tomcat6 configuration best practice?
Hi, I'm currently trying to understand the best practices for tomcat6 application deployments given certain restrictions: 1 - We deploy exploded dirs only, not WAR files 2 - We need to be able to hot deploy jsps (but not classes/jars) without restarting tomcat 3 - The application must be the ROOT or base webapp Environment: - RedHat Enterprise 4 - tomcat 6.0.18 - sun jdk 1.6.u012 - apache httpd 2.0.2 (with redhat bug fixes etc - I'm uncertain what the exact version is) - mod_jk (latest) - apr 1.3.3 (built from src) - apr-util 1.3.4 (built from src) - libtcnative (latest) - using tomcat-jdbc connection pool implementation after commons-dbcp failed under high load and c3p0 also failed - recommended by one of the tomcat developers Currently we have the following $CATALINA_HOME/webapps/ - app - ROOT - app $CATALINA_HOME/conf/Catalina/localhost/ - app.xml - ROOT.xml - app.xml Where our app is symbolically linked to ROOT.xml and a ROOT dir respectively. In my previous tomcat6 experience, I've deployed war files, either by hand or using a custom maven plugin. So I'm a little unsure if our current configuration is broken. I suspect we may be causing the container to attempt to load the application twice - but I'd like some confirmation. I think the following structure would be more managable and probably better for tomcat too: $CATALINA_HOME/conf/Catalina/localhost/ - ROOT.xml - /deployments/app.xml /deployments/ - app.xml - app Again where the ROOT.xml is a sumbolic link The Context configuration to achieve this separation of the application from the tomcat directory structure I presume would look something like: Context path=/ docBase=/deployments/app debug=1 reloadable=true cookies=true Environment name= value= type=java.lang.String override=false/ Environment name=SEARCH-SERVICE_URL value= type=java.lang.String override=false/ Resource name=jdbc/ scope=Shareable type=javax.sql.DataSource auth=Container username= password= factory=org.apache.tomcat.jdbc.pool.DataSourceFactory driverClassName=net.sourceforge.jtds.jdbc.Driver url=jdbc:jtds:sqlserver://# removeAbandoned=true logAbandoned=true maxActive=150 maxIdle=30 minIdle=20 initialSize=20 maxWait=1 validationQuery=SELECT count(1) from # / Resource name=mail/Session auth=Container type=javax.mail.Session mail.smtp.host=localhost/ /Context One thing I think we can change for sure is the debug=true parameter, but given the requirement to allow us to hot deploy jsp files (but not jars or classes), can we change reloadable to false? The documentation suggests that this very resource intensive and I would like to remove it it requires significant runtime overhead and is not recommended for use on deployed production applications [1] Any other suggestions to the application context, or server xml warmly welcomed :) Thanks, Kev [1] http://tomcat.apache.org/tomcat-6.0-doc/config/context.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat6 configuration best practice?
Why are you using httpd? If everything is being forwarded to Tomcat, adding httpd just slows things down and makes your life more complicated. We are using httpd as we serve *many* static files too and not every request is being forwarded to Tomcat - we have our reasons for using apache as a front end webserver. Currently we have the following $CATALINA_HOME/webapps/ - app - ROOT - app Bad practice - your app will be deployed twice. Just call it ROOT and be done with it. As I suspected - removing this will improve our memory usage considerably $CATALINA_HOME/conf/Catalina/localhost/ - app.xml - ROOT.xml - app.xml More bad practice; just use ROOT.xml and get rid of the silly symlinks. Do we need both the context.xml file and the exploded application directory structure? The documentation isn't clear (to me) if they are both required or just the application directory (which we can name as ROOT) Why are you insisting on making things more complicated? Just use a ROOT.xml in the proper place. Stop confusing things with the symlinks. Can you explain why it would be so wrong to have a symlink at all? Context path=/ docBase=/deployments/app debug=1 The path attribute is not allowed (and you've got an invalid value for it); remove it. Ok given the requirement to allow us to hot deploy jsp files (but not jars or classes), can we change reloadable to false? Yes, you can set reloadable to false; the monitoring of .jsp changes is controlled by the jsp servlet settings in conf/web.xml, not by the reloadable attribute of the Context element. Thanks, Kev - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deployment Web App on Debian
Do you have the JDK installed or just the jre? Remember tomcat really needs a jdk to compile jsps Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDIRealm - mapping LDAP group to security role
I am trying to configure a JNDIRealm to authenticate against an Active Directory. http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm The authentication seems to work but I wonder how to map LDAP groups to security roles. I do not want to add groups in the LDAP server, but to map existing ones to the roles defined in my web application instead. Is it possible ? I did not found any doc / post about this topic. You could write a custom JNDIRealm that does the mapping/authentication. I've seen this done with postgres, but not with an LDAP server (or AD), but it should be a similar process. Then you add it to tomca/lib and configure your context and web.xml to use the custom JNDIRealm instead of the provided realm Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Comet-Client
Hi On Wed, Mar 26, 2008 at 7:39 AM, Steffen Heil [EMAIL PROTECTED] wrote: Hi I am searching for comet clients for java, perl and C. (I know, this is basically the wrong list, but I expect to find people here who had the same problem and maybe solutions...) In Java HTTPClient, which is my favorite http client for java doesn't seem to support tranfer-encoding: chunked (at least I see no way to find the end of one chunk and the start of the next). In Perl Net::HTTP::NB does not seem to support non-blocking writes. In C I found nothing so far. So, at this point ANY hint would be appeciated. What about cUrl with libCurl http://curl.haxx.se/ Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tracking Authentication rejects in Tomcat 5.5
Hi, Does anyone have a suggestion? Does the general approach seem reasonable? We have similar requirements, but at the moment we are using a subclass of JDBCRealm, here is our authenticate method: @Override public Principal authenticate(Connection connection, String userName, String credentials) { LoginInfo loginInfoData = new LoginInfo( userName, credentials ); loginInfo.set( loginInfoData ); try{ if( getCaseInsensitiveLogin() ) userName = userName.toUpperCase(); Principal principal = super.authenticate( connection, userName, credentials ); // if login failed if( principal == null ) recordFailureLogon( connection, userName, credentials ); else recordSuccessfulLogon( connection, userName ); return principal; }catch(SQLException e){ e.printStackTrace(); return null; } } where recordFailureLogin has the following signature: protected void recordFailureLogon(Connection connection, String userName, String credentials) throws SQLException If you find a way of recording the remote IP address I'd love to hear how you did it Thanks, Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Unit Testing DataSourceRealm
Hi, We have to add functionality to the provided realms. We started with a JDBCRealm, extended it and added our custom functionality. Now I've changed from a JDBCRealm (as the super class) to a DataSourceRealm as the super class. The problem is - how can I unit test a DataSourceRealm outside of the tomcat container? With the extended jdbc realm it was simple to inject the jdbc driver class name etc in the setUp, but with the DataSourceRealm, I cannot create an InitialContext without either using the tomcat container itself (a bit of overkill for a unit test), or using suns fscontext, but that doesn't even seem to be available (certainly not via any m2 repos) So any ideas? Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cleanly shutdown tomcat
Hi, We have tomcat 6.0.14 installed on fedora core running JDK6. Using 'service tomcat start' works fine (executes /etc/init.d/tomcat.sh) : su -c $TOMCAT_USER $TOMCAT_SCRIPT start (where $TOMCAT_USER == tomcat; $TOMCAT_SCRIPT == catalina.sh) However when we run the corresponding stop (equivalent to catalina.sh stop), tomcat doesn't shutdown cleanly. Sometimes we get an exception connection refused, sometimes the JVM is shutdown, but the pid lock file still exists. To counter this our tomcat script has a loop which waits for 30 seconds before kill -9 the tomcat process. Obviously this isn't the best solution. Has anyone else experienced a problem with tomcat6 not cleanly shutting down? I do testing etc on windows too and I notice from time to time that shutdown.bat will sometimes fail to cleanly shutdown tomcat, so I think the problem is in bootstrap.jar (Catalina.stop), and nothing to do with our linux environment Thanks, Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cleanly shutdown tomcat
Hi, I have occasionally seen this problem, but every time I have seen it is due to a poorly written JEE application. For example I have seen in Tomcat 5.5 if the JEE application creates a thread but due to some problem or exception it does not remove the thread, tomcat will not shutdown. What makes you think that the problem is with Tomcat and not with one of the applications you are running? That's true - and it's always safest to assume that it's your own code causing an issue and not the server you're relying on. That said, I have had all sorts of similar problems with Redhat and Ubuntu pre-packaged installations (ie RPM's and apt-get packages). I have since given up on using packages and installing a clean version of tomcat/java per server. I have not had any trouble since! Yes we are using the pure java version (not rpm package) for this reason. The only reason I thought there may be a problem is that I've searched for similar symptoms and it seems that other people have experienced a problem too, but you're correct it's better to check our own app first to see if it's the cause. Thanks, Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]