Re: Tomcat Manager 403's with LDAP Realm

2024-02-19 Thread Mark Thomas 

On 17/02/2024 21:42, Dan McLaughlin wrote:

We've had the same LDAP realm configured for probably 10 years, and the
same roles in our LDAP for probably the same.  We have 4 roles configured
in LDAP manager-gui, manager-jmx, manager-script, and manager-status.  My
user only has the manager-gui role.  Everything has worked fine up until
about the time we moved to Tomcat 10.1.   Now, I can log in just fine, but
if I try to click stop, start, reload, or undeploy, I always get a 403.  I
don't see any errors in the logs telling me why.  Does anyone have pointers
on debugging this?  My user only has the manager-gui role; the only users
with the JMX or script roles are the users I use for Nagios monitoring of
JMX parameters.

FYI... I can't reproduce it using Tomcat 10.1 running in docker using the
same LDAP realm configuration, so that tells me it has nothing to do with
the roles not being correct...and they should be correct since they haven't
changed since I set things up probably 10 years ago.   The only change has
been the upgrade of Tomcat.  Could CSRF somehow be involved?  It might be
about when CSRF was introduced that I started having issues. I haven't
tried removing the filter yet, only because it really doesn't seem related
based on my understanding of how the filter works.

If someone knows the specific packages, I might want to bump up the logging
on; that would probably be most helpful at this point.


Try:

org.apache.catalina.filters.CsrfPreventionFilter.level=ALL

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat Manager 403's with LDAP Realm

2024-02-17 Thread Dan McLaughlin 
We've had the same LDAP realm configured for probably 10 years, and the
same roles in our LDAP for probably the same.  We have 4 roles configured
in LDAP manager-gui, manager-jmx, manager-script, and manager-status.  My
user only has the manager-gui role.  Everything has worked fine up until
about the time we moved to Tomcat 10.1.   Now, I can log in just fine, but
if I try to click stop, start, reload, or undeploy, I always get a 403.  I
don't see any errors in the logs telling me why.  Does anyone have pointers
on debugging this?  My user only has the manager-gui role; the only users
with the JMX or script roles are the users I use for Nagios monitoring of
JMX parameters.

FYI... I can't reproduce it using Tomcat 10.1 running in docker using the
same LDAP realm configuration, so that tells me it has nothing to do with
the roles not being correct...and they should be correct since they haven't
changed since I set things up probably 10 years ago.   The only change has
been the upgrade of Tomcat.  Could CSRF somehow be involved?  It might be
about when CSRF was introduced that I started having issues. I haven't
tried removing the filter yet, only because it really doesn't seem related
based on my understanding of how the filter works.

If someone knows the specific packages, I might want to bump up the logging
on; that would probably be most helpful at this point.

Cheers!

Dan

-- 








*NOTICE:* This e-mail message and all attachments transmitted with 
it are for the sole use of the intended recipient(s) and may contain 
confidential and privileged information. Any unauthorized review, use, 
disclosure, ​or distribution is strictly prohibited. The contents of this 
e-mail are confidential and may be subject to work product privileges. If 
you are not the intended recipient, please contact the sender by reply 
e-mail and destroy all copies of the original message.

Re: question about tomcat manager Server Status page

2023-09-08 Thread Ivano Luberti 

Thanks Christopher

Il 08/09/2023 17:51, Christopher Schultz ha scritto:

Ivano,

On 9/8/23 11:17, Ivano Luberti wrote:

Hi, looking at Server Status and Complete Server Status Page

I can see the following line:

Max threads: 200 Current thread count: 11 Current threads busy: 1 
Keep alive sockets count: 1


But looking at the thread list under the line I can count 24 lines.

So what is the number of thread currently instantiated by tomcat? 11 
or 24?


This is a good question. When I check my localhost Manager running 
8.5.x, I see this:


Max threads: -1 Current thread count: 4 Current threads busy: 1 Keep 
alive sockets count: 1


The number of threads shown in the http-nio-host-port section shows 5 
threads, 4 in the R state and one in the S state.


When running jstack against my JVM, I can see that there are only 4 
exec threads running.


So I think the claim that there are only 11 threads in your JVM is 
correct. I believe the 24 lines you are seeing are something buggy in 
the Manager's view. I'll see if I can play around with it a little bit 
to see what's happening.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196

per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 



dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/

Re: question about tomcat manager Server Status page

2023-09-08 Thread Christopher Schultz 

Ivano,

On 9/8/23 11:17, Ivano Luberti wrote:

Hi, looking at Server Status and Complete Server Status Page

I can see the following line:

Max threads: 200 Current thread count: 11 Current threads busy: 1 Keep 
alive sockets count: 1


But looking at the thread list under the line I can count 24 lines.

So what is the number of thread currently instantiated by tomcat? 11 or 24?


This is a good question. When I check my localhost Manager running 
8.5.x, I see this:


Max threads: -1 Current thread count: 4 Current threads busy: 1 Keep 
alive sockets count: 1


The number of threads shown in the http-nio-host-port section shows 5 
threads, 4 in the R state and one in the S state.


When running jstack against my JVM, I can see that there are only 4 exec 
threads running.


So I think the claim that there are only 11 threads in your JVM is 
correct. I believe the 24 lines you are seeing are something buggy in 
the Manager's view. I'll see if I can play around with it a little bit 
to see what's happening.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

question about tomcat manager Server Status page

2023-09-08 Thread Ivano Luberti 

Hi, looking at Server Status and Complete Server Status Page

I can see the following line:

Max threads: 200 Current thread count: 11 Current threads busy: 1 Keep 
alive sockets count: 1


But looking at the thread list under the line I can count 24 lines.

So what is the number of thread currently instantiated by tomcat? 11 or 24?



--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196

per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 



dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/

Re: Tomcat Manager App and Federation

2023-04-15 Thread Mark Thomas 

On 14/04/2023 16:45, Robert Hicks wrote:

Does the manager app support something like Apache CXF to authenticate
people to the manager application or is the manager application only
accessible through username/password?


The Manager web application will work with any configured Authenticator 
and Realm, including those provided by CXF.


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat Manager App and Federation

2023-04-14 Thread Robert Hicks 
Does the manager app support something like Apache CXF to authenticate
people to the manager application or is the manager application only
accessible through username/password?

Robert

Re: Tomcat Manager

2021-02-25 Thread Mark Thomas 
On 24/02/2021 20:18, Robert Hicks wrote:
> Is there a way (my google-fu is failing) to use the command line version of
> the manager but not have the front end UI available at all?

Remove the HTMLManager servlet entries from WEB-INF/web.xml

You may also wish to remove the Status servlet and the JMXProxy servlet
as well.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager

2021-02-24 Thread Robert Wigfall 
I have been looking into something similar...I have not tested anything
yet. Hopefully it helps you and informs me of any flaws.

How about restricting access to tomcat manager via remote ip
restriction
https://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Configuring_Manager_Application_Access


and 

using your choice of command-line tool to interact. I planned to
use/test tomcat-manager: 
https://tomcatmanager.readthedocs.io/en/stable/install.html


Best Regards,


Robert

On Wed, 2021-02-24 at 15:18 -0500, Robert Hicks wrote:
> [EXTERNAL EMAIL ALERT]: Verify sender before opening links or
> attachments.
> 
> Is there a way (my google-fu is failing) to use the command line
> version of
> the manager but not have the front end UI available at all?
> 
> Thanks,
> 
> Bob



signature.asc
Description: This is a digitally signed message part

Tomcat Manager

2021-02-24 Thread Robert Hicks 
Is there a way (my google-fu is failing) to use the command line version of
the manager but not have the front end UI available at all?

Thanks,

Bob

Re: Tomcat 8.5.51 (Linux) issue with the tomcat manager and empty responses of the manager's "stop" command

2020-03-13 Thread Tillmann Schulz 
Hello tomcat user group,
Today I solved my problem with the empty manager responses.The issue does not 
occur any more when using the new Java11-HTTP-Client to call the 
tomcat-manager.My old implmentation of the client was based on very old java 
functionality.

So I do not know whether it was an tomcat issue or not.
Best regards
Tillmann

Re: Tomcat 8.5.51 (Linux) issue with the tomcat manager and empty responses of the manager's "stop" command

2020-03-13 Thread Tillmann Schulz 
>>Are you able to make other /manager requests and get a good response?

YES,all other manager requests work and also the stop command works in some 
cases.
We have a destroy method in our Servlet implemented that needs some seconds 
when the app is stopped. This destroy method can take more time than the 
specified servlet timeout (20s secs). 
This was never not a problem in prior tomcat versions. 


Best regards

Tillmann

Re: Tomcat 8.5.51 (Linux) issue with the tomcat manager and empty responses of the manager's "stop" command

2020-03-12 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Tillmann,

On 3/12/20 11:01, Tillmann Schulz wrote:
> Hello tomcat user group,
>
> since our update from Tomcat 8.5.50 to 8.5.51 (Linux) I got a issue
> with the "tomcat manager", when calling the manager's "stop"
> command by socket command. With the following socket command I try
> to stop the application app1: GET /manager/text/stop?path=/app1
> HTTP/1.1
>
>
> In some cases the response is empty. Our log says:
>
> 2020-03-10 19:17:14,951 [pool-1-thread-1] DEBUG - MANAGER REQUEST:
> GET /manager/text/stop?path=/app1 HTTP/1.1 Host: localhost:8080
> Authorization: Basic xxx 2020-03-10 19:17:34,977
> [pool-1-thread-1] DEBUG - MANAGER RESPONSE:
>
>
> As you see the stop command has no response after a time of 20
> seconds (Client Socket Timeout is 5 minutes) I guess that the
> tomcat (serverside/servlet) timeout of 20 seconds causes the call
> to end.
>
> But why is the response in some cases empty? This is not as
> described in the tomcat documentation.
>
> Is it possible, that the tomcat server is stopped, when the issue
> occurs? But why is there a delay of 20 secs? And why does this
> issue not occur with tomcat 8.5.50?

Are you able to make other /manager requests and get a good response?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5qivcACgkQHPApP6U8
pFi4qQ/+LYetRFfD+pIs0LAynSO00nkakwcQa8cO9QrmUtYH9GChZL3UiDFerVFi
Ejr+sONASD3iaZ3t3/9JTapZGUV9yL6EIW043X1cnvHqP3Z8vUkQ3VNRjyNIEoH0
Pga2taSC27DORi7+oPWWKBvIib7q9V0AL1BQUo0t4XkapXKD+Mu6+9sS3IlSt8wi
s7b680rK94MyHAx4qW/3NuNOwcZEuOYkNtElOkrTgfJu+SVZyVdN5NpvWWxWUUVR
+MUHHpJjgKk2sUBvjljI1oKlVhAN53Z1EAiZ8E1avauJZS1w9IJW4nCd1FnL6WZf
v8MIKhTUGlJBsarzqLOZKzP4Dg+v1HdFQHqQ9dJd6kD6dxdiI+PKBCL6WwM3oGR+
il2jqVYU4XTH/DFuGd3b5yyVyr/8qAxKxTk1M+kAItCTBCcuEN9QeAXfOI3JAbbc
QZMjpV2UZRyMwIza0v79TtDs0WkEsXkZYRx9+eoJe118RLqObA2aGpj8gcKTnzJK
TlZbqxV4fmlGlnEARsdjisBJaDdjO48j07b5G/kh1l/CmWVtZnfNCxlIFqNNa2p9
gmQPl7xEnsflrLvN4nTj6XiUMRlGa1xz+l4CHZxxkRn4x694hkLl0usZOsWy41f9
5KgVGaOxcREQqWv4jG2IeLUaPWV3j6+HxrPuZPxccg7zHf5TGnQ=
=IuoT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 8.5.51 (Linux) issue with the tomcat manager and empty responses of the manager's "stop" command

2020-03-12 Thread Tillmann Schulz 
Hello tomcat user group,

since our update from Tomcat 8.5.50 to 8.5.51 (Linux) I got a issue with the 
"tomcat manager", when calling the manager's "stop" command by socket command.
With the following socket command I try to stop the application app1:
    GET /manager/text/stop?path=/app1 HTTP/1.1


In some cases the response is empty.
Our log says: 

2020-03-10 19:17:14,951 [pool-1-thread-1] DEBUG - MANAGER REQUEST: GET 
/manager/text/stop?path=/app1 HTTP/1.1
Host: localhost:8080
Authorization: Basic xxx
2020-03-10 19:17:34,977 [pool-1-thread-1] DEBUG - MANAGER RESPONSE: 


As you see the stop command has no response after a time of 20 seconds (Client 
Socket Timeout is 5 minutes)
I guess that the tomcat (serverside/servlet) timeout of 20 seconds causes the 
call to end.

But why is the response in some cases empty? This is not as described in the 
tomcat documentation.

Is it possible, that the tomcat server is stopped, when the issue occurs? But 
why is there a delay of 20 secs?   
And why does this issue not occur with tomcat 8.5.50?

Thank you for your help

Tillmann Schulz

Re: Tomcat manager keystore reload

2019-07-30 Thread logo 
Chris,

Now this is taking a weird direction…


> Am 30.07.2019 um 16:57 schrieb Christopher Schultz 
> mailto:ch...@christopherschultz.net>>:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Peter,
> 
> On 7/30/19 05:19, logo wrote:
>> Hi Chris,
>> 
>> I am also trying to figure this out and get to the same error.
>> 
>>> Am 25.07.2019 um 17:53 schrieb Joseph Dornisch
>>> mailto:kingcanut...@gmail.com>>:
>>> 
>>> Hello,
>>> 
>>> I have a CRL configured in my tomcat server configuration. If I
>>> update it and want to have Tomcat refresh it, I can login into 
>>> https://127.0.0.1/manager/html  and click 
>>> the "Re-read" button
>>> under "Configuration->Re-read TLS configuration files" and this
>>> causes my CRL to be reread. It works great.
>>> 
>>> However,I have read here, " 
>>> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encr 
>>> 





>> If I query with the jmxproxy-Servlet I get to 
>> Catalina:type=ProtocolHandler,port=8443, but I cannot figure out
>> the necessary address. How can I find it? Once I add an address
>> (127.0.0.1, localhost or DNSs...) , I get exactly "OK - Number of
>> results: 0". That may be the cause of the above
>> java.lang.NullPointerException.
>> 
>> If I omit the address it I get a detailed stacktrace, with all
>> sorts of IO exceptions/Illegal argument exceptions that relate to
>> the actual code of AbstractJsseEndpoint/AbstractEndpoint and
>> reloadSslHostConfigs.
>> 
>> Could you please help us here? If I only want to reload one
>> specific HostConfig, how do I set the hostname parameter?
>> 
>> I looked at your letsencrypt script 
>> https://people.apache.org/~schultz/ApacheCon%20NA%202018/lets-encrypt- 
>> 
> renew.sh,
>> 
>> 
> but that requires the address already as a parameter...
> 
> The best thing to do is connect with a JMX client such as VisualVM or
> perhaps one that your IDE provides. If you connect, you can see what
> JMX paths are actually available instead of just guessing at them.
> 
> Use the screenshots in the Let's Encrypt presentation (and possibly
> the related screenshots in the "Monitoring Apache Tomcat with JMX"
> presentation as well) to help you find the correct protocol handler path
> .
> 

I used jconsole to get to the ProtocolHandler. There is an error opening the 
panel
"Error setting Operation panel :org.apache.tomcat.util.net.SSLHostConfig“

And if I reload the SSLHostConfigs with the panel button I get the 
IllegalStateException - again.

Now before you ask, there is my config:


  
  

  
  

  
  

  
  

  
  

  


Any idea why?

Thanks

Peter

> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ 
> 
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1AWt4ACgkQHPApP6U8
> pFhqvxAAoRDPDxU1poECO+s/q/kcWXaoLKE0WrE4rmlasViRuuMdn7QtLJJZ7s0Q
> MaKk0LeJ+p/fT9fAuQ0Ysm75MhLy88Xj6SvR60mroPQZM1ONkgQ9EzLyYWiMPgt0
> alPu0z5Nqk5CW4fl4El4tLFysdniRr7WfYUdt/inwhuJSGWylVMyzqAEIVpmMsHk
> hpAoB+TWSPL8DLJMauLP64AF+gIO/RTfyM4dtC8yZJqXiSpntF8Eq5JtR2Q4y5UZ
> ijzA/rMmpQB0I1yTpExicaveMfIWYZg/2rfGh1hh3dP4dyQ4dYR2ZalmRoEW6rhZ
> zf+1nhmrByIuEoboozxgkDcLOfpXMCnG0yHtz8rAewcUci4UHabddcpLVlV+0Ilg
> yOADCYwnU8gmnD6vb1fI0B0O8OMr/VyCbhsWklOUyFBmZD64XYC4rkmGQAVhRR97
> qWrV1/Rs09Oq1zY0zpzJnRD5xmumsi/uuJ6T7kEhaK1KdT6wkDImParq2n5dnhm/
> 3smAZDpS3Nh246oyldpVuxOJpQxEWfHX+GZyAZfAJ0t/OgNV/Xq61Cz0Mr4z5iML
> fGKKpPxDB0DEWAm8RT11tyzAqk/Mwlx/KE+pxqIM+OCDY1rpkpMEYAIgFA8S1Hd5
> Y7cFNQC207nA6TuUOgnZeHzLVw2iqQIbSPqKTuwiT4j3fCbbCXQ=
> =K62u
> -END PGP SIGNATURE-
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
> 
> For additional commands, e-mail: users-h...@tomcat.apache.org 
> 

smime.p7s
Description: S/MIME cryptographic signature

Re: Tomcat manager keystore reload

2019-07-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joseph,

On 7/29/19 13:55, Joseph Dornisch wrote:
>> Joseph,
>> 
>> On 7/25/19 11:53, Joseph Dornisch wrote:
>>> Hello,
>>> 
>>> I have a CRL configured in my tomcat server configuration. If
>>> I update it and want to have Tomcat refresh it, I can login
>>> into https://127.0.0.1/manager/html and click the "Re-read"
>>> button under "Configuration->Re-read TLS configuration files"
>>> and this causes my CRL to be reread. It works great.
>>> 
>>> However,I have read here, " 
>>> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Enc
ry
>>
>>> 
pt%20Apache%20Tomcat.pdf"
>>> 
>>> 
>> on page 34 you can do basically the same thing with a command
>> something
>>> like: 
>>> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocol
Ha
>>
>>> 
ndler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
>>> 
>>> When I do this, I get back:
>>> 
>>> Error - java.lang.NullPointerException 
>>> java.lang.NullPointerException at 
>>> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(
JM
>>
>>> 
XProxyServlet.java:264)
>> 
>> What
>>> 
>> is the port number and bind-address of your protocol handler?
> 
> Is this different than the web server. I directed it to use 443, as
> I am running tomcat https out of 443. I also just specified the
> local machine name. I think I tried a few things here. Is there a
> good way to look up what these should be if they are different than
> how you access tomcat in genera.?
> 
>> 
>>> Is this command supposed to work in Tomcat 8.5.43? Is there a 
>>> different command. Short of this, the only way to force reload 
>>> without manual intervention seems to be to login to the
>>> manager from code, and then execute 
>>> https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters
.C
>>
>>> 
SRF_NONCE=
>>> 
>>> 
>> 
>> 
>> The URL you have above (if correct) is using the manager to do
>> the same thing using the JMX proxy that you are doing with the
>> manager GUI.
> 
> It's only incorrect in that I changed the 'NONCE' to text for the
> purpose of hopefully making it more readable here. It does work to
> reload the configuration (and specifically reread my CRL files).
> 
>> 
>>> I've seen that I might also write some code that Tomcat itself 
>>> would run periodically to refresh the SSL configuration. Could 
>>> anyone provide any ideas here?
>> 
>> You can do it, but IMO it's better to trigger it externally,
>> assuming that you are already deploying the manager app and the
>> JMX proxy servlet
> 
> Apparently we might have security issues if we run the manager
> application in production so right now I am planning on extending
> the Http11NioProtocol class to periodically refresh as is done in: 
> https://serverfault.com/questions/328533/can-tomcat-reload-its-ssl-cer
tificate-without-being-restarted

I
> 
would reconsider using manager+JMX. You can lock it down a bit so
that it will e.g. only accept connections from localhost and you can
put a password on it. Your scripts will have to contain that password
but you can make sure those scripts are only readable by e.g. the
Tomcat user and you should be okay.

> Thank you for responding Chris, if you have any additional advice,
> I'd be very happy to read it. (or if anyone else wants to add
> advice, I'd be happy to read that as well).


Please see my reply under the original thread. I think it will help.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1AXyQACgkQHPApP6U8
pFgZUQ//Xc4znBTXwGE0SkHbHPm2D86Q+0vudwwx1osM8x2F2KA2kiIhKYTCJZQh
ApBixExuLpjWWQ02oCrrl0NzdmUbxC8e2WvQRnF6XWB9/f1gLbMIgOVQDjYa4FWB
IiHljPO5AABiYeIUjDWE6a7Stffh3BYAJ04D1f3xMLh9uciuXPvKbnny7zWNbC/j
xzTNRndNtTmYippzIhRjPFjjaBfz3KLVST9WnU1bgXDFbgbMRCL5tSs27dvT8nOX
SNI8RoZGFMc+V1A1RnviuKZJ2DxnELcusKW0P4Zqc8Rrrpc6cspm6x+fC2AtOK6I
WaIeRj4w5f04VkaUH87CDfXYCyGEcGc6wkxZMK6y5QrZleBpvL8j9aujmqVX1yJE
4Q9y5RN4vKoq+S9RUEHSlXrjIkWoNoCRIOD7zofdUrswdJ+Ovf0Av6OjUaTN4XNX
GflZ7HqPmQ4rQV3fVE8yDm/wyvyLWxEn7COg38976/ZrPUs6gf2WuegP/SMgDp+n
IoyuJJ85jvlcr9AyE0GhjNCkb3TC/GKNKM1rGxB/sBagWTtCH3HDfJX5DMWlfFXp
LCbRjJ1wEX3XJqspKAhUcJiuFNZIN0zWGQkULOwJm+d9JmmPGriOP3r1kJ6h3V5F
FjUwp1ndKgh6p0CWbdrsHnatwzqAlfiNxyLzCyPmpe91urriy3I=
=RI2q
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager keystore reload

2019-07-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Peter,

On 7/30/19 05:19, logo wrote:
> Hi Chris,
> 
> I am also trying to figure this out and get to the same error.
> 
>> Am 25.07.2019 um 17:53 schrieb Joseph Dornisch
>> :
>> 
>> Hello,
>> 
>> I have a CRL configured in my tomcat server configuration. If I
>> update it and want to have Tomcat refresh it, I can login into 
>> https://127.0.0.1/manager/html and click the "Re-read" button
>> under "Configuration->Re-read TLS configuration files" and this
>> causes my CRL to be reread. It works great.
>> 
>> However,I have read here, " 
>> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encr
ypt%20Apache%20Tomcat.pdf"
>>
>> 
on page 34 you can do basically the same thing with a command something
>> like: 
>> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolH
andler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
>>
>>
>> 
When I do this, I get back:
>> 
>> Error - java.lang.NullPointerException 
>> java.lang.NullPointerException at
>> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(J
MXProxyServlet.java:264)
>>
>> 
at
org.apache.catalina.manager.JMXProxyServlet.invokeOperation(JMXProxyServ
let.java:207)
>> at
>> org.apache.catalina.manager.JMXProxyServlet.doGet(JMXProxyServlet.jav
a:116)
>>
>> 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) 
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:231)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:166)
>> at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:193)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
>>
>> 
at
com.arl.servlet.core.filters.AbstractRedirectFilter.doFilter(AbstractRed
irectFilter.java:250)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:193)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:166)
>> at
>> com.arl.servlet.core.filters.UrlRewriteFilter.doFilter(UrlRewriteFilt
er.java:356)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:193)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
>>
>> 
at
com.arl.servlet.core.filters.SetCharacterEncodingFilter.doFilter(SetChar
acterEncodingFilter.java:128)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:193)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:166)
>> at
>> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCh
aracterEncodingFilter.java:109)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:193)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
>>
>> 
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:199)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:96)
>>
>> 
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:610)
>> at
>> org.apache.catalina.valves.RequestFilterValve.process(RequestFilterVa
lve.java:348)
>>
>> 
at
org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:5
2)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:137)
>>
>> 
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:81)
>> at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce
ssLogValve.java:660)
>>
>> 
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:87)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:343)
>>
>> 
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:79
8)
>> at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLig
ht.java:66)
>>
>> 
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractPro
tocol.java:808)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpo
int.java:1498)
>>
>> 
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.j
ava:49)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1149)
>>
>> 
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:624)
>> at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
read.java:61)
>>
>> 
at java.lang.Thread.run(Thread.java:748)
>> 
>> Is this command supposed to work in Tomcat 8.5.43? Is there a
>>

Re: Tomcat manager keystore reload

2019-07-30 Thread logo 
Hi Chris, 

I am also trying to figure this out and get to the same error. 

> Am 25.07.2019 um 17:53 schrieb Joseph Dornisch : 
> 
> Hello,
> 
> I have a CRL configured in my tomcat server configuration. If I update it
> and want to have Tomcat refresh it, I can login into
> https://127.0.0.1/manager/html and click the "Re-read" button under
> "Configuration->Re-read TLS configuration files" and this causes my CRL to
> be reread. It works great.
> 
> However,I have read here, "
> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt%20Apache%20Tomcat.pdf"
> on page 34 you can do basically the same thing with a command something
> like:
> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
> 
> When I do this, I get back:
> 
> Error - java.lang.NullPointerException
> java.lang.NullPointerException
> at 
> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JMXProxyServlet.java:264)
> at 
> org.apache.catalina.manager.JMXProxyServlet.invokeOperation(JMXProxyServlet.java:207)
> at org.apache.catalina.manager.JMXProxyServlet.doGet(JMXProxyServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> com.arl.servlet.core.filters.AbstractRedirectFilter.doFilter(AbstractRedirectFilter.java:250)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> com.arl.servlet.core.filters.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:356)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> com.arl.servlet.core.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:128)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:610)
> at 
> org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:348)
> at org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:52)
> at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
> at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> at 
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
> at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
> at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
> at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
> at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
> 
> Is this command supposed to work in Tomcat 8.5.43? Is there a different
> command. Short of this, the only way to force reload without manual
> intervention seems to be to login to the manager from code, and then execute
> https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.CSRF_NONCE=
> 
> 
>

Re: Tomcat manager keystore reload

2019-07-29 Thread Joseph Dornisch 
> Joseph,
>
> On 7/25/19 11:53, Joseph Dornisch wrote:
> > Hello,
> >
> > I have a CRL configured in my tomcat server configuration. If I
> > update it and want to have Tomcat refresh it, I can login into
> > https://127.0.0.1/manager/html and click the "Re-read" button
> > under "Configuration->Re-read TLS configuration files" and this
> > causes my CRL to be reread. It works great.
> >
> > However,I have read here, "
> > https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encry
> pt%20Apache%20Tomcat.pdf"
> >
> >
> on page 34 you can do basically the same thing with a command something
> > like:
> > https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHa
> ndler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
> >
> >  When I do this, I get back:
> >
> > Error - java.lang.NullPointerException
> > java.lang.NullPointerException at
> > org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JM
> XProxyServlet.java:264)
>
> What
> >
> is the port number and bind-address of your protocol handler?

Is this different than the web server. I directed it to use 443, as I am
running tomcat https out of 443. I also just specified the local machine
name. I think I tried a few things here. Is there a good way to look up
what these should be if they are different than how you access tomcat in
genera.?

>
> > Is this command supposed to work in Tomcat 8.5.43? Is there a
> > different command. Short of this, the only way to force reload
> > without manual intervention seems to be to login to the manager
> > from code, and then execute
> > https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.C
> SRF_NONCE=
> >
> >
> 
>
> The URL you have above (if correct) is using the manager to do the
> same thing using the JMX proxy that you are doing with the manager GUI.

It's only incorrect in that I changed the 'NONCE' to text for the purpose
of hopefully making it more readable here. It does work to reload the
configuration (and specifically reread my CRL files).

>
> > I've seen that I might also write some code that Tomcat itself
> > would run periodically to refresh the SSL configuration. Could
> > anyone provide any ideas here?
>
> You can do it, but IMO it's better to trigger it externally, assuming
> that you are already deploying the manager app and the JMX proxy servlet

Apparently we might have security issues if we run the manager application
in production so right now I am planning on extending the Http11NioProtocol
class to periodically refresh as is done in:
https://serverfault.com/questions/328533/can-tomcat-reload-its-ssl-certificate-without-being-restarted

Thank you for responding Chris, if you have any additional advice, I'd be
very happy to read it. (or if anyone else wants to add advice, I'd be happy
to read that as well).
> .
>
> - -chris

Re: Tomcat manager keystore reload

2019-07-27 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joseph,

On 7/25/19 11:53, Joseph Dornisch wrote:
> Hello,
> 
> I have a CRL configured in my tomcat server configuration. If I
> update it and want to have Tomcat refresh it, I can login into 
> https://127.0.0.1/manager/html and click the "Re-read" button
> under "Configuration->Re-read TLS configuration files" and this
> causes my CRL to be reread. It works great.
> 
> However,I have read here, " 
> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encry
pt%20Apache%20Tomcat.pdf"
>
> 
on page 34 you can do basically the same thing with a command something
> like: 
> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHa
ndler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
>
>  When I do this, I get back:
> 
> Error - java.lang.NullPointerException 
> java.lang.NullPointerException at
> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JM
XProxyServlet.java:264)

What
> 
is the port number and bind-address of your protocol handler?

> Is this command supposed to work in Tomcat 8.5.43? Is there a
> different command. Short of this, the only way to force reload
> without manual intervention seems to be to login to the manager
> from code, and then execute 
> https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.C
SRF_NONCE=
>
> 


The URL you have above (if correct) is using the manager to do the
same thing using the JMX proxy that you are doing with the manager GUI.

> I've seen that I might also write some code that Tomcat itself
> would run periodically to refresh the SSL configuration. Could
> anyone provide any ideas here?

You can do it, but IMO it's better to trigger it externally, assuming
that you are already deploying the manager app and the JMX proxy servlet
.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl09JyoACgkQHPApP6U8
pFi15RAAxWEnktvq6OHH6VHj5zDfmsLXgxZubc0RpbrMmdGF09xbIrdBoqGd1OKI
t20fkIK8dBkz28Vb3MkXDBS9cYT8Z7qkMcf6R6fjsvwNfWw2P2rf+CNdz5kWz5jv
fnglCaGuoJMKTCZkfIrVt7I/1zfvXDrZWxZz109EzVmX4ouzHBby5icof7P7VM7n
8Wr21117VLRFq9CIPKaPNDROOkLX8kLUmpHqsBsK7srF7EJehd7FVlgidIHDxsq/
t5R8tAzCSBWBkOdCa86JcR+2cRxaqUHpEZqWyDEm1LwbJ+fa9AB1maU47bGUfZX5
Xkc1ow9OZ+DMPEj/6zhwOwG6mpMXOTpAm3GHcrH6kbMQLfzjRio/b0f0KxEq/BfB
LsJb8qyhSs16Jf0k9vLgsQBaX2LBZCaGY1ywMXItPTUnpgJ5eN9M8G931TFWPlBU
M5AFlmgOic5qwXijPKNd3T7RWPKIjdn0EzExCOwK4jYkP57vMyPhfFqn+SL+4rku
2frYBKZYbwLHci1dUNzGb0m8JGVaJCg96CSxu6pYc7dzkP2YdxYgQLMw8D/U9j+m
i26wEiedmJvFIsg7wlMoa4VudLqsEDL3HyeisHwTu4mRa7ONjU4XUOIDmNaJFBvG
skQTLqEkfEAL/dMEN8STsXU38r2MWjHnCqllryUokIfPAG40SPA=
=sTqX
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat manager keystore reload

2019-07-25 Thread Joseph Dornisch 
Hello,

I have a CRL configured in my tomcat server configuration. If I update it
and want to have Tomcat refresh it, I can login into
https://127.0.0.1/manager/html and click the "Re-read" button under
"Configuration->Re-read TLS configuration files" and this causes my CRL to
be reread. It works great.

However,I have read here, "
https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt%20Apache%20Tomcat.pdf"
on page 34 you can do basically the same thing with a command something
like:
https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs

When I do this, I get back:

Error - java.lang.NullPointerException
java.lang.NullPointerException
at 
org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JMXProxyServlet.java:264)
at 
org.apache.catalina.manager.JMXProxyServlet.invokeOperation(JMXProxyServlet.java:207)
at 
org.apache.catalina.manager.JMXProxyServlet.doGet(JMXProxyServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at 
com.arl.servlet.core.filters.AbstractRedirectFilter.doFilter(AbstractRedirectFilter.java:250)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at 
com.arl.servlet.core.filters.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:356)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at 
com.arl.servlet.core.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:128)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at 
org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:610)
at 
org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:348)
at 
org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:52)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at 
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at 
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Is this command supposed to work in Tomcat 8.5.43? Is there a different
command. Short of this, the only way to force reload without manual
intervention seems to be to login to the manager from code, and then execute
https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.CSRF_NONCE=

Re: Webapp previously stopped with Tomcat Manager started unexpectedly

2019-07-11 Thread Mark Thomas 
On 11/07/2019 19:30, Kevin Brake wrote:
> Reply to Kevin Brake
> 
> Tomcat 8.5.32JVM 1.8.0_181-b13 Windows Server 2016 amd64
> 
> We had stopped a webapp via Manager in February. Over July 4th the webapp 
> started and ran for several days before it was discovered.
> There was a windows restart at that time in connection with windows updates. 
> Searching the logs also revealed potential CSRF attacks both on other webapps 
> that were supposed to be running as well as the one which restarted. There 
> was no activity for this webapp restart recorded in the manager log.
> 
> I have searched known tomcat issues, general web, internal logs for the web 
> server.
> 
> We are trying to determine how the webapp could have possibly started. Has 
> anyone heard of an issue where a stopped webapp can change state and run 
> because of an operating system restart?

http://tomcat.apache.org/tomcat-9.0-doc/config/host.html

deployOnStartup

> Could a successful CSRF attack set conditions for the webapp to start either 
> by a windows restart or a direct start?

That would depend on the capabilities of the web applications and what
requests were forged.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Webapp previously stopped with Tomcat Manager started unexpectedly

2019-07-11 Thread Kevin Brake 
Reply to Kevin Brake

Tomcat 8.5.32JVM 1.8.0_181-b13 Windows Server 2016 amd64

We had stopped a webapp via Manager in February. Over July 4th the webapp 
started and ran for several days before it was discovered.
There was a windows restart at that time in connection with windows updates. 
Searching the logs also revealed potential CSRF attacks both on other webapps 
that were supposed to be running as well as the one which restarted. There was 
no activity for this webapp restart recorded in the manager log.

I have searched known tomcat issues, general web, internal logs for the web 
server.

We are trying to determine how the webapp could have possibly started. Has 
anyone heard of an issue where a stopped webapp can change state and run 
because of an operating system restart? Could a successful CSRF attack set 
conditions for the webapp to start either by a windows restart or a direct 
start?



Sent from Mail for Windows 10

All messages created in this system belong to the City of Goodyear and should 
be considered a public record subject to disclosure under Arizona Public 
Records Law (A.R.S. 39-121). City employees, City public officials, and those 
who generate E-mail to them, should have no expectation of privacy related to 
the use of this technology. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.

Re: Fw: Re: Tomcat Manager keeps asking for Authentication

2018-12-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Karen,

On 12/23/18 01:04, Karen Goh wrote:
> 
> 
> --- On Sun, 12/23/18, Karen Goh  wrote:
> 
>> From: Karen Goh  Subject: Re: Tomcat
>> Manager keeps asking for Authentication To: "Tomcat Users List"
>>  Date: Sunday, December 23, 2018, 1:40
>> PM
>> 
>>  On Sat, 12/22/18,
>> Mark Thomas  wrote:
>> 
>> Subject: Re: Tomcat Manager keeps asking for Authentication To:
>> users@tomcat.apache.org Date: Saturday, December 22, 2018, 7:56
>> PM
>> 
>> On 22/12/2018 09:12, Karen Goh wrote:
>>> 
>>> I am
>> running Netbean 8.2 and am trying to study a web project from
>> github.
>>> 
>>> It
>> was stated that certain pages are constrained by the Tomcat Role,
>> in order to view the Admin panel.
>>> 
>> 
>>> So, what I did was to alter the
>> Tomcat C:\Program Files\Apache Software Foundation\Apache Tomcat 
>> 8.0.27\conf\tomcat-user.xml
>> 
>> Note: 8.0.x has reached end of life and is no longer supported.
>> 
>>> 
>>> And here's what I added:
>>> 
>>> 
>> 
>>> > rolename="tomcat"/>
>>> 
>> 
>>> > rolename="manager-gui"/>
>>> 
>> > username="tomcat"/>
>>> 
>> 
>>> 
>> 
>>> 
>> > username="me"/>
>>> 
>> 
>> 
>> Are you sure the above is not commented out?
>> 
>> Mark
>> 
>> Hello Mark,
>> 
>> Thanks for your reply and thanks for your last reply about the
>> changing the xml file in which I havn't thank you cos I was
>> grappling with so many things...
>> 
>> I just found out that this guy he is using some kind of 'embedded
>> Tomcat' to do the work I am not very sure though.
>> 
>> And so I was trying to edit an external Tomcat server thus it
>> never works.
>> 
>> I am quite new to the way it was done cos eventually I found it
>> inside apache-tomcat inside the AppData !
>> 
>> C:\Users\xxx\\Roaming\NetBeans\8.2\apache-tomcat-8.0.27.0_base\conf\t
omcat-user.xml
>>
>>
>> 
Can I know what is this method about?
>> 
> In addition, I'd like to know how to clean Tomcat directory in this
> case?
> 
> Cos now after examining the server log, I saw an error : The
> reference to entity "ampUseLegacyDatetimeCode" must end with the
> ';' delimiter.)
> 
> So, I edited the persistence.xml to ;
> 
> jdbc:mysql://localhost:3306/music_store?autoReconnect=true;UseLegacyDa
tetimeCode=false;serverTimezone=UTC;seSSL=False"/>

You
> 
want to use  between the parameters. You removed the & which
are important, but since they are in an XML file, they need to be
converted into 

> But, it still gives me the old error.

At this point, I'm not sure what and how many questions you are
asking. Can you post a new thread with your complete question in it?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwo0v4ACgkQHPApP6U8
pFgs4hAAmj/ubFir9RzQ/WfkncOqCzVrIb7R2YNmtIWIxMH8io30/hSH79qhmdsF
Ei6I21qLJWzdsWVuGCmkL2SqD17B/sZy8qXsLFKDo0CbYscf0IdSVQJMpdaWU6Do
gpYzWjWWedwNQrjNaTTxFRQYmsh4gUQKRl2XSqF4Og48dN7oE1ilCkNexy9UBAc7
APWWbZeqwTFMYClHkQXBTAz5UYzUOYe2HJned004rLDE2LSx/LQv1pDNdagG+27v
1FArLzAXV71ENRTltLHmVkw5+SD7DiO4DoFERsJvCUGUUIsC5stbLFaW+R//FW/F
dLCA0D+fWG9oP6hdJUR+aSPtXHSnh+hOwVbKsSlNPmtN6Gf0ArObnbTN1eCzUPVK
q5xN2P/hITblLwyXJypZn4Qm3a50aOxSYcEsRNxl8sUAkKnvWDUc4HNEijNnSW4v
l5l3ol2vyedUeHBIR3JRnWaIIL9ykQsWS+yHCvJ2pEzQ1Eq/Ofm++TUN2gx97cZe
mzXtnfI6D0OOjCgOSANCZsuy4JjdllBWfbQHYPGCk9Tk6Ttp0jtfLRLVKLgMPGLe
71YXkhHvwKy1VL/Lnd5UiT50fz5OH7E4KfwiBnBZWwbUewCQY+clr//Ke8SWkUBr
e+qb/y0OnNKgn6OzwzNn66tAzDk+utoxUrQcM3g3r99Kpn3sEXY=
=U7hg
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Fw: Re: Tomcat Manager keeps asking for Authentication

2018-12-22 Thread Karen Goh 



--- On Sun, 12/23/18, Karen Goh  wrote:

> From: Karen Goh 
> Subject: Re: Tomcat Manager keeps asking for Authentication
> To: "Tomcat Users List" 
> Date: Sunday, December 23, 2018, 1:40 PM
> 
> 
> On Sat, 12/22/18, Mark Thomas 
> wrote:
> 
>  Subject: Re: Tomcat Manager keeps
> asking for Authentication
>  To: users@tomcat.apache.org
>  Date: Saturday, December 22, 2018,
> 7:56 PM
>  
>  On 22/12/2018 09:12, Karen Goh
>  wrote:
>  > 
>  > I am
>  running Netbean 8.2 and am trying to
> study a web project
>  from github.
>  > 
>  > It
>  was stated that certain pages are
> constrained by the Tomcat
>  Role, in order to view the Admin
> panel.
>  >
>  
>  > So, what I did was to alter the
> Tomcat
>  C:\Program Files\Apache Software
> Foundation\Apache Tomcat
>  8.0.27\conf\tomcat-user.xml
>  
>  Note: 8.0.x has reached end of life
> and is no
>  longer supported.
>  
>  > 
>  > And here's what I added:
>  > 
>  >
>  
>  >        rolename="tomcat"/>
>  >   
>    
>  >        rolename="manager-gui"/>
>  > 
>        roles="tomcat,manager-gui"
>  username="tomcat"/>
>  >   
>      roles="tomcat,role1"
>  username="both"/>
>  >     
>   roles="role1"
>  username="role1"/>
>  >     
>roles="manager-script, administrator"
>  username="me"/>
>  >
>  
>  
>  Are
>  you sure the above is not commented
> out?
>  
>  Mark
> 
> Hello Mark,
> 
> Thanks for your reply and thanks for
> your last reply about the changing the xml file in which I
> havn't thank you cos I was grappling with so many things...
> 
> I just found out that this guy he is
> using some kind of 'embedded Tomcat' to do the work I am not
> very sure though.
> 
> And so I was trying to edit an external
> Tomcat server thus it never works.
> 
> I am quite new to the way it was done
> cos eventually I found it inside apache-tomcat inside the
> AppData !
> 
> C:\Users\xxx\\Roaming\NetBeans\8.2\apache-tomcat-8.0.27.0_base\conf\tomcat-user.xml
> 
> Can I know what is this method about?
> 
In addition, I'd like to know how to clean Tomcat directory in this case?

Cos now after examining the server log, I saw an error :
The reference to entity "ampUseLegacyDatetimeCode" must end with the ';' 
delimiter.)

So, I edited the persistence.xml to ;

jdbc:mysql://localhost:3306/music_store?autoReconnect=true;UseLegacyDatetimeCode=false;serverTimezone=UTC;seSSL=False"/>

But, it still gives me the old error.


> 
>  
> 
> -
>  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>  For additional commands, e-mail: users-h...@tomcat.apache.org
>  
>  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager keeps asking for Authentication

2018-12-22 Thread Karen Goh 



On Sat, 12/22/18, Mark Thomas  wrote:

 Subject: Re: Tomcat Manager keeps asking for Authentication
 To: users@tomcat.apache.org
 Date: Saturday, December 22, 2018, 7:56 PM
 
 On 22/12/2018 09:12, Karen Goh
 wrote:
 > 
 > I am
 running Netbean 8.2 and am trying to study a web project
 from github.
 > 
 > It
 was stated that certain pages are constrained by the Tomcat
 Role, in order to view the Admin panel.
 >
 
 > So, what I did was to alter the Tomcat
 C:\Program Files\Apache Software Foundation\Apache Tomcat
 8.0.27\conf\tomcat-user.xml
 
 Note: 8.0.x has reached end of life and is no
 longer supported.
 
 > 
 > And here's what I added:
 > 
 >
 
 >      
 >   
   
 >      
 > 
     
 >   
   
 >     
 
 >     
 
 >
 
 
 Are
 you sure the above is not commented out?
 
 Mark

Hello Mark,

Thanks for your reply and thanks for your last reply about the changing the xml 
file in which I havn't thank you cos I was grappling with so many things...

I just found out that this guy he is using some kind of 'embedded Tomcat' to do 
the work I am not very sure though.

And so I was trying to edit an external Tomcat server thus it never works.

I am quite new to the way it was done cos eventually I found it inside 
apache-tomcat inside the AppData !

C:\Users\xxx\\Roaming\NetBeans\8.2\apache-tomcat-8.0.27.0_base\conf\tomcat-user.xml

Can I know what is this method about?


 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager keeps asking for Authentication

2018-12-22 Thread Mark Thomas 

On 22/12/2018 09:12, Karen Goh wrote:


I am running Netbean 8.2 and am trying to study a web project from github.

It was stated that certain pages are constrained by the Tomcat Role, in order 
to view the Admin panel.

So, what I did was to alter the Tomcat C:\Program Files\Apache Software 
Foundation\Apache Tomcat 8.0.27\conf\tomcat-user.xml


Note: 8.0.x has reached end of life and is no longer supported.



And here's what I added:


 
 
 
 
 
 
 



Are you sure the above is not commented out?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat Manager keeps asking for Authentication

2018-12-22 Thread Karen Goh 


I am running Netbean 8.2 and am trying to study a web project from github.

It was stated that certain pages are constrained by the Tomcat Role, in order 
to view the Admin panel.

So, what I did was to alter the Tomcat C:\Program Files\Apache Software 
Foundation\Apache Tomcat 8.0.27\conf\tomcat-user.xml

And here's what I added:











Error message :
Deployment error: Access to Tomcat server has not been authorized. Set the 
correct username and password with the "manager-script" role in the Tomcat 
customizer in the Server Manager.
See the server log for details.

I also tried below but it can't work also.











Here's the constraint that is imposed at the web.xml under WEB/INF:

 -- You can restrict access to admin pages by uncommenting the code below-->
   
  administrator of the website
  administrator
   
   
  
 Admin Login
 /admin_panel/*
 /admin/*
  
  
 administrator
  
   
   
   
  BASIC
  Admin Login
-->

Please let me know what I have done wrong.

Tks.

Here's the screenshot of 
https://ibb.co/0V3CCcs

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-05 Thread tomcat 

On 05.12.2018 16:54, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Guido,

On 12/5/18 10:46, Jäkel, Guido wrote:

Does it really ? If some tomcat code is at that time processing
a client POST request, which potentially modifies data on the
server (or a back-end database), is ditto tomcat code "informed"
of the JVM shutdown, and does it have time to interrupt the
processing in some predictable/recoverable way ?


In no other way than a Tomcat worker get informed about a Tomcat
shutdown if you trigger this event e.g. by the shutdown port
mechanism or JXM. OT a feature of Tomcat is that it will first
stop accepting new requests by the connectors and let the servlet
containers stop the applications afterwards. Therefore, a started
request will be finished. And after all request workers are idle,
the worker pool will terminate.

If you send a signal to a process, nothing is "interrupted" but
just a consumer in the process get signaled - that's why it's
called this way. And that's the reason why a process might not stop
if you send a SIGTERM to it. It's just a request to please the
process to terminate by itself. Some signals are handled outside
the process, for simplification let's say by the process scheduler.
If one send a SIGKILL, the scheduler will "hard kill" the process
(and it's threads) at any point of execution path and just recover
the reserved resources.


This is exactly correct.

It's often surprising to people when they find out that a SIGTERM can
initiate a "graceful" shutdown of a running JVM. I think most people
thing that SIGTERM and SIGKILL are roughly the same thing.

It's an instructive thought-experiment to consider that most
*NIX-style init systems send SIGTERM signals to all process as they
are shutting-down the operating system. This doesn't "terminate" the
processes (as the signal name might suggest), but rather "requests
that they self-terminate" where the process gets to decide how to shut
itself down.

It's only SIGKILL (or some of the hardware-generated signals like
SIGBUS) that will simply end a process without any notification or
anything else.

- -chris


Yes to both, but.
I stand contradicted in my doubt that a signal to the JVM would result in a "graceful" 
tomcat shutdown. But that seems to be the case.
But Mark provided the real reason why that is so : tomcat registers a "hook" in the JVM, 
so that it is notified that the JVM is shutting down.  And presumably, the JVM waits for 
tomcat to acknowledge, before really shutting down.
From the point of view of the OS, the only "process" is the JVM. Tomcat is not actually a 
process, it is just a series of Java pre-compiled instructions being run by the JVM.
It was clear to me that the JVM actually gets signalled, and that it will, as a result, 
shut down (= stop running Java code, and exit) (in its own time, unless the signal is KILL).
What was not clear to me is if the JVM in turn "signals" tomcat, or just stops running 
tomcat's code immediately.

Mark clarified that.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-05 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Guido,

On 12/5/18 10:46, Jäkel, Guido wrote:
>> Does it really ? If some tomcat code is at that time processing
>> a client POST request, which potentially modifies data on the
>> server (or a back-end database), is ditto tomcat code "informed"
>> of the JVM shutdown, and does it have time to interrupt the
>> processing in some predictable/recoverable way ?
> 
> In no other way than a Tomcat worker get informed about a Tomcat 
> shutdown if you trigger this event e.g. by the shutdown port 
> mechanism or JXM. OT a feature of Tomcat is that it will first
> stop accepting new requests by the connectors and let the servlet 
> containers stop the applications afterwards. Therefore, a started 
> request will be finished. And after all request workers are idle,
> the worker pool will terminate.
> 
> If you send a signal to a process, nothing is "interrupted" but
> just a consumer in the process get signaled - that's why it's
> called this way. And that's the reason why a process might not stop
> if you send a SIGTERM to it. It's just a request to please the
> process to terminate by itself. Some signals are handled outside
> the process, for simplification let's say by the process scheduler.
> If one send a SIGKILL, the scheduler will "hard kill" the process
> (and it's threads) at any point of execution path and just recover
> the reserved resources.

This is exactly correct.

It's often surprising to people when they find out that a SIGTERM can
initiate a "graceful" shutdown of a running JVM. I think most people
thing that SIGTERM and SIGKILL are roughly the same thing.

It's an instructive thought-experiment to consider that most
*NIX-style init systems send SIGTERM signals to all process as they
are shutting-down the operating system. This doesn't "terminate" the
processes (as the signal name might suggest), but rather "requests
that they self-terminate" where the process gets to decide how to shut
itself down.

It's only SIGKILL (or some of the hardware-generated signals like
SIGBUS) that will simply end a process without any notification or
anything else.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwH9KIACgkQHPApP6U8
pFic6Q/9EYOtfxeUnkLX76joeNYShpdlWhmATzHCHeW/jalATsrtZood0xVLzJze
Aw9yvYx1mdeOeJ0UyD9puv4/cOnI9dEsKgO4FMu3TjO6S9ern3sgK8bgJlVqI1Tf
dI4STGhfRDS0L8E6a6oyWDPpCmRgtLre67KFQFd6aAczSe9YxzSlLEp+eyBv3DXa
RjC/TDDHPi+dnJJKB7geOdZgv/Apso+z1c2CpZKGvud1m93S994NY2hQxuRTEXZ5
q6TWd/XarsuvcEOoU+4Jg6WX0ccqNF3AaTz5N0uAMcI+ZKAsc+6nQH65staOYEn3
9OFmBjNTZxXAD+7iJz2u2sk6REgHyvyhueqwwLDqM+FB4e0eQgLoq6dOhR0GegUD
IHAAgJ7jcpy5wOGZPHFg6DBONg+eiWHaRIrCQZQmS8OcALK5ZsasRHnWit7HdL4k
GJcC1jnXmIiK6ukRCil/GKusYVXvkDAhKkKcJ/Mwq2RqHamM4Gi2zkwKvq8oLnj8
XvW2SStOneVyw2o7e5KxfVOGRw+hmjflKh9XhzN4cmjsFzgK1uCaEU9SidmwC27c
8nXeZVBZYdLWW7Fixcisr5WZWSxYTJYOgQAfV4w4iP+q/kJYlz9af1VOeh584Wrd
PMzldJcFQ9sYAWe5IF8g+uO9rlP31fjY806t6oovjlbq7BRSZxE=
=pzVr
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Using tomcat manager to deploy to several services

2018-12-05 Thread Jäkel , Guido 
>Does it really ? If some tomcat code is at that time processing a client POST 
>request,
>which potentially modifies data on the server (or a back-end database), is 
>ditto tomcat
>code "informed" of the JVM shutdown, and does it have time to interrupt the 
>processing in
>some predictable/recoverable way ?

In no other way than a Tomcat worker get informed about a Tomcat shutdown if 
you trigger this event e.g. by the shutdown port mechanism or JXM. OT a feature 
of Tomcat is that it will first stop accepting new requests by the connectors 
and let the servlet containers stop the applications afterwards. Therefore, a 
started request will be finished. And after all request workers are idle, the 
worker pool will terminate.

If you send a signal to a process, nothing is "interrupted" but just a consumer 
in the process get signaled - that's why it's called this way. And that's the 
reason why a process might not stop if you send a SIGTERM to it. It's just a 
request to please the process to terminate by itself. Some signals are handled 
outside the process, for simplification let's say by the process scheduler. If 
one send a SIGKILL, the scheduler will "hard kill" the process (and it's 
threads) at any point of execution path and just recover the reserved resources.

Re: Using tomcat manager to deploy to several services

2018-12-05 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Frank,

On 12/4/18 11:55, Frank Schullerer wrote:
> After searching the web many many times and reading all this here,
> it seems that there is no real good solution for this.
What exactly is "this"? What problem are you having that needs a
solution, and what is "not good" about the solutions you've been
presented with?

- -chris

> Am Di., 4. Dez. 2018 um 17:45 Uhr schrieb Christopher Schultz < 
> ch...@christopherschultz.net>:
> 
> Frank,
> 
> On 12/4/18 06:09, Frank Schullerer wrote:
>>>> Thanks!
>>>> 
>>>> Ok let me know if I can achive things in a better way. Now I
>>>> have a server.xml like this:
>>>> 
>>>>  >>>  >>> name="Catalina" defaultHost="localhost"> >>> 
>>>> 
>>>> 
>>>> 
>>>>  >>> clientAuth="false" keyAlias=""  /> 
>>>>  
>>>>>>> port="22" clientAuth="true" keyAlias=""  />
>>>>  >>> appBase="services/b" >>>> name="c"> >>> keyAlias="ccc"  />  >>> name="host3" appBase="services/c" >  
>>>> 
>>>> 
>>>> Please note that we need different ports and different 
>>>> configurations (like clientAuth or keyAlias) for the
>>>> applications. If there is a better way and have a tomcat
>>>> manager to deploy all applications, please let me know!
>>>> 
>>>> Thank you in advance!
> 
> As Mark said, you will need to deploy the Tomcat manager 4 times
> for the above configuration.
> 
> -chris
> 
>>>> Am Di., 4. Dez. 2018 um 11:53 Uhr schrieb Mark Thomas 
>>>> :
>>>> 
>>>>> On 04/12/2018 10:19, Frank Schullerer wrote:
>>>>>> Hello,
>>>>>> 
>>>>>> I think this question is independent from the tomcat
>>>>>> version but I tried
>>>>> it
>>>>>> with Tomcat 9.0.13 on Windows. We have several "service"
>>>>>> tags in our server.xml because we have several
>>>>>> applications running in one tomcat with several ports and
>>>>>> different configuration (clientAuth etc). I tried to use
>>>>>> the tomcat manager to deploy to different services but it
>>>>>> failed. It seems that the tomcat manager can only deploy
>>>>>> within the same service because when I deploy the tomcat
>>>>>> manager itself to a different service than it works. I
>>>>>> can deploy to that service.
>>>>>> 
>>>>>> Is this correct or can I configure the tomcat manager to
>>>>>> deploy to other services? I also tried to achive that
>>>>>> with a configuration with "context.xml" but failed.
>>>>>> 
>>>>>> Please help!
>>>>> 
>>>>> TL;DR you can't deploy services that way.
>>>>> 
>>>>> The Tomcat Manager application only works with the Host to
>>>>> which it has been deployed.
>>>>> 
>>>>> In Tomcat: - There is exactly one Server - A Server may
>>>>> contain 0 or more Services - A Service may contain 0 or
>>>>> more Connectors and no more than one Engine - An Engine may
>>>>> contain 0 or more Hosts - A host may contain 0 or more
>>>>> Contexts (Context == web application)
>>>>> 
>>>>> (I left a few things like Valves and Executors out to keep
>>>>> it simple)
>>>>> 
>>>>> 
>>>>> The Tomcat Host Manager application only works with the
>>>>> Engine associated with the Host to which it has been
>>>>> deployed.
>>>>> 
>>>>> Mark
>>>>> 
>>>>> --
- ---
>>>>>
>>>>>
>
>>>>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail:
>>>>> users-h...@tomcat.apache.org
>>>>> 
>>>>> 
>>>> 
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIyBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwH8GMACgkQHPApP6U8
pFhBhg/4kb3VWlmGJ246fSuWMw4Y581heIIzsNzxPcTIppIc586mSItulaunKPEB
VkOqWVHjIotwLlh18wTufd3U4R4MyOn8OK44wAMaSjJPGKwNQgKyD2CwoQ3sdJJJ
SpYlmWOcCoqkVCQ+Di4I7Wa2KuMvp/waccMnMdJ+osJ7RJsflqeho9NkCy8489NB
C7CSHHBvQaiPn2i8iMROKG2u7piY9JqZTK87k6O+cuzZxzQ91en5OhapuCZzUzsx
Thle+aDUhWfaoeyd31UYuRZTUm3/ptFlqrd8Lpr3W2UbR4rKqfQHA7hZD2axD3Kf
qM9N6npkFG1iI+zyMygbWZ2HHIMnSbc3Ij/aU2I2b0sNiE+mZAflX0Lvhi0Ecvlw
YPh4qiKUQik7H1Web5Ruuows9DiI3oxiQhmBso/GEcbyc7vRg/KdQUwnvJ0/s5hT
6V7+5yg8NeAprg3Mf62Cjj/ehXZm9/HSM6FuwJ0YpKxg0hoDyJCYppCVxBq6FZWO
9Sk9qxHXw4vVKLVTigLT4UyJ4aIi+kgxG5nOPIsK0xsGaraPxfC4byQrWdph3zrx
P9n6wfnRdPN76r9fFFGeN/s7nEv5PaHN38P5zbErH7em+YI12hrYd966DW3MMZUT
ALRdXyn9iUf2v6yVG7SpGOFsVTpOGMoffzGgGeVmFMpAxzyAXA==
=K45B
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-05 Thread Mark Thomas 
On 05/12/2018 11:09, André Warnier (tomcat) wrote:
> On 05.12.2018 11:53, Jäkel, Guido wrote:
>> Dear Frank,
>>
>> I don't agree that this is "better". It will trigger the same things
>> in the backend in the end. And obviously don't need the Tomcat
>> Connector to be available.
>>
>> This might be important in situation with some malfunctions caused by
>> near-OOM or out-of-request-workers (caused by long running or blocked
>> requests).
>>
>> In my Tomcat farm control scripts, I also never use the "shutdown
>> port" mechanism to (graceful) stop the Tomcat but send a SIGTERM to
>> the JVM. Again, this will do the same thing
> 
> (just asking)
> Does it really ?

Yes. It triggers a shutdown hook and the end result is exactly the same
as if the shutdown port was used.

> If some tomcat code is at that time processing a client
> POST request, which potentially modifies data on the server (or a
> back-end database), is ditto tomcat code "informed" of the JVM shutdown,
> and does it have time to interrupt the processing in some
> predictable/recoverable way ?

It gets a configurable time to complete before the thread is killed.

ServletContextListeners will be informed of the shutdown. How well they
are able to communicate this to currently executing app threads will
depend on the app design. Pure servlets don't have a mechanism for this.

Mark


> 
>  but need much less to be fuctional. And if a graceful shutdown will
> fail, one even need to SIGKILL the JVM.
> 
> That's another matter I believe. If a nuclear reactor was heading for
> meltdown, one would push the red button, even if someone is just brewing
> a cup of coffee nearby.
> 
>>
>>> -Original Message-----
>>> From: Frank Schullerer [mailto:schulle...@googlemail.com.INVALID]
>>> Sent: Tuesday, December 04, 2018 4:06 PM
>>> To: users@tomcat.apache.org
>>> Subject: Re: Using tomcat manager to deploy to several services
>>>
>>> Hello,
>>>
>>> thanks for the answer. That is exactly the way how we do this today (all
>>> via a shell script and via Jenkins). But I thought the
>>> "official" way to start/stop/deploy/reload applications via   e.g. 
>>> "curl
>>> http://localhost:8080/manager/text/reload?... " is better
>>>
>>> Greetings
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-05 Thread tomcat 

On 05.12.2018 11:53, Jäkel, Guido wrote:

Dear Frank,

I don't agree that this is "better". It will trigger the same things in the 
backend in the end. And obviously don't need the Tomcat Connector to be available.

This might be important in situation with some malfunctions caused by near-OOM 
or out-of-request-workers (caused by long running or blocked requests).

In my Tomcat farm control scripts, I also never use the "shutdown port" 
mechanism to (graceful) stop the Tomcat but send a SIGTERM to the JVM. Again, this will 
do the same thing


(just asking)
Does it really ? If some tomcat code is at that time processing a client POST request, 
which potentially modifies data on the server (or a back-end database), is ditto tomcat 
code "informed" of the JVM shutdown, and does it have time to interrupt the processing in 
some predictable/recoverable way ?


 but need much less to be fuctional. And if a graceful shutdown will fail, one even need 
to SIGKILL the JVM.


That's another matter I believe. If a nuclear reactor was heading for meltdown, one would 
push the red button, even if someone is just brewing a cup of coffee nearby.





-Original Message-
From: Frank Schullerer [mailto:schulle...@googlemail.com.INVALID]
Sent: Tuesday, December 04, 2018 4:06 PM
To: users@tomcat.apache.org
Subject: Re: Using tomcat manager to deploy to several services

Hello,

thanks for the answer. That is exactly the way how we do this today (all
via a shell script and via Jenkins). But I thought the
"official" way to start/stop/deploy/reload applications via   e.g.  "curl
http://localhost:8080/manager/text/reload?... " is better

Greetings


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-05 Thread Frank Schullerer 
Hello @all,

again thanks for all the answers.
I'm thinking if it's better to have a separate Tomcat instance for each
service. At the moment we have many services running in one Tomcat
instance. The problem with restarting the Tomcat can be imagined by
everyone: all services are stopped.

Frank

Am Mi., 5. Dez. 2018 um 11:53 Uhr schrieb Jäkel, Guido :

> Dear Frank,
>
> I don't agree that this is "better". It will trigger the same things in
> the backend in the end. And obviously don't need the Tomcat Connector to be
> available.
>
> This might be important in situation with some malfunctions caused by
> near-OOM or out-of-request-workers (caused by long running or blocked
> requests).
>
> In my Tomcat farm control scripts, I also never use the "shutdown port"
> mechanism to (graceful) stop the Tomcat but send a SIGTERM to the JVM.
> Again, this will do the same thing but need much less to be fuctional. And
> if a graceful shutdown will fail, one even need to SIGKILL the JVM.
>
> >-Original Message-
> >From: Frank Schullerer [mailto:schulle...@googlemail.com.INVALID]
> >Sent: Tuesday, December 04, 2018 4:06 PM
> >To: users@tomcat.apache.org
> >Subject: Re: Using tomcat manager to deploy to several services
> >
> >Hello,
> >
> >thanks for the answer. That is exactly the way how we do this today (all
> >via a shell script and via Jenkins). But I thought the
> >"official" way to start/stop/deploy/reload applications via   e.g.  "curl
> >http://localhost:8080/manager/text/reload?... " is better
> >
> >Greetings
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

RE: Using tomcat manager to deploy to several services

2018-12-05 Thread Jäkel , Guido 
Dear Frank,

I don't agree that this is "better". It will trigger the same things in the 
backend in the end. And obviously don't need the Tomcat Connector to be 
available.

This might be important in situation with some malfunctions caused by near-OOM 
or out-of-request-workers (caused by long running or blocked requests). 

In my Tomcat farm control scripts, I also never use the "shutdown port" 
mechanism to (graceful) stop the Tomcat but send a SIGTERM to the JVM. Again, 
this will do the same thing but need much less to be fuctional. And if a 
graceful shutdown will fail, one even need to SIGKILL the JVM.

>-Original Message-
>From: Frank Schullerer [mailto:schulle...@googlemail.com.INVALID]
>Sent: Tuesday, December 04, 2018 4:06 PM
>To: users@tomcat.apache.org
>Subject: Re: Using tomcat manager to deploy to several services
>
>Hello,
>
>thanks for the answer. That is exactly the way how we do this today (all
>via a shell script and via Jenkins). But I thought the
>"official" way to start/stop/deploy/reload applications via   e.g.  "curl
>http://localhost:8080/manager/text/reload?... " is better
>
>Greetings

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-04 Thread tomcat 

On 04.12.2018 17:55, Frank Schullerer wrote:

Hello @all,

After searching the web many many times and reading all this here, it seems
that there is no real good
solution for this. In my example server.xml are 4 services but we have 25
and more to come. So we need maybe a
management solution like the Tcat server or I don't know . That's a little
frustrating because I thought it'd be easier.

But many thanks for all the answers!!!


You may be interested also in this :
https://stackoverflow.com/questions/45927603/multiple-tomcat-instances-vs-multiple-tomcat-services

There were also several discussions on the same theme in the past on this same list, of 
which searchable archives are available, as per :

http://tomcat.apache.org/lists.html
for example : 
https://markmail.org/search/?q=multiple%20instances%20list%3Aorg.apache.tomcat.user%2F






Am Di., 4. Dez. 2018 um 17:45 Uhr schrieb Christopher Schultz <
ch...@christopherschultz.net>:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Frank,

On 12/4/18 06:09, Frank Schullerer wrote:

Thanks!

Ok let me know if I can achive things in a better way. Now I have
a server.xml like this:



  
  
  

Please note that we need different ports and different
configurations (like clientAuth or keyAlias) for the applications.
If there is a better way and have a tomcat manager to deploy all
applications, please let me know!

Thank you in advance!


As Mark said, you will need to deploy the Tomcat manager 4 times for
the above configuration.

- -chris


Am Di., 4. Dez. 2018 um 11:53 Uhr schrieb Mark Thomas
:


On 04/12/2018 10:19, Frank Schullerer wrote:

Hello,

I think this question is independent from the tomcat version
but I tried

it

with Tomcat 9.0.13 on Windows. We have several "service" tags
in our server.xml because we have several applications running
in one tomcat with several ports and different configuration
(clientAuth etc). I tried to use the tomcat manager to deploy
to different services but it failed. It seems that the tomcat
manager can only deploy within the same service because when I
deploy the tomcat manager itself to a different service than it
works. I can deploy to that service.

Is this correct or can I configure the tomcat manager to deploy
to other services? I also tried to achive that with a
configuration with "context.xml" but failed.

Please help!


TL;DR you can't deploy services that way.

The Tomcat Manager application only works with the Host to which
it has been deployed.

In Tomcat: - There is exactly one Server - A Server may contain 0
or more Services - A Service may contain 0 or more Connectors and
no more than one Engine - An Engine may contain 0 or more Hosts -
A host may contain 0 or more Contexts (Context == web
application)

(I left a few things like Valves and Executors out to keep it
simple)


The Tomcat Host Manager application only works with the Engine
associated with the Host to which it has been deployed.

Mark

-



To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org





-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwGrywACgkQHPApP6U8
pFjwZhAAkXowqbvU3WteyhR+Zv2UkNcYhQ5XQH9Z/0kw0GF53+We2Tb4VH6dtXMK
CF/JEIRRLGaRW60HO2V5vXi3dP57+eZm2gpUIH4bpNfE5w7yCl0CdbSwgSzC5+IR
4++CqvGRSQO1fMzIWQG+aYopvo1UDgfBl8mL5mcBcUrzkL1jeEledWDv63kI6MFQ
3FlXjl6qgF1eV9EYUw2BUtQyRlgWVLmmMu9p/7PY90WupBMzFAIWcxas3YwITGTY
Ul2/ClxdfQdOU179l5YRD2nB5mgZNPZ1kIL6WNy9AJtzq8fHUrdj4CfTC4uy9FqL
BLw66Huj0AADMJn5RBH7WyH+hyVNbf8JSGjLyF6PLYvot6ZR6iRidzftpwT42kya
JZgpALSRBGIKOAPbNWEPRtrgTp5TjX1cMol23v86+jv6DEzLLptv4wa8jJyLbZ4w
UU5NW7RQ/oJoWY3IQ1fdsYmwsqYj08JkzN9ZEEWa0DlA150dJvMxrizSY5C3QGeo
S7WN2mWsbvppZRVg6qAlFlOyFjmJIKWWg4YBp1OybUzgAFb1w8E/xH521T5Zz1Rj
uV0xit65jvYZucSUsA13q/vEGESOc5VIex/rKCaDOJhtiTHLTtGzkbA7kYgJVAJS
NqKpbb7Zr+K7PS4i5pjIlAZjv6oqF40M9xwbTjEi6QyLyxQiYho=
=LeCR
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-04 Thread Frank Schullerer 
Hello @all,

After searching the web many many times and reading all this here, it seems
that there is no real good
solution for this. In my example server.xml are 4 services but we have 25
and more to come. So we need maybe a
management solution like the Tcat server or I don't know . That's a little
frustrating because I thought it'd be easier.

But many thanks for all the answers!!!


Am Di., 4. Dez. 2018 um 17:45 Uhr schrieb Christopher Schultz <
ch...@christopherschultz.net>:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Frank,
>
> On 12/4/18 06:09, Frank Schullerer wrote:
> > Thanks!
> >
> > Ok let me know if I can achive things in a better way. Now I have
> > a server.xml like this:
> >
> >   > name="Catalina">  > defaultHost="localhost">  >
> >  
> >
> >   > keyAlias=""  />   > name="host1" appBase="services/a" >   
> >   > keyAlias=""  />   > name="host2" appBase="services/b" >   
> >   > keyAlias="ccc"  />   > name="host3" appBase="services/c" >   
> >
> > Please note that we need different ports and different
> > configurations (like clientAuth or keyAlias) for the applications.
> > If there is a better way and have a tomcat manager to deploy all
> > applications, please let me know!
> >
> > Thank you in advance!
>
> As Mark said, you will need to deploy the Tomcat manager 4 times for
> the above configuration.
>
> - -chris
>
> > Am Di., 4. Dez. 2018 um 11:53 Uhr schrieb Mark Thomas
> > :
> >
> >> On 04/12/2018 10:19, Frank Schullerer wrote:
> >>> Hello,
> >>>
> >>> I think this question is independent from the tomcat version
> >>> but I tried
> >> it
> >>> with Tomcat 9.0.13 on Windows. We have several "service" tags
> >>> in our server.xml because we have several applications running
> >>> in one tomcat with several ports and different configuration
> >>> (clientAuth etc). I tried to use the tomcat manager to deploy
> >>> to different services but it failed. It seems that the tomcat
> >>> manager can only deploy within the same service because when I
> >>> deploy the tomcat manager itself to a different service than it
> >>> works. I can deploy to that service.
> >>>
> >>> Is this correct or can I configure the tomcat manager to deploy
> >>> to other services? I also tried to achive that with a
> >>> configuration with "context.xml" but failed.
> >>>
> >>> Please help!
> >>
> >> TL;DR you can't deploy services that way.
> >>
> >> The Tomcat Manager application only works with the Host to which
> >> it has been deployed.
> >>
> >> In Tomcat: - There is exactly one Server - A Server may contain 0
> >> or more Services - A Service may contain 0 or more Connectors and
> >> no more than one Engine - An Engine may contain 0 or more Hosts -
> >> A host may contain 0 or more Contexts (Context == web
> >> application)
> >>
> >> (I left a few things like Valves and Executors out to keep it
> >> simple)
> >>
> >>
> >> The Tomcat Host Manager application only works with the Engine
> >> associated with the Host to which it has been deployed.
> >>
> >> Mark
> >>
> >> -
> >>
> >>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwGrywACgkQHPApP6U8
> pFjwZhAAkXowqbvU3WteyhR+Zv2UkNcYhQ5XQH9Z/0kw0GF53+We2Tb4VH6dtXMK
> CF/JEIRRLGaRW60HO2V5vXi3dP57+eZm2gpUIH4bpNfE5w7yCl0CdbSwgSzC5+IR
> 4++CqvGRSQO1fMzIWQG+aYopvo1UDgfBl8mL5mcBcUrzkL1jeEledWDv63kI6MFQ
> 3FlXjl6qgF1eV9EYUw2BUtQyRlgWVLmmMu9p/7PY90WupBMzFAIWcxas3YwITGTY
> Ul2/ClxdfQdOU179l5YRD2nB5mgZNPZ1kIL6WNy9AJtzq8fHUrdj4CfTC4uy9FqL
> BLw66Huj0AADMJn5RBH7WyH+hyVNbf8JSGjLyF6PLYvot6ZR6iRidzftpwT42kya
> JZgpALSRBGIKOAPbNWEPRtrgTp5TjX1cMol23v86+jv6DEzLLptv4wa8jJyLbZ4w
> UU5NW7RQ/oJoWY3IQ1fdsYmwsqYj08JkzN9ZEEWa0DlA150dJvMxrizSY5C3QGeo
> S7WN2mWsbvppZRVg6qAlFlOyFjmJIKWWg4YBp1OybUzgAFb1w8E/xH521T5Zz1Rj
> uV0xit65jvYZucSUsA13q/vEGESOc5VIex/rKCaDOJhtiTHLTtGzkbA7kYgJVAJS
> NqKpbb7Zr+K7PS4i5pjIlAZjv6oqF40M9xwbTjEi6QyLyxQiYho=
> =LeCR
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Using tomcat manager to deploy to several services

2018-12-04 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Frank,

On 12/4/18 06:09, Frank Schullerer wrote:
> Thanks!
> 
> Ok let me know if I can achive things in a better way. Now I have
> a server.xml like this:
> 
>   name="Catalina">  defaultHost="localhost">  
>  
> 
>   keyAlias=""  />   name="host1" appBase="services/a" >
>   keyAlias=""  />   name="host2" appBase="services/b" >
>   keyAlias="ccc"  />   name="host3" appBase="services/c" >   
> 
> Please note that we need different ports and different
> configurations (like clientAuth or keyAlias) for the applications. 
> If there is a better way and have a tomcat manager to deploy all 
> applications, please let me know!
> 
> Thank you in advance!

As Mark said, you will need to deploy the Tomcat manager 4 times for
the above configuration.

- -chris

> Am Di., 4. Dez. 2018 um 11:53 Uhr schrieb Mark Thomas
> :
> 
>> On 04/12/2018 10:19, Frank Schullerer wrote:
>>> Hello,
>>> 
>>> I think this question is independent from the tomcat version
>>> but I tried
>> it
>>> with Tomcat 9.0.13 on Windows. We have several "service" tags
>>> in our server.xml because we have several applications running
>>> in one tomcat with several ports and different configuration 
>>> (clientAuth etc). I tried to use the tomcat manager to deploy
>>> to different services but it failed. It seems that the tomcat
>>> manager can only deploy within the same service because when I
>>> deploy the tomcat manager itself to a different service than it
>>> works. I can deploy to that service.
>>> 
>>> Is this correct or can I configure the tomcat manager to deploy
>>> to other services? I also tried to achive that with a
>>> configuration with "context.xml" but failed.
>>> 
>>> Please help!
>> 
>> TL;DR you can't deploy services that way.
>> 
>> The Tomcat Manager application only works with the Host to which
>> it has been deployed.
>> 
>> In Tomcat: - There is exactly one Server - A Server may contain 0
>> or more Services - A Service may contain 0 or more Connectors and
>> no more than one Engine - An Engine may contain 0 or more Hosts -
>> A host may contain 0 or more Contexts (Context == web
>> application)
>> 
>> (I left a few things like Valves and Executors out to keep it
>> simple)
>> 
>> 
>> The Tomcat Host Manager application only works with the Engine 
>> associated with the Host to which it has been deployed.
>> 
>> Mark
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwGrywACgkQHPApP6U8
pFjwZhAAkXowqbvU3WteyhR+Zv2UkNcYhQ5XQH9Z/0kw0GF53+We2Tb4VH6dtXMK
CF/JEIRRLGaRW60HO2V5vXi3dP57+eZm2gpUIH4bpNfE5w7yCl0CdbSwgSzC5+IR
4++CqvGRSQO1fMzIWQG+aYopvo1UDgfBl8mL5mcBcUrzkL1jeEledWDv63kI6MFQ
3FlXjl6qgF1eV9EYUw2BUtQyRlgWVLmmMu9p/7PY90WupBMzFAIWcxas3YwITGTY
Ul2/ClxdfQdOU179l5YRD2nB5mgZNPZ1kIL6WNy9AJtzq8fHUrdj4CfTC4uy9FqL
BLw66Huj0AADMJn5RBH7WyH+hyVNbf8JSGjLyF6PLYvot6ZR6iRidzftpwT42kya
JZgpALSRBGIKOAPbNWEPRtrgTp5TjX1cMol23v86+jv6DEzLLptv4wa8jJyLbZ4w
UU5NW7RQ/oJoWY3IQ1fdsYmwsqYj08JkzN9ZEEWa0DlA150dJvMxrizSY5C3QGeo
S7WN2mWsbvppZRVg6qAlFlOyFjmJIKWWg4YBp1OybUzgAFb1w8E/xH521T5Zz1Rj
uV0xit65jvYZucSUsA13q/vEGESOc5VIex/rKCaDOJhtiTHLTtGzkbA7kYgJVAJS
NqKpbb7Zr+K7PS4i5pjIlAZjv6oqF40M9xwbTjEi6QyLyxQiYho=
=LeCR
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-04 Thread Frank Schullerer 
Hello,

thanks for the answer. That is exactly the way how we do this today (all
via a shell script and via Jenkins). But I thought the
"official" way to start/stop/deploy/reload applications via   e.g.  "curl
http://localhost:8080/manager/text/reload?... " is better

Greetings


Am Di., 4. Dez. 2018 um 15:40 Uhr schrieb Jäkel, Guido :

> Dear Frank,
>
> I guess you have configured autodeployment of the WARs. And it seems to me
> that you want to use a tree in a filesystem to place your deployments.
> Given that, you may use an arbitrary way to place the WARs to that
> location, because it's not the Tomcat Manager application that actually
> perform the deployment.
>
> You may trigger a restart of the application container by touching the WAR
> or (in case of an expanded deployment) touching a watched file (common
> WEB-INF/web.xml) and trigger undeploy by removing (or hiding by rename the
> extention) the WAR.
>
> >If there is a better way and have a tomcat manager to deploy all
> applications, please let me know!
>
>
> with greetings
>
> Guido
>

RE: Using tomcat manager to deploy to several services

2018-12-04 Thread Jäkel , Guido 
Dear Frank,

I guess you have configured autodeployment of the WARs. And it seems to me that 
you want to use a tree in a filesystem to place your deployments. Given that, 
you may use an arbitrary way to place the WARs to that location, because it's 
not the Tomcat Manager application that actually perform the deployment.

You may trigger a restart of the application container by touching the WAR or 
(in case of an expanded deployment) touching a watched file (common 
WEB-INF/web.xml) and trigger undeploy by removing (or hiding by rename the 
extention) the WAR.

>If there is a better way and have a tomcat manager to deploy all applications, 
>please let me know!


with greetings

Guido

Re: Using tomcat manager to deploy to several services

2018-12-04 Thread Frank Schullerer 
Thanks!

Ok let me know if I can achive things in a better way. Now I have a
server.xml like this:


  

  
  

  





















Please note that we need different ports and different configurations (like
clientAuth or keyAlias) for the applications.
If there is a better way and have a tomcat manager to deploy all
applications, please let me know!

Thank you in advance!



Am Di., 4. Dez. 2018 um 11:53 Uhr schrieb Mark Thomas :

> On 04/12/2018 10:19, Frank Schullerer wrote:
> > Hello,
> >
> > I think this question is independent from the tomcat version but I tried
> it
> > with Tomcat 9.0.13 on Windows.
> > We have several "service" tags in our server.xml because we have several
> > applications
> > running in one tomcat with several ports and different configuration
> > (clientAuth etc).
> > I tried to use the tomcat manager to deploy to different services but it
> > failed. It seems that the tomcat manager can only deploy within the same
> > service because when I deploy the tomcat manager itself to a different
> > service than it works. I can deploy to that service.
> >
> > Is this correct or can I configure the tomcat manager to deploy to other
> > services? I also tried to achive that with a configuration with
> > "context.xml" but failed.
> >
> > Please help!
>
> TL;DR you can't deploy services that way.
>
> The Tomcat Manager application only works with the Host to which it has
> been deployed.
>
> In Tomcat:
> - There is exactly one Server
> - A Server may contain 0 or more Services
> - A Service may contain 0 or more Connectors and no more than one Engine
> - An Engine may contain 0 or more Hosts
> - A host may contain 0 or more Contexts (Context == web application)
>
> (I left a few things like Valves and Executors out to keep it simple)
>
>
> The Tomcat Host Manager application only works with the Engine
> associated with the Host to which it has been deployed.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Using tomcat manager to deploy to several services

2018-12-04 Thread Mark Thomas 
On 04/12/2018 10:19, Frank Schullerer wrote:
> Hello,
> 
> I think this question is independent from the tomcat version but I tried it
> with Tomcat 9.0.13 on Windows.
> We have several "service" tags in our server.xml because we have several
> applications
> running in one tomcat with several ports and different configuration
> (clientAuth etc).
> I tried to use the tomcat manager to deploy to different services but it
> failed. It seems that the tomcat manager can only deploy within the same
> service because when I deploy the tomcat manager itself to a different
> service than it works. I can deploy to that service.
> 
> Is this correct or can I configure the tomcat manager to deploy to other
> services? I also tried to achive that with a configuration with
> "context.xml" but failed.
> 
> Please help!

TL;DR you can't deploy services that way.

The Tomcat Manager application only works with the Host to which it has
been deployed.

In Tomcat:
- There is exactly one Server
- A Server may contain 0 or more Services
- A Service may contain 0 or more Connectors and no more than one Engine
- An Engine may contain 0 or more Hosts
- A host may contain 0 or more Contexts (Context == web application)

(I left a few things like Valves and Executors out to keep it simple)


The Tomcat Host Manager application only works with the Engine
associated with the Host to which it has been deployed.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using tomcat manager to deploy to several services

2018-12-04 Thread tomcat 

On 04.12.2018 11:19, Frank Schullerer wrote:

Hello,

I think this question is independent from the tomcat version but I tried it
with Tomcat 9.0.13 on Windows.
We have several "service" tags in our server.xml because we have several
applications
running in one tomcat with several ports and different configuration
(clientAuth etc).


I think that an important piece of information here, to allow someone to really recommend 
something, would be to give some details as to why you are using such a configuration, for 
example instead of several separate tomcat instances, or several separate VirtualHosts.
If you have different ports and/or authentication methods, does your configuration as a 
single instance bring any specific benefits in your case ?



I tried to use the tomcat manager to deploy to different services but it
failed. It seems that the tomcat manager can only deploy within the same
service because when I deploy the tomcat manager itself to a different
service than it works. I can deploy to that service.

Is this correct or can I configure the tomcat manager to deploy to other
services? I also tried to achive that with a configuration with
"context.xml" but failed.

Please help!




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Using tomcat manager to deploy to several services

2018-12-04 Thread Frank Schullerer 
Hello,

I think this question is independent from the tomcat version but I tried it
with Tomcat 9.0.13 on Windows.
We have several "service" tags in our server.xml because we have several
applications
running in one tomcat with several ports and different configuration
(clientAuth etc).
I tried to use the tomcat manager to deploy to different services but it
failed. It seems that the tomcat manager can only deploy within the same
service because when I deploy the tomcat manager itself to a different
service than it works. I can deploy to that service.

Is this correct or can I configure the tomcat manager to deploy to other
services? I also tried to achive that with a configuration with
"context.xml" but failed.

Please help!

Re: Tomcat Manager Server Status Errors After 8.5.35

2018-11-16 Thread Mark Thomas 
On 14/11/2018 17:20, Habib Zurrububabel wrote:
> Tomcat Manager Server Status Errors After updating from 8.5.34 to 8.5.35.
> OS is Red Hat Enterprise Linux Server release 6.8 (Santiago).  Manager log
> shows: javax.management.AttributeNotFoundException:  Cannot find attribute
> maxThreads for org.apache.tomcat.util.net.SocketProperties@207af361
> 

Not sure why this isn't working but it sounds like a bug and I see that
you have opened one. Thanks. This should get addressed for the next
round of releases.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat Manager Server Status Errors After 8.5.35

2018-11-14 Thread Habib Zurrububabel 
Tomcat Manager Server Status Errors After updating from 8.5.34 to 8.5.35.
OS is Red Hat Enterprise Linux Server release 6.8 (Santiago).  Manager log
shows: javax.management.AttributeNotFoundException:  Cannot find attribute
maxThreads for org.apache.tomcat.util.net.SocketProperties@207af361

Re: Tomcat/manager/ disable redirect from HTTPS to HTTP

2018-10-18 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hans,

On 10/15/18 03:17, Hans Schou wrote:
> On Fri, 12 Oct 2018 at 14:12, Mark Thomas 
> wrote:
> 
>> 
>> For the HTTP connector processing proxied traffic originally
>> received over HTTPS you want: SSLEnabled="false" scheme="https" 
>> secure="true"
>> 
> 
> Thanks, this one is working exactly as expected:
> 
>  connectionTimeout="2" SSLEnabled="false" scheme="https" 
> secure="true" />
> 
> A bonus is that I now got forced use of SSL.

Note that port 8080 being TLS might be "surprising" to some clients.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvInk4ACgkQHPApP6U8
pFjJhQ/9Em7SIjQY1EYUHdQQJHJlDKpF6leMw9eRgTZBsQm6KpjN7mHPxWSjnM6/
mlagtyAkKbC43k+a5oqn/NIPsCSGoLCT3aHR/ZkAktxc8D4Fckl9nzBvjAyKq3+E
w2bfE6DrNeLefRNEyAYLoEXq4A/GlAP9MudZELtW9M+U1dzN9BdKfMVmE7qznESG
kxg3cvoMb/cmn4jRjHvPfd9wN6bDT02JUOrQzxqMyqQXvdDbrn7iWVYE9R5Q6Tc4
21ZtqIglwO8p1GUll2hz1amnMLSl1nWdwQ0Li1Iy5q3nSZ4at+Q5EYHlSagAtd0h
Vj4dAIDZZeONrHi3368cI2BFYtlo4SReczpAtubZ1CJaucHQ/evJ5AT1XPvXymav
KaoFSzl8k5a8b+rYjRC0YOgcZRWCm89aqPGeps6fABHfe+86CNGIXH4l4whSyOJm
+ObdbSiYDKmGeokuJYnh4RRrThZf7EbQTJya6dJE7za4JRZ6Qh7Ayah7X1MZzcZC
x/wxKkORjhBYxIJUIjX0DBv/MsSzzkS1OH76mZXSu91hVKnpr5QDBxMvEFuJ7Tv5
oJGk/Y1JWsLaQTQN9Jj6alQTTqxnusHoguVMcm1NqAwC3D+bO1XXBq+CURcbKx6x
Sfu/KOzHMedQiZOVBSDVNF1k0k5UsyVfM5+T9rZCR0lsHcRqCz4=
=8bbY
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat/manager/ disable redirect from HTTPS to HTTP

2018-10-15 Thread Hans Schou 
On Fri, 12 Oct 2018 at 14:12, Mark Thomas  wrote:

>
> For the HTTP connector processing proxied traffic originally received
> over HTTPS you want:
> SSLEnabled="false"
> scheme="https"
> secure="true"
>

Thanks, this one is working exactly as expected:

   

A bonus is that I now got forced use of SSL.

-- 
Venlig hilsen - best regards

Hans Schou

Re: Tomcat/manager/ disable redirect from HTTPS to HTTP

2018-10-12 Thread Mark Thomas 
On 12/10/18 12:18, Hans Schou wrote:
> Hi
> 
> I have a Tomcat 8.5 with Java 1.8 on Windows with Nginx reverse proxy.
> 
> When I access https://joe:p4zzw...@example.org/manager/ the request goes to
> Nginx, which proxy_pass it to http://srv321.local:8080/
> 
> Authentication appears right away but the first response from Tomcat is
>   Location: http://example.org/manager/html?NONCE...
> note the SSL has been cut off.

Since Nginx is switching from HTTPS->HTTP on the way in, my initial
expectation would be that Nginx should switch from HTTP->HTTPS on the
way back out.

Note that it isn't quite as simple as 'just' switching the protocol.
Nginx also needs to take account of things like setting the secure
attribute on any cookies.

You can configure your way around this on Tomcat. To ensure a secure
configuration, you need to ensure that any traffic proxied via Nginx
received over HTTPS and any traffic proxied via Nginx received over HTTP
(if any) go to separate HTTP connectors on Tomcat.

For the HTTP connector processing proxied traffic originally received
over HTTPS you want:
SSLEnabled="false"
scheme="https"
secure="true"

For the HTTP connector processing proxied traffic originally received
over HTTP you want:
SSLEnabled="false"
scheme="http"
secure="false"

Mark

> 
> I can then manually go to the URL and change 'http' to 'https' and then it
> works fine with SSL all the way around.
> 
> The location redirect has been seen on the network with "tcpdump -X", to
> make sure it was not Nginx which was redirecting something.
> 
> In webapps/WEB-INF/web.xml I have tried add:
> 
> 
> HTTPSOnly
> /*
> 
> 
> CONFIDENTIAL
> 
> 
> but that did not work either.
> 
> Is there a way to avoid being redirected from HTTPS to HTTP?
> 
> Thanks.
> 
> --
> 
> Venlig hilsen - best regards
> 
> Hans Schou
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat/manager/ disable redirect from HTTPS to HTTP

2018-10-12 Thread Hans Schou 
Hi

I have a Tomcat 8.5 with Java 1.8 on Windows with Nginx reverse proxy.

When I access https://joe:p4zzw...@example.org/manager/ the request goes to
Nginx, which proxy_pass it to http://srv321.local:8080/

Authentication appears right away but the first response from Tomcat is
  Location: http://example.org/manager/html?NONCE...
note the SSL has been cut off.

I can then manually go to the URL and change 'http' to 'https' and then it
works fine with SSL all the way around.

The location redirect has been seen on the network with "tcpdump -X", to
make sure it was not Nginx which was redirecting something.

In webapps/WEB-INF/web.xml I have tried add:


HTTPSOnly
/*


CONFIDENTIAL


but that did not work either.

Is there a way to avoid being redirected from HTTPS to HTTP?

Thanks.

--

Venlig hilsen - best regards

Hans Schou

Re: tomcat manager gui hangs on web-app reload for one web-app not others

2018-09-21 Thread Mitch Claborn 

PS - my Thunderbird has a "Reply List" button for this mailing list.


Mitch

On 09/20/2018 09:41 AM, Shawn Heisey wrote:

On 9/20/2018 8:30 AM, Bill Harrelson wrote:
Looking back through my sent folder I realize that I have been 
replying directly to people that posted directly to me instead of the 
list.


I see from message headers that you're using Thunderbird.

In Options/Advanced, open the config editor and change the setting for 
"mail.override_list_reply_to" to false.  You can do this by 
double-clicking on the setting.  That will fix this so that when you 
reply to an Apache mailing list, your reply will go to the list.  Apache 
lists use the Reply-To header to indicate where replies should go.


See this bug for a heated discussion about the problem:

https://bugzilla.mozilla.org/show_bug.cgi?id=1392371

Thanks,
Shawn


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager gui hangs on web-app reload for one web-app not others

2018-09-20 Thread Shawn Heisey 

On 9/20/2018 8:30 AM, Bill Harrelson wrote:
Looking back through my sent folder I realize that I have been 
replying directly to people that posted directly to me instead of the 
list.


I see from message headers that you're using Thunderbird.

In Options/Advanced, open the config editor and change the setting for 
"mail.override_list_reply_to" to false.  You can do this by 
double-clicking on the setting.  That will fix this so that when you 
reply to an Apache mailing list, your reply will go to the list.  Apache 
lists use the Reply-To header to indicate where replies should go.


See this bug for a heated discussion about the problem:

https://bugzilla.mozilla.org/show_bug.cgi?id=1392371

Thanks,
Shawn


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager gui hangs on web-app reload for one web-app not others

2018-09-20 Thread Bill Harrelson 
Looking back through my sent folder I realize that I have been replying 
directly to people that posted directly to me instead of the list.


Update:  after trying several suggestions sent to me, which did not 
work, for some reason I decided to switch browsers.
Normally I run the manager-gui in Internet Explorer (it's pretty much 
the only thing I use Explorer for).  But I decided to try Chrome, and, 
lo and behold, it worked!


Now I'll run some other tests to see if I can figure out why Explorer 
isn't working.


Thanks,

Bill


On 9/13/2018 4:14 PM, Bill Harrelson wrote:
Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and 
searched the archives and can't figure this out. We've been running 
tomcat, various versions for about 15 years, always using the 
manager-gui to control hosts. We have one tomcat instance running 8 
hosts, where the manager-gui works fine for all but one of them. I've 
compared /conf/Catalina/WEBAPPname/manager.xml with others that are 
working and they are identical. I've compared the directory name with 
the name in server.xml and it's identical. Behavior - when I start the 
manager-gui for that web-app, it logs in and starts fine. I can see 
sessions, I can see Server Status, etc.  all seems to work, except: - 
if I click on Reload or Stop, it just sits and spins and eventually 
times out. Every other host manager gui gets an immediate tab name 
update, then completes, changing the url. This one web-app does none 
of that. When this happens there are no entries in the catalina log, 
the tomcat stderror log, or the web-app access log I can't figure out 
where to look next. Any help would be appreciated. Thanks. It's a test 
server and having to restart all of tomcat to change the test 
configuration is slowing work way down. Bill

RE: tomcat manager gui hangs on web-app reload for one web-app not others

2018-09-14 Thread Jäkel , Guido 
Dear Bill,

usually the Tomcat is configured in such a way that it watches the file  
.../WEB-INF/web.xml  of your application an reload the application then. If you 
use autodeploy of a WAR, it's the same with the archive file.

Said that, may you please try to reload your application by just touching a 
watched file? If you use this second way to command a reload, the issue should 
be narrowed in that way that the Tomcat itself works well and enter the 
shutdown lifecycle of the servlet container. And then it's caused by the 
application don't to react on this.

Guido

>-Original Message-
>From: Bill Harrelson [mailto:bill.harrel...@accordare.com]
>Sent: Thursday, September 13, 2018 10:14 PM
>To: users@tomcat.apache.org
>Subject: tomcat manager gui hangs on web-app reload for one web-app not others
>
>Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and
>searched the archives and can't figure this out. We've been running
>tomcat, various versions for about 15 years, always using the
>manager-gui to control hosts. We have one tomcat instance running 8
>hosts, where the manager-gui works fine for all but one of them. I've
>compared /conf/Catalina/WEBAPPname/manager.xml with others that are
>working and they are identical. I've compared the directory name with
>the name in server.xml and it's identical. Behavior - when I start the
>manager-gui for that web-app, it logs in and starts fine. I can see
>sessions, I can see Server Status, etc.  all seems to work, except: -
>if I click on Reload or Stop, it just sits and spins and eventually
>times out. Every other host manager gui gets an immediate tab name
>update, then completes, changing the url. This one web-app does none of
>that. When this happens there are no entries in the catalina log, the
>tomcat stderror log, or the web-app access log I can't figure out where
>to look next. Any help would be appreciated. Thanks. It's a test server
>and having to restart all of tomcat to change the test configuration is
>slowing work way down. Bill

Re: tomcat manager gui hangs on web-app reload for one web-app not others

2018-09-13 Thread Louis Zipes 
Also any Microsoft patch differences between the working and non working 
environments and beware of the issue with a patch that was released recently 
and how it affects ports.

> On Sep 13, 2018, at 6:36 PM, Mark Thomas  wrote:
>
> - - - external message, proceed with caution - - -
>
>
>> On 13/09/18 21:14, Bill Harrelson wrote:
>> Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and
>> searched the archives and can't figure this out. We've been running
>> tomcat, various versions for about 15 years, always using the
>> manager-gui to control hosts. We have one tomcat instance running 8
>> hosts, where the manager-gui works fine for all but one of them. I've
>> compared /conf/Catalina/WEBAPPname/manager.xml with others that are
>> working and they are identical. I've compared the directory name with
>> the name in server.xml and it's identical. Behavior - when I start the
>> manager-gui for that web-app, it logs in and starts fine. I can see
>> sessions, I can see Server Status, etc.  all seems to work, except: -
>> if I click on Reload or Stop, it just sits and spins and eventually
>> times out. Every other host manager gui gets an immediate tab name
>> update, then completes, changing the url. This one web-app does none of
>> that. When this happens there are no entries in the catalina log, the
>> tomcat stderror log, or the web-app access log I can't figure out where
>> to look next. Any help would be appreciated. Thanks. It's a test server
>> and having to restart all of tomcat to change the test configuration is
>> slowing work way down. Bill
>
> Take 3 thread dumps ~5 seconds apart. Take a look for threads that pass
> through org.apache.catalina.manager.*
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---
CONFIDENTIALITY NOTICE: This message is for intended addressee(s) only and may 
contain information that is confidential, proprietary or exempt from 
disclosure. If you are not the intended recipient, please contact the sender 
immediately. Unauthorized use or distribution is prohibited and may be unlawful.

Re: tomcat manager gui hangs on web-app reload for one web-app not others

2018-09-13 Thread Mark Thomas 
On 13/09/18 21:14, Bill Harrelson wrote:
> Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and
> searched the archives and can't figure this out. We've been running
> tomcat, various versions for about 15 years, always using the
> manager-gui to control hosts. We have one tomcat instance running 8
> hosts, where the manager-gui works fine for all but one of them. I've
> compared /conf/Catalina/WEBAPPname/manager.xml with others that are
> working and they are identical. I've compared the directory name with
> the name in server.xml and it's identical. Behavior - when I start the
> manager-gui for that web-app, it logs in and starts fine. I can see
> sessions, I can see Server Status, etc.  all seems to work, except: -
> if I click on Reload or Stop, it just sits and spins and eventually
> times out. Every other host manager gui gets an immediate tab name
> update, then completes, changing the url. This one web-app does none of
> that. When this happens there are no entries in the catalina log, the
> tomcat stderror log, or the web-app access log I can't figure out where
> to look next. Any help would be appreciated. Thanks. It's a test server
> and having to restart all of tomcat to change the test configuration is
> slowing work way down. Bill

Take 3 thread dumps ~5 seconds apart. Take a look for threads that pass
through org.apache.catalina.manager.*

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat manager gui hangs on web-app reload for one web-app not others

2018-09-13 Thread Louis Zipes 
What Operating System is Tomcat running on?

-Original Message-
From: Bill Harrelson [mailto:bill.harrel...@accordare.com]
Sent: Thursday, September 13, 2018 4:14 PM
To: users@tomcat.apache.org
Subject: tomcat manager gui hangs on web-app reload for one web-app not others

- - - external message, proceed with caution - - -


Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and
searched the archives and can't figure this out. We've been running
tomcat, various versions for about 15 years, always using the
manager-gui to control hosts. We have one tomcat instance running 8
hosts, where the manager-gui works fine for all but one of them. I've
compared /conf/Catalina/WEBAPPname/manager.xml with others that are
working and they are identical. I've compared the directory name with
the name in server.xml and it's identical. Behavior - when I start the
manager-gui for that web-app, it logs in and starts fine. I can see
sessions, I can see Server Status, etc.  all seems to work, except: -
if I click on Reload or Stop, it just sits and spins and eventually
times out. Every other host manager gui gets an immediate tab name
update, then completes, changing the url. This one web-app does none of
that. When this happens there are no entries in the catalina log, the
tomcat stderror log, or the web-app access log I can't figure out where
to look next. Any help would be appreciated. Thanks. It's a test server
and having to restart all of tomcat to change the test configuration is
slowing work way down. Bill

---
CONFIDENTIALITY NOTICE: This message is for intended addressee(s) only and may 
contain information that is confidential, proprietary or exempt from 
disclosure. If you are not the intended recipient, please contact the sender 
immediately. Unauthorized use or distribution is prohibited and may be unlawful.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat manager gui hangs on web-app reload for one web-app not others

2018-09-13 Thread Bill Harrelson 
Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and 
searched the archives and can't figure this out. We've been running 
tomcat, various versions for about 15 years, always using the 
manager-gui to control hosts. We have one tomcat instance running 8 
hosts, where the manager-gui works fine for all but one of them. I've 
compared /conf/Catalina/WEBAPPname/manager.xml with others that are 
working and they are identical. I've compared the directory name with 
the name in server.xml and it's identical. Behavior - when I start the 
manager-gui for that web-app, it logs in and starts fine. I can see 
sessions, I can see Server Status, etc.  all seems to work, except: - 
if I click on Reload or Stop, it just sits and spins and eventually 
times out. Every other host manager gui gets an immediate tab name 
update, then completes, changing the url. This one web-app does none of 
that. When this happens there are no entries in the catalina log, the 
tomcat stderror log, or the web-app access log I can't figure out where 
to look next. Any help would be appreciated. Thanks. It's a test server 
and having to restart all of tomcat to change the test configuration is 
slowing work way down. Bill

Re: Tomcat Manager weirdness on a Google Compute instance

2018-09-06 Thread James H. H. Lampert 

I discovered that somehow, the "max-file-size" and
"max-request-size" in manager/WEB-INF/web.xml had reverted from
our standard setting of 500M, to the factory setting of 50M.


On 9/6/18, 10:42 AM, Louis Zipes wrote:

Does the file show a modified date/time that could point to at least
a timing for the action?


When I got the question, I'd already changed two of the prototype 
instances, but there was one left.


That was the newest of the prototype instances, created August 16th. And 
the date stamp on the manager/WEB-INF/web.xml is August 24th.


Which is odd, given that this prototype instance was created by cloning 
another prototype instance, and loading it with different webapp contexts.


--
JHHL


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat Manager weirdness on a Google Compute instance

2018-09-06 Thread Louis Zipes 
I discovered that somehow, the "max-file-size" and
> "max-request-size" in manager/WEB-INF/web.xml had reverted from our
> standard setting of 500M, to the factory setting of 50M.

Does the file show a modified date/time that could point to at least a timing 
for the action?

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Thursday, September 06, 2018 1:41 PM
To: Tomcat Users List
Subject: Re: Tomcat Manager weirdness on a Google Compute instance

- - - external message, proceed with caution - - -


On 06/09/18 18:32, James H. H. Lampert wrote:
> (cross-posted to the gce-discussion Google group)
>
> Ladies and Gentlemen:
>
> I just experienced something very odd.
>
> It seems that this morning, when I tried to upload a WAR file to the
> prototype instance for one of my instance groups, I kept repeatedly
> hitting a brick wall: as soon as the upload passed the 2% mark, it would
> abort, and I'd get a "Connection reset" error page.
>
> After some troubleshooting, following the Sherlock Holmes axiom (once
> you eliminate the impossible, whatever remains, however unlikely, must
> be true), I discovered that somehow, the "max-file-size" and
> "max-request-size" in manager/WEB-INF/web.xml had reverted from our
> standard setting of 500M, to the factory setting of 50M.
>
> And I found that the same had happened with the prototype instance for
> another instance group.
>
> Can anybody shed any light on this? Some sort of automatic update?

Definitely not from any sort of automatic update on the Tomcat side.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

---
CONFIDENTIALITY NOTICE: This message is for intended addressee(s) only and may 
contain information that is confidential, proprietary or exempt from 
disclosure. If you are not the intended recipient, please contact the sender 
immediately. Unauthorized use or distribution is prohibited and may be unlawful.

Re: Tomcat Manager weirdness on a Google Compute instance

2018-09-06 Thread Mark Thomas 
On 06/09/18 18:32, James H. H. Lampert wrote:
> (cross-posted to the gce-discussion Google group)
> 
> Ladies and Gentlemen:
> 
> I just experienced something very odd.
> 
> It seems that this morning, when I tried to upload a WAR file to the
> prototype instance for one of my instance groups, I kept repeatedly
> hitting a brick wall: as soon as the upload passed the 2% mark, it would
> abort, and I'd get a "Connection reset" error page.
> 
> After some troubleshooting, following the Sherlock Holmes axiom (once
> you eliminate the impossible, whatever remains, however unlikely, must
> be true), I discovered that somehow, the "max-file-size" and
> "max-request-size" in manager/WEB-INF/web.xml had reverted from our
> standard setting of 500M, to the factory setting of 50M.
> 
> And I found that the same had happened with the prototype instance for
> another instance group.
> 
> Can anybody shed any light on this? Some sort of automatic update?

Definitely not from any sort of automatic update on the Tomcat side.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat Manager weirdness on a Google Compute instance

2018-09-06 Thread James H. H. Lampert 

(cross-posted to the gce-discussion Google group)

Ladies and Gentlemen:

I just experienced something very odd.

It seems that this morning, when I tried to upload a WAR file to the 
prototype instance for one of my instance groups, I kept repeatedly 
hitting a brick wall: as soon as the upload passed the 2% mark, it would 
abort, and I'd get a "Connection reset" error page.


After some troubleshooting, following the Sherlock Holmes axiom (once 
you eliminate the impossible, whatever remains, however unlikely, must 
be true), I discovered that somehow, the "max-file-size" and 
"max-request-size" in manager/WEB-INF/web.xml had reverted from our 
standard setting of 500M, to the factory setting of 50M.


And I found that the same had happened with the prototype instance for 
another instance group.


Can anybody shed any light on this? Some sort of automatic update?

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: worker0 tomcat ,manager is not wotking

2018-03-20 Thread Coty Sutherland 
On Tue, Mar 20, 2018 at 6:40 AM, Loai Abdallatif
 wrote:
> Thanks Schultz
>
> the error is described in the url link below, The issue has been fixed
> using following these steps:
>
>- Go to Tomcat installation and then /opt/worker0/webapps/manager/
>META-INF
>- Open context.xml and comment Valve section as below, and it now works
>fine, but why is that happened?

You commented out the RemoteAddrValve
(https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve)
so you were trying to access the manager application on an IP that
wasn't allowed (wasn't 127.0.0.1).

>
>**   sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
>
>
> source : https://geekflare.com/tomcat-login-problem/
>
> On Tue, Mar 20, 2018 at 12:32 AM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Loai,
>>
>> On 3/19/18 4:43 PM, Loai Abdallatif wrote:
>> > I have running three tomcat instances worker0,worker1 and worker2
>> >
>> > the http connector to workero is listening on port 8080 but the
>> > manager is not opening as below and the tomcat-users.xml is
>> > configured as this:
>> >
>> > root@appserver01:/opt/worker0/conf# cat tomcat-users.xml > > version="1.0" encoding="utf-8"?>  > > rolename="manager-gui"/> > > password="password" roles="manager-gui"/> 
>> >
>> > unfortunatly still not working and keep sending forbidden as below
>>
>> Your image was stripped from the mailing list. Can you find a way to
>> show the problem using text only?
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqwOogdHGNocmlzQGNo
>> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjP7w/6Ah5ZC6Y+jZz1R0VT
>> CxqPg1HpD5eRZLrxvBXodo1CqkHHZsJhdI82HrtnSOpBvqr4o9+Bp9M6X/3lubvn
>> A5e+zrNSslVCpALd3r8qUJxwdcK/EcHKVruUHAee7U61Y0wz1JXLhjtX+etARA4w
>> 1AioSXc5o2R3JC5ssKAoFT6fg8vzh9JRXkSF8HM4g6RpU3ynR2Zh2Ixoa6Fl8Mf5
>> j+4UPuvBJnn/pX76RWn2cfEPGwK6sjn7rgNBMz/qEZhXC8otLfPGYOc4Tn/otImO
>> yDeuqetssNd99iw7LAaHB5gm3biqfr5TN3pqBvVojpqqmlDL+XJIYAn2Rik/w9rC
>> jzzcuU9eox/iCONPVheywjjafH89onYlkW4Dy/xMF/G7+bAMyzHxSFWzhst7PSZJ
>> 7aG2FKVo1m10OThEPtFZkembz6tYxpzSx2V+nxvD5P6BqxCQwW8I8BAHIyemStK5
>> LRBRBKtz4yS7fBJdz+YEjJU49XAtwDR+aF41pv3gv5rrbkroysPoCPgOQI+Xo/wR
>> bLsAkYp5y8XPoMWVqCT1KOCE2zkVA3kt1vWpEP6kzsElQUQUpG2E5PU93WZ2q5j/
>> svGGJlSffcsXhUrxSYc1kj8N7EUZasKl1yEWVBHsjGR4TjYkbu5JQIqtVKcjIdAv
>> fmRGxlQqqQuj+5q9m9UKb+tIA1M=
>> =QBdh
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: worker0 tomcat ,manager is not wotking

2018-03-20 Thread Loai Abdallatif 
Thanks Schultz

the error is described in the url link below, The issue has been fixed
using following these steps:

   - Go to Tomcat installation and then /opt/worker0/webapps/manager/
   META-INF
   - Open context.xml and comment Valve section as below, and it now works
   fine, but why is that happened?

   **  


source : https://geekflare.com/tomcat-login-problem/

On Tue, Mar 20, 2018 at 12:32 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Loai,
>
> On 3/19/18 4:43 PM, Loai Abdallatif wrote:
> > I have running three tomcat instances worker0,worker1 and worker2
> >
> > the http connector to workero is listening on port 8080 but the
> > manager is not opening as below and the tomcat-users.xml is
> > configured as this:
> >
> > root@appserver01:/opt/worker0/conf# cat tomcat-users.xml  > version="1.0" encoding="utf-8"?>   > rolename="manager-gui"/>  > password="password" roles="manager-gui"/> 
> >
> > unfortunatly still not working and keep sending forbidden as below
>
> Your image was stripped from the mailing list. Can you find a way to
> show the problem using text only?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqwOogdHGNocmlzQGNo
> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjP7w/6Ah5ZC6Y+jZz1R0VT
> CxqPg1HpD5eRZLrxvBXodo1CqkHHZsJhdI82HrtnSOpBvqr4o9+Bp9M6X/3lubvn
> A5e+zrNSslVCpALd3r8qUJxwdcK/EcHKVruUHAee7U61Y0wz1JXLhjtX+etARA4w
> 1AioSXc5o2R3JC5ssKAoFT6fg8vzh9JRXkSF8HM4g6RpU3ynR2Zh2Ixoa6Fl8Mf5
> j+4UPuvBJnn/pX76RWn2cfEPGwK6sjn7rgNBMz/qEZhXC8otLfPGYOc4Tn/otImO
> yDeuqetssNd99iw7LAaHB5gm3biqfr5TN3pqBvVojpqqmlDL+XJIYAn2Rik/w9rC
> jzzcuU9eox/iCONPVheywjjafH89onYlkW4Dy/xMF/G7+bAMyzHxSFWzhst7PSZJ
> 7aG2FKVo1m10OThEPtFZkembz6tYxpzSx2V+nxvD5P6BqxCQwW8I8BAHIyemStK5
> LRBRBKtz4yS7fBJdz+YEjJU49XAtwDR+aF41pv3gv5rrbkroysPoCPgOQI+Xo/wR
> bLsAkYp5y8XPoMWVqCT1KOCE2zkVA3kt1vWpEP6kzsElQUQUpG2E5PU93WZ2q5j/
> svGGJlSffcsXhUrxSYc1kj8N7EUZasKl1yEWVBHsjGR4TjYkbu5JQIqtVKcjIdAv
> fmRGxlQqqQuj+5q9m9UKb+tIA1M=
> =QBdh
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: worker0 tomcat ,manager is not wotking

2018-03-19 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Loai,

On 3/19/18 4:43 PM, Loai Abdallatif wrote:
> I have running three tomcat instances worker0,worker1 and worker2
> 
> the http connector to workero is listening on port 8080 but the
> manager is not opening as below and the tomcat-users.xml is 
> configured as this:
> 
> root@appserver01:/opt/worker0/conf# cat tomcat-users.xml  version="1.0" encoding="utf-8"?>   rolename="manager-gui"/>  password="password" roles="manager-gui"/> 
> 
> unfortunatly still not working and keep sending forbidden as below

Your image was stripped from the mailing list. Can you find a way to
show the problem using text only?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqwOogdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjP7w/6Ah5ZC6Y+jZz1R0VT
CxqPg1HpD5eRZLrxvBXodo1CqkHHZsJhdI82HrtnSOpBvqr4o9+Bp9M6X/3lubvn
A5e+zrNSslVCpALd3r8qUJxwdcK/EcHKVruUHAee7U61Y0wz1JXLhjtX+etARA4w
1AioSXc5o2R3JC5ssKAoFT6fg8vzh9JRXkSF8HM4g6RpU3ynR2Zh2Ixoa6Fl8Mf5
j+4UPuvBJnn/pX76RWn2cfEPGwK6sjn7rgNBMz/qEZhXC8otLfPGYOc4Tn/otImO
yDeuqetssNd99iw7LAaHB5gm3biqfr5TN3pqBvVojpqqmlDL+XJIYAn2Rik/w9rC
jzzcuU9eox/iCONPVheywjjafH89onYlkW4Dy/xMF/G7+bAMyzHxSFWzhst7PSZJ
7aG2FKVo1m10OThEPtFZkembz6tYxpzSx2V+nxvD5P6BqxCQwW8I8BAHIyemStK5
LRBRBKtz4yS7fBJdz+YEjJU49XAtwDR+aF41pv3gv5rrbkroysPoCPgOQI+Xo/wR
bLsAkYp5y8XPoMWVqCT1KOCE2zkVA3kt1vWpEP6kzsElQUQUpG2E5PU93WZ2q5j/
svGGJlSffcsXhUrxSYc1kj8N7EUZasKl1yEWVBHsjGR4TjYkbu5JQIqtVKcjIdAv
fmRGxlQqqQuj+5q9m9UKb+tIA1M=
=QBdh
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

worker0 tomcat ,manager is not wotking

2018-03-19 Thread Loai Abdallatif 
Dear Friends ,

I have running three tomcat instances worker0,worker1 and worker2

the http connector to workero is listening on port 8080
but the manager is not opening as below and the tomcat-users.xml is
configured as this:

root@appserver01:/opt/worker0/conf# cat tomcat-users.xml


   
   


unfortunatly still not working and keep sending forbidden as below

Re: Get fail response by using the Tomcat manager command to deploy a war

2017-04-24 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bruce,

(CC'ing the list this time. TB changed their REPLY semantics and I'm
still getting used to them.)

On 4/24/17 8:52 AM, Bruce Huang wrote:
> Thanks for the information that Chris has provided.
> 
> I have found that the deployment has not always being succeeded.
> 
> The situation is, if I hit the /stop and then /deploy?update=true,
even I
> always got a fail message as below
> 
> *FAIL - Deployed application at context path /test but context
> failed to start*
> 
> But, sometimes the deployment works and sometimes it doesn't. If it
> is failed to deploy, the folder of the web application will have a
> file remains which is the \WEB-INF\lib\licensor-1.0.0-RC.jar.
> 
> What if I hit the /stop and then /undeploy before doing the 
> /deploy?update=true, the response of the /undeploy request is
> always as below
> 
> FAIL - Unable to delete 
> [D:\Tomcat8\apache-tomcat-8.0.23\webapps\test]. The continued
> presence of this file may cause problems.
> 
> And yes, the file remains is \WEB-INF\lib\licensor-1.0.0-RC.jar.
> 
> The licensor-1.0.0-RC.jar(Developed by ourself) dependents to the 
> bouncycastle <https://www.bouncycastle.org/> and log4j2 
> <https://logging.apache.org/log4j/2.x/> as below pom shows.

Interesting.

> And our webapp uses log4j 1.2 as the logging system, the pom as
> below
> 
>  com.company 
> licensor 
> 1.0.0-RC 
> log4j log4j 
> 1.2.14
> 
> As mentioned above, everytime when we try to undeploy the webapp
> from tomcat manager, it always failed to undeploy the webapp and
> return the failed message as below
> 
> FAIL - Unable to delete 
> [D:\Tomcat8\apache-tomcat-8.0.23\webapps\test]. The continued
> presence of this file may cause problems.
> 
> The remains file is always the WEB-INF\lib\licensor-1.0.0-RC.jar
> and it always being locked and unable to be deleted until we have
> shutdown the tomcat.

It seems like that file is being kept-open by some part of the code. I
suspect it's being held-open by some code from within that JAR file --
maybe opening a file and not closing it, etc.

> Is there any conflict problem if the webapp is using log4j 1.2 and
> its dependency lib has log4j2? Or the bouncycastle has some file
> locking
issue
> (Since it seems to contain some native code)?

There should be no log4j/log4j2 issues. I'm not sure about Bouncy
Castle, but I suspect that their implementation is good. native code
can't be loaded from a JAR file so I don't think that's going to be a
part of the problem.

You may need to attach a debugger/profiler to the application and look
at the open files to see what code is holding that file open.

An option for Tomcat is to set "antiJARLocking" to "true" in your
 element in META-INF/context.xml [1]. Note that there may be
some other implications to using this, so please read the documentation.

- -chris

[1] https://tomcat.apache.org/tomcat-7.0-doc/config/context.html

-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJY/ki1AAoJEBzwKT+lPKRYaYsP/2i4tkOaVgsdVwJEih8AVAuX
F6GQOuu+rrCWH0KBT5engib0AJjLvVI7KPgwRSFQ170MC3apswYRSaUg5LLOS02p
RTmOkzfv+B2rp4BU/j2bOJHf0oLtXAJBMNsTczAgybQyDGmLzUafLl9+hYEIaGaq
pCf4mmdi0wi9CECx57HDfpSJKSH3ZtpQ3PFet2GXhiHhViYRpCiuZG3U3h8BLFpb
9Nad+RZ14esEdXc57I9qvOjYUfDNkhjNebMrXQglvlMX/qVIffu+oiqUge9KQDb9
SAN4onLQtPpp0PxP8vkTFl/MLoo4tAVs5h9ARmFUX+UzPf3TllrJIp3K2IBHENf+
xluJ6U5Gio1MIx/CJjts3jnDR/A7/dATJzWyjlP+iTME1U+6OT4YOdVnuE6c1g3u
vyYJgsSkIMM4A5ixflJ/OCX5GlvOJeTA/2mIcrFvMW1WjPD/i7urhOH8KuTcSVBV
I8wzR75Zrq9JHWN7PgmrSoF3osVPfBwcJEnYi+v4S9VIzbpIS2xg0TKAhXMpI6xc
WYv2vegjPs8fsZGWdv+plumVauaki18ysLE4066foRqyh7kGb0GNEu097rowBis0
KnUyGbHDCBGPe162kShKAOqkDP1AG0ySKPq4y4di9jT+lApS+xxbXnD1MEvfbEwK
homOkesGo+M+M6CigY5k
=qf+H
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get fail response by using the Tomcat manager command to deploy a war

2017-04-24 Thread Bruce Huang 
Thanks for the information that Chris has provided.

I have found that the deployment has not always being succeeded.

The situation is, if I hit the /stop and then /deploy?update=true, even I
always got a fail message as below

*FAIL - Deployed application at context path /test but context failed to
start*

But, sometimes the deployment works and sometimes it doesn't. If it is
failed to deploy, the folder of the web application will have a file
remains which is the \WEB-INF\lib\licensor-1.0.0-RC.jar.

What if I hit the /stop and then /undeploy before doing the
/deploy?update=true, the response of the /undeploy request is always as
below

FAIL - Unable to delete
[D:\Tomcat8\apache-tomcat-8.0.23\webapps\test]. The continued presence
of this file may cause problems.

And yes, the file remains is \WEB-INF\lib\licensor-1.0.0-RC.jar.

The licensor-1.0.0-RC.jar(Developed by ourself) dependents to the
bouncycastle <https://www.bouncycastle.org/> and log4j2
<https://logging.apache.org/log4j/2.x/> as below pom shows.




org.apache.logging.log4j
log4j
${log4j.version}
pom
import




org.bouncycastle
bcprov-jdk15on
1.51


org.bouncycastle
bcprov-ext-jdk15on
1.51


org.bouncycastle
bcpg-jdk15on
1.51



org.apache.logging.log4j
log4j-core


org.apache.logging.log4j
log4j-api


org.apache.logging.log4j
log4j-jcl


org.apache.logging.log4j
log4j-slf4j-impl



com.google.guava
guava
18.0



org.apache.commons
commons-lang3



commons-cli
commons-cli
1.2


commons-configuration
commons-configuration
1.10



junit
junit
4.12
test


org.hamcrest
hamcrest-core
1.3
test


org.mockito
mockito-core
1.10.19
test


And our webapp uses log4j 1.2 as the logging system, the pom as below


com.company
licensor
1.0.0-RC
log4j
log4j
1.2.14

As mentioned above, everytime when we try to undeploy the webapp from
tomcat manager, it always failed to undeploy the webapp and return the
failed message as below

FAIL - Unable to delete
[D:\Tomcat8\apache-tomcat-8.0.23\webapps\test]. The continued presence
of this file may cause problems.

The remains file is always the WEB-INF\lib\licensor-1.0.0-RC.jar and it
always being locked and unable to be deleted until we have shutdown the
tomcat.

The tomcat log only complains about the directory could not be completely
deleted.

19-Apr-2017 18:49:56.976 INFO
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.startup.HostConfig.undeploy Undeploying context
[/2.2]
19-Apr-2017 18:49:56.981 SEVERE
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.startup.ExpandWar.deleteDir
[D:\CI\Tomcat8\CI1\apache-tomcat-8.0.23\webapps\2.2\WEB-INF\lib] could
not be completely deleted. The presence of the remaining files may
cause problems
19-Apr-2017 18:49:56.982 SEVERE
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.startup.ExpandWar.deleteDir
[D:\CI\Tomcat8\CI1\apache-tomcat-8.0.23\webapps\2.2\WEB-INF] could not
be completely deleted. The presence of the remaining files may cause
problems
19-Apr-2017 18:49:56.982 SEVERE
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.startup.ExpandWar.deleteDir
[D:\CI\Tomcat8\CI1\apache-tomcat-8.0.23\webapps\2.2] could not be
completely deleted. The presence of the remaining files may cause
problems
19-Apr-2017 18:49:56.983 SEVERE
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.startup.ExpandWar.delete
[D:\CI\Tomcat8\CI1\apache-tomcat-8.0.23\webapps\2.2] could not be
completely deleted. The presence of the remaining files may cause
problems

Is there any conflict problem if the webapp is using log4j 1.2 and its
dependency lib has log4j2? Or the bouncycastle has some file locking issue
(Since it seems to contain some native code)?

Any help is appreciated

Bruce Huang <mailbru...@gmail.com> 於 2017年4月9日 週日 下午7:47寫道:

> Hi Christopher,
>
> I have checked the tomcat log, there is no error as below and the
> application is started successfully.
>
> Manager.log
>
> 09-Apr-2017 17:37:53.295 INFO [http-nio-3030-exec-342]
> org.apache.catalina.core.ApplicationContext.log Manager: stop: Stopping web
> application '/2.1.2-C1'
> 09-Apr-2017 17:38:23.769 INFO [http-nio-3030-exec-326]
> org.apache.catalina.core.ApplicationContext.log Manager: deploy: Deploying
> web application '/2.1.2-C1'
> 09-Apr-2017 17:38:23.769 INFO [http-nio-3030-exec-326]
> org.apache.catalina

Re: Get fail response by using the Tomcat manager command to deploy a war

2017-04-09 Thread Bruce Huang 
Hi Christopher,

I have checked the tomcat log, there is no error as below and the
application is started successfully.

Manager.log

09-Apr-2017 17:37:53.295 INFO [http-nio-3030-exec-342]
org.apache.catalina.core.ApplicationContext.log Manager: stop: Stopping web
application '/2.1.2-C1'
09-Apr-2017 17:38:23.769 INFO [http-nio-3030-exec-326]
org.apache.catalina.core.ApplicationContext.log Manager: deploy: Deploying
web application '/2.1.2-C1'
09-Apr-2017 17:38:23.769 INFO [http-nio-3030-exec-326]
org.apache.catalina.core.ApplicationContext.log Manager: Uploading WAR file
to D:\CI\Tomcat8\CI6\apache-tomcat-8.0.23\webapps\2.1.2-C1.war.tmp

localhost.log

09-Apr-2017 17:37:53.344 INFO [http-nio-3030-exec-342]
org.apache.catalina.core.ApplicationContext.log Shutting down log4j
09-Apr-2017 17:38:05.573 INFO [http-nio-3030-exec-342]
org.apache.catalina.core.ApplicationContext.log Closing Spring root
WebApplicationContext
09-Apr-2017 17:43:05.372 INFO [localhost-startStop-32]
org.apache.catalina.core.ApplicationContext.log No Spring
WebApplicationInitializer types detected on classpath
09-Apr-2017 17:43:05.833 INFO [localhost-startStop-32]
org.apache.catalina.core.ApplicationContext.log Initializing Spring root
WebApplicationContext
09-Apr-2017 17:44:00.206 INFO [localhost-startStop-32]
org.apache.catalina.core.ApplicationContext.log Initializing log4j from
[D:\CI\Tomcat8\CI6\apache-tomcat-8.0.23\webapps\2.1.2-C1\WEB-INF\classes\log4j.properties]

catalina.log

09-Apr-2017 17:38:34.989 INFO
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.startup.HostConfig.undeploy Undeploying context
[/2.1.2-C1]
09-Apr-2017 17:38:45.037 INFO [localhost-startStop-32]
org.apache.catalina.startup.HostConfig.deployWAR Deploying web application
archive D:\CI\Tomcat8\CI6\apache-tomcat-8.0.23\webapps\2.1.2-C1.war
09-Apr-2017 17:43:05.365 INFO [localhost-startStop-32]
org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned
for TLDs yet contained no TLDs. Enable debug logging for this logger for a
complete list of JARs that were scanned but no TLDs were found in them.
Skipping unneeded JARs during scanning can improve startup time and JSP
compilation time.
09-Apr-2017 17:44:01.106 INFO [localhost-startStop-32]
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
application archive
D:\CI\Tomcat8\CI6\apache-tomcat-8.0.23\webapps\2.1.2-C1.war has finished in
316,068 ms


The log from my app for deploying the war file

2017-04-09 17:38:23,766 [main] INFO c.u.m.i.deployer.catalina.DeployTask -
Deployed pacakge to
http://localhost:3030/manager/text/deploy?update=true=/2.1.2-C1
Sun Apr 09 17:38:24 CST 2017 -> FAIL - Deployed application at context path
/2.1.2-C1 but context failed to start

It looks like the deploying and uploading is started at around 17:38:23,
and at the 17:38:24 the response is received and says failed to start. At
17:38:34, the app went to undeploying and at 17:38:45 it went to
deploying and started successfully.

Is that because my webapp taking too much time to be undeployed?

Thanks


Christopher Schultz  於 2017年4月7日 週五 下午9:25寫道:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Bruce,
>
> On 4/7/17 4:08 AM, Bruce Huang wrote:
> > I want to use the tomcat supported manager command
> >  _Manager_Commands>
> >
> >
> to deploy a war file. The Tomcat server is Tomcat v8.0.23.
> >
> > The application is sure to be deployed and started successfully,
> > I, however, got the failed message of the response as below
> >
> > *FAIL - Deployed application at context path /test but context
> > failed to start*
> >
> > The way I used is the HttpURLConnection in Java to PUT a file by an
> > HTTP request as below code
>
> Re-read the error message you got. The upload was fine. The
> application just didn't start properly. So the problem isn't with the
> upload/deploy... it's with the application itself.
>
> Do onto the server and look at the log files to find out why the
> application failed to start.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJY55NWAAoJEBzwKT+lPKRY23cQAKYEyu0KdyZeSSthSTrE+bCU
> EgQEuFr36EjsdTc3hW8UYjJITzRgvjj7OUd/D/TTQmW9PsiRQQNmrjYDigpmnE6w
> PlxkqhskbXX1iHJTcuIHKtUxvIGe67zMeJsZE2mlklOM9bJuPBcrORse185EBJyq
> 543TZ/2GZkOqf3MuoKDTvrpaKL/hm70IeoMXKLv7MPEDMw/+MTI1OeNag/4pCgtw
> b2WnemWNIO16msvaWWE7ZK7rcroQgX4ky2CvZ0COJjy2St8PfsnaBAYmzD1PCPtu
> IkHdPHb8oAtJJoANPAmAQolg4SbNlzm9xL78tJvwgiY7hA8HKBC4STiIc7zM88nm
> JhmzIfFScLGAEQ/qG4dGxTHctT4F/eE/DrTxKXwMai7z2Y1KjHfW7mn4eGmTIBLO
> 2hWrTnfGUqhe/wM9D0nJJ8NuTCEt44JKSlMoBVqCzybHemykZKafxcKSa9ne5Yev
> VQyTX3/CrbVqNIOD1oEuycuMDX8pXQfPWaFFWlcIu/1GOZNnHbXAr1GkNUM0cXSx
> WcLAYK5SUs0x80ls06iZlyUNFQrH/Y94GFsIpu4alamIXyNC8G6gcagXOppKo8He
>

Re: Get fail response by using the Tomcat manager command to deploy a war

2017-04-07 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bruce,

On 4/7/17 4:08 AM, Bruce Huang wrote:
> I want to use the tomcat supported manager command 
> 
>
> 
to deploy a war file. The Tomcat server is Tomcat v8.0.23.
> 
> The application is sure to be deployed and started successfully,
> I, however, got the failed message of the response as below
> 
> *FAIL - Deployed application at context path /test but context
> failed to start*
> 
> The way I used is the HttpURLConnection in Java to PUT a file by an
> HTTP request as below code

Re-read the error message you got. The upload was fine. The
application just didn't start properly. So the problem isn't with the
upload/deploy... it's with the application itself.

Do onto the server and look at the log files to find out why the
application failed to start.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJY55NWAAoJEBzwKT+lPKRY23cQAKYEyu0KdyZeSSthSTrE+bCU
EgQEuFr36EjsdTc3hW8UYjJITzRgvjj7OUd/D/TTQmW9PsiRQQNmrjYDigpmnE6w
PlxkqhskbXX1iHJTcuIHKtUxvIGe67zMeJsZE2mlklOM9bJuPBcrORse185EBJyq
543TZ/2GZkOqf3MuoKDTvrpaKL/hm70IeoMXKLv7MPEDMw/+MTI1OeNag/4pCgtw
b2WnemWNIO16msvaWWE7ZK7rcroQgX4ky2CvZ0COJjy2St8PfsnaBAYmzD1PCPtu
IkHdPHb8oAtJJoANPAmAQolg4SbNlzm9xL78tJvwgiY7hA8HKBC4STiIc7zM88nm
JhmzIfFScLGAEQ/qG4dGxTHctT4F/eE/DrTxKXwMai7z2Y1KjHfW7mn4eGmTIBLO
2hWrTnfGUqhe/wM9D0nJJ8NuTCEt44JKSlMoBVqCzybHemykZKafxcKSa9ne5Yev
VQyTX3/CrbVqNIOD1oEuycuMDX8pXQfPWaFFWlcIu/1GOZNnHbXAr1GkNUM0cXSx
WcLAYK5SUs0x80ls06iZlyUNFQrH/Y94GFsIpu4alamIXyNC8G6gcagXOppKo8He
gvDcyDzrFCijZt7OW0j/toNH0U7AR/PHWF0+pf6qM/zDU2ewZRmFeCI0pD47eged
EVjBnqA2O5/nWhq08TGS
=V6R6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Get fail response by using the Tomcat manager command to deploy a war

2017-04-07 Thread Bruce Huang 
Hi all,

I want to use the tomcat supported manager command

 to deploy a war file. The Tomcat server is Tomcat v8.0.23.

The application is sure to be deployed and started successfully, I,
however, got the failed message of the response as below

*FAIL - Deployed application at context path /test but context failed to
start*

The way I used is the HttpURLConnection in Java to PUT a file by an HTTP
request as below code


public void execute(ResponseHandler handler) throws IOException {

String deployURL =
"http://localhost/manager/text/deploy?update=true=/test;
final HttpURLConnection hconn = (HttpURLConnection) (new
URL(deployURL)).openConnection();

try (FileInputStream fsInput = new FileInputStream(deployedPackage)) {
final long contentLength = fsInput.getChannel().size();

hconn.setAllowUserInteraction(false);
hconn.setDoInput(true);
hconn.setUseCaches(false);
hconn.setDoOutput(true);
hconn.setRequestMethod("PUT");
hconn.setRequestProperty("Content-Type", "application/octet-stream");
hconn.setRequestProperty("Content-Length", "" + contentLength);
hconn.setFixedLengthStreamingMode(contentLength);
hconn.setRequestProperty("User-Agent", "Catalina-Ant-Task/1.0");

// Set up an authorization header with our credentials
final String input = this.username + ":" + this.password;
final String output =
Base64.getEncoder().encodeToString(input.getBytes(StandardCharsets.ISO_8859_1));
hconn.setRequestProperty("Authorization", "Basic " + output);

// Establish the connection with the server
hconn.connect();

try (BufferedInputStream istream = new
BufferedInputStream(fsInput, 1024);
BufferedOutputStream ostream = new
BufferedOutputStream(hconn.getOutputStream(), 1024)) {
final byte buffer[] = new byte[1024];
while (true) {
int n = istream.read(buffer);
if (n < 0) {
break;
}
ostream.write(buffer, 0, n);
}
}
}

String response = new String();

// Process the response message
try (InputStreamReader reader = new
InputStreamReader(hconn.getInputStream(), "utf-8")) {
final StringBuilder buff = new StringBuilder();
while (true) {
int ch = reader.read();
if (ch < 0) {
break;
} else {
buff.append((char) ch);
}
}
handler.handle(buff.toString());
}

hconn.disconnect();}


The target URL is *http://localhost/manager/text/deploy?update=true=/test
* for
deploying a war file to a context path "test". And the *deployedPackage* is
a File with the size amount 130 MB.

Is there anything I miss to set up or do it in the wrong way?

Thanks

Re: Restricted Access to Tomcat Manager Caused Database Issues

2016-09-08 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Yuval,

On 9/7/16 4:03 AM, Yuval Schwartz wrote:
> Hello,
> 
> Tomcat: 8.0.22 Java: jdk1.8.0_05
> 
> I recently restricted access to my Tomcat Manager App by: 1)
> Changing the name of the manager app. 2) Block access to the
> manager app by IP address.
> 
> I did the following: A) Stopped Tomcat B) Simply renamed the
> manager app in $CATALINA_BASE/webapps by executing the linux
> command "mv manager somename". C) Adding a file to the path
> $CATALINA_BASE/conf/Catalina/[hostname] named "somename.xml" which
> contained the following context element to restrict access to the
> manager app:
> 
>   className="org.apache.catalina.valves.RemoteAddrValve" 
> allow="[myIP]"/> 

Don't put a "path" in the . The filename is already
manager.xml, so Tomcat knows it should be deployed as /manager

Step (B) should have been sufficient. You can modify the
META-INF/context.xml that comes with the manager if you want. Or, even
better, use a separate CATALINA_BASE and your own custom
CATALINA_BASE/conf/Catalina/localhost/manager.xml that points to the
manager application in ${catalina.home}/webapps/manager.

We do this with our ant-based deployment scripts: copy the stock
manager's context.xml file, transform it with an XSLT that sets the
docBase and inserts the RemoteAddrValve and Realm we want, and drop
that file into CATALINA_BASE/conf/[engine]/[host]/manager.xml

> D) Start Tomcat
> 
> This caused my web application to lose access to the database (as
> if the web applications Context element located in 
> /webapps/myapp/META-INF/context.xml was overridden or something).
> 
> Does anyone have any suggestions on what's going on? My host is
> called localhost.

You must have done something other than what you described above. If
you really only touched the manager, than other applications shouldn't
have any problems.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0YRiAAoJEBzwKT+lPKRYWiUP/RXZ0AEymW8C7+hFZNM97E3J
UMxaHBj1VRYqgLlieZmI80rBAQss3dzZtF9ZyxWvF4+boUeOTdH5Q3rK3sK7yvwZ
9bWy6lnw9f9lP+fVurRhg0DngpHjPKtS2fzOeQRDMsQEPBRtJy7OEZxOrgJ4xi5W
eQ548r1P6Op93VEe/jpgnu8NF2TUiyWP5jDxvySTOdFc1nbrFHZjtjJ3OInsr07s
jk+7cqt15Q7oick4Ql8W53uZP6r0C4gMwGPjozHyt14tHjKHeOqcRnn5n4nIKUV9
yuWALFi5Lis1Ww0Z4ybSHzhKbGuPpA4hRCtKgoOZJlIj19ofyjO2iroApQFlySAK
TS9scZA8sBpKLwj4hlWf+cUj2deiCZWYDNkP+gXl5RbpFqhBREKQVB7JknunJqlD
QqY0DUd1gG/xjvehIZd2oaHhO3lmoZTW/9HCqpm5RyUQk4E3TiK0W4XSwrN8pYAZ
fbfQ2QxYljMGV2bQshkLBll5OJNsPNNRmtB0PNzhT3Mll5b16ivpLwOyzTsGfvg4
i1vQXzS59gZIzdCn7LqhbTbN0Vg09EhRXiIjeFW0gbnavFUonMrBNqMqc4slPu/v
51sUo7D+sw7t4O1P+XO+HAdKw538Bgkq7qVFWKnWwXLTqUTyrlWZBJczsRHKlOh3
4SL5mezp6B9mlpm4TJC4
=qRk9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Restricted Access to Tomcat Manager Caused Database Issues

2016-09-07 Thread Yuval Schwartz 
Hello,

Tomcat: 8.0.22
Java: jdk1.8.0_05

I recently restricted access to my Tomcat Manager App by:
1) Changing the name of the manager app.
2) Block access to the manager app by IP address.

I did the following:
A) Stopped Tomcat
B) Simply renamed the manager app in $CATALINA_BASE/webapps by executing
the linux command "mv manager somename".
C) Adding a file to the path $CATALINA_BASE/conf/Catalina/[hostname] named
"somename.xml" which contained the following context element to restrict
access to the manager app:





D) Start Tomcat

This caused my web application to loose access to the database (as if the
web applications Context element located in
/webapps/myapp/META-INF/context.xml was overridden or something).

Does anyone have any suggestions on what's going on?
My host is called localhost.

Thanks.



 adding a file to the path $CATALINA_BASE/conf/Catalina/[hostname]
named

Re: Huge Time Tomcat Manager

2016-07-29 Thread Mohit Chawla 
I see this on my system as well for all requests, except for the
manager/status request, which shows the correct time.

On Fri, Jul 29, 2016 at 5:06 PM, George Sexton <geor...@mhsoftware.com>
wrote:

>
> On 7/21/2016 9:58 AM, Christopher Schultz wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Teresa,
>>
>> On 7/21/16 5:33 AM, Teresa Fasano wrote:
>>
>>> I notice on my tomcat manager the huge and wrong values for the
>>> thread times. For example: 1469093029135 ms
>>>
>>> This is the information: Server version: Apache Tomcat/7.0.56
>>> (Debian) Server built:   Feb 3 2015 06:16:51 Server number:
>>> 7.0.56.0 OS Name:Linux OS Version: 3.2.0-4-amd64
>>> Architecture:   amd64 JVM Version:1.6.0_35-b35 JVM Vendor:
>>> Sun Microsystems Inc.
>>>
>>> Why? It is a bug?
>>>
>> Since it's unlikely that your application has been running for 46
>> years straight, something is obviously wrong.
>>
>
> I consistently see this on my mod_jk connector for the "Time" value.
>
>
>
>> Exactly which timing value are you looking at in the manager application
>> ?
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIcBAEBCAAGBQJXkPE5AAoJEBzwKT+lPKRYlmgP/i9OYYa1eRt36e0kNKXVcvWj
>> 4bET69/zh9UxJR5H3JdJDwmPY2RxhIzKQrDXC+bgEI0s2vor3T/C9MTAkFKFfUuV
>> 0fE5YLCityUOR4M2dy++nOhoHKedZvIXzJWVAil/z+yRLfUepNOoHfb+b2y6uWU5
>> pIqa4/604UaSj+MQgJVi2N2nNuAxTLhi0Te1wxhjTu9foZJGU9fLaYSmGP7XMWIq
>> ztsH5JOSPHpGiqOZK4UoKXo7w8glSvTGX8834EsnTkJ8N13anl8nFo11qk66JRWi
>> f/vlydnIc9vRON6NXy3OJsMky7bkfEgFuLIngzA1VhXKfCdquzbwyAH2ISOJ1DPw
>> r8wAUNWWFZnOa0UJr61L5Xp/vRq+k4oX1kijKLXfmPd5RySJLYaw2OD6w8b21R/9
>> Y36RxHAW9K7OgNSfr12L6nT9ZLPzLa+qbradicJcV8sppR2fTqq8Gq48P0NQhg9t
>> Q3ZCGa5JX7nxEnloN9dW+MVZr6gmDmhcgg9hF4RRof3tLj14iwiVhKk8mTqnNmLZ
>> 4rehbEs7loHze87D+YwdB956AGK0lEFJGSnWN2g6/ZstQs+7mhwPyxr5MSscHv95
>> zhyvp3j7EqQZPr1vuEkjda9NOA3MxzcwKpVcld0nkNnj8UadLdNZkOYTCAm9FG8u
>> hVD1Z/EN9G3aBezCzgSz
>> =SWSD
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> --
> George Sexton
> *MH Software, Inc.*
> Voice: 303 438 9585
> http://www.connectdaily.com
>

Re: Huge Time Tomcat Manager

2016-07-29 Thread George Sexton 


On 7/21/2016 9:58 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Teresa,

On 7/21/16 5:33 AM, Teresa Fasano wrote:

I notice on my tomcat manager the huge and wrong values for the
thread times. For example: 1469093029135 ms

This is the information: Server version: Apache Tomcat/7.0.56
(Debian) Server built:   Feb 3 2015 06:16:51 Server number:
7.0.56.0 OS Name:Linux OS Version: 3.2.0-4-amd64
Architecture:   amd64 JVM Version:1.6.0_35-b35 JVM Vendor:
Sun Microsystems Inc.

Why? It is a bug?

Since it's unlikely that your application has been running for 46
years straight, something is obviously wrong.


I consistently see this on my mod_jk connector for the "Time" value.



Exactly which timing value are you looking at in the manager application
?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXkPE5AAoJEBzwKT+lPKRYlmgP/i9OYYa1eRt36e0kNKXVcvWj
4bET69/zh9UxJR5H3JdJDwmPY2RxhIzKQrDXC+bgEI0s2vor3T/C9MTAkFKFfUuV
0fE5YLCityUOR4M2dy++nOhoHKedZvIXzJWVAil/z+yRLfUepNOoHfb+b2y6uWU5
pIqa4/604UaSj+MQgJVi2N2nNuAxTLhi0Te1wxhjTu9foZJGU9fLaYSmGP7XMWIq
ztsH5JOSPHpGiqOZK4UoKXo7w8glSvTGX8834EsnTkJ8N13anl8nFo11qk66JRWi
f/vlydnIc9vRON6NXy3OJsMky7bkfEgFuLIngzA1VhXKfCdquzbwyAH2ISOJ1DPw
r8wAUNWWFZnOa0UJr61L5Xp/vRq+k4oX1kijKLXfmPd5RySJLYaw2OD6w8b21R/9
Y36RxHAW9K7OgNSfr12L6nT9ZLPzLa+qbradicJcV8sppR2fTqq8Gq48P0NQhg9t
Q3ZCGa5JX7nxEnloN9dW+MVZr6gmDmhcgg9hF4RRof3tLj14iwiVhKk8mTqnNmLZ
4rehbEs7loHze87D+YwdB956AGK0lEFJGSnWN2g6/ZstQs+7mhwPyxr5MSscHv95
zhyvp3j7EqQZPr1vuEkjda9NOA3MxzcwKpVcld0nkNnj8UadLdNZkOYTCAm9FG8u
hVD1Z/EN9G3aBezCzgSz
=SWSD
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



--
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.connectdaily.com

Re: Huge Time Tomcat Manager

2016-07-21 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Teresa,

On 7/21/16 5:33 AM, Teresa Fasano wrote:
> I notice on my tomcat manager the huge and wrong values for the
> thread times. For example: 1469093029135 ms
> 
> This is the information: Server version: Apache Tomcat/7.0.56
> (Debian) Server built:   Feb 3 2015 06:16:51 Server number:
> 7.0.56.0 OS Name:Linux OS Version: 3.2.0-4-amd64 
> Architecture:   amd64 JVM Version:1.6.0_35-b35 JVM Vendor:
> Sun Microsystems Inc.
> 
> Why? It is a bug?

Since it's unlikely that your application has been running for 46
years straight, something is obviously wrong.

Exactly which timing value are you looking at in the manager application
?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXkPE5AAoJEBzwKT+lPKRYlmgP/i9OYYa1eRt36e0kNKXVcvWj
4bET69/zh9UxJR5H3JdJDwmPY2RxhIzKQrDXC+bgEI0s2vor3T/C9MTAkFKFfUuV
0fE5YLCityUOR4M2dy++nOhoHKedZvIXzJWVAil/z+yRLfUepNOoHfb+b2y6uWU5
pIqa4/604UaSj+MQgJVi2N2nNuAxTLhi0Te1wxhjTu9foZJGU9fLaYSmGP7XMWIq
ztsH5JOSPHpGiqOZK4UoKXo7w8glSvTGX8834EsnTkJ8N13anl8nFo11qk66JRWi
f/vlydnIc9vRON6NXy3OJsMky7bkfEgFuLIngzA1VhXKfCdquzbwyAH2ISOJ1DPw
r8wAUNWWFZnOa0UJr61L5Xp/vRq+k4oX1kijKLXfmPd5RySJLYaw2OD6w8b21R/9
Y36RxHAW9K7OgNSfr12L6nT9ZLPzLa+qbradicJcV8sppR2fTqq8Gq48P0NQhg9t
Q3ZCGa5JX7nxEnloN9dW+MVZr6gmDmhcgg9hF4RRof3tLj14iwiVhKk8mTqnNmLZ
4rehbEs7loHze87D+YwdB956AGK0lEFJGSnWN2g6/ZstQs+7mhwPyxr5MSscHv95
zhyvp3j7EqQZPr1vuEkjda9NOA3MxzcwKpVcld0nkNnj8UadLdNZkOYTCAm9FG8u
hVD1Z/EN9G3aBezCzgSz
=SWSD
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Huge Time Tomcat Manager

2016-07-21 Thread Teresa Fasano 

Hi,
I notice on my tomcat manager the huge and wrong values for the thread 
times.

For example: 1469093029135 ms

This is the information:
Server version: Apache Tomcat/7.0.56 (Debian)
Server built:   Feb 3 2015 06:16:51
Server number:  7.0.56.0
OS Name:Linux
OS Version: 3.2.0-4-amd64
Architecture:   amd64
JVM Version:1.6.0_35-b35
JVM Vendor: Sun Microsystems Inc.

Why?
It is a bug?
Thanks,
Teresa


--
--
L'educazione è il pane dell'anima
--

Teresa Fasano

CINECA
System and Technologies Department
Middleware and Infrastructure Group
Via Magnanelli, 6/3
Casalecchio di Reno (Bologna) ITALY

web: http://www.cineca.it
e-mail:  t.fas...@cineca.it
phone:   +39 051 61 71 364


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Deployment of application via Tomcat Manager fails.

2016-01-19 Thread Karl Hauschildt 
Background:
JAVA Web application, Eclipse workspace with an ANT build.xml.
Using Windows, this project builds using java 1.7, deploys to multiple
Solaris environments running Tomcat 5, 6 or 7 and runs cleanly.

I have to deploy the preceding to a Linux environment with Tomcat 8. Which
is running JAVA 1.8

Problem:
The deploy task fails with: BUILD FAILED java.io.IOException: Error
writing request body to server
Looking in the Tomcat, localhost_access.log, I see: "PUT
/manager/deploy?path=%2FFXInSite=true HTTP/1.1" 403 3196
The other logs contain no errors or warnings.

Investigations:
I have set the Tomcat (catalina) logging levels to DEBUG and FINEST.
I can get into the tomcat and the manager on the same port as what the
deployment uses.
The user that Tomcat is running under ( not root ) has full permissions to
all folders.
I have compared the server.xml and web.xml configuration files between
Linux and Solaris and they are essentially identical.
Google searches for anything to do with ANT and the deploy task, Tomcat 403
errors, permissions have been unsuccessful.

Thank you for your time and consideration.

Suggestions gratefully taken.

Re: Unable to deploy app with Tomcat Manager Text interface using a Context Descriptor

2015-10-14 Thread Mark Thomas 
On 13/10/2015 16:31, ptruche wrote:
> Sorry about the formatting issue. Here is the corrected 
> version.---
> 
> My application context is defined as an XML file located in 
> `my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`.
> 
> 
> type='java.lang.String'/>
> 
> 
> `/my/path/to/myApp` contains the WAR file myAppWarFile.war and a number of 
> externalized properties that are read by Spring.
> 
> Tomcat is configured with autoDeploy turned off. When I start Tomcat, it 
> creates `my/path/to/Tomcat/conf/webapps/my-app/` and the WAR file gets 
> unpacked into this location as expected, and the application of course can 
> run as expected.

That is an odd looking location for the WAR to be unpacked to. I'd
expect "my/path/to/Tomcat/webapps/my-app/"

> When I want to deploy a new version without restarting Tomcat, I run the 
> undeploy command as follows:
> 
> curl http://localhost:8080/manager/text/undeploy?path=/my-app --user 
> my-username:my-password

Note: Undeploy removes the xml from
"my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml"

> ... and that works. But when I instruct Tomcat to deploy with the following 
> curl statement, I get a failure.
> 
> curl 
> http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml
>  --user my-username:my-password
> # Tomcat response
> FAIL - Invalid context path null was specified
> 
> Adding the path does not help much, I still get a failure.
> 
> curl 
> http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml\=/my-app
>  --user my-username:my-password
> 
> # Tomcat response
> FAIL - Failed to deploy application at context path /my-app

Those are expected since the context.xml no longer exists. Better error
messages would be nice in those cases. Patches welcome.

> The worst part is that tailing catalina.out does not yield any insight. And 
> on top of that, Tomcat deletes the application context XML file 
> `my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`!
> 
> Naturally I have reviewed Tomcat documentation 
> (https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Deploy_using_a_Context_configuration_%22.xml%22_file)
>  and I have googled all day to figure this out, but I have not found anything 
> that can help me with this particular configuration.

This page might also be useful:
http://tomcat.apache.org/tomcat-7.0-doc/config/automatic-deployment.html


> It feels as though the choice is: 
> 
>  1. Tomcat with autoDeploy on (not recommended for production) in which case 
> simply dropping the new WAR to `/my/path/to/myApp/` will cause Tomcat to hot 
> deploy the app.

There are reasons not to enable autoDeploy in production (mainly
security) but I wouldn't go as far as to say you should never use
autoDeploy in production.

>  2. Tomcat with autoDeploy off, but re-deploying requires a Tomcat restart 
> because the deploy API does not seem to be working as advertised.
> 
> Has anybody made this work with this configuration?

If you want to do this with autoDeploy disabled, I think what you need
to do is:

- Update the external WAR file. Tomcat should ignore this since
autoDeploy is disabled.

- Then, without undeploying the old version, trigger a redeployment via
the Manager using the same curl command as the original deployment but
include the update=true

HTH,

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to deploy app with Tomcat Manager Text interface using a Context Descriptor

2015-10-14 Thread ptruche 
Hello Mark,
Indeed I made an error when I wrote the problem statement, maAppWarFile.war is 
in fact unpacked to "my/path/to/Tomcat/webapps/my-app/," not the conf folder.
 
Philippe  

  From: Mark Thomas <ma...@apache.org>
 To: Tomcat Users List <users@tomcat.apache.org> 
 Sent: Wednesday, October 14, 2015 4:49 AM
 Subject: Re: Unable to deploy app with Tomcat Manager Text interface using a 
Context Descriptor
   
On 13/10/2015 16:31, ptruche wrote:
> Sorry about the formatting issue. Here is the corrected 
> version.---
> 
> My application context is defined as an XML file located in 
> `my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`.
> 
>    
>        type='java.lang.String'/>
>    
> 
> `/my/path/to/myApp` contains the WAR file myAppWarFile.war and a number of 
> externalized properties that are read by Spring.
> 
> Tomcat is configured with autoDeploy turned off. When I start Tomcat, it 
> creates `my/path/to/Tomcat/conf/webapps/my-app/` and the WAR file gets 
> unpacked into this location as expected, and the application of course can 
> run as expected.

That is an odd looking location for the WAR to be unpacked to. I'd
expect "my/path/to/Tomcat/webapps/my-app/"

> When I want to deploy a new version without restarting Tomcat, I run the 
> undeploy command as follows:
> 
>    curl http://localhost:8080/manager/text/undeploy?path=/my-app --user 
>my-username:my-password

Note: Undeploy removes the xml from
"my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml"

> ... and that works. But when I instruct Tomcat to deploy with the following 
> curl statement, I get a failure.
> 
>    curl 
>http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml
> --user my-username:my-password
>    # Tomcat response
>    FAIL - Invalid context path null was specified
> 
> Adding the path does not help much, I still get a failure.
> 
>    curl 
>http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml\=/my-app
> --user my-username:my-password
> 
>    # Tomcat response
>    FAIL - Failed to deploy application at context path /my-app

Those are expected since the context.xml no longer exists. Better error
messages would be nice in those cases. Patches welcome.

> The worst part is that tailing catalina.out does not yield any insight. And 
> on top of that, Tomcat deletes the application context XML file 
> `my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`!
> 
> Naturally I have reviewed Tomcat documentation 
> (https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Deploy_using_a_Context_configuration_%22.xml%22_file)
>  and I have googled all day to figure this out, but I have not found anything 
> that can help me with this particular configuration.

This page might also be useful:
http://tomcat.apache.org/tomcat-7.0-doc/config/automatic-deployment.html


> It feels as though the choice is: 
> 
>  1. Tomcat with autoDeploy on (not recommended for production) in which case 
>simply dropping the new WAR to `/my/path/to/myApp/` will cause Tomcat to hot 
>deploy the app.

There are reasons not to enable autoDeploy in production (mainly
security) but I wouldn't go as far as to say you should never use
autoDeploy in production.

>  2. Tomcat with autoDeploy off, but re-deploying requires a Tomcat restart 
>because the deploy API does not seem to be working as advertised.
> 
> Has anybody made this work with this configuration?

If you want to do this with autoDeploy disabled, I think what you need
to do is:

- Update the external WAR file. Tomcat should ignore this since
autoDeploy is disabled.

- Then, without undeploying the old version, trigger a redeployment via
the Manager using the same curl command as the original deployment but
include the update=true

HTH,



Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to deploy app with Tomcat Manager Text interface using a Context Descriptor

2015-10-13 Thread Mark Thomas 
On 13/10/2015 16:09, ptruche wrote:
> My application context is defined as an XML file located in 
> `my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`.
> name='my_config_dir' value='/my/path/to/myApp' type='java.lang.String'/>
> 
> `/my/path/to/myApp` contains the WAR file myAppWarFile.war and a number of 
> externalized properties that are read by Spring.
> Tomcat is configured with autoDeploy turned off. When I start Tomcat, it 
> creates `my/path/to/Tomcat/conf/webapps/my-app/` and the WAR file gets 
> unpacked into this location as expected, and the application of course can 
> run as expected.
> When I want to deploy a new version without restarting Tomcat, I run the 
> undeploy command as follows:
> curl http://localhost:8080/manager/text/undeploy?path=/my-app --user 
> my-username:my-password
> ... and that works. But when I instruct Tomcat to deploy with the following 
> curl statement, I get a failure.
> curl 
> http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml
>  --user my-username:my-password# Tomcat responseFAIL - Invalid 
> context path null was specified
> Adding the path does not help much, I still get a failure.
> curl 
> http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml\=/my-app
>  --user my-username:my-password
> # Tomcat responseFAIL - Failed to deploy application at context path 
> /my-app
> The worst part is that tailing catalina.out does not yield any insight. And 
> on top of that, Tomcat deletes the application context XML file 
> `my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`!
> Naturally I have reviewed Tomcat documentation 
> (https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Deploy_using_a_Context_configuration_%22.xml%22_file)
>  and I have googled all day to figure this out, but I have not found anything 
> that can help me with this particular configuration.
> It feels as though the choice is: 
>  1. Tomcat with autoDeploy on (not recommended for production) in which case 
> simply dropping the new WAR to `/my/path/to/myApp/` will cause Tomcat to hot 
> deploy the app. 2. Tomcat with autoDeploy off, but re-deploying requires a 
> Tomcat restart because the deploy API does not seem to be working as 
> advertised.
> Has anybody made this work with this configuration?
> ADDITIONAL INFORMATION
> I turned up the logging on Catalina. When I run the first deploy command 
> without the path, I get this set of log entries:
> FINE: Start processing with input 
> [config=file:/my/path/to/tomcat/conf/Catalina/localhost/my-app.xml]Oct 
> 13, 2015 10:04:53 AM 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler processFINE: 
> Socket: 
> [org.apache.tomcat.util.net.SocketWrapper@189651c1:Socket[addr=/0:0:0:0:0:0:0:1,port=45415,localport=8080]],
>  Status in: [OPEN_READ], State out: [OPEN]Oct 13, 2015 10:04:53 AM 
> org.apache.coyote.http11.AbstractHttp11Processor processFINE: Error 
> parsing HTTP request headerjava.io.EOFException: Unexpected EOF read on 
> the socketat 
> org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:168)
> at 
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:982)
> at 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
> at 
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
> at java.util.concurrent.Thread
 P
oolExecutor.runWorker(ThreadPoolExecutor.java:1145)at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
   at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:744)
> Oct 13, 2015 10:04:53 AM 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler processFINE: 
> Socket: 
> [org.apache.tomcat.util.net.SocketWrapper@189651c1:Socket[addr=/0:0:0:0:0:0:0:1,port=45415,localport=8080]],
>  Status in: [OPEN_READ], State out: [CLOSED]Oct 13, 2015 10:04:53 AM 
> org.apache.tomcat.util.threads.LimitLatch countDownFINE: Counting 
> down[http-bio-8080-exec-16] latch=1
> SERVER CONFIG
>  Apache Tomcat 7.0.55 (but confirmed same problem with 7.0.59 and 8.0.12. 
> Tomcat configured to run as a service with tomcat user and group owning the 
> catalina base and subfolders, and the docBase folders outside of the appBase 
> Centos 6.5
> 

The above is pretty much unreadable. Can you reformat please.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to deploy app with Tomcat Manager Text interface using a Context Descriptor

2015-10-13 Thread ptruche 
Sorry about the formatting issue. Here is the corrected 
version.---

My application context is defined as an XML file located in 
`my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`.

    
   
    

`/my/path/to/myApp` contains the WAR file myAppWarFile.war and a number of 
externalized properties that are read by Spring.

Tomcat is configured with autoDeploy turned off. When I start Tomcat, it 
creates `my/path/to/Tomcat/conf/webapps/my-app/` and the WAR file gets unpacked 
into this location as expected, and the application of course can run as 
expected.

When I want to deploy a new version without restarting Tomcat, I run the 
undeploy command as follows:

    curl http://localhost:8080/manager/text/undeploy?path=/my-app --user 
my-username:my-password

... and that works. But when I instruct Tomcat to deploy with the following 
curl statement, I get a failure.

    curl 
http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml
 --user my-username:my-password
    # Tomcat response
    FAIL - Invalid context path null was specified

Adding the path does not help much, I still get a failure.

    curl 
http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml\=/my-app
 --user my-username:my-password

    # Tomcat response
    FAIL - Failed to deploy application at context path /my-app

The worst part is that tailing catalina.out does not yield any insight. And on 
top of that, Tomcat deletes the application context XML file 
`my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`!

Naturally I have reviewed Tomcat documentation 
(https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Deploy_using_a_Context_configuration_%22.xml%22_file)
 and I have googled all day to figure this out, but I have not found anything 
that can help me with this particular configuration.

It feels as though the choice is: 

 1. Tomcat with autoDeploy on (not recommended for production) in which case 
simply dropping the new WAR to `/my/path/to/myApp/` will cause Tomcat to hot 
deploy the app.
 2. Tomcat with autoDeploy off, but re-deploying requires a Tomcat restart 
because the deploy API does not seem to be working as advertised.

Has anybody made this work with this configuration?

ADDITIONAL INFORMATION

I turned up the logging on Catalina. When I run the first deploy command 
without the path, I get this set of log entries:

    FINE: Start processing with input 
[config=file:/my/path/to/tomcat/conf/Catalina/localhost/my-app.xml]
    Oct 13, 2015 10:04:53 AM 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler process
    FINE: Socket: 
[org.apache.tomcat.util.net.SocketWrapper@189651c1:Socket[addr=/0:0:0:0:0:0:0:1,port=45415,localport=8080]],
 Status in: [OPEN_READ], State out: [OPEN]
    Oct 13, 2015 10:04:53 AM org.apache.coyote.http11.AbstractHttp11Processor 
process
    FINE: Error parsing HTTP request header
    java.io.EOFException: Unexpected EOF read on the socket
    at 
org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:168)
    at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:982)
    at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
    at 
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
    at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:744)

    Oct 13, 2015 10:04:53 AM 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler process
    FINE: Socket: 
[org.apache.tomcat.util.net.SocketWrapper@189651c1:Socket[addr=/0:0:0:0:0:0:0:1,port=45415,localport=8080]],
 Status in: [OPEN_READ], State out: [CLOSED]
    Oct 13, 2015 10:04:53 AM org.apache.tomcat.util.threads.LimitLatch countDown
    FINE: Counting down[http-bio-8080-exec-16] latch=1

SERVER CONFIG

    Apache Tomcat 7.0.55 (but confirmed same problem with 7.0.59 and 8.0.12.
    Tomcat configured to run as a service with tomcat user and group owning the 
catalina base and subfolders, and the docBase folders outside of the appBase
    Centos 6.5  From: Mark Thomas <ma...@apache.org>
 To: Tomcat Users List <users@tomcat.apache.org> 
 Sent: Tuesday, October 13, 2015 11:20 AM
 Subject: Re: Unable to deploy app with Tomcat Manager Text interface using a 
Context Descriptor
   
On 13/10/2015 16:09, ptruche wrote:


> My application context is defined as an XML file located in 
> `my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`.
>          name='my_config_dir' value='/my/path/to/myApp' t

Unable to deploy app with Tomcat Manager Text interface using a Context Descriptor

2015-10-13 Thread ptruche 
My application context is defined as an XML file located in 
`my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`.
               

`/my/path/to/myApp` contains the WAR file myAppWarFile.war and a number of 
externalized properties that are read by Spring.
Tomcat is configured with autoDeploy turned off. When I start Tomcat, it 
creates `my/path/to/Tomcat/conf/webapps/my-app/` and the WAR file gets unpacked 
into this location as expected, and the application of course can run as 
expected.
When I want to deploy a new version without restarting Tomcat, I run the 
undeploy command as follows:
    curl http://localhost:8080/manager/text/undeploy?path=/my-app --user 
my-username:my-password
... and that works. But when I instruct Tomcat to deploy with the following 
curl statement, I get a failure.
    curl 
http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml
 --user my-username:my-password    # Tomcat response    FAIL - Invalid context 
path null was specified
Adding the path does not help much, I still get a failure.
    curl 
http://localhost:8080/manager/text/deploy?config=file:/my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml\=/my-app
 --user my-username:my-password
    # Tomcat response    FAIL - Failed to deploy application at context path 
/my-app
The worst part is that tailing catalina.out does not yield any insight. And on 
top of that, Tomcat deletes the application context XML file 
`my/path/to/Tomcat/conf/Catalina/localhost/my-app.xml`!
Naturally I have reviewed Tomcat documentation 
(https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Deploy_using_a_Context_configuration_%22.xml%22_file)
 and I have googled all day to figure this out, but I have not found anything 
that can help me with this particular configuration.
It feels as though the choice is: 
 1. Tomcat with autoDeploy on (not recommended for production) in which case 
simply dropping the new WAR to `/my/path/to/myApp/` will cause Tomcat to hot 
deploy the app. 2. Tomcat with autoDeploy off, but re-deploying requires a 
Tomcat restart because the deploy API does not seem to be working as advertised.
Has anybody made this work with this configuration?
ADDITIONAL INFORMATION
I turned up the logging on Catalina. When I run the first deploy command 
without the path, I get this set of log entries:
    FINE: Start processing with input 
[config=file:/my/path/to/tomcat/conf/Catalina/localhost/my-app.xml]    Oct 13, 
2015 10:04:53 AM org.apache.coyote.AbstractProtocol$AbstractConnectionHandler 
process    FINE: Socket: 
[org.apache.tomcat.util.net.SocketWrapper@189651c1:Socket[addr=/0:0:0:0:0:0:0:1,port=45415,localport=8080]],
 Status in: [OPEN_READ], State out: [OPEN]    Oct 13, 2015 10:04:53 AM 
org.apache.coyote.http11.AbstractHttp11Processor process    FINE: Error parsing 
HTTP request header    java.io.EOFException: Unexpected EOF read on the socket  
      at 
org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:168)
        at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:982)
        at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at 
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
       at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
       at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:744)
    Oct 13, 2015 10:04:53 AM 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler process    FINE: 
Socket: 
[org.apache.tomcat.util.net.SocketWrapper@189651c1:Socket[addr=/0:0:0:0:0:0:0:1,port=45415,localport=8080]],
 Status in: [OPEN_READ], State out: [CLOSED]    Oct 13, 2015 10:04:53 AM 
org.apache.tomcat.util.threads.LimitLatch countDown    FINE: Counting 
down[http-bio-8080-exec-16] latch=1
SERVER CONFIG
 Apache Tomcat 7.0.55 (but confirmed same problem with 7.0.59 and 8.0.12. 
Tomcat configured to run as a service with tomcat user and group owning the 
catalina base and subfolders, and the docBase folders outside of the appBase 
Centos 6.5

Re: Tomcat manager application not using custom ErrorReportingValve !

2015-07-30 Thread Mark Thomas 
On 30/07/2015 07:18, Utkarsh Dave wrote:
 Hi All,
 
 My application has a custom reporting valve in server.xml
 
   Host appBase=webapps autoDeploy=true deployOnStartup=false
 errorReportValveClass=com.path.valves.CustomErrorReportValve
 name=localhost unpackWARs=true
 
 But when I try to access https://server/manager
 I get normal error window page of (the tomcat error page is at
 /tomcat/webapps/manager/WEB-INF/jsp/403.jsp
 
 403 Unauthorized
 
 You are not authorized to view this page. If you have not changed any
 configuration files, please examine the file conf/tomcat-users.xml in your
 installation. That file must contain the credentials to let you use this
 webapp.
 ..
 
 How to have the manager application use the custom error valve ?

Application configured error pages take precedence over any error
reporting valve.

 Do i need to configure manager application separately?

You could remove the error page settings from the Manager app's web.xml.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat manager application not using custom ErrorReportingValve !

2015-07-30 Thread Utkarsh Dave 
Hi All,

My application has a custom reporting valve in server.xml

  Host appBase=webapps autoDeploy=true deployOnStartup=false
errorReportValveClass=com.path.valves.CustomErrorReportValve
name=localhost unpackWARs=true

But when I try to access https://server/manager
I get normal error window page of (the tomcat error page is at
/tomcat/webapps/manager/WEB-INF/jsp/403.jsp

403 Unauthorized

You are not authorized to view this page. If you have not changed any
configuration files, please examine the file conf/tomcat-users.xml in your
installation. That file must contain the credentials to let you use this
webapp.
..

How to have the manager application use the custom error valve ?
Do i need to configure manager application separately?

-Thanks
Utkarsh

Re: Tomcat manager application not using custom ErrorReportingValve !

2015-07-30 Thread Utkarsh Dave 
Thanks a lot Mark.

On Thu, Jul 30, 2015 at 11:50 AM, Mark Thomas ma...@apache.org wrote:

 On 30/07/2015 07:18, Utkarsh Dave wrote:
  Hi All,
 
  My application has a custom reporting valve in server.xml
 
Host appBase=webapps autoDeploy=true deployOnStartup=false
  errorReportValveClass=com.path.valves.CustomErrorReportValve
  name=localhost unpackWARs=true
 
  But when I try to access https://server/manager
  I get normal error window page of (the tomcat error page is at
  /tomcat/webapps/manager/WEB-INF/jsp/403.jsp
  
  403 Unauthorized
 
  You are not authorized to view this page. If you have not changed any
  configuration files, please examine the file conf/tomcat-users.xml in
 your
  installation. That file must contain the credentials to let you use this
  webapp.
  ..
 
  How to have the manager application use the custom error valve ?

 Application configured error pages take precedence over any error
 reporting valve.

  Do i need to configure manager application separately?

 You could remove the error page settings from the Manager app's web.xml.

 Mark


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Configure Tomcat Manager-GUI to use SPNEGO authentication

2015-06-02 Thread Jingru Barr 



 Tomcat version: 7.0.62Platform (OS) - Centos 6.6
Steps I perform1) follow the document 
(http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html) to configure 
Kerbero.      - I use kinit to verify the keytab and service account and it 
shows.        kinit -V -k -t server.keytab 
HTTP/serviceaccountname.mycompany@mycompany.com         Authenticated to 
Kerberos v52) configure server.xml to use Active Directory for JNDI      add 
the following to server.xml between Engine and Realm        Realm   
className=org.apache.catalina.realm.JNDIRealm    
connectionURL=ldap://ADServerName:3268;   authentication=simple   
referrals=follow   connectionName=serviceaccountn...@mycompany.com   
connectionPassword=ServiceAccountpassword    
userSearch=(amp;(objectCategory=person)(sAMAccountName={0}))   
userBase=dc=mycompany,dc=com    userSubtree=true   
roleSearch=(member={0})    roleName=cn    roleSubtree=true   
roleBase=dc=mycompany,dc=com /
3) modify web.xml to change authentication       login-config 
auth-methodSPNEGO/auth-method  realm-nameManager GUI/realm-name  
/login-config
 !-- Security roles referenced by this web application -- security-role   
role-nameIIAG_HER_Everyone/role-name   (this is the AD group name)  
/security-role
The result is still not able to authenticate.  Based on the log, I don't see 
the tomcat try to authenticate using the Kerberos.  Pleae advice further



 

All Status is S Tomcat manager

2015-04-24 Thread Jian Wu 
Hi,

I am running a website with a load balancer (software) and three web
servers, each of which deploys an instance of Tomcat 7. While the other two
web servers look OK, there is one web server which often gives me trouble
after restarting Tomcat.

Basically, the maxThread (2000) is reached and the server is almost not
accessible. When I open the server:8080/manager of that server, I found
that all the Stages under http-nio-8080 are S! The values of BSent
and BRecv are all 0 KB. What does that mean? To solve this problem, the
only way I know is to restart Tomcat, but after several days, the problem
emerges again.

These three servers are deployed in exactly the same way, so it is very
strange that one of them uses all 2000 theads, but the others use only less
than 300 threads! Currently, the load balancer distributes 3/7 traffic to
Server 1, 2/7 traffic to Server 2, and 2/7 traffic to Server 3.  The
problematic server is Server 2.

Thanks
Jian Wu

Re: All Status is S Tomcat manager

2015-04-24 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jian,

On 4/24/15 10:17 AM, Jian Wu wrote:
 I am running a website with a load balancer (software) and three
 web servers, each of which deploys an instance of Tomcat 7.

Just to be clear, you have a single load-balancer, 3 web servers
(httpd?), and 3 Tomcat servers? Or is Tomcat considered a web server
in this scenario?

 While the other two web servers look OK, there is one web server 
 which often gives me trouble after restarting Tomcat.
 
 Basically, the maxThread (2000) is reached and the server is almost
 not accessible.

That's a lot of threads.

 When I open the server:8080/manager of that server, I found that
 all the Stages under http-nio-8080 are S! The values of
 BSent and BRecv are all 0 KB. What does that mean?

Those are metrics I don't recognize. Are these stats kept and shown by
the load balancer?

 To solve this problem, the only way I know is to restart Tomcat,
 but after several days, the problem emerges again.
 
 These three servers are deployed in exactly the same way, so it is
 very strange that one of them uses all 2000 theads, but the others
 use only less than 300 threads! Currently, the load balancer
 distributes 3/7 traffic to Server 1, 2/7 traffic to Server 2, and
 2/7 traffic to Server 3.  The problematic server is Server 2.

Can you post your configuration for Tomcat's Connectors? Remember to
remove any sensitive information that may be in there.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVOlWuAAoJEBzwKT+lPKRYHTIQALHGK6IzqAu0dDmRKmluxcAd
7CFKxg1Te3PyJP7+nIhTlHrlTTBwwP8TE/RGdJgsJW0rG8NxApn+UX+TaI9r9srw
apR9hK49zP7KicmJZygGspSFOdmC1KpuXudV19mbLrdmoWRWKWwZs5d4ujUzemSG
wrfSH7ARAhIczkYrLhwIo/V52k2wwD7DAzzGrcVsNWvhCfFjAhF5d/E/NRk1w8tv
xAGAJCmQFUcpxOFqN3i9T63HiLuotv5kXiL/YuTikNEFbeaf/5C8niunYjVNJsaf
Py1kzW/V8+uPmzhklq1paV0o/aQ3W0RROHF8zGn19I9VBmEMTwN00RprXkaAEsbR
ghLb6XlrCaAk1VxsxMUiimKhrscFsIT5aiPaFdci+Ti7szrluAuhk4a27lMgzBFf
Y5KJ7d3S0cch7TWIYMykymsg5yUPAkPCKgHjoxpWMNmnOqyN0ksJgr7Be4ZlNoJQ
BoIRmPbN29v3x59rDnC9pMQ75e1Ua5gisWrzbWV+KrS2kOQKLhAsEc7dRSGJYOV7
ebrSIZ7msqPTfMywB9t54DEUVGFM90MDs0L1xa+nqTGJA/lX5w6iiCOcCiTAzbb5
yqP+DGr3ifEy91QRwEEU2j4wdlH/0Z3k3JuTymFH8D3UlUDjYeOhLQWxJ31gePnL
/r0thS57aPypDbQ+zbqw
=eRCX
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuring Tomcat manager application upload limit

2015-04-17 Thread Dominic Hargreaves 
On Wed, Apr 15, 2015 at 08:33:00AM -0500, Mark Thomas wrote:
 On 15/04/2015 05:28, Dominic Hargreaves wrote:

  I am running the Tomcat manager application via a Debian package
  (tomcat8-admin), which deploys the webapp from
  /usr/share/tomcat8-admin/manager. We ran into a problem hitting th 
  maximum upload size (configured as the multipart-config element in the
  HTMLManager servlet block). This is easy to fix if you're willing to
  edit Debian-packaged files, but this is incorrect: files in /usr/share
  are owned exclusively by dpkg. Is there a way to override this element
  from somewhere in tomcat's conf directory (which is symlinked to
  /etc/tomcat8 in Debian)?
 
 No. The web application setting would take priority.

Okay, thanks for confirming.

  If it's not possible to override this at the moment, then is this a bug
  in Tomcat, or the Debian packaging?
 
 I'd say the bug is in the Debian packaging (but I would say that
 wouldn't I).
 
 Without know how Tomcat is packaged in Debian, I would expect the following:
 - the Manager web application to be a separate, optional package

Yep, it is.

 - the web.xml to be placed in an appropriate location for users to be
 able to edit it.
 
 I took a quick look through the web.xml for the Manager app. There are
 plenty of settings I wouldn't expect to change but there are a handful
 of things that users might want to tweak.
 
 In theory, it should be possible to move those settings to context.xml
 but that would require code changes and would mean do things that were
 contrary to the spirit of the servlet spec so there would likely be
 resistance to such changes from the Tomcat community.
 
 One option would be for Debian to use external entities for the
 configurable elements and place the file that defines those entities
 somewhere where users can edit it.

Okay, that's an interesting idea if it's possible to agree on a sane set :)

Thanks for your feedback!

Cheers,
Dominic.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuring Tomcat manager application upload limit

2015-04-17 Thread Konstantin Kolinko 
2015-04-17 13:52 GMT+03:00 Mark Thomas ma...@apache.org:
 On 17 April 2015 09:37:40 BST, Dominic Hargreaves d...@earth.li wrote:
On Wed, Apr 15, 2015 at 08:33:00AM -0500, Mark Thomas wrote:
 On 15/04/2015 05:28, Dominic Hargreaves wrote:

  I am running the Tomcat manager application via a Debian package
  (tomcat8-admin), which deploys the webapp from
  /usr/share/tomcat8-admin/manager. We ran into a problem hitting th
  maximum upload size (configured as the multipart-config element in
the
  HTMLManager servlet block). This is easy to fix if you're willing
to
  edit Debian-packaged files, but this is incorrect: files in
/usr/share
  are owned exclusively by dpkg. Is there a way to override this
element
  from somewhere in tomcat's conf directory (which is symlinked to
  /etc/tomcat8 in Debian)?

 No. The web application setting would take priority.

Okay, thanks for confirming.

  If it's not possible to override this at the moment, then is this a
bug
  in Tomcat, or the Debian packaging?

 I'd say the bug is in the Debian packaging (but I would say that
 wouldn't I).

 Without know how Tomcat is packaged in Debian, I would expect the
following:
 - the Manager web application to be a separate, optional package

Yep, it is.

 - the web.xml to be placed in an appropriate location for users to be
 able to edit it.

 I took a quick look through the web.xml for the Manager app. There
are
 plenty of settings I wouldn't expect to change but there are a
handful
 of things that users might want to tweak.

 In theory, it should be possible to move those settings to
context.xml
 but that would require code changes and would mean do things that
were
 contrary to the spirit of the servlet spec so there would likely be
 resistance to such changes from the Tomcat community.

 One option would be for Debian to use external entities for the
 configurable elements and place the file that defines those entities
 somewhere where users can edit it.

Okay, that's an interesting idea if it's possible to agree on a sane
set :)

Thanks for your feedback!

 Another option (I think) is to use the property replacement feature. I.e. 
 ${property.name} in web.xml and property.name=foo in catalina.properties

 The only question is if this works in web.xml which I don't recall and I 
 don't have easy access to the source to check. If it doesn't work we should 
 be able to fix that easily.

+1. I am sure that it works in web.xml.

Also things to note:

1) It is recommended to configure an IP filter (RemoteAddrValve) for
manager web application in its context file.

http://tomcat.apache.org/tomcat-8.0-doc/security-howto.html#Securing_Management_Applications

2) It should be possible to shadow (override) WEB-INF/web.xml of an
application by configuring a PreResources element in its context
file,

http://tomcat.apache.org/tomcat-8.0-doc/config/resources.html

3) You can rename the application, configure it, pack into a war and
upload via the default manager app.

The name of the manager application does not matter. It can be renamed.

(If you are running with java SecurityManager enabled, it will require
additional configuration in policy file, and to configure context file
for the application).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuring Tomcat manager application upload limit

2015-04-17 Thread Mark Thomas 
On 17 April 2015 09:37:40 BST, Dominic Hargreaves d...@earth.li wrote:
On Wed, Apr 15, 2015 at 08:33:00AM -0500, Mark Thomas wrote:
 On 15/04/2015 05:28, Dominic Hargreaves wrote:

  I am running the Tomcat manager application via a Debian package
  (tomcat8-admin), which deploys the webapp from
  /usr/share/tomcat8-admin/manager. We ran into a problem hitting th 
  maximum upload size (configured as the multipart-config element in
the
  HTMLManager servlet block). This is easy to fix if you're willing
to
  edit Debian-packaged files, but this is incorrect: files in
/usr/share
  are owned exclusively by dpkg. Is there a way to override this
element
  from somewhere in tomcat's conf directory (which is symlinked to
  /etc/tomcat8 in Debian)?
 
 No. The web application setting would take priority.

Okay, thanks for confirming.

  If it's not possible to override this at the moment, then is this a
bug
  in Tomcat, or the Debian packaging?
 
 I'd say the bug is in the Debian packaging (but I would say that
 wouldn't I).
 
 Without know how Tomcat is packaged in Debian, I would expect the
following:
 - the Manager web application to be a separate, optional package

Yep, it is.

 - the web.xml to be placed in an appropriate location for users to be
 able to edit it.
 
 I took a quick look through the web.xml for the Manager app. There
are
 plenty of settings I wouldn't expect to change but there are a
handful
 of things that users might want to tweak.
 
 In theory, it should be possible to move those settings to
context.xml
 but that would require code changes and would mean do things that
were
 contrary to the spirit of the servlet spec so there would likely be
 resistance to such changes from the Tomcat community.
 
 One option would be for Debian to use external entities for the
 configurable elements and place the file that defines those entities
 somewhere where users can edit it.

Okay, that's an interesting idea if it's possible to agree on a sane
set :)

Thanks for your feedback!

Another option (I think) is to use the property replacement feature. I.e. 
${property.name} in web.xml and property.name=foo in catalina.properties

The only question is if this works in web.xml which I don't recall and I don't 
have easy access to the source to check. If it doesn't work we should be able 
to fix that easily. 


Mark



Cheers,
Dominic.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuring Tomcat manager application upload limit

2015-04-15 Thread Mark Thomas 
On 15/04/2015 05:28, Dominic Hargreaves wrote:
 Hello,
 
 This is reposted from [1] and [2]; the Debian maintainers of the package
 suggested I ask for advice here.
 
 I am running the Tomcat manager application via a Debian package
 (tomcat8-admin), which deploys the webapp from
 /usr/share/tomcat8-admin/manager. We ran into a problem hitting th 
 maximum upload size (configured as the multipart-config element in the
 HTMLManager servlet block). This is easy to fix if you're willing to
 edit Debian-packaged files, but this is incorrect: files in /usr/share
 are owned exclusively by dpkg. Is there a way to override this element
 from somewhere in tomcat's conf directory (which is symlinked to
 /etc/tomcat8 in Debian)?

No. The web application setting would take priority.

 Searching for this problem on the web only results in suggestions about
 editing web.xml directly (eg http://www.giantgeek.com/blog/?p=1000) or
 about different programming approaches using context parameters (if I
 understand correctly; I'm not especially familiar with the jargon).
 
 If it's not possible to override this at the moment, then is this a bug
 in Tomcat, or the Debian packaging?

I'd say the bug is in the Debian packaging (but I would say that
wouldn't I).

Without know how Tomcat is packaged in Debian, I would expect the following:
- the Manager web application to be a separate, optional package
- the web.xml to be placed in an appropriate location for users to be
able to edit it.

I took a quick look through the web.xml for the Manager app. There are
plenty of settings I wouldn't expect to change but there are a handful
of things that users might want to tweak.

In theory, it should be possible to move those settings to context.xml
but that would require code changes and would mean do things that were
contrary to the spirit of the servlet spec so there would likely be
resistance to such changes from the Tomcat community.

One option would be for Debian to use external entities for the
configurable elements and place the file that defines those entities
somewhere where users can edit it.

 Of course I could maintain a local version of the Debian package with
 this overriden, but for such an apparently-obvious piece of configuration
 that seems wrong too.

Agreed.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Configuring Tomcat manager application upload limit

2015-04-15 Thread Dominic Hargreaves 
Hello,

This is reposted from [1] and [2]; the Debian maintainers of the package
suggested I ask for advice here.

I am running the Tomcat manager application via a Debian package
(tomcat8-admin), which deploys the webapp from
/usr/share/tomcat8-admin/manager. We ran into a problem hitting th 
maximum upload size (configured as the multipart-config element in the
HTMLManager servlet block). This is easy to fix if you're willing to
edit Debian-packaged files, but this is incorrect: files in /usr/share
are owned exclusively by dpkg. Is there a way to override this element
from somewhere in tomcat's conf directory (which is symlinked to
/etc/tomcat8 in Debian)?

Searching for this problem on the web only results in suggestions about
editing web.xml directly (eg http://www.giantgeek.com/blog/?p=1000) or
about different programming approaches using context parameters (if I
understand correctly; I'm not especially familiar with the jargon).

If it's not possible to override this at the moment, then is this a bug
in Tomcat, or the Debian packaging?

Of course I could maintain a local version of the Debian package with
this overriden, but for such an apparently-obvious piece of configuration
that seems wrong too.

Thanks,
Dominic.

[1] 
http://serverfault.com/questions/681211/overriding-parts-of-a-webapps-web-xml-in-tomcat-eg-manager-application-max-fil
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782635

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Newbie Question - Topic: Accessing Tomcat Manager

2015-01-25 Thread Konstantin Kolinko 
2015-01-25 9:57 GMT+03:00 Thess Bermudez thessbermu...@gmail.com:
 Hi,

 This may sound very simple. This is surely a newbie question.

 I have installed Tomcat and accessed localhost:8080 and showed that
 installation was successful. I am exploring on the Tomcat Manager but the
 username and password that was defined for manager-gui role is not
 accepted. Is there another step that I may have missed?

 Thank you for your attention,


1. Tomcat reads tomcat-users.xml only once - at startup. Have you
restarted it after making the changes?

2. Check that the file is correct XML.

3. Read Tomcat log files for any unexpected messages.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Newbie Question - Topic: Accessing Tomcat Manager

2015-01-25 Thread André Warnier 

Konstantin Kolinko wrote:

2015-01-25 9:57 GMT+03:00 Thess Bermudez thessbermu...@gmail.com:

Hi,

This may sound very simple. This is surely a newbie question.

I have installed Tomcat and accessed localhost:8080 and showed that
installation was successful. I am exploring on the Tomcat Manager but the
username and password that was defined for manager-gui role is not
accepted. Is there another step that I may have missed?

Thank you for your attention,



1. Tomcat reads tomcat-users.xml only once - at startup. Have you
restarted it after making the changes?

2. Check that the file is correct XML.


2.1 : check that the corresponding section is not surrounded by !-- ... --
   (in other words : that it is not an XML comment)



3. Read Tomcat log files for any unexpected messages.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Newbie Question - Topic: Accessing Tomcat Manager

2015-01-24 Thread Thess Bermudez 
Hi,

This may sound very simple. This is surely a newbie question.

I have installed Tomcat and accessed localhost:8080 and showed that
installation was successful. I am exploring on the Tomcat Manager but the
username and password that was defined for manager-gui role is not
accepted. Is there another step that I may have missed?

Thank you for your attention,

Thess

Using Tomcat manager to deploy application in clustered Tomcat 7.0.42

2014-10-16 Thread Prabhu, Ganesh 
Hi,

I have a question about using tomcat manager to deploy applications when tomcat 
nodes are in a clustered environment.

Setup Description

Tomcat Node 1 : Tomcat version 7.0.42; JDK 1.6 update 27 (clustered)
Tomcat Node 2 ; Tomcat version 7.0.42; JDK 6 update 27 (clustered)

I have verified the cluster to be working fine. When I drop a war file into the 
watch directory of one of these nodes, the war is deployed and replicated to 
the other node.

But I want to deploy applications using Tomcat manager programmatically using 
catalina-ant.jar. So I tried deploying war deployment using tomcat manager. 
When I use Tomcat manager to deploy the war file into one of the nodes, the war 
file is successfully deployed to the selected node, but is not replicated to 
the other node. I also don't see any errors in the logs

Is this a bug in Tomcat?
Can't we use tomcat manager when the Tomcat nodes are clustered?
Is there some other way in which I can achieve remote deployment of war files 
programmatically?

Attachment description

1.   Server_node1.xml - sever.xml of Tomcat node 1

2.   Server_node2.xml - sever.xml of Tomcat Node 2

3.   Catalina_node1.log - log from  Tomcat node 1

4.   Catalina_node2.log - log from Tomcat Node 2

5.   Context_node 1.xml - Context.xml from node1

6.   Context_node 2.xml - Context.xml from node 2


Please let me know if any additional information is needed

Thanks  Regards,
Ganesh





?xml version='1.0' encoding='utf-8'?
!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the License); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an AS IS BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
--
!-- The contents of this file will be loaded for each web application --
Context antiJARLocking=true antiResourceLocking=true distributable=true

!-- Default set of monitored resources --
WatchedResourceWEB-INF/web.xml/WatchedResource

!-- Uncomment this to disable session persistence across Tomcat restarts --
!--
Manager pathname= /
--

!-- Uncomment this to enable Comet connection tacking (provides events
 on session expiration as well as webapp lifecycle) --
!--
Valve className=org.apache.catalina.valves.CometConnectionManagerValve /
--

/Context?xml version='1.0' encoding='utf-8'?
!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the License); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an AS IS BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
--
!-- The contents of this file will be loaded for each web application --
Context antiJARLocking=true antiResourceLocking=true distributable=true

!-- Default set of monitored resources --
WatchedResourceWEB-INF/web.xml/WatchedResource

!-- Uncomment this to disable session persistence across Tomcat restarts --
!--
Manager pathname= /
--

!-- Uncomment this to enable Comet connection tacking (provides events
 on session expiration as well as webapp lifecycle) --
!--
Valve className=org.apache.catalina.valves.CometConnectionManagerValve /
--

/Context?xml version='1.0' encoding='utf-8'?
!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the License); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an AS IS BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either

Deploy new application using tomcat manager - command line.

2014-06-11 Thread N, Ravikiran 
Hi all,

I'm trying to deploy a new application using tomcat manager, since I do not 
have access to the Linux-box where tomcat is running, hence the use of manager. 
I'm trying to follow what is specified in tomcat manager docs provided at 
http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html;, where I'm using 
command as wget 
http://localhost:8080/manager/deploy?path=/myappwar=file:/tmp/myapp.war; , 
this is returning me the error as FAIL - Failed to deploy application at 
context path /myapp. How can I debug this issue. What are the possible ways of 
knowing what the issue is.

Regards,
Ravikiran N

  1   2   3   4   5   6   >