Re: question for sso session replication in tomcat 6.0.26

[Andrew Bruno]

Oh sorry, I re-read your answer.  Not sure why SSO is not working, be
interested to find out though..

AB

On Tue, Jun 22, 2010 at 3:04 PM, Andrew Bruno  wrote:
> Hi Yasushi
>
> In your serverl.xml have you added the jvmroute to the Engine?
>
> i.e.
>
> 
>
> Andrew
>
> On Tue, Jun 22, 2010 at 2:50 PM, Okubo, Yasushi (TSD) 
>  wrote:
>> Hi Andrew
>>
>> Thank for your post.  When I checked the session id from firefox, sso 
>> session id [jsessionidsso] does not have jvmroute info, but only jsessionid 
>> has jvmroute.  So, session replication upon failover is working fine, but 
>> singlesionon upon failover is not working on tomcat 6.0.x (including 6.0.26).
>>
>> yasushi
>>
>> -Original Message-
>> From: Andrew Bruno [mailto:andrew.br...@gmail.com]
>> Sent: Monday, June 21, 2010 9:18 PM
>> To: Tomcat Users List
>> Subject: Re: question for sso session replication in tomcat 6.0.26
>>
>> Looking at the code I think this is wrong
>>
>> if (!_ssoSessionId.contains("." + jvmRoute)) {
>>   _ssoSessionId += "." + jvmRoute;
>>   response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
>> }
>>
>> The original sessionId will already have the "."+_any_other_jvmRoute
>> included, so you need to substring it, and append the new jvmRoute.
>>
>>  _ssoSessionId= _ssoSessionId.substring(0, _ssoSessionId.indexOf("."))
>>
>> and then add
>>
>>  _ssoSessionId += "." + jvmRoute;
>>
>> AB
>>
>> On Tue, Jun 22, 2010 at 1:03 PM, Okubo, Yasushi (TSD)
>>  wrote:
>>> Hi experts
>>>
>>>
>>>
>>> I found this old email from archive in TC 5.5.23.
>>>
>>> Does this problem still exist in tomcat 6.0.x or 6.0.26?
>>>
>>>
>>>
>>> When failover occurs, sso session id is updated with new number after
>>> forcing a user to relogin to the application since sso session id is not
>>> replicated and rewritten correctly.  Could someone explain what is
>>> expected in current tomcat 6.0.x cluster upon failover?  Should sso
>>> session id is replicated correctly in tomcat 6.0.x?
>>>
>>>
>>>
>>> Thanks,
>>>
>>> yasushi
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ROOKIE wrote:
>>> Hi,
>>> I have a problem with tomcat cluster + mod_proxy load balancer :
>>>
>>> We have a main app which authenticate itself to a webapp and from this
>>> app one
>>> can launch embedded apps which use the SSO cookie to access other
>>> webapps on
>>> the server (Single-Sign-On for the user).
>>>
>>> Things are working perfectly for the normal cookie but not for the sso
>>> cookie.
>>>
>>>
>>> The problem I have is that tomcat does not replicate SSO sessions so
>>> when these embedded apps route through the load balancer we get 401s on
>>> all the other cluster members except the one which actually generated
>>> the SSO cookie.
>>>
>>> I wanted to know if we can edit the SSO cookie generated by tomcat to
>>> also
>>> contain the jvmRoute parameter so that the load balancer directly goes
>>> to the
>>> correct cluster member.
>>>
>>>
>>> I tried doing this in my code by fetching the SSO cookie and appending
>>> to it
>>> the jvmRoute as follows :
>>>
>>>        HttpServletRequest request =
>>> (HttpServletRequest)Security.getContext(HttpServletRequest.class);
>>>        HttpServletResponse response =
>>> (HttpServletResponse)Security.getContext(HttpServletResponse.class);
>>>        if(request != null) {
>>>            String jvmRoute = "Vinod_Cluster_1";    // as mentioned in
>>> server.xml
>>>            Cookie[] cookies = request.getCookies();
>>>            for(int nc=0; cookies != null && nc < cookies.length; nc++)
>>> {
>>>                if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>>>                    _sessionId = cookies[nc].getValue();
>>>                }
>>>
>>> else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>>>
>>>                    _ssoSessionId = cookies[nc].getValue();
>>>                    if (!_ssoSessionId.contains("." + jvmRoute)) {
>>>                        _ssoSessionId += "." + jvmRoute;
>>>
>>> response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
>>> }
>>>
>>>
>>>                }
>>>
>>>
>>> But after this I started getting 401s from even the correct cluster
>>> member. My guess is addCookie doesnt update the cookie in tomcat's cache
>>> which is reasonable.
>>>
>>> Other thought was to edit tomcat's sso cookie generation code to append
>>> the
>>> jvmRoute to the sso cookie.
>>>
>>>
>>> Is there an better way to achieve this in my code base ?
>>>
>>> Thanks In Advance,
>>> Vinod
>>>
>>>
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
>

-
To

Re: question for sso session replication in tomcat 6.0.26

[Andrew Bruno]

Hi Yasushi

In your serverl.xml have you added the jvmroute to the Engine?

i.e.

 

Andrew

On Tue, Jun 22, 2010 at 2:50 PM, Okubo, Yasushi (TSD)
 wrote:
> Hi Andrew
>
> Thank for your post.  When I checked the session id from firefox, sso session 
> id [jsessionidsso] does not have jvmroute info, but only jsessionid has 
> jvmroute.  So, session replication upon failover is working fine, but 
> singlesionon upon failover is not working on tomcat 6.0.x (including 6.0.26).
>
> yasushi
>
> -Original Message-
> From: Andrew Bruno [mailto:andrew.br...@gmail.com]
> Sent: Monday, June 21, 2010 9:18 PM
> To: Tomcat Users List
> Subject: Re: question for sso session replication in tomcat 6.0.26
>
> Looking at the code I think this is wrong
>
> if (!_ssoSessionId.contains("." + jvmRoute)) {
>   _ssoSessionId += "." + jvmRoute;
>   response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
> }
>
> The original sessionId will already have the "."+_any_other_jvmRoute
> included, so you need to substring it, and append the new jvmRoute.
>
>  _ssoSessionId= _ssoSessionId.substring(0, _ssoSessionId.indexOf("."))
>
> and then add
>
>  _ssoSessionId += "." + jvmRoute;
>
> AB
>
> On Tue, Jun 22, 2010 at 1:03 PM, Okubo, Yasushi (TSD)
>  wrote:
>> Hi experts
>>
>>
>>
>> I found this old email from archive in TC 5.5.23.
>>
>> Does this problem still exist in tomcat 6.0.x or 6.0.26?
>>
>>
>>
>> When failover occurs, sso session id is updated with new number after
>> forcing a user to relogin to the application since sso session id is not
>> replicated and rewritten correctly.  Could someone explain what is
>> expected in current tomcat 6.0.x cluster upon failover?  Should sso
>> session id is replicated correctly in tomcat 6.0.x?
>>
>>
>>
>> Thanks,
>>
>> yasushi
>>
>>
>>
>>
>>
>>
>>
>> ROOKIE wrote:
>> Hi,
>> I have a problem with tomcat cluster + mod_proxy load balancer :
>>
>> We have a main app which authenticate itself to a webapp and from this
>> app one
>> can launch embedded apps which use the SSO cookie to access other
>> webapps on
>> the server (Single-Sign-On for the user).
>>
>> Things are working perfectly for the normal cookie but not for the sso
>> cookie.
>>
>>
>> The problem I have is that tomcat does not replicate SSO sessions so
>> when these embedded apps route through the load balancer we get 401s on
>> all the other cluster members except the one which actually generated
>> the SSO cookie.
>>
>> I wanted to know if we can edit the SSO cookie generated by tomcat to
>> also
>> contain the jvmRoute parameter so that the load balancer directly goes
>> to the
>> correct cluster member.
>>
>>
>> I tried doing this in my code by fetching the SSO cookie and appending
>> to it
>> the jvmRoute as follows :
>>
>>        HttpServletRequest request =
>> (HttpServletRequest)Security.getContext(HttpServletRequest.class);
>>        HttpServletResponse response =
>> (HttpServletResponse)Security.getContext(HttpServletResponse.class);
>>        if(request != null) {
>>            String jvmRoute = "Vinod_Cluster_1";    // as mentioned in
>> server.xml
>>            Cookie[] cookies = request.getCookies();
>>            for(int nc=0; cookies != null && nc < cookies.length; nc++)
>> {
>>                if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>>                    _sessionId = cookies[nc].getValue();
>>                }
>>
>> else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>>
>>                    _ssoSessionId = cookies[nc].getValue();
>>                    if (!_ssoSessionId.contains("." + jvmRoute)) {
>>                        _ssoSessionId += "." + jvmRoute;
>>
>> response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
>> }
>>
>>
>>                }
>>
>>
>> But after this I started getting 401s from even the correct cluster
>> member. My guess is addCookie doesnt update the cookie in tomcat's cache
>> which is reasonable.
>>
>> Other thought was to edit tomcat's sso cookie generation code to append
>> the
>> jvmRoute to the sso cookie.
>>
>>
>> Is there an better way to achieve this in my code base ?
>>
>> Thanks In Advance,
>> Vinod
>>
>>
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: question for sso session replication in tomcat 6.0.26

[Andrew Bruno]

Looking at the code I think this is wrong

if (!_ssoSessionId.contains("." + jvmRoute)) {
   _ssoSessionId += "." + jvmRoute;
   response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
}

The original sessionId will already have the "."+_any_other_jvmRoute
included, so you need to substring it, and append the new jvmRoute.

 _ssoSessionId= _ssoSessionId.substring(0, _ssoSessionId.indexOf("."))

and then add

 _ssoSessionId += "." + jvmRoute;

AB

On Tue, Jun 22, 2010 at 1:03 PM, Okubo, Yasushi (TSD)
 wrote:
> Hi experts
>
>
>
> I found this old email from archive in TC 5.5.23.
>
> Does this problem still exist in tomcat 6.0.x or 6.0.26?
>
>
>
> When failover occurs, sso session id is updated with new number after
> forcing a user to relogin to the application since sso session id is not
> replicated and rewritten correctly.  Could someone explain what is
> expected in current tomcat 6.0.x cluster upon failover?  Should sso
> session id is replicated correctly in tomcat 6.0.x?
>
>
>
> Thanks,
>
> yasushi
>
>
>
>
>
>
>
> ROOKIE wrote:
> Hi,
> I have a problem with tomcat cluster + mod_proxy load balancer :
>
> We have a main app which authenticate itself to a webapp and from this
> app one
> can launch embedded apps which use the SSO cookie to access other
> webapps on
> the server (Single-Sign-On for the user).
>
> Things are working perfectly for the normal cookie but not for the sso
> cookie.
>
>
> The problem I have is that tomcat does not replicate SSO sessions so
> when these embedded apps route through the load balancer we get 401s on
> all the other cluster members except the one which actually generated
> the SSO cookie.
>
> I wanted to know if we can edit the SSO cookie generated by tomcat to
> also
> contain the jvmRoute parameter so that the load balancer directly goes
> to the
> correct cluster member.
>
>
> I tried doing this in my code by fetching the SSO cookie and appending
> to it
> the jvmRoute as follows :
>
>        HttpServletRequest request =
> (HttpServletRequest)Security.getContext(HttpServletRequest.class);
>        HttpServletResponse response =
> (HttpServletResponse)Security.getContext(HttpServletResponse.class);
>        if(request != null) {
>            String jvmRoute = "Vinod_Cluster_1";    // as mentioned in
> server.xml
>            Cookie[] cookies = request.getCookies();
>            for(int nc=0; cookies != null && nc < cookies.length; nc++)
> {
>                if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>                    _sessionId = cookies[nc].getValue();
>                }
>
> else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>
>                    _ssoSessionId = cookies[nc].getValue();
>                    if (!_ssoSessionId.contains("." + jvmRoute)) {
>                        _ssoSessionId += "." + jvmRoute;
>
> response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
> }
>
>
>                }
>
>
> But after this I started getting 401s from even the correct cluster
> member. My guess is addCookie doesnt update the cookie in tomcat's cache
> which is reasonable.
>
> Other thought was to edit tomcat's sso cookie generation code to append
> the
> jvmRoute to the sso cookie.
>
>
> Is there an better way to achieve this in my code base ?
>
> Thanks In Advance,
> Vinod
>
>
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: question for sso session replication in tomcat 6.0.26

[Okubo, Yasushi (TSD)]

Hi Andrew

Thank for your post.  When I checked the session id from firefox, sso session 
id [jsessionidsso] does not have jvmroute info, but only jsessionid has 
jvmroute.  So, session replication upon failover is working fine, but 
singlesionon upon failover is not working on tomcat 6.0.x (including 6.0.26).

yasushi 

-Original Message-
From: Andrew Bruno [mailto:andrew.br...@gmail.com] 
Sent: Monday, June 21, 2010 9:18 PM
To: Tomcat Users List
Subject: Re: question for sso session replication in tomcat 6.0.26

Looking at the code I think this is wrong

if (!_ssoSessionId.contains("." + jvmRoute)) {
   _ssoSessionId += "." + jvmRoute;
   response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
}

The original sessionId will already have the "."+_any_other_jvmRoute
included, so you need to substring it, and append the new jvmRoute.

 _ssoSessionId= _ssoSessionId.substring(0, _ssoSessionId.indexOf("."))

and then add

 _ssoSessionId += "." + jvmRoute;

AB

On Tue, Jun 22, 2010 at 1:03 PM, Okubo, Yasushi (TSD)
 wrote:
> Hi experts
>
>
>
> I found this old email from archive in TC 5.5.23.
>
> Does this problem still exist in tomcat 6.0.x or 6.0.26?
>
>
>
> When failover occurs, sso session id is updated with new number after
> forcing a user to relogin to the application since sso session id is not
> replicated and rewritten correctly.  Could someone explain what is
> expected in current tomcat 6.0.x cluster upon failover?  Should sso
> session id is replicated correctly in tomcat 6.0.x?
>
>
>
> Thanks,
>
> yasushi
>
>
>
>
>
>
>
> ROOKIE wrote:
> Hi,
> I have a problem with tomcat cluster + mod_proxy load balancer :
>
> We have a main app which authenticate itself to a webapp and from this
> app one
> can launch embedded apps which use the SSO cookie to access other
> webapps on
> the server (Single-Sign-On for the user).
>
> Things are working perfectly for the normal cookie but not for the sso
> cookie.
>
>
> The problem I have is that tomcat does not replicate SSO sessions so
> when these embedded apps route through the load balancer we get 401s on
> all the other cluster members except the one which actually generated
> the SSO cookie.
>
> I wanted to know if we can edit the SSO cookie generated by tomcat to
> also
> contain the jvmRoute parameter so that the load balancer directly goes
> to the
> correct cluster member.
>
>
> I tried doing this in my code by fetching the SSO cookie and appending
> to it
> the jvmRoute as follows :
>
>        HttpServletRequest request =
> (HttpServletRequest)Security.getContext(HttpServletRequest.class);
>        HttpServletResponse response =
> (HttpServletResponse)Security.getContext(HttpServletResponse.class);
>        if(request != null) {
>            String jvmRoute = "Vinod_Cluster_1";    // as mentioned in
> server.xml
>            Cookie[] cookies = request.getCookies();
>            for(int nc=0; cookies != null && nc < cookies.length; nc++)
> {
>                if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>                    _sessionId = cookies[nc].getValue();
>                }
>
> else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>
>                    _ssoSessionId = cookies[nc].getValue();
>                    if (!_ssoSessionId.contains("." + jvmRoute)) {
>                        _ssoSessionId += "." + jvmRoute;
>
> response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
> }
>
>
>                }
>
>
> But after this I started getting 401s from even the correct cluster
> member. My guess is addCookie doesnt update the cookie in tomcat's cache
> which is reasonable.
>
> Other thought was to edit tomcat's sso cookie generation code to append
> the
> jvmRoute to the sso cookie.
>
>
> Is there an better way to achieve this in my code base ?
>
> Thanks In Advance,
> Vinod
>
>
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

question for sso session replication in tomcat 6.0.26

[Okubo, Yasushi (TSD)]

Hi experts

 

I found this old email from archive in TC 5.5.23.

Does this problem still exist in tomcat 6.0.x or 6.0.26?

 

When failover occurs, sso session id is updated with new number after
forcing a user to relogin to the application since sso session id is not
replicated and rewritten correctly.  Could someone explain what is
expected in current tomcat 6.0.x cluster upon failover?  Should sso
session id is replicated correctly in tomcat 6.0.x?

 

Thanks,

yasushi

 

 

 

ROOKIE wrote:
Hi,
I have a problem with tomcat cluster + mod_proxy load balancer :
 
We have a main app which authenticate itself to a webapp and from this
app one 
can launch embedded apps which use the SSO cookie to access other
webapps on 
the server (Single-Sign-On for the user).
 
Things are working perfectly for the normal cookie but not for the sso
cookie.
 

The problem I have is that tomcat does not replicate SSO sessions so
when these embedded apps route through the load balancer we get 401s on
all the other cluster members except the one which actually generated
the SSO cookie. 

I wanted to know if we can edit the SSO cookie generated by tomcat to
also 
contain the jvmRoute parameter so that the load balancer directly goes
to the 
correct cluster member.
 
 
I tried doing this in my code by fetching the SSO cookie and appending
to it 
the jvmRoute as follows :
 
HttpServletRequest request = 
(HttpServletRequest)Security.getContext(HttpServletRequest.class);
HttpServletResponse response = 
(HttpServletResponse)Security.getContext(HttpServletResponse.class);
if(request != null) {
String jvmRoute = "Vinod_Cluster_1";// as mentioned in 
server.xml
Cookie[] cookies = request.getCookies();
for(int nc=0; cookies != null && nc < cookies.length; nc++)
{
if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
_sessionId = cookies[nc].getValue();
}

else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) { 

_ssoSessionId = cookies[nc].getValue();
if (!_ssoSessionId.contains("." + jvmRoute)) {
_ssoSessionId += "." + jvmRoute;

response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
} 

 
}
 

But after this I started getting 401s from even the correct cluster
member. My guess is addCookie doesnt update the cookie in tomcat's cache
which is reasonable. 

Other thought was to edit tomcat's sso cookie generation code to append
the 
jvmRoute to the sso cookie.
 

Is there an better way to achieve this in my code base ? 

Thanks In Advance,
Vinod

 

RE: Problem retrieving domain\userid from HttpServletRequest object

[Savoy, Melinda]

What I finally did was remove my filter from the web.xml file all together and 
I have a TEST index.jsp page that only contains the following:

<%...@page language="java" contentType="text/html; charset=ISO-8859-1" 
pageEncoding="ISO-8859-1"%>

Here is my userid + <%=request.getRemoteUser()%>
I got to my INDEX page.

So that my app would go straight to the index.jsp page above and when I got the 
index.jsp page up on my browser this is what I saw:

Here is my userid + null I got to my INDEX page.

So it would appear that the ISAPI filter is NOT integrated with my Tomcat 
server completely even though in the ISAPI log it shows the following:

[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_isapi_plugin.c (1835): 
Filter started
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (1036): 
Attempting to map URI '/localhost/SCMIS/index.jsp' from 3 maps
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/jkmanager=jkstatus' source 'uriworkermap'
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/*.action=scmisWorker' source 'uriworkermap'
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/*.jsp=scmisWorker' source 'uriworkermap'
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (863): 
Found a wildchar match '/*.jsp=scmisWorker'
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (1916): 
check if [/SCMIS/index.jsp] points to the web-inf directory
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (1932): 
[/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (1972): 
fowarding escaped URI [/SCMIS/index.jsp]
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2792): 
Reading extension header HTTP_TOMCATWORKER6A6B: scmisWorker
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2793): 
Reading extension header HTTP_TOMCATWORKERIDX6A6B: 2
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2794): 
Reading extension header HTTP_TOMCATURI6A6B: /SCMIS/index.jsp
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2795): 
Reading extension header HTTP_TOMCATQUERY6A6B: (null)
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2850): 
Applying service extensions
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (3108): 
Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (3120): 
Service request headers=8 attributes=0 chunked=no content-length=0 available=0
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_worker.c (116): found a 
worker scmisWorker
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2162): 
got a worker for name scmisWorker
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_ajp_common.c (3093): 
acquired connection pool slot=0 after 0 retries
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_ajp_common.c (605): ajp 
marshaling done
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_ajp_common.c (2376): 
processing scmisWorker with 2 retries

I am just not sure if the ISAPI log shows the info above why it is not 
integrated properly.  I am at a total loss at this point.  

Any help would be appreciated.

Thank you.

-Original Message-
From: Savoy, Melinda 
Sent: Monday, June 21, 2010 12:55 PM
To: 'Tomcat Users List'
Subject: Problem retrieving domain\userid from HttpServletRequest object 

I am on what I hope is the last issue in trying to get authentication completed 
on the IIS-Tomcat integration.

I have the ISAPI filter loaded and appears to be working properly per the ISAPI 
log.  IIS is sending the NTLM authorization header with the encrypted 
domain\username and the ISAPI filter log shows the request info but I cannot 
pick it up from the HttpFilter class below in the ServletRequest parameter.

The HttpFilter class that my application uses (using the Tomcat ServletRequest 
object) to authenticate from the HttpServletRequest req as follows below does 
NOT contain the domain\username when I issue the getRemoteUser() or the 
getUserPrincipal.getName() methods because both come back as NULL:

public final void doFilter(final ServletRequest request, final ServletResponse 
response, final FilterChain chain) throws IOException, ServletException {
final HttpServletRequest req = (HttpServletRequest) request;
final HttpServletResponse resp = (HttpServletResponse) response;

String userID = req.getRemoteUser();
String userID2 = req.getUserPrincipal.getName();

try {
execute(

RE: Tomcat - ADS connection reset - communication exception

[dB .]

It could be that your Active Directory is forcibly closing this connection by 
some kind of server-side policy.

If your goal is authentication and you operate only on Windows, you may want to 
look at http://waffle.codeplex.com. It does BASIC auth as well as Negotiate 
using Windows API, so you don't have to deal with configuring LDAP at all and 
get correct results (supports domain trusts, nested groups, etc.).

dB. @ dblock.org 
Moscow|Geneva|Seattle|New York


-Original Message-
From: Manish Kumar [mailto:man...@oakdeneindia.com] 
Sent: Monday, June 21, 2010 10:52 AM
To: 'Tomcat Users List'
Subject: Tomcat - ADS connection reset - communication exception

Hi Friends,

 

I'm using tomcat 5.5.28 and ADS on Windows 2003 Server and connecting
through realm configuration mentioning in the server.xml.

 

Things are fine but the problem arise when the server use to be idle for a
couple of mins(normally 10 to 15 mins). When I saw in the log, I found that
connection is closed and throwing exception - 

 

javax.naming.CommunicationException: connection closed [Root exception is
java.io.IOException: connection closed]; remaining name
'cn=steve,ou=people,dc=processmasterlive,dc=com'

   at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)

   at com.sun.jndi.ldap.LdapCtx.doSearchOnce(Unknown Source)

   at com.sun.jndi.ldap.LdapCtx.c_getAttributes(Unknown Source)

   at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source)

   at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown
Source)

   at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown
Source)

   at
javax.naming.directory.InitialDirContext.getAttributes(Unknown Source)

   at
org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:1009)

   at
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:973)

   at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:899)

   at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:810)

   at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthe
nticator.java:181)

   at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:491)

   at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127
)

   at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117
)

   at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:108)

   at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)

   at
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:
835)

   at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(H
ttp11AprProtocol.java:640)

   at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286)

   at java.lang.Thread.run(Unknown Source)

Caused by: java.io.IOException: connection closed

   at com.sun.jndi.ldap.LdapClient.ensureOpen(Unknown Source)

   at com.sun.jndi.ldap.LdapClient.search(Unknown Source)

   ... 21 more

 

I tried to find a lot on the web but no luck. Could anybody help me out? 

 

Thanking you in advance.

 

Regards

Manish


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Setting the Right Amount of Memory

[Robinson, Eric]

> Sorry for not responding yet.  Busy at what I actually 
> get paid for, and trying to generate some real numbers 
> for the question at hand.  More later. 

No worries, I just want to keep the thread alive until something
definitive comes from it if possible. :-)

--
Eric Robinson


Disclaimer - June 21, 2010 
This email and any files transmitted with it are confidential and intended 
solely for Tomcat Users List. If you are not the named addressee you should not 
disseminate, distribute, copy or alter this email. Any views or opinions 
presented in this email are solely those of the author and might not represent 
those of . Warning: Although  has taken reasonable precautions to ensure no 
viruses are present in this email, the company cannot accept responsibility for 
any loss or damage arising from the use of this email or attachments. 
This disclaimer was added by Policy Patrol: http://www.policypatrol.com/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Setting the Right Amount of Memory

[Caldarale, Charles R]

> From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
> Subject: RE: Setting the Right Amount of Memory
> 
> > So what is the impact say (picking some random
> > numbers of the air) if you have an app that is quite
> > happy with 256MB of heap space but has 1024MB allocated?
> 
> My question exactly!

Sorry for not responding yet.  Busy at what I actually get paid for, and trying 
to generate some real numbers for the question at hand.  More later.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Problem retrieving domain\userid from HttpServletRequest object

[Savoy, Melinda]

I am on what I hope is the last issue in trying to get authentication completed 
on the IIS-Tomcat integration.

I have the ISAPI filter loaded and appears to be working properly per the ISAPI 
log.  IIS is sending the NTLM authorization header with the encrypted 
domain\username and the ISAPI filter log shows the request info but I cannot 
pick it up from the HttpFilter class below in the ServletRequest parameter.

The HttpFilter class that my application uses (using the Tomcat ServletRequest 
object) to authenticate from the HttpServletRequest req as follows below does 
NOT contain the domain\username when I issue the getRemoteUser() or the 
getUserPrincipal.getName() methods because both come back as NULL:

public final void doFilter(final ServletRequest request, final ServletResponse 
response, final FilterChain chain) throws IOException, ServletException {
final HttpServletRequest req = (HttpServletRequest) request;
final HttpServletResponse resp = (HttpServletResponse) response;

String userID = req.getRemoteUser();
String userID2 = req.getUserPrincipal.getName();

try {
execute(req, resp);
} catch (FilterInterruptException e) {
return;
} catch (Exception e) {
log.severe(new HttpRequestDebugger(req).toString());
throw new ServletException(e);
}

chain.doFilter(request, response);

this.afterChain(req, resp);
}

I am using version Apache Tomcat 6.0.18.

Any suggestions on how to get to this info within JAVA.  I cannot get to my 
TEST index.jsp page that just shows the value for the userid because I cannot 
get past this filter first and that is why I'm getting 401.2 errors back in my 
browser.

Thank you.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: Setting the Right Amount of Memory

[Robinson, Eric]

> So what is the impact say (picking some random 
> numbers of the air) if you have an app that is quite 
> happy with 256MB of heap space but has 1024MB allocated?  

My question exactly!

--
Eric Robinson





Disclaimer - June 21, 2010 
This email and any files transmitted with it are confidential and intended 
solely for Tomcat Users List. If you are not the named addressee you should not 
disseminate, distribute, copy or alter this email. Any views or opinions 
presented in this email are solely those of the author and might not represent 
those of . Warning: Although  has taken reasonable precautions to ensure no 
viruses are present in this email, the company cannot accept responsibility for 
any loss or damage arising from the use of this email or attachments. 
This disclaimer was added by Policy Patrol: http://www.policypatrol.com/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HTTP Status 408!

[Pid]

On 21/06/2010 17:36, neo21 zerro wrote:
> 
> 
>   Ok. Something like this ?
> 
>  
> 
> URL protectedResource = new URL("http://localhost:8080/resource";);
> *URLConnection yc = *protectedResource*.openConnection();*
> BufferedReader in = new BufferedReader(
> new InputStreamReader(
> *yc.getInputStream()*));
> String inputLine;
> 
> while ((inputLine = in.readLine()) != null) 
> //check if the response is the login page 
> in.close();
>  
> if(The response is login page){
>
>  
>//make another request with to specific params for the 
> authentication
> }

It's actually much easier to use BASIC auth if a machine is logging in.
Look at: http://hc.apache.org/

>   My question is that in the second request I need to open a browser so is 
> the session id of the 
> first request the same with the session id of the second request? because the 
> FormAuthenticator need's
> the session id of the first request to retrieve the protected resource?

Yes, the session id will be required.  If the URLs are encoded properly
as per previous discussion, then the form action attribute will be
re-encoded to incorporate the session id - you'll see how to submit to a
modified URL if you examine the returned HTML for the login form.


p

> 
> *From:* Pid 
> *To:* Tomcat Users List 
> *Sent:* Mon, June 21, 2010 6:19:44 PM
> *Subject:* Re: HTTP Status 408!
> 
> On 21/06/2010 15:48, neo21 zerro wrote:
>>  Ok.I already have send params from my other application to my
>> Tomcat application and everything goes well, I make this with the
>> j_security_check on a post method, and I track down the path with the
>> debug log. The problem is that in the
>> org.apache.catalina.authenticator.FormAuthenticator in the authenticate
>> method the user is getting authenticated but when the user should be
>> redirected to the initial saved request, null is returned.
>>  So my problem is that I make */programmaticaly
>>
>  >
> /*just
>> a request to my Tomcat web app authenticating the user per user params
>> but I need somehow to tell the FormAuthenticator what the saved request
>> should be. Any ideas?
> 
> The process is:
> 
> 1. make a request for a protected resource
> 2. check the response is what you want,
> 
> 3. if it's not, but contains a login form
> 4. submit username & password against form url
> 
> 
> FormAuthenticator creates the saved request at step 1.
> 
> 
> p
> 
>> Thanks!!!
>>
>> 
>> *From:* Pid mailto:p...@pidster.com>>
>> *To:* Tomcat Users List  >
>> *Sent:* Mon, June 21, 2010 5:30:00 PM
>> *Subject:* Re: HTTP Status 408!
>>
>> On 21/06/2010 15:20, neo21 zerro wrote:
>>> Hello,
>>>
>>>  Problem finally solved :) Pid was right my encoding was not ok and a
>> Cookie was not passed over with the poste of the login page :) I needed
>> to explicity create a servlet and in that servler add to the response
>> object the JSSESIONID as a Cookie :)
>>>
>>> I have another question can I login from another aplication
>> programmicaly to my app that runs on Tomcat with custom JAAS login module?
>>
>> If the other app knows how to perform whatever custom JAAS login you've
>> built, then I don't see why not.
>>
>>
>> p
>>
>>> 
>>> From: Martin Gainty mailto:mgai...@hotmail.com>
> >>
>>> To: Tomcat Users List  
>> >>
>>> Sent: Fri, June 11, 2010 11:16:09 PM
>>> Subject: RE: HTTP Status 408!
>>>
>>>
>>> can you post all of the code (including the html that houses the flex
>> components), display the full stacktrace and display environmental
>> variables from SET
>>>
>>> Martin
>>> __
>>> standard caveats apply
>>>
>>>
>>>
>>>
>>>
 Date: Fri, 11 Jun 2010 12:32:44 -0700
 From: neo21_ze...@yahoo.com 
> >
 Subject: Re: HTTP Status 408!
 To: users@tomcat.apache.org 
> >





 I installed the Tomcat 7 RC but the problem persists.
 So it's definitely a bug from my app. After the logout is made the
>> redirect is made from flex(navigateToUrl - function) do you think this
>

Re: HTTP Status 408!

[neo21 zerro]

  Ok. Something like this ?

 

URL protectedResource = new URL("http://localhost:8080/resource";);
URLConnection yc = protectedResource.openConnection();
BufferedReader in = new BufferedReader(
new InputStreamReader(
yc.getInputStream()));
String inputLine;

while ((inputLine = in.readLine()) != null) 
 //check if the response is the login page 
in.close();

if(The response is login page){

//make another request with to specific params for the authentication
}

  My question is that in the second request I need to open a browser so is the 
session id of the 
first request the same with the session id of the second request? because the 
FormAuthenticator need's
the session id of the first request to retrieve the protected resource?





From: Pid 
To: Tomcat Users List 
Sent: Mon, June 21, 2010 6:19:44 PM
Subject: Re: HTTP Status 408!

On 21/06/2010 15:48, neo21 zerro wrote:
>  Ok.I already have send params from my other application to my
> Tomcat application and everything goes well, I make this with the
> j_security_check on a post method, and I track down the path with the
> debug log. The problem is that in the
> org.apache.catalina.authenticator.FormAuthenticator in the authenticate
> method the user is getting authenticated but when the user should be
> redirected to the initial saved request, null is returned. 
>  So my problem is that I make */programmaticaly
> 
>  /*just
> a request to my Tomcat web app authenticating the user per user params
> but I need somehow to tell the FormAuthenticator what the saved request
> should be. Any ideas?

The process is:

1. make a request for a protected resource
2. check the response is what you want,

3. if it's not, but contains a login form
4. submit username & password against form url


FormAuthenticator creates the saved request at step 1.


p

> Thanks!!!
> 
> 
> *From:* Pid 
> *To:* Tomcat Users List 
> *Sent:* Mon, June 21, 2010 5:30:00 PM
> *Subject:* Re: HTTP Status 408!
> 
> On 21/06/2010 15:20, neo21 zerro wrote:
>> Hello,
>>
>>  Problem finally solved :) Pid was right my encoding was not ok and a
> Cookie was not passed over with the poste of the login page :) I needed
> to explicity create a servlet and in that servler add to the response
> object the JSSESIONID as a Cookie :)
>>
>> I have another question can I login from another aplication
> programmicaly to my app that runs on Tomcat with custom JAAS login module?
> 
> If the other app knows how to perform whatever custom JAAS login you've
> built, then I don't see why not.
> 
> 
> p
> 
>> 
>> From: Martin Gainty mailto:mgai...@hotmail.com>>
>> To: Tomcat Users List  >
>> Sent: Fri, June 11, 2010 11:16:09 PM
>> Subject: RE: HTTP Status 408!
>>
>>
>> can you post all of the code (including the html that houses the flex
> components), display the full stacktrace and display environmental
> variables from SET
>>
>> Martin
>> __
>> standard caveats apply
>>
>>
>>
>>
>>
>>> Date: Fri, 11 Jun 2010 12:32:44 -0700
>>> From: neo21_ze...@yahoo.com 
>>> Subject: Re: HTTP Status 408!
>>> To: users@tomcat.apache.org 
>>>
>>>
>>>
>>>
>>>
>>> I installed the Tomcat 7 RC but the problem persists.
>>> So it's definitely a bug from my app. After the logout is made the
> redirect is made from flex(navigateToUrl - function) do you think this
> could be an issue?
>>>
>>>
>>>
>>>
>>> 
>>> From: Mark Thomas mailto:ma...@apache.org>>
>>> To: Tomcat Users List  >
>>> Sent: Thu, June 10, 2010 10:35:48 PM
>>> Subject: Re: HTTP Status 408!
>>>
>>> On 10/06/2010 15:39, neo21 zerro wrote:

 Yes I am requesting a protected resource but I don't know why is
> this happening.


 I've tried to set all sort of cookies in my browser but nothing
> works.The problem is that I'm not using jsp like Pid said
 and I think I should try to use jsp...for my login page.
 Are there other versions of Tomcat ? I mean newer versions, like 7 ?
>>>
>>> That assumes a) there is a bug in Tomcat and b) that it is fixed in a
>>> newer version of 6.0.26.
>>>
>>> I have yet to see any evidence in this thread that there is a bug in
> Tomcat.
>>>
>>> Mark
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> 
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

RE: tomcat.exe 6.0.18 to 6.0.26 stdout/stderr redirection

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: tomcat.exe 6.0.18 to 6.0.26 stdout/stderr redirection
> 
> Tomcat.exe does not run Tomcat.

Well actually, tomcat6.exe does - it's just another JVM launcher.  You can use 
that in lieu of the scripts.  Running the .exe directly does require that the 
service be previously installed.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

Re: HTTP Status 408!

[Pid]

On 21/06/2010 15:48, neo21 zerro wrote:
>  Ok.I already have send params from my other application to my
> Tomcat application and everything goes well, I make this with the
> j_security_check on a post method, and I track down the path with the
> debug log. The problem is that in the
> org.apache.catalina.authenticator.FormAuthenticator in the authenticate
> method the user is getting authenticated but when the user should be
> redirected to the initial saved request, null is returned. 
>  So my problem is that I make */programmaticaly
> 
>  /*just
> a request to my Tomcat web app authenticating the user per user params
> but I need somehow to tell the FormAuthenticator what the saved request
> should be. Any ideas?

The process is:

1. make a request for a protected resource
2. check the response is what you want,

3. if it's not, but contains a login form
4. submit username & password against form url


FormAuthenticator creates the saved request at step 1.


p

> Thanks!!!
> 
> 
> *From:* Pid 
> *To:* Tomcat Users List 
> *Sent:* Mon, June 21, 2010 5:30:00 PM
> *Subject:* Re: HTTP Status 408!
> 
> On 21/06/2010 15:20, neo21 zerro wrote:
>> Hello,
>>
>>  Problem finally solved :) Pid was right my encoding was not ok and a
> Cookie was not passed over with the poste of the login page :) I needed
> to explicity create a servlet and in that servler add to the response
> object the JSSESIONID as a Cookie :)
>>
>> I have another question can I login from another aplication
> programmicaly to my app that runs on Tomcat with custom JAAS login module?
> 
> If the other app knows how to perform whatever custom JAAS login you've
> built, then I don't see why not.
> 
> 
> p
> 
>> 
>> From: Martin Gainty mailto:mgai...@hotmail.com>>
>> To: Tomcat Users List  >
>> Sent: Fri, June 11, 2010 11:16:09 PM
>> Subject: RE: HTTP Status 408!
>>
>>
>> can you post all of the code (including the html that houses the flex
> components), display the full stacktrace and display environmental
> variables from SET
>>
>> Martin
>> __
>> standard caveats apply
>>
>>
>>
>>
>>
>>> Date: Fri, 11 Jun 2010 12:32:44 -0700
>>> From: neo21_ze...@yahoo.com 
>>> Subject: Re: HTTP Status 408!
>>> To: users@tomcat.apache.org 
>>>
>>>
>>>
>>>
>>>
>>> I installed the Tomcat 7 RC but the problem persists.
>>> So it's definitely a bug from my app. After the logout is made the
> redirect is made from flex(navigateToUrl - function) do you think this
> could be an issue?
>>>
>>>
>>>
>>>
>>> 
>>> From: Mark Thomas mailto:ma...@apache.org>>
>>> To: Tomcat Users List  >
>>> Sent: Thu, June 10, 2010 10:35:48 PM
>>> Subject: Re: HTTP Status 408!
>>>
>>> On 10/06/2010 15:39, neo21 zerro wrote:

 Yes I am requesting a protected resource but I don't know why is
> this happening.


 I've tried to set all sort of cookies in my browser but nothing
> works.The problem is that I'm not using jsp like Pid said
 and I think I should try to use jsp...for my login page.
 Are there other versions of Tomcat ? I mean newer versions, like 7 ?
>>>
>>> That assumes a) there is a bug in Tomcat and b) that it is fixed in a
>>> newer version of 6.0.26.
>>>
>>> I have yet to see any evidence in this thread that there is a bug in
> Tomcat.
>>>
>>> Mark
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> 
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
>>>
>>>
>>>
>> 
>> _
>> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars
> with Hotmail.
>> http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
>>  
>> 
>>
>>
>> 
> 
> 
> 




signature.asc
Description: OpenPGP digital signature

Re: tomcat.exe 6.0.18 to 6.0.26 stdout/stderr redirection

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bulkan,

On 6/21/2010 12:46 AM, Bulkan wrote:
> I am not running tomcat as a service. I directly start tomcat.exe

Tomcat.exe does not run Tomcat. So, how are you really starting Tomcat?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwfgr0ACgkQ9CaO5/Lv0PAnhgCfQufqvCMz72ZE9nzBgyIwYMlG
GgwAn0EhuQ9KtFFbEl4S3yiA2xeETMHA
=5lXq
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HTTP Status 408!

[neo21 zerro]

 Ok.I already have send params from my other application to my Tomcat 
application and everything goes well, I make this with the j_security_check on 
a post method, and I track down the path with the debug log. The problem is 
that in the org.apache.catalina.authenticator.FormAuthenticator in the 
authenticate method the user is getting authenticated but when the user should 
be redirected to the initial saved request, null is returned. 
 So my problem is that I make programmaticaly just a request to my 
Tomcat web app authenticating the user per user params but I need somehow to 
tell the FormAuthenticator what the saved request should be. Any ideas?




Thanks!!!




From: Pid 
To: Tomcat Users List 
Sent: Mon, June 21, 2010 5:30:00 PM
Subject: Re: HTTP Status 408!

On 21/06/2010 15:20, neo21 zerro wrote:
> Hello,
> 
>  Problem finally solved :) Pid was right my encoding was not ok and a Cookie 
> was not passed over with the poste of the login page :) I needed to explicity 
> create a servlet and in that servler add to the response object the 
> JSSESIONID as a Cookie :)
> 
> I have another question can I login from another aplication programmicaly to 
> my app that runs on Tomcat with custom JAAS login module?

If the other app knows how to perform whatever custom JAAS login you've
built, then I don't see why not.


p

> 
> From: Martin Gainty 
> To: Tomcat Users List 
> Sent: Fri, June 11, 2010 11:16:09 PM
> Subject: RE: HTTP Status 408!
> 
> 
> can you post all of the code (including the html that houses the flex 
> components), display the full stacktrace and display environmental variables 
> from SET
> 
> Martin 
> __ 
> standard caveats apply
> 
> 
> 
> 
> 
>> Date: Fri, 11 Jun 2010 12:32:44 -0700
>> From: neo21_ze...@yahoo.com
>> Subject: Re: HTTP Status 408!
>> To: users@tomcat.apache.org
>>
>>
>>
>>
>>
>> I installed the Tomcat 7 RC but the problem persists.
>> So it's definitely a bug from my app. After the logout is made the redirect 
>> is made from flex(navigateToUrl - function) do you think this could be an 
>> issue?
>>
>>
>>
>>
>> 
>> From: Mark Thomas 
>> To: Tomcat Users List 
>> Sent: Thu, June 10, 2010 10:35:48 PM
>> Subject: Re: HTTP Status 408!
>>
>> On 10/06/2010 15:39, neo21 zerro wrote:
>>>
>>> Yes I am requesting a protected resource but I don't know why is this 
>>> happening.
>>>
>>>
>>> I've tried to set all sort of cookies in my browser but nothing 
>>> works.The problem is that I'm not using jsp like Pid said 
>>> and I think I should try to use jsp...for my login page.
>>> Are there other versions of Tomcat ? I mean newer versions, like 7 ?
>>
>> That assumes a) there is a bug in Tomcat and b) that it is fixed in a
>> newer version of 6.0.26.
>>
>> I have yet to see any evidence in this thread that there is a bug in Tomcat.
>>
>> Mark
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>>
>  
> _
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
> Hotmail. 
> http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
> 
> 
>  


  

Tomcat - ADS connection reset - communication exception

[Manish Kumar]

Hi Friends,

 

I'm using tomcat 5.5.28 and ADS on Windows 2003 Server and connecting
through realm configuration mentioning in the server.xml.

 

Things are fine but the problem arise when the server use to be idle for a
couple of mins(normally 10 to 15 mins). When I saw in the log, I found that
connection is closed and throwing exception - 

 

javax.naming.CommunicationException: connection closed [Root exception is
java.io.IOException: connection closed]; remaining name
'cn=steve,ou=people,dc=processmasterlive,dc=com'

   at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)

   at com.sun.jndi.ldap.LdapCtx.doSearchOnce(Unknown Source)

   at com.sun.jndi.ldap.LdapCtx.c_getAttributes(Unknown Source)

   at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source)

   at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown
Source)

   at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown
Source)

   at
javax.naming.directory.InitialDirContext.getAttributes(Unknown Source)

   at
org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:1009)

   at
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:973)

   at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:899)

   at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:810)

   at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthe
nticator.java:181)

   at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:491)

   at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127
)

   at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117
)

   at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:108)

   at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)

   at
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:
835)

   at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(H
ttp11AprProtocol.java:640)

   at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286)

   at java.lang.Thread.run(Unknown Source)

Caused by: java.io.IOException: connection closed

   at com.sun.jndi.ldap.LdapClient.ensureOpen(Unknown Source)

   at com.sun.jndi.ldap.LdapClient.search(Unknown Source)

   ... 21 more

 

I tried to find a lot on the web but no luck. Could anybody help me out? 

 

Thanking you in advance.

 

Regards

Manish

Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' AGAIN!

[yuccanel]

Hello, I have done as David suggested  and has not fixed issue. If you visit
thejarbar.org you will see the test page that confirms the jdbc has been
opned and therefore the lib is present
I found a possible reason in hibernate .cfg and fixed it but still got error
after redeployment 1 my databse credentials are correct as I am not getting 
the mysql access

denied exception
this only leaves the possibilities of incorrect database url and names which
is unlikely because my test environment uses same version of mysql and mysql
driver and because I have removed resource and realm tags from server.xml in
both test and production and because I get it running in the test
environment I back my urls to be mapped right.
This exception only happens from hibernate so have made extra sure to check
hibernate xml but still can not find fault


--
From: "David Smith" 
Sent: Monday, June 21, 2010 2:54 PM
To: "Tomcat Users List" 
Subject: Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create 
JDBC driver of class '' for connect URL 'null' AGAIN!




I do not see the mistake that you see


I didn't say I saw a mistake ... just listing stuff to look at in
diagnosing this issue.  The file permission issue can definitely
contribute to what you were seeing.  Other comments inline 

--David

On 6/21/2010 8:32 AM, yucca...@live.co.za wrote:


--
From: "Martin Gainty" 
Sent: Monday, June 21, 2010 1:16 PM
To: "Tomcat Users List" 
Subject: RE: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot 
create

JDBC driver of class '' for connect URL 'null' AGAIN!


if you took time to look at tomcat-users archive you would've come 
across

this post by david smith..the answer is just as good now as when
originally posted



On 6/19/2010 1:31 PM, yucca...@live.co.za wrote:

I have no choice left but to not let hibernate use my tomcat 
datasource.

This is not good. I have even moved host provider in hope that it was
previous fult tomcat install from dailyrazor (tomcat 6 does not hav
common/lib) and is meant to have tomcat/lib

I can say that my new container is correct and that I am 100% sure that
all mus jdbc configuration is correct in zml after having gone though 
it

at least 20 times and checked the wiki that was linked here earlier and
still have issues. Yes mysql jdbc bin is in tomcat/lib so that is not
cause of the error. /the error is very weird though as I have another
point that uses hibernate without error on the same database. It is not
possible for me to use hibernate to use tomcat datasource sadly. Many
thanks for all the help though.





If you put the following into a jsp and call the jsp, does it work?

<%...@page import="java.sql.Connection"%>
<%...@page import="java.sql.DriverManager"%>
<%...@page import="java.sql.SQLException"%>

<%
Class.forName("com.mysql.jdbc.Driver").newInstance();
conn = DriverManager.getConnection("jdbc:mysql://localhost/test?" +
"user=monty&password=greatsqldb");
out.println( "The connection worked!!" ) ;


Did this and it works , I even made this page my welcome page at
thejarbar.org




Great!  That's one giant step in the right direction.


%>


If that works then your jdbc driver is available and installed properly
(I trust there is only one copy of that jar in your entire tomcat
install ... right?).


I do not see or find another copy of the driver




Now check to see if there's an xml in tomcat/conf/Catalina/localhost


there isn't one



Ok ... this is one of a couple of places a  element can
be.  It maybe in one of the others I mentioned like your webapp's
META-INF folder.  The one that might be in
tomcat/conf/Catalina/localhost will take precedence over any in your
webapp's META-INF folder.  People have been bitten before changing the
one in META-INF, not realizing there was an old copy in
tomcat/conf/Catalina/localhost.




matching your webapp's deployed name. For instance if you access your
webapp as http://localhost:8088/mywebapp, there should be a mywebapp.xml
file there. Take a look at it for the  or  (which ever you setup) and make sure they are correct. If this
file is not available, take a look at context.xml in your webapp's
META-INF folder (same process). If it's not there, then the  element for your webapp is in server.xml and it should NOT be
there. It's bad practice and requires a full tomcat restart to make


I did not do this




If you mean restart, it's not necessary as long as the 
 element defining your app to tomcat is not in server.xml.


changes.


Did this and it works , I even made this page my welcome page at
thejarbar.org




??? I'm confused here.  What did you do at this point that  works?


Lastly, case matters. Be sure everything is typed correctly including
whether it's upper or lower case.

Now take a look at the logs and post any relevant messages including
complete stacktraces of exceptions w/o edits except to protect usernames
and pass

Re: HTTP Status 408!

[Pid]

On 21/06/2010 15:20, neo21 zerro wrote:
> Hello,
> 
>  Problem finally solved :) Pid was right my encoding was not ok and a Cookie 
> was not passed over with the poste of the login page :) I needed to explicity 
> create a servlet and in that servler add to the response object the 
> JSSESIONID as a Cookie :)
> 
> I have another question can I login from another aplication programmicaly to 
> my app that runs on Tomcat with custom JAAS login module?

If the other app knows how to perform whatever custom JAAS login you've
built, then I don't see why not.


p

> 
> From: Martin Gainty 
> To: Tomcat Users List 
> Sent: Fri, June 11, 2010 11:16:09 PM
> Subject: RE: HTTP Status 408!
> 
> 
> can you post all of the code (including the html that houses the flex 
> components), display the full stacktrace and display environmental variables 
> from SET
> 
> Martin 
> __ 
> standard caveats apply
> 
> 
> 
> 
> 
>> Date: Fri, 11 Jun 2010 12:32:44 -0700
>> From: neo21_ze...@yahoo.com
>> Subject: Re: HTTP Status 408!
>> To: users@tomcat.apache.org
>>
>>
>>
>>
>>
>> I installed the Tomcat 7 RC but the problem persists.
>> So it's definitely a bug from my app. After the logout is made the redirect 
>> is made from flex(navigateToUrl - function) do you think this could be an 
>> issue?
>>
>>
>>
>>
>> 
>> From: Mark Thomas 
>> To: Tomcat Users List 
>> Sent: Thu, June 10, 2010 10:35:48 PM
>> Subject: Re: HTTP Status 408!
>>
>> On 10/06/2010 15:39, neo21 zerro wrote:
>>>
>>> Yes I am requesting a protected resource but I don't know why is this 
>>> happening.
>>>
>>>
>>> I've tried to set all sort of cookies in my browser but nothing 
>>> works.The problem is that I'm not using jsp like Pid said 
>>> and I think I should try to use jsp...for my login page.
>>> Are there other versions of Tomcat ? I mean newer versions, like 7 ?
>>
>> That assumes a) there is a bug in Tomcat and b) that it is fixed in a
>> newer version of 6.0.26.
>>
>> I have yet to see any evidence in this thread that there is a bug in Tomcat.
>>
>> Mark
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>>
>   
> _
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
> Hotmail. 
> http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
> 
> 
>   




signature.asc
Description: OpenPGP digital signature

Re: HTTP Status 408!

[neo21 zerro]

Hello,



 Problem finally solved :) Pid was right my encoding was not ok and a Cookie 
was not passed over with the poste of the login page :) I needed to explicity 
create a servlet and in that servler add to the response object the JSSESIONID 
as a Cookie :)


I have another question can I login from another aplication programmicaly to my 
app that runs on Tomcat with custom JAAS login module?




From: Martin Gainty 
To: Tomcat Users List 
Sent: Fri, June 11, 2010 11:16:09 PM
Subject: RE: HTTP Status 408!


can you post all of the code (including the html that houses the flex 
components), display the full stacktrace and display environmental variables 
from SET

Martin 
__ 
standard caveats apply





> Date: Fri, 11 Jun 2010 12:32:44 -0700
> From: neo21_ze...@yahoo.com
> Subject: Re: HTTP Status 408!
> To: users@tomcat.apache.org
> 
> 
> 
> 
> 
> I installed the Tomcat 7 RC but the problem persists.
> So it's definitely a bug from my app. After the logout is made the redirect 
> is made from flex(navigateToUrl - function) do you think this could be an 
> issue?
> 
> 
> 
> 
> 
> From: Mark Thomas 
> To: Tomcat Users List 
> Sent: Thu, June 10, 2010 10:35:48 PM
> Subject: Re: HTTP Status 408!
> 
> On 10/06/2010 15:39, neo21 zerro wrote:
> > 
> > Yes I am requesting a protected resource but I don't know why is this 
> > happening.
> > 
> > 
> > I've tried to set all sort of cookies in my browser but nothing 
> > works.The problem is that I'm not using jsp like Pid said 
> > and I think I should try to use jsp...for my login page.
> > Are there other versions of Tomcat ? I mean newer versions, like 7 ?
> 
> That assumes a) there is a bug in Tomcat and b) that it is fixed in a
> newer version of 6.0.26.
> 
> I have yet to see any evidence in this thread that there is a bug in Tomcat.
> 
> Mark
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
  
_
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5


  

Re: EL 2.2 in Tomcat 7 RC1/RC2 does not fully support method invocation, such as "#{helloWorldController.doSomething(helloWorldModel)}"

[John Wu]

Hi Mark,

I just got a chance to test it on the Beta release. It's still broken, with
a slightly different exception message.

javax.faces.el.MethodNotFoundException: javax.el.MethodNotFoundException:
/helloWorld.xhtml @15,85
action="#{helloWorldController.doSomething(helloWorldModel)}": Method not
found: org.wjh.experiment.jsf.helloworldcontrol...@c5122f.dosomething()

The previous attached project is still valid as a test case.

John Wu


markt-2 wrote:
> 
> On 10/06/2010 14:42, John Wu wrote:
>> 
>> Hi Mark,
>> 
>> The fix of "to derive the type directly from the value which ..." sounds
>> not
>> a solution. In a slightly more complex scenario, the fix still fails.
>> 
>> Say the method signature is "public * theMethod(TheSupperType o)" and
>> calling the method in EL like
>> "#{theClassInstance.theMethod(theDerivedTypeInstance)}", where the supper
>> type can be a supper class or an interface, your fix fails.
> 
> super has one p, not two.
> 
> I looked at the current code and the spec again. There is no need for
> any of this complexity. The exact types are defined when the method
> expression is created. I'm not sure why I was trying to derive them at
> invocation time when they were already available.
> 
> I have added a test case, modified the implementation and checked the
> new code with the EL TCK and all looks to be OK.
> 
> Mark
> 
>> 
>> Example project attached.
>> 
>> My suggestion as to the solution of resolving which method to call:
>> . Retrieve all methods of *theClassInstance*, and put them into the
>> CANDIDATES collection;
>> 
>> // Search a match by method name
>> . For each method in CANDIDATES,
>>. if the name is not *theMethod*, remove it from CANDIDATES
>> . If CANDIDATES is empty, then NOT-FOUND;
>> . else if only one is left, then FOUND;
>> 
>> // Search a match by params count
>> . else, count the number of actual params,
>> . For each method in CANDIDATES,
>>. if the number of formal params does not match that of actual params,
>> remove it from CANDIDATES
>>. // Optoional, handle cases of "method has variable number of
>> arguments"
>> . If CANDIDATES is empty, then NOT-FOUND;
>> . else if only one is left, then FOUND;
>> 
>> // Search a match by param types
>> . else, evaluate all actual params;
>> . For each method in CANDIDATES,
>>. if NOT( for-each formalParamType.isAssignableFrom(actualParamType)
>> ),
>> remove it from CANDIDATES
>>. // Optoional, handle cases of "method has variable number of
>> arguments"
>> . If CANDIDATES is empty, then NOT-FOUND;
>> . else if only one is left, then FOUND;
>> 
>> . else, AMBIGUOUS
>> 
>> 
>> John Wu
>> http://old.nabble.com/file/p28843317/jsf-2.0-el-2.2.testcase-v2.zip
>> jsf-2.0-el-2.2.testcase-v2.zip 
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/EL-2.2-in-Tomcat-7-RC1-RC2-does-not-fully-support-method-invocation%2C-such-as-%22-%7BhelloWorldController.doSomething%28helloWorldModel%29%7D%22-tp28671969p28948402.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Re: problems at thejarbar.org

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yucca Nel,

On 6/11/2010 4:53 AM, yucca...@live.co.za wrote:
> Hello tomcats !! :) A quick question as I tackle configuring jndi
> resource for first time: I was referred to using jndi in production
> environmrnt snd hsve noted through documentation found in  test server
> that there are 3 possible places to define jndi resources:
> 1)the server .xml(for every webapp in server if I am correct.

Yes, you can define site-wide JNDI resources, here, but I'd recommend
against it.

> 2)context.xml

I think this is the best place to put JNDI resource definitions.

> 3)web.xml

You can't actually define JNDI resources, here: only map global
(server.xml) ones to the webapp.

> As I am planning on only using this resource for multiple webapps in
> same domain, am I right in asuming server.xml is correct choice to
> define jndi resource?

Perhaps. if you want to share database pools, then do it at the
server.xml level. If you want each webapp to have it's own pool, you
might consider separating them (even if the details are the same).

> In addition I am to define jndi used in server.xml again in web.xml?

My experience is that you do not need to map them in web.xml, though the
servlet spec seems to indicate that doing so is appropriate.

> I now need to know how / where to configure parameters for mysql
> connections or are the defaults acceptable for production?

You can find connection pool settings here:

http://commons.apache.org/dbcp/configuration.html

You can find documentation for configuring Connector/J in the MySQL
documentation that matches your version number.

Good luck,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwSo6AACgkQ9CaO5/Lv0PDuvQCcCgg07IDlP/LvRAUGq2UsIlIp
zrkAoJHGUDedkqybZdcTuSNSnyLw22yC
=8Ghi
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Re: problems at thejarbar.org

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yucca Nel,

On 6/11/2010 4:53 AM, yucca...@live.co.za wrote:
> Hello tomcats !! :) A quick question as I tackle configuring jndi
> resource for first time: I was referred to using jndi in production
> environmrnt snd hsve noted through documentation found in  test server
> that there are 3 possible places to define jndi resources:
> 1)the server .xml(for every webapp in server if I am correct.

Yes, you can define site-wide JNDI resources, here, but I'd recommend
against it.

> 2)context.xml

I think this is the best place to put JNDI resource definitions.

> 3)web.xml

You can't actually define JNDI resources, here: only map global
(server.xml) ones to the webapp.

> As I am planning on only using this resource for multiple webapps in
> same domain, am I right in asuming server.xml is correct choice to
> define jndi resource?

Perhaps. if you want to share database pools, then do it at the
server.xml level. If you want each webapp to have it's own pool, you
might consider separating them (even if the details are the same).

> In addition I am to define jndi used in server.xml again in web.xml?

My experience is that you do not need to map them in web.xml, though the
servlet spec seems to indicate that doing so is appropriate.

> I now need to know how / where to configure parameters for mysql
> connections or are the defaults acceptable for production?

You can find connection pool settings here:

http://commons.apache.org/dbcp/configuration.html

You can find documentation for configuring Connector/J in the MySQL
documentation that matches your version number.

Good luck,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwfZQ4ACgkQ9CaO5/Lv0PD5YQCeO0ARUBBH/d6pQi7ESc8oTIXk
dAgAn24ON3N3iU/VErSFk3/YpAiORS0v
=yBQf
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' AGAIN!

[David Smith]

>
> I do not see the mistake that you see

I didn't say I saw a mistake ... just listing stuff to look at in
diagnosing this issue.  The file permission issue can definitely
contribute to what you were seeing.  Other comments inline 

--David

On 6/21/2010 8:32 AM, yucca...@live.co.za wrote:
>
> --
> From: "Martin Gainty" 
> Sent: Monday, June 21, 2010 1:16 PM
> To: "Tomcat Users List" 
> Subject: RE: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create 
> JDBC driver of class '' for connect URL 'null' AGAIN!
>
>   
>> if you took time to look at tomcat-users archive you would've come across 
>> this post by david smith..the answer is just as good now as when 
>> originally posted
>>
>>
>>
>> On 6/19/2010 1:31 PM, yucca...@live.co.za wrote:
>> 
>>> I have no choice left but to not let hibernate use my tomcat datasource. 
>>> This is not good. I have even moved host provider in hope that it was 
>>> previous fult tomcat install from dailyrazor (tomcat 6 does not hav 
>>> common/lib) and is meant to have tomcat/lib
>>>
>>> I can say that my new container is correct and that I am 100% sure that 
>>> all mus jdbc configuration is correct in zml after having gone though it 
>>> at least 20 times and checked the wiki that was linked here earlier and 
>>> still have issues. Yes mysql jdbc bin is in tomcat/lib so that is not 
>>> cause of the error. /the error is very weird though as I have another 
>>> point that uses hibernate without error on the same database. It is not 
>>> possible for me to use hibernate to use tomcat datasource sadly. Many 
>>> thanks for all the help though.
>>>   
>>
>>
>> 
>> If you put the following into a jsp and call the jsp, does it work?
>>
>> <%...@page import="java.sql.Connection"%>
>> <%...@page import="java.sql.DriverManager"%>
>> <%...@page import="java.sql.SQLException"%>
>>
>> <%
>> Class.forName("com.mysql.jdbc.Driver").newInstance();
>> conn = DriverManager.getConnection("jdbc:mysql://localhost/test?" +
>> "user=monty&password=greatsqldb");
>> out.println( "The connection worked!!" ) ;
>> 
> Did this and it works , I even made this page my welcome page at 
> thejarbar.org
>
>   

Great!  That's one giant step in the right direction. 

>> %>
>>
>>
>> If that works then your jdbc driver is available and installed properly
>> (I trust there is only one copy of that jar in your entire tomcat
>> install ... right?).
>> 
> I do not see or find another copy of the driver
>
>
>   
>> Now check to see if there's an xml in tomcat/conf/Catalina/localhost
>> 
> there isn't one
>   

Ok ... this is one of a couple of places a  element can
be.  It maybe in one of the others I mentioned like your webapp's
META-INF folder.  The one that might be in
tomcat/conf/Catalina/localhost will take precedence over any in your
webapp's META-INF folder.  People have been bitten before changing the
one in META-INF, not realizing there was an old copy in
tomcat/conf/Catalina/localhost.

>   
>> matching your webapp's deployed name. For instance if you access your
>> webapp as http://localhost:8088/mywebapp, there should be a mywebapp.xml
>> file there. Take a look at it for the  or > ... /> (which ever you setup) and make sure they are correct. If this
>> file is not available, take a look at context.xml in your webapp's
>> META-INF folder (same process). If it's not there, then the > ... > element for your webapp is in server.xml and it should NOT be
>> there. It's bad practice and requires a full tomcat restart to make
>> 
> I did not do this
>
>
>   
If you mean restart, it's not necessary as long as the 
 element defining your app to tomcat is not in server.xml.

>> changes.
>> 
> Did this and it works , I even made this page my welcome page at 
> thejarbar.org
>
>
>   
??? I'm confused here.  What did you do at this point that  works?

>> Lastly, case matters. Be sure everything is typed correctly including
>> whether it's upper or lower case.
>>
>> Now take a look at the logs and post any relevant messages including
>> complete stacktraces of exceptions w/o edits except to protect usernames
>> and passwords.
>> 
> I have checked this several times and see no syntax errors,  further, if 
> there were url syntax errors  (because they can only be url errors due to it 
> not being an accessdenied exception from mysql, it ould show on my test 
> environment as I use same database names and table names. In fact I would 
> say that because I am able to do that test page with success  it proves my 
> driver is in place and can be found .
>   

Excellent. (on the lack of syntax errors).  Are there any exceptions
during startup of your webapp in the logs or other messages relating to
the database pooling?

> I do not see the mistake that you see
>   



>> --David
>> 
>>
>>
>>
>> 
>>> From: yucca...@live.co.za
>>> To: users@tomcat.apache.org
>>> Subject: Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Canno

Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' AGAIN!

[yuccanel]

--
From: "Martin Gainty" 
Sent: Monday, June 21, 2010 1:16 PM
To: "Tomcat Users List" 
Subject: RE: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create 
JDBC driver of class '' for connect URL 'null' AGAIN!




if you took time to look at tomcat-users archive you would've come across 
this post by david smith..the answer is just as good now as when 
originally posted




On 6/19/2010 1:31 PM, yucca...@live.co.za wrote:
I have no choice left but to not let hibernate use my tomcat datasource. 
This is not good. I have even moved host provider in hope that it was 
previous fult tomcat install from dailyrazor (tomcat 6 does not hav 
common/lib) and is meant to have tomcat/lib


I can say that my new container is correct and that I am 100% sure that 
all mus jdbc configuration is correct in zml after having gone though it 
at least 20 times and checked the wiki that was linked here earlier and 
still have issues. Yes mysql jdbc bin is in tomcat/lib so that is not 
cause of the error. /the error is very weird though as I have another 
point that uses hibernate without error on the same database. It is not 
possible for me to use hibernate to use tomcat datasource sadly. Many 
thanks for all the help though.





If you put the following into a jsp and call the jsp, does it work?

<%...@page import="java.sql.Connection"%>
<%...@page import="java.sql.DriverManager"%>
<%...@page import="java.sql.SQLException"%>

<%
Class.forName("com.mysql.jdbc.Driver").newInstance();
conn = DriverManager.getConnection("jdbc:mysql://localhost/test?" +
"user=monty&password=greatsqldb");
out.println( "The connection worked!!" ) ;


Did this and it works , I even made this page my welcome page at 
thejarbar.org



%>


If that works then your jdbc driver is available and installed properly
(I trust there is only one copy of that jar in your entire tomcat
install ... right?).


I do not see or find another copy of the driver




Now check to see if there's an xml in tomcat/conf/Catalina/localhost


there isn't one


matching your webapp's deployed name. For instance if you access your
webapp as http://localhost:8088/mywebapp, there should be a mywebapp.xml
file there. Take a look at it for the  or  (which ever you setup) and make sure they are correct. If this
file is not available, take a look at context.xml in your webapp's
META-INF folder (same process). If it's not there, then the  element for your webapp is in server.xml and it should NOT be
there. It's bad practice and requires a full tomcat restart to make


I did not do this



changes.


Did this and it works , I even made this page my welcome page at 
thejarbar.org





Lastly, case matters. Be sure everything is typed correctly including
whether it's upper or lower case.

Now take a look at the logs and post any relevant messages including
complete stacktraces of exceptions w/o edits except to protect usernames
and passwords.


I have checked this several times and see no syntax errors,  further, if 
there were url syntax errors  (because they can only be url errors due to it 
not being an accessdenied exception from mysql, it ould show on my test 
environment as I use same database names and table names. In fact I would 
say that because I am able to do that test page with success  it proves my 
driver is in place and can be found .


I do not see the mistake that you see


--David



Martin Gainty
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene 
Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte 
Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht 
dient lediglich dem Austausch von Informationen und entfaltet keine 
rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von 
E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.


Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire 
informez l'expéditeur. N'importe quelle diffusion non autorisée ou la 
copie de ceci est interdite. Ce message sert à l'information seulement et 
n'aura pas n'importe quel effet légalement obligatoire. Étant donné que 
les email peuvent facilement être sujets à la manipulation, nous ne 
pouvons accepter aucune responsabilité pour le contenu fourni.







From: yucca...@live.co.za
To: users@tomcat.apache.org
Subject: Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot 
create JDBC driver of class '' for connect URL 'null' AGAIN!

Date: Mon, 21 Jun 2010 10:49:41 +0200

Ok I thought I found my solution yesterday with eapps but turns out not 
to
be. I am posting a possible fix in hope that this may help someone els 
who

reads this thread one day.

apart from making sure that paths are correct, driver is inside 
tomcat/lib
and that reso

Re: How to speed up tomcat 5.5 jsp precompilation?

[David kerber]

On 6/21/2010 7:48 AM, Pid wrote:

On 20/06/2010 17:24, shunhao chen wrote:

Hi all,
  I have 2100 jsp files in my system, and I use the following ant 
script to precompile my jsp files. It takes 10 minutes to complete. 10 minutes 
is too long for me, because I also need to run class obfuscation, js/css 
compressor and test case. It’s any tips for me to speed up the precompilation?


Do they all change every time you need to compile?  Could you tweak your 
script so that only the changed ones are compiled?  I know nothing about 
Ant, so don't know if that's possible or not.


D

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to speed up tomcat 5.5 jsp precompilation?

[Pid]

On 20/06/2010 17:24, shunhao chen wrote:
> Hi all,
>  I have 2100 jsp files in my system, and I use the following ant 
> script to precompile my jsp files. It takes 10 minutes to complete. 10 
> minutes is too long for me, because I also need to run class obfuscation, 
> js/css compressor and test case. It’s any tips for me to speed up the 
> precompilation?

Your options include getting a faster computer.

The design of your JSPs could influence the amount of time it takes to
do the compilation.  If you're using lots of different taglibs for example.

AFAIK there's no settings you can tweak to make compilation go faster.


p


> ==
> The following is my ant script:
>
>   
>  
> 
> 
>
> 
> 
>
> 
> 
>
> 
>  
>   
>  
>   
>   
>   ${jsp.srcdir}
> webXmlFragment="${basedir}/generated_web.xml"
>  outputDir="${build.dir}/jspsrc" >
>   
>  
> debug="off" failonerror="${failonerror.during.compilation}" 
> srcdir="${build.dir}/jspsrc"
>  encoding="UTF-8" fork="true" memoryMaximumSize="1280M">
>  
> 
> 
>
> 
> 
> 
>
> 
> 
> 
>
> 
> 
>
> 
>  
>  
>   
>
>  
> Regards,
> Eric chen
> 
> 
>   
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




signature.asc
Description: OpenPGP digital signature

RE: Cleartrust RSA integration

[Martin Gainty]

could you briefly explain the need for 2 apache webservers?


thanks,
Martin
_
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.



 

> Date: Mon, 21 Jun 2010 20:22:44 +1200
> From: rmcnu...@clear.net.nz
> Subject: Re: Cleartrust RSA integration
> To: users@tomcat.apache.org
> 
> Hi Andre
> 
> Thanks for the reply.
> 
> I had a long discussion with our architecture group today. Basically they 
> want Cleartrust authentication at the web gateway (in place now) and again 
> at the web server. The gateway (an Apache instance) and the Tomcat server 
> would not be on the same physical box - they would be in separate security 
> zones.
> 
> An option is to use yet another Apache instance fronting Tomcat. I'm not 
> sure what sort of performance hit this would be (i.e. Apache -> Apache -> 
> Tomcat) - do you have any insight?
> 
> Regards
> 
> Ron
> 
> - Original Message - 
> From: "André Warnier" 
> To: "Tomcat Users List" 
> Sent: Sunday, June 20, 2010 9:37 PM
> Subject: Re: Cleartrust RSA integration
> 
> 
> > Ron McNulty wrote:
> >> Hi All
> >>
> >> We are thinking of bringing some of our apps off proprietary J2EE servers 
> >> to Tomcat. We would be deploying on Tomcat 6 (latest), JVM 1.6 and Linux 
> >> on a VM (not sure of versions). One of the requirements is to 
> >> authenticate using RSA Cleartrust.
> >>
> >>> From my reading, Tomcat does not support this. The recommended solution 
> >>> is
> >> to front Tomcat with Apache, and let Apache do the Cleartrust 
> >> integration.
> >>
> >> The links I have found are a bit ancient - are my assumptions still 
> >> correct? Also, our system architects seem to think this setup is 
> >> insufficiently secure - comments?
> >>
> > Assuming the Apache Cleartrust authentication is secure..
> > If Apache authenticates a request, and if the Apache/Tomcat connector is 
> > mod_jk, then the authenticated user-id is propagated from Apache to Tomcat 
> > (*).
> > (Additionals info could be propagated via additional HTTP headers, or 
> > "request attributes").
> > If the link between Apache and Tomcat is secure (like for example both run 
> > on the same machine and the connection is purely internal), then there is 
> > no reason why this would be less secure.
> >
> >
> > (*) whether Tomcat actually uses it, is determined by the 
> > "tomcatAuthentication" attribute of the AJP .
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> > 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
  
_
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4

Re: Tomcat 5.5.26 with application is having memory/performance issue

[Pid]

On 21/06/2010 06:50, Hae Loong Chan wrote:
> Hi,
> 
> I have the memory issue/performance with the following situation:
> 
> a. The machine installed with Solaris 10, with memory 2GB and swap space 4GB.
> b. Running Tomcat 5.5.26 with one application at Xmx1024m and -Xmx256m
> using JDK1.5.0_22.
> c. 10 standalone clients are sending the web service request to
> application for processing the task using xmlrpc.jar continuously.
> d. The script is used to get the system properties, e.g. java.home,
> java.class.path, os.name, etc and then construct the http response
> send back the client.
> e. After 1 week plus, the web users require very long time to login
> and somehow the page cannot be displayed.
>
> I have done the following to monitor the issue:
> a. Monitor the rss, vsz using ps -eo command, found that the rss and
> vsz were increased slightly over time, until hitting 1.70G where the
> web users experience slow performance on the page navigation in the
> tomcat.

Take a thread dump and see what each of the threads are doing when this
occurs.

> b. I ran the Tomcat by putting the -verbose:gc -XX:+PrintGCDetails
> -XX:+PrintGCTimeStamps -XX:+PrintHeapAtGC, then analyzed that the gc
> heap over time is constant.

What is constant?
The size of the heap, or is GC running constantly?

> c. Use jconsole to record the heap and non-heap usage, triggerring
> Full GC, observed that the heap is reset to zero and the non-heap
> won't drop. Non-heap memory usage is increased over time.
>
> d. Don't know the reason why cannot get the Tomcat runs into
> OutOfMemory, the Tomcat shutdown itself without anything even the
> argument "-XX:+HeapDumpOnOutOfMemoryError" is applied.

What's the last thing in the logs?

Are you using any native components?


p

> Did I missed out anything to track down the issue? Anyone, please
> suggest and correct me.
> 
> Thanks.
> 
> Regards,
> Chan.
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




signature.asc
Description: OpenPGP digital signature

RE: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' AGAIN!

[Martin Gainty]

if you took time to look at tomcat-users archive you would've come across this 
post by david smith..the answer is just as good now as when originally posted 

 

On 6/19/2010 1:31 PM, yucca...@live.co.za wrote:
> I have no choice left but to not let hibernate use my tomcat datasource. This 
> is not good. I have even moved host provider in hope that it was previous 
> fult tomcat install from dailyrazor (tomcat 6 does not hav common/lib) and is 
> meant to have tomcat/lib
>
> I can say that my new container is correct and that I am 100% sure that all 
> mus jdbc configuration is correct in zml after having gone though it at least 
> 20 times and checked the wiki that was linked here earlier and still have 
> issues. Yes mysql jdbc bin is in tomcat/lib so that is not cause of the 
> error. /the error is very weird though as I have another point that uses 
> hibernate without error on the same database. It is not possible for me to 
> use hibernate to use tomcat datasource sadly. Many thanks for all the help 
> though.
 
 


If you put the following into a jsp and call the jsp, does it work?
 
<%...@page import="java.sql.Connection"%>
<%...@page import="java.sql.DriverManager"%>
<%...@page import="java.sql.SQLException"%>
 
<%
Class.forName("com.mysql.jdbc.Driver").newInstance();
conn = DriverManager.getConnection("jdbc:mysql://localhost/test?" +
"user=monty&password=greatsqldb");
out.println( "The connection worked!!" ) ;
%>
 
 
If that works then your jdbc driver is available and installed properly
(I trust there is only one copy of that jar in your entire tomcat
install ... right?). 
 
Now check to see if there's an xml in tomcat/conf/Catalina/localhost
matching your webapp's deployed name. For instance if you access your
webapp as http://localhost:8088/mywebapp, there should be a mywebapp.xml
file there. Take a look at it for the  or  (which ever you setup) and make sure they are correct. If this
file is not available, take a look at context.xml in your webapp's
META-INF folder (same process). If it's not there, then the  element for your webapp is in server.xml and it should NOT be
there. It's bad practice and requires a full tomcat restart to make
changes.
 
Lastly, case matters. Be sure everything is typed correctly including
whether it's upper or lower case. 
 
Now take a look at the logs and post any relevant messages including
complete stacktraces of exceptions w/o edits except to protect usernames
and passwords.
 
--David



Martin Gainty 
__ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.



 

> From: yucca...@live.co.za
> To: users@tomcat.apache.org
> Subject: Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create 
> JDBC driver of class '' for connect URL 'null' AGAIN!
> Date: Mon, 21 Jun 2010 10:49:41 +0200
> 
> Ok I thought I found my solution yesterday with eapps but turns out not to 
> be. I am posting a possible fix in hope that this may help someone els who 
> reads this thread one day.
> 
> apart from making sure that paths are correct, driver is inside tomcat/lib 
> and that resource etc are defined correct, I hadnot ensured that tomcat had 
> RW permission for the driver inside tomcat/lib upon doing so I was stuck 
> with same issue but hope this may solve someone elses issue.
> 
> --
> From: "Mark Thomas" 
> Sent: Monday, June 21, 2010 8:57 AM
> To: "Tomcat Users List" 
> Subject: Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create 
> JDBC driver of class '' for connect URL 'null' AGAIN!
> 
> > On 20/06/2010 21:49, akhlaqur Rahman wrote:
> >> How do I unsubscribe from this list? I have tried following the 
> >> unsubscribe
> >> link in the emails and it has not worked... Any tips would be 
> >> appreciated.
> >
> > Ask one of the list owners for help.
> >
> > I'll unsubscribe you in a sec.
> >
> > Mark
> >
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomc

Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' AGAIN!

[yuccanel]

Ok I thought I found my solution yesterday with eapps but turns out not to 
be. I am posting a possible fix in hope that this may help someone els who 
reads this thread one day.


apart from making sure that paths are correct, driver is inside tomcat/lib 
and that resource etc are defined correct, I hadnot ensured that tomcat had 
RW permission for the driver inside tomcat/lib upon doing so I was stuck 
with same issue but hope this may solve someone elses issue.


--
From: "Mark Thomas" 
Sent: Monday, June 21, 2010 8:57 AM
To: "Tomcat Users List" 
Subject: Re: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create 
JDBC driver of class '' for connect URL 'null' AGAIN!



On 20/06/2010 21:49, akhlaqur Rahman wrote:
How do I unsubscribe from this list? I have tried following the 
unsubscribe
link in the emails and it has not worked... Any tips would be 
appreciated.


Ask one of the list owners for help.

I'll unsubscribe you in a sec.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Cleartrust RSA integration

[Ron McNulty]

Hi Andre

Thanks for the reply.

I had a long discussion with our architecture group today. Basically they 
want Cleartrust authentication at the web gateway (in place now) and again 
at the web server. The gateway (an Apache instance) and the Tomcat server 
would not be on the same physical box - they would be in separate security 
zones.


An option is to use yet another Apache instance fronting Tomcat. I'm not 
sure what sort of performance hit this would be (i.e. Apache -> Apache -> 
Tomcat) - do you have any insight?


Regards

Ron

- Original Message - 
From: "André Warnier" 

To: "Tomcat Users List" 
Sent: Sunday, June 20, 2010 9:37 PM
Subject: Re: Cleartrust RSA integration



Ron McNulty wrote:

Hi All

We are thinking of bringing some of our apps off proprietary J2EE servers 
to Tomcat. We would be deploying on Tomcat 6 (latest), JVM 1.6 and Linux 
on a VM (not sure of versions). One of the requirements is to 
authenticate using RSA Cleartrust.


From my reading, Tomcat does not support this. The recommended solution 
is
to front Tomcat with Apache, and let Apache do the Cleartrust 
integration.


The links I have found are a bit ancient - are my assumptions still 
correct? Also, our system architects seem to think this setup is 
insufficiently secure - comments?



Assuming the Apache Cleartrust authentication is secure..
If Apache authenticates a request, and if the Apache/Tomcat connector is 
mod_jk, then the authenticated user-id is propagated from Apache to Tomcat 
(*).
(Additionals info could be propagated via additional HTTP headers, or 
"request attributes").
If the link between Apache and Tomcat is secure (like for example both run 
on the same machine and the connection is purely internal), then there is 
no reason why this would be less secure.



(*) whether Tomcat actually uses it, is determined by the 
"tomcatAuthentication" attribute of the AJP .


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting the Right Amount of Memory

[Mark Thomas]

On 21/06/2010 04:15, Caldarale, Charles R wrote:
>> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
>> Subject: Re: Setting the Right Amount of Memory
>>
>> Unreachable (dead) objects are never encountered,
>> so their number or size does not come into play.
> 
> For complete disclosure, I should note that dead objects in the tenured (old) 
> and permanent generations are looked at (but only during a full GC), since 
> the compaction phase has to figure out where the live ones can be copied to.  
> However, since in nearly all cases, more than 90% of dead objects are in the 
> young generation, few dead objects are examined and the cost is minimal.  The 
> "compaction" phase for the young generation (minor GC) actually consists of 
> copying the live objects to a survivor space, which is guaranteed to be empty.

So what is the impact say (picking some random numbers of the air) if
you have an app that is quite happy with 256MB of heap space but has
1024MB allocated? I understand from what you have written that for the
young gen there isn't much impact but what about the old gen when there
is a full GC? Does the fact that there is (roughly) 700MB of additional
dead objects slow down the full GC and if so, is it significant? It
could easily represent an order of magnitude increase is the memory used
by dead objects.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org