Re: [VOTE] Release Apache Tomcat 7.0.107

2020-11-23 Thread Konstantin Kolinko
ср, 18 нояб. 2020 г. в 16:00, Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.107 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.107/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1286/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.107
> b4237e4390895ad8880c7bf6a96ca2fdc2cd8507
>
> The proposed 7.0.107 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.107 Stable

1. Configuration of HttpHeaderSecurityFilter in examples is broken -
it is missing a
true
As such, all async examples stopped working, failing with error 500.
[[[
java.lang.IllegalStateException: A filter or servlet of the current
chain does not support asynchronous operations.
org.apache.catalina.connector.Request.startAsync(Request.java:1726)
org.apache.catalina.connector.Request.startAsync(Request.java:1719)
org.apache.catalina.connector.RequestFacade.startAsync(RequestFacade.java:1022)
async.Async0.service(Async0.java:44)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
]]]

Not a showstopper, but ugly.

2. Unit tests - OK. Tested on Windows 10,
Java 6u45, 7u80 (32-bit, Oracle)
Java 8u275, 11.0.9. (64-bit, AdoptOpenJDK), Java 15.0.1 (64-bit,
OpenJDK). (running only, code was compiled with Java 6/7 earlier).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: svn/git for website

2020-10-26 Thread Konstantin Kolinko
пт, 2 окт. 2020 г. в 00:09, Mark Thomas :
>
> Hi all,
>
> The topic came up at the BoF session at the end of the Tomcat track of
> migrating the website from svn to git. There were strong opinions both
> for migrating and for sticking with svn.
>
> As a middle ground I'd like to propose we ask Infra to create a git
> mirror of the svn repo.
>
> For those who favour git:
> The git mirror would be read-only but it would be possible to:
> - clone the git mirror
> - make changes in git
> - use git-svn to commit those changes back to svn
> - then the mirror automatically replicates them back to git
>
> For those who favour svn there would be no change.
>
> If there is agreement on this approach, I volunteer to contact infra to
> get it set up.

My proposal at BoF was for a partial mirror.

The issue is that

1. I think that this mirror is intended as a tool to collect feedback
/ patches from random people, and to lower barriers for contribution.

2. The full Tomcat site is large. It includes documentation for all
versions of Tomcat, including javadocs. Those pages are changed rarely
and are not needed for people who contribute small changes for the
site. The source code for those pages is elsewhere.

3. Subversion has easy commands to cope with such large source trees.
This feature is called "sparse checkouts".

For our site the necessary commands are documented in README.txt.
Essentially, it is done with --depth and --set-depth arguments to "svn
checkout" and "svn update" commands

Speaking about Git, there are huge repositories [1] out there, but I
think that the majority of people are not accustomed to them.

[1] https://en.wikipedia.org/wiki/Monorepo

I see that Git developers recently did some work to make dealing with
such repositories simpler, with addition of "git sparse-checkout"
command in Git 2.25.0 [2], released in January 2020.

[2] https://github.com/git/git/blob/v2.25.0/Documentation/RelNotes/2.25.0.txt

Though I think that support in tools is still lacking. E.g. missing in
TortoiseGit. [3]

[3] https://gitlab.com/tortoisegit/tortoisegit/issues/1599


If we go with a full Git mirror or with migration to Git, then I think
that somebody has to prepare an update to README.txt.

If we go with a partial Git mirror, I think it could be named
"tomcat-site-dev", reserving the name "tomcat-site" for a full mirror
if we ever make one.


Ignored paths for git-svn are configured with "--ignore-paths"
argument or with "svn-remote..ignore-paths" configuration
option. [4]

[4] https://git-scm.com/docs/git-svn


Other notes:

4. Release managers use Subversion to publish the binaries.

Thus I expect that they are able to update the published documentation
with Subversion as well.

5. Publishing the javadocs generates small changes over a large number
of files. The script that generates the commit email notes that the
diff is huge and trims it all to a small summary.

If we ever migrate to Git, I wonder whether a similar script in Git is
able to cope with it.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: CATALINA_BASE vs CATALINA_HOME: What must be where?

2020-09-28 Thread Konstantin Kolinko
пн, 28 сент. 2020 г. в 23:04, Christopher Schultz
:
>
> Konstantin,
>
> On 9/27/20 14:33, Konstantin Kolinko wrote:
> > сб, 26 сент. 2020 г. в 18:12, Christopher Schultz
> > :
> >>
> >> All,
> >>
> >> I'm writing about the above topic for ApacheCon @ Home and I wanted to
> >> get some confirmation about a few statements. The code is ... large and
> >> complex and it will be easier to just ask for help from those who Know.
> >>
> >> "
> >> Many files in CATALINA_BASE are optional
> >> * Override those in CATALINA_HOME
> >>  - conf/context.xml
> >
> > I think you are wrong with the above one. By design it has to be in
> > CATALINA_BASE, it cannot be in CATALINA_HOME.
> > E.g.
> > - org.a.c.startup.HostConfig.addGlobalRedeployResources() assumes that
> > the file is in CATALINA_BASE.
> > - org.a.c.startup.CatalinaBaseConfigurationSource#getResources() loads
> > a file from catalinaBase.
>
> My CATALINA_BASE deployments never include a conf/context.xml file. So
> either it's never required or it's only required if the application
> doesn't supply one.

I think that it just is not required. The default file is essentially empty.
It contains just a number of WatchedResource elements. I have not
checked whether there are defaults for them, but as I always run with
 they just do not matter. Maybe that happens
in your use case as well.

(Note that it does not override the file of CATALINA_HOME. The file in
CATALINA_HOME is not read and does not matter.)


By the way, one more thing to mention:
The behaviour of the "lib" directories: According to the value of
property "common.loader" as configured in catalina.properties file,
the libraries and classes are loaded from both base and home. The base
does not overwide home here, but they are combined (in a certain order
- see the value of that property).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: CATALINA_BASE vs CATALINA_HOME: What must be where?

2020-09-27 Thread Konstantin Kolinko
сб, 26 сент. 2020 г. в 18:12, Christopher Schultz
:
>
> All,
>
> I'm writing about the above topic for ApacheCon @ Home and I wanted to
> get some confirmation about a few statements. The code is ... large and
> complex and it will be easier to just ask for help from those who Know.
>
> "
> Many files in CATALINA_BASE are optional
> * Override those in CATALINA_HOME
>  - conf/context.xml

I think you are wrong with the above one. By design it has to be in
CATALINA_BASE, it cannot be in CATALINA_HOME.
E.g.
- org.a.c.startup.HostConfig.addGlobalRedeployResources() assumes that
the file is in CATALINA_BASE.
- org.a.c.startup.CatalinaBaseConfigurationSource#getResources() loads
a file from catalinaBase.

> * Some files are required in CATALINA_BASE
>  - conf/server.xml
>  - conf/catalina.policy
>  - conf/web.xml

catalina.policy is not needed if you are not running with a
SecurotyManager enabled.

> Some Exceptions may be Surprising
> * Only in CATALINA_HOME
>  - bin/setclasspath.sh
.
That is some helper script that should not be customized.

When people modify that file it usually means that they have not read
the documentation and do not know about setenv.sh.

>  - endorsed/ (special Java libraries)

The path to endorsed directory is settable in setenv.sh. The directory
can be anywhere. I have experience of running several Tomcat 7
instances where only some of them had an endorsed directory. And I am
sure that you know that it is a technology that does not work with
modern versions of Java.

>  - bin/bootstrap.jar
> "
>
> Is this all correct?
>
> Am I missing anything?

There may be some "last resort" defaults, e.g. I see that a copy of
catalina.properties is present in catalina.jar. I also see that
CatalinaBaseConfigurationSource#getResources() tries to load a
resource from a ClassLoader, but it would be odd to put configuration
there.

>From the docs I know that a system property "catalina.config" may be
used to override the path to the "catalina.properties" file, but I
personally have not used that feature and do not know whether it is
useful. As documentation for that property is improved in Tomcat 10 vs
Tomcat 7, I think there was some discussion.

http://tomcat.apache.org/tomcat-10.0-doc/config/systemprops.html#Other
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Other

I know that path to server.xml may be specified at the command line.
See o.a.startup.Catalina#arguments() for "-config".
I have not tested whether it works, and I do not see "-config" being
documented in RUNNING.txt or elsewhere in the docs.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 7.0.106

2020-09-19 Thread Konstantin Kolinko
ср, 16 сент. 2020 г. в 14:26, Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.106 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.106/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1279/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.106
> c5d9010a75e99a69f59ba11cc1116d039a113979
>
> The proposed 7.0.106 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.106 Stable

Tested on Windows 10 2004.
Unit tests: OK with
32-bit Oracle Java 6u45 (with several well-known failures), Java 7u80,
64-bit AdoptOpenJDK  Java 8u265, 11.0.8, OpenJDK 15 GA release (15.0.0).

Smoke tests OK. (Java 15)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Deprecated JDBCRealm

2020-09-15 Thread Konstantin Kolinko
пн, 14 сент. 2020 г. в 21:53, Mark Thomas :
>
> All,
>
> I'd like to proposed the following:
> - Deprecated the JDBCRealm in 7.0.x, 8.5.x and 9.0.x
> - Remove the JDBCRealm in 10.0.x
>
> The reasons for this are:
> - The JDBCRealm is single threaded
> - The DataSourceRealm is a better solution
>
> Thoughts?

+1

Looking at documentation [1], it may be improved:

a) Change ordering. It would be better to list DataSourceRealm first,
followed by JDBCRealm.. (Currently JDBCRealm is the first one).

b) Explicitly mention that JDBCRealm uses a single connection in its
own documentation. (Currently documentation for DataSourceRealm
mentions it, but the one for JDBCRealm itself does not).

BTW, JNDIRealm also does not mention that it uses a single connection.

[1] https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Use of "constants" in Manager to generate HTML/CSS content

2020-08-16 Thread Konstantin Kolinko
ср, 12 авг. 2020 г. в 18:48, Christopher Schultz :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Konstantin,
>
> On 8/12/20 10:02, Konstantin Kolinko wrote:
> > вт, 28 июл. 2020 г. в 16:55, Christopher Schultz
> > :
> >>
> >> All,
> >>
> >> I was looking at this PR[1] and wondering why we have huge swaths
> >> of CSS and HTML in a Java source file, instead of using e.g. JSP
> >> or some other content-generation framework.
> >
> > I remember that I once read some praise for being able to use the
> > Manager web application when there is no Jasper and no JSP
> > compiler available. It was more than 5 years ago and I do not
> > remember the details - maybe it was some small system with limited
> > hardware.
>
> Agreed.
>
> > The Manager app does use JSPs nowadays, not for some unimportant
> > pages: listing of sessions and listing attributes of a session.
>
> Okay. Are you suggesting then that JSP can/should be required for
> Manager usage? Or maybe just for certain functions?

JSPs are de-facto required for certain functions, and nobody
complained thus far, as far as I remember.

I think that if we seriously modify the Manager app so that it heavily
relies on JSPs, then
maybe it would be better to precompile those JSP pages at build time.

K.Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Use of "constants" in Manager to generate HTML/CSS content

2020-08-16 Thread Konstantin Kolinko
вс, 16 авг. 2020 г. в 21:32, Igal Sapir :
>
> I don't see any scripts either.  Why not add a CSP and set script to 'none'?  
> I can add that if no one objects.
>

sessionsList.jsp has onclick attributes. Maybe it can be modified to
work without them, I do not know.

K.Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Use of "constants" in Manager to generate HTML/CSS content

2020-08-12 Thread Konstantin Kolinko
вт, 28 июл. 2020 г. в 16:55, Christopher Schultz :
>
> All,
>
> I was looking at this PR[1] and wondering why we have huge swaths of
> CSS and HTML in a Java source file, instead of using e.g. JSP or some
> other content-generation framework.

I remember that I once read some praise for being able to use the
Manager web application when there is no Jasper and no JSP compiler
available. It was more than 5 years ago and I do not remember the
details - maybe it was some small system with limited hardware.

The Manager app does use JSPs nowadays, not for some unimportant
pages: listing of sessions and listing attributes of a session.

> I know, I hate JSP, too, but having large blocks of HTML and CSS in
> Java strings is just ... awful.
>
> Also, is there a particular reason we are using embedded CSS in the
> pages instead of an external CSS file?

Originally it was rather small. It grows with time.

A separate file needs a license header, so the size will grow.

> Ultimately, it would be a good idea to move all CSS and even styles
> into a separate CSS file so we can tighten-up the Content Security
> Policy on the manager app. This can help prevent attacks if there
> happens to be some kind of XSS vulnerability hiding in there somewhere.

I do not get how having a separate file mappers with Content Security Policy.

> Any objections to evicting the CSS to begin with?

No objection, if you want it.

We already have image files. Thus, why not?

> [1] https://github.com/apache/tomcat/pull/327

An odd PR. I see that it makes some visual changes, but there is no
description nor discussion what the actual changes are.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 7.0.105

2020-07-07 Thread Konstantin Kolinko
чт, 2 июл. 2020 г. в 16:08, Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.105 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.105/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1275/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.105
> f95f4e146e7eb463abdd8d7e2c47095d50075d97
>
> The proposed 7.0.105 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.105 Stable

Unit tests are OK, tested with Java 6u45 (32-bit) (with several known
failures on this platform), 7u80 (32-bit), AdoptOpenJDK Java 8.0.252
(64-bit), 11.0.7 (64-bit) on Windows 10,
with an exception of one flaky test that fails occasionally. I filed
the details into Bugzilla:

https://bz.apache.org/bugzilla/show_bug.cgi?id=64583
org.apache.tomcat.websocket.pojo.TestEncodingDecoding /
testAnnotatedEndPoints - testEvent fails occasionally

It is not a showstopper.

Smoke tests are OK.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [tomcat] branch 9.0.x updated: Make `ant -f mvn-pub.xml generic-install` work with the new ant tasks

2020-06-23 Thread Konstantin Kolinko
вт, 23 июн. 2020 г. в 21:12, :
>
> This is an automated email from the ASF dual-hosted git repository.
>
> fhanik pushed a commit to branch 9.0.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/9.0.x by this push:
>  new 919183b  Make `ant -f mvn-pub.xml generic-install` work with the new 
> ant tasks
> 919183b is described below
>
> commit 919183b438e1a2f0004082c69e34accc0c3e2f16
> Author: Filip Hanik 
> AuthorDate: Tue Jun 23 11:11:24 2020 -0700
>
> Make `ant -f mvn-pub.xml generic-install` work with the new ant tasks

1) What is meant by "new tasks"?
I see that mvn.properties.default has
maven-resolver-ant-tasks.version=1.2.0

Does it need an update to 1.2.1 (the latest version at Maven Central,
dated 2020-05-29)?
Or is it about some upcoming/snapshot version?

2) This is 9.0.x. The master/10.0.x branch has not been updated yet.


> ---
>  res/maven/mvn-pub.xml | 5 -
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml
> index ea504a2..15e9380 100644
> --- a/res/maven/mvn-pub.xml
> +++ b/res/maven/mvn-pub.xml
> @@ -50,8 +50,11 @@
>
>  
>
> -
> +
> +  
>
> +  
> +  
>  

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Changing the name of the default branch in our git repos

2020-06-17 Thread Konstantin Kolinko
вт, 16 июн. 2020 г. в 11:02, Mark Thomas :
>
> All,
>
> You may have seen the recent discussions both inside and outside the ASF
> about the user of "master" as the name of the default git branch. If you
> haven't, the short version is that the name can be traced back to
> master/slave and its associations with human slavery.
>
> I'd like to propose that the Apache Tomcat project renames the master
> branch in all of the project repositories.
>
> I think there are two front runners for the new name:
>
> - main - this looks to be the name GitHub and a number of OSS projects
>  will be switching to
>
> - trunk - reflects the Subversion heritage of both the project and the
>   ASF
>
> Other options I have seen suggested include "default", "dev", "develop".
> Other suggestions welcome.

1. My preference is for "trunk". To come back where it was for many
years. It is a well known name that we used for a long time.

2.  I do not like following the hype.
I think a better moment to do a rename will be when 10.0.x is branched
off as a separate branch. That is when some CI servers will have to be
reconfigured.

I think that will be about the time when 7.0.x reaches EOL, end of March 2021.

http://tomcat.apache.org/tomcat-70-eol.html

> This may help for the gradual migration
> https://github.com/chancancode/branch-rename/#gradual-migration

Looking at "Gradual Migration" strategy there, I wonder if maybe we
could create a "10.0.x" branch now (using it as the new name, as
suggested by Martin Grigorov).


BTW, one step is missing there: one has to update the 'HEAD' ref in
Git repository. It is a symbolic reference. GitHub does not show the
file, but it can be seen at gitbox .

https://gitbox.apache.org/repos/asf/tomcat.git/HEAD

Best regards,
Kostantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Likely incorrect wiki redirect

2020-06-11 Thread Konstantin Kolinko
чт, 11 июн. 2020 г. в 20:02, Christopher Schultz :
>
> All,
>
> I'm not sure who can fix this, but when I go to
> wiki.apache.org/tomcat, I'm redirected to
> https://cwiki-test.apache.org/confluence/display/tomcat which returns
> a "Service Unavailable" error.
>
> Without the /tomcat, I get redirected to the new Apache cwiki site as
> expected.
>
> Looks like maybe there is still a Redirect configured for /tomcat that
> should either be removed, or updated to point to the new Tomcat wiki.

The correct path is expected to be
https://cwiki.apache.org/confluence/display/TOMCAT
though downcase "tomcat" apparently works as well.

The wrong URL has "cwiki-test" instead of "cwiki" in the host name.

I do not know where it is configured. It was working correctly several
months ago.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 7.0.104

2020-05-19 Thread Konstantin Kolinko
пн, 18 мая 2020 г. в 20:34, Violeta Georgieva :
>
> I removed the first location because commons-logging 1.1.3 is now available 
> only from the archives.
> So there is no need to check another location.
> Do we intend to update commons-logging version?

1. I am OK for keeping it at 1.1.3, and your patch is a good fix if we
are keeping it at 1.1.3.

2. Personally, I would like it to be updated to 1.2, but
- as we have not done so yet there may be some reason.
- with EOL for 7.0.x coming there is not much interest in such update.

I think that Apache Commons Logging 1.2 does not build a separate
*-adapters.jar, and so our building & shipping of
/extras/tomcat-juli-adapters.jar will be affected.

3. Unrelated to that, the original issue with "downloadfile-2" may
bite someone in the future, as it is used in other versions of Tomcat
as well.

I am glad that I was able to narrow it down to a behaviour change in Java.

I suspect that it is a deal with how redirects are followed. Maybe it
is a deal with http -> https redirection. (As 'base-apache.loc.1'
value uses http:) I wonder whether the behaviour differs for GET vs
HEAD requests.

На пн, 18.05.2020 г. в 19:29 Konstantin Kolinko  написа:
> >
> > пн, 18 мая 2020 г. в 16:20, Violeta Georgieva :
> > >
> > >
> > >
> > > На пт, 8.05.2020 г. в 11:03 Rainer Jung  написа:
> > > >
> > > > It seems commons-logging 1.1.3 is no longer part of the mirrors (only in
> > > > the archive). I had to use
> > > >
> > > > commons-logging.version=1.2
> > > > commons-logging-src.checksum.value=ce977548f1cbf46918e93cd38ac35163|0a134d01e9aeb09b33f4c7450fb41abb7bed9db6
> > > >
> > > > instead of
> > > >
> > > > commons-logging.version=1.1.3
> > > > commons-logging-src.checksum.value=e8e197d628436490886d17cffa108fe3|95f0805de0be927c42f5f6eb14b643cb37e7caad
> > > >
> > > >
> > > > to successfully build.
> > >
> > > This should be fixed
> > > https://github.com/apache/tomcat/commit/d13d3f6d7bdabab543e134bbf7e29621524db3ca
> > >
> > > Can you try it?
> >
> > The "downloadfile-2" target in build.xml should automatically switch
> > from main server to the archive.
> >
> > IIRC, it relies on a check that does a HEAD request.
> >
> > "base-apache.loc.1" URL in build.properties.default was last changed
> > on 2018-07-30
> >
> > Testing, 7.0.104, it depends on the version of Java:
> > - commons-logging-1.1.3 is correctly downloaded when running with Ant
> > 1.9.14 and Java 8u252 (jdk-8.0.252.09-hotspot from AdoptOpenJDK)
> > - The download fails when running with Java 14.0.1 (OpenJDK from Oracle)
> >
> > In February 2020 I was successfully running the downloads with Java 13
> > (13.0.2? for Tomcat 7.0.100).
> >
> > So the issue is caused by some change in the JDK.
> > [...]

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 7.0.104

2020-05-18 Thread Konstantin Kolinko
пн, 18 мая 2020 г. в 16:20, Violeta Georgieva :
>
>
>
> На пт, 8.05.2020 г. в 11:03 Rainer Jung  написа:
> >
> > It seems commons-logging 1.1.3 is no longer part of the mirrors (only in
> > the archive). I had to use
> >
> > commons-logging.version=1.2
> > commons-logging-src.checksum.value=ce977548f1cbf46918e93cd38ac35163|0a134d01e9aeb09b33f4c7450fb41abb7bed9db6
> >
> > instead of
> >
> > commons-logging.version=1.1.3
> > commons-logging-src.checksum.value=e8e197d628436490886d17cffa108fe3|95f0805de0be927c42f5f6eb14b643cb37e7caad
> >
> >
> > to successfully build.
>
> This should be fixed
> https://github.com/apache/tomcat/commit/d13d3f6d7bdabab543e134bbf7e29621524db3ca
>
> Can you try it?

The "downloadfile-2" target in build.xml should automatically switch
from main server to the archive.

IIRC, it relies on a check that does a HEAD request.

"base-apache.loc.1" URL in build.properties.default was last changed
on 2018-07-30

Testing, 7.0.104, it depends on the version of Java:
- commons-logging-1.1.3 is correctly downloaded when running with Ant
1.9.14 and Java 8u252 (jdk-8.0.252.09-hotspot from AdoptOpenJDK)
- The download fails when running with Java 14.0.1 (OpenJDK from Oracle)

In February 2020 I was successfully running the downloads with Java 13
(13.0.2? for Tomcat 7.0.100).

So the issue is caused by some change in the JDK.


With Java 14:
[[[
testexist:
 [echo] Testing  for
../libraries/commons-logging-1.1.3/commons-logging-1.1.3-src.tar.gz

downloadfile-2:

setproxy:

trydownload.check:

trydownload:
  [get] Getting:
http://www.apache.org/dyn/closer.lua?action=download=/commons/logging/source/commons-logging-1.1.3-src.tar.gz
  [get] To: [CENSORED]\libraries\download-343673329.tmp
  [get] 
http://www.apache.org/dyn/closer.lua?action=download=/commons/logging/source/commons-logging-1.1.3-src.tar.gz
moved to 
http://mirror.linux-ia64.org/apache//commons/logging/source/commons-logging-1.1.3-src.tar.gz
  [get] Error opening connection java.io.FileNotFoundException:
http://mirror.linux-ia64.org/apache//commons/logging/source/commons-logging-1.1.3-src.tar.gz
  [get] Error opening connection java.io.FileNotFoundException:
http://mirror.linux-ia64.org/apache//commons/logging/source/commons-logging-1.1.3-src.tar.gz
  [get] Error opening connection java.io.FileNotFoundException:
http://mirror.linux-ia64.org/apache//commons/logging/source/commons-logging-1.1.3-src.tar.gz
  [get] Can't get
http://www.apache.org/dyn/closer.lua?action=download=/commons/logging/source/commons-logging-1.1.3-src.tar.gz
to [CENSORED]\libraries\download-343673329.tmp

BUILD FAILED
]]]

With Java 8:
[[[
testexist:
 [echo] Testing  for
../libraries/commons-logging-1.1.3/commons-logging-1.1.3-src.tar.gz

downloadfile-2:

setproxy:

trydownload.check:

trydownload:

setproxy:

trydownload.check:

trydownload:
  [get] Getting:
https://archive.apache.org/dist/commons/logging/source/commons-logging-1.1.3-src.tar.gz
  [get] To: [CENSORED]\libraries\download-1517317068.tmp
 [echo] Checksum check for commons-logging-1.1.3-src.tar.gz,
algorithm MD5|SHA-1: OK
[mkdir] Created dir: [CENSORED]\libraries\commons-logging-1.1.3
 [move] Moving 1 file to [CENSORED]\libraries\commons-logging-1.1.3
]]]

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Session serialization uses wrapper objects instead of primitives

2020-05-15 Thread Konstantin Kolinko
чт, 14 мая 2020 г. в 18:48, Christopher Schultz :
>
> All,
>
> I'm interested in the history of the StandardSession.writeObjectData
> method. I've been looking at it lately because I'm interested in
> possibly (optionally) encrypting the sessions in the backend session
> store. But this isn't about encryption at all.
>
> The code for StandardSession.doWriteObject(ObjectOutputStream stream)
> looks like this:
>
>
> // Write the scalar instance variables (except Manager)
> stream.writeObject(Long.valueOf(creationTime));
> stream.writeObject(Long.valueOf(lastAccessedTime));
> stream.writeObject(Integer.valueOf(maxInactiveInterval));
> stream.writeObject(Boolean.valueOf(isNew));
> stream.writeObject(Boolean.valueOf(isValid));
> stream.writeObject(Long.valueOf(thisAccessedTime));

If I understand correctly, with objects you can read them with the
same 'readObject()' object method and decide what to do with the
received value.  With primitives you have to decide upfront what
reading method you are going to call, and calling a wrong one will
result in a fatal failure where the rest of the data cannot be read at
all.

For example, StandardSession.doReadObject has the following code:

// The next object read could either be the number of
attributes (Integer) or the session's
// authType followed by a Principal object (not an Integer)
Object nextObject = stream.readObject();
    if (!(nextObject instanceof Integer)) {


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[CONF] Apache Tomcat > ReleaseProcess

2020-04-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
ReleaseProcess 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 06:44 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add link to Bugzilla  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 

 
 
 
 No Format 
 
 
 
 
  svn mv https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.XX https://dist.apache.org/repos/dist/release/tomcat/tomcat-7/v7.0.XX  
 
 
 

 
 
 
 No Format 
 
 
 
 
  svn checkout --depth immediates https://dist.apache.org/repos/dist/release/tomcat/tomcat-7/   
 
 
 and update the KEYS file there to be the same as the one used for release. (The download page has links pointing to this file).  
Release the Maven artifacts (https://github.com/apache/tomcat/blob/7.0.x/res/maven/README.txt step 4) 
Wait for the mirrors to sync (upto 24 hours depending on what percentage of the mirrors you want to sync) 
Update the website (e.g. http://svn.apache.org/viewvc?view=revision=1500109)Note: the index and oldnews pages are sorted by date. Thus the new announcement pops up to the top of the page. 
Update the docs (see http://svn.apache.org/repos/asf/tomcat/site/trunk/README.txt) 
Announce the release (e.g. http://markmail.org/message/xyantb3ozzmucdjt) to users@t.a.o, cc dev@t.a.o, announce@t.a.o, announce@a.o 
Update the release date in the changelog to the date the files were copied to the the release area in -mm-dd format.E.g. "released 2013-05-03" (for stable versions), "beta, 2007-02-08" (for betas). 
Add the version number in Bugzilla (https://bz.apache.org/bugzilla/ → Administration → Products / versions)  
Drop the artifacts for the previous release from https://dist.apache.org/repos/dist/release/tomcat/tomcat-7/  
Add release data (version and date) to reporter.apache.org - https://reporter.apache.org/addrelease.html?tomcat  
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 7.1.2  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Design and Development Issues

2020-04-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Design and Development Issues 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 06:39 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Move "Release Process" page (migrated from MoinMoin wiki) to the "Development" area and add a link to it here  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
 Building the Tomcat Native Connector binaries for Windows  
 Building the isapi_redirector.dll (mod_jk) for Windows  
 Managing translations  
 Release process for Apache Tomcat  
 Design Issues In progress 
 
 Removing unpackWARs  
 http workshop 2019  
 Jakarta EE Release Numbering  
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 7.1.2  
 
 
  
 
 
 
 
 
 
 
 
 




Re: [tomcat] branch 7.0.x updated: Remove redundant sole path/URI from error page message on SC_NOT_FOUND

2020-04-20 Thread Konstantin Kolinko
пн, 20 апр. 2020 г. в 11:05, Mark Thomas :
>
> On 18/04/2020 20:59, micha...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > michaelo pushed a commit to branch 7.0.x
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/7.0.x by this push:
> >  new 08879ae  Remove redundant sole path/URI from error page message on 
> > SC_NOT_FOUND
> > 08879ae is described below
> >
> > commit 08879aeb5e30933bc0a6aaea6c1fa8a9ef4b8a58
> > Author: Michael Osipov 
> > AuthorDate: Sat Apr 18 20:58:40 2020 +0200
> >
> > Remove redundant sole path/URI from error page message on SC_NOT_FOUND
> >
> > When a component issues a SC_NOT_FOUND don't respond with the path/URI 
> > only in
> > the error message because it does not offer any more detail about the 
> > error,
> > plus the client knows the path/URI already.
>
> Not necessarily. The client has no visibility of forwards or includes.
> In a more complex application it might not be obvious that a forward /
> include has occurred. Including the path for the resource that could not
> be found makes debugging significantly easier.
>
> I think this change should be reverted.

I am -1 on this change. I agree that it should be reverted.

I have seen this message from DefaultServlet many times and it is rather useful.
If a programmer wants to hide the error path, the widely used practice
is to configure a custom error page for the error code 404.

I cannot comment on other servlets (WebdavServlet, SSIServlet,
JSPServlet) touched by this commit.

BTW, see changelog part of this commit:
it adds the same change twice. A remainder from a broken merge?

Best regards,
Konstantin Kolinko

> > ---
> >  java/org/apache/catalina/servlets/DefaultServlet.java |  5 ++---
> >  java/org/apache/catalina/servlets/WebdavServlet.java  |  2 +-
> >  java/org/apache/catalina/ssi/SSIServlet.java  |  6 +++---
> >  java/org/apache/jasper/servlet/JspServlet.java|  3 +--
> >  webapps/docs/changelog.xml| 10 +-
> >  5 files changed, 16 insertions(+), 10 deletions(-)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: svn commit: r1876355 - in /tomcat/site/trunk: docs/download-10.html xdocs/download-10.xml

2020-04-10 Thread Konstantin Kolinko
пт, 10 апр. 2020 г. в 11:36, Mark Thomas :
>
> On 10/04/2020 09:33, ma...@apache.org wrote:
> > Author: markt
> > Date: Fri Apr 10 08:33:58 2020
> > New Revision: 1876355
> >
> > URL: http://svn.apache.org/viewvc?rev=1876355=rev
> > Log:
> > Remove additional / (example on infra.a.o page adds it unnecessarily)
>
> Hmm. Removing this breaks the mirror script (we always get downloads.a.o
> as the closest mirror). Adding it provides an incorrect URL. Yuck.
>
> I'll add it back for now.
>

Mark,

I looked at the links in the HTML text of
https://www.apache.org/mirrors/  page, and all mirror URLs there have
a trailing '/'. So I think that you are right with removing the '/'.

Best regards,
Konstantin Kolinko


> >
> > Modified:
> > tomcat/site/trunk/docs/download-10.html
> > tomcat/site/trunk/xdocs/download-10.xml
> >
> > Modified: tomcat/site/trunk/docs/download-10.html
> > URL: 
> > http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-10.html?rev=1876355=1876354=1876355=diff
> > ==
> > --- tomcat/site/trunk/docs/download-10.html (original)
> > +++ tomcat/site/trunk/docs/download-10.html Fri Apr 10 08:33:58 2020
> > @@ -24,7 +24,7 @@
> >  [define v]10.0.0-M4[end]
> >   > href="https://downloads.apache.org/tomcat/tomcat-10/KEYS;>KEYS |
> >  [v] |
> > - > rel="nofollow">Browse |
> > + > rel="nofollow">Browse |
> >   > href="https://archive.apache.org/dist/tomcat/tomcat-10;>Archives
> >Release Integrity > class="text">
> >  You must

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 7.0.103

2020-03-18 Thread Konstantin Kolinko
пн, 16 мар. 2020 г. в 12:13, Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.103 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.103/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1260/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.103
> c4e59ac215eebff2de5fd9d23fb37fe222bc99c5
>
> The proposed 7.0.103 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.103 Stable

Unit tests pass on Windows 10, all connectors,
ran tests (compiled with Java 6 and Java 7) with Java 6 (Oracle 6u45
32-bit) (with several known failing tests), 7 (Oracle 7u80 32-bit), 8
(AdoptOpenJDK 8u242 64-bit), 11 (AdoptOpenJDK 11.0.6), 14 (OpenJDK GA
release).

A small issue with configuration, filed as
https://bz.apache.org/bugzilla/show_bug.cgi?id=64237
Mime-mapping for *.Z files is broken.
Not a showstopper.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 7.0.101

2020-03-10 Thread Konstantin Kolinko
вт, 10 мар. 2020 г. в 12:13, Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.101 release is now available for voting.
> [...]

FYI, the test org.apache.juli.TestOneLineFormatterMillisPerformance is
broken on Java 6.
4 out of 11 tests there fail with an exception like this:
[[[
Testcase: testMillisHandling[4: format[dd-MMM- HH:mm:ss XXX]] took 0 sec
Caused an ERROR
Illegal pattern character 'X'
java.lang.IllegalArgumentException: Illegal pattern character 'X'
at java.text.SimpleDateFormat.compile(SimpleDateFormat.java:768)
at java.text.SimpleDateFormat.initialize(SimpleDateFormat.java:575)
at java.text.SimpleDateFormat.(SimpleDateFormat.java:500)
at org.apache.juli.DateFormatCache$Cache.(DateFormatCache.java:125)
at org.apache.juli.DateFormatCache$Cache.(DateFormatCache.java:102)
at org.apache.juli.DateFormatCache.(DateFormatCache.java:91)
at org.apache.juli.OneLineFormatter.setTimeFormat(OneLineFormatter.java:111)
at 
org.apache.juli.TestOneLineFormatterMillisPerformance.testMillisHandling(TestOneLineFormatterMillisPerformance.java:58)
]]]

The 'X' (TimeZone) pattern support was added to SimpleDateFormat in Java 7.
Javadoc for SimpleDateFormat for Java 6 and Java 7:
https://docs.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html
https://docs.oracle.com/javase/7/docs/api/java/text/SimpleDateFormat.html

It is not a showstopper, just a broken test. BTW, I wonder why this
test runs at build time at all - there are no assertions there. It
just prints a message to System.out.

I continue testing.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Issue with tomcat-native.git

2020-03-09 Thread Konstantin Kolinko
пн, 9 мар. 2020 г. в 12:44, Michael Osipov :
>
> Folks,
>
> is it just me or is something wrong with tomcat-native.git on GitBox?
>
> > PS C:\Users\osipovmi> git --version
> > git version 2.25.0.windows.1
> > PS C:\Users\osipovmi> git clone 
> > https://gitbox.apache.org/repos/asf/tomcat-native.git
> > Cloning into 'tomcat-native'...
> > remote: Counting objects: 65115, done.
> > remote: Compressing objects: 100% (13385/13385), done.
> > remote: Total 65115 (delta 45424), reused 64843 (delta 45265)
> > Receiving objects: 100% (65115/65115), 12.90 MiB | 52.00 KiB/s, done.
> > Resolving deltas: 100% (45424/45424), done.
> > warning: remote HEAD refers to nonexistent ref, unable to checkout.

IIRC, the HEAD file was referring to non-existent 'trunk' branch
instead of 'master'.

https://gitbox.apache.org/repos/asf/tomcat-native.git/HEAD

I see that this has already been fixed.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [tomcat] branch master updated: Add an option to persist authentication information with the session

2020-02-28 Thread Konstantin Kolinko
ied, the default value of
>  null will be used unless a SecurityManager 
> is
>  enabled in which case the default will be
> -
> java\\.lang\\.(?:Boolean|Integer|Long|Number|String).
> +
> java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;.
>

4). The same  question here.

>
>
> @@ -546,6 +595,15 @@
>  including the distributable element in your web
>  application deployment descriptor (/WEB-INF/web.xml).
>
> +Note that, if persistAuthentication is also set to
> +true, the Principal class present in the 
> session
> +MUST also implement the java.io.Serializable interface in 
> order
> +to make authentication persistence work properly. The actual type of that
> +Principal class is determined by the 
> +Realm implementation used with the application. Tomcat's standard
> +Principal class instantiated by most of the Realms (except
> +JAASRealm) implements java.io.Serializable.
> +
>  The persistence across restarts provided by the
>  StandardManager is a simpler implementation than that
>  provided by the PersistentManager. If robust, production
>

5). In one of source files: (copy-pasting a previous fragment from the diff):

+/**
+ * Return whether authentication information shall be persisted or not.
+ *
+ * @return {@code true}, if authentication information shall be persisted;
+ * {@code false} otherwise
+ */
+private boolean isPersistAuthentication() {
+if (manager instanceof ManagerBase) {
+return ((ManagerBase) manager).getPersistAuthentication();
+}
+return false;
+}

5). Why the getter names are inconsistent?

Here "isPersistAuthentication()" is implemented as a call to
"getPersistAuthentication()".

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: svn commit: r1874468 - in /tomcat/site/trunk: docs/security-8.html xdocs/security-8.xml

2020-02-25 Thread Konstantin Kolinko
вт, 25 февр. 2020 г. в 18:26, Felix Schumacher
:
>
>
> Am 25.02.20 um 10:22 schrieb Felix Schumacher:
>
> Index: xdocs/stylesheets/tomcat-site.xsl
> ===
> --- xdocs/stylesheets/tomcat-site.xsl(Revision 1874497)
> +++ xdocs/stylesheets/tomcat-site.xsl(Arbeitskopie)
> @@ -359,7 +359,7 @@
>
>
> select="$hashlink"/>
> -  
> +  
>
>
>
>
> would take care of using the substring for the text.

The XPath documentation for substring function [1] says that character
positions in that function start with 1 (but any value less than 1 is
treated as 1, so 0 works as well).

[1] https://www.w3.org/TR/1999/REC-xpath-19991116/#function-substring

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Tomcat 7.0.x EOL as 31 March 2021

2020-02-24 Thread Konstantin Kolinko
пт, 21 февр. 2020 г. в 12:52, Mark Thomas :
>
> All,
>
> This has been mentioned in various threads and I don't recall any
> objections. I think it is time for a vote so we can formally announce this.
>
> Announce the EOL date for 7.0.x as 31 March 2021
>
> [x] Yes
> [ ] No, because...

I feel a bit uncomfortable with the date.
Looking into e-mail archives, one of previous e-mails [1] ("Re:
Release Schedule", Aug 14 2019) gave a guess of "end of June 2021".

Though with release schedule of "once in 6 months" there is not much
difference between the dates.

Even if we announce EOL to be at the end of March, if we will want to
make an additional release in the following 3 months it is likely to
be easy to do so (with all download pages etc. still being in place).

Our previous EOLs: [2]
8.0.x: 30 June 2018
6.0.x: 31 December 2016
5.5.x: 30 September 2012

[1] https://markmail.org/message/6xopwtoht257zxgu
[2]:
https://tomcat.apache.org/tomcat-80-eol.html
https://tomcat.apache.org/tomcat-60-eol.html
https://tomcat.apache.org/tomcat-55-eol.html

пн, 24 февр. 2020 г. в 19:37, Emmanuel Bourg :
>
> Debian 8 is the last release to ship Tomcat 7 and the extended support
> will end in June 2020.
>
> Ubuntu 16.04 LTS also has Tomcat 7 and support will stop in April 2021.
>
> The proposed date looks good to me.

Thank you for the dates.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: git-fu is weak

2020-02-24 Thread Konstantin Kolinko
пн, 24 февр. 2020 г. в 19:40, Emmanuel Bourg :
>
> Le 24/02/2020 à 17:33, Christopher Schultz a écrit :
>
> > Any ideas?
>
> I guess you are cherry picking the merge commit, instead of the actual
> commit(s) from the PR branch.
>

https://github.com/apache/tomcat/commit/f124a9c7230227d3eaff9d2dc1c52f82ce10e03f
says: "2 parents 03b2af7 + bf2447b"

I guess that you want this commit:
https://github.com/apache/tomcat/commit/bf2447b4bd9edda25e00c7aaab9fcce455c43f2f

I am not fluent with command-line for this command, as I usually do it
via GUI (provided by TortoiseGit).

"git help cherry-pick" may help you.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[CONF] Apache Tomcat > Jakarta EE Release Numbering

2020-02-14 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Jakarta EE Release Numbering 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 04:23 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Correct typo.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... Jakarta EE 9 will be, as far as Tomcat is concerned, identical to Java EE 8 / Jakarta EE 9 with one notable exception. The package names for many of the Jakarta EE packages will change from javax.* to jakarta.* ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 7.1.2  
 
 
  
 
 
 
 
 
 
 
 
 




Re: [VOTE] Release Apache Tomcat 7.0.100

2020-02-13 Thread Konstantin Kolinko
вт, 11 февр. 2020 г. в 12:08, Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.100 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.100/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1247/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.100
> a1ea109bf367ad32361396348845ffd6e524d115
>
> The proposed 7.0.100 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.100 Stable

Unit tests OK.
Tested on Windows 10.
- Java 6u45 (Oracle), Java 13.0.2 (OpenJDK) x All connectors
- Java 7u80 (Oracle), Java 8u242 (AdoptOpenJDK), Java 11.0.6
(AdoptOpenJDK) x Nio connector.

Smoke testing OK.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Numbering schemes for future releases

2020-02-12 Thread Konstantin Kolinko
Hi!

пн, 10 февр. 2020 г. в 12:47, Mark Thomas :
>
>  [...]
>
> I have tried to express the various options I have seen proposed in a
> similar way so we can compare them. If I have missed one or you think of
> a different one then please post it.
>
> Option A: [...] Option D:

1. If we are going to release a version of Tomcat for Jakarta EE 9,
I need a proper version number to name it, and "10.0.0" is not such a number.

As such, I am strongly -1 to option A.

2. Option C looks like a waste. It may occur naturally if it takes too long to
stabilize Tomcat and Jakarta EE 10 comes sooner.

I am -0 to Option C.

3. I like both "B" and "D".

I think that we can go with "D", but be prepared to switch to "B" in
case if Jakarta EE 10 occurs to be much different from Jakarta EE 9.

The deciding point for me will be whether Jakarta EE 10 allows running
with Java 8.
If it does not, I would prefer option "B" rather than "D".

Re: Mark's
> I don't like option B because the off-by-one issue between Jakarta EE
> and Tomcat.

For me aligning Tomcat version and Jakarta EE is not a practical goal.
It did not happen before. It may occur naturally, but I do not like to
aim for it.

Offtopic: I had a similar discussion in another project several years
ago, and the outcome was that there is no need for an alignment (The
discussion was about aligning TortoiseSVN with Apache Subversion).
[1][2]

[1] https://subvserion.markmail.org/thread/s3d7sz4percblwbv
[2] https://tortoisesvn.markmail.org/thread/f63wx54jzclngojo

Re: Remy's
> -1 for option B also because the EOL of that "major" Tomcat 10 branch may be 
> way too quick for a major branch.

I think that nowadays it is OK to have a major branch that is not a
LTS one. It has not happen in Tomcat yet, but It happens in many other
projects.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 10.0.0.0-M1

2020-02-06 Thread Konstantin Kolinko
чт, 6 февр. 2020 г. в 15:06, Rémy Maucherat :
>> >> >
>> >> > The proposed Apache Tomcat 10.0.0.0-M1 release is now available for
>> >> > voting. This is the first release of 10.0.0.x and is based on 9.0.31.
>> >>
>> >> It is odd to see 4 numbers in "10.0.0.0" instead of the usual 3
>> >> "10.0.0", "10.0.x".
>> >>
>> >> Was it intended?
>> >
>> >
>> > Yes, it is all explained in the release plan for Jakarta. 10.0.0.x with 
>> > Jakarta EE 9 will be followed by the "real" release which will be 10.0.1 
>> > (then 10.0.2, 10.0.3, etc) with Jakarta EE 10 (with stuff actually new in 
>> > it).
>>
>> Thank you for your response, but all this is rather confusing.
>>
>> 1). Why cannot we go with the usual 10.0.x for Jakarta EE 9, followed
>> by 10.0.y for Jakarta EE 10,
>> e.g. see Specifications page in the wiki like it was for WebSocket 1.0
>> and WebSocket 1.1 (since 8.0.13),
>> and maintenance releases of the Servlet specification?
>>
>> [1] 
>> https://cwiki.apache.org/confluence/x/Bi8lBg#Specifications-JavaAPIforWebSocket
>>
> 10.0.0.x will not be immediately EOLed I suppose, so that's why there's an 
> extra number.

This cannot be achieved with the proposed numbering scheme.

When I think about numbering schemes such as semver, or used for
Maven, or RPM packages, the numbers essentially imply that 10.0.0 and
10.0.1 are binary compatible with only minor changes. When you update
a version of a package, version "10.0.1" will silently supersede
"10.0.0". But that is not the case here.

It is rather hard to explain to people that "10.0.0" is a separate of
branch of development and a separate chain of releases.

> The plan was discussed and the final version of it is here: 
> https://cwiki.apache.org/confluence/display/TOMCAT/Jakarta+EE+Release+Numbering

The page says "10.0.0.Mx" (in step 1, step 2)


Trying to achieve exact matching between Tomcat version and EE
specification version does not really matter. E.g. Tomcat 9.0 is Java
EE 8, not 9.


Thus far my vote is

The proposed 10.0.0.0-M1 release is:
[x] Broken - do not release

because of the numbering scheme.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 10.0.0.0-M1

2020-02-06 Thread Konstantin Kolinko
чт, 6 февр. 2020 г. в 14:26, Rémy Maucherat :
>
> On Thu, Feb 6, 2020 at 12:23 PM Konstantin Kolinko  
> wrote:
>>
>> ср, 5 февр. 2020 г. в 22:22, Mark Thomas :
>> >
>> > The proposed Apache Tomcat 10.0.0.0-M1 release is now available for
>> > voting. This is the first release of 10.0.0.x and is based on 9.0.31.
>>
>> It is odd to see 4 numbers in "10.0.0.0" instead of the usual 3
>> "10.0.0", "10.0.x".
>>
>> Was it intended?
>
>
> Yes, it is all explained in the release plan for Jakarta. 10.0.0.x with 
> Jakarta EE 9 will be followed by the "real" release which will be 10.0.1 
> (then 10.0.2, 10.0.3, etc) with Jakarta EE 10 (with stuff actually new in it).

Thank you for your response, but all this is rather confusing.

1). Why cannot we go with the usual 10.0.x for Jakarta EE 9, followed
by 10.0.y for Jakarta EE 10,
e.g. see Specifications page in the wiki like it was for WebSocket 1.0
and WebSocket 1.1 (since 8.0.13),
and maintenance releases of the Servlet specification?

[1] 
https://cwiki.apache.org/confluence/x/Bi8lBg#Specifications-JavaAPIforWebSocket

2) I hope that somebody will update the following pages:
https://tomcat.apache.org/whichversion.html
https://cwiki.apache.org/confluence/display/TOMCAT/Tomcat+Versions
https://cwiki.apache.org/confluence/display/TOMCAT/Specifications

It is a lot better to stick to the existing numbering scheme (even if
we would skip versions: e,g, Tomcat 10 for Jakarta EE 9 that stays as
"alpha", followed by stable Tomcat 11 for Jakarta EE 10), rather that
to invent a new one.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 10.0.0.0-M1

2020-02-06 Thread Konstantin Kolinko
ср, 5 февр. 2020 г. в 22:22, Mark Thomas :
>
> The proposed Apache Tomcat 10.0.0.0-M1 release is now available for
> voting. This is the first release of 10.0.0.x and is based on 9.0.31.

It is odd to see 4 numbers in "10.0.0.0" instead of the usual 3
"10.0.0", "10.0.x".

Was it intended?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[CONF] Apache Tomcat > Debugging

2020-02-06 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Debugging 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 10:26 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Link to existing pages on the same topic. The text was moved to the "Troubleshooting" page.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Too many open file descriptors   Identify the code that opens the descriptors using a tool such as http://file-leak-detector.kohsuke.org/See the following FAQ pages:  
 
 Troubleshooting and Diagnostics  
 Developing → Debugging  
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 7.1.2  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Troubleshooting and Diagnostics

2020-02-06 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Troubleshooting and Diagnostics 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 10:21 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add an item about "File leak detector" (moving it from a top-level "Debugging" page)  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
 How To: Capture a thread dump  
 How To: Capture a heap dump  
 How To: Examine a Stacktrace  
 How To: Configure Tomcat for debugging  
 FAQ: Developing  
 FAQ: Memory  
 Tomcat Memory Leak Protection  
 Notes on using JMX clients  
 Tools JMX Clients 
 
JJConsole: Documentation  
VisualVM: Documentation, Project  
 ... Accessing response objects after their lifetime can lead to security issues in your application, such as sending responses to wrong clients, mixing up responses. If you can reproduce the issue and the above diagnostic does not show your own bug, but a bug in Apache Tomcat, if the problem manifests as a security issue, see how to report it.  Troubleshooting "Too many open file descriptors"   The code that opens the descriptors can be identified using a tool such as http://file-leak-detector.kohsuke.org/   
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 7.1.2  
 
 
  
 
 
 
 
 
 
 
 
 




Glenn Nielsen (was: Updating Tomcat site)

2020-02-03 Thread Konstantin Kolinko
пн, 3 февр. 2020 г. в 10:23, Martin Grigorov :
>
> Hi,
>
> I want to update https://tomcat.apache.org/ci.html to mention the testing on 
> TravisCI on ARM64 architecture.
>
> [...]
>
> P.S. Who is Glenn L. Nielsen ?
>  

Just some quick search

- I do not see him at our "whoweare" page.

- I do not see him in the list of active committers, members or
emeritus members of the ASF.

- (As he was a committer, his ICLA should be in the records. I have
not looked there.)

Searching through mailing list archives
1) E.g. one of release announcements for mod_jk was sent by him:
https://tomcat.markmail.org/thread/sx4arghwi5c2bbpb

2) I see the following commit to Jakarta web site
http://svn.apache.org/viewvc?view=revision=1059704

The commit removed the following text from
jakarta/site/xdocs/site/whoweare.xml

[quote]
   
 Glenn Nielsen (glenn at apache.org)
 
 Glenn is the Unix Programming Coordinator for the Missouri Research
 and Education Network (http://www.more.net/;>MOREnet),
 part of the University of Missouri System.  Major contributions
 include implementation of the Java SecurityManager in Tomcat and five
 JSP tag libraries.  He is a member of the specification group to
 develop a standard tag library for JSP pages.
 
[/quote]


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [tomcat] branch master updated: Add ASLv2 header to the new Travis CI related files

2020-02-03 Thread Konstantin Kolinko
> --- a/res/rat/rat-excludes.txt
> +++ b/res/rat/rat-excludes.txt
> @@ -55,6 +55,8 @@
>
>- Temporary cache files used by Checkstle
>
> +  - Configuration files for third party Continuous Integration systems like 
> Travis CI
> +
>
>  output/build/logs/*
>  output/test-tmp/**
> @@ -184,3 +186,6 @@ output/dist/temp/safeToDelete.tmp
>  **/*.md
>
>  output/res/checkstyle/*
> +
> +.travis.yml
> +.travis/antTest.sh

Excluded are files that do not have proper license headers.
If a file has a license header, there is no need to exclude it.

Links to RAT reports are available here:
https://tomcat.apache.org/ci.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Updating Tomcat site

2020-02-03 Thread Konstantin Kolinko
пн, 3 февр. 2020 г. в 10:23, Martin Grigorov :
>
> Hi,
>
> I want to update https://tomcat.apache.org/ci.html to mention the testing on 
> TravisCI on ARM64 architecture.
>
> I've checked out https://svn.apache.org/repos/asf/tomcat/site/trunk.
> Before doing any changes executing 'ant' produces huge diff because the 
> current version has stripped leading spaces, e.g.:
>
> [...]
>
> I don't see anything in build.xml & build.properties.default that controls 
> this behavior.

Intending is turned on with
   Should I make a no-changes commit just to update the docs/** with the white 
> spaces or should I do some post-processing to keep the whitespaces out ?

It does not matter much. Maybe a separate commit for "xdocs" and one for "docs".

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [PROPOSAL] Tomcat 10: rename language bundles

2020-02-03 Thread Konstantin Kolinko
сб, 1 февр. 2020 г. в 16:31, Michael Osipov :
>
> Am 2020-01-30 um 18:41 schrieb Konstantin Kolinko:
> > ср, 29 янв. 2020 г. в 00:08, Michael Osipov :
> >
> > [...]
> >
> > (Being too strict about language is a barrier that may reject people.)
>
> For those who don't know both, they don't care. For those who know care
> to make it right/consistent. I see no downsides to make it right.
>
> This has nothing to do with American, British, You Name It English. It
> is simply about consistent naming.

I see no positive sides in the proposed renaming,
and I do not feel it to be a right thing.

Some downsides were already mentioned by others. I will write down a
more complete list below.

> For those who don't know both, they don't care.

"i18n" is a more widely known and widely used word.

Familiar words make people feel more comfortable.

> > 2. In multi-module projects built with Apache Maven, one widely used
> > naming convention is to name artifacts produced by the nested modules
> > as -.
> >
> > E.g., a discussion:
> > https://stackoverflow.com/questions/9435460/maven-naming-conventions-for-hierarchical-multiple-module-projects
> >
> > I mean that the current artifact names of "tomcat-i18n-" can
> > be interpreted as module "" in a parent project "tomcat-i18n".
> > It means that those artifacts are part of internationalization effort
> > in Tomcat.
>
> I don't see how this is related?! Nor did I bring up to do any migration
> to Maven or its naming scheme.

I mean that "tomcat-i18n" is the base name.

It is not "tomcat" + "-i18n-de",  but "tomcat-i18n" + "-de", as an example.

The current names are not wrong.


> > 3. Overall, my vote for this proposal is -0.5.
> >
> > It is not a veto, but I do not like it.
>
> So you generally do not object, but don't see a need for?

I really object.
I just do not veto, I do not end the discussion here at once.


If there were other reasons to justify the change (e.g. some
reorganization of packaging), ...

(E.g. all translation files could be packaged into a single jar.)

> I see no downsides ...

To make it clear, the following are externally visible consequences of
such a change:

1. Renaming of artifacts in Maven
2. Renaming of libraries in ${catalina.base}/lib
3. Change of configuration in conf/catalina.properties file (the
libraries are mentioned in a jarsToSkip pattern).

The following are internal changes:
4. Changes in build procedure (in build.xml, res/maven/mvn-pub.xml).
5. Changes in documentation (class-loader-howto.xml mentions the files).

##1-3 are the downsides that downstream consumers of Tomcat would have
to adapt to.

I certainly would have to change some of my scripts that I use with
Tomcat and some configuration settings.

##4-5 are our internal matter.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [tomcat] branch 9.0.x updated: Test Tomcat on ARM64 at TravisCI

2020-02-03 Thread Konstantin Kolinko
Where is the license header?
(maybe the yml file cannot have it, but a sh file must have it)

Where are exclusion rules for Apache RAT checks?
(The configuration file is res/rat/rat-excludes.txt)
https://creadur.apache.org/rat/

How these files are packaged in source distributions?
(LF <-> CRLF conversion shall be configured in build.xml)


пн, 3 февр. 2020 г. в 09:45, :
>
> This is an automated email from the ASF dual-hosted git repository.
>
> mgrigorov pushed a commit to branch 9.0.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/9.0.x by this push:
>  new 58a490b  Test Tomcat on ARM64 at TravisCI
> 58a490b is described below
>
> commit 58a490bfa7429d33cd3437b8470569daa7d9be30
> Author: Martin Tzvetanov Grigorov 
> AuthorDate: Thu Jan 23 11:53:22 2020 +0200
>
> Test Tomcat on ARM64 at TravisCI
>
> (cherry picked from commit e6ebd2346850a14c3ff59a2372169a167958e024)
> ---
>  .travis.yml| 67 
> ++
>  .travis/antTest.sh |  8 +++
>  2 files changed, 75 insertions(+)
>
> diff --git a/.travis.yml b/.travis.yml
> new file mode 100644
> index 000..04a14c9
> --- /dev/null
> +++ b/.travis.yml
> @@ -0,0 +1,67 @@
> +dist: bionic
> +language: java
> +jdk: oraclejdk8
> +arch: arm64
> +
> +addons:
> +apt:
> +  packages:
> +- ant
> +- build-essential
> +- automake
> +- autoconf
> +- tar
> +- libssl-dev
> +- subversion
> +- git
> +- libtool-bin
> +
> +install:
> +- ARCH=`uname -p`
> +- echo $ARCH
> +- 
> JDK_X64="https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08/OpenJDK8U-jdk_x64_linux_hotspot_8u242b08.tar.gz;
> +- 
> JDK_ARM64="https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jdk_aarch64_linux_hotspot_8u232b09.tar.gz;
> +- if test "X$ARCH" = "Xaarch64"; then JDK_URL=$JDK_ARM64; else 
> JDK_URL=$JDK_X64; fi
> +- wget -q $JDK_URL && tar xzf OpenJDK*.tar.gz
> +- mv jdk8* jdk
> +- export JAVA_HOME=`pwd`/jdk
> +- wget -q 
> http://mirrors.netix.net/apache/ant/binaries/apache-ant-1.10.7-bin.tar.gz && 
> tar xzf apache-ant-*-bin.tar.gz
> +- export ANT_HOME=`pwd`/apache-ant-1.10.7
> +- export PATH="$JAVA_HOME/bin:$ANT_HOME/bin:$PATH"
> +- java -version
> +- ant -version
> +- rm -rf $HOME/tmp
> +- export CURR_PWD=`pwd`
> +- svn co -q https://svn.apache.org/repos/asf/apr/apr/branches/1.6.x/ 
> $HOME/tmp/apr
> +- cd $HOME/tmp/apr
> +- ./buildconf
> +- ./configure --prefix=$HOME/tmp/apr-build
> +- make
> +- make install
> +- export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$HOME/tmp/apr-build/lib"
> +- git clone -q https://github.com/apache/tomcat-native.git 
> $HOME/tmp/tomcat-native
> +- cd $HOME/tmp/tomcat-native/native
> +- sh buildconf --with-apr=$HOME/tmp/apr
> +- ./configure --with-apr=$HOME/tmp/apr --with-java-home=$JAVA_HOME 
> --with-ssl=yes --prefix=$HOME/tmp/tomcat-native-build
> +- make
> +- make install
> +- cd $CURR_PWD
> +- yes | cp build.properties.default build.properties
> +- echo "test.threads=16" >> build.properties
> +- echo "test.relaxTiming=true" >> build.properties
> +- echo "test.excludePerformance=true" >> build.properties
> +- echo "test.openssl.path=/dev/null/openssl" >> build.properties
> +- echo "test.apr.loc=$HOME/tmp/tomcat-native-build/lib" >> 
> build.properties
> +
> +
> +script:
> +- ant -q clean
> +- travis_wait 60 "./.travis/antTest.sh"
> +
> +after_failure:
> +- tail -n 5000 ant-test.log
> +- ls -laR $HOME/tomcat-build-libs
> +
> +notifications:
> +email:
> +  - dev@tomcat.apache.org
> \ No newline at end of file
> diff --git a/.travis/antTest.sh b/.travis/antTest.sh
> new file mode 100755
> index 000..155004c
> --- /dev/null
> +++ b/.travis/antTest.sh
> @@ -0,0 +1,8 @@
> +#!/usr/bin/env bash
> +
> +# A helper script for TravisCI builds that saves the std
> +# out and err streams in a log file. This is needed
> +# because otherwise TravisCI complains that there is too
> +# much logging on stdout
> +
> +ant -q test 2>&1 > ant-test.log
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [PROPOSAL] Tomcat 10: rename language bundles

2020-01-30 Thread Konstantin Kolinko
ср, 29 янв. 2020 г. в 00:08, Michael Osipov :
>
> Folks,
>
> I recently worked on some localization issues and noticed that, in my
> opinion, these JARs are incorrectly named:
>
> > tomcat-i18n-cs.jar
> > tomcat-i18n-de.jar
> > tomcat-i18n-es.jar
> > tomcat-i18n-fr.jar
> > tomcat-i18n-ja.jar
> > tomcat-i18n-ko.jar
> > tomcat-i18n-pt-BR.jar
> > tomcat-i18n-ru.jar
> > tomcat-i18n-zh-CN.jar
>
> Most people confuse I18N with L10N -- but they are distinct. According
> to Mozilla [1] Tomcat is internationalized and provides localization
> with those bundles. As far as I understand that, they should be
>
> either tomcat-l10n-.jar or tomcat-nls-.jar
>
> [...]
>
> Comments?

1. Overall, I am not convinced.

I think that for an average foreigner a discussion about what term is
better makes little sense. I know people for whom those words are hard
to pronounce and are a little obscure.

Does changing one "obscure" word with another makes life easier? How?
Does it help to reach some wider audience?

I think that it would be better to keep it simple (KISS) and continue
using the existing historic naming pattern.

I am really proud of 20+ years of history of our project. If there are
some things there that are not proper [American] English, it just
means that there are different people involved with the project, and
it is a good sign.

(Being too strict about language is a barrier that may reject people.)


2. In multi-module projects built with Apache Maven, one widely used
naming convention is to name artifacts produced by the nested modules
as -.

E.g., a discussion:
https://stackoverflow.com/questions/9435460/maven-naming-conventions-for-hierarchical-multiple-module-projects

I mean that the current artifact names of "tomcat-i18n-" can
be interpreted as module "" in a parent project "tomcat-i18n".
It means that those artifacts are part of internationalization effort
in Tomcat.

3. Overall, my vote for this proposal is -0.5.

It is not a veto, but I do not like it.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[CONF] Apache Tomcat > Managing translations

2019-12-13 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Managing translations 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:18 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Note that error 404 is shown only after a sign-in. (I cannot test now, but I think it is, IIRC)  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
 Join Tomcat translations project.A public link, available to everyone. Once you join the project, you can access it via Dashboard page at POEditor site. 
 View Tomcat translations project.This page lists translation status for each language and provides additional controls. Note: Accessing this page requires additional privileges. An error 404 is shown if If you do not have them, an error 404 is shown after your sign-in. 
 Key points: 
 
The Export/Import code that copies to/from POEditor prefixes each property key with the package name to ensure that the keys are always unique. 
In POEditor the keys are known as terms. 
If a value contains a {n} sequence (usually written as [{n}] to distinguish a value from the surrounding text) then it will be processed by a MessageFormatter which means any single quotes must be escaped by using two single quotes. 
The Manager and Host Manager applications use messages that start with "OK - " to indicate success of an operation. This prefix has to be preserved when translating. See Bug 63141 for details. 
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 7.1.1  
 
 
  
 
 
 
 
 
 
 
 
 




Re: [VOTE] Release Apache Tomcat 7.0.99

2019-12-13 Thread Konstantin Kolinko
ср, 11 дек. 2019 г. в 16:52, Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.99 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.99/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1242/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.99
> a94a0258f36d064aa032608a9e99c62018f22d94
>
> The proposed 7.0.99 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.99 Stable

Tested on Windows 10.
Unit tests OK (all connectors, Java 6u45, 7u80 and 13.0.1 from Oracle,
8u232 and 11.0.5 from AdoptOpenJDK)
(a number of failing tests with Java 6u45 are known issues with the tests).
Smoke testing OK.

Noted an issue with i18n of Examples web application, because it uses
ISO-8859-1.
I created a Bugzilla issue,
https://bz.apache.org/bugzilla/show_bug.cgi?id=64000

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[CONF] Apache Tomcat > Managing translations

2019-12-13 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Managing translations 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 09:08 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Arranged the lists and updated the text a bit. Added a permalink.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/vIPzBQ  The Tomcat project uses POEditor to manage translations. ... 
 
 Join Tomcat translations project.A public link, available to everyone. Once you join the project, you can access it via Dashboard page at POEditor site. 
 View Tomcat translations project. This link requires additional privileges (and responds with error 404 unless you have them). This page lists translation status for each language and provides additional controls. Note: Accessing this page requires additional privileges. An error 404 is shown if you do not have them.  
 Key points: 
 
The Export/Import code that copies to/from POEditor prefixes each property key with the package name to ensure that the keys are always unique. 
In POEditor the keys are known as terms. 
If a value contains a {n} sequence (usually written as [{n}] to distinguish a value from the surrounding text) then it will be processed by a MessageFormatter which means any single quotes must be escaped by using two single quotes. 
The Manager and Host Manager applications use messages that start with "OK - " to indicate success of an operation. This prefix has to be preserved when translating. See Bug 63141 for details. 
 The process to synchronise synchronize the Tomcat source code with POEditor works as follows:  
 
 Update English translations in Tomcat: Add or remove keys (terms) to the English LocalStrings.properties files. Make any changes required to the values in the English LocalStrings.properties files.  
Export (the translations from Tomcat:  run org.apache.tomcat.buildutil.translate.Export) the translations  
Import the terms with English translations to POEditor.  
Update the translations for other languages on POEditor web site.  
Export one or more languages (Note: only export translated terms).  
Import (the translations into Tomcat:  run org.apache.tomcat.buildutil.translate.Import) the translations  
 It is recommended that one language is imported at a time and that steps 5 and 6 and 7 are repeated for each language to be imported. Steps 1 to 4 3 are only required when adding terms, removing terms or changing the English translation. For small changes it is possible to make the change in both svn git repository and POEditor - effectively keeping the two in sync manually - and not use the Import/Export process. Care needs to be taken to ensure that the two systems remain synchronized.  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 7.1.1  
 
 
  
 
 
 
 
 
 
 
 
 




Re: [VOTE] Release Apache Tomcat 8.5.50

2019-12-11 Thread Konstantin Kolinko
сб, 7 дек. 2019 г. в 22:54, Mark Thomas :
>
> The proposed Apache Tomcat 8.5.50 release is now available for voting.
>[...]
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.50
> c40ede65ea4fb44b1957ec482f28c7afa71f1b50
>
> The proposed 8.5.50 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.50

Tested on Windows 10.
Unit tests pass with Java 7u80 (Oracle, 32-bit), Java 8u222
(AdoptOpenJDK), Java 13.0.1 (Oracle).
Windows installer works.
Smoke testing OK.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 9.0.30

2019-12-11 Thread Konstantin Kolinko
сб, 7 дек. 2019 г. в 20:24, Mark Thomas :
>
> The proposed Apache Tomcat 9.0.30 release is now available for voting.
>
> The major changes compared to the 9.0.29 release are:
>
> - Correct multiple regressions in the static resource caching related to
>   using URLs provided for cached resources
>
> - Improvements to the Realm interface and implementations
>
> - Bug fixes and improvements to the CORS filter
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.30/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1240/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.30
> 4fab4cc012d0c31852e957d198cb0549f3d6074c
>
> The proposed 9.0.30 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.30

Tested on Windows 10.
Unit tests pass with Java 8u222 (AdoptOpenJDK), Java 13.0.1 (Oracle).
Windows installer works.
Smoke testing OK.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Tag Tomcat 7

2019-12-11 Thread Konstantin Kolinko
вт, 10 дек. 2019 г. в 13:04, Violeta Georgieva :
>
> Hi,
>
> I'm going of prepare Tomcat 7 for a release/vote tomorrow.
> Please reply here if you need more time for additional fixes.

I think it is OK to go.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Tag Tomcat 7

2019-12-11 Thread Konstantin Kolinko
вт, 10 дек. 2019 г. в 20:34, Mark Thomas :
>
> On 10/12/2019 15:23, Mark Thomas wrote:
> > On 10/12/2019 15:20, Konstantin Kolinko wrote:
>
>
> 
>
> >>>> There is a typo in daemon.sh
> >>>>
> >>>> -Dcatalina.base="\"$CATALINA_BASE"\" \
> >
> > Good catch.
> >
> > I've just fixed it. Next task is to figure out how badly it breaks things.
>
> I think I might have got away with this (in terms of impact on the
> current releases).
>
> I did a quick test with the typo in place and a basic test of script
> works as does running in a directory with spaces.
>
> I'm sure there will be some edge cases that are still broken but my
> current plan is to pick up that fix in the next release.

I did a quick test using bash that comes with Git for Windows and
calling the following simple script that prints its arguments (instead
of calling jsvc):

[[[
#!/bin/sh
echo "Arguments:"
while [ $# -gt 0 ]
do
  echo "[$1]"
  shift
done
]]]

I was running with
JSVC=./args.sh
CATALINA_BASE="catalina base"
CATALINA_HOME="catalina home"
etc.

Both variants of quoting result in the same value being printed:
[-Dcatalina.base=catalina base]
[-Dcatalina.home=catalina home]

Thus that typo does not have any consequences.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Tag Tomcat 7

2019-12-10 Thread Konstantin Kolinko
вт, 10 дек. 2019 г. в 18:10, Violeta Georgieva :
>
>
>
> На вт, 10.12.2019 г. в 16:45 Konstantin Kolinko  
> написа:
> >
> > > Re: c06674e09e9f3f43dc0e5c022dc8c311a4285cfd
> > > I'll fix it in a few minutes.
> >
> > Fixed.
> >
> > Another one noted:
> >
> > Re 6ef27808e499d5b84f9789e56dc0e846ef388005
> > > Partial fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63815
> >
> > There is a typo in daemon.sh
> >
> > -Dcatalina.base="\"$CATALINA_BASE"\" \
>
> Which is the line exactly?
>
>
> I see two types only
>
> -Dcatalina.base="$CATALINA_BASE" \
> https://github.com/apache/tomcat/blob/7.0.x/bin/catalina.sh#L363
> https://github.com/apache/tomcat/blob/7.0.x/bin/catalina.sh#L372
>
> -Dcatalina.base="\"$CATALINA_BASE\"" \
> https://github.com/apache/tomcat/blob/7.0.x/bin/catalina.sh#L392
> https://github.com/apache/tomcat/blob/7.0.x/bin/catalina.sh#L400
> https://github.com/apache/tomcat/blob/7.0.x/bin/catalina.sh#L460
> https://github.com/apache/tomcat/blob/7.0.x/bin/catalina.sh#L470
> https://github.com/apache/tomcat/blob/7.0.x/bin/catalina.sh#L523
> https://github.com/apache/tomcat/blob/7.0.x/bin/catalina.sh#L610

It is daemon.sh line 231. It is in the code that implements "start"
command for daemon.
https://github.com/apache/tomcat/blob/7.0.x/bin/daemon.sh#L231

In 9.0.x as well:
https://github.com/apache/tomcat/blob/master/bin/daemon.sh#L231

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Tag Tomcat 7

2019-12-10 Thread Konstantin Kolinko
> Re: c06674e09e9f3f43dc0e5c022dc8c311a4285cfd
> I'll fix it in a few minutes.

Fixed.

Another one noted:

Re 6ef27808e499d5b84f9789e56dc0e846ef388005
> Partial fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63815

There is a typo in daemon.sh

-Dcatalina.base="\"$CATALINA_BASE"\" \

The right double quotes on other lines are quoted differently,
slash+dquote+dquote e.g:
-Dcatalina.home="\"$CATALINA_HOME\"" \

It is hard for me to test whether there are visible consequences of
this typo. It affects 8.5 and 9.0 as well.



вт, 10 дек. 2019 г. в 13:04, Violeta Georgieva :
>
> Hi,
>
> I'm going of prepare Tomcat 7 for a release/vote tomorrow.
> Please reply here if you need more time for additional fixes.
>
> Thanks,
> Violeta

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Tag Tomcat 7

2019-12-10 Thread Konstantin Kolinko
Re: c06674e09e9f3f43dc0e5c022dc8c311a4285cfd

It added a reference to a message
sm.getString("coyoteRequest.changeSessionId"));

but there is no such message in LocalStrings.properties

I'll fix it in a few minutes.


вт, 10 дек. 2019 г. в 13:04, Violeta Georgieva :
>
> Hi,
>
> I'm going of prepare Tomcat 7 for a release/vote tomorrow.
> Please reply here if you need more time for additional fixes.
>
> Thanks,
> Violeta

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [tomcat] branch master updated: may sure the arbitrarily assigned user ID of openshift can deploy a war file.

2019-11-25 Thread Konstantin Kolinko
пн, 25 нояб. 2019 г. в 15:24, :
>
> This is an automated email from the ASF dual-hosted git repository.
>
> jfclere pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>  new a42b94a  may sure the arbitrarily assigned user ID of openshift can 
> deploy a war file.
> a42b94a is described below
>
> --- a/res/tomcat-maven/Dockerfile
> +++ b/res/tomcat-maven/Dockerfile
> @@ -23,6 +23,7 @@ RUN mkdir -m 777 -p /deployments
>  ADD target/tomcat-maven-1.0.jar /deployments/app.jar
>  ADD conf /deployments/conf
>  ADD webapps /deployments/webapps
> +RUN chmod 777 /deployments/webapps

World-writable? Any other way to solve the issue?

The following document [1] (found by Googling):
tells to change directories ownership to group 0 (root) and make the
files writable by that group.
--
RUN chgrp -R 0 /some/directory && \
chmod -R g=u /some/directory
---
(Set owning group id to be 0, recursively (-R).
Set group permissions recursively (-R) to be a copy (=) of the user's
permissions.)

[1] 
https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#use-uid
"OpenShift > 3.11 > Creating Images > Guidelines"
section "Support Arbitrary User IDs"

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[CONF] Apache Tomcat > Monitoring

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Monitoring 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 03:29 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/eColBg   Table of Contents   
 
 
 
 Table of Contents 
 
 
 
 
 
 
 
 
exclude 
Table of Contents 
 
 
  
 
 
  Monitoring Tomcat Monitoring of a running Tomcat instance can be done in several ways, but observing a Tomcat instance via JMX beans will give you the best information available through standard interfaces (i.e. JMX). You can find information about connecting to Tomcat via JMX in the Tomcat Users' Guide. Rather than repeating that information here (which is mostly about configuration, connection, etc.), please go read the official documentation. ... Similar to the HeapMemoryUsage MXBean described above, this one will give you information about the "PermGen" heap generation. Depending upon your garbage collection and other memory settings, you might have different MXBeans under java.lang:type=MemoryPool with different names. You should inspect each one to determine if they would be useful for you to inspect. Tomcat Information  Version Warning   These JMX bean names are accurate for the current version of Tomcat 7 (7.0.37 at the time of this writing). If you are using a different version of Tomcat, you may have to adjust the names of the beans identified on this page.  Thread Usage 
 
  JMX Bean: Catalina:type=Executor,name=[executor name]   
Attributes: poolSize, activeCount  
 ... Not using an Executor 
 
  JMX Bean: Catalina: type=ThreadPool,name="[depends]"   
Attributes: maxThreads, connectionCount  
 This information is largely useless in Tomcat 7, as an Executor is always used and the data can be found there, while the ThreadPool has only initial configuration information: the real-time data is available from the Executor's MBean. Request Throughput 
 
  JMX Bean: Catalina:type=GlobalRequestProcessor,name="[depends]"   
  Attributes: bytesSent, bytesReceived, errorCount, maxTime, requestCount   
  Operations: resetCounters   
 Sessions 
 
  JMX Bean: Catalina:type=Manager,context=[context name],host=[hostname]   
Attributes: activeSessions, sessionCounter, expiredSessions  
 JNDI DataSource  
 
  JMX Bean: Catalina:type=DataSource,context=[context name],host=[hostname],class=javax.sql.DataSource,name="[JNDI name]"   
  Attributes: numActive, numIdle    
 ... Another way to watch a Tomcat application is to use an external monitoring tool.  MoSKito, is an open source solution by Anotheria, is a multi-purpose, non-invasive, interval-based monitoring system kit that collects, stores and provides instant analysis of a Tomcat application’s performance and behavior data. ... Other plug-in-based monitoring software like Nagios or Icinga may need some help interacting with Tomcat's JMXProxyServlet. tools/check_jmxproxy.pl is a Perl script that can be used with these tools to monitor Tomcat via the JMXProxyServlet. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Performance and Monitoring

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Performance and Monitoring 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 03:20 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links. + Drop links to benchmark results articles. Those were 10+ years old.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/oColBg  Preface This is about Tomcat performance. 
 
  Tomcat Performance Concerns   
  How do I increase performance on Tomcat?   
 Other (non-exhaustive) notes: 
 
Stress test your webapp. You can do this via JMeter, siege, flood, and other tools. Google is your friend. 
Tweak your UNIX box! Look at ulimit and kernel parameters. 
Bad design will hurt performance. 
Look at JProbe, or OptimizeIt, or New Relic, or other profiling tools . Lots of people recommend these tools. This is not an endorsement for them, I just notice other people like themfor Java. 
 Questions 
 
 Is Tomcat faster than serving static HTML pages than Apache httpd?  
 Is there an application-specific comparison between Tomcat and Resin or other containers?  
 Is there a comprehensive, up-to-date, detailed benchmark comparing various servlet containers, including Tomcat?  
 How do I configure apache tomcat connectors for a heavy load site?  
 How do I make Tomcat start up faster?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 Is Tomcat faster than serving static HTML pages than Apache httpd?  Yes depending on how you tune it. And NO depending on how you tune it. Anything less starts a religious war. We recommend performing your own benchmarks and see for yourself. ...  Here's one comparing recent versions of Resin and Tomcat running AppFuse.  ...  Yes. Here's the most comprehensive and objective one we've found to date: Web Performance, Inc.'s comparison.  ...  
 
 
 
 Anchor 
 
 
  ...  
 
 
 
 
 
 
 
 
 
 
  
 
 
   
 
 
 
 
 
 
 
Q4 
 
 
 
Q4 
 
 
  
 
 
 How do I configure apache tomcat connectors for a heavy load site?  The following excellent article was written by Mladen Turk. He is a Developer and Consultant for JBoss Inc in Europe, where he is responsible for native integration. He is a long time commiter for Jakarta Tomcat Connectors, Apache Httpd and Apache Portable Runtime projects.  Fronting Tomcat with Apache or IIS - Best Practices  
 
 httphttps://people.apache.org/~mturk/docs/article/ftwai.html  
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q5 
 
 
 
Q5 
 
 
  
 
 
 How do I make Tomcat start up faster?  See HowTo FasterStartUp 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Security

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Security 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 03:07 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/qyolBg  Preface This FAQ section provides help with some security-related issues. If you hear of a vulnerability or its exploitation, please see the security page. The Record There have been no public cases of damage done to a company, organization, or individual due to a Tomcat security issue. There have been no documented cases of data loss or application crashes caused by an intruder. While there have been numerous analyses conducted on Tomcat, partially because this is easy to do with Tomcat's source code openly available, there have been only theoretical vulnerabilities found. All of those were addressed even though there were no documented cases of actual exploitation of these vulnerabilities. ... 
 
There have been several reports of a compromise done via guess of the password of a user of the Manager web application. 
  There was once a bug that blindly clicking-trough the Windows installer configured a manager user with blank password (CVE-2009-3548). This was fixed by April 2010 (Tomcat 5.5.29, 6.0.24 and later are safe).   Please see "Security considerations" pages in Tomcat documentation (linked below) for a reference on how access to Management Applications in Tomcat should be secured.  
 
There have been several reports of compromises via vulnerabilities in 3-rd party web applications deployed on Tomcat. E.g. vulnerabilities in Apache Struts framework were a popular attack target several times in years 2013-2017. E.g. Equifax breach in year 2017. It is unknown whether Equifax has run their application on Tomcat, but there have been a number of similar compromise reports from Tomcat users. Those are not caused by a vulnerability in Tomcat. 
 ... Links 
 
Known vulnerabilitieshttp: https//tomcat.apache.org/security.html  
Security considerations (Tomcat documentation) - — Tomcat 9, Tomcat 8.5, Tomcat  87.0, Tomcat 7  
 Questions 
 
 How do I use OpenSSL to set up my own Certificate Authority (CA)?  
 Oh no! Port 8005 is available for anyone on localhost to shutdown my tomcat!  
 What about Tomcat running as root?  
 How do I force all my pages to run under HTTPS?  
 What is the default login for the manager and admin app?  
 How do I restrict access by ip address or remote host?  
 How do I use jsvc/procrun to run Tomcat on port 80 securely?  
 Has Tomcat's security been independently analyzed or audited?  
 How do I change the Server header in the response?  
 Why are passwords in plain text?  
 How can I restrict the list of ciphers used for HTTPS?  
 Which cipher suites should I use?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 How do I use OpenSSL to set up my own Certificate Authority (CA)?   Using OpenSSL to set up your own CA.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 Oh no! Port 8005 is available for anyone on localhost to shutdown my tomcat!  See these 2 discussions. 
 
 Possible to switch off tcp/ip server shutdown?  
 Tomcat shutdown & security  
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 What about Tomcat running as root?  See these threads: 
 
 Tomcat as root and security issues  
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q4 
 
 
 
Q4 
 
 
  
 
 
 How do I force all my pages to run under HTTPS?   Use security-constraint in web.xml.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q5 
 
 
 
Q5 
 
 
  
 
 
 What is the default login for the manager and admin app?  The admin and manager application do not provide a default login. Doing so would be a security flaw. You need to edit $CATALINA_HOME/conf/tomcat-users.xml file if you are using the default install. See Configuring Manager Application Access for details. Note that there exists malware that tries to guess the manager password. There was once a bug that blindly clicking-trough the Windows installer configured a manager user with blank password (CVE-2009-3548). This was fixed by April 2010 (Tomcat 5.5.29, 6.0.24 and later are safe).  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q6 
 
 
 
Q6 
 
 
  
 
 
 How do I restrict access by ip address or remote host?  By using the RemoteHostValve or RemoteAddrValve. Warning, these valves rely on accurate incoming ip addresses or hostnames. So they can fall victim to spoofing! See also RemoteIpValve. Valve Reference Link   
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q7 
 
 
 
Q7 
 
 
  
 
 
 How

[CONF] Apache Tomcat > Tomcat Versions

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Tomcat Versions 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 02:50 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/CjElBg   Table of Contents   
 
 
 
 Table of Contents 
 
 
 
 
 
 
 
 
exclude 
Table of Contents 
 
 
  
 
 
  Overview This page provides a high-level view of each of the past, current and planned major Tomcat versions. ... The "Process" field in the following tables documents what development model is accepted by that project, either Review-Then-Commit or Commit-Then-Review. For RTC model the changes are first proposed in the STATUS.txt file in the root of the project and have to gain at least 3 "+1" votes before being applied. The project members have agreed on several exceptions from the RTC rule (documented below). ... 
 
Changes to the documentation (including Javadoc) are C-T-R. 
 Via http https://tomcat.markmail.org/thread/2fgydrrhn4qjye3r : 
 
Allow C-T-R for trivial fixes to English messages that are in resource files and those that are inline in the code. This includes typos and rephrasing, but does not include adding/removing message parameters. 
Allow C-T-R for any fixes for non-English resource files. The files must use 7-bit characters only. Other symbols must be escaped with \u, as does native2ascii. 
Require some indication in the commit message for code that usually is covered by RTC, that this commit was done using C-T-R rule. 
 Via http https://tomcat.markmail.org/thread/vwqvurietvliadjf : 
 
The versions that were moved to the archive are C-T-R.   
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Tomcat User mailing list

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Tomcat User mailing list 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 02:58 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/wiolBg  Preface The Tomcat user mailing list is for all your questions about how to use Tomcat. It is a high volume list! For those who can't handle that kind of traffic, you can also get it in digest form. ... Here are some links about how to use mailing lists and standard etiquette in using mailing lists. These links are not Tomcat specific! Please do not contact the author of these documents with questions. 
 
 Netiquette Guidelines (RFC 1855)  
 How To Ask Questions The Smart Way  
 ... 
 
 How do I subscribe?  
 Why won't people answer my question?  
 How do I unsubscribe?  
 Should I post to users or dev?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 How do I subscribe?  See the mailing list page. If you are unable to subscribe, it could be due to your e-mail system mangling your e-mail addresaddress. If you send an e-mail to the list owner to subscribe you to the list, be prepared to wait until the owner has an opportunity to add you to the list.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 Why won't people answer my question?  It could be one of any of the following answers: ... 
 
"help" in the subject line (we know you need help by writing in the first place) 
plz or please in the subject line. We already know you need help. 
ALL CAPS IN THE SUBJECT LINE. (Sorry for anyone emailing from a mainframe) 
Do not place !! (more than 2!) in the subject line. The number of exclamation points has no relation to anyone's interest in answering the question. In fact - it has a higher chance at being ignored. 
Your e-mail has a return receipt. You don't need to know I got the message. 
Select posters who have consistently displayed no desire to research before posting a question. 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 How do I unsubscribe?  See the mailing list page. If you are unable to unsubscribe, it could be due to your e-mail system mangling your e-mail address or you have subscribed under an alias. In that case, maybe this thread will help. If you send an e-mail to the list owner to remove you from the list, be prepared to continue receiving more e-mails from the lists until the owner has an opportunity to remove you from the list.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q4 
 
 
 
Q4 
 
 
  
 
 
 Should I post to users or dev?  tomcat-user is for user based questions for tomcat. That means anyone who is developing any type of software to be used with tomcat. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Troubleshooting and Diagnostics

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Troubleshooting and Diagnostics 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 02:54 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Improve formatting of Table of Contents.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Troubleshooting and Diagnostics techniques.   Permalink to this page: https://cwiki.apache.org/confluence/x/yColBg   Troubleshooting and Diagnostics techniques.   Table of Contents   
 
 
 
 Table of Contents 
 
 
 
 
 
 
 
 
exclude 
Table of Contents 
 
 
  
 
 
  Techniques & Reference 
 
 How To: Capture a thread dump  
 How To: Capture a heap dump  
 How To: Examine a Stacktrace  
 How To: Configure Tomcat for debugging  
 FAQ: Developing  
 FAQ: Memory  
 Tomcat Memory Leak Protection  
 Notes on using JMX clients  
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Windows

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Windows 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 02:45 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/3SolBg  Preface This page addresses various issues related to running Tomcat on a Windows platform. Please see the UsefulLinks for more links related to Windows. ... 
 
 Why do I get Out of Environment Space?  
 When I start up tomcat (or when it is running), I get the error java.lang.IllegalMonitorStateException: current thread not owner  
 Can I turn off case sensitivity?  
 Can I use NTLM authentication?  
 I want to redeploy web applications, how do I prevent resources from getting locked?  
 Can I use UNC paths?  
 Why can't Tomcat see my mapped drive when running as a service?  
 Why aren't access logs showing up in Tomcat on Vista?  
 Why do I get a "HTTP/1.x 400 No Host matches server name" error when I change the "webapps" folder in Tomcat on Vista?  
 How do I add or customize a Windows Service for Tomcat?  
 What are tomcat6wtomcat9w.exe/tomcat6tomcat9.exe (or tomcat7w.exe/tomcat7.exe etc..) ?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 Why do I get Out of Environment Space?  Check the Tomcat README, and this link   
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 When I start up tomcat (or when it is running), I get the error java.lang.IllegalMonitorStateException: current thread not owner  That weird issue was observed many years ago and now is a history. See the Tomcat Bug Report #13723 and Sun Bug Parade report #4776385 for the answer.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 Can I turn off case sensitivity?  It is possible in Tomcat 6 and earlier, but not recommended.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q4 
 
 
 
Q4 
 
 
  
 
 
 Can I use NTLM authentication?  Yes. 
 
 Waffle/JNA (obsolete)  
 Tomcat SPNEGO (obsolete)  
 SPNEGO SF  
 Jespa (commercial) 
 Tomcat IIS Connector  
 Samba JCIFs (obsolete, no NTLMv2) 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q5 
 
 
 
Q5 
 
 
  
 
 
 I want to redeploy web applications, how do I prevent resources from getting locked?  Most locking issues will occur with JARs from /WEB-INF/lib, and are usually caused by access through URLs. Tomcat has mechanisms to allow avoiding locking. Since Tomcat 5.0, a mechanism exists to prevent locking when accessing resources using the getResource method of the URLClassLoader. Many applications, such as Xerces, do not set the use of caching to false before opening the URL connection to a JAR file, and that causes locking. In Tomcat 5.5, this mechanism is disabled by default (as it has a non negligible influence on startup times, and is often useless), and can be enabled using the antiJARLocking attribute of the Context element. If getResource call occurs, resources inside the JARs will be extracted to the work directory of the web application. There is an alternative to this since Tomcat 6.0.24: you can configure a JreMemoryLeakPreventionListener in your server.xml and it will set the URL connection caching to be off by default. There is another lock prevention mechanism in Tomcat 5.5 (antiResourceLocking attribute), which will cause the web application files to be copied to the temp folder and run from this location. This has a larger impact on web application startup times, but obviously prevents locking on all resources of the web application. This also allows more flexible management operations as none of the web application resources will be locked, even while the web application is running (as a special note, when making changes to JSPs without reloading the application, the changes have to be duplicated to the path where the web application resources have been copied in the temp folder).  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q6 
 
 
 
Q6 
 
 
  
 
 
 Can I use UNC paths?  Yes. Make sure that the user that Tomcat is running as is able to access the path. This is particularly important when running Tomcat as a service since the local service account will not have the necessary permissions.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q7 
 
 
 
Q7 
 
 
  
 
 
 Why can't Tomcat see my mapped drive when running as a service?  The mapped drives are part of a user's profile and they are not used when running as a service. You should be OK with UNC paths.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q8 
 
 
 
Q8 
 
 
  
 
 
 Why aren't access logs showing up in Tomcat on Vista?  By default, the Tomcat Windows Servic

[CONF] Apache Tomcat > Memory

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Memory 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 01:00 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  tocPermalink to this page: https://cwiki.apache.org/confluence/x/RSolBg  Preface This page discusses various memory issues. In a nutshell - if your computer has less than 128MB of ram - you will probably have trouble. Anyhow, also read the following threads for other memory related issues: 
 
 java.lang.OutOfMemoryError during deploy  
 Memory requirements  
 Memory Mgmt Tomcat  
 Tomcat Out of memory  
 Tracking memory usage over time  
 Also look at YourKit, or maybe you IDE has a profiling tool in it, or other profiling tools are available. (The following tools were recommended by many people in the past, but now seem to be discontinued by their vendors: JProbe by Quest Software — the company was acquired by Dell, OptimizeIt by Borland). This is not an endorsement for them, I just notice other people like them. ... 
 
 How do I adjust memory settings?  
 Why do I get OutOfMemoryError errors?  
 How much memory is Tomcat/webapp/??? using?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 How do I adjust memory settings?  First look at java -X to determine what parameters to set. Then you can set them via the environment variable CATALINA_OPTS (using JAVA_OPTS also works, but is not recommended). This variable is usually set in a file bin/setenv.sh or bin/setenv.bat that you may need to create by yourselves. The setenv file is documented in RUNNING.txt in your version of Tomcat. The environment variables are described in a comment at the top of catalina.bat or catalina.sh files.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 Why do I get OutOfMemoryError errors?  Many reasons. 
 
You're out of memory. Simple as that - add more to your heap. 
You're out of memory. You have code which is hanging onto object references and the garbage collector can't do its job. Get a profiler to debug this one. 
You ran out of file descriptors. If you are on a *nix system, it has been observed that an OutOfMemoryError can be thrown if you run out of file descriptors. This can occur if your threshold is too low. The ulimit program can help you out here. You also may need to account for socket connections too when thinking about these thresholds. Google is your friend for getting more information about this topic. 
You have too many threads running. Some OS's have a limit to the number of threads which may be executed by a single process. (Which is what the JVM is.) Refer to your OS docs for more information on how to raise this threshold. 
If you have a lot of servlets or JSP's, you may need to increase your permanent generation. By default, it is 64MB. Quadrupling it to be -XX:MaxPermSize=256m might be a good start. 
Your OS limits the amount of memory your process may take. OK, this one is grasping at straws. 
The JVM has a bug. This has been known to happen with JVM1.2.? and using EJB's with another servlet engine. 
Not actually a reason - but on your particular platform, look at the java -X options. They may be VERY helpful. 
 Your classloaders are not being garbage collected. 
You run out of process memory (non java/GC memory), for example when using java.util.zip classes or JNI classes allocating process memory. See Instantiating Inflater/Deflater causes OutOfMemoryError; finalizers not called promptly enough  
 See also OutOfMemory and MemoryLeakProtection.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 How much memory is Tomcat/webapp/??? using?  
 
To find out how much memory Tomcat is using, you might be able to use the Runtime class provided by the JDK. 
You can't find out how much memory a webapp is using. The JVM doesn't give us these detail. 
You can't find out how much memory a ??? is using. The JVM doesn't give us these detail. 
That being said, a memory profiling tool might prove the above statements wrong - but you probably don't want to use them in a production environment. 
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > About

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
About 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 01:02 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/gCklBg  Preface This FAQ is maintained by the Tomcat Committers. The content for this FAQ is usually discovered by lurking in the tomcat-user list. If you wish to make a comment about the FAQ, make the comment on the tomcat-user list. Do not e-mail any of the committers directly and do not e-mail the tomcat-dev list. (Unless other people liked your suggestion and it was accidentally missed by the committers who read the tomcat-user list) Emailing the tomcat-user list will allow a larger audience to immediately learn and critique your findings. ... 
 
 How did Tomcat get its name?  
 How do I contribute a question?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 How did Tomcat get its name?  He (James Duncan Davidson) came up with "Tomcat" since the animal represented something that could take care of itself and fend for itself. That's how he came up with the name.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 How do I contribute a question?  
 
Make sure the question has been asked more than once 
Make sure the answer(s) given are correct 
Select the right FAQ section in Confluence 
Edit Confluence, keeping to the existing format and layout 
Add your question to the list at the start of the page 
Don't forget to add an anchor to the start of your answer 
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Logging

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Logging 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:53 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/KiolBg  Preface This FAQ section provides help with logging-related issues. ... 
 
 Does Tomcat have built-in logging capabilities, and if so how do I use them?  
 What role does commons-logging play in logging?  
 What role does JULI and log4j play in logging?  
 How do I configure commons-logging for use with Tomcat?  
 How should I log in my own webapps?  
 Where does System.out go?  
 How do I rotate catalina.out? 
 Where are the logs when running Tomcat as a Windows service?  
 How do I customize the location of the tomcat logging.properties file?  
 Since java.logging is the default commons-logging implementation in Tomcat, why is it not working in my Linux distribution?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 Does Tomcat have built-in logging capabilities, and if so how do I use them?  The Servlet Specification requires Servlet Containers like Tomcat to provide at least a rudimentary implementation of the ServletContext#log method. Tomcat provides a much richer implementation than required by the Spec, as follows: 
 
Prior to Tomcat 5.5, Tomcat provided a Logger element that you could configure and extend according to your needs. 
Starting with Tomcat 5.5, Logger was removed and Apache Commons-Logging Log is used everywhere in Tomcat. Read the Commons-Logging documentation if you'd like to know how to better use and configure Tomcat's internal logging. See also httphttps://tomcat.apache.org/tomcat-89.0-doc/logging.html  
In Tomcat 7 (and also 6), the logging code is based on a set of classes interacting with the java.util.logging API (JUL), which comes with Java since version 1.4. The Tomcat startup script configures the JVM to use a web-application-aware implementation of the JUL LogManager. This Tomcat logging infrastructure is called JULI, and one can still distinguish its Apache Commons Logging heritage, but the complex configuration has been edited out and the package name changed. 
 Web applications can get logging service by using the Servlet API logging (which not recommended), the JUL interface (which ultimately goes to JULI) or any other preferred interface for which they furnish the jar files and the appropriate configuration (see the respective descriptions for Log4J, SLF4J, logback or Apache Commons Logging for example). To additionally log information about requests going to the web application, "Valves" can be configured in the server.xml file, as described in detail here. For example, inside the  tag: 
 
 
 
 Code Block 
 
 
 
 
 
 
 
 
language 
xml 
 
 
  
 
 
 
 
 


  
 
 
 ... 
 
 
 
   
 
 
  This will produce a log file for each day, such as logs/localhost_access_log.2008-03-10.log, containing the files requested, IP address of the requester, and similar information.  
 
 
 
 No Format 
 
 
 
 
 
128.34.123.121 - - [10/Mar/2008:15:55:57 -0500] "GET /upload/ClickPoints.jsp HTTP/1.1" 200 
  
 
 
 ... 
 
 
 
 
2725 
  
 
 
 In addition, Tomcat does not swallow the System.out and System.err JVM output streams. You may use these streams for elementary logging if you wish, but a more robust approach such as commons-logging or Log4J is recommended for production applications.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 What role does commons-logging play in logging?  Tomcat wants to support multiple logging implementations, so it uses commons-logging. In case that's unclear, think of it like this. You are a Tomcat developer. The car you drive when logging is the commons-logging car. The engine of that car is either JULI or log4j. Without one of these engines, the car goes no where. However regardless of whether you use JULI or log4j, the steering wheel, break, gas pedal, etc. are the same. Related FAQ: What role does JULI and log4j play in logging?   
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 What role does JULI and log4j play in logging?  First see: What role does commons-logging play in logging?  Note in addition that in your own applications you could log directly with JULI or log4j. But once you choose one, you can't easily switch to the other later. If you use commons-logging you can.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q4 
 
 
 
Q4 
 
 
  
 
 
 How do I configure commons-logging for use with Tomcat?  You need to specify a commons-loggin

[CONF] Apache Tomcat > Linux Unix

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Linux Unix 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:33 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/HSolBg  Preface Questions 
 
 I have Tomcat x.y.z installed as part of my OS. Is it good to use?  
 When I run ps (on Linux), why do I see my java process a bazillion times!  
 How do I run without an X server and still get graphics?  
 Tomcat dies after I log out!  
  Catalina.log contains : "SEVERE: StandardServer.await: create[8005] : Throwable occurred: java.net.BindException: The socket name is not available on this system.   
  Examples web application does not start. A ClassNotFoundException occurs.   
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q5 
 
 
 
Q5 
 
 
  
 
 
 I have Tomcat x.y.z installed as part of my OS. Is it good to use?  Many Linux distributions provide a pre-packaged version of Apache Tomcat. These packages work fine and are easy to install for a normal single-instance case, but they make it more difficult for more specific use cases, and more difficult for people on the Tomcat User mailing list to help you. That is because each of these packages distributes the files of Tomcat in different places on the disk, sets different environment variables, sets different links from one directory to the other in the filesystem, etc.. Moreover, some of those packages are notably outdated. So it would be better to install a "standard" tomcat downloaded from the website http https://tomcat.apache.org/, to some directory like /opt/tomcat, and follow the instructions that are given in the "RUNNING.txt" file. ... 
 
Download a "binary" version. There is usually no need to re-compile Tomcat from the source code. 
Either a "tar.gz" or a "zip" file is fine. The "tar.gz" files use GNU extensions to the tar file format (as mentioned in "README" file in the download area). You need a GNU-compatible version of tar to unpack them. 
Learn how to run Tomcat with separate values of CATALINA_HOME and CATALINA_BASE, as explained in "RUNNING.txt". This will simplify further upgrades and maintenance. 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 When I run ps (on Linux), why do I see my java process a bazillion times!  Linux implemented threads as processes. Due to other gory details that is beyond the scope of this FAQ - the ps command doesn't work correctly with respect to threads. You can get more gory details here and here .   
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 How do I run without an X server and still get graphics?  You either need to run headless or run an alternate X-server. Some more information can be found here, here, or here. Or if your are using a JVM 1.4 or better, you can use the system property java.awt.headless=true   
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 Tomcat dies after I log out!  This is a common complaint when using Solaris. Make sure you use nohup and see this thread   
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q4 
 
 
 
Q4 
 
 
  
 
 
  ...  Error message: "SEVERE:  ...   StandardServer.await: create[8005]: Throwable occurred: java.net.BindException: The socket name is not available on this system."  This error message can have 2 causes: 
 
Java on AIX isn't supporting IPv6 properly. Fix by inserting -Djava.net.preferIPv4Stack=true into JAVA_OPTS 2.   
Your networking configuration is not correct. If you attempt to ping localhost and don't see 127.0.0.1 you need to look into your /etc/host.conf (most Unixes/Linux) or /etc/netsvc.conf (AIX) file to ensure that something like "hosts = local, bind" is present. 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q6 
 
 
 
Q6 
 
 
  
 
 
 Examples web application does not start. A ClassNotFoundException occurs.  Go into webapps/examples/WEB-INF/classes and check whether the class file mentioned in the error message does exist. If you downloaded a tar.gz file and used a non-GNU version of tar (e.g. on Solaris) it may use wrong (truncated) file names on files that are deep in the hierarchy. This occurs silently: there may be no error or warning during unpacking. One place that is known to suffer from this is the examples web application. The workaround is to download a "zip" file instead of a "tar.gz" one. thread 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 

[CONF] Apache Tomcat > KnownIssues

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 2 new edits on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
KnownIssues 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comments 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:24 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Corrected formatting.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:23 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 FAQ / Known Issues  Permalink to this page: https://cwiki.apache.org/confluence/x/DColBg  Questions 
 
 What are the known issues in any given Tomcat version?  
 What are the known issues with the Oracle JRE?  
 What are the known issues with the OpenJDK?  
 I'm using the Java ImageIO to dynamically serve images and get strange Exceptions from time to time. Is this a bug in Tomcat?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
TomcatIssues 
 
 
 
TomcatIssues 
 
 
  
 
 
 What are the known issues in any given Tomcat version?  To determine the known issues for any given Tomcat version, you'll need to review the following: ... See chapter Looking for known issues on Tomcat web site.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
OracleJREIssues 
 
 
 
OracleJREIssues 
 
 
  
 
 
 What are the known issues with the Oracle JRE?  
 
 jps.exe and jvisualvm.exe cannot detect tomcat using jdk1.6.0_23 onwards — Fixed in Java 1.6.0_25. 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
OpenJDKIssues 
 
 
 
OpenJDKIssues 
 
 
  
 
 
 What are the known issues with the OpenJDK?  
 
There have been reports that java.util.logging does not work properly in OpenJDK 1.7.0.9 and OpenJDK6 1.6.0_32. The symptom is "java.lang.ClassNotFoundException: 1catalina.org.apache.juli.FileHandler" errors when you start Tomcat. See these threads from March 2013 and July 2013. This issue was absent in earlier versions and should be fixed in a later version of those JDKs. 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
ImageIOIssues 
 
 
 
ImageIOIssues 
 
 
  
 
 
 I'm using the Java ImageIO to dynamically serve images and get strange Exceptions from time to time. Is this a bug in Tomcat?  Imagine you have a servlet which dynamically generates images and serves them via javax.imageio.ImageIO. To write the image to the OutputStream, perhaps you are doing something like this: 
 
 
 
 Code Block 
 
 
 
 
 
 
 
 
language 
java 
 
 
  
 
 
 
 
 
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
BufferedImage img = createMyImage(); // makes a BufferedImage

response.setContentType("image/png");
try (OutputStream out = response.getOutputStream()) { // try-with-resources
ImageIO.write(img, "PNG", out);
} catch (IOException ex) {
// Client aborted connection
}
}
  
 
 
 Now, although there shouldn't be any Exception logged (because the IOException which occurs when the client aborted the connection is ignored), you see strange Exceptions in Tomcat's log which may belong to other Servlets/JSP (at least with Sun/Oracle JVM on Windows), saying that the response has already been committed, although you didn't write anything to it at that time. For example: 
 
 
 
 No Format 
 
 
 
 
 

13.07.2011 00:13:51 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [myApp.MyServlet] in context with path [] threw exception
java.lang.IllegalStateException: Cannot create a session after the response has been committed
	at org.apache.catalina.connector.Request.doGetSession(Request.java:2734)
...
  
 
 
 or maybe you use the ISAPI Redirector for IIS on Windows, and get these logs: 
 
 
 
 No Format 
 
 
 
 
 
[Tue Jul 12 06:04:49.812 2011] [4124:2444] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (1296): wrong message format 0xdaed from 127.0.0.1:8019
  
 
 
  Is this a bug in Tomcat?  Actually, it's a bug (or at least a strange behavior) in the Java ImageIO. When the ImageIO writes to an OutputStream and gets an IOException during writing, it could happen that some later time, when the ImageWriter is garbage-collected, the flush() method is called on that OutputStream. Tomcat recycles OutputStream objects to save resources, so it could be that when flush() is called from the ImageIO, the particular OutputStream object already belongs to another Response, which can produce the above errors, when the Servlet tries to get a Session for example, or can generally lead to broken responses. See also here or this Bug report.  So how to resolve the errors?  To resolve this, I'm using an OutputStream decorator 

[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:09 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... Download the source bundle or grab the source files from Tomcat Git repository (at GitHub). The docs are in the webapps/docs subdirectory. They are in XML format and get processed into the HTML documentation as part of the Tomcat release. ... The best way is to use jsvc, available as part of the commons-daemon Apache Commons Daemon project. ...  One Other way is to put Apache httpd with mod_jk before your Tomcat servers, and use ports >=1024 in the Tomcat(s). However, if httpd is not needed for some other reason, this is the most inefficient approach. ...  Another An other method is to use SetUID scripts (assuming you have the capability) to do this. Here's how I do it. ... There are some other methods available, like using ServletContext.getContextPath() to get the context name of your web application and locate some resources accordingly, or to define  elements in WEB-INF/web.xml file of your web application and then set the values for them in Tomcat context file (META-INF/context.xml). See https://tomcat.apache.org/tomcat-79.0-doc/config/context.html . How do I configure Tomcat Connectors? ... How do I enable Server Side Includes (SSI)? See http https://tomcat.apache.org/tomcat-7.0-doc/ssi-howto.html  How do I install the Administration web app? ... 
 
Add a line to your c:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\tomcat-users.xml file so that you have a user who has admin role. For example, add this line just before the last line (containing ) of the file: 
 
 
  
Restart Tomcat. 
Now when you visit _http://localhost:8080/admin_ you should see a page that asks for a user name and password. If you still see the "no longer loaded" error message in your browser, you must either force a full reload of the web page (in Firefox, hold down Shift key while clicking on the Reload button) or just restart your browser completely. 
 ... If you start Tomcat by using the standard script files (such as CATALINA_HOME/bin/catalina.bat or catalina.sh), this can be done by setting CATALINA_OPTS environment variable. The recommended way to do so is to create a setenv.bat or setenv.sh file, — read RUNNING.txt for details. Let say you want to increase it to 256 MB (as you required but make sure you have enough amount of physical memory/RAM and for 32bit system, use no more than 1.0-1.1 GB heap space size ). Set the CATALINA_OPTS to the value of -Xms256m -Xmx256m. In some cases it is better to set slightly lower size for -Xms. ... This is simply telling, that the items "jms/MyQCF", and "jms/MyQ" exist, and are instances of QueueConnectionFactory, and Queue, respectively. The actual configuration is in context.xml: ... Tomcat Manager web application starting with Tomcat 7.0.58 / 8.0.0 supports a command that outputs a thread dump. (Tomcat 9 documentation, BZ 57261)  StuckThreadDetectionValve valve logs stacktraces of request processing threads that are busy for longer than configured time limit. It is available starting with Tomcat 6.0.36 / 7.0.14. (Tomcat 9 documentation) ... 3. Build your ContextListener: According to the Tomcat's documentation, a Listener is a a component that performs actions when specific events occur, usually Tomcat starting or Tomcat stopping.. We need to instantiate and load our MBean at Tomcat's start. So we build a ContextListener.java file which is placed wherever you want in your project architecture: ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 2 new edits on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comments 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:56 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:50 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... This is simply telling, that the items "jms/MyQCF", and "jms/MyQ" exist, and are instances of QueueConnectionFactory, and Queue, respectively. The actual configuration is in context.xml: ... Thus, if you have JNI code that follows the convention of including a static initilaizer like this: 
 
 
 
 No Format 
 
 
 
 
 

class FooWrapper {
static {
System.loadLibrary("foo");
}

native void doFoo();
  }
  
 
 
 then both this class and the shared library should be placed in the $CATALINA_HOME/shared/lib directory. ... The symptom of this problem that I encountered looked something like this - 
 
 
 
 No Format 
 
 
 
 
 

java.lang.UnsatisfiedLinkError: Native Library WEB-INF/lib/libfoo.so already loaded in another classloader
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1525)
  
 
 
 ... 
 
If you have not already done so begin by creating a new Tomcat context for your application. Navigate to TOMCAT_HOME\conf\Catalina\localhost and create a new file, say, myapp.xml. This will become part of your url, so to access your app you'll have to type *http://localhost:8080/myapp*. 
Enter the following in myapp.xml: 
 
 
 
 
 No Format 
 
 
 
 
 


  
 
 
 
 
This assumes you have a web application containing WEB-INF in c:/workspace/myapp/WebRoot  
Create two environment variables: 
 
 
 
 
 No Format 
 
 
 
 
 

C:\>set JPDA_ADDRESS=1044
C:\>set JPDA_TRANSPORT=dt_socket
  
 
 
 
 
Now, you can launch Tomcat with these debug options: 
 
 
 
 
 No Format 
 
 
 
 
 

TOMCAT_HOME\bin\>catalina jpda start
  
 
 
 
 
Use your IDE to connect to Tomcat through port 1044 
 See also: FAQ/Developing  How do I debug a Tomcat application when Tomcat is run as a Windows service ? ... 
 
Launch a command prompt 
Set the proper CATALINA_HOME environment variable: pointing to tomcat home 
Run the following command: 
 
 
 
 
 No Format 
 
 
 
 
 

%CATALINA_HOME%\bin\tomcat6w.exe //ES//tomcat6
  
 
 
 
 
Select the Java tab in the properties dialog box, 
Add the following two lines to the Java Options text box: 
 
 
 
 
 No Format 
 
 
 
 
 

-Xdebug
-Xrunjdwp:transport=dt_socket,address=127.0.0.1:1044,server=y,suspend=n
  
 
 
 ... For IntelliJ IDEA you choose a remote debug target and set transport to "socket" and mode to "attach" , then you specify the host (127.0.0.1) and port (1044) See also: FAQ/Developing  How do I check whether Tomcat is UP or DOWN? There is no status command ... Here is my code to do this. Consider it public domain and use it as you see fit. Tomcat makes a note of this connection with something like this on the console. 
 
 
 
 No Format 
 
 
 
 
 

May 1, 2007 5:10:35 PM org.apache.catalina.core.StandardServer await
WARNING: StandardServer.await: Invalid command '' received
  
 
 
 Ideally this should be incorporated into org.apache.catalina.util.ServerInfo by some committer. In addition to the shutdown command they should add commands like status (UP or DOWN) and uptime in the await method of org.apache.catalina.core.StandardServer  
 
 
 
 No Format 
 
 
 
 
 

import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.net.Socket;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/**
 * Check to see if Tomcat is UP/DOWN.
 *
 * This parses the server.xml file for the Tomcat admin port and see if
 * we can connect to it. If we can, then the Tomcat is UP otherwise it
 * is DOWN
 *
 * It is invoked as follows:
 *java -Dcatalina.base=c:/tomcat-6.0.10 CatalinaStatus
 *
 * It can also (optionally) shutdown the Tomcat by adding the shutdown
 * command line parameter as follows:
 *
 *java -Dcatalina.base=c:/tomcat-6.0.10 CatalinaStatus shutdown
 *
 * @author Shiraz Kanga 
 */
public class CatalinaStatus
{
  /**
   * Pathname to the server configuration file.
   */
  protected static String configFile = "conf/server.xml";
  protected static String serverShutdown;
  protected static int serverPort;

  /**
   * The application main program.
   *
   * @param args Command line argum

[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:40 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... Here are the three most popular ways:: 
 
Use a classloader's getResource() method to get an url to the properties file and load it into the Properties. The properties file must be located within the webapp classpath (i.e. either WEB-INF/classes/... or in a jar in WEB-INF/lib/). 
  A challenge is to get the classloader when you are in a static initializer:  
 
 
 
 No Format 
 
 
 
 
   
 public class Config {
 private static java.util.Properties prop = new java.util.Properties();
 private static loadProperties() {
  // get class loader
  ClassLoader loader = Config.class.getClassLoader();
  if(loader==null)
loader = ClassLoader.getSystemClassLoader();

  // assuming you want to load application.properties located in WEB-INF/classes/conf/
  String propFile = "conf/application.properties";
  java.net.URL url = ""
  try{prop.load(url.openStream());}catch(Exception e){System.err.println("Could not load configuration file: " + propFile);}
 }

 //
 // add your methods here. prop is filled with the content of conf/application.properties

 // load the properties when class is accessed
 static {
loadProperties();
 }
  }
  
 
 
  This method even works in a standalone java application. So it is my preferred way.  ...  
 
Use a ResourceBundle. See the Java docs for the specifics of how the ResourceBundle class works. Using this method, the properties file must go into the WEB-INF/classes directory or in a jar file contained in the WEB-INF/lib directory. 
Another way is to use the method getResourceAsStream() from the ServletContext class. This allows you update the file without having to reload the webapp as required by the first method. Here is an example code snippet, without any error trapping: 
 
 
 
 
 No Format 
 
 
 
 
 

// Assuming you are in a Servlet extending HttpServlet
// This will look for a file called "/more/cowbell.properties" relative
// to your servlet Root Context
InputStream is = getServletContext().getResourceAsStream("/more/cowbell.properties");
Properties  p  = new Properties();
p.load(is);
is.close();
  
 
 
 ... You cannot share sessions directly across web apps, as that would be a violation of the Servlet Specification. There are workarounds, including using a singleton class loaded from the common classloader repository to hold shared information, or putting some of this shared information in a database or another data store. Some of these approaches have been discussed on the tomcat-user mailing list, whose archives you should search for more information. ... Here's what you would like to do, but it throws ClassCastException: 
 
 
 
 No Format 
 
 
 
 
 

MyPrincipal p = request.getUserPrincipal();
String emailAddress = p.getEmailAddress();
  
 
 
 Here are 4 ways you might get around the classloader boundary: 1) Reflection  
 
 
 
 No Format 
 
 
 
 
 

Principal p = request.getUserPrincipal();
String emailAddress = p.getClass().getMethod("getEmailAddress", null).invoke(p, null);
  
 
 
 ... Rather than move the implementing custom classes up, you could define interfaces for your customs classes, and put the interfaces in the common directory. You're code would look like this: 
 
 
 
 No Format 
 
 
 
 
 

public interface MyPrincipalInterface extends java.security.Principal {
  public String getEmailAddress();
}

public class MyPrincipal implements MyPrincipalInterface {
...
  public String getEmailAddress() {
return emailAddress;
  }
}

public class MyServlet implements Servlet {
  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
MyPrincipalInterface p = (MyPrincipalInterface)request.getUserPrincipal();
String emailAddress = p.getEmailAddress();
...
}
  
 
 
 ... 4) Serializing / Deserializing  ...  You   ...   might   ...   want   ...   to   ...   try   ...   serializing   ...   the   ...   response   ...   of   ...  request.getUserPrincipal()  ...   and   ...   deserialize   ...   it   ...   to   ...   an   ...   instance   ...   of   ...  webapp's MyPrincipal.  How do I get direct access to a Tomcat Realm? Credit: This code is from a post by Yoav Shapira http https://www.yoavshapira.com/ in the user list Sometimes access directly into the Tomcat realm 

[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:31 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Fix formatting and links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... For other parameters, look at the following pages: 
 
 FAQ/Memory  
 OutOfMemory  
 If you are running Tomcat as a Windows service, then environment variables and setenv.bat script have no effect. The relevant settings for the service wrapper application are stored in the Windows registry. They can be edited via Configuration application (tomcatw.exe). See "Java" tab in the configuration dialog. The{{-Xms}} and -Xmx options are configured in fields named "Initial memory pool" and "Maximum memory pool". Other options can be added to "Java Options" field as if they were specified on the command line of java executable. ... Congratulations. You have created and tested a first web application (traditionally called "mywebapp"), users can access it via the URL "http://myhost.company.com/mywebapp". You are very proud and satisfied. But now, how do you change the setup, so that "mywebapp" gets called when the user enters the URL "http://myhost.company.com" ? ...  The   ...   pages   ...   and   ...   code   ...   of   ...   your   ...   "mywebapp"   ...   application   ...   currently   ...   reside   ...   in   ...   (CATALINA_BASE)/webapps/mywebapp/.   ...   In   ...   a   ...   standard   ...   Tomcat   ...   installation,   ...   you   ...   will   ...   notice   ...   that   ...   under   ...   the   ...   same   ...   directory   ...   (CATALINA_BASE)/webapps/,   ...   there   ...   is   ...   a   ...   directory   ...   called   ...  ROOT  ...   (the   ...   capitals   ...   are   ...   important,   ...   even   ...   under   ...   Windows).   ...   That   ...   is   ...   the   ...   residence   ...   of   ...   the   ...  current  ...   Tomcat   ...   default   ...   application,   ...   the   ...   one   ...   that   ...   is   ...   called   ...   right   ...   now   ...   when   ...   a   ...   user   ...   calls   ...   up   ...   "http://myhost.company.com  ...  [:port  ...  ]".   ...   The   ...   trick   ...   is   ...   to   ...   put   ...   your   ...   application   ...   in   ...   its   ...   place.  First stop Tomcat.Then before you replace the current default application, it may be a good idea to make a copy of it somewhere else.Then delete everything under the ROOT directory, and move everything that was previously under the (CATALINA_BASE)/webapps/mywebapp/ directory, toward this (CATALINA_BASE)/webapps/ROOT directory. In other words, what was previously .../mywebapp/WEB-INF should now be .../ROOT/WEB-INF (and not .../ROOT/mywebapp/WEB-INF). ... For more information about this topic in general, consult this page : "Configuration Reference / Context"   Addendum 2: If for some reason you want another method..  If, for some reason, you do not want to deploy your application under the CATALINA_BASE/webapps/ROOT subdirectory, or you do not want to name your war-file "ROOT.war", then read on. But you should first read this : "Configuration Reference / Context" and make sure you understand the implications. ...  Warning: The above recipe on how to obtain a Context for a web application is a bit obsolete and does not work in Tomcat 7 and later (as Server is no longer a singleton). There are other ways to achieve that. An easy one is to add a Valve or Listener to a context, as those classes have access to Tomcat internals. There may be other ways mentioned in the archives of the users mailing list. How do I redirect System.out and System.err to my web page? ... This is simply telling, that the items "jms/MyQCF", and "jms/MyQ" exist, and are instances of QueueConnectionFactory, and Queue, respectively. The actual configuration is in context.xml: ... Basically, you just have to enter your values for  (the WebSphere MQ servers host name),  (the channel name),  (the queue manager name), and  (the queue name). Both these values, the associated names (HOST, PORT, CHAN, ...), and their collection is truly MQ specific. For example, with ActiveMQ, you typically have a broker URL, and a broker name, rather than HOST, PORT, CHAN, ... The main thing to know (and the reason why I am writing this, because it took me some hours to find out): How do I know the property names, their meaning, and possible values? Well, there is an excellent manual, called "WebSphere MQ Using Java&qu

[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 3 new edits on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comments 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:26 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Remove "how to configure a client certificate", a referenced web site no longer exists.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:23 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Change a Tomcat 7 link to point to Tomcat 9.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:21 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Convert links to https. Remove a broken link.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... There are some other methods available, like using ServletContext.getContextPath() to get the context name of your web application and locate some resources accordingly, or to define  elements in WEB-INF/web.xml file of your web application and then set the values for them in Tomcat context file (META-INF/context.xml). See http https://tomcat.apache.org/tomcat-7.0-doc/config/context.html . How do I configure Tomcat Connectors? ... In particular, here are a number of locations for Tomcat Connectors: 
 
 Tomcat Connectors Documentation  
 Tomcat Connectors FAQ  
 Configuring Tomcat Connectors for Apache  
 Connectors How To  
 AJP Connector in Tomcat  7 9 Configuration Reference  
 The following excellent article was written by Mladen Turk. He is a Developer and Consultant for JBoss Inc in Europe, where he is responsible for native integration. He is a long time commiter for Jakarta Tomcat Connectors, Apache Httpd and Apache Portable Runtime projects. 
 
 Fronting Tomcat with Apache or IIS - Best Practices httphttps://people.apache.org/~mturk/docs/article/ftwai.html  
  John Turner has an excellent page about Using Apache HTTP with Apache Tomcat. Several Over the time several different connectors have been built, and some connector projects have been abandoned (so beware of old documentation). ... Setting up SSL Threads from the tomcat-user list  Using VeriSign: 
 
 httphttps://marc.info/?l=tomcat-user=106285452711698=2  
 httphttps://marc.info/?l=tomcat-user=107584265122914=2  
 Using OpenSSL: 
 
 httphttps://marc.info/?l=tomcat-user=106293430225790=2  
 httphttps://marc.info/?l=tomcat-user=106453566416102=2  
 httphttps://marc.info/?l=tomcat-user=106621232531781=2  
 A description of "what SSL is all about anyway": 
 
 httphttps://marc.info/?l=tomcat-user=106692394104667=2  
  HowTo SSL Client Authentication with Fallback to FORM Authentication  See SSLWithFORMFallback   How   ...  See http://java-notes.com/index.php/two-way-ssl-on-tomcat   How do I restrict the list of SSL ciphers used for HTTPS ... For other parameters, look at the following pages: 
 
 FAQ/Memory  
 OutOfMemory  
 If you are running Tomcat as a Windows service, then environment variables and setenv.bat script have no effect. The relevant settings for the service wrapper application are stored in the Windows registry. They can be edited via Configuration application (tomcatw.exe). See "Java" tab in the configuration dialog. The{{-Xms}} and -Xmx options are configured in fields named "Initial memory pool" and "Maximum memory pool". Other options can be added to "Java Options" field as if they were specified on the command line of java executable. ...  Warning: The above recipe on how to obtain a Context for a web application is a bit obsolete and does not work in Tomcat 7 and later (as Server is no longer a singleton). There are other ways to achieve that. An easy one is to add a Valve or Listener to a context, as those classes have access to Tomcat internals. There may be other ways mentioned in the archives of the users mailing list. How do I redirect System.out and System.err to my web page? ... This is simply telling, that the items "jms/MyQCF", and "jms/MyQ" exist, and are instances of QueueConnectionFactory, and Queue, respectively. The actual configuration is in context.xml: ... Basically, you just have to enter your values for  (the WebSphere MQ servers host name),  (the channel name),  (the queue manager name), and  (the queue name). Both these values, the associated names (HOST, PORT, CHAN, ...), and their collection is truly MQ specific. For example, with ActiveMQ, you typically have a broker URL, and a broker name, rather than HOST, PORT, CHAN, ... The main thing to know (and the reason why I am writing this, because it took me some hours to find out): How do I know the property names, their meaning, and possible values? Well, t

[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:13 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Fix formatting and broken links.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... Honestly, the first question is "why are you rotating catalina.out"? Tomcat logs very little to catalina.out so the usual culprit is web applications that stupidly send output to System.out or System.err. If that's the case, what you ought to do is set swallowOutput="true" on the application's  configuration. That will send the output to a file configured (default) by conf/logging.properties. Once you've done that, get the application fixed to use a real logger, or at least use ServletContext.log(). If you've decided that you still absolutely positively need to rotate catalina.out, there is something that you have to understand: catalina.out is created by your shell's output redirection, just like when you type "ls -l > dir_listing.txt". So rotating the file needs to be done carefully. ... Rotate catalina.out using logrotate (or similar) ...  To   ...   use   ...   a   ...   tool   ...   like   ...  logrotate  ...  ,   ...   you'll   ...   want   ...   to   ...   use   ...   the   ...   "copytruncate"   ...   configuration   ...   option.   ...   This   ...   will   ...   copy   ...   catalina.out   ...   to   ...   another   ...   file   ...   (like   ...   catalina.out.  ...  datestamp  ...  )   ...   and   ...   then   ...   truncates   ...   catalina.out   ...   to   ...   zero-bytes.   ...   There   ...   is   ...   a   ...   major   ...   downside   ...   to   ...   this   ...   if   ...   catalina.out   ...   is   ...   seeing   ...   a   ...   lot   ...   of   ...   action:   ...   some   ...   log   ...   messages   ...   written   ...   to   ...   the   ...   log   ...   file   ...   during   ...   the   ...   copy/truncate   ...   procedure   ...   may   ...   be   ...   lost.  Rotate catalina.out using rotatelogs or chronolog (or similar) To use a tool like Apache httpd's rotatelogs or chronolog, you'll have to modify Tomcat's catalina.sh (or catalina.bat) script to change the output redirection from a redirect to a pipe. The existing code in catalina.sh looks like this: 
 
 
 
 No Format 
 
 
 
 
 
 eval "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
  -Djava.endorsed.dirs="\"$JAVA_ENDORSED_DIRS\"" -classpath "\"$CLASSPATH\"" \
  -Djava.security.manager \
  -Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \
  -Dcatalina.base="\"$CATALINA_BASE\"" \
  -Dcatalina.home="\"$CATALINA_HOME\"" \
  -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
  org.apache.catalina.startup.Bootstrap "$@" start \
  >> "$CATALINA_OUT" 2>&1 "&"
  
 
 
 You'll need to change that to something which looks more like this: 
 
 
 
 No Format 
 
 
 
 
 
 eval "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
  -Djava.endorsed.dirs="\"$JAVA_ENDORSED_DIRS\"" -classpath "\"$CLASSPATH\"" \
  -Djava.security.manager \
  -Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \
  -Dcatalina.base="\"$CATALINA_BASE\"" \
  -Dcatalina.home="\"$CATALINA_HOME\"" \
  -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
  org.apache.catalina.startup.Bootstrap "$@" start \
  | "$PATH_TO_CHRONOLOG" $CATALINA_BASE/logs/catalina.out.%Y-%m-%d
  
 
 
 ... For other parameters, look at the following pages: 
 
 FAQ/Memory  
 OutOfMemory  
 If you are running Tomcat as a Windows service, then environment variables and setenv.bat script have no effect. The relevant settings for the service wrapper application are stored in the Windows registry. They can be edited via Configuration application (tomcatw.exe). See "Java" tab in the configuration dialog. The{{-Xms}} and -Xmx options are configured in fields named "Initial memory pool" and "Maximum memory pool". Other options can be added to "Java Options" field as if they were specified on the command line of java executable. ...  Warning: The above recipe on how to obtain a Context for a web application i

[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:03 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Fix formatting. Remove a broken link.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... Another method is to use SetUID scripts (assuming you have the capability) to do this. Here's how I do it. Create a file called foo.c with this content (replace "/path/startupscript" with the tomcat startup script): 
 
 
 
 Code Block 
 
 
 
 
 
 
 
 
language 
cpp 
 
 
title 
foo.c 
 
 
  
 
 
 
 
 
#include 
#include 
  
 
 
 ... 
 
 
 
 Wiki Markup 
 
 
 
 
 

int main( int argc, char \*argv\[\] ) \{
  if ( setuid( 0 ) != 0 ) {
perror( "setuid() error" );
return 1;
  }
  printf( "Starting ${APPLICATION}\n" );
  execl( "/bin/sh", "sh", "/path/startupscript", 0 );
  return
  
 
 
 ... 
 
 
 
 
 0;
  
 
 
 ... 
 
 
 
 

}
  
 
 
 Run the following as root (replacing tmp with whatever you want the startup script to be and replacing X with whatever group you want to be able to start and stop tomcat: 
 
 
 
 Code Block 
 
 
 
 
 
gcc tmp.c -o tmp
chown root:X tmp
chmod ugo-rwx tmp
chmod u+rwxs,g+rx tmp
  
 
 
 Now members of the tomcat group should be able to start and stop tomcat. One caveat though, you need to ensure that that your tomcat startup script is not writable by anyone other than root, otherwise your users will be able to insert commands into the script and have them run as root (very big security hole). ...  An other way is to use Iptables to redirect Port 80 and 443 to user ports (>1024)  
 
 
 
 Code Block 
 
 
 
 
 
/sbin/iptables -A FORWARD -p tcp --destination-port 443 -j ACCEPT
  
 
 
 ... 
 
 
 
 

/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443
  
 
 
 ... 
 
 
 
 

/sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT
  
 
 
 ... 
 
 
 
 

/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80 --to-ports 8080
  
 
 
 ... 
 
 
 
 

/sbin/iptables-save or /etc/init.d/iptables save
  
 
 
 If you'd like "localhost:443" to also redirect to "localhost:8443", you'll need this command as well: 
 
 
 
 Code Block 
 
 
 
 
 
/sbin/iptables -t nat -A OUTPUT -p tcp -o lo -destination-port 443 -j REDIRECT --to-ports 8443
  
 
 
 Also note that if you have existing rules defined in your chains, you will need to make sure that the rules above are not ruled-out by another rule when using -A to add the above rules. For example, if you have an existing FORWARD rule that says "-j REJECT" than adding the FORWARD rule after it will have no effect. ... BSD-based Unix systems such as Mac OS X use a tool similar to iptables, called ipfw (for Internet Protocol Fire Wall). This tool is similar in that it watches all network packets go by, and can apply rules to affect those packets, such as "port-forwarding" from port 80 to some other port such as Tomcat's default 8080. The syntax of the rules is different than iptables, but the same idea. For more info, google and read the man page. Here is one possible rule to do the port-forwarding: 
 
 
 
 No Formatcode 
 
 
 
 
 

sudo ipfw add 100 fwd 127.0.0.1,8080 tcp from any to any 80 in

  
 
 
... Yet another way is to use authbind package (part of Debian- and CentOS based distributions) which allows a program that would normally require superuser privileges to access privileged network services to run as a non-privileged user. The article at http://java-notes.com/index.php/installing-tomcat-with-http-port-80-on-linux discusses how to install and configure the authbind package with Tomcat 6.0 on Linux.  How to create native launchers for Tomcat ... Honestly, the first question is "why are you rotating catalina.out"? Tomcat logs very little to catalina.out so the usual culprit is web applications that stupidly send output to System.out or System.err. If that's the case, what you ought to do is set swallowOutput="true" on the application's  configuration. That will send the output to a file configured (default) by conf/logging.properties. Once you've done that, get the application fixed to use a real logger, or at least use ServletContext.log(). If you've decided that you still absolutely positively need to rotate catalina.out, there is something that you have to understand: catalina.out is created by your shell's output redirection, just like when you type "ls -l > dir_listing.txt". So rotating the file needs to be done carefully. ... For other pa

[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 10:46 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Replace recipe for installing Tomcat as a service.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... How do I set up another tomcat service on Windows, sharing the same Tomcat Home ?  This script sets up a a tomcat base directory and calls tomcat5.exe to create a windows service which will use the tomcat home given for the binaries and tomcat base you create See TomcatCreateWindowsService  ...  To install another Tomcat service using separate Home (binaries) and Base (configuration) paths you can use the service.bat script provided by Apache Tomcat. If your installation of Apache Tomcat does not have a service.bat script (in the bin directory), you can get one from a zip distributive for that version.   To install the service:  
 
 Set environment variables CATALINA_HOME, CATALINA_BASE and JAVA_HOME (or JRE_HOME) as usual, as documented in RUNNING.txt file.  
 Call the service.bat script to install the service, as shown in the Windows Service How-To in Tomcat documentation.  service.bat install NewServiceName --rename  
  How do I install Tomcat as a service under Unix? ... Honestly, the first question is "why are you rotating catalina.out"? Tomcat logs very little to catalina.out so the usual culprit is web applications that stupidly send output to System.out or System.err. If that's the case, what you ought to do is set swallowOutput="true" on the application's  configuration. That will send the output to a file configured (default) by conf/logging.properties. Once you've done that, get the application fixed to use a real logger, or at least use ServletContext.log(). If you've decided that you still absolutely positively need to rotate catalina.out, there is something that you have to understand: catalina.out is created by your shell's output redirection, just like when you type "ls -l > dir_listing.txt". So rotating the file needs to be done carefully. ... For other parameters, look at the following pages: 
 
 FAQ/Memory  
 OutOfMemory  
 If you are running Tomcat as a Windows service, then environment variables and setenv.bat script have no effect. The relevant settings for the service wrapper application are stored in the Windows registry. They can be edited via Configuration application (tomcatw.exe). See "Java" tab in the configuration dialog. The{{-Xms}} and -Xmx options are configured in fields named "Initial memory pool" and "Maximum memory pool". Other options can be added to "Java Options" field as if they were specified on the command line of java executable. ...  Warning: The above recipe on how to obtain a Context for a web application is a bit obsolete and does not work in Tomcat 7 and later (as Server is no longer a singleton). There are other ways to achieve that. An easy one is to add a Valve or Listener to a context, as those classes have access to Tomcat internals. There may be other ways mentioned in the archives of the users mailing list. How do I redirect System.out and System.err to my web page? ... This is simply telling, that the items "jms/MyQCF", and "jms/MyQ" exist, and are instances of QueueConnectionFactory, and Queue, respectively. The actual configuration is in context.xml: ... Basically, you just have to enter your values for  (the WebSphere MQ servers host name),  (the channel name),  (the queue manager name), and  (the queue name). Both these values, the associated names (HOST, PORT, CHAN, ...), and their collection is truly MQ specific. For example, with ActiveMQ, you typically have a broker URL, and a broker name, rather than HOST, PORT, CHAN, ... The main thing to know (and the reason why I am writing this, because it took me some hours to find out): How do I know the property names, their meaning, and possible values? Well, there is an excellent manual, called "WebSphere MQ Using Java". It should be easy to find by entering the title into Google. The manual contains a section, called "Administering JMS objects", which describes the objects being configured in JNDI. But the most important part is the subsection on "Properties", which contains all the required details. How do I use DataSources with Tomcat? See UsingDataSources  ... See TomcatHibernate  How do I use DataSourceRealms for authentication and authorization? ... 
 
Use your IDE to connect to Tomcat through port 1044 
 See also: FAQ/Developing  How do I debug a Tomcat application wh

[CONF] Apache Tomcat > HowTo

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
HowTo 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 09:01 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink and update some text.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/gSslBg   
 
 
 
 Table of Contents 
 
 
  ... Meta How do I add a question to this page? ... However, do not add questions without answers to this page. If you have a question about how to do something in Tomcat which has not been addressed yet, ask the tomcat-user list. Once you've figured out how to fix your problem, come back and update the Wiki to allow the rest of us to benefit from what you've learned! ... Download the source bundle or grab the source XML file files from Subversion repository. If you are not familiar with Subversion, see http://www.apache.org/dev/contributors.html.Tomcat Git repository (at GitHub).  The docs are in the webapps/docs subdirectory. They are in XML format and get processed into the HTML documentation as part of the Tomcat release. ... If you're interested in previewing your changes, you will need to follow the directions for building Tomcat yourself. The docs will be generated in the output/build/webapps/docs directory just like with any normal Tomcat distributions.  Open a Bugzilla enhancement item with the explanation of your enhancements, and attach a svn git diff or diff -u format of your patch, or create a Pull Request at GitHub. We will evaluate and commit your patch as needed. Note, that the Tomcat web site is updated with every release, so that documentation changes will not be visible until next Tomcat release. It is possible to view documentation for unreleased versions of Tomcat 7, Tomcat 8.5 and Tomcat 6, 9 that is published by ASF Buildbot. See links on the buildbot page on Apache Tomcat web site. ... 
 
  It also makes a lot of sense to use the JavaServiceWrapper.  
 How to run Tomcat without root privileges? ... #include  #include  
 
 
 
 Wiki Markup 
 
 
 
 
 
int main( int argc, char \*argv\[\] ) \{
  
 
 
 
 
if ( setuid( 0 ) != 0 ) perror( "setuid() error" ); printf( "Starting ${APPLICATION}\n" ); execl( "/bin/sh", "sh", "/path/startupscript", 0 ); return 1;  
 } Run the following as root (replacing tmp with whatever you want the startup script to be and replacing X with whatever group you want to be able to start and stop tomcat: ... 
 
/sbin/iptables -A FORWARD -p tcp --destination-port 443 -j ACCEPT  
/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443  
/sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT  
/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80 --to-ports 8080  
 /sbin/iptables-save or /etc/init.d/iptables save ... 
 
/sbin/iptables -t nat -A OUTPUT -p tcp -o lo -destination-port 443 -j REDIRECT --to-ports 8443  
 Also note that if you have existing rules defined in your chains, you will need to make sure that the rules above are not ruled-out by another rule when using -A to add the above rules. For example, if you have an existing FORWARD rule that says "-j REJECT" than adding the FORWARD rule after it will have no effect. ... Honestly, the first question is "why are you rotating catalina.out"? Tomcat logs very little to catalina.out so the usual culprit is web applications that stupidly send output to System.out or System.err. If that's the case, what you ought to do is set swallowOutput="true" on the application's  configuration. That will send the output to a file configured (default) by conf/logging.properties. Once you've done that, get the application fixed to use a real logger, or at least use ServletContext.log(). If you've decided that you still absolutely positively need to rotate catalina.out, there is something that you have to understand: catalina.out is created by your shell's output redirection, just like when you type "ls -l > dir_listing.txt". So rotating the file needs to be done carefully. ... Rotate catalina.out using logrotate (or similar) 
 
 
 
 Wiki Markup 
 
 
 
 
 
To use a tool like [logrotate|http://linuxcommand.org/man_pages/logrotate8.html], you'll want to use the "copytruncate" configuration option. This will copy catalina.out to another file (like catalina.out.\[datestamp\]) and then truncates 

[CONF] Apache Tomcat > FDA Validation

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
FDA Validation 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 08:44 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Adjust wording about testing with TCKs. The text there still remains a bit outdated.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... Yes. Tomcat itself is validated to the extent it can be. Tomcat implements two several Java  Specifications: EE Specifications, most important of them are the Servlet Specification and the Java Server Pages (JSP) Specification. Each of these specifications has a Technology Compatbility Compatibility Kit (TCK), which is a collection of tests to certify a given product meets the Specification fully and accurately. The Apache Software Foundation is licensed to run these TCKs. They are run against every single major Tomcat release. No Tomcat release is pronounced stable unless it has passed both of these TCKs with 100% compliance. Therefore, every stable Tomcat release is validated to the extent of Tomcat's core functionality. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > FDA Validation

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
FDA Validation 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 08:17 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  FDA (21 CFR Part 11) Validation   Permalink to this page: https://cwiki.apache.org/confluence/x/BSolBg   Preface  This page discusses using Tomcat in an FDA validated environment, i.e. one where 21 CFR Part 11 regulations apply. Please note that although this page mentions specific companies, we do not explicitly endorse or sell anyone's services. Tomcat and Apache are not-for-profit organizations. This page is also far from a complete listing of vendors and support options. It is meant as a demonstration showing that these options do exist and that running Tomcat in a validated environment is both feasible and reasonable.  Questions  
 
 Can Tomcat be used in a validated environment?  
 Has anyone actually done it?  
 Is Tomcat itself validated?  
 What kind of support is there around validating Tomcat?fully and accurately  
 How do I know I have a validated release? How do I know no one has tampered with the release package?  
 What about security? I'm concerned about attacks.  
  Answers   
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 Can Tomcat be used in a validated environment?  Yes. There's nothing in Tomcat's design or implementation that prevent it from being used in a validated environment. The same validation procedures and guidelines that apply to most software packages apply to Tomcat as well. Being an open-source application does not preclude Tomcat validation. In fact, it helps in at least one key aspect: the source code itself can be audited, as can the commit and change logs for the software.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 Has anyone actually done it?  Yes. As shown in this user mailing list archive, Merck and other large companies are using Tomcat in a validated environment. In addition, there is at least one application provider (Interchange Digital) whose application runs on Tomcat that has deployed said package in numerous pharma data centers.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 Is Tomcat itself validated?  Yes. Tomcat itself is validated to the extent it can be. Tomcat implements two Java Specifications: the Servlet Specification and the Java Server Pages (JSP) Specification. Each of these specifications has a Technology Compatbility Kit (TCK), which is a collection of tests to certify a given product meets the Specification fully and accurately. The Apache Software Foundation is licensed to run these TCKs. They are run against every single Tomcat release. No Tomcat release is pronounced stable unless it has passed both of these TCKs with 100% compliance. Therefore, every stable Tomcat release is validated to the extent of Tomcat's core functionality. ... However, we cannot validate your application's use of Tomcat. You're on your own there.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q4 
 
 
 
Q4 
 
 
  
 
 
 What kind of support is there around validating Tomcat?  Several kinds. They include: 
 
There are numerous smaller vendors and several large ones, including IBM, HP, Sun, and Novell, who offer Tomcat consulting and support services, including application auditing, environment assessments, and risk analysis. 
There are numerous vendors in addition to the above consultants, like SpringSource (formerly Covalent) and JBoss, who offer 24/7/365 enterprise-level support for Tomcat. 
The Tomcat mailing lists are extremely active and contain members of many of the above organizations, including contractors available for hire. 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q5 
 
 
 
Q5 
 
 
  
 
 
 How do I know I have a validated release? How do I know no one has tampered with the release package?  All Tomcat releases are signed using the Release Manager's PGP key. The key is also available in the KEYS file that ships with every Tomcat release. The same KEYS file is also available in the Tomcat SVN Git repository (here). The PGP signatures are available on all the Tomcat download pages, and can (and should!) be used to verify the release really is the signed distribution. As for tampering: every Tomcat release is also digested using the MD5 SHA-512 algorithm as specified in RFC1321 RFC6234. The MD5 SHA-512 digest is included in all the download pages. Users run MD5 run sha512sum on their local machine to verify that the digest of what they downloaded is the same as that published in the Apache download pages. That way, users

[CONF] Apache Tomcat > Deployment

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Deployment 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 07:27 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/5SklBg  Preface This section of the FAQ discusses common questions related to web application deployment. ... 
 
 Why does tomcat 5 create context configuration files?  
 Why does the memory usage increase when I redeploy a web application?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 Why does tomcat 5 create context configuration files?   Tomcat 5, Tomcat 6:   Unlike tomcat 4.x, tomcat 5.x creates context configuration files for you in its conf/[Engine name]/[Host name] directory. This is part of the change in tomcat's configuration mechanism from version 4.x to make overall configuration more robust, flexible, and enterprise-friendly. Note, however, that this has changed the recommended deployment practices for web applications. These context configuration files are created by tomcat, but not removed by tomcat, because the user may have changed them or other files in the conf directory. The suggested practice for tomcat 5 is to place context configuration files as META-INF/context.xml in your webapp, and use Tomcat's Manager webapp to deploy/undeploy your applications. More details can be found here: MARC Archive   Tomcat 7 and later:  In Tomcat 7 the default behaviour has been changed to do not auto-create those context configuration files.  The recommended practice of using META-INF/context.xml files is still the same. Those files are discovered and processed in the same way. The difference is that they are not copied to the conf/[Engine name]/[Host name]directory.  This is convenient, as you do not need to care of those copied files when undeploying your application, and you do not need to care whether the conf directory is writeable. This change in behaviour is documented in the Migration Guide.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 Why does the memory usage increase when I redeploy a web application?  That is because your web application has a memory leak. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Database

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Database 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 07:22 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/3CklBg  Preface This page is to discuss database error and DBCP. Until more content can appear here, here are some links to the mail archives to perform some searches: 
 
 database  
 datasource  
 oracle  
 mysql  
 dbpool  
 Other Links of interest: 
 
 JNDI Datasource HOW-TO  
 Questions 
 
 Is it safe to use JDBC-ODBC bridge in production environment?  
 How to use Orache thin driver?  
 How to use JDBC 3 driver with Tomcat 8?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 Is it safe to use JDBC-ODBC bridge in production environment?  No, do not use JDBC-ODBC bridge bundled with Sun's JDK with Tomcat. It was never meant for a production server environment. If you ask a question about it, everyone will tell you to not use it. If you do need to use ODBC, there are 3rd party drivers which do a pretty good job at being thread safe.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 How to use Orache thin driver?  If you use the oracle Oracle thin driver, be sure to rename it to a jar file from a zip file. Tomcat only auto-magically loads files ending in .jar placed in a lib directory. It ignores all other file extensions.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 How to use JDBC 3 driver with Tomcat 8 / DBCP 2?  One of the connection pool implementations in Tomcat 8 is DBCP 2, and DBCP 2 calls Connection.isValid(int) method when no validationQuery is specified. IsValid(int) method is introduced with JDBC 4. If you must use JDBC 3 driver with Tomcat 8 / DBCP 2, make sure that you specify validationQuery attribute in pool configuration. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > UsingDataSources

2019-11-24 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
UsingDataSources 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 07:16 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/SzElBg   How do I use DataSources with Tomcat?  When developing J2EE JavaEE web applications, the task of database connection management can be daunting. Best practice involves using a J2EE JavaEE DataSource to provide connection pooling, but configuring DataSources in web application servers and connecting your application to them is often a cumbersome process and poorly documented. ... With Tomcat the process is vastly simplified. Tomcat allows you to configure DataSources for your J2EE JavaEE web application in a context.xml file that is stored in your web application project. You don't have to mess with configuring the DataSource separately in the Tomcat server.xml, or referencing it in your application's web.xml file. Here's how: ... Install the .jar file(s) containing the JDBC driver in Tomcat's $CATALINA_BASE/lib folder. You do not need to put them in your application's WEB-INF/lib folder. When working with J2EE JavaEE DataSources, the web application server manages connections for your application. ... In the root of your web app directory structure, create a folder named META-INF (all caps). Inside that folder, create a file named context.xml that contains a Resource like this: 
 
 
 
 No Format 
 
 
 
 
 





  




  
 
 
 This example shows how to configure a DataSource for a SQL Server database named mytest located on the development machine. Simply edit the Resource name, driverClassName, username, password, and url to provide values appropriate for your JDBC driver.  Access the DataSource in Your Application  From a Servlet Here's how you might access the data in a servlet: 
 
 
 
 No Format 
 
 
 
 
   
 InitialContext ic = new InitialContext();
  DataSource ds = (DataSource) ic.lookup("java:comp/env/jdbc/WallyDB");
  Connection c = ds.getConnection();
  ...
  c.close();
  
 
 
 ... Known-Working examples for other Databases 
 
 
 
 No Format 
 
 
 
 
 
 
  
 
 

 
 
 
 No Format 
 
 
 
 
 
 
  
 
 
 ... This technique is Tomcat-specific. If you deploy your web application to another application server, you will need to configure the database according to your application server's documentation, and reference it in your application's web.xml.  CategoryFAQ   
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Developing

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Developing 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 02:36 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/8CklBg  About This section of the FAQ discusses common questions related to Tomcat development. ... A full explanation for Tomcat in Eclipse can be found here: 
 
Tomcat 89.0.x: httphttps://tomcat.apache.org/tomcat-89.0-doc/building.html#Building_with_Eclipse  
Tomcat 78.05.x: httphttps://tomcat.apache.org/tomcat-78.05-doc/building.html#Building_with_Eclipse  
Tomcat 67.0.x: httphttps://tomcat.apache.org/tomcat-67.0-doc/building.html#Building_with_Eclipse  
 Debugging  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
  How do I configure Tomcat to support remote debugging? The short answer is to add the following options when the JVM is started: 
 
 
 
 No Format 
 
 
 
 
 

-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n
  
 
 
 ... 
 
 If you are using shell scripts to start Tomcat, start it with the following command: 
 
 
 
 No Format 
 
 
 
 
  
 catalina jpda start  
  
 
 
 It will start Tomcat so that a remote debugger can be connected to port 8000. The above mentioned options can be provided by setting certain environment variables. See the comments at the top of catalina.sh or .bat file for details. For example, the port number and JPDA transport implementation can be set with JPDA_ADDRESS=8000 and JPDA_TRANSPORT=dt_socket.  
If you run Tomcat using service wrapper, add the above JVM options before any other JVM options. Check the documentation for the service wrapper to determine how to set JVM options. 
If you start Tomcat from within an IDE, check the documentation for the IDE to determine how to set the required JVM options. 
 ... This answer assumes that you have a project set up and have some idea of what you are doing in this respect. If not then that is really outside the scope of this topic and you need to go to eclipse.org and read up on how to use your IDE, and maybe practice a little bit before you come back to this. We are also going to assume that you have some idea of what a debugger is and how to use one. ... How do I remotely debug Tomcat using NetBeans? This answer assumes that you know how to work with a NetBeans Project, and also how to use the NetBeans debugger. If not, please go to http://www.netbeans.org/kb/using-netbeans/40/debug.html and read up on how to use NetBeans and its debugger. ... Monitoring interval for application reloading is controlled by the backgroundProcessorDelay property on Context element or on its parent containers: Host and Engine. See Tomcat Configuration Reference for details. By default there is a single background processing thread that is run by Engine. See its configuration for the default delay value. Interval that controls reloading of the changed JSP pages is set in the Jasper configuration in web.xml.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q6 
 
 
 
Q6 
 
 
  
 
 
  Official Eclipse IDE Web Tools FAQ for Tomcat Eclipse IDE has support for development of Web applications and running them on Apache Tomcat. This support is provided by Eclipse Web Tools Platform Project. An easy way to get Web Tools is to download "for Java EE Developers" edition of Eclipse IDE. The Web Tools project has a FAQ page. 
 
 WTP Tomcat FAQ  
In Eclipse Help see "Web Tools Platform User Guide" > "Using the server tools" > "Testing and publishing on your server" 
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Troubleshooting and Diagnostics

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Troubleshooting and Diagnostics 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 01:16 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 Troubleshooting and Diagnostics techniques.  Permalink to this page: https://cwiki.apache.org/confluence/x/yColBg   
 
 
 
 Table of Contents 
 
 
  Techniques & Reference 
 
 How To: Capture a thread dump  
 How To: Capture a heap dump  
 How To: Examine a Stacktrace  
 How To: Configure Tomcat for debugging  
 FAQ: Developing  
 FAQ: Memory  
 Tomcat Memory Leak Protection  
 Sun Technical Article: Monitoring and Managing Java SE 6 Platform Applications  
 Notes on using JMX clients  
 Tools JMX Clients 
 
 JConsole DocsJJConsole: Documentation  
 VisualVM Docs: Documentation, Project  
  JDK tools  ...  
 
 jinfo - Prints JVM process info  
 jstack - Prints thread stack traces  
 jmap - Dumps heap and shows heap status  
 jhat - Heap Analyzer Tool  
 jcmd - Multitool intended to replace the above JDK tools  
 Profilers & Heap Analyzers 
 
 Eclipse Memory Analyzer (MAT)  
 YourKit Profiler  
  VisualVM Docs   
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
usingjmxclients 
 
 
 
usingjmxclients 
 
 
  
 
 
  ... NB(2) On Windows, if Tomcat is started using a service wrapper, this will prevent JConsole & VisualVM from using the local JMX connector stub.  Java 5 JConsole and Remote Management FAQ  From Java 6 onward a process needn't does not need to have the management agent enabled when it starts, as the Attach API permits the management agent to be activated on demand. ... 
 
Look into Tomcat access log (the log file generated by AccessLogValve).  
 
 If your request is not listed there, then it has not been processed by Tomcat. You need to look elsewhere (e.g. at your firewall).  
 You will see what IP address your client is using, and whether it is using an IPv4 (127.0.0.1) or IPv6 address (0:0:0:0:0:0:0:1).  Modern operating systems can use IPv6 addresses for localhost / local network access, while external network is still using IPv4.  
 2.   
 
 
 Take a thread dump. This way you will find out what Tomcat is actually doing. 
 
 If you are troubleshooting some process that takes noticeable time, take several (three) thread dumps with some interval between them. This way you will see if there are any changes, any progress.  
 3.   
 Try debugging. 
 
 A good place for a breakpoint is org.apache.catalina.connector.CoyoteAdapter.service() method. That is the entry point from Tomcat connectors and into the Servlet engine. At that place your request has already been received and its processing starts.  
  
 Troubleshooting unexpected Response state problems ... The lifetime of the Response object is documented in the Servlet specification. Quoting from section "5.8 Lifetime of the Response Object" of Servlet 4.0 specification:  "Each response object is valid only within the scope of a servlet’s service method, or within the scope of a filter’s doFilter method, unless the associated request object has asynchronous processing enabled for the component. If asynchronous processing on the associated request is started, then the response object remains valid until complete method on AsyncContext is called."  In case of asynchronous processing, when an error occurs Tomcat notifies all registered AsyncListener}}s and then calls  {{complete() automatically  automatically if none of the listeners have called it yet. (Reference: 61768) ... To troubleshoot the issue: 
 
Set the following system property in Tomcat configuration:  org.apache.catalina.connector.RECYCLE_FACADES=true  When the above flag is set, Tomcat recycles facades to its internal objects when request processing completes. This makes it easier to spot illegal access when it happens, instead of waiting until side effects of such access become visible.  This flag is also mentioned on the Security Considerations page.   
 ... 
 
  The flag is true when Tomcat runs with enabled Java Security Manager.   You can also search the archives of the Tomcat users' mailing lists for previous discussions mentioning the RECYCLE_FACADES flag.
 ... 
 
   
 Read about Java ImageIO issue.  
 Accessing response objects after their lifetime can lead to security issues in your application, such as sending responses to wrong clients, mixing up responses. If you can reproduce the issue and the above diagnostic does not show your own bug, but a bug in Apache Tomcat,  if the problem manifests as a s

[CONF] Apache Tomcat > Connectors

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Connectors 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:40 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/yiklBg  Preface Please see the Other Resources Link for other pages describing how they were able to link Tomcat with a connector. With luck, someone documented their experience in an environment which is similar to yours. Here is a link to the Apache Tomcat Connectors (aka JK Connectors) project page. It contains more configuration and installation information. ... 
 
 What is JK (or AJP)?  
 Which connector: mod_jk or mod_proxy?  
 What about mod_jserv, mod_jk2, mod_webapp (aka warp)?  
 Why should I integrate Apache HTTP Server with Apache Tomcat? (or not)  
 At boot, is order of start up (Apache HTTP Server vs Apache Tomcat) important?  
 Is there any way to control the content of automatically generated mod_jk.conf-auto?  
 How do I bind to a specific ip IP address?  
 Where can I download a binary distribution of my connector?  
 I'm having strange UTF-8 issues with my request parameters.  
 How do I configure apache tomcat connectors for a heavy load site?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 What is JK (or AJP)?  AJP is a wire protocol. It an optimized version of the HTTP protocol to allow a standalone web server such as Apache to talk to Tomcat. Historically, Apache has been much faster than Tomcat at serving static content. The idea is to let Apache serve the static content when possible, but proxy the request to Tomcat for Tomcat related content.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 Which connector: mod_jk or mod_proxy?  
 
mod_jk is mature, stable and extremely flexible. It is under active development by members of the Tomcat community. 
mod_proxy_ajp is distributed with Apache httpd 2.2 and later. Note that the communication protocol used is AJP. 
mod_proxy_http is a cheap way to proxy without the hassles of configuring JK. If you don't need some of the features of mod_jk, this is a very simple alternative. Note that the communication protocol used is HTTP/1.1.  
 mod_proxy_http2 uses HTTP/2 as communication protocol. I has support for both secure (h2) and cleartext (h2c) variants of HTTP/2. Both are understood by Tomcat 8.5 and later.  
 Here are some anecdotal comments from members of the Tomcat community:  _ I have been using mod_jk for a very long time and I saw (at the time) only one reason to make the switch to mod_proxy_ajp: it is bundled with Apache and so you (likely) don't have to build the module yourself.   That said, simple configurations are *way* more simple in mod_proxy_ajp than with mod_jk, although the (somewhat) recent addition of JkWorkerProperty and JkMount "extensions" do help quite a bit.   mod_proxy_ajp can also be trivially swapped-out with mod_proxy_http just by changing the URLs in your ProxyPass and ProxyPassReverse directives to say http:// (or https://) instead of ajp://. This might help you if you need to switch protocols for debugging purposes or if you suddenly need switch to HTTPS to secure the traffic without any external configuration (e.g. stunnel or VPN). (See AJP with stunnel.)   mod_proxy also supports ProxyPassMatch directive which lets you use regular expressions in your URL mappings, which mod_jk's JkMount does not (though you *can* use  along with SetHandler in order to achieve the same result, it's a cleaner configuration with mod_proxy).   That said, I have found that mod_jk supports more complicated configurations where I have struggled to get mod_proxy_ajp to do the same. Specifically, overlapping URL spaces that must be mapped to separate workers. Technically speaking, I suppose you could use lots of ProxyPassMatch directives and/or have a complex regular _expression_ to direct the various URLs, but again you end up with a rather messy configuration that way. Messy configurations are a maintenance risk as well as at risk of becoming "arcane knowledge" that nobody actually understands and so they are afraid to modify it for any reason.   Generally, mod_jk will get fixed faster than mod_proxy_ajp due to its independent release cycle: the httpd folks might have a fix for a problem but it doesn't get released for a while due to testing of other components, etc. At this point, mod_proxy_ajp has (IMHO) reached a point of stability that this is less of an issue than it used to be.   At this stage, there

[CONF] Apache Tomcat > AJP with stunnel

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
AJP with stunnel 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:32 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page; https://cwiki.apache.org/confluence/x/TCglBg  AJP over stunnel stunnel is a little more complicated than a normal protocol because it can be used in a number of different ways. I'll give some contrived examples to see how you can set it up in different ways, depending upon the support for encryption of the underlying protocol.   Wiki MarkupThis   wiki   entry   is   intended   to   be   a   starter-guide   and   not   a   replacement   for   the   fine  \[https://www.stunnel.org/docs.html|documentation   provided   by   the   stunnel   team\].  Let's say that you have an HTTPS server, but your client can't speak HTTPS for some reason. If you set up stunnel on the client side, you can connect locally to the stunnel server and have it establish a secure-connection to the remote server running HTTPS. Like this: 
 
 
 
 No Format 
 
 
 
 
   
 client -> localhost:12345 (stunnel)
  stunnel -> remote_host:443 (httpd)

  
 
 
 As far as the client is concerned, it's using HTTP to talk to localhost. But really it's talking to remote_host:443, so everyone is happy. (Yes, there are issues with URLs and redirects produced by the server, but that's out of scope for this discussion). Let's take another example: you have clients that are HTTPS-capable, but the service you are running can only support HTTP for some reason, and you want to secure it. Set up stunnel on the server, then have your remote clients connect to it and tunnel to localhost. Like this: 
 
 
 
 No Format 
 
 
 
 
   
 client -> remote_host:443 (stunnel)
  stunnel -> localhost:8080 (httpd)

  
 
 
 As far as the client is concerned, it's using HTTPS to communicate with remote_host:443, but really it's connecting to remote_host:8080. (Yes, there are some issues with URLs and redirects but that's out of scope for this discussion.) ... 
 
Depending upon the version, you might only be able to use TLSv1 (and not e.g. TLSv1.2) 
 ... 
 
 stunnel generally ignores certificate issues, such as expiration, etc. You might want to configure it with a little more care than the default. THIS ALSO MEANS IT DOES NOT AUTHENTICATE THE SERVER BY DEFAULT. You could accidentally connect to a malicious server.  
 This should be enough to get you started. Please refer to the official stunnel documentation for specifics.  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > ClusteringOverview

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
ClusteringOverview 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:13 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/DiklBg  From Zero to Clustered - an Overview ... Also, there is a lot of misleading, incomplete, and just flat wrong information concerning Tomcat floating around on the Internet. You might get accurate information elsewhere, but from what I've seen this is not very likely. The authoritative source for information is always:  httphttps://tomcat.apache.org/  Linux in General You'll find that Linux is a different beast than Windows (even Windows 7). In particular file permissions, file ownerships, and SELinux present quite a different security model than the typical Windows installation. It's best to be aware of this from the start. ... If you're setting up a development platform, then just create a directory and unpack multiple Tomcat servers in that directory. This will make dealing with permissions easier, which is an important consideration when integrating Tomcat servers with IDEs such as Eclipse or NetBeans. Apache HTTPD Rather than building your own Apache HTTPD, I recommend that you get and install the distribution package for Apache HTTPD. This will place files in line with the rest of your system, and it will also have a serviceable default configuration. ... Now stop the Tomcat server with shutdown.sh and set up the manager application. This involves editing the tomcat-users.xml file found in the conf directory. Instructions for editing that file (for Tomcat 7) can be found here:  httphttps://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring_Manager_Application_Access  Once it's running and you can access the manager application, then associate the installation with your IDE (if you're setting up a development environment). Now you can develop, debug, test, and deploy from within your IDE without running into permission issues. 
 
 
 
 Warning 
 
 
 
 
 Unlike Apache HTTPD, most people on the mailing list do NOT recommend that you use the Linux distribution packaged versions of Tomcat. In general people have found that these are much more difficult to work with than just getting a stock Tomcat from http https://tomcat.apache.org/   
 
 
 mod_jk build While other people have had difficulty (search the mailing list) building mod_jk on various platforms, I've never had much trouble. The steps are quite simple, provided you have the appropriate packages installed on your system. 
 
  Wiki Markup  Download   the   source   fromhttp  https://tomcat.apache.org/download-connectors.cgi   2.
 Unpack   it   into   a   directory 3.   
 cd   to  \[tomcat-connectors-1.xx\]/native 4.   
  Read  BUILDING.txt   \\   
 Following BUILDING.txt: 
 
 ./configure --with-apxs=/usr/sbin/apxs 2.   
 make 3.   
su to root 4.   
cd back to where you were 5.   
 make install  
 This will put everything in the right place. mod_jk configuration ...  Recent   ...   versions   ...   of   ...   mod_jk   ...   come   ...   with   ...   some   ...   very   ...   nice   ...   and   ...   well-commented   ...   examples.   ...   They   ...   can   ...   be   ...   found   ...   in   ...  [tomcat-connectors-1.xx  ...  ]/conf.   ...   Read   ...   them,   ...   follow   ...   them,   ...   use   ...   them.  The defaults have been chosen to work in most general use cases. ... See the following for documentation on worker name versus jvmRoute attribute:  httphttps://tomcat.apache.org/tomcat-7.0-doc/cluster-howto.html#Cluster_Basics  See the following for mod_jk loadbalancer configuration:  httphttps://tomcat.apache.org/connectors-doc/reference/workers.html  Another Tomcat While the easiest way to get started with clustering is just to unpack another copy of Tomcat in another directory, it's probably far more useful to use the concept of CATALINA_HOME and CATALINA_BASE. See RUNNING.txt in the Tomcat directory for details. ... 
 
Change the SHUTDOWN port to not conflict with the first Tomcat 2.   
Change the HTTP/1.1 port to not conflict with the first Tomcat (useful for testing) 3.   
Change the AJP/1.3 port to match that configured in workers.properties 4.   
Change the jvmRoute attribute of the Engine element to match the correct worker name 5.   
Configure the manager application (useful for testing) 
 ... The basic clustering documentation can be found here:  httphttps://tomcat.apache.org/tomcat-7.0-doc/cluster

[CONF] Apache Tomcat > Memory Related Bugs

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Memory Related Bugs 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:19 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/iSklBg   
 
 
 
 Table of Contents 
 
 
  Preface This page discusses various memory issues. In a nutshell - if your computer has less than 128MB of ram - you will probably have trouble. Anyhow, also read the following threads for other memory related issues: ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > ClusteringCloud

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 2 new edits on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
ClusteringCloud 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comments 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:03 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 12:01 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Fix formatting.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/CSklBg   How to use   ...  Tomcat clustering in the cloud.  The load-balancer and the sticky (or not sticky) logic is provided by the cloud it selfitself, basically you have to expose a service and configure a route. Cloud configuration depends on the cloud providers, document documentation for the mean more cloud providers will be added to this wiki. The tomcat Tomcat clustering for the cloud uses Kubernetes, so you have to configure your nodes to use Kubernetes, all cloud providers support Kubernetes. Kubernetes uses Docker so you have to create a Docker image to use tomcat Tomcat in the cloud. There are 2 ways to organize your images, : use a standalone tomcat Tomcat and add your webapps to it or prepare your webapps as a micro service and have one image per webappswebapp. Each image will be started as a pod on kubernetesKubernetes, you can scale up and down by changing the number of pods running your webapp or your tomcatTomcat. Hanging or dying pods are restarted by kubernetesKubernetes. 1 - "Full" tomcat configuration: In server.xml use the following: 
 
 
 
 Code Block 
 
 
 
 
 
 
 
 
language 
xml 
 
 
  
 
 
 
 
 
 className="org.apache.catalina.ha.tcp.SimpleTcpCluster">
  
 
 
 ... 
 
 
 
 

 className="org.apache.catalina.tribes.group.GroupChannel">
  
 
 
 ... 
 
 
 
 

 className="org.apache.catalina.tribes.membership.cloud.CloudMembershipService"/>
  
 
 
 ... 
 
 
 
 


  
 
 
 ... 
 
 
 
 


  
 
 
2 - Example there :   There is an example to use it with OpenShift in https://github.com/jfclere/tomcat-kubernetes   
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Clustering

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Clustering 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:31 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/xCklBg  Preface This page discusses cluster- and clustering-related questions. Please make sure to read the Clustering HowTo page in the main Tomcat documentation bundle as well. ... 
 
 Can I configure a cluster at the Engine level?  
 Show me a simple cluster configuration example.  
 How do I turn on transport logging?  
 How do I use JMX to monitor the cluster?  
 Can I pause the message sending?  
 Can I add more senders (pooled mode)?  
 What happens when I pull the network cable?  
 On my windows laptop without network my cluster doesn't work.  
 The cluster doesn't work under Linux with two nodes on two boxes.  
 I get "localhost" rather than "eth0" or another interface when using tcpListenAddress="auto".  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 Can I configure a cluster at the Engine level?  Yes, beginning with Tomcat 5.5.10 you can configure clusters at both the Engine and Host levels. This helps support clustering for web hosting companies.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
 Show me a simple cluster configuration example.  For Tomcat 5.5.10 and later: 
 
 
 
 No Format 
 
 
 
 
 

  
 
 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
 How do I turn on transport logging?   (FIXME: The text below needs an update, The logging categories are org.apache.catalina.ha and org.apache.catalina.tribes nowadays. What else is needed? There no "clusterLog" attribute.)  
 
Use "org.apache.catalina.cluster" as logger category and switch to info, debug or trace as log level. 
Configure the clusterLog attribute (logging category) to get and send and receive message log.
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q4 
 
 
 
Q4 
 
 
  
 
 
 How do I use JMX to monitor the cluster?   With Since Java 5 you can use the jconsole application to look inside the runnnig cluster: please see the JMX configuration section in the Clustering HowTo document. In fastasyncmode replication mode you can got get more information with sender attributes doProcessingStats="true" and queueDoStats="true". Finally, with the new JMX remote ant Ant task you can access the state and call operations.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q5 
 
 
 
Q5 
 
 
  
 
 
 Can I pause the message sending?  Yes, the async senders buffer the messages, but make sure the membership ping is active. With fastasyncqueue mode you can limit the max queue size.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q6 
 
 
 
Q6 
 
 
  
 
 
 Can I add more senders (pooled mode)?  Yes, with sender attribute maxPoolSocketLimit="40" you can have more than the default 25 sockets to transfer more parallel messages.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q7 
 
 
 
Q7 
 
 
  
 
 
 What happens when I pull the network cable?  The other members will remove the instance from the cluster, but when you insert the cable again, the Tomcat instance might have completely flipped out. This is because the OS might start using 100% of the CPU when a multicast message is sent. There has not yet been a good solution for this, I will let you know when I have come up with one. (pero: I test this and I works correct with java 5 and exists when you use the cluster with JDK 1.4.x)  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q8 
 
 
 
Q8 
 
 
  
 
 
 On my windows laptop without network my cluster doesn't work.  The Membership attribute mcastBindAddress="127.0.0.1" must be set!  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q9 
 
 
 
Q9 
 
 
  
 
 
 The cluster doesn't work under Linux with two nodes on two boxes.  Check the the following: 
 
Is your network interface enabled for multicast? ifconfig eth0 MULTICAST 
Exists a multicast route to your network interface? route add -host 228.0.0.4 dev eth0 
Is your firewall active? Then check that multicast port is on your UDP open list and the receiver TCP port is also for both machines open! 
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q10 
 
 
 
Q10 
 
 
  
 
 
 I get "localhost" rather than "eth0" or another interface when using tcpListenAddress="auto".  Change /etc/hosts so that the localhost domain resolves to the actual IP address of the NIC, eth0. Please see Bugzilla for more. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 

[CONF] Apache Tomcat > Class Not Found Issues

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Class Not Found Issues 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:18 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  Permalink to this page: https://cwiki.apache.org/confluence/x/tSklBg  Preface This page discusses the various ways you see Class Not Found errors or very similar errors. It is strongly advised you read the following topics: 
 
Classloader HOWTO pages: Tomcat 9.0, Tomcat 8.5, Tomcat 7.0, (historic: Tomcat 6.0). 
 Don't use packageless classes and declare all imported classes! 
 Another answer to a classloader issue  
 If you get a NoClassDefFoundError exception, the root cause might be the same as for a ClassNotFound exception. ... 
 
 Why is jsp:useBean is not working?  
 Why do I get java.lang.NoClassDefFoundError: javax/servlet/Filter?  
 Why do I get java.lang.NoClassDefFoundError: org/xml/sax/InputSource?  
 Answers  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
  ...  Why is   ...  jsp:useBean  ...   is not working?  ...  Make sure: 
 
Your bean is packaged in a class. 
   You have fully qualified your class name (e.g.:   No Format  com.bar.package.MyClass) OR  
 You have imported your class into your jsp (e.g.:   No Format   <%@   page   import="com.bar.package.MyClass"%>  )  
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q2 
 
 
 
Q2 
 
 
  
 
 
  ...  Why do I get   ...  java.lang.NoClassDefFoundError:   ...   javax/servlet/Filter  ...   ?  ...  You probably have servlet-api.jar floating around somewhere it shouldn't be. This really messes up the classloaders since Tomcat's classloaders don't act quite as normal as one expects (see links above). servlet-api.jar should only be found only once in $CATALINA_HOME/lib.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q3 
 
 
 
Q3 
 
 
  
 
 
  ...  Why do I get   ...  java.lang.NoClassDefFoundError:   ...   org/xml/sax/InputSource  ...   ?  ...  You have conflicting XML api jar files in your classpath. Read the README or RELEASE-NOTES for more information. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > FAQ

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
FAQ 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:05 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
Read the docs. Most answers are already documented. 
Know the Specifications. Many answers are not documented by the Tomcat team since they are generic and already defined by the specs. Know the specs, they let you ensure your webapps are portable across different servlet containers. 
Please do some research. Use a search engine. It is frustrating to see questions which can be answered with a simple Google search (or your favorite search engine). 
Browse or search our mailing lists. 
 Table of Contents FAQ TOPICS ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




[CONF] Apache Tomcat > Character Encoding

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Character Encoding 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 11:03 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Fix formatting. Fix vroken links and convert to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 Character Encoding Issues  Permalink to this page: https://cwiki.apache.org/confluence/x/liklBg  Questions 
 
 Why 
 
 What is the default character encoding of the request or response body?  
 Why does everything have to be this way?  
  
 How 
 
 How do I change how GET parameters are interpreted?  
 How do I change how POST parameters are interpreted?  
 What can you recommend to just make everything work? (How to use UTF-8 everywhere).  
 How can I test if my configuration will work correctly?  
 How can I send higher characters in HTTP headers?  
  
 Troubleshooting 
 
 I'm having a problem with character encoding in Tomcat 5  
  
 Answers Why  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q1 
 
 
 
Q1 
 
 
  
 
 
 What is the default character encoding of the request or response body?  If a character encoding is not specified, the Servlet specification requires that an encoding of ISO-8859-1 is used. The character encoding for the body of an HTTP message (request or response) is specified in the Content-Type header field. An example of such a header is Content-Type: text/html; charset=ISO-8859-1 which explicitly states that the default (ISO-8859-1) is being used. References: HTTP 1.1 Specification, Section 3.7.1  The above general rules apply to Servlets. The behaviour of JSP pages is further specified by the JSP specification. The request character encoding handling is the same, but response character encoding behaves a bit differently. See chapter "JSP.4.2 Response Character Encoding". For JSP pages in standard syntax the default response charset is the usual ISO-8859-1, but for the ones in XML syntax it is UTF-8.  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
Q9 
 
 
 
Q9 
 
 
  
 
 
 Why does everything have to be this way?  Everything covered in this page comes down to practical interpretation of a number of specifications. When working with Java servlets, the Java Servlet Specification is the primary reference, but the servlet spec itself relies on older specifications such as HTTP for its foundation. Here are a couple of references before we cover exactly where these items are located in them. A more detailed list can be found on the Specifications page. 
 
 Java Servlet Specification 4.0  
 HTTP 1.1 Protocol: Message Syntax and Routing, HTTP 1.1 Protocol: Semantics and Content … 
 URI Syntax  
 ARPA Internet Text Messages  
 HTML 4, HTML 5  
  Default encoding for request and response bodies  See 'Default Encoding for POST' below.  Default encoding for GET  The character set for HTTP query strings (that's the technical term for 'GET parameters') can be found in sections 2 and 2.1 the "URI Syntax" specification. The character set is defined to be US-ASCII. Any character that does not map to US-ASCII must be encoded in some way. Section 2.1 of the URI Syntax specification says that characters outside of US-ASCII must be encoded using % escape sequences: each character is encoded as a literal % followed by the two hexadecimal codes which indicate its character code. Thus, a (US-ASCII character code 97 = 0x61) is equivalent to %61. Although the URI specification does not mandate a default encoding for percent-encoded octets, it recommends UTF-8 especially for new URI schemes, and most modern user agents have settled on UTF-8 for percent-encoding URI characters. ... 
 
ISO-8859-1 and ASCII are compatible for character codes 0x20 to 0x7E, so they are often used interchangeably. 
Modern browsers encoding URIs using UTF-8. Some browsers appear to use the encoding of the current page to encode URIs for links. 
 HTML 4.0 recommends the use of UTF-8 to encode the query string. 
When in doubt, use POST for any data you think might have problems surviving a trip through the query string. 
  Default Encoding for POST  Older versions of the HTTP/1.1 specification (e.g. RFC 2616) indicated that ISO-8859-1 is the default charset for text-based HTTP request and response bodies if no charset is indicated. Although RFC 7231 removed this default, the servlet specification continues to follow suit. Thus the servlet specification indicates that if a POST request does not indicate an encoding, it must be processed as ISO-8859-1, except for application/x-www-form-urlencoded, which by default should be interpreted as {{`}}US-ASCII` (as it by definition should contain only characters wi

[CONF] Apache Tomcat > All about bugs

2019-11-23 Thread Konstantin Kolinko (Confluence)
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
All about bugs 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Konstantin Kolinko edited at 10:32 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Add a permalink. Convert links to https.  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 FAQ / Bugs  Permalink to this page: https://cwiki.apache.org/confluence/x/hyklBg  Preface If you think you found a bug, please first read this page. Questions 
 
 I have a bug, what do I do?  
 Why does feature ABC work in Servlet Container XYZ but not in Tomcat?  
 I submitted a bug, why is it ignored?  
 What does it mean to contact the user list?  
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8  
 
 
  
 
 
 
 
 
 
 
 
 




Re: [tomcat] branch 7.0.x updated: BZ 63950 - Limit wait time in a test case.

2019-11-23 Thread Konstantin Kolinko
сб, 23 нояб. 2019 г. в 23:03, Michael Osipov :
>
> Am 2019-11-23 um 20:57 schrieb kkoli...@apache.org:
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > kkolinko pushed a commit to branch 7.0.x
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/7.0.x by this push:
> >   new 858f7e7  BZ 63950 - Limit wait time in a test case.
> > 858f7e7 is described below
> >
> > commit 858f7e7d3d367f4654a95aa31f0ebf57185e12cc
> > Author: Konstantin Kolinko 
> > AuthorDate: Sat Nov 23 21:05:50 2019 +0300
> >
> >  BZ 63950 - Limit wait time in a test case.
> >
> >  Limit waiting time for endLatch of 
> > TestAsyncContextStateChanges#testAsync(),
> >  so that the test does not hang indefinitely in case if expected event 
> > does not happen.
> > ---
> >   .../org/apache/catalina/core/TestAsyncContextStateChanges.java | 10 
> > +-
> >   1 file changed, 5 insertions(+), 5 deletions(-)
> >
> > diff --git 
> > a/test/org/apache/catalina/core/TestAsyncContextStateChanges.java 
> > b/test/org/apache/catalina/core/TestAsyncContextStateChanges.java
> > index b9fce86..9c7e723 100644
> > --- a/test/org/apache/catalina/core/TestAsyncContextStateChanges.java
> > +++ b/test/org/apache/catalina/core/TestAsyncContextStateChanges.java
> > @@ -22,6 +22,7 @@ import java.util.ArrayList;
> >   import java.util.Collection;
> >   import java.util.List;
> >   import java.util.concurrent.CountDownLatch;
> > +import java.util.concurrent.TimeUnit;
> >   import java.util.concurrent.atomic.AtomicBoolean;
> >
> >   import javax.servlet.AsyncContext;
> > @@ -125,11 +126,10 @@ public class TestAsyncContextStateChanges extends 
> > TomcatBaseTest {
> >   if (asyncEnd.isError()) {
> >   client.disconnect();
> >   closeLatch.countDown();
> > -try {
> > -endLatch.await();
> > -} catch (InterruptedException e) {
> > -// Ignore
> > -}
> > +
> > +Assert.assertTrue(
> > +"Awaiting endLatch did not complete in 10 seconds",
> > +endLatch.await(10, TimeUnit.SECONDS));
> >       } else {
> >   client.setUseContentLength(true);
> >   client.readResponse(true);
>
> Doe this fix the issue or the symptom?

It improves handling of the failure. The issue itself is not fixed.

It makes the test fail instead of hanging the CI server and allows
subsequent tests to run.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [tomcat] branch 8.5.x updated: Add RFC references.

2019-11-22 Thread Konstantin Kolinko
пт, 22 нояб. 2019 г. в 22:49, Christopher Schultz
:
>
> Konstantin,
>
> On 11/21/19 12:36, Konstantin Kolinko wrote:
> > чт, 21 нояб. 2019 г. в 20:14, :
> >>
> >> [...]
> >>
> >> commit fdf0ba0aaebaffd588077defea0f56d6ba81396e Author:
> >> Christopher Schultz  AuthorDate:
> >> Thu Nov 21 11:17:54 2019 -0500
> >>
> >> Add RFC references. ---
> >> java/org/apache/catalina/servlets/WebdavServlet.java | 7 ++-
> >> 1 file changed, 6 insertions(+), 1 deletion(-)
> >>
> >> [...]
> >>
> >> + * @see https://tools.ietf.org/html/rfc4918 */
> >
> > This change triggered a compilation failure at Buildbot, see
> > https://ci.apache.org/builders/tomcat-85-trunk/builds/2053
> >
> > IIRC, if a plain URL is used in a '@see' tag it should be in double
> > quotes, @see "https://tools.ietf.org/html/rfc4918;
>
> Thank you for the review. I didn't check javadoc warnings before
> committing.
>
> Here is the documentation for @see:
>
> https://docs.oracle.com/javase/7/docs/technotes/tools/windows/javadoc.ht
> ml#see
>
> Should I instead use:
>
> @see ...
>
> ?

Yes.

Thank you.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 7.0.98

2019-11-22 Thread Konstantin Kolinko
пт, 22 нояб. 2019 г. в 16:19, Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.98 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.98/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1239/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.98
> fde40d7e0c7a1b0b2423cb84ad220a5d98b65591
>
> The proposed 7.0.98 release is:
> [x] Broken - do not release
> [ ] Stable - go ahead and release as 7.0.98 Stable

Unfortunately, it is broken.
Testing on Windows 10,
the test "org.apache.catalina.core.TestAsyncContextStateChanges"
always hangs for an APR connector, regardless of version of Java
- tested 32-bit native with 32-bit Oracle Java 6u45, 7u80
- tested 64-bit native with 64-bit Java 8u222 from AdoptOpenJDK, Java
13 from OpenJDK.

For NIO and BIO connectors the same test completes successfully in 13 seconds.

It appears to be the same issue as was filed earlier today by Michael
who was testing on FreeBSD,
https://bz.apache.org/bugzilla/show_bug.cgi?id=63950

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [tomcat] branch 8.5.x updated: Add RFC references.

2019-11-21 Thread Konstantin Kolinko
чт, 21 нояб. 2019 г. в 20:14, :
>
> This is an automated email from the ASF dual-hosted git repository.
>
> schultz pushed a commit to branch 8.5.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/8.5.x by this push:
>  new fdf0ba0  Add RFC references.
> fdf0ba0 is described below
>
> commit fdf0ba0aaebaffd588077defea0f56d6ba81396e
> Author: Christopher Schultz 
> AuthorDate: Thu Nov 21 11:17:54 2019 -0500
>
> Add RFC references.
> ---
>  java/org/apache/catalina/servlets/WebdavServlet.java | 7 ++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java 
> b/java/org/apache/catalina/servlets/WebdavServlet.java
> index ef5573d..f870443 100644
> --- a/java/org/apache/catalina/servlets/WebdavServlet.java
> +++ b/java/org/apache/catalina/servlets/WebdavServlet.java
> @@ -61,7 +61,10 @@ import org.xml.sax.InputSource;
>  import org.xml.sax.SAXException;
>
>  /**
> - * Servlet which adds support for WebDAV level 2. All the basic HTTP requests
> + * Servlet which adds support for
> + * https://tools.ietf.org/html/rfc4918;>WebDAV
> + * https://tools.ietf.org/html/rfc4918#section-18;>level 2.
> + * All the basic HTTP requests
>   * are handled by the DefaultServlet. The WebDAVServlet must not be used as 
> the
>   * default servlet (ie mapped to '/') as it will not work in this 
> configuration.
>   * 
> @@ -120,6 +123,8 @@ import org.xml.sax.SAXException;
>   * http://host:port/context/webdavedit/content
>   *
>   * @author Remy Maucherat
> + *
> + * @see https://tools.ietf.org/html/rfc4918
>   */

This change triggered a compilation failure at Buildbot, see
https://ci.apache.org/builders/tomcat-85-trunk/builds/2053

IIRC, if a plain URL is used in a '@see' tag it should be in double quotes,
@see "https://tools.ietf.org/html/rfc4918;


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Using CSRF prevention filter with session-timeout workflow resumption

2019-11-21 Thread Konstantin Kolinko
ср, 20 нояб. 2019 г. в 23:36, Christopher Schultz
:
>
> All,
>
> The servlet spec defines the workflow for form-based authentication:
> if the client requests a protected resource, an authorization check is
> performed. If the user is unauthenticated, the login form is shown.
> Successful login allows the user to be sent to the
> originally-requested resource.
>
> This works great to allow users to pick-up workflows where they
> left-off in the case of session timeout: once authenticated, the user
> is sent back to the page they were trying to get to originally,
> including a potential re-POST of form data, for example.
>
> With the CSRF prevention filter in-place, this then causes an error
> (well, CSRF policy violation == forbidden response) because the nonce
> originally added to the request's query string no longer matches a
> valid nonce on the server.
>
> This can be considered both good and bad behavior. Good: if handed a
> forged nonce from an attacker, the nonce will not be valid if the user
> is asked to login. Session-fixation attacks could get an attacker
> around this. Bad: it completely and totally breaks workflow-resumption.
>
> I'm looking for a way around this because I *really* like the fact
> that you can resume a workflow after re-authenticating.
>
> (I happen to be using a 3rd-party authentication and authorization
> library implemented as a Filter and I'm having some issues with
> getting that working as well, but the problem exists with the stock
> Tomcat authenticators.)
>
> Is there a safe way to implement workflow-resumption in the presence
> of the CSRF prevention filter? Or even under *any* CSRF scheme?

1. I think you need to look at specific examples.

E.g. with Tomcat Manager web application, do you want to resume such
an operation?

Possible scenarios:
1) The operation was triggered from a stale page
E.g. the top page was open for more than 30 minutes and one tries to
stop a web application, or to upload a new one.

2) The operation was triggered by following a bookmark in a browser

3) The operation was triggered by following a link prepared by an attacker

4) An attacker triggers a link silently, e.g. using it as a src
address for an image.

2. I think that resuming an operation

a) needs some clear confirmation from a user.

b) should be distinct from any other confirmation. E.g. not to be
confused with an authentication prompt.

c) it should be clear to a user what specific operation is being resumed.

So that an attacker (in scenario 3)) cannot trick you into performing
a different operation than what you were expecting.


3. I think that a lot can be done with a custom 403 page if there is
an indication that the 403 response was triggered by a CSRF filter.

At least we can make the 403 page in Tomcat Manager more friendly in
case the rejection was caused by CSRF protection.

We already have some request attributes that indicate that there was a
problem with processing of a request,

org.apache.catalina.parameter_parse_failed
org.apache.catalina.parameter_parse_failed_reason

I use them in configurations for AccessLogValve.

Maybe we could introduce similar features for the rejections generated
by CsrfPreventionFilter, CorsFilter, RemoteAddrFilter /
RemoteAddrValve, so that the cause of rejection could be visible in an
access log and so that one could prepare a custom error page.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [tomcat] 04/06: Allow customization of the CSRF prevention filter's request parameter name.

2019-11-20 Thread Konstantin Kolinko
ср, 20 нояб. 2019 г. в 22:20, :
>
> This is an automated email from the ASF dual-hosted git repository.
>
> schultz pushed a commit to branch 8.5.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> View the commit online:
> https://github.com/apache/tomcat/commit/856a2e2482fde9e8c8d0535942a70c2ddfc8d676
>
> commit 856a2e2482fde9e8c8d0535942a70c2ddfc8d676
> Author: Christopher Schultz 
> AuthorDate: Tue Nov 19 12:54:45 2019 -0500
>
> Allow customization of the CSRF prevention filter's request parameter 
> name.
> ---
>  .../catalina/filters/CsrfPreventionFilter.java | 24 
> +-
>  webapps/docs/changelog.xml |  5 +++--
>  2 files changed, 22 insertions(+), 7 deletions(-)
>
> diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java 
> b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> index cd1b576..fe4399f 100644
> --- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> +++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java

[...]

> -public CsrfResponseWrapper(HttpServletResponse response, String 
> nonce) {
> +public CsrfResponseWrapper(HttpServletResponse response, String 
> nonceRequestParameterName, String nonce) {
>  super(response);
> +this.nonceRequestParameterName = nonceRequestParameterName;
>  this.nonce = nonce;
>  }

Tests need to be adjusted, as they use the constructor above.
See remm's commit on master for a fix,
https://github.com/apache/tomcat/commit/9d7cb5468fbf2df4709c222b472bd86a26c9d4b6

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 8.5.49

2019-11-20 Thread Konstantin Kolinko
вт, 19 нояб. 2019 г. в 19:58, Mark Thomas :
>
> On 19/11/2019 00:44, Konstantin Kolinko wrote:
> > вт, 19 нояб. 2019 г. в 01:42, Mark Thomas :
> >
> > I think the single pollset change should not be backported to Tomcat 7.
> > I am OK with it being backported to Tomcat 8.5.
>
> In favour of back-porting:
> [...]
> - Windows XP / Server 2003 are out of support. I think it would be
>   unusual for a user to be keeping Tomcat up to date but not the OS.
> - sendfile is already using a larger pollset size and we have had no
>   complaints (that I recall)

Updating an OS costs money (if it is Windows) and may be not possible
due to hardware limitations.

That said, reviewing the changes and comments once again,
I see that this is not a showstopper for Windows XP users, if there are any.

The comments say about reduced performance, not an inability to run Tomcat.
The pollset size can be adjusted by configuring maxConnections="1024"
or less. I think that is a reasonable value for some legacy server.

Thus OK to backport to Tomcat 7.

Looking into documentation,
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
Regarding maxConnections it says
"Note that for APR/native on Windows, the configured value will be
reduced to the highest multiple of 1024 that is less than or equal to
maxConnections."

I think that is no longer true.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 8.5.49

2019-11-18 Thread Konstantin Kolinko
вт, 19 нояб. 2019 г. в 01:42, Mark Thomas :
>
> On 18/11/2019 22:01, Rémy Maucherat wrote:
> > On Mon, Nov 18, 2019 at 10:22 PM Mark Thomas  > <mailto:ma...@apache.org>> wrote:
>
> > Is porting the multipoller removal to 7.0 really doable ?
>
> I don't know. I haven't looked at the code yet. I do have an alternative
> fix I tested that should work if back-porting proves tricky.
>
> > It could be running on older Windows platforms maybe.
>
> That would only be an issue of the versions of Windows were so old they
> were no longer supported by Microsoft. Users in those circumstances are
> unlikely to be updating to the latest 7.0.x release anyway. Therefore
> that isn't something I'm particularly worrying about. (But I am happy to
> be over-ruled if the consensus is not to back-port to 7.0.x.)

Searching my mailbox and archives at https://tomcat.markmail.org/,

a) Tomcat 7.0.96 running on Windows XP  was mentioned recently (August 2019)
https://bz.apache.org/bugzilla/show_bug.cgi?id=63625#c16

b) Tomcat 8.5 was never mentioned running on Windows XP or on Windows 2003.
There was one thread about Tomcat 8.5.3 when a client was using
Windows XP, but Tomcat was running on Ubuntu.
There was one thread in year 2017 about posting an application from an
old server running Windows 2003 and Tomcat 5 to Tomcat 8.5.
https://markmail.org/thread/qvmzmmjz2dqohbk5

I think the single pollset change should not be backported to Tomcat 7.
I am OK with it being backported to Tomcat 8.5.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 8.5.49

2019-11-18 Thread Konstantin Kolinko
вт, 19 нояб. 2019 г. в 00:22, Mark Thomas :
>
> On 17/11/2019 19:01, Mark Thomas wrote:
>
> We have a regression affecting 8.5.x (and 7.0.x).
>
> The fix [1] for an issue raised on the users list [2] was incorrect and
> creating a different issue [3].
>
> There are two questions to address.
>
> a) Do we cancel the 8.5.49 release for this and roll a 8.5.50 release?

If we are re-rolling, I would like to pull back Chris Schultz's
changes to CSRF Filter
(8c143abae26f9b0c49b233c3e7a9cb6cc5b1b0ed)
until all issues with those changes are solved on master (9.0).

Not a showstopper.

> b) Do we fix this by a) correcting [1] or back-porting the change to a
> single poll set?
>
> I'm leaning towards 8.5.50 and back-port the single poll set change.
>

What is easier for you?
If 7.0.x needs a patch as well, won't it be easier to have the same
patch as for 7.0?

(For reference, discussion of the single poll set change on dev@, Jul 05 2019
https://tomcat.markmail.org/thread/dzlcnmuodeqe27w7
Subject:Re: [tomcat] branch master updated: Quick fix for poller issue
reported on users list
)

The removed code is for older OSes like Windows XP. As stated in a
comment in that code (in AprEndpoint.java) the issue was solved in
Windows Vista,
Support for Windows XP ended April 8, 2014.  The first version of Java
8 was March 18, 2014, thus we are safe to assume that Tomcat 9 does
not run on Windows XP.

The first version of Java 7 was in 2011, thus I think that Tomcat 8.0
may run on Windows XP.

Tomcat 8.5.0 was released in March 2016, so I think it was never
really tested on Windows XP.  Looking into the "Vote" thread for
8.5.0, it was tested on Windows 7. Thus I have no objections against
backporting the single pollset change to Tomcat 8.5.

Officially, running Java 7 on Windows XP is no longer supported by
Oracle. For reference:
https://www.oracle.com/technetwork/java/javase/config-417990.html
"Oracle JDK 7 and JRE 7 Certified System Configurations"


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Possible optimization for class loading?

2019-11-17 Thread Konstantin Kolinko
вс, 17 нояб. 2019 г. в 18:40, Rainer Jung :
>
> I noticed a slowness during Webapp startup on the Winows platform.
> Investigation showed, that about three seconds of the webapp startup
> time - roughly 1/3 of the total time - was due to
> File.getCanonicalPath(). That call seems to be especially expensive on
> Windows, because it iterates over each component of the path in question
> and does at least three system calls on each of them. So if you app is
> installed in a somewhat deeply nested path, getCanonicalPath() gets
> especially expensive.
>

Just as a reminder:
getCanonicalPath() is necessary to deal with file system on Windows
being case-insensitive. (Removing those calls is likely to lead to
exploitable security issues.) On case-sensitive filesystems one can
configure  in Tomcat 8.5/9.0 and some
of those checks will be disabled.

http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html

In Tomcat 7.0 the same configuration flag exists on Context,

http://tomcat.apache.org/tomcat-7.0-doc/config/context.html

> One can check this with a simple test app and running the ProcessMonitpr
> from SysInternals, which can nicely trace file system operations.
>
> I noticed that by far the most occurrences happened during webapp class
> loading. StandardRoot initializes resources to contain a DirResourceSet
> first and then a JarResourceSet per WEB-INF/lib jar file.
>
> Now any class loading (of not yet loaded classes) goes through the
> following stack (this is for TC 8.5):
>
> ...
> java.base@13.0.1/java.io.File.getCanonicalPath(File.java:618)
> org.apache.catalina.webresources.AbstractFileResourceSet.file(AbstractFileResourceSet.java:90)
> org.apache.catalina.webresources.DirResourceSet.getResource(DirResourceSet.java:101)
> org.apache.catalina.webresources.StandardRoot.getResourceInternal(StandardRoot.java:281)
> org.apache.catalina.webresources.Cache.getResource(Cache.java:62)
> org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:216)
> org.apache.catalina.webresources.StandardRoot.getClassLoaderResource(StandardRoot.java:225)
> org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2279)
> org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:857)
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1329)
> - locked (a java.lang.Object@1797c4d) index 11 frame
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1329)
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1182)
> ...
>
> In our case, the webapp does not have a WEB-INF/classes directory.
> Nevertheless TC always goes through the DirResourceSet running the
> expensive getCanonicalPath(), returning an EmptyResource and then
> looking for the class and finding it in one of the jar file resources.
> This happens about 5000 times (due to the number of classes to load).
>
> I know that we have to do this in general, because WEB-INF/classes have
> precedence over WEB-INF/lib, but maybe we could optimize in the case we
> are looking for a class but WEB-INF/classes does not even exist? Would
> this be a reasonable general optimization?

There are two scenarios:
(a) changes are expected: the web application classes can be updated
at runtime (with new classes being added),
(b) no changes: the web application classes are not updated at runtime.

(b) is certainly the case when the application runs in production mode
(when JSPs cannot be updated either)

(a) may be useful in some scenarios. Maybe in production if some
classes are added to a web application at run time as plugins.

I think that (b) is the case even when running in development mode, as
we are talking about classes, not JSPs here. IIRC Eclipse IDE restarts
a web application when its classes are updated and recompiled by the
IDE. I think that (a) is not used in development.
What do others think about it?
I remember some questions about hot-swapping of classes (for sake of
debugging), but Tomcat does not have such feature yet.

I think we can assume (b) by default, but have a flag to specify that
it is really (a).

If it is the (b) case, a single call to File.exists() /
File.isDirectory() is sufficient to remember "the classes directory
does not exist" and stop further lookups.

If if is the (a) case, a call to call File.exists() /
File.isDirectory() can be added as an optimization before calling
getCanonicalPath().

I think that we cannot remember "the classes directory does not exist"
fact without having a flag to disable such feature.


Looking into AbstractFileResourceSet.file() from the above stacktrace,
some check are already there, e.g. "mustExist" flag. I see that
DirResourceSet.getRes

  1   2   3   4   5   6   7   8   9   10   >