Re: [OT] HTTP Sniffers
Whenever I need to see the actual HTTP messages (which is pretty often, as it turns out), I use an HTTP proxy logger to do it. My favorite, for it's simplicity, is zproxy: http://www.zaval.org/products/proxy/download/ At 12:17 PM 12/15/2004, you wrote: Considering this is a pretty knowledgable group is there a good free HTTP Sniffer application I can use, I need to see what the HTTP headers are returning on my site. __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: Tomcat mailing list is full of non tomcat topics
Personally, it seems like truly off-topic messages get tagged pretty quickly on this list. I think that's a reasonable solution to handle this problem. As for the *root* of the problem, the VAST majority of questions come from novice users who, predictably, don't know the difference between a Tomcat question and Servlet/JSP question. For most people, there *is* no difference. From that standpoint, it's artificial to say that some questions are Tomcat ones and others aren't -- they are all Tomcat-related and, as such, I feel like this is an appropriate place to address them. IMHO, asking a novice user to take it elsewhere would be a fairly cruel thing to do to an already confused and potentially frustrated user. That said, lengthly threads that banter about the merits of various JSRs and specs clearly don't belong here and should either be relocated or (more likely), marked OT. justin At 06:56 PM 12/8/2004, you wrote: On Wed, 2004-12-08 at 17:41, Roberto Cosenza wrote: I'm not talking about moderating but about informing the users that this is not the right place. Many important (and related) question do not get enough attention in this sea of messages. /rob I think this page: http://jakarta.apache.org/site/mail.html does that. Specifically here: Join the lists that are appropriate for your discussion. Please make sure that you are joining the list that is appropriate for the topic or product that you would like to discuss. For example, please do not join the Regexp mailing list and ask questions about Tomcat. Instead, you should join the Tomcat User list and ask your questions there. And here: http://www.catb.org/~esr/faqs/smart-questions.html It is also customary on this list, as it is on others, to begin the subject of your post with [OT] or [OFF TOPIC] for threads, like this one, that don't deal directly with Tomcat issues. This allows people who don't want to wade through off topic discussions to skip right by them. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Delivering JSPs without source
At 09:11 PM 11/30/2004, you wrote: It would seem that if a web page request comes in for a .jsp page, Tomcat would have no file to compare the date against in your scheme of putting the compiled .jsp page in a .jar file only. This is only done for non-compiled jsp files that are served by the JspServlet (mapped to *.jsp in the global web.xml). When the jsps are precompiled, the servlets they become are mapped in your own web.xml, meaning they are treated *exactly* like servlets and no date, compiling, or other shenanigans are done. How do most companies deploy their web applications? Do they include the source code for the jsps? Almost all of the companies I have worked for have been very protective of their source code and won't allow it to be released. I'm still not clear as to why you have to put your compiled JSPs in common/lib. I understand that some of your classes much be there, but why won't you split your classes into multiple jars? The normal way this is done is to precompile the jsps, bundle them into /WEB-INF/lib/myapp-jsp-compiled.jar, bundle the majority of your POJO to /WEB-INF/lib/myappcore.jar, and bundle your container service implementation classes (custom realms, valves, anything the main classloader needs) into /common/lib/app-container.jar. Will this not work in your case? justin __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Delivering JSPs without source
Hi Steve, Hopefully I read your question right. There is no reason why your app wouldn't be able to find classes from a jar in common/lib -- there's something else going on here. Do you have duplicate copies of these classes anywhere? Do these classes rely on other classes found only in the /webapp/WEB-INF/lib jars or /webapp/WEB-INF/classes? This particular issue aside, there's no good reason why you should have to place your JSPs in common/lib. If there are other classes in your jar which have to be there (custom realm impl, for example), then break those out into a separate jar and keep your compiled JSPs in a separate jar in WEB-INF/lib. ... and if you find that your realm is being somehow implemented in the JSP, you know you're really screwed. :) justin At 03:32 PM 11/29/2004, you wrote: We have a web application that uses jsps. We want to deliver the application to the customer without source for the jsps. We have done this in the past by putting all of the compiled jsps into a jar file. Recently we had to move the application jar files from webapps/appname/WEB-INF/lib to common/lib because we implemented our own realm which uses our object repository; since it has to be installed in server/lib, the code for the repository cannot be installed under the web application directory. When the application is installed in common/lib it is not able to load the compiled jsp files. They are installed in common/lib/. Does anyone have an idea about why these classes are not visible? Thanks, --Steven - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Response and file downloads
Luc, At 11:42 AM 11/1/2004, you wrote: I am having a wee problem with using the response. I have a form on a page, with a submit button to download a file. That file is being pulled from a database and pushed to the response. The problem I am having, I just used that response to submit the page, so I am getting and IllegalStateException, even though it is still pushing the file to the browswer I also want to be able to send a redirect after the file is downloaded (so I can refresh the page so the form submit page is regenerated, since we are using a string to determine unique submits are only coming from the pages we generated, and not the browser address bar) Can we get a new response from the session variable (the one available to jsp writing) to send the file, then get another new response to perform a redirect Basically I want to be able to do something like the form submits, and passes to the applications perform methods through the jsp catching the submit response = new Response response.sendFile response = new Response response.sendRedirect (yes I know those are not actual methods and classes, just trying to explain what I want) Your understanding of how, exactly, the http protocol works is incorrect. Because it is a (single) request, (single) response protocol, what you're asking for cannot be done. It seems like what you want is for a user to fill out a form, click submit, then be presented with a new, fresh, form again ... with the file download on the side. If you have determined that you absolutely want this behavior (it's atypical, so doing it won't be particularly robust), consider programmatically opening another browser window on form submit from which the download will happen ... and reload your form in your main browser window. This will, of course, subject you to any headaches associated with javascipt window opening. justin __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Response and file downloads
At 12:17 PM 11/1/2004, you wrote: I am not sure what you are refering to as atypical or robustness... I meant to say that you could approximate the behavior you were asking for (dual response), but doing so would be hackish. How do other sites generate files on the fly (take it out of a database, or a report just run), on form submit, and send them down the line and not run into this problem? Like fzlists said, you'll see most sites load a page in response to a download request which either provides a link which the user can click on to download the binary content (right click, save as in IE), or that scripts the browser to automatically begin downloading. This is how CNet, Yahoo, and others do this. I see many people posting many places on the net that they are using the response to send a file, a lot of them are getting this IllegalState, but I never really found a followup solution that really fit my needs. Why would the possibility exist to push a file through the response if it leaves you with the ability to go nowhere after? If your browser submits a request and the response is a mp3 (through either URL inspection or Content-Disposition header), the browser will prompt the user to Save/Open/Run/whatever the file (and won't try to display it). Once the file has been saved, it will leave you at the original page from which the file was requested. Point being that after you push binary content through the response, it leaves you with whatever the previous page's options were ... there's really no contradiction in doing so. justin -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: Monday, November 01, 2004 2:56 PM To: Tomcat Users List Subject: Re: Response and file downloads Luc, At 11:42 AM 11/1/2004, you wrote: I am having a wee problem with using the response. I have a form on a page, with a submit button to download a file. That file is being pulled from a database and pushed to the response. The problem I am having, I just used that response to submit the page, so I am getting and IllegalStateException, even though it is still pushing the file to the browswer I also want to be able to send a redirect after the file is downloaded (so I can refresh the page so the form submit page is regenerated, since we are using a string to determine unique submits are only coming from the pages we generated, and not the browser address bar) Can we get a new response from the session variable (the one available to jsp writing) to send the file, then get another new response to perform a redirect Basically I want to be able to do something like the form submits, and passes to the applications perform methods through the jsp catching the submit response = new Response response.sendFile response = new Response response.sendRedirect (yes I know those are not actual methods and classes, just trying to explain what I want) Your understanding of how, exactly, the http protocol works is incorrect. Because it is a (single) request, (single) response protocol, what you're asking for cannot be done. It seems like what you want is for a user to fill out a form, click submit, then be presented with a new, fresh, form again ... with the file download on the side. If you have determined that you absolutely want this behavior (it's atypical, so doing it won't be particularly robust), consider programmatically opening another browser window on form submit from which the download will happen ... and reload your form in your main browser window. This will, of course, subject you to any headaches associated with javascipt window opening. justin __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to deny .jsp execution within an upload directory
For robust installations, this problem is a non-issue due to JSP precompilation. Everyone's situation is different, of course, but it is generally much more secure to precompile your JSPs and disable the dynamic compilation of new ones. justin At 03:25 PM 10/29/2004, you wrote: The easiest way to do this would be to create a filter on that directory. The filter would either deny access - of it would get the default servlet via the ServletContext.getNamedDispatcher() and then perform a forwards(). -Tim Chris Lawder wrote: Hello, Can somebody please point me to documentaion and examples that describe how to disallow the execution of .jsp or any other scripts/binaries within a single directory of a webapplication? Part of the web app, is being allowed to upload reports which can then be read and downloaded by another. At this time I can upload a .jsp file and it will run in that directory. I have found much stuff on SecurityManager and syntax within the catalina.policy file but nothing yet that really explains to me what I need to do to accomplish what I described above. My attempts so far at proper catalina.policy systax have not worked. This is a pure tomcat environment running Tomcat 4.1.30 at this time. Other comments regarding the proper use of an upload directory and it's security are welcome. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: request.getSession(false) randomly returns null in servlet
Mark, Check the session id that is included in the request (getRequestedSessionId) and verify that this sessionid is ALWAYS identical to the one used when the session was created. More than likely, you'll find this is not the case. If you're convinced that the sessionid is found at one moment and not at another, try to find a way to reproduce it and then post that to the list. There's a 99% chance something is wrong with your code and/or the client's response causing the behavior you're seeing. The fact that you're seeing it with one particular servlet (presumably one type of use case) makes it even more likely. justin At 09:14 AM 10/12/2004, you wrote: Hi David, Thanks for reply but I guess I need something else. All answers to your suggested situation are negative. Answers included in your message. --- David Wall [EMAIL PROTECTED] wrote: Is it possible that your session has ended (too long between requests)? nope, another servlet get session with no problem. and after few minutes servlet is null problem just works fine. Check how long you have configured sessions to be active (in web.xml). Is it possible you are losing the encoded session ids (if cookies are not being used)? It's easy to miss an encoded URL on a page for get/post and thus lose the session id on the next request. Then again, I've seen bugs before in which cookies are quite reliable, but encoded URLs don't always seem to work. I do encode URL just in case, but Cookie is used on client side(browser). When I look at the source page URL is not encoded. David Any other ideas? - Original Message - From: Mark [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 12, 2004 8:36 AM Subject: request.getSession(false) randomly returns null in servlet Hi All, I have unstable behavior in my web application when I try to get HttpSession. The problem is that the following code randomly returns _null_ for HttpSession. But next http request from different servlet using the same code is fine. and when I call servlet with problem I've got null again. Interesting, that if I wait for few minutes, this problem does not exists: I'm getting a session object with no problems Here the code: -- cut -- public void doPost( HttpServletRequest req, HttpServletResponse resp ) throws IOException, ServletException { String cPath = req.getContextPath(); HttpSession ses = req.getSession(false); /* ... ses is null sometimes ;(*/ - end cut Please note that I use req.getSession(true) in the login servlet and DO know that session is created. Tech spec: Software: tomcat 5.0.24 on Redhat FS2 Hardware: AMD 2700+, 512Mb, 120 GB HDD. Any comments and suggestions are welcome. Thanks, Mark. __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Webapp upgrades and browser caching
I'm looking for some advice about how to handle the following situation. (1) Apache 2.x in front of Tomcat 5.x (2) Deploy new web application. Bunch of servlets, bunch of jsps, bunch of static content (mainly js, css). (3) Many users use the application, during which time their browsers cache lots of static content (4) We do a major version upgrade of the webapp, including (almost) all new static content, but URLs stay the same (to alleviate bookmark-maintenance requirements). The problem arises when the browsers continue to use their cached version of the static content. Now, the browsers eventually get updated, but immediately after deployment there are huge numbers of graphical and functional (js files) problems. It seems like behavior in this area is widely different amongst browsers and/or their settings. I have only come up with the following option: (1) Play with URLs. New deployments can be deployed under a different url domain like: http://www.server.com/myapp/v1/main.css http://www.server.com/myapp/v2/main.css This would force browsers to get new content since the content appears as totally new content to the browser. Aside from disabling static content caching, are there any other options out there? Much thanks for the help! justin __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Webapp upgrades and browser caching
Wade, Thanks for your comments. By adding the META expires tag, it sounds like you setting the system up to schedule the upgrade. By this, I mean that you know you're gonna upgrade a week from today, so you configure Apache to suggest that all content should expire at that time. Sounds reasonable. In our situation, we have our webapps installed offsite in clients' facilities, so all/most of the upgrade process needs to be fool-proof... reconfiguring Apache 1 week (or whatever) before the upgrade isn't really an option. Aside from this, any more idea about how to handle this? Thanks, justin For static web pages you can use a tag like this: META HTTP-EQUIV=EXPIRES CONTENT=TUE, 2 OCT 1998 12:42:00 GMT If the browsers still have a problem you might be able to configure Apache to output a header will all content called EXPIRES. I think you can if I remember right from some docs I read. You will have to look at Apache for that. I'm not sure about tomcat being able to handle that or not, but the apache bit should prepend the header I believe. The only other way would be to output all images and static pages from a servlet of some kind and add the header yourself to the request. Browsers should honor that tag or header for all images down the line from your html or jsp pages, but may not. Some browsers may be able to be set to ignore this all together though. Sometimes it is even worse than that. I have seen ISP's who think they are slick who install a cache in their systems, and they basically become a proxy for the users. If they are ignoring such things your users would have to contact them. I have seen some who do this for different protocols even http and https differently. That one irked me pretty good. Anyways, I use expires in all my jsp and html files. I haven't ever tried the other stuff for the headers from Apache, but think I remember reading about it in the Apache docs. I have output that header from servlets and ISAPI dlls before. Someone else may be able to offer more help. Wade At 11:21 AM 10/7/2004, you wrote: Justin Ruthenbeck wrote: I'm looking for some advice about how to handle the following situation. (1) Apache 2.x in front of Tomcat 5.x (2) Deploy new web application. Bunch of servlets, bunch of jsps, bunch of static content (mainly js, css). (3) Many users use the application, during which time their browsers cache lots of static content (4) We do a major version upgrade of the webapp, including (almost) all new static content, but URLs stay the same (to alleviate bookmark-maintenance requirements). The problem arises when the browsers continue to use their cached version of the static content. Now, the browsers eventually get updated, but immediately after deployment there are huge numbers of graphical and functional (js files) problems. It seems like behavior in this area is widely different amongst browsers and/or their settings. I have only come up with the following option: (1) Play with URLs. New deployments can be deployed under a different url domain like: http://www.server.com/myapp/v1/main.css http://www.server.com/myapp/v2/main.css This would force browsers to get new content since the content appears as totally new content to the browser. Aside from disabling static content caching, are there any other options out there? Much thanks for the help! justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cluster Pure Tomcat with Hardware Load Balancer
Mitchell, Pur Tomcat clustering is most robustly supported in the 5.x branch (a backport to 4.1.x was done, but you'll have a harder time getting help with that). Info can be found off of the 5.0.x docs page: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/cluster-howto.html justin At 03:09 PM 10/4/2004, you wrote: Hello to the group - I am desperately searching for information about clustering Tomcat 5 in a pure environment without Apache in front of it. I have a hardware load balancer in front of two Tomcat servers that I want to join in a cluster in order to avoid/reduce broken shopping cart sessions experienced by customers coming from so-called megaproxy ISPs like AOL. Since we can't depend on SSL session ID via the hardware load balancer (thanks to Microsoft IE5+) we believe that we must make clustering work. The problem is scarce/non-existent web documentation of Tomcat Clustering. Any help is appreciated. MitchellT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question about creating new HttpSessions
At 12:24 PM 9/16/2004, you wrote: Shapira, Yoav said: Hi, Why don't you want to invalidate the old one? Mainly because the case that brought up this problem is the tester using the File-New-New window command, then browsing to a bookmarked URL for the login page. They need to be able to continue using the old session in the old window, and the new session in the new window. Note that most browsers use the same cookie-set if you do a File-New-New Window command, but use a new cookie-set if you simply start them in another process (for Windows that means clicking on the icon again to launch a new browser instance). Try it with whatever browser you're using to test (varies by browser, but all that I've used have a similar way to accomplish this), but solving the problem this way would be much, much, much easier than asking your app to do something it's not supposed to do. justin __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat 5 to not display null value as word null
There is no Tomcat magic configuration parameter to make this happen. Instead, take a look at HttpServletRequestWrapper. You can combine that with a Filter to override the behavior of getParameter() for the pages that need it such that it returns instead of null when no such parameter value exists. If you're unfamiliar with the above concepts, check Google, so see: http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters-p4.html Good luck, justin At 04:54 PM 8/20/2004, you wrote: Hi, I have the following JSP fragment: case 1 = %=request.getParameter(no_such_thing)% case 2 = ${requestScope[no_such_thing]} The output of the page is ... case 1 = null case 2 = ... Is there any way that Tomcat can be configured to not display the word null if the value is null? It is easy to replace the above example in case 1 by case 2, but in my case it is not easy to make such change to my existing code base (which I am migrating from another servlet engine that outputs null as ). I have pages with the input type=text elements displaying the string null when there is no default value. Thanks, -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to keep a single user session from having multiple threads?
I'll answer your specific question, but first let me say: In the situation you are describing here, the root problem is not that the same JSP is being run concurrently for a particular session -- it's that your application has been designed such that you care. Mainstream jsp/servlet applications should be coded in a thread-safe manner such that data protection, locking, etc is provided in an appropriate way outside your jsp/servlet. Now, to answer your question: You cannot configure Tomcat to limit a session to one thread. What you really need to do is limit a single client (in a given session) from making two requests to the same JSP. Code your client this way, then add logic (in a filter, I'd suggest) to enforce the restriction. Doing this will work, but you'll find that you're swimming upstream against the spirit of the servlet spec, so keep that in mind. If your only concern is one of resource usage (that's what your email seems to imply), then you'd be better off trying to find out why your clients are making two simultaneous requests or (if it's a configuration problem), why you've got Tomcat configured to make that happen. If you want help with that, feel free to reply with more info to the list. Good luck! justin At 06:04 PM 8/19/2004, you wrote: Hello folks, I have a situation in which 2 threads are being started in the same user session. Now, that in itelf is not necessarily a problem - the problem it that both threads are executing the same JSP pages. This still does not hurt anything as yet,(The JSPs use session variables so that different users don't interfere with each other) but in the logs (using log4j) I can see the same JSP being executed by multiple threads simultaneously. There is definitely no need for this. I'd like to configure Tomcat such that it only runs one JSP at a time per user session. However, I am fine with having each user session start its own thread. Can this be configured in Tomcat (one session = one thread) or is this outside of Tomcat? Here is an example - notice the interleaving of the threads, as they execute the same JSP (ClothingBuyer.jsp) such that Thread 10 finishes while Thread 8 is still in the middle of working, and remember, these are from one user session - not two users. [Thread-10]2004-08-19 11:16:01,494 DEBUG FitMe.site.ClothingBuyer - Self=user1 [Thread-10]2004-08-19 11:16:01,494 DEBUG FitMe.site.ClothingBuyer - Result from query is not null, continuing [Thread-10]2004-08-19 11:16:01,508 DEBUG FitMe.site.ClothingBuyer - A user name found: user2 [Thread-8]2004-08-19 11:16:01,516 DEBUG FitMe.site.ClothingBuyer - Self=user1 [Thread-8]2004-08-19 11:16:01,516 DEBUG FitMe.site.ClothingBuyer - Result from query is not null, continuing [Thread-10]2004-08-19 11:16:01,519 DEBUG FitMe.site.ClothingBuyer - A user name found: userx [Thread-8]2004-08-19 11:16:01,529 DEBUG FitMe.site.ClothingBuyer - A user name found: user2 [Thread-10]2004-08-19 11:16:01,530 DEBUG FitMe.site.ClothingBuyer - A user name found: user3 [Thread-10]2004-08-19 11:16:01,537 DEBUG FitMe.site.ClothingBuyer - A user name found: user4 [Thread-10]2004-08-19 11:16:01,539 DEBUG FitMe.site.ClothingBuyer - Finished with user list. [Thread-8]2004-08-19 11:16:01,544 DEBUG FitMe.site.ClothingBuyer - A user name found: userx [Thread-8]2004-08-19 11:16:01,550 DEBUG FitMe.site.ClothingBuyer - A user name found: user3 [Thread-8]2004-08-19 11:16:01,556 DEBUG FitMe.site.ClothingBuyer - A user name found: user4 [Thread-8]2004-08-19 11:16:01,557 DEBUG FitMe.site.ClothingBuyer - Finished with user list. Once again, here is my goal: I'd like to configure Tomcat such that it only runs one JSP at a time per user session. I am fine with having each user session start its own thread. Can this be configured in Tomcat (one session = one thread) or is this outside of Tomcat? Bill Bruns - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How can I display number of requests over the past n seconds?
More academic exercise than recommendation, but... Write your own implementation of a Map/HashMap specific to java.util.Date objects. Identify your smallest time increment (5 seconds in your email). Identify largest time increment (60 seconds) Create (60/5)+1 buckets for your hash function Write your hash function such that each date object -- representing one request each -- gets placed in the right bucket. If the bucket contains aged dates, which you should know by simple counting (not comparison), empty it before placing a new one in. To display results, simply add up the content size of the appropriate buckets and return. This implementation is more lightweight than others suggested because the process of pruning is built into your implementation (instead of using external threads or comparisons each time you insert)... you're trading memory usage for decreased processing time. On the other hand, it doesn't *strictly* tell you how many requests came in the last X seconds -- only how many came since the last time unit started. It's also only reasonable for numbers like you suggested -- Tim or Yoav's suggestions would be better if your range is 5 seconds to 60 minutes, for example. justin At 07:10 AM 7/29/2004, you wrote: I need to display on a .jsp page the number of requests for Tomcat in the past 5 / 10 / 15/ 30 / 45 / 60 seconds. I've already implement a Filter will count the total number of requests. I did this with a static int, which is incremented everytime a request comes in. But what should I do so that I can show number of request over past time intervals? Since the present time is always changing, the past n seconds is constantly changing also. Thanks in advance, Tom __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Is there such a beast ? (virtual directories)
At 12:13 PM 7/13/2004, you wrote: One option is to use a servlet that serves static files from directories and map that servlet in your web application's web.xml. This is nowhere near as robust or secure as putting httpd infront of your servlet containers. Again since this _could_ point outside the application directory it's a poor solution. This approach is what we've done to use shared resources (static content) amongst multiple apps. In some deployment environments, running Apache in front of Tomcat is a no-go for our customers, so implementing this way allows us to *optionally* use Apache: If Apache present, image is at http://www.site.com/images/a.gif and physically at /.../images/a.gif If Apache is not present, image is at http://www.site.com/webAppA/static?a.gif and physically at /.../images/a.gif Point being, implementing the serving as a separate servlet can give you additional flexibility at deployment time. The assertion that this diminishes robustness and/or security must be taken in context -- in many situations, this can be preferable to running with Apache in front. As always, YMMV. justin Otherwise (as in Carl's suggestion): You can overlap URI mappings to contexts. So you can map: /app1 - fooApplication.war /app1/images - /usr/home/tomcat/images as long as your images directory is a deployable web application. Original Message Follows From: Mike Curwen [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Is there such a beast ? (virtual directories) Date: Tue, 13 Jul 2004 10:12:56 -0500 Hello all, I had a friend ask me on the phone a couple days ago, and now a question has popped up at javaranch. I've looked in the docs and googled, but haven't found a definitive 'no' answer (shouldn't life be that simple?). Thought I'd ask here. Is there such a thing as directory aliasing / virtual directories (like you get in Apache), available in Tomcat? so you'd specify that /images is *really* over here at /usr/local/some/funky/place/images I like to tell people they don't need Apache, unless they're doing special stuff. Would this be one of those special things ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: will ROOT (/) context, folder hello interfere with context (hello) ?
It's genally a good idea to use the ROOT context as merely a redirection feature, _especially_ if you've got any possibility of naming conflicts (like you're suggesting). By this, I mean make your ROOT context simply do a redirect (either an HTTP redirect or a JSP/Servlet redirect, depending on what you need to accomplish) to your real default web application. It will eliminate problems like this -- naming and implementation/function should be independent. As for your question, you can't practically get to ROOT/hello in the case you're describing. justin At 12:47 PM 7/9/2004, you wrote: Then what about ROOT/hello ? How do you get to there? -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 8:19 AM To: 'Tomcat Users List' Subject: RE: will ROOT (/) context, folder hello interfere with context (hello) ? You'd get the hello context. -Original Message- From: Ivan Jouikov [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 3:37 AM To: 'Tomcat Users List' Subject: will ROOT (/) context, folder hello interfere with context (hello) ? Something just popped in my mind. If you have a ROOT context which has a folder named hello, And you have a context named hello When you request localhost:8080/hello/ Which one are you gonna get? The ROOT context or the hello context? I will try this out tomorrow, but I wonder how tomcat handles this? _ Best Regards, Ivan V. Jouikov (206) 228-6670 http://www.ablogic.net/ --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.716 / Virus Database: 472 - Release Date: 05.07.2004 --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.716 / Virus Database: 472 - Release Date: 05.07.2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.716 / Virus Database: 472 - Release Date: 05.07.2004 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Limit time for Database connection
Elisabeth, Robert's suggestion should work, depending on the particulars of your situation. Additional comments... If the problem is happening at connection creation time (ie initialization of the webapp), you're much better off. In this case, the network timeout isn't usually such a critical issue since someone is presumably monitoring the restart. If, however, your pooled connection is bombing out during normal runtime, you've got more of a problem. This situation is generally handled by the pool -- depending on which pool impl you're using, there will likely be a refresh rate which is the rate at which connections are tested for validity by the pool (seems like most people are using DBCP with Tomcat: see testOnBorrow and testWhileIdle parameters combined with maxWait). If you're concerned about requests to your app taking a long time because connections are no longer valid, this should significantly help and/or solve the problem. If that's still not enough and you feel you still need a shorter timeout, remember that there are tradeoffs to shortening the timeout (it's there for a reason, after all). That's going to be highly dependent on your pool impl and/or your database driver, depending on what you're using. Change your timeout settings there. Either way I'd advise only going as low at the DB driver and not messing with OS networking settings if possible. justin At 05:11 PM 7/8/2004, you wrote: Elisabeth, Nobody has responded to your question (that I've seen), so I'll take a shot. This sounds like a network issue, and network connection failures have to time out before they fail. Using a timed separate thread to obtain the connections for the pool occurs to me; if the connection thread doesn't return in a certain amount of time the parent thread could throw an Exception. Has anybody tired something along these lines? Is this suggestion way off base? Regards, Robert Bachler, Elisabeth (Elisabeth) wrote: Hello, I defined a database connection that uses a pool connection. Everything is working well. Now I had a routing problem that prevented any database connection (with a SQPNestedException fired). The exception fired after a long time is there a way of setting the connection limit, so it does not take so long before firing the exception? Thanks Elisabeth - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Limit time for Database connection
See my previous post on the thread. Combined with testOnBorrow and/or testWhileIdle, it could certainly help. justin At 05:56 PM 7/8/2004, you wrote: Could be, anyone know for sure? Eric Noel wrote: I thought it would be just as simple as setting the parameter in the DBCP??? parameter namemaxWait/name value1/value /parameter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] On 7/9/2004 8:11 AM, Robert F. Hall wrote: Elisabeth, Nobody has responded to your question (that I've seen), so I'll take a shot. This sounds like a network issue, and network connection failures have to time out before they fail. Using a timed separate thread to obtain the connections for the pool occurs to me; if the connection thread doesn't return in a certain amount of time the parent thread could throw an Exception. Has anybody tired something along these lines? Is this suggestion way off base? Regards, Robert Bachler, Elisabeth (Elisabeth) wrote: Hello, I defined a database connection that uses a pool connection. Everything is working well. Now I had a routing problem that prevented any database connection (with a SQPNestedException fired). The exception fired after a long time is there a way of setting the connection limit, so it does not take so long before firing the exception? Thanks Elisabeth - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: jspc
is to try and speed up / make TC less memory consumptive. cheers Paul. __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin (1755) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Design question ..
Since everyone else seems to have an opinion on this, I figure that I might as well share mine. :) A couple things to keep in mind: (*) Depending on your geographic location, you may have a legal responsibility to make sure that an item listed as available is, indeed, available. In other words, you can't tell a user that an item is available, let them put into their cart, then tell them it's not available when they try to pay for it. This is municipality-specific, but something to keep in mind for those doing cross-border sales. (*) The requirement you have described is a business-process requirement. It is not technical and therefore, IMHO, should not be satisfied with row locking, transaction manipulation, etc. Satisfy it on the controller level and avoid polluting your model with stuff like this. My personal inclination (which could change depending on the situation) would be to give users an X minute (logical) lock once something has been put in their cart. If they don't buy it (or indicate they want to keep it) after that time is up, it goes back on the shelf. In other words, treat everything in your inventory like a real object ... if a consumer wants to buy it, give them a pickup-ticket that they can take to the cashier. Ensure that the number of pickup-tickets equals the number of real items in inventory. The primary benefit here is that you'll fail fast instead of promising something that you can't deliver. (This isn't my idea, BTW ... take a look at TicketMaster when a hot concert goes on sale to see this in action) justin At 12:37 PM 6/21/2004, you wrote: Hi, I am in the process of writing a webapp that allows users to make a payment and register for a course. Using Apache -- Tomcat --- MySQL. The question is a design question i guess, unless there is something in Tomcat that I can leverage, which i might not know. I know that this is a design question , but since I am using Tomcat as my JSP/Servlet container and since the participants here are experts in this field , I thought that I might get some good pointers here. Lets take this scenario: User 1 and User 2 are trying to register for a course called Taekwando. The fee for registering is X amount. Also there is another course called Majagutamba and it costs Y amount. Both theses courses have exactly 1 seat remaining. Now lets say user 1 adds both these courses in his shopping cart, and user 2 does the same, since user 1 has not completed his transaction and paid the enrollment table wont have an entry for user1. (The Enrollment table keeps track of which user is enrolled in which course). Therefore both users have both those courses in their shopping carts. Now both of them proceed to checkout. They enter their credit card information and say submit. Both those users make payments and get enrolled for both those courses!!! Which is wrong , since both those courses could only enroll 1 more person, instead two new users were just added. To avoid the above problem one could implement a singleton synchronized Transaction object that would process shopping cart checkout in a queue. The problem with this approach are: 1. If anything goes wrong with any one transaction, it would hold up the entire queue. (Well we can have some sort of timeouts and take care of that.) 2. Since this is a syncrhonized singleton and if the traffic for registering for the courses is high, this would be a slow process for which the user will have to wait. Is there a better solution, algorithm, to do this ? Any help is appreciated. Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Design question ..
At 04:12 PM 6/21/2004, Frank Zammetti wrote: The first point is a very good one, I wouldn't have thought of it! The second point is certainly arguable. I see where your coming from, but if it's a business rule, it by definition belongs in the model layer. Remember, view is easy, the controller interfaces the two, and business logic of an application is the model layer. If you define the controller as the portion that *merely* interfaces the view with the actual working objects (ie a Command servlet), then yes. What I was trying to get at is that a DAO should be responsible for exactly that -- accessing the data. It is, IMO, ill conceived to use the DAO to determine whether a row is locked and therefore whether an item is available. That aside, I really do like your idea about kind of putting a hold on the class. I think that's a very good suggestion and a good model to follow. but in the end Justin, you would do well, I think, to do this in the database, i.e., have a locked field as write to it. The complication there is you'll need some method to unlock abandoned items periodically. I suppose my objection to handling in the database is not so much with the locks, but more with the combination of browsing behavior and inventory in a single table. Storing information about a user's cart in the database has its advantages -- namely sharing amongst machines in a cluster and persistence across restarts -- but anytime you have multiple hands (from multiple logical processes) in the cookie jar, I get nervous about maintaining integrity. Ultimately, I like Eric Earle's dual-table suggestion as it accomplishes both accurate, fail-fast inventory reporting for buyers, and separation of the browsing and buying data... along with the persistence and locking benefits of doing it in the DB. Good luck on your impl, Mufaddal... justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Reading the servlet input stream twice
The cleanest, most standards-compliant way of doing what you're asking is through the HttpServletRequestWrapper. Make sure you've duely considered QM's comments about the getParameter() methods. justin At 01:41 PM 6/18/2004, you wrote: Dear All, I use Tomcat 4.1.xx I am implementing page tracking on a project. I am coming across a problem, when I want to write a copy of the parameters or contents of a POST request to the database. I have tried using HttpServletRequest.getInputStream () but this cleans out the input stream and means that no parameters or content is available to be passed on to the logic that processes the parameters or post content. Is there anyway of getting a copy of a POST request content without cleaning out the input stream and stuffing up the suceeding logic? Regards, Phil Hewitt mail2web - Check your email from the web at http://mail2web.com/ . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: three problems
At 05:23 PM 6/17/2004, you wrote: Thanks for your prompt answer, Could you be more specific on the address attr? I have the following in the Connector element on my server.xml: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 masProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / To add to QM's comments: You're accessing it locally by hitting http://localhost:8080, right? If you're access it remotely with http://www.x.com/myapp, can you access it locally with http://www.x.com/myapp? Try accessing it remotely with http://ip-address-here/myapp and see what happens. In any case, this should be a networking issue... justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is tomcat a suitable server for our application ?
Can Tomcat handle 3000 concurrent sessions? Yes. The bottleneck will not be Tomcat, per se, but rather either hardware resources (memory on the heap) or database connections. What you really need to figure out is how *active* those 3000 users will be -- 3000 users actively querying financial data reports is VERY different than 3000 users reading today's news reports. Point being that the question to ask is not whether Tomcat will support 3000 concurrent users. This is a question of resource availability. The question should be: can my one machine running with MY APPLICATION, Tomcat and the hardware specs you gave support 'X' simultaneous requests with a minimum/average request processing time of 'Y' milliseconds? No one here will have the answer to that, of course. justin At 10:43 PM 6/14/2004, you wrote: Hi, We are planning to host a web application which is estimated to have around 3000 concurrent users. We are using SQL Server 2000 as database and Struts 1.1 framework. Our production server (i.e. web server. We're having a different database server.) has the foll. configuration: 4GB Ram Xenon P4 processors - 2 nos. Windows 2000 Professional OS 72 GB HDD Do you think that Tomcat is a suitable web server for our application? Thanks Regards, Paresh Mondkar. Confidential: This electronic message and all contents contain information from Syntel, Inc. which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee only. If you are not the addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this electronic message in error, please notify the sender immediately and destroy the original message and all copies. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Failing due to Multiple browser windows sharing the same session
At 03:06 PM 6/3/2004, you wrote: How to duplicate: 1) Go to sid.jsp in the webapp. 2) Use Ctrl+N to open a new browser window. 3) Go to sid.jsp with the new browser window created in step #2. 4) Session ID's are the same. I don't see any options in Netscape to force the new browser window to be in a new session. I havn't looked at IE yet. Is this a problem with tomcat, the browser, or the webapp? The behavior you're seeing is expected and intentional. I don't know about all operating systems and browsers, but IN GENERAL opening a new browser *window* with Ctrl+N will share sessions ... opening a new browser *instance* via starting a new process will not share sessions. This can cause problems if you have two browser windows sharing the same session, both doing time-consuming work on the same data set. This doesn't happen very often and usually when it does it's more a sign of problematic design than anything else. As for your particular solution, that's a complex discussion to figure out what exactly would work best -- basically either accept that you'll have multiple threads modifying the same session data (and synchronize data access) or change the way your're storing data to make it immune to this situation. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Maintaining Sessions
Hi, Square peg, round hole. It seems like the only reason you've split these into multiple hosts is to differentiate between secure and non-secure communication -- that's a bad idea. From what you've said, the best approach is to put all of the JSPs for (A) and (C) in the same webapp, but set security-constraints for those resources (C) that require https. See: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html What you're describing here is a deployment-time problem -- it shouldn't impact your code in a major way like distributed sessions would cause. justin At 02:56 PM 6/2/2004, you wrote: Hello, I am running Tomcat 5.0.25 on SuSE Linux 9.1. I am running ONE Tomcat server with two services: 1. Standalone on port 80, with two hosts: A. A basic shopping site with a CartBean.java that I set scope=session when I call it from JSP's. B. Another not related host. 2. Standalone SECURE on port 443, with two hosts: C. The secure checkout site for host A (above) B. Another secure, but not related, host. My cart.jsp on host A uses checkout.jsp on host C to process the request. However, the session with CartBean objects does not carry over. How do I keep my session alive from host to host on the same server? And what if I decide to move the host C to another server on another machine? Then what? Or is this the wrong approach? Is there a way to have SOME secure jsp's on the same host as some non-secure jsp's? And do I HAVE to have a WEB-INF directory for both hosts, or could they somehow share a WEB-INF directory so I only have to maintain ONE set of classes? I tried using symbolic-link WEB-INF's to one big WEB-INF directory, but it did NOT work. Justin Jaynes __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Maintaining Sessions
At 04:22 PM 6/2/2004, you wrote: There is a web.xml file in my catalinahome/conf directory. I have read that according to some specifications somewhere, I should also have a web.xml in every WEB-INF directory for each application. Does the main web.xml file apply to all applications, and the WEB-INF web.xml just add settings to the specific applications, or does it OVERRIDE the main web.xml (so I would need to include ALL the entries found in the main file in ALL of the application level web.xml files)? The app-specific web.xml extends the global one (information defined in the app-specific one overrides the global one, but any information not overridden is inherited). And what would an entry look like to force one specific file to re-direct to the secure port? I can only find very vague examples that secure entire applications. This is a Servlet spec thing -- see SRV.12.8 (Servlet2.3). It's basically something like this in your web.xml (no guarantees for code correctness here, but it should get you started): security-constraint web-resource-collection url-pattern/secure/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Thanks for the help thus far, Justin Jaynes No problem. Good luck. justin --- Justin Ruthenbeck [EMAIL PROTECTED] wrote: Hi, Square peg, round hole. It seems like the only reason you've split these into multiple hosts is to differentiate between secure and non-secure communication -- that's a bad idea. From what you've said, the best approach is to put all of the JSPs for (A) and (C) in the same webapp, but set security-constraints for those resources (C) that require https. See: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html What you're describing here is a deployment-time problem -- it shouldn't impact your code in a major way like distributed sessions would cause. justin At 02:56 PM 6/2/2004, you wrote: Hello, I am running Tomcat 5.0.25 on SuSE Linux 9.1. I am running ONE Tomcat server with two services: 1. Standalone on port 80, with two hosts: A. A basic shopping site with a CartBean.java that I set scope=session when I call it from JSP's. B. Another not related host. 2. Standalone SECURE on port 443, with two hosts: C. The secure checkout site for host A (above) B. Another secure, but not related, host. My cart.jsp on host A uses checkout.jsp on host C to process the request. However, the session with CartBean objects does not carry over. How do I keep my session alive from host to host on the same server? And what if I decide to move the host C to another server on another machine? Then what? Or is this the wrong approach? Is there a way to have SOME secure jsp's on the same host as some non-secure jsp's? And do I HAVE to have a WEB-INF directory for both hosts, or could they somehow share a WEB-INF directory so I only have to maintain ONE set of classes? I tried using symbolic-link WEB-INF's to one big WEB-INF directory, but it did NOT work. Justin Jaynes __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: API for authenticating user
users must visit login page to authenticate themselves after subscribing. I'd like to reduce the login step for subscribers if session continues. I think I have to use a couple of Tomcat API and save principal information into the user session, right? regards, Koji - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: forwarding across contexts?
Fred, Thanks for the additional info about your app ... it makes it much easier to talk about these things. :) There are many (valid) ways to proceed, many of which vary in the amount of standards they adhere to (how much you want to align yourself with Tomcat). I'll just give you my thoughts. At 09:02 AM 5/11/2004, you wrote: Let me describe a bit about our application, just in case you (or anyone else) have some specific advice. My client is a publisher, and the bulk of the site will be many thousands of published articles and associated content such as figure, tables, etc. The HTML content, however, will be served by tomcat, since it has some dynamic components. The biggest question, then, has to do with your security requirements. Specifically, does this content need to be protected or can it just sit out there for anyone to grab? If it need not be protected, this is, IMHO, a textbook example of when to use Apache. You've got a large collection of static data and a relatively small web application associated with it. You've probably got different groups working on the different parts (the publisher's content and the HTML pages), so it makes sense to separate it out and serve the static content by generating links to your static web server's content from your dynamic HTML. Additionally, you could then put the two pieces on separate machines (one or more with Apache, one or more with Tomcat) to keep them separated even more cleanly. If the content needs to be protected, I would create a separate directory and put the content there. Symlink this to the base of your Tomcat webApp and let Tomcat serve it normally, employing whatever security scheme you're using. You won't be able to deploy the entire thing as a single WAR, but it doesn't sound like you really care to do this anyways. This is why it's not practical to bundle everything into a war file. Instead, I need tomcat to point to the file system where many users will be building the site. On the other hand, the war file can easily contain the java infrastructure (struts, velocity, configuration information, etc.). I'd like to be able to keep the small war file, hot deploy, etc., but have the raw content (static and otherwise) live elsewhere. Given that, would you solve it with multiple contexts? Or do you have another suggestion? Alternately, you could extend the DefaultServlet (if you don't mind tying yourself to Tomcat and your version) with your own custom static content servlet that gets data from an arbitrary directory. If you can't be tied to Tomcat, use the source as a base to write your own default servlet. This solution is more on the slick side of things, so it wouldn't be preferable ... better to stay within the mainstream boundaries. If you can, look into symlinking or Apache. Consider the extend/impl DefaultServlet idea. If you're still not satisfied, having two separate contexts can be made to work. Perhaps others have additional ideas. Fred Good luck, justin At 10:08 AM 5/11/2004, you wrote: Hi, Is there a way, within a single context, to separate out the static content to some other file system location. Of course, there are many ways, none of them advised. You want to keep your webapp as a whole, that's the whole point of a WAR file. You can symlink (at the filesystem level) or use normal HTTP linking to access your static content. But you can't symlink in a WAR, so... I believe that Yoav's suggestion is that I set up the empty path () context for this purpose. However, this is where I started, and Justin argued against this cross-context approach. And I agree with Justin, just to be clear. I wasn't advocating anything different from what he said, just showing you that it can technically be done. If crossContext forwards are the worst design choices on this list, we'll be in great shape. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e
RE: forwarding across contexts?
, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: forwarding across contexts?
At 07:04 PM 5/10/2004, you wrote: Hi, I'm trying to install a filter into the default context that forwards to my application (in another context) and it doesn't seem to want to work. (jboss 3.2.3 with embedded tomcat 4.1.29) In researching this, I've seen various hints that this may in fact be illegal. Can anyone confirm? It is generally good design practice to limit interactions between your webapps except for strongly defined specific interfaces that promote modularity. Doing something like you're suggesting will likely lead to messy, difficult code to work with ... not because it's a necessarily bad design idea, but rather because the premise behind J2EE is that code bases are designed, coded, deployed, and maintained as independent applications. They're not meant to ineroperate in a fluid way. It's possible to do what you're suggesting, but not recommended. The REASON I want to do this is that I want to be able to take advantage of simple URLS with the default context, as in /images/whatever.gif, and have them be served by DefaultServlet, which conveniently knows how to handle all that sort of stuff, set mime types, etc. I'm also hoping that DefaultServlet was written by someone more clever than me! Resources need not be within the ROOT web application to be served by the DefaultServlet. You'll notice that the DefaultServlet is defined within the global web.xml (I haven't worked with recent versions of jBoss, so I'm not sure exactly where they put this these days), which means that all applications inherit it. This means that resources like /images/whatever.gif and /mywebapp/images/whatever.gif will both be served by the DefaultServlet unless you configure it otherwise. But, I also want to capture certain simple URLs and forward these to another context. As in /protected.html needs to be forwarded to /accesscheck/protected.html or similar. Am I on the wrong track here? Is it possible to forward (via RequestDispatcher) from one context to another? If not, how can I take advantage of DefaultServlet in my application? See ServletContext#getContext(String). Again, I predict you'll find this to be a clunky and frustrating way to do things. Unless you have an over-riding reason to do otherwise, embrace the idea of separate and distinct web applications and let the container do this URL parsing and forwarding for you. Many thanks, Fred Toth Good luck, justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and restricting the size of HttpServletRequest
At 07:03 AM 4/23/2004, you wrote: This also begs the question as to when my servlet gets to see an incoming request - I was concerned that by the time my servlet gets to see the incoming request Tomcat had already read the incoming data and stored it in the HttpServletRequest object - in which case request.getContentLength() is of no help. Regards Roger If anyone has insight into this, I'd be very curious to get a definitive answer. Although I've never explicitly explored this (or read this part of TC's code), it seems like Tomcat reads the entire POST, makes an in-memory copy of it, then passes it along to the Servlet/Filter processing the request. If this is the case, then the InputStream from the ServletRequest is not reading data across the network. Again, my reasons for surmising this are anecdotal. It seems like it'd be easier and more fault-tolerant to have the above behavior than to truly stream data over the network. Any authoritative input would be appreciated. Thanks, justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat stops loading when I run my servlet with load-on-startup
Yes. Rip out the load-on-startup. Now. Don't wait till Monday. Replace with a context listener (see: javax.servlet.ServletContextListener). Relax and have a stress-free weekend. justin At 01:55 PM 4/23/2004, you wrote: Look at listeners. I think there was a similar thread a while back and the solution was to have a listener kick off the servlet after all the other processes were done. You could also have your servlet start and then wait for a certain amount of time, to allow time for all other processes to start. Doug - Original Message - From: Adrian Klingel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 4:03 PM Subject: Tomcat stops loading when I run my servlet with load-on-startup I have a servlet which calls a method on itself to poll a directory for XML files. When one is found, another method (read() is called which then creates a SAX parser and attempts to validate the file against an XML schema. Upon calling the parse() method, Tomcat freezes. It doesn't create or write to a log, and nothing else starts up. Nothing is accessible on port 8080, because Tomcat doesn't make it to the point where it mounts that port. When I remove the load-on-startup from this particular app's web.xml, Tomcat completes its startup process and things are accessible. I can then reintroduce the load-on-startup to the web.xml and Tomcat will automatically kick off the servlet. This time nothing freezes, and the program runs as it is supposed to. My program is attempting to validate this XML file against a schema which is accessible locally on port 8080. But that port is prevented from becoming available, so the program will just wait forever. My question is, how can I prevent my servlet from starting up until after Tomcat has completed its startup procedure? I've specified higher numbers in the load-on-startup element, but to no avail. Thanks for any help you can offer. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FW: Tomcat stops loading when I run my servlet with load-on-startup
At 05:21 PM 4/23/2004, you wrote: Justin, I followed your advice immediately, but the exact same thing happens. My response was tongue-in-cheek, but that's ok. :) Just to restate the issue, my servlet hangs because it needs to obtain an XML Schema from localhost:8080. But it can't get it, because Tomcat won't finish loading until the servlet is finished. But the servlet won't finish until Tomcat finishes loading. Etcetera, etcetera ad infinitum. I've got some sort of logic issue here. If I want to kick off a program that polls a directory for XML files, should I probably do something where I kick off an independent thread, so that Tomcat is not waiting for my program to finish (which if it's a good poller, it never will)? Ah, I see. Using the ServletContextListener will make your life easier going forward, but it doesn't directly address what you're talking about here. As others have said, you may be able to solve the immediate problem with an EntityResolver (pretty standard). The larger question, though, remains. Since there's no standard way to make a webApp unavailable after it has been fully initialized, whatever resources you need to verify the startup have to be available during the contextInitialized() timeframe. That means your options for deployment are a tad limited (ie where to place these schemas), regardless of whether you use an EntityResolver or not. It's really an issue of what types of restrictions you're willing to place on the deployment ... if it's always deployed as an exploded dir, you could use a init param to specify the OS filesystem location of the schema (or an EntityResolver). If you can put the schema somewhere in the webapp or container's classpath, you can use the getResourceAsStream() method. If you truly need to poll indefinitely for XML files (files will change during runtime), but reading one of them isn't required for you to start the context successfully, then you could fire off the thread and let your startup finish gracefully. Just depends on the other conditions of your app. justin -Original Message- From: Adrian Klingel [mailto:[EMAIL PROTECTED] Sent: Friday, April 23, 2004 6:52 PM To: Adrian Klingel - Exaweb Subject: FW: Tomcat stops loading when I run my servlet with load-on-startup -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: Friday, April 23, 2004 6:47 PM To: Tomcat Users List Subject: Re: Tomcat stops loading when I run my servlet with load-on-startup Yes. Rip out the load-on-startup. Now. Don't wait till Monday. Replace with a context listener (see: javax.servlet.ServletContextListener). Relax and have a stress-free weekend. justin At 01:55 PM 4/23/2004, you wrote: Look at listeners. I think there was a similar thread a while back and the solution was to have a listener kick off the servlet after all the other processes were done. You could also have your servlet start and then wait for a certain amount of time, to allow time for all other processes to start. Doug - Original Message - From: Adrian Klingel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 4:03 PM Subject: Tomcat stops loading when I run my servlet with load-on-startup I have a servlet which calls a method on itself to poll a directory for XML files. When one is found, another method (read() is called which then creates a SAX parser and attempts to validate the file against an XML schema. Upon calling the parse() method, Tomcat freezes. It doesn't create or write to a log, and nothing else starts up. Nothing is accessible on port 8080, because Tomcat doesn't make it to the point where it mounts that port. When I remove the load-on-startup from this particular app's web.xml, Tomcat completes its startup process and things are accessible. I can then reintroduce the load-on-startup to the web.xml and Tomcat will automatically kick off the servlet. This time nothing freezes, and the program runs as it is supposed to. My program is attempting to validate this XML file against a schema which is accessible locally on port 8080. But that port is prevented from becoming available, so the program will just wait forever. My question is, how can I prevent my servlet from starting up until after Tomcat has completed its startup procedure? I've specified higher numbers in the load-on-startup element, but to no avail. Thanks for any help you can offer. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine
Re: How to limit concurrent requests by same user
You'll find quite a bit of info about this in the archives. When this has come up in the past, consensus seems to have been the setting of a unique token within the page when generated such that each time a user requests a submittable page, that page will contain a hidden attribute with that token. Implement a filter that only allows processing of that token once. The problem with the solutions mentioned in this thread is that if a user double clicks on a form, the browser will display the output of the second click (which would be nothing). If you implement the tokens, the second request can wait for the first to complete, observing a result object that it can return once the first request finishes. This is *definitely* an advanced technique, but it's the most robust, user-tolerant, and resource-conservative one I've used and/or seen other places. Depending on your situation, the simplest way I've seen to (mostly) handle this is to disable the submission button with Javascript once it's been tapped once. It's a point solution that's not perfect, but it'll catch 98% of egregious offenders. justin At 12:58 AM 4/21/2004, you wrote: I wonder if it would be possible to write a filter that would implement this functionality transparently to the JSP pages/servlets. It could be done semi-transparently with a conditional custom tag embracing all of an individual page's content. That tag could check for concurrent request and then conditionally display or omit the (costly) body of the page. Regards Thomas __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] how to save a form field to client
Yes, that can work. A small applet with proper permissions granted would do the trick as well. justin At 06:45 AM 4/7/2004, you wrote: Hi all, Not really a Tomcat question but I'm hoping someone has a good suggestion. I have a Tomcat app with a chat client talking to a jabber chat server. A business requirement is to be able to click a button to save the chat transcript to the client hard drive. The only solution I've come up with so far is basically submitting the text area as an input to a servlet, that then saves the file to a temporary directory on the server and redirects the client request to that file, which would (hopefully) initiate the save or open dialog we all know and love. Can this work? Other ideas? Thanks! Andrew Longley Senior Developer MindFlow Technologies, Inc. (972) 930-9988 x139 http://www.mindflow.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How can I maintain state with Axis webservice in Tomcat?
This is more of an Axis question, but... Have you looked at SimpleSessionHandler? I had to extend it to make it work nicer with HttpSessions, but that's really up to how you need it to function. Yoav's reply is a good way to go as well. justin At 08:32 AM 4/6/2004, you wrote: I've got multiple instance of a presentation front end sending requests to multiple instances of the component I'm building. I know about using cookies for state management, but it won't work with our case because we don't connect to any client web browser. The front end does provide a unique id that is persistent throughout the lifecycle of the request. How can I use this unique id as the unique identifier so that I can manage state within AXIS web services. - Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway - Enter today __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat5/tomcat4 comparison
At 12:22 PM 3/30/2004, you wrote: Basically, the whiz-bang feature I want is JSP2.0 I have looked over whats on the site as they do show about 10 differences in containers, so the clustering, GC improvments, some others, I've read. I just need to justify the move of a handful of servers to tomcat 5. Up there amongst the best reasons is availability of support. As with all OSS, you benefit by aligning yourself to the main trunk of development from a bug fix and *especially* forum support point-of-view. Many (most, it seems) of the regular contributors to this list have migrated to Tomcat5, so there's less of an audience anxious to work on Tomcat4 problems. justin -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: Tue 3/30/2004 11:55 AM To: Tomcat Users List Cc: Subject:Re: tomcat5/tomcat4 comparison On Tue, Mar 30, 2004 at 09:44:23AM -0800, Neil MacMillan wrote: : Hi all, I'm trying to gather all the information I can about pros/cons of : migrating 10-15 servers from tomcat4 to tomcat5. I have been unsuccessful in : finding some good performance comparisons, and major feature differences : between the two (major)versions. Can anyone provide some links/docs for : this? Jokes aside, have you checked the release docs? I don't have the exact URL but they're on the website. just a few TC5 new features/improvements that come to mind: - support for servlet spec 2.4 and JSP spec 2.0 - clustering - improved manager app (IIRC) Unless you see some total whiz-bang feature that you've been craving, then it's a matter of deciding whether you want to upgrade just for the heck of it, or to be running the latest version. (-and that's not necessarily a bad thing.) -QM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.27 fails to start
sarcasm I'm going to go out on a limb here and suggest that perhaps you have some xml that you just edited where you included the string -- within a comment block. I'm basing this guess on the error message that you got: The string -- is not permitted within comments. /sarcasm Seriously, check the XML that you just edited and look for something that looks like: !-- This is my comment -- it's not well-formed. -- Such a comment is malformed. If you can't figure out which xml it is (you should be able to), look at the source Catalina.java:449. Next time, you may want to consider thinking about the error message you got before posting to the list and, if you're going to post, give some context and an indication that you did so: I was trying to edit my server.xml to add a new Coyote Connector, which I believe I did correctly. Now when I start my Tomcat with the startup.bat file, I get the following error message: [Stack Trace]. I couldn't figure out what was causing this, so I bumped up the debug level, but didn't see anything. [Debug output]. I googled for is not permitted within comments but didn't find anything useful. I'm offering 40 karma points for anyone who can help me with this... please. ;) justin At 06:40 PM 3/26/2004, you wrote: Tomcat fails to start with the following stacktrace: - Catalina.start: org.xml.sax.SAXException: Stopping after fatal error: The string -- is not permitted within comments. org.xml.sax.SAXException: Stopping after fatal error: The string -- is not per mitted within comments. at org.apache.xerces.framework.XMLParser.reportError (XMLParser.java:1228 ) at org.apache.xerces.framework.XMLDocumentScanner.reportFatalXMLError(XM LDocumentScanner.java:570) at org.apache.xerces.framework.XMLDocumentScanner.scanComment (XMLDocumen tScanner.java:1894) at org.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.disp atch(XMLDocumentScanner.java:1121) at org.apache.xerces.framework.XMLDocumentScanner.parseSome (XMLDocumentS canner.java:381) at org.apache.xerces.framework.XMLParser.parse (XMLParser.java:1081) at org.apache.commons.digester.Digester.parse (Digester.java:1548) at org.apache.catalina.startup.Catalina.start(Catalina.java:449) at org.apache.catalina.startup.Catalina.execute (Catalina.java:400) at org.apache.catalina.startup.Catalina.process (Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:203) -- We're using Tomcat 4.1.27, JDK 1.4.2 on Windows 2000 machine. Any thoughts? Thanks! - SPS __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Automatic authentication when accessing a servlet ?????????
Why not just have your custom client hit /pages/login.jsp first and pass the j_username and j_password params to it? After this, your session will be active and you can go about hitting whatever you need. justin At 03:25 PM 3/18/2004, you wrote: It's for administration stuff. Then there is not a lot of possible users. I am using the form authentication, but I think I was not clear when I said that Tomcat popups up a page... in fact, Tomcat redirect to my login page. No popup is displayed... here is only the login-config (from web.xml) the security-constraint part is set login-config auth-methodFORM/auth-method realm-nameForm-Based Authentication Area/realm-name form-login-config form-login-page/pages/login.jsp/form-login-page form-error-page/pages/error.jsp/form-error-page /form-login-config /login-config I am using the j_security_check functionality provided by Tomcat. If my component sends a request, Tomcat will try to popup this page... if I add the j_username and j_password to the same request, will Tomcat retrieves these authentication parameter and performs an automatic authentication... do I have to config something else to make it work ? Is it clearer now :) Thanks all Eric From: Parsons Technical Services [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: Automatic authentication when accessing a servlet ? Date: Thu, 18 Mar 2004 18:12:09 -0500 Is this for a few users or a bunch? If it is a few users then HTTPS Client authentication may work. But more likely what will fit your plan is to use form authentication. If you are getting a prompt for name and password then you are using basic authentication. See SRV .12.5 in the Servlet 2.4 spec. For examples the TC manager uses basic where the admin uses form. Doug www.parsonstechnical.com - Original Message - From: Halcyon62 . [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 18, 2004 4:32 PM Subject: Automatic authentication when accessing a servlet ? Hi Is it possible to incorporate the j_username j_password (used by the servlet j_security_check) in the request to authenticate the caller and then, grant access to the servlet that i am trying to access ? I explain the context: I have a servlet that allows the caller to download of log files. I can download these logs using my browser, enter the address and then select the log I want. Now, I want to get these log automatically. I built an external component to perform that (it's a requirement i have). The external component builds the HTTP request and sends it to Tomcat. If the security constraint it commented out, it works perfectely. But if the security constraint is on, it does not work because Tomcat is trying to popup a login page, waiting for username password. Then, is it possible to incorporate the j_username j_password (used by the servlet j_security_check) in the request to authenticate the caller and then, grant access to the servlet that i am trying to access ? _ MSN Premium helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?pgmarket=en-capage=byoa/premxAPID=1994DI=1034SU=http://hotmail.com/encaHL=Market_MSNIS_Taglines - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ MSN Premium helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?pgmarket=en-capage=byoa/premxAPID=1994DI=1034SU=http://hotmail.com/encaHL=Market_MSNIS_Taglines - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Port-per-webapp?
Tony, Glad to hear you got it working. The things you did (clear cache, restart services, reenter configuration) often solve problems like this. Doesn't provide for a clean explanation of what was wrong, but that's a different story. As for the escape chars, whether they should be escaped really depends on who's reading the value. I've never used the IIS plugin, so I have no idea what the behavior is -- an IIS user would have to chime in. justin At 07:24 AM 3/17/2004, you wrote: Hi Justin, Thank you very much for your help, but I finally got it to work!! I reconfigured registry settings, cleared cache in Tomcat and IE, restarted all IIS and Tomcat services manually one by one, and it began working. I do have one final question though... In the registry setting tutorials, I see both c:\tomcat\blahblah and c:\\tomcat\\blahblah should we or should we not use escape character as in the second entry? Thanks again! Tony - Original Message - From: Tony Nakamura [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 8:16 AM Subject: Re: Port-per-webapp? Hi Justin, Be sure, of course, that the files you're editing are indeed the ones being read -- for example, make sure that by removing /examples from uriworker.properties, IIS no longer serves the Tomcat examples. Great point... I removed the /examples from uriworkermap.properties, and it's still serving the http://localhost/examples!!! I checked my registry settings, and it's pointing to the exact location to the uriworkermap.properties: Registry for worker_mount_file: c:\\jakarta_tomcat\\appserver\\conf\uriworkermap.properties file location: C:\jakarta_tomcat\appserver\conf\uriworkermap.properties How could this be..? Just in case, I am pasting the worker.properties, uriworkermap.properties, and context from the server.xml. Thank you! ===uriworker.properties= # *** Begin uriworkermap.properties *** # Mount the Servlet context to the ajp13 worker /servlet/*=ajp13 # This webapp works /Analyzer6_Server/*=ajp13 #This works too/examples/*=ajp13 #This does NOT work /examples2/*=ajp13 /examples2/*.jsp=ajp13 == worker.properties== # Begin worker.properties ** worker.ajp13.type=ajp13 # # Specifies the load balance factor when used with # a load balancing worker. # Note: # lbfactor must be 0 # Low lbfactor means less work done by the worker. worker.ajp13.lbfactor=1 # # Specify the size of the open connection cache. #worker.ajp13.cachesize # #-- DEFAULT LOAD BALANCER WORKER DEFINITION -- #- # # # The loadbalancer (type lb) worker perform weighted round-robin # load balancing with sticky sessions. # Note: # If a worker dies, the load balancer will check its state #once in a while. Until then all work is redirected to peer #worker. worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=ajp13 # # worker.tomcat_home should point to the location where you # installed tomcat. This is where you have your conf, webapps and lib # directories. # worker.tomcat_home=c:\jakarta_tomcat\\appserver # # worker.java_home should point to your Java installation. Normally # you should have a bin and lib directories beneath it. # worker.java_home=c:\jakarta_tomcat\\jdk # # You should configure your environment slash... ps=\ on NT and / on UNIX # and maybe something different elsewhere. # ps=\ # #-- ADVANCED MODE #- # # #-- DEFAULT worker list -- #- # # The worker that your plugins should create and work with worker.list=ajp13 # #-- DEFAULT ajp13 WORKER DEFINITION -- #- # # # Defining a worker named ajp13 and of type ajp13 # Note that the name and the type do not have to match. # worker.ajp13.port=8009 worker.ajp13.host=w2k3dfvm2 # End worker.properties ** == - Original Message - From: Justin Ruthenbeck [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 5:12 PM Subject: Re: Port-per-webapp? Tony, Can you include your full uriworker.properties and worker.properties files (inline in the email) for us to look at? Be sure, of course, that the files you're editing are indeed the ones being read -- for example, make sure that by removing /examples from
Re: delaying context reload
Cindy, If this is a problem for you, turn reloading off in your context.xml and use the manager app's Reload command instead. This command can be executed either through hitting a URL, using the manager html pages, or (best) through an Ant command. Doing this means the reload only happens when you request it. It's a standard way to do things. Alternately, change the interval at which reload checks happen (I don't use this, so I don't know where this is set). If you double the reload check time, you should halve the number of time you have the problem (and double the average wait for a reload). In short, use the manager. :) justin At 09:23 AM 3/16/2004, you wrote: At 08:00 PM 3/15/04 -0500, Christopher Schultz wrote: Run Plugin:c:\eudora\attach\Re delaying context reload.ems 0880.0002 Hi Chris, No, I'm not using Ant (yeah, yeah, I know I should...) This is my local development machine where I have WEB-INF/classes set as my output directory when I compile. This has worked fine, but as things have become more complex the server reload has started to beat the compile. I was just hoping to find a way to delay the reload a few seconds. Since none of the responses I recieved offered a solution, I guess I should assume that this is not possible with this version of Tomcat. BTW. I couldn't open your PGP signed message and had to read it in the archive. Cindy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Releasing JK 2.0.4
person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. -- -- Daniel Schmitt http://www.shiftomat.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Port-per-webapp?
You have to configure the IIS plugin to path-forward URLs that have your webapp name in them. I don't use IIS, so I don't know specifically how it's done, but it's basically a way of telling IIS that anything matching my.server.com/myApp should go to the connector instead of being served by IIS. You can test to make sure that this is your problem by adding a file to IIS's doc root that matches the url that is supposed to go to Tomcat. If you get the page served by IIS, then your forwarding isn't working (alternately, the 404 page should indicate whether it's coming from IIS or Tomcat). Look at the connector docs -- I'm sure the specific files/steps are in there... Or perhaps an IIS user will respond here. justin At 01:04 PM 3/16/2004, you wrote: Does anyone not know anything about this? I'm wondering whether this email is even reaching everyone.? - Original Message - From: Tony Nakamura [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 12:51 PM Subject: Port-per-webapp? Hi, I am encountering something interesting, and I really hope that someone will give me an insight. I'm working on an existing Tomcat 4.1.18 with some webapp deployed by previous developer. I am using IIS5 and isapi_filter, and it redirects fine to the previous webapp that was deployed. And here's the problem: previously deployed webapps are working fine when request was forwarded by IIS5, but my newly deployed webapps only work on port 8080 and outputs 404 - file not found error when I try to access it via IIS. Is there a port specification per-webapp? Thank you in advance!! Tony - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Port-per-webapp?
Tony, Can you include your full uriworker.properties and worker.properties files (inline in the email) for us to look at? Be sure, of course, that the files you're editing are indeed the ones being read -- for example, make sure that by removing /examples from uriworker.properties, IIS no longer serves the Tomcat examples. If there's something wrong with your config files, we should catch it pretty easily. justin At 01:20 PM 3/16/2004, you wrote: Hi Justin, Thank you very much for your input (and it's nice to know that my email is actually getting distributed). I've looked extensively at the documentation for days now, and I cannot figure it out. The problem I'm having is that the forwarding is selective. I have two webapps: webapp1 and examples that are correctly forwarded by IIS but not the ones that I deploy. In order to test it, I simply copied the examples to examples2 and added the following lines to uriworker.properties: /examples2/*=ajp13 where ajp13 is my worker name that is defined in the worker.properties file. I get 404-file not found error- when I try to access http://localhost/examples2/, but it works if I rename examples2 to examples. So it has to be some configuration error, but I just can' t seem to find out which configuration. Any suggestion helps, thank you! Tony - Original Message - From: Justin Ruthenbeck [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 3:10 PM Subject: Re: Port-per-webapp? You have to configure the IIS plugin to path-forward URLs that have your webapp name in them. I don't use IIS, so I don't know specifically how it's done, but it's basically a way of telling IIS that anything matching my.server.com/myApp should go to the connector instead of being served by IIS. You can test to make sure that this is your problem by adding a file to IIS's doc root that matches the url that is supposed to go to Tomcat. If you get the page served by IIS, then your forwarding isn't working (alternately, the 404 page should indicate whether it's coming from IIS or Tomcat). Look at the connector docs -- I'm sure the specific files/steps are in there... Or perhaps an IIS user will respond here. justin At 01:04 PM 3/16/2004, you wrote: Does anyone not know anything about this? I'm wondering whether this email is even reaching everyone.? - Original Message - From: Tony Nakamura [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 12:51 PM Subject: Port-per-webapp? Hi, I am encountering something interesting, and I really hope that someone will give me an insight. I'm working on an existing Tomcat 4.1.18 with some webapp deployed by previous developer. I am using IIS5 and isapi_filter, and it redirects fine to the previous webapp that was deployed. And here's the problem: previously deployed webapps are working fine when request was forwarded by IIS5, but my newly deployed webapps only work on port 8080 and outputs 404 - file not found error when I try to access it via IIS. Is there a port specification per-webapp? Thank you in advance!! Tony - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JSR77: Tomcat full support?
Samuel, I'm redirecting this to the Tomcat-User list. You'll get better answers here unless you have specific questions for a specific poster that would not be useful for the general audience. As for your question, most of JSR77 consists of JMX support. Although I haven't used it, Tomcat5 has this. I'm not sure if there is full implementation of the JSR, though. Someone else wanna chime in? justin At 11:47 AM 3/10/2004, you wrote: Justin, Thanks for your detailed answer. I am a newbie with Tomcat. I have a question JSR 77: J2EETM Management support in tomcat? Does/will Tomcat support JSR 77? at least the servlet portion of it? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.library.path question???
Some hints to get you there... Think about how you start Tomcat (assuming it's not as a Windows service). If you were to edit that startup script to add your dll location to the java.library.path, then it would be available when you run. If you're running with low-level tools, this will be straight-forward. If you're running with an IDE, it'll be a tad more complicated (jablike everything else/jab). justin At 05:29 PM 3/10/2004, you wrote: When I run a servlet in Tomcat that executes some JNI code that calls a DLL, it fails with an 'unsatisfiedlinkerror'. The problem is that my DLL that JNI uses was not in my SYSTEM path. When I put it in there, all is well. What I would like to do is NOT put it in my SYSTEM path, but rather into a configuration file. Which config file/startup file do I modify so that the java.library.path System property will hold this path??? i.e. System.getProperty(java.library.path) needs to also have my DLL's directory in it - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Hotswap servlet code in Tomcat 5?
At 05:13 PM 3/9/2004, you wrote: I have 1 more question regarding this matter. During the upgrade of the servlet, I need to 1.serialize the current session using that servlet 2.undeploy the old servlet 3.deploy the new servlet 4.deserialize the session saved in #1 During this window (from step 1 to 4), if there is a request coming in for those sessions (either during serializion or deserialization), what will happens? Will that request drop? Or that request will be queued by Tomcat, and it will be served when the whole upgrade is done? When you redeploy a servlet, you're actually redeploying the entire context (the entire web application). This means if a request comes in between steps (2) and (3) above, Tomcat will return an No Context Available error to your user because there will be no web application available to service the request; the request will not be queued. Once the context has been reloaded, your sessions will be deserialized and available and all requests will/should function properly. justin -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 11:20 AM To: Tomcat Users List Subject: RE: Hotswap servlet code in Tomcat 5? Hi, Is Counter Serializable? Yoav Shapira Millennium ChemInformatics -Original Message- From: Samuel Cheung [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 12:15 PM To: 'Tomcat Users List' Subject: RE: Hotswap servlet code in Tomcat 5? Thanks. I try this, but it is different from what I expected. In my doGet() of my servlet, I have a Counter object in my session. When I reload the page in my browser, I see the value of the counter increments. (say from 0 to 1 to 2). Then I go to the Tomcat manager web page, and then undeploy the original servlet, and deploy a newer version of the same servlet (context name is the same). The value of the counter starts from 0 again when I reload the page again. The difference between the orginal servlet and the new servlet is the name of the Method inc(). I rename it to newInc() in the new servlet. I am expecting the value of the counter will be 3 when I reload the browser after I undeploy/deploy the servlet. Is this a correct assumption? Here is the portion of the doGet() method in my servlet. public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { HttpSession session = request.getSession(true); Counter sessionCounter = (Counter) session.getAttribute(session_counter); if (sessionCounter == null) { sessionCounter = new Counter(); session.setAttribute(session_counter, sessionCounter); } // rename inc() to newInc() sessionCounter.inc(); out.println(session counter =); out.println(sessionCounter.getValue()); } -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, March 05, 2004 7:44 AM To: Tomcat Users List Subject: RE: Hotswap servlet code in Tomcat 5? Hi, If the objects in the session is serialized to the disk and then re-serialized when I re-deploy my servlet, what happens if the class in my newer version of my servlet has - added/removed methods/attributes in the class - added/removed static variables in the class How will the hotswap work? One has nothing to with the other, unless you're design is so bad that it places a instance of your servlet class as a session attribute. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php
Re: session-timeout
At 02:37 PM 3/8/2004, you wrote: Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. I'm dismayed that this topic keeps coming up ... it really should die. There is not a 1-1 correspondence between the memory that you see your task manager report and the amount of actual memory being consumed by your app. It's a problem of perspective -- from the operating system's perspective, the consumer is the java JVM. From your perspective, the consumer is your webapp. When Tomcat requests more memory, the JVM in turn requests more memory from the OS. Just because Tomcat releases memory doesn't mean that the JVM does. You can't use the Task Manager to (reliably) measure your webapp's memory consumption. There is plenty of information about this in the archives or by reading up on JVM memory management for whatever vendor/platform you're running on. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
At 03:07 PM 3/8/2004, you wrote: My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
At 04:50 PM 3/8/2004, you wrote: Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? Try these (from a really quick search) to get you started. Look at the terms being used and try searching for other messages along the same lines. http://www.mail-archive.com/[EMAIL PROTECTED]/thrd4.html#119966 http://www.mail-archive.com/[EMAIL PROTECTED]/msg120110.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg111595.html The JVM is the software that you download from Sun. It's the thing that runs *any* java program. Tomcat is one possible program. Point being it's the JVM's responsibility to request memory from the operating system, then provide that memory to the java program running inside it. Just because Tomcat no longer uses the memory (when a session expires, for example), doesn't mean the JVM returns it to the OS. Hope that helps, justin Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can't access session id
- Start jsp source - The sessionId is: %session.getSessionId() %. - END jsp source - I'm sure you can do it with tablibs as well, but I don't use 'em, so I'm not the one to ask. justin At 03:06 PM 3/3/2004, you wrote: So what is the best way to access the session id? - Original Message - From: Ed Bicker [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 10:25 PM Subject: RE: Can't access session id I think the out object is not referenced correctly. The out object writes into the output stream to the client, but this is a buffered version of the java.io.PrintWriter class and is of type javax.servlet.jsp.JspWriter. I believe the c:out is pointing to the wrong value or the sessionScope field is not correctly indexed. -Original Message- From: Frank Burns [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 5:07 PM To: Tomcat Users List Subject: Can't access session id I need to access the session id from within a JSP and pass it, explicitly, to a Flash-based client. I am using the following code fragment as part of my JSP, but the value returned for the session id is always blank. Am I doing something wrong? [EMAIL PROTECTED] contentType=text/xml session=true % ?xml version=1.0 encoding=UTF-8? %@ taglib prefix=c uri=http://java.sun.com/jstl/core; % myResponse sessionId session id = c:out value=${sessionScope.id} / /sessionId /myResponse - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The purpose of WEB-INF\classes ?
Just for historical accuracy (not that anyone cares)... ;) I looked back at the 2.2 spec and, as Yoav mentioned, it doesn't say anything about class loading order from the /classes and /lib directories. Although WL61 is 2.3 non-final compliant, apparently the ordering clarification didn't make it into that release. justin At 05:58 AM 3/2/2004, you wrote: Hi, WEB-INF/classes takes precedence over WEB-INF/lib in the servlet spec: 2.3fcs, section SRV.9.5 Directory Structure. If WebLogic 6.1 behaves differently then it's another spec violation ;) WL6.1 is Servlet Specification 2.2-compliant, not 2.3. I think that loading order may have been a clarification in 2.3, though always intended to be this way, so tomcat is (and has always been) correctly implemented in this regard. Yoav Shapira Justin Ruthenbeck wrote: To you (the end-user), there's no purpose for it other than convenience. One thing to keep in mind is that classes in the /classes directory take precedence over those in jars found in the /lib directory (in Tomcat -- is this a spec thing? I'm assuming not as WL61 at lease doesn't do this), which is an important distinction that makes the difference more useful. As for why it's useful, if you're developing an app and are constantly compiling and testing, why should you have to jar them up each time you compile the classes? Just stick them in the /classes dir. On the other hand, releasing and versioning code is much easier as a jar. Give people flexibility and they'll come up with new and wonderous things... justin At 05:45 PM 3/1/2004, you wrote: This is not a question to fix a problem other then one in my head. I am not sure what the difference is putting a jar in a \WEB-INF\lib and setting up a \WEB-INF\classes. Since a jar usually just includes class files if we put a jar in the webapp's \WEB-INF\lib what would be the purpose of setting the tree of classes expanded in WEB-INF\classes? Let me give an example. In Tomcat 4.1.30 there is a server folder. Under this exists webapps. And then under this are two folders admin and manager. Looking at the admin webapp you will find its WEB-INF and under that it has a lib and a classes folder. The lib folder contains just one jar, ie: struts.jar. But the classes folder contains the tree of what looks to me is the structure of a jar ie; org | apache | webapp | admin| ... I am not sure if this is just an expanded struts.jar but it looks to be. If not struts.jar then likely some other jar. So my question is what is the purpose of having an extracted jar structure under a classes folder? I have made my own webapp but I do not have a classes folder under that because I have yet to come across the purpose of when it is necessary? Thanks. -- George Hester __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: application unavailable
At 12:50 PM 3/1/2004, you wrote: On Mon, 1 Mar 2004, Shapira, Yoav wrote: Don't be so sure ;) You can use the manager webapp (either graphically or via ant), you can write some custom JMX code in another webapps, or you can restart the server, but there are no other options. ... the problem is that I'm trying to run one tomcat server for a large group of students. I can handle the deploy/undeploy part, but if a student makes an error in their web.xml file, which is bound to happen, I don't want to have to restart the server. I'll need to look at a way to wrap the reload via the manager application from ant. *sigh* You don't need to restart the entire process -- you just need to (as you mentioned) reload whatever context is unavailable. Obviously you don't want to give every student permissions to restart every context, so that's out of the question. It sounds like you're considering wrapping the ant reload with your own framework to check credentials before issuing the reload command (or something similar)? If so, I would highly recommend starting from the tomcat reload ant task source code -- you'll find it pretty straight forward to put something like this together. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: application unavailable
At 01:27 PM 3/1/2004, you wrote: That's exactly the kind of thing I want to do. However, I just tried to use the manager app to restart my failed Hello example. When the context was up, the reload worked fine. However, when the context died because of an intentional error in web.xml, I get an error from manager: FAIL - Encountered exception java.lang.IllegalStateException: Container StandardContext[/jas/example2] has not been started Any ideas as to what the problem might be? When you issue a 'reload' command, you are telling the container to remove the specified context, then load it from scratch. If the context isn't already loaded (started), you'll get the error you have above. This is exactly the situation when you try to load the context but it errors out because of a busted web.xml. If a context isn't already loaded, use the manager's 'start' command instead of the 'reload' command. The specifics/signature of the task are explained (not surprisingly) in the Tomcat manager documentation: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/manager-howto.html#Executing%20Manager%20Commands%20With%20Ant justin PS: Hope you're considering Yoav's comment about System.exit() and other JVM-level commands. In just about every situation where multiple users are developing, it's adventageous to give each user their own JVM. Thanks.. Jason. On Mon, 1 Mar 2004, Justin Ruthenbeck wrote: At 12:50 PM 3/1/2004, you wrote: On Mon, 1 Mar 2004, Shapira, Yoav wrote: Don't be so sure ;) You can use the manager webapp (either graphically or via ant), you can write some custom JMX code in another webapps, or you can restart the server, but there are no other options. ... the problem is that I'm trying to run one tomcat server for a large group of students. I can handle the deploy/undeploy part, but if a student makes an error in their web.xml file, which is bound to happen, I don't want to have to restart the server. I'll need to look at a way to wrap the reload via the manager application from ant. *sigh* You don't need to restart the entire process -- you just need to (as you mentioned) reload whatever context is unavailable. Obviously you don't want to give every student permissions to restart every context, so that's out of the question. It sounds like you're considering wrapping the ant reload with your own framework to check credentials before issuing the reload command (or something similar)? If so, I would highly recommend starting from the tomcat reload ant task source code -- you'll find it pretty straight forward to put something like this together. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The purpose of WEB-INF\classes ?
To you (the end-user), there's no purpose for it other than convenience. One thing to keep in mind is that classes in the /classes directory take precedence over those in jars found in the /lib directory (in Tomcat -- is this a spec thing? I'm assuming not as WL61 at lease doesn't do this), which is an important distinction that makes the difference more useful. As for why it's useful, if you're developing an app and are constantly compiling and testing, why should you have to jar them up each time you compile the classes? Just stick them in the /classes dir. On the other hand, releasing and versioning code is much easier as a jar. Give people flexibility and they'll come up with new and wonderous things... justin At 05:45 PM 3/1/2004, you wrote: This is not a question to fix a problem other then one in my head. I am not sure what the difference is putting a jar in a \WEB-INF\lib and setting up a \WEB-INF\classes. Since a jar usually just includes class files if we put a jar in the webapp's \WEB-INF\lib what would be the purpose of setting the tree of classes expanded in WEB-INF\classes? Let me give an example. In Tomcat 4.1.30 there is a server folder. Under this exists webapps. And then under this are two folders admin and manager. Looking at the admin webapp you will find its WEB-INF and under that it has a lib and a classes folder. The lib folder contains just one jar, ie: struts.jar. But the classes folder contains the tree of what looks to me is the structure of a jar ie; org | apache | webapp | admin| ... I am not sure if this is just an expanded struts.jar but it looks to be. If not struts.jar then likely some other jar. So my question is what is the purpose of having an extracted jar structure under a classes folder? I have made my own webapp but I do not have a classes folder under that because I have yet to come across the purpose of when it is necessary? Thanks. -- George Hester __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] HTTP and tomcat filter question
Duane, This is a pretty crazy set of requirements you're working with here -- I'll trust there's a good reason for it and just stick to the question. ;) At 11:34 AM 2/16/2004, you wrote: Assuming I have a URL of http://www.mysite.com/myservlet.jsp?myvar=1yourvar=2 Your URL is: http://www.mysite.com/myservlet.jsp; Your Query String is: myvar=1yourvar=2 When the browser sends this request to tomcat (which is also acting as a webserver - no apache is running), does it put everything after the ? into the QUERY_STRING HTTP variable, or does it include it in the URL request? It parses the GET request into the two components listed above. I have a filter in place that will replace /variable/ with variable= to allow for proper processing of variables. Here is what I observe : If I have a URL of : mysite.com/myservlet.jsp/myvar/1/yourvar/2 then it will properly translate this into : mysite.com/myservlet.jsp?myvar=1yourvar=2 and everything works. Looks good. However, we have a new requirement that we want to keep ?myvar=1 as part of the original URL, so the incoming request would look like this : mysite.com/myservlet.jsp?myvar=1/yourvar/2 Your URL is: http://www.mysite.com/myservlet.jsp; Your Query String is: myvar=1/yourvar/2 AND request.getParameter(myvar) == 1/yourvar/2 and, naturally, we want it translated into mysite.com/myservlet.jsp?myvar=1yourvar=2 but this does NOT happen. Instead, it seems like the filter is doing nothing. The only explanation I can think of is that, now that the ? is in the original request URL, the browser is taking everthing after it, stripping it out of the request URL, and putting it into the QUERY_STRING variable - so that the filter doesn't see it. The filter would only see mysite.com/myservlet.jsp and would not perform any translation. This is exactly what's happening. If you want to inspect the entire GET request, you need to reconstruct the entire GET request by doing something like this (pseudo code): StringBuffer sb = request.getRequestURL(); sb.append(/); parse request.getQueryString() into name=value pairs and name/value pairs for each pair if pair is name=value, convert each name=value pair into a name/value pair sb.append(name/value pair) Or whatever, depending on what you need. Hope that clears up any confusion. Again, I hope -- for your own sake -- you have a *really* good reason for complicating this relatively simple process. ;) justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best practice question: where to place project libraries
At 07:40 PM 2/10/2004, you wrote: Justin Ruthenbeck wrote: I haven't used the META-INF/context.xml convention, so I'm not too familiar with it. Conceptually, it's questionable whether a webapp should be able to modify container configuration ... even if it's just configuration for that one app. Practically it may be useful, but it's a bluring of the lines of responsibility between the development and deployment -- two things which really should be separate. The question has been answered (yes, a webapp can alter the container), and yes, the container should be modifiable by the developer, but only under certain circumstances. I would not allow even the META-INF/context.xml convention on a production server, for example. However it's quite handy during development, and extending the convention would be handier still. I am not aware of a way to prevent Tomcat from respecting the META-INF/context.xml convention, but if there was a way I'd expect it to be mentioned here: Although I haven't personally ever needed functionality like this, there's no argument it'd be useful in some situations. Wanna implement it for everyone? ;) Like John Holman mentioned, however, there will be (practically insurmountable?) problems making the Tomcat container classloader update with new libraries included in the app's WAR. That'll get really messy really quick. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best practice question: where to place project libraries
At 04:16 PM 2/10/2004, you wrote: I need servlet-api.jar to compile my project. I may need some of the commons-beans stuff in the future. Should I put these libs in my projects lib folder (and then in the war) or should I rely on the tomcat versions? If the latter, which jar will be used, and what should I do if I deploy to a different container? I'm leaning toward duplicating the libraries (this removes an environment dependancy, too), but I'd like some advice. As a general rule, strive to keep your webapp self-contained and autonomous with only J2EE-standard dependencies (things like JNDI objects that are configurable in every container). Unless there's a reason not to (JDBC drivers is one common one), package your own dependent libraries with your app -- it frees you from versioning problems (maintaining the correct library versions for your app over time) and makes migration between containers much easier. If you're actively supporting multiple containers, it's practically required. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best practice question: where to place project libraries
Forgot to mention... At 04:36 PM 2/10/2004, you wrote: At 04:16 PM 2/10/2004, you wrote: I need servlet-api.jar to compile my project. I may need some of the commons-beans stuff in the future. Should I put these libs in my projects lib folder (and then in the war) or should I rely on the tomcat versions? If the latter, which jar will be used, and what should I do if I deploy to a different container? I'm leaning toward duplicating the libraries (this removes an environment dependancy, too), but I'd like some advice. As a general rule, strive to keep your webapp self-contained and autonomous with only J2EE-standard dependencies (things like JNDI objects that are configurable in every container). Unless there's a reason not to (JDBC drivers is one common one), package your own dependent libraries with your app -- it frees you from versioning problems (maintaining the correct library versions for your app over time) and makes migration between containers much easier. If you're actively supporting multiple containers, it's practically required. Libraries such as servlet-api.jar will be provided by each vendor and shouldn't be included in the distribution (use it to compile, but at runtime, rely on your container to provide those interfaces). Including something like servlet-api.jar in your distro will get messy. 3rd-party libraries (such as commons-*) should be included since they're really part of your app -- not the container. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best practice question: where to place project libraries
At 04:49 PM 2/10/2004, you wrote: As a general rule, strive to keep your webapp self-contained and autonomous with only J2EE-standard dependencies (things like JNDI objects that are configurable in every container). Unless there's a reason not to (JDBC drivers is one common one), package your own dependent libraries with your app -- it frees you from versioning problems (maintaining the correct library versions for your app over time) and makes migration between containers much easier. Thanks. You bring up an interesting aspect of container configuration: database drivers. It would be interesting to extend the META-INF/context.xml tomcat convention to include support for the installation of 3rd party libraries. E.g., libraries placed in META-INF/server/lib will be placed into the similiar tomcat directory on deployment. Same thing for common/lib. Interesting idea. It could be useful for some people (especially those with simple setups), but I think just about every administrator out there would shutter at the thought of some random webApp modifying the libraries that all other webApps use. That and if you need to support multiple containers, you're still SOL. I haven't used the META-INF/context.xml convention, so I'm not too familiar with it. Conceptually, it's questionable whether a webapp should be able to modify container configuration ... even if it's just configuration for that one app. Practically it may be useful, but it's a bluring of the lines of responsibility between the development and deployment -- two things which really should be separate. justin PS: Kinda funny how only us West Coasters tend to post between the hours of 3-7pm PST. __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: design issue .....
At 01:11 PM 1/27/2004, you wrote: We store the images on the file system instead of in the database. We are currently doing both -- it's an application configuration issue for us (we tell our code which Repository object to use to load binary data). I would highly suggest doing the same -- put a layer of indirection so you're not married to either storage target. That way you can run with BLOBs on some databases, files on others (we're using BLOBs on Oracle, file system for all other database systems) depending on the performance you measure. justin -Original Message- From: Shanta B [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 9:26 AM To: 'Shapira, Yoav '; 'Tomcat Users List ' Subject: design issue . Hi I have a requirement .we have to develop a webservice Following is our requirement. 1)Client will send SOAP/HTTP request for imge(s). 2)We have(Service) to serve the corresponding image(s) through SOAP/HTTP. Now the design issues... I have two types of solutions... Type-1 --- 1)Storing images in Database as a BLOB. 2)Extract the images and send it over SOAP/HTTP Type-2 --- 1) Store the images on the hard disk with a predefined path and format, and store the reference (access path) in the Oracle database. 2)Get the relative path and get image and send it over SOAP/HTTP. could u please tell me which one is better interms of performance and scalability.We are using J2EE/J2SE/AXIS and Tomcat. Thanks Shanta.B - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5 and url tracking hijacking
At 08:30 AM 1/27/2004, you wrote: I'm sure preventing multiple people from using the same session ID if the url is emailed or posted is something lots of people would like to prevent. This is a really odd use case and I can't think of time when it would be advisable to do this (perhaps you can give me one). Unless you have a very good, specific reason, your understanding of sessions may be mistaken. The point of a session is to store data while a user is interacting with a webapp -- it's tied to one user. Sometime that user is authenticated, sometimes not. If you require users to be authenticated (which I'm assuming since you're concerned with session hijacking), and you want to email a link to a resource that's protected, it makes no sense to bypass that protection when the user clicks on the link. The user who tries to access the resource should go through authentication as well. I would assume there are good ways of handling it and I'd rather not reinvent the wheel. Are there any best-practices or design patterns to guide someone? Maybe restricting url tracking people to a certain ip range, or within a certain tolerance of other info they send back (browser, some other signature, etc.)? You're treating the symptoms of a fringe/poor design. Sometimes that's necessary, but hopefully for your sake it's not. justin Subject: Re: Tomcat5 and url tracking hijacking From: Tim Funk [EMAIL PROTECTED] Date: Tue, 27 Jan 2004 09:41:27 -0500 To: Tomcat Users List [EMAIL PROTECTED] yeah - you'd get that users session. Same problem with cookie hijacking. Use https. There is nothing defined by the spec to prevent this. (Except https) -Tim Marc Hughes wrote: Does tomcat 5 use some kind of mechanism to prevent session hijacking when url session tracking is being used? For instance, if someone posts a url to a website with the tracking info in it, will anyone clicking on that link pick up the original user's session (assuming it didn't time out yet)? If it does prevent this, how? If anyone knows of any articles about keeping sessions safe, I'd love to get pointed to those. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I turn off secure cookies for session IDs?
At 12:59 PM 1/23/2004, you wrote: The Problem === The login page creates a session and sets a cookie as follows: Set-Cookie: JSESSIONID=A26A878059077E1ABEE058A62541957C; Path=/; Secure The Secure on the end tells the web browser NOT to send the cookie back to the server unless it is an SSL connection. When the user is redirected to the next non-SSL page, no cookie is sent back to the server, a new session is created, and a new cookie is set as follows: Set-Cookie: JSESSIONID=082E4CACA42D045D7E1F1F55CB073C48; Path=/ My application, assuming the user is not logged in, redirects the user back to the main page. There is an existing session, so it is used for the login variable. Since the cookie is no longer labeled Secure it is valid for all pages. Possible Solutions == This is where I need some help. If it is simply a configuration setting, I have missed it. Otherwise I need to make sure a non-secure cookie exists before displaying the login page. This could mean redirecting to a non-SSL page first if the session is new or somehow grabbing the Cookie object before it is sent to the browser and calling setSecure(false), neither of which seem like an elegant solution. The general problem that you're hitting here is that you shouldn't/can't start a session over a secure connection, then use the same session for non-secure communication (this is logical and necessary). In this case, you don't want a secure session -- you want only the l/p to be transfered more securely. The general solution, as you suggested, is to start the session over an insecure connection to establish it as insecure. After the session has been started, authenticate (more) securely and then continue to use the same session when you switch back to insecure comm. Note, of course, that starting a session with an insecure connection makes it vulnerable when you switch over to secure. Presumably, however, you're not *that* worried about the implications of this and are more interested in hiding the l/p from curious eyes. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RTFM
It'd difficult from your poast to figure out what you're trying to accomplish. The phrase forward control from one context to another is quite ambiguous: * Are you trying to create a response that includes output from resources from multiple contexts? * While using one app, do you want to direct the user to pages in a different app? * Are you talking client side or server side? * Can you give us the scenario you're addressing? Often people ask questions that aren't phrased properly, so it's important to understand exactly what you're trying to do before going off and suggesting one of a hundred different possible answers. justin BTW: I would suggest trying not to be guilty of stiring interest any more. It's not looked fondly upon by those who can most help you. Your previous post was not answered because it was ambiguous, so it'd be best to include copious information from the beginning (so you don't have to wait so long for a reply or cause subject pollution). At 04:45 PM 1/14/2004, you wrote: Both! The answer to my query may well lie in my ignorance and I was willing ot accept this, hence the subject title. But I am guilty of hoping it stired more of an interest than a previous post onthe same topic, with different subject (no replies)...and I still dont have the answer! I guess it just shows how much perceptions can vary with Email. I read your first paragraph and formed the impression that the subject was designed to generate additional interest and to work to prioritize your request for help. -Original Message- From: Jerald Powel [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 14, 2004 5:33 PM To: Tomcat Users List Subject: RE: RTFM in traditional fashion, the subject was related to the contents of body of the email. George Sexton wrote:I generally don't think it is required to resort to things like this to get our attention. -Original Message- From: Jerald Powel [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 14, 2004 3:11 PM To: Tomcat Users List Subject: RTFM Hi, Now I have your attention, will someone tell me if it is possible to forward control (either by JSP or Servlet) from one context to another, in the same browser window? i.e: forward from http://locahost:8080/app1/... to http://locahost:8080/app2/... in the same window (IE). It is either so glaringly obvious that no one deems an answer worthwhile (RTFM), or so really really difficult, and no one knows how do this. Surely not. Either way I need to know. A yes or no will suffice, is it possible? If it is, any further direction after that is of course appreciated! Gerald. P.S I am using Apache Tomcat 4.0.6, and have found no doco on this - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: weired chunked encoding (how to disable properly)
Alternately, you can use HTTP 1.1, but buffer the entire response in your Servlet (create a copy of whatever you're sending in memory), then at the end of your servlet manually set the Content-Length header, then output the response. This is fine for small responses, but problematic for large responses since data is no longer streamed. justin At 12:13 PM 1/13/2004, you wrote: My questions: - how to disable chunked encoding even when there is no content length? - why does tomcat not use chunked encoding when sending mp3 files (and no content length is set) and why does'nt it for ogg? See RFC 2616. Using either the Content-Length header OR chunked encoding is a MUST in HTTP 1.1. Something different is using HTTP 1.0. The only (HTTP) ways of sending an unknown length file are: a) Using HTTP 1.0, and closing the connection at the end (but the client cannot know for sure that the file end has arrived, and I am not even sure it is standards compliant). b) Using HTTP 1.1, and using chunked encoding. Yours, Antonio Fiol __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [ERROR] Digester
http://jakarta.apache.org/tomcat/faq/misc.html#baddtd If you can't figure it out by following the instructions here, post your web.xml and someone will point out the error (most commonly an element ordering error). justin At 06:02 PM 1/13/2004, you wrote: I am seeing this in the tomcat.out log whenever I save the web.xml file [ERROR] Digester - -Parse Error at line 143 column 11: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,fil ter-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mappin g*,welcome-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,se curity-constraint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-loca l-ref*). org.xml.sax.SAXParseException: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,fil ter-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mappin g*,welcome-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,se curity-constraint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-loca l-ref*). Line 143 column 11 is the end of the web.xml file. I've tried saving the file in unix format but that didn't help. I've removed sections of the web.xml file until all I am left with is the welcome-file-list clause and it seemed happy after that. Adding in the next section servlet and the above error returned. Any ideas? Could it be the JVM I am running? I have installed the IBMJava2-JRE-1.4.1-8 if that makes a difference. Brennon Obst Java Security Programmer iEnergy Main Branch 39 Melbourne St. / Brisbane p. (617) 3846- [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ServletContextListener: how to suspend web app on error
Seems like a simple question, can't seem to find the answer... If an error occurs in the #contextInitialized() method of an object that implements ServletContextListener, how can I suspend the web application so that it is unavailable for use by clients? Specifically, I have a ServletContextListener that needs to be run at application startup. If any one of many errors occur, I want to notify the appropriate people (this I can do) and make the entire webapp unavailable (this I can't figure out). Any help is appreciated. I have a feeling this is obvious and I'm just missing something. Cheers, justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: invoker servlet, tomcat 4.1.29, apache 2.0.48 and connector jk2
Since you're able to hit your servlets through the invoker when pointing to Tomcat directly, this sounds like a connector problem. Check your workers[2].properties to make sure you're passing requests for /servlet through to Apache. justin At 11:47 AM 1/6/2004, you wrote: http://jakarta.apache.org/tomcat/faq/misc.html#invoker -Tim Maxime Pelletier wrote: Hi, We upgraded our tomcat to 4.1.29 and apache to 2.0.48 recently and we have lost access to all servlet invoked in the following form http://address/servlet/MyServlet the apache does no longer pass the request to the tomcat and result in a 404 error (processed by apache). When I use the tomcat only port the servlets are accessibles : http://address:tomcatport/servlet/MyServlet Does anyone have a solution to this ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: invoker servlet, tomcat 4.1.29, apache 2.0.48 and connector jk2
This looks correct. What version of Tomcat and Apache did you upgrade from? Are you *sure* you can hit your /servlet/* URLs going directly to Tomcat? Just to be sure: you're aware of the invoker servlet changes that Tim sent a URL to, right (that the invoker is disabled by default)? justin At 12:35 PM 1/6/2004, you wrote: Hi, My workers2.properties file have the following entries : [uri:/*.jsp] info=Map to Tomcat All *.jsp In Default Context # context=/ # group=channel.un:/var/log/tomcat/intranet/intranet_jk2.socket group=ajp13:/var/log/tomcat/intranet/intranet_jk2.socket debug=0 disable=0 [uri:/*/.jsp] info=Map to Tomcat All *.jsp In All Contexts # context=/examples # group=channel.un:/var/log/tomcat/intranet/intranet_jk2.socket group=ajp13:/var/log/tomcat/intranet/intranet_jk2.socket debug=0 disable=0 [uri:/servlet/*] info=Map to Tomcat All Files in /servlet In Default Context context=/servlet # group=channel.un:/var/log/tomcat/intranet/intranet_jk2.socket group=ajp13:/var/log/tomcat/intranet/intranet_jk2.socket debug=0 disable=0 [uri:/*/servlet/*] info=Map to Tomcat All Files in /servlet of All Contexts # context=/servlet # group=channel.un:/var/log/tomcat/intranet/intranet_jk2.socket group=ajp13:/var/log/tomcat/intranet/intranet_jk2.socket debug=0 disable=0 My server.xml context (context for that app) is : Context path= docBase=/home/httpd/html/intranet debug=0 reloadable=true crossContext=true Resources className=org.apache.naming.resources.FileDirContext allowLinking=true/ /Context Any idea ? Thanks Max -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: January 6, 2004 3:22 PM To: Tomcat Users List Subject: Re: invoker servlet, tomcat 4.1.29, apache 2.0.48 and connector jk2 Since you're able to hit your servlets through the invoker when pointing to Tomcat directly, this sounds like a connector problem. Check your workers[2].properties to make sure you're passing requests for /servlet through to Apache. justin At 11:47 AM 1/6/2004, you wrote: http://jakarta.apache.org/tomcat/faq/misc.html#invoker -Tim Maxime Pelletier wrote: Hi, We upgraded our tomcat to 4.1.29 and apache to 2.0.48 recently and we have lost access to all servlet invoked in the following form http://address/servlet/MyServlet the apache does no longer pass the request to the tomcat and result in a 404 error (processed by apache). When I use the tomcat only port the servlets are accessibles : http://address:tomcatport/servlet/MyServlet Does anyone have a solution to this ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: invoker servlet, tomcat 4.1.29, apache 2.0.48 and connector jk2
Hmm -- everything looks correct (though I don't use the invoker servlet personally). If you're able to hit the servlet directly on Tomcat, then all of this shouldn't matter. Seems like it has to be a connector issue. (1) Can you get *anything* from Tomcat through Apache? Try the examples webapp or even a static image from Tomcat. (2) Just an observation: your naming scheme is a bit odd since the invoker and specific url mappings both match certain URLs. That's a boundary case that could potentially cause problems. Also, you don't need to define the invoker in your WEB-INF/web.xml file -- if it's defined in the conf/web.xml, your WEB-INF/web.xml will inherit it. (3) Pump up the debug level in your workers2.properties file for the uri mapping in question. See if it's being matched at all (or whether it's being matched and Tomcat is erroring out). It's probably not matched at all. (4) Try explicitly mapping your servlet to something other than /servlet/xxx. Map instead to /foo/xxx and see if Apache forwards it. In other words, make sure it has nothing to do with the invoker (I don't think it does). Then make sure your jk2 forwarding is working correctly for other servlets. justin At 01:53 PM 1/6/2004, you wrote: I can definitly access the servlets with the tomcat port. Using the following addresses : Tomcat url work http://XX.X.X.XX:8081/servlet/com.wanted.cobrandpropertyeditor.servlet.TextE ditServlet Apache/jk2/tomcat does not work http://XX.X.X.XX/servlet/com.wanted.cobrandpropertyeditor.servlet.TextEditSe rvlet Same thing if I use a servlet-mapping : Tomcat url work http://XX.X.X.XX:8081/servlet/CPE_TextEditServlet Apache/jk2/tomcat does not work http://XX.X.X.XX:8081/servlet/CPE_TextEditServlet Old Tomcat ver. 4.1.24 upgraded to 4.1.29 Old Apache ver. 2.0.45 upgraded to 2.0.48 The conf/web.xml part you are talking about is the following (not commented) : !-- The mapping for the default servlet -- servlet-mapping servlet-namedefault/servlet-name url-pattern//url-pattern /servlet-mapping !-- The mapping for the invoker servlet -- !-- -- servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping !-- -- !-- The mapping for the JSP servlet -- servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsp/url-pattern /servlet-mapping Here is a section of my WEB-INF/web.xml file. It should by ok anyway because it is working with the 8081 port ... servlet servlet-nameCPE_TextEditServlet/servlet-name servlet-classcom.wanted.cobrandpropertyeditor.servlet.TextEditServlet/ser vlet-class !--init-param-- !--param-nameparam1/param-name-- !--param-valuevalue1/param-value-- !--/init-param-- load-on-startup3/load-on-startup /servlet servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping servlet-mapping servlet-nameCPE_TextEditServlet/servlet-name url-pattern/servlet/CPE_TextEditServlet/url-pattern /servlet-mapping Thanks again, Max -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: January 6, 2004 4:05 PM To: Tomcat Users List Subject: RE: invoker servlet, tomcat 4.1.29, apache 2.0.48 and connector jk2 This looks correct. What version of Tomcat and Apache did you upgrade from? Are you *sure* you can hit your /servlet/* URLs going directly to Tomcat? Just to be sure: you're aware of the invoker servlet changes that Tim sent a URL to, right (that the invoker is disabled by default)? justin At 12:35 PM 1/6/2004, you wrote: Hi, My workers2.properties file have the following entries : [uri:/*.jsp] info=Map to Tomcat All *.jsp In Default Context # context=/ # group=channel.un:/var/log/tomcat/intranet/intranet_jk2.socket group=ajp13:/var/log/tomcat/intranet/intranet_jk2.socket debug=0 disable=0 [uri:/*/.jsp] info=Map to Tomcat All *.jsp In All Contexts # context=/examples # group=channel.un:/var/log/tomcat/intranet/intranet_jk2.socket group=ajp13:/var/log/tomcat/intranet/intranet_jk2.socket debug=0 disable=0 [uri:/servlet/*] info=Map to Tomcat All Files in /servlet In Default Context context=/servlet # group=channel.un:/var/log/tomcat/intranet/intranet_jk2.socket group=ajp13:/var/log/tomcat/intranet/intranet_jk2.socket debug=0 disable=0 [uri:/*/servlet/*] info=Map to Tomcat All Files in /servlet of All Contexts # context=/servlet # group=channel.un:/var/log/tomcat/intranet/intranet_jk2.socket group=ajp13:/var/log/tomcat/intranet/intranet_jk2.socket debug=0 disable=0 My server.xml context (context for that app) is : Context path= docBase=/home/httpd/html/intranet debug=0 reloadable=true crossContext=true Resources className=org.apache.naming.resources.FileDirContext allowLinking=true/ /Context Any idea ? Thanks Max -Original Message- From
Re: Problem with database updates using DBCP
At 11:10 AM 12/23/2003, you wrote: Yep, I thought of that too. But, I explicitly call conn.setAutoCommit(true); before every update, insert or delete. When batching I call it with false and then executeBatch, and calling rollback if the batch fails, all pretty typical code I think. Is there anything else I should be doing do you think? Should I explicitly call commit() after a successful executeUpdate() (I haven't tried that, you just made me think of it - seems like overkill, but maybe?) Don't rely on the setAutoCommit(boolean) method to do anything -- I have seen appservers/conn pools that do not support the method and ignore your suggestion (early 3.X jBoss comes to mind), always using the hard-configured values. Always explicitly call either commit() or rollback() to insulate yourself from these details. Merry Christmas! justin | |To: Tomcat Users List [EMAIL PROTECTED] | |cc: | |Subject: Re: Problem with database updates using DBCP | --| I've not used DBCP specifically but are you sure you are committing your writes? Most pools will default rollback connections returned to the pool, if I am not mistaken. --- [EMAIL PROTECTED] wrote: Hello all. I've recently had a need to implement connection pooling under Tomcat 4.0.6 (I can't upgrade versions as per a mandate by my employer). I have read some posts that indicate that Tyrex does not actually pool connections. I don't know for sure if that is true or not (any definitive answers here?), so I decided to use DBCP, since I knew that did. I grabbed the latest builds of DBCP, collections and pool (1.1, 2.1 and 1.1 respectively), stuck them in tomcat/common/lib, added my JNDI entry to the app's context in server.xml, added the proper ref tags in web.xml and put in the appropriate code to get a connection from the pool (set to maxActive=50, maxIdle=5, maxWait=1000 and minIdle=10). Now, I've got it up and running without much trouble. Everything SEEMED to be working fine, until I realized that all my database writes (updates, inserts, deletes) were NOT hitting the database. There are NO exceptions being thrown anywhere of any kind. All the relevant objects (statements, connection, etc.) are non-null. Return codes from SQL executions where applicable seem to be what they should be. Database reads work perfectly, which indicates everything is OK I think (I have a single class with a single method that gets the connection out of the pool and deals with all database access). My question is simple and obvious: anyone have any ideas why database writes would be failing (maybe failing is the wrong word... simply not happening is more accurate) while reads succeed? It is an Oracle 9.2 database by the way, using the Oracle thin JDBC driver (same driver that is used when I switch to manually creating connections in code rather than using JNDI and Tomcat's facilities). Frank W. Zammetti Web Architect Consultant - The contents of this email are the property of PNC. If it was not addressed to you, you have no legal right to read it. If you think you received it in error, please notify the sender. Do not forward or copy without permission of the sender. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The contents of this email are the property of PNC. If it was not addressed to you, you have no legal right to read it. If you think you received it in error, please notify the sender. Do not forward or copy without permission of the sender. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JSP not reloading
Are you sure nothing changed on the DB side? Some seemingly inocuous performance tweak? Do you have some odd rouge connection holding a lock on the table(s) you're trying to update and your app is failing to report the problem? Stuff like this is almost always something small and almost always user error. Heaven knows I've made my share. ;) To isolate the problem, are you absolutely sure nothing is getting between your code and the conn pool? Have you tried a very simple version of an update (say a jsp that gets a connection, does a select, increments the selected number, and updates) to isolate the problem to Tomcat/DBPool? Have you tried hitting the same database from a different Tomcat app to see if you can update()? I know you want an explanation of what's going on -- sorry, can't help you there. I'd put money down that you'll find out it's something simple though. All I can offer is encouragment and ideas. :) justin At 11:43 AM 12/23/2003, you wrote: Part of it's comfort as well. I *know* 4.1.x quite well. I've been using it for a while now, and been very satisified with it. And just because 5.x becomes the new 'production standard', doesn't automagically make all 4.1.x installs somehow break in odd and mysterious ways. If someone could *confirm* this is a 'known issue affecting 1.1% of installs' or some such... then for sure, I can try the move to 5.x today. What is most frustrating is that this was working last week, and ZERO changes have been made to config files. I don't think our box has even been rebooted in more than a month. The last config file change (aside from my mod to conf/web.xml today) was to server.xml on Dec 15, to remove some dead Contexts. It ran for several days after that, just fine, recognizing changes as I was developing all last week. I've even rolled that change back, and no dice. -Original Message- From: Remy Maucherat [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 1:31 PM To: Tomcat Users List Subject: Re: JSP not reloading Mike Curwen wrote: 3. Did you try upgrading to 5.0.16? *duck* no, we're not wanting to use 5.0 until (probably) 5.1. There's nothing we need from the new servlet spec. You're free to do what you want, of course, but I'd like to point out 5.0 should have been named 4.2. The major revision number switch is only because the specs were upgraded. If you were following tomcat-dev, you would have seen that there has been no intention to start a 5.1 branch so far, unlike what has occurred in the past (4.1 was branched from 4.0.0 Final, and 5.0 was branched from 4.1.7 Beta). So there may not be any major new release until Tomcat 6.0. We'll see :) The future of the 4.1.x branch depends on the stability of the more refined 5.0 branch, and from the reports from 5.0.16 testing, it looks like it may not live very long. -- x Rémy Maucherat Senior Developer Consultant JBoss Group (Europe) SàRL x - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JSP not reloading (oops)
[Sorry, that was meant for a different topic. Vacation needed. :)] Are you sure nothing changed on the DB side? Some seemingly inocuous performance tweak? Do you have some odd rouge connection holding a lock on the table(s) you're trying to update and your app is.. snip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[FAQ] HowTo: Link Tomcat 5 with IIS 6 on Windows 2003 Server using the JK2 ajp13 connector
TJ, This is a very sharp writeup -- thanks for writing it up for everyone else. Tim, wanna add this to the FAQ? justin At 02:21 PM 12/23/2003, you wrote: I've just written an article to help those who like us, need to serve up Java servlets and JSP using Tomcat. The URL is http://virtualict.net/support/kb/iis6-Tomcat5-JK2.html TJ 2XP To Explore, To Experience, To Express - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [FAQ] HowTo: Link Tomcat 5 with IIS 6 on Windows 2003 Server using the JK2 ajp13 connector
At 03:03 PM 12/23/2003, you wrote: I have been adding all new links to the Wiki. (Which anyone can update, but I also check to try to keep it clean) http://nagoya.apache.org/wiki/apachewiki.cgi?Tomcat/Links Wait, so new links/additions are going to the Wiki instead of the FAQ? Are both being kept up-to-date with info or just one of them? Depending, perhaps we should link to the Wiki in the FAQ (at least for the connectors section). justin Justin Ruthenbeck wrote: TJ, This is a very sharp writeup -- thanks for writing it up for everyone else. Tim, wanna add this to the FAQ? justin At 02:21 PM 12/23/2003, you wrote: I've just written an article to help those who like us, need to serve up Java servlets and JSP using Tomcat. The URL is http://virtualict.net/support/kb/iis6-Tomcat5-JK2.html TJ 2XP To Explore, To Experience, To Express - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Source Code Visual Tree builder?
Drawing from the considerable collective experience of the list... Does anyone know of an OS/Free tool that processes a set of source files and outputs a visual tree of their relationships (basic is fine - who instantiates who is all I really need)? I feel like this should be a common tool, but I've never required a free one until now... Thanks in advance! justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: xml escaping characters for database password
At 05:34 PM 12/17/2003, you wrote: Hi, I'm using mysql via JDBC and I need to encode a password with non-alphabet characters in it like % in my server.xml. Do I use a URL encoding for this or an XML encoding? I don't know for sure as I haven't used mysql specifically, but if the password will be read by an xml parser, then you'll want to xml encode it. If the password is part of a URI that is specified in an XML, then you'll want to URL-encode the character(s) and XML encode any problematic characters from that output. Also while I'm on the subject, do I have to encode or escape a double-quote in an xml attribute: mynode attr1=blahblah\blah\blah/ quot; in this case. This can depend on your parser (or at least it has in older parsers). Thanks Adam justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [offtopic] Architecture Question
At 05:51 AM 12/4/2003, you wrote: Howdy, In a similar situation we use a web service running on another (3rd) tomcat server. It's worked well, especially as we've added more applications beyond our original two. Agreed. This is the cleanest long-term solution I've come across as it clearly defines responsibility boundaries between your apps/components. It's more work than other (IMO hackish) solutions, but opens up so many more possibilities once you've got it up and running. Yoav Shapira Millennium ChemInformatics justin -Original Message- From: jerome moliere [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 6:51 AM To: Tomcat Users List Subject: Re: [offtopic] Architecture Question Laurent Michenaud wrote: Hi, Hi laurent, We have two tomcat servers. One is located at our enterprise. The other is located at our hosting provider. They can see each other by Internet. We would like to set up an unique authentification system for both server. The authentification system will be on the server at our entreprise. The web applications on both servers will query the authentification system. What's the best/clean/nice way to do this ? JAAS ? Web services ? SSL keys ? __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat reload / classloader / connection pool
At 04:21 PM 12/2/2003, you wrote: Christopher Schultz wrote: First of all, why is this so? This is likely because of the way you use the singleton. When you have a singleton (I use quotes because it's probably not a real singleton otherwise we would not be having this discussion) the static data is associated with the java.lang.Class object that gets created when your class is loaded. When the re-load occurs, that static data sticks around. The new classloader used for the new context loads a new copy of the singleton and they pile up over time. You need to shutdown the connection pool before the context dies. I understand it sticks around because the data is independent of the any object. But eventually even this static data should get garbage collected. Well, if this is not a GoF-Singleton what is it then...? It's a Singleton only for the (temporary) ClassLoader in which it was created. In other words, it's not a real Singleton because multiple copies can exist in a given JVM. public class ConnectionFactory { private static Logger logger = Logger.getLogger(ConnectionFactory); private static ConnectionFactory instance; //stores references to all connection managers (connection pools) private final Hashtable managers = new Hashtable(); private ConnectionFactory() { //foo } public static ConnectionFactory getInstance() { if (null == instance) { instance = new ConnectionFactory(); } return instance; } } Second of all, how can I prevent this? Somehow listen for reloads and react appropriately? Yes. Consider writing a ServletContextListener and closing the pool before the context goes down. It will be run when the new context comes up, too. Check the documentation for javax.servlet.ServletContextListener I've just gone through its description. Looks my friend for this problem. ServletContextListener is the standard way to address problems such as this. You alluded to possibly moving your ConnectionFactory.class to Tomcat's lib (or similar) directory to make it available to all webapps -- this isn't necessarily a bad idea, depending on what you want to accomplish, but it is an advanced configuration and you should fully understand the ClassLoading system before getting involved in it. justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Are Multiple requests from single client handled sequentially?
At 05:19 AM 11/25/2003, you wrote: Hi, We have a client server set up, wherein the client sends multiple requests to the server at the same time the data is retrived from the database. But the response from the server is got only one after the other. :( Can soemone tell me why this might be happening?? We have NOT implemented SingelThreadModel. The service() method is being called for each request only after response for the earlier request has been sent. Is this because the single client is sending all the requests simultaneously?? What do I have to do to make sure that the service method is called simulataneoulsy for all the request..?? Are you sure that your client is opening up multiple HTTP connections to your server? Many clients will serialize their requests by default for a number of reasons -- if the client is truly opening up separate connections, you'll get parallel processing from Tomcat. This is more of a TCP/HTTP thing. justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: definition/usage of session-timeout?
At 07:08 AM 11/25/2003, you wrote: Ben, Thanks for the reply. But I'm still unclear on why setting the timeout won't work for my situation. What is the difference between an effectively idle session timing out, and cancelling a request? Of course I agree that fixing the root problem would be preferable, but it's extremely hard to diagnose. Putting in println's everywhere would in my case generate huge log file sizes, and I'll only try that as a last resort. Can anyone suggest a different technique for simulating an inactive session, so that I can get session-timeout to work? If your servlet is hanging, you need to find out what it's hanging on. Get a thread dump from your JVM when your server is hung (or your request is hung) and it should be obvious what is going on (thread dump commands vary by platform -- see your JVM docs). From what I've heard from you so far, this has absolutely nothing to do with session timeouts. justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Great Compiling Problem
) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:4 73) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:1 90) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:193) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:309) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:387) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:673) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:615) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:786) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:666) at java.lang.Thread.run(Thread.java:534) What does it means? If I open pages without java beans i get no problem. I can find any solution.. any idea?? Thanks Roberto. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Server URL Before Request
[This is a general comment: I don't disagree with Chuck Goehring] This is a common way to solve a problem such as the one Harris asked, but in general I don't think using init parameters are a very reasonable solution. Here's why: The web.xml defines the way in which the components of an application interact. It defines what urls are mapped to which resources, how errors should be handled, and (unfortunately, IMHO) definitions of roles and resource authorization mappings. These are all properties of your web application and say *nothing* about how the app is deployed. Frequently, developers have situations where a webapp needs to be aware of the environment in which it is running. In this case, it's the name and/or port that the app is running on. In others, it's JNDI resource lookup information. In still others, it's application configuration information that is long lived (how to configure management threads, for example). The point is, this is all information that belongs to a particular *server*, not to the webapp. It's different for every deployment because the machine for every deployment is different. You could always configure this stuff in a Context, but that's Tomcat specific and is of no help when you need to run on different platforms -- now or in the future. Instead, leave the deployment configuration parameters up to the person responsible for deploying -- and observe the boundaries even if it's a one-developer developed app. Create a separate configuration mechanism (xml on the classpath, properties file, command line args, whatever is accessible on every platform) and use that to store this type of information. Granted, small projects can use the crutches of built-in nicities, but for anyone developing a true J2EE app (not a Tomcat app), do yourself a favor and maintain strict separation between build-time configuration parameters and deploy-time ones. justin [Can you tell there's pent up frustration from having to deal with this?] :) At 01:51 PM 11/21/2003, you wrote: If you don't get a maintenance-free method from the group, you can always do the following: In the servlet: public void init() throws ServletException { String lConnectTNSName = getServletContext().getInitParameter(ConnectTNSName); if(lConnectTNSName == null) throw new RuntimeException(ConnectTNSName is null); ... In the web applications web.xml I store the site-specific info: web-app display-name (display-name)/display-name description*** servlets and JSP pages./description context-param param-nameConnectTNSName/param-name param-value/param-value /context-param ... You could store any info you want this way and it only needs to be re-entered when a change to your web.xml is required. Hope the group gives you a better answer, but this is handy for a variety of things. Chuck -Original Message- From: Harris Reynolds [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 12:29 PM To: '[EMAIL PROTECTED]' Subject: Server URL Before Request Is there a mgmt API that will allow me to get the URL that the server is running on from within the servlet init method (i.e. *before* the first request comes in)? ...really all I would need is the port number (the hostname and context paths would be easy enough to get). thanks for any tips, ~harris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Server URL Before Request
At 03:28 PM 11/21/2003, you wrote: I would be interested in seeing how to read an environment variable from the init method of a servlet. Assuming you're asking about JVM environment variables since we're talking about the general case (not *nix or Win enviro variables). If so, you can define your param on the command line when you start Tomcat and access it like you do any other system variable: System.getProperty(myApp.myProperty); This is one way to do it, but it's not reasonable if you need any flexibility or room to grow. Instead, consider creating a properties file or xml configuration file. Load this file and read your parameters from it. I'll leave the details of that to the archives... Hope this is what you're looking for. justin -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 2:54 PM To: Tomcat Users List Subject: RE: Server URL Before Request [This is a general comment: I don't disagree with Chuck Goehring] This is a common way to solve a problem such as the one Harris asked, but in general I don't think using init parameters are a very reasonable solution. Here's why: The web.xml defines the way in which the components of an application interact. It defines what urls are mapped to which resources, how errors should be handled, and (unfortunately, IMHO) definitions of roles and resource authorization mappings. These are all properties of your web application and say *nothing* about how the app is deployed. Frequently, developers have situations where a webapp needs to be aware of the environment in which it is running. In this case, it's the name and/or port that the app is running on. In others, it's JNDI resource lookup information. In still others, it's application configuration information that is long lived (how to configure management threads, for example). The point is, this is all information that belongs to a particular *server*, not to the webapp. It's different for every deployment because the machine for every deployment is different. You could always configure this stuff in a Context, but that's Tomcat specific and is of no help when you need to run on different platforms -- now or in the future. Instead, leave the deployment configuration parameters up to the person responsible for deploying -- and observe the boundaries even if it's a one-developer developed app. Create a separate configuration mechanism (xml on the classpath, properties file, command line args, whatever is accessible on every platform) and use that to store this type of information. Granted, small projects can use the crutches of built-in nicities, but for anyone developing a true J2EE app (not a Tomcat app), do yourself a favor and maintain strict separation between build-time configuration parameters and deploy-time ones. justin [Can you tell there's pent up frustration from having to deal with this?] :) At 01:51 PM 11/21/2003, you wrote: If you don't get a maintenance-free method from the group, you can always do the following: In the servlet: public void init() throws ServletException { String lConnectTNSName = getServletContext().getInitParameter(ConnectTNSName); if(lConnectTNSName == null) throw new RuntimeException(ConnectTNSName is null); ... In the web applications web.xml I store the site-specific info: web-app display-name (display-name)/display-name description*** servlets and JSP pages./description context-param param-nameConnectTNSName/param-name param-value/param-value /context-param ... You could store any info you want this way and it only needs to be re-entered when a change to your web.xml is required. Hope the group gives you a better answer, but this is handy for a variety of things. Chuck -Original Message- From: Harris Reynolds [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 12:29 PM To: '[EMAIL PROTECTED]' Subject: Server URL Before Request Is there a mgmt API that will allow me to get the URL that the server is running on from within the servlet init method (i.e. *before* the first request comes in)? ...really all I would need is the port number (the hostname and context paths would be easy enough to get). thanks for any tips, ~harris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL
Re: How jasper determines when to use default package org.apache.jsp when translating jsps to servlets?
Filip Hanik has posted a build script that does a deployment-time compilation of all JSP files in an app -- sounds like what you're looking for. I haven't used it, but it's a pretty common request on the list and it seems his solution has worked well for people. You can check it out here: http://cvs.apache.org/~fhanik/precompile.html justin At 01:08 PM 11/20/2003, you wrote: Tomcat 4.1/Windows XP I am working on the ant script that should precompile all jsp pages for a given web application. I used build.xml from Tomcat documentation as starting point. After running ant I found that some of the translated and compiled jsp pages are not working. For some reason when the jsp pages are translated/compiled by tomcat/jasper runtime the generated servlets sometimes contain package statement set to the default package like: package org.apache.jsp; and sometimes the generated servlet's package statement is determined based on the physical location of the jsp page in the web application tree. The build.xml I created always updates generated servlets with the package statement based on the jsp location in the web application directory tree. Ex. For the jsp located in webapp/agentHome the build.xml outputs package statement package agentHome; which causes exception javax.servlet.ServletException: org/apache/jsp/nbpDefault_jsp (wrong name: layouts/nbpDefault_jsp) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:249) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher= .java:684) If the package statement is replaced with package org.apache.java; Everything works. Any suggestions? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsp cache issue
If it wrote to the same place you started it from (ie where the scripts/exe live), that could be a potential problem. It's actually writing to it's own exclusive work directory, though, that's used only for temporary files -- this is reasonable. Where would you rather have it write to? justin At 03:39 PM 11/19/2003, you wrote: For the most part, Yup -Tim Euan Guttridge wrote: Hi, I have noticed that TC creates a temp file (example name = files02123412) when compiling jsps. It will only exist for a few seconds, presumably while the compilation takes place, then is deleted. Here is the annoying part - they are created in the directory from which you started tomcat - so if you start TC from a dir which TC does not have write permissions to the jsp will never compile. This temp file will simply contain ascii text for example : /usr/local/tomcat/work/Standalone/localhost/_/jsp/diagnostics/diagpage_jsp. java Is this behaviour by design? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat submits twice?
At 07:01 AM 11/10/2003, you wrote: Hi, I know the forum has a lot of questions about requests being submitted twice. I have implemented some of the solutions mentioned in there but the problem still persists. I have implemented a javascript solution which greys out the submit button rendering it unclickable on the first click. But even then, I am still getting multiple database insert requests. Before thinking about solutions to your problem, do you know exactly what's happening to cause your multiple insert statements? Perhaps there are two requests coming from the browser, but from your email it doesn't sound like you're even sure of this. Have you verified that you really are receiving two separate requests for the same insert? Can you reproduce it at will? justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: two users see the same session
In servlet terms, Bill is saying to check to make sure you don't have variables defined within the servlet class. Avoid code such as this: public class MyServlet extends HttpServlet { private String m_userName; public void doGet(HttpServletRequest req, HttpServletResponse res) { ... m_userName = req.getParameter(userName); ... } } This will cause problems because servlet are multi-threaded and multiple users will have access to the m_userName value. You may not have code that does something as obvious as this, but chances are high that it's somehow related. Make sure you have *no* member variables in your servlet -- or if you do, make sure they're used correctly. justin At 12:14 AM 11/7/2003, you wrote: Sorry not to have mentioned this but the session code is all pure java i.e. we dont use JSP, instead we use a templating solution but there is no session stuff there. In any case, can you tell me *why* it's occuring. I couldn't understand your example since I don't know JSP (!). Thanks! Bill Lunnon wrote: Nikhil, I have seen this problem occur when using JSP and incorrectly defining session variables or beans in the declaration part of the script. e.g %! BeanClass bean = new BeanClass(); % Make sure only initialise session variables or bean classes in the context scope ie % BeanClass bean = new BeanClass(); % Would suggest visual inspection of all code and JSP pages to make sure this is not occuring! Hope this helps Bill -Original Message- From: Nikhil G. Daddikar [mailto:[EMAIL PROTECTED] Sent: Friday, 7 November 2003 4:03 PM To: [EMAIL PROTECTED] Subject: two users see the same session Hello Folks, Sometimes our users get to see information stored in the session of another user. We've verified this because they have sent us screen captures. The question is how? We have one server, one tomcat (4.1.27), and we use the default i.e. cookie based sessions. If anyone of you can shed some light on this or tell me how to prevent this, that will be great. Thanks for your time. Nikhil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Sessions and proxies (Split From: Tomcat 4 losing session (may be related to Win XP))
Thanks for the reply, don't want to hijack the thread. The list thanks you for your courtesy. :) This is now in it's own thread. I don't think it's a question of cached pages, but proxyserver does seem to be doing something. The first page is a login, and when it's submitted, the request passes a query string that calls the servlet. Servlet creates a new session and I can see a new cookie containing JSESSIONID. The servlet then displays results from a db query. Any further requests, whether to scroll the results, add new record, or view individual record causes the servlet to create a new session because request.getSession(true) is called and doesn't find the cookie in the request. Accessing the web app from inside the proxy works okay. I'm a bit unclear as to exactly what's happening, but I'll try anyways. If Tomcat receives no JESSIONID or an invalid JSESSIONID, calling HttpServletRequest#getSession(true) will create a new HttpSession with a new sessionId. This is why you're seeing each request have a different sessionId in your logs. At 08:44 AM 11/6/2003, you wrote: How would I do that? Add to the query string? You can either go about trying to patch your app together by appending values to query strings and the like, or you can put in the effort to get it working right (can you tell I'm biased towards the later?). You mentioned that you tested the app from behind the proxy and it worked correctly. The next question is, if you look at the responses from in front of the proxy, are they still correct? The working theory is that they won't be, but you won't really know until you have Http message examples from both in front and behind the proxy. Like I said before, setup a simple http proxy (these are *really* simple to use) to log your http messages. Check out the cookies and params being sent back and forth. Once you've proven that your proxy is messing with the JSESSIONID, figure out how to fix it. That's the robust, permanent solution. Wendell justin -Original Message- From: Phillip Qin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2003 8:55 AM To: 'Tomcat Users List' Subject: RE: Tomcat 4 losing session (may be related to Win XP) Have you tried to append jsessionid? -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: November 5, 2003 9:32 PM To: Tomcat Users List Subject: RE: Tomcat 4 losing session (may be related to Win XP) At 04:14 PM 11/5/2003, you wrote: I've been pulling hair out for several days with what turns out to be the same problem, except it's occurring on a Windows 2000 Server running IIS 5.0 and Tomcat 4.1.24. The logs show that the first request to a servlet done via POST gets a different session id than the follow-on request via GET to the same servlet, same URL. The same app works fine on another Win2K server running Apache. The one that doesn't work is behind a proxy server doing proxypassdir's to map a URL to an internal IP. Could this be the problem, or is it an IIS thing? If you really want to see what's happening, put your own proxy between the client and the first server on your backend (I use zproxy -- google for it) to look at the http messages going back and forth. Check the response that you're getting from Tomcat and note the JSESSIONID provided after the first call. See what JSESSIONID the client machine sends back. You can put the same proxy (or any http-level sniffer) between any of the servers and see who's passing what. If you've established that Tomcat is receiving two different sessionId values, then you can be sure there's a mixup somewhere else (and the more hands you've got in the cookie jar, the more chances someone else is screwing things up). Wendell Holmes justin -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 4:25 PM To: Tomcat Users List Subject: Re: Tomcat 4 losing session (may be related to Win XP) Are the sessions the same between the two calls? That is, when you call HttpSession#getId() for each of them do you get the same id back? justin At 02:27 PM 11/5/2003, you wrote: Hi all, I've come across a situation I can't figure out and I'm wondering if it has to do with the fact that this is the first time we've installed Tomcat on Windows XP Prof. Symptom: Tomcat loses session. If you set up a very simple two JSP process where page 1 stuffs (setAttribute) something into the session, and page 2 displays it, the value comes back as null Tests: if I copy the two JSPs to the examples directory included in the Tomcat distribution, the pages perform properly. If I create my own context and execute the pages from there, the getAttribute returns null. I created the context by duplicating the context in the server.xml file and pretty much just changing the codebase. Other environment info: running behind Apache2 (latest), on port 8082 (http) and 8009 (AJP13
Re: Tomcat 4 losing session (may be related to Win XP)
Are the sessions the same between the two calls? That is, when you call HttpSession#getId() for each of them do you get the same id back? justin At 02:27 PM 11/5/2003, you wrote: Hi all, I've come across a situation I can't figure out and I'm wondering if it has to do with the fact that this is the first time we've installed Tomcat on Windows XP Prof. Symptom: Tomcat loses session. If you set up a very simple two JSP process where page 1 stuffs (setAttribute) something into the session, and page 2 displays it, the value comes back as null Tests: if I copy the two JSPs to the examples directory included in the Tomcat distribution, the pages perform properly. If I create my own context and execute the pages from there, the getAttribute returns null. I created the context by duplicating the context in the server.xml file and pretty much just changing the codebase. Other environment info: running behind Apache2 (latest), on port 8082 (http) and 8009 (AJP13) because Oracle Servlet Engine shows up on port 8080 (side note: anyone have info on how to get the flying pig to go away when you've uninstalled the Oracle HTTP server???); JDK 1.4.*, and this is Tomcat 4 (latest). The exact same set up works fine on Windows 2003 and Windows 2000 Prof. And this machine works fine as a client to the server running on any other machine, so it's not a cookie issue I don't think. Am I missing something obvious? Could it be permission-related? Something in the way the session data is stored on disk? Sure would appreciate any advice. Andrew Longley Senior Software Developer MindFlow Technologies, Inc. http://www.mindflow.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Which is the winner----Singleton Class or Base Servlet????
At 05:07 PM 11/5/2003, you wrote: In addition to what others have said, why don't you ask your highly knowledgeable friend for proof of what he's claiming? Anyway his answer to this question is,-- using base servlet does not create a separate object instance as it is done when using a singleton class.That way u use one object less from JVM point of view.However this answer did not solve my quest. Really? That's the reason? Ignore it. Choosing to implement something in a base class or in a singleton is a decision based on your app's architecture -- choose whichever is more clear and/or more maintainable for you. There may be performance issues involved, but that would have to be discussed with specific examples ... in any case, this is not one of them. justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 4 losing session (may be related to Win XP)
At 04:14 PM 11/5/2003, you wrote: I've been pulling hair out for several days with what turns out to be the same problem, except it's occurring on a Windows 2000 Server running IIS 5.0 and Tomcat 4.1.24. The logs show that the first request to a servlet done via POST gets a different session id than the follow-on request via GET to the same servlet, same URL. The same app works fine on another Win2K server running Apache. The one that doesn't work is behind a proxy server doing proxypassdir's to map a URL to an internal IP. Could this be the problem, or is it an IIS thing? If you really want to see what's happening, put your own proxy between the client and the first server on your backend (I use zproxy -- google for it) to look at the http messages going back and forth. Check the response that you're getting from Tomcat and note the JSESSIONID provided after the first call. See what JSESSIONID the client machine sends back. You can put the same proxy (or any http-level sniffer) between any of the servers and see who's passing what. If you've established that Tomcat is receiving two different sessionId values, then you can be sure there's a mixup somewhere else (and the more hands you've got in the cookie jar, the more chances someone else is screwing things up). Wendell Holmes justin -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 4:25 PM To: Tomcat Users List Subject: Re: Tomcat 4 losing session (may be related to Win XP) Are the sessions the same between the two calls? That is, when you call HttpSession#getId() for each of them do you get the same id back? justin At 02:27 PM 11/5/2003, you wrote: Hi all, I've come across a situation I can't figure out and I'm wondering if it has to do with the fact that this is the first time we've installed Tomcat on Windows XP Prof. Symptom: Tomcat loses session. If you set up a very simple two JSP process where page 1 stuffs (setAttribute) something into the session, and page 2 displays it, the value comes back as null Tests: if I copy the two JSPs to the examples directory included in the Tomcat distribution, the pages perform properly. If I create my own context and execute the pages from there, the getAttribute returns null. I created the context by duplicating the context in the server.xml file and pretty much just changing the codebase. Other environment info: running behind Apache2 (latest), on port 8082 (http) and 8009 (AJP13) because Oracle Servlet Engine shows up on port 8080 (side note: anyone have info on how to get the flying pig to go away when you've uninstalled the Oracle HTTP server???); JDK 1.4.*, and this is Tomcat 4 (latest). The exact same set up works fine on Windows 2003 and Windows 2000 Prof. And this machine works fine as a client to the server running on any other machine, so it's not a cookie issue I don't think. Am I missing something obvious? Could it be permission-related? Something in the way the session data is stored on disk? Sure would appreciate any advice. Andrew Longley Senior Software Developer MindFlow Technologies, Inc. http://www.mindflow.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security methods [OT]
Every security method you'll find will revolve around a user login (authentication). If the customer isn't already doing that, you'll run into problems. Once you have established trust between the system and the user, you move into the security checks (authorization). You'll need a solution for both. Many people use security mechanisms built into Tomcat/J2EE. Many others steer clear and implement their own (my preference) or use a different framework. This is a matter of technical/political choice -- neither option is inherently better. For info about J2EE security, see J2EE Servlet 2.3 Specification SRV 12.1 http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ For info on other security schemes, listen for other responses or read the archives ... sorry, don't know of any concise references to point you to. This is a very, very, general topic ... if you come up with some ideas or specific questions, feel free to post them and I'm sure people will chime in with their opinions. justin PS: Happy Halloween to all! At 01:54 PM 10/31/2003, you wrote: Hi Everyone, I'm doing a project for a client and they want to employ some kind of security mechanism that will allow a customer can have access to their content but not their competitors, meaning: * They have information that resides in a text based database. * A customer can search for the information through a web form. The information is returned based on a match of the zip code from the web form. * They don't want competitors to get this information since it is their intellectual property. Currently, a session is set and a servlet makes sure that no one tries to retrieve information via the web form more than 3 times. The problem is that someone can close and reopen a browser and start over. I'm also thinking that a semi smart programmer could bypass the whole browser and do it programmatically anyway. Security is new to me, and I'm looking for suggestions on how to solve this. Can someone suggest some general ideas, a book, or something to get me started? I would surely appreciate it. Thanks! -Brian Menke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] reloading bean upon session time out
At 07:59 AM 10/30/2003, you wrote: Upon my users first request to my JSP-pages I retrive their user name and loads their authorization level etc. from a database. This information is stored in a bean given session scope. Thing is that after 30 minutes (default) the session times out and the required information is lost, thereby rendering my users unable to make request to the database. If the session times out after 30 minutes, then it means that your user has not submitted a request with the appropriate JSESSIONID in 30 minutes -- that's what causes the session to timeout. If your users are still hitting your site and the session times out, then there's something else wrong with what you're doing. How do I test for this and redirect them to the original authorization page? (Ruling out the option of setting session time out to say 8 hours...) There are a hundred ways to do this, but it's really an architectural decision for you. If you're not using one of the frameworks and everything is JSP, one way is to include a login_check.jsp page at the top of every JSP page. This page checks to ensure that the user is logged in. You could accomplish the same thing with a Filter or custom tag ... really depends on what you're comfortable with and what fits best into your system. justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session exclusivity (was Form Double Submit Detection)
At 09:46 AM 10/28/2003, you wrote: As far as I can remember there have been posts in this list, where people said that they have seen different session objects within the same session. This was explained with the fact that there is a session facade which can change anytime. So the session should be a quite weak monitor to rely on. (But as I said, this is not my experience, it's just something I've read) My be it's time for a developer to shed some light on this. The point is not really whether Tomcat does or doesn't give you the same HttpSession facade every time. The point is that this is an *internal* implementation decision that can change at any time. And even if it's never changed for Tomcat, you can't rely on it for other servlet containers. My personal preference (and I've seen the benefits in multiple projects I've worked on), is to *not* rely on objects out of my control for functionality such as this. What happens when you need to put an additional front end on your code to support WebServices, for example -- you still want to rely on any object in the javax.servlet package? Don't think so. If your project is limited in nature, then assume Tomcat and use an object in the session. If you're building a complex, wide application, create your own synchronization framework (or use something pre-built but unrelated to J2EE). It'll give you maximum flexibility when you start to support other appservers, clustering, client types, etc. /soapbox ;) justin -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 6:34 PM To: Tomcat Users List Subject: Re: Session exclusivity (was Form Double Submit Detection) So, it looks like the Catalina folks feel like the session is okay to synchronize on, but I agree that one shouldn't bet the farm on a session being a good monitor. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Windows freeze...
At 12:37 PM 10/28/2003, you wrote: Leo, On Windows, when an applicacion throws an Exception, for the first time, Tomcat freezes, until I hit the keyboard or I do something on the DOS console that appears when Tomcat starts up. I've had this problem before. It turns out that in some DOS windows, when you click on them, they suspend the console output because the mouse is in selection mode. Pressing enter gives you miles of queued-up output. It's like turning on scroll lock on a real console. Just try not to click *inside* the DOS box when you switch to it. Instead, head for the title bar, of better yet, ignore your mouse and use ALT-TAB :) You can also turn off the click inside dos-box freezes output feature by turning *off* QuickEdit Mode in your dos-box properties settings. Before I figured this out, I spun many cycles running back and forth between servers to investigate these hanging complaints. justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Windows freeze...
At 01:03 PM 10/28/2003, you wrote: Could you recomend me any Windows version to avoid this? Is there some way to send the output of the console to a file?? if not, is it possible to always click enter in that console so as to left the selection-mode unselected?? Turn off QuickEdit in your DOS Console window -- it will make output always appear in the console and you won't see this freezing problem. Simple. See the previous message for how to do it. Cheers, justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: automatic reloading redux
When a reload is done, the entire Classloader is dropped and a new instance is created and used. Any instances of classes loaded by that CL will be gone as well. The behavior you're seeing is correct. justin At 11:43 AM 10/27/2003, you wrote: Hi all, This is not the standard reloading question :) I have a bunch of properties files in the classpath, and a bunch of objects (created by a servlet) in Tomcat memory. In my webapp, I can see these objects as a list. The wierd thing is that if I change any one of the properties files, Tomcat reloads it. Now I can no longer view the created objects through the webapp list. They have mysteriously disappeared.. My question is what is Tomcat's expected behavior for the objects in memory when a class is automatically reloaded? Is the memory refreshed? The behavior I am observing seems to indicate this. But logic indicates otherwise :) ciao, Rishi ciao, Rishi - Let's think the unthinkable, let's do the undoable, let's prepare to grapple with the ineffable itself... And see if we may not eff it after all. -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]