Re: Session id is invalid occurs randomly
I guess changing the cookie name can help here: org.apache.catalina.SESSION_COOKIE_NAME See: http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html Note that this is per jvm setting ,so all the apps on the given server will get this cookie name . Which in turn is probably NOT a problem as Christopher have already pointed out. Evgeny On Wed, Feb 24, 2010 at 5:28 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ron, On 2/24/2010 1:50 AM, Ron McNulty wrote: Check what else they have open when they access your application. There could be another J2EE application that does not scope it's session cookies correctly. We have had ongoing problems with SAP portal servers scoping session cookies across our whole domain, rather than scoping to the server they are running on. When this happens, you get a session that does not belong to you. Ask them to browse their cookies and tell you the scope (there are many Firefox plugins that will make this easy). Personally I think it is a shortcoming of the J2EE Servlet specification - all session cookies are named JSESSIONID. This is not honoured by some IBM products, but Tomcat adheres faithfully to the spec. Tomcat's implementation can handle multiple JSESSIONID cookies: if multiple cookies are present, it will loop-over them to see if any are valid. Tomcat will take the first valid JSESSIONID cookie and ignore the others. Unless there are session id collisions between webapps, this should not be the problem (instead, what the OP would observe is users masquerading as other users: oops). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuFRakACgkQ9CaO5/Lv0PCnhgCgsbtHGVnnmOmKH9TojubDuAv/ 9wIAoL9Nf46c8xfyWSORm9enuzdb4sVm =aG5M -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
On Tue, Feb 23, 2010 at 8:08 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tsirkin, On 2/23/2010 1:51 AM, Tsirkin Evgeny wrote: What we did - override session object using filter.On each request start it would read it's info from db (any configured one ,but preferring the local one) On each request end it would write itself into ALL dbs that are configured to be used. This could have been done using standard Tomcat components and a shared session-only database. Which means running another mysql instance just for it, And on what machine - there are 2 equivalent machines ,no separate db one. Or, a pair of MysQL databases rigged to hot-copy each other. Unfortunately i think that mysql just don't know how to do master-master cluster (maybe in newer versions it does). I think you did more work than necessary. Does this work with authentication? Tomcat adds information to the session that isn't part of the attributes, so a standard HttpSession wrapper won't be able to replicate this information between the nodes. I guess tomcat authentication is broken for me - tomcat is probably writing something in session _ before _ the filter loads the data into it from db. This probably can be fixed if i do not rip the old data written by tomcat and just add my own ,but i just don't use tomcat auth. That means that things like flow-resuming (where your original request is re-submitted after successful authentication) won't work. What's flow-resuming is ?How a request can be resumed ?Doesn't this goes againt the idea of http is staitless ,that's vrey interesting? Evgeny - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEGbYACgkQ9CaO5/Lv0PDhiQCfQe3yPvORu/NX4AKyTDFL+xvR kxgAoKAdaB26k5K/T+10Rqrq7iQsS6Xu =2IqQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
On Tue, Feb 23, 2010 at 11:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- What's flow-resuming is ?How a request can be resumed ?Doesn't this goes againt the idea of http is staitless ,that's vrey interesting? So,the flow-resuming you were talking about is just the mechanism of storing the request parameters and url and use them again after successful authentication,right? Yes,this probably would not work with custom session ,since tomcat probably stores the parameters and url in session. For this particular issue however i have implemented my own mechanism using custom cookies (server side cookies). Of course,all this is probably can not be reused and is tied to my particular env. . But it is a yes this can be done if really needed email. Evgeny See section 12.5.3 of the servlet (2.5) specification which lays this all out in plain English. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuETaUACgkQ9CaO5/Lv0PDHggCeOrnsxbjOuB0THbM80BBmeJSe BEEAnRglqa3NXiGhX7+2IoFIWbotMCLl =4KTl -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
Just in case somebody will google for a solution for replacing session. I have done this . First of all ,why: We have cluster of 2 machines . Each have a separate db on it . The machines are sharing information using nfs mounting fs. Each machine runs it's own apache server ,(no apache balancer in front). There IS a hardware load balancer in front of this but sometime it fails to route already open sessions to same host. So,we can't : 1. share sessions using files ,because this would be same file for 2 tomcats and because this would fail on nfs . 2. we can't use tomcat cluster because there are cases when BOTH tomcat would be shut down or restarted and session would be loosed. 3. we can't use a db because there is no central db - each host has it's own one. 4. to complicate issue machines could be added/removed to the cluster. What we did - override session object using filter.On each request start it would read it's info from db (any configured one ,but preferring the local one) On each request end it would write itself into ALL dbs that are configured to be used. Although the obvious problem here is the writing to more then 1 db and reading from a db on each request ,this really works good thanks for mysql to be so fast on simple read/write. I have even implemented a simple lock mechanism for session . What more - this solution is portable ,it worked for us on SunONE server and now on tomcat. Thanks Evgeny On Tue, Feb 16, 2010 at 9:54 PM, Simone Tripodi simone.trip...@gmail.comwrote: Hi Martin, very interesting, thanks for share it!!! I did, more or less, the same on a project for a customer, but it was strictly related to the application, your stuff looks much much better of mine and it is a reusable module. All the best, Simo http://people.apache.org/~simonetripodi/http://people.apache.org/%7Esimonetripodi/ On Tue, Feb 16, 2010 at 6:02 PM, Martin Grotzke martin.grot...@javakaffee.de wrote: Hi Jon, On Mon, 2010-02-15 at 11:55 -0600, Jon Brisbin wrote: I'm trying to figure out today how I can implement a Valve or something that can store a session to a backend DB and reload that session on another Tomcat instance similar to how the PersistentManager loads user's session after a restart. Would a Valve based on PersistentValve allow me to implement a cluster-like solution such that a user login causes a write to a central database and a load balanced request to another server would see that user without forcing another login? You might have a look at the http://code.google.com/p/memcached-session-manager/ which is a session failover solution storing sessions in memcached. When the project was created I only thought of applications using sticky sessions but it should also work with non-sticky sessions if sessions are stored in memcached synchronously (sessionBackupAsync needs to be set to false, see [1]). The memcached-session-manager basically is a session manager implemention, the most interesting part is the MemcachedBackupSessionManager ([2]) if you want to have a look at the code. Cheers, Martin [1] http://code.google.com/p/memcached-session-manager/wiki/SetupAndConfiguration [2] http://github.com/magro/memcached-session-manager/blob/master/core/src/main/java/de/javakaffee/web/msm/MemcachedBackupSessionManager.java Jon Brisbin Portal Webmaster NPC International, Inc. On Feb 15, 2010, at 11:05 AM, Simone Tripodi wrote: Hi all guys and very nice to meet the Tomcat community, I've a web-application that needs to be replicated in more than one Tomcat, and since it is HttpSession based, I need to enable the session replication. Even if I work with very good sysadmins that know how to do it, I'm curious and would like to know if I could replace the HttpSession implementation with a my own one, I'd like to integrate Hazelcast[1] for data synchronization. Thanks in advance, every suggestion will be very appreciated. Simo [1] http://www.hazelcast.com/ http://people.apache.org/~simonetripodi/http://people.apache.org/%7Esimonetripodi/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
Carl , At this point it is probably would be much simpler for you to just move away from Slackware . Building jvm from source ,debugging with strace - this is a very hard path . And once you find the bug - there is nothing that you can do with it. You are not going to fix jvm/libc bugs ,right? You could report it and wait for new release . Probably your best bet would be use another distro and download Sun's jvm from thier site. Evgeny So, the only way to get the details would seem to be to build the jvm from source (I have downloaded the source but haven't built the jvm yet.) I don't know how to force a java stack dump at point of failure, not even certain it is possible because it would seem the the failure in the C code in the jvm would mean the jvm would stop before it could give a stack trace. Understand that this is my best guess and that this area is removed from my usual mundane Java application development. If anyone has suggestions, I am open to them because I know I know very little. Thanks, Carl
Re: Tomcat dies suddenly
Just an advise . I don't know what the problem is,however suppose that this is OOM killer - why not just add some GB of swap disk spae is even chiper then RAM Evgeny On Thu, Feb 4, 2010 at 9:04 PM, Carl c...@etrak-plus.com wrote: Chuck and Dan, First, some housekeeping to respond to your points and questions: 1. The 3.6GB I stated in my prior email to Dan was the total memory used. The Tomcat process (from top) was 1.7-1.8GB. 2. I did not know that Linux cached disk accesses in RAM. I have worked with Linux (and Unix and Aix before that) for a number of years but never understood all the pieces... as long as it worked, I was happy (and, in general, I didn't ask much of the systems.) To sum up your observations: The memory usage I was seeing was not unusual and not likely the source of the problem. The system failed again about 30 minutes ago. The overall memory dropped to 2.9GB (from top.) The last entries in catalina.out were: 41608.326: [GC 41608.326: [ParNew: 72021K-4186K(76672K), 0.0674360 secs] 376022K-309373K(1040064K) icms_dc=0 , 0.0675430 secs] [Times: user=0.25 sys=0.00, real=0.07 secs] 41610.048: [GC 41610.048: [ParNew: 72346K-8512K(76672K), 0.0408460 secs] 377533K-318233K(1040064K) icms_dc=0 , 0.0409480 secs] [Times: user=0.15 sys=0.00, real=0.04 secs] The GC information in catalina.out before that was: 41391.749: [GC 41391.749: [ParNew: 70179K-2466K(76672K), 0.0064220 secs] 374180K-306467K(1040064K) icms_dc=0 , 0.0065240 secs] [Times: user=0.02 sys=0.00, real=0.01 secs] 41393.383: [GC 41393.383: [ParNew: 70626K-2571K(76672K), 0.0059940 secs] 374627K-306572K(1040064K) icms_dc=0 , 0.0060940 secs] [Times: user=0.03 sys=0.00, real=0.01 secs] and before that: 41216.669: [GC 41216.669: [ParNew: 69204K-2621K(76672K), 0.0068300 secs] 367414K-300832K(1040064K) icms_dc=0 , 0.0069380 secs] [Times: user=0.02 sys=0.00, real=0.00 secs] 41216.710: [GC 41216.710: [ParNew: 70720K-3097K(76672K), 0.0064720 secs] 368930K-301364K(1040064K) icms_dc=0 , 0.0065740 secs] [Times: user=0.03 sys=0.01, real=0.00 secs] 41216.750: [GC 41216.750: [ParNew: 71117K-3241K(76672K), 0.0063760 secs] 369384K-301618K(1040064K) icms_dc=0 , 0.0064780 secs] [Times: user=0.03 sys=0.00, real=0.00 secs] The /var/log/messages from that machine for today were: Feb 4 00:08:05 tomcat2 -- MARK -- Feb 4 00:28:05 tomcat2 -- MARK -- Feb 4 00:48:05 tomcat2 -- MARK -- Feb 4 01:08:05 tomcat2 -- MARK -- Feb 4 01:28:05 tomcat2 -- MARK -- Feb 4 01:48:05 tomcat2 -- MARK -- Feb 4 02:08:05 tomcat2 -- MARK -- Feb 4 02:28:05 tomcat2 -- MARK -- Feb 4 02:48:05 tomcat2 -- MARK -- Feb 4 03:08:05 tomcat2 -- MARK -- Feb 4 03:28:05 tomcat2 -- MARK -- Feb 4 03:48:05 tomcat2 -- MARK -- Feb 4 04:08:05 tomcat2 -- MARK -- Feb 4 04:28:06 tomcat2 -- MARK -- Feb 4 04:48:06 tomcat2 -- MARK -- Feb 4 05:08:06 tomcat2 -- MARK -- Feb 4 05:28:06 tomcat2 -- MARK -- Feb 4 05:48:06 tomcat2 -- MARK -- Feb 4 06:08:06 tomcat2 -- MARK -- Feb 4 06:28:06 tomcat2 -- MARK -- Feb 4 06:48:06 tomcat2 -- MARK -- Feb 4 07:08:06 tomcat2 -- MARK -- Feb 4 07:28:06 tomcat2 -- MARK -- Feb 4 07:48:06 tomcat2 -- MARK -- Feb 4 08:08:06 tomcat2 -- MARK -- Feb 4 08:28:06 tomcat2 -- MARK -- Feb 4 08:48:06 tomcat2 -- MARK -- Feb 4 09:08:06 tomcat2 -- MARK -- Feb 4 09:28:06 tomcat2 -- MARK -- Feb 4 09:33:32 tomcat2 /usr/sbin/gpm[3414]: *** info [mice.c(1766)]: Feb 4 09:33:32 tomcat2 /usr/sbin/gpm[3414]: imps2: Auto-detected intellimouse PS/2 Feb 4 09:48:06 tomcat2 -- MARK -- Feb 4 10:08:06 tomcat2 -- MARK -- Feb 4 10:28:06 tomcat2 -- MARK -- Feb 4 10:48:06 tomcat2 -- MARK -- Feb 4 11:08:06 tomcat2 -- MARK -- Feb 4 11:28:06 tomcat2 -- MARK -- Feb 4 11:48:06 tomcat2 -- MARK -- Feb 4 12:08:06 tomcat2 -- MARK -- Feb 4 12:28:06 tomcat2 -- MARK -- Feb 4 12:48:06 tomcat2 -- MARK -- Feb 4 13:08:07 tomcat2 -- MARK -- Feb 4 13:28:07 tomcat2 -- MARK -- Feb 4 13:48:07 tomcat2 -- MARK -- I don't see anything here and this file has looked pretty much like this every failure. JAVA_OPTS in catalina.sh are: JAVA_OPTS=-Xms1024m -Xmx1024m -XX:PermSize=384m -XX:MaxPermSize=384m -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/usr/local/tomcat/logs I checked /usr/local/tomcat/logs but found only the usual files. The information was in catalina.2010-02-04.log showed our nightly restart of Tomcat but nothing more recent. There were, however, several entries like the following that indicate some kind of problem: Feb 4, 2010 1:10:03 AM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.threadlo...@68758d7b]) and a value of type [null] (value [net.sf.jasperreports.engine.export.legacy.borderoffse...@7b47951c]) but failed to remove it when the web
Re: More on Tomcat Sessions - limiting cluster session replication to sessions that will last longer than 'n' duration
Did you think about a possibility instead of get rid of the session overwriting the manager - getting rid of the data stored in session? If I understand correctly Tapestry needs the session for the page creation time ,which means that you don't need all the data stored there after the page was created (i would call it request context),right? You could _maybe_ do even better - look into Tapestry maybe it's data is marked in some way (i would guess it would ,for example with some prefix in attribute's name). And clean ,this only data ,after each request . I guess you can overwrite the Tomcat's Session (maybe will break the replication) or just configure a filter for this job. This is really simple ,the question is, will Tapestry work if you just throw away it's data after each request. Since I am not a Tapestry Guru i can't say . Hope this helps. Evgeny On Wed, Jan 13, 2010 at 12:19 AM, Robin Wilson rwil...@kingsisle.comwrote: Thanks for your response, here are my answers to your questions... In our test environment, we have a 2 server cluster, but our front-end Apache server is only hitting one of them. Regardless of that fact, all sessions created on either server get replicated to the other. So as they are created on the single test path, they get replicated to the second tomcat server. With only 2 cluster members, this isn't really a big deal (except for the load generators being able to create sessions faster than Tomcat can get rid of them). However, in our production environment we have 4 cluster members, so it only takes 1/4 of the load on each server to max out all 4 servers in terms of session creation speed. Keep in mind that during this situation, the _only_ problem we're seeing is that the sessions eventually fill up the heap. Performance remains good until the heap fills up and we start thrashing on Full GCs. (Clearly, more memory will help - by extending the duration we can sustain of peak loads, but a better solution will be to stop creating sessions for stuff that doesn't need it.) Your point is well taken about not creating the short-duration sessions, but alas, Tapestry is the chosen framework - and it uses the session as a mechanism to pass (more-or-less) global values between components of the page creation process. So ripping out that capability in Tapestry would require a massive change to our infrastructure. Your notes on the clustering (changes to DeltaManager) are right on target. So we adjusted when the DeltaManager creates the session until the end of processing, so that we know the timeout before we attempt to replicate it to other cluster members. That way, we already know the actual timeout duration before we decide whether to replicate. All of this would be unnecessary if there was some sort of session cleanup process that could dump expired sessions en masse every so often. Near as we can tell, each session has to be individually expired, which is why it lags so far behind the creation process. -- Robin D. Wilson Director of Web Development KingsIsle Entertainment, Inc. CELL: 512-426-3929 DESK: 512-623-5913 www.KingsIsle.com -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, January 12, 2010 3:06 PM To: Tomcat Users List Subject: Re: More on Tomcat Sessions - limiting cluster session replication to sessions that will last longer than 'n' duration -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robin, On 1/12/2010 1:42 PM, Robin Wilson wrote: Earlier this week I posted a question about how to prevent sessions from being created in our Tapestry pages, and/or how to get Tomcat to get rid of a bunch of '1-second' sessions we're creating during a load test because the sessions eventually fill up the heap. (They are being created faster than Tomcat can clean them out - even though they expire faster than we create them.) Well, they are eligible for expiration faster than they are being created. That session expiration thread can't be running /all/ the time :) So, my lead developer thinks he has found a way to alleviate our problems (at least for our production Tomcat 6.0.20 cluster of 4 servers). We will not replicate sessions to other cluster members unless they have a duration longer than a 'threshold' we set. Aah... I didn't realize that you were experiencing a session replication storm in your test setup. I thought you were only using a single app server for load testing. Did I misunderstand? We are altering the DeltaManager to make this change, so that simply creating a session doesn't automatically guarantee that it is replicated to other nodes in the cluster. The session duration will also have to be greater than a sessionDurationMinThreshold value we will set in the 'server.xml' file for the new DeltaManager. The idea is that sessions created that have very short durations are really 'transient' anyway, so there is no
Re: Http session lost b/w struts actions on Linux but not in Win
As Johan already pointed (or almost pointed ) out. check the domain path of the JSESSIONID cookie . If those are different then that's why you get 2 of them. Evgeny On Wed, Dec 23, 2009 at 10:52 AM, Johan Thorselius johan.thorsel...@gmail.com wrote: Hi Ron, Actually, there is an Apache in front of Tomcat when on Linux (sorry about that vital detail), can that create the problem ? I will check the configuration of Apache with other staff, can't be before x-mas. Thanks - Johan 2009/12/23 Ron McNulty rmcnu...@xtra.co.nz Hi Johan Two JSESSIONID values does look odd. I've seen problems like this when another server running a Java J2EE servlet container incorrectly had its JSESSIONID cookie scope set to the whole domain, rather than scoped to the server and application. In my case it was a SAP web server, and the session ID value was readily recognisable, and quite different to Tomcat values. That may also explain the Linux/Windows difference if your development boxes are on Windows and the production/test boxes are on Linux. Regards Ron - Original Message - From: Johan Thorselius johan.thorsel...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, December 22, 2009 11:38 PM Subject: Re: Http session lost b/w struts actions on Linux but not in Win I here add some info from Firebug which may be significant. 'GET localhost:8080/wap-app/start.action': CookieJSESSIONID=9726CDF4A527E3D98451140AB69EFA2C; JSESSIONID=BEED739340DDD4370C85A9D12917692A 'GET localhost:8080/webdav/images/.../1px.gif': CookieJSESSIONID=BEED739340DDD4370C85A9D12917692A Johan 2009/12/22 Johan Thorselius johan.thorsel...@gmail.com The issue now boils down to the following a bit strange thing. Any idea why this happens ? - request.getSession() returns an incorrect null on Linux, but on Windows it's OK - under the following circumstances: When using Firebug on Firefox I noted that a corporate common .css references a 1-pixel gif which is not present and visible, hence there is a '404 Not found' error for the 'GET localhost:8080/webdav/images/.../1px.gif'. But the preceding 'GET localhost:8080/wap-app/start.action' is fine. In my myValve-class on Linux: 'GET localhost:8080/wap-app/start.action' = myValve.invoke() ... request.getSession() returns a correct session object 'GET localhost:8080/webdav/images/.../1px.gif' = myValve.invoke() ... request.getSession() and request.getSession(true) both returns null Same code and same build, in my myValve-class on Windows: Both GET = myValve.invoke() ... request.getSession() returns a correct session object The webapp is built with Struts2/Spring. Both Linux and Windows uses Tomcat 6.0.20. On Windows Java version 1.6.0_16 is used On RedHat Linux Java version 1.6.0_13 is used and.. In the log incorrect event code, do you return from the valve, or do you continue processing? The execution continues down to the bottom with 'getNext().invoke(req,resp)' Johan 2009/12/17 Christopher Schultz ch...@christopherschultz.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johan, On 12/17/2009 7:52 AM, Johan Thorselius wrote: request.getSession() returns an incorrect null on Linux, but on Windows it's OK. That's odd... request.getSession() should never return null. This method: Returns the current session associated with this request, or if the request does not have a session, creates one. I have an ordinary Struts2 web app deployed on Tomcat 6.0.20, together with a JAAS-solution where I have my own Valve class. The Valve repeatedly executes invoke() with the following code-snippet (here very much simplified): . . . if (LOGGER.isDebugEnabled()) { if (request.getSession() == null) { // Log incorrect event (1) } else { // Log OK (2) } if (request.getSession(true) == null) { // Log incorrect event (3) } else { // Log OK (4) } } /* * Here a NullPointerException occurs */ request.getSession().setAttribute(...,...); In the log incorrect event code, do you return from the valve, or do you continue processing? In the first request the session is not lost, everything is fine with (2) and (4). In the following requests getSession() returns null (1) and (3). Are you storing the request object anywhere and perhaps using it after it's been recycled? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksqoSoACgkQ9CaO5/Lv0PDZ7QCfXwdUPAoU9EPxlEC64f11rlAa +0oAoJG3hjVFYbeCvkrXQ14bkvlq9bJZ =lF2t -END PGP SIGNATURE-
Re: sessions on tomcat restart in cluster
First of all please note that i really appreciate the tomcat developers work and thank them for it. However see my notes below: On Mon, Oct 26, 2009 at 9:21 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tsirkin, On 10/25/2009 8:10 AM, Tsirkin Evgeny wrote: Instead, it's a simple case of choosing a single node to act as the controller for the cluster. Just add a configuration parameter to the Cluster element to identify one server as the controller and have /that/ one manage the sessions when the cluster is shut down. Hang on, there's no shutdown cluster message that all nodes understand. So, let's add that. But wait, what happens if the cluster controller goes down? We need a backup for the cluster controller. Let's add a backup for the cluster controller, and then a backup for the backup, and then a backup for the backup for the backup... Actually your solution is pretty fine. Just that there is no need in controller backup - in case that the controller goes down another node should take other (that;s for example how master/slave architecturere works if the master fails - a slave takes other). Another solution would be to implement the same algorithm db clusters use i.e. have a log for changes and synchronize on that - no controller needed. Actually the master/master cluster a very common for example in db world and the algorithms for it are well known. Again ,i really appreciate the tomcat dev. work ,so if they do not have time to implement such an alg. then i understand. Now do you see why this hasn't been implemented? No i don't .A complexity of solution does not mean let's not do it. In that case we should say: Hei, writing kernel is hard ,let's not do Linux or Hei,GC is hard let leave memory management in Java to programmers However,something like this is fine: We are short in resources and this feature is _not_ that needed ,let's do something else. And yes it _ is _ agreed that this feature is _ mostly _ not very needed so if there is nobody to implement it - let the developers do something else. Evgeny - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrl6L8ACgkQ9CaO5/Lv0PDdoACfR6+VP3xSV+17TdKs2759Z0fU gjAAnA5IDckHoO8AClD7Q1X+ArGl+Qte =0cmc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
sessions on tomcat restart in cluster
Hi all! Does the cluster DeltaManager supports storing the session in a file on restarts? It seems to me that when closing both servers in my cluster and then starting them again the sessions are not restored .What is a solution for that . (P.S. tomcat 6.0 apache 2) Thanks EVgeny
Re: sessions on tomcat restart in cluster
I had a short into a source code ( http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/DeltaManager.java?revision=817103view=markup ) and it seems that DeltaManager does not support what i want: I want my sessions replicated across tomcats (2 nodes) but in case that i stop both of it and then start again the tomcat should read the session from a file/any storage. Yes,i understand that such a scenario leaves a question of how to replicate tomcat across tomcats _ after _ a tomcat was restarted (i.e. should a session just read from a file be replicated to other nodes?) open. However even if some session got _ not _ to be replicated after a restart - this is far less a problem then a case of _ all _ session not to be restored after a restart. Does anybody knows a solution for that? Thanks Evgeny On Sun, Oct 25, 2009 at 1:23 PM, Tsirkin Evgeny tsir...@gmail.com wrote: Hi all! Does the cluster DeltaManager supports storing the session in a file on restarts? It seems to me that when closing both servers in my cluster and then starting them again the sessions are not restored .What is a solution for that . (P.S. tomcat 6.0 apache 2) Thanks EVgeny
Re: jvmRoute usage
But the jvmRoute is optional if i don't care about stickyness,right? Now looking again into docs i think it is there : _ If you want to use session stickiness _, you must set different jvmRoute attributes in the Engine element in Tomcat's server.xml. Furthermore the names of the workers which are managed by the balancer have to be equal to the jvmRoute of the Tomcat instance they connect with. Thanks Evgeny point in setting the jvmRoute anyway.But is jvmRoute optional? See above concerning replication and stickyness. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
jvmRoute usage
Hi list! I am configuring tomcat cluster in the following env. : 2 servers having apache/mod_jk in front and tomcat 6 in the back end. There _is_ a load balancer in front of all this, however the session stickiness does not always works _and_ there is always a question - what if one of the servers will be took out for a while and the traffic redirected to another one. However i have configured in the past multiple application (of the same tomcat instance) to site on different workers . (I wanted a separated pool of tomcat thread with separate timeout etc. configured for each application). Since this is the same tomcat those applications site in the same Engine But ,and here is the question, according to docs - I should configure my Engine jvmRoute to be the same as the worker's name ,but my Engine have several workers associated with it !!! If i understand correctly jvmRoute is used for session stickiness ,right? Basically for my setup i think i can do without the jvmRoute at all ,since i have an apache in front of every tomcat separately, is that right? Thanks Evgeny
Re: jvmRoute usage
Hi Rainer! Thanks a lot for taking a time to answer . However i failed to explained my configuration :). I have 2 physical server each running httpd which connects (via mod_jk) to one tomcat that is running on the same host (2 tomcats). The 6 in tomcat meant to say that i have tomcat of version 6 . However you actually helped me, please see below. No, if your load balancer does not implement session stickyness correctly - as you noted above - you need to let both Apache servers connect to all 6 Tomcats to be able to correct the erros done by the load balancer. Do i actually have to? If my tomcat are same and the sessions are replicated then what does it metter to which one the request goes? wA0.port=8009 wA0.route=nodeA wA1.port=8109 wA1.route=nodeA wA2.port=8209 wA2.route=nodeA wB0.port=8009 wB0.route=nodeB wB1.port=8109 wB1.route=nodeB wB2.port=8209 wB2.route=nodeB ... Thanks! The w.route was something that i missed. However my problem is different : I have several applications that are configured to be on different worker while those workers are on the _same_ tomcat instance ! That is because those workers use different configurations (such as timeout etc.). All the applications are in the same Engine on different Contexts . How do i configure cluster in that case? What i was thinking is that since i have one httpd for each tomcat then there is no point in setting the jvmRoute anyway.But is jvmRoute optional? Thanks again Evgeny
Re: Tomcat 5.5 logging-config elegant? Not so much, I think.
I didn't get it : Are you trying to get tomcat internal log to be logged somewhere or are we talking about your application's logs? Evgeny On Tue, Oct 20, 2009 at 12:42 AM, larrydlefever larrydlefe...@gmail.comwrote: I just killed most of the afternoon trying (and failing) to get Tomcat 5.5 logging configured for just pretty basic sensible (to me, at least) output. I'm running Ubuntu. I installed Tomcat 5.5 via aptitude (the Ubuntu package-fetcher/installer). Symptoms: - a lingering System.out.println() (I know shouldn't use such -- but just knew I'd have trouble setting up logging -- and I was right): it's apparently getting swallowed, though I don't see that swallowOutput option being set where I believe it's supposed to be set (per some forum-posts and such) - a Log statement set up using Commons Logging doesn't appear, though it's essentially immediately 'upstream' of what does appear (more about which in a moment) -- it's in the same method and there's no control-logic preventing it from executing - there's an ex.printStackTrace() whose output IS appearing in the catalina.out file -- or the one like it with the timestamp in it (not sure why there are two such) So, regarding application-specific logging, I'm apparently getting only what's automatically going to stderr. Solution-Efforts: - tried most obvious thing first: put the log4j jar into the webapp's WEB-INF/lib and log4j.properties into its WEB-INF/classes directories, tweaked my code to use Log4J explicitly as logger, changed one System.out.println() line to use that logger; result: no change - read about (rather hackish!) things to do 'upstream' (or: up the classloader-hierarchy) in the common/lib and common/classes directories; basically doing much as above but at that 'commons' directory-level; result: no change; maybe had yet to change the startup.sh script to set a -D option to point to my own log4j.properties file; might yet do so, though reluctant, since that's so damn hackish - read about and tried (even more hackish!) tricking the bootstrap code into thinking it's using commons-logging-api.jar when it's actually using the full fledged commons-logging.jar (along with associated change to my code to use commons-logging's classes rather than specifically those of Log4J): result: no change - incidently, each of these tests seemed to have the desired effect locally on my Windows laptop while running in Jetty rather than Tomcat I plan to continue with all this tomorrow, with a 'fresh head', but anything anybody might be able to tell me that might give me the needed aha moment with this would be much appreciated. Thanks. -- View this message in context: http://www.nabble.com/Tomcat-5.5-logging-config-elegant---Not-so-much%2C-I-think.-tp25966929p25966929.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5.26 hangs
On Wed, Oct 14, 2009 at 6:15 PM, Mark Thomas ma...@apache.org wrote: Have you tried JkOptions +DisableReuse And if that solves the problem setup connection timeout . http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html Evgeny
Re: tomcat5.5 can't start
looks like you are using ubuntu or debian but it installs tomcat 5.5 which is an old version . maybe you should upgrade your distrib? anyway your question probably belongs to the debian/ubuntu lists not here. also from my personal exper. ,thought i installed successfully tomcat on ubuntu it is always better to use vanilla tomcat versions. Evgeny On Mon, Oct 12, 2009 at 9:05 AM, jay uniojnqoif...@gmail.com wrote: Hi all : I have some problem with tomcat . I have install tomcat5.5 , root@ ibm:/tmp# dpkg --get-selections | grep tomcat5.5 libtomcat5.5-java install tomcat5.5 install then I using /etc/init.d/tomcat5.5 start to start tomcat, r...@ibm:/tmp# /etc/init.d/tomcat5.5 start * Starting Tomcat servlet engine tomcat5.5 [ OK ] But when I to check the tomcat ,I find tomcat didn't start . I have modify /etc/default/tomcat5.5 ,set TOMCAT5_SECURITY=no And my /var/log/tomcat5.5/ is empty . What's problem with my tomcat ? Cheers, jay
Re: mod_jk problem related to multiple hosts on Apache and Tomcat
What Chuck means is that you need docBase=/var/lib/tomcat5/webapps/alfresco On Wed, Oct 7, 2009 at 8:51 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Maciej Zabielski [mailto:m...@tessel.pl] Subject: mod_jk problem related to multiple hosts on Apache and Tomcat Tomcat Host Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Context path= docBase=/var/lib/tomcat5/webapps/ Aliasalfresco.domain.com/Alias /Host I can't advise you about the httpd-related stuff, but the above is clearly wrong. The docBase attribute of a Context must not be the same as the Host appBase; docBase should point to some directory or .war file directly *underneath* the appBase directory. (Your other Host element is correct.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat and cgi
Hi list! Does anybody have an experience running cgi programs under tomcat? We have a very high load ahead of us and one of my co workers suggestied to run the cgi program using a tomcat in place of apache . What we have one spare server that we can connect behind our main server using one of the two options: 1. setup mod_proxy to pass the cgi request to this backend machine and on that machine use apache server. 2. put tomcat on the backend ,make it run cgi and connect it using mod_jk Note that we can't use load balancer here to put the new machine _together_ with the production one , because we have no time to have a full install of _all_ the applications there we need another ssl cert for it. We just want, at the mean time ,put it at the back and redirect some the traffic there. So ,which is better for cgi : tomcat or apache? The one who suggested tomcat have in mind the fact that tomcat is multithread and we will have less memory footprint with it,hopefully? Thanks Evgeny
Re: An unexpected error has been detected by Java Runtime Environment:
It's possible. What is your architecture? Solaris 9.Sparc. Do you have physical access? Can you run a memory tester on it? Unfortunatly this is not possible. Thanks Evgeny - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqhJNgACgkQ9CaO5/Lv0PAHzwCff9RgReSy8KeQLVEnN5TX2XEB kSIAoJPHn+1g7VzvA/+FuCdvB8YzY9mt =d2Fg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: An unexpected error has been detected by Java Runtime Environment:
Why SIGBUS is Cool? What is strange is that running 32 bit java helped. Of course i can explain it that the 32 have less address space and it does not get to the bad RAM ,but still ... Evgeny On Fri, Sep 4, 2009 at 12:32 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter, On 9/3/2009 6:06 AM, Peter Crowther wrote: Have you got a creeping failure on your hardware? Bad RAM could cause the problem you observe, for example. +1000 SIGBUS? Cool! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqgNgUACgkQ9CaO5/Lv0PAqsACcCm5+2laf48qTcSRRpIqKGE+K 9AEAn3Vp6VvuSMYT4ZqI08wxSPV3kkoR =0Ffv -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: redirect paramter in the jk_workers file
I think you can achieve something simular just using longer timeouts on mod_jk one of those: http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html * use_server_errors* And use ErrorDocument in apache for custom error page Evgeny On Thu, Sep 3, 2009 at 8:54 AM, Dhiraj Rajput draj...@premiertechnologygroup.com wrote: Hi Rainer, Yes , it support to the 1.29 mod jk. But here issue is different, I am using the JDBC store for the clustering. Suppose my application is running fine and that instant if node1 is goes offline It need near about 10 - 20 sec to push the session in to DB and in between these 10 sec I f I try to do anything in my application , the application kick back me on login page. To overcome from this login page issue I am thinking to use the redirect parameter for two nodes. In this case , can you please tell me wheather this is sutaible and how it works. -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Wednesday, September 02, 2009 11:28 PM To: Tomcat Users List Subject: Re: redirect paramter in the jk_workers file Your mailer uses a very unfriendly way of formatting your messages. So I do top posting. Yes, as you can read on http://tomcat.apache.org/connectors-doc/reference/workers.html the atribute redirect is supported since version 1.2.9. For a two node load balancer, you don't need it though. If you have many nodes in a load balancer, the redirect expresses, which one you prefer for the failover. If you dont specify it, the load balancer will use some other working node according to its load values. Regards, Rainer On 02.09.2009 06:51, Dhiraj Rajput wrote: Hi Chris, I have below mention tag in my jk workers file. orker.tomcat.type=lb worker.tomcat.socket_keepalive=1 worker.tomcat.socket_timeout=300 worker.tomcat.connection_pool_size=50 worker.tomcat.connection_pool_timeout=600 worker.tomcat.balance_workers=tomcatnode1,tomcatnode2 worker.tomcat.sticky_session=true worker.tomcatnode1.port=9732 worker.tomcatnode1.host=10.18.25.160 worker.tomcatnode1.type=ajp13 worker.tomcatnode1.socket_keepalive=True worker.tomcatnode1.socket_timeout=300 worker.tomcatnode1.connection_pool_timeout=600 worker.tomcatnode1.connect_timeout=600 worker.tomcatnode1.redirect=tomcatnode2 worker.tomcatnode2.port=9733 worker.tomcatnode2.host=10.18.25.107 worker.tomcatnode2.type=ajp13 worker.tomcatnode2.socket_keepalive=True worker.tomcatnode2.socket_timeout=300 worker.tomcatnode2.connection_pool_timeout=600 worker.tomcatnode2.redirect=tomcatnode1 I am not 100% sure how this works and is it really usefull for the failover. Thanks and Regards, Dhiraj V Rajput Associate System Admin Hosting Services Group Premier Technology Group Nagpur Phone: - USA- 1-626-698-1099 India Office: 91-712-2446734 ext 30 cell no : 91-9370315811 -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, September 01, 2009 11:22 PM To: Tomcat Users List Subject: Re: redirect paramter in the jk_workers file Hash: SHA1 Dhiraj, On 8/27/2009 8:26 AM, Dhiraj Rajput wrote: I have issue on the redirect tag in jk workers file. What is redirect tag? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
An unexpected error has been detected by Java Runtime Environment:
environment : Apache Tomcat/6.0.18 Solaris 9 64 bit jdk1.6.0_13 On one of the servers we are today getting constantly errors: An unexpected error has been detected by Java Runtime Environment. Here are some of those: --- # # An unexpected error has been detected by Java Runtime Environment: # # SIGBUS (0xa) at pc=0x7f4008b8, pid=2380, tid=121 # # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode solaris-sparc) # Problematic frame: # C [libc_psr.so.1+0x8b8] # # An error report file with more information is saved as: # /tmp/hs_err_pid2380.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # --- # # An unexpected error has been detected by Java Runtime Environment: # # SIGBUS (0xa) at pc=0x78c0bf44, pid=11205, tid=615 # # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode solaris-sparc) # Problematic frame: # j java.net.URLStreamHandler.parseURL(Ljava/net/URL;Ljava/lang/String;II)V+0 # # An error report file with more information is saved as: # /tmp/hs_err_pid11205.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # --- # # An unexpected error has been detected by Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x7e34c17c, pid=23223, tid=5 # # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode solaris-sparc) # Problematic frame: # V [libjvm.so+0x74c17c] # # An error report file with more information is saved as: # /tmp/hs_err_pid23223.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # --- The file which should contain the logs/dump (i.e. /tmp/hs_err_pid23223.log) are empty. Did anybody get experienced with such a thing? Thanks Evgeny
Re: An unexpected error has been detected by Java Runtime Environment:
I don't think so: 1. Why would it break jvm? 2. this same app. works fine for 1/2 year + it works fine on another server. Thanks Evgeny On Thu, Sep 3, 2009 at 12:51 PM, Rainer Jung rainer.j...@kippdata.dewrote: On 03.09.2009 11:42, Tsirkin Evgeny wrote: environment : Apache Tomcat/6.0.18 Solaris 9 64 bit jdk1.6.0_13 On one of the servers we are today getting constantly errors: An unexpected error has been detected by Java Runtime Environment. Here are some of those: --- # # An unexpected error has been detected by Java Runtime Environment: # # SIGBUS (0xa) at pc=0x7f4008b8, pid=2380, tid=121 # # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode solaris-sparc) # Problematic frame: # C [libc_psr.so.1+0x8b8] # # An error report file with more information is saved as: # /tmp/hs_err_pid2380.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # --- # # An unexpected error has been detected by Java Runtime Environment: # # SIGBUS (0xa) at pc=0x78c0bf44, pid=11205, tid=615 # # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode solaris-sparc) # Problematic frame: # j java.net.URLStreamHandler.parseURL(Ljava/net/URL;Ljava/lang/String;II)V+0 # # An error report file with more information is saved as: # /tmp/hs_err_pid11205.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # --- # # An unexpected error has been detected by Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x7e34c17c, pid=23223, tid=5 # # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode solaris-sparc) # Problematic frame: # V [libjvm.so+0x74c17c] # # An error report file with more information is saved as: # /tmp/hs_err_pid23223.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # --- The file which should contain the logs/dump (i.e. /tmp/hs_err_pid23223.log) are empty. Did anybody get experienced with such a thing? wild_guessCould it be an infinite redirection loop (stack overflow)?/wild_guess - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: An unexpected error has been detected by Java Runtime Environment:
Well.Yes - the server have got loaded by apache server running on it. So ,yes, that can be bad RAM. I have changed the config to run the 32 version. But maybe somebody here knows about any particular problems in Solaris/Java that might help? Evgeny On Thu, Sep 3, 2009 at 1:06 PM, Peter Crowther peter.crowt...@melandra.comwrote: 2009/9/3 Tsirkin Evgeny tsir...@gmail.com 2. this same app. works fine for 1/2 year + it works fine on another server. Has your data changed? Does running the same app *with the same data* on the other server trigger the error? Have you got a creeping failure on your hardware? Bad RAM could cause the problem you observe, for example. - Peter
Re: Clearing the catalina.out file
George ,your observations are still correct for truncating file. At least at Sun OS (Solaris) 9.If you truncate catalina.out : echo -n catalina.out you will see the file becoming 0 bytes long .But once tomcat writes another byte into output it will become the same size it was before truncation. I guess that either jvm or Solaris holds not only the file open for writing but also remembers it's seek in the file (or maybe it is the same on Solaris). Thus,once tomcat starts writing into file after truncate it writes starting from the end of file *he* thinks it is at and the file's size is restored . (Yes that is tried on practice) Maybe Linux behaves differently. So,we are using swallowOutput and actually have no other options except maybe restarting the server . (Note : restarting the server sometime is not an option on production ) Thanks Evgeny On Fri, Aug 14, 2009 at 9:57 PM, George Sexton geor...@mhsoftware.comwrote: rm catalina.out You're right. He truncated it. It looks like neither one of us is reading the entire message. I said if you erase the file, it's held open. This is accurate. He responded with a way of truncating the file, and that works too. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, August 14, 2009 12:46 PM To: Tomcat Users List Subject: RE: Clearing the catalina.out file From: George Sexton [mailto:geor...@mhsoftware.com] Subject: RE: Clearing the catalina.out file On one of my production servers, I erased catalina.out. Exactly how? What's been under discussion here is a truncation operation, not an unlink. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat cluster security
Hi list! I am trying to setup a tomcat cluster with 2 members (2 different machines ). On each machine there is an apache tomcat connected to it via mod_jk For whatever reason the session stickiness does not works well - this is the reason for cluster. As much as i understand setting cluster means ,that each tomcat will try to discover other instances (in my case only one) using multicast. Now,i don't really understand much about multicasting but it seems that if there is no firewall blocking multicasting that does not come from my tomcat cluster machines, then anybody will be able to pretend being a tomcat and just join the cluster - and just read my user's session data. Again i am not a network guru.But it seems pretty dangerous . How are you dealing with this? Is this really a security risk? Tnaks Evgeny
Re: mod_jk does not recognize extension
Actually i guess Rule extensions were added in mod_jk 1.2.17. Is probably enough .Just make it underlined or bold. Evgeny On Wed, Jun 17, 2009 at 1:09 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 6/16/2009 1:05 PM, Rainer Jung wrote: Would you mind to provide some sentences or corrections for specific docs pages? How about adding: Rule extensions were added in mod_jk 1.2.17. If you would like to use rule (mount?) extensions, you must use a version of mod_jk 1.2.27 or higher. to http://tomcat.apache.org/connectors-doc/reference/uriworkermap.html right after the Rule Extensions heading, before the Syntax section? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko4GAUACgkQ9CaO5/Lv0PC7DwCeM616BD4LOAdhdV6+LENiIArA 9iwAoLxnrlLYVOASbt2Bo1wkQd+M4bw5 =81NS -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Serving images from classes directory
What is your OS? If this a *nix - then you have make sure that Web-INF is readable for the world, this is NOT good .On the other hand you could just create a soft link to whatever they have there... Evgeny On Wed, Jun 17, 2009 at 9:20 PM, Susan G. Conger sus...@bfcassociates.comwrote: I started with the authors of the tool app and they said it was a tomcat limitation. Basically can't be done. So I figured I would try the list before I took their word for it. Yes, I use the tool to modify the template files. But that is basically just editing html using the tool. When the tool app builds my app it copies everything into the classes directory. So that everything looks like one big Java class under the tool app. So my thought is that my images and javascripts should go in here so I can have everything together and make maintenance easier. I check everything the tool app builds into subversion so I can have some source control. Thanks, Susan -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Wednesday, June 17, 2009 2:09 PM To: Tomcat Users List Subject: Re: Serving images from classes directory Susan G. Conger wrote: The template files are in the classes directory. This is a web app that is deploying it's own web app. So it is rather convoluted. The web app that gets deployed is my web app while the web app doing the developing is the third party tool. For reference then, we'll call the first one the 'tool app'. So are you actually editing the template files yourself, or are you using the tool app to edit the template files? Where in your app do the modified template files end up, and are they copied individually? The thought also occurs that the authors of the tool app might be the people you really want to be talking to about this. p Thanks, Susan -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Wednesday, June 17, 2009 1:29 PM To: Tomcat Users List Subject: Re: Serving images from classes directory Susan G. Conger wrote: Thanks Tim. I don't have control during build because that is done by the third party tool. I am not going to mention their name. I was hoping that this would be easy. You know a servlet mapping in the web.xml file that would allow me to just map the directory/file type and I could just put that in my html. Since I can't use jsp everywhere I need the images. Again I am tied into their system and they have stuff in html files that they create. I edit the html template files they have to add my images and javascript. I use their environment to create/edit/build the web application. Underneath I have tied in netBeans the best I can so I can debug their stuff. But that has issues too. If you can edit the template files, can't you include images in the same place as the templates? p Thanks, Susan -Original Message- From: Tim Funk [mailto:funk...@apache.org] Sent: Wednesday, June 17, 2009 1:07 PM To: Tomcat Users List Subject: Re: Serving images from classes directory If the images are physical images in the classes directory - you have a few options. 1) At build time - move (or copy) the files from the classes directory to somewhere more sane that the default servlet can access 2) Write a filter the detects these images that live in the classes dir, and then forwards to the images. (You need to be careful with this one) For # 2 - it would look something like this: doFilter(...) { String p = request.getServletPath(); if (p.matches(/magic_prefix/[\\w]+\\.gif$)) { String np = request.getServletPath().replaceFirst(.+/, ); request.getRequestDispatcher(/WEB-INF/class/more/cowbell/ + np) .forward(request, response); } else { chain.doFilter(...); } } -Tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk does not recognize extension
Thanks It worked If just it would be mentioned in documention it would save me several ours of debugging Should i report a bug or i have missed it? Evgeny On Fri, Jun 12, 2009 at 10:24 AM, Tsirkin Evgeny tsir...@gmail.com wrote: On Fri, Jun 12, 2009 at 1:25 AM, Rainer Jung rainer.j...@kippdata.dewrote: On 11.06.2009 14:26, Tsirkin Evgeny wrote: Hi list! I have mod_jk 1.2.26 configured and working fine. However i want to set a special reply_timeout for a special url , i am getting strange errors in log and the rule is ignored . Once i add this line: /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12 (see the full config below) I am getting in jk log this: jk_handler::mod_jk.c (2372): Could not find a worker for worker name=dataj_mid;reply_timeout=12 And i am getting error 500 from apache on those urls. Sorry, but this time an update will help :)
Re: mod_jk does not recognize extension
Thanks I will try this Evgeny On Fri, Jun 12, 2009 at 1:25 AM, Rainer Jung rainer.j...@kippdata.dewrote: On 11.06.2009 14:26, Tsirkin Evgeny wrote: Hi list! I have mod_jk 1.2.26 configured and working fine. However i want to set a special reply_timeout for a special url , i am getting strange errors in log and the rule is ignored . Once i add this line: /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12 (see the full config below) I am getting in jk log this: jk_handler::mod_jk.c (2372): Could not find a worker for worker name=dataj_mid;reply_timeout=12 And i am getting error 500 from apache on those urls. Sorry, but this time an update will help :) Mount extensions have been added in version 1.2.27. Update to the recent 1.2.28 and it should work. My worker.properties : ### template - applyed to all the others worker.list=dataj,dataj_dev,dataj_mid,test,jkstatus worker.template.type=ajp13 worker.template.host=localhost worker.template.port=8009 ### THE configuration parameter - timeout worker.template.reply_timeout=12 ## workers using ajp3 worker.test.reference=worker.template worker.dataj.reference=worker.template worker.dataj_dev.reference=worker.template worker.dataj_mid.reference=worker.template ### this status worker will be mounted only throught ssl and from my machine worker.jkstatus.type=status worker.jkstatus.read_only=True uriworkers.properties: /dataj_dev=dataj_dev /dataj_dev/controller/finance/*=dataj_dev /dataj_dev/*=dataj_dev; reply_timeout=12 # /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12 /dataj_mid=dataj_mid /dataj_mid/*=dataj_mid /dataj=dataj /dataj/*=dataj ###test for java env. /jtests=test /jtests/*=test - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk does not recognize extension
Hi list! I have mod_jk 1.2.26 configured and working fine. However i want to set a special reply_timeout for a special url , i am getting strange errors in log and the rule is ignored . Once i add this line: /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12 (see the full config below) I am getting in jk log this: jk_handler::mod_jk.c (2372): Could not find a worker for worker name=dataj_mid;reply_timeout=12 And i am getting error 500 from apache on those urls. Please help! Evgeny My worker.properties : ### template - applyed to all the others worker.list=dataj,dataj_dev,dataj_mid,test,jkstatus worker.template.type=ajp13 worker.template.host=localhost worker.template.port=8009 ### THE configuration parameter - timeout worker.template.reply_timeout=12 ## workers using ajp3 worker.test.reference=worker.template worker.dataj.reference=worker.template worker.dataj_dev.reference=worker.template worker.dataj_mid.reference=worker.template ### this status worker will be mounted only throught ssl and from my machine worker.jkstatus.type=status worker.jkstatus.read_only=True uriworkers.properties: /dataj_dev=dataj_dev /dataj_dev/controller/finance/*=dataj_dev /dataj_dev/*=dataj_dev; reply_timeout=12 # /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12 /dataj_mid=dataj_mid /dataj_mid/*=dataj_mid /dataj=dataj /dataj/*=dataj ###test for java env. /jtests=test /jtests/*=test - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: strange ssl tomcat response
I have did yet another try,now on windows machine . The same problem! Here are the steps to reproduce : [1] Do a regular (vanilla) installation of tomcat (Linux and Windows i have already tried) . [2] Setup ssl: Uncomment the ssl setup in server.xml create a key with the following: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA or $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (taken from tomcat's manual) add the keystorePass and keystoreFile to server.xml start the tomcat and test if the ssl works . [3] Try this in browser: http://localhost:8443 (note the http not the https) or telnet localhost 8443 Note that the telnet should be done from a terminal that can show binary output. (rxvt,xterm will NOT do,for me gnome terminal and cmd on windows worked). in the telnet session you will get a connection type something ,hit ENTER and you will get strange bits in the response. If you are doing this in browser it will just try to download those bits (Mozilla) or show it on the screen (IE). I am pretty sure that this is NOT valid behaviour. I have tried all this on : tomcat 5.5.20 java 1.5.0_09 and same tomcat java 1.5.0_06 Both Linux and Windows . Now I am pretty sure this is a tomcat problem ,not sure which versions. I need somebody except me to reproduce this before asking developers. Anybody? Thanks. P.S. Hassan could you please do this ?Just try it with firefox/ie and other terminal? Evgeny.
Re: strange ssl tomcat response
On 12/14/06, Martin Heiden [EMAIL PROTECTED] wrote: It's pretty valid! I don't think so.Just checked out the TLS rfc and found this (TLS ver. 1.0): These goals are achieved by the handshake protocol, which can be summarized as follows: The client sends a client hello message to which the server must respond with a server hello message, or else a fatal error will occur and the connection will fail. The client hello and server hello are used to establish security enhancement capabilities between client and server. The client hello and server hello establish the following attributes: Protocol Version, Session ID, Cipher Suite, and Compression Method. Additionally, two random values are generated and exchanged: ClientHello.random and ServerHello.random. As i see this if the client does not sends a hello message then server should drop the connection .So,if i am pointing my browser to ssl port using http scheme ,the connection should be dropped. I think that most (non-java at least) servers works this way just try to telnet to ssl port of say gmail ,you get nothing. I of course could be wrong,and that is for developers to decide .However what i am looking to be sure of, is that the strange bits are actually the server hello and not a bug/not cleaned buffer/security problem. However ,if i understand correctly you can reproduce my results? Is that right ?Do you use the same version of tomcat ?JVM? Thanks for response. Evgeny. regards Martin. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
strange ssl tomcat response
Hi list! Hope this will not be posted twice. I have setted up a tomcat to listen to ssl on 8443 port. When i use url https://myhost:8443/ everything works fine. However when pointing my browser to http://myhost:8443/ I am getting strange response . It looks something like this in text representation: [EMAIL PROTECTED] What is this ? The tomcat does NOT listen on a regular http port (if this is relevent).It is supposed to get http from apache (ajp). Here is relevant part of the server.xml: Service name=Catalina Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=SSL keystorePass=passphrase keystoreFile=${catalina.home}/ssl/.keystore/ Connector port=8009 enableLookups=false protocol=AJP/1.3 address=127.0.0.1 / !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost Listener className=org.apache.jk.config.ApacheConfig modJk=/path/to/mod_jk.so / !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve prefix=localhost_access_log. suffix=.txt pattern=common/ Context path=/manager docBase=${catalina.home }/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- Link to the user database we will get roles from -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ Valve className=org.apache.catalina.valves.RemoteAddrValve allow=myip/ Valve className=org.apache.catalina.valves.AccessLogValve prefix=manager_access_log. suffix=.txt pattern=common/ /Context /Host /Engine /Service Any help please? Evgeny
Re: strange ssl tomcat response
Thanks for the reply! Sorry for not providing basic information. This is tomcat 5.5 with sun's java version 1.5.0_09 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03) Java HotSpot(TM) Server VM (build 1.5.0_09-b03, mixed mode) Running on Linux Suse (but i have installed it manually getting apache's tomcat not SuSe's one which pretty old). About APR: I really don't know if it is installed however this is manually compiled apache and as i already mantioned manually installed tomcat ,so i guess - it is not. If you tell me how to check this i will know for sure. Thanks for the answer! Hope you will be able to help me. Evgeny. On 12/13/06, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Tsirkin Evgeny [mailto:[EMAIL PROTECTED] Subject: strange ssl tomcat response Hope this will not be posted twice. My first post did not work ,so i was afraid that i am posting twice. If you don't provide basic information, it will have to be. 1) What version of Tomcat? 2) What JVM (vendor and level)? 3) What OS? 4) Do you have APR installed? (SSL is configured quite differently with APR.) Service name=Catalina Connector port=8443 maxHttpHeaderSize=8192 snip clientAuth=false sslProtocol=SSL Note the following from the doc: sslProtocol: The encryption/decryption protocol to be used on this socket. It is not recommended to change this value if you are using Sun's JVM. It is reported that IBM's 1.4.1 implementation of the TLS protocol is not compatible with some popular browsers. In this case, use the value SSL. http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html Whether or not the above is applicable depends on the basics you didn't tell us. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: strange ssl tomcat response
I don't expect it to work . I expect to return either 404 , 500 http status (maybe any other) or nothing . try this: telnet mail.google.com 443 You will get a connection however NOTHING will be returned . Now ,I am trying ssl connection to tomcat : telnet myhost 8443 And getting the strange bits. ^U^C etc... I don't think that is valid .So ,since i don't (currenttly) think that this a tomcat problem - i think that this a problem in my setup, i am trying to get help to fix it. Basically that can be checked in a very simple manner: try to setup ssl for a tomcat and then telnet to it (8443 port). Do you get any response? [1] If no that is problem in my configuration (and please help me correct it I will resend it if needed), [2] If yes that is a problem in tomcat. I will be very thankfull if you could help me in this. (I will try it myself when i got a machine to do it). As for why did i do that on the first place: I am trying to setup a production server and a bit worried about security. Thanks for response . Evgeny. On 12/13/06, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evgeny, Tsirkin Evgeny wrote: I have setted up a tomcat to listen to ssl on 8443 port. When i use url https://myhost:8443/ everything works fine. However when pointing my browser to http://myhost:8443/ I am getting strange response. What did you expect? When you try to use HTTP to communicate with an HTTPS service, it's simply not going to work. Why would you try to use an http:// URL instead of https:// ? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgCPp9CaO5/Lv0PARAt4cAJ4u7iBDaFlPRDDuDo9jGoV+vhKdXACeMNIX rfk6cIcGUgSOxJ90jbNdENs= =3X5A -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: strange ssl tomcat response
On TLS i am getting the same result. How do i check for an APR existens ? Chuck suggested that this is the problem. However I don't know where to look . I am using 5.5.20 could that be a problem? Thanks. Evgeny. On 12/13/06, Hassan Schroeder [EMAIL PROTECTED] wrote: On 12/13/06, Tsirkin Evgeny [EMAIL PROTECTED] wrote: Basically that can be checked in a very simple manner: try to setup ssl for a tomcat and then telnet to it (8443 port). Do you get any response? Just tried on a 5.5.9 non-APR system -- no response :-) [1] If no that is problem in my configuration The Connector on the test system above is configured with sslProtocol=TLS so you might consider Chuck's suggestion for starters... -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: strange ssl tomcat response
Hassan ,just a thought: when connecting via telnet i am first getting an empty response typing in some character and only then i am getting the bits. Is that what you tried? - telnet localhost 8443 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. kfglfkmvlf Connection closed by foreign host. - The strange response bits are what i got here just befor Connection closed. Thanks again. Evgeny. On 12/13/06, Tsirkin Evgeny [EMAIL PROTECTED] wrote: On TLS i am getting the same result. How do i check for an APR existens ? Chuck suggested that this is the problem. However I don't know where to look . I am using 5.5.20 could that be a problem? Thanks. Evgeny. On 12/13/06, Hassan Schroeder [EMAIL PROTECTED] wrote: On 12/13/06, Tsirkin Evgeny [EMAIL PROTECTED] wrote: Basically that can be checked in a very simple manner: try to setup ssl for a tomcat and then telnet to it (8443 port). Do you get any response? Just tried on a 5.5.9 non-APR system -- no response :-) [1] If no that is problem in my configuration The Connector on the test system above is configured with sslProtocol=TLS so you might consider Chuck's suggestion for starters... -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: strange ssl tomcat response
OK.I have done another try : I tried a clean installation of tomcat with a default config (just uncommented the ssl lines). The same problem. So,that could be a problem in [1] this particular version : tomcat 5.5.20 java version 1.5.0_09 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03) Java HotSpot(TM) Server VM (build 1.5.0_09-b03, mixed mode) Linux SuSe [2] my machine (firewall?). Does anybody have similar to my installation (or can easily create one) and help me out here. I need to check if this particular version of tomcat (jvm) when set up for ssl response with strange bits when telneting to the ssl port. Anybody please? Evgeny. On 12/13/06, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Tsirkin Evgeny [mailto:[EMAIL PROTECTED] Subject: Re: strange ssl tomcat response How do i check for an APR existens ? Since this is a Linux box and you did not explicitly build and install it, it's extremely unlikely that you have it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]