Connector The above is assuming that you would want all accesses which eventually go to Tomcat, to be under SSL from the client point of view. The idea is : SSL creates an overhead (encryption). If the link between Apache and Tomcat is secure (such as, they both run on the same host, or they run on separate hosts, but both inside of your secure network), then you do not want to have an additional overhead by encrypting/decrypting the communications between Apache and Tomcat. Second point of interest : if, in the Tomcat Connector which accepts the requests from Apache, you set the attribute tomcatAuthentication=false, then Tomcat will believe the user-id it gets from Apache, as being already authenticated by Apache, and will use it within Tomcat as the user-id. Now you have thus moved the authentication issue back to Apache. Let's forget SSL for a minute. Under Apache, you want to protect access to some or all areas of the server (including the requests which you are going to forward to Tomcat), in such a way that the user must be authenticated to access these areas. There are different methods under Apache to force the user to authenticate. If you want to do it via your own login page though, then you will have to find an Apache add-on module which allows you to do that, because it is not built-in. This, you should enquire about on the Apache httpd user's list. Let's now re-add SSL. In addition to the above, you would like the login dialog (login page and client response to that login page) to happen under SSL, and the rest of the conversation not. That is not so easy as it may sound however. So, when you enquire about a login page authentication method (on the Apache httpd user's forum), you should make sure that you specify this requirement clearly. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need some SSL Config help.
nevermind, I think I made some headway on this and will ask this over on the httpd list. Thank you for getting me this far, I really appreciate it. On Wed, Aug 5, 2009 at 8:50 AM, Josh Gooding josh.good...@gmail.com wrote: *Andre wrote: The above is assuming that you would want all accesses which eventually go to Tomcat, to be under SSL from the client point of view. The idea is : SSL creates an overhead (encryption). If the link between Apache and Tomcat is secure (such as, they both run on the same host, or they run on separate hosts, but both inside of your secure network), then you do not want to have an additional overhead by encrypting/decrypting the communications between Apache and Tomcat.* This is true. Next question then. Is there a way to make just the login page (login.jsp) go through the SSL and nothing more? On Tue, Aug 4, 2009 at 4:18 PM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: Update: So after re-re-reading the docs, since TC is not my standalone webserver, I should configure Apache (httpd) for SSL. That seems to be what I am reading. Yes. Client - SSL - Apache - Ap/To Connector - non-SSL - Tomcat (e.g. mod_jk)AJP Connector The above is assuming that you would want all accesses which eventually go to Tomcat, to be under SSL from the client point of view. The idea is : SSL creates an overhead (encryption). If the link between Apache and Tomcat is secure (such as, they both run on the same host, or they run on separate hosts, but both inside of your secure network), then you do not want to have an additional overhead by encrypting/decrypting the communications between Apache and Tomcat. Second point of interest : if, in the Tomcat Connector which accepts the requests from Apache, you set the attribute tomcatAuthentication=false, then Tomcat will believe the user-id it gets from Apache, as being already authenticated by Apache, and will use it within Tomcat as the user-id. Now you have thus moved the authentication issue back to Apache. Let's forget SSL for a minute. Under Apache, you want to protect access to some or all areas of the server (including the requests which you are going to forward to Tomcat), in such a way that the user must be authenticated to access these areas. There are different methods under Apache to force the user to authenticate. If you want to do it via your own login page though, then you will have to find an Apache add-on module which allows you to do that, because it is not built-in. This, you should enquire about on the Apache httpd user's list. Let's now re-add SSL. In addition to the above, you would like the login dialog (login page and client response to that login page) to happen under SSL, and the rest of the conversation not. That is not so easy as it may sound however. So, when you enquire about a login page authentication method (on the Apache httpd user's forum), you should make sure that you specify this requirement clearly. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need some SSL Config help.
wait a sec here. I'm a little confused. Let me ask it this way. I have a Login.jsp file that takes uname / pwd and uses j_security_check for authentication. That is the only thing that I want HTTPS on. Everything else is not important. I have setup Apache (httpd) and am forwarding the 1 html file in the server via it and the rest is built on JSP so tomcat is serving them. So which server do I configure for HTTPS? My thoughts would be the tomcat since it is the one serving JSP, or course, I'm still really learning about SSL how to make it play with Tomcat so I don't want to say I'm clueless, but I'm having a hard time here. I have the docs and an OReilly book here, but there seem to be many options on how to configure SSL. The SSL Cert that we have came with the server package we bought. It is signed by Geo-Trust(?), so naturally we want to use that one instead of generating our own. Any thoughts? Again I am sorry if it seems I'm being thick skulled, i'm just rather more new with SSL than anything. Thanks agan - Josh On Wed, Jul 29, 2009 at 4:24 AM, Wesley Acheson wesley.ache...@gmail.comwrote: I thought that you only had to set up on apache (httpd server). Thats the way I got it working. see http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL%20and%20Tomcatrelevenat excet below *SSL and Tomcat* *It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server.* When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself. On Mon, Jul 27, 2009 at 6:18 PM, Serge Fonville serge.fonvi...@gmail.com wrote: Just an update. I decided to change up what I was doing. Instead of starting with SSL on tomcat, I ported Apache and Tomcat to work together on my local test server. Now I am going to do the APR. Do I need to configure SSL on both Apache and Tomcat or just Tomcat? If all connections go via httpd. just httpd. otherwise both - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need some SSL Config help.
Update: So after re-re-reading the docs, since TC is not my standalone webserver, I should configure Apache (httpd) for SSL. That seems to be what I am reading. On Tue, Aug 4, 2009 at 3:43 PM, Josh Gooding josh.good...@gmail.com wrote: wait a sec here. I'm a little confused. Let me ask it this way. I have a Login.jsp file that takes uname / pwd and uses j_security_check for authentication. That is the only thing that I want HTTPS on. Everything else is not important. I have setup Apache (httpd) and am forwarding the 1 html file in the server via it and the rest is built on JSP so tomcat is serving them. So which server do I configure for HTTPS? My thoughts would be the tomcat since it is the one serving JSP, or course, I'm still really learning about SSL how to make it play with Tomcat so I don't want to say I'm clueless, but I'm having a hard time here. I have the docs and an OReilly book here, but there seem to be many options on how to configure SSL. The SSL Cert that we have came with the server package we bought. It is signed by Geo-Trust(?), so naturally we want to use that one instead of generating our own. Any thoughts? Again I am sorry if it seems I'm being thick skulled, i'm just rather more new with SSL than anything. Thanks agan - Josh On Wed, Jul 29, 2009 at 4:24 AM, Wesley Acheson wesley.ache...@gmail.comwrote: I thought that you only had to set up on apache (httpd server). Thats the way I got it working. see http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL%20and%20Tomcatrelevenat excet below *SSL and Tomcat* *It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server.* When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself. On Mon, Jul 27, 2009 at 6:18 PM, Serge Fonville serge.fonvi...@gmail.com wrote: Just an update. I decided to change up what I was doing. Instead of starting with SSL on tomcat, I ported Apache and Tomcat to work together on my local test server. Now I am going to do the APR. Do I need to configure SSL on both Apache and Tomcat or just Tomcat? If all connections go via httpd. just httpd. otherwise both - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need some SSL Config help.
Just an update. I decided to change up what I was doing. Instead of starting with SSL on tomcat, I ported Apache and Tomcat to work together on my local test server. Now I am going to do the APR. Do I need to configure SSL on both Apache and Tomcat or just Tomcat? On Mon, Jul 27, 2009 at 12:08 AM, Josh Gooding josh.good...@gmail.comwrote: Thanks all, I appreciate the input. I used http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html to attempt to configure SSL. I'll read up on APR. On Sat, Jul 25, 2009 at 6:14 AM, Mark Thomas ma...@apache.org wrote: Josh Gooding wrote: One more thing. Here is my server.xml information that is relative: Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on SSLRandomSeed=builtin / Looks like you are trying to use the APR connector. Connector port=443 protocol=HTTP/1.1 SSLEnabled=true minSpareThreads=5 maxSpareThreads=75 Neither of those two attributes are valid for Tomcat 6. Get rid of them. It looks like you have copied this from a previous Tomcat version. I'd strongly suggest checking all of your configuration against the docs. enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true keystoreFile=C:\Documents and Settings\Zeus\.keystore keystorePass=likeIdpostit These are the JSSE SSL configuration attributes. You are trying to use APR. That won't work. The docs could make this clearer. You want http://tomcat.apache.org/tomcat-6.0-doc/apr.html Mark clientAuth=false sslProtocol=TLS/ On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding josh.good...@gmail.com wrote: Hello again. Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 db, I need to clamp the server down tight using SSL. I've already created my keystore file and I am able to get the server to serve on port 443 (by going to http://localhost:443). That means your connector is not configured correctly as it is serving http rather than https. I can get it to Subsequent attempts to serve as https://localhost are proving not to be fruitful. I have a webserver (tomcat) that is in development status that I want to clamp down. I am using a realm to login using j_security_check to login to the software. Right now what I want to do is install the Apache webserver and get it talking to tomcat (not hard). I created my keystore file and I know it works because I've tested it. What I need to know are these things (btw, if they are in the docs, please just say so and I'll look harder) If I want to use SSL for each person logging into the instance (which is using Tomcat to serve) do I need to have SSL on both Apache webserver and Tomcat, just the webserver, or just tomcat? Right now for example, if I go to http://server.com/[companyid]http://server.com/%5Bcompanyid%5D http://server.com/%5Bcompanyid%5DI get a simple login / pwd (using j_sec_chk). I'm using a realm configuration in my It's not using SSL. Following Tomcat's instructions, I have SSL configured on my test server, and it seems to run if I go to http://test.com:443/index.jsp. I get the default tomcat page. However if I go to https://test.com/index.jsp, I get cannot connect or website not responding I can't remember which one. Is this a simple configuration thing or will this solve itself if I install the webserver and connect tc and apache web? Second, since I am using j_security_check for login, are there native classes in tomcat that will allow me to utilize j_sec_chk and SSL? Is there another method of logging in that I should use? I can write my own custom classes, but I am not really clear on if there is something better that is native. i'm looking at needing a 3 strikes and your locked out functionality across SSL. This is a simple yes there is a better way and it's part of tomcat, or write your custom code. I'm not looking for the typical please do it for me requests that I normally see on dev / user lists. Since each company has exactly ONE html page (which is only a welcome page), I honestly don't see the need to install the webserver except the fact that it is the right way of doing things. Is my thinking off on this? For some reason, my brain is becoming like a sponge for tomcat configuration. So forgive me for asking a ton of questions. I'm reading both the tomcat documentation and an O'Reilly book on tomcat, and I want to get good enough at this that I can configure it in any environment. I really enjoy tomcat and become knowledgeable enough that I don't fel like such a newbie asking questions. Any insight or direction would be greatly appreciated. Warm regards, Josh - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
