Re: renewing an ssl certificate

[Lyallex]

On 6 April 2017 at 14:18, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Lyllax,
>
> On 4/6/17 5:52 AM, Lyallex wrote:
>> I get a zipped archive from Comodo containing individual files but
>> I'll look into pem files
>
> Oh, those individual files *are* the PEM files.

Er

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
www_mydomain_com.crt

> LE is the answer.

I run a commercial site and getting security warn offs because a CA is
not recognised by the browser/user agent
is not an option. I run about 20 different browsers/versions on
several platforms which is about the limit for us (Americans would
call us a 'mom and pop shop') I'll read up on LE and find out what
they call themselves (the 'CA name' I guess) then check to see how
many of my browsers know about them.

Primitave maybe but it's what I got.

Thanks for the info
Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: renewing an ssl certificate

[Lyallex]

On 6 April 2017 at 00:42, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Lyllax,
>
> On 4/4/17 3:11 PM, Lyallex wrote:
>> After some sterling support from this list a while ago which
>> included a code change I have been successfully running Apache
>> Tomcat 7.0.70 stand alone (no httpd front end) with SSL/TLS for a
>> year now without problems, it just works, it never falls over and
>> it has withstood some concerted attacks by all sorts of scallywags.
>> Impressive.
>
> Great! Time to upgrade to Tomcat 8! It's really not bad at all. If you
> have a testing environment, I think you'll be able to do it in about
> 30 minutes. After you do it once, it'll take you more like 5 minutes.

Already runnung on my dev and stage boxes



> It should be that simple every time. Again, always keep a backup...

All I do is create a brand new keystore in a new location and do
everything from there
When I'm happy I simply change the location of the keystore in the
relevant connector in conf/server.xml
and restart tomcat. If it all goes belly up I simply change the config
to point to the old keystore.

Of course this only works if you don't leave everything to the last
minute and the old cert times out :-)



>
> When you are using PEM files, it's very clear what everything is, and,
> if you have a one-PEM-file-to-rule-them-all, then you can at least see
> everything labelled appropriately with a simple text editor. You can
> also get your private key out of the bundle without resorting to
> chicanery.

I get a zipped archive from Comodo containing individual files but
I'll look into pem files

> Come to this year's ApacheCon NA in Miami. There will be a few talks
> about TLS, including one on the basics and another one on using Let's
> Encrypt to get free automated certs so you never have to manually do
> this process ever again -- unless you want an EV cert ;)

Love to, but I'm in the UK.
I delegate payment to a service provider, the only external resource I
use, so I don't store
users financial data, just makes life simpler.and means I don't really
need an EV cert.

Despite their vehement denial, https is a ranking signal to Google,
maybe it would be nice if they offered a free basic ssl cert so small
businesses like mine don't have to pay over GBP 100 inc VAT every
year.

I won't hold my breath.

Thanks for taling the time to reply
Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: renewing an ssl certificate

[Lyallex]

Drat ... missed the list

Martin

Thank you for your comprehensive reply ...
actually all I was asking was 'is it possible to use an existing keystore
(and therefor an existing private key)' to install a new certification
chain'

In the end I created a brand new keystore, generated a new private key and
CSR, submitted the CSR to Comodo then installed the new chain when it
arrived. Then I simply switched the server (../conf/server.xml) to look at
the new keystore and it just worked. Result.

Ii was under the impression the certs were 'installed' in the keystore but
I don't think this is right so now I have to figure out where they are as
I'd like to remove the old ones. Every time I mess about with this SSL/TLS
stuff I age several years :-)

Thanks again

On 4 April 2017 at 22:21, Martin Gainty <mgai...@hotmail.com> wrote:

> I dont know who from the list said you could replace a valid SSL
> Certificate (that has since expired)
>
> with a self-signed but they are wrong
>
>
> you are MUCH better off by purchasing a valid Thawte/Verisign Certificate
> with public keys signed by a Certificate Authority which will be recognised by
> ALL browsers
>
>
> Mucking around with create-your-own self-signed certs will lead you to
> justifiable grief and aggravation
>
> First step is to create a CSR for X509 (named)certs embedded in pfx
>
> https://en.wikipedia.org/wiki/X.509
> X.509 - Wikipedia <https://en.wikipedia.org/wiki/X.509>
> en.wikipedia.org
> In cryptography, X.509 is a standard that defines the format of public key
> certificates. X.509 certificates are used in many Internet protocols,
> including TLS/SSL ...
>
> the pfx  will contain Asymmetric private/public keys:
>
> https://www.ciphercloud.com/blog/cloud-information-
> protection-symmetric-vs-asymmetric-encryption/
>
> <https://www.ciphercloud.com/blog/cloud-information-protection-symmetric-vs-asymmetric-encryption/>
> Symmetric vs. Asymmetric Encryption | CipherCloud
> <https://www.ciphercloud.com/blog/cloud-information-protection-symmetric-vs-asymmetric-encryption/>
> www.ciphercloud.com
> One of the basic questions in considering encryption is to understand the
> differences between symmetric and asymmetric encryption methods, and where
> to apply each ...
>
> first step is to send the CSR to your CA provider Verisign or Thawte
>
> https://knowledge.symantec.com/support/ssl-certificates-
> support/index?page=content=CROSSLINK=INFO227
> Certificate Signing Request (CSR) Generation Instructions ...
> <https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content=CROSSLINK=INFO227>
> knowledge.symantec.com
> To generate a CSR, you will need to create a key pair for your server.
> These two items are a digital certificate key pair and cannot be separated.
>
>
>
> yes you can create self-signed certs but CHROME stops transmission when
> they do not recognise certifying authority
> https://www.ibm.com/support/knowledgecenter/SSCP65_5.0.0/
> com.ibm.rational.rrdi.admin.doc/topics/t_browser_ss_cert.html
> Configuring a browser to work with self-signed certificates
> <https://www.ibm.com/support/knowledgecenter/SSCP65_5.0.0/com.ibm.rational.rrdi.admin.doc/topics/t_browser_ss_cert.html>
> www.ibm.com
> When self-signed certificates are installed on the server, configure
> Internet Explorer or Mozilla Firefox to work with these self-signed
> certificates.
>
>
> Let me know if you need further assistance
>
> Martin
> __
>
>  _ _  _ _  _ ___ _
> _   _ _   _  |_   _| |_ ___   |  _  |___ 
> ___ ___| |_ ___   |   __|___|  _| |_ _ _ _ ___ ___ ___   |   __|___ _ _ ___ 
> _| |___| |_|_|___ ___| | |   | -_|  | | . | .'|  _|   | -_|  |__   | 
> . |  _|  _| | | | .'|  _| -_|  |   __| . | | |   | . | .'|  _| | . |   |   
> |_| |_|_|___|  |__|__|  _|__,|___|_|_|___|  |_|___|_| |_| |_|__,|_| 
> |___|  |__|  |___|___|_|_|___|__,|_| |_|___|_|_||_|
>
>
>
>
> --
> *From:* Lyallex <lyal...@gmail.com>
> *Sent:* Tuesday, April 4, 2017 3:11 PM
> *To:* Tomcat Users List
> *Subject:* renewing an ssl certificate
>
> Tomcatters
>
> After some sterling support from this list a while ago which included
> a code change I have been successfully running
> Apache Tomcat 7.0.70 stand alone (no httpd front end) with SSL/TLS for
> a year now without problems, it just works, it never falls over
> and it has withstood some concerted attacks by all sorts of
> scallywags. Impressive.
>
> It is now time to renew my ssl certificate and I'm getting a bit 

renewing an ssl certificate

[Lyallex]

Tomcatters

After some sterling support from this list a while ago which included
a code change I have been successfully running
Apache Tomcat 7.0.70 stand alone (no httpd front end) with SSL/TLS for
a year now without problems, it just works, it never falls over
and it has withstood some concerted attacks by all sorts of
scallywags. Impressive.

It is now time to renew my ssl certificate and I'm getting a bit jumpy.

I managed to get everything working first time around following the docs at
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#General_Tips_on_Running_SSL

According to my service provider (comodo) I have to submit a new
certificate signing request which (I think) means creating a self
signed certificate.
Will this mess up me existing cert, it still has 10 days to go?

Is the process the same as installing first time or are there some
gotchas I need to be aware of

Thanks, nervously
Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I don't understand a recent change released in Tomcat 7.0.70

[Lyallex]

On 25 June 2016 at 07:38, Lyallex <lyal...@gmail.com> wrote:
> On 24 June 2016 at 21:50, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Lyallax,
>>
>> Okay, one last time before I start ignoring you. We really are trying
>> to be helpful. But nobody knows why who are so exercised about this.
>>
>> You haven't:
>>
>> a) Clearly explained what you want to do (redirect which requests?
>> with what response code? in what cases?)
>
> Thank you for your very reasonable response
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
>
> Explains the problem that has been fixed in 7.0.70

Tomcat 7.0.70, stand alone production server, live.

curl -D /tmp/headers.txt -s  http://www.mysite.com/

HTTP/1.1 301 Moved Permanently
...

Fantastic

Thank You
Lyallex

>
> My 'issue' was with the design decision, not the fix.
> Software design is an obsession of mine, sometimes it overflows my
> brain and spills out on the pavement so to speak.
>
> I don't think this forum is the right place to discuss such issues.
> Many thanks for everyones patience.
>
> Lyallex
>
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I don't understand a recent change released in Tomcat 7.0.70

[Lyallex]

On 24 June 2016 at 21:50, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Lyallax,
>
> Okay, one last time before I start ignoring you. We really are trying
> to be helpful. But nobody knows why who are so exercised about this.
>
> You haven't:
>
> a) Clearly explained what you want to do (redirect which requests?
> with what response code? in what cases?)

Thank you for your very reasonable response

https://bz.apache.org/bugzilla/show_bug.cgi?id=59399

Explains the problem that has been fixed in 7.0.70

My 'issue' was with the design decision, not the fix.
Software design is an obsession of mine, sometimes it overflows my
brain and spills out on the pavement so to speak.

I don't think this forum is the right place to discuss such issues.
Many thanks for everyones patience.

Lyallex



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I don't understand a recent change released in Tomcat 7.0.70

[Lyallex]

On 24 June 2016 at 15:37, Mark Thomas <ma...@apache.org> wrote:
> On 24 June 2016 11:51:25 BST, Lyallex <lyal...@gmail.com> wrote:
>
> 
>
>>However I can't get my head around your assertion that forcing the use
>>of TLS is a 'user data constraint'
>
> Have a look in the Servlet specification for that phrase. I don't have a copy 
> to hand right now but it will be in the security section.

OK. I'll concede that point, thank you for making that clear

In web.xml a security-constraint can contain an


 and or a


It makes sense to me that auth-constraint is associated with a Realm
given that a Realm is a database of users

It still doesn't make sense to me that a user-data-constraint, which
is 'all about the scheme' should be managed/configured/maintained (use
whatever word feels right) in a component that is 'all about a
database'. That's all I'm saying, it just doesn't 'feel right' that's
all.

As for an alternative solution, well until I can get enough time
together to get a build system together I haven't got one, that
doesn't mean that there isn't one. Building Tomcat is now working it's
way up my todo list.

I'll get back to you.

Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I don't understand a recent change released in Tomcat 7.0.70

[Lyallex]

On 24 June 2016 at 16:45, Christopher Schultz
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256



> 3. You can redirect anything yourself if you want to. The only reason
> for the Realm option was because Tomcat itself is issuing this
> particular redirect based upon an authentication situation (as defined
> by the servlet specification).
>
> 4. If you want "easy" redirection from http -> https and you don't
> want to write the 5-line Filter to do it for you, use url-rewrite and
> set up a rule that redirects all http:// requests to https:// URLs.

If you really understood the issue you wouldn't make such a lame observation
it has nothing to do with not being able to redirect, it is to do with
the *response code*
returned by tomcat when the redirect occurs.

I have tried a number of things to try and solve this issue using
Servlet Filters but I just can't seem to get the timing right.

The Tuckey UrlRewriteFilter does not make the slightest bit of difference.
I know this because I tried it. Did you?

> And seriously, calm down.

And seriously, try to understand the issue before criticizing.

You  really are a delicate lot aren't you, the slightest suggestion
that you might not be the geniuses you obviously think you
and your fragile egos crumple and you get all defensive. I've seen it
so many times in 20+ years as a developer/software engineer that I
shouldn't be surprised but I still am.
.
> You completely lost your mind over a new
> configuration option that you misunderstood.

Oh the irony



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I don't understand a recent change released in Tomcat 7.0.70

[Lyallex]

On 24 June 2016 at 10:01, Mark Thomas <ma...@apache.org> wrote:
> On 24/06/2016 06:30, Lyallex wrote:
>
> 
>
>> I think the current solution to 59399 need rethinking
>>
>> My commercial site has been up for years, there are links dating back
>> years that refer to the old http scheme
>> I have no control over this, now, whenever I get a hit from an 'old'
>> link I need to force the switch to https, lots of sites have this
>> probem and need a solution, it has nothing whatsoever to do with
>> dabases in any way shape or form.
>>
>> So,
>>
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
>>
>> What has the status code returned when switching from http -> https
>> got to do with a Realm?
>
> It is the Realm that enforces the security constraints defined in
> web.xml. This includes both authorisation constraints and user data
> constraints. Forcing the use of TLS is a user data constraint. Hence the
> ability to configure the redirect was added to the Realm implementations.
>
> 
>
>> Which Realm(s)? only JDBCDatabaseRealm has the attribute but your
>> comment seems to imply that all Realms
>> have it (transportGuaranteeRedirectStatus)
>
> It is supported for any Realm that extends org.apache.catalina.RealmBase
> which is all the Realms that ship with Tomcat and, I should think, a
> reasonable proportion of the custom Realm implementations as well.
>
> That it was only documented for one Realm was an oversight that I'll
> correct shortly. (Along with the typo in the text.)
>
> 
>
>> In the 'good old days' it was common practice to only switch to https
>> during or after signing in to an application, networks were slow and
>> encryption takes time, now networks are faster and the overhead isn't
>> such an issue. Entire sites now use the https scheme, I know mine
>> does. I can see a situation where, because the mighty Google says it
>> must be so, even an entirely static site with no database and no
>> manager will be served up under https. How is such a site suppose to
>> implement https?
>
> I assume the question here is how to configure the redirect status to
> use when a web application does not configure a Realm.
>
> Whether an application configures a Realm or not, it will have one. If a
> web application does not have a specific Realm configured Tomcat looks
> at the Host and then the Engine. If a Realm is not configured for either
> of these then the Engine will be configured with the NullRealm.
>
> Much like the way Tomcat automatically adds an Authenticator when
> required but the user has to add it explicitly if they want to change
> the default configuration for that Authenticator, the user has to
> explicitly add the NullRealm and configure it if they want to change the
> redirect status when no other Realm is defined.
>
> The NullRealm is currently undocumented. I'll fix that as well.
>
>> FYI I have it in black and white, from a Google webaster forum
>> responder that, in the event of  a tie between two pages in a ranking
>> calculation, the https scheme would produce a ranking signal that
>> would elevate the https page above the non https page in the resulting
>> rankings.
>>
>> Once again this is not intended as criticsm of a dedicated and
>> prolific committer
>
> You stated you think the current solution needs rethinking. You haven't
> proposed an alternative and explained why the alternative is better.

Because I don't presume to have the knowledge of the Tomcat source
code required to make such a statement.
I do have explicit knowledge of a problem that I experienced while
using open source software that you (and others) have written. I
didn't understand the solution due to (apparently) incomplete
documentation. What *exactly* is one supposed to do in this situation.
I may not have the time to contribute source code but it took me a
while to figure out exactly was going on and write a bug report, I
consider this contributing to the project, maybe you don't.

As it happens I did have a possible solution that maintained your
abstraction (Realm) even though the connection between realm and
redirect is *in my opinion* not intuitive and somewhat opaque and that
was to add the required functionality to the Realm base class (if such
an entity exists). Then, by way of an attribute expose that
functionality in your chosen Realm.

This sounds remarkably like the solution you have come up with ...

However I can't get my head around your assertion that forcing the use
of TLS is a 'user data constraint' but it appears that any attempted
discussion of design decisions is considered a criticism at least and
a persona

Re: I don't understand a recent change released in Tomcat 7.0.70

[Lyallex]

On 23 June 2016 at 19:43, Mark Thomas <ma...@apache.org> wrote:
> On 23/06/2016 17:56, Lyallex wrote:
>> I'm trying to understand why a recent change in 7.0.70 has been done
>> the way it has.
>> The change makes absolutely no sense to me and I need to ask the
>> implementer why in the name of sanity he did what he did.
>> I'm talking to you markt whoever you are :-)
>>
>> Where should I ask the question? dev list?
>>
>> I couldn't care less how much shouting ensues, I just need to get some sleep.
>
> How about you cut the attitude and just ask your question?

OK, I will.

To give this some context and with the greatest respect to a dedicated
committer none of what follows is intended as criticism it's just that
I think the current solution to 59399 need rethinking

My commercial site has been up for years, there are links dating back
years that refer to the old http scheme
I have no control over this, now, whenever I get a hit from an 'old'
link I need to force the switch to https, lots of sites have this
probem and need a solution, it has nothing whatsoever to do with
dabases in any way shape or form.

So,

https://bz.apache.org/bugzilla/show_bug.cgi?id=59399

What has the status code returned when switching from http -> https
got to do with a Realm?

http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html


"A Realm is a "database" of usernames and passwords that identify
valid users of a web application .. "


Or: What has the status code returned when switching from http ->
https got to do with a database of usernames and passwords?

https://tomcat.apache.org/tomcat-7.0-doc/config/realm.html

JDBCDatabaseRealm

attrbute: transportGuaranteeRedirectStatus


The HTTP status code to use when the container needs to issue an HTTP
redirect to meet the requirements of a configured transport guarantee.
The prpvoded status code is not validated. If not specified, the
default value of 302 is used.


 I just don't get why this is here

furthermore
https://bz.apache.org/bugzilla/show_bug.cgi?id=59399


Mark Thomas 2016-06-15 11:12:11 UTC

This has been implemented as a new option in the Realm and will has
implemented in:
- 9.0.x for 9.0.0.M9 onwards
- 8.5.x for 8.5.4 onwards
- 8.0.x for 8.0.37 onwards
- 7.0.x for 7.0.70 onwards


Which Realm(s)? only JDBCDatabaseRealm has the attribute but your
comment seems to imply that all Realms
have it (transportGuaranteeRedirectStatus)

In which case surely it should be a common attribute and (I'm guessing
here) the functionality be included in the base class for Realm

What happens if I don't use JDBCDatabaseRealm, does that mean I can't
configure the switchover status code.
What happens if I write my own Realm?

In the 'good old days' it was common practice to only switch to https
during or after signing in to an application, networks were slow and
encryption takes time, now networks are faster and the overhead isn't
such an issue. Entire sites now use the https scheme, I know mine
does. I can see a situation where, because the mighty Google says it
must be so, even an entirely static site with no database and no
manager will be served up under https. How is such a site suppose to
implement https?

FYI I have it in black and white, from a Google webaster forum
responder that, in the event of  a tie between two pages in a ranking
calculation, the https scheme would produce a ranking signal that
would elevate the https page above the non https page in the resulting
rankings.

Once again this is not intended as criticsm of a dedicated and
prolific committer

With respect
Lyallex








>
> If you are ever unsure where to ask, use the users list.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

I don't understand a recent change released in Tomcat 7.0.70

[Lyallex]

I'm trying to understand why a recent change in 7.0.70 has been done
the way it has.
The change makes absolutely no sense to me and I need to ask the
implementer why in the name of sanity he did what he did.
I'm talking to you markt whoever you are :-)

Where should I ask the question? dev list?

I couldn't care less how much shouting ensues, I just need to get some sleep.

Thanks
Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Bug 59399 fixed, great, now what happens

[Lyallex]

On 16 June 2016 at 19:04, Mark Thomas <ma...@apache.org> wrote:
> On 16/06/2016 18:26, Lyallex wrote:
>> A while ago I posted a bug
>>
>> Yesterday I got a message saying it had been fixed. nice :-)
>> However I am in the process of trying to get a development environment
>> up so that I could try and figure this one out for myself. It's no big
>> deal, I'll proceed with the project but for future reference how do I
>> know that someone has picked up one of 'my' bugs and is currently
>> working on it.
>
> I'll turn that around. How was anyone meant to know that you were
> working on it?

OK, fair point.

>> I subscribed to bugzilla emails for the bug but this is
>> the first I've heard
>
> To provide a little background, the ASF Bugzilla instances are patched
> to hard-code the 'Assigned to' field to the appropriate dev list. This
> is to ensure that the dev list always receives e-mails for every bug change.
>
> Generally, the Tomcat committers will comment on a bug as they make
> progress on it. If, like 59399, the fix is simple, it is likely that the
> first you will see of this is a comment to say it is fixed. If it is
> more complicated, then you are likely to see additional comments either
> reporting progress or asking for more information. It is also possible
> that there may be some additional discussion on the dev list. If you are
> interested in working on Tomcat then it is worth subscribing to the dev
> list.

Done

I have have also subscribed to announce so I know when it's been released

Thanks for the info

Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Bug 59399 fixed, great, now what happens

[Lyallex]

Before anyone gets over excited I have no idea how this works so save
your breath if you want to shout at me.

A while ago I posted a bug

Yesterday I got a message saying it had been fixed. nice :-)
However I am in the process of trying to get a development environment
up so that I could try and figure this one out for myself. It's no big
deal, I'll proceed with the project but for future reference how do I
know that someone has picked up one of 'my' bugs and is currently
working on it. I subscribed to bugzilla emails for the bug but this is
the first I've heard

Thanks
Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Request for documentation

[Lyallex]

On 16 May 2016 at 07:49, Violeta Georgieva <miles...@gmail.com> wrote:
> Hi,
>
> 2016-05-14 15:06 GMT+03:00 Lyallex <lyal...@gmail.com>:
>>
>> I'm trying to find some documentation that details the request lifecycle
>> I've looked in the obvious places ... and some not so obvious ones
>>
>> That is: NOT the servlet lifecycle documentation, this is a different
>> thing entirely.
>>
>> I need some documentation that details exactly what happens when the
>> fist bit of a request arrives at the server all the way through to
>> when the last bit of the response leaves the server. Does any such
>> documentation exit?
>
> Check this one
> http://tomcat.apache.org/tomcat-8.0-doc/architecture/requestProcess/request-process.png


Excellent, a UML sequence diagram. By far the most useful UML model type..

Thanks, that's exactly what I was looking for.

+1 as they say on the trendy (but largely useless) web forums.

lyallex


>
>
> Regards,
> Violeta
>
>> Presumably the version of Tomcat is important
>>
>> 7.0.42
>>
>>
>> Thanks in advance
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Request for documentation

[Lyallex]

I'm trying to find some documentation that details the request lifecycle
I've looked in the obvious places ... and some not so obvious ones

That is: NOT the servlet lifecycle documentation, this is a different
thing entirely.

I need some documentation that details exactly what happens when the
fist bit of a request arrives at the server all the way through to
when the last bit of the response leaves the server. Does any such
documentation exit?

Presumably the version of Tomcat is important

7.0.42


Thanks in advance

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Any experience with Tuckey UrlRewrite servlet filter?

[Lyallex]

snip

> Unfortunately, it looks like Tomcat doesn't support setting the response
> code for the redirect. That sounds like it would be a nice thing to be
> able to configure. Care to file a bug?

Done

Bug 59399 - Tomcat doesn't support setting the response code for http
-> https redirect

> You could even submit a patch for
> it -- it shouldn't be too terribly difficult to code that up.

That might take a little longer, working on it

lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Any experience with Tuckey UrlRewrite servlet filter?

[Lyallex]

On 29 April 2016 at 19:49, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> Lyallex,
>
> On 4/29/16 12:50 AM, Lyallex wrote:
>> On 28 April 2016 at 23:04, Christopher Schultz
>> <ch...@christopherschultz.net> wrote:
snip

> 1. You want to redirect requests to hostnames not on your whitelist to
> HTTPS (url-rewrite)
> 2. You want to redirect everybody to HTTPS (CONFIDENTIAL)
>
> Which of those is most important?
>
> If you need the CONFIDENTIAL setting (which is generally a good idea),
> then forget about url-rewrite and just use CONFIDENTIAL instead.

Yep, you're correct. UrlRewrite is not the answer, it's out of the picture.
it's just CONFIDENTIAL and the standard port 80/443 connectors that I
have to deal with

> Unfortunately, it looks like Tomcat doesn't support setting the response
> code for the redirect. That sounds like it would be a nice thing to be
> able to configure. Care to file a bug?

Well I wouldn't call it a bug really, more of a missing feature that
would be nice to have
I've never submitted a bug before I don't really know where to start ...

Ah ... http://tomcat.apache.org/bugreport.html



I wouldn't call it a bug, more of an 'enhancement'.
I'll give it a go, after all I can only get shouted at :-)

>You could even submit a patch for
> it -- it shouldn't be too terribly difficult to code that up.

As it happens I'm currently setting up a mirror of my new live CentOS
systemd server as my new dev box (currently on Ubuntu)
The first thing I was going to do was get the source of Tomcat 7 and
try to build it

Jeez, contribute to Tomcat eh, that would be something wouldn't it?

Anyway thanks to all for all the help and for your patience,
I'll figure out how the bug report thing works and submit an enhancement

lyallex

>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Any experience with Tuckey UrlRewrite servlet filter?

[Lyallex]

On 29 April 2016 at 14:57, André Warnier (tomcat) <a...@ice-sa.com> wrote:
> On 29.04.2016 12:52, Lyallex wrote:
>>
>> On 29 April 2016 at 08:44, André Warnier (tomcat) <a...@ice-sa.com> wrote:
>>>
>>> On 29.04.2016 08:59, Lyallex wrote:
>>>>
>>>>
>>>> The problem is despite setting the to-type to permanent-redirect I'm
>>>>>>
>>>>>>
>>>>>> actually getting a 302 temporary-redirect.
>>>>>>
>>>>>> I know this is probably off topic but if anyone has any experience of
>>>>>> this I'd be gratefull to hear how you solved it
>>>>>>
>>>
>>> If this was Apache httpd, a simple solution would be to create 2
>>> VirtualHost's,
>>> - one of which listens only to port 80, and always returns a 301 to HTTPS
>>> - the other one listening only to port 443, and holding your application
>>> There should be a way to do the same with Tomcat.

I am but a humble code monkey and certainly no Tomcat guru
but I think I understand where you are coming from

I commented out the relevant constraint in web.xml
commented out the standard port 80/443 setup in server.xml
commented out the redirect rule in urlrewrite.xml

I added the following to server.xml and started tomcat



I checked out the logs and couldn't see any problems, tomcat was
apparently listening on 2 ports

Apr 29, 2016 4:10:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-443"]
Apr 29, 2016 4:10:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Apr 29, 2016 4:10:37 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2167 ms

I fired up frefox, cleared the caches and entered https;//localhost
and the site was visible ... I haven't tested it extensively but it
seems to work fine

Of course the problems start when I try http://localhost given that
there's nothing listening on port 80

I think this is where your second instance comes in ... I'll go and do
some gardening and let my tired old brain process what you said and
see if I can make it work.

Do any of the gurus want to jump in here
what do you think of this solution

Is it madness, what haven't I seen

Thanks for your time

snip

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Any experience with Tuckey UrlRewrite servlet filter?

[Lyallex]

On 29 April 2016 at 08:44, André Warnier (tomcat) <a...@ice-sa.com> wrote:
> On 29.04.2016 08:59, Lyallex wrote:
>>
>> The problem is despite setting the to-type to permanent-redirect I'm
>>>>
>>>> actually getting a 302 temporary-redirect.
>>>>
>>>> I know this is probably off topic but if anyone has any experience of
>>>> this I'd be gratefull to hear how you solved it
>>>>
>
> If this was Apache httpd, a simple solution would be to create 2
> VirtualHost's,
> - one of which listens only to port 80, and always returns a 301 to HTTPS
> - the other one listening only to port 443, and holding your application
> There should be a way to do the same with Tomcat.
>
> If not, then thinking a bit laterally :
> - set up Tomcat with only a HTTPS Connector and your apps.
> - set up Apache httpd with only a HTTP VirtualHost, to return the 301.
> The overhead should be negligible, because the Apache httpd could be
> minimally configured, if that is the only thing it ever has to do.
> And since with a 301, browsers (and Google) should update their links/cache,
> it would only catch the first attempts of each client.
> And it saves quite a bit of overhead at the Tomcat level, which no longer
> has to deal at all with catching HTTP and redirecting it.

Hi, thanks for the suggestion however I'm running tomcat as a
standalone web server
Is there any similar trickery I can do in server.xml (for example).

thanks
lyallex




>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Any experience with Tuckey UrlRewrite servlet filter?

[Lyallex]

On 28 April 2016 at 18:21, jieryn <jie...@gmail.com> wrote:
> You can get the same effect using standard web.xml fragment and
> without a 3rd party dependency:
>
>
>   
> 
>   
>   /*
> 
> 
>   CONFIDENTIAL
> 
>   

Hi, and thanks for taking the time to reply.

Unfortunately, rather than solving the problem it *is* the problem (as
far as I can figure out anyway)
If I take the rewrite filter out of the picture the configuration I
have is as follows

web.xml


 
   
   /*
 
 
   CONFIDENTIAL
 


server.xml


 





stop tomcat
clear out all the logs
start tomcat
rebuild and redeploy the web app

root@sandbox:/tmp# curl -D /tmp/headers.txt -s  http://localhost/sitemap.xml

root@sandbox:/tmp# cat headers.txt
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 GMT
Location: https://localhost/sitemap.xml
Content-Length: 0
Date: Fri, 29 Apr 2016 06:55:39 GMT

Remember, the filter is out of the picture yet still I get a 302

If I can't solve this it will be a show stopper and I'll have to go
back to straight http which will push my link further down the Google
search results.

Thanks
lyallex

>
>
> On Thu, Apr 28, 2016 at 1:12 PM, Lyallex <lyal...@gmail.com> wrote:
>> apache-tomcat-7.0.42
>> jdk1.8.0_77
>> CentOS Linux 7.2.1511
>> urlrewritefilter-4.0.3.jar
>>
>> I'm using the rewrite filter from http://tuckey.org/urlrewrite/
>>
>> I have a rule, it's supposed to 301 perm-redirect from http to https
>>
>>   
>>seo redirect
>>> operator="notequal">^www.example.com
>>^localhost
>>^/(.*)
>>> last="true">https://www.example.com/$1
>> 
>>
>> The problem is despite setting the to-type to permanent-redirect I'm
>> actually getting a 302 temporary-redirect.
>>
>> I know this is probably off topic but if anyone has any experience of
>> this I'd be gratefull to hear how you solved it
>>
>> Thanks
>>
>> lyallex
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Any experience with Tuckey UrlRewrite servlet filter?

[Lyallex]

On 28 April 2016 at 23:04, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Lyallex,
>
> On 4/28/16 1:12 PM, Lyallex wrote:
>> apache-tomcat-7.0.42 jdk1.8.0_77 CentOS Linux 7.2.1511
>> urlrewritefilter-4.0.3.jar
>>
>> I'm using the rewrite filter from http://tuckey.org/urlrewrite/
>>
>> I have a rule, it's supposed to 301 perm-redirect from http to
>> https
>>
>>  seo redirect > operator="notequal">^www.example.com > name="host" operator="notequal">^localhost
>> ^/(.*) > last="true">https://www.example.com/$1 
>>
>> The problem is despite setting the to-type to permanent-redirect
>> I'm actually getting a 302 temporary-redirect.
>>
>> I know this is probably off topic but if anyone has any experience
>> of this I'd be gratefull to hear how you solved it
>
> - From the documentation for "condition":
>
> "
> notequal   Not equal to. (i.e. request value != condition value).
> Note, this operator *only work with numeric rule types*.
> "
> (emphasis mine)
>
> Then again, there is immediately following it an example of where a
> regular expression is almost certainly being used:
>
> "
> Mozilla/[1-4] n>
> "
>
> You might want to post a question to the Google Group for url-rewrite.
> This might be a bug (at least in their documentation).

I have turned on debug logging for the filter and everything looks OK,
the rule loads with no errors however I think you are right about
the filter not doing the redirect, or rather the filter redirects but
then something redirects again. This could be a problem as
GoogleGod demands a 301 redirect not a 302. Please see below

> As for the incorrect redirect status, are you sure it's the rewrite
> filter redirecting you? Jieryn points-out in a separate reply that if
> you are using a user-data-constraint, you may already be redirected by
> Tomcat before url-rewrite gets to look at the request.

First I commented out both the filter and the entire
CONFIDENTIAL
security constraint, rebuilt and redeployed the war.

root@sandbox:/tmp# curl -D /tmp/headers.txt -s  http://localhost/sitemap.xml

root@sandbox:/tmp# cat headers.txt
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: User-Agent
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 29 Apr 2016 04:28:30 GMT

Then I enabled the security constraint but left the filter commented out
rebuilt and redeployed then I ran exactly the same command

root@sandbox:/tmp# curl -D /tmp/headers.txt -s  http://localhost/sitemap.xml

root@sandbox:/tmp# cat headers.txt
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 GMT
Location: https://localhost/sitemap.xml
Content-Length: 0
Date: Fri, 29 Apr 2016 04:32:20 GMT

So, the filter isn't in the picture and I'm getting a 302

The only thing I can find that's might be doing the redirect is the following

root@sandbox:/tmp# cat /opt/apache-tomcat-7.0.42/conf/server.xml

  <<<===
302 redirect ?



If this happens after the filter (which is not enabled at the moment)
then I could be in trouble.

I can't believe no one has had this problem before.

Thanks
lyallex















>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlciiPQACgkQ9CaO5/Lv0PDusQCcDrmV6fZlQWUsjvyVowD6bgvu
> BG4An1R9lKLudJlTa0yM7yMKUrrmEjvi
> =3AxZ
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Any experience with Tuckey UrlRewrite servlet filter?

[Lyallex]

apache-tomcat-7.0.42
jdk1.8.0_77
CentOS Linux 7.2.1511
urlrewritefilter-4.0.3.jar

I'm using the rewrite filter from http://tuckey.org/urlrewrite/

I have a rule, it's supposed to 301 perm-redirect from http to https

  
   seo redirect
   ^www.example.com
   ^localhost
   ^/(.*)
   https://www.example.com/$1


The problem is despite setting the to-type to permanent-redirect I'm
actually getting a 302 temporary-redirect.

I know this is probably off topic but if anyone has any experience of
this I'd be gratefull to hear how you solved it

Thanks

lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Obsolete cypher suit

[Lyallex]

On 13 April 2016 at 12:50, Mark Thomas <ma...@apache.org> wrote:
> On 13/04/2016 12:43, Lyallex wrote:
>> On 12 April 2016 at 19:26, Mark Thomas <ma...@apache.org> wrote:
>>> On 12/04/2016 19:11, Lyallex wrote:
>>>> On 12 April 2016 at 18:06, Lyallex <lyal...@gmail.com> wrote:
>>>>> apache-tomcat-7.0.42 as standalone web server
>>>>> jdk1.7.0_45
>>>>> Ubuntu 12.10
>>>>>
>>>>> Greetings
>>>>>
>>>>> I'm sure this is an old chestnut but it's got me stumped
>>>>>
>>>>> I just purchased and installed my first ever ssl certificate
>>>>> I had it installed and apparently running in no time. I should of
>>>>> course have been suspicious that it all went so smoothly
>>>>> but I though it was about time I got a break ... no such luck.
>>>>>
>>>>> Clicking the padlock in chrome I get
>>>>>
>>>>> Your connection to 192.168.1.68 is encrypted using an obsolete cipher 
>>>>> suit.
>>>>>
>>>>> The connection uses TLS 1.2.
>>>>>
>>>>> The connection is encrypted using AES_128_CBC with HMAC-SHA1 for
>>>>> message authentication and ECDHE_RSA as the key exchange mechanism.
>>>>
>>>> jdk1.8.0.77 fixed it
>>>>
>>>> Should have know it was a Java (as opposed to Tomcat) problem
>>>>
>>>> as you were
>>>
>>> As of the next Tomcat 7 release, the SSL defaults have been improved so
>>> a default configuration should not report any issues.
>>>
>>> Mark
>>
>> Now I'm confused, I thought Tomcat relied on the JSSE implementation
>> in whatever version of Java that was used to start Tomcat
>> to provide it's cipher suits. If this is correct how will a different
>> version of Tomcat make a difference given that it's started with the
>> same version of Java. If it's incorrect please forgive my boundlesss
>> ignorance and stupidity.
>
> Happy to clarify.
>
> Tomcat is able to select which TLS versions and cipher suites are
> enabled by default. The latest Tomcat version enables fewer cipher
> suites by default (some less secure ones are removed) so the default
> configuration is better.
>
> Users remain free to explicitly configure any cipher suite they wish
> from those supported by the JSSE implementation provided by the JRE.
>
> Mark

Good morning

After a long night trying to figure out why Tomcat would not run with
Java 1.8 on centOS I've finally got it working
(wrong processor architecture, rookie mistake, tired)

ssllabs now gives my server a B which is way better that an F

There is one thing outstanding that I'm just too tired to figure out
at the moment and I'm hoping someone will put me out of my misery.

The one thing failing is the key exchage

My tomcat server uses RSA  as the key exchange mechanism when it needs
to be using ECDHE_RSA

When I start reading documentation on cipher suites my head starts spinning

Does anyone feel like letting me know how to get tomcat to use
ECDHE_RSA for the key exchange?

Thanks
I gotta get some sleep
TTFN

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Obsolete cypher suit

[Lyallex]

On 12 April 2016 at 19:26, Mark Thomas <ma...@apache.org> wrote:
> On 12/04/2016 19:11, Lyallex wrote:
>> On 12 April 2016 at 18:06, Lyallex <lyal...@gmail.com> wrote:
>>> apache-tomcat-7.0.42 as standalone web server
>>> jdk1.7.0_45
>>> Ubuntu 12.10
>>>
>>> Greetings
>>>
>>> I'm sure this is an old chestnut but it's got me stumped
>>>
>>> I just purchased and installed my first ever ssl certificate
>>> I had it installed and apparently running in no time. I should of
>>> course have been suspicious that it all went so smoothly
>>> but I though it was about time I got a break ... no such luck.
>>>
>>> Clicking the padlock in chrome I get
>>>
>>> Your connection to 192.168.1.68 is encrypted using an obsolete cipher suit.
>>>
>>> The connection uses TLS 1.2.
>>>
>>> The connection is encrypted using AES_128_CBC with HMAC-SHA1 for
>>> message authentication and ECDHE_RSA as the key exchange mechanism.
>>
>> jdk1.8.0.77 fixed it
>>
>> Should have know it was a Java (as opposed to Tomcat) problem
>>
>> as you were
>
> As of the next Tomcat 7 release, the SSL defaults have been improved so
> a default configuration should not report any issues.
>
> Mark

Now I'm confused, I thought Tomcat relied on the JSSE implementation
in whatever version of Java that was used to start Tomcat
to provide it's cipher suits. If this is correct how will a different
version of Tomcat make a difference given that it's started with the
same version of Java. If it's incorrect please forgive my boundlesss
ignorance and stupidity.

lyallex



> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Java 8 cipher suite required. CentOS says no

[Lyallex]

This is kind of connected to an earlier post but I didn't want to get
shouted at for hijacking so I started new one, hope this is OK

apache-tomcat-7.0.42 standalone web server
CentOS Linux release 7.2.1511
jdk1.7.0_45 and jdk1.8.0_77

It's a bit complicated I'll try to be brief

On discovering that browsers complained that I was using obsolete
cyphers over https I discovered that running the server against java
1.8 solved the problem.

I'm using a tried and tested init.d script

on my test machine, (Ubuntu Linux 12.10) in the script,
/etc/rc.d/init.d/tomcat7 I changed

JAVA_HOME=/opt/jdk1.7.0_45

to

JAVA_HOME=/opt/jdk1.8.0_77

saved the script and started tomcat under jsvc

The server came up straight away and browsers informed me that I was
using modern up to date ciphers ... hooray, change one line and
everything hums.

So, on the CentOS box I had exactly the same script in exactly the
same place pointing to exactly the same jdk  (/opt/jdk1.7.0_45)

I realise that this CentOS release uses systemd init but if I shut
down tomcat with

# systemctl stop tomcat.service

I can start it manually with the old init.d script. it's quicker  and
I don't have to keep reloading services. It works, Tomcat starts up
and ssllabs give me a big fat F for fail as expected but
I'm running fine with https. browsers still complain (as expected) but
it proves that my SSL config is correct (or as correct as can be
expected given the circumstances).

So, # /etc/rc.d/init.d/tomcat7 stop

change

JAVA_HOME=/opt/jdk1.7.0_45

to

JAVA_HOME=/opt/jdk1.8.0_77

/etc/rc.d/init.d/tomcat7 start ... epic fail

With the messages

Cannot find any VM in Java Home /opt/jdk1.8.0_77
Cannot locate JVM library file

in the tomcat logs

I have set everything I can think of including JAVA_HOME in .bash_profile

[root@vps logs]# java -version
java version "1.8.0_77"
Java(TM) SE Runtime Environment (build 1.8.0_77-b03)
Java HotSpot(TM) 64-Bit Server VM (build 25.77-b03, mixed mode)

[root@vps logs]# echo $PATH
/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/lyallex/.local/bin:/home/lyallex/bin:/opt/jdk1.8.0_77/bin

but nothing I do changes anything.

I have copied the start script below fYI

Has anyone seen anything like this before?

Thanks
lyallex

= /etc/rc.d/init.d/tomcat7


[root@vps logs]# cat /etc/rc.d/init.d/tomcat7

# chkconfig: - 71 19
# description:  Start up the Tomcat servlet engine.
# use java 7
# JAVA_HOME=/opt/jdk1.7.0_45
# java 8, works on Ubuntu, fails on CentOS
JAVA_HOME=/opt/jdk1.8.0_77
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid


RC=0

case "$1" in

  start)

   $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
 -Xms512m \
 -Xmx1024m \
 -outfile $CATALINA_HOME/logs/catalina.out \
 -errfile $CATALINA_HOME/logs/catalina.err \
 -pidfile '/var/run/tc7/jsvc.pid' \
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
 -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
 -cp $CLASSPATH  \
 org.apache.catalina.startup.Bootstrap

RC=$?

[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;

  stop)

PID=`cat /var/run/tc7/jsvc.pid`
kill $PID

   RC=$?

[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"

echo "tomcat stopped"
;;

  *)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC

[root@vps logs]#

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Obsolete cypher suit

[Lyallex]

On 12 April 2016 at 18:06, Lyallex <lyal...@gmail.com> wrote:
> apache-tomcat-7.0.42 as standalone web server
> jdk1.7.0_45
> Ubuntu 12.10
>
> Greetings
>
> I'm sure this is an old chestnut but it's got me stumped
>
> I just purchased and installed my first ever ssl certificate
> I had it installed and apparently running in no time. I should of
> course have been suspicious that it all went so smoothly
> but I though it was about time I got a break ... no such luck.
>
> Clicking the padlock in chrome I get
>
> Your connection to 192.168.1.68 is encrypted using an obsolete cipher suit.
>
> The connection uses TLS 1.2.
>
> The connection is encrypted using AES_128_CBC with HMAC-SHA1 for
> message authentication and ECDHE_RSA as the key exchange mechanism.

jdk1.8.0.77 fixed it

Should have know it was a Java (as opposed to Tomcat) problem

as you were

snip

lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Obsolete cypher suit

[Lyallex]

apache-tomcat-7.0.42 as standalone web server
jdk1.7.0_45
Ubuntu 12.10

Greetings

I'm sure this is an old chestnut but it's got me stumped

I just purchased and installed my first ever ssl certificate
I had it installed and apparently running in no time. I should of
course have been suspicious that it all went so smoothly
but I though it was about time I got a break ... no such luck.

Clicking the padlock in chrome I get

Your connection to 192.168.1.68 is encrypted using an obsolete cipher suit.

The connection uses TLS 1.2.

The connection is encrypted using AES_128_CBC with HMAC-SHA1 for
message authentication and ECDHE_RSA as the key exchange mechanism.

I followed the instructions here

https://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2-in-tomcat.html
and passed then following when starting tomcat
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 \

No luck so far

here is server.xml

  



Any pointers to useful resources much appreciated

TIA
Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat running against Java 1.7 barfs with Java < 1.7 Jasper error

[Lyallex]

On 8 April 2016 at 13:12, Mark Thomas <ma...@apache.org> wrote:
> On 8 April 2016 12:43:56 BST, Lyallex <lyal...@gmail.com> wrote:
>>On 8 April 2016 at 12:31, Violeta Georgieva <miles...@gmail.com> wrote:
>>> Hi,

>
> Jasper is configured to default to the minimum Java version required by the 
> version of the JSP specification  it implements.

Thank you

> Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat running against Java 1.7 barfs with Java < 1.7 Jasper error

[Lyallex]

On 8 April 2016 at 12:31, Violeta Georgieva <miles...@gmail.com> wrote:
> Hi,
>
> 2016-04-08 14:28 GMT+03:00 Lyallex <lyal...@gmail.com>:
>>
>> Apache Tomcat 7.0.42 running under jsvc against jdk1.7.0.45
>> on 64 bit Ubuntu Linux 12.10 built and deployed with Ant in Eclipse
>> JUNO set to 1.7 compliance
>>
>> Please don't moan at me for using JSP scriptlets, I'm just doing some
>> throwaway prototyping so save the bandwidth. Thank You
>>
>> I have been switching on Strings in 1.7 projects for a while now, I
>> use it in application classes running on the above with no problems at
>> all.
>>
>> This morning I tried switching on Strings in jsp and got the following
>> compiler error
>>
>> org.apache.jasper.JasperException Unable to compile class for JSP
>> etc etc
>> Cannot switch on a value of type String for source level below 1.7 ...
>>
>> Hmm, interesting
>>
>> Configured Jasper to compile against 1.7 and it all worked fine
>>
>> It seems a little strange that running Tomcat against 1.7 wouldn't
>> automatically configure Jasper to compile against 1.7 ... doesn't it ?
>>
>> Or does it?
>>
>> I'm sure there is a good reason, I just can't think of it :-(
>>
>
> This behavior is correct. Check this
> http://tomcat.apache.org/tomcat-7.0-doc/jasper-howto.html
>
> compilerSourceVM - What JDK version are the source files compatible with?
> (Default value: 1.6)
> compilerTargetVM - What JDK version are the generated files compatible
> with? (Default value: 1.6)
>
> Regards,
> Violeta

Well I'm sure it is ... but you miss the point entirely I'm afraid

I'll try again

I said

" It seems a little strange that running Tomcat against 1.7 wouldn't
  automatically configure Jasper to compile against 1.7 ... doesn't it"

I'm not sure how you interpret this statement as an assertion that
the behavior is incorrect.

Once again.

Why is it that when Tomcat is run against Java 1.7 and obviously
interprets classes
written in 1.7 correctly Jasper isn't configure to compile at 1.7
compliance level.

It's just a question, I found it interesting.

Is that OK

Lyallex


>>
>
>> Lyallex
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat running against Java 1.7 barfs with Java < 1.7 Jasper error

[Lyallex]

Apache Tomcat 7.0.42 running under jsvc against jdk1.7.0.45
on 64 bit Ubuntu Linux 12.10 built and deployed with Ant in Eclipse
JUNO set to 1.7 compliance

Please don't moan at me for using JSP scriptlets, I'm just doing some
throwaway prototyping so save the bandwidth. Thank You

I have been switching on Strings in 1.7 projects for a while now, I
use it in application classes running on the above with no problems at
all.

This morning I tried switching on Strings in jsp and got the following
compiler error

org.apache.jasper.JasperException Unable to compile class for JSP
etc etc
Cannot switch on a value of type String for source level below 1.7 ...

Hmm, interesting

Configured Jasper to compile against 1.7 and it all worked fine

It seems a little strange that running Tomcat against 1.7 wouldn't
automatically configure Jasper to compile against 1.7 ... doesn't it ?

Or does it?

I'm sure there is a good reason, I just can't think of it :-(

Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

How to start Tomcat as a standalone web server using the systemd init system

[Lyallex]

Apache-tomcat-7.0.42
Java 1.7.0_45-b18
CentOS Linux release 7.2.1511

I have been using various releases of Apache Tomcat as a standalone
web server and servlet container
to serve a commercial web-app written entirely in Java for the past 4
years. Recently my server host informed me that I needed to
move to their 'cloud'.

This meant moving from a CentOS release 5.2 system that used a
SysV-style init script in /etc/rc.d/init.d with symbolic links in
rc2.d, rc3.d, rc4.d and rc5.d
to a CentOS Linux release 7.2.1511 system that used a systemd init system

The init.d script was called tomcat7 and is listed at the end of this message.

Tomcat is employed as a stand alone web server binding to the default
port for inbound non-encrypted http traffic which is port 80.
Due to the restricions placed on privileged ports (< 1024) by UNIX
like systems this required the use of an additional component.

The component chosen was jsvc
(http://commons.apache.org/proper/commons-daemon/jsvc.html)
Tomcat documentation re jsvc
(https://tomcat.apache.org/tomcat-7.0-doc/setup.html)

The first attempt at getting Tomcat to start after a system reboot
consisted of calling the original inid.d script.

# touch /etc/systemd/system/tomcat.service

tomcat.service began life as follows

[Unit]
Description=The Jakarta Apache/Tomcat Server
After=network.target

[Service]
Type=forking
ExecStart=/etc/rc.d/init.d/tomcat7 start
ExecStop=/etc/rc.d/init.d/tomcat7 stop

[Install]
WantedBy=multi-user.target

This and many other versions that called the original init.d script
failed with various systemd error codes
The reason(s) are as yet not fully understood.

The final solution shows the invocation arguments passed to jsvc in
longhand, this is the only way we could get it to work.

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking
User=root

ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
-user tomcat \
-home /opt/jdk1.7.0_45 \
-Dcatalina.home=/opt/apache-tomcat-7.0.42 \
-Dcatalina.base=/opt/apache-tomcat-7.0.42 \
-Djava.io.tmpdir=/var/tmp \
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
-errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
-pidfile /var/run/tc7/jsvc.pid \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
\
-cp 
/opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
\
org.apache.catalina.startup.Bootstrap

ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid

[Install]
WantedBy=multi-user.target

This works fine and Tomcat starts as expected when the system reboots.

Hope this saves someone some aggravation. There is still much that is
not understood and experimentation is ongoing as time allows.

Lyallex

=== /etc/rc.d/init.d/tomcat7 ===
JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid


RC=0

case "$1" in

  start)

   $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
 -Xms512m \
 -Xmx1024m \
 -outfile $CATALINA_HOME/logs/catalina.out \
 -errfile $CATALINA_HOME/logs/catalina.err \
 -pidfile '/var/run/tc7/jsvc.pid' \
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
 -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
 -cp $CLASSPATH  \
 org.apache.catalina.startup.Bootstrap

RC=$?

[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;

  stop)

PID=`cat /var/run/tc7/jsvc.pid`
kill $PID

   RC=$?

[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"

echo "tomcat stopped"
;;

  *)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

[Lyallex]

On 19 March 2016 at 21:02, André Warnier (tomcat) <a...@ice-sa.com> wrote:
> Daniel,
>
> first of all, stop top-posting (this applies to both of you). This is not
> the style of posting desired on this list.
> See http://tomcat.apache.org/lists.html#tomcat-users, #6.
>
> Secondly,
> the original poster (lyallex) wants to run Tomcat under Linux, without a
> front-end, as a webserver, listening on port 80, but running as a user which
> is not root.
> This is a legitimate way of running Tomcat, and it is not for you to tell
> him to run it otherwise.  Presumably, he knows what he is doing, under his
> circumstances.
>
> Tomcat by itself cannot do that, because it cannot by itself start as root,
> bind to port 80, and then switch users.
> The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this,
> which is why the OP wants to use it.
> But he has problems configuring this to run under systemd.
> And this was his question : how to run Tomcat as non-root under a JVM under
> jsvc under systemd, listening on port 80.
>
> I have not yet tried it myself, so I cannot really help.

I have it working now, I'd be glad to advise if required

> But I have a feeling that the information that you have provided earlier,
> can be extrapolated to the configuration which lyallex wants.
> So thank you for providing that information, and let's leave it at that.
> There is no need and no point in transforming this conversation into a flame
> now.
>

+1


>
>
> On 19.03.2016 21:33, Daniel Savard wrote:
>>
>> I still don't see how the number of concurrent sessions is related to
>> the port number.
>>
>> The default ports for Tomcat are 8080 and 8443.
>>
>> For huge websites, usually you have a load balancer as a front-end
>> anyway. You then get the capability to distribute the workload on more
>> than one instance of Tomcat and/or servers, so, sticking on a single
>> port isn't desirable since many instances on a single server cannot
>> run on the same port. You get the capability to eliminate any
>> single-point of failure as well as getting the capability to implement
>> a non-stop environment making a Tomcat cluster.
>> -
>> Daniel Savard
>>
>>
>> 2016-03-19 15:40 GMT-04:00 Lyallex <lyal...@gmail.com>:
>>>
>>> <Sigh!>
>>>
>>> On 19 March 2016 at 19:19, Daniel Savard <daniel.sav...@gmail.com> wrote:
>>>>
>>>> I see what you were trying to achieve, however I don't see much
>>>> interest in that.
>>>
>>>
>>> Really, I've been running a successful commercial web site for the
>>> last 4 years using Tomcat as a standalone web server
>>> and servlet container using exactly this solution. 1000 concurrent
>>> sessions pose no problem
>>> I mentioned this in my first post, sorry if you missed it.
>>>
>>>> 1) Obviously, if you were expecting systemd to solve that problem, you
>>>> were wrong and it is a sane behavir of systemd to not allow that
>>>> neither
>>>
>>>
>>> No, you misunderstood. I was trying to start jsvc from a systemd service
>>> file
>>> Please read more carefully.I never suggested that systemd would solve
>>> the problem
>>>
>>>> 2) Your solution to your problem is lying on jsvc alone.
>>>> 3) I believe is bad security practice to insist to bind on privileged
>>>> ports for process that don't need that level of privilege.
>>>>
>>>> Btw, even if you switch to another user to run the code, you actually
>>>> are binding to port 80 as root.
>>>>
>>>> Maybe you can explain us why you want to do such a thing and using any
>>>> other unprivileged port isn't a solution to your problem.
>>>
>>>
>>> What is the default port for non.-encrypted http traffic to a web server?
>>>
>>> Anyway, I see no reason to start a slanging match, I have better things
>>> to do.
>>> It's all working quite nicely now anyway, thank you for your input.
>>>
>>> To learn about jsvc see
>>> http://commons.apache.org/proper/commons-daemon/jsvc.html
>>> You'll need an up to date ANSI C compiler (I use gcc)
>>>
>>> Lyallex
>>>
>>>
>>>>
>>>> Regards,
>>>> -
>>>> Daniel Savard
>>>>
>>>>
>>>> 2016-03-19 12:10 GMT-04:00 Lyallex <lyal...@gmail.com>:
>>>>>
>>>>> It's the simplest way to 

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

[Lyallex]

<Sigh!>

On 19 March 2016 at 19:19, Daniel Savard <daniel.sav...@gmail.com> wrote:
> I see what you were trying to achieve, however I don't see much
> interest in that.

Really, I've been running a successful commercial web site for the
last 4 years using Tomcat as a standalone web server
and servlet container using exactly this solution. 1000 concurrent
sessions pose no problem
I mentioned this in my first post, sorry if you missed it.

> 1) Obviously, if you were expecting systemd to solve that problem, you
> were wrong and it is a sane behavir of systemd to not allow that
> neither

No, you misunderstood. I was trying to start jsvc from a systemd service file
Please read more carefully.I never suggested that systemd would solve
the problem

> 2) Your solution to your problem is lying on jsvc alone.
> 3) I believe is bad security practice to insist to bind on privileged
> ports for process that don't need that level of privilege.
>
> Btw, even if you switch to another user to run the code, you actually
> are binding to port 80 as root.
>
> Maybe you can explain us why you want to do such a thing and using any
> other unprivileged port isn't a solution to your problem.

What is the default port for non.-encrypted http traffic to a web server?

Anyway, I see no reason to start a slanging match, I have better things to do.
It's all working quite nicely now anyway, thank you for your input.

To learn about jsvc see
http://commons.apache.org/proper/commons-daemon/jsvc.html
You'll need an up to date ANSI C compiler (I use gcc)

Lyallex


>
> Regards,
> -----
> Daniel Savard
>
>
> 2016-03-19 12:10 GMT-04:00 Lyallex <lyal...@gmail.com>:
>> It's the simplest way to find out which port you have Tomcat listening on
>>
>> *NIX based systems don't allow non root uses bind to ports < 1024
>>
>> jsvc
>> http://commons.apache.org/proper/commons-daemon/jsvc.html
>>
>> solves this problem, nobody seems to have grasped that this is what I
>> was asking about.
>> I know of no way to start the container, on port 80 using either
>> startup.sh or catalina.sh using start, run or anything else.
>> If I'm wrong then I would love to see how it's done.
>>
>> CentOS Linux release 7.2.1511 (Core)
>>
>>
>> On 19 March 2016 at 13:46, Daniel Savard <daniel.sav...@gmail.com> wrote:
>>> Why? What is the point? The server.xml has nothing to do with
>>> integration with systemd.
>>> -
>>> Daniel Savard
>>>
>>>
>>> 2016-03-19 1:40 GMT-04:00 Lyallex <lyal...@gmail.com>:
>>>> Would you mind posting your server.xml, here is the relevant bit from mine.
>>>>
>>>>  
>>>>
>>>> >>>connectionTimeout="2"
>>>>redirectPort="8443" />
>>>>
>>>> 
>>>>
>>>>   
>>>>
>>>> >>> resourceName="UserDatabase"/>
>>>>
>>>>   
>>>>
>>>>   >>> autoDeploy="true">
>>>>
>>>> >>> directory="logs"
>>>>prefix="localhost_access_log" suffix=".txt"
>>>>rotatable="false" pattern="combined" />
>>>>   
>>>>
>>>> 
>>>>   
>>>>
>>>> On 18 March 2016 at 23:35, Daniel Savard <daniel.sav...@gmail.com> wrote:
>>>>> I believe all distros have over engineered the scripts to start
>>>>> Tomcat. Forget all the scripts from your distro, learn the
>>>>> signification of the environment variables from the catalina.sh script
>>>>> shipped with the default Tomcat version. Define your variables in a
>>>>> file, this file is not a script, so you cannot reuse a previously
>>>>> defined variable, feed your systemd service definition file with this
>>>>> file in the service section as EnvironmentFile=/path/name/to/your/file
>>>>> ExecStart=/path/to/catalina.sh start
>>>>> ExecStop=/path/to/catalina.sh stop
>>>>>
>>>>> and you are done. You control everything from the environment file,
>>>>> you can easily manage the environment variables without editing the
>>>>> systemd's service file.
>>>>>
>>>>> It is much simpler than the OpenRC set of scripts at my humble
>>>>> opinion. I am running Gentoo at home and RHEL at work an

Re: systemd tomcat script for Linux EL7

[Lyallex]

Do you have the answer to my question?

CentOS Linux release 7.2.1511

I think it actually boils down to 'how do you start start Tomcat as a
daemon (using jsvc) on a privileged port (<1024) switching to a no
login user (tomcat)  on a system that uses a systemd init process. The
rant you refer to doesn't explicitly (or implicitly) answer this
question.

The same startup script that starts Tomcat  as above  on CentOS
release 5.2 which uses the 'old'  SysV (I think) init processes using
init.d, rc3.d etc and has done for a number of years fails in systemd
(all details posted earlier)

Has anyone actually got this working or do you all hide behind httpd :-)

TIA
Lyallex

On 17 March 2016 at 00:57, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> jieryn,
>
> On 3/16/16 1:36 PM, jieryn wrote:
>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house
> - -of-horror/tomcat.html
>
> Wow,
>>
> lots of ranting about environment variables and little-used PID
> files.
>
> If the author only understood the reasons behind the way catalina.sh
> works, he might not have embarrassed himself.
>
> It must be hard being so smart and important that you have to quit the
> Internet for good[1].
>
> - -chris
>
> [1]
> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth
> or.html#SMTP
>
>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex <lyal...@gmail.com>
>> wrote:
>>> Apologies for dredging this up but I'm having some problems with
>>> this. Any ideas much appreciated.
>>>
>>> Ii have been forced to move from a version of centOS the used the
>>> old /etc/rc.d/init.d way of doing things to a new version of
>>> CentOS that uses systemd. The hosts can't or won't help because
>>> I'm using a 'non-standard setup' Basically I'm using tomcat
>>> standalone on port 80 to serve up my site. I use jsvc with a
>>> start/stop script in /etc/rc.d/init.d with symbolic links in
>>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly
>>> for nearly 4 years.
>>>
>>> I have installed Tomcat, Java and all required resources on the
>>> new server, I have dulpicated the configuration in /etc but
>>> needless to say when I restart the server Tomcat doesn't start
>>>
>>> Starting from the command line as root with
>>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts
>>> tomcat as root then switches to an unprivileged, no login user
>>> (tomcat)
>>>
>>> I followed your instructions and came up with the following
>>>
>>> # touch /etc/systemd/system/tomcat.service # nano
>>> /etc/systemd/system/tomcat.service
>>>
>>> tomcat.service looks like this
>>>
>>> [Unit] Description=The Jakarta Apache/Tomcat Server
>>> After=network.target
>>>
>>> [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start
>>> ExecStop=/etc/rc.d/init.d/tomcat7 stop
>>>
>>> [Install] WantedBy=multi-user.target
>>>
>>> # chmod 664 /etc/systemd/system/tomcat.service
>>>
>>> [root@vps init.d]# systemctl daemon-reload
>>>
>>> [root@vps init.d]# systemctl start tomcat.service Job for
>>> tomcat.service failed because the control process exited with
>>> error code. See "systemctl status tomcat.service" and "journalctl
>>> -xe" for details.
>>>
>>> [root@vps init.d]# systemctl status tomcat.service tomcat.service
>>> - The Jakarta Apache/Tomcat Server Loaded: loaded
>>> (/etc/systemd/system/tomcat.service; disabled; vendor preset:
>>> disabled) Active: failed (Result: exit-code) since Wed 2016-03-16
>>> 16:40:55 GMT; 18s ago Process: 4596
>>> ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
>>> status=203/EXEC)
>>>
>>> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
>>> Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com
>>> systemd[1]: tomcat.service: control process exited, code=exited
>>> status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to
>>> start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55
>>> vps.example.com systemd[1]: Unit tomcat.service entered failed
>>> state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service
>>> failed.
>>>
>>> tomcat7 fwiw
>>>
>>>
>>> # chkconfig: - 71 19 # description:  Start up the Tomcat servlet
>>> engine. # this is the startup file for the new version

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

[Lyallex]

It's the simplest way to find out which port you have Tomcat listening on

*NIX based systems don't allow non root uses bind to ports < 1024

jsvc
http://commons.apache.org/proper/commons-daemon/jsvc.html

solves this problem, nobody seems to have grasped that this is what I
was asking about.
I know of no way to start the container, on port 80 using either
startup.sh or catalina.sh using start, run or anything else.
If I'm wrong then I would love to see how it's done.

CentOS Linux release 7.2.1511 (Core)


On 19 March 2016 at 13:46, Daniel Savard <daniel.sav...@gmail.com> wrote:
> Why? What is the point? The server.xml has nothing to do with
> integration with systemd.
> -
> Daniel Savard
>
>
> 2016-03-19 1:40 GMT-04:00 Lyallex <lyal...@gmail.com>:
>> Would you mind posting your server.xml, here is the relevant bit from mine.
>>
>>  
>>
>> >connectionTimeout="2"
>>redirectPort="8443" />
>>
>> 
>>
>>   
>>
>> > resourceName="UserDatabase"/>
>>
>>   
>>
>>   > autoDeploy="true">
>>
>> > directory="logs"
>>prefix="localhost_access_log" suffix=".txt"
>>rotatable="false" pattern="combined" />
>>   
>>
>> 
>>   
>>
>> On 18 March 2016 at 23:35, Daniel Savard <daniel.sav...@gmail.com> wrote:
>>> I believe all distros have over engineered the scripts to start
>>> Tomcat. Forget all the scripts from your distro, learn the
>>> signification of the environment variables from the catalina.sh script
>>> shipped with the default Tomcat version. Define your variables in a
>>> file, this file is not a script, so you cannot reuse a previously
>>> defined variable, feed your systemd service definition file with this
>>> file in the service section as EnvironmentFile=/path/name/to/your/file
>>> ExecStart=/path/to/catalina.sh start
>>> ExecStop=/path/to/catalina.sh stop
>>>
>>> and you are done. You control everything from the environment file,
>>> you can easily manage the environment variables without editing the
>>> systemd's service file.
>>>
>>> It is much simpler than the OpenRC set of scripts at my humble
>>> opinion. I am running Gentoo at home and RHEL at work and both distros
>>> wrapped Tomcat into too many layers of scripts in order to make it
>>> working with OpenRC while none of these are required to run and manage
>>> Tomcat with systemd.
>>>
>>> In particular with Gentoo, I no longer use the Tomcat distro packaged
>>> with Gentoo because they separated the servlet api from Tomcat and you
>>> need to wrap things into layers of scripts to define the classpath
>>> properly taking this into account, the vanilla classpath.sh file
>>> distributed with Tomcat doesn't work and so one. Really, they did a
>>> very bad job at integrating Tomcat.
>>>
>>> Here is my service file:
>>>
>>> [Unit]
>>> Description=Tomcat 8 (Dev)
>>> After=syslog.target
>>> After=network.target
>>>
>>> [Service]
>>> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env
>>> Type=forking
>>> User=tomcat
>>> Group=tomcat
>>> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start
>>> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop
>>>
>>> [Install]
>>> WantedBy=multi-user.target
>>>
>>>
>>> And here is the content of my EnvironmentFile:
>>>
>>> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds"
>>> CATALINA_BASE="/tomcat/tomcat-8-dev"
>>> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out"
>>> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74"
>>> CATALINA_PID="/var/run/tomcat-8-dev.pid"
>>>
>>>
>>> -
>>> Daniel Savard
>>>
>>>
>>> 2016-03-18 13:31 GMT-04:00 Lyallex <lyal...@gmail.com>:
>>>> I thought you might be interested in the resolution to this.
>>>>
>>>> It turns out that we needed to reproduce the environment in tomcat.service
>>>>
>>>> For some reason
>>>>
>>>> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
>>>> (file shown at the end of this message)
>>>>

Re: systemd tomcat script for Linux EL7

[Lyallex]

Apologies for dredging this up but I'm having some problems with this.
Any ideas much appreciated.

Ii have been forced to move from a version of centOS the used the old
/etc/rc.d/init.d
way of doing things to a new version of CentOS that uses systemd. The
hosts can't or won't help because I'm using a 'non-standard setup'
Basically I'm using tomcat standalone on port 80 to serve up my site.
I use jsvc with a start/stop script in /etc/rc.d/init.d with symbolic
links in rc2.d, rc3.d. rc4.d and rc5.d This has been working
faultlessly for nearly 4 years.

I have installed Tomcat, Java and all required resources on the new
server, I have dulpicated the configuration in /etc but needless to
say when I restart the server Tomcat doesn't start

Starting from the command line as root with /etc/rc.d/init.d/tomcat7
works as it has always done and starts tomcat as root then switches to
an unprivileged, no login user (tomcat)

I followed your instructions and came up with the following

# touch /etc/systemd/system/tomcat.service
# nano /etc/systemd/system/tomcat.service

tomcat.service looks like this

 [Unit]
Description=The Jakarta Apache/Tomcat Server
After=network.target

[Service]
Type=forking
ExecStart=/etc/rc.d/init.d/tomcat7 start
ExecStop=/etc/rc.d/init.d/tomcat7 stop

[Install]
WantedBy=multi-user.target

# chmod 664 /etc/systemd/system/tomcat.service

[root@vps init.d]# systemctl daemon-reload

[root@vps init.d]# systemctl start tomcat.service
Job for tomcat.service failed because the control process exited with
error code. See "systemctl status tomcat.service" and "journalctl -xe"
for details.

[root@vps init.d]# systemctl status tomcat.service
 tomcat.service - The Jakarta Apache/Tomcat Server
   Loaded: loaded (/etc/systemd/system/tomcat.service; disabled;
vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2016-03-16 16:40:55 GMT; 18s ago
  Process: 4596 ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
status=203/EXEC)

Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
Apache/Tomcat Server...
Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service: control
process exited, code=exited status=203
Mar 16 16:40:55 vps.example.com systemd[1]: Failed to start The
Jakarta Apache/Tomcat Server.
Mar 16 16:40:55 vps.example.com systemd[1]: Unit tomcat.service
entered failed state.
Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service failed.

tomcat7 fwiw


# chkconfig: - 71 19
# description:  Start up the Tomcat servlet engine.
# this is the startup file for the new version
# 24/10/2013 by lyallex
# use java 7
# JAVA_HOME=/usr/local/java/jdk1.6.0_07
JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid


RC=0

case "$1" in

  start)

   $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
 -Xms512m \
 -Xmx1024m \
 -outfile $CATALINA_HOME/logs/catalina.out \
 -errfile $CATALINA_HOME/logs/catalina.err \
 -pidfile '/var/run/tc7/jsvc.pid' \
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
 -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
 -cp $CLASSPATH  \
 org.apache.catalina.startup.Bootstrap

RC=$?

[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"

   echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;

  stop)

PID=`cat /var/run/tc7/jsvc.pid`
kill $PID

   RC=$?

[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"

echo "tomcat stopped"
;;

  *)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC



TIA
Lyallex


On 5 June 2015 at 13:37, Ray Holme <rayho...@yahoo.com.invalid> wrote:
> That looks OK, but I would suggest the following.
> Put all the real stuff in a standard bash script with 3 parameters   start, 
> stop, restart- pretty much like the OLD system 5 way fo doing things.This has 
> the advantage of allowing you to add other things you might want to add AND 
> executing the script as root is pretty obvious. (I needed to add starting an 
> LibreOffice server and a few other daemons to get that going). Embed the 
>

Re: systemd tomcat script for Linux EL7

[Lyallex]

But that doesn't work for ports < 1024


On 17 March 2016 at 01:47, jieryn <jie...@gmail.com> wrote:
> Meh. It's short and sweet and working systemd unit file.
>
> [Unit]
> Description=Apache Tomcat Web Application Container
> [Service]
> User=tomcat
> Group=tomcat
> ExecStart=/usr/share/tomcat/bin/catalina.sh run
> [Install]
> WantedBy=multi-user.target
>
>
> On Wed, Mar 16, 2016 at 8:57 PM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> jieryn,
>>
>> On 3/16/16 1:36 PM, jieryn wrote:
>>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house
>> - -of-horror/tomcat.html
>>
>> Wow,
>>>
>> lots of ranting about environment variables and little-used PID
>> files.
>>
>> If the author only understood the reasons behind the way catalina.sh
>> works, he might not have embarrassed himself.
>>
>> It must be hard being so smart and important that you have to quit the
>> Internet for good[1].
>>
>> - -chris
>>
>> [1]
>> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth
>> or.html#SMTP
>>
>>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex <lyal...@gmail.com>
>>> wrote:
>>>> Apologies for dredging this up but I'm having some problems with
>>>> this. Any ideas much appreciated.
>>>>
>>>> Ii have been forced to move from a version of centOS the used the
>>>> old /etc/rc.d/init.d way of doing things to a new version of
>>>> CentOS that uses systemd. The hosts can't or won't help because
>>>> I'm using a 'non-standard setup' Basically I'm using tomcat
>>>> standalone on port 80 to serve up my site. I use jsvc with a
>>>> start/stop script in /etc/rc.d/init.d with symbolic links in
>>>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly
>>>> for nearly 4 years.
>>>>
>>>> I have installed Tomcat, Java and all required resources on the
>>>> new server, I have dulpicated the configuration in /etc but
>>>> needless to say when I restart the server Tomcat doesn't start
>>>>
>>>> Starting from the command line as root with
>>>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts
>>>> tomcat as root then switches to an unprivileged, no login user
>>>> (tomcat)
>>>>
>>>> I followed your instructions and came up with the following
>>>>
>>>> # touch /etc/systemd/system/tomcat.service # nano
>>>> /etc/systemd/system/tomcat.service
>>>>
>>>> tomcat.service looks like this
>>>>
>>>> [Unit] Description=The Jakarta Apache/Tomcat Server
>>>> After=network.target
>>>>
>>>> [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start
>>>> ExecStop=/etc/rc.d/init.d/tomcat7 stop
>>>>
>>>> [Install] WantedBy=multi-user.target
>>>>
>>>> # chmod 664 /etc/systemd/system/tomcat.service
>>>>
>>>> [root@vps init.d]# systemctl daemon-reload
>>>>
>>>> [root@vps init.d]# systemctl start tomcat.service Job for
>>>> tomcat.service failed because the control process exited with
>>>> error code. See "systemctl status tomcat.service" and "journalctl
>>>> -xe" for details.
>>>>
>>>> [root@vps init.d]# systemctl status tomcat.service tomcat.service
>>>> - The Jakarta Apache/Tomcat Server Loaded: loaded
>>>> (/etc/systemd/system/tomcat.service; disabled; vendor preset:
>>>> disabled) Active: failed (Result: exit-code) since Wed 2016-03-16
>>>> 16:40:55 GMT; 18s ago Process: 4596
>>>> ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
>>>> status=203/EXEC)
>>>>
>>>> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
>>>> Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com
>>>> systemd[1]: tomcat.service: control process exited, code=exited
>>>> status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to
>>>> start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55
>>>> vps.example.com systemd[1]: Unit tomcat.service entered failed
>>>> state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service
>>>> failed.
>>>>
>>>> tomcat7 fwiw
>>>>
>>>>
>>>> #

porting jsvc startup script from init.d to systemd tomcat.service, resolved

[Lyallex]

I thought you might be interested in the resolution to this.

It turns out that we needed to reproduce the environment in tomcat.service

For some reason

ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
(file shown at the end of this message)

Instead, in  /etc/systemd/system/tomcat.service
we have had to reproduce the environment in longhand to get it to work.
It appears that systemd doesn't expand variables so I really need to
investigate the systemd Environment thing a bit more.
Anyway, when I shutdown -r now the server comes back up and tomcat is
running at the unprivileged tomcat user on port 80 so that's a result

== /etc/systemd/system/tomcat.service 
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking
User=root

ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
-user tomcat \
-home /opt/jdk1.7.0_45 \
-Dcatalina.home=/opt/apache-tomcat-7.0.42 \
-Dcatalina.base=/opt/apache-tomcat-7.0.42 \
-Djava.io.tmpdir=/var/tmp \
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
-errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
-pidfile /var/run/tc7/jsvc.pid \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
\
-cp 
/opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
\
org.apache.catalina.startup.Bootstrap

ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid

[Install]
WantedBy=multi-user.target


Oh happy day
Thanks again to all responders

Lyallex

= /etc/rc.d/init.d/tomcat7  =

JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid


RC=0

case "$1" in

  start)

   $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
 -Xms512m \
 -Xmx1024m \
 -outfile $CATALINA_HOME/logs/catalina.out \
 -errfile $CATALINA_HOME/logs/catalina.err \
 -pidfile '/var/run/tc7/jsvc.pid' \
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
 -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
 -cp $CLASSPATH  \
 org.apache.catalina.startup.Bootstrap

RC=$?

[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;

  stop)

PID=`cat /var/run/tc7/jsvc.pid`
kill $PID

   RC=$?

[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"

echo "tomcat stopped"
;;

  *)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: systemd tomcat script for Linux EL7

[Lyallex]

Firstly apologies to anyone I have sent an unsolicited reply to
personally, Stupid, tired, It won't happen again

Thanks to all for the responses so far

The problem with using the startup and shutdown scripts is that the
process ends up running as root. As any
server admin worth his salt will tell you, running a 'public facing'
service as root is a bad idea.

The whole point of using jsvc is that you can start the container as
root and switch to a non-privileged user later on.

Thanks to those who have offered systemd type solutions, unfortunately
none of them work on CentOS Linux release 7.2.1511. I now face the
prospect of having to wade through the systemd docs and spend as much
as needed experimenting to get this to work as required, still, I have
nothing better to do !

Thanks again
Lyallex

On 17 March 2016 at 11:41, jieryn <jie...@gmail.com> wrote:
> ExecStartPre=/usr/sbin/setcap 'cap_net_bind_service=+ep'
> /usr/share/tomcat/bin/catalina.sh
>
> I see a lot of advice for start/stop instead of run within systemd
> unit files, both here and in the wild. The gem in the rant I linked is
> about start vs run. Sorry if you didn't see it.
>
> On Thu, Mar 17, 2016 at 1:42 AM, Lyallex <lyal...@gmail.com> wrote:
>> But that doesn't work for ports < 1024
>>
>>
>> On 17 March 2016 at 01:47, jieryn <jie...@gmail.com> wrote:
>>> Meh. It's short and sweet and working systemd unit file.
>>>
>>> [Unit]
>>> Description=Apache Tomcat Web Application Container
>>> [Service]
>>> User=tomcat
>>> Group=tomcat
>>> ExecStart=/usr/share/tomcat/bin/catalina.sh run
>>> [Install]
>>> WantedBy=multi-user.target
>>>
>>>
>>> On Wed, Mar 16, 2016 at 8:57 PM, Christopher Schultz
>>> <ch...@christopherschultz.net> wrote:
>>>> -BEGIN PGP SIGNED MESSAGE-
>>>> Hash: SHA1
>>>>
>>>> jieryn,
>>>>
>>>> On 3/16/16 1:36 PM, jieryn wrote:
>>>>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house
>>>> - -of-horror/tomcat.html
>>>>
>>>> Wow,
>>>>>
>>>> lots of ranting about environment variables and little-used PID
>>>> files.
>>>>
>>>> If the author only understood the reasons behind the way catalina.sh
>>>> works, he might not have embarrassed himself.
>>>>
>>>> It must be hard being so smart and important that you have to quit the
>>>> Internet for good[1].
>>>>
>>>> - -chris
>>>>
>>>> [1]
>>>> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth
>>>> or.html#SMTP
>>>>
>>>>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex <lyal...@gmail.com>
>>>>> wrote:
>>>>>> Apologies for dredging this up but I'm having some problems with
>>>>>> this. Any ideas much appreciated.
>>>>>>
>>>>>> Ii have been forced to move from a version of centOS the used the
>>>>>> old /etc/rc.d/init.d way of doing things to a new version of
>>>>>> CentOS that uses systemd. The hosts can't or won't help because
>>>>>> I'm using a 'non-standard setup' Basically I'm using tomcat
>>>>>> standalone on port 80 to serve up my site. I use jsvc with a
>>>>>> start/stop script in /etc/rc.d/init.d with symbolic links in
>>>>>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly
>>>>>> for nearly 4 years.
>>>>>>
>>>>>> I have installed Tomcat, Java and all required resources on the
>>>>>> new server, I have dulpicated the configuration in /etc but
>>>>>> needless to say when I restart the server Tomcat doesn't start
>>>>>>
>>>>>> Starting from the command line as root with
>>>>>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts
>>>>>> tomcat as root then switches to an unprivileged, no login user
>>>>>> (tomcat)
>>>>>>
>>>>>> I followed your instructions and came up with the following
>>>>>>
>>>>>> # touch /etc/systemd/system/tomcat.service # nano
>>>>>> /etc/systemd/system/tomcat.service
>>>>>>
>>>>>> tomcat.service looks like this
>>>>>>
>>>>>> [Unit] Description=The Jakarta Apache/Tomcat Server
>>>>>> After=network.target
>

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

[Lyallex]

Would you mind posting your server.xml, here is the relevant bit from mine.

 





  



  

  


  


  

On 18 March 2016 at 23:35, Daniel Savard <daniel.sav...@gmail.com> wrote:
> I believe all distros have over engineered the scripts to start
> Tomcat. Forget all the scripts from your distro, learn the
> signification of the environment variables from the catalina.sh script
> shipped with the default Tomcat version. Define your variables in a
> file, this file is not a script, so you cannot reuse a previously
> defined variable, feed your systemd service definition file with this
> file in the service section as EnvironmentFile=/path/name/to/your/file
> ExecStart=/path/to/catalina.sh start
> ExecStop=/path/to/catalina.sh stop
>
> and you are done. You control everything from the environment file,
> you can easily manage the environment variables without editing the
> systemd's service file.
>
> It is much simpler than the OpenRC set of scripts at my humble
> opinion. I am running Gentoo at home and RHEL at work and both distros
> wrapped Tomcat into too many layers of scripts in order to make it
> working with OpenRC while none of these are required to run and manage
> Tomcat with systemd.
>
> In particular with Gentoo, I no longer use the Tomcat distro packaged
> with Gentoo because they separated the servlet api from Tomcat and you
> need to wrap things into layers of scripts to define the classpath
> properly taking this into account, the vanilla classpath.sh file
> distributed with Tomcat doesn't work and so one. Really, they did a
> very bad job at integrating Tomcat.
>
> Here is my service file:
>
> [Unit]
> Description=Tomcat 8 (Dev)
> After=syslog.target
> After=network.target
>
> [Service]
> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env
> Type=forking
> User=tomcat
> Group=tomcat
> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start
> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop
>
> [Install]
> WantedBy=multi-user.target
>
>
> And here is the content of my EnvironmentFile:
>
> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds"
> CATALINA_BASE="/tomcat/tomcat-8-dev"
> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out"
> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74"
> CATALINA_PID="/var/run/tomcat-8-dev.pid"
>
>
> -
> Daniel Savard
>
>
> 2016-03-18 13:31 GMT-04:00 Lyallex <lyal...@gmail.com>:
>> I thought you might be interested in the resolution to this.
>>
>> It turns out that we needed to reproduce the environment in tomcat.service
>>
>> For some reason
>>
>> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
>> (file shown at the end of this message)
>>
>> Instead, in  /etc/systemd/system/tomcat.service
>> we have had to reproduce the environment in longhand to get it to work.
>> It appears that systemd doesn't expand variables so I really need to
>> investigate the systemd Environment thing a bit more.
>> Anyway, when I shutdown -r now the server comes back up and tomcat is
>> running at the unprivileged tomcat user on port 80 so that's a result
>>
>> == /etc/systemd/system/tomcat.service 
>> [Unit]
>> Description=Apache Tomcat Web Application Container
>> After=network.target
>>
>> [Service]
>> Type=forking
>> User=root
>>
>> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
>> -user tomcat \
>> -home /opt/jdk1.7.0_45 \
>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \
>> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \
>> -Djava.io.tmpdir=/var/tmp \
>> -Djava.awt.headless=true \
>> -Xms512m \
>> -Xmx1024m \
>> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
>> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
>> -pidfile /var/run/tc7/jsvc.pid \
>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
>> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
>> \
>> -cp 
>> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
>> \
>> org.apache.catalina.startup.Bootstrap
>>
>> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
>> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
>>
>> [Install]
>> WantedBy=multi-user.target
>>
>>
>> Oh happy day
>> Thanks again to all responders
>>
>> Lyall

Re: How to comply with http://www.sitemaps.org/protocol.html#location

[Lyallex]

Oh ... well ... how smart is that, works like a dream, nice one

Thanks
Lyallex

On 14 March 2016 at 10:34, Terence M. Bandoian <tere...@tmbsw.com> wrote:
> On 3/13/2016 10:23 AM, Lyallex wrote:
>>
>> CentOS 5.2
>> jdk1.7.0_45
>> apache-tomcat-7.0.42
>> no httpd, tomcat only, one webapp ROOT.war
>>
>> According to the documentation at
>>
>> http://www.sitemaps.org/protocol.html#location
>>
>> An xml sitemap should appear in the context root, if it dosn't it can
>> only contain a limited set of urls.
>>
>> Currently, whenever I add a new product for sale I auto generate
>> sitemap.xml and write it to a remote context called sitemap giving me
>> the sitemap URL
>>
>> www.mysite.com/sitemap/sitemap.xml which I detail in robots.txt
>>
>> However this is apparently incorrect and sitemap.xml should live at
>> www.mysite.com/sitemap.xml. Unfortunately it is not possible to write
>> to the root of my web app on the fly so how do people deal with this ?
>>
>> Thanks
>> Lyallex
>>
>
>
> One solution might be to write a servlet mapped to /sitemap.xml that reads
> sitemap.xml from an alternate location and sends the contents as a response
> to any requests for /sitemap.xml
>
> -Terence Bandoian
>  http://www.tmbsw.com/
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

How to comply with http://www.sitemaps.org/protocol.html#location

[Lyallex]

CentOS 5.2
jdk1.7.0_45
apache-tomcat-7.0.42
no httpd, tomcat only, one webapp ROOT.war

According to the documentation at

http://www.sitemaps.org/protocol.html#location

An xml sitemap should appear in the context root, if it dosn't it can
only contain a limited set of urls.

Currently, whenever I add a new product for sale I auto generate
sitemap.xml and write it to a remote context called sitemap giving me
the sitemap URL

www.mysite.com/sitemap/sitemap.xml which I detail in robots.txt

However this is apparently incorrect and sitemap.xml should live at
www.mysite.com/sitemap.xml. Unfortunately it is not possible to write
to the root of my web app on the fly so how do people deal with this ?

Thanks
Lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7 ssl by default

[Lyallex]

On 18 December 2014 at 14:06, Christopher Schultz
ch...@christopherschultz.net wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Duncan,

 On 12/18/14 4:18 AM, Lyallex wrote:
 On 17 December 2014 at 22:37, Christopher Schultz
 ch...@christopherschultz.net wrote: Duncan,

 On 12/17/14 12:32 PM, Lyallex wrote:
 Yea I thought of this, the problem is I currently have a user
 area that requires a login and all this is currently
 configured in web.xml and I'm not sure how all this will fit
 together. I'll try a few things out and see what happens.

 You can have multiple, overlapping security-constraints. One of
 them (which covers the whole site) will require HTTPS, the other
 (existing one) will require authentication and authorization, but
 only for certain (again, existing) URL patterns.

 Should be no problem.

 You are correct, I followed Marks instructions, set up a new
 security constraint and restarted the server now when I access
 localhost I get 'redirected' to https://localhost which is what I
 wanted, it was the whole overlapping security-constraint thing
 that was vexing me somewhat.

 I can also log into my user and admin areas as normal which is a
 relief but I'm getting some problems with AJAX not updating the
 live areas of my site so I'll have to look into that.

 Now I know this is probably OT but I'm in the UK and was
 wondering if anyone has found a UK certification co that has
 decent customer support as I now have to figure out how to buy
 and install a certificate with the right params in a standalone
 Tomcat instance. My server hosts don't offer support in this area
 as they seem to be obsessed with Apache httpd :-(

 You can use keytool to create your CSR and give it to the CA, and when
 they give you back a PEM-encoded .crt file, you can import it back
 into keytool, you just need to know the magic words to do it. So it
 doesn't matter what the CA says they officially support; you should be
 able to handle whatever they give you, since it's all X.509 no matter
 what.

I have the keytool stuff working now, I can create keystores and CSRs and what
have you and access my site on staging (with the obvious warnings etc)

Actually some of the CAs have tools on their websites

example: https://www.digicert.com/csr-creation.htm

I use the tool then take the resulting command string to bits so I can
figure out
what's going on, great fun. (I really must get a life).

 If you want to get a free certificate, try StartCom (startssl.com).
 They are trusted by most browsers and offer no-cost standard SSL
 certificates. You have to pay if you want EV certs, or if you want to
 revoke a cert you've requested in the past. They can also do
 code-signing certs and other things, for a fee.

OK, thanks for the heads up. Obviously the cert I end up with needs to
be as widely recognized as possible
so I'm currently looking at all the browsers I have here (on laptops,
tablets, smart phones, whatever gizmo) to see which CAs
appear most frequently.

Thanks to all for the advice, I'll probably be back when it all goes
horribly wrong :-)

Duncan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7 ssl by default

[Lyallex]

On 17 December 2014 at 22:37, Christopher Schultz
ch...@christopherschultz.net wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Duncan,

 On 12/17/14 12:32 PM, Lyallex wrote:
 Yea I thought of this, the problem is I currently have a user area
 that requires a login and all this is currently configured in
 web.xml and I'm not sure how all this will fit together. I'll try a
 few things out and see what happens.

 You can have multiple, overlapping security-constraints. One of them
 (which covers the whole site) will require HTTPS, the other (existing
 one) will require authentication and authorization, but only for
 certain (again, existing) URL patterns.

 Should be no problem.

You are correct, I followed Marks instructions, set up a new security
constraint and restarted the server
now when I access localhost I get 'redirected' to https://localhost
which is what I wanted, it was the whole overlapping
security-constraint thing that was vexing me somewhat.

I can also log into my user and admin areas as normal which is a
relief but I'm getting some problems with AJAX not updating the live
areas of my site so I'll have to look into that.

Now I know this is probably OT but I'm in the UK and was wondering if
anyone has found a UK certification co that has decent customer
support as I now have to figure out how to buy and install a
certificate with the right params in a standalone Tomcat instance.
My server hosts don't offer support in this area as they seem to be
obsessed with Apache httpd :-(

Many thanks
Duncan





 - -chris

 On 17 December 2014 at 17:20, Mark Thomas ma...@apache.org
 wrote:
 On 17/12/2014 17:10, Lyallex wrote:
 Tomcat 7.0.42 jdk1.7.0_51 Ubuntu 12.04/CentOS dev/deploy

 I have been reading more and more about Google and the like
 prioritising sites that employ https/ssl by default. Currently
 my site does not use https but delegates payment to a secure
 payment provider who does, thusly I have avoided going through
 the pain of certification etc, now it appears I have little
 option but to implement https site wide. I have managed to get
 a keystore going and have configured tomcat to serve a self
 signed certificate when accessing the site by https (default
 port 443)

 so http://localhost accesses the home page and
 https://localhost pops up a warning in Firefox regarding an
 unknown certification authority. This is all good and I'm
 pretty sure I understand so far.

 I have noticed that if I type http://www.google.co.uk in to a
 browser the address is automatically changed (redirected) to
 https://www.google.co.uk and I would like the same to happen to
 my site.

 Here is the question. Is this 'redirection' something I need to
 configure myself , (can it be done in server.xml for example)
 or is this something the people I rent my server from need to
 do at their end.

 It depends on exactly how things are set up.

 The first thing I would try is adding something like the
 following to your web.xml:

 security-constraint web-resource-collection
 web-resource-nameEverything/web-resource-name
 url-pattern/*/url-pattern /web-resource-collection
 user-data-constraint
 transport-guaranteeCONFIDENTIAL/transport-guarantee
 /user-data-constraint /security-constraint

 If I have remembered my syntax correctly, that should route
 every request to https if it isn't already.

 Mark


 -


 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -


 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUkgWTAAoJEBzwKT+lPKRYVgYP/0MIsch7SiF2bcMqJtDG7Ovn
 OFSRej7i+6Mjd0efs6h7QKUqAep8C0QKufOFH7Isn2aZa2TYLQXWIKVJtDqbAqz+
 92K/gpWtZ2FGkB/Qg0GNPWNg/em5u/XWJeFjqMPfufZIk/yIZkMByFzDjXiuS/0n
 rIdadWqzjvkMJcKAfRzO5CuVPcennzovSLB2/ReGA4lYLzc7b81Stxe+6pE0JBg/
 XVzu0BFLuBfKHL0KYL/7TFaYQOpbkSc0ROS3UtzNVNyquXMwYjqCDImpcElvnYYZ
 XX1eMNFnOf6M+sPItHllJiWHzaQYd3vA9axHeE5/F5XiXruYr8V714jRdQH+XCwX
 FxcalpMw3wbw8OVwFkRZKzlbBhDeWJiurT2vIols5rHjqtrOwDDMrwt7Nzx57VUD
 5HTBb+Ghk8lMFfd/VSh6+NjFfqwp5yAvlUhU4PqNrEkjmx150/JBYa9cfVNFwnk7
 Wbfb3sWsTzrYPIgw5yOzoI9X3R5gALFBpRqjnhdrJw0wht8s4GNJbpwq4zwQiGto
 PSyW3mUnMrxarTK4Wq+enRSaQQWgc7BMELdrsH0ixwG8EAA5gCRhfBSV6SVcGAaY
 tyuNgJv6Pt+C3xQW/BaXOe24mmxuVmjJU0G6A2oFnPiC3J/gbiwPECjFIAR7yEWp
 5ZRKipmvLh3vAoJcvvgR
 =hjT0
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail

Tomcat 7 ssl by default

[Lyallex]

Tomcat 7.0.42
jdk1.7.0_51
Ubuntu 12.04/CentOS dev/deploy

I have been reading more and more about Google and the like
prioritising sites that employ https/ssl by default. Currently my site
does not use https but delegates payment to a secure payment provider
who does, thusly I have avoided going through the pain of
certification etc, now it appears I have little option but to
implement https site wide. I have managed to get a keystore going and
have configured tomcat to serve a self signed certificate when
accessing the site by https (default port 443)

so http://localhost accesses the home page
and https://localhost pops up a warning in Firefox regarding an
unknown certification authority. This is all good and I'm pretty sure
I understand so far.

I have noticed that if I type http://www.google.co.uk in to a browser
the address is automatically changed (redirected) to
https://www.google.co.uk and I would like the same to happen to my
site.

Here is the question.
Is this 'redirection' something I need to configure myself , (can it
be done in server.xml for example) or is this something the people I
rent my server from need to do at their end.

TIA
Duncan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7 ssl by default

[Lyallex]

Yea I thought of this, the problem is I currently have a user area
that requires a login and all this is currently configured in web.xml
and I'm not sure how all this will fit together. I'll try a few things
out and see what happens.

Thanks for taking the time to respond

Duncan

On 17 December 2014 at 17:20, Mark Thomas ma...@apache.org wrote:
 On 17/12/2014 17:10, Lyallex wrote:
 Tomcat 7.0.42
 jdk1.7.0_51
 Ubuntu 12.04/CentOS dev/deploy

 I have been reading more and more about Google and the like
 prioritising sites that employ https/ssl by default. Currently my site
 does not use https but delegates payment to a secure payment provider
 who does, thusly I have avoided going through the pain of
 certification etc, now it appears I have little option but to
 implement https site wide. I have managed to get a keystore going and
 have configured tomcat to serve a self signed certificate when
 accessing the site by https (default port 443)

 so http://localhost accesses the home page
 and https://localhost pops up a warning in Firefox regarding an
 unknown certification authority. This is all good and I'm pretty sure
 I understand so far.

 I have noticed that if I type http://www.google.co.uk in to a browser
 the address is automatically changed (redirected) to
 https://www.google.co.uk and I would like the same to happen to my
 site.

 Here is the question.
 Is this 'redirection' something I need to configure myself , (can it
 be done in server.xml for example) or is this something the people I
 rent my server from need to do at their end.

 It depends on exactly how things are set up.

 The first thing I would try is adding something like the following to
 your web.xml:

   security-constraint
 web-resource-collection
   web-resource-nameEverything/web-resource-name
   url-pattern/*/url-pattern
 /web-resource-collection
 user-data-constraint
   transport-guaranteeCONFIDENTIAL/transport-guarantee
 /user-data-constraint
   /security-constraint

 If I have remembered my syntax correctly, that should route every
 request to https if it isn't already.

 Mark


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Running Tomcat under jsvc - logging problems

[Lyallex]

On 4 December 2012 21:18, Konstantin Kolinko knst.koli...@gmail.com wrote:

 2012/12/5 Lyallex lyal...@gmail.com:
  On 4 December 2012 19:41, Konstantin Kolinko knst.koli...@gmail.com
 wrote:
 
  2012/12/4 Lyallex lyal...@gmail.com:
   On 4 December 2012 18:50, Konstantin Kolinko knst.koli...@gmail.com
  wrote:

 [snip]


 Moreover, I think it should run just fine with an older jsvc.


OK, thanks for your assistance, it seems fairly obvious then that there is
some aspect of the logging config that I've missed.

I've never really got my head around logging, It's a bit like a washing
machine, I don't know or care how it works, it just does.
I suppose I'll have to start reading ... I've just got so many more
interesting things to be getting on with.

Ho Hum

Thanks again
Lyallex

Running Tomcat under jsvc - logging problems

[Lyallex]

Hi

apache-tomcat-6.0.36
CentOS
uname -m = i686
uname -r = 2.6.18-028stab070.14-ent
uname -s = Linux :-)
jdk1.6.0_07

I have recently upgraded my production server from apache-tomcat-6.0.18 to
6.0.36 so that my live and dev
env's are as similar as possible

6.0.18 runs fine and logs as expected, this version was already installed
when I
started renting the server from the hosting company, it runs as user tomcat
under jsvc.

I compiled jsvc from the source included in the 6.0.36 distro
following the instructions in the tomcat docs and copied
/etc/init.d/tomcat6 (the old start/stop script) to
/etc/init.d/tomcat. I modified the file to point to the new version and
started the server
/etc/init.d/tomcat has been pasted at http://pastebin.com/ihGDJb1C for your
perusal should you wish.

Actually Tomcat runs fine, it serves my site and carries a good load (200+
sessions concurrently with no apparent degradation)
there is no Apache front end, Tomcat runs standalone. The problem is with
the logging

/etc/init.d/tomcat has the following two lines

-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.err \

And here's the problem. Most of the logging output ends up in catalina.err
even though there are no errors in the logs
occasionally a few lines from my application loggers end up in
catalina.out. I also have logging.properties
in WEB-INF/classes. This has been around ever since I deployed the first
version of my app a couple of years ago
and has always produced the expected output. Now I get nothing.

The hosting companies preferred solution is to recompile tomcat 'for a one
off fee' (I kid you not). I'm pretty sure that Tomcat doesn't need
rebuilding to run under jsvc
and if it does I'm quite capable of building it myself, so no help there
then ...

logging.properties reproduced below just FYI if you want it.

Any advice on how I can get the logging working will be much appreciated


Lyallex



handlers = org.apache.juli.FileHandler, java.util.logging.ConsoleHandler


# Handler specific properties.
# Describes specific configuration info for Handlers.


org.apache.juli.FileHandler.level = ALL
org.apache.juli.FileHandler.directory = ${catalina.base}/logs
org.apache.juli.FileHandler.prefix = MyApp.

java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter =
java.util.logging.SimpleFormatter

Re: Running Tomcat under jsvc - logging problems

[Lyallex]

On 4 December 2012 18:50, Konstantin Kolinko knst.koli...@gmail.com wrote:

 [snip]



 
  Any advice on how I can get the logging working will be much appreciated
 
 
  Lyallex
 
 
 
  handlers = org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
 
  
  # Handler specific properties.
  # Describes specific configuration info for Handlers.
  
 
  org.apache.juli.FileHandler.level = ALL
  org.apache.juli.FileHandler.directory = ${catalina.base}/logs
  org.apache.juli.FileHandler.prefix = MyApp.
 
  java.util.logging.ConsoleHandler.level = ALL
  java.util.logging.ConsoleHandler.formatter =
  java.util.logging.SimpleFormatter



 1. java.util.logging.ConsoleHandler prints to System.err.

 Some other console logging implementations log to System.out.

 Do you need a ConsoleHandler at all? (You are effectively printing the
 same log messages into two places a) ConsoleHandler, b) FileHandler ).


Well possibly not but it's irrelevant as logging.properties is being
ignored
so I don't get the output anyway, particularly I get no log file named
MyApp ...



 2. To initialize logging properly you need to configure system
 properties java.util.logging.config.file and
 java.util.logging.manager
 the same way as they are set by catalina.sh file.

 Have you specified the java.util.logging.manager property in your
 arguments to jsvc?


Well no but then I never had it with 6.0.18 and that logged perfectly,
also catalina.sh is not executed when running under jsvc but I think you may
just be using that as an example ... I hope

sigh

I'll look into it

Thanks
Lyallex


 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Running Tomcat under jsvc - logging problems

[Lyallex]

On 4 December 2012 19:41, Konstantin Kolinko knst.koli...@gmail.com wrote:

 2012/12/4 Lyallex lyal...@gmail.com:
  On 4 December 2012 18:50, Konstantin Kolinko knst.koli...@gmail.com
 wrote:
 
 [snip]





 I do not know why it worked in 6.0.18.


No, nor do I but I've (apparently) reproduced the 0.18 config for the 0.36
instance and the logging works in the former
and not in the latter

I just need to get something straight, maybe you can help me.

I say that Tomcat 6.0.36 binary distribution should run under jsvc without
needing a recompile.
Is this correct (I hope it is because it's running fine right now out of
the box except for the logging)

Thanks for taking the time to reply
Lyallex



 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: This is just plain ... odd.

[Lyallex]

  I have a facade that publishes a method that contracts to return a
  list of categories ordered alphabetically

 All problems in computer science can be solved by another layer of
 abstraction. Sure you can't fit a Proxy to a Service in there?


Hmm an oldie but goodie we can discuss software analysis and design if you
like
but it's a bit OT.


 [snip]



 What does that custom tag do? A beer says it sorts something. Or,
 maybe you have some silly client-side process that sorts the entries
 after they are loaded into the browser.


Well I quite like Wadworth 6X I'll give you my paypal account address and
you can deposit £3.30 :-))
I can assure you I'm quite familiar with my own code and no secondary sort
is going on.

As succinctly as possible

MySQL returns results sorted by primary key by default AFAIAA
no explicit sorting is done in the database access code

/* Category server (database access) */
public ListCategory getCategories(Connection conn) throws
CategoryServerException{
String sql = select * from Category;

populate list then return it NO SORTING

/* facade deals with transactional connections etc*/
public ListCategory getAllCategories() throws CategoryException
CategoryServer categories = new CategoryServer();
allcats = categories.getCategories(conn);
Collections.sort(allcats);

/* Initialization servlet */
CategoryFacade cats = new CategoryFacade();
ListCategory categories = cats.getAllCategories();
getServletContext().setAttribute(WebConstants.ALPHACATS, categories);

/* CategoryWriter custom tag */
ListCategory cats =(ListCategory)
pageContext.getServletContext().getAttribute(WebConstants.ALPHACATS);
IteratorCategory iter = cats.iterator();
Category c = null;
StringBuffer buf = new StringBuffer();
 while(iter.hasNext()){
   //build the output
//output it

That's it, really, there is no more

I need to get to the bottom of this as it's bugging the hell out of me
a pound to a penny says it's something simple/stupid. I'll try what you
suggest re wrapping the collection

Thanks

Lyallex

Re: This is just plain ... odd.

[Lyallex]

Don't shout at me for top posting
In this instance it's justified

Thanks for your continued work on this. I have to get some lines of code
down
as release date is fast approaching but I will try your code as soon as I
have time

Thanks for you continued work on this

Lyallex

On 9 November 2012 05:08, Christopher Schultz
ch...@christopherschultz.netwrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Russ,

 On 11/8/12 6:05 PM, Russ Kepler wrote:
  On Thursday, November 08, 2012 07:36:20 PM Lyallex wrote:
 
  The only difference between the two executions is the fact that
  the test code executes in it's own instance of the JVM whereas
  the other execution runs in an instance shared with the
  container.
 
  I accept that the behaviour may be undefined even though it is
  consistently repeatable in both environments but surely given
  everything else being equal the results should be the same ... or
  maybe I'm just losing the plot.
 
  No, you're right but just missing some small difference in the
  environments.
 
  I'd verify that you get the same input data in the same order in
  both cases, and that you're starting with the same size container
  [...]

 After writing a bench test that I couldn't get to fail, your comment
 here tripped a thought in my brain: the container size. So, I added
 an element to my list of Strings and boom: failure. It turns out that
 the collection size doesn't matter: I just hadn't been iterating
 enough, so I added a loop that will run until the initial sorted order
 doesn't match the re-sorted order (with shuffles in between).

 Lyallex, see the code below: it will fail after a few iterations to
 produce the same element ordering. Switch from BrokenSorter to
 WorkingSorter and you'll find that it runs forever.

 Are you *sure* that your database always returns the items in the same
 order? If you plan on sorting alphabetically later, why bother sorting
 by id when fetching? Unless you are really sorting by id when
 fetching, the data can come back in any order. It may *often* be in
 entry-sequenced order, but it is certainly not guaranteed to be.

 The code below shows that, without any funny business, the sort can
 work sometimes and not in others.

 Enjoy,
 - -chris

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;

 public class SortTest
 {
 public static void main(String[] args)
 {
 String[] fruits = new String[] {
 Apples,
 Bananas,
 Coconuts,
 Dates,
 Eggplants,
 Figs,
 Grapefruits,
 Honeydews,
 Ilamas,
 Jambolans,
 Kepels,
 Lemons,
 Miscellaneous,
 Nectarines
 };

 ListString fruitList = Arrays.asList(fruits);

 ComparatorString sorter = new BrokenSorter();

 System.out.println(Initial order:  + fruitList);

 Collections.sort(fruitList, sorter);
 System.out.println(Sort 1:  + fruitList);

 ListString saved = new ArrayListString(fruitList);

 int i = 1;
 do
 {
 Collections.shuffle(fruitList);
 Collections.sort(fruitList, sorter);
 System.out.println(Sort  + (++i) + :  + fruitList);
 }
 while(fruitList.equals(saved));
 System.out.println(Stopped after  + i +  iterations because
 the list did not sort the same way.);
 }

 static class BrokenSorter
   implements ComparatorString
 {
 @Override
 public int compare(String a, String b)
 {
   if(a.equals(Miscellaneous))
   return 1;
   return a.compareTo(b);
 }
 }
 static class WorkingSorter
   implements ComparatorString
 {
 @Override
 public int compare(String a, String b)
 {
   if(a.equals(Miscellaneous))
   return 1;

   if(b.equals(Miscellaneous))
   return -1;

   return a.compareTo(b);
 }
 }
 }
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

 iEYEARECAAYFAlCcj7cACgkQ9CaO5/Lv0PBpawCeORBT62XWcjyw+SruT6Bhkh50
 sDEAn1ZjSiPR70+DV/QVBFOjXKjH498o
 =F3QS
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

This is just plain ... odd.

[Lyallex]

Java 1.6
Tomcat 6.0.35
Ubuntu Linux 12.04

I thought about posting this to a Java list but I can't
reproduce it 'standalone' so I thought I'd have a go here.

It's quite long and involved...

I have a web application that lists items for sale by category

I have a facade that publishes a method that contracts to return
a list of categories ordered alphabetically
The category 'Miscellaneous' is required to be appended to the end of the
list.

My facade calls out to a database server that returns a ListCategory
in random order. I then call collections.sort on the list and return the
result.

I've been messing around with various things and I have come up against a
very
strange problem.

One way of satisfying the contract is to write the Category class as follows
I'm not suggesting this is in any way acceptable industrial strength
code, I'm doing it to illustrate a point.

public class Category implements ComparableCategory{

private Integer categoryId = 0;
private String category = ;

   @Override
   public int compareTo(Category c) {
  if(category.equals(Miscellaneous)){
  return 1;
   }
   else{
  return category.compareTo(c.category);
   }
}

etc

If I test this by running a client of the facade
I get the expected results, the list is ordered as required with
Miscellaneous on the end

However, and here's the thing, When my app starts
an initialisation servlet runs, calls the facade method
and puts the resulting List on the application context.
When I render the list via a custom tag the list has
in some way been altered so that the String
Miscellaneous is in it's 'natural' position
not what I want at all.

I have tried everything I can think of to reproduce this behaviour
in a standalone Java program but the list is always returned
as required. When I call the method from a servlet the list is always
returned
in it's natural order, I know collections.sort is being executed as
the list is in alpha order, it's almost as if the comparator is being
replaced in some way

I have no servlet filters or any other code 'in the way' between the facade
and the initialization servlet.

Any ideas ?

TIA

Lyallex

Re: This is just plain ... odd.

[Lyallex]

 I'm not sure that you can ever get consistent results if the input order is
 random.


Well perhaps 'random' was a bit 'random' the select returns the data in the
same order it was entered, ordered by id.
Not necessarily the same as alpha as I'm sure you appreciate. the fact is
that the data was always returned in the same order
by the database, just not the order I wanted. This is why I was
particularly confused.

Whatever, your code works, now I just gotta figure out why

Thanks

Lyallex

Re: This is just plain ... odd.

[Lyallex]

 [snip]




 You got the same (wrongish) results since you gave the sort the same order
 in
 the list.  I can't recall how merge sort can freak out when given
 conflicting
 compares, I seem to recall that you might get an endless loop under some
 circumstances as it orders and reorders the same group of objects.


This is all very interesting, no really it is, but it doesn't really answer
the original question
which is that given the same initial data in the same initial order and
executing exactly the same code in the
same release of Java produces different results.

The only difference between the two executions is the fact that the test
code executes in
it's own instance of the JVM whereas the other execution runs in an
instance shared with the container.

I accept that the behaviour may be undefined even though it is consistently
repeatable in both environments
but surely given everything else being equal the results should be the same
... or maybe I'm just losing the plot.

Lyallex

Re: Redirecting from unprotected resource to a protected one

[Lyallex]

On 2 November 2012 16:21, Christopher Schultz
ch...@christopherschultz.netwrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Lyallex,

 On 11/2/12 9:43 AM, Lyallex wrote:
  When I have validated the data I want to forward to a protected
  resource like this
 
  forwardTarget = /account/accountView.jsp;


 The problem is that you are doing a forward and not a redirect.


Yea, well, that was easy wasn't it ;-)

Thanks for taking the time to reply

Much appreciated

Lyallex

Getting hold of an IP address

[Lyallex]

Hi

apache-tomcat-6.0.16
jdk1.6.0_03

My application contains instances of
javax.servlet.http.HttpSessionListener
and
javax.servlet.Filter
(among other classes of course)

My question is, is it possible to obtain the originating IP address of
a request from either of these classes
I've had a good look around with no luck so far.

Thanks

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting hold of an IP address

[Lyallex]

On 8 December 2010 10:04, Konstantin Kolinko knst.koli...@gmail.com wrote:

 ServletRequest.getRemoteAddr()

 (In a Filter.  There is no request in HttpSessionListener).

 Best regards,
 Konstantin Kolinko

ahem ... yes, well that was easy wasn't it
In my (weak) defense it's been a long while since I did any coding

Thank you

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Dynamic Resources: getRealPath() returns the 'wrong' path

[Lyallex]

2009/6/11 Mark Thomas ma...@apache.org:
 Lyallex wrote:
 2009/6/11 Caldarale, Charles R chuck.caldar...@unisys.com:

 Writing to the webapp's deployment location is a bad idea - you again have 
 no guarantee that it's allowed, and you're at the whims of the container 
 and execution environment controlling the actual location.  Much better to 
 write your files outside of Tomcat's directory space, using a path defined 
 by system property, environment variable, or webapp property.

  - Chuck

 Yep, I tried this. I set up the following in context.xml

 Environment name=imagecache value=C:/blackhole/magecache
                                type=java.lang.String override=false/

 When the app starts I look up the value for  the imagecache path

 imageCache = (String)ctx.lookup(java:comp/env/imagecache);

 then store it in my config server.

 When I want to write a file I get the path from the config server,
 create a java.io.File and write the data. If I look in the blackhole
 there are the files (images) I know it works b'cos I can open them in
 an image editor.

 Works perfectly ... except I just cannot get he DefaultServlet to
 serve any images that are written to any directory anywhere on the
 filesystem after the server has started ... apologies for letting this
 leak into this thread but I though I might need to use some Servlet
 spec type API to write files so that the DefaultServlet could 'see'
 them ... hence the use of getRealPath  grasping at straws ? You
 bet.

 If you use getRealPath and write them to the path it returns - ie the
 one with n-ROOT in it - then the DefaultServlet should serve them.
 You'll need to write them to the 'proper' ROOT context as well or you'll
 lose them on reload.

 Alternatively, you could fix whatever problem caused you to use
 anti-resource/jar locking in the first place.

 Mark

OK, well thanks for this it seems to be working now.
I have removed the locking attributes from the context and the images load now.

These attributes were a legacy of problems I was having with the
tomcat ant deploy task not deleting some jars. Not sure why this is no
longer an issue really. Nothing has changed in my build script ...

Still, fingers crossed it all works as planned. I still have some
tests to do, if I have more problems I'll be back .

Thanks to all those who took the time to reply, it's much appreciated

lyallex




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Loading dynamically created content: An old chestnut but still a problem.

[Lyallex]

2009/6/11 Caldarale, Charles R chuck.caldar...@unisys.com:
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Subject: Re: Loading dynamically created content: An old chestnut but
 stilla problem.

 I suspect that Hassan and Chuck are nto using anti-resource-locking
 while Lyallex is.

 Correct; as stated, both Hassan and I are using stock Tomcat 6.0.20 downloads.

 If the external webapp approach I suggested is used, the antiResourceLocking 
 attribute should be set to false for that Context.

  - Chuck



I have this working now. I removed the locking attributes from the
context as explained in the other thread.

Thanks to all those who took the time to reply, it's much appreciated.

lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Loading dynamically created content: An old chestnut but still a problem.

[Lyallex]

2009/6/10 Jonathan Mast jhmast.develo...@gmail.com:
 Ok, so this approach of writing to disk after reading the database is not
 working at all.  I thought you were saying previously that was working up to
 a point, but then failing for new products.

 I know its completely possible to add images the root of a Web-App folder
 after deployment and have Tomcat see them.

Great, any idea how ?
Others here seem to think that the DefaultServlet will not serve
content that is uploaded after the server starts and this is the
behaviour I'm seeing

I'd be really interested to know how it's done

 Are you by chance running Tomcat behind Apache Httpd or some other server?

Nope, Tomcat runs standalone on port 80 and serves all content

thanks

lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Dynamic Resources: getRealPath() returns the 'wrong' path

[Lyallex]

2009/6/11 Mark Thomas ma...@apache.org:
 Lyallex wrote:
 The logging output gives the following

 INFO: The path to the image cache is
 C:\servers\tomcat\apache-tomcat-6.0.16\temp\1-ROOT\imagecache

 This is a side effect of using the anti-locking attributes on your context.

Er, OK ... thanks.


 Mark



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Dynamic Resources: getRealPath() returns the 'wrong' path

[Lyallex]

2009/6/11 Caldarale, Charles R chuck.caldar...@unisys.com:

 Writing to the webapp's deployment location is a bad idea - you again have no 
 guarantee that it's allowed, and you're at the whims of the container and 
 execution environment controlling the actual location.  Much better to write 
 your files outside of Tomcat's directory space, using a path defined by 
 system property, environment variable, or webapp property.

  - Chuck

Yep, I tried this. I set up the following in context.xml

Environment name=imagecache value=C:/blackhole/magecache
   type=java.lang.String override=false/

When the app starts I look up the value for  the imagecache path

imageCache = (String)ctx.lookup(java:comp/env/imagecache);

then store it in my config server.

When I want to write a file I get the path from the config server,
create a java.io.File and write the data. If I look in the blackhole
there are the files (images) I know it works b'cos I can open them in
an image editor.

Works perfectly ... except I just cannot get he DefaultServlet to
serve any images that are written to any directory anywhere on the
filesystem after the server has started ... apologies for letting this
leak into this thread but I though I might need to use some Servlet
spec type API to write files so that the DefaultServlet could 'see'
them ... hence the use of getRealPath  grasping at straws ? You
bet.

Anyway, thanks for taking the time to reply

lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Loading dynamically created content: An old chestnut but still a problem.

[Lyallex]

2009/6/11 Caldarale, Charles R chuck.caldar...@unisys.com:
 From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com]
 Subject: Re: Loading dynamically created content: An old chestnut but
 still a problem.

 Then I copied a random example.gif image to the ROOT directory
 and entered http://localhost:8080/example.gif in my address bar.
 And there it is in my browser.

 Just to confirm that there's no long-term caching, I extended the above by 
 starting Tomcat, loaded the home page in Firefox, replaced tomcat.gif by one 
 of Bill the Cat with the name tomcat.gif, refreshed the page with F5, and got 
 the revised, much uglier image in the upper left corner.

  - Chuck

OK, all very nice ... I just tried this. The server was running and my
application was up and working.
I copied an image into the ROOT directory then tried to access it like
so http://localhost/main.jpg and got a 404 not found.

I stopped and restarted the server (very important this) and tried the
same request again and the image loaded.

I'm not imagining this. It is a fact. On my setup (tomcat 6.0.16.
jdk1.6.0_03, Windows XP SP 2) I cannot load images that have been
written to disk after the server starts ... sorry if this offends you
in some way, it's driving ME nuts especially as you all seem to have
no trouble with this. I'm almost tempted to load the app onto the live
server and see if it works there. .. no, that way lies madness.

lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Loading dynamically created content: An old chestnut but still a problem.

[Lyallex]

apache-tomcat-6.0.16
jdk1.6.0_03

Dev box : Windows
Deployment box: Linux

Hi

I've read some other posts that seem to be asking similar questions
but I can't find the answer so far.
maybe someone here would be kind enough to give me a hint

I have a retail application that stores the product images in a database.
Each product can have many images and products are being uploaded all the time.

Fetching images from the database every time results in a clunky page
load so I want to cache the images to disk
the first time an item is accessed my cache manager checks the disk
cache to see if images for that item are available.
If not it loads them onto the disk.
this happens in the servlet that serves the item details up so the
images are in the disk cache before the request is forwarded to the
view (jsp)
In the jsp I access the images from the disk cache.

The problem is, the first time I access the item details the images
are written to the cache which resides directly under the
context root but they are not loaded in the view.
If I restart tomcat the images disply fine so I know all the caching
is working correctly.

I can't restart tomcat everytime I upload a new product so how can I
force tomcat to recognise the new images 'on the fly' so as to speak?
The application is running as the ROOT application on the server and
is the only application being served.

An example image might be
../apache-tomcat-6.0.16/webapps/ROOT/imagecache/830_main.jpg
(example)

I'm quite happy that the imagecache is deleted everytime I redeploy
the application because the application is starting to stabilise and
once I have this last problem ironed out
I will only be doing irregular maintenance. The faster loading of
images is more than enough compensation.

I can't use symbolic links to place the imagecache outside the
application space because I develop on Windows and deploy to Linux
(historical, nothing I can do about it)

Any ideas much appreciated.


Many thanks
lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Loading dynamically created content: An old chestnut but still a problem.

[Lyallex]

Hi

I'll try to explain in as few words as possible.

When I upload a new product I store the image data and the text in the
database. I did this to try and separate the data from the application
 with the intention of eventually having the data reside on a separate
device optimised for serving data ... well that was my original
thinking anyway.

At the moment, when I load an image I use a proxy servlet and extract
the imageid from the 'Product' (p below)

img src=ImageProxy?%=WebConstants.IMAGE_ID%=%=p.calculateImageId()%...
etc '/

This gets the image from the database and displays it in the page.

This is clunky and slow and the image is not cached by the browser

So, when a user views an item detail I do something like this

getProductDetails?productId='whatever'

In the GetProductDetails servlet I check the disk cache to see if the
image is there, if not I get it from the database an write it to the
cache, just one database access as opposed to many, the next time
anyone sees that item the images are already cached.

now, in the jsp I can use img
src=imagecache/%=p.getProductId()%_thumb.jpg  ...' etc/

In other words, as opposed to getting an anonymous byte stream and
displaying it in the browser I'm now accessing a named image and the
browser caches it. It all works beautifully apart from the fact that
it appears the DefaultServlet will not load resources that have been
written to disk after the server has been started. If I restart the
server I can see my images, but only the ones loaded thus far ...

Anyway, I'm currently looking at the serveResource() method in the
DefaultServlet to try and figure out if it is possible to configure it
to load resoures that have appeared after the server has started ...
it doesn't look like it is possible which is slightly depressing ...
unless of course I am missing something.

Surely this is not an unusual requirement, how do others deal with
serving up images that have been uploaded after the server has
started.

Anyway

Thanks for taking the time to reply
lyallex


2009/6/10 Jonathan Mast jhmast.develo...@gmail.com:
 So you are actually storing the image data in the database, as opposed to
 the filepath? interesting...

 So your webapp accesses the image data as needed and writes it to imagecache
 dir?  Is this feature not working? i don't understand what exactly the issue
 is that you are having.  please explain.



 On Wed, Jun 10, 2009 at 9:41 AM, Lyallex lyal...@gmail.com wrote:

 apache-tomcat-6.0.16
 jdk1.6.0_03

 Dev box : Windows
 Deployment box: Linux

 Hi

 I've read some other posts that seem to be asking similar questions
 but I can't find the answer so far.
 maybe someone here would be kind enough to give me a hint

 I have a retail application that stores the product images in a database.
 Each product can have many images and products are being uploaded all the
 time.

 Fetching images from the database every time results in a clunky page
 load so I want to cache the images to disk
 the first time an item is accessed my cache manager checks the disk
 cache to see if images for that item are available.
 If not it loads them onto the disk.
 this happens in the servlet that serves the item details up so the
 images are in the disk cache before the request is forwarded to the
 view (jsp)
 In the jsp I access the images from the disk cache.

 The problem is, the first time I access the item details the images
 are written to the cache which resides directly under the
 context root but they are not loaded in the view.
 If I restart tomcat the images disply fine so I know all the caching
 is working correctly.

 I can't restart tomcat everytime I upload a new product so how can I
 force tomcat to recognise the new images 'on the fly' so as to speak?
 The application is running as the ROOT application on the server and
 is the only application being served.

 An example image might be
 ../apache-tomcat-6.0.16/webapps/ROOT/imagecache/830_main.jpg
 (example)

 I'm quite happy that the imagecache is deleted everytime I redeploy
 the application because the application is starting to stabilise and
 once I have this last problem ironed out
 I will only be doing irregular maintenance. The faster loading of
 images is more than enough compensation.

 I can't use symbolic links to place the imagecache outside the
 application space because I develop on Windows and deploy to Linux
 (historical, nothing I can do about it)

 Any ideas much appreciated.


 Many thanks
 lyallex

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Loading dynamically created content: An old chestnut but still a problem.

[Lyallex]

Christopher

 Multiple posts to this list seem to contradict Hassan's assertion that
 this should work: the DefaultServlet appears to ignore files that are
 created post deployment (or at least, post directory-read).

This is exactly what is happening, the DefautServlet Ignores any file
that appears in the application space after the server is started
Others who have replied to my original post appear to have no problem
serving up images that have been uploaded after server startup ...

I appear to have multiple issues here. Rather that 'hijack' my own
thread, I'll start a new one for each issue then return here when I
know exactly what the problem is. I hope this doesn't upset too many
people.

Rgds
lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Dynamic Resources: getRealPath() returns the 'wrong' path

[Lyallex]

Hi

apache-tomcat-6.0.16
jdk1.6.0_03

Dev box : Windows
Deployment box: Linux

I have my server installed at

C:\servers\tomcat\apache-tomcat-6.0.16\

My application is installed at

C:\servers\tomcat\apache-tomcat-6.0.16\webapps\ROOT

I have an  image cache available at

C:\servers\tomcat\apache-tomcat-6.0.16\webapps\ROOT\imagecache

In a servlet I do the following

String pathToImagecache = getServletContext().getRealPath(imagecache);
logger.log(Level.INFO, The path to the image cache is  + pathToImagecache);

The logging output gives the following

INFO: The path to the image cache is
C:\servers\tomcat\apache-tomcat-6.0.16\temp\1-ROOT\imagecache

I need to get hold of the imagecache directory to write images to it
but I have no idea what  this \temp\1-ROOT\ bit of the path all about
???
The only way I can get the correct path at the moment is to set up an
EV in context.xml then do a JNDI lookup in my site cooker and save the
value to my config server... I'd much rather use getRealPath as I
don't have to change the config when I deploy to live.

I'm confused, any help much appreciated

lyallex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 and javamail

[Lyallex]

OK, firstly thanks for the feedback so far

Let me be quite clear about one thing.
I am using the same mail server in both cases. Tomcat and Eclipse are
running on the same physical device with the same IP address.

If I configure a JavaMail session as described in the following resource

http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html
(JavaMail section)

and set auth to false in context.xml everything works perfectly when
sending mail from the web application.

When I try to send mail with my mail component cofigured to work
without using the configured session it fails with Authentication
failed

To sum up then

The mail server does not require authentication when accessed from the
office subnet. The server guys have confirmed this.
I am using the same mail server for the standalone test, the test
where the mail component is configured to use the JNDI resource
configured in context.xml and the test where the mail component uses
the same configuration mechanism as the standlone test. The only test
that fails is the last one.

Something has changed since Tomcat 5.  I have exactly the same
component running in several webapps on Tomcat 5 servers without any
need to configure JNDI resources/Mail sessions etc

JAVA_OPTS and CATALINA_OPTS have not been modified by me and do not
contain anything other that the default settings (none of which appear
to have anything to do with mail config settings).

Any ideas much appreciated.

lyallex

2008/11/26 Rainer Frey [EMAIL PROTECTED]:
 On Wednesday 26 November 2008 08:37:14 Rainer Frey wrote:
  In the MailServer constructor I do the following
 
  properties = System.getProperties();
  ...
  properties.put(mail.smtp.auth, false);
 
  so it looks like a different properties bundle is being used when I
  run this in Tomcat ... does any of this make sense ??

 Argh, I overlooked that you use System.getProperties() here. If you specify
 any JavaMail related Properties in JAVA_OPTS or CATALINA_OPTS environment
 variables, this will be different indeed. You might want to check your tomcat
 start script.

 Rainer


 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 6 and javamail

[Lyallex]

2008/11/27 Rainer Frey [EMAIL PROTECTED]:
 On Thursday 27 November 2008 12:52:56 Lyallex wrote:


 (It would be easier to answer if you'd stop top quoting - but I won't correct
 this whole mail)

Well that's most kind of you, you are being very patient.

I think I need to take a step back here. The boss is happy that
sending email from within the application is now working. I on the
other hand want to know why something that works in Tomcat 5 doesn't
work in Tomcat 6. He's less than inclined to pay for that information
however :-(

Anyway, I will certainly do some more testing, maybe install a clean
Tomcat 6 and create a simple web app that just sends email to a
preconfigured address ... whatever, I'll post results here including
code, mail debug and anything else that might help

Thanks again for your time

lyallex


 OK, firstly thanks for the feedback so far

 Let me be quite clear about one thing.
 I am using the same mail server in both cases. Tomcat and Eclipse are
 running on the same physical device with the same IP address.
 The mail server does not require authentication when accessed from the
 office subnet. The server guys have confirmed this.

 So the problem is certainly on Java side.

 If I configure a JavaMail session as described in the following resource

 http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html
 (JavaMail section)

 and set auth to false in context.xml everything works perfectly when
 sending mail from the web application.

 It then should not be anything related to Javamail or Java version,
 incompatible jar files ...

 I am using the same mail server for the standalone test, the test
 where the mail component is configured to use the JNDI resource
 configured in context.xml and the test where the mail component uses
 the same configuration mechanism as the standlone test. The only test
 that fails is the last one.

 Something has changed since Tomcat 5.  I have exactly the same
 component running in several webapps on Tomcat 5 servers without any
 need to configure JNDI resources/Mail sessions etc

 In such a setup, a javamail session is no managed resource for tomcat. I can't
 imagine how the tomcat version could have any influence on that. There must
 be any other difference between your eclipse runtime and this failing tomcat.

 JAVA_OPTS and CATALINA_OPTS have not been modified by me and do not
 contain anything other that the default settings (none of which appear
 to have anything to do with mail config settings).

 Is there any other webapp that might set system properties with mail related
 content? I'd make sure and use an empty Properties object for your test. the
 only reason to use System.getProperties() is the ability to pass JavaMail
 configuration to the JVM command line. I'm not sure what static variables and
 Singletons Javamail has, so I'd test without the resource configuration (even
 if you don't use it anyway) and the Javamail jars in WEB-INF/lib. If this is
 not successful, I guess it's impossible to help unless you post more code,
 complete exception messages and perhaps the output of Javamail with
 mail.debug=true. As I think it is not directly related to tomcat, I'd
 recommend asking on the Javamail list though, they might know more details.

 Rainer


 Any ideas much appreciated.

 lyallex

 2008/11/26 Rainer Frey [EMAIL PROTECTED]:
  On Wednesday 26 November 2008 08:37:14 Rainer Frey wrote:
   In the MailServer constructor I do the following
  
   properties = System.getProperties();
   ...
   properties.put(mail.smtp.auth, false);
  
   so it looks like a different properties bundle is being used when I
   run this in Tomcat ... does any of this make sense ??
 
  Argh, I overlooked that you use System.getProperties() here. If you
  specify any JavaMail related Properties in JAVA_OPTS or CATALINA_OPTS
  environment variables, this will be different indeed. You might want to
  check your tomcat start script.
 
  Rainer
 
 
  -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 6 and javamail

[Lyallex]

2008/11/27 Caldarale, Charles R [EMAIL PROTECTED]:
 From: Lyallex [mailto:[EMAIL PROTECTED]
 Subject: Re: Tomcat 6 and javamail

 The mail server does not require authentication when accessed from the
 office subnet. The server guys have confirmed this.

 Or is it that your mail server is configured to accept the network signon 
 that each workstations uses?

No, it's relaying from my subnet, no authentication required
(according to the network guys anyway, I work for a hosting company
and these guys seem to know their stuff).

 I am using the same mail server for the standalone test, the test
 where the mail component is configured to use the JNDI resource
 configured in context.xml and the test where the mail component uses
 the same configuration mechanism as the standlone test. The only test
 that fails is the last one.

 And is everything running under the same account?  If you're running Tomcat 
 as a Windows service, it will not be the account you logged into your 
 workstation (and network)with.

I start Tomcat from the command line. I only ever pass the IP address
of the mail server. I can even telnet to it and send a mail from the
command line.

lyallex


  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
 MATERIAL and is thus for use only by the intended recipient. If you received 
 this in error, please contact the sender and delete the e-mail and its 
 attachments from all computers.

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 6 and javamail

[Lyallex]

Hello again

2008/11/19 Don Millhofer [EMAIL PROTECTED]:
 Are you sure that the mail server, serving the host you are deploying to does 
 not require authentication?  I got this same error trying to go through the 
 Google Mail Server without proper authentication.


I am absolutely sure that the mail server I am using for the
standalone test is the same one that I am using for the tomcat server.

I tried setting mail.smtp.auth = true and the send failed in Eclipse,
the debug output was exactly the same as when I run the code
in Tomcat Authentication failure

I then hardcoded properties.put(mail.smtp.auth, false); in the
MailServer constructor  and ran the Eclipse test, it worked, so I ran
it in Tomcat and it failed with Authentication exception 

In the MailServer constructor I do the following

properties = System.getProperties();
...
properties.put(mail.smtp.auth, false);

so it looks like a different properties bundle is being used when I
run this in Tomcat ... does any of this make sense ??

Thanks
lyallex



 when I invoke the component in the webapp I get
 javax.mail.AuthenticationFailedException
 debug output shows that my components configuration parameters are
 IDENTICAL to those used in standalone mode.

 You say in Eclipse you use -  (mail.smtp.auth = false) and sends the email.  
 Try sending authentication.

private class SMTPAuthenticator extends javax.mail.Authenticator {
@ Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(d_email, d_password);
}
}

 Don


 At 06:41 AM 11/25/2008, you wrote:
Start by making sure there is only one copy of the javamail jar.
Remove either the one in tomcat's lib directory or your webapp's lib
directory.

-- David


On Nov 19, 2008, at 6:04 AM, Lyallex [EMAIL PROTECTED] wrote:

Hi

Tomcat 6.0.16
jdk1.6.0_06
javamail 1.4.1

I have a simple component that uses javamail 1.4.1 to send e-mail
It works perfectly 'standalone' (executed from Eclipse).
It connects to the server (mail.smtp.auth = false)
and sends the email

I've read the available docs at
http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html
which talk about activation.jar among others
As I am using jdk 1.6 I understand that this is no longer required (it
is included in the distro).

The javamail 1.4.1 jars are in CATALINA_HOME/lib
I have also tried them in WEB-INF/classes/lib

when I invoke the component in the webapp I get
javax.mail.AuthenticationFailedException
debug output shows that my components configuration parameters are
IDENTICAL to those used in standalone mode.

I am not using jndi resources or resources defined in context.xml, I
am not using tomcats JavaMail session management.

I just need this to work as a simple component without lots of config
to start with.

Can anyone let me in on the 'secret' to getting this to work. I've had
similar components working in earlier releases (and they are still
working)
Something must have changed, I'm rather hoping it's not a securuity
thing but I suspect it might be.

I'm not asking anyone to debug my application I could just do with a
pointer or two.

Any help much appreciated

Cheers
lyallex

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat 6 and javamail

[Lyallex]

Hi

Tomcat 6.0.16
jdk1.6.0_06
javamail 1.4.1

I have a simple component that uses javamail 1.4.1 to send e-mail
It works perfectly 'standalone' (executed from Eclipse).
It connects to the server (mail.smtp.auth = false)
and sends the email

I've read the available docs at
http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html
which talk about activation.jar among others
As I am using jdk 1.6 I understand that this is no longer required (it
is included in the distro).

The javamail 1.4.1 jars are in CATALINA_HOME/lib
I have also tried them in WEB-INF/classes/lib

when I invoke the component in the webapp I get
javax.mail.AuthenticationFailedException
debug output shows that my components configuration parameters are
IDENTICAL to those used in standalone mode.

I am not using jndi resources or resources defined in context.xml, I
am not using tomcats JavaMail session management.

I just need this to work as a simple component without lots of config
to start with.

Can anyone let me in on the 'secret' to getting this to work. I've had
similar components working in earlier releases (and they are still
working)
Something must have changed, I'm rather hoping it's not a securuity
thing but I suspect it might be.

I'm not asking anyone to debug my application I could just do with a
pointer or two.

Any help much appreciated

Cheers
lyallex

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 6 and javamail

[Lyallex]

Hi

Well I've had problems with this before.

As I'm sure you know, the JavaMail API 1.4.1 distribution contains
dsn.jar, imap.jar, mailapi.jar, pop3.jar and smtp.jar

I was very careful to make sure that I only had the above jars in
EITHER the web application's lib directory (WEB-INF/lib) OR tomcat's
lib directory (../apache-tomcat-6.0.16/lib) restarting every time I
made a change.

I just tried again, searching the entire tomcat filesystem each time
to ensure that there were no duplicates but still no luck.

Unfortunately the mail server admin is being less than helpful so I
can't even see what is happening at the other end.

Any other ideas ?

Thanks anyway
lyallex

2008/11/25 David Smith [EMAIL PROTECTED]:
 Start by making sure there is only one copy of the javamail jar.  Remove
 either the one in tomcat's lib directory or your webapp's lib directory.

 -- David


 On Nov 19, 2008, at 6:04 AM, Lyallex [EMAIL PROTECTED] wrote:

 Hi

 Tomcat 6.0.16
 jdk1.6.0_06
 javamail 1.4.1

 I have a simple component that uses javamail 1.4.1 to send e-mail
 It works perfectly 'standalone' (executed from Eclipse).
 It connects to the server (mail.smtp.auth = false)
 and sends the email

 I've read the available docs at
 http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html
 which talk about activation.jar among others
 As I am using jdk 1.6 I understand that this is no longer required (it
 is included in the distro).

 The javamail 1.4.1 jars are in CATALINA_HOME/lib
 I have also tried them in WEB-INF/classes/lib

 when I invoke the component in the webapp I get
 javax.mail.AuthenticationFailedException
 debug output shows that my components configuration parameters are
 IDENTICAL to those used in standalone mode.

 I am not using jndi resources or resources defined in context.xml, I
 am not using tomcats JavaMail session management.

 I just need this to work as a simple component without lots of config
 to start with.

 Can anyone let me in on the 'secret' to getting this to work. I've had
 similar components working in earlier releases (and they are still
 working)
 Something must have changed, I'm rather hoping it's not a securuity
 thing but I suspect it might be.

 I'm not asking anyone to debug my application I could just do with a
 pointer or two.

 Any help much appreciated

 Cheers
 lyallex

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]


 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Possibly OT] Life after dojo, slow 'buggy' redeploy. Any experience here ?

[Lyallex]

Good Morning

apache-tomcat-5.5.26
java 1.5.0_15
dojo 1.1.1
ant 1.7.0

I just bolted the dojo javascript libs into one of my web apps.

I use the org.apache.catalina.ant.DeployTask and
org.apache.catalina.ant.UndeployTask to redeploy my application from
within an Ant script

Before installing dojo, redeployment took about 12 seconds
After I installed dojo, redeployment takes anything up to two minutes
and throws exceptions (see below if interested)
Removing dojo results in redployment happening in (about) 12 seconds again.

I'm a bit ... confused.

I'm going to turn on some deep debug and see if I can find out what's happening
but I thought I might see if anyone else has experienced this

Exceptions thrown

WARNING: Error while removing context [/atledu]
java.lang.NullPointerException
at 
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:884)
at 
org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1046)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1214)
at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293)
at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at 
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1306)
at 
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1570)
at 
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1579)
at 
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1559)
at java.lang.Thread.run(Thread.java:619)
03-Sep-2008 09:55:23 org.apache.catalina.startup.HostConfig checkResources
WARNING: Error during context [/atledu] destroy
java.lang.NullPointerException
at 
org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1052)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1214)
at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293)
at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at 
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1306)
at 
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1570)
at 
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1579)
at 
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1559)
at java.lang.Thread.run(Thread.java:619)

Many Thanks

lyallex

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to close an out Stream if a client aborts

[Lyallex]

On Mon, Jun 30, 2008 at 1:52 PM, Johnny Kewl [EMAIL PROTECTED] wrote:

 - Original Message - From: Lyallex [EMAIL PROTECTED]
 To: Tomcat Users List users@tomcat.apache.org
 Sent: Monday, June 30, 2008 10:11 AM
 Subject: How to close an out Stream if a client aborts


 Good Morning

 Java 1.5.0_15
 Tomcat 5.5.26

 I have a servlet that is used to serve up images from a database



 Good question... it does seem to fly in the face of convention.

Well it looks like the streams are being recycled

Looking at the hash values of the stream objects it appears that the
output stream is being reused even though it doesn't appear to be
closing ... sort of lost here, looks like I need to get into the
Tomcat code to understand what is going on here ... ah well, I've got
nothing better to do (I wish)

Lyallex

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Changing roles on the fly

[Lyallex]

On Sat, Jun 21, 2008 at 12:41 PM, Mark Thomas [EMAIL PROTECTED] wrote:
 Johnny Kewl wrote:

 - Original Message - From: Lyallex [EMAIL PROTECTED]

 Allowing a user to add a role is simple enough.

 Is it?

 Yes.

snip ...

 If you change web.xml, yes TC will restart. However, you probably know the
 roles you want and the resources you want to protect, just not which users
 have which roles.

Exactly, in my application there is a business requirement to allow
certain user to add certain roles on the fly.
I know what these roles are and the resources they protect, all this
is predefined. When a user adds a role I log them out (They are warned
about this and are ready for it) when they log in again they have the
additional role, all this is relatively trivial to implement as is the
elected removal of a role which works in exactly the same way.

The problem comes when I want to remove certain privileges from a user
who may already be logged in. I can remove the role in the persistance
store easily enough but I need a way to get a handle on the session
and invalidate it so that he next time the user tries to access a
protected resource they have to log in again.

 Look at how the manager webapp access the list of sessions. You should be
 able to use similar code. Note you'll need to make your webapp privileged.
 You might want a separate admin webapp.

Yes, I've sort of come that that conclusion myself, I might try the
JMX route as it's something I've never done before and it's fun to
learn new stuff.  If the client (who pays me after all) starts
grizzling I can look at the HttpSessionListener thing recommended by
Chris earlier.

Thanks to all for taking the time to reply.

This list truly is 'the dogs'

--Lyallex


 Mark


 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Changing roles on the fly

[Lyallex]

On Sun, Jun 22, 2008 at 1:46 PM, Johnny Kewl [EMAIL PROTECTED] wrote:

 - Original Message - From: Lyallex [EMAIL PROTECTED]
 To: Tomcat Users List users@tomcat.apache.org
 Sent: Sunday, June 22, 2008 1:14 PM
 Subject: Re: Changing roles on the fly


 On Sat, Jun 21, 2008 at 12:41 PM, Mark Thomas [EMAIL PROTECTED] wrote:

 Johnny Kewl wrote:

 - Original Message - From: Lyallex [EMAIL PROTECTED]

 Allowing a user to add a role is simple enough.

 Is it?

 Yes.

 snip ...

 If you change web.xml, yes TC will restart. However, you probably know
 the
 roles you want and the resources you want to protect, just not which
 users
 have which roles.

 Exactly, in my application there is a business requirement to allow
 certain user to add certain roles on the fly.

...
snip
...

 The part that is worrying me, is not the sessions tracking the sessions
 in HttpSessionListener and jamming them into a Hashmap as chris said, I
 think is the right way... thats not what is worrying me, its what you call
 the trivia, ie you just going to change the persistance store... which
 I assume means
 tomcat-users.xml

Nope, it means the database.  Does anyone really use tomcat-users.xml
for a production system ... I can't believe it.
My business logic code is persistence mechanism agnostic as all good
and true Java OO code should be IMHO. That's why I used the term
'persistance store' apologies if this caused confusion.

Anyway, the 'trivia' works perfectly (it is trivial after all). I've
already done all that,
it was just controlling the logged in users I was getting my head around.

-- Lyallex

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Distributed Singletons with clustered Tomcat

[Lyallex]

On Thu, May 22, 2008 at 2:10 PM, Christopher Schultz
[EMAIL PROTECTED] wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Lyllax,

 Lyallex wrote:
 | Classically my ServiceLocator has been a Singleton, now I have the
 | prospect of multiple Singletons living in multiple JVMs.

 Do you actually need intra-JVM synchronization or something like that?
 Why can these singletons not operate independently on each instance of TC?

Good question, I don't know, it's new stuff and I'm just starting to
think about it.
I just feel I need to control access to resources in some way,
probably better to control access via the service rather that via the
service delivery mechanism. I've never use multiple Tomcat instances
to deliver a single application before, maybe this question is better
posted in comp.lang.java.

Thanks for taking the time to reply.

Lyallex



 - -chris

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

 iEYEARECAAYFAkg1cLUACgkQ9CaO5/Lv0PCRDgCgnOIn1dS1S7qMgCGH++NkxE6M
 3h0AoLJiwo+qjrnLhmj4FzjhrXdUrXlU
 =FbQA
 -END PGP SIGNATURE-

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Distributed Singletons with clustered Tomcat

[Lyallex]

Hello

Up until now everything I've done with Tomcat has been on a single server.
Now I am developing an application that will require multiple Tomcat
servers (instances at least) with some sort of load balancer thing in
front of them.
Classically my ServiceLocator has been a Singleton, now I have the
prospect of multiple Singletons living in multiple JVMs.

I realise that this is not actually Tomcat specific and that this
situation can arise regardless of Servlet container but I am using
Tomcat so I posted here.

I was thinking maybe RMI might prove the answer (so I can still have a
single Singleton) but another correspondant on this list seems to be
having problems with lost data (although we won't be using a wan
AFAIK). Is there a well tried solution to this issue ?

Many Thanks In Advance

Lyallex

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Save POJO Application Server Definition

[Lyallex]

Jeez, give the guy a break, if you don't want to read his posts then
don't read them. His name appears next to them, it's easy to ignore if
you want to.

I don't know 'Johnny' personally and I agree he can be a bit ebulliant
but do we really all want to descend into greyness.

Lyallex

On Thu, May 15, 2008 at 2:35 AM, Stephen Souness [EMAIL PROTECTED] wrote:
 I'm with you David, I don't visit these groups to see spam thinly disguised
 as Tomcat-related messages.


 --
 Stephen Souness



 David Fisher wrote:

 We know you think your stuff is so kewl, but would you please stop leading
 all your email with an evangelical tag line.

 That would be so cool of you.

 Thanks,

 Regards,
 Dave

 On May 13, 2008, at 3:14 PM, Johnny Kewl wrote:

 snipped





 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Save POJO Application Server Definition

[Lyallex]

On Thu, May 15, 2008 at 2:10 PM, David Fisher [EMAIL PROTECTED] wrote:

 Jeez, give the guy a break,

snip

 I find Johnny's emails interesting and helpful as well.

 All that I was asking for was for him to put his taglines (however many he
 wants) at the end - like everyone else - sorry if I was too sarcastic.

Tag line looks good at the bottom Johnny

Lyallex

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Seeking advice as to what platform/framework to use for developing a tourism/tourist attractions web site

[Lyallex]

Greetings

I guess given the lack of replies that most think this is too OT for
this list, well I suppose it is but I couldn't resist answering.

Don't Do It

That is, don't use any framework at all.

Download Tomcat and the relevant J2EE API documentation bundle, then
goto the MySQL site and get the driver
then go http://commons.apache.org/ and get all sorts of stuff. Finally
read http://java.sun.com/blueprints/patterns/catalog.html (maybe this
should be the other way around)

This really is all you need. learning a framework is an overhead you
can do without if you are getting into J2EE.

I used to use Struts and JSF and Castor and lot's of other stuff but I
found I was spending more time learning how to configure the framework
than I was developing. My latest site has most of what you mention and
not a framework in site.

Follow the patterns, write cohesive POJOs and hide the business logic
behind facades. Use the commons stuff, it works, it's free and it's
documented (to a degree). I even used to eschew taglibs but I'm a
convert now so use them where you can.

NEVER put business logic anywhere other than in POJOs (or EJBs if you
must) and never do anything other than rendering in jsp's.

Use css, everywhere, all the time ... IE 6 is broken but most of the
latest browsers are pretty good these days IMHO.
div good, table bad (well not quite).

Stick to this and you will be writing websites and earning money for
the rest of your working life while others struggle to get heir head
around the latest bloated XML nightmare config, docubabble latest
greatest framework.

Madness ? perhaps, but I spend my time learning the Java/J2EE APIs
rather than reading framework documentation and I am never out of
work.

Lights blue touchpaper and retires

Good Luck

Lyallex



On Fri, May 2, 2008 at 11:01 AM, qm westview [EMAIL PROTECTED] wrote:
  *Hi there,* *I am an application programmer (Java, PHP) and almost new to
  web development. I am currently investigating as to what is the most
  appropriate/applicable open source platform/framework to develop a web site
  (simple to start but more comprehensive into the future) for tourism or
  tourist attractions. The following lists the basic support requirements
  (mainly multimedia, interactivity and future proof) * *1.  XHTML,
  JavaScript, Ajax* *2.  Multimedia – images, slides show, music, videos*
  *3.  Simple blogging facility * *4.  Community, Feedbacks * *5.
  Emailing for registered users (regular news release)* *6.  Database
  (mySQL or similar)* *7.  Search ability (text based)* *8.  Shopping
  facility (online, gift etc)* *9.  Management facility* *I have seen some
  CMS type of open system, such as Xoops, Lenya, Daisy, etc. But I do not have
  enough knowledge to make any choice decision. Just wondered if any
  experienced people here could help me or shed some lights please. * *I am a
  techi person and wouldn't mind the complicity of technology so long as the
  job can be done efficiently and effectively and low cost.* *Many thanks in
  advance,* *Mark*


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Seeking advice as to what platform/framework to use for developing a tourism/tourist attractions web site

[Lyallex]

On Fri, May 2, 2008 at 2:38 PM, Frank W. Zammetti [EMAIL PROTECTED] wrote:
 I actually agree with Lyallex quite strongly,

..no, you don't, you can't, well actually you do, so I'm not going mad
then, fabulous.

No Idea what DWR is and the idea of writing more of my app in
javascript leaves me a little cold but I'll have a look

BTW OP, the best way to learn about this stuff is just to read this
list, someone will mention something you've never heard of before so
you go look at it and you get a 'hey I could use that' moment it works
for me.

  P.S. - Is that your real name by the way Layallex?  If so, I've never heard
 it before, but it's pretty cool!)

Actually Frank I've been lurking around on this list for as long as I
care to remember, I try to help where I can but mostly it makes me
laugh and I learn something new every day. 'nuff reason I guess.

As for Lyallex, well it's a long (long) story.

Cheers
Lyallex

  --
  Frank W. Zammetti
  Author of Practical DWR 2 Projects
   and Practical JavaScript, DOM Scripting and Ajax Projects
   and Practical Ajax Projects With Java Technology
   for info: apress.com/book/search?searchterm=zammettiact=search
  Java Web Parts - javawebparts.sourceforge.net
   Supplying the wheel, so you don't have to reinvent it!
  My only partially serious blog: zammetti.com/blog

  Lyallex wrote:

 
 
 
  Greetings
 
  I guess given the lack of replies that most think this is too OT for
  this list, well I suppose it is but I couldn't resist answering.
 
  Don't Do It
 
  That is, don't use any framework at all.
 
  Download Tomcat and the relevant J2EE API documentation bundle, then
  goto the MySQL site and get the driver
  then go http://commons.apache.org/ and get all sorts of stuff. Finally
  read http://java.sun.com/blueprints/patterns/catalog.html (maybe this
  should be the other way around)
 
  This really is all you need. learning a framework is an overhead you
  can do without if you are getting into J2EE.
 
  I used to use Struts and JSF and Castor and lot's of other stuff but I
  found I was spending more time learning how to configure the framework
  than I was developing. My latest site has most of what you mention and
  not a framework in site.
 
  Follow the patterns, write cohesive POJOs and hide the business logic
  behind facades. Use the commons stuff, it works, it's free and it's
  documented (to a degree). I even used to eschew taglibs but I'm a
  convert now so use them where you can.
 
  NEVER put business logic anywhere other than in POJOs (or EJBs if you
  must) and never do anything other than rendering in jsp's.
 
  Use css, everywhere, all the time ... IE 6 is broken but most of the
  latest browsers are pretty good these days IMHO.
  div good, table bad (well not quite).
 
  Stick to this and you will be writing websites and earning money for
  the rest of your working life while others struggle to get heir head
  around the latest bloated XML nightmare config, docubabble latest
  greatest framework.
 
  Madness ? perhaps, but I spend my time learning the Java/J2EE APIs
  rather than reading framework documentation and I am never out of
  work.
 
  Lights blue touchpaper and retires
 
  Good Luck
 
  Lyallex
 
 
 
  On Fri, May 2, 2008 at 11:01 AM, qm westview [EMAIL PROTECTED]
 wrote:
 
*Hi there,* *I am an application programmer (Java, PHP) and almost new
 to
web development. I am currently investigating as to what is the most
appropriate/applicable open source platform/framework to develop a web
 site
(simple to start but more comprehensive into the future) for tourism or
tourist attractions. The following lists the basic support requirements
(mainly multimedia, interactivity and future proof) * *1.  XHTML,
JavaScript, Ajax* *2.  Multimedia – images, slides show, music,
 videos*
*3.  Simple blogging facility * *4.  Community, Feedbacks * *5.
Emailing for registered users (regular news release)* *6.  Database
(mySQL or similar)* *7.  Search ability (text based)* *8.
 Shopping
facility (online, gift etc)* *9.  Management facility* *I have seen
 some
CMS type of open system, such as Xoops, Lenya, Daisy, etc. But I do not
 have
enough knowledge to make any choice decision. Just wondered if any
experienced people here could help me or shed some lights please. * *I
 am a
techi person and wouldn't mind the complicity of technology so long as
 the
job can be done efficiently and effectively and low cost.* *Many thanks
 in
advance,* *Mark*
  
  
 
  -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 


  -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED

Re: [OT] RE: Seeking advice as to what platform/framework to use for developing a tourism/tourist attractions web site

[Lyallex]

Peter

Never suggested the OP develop carts and such like from scratch really did I.

What I said was he should focus on learning the core APIs, that's a
little different.
Building your own business logic is a requirement whatever framework
you use (or don't use). If you can tell me where to find reusable
business logic then that will certainly save me time, I'd still want
to know how it worked though so black boxes are useless.

If, when you know the core you decide to rot your brain and spend
frustrating days trying to configure some bloody minded framework then
go for it, at least you'll have some idea where to look when it
doesn't work (they NEVER work first time in my experience).

Anyway OP, hope this little discussion has cleared things up for you :-))

Cheers
Lyallex



On Fri, May 2, 2008 at 2:48 PM, Peter Crowther
[EMAIL PROTECTED] wrote:
  From: Lyallex [mailto:[EMAIL PROTECTED]
   Subject: Re: Seeking advice as to what platform/framework to
   use for developing a tourism/tourist attractions web site

 
   Greetings
  
   I guess given the lack of replies that most think this is too OT for
   this list, well I suppose it is but I couldn't resist answering.
  
   Don't Do It
  
   That is, don't use any framework at all.

  Many of the OP's requirements are for existing tools.  Blog, shopping cart 
 and the like.  Developing those from scratch is rather like gathering the 
 coal, clay and iron ore to make your own oven to smelt your own iron ore to 
 make your own axe to cut down your own tree to make your own log cabin.  You 
 *can*, and you get a lot of satisfaction from it, but it's a lot easier to 
 spend less time working for someone else, then rent a house.  Sure, it might 
 not be quite what you'd build yourself... but you get most of what you want a 
 *lot* quicker.

  So, to the OP, I'd say: compare the big systems that you mention.  Take a 
 tour of each.  Install a few.  You might spend a couple of weeks, maybe a 
 couple of months doing this.  Then pick one and go for it.  You'll have your 
 system running - and customers using it - while Lyallex is still building the 
 data access layer for the no-framework one.

 - Peter



  -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OT] RE: Seeking advice as to what platform/framework to use for developing a tourism/tourist attractions web site

[Lyallex]

I agree with others on the list that *for other purposes* starting at
the basics and working up is the way to go.  I may have a different
view of what basics is, given that I *think* I still carry around
enough in my head that I could design a functional (if basic) computer
from the discrete components up through instruction set, microcode if
absolutely required, I/O, OS to applications ;-).  I wish all
developers could think down to bare metal level, and beyond - it gives
a very solid grounding in *why* to code in a particular way.

 - Peter


Well here I have to agree with you, I spent many happy hours in the
compsci labs messing about with a Motorolla 68000 processor. I was
lucky enough to be in the last cohort at my university to get a
thorough grounding in computer architecture (Course Book 'Structured
Computer Organization' by Andrew S Tannenbaum). A fantastic course and
absolutely essential IMHO. I think it's been replaced with 'Business
and Society' or something now, shame.

I totally agree with using and reusing existing components. I use lots
of commons components all the time and as for Lucene
(http://lucene.apache.org/) well it's the absolute dogs danglers isn't
it ?

 I just think that a framework as a starting point is one layer too
far for a beginner to web development.

Anyway, let us know how you get on OP.

Cheers
Lyallex

Just my two quids worth

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OT] Ooh, shiny! (was RE: Best Linux distribution)

[Lyallex]

 Unfortunately too many IT teams that I've encountered tend towards the Ooh, 
 shiny new toy! and My server's newer than your server views of the world.

Heh heh, shiny new toy syndrome, where would the  'IT business'  be without it.

comp.lang.java.programmer has some really bilious postings from people
who get REALLY upset if you even mention older releases of Java ...
can't see why really, maybe it's all a conspiracy to keep the
consultants in business.

... now where did I put my Dr Logo manual.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Confused about startup

[Lyallex]

Hi

Thanks for this and thanks to those that replied about this off list.
Sometmes I struggle to make myself understood, this is one such time I think.

All I really wanted to know was why Bootstrap.main() had the line

Main method, used for testing only

In it's comment block. As far as I can see this is just one of those
things, maybe it should be removed, maybe it should stay if there is a
good reason.

I does go to show that something as simple as a one line comment can
cause much confusion to those of us that rely on a combination of code
and comment to understand what's going on in code we have not seen
before.

I once knew a PhD who was always saying that he did not need comments
as he could read code, well possibly, but for us mere mortals comments
can make the difference between success and failure.

Keep up the good work

Cheers
Duncan

On 10/24/07, Konstantin Kolinko [EMAIL PROTECTED] wrote:
 Hi,

 I can say you a few words about this bootstrap class. I remember how I
 was proud, when I managed to decypher what it actually does. It was a
 year ago, but it is still a good memory. ;)  It's an excellent piece.
 I hope that in a while you will be able to share these feelings of
 joy.

 In essence, it parses catalina.properties (either the default copy of
 it, or the one available in the conf folder), sets up a chain of
 classloaders (see
 http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html), and
 starts the server.

 Most of the work is done through reflection calls.

 JMX test at the begin of Bootstrap.main() (in tomcat 5.5 only) is
 required, because JMX is used to manage tomcat instance. Thus there is
 a quick test, and a message if the test fails.

 Please note, that catalina.properties specifies patterns, e.g.
 ${catalina.home}/common/lib/*.jar, but ClassLoader instance requires
 references to actual jar files, thus some lookup is performed to get
 the actual names from the pattern.

 The startup sequence description in
 http://tomcat.apache.org/tomcat-5.5-doc/architecture/startup/serverStartup.txt
 is correct. It is not a simple matter though.

 The comment for Bootstrap.main( ) is, well, misleading.
 Both in 5.5.25 and 6.0.14 sources.
 Should someone provide a patch for this?

 Actually, the Bootstrap class is not so important. The more important
 class is org.apache.catalina.startup.Catalina, and its main(args)
 method is commented as being the entry point.


 2007/10/24, Lyallex [EMAIL PROTECTED]:
  Hmm, obviously this was not an acceptable question ... shame.
 
  Still, I have now managed to get 5.5.25 to build and run and when I
  put some simple debug in Bootstrap.main() it does indeed appear that
  this method is being called.
 
  Still slightly confused as to why this method is commented as
 
  /**
   * Main method, used for testing only.
   *
   * @param args Command line arguments to be processed
   */
 
  Ah well, it's all character building stuff I suppose.
 
  On 10/24/07, Lyallex [EMAIL PROTECTED] wrote:
   Hello
  
   Windows XP SP2
   Java 1.5.0_10
   Tomcat 5.5.25
  
   After many years using Tomcat to host various web sites I thought it
   was about time I started looking at some of the code. I downloaded the
   source for 5.5.25 and thought I'd start at the beginning and figure
   out what happens when I start the server from the command line..
   After deciphering the batch files (catalina.bat, startup.bat and
   setclasspath.bat) I figured out that the class being invoked was
   org.apache.catalina.startup.Bootstrap with the command line param
   start ... Well that's about as far as I get because I just can't
   figure out the entry point. I know that an instance of
   org.apache.catalina.startup.Catalina is being instantiated and invoked
   eventually but the main method in Bootstrap is apparently only used
   for testing.
   At least that what he comments state ... but main must be being called
   mustn't it ...  If main is not being called in Bootstrap how do things
   kick off... I'm a bit distressed that I can't figure this out. I
   haven't got around to building the distribution yet.
  
   I've read 
   http://tomcat.apache.org/tomcat-5.5-doc/architecture/startup/serverStartup.txt
   but I'm still at a loss, maybe I'm getting too old for all this or
   maybe I'm just tired ...
  
   Thanks
  
 
  -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail

Re: Confused about startup

[Lyallex]

Hmm, obviously this was not an acceptable question ... shame.

Still, I have now managed to get 5.5.25 to build and run and when I
put some simple debug in Bootstrap.main() it does indeed appear that
this method is being called.

Still slightly confused as to why this method is commented as

/**
 * Main method, used for testing only.
 *
 * @param args Command line arguments to be processed
 */

Ah well, it's all character building stuff I suppose.

On 10/24/07, Lyallex [EMAIL PROTECTED] wrote:
 Hello

 Windows XP SP2
 Java 1.5.0_10
 Tomcat 5.5.25

 After many years using Tomcat to host various web sites I thought it
 was about time I started looking at some of the code. I downloaded the
 source for 5.5.25 and thought I'd start at the beginning and figure
 out what happens when I start the server from the command line..
 After deciphering the batch files (catalina.bat, startup.bat and
 setclasspath.bat) I figured out that the class being invoked was
 org.apache.catalina.startup.Bootstrap with the command line param
 start ... Well that's about as far as I get because I just can't
 figure out the entry point. I know that an instance of
 org.apache.catalina.startup.Catalina is being instantiated and invoked
 eventually but the main method in Bootstrap is apparently only used
 for testing.
 At least that what he comments state ... but main must be being called
 mustn't it ...  If main is not being called in Bootstrap how do things
 kick off... I'm a bit distressed that I can't figure this out. I
 haven't got around to building the distribution yet.

 I've read 
 http://tomcat.apache.org/tomcat-5.5-doc/architecture/startup/serverStartup.txt
 but I'm still at a loss, maybe I'm getting too old for all this or
 maybe I'm just tired ...

 Thanks


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Confused about startup

[Lyallex]

Hello

Windows XP SP2
Java 1.5.0_10
Tomcat 5.5.25

After many years using Tomcat to host various web sites I thought it
was about time I started looking at some of the code. I downloaded the
source for 5.5.25 and thought I'd start at the beginning and figure
out what happens when I start the server from the command line..
After deciphering the batch files (catalina.bat, startup.bat and
setclasspath.bat) I figured out that the class being invoked was
org.apache.catalina.startup.Bootstrap with the command line param
start ... Well that's about as far as I get because I just can't
figure out the entry point. I know that an instance of
org.apache.catalina.startup.Catalina is being instantiated and invoked
eventually but the main method in Bootstrap is apparently only used
for testing.
At least that what he comments state ... but main must be being called
mustn't it ...  If main is not being called in Bootstrap how do things
kick off... I'm a bit distressed that I can't figure this out. I
haven't got around to building the distribution yet.

I've read 
http://tomcat.apache.org/tomcat-5.5-doc/architecture/startup/serverStartup.txt
but I'm still at a loss, maybe I'm getting too old for all this or
maybe I'm just tired ...

Thanks

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Diagnosing Tomcat memory usage

[Lyallex]

Try Lambda Probe as recommended by other contributors to this list.

http://www.lambdaprobe.org/d/index.htm

I'm no expert with this tool but it's straightforward to install and I
think it may help you out a bit. The System Information/Memory
Utilization thing is particularly fascinating although I don't fully
understandthe output yet.

I also used the JProbe profiller some time ago to profile a running
instance of Weblogic, it had a fantastic real time heap analysis tool
that shows you exactly what's happening at runtime ... 2 million
String objects, where the heck did they come from ? It's not free
though as far as I know.

It might help




On 10/10/07, Andrew Hole [EMAIL PROTECTED] wrote:
 I've an java application running under tomcat and in the last week
 memory usage increase 50%, from 200M to 400M. I want to know exactly
 why this happens. Some suggestion?

 Thanks a lot

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 5.23: caching of css files?

[Lyallex]

Did you clear your browser cache ?

If you access the application via different adresses AFAIK the browser
sees identical files as being different due to those different
addresses (FQDN versus IP address).

I had similar problems that dissapeared after I cleared out the browser cache

It's just a thought.

On 10/9/07, Angelo Chen [EMAIL PROTECTED] wrote:

 Hi Charles,

 this is what I did:

 1. shut down tomcat
 2. delete war and related directory
 3. copy new war file
 4. start tomcat

 with all above, I'm still getting pages styled with old css file, it will go
 away after several hours. kind of strange.
 A.C.


 Caldarale, Charles R wrote:
 
  From: Angelo Chen [mailto:[EMAIL PROTECTED]
  Subject: Tomcat 5.23: caching of css files?
 
  I have tomcat 5.23 in ubuntu 7.04, if I update the war file
  and access it thru domain name, the css file is not updated
  even i clear everything in my browser
 
  I haven't tried it, but you may have to restart the webapp in order to
  get the updated .css file loaded; just changing the .war file may not do
  that.  Did you try restarting the app manually?  You could provide the
  name of the .css file as a WatchedResource to do it automatically.
 
   - Chuck
 
 
  THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
  MATERIAL and is thus for use only by the intended recipient. If you
  received this in error, please contact the sender and delete the e-mail
  and its attachments from all computers.
 
  -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 

 --
 View this message in context: 
 http://www.nabble.com/Tomcat-5.23%3A-caching-of-css-files--tf4593435.html#a13114923
 Sent from the Tomcat - User mailing list archive at Nabble.com.


 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How do you access all sessions from a servlet in tomcat 6.0?

[Lyallex]

OK, for some reason I've been obsessing about this for a whole day now.

If you hold an external reference to a Session then according to my
tests the session will still time out as expected but the external
reference will be non null. At the very least this means that you may
end up with a large number of useless references taking up space in
memory. Of course you can always remove an invalid or timed out
reference in the sessionDestroyed method of your listener.

There are a whole bunch of other issues surrounding this but I'm sure
you've sussed them out for yourself already.

Anyway, I'll shut up now.

Rgds
Duncan


On 9/19/07, Lyallex [EMAIL PROTECTED] wrote:
 On 9/18/07, Lyallex [EMAIL PROTECTED] wrote:
  How about creating a SessionListener
 
  class SomeSessionListener implements HttpSessionListener ...
 
  Register it in web.xml
 
  in the sessionCreated method of your listener get a reference to the
  new session from the HttpSessionEvent you can now access the
  getLastAccessedTime(), maybe store the refs in some singleton ...

 ...er, actually I think this could be a REALLY STUPID idea as I hadn't
 thought about what happens if you maintain an external reference to a
 session and the session expires...

 Investigating now

 Duncan


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How do you access all sessions from a servlet in tomcat 6.0?

[Lyallex]

On 9/19/07, David Delbecq [EMAIL PROTECTED] wrote:
 Just use WeakReference :)

Er, well that's OK, the  WeakReference referant object (the session)
is null after gc
but now I have a WeakReference object lurking in my Map as opposed to
the HttpSession object previously so I'm not really gaining anything.
Probably best to remove the K, V  pair when the session is destroyed.

  Anyway, I'll shut up now.

I wish.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How do you access all sessions from a servlet in tomcat 6.0?

[Lyallex]

How about creating a SessionListener

class SomeSessionListener implements HttpSessionListener ...

Register it in web.xml

in the sessionCreated method of your listener get a reference to the
new session from the HttpSessionEvent you can now access the
getLastAccessedTime(), maybe store the refs in some singleton
accessible from the context and so some stuff in your TimerTask ...

Just an idea if you like messing about with stuff, nothing to do with
ManagerBase though so I bet there is a better way of doing it.

Rgds
Duncan

On 9/18/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:


 We have tomcat configured to allow users sessions to stay alive for 12
 hours. This is because this is how they like to work, login once at the
 start of the day and shutdown at the end of the day.

 I have a need to track their actual activity, like a concurrent license
 tool, and thought the best way of doing this would be to have a servlet
 start a timer at server startup, this servlet could then poll all the
 active sessions at a set interval and check the  getLastAccessedtime()
 method, building up a view of the actual activity.

 Am I going about this in the right way?

 If I am how do I access all the currently active sessions from a servlet?
 It looks like if I can gain access to the servers engine/context I could
 access all sessions via the ManagerBase class but I do not know how to do
 this.

 Thanks Gary
 _
 This e-mail transmission and any attachments to it are intended solely for
 the use of the individual or entity to whom it is addressed and may contain
 confidential and privileged information.  If you are not the intended
 recipient, your use, forwarding, printing, storing, disseminating,
 distribution, or copying of this communication is prohibited.  If you
 received this communication in error, please notify the sender immediately
 by replying to this message and delete it from your computer.


 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How do you access all sessions from a servlet in tomcat 6.0?

[Lyallex]

On 9/18/07, Lyallex [EMAIL PROTECTED] wrote:
 How about creating a SessionListener

 class SomeSessionListener implements HttpSessionListener ...

 Register it in web.xml

 in the sessionCreated method of your listener get a reference to the
 new session from the HttpSessionEvent you can now access the
 getLastAccessedTime(), maybe store the refs in some singleton ...

...er, actually I think this could be a REALLY STUPID idea as I hadn't
thought about what happens if you maintain an external reference to a
session and the session expires...

Investigating now

Duncan

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Is Tomcat being hacked by curl ?

[Lyallex]

On 8/23/07, Christopher Schultz [EMAIL PROTECTED] wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Duncan,

 Not to belabor this thread too much, but...

 Lyallex wrote:
  I never actually suggested [curl] was a
  hacking tool

 See the subject line.

Yes ... fair point :-}

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Is Tomcat being hacked by curl ?

[Lyallex]

(Debian) Linux 2.6.11.12-xenU
Tomcat 5.5.20
Java 1.5.0_04

This question concerns access to a running Tomcat instance by a
previously unseen/unknown user agent.
I have been developing commercial sites in Java for a number of years
now but this is the first time I have
deployed a commercial application on my own and hence I am a complete
beginner when it comes to dealing with
nefarious nerks trying to hack my installation.

Is it a 'Tomcat' question ?... I'm not sure but here goes anyway.

The following might be quite harmless but it would be nice to hear of
others exp' in this area

Looking at the user agent section of my Webalizer generated access log
analysis page I can see the following entry

curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.

I have been to http://curl.haxx.se/ and it seems to my (currently)
inexperienced eye
that this software _could_ be used to do all sorts of despicable
things to a web site.
I guess it could also be used to 'build your own browser' so I'm not
panicking just yet

I have telnet and ftp disabled and access the server via ssh and scp.

Is this likely to be some dismal little hacker trying to probe my defenses or
am I worrying unnecessarily.

I will investigate curl further of course.

Thanks
Duncan

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Is Tomcat being hacked by curl ?

[Lyallex]

OK, that's all good advice ...

[EMAIL PROTECTED]:/usr/tomcat/logs$ cat access.log | grep curl

69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] GET /favicon.ico
HTTP/1.1 200 2238 - curl/7.12.1 (i386-redhat-linux-gnu)
libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6
69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] HEAD / HTTP/1.1 200 -
- curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a
zlib/1.2.1.2 libidn/0.5.6

So, looking for favicon.ico and doing a HEAD on my entry page, doesn't
look to suspicious I guess.

[EMAIL PROTECTED]:/usr/tomcat/logs$ whois 69.25.212.171

Internap Network Services PNAP-12-2002 (NET-69-25-0-0-1)
  69.25.0.0 - 69.25.255.255
Name.com INAP-DEN-NAMECOM-1256 (NET-69-25-212-128-1)
  69.25.212.128 - 69.25.212.191

# ARIN WHOIS database, last updated 2007-08-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Sometimes whois returns a bunch of stuff sometimes I only get a
minimal return, not much use really.

Anyway, I will investigate further

Thanks for taking the time to reply

Regards
Duncan

On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
 (Debian) Linux 2.6.11.12-xenU
 Tomcat 5.5.20
 Java 1.5.0_04

 This question concerns access to a running Tomcat instance by a
 previously unseen/unknown user agent.
 I have been developing commercial sites in Java for a number of years
 now but this is the first time I have
 deployed a commercial application on my own and hence I am a complete
 beginner when it comes to dealing with
 nefarious nerks trying to hack my installation.

 Is it a 'Tomcat' question ?... I'm not sure but here goes anyway.

 The following might be quite harmless but it would be nice to hear of
 others exp' in this area

 Looking at the user agent section of my Webalizer generated access log
 analysis page I can see the following entry

 curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.

 I have been to http://curl.haxx.se/ and it seems to my (currently)
 inexperienced eye
 that this software _could_ be used to do all sorts of despicable
 things to a web site.
 I guess it could also be used to 'build your own browser' so I'm not
 panicking just yet

 I have telnet and ftp disabled and access the server via ssh and scp.

 Is this likely to be some dismal little hacker trying to probe my defenses or
 am I worrying unnecessarily.

 I will investigate curl further of course.

 Thanks
 Duncan


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Is Tomcat being hacked by curl ?

[Lyallex]

www.who.is

Much more info

...tracking the perpetrator down now ... this is fun.


On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
 OK, that's all good advice ...

 [EMAIL PROTECTED]:/usr/tomcat/logs$ cat access.log | grep curl

 69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] GET /favicon.ico
 HTTP/1.1 200 2238 - curl/7.12.1 (i386-redhat-linux-gnu)
 libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6
 69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] HEAD / HTTP/1.1 200 -
 - curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a
 zlib/1.2.1.2 libidn/0.5.6

 So, looking for favicon.ico and doing a HEAD on my entry page, doesn't
 look to suspicious I guess.

 [EMAIL PROTECTED]:/usr/tomcat/logs$ whois 69.25.212.171

 Internap Network Services PNAP-12-2002 (NET-69-25-0-0-1)
   69.25.0.0 - 69.25.255.255
 Name.com INAP-DEN-NAMECOM-1256 (NET-69-25-212-128-1)
   69.25.212.128 - 69.25.212.191

 # ARIN WHOIS database, last updated 2007-08-22 19:10
 # Enter ? for additional hints on searching ARIN's WHOIS database.

 Sometimes whois returns a bunch of stuff sometimes I only get a
 minimal return, not much use really.

 Anyway, I will investigate further

 Thanks for taking the time to reply

 Regards
 Duncan

 On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
  (Debian) Linux 2.6.11.12-xenU
  Tomcat 5.5.20
  Java 1.5.0_04
 
  This question concerns access to a running Tomcat instance by a
  previously unseen/unknown user agent.
  I have been developing commercial sites in Java for a number of years
  now but this is the first time I have
  deployed a commercial application on my own and hence I am a complete
  beginner when it comes to dealing with
  nefarious nerks trying to hack my installation.
 
  Is it a 'Tomcat' question ?... I'm not sure but here goes anyway.
 
  The following might be quite harmless but it would be nice to hear of
  others exp' in this area
 
  Looking at the user agent section of my Webalizer generated access log
  analysis page I can see the following entry
 
  curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.
 
  I have been to http://curl.haxx.se/ and it seems to my (currently)
  inexperienced eye
  that this software _could_ be used to do all sorts of despicable
  things to a web site.
  I guess it could also be used to 'build your own browser' so I'm not
  panicking just yet
 
  I have telnet and ftp disabled and access the server via ssh and scp.
 
  Is this likely to be some dismal little hacker trying to probe my defenses 
  or
  am I worrying unnecessarily.
 
  I will investigate curl further of course.
 
  Thanks
  Duncan
 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]