This workaround is working well. Thanks all for your answers.
A.T.
2017-07-23 0:18 GMT+02:00 Mark Eggers <its_toas...@yahoo.com.invalid>:
> Rainer,
>
> On 7/22/2017 2:37 PM, Rainer Jung wrote:
> > Am 22.07.2017 um 22:48 schrieb Mark Eggers:
> >> On 7/22/2017 12:50
Hello,
I'm trying the latest Tomcat (9.0.0.M22) with all the default settings and
applications. When shutting down, it doesn't stop and I'm staying with a
java process which cannot handle any request.
When setting the CATALINA_PID and trying a shutdown -force, it ends in
killing the process.
hi
what are you trying to do exactly ?
If you just need to start one webapp after another one in a precise order,
you need as many Services (+Connector on a different port, + Host) as
webapps.
A.T.
2017-05-31 22:48 GMT+02:00 Hassan Khan :
> Hi,
>
> We have the
"I think you are chasing a ghost that isn't actually there."
I agree with Chris. You should try to clean the caches and I believe that
you will see your memory back "free". Have a look at how to do it here :
What database are you connecting to ? Oracle ? MySQL ? If Oracle, then
you're probably using its specific driver, and there is a debug version
(the "_g" version) that logs.
According to you, what kind of log the Tomcat driver should write ?
2017-02-16 19:08 GMT+01:00 Chris Keilitz
> In this case, I am guessing it would mean I I have 3 LDAP groups (group1,
> group2, group3) and I would need to map those LDAP groups to 1 single role,
> o.e. jazzuser or jazzadmin.
>
> On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris <
> aterrest...@gmail.com>
>
Hello
maybe you're just sending cookies with non-compliant characters. Please
check what you're sending if you can reproduce this problem yourself
RFC 6265 says :
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B /
Hi John
do you mean that a same user would be found in different groups ? Or do you
have different roles, with each role being in its own group ?
2017-01-26 18:39 GMT+01:00 John Trump :
> I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to use LDAP
> for
Hello,
if it is possible to know which servlet is involved in this problem, maybe
could you update the web.xml and deactivate this servlet by commenting its
servlet mapping. You would then get 404 errors, but maybe it's better than
your problem now.
regards
A.T.
2017-01-23 12:01 GMT+01:00
regards
2016-08-23 22:33 GMT+02:00 Christopher Schultz <ch...@christopherschultz.net
>:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Aurélien,
>
> On 8/22/16 3:36 PM, Aurélien Terrestris wrote:
> > "We have a Tomcat 7 and Axis 2 for our Java SOAP
"We have a Tomcat 7 and Axis 2 for our Java SOAP web service over https on
our Ubuntu server. We also use C3PO connection pooling (also in other web
services which is working fine). However, I´m not sure if this is related
to the topic."
I believe it is. Is the faulty web service getting requests
Hi Stefan
I think that tuning should be considered for one application, not for
"production" or "development".
First, you need to check how your JVM is working with its memory
parameters. You can either learn its behaviour by checking the logs ( add
this to the setenv : -XX:+PrintGCDetails
a possible problem there. I'm just being pragmatic
here.
2016-03-09 16:41 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net
>:
> Aurélien,
>
> On 3/9/16 8:50 AM, Aurélien Terrestris wrote:
> > The doc (
> >
> http://tomcat.apache.org/t
The doc (
http://tomcat.apache.org/tomcat-8.0-doc/config/http.html#NIO2_specific_configuration
) doesn't say which one is the best, but we may think that the non-blocking
will work better under heavy load.
If not servicing hundreds of clients at the same moment, I would use the
blocking connector
Tullio,
as suggested before by Felix, maybe you should try different connector
configurations (defaults for HTTP connector are different between T7
(blocking) and T8 (non-blocking)) and see if this changes anything.
For example in the server.xml file :
and
Your code is simple,
Hello,
there are many reasons not to use SSLv2 and this is why JDK6 doesn't
support it. If you're really talking about SSLv2 and not SSLv2
Client-Hello, so you need to use the IBM JSSE implementation. But, I am
unsure that you need this.
best regards
2016-02-19 13:05 GMT+01:00 Utkarsh Dave
Edwin, we're not expecting money here. Please tell us what your problem is.
2016-02-04 20:37 GMT+01:00 Edwin Quijada :
> Hi!
> I dont know if I must put this message here but I am exhaust about this. I
> need a tomcat expert about configuration to solve a problem with
Hi
probably this won't solve your problem but I notice that the random seems
slow :
Creation of SecureRandom instance for session ID generation using
[SHA1PRNG] took [9,870] milliseconds.
Maybe should you then start by fixing this, it has been discussed many
times on the mailing list (
"Would anyone here know what is available in that respect with
mod_proxy_ajp ?"
You could try this :
LogLevel proxy:trace8
2015-12-03 22:41 GMT+01:00 André Warnier (tomcat) :
> Hi.
>
> Although the above module is a httpd-level, this might still be the right
> place to ask :
>
"Form tomcat log i can say that request has been received from client side"
What is saying the Tomcat access log ? Are there lines with response size =
0 ?
2015-12-04 19:13 GMT+01:00 Christopher Schultz :
> Yogesh,
>
> On 12/4/15 9:26 AM, Yogesh Patel wrote:
> >
Aurélien,
>
> On 12/4/15 10:36 AM, Aurélien Terrestris wrote:
> > "Would anyone here know what is available in that respect with
> > mod_proxy_ajp ?"
> >
> > You could try this :
> >
> > LogLevel proxy
+01:00 Christopher Schultz <ch...@christopherschultz.net
>:
> Aurelien,
>
> On 11/2/15 5:54 PM, Aurélien Terrestris wrote:
> > Either my reply was not read, or I'm surprised nobody is answering here.
> >
> > "1. Java doesn't directly support SNMP;"
> >
&g
, but maybe you
want to go deeper. But then, you probably start mixing what's necessary for
N1 support with what's helpful for developers. They have different jobs.
best regards
A.T.
2015-10-24 14:18 GMT+02:00 Christopher Schultz <ch...@christopherschultz.net
>:
> Aurélien,
>
You can choose between a pop-up or an HTML FORM
This one looks like this in web.xml :
FORM
webapp global realm
/login.jsp
/error_login.jsp
2015-10-28 16:28 GMT+01:00 Torsten Rieger :
> -Ursprüngliche Nachricht-
> Von:
erver will be unable to check the JVM, it will raise an alert.
Easy, cheap, and in most cases enough ;)
best regards
A.T.
2015-10-24 14:18 GMT+02:00 Christopher Schultz <ch...@christopherschultz.net
>:
> Aurélien,
>
> On 10/23/15 6:47 PM, Aurélien Terrestris wrote:
> &g
> I know mod_jk will complain if it can't
> make a connection or if there is a timeout... I suspect mod_proxy_http
> will do the same.
They both are supposed to log 502, while Tomcat will raise a "connection
reset by peer" when answering to an already closed connection.
Timeouts for both are
For those interested, the Wireshark 2.0 which is now running the RC
process, has a built-in dissector for Tomcat clusters (named ATH for Apache
Tribes Heartbeat)
regards
erschultz.net
>:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Aurélien,
>
> On 10/7/15 5:59 PM, Aurélien Terrestris wrote:
> > when this happens you can do a thread-dump (kill -3 pid on Linux
> > platforms) and you would see if there is a lock on JDBC ob
Hash: SHA256
>
> Aurélien,
>
> On 10/14/15 5:59 PM, Aurélien Terrestris wrote:
> > Still no solutions, I suppose..
> >
> > Did you enable the SSLv2 Hello as suggested by Chris, and what's
> > the result ? I tested a small client with Java 8, by adding
&g
mac
>
> May be I am mistaken. I will give jtouch a try, thanks for the
> pointers...at this point I am grasping at straws :)
>
> Thanks Aurelien!
>
> -Original Message-
> From: Aurélien Terrestris [mailto:aterrest...@gmail.com]
> Sent: Tuesday, October
George,
do you have any network capture that we can see ?
2015-10-13 22:10 GMT+02:00 George Stanchev :
> >> It might be doable with OpenSSL s_client or something. Tough to
> replicate Java's behavior with a non-Java tool, though.
>
> I tried hard with the s_client but it
stributed with the JRE) on it
> which makes debugging and inspecting local vars really hard...
>
> George
>
> -Original Message-
> From: Aurélien Terrestris [mailto:aterrest...@gmail.com]
> Sent: Tuesday, October 13, 2015 3:13 PM
> To: Tomcat Users List
> Subject: Re: [OT]
dProtocols-java.lang.String:A-
)
If you have some IIS server on internet which reproduces the problem, I'll
try with JTouch ( jtouch.sourceforge.net ) or write a small client.
2015-10-13 22:22 GMT+02:00 Aurélien Terrestris <aterrest...@gmail.com>:
> George,
>
> do you have any network capture t
""
I believe they mean "by default" as for the client side. Poorly written,
probably.
2015-10-13 22:55 GMT+02:00 Aurélien Terrestris <aterrest...@gmail.com>:
> "How do you force Java 8 to use SSLv2Hello?"
>
> You can do this when writing your own
n the Handshaker and
> related classes in the JDK and couldn't see anything that can change that...
>
> George
>
> -Original Message-
> From: Aurélien Terrestris [mailto:aterrest...@gmail.com]
> Sent: Tuesday, October 13, 2015 2:55 PM
> To: Tomcat Users List
> Subject: Re: [O
OK good that it's finally working.
There is a weakness in the documentation since it duplicates a big part of
the original procrun doc, and it would more readable to just give a short
explanation and give a link as you suggest. You can ask for an improvement
in the bug database (
Arno, can you try with these parameters : --StdOutput out.txt --StdError
err.txt and check if this writes anything to these files (I don't bet a
pence on this but let's try) ?
Taken from the doc :
http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html
2015-10-02 17:52 GMT+02:00
Arno,
still investigating for you in the documentation (
http://commons.apache.org/proper/commons-daemon/procrun.html ), can you try
again with --ServiceUser & --ServicePassword instead of --User & --Password
?
regards
2015-10-08 17:35 GMT+02:00 Arno Schäfer :
> Hi
Hi Jamie,
when this happens you can do a thread-dump (kill -3 pid on Linux platforms)
and you would see if there is a lock on JDBC objects, or anything else
synchronized (from the Collections like Hashtable). Not easy for beginners
to understand a dump, but worth learning.
Very often an
Arno,
there *maybe is* documentation about this, see question & comments
from Konstantin Kolinko in
http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html
2015-10-02 16:36 GMT+02:00 Arno Schäfer :
> Hi all,
>
> using tomcat 7.0.54 on Windows 8.1 64 Bit
A late reply to this topic...
Without the conditional test provided by the Rewrite (native Tomcat 8
Rewrite or url-rewrite), it is possible to use an Apache in front of
the Tomcat which will have two ProxyPass, and two virtual hosts on the
Tomcat itself (one servicing anything but the healtheck,
I recommend Linux for 2 reasons :
- easier to install and maintain a secured Tomcat (especially when
using different TOMCAT_HOME & TOMCAT_BASE, on Windows it's pretty
difficult to know how to secure all directories correctly) ; if you
have to deal with file uploading, you don't want a system
+02:00 Christopher Schultz <ch...@christopherschultz.net>:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Aurélien,
>
> On 10/1/15 10:40 AM, Aurélien Terrestris wrote:
>> A late reply to this topic... Without the conditional test provided
>> by the Rew
rus sounds better to me.
What you're saying sounds good, but I have been deploying Tomcat since
version 3 and it has brought me to Linux choice.
best regards,
A.T.
2015-10-01 19:22 GMT+02:00 Howard W. Smith, Jr. <smithh032...@gmail.com>:
> On Thu, Oct 1, 2015 at 11:46 AM, Aurélien T
Hello
maybe the Java documentation is badly written, because it is saying (
http://docs.oracle.com/javase/7/docs/api/java/io/File.html#toURL%28%29
) : "This method does not automatically escape characters that are
illegal in URLs."
# character is not illegal, but reserved (see gen-delims
t;>> >> directoryName="public_html" userClass=
>>> "org.apache.catalina.startup.PasswdUserDatabase" />
>>>
>>>
>>>
>>> Then at user's homes I have:
>>>
>>> /home/usertest/public_html/app.war
>>>
Hi,
first, you should check that the Host is configured with autoDeploy="true"
2015-09-24 14:07 GMT+02:00 Manuel Parra :
> Hello I'm trying to deploy .war application from the public_html folder at
> user homes.
>
> I've added directive to server.xml :
>
>
If you write a Valve (which would be Tomcat-specific, and not work
under other servlet containers), you could change the way Tomcat reads
session identifiers from the request (and use a request parameter
instead of a path parameter).
Maybe could you also have a look on Filters since they're
Thanks Christopher, I believe this was working by the time of Tomcat
4.. but not completely sure, it was a long time ago :)
2015-03-30 16:14 GMT+02:00 Christopher Schultz ch...@christopherschultz.net:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Aurélien,
On 3/30/15 4:24 AM, Aurélien
As suggested by Rainer, I would try with the blocking connector and compare.
Otherwise, it could be that your file is using very long lines (only 5
lines for more than 800k of data). Maybe a tomcat-dev could have a
look on this.
$ wc ext-datadownload-20150323_1157.js
5 7634 838044
by Christopher, you would have
to use something like cloudflare. For very big sites, AKAMAI,..
2015-03-16 13:50 GMT+01:00 David kerber dcker...@verizon.net:
On 3/16/2015 8:41 AM, Robert Klemme wrote:
On Sun, Mar 15, 2015 at 10:07 AM, Aurélien Terrestris
aterrest...@gmail.com
wrote:
I agree
times more powerfull, but I'm not working
there anymore.
2015-03-16 21:09 GMT+01:00 Christopher Schultz ch...@christopherschultz.net:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Aurélien,
On 3/16/15 9:16 AM, Aurélien Terrestris wrote:
As browsers (at least the ones I know) open 2
I agree with the NIO connector which gives good results to this
problem. Also, on Linux you can configure iptables firewall to limit
the number of connections from one IP (
Sascha, you can configure source address stickyness as well as
destination address stickyness, both will provide the same result
which will work for you.
2015-03-12 18:13 GMT+01:00 Mark Thomas ma...@apache.org:
On 12/03/2015 15:20, Sascha Skorupa wrote:
Hi,
here:
I'm not sure how (or even if) you can have Java attempt to connect
with SSLv3 and then re-try with TLS.
I think it is possible, have a look on JSSE Reference Guide for
sun.security.ssl.allowUnsafeRenegotiation and
sun.security.ssl.allowLegacyHelloMessages, they're explaining how to
catch the
/tomcat-against-hacking)
A.T.
2015-02-26 14:43 GMT+01:00 Christopher Schultz ch...@christopherschultz.net:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Aurélien,
On 2/26/15 5:23 AM, Aurélien Terrestris wrote:
I agree with Leon.
As do I. Apache httpd can change the attack surface
I agree with Leon. That said, a service account with low privileges
only gives filesystem protection ; interesting data is usually stored
in the database and you won't be more protected against SQL injections
or even against a modified jsp stored by the hacker (like in some old
STRUTS
I get Tomcat default home page, but images and CSS are not loaded:
All resources are not available and all links are broken. This happens
because you're proxyfying to /dspace but Tomcat ROOT webapp is
written for the / context
http://www.cs.ait.ac.th/dspace/docs/manager-howto.html then works
Olivier,
if Apache and Tomcat are running on the same machine, the tcpdump
won't capture the trafic because the proxy requests are using the
loopback interface and not the ethernet port.
Instead of using the workers properties and the mod-jk section, you
could try with the ProxyPass syntax
In my previous employment, we did that. Create a local user account and
set permissions to the Tomcat installation directory and optional
CATALINA_BASE (if you separated them).
I agree with this (done hundreds of times), and you can set rights
with xcacls. However this reminds us that usually
In my previous employment, we did that. Create a local user account and
set permissions to the Tomcat installation directory and optional
CATALINA_BASE (if you separated them).
I agree with this (done hundreds of times), and you can set rights
with xcacls. However this reminds us that usually
Hello
I think that application to application calls should be implemented
with web services (there is much choice but maybe heavy to implement).
When implementing such a solution, particularly if trafic goes through
internet, you must check that you're using a firewall in order to
avoid false
, is it the same? Or is it
necessary to modify the Tomcat's Security Manager?
Thank you very much.
2013/11/12 Aurélien Terrestris aterrest...@gmail.com
Hello Analia
I'm glad that you could play successfully with the Security Manager as
I advised first :D
About permissions, here you have a doc
Hello Analia
I'm glad that you could play successfully with the Security Manager as
I advised first :D
About permissions, here you have a doc :
http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc3.html#20211
best regards
2013/11/11 ANALIA DE PEDRO SANTAMARIA
Hello Analia
I'm glad that you could play successfully with the Security Manager as
I advised first :D
About permissions, here you have a doc :
http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc3.html#20211
best regards
2013/11/11 ANALIA DE PEDRO SANTAMARIA
You can run Tomcat with its Security Manager, then you can setup which
jar has which rights
have a look here :
http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html
2013/10/22 ANALIA DE PEDRO SANTAMARIA 100074...@alumnos.uc3m.es:
Hello,
I would like to know if is it possible to
the
digest algorithms (only the encryption options).
- Dennis
On 08/23/2013 12:24 AM, Aurélien Terrestris wrote:
Hello
I suppose you need to run your JVM with the unrestricted policy files (on
b=
oth client and server sides). You have to download them from Oracle
website
/23/2013 03:48 AM, Aurélien Terrestris wrote:
According to RFC 5246 Appendix C (TLS 1.2), there is no SHA384. See :
http://www.ietf.org/rfc/rfc5246.txt
The JSSE Reference Guide also doesn't talk about this SHA384 as an
implementation requirement. See :
http://docs.oracle.com/javase/7/docs
Hello
I suppose you need to run your JVM with the unrestricted policy files (on b=
oth client and server sides). You have to download them from Oracle website=
for your java version, and replace the old.
These files are :
local_policy.jar
US_export_policy.jar
Regards
2013/8/22
to test by myself with my own client.
2013/8/22 Dennis Sosnoski d...@sosnoski.com:
I've already done that, though as far as I can see that doesn't effect the
digest algorithms (only the encryption options).
- Dennis
On 08/23/2013 12:24 AM, Aurélien Terrestris wrote:
Hello
I suppose you
to test by myself with my own client.
2013/8/22 Dennis Sosnoski d...@sosnoski.com:
I've already done that, though as far as I can see that doesn't effect the
digest algorithms (only the encryption options).
- Dennis
On 08/23/2013 12:24 AM, Aurélien Terrestris wrote:
Hello
I suppose you
71 matches
Mail list logo