Servlet.Service() NullPointer on Filter - Really need some help on this one...
Hi All, I am hoping that someone is able to assist with some problems I am currently having with a filter I have written. The filter is designed to deal with authentication for users to check they have a particular cookie set then place an object into the session for further use. I have researched this error extensively online and can't find any documentation on correcting it. The error presented below only occurs on around 12% of requests (sometimes a few percent either side of this) according to my profiler when the code is put under some load - I am wondering if it may be caused by some form of concurrent request error in the filters whereby the Servlet object is being reset or otherwise nulled out. The codebase looks like: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )throws IOException, ServletException { try { req = (HttpServletRequest)request; res = (HttpServletResponse)response; .. //Create Session object HttpSession session = req.getSession( true ); session.setAttribute( QutClientObject.NAME, qutClient ); sessionCreated = true; //set REMOTE_USER res.addHeader(REMOTE_USER,qutClient.getUserName()); // Filter chaining completed, move to next filter in chain chain.doFilter( request, response ); return; } } Error occurs on line: req.getSession( true ); The error from tomcat(both 4.1.24 and 4.1.27) is: 2003-10-28 17:35:35 StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception java.lang.NullPointerException at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRequestFacade.java:365) at au.edu.qut.jauth.client.JAuthFilter.doFilter(JAuthFilter.java:197) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2416) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619) at java.lang.Thread.run(Thread.java:534) Any help would be very much appreciated I am almost out of ideas for this one... cheers, Bradley. - To unsubscribe,
Allocated instances
I work for a company that provides an application that is shipped pre-configured with Tomcat as a server. Until this customer, we had no issues with Tomcat. At this particular installation, each time I shut down Tomcat, I get a message that is waiting for x instance(s) to be deallocated - can get to hundreds. I have also been notified that the application didn't respond twice and had to be restarted. Since it is a standard configuration that didn't cause any problems so far, I don't think it has anything to do with the application code. This instance is deployed on an Intel platform -2 hyperthreaded Xeon CUPs, gigabit ethernet, Windows 2000 server, 2 disk RAID, MS SQL 2000 database, JSQLConnect JDBC driver, latest JDK (1.4.2_2), Tomcat 4.1.27. I tried to change JDK versions (various 1.4.1 and 1.4.2), JDBC driver vendor, and Tomcat 4.1.24 - with no success. I also tried to use the legacy HTTP1.1 connector - same behavior. A thread dump shows various threads as locked (don't have it with me now) - but I understood that it doesn't necessarily implies a deadlock. Any ideas? Yonatan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session hijacking and tying session to IP address with filter
What does everyone think of the idea of noting the IP address in the session so that session hijackers identified if they try to steal a session that has a different IP address from their own? Are there any drawbacks to this method? Nobody can spoof an IP address and still get back the response, can they? Thanks Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How do I get off this list?
Hello, How do I get off this list? Thanks, Adam _ Concerned that messages may bounce because your Hotmail account has exceeded its 2MB storage limit? Get Hotmail Extra Storage! http://join.msn.com/?PAGE=features/es - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
using DBCP in other web containers.
Hello all, Is it possible to use DBCP coneection pool mechanism in other web containers and application servers ?. I dont want to use a proprietary connection pooling code and I dont want to use the existing code for some problems. I am not sure in which application server the application will be deployed. Antony Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat in combination with SMP and Sun java 1.4.1-01 or IBM java 1.3.x?
-Message d'origine- De : Daniel Gibby [mailto:[EMAIL PROTECTED] Envoyé : lundi 27 octobre 2003 17:19 À : Tomcat Users List Objet : Re: Tomcat in combination with SMP and Sun java 1.4.1-01 or IBM java 1.3.x? See thread tomcat jitters than hangs. Set environment variable for tomcat and apache: LD_ASSUME_KERNEL=2.2.5 No, we are talking about SIG11 (SIGSEGV) received by the JITC thread on an hyperthreaded machine. I don't think it is the same problem. François. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat in combination with SMP and Sun java 1.4.1-01 or IBM java 1.3.x?
No, we are talking about SIG11 (SIGSEGV) received by the JITC thread on an hyperthreaded machine. I don't think it is the same problem. What actually happens for me is that all java processes die but one. This one process keeps the HTTP port open but does not serve any requests made to the application. Patrick Ale System administrator Freeler B.V Email: [EMAIL PROTECTED] Tel.: +31 320 267678 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Centralized user management system
Thanks Cheong. That sounds like what I should. I don't understand why each of your new application should define their own user access control table. Should that be part of the centralized user management system? My following message will attach a prototype of my user management system database schema. I would appreciate if you can provide any suggestions. Gang -Original Message- From: Cheong Takhoe [mailto:[EMAIL PROTECTED] Sent: Monday, October 27, 2003 9:58 PM To: Tomcat Users List Subject: RE: Centralized user management system Hi Gang, We realised this 3 years ago when we started developing web applications for the company. So what we did in the first part was to develop our user management system onto our application framework. All our applications refer to the User object that goes across the applications. Management is done on a web front. Each new application has a defined user accessiblity table that defines who has access to that application. Might not be standard, but it works :) Regards, Cheong Takhoe -Original Message- From: Gang Wu [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 4:01 AM To: Tomcat Users List Subject: RE: Centralized user management system Yes, I need a program to maintain a centralized user database, then the later developed applications don't need invent their own user management module anymore. Instead the applications can reference the user information directly or via Tomcat JDBC Realm. There was an article published on Java World (http://www.javaworld.com/javaworld/jw-06-2001/jw-0615-tapestry.html), which introduced a system called Tapestry which does what I want, but the connection to the download site was removed. Is there anybody knows what happened there? I also saw some commercial systems, usually very expensive. There is an inexpensive one from http://cafesoft.com/ . The price for 5 concurrent licenses is $2,995. Is there anybody has experience with it or similar systems? Thanks Gang -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, October 27, 2003 1:52 PM To: Tomcat Users List Subject: RE: Centralized user management system Howdy, It sounds like you're looking for a complete standalone user management program to talk to your database. Tomcat doesn't have such a thing, as that's not tomcat's job to provide ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Gang Wu [mailto:[EMAIL PROTECTED] Sent: Monday, October 27, 2003 1:46 PM To: Tomcat Users List Subject: RE: Centralized user management system Hi Yoav, Thanks for the message. The JDBC Realm provides a way to connect to an external user management system, so applications can verify user privileges in a standard way. But Tomcat does not provide any mechanism to manage users and roles, which is supposed to be implemented in the external user management system. And that's what I am looking for. The procudt should provide mechanisms to define application user management model, usually User/Group/Role/Permission model. It should also provide interface (either web interface or stand-alone application) to maintain the defined model, such as add/remove user, assign/revoke privileges to user. People might suggest to use the Tomcat Admin service which provide web interface to maintain the user/role pairs. But that's too simple and not easy to maintain. Also the data is stored in the deployment file, but a DBMS storage is obviously preferred by most developers. Or is there a better Tomcat solution I did not know? Thanks Gang Wu -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, October 27, 2003 11:16 AM To: Tomcat Users List Subject: RE: Centralized user management system Howdy, Tomcat can run with a JDBC Realm to authenticate users and define roles, and that likely has all the features you need. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JDBCRe a lm Yoav Shapira Millennium ChemInformatics -Original Message- From: Gang Wu [mailto:[EMAIL PROTECTED] Sent: Monday, October 27, 2003 11:07 AM To: Tomcat Users List Subject: Centralized user management system Hello everyone, I have several applications running on Tomcat server. When developing the applications, each development team invented their own user management system(basically a set of database tables and web interface). Now we got into this kind of awkward situation: User has to remember different users/passwords for each applications and login for every applications. We are going to develop some new applications and also need user authentication. To avoid the multiple users/passwords problem, I'm looking for a system to centrally manage users for multiple applications. Does anybody know if there are any free or inexpensive systems I can use? It's not possible for us to pay $100,000 for this kind of system. I took a look at the Tomcat user/role
Re: Help with access to certificate on HTTPS
Thank you very much. It's nice to find people that know this stuff. Unfortunately req.getAttribute(org.apache.coyote.request.X509Certificate); also returns null when CLIENT-AUTH is set to false. Do I have some configuration problem I don't know about? I have seen several mentions on newsgroups that these attributes are supposed to work, but nobody talks about whether client-auth is set to true or false. They work just fine if client-auth is true. I'm hoping there's a solution if client-auth is false, as tomcat (or coyote) certainly gets the certificate according to javax.net.debug=all, and validates it as known to its keystore, it's hard to believe that it just throws it away. I'm trying to set context for my application based on which company is connecting by looking up the DN/PubKey in an internal database. The request gets through to the application, I just can't get the cert. The idea of using CLIENT-CERT with my own realm is an interesting one. I guess you're saying that CLIENT-CERT on the application works exactly like CLIENT-AUTH=TRUE works for the Coyote connector which I had hoped but hadn't found to be true, but that may be the realm problem). Okay, so I wrote my own realm and put it in the application context like this (modeled on JDBCRealm): Context path=/Application docBase=Reflector debug=0 crossContext=true Realm className=com.myco.myappname.myRealm debug=99 driverName=sun.jdbc.odbc.JdbcOdbcDriver connectionURL=jdbc:odbc:CATALINA2/ /Context and in my app deployment-descriptor: login-config auth-methodCLIENT-CERT/auth-method realm-namemyApp Certificates Realm/realm-name /login-config I get the Realm to start and see the startup messages, (after putting an large! number of jars in the classpath) and I still get this error from the app: snip E /headbodyh1HTTP Status 400 - No client certificate chain in this reques t/h1HR size=1 noshadepbtype/b Status report/ppbmessage/b u No client certificate chain in this request/u/ppbdescription/b uThe request sent by the client was syntactically incorrect (No client certificate ch ain in this request)./u/pHR size=1 noshadeh3Apache Tomcat/4.1.24/h3 /body/html /snip The certificate never gets into my Realm for authorization. But of course it does if I set CLIENT-AUTH to true. What am I doing wrong? Thanks in advance, Bill On 26 Oct 2003 at 14:39, Bill Barker wrote: Bill Harrelson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] To whoever can help: I have an application which requires certificates, and a bunch of servlets which don't. In my application I need to determine the originating client of the certificate-based connection (which comes from an enterprise application). I can do this if I can get access to either the request Principal, or the certificate itself. I have tried to use req.getUserPrincipal(); req.getAttribute(javax.servlet.request.X509Certificate); and req.getAttribute(javax.net.ssl.peer_certificates); This is specific to Tomcat 4.1 and higher, but: req.getAttribute(org.apache.coyote.request.X509Certificate); should work. Of course, this ties your application to Tomcat and there is no guarantee that future versions of Tomcat will continue to support it (although currently 5.0 does). all return null unless CLIENT-AUTH=true in server.xml is set, (in which case the x509cert attribute returns the cert chain the rest always return null) but this requires certificates for all access which is what I don't want. I also tried setting Valve className=org.apache.catalina.valves.CertificatesValve certificates=true debug=1/ in the context for the application but it didn't seem to help. CertificatesValve does nothing if you are using the Coyote connectors. I've also tried various combinations with CLIENT-CERT authorization in the deployment descriptor for the application. Some of the combinations simly block the interaction (saying no client-cert presented, when there is one.) This is the usual way. However, you have to use MemoryRealm, and enter the DN of all of your certs into tomcat-users.xml. Alternatively, you write your own Realm that decides which certs you like. I'm running 4.1.24 and 4.1.27 on XP Pro and Win2000. Can anyone help? Thanks, Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat in combination with SMP and Sun java 1.4.1-01 or IBM java 1.3.x?
What actually happens for me is that all java processes die but one. This one process keeps the HTTP port open but does not serve any requests made to the application. This is a known bug, as far as I know, there is a bugfix that will be included in 4.1.28 (hopefully released soon). The story is there : http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21763 SIG11 JITC problem is JVM related, I think. François. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Servlet.Service() NullPointer on Filter - Really need some he lp on this one...
Where are your req and res variables defined? They should be local to the doFilter() method or you could get concurrency issues. Andy -Original Message- From: Bradley Beddoes [mailto:[EMAIL PROTECTED] Sent: 28 October 2003 07:50 To: [EMAIL PROTECTED] Subject: Servlet.Service() NullPointer on Filter - Really need some help on this one... Hi All, I am hoping that someone is able to assist with some problems I am currently having with a filter I have written. The filter is designed to deal with authentication for users to check they have a particular cookie set then place an object into the session for further use. I have researched this error extensively online and can't find any documentation on correcting it. The error presented below only occurs on around 12% of requests (sometimes a few percent either side of this) according to my profiler when the code is put under some load - I am wondering if it may be caused by some form of concurrent request error in the filters whereby the Servlet object is being reset or otherwise nulled out. The codebase looks like: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )throws IOException, ServletException { try { req = (HttpServletRequest)request; res = (HttpServletResponse)response; .. //Create Session object HttpSession session = req.getSession( true ); session.setAttribute( QutClientObject.NAME, qutClient ); sessionCreated = true; //set REMOTE_USER res.addHeader(REMOTE_USER,qutClient.getUserName()); // Filter chaining completed, move to next filter in chain chain.doFilter( request, response ); return; } } Error occurs on line: req.getSession( true ); The error from tomcat(both 4.1.24 and 4.1.27) is: 2003-10-28 17:35:35 StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception java.lang.NullPointerException at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRequestFacade .java:365) at au.edu.qut.jauth.client.JAuthFilter.doFilter(JAuthFilter.java:197) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2416) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:392) at
RE: Form Double Submit Detection
Tom, You can also put JavaScript code in the form's onSubmit event code to disable all the elements in the form. To make sure this happens after submission (otherwise nothing gets submitted) use window.setTimeout() to run the disable script after a short delay. Another alternative is to put a unique token in a hidden field. The server keeps track of these tokens: once one is spent by submitting the form it can't be reused. This is more bulletproof but needs more coding (though I expect you could use a filter to localize it). Chris -Original Message- From: Bill Lunnon [mailto:[EMAIL PROTECTED] Sent: 27 October 2003 23:26 To: Tomcat Users List Subject: RE: Form Double Submit Detection Tom, Don't know if this is complimentary to your workflow, try a javascript confirm (ie a client side pop-up, asking the user to click Ok to continue). This will catch any double clicks on the client side. Hope this helps Bill -Original Message- From: Tom Parker [mailto:[EMAIL PROTECTED] Sent: Tuesday, 28 October 2003 10:18 AM To: [EMAIL PROTECTED] Subject: Form Double Submit Detection I've designed my workflows so that they do not need to store anything in the user's session. This allows the user to conduct more than one instance of a particular task at the same time without data getting mixed up. However this presents me with a problem if the user double clicks the submit button and causes the server to do something twice. The normal(?) way of detecting this would be to store a unique token in the session and in the form, and compare them to ensure that the user has not submitted this form twice. For this to work, you need to store something in the session for each possible form submission. If the user never submits the form, then the token will hang around for the life of the session as we don't know that the user won't submit the form someday. Currently I'm thinking of allowing the user to store a finite number of duplicate check tokens, or to make the tokens expire after an amount of time. The former doesn't seem very attractive (load a record, view a bunch of other records such that the first record's token is dropped, save the first record - no token found), while the latter could lead to rather a lot of tokens being stored. Is there a solution to this problem that I'm missing? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information in this e:mail and any attachments or any reproduction of this e:mail in whatever manner is confidential and for the use of the addressee(s) only. If you are not the addressee then the distribution, use or reproduction of this e:mail or the information within it is strictly prohibited and may be unlawful. If received in error please advise the sender and delete all record of it from your system. Although believed to be virus free, accurate and complete, responsibility for any loss or cost arising from its receipt or use or its incomplete or inaccurate transmission is hereby excluded to the fullest extent possible. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Servlet.Service() NullPointer on Filter - Really need some he lp on this one...
Hi Andy, I was considering that also however the req and res objects are specified as private members of the overall class that has been created (extends filter obviously) and i would have assumed that each request would instatiate a new object. Certainly willing to try them as local variables if you think that may help. cheers, Bradley Where are your req and res variables defined? They should be local to the doFilter() method or you could get concurrency issues. Andy -Original Message- From: Bradley Beddoes [mailto:[EMAIL PROTECTED] Sent: 28 October 2003 07:50 To: [EMAIL PROTECTED] Subject: Servlet.Service() NullPointer on Filter - Really need some help on this one... Hi All, I am hoping that someone is able to assist with some problems I am currently having with a filter I have written. The filter is designed to deal with authentication for users to check they have a particular cookie set then place an object into the session for further use. I have researched this error extensively online and can't find any documentation on correcting it. The error presented below only occurs on around 12% of requests (sometimes a few percent either side of this) according to my profiler when the code is put under some load - I am wondering if it may be caused by some form of concurrent request error in the filters whereby the Servlet object is being reset or otherwise nulled out. The codebase looks like: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )throws IOException, ServletException { try { req = (HttpServletRequest)request; res = (HttpServletResponse)response; .. //Create Session object HttpSession session = req.getSession( true ); session.setAttribute( QutClientObject.NAME, qutClient ); sessionCreated = true; //set REMOTE_USER res.addHeader(REMOTE_USER,qutClient.getUserName()); // Filter chaining completed, move to next filter in chain chain.doFilter( request, response ); return; } } Error occurs on line: req.getSession( true ); The error from tomcat(both 4.1.24 and 4.1.27) is: 2003-10-28 17:35:35 StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception java.lang.NullPointerException at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRe questFacade .java:365) at au.edu.qut.jauth.client.JAuthFilter.doFilter(JAuthFilter.java:197 ) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( Application FilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat ionFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrap perValve.ja va:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline .java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java: 995) at org.apache.catalina.core.StandardContextValve.invoke(StandardCont extValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline .java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java: 995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.j ava:2416) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostVal ve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispa tcherValve. java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportVal ve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline .java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java: 995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngin eValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline .java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java: 995)
Needed more support for catalina.base in Bootstrap
Hi all, Recently I have been trying to install and configure an OGSA server (www.globus.org) deployed over a Tomcat container. The problem I have is that it requires a lot of Tomcat customization: additional connectors in the server.conf, additional jars in the common/lib, common/endorsed and server/lib directories, conf/web.xml modifications, and so. In order to keep track of these changes, I decided to use a shared Tomcat installation, and do all the dirty business in a separated Tomcat instance, pointing CATALINA_BASE to it. Doing this I noticed that there was no place for putting my common/lib and server/lib jars. Digging in the source code, I found that CATALINA_BASE is not used at all when building the common and catalina class loaders. I think such a feature would be interesting not only for me, but for anyone who wants (or needs) to use custom valves, realms, etc, and so I have attached a patch to make it possible. The patch makes Tomcat to detect if catalina.base is defined to a value different from catalina.home, and if so, it adds the same directories to the class paths of the internal classloaders. Using this patch, I can create a common/lib and a server/lib on my separated Tomcat instance, and they are added to the correct classpath on startup. This is my first patch for Tomcat, so any comments or suggestions will be welcome :-) GRIDSYSTEMSRodrigo Ruiz Aguayo Parc Bit - Son EspanyolR D 07120 Palma de Mallorca[EMAIL PROTECTED] Baleares - España Tel:+34-971435085 www.gridsystems.comFax:+34-971435082 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Servlet.Service() NullPointer on Filter - Really need some he lp on this one...
Many requests may share the same Filter instance, so having instance variables to store the state of a request is a bad idea. You should look at re-coding your Filter to remove any instance variables. Andy -Original Message- From: Bradley Beddoes [mailto:[EMAIL PROTECTED] Sent: 28 October 2003 09:55 To: Tomcat Users List Subject: RE: Servlet.Service() NullPointer on Filter - Really need some he lp on this one... Hi Andy, I was considering that also however the req and res objects are specified as private members of the overall class that has been created (extends filter obviously) and i would have assumed that each request would instatiate a new object. Certainly willing to try them as local variables if you think that may help. cheers, Bradley Where are your req and res variables defined? They should be local to the doFilter() method or you could get concurrency issues. Andy -Original Message- From: Bradley Beddoes [mailto:[EMAIL PROTECTED] Sent: 28 October 2003 07:50 To: [EMAIL PROTECTED] Subject: Servlet.Service() NullPointer on Filter - Really need some help on this one... Hi All, I am hoping that someone is able to assist with some problems I am currently having with a filter I have written. The filter is designed to deal with authentication for users to check they have a particular cookie set then place an object into the session for further use. I have researched this error extensively online and can't find any documentation on correcting it. The error presented below only occurs on around 12% of requests (sometimes a few percent either side of this) according to my profiler when the code is put under some load - I am wondering if it may be caused by some form of concurrent request error in the filters whereby the Servlet object is being reset or otherwise nulled out. The codebase looks like: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )throws IOException, ServletException { try { req = (HttpServletRequest)request; res = (HttpServletResponse)response; .. //Create Session object HttpSession session = req.getSession( true ); session.setAttribute( QutClientObject.NAME, qutClient ); sessionCreated = true; //set REMOTE_USER res.addHeader(REMOTE_USER,qutClient.getUserName()); // Filter chaining completed, move to next filter in chain chain.doFilter( request, response ); return; } } Error occurs on line: req.getSession( true ); The error from tomcat(both 4.1.24 and 4.1.27) is: 2003-10-28 17:35:35 StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception java.lang.NullPointerException at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRe questFacade .java:365) at au.edu.qut.jauth.client.JAuthFilter.doFilter(JAuthFilter.java:197 ) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( Application FilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat ionFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrap perValve.ja va:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline .java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java: 995) at org.apache.catalina.core.StandardContextValve.invoke(StandardCont extValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline .java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java: 995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.j ava:2416) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostVal ve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispa tcherValve. java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportVal ve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo ntext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline .java:480) at
Use own taglib with old Tomcat versions?
I'm using Tomcat 4.1.27, but our customers will want to use older versions, too. I created a taglib by writing some classes which live in the WEB-INF/classes subdir of my application. I also created a file WEB-INF/tlds/frumple.tld which contains references to the classes. All works fine under 4.1.27, and it seems also under 4.1.24. But my colleague is using 4.1.18 and this version can't find the taglib reference. frumple.tld says that uri=frumpletags, and the file foo.jsp says %@ taglib prefix=fr uri=frumpletags %. Tomcat 4.1.18 then complains that it can't find the file /some/dir/frumpletags. I'm looking for a solution which ideally should work even with 4.0.6. Suggestions? tia, Kai PS: I guess that I can make an entry in web.xml for this taglib. (I was relying on the autodiscovery feature initially.) But it seems that I then need a *.jar file for the taglib. However, it would be more convenient if the taglib could live in the filesystem such that Eclipse and NetBeans will build it automatically. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Form Double Submit Detection
On 10/28/2003 10:42 AM Walker Chris wrote: Tom, You can also put JavaScript code in the form's onSubmit event code to disable all the elements in the form. To make sure this happens after submission (otherwise nothing gets submitted) use window.setTimeout() to run the disable script after a short delay. Another alternative is to put a unique token in a hidden field. The server keeps track of these tokens: once one is spent by submitting the form it can't be reused. This is more bulletproof but needs more coding (though I expect you could use a filter to localize it). jakarta struts has some good token creation code in their TokenProcessor class. Struts uses it so: on requesting the form, struts creates the token, stores it in a hidden field in the form and in the session. On submit, it checks the value of the hidden field against the value in the session. If they are not the same or are missing, it means the token in the form is invalid. I suped up this mechanism to overcome the problem that users opening multiple windows would invalidate the tokens in the all but the most recently opened windows. I don't store the token in the session. When the form submits, I check the session for a hashmap, if the token is not in the hashmap, I allow the transaction and then put the token in the hashmap. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I get off this list?
Send an email to the address below (tomcat-user-unsubscribe) and make sure you reply to the confirm-request. Adam On 10/27/2003 09:06 PM Adam Mantell wrote: Hello, How do I get off this list? Thanks, Adam _ Concerned that messages may bounce because your Hotmail account has exceeded its 2MB storage limit? Get Hotmail Extra Storage! http://join.msn.com/?PAGE=features/es - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5 JBoss
Is there any way to run JBoss with Tomcat 5 instead of 4.1.27? I'm using JBoss 3.2.2. I would like to switch to 5 because of the hotswap debugging feature. Thanks, Harm de Laat Informatiefabriek The Netherlands - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Form Double Submit Detection
Justin, Agreed. One word of caution... We actually synchronized on the session... You aren't guaranteed to have the same HttpSession object for every request -- HttpSession is an interface which is implemented internally and wrapped by a facade. Synchronizing on the actual object you get from req.getSession() can potentially leave you synchronizing on totally different objects. Oh, hey. I never really thought of that, although I kinda knew it without ever giving it much thought. Does that mean that you can never have exclusive access to your own session? Since the VM is allowed to play memory tricks when it thinks threads aren't related (which you can only do using memory barriers via synchronization), you can never be sure that the 'session' you're working with is in a consistent state or even valid. That's kinda scary. I'm guessing that in practical terms, there's rarely any reason to think that they're not predictable... -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: does tomcat work without apache? ... a real beginner asks some basic!?
dear yoav shapira, please don't take it personal! it's me who is sitting lots of hours and trying... thank your for your time spent to answer my emails. i have one last question and i hope i get a last answer: what you told me in your last email (with absolute and relative paths) - is this not only true for my private-tomcat-environment but also, when i once have an own domain like www.myapp.at? greetings and thank you so much for your help hans horwath Shapira, Yoav schrieb: Howdy, I'm quickly getting tired of this. You should really read the Context configuration reference in the tomcat docs, especially docBase and path, and make sure you understand them. You don't need multiple Engines or Hosts, one (the default) is enough. Don't have absolute links, i.e links that start with /, in your webapp. They should all be relative, i.e start with ./ or ../. If they have to start with /, it must be / + your webapp name + /the file, i.e. /sygenews/myfile.html. Yoav Shapira Millennium ChemInformatics -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 1:58 PM To: Tomcat Users List Subject: Re: does tomcat work without apache? ... a real beginner asks some basic!? hi, i tried the path= with my tomcat, and the result was the same. how does this http://yourserver:yourport; work in real-life: must i do several tomcat-installation, shall there be more host... entries or more engine...s?? please give me one more hint! thank you hans Shapira, Yoav schrieb: Howdy, with the paths: isn't it so, that docBase=... means, that all my links would be added to this entry? and why does it work in netbeans (i tried to find any differences but i didn't!)? No. Be careful to note the difference between a context's path and its docBase. You probably want a context whose path is , so that people can point their browser at http://yourserver:yourport/ and see your webapp. Why it works in NetBeans is probably because NetBeans deploys your webapp to the context by default. I'm not familiar enough with NetBeans to comment further. tell me, that i mustn't recode all my links! You should have coded them relatively in the first place to avoid this problem. Setting the context path to will save you the need to rewrite your links. and: installing my files under a domain: isn't it allowed(?) too, to say /formats.css?? It is allowed. Whether it makes sense to the container or not depends on your configuration. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache cannot load jk2 (bis)
Hello, I use the ${Apache2} in this mail for the path of my apache install directory. Using mod_jk2-1.3.27.dll to connect Apache2 (2.0.47 win 32) on Windows XP Pro and Tomcat 4.1.27 on the same host, The file mod_jk2-1.3.27.dll is in ${Apache2}/modules After creating the files stdout.log, stderr.log, jk2.shm,workers2.properties Apache is running OK on port 80, Tomcat OK on 8080 When adding at the end of the Apache config file httpd.conf the lines IfModule !mod_jk2.c LoadModule jk2_module modules/mod_jk2-1.3.27.dll /IfModule I have, when testing the apache config, the error message JK2 : Cannot load ${Apache2}/modules/mod_jk2-1.3.27.dll into server: Le module spécifié est introuvable. (the required module was not found) After reading many and many Howto, news and html pages, I don't find the solution. I try by changing the name to mod_jk2.dll (in both, http.conf and file system). I have administration rigths. SSL module is not loaded Who can help me ? Dr Jean-Max Estay [EMAIL PROTECTED] http://www.ima.uco.fr/personnes/estay Institut de Mathématiques Appliquées Université Catholique de l'Ouest 44,46 rue Rabelais BP 808 49008 ANGERS Cedex 01 France tel +33 2 41 81 67 05 fax +33 2 41 81 67 00
Re: JDBC Realm
David, I also have the user passwords encrypted using MD5 and this works fine. However we have a need to have all clear text passwords encrypted in configuration files. I need this realm to work with the connectionPassword value foobar encrypted. Does anyone know if this has been done and is there a patch of some sort available? So, you need the ability to authenticate some users after MD5'ing their passwords, and others without any digest? I think you'll have to roll your own Realm to do that. If you just want to turn off the MD5 part, you can simply leave out the 'digest=MD5' from the Realm configuration. But I assume that's not what you want. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authenticated JavaMail Session - a better way?
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jndi-resources-howto.html -Tim Brian Silberbauer wrote: Hi all I have just managed to work out how to create an authenticated JavaMail session with JNDI in Tomcat, but it is a slight hack - I was wondering whether anybody has a better idea of how to go about it. The problem is one can't store the password in the properties, JavaMail does not pick this up - I got around it by specifying the password in the properties vi a ResourceParameter in the server.xml, and then passing the property through explicitly: java.util.Properties props = mailsession.getProperties(); transport.connect(null, null, props.getProperty(mail.smtp.password)); This works for me, but is there a better way of doing this? Brian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking and tying session to IP address with filter
Adam, What does everyone think of the idea of noting the IP address in the session so that session hijackers identified if they try to steal a session that has a different IP address from their own? Are there any drawbacks to this method? Nobody can spoof an IP address and still get back the response, can they? I know of at least one group that will get screwed: AOL users. (spare the jokes :) No, really. I'm not sure if this is still the case, but I was working for a client that had a separate box running their application without a BigIP in front of it, simply because of their AOL users. It seems that AOL playss games with their gateways and NAT configuration so that the same user can click around the web and appear to have a different source IP for every request. It's total madness and apparently BigIP couldn't make any sense of it, at least with the version they were using. This could be a major drawback. What you might want to do is create a security log and simply log when the IP address changes for a session. You might find that either AOL no longer does this, or you have no AOL customers using your site. On the other hand, you can always do retrospective security audits. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking and tying session to IP address with filter
I think they can and you'll break AOL users. AOL and other large entities sometimes employ megaproxies where the user might appear to be coming from different ip addresses. The guaranteed way to prevent session hijacking is by using ssl. (And making sure your site is not victim to css attacks) -Tim Adam Hardy wrote: What does everyone think of the idea of noting the IP address in the session so that session hijackers identified if they try to steal a session that has a different IP address from their own? Are there any drawbacks to this method? Nobody can spoof an IP address and still get back the response, can they? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: using DBCP in other web containers.
Antony, Is it possible to use DBCP coneection pool mechanism in other web containers and application servers? Of course! In fact, Jakarta Commons DBCP has pretty much nothing to do with Tomcat, except that it's another Jakarta project. I dont want to use a proprietary connection pooling code and I dont want to use the existing code for some problems. I am not sure in which application server the application will be deployed. Go for it. I find that using the application server's DB setup and deployment tools is better because often the app server is configured by one person and the deployments are done by others. In that case, you don't have control over, say, specifying the global names of JNDI resources, etc. Also, most app servers some with their own (preferred?) DataSource implementations that wrap JDBC drivers. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authenticated JavaMail Session - a better way?
Thanks Tim, but that will not create an _authenticated_ SMTP connection. Please read the original post. Brian Tim Funk wrote: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jndi-resources-howto.html -Tim Brian Silberbauer wrote: Hi all I have just managed to work out how to create an authenticated JavaMail session with JNDI in Tomcat, but it is a slight hack - I was wondering whether anybody has a better idea of how to go about it. The problem is one can't store the password in the properties, JavaMail does not pick this up - I got around it by specifying the password in the properties vi a ResourceParameter in the server.xml, and then passing the property through explicitly: java.util.Properties props = mailsession.getProperties(); transport.connect(null, null, props.getProperty(mail.smtp.password)); This works for me, but is there a better way of doing this? Brian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Issues | Suggestion any?
Hey, Thanks again, but I was wondering why were you so amused about the Checklist part??? I wanted to know the best practices or some good learned lessons if any for tomcat. Anyways...my situation hasn't improved and all the tomcats have reached the max heap size and they have started taking more time in GC (tenured generation of 10-20 seconds - all the processes running the JVM have touched 1GB in memory). I am not in Boston for sure ;) Girl in sapient you have gone out with ... ;) ... hmmm Arnab -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:55 AM To: Tomcat Users List Subject: RE: Issues | Suggestion any? Howdy, I wish your mail program would quote properly -- it's much tougher to read your message without knowing what you wrote and what you quoted ;( Yes we are doing a -Xmx, -Xms, -XX:NewSize and not as I typed, sorry about the confusion. We are in the process to use either of the parallel GC algorithm with jvm 1.4.2 but dont have grounds to prove it would be better but only theoretical (wish if you can point to some). But, we need a parallel collector as we have 4 CPU's per machine and that in fact would help it with some more parameters like compaction. You would never be able to find GC numbers specific to your app. You must benchmark it yourself, on your servers, to get accurate numbers. Only that will tell you which GC settings are best. At the scale you're dealing with, the characteristics of your application matter a whole lot to the GC performance. I don't have at present the idea about this number (778m). But, I was more You should know why you're limited the heap at that unusual number. interested to understand the output that pmap returns and am enclosing one with this mail right now: I'm not a pmap expert, I've never found it useful in debugging performance or GC problems. I'm sure other people on the list could help more in this area. The output marked in red, what does this actually signify ??? Excess swapping ??? Why is the heap size in pmap output not equal to the one under the column size in 'TOP' ??? Top lists a lot more than just the heap, so you can't compare the output from top to just the heap in another tool's output. There was nothing marked in red in your message, so I don't know what you mean by the red question. Anyways what I meant was, if swapping was causing some problems here and do we require more memory or do we need to tune the application more. Comments??? When you look at top, it tells you how much swap space is being used. You want to minimize the amount of swap space used. If you have more physical memory, let the JVM use it by increasing the -Xmx setting. You have your causality mixed up here. High GC does not cause a high number of threads. Yeah I think you are right that high threads don't cause the GC but the default % heap which when filled will invoke the GC. But, more or less all these threads account for database connections actually and to some downloads. That's not what I said: What I said and what you say above are both right, but not the same thing. Why are they unable to come back? Are they not released back into the pool? Do they go bad but not abandoned by the pool? This is what I wanted to know but seems like the connections are held No one can answer that except you. Run your app inside a profiler and see what holds references to the connection objects. The crash message and id was checked. This was found an active bug on the sun's bug database. But, seems they have corrected it in jdk1.4.2. As we have't had any kills all of a sudden yet, it may have been solved or ...?? ... or you've been lucky so far. You should have the latest OS patches for the JDK installed as a matter of proper procedure. Keep watching this, but if it's OK for now, focus more on the memory usage. Please help me find a way out of this or a checklist of what need to be done/checked at this stage. A checklist ;) ;) Amusing. I used to go out with a girl who worked at Sapient. Are you up here in Boston? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Factory methods.
Why are some methods called factory methods? e.g. prepareStatement() in java.sql.PreparedStatement - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Factory methods.
To hide the implementation class. For example, this construct avoids having to do this OraclePreparedStatement p = new OraclePreparedStatement(conn); or PreparedStatement p = new MySQLPreparedStatement(conn); So, you can write portable database code by using vendor-neutral factory methods in place of actually referencing the vendor classes (implementation) themselves. - Original Message - From: anunay ashish [EMAIL PROTECTED] Date: Tuesday, October 28, 2003 6:35 am Subject: Factory methods. Why are some methods called factory methods? e.g. prepareStatement() in java.sql.PreparedStatement --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Needed more support for catalina.base in Bootstrap
From: Rodrigo Ruiz [EMAIL PROTECTED] Recently I have been trying to install and configure an OGSA server (www.globus.org) deployed over a Tomcat container. The problem I have is that it requires a lot of Tomcat customization: additional connectors in the server.conf, additional jars in the common/lib, common/endorsed and server/lib directories, conf/web.xml modifications, and so. In order to keep track of these changes, I decided to use a shared Tomcat installation, and do all the dirty business in a separated Tomcat instance, pointing CATALINA_BASE to it. Doing this I noticed that there was no place for putting my common/lib and server/lib jars. This sounds backwards. When using separate CATALINA_HOME and CATALINA_BASE locations, CATALINA_HOME - the central location. Classes used by tomcat (server and common respositories) are taken from this location. You'll also use the bin directory for this location. CATALINA_BASE - the lightweight installations. These contain web applications, their own logs, own configuration files, and make use of their own shared class repositories. If you think about it, this makes sense: separate CATALINA_BASEs can have different web applications, so the set of web application library depencies can vary from one CATALINA_BASE to the next. Digging in the source code, I found that CATALINA_BASE is not used at all when building the common and catalina class loaders. That's correct. CATALINA_BASE uses the shared class loader, and CATALINA_HOME uses common and server. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authenticated JavaMail Session - a better way?
Doh, missed that sentence. AFAIK, there is no way unless the 1.3 mail api exposes more properties for transport. (1.2 has a mail.user property but no password property) -Tim Brian Silberbauer wrote: Thanks Tim, but that will not create an _authenticated_ SMTP connection. Please read the original post. Brian Tim Funk wrote: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jndi-resources-howto.html -Tim Brian Silberbauer wrote: Hi all I have just managed to work out how to create an authenticated JavaMail session with JNDI in Tomcat, but it is a slight hack - I was wondering whether anybody has a better idea of how to go about it. The problem is one can't store the password in the properties, JavaMail does not pick this up - I got around it by specifying the password in the properties vi a ResourceParameter in the server.xml, and then passing the property through explicitly: java.util.Properties props = mailsession.getProperties(); transport.connect(null, null, props.getProperty(mail.smtp.password)); This works for me, but is there a better way of doing this? Brian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
encoding issues with HTML pages
Hello folks, this a different kind of matter, i have some web pages under a web-server. My pages are displayed with strange characters, an encoding problem, this web-server is for public use and i don´t have administrator previlegies. Is there a way to make my HTML pages displays correctly whatoever is the server encoding? Regards, Edson
Re: session hijacking and tying session to IP address with filter
On 10/28/2003 12:06 PM Tim Funk wrote: I think they can and you'll break AOL users. AOL and other large entities sometimes employ megaproxies where the user might appear to be coming from different ip addresses. OK I guess if I write a filter to reject requests where the IP address doesn't match the one in the session, then I can always make an exception for AOL browsers - assuming I can identify them from the browser user-agent or the IP address range. As Christopher says I guess I can do security reviews at regular intervals to see if it's a problem. The guaranteed way to prevent session hijacking is by using ssl. (And making sure your site is not victim to css attacks) I can't see using SSL for whole session being acceptable - perhaps generally the public usage will go this way, but at the moment that would just be giving fuel to some web-site reviewer to criticise my site for being over-anal about security. Plus it actually would be anal - I don't need to protect from session hijacking so badly that I encrypt the whole lot. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking and tying session to IP address with filter
On 10/28/2003 12:06 PM Tim Funk wrote: I think they can and you'll break AOL users. AOL and other large entities sometimes employ megaproxies where the user might appear to be coming from different ip addresses. The guaranteed way to prevent session hijacking is by using ssl. (And making sure your site is not victim to css attacks) BTW, what are css attacks? -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking and tying session to IP address with filter
On Tue, Oct 28, 2003 at 13:23:43 +0100, Adam Hardy wrote: On 10/28/2003 12:06 PM Tim Funk wrote: I think they can and you'll break AOL users. AOL and other large entities sometimes employ megaproxies where the user might appear to be coming from different ip addresses. The guaranteed way to prevent session hijacking is by using ssl. (And making sure your site is not victim to css attacks) BTW, what are css attacks? Cross-site scripting attack. If an attacker can put text into your application which are echoed back verbatim within the HTML source for different users, the attacker can insert javascript code to steal the cookies and other malicious things, which will be executed by the victim when the page is rendered in his/her browser. To avoid such attacks, you should for example make sure you HTML encode data you send (i.e. change and to lt; and gt; etc) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Source of JSP returned to user
Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com
mod_jk2 binary for Apache 2.0.47/Win
Hi, I am trying to integrate Tomcat with Apache2 via the mod_jk2 module and CoyoteConnector on the Java side. Nothing experimental here, so far. Problem is 1) the module needs to be compiled against exactly the same Apache version into which it is to be deployed later 2) the only binary Apache2 is 2.0.47 3) the only binary mod_jk2 is against 2.0.43 4) I don't have a MSVC compiler suite 5) The jakarta-connector documents say that only MSVC is possible, so I conclude MinGW or Cygwin won't be helpful here If anybody could point me to a solution to this it would be very helpful. Thanks and regards, -Florian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking and tying session to IP address with filter
IIRC, AOL users can use any web browser. -Tim Adam Hardy wrote: OK I guess if I write a filter to reject requests where the IP address doesn't match the one in the session, then I can always make an exception for AOL browsers - assuming I can identify them from the browser user-agent or the IP address range. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Source of JSP returned to user
I can't replicate this on my system: jakarta-tomcat-4.1.12-LE-jdk14 java version 1.4.2 kernel-source-2.6.0-test2 So, my sugested workaround would be to install Linux!! Brian Jon O'Sullivan wrote: Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Source of JSP returned to user
Linux is case sensetive for filenames, Windows appearantly still is not. :-) Patrick Ale System administrator Freeler B.V Email: [EMAIL PROTECTED] Tel.: +31 320 267678 Muda o mundo, começe com você mesmo -Oorspronkelijk bericht- Van: Brian Silberbauer [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 28 oktober 2003 13:24 Aan: Tomcat Users List Onderwerp: Re: Source of JSP returned to user I can't replicate this on my system: jakarta-tomcat-4.1.12-LE-jdk14 java version 1.4.2 kernel-source-2.6.0-test2 So, my sugested workaround would be to install Linux!! Brian Jon O'Sullivan wrote: Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon _ ___ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com _ ___ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking and tying session to IP address with filter
On 10/28/2003 01:30 PM Frode E. Moe wrote: On Tue, Oct 28, 2003 at 13:23:43 +0100, Adam Hardy wrote: BTW, what are css attacks? Cross-site scripting attack. If an attacker can put text into your application which are echoed back verbatim within the HTML source for different users, the attacker can insert javascript code to steal the cookies and other malicious things, which will be executed by the victim when the page is rendered in his/her browser. To avoid such attacks, you should for example make sure you HTML encode data you send (i.e. change and to lt; and gt; etc) Ah, ok. Thought it might be something to do with style sheets. Thanks. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Hey man, long not see you
Norton AntiVirus Deleted1.txt Description: plain/text - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session hijacking and tying session to IP address with filter
Hi Adam, Tying sessions to a particular IP address would be bad for more than just AOL users. It is very common in corporations and organisations to have multiple proxy servers/virus scanners through which client HTTP requests are 'round-robbined' or load-balanced. Each HTTP request will thus appear to come from a different IP address. This is perfectly valid in HTTP since it is a stateless protocol, however time and time again I come across sites which try to impose an aritificial 'session' connection between HTTP requests and their source IP addresses, breaking access for many users. And I actually find it a bit disturbing that in this day and age of somebody would be called anal about security for simply implementing their website via SSL :-) - I would consider this to be a minimum requirement and only the first step for any website remotely interested in security. Regards, Morgan -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 13:23 To: Tomcat Users List Subject: Re: session hijacking and tying session to IP address with filter On 10/28/2003 12:06 PM Tim Funk wrote: I think they can and you'll break AOL users. AOL and other large entities sometimes employ megaproxies where the user might appear to be coming from different ip addresses. OK I guess if I write a filter to reject requests where the IP address doesn't match the one in the session, then I can always make an exception for AOL browsers - assuming I can identify them from the browser user-agent or the IP address range. As Christopher says I guess I can do security reviews at regular intervals to see if it's a problem. The guaranteed way to prevent session hijacking is by using ssl. (And making sure your site is not victim to css attacks) I can't see using SSL for whole session being acceptable - perhaps generally the public usage will go this way, but at the moment that would just be giving fuel to some web-site reviewer to criticise my site for being over-anal about security. Plus it actually would be anal - I don't need to protect from session hijacking so badly that I encrypt the whole lot. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: J2SDK 1.4.2_01 + Linux + file.encoding
Hi everyone, maybe this is off-topic but I read somewhere in Internet that the JVM System Properties should not be configured via -D parameter cause it is not guarranted to work. I always used this to configure the file.encoding in Linux machines to ISO-8859-1 but it didn´t work with J2SDK 1.4.2 so some pages serverd by Tomcat display ISO-8859-1 characters as question marks. I solved my problem setting the enviroment variable LANG to my specific locale (LANG=pt_BR.ISO-8859-1) and it worked it out! Luiz Ricardo - Original Message - From: David O'Brien [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, October 27, 2003 2:21 PM Subject: Re: J2SDK 1.4.2_01 + Linux + file.encoding I face the same problem but haven't found a solution yet. I had to revert to the old version of the SDK. If you find anything could you let me know? -Dave At 12:12 PM 10/27/2003, you wrote: Hi everyone, I have the following configuration: Linux Mandrake 8.0 J2SDK 1.4.2_01 Tomcat 4.1.27 In my application I have to read some files that contains characters that are ISO-8859-1 charset but when I display these file contents by Tomcat the ISO-8859-1 characters are replaced by question marks, Tomcat is started with the parameter -Dfile.encoding=ISO-8859-1. The detail is that if I use J2SDK1.4.1 everything works fine! I would like to know if someone here faced this problem and/or has some tip how to solve it. Thanks in advance, Luiz Ricardo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] David G. O'Brien Web Services Coordinator / Systems Administrator NACCRRA The Nation's Network of Child Care Resource Referral 1319 F Street NW, Suite 500 Washington, DC 20004 (202) 393-5501 ext. 113 (202) 393-1109 fax - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Source of JSP returned to user
Since JDK 1.4.2 is being used, try the workaround specified for (you will need to register to see the bug): http://developer.java.sun.com/developer/bugParade/bugs/4895132.html which is: Specify -Dsun.io.useCanonCaches=false to the JVM. Or, try JDK 1.4.1 which doesn't have the cannon cache feature. HTH. Larry P.S. Partial bug description from the bug report above: For an existing file, getCanonicalPath() sometimes can produce a pathname whose case doesn't match that of the existing file's pathname. This doesn't matter in terms of being able to access the file, but it appears that some applications, such as TomCat, depend on getting the correct case. Sometimes the answer for the same input is inconsistent. -Original Message- From: Jon O'Sullivan [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: '[EMAIL PROTECTED]' Subject: Source of JSP returned to user Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon __ __ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com __ __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Solution for mod_weppp Communitcation interrupted error message
Hi! I think I found the cause of the weird Communitcation interrupted error message. The description of the problem and the solution I implemented is found in the following page: http://www.nlink.com.br/~wagner/webapp_error.html The text would be somewhat long if I described it here in this e-mail. Hope this can help someone. --- Este e-mail foi enviado por http://www.nlink.com.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Source of JSP returned to user
Jon, Mostly the default configuration, but using port 80 rather than 8080. Are you sure you are not running, say, Apache on port 80, and that you have an Alias or DocumentRoot pointing into your webapp's root? I'm guessing that you don't have two HttpConnectors defined in server.xml: one for port 8080 and one for port 80. If so, what is serving port 80 requests? Check the headers coming back. It'll probably tell you what's sending you the page. If so, you'll have to use Apache's configuration to block requests to those resources. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 JBoss
JBoss and Tomcat run best when bundled together. At this point, they don't have a bundle with Tomcat 5 yet. Furthermore, Tomcat 5 is still in beta. Maybe that's the reason why the jboss folks want to wait until it is in production release. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 04:44 AM Subject: Tomcat 5 JBoss Is there any way to run JBoss with Tomcat 5 instead of 4.1.27? I'm using JBoss 3.2.2. I would like to switch to 5 because of the hotswap debugging feature. Thanks, Harm de Laat Informatiefabriek The Netherlands - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large Scale Deploymenet on Tomcat ?
I am sure the fine folks at jboss.org are glad to help you out on this. - Original Message - From: ARUN PRASAD [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 27, 2003 09:13 PM Subject: Large Scale Deploymenet on Tomcat ? Hi ! Are there any success stories of deploying a large scale application (1+ users ) on tomcat+jboss out there ? Really need to convince the top bosses down here to give it a chance :) Arun Justin Ruthenbeck [EMAIL PROTECTED] ne.comTo Tomcat Users List 28-10-03 08:26 AM [EMAIL PROTECTED] cc Please respond to Subject Tomcat Users Re: Form Double Submit Detection List [EMAIL PROTECTED] rta.apache.org Agreed. One word of caution... At 06:46 PM 10/27/2003, you wrote: I've had to do this before when credit card processing was being done. A double-click can result in the credit card being charged twice, so you've really got to avoid it. We actually synchronized on the session for the duration of the processing, and then set a flag in the session once the processing was done. Any subsequent attempts would be flagged as duplicates and you'd just get a results screen. You aren't guaranteed to have the same HttpSession object for every request -- HttpSession is an interface which is implemented internally and wrapped by a facade. Synchronizing on the actual object you get from req.getSession() can potentially leave you synchronizing on totally different objects. justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] DISCLAIMER** * Information contained and transmitted by this e-mail is confidential and proprietary to Tata Steel Ltd. and is intended for use only by the addressee. If you are not the intended recipient , you are notified that any dissemination or copying of this e-mail is strictly prohibited and you are requested to delete this e-mail immediately and notify the originator. Tata Steel does not enter into any binding agreement with any party by e-mail. Any views expressed by an individual do not necessarily reflect the view of Tata Steel. Tata Steel is not responsible for the consequences of any actions taken on the basis of information provided. While this e-mail has been checked for all known viruses the addressee should also scan for viruses. To know more about Tata Steel please visit www.tatasteel.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: encoding issues with HTML pages
Edson, Hello folks, this a different kind of matter, i have some web pages under a web-server. My pages are displayed with strange characters, an encoding problem, this web-server is for public use and i don´t have administrator previlegies. Is there a way to make my HTML pages displays correctly whatoever is the server encoding? I just checked the headers served by a random page on my server, and this is one of 'em: Content-Type: text/html; charset=ISO-8859-1 The Content-type header can optionally contain the description of the character set to use (as shown). If you don't have control over the server at all, and all you can do is change your own web pages, then consider using this meta tag: meta http-equiv=Content-Type content=text;html; charset=ISO-8859-1 This generally directs browsers to use *your* specified content type instead of the one suggested by the server. Just replace the ISO-8859-1 with the character set appropriate for your content. Hope that helps, -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: encoding issues with HTML pages
Hello folks, this a different kind of matter, i have some web pages under a web-server. My pages are displayed with strange characters, an encoding problem, this web-server is for public use and i don´t have administrator previlegies. Is there a way to make my HTML pages displays correctly whatoever is the server encoding? Do the pages have the correct encoding attribute in them? In your head/head section you should have something like: meta http-equiv=content-type content=text/html; charset=ISO-8859-1 / Also it can't hurt to set your html lang setting to something like: html xmlns=http://www.w3.org/1999/xhtml; xml:lang=en lang=en Of course, this assumes you are using xhtml... Hope this helps. [OT] Also check in other browsers. I created a great looking site in IE that had extensive use of CSS. Under both Mozilla and Opera it looked terrible. -- Graham Reeds, [EMAIL PROTECTED] | http://omnieng.co.uk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JWSDP-JAXRPC with Tomcat?
Anybody know of a good tutorial on getting my JWSDP/JAXRPC to handle SOAP requests in Tomcat, or anyboudy have any pointers where to start? I found this tuturial, but it seems to be quite useless unless you just want their examples up and running: http://java.sun.com/webservices/docs/1.3/tutorial/doc/index.html Med venlig hilsen/Best regards Søren Neigaard System Architect Mobilethink A/S Arosgaarden Åboulevarden 23, 4.sal DK - 8000 Århus C Telefon: +45 86207800 Direct: +45 86207810 Fax: +45 86207801 Email: [EMAIL PROTECTED] Web: www.mobilethink.dk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Allocated instances
Howdy, At this particular installation, each time I shut down Tomcat, I get a message that is waiting for x instance(s) to be deallocated - can get to It'd be useful to know instances of what class ;) Can the customer, or you, reproduce this problem easily? If so, you can run the app inside a profiler or another tool that will give you a heap snapshot showing what those instances are. Since it is a standard configuration that didn't cause any problems so far, I don't think it has anything to do with the application code. Maybe, maybe not. It's impossible to rule out the application code without further information. legacy HTTP1.1 connector - same behavior. A thread dump shows various threads as locked (don't have it with me now) - but I understood that it doesn't necessarily implies a deadlock. It doesn't necessarily mean a deadlock, you're right. But it could mean a deadlock, and it could be very helpful in determining what's causing problems. If you post the thread dump we'll help analyze it... ;) Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: does tomcat work without apache? ... a real beginner asks some basic!?
Howdy, dear yoav shapira, please don't take it personal! it's me who is sitting lots of hours and trying... Don't worry about me ;) I get enough amusement out of this mailing list to make up for the annoyance ;) what you told me in your last email (with absolute and relative paths) - is this not only true for my private-tomcat-environment but also, when i once have an own domain like www.myapp.at? Yes, it's true for that as well. Use relative links. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JWSDP-JAXRPC with Tomcat?
Howdy, Chapter 12 of the URL you gave is useful. You can also google ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Søren Neigaard [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 8:58 AM To: '[EMAIL PROTECTED]' Subject: JWSDP-JAXRPC with Tomcat? Anybody know of a good tutorial on getting my JWSDP/JAXRPC to handle SOAP requests in Tomcat, or anyboudy have any pointers where to start? I found this tuturial, but it seems to be quite useless unless you just want their examples up and running: http://java.sun.com/webservices/docs/1.3/tutorial/doc/index.html Med venlig hilsen/Best regards Søren Neigaard System Architect Mobilethink A/S Arosgaarden Åboulevarden 23, 4.sal DK - 8000 Århus C Telefon: +45 86207800 Direct: +45 86207810 Fax: +45 86207801 Email: [EMAIL PROTECTED] Web: www.mobilethink.dk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Needed more support for catalina.base in Bootstrap
Howdy, What Steve said is right on target. Your patch is not likely to make it into the tomcat code base ;) A couple of other pointers, however: - Patches are always welcome -- so thanks for contributing ;) - Don't attach them to messages: open a bugzilla enhancement request and attach your patch, or better yet, a diff file from current sources to your patch, in the bugzilla issue. - You may wish to discuss the need for and intent of your patch on the dev list before writing the patch itself. - If you intend to contribute more, which I hope is the case, please read the guidelines for getting involved with jakarta: http://jakarta.apache.org/site/getinvolved.html Yoav Shapira Millennium ChemInformatics -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:19 AM To: Tomcat Users List Subject: Re: Needed more support for catalina.base in Bootstrap From: Rodrigo Ruiz [EMAIL PROTECTED] Recently I have been trying to install and configure an OGSA server (www.globus.org) deployed over a Tomcat container. The problem I have is that it requires a lot of Tomcat customization: additional connectors in the server.conf, additional jars in the common/lib, common/endorsed and server/lib directories, conf/web.xml modifications, and so. In order to keep track of these changes, I decided to use a shared Tomcat installation, and do all the dirty business in a separated Tomcat instance, pointing CATALINA_BASE to it. Doing this I noticed that there was no place for putting my common/lib and server/lib jars. This sounds backwards. When using separate CATALINA_HOME and CATALINA_BASE locations, CATALINA_HOME - the central location. Classes used by tomcat (server and common respositories) are taken from this location. You'll also use the bin directory for this location. CATALINA_BASE - the lightweight installations. These contain web applications, their own logs, own configuration files, and make use of their own shared class repositories. If you think about it, this makes sense: separate CATALINA_BASEs can have different web applications, so the set of web application library depencies can vary from one CATALINA_BASE to the next. Digging in the source code, I found that CATALINA_BASE is not used at all when building the common and catalina class loaders. That's correct. CATALINA_BASE uses the shared class loader, and CATALINA_HOME uses common and server. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC Realm
Can you please explain this a little better. You have in your database a list of all your user's passwords encrypted using MD5. Do you also have a clear text copy of them? Then you want to encrypt this clear text copy for use in your configuration files? If you don't already have a cleartext copy of the passwords you are going to have to get your users to submit them as your MD5 version is useless. You could amend your application to read the password, store it in the clear, then compare it using MD5. Then as they all log in they will have given you a copy of their password. Andoni. - Original Message - From: Gardner, David [IT] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 3:15 AM Subject: JDBC Realm I have a JDBC Realm configured against a sybase database and it works fine. See below I have changed the details for obvious security reasons. Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.sybase.jdbc2.jdbc.SybDriver connectionURL=jdbc:sybase:Tds:foo.au.bar.com:666/foo_bar connectionName=foobar connectionPassword=foobar userTable=User userNameCol=userName userCredCol=password userRoleTable=UserRole roleNameCol=roleName digest=MD5/ I also have the user passwords encrypted using MD5 and this works fine. However we have a need to have all clear text passwords encrypted in configuration files. I need this realm to work with the connectionPassword value foobar encrypted. Does anyone know if this has been done and is there a patch of some sort available? David Gardner Software Developer Cititech Level 11, 2 Park Street Sydney NSW Australia 2000 Phone: (+612) 8225 4803 Fax: (+612) 8225 Email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
TeraData DataSource
Has anyone been able to connect to a TeraData datasource using thier JDBC driver? I'm getting the following error. java.sql.SQLException: Cannot create JDBC driver of class 'com.ncr.teradata.TeraConnectionPoolDataSource' for connect URL 'jdbc:teradata://sw72sqldv3:7060' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:541) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:329) at com.ibm.afeb.manager.DCSDatabaseManager.getConnection(DCSDatabaseManager.java:101) at com.ibm.afeb.manager.DCSDatabaseManager.getConnection(DCSDatabaseManager.java:83) at com.shaw.ssfs.component.SSFSUser.insertAuditRecord(SSFSUser.java:247) at com.shaw.ssfs.component.SSFSUser.login(SSFSUser.java:307) at com.shaw.swat.security.SWATLogin.processRequest(SWATLogin.java:203) at com.ibm.afeb.manager.DCSSessionManager.processRequest(DCSSessionManager.java:187) at com.ibm.afeb.servlet.DCSServlet.doPerform(DCSServlet.java:131) at com.ibm.afeb.servlet.DCSServlet.doPost(DCSServlet.java:198) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) Thanks, Ken Martinson** Privileged and/or confidential information may be contained in this message. If you are not the addressee indicated in this message (or are not responsible for delivery of this message to that person) , you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify the sender by reply e-mail. If you or your employer do not consent to Internet e-mail for messages of this kind, please advise the sender. Shaw Industries does not provide or endorse any opinions, conclusions or other information in this message that do not relate to the official business of the company or its subsidiaries. **
Re: Needed more support for catalina.base in Bootstrap
Thanks for your responses, I will follow your suggestions :-) - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 3:16 PM Subject: RE: Needed more support for catalina.base in Bootstrap Howdy, What Steve said is right on target. Your patch is not likely to make it into the tomcat code base ;) A couple of other pointers, however: - Patches are always welcome -- so thanks for contributing ;) - Don't attach them to messages: open a bugzilla enhancement request and attach your patch, or better yet, a diff file from current sources to your patch, in the bugzilla issue. - You may wish to discuss the need for and intent of your patch on the dev list before writing the patch itself. - If you intend to contribute more, which I hope is the case, please read the guidelines for getting involved with jakarta: http://jakarta.apache.org/site/getinvolved.html Yoav Shapira Millennium ChemInformatics -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:19 AM To: Tomcat Users List Subject: Re: Needed more support for catalina.base in Bootstrap From: Rodrigo Ruiz [EMAIL PROTECTED] Recently I have been trying to install and configure an OGSA server (www.globus.org) deployed over a Tomcat container. The problem I have is that it requires a lot of Tomcat customization: additional connectors in the server.conf, additional jars in the common/lib, common/endorsed and server/lib directories, conf/web.xml modifications, and so. In order to keep track of these changes, I decided to use a shared Tomcat installation, and do all the dirty business in a separated Tomcat instance, pointing CATALINA_BASE to it. Doing this I noticed that there was no place for putting my common/lib and server/lib jars. This sounds backwards. When using separate CATALINA_HOME and CATALINA_BASE locations, CATALINA_HOME - the central location. Classes used by tomcat (server and common respositories) are taken from this location. You'll also use the bin directory for this location. CATALINA_BASE - the lightweight installations. These contain web applications, their own logs, own configuration files, and make use of their own shared class repositories. If you think about it, this makes sense: separate CATALINA_BASEs can have different web applications, so the set of web application library depencies can vary from one CATALINA_BASE to the next. Digging in the source code, I found that CATALINA_BASE is not used at all when building the common and catalina class loaders. That's correct. CATALINA_BASE uses the shared class loader, and CATALINA_HOME uses common and server. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Number of processes and relationship to mod_jk, Apache, tomcat
I am trying to understand the relationship between applications in Tomcat, the number of Tomcat processes, Apache mod_jk and the number of threads. For instance on a system I have the following Apache 1.3.28, Tomcat 4.1.27, Java 1.4.2_02 I use the follow commands to see what is listening to different ports to get an idea of what process or threads are running. Apache: lsof -i tcp:80 | wc -l This gives me 12 processes listening to port 80 (I checked these are related to the number of Apache instances) Tomcat direct port: lsof -i tcp:8080 | wc -l This gives me 50 process that also correspond to the number of tomcat instances running(i.e. the number of java instances I see in ps ) Tomcat mod_jk port: lsof -i tcp:8009 | wc -l gives me 550 I have included my condensed jk.properties and workers.properties files at the end if that may help. Now I now that these numbers will change depending on load but I am trying to understand the relationship. So my questions is how do the numbers relate to each other? How does this effect performance? How could I tune these numbers? Now I have a vague understanding of how these relate but the numbers don't add up for me. I have read the docs and searched for quite a while for a better description. Thanks FILE: jk.properties ### LoadModule jk_module libexec/mod_jk.so JkWorkersFile /usr/local/tomcat/conf/workers.properties JkLogFile /usr/local/tomcat/logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %U %T %b ## /examples1 Alias /examples1 /usr/local/tomcat/webapps/examples1 Location /examples1/WEB-INF/ AllowOverride None deny from all /Location JkMount /examples1/* worker1 ## /ctrials Alias /ctrials /usr/local/tomcat/webapps/ctrials Location /ctrials/WEB-INF/ AllowOverride None deny from all /Location JkMount /ctrials/* worker1 ## /syndication Alias /syndication /usr/local/tomcat/webapps/syndication Location /syndication/WEB-INF/ AllowOverride None deny from all /Location JkMount /syndication/* worker1 ## /fellowship Alias /fellowship /usr/local/tomcat/webapps/fellowship Location /fellowship/WEB-INF/ AllowOverride None deny from all /Location JkMount /fellowship/* worker1 ## /test Alias /test /usr/local/tomcat/webapps/test Location /test/WEB-INF/ AllowOverride None deny from all /Location JkMount /test/* worker1 # All jsp go to worker1 JkMount /*.jsp worker1 # All servlets goes to worker1 JkMount /*/servlet/ worker1 ## FILE: workers.properties ## # Define some properties workers.apache_log=/usr/local/apache/logs/ workers.tomcat_home=/usr/local/tomcat workers.java_home=/usr/local/java/ ps=/ # Define workers worker.list=worker1 worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.lbfactor=1 #worker.worker1.cachesize=10 #worker.worker1.cache_timeout=300 worker.worker1.socket_keepalive=1 worker.worker1.socket_timeout=300 # how many ms to wait for PONG after sending a PING for connection worker.worker1.connect_timeout=2000 # how many ms to wait for PONG after sending a PING before posting data worker.worker1.prepost_timeout=2000 # how long to wait for a reply after sending data before server considers connection dead worker.worker1.reply_timeout=180 ## - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 binary for Apache 2.0.47/Win
Hi, Apache 2.0.47 will work with mod_jk2 connector. I have it working on my machine. In apache httpd.conf LoadModule jk2_module modules/mod_jk2.dll (I named it mod_jk2.dll) workers2.properties file in your apache2/conf/ directory #For the first tomcat listening on port 8009 First instance of Web Services listening on port 9000 [channel.socket:machine1:8009] info=Ajp13 forwarding over socket debug=20 tomcatId=tomcat1 #Load Balancing Tomcat on port 9000 lb_factor=20 #Second tomcat on machine 2 port 9300 #[channel.socket:machine2:8009] #info=Ajp13 forwarding over socket debug=20 #tomcatId=tomcat2 #Load Balancing tomcat port 9300 lb_factor=10 [status:] info=Status worker,displays run time informations [uri:/jkstatus/*] info=Displaystatusinformationandcheckstheconfigfileforchanges. group=status: [uri:/examples/*] info=Examplewebappinthedefaultcontext. context=/examples debug=20 #Configure the shared memory file [shm] file=C:/apache/apache2/logs/shm.file size=1048576 debug=0 #End of Workers2.properties. In server.xml !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler / Engine name=Standalone defaultHost=localhost debug=0 jvmRoute=tomcat1 This is all you need to configure Asif -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: Tomcat Users List Subject: mod_jk2 binary for Apache 2.0.47/Win Hi, I am trying to integrate Tomcat with Apache2 via the mod_jk2 module and CoyoteConnector on the Java side. Nothing experimental here, so far. Problem is 1) the module needs to be compiled against exactly the same Apache version into which it is to be deployed later 2) the only binary Apache2 is 2.0.47 3) the only binary mod_jk2 is against 2.0.43 4) I don't have a MSVC compiler suite 5) The jakarta-connector documents say that only MSVC is possible, so I conclude MinGW or Cygwin won't be helpful here If anybody could point me to a solution to this it would be very helpful. Thanks and regards, -Florian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Configuring tomcat to serve request from specific IP addresses
Hi, Is there any way to configure tomcat to enable its services (HTTP request/responses ) to specific IP address(s) only ? If yes, Can these configurations be made dynamically so that without restarting the tomcat changes should be active? I am using Tomcat 4.0.1 and is a standalone. I checked the tags and thier attributes of server.xml but couldn't find a proper solution since I am not sure about the dynamic parameters.Can any one help me out in this or suggest some pointers to go ahead? regards Hari DISCLAIMER: This message (including attachment if any) is confidential and may be privileged. Before opening attachments please check them for viruses and defects. MindTree Consulting Private Limited (MindTree) will not be responsible for any viruses or defects or any forwarded attachments emanating either from within MindTree or outside. If you have received this message by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change and MindTree shall not be liable for any improper, untimely or incomplete transmission. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Replicating Application variables
We have a web application with multiple sub-systems . viz. , Order Processing, Inventory Management etc., I need a way to isolate each of these sub-systems. One approach I have thought of is setting an Application variables which then will be picked up the system and deny access to that particular sub-system. My question is : Can we replicate application variables like sessions? If so, how can it be done? Also, for clustering is there a master node or a controlling node ? The reason i ask this question is, I need to know how to take care of session clean ups. If I schedule session cleanups based on the session time stamp, which node do i run it on? I cannot run it on every node as it will start to run at the scheduled time on all nodes and create conflicts. Also, this will help me decide my build strategy. Environment: JBoss 3.2, TomCat 5.1 Karthik Duddala Developer - Web Team Commerce Technologies Ph. 518-886-0700 x. 3881 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Configuring tomcat to serve request from specific IP addresses
Howdy, RemoteAddressFilter, RTFM. Yoav Shapira Millennium ChemInformatics -Original Message- From: Hari Krishna ( Associate ) [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 9:59 AM To: Tomcat Users List Subject: Configuring tomcat to serve request from specific IP addresses Hi, Is there any way to configure tomcat to enable its services (HTTP request/responses ) to specific IP address(s) only ? If yes, Can these configurations be made dynamically so that without restarting the tomcat changes should be active? I am using Tomcat 4.0.1 and is a standalone. I checked the tags and thier attributes of server.xml but couldn't find a proper solution since I am not sure about the dynamic parameters.Can any one help me out in this or suggest some pointers to go ahead? regards Hari DISCLAIMER: This message (including attachment if any) is confidential and may be privileged. Before opening attachments please check them for viruses and defects. MindTree Consulting Private Limited (MindTree) will not be responsible for any viruses or defects or any forwarded attachments emanating either from within MindTree or outside. If you have received this message by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change and MindTree shall not be liable for any improper, untimely or incomplete transmission. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Replicating Application variables
Howdy, We have a web application with multiple sub-systems . viz. , Order Processing, Inventory Management etc., I need a way to isolate each of these sub-systems. Why don't you make them separate webapps? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring tomcat to serve request from specific IP addresses
http://jakarta.apache.org/tomcat/faq/security.html#restrict In 4.1.X, I think this can be configured on the fly via the admin webapp. But 4.0.X will need a restart. -Tim Hari Krishna ( Associate ) wrote: Hi, Is there any way to configure tomcat to enable its services (HTTP request/responses ) to specific IP address(s) only ? If yes, Can these configurations be made dynamically so that without restarting the tomcat changes should be active? I am using Tomcat 4.0.1 and is a standalone. I checked the tags and thier attributes of server.xml but couldn't find a proper solution since I am not sure about the dynamic parameters.Can any one help me out in this or suggest some pointers to go ahead? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hey man, long not see you
Do we have an anti-virus software running on this list server? This message was infected... --JM [EMAIL PROTECTED] wrote: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: mod_jk2 binary for Apache 2.0.47/Win
Hi Jean-Max, this won't work, Apache accepts only modules with exactly matching version numbers. I tried the mod_jk module, because this one is in sync with the Apache2 release. You can get it here: http://www.apache.de/dist/jakarta/tomcat-connectors/jk/binaries/win32/ mod_jk is deprecated, I know. But it has been in production for a faily long time, so it shouldn't be too daring to use this. To get it running, one has to do configuration in several places: First, I created a file workers.peroperties in $TOMCAT_HOME/conf like this: --- worker.list=worker1 worker.worker1.host=127.0.0.1 worker.worker1.port=8009 worker.worker1.type=ajp13 --- Then I added this to $APACHE_HOME/conf/httpd.conf, behind the section where all the othher LoadModule ... directives get listed. --- LoadModule jk_module modules/mod_jk_1.2.5_2.0.47.dll #AddModule mod_jk_1.2.5_2.0.47.c #AddModule jk_module.c #AddModule mod_jk.c JkWorkersFile c:/jakarta-tomcat-4.1.24/conf/workers.properties JkLogFile C:/Programme/Apache Group/Apache2/logs/mod_jk.log JkLogLevel debug JkLogStampFormat [%a %b %d %H:%M:%S %Y] --- - adjust path to your workers.properties here - add path for a log file for the module here (eg. mod_jk.log) Then, add this snippet to httpd.conf VirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot C:/Programme/Apache Group/Apache2/htdocs_javaroom ServerName javaroom ErrorLog logs/javaroom-error.log CustomLog logs/javaroom-access.log common JkMount /*.jsp worker1 JkMount /javaroom/* worker1 /VirtualHost - replace the virtual host server name with your server name - replace JkMount /javaroom/* so that it specifies some webapp context of yours And, finally, add the neccessary Tomcat Connector to your server.xml: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=250 / - I put it just behind Service ... Then restart Tomcat and Apache2 and ping your app. One question remains: All the documentation, I consulted said one has to use a AddModule ... directive in the httpd.conf. But all the commented variants above prevent the apache from starting up at all. Do you have any idea what this might happen to mean? -Florian Jean-Max Estay wrote: Hello, I think we are in the same lock. I don't know if you saw my mail in this thread. In a nutshell, I try to connect Apache 2.0.47 (win32) with Tomcat via JK2 and use the only module I identify : mod_jk2-1.3.27.dll. And Apache can't load this module from this dll ! If you resolve your pb, please send me the trick. I will do if I find it first. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TeraData DataSource
Ken, Has anyone been able to connect to a TeraData datasource using thier JDBC driver? I'm getting the following error. java.sql.SQLException: Cannot create JDBC driver of class 'com.ncr.teradata.TeraConnectionPoolDataSource' for connect URL 'jdbc:teradata://sw72sqldv3:7060' Did this exception have a caused by stack trace along with it? -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Replicating Application variables
Howdy, We have a web application with multiple sub-systems . viz. , Order Processing, Inventory Management etc., I need a way to isolate each of these sub-systems. Why don't you make them separate webapps? Yoav Shapira What are the advantages of having separate webapps? We have a clustered environment and I need a way to replicate an application session across the multiple servers. Karthik Duddala Developer - Web Team Commerce Technologies Ph. 518-886-0700 x. 3881 Shapira, Yoav [EMAIL PROTECTED] .com To Tomcat Users List 10/28/2003 10:02 [EMAIL PROTECTED] AM cc Subject Please respond to RE: Replicating Application Tomcat Users variables List [EMAIL PROTECTED] rta.apache.org Howdy, We have a web application with multiple sub-systems . viz. , Order Processing, Inventory Management etc., I need a way to isolate each of these sub-systems. Why don't you make them separate webapps? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TeraData DataSource
No suitable driver. The TeraData .jar file is in the common/lib folder. Thanks, Ken Martinson ext. 3048 Christopher Schultz [EMAIL PROTECTED] 10/28/2003 10:26 AM Please respond to Tomcat Users List [EMAIL PROTECTED] To Tomcat Users List [EMAIL PROTECTED] cc Subject Re: TeraData DataSource Ken, Has anyone been able to connect to a TeraData datasource using thier JDBC driver? I'm getting the following error. java.sql.SQLException: Cannot create JDBC driver of class 'com.ncr.teradata.TeraConnectionPoolDataSource' for connect URL 'jdbc:teradata://sw72sqldv3:7060' Did this exception have a caused by stack trace along with it? -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** Privileged and/or confidential information may be contained in this message. If you are not the addressee indicated in this message (or are not responsible for delivery of this message to that person) , you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify the sender by reply e-mail. If you or your employer do not consent to Internet e-mail for messages of this kind, please advise the sender. Shaw Industries does not provide or endorse any opinions, conclusions or other information in this message that do not relate to the official business of the company or its subsidiaries. **
Re: Number of processes and relationship to mod_jk, Apache, tomcat
Andrew, I am trying to understand the relationship between applications in Tomcat, the number of Tomcat processes, Apache mod_jk and the number of threads. Apache: lsof -i tcp:80 | wc -l This gives me 12 processes listening to port 80 (I checked these are related to the number of Apache instances) You should be able to predict this from the httpd.conf file. Do the numbers add up for Apache? Tomcat direct port: lsof -i tcp:8080 | wc -l This gives me 50 process that also correspond to the number of tomcat instances running(i.e. the number of java instances I see in ps ) What UNIX flavor are you running? I know that in old versions of Linux, each pthread was shown as a separate process. Thus, it looked like many processes (really threads) all held the same resource. For example, they all had the same resident memory footprint (because the memory is shared) and they all were bound to the same ports. In the later versions (mine being one of them, I've got kernel 2.4.20), they only show up as one process. Thus, I get this output: [EMAIL PROTECTED] ]# /usr/sbin/lsof -i tcp:8009 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME java9313 tomcat 15u IPv4 69785 TCP *:8009 (LISTEN) [EMAIL PROTECTED] ]# I'm guessing that you're getting multiple lines that all look like this. Is this accurate? Only one process can bind to a port at any given time, so multiple processes (even with separate pids) might appear to be bound to that port. Tomcat mod_jk port: lsof -i tcp:8009 | wc -l gives me 550 Again, see the discussion of the threads/processes above. Also note that you may have many more threads that you thought you would. I recall that each (non-nio) stream in Java requires a separate thread, so System.in, System.out, and System.err already give you three threads. Then, you've got the main thread, plus the thread pool to serve requests from remote clients. That may be large, although having that number higher than your Apache request processor limit is probably a waste. Now I know that these numbers will change depending on load but I am trying to understand the relationship. Well, some numbers should not change. For example, there should be a hard limit on the number of Apache threads/processes running. You can tune that in httpd.conf. For the Java process, it's harder to predict because of the way the VM retires threads and when your server is creating them. Ideally, new threads wouldn't be created at all because there would be a closed thread pool (unless you have a min and max thread pool size and the number of threads depends on load). So my questions is how do the numbers relate to each other? The number of Apache processes is usually completely unrelated to the java process counts (except that there will be more java threads than Apache processes :). How does this effect performance? Most of the processes are very lightweight. Apache is a lean, mean, web-serving machine so don't worry about that. What you should worry about is if your thread count continually goes up and never comes back down. You'd have a nasty resource leak, then. If you avoid creating your own threads in your web application (which you should be avoiding anyway), you're generally okay. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How do I get off this list?
Im trying to do that myself. I tried the unsubscribe option, but the reply to email id doesnt work. Thanks and Regards, Mandar -Original Message- From: Adam Mantell [mailto:[EMAIL PROTECTED] Sent: Monday, October 27, 2003 3:06 PM To: [EMAIL PROTECTED] Subject: How do I get off this list? Hello, How do I get off this list? Thanks, Adam _ Concerned that messages may bounce because your Hotmail account has exceeded its 2MB storage limit? Get Hotmail Extra Storage! http://join.msn.com/?PAGE=features/es - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring tomcat to serve request from specific IP addresses
Is there any way to configure tomcat to enable its services (HTTP request/responses ) to specific IP address(s) only? I'm sure you can do something like Apache's: Deny From All Allow From ip address ... but that would require a restart. Programmatically, you can do this by poking the allowed ip address into the application scope and then checking the ip address of each request against that address; reject those that don't match. (Please see the past 24 hours of discussions about IP blocking, AOL/corporate users, etc.). Just remember that you might want to have the ip changer servlet be unprotected, or your could lock yourself out very easily :) -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 binary for Apache 2.0.47/Win
Hi Asif, thanks for your answere. I didn't try the module with the non-matching number. In fact, it does load. I read it several times, so I didn't question this. However, are you sure you do not have a jk2.properties file in your Tomcat /conf? The mod_jk2 documentation suggests there should be two file. -Florian Asif Chowdhary wrote: Hi, Apache 2.0.47 will work with mod_jk2 connector. I have it working on my machine. In apache httpd.conf LoadModule jk2_module modules/mod_jk2.dll (I named it mod_jk2.dll) workers2.properties file in your apache2/conf/ directory #For the first tomcat listening on port 8009 First instance of Web Services listening on port 9000 [channel.socket:machine1:8009] info=Ajp13 forwarding over socket debug=20 tomcatId=tomcat1 #Load Balancing Tomcat on port 9000 lb_factor=20 #Second tomcat on machine 2 port 9300 #[channel.socket:machine2:8009] #info=Ajp13 forwarding over socket debug=20 #tomcatId=tomcat2 #Load Balancing tomcat port 9300 lb_factor=10 [status:] info=Status worker,displays run time informations [uri:/jkstatus/*] info=Displaystatusinformationandcheckstheconfigfileforchanges. group=status: [uri:/examples/*] info=Examplewebappinthedefaultcontext. context=/examples debug=20 #Configure the shared memory file [shm] file=C:/apache/apache2/logs/shm.file size=1048576 debug=0 #End of Workers2.properties. In server.xml !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler / Engine name=Standalone defaultHost=localhost debug=0 jvmRoute=tomcat1 This is all you need to configure Asif -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: Tomcat Users List Subject: mod_jk2 binary for Apache 2.0.47/Win Hi, I am trying to integrate Tomcat with Apache2 via the mod_jk2 module and CoyoteConnector on the Java side. Nothing experimental here, so far. Problem is 1) the module needs to be compiled against exactly the same Apache version into which it is to be deployed later 2) the only binary Apache2 is 2.0.47 3) the only binary mod_jk2 is against 2.0.43 4) I don't have a MSVC compiler suite 5) The jakarta-connector documents say that only MSVC is possible, so I conclude MinGW or Cygwin won't be helpful here If anybody could point me to a solution to this it would be very helpful. Thanks and regards, -Florian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking and tying session to IP address with filter
On 10/28/2003 01:49 PM Morgan Pyne wrote: And I actually find it a bit disturbing that in this day and age of somebody would be called anal about security for simply implementing their website via SSL :-) - I would consider this to be a minimum requirement and only the first step for any website remotely interested in security. I wouldn't say just simply implementing their website via SSL - there are costs involved, both tangible in terms of server CPU and intangible in terms of the whole impression the website gives, as I mentioned earlier. A website company, i.e. me, has only a finite amount of resources to spread around the various areas. Security is obviously right up there, but session-hijacking pales into the background compared with other attacks the website or the server might come under. Maybe the comment about being anal was misplaced for others who have someone else to worry about the server security, but I've got to invest time and effort into firewalls, backups, databases, realms etc etc too. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TeraData DataSource
Ken, Has anyone been able to connect to a TeraData datasource using thier driver? I'm getting the following error. Did this exception have a caused by stack trace along with it? No suitable driver. The TeraData .jar file is in the common/lib folder. Sorry for my ignorance, but this is a DataSource *and* a JDBC driver all wrapped up in one? What does your DataSource config look like -- you're creating it using server.xml entries, no? The only thing I can think of is that you've misspelled or otherwise mistyped the classname of the JDBC driver. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 binary for Apache 2.0.47/Win
No I dont have that file in the conf directory. The documentation is very confusing. It works fine -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 10:56 AM To: Tomcat Users List Subject: Re: mod_jk2 binary for Apache 2.0.47/Win Hi Asif, thanks for your answere. I didn't try the module with the non-matching number. In fact, it does load. I read it several times, so I didn't question this. However, are you sure you do not have a jk2.properties file in your Tomcat /conf? The mod_jk2 documentation suggests there should be two file. -Florian Asif Chowdhary wrote: Hi, Apache 2.0.47 will work with mod_jk2 connector. I have it working on my machine. In apache httpd.conf LoadModule jk2_module modules/mod_jk2.dll (I named it mod_jk2.dll) workers2.properties file in your apache2/conf/ directory #For the first tomcat listening on port 8009 First instance of Web Services listening on port 9000 [channel.socket:machine1:8009] info=Ajp13 forwarding over socket debug=20 tomcatId=tomcat1 #Load Balancing Tomcat on port 9000 lb_factor=20 #Second tomcat on machine 2 port 9300 #[channel.socket:machine2:8009] #info=Ajp13 forwarding over socket debug=20 #tomcatId=tomcat2 #Load Balancing tomcat port 9300 lb_factor=10 [status:] info=Status worker,displays run time informations [uri:/jkstatus/*] info=Displaystatusinformationandcheckstheconfigfileforchanges. group=status: [uri:/examples/*] info=Examplewebappinthedefaultcontext. context=/examples debug=20 #Configure the shared memory file [shm] file=C:/apache/apache2/logs/shm.file size=1048576 debug=0 #End of Workers2.properties. In server.xml !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler / Engine name=Standalone defaultHost=localhost debug=0 jvmRoute=tomcat1 This is all you need to configure Asif -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: Tomcat Users List Subject: mod_jk2 binary for Apache 2.0.47/Win Hi, I am trying to integrate Tomcat with Apache2 via the mod_jk2 module and CoyoteConnector on the Java side. Nothing experimental here, so far. Problem is 1) the module needs to be compiled against exactly the same Apache version into which it is to be deployed later 2) the only binary Apache2 is 2.0.47 3) the only binary mod_jk2 is against 2.0.43 4) I don't have a MSVC compiler suite 5) The jakarta-connector documents say that only MSVC is possible, so I conclude MinGW or Cygwin won't be helpful here If anybody could point me to a solution to this it would be very helpful. Thanks and regards, -Florian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Why not to create threads?
Why should I be avoiding creating my own threads in a web application? I have a couple of scheduled components, and I'm not sure how else I would implement them. Chris -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: 28 October 2003 15:53 To: Tomcat Users List Subject: Re: Number of processes and relationship to mod_jk, Apache, tomcat snip If you avoid creating your own threads in your web application (which you should be avoiding anyway), you're generally okay. /snip The information in this e:mail and any attachments or any reproduction of this e:mail in whatever manner is confidential and for the use of the addressee(s) only. If you are not the addressee then the distribution, use or reproduction of this e:mail or the information within it is strictly prohibited and may be unlawful. If received in error please advise the sender and delete all record of it from your system. Although believed to be virus free, accurate and complete, responsibility for any loss or cost arising from its receipt or use or its incomplete or inaccurate transmission is hereby excluded to the fullest extent possible. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Why not to create threads?
Howdy, Why should I be avoiding creating my own threads in a web application? I have a couple of scheduled components, and I'm not sure how else I would implement them. It's OK to create and use threads as long as you're careful for synchronization issues. Threads are a powerful construct when used by able developers but can cause very difficult problems to diagnose/debug if not used carefully. You should probably not write threading utilities from scratch. Instead, use something like Doug Lea's concurrent library, http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/int ro.html, which will be part of the JDK 1.5 release. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache cannot load jk2 (bis)
Looks like you are trying to use the module built for Apache 1.3.27 with an Apache 2 web server. Try using the mod_jk2-2.0.43.dll binary instead. Jonathan On Tue, 28 Oct 2003, Jean-Max Estay wrote: Hello, I use the ${Apache2} in this mail for the path of my apache install directory. Using mod_jk2-1.3.27.dll to connect Apache2 (2.0.47 win 32) on Windows XP Pro and Tomcat 4.1.27 on the same host, The file mod_jk2-1.3.27.dll is in ${Apache2}/modules After creating the files stdout.log, stderr.log, jk2.shm,workers2.properties Apache is running OK on port 80, Tomcat OK on 8080 When adding at the end of the Apache config file httpd.conf the lines IfModule !mod_jk2.c LoadModule jk2_module modules/mod_jk2-1.3.27.dll /IfModule I have, when testing the apache config, the error message JK2 : Cannot load ${Apache2}/modules/mod_jk2-1.3.27.dll into server: Le module spécifié est introuvable. (the required module was not found) After reading many and many Howto, news and html pages, I don't find the solution. I try by changing the name to mod_jk2.dll (in both, http.conf and file system). I have administration rigths. SSL module is not loaded Who can help me ? Dr Jean-Max Estay [EMAIL PROTECTED] http://www.ima.uco.fr/personnes/estay Institut de Mathématiques Appliquées Université Catholique de l'Ouest 44,46 rue Rabelais BP 808 49008 ANGERS Cedex 01 France tel +33 2 41 81 67 05 fax +33 2 41 81 67 00 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Replicating Application variables
Howdy, We have a web application with multiple sub-systems . viz. , Order Processing, Inventory Management etc., I need a way to isolate each of these sub-systems. Why don't you make them separate webapps? What are the advantages of having separate webapps? We have a clustered environment and I need a way to replicate an application session across the multiple servers. The advantages or disadvantages of breaking a large webapp into multiple smaller one depend on the webapp itself. If the subsystems you describe can operate fairly independently of each other, they can be broken apart for additional scalability and availability: it's easier to scale a small application. If, however, the multiple subsystem are really just tightly integrated classes, you're probably better off leaving them together. Clustering products like Filip Hanik's will replicate sessions for you: http://www.filip.net/tomcat/tomcat-javagroups.html Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why not to create threads?
Because the appliction server does this for you. If you interfere by using your own threads you could break stuff... (it's a spec violation too). Also you should use an application server for scheduling components. (We use JBoss MXBeans for this purpose). Regards, Harm de Laat Informatiefabriek The Netherlands Walker Chris [EMAIL PROTECTED] 10/28/2003 05:05 PM Please respond to Tomcat Users List [EMAIL PROTECTED] To 'Tomcat Users List' [EMAIL PROTECTED] cc Subject Why not to create threads? Why should I be avoiding creating my own threads in a web application? I have a couple of scheduled components, and I'm not sure how else I would implement them. Chris -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: 28 October 2003 15:53 To: Tomcat Users List Subject: Re: Number of processes and relationship to mod_jk, Apache, tomcat snip If you avoid creating your own threads in your web application (which you should be avoiding anyway), you're generally okay. /snip The information in this e:mail and any attachments or any reproduction of this e:mail in whatever manner is confidential and for the use of the addressee(s) only. If you are not the addressee then the distribution, use or reproduction of this e:mail or the information within it is strictly prohibited and may be unlawful. If received in error please advise the sender and delete all record of it from your system. Although believed to be virus free, accurate and complete, responsibility for any loss or cost arising from its receipt or use or its incomplete or inaccurate transmission is hereby excluded to the fullest extent possible. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why not to create threads?
Chris, Why should I be avoiding creating my own threads in a web application? I have a couple of scheduled components, and I'm not sure how else I would implement them. I realize ther sometimes it's just necessary, so I'm not trying to tell you that you're wrong for creating threads. That being said... First, HTTP is a connectionless protocol. We've only invented the concept of the session to get around this feature. All transactions should take place within the request-response model. That doesn't work for all web sites, so we use sessions. Fine. Second, managing your own threads within a servlet-type of environment is tough. You have to make sure that you don't create too many threads, or that they don't take up too much processing time, that you don't lose track of them, etc. You appear to have a very domesticated daemon thread that's almost unrelated to responding to requests, no? Third, the J2EE EJB specification for Enterprise JavaBeans specifically forbids it. You aren't supposed to be creating your own threads because you're not suppsosed to know where your code is running. Sure, on one machine, it's running right there, in the same VM you thought it was going to start in. However, in a clustered environment, your code may be running on a completely different server. There's actually a lot of fascism when it comes to the EJB spec. Among other things, you're not supposed to do any of the following: - Create your own threads - Instantiate any of the classes in the java.io package directly Now, I know that not everyone is running an EJB container, and that J2EE is a ton of specifications and services, of which EJB is only one (flamebaitand a poor one at that :)/flamebait). But the fact that many servlet-based applications end up going the way of the EJB, you might want to play by their rules if you can. Note also that if you have a Servlet container that merely connects to an EJB container then you are not bound to these restrictions. However, many EJB containers also act as servlet containers, and they may impose these restrictions across the board. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Form Double Submit Detection
Yes you can, but the only safe way is to synchronize on an object inside the session, not the session itself. Or to synchronize on a more global object (but this is not recommended as this might not scale well for sites with many users) -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 11:56 AM To: Tomcat Users List Subject: Re: Form Double Submit Detection without ever giving it much thought. Does that mean that you can never have exclusive access to your own session? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Hey man, long not see you
*** Gustavo Cebrian Quality Manager Want to improve the ROI on your EAI project? Download RV Tester and reduce your development and testing timescales by as much as 50%. http://www.greenhatconsulting.com/rvtester Green Hat Consulting Ltd. 107 Fleet Street, London EC4A 2AB DDI +44 (0)20 7936 9495 Mobile +44 (0)7788 922291 http://www.greenhatconsulting.com [EMAIL PROTECTED] *** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 28 October 2003 12:46 To: [EMAIL PROTECTED] Subject: Hey man, long not see you - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session exclusivity (was Form Double Submit Detection)
Ralph, Does that mean that you can never have exclusive access to your own session? Yes you can, but the only safe way is to synchronize on an object inside the session, not the session itself. Well, not always. Because of threading and memory issues with the JVM, one thread might put something into the session, but another thread cannot see that new data, yet. On the other hand, one thread could be in the process of putting something in the session, and the second thread could think that it's a valid object, when it might not be. (Stupid JVM relativity... :) Does a synchronized block constitute a complete memory boundary? Must the thread sync everything with main memory? I thought it only had to synchronize the data associated with the monitor itself. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Why not to create threads?
Howdy, The rest of the message aside, I had an only partially related question: (flamebaitand a poor one at that :)/flamebait). But the fact that many servlet-based applications end up going the way of the EJB, you might want to play by their rules if you can. Can you quote research that shows a large percentage of servlet-based applications are eventually migrated to be EJB applications? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why not to create threads?
You are allowed to create your own threads. But there are restrictions and limitations for user created threads such as ... - They should not touch Request and Response objects - The should be able to know when the servlet container stops if non-daemon so the jvm may gracefully terminate - If daemon - have a quick shutdown(or appropriate) since the container may shutdown the moment all threads are done with their service() method (I probably got this wrong, but the spec describes this better) - High perfomance containers are allowed to restrict thread creation - All of the fun concurrency issues -Tim [EMAIL PROTECTED] wrote: Because the appliction server does this for you. If you interfere by using your own threads you could break stuff... (it's a spec violation too). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why not to create threads? (OT)
Yoav, The rest of the message aside, I had an only partially related question: (flamebaitand a poor one at that :)/flamebait). But the fact that many servlet-based applications end up going the way of the EJB, you might want to play by their rules if you can. Can you quote research that shows a large percentage of servlet-based applications are eventually migrated to be EJB applications? I only said many, not a large percentage. I'm sure there's been more than one :) Honestly, I'm not willing to conduct such a study and I was shooting my mouth off. Sometimes, servlet-based apps move to EJB containers. If that's your case, you might want to avoid creating your own threads. To be safe no matter what, I avoid creating new ones at many (not all) costs. There's more than one way to do it (don't tell any of the Perl peeps out there that I'm stealing their line). -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Scheduling Session clean up in a clustered environment
Howdy, I want to schedule a session clean up in a tomcat 5.1 clustered environment. How can i go about doing so? My main concern is, will there be a conflict in the clean up as all the nodes in the cluster could start doing the clean up. Is there a concept of primary node in clustering from which we could manage such admin tasks. Karthik Duddala Developer - Web Team Commerce Technologies Ph. 518-886-0700 x. 3881 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 binary for Apache 2.0.47/Win
Hi Asif, I get it up and running, finally. Many thanks for your help. I wonder: you don't know of a resource on configuring this strange animal, workers2.properties, by any chance? I found my current configuration by rather poking in the fog, tweaking your file here and there. This is not the most predictable of all methods, perhaps. Regards, -Florian Asif Chowdhary wrote: No I dont have that file in the conf directory. The documentation is very confusing. It works fine -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 10:56 AM To: Tomcat Users List Subject: Re: mod_jk2 binary for Apache 2.0.47/Win Hi Asif, thanks for your answere. I didn't try the module with the non-matching number. In fact, it does load. I read it several times, so I didn't question this. However, are you sure you do not have a jk2.properties file in your Tomcat /conf? The mod_jk2 documentation suggests there should be two file. -Florian Asif Chowdhary wrote: Hi, Apache 2.0.47 will work with mod_jk2 connector. I have it working on my machine. In apache httpd.conf LoadModule jk2_module modules/mod_jk2.dll (I named it mod_jk2.dll) workers2.properties file in your apache2/conf/ directory #For the first tomcat listening on port 8009 First instance of Web Services listening on port 9000 [channel.socket:machine1:8009] info=Ajp13 forwarding over socket debug=20 tomcatId=tomcat1 #Load Balancing Tomcat on port 9000 lb_factor=20 #Second tomcat on machine 2 port 9300 #[channel.socket:machine2:8009] #info=Ajp13 forwarding over socket debug=20 #tomcatId=tomcat2 #Load Balancing tomcat port 9300 lb_factor=10 [status:] info=Status worker,displays run time informations [uri:/jkstatus/*] info=Displaystatusinformationandcheckstheconfigfileforchanges. group=status: [uri:/examples/*] info=Examplewebappinthedefaultcontext. context=/examples debug=20 #Configure the shared memory file [shm] file=C:/apache/apache2/logs/shm.file size=1048576 debug=0 #End of Workers2.properties. In server.xml !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler / Engine name=Standalone defaultHost=localhost debug=0 jvmRoute=tomcat1 This is all you need to configure Asif -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: Tomcat Users List Subject: mod_jk2 binary for Apache 2.0.47/Win Hi, I am trying to integrate Tomcat with Apache2 via the mod_jk2 module and CoyoteConnector on the Java side. Nothing experimental here, so far. Problem is 1) the module needs to be compiled against exactly the same Apache version into which it is to be deployed later 2) the only binary Apache2 is 2.0.47 3) the only binary mod_jk2 is against 2.0.43 4) I don't have a MSVC compiler suite 5) The jakarta-connector documents say that only MSVC is possible, so I conclude MinGW or Cygwin won't be helpful here If anybody could point me to a solution to this it would be very helpful. Thanks and regards, -Florian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 binary for Apache 2.0.47/Win
There is tomcat book from Oreilly which is very helpful. I am using that Tomcat the Definite guide. Asif -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 11:59 AM To: Tomcat Users List Subject: Re: mod_jk2 binary for Apache 2.0.47/Win Hi Asif, I get it up and running, finally. Many thanks for your help. I wonder: you don't know of a resource on configuring this strange animal, workers2.properties, by any chance? I found my current configuration by rather poking in the fog, tweaking your file here and there. This is not the most predictable of all methods, perhaps. Regards, -Florian Asif Chowdhary wrote: No I dont have that file in the conf directory. The documentation is very confusing. It works fine -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 10:56 AM To: Tomcat Users List Subject: Re: mod_jk2 binary for Apache 2.0.47/Win Hi Asif, thanks for your answere. I didn't try the module with the non-matching number. In fact, it does load. I read it several times, so I didn't question this. However, are you sure you do not have a jk2.properties file in your Tomcat /conf? The mod_jk2 documentation suggests there should be two file. -Florian Asif Chowdhary wrote: Hi, Apache 2.0.47 will work with mod_jk2 connector. I have it working on my machine. In apache httpd.conf LoadModule jk2_module modules/mod_jk2.dll (I named it mod_jk2.dll) workers2.properties file in your apache2/conf/ directory #For the first tomcat listening on port 8009 First instance of Web Services listening on port 9000 [channel.socket:machine1:8009] info=Ajp13 forwarding over socket debug=20 tomcatId=tomcat1 #Load Balancing Tomcat on port 9000 lb_factor=20 #Second tomcat on machine 2 port 9300 #[channel.socket:machine2:8009] #info=Ajp13 forwarding over socket debug=20 #tomcatId=tomcat2 #Load Balancing tomcat port 9300 lb_factor=10 [status:] info=Status worker,displays run time informations [uri:/jkstatus/*] info=Displaystatusinformationandcheckstheconfigfileforchanges. group=status: [uri:/examples/*] info=Examplewebappinthedefaultcontext. context=/examples debug=20 #Configure the shared memory file [shm] file=C:/apache/apache2/logs/shm.file size=1048576 debug=0 #End of Workers2.properties. In server.xml !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler / Engine name=Standalone defaultHost=localhost debug=0 jvmRoute=tomcat1 This is all you need to configure Asif -Original Message- From: Florian Ebeling [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: Tomcat Users List Subject: mod_jk2 binary for Apache 2.0.47/Win Hi, I am trying to integrate Tomcat with Apache2 via the mod_jk2 module and CoyoteConnector on the Java side. Nothing experimental here, so far. Problem is 1) the module needs to be compiled against exactly the same Apache version into which it is to be deployed later 2) the only binary Apache2 is 2.0.47 3) the only binary mod_jk2 is against 2.0.43 4) I don't have a MSVC compiler suite 5) The jakarta-connector documents say that only MSVC is possible, so I conclude MinGW or Cygwin won't be helpful here If anybody could point me to a solution to this it would be very helpful. Thanks and regards, -Florian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session exclusivity (was Form Double Submit Detection)
To be honest, I'm not shure. As I'm currently not really using tomcat (or another servlet conainer that works with session facades) I have not thought or tried enough to be shure. For those who want to be very shure, there is still the option to synchronize on something outside of the session. BTW: In my version of tomcat (4.0.3) jasper generates code for the jsp's that synchronizes on the session to access session attributes. Is the current version doing the same ? (Just define a session bean in a jsp and have a look at the source in the work dir ) -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 5:37 PM To: Tomcat Users List Subject: Session exclusivity (was Form Double Submit Detection) Well, not always. Because of threading and memory issues with the JVM, one thread might put something into the session, but another thread cannot see that new data, yet. On the other hand, one thread could be in the process of putting something in the session, and the second thread could think that it's a valid object, when it might not be. (Stupid JVM relativity... :) Does a synchronized block constitute a complete memory boundary? Must the thread sync everything with main memory? I thought it only had to synchronize the data associated with the monitor itself. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JSP generated HTML code squashed in one line
Hi, we have a problem here that looks pretty strange to us. We have extensively searched the mail archive and we googled a lot, but found no suitable information. Should we nevertheless ask something obvious, please forgive us. Here is the problem: Tomcat 4.0.6 LE generates HTML pages with a lot of the code compressed into a single line, when running on *some* machines under Windows XP. That is, the first line of the generated HTML is very long. This appears to confuse MSIE: We see lots of runtime exceptions regarding missing closing braces (}). On another machine, running Windows 2000, an apparently identical installation works just fine. No such runtime errors. We found another difference in the work directory tree. The filenames of the servlets on the Win XP machines start with _0002 and contain this string a number of times each. On the Win2k computer we have just jspname$jsp.java as the name of the generated servlet. We don't know, if the two phenomena are connected, and we are absolutely clueless what the differences are caused by. If anyone of could give us a hint of how to make the Win XP installations work as properly as the Win2k instance, your help will be greatly appreciated! Our environments are: Windows 2000 (works fine) and Windows XP (sucks), J2SDK 1.4.2_01 from Sun and Tomcat 4.0.6 LE. Many thanks in advance! Regards Peter Bär - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 binary for Apache 2.0.47/Win
Jean-Max, I was wrong assuming that one needs a mod_jk2 needs to bear the exactly same version number as the Apache2. I didn't even give it a try, because I read it at several places in the apache docs. I got mod_jk2 running now, with kind assistance of Asif Chowdhary, as you probably hab been able to read in the list. I installed the mod_jk2-2.0.43.dll in apache/modules. Here is what I put into the diffrent config files: httpd.conf: just one single row like this: LoadModule jk2_module modules/mod_jk2-2.0.43.dll Then I added a worker2.properties in Apache/conf/ like this: [logger] level=DEBUG file=c:/programme/apache group/apache2/logs/jk2.log [config] file=c:/programme/apache group/apache2/conf/workers2.properties debug=0 debugEnv=0 # Shared memory handling. Needs to be set. [shm] file=c:/programme/apache group/apache2/logs/shm.file size=1048576 debug=0 #disabled=0 [channel.socket:localhost:8010] port=8010 host=127.0.0.1 debug=0 # Example socket channel, explicitly set port and host. # [channel.socket:localhost:8009] # port=8009 # host=127.0.0.1 # Example UNIX domain socket # [channel.un:/usr/local/tomcat/work/jk2.socket] # tomcatId=localhost:8009 # debug=0 # define the worker [ajp13:localhost:8010] #channel=channel.un:/usr/local/pds/tomcat/work/jk2.socket # To use the TCP/IP socket instead, just comment out the above # line, and uncomment the one below channel=channel.socket:localhost:8010 # define the worker # Announce a status worker # Uri mapping [uri:/examples/*] worker=ajp13:localhost:8010 [uri:/javaroom/*] worker=ajp13:localhost:8010 [status:status] [status:] info=Status worker,displays run time informations [uri:/jkstatus/*] info=Display status information and checks the config file for changes. worker=status:status [uri:/status/*] worker=status:status # end of workers2.properties Finally, I configured this Connector in the Tomcat server.xml: --- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8010 minProcessors=5 maxProcessors=250 acceptCount=10 debug=0 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler / I hope this helps you get it running. Regards, -Florian Jean-Max Estay wrote: Florian, What a good news ! And where did you find this specif. ? Many many many thanks And much more thanks [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.ima.uco.fr/personnes/estay Institut de Mathematiques Appliquees Universite Catholique de l'Ouest 44,46 rue Rabelais BP 808 49008 ANGERS Cedex 01 France tel +33 2 41 81 67 05 fax +33 2 41 81 67 00 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 JBoss
[EMAIL PROTECTED] wrote: Is there any way to run JBoss with Tomcat 5 instead of 4.1.27? I'm using JBoss 3.2.2. I would like to switch to 5 because of the hotswap debugging feature. You have to get the source, and build. There will be a TC 5 SAR in the output dir for the Tomcat module. Using it is not straightforward, though: - you have to replace the servlet JSP API JARs in lib - you should add commons-logging to your system classpath to avoid problems -- x Rémy Maucherat Senior Developer Consultant JBoss Group (Europe) SàRL x - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Source of JSP returned to user
Or download JDK 1.4.2_02 (the bug has been fixed in _02) -- Jeanfrancois Larry Isaacs wrote: Since JDK 1.4.2 is being used, try the workaround specified for (you will need to register to see the bug): http://developer.java.sun.com/developer/bugParade/bugs/4895132.html which is: Specify -Dsun.io.useCanonCaches=false to the JVM. Or, try JDK 1.4.1 which doesn't have the cannon cache feature. HTH. Larry P.S. Partial bug description from the bug report above: For an existing file, getCanonicalPath() sometimes can produce a pathname whose case doesn't match that of the existing file's pathname. This doesn't matter in terms of being able to access the file, but it appears that some applications, such as TomCat, depend on getting the correct case. Sometimes the answer for the same input is inconsistent. -Original Message- From: Jon O'Sullivan [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: '[EMAIL PROTECTED]' Subject: Source of JSP returned to user Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon __ __ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com __ __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]