Re: data push
From: Paul Wallace [EMAIL PROTECTED] Sent: Wednesday, August 10, 2005 6:38 PM Hi and thanks for that, That's the crux of my question! The data (I am unsure of the protocol it is delivered in) is sent at random points in time i.e not from any request. I wish to create particularly the client (server B) that listens for this data. I (mistakenly) mentioned server A to mimic the data pushes. I can write something to fire off data at intermittent times, but I am more interested in how to capture that data, when no request has been made. This is the reason why I first questioned on Sockets. Perhaps I should have been clearer from the off! Yea, that protocol detail is kind of important. As others have said, Tomcat is set up for HTTP requests, and pretty much ONLY HTTP requests. As much as it would be nice to extend GenericServlet to work with ANY protocol, in truth it just doesn't happen and is not really practical. The GenericServlet interface is still pretty heavily tainted by HTTP. If you want to listen to HTTP datastreams, then Tomcat is the hot tip. If not, then you can start with the Jakarta Avalon project (which is basically dead). Avalon was a lower level container designed to be the boiler plate so you can focus on implementing your own protocols. While the actual Avalon project is dead, the current project page shows you how it has forked into several other projects, so you can use that as a starting point to perhaps hunt down a framework to more easily handle your own protocol. Now, to be fair, if you don't have any real VOLUME of data (lots of connections, high load, vs just the occasional chit-chat), you may well be able to write a simple server in just plain Java. A simple server is not difficult, and there are no doubt several examples on the net. Listening to a socket is no longer the rocket science it once was. Just depends on your tolerance for getting it to work vs learning a framework. Finally, if you REALLY want to dig in to the Tomcat internals, you can break it into little pieces and bits and hammer to fit to support your protocol. Also, there's the book How Tomcat Works which is actually a pretty good book if you want to know how to write a network server in Java. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Does JspC in 5.0 rely on Hibernate?
Hi all! I'm working on migrating from Tomcat 4.1.x to 5.0.x, and one of the components is JspC. Using the ANT Task presented in the 5.0 docs as inspiration I have: target name=jspcx depends=ensure-jsp-src taskdef classname=org.apache.jasper.JspC name=jasper2 classpath id=jspc.classpath pathelement location=${java.home}/../lib/tools.jar/ fileset dir=${tomcat.home}/bin include name=*.jar/ /fileset fileset dir=${tomcat.home}/server/lib include name=*.jar/ /fileset fileset dir=${tomcat.home}/common/lib include name=*.jar/ /fileset /classpath /taskdef jasper2 validateXml=false uriroot=${image} webXmlFragment=${jsp.webapp.xml} outputDir=${jsp.src.dir} verbose=99 / /target I added the verbose tag to get some debugging info. During the build, I get this: [jasper2] Aug 9, 2005 4:01:56 PM org.apache.jasper.JspC processFile [jasper2] INFO: Built File: \Common\Calendar.jsp [jasper2] Aug 9, 2005 4:01:56 PM org.apache.jasper.JspC processFile [jasper2] INFO: Built File: \Common\CancelDialog.jsp [jasper2] Aug 9, 2005 4:01:56 PM org.apache.jasper.JspC processFile [jasper2] INFO: Built File: \Common\CCMFulfillmentRequestFilterFrame.jsp [jasper2] Aug 9, 2005 4:01:56 PM org.apache.jasper.JspC processFile [jasper2] INFO: Built File: \Common\CCMFulfillmentRequestFilterNav.jsp [jasper2] Error in class org.apache.jasper.JspC BUILD FAILED file:c:/ecms/Working/WebServerCode/build.xml:385: java.lang.NoClassDefFoundError : net/sf/hibernate/Lifecycle If I immediately restart Ant, if continues on it merry way, goes farther, and then I get the NoClassDefFoundError again. So, it's not my JSPs (which don't use hibernate), and appears to be JspC itself! I don't see anything resembling a Hibernate jar in the Tomcat distro, so I'm just curious where this might cropping up. Any ideas? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat/MySQL Application Update
From: Christopher Molnar [EMAIL PROTECTED] Sent: Tuesday, August 09, 2005 4:56 PM We have a servlet that is run locally on about 20 laptops. I am currently manually updating the application on each laptop about once per month. Can anyone suggest a method of updating an application running on both OS/X and Windows based machines that would check if a new version was available and then grab it via FTP, Rsync, or something? Or would it be easiest to put the application into a database record? Any help or pointers appreciated. Since you're on a laptop, I'm guessing you can't easily automate the process using a cron job or the Window Scheduler, as most laptops aren't up and about in the middle of the night. But, even if it was a manually initiated sync process, it wouldn't be to problematic. You could simply have the user kick off an rsync process at some reasonably regular interval and compare the WAR on their system to the Mater WAR is on your server. If the app is small, your network fast, and you can mount where the Master WAR as a drive on the computer, then you can simply have an Ant task copy the file. It can simply compare timestamps (assuming the machines have compatible clocks), and just suck the whole thing over if the timestamps differ. Hmm, well, you'd need to blow away the old exploded webapp too. That's a bit of a nut. Then, once copied over, Tomcat fires up, explodes the WAR and you're on your merry way. The only hard part is if you perhaps change the DB schema or somesuch thing outside the scope of the application, that brings on a whole different set of problems. Another solution is to embed tomcat, and your app within it, and then use Java Webstart to run it like a desktop appliation. The Webstart handles synchronizing and keep the application up to date. It probably wouldn't be horribly difficult to do, but it's not clear that the effort is worth it just to get the Webstart functionality. Finally, you can add a bit of code to your app to see if it's out of sync, download it your self, then quit with a message saying Updated -- please restart. All sorts of scary things you can do. Since you're talking OS/X and Windows, I'd keep the solutions to Java based ones, tho, rather relying on scripting and such. Luck! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Any kind of Request Recorder/Player available?
With Apache JMeter, they have a proxy that you can use to record a session with the server, and you can then use that as a basis for load testing and what not. What I'm looking for is something similar, but something that I can ideally place in Tomcat (as a Valve perhaps, or a Servlet filter). Basically, something that records the entire incoming request and then stores it out in a format that can later be played back by another tool. The problem is that we have a server than has a production memory leak, and the profilers are basically worthless in production. But if I can place a logger and record a days traffic, and then replay it against a test server (with all the monitoring etc.), then I can more easily reproduce the problem without heavily impacting performance of the production server. Anyone have any ideas? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to read a file on disk from a servlet
From: Kenneth Jensen [EMAIL PROTECTED] Sent: Friday, May 27, 2005 6:49 AM The ServletContext.getResource depends on a URL string from the request, as far as I can see, and I could not get it to work quickly, so I ended up wth this rather silly hack in the servlet init() method: You can also simply use the ClassLoaders getResource methods, and place things in your classes directory. (Though I think you're better off getting the ServletContext.getResource() to work) Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Adding content/JSPs on the fly
I'm scheming on a little project, and one of the things I want to be able to do is simply add content to the application. The typical way to add content is also rather static -- add it to the WAR and redeploy. That's not particularly dynamic tho, and doesn't really facilitate changing content from the web app. One of the things I'd like to be able to create on the fly are JSPs that are then served by the container. Now, Kenneth Jensen may have answered my question for me by providing this snippet: ServletContext context = getServletConfig().getServletContext(); String slash = System.getProperty(file.separator); keystore = context.getRealPath(/) + WEB-INF + slash + getInitParameter(keystorefile); The key being the getRealPath(/) code. So, my question is do you think that it's reasonable and fairly portable to leverage that technique to find where on the system a webapp is deployed and use that as a base path to create new resources to be served by the container? I'm aware that it is possible for a web app to be deployed in an unexploded WAR, and I would simply make it a precondition that this not be the case (and for 99% of most systems, it simply isn't an issue). But, shouldn't this pretty much work with most common servlet containers? Thanx for any insight... Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Adding content/JSPs on the fly
From: Steve Kirk [EMAIL PROTECTED] Sent: Friday, May 27, 2005 11:44 AM It sounds reasonable, but probably isn't tested or by design, so probably best to just have a go. Re portability, the best advice I can offer is an old chestnut: read the servlet spec. This is particularly relevant in this case. The spec is generally pretty good at telling you you pretty accurately if (a) what you want to do should/must be supported or (b) what you want do do is forbidden. Of course there are some areas that it does not have a view either way on, but I find it to be an invaluable document - I have it on shortcut from my taskbar and consult it often. It's at least as useful as the javadocs or TC docs. For those of you that don't know where to find it, it's here, under specifications. http://java.sun.com/products/servlet/reference/api/index.html Choose the servlet spec version appropriate to your TC version as described in the table on the tomcat home page: http://jakarta.apache.org/tomcat/index.html I'm reasonably familiar with the specification. One of the notable bits about it is simply the fact that within the spec, you're pretty much not guaranteed writeable access to the file system at all (save for a temporary area, and it's simply that -- temporary). But the reality is that most engines give you access to the disk that way. Just one more specific point on your note Will - I would have thought if anything that you want it to be a precondition that the webapp NOT be deployed as a war. I've a feeling that if TC explodes the war, then it might not check the exploded FS for changes. Don't take this as gospel though, this is a hazy half-remembered bit of info. As far as I know, the Servlet spec doesn't have a deployment method outside of a WAR. It's pretty much a container behavior to actually explode the WAR on to the file system, yet, most obviously do for performance reasons. But it does bring up a basic problem, for example, if by some fluke the app is redeployed, all of that new data is blasted away by the WAR..that would be Bad. But I can't see another (easy) way to create JSPs on the fly, or in fact to create any other content that can be served directly the server. It's an annoying nit of the spec, to me, that it doesn't expose this behavior to the developer. For example, unlike EJBs (which has a specified limitation on accessing the disk), the Servlet spec does allow you to access the disk, though perhaps not within the WAR hierarchy. But, there is no way to, say, forward to a static resource that the server can then handle in its own internally optimal way. Rather, I have to open the static resource, determine the content type (I can get that from the Servlet spec), and then feed it into the output stream, when in fact it would simply be easier to do req.serveStatic(/tmp/mynewgraphic.gif) or some such thing, or be able to forward outside of the web app (i.e. to a actual file rather than a URL). Simply, the application structure and such are pretty much isolated from the developer. I can't add anything dynamically to the security domain, for example, which means if I want that kind of capability in my application, I have to essentially implement ALL of the container security -- mapping, role checks, etc. Container security is an all or nothing. Be happy with its limited funcitonality or dump it entirely. So, now if I want dynamic templating in my Webapp, I, technically, have to dump JSP completely and switch to something like Velocity. All of the power of JSP, tag libraries, etc. is gone. I imagine that I could mimic the JSP environment, compile the JSP myself, compile the java myself, load the class myself and feed the output into the standard output stream, but that seems like a silly wheel to reinvent when I have a full container here that DOES THAT ALREADY, doncha think? Mind, I may still just Do It, open up paths to the disk and plonk files and JSPs in place and see what happens, but it's a flaming hoop I wish I didn't have to jump through. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Adding content/JSPs on the fly
From: Frank W. Zammetti [EMAIL PROTECTED] Sent: Friday, May 27, 2005 1:04 PM Could you instead store the JSP in a database? ... snip ... Now, get the BLOB from the database based on that JSP name. Convert the BLOB to a string and stick it in request, then forward to a JSP that is the following: %=(String)request.getAttribute(theJSPContent)% If all I was interested in was displaying static data, then yes. But if I wanted access to the actual templating ability of JSP, then that doesn't help. Look at it this way. Let's say that I were using Velocity for templating instead of JSP. And let's say I have a VelocityServlet to handle it, and some url is mapped, say mywebapp/vt. So, for the HomePage Velocity template, the URL would be: http://host.com/mywebapp/vt/HomePage The Servlet gets the request, strips off the HomePage, finds the HomePage template file (or database record), fires up Velocity, renders it and spits it out response.getOutputStream. But here's the deal. I had to write the mapping code, the fetching code, the rendering code (at least the call to the renderer), and the output code. Velocity supports this, all well and good, it's not really a horrible problem. The detail, though, is that I have essentially duplicated a large chunk of what Tomcat and any compliant servlet container ALREADY provides. I had to reinvent that wheel. Doesn't that seem like a waste of time to you? Now, clearly, Tomcat implements a JSPServlet. The Jasper project is simply that. Identical pretty much to a VelocityServlet. I can tie *.vm to VelocityServlet, and they work identically to JSPs in pretty much every way and form. JSPs aren't anything special, in the big scheme of things (they ARE more complicated, however). So, if I wanted to provide the capability of dynamic JSPs (i.e. JSPs served from some source other than the WAR and webapp, say a database or a file outside of the hierarchy), I essentially have to bundle and refactor Jasper into my webapp. When I deploy my webapp on to a stock Tomcat (or, ideally, any other compliant container), the user now gets two copies of Jasper -- the installed version and my version in the webapp. Doesn't that seem redundant? It just seems like a painful hoop to jump through. I'd like to better leverage the container than how it will let me now, essentially tap in to how it gets its resources, and I'd like that to be possible through the Servlet API, via, say, a Resource Listener or somesuch thing. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: An unexpected exception has been detected in native code outside the VM.
From: David B Sullivan [EMAIL PROTECTED] Sent: Thursday, May 26, 2005 3:42 PM We're running Tomcat 4.1 on Sun Solaris 9, connecting to another Solaris 9 box running Oracle 9.2.0.1 and Java 1.4.2_05. When Tomcat tries to connect to the DataBase, it crashes, with the log file shown below. We can point Tomcat at another DataBase, same versions of everything, and it works fine. We can point to this DataBase from another server, with everything being the same and that works too. Not being knowledgeable of Tomcat or reading the traceback information, I really don't know where to start looking We're locked into versions because of the Application, so I really need to get this Version working. Can anybody tell me what this log file is saying?? Any info would be much appreciated. Thanks, cat hs_err_pid2578.log An unexpected exception has been detected in native code outside the VM. Unexpected Signal : 11 occurred at PC=0xEF8EDD88 Function=[Unknown. Nearest: vcharSizedNormalizeUTF+0x460] Library=/usr/local/matrix/1052/RMI/lib/solaris4/libvgalaxy-unicode.so.7 Current Java thread: at com.matrixone.jni.MatrixKernel.dbStartup(Native Method) at com.matrixone.jni.MatrixKernel.getKernel(MatrixKernel.java:47) Looks like what I'm assuming are your JDBC drivers are exploding with a SIGFAULT. And it looks like its imploding with something to do with UNICODE, so perhaps you have some kind of strange Locale issue. Is that matrixone stuff actually your JDBC driver? Any reason you can't use the Oracle thin (JDBC Type 4) drivers? This looks to me to be a problem with MatrixOne, and I'd give them a call. Tomcat is but a victim. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HttpSessionListener
From: Christoph Kutzinski [EMAIL PROTECTED] Sent: Wednesday, May 25, 2005 9:04 AM I suspect that the Listener class is not found on the production server. You should check your deployment. Are you deplyoing via WAR files in both cases? Yea, I would make sure that your listener is even being instantiated. Tomcat is pretty quiet with things like Listners, it doens't write error or output where you typically see it for you application. Check all of your logs to make sure the class is loading and starting up correctly. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IMPORTANT NEED Tomcat Connection advice
From: Mladen Turk [EMAIL PROTECTED] Sent: Wednesday, May 25, 2005 10:08 AM Sure all that is in place, but OTOH the http keep-alive connection *can* be opened for several hours or days. HTTP/1.1 uses persistent connections by default and you must explicitly add the 'Connection: close' in the header. Without that, things like internet radio for example would be a pure wish :) Keep-Alive is for essentially reusing a connection, but even for something like internet radio, you don't need keep-alive. Typically, transactions time out because there's no activity, not simply because they're open a long time. Simple, most basic example is downloading a large file over HTTP using a slow connection. The basics of the protocol are that you send the length, and then the body. The client reads that and start sucking on the socket. There are other aspects of the HTTP protocol that let you get pieces of files (so called chunking), and you CAN use those kinds of things, but you don't have too. You simply have to deal with the issues is you lose your connection. If you don't use the more advanced parts of the protocol, you simply start over with: GET /hugefile.zip HTTP/1.0 But the fact of the matter is that you really shouldn't be using the Servlet API for lower level protocols. You really shouldn't be having a servlet sitting on a socket and feeding it back underneath HTTP. HTTP isn't really a connection protocol, it's a higher level transfer protocol. There are other frameworks that are better suited to implementing lower level protocols and customer socket listeners and handlers and what not for Java. It's a shame, really, because we DO have Servlets AND HttpServlets, as a subclass, implying that you can have other protocols than HTTP, but truth is a lot of assumptions that just happen to fit HTTP bubbled up into the Servlet part of the spec, and not just within the HTTP part of the Servlet spec. For example, you couldn't easily implement FTP on top of a Servlet container. But poke around Jakarta, they have frameworks to make it easier to write socket server application, rather than just HTTP based server applicatons. Conecptually you could do this in tomcat, but it's kind of off the main path of what Tomcat does. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts validation frame work
From: Rahul Akolkar [EMAIL PROTECTED] Sent: Monday, May 23, 2005 9:43 PM Not all validations can/should be done client-side. -Rahul To expand, even validations done on the client side must be done again on the server side. Never trust your client. But for client side validation is still a valid and worthwhile pursuit, you just need to be redundant on the server side. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Minimal server
From: Steve Kirk [EMAIL PROTECTED] Sent: Tuesday, May 24, 2005 5:02 AM I don't see how you will do that without installing some kind of dynamic webserver on each PC, whether that be apache-hpptd, tomcat, or other, plus the web application (which needn't be servlets, it could be perl based). And if you are going to do that, what's wrong with installing tomcat? If the goal is to write an, essentially, stand alone application that just happens to be browser based, then you don't want to install tomcat per se, rather you just want to have an HTTP based core around which you can wrap your application. Its not designed to be a general purpose application/webserver, rather a very application specific server. It also allow the application to be distrubted as either a simple, complete Jar file, or perhaps wrapped in a .exe. When the user clicks on the icon, the application launches a browser to the applications home page. Now, if he just wants to distribute a WAR, as a central service for several users, then, yes, its easier to have the client simply install tomcat (or bundle it in their installer), and deploy the war. But for a client side, browser based application, embedding can very quite viable. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Minimal server
From: Dola Woolfe [EMAIL PROTECTED] Sent: Monday, May 23, 2005 1:15 PM Can this be done? I basically want to program to have a thread that listens to some port and launches a servlet when a request is made. Tomcat itself is reasonably easy to embed, from what I understand. Jetty is another light weight servlet container that is particularly well suited to embedding as well. While you can create minimal servers and such yourself, it's nice to have something more full featured, because then you can simply code to the Servlet API, and leverage the nice things that it does for you rather than reinventing the assorted wheels. So, you'll get things like Filters, Sessions, Event listeners, Request processing, Forwarding, etc. The whole HTTP stack. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cache CPU utilisation problems on Tomcat 5.5.7 on Windows 2003
From: Andrew Stevens [EMAIL PROTECTED] Sent: Monday, May 23, 2005 6:43 PM 1. Cache - Can't help here, sorry... 2. CPU utilisation - Tomcat often hits 99% CPU and just stays there until the server just comes to a grinding halt. This could of course be a coding issue in a JSP or what have you, but my error logs are not pointing to anything unusual. What do your GC stats look like? (-verbose:gc) Is TC out of memory and fighting itself? Even worse, is Tomcat swapping? (Java no like swapping, no sir. Bad. Really Bad.) Remember that your Java will allocate more memory than what you may specify on the command line, that only limits the heap size for the JVM, not how much Java takes overall. I've had Tomcat when hammered go into a thrashing spin lock on Solaris, this was 4.1.x, though. It was rare, we only caught it once, and it was obviously fighting among itself for some locks. That wasn't pretty. But it eventually sorted itself out. No idea what caused it, and I can't consistently duplicate it. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to change the value of a form's text field by scriplet?
From: Cassius V. de Magalhaes [EMAIL PROTECTED] Sent: Monday, May 23, 2005 2:56 PM I would like to change the value of a form's text field by scriplet, is it possible, please? Through Javascript, I can use the form name plus the name of the field, for example, myform.address.value='xxx'. I know I can do myform.address.value='%= something %', where something is a scriplet variable declared previously. Is it possible to change the value of a form field inside of a scriplet just as we can by a javascript code, please? JSPs and the Servlet model do not expose HTML forms as some large, first class object that you can change using something like myform.address='something'. Typically you'd do something very basic like: form action=/url Name: input type=text %= something %/input /form There are, of course, innumerable frameworks and such that can present HTML elements and forms to your Java code as objects (JSF for one), but the above is the basic of basics on how it all works and is inevitably done. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a servlet receive its own request?
From: Michael Mehrle [EMAIL PROTECTED] Sent: Wednesday, May 18, 2005 8:58 AM - Servlet issues https request to an outside server (via getServletContext().getRequestDispatcher(https://www.someoutsideserver/) ) - Outside server processes request and responds with POST response (also via https). - Servlet [somehow] is able to be the recipient of the response. - Servlet parses the response and stores data to the database. Your problem is with the whole model. There is no reason why a Servlet can't send an HTTP(S) request to another server. But the server that you are making the request shouldn't be making an independent POST back to you, rather it should just send you the data you want back as the reply body. You then parse the reply and move on. IF you insist that the reply be in the manner of a POST from the other server (really really silly IMHO), then, simply, you need to make the request to the other server be the last thing your Servlet does. Then when the POST comes back, you pick up where you left off, tracking your state through a request parameter. So, your Servlet may start with a request like: http://otherserver.com/processData?mysession=123stage=1 Then the otherserver replies with a POST to: http://yourserver.com/yourServlet?mysession=123stage=2 You use the mysession information to maintain your state between requests. But the key is that your servlet ends each time, and Tomcat then restarts it when the POST comes back. It's still a silly idea. You don't need Webservices, SOAP, XML-RPC, etc to talk to another server via HTTP. You can easily stream serialized Java objects to each other if you want, use the simple Java Properties file format for your responses, etc. I think if you have control over both servers, WEB RPC can be very simple for a limited domain. If you don't have control over the other server, then you do what you have to do. I mean, seriously: public class AddNumberServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); String arg1 = request.getParameter(arg1); String arg2 = request.getParameter(arg2); int i1 = Integer.parseInt(arg1); int i2 = Integer.parseInt(arg2); int result = i1 + i2; out.println(answer= + result); } } public class RequesterServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); URL reqURL = new URL(http://otherserver/AddNumberServlet?arg1=2arg2=4); Properties result = new Properties(); result.load(reqURL.openStream()); String answer = result.get(answer); out.println(HTMLBODYWhen you add up 2 and 4 you get + answer + /BODY/HTML); } } There. Instant web service. Error checking and robustness are left as an exercise for the reader, but you can see that you don't need a 500 page book to get some data from another web server. Not to discount the XML-RPC and SOAPs, they have their place most certainly. No doubt XML-RPC started just like this and grew from there (and then into SOAP), but its just a simple example of how easy this can be when you have control over the whole shebang. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: UserDatabase
From: Jim Henderson [EMAIL PROTECTED] Sent: Wednesday, May 18, 2005 11:45 AM I am attempting to rewrite org.apache.catalina.users to access an existing backend application database of users and groups. The database could have hundreds of users. I cannot add/change/delete users or groups in the database from the Tomcat Admin consol. In other words authentication will be indirectly performed using an external DB. I would suggest you go take a look at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html quickly to make sure you're doing as little work as necessary. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to do Downtime with a Apache/Tomcat webapp
From: Richard Mixon (qwest) [EMAIL PROTECTED] Sent: Sunday, May 15, 2005 8:57 PM I'm curious how folks handle letting users know that their webapp is down when doing maintenance. We have an alternate httpd.conf file for Apache that is configured to send everybody to site down come back later static site, then we simply bounce Apache with the new config. It's is not particularly subtle, but we're not a 24x7 site so much, and it's more to let folks coming in know what's happening. But it's simple and quick. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to do Downtime with a Apache/Tomcat webapp
From: Richard Mixon (qwest) [EMAIL PROTECTED] Sent: Tuesday, May 17, 2005 7:53 AM Will, Thanks - that may be the simplest solution. It just seems errors prone (i.e. updating one of the httpd.conf files, but not the other). Still its appealing for my situation. I am going to better check out the reference Ed sent in an earlier post - that seems to have some potential. To be clear, you don't update the httpd.conf file, rather you have two versions (up version and down version), then you simply restart Apache with the correct version as appropriate. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Optimization for Large Applet
From: Chris [EMAIL PROTECTED] Sent: Monday, May 16, 2005 12:32 PM Sorry if this is a dupe, but as far as I can tell, it didn't go through. Setup: Tomcat 5.0.28 JDK 1.4.2_06 W2K Currently, we are running a rather large applet served from TC. When the first user logs on, TC memory usage jumps up about 60MB. When another user logs on after the first one is finished, the memory doesn't really change. Also, the cpu spikes pretty heavily, but only for about 10-20 seconds. The problem that occurs, is that if multiple people log on at the same time, the memory spikes for 60MB for each concurrent log on. Sounds like a caching issue on Tomcats end, but I don't know for sure. 1. Would using ZIP compression help alleviate the problem? The cpu doesn't seem to be as much of a limiting as the memory. I would think that the compression would help users log in faster, thereby helping reduce the chances of concurrent log ons. No, it wouldn't help. First, Applets are just Jar files anyway, and those are normally already compressed, and second, if Tomcat is indeed for whatever reason loading the entire applet into memory before streaming it, then it would do the same thing before compressing it, so it wouldn't help there either. 2. Is there a way to queue connections so that tomcat will wait until it has available memory, thus preventing the OutOfMemory error? AFAIK, once TC gets an OOM error, it won't do anything until it's restarted. You can write a Filter that counts how many folks are requesting the resource, and if more than a certain number are accessing it, you can wait() until the queue frees up space, but you have to write all of this yourself. 3. Would upgrading to TC 5.5.x and/or JDK 1.5 help any? Dunno about that. What I would do is set up the request logging (via the Valve in server.xml), and see what kind of requests you are getting to your Applet URLs. If they are simple GETs for the whole shebang, then you can easily make the URL a custom Servlet instead, and it can more sanely read the Applet from disk and send the data incrementally. You may need to make sure that the OutputStream that you are using the THE stream to the client, and not a buffered stream by Tomcat. Tomcat at times will buffer output so that it can set the Content-Length properly in the header. This is mostly for dynamic content, but you should be able to get access to the correct stream, or turn off the buffering. I'm actually surprised the Tomcat would cache the static resource, which is what it SEEMS to be doing, but I don't know why it would be doing that. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What are those No such list! s and Illegal IMail List Server Command! ?
From: Maxime [EMAIL PROTECTED] Sent: Monday, May 16, 2005 11:13 PM Since yesterday I am receiving a thousand of the same emails. What can I (or we) do to avoid these ??? You can set up your email client to filter them out based on their subjects (which seems pretty static). I simply sort by subject, select them en masse, and delete them my self, then I resort by recieved date like normal. I'm confident the Powers That Be are working diligently to fix the problem, whatever the problem may be, so I'm not taking any dramatic measures. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Looking for way to constrain bandwidth from a tomcat servlet
From: Kellner, Peter [EMAIL PROTECTED] Sent: Friday, May 13, 2005 6:51 AM You suggest system using a Filter that monitors all of the data. Are there any hooks in Tomcat that allow you to make this filter? Would I need to modify Tomcat source to do this? (I hope not) Filters are a standard component of the Servlet API. You'll need to write the filter and bundle it with your webapp. A Filter should work on any compliant Servlet container. You can also use a Tomcat specific Valve, which exists at a higher level than a webapp. So, if you wanted consistent bandwidth monitoring across several disparate webapps, a Valve would be a good solution. You wouldn't need to modify the Tomcat source to create your own Valve (though you may want to look at the source as an example of creating your own). I've never done this. Also, I'm still hoping someone has already done something similar. Any ideas on similar projects? I'm not familiar with any, but that doesn't mean anything. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Sharing Data Sources
From: Cook, Jared [EMAIL PROTECTED] Sent: Friday, May 13, 2005 7:08 AM That's what I am doing, but I want to avoid having to do that. I would rather have it all in one file so when I need to make changes I only have to do it once. Have you looked at using an XML Entity reference? I'm not the XML guru, but I saw this snippet from Suns App server sample build scripts: !DOCTYPE project [ !ENTITY sampleCommonCommands SYSTEM ../common-ant.xml ] project name=hello-example default=core basedir=. ... sampleCommonCommands; ... /project So, you might be able leverage that capability and use it as an Include for your XMLs. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: In-memory session replication without Clustering
From: Atanu Neogi [EMAIL PROTECTED] Sent: Friday, May 13, 2005 10:38 AM Hi, a.What is the best way to share a HttpSession between web applications running on a single Tomcat instance ? That Tomcat instance is not a cluster node and clustering has not been enabled. b. What is the best way to share other java Object information (without using common persistence storage ) in memory between web applications? Are the add-on cache modules like JBoss cache etc. only solution? The problem is that the webapps have their own distinct classloader hierarchies, so that's one thing that makes sharing objects across webapps difficult. Recall that an objects Class is based not just on the actual Class it uses, but the Classloader for the class as well. Thus if you have the an object of ClassX that's loaded by the classloader for WebappA, and another object of ClassX loaded by WebappB, and in WebappA you try: ClassX myObject = (ClassX)getObjectFromWebappB(); That will fail with a class cast exception, because WebappA.ClassX != WebappB.ClassX. Using a clustering style caching solution helps remedy this by serializing the objects, which breaks a lot of those dependencies, but is obviously expensive. One thing you can do, however, is move any classes that you want to share across webapps out into the common/lib or common/classes directories. Those classes are all shared across webapps, so they can safely be used back and forth between them, since they share the Common classloader. As for sharing HttpSessions, I don't think you can do that directly, as each webapp will have their own unique session. You'll need to have some other means to identify the user outside of the sessionid (like, say, their login name if they authenticate, or an arbitrary domain level cookie that you create on the fly if it doesn't exist yet). Then you use that credential to access shared information stored in a Cache that's loaded from the Common classloader. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE 20 session cookies limitation
From: Rick Wong [EMAIL PROTECTED] Sent: Friday, May 13, 2005 11:42 AM Knowing that I cannot easily refactor the application suite to make less number of web application ( 19), I am wondering if anyone else has this problem, and if and how I might work around this IE limitation. Tweak the Tomcat SSO code so that JSESSIONSSO is no longer a Session Cookie, but a real, permanent cookie, with some reasonable (albeit short) timeout. While technically this is a potential security issue (since they can't just close the browser to log out), I imagine that you're talking about an internal system where this may not really be an issue. Of course, when you add that 21st webapp, you will have a new problem. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic load balancing
From: Harry Mantheakis [EMAIL PROTECTED] Sent: Thursday, May 12, 2005 1:51 AM What load balancing system would you recommend? (Is there some consensus, cost issues aside, as to what the best type of load balancing system is?) I wish I could say. We use a pair of redundant BigIP's from F5 (which are eleventy zillion dollars), so, they're quite sophisticated. I know Cisco has some as well (which are probably eleventy and a half zillion dollars). 3 common paths are to use Apache's mod_proxy, mod_jk, or the Tomcat balancer app. I don't think any of them provide sticky sessions (though, obviously, the Tomcat webapp could probably be reasonably modified to support that -- but I don't know if anyone uses the Tomcat balancer in production). I don't think any of them let you easily bring down an individual server on your own, though you might be able to reconfigure mod_proxy on the fly with Apache and do a graceful restart after you've taken your downed server out of the mix in the httpd.conf file. The children should finish their requests normally and safely. The biggest problem with load balancing and such is that it opens up a HUGE kettle of fish with regards to testing and such. For example, you'll get it all set up, type http://myhost/webapp/page.jsp and it'll magically appear and then you'll go Yea, but WHERE did it come from? We modified all of our JSPs, for example, to put the host of the server they came from in an HTML comment. It really starts getting confusing. You should have a good set of web based tests for your application so that you can be sure that it's still working the same when you add the new servers. Then you can start testing things like yanking network cables from your tomcat servers to see if failover happens (or not), and other effects, and then decide if you're happy with it. You also can see if you perhaps gained any capacity by splitting the tomcats (if you're app is DB bound, then the bottleneck may be your DB server and the extra tomcat may not help you at all, for example). But, either way, testing is the key here to make sure everything is working as planned (and unplanned) since the new configuration is that much more complicated than it was before. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: .asp and tomcat 5.5.9
From: Trung Nguyen [EMAIL PROTECTED] Sent: Thursday, May 12, 2005 6:56 AM Thanks again. What I'm trying to do is write code in Java and name it .asp because our client wanted to have .asp instead of .jsp :-) Well that certainly can meet the letter of the request, if not the spirit! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a client recapture a session in Tomcat 4.1
From: Millies, Sebastian [mailto:[EMAIL PROTECTED] Sent: 12 May 2005 15:57 Can a client recapture his Tomcat session after he has accidentally closed the browser, provided that the session object still exists on the server? If the client authenticates to your server (i.e. they log in), then you can use their login credentials as a key for session data. The downside is that you'll have to basically build your own session manager to facilitate this. (To handle expiration, inactivation, etc. if you want those features). However, there's no reason you can't leverage the built in session listeners to help implement this. For example, you can do some crude reference counting and when a user logs in, you register their session with your login-ID based session manager. Then, when the session expires (and calls the listener), it can check to see if any other sessions are registered, and if not, then it can safely kill the login-ID based session. This gives you the time out capability fairly cheaply. You don't get serialization and such though, nor clustering, but if you're not using those features, you don't care. Actually, as an aside, this would be a bit nasty, but you may be able to tweak the Tomcat session code to instead of using a temporary, browser based JSESSIONID cookie, make it permanent (but still expire in, say, an hour -- whatever timeout is suitable). This cookie would survive browser restarts (for good and ill). Other folks have mentioned the potential ramifications of that, but by doing it this way, it's possible. Just hope they don't use this in a public library. This basically redefines how sessions work for YOUR Tomcat, but it doesn't sound like an arduous change, and you get all of the other Tomcat session infrastructure for free. Your webapp won't be portable if you really on this though, since you have to change Tomcat itself to make it work. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL on multiple IP addreses?
From: David Wall [EMAIL PROTECTED] Sent: Thursday, May 12, 2005 10:31 AM How will you configure multiple IP addresses on a single NIC? Normally, you have one NIC per IP address. You will need to use two keystores for each system, and configure the keystores as you normally would under the SSL connector. I'm not sure how to configure the CoyoteConnector so that it will listen on a particular IP address, but the docs no doubt explain how. Just an FYI, it's pretty simple and common to have a single NIC listen to multiple IP's. It's fairly trivial to do in Linux/Unix, and I know it's possible in Windows, but I don't know the details of how to do it. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realms and Filters question
From: Tim Funk [EMAIL PROTECTED] Sent: Thursday, May 12, 2005 5:17 PM The realm logic will be called before the filter logic. No way around it. Yup, my major complaint with Servlet Authentication. You either use all of it or none of it. I'd like to think that they'd make it a little more flexible in the future, but they haven't yet, and it's been this way for quite awhile. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Looking for way to constrain bandwidth from a tomcat servlet
From: Kellner, Peter [EMAIL PROTECTED] Sent: Thursday, May 12, 2005 6:14 PM I have a particular web page that hits a servlet and I'm finding that certain users suck out huge bandwidth. Does anyone know of any products or open source projects that work with tomcat that will allow me to throttle bandwidth to certain users based on some criteria? (like total bandwidth already consumed by that user). Bandwidth is hard to manage at the application level, particularly with proxies and what not potentially in the way, but you can measure actual data sent for a user. You can create a system using a Filter that monitors all of the data going out of tomcat (and technically how long it takes, thus measuring actual bandwidth). You would hijack the stream used in the original request so you can monitor to the traffic. You can then move the data from the hijacked stream to the requests stream as fast, or as slow, as you like (perhaps by throwing some Thread.sleep() calls in the main copy the stream loop). But be aware that while Thread.sleep takes milliseconds as a parameter, it doesn't mean it actually supports full millisecond granularity (it may, but you should test it and make sure), but it may only go as low as 10, or even 100 milliseconds. You could also simply use the filter to ban the user from a specific hungry resource if you like. I'm sure there are other things like this, perhaps something for Apache. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic load balancing
From: Faine, Mark [EMAIL PROTECTED] Sent: Wednesday, May 11, 2005 11:24 AM Tomcat 5.0.28 We seem to often have to make minor changes that cause us to have to restart our tomcat server (the whole server, not just a web application) and this has lead me to decide to research load balancing. The idea would be to have two servers that would be exact duplicates. One of the servers would only become available when the other was not running. This way we could make the change on server2 (and restart it) and then bring server1 down and make the change to it as well. This would prevent any real downtime for our users. Where should I look for info on how to implement this type of failover? Thanks for your help Yeah, it's a mix of load balancing and clustering. The primary challenge you have to deal with is session replication so that when you fail your primary Tomcat, the stand by will have the same sessions in play. Once you have the sessions clustered, then it's a matter of redirecting traffic from the primary to secondary. This is what a load balancer system can do for you, in that it can help you cleanly switch over. What you need to do here is tell the load balancer to direct all new traffic to the secondary Tomcat, but still let any pending transactions go to your primary. Once the load balancer has shifted the traffic, you bounce the primary, let the primary add itself back in to your cluster and resynchronize the sessions, then you finally have the load balancer start shifting traffic back to the primary. Now, note that at some point during your switchover, you will be having both Tomcats live and working against the same DB or whatever your backend, so you need to make sure that it can handle that (if it's just a DB it's typically not a problem). Finally, once you've gone to all of this trouble, frankly, I'd just run both machines 100% and load balance between them, either round robin, or you can use session pinning (so that when a request comes in, their session sticks to a single machine barring machine failure). The reason I would do this is simply that I'm just philisophically opposed to having idle machines do nothing and waiting for something to happen. To me, an idle machine is simply a room heater. I don't need a $2000 room heater. In this case, since you need to have cluster aware sessions and replication anyway, and you have to have a load balancer fronting them anyway, why not simply double your performance (ideally) and run both machines if you're going to keep one idle anyway? You have to go through all the configuration headache anyway, so you may as well get some free performance out of it. It is my understanding that you can do most of this with 3 machines and stock Tomcat, as it already supports clustering, and there is a load-balancing application as well, but I don't know how good or featureful the load balancer is. Of course, you can do a function test on only a single machine with 3 interfaces as well. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Memory for JSP Compliation in 4.1
From: Wendy Smoak [EMAIL PROTECTED] Sent: Wednesday, May 11, 2005 10:42 AM Subject: Memory for JSP Compliation in 4.1 Will adding JAVA_OPTS=-Xmx128M to catalina.sh help with running out of memory during JSP compilation in 4.1? The notes in catalina.sh say that these options will be used when the start stop or run command is executed, but from the Jasper config page, I see that Tomcat will 'fork' another JVM in order to compile JSPs. Does this new JVM inherit the memory settings of the original, or is there some other way to increase its memory? First off, no, the -Xmx option will do nothing in terms of affecting the memory for a JSP compile if fork is true. If fork is false, then the -Xmx options that you ran your original Tomcat with WILL affect the heap size for the compiler, but that assumes the Sun compiler. I don't know if HP's JVM is using Suns compiler or not (it may be). See, the Sun compiler is just a java class that can run like any other class. But if HPs JVM doesn't have the Sun compiler class available, then the JSP compiler is simply going to call javac, and that's going to fork no matter what your Jasper setting. Also note that at some point in the 4.1 version, the JSP/Sun compiler combo had a memory leak. I don't know if that was Tomcat, Jasper, or Suns compiler that was at fault, or whether your version has it fixed, but that was an early impetus for forking to compile JSPs in the first place, to punt around the memory leak. Um...how big is the JSP that you're compiling? Is there perhaps a way to make it smaller? Perhaps including some of the static content at runtime rather than compile? (I'm trying to fathom a big enough JSP that would blow up the compiler, but who knows.) Have you considered looking at precompiling the JSPs (or at least the few nasty ones that are grenading your server)? Then you'd perhaps have more control over memory for the compile that the standard Jasper engine doesn't expose to you. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: detecting tomcat 5.5
From: Jason Novotny [EMAIL PROTECTED] Sent: Tuesday, May 03, 2005 2:11 PM Thanks-- unfortunately by default (at least on Unix) that file is not executable so it wouldn't even execute by default. Did you bother to even LOOK at the script? All it does is call 'catalina.sh version' (I'd like to think that script is executable for you). And all THAT does is run the ServerInfo class. Given all that, you should be able to figure something out. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on JNDI configuration
From: John MccLain [EMAIL PROTECTED] Sent: Monday, May 02, 2005 4:23 PM Is it possible to add a datasource to JNDI AFTER the server has started? We have a webapp that creates a DbConnection pool AFTER first user authentication. I would like to access this pool via JNDI conventions (because of 3rd party requirements), as well as through a context variable. Have you tried simply binding it after you've created it? I think it's writable. Are you creating user specific DBPools, and using JNDI as a global name space for the 3rd party app (passing in the context name key for them to look it up)? Context ctx = new InitialContext(); ctx.bind(yourDBPool, getNewDBPool()); Can you leverage a Custom Resource Factory to do this for you (assuming simply binding it doesn't work)? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Catalina.out eats my harddisk space
From: David Smith [EMAIL PROTECTED] Sent: Friday, April 29, 2005 4:36 AM Question to the OT: how are you deleting catalina.out? If you aren't shutting down tomcat first, you need to do that. Otherwise some OS's recreate the file to it's former size with empty space where log info used to be. Actually, what the OS's do is they keep the other file around until the file is closed, even though it's been deleted, it won't go away until the file is actually closed. The entry in the directory may be gone, but that actual data for the file is still around. When the file is finally closed, the system realizes there are no more references to it, and removes the actual data. Just clearing up the process.. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Application configuration
From: Dave Butler [EMAIL PROTECTED] Sent: Friday, April 29, 2005 8:39 AM Andrea Aime wrote: I have a set of property files that allow me to configure my application. They contain things like file system locations, database access parameters and so on. Now, I would like to put them outside the war file in order to make installation easier for people not used to web app deployements, but at the same time I would like to make those files visible only to my app (for example, I'd like to change the log levels in log4j without unpacking the war). Why not use Java Preferences. Java Preferences is the way to go, but you need to provide a mechanism to manipulate them (whereas with property files you can simply use an editor). Ideally this mechanism is within your webapp, but you need to ensure that it can work with potentially Really Bad values in the preferences (i.e. if your property editor part breaks with bad properties, it's kind of hard to fix them, eh?). A notable scenario being I forgot my admin password or something else. One thing you can do is to put a reset directory in the top level of your WAR, then put a ResetProperties class within there (in the reset package, of course). Then, in your webapp protect the reset url with an invalid role. Finally, when the user needs to reset their preferences, they can simply do: java -jar WebApp.war reset.ResetProperties and it will set the preferences to reasonable defaults. A WAR file is simply a JAR file, so this should work just fine (I haven't tested it). You protect the reset path so that it can't be downloaded over the web. The reason you jump through these hoops is because the Java Preferences stores its values differently on different systems. Notably it uses the Registry on Windows, and a file on Unix (in the users home directory). But, rather then fighting that, you can provide something that will work consistenly across platforms by leveraging the API and Java. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Copying HttpServletRequest
From: Tuan, Frank [EMAIL PROTECTED] Sent: Friday, April 29, 2005 11:35 AM I'm trying to change the InputStream of the request. I don't think the wrapper allows me to change the InputStream. It's deeper in the ServletRequestWrapper, but it's there. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RES: Nervous about Sessions ...
From: Frank W. Zammetti [EMAIL PROTECTED] Sent: Wednesday, April 27, 2005 10:59 AM Hi Paul, No, I don't know of any changes... I'm actually wondering if this is a restriction the latest servlet spec places on objects in session... I tend to doubt Tomcat would be imposing such a restriction unless the spec indicated such a restriction... I myself might learn something here! :) Does anyone reading this know a definitive answer? Conceptually, I guess someone could have changed the session to require serialization. Perhaps they did this to handle the new cluster/failover aware sessions. Tomcat has different session managers. A simple one that happily consumes heap until you run out, a more sophisticated version that funnels old sessions to disk and reloads them on demand, and then the failover aware sessions. But, even the generic base version would try to persist session between restarts. Finally, if you're having issues, you can always wrap you non-serialized items into a class that IS serializable, and either simply lie (so that if it actually TRIES to serialize it, it will fail and throw an exception), or mark the fields as transient so they won't serialize. There's also the option of digging deep into the Tomcat source code and just fixing it and remove that limitation, but that's rather drastic. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RES: Nervous about Sessions ...
From: David Whitehurst [EMAIL PROTECTED] Sent: Wednesday, April 27, 2005 8:05 AM I heard something confusing in the reply. If Tomcat has a file caching under load, how does Tomcat serialize the objects in session if the client application isn't placing objects implementing java.io.serializable everytime? It doesn't. It fails for that case. The real question is whether you care. If you're using the RAM based session manager that tries and saves sessions on Tomcat restart, then you ask yourself if you really care to save sessions over a restart? (I don't, you may though.) If you don't, then it doesn't matter if you have non-serializable data in your sessions. If you DO care about persisting sessions (for whatever reason, such as relying on a paging session manager), then obviously you need to make sure you store serializable data. The real point, though, is that the spec says that you can put an Object into the session. It doesn't say Serializable. So, if Tomcat for whatever reason, is doing something like: public void setAttribute(String name, Object value) { if (!(value instanceof Serializable)) { throw new BoomBoomException(); } } Then, it's kind of adhering to the letter of the spec, but not really the spirit of the spec. It's fine to say that if you have Objects that are not Serializable in your Session, the session will not be persisted, if and when that happens, but it's another thing to limit the contract (since, in most case in the real world, most sessions are simply stored in memory and serialization is not an issue). Besides, it doesn't even solve the issue. You can put, say, an ArrayList full of objects that are not serializable, and it would pass this test, but fail later. The only real way to know if something is Serializable is to either reflectively crawl the objects contents and check, or simply try and serialize it and see. Any session manager that's serializing or crawling the Object every time you call setAttribute is going to, umm, politely, suck, because of the performance hit. (Note, many failover session managers do precisely that -- serialize the new attributes immediately, but then, they pretty much have to don't they? But you knew that when you signed up for it.) So, better to document the behavior and adhere to the spec and let the programmer deal with the consequences of all that rope you're handing him. IMHO, of course, I'm not emperor yet. If I were, I could make an edict, until then...simple opinion :-). Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RES: Nervous about Sessions ...
themselves. I would focus on a) how did two users get the same Object in their session or b) how are users making multiple requests on the same session (why are they doing this, is it common, etc.). The problem isn't in the Session itself, nor necessarily in the corrupted Object, but I think it's deeper in your application wherever you end up getting your Object. Knowing essentially nothing about your app, that's the best 2 cents I can give at this point. I wouldn't worry at all about using the primitve types (including String) in a Session. Note, though, that Dates don't count. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTP/POST request body dump
From: Tuan, Frank [EMAIL PROTECTED] Sent: Wednesday, April 27, 2005 6:52 PM I tried with a Filter. However, once I called getInputStream() in the filter, getInputStream() in the servlet returns nothing. You effectively need to create a new Request with an new InputStream pointing to the stuff you just loaded in. You can do that by loading the request into a byte buffer, and tying a ByteArrayInputStream in the new Request that you forward from your Filter. This has the downside of caching the entire request in RAM, so just be aware. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How get www.site.com homepage requests to forward to Tomcat without a redirect?
From: PAlvin [EMAIL PROTECTED] Sent: Sunday, April 24, 2005 12:25 PM I could send *all* http requests to tomcat, BUT, obviously, I DON'T want Tomcat serving up images. Why not? Tomcat is fine for static content. How much traffic are you really getting to your site? If you're like a majority of sites, not enough that the benefit of Apache is going to really be noticable. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How get www.site.com homepage requests to forward to Tomcat without a redirect?
From: PAlvin [EMAIL PROTECTED] Sent: Monday, April 25, 2005 12:24 PM (We get about 1,000 visitors a day to our site.) Just curious: Isn't Tomcat responses inefficient because it has to pass the response back to Apache via a named pipe or TCP or some other connector mechanism? Technically, yes. Realistically, no. Does that hand off and transfer affect the total overall packet time? Of course, but it's all handled within the kernel of the machine, versus going out over the wire, so it's not really noticable. Measureable? Sure. But so is shortening your network cables. Want to easily speed up your network traffic 100%? Cut all of your cables in half. So, seriously, don't worry about it too much. If your site is getting 1000 visitors a day, over 10 hours, that's less than 2 per minute. You can look at your logs and measure your peak times if you like. Trust me, you're not stressing anything here, and Tomcat will have no problems whatsoever handling that traffic. Would it handle the 1000 users if they all showed up at once? Probably not, but you'd be fixing other things before Tomcat then anyway. Tomcat will happily saturate your internet connection. Best of luck. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Any better way to do this?
From: joelsherriff [EMAIL PROTECTED] Sent: Monday, April 25, 2005 4:16 PM I want to setup what is basically a blog server - so that user's must login and can then access their personal blog, but nobody elses. I think I can do this using a servlet filter to trap requests to the blog pages, lookup the user's blog page url using the session info, and modify the request to point to his/her own blog, regardless of what blog they initially requested. Seems like there ought to be a better way but I'm pretty new to tomcat so is there? Actually that's a perfect way to do it. You simply write the filter, install it, and be done with it. The challenge being integrating with the Blog software's registration system, perhaps, but the beauty of the system is that the blogging servlets/JSPs/etc. are totally ignorant of the change, and you can move ahead with very little knowledge of how the blogging software works or is configured. It's a nice, non-invasive system to do exactly what you want. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: snmp and Nagios
From: Just another UFO mechanic [EMAIL PROTECTED] Sent: Sunday, April 24, 2005 10:42 AM Check out this new to the 1.5 JRE this will help with the memory and GC stuff. http://java.sun.com/j2se/1.5.0/docs/guide/management/SNMP.html Fantastic well done SUN Heh, it gets better. You can integrate DTrace on Solaris 10 and Java 5 now too. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Clustering application scope replication
From: Joakim Ahlén [EMAIL PROTECTED] Sent: Friday, April 22, 2005 5:54 AM Hi! We have a cluster of two tomcat 5.5.9-machines using session replication. However, we also have data in application scope (set with getServletContext().setAttribute(...)) which as far as i have found in the docs, is not replicated. You need a cluster aware caching solution. Session replication is more for failover and such. Look at something like OSCache and its ilk to get the functionality that you need. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Clustering application scope replication
From: J. Ryan Earl [EMAIL PROTECTED] Sent: Friday, April 22, 2005 7:44 AM How does Tomcat know what to serialize? Does it just use the Reflection package and serialize out -everything- that implements java.io.Serializable? When you do a setAttribute(key, object), it serializes the object out for replication, so, both your key and object needs to be serializable. It uses the generic Java writeObject method. This is why you need to use setAttribute to ensure your changes are replicated, and why you can not just change an object directly and expect it to be replicated. So, if you are storing, say, a long ArrayList of objects in your session (like, say, query results), you must use setAttribute(yourList) each time you make a change to anything in the list, and then it serializes the ENTIRE list for replication, not just your changes. (And thus we see some of the limits of replication, at least some of the things you need to be aware of.) Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Serving files from Tomcat...sorta
Simply put, we have a system where folks are able to upload files into an 'incoming' directory, and download any of their files from any place below their home directory. We want to expose this through the web using HTTPS. Couple of things I'd like to do here. a) Authenticate the users against the generic /etc/passwd unix scheme (/etc/shadow in our case). b) I'd like to, if practical, have Tomcat serve the files or, at least, have access to the mime-mappings in the conf/web.xml c) do as little work as possible :-) In the most basic form, this is a reasonably simple project, scan a directory, dump out an ls -l of it, let them click on and then serve the files. But Tomcat already has code to serve static files, so I was hoping to leverage that ability. I figured I'd make each home directory a role, and then use a Realm to manage the security bits, either hunting down a Unix Realm or writing my own, that shouldn't be too hard. In fact, I'm betting a bunch of this is in Tomcat somewhere (directory browsing et al), so I was kind of hoping someone might have some hints on stuff I can leverage to pull this seemingly simply thing off. Any hints? Thanx! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Serving files from Tomcat...sorta
From: Mark Thomas [EMAIL PROTECTED] Sent: Thursday, January 06, 2005 3:57 PM Have you looked at using webDAV? Tomcat has a basic implementation or there is the slide project. Yes, I thought of that immediately too, but too complicated to potentially configure over the phone with a random end user. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logging exceptions per webapp in Tomcat 5.5
From: Shed Hollaway [EMAIL PROTECTED] Sent: Thursday, January 06, 2005 6:59 PM Svein Did you ever get an answer to you question? If so, how separate the logging for webapps? The exceptions will log out to your log file if you actually bother to capture the exceptions and log them. The exceptions bubbling to the top in catalina.out are those that get out of your code. Don't let them out and capture them yourself. You can try (I haven't done this) to put a catch-all Filter at the top of your app that does nothing but public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) { try { filterChain.doFilter(request, response); } catch(Throwable t) { log.WARN(t); } } (making this work is left as an excercise for the reader) Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: More apps = More load ?
Hi, Does Tomcat use more resources depending on how many apps are present even if they are not being used? Yes, slightly more for each app, even if it's not used, depending on the configuration. I would have thought that it was the number of connections to a server and the amount of users/usage there of that would have caused a load which would slow it down. Typically, this load is indeed the bottleneck, so your thought is right. However, if you add many apps, and the load is little, they can become the bottleneck as well. Especially if one or more of the apps does processing or uses memory regardless of load (e.g. for pre-caching of data on startup). So as always, it depends on your specific apps and their characteristics. It's not hard to create an app that would use app all the server resources without any user connecting to it ;) But this is all static load, correct? I mean, once Tomcat has started up and all of the applications have performed any initialization, there shouldn't be hardly any overhead, correct? They'll consume memory, of course. Certainly there's a level of load if all of the applications are not in production mode, but even then that should only matter if the applications are actually USED, correct? Not just loaded? (Specifically thinking about the run time checking of changed JSPs etc.) Finally, even if there is some overall continual performance overhead for having an application loaded, yet unused, how many apps would you have to have to where this overhead would actually be measurable, much less make any kind of difference whatsoever in response time to a single specific app? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does Tomcat 5 users java.nio?
From: Vy Ho [EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 3:03 PM I checked this document: http://www-106.ibm.com/developerworks/library/j-nioserver/ and it talks about how wonderful new io could help server to serves higher number of connections and less error/drop connections. Is it true in practice? Does Tomcat 5 uses new io of just io? If not, do they plan to move to this? The dillema is that the Servlet Model as defined in the specification doesn't work well in the kind of environment provided by NIO, so it's difficult to say whether something that handled the semantics of a Servlet written using NIO would actually be any faster at all. Now, technically, if one were so inclined, you could implement that bits that handle static content with Tomcat to, perhaps, use the nio model and maybe get a bonus for a pure Tomcat, yet static heavy, site. But since most folks simply Don't Do That (i.e. if they're distinguishing static content at all, odds pretty good that they're fronting Tomcat with Apache anyway...), there's little motivation to engineer Tomcat to support NIO for simply static content. Servlets are pretty much thread based, being as they can perform arbitrary calculations. Also, Servlets can, technically, access the input and output streams of the request directly. Many servlets don't need that kind of direct access. For example, most simply use the request headers and parameters rather than the input stream itself. NIO based servers are essentially event driven, with the sockets and IO channels being a dominant source of the events. The NIO server repeatedly checks the two ends of a request (the source and the sink, for example, the input stream and server logic). When the source has data ready to read and the sink is ready to take data, the NIO server grabs a chunk from the source and feeds it to the sink, and then moves on to the other sources/sinks within its queue. The main thread of an NIO server can NOT block waiting for something to come ready, as it will stall the entire server (because none of the other requests will get serviced). If you're simply moving data from disk to a socket, this works fine because OS's offer asynchronous IO calls and make available routines which an NIO server can use to see who's waiting and needs servicing. But exposing that is it ready interface to arbitrary logic like that within a servlet is difficult. If the code is very short, it's no problem at all. The code is always ready and essentially returns immediately. But if it's doing anything more than that (say, contacting a database), then things get more ugly very quickly. The IO drivers of the system are asynchronous without directly using a user level mechanism like threads, so they're asynchronous for free. But if you want user written logic to have an asynchronous behavior, we typically turn to threads to provide that for us. But, the strength of the NIO model is that the requests it manages within its internal queue have simple state than a thread, and therefore switch from request to request is much cheaper (and therefor faster) than using the JVMs thread scheduler to switch between threads. But if the NIO server needs to spawn a thread to get asynchronous behaviour from an arbitrary Servlet, then most of the benefit of the NIO architecture is lost. Servers can certainly be written this way. Servers can perform all of the things that a Servlet can provide. But the fine grained event model is much different than what the Servlet specification provides, and it would also require that all calls be basically event based, particularly calls to things like DBs.\ Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Commons Logging
I have an webapp that is using commons logging backed by log4j. The log4j.properties file is in WEB-INF/classes. The problem is that when I enable the different verbosity levels, those levels are communicated up into the Tomcat container itself. So, if I set DEBUG, I get a boat load of crap from the container that I'm, frankly, completely uninterested in. Anyone have any tips on using Commons Logging within a Webapp without interfereing with TOMCAT itself? Thanx! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 pause (free gmail account for fix :-)
From: Cox, Charlie [EMAIL PROTECTED] Sent: Thursday, October 14, 2004 12:54 PM Is your machine swapping? 512MB can go quickly... It sounds like swapping to me. The problem is that even though you say 256MB on the Java Heap, the heap consumes a LOT more than that in Real Ram, and could easily be bouncing off of the 512MB RAM limit of the machine. If there is anything else on this machine I'd be extra concerned. GC and Swap DO NOT mix. Try lowering your Xmx size, and try to get a better grasp on the real image size of your Java process. You could also try added RAM to the machine as well. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JProfiler vs. JProbe
From: tom ly [EMAIL PROTECTED] Sent: Thursday, May 13, 2004 8:18 AM My team is thinking about getting a profiling tool. Does anybody have any experience with either tool? What are your thoughts about each one? I've had mediocre success with any of them. They all seem to basically do the same thing, they're all pretty darn slow, and they've never really told us much that we didn't know already. With our J2EE app, a lot of our issues turned out to be contention in the container, something none of these tools were able to narrow down, isolate, or identify (even some of the $$$ enterprise tools). I've tried these tools, yet I still have better luck with strategically placed Log4J statements, occasional thread dumps, and verbose GC chatter. Even the stock hprof is basically usable, once you get the hang of it. It's not that the tools aren't good, its just, to me, for the money, they're not a good value over things that are readily available. As a developer, you typically KNOW what's slow anyways, and a bit of logging instrumentation goes a long way. If user X clicks on button Y and it feels slow, that alone narrows down the problem. For monitoring some behaviors, try BEA JRockit, it comes with a nice memory profiler system built in. It also has a method profiler. Finally, if you're looking for production logging, none of the tools mentioned will help there at all. They're too expensive (performance wise) to run. If you have NO IDEA why you code is slow, these tools MAY help you. But in that case they overwhelm you with so much data, that it's pretty much hopeless. Wow, StringBuffer is the culprit. Yea, that's real helpful information. We only call it 8000 times throughout the app. It takes diligence and patience to tune your app, tune it one piece at a time, make sure you can duplicate your results through load testing, and make sure you only tweak one knob at a time, otherwise you may not know what made it faster/slower. Tune early, tune often. One of the things we did was we wrote our own logging JDBC layer (they are all simply interfaces, after all) which checks how long SQL queries take, and logs those that hit a specific threshold. Dumps the SQL, dumps the bind, whole ball of wax. Then we can go through that log on a regular basis to tune queries, the DB, or the code. That helped a LOT for our system. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuration free persistence?
From: Shapira, Yoav [EMAIL PROTECTED] Sent: Wednesday, May 12, 2004 6:27 AM Here's another take that's not seen often, but is intriguing: the java.util.prefs API. It uses the Registry on Windows, and the filesystem on unix, by default, but that can be changed. If you're running on Windows this is a decent approach (but then again if you're only running on windows you might make a whole set of choices based on that). No, that's very clever. I had forgotten about that API completely, and it handily solves the basic problem. I'll have to see how this works on a UNIX box (i.e. does it write to a ~/.java_prefs directory, or what). By using this API, you can plop a WAR on a server, then when the user first tries to use it, run them through a configuration wizard. Perfect. Thanx! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Configuration free persistence?
This is blasphemy, I know...but... As far as I know, there is no portable way that a generic Webapp bundled in a WAR, and dropped into a random container can persist information from one run of the container to another. On the one hand, there is no requirement that a WAR be exploded on deploy, and you certainly can't write to a resource that's bundled in a Jar file. On the other hand, you can get access to a Temp directory, and persist information there, but there is no guarantee that the information will be there when the container restarts. What this means is that you can not take a portable WAR, plop it into an arbitrary container, and then let the Webapp self configure with either reasonable defaults, or even through a web page. So, in order to get any portable persistence, you must: a) Explode the WAR, change the web.xml to add/change a parameter, and rebundle it and then deploy it. b) Require that a database be present and publish the datasource name that the web app is looking for, and assume that the user will configure their container properly (and, of course, your web app must be compatible with that database). c) set a system property on the command line telling the Webapp its persistence information d) create a less portable Webapp and rely on container specific behaviors on which you can make assumptions. Actually, is there even an API that lets the Webapp identify its container? There must be something somewhere, I just haven't looked. So, what are you folks trying/doing to make easily deployed WARs that needs to save setup options or even other real data? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cross site single sign on
Hi all! Not necessarily Tomcat specific, but I'm curious what others may have done to support cross site single sign on. The basic problem is that customer goes to site A, and logs in. Then while navigating that site, they eventually head over to site B. Of course when they hit site B, the customer should already be logged in. If site A and site B live in the same domain space (say, site.com and b.site.com), then a site.com cookie should be able to be used as a token that show login. Of course, this requires cookies. It also requires both sites to maintain the cookie if the cookie is allowed to expire (say, it's only useful for 30 minutes). However I think this would have to be a signed cookie, where both participating servers encrypt to cookie with a known key (perhaps a shared public key). Now, if you have sitea.com and siteb.com, then the cookie technique can't work (as neither can set a cookie for the other). So, I'm thinking that you can do something similiar, a signed token, in a hidden field and then having to submit a form to get to the new site. Of course, you can always stick the token on the URL as well. Does that sum it up? Any other ways for cooperating sites to transparently exchange credentials? I suppose the back ends can do it. Send signed packets to each other during their log in processes to notify cooperating services. But if your logins time out, you still need to constantly update the session information. It's not enough to know that Bob signed in at 10am, and expires at 10:30. If Bob actively uses the site, you want the time out to be since last activity. How are others doing this and what have you found effective? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Weblogic Integration
Did you ever manage to get this to work? We're having similar issues but don't find much in terms of resolution to the problems. Any luck?? Regards, Will Hartung ([EMAIL PROTECTED]) - Original Message - From: Rodney Leger [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 23, 2003 1:21 PM Subject: Tomcat and Weblogic Integration Tomcat Users: I am runing into some integration difficulties. I need to integrate Weblogic 8.1 and Tomcat 4.1. I realize that weblogic has its own JSP container but for this particular assignment it would be helpful to integrate them. I've added weblogic.jar to my tomcat/common/lib directory, however, I keep getting hit with the following error message: exception org.apache.jasper.JasperException: weblogic/rmi/extensions/server/Stub at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 48) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) javax.servlet.ServletException: weblogic/rmi/extensions/server/Stub at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImp l.java:497) at org.apache.jsp.UserManage_jsp._jspService(UserManage_jsp.java:152) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 04) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) I've verified that the /weblogic/rmi/extensions/server/Stub is in the weblogic.jar file but it doesn't seem to find it. I've also tried to obtain the classpath that tomcat is using with a jsp that gets the system properties and prints the classpath. Unfortunately, the only thing that was return was: /usr/java/j2sdk1.4.1_01/lib/tools.jar:/usr/local/tomcat41/bin/bootstrap.jar This doesn't seem to be what I am looking for. What am i missing? I've seen a similar configuration work at another site, but I can't tell what I am doing wrong. Your help is greatly appreciated. Thanks- Rodney - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Has anyone managed to get Tomcat 4.1.x to make EJB calls to Weblogic 8?
We already have Tomcat 4.1.18 talking well to Weblogic 5.1, and it was quite the event of tearing jars et al apart and getting them placed in the proper spots of the classloader hierarchy. I'm now struggling with trying to do the same integration of Tomcat 4.1.18 to Weblogic 8.1, and it's not going well at all. What is interesting at this stage is that our default startup servlet runs and can get access to the EJB server (it caches a bunch of stuff from the EJB side on startup). I've already got select portions of the weblogic.jar from both in shared/lib and on the system classpath, mostly from trial and error. I've had to move my EJB interface classes (Like BeanSession, and BeanSessionHome) out of the web app and into the system classpath, as well as any classes that THEY reference. You're in a maze of twisty ClassLoaders, all alike... I've gotten a simple standalone client app working, so it's pretty clear to be the complicated class loader environment of the Tomcat that's tripping me up here. Any help at all would be welcome. The hole in my wall, monitor and desk is ever expanding and my head Really hurts... Thanx! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What order are jars used in the WARs lib directory?
From: Tim Funk [EMAIL PROTECTED] Sent: Thursday, July 17, 2003 5:43 PM From the spec: The web application classloader must load classes from the WEB-INF/ classes directory first, and then from library JARs in the WEB-INF/lib directory. So if you have patches - don't JAR them. Since the spec doesn't specify JAR order, it may be different between containers, containers version, or even OS's. Right, it's implementation dependent :-/ I could also make my own jar, but I was just curious if they had something official. Thanx! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
What order are jars used in the WARs lib directory?
If I have jars that I'd like to put in to the WARs lib directory (or, say, shared/lib), is there any way I can, perhaps, name them to guarantee use order? For example, say I have: mystuff.jar and mystuff_patch.jar If I have CLASSPATH=mystuff_patch.jar:mystuff.jar, then, ordinarily, Java will find classes and use the classes within mystuff_patch.jar before it finds the identically named ones in mystuff.jar. So, is there any way to determine what this order is in the Tomcat lib directories?? Thanx! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Servlet process issue
From: Tam, Michael [EMAIL PROTECTED] Sent: Friday, March 21, 2003 12:06 PM Or better, what is the best way to spawn another process to perform the validation and loading after the files being uploaded to avoid the client interferes the process accidentally? The best way to do what you propose is have your Servlets upload the data and then place a request for the further processing into a queue. At that point you return to client saying Processing you request, come back later... or some such thing. It obviously depends on whether the client actually cares about the outcome or not. Then on the other end of the queue is a process taking requests, performing further processing on them and perhaps updating the status of the overall job (so it can report it back to the client if they ask for it). There are several ways you can do this kind of thing. One, is to have the queue be a simple container (like an ArrayList) that has it's overall access guarded by synchronized methods. This queue live within the JVM, and another thread can be running endlessly querying the queue for requests, and then acting upon them. Another technique is to have the queue implemented within a database, and then a completely seperate process, written in anything that can access the database, can get access to the jobs and process them. The Java Way of doing this kind of the is with JMS, which allows you to abstact the whole queuing and monitoring aspects of the system. Here you have a Publisher, which creates requests, and Subscribers, which act upon then. Depending on the JMS system, these can all be within the same JVM, or on completely different machines. It also makes it easy to have several Subscribers acting upon the same Topic. A contrived example would be that you have your Servlet acting as a Publisher, adding request as fast as your users can submit them. Then, since your processing is CPU intensive, you set up 10 different machines, each having the bandwidth to process 3 different requests simultaneously. So, each machine creates 3 Subscribers, and you end up with 30 Subscribers total. The JMS system is fine way to pull things like this off, and the various implementations have assorted features that differ on robustness, scalability and performance. However, if it were me, I'd probably roll my own simple queue and fire off a couple of processing threads within the JVM of the Servlet container, have a Servlet that initializes this whole thing loaded-at-startup within the web.xml and be done with it. Make sure you persist the requests that have not been processed yet so should the Servlet container quit, you can reload and process those requests later after restart. Like I said, JMS does exactly what you want, but if your needs are fairly limited, writing your own is not overly complicated. A simple queue, a few threads, a little DB work. http://openjms.sourceforge.net/ is a free implementation, though I have not used it. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Pre-authorize a link?
From: Doug Redd [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:08 PM Subject: Pre-authorize a link? Is there any way to make a call such as authorize(user, resource) that returns a boolean to indicate if the user is authorized? I am looking for a way to programmatically either include or exclude a link on a page depending on whether the authenticated user is authorized to access the link's destination. The basic method is to use Roles, and then use the Request.isUserInRole(ROLE) to determine whether a user is qualified to go to that link. I appreciate this isn't the complete answer you were looking for, as it would be nice to just throw the URL at the container and have IT figure it out, but the current Container Managed security is pretty darn basic and doesn't expose much functionality to the user. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: remember password HOW-TO?
From: David Reed [EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 1:46 PM Subject: remember password HOW-TO? I am a relative newbie to servlet programming and I'm not really sure how to best solve a problem I am having. I am trying to implement a save my password feature on my web site. I am using Tomcat 4.1.18. I am using form-based authentication and I am using the Tomcat provided userdatabase to store my usernames, passwords and roles. If you're using container based authentication (which you are), then you can not implement a remember me facility within the Servlet API, there's simply no mechanism for it exposed by the container. Of course, you're welcome to beat on Tomcat itself to provide this non-portable functionality, but there's no way to do it solely within your web app. The only other solution is to implement all security using standard mechanisms with Servlets et al, but that's a big wheel to re carve out of stone. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: remember password HOW-TO?
From: David Reed [EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 2:10 PM Subject: Re: remember password HOW-TO? Thanks Will, So what are my alternatives to container based authentication? Common wisdom today would be to use Filters, as they're pretty much ideal for this depending on how your app is set up (i.e. if your app is fairly straightforward). The real problem is that you can't mix and match. You either have to use Your Way entirely, or the Container Way. So, all of your code relying on the Servlet API for Roles and what not have to be changed, which is invasive and quite the drag. If you're willing to beat on Tomcat, then you can probably more easily tweak the org.apache.catalina.authenticator.FormAuthenticator class, or subclass it which would be safer. Tweaking that to support a remember me function would be a lot less code for you to write than implementing your own entire system, plus you'll not have to change any of your interior security checking code. Of course, this isn't portable to another container. Someone else may have a pointer to a plug in Servlet/Filter based security system that's available on the web, I haven't looked myself. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: remember password HOW-TO?
From: Raible, Matt [EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 2:36 PM Subject: RE: remember password HOW-TO? I've been able to implement Remember Me functionality using form-based authentication and cookies on Tomcat 4.1.18. http://www.mail-archive.com/[EMAIL PROTECTED]/msg86636.html To be pedantic, this is simply security implemented with Servlets and Filters, and has nothing to do with the container based Form Based Security. I'm sure it works fine and does the job, I'm not questioning its quality or functionality, and David may well be able to lift it and use it straighaway. I'm just pointing out that this does not interact in any way with the Container provided security infrastructure. FYI Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: remember password HOW-TO?
From: Raible, Matt [EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 4:36 PM Subject: RE: remember password HOW-TO? Actually, it *is* using form-based security. I just do a redirect to j_security_check to mimic how a form's action submits to action=j_security_check. Really? That certainly is crafty, and I'd like to think that it would work, but I'm a bit puzzled. Perhaps someone can clarify these points. My understanding is that the basic problems with interacting with Container based authentication are two fold. One is that the Servlet API provides no way for a Servlet to actually set the UserPrincipal, a Servlet can only access it. As seen by a Servlet, the UserPrincipal is an attribute of the Request, not of the Session. Your technique sort of mitigates this by directing to the container specific parts so it can Do Its Thing. However, my understanding of the path of a request is something like this: Request - Mapper (determines where this URL should go, servlet, jsp, etc) - Container Security (if Mapper points to protected resource, Security kicks in) - Filters - Servlets I'm under the impression that the Container Security layer is ABOVE the Filter layer. So, if you have a Container Security Managed resource that is also a Filtered Resource, then the Security will hit first before the Filter has a chance to do anything (in this example check a cookie and redirect). Now, this data flow is not enumerated at all within the spec, at least not in a nice blocky diagram. Filters can easily come before the Container Security, but I would think not as the filter may be doing something (say an Access Log filter) for a request that is later denied by Container Security, and then the user is passed on to either HTTP or Form based authentication. This would also be horribly nasty if for some silly reason the Filter had already started committing the response (which it's allowed to do). So, for simply sanity I'd think all of the Container Security would be done far before the Filters start firing. And I don't know how Container Security interacts with RequestDispatcher. If a unsecured request tries a .include or .foreward call. I'm guessing not at all. But, all of this tells me that Container Security is really just a thin veneer hammered in place between the original request and the rest of the Container. Anyway, I'm not saying your implementation does not work, obviously it does, or you wouldn't be using it. However I would be curious to see your security-contraint tags and filter-mapping tags. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: reloading applications - classes stay in memory?
From: Marc Dumontier [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 1:32 PM Subject: reloading applications - classes stay in memory? Hi, I'm using the ant task to reload my web application during development. The problem is that I have a huge run time library (takes about 45 seconds to load up the class itself). The static block is executed each time i reload (these are not servlets - they are JAXB generated classes). Is there any way to keep those classes loaded into tomcat, so when i reload the class is already initialized? is there an alternate method for accomplishing this? Place these classes outside of the WAR and into shared/classes or shared/lib. The problem is that when the app reloads, the classloaders for the app get destroyed and recreated. A class within the JVM is actually the combination of the class and its class loader. If you place the classes outside of the WAR, then those class loaders will not be reinitialized when the app is restarted. Of course, should those classes change, you'll need to restart Tomcat. Also, you should still, I feel, bundle those classes properly within the WAR for deployment and production, but to expedite development, this should work fine. However there may be problems if it's using any reflection to load classes that are also within the WAR, as the shared/* class loaders can not see any classes within the WAR. So, if your class shared.lib.TestClass does something like Class.forName(in.the.war.TestClass), it will fail. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: reference material
Look through the archives. On Dec 18, John Turner wrote a pretty good post on the various connectors. Regards, Will Hartung ([EMAIL PROTECTED]) - Original Message - From: Deepa Raja [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 28, 2003 3:33 AM Subject: reference material Could someone mail me a link about where I could find information that compares different type of connectors. i could not trace the archives of this group. Thanks in advance Deepa - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: startup order for applications
From: Ben Souther [EMAIL PROTECTED] Sent: Thursday, February 27, 2003 12:54 PM Subject: startup order for applications I've got two applcations. The first is an Axis webservice application and the second is a servelet/jsp app that consumes services from the first. I would like to configure the JSP app to make a webservice call to get initialization params on startup. In order to do this, I need to insure that the webservice app is up and running before the JSP app starts. Hmm...that's a bugger. You can't listen for the socket of the webservice, as it may not come up until after your dependent app is finished initializing. You can't wait for the other application, as if it's the first one to start up, it will block and the second webapp may never get a chance to initialize. Have you tried to see if the placement of the contexts within the server.xml is deterministic? i.e. The first context always starts before the next, or vice-a-versa? You might be able to glean some information from the source code about startup order. I doubt there is any way to ensure the startup order of arbitrarily placed webapps in the webapp directory. Those may be auto-deployed and initialized in the order they appear within the directory, which is internally unsorted and should be considered arbitrary. There isn't any portable way of ensuring webapp start up order, that I'm aware of at least. Let us know what works for you. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDK DNS cache (was Re: crontab problems)
From: Michael Micek [EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 10:54 AM Subject: JDK DNS cache (was Re: crontab problems) The web application developer I'm supporting has instructed me to ask: Would this be true if the jsp or session didn't have application scope? If it isn't true for session scope then it's a design not JDK issue.. It's a JDK issue, so it's super duper global scope. It's an interesting nit. It's a shame that they buried this implementation deep into the JDK. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Properties file [SOLVED?]
From: Craig R. McClanahan [EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 11:37 AM Subject: RE: Properties file [SOLVED?] From: José Moreira [EMAIL PROTECTED] String path = this.getClass().getClassLoader().getResource(config.properties).getPath(). toString(); FileInputStream in = new FileInputStream(path); You are working too hard. :-) InputStream is = getClass().getResourceAsStream(config.properties); Now, as a nit, it would seem to me that not only is he working too hard, but what he is doing may not even work. The assumption is that getResource will return a URL to which the getPath part actually points to a File. That's not guaranteed at all, I don't believe, particularly if the resource is buried in a JAR. I imagine that the better way to work too hard here would be simply: InputStream in = this.getClass().getClassLoader().getResource(config.properties).openStream () Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Shared servlets between webapps
From: Edson Alves Pereira [EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 12:53 PM Subject: Shared servlets between webapps Hello folks, i want to use the same servlet with two webapps, then i put it in shared/classes, everything was fine and the servlet work almost as i expected, but when this servlet need to get a variable from the environment, it has null value, why it happens and how i can solve it? More detail is needed, but to begin with just because the servlet class itself is shared, the actual servlet instances are within different contexts and would actually share very little. So if you're expecting the shared servlet to see something set by WebApp A when run in Web App B, then you'll be disappointed. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: crontab problems
- Original Message - From: Ayhan Peker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 1:29 AM Subject: crontab problems Hi everybody , I have a problem..I am trying to write an application , which will run from cronatb on linux... My application runs without a problem when i try it from the command line..BUT NOT FROM CRONTAB... The challenge is: if jvm crashes i want to restart tomcat If you simply want to restart Tomcat every time it crashes, then you might want to look at http://cr.yp.to/daemontools.html This is a service management framework that does exactly that (among other things) on UNIX boxes. Dredge the archives, as I've posted the instructions for doing this before. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] How to quote ? !
From: Ralph Einfeldt [EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 4:59 AM Subject: RE: [OT] How to quote ? ! As long as the quote is stripped down to the relevant part, I can live with both options. (In fact I use your approach, if there are several remarks or questions I want to comment on) This is key I think, the classic quote all followed by Me too are pretty worthless. Even worse are the ones that quote the entire post and slip a single response buried in the middle. I don't care much for answers first as they tend to have little context, making me scroll hither and yon trying to figure out what is going on. But, for quick answers they work. However, a lot of this boils down to the program people are using. Outlook likes to answer first, mostly because the classic text style of quoting doesn't work with RTF or other formats. My Outlook seems to pick and choose when and when not to prepend the . It's very aggravating. But, it's all discipline and hard work. (For example, I copied this post into vi to format it, becuase Outlook wouldn't...sigh). What I like is pretty much irrelevant, as there's no way to change it or enforce. Silly rules I say. It's just part of the way folks deal with mailing lists. Welcome to the Internet. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is there a tag or some kind of mechanism that would do the following ...
From: Karr, David [EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 1:53 PM Subject: RE: is there a tag or some kind of mechanism that would do the following ... I'd say your best strategy is to approach this problem from a different direction. Instead of figuring out how to make it easy to emit HTML from your servlet, work on building JSP custom tags which emit small logical pieces, and then reference those tags from your JSP pages. That could work, if the code was used enough to make reusing it viable. It's one of those fine lines between a JSP and a Servlet. Another thing that could be done is simply writing a local class method: private void p(String s) throws IOException { out.println(s); } Then, your code becomes: p(html) p(title) etc. That can help simply reduce the boiler plate of printing it out. Finally, I'd look at creating a simple script is any convenient language that simply converts an HTML file into java, and then cut-n-paste in into your code. Now, I find cut-n-paste to be one of the great evils of the development communiity, but sometimes it is appropriate for one-off code generation tasks. If you keep the original HTML around, then you don't have to worry editing in place, simply edit the master, run the filter, and re cut-n-paste. Here's a simple sed(1) script: sed -e 's//\\/g' -e 's/.*/out.println()/g' Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.18 session objects
From: Greg Speechley [EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 4:09 PM Subject: RE: Tomcat 4.1.18 session objects I realise that sessions are for user tracking, etc but I wanted to know why it was suggested that it was a bad idea to store them in a vector so that you would have access to a list of users who are currently logged in (have valid sessions). As I understand it Tomcat doesn't give you the ability to access such a list so you would have to store it yourself. Why would this be unreliable? It was probably removed or never added for similar reasons why you can't access the other servlets within a container. Conceptually, if you could sniff other sessions destined for other users/servlets/webapps, you might create a monsterous security hole in a shared container. Since there's no real way (according to spec) to bind sessions to a particular webapp, sessions end up be global to the container (so you have a globals session list vs a webapp specific session list). Now, if they WERE webapp specific sessions, no doubt folks would be screaming about wanting to make them global, so you really can't win. As someone else mentioned, you might try caching the sessions into a global map with a filter if you'd like to track users, but, particularly with session persistence and reloading, there's no guarantee that a session is the same session as the one you have stored in your list. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Database load balancing?
From: Vic Cekvenich [EMAIL PROTECTED] Sent: Monday, February 24, 2003 4:02 AM Subject: Re: Database load balancing? Try caching first; with Poolman.sf.net or http://www.phworks-online.com/cache.html Yeah, that's what I would try first. Especially if it's read only data, make it an issue to not hit the database at all, and then you won't have to scale the back end as much. And caching can mean many things. Caching not just in memory, but even entire pages. It depends on how dynamic that actual pages are, not just the data. Heck, just sticking a caching proxy in front of your site can do wonders! At the application level, though, your basic logic can be: Get Request IF !memoryCache THEN IF !fileCache THEN Create fileCache from DB END IF Create memoryCache from File END IF server out of memory. Whole bunch of syncrhonization issues and other stuff that makes this not-so-trivial, plus the cache cleaning threads, data expiration etc to add complication. Finally, it may not even work with your application. Replication could slow you down. It all depends on the application. It depends on how much incoming data there is, and how up to date you must keep the mirrors. Are they allowed to be out of synch at all? Probably. From a Java level, you can have your data come into a JMS queue, where the listeners update the master DB and also the mirrors. The real trick is doing any bulk synchronization should they get out of the synch outside of the JMS process. Of course, this could be accomplished with simply a bulk copy of the masters data files. The biggest problems happen when the producer and consumer of the data are the same person (like a BBS), where folks expect instant feedback from their messages. But, if your staff creates the data out of the view of the consumers, then your consumers have no expectations of when new data will appear in the system, so a delay between data submission and site update can be minutes or hours or even days. But, anyway, cache first. Overall I think it's a less complicated solution. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to protect file
From: Xiongfei Wang [EMAIL PROTECTED] Sent: Sunday, February 23, 2003 9:21 AM Subject: how to protect file I have tomcat 4.1.18 i want to develop a login system similar to login system of my bank's website. Why not go and read Section 12. Security in the Servlet Spec. This wheel has already been invented for you. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Porting
From: Jeff Masud [EMAIL PROTECTED] Sent: Sunday, February 23, 2003 1:28 AM Subject: Tomcat Porting 2003-02-19 09:57:37 StandardManager[] Cannot serialize session attribute GAGGLE$STATE for session 54279C61F055148C959AE9D7B7B51962 java.io.NotSerializableException: com.gaggle.util.Services Here's where I see the problem: It looks to me that the Tomcat Session Manager is (for whatever reason) try to save out some of your sessions, and they're simply not cooperating. Now, the StandardManager won't serialize sessions except at startup or shutdown, but the PersistentManager will swap old sessions in and out of the JVM, though it's marked as experimental in the docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html). Now, you mentioned that you're not a Java person, so it's not clear to me how you're going to fix this should Tomcat try this while running (as it takes changing the actuall classes to solve this problem). But, the class to look at is com.gaggle.util.Services, that's what it's complaing about. Good Luck! Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache and Tomcat: a bad practice
From: Turner, John [EMAIL PROTECTED] Sent: Monday, February 24, 2003 9:31 AM Subject: RE: Apache and Tomcat: a bad practice Great! I'd love to see a HOWTO for load-balancing Tomcat instances across multiple hosts without spending any money for a dedicated hardware solution and doesn't use another software product besides Tomcat. Got a link for one? Yes! Hear Hear! Me Too For whatever reason, there is a complete dearth of information on open solutions to generic load balancing. The hardware involved is NOT cheap (hell, it's not even reasonable). Apache's mod_proxy can kinda sorta maybe almost do it, but you lose session affinity and other nice things. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Performance Issue
Another thing you can try is to time how long it takes to get the FIRST record, rather than the entire thing. Sometimes the actual result set is fully realized until after the first row is fetched. Once the result set is realized on Oracle, fetching should be pretty quick. Regards, Will Hartung ([EMAIL PROTECTED]) - Original Message - From: vikas yk [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, February 21, 2003 2:52 AM Subject: Re: Re: Performance Issue Hi peter Thanks for your reply. I didnt get what u meant by testing it with bean What I did was recorded the time before I executed the Proc recorded the time after I got result result set recorded the time after commenting all the logic I had in while(rs.next()){} loop. I need all 6000 rows coz on my page i am selecting one item in my combo-box and based on value i select second combo box on same page gets populated. Unfortunately there is one value which is creating problem Any help will be of great help 2 me On Fri, 21 Feb 2003 Peter Lin wrote : If you're reading out 6K rows remotely, you're limited by bandwidth. Especially if the webserver only has one ethernet card and you're viewing the pages from another client. If you're concerned about performance, I would suggest writing a simple test bean to do the same exact query and time the elapse time to get the data. Then you can subtract the transport time from the total elapsed time. Is there a reason you need all 6000 rows? That's a lot of data to view in one shot. If you can break it into pages, or preload that data, it should improve the response time. peter vikas yk [EMAIL PROTECTED] wrote:I am making call Oracle Function on remote database . The values are taken in result set.The numbers of records in result set are aroung 6000. when I do while(rs.next()) { //My logic } This takes aroung 5 min(300 sec) to get completed Now I commented all my logic inside while loop of rs.next() then also its taking around 4 min (250 sec) to just loop through records. Is there any way I can minize my time to recurse through records. I am using oracle thin driver to make connection. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, and more - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet filter and listerner best practices
From: Etienne [EMAIL PROTECTED] Sent: Friday, February 21, 2003 3:47 AM Subject: Servlet filter and listerner best practices Hi all, I am looking for some best practices for servlet filter (and servlet listener). These are quite new (servlet 2.3). I am using a servlet filter on some of my jsp page, but I would need a detail example of the best way to implement it. It kind of all depends on what your Filter needs to do. Passive filters (like, say, a Logging Filter) can be quite different from something like a GZip filter, which needs to really muck about with the request and streams and what not. I am not sure how to catch exception in the servlet filter without hiding everything in the back on it. Pretty standard exception technique here. If you catch an exception that you don't want to deal with, simply throw it again and let something else higher up take care of it. Even better, don't catch exceptions that you can't handle at all. The old proclamation of Don't test for something you can't handle rings loudly here. Perhaps some more detail about your situation would be helpful. Is there a more precise way (with some reg ex?) to associate a filter with pages? I dunno, the filter specification is pretty specific, perhaps too specific meaning that for lots of disparate pages, you'll have lots of entries in the web.xml. Perhaps if you could organize your pages in a hierarchy so you could simply put the filter on a parent directory part of the path would help reduce the load on the web.xml file. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet filter and listerner best practices
From: Etienne etienno@ Sent: Friday, February 21, 2003 11:06 AM Subject: RE: Servlet filter and listerner best practices Thanks Will, The filter servlet is only for logging checking and parameter init. I would have like to learn more about (J2EE) pattern using filter and listener servlet. Logging is pretty simple, as you simply Do Your Thing either before or after the doFilter call (or both). Here the Filter is a simple wrapper. I think they're handy for doing the parameter parsing and creating a local instance of a specific Parameter class that your code relies on. This helps loosen up the binding between your logic and the fact that it's buried in a Servlet container. Of course, you still need to pass in the Parameter, I stuff it into the Request as an attribute. The problem about the filter servlet is that doFilter() do not throws exception, so we must catch everything in doFilter. So that is why I was hiding everything in back of it. It can be hard to debug that way. Well, it can throw a ServletException, which is the same as the Servlet.service() method, though service() also can throw an IOException, so you're really not losing anything. Mind I'm not saying that it can't be limiting, but it's just not that much more limiting than the normal happenings within Servlet programming. Regards, Will Hartung (willh@x) - To unsubscribe, e-mail: tomcat-user-unsubscribe@xx For additional commands, e-mail: tomcat-user-help@xx
Re: making file case insensitive
From: Peter Choe choepete@xx Sent: Friday, February 21, 2003 12:25 PM Subject: making file case insensitive is there a way to make tomcat serve html files regardless of the case of the file? Sure, easy. Run it on top of Windows or Mac OS X on an HFS file system, as they're both case insesitive file systems. Other than that, I'd make it a point to make sure your file names match the actual files. The problem is two fold. One, you essentially want to open (using crude regex syntax) the file name [Hh][Ee][Ll][Ll][Oo].[Hh][Tt][Mm][Ll]. This means that the file open code must scan the directory and perform this match on the each of the results rather than rely on the file system to do it instead. As you can imagine, the file system will do this MUCH faster than Java/Tomcat can. Second, you have the issue of potential name conflicts. If you have both Hello.html and hello.html, which file is supposed to be opened, as they are different in a case sensistive file system, and also most file systems don't sort their file names internally, so either one could come first in a directory scan. So, there is no quick fix. You need to take responsiblity for your file names an be consistent with them. Regards, Will Hartung (willh@x) - To unsubscribe, e-mail: tomcat-user-unsubscribe@xx For additional commands, e-mail: tomcat-user-help@xx
Re: wrestling with JSP error page
From: jeff.guttadauro@xx Sent: Friday, February 21, 2003 11:54 AM Subject: wrestling with JSP error page Does anyone know of a way, besides maybe making the buffer size really huge, to get around this problem? Would a Filter on the response help with this? How would something like that work? (Never written/used a Filter before) What would you recommend? It's a generic mechanism. The problem you're seeing is that content is already on its way down the socket and can't be stopped, so you get your error within your code. HTTP doesn't support a Oh, Wait, just kidding, here's what I REALLY wanted to say mode. It's fairly stupid protocol that way. How big a buffer do you need? What if Tomcat is streaming down a huge PDF file and hits some kind of resource limit mid stream? Yuck! Perhaps a better solution would be to restructure your code so that anything that might throw an exception is done before you actually start streaming the result. Granted, that's a lot more work. However, setting the buffer size larger is legitimate, and perhaps something you can do for development (no doubt your exception will Never Happen Again). Set it to something more realistic for your application. Regards, Will Hartung (willh@x) - To unsubscribe, e-mail: tomcat-user-unsubscribe@xx For additional commands, e-mail: tomcat-user-help@xx
Re: instance of (ot)
From: Mike Jackson [EMAIL PROTECTED] Sent: Thursday, February 20, 2003 11:06 AM Subject: RE: instance of (ot) Perhaps you ought to post a snippet of what doesn't work. I personally haven't had any problems with instanceof, but without seeing what you're doing I don't think any of us can help. The problem is that 'instanceof' does not take an expression on its Right Hand Side, rather it must be a class specifier. So this: Class c = anObject.getClass(); boolean b = anObject instanceof c; does not compile. However, this SHOULD work: Class c = anObject.getClass(); boolean b = c.isInstance(anObject); I think that's what he wants. (I haven't tested this). Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Form based security and Remember Me
From: John Trollinger [EMAIL PROTECTED] Sent: Thursday, February 20, 2003 12:31 PM Subject: RE: Form based security and Remember Me But does this work with Form based authenticaiton and realms... How do you let the realm know that the user remembered so the login can be bypassed? This was touched on before, but the basic problem is that a Servlet does not have a portable way of actually setting the authentication details necessary for you to do what you want to do. What you want to do, essentially, is have a servlet do your authentication before in order to bypass the containers inherent authentication mechanism. But, the API doesn't let you do this. Which means you have to implement all of your own security some other way. Which is a drag. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best Logging practices
From: Arachtingi, Mike [EMAIL PROTECTED] Sent: Wednesday, February 19, 2003 7:48 AM Subject: RE: Best Logging practices What do you think of this opinion: I am inclined to use the JDK1.4 logger just because it's included in rt.jar, thus fewer jars and shorter classpath, and all that. If you don't like the length of your CLASSPATH, you can try dropping the jar into $JAVA_HOME/lib/ext directory, as all of those jars are aauotmatically placed on your CLASSPATH. Most folks don't think of this (I don't personally do it). Folks tend to forget about this mechanism and wonder where Things Are Coming From when they don't seem them on the CLASSPATH variable. However, I also agree with the other poster that CLASSPATH is really a non-issue. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Location of property files
From: Bill Barker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 10:43 PM Subject: Re: Location of property files %@ page import=java.util.* % . % Properties myProps = new Properties(); InputStream pin = getServletContext().getResourceAsStream(/WEB-INF/my.properties); myProps.load(pin); pin.close(); % Is that portable? Is there anyplace in the spec that mentions that /WEB-INF/ is actually available as a resource? Or is it fair to say that anything with an absolute path off of the ROOT of the context is available? (Mind, I'm not denying that it works, I'm curious if it working is a fluke, or is it guaranteed across platforms.) Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best Logging practices
From: Steven J. Owens [EMAIL PROTECTED] Sent: Wednesday, February 19, 2003 1:27 PM Subject: Re: Best Logging practices This is something that's bugged me for quite a while (in fact, since jars were introduced :-). There's no way, as far as I'm aware, to elegantly handle configurable files inside the jar, nor to handle writable data inside the webapp jar. Well, there is the temp area that's made available by the container, but it's not a persistent storage area. One thought though; for web applications you're supposed to get external resources by configuring them in the web.xml and using ServletContext.getResourceAsStream(). This only supports input streams, but I've always sort of felt it should support output streams as well. Or that there should be some similar mechanism, so that at least the point where you're crossing the web application boundary is explicitly and clearly defined in a standard central location for such information. But, once you're cracking open the web.xml, then you might as well point it to a directory or JDBC instance. The real issue is, of course, that it's SUPPOSED to be difficult to write things, as writing things consumes resources on the host machine, compared to reading, which is non-destructive. I do agree, however, that it would be nice to have some persistent area available. Minimally, it would be nice if the container was supposed to offer up a persitent implemenation of the Preferences API, or a writeable JNDI implementation. However, to be fair, I think a lot of that motivation is being sucked into the J2EE side of the equation. It's a real question how long Servlets will be stand alone at all. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best Logging practices
(Directory name, JDBC URL, JNDI, whatever). You'll never be able to assume (portably) that you have persistent volume storage available without configuration. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP files between many webapps
From: Edson Alves Pereira [EMAIL PROTECTED] Sent: Friday, February 14, 2003 10:08 AM Subject: JSP files between many webapps Hello folks, i´m doubt about which is the best way to share JSP files with many webapps ( in my case, i have 2 ), i don´t want copy the same JSP to another directory and every page is easy configurable with parameters like: Why not copy the JSPs? Is it difficult? It's a simple Ant task to copy files. There's nothing stopping you from keeping the JSPs in a common directory under your source tree and replicating them to the appropriate spots in the independent Webapps at build time. To be clear, this is a build issue, not a Webapp issue. The Webapp structure is strict, and basic. Your build environment is dynamic, fluid and organized to suit your tastes, preferences, and environment. These are not mutually incompatible premises. When compiling C programs, you have a common area for library routines on your system, and every time you build, the code gets copied from these libraries into your final executable. You end up with N copies of printf bundled across all of your different executables. This issue with the JSPs within the Webapp is absolutely no different. Make N Webapps, get N copies of the JSPs within those Webapps, yet they can all come from a single source. There is always (ALWAYS) this confusion that Webapps == the interlinked, mangled web of resources in a conventional website. The whole point of the Webapp is to avoid this mess. To cleanly and clearly demarcate the boundaries of what is within the Webapp and what is not. This ensures the the Webapp is moveable, easily, from one container to another. The downside is that you pay for it with disk space, but saving disk space has long ago been abandoned considering the drive densities of modern systems. The Webapp is your friend. Embrace it and be happy. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP files between many webapps
From: Tim Moore [EMAIL PROTECTED] Sent: Friday, February 14, 2003 9:52 AM Subject: RE: JSP files between many webapps I have to say that, while the webapp concept is nice in many respects, it's really not adequate for large, complex applications with multiple component modules. It certainly makes the simple, most common case far more manageable than it was before, but there are some projects (probably a growing number) for which the single-unit webapp model doesn't quite cut it, and those of us building systems like that are constantly struggling against the limitations of the servlet spec. :-\ Not to doubt what you're saying at all, but this seems to me that the limitations can be mitigated if they're known about in advance. Now, the Webapp isn't perfect, and leveraging a legacy application into the iron fist of a Webapp can be difficult to say the least. Not to mention integration of a heterogenous application that isn't pure Java. Lots of fun to be had there. However. I look at the Webapp and think of it at a pretty simple level. The Context. Within the context, you have mappings to the assorted segments of the Webapp. Assuming a pure Java Webapp solution. If your multiple component application is managed at the Webapp level, then, yes, you will have problems. But that begs the question of why you're using the Webapp as your component layer, when in reality it's the integration layer of the system. To be fair, I think the component level is the Servlet layer and its associated mappings within the web.xml, not the Webapp layer. In EJB parlance, you don't integrate EARs (The EJB version of a WAR), you integrate disparate EJBs INTO EARs. If you have two Webapps to integrate, why not break them into their component bits, integrate the web.xmls, pushing context level mappings down into the servlet mappings, and then rebundle into a Webapp? For example, if you have context1.war and context2.war, and each one has ServletMapping, then you can create a new web.xml that has context1/ServletMapping and context2/ServletMapping. I know, looks easier than it is. Certainly you begin to run into potential namespace issues as you fuse the two together, but this seems doable and I think this is how the Webapps were essentially meant to be used, particularly today. What kind of issues are you running into that would frustrate this kind of process of integration? Because once you're into the single WAR, then your cross authentication issues go away, resource shariing issues (assuming no naming clashes) are absorbed, etc. I'd just like to know what you're encountering, as I think it's important to highlight issues that can be brought up with the JSR groups for future versions of the spec. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm/LoginManager questions
From: Craig R. McClanahan [EMAIL PROTECTED] Sent: Friday, February 14, 2003 1:28 PM Subject: Re: JAASRealm/LoginManager questions *snip* That's the biggest problem with specifications, you kind of have to be a bit of a lawyer to conform with them. It is also why while the goal of any specification is to be functional, it's even more important (particularly in the case of a spec with as wide a reach as the Servlet spec) to be clear. In the mean time, there's a perfectly reasonable (albeit container dependent) way to accomplish what you want in Tomcat. And, even if Tomcat did implement the form-based login wierdness you want, you're *still* stuck with the fact that no other container would necessarily follow Tomcat's lead on this. Let me head over to the corner, grab my stool and white, pointy Ignorant hat here as I butt in, but could what you want to be done be done portably using Filters? IMHO Filters are the most powerful aspect of the 2.3 spec as they provide a great layering and request trapping mechanism in a portable way with which you can do just all sorts of truly horrible things. I'd be very interested to hear why a Filter would NOT work in this case, but as I said, I haven't been totally following the thread here. It's probably glaringly pointed out on line 12 of the initial post (RTFML Will! STFU!). Humbly... Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm/LoginManager questions
From: Bryan Field-Elliot [EMAIL PROTECTED] Sent: Friday, February 14, 2003 2:29 PM Subject: Re: JAASRealm/LoginManager questions Filters (and Servlets, and JSP pages) are prohibited from setting the Subject/Principal (e.g. they are prohibited from actually performing Authentication). I see. The Servlet API does not expose a technique through which an Application can plug in to the overall container security heirarchy. So, while a Filter could be used to create an application specific security mechanism, a developer could not write a generic Servlet, to spec, using the Servlet API security mechanism, and have an application specific security mechanism handle the details of the authentication. Huh. Bother. Yeah, that's a pain I think from a portability standpoint. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How It's Done (was Re: Need help - tomcat do not generate .java and .class file in the work folder)
line message doesn't become a repetitive dissertation straight out of the documentation. Remember, it's not what you know, it's what you know where to look it up. Reading all of this gives you basic vocabulary, even if you don't understand it all, it exposes it all to you. The tutorials give you concrete experience in the concepts presented in the reading to make what you read become more clear and to give it some relevance and reference. Especially when you TYPE THEM IN yourself. You can read all of this stuff this weekend, do some of the tutorials on Sunday afternoon and tell us all about your adventures on Monday. So, remember. Read it all. Do the Tutorials (don't change the Tutorials, don't make them do something else and get side tracked and stuck in a snow bank somewhere. And remember to type the files in yourself, with your editor. Don't fight a development environment. You need Ant, a Command Line, and Notepad.). Then, read it all again, it will be MUCH clearer then. THEN, come back with questions. Odds are you won't need to. You'll become much more enlightened. You'll dance in the streets, raving like a loon. You'll be Brave Sir Robin saying That's EASY! and run off towards the Keeper of the Bridge... Good Luck. Enjoy. Regards, Will Hartung ([EMAIL PROTECTED]) P.S. No sneaking back in. Everyone will read this post and know what you need to do, so we all have the same expectations. And please appreciate how much time and effort it took for me to write this message to you. Don't make me look bad. P.P.S. Whoever was looking for FAQ entries, you can use this as a How do I get started FAQ :-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]