Re: IE & Firefox work fine, Mac, Google and Safari don't authenticate
Hi. Not knowing the exact layout of your pages, and not knowing exactly what you have in mind about what /should/ happen, makes this a bit of a guesswork. In the log, there are a number of URLs being accessed ( /catalog/dealerwelcome.jsp, /catalog/authControl.jsp, /catalog/dealer/dealerwelcome.jsp, etc..) but it is not clear to people reading your messages to the list, what these correspond to in terms of logic of the application. It would help if you described what the sequence is or should be, from the point of view of the user accessing your site, and/or from the point of the view of the pages they should access in what order. For example, your sections below : - one of them relates to an area of your web space under "/joeparts/admin/*", which seems to have nothing to do with the logfile, and confuses things. - the other refers to "/catalog/dealer/*", but according to the log, there is a "dealerwelcome.jsp" page in both the top "/catalog" directory and in the "/catalog/dealer" directory, and between the accesses to these two, there is an intermediate POST to something called "/catalog/authControl.jsp". What is that ? What is it supposed to do ? I get the feeling that there is something fundamentally flawed in the way you are trying to do this authentication, and that the fact that it works in some cases may just be due to the different way that browsers react to edge cases. Also, with the logs we only see one side of things : the requests received by the server, and the status code of the answer. Contrary to you, we do not see what the browser is actually sending or receiving. Try to help us a bit here. There exist useful plugins for browsers, which allow to see the detail of the browser/server conversation. For Firefox, try HttpFox for example, and for IE try Fiddler2. You will easily locate them with Google. They are invaluable when trying to debug such issues. Dick Eastlake wrote: Here's an access log from a successful login using Firefox. Note the post toj_security_check returns a 302 and the id of the authenticated user shows in the returned request for a page located in the secured portion of the site. 213.20.160.134 - - [05/Apr/2011:22:44:31 -0700] "GET /catalog/dealerwelcome.jsp HTTP/1.1" 200 1870 213.20.160.134 - - [05/Apr/2011:22:44:40 -0700] "POST /catalog/authControl.jsp HTTP/1.1" 302 - 213.20.160.134 - - [05/Apr/2011:22:44:40 -0700] "GET /catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 1910 213.20.160.134 - - [05/Apr/2011:22:44:44 -0700] "POST /catalog/dealer/j_security_check HTTP/1.1" 302 - 213.20.160.134 - dickeastl...@progressivecommerce.com [05/Apr/2011:22:44:44 -0700] "GET /catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 2391 Here's a failed attempt (phony id/password) using IENote the post to j_security_check returns a 200 and there is no returned request. 74.77.201.185 - - [05/Apr/2011:22:52:46 -0700] "GET /catalog/dealerwelcome.jsp HTTP/1.1" 200 1870 74.77.201.185 - - [05/Apr/2011:22:53:05 -0700] "POST /catalog/authControl.jsp HTTP/1.1" 302 - 74.77.201.185 - - [05/Apr/2011:22:53:05 -0700] "GET /catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 1897 74.77.201.185 - - [05/Apr/2011:22:53:12 -0700] "POST /catalog/dealer/j_security_check HTTP/1.1" 200 676 The above examples show correct results using IE and Firefox. Here's an access log from an unsuccessful login using Chrome. Note the post to j_security_check returns a 200 even though the id/password entered was a valid one. 74.77.201.185 - - [05/Apr/2011:23:35:58 -0700] "GET /catalog/dealerwelcome.jsp HTTP/1.1" 200 1870 74.77.201.185 - - [05/Apr/2011:23:36:06 -0700] "POST /catalog/authControl.jsp HTTP/1.1" 302 - 74.77.201.185 - - [05/Apr/2011:23:36:06 -0700] "GET /catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 1893 74.77.201.185 - - [05/Apr/2011:23:36:09 -0700] "POST /catalog/dealer/j_security_check HTTP/1.1" 200 676 Again, IE & Firefox work fine, Mac, Google and Safari don't. Thanks for your help, Dick From: André Warnier To: Tomcat Users List Sent: Tuesday, April 5, 2011 6:43 PM Subject: Re: IE & Firefox work fine, Mac, Google and Safari don't authenticate Hi. Since I doubt that many people here really feel like going through a bunch of lines of badly-formatted configuration, code and logs to figure out exactly what is wrong, I suggest that you search Google for "tomcat form based authentication example" and use one of the numerous ones there as a reference. There is something bizarre in your explanation and data however : You say that the first part of the log is with Firefox, which works fine. However, that part contains this line : 69.207.4.57 - s...@sor.com [27/Mar/2011:15:34:30 -0700] "GET /Dynacorn/catalog/dealer/dealerwelcome.jsp HTTP/1.1" 500 2158 which shows a status code 500 (= "server error") returned by the server, while the part supposedly not working shows no such error. Another bizarre part is this : the JS
jsp compile error(The primitive type int of does not have a field javax)
Hi, Is there anyone met this kind of error. please see the error stack below. very tricky,it doesn't always happen, we met it seldom after our server run for a period. and the red section is not confused, i don't know what's the meaning exactly. i've looked into the generated java file, the lines error stack mentioned are just writing "\r\n". tomcat version:6.0.26, JVM version:1.6. *org.apache.jasper.JasperException: Unable to compile class for JSP: An error occurred at line: 114 in the generated java file The primitive type int of does not have a field javax An error occurred at line: 133 in the generated java file The primitive type int of does not have a field javax An error occurred at line: 152 in the generated java file The primitive type int of does not have a field javax An error occurred at line: 171 in the generated java file The primitive type int of does not have a field javax Stacktrace: org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:92) org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330) org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:439) org.apache.jasper.compiler.Compiler.compile(Compiler.java:349) org.apache.jasper.compiler.Compiler.compile(Compiler.java:327) org.apache.jasper.compiler.Compiler.compile(Compiler.java:314) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:589) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.taglibs.standard.tag.common.core.ImportSupport.acquireString(ImportSupport.java:296) org.apache.taglibs.standard.tag.common.core.ImportSupport.doEndTag(ImportSupport.java:161) org.apache.jsp.master_jsp._jspx_meth_c_005fimport_005f0(master_jsp.java:1382) org.apache.jsp.master_jsp._jspService(master_jsp.java:256) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717)*
Re: jsp compile error(The primitive type int of does not have a field javax)
Hi, Honestly, I don't really know, and this is just a vague suspicion. But if the original JSP pages are on a Windows PC, and then you are copying them to a Unix/Linux server to run them, can the problem not be due to wrong line endings ? (Windows uses CR/LF, but Unix/Linux only LF). 文宝殷 wrote: Hi, Is there anyone met this kind of error. please see the error stack below. very tricky,it doesn't always happen, we met it seldom after our server run for a period. and the red section is not confused, i don't know what's the meaning exactly. i've looked into the generated java file, the lines error stack mentioned are just writing "\r\n". tomcat version:6.0.26, JVM version:1.6. *org.apache.jasper.JasperException: Unable to compile class for JSP: An error occurred at line: 114 in the generated java file The primitive type int of does not have a field javax An error occurred at line: 133 in the generated java file The primitive type int of does not have a field javax An error occurred at line: 152 in the generated java file The primitive type int of does not have a field javax An error occurred at line: 171 in the generated java file The primitive type int of does not have a field javax Stacktrace: org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:92) org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330) org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:439) org.apache.jasper.compiler.Compiler.compile(Compiler.java:349) org.apache.jasper.compiler.Compiler.compile(Compiler.java:327) org.apache.jasper.compiler.Compiler.compile(Compiler.java:314) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:589) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.taglibs.standard.tag.common.core.ImportSupport.acquireString(ImportSupport.java:296) org.apache.taglibs.standard.tag.common.core.ImportSupport.doEndTag(ImportSupport.java:161) org.apache.jsp.master_jsp._jspx_meth_c_005fimport_005f0(master_jsp.java:1382) org.apache.jsp.master_jsp._jspService(master_jsp.java:256) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717)* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jsp compile error(The primitive type int of does not have a field javax)
Hi André Warnier, thanks for your reply. it's a runtime error, jsp compiler generate the java file then compile it to class. i didn't the copy the java file between different systems.my system is linux. could the jsp compiler cause this error? the default one is the JDT. Best Regards Bryan 2011/4/6 André Warnier > Hi, > > Honestly, I don't really know, and this is just a vague suspicion. > But if the original JSP pages are on a Windows PC, and then you are copying > them to a Unix/Linux server to run them, can the problem not be due to wrong > line endings ? > (Windows uses CR/LF, but Unix/Linux only LF). > > > > 文宝殷 wrote: > >> Hi, >> >> Is there anyone met this kind of error. please see the error stack below. >> >> very tricky,it doesn't always happen, we met it seldom after our server >> run >> for a period. >> and the red section is not confused, i don't know what's the meaning >> exactly. >> i've looked into the generated java file, the lines error stack mentioned >> are just writing "\r\n". >> >> tomcat version:6.0.26, JVM version:1.6. >> >> *org.apache.jasper.JasperException: Unable to compile class for JSP: >> >> An error occurred at line: 114 in the generated java file >> The primitive type int of does not have a field javax >> >> An error occurred at line: 133 in the generated java file >> The primitive type int of does not have a field javax >> >> An error occurred at line: 152 in the generated java file >> The primitive type int of does not have a field javax >> >> An error occurred at line: 171 in the generated java file >> The primitive type int of does not have a field javax >> >> Stacktrace: >> >> >> org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:92) >> >> >> org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330) >> >> org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:439) >>org.apache.jasper.compiler.Compiler.compile(Compiler.java:349) >>org.apache.jasper.compiler.Compiler.compile(Compiler.java:327) >>org.apache.jasper.compiler.Compiler.compile(Compiler.java:314) >> >> >> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:589) >> >> >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317) >> >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) >>org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) >>javax.servlet.http.HttpServlet.service(HttpServlet.java:717) >> >> >> org.apache.taglibs.standard.tag.common.core.ImportSupport.acquireString(ImportSupport.java:296) >> >> >> org.apache.taglibs.standard.tag.common.core.ImportSupport.doEndTag(ImportSupport.java:161) >> >> >> org.apache.jsp.master_jsp._jspx_meth_c_005fimport_005f0(master_jsp.java:1382) >>org.apache.jsp.master_jsp._jspService(master_jsp.java:256) >>org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >>javax.servlet.http.HttpServlet.service(HttpServlet.java:717) >> >> >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) >> >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) >>org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) >>javax.servlet.http.HttpServlet.service(HttpServlet.java:717)* >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: tomcat and apache log entry correlation with mod_jk
On 05.04.2011 22:44, Anthony J. Biacco wrote:
FYI, I have this tentatively working with mod_unique_id by doing:
Apache config:
RequestHeader set UNIQUE_ID %{UNIQUE_ID}e
JkEnvVar UNIQUE_ID
Tomcat accesslogvalve pattern:
%{UNIQUE_ID}i
I might use it like this, I might not. They might want a more telling id like
apache_host:unique_id
This can be simplified to
JkEnvVar UNIQUE_ID
Apache accesslogvalve pattern:
%{UNIQUE_ID}e
Tomcat accesslogvalve pattern:
%{UNIQUE_ID}r
JkEnvVar forwards the environment variable UNIQUE_ID, which is
automatically set by mod_unique_id (you need to LoadModule
mod_unique_id) to Tomcat as a request attribute. Request attributes can
be logged in the Tomcat accesslog using %{...}r.
Regards,
Rainer
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jsp compile error(The primitive type int of does not have a field javax)
Hello 文宝殷, As I failed to mention before, I am not really a java or JSP expert, so I was just guessing. The error messages which you are getting seem to suggest that the generated Java code (before compilation) contains some line breaks or other confusing characters where the compiler is not expecting them, and it is taking one of the "import" statements (like "import javax.servlet.http.HttpServletRequest;") as an attribute of a variable named "". It is all quite bizarre, and made me think that the problem may be linked to a character set issue or a wrong line-ending. Maybe there is an option to the JSP interpreter where you can actually ask to see the generated java code before compilation ? But let's see what the experts have to say.. 文宝殷 wrote: > Hi André Warnier, > > thanks for your reply. > it's a runtime error, jsp compiler generate the java file then compile it to > class. > i didn't the copy the java file between different systems.my system is > linux. > > could the jsp compiler cause this error? the default one is the JDT. > > Best Regards > Bryan > > > 2011/4/6 André Warnier > >> Hi, >> >> Honestly, I don't really know, and this is just a vague suspicion. >> But if the original JSP pages are on a Windows PC, and then you are copying >> them to a Unix/Linux server to run them, can the problem not be due to wrong >> line endings ? >> (Windows uses CR/LF, but Unix/Linux only LF). >> >> >> >> 文宝殷 wrote: >> >>> Hi, >>> >>> Is there anyone met this kind of error. please see the error stack below. >>> >>> very tricky,it doesn't always happen, we met it seldom after our server >>> run >>> for a period. >>> and the red section is not confused, i don't know what's the meaning >>> exactly. >>> i've looked into the generated java file, the lines error stack mentioned >>> are just writing "\r\n". >>> >>> tomcat version:6.0.26, JVM version:1.6. >>> >>> *org.apache.jasper.JasperException: Unable to compile class for JSP: >>> >>> An error occurred at line: 114 in the generated java file >>> The primitive type int of does not have a field javax >>> >>> An error occurred at line: 133 in the generated java file >>> The primitive type int of does not have a field javax >>> >>> An error occurred at line: 152 in the generated java file >>> The primitive type int of does not have a field javax >>> >>> An error occurred at line: 171 in the generated java file >>> The primitive type int of does not have a field javax >>> >>> Stacktrace: >>> >>> >>> org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:92) >>> >>> >>> org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330) >>> >>> org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:439) >>>org.apache.jasper.compiler.Compiler.compile(Compiler.java:349) >>>org.apache.jasper.compiler.Compiler.compile(Compiler.java:327) >>>org.apache.jasper.compiler.Compiler.compile(Compiler.java:314) >>> >>> >>> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:589) >>> >>> >>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317) >>> >>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) >>>org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) >>>javax.servlet.http.HttpServlet.service(HttpServlet.java:717) >>> >>> >>> org.apache.taglibs.standard.tag.common.core.ImportSupport.acquireString(ImportSupport.java:296) >>> >>> >>> org.apache.taglibs.standard.tag.common.core.ImportSupport.doEndTag(ImportSupport.java:161) >>> >>> >>> org.apache.jsp.master_jsp._jspx_meth_c_005fimport_005f0(master_jsp.java:1382) >>>org.apache.jsp.master_jsp._jspService(master_jsp.java:256) >>>org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >>>javax.servlet.http.HttpServlet.service(HttpServlet.java:717) >>> >>> >>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) >>> >>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) >>>org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) >>>javax.servlet.http.HttpServlet.service(HttpServlet.java:717)* >>> >>> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jsp compile error(The primitive type int of does not have a field javax)
On 06/04/2011 10:47, André Warnier wrote: > Hello 文宝殷, > > As I failed to mention before, I am not really a java or JSP expert, so I was > just guessing. > The error messages which you are getting seem to suggest that the generated > Java code > (before compilation) contains some line breaks or other confusing characters > where the > compiler is not expecting them, and it is taking one of the "import" > statements (like > "import javax.servlet.http.HttpServletRequest;") as an attribute of a > variable named "". > It is all quite bizarre, and made me think that the problem may be linked to > a character > set issue or a wrong line-ending. > > Maybe there is an option to the JSP interpreter where you can actually ask to > see the > generated java code before compilation ? Tomcat makes the java file available by default in the work directory. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
PersistentManager with FileStore reports "persistentManager.swapInInvalid"
Hi,
We are using an embedded instance of Tomcat and would like to use a FileStore
for Session storage to keep memory requirements low while still allowing to
have many sessions opened. This is a single tomcat instance, sharing sessions
with other instances is not needed.
As I embed Tomcat, I have created the FileStore as follows:
Context context = tomcat.addWebapp(contextRoot, webDir);
tomcat.start();
{ // Override the default Manager and set a persistent manager which
can store Sessions on disk
PersistentManager manager = new PersistentManager();
FileStore store = new FileStore();
store.setDirectory(new File(workDir, "store").getAbsolutePath());
manager.setStore(store);
context.setManager(manager);
manager.setMaxActiveSessions(-1);
manager.setMaxIdleSwap(500);
manager.setMinIdleSwap(200);
manager.setMaxIdleBackup(400);
}
As far as I understood documentation, this should allow me to have an unlimited
number of sessions (while the session timeout of 30 minutes still applies), but
swaps out the sessions at least after 500 seconds.
It basically works fine this way, only a limited number of sessions are held in
memory, others are swapped out. The only issue is that I start getting the
following log output frequently after aprox. half an hour when the first
sessions are timing out:
2011-04-06 12:17:20 Custome SEVERE [PersistentManagerBase]
persistentManager.swapInInvalid
2011-04-06 12:17:20 Custome SEVERE [PersistentManagerBase]
persistentManager.swapInInvalid
2011-04-06 12:17:20 Custome SEVERE [PersistentManagerBase]
persistentManager.swapInInvalid
2011-04-06 12:17:21 Custome SEVERE [PersistentManagerBase]
persistentManager.swapInInvalid
2011-04-06 12:17:22 Custome SEVERE [PersistentManagerBase]
persistentManager.swapInInvalid
2011-04-06 12:17:22 Custome SEVERE [PersistentManagerBase]
persistentManager.swapInInvalid
2011-04-06 12:17:22 Custome SEVERE [PersistentManagerBase]
persistentManager.swapInInvalid
2011-04-06 12:17:22 Custome SEVERE [PersistentManagerBase]
persistentManager.swapInInvalid
When looking at the code in PersistentManager and StandardSession, I can not
explain what this severe-log tries to tell me. It seems we get this for every
session that is timing out after 30 minutes of inactivity. It seems the
expiry-check marks the session as "invalid" which in turn causes the check in
swapIn() to fail.
Now my question:
- As it seems to work nevertheless, can I safely ignore this error
message or does it indicate that I am doing something fundamentally wrong with
PersistentManager and FileStore?
Thanks... Dominik
Dominik Stadler, Team Lead, R&D dynaTrace Skype:
stadler.dominik
dynaTrace
Re: IE & Firefox work fine, Mac, Google and Safari don't authenticate
Andre, I'll get HttpFox and Fidler2. Is there one for Chrome or Safari? I'll come back when I get some info from them. Thanks. Dick From: André Warnier To: Tomcat Users List Sent: Wednesday, April 6, 2011 3:20 AM Subject: Re: IE & Firefox work fine, Mac, Google and Safari don't authenticate Hi. Not knowing the exact layout of your pages, and not knowing exactly what you have in mind about what /should/ happen, makes this a bit of a guesswork. In the log, there are a number of URLs being accessed ( /catalog/dealerwelcome.jsp, /catalog/authControl.jsp, /catalog/dealer/dealerwelcome.jsp, etc..) but it is not clear to people reading your messages to the list, what these correspond to in terms of logic of the application. It would help if you described what the sequence is or should be, from the point of view of the user accessing your site, and/or from the point of the view of the pages they should access in what order. For example, your sections below : - one of them relates to an area of your web space under "/joeparts/admin/*", which seems to have nothing to do with the logfile, and confuses things. - the other refers to "/catalog/dealer/*", but according to the log, there is a "dealerwelcome.jsp" page in both the top "/catalog" directory and in the "/catalog/dealer" directory, and between the accesses to these two, there is an intermediate POST to something called "/catalog/authControl.jsp". What is that ? What is it supposed to do ? I get the feeling that there is something fundamentally flawed in the way you are trying to do this authentication, and that the fact that it works in some cases may just be due to the different way that browsers react to edge cases. Also, with the logs we only see one side of things : the requests received by the server, and the status code of the answer. Contrary to you, we do not see what the browser is actually sending or receiving. Try to help us a bit here. There exist useful plugins for browsers, which allow to see the detail of the browser/server conversation. For Firefox, try HttpFox for example, and for IE try Fiddler2. You will easily locate them with Google. They are invaluable when trying to debug such issues. Dick Eastlake wrote: > Here's an access log from a successful login using Firefox. Note the post > toj_security_check returns a 302 and the id of the authenticated user shows > in the returned request for a page located in the secured portion of the site. > 213.20.160.134 - - [05/Apr/2011:22:44:31 -0700] "GET > /catalog/dealerwelcome.jsp HTTP/1.1" 200 1870 > 213.20.160.134 - - [05/Apr/2011:22:44:40 -0700] "POST > /catalog/authControl.jsp HTTP/1.1" 302 - > 213.20.160.134 - - [05/Apr/2011:22:44:40 -0700] "GET > /catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 1910 > 213.20.160.134 - - [05/Apr/2011:22:44:44 -0700] "POST > /catalog/dealer/j_security_check HTTP/1.1" 302 - > 213.20.160.134 - dickeastl...@progressivecommerce.com [05/Apr/2011:22:44:44 > -0700] "GET /catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 2391 > > Here's a failed attempt (phony id/password) using IENote the post to > j_security_check returns a 200 and there is no returned request. > 74.77.201.185 - - [05/Apr/2011:22:52:46 -0700] "GET > /catalog/dealerwelcome.jsp HTTP/1.1" 200 1870 > 74.77.201.185 - - [05/Apr/2011:22:53:05 -0700] "POST /catalog/authControl.jsp > HTTP/1.1" 302 - > 74.77.201.185 - - [05/Apr/2011:22:53:05 -0700] "GET > /catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 1897 > 74.77.201.185 - - [05/Apr/2011:22:53:12 -0700] "POST > /catalog/dealer/j_security_check HTTP/1.1" 200 676 > > The above examples show correct results using IE and Firefox. > Here's an access log from an unsuccessful login using Chrome. Note the post > to j_security_check returns a 200 even though the id/password entered was a > valid one. 74.77.201.185 - - [05/Apr/2011:23:35:58 -0700] "GET > /catalog/dealerwelcome.jsp HTTP/1.1" 200 1870 > 74.77.201.185 - - [05/Apr/2011:23:36:06 -0700] "POST /catalog/authControl.jsp > HTTP/1.1" 302 - > 74.77.201.185 - - [05/Apr/2011:23:36:06 -0700] "GET > /catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 1893 > 74.77.201.185 - - [05/Apr/2011:23:36:09 -0700] "POST > /catalog/dealer/j_security_check HTTP/1.1" 200 676 > > Again, IE & Firefox work fine, Mac, Google and Safari don't. > Thanks for your help, > Dick > > > From: André Warnier > To: Tomcat Users List > Sent: Tuesday, April 5, 2011 6:43 PM > Subject: Re: IE & Firefox work fine, Mac, Google and Safari don't authenticate > > Hi. > > Since I doubt that many people here really feel like going through a bunch of > lines of badly-formatted configuration, code and logs to figure out exactly > what is wrong, I suggest that you search Google for > "tomcat form based authentication example" and use one of the numerous ones > there as a reference. > > There is something bizarre in your explan
Valve to intercept outgoing requests
I made this Valve, trying to intercept requests going out of my
"WebPages" context to the "Webservices" context. Right now they are both
running in the same Tomcat (5.5.33), but that may not be true in the future.
public class TestValve extends org.apache.catalina.valves.ValveBase {
@Override
public void invoke(Request request, Response response) throws
IOException, ServletException {
System.out.println("TestValve");
if (request.getRequestURI().contains("/WebPages")) {
System.out.println("TestValve: context /WebPages");
String teste = (String)
request.getSession().getAttribute("test");
request.setAttribute("test", teste);
}
getNext().invoke(request, response);
}
}
The idea is to intercept the request to implicitly set attributes to be
recovered at the "Webservices" context. This is not working. Any ideas why?
Sergio
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat integrity
Dear List, I´m searching for a integrity measurement module for apache tomcat which makes a hash (e.g. sha1) from each *.war file before starting/employing it. Can anyone give me a hint? Thank you! Sebastian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat integrity
On Wed, Apr 6, 2011 at 14:29, Sebastian Biedermann
wrote:
> Dear List,
>
> I´m searching for a integrity measurement module for apache tomcat which
> makes a hash (e.g. sha1) from each *.war file before starting/employing it.
>
> Can anyone give me a hint?
>
You can sign jars, so I guess you can sign wars and use the same tools
to check validity. But this means signing the war at build/package
time.
Otherwise you can just use whatever the system provides you with. I
don't know for Windows, but Linux has {md5,sha1,sha256}sum, etc etc.
--
Francis Galiegue
ONE2TEAM
Ingénieur système
Mob : +33 (0) 683 877 875
Tel : +33 (0) 178 945 552
f...@one2team.com
40 avenue Raymond Poincaré
75116 Paris
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: IE & Firefox work fine, Mac, Google and Safari don't authenticate
> From: Dick Eastlake [mailto:dickeastl...@yahoo.com] > Subject: Re: IE & Firefox work fine, Mac, Google and Safari don't authenticate > I'll get HttpFox and Fidler2. Just use Fiddler2; it works with any browser, since it installs as a proxy. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat iis connector feedback is needed
Folks: Feedback is needed on a project I worked on to connect IIS to Tomcat. This is a replacement for the old ISAPI redirectors that have been used since early 2000. Nonetheless, the new ones should work for Tomcat 5,6,7 and IIS 5.1,6,7,7.5 combinations. Looking for feedback (what works, what doesn't, bugs from this group). Connectors can be downloaded from: http://tomcatiis.riaforge.org/ Here are some general improvements with these connectors: • no ISAPI code • no IIS6 vestiges or backward compatibility elements needed on IIS7 • all managed code for using .net extensibility framework • works on IIS5.1, IIS6 and IIS7 • speed improvements • easier control on IIS side • no virtual directories and virtual mapping needed • configuration can be inherited to sub-sites and virtual sites • easy install/uninstall • support partial stream sending to browser (automatic flushing) with faster response to client • support both 32/64 bit of Windows with same process and files • transfer of all request headers • build in simple-security for web-administration pages • Works on Windows XP (IIS5.1) and above Thanks again, -Bilal
Re: tomcat iis connector feedback is needed
On 04/06/2011 03:56 PM, Bilal S wrote: Folks: Feedback is needed on a project I worked on to connect IIS to Tomcat. Connectors can be downloaded from: http://tomcatiis.riaforge.org/ This not open source AFAICT, but that's fine. Nevertheless you should follow the ASF Trademark guidelines: http://www.apache.org/foundation/marks/ when ever using one of our trademark names. In essence our project is not Tomcat, but rather 'Apache Tomcat', so you should credit it as such. Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat6 Cookies
I recently upgraded my Tomcat cluster from 5 to 6 and am no longer able to
use getCookie() to retrieve our Omniture cookie data using
request.getCookies(). We are still able to access the cookie name and value
via a request header so we're using this as a work around but I'm still
curious as to why getCookie() no longer works.. Is this some sort of
security restriction in Tomcat6?
Here's what we get in the "cookie" request header, using *
request.getHeader("cookie")*. Note the presence of s_vi.
s_sq=dev%3D%2526pid%253D/page/blah.jsp%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BreturnshowDebugDumpRequest%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA;
JSESSIONID=897660B3D20E674F2D38E6CBD48814D24; s_cc=true;
*s_vi*=[CS]v1|26C8FDB30515A765-6175C0022D93[CE];
__utma=250344192.1083919342.1301415933.1301415933.1301415933.1;
__utmc=250344192;
__utmz=25034774129322.130133.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
cpxRefCode=7020
Here are the cookies that we can see, using *request.getCookies()*. We can
see all the cookies except s_vi. This includes google analytics cookies
that are likely set by js running on our site. *Name**Value*s_cctrue
JSESSIONID 897660B3D20E674F2D38E6CBD48814D24__utmz25034774129322.130133.1.1
.utmcsrcpxRefCode7020s_sq
dev%3D%2526pid%253D/page/blah.jsp%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BreturnshowDebugDumpRequest%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA
__utma250344192.1083919342.1301415933.1301415933.1301415933.1__utmc
250344192All of these cookies, including s_vi, have a Domain value set to *.
domain.com* (or .domain.local in this case). The biggest difference is that
s_vi was set via Omniture on the cnamed *metric.domain.com*domain (which you
can see by using Linux Chrome), while all others show just *domain.com* as
the domain of origin. Note that when I say domain of origin I mean
something different than the actual Domain value set on the cookie, which is
the same for all of them.
Re: Tomcat6 Cookies
On 06/04/2011 16:35, John Clark wrote: > I recently upgraded my Tomcat cluster from 5 to 6 and am no longer able to > use getCookie() to retrieve our Omniture cookie data using > request.getCookies(). We are still able to access the cookie name and value > via a request header so we're using this as a work around but I'm still > curious as to why getCookie() no longer works.. Is this some sort of > security restriction in Tomcat6? Nope, the cookie is invalid hence Tomcat rejects it. Tomcat 6 is just stricter than Tomcat 5 in adhering to the specs. > s_vi=[CS]v1|26C8FDB30515A765-6175C0022D93[CE]; Neither '[' nor ']' are permitted in cookie values unless the value is quoted. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: IE & Firefox work fine, Mac, Google and Safari don't authenticate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dick, On 4/6/2011 2:52 AM, Dick Eastlake wrote: > Here's an access log from an unsuccessful login using Chrome. Note > the post to j_security_check returns a 200 even though the > id/password entered was a valid one. Response code 200 means "OK". There is nothing wrong with a 200 response to that request. What response code were you expecting? 401? That would result in a nasty error message being shown by your client. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2cmQcACgkQ9CaO5/Lv0PD4DQCgv4lkfgPwT1+9zk72wGYq7whJ U8MAnRdiJ6weJZm+G3qd4aWDqS0RJ6IE =bRyD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[ANN] Apache Tomcat 7.0.12 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.12. Apache Tomcat 7.0.12 includes bug fixes and the following new features compared to version 7.0.11: * initial support for SPNEGO/Kerberos authentication (also referred to as Windows authentication); * provide a new configuration option to define a close method to call on a JNDI resource when it is no longer required; * optional support for pre-emptive authentication. Please refer to the change log for the list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Known issues: * HTTP pipelining is likely to fail with 505 errors with the HTTP BIO connector (bug 50957). The other connectors (HTTP NIO, HTTP APR/native, AJP BIO & AJP APR/native) are not affected. Note that this version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for Windows operating systems running on different CPU architectures. Downloads: http://tomcat.apache.org/download-70.cgi Migration guide from Apache Tomcat 5.5.x and 6.0.x: http://tomcat.apache.org/migration.html Thank you, -- The Apache Tomcat Team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: PersistentManager with FileStore reports "persistentManager.swapInInvalid"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dominik,
On 4/6/2011 6:21 AM, Dominik Stadler wrote:
> We are using an embedded instance of Tomcat and would like to use a
> FileStore for Session storage to keep memory requirements low while
> still allowing to have many sessions opened. This is a single tomcat
> instance, sharing sessions with other instances is not needed.
>
> As I embed Tomcat, I have created the FileStore as follows:
I'm not sure that the embedded environment is relevant, but thanks for
providing your setup code.
> As far as I understood documentation, this should allow me to have
> an unlimited number of sessions (while the session timeout of 30 minutes
> still applies), but swaps out the sessions at least after 500 seconds.
> It basically works fine this way, only a limited number of sessions are held
> in memory, others are swapped out. The only issue is that I start getting the
> following log output frequently after aprox. half an hour when the first
> sessions are timing out:
>
> 2011-04-06 12:17:20 Custome SEVERE [PersistentManagerBase]
> persistentManager.swapInInvalid
> 2011-04-06 12:17:20 Custome SEVERE [PersistentManagerBase]
> persistentManager.swapInInvalid
> 2011-04-06 12:17:20 Custome SEVERE [PersistentManagerBase]
> persistentManager.swapInInvalid
> 2011-04-06 12:17:21 Custome SEVERE [PersistentManagerBase]
> persistentManager.swapInInvalid
> 2011-04-06 12:17:22 Custome SEVERE [PersistentManagerBase]
> persistentManager.swapInInvalid
> 2011-04-06 12:17:22 Custome SEVERE [PersistentManagerBase]
> persistentManager.swapInInvalid
> 2011-04-06 12:17:22 Custome SEVERE [PersistentManagerBase]
> persistentManager.swapInInvalid
> 2011-04-06 12:17:22 Custome SEVERE [PersistentManagerBase]
> persistentManager.swapInInvalid
It looks like Tomcat is missing some localized error message text for
your locale. What is your locale?
persistentManager.swapInInvalid is produced when a session loaded from
the store is determined to be invalid. I'm not sure why it's classified
as "severe", since this is a perfectly reasonable situation: the session
was persisted while it was valid, and then a request came in for that
session after it was invalidated. The persistent manager loads the
session from the store, sees that it's not valid (it has expired after
30 minutes or so) and emits this ("severe") error message.
I suspect that the persistent manager is working as you expect... just
generating error messages that are more alarming than they should be.
> When looking at the code in PersistentManager and StandardSession, I
> can not explain what this severe-log tries to tell me. It seems we
> get this for every session that is timing out after 30 minutes of
> inactivity. It seems the expiry-check marks the session as "invalid"
> which in turn causes the check in swapIn() to fail.
I agree with your analysis.
> As it seems to work nevertheless, can I safely ignore this error
> message or does it indicate that I am doing something fundamentally
> wrong with PersistentManager and FileStore?
I think you can probably ignore this error, though I'd like to hear some
commentary from others with more familiarity with the PersistentManager.
I would probably downgrade this message possibly to the DEBUG level,
though there may be a reason why PersistentManager flags this particular
issue for stores /other than/ FileStore.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk2cmxUACgkQ9CaO5/Lv0PDE4QCffJ2LPJ756MLpjEKU1ccQGWuS
m1kAn01atqSlkgtGdsXLQ5xYr4DpdB7a
=yZyv
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Valve to intercept outgoing requests
On Wed, Apr 6, 2011 at 5:19 AM, Sergio wrote: > I made this Valve, trying to intercept requests going out of my "WebPages" > context to the "Webservices" context. An outbound request made by your webapp for another resource is not going to be using a Tomcat connector. You could capture the *inbound* request to your "Webservices" or fix your app to include the desired parameters (not attributes). HTH, -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass
CVE-2011-1183 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.11 - Earlier versions are not affected Description: A regression in the fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete. Mitigation: Users of affected versions should apply one of the following mitigations: - Upgrade to a Tomcat 7.0.12 or later - Ensure a login configuration is defined in web.xml Credit: This issue was identified by the Apache Tomcat security team. References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-7.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
CVE-2011-1475 Apache Tomcat information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.11 - Earlier versions are not affected Description: Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible. Mitigation: Users of affected versions should apply one of the following mitigations: - Upgrade to a Tomcat 7.0.12 or later - Switch to the NIO or APR/native HTTP connectors that do not exhibit this issue Credit: This issue was identified by Brad Piles and reported via the public ASF Bugzilla issue tracking system. The Apache Tomcat security team requests that security vulnerability reports are made privately to secur...@tomcat.apache.org in the first instance. References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-7.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat calling into itself
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 4/5/2011 2:56 AM, Michael McCutcheon wrote: > I have heard that it is not recommended to run the webapp on the same > tomcat instance as Solr, due to potential threading issues of tomcat > calling into itself. If your webapp and Solr will be hosted by the same instance of Tomcat, you will need to make sure that N incoming requests to your webapp don't establish N loopback requests to Solr and essentially use 2*N request processors, thereby choking your actual remote users. You can mitigate this in one of several ways: 1. Run a second, localhost-only Connector on a different port: use that port for your loopback connections and make sure you have enough request processors on that Connector. I think this is probably the easiest to do. 2. Run multiple Tomcat instances. This is the second-easiest strategy. 3. Run multiple physical/virtual servers. This is the same as #2 except that you aren't using "localhost"... you are using a different host. 4. Use a Java-based interface to Solr instead of the HTTP interface. I'm no Solr expert, but I know that Solr is essentially distributed Lucene with web services exposed... does Solr even have a Java-based interface? This may be your best-performing option if it's possible. > Or is there a way to configure tomcat so that the webapp and solr can > run in the same tomcat instance, reliably and without threading or > performance issues? Tomcat shouldn't have any threading issues whatsoever: the only reason to "fear" making loopback connections is that you may end up starving your remote clients. If performance is in question, running multiple Tomcat instances won't change anything (it'll actually make it worse, since each JVM has a minimum required footprint) because you'll be handling the exact same number of requests regardless of deployment strategy, and all those requests will require the same amount of resources. If you can't handle your load, you'll have to scale horizontally. Fortunately, Solr was made to scale horizontally :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2ctXEACgkQ9CaO5/Lv0PDc4QCgvuMpXdFlY2OPKs1dq1/8Fm5x zwIAnjXorMR/xhmHOywP4HjfWNedPcBI =X930 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session sharing between context
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sergio, On 4/5/2011 9:03 AM, Sergio wrote: > We have an environment where there will be several instance of the same > webapp running on tomcat (sharing libraries when possible), each > connecting to different database. My idea is to have a webapp dedicated > to login, once the user login I would redirect him to the webapp of his > company (another context, user in the database is associated with > company). That sounds like a security problem waiting to happen: users can authenticate to the login webapp and then have free access to any company's webapp based just upon URL? > Something like this: > > http://webapp.strategos.net/ (WebappLogin context on tomcat) > http://webapp.strategos.net/company1/ (WebappCompany1 context on tomcat) > http://webapp.strategos.net/company2/ (WebappCompany2 context on tomcat) > > Is it possible to redirect browser to different context and share http > session that was created in the login context? HttpServletResponse.sentRedirect should always work. You just need to make sure that the session will be shared. Read the Tomcat documentation on SSO for more information. > I'm not using tomcat > authentication, the whole authentication process is done by our webapp > (if required we can change this). I don't believe Tomcat's SSO can work unless you are using Tomcat's authentication. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2ctoMACgkQ9CaO5/Lv0PDRAwCghNzyig1d8cE6lSQuNs3ij1lD 6GsAoLoFQNLIzdnq2/sQ3FF52jewndXG =aTIx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
No access log for AJP traffic
I'm using tomcat 7.0.11 with the following Connector and Host elements in server.xml: In the access log I'm seeing the HTTP traffic on port 8080 but not the AJP traffic on port 8009. I've googled around and I don't see any mention of specific Valve settings for AJP. Any ideas? Thanks, Chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
TomcatCluster data replication
hi, i'm in need of data replication in a tomcat-cluster. i set up a tomcat cluster of three tomcats on a single machine with a apache (mod_jk) front that does the load balacing. everything works absolutely charming for reading requests, my trouble start with data input. what i'm trying to achieve is that if i submit data with a html form, the storage on all cluster members needs to be updated. i'm using an openrdf's sesame triple store which locks it's data directory so i can't simply use a single shared directory in my application. what i have in mind, after first readings, is some sort of clustervalve that checks, if a request is a POST request and if yes, sends this request (which updates the repository in the back) to all members of the cluster. so here would be my questions : 1. is there a standard way of doing something like (which a not-clusterable data-backend) 2. is the thing with the clustervalve in fact the correct starting point any help or pointer to the right direction greatly appreciated wkr turnguard.com/turnguard -- punkt. netServices __ Jürgen Jakobitsch Codeography Lerchenfelder Gürtel 43 Top 5/2 A - 1160 Wien Tel.: 01 / 897 41 22 - 29 Fax: 01 / 897 41 22 - 22 netServices http://www.punkt.at - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No access log for AJP traffic
Chris Dumoulin wrote: I'm using tomcat 7.0.11 with the following Connector and Host elements in server.xml: In the access log I'm seeing the HTTP traffic on port 8080 but not the AJP traffic on port 8009. I've googled around and I don't see any mention of specific Valve settings for AJP. Any ideas? And are you expecting traffic on the AJP Connector ? For traffic to show up there, some client would need to connect to your server on port 8009. Is there anything that connects to that port ? If not, then there is nothing to worry about, and you could even comment-out that , since it will never be used. Like : The AJP Connector is used in scenarios where there is another webserver used as a front-end to Tomcat, and this other webserver, to pass requests to Tomcat, uses the AJP protocol. For example, a configuration like this one : browser <--> Apache httpd server <-> Tomcat + mod_jk module OR + mod_proxy_ajp module or browser <--> IIS webserver <-> Tomcat + isapi_redirect module If you do not use such a configuration, or you do not understand what this is all about, then you don't need the AJP in Tomcat. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBC Pool Disconnections
On 4/5/2011 7:31 AM, הילה wrote: name="jdbc/com/vstechnology/appname scope="Shareable" type="javax.sql.Datasource" url="jdbc:jtds:sqlserver://SQLServerName:1433/DBname;useCursors=false;sendStringParametersAsUnicode=false" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" maxActive="200" minIdle="0" maxIdle="10" maxWait="1" initialSize="20" driverClassName="net.sourceforge.jtds.jdbc.Driver" Add in testOnBorrow="true" validationQuery="select 1" this ensures that if the DB closes a connection, the pool validates it best Filip - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No access log for AJP traffic
Thanks for your response Andre. I'm using AJP between Tomcat and Nginx using this Nginx module: https://github.com/yaoweibin/nginx_ajp_module There is definitely AJP traffic, it's just not showing up in the access log. - Chris On April 6, 2011 03:24:38 pm André Warnier wrote: > Chris Dumoulin wrote: > > I'm using tomcat 7.0.11 with the following Connector and Host elements in > > server.xml: > > > > > redirectPort="8443"/> > > > > > > > unpackWARs="true"> > > > directory="logs" pattern="%h %l %u %t "%r" %s %b" > > prefix="localhost_access_log." resolveHosts="false" suffix=".txt"/> > > > source="org.eclipse.jst.jee.server:app1"/> > > > source="org.eclipse.jst.j2ee.server:app2"/> > > > > > > In the access log I'm seeing the HTTP traffic on port 8080 but not the AJP > > traffic on port 8009. I've googled around and I don't see any mention of > > specific Valve settings for AJP. > > > > Any ideas? > > > > And are you expecting traffic on the AJP Connector ? > For traffic to show up there, some client would need to connect to your > server on port > 8009. Is there anything that connects to that port ? > > If not, then there is nothing to worry about, and you could even comment-out > that > , since it will never be used. > Like : > > > > The AJP Connector is used in scenarios where there is another webserver used > as a > front-end to Tomcat, and this other webserver, to pass requests to Tomcat, > uses the AJP > protocol. For example, a configuration like this one : > > browser <--> Apache httpd server <-> Tomcat > + mod_jk module > OR + mod_proxy_ajp module > > or > > browser <--> IIS webserver <-> Tomcat > + isapi_redirect module > > If you do not use such a configuration, or you do not understand what this is > all about, > then you don't need the AJP in Tomcat. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TomcatCluster data replication
On 4/6/2011 1:22 PM, Jürgen Jakobitsch wrote: hi, i'm in need of data replication in a tomcat-cluster. i set up a tomcat cluster of three tomcats on a single machine with a apache (mod_jk) front that does the load balacing. everything works absolutely charming for reading requests, my trouble start with data input. what i'm trying to achieve is that if i submit data with a html form, the storage on all cluster members needs to be updated. i'm using an openrdf's sesame triple store which locks it's data directory so i can't simply use a single shared directory in my application. sounds like a limitation of sesame. Use some other noSQL data store and you wont have this issue best Filip what i have in mind, after first readings, is some sort of clustervalve that checks, if a request is a POST request and if yes, sends this request (which updates the repository in the back) to all members of the cluster. so here would be my questions : 1. is there a standard way of doing something like (which a not-clusterable data-backend) 2. is the thing with the clustervalve in fact the correct starting point any help or pointer to the right direction greatly appreciated wkr turnguard.com/turnguard - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBC Pool Disconnections
I wanted to add it, bu the company that developed the application that runs on the tomcat, says that it affect performance and has issues. what do you mean "validates it"? what does it do, exactly? Thanks Hila 2011/4/6 Filip Hanik - Dev Lists > On 4/5/2011 7:31 AM, הילה wrote: > >> name="jdbc/com/vstechnology/appname >> scope="Shareable" >> type="javax.sql.Datasource" >> >> url="jdbc:jtds:sqlserver://SQLServerName:1433/DBname;useCursors=false;sendStringParametersAsUnicode=false" >> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" >> maxActive="200" >> minIdle="0" >> maxIdle="10" >> maxWait="1" >> initialSize="20" >> driverClassName="net.sourceforge.jtds.jdbc.Driver" >> > Add in > > testOnBorrow="true" > validationQuery="select 1" > > this ensures that if the DB closes a connection, the pool validates it > > best > Filip > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: TomcatCluster data replication
Jürgen Jakobitsch wrote: hi, i'm in need of data replication in a tomcat-cluster. i set up a tomcat cluster of three tomcats on a single machine with a apache (mod_jk) front that does the load balacing. everything works absolutely charming for reading requests, my trouble start with data input. what i'm trying to achieve is that if i submit data with a html form, the storage on all cluster members needs to be updated. i'm using an openrdf's sesame triple store which locks it's data directory so i can't simply use a single shared directory in my application. what i have in mind, after first readings, is some sort of clustervalve that checks, if a request is a POST request and if yes, sends this request (which updates the repository in the back) to all members of the cluster. so here would be my questions : 1. is there a standard way of doing something like (which a not-clusterable data-backend) No. 2. is the thing with the clustervalve in fact the correct starting point Probably not. any help or pointer to the right direction greatly appreciated I'm not saying that it would not be possible to do this. And I have no idea what a "openrdf's sesame triple store" is. But what you describe sounds more like something that should be handled at the level of the application which processes the POST. It is the application which should arrange to update the nn back-end data stores at the same time. Of course that introduces some interesting issues of locking and synchronisation, in case two quasi-simultaneous requests handled by two separate tomcats try to update the same piece of data in each of the datastores. Now just by curiosity, what is the real-world point of this setup, considering that your 3 tomcats are running on the same host ? Why not have a single Tomcat with 3 times more resources, to handle all the requests ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBC Pool Disconnections
validate == connection is open and working if they are worried about performance, there is a compromise that gets you best of both worlds testOnBorrow="true" validationQuery="select 1" validationInterval="3" this ensures that in a high concurrency environment, the number of validations are limited Filip On 4/6/2011 1:36 PM, הילה wrote: I wanted to add it, bu the company that developed the application that runs on the tomcat, says that it affect performance and has issues. what do you mean "validates it"? what does it do, exactly? Thanks Hila 2011/4/6 Filip Hanik - Dev Lists On 4/5/2011 7:31 AM, הילה wrote: name="jdbc/com/vstechnology/appname scope="Shareable" type="javax.sql.Datasource" url="jdbc:jtds:sqlserver://SQLServerName:1433/DBname;useCursors=false;sendStringParametersAsUnicode=false" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" maxActive="200" minIdle="0" maxIdle="10" maxWait="1" initialSize="20" driverClassName="net.sourceforge.jtds.jdbc.Driver" Add in testOnBorrow="true" validationQuery="select 1" this ensures that if the DB closes a connection, the pool validates it best Filip - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No access log for AJP traffic
In looking into this further, it appears that the difference isn't in HTTP vs AJP, the difference is in async vs synchronous. The AJP traffic was carrying requests that were being processed asynchronously in Tomcat. If I switch to using the HTTP connector for this same traffic I still don't see anything in the access log. Other requests that are being processed synchronously are showing up in the access logs. I'm starting to step through the Tomcat code now, but any thoughts on this would be appreciated. - Chris On April 6, 2011 03:31:18 pm Chris Dumoulin wrote: > Thanks for your response Andre. I'm using AJP between Tomcat and Nginx using > this Nginx module: https://github.com/yaoweibin/nginx_ajp_module > There is definitely AJP traffic, it's just not showing up in the access log. > > - Chris > > On April 6, 2011 03:24:38 pm André Warnier wrote: > > Chris Dumoulin wrote: > > > I'm using tomcat 7.0.11 with the following Connector and Host elements in > > > server.xml: > > > > > > > > redirectPort="8443"/> > > > > > > > > > > > unpackWARs="true"> > > > > > directory="logs" pattern="%h %l %u %t "%r" %s %b" > > > prefix="localhost_access_log." resolveHosts="false" suffix=".txt"/> > > > > > source="org.eclipse.jst.jee.server:app1"/> > > > > > source="org.eclipse.jst.j2ee.server:app2"/> > > > > > > > > > In the access log I'm seeing the HTTP traffic on port 8080 but not the > > > AJP traffic on port 8009. I've googled around and I don't see any mention > > > of specific Valve settings for AJP. > > > > > > Any ideas? > > > > > > > And are you expecting traffic on the AJP Connector ? > > For traffic to show up there, some client would need to connect to your > > server on port > > 8009. Is there anything that connects to that port ? > > > > If not, then there is nothing to worry about, and you could even > > comment-out that > > , since it will never be used. > > Like : > > > > > > > > The AJP Connector is used in scenarios where there is another webserver > > used as a > > front-end to Tomcat, and this other webserver, to pass requests to Tomcat, > > uses the AJP > > protocol. For example, a configuration like this one : > > > > browser <--> Apache httpd server <-> Tomcat > > + mod_jk module > > OR + mod_proxy_ajp module > > > > or > > > > browser <--> IIS webserver <-> Tomcat > > + isapi_redirect module > > > > If you do not use such a configuration, or you do not understand what this > > is all about, > > then you don't need the AJP in Tomcat. > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBC Pool Disconnections
I wanted to add the last string as well, but they said to forget about it.. :] and they should know best however, if disconnections will continue (there are some right now) I'll try it anyway as for the connection validation = you said that if the DB closes a connection (why does it happen? can I prevent it?) than the pool is checking if the connection is open and working. and if not? i the DB closed the connection and it's not usable.. then what does the pool do? 2011/4/6 Filip Hanik - Dev Lists > validate == connection is open and working > > if they are worried about performance, there is a compromise that gets you > best of both worlds > > > testOnBorrow="true" > validationQuery="select 1" > validationInterval="3" > > this ensures that in a high concurrency environment, the number of > validations are limited > > Filip > > > > > On 4/6/2011 1:36 PM, הילה wrote: > >> I wanted to add it, bu the company that developed the application that >> runs >> >> on the tomcat, says that it affect performance and has issues. >> >> what do you mean "validates it"? what does it do, exactly? >> >> Thanks >> Hila >> >> >> 2011/4/6 Filip Hanik - Dev Lists >> >> On 4/5/2011 7:31 AM, הילה wrote: >>> >>> name="jdbc/com/vstechnology/appname scope="Shareable" type="javax.sql.Datasource" url="jdbc:jtds:sqlserver://SQLServerName:1433/DBname;useCursors=false;sendStringParametersAsUnicode=false" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" maxActive="200" minIdle="0" maxIdle="10" maxWait="1" initialSize="20" driverClassName="net.sourceforge.jtds.jdbc.Driver" Add in >>> >>> testOnBorrow="true" >>> validationQuery="select 1" >>> >>> this ensures that if the DB closes a connection, the pool validates it >>> >>> best >>> Filip >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> >> - >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: JDBC Pool Disconnections
On 4/6/2011 1:54 PM, הילה wrote: I wanted to add the last string as well, but they said to forget about it.. :] and they should know best however, if disconnections will continue (there are some right now) I'll try it anyway as for the connection validation = you said that if the DB closes a connection (why does it happen? can I prevent it?) most common is that the DB times out an idle connection. A pool holds a connection open, the connection is not being used and the DB times it out. there are many examples, same thing if there is a network glitch, or the db is restarted. than the pool is checking if the connection is open and working. and if not? i the DB closed the connection and it's not usable.. then what does the pool do? if the pool doesn't check, then it doesn't do anything. if the pool check (testOnBorrow=true) and the test fails, it closes the old connection and opens a new one. Filip 2011/4/6 Filip Hanik - Dev Lists validate == connection is open and working if they are worried about performance, there is a compromise that gets you best of both worlds testOnBorrow="true" validationQuery="select 1" validationInterval="3" this ensures that in a high concurrency environment, the number of validations are limited Filip On 4/6/2011 1:36 PM, הילה wrote: I wanted to add it, bu the company that developed the application that runs on the tomcat, says that it affect performance and has issues. what do you mean "validates it"? what does it do, exactly? Thanks Hila 2011/4/6 Filip Hanik - Dev Lists On 4/5/2011 7:31 AM, הילה wrote: name="jdbc/com/vstechnology/appname scope="Shareable" type="javax.sql.Datasource" url="jdbc:jtds:sqlserver://SQLServerName:1433/DBname;useCursors=false;sendStringParametersAsUnicode=false" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" maxActive="200" minIdle="0" maxIdle="10" maxWait="1" initialSize="20" driverClassName="net.sourceforge.jtds.jdbc.Driver" Add in testOnBorrow="true" validationQuery="select 1" this ensures that if the DB closes a connection, the pool validates it best Filip - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TomcatCluster data replication
hi, thanks for your input.. 1. switching that backend is apparently not an option, i wouldn't have asked with respect to a non-clusterable data-backend 2. it wouldn't be that two request update one piece of data, but it would be that the first cluster member that receives a POST request, posts that request also to other members, these then simply handle this POST request. Since every application has it's own datadirectory every member would write into it's own datadirectory, that's why the requests need to be forwarded to all members of the cluster. 3. these three tomcats on one machine are for testing purposes only - real world would go on different physical machines. image you have a simple text file in the WEB-INF directory of a webapp named ClusterApp. this ClusterApp is deployed on three tomcats in a cluster. now comes a POST request, that updates the text file (adds one line to it). now of course i need to synchronize the text file on all tomcats in the cluster. in my opinion there are only a few options to achieve this : 1. rsync the file, which is kind of hard, since i have a load balancer and don't know exactly which member answers the request, there are to many insecurities 2. check all incoming requests for HTTP POST, if the request is a POST the send it simply to all members of the cluster. honestly i can hardly imagine that i'm the first to come across this usecase... any help really appreciated.. wkr turnguard.com/turnguard - Original Message - From: "André Warnier" To: "Tomcat Users List" Sent: Wednesday, April 6, 2011 9:43:02 PM Subject: Re: TomcatCluster data replication Jürgen Jakobitsch wrote: > hi, > > i'm in need of data replication in a tomcat-cluster. > i set up a tomcat cluster of three tomcats on a single machine with a apache > (mod_jk) front that does the load balacing. > everything works absolutely charming for reading requests, my trouble start > with data input. > > what i'm trying to achieve is that if i submit data with a html form, the > storage on all cluster members needs to be updated. > i'm using an openrdf's sesame triple store which locks it's data directory so > i can't simply use a single shared directory > in my application. > > what i have in mind, after first readings, is some sort of clustervalve that > checks, if a request is a POST request and if > yes, sends this request (which updates the repository in the back) to all > members of the cluster. > > so here would be my questions : > > 1. is there a standard way of doing something like (which a not-clusterable > data-backend) No. > 2. is the thing with the clustervalve in fact the correct starting point Probably not. > > any help or pointer to the right direction greatly appreciated > I'm not saying that it would not be possible to do this. And I have no idea what a "openrdf's sesame triple store" is. But what you describe sounds more like something that should be handled at the level of the application which processes the POST. It is the application which should arrange to update the nn back-end data stores at the same time. Of course that introduces some interesting issues of locking and synchronisation, in case two quasi-simultaneous requests handled by two separate tomcats try to update the same piece of data in each of the datastores. Now just by curiosity, what is the real-world point of this setup, considering that your 3 tomcats are running on the same host ? Why not have a single Tomcat with 3 times more resources, to handle all the requests ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- punkt. netServices __ Jürgen Jakobitsch Codeography Lerchenfelder Gürtel 43 Top 5/2 A - 1160 Wien Tel.: 01 / 897 41 22 - 29 Fax: 01 / 897 41 22 - 22 netServices http://www.punkt.at - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No access log for AJP traffic
Just in case : have you looked at the 2 earlier [SECURITY] messages on this list, and at the Change log for Tomcat 7.0.12 ? There are some notes there about asynchronous requests that may have a bearing on your issue (maybe indirectly). Chris Dumoulin wrote: In looking into this further, it appears that the difference isn't in HTTP vs AJP, the difference is in async vs synchronous. The AJP traffic was carrying requests that were being processed asynchronously in Tomcat. If I switch to using the HTTP connector for this same traffic I still don't see anything in the access log. Other requests that are being processed synchronously are showing up in the access logs. I'm starting to step through the Tomcat code now, but any thoughts on this would be appreciated. - Chris On April 6, 2011 03:31:18 pm Chris Dumoulin wrote: Thanks for your response Andre. I'm using AJP between Tomcat and Nginx using this Nginx module: https://github.com/yaoweibin/nginx_ajp_module There is definitely AJP traffic, it's just not showing up in the access log. - Chris On April 6, 2011 03:24:38 pm André Warnier wrote: Chris Dumoulin wrote: I'm using tomcat 7.0.11 with the following Connector and Host elements in server.xml: In the access log I'm seeing the HTTP traffic on port 8080 but not the AJP traffic on port 8009. I've googled around and I don't see any mention of specific Valve settings for AJP. Any ideas? And are you expecting traffic on the AJP Connector ? For traffic to show up there, some client would need to connect to your server on port 8009. Is there anything that connects to that port ? If not, then there is nothing to worry about, and you could even comment-out that , since it will never be used. Like : The AJP Connector is used in scenarios where there is another webserver used as a front-end to Tomcat, and this other webserver, to pass requests to Tomcat, uses the AJP protocol. For example, a configuration like this one : browser <--> Apache httpd server <-> Tomcat + mod_jk module OR + mod_proxy_ajp module or browser <--> IIS webserver <-> Tomcat + isapi_redirect module If you do not use such a configuration, or you do not understand what this is all about, then you don't need the AJP in Tomcat. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No access log for AJP traffic
Tomcat 6 http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/AccessLogValve.java?annotate=1030188 Look at the invoke() method, it logs the data Tomcat 7 http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java?view=annotate Look at the invoke() method, it does nothing :) It seems to have happened here http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java?r1=1059547&r2=1059548&; Filip On 4/6/2011 1:50 PM, Chris Dumoulin wrote: In looking into this further, it appears that the difference isn't in HTTP vs AJP, the difference is in async vs synchronous. The AJP traffic was carrying requests that were being processed asynchronously in Tomcat. If I switch to using the HTTP connector for this same traffic I still don't see anything in the access log. Other requests that are being processed synchronously are showing up in the access logs. I'm starting to step through the Tomcat code now, but any thoughts on this would be appreciated. - Chris On April 6, 2011 03:31:18 pm Chris Dumoulin wrote: Thanks for your response Andre. I'm using AJP between Tomcat and Nginx using this Nginx module: https://github.com/yaoweibin/nginx_ajp_module There is definitely AJP traffic, it's just not showing up in the access log. - Chris On April 6, 2011 03:24:38 pm André Warnier wrote: Chris Dumoulin wrote: I'm using tomcat 7.0.11 with the following Connector and Host elements in server.xml: In the access log I'm seeing the HTTP traffic on port 8080 but not the AJP traffic on port 8009. I've googled around and I don't see any mention of specific Valve settings for AJP. Any ideas? And are you expecting traffic on the AJP Connector ? For traffic to show up there, some client would need to connect to your server on port 8009. Is there anything that connects to that port ? If not, then there is nothing to worry about, and you could even comment-out that , since it will never be used. Like : The AJP Connector is used in scenarios where there is another webserver used as a front-end to Tomcat, and this other webserver, to pass requests to Tomcat, uses the AJP protocol. For example, a configuration like this one : browser<--> Apache httpd server<-> Tomcat + mod_jk module OR + mod_proxy_ajp module or browser<--> IIS webserver<-> Tomcat + isapi_redirect module If you do not use such a configuration, or you do not understand what this is all about, then you don't need the AJP in Tomcat. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TomcatCluster data replication
Jürgen Jakobitsch wrote: ... image you have a simple text file in the WEB-INF directory of a webapp named ClusterApp. this ClusterApp is deployed on three tomcats in a cluster. now comes a POST request, that updates the text file (adds one line to it). now of course i need to synchronize the text file on all tomcats in the cluster. Ok, let's imagine there are initially 3 identical simple text files, on each of the 3 tomcats. And there are 2 clients accessing the load balancer. In order to determine if they need to update the text file, the clients first request the text file to examine it. Their requests go to 2 different tomcats via the load-balancer. But it does not matter, since they both get the same response text file, since it is identical. Now client A decides to update the file by adding a line XXX to it. And client B decides to update the file by adding a line YYY to it. They both POST their request at about the same time to the front-end, and the front-end (or whatever replication mechanism) sends each request to all 3 back-end tomcats. When the 2 POST requests have been processed, what is the state of the 3 text files ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No access log for AJP traffic
2011/4/6 Chris Dumoulin : > In looking into this further, it appears that the difference isn't in HTTP vs > AJP, the difference is in async vs synchronous. > > The AJP traffic was carrying requests that were being processed > asynchronously in Tomcat. If I switch to using the HTTP connector for this > same traffic I still don't see anything in the access log. Other requests > that are being processed synchronously are showing up in the access logs. > > I'm starting to step through the Tomcat code now, but any thoughts on this > would be appreciated. In recent TC7 Access Log is being done by CoyoteAdapter, e.g. in CoyoteAdapter.service() - see logAccess() call there. If you see a bug there, please create an issue in bugzilla. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBC Pool Disconnections
Got it. Thanks any other suggestions will be great (i'll add these string in a few days) 2011/4/6 Filip Hanik - Dev Lists > On 4/6/2011 1:54 PM, הילה wrote: > >> I wanted to add the last string as well, but they said to forget about >> it.. >> >> :] and they should know best >> however, if disconnections will continue (there are some right now) I'll >> try >> it anyway >> >> as for the connection validation = you said that if the DB closes a >> connection (why does it happen? can I prevent it?) >> > most common is that the DB times out an idle connection. A pool holds a > connection open, the connection is not being used and the DB times it out. > there are many examples, same thing if there is a network glitch, or the db > is restarted. > > > > than the pool is checking >> if the connection is open and working. and if not? i the DB closed the >> connection and it's not usable.. then what does the pool do? >> > if the pool doesn't check, then it doesn't do anything. > if the pool check (testOnBorrow=true) and the test fails, it closes the old > connection and opens a new one. > > Filip > > >> 2011/4/6 Filip Hanik - Dev Lists >> >> validate == connection is open and working >>> >>> if they are worried about performance, there is a compromise that gets >>> you >>> best of both worlds >>> >>> >>> testOnBorrow="true" >>> validationQuery="select 1" >>> validationInterval="3" >>> >>> this ensures that in a high concurrency environment, the number of >>> validations are limited >>> >>> Filip >>> >>> >>> >>> >>> On 4/6/2011 1:36 PM, הילה wrote: >>> >>> I wanted to add it, bu the company that developed the application that runs on the tomcat, says that it affect performance and has issues. what do you mean "validates it"? what does it do, exactly? Thanks Hila 2011/4/6 Filip Hanik - Dev Lists On 4/5/2011 7:31 AM, הילה wrote: > name="jdbc/com/vstechnology/appname > >> scope="Shareable" >> type="javax.sql.Datasource" >> >> >> >> url="jdbc:jtds:sqlserver://SQLServerName:1433/DBname;useCursors=false;sendStringParametersAsUnicode=false" >> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" >> maxActive="200" >> minIdle="0" >> maxIdle="10" >> maxWait="1" >> initialSize="20" >> driverClassName="net.sourceforge.jtds.jdbc.Driver" >> >> Add in >> > testOnBorrow="true" > validationQuery="select 1" > > this ensures that if the DB closes a connection, the pool validates it > > best > Filip > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> >> - >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: No access log for AJP traffic
The logging now takes place in the CoyoteAdapter http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?r1=1086351&r2=1086352&; Filip On 4/6/2011 2:26 PM, Filip Hanik - Dev Lists wrote: Tomcat 6 http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/AccessLogValve.java?annotate=1030188 Look at the invoke() method, it logs the data Tomcat 7 http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java?view=annotate Look at the invoke() method, it does nothing :) It seems to have happened here http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java?r1=1059547&r2=1059548&; Filip On 4/6/2011 1:50 PM, Chris Dumoulin wrote: In looking into this further, it appears that the difference isn't in HTTP vs AJP, the difference is in async vs synchronous. The AJP traffic was carrying requests that were being processed asynchronously in Tomcat. If I switch to using the HTTP connector for this same traffic I still don't see anything in the access log. Other requests that are being processed synchronously are showing up in the access logs. I'm starting to step through the Tomcat code now, but any thoughts on this would be appreciated. - Chris On April 6, 2011 03:31:18 pm Chris Dumoulin wrote: Thanks for your response Andre. I'm using AJP between Tomcat and Nginx using this Nginx module: https://github.com/yaoweibin/nginx_ajp_module There is definitely AJP traffic, it's just not showing up in the access log. - Chris On April 6, 2011 03:24:38 pm André Warnier wrote: Chris Dumoulin wrote: I'm using tomcat 7.0.11 with the following Connector and Host elements in server.xml: prefix="localhost_access_log." resolveHosts="false" suffix=".txt"/> In the access log I'm seeing the HTTP traffic on port 8080 but not the AJP traffic on port 8009. I've googled around and I don't see any mention of specific Valve settings for AJP. Any ideas? And are you expecting traffic on the AJP Connector ? For traffic to show up there, some client would need to connect to your server on port 8009. Is there anything that connects to that port ? If not, then there is nothing to worry about, and you could even comment-out that , since it will never be used. Like : The AJP Connector is used in scenarios where there is another webserver used as a front-end to Tomcat, and this other webserver, to pass requests to Tomcat, uses the AJP protocol. For example, a configuration like this one : browser<--> Apache httpd server<-> Tomcat + mod_jk module OR + mod_proxy_ajp module or browser<--> IIS webserver<-> Tomcat + isapi_redirect module If you do not use such a configuration, or you do not understand what this is all about, then you don't need the AJP in Tomcat. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1209 / Virus Database: 1500/3555 - Release Date: 04/06/11 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No access log for AJP traffic
On 06/04/2011 20:50, Chris Dumoulin wrote: > In looking into this further, it appears that the difference isn't in HTTP vs > AJP, the difference is in async vs synchronous. When you say asynchronous, do you mean Servlet 3.0 or Comet? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TomcatCluster data replication
Am 06.04.2011 um 22:35 schrieb André Warnier: > Jürgen Jakobitsch wrote: > ... >> >> image you have a simple text file in the WEB-INF directory of a webapp named >> ClusterApp. this ClusterApp is deployed >> on three tomcats in a cluster. now comes a POST request, that updates the >> text file (adds one line to it). >> now of course i need to synchronize the text file on all tomcats in the >> cluster. >> > Ok, let's imagine there are initially 3 identical simple text files, on each > of the 3 tomcats. > And there are 2 clients accessing the load balancer. > In order to determine if they need to update the text file, the clients first > request the > text file to examine it. Their requests go to 2 different tomcats via the > load-balancer. > But it does not matter, since they both get the same response text file, > since it is > identical. > Now client A decides to update the file by adding a line XXX to it. > And client B decides to update the file by adding a line YYY to it. > They both POST their request at about the same time to the front-end, and the > front-end > (or whatever replication mechanism) sends each request to all 3 back-end > tomcats. > When the 2 POST requests have been processed, what is the state of the 3 text > files ? > I would say this is a classical case for either centralized datastore or distributed transaction manager. To solve the issue with the existing setup, I would possibly serialize the write request into a message queue that has one subscriber per cluster member. Only the subscriber thread is allowed to write into the file. A little bit tuning the queue setup will provide you with a fail safe system, were a crashing cluster member will recover and continue on his copies of the write requests. Overall the files should be reasonable equal. If you need realtime updates of all cluster members, the datastore you have chosen IMHO sucks :-) I suppose you would need to add a kind of distributed transaction then. This could be reached if you send a commit message to all cluster members when you have successfully written your data. For each dataset, you expect a commit message from all others before you serve it to clients again... sounds a little bit like reinventing the wheel. Regards, Thomas > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat and spring security secure channel setting
Hi, I am using grails spring security to secure the url. I specify in grails: grails.plugins.springsecurity.secureChannel.definition = [ '/': 'REQUIRES_INSECURE_CHANNEL', '/**': 'REQUIRES_SECURE_CHANNEL', ] to make the homepage use http and all other url use https. This works fine locally with port: 8080 and 8443. On tomcat, I configure server.xml in this way: To make the server could visited through 80 and 443. I add to iptables rules: iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443 The problem is that: 1. If I visit https://www.domain.com , it says there is a infinite redirect loop 2.If I visit http://www.domain.com:8080, it works perfectly. 3. If I visit http://www.domain.com, it only download the content and can not download css, js since the https://www.domain.com/css is not accessible as described in 1. Anyone could help me on this problem? Thank you so much. Best, Gavin
Re: No access log for AJP traffic
I meant servlet 3.0 async.
This is from CoyoteAdapter.java:
AsyncContextImpl asyncConImpl =
(AsyncContextImpl)request.getAsyncContext();
if (asyncConImpl != null) {
async = true;
} else if (!comet) {
response.finishResponse();
if (postParseSuccess) {
// Log only if processing was invoked.
// If postParseRequest() failed, it has already logged it.
((Context) request.getMappingData().context).logAccess(
request, response,
System.currentTimeMillis() - req.getStartTime(),
false);
}
req.action(ActionCode.POST_REQUEST , null);
}
In the async case logAccess() isn't called here. I've searched through the code
and don't see logAccess() being called anywhere else, except in error cases.
So, it looks like the async case is missing a call to logAccess() somewhere.
- Chris
On April 6, 2011 04:44:27 pm Mark Thomas wrote:
> On 06/04/2011 20:50, Chris Dumoulin wrote:
> > In looking into this further, it appears that the difference isn't in HTTP
> > vs AJP, the difference is in async vs synchronous.
>
> When you say asynchronous, do you mean Servlet 3.0 or Comet?
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBC Pool Disconnections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 הילה, On 4/6/2011 3:36 PM, הילה wrote: > I wanted to add it, bu the company that developed the application > that runs on the tomcat, says that it affect performance and has > issues. What is your RDBMS? If it happens to be MySQL, I know that they support a "ping" query that is very fast. It's much better and faster than spewing SQLExceptions into your log file. I would always recommend running with a validationQuery enabled, even if you have to set a validation interval to reduce the number of validations that actually occur. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c3tkACgkQ9CaO5/Lv0PBGyACgu1jH9svX+SbIU4ZrvUG63VRD FnUAoLMOBchXqMmyQRJUHD/G3Dc4ijDP =vpTh -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache Tomcat Process is getting killed automatically.
Hi, I am using Apache Tomcat 5.x and it is having two instances running on it, one is Flex application and the other one is Java application which is used by the Flex application to Export the results. My RAM is 4GB and Tomcat's xmx parameter is set to use from 512MB to 2GB. Now almost once in two days my Tomcat process is getting killed automatically and I have to restart the Tomcat server again and again to resume the application back. Any suggestions would be helpful. Thanks and Regards, - Prashant Rajput| praj...@infocepts.com Mob:+91 9561508836 (India) ; 415 548 3631(USA) -
RE: Apache Tomcat Process is getting killed automatically.
> From: Prashant Rajput [mailto:praj...@infocepts.com] > Subject: Apache Tomcat Process is getting killed automatically. > Now almost once in two days my Tomcat process is getting killed > automatically and I have to restart the Tomcat server again and > again to resume the application back. Start with the FAQ: http://wiki.apache.org/tomcat/FAQ/Memory You'll need to do some homework to determine what's using up the memory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
