from:"Tsirkin Evgeny"

Re: Session id is invalid occurs randomly

2010-02-24 Thread Tsirkin Evgeny

I guess changing the cookie name can help here:
org.apache.catalina.SESSION_COOKIE_NAME
See:
http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html
Note that this is per jvm setting ,so all the apps on
the given server will get this cookie name .
Which in turn is probably NOT a problem as Christopher have already
pointed out.
Evgeny

On Wed, Feb 24, 2010 at 5:28 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Ron,

 On 2/24/2010 1:50 AM, Ron McNulty wrote:
  Check what else they have open when they access your application.
  There could be another J2EE application that does not scope it's
  session cookies correctly. We have had ongoing problems with SAP
  portal servers scoping session cookies across our whole domain,
  rather than scoping to the server they are running on. When this
  happens, you get a session that does not belong to you. Ask them to
  browse their cookies and tell you the scope (there are many Firefox
  plugins that will make this easy).
 
  Personally I think it is a shortcoming of the J2EE Servlet
  specification - all session cookies are named JSESSIONID. This is not
  honoured by some IBM products, but Tomcat adheres faithfully to the
  spec.

 Tomcat's implementation can handle multiple JSESSIONID cookies: if
 multiple cookies are present, it will loop-over them to see if any are
 valid. Tomcat will take the first valid JSESSIONID cookie and ignore the
 others.

 Unless there are session id collisions between webapps, this should not
 be the problem (instead, what the OP would observe is users masquerading
 as other users: oops).

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAkuFRakACgkQ9CaO5/Lv0PCnhgCgsbtHGVnnmOmKH9TojubDuAv/
 9wIAoL9Nf46c8xfyWSORm9enuzdb4sVm
 =aG5M
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Is it possible to replace the HttpSession implementation in Tomcat?

2010-02-23 Thread Tsirkin Evgeny

On Tue, Feb 23, 2010 at 8:08 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Tsirkin,

 On 2/23/2010 1:51 AM, Tsirkin Evgeny wrote:
  What we did - override session object using filter.On each request start
 it
  would
  read it's info from db (any configured one ,but preferring the local one)
  On each request end it would write itself into ALL dbs that are
 configured
  to be
  used.

 This could have been done using standard Tomcat components and a shared
 session-only database.


Which means running another mysql instance just for it,
And on what machine - there are 2 equivalent machines ,no separate db one.


 Or, a pair of MysQL databases rigged to hot-copy
 each other.


Unfortunately i think that mysql just don't know how to do master-master
cluster (maybe in newer
versions it does).


 I think you did more work than necessary. Does this work with
 authentication?



 Tomcat adds information to the session that isn't part
 of the attributes, so a standard HttpSession wrapper won't be able to
 replicate this information between the nodes.


I guess tomcat authentication is broken for me - tomcat is probably writing
something in
session _ before _ the filter loads the data into it from db.
This probably can be fixed if i do not rip the old data written by tomcat
and just
add my own ,but i just don't use tomcat auth.


 That means that things
 like flow-resuming (where your original request is re-submitted after
 successful authentication) won't work.



What's flow-resuming is ?How a request can be resumed ?Doesn't this goes
againt the idea
of http is staitless ,that's vrey interesting?
Evgeny


 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAkuEGbYACgkQ9CaO5/Lv0PDhiQCfQe3yPvORu/NX4AKyTDFL+xvR
 kxgAoKAdaB26k5K/T+10Rqrq7iQsS6Xu
 =2IqQ
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Is it possible to replace the HttpSession implementation in Tomcat?

2010-02-23 Thread Tsirkin Evgeny

On Tue, Feb 23, 2010 at 11:50 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE- What's flow-resuming is ?How a
 request can be resumed ?Doesn't this goes
  againt the idea
  of http is staitless ,that's vrey interesting?


So,the flow-resuming you were talking about is just the mechanism of
storing the
request parameters and url and use them again after successful
authentication,right?
Yes,this probably would not work with custom session ,since tomcat probably
stores the parameters and url in session.
For this particular issue however i have implemented my own mechanism
using custom cookies (server side cookies).
Of course,all this is probably can not be reused and is tied to my
particular
env. .
But it is a yes this can be done if really needed email.
Evgeny


 See section 12.5.3 of the servlet (2.5) specification which lays this
 all out in plain English.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAkuETaUACgkQ9CaO5/Lv0PDHggCeOrnsxbjOuB0THbM80BBmeJSe
 BEEAnRglqa3NXiGhX7+2IoFIWbotMCLl
 =4KTl
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Is it possible to replace the HttpSession implementation in Tomcat?

2010-02-22 Thread Tsirkin Evgeny

Just in case somebody will google for a solution for replacing session.
I have done this .
First of all ,why:
We have cluster of 2 machines .
Each have a separate db on it .
The machines are sharing information using nfs mounting fs.
Each machine runs it's own apache server ,(no apache balancer in front).
There IS a hardware load balancer in front of this but sometime it fails
to route already open sessions to same host.
So,we can't :
1. share sessions using files ,because this would be same file for 2 tomcats
and because this would fail on nfs .
2. we can't use tomcat cluster because there are cases when BOTH tomcat
would be shut down or restarted and session would be loosed.
3. we can't use a db because there is no central db - each host has it's own
one.
4. to complicate issue machines could be added/removed to the cluster.

What we did - override session object using filter.On each request start it
would
read it's info from db (any configured one ,but preferring the local one)
On each request end it would write itself into ALL dbs that are configured
to be
used.
Although the obvious problem here is the writing to more then 1 db and
reading
from a db on each request ,this really works good thanks for mysql to be
so fast on simple read/write.
I have even implemented a simple lock mechanism for session .
What more - this solution is portable ,it worked for us on SunONE server
and now on tomcat.
Thanks
Evgeny
On Tue, Feb 16, 2010 at 9:54 PM, Simone Tripodi simone.trip...@gmail.comwrote:

Hi Martin,
very interesting, thanks for share it!!! I did, more or less, the same
on a project for a customer, but it was strictly related to the
application, your stuff looks much much better of mine and it is a
reusable module.
All the best,
Simo

http://people.apache.org/~simonetripodi/http://people.apache.org/%7Esimonetripodi/

On Tue, Feb 16, 2010 at 6:02 PM, Martin Grotzke
martin.grot...@javakaffee.de wrote:
Hi Jon,

On Mon, 2010-02-15 at 11:55 -0600, Jon Brisbin wrote:
I'm trying to figure out today how I can implement a Valve or something
that can store a session to a backend DB and reload that session on another
Tomcat instance similar to how the PersistentManager loads user's session
after a restart.

Would a Valve based on PersistentValve allow me to implement a
cluster-like solution such that a user login causes a write to a central
database and a load balanced request to another server would see that user
without forcing another login?
You might have a look at the
http://code.google.com/p/memcached-session-manager/ which is a session
failover solution storing sessions in memcached.

When the project was created I only thought of applications using sticky
sessions but it should also work with non-sticky sessions if sessions
are stored in memcached synchronously (sessionBackupAsync needs to be
set to false, see [1]).

The memcached-session-manager basically is a session manager
implemention, the most interesting part is the
MemcachedBackupSessionManager ([2]) if you want to have a look at the
code.

Cheers,
Martin

[1]
http://code.google.com/p/memcached-session-manager/wiki/SetupAndConfiguration
[2]
http://github.com/magro/memcached-session-manager/blob/master/core/src/main/java/de/javakaffee/web/msm/MemcachedBackupSessionManager.java

Jon Brisbin
Portal Webmaster
NPC International, Inc.

On Feb 15, 2010, at 11:05 AM, Simone Tripodi wrote:

Hi all guys and very nice to meet the Tomcat community,
I've a web-application that needs to be replicated in more than one
Tomcat, and since it is HttpSession based, I need to enable the
session replication.
Even if I work with very good sysadmins that know how to do it, I'm
curious and would like to know if I could replace the HttpSession
implementation with a my own one, I'd like to integrate Hazelcast[1]
for data synchronization.
Thanks in advance, every suggestion will be very appreciated.
Simo

[1] http://www.hazelcast.com/

http://people.apache.org/~simonetripodi/http://people.apache.org/%7Esimonetripodi/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat dies suddenly

2010-02-13 Thread Tsirkin Evgeny

Carl ,
At this point it is probably would be much simpler for you to just move away
from Slackware .
Building jvm from source ,debugging with strace - this is a very hard path .
And once you find the bug - there is nothing that you can do with it.
You are not going to fix jvm/libc bugs ,right?
You could report it and wait for new release .
Probably your best bet would be use another distro and download Sun's jvm
from thier site.
Evgeny


  So, the only way to get the details would seem to be to build the jvm from
 source (I have downloaded the source but haven't built the jvm yet.)  I
 don't know how to force a java stack dump at point of failure, not even
 certain it is possible because it would seem the the failure in the C code
 in the jvm would mean the jvm would stop before it could give a stack trace.

 Understand that this is my best guess and that this area is removed from my
 usual mundane Java application development.  If anyone has suggestions, I am
 open to them because I know I know very little.


 Thanks,

 Carl

Re: Tomcat dies suddenly

2010-02-04 Thread Tsirkin Evgeny

Just an advise .
I don't know what the problem is,however suppose that this is OOM killer -
why not just
add some GB of swap disk spae is even chiper then RAM
Evgeny

On Thu, Feb 4, 2010 at 9:04 PM, Carl c...@etrak-plus.com wrote:

 Chuck and Dan,

 First, some housekeeping to respond to your points and questions:

 1.  The 3.6GB I stated in my prior email to Dan was the total memory used.
 The Tomcat process (from top) was 1.7-1.8GB.

 2.  I did not know that Linux cached disk accesses in RAM.  I have worked
 with Linux (and Unix and Aix before that) for a number of years but never
 understood all the pieces... as long as it worked, I was happy (and, in
 general, I didn't ask much of the systems.)

 To sum up your observations:  The memory usage I was seeing was not unusual
 and not likely the source of the problem.

 The system failed again about 30 minutes ago.  The overall memory dropped
 to 2.9GB (from top.)

 The last entries in catalina.out were:

 41608.326: [GC 41608.326: [ParNew: 72021K-4186K(76672K), 0.0674360 secs]
 376022K-309373K(1040064K) icms_dc=0 , 0.0675430 secs] [Times: user=0.25
 sys=0.00, real=0.07 secs]
 41610.048: [GC 41610.048: [ParNew: 72346K-8512K(76672K), 0.0408460 secs]
 377533K-318233K(1040064K) icms_dc=0 , 0.0409480 secs] [Times: user=0.15
 sys=0.00, real=0.04 secs]

 The GC information in catalina.out before that was:

 41391.749: [GC 41391.749: [ParNew: 70179K-2466K(76672K), 0.0064220 secs]
 374180K-306467K(1040064K) icms_dc=0 , 0.0065240 secs] [Times: user=0.02
 sys=0.00,
 real=0.01 secs]
 41393.383: [GC 41393.383: [ParNew: 70626K-2571K(76672K), 0.0059940 secs]
 374627K-306572K(1040064K) icms_dc=0 , 0.0060940 secs] [Times: user=0.03
 sys=0.00,
 real=0.01 secs]

 and before that:

 41216.669: [GC 41216.669: [ParNew: 69204K-2621K(76672K), 0.0068300 secs]
 367414K-300832K(1040064K) icms_dc=0 , 0.0069380 secs] [Times: user=0.02
 sys=0.00,
 real=0.00 secs]
 41216.710: [GC 41216.710: [ParNew: 70720K-3097K(76672K), 0.0064720 secs]
 368930K-301364K(1040064K) icms_dc=0 , 0.0065740 secs] [Times: user=0.03
 sys=0.01,
 real=0.00 secs]
 41216.750: [GC 41216.750: [ParNew: 71117K-3241K(76672K), 0.0063760 secs]
 369384K-301618K(1040064K) icms_dc=0 , 0.0064780 secs] [Times: user=0.03
 sys=0.00,
 real=0.00 secs]

 The /var/log/messages from that machine for today were:

 Feb  4 00:08:05 tomcat2 -- MARK --
 Feb  4 00:28:05 tomcat2 -- MARK --
 Feb  4 00:48:05 tomcat2 -- MARK --
 Feb  4 01:08:05 tomcat2 -- MARK --
 Feb  4 01:28:05 tomcat2 -- MARK --
 Feb  4 01:48:05 tomcat2 -- MARK --
 Feb  4 02:08:05 tomcat2 -- MARK --
 Feb  4 02:28:05 tomcat2 -- MARK --
 Feb  4 02:48:05 tomcat2 -- MARK --
 Feb  4 03:08:05 tomcat2 -- MARK --
 Feb  4 03:28:05 tomcat2 -- MARK --
 Feb  4 03:48:05 tomcat2 -- MARK --
 Feb  4 04:08:05 tomcat2 -- MARK --
 Feb  4 04:28:06 tomcat2 -- MARK --
 Feb  4 04:48:06 tomcat2 -- MARK --
 Feb  4 05:08:06 tomcat2 -- MARK --
 Feb  4 05:28:06 tomcat2 -- MARK --
 Feb  4 05:48:06 tomcat2 -- MARK --
 Feb  4 06:08:06 tomcat2 -- MARK --
 Feb  4 06:28:06 tomcat2 -- MARK --
 Feb  4 06:48:06 tomcat2 -- MARK --
 Feb  4 07:08:06 tomcat2 -- MARK --
 Feb  4 07:28:06 tomcat2 -- MARK --
 Feb  4 07:48:06 tomcat2 -- MARK --
 Feb  4 08:08:06 tomcat2 -- MARK --
 Feb  4 08:28:06 tomcat2 -- MARK --
 Feb  4 08:48:06 tomcat2 -- MARK --
 Feb  4 09:08:06 tomcat2 -- MARK --
 Feb  4 09:28:06 tomcat2 -- MARK --
 Feb  4 09:33:32 tomcat2 /usr/sbin/gpm[3414]: *** info [mice.c(1766)]:
 Feb  4 09:33:32 tomcat2 /usr/sbin/gpm[3414]: imps2: Auto-detected
 intellimouse PS/2
 Feb  4 09:48:06 tomcat2 -- MARK --
 Feb  4 10:08:06 tomcat2 -- MARK --
 Feb  4 10:28:06 tomcat2 -- MARK --
 Feb  4 10:48:06 tomcat2 -- MARK --
 Feb  4 11:08:06 tomcat2 -- MARK --
 Feb  4 11:28:06 tomcat2 -- MARK --
 Feb  4 11:48:06 tomcat2 -- MARK --
 Feb  4 12:08:06 tomcat2 -- MARK --
 Feb  4 12:28:06 tomcat2 -- MARK --
 Feb  4 12:48:06 tomcat2 -- MARK --
 Feb  4 13:08:07 tomcat2 -- MARK --
 Feb  4 13:28:07 tomcat2 -- MARK --
 Feb  4 13:48:07 tomcat2 -- MARK --

 I don't see anything here and this file has looked pretty much like this
 every failure.

 JAVA_OPTS in catalina.sh are:

 JAVA_OPTS=-Xms1024m -Xmx1024m -XX:PermSize=384m -XX:MaxPermSize=384m
 -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+PrintGCDetails
 -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError
 -XX:HeapDumpPath=/usr/local/tomcat/logs

 I checked /usr/local/tomcat/logs but found only the usual files.  The
 information was in catalina.2010-02-04.log showed our nightly restart of
 Tomcat but nothing more recent.  There were, however, several entries like
 the following that indicate some kind of problem:

 Feb 4, 2010 1:10:03 AM org.apache.catalina.loader.WebappClassLoader
 clearThreadLocalMap
 SEVERE: A web application created a ThreadLocal with key of type
 [java.lang.ThreadLocal] (value [java.lang.threadlo...@68758d7b]) and a
 value of type [null]
 (value [net.sf.jasperreports.engine.export.legacy.borderoffse...@7b47951c])
 but failed to remove it when the web

Re: More on Tomcat Sessions - limiting cluster session replication to sessions that will last longer than 'n' duration

2010-01-12 Thread Tsirkin Evgeny

Did you think about a possibility instead of get rid of the session
overwriting
the manager - getting rid of the data stored in session?
If I understand correctly Tapestry needs the session for the page creation
time ,which means that you don't need all the data stored there after
the page was created (i would call it request context),right?
You could _maybe_ do even better  - look into Tapestry maybe it's data is
marked
in some way (i would guess it would ,for example with some prefix in
attribute's name).
And clean ,this only data ,after each request .
I guess you can overwrite the Tomcat's Session (maybe will break the
replication)
or just configure a filter for this job.
This is really simple ,the question is, will Tapestry work if you just
throw away it's data after each request.
Since I am not a Tapestry Guru i can't say .
Hope this helps.
Evgeny

On Wed, Jan 13, 2010 at 12:19 AM, Robin Wilson rwil...@kingsisle.comwrote:

 Thanks for your response, here are my answers to your questions...

 In our test environment, we have a 2 server cluster, but our front-end
 Apache server is only hitting one of them. Regardless of that fact, all
 sessions created on either server get replicated to the other. So as they
 are created on the single test path, they get replicated to the second
 tomcat server. With only 2 cluster members, this isn't really a big deal
 (except for the load generators being able to create sessions faster than
 Tomcat can get rid of them). However, in our production environment we have
 4 cluster members, so it only takes 1/4 of the load on each server to max
 out all 4 servers in terms of session creation speed. Keep in mind that
 during this situation, the _only_ problem we're seeing is that the sessions
 eventually fill up the heap. Performance remains good until the heap fills
 up and we start thrashing on Full GCs. (Clearly, more memory will help - by
 extending the duration we can sustain of peak loads, but a better solution
 will be to stop creating sessions for stuff that doesn't need it.)

 Your point is well taken about not creating the short-duration sessions,
 but alas, Tapestry is the chosen framework - and it uses the session as a
 mechanism to pass (more-or-less) global values between components of the
 page creation process. So ripping out that capability in Tapestry would
 require a massive change to our infrastructure.

 Your notes on the clustering (changes to DeltaManager) are right on target.
 So we adjusted when the DeltaManager creates the session until the end of
 processing, so that we know the timeout before we attempt to replicate it to
 other cluster members. That way, we already know the actual timeout duration
 before we decide whether to replicate.

 All of this would be unnecessary if there was some sort of session
 cleanup process that could dump expired sessions en masse every so often.
 Near as we can tell, each session has to be individually expired, which is
 why it lags so far behind the creation process.

 --
 Robin D. Wilson
 Director of Web Development
 KingsIsle Entertainment, Inc.
 CELL: 512-426-3929
 DESK: 512-623-5913
 www.KingsIsle.com


 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: Tuesday, January 12, 2010 3:06 PM
 To: Tomcat Users List
 Subject: Re: More on Tomcat Sessions - limiting cluster session replication
 to sessions that will last longer than 'n' duration

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Robin,

 On 1/12/2010 1:42 PM, Robin Wilson wrote:
  Earlier this week I posted a question about how to prevent sessions
  from being created in our Tapestry pages, and/or how to get Tomcat to
  get rid of a bunch of '1-second' sessions we're creating during a
  load test because the sessions eventually fill up the heap. (They are
  being created faster than Tomcat can clean them out - even though
  they expire faster than we create them.)

 Well, they are eligible for expiration faster than they are being
 created. That session expiration thread can't be running /all/ the time :)

  So, my lead developer thinks he has found a way to alleviate our
  problems (at least for our production Tomcat 6.0.20 cluster of 4
  servers). We will not replicate sessions to other cluster members
  unless they have a duration longer than a 'threshold' we set.

 Aah... I didn't realize that you were experiencing a session replication
 storm in your test setup. I thought you were only using a single app
 server for load testing. Did I misunderstand?

  We are
  altering the DeltaManager to make this change, so that simply
  creating a session doesn't automatically guarantee that it is
  replicated to other nodes in the cluster. The session duration will
  also have to be greater than a sessionDurationMinThreshold value we
  will set in the 'server.xml' file for the new DeltaManager. The idea
  is that sessions created that have very short durations are really
  'transient' anyway, so there is no

Re: Http session lost b/w struts actions on Linux but not in Win

2009-12-23 Thread Tsirkin Evgeny

As Johan already pointed (or almost pointed ) out.
check the domain  path of the JSESSIONID cookie .
If those are different then that's why you get 2 of them.
Evgeny

On Wed, Dec 23, 2009 at 10:52 AM, Johan Thorselius 
johan.thorsel...@gmail.com wrote:

 Hi Ron,

 Actually, there is an Apache in front of Tomcat when on Linux (sorry about
 that vital detail), can that create the problem ?

 I will check the configuration of Apache with other staff, can't be before
 x-mas.

 Thanks - Johan


 2009/12/23 Ron McNulty rmcnu...@xtra.co.nz

  Hi Johan
 
  Two JSESSIONID values does look odd. I've seen problems like this when
  another server running a Java J2EE servlet container incorrectly had its
  JSESSIONID cookie scope set to the whole domain, rather than scoped to
 the
  server and application. In my case it was a SAP web server, and the
 session
  ID value was readily recognisable, and quite different to Tomcat values.
 
  That may also explain the Linux/Windows difference if your development
  boxes are on Windows and the production/test boxes are on Linux.
 
  Regards
 
  Ron
 
  - Original Message - From: Johan Thorselius 
  johan.thorsel...@gmail.com
  To: Tomcat Users List users@tomcat.apache.org
  Sent: Tuesday, December 22, 2009 11:38 PM
  Subject: Re: Http session lost b/w struts actions on Linux but not in Win
 
 
 
   I here add some info from Firebug which may be significant.
 
  'GET localhost:8080/wap-app/start.action':
 
  CookieJSESSIONID=9726CDF4A527E3D98451140AB69EFA2C;
  JSESSIONID=BEED739340DDD4370C85A9D12917692A
 
  'GET localhost:8080/webdav/images/.../1px.gif':
 
  CookieJSESSIONID=BEED739340DDD4370C85A9D12917692A
 
  Johan
 
 
 
  2009/12/22 Johan Thorselius johan.thorsel...@gmail.com
 
   The issue now boils down to the following a bit strange thing. Any idea
  why
  this happens ?
 
 
  - request.getSession() returns an incorrect null on Linux, but on
 Windows
  it's OK - under the following circumstances:
 
  When using Firebug on Firefox I noted that a corporate common .css
  references a 1-pixel gif which is not present and visible, hence there
 is
  a
  '404 Not found' error for the 'GET
  localhost:8080/webdav/images/.../1px.gif'. But the preceding 'GET
  localhost:8080/wap-app/start.action' is fine.
 
  In my myValve-class on Linux:
 
  'GET localhost:8080/wap-app/start.action' = myValve.invoke() ...
  request.getSession() returns a correct session object
 
  'GET localhost:8080/webdav/images/.../1px.gif' = myValve.invoke() ...
  request.getSession() and request.getSession(true) both returns null
 
  Same code and same build, in my myValve-class on Windows:
 
  Both GET = myValve.invoke() ... request.getSession() returns a correct
  session object
 
 
  The webapp is built with Struts2/Spring.
 
  Both Linux and Windows uses Tomcat 6.0.20.
 
 
  On Windows Java version 1.6.0_16 is used
 
  On RedHat Linux Java version 1.6.0_13 is used
 
  and..
 
 
   In the log incorrect event code, do you return
   from the valve, or do you continue processing?
 
  The execution continues down to the bottom with
  'getNext().invoke(req,resp)'
 
  Johan
 
 
  2009/12/17 Christopher Schultz ch...@christopherschultz.net
 
  -BEGIN PGP SIGNED MESSAGE-
 
  Hash: SHA1
 
  Johan,
 
  On 12/17/2009 7:52 AM, Johan Thorselius wrote:
   request.getSession() returns an incorrect null on Linux, but on 
  Windows
  it's
   OK.
 
  That's odd... request.getSession() should never return null. This
  method:
 
  
  Returns the current session associated with this request, or if the
  request does not have a session, creates one.
  
 
   I have an ordinary Struts2 web app deployed on Tomcat 6.0.20,
 together
  with
   a JAAS-solution where I have my own Valve class.
  
   The Valve repeatedly executes invoke() with the following
 code-snippet
  (here
   very much simplified):
 .
 .
 .
 if (LOGGER.isDebugEnabled()) {
   if (request.getSession() == null) {
 // Log incorrect event (1)
   } else {
 // Log OK (2)
   }
   if (request.getSession(true) == null) {
 // Log incorrect event (3)
   } else {
 // Log OK (4)
   }
 }
  
 /*
  * Here a NullPointerException occurs
  */
 request.getSession().setAttribute(...,...);
 
  In the log incorrect event code, do you return from the valve, or do
  you continue processing?
 
   In the first request the session is not lost, everything is fine
 with
  (2)
   and (4). In the following requests getSession() returns null (1) and
  (3).
 
  Are you storing the request object anywhere and perhaps using it after
  it's been recycled?
 
  - -chris
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.4.10 (MingW32)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
  iEYEARECAAYFAksqoSoACgkQ9CaO5/Lv0PDZ7QCfXwdUPAoU9EPxlEC64f11rlAa
  +0oAoJG3hjVFYbeCvkrXQ14bkvlq9bJZ
  =lF2t
  -END PGP SIGNATURE-

Re: sessions on tomcat restart in cluster

2009-10-27 Thread Tsirkin Evgeny

First of all please note that i really appreciate the tomcat developers work
and thank them
for it.
However see my notes below:


On Mon, Oct 26, 2009 at 9:21 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Tsirkin,

 On 10/25/2009 8:10 AM, Tsirkin Evgeny wrote:

 Instead, it's a simple
 case of choosing a single node to act as the controller for the cluster.
 Just add a configuration parameter to the Cluster element to identify
 one server as the controller and have /that/ one manage the sessions
 when the cluster is shut down.

 Hang on, there's no shutdown cluster message that all nodes
 understand. So, let's add that. But wait, what happens if the cluster
 controller goes down? We need a backup for the cluster controller. Let's
 add a backup for the cluster controller, and then a backup for the
 backup, and then a backup for the backup for the backup...



 Actually your solution is pretty fine. Just that there is no need in
controller backup - in case that
the controller goes down another node should take other (that;s for example
how master/slave
architecturere works if the master fails - a slave takes other).
Another solution would be to implement the same algorithm db clusters use
i.e. have a log for changes
and synchronize on that - no controller needed.
Actually the master/master cluster a very common for example in db world and
the algorithms for it
are well known.
Again ,i really appreciate the tomcat dev. work ,so if they do not have time
to implement such an alg.
then i understand.


 Now do you see why this hasn't been implemented?



No i don't .A complexity of solution does not mean let's not do it. In
that case we should say:

Hei, writing kernel is hard ,let's not do Linux
or
Hei,GC is hard let leave memory management in Java to programmers

However,something like this is fine:

We are short in resources and this feature is _not_ that needed ,let's do
something else.

And yes it _ is _ agreed that this feature is _ mostly _ not very needed so
if there is nobody to implement
it - let the developers do something else.

Evgeny



 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAkrl6L8ACgkQ9CaO5/Lv0PDdoACfR6+VP3xSV+17TdKs2759Z0fU
 gjAAnA5IDckHoO8AClD7Q1X+ArGl+Qte
 =0cmc
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

sessions on tomcat restart in cluster

2009-10-25 Thread Tsirkin Evgeny

Hi all!
Does the cluster DeltaManager supports storing the session in a file on
restarts?
It seems to me that when closing both servers in my cluster and then
starting them again
the sessions are not restored .What is a solution for that .
(P.S. tomcat 6.0  apache 2)
Thanks
EVgeny

Re: sessions on tomcat restart in cluster

2009-10-25 Thread Tsirkin Evgeny

I had a short into a source code
(
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/DeltaManager.java?revision=817103view=markup
)
and it seems that DeltaManager does not support what i want:

I want my sessions replicated across tomcats (2 nodes) but in case that
i stop both of it and then start again the tomcat should read the session
from a file/any
storage.
Yes,i understand that such a scenario leaves a question of how to replicate
tomcat across tomcats _ after _ a tomcat was restarted (i.e. should a
session
just read from a file be replicated to other nodes?) open.
However even if some session got _ not _ to be replicated after a restart -
this is
far less a problem then a case of _ all _ session not to be restored after
a restart.

Does anybody knows a solution for that?
Thanks
Evgeny


On Sun, Oct 25, 2009 at 1:23 PM, Tsirkin Evgeny tsir...@gmail.com wrote:

 Hi all!
 Does the cluster DeltaManager supports storing the session in a file on
 restarts?
 It seems to me that when closing both servers in my cluster and then
 starting them again
 the sessions are not restored .What is a solution for that .
 (P.S. tomcat 6.0  apache 2)
 Thanks
 EVgeny

Re: jvmRoute usage

2009-10-23 Thread Tsirkin Evgeny

 But the jvmRoute is optional if i don't care about stickyness,right?
Now looking again into docs i think it is there :


_ If you want to use session stickiness _, you must set different jvmRoute
attributes in the Engine element in Tomcat's server.xml. Furthermore the
names of the workers which are managed by the balancer have to be equal to
the jvmRoute of the Tomcat instance they connect with.
Thanks
Evgeny


  point in setting the jvmRoute anyway.But is jvmRoute optional?

 See above concerning replication and stickyness.

 Regards,

 Rainer

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

jvmRoute usage

2009-10-22 Thread Tsirkin Evgeny

Hi list!
I am configuring tomcat cluster in the following env. :
2 servers having apache/mod_jk in front and tomcat 6 in the back end.
There _is_ a load balancer in front of all this, however the session
stickiness does not always works _and_
there is always a question - what if one of the servers will be took out for
a while and the traffic redirected to
another one.

However i have configured in the past multiple application (of the same
tomcat instance)
to site on different workers .
(I wanted a separated pool of tomcat thread with separate timeout etc.
configured for each application).
Since this is the same tomcat those applications site in the same Engine
But ,and here is the question, according to docs - I should configure my
Engine jvmRoute to be the same
as the worker's name ,but my Engine have several workers associated with it
!!!
If i understand correctly jvmRoute is used for session stickiness ,right?
Basically for my setup i think i can do without the jvmRoute at all ,since i
have an apache in front of every tomcat
separately, is that right?

Thanks
Evgeny

Re: jvmRoute usage

2009-10-22 Thread Tsirkin Evgeny

Hi Rainer!
Thanks a lot for taking a time to answer .
However i failed to explained my configuration :).
I have 2 physical server each running httpd which connects (via mod_jk) to
one
tomcat that is running on the same host (2 tomcats).
The 6 in tomcat meant to say that i have tomcat of version 6 .
However you actually helped me, please see below.

  No, if your load balancer does not implement session stickyness
 correctly - as you noted above - you need to let both Apache servers
 connect to all 6 Tomcats to be able to correct the erros done by the
 load balancer.


Do i actually have to?
If my tomcat are same and the sessions are replicated then what does it
metter to which one the request goes?


  wA0.port=8009
 wA0.route=nodeA
 wA1.port=8109
 wA1.route=nodeA
 wA2.port=8209
 wA2.route=nodeA

 wB0.port=8009
 wB0.route=nodeB
 wB1.port=8109
 wB1.route=nodeB
 wB2.port=8209
 wB2.route=nodeB

 ...


Thanks!
The w.route was something that i missed.

However my problem is different :
I have several applications  that are configured to be on different worker
while those workers
are on the _same_ tomcat instance !
That is because those workers use different configurations (such as timeout
etc.).
All the applications are in the same Engine on different Contexts .
How do i configure cluster in that case?
What i was thinking is that since i have one httpd for each tomcat then
there is no
point in setting the jvmRoute anyway.But is jvmRoute optional?
Thanks again
Evgeny

Re: Tomcat 5.5 logging-config elegant? Not so much, I think.

2009-10-20 Thread Tsirkin Evgeny

I didn't get it : Are you trying to get tomcat internal log to be logged
somewhere
or are we talking about your application's logs?
Evgeny

On Tue, Oct 20, 2009 at 12:42 AM, larrydlefever larrydlefe...@gmail.comwrote:


 I just killed most of the afternoon trying (and failing) to get Tomcat 5.5
 logging configured for just pretty basic sensible (to me, at least) output.

 I'm running Ubuntu.  I installed Tomcat 5.5 via aptitude (the Ubuntu
 package-fetcher/installer).

 Symptoms:

  - a lingering System.out.println() (I know shouldn't use such -- but just
 knew I'd have trouble setting up logging -- and I was right): it's
 apparently getting swallowed, though I don't see that swallowOutput
 option being set where I believe it's supposed to be set (per some
 forum-posts and such)

  - a Log statement set up using Commons Logging doesn't appear, though it's
 essentially immediately 'upstream' of what does appear (more about which in
 a moment) -- it's in the same method and there's no control-logic
 preventing
 it from executing

  - there's an ex.printStackTrace() whose output IS appearing in the
 catalina.out file -- or the one like it with the timestamp in it (not sure
 why there are two such)

 So, regarding application-specific logging, I'm apparently getting only
 what's automatically going to stderr.

 Solution-Efforts:

  - tried most obvious thing first: put the log4j jar into the webapp's
 WEB-INF/lib and log4j.properties into its WEB-INF/classes directories,
 tweaked my code to use Log4J explicitly as logger, changed one
 System.out.println() line to use that logger; result: no change

  - read about (rather hackish!) things to do 'upstream' (or: up the
 classloader-hierarchy) in the common/lib and common/classes directories;
 basically doing much as above but at that 'commons' directory-level;
 result:
 no change; maybe had yet to change the startup.sh script to set a -D option
 to point to my own log4j.properties file; might yet do so, though
 reluctant,
 since that's so damn hackish

  - read about and tried (even more hackish!) tricking the bootstrap code
 into thinking it's using commons-logging-api.jar when it's actually using
 the full fledged commons-logging.jar (along with associated change to my
 code to use commons-logging's classes rather than specifically those of
 Log4J): result: no change

  - incidently, each of these tests seemed to have the desired effect
 locally on my Windows laptop while running in Jetty rather than Tomcat

 I plan to continue with all this tomorrow, with a 'fresh head', but
 anything
 anybody might be able to tell me that might give me the needed aha moment
 with this would be much appreciated.

 Thanks.

 --
 View this message in context:
 http://www.nabble.com/Tomcat-5.5-logging-config-elegant---Not-so-much%2C-I-think.-tp25966929p25966929.html
 Sent from the Tomcat - User mailing list archive at Nabble.com.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 5.5.26 hangs

2009-10-15 Thread Tsirkin Evgeny

On Wed, Oct 14, 2009 at 6:15 PM, Mark Thomas ma...@apache.org wrote:


 Have you tried
 JkOptions +DisableReuse


And if that solves the problem setup connection timeout .
http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html
Evgeny

Re: tomcat5.5 can't start

2009-10-12 Thread Tsirkin Evgeny

looks like you are using ubuntu or debian but it installs tomcat 5.5 which
is an old version .
maybe you should upgrade your distrib?
anyway your question probably belongs to the debian/ubuntu lists not here.
also from my personal exper. ,thought i installed successfully tomcat on
ubuntu it is always
better to use vanilla tomcat versions.
Evgeny

On Mon, Oct 12, 2009 at 9:05 AM, jay uniojnqoif...@gmail.com wrote:

 Hi all  :

 I have some problem with tomcat .

 I have install tomcat5.5 ,

 root@ ibm:/tmp# dpkg --get-selections | grep tomcat5.5

 libtomcat5.5-java   install

 tomcat5.5   install

 then I using /etc/init.d/tomcat5.5 start to start tomcat,

 r...@ibm:/tmp# /etc/init.d/tomcat5.5 start

  * Starting Tomcat servlet engine tomcat5.5
 [ OK ]

 But when I to check the tomcat ,I find tomcat didn't start .



 I have modify /etc/default/tomcat5.5 ,set

 TOMCAT5_SECURITY=no

 And my /var/log/tomcat5.5/ is empty .

 What's problem with my tomcat ?



 Cheers,

 jay

Re: mod_jk problem related to multiple hosts on Apache and Tomcat

2009-10-07 Thread Tsirkin Evgeny

What Chuck means is that you need
docBase=/var/lib/tomcat5/webapps/alfresco

On Wed, Oct 7, 2009 at 8:51 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Maciej Zabielski [mailto:m...@tessel.pl]
  Subject: mod_jk problem related to multiple hosts on Apache and Tomcat

  Tomcat Host
  Host name=localhost debug=0 appBase=webapps unpackWARs=true
 autoDeploy=true
xmlValidation=false xmlNamespaceAware=false
Context path= docBase=/var/lib/tomcat5/webapps/
Aliasalfresco.domain.com/Alias
  /Host

 I can't advise you about the httpd-related stuff, but the above is clearly
 wrong.  The docBase attribute of a Context must not be the same as the
 Host appBase; docBase should point to some directory or .war file directly
 *underneath* the appBase directory.  (Your other Host element is correct.)

  - Chuck

 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you received
 this in error, please contact the sender and delete the e-mail and its
 attachments from all computers.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat and cgi

2009-09-14 Thread Tsirkin Evgeny

Hi list!
Does anybody have an experience running cgi programs under tomcat?
We have a very high load ahead of us and one of my co workers suggestied to
run the
cgi program using a tomcat in place of apache .
What we have one spare server that we can connect behind our main server
using one of the two options:
1. setup mod_proxy to pass the cgi request to this backend machine and on
that machine use apache server.
2. put tomcat on the backend ,make it run cgi and connect it using mod_jk
Note that we can't use load balancer here to put the new machine _together_
with the production one ,
because we have no time to have a full install of _all_ the applications
there  we need another ssl cert for it.
We just want, at the mean time ,put it at the back and redirect some the
traffic there.
So ,which is better for cgi : tomcat or apache?
The one who suggested tomcat have in mind the fact that tomcat is
multithread and we will have less memory footprint with it,hopefully?
Thanks
Evgeny

Re: An unexpected error has been detected by Java Runtime Environment:

2009-09-05 Thread Tsirkin Evgeny

 It's possible. What is your architecture?


Solaris 9.Sparc.



 Do you have physical access? Can you run a memory tester on it?

Unfortunatly this is not possible.
Thanks
Evgeny


 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAkqhJNgACgkQ9CaO5/Lv0PAHzwCff9RgReSy8KeQLVEnN5TX2XEB
 kSIAoJPHn+1g7VzvA/+FuCdvB8YzY9mt
 =d2Fg
  -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: An unexpected error has been detected by Java Runtime Environment:

2009-09-04 Thread Tsirkin Evgeny

Why SIGBUS is Cool?
What is strange is that running 32 bit java helped.
Of course i can explain it that the 32 have less address space and it does
not get
to the bad RAM ,but still ...
Evgeny

On Fri, Sep 4, 2009 at 12:32 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Peter,

 On 9/3/2009 6:06 AM, Peter Crowther wrote:
  Have you got a creeping failure on your hardware?  Bad RAM could cause
 the
  problem you observe, for example.

 +1000

 SIGBUS? Cool!

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAkqgNgUACgkQ9CaO5/Lv0PAqsACcCm5+2laf48qTcSRRpIqKGE+K
 9AEAn3Vp6VvuSMYT4ZqI08wxSPV3kkoR
 =0Ffv
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: redirect paramter in the jk_workers file

2009-09-03 Thread Tsirkin Evgeny

I think you can achieve something simular just using longer timeouts on
mod_jk
one of those:
http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html
* use_server_errors*
And use ErrorDocument in apache for custom error page
Evgeny

On Thu, Sep 3, 2009 at 8:54 AM, Dhiraj Rajput 
draj...@premiertechnologygroup.com wrote:

 Hi Rainer,

 Yes , it support to the 1.29 mod jk.

 But here issue is different, I am using the JDBC store for the clustering.

 Suppose my application is running fine and that instant if node1 is goes
 offline

 It need near about 10 - 20 sec to push the session in to DB and in between
 these 10 sec I f I try to do anything in my application , the application
 kick back me on login page.

 To overcome from this login page issue I am thinking to use the redirect
 parameter for two nodes.

 In this case , can you please tell me wheather this is sutaible and how it
 works.

 -Original Message-
 From: Rainer Jung [mailto:rainer.j...@kippdata.de]
 Sent: Wednesday, September 02, 2009 11:28 PM
 To: Tomcat Users List
 Subject: Re: redirect paramter in the jk_workers file

 Your mailer uses a very unfriendly way of formatting your messages. So I
 do top posting.

 Yes, as you can read on

 http://tomcat.apache.org/connectors-doc/reference/workers.html

 the atribute redirect is supported since version 1.2.9. For a two node
 load balancer, you don't need it though. If you have many nodes in a
 load balancer, the redirect expresses, which one you prefer for the
 failover. If you dont specify it, the load balancer will use some other
 working node according to its load values.

 Regards,

 Rainer


 On 02.09.2009 06:51, Dhiraj Rajput wrote:
  Hi Chris,
 
 
 
  I have below mention tag in my jk workers file.
 
 
 
 
 
 
 
  orker.tomcat.type=lb
 
  worker.tomcat.socket_keepalive=1
 
  worker.tomcat.socket_timeout=300
 
  worker.tomcat.connection_pool_size=50
 
  worker.tomcat.connection_pool_timeout=600
 
  worker.tomcat.balance_workers=tomcatnode1,tomcatnode2
 
  worker.tomcat.sticky_session=true
 
  worker.tomcatnode1.port=9732
 
  worker.tomcatnode1.host=10.18.25.160
 
  worker.tomcatnode1.type=ajp13
 
  worker.tomcatnode1.socket_keepalive=True
 
  worker.tomcatnode1.socket_timeout=300
 
  worker.tomcatnode1.connection_pool_timeout=600
 
  worker.tomcatnode1.connect_timeout=600
 
  worker.tomcatnode1.redirect=tomcatnode2
 
  worker.tomcatnode2.port=9733
 
  worker.tomcatnode2.host=10.18.25.107
 
  worker.tomcatnode2.type=ajp13
 
  worker.tomcatnode2.socket_keepalive=True
 
  worker.tomcatnode2.socket_timeout=300
 
  worker.tomcatnode2.connection_pool_timeout=600
 
  worker.tomcatnode2.redirect=tomcatnode1
 
 
 
 
 
  I am not 100% sure how this works and is it really usefull for the
 failover.
 
  Thanks and Regards,
 
 
 
  Dhiraj V Rajput
 
  Associate System Admin
 
  Hosting Services Group
 
  Premier Technology Group Nagpur

 
  Phone: - USA- 1-626-698-1099
 
  India Office: 91-712-2446734 ext 30
 
  cell no : 91-9370315811
 
 
 
  -Original Message-
  From: Christopher Schultz [mailto:ch...@christopherschultz.net]
  Sent: Tuesday, September 01, 2009 11:22 PM
  To: Tomcat Users List
  Subject: Re: redirect paramter in the jk_workers file
 
 
 
  Hash: SHA1
 
 
 
  Dhiraj,
 
 
 
  On 8/27/2009 8:26 AM, Dhiraj Rajput wrote:
 
  I have issue on the redirect tag in jk workers file.
 
 
 
  What is redirect tag?
 
 
 
  -chris

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

An unexpected error has been detected by Java Runtime Environment:

2009-09-03 Thread Tsirkin Evgeny

environment :
Apache Tomcat/6.0.18
Solaris 9 64 bit
jdk1.6.0_13

On one of the servers we are today getting constantly errors:
An unexpected error has been detected by Java Runtime Environment.
Here are some of those:

---
#
# An unexpected error has been detected by Java Runtime Environment:
#
#  SIGBUS (0xa) at pc=0x7f4008b8, pid=2380, tid=121
#
# Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode
solaris-sparc)
# Problematic frame:
# C  [libc_psr.so.1+0x8b8]
#
# An error report file with more information is saved as:
# /tmp/hs_err_pid2380.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

---
#
# An unexpected error has been detected by Java Runtime Environment:
#
#  SIGBUS (0xa) at pc=0x78c0bf44, pid=11205, tid=615
#
# Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode
solaris-sparc)
# Problematic frame:
# j
java.net.URLStreamHandler.parseURL(Ljava/net/URL;Ljava/lang/String;II)V+0
#
# An error report file with more information is saved as:
# /tmp/hs_err_pid11205.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#
---
#
# An unexpected error has been detected by Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x7e34c17c, pid=23223, tid=5
#
# Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode
solaris-sparc)
# Problematic frame:
# V  [libjvm.so+0x74c17c]
#
# An error report file with more information is saved as:
# /tmp/hs_err_pid23223.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#
---
The file which should contain the logs/dump (i.e. /tmp/hs_err_pid23223.log)
are empty.
Did anybody get experienced with such a thing?
Thanks
Evgeny

Re: An unexpected error has been detected by Java Runtime Environment:

2009-09-03 Thread Tsirkin Evgeny

I don't think so:
1. Why would it break jvm?
2. this same app. works fine for 1/2 year + it works fine on another server.
Thanks
Evgeny

On Thu, Sep 3, 2009 at 12:51 PM, Rainer Jung rainer.j...@kippdata.dewrote:

 On 03.09.2009 11:42, Tsirkin Evgeny wrote:
  environment :
  Apache Tomcat/6.0.18
  Solaris 9 64 bit
  jdk1.6.0_13
 
  On one of the servers we are today getting constantly errors:
  An unexpected error has been detected by Java Runtime Environment.
  Here are some of those:
 
 
 ---
  #
  # An unexpected error has been detected by Java Runtime Environment:
  #
  #  SIGBUS (0xa) at pc=0x7f4008b8, pid=2380, tid=121
  #
  # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode
  solaris-sparc)
  # Problematic frame:
  # C  [libc_psr.so.1+0x8b8]
  #
  # An error report file with more information is saved as:
  # /tmp/hs_err_pid2380.log
  #
  # If you would like to submit a bug report, please visit:
  #   http://java.sun.com/webapps/bugreport/crash.jsp
  #
 
 
 ---
  #
  # An unexpected error has been detected by Java Runtime Environment:
  #
  #  SIGBUS (0xa) at pc=0x78c0bf44, pid=11205, tid=615
  #
  # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode
  solaris-sparc)
  # Problematic frame:
  # j
  java.net.URLStreamHandler.parseURL(Ljava/net/URL;Ljava/lang/String;II)V+0
  #
  # An error report file with more information is saved as:
  # /tmp/hs_err_pid11205.log
  #
  # If you would like to submit a bug report, please visit:
  #   http://java.sun.com/webapps/bugreport/crash.jsp
  #
 
 ---
  #
  # An unexpected error has been detected by Java Runtime Environment:
  #
  #  SIGSEGV (0xb) at pc=0x7e34c17c, pid=23223, tid=5
  #
  # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.3-b02 mixed mode
  solaris-sparc)
  # Problematic frame:
  # V  [libjvm.so+0x74c17c]
  #
  # An error report file with more information is saved as:
  # /tmp/hs_err_pid23223.log
  #
  # If you would like to submit a bug report, please visit:
  #   http://java.sun.com/webapps/bugreport/crash.jsp
  #
 
 ---
  The file which should contain the logs/dump (i.e.
 /tmp/hs_err_pid23223.log)
  are empty.
  Did anybody get experienced with such a thing?

 wild_guessCould it be an infinite redirection loop (stack
 overflow)?/wild_guess

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: An unexpected error has been detected by Java Runtime Environment:

2009-09-03 Thread Tsirkin Evgeny

Well.Yes - the server have got loaded by apache server running on it.
So ,yes, that can be bad RAM.
I have changed the config to run the 32 version.
But maybe somebody here knows about any particular problems in Solaris/Java
that might help?
Evgeny

On Thu, Sep 3, 2009 at 1:06 PM, Peter Crowther
peter.crowt...@melandra.comwrote:

 2009/9/3 Tsirkin Evgeny tsir...@gmail.com

  2. this same app. works fine for 1/2 year + it works fine on another
  server.
 

 Has your data changed?  Does running the same app *with the same data* on
 the other server trigger the error?

 Have you got a creeping failure on your hardware?  Bad RAM could cause the
 problem you observe, for example.

 - Peter

Re: Clearing the catalina.out file

2009-08-16 Thread Tsirkin Evgeny

George ,your observations are still correct for truncating file. At least at
Sun OS
(Solaris) 9.If you truncate catalina.out :
echo -n  catalina.out
you will see the file becoming 0 bytes long .But once tomcat writes another
byte
into output it will become the same size it was before truncation.
I guess that either jvm or Solaris holds not only the file open for writing
but also
remembers it's seek  in the file (or maybe it is the same on Solaris).
Thus,once tomcat starts writing into file after truncate it writes starting
from the
end of file *he* thinks it is at and the file's size is restored .
(Yes that is tried on practice)
Maybe Linux behaves differently.
So,we are using swallowOutput and actually have no other options except
maybe
restarting the server .
(Note : restarting the server sometime is not an option on production )
Thanks
Evgeny

On Fri, Aug 14, 2009 at 9:57 PM, George Sexton geor...@mhsoftware.comwrote:

 rm catalina.out

 You're right. He truncated it.

 It looks like neither one of us is reading the entire message. I said if
 you erase the file, it's held open. This is accurate. He responded with a
 way of truncating the file, and that works too.

 George Sexton
 MH Software, Inc.
 http://www.mhsoftware.com/
 Voice: 303 438 9585


  -Original Message-
  From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
  Sent: Friday, August 14, 2009 12:46 PM
  To: Tomcat Users List
  Subject: RE: Clearing the catalina.out file
 
   From: George Sexton [mailto:geor...@mhsoftware.com]
   Subject: RE: Clearing the catalina.out file
  
   On one of my production servers, I erased catalina.out.
 
  Exactly how?  What's been under discussion here is a truncation
  operation, not an unlink.
 
   - Chuck
 
 
  THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
  PROPRIETARY MATERIAL and is thus for use only by the intended
  recipient. If you received this in error, please contact the sender and
  delete the e-mail and its attachments from all computers.



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat cluster security

2009-08-13 Thread Tsirkin Evgeny

Hi list!
I am trying to setup a tomcat cluster with 2 members (2 different machines
).
On each machine there is an apache  tomcat connected to it via mod_jk
For whatever reason the session stickiness does not works well - this is the
reason for cluster.
As much as i understand setting cluster  means ,that each tomcat will try to
discover
other instances (in my case only one) using multicast.
Now,i don't really understand much about multicasting but it seems that if
there is
no firewall blocking multicasting that does not come from my tomcat cluster
machines,
then anybody will be able to pretend being a tomcat and just join the
cluster - and just read
my user's session data.
Again i am not a network guru.But it seems pretty dangerous .
How are you dealing with this?
Is this really a security risk?
Tnaks
Evgeny

Re: mod_jk does not recognize extension

2009-06-17 Thread Tsirkin Evgeny

Actually i guess
Rule extensions were added in mod_jk 1.2.17.
Is probably enough .Just make it  underlined or bold.
Evgeny

On Wed, Jun 17, 2009 at 1:09 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Rainer,

 On 6/16/2009 1:05 PM, Rainer Jung wrote:
  Would you mind to provide some sentences or corrections for specific
  docs pages?

 How about adding:

 
 Rule extensions were added in mod_jk 1.2.17. If you would like to use
 rule (mount?) extensions, you must use a version of mod_jk 1.2.27 or
 higher.
 

 to http://tomcat.apache.org/connectors-doc/reference/uriworkermap.html
 right after the Rule Extensions heading, before the Syntax section?

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAko4GAUACgkQ9CaO5/Lv0PC7DwCeM616BD4LOAdhdV6+LENiIArA
 9iwAoLxnrlLYVOASbt2Bo1wkQd+M4bw5
 =81NS
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Serving images from classes directory

2009-06-17 Thread Tsirkin Evgeny

What is your OS?
If this a *nix - then you have make sure that Web-INF is readable for the
world,
this is NOT good .On the  other hand you could just create a soft link to
whatever they
have there...
Evgeny

On Wed, Jun 17, 2009 at 9:20 PM, Susan G. Conger
sus...@bfcassociates.comwrote:

 I started with the authors of the tool app and they said it was a tomcat
 limitation.  Basically can't be done.  So I figured I would try the list
 before I took their word for it.

 Yes, I use the tool to modify the template files.  But that is basically
 just editing html using the tool.  When the tool app builds my app it
 copies
 everything into the classes directory.  So that everything looks like one
 big Java class under the tool app.  So my thought is that my images and
 javascripts should go in here so I can have everything together and make
 maintenance easier.  I check everything the tool app builds into subversion
 so I can have some source control.

 Thanks,
 Susan


 -Original Message-
 From: Pid [mailto:p...@pidster.com]
  Sent: Wednesday, June 17, 2009 2:09 PM
 To: Tomcat Users List
 Subject: Re: Serving images from classes directory

 Susan G. Conger wrote:
  The template files are in the classes directory.  This is a web app that
 is
  deploying it's own web app.  So it is rather convoluted.  The web app
 that
  gets deployed is my web app while the web app doing the developing is the
  third party tool.


 For reference then, we'll call the first one the 'tool app'.

 So are you actually editing the template files yourself, or are you
 using the tool app to edit the template files?

 Where in your app do the modified template files end up, and are they
 copied individually?


 The thought also occurs that the authors of the tool app might be the
 people you really want to be talking to about this.

 p



  Thanks,
  Susan
 
  -Original Message-
  From: Pid [mailto:p...@pidster.com]
  Sent: Wednesday, June 17, 2009 1:29 PM
  To: Tomcat Users List
  Subject: Re: Serving images from classes directory
 
  Susan G. Conger wrote:
  Thanks Tim.  I don't have control during build because that is done by
 the
  third party tool.  I am not going to mention their name.  I was hoping
  that
  this would be easy.  You know a servlet mapping in the web.xml file that
  would allow me to just map the directory/file type and I could just put
  that
  in my html.  Since I can't use jsp everywhere I need the images.  Again
 I
  am
  tied into their system and they have stuff in html files that they
 create.
  I edit the html template files they have to add my images and
 javascript.
  I use their environment to create/edit/build the web application.
  Underneath
  I have tied in netBeans the best I can so I can debug their stuff.  But
  that
  has issues too.
 
  If you can edit the template files, can't you include images in the same
  place as the templates?
 
  p
 
 
 
  Thanks,
  Susan
 
  -Original Message-
  From: Tim Funk [mailto:funk...@apache.org]
  Sent: Wednesday, June 17, 2009 1:07 PM
  To: Tomcat Users List
  Subject: Re: Serving images from classes directory
 
  If the images are physical images in the classes directory - you have a
  few options.
 
  1) At build time - move (or copy) the files from the classes directory
  to somewhere more sane that the default servlet can access
  2) Write a filter the detects these images that live in the classes dir,
  and then forwards to the images. (You need to be careful with this one)
 
  For # 2 - it would look something like this:
  doFilter(...) {
 String p = request.getServletPath();
 if (p.matches(/magic_prefix/[\\w]+\\.gif$)) {
   String np = request.getServletPath().replaceFirst(.+/, );
   request.getRequestDispatcher(/WEB-INF/class/more/cowbell/ + np)
  .forward(request, response);
 } else {
   chain.doFilter(...);
 }
  }
 
 
  -Tim
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_jk does not recognize extension

2009-06-16 Thread Tsirkin Evgeny

Thanks
It worked
If just it would be mentioned in documention it would save me several ours
of
debugging
Should i report a bug or i have missed it?
Evgeny

On Fri, Jun 12, 2009 at 10:24 AM, Tsirkin Evgeny tsir...@gmail.com wrote:


 On Fri, Jun 12, 2009 at 1:25 AM, Rainer Jung rainer.j...@kippdata.dewrote:

 On 11.06.2009 14:26, Tsirkin Evgeny wrote:
  Hi list!
  I have mod_jk 1.2.26 configured and working fine.
  However i want to set a special reply_timeout for a special url ,
  i am getting strange errors in log and the rule is ignored .
  Once i add this line:
   /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12
  (see the full config below)
  I am getting in jk log this:
  jk_handler::mod_jk.c (2372): Could not find a worker for worker
  name=dataj_mid;reply_timeout=12
  And i am getting error 500 from apache on those urls.

 Sorry, but this time an update will help :)

Re: mod_jk does not recognize extension

2009-06-12 Thread Tsirkin Evgeny

Thanks
I will try this
Evgeny

On Fri, Jun 12, 2009 at 1:25 AM, Rainer Jung rainer.j...@kippdata.dewrote:

 On 11.06.2009 14:26, Tsirkin Evgeny wrote:
  Hi list!
  I have mod_jk 1.2.26 configured and working fine.
  However i want to set a special reply_timeout for a special url ,
  i am getting strange errors in log and the rule is ignored .
  Once i add this line:
   /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12
  (see the full config below)
  I am getting in jk log this:
  jk_handler::mod_jk.c (2372): Could not find a worker for worker
  name=dataj_mid;reply_timeout=12
  And i am getting error 500 from apache on those urls.

 Sorry, but this time an update will help :)

 Mount extensions have been added in version 1.2.27. Update to the recent
 1.2.28 and it should work.

  My worker.properties :
  ### template - applyed to all the others
  worker.list=dataj,dataj_dev,dataj_mid,test,jkstatus
  worker.template.type=ajp13
  worker.template.host=localhost
  worker.template.port=8009
  ### THE configuration parameter - timeout
  worker.template.reply_timeout=12
 
 
  ## workers using ajp3
  worker.test.reference=worker.template
  worker.dataj.reference=worker.template
  worker.dataj_dev.reference=worker.template
  worker.dataj_mid.reference=worker.template
  ### this status worker will be mounted only throught ssl and from my
 machine
  worker.jkstatus.type=status
  worker.jkstatus.read_only=True
 
  
  uriworkers.properties:
  /dataj_dev=dataj_dev
  /dataj_dev/controller/finance/*=dataj_dev
  /dataj_dev/*=dataj_dev; reply_timeout=12
 
  # /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12
  /dataj_mid=dataj_mid
  /dataj_mid/*=dataj_mid
 
  /dataj=dataj
  /dataj/*=dataj
  ###test for java env.
  /jtests=test
  /jtests/*=test

  -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

mod_jk does not recognize extension

2009-06-11 Thread Tsirkin Evgeny

Hi list!
I have mod_jk 1.2.26 configured and working fine.
However i want to set a special reply_timeout for a special url ,
i am getting strange errors in log and the rule is ignored .
Once i add this line:
 /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12
(see the full config below)
I am getting in jk log this:
jk_handler::mod_jk.c (2372): Could not find a worker for worker
name=dataj_mid;reply_timeout=12
And i am getting error 500 from apache on those urls.
Please help!
Evgeny


My worker.properties :
### template - applyed to all the others
worker.list=dataj,dataj_dev,dataj_mid,test,jkstatus
worker.template.type=ajp13
worker.template.host=localhost
worker.template.port=8009
### THE configuration parameter - timeout
worker.template.reply_timeout=12


## workers using ajp3
worker.test.reference=worker.template
worker.dataj.reference=worker.template
worker.dataj_dev.reference=worker.template
worker.dataj_mid.reference=worker.template
### this status worker will be mounted only throught ssl and from my machine
worker.jkstatus.type=status
worker.jkstatus.read_only=True


uriworkers.properties:
/dataj_dev=dataj_dev
/dataj_dev/controller/finance/*=dataj_dev
/dataj_dev/*=dataj_dev; reply_timeout=12

# /dataj_mid/controller/finance/*=dataj_mid;reply_timeout=12
/dataj_mid=dataj_mid
/dataj_mid/*=dataj_mid

/dataj=dataj
/dataj/*=dataj
###test for java env.
/jtests=test
/jtests/*=test

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: strange ssl tomcat response

2006-12-14 Thread Tsirkin Evgeny


I have did yet another try,now on windows machine .
The same problem!
Here are the steps to reproduce :
[1] Do a regular (vanilla) installation of tomcat (Linux and Windows i have
already tried) .
[2] Setup ssl:
Uncomment the ssl setup in server.xml create a key with the following:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
or
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
(taken from tomcat's manual)
add the keystorePass and keystoreFile to server.xml
start the tomcat and test if the ssl works .
[3] Try this in browser:
http://localhost:8443 (note the http not the https)
or
telnet localhost 8443
Note that the telnet should be done from a terminal that can show binary
output.
(rxvt,xterm will NOT do,for me gnome terminal and cmd on windows worked).
in the telnet session you will get a connection type something ,hit ENTER
and you will get
strange bits in the response.
If you are doing this in browser it will just try to download those bits
(Mozilla) or show it
on the screen (IE).
I am pretty sure that this is NOT valid behaviour.
I have tried all this on :
tomcat 5.5.20
java 1.5.0_09
and
same tomcat
java 1.5.0_06
Both Linux and Windows .
Now I am pretty sure this is a tomcat problem ,not sure which versions.
I need somebody except me to reproduce this before asking developers.
Anybody?
Thanks.
P.S. Hassan could you please do this ?Just try it with firefox/ie and other
terminal?
Evgeny.

Re: strange ssl tomcat response

2006-12-14 Thread Tsirkin Evgeny


On 12/14/06, Martin Heiden [EMAIL PROTECTED] wrote:


It's pretty valid!



I don't think so.Just checked out the TLS rfc and found this (TLS ver. 1.0):

These goals are achieved by the handshake protocol, which can be
  summarized as follows: The client sends a client hello message to
  which the server must respond with a server hello message, or else a
  fatal error will occur and the connection will fail. The client hello
  and server hello are used to establish security enhancement
  capabilities between client and server. The client hello and server
  hello establish the following attributes: Protocol Version, Session
  ID, Cipher Suite, and Compression Method. Additionally, two random
  values are generated and exchanged: ClientHello.random and
  ServerHello.random.

As i see this if the client does not sends a hello message then server
should drop the
connection .So,if i am pointing my browser to ssl port using http scheme
,the connection
should be dropped.
I think that most (non-java at least) servers works this way just try to
telnet to ssl port of
say gmail ,you get nothing.
I of course could be wrong,and that is for developers to decide .However
what i am
looking to be sure of, is that the strange bits are actually the server
hello and not
a bug/not cleaned buffer/security problem.
However ,if i understand correctly you can reproduce my results?
Is that right ?Do you use the same version of tomcat ?JVM?
Thanks for response.
Evgeny.



regards

Martin.






-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

strange ssl tomcat response

2006-12-13 Thread Tsirkin Evgeny


Hi list!
Hope this will not be posted twice.
I have setted up a tomcat to listen to ssl
on 8443 port.
When i use url https://myhost:8443/ everything works fine.
However when pointing my browser to
http://myhost:8443/
I am getting strange response .
It looks something like this in text representation:
[EMAIL PROTECTED]
What is this ?
The tomcat does NOT listen on a regular http port (if this is relevent).It
is supposed
to get http from apache (ajp).
Here is relevant part of the server.xml:
 Service name=Catalina
   Connector port=8443 maxHttpHeaderSize=8192
  maxThreads=150 minSpareThreads=25 maxSpareThreads=75
  enableLookups=false disableUploadTimeout=true
  acceptCount=100 scheme=https secure=true
  clientAuth=false sslProtocol=SSL
keystorePass=passphrase keystoreFile=${catalina.home}/ssl/.keystore/
   Connector port=8009
  enableLookups=false protocol=AJP/1.3 address=127.0.0.1
/
   !-- Define the top level container in our container hierarchy --
   Engine name=Catalina defaultHost=localhost
 Listener className=org.apache.jk.config.ApacheConfig
modJk=/path/to/mod_jk.so /
 !-- Define the default virtual host
  Note: XML Schema validation will not work with Xerces 2.2.
  --
 Host name=localhost appBase=webapps
  unpackWARs=true autoDeploy=true
  xmlValidation=false xmlNamespaceAware=false
 Valve className=org.apache.catalina.valves.AccessLogValve
   prefix=localhost_access_log. suffix=.txt
pattern=common/
  Context path=/manager docBase=${catalina.home
}/server/webapps/manager
   privileged=true antiResourceLocking=false
antiJARLocking=false 
 Realm className=org.apache.catalina.realm.UserDatabaseRealm
   resourceName=UserDatabase/

   !-- Link to the user database we will get roles from --
 ResourceLink name=users global=UserDatabase
 type=org.apache.catalina.UserDatabase/
Valve className=org.apache.catalina.valves.RemoteAddrValve
allow=myip/
 Valve className=org.apache.catalina.valves.AccessLogValve
prefix=manager_access_log. suffix=.txt
pattern=common/
  /Context
 /Host

   /Engine

 /Service
Any help please?
Evgeny

Re: strange ssl tomcat response

2006-12-13 Thread Tsirkin Evgeny


Thanks for the reply!
Sorry for not providing basic information.
This is tomcat 5.5 with sun's
java version 1.5.0_09
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03)
Java HotSpot(TM) Server VM (build 1.5.0_09-b03, mixed mode)
Running on Linux Suse (but i have installed it manually getting apache's
tomcat
not SuSe's one which pretty old).
About APR: I really don't know if it is installed however this is manually
compiled
apache and as i already mantioned manually installed tomcat ,so i guess - it
is not.
If you tell me how to check this i will know for sure.
Thanks for the answer!
Hope you will be able to help me.
Evgeny.

On 12/13/06, Caldarale, Charles R [EMAIL PROTECTED] wrote:


 From: Tsirkin Evgeny [mailto:[EMAIL PROTECTED]
 Subject: strange ssl tomcat response

 Hope this will not be posted twice.



My first post did not work ,so i was afraid that i am posting twice.

If you don't provide basic information, it will have to be.


1) What version of Tomcat?
2) What JVM (vendor and level)?
3) What OS?
4) Do you have APR installed?  (SSL is configured quite differently with
APR.)

 Service name=Catalina
   Connector port=8443 maxHttpHeaderSize=8192
snip
 clientAuth=false sslProtocol=SSL

Note the following from the doc:

sslProtocol: The encryption/decryption protocol to be used on this
socket. It is not recommended to change this value if you are using
Sun's JVM. It is reported that IBM's 1.4.1 implementation of the TLS
protocol is not compatible with some popular browsers. In this case, use
the value SSL.

http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

Whether or not the above is applicable depends on the basics you didn't
tell us.

- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: strange ssl tomcat response

2006-12-13 Thread Tsirkin Evgeny


I don't expect it to work .
I expect to return either 404 , 500 http status (maybe any other) or nothing
.
try this:
telnet mail.google.com 443
You will get a connection however NOTHING will be returned .
Now ,I am trying ssl connection to tomcat :
telnet myhost 8443
And getting the strange bits.
^U^C etc...
I don't think that is valid .So ,since i don't (currenttly) think that this
a tomcat problem - i think that this a problem in my setup,
i am trying to get help to fix it.
Basically that can be checked in a very simple manner:
try to setup ssl for a tomcat and then telnet to it (8443 port).
Do you get any response?
[1] If no that is problem in my configuration (and please help me correct it
I will resend it if needed),
[2] If yes that is a problem in tomcat.
I will be very thankfull if you could help me in this.
(I will try it myself when i got a machine to do it).
As for why did i do that on the first place:
I am trying to setup a production server and a bit worried about security.
Thanks for response .
Evgeny.


On 12/13/06, Christopher Schultz [EMAIL PROTECTED] wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Evgeny,

Tsirkin Evgeny wrote:
 I have setted up a tomcat to listen to ssl on 8443 port. When i use
 url https://myhost:8443/ everything works fine.

 However when pointing my browser to http://myhost:8443/ I am getting
 strange response.

What did you expect? When you try to use HTTP to communicate with an
HTTPS service, it's simply not going to work.

Why would you try to use an http:// URL instead of https:// ?

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFgCPp9CaO5/Lv0PARAt4cAJ4u7iBDaFlPRDDuDo9jGoV+vhKdXACeMNIX
rfk6cIcGUgSOxJ90jbNdENs=
=3X5A
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: strange ssl tomcat response

2006-12-13 Thread Tsirkin Evgeny


On TLS i am getting the same result.
How do i check for an APR existens ?
Chuck suggested that this is the problem.
However I don't know where to look .
I am using 5.5.20 could that be a problem?
Thanks.
Evgeny.

On 12/13/06, Hassan Schroeder [EMAIL PROTECTED] wrote:


On 12/13/06, Tsirkin Evgeny [EMAIL PROTECTED] wrote:

 Basically that can be checked in a very simple manner:
 try to setup ssl for a tomcat and then telnet to it (8443 port).
 Do you get any response?

Just tried on a 5.5.9 non-APR system -- no response :-)

 [1] If no that is problem in my configuration

The Connector on the test system above is configured with
sslProtocol=TLS
so you might consider Chuck's suggestion for starters...

--
Hassan Schroeder  [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: strange ssl tomcat response

2006-12-13 Thread Tsirkin Evgeny


Hassan ,just a thought:
when connecting via telnet  i am first getting  an empty  response
typing in some character and  only then i am getting the bits.
Is that what you tried?
-
telnet localhost 8443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
kfglfkmvlf

Connection closed by foreign host.
-
The strange response bits are what i got here just befor Connection
closed.
Thanks again.
Evgeny.

On 12/13/06, Tsirkin Evgeny [EMAIL PROTECTED] wrote:


On TLS i am getting the same result.
How do i check for an APR existens ?
Chuck suggested that this is the problem.
However I don't know where to look .
I am using 5.5.20 could that be a problem?
Thanks.
Evgeny.

On 12/13/06, Hassan Schroeder [EMAIL PROTECTED] wrote:

 On 12/13/06, Tsirkin Evgeny [EMAIL PROTECTED] wrote:

  Basically that can be checked in a very simple manner:
  try to setup ssl for a tomcat and then telnet to it (8443 port).
  Do you get any response?

 Just tried on a 5.5.9 non-APR system -- no response :-)

  [1] If no that is problem in my configuration

 The Connector on the test system above is configured with
 sslProtocol=TLS
 so you might consider Chuck's suggestion for starters...

 --
 Hassan Schroeder  [EMAIL PROTECTED]

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]

Re: strange ssl tomcat response

2006-12-13 Thread Tsirkin Evgeny


OK.I have done another try :
I tried a clean installation of tomcat with a default config (just
uncommented
the ssl lines).
The same problem.
So,that could be a problem in
[1] this particular version :
tomcat 5.5.20
java version 1.5.0_09
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03)
Java HotSpot(TM) Server VM (build 1.5.0_09-b03, mixed mode)
Linux SuSe
[2] my machine (firewall?).
Does anybody have similar to my installation (or can easily create one)
and help me out here.
I need to check if this particular version of tomcat (jvm) when set up for
ssl
response with strange bits when telneting to the ssl port.
Anybody please?
Evgeny.

On 12/13/06, Caldarale, Charles R [EMAIL PROTECTED] wrote:


 From: Tsirkin Evgeny [mailto:[EMAIL PROTECTED]
 Subject: Re: strange ssl tomcat response

 How do i check for an APR existens ?

Since this is a Linux box and you did not explicitly build and install
it, it's extremely unlikely that you have it.

- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

40 matches

Mail list logo