Re: Tomcat 9 M22 doesn't stop

This workaround is working well. Thanks all for your answers. A.T. 2017-07-23 0:18 GMT+02:00 Mark Eggers <its_toas...@yahoo.com.invalid>: > Rainer, > > On 7/22/2017 2:37 PM, Rainer Jung wrote: > > Am 22.07.2017 um 22:48 schrieb Mark Eggers: > >> On 7/22/2017 12:50

Tomcat 9 M22 doesn't stop

Hello, I'm trying the latest Tomcat (9.0.0.M22) with all the default settings and applications. When shutting down, it doesn't stop and I'm staying with a java process which cannot handle any request. When setting the CATALINA_PID and trying a shutdown -force, it ends in killing the process.

Re: Custom Webapp loading..

hi what are you trying to do exactly ? If you just need to start one webapp after another one in a precise order, you need as many Services (+Connector on a different port, + Host) as webapps. A.T. 2017-05-31 22:48 GMT+02:00 Hassan Khan : > Hi, > > We have the

Re: Tomcat 8/Redhat Linux 6.6 /Kernal 2.6.32 - Memory Won't Release

"I think you are chasing a ghost that isn't actually there." I agree with Chris. You should try to clean the caches and I believe that you will see your memory back "free". Have a look at how to do it here :

Re: Tomcat JDBC Connection Pool - Stand Alone Logging

What database are you connecting to ? Oracle ? MySQL ? If Oracle, then you're probably using its specific driver, and there is a debug version (the "_g" version) that logs. According to you, what kind of log the Tomcat driver should write ? 2017-02-16 19:08 GMT+01:00 Chris Keilitz

Re: Mapping Multiple LDAP Groups to a J2EE Role

> In this case, I am guessing it would mean I I have 3 LDAP groups (group1, > group2, group3) and I would need to map those LDAP groups to 1 single role, > o.e. jazzuser or jazzadmin. > > On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris < > aterrest...@gmail.com> >

Re: Apache Tomcat/7.0.39 crashed with fatal error

Hello maybe you're just sending cookies with non-compliant characters. Please check what you're sending if you can reproduce this problem yourself RFC 6265 says : cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B /

Re: Mapping Multiple LDAP Groups to a J2EE Role

Hi John do you mean that a same user would be found in different groups ? Or do you have different roles, with each role being in its own group ? 2017-01-26 18:39 GMT+01:00 John Trump : > I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to use LDAP > for

Re: Stopping any Tomcat thread running more than an amount of time

Hello, if it is possible to know which servlet is involved in this problem, maybe could you update the web.xml and deactivate this servlet by commenting its servlet mapping. You would then get 404 errors, but maybe it's better than your problem now. regards A.T. 2017-01-23 12:01 GMT+01:00

Re: Tomcat7 / Axis2

regards 2016-08-23 22:33 GMT+02:00 Christopher Schultz <ch...@christopherschultz.net >: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Aurélien, > > On 8/22/16 3:36 PM, Aurélien Terrestris wrote: > > "We have a Tomcat 7 and Axis 2 for our Java SOAP

Re: Tomcat7 / Axis2

"We have a Tomcat 7 and Axis 2 for our Java SOAP web service over https on our Ubuntu server. We also use C3PO connection pooling (also in other web services which is working fine). However, I´m not sure if this is related to the topic." I believe it is. Is the faulty web service getting requests

Re: setting jvm parameters to optimize production performance

Hi Stefan I think that tuning should be considered for one application, not for "production" or "development". First, you need to check how your JVM is working with its memory parameters. You can either learn its behaviour by checking the logs ( add this to the setenv : -XX:+PrintGCDetails

Re: Performance regression from 7 to 8

a possible problem there. I'm just being pragmatic here. 2016-03-09 16:41 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net >: > Aurélien, > > On 3/9/16 8:50 AM, Aurélien Terrestris wrote: > > The doc ( > > > http://tomcat.apache.org/t

Re: Performance regression from 7 to 8

The doc ( http://tomcat.apache.org/tomcat-8.0-doc/config/http.html#NIO2_specific_configuration ) doesn't say which one is the best, but we may think that the non-blocking will work better under heavy load. If not servicing hundreds of clients at the same moment, I would use the blocking connector

Re: Performance regression from 7 to 8

Tullio, as suggested before by Felix, maybe you should try different connector configurations (defaults for HTTP connector are different between T7 (blocking) and T8 (non-blocking)) and see if this changes anything. For example in the server.xml file : and Your code is simple,

Re: Enabling SSLv2 on Tomcat 7 !

Hello, there are many reasons not to use SSLv2 and this is why JDK6 doesn't support it. If you're really talking about SSLv2 and not SSLv2 Client-Hello, so you need to use the IBM JSSE implementation. But, I am unsure that you need this. best regards 2016-02-19 13:05 GMT+01:00 Utkarsh Dave

Re: I need expert to solve problem(pay)

Edwin, we're not expecting money here. Please tell us what your problem is. 2016-02-04 20:37 GMT+01:00 Edwin Quijada : > Hi! > I dont know if I must put this message here but I am exhaust about this. I > need a tomcat expert about configuration to solve a problem with

Re: troughput difference

Hi probably this won't solve your problem but I notice that the random seems slow : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [9,870] milliseconds. Maybe should you then start by fixing this, it has been discussed many times on the mailing list (

Re: Apache httpd / mod_proxy_ajp logging

"Would anyone here know what is available in that respect with mod_proxy_ajp ?" You could try this : LogLevel proxy:trace8 2015-12-03 22:41 GMT+01:00 André Warnier (tomcat) : > Hi. > > Although the above module is a httpd-level, this might still be the right > place to ask : >

Re: Tomcat unresponsive

"Form tomcat log i can say that request has been received from client side" What is saying the Tomcat access log ? Are there lines with response size = 0 ? 2015-12-04 19:13 GMT+01:00 Christopher Schultz : > Yogesh, > > On 12/4/15 9:26 AM, Yogesh Patel wrote: > >

Re: Apache httpd / mod_proxy_ajp logging

Aurélien, > > On 12/4/15 10:36 AM, Aurélien Terrestris wrote: > > "Would anyone here know what is available in that respect with > > mod_proxy_ajp ?" > > > > You could try this : > > > > LogLevel proxy

Re: Monitoring Connections

+01:00 Christopher Schultz <ch...@christopherschultz.net >: > Aurelien, > > On 11/2/15 5:54 PM, Aurélien Terrestris wrote: > > Either my reply was not read, or I'm surprised nobody is answering here. > > > > "1. Java doesn't directly support SNMP;" > > &g

Re: Monitoring Connections

, but maybe you want to go deeper. But then, you probably start mixing what's necessary for N1 support with what's helpful for developers. They have different jobs. best regards A.T. 2015-10-24 14:18 GMT+02:00 Christopher Schultz <ch...@christopherschultz.net >: > Aurélien, >

Re: AW: Suppress or replace WWW-Authorization header

You can choose between a pop-up or an HTML FORM This one looks like this in web.xml : FORM webapp global realm /login.jsp /error_login.jsp 2015-10-28 16:28 GMT+01:00 Torsten Rieger : > -Ursprüngliche Nachricht- > Von:

Re: Monitoring Connections

erver will be unable to check the JVM, it will raise an alert. Easy, cheap, and in most cases enough ;) best regards A.T. 2015-10-24 14:18 GMT+02:00 Christopher Schultz <ch...@christopherschultz.net >: > Aurélien, > > On 10/23/15 6:47 PM, Aurélien Terrestris wrote: > &g

Re: Monitoring Connections

> I know mod_jk will complain if it can't > make a connection or if there is a timeout... I suspect mod_proxy_http > will do the same. They both are supposed to log 502, while Tomcat will raise a "connection reset by peer" when answering to an already closed connection. Timeouts for both are

Wireshark support for Tomcat clusters

For those interested, the Wireshark 2.0 which is now running the RC process, has a built-in dissector for Tomcat clusters (named ATH for Apache Tribes Heartbeat) regards

Re: Monitoring Connections

erschultz.net >: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Aurélien, > > On 10/7/15 5:59 PM, Aurélien Terrestris wrote: > > when this happens you can do a thread-dump (kill -3 pid on Linux > > platforms) and you would see if there is a lock on JDBC ob

Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

Hash: SHA256 > > Aurélien, > > On 10/14/15 5:59 PM, Aurélien Terrestris wrote: > > Still no solutions, I suppose.. > > > > Did you enable the SSLv2 Hello as suggested by Chris, and what's > > the result ? I tested a small client with Java 8, by adding &g

Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

mac > > May be I am mistaken. I will give jtouch a try, thanks for the > pointers...at this point I am grasping at straws :) > > Thanks Aurelien! > > -Original Message- > From: Aurélien Terrestris [mailto:aterrest...@gmail.com] > Sent: Tuesday, October

Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

George, do you have any network capture that we can see ? 2015-10-13 22:10 GMT+02:00 George Stanchev : > >> It might be doable with OpenSSL s_client or something. Tough to > replicate Java's behavior with a non-Java tool, though. > > I tried hard with the s_client but it

Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

stributed with the JRE) on it > which makes debugging and inspecting local vars really hard... > > George > > -Original Message- > From: Aurélien Terrestris [mailto:aterrest...@gmail.com] > Sent: Tuesday, October 13, 2015 3:13 PM > To: Tomcat Users List > Subject: Re: [OT]

Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

dProtocols-java.lang.String:A- ) If you have some IIS server on internet which reproduces the problem, I'll try with JTouch ( jtouch.sourceforge.net ) or write a small client. 2015-10-13 22:22 GMT+02:00 Aurélien Terrestris <aterrest...@gmail.com>: > George, > > do you have any network capture t

Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

"" I believe they mean "by default" as for the client side. Poorly written, probably. 2015-10-13 22:55 GMT+02:00 Aurélien Terrestris <aterrest...@gmail.com>: > "How do you force Java 8 to use SSLv2Hello?" > > You can do this when writing your own

Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

n the Handshaker and > related classes in the JDK and couldn't see anything that can change that... > > George > > -Original Message- > From: Aurélien Terrestris [mailto:aterrest...@gmail.com] > Sent: Tuesday, October 13, 2015 2:55 PM > To: Tomcat Users List > Subject: Re: [O

Re: AW: Problems to configure tomcat as windows service

OK good that it's finally working. There is a weakness in the documentation since it duplicates a big part of the original procrun doc, and it would more readable to just give a short explanation and give a link as you suggest. You can ask for an improvement in the bug database (

Re: AW: Problems to configure tomcat as windows service

Arno, can you try with these parameters : --StdOutput out.txt --StdError err.txt and check if this writes anything to these files (I don't bet a pence on this but let's try) ? Taken from the doc : http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html 2015-10-02 17:52 GMT+02:00

Re: AW: Problems to configure tomcat as windows service

Arno, still investigating for you in the documentation ( http://commons.apache.org/proper/commons-daemon/procrun.html ), can you try again with --ServiceUser & --ServicePassword instead of --User & --Password ? regards 2015-10-08 17:35 GMT+02:00 Arno Schäfer : > Hi

Re: Monitoring Connections

Hi Jamie, when this happens you can do a thread-dump (kill -3 pid on Linux platforms) and you would see if there is a lock on JDBC objects, or anything else synchronized (from the Collections like Hashtable). Not easy for beginners to understand a dump, but worth learning. Very often an

Re: Problems to configure tomcat as windows service

Arno, there *maybe is* documentation about this, see question & comments from Konstantin Kolinko in http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html 2015-10-02 16:36 GMT+02:00 Arno Schäfer : > Hi all, > > using tomcat 7.0.54 on Windows 8.1 64 Bit

RE: Conditional logging

A late reply to this topic... Without the conditional test provided by the Rewrite (native Tomcat 8 Rewrite or url-rewrite), it is possible to use an Apache in front of the Tomcat which will have two ProxyPass, and two virtual hosts on the Tomcat itself (one servicing anything but the healtheck,

Re: Tomcat 8 reliability/performance on Windows 2008 R2 Server vs. RHEL/CentOS

I recommend Linux for 2 reasons : - easier to install and maintain a secured Tomcat (especially when using different TOMCAT_HOME & TOMCAT_BASE, on Windows it's pretty difficult to know how to secure all directories correctly) ; if you have to deal with file uploading, you don't want a system

Re: Conditional logging

+02:00 Christopher Schultz <ch...@christopherschultz.net>: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Aurélien, > > On 10/1/15 10:40 AM, Aurélien Terrestris wrote: >> A late reply to this topic... Without the conditional test provided >> by the Rew

Re: Tomcat 8 reliability/performance on Windows 2008 R2 Server vs. RHEL/CentOS

rus sounds better to me. What you're saying sounds good, but I have been deploying Tomcat since version 3 and it has brought me to Linux choice. best regards, A.T. 2015-10-01 19:22 GMT+02:00 Howard W. Smith, Jr. <smithh032...@gmail.com>: > On Thu, Oct 1, 2015 at 11:46 AM, Aurélien T

Re: Parallel deployment URL issue

Hello maybe the Java documentation is badly written, because it is saying ( http://docs.oracle.com/javase/7/docs/api/java/io/File.html#toURL%28%29 ) : "This method does not automatically escape characters that are illegal in URLs." # character is not illegal, but reserved (see gen-delims

Re: Tomcat deployment from public_html user folder of a war application is not working

t;>> >> directoryName="public_html" userClass= >>> "org.apache.catalina.startup.PasswdUserDatabase" /> >>> >>> >>> >>> Then at user's homes I have: >>> >>> /home/usertest/public_html/app.war >>>

Re: Tomcat deployment from public_html user folder of a war application is not working

Hi, first, you should check that the Host is configured with autoDeploy="true" 2015-09-24 14:07 GMT+02:00 Manuel Parra : > Hello I'm trying to deploy .war application from the public_html folder at > user homes. > > I've added directive to server.xml : > >

Re: Post Session Id

If you write a Valve (which would be Tomcat-specific, and not work under other servlet containers), you could change the way Tomcat reads session identifiers from the request (and use a request parameter instead of a path parameter). Maybe could you also have a look on Filters since they're

Re: Post Session Id

Thanks Christopher, I believe this was working by the time of Tomcat 4.. but not completely sure, it was a long time ago :) 2015-03-30 16:14 GMT+02:00 Christopher Schultz ch...@christopherschultz.net: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Aurélien, On 3/30/15 4:24 AM, Aurélien

Re: Tomcat 8 on Solaris 10/11

As suggested by Rainer, I would try with the blocking connector and compare. Otherwise, it could be that your file is using very long lines (only 5 lines for more than 800k of data). Maybe a tomcat-dev could have a look on this. $ wc ext-datadownload-20150323_1157.js 5 7634 838044

Re: Slow http denial of service

by Christopher, you would have to use something like cloudflare. For very big sites, AKAMAI,.. 2015-03-16 13:50 GMT+01:00 David kerber dcker...@verizon.net: On 3/16/2015 8:41 AM, Robert Klemme wrote: On Sun, Mar 15, 2015 at 10:07 AM, Aurélien Terrestris aterrest...@gmail.com wrote: I agree

Re: Slow http denial of service

times more powerfull, but I'm not working there anymore. 2015-03-16 21:09 GMT+01:00 Christopher Schultz ch...@christopherschultz.net: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Aurélien, On 3/16/15 9:16 AM, Aurélien Terrestris wrote: As browsers (at least the ones I know) open 2

Re: Slow http denial of service

I agree with the NIO connector which gives good results to this problem. Also, on Linux you can configure iptables firewall to limit the number of connections from one IP (

Re: AW: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest Authentication problem

Sascha, you can configure source address stickyness as well as destination address stickyness, both will provide the same result which will work for you. 2015-03-12 18:13 GMT+01:00 Mark Thomas ma...@apache.org: On 12/03/2015 15:20, Sascha Skorupa wrote: Hi, here:

Re: Getting javax.net.ssl.SSLHandshakeException

I'm not sure how (or even if) you can have Java attempt to connect with SSLv3 and then re-try with TLS. I think it is possible, have a look on JSSE Reference Guide for sun.security.ssl.allowUnsafeRenegotiation and sun.security.ssl.allowLegacyHelloMessages, they're explaining how to catch the

Re: [Hardening] Running tomcat under a specific account

/tomcat-against-hacking) A.T. 2015-02-26 14:43 GMT+01:00 Christopher Schultz ch...@christopherschultz.net: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Aurélien, On 2/26/15 5:23 AM, Aurélien Terrestris wrote: I agree with Leon. As do I. Apache httpd can change the attack surface

Re: [Hardening] Running tomcat under a specific account

I agree with Leon. That said, a service account with low privileges only gives filesystem protection ; interesting data is usually stored in the database and you won't be more protected against SQL injections or even against a modified jsp stored by the hacker (like in some old STRUTS

Re: Tomcat 8 + mod_jk + apache 2.2x on FreeBSD

I get Tomcat default home page, but images and CSS are not loaded: All resources are not available and all links are broken. This happens because you're proxyfying to /dspace but Tomcat ROOT webapp is written for the / context http://www.cs.ait.ac.th/dspace/docs/manager-howto.html then works

Re: Tomcat 8 + mod_jk + apache 2.2x on FreeBSD

Olivier, if Apache and Tomcat are running on the same machine, the tcpdump won't capture the trafic because the proxy requests are using the loopback interface and not the ethernet port. Instead of using the workers properties and the mod-jk section, you could try with the ProxyPass syntax

Re: Security Best Practices on Windows Service

In my previous employment, we did that. Create a local user account and set permissions to the Tomcat installation directory and optional CATALINA_BASE (if you separated them). I agree with this (done hundreds of times), and you can set rights with xcacls. However this reminds us that usually

Re: Security Best Practices on Windows Service

In my previous employment, we did that. Create a local user account and set permissions to the Tomcat installation directory and optional CATALINA_BASE (if you separated them). I agree with this (done hundreds of times), and you can set rights with xcacls. However this reminds us that usually

Re: Remote Tomcat webapps bidirectional communication

Hello I think that application to application calls should be implemented with web services (there is much choice but maybe heavy to implement). When implementing such a solution, particularly if trafic goes through internet, you must check that you're using a firewall in order to avoid false

Re: Restrict the use of JDK classes Tomcat 7 or 6

, is it the same? Or is it necessary to modify the Tomcat's Security Manager? Thank you very much. 2013/11/12 Aurélien Terrestris aterrest...@gmail.com Hello Analia I'm glad that you could play successfully with the Security Manager as I advised first :D About permissions, here you have a doc

Fwd: Restrict the use of JDK classes Tomcat 7 or 6

Hello Analia I'm glad that you could play successfully with the Security Manager as I advised first :D About permissions, here you have a doc : http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc3.html#20211 best regards 2013/11/11 ANALIA DE PEDRO SANTAMARIA

Re: Restrict the use of JDK classes Tomcat 7 or 6

Hello Analia I'm glad that you could play successfully with the Security Manager as I advised first :D About permissions, here you have a doc : http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc3.html#20211 best regards 2013/11/11 ANALIA DE PEDRO SANTAMARIA

Re: Restrict the use of JDK classes Tomcat 7 or 6

You can run Tomcat with its Security Manager, then you can setup which jar has which rights have a look here : http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html 2013/10/22 ANALIA DE PEDRO SANTAMARIA 100074...@alumnos.uc3m.es: Hello, I would like to know if is it possible to

Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms

the digest algorithms (only the encryption options). - Dennis On 08/23/2013 12:24 AM, Aurélien Terrestris wrote: Hello I suppose you need to run your JVM with the unrestricted policy files (on b= oth client and server sides). You have to download them from Oracle website

Re: Fwd: Tomcat 7 / Java 7 with TLS 1.2 algorithms

/23/2013 03:48 AM, Aurélien Terrestris wrote: According to RFC 5246 Appendix C (TLS 1.2), there is no SHA384. See : http://www.ietf.org/rfc/rfc5246.txt The JSSE Reference Guide also doesn't talk about this SHA384 as an implementation requirement. See : http://docs.oracle.com/javase/7/docs

Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms

Hello I suppose you need to run your JVM with the unrestricted policy files (on b= oth client and server sides). You have to download them from Oracle website= for your java version, and replace the old. These files are : local_policy.jar US_export_policy.jar Regards 2013/8/22

Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms

to test by myself with my own client. 2013/8/22 Dennis Sosnoski d...@sosnoski.com: I've already done that, though as far as I can see that doesn't effect the digest algorithms (only the encryption options). - Dennis On 08/23/2013 12:24 AM, Aurélien Terrestris wrote: Hello I suppose you

Fwd: Tomcat 7 / Java 7 with TLS 1.2 algorithms

to test by myself with my own client. 2013/8/22 Dennis Sosnoski d...@sosnoski.com: I've already done that, though as far as I can see that doesn't effect the digest algorithms (only the encryption options). - Dennis On 08/23/2013 12:24 AM, Aurélien Terrestris wrote: Hello I suppose you