tomcat6 configuration best practice?

2009-05-07 Thread Kevin Jackson 
Hi,

I'm currently trying to understand the best practices for tomcat6
application deployments given certain restrictions:
1 - We deploy exploded dirs only, not WAR files
2 - We need to be able to hot deploy jsps (but not classes/jars)
without restarting tomcat
3 - The application must be the ROOT or base webapp

Environment:
- RedHat Enterprise 4
- tomcat 6.0.18
- sun jdk 1.6.u012
- apache httpd 2.0.2 (with redhat bug fixes etc - I'm uncertain what
the exact version is)
- mod_jk (latest)
- apr 1.3.3 (built from src)
- apr-util 1.3.4 (built from src)
- libtcnative (latest)
- using tomcat-jdbc connection pool implementation after commons-dbcp
failed under high load and c3p0 also failed - recommended by one of
the tomcat developers

Currently we have the following
$CATALINA_HOME/webapps/
- app
- ROOT - app

$CATALINA_HOME/conf/Catalina/localhost/
- app.xml
- ROOT.xml - app.xml

Where our app is symbolically linked to ROOT.xml and a ROOT dir respectively.

In my previous tomcat6 experience, I've deployed war files, either by
hand or using a custom maven plugin. So I'm a little unsure if our
current configuration is broken.  I suspect we may be causing the
container to attempt to load the application twice - but I'd like some
confirmation.

I think the following structure would be more managable and probably
better for tomcat too:

$CATALINA_HOME/conf/Catalina/localhost/
- ROOT.xml - /deployments/app.xml

/deployments/
- app.xml
- app

Again where the ROOT.xml is a sumbolic link

The Context configuration to achieve this separation of the
application from the tomcat directory structure I presume would look
something like:

Context path=/ docBase=/deployments/app debug=1
reloadable=true cookies=true
  Environment
name=
value=
type=java.lang.String
override=false/

  Environment
name=SEARCH-SERVICE_URL
value=
type=java.lang.String
override=false/

  Resource
name=jdbc/
scope=Shareable
type=javax.sql.DataSource
auth=Container
username=
password=
factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
driverClassName=net.sourceforge.jtds.jdbc.Driver
url=jdbc:jtds:sqlserver://#
removeAbandoned=true
logAbandoned=true
maxActive=150
maxIdle=30
minIdle=20
initialSize=20
maxWait=1
validationQuery=SELECT count(1) from #
/

  Resource
name=mail/Session
auth=Container
type=javax.mail.Session
mail.smtp.host=localhost/
/Context

One thing I think we can change for sure is the debug=true
parameter, but given the requirement to allow us to hot deploy jsp
files (but not jars or classes), can we change reloadable to false?
The documentation suggests that this very resource intensive and I
would like to remove it it requires significant runtime overhead and
is not recommended for use on deployed production applications [1]

Any other suggestions to the application context, or server xml warmly
welcomed :)

Thanks,
Kev
[1] http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 configuration best practice?

2009-05-07 Thread Kevin Jackson 
 Why are you using httpd?  If everything is being forwarded to Tomcat, adding 
 httpd just slows things down and makes your life more complicated.

We are using httpd as we serve *many* static files too and not every
request is being forwarded to Tomcat - we have our reasons for using
apache as a front end webserver.

 Currently we have the following
 $CATALINA_HOME/webapps/
 - app
 - ROOT - app

 Bad practice - your app will be deployed twice.  Just call it ROOT and be 
 done with it.

As I suspected - removing this will improve our memory usage considerably

 $CATALINA_HOME/conf/Catalina/localhost/
 - app.xml
 - ROOT.xml - app.xml

 More bad practice; just use ROOT.xml and get rid of the silly symlinks.

Do we need both the context.xml file and the exploded application
directory structure?  The documentation isn't clear (to me) if they
are both required or just the application directory (which we can name
as ROOT)

 Why are you insisting on making things more complicated?  Just use a ROOT.xml 
 in the proper place.  Stop confusing things with the symlinks.


Can you explain why it would be so wrong to have a symlink at all?

 Context path=/ docBase=/deployments/app debug=1

 The path attribute is not allowed (and you've got an invalid value for it); 
 remove it.

Ok

 given the requirement to allow us to hot deploy jsp files (but not
 jars or classes), can we change reloadable to false?

 Yes, you can set reloadable to false; the monitoring of .jsp changes is 
 controlled by the jsp servlet settings in conf/web.xml, not by the reloadable 
 attribute of the Context element.

Thanks,
Kev

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Deployment Web App on Debian

2008-11-07 Thread Kevin Jackson 
Do you have the JDK installed or just the jre?  Remember tomcat really
needs a jdk to compile jsps

Kev

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JNDIRealm - mapping LDAP group to security role

2008-10-09 Thread Kevin Jackson 
 I am trying to configure a JNDIRealm to authenticate against an Active
 Directory.
 http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm

 The authentication seems to work but I wonder how to map LDAP groups
 to security roles.
 I do not want to add groups in the LDAP server, but to map existing
 ones to the roles defined in my web application instead.

 Is it possible ? I did not found any doc / post about this topic.

You could write a custom JNDIRealm that does the
mapping/authentication.  I've seen this done with postgres, but not
with an LDAP server (or AD), but it should be a similar process.  Then
you add it to tomca/lib and configure your context and web.xml to use
the custom JNDIRealm instead of the provided realm

Kev

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Comet-Client

2008-03-25 Thread Kevin Jackson 
Hi

On Wed, Mar 26, 2008 at 7:39 AM, Steffen Heil [EMAIL PROTECTED] wrote:
 Hi

  I am searching for comet clients for java, perl and C.
  (I know, this is basically the wrong list, but I expect to find people here
  who had the same problem and maybe solutions...)

  In Java HTTPClient, which is my favorite http client for java doesn't seem
  to support tranfer-encoding: chunked (at least I see no way to find the end
  of one chunk and the start of the next).
  In Perl Net::HTTP::NB does not seem to support non-blocking writes.
  In C I found nothing so far.

  So, at this point ANY hint would be appeciated.

What about cUrl with libCurl

http://curl.haxx.se/

Kev

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tracking Authentication rejects in Tomcat 5.5

2007-10-29 Thread Kevin Jackson 
Hi,

 Does anyone have a suggestion?  Does the general approach seem
 reasonable?

We have similar requirements, but at the moment we are using a
subclass of JDBCRealm, here is our authenticate method:

@Override
public Principal authenticate(Connection connection, String userName,
String credentials) {
LoginInfo loginInfoData = new LoginInfo( userName, credentials 
);
loginInfo.set( loginInfoData );

try{

if( getCaseInsensitiveLogin() )
userName = userName.toUpperCase();

Principal principal = super.authenticate( connection, 
userName,
credentials );

// if login failed
if( principal == null )
recordFailureLogon( connection, userName, 
credentials );
else
recordSuccessfulLogon( connection, userName );

return principal;
}catch(SQLException e){
e.printStackTrace();
return null;
}
}

where recordFailureLogin has the following signature:

protected void recordFailureLogon(Connection connection, String
userName, String credentials) throws SQLException

If you find a way of recording the remote IP address I'd love to hear
how you did it

Thanks,
Kev

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Unit Testing DataSourceRealm

2007-10-23 Thread Kevin Jackson 
Hi,

We have to add functionality to the provided realms.  We started with
a JDBCRealm, extended it and added our custom functionality.

Now I've changed from a JDBCRealm (as the super class) to a
DataSourceRealm as the super class.

The problem is - how can I unit test a DataSourceRealm outside of the
tomcat container?

With the extended jdbc realm it was simple to inject the jdbc driver
class name etc in the setUp, but with the DataSourceRealm, I cannot
create an InitialContext without either using the tomcat container
itself (a bit of overkill for a unit test), or using suns fscontext,
but that doesn't even seem to be available (certainly not via any m2
repos)

So any ideas?

Kev

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Cleanly shutdown tomcat

2007-10-22 Thread Kevin Jackson 
Hi,

We have tomcat 6.0.14 installed on fedora core running JDK6.

Using 'service tomcat start' works fine (executes /etc/init.d/tomcat.sh) :

su -c $TOMCAT_USER $TOMCAT_SCRIPT start

(where $TOMCAT_USER == tomcat; $TOMCAT_SCRIPT == catalina.sh)

However when we run the corresponding stop (equivalent to catalina.sh
stop), tomcat doesn't shutdown cleanly.  Sometimes we get an exception
connection refused, sometimes the JVM is shutdown, but the pid 
lock file still exists.

To counter this our tomcat script has a loop which waits for 30
seconds before kill -9 the tomcat process.  Obviously this isn't the
best solution.

Has anyone else experienced a problem with tomcat6 not cleanly
shutting down?  I do testing etc on windows too and I notice from time
to time that shutdown.bat will sometimes fail to cleanly shutdown
tomcat, so I think the problem is in bootstrap.jar (Catalina.stop),
and nothing to do with our linux environment

Thanks,
Kev

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Cleanly shutdown tomcat

2007-10-22 Thread Kevin Jackson 
Hi,

 I have occasionally seen this problem, but every time I have seen it is
 due to a poorly written JEE application. For example I have seen in
 Tomcat 5.5 if the JEE application creates a thread but due to some
 problem or exception it does not remove the thread, tomcat will not
 shutdown. What makes you think that the problem is with Tomcat and not
 with one of the applications you are running?

That's true - and it's always safest to assume that it's your own code
causing an issue and not the server you're relying on.

 That said, I have had all sorts of similar problems with Redhat and
 Ubuntu pre-packaged installations (ie RPM's and apt-get packages). I
 have since given up on using packages and installing a clean version of
 tomcat/java per server. I have not had any trouble since!

Yes we are using the pure java version (not rpm package) for this reason.

The only reason I thought there may be a problem is that I've searched
for similar symptoms and it seems that other people have experienced a
problem too, but you're correct it's better to check our own app first
to see if it's the cause.

Thanks,
Kev

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]