CONFIGURING HOW MUCH MEMORY TOMCAT USES

[CHRISTOS STAVRINOU]

Hello,

I want to configure the following

Initial memory pool

Maximum memory pool

Thread stack size

on tomcat 7 under Centos Linux but I don't know how.

The reason I want to increase the values of these parameters is because I get 
out of memory error when upload files with jsp code.

Please help

Thank you

Re: CONFIGURING HOW MUCH MEMORY TOMCAT USES

[Pid]

On 08/10/2012 08:04, CHRISTOS STAVRINOU wrote:
> Hello,
> 
> I want to configure the following
> 
> Initial memory pool
> 
> Maximum memory pool
> 
> Thread stack size
> 
> on tomcat 7 under Centos Linux but I don't know how.
> 
> The reason I want to increase the values of these parameters is because I get 
> out of memory error when upload files with jsp code.
> 
> Please help
> 
> Thank you

HELLO.  PLEASE READ:

 http://www.catb.org/esr/faqs/smart-questions.html


p

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

How to check whether a SSL certificate has been correctly installed

[Tom Anthony]

Hi,

I just installed a third party certificate on Tomcat and was wondering
whether there was a way to check with confidence that the ceritiftcae has
been installed correctly on the server and that all communications between
client and server are encrypted.

Thanks for your help.



--
View this message in context: 
http://tomcat.10.n6.nabble.com/How-to-check-whether-a-SSL-certificate-has-been-correctly-installed-tp4987669.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ConnectionPoolMBean should not expose plain-text DB password

[Mark H. Wood]

On Fri, Oct 05, 2012 at 05:11:57PM -0400, Christopher Schultz wrote:
> On 10/5/12 1:51 PM, Te Li wrote:
> > I am not familiar with JIoEndpoint discussed in 
> > https://issues.apache.org/bugzilla/show_bug.cgi?id=53139.
> > 
> > The issue I'm facing is something different. Apparently, some
> > effort was made to hide the DB password, but the DB password is
> > still exposed via another getter (getDbProperties()). This seems to
> > be a bug to me.
> > 
> > DB passwords are highly sensitive information. JMX admins shouldn't
> > see those either. It's not a reasonable assumption that it's okay
> > for JMX admins to see exposed DB passwords (which should never be
> > exposed in plaintext or encrypted form). Those who work in a
> > company would probably concur with this point.
> 
> I think most of us work at companies, and I happen to disagree with you.
> 
> Tomcat passwords -- at least those in server.xml -- are in plain-text
> form. All requests to obfuscate them have been denied because it is
> simply not possible to properly secure them: the key always must be
> available to the administrator in order to read the obfuscated
> password and therefore any steps to "secure" the password are a charade.
> 
> There is a wealth of knowledge available via JMX, and it should only
> be exposed to administrators. Any JMX-enabled administrator will be
> able to deploy an arbitrary webapp to go and fetch the data you are
> trying to hide. You are wasting your time.

Well, I agree with both of you. :-)

The O.P. seems to want something like a military-style access control
system, in which it is possible to set up a structure where *no one*
has ultimate access; different roles have privileged access to
different aspects of the operation.  This is not an unreasonable
desire.  There are situations where it is advantageous (to the
organization) to operate in such a way that there are things a single
high-value captive cannot compromise.  Compare this to everyday
financial controls which require multiple signatures on a check or
several individuals with different keys to open a safe.  The highest
authorities can order things done, but cannot do them.  When wearing
my sysadmin hat, I work hard to make sure that I do not have to know
some of the secrets required to run our operation.

OTOH I agree that Tomcat is not set up to give you a heterarchial
access structure.  Very few products are.  I'm sure I never heard of
most of them and suppose that few of you all have either.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.


pgpJKCQyXtpu7.pgp
Description: PGP signature

Re: JDBCRealm conection timeout failure on getPassword

[Aladin Dajani]

Hello Mark,
Thanks for pointing out my missing localDataResource property.  It is
prominent enough in the wiki, I just failed to pay close attention.
With this property, the everything in META-INF/context.xml configuration
worked.
Other configurations still do not work except the one I described (Resource
in conf/server.xml AND conf/context.xml, Realm in the engine element of
conf/server.xml).

This covers the deployment scenarios that I may encounter.

If someone out there is interested in pursuing the reasons why other
scenarios did not work for me, I will be happy to provide more details and
info.  Otherwise, thanks to the input of all who responded to this thread,
I am happy with the configurations that do work for me.

BTW I checked the resource-ref element and from what I gather, it provides
a level of isolation between the resource name coded in the application and
the one actually defined in configuration files, so you can change the
latter without having to recompile your app.

Finally, for those interested, here are the contents of relevant config
files in my setup with comments removed and sensitive material replaced (I
am deploying my app as ROOT.war on Tomcat 7):

My application's web.xml

http://www.w3.org/2001/XMLSchema-instance"; xmlns="
http://java.sun.com/xml/ns/javaee"; xmlns:web="
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID"
version="3.0">
  MyApp
  
default.jsp
  
  

  member-access
   /priv/* 
  GET
  POST


   site-admin 
   admin 
   user 


  NONE

  
  
AccessFilter
com.mydns.filter.MyFilter
  
  
AccessFilter
/*
  
  
FORM

  /login.jsp
  /login.jsp
  

  
  
 System Administrator 
 site-admin 
  
  
 Manager 
 admin 
  
  
 User 
 user 
  
 
---
My app's META-INF/context.xml (if used):


  
  


--
$CATALINA_HOME/conf/context.xml


WEB-INF/web.xml


-

$CATALINA_HOME/conf/server.xml



  
  
  
  
  
  




  

  




  


  
  


  

  



Thanks to all,
Aladin

On Sun, Oct 7, 2012 at 9:57 PM, Mark Eggers  wrote:

> Comments inline.
>
> On 10/7/2012 3:31 PM, Aladin Dajani wrote:
>
>> Hello Pid,
>>
>> I cannot dismiss that there may be inaccuracies as you mentioned in your
>> response, perhaps you could help me figure them out.
>>
>> Here are the cases I tried (the first three were outlined in the wiki
>> http://wiki.apache.org/tomcat/**TomcatDataSourceRealms
>> )
>>
>> MY REALM ELEMENT:
>>  >  dataSourceName="jdbc/MyAppDB"
>>  userTable="users"
>>  userNameCol="username"
>>  userCredCol="password"
>>  userRoleTable="roles"
>>  roleNameCol="rolename"
>>  digest="digestname"
>>  />
>>
>> MY RESOURCE ELEMENT:
>> >   name="jdbc/MyAppDB"
>> type="javax.sql.DataSource"
>> auth="Container"
>> driverClassName="com.mysql.**jdbc.Driver"
>> maxActive="100"
>> maxWait="1"
>> maxIdle="30"
>> password="password"
>> logAbandoned="true"
>> username="username"
>> removeAbandoned="true"
>> removeAbandonedTimeout="60"
>> url="jdbc:mysql://localhost:**3306/databasename"
>> />
>>
>>
> It might be nice to have a validation query here, so you know you're
> getting a connection to the database.
>
>
>> Case 1:
>> Everything in META-INF/context.xml
>> META-INF/context.xml contains:
>>   
>>  
>>  
>>   
>>
>>
> Please note that you are missing a localDataSource="true" in your Realm
> element of context.xml. This is required when both the Realm and the
> Resource are defined in context.xml. The Wiki mentions this, but maybe it's
> not prominent enough.
>
>  $CATALINA_HOME/conf/server.xml contains:
>>
>>  > auth="Container"
>> description="User database that can be updated and saved"
>> factory="org.apache.catalina.**users.**MemoryUserDatabaseFactory"
>> name="UserDatabase"
>> pathname="conf/tomcat-users.**xml"
>> type="org.apache.catalina.**UserDatabase"/>
>>
>>
>>and
>>
>>
>>  > resourceName="UserDatabase"/>
>>
>>..
>>
>>
>> $CATALINA_HOME/conf.context.**xml conatins
>>   
>>  WEB-INF/web.**xml
>>   
>>
>> Result:  Login form is presented but login fails when valid credentials
>> are
>> used
>>
>>   $CATALINA_HOME/logs/localhos.**data.log contains:
>>   Oct 7, 2012 5:05:55 PM org.apache.catalina.realm.**DataSourceRealm open
>>   SEVERE: Exception performing authentication
>>   javax.naming.**NameNotFoundException: Name jdbc is not bound in this
>> Context
>>
>>I suspect some issue with context.xml since tomcat did not copy
>> it
>> to $CATA

gc log filename variables in windows

[MrVJTod]

In linux/solaris, I can specify
 -Xloggc:/my/logs/sourcecode-gc-${NOW}.log 
And get a logfile named as such
 /my/logs/sourcecode-gc-1008-0938.log 
with the last time of startup as past of the log filename

But if I try to do something similar in Windows
 -Xloggc:c:\my\logs\sourcecode-gc-${NOW}.log 
I get a logfile named
 c:\my\logs\sourcecode-gc-${NOW}.log 
with the variable text as past of the log filename

Does tomcat on Windows not support variables in the GC filename?
I've tried a dozen different combinations
  $DATE  //${%DATE%}  //  $[%DATE%]  //  $(%DATE%)
  ${DATE}  //  $[DATE]  //  $(DATE)  //  $DATE  //  %DATE  //  %NOW%
  `%DATE%`  //  '%DATE%'  //  `cmd /c now /t`  //  'cmd /c now /t'
  %Y  //  %
and several other iterations
but the logfilename contains the variable that I was hoping would be
replaced with a timestamp.

and I can't seem to find a solid reference for Windows GC log filenames.




--
View this message in context: 
http://tomcat.10.n6.nabble.com/gc-log-filename-variables-in-windows-tp4987672.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How to check whether a SSL certificate has been correctly installed

[Adamus, Steven J.]

Tom, 

Most if not all browsers let you view the certificate that was received
from the web server. You won't receive one unless you have an https
connection. If you can view it and verify it's the correct one, then
it's been installed correctly and the connection is encrypted. 

Steve

-Original Message-
From: users-return-237053-STEVEN.J.ADAMUS=saic@tomcat.apache.org
[mailto:users-return-237053-STEVEN.J.ADAMUS=saic@tomcat.apache.org]
On Behalf Of Tom Anthony
Sent: Monday, October 08, 2012 2:36 AM
To: users@tomcat.apache.org
Subject: How to check whether a SSL certificate has been correctly
installed

Hi,

I just installed a third party certificate on Tomcat and was wondering
whether there was a way to check with confidence that the ceritiftcae
has been installed correctly on the server and that all communications
between client and server are encrypted.

Thanks for your help.



--
View this message in context:
http://tomcat.10.n6.nabble.com/How-to-check-whether-a-SSL-certificate-ha
s-been-correctly-installed-tp4987669.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: gc log filename variables in windows

[André Warnier]

MrVJTod wrote:

In linux/solaris, I can specify
 -Xloggc:/my/logs/sourcecode-gc-${NOW}.log 
And get a logfile named as such
 /my/logs/sourcecode-gc-1008-0938.log 
with the last time of startup as past of the log filename


But if I try to do something similar in Windows
 -Xloggc:c:\my\logs\sourcecode-gc-${NOW}.log 
I get a logfile named
 c:\my\logs\sourcecode-gc-${NOW}.log 
with the variable text as past of the log filename


Does tomcat on Windows not support variables in the GC filename?
I've tried a dozen different combinations
  $DATE  //${%DATE%}  //  $[%DATE%]  //  $(%DATE%)
  ${DATE}  //  $[DATE]  //  $(DATE)  //  $DATE  //  %DATE  //  %NOW%
  `%DATE%`  //  '%DATE%'  //  `cmd /c now /t`  //  'cmd /c now /t'
  %Y  //  %
and several other iterations
but the logfilename contains the variable that I was hoping would be
replaced with a timestamp.

and I can't seem to find a solid reference for Windows GC log filenames.



Hi.

1) That's not really a Tomcat question, it's a Java JVM question.
So the question "Does tomcat on Windows not support variables in the GC filename?" is 
mis-directed. The "-Xloggc" is not a Tomcat parameter, it is a JVM parameter, interpreted 
by the JVM which runs Tomcat. Get the difference ?


2) Under Linux, where is the "NOW" variable set ? (probably in a Tomcat startup shell 
script, right ?)


3) How do you start (the JVM which runs) Tomcat under Windows ?
(If it is started as a Windows Service, it doesn't really have a Linux-like shell.  It - 
or rather the "service wrapper" (which runs the JVM which runs Tomcat) - takes its 
parameters from the Windows Registry, not the command-line.  No shell = no shell variables 
= no "NOW").


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to check whether a SSL certificate has been correctly installed

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom,

On 10/8/12 5:35 AM, Tom Anthony wrote:
> I just installed a third party certificate on Tomcat and was
> wondering whether there was a way to check with confidence that the
> ceritiftcae has been installed correctly on the server and that all
> communications between client and server are encrypted.

A couple of ways:

1. Connect via a web browser: use the https:// protocol. If the server
is speaking HTTP then you'll get an error message.

2. Use sslscan (http://www.titania.co.uk ; some Linux distros have it
in their package management systems). Just run sslscan [hostname]

3. https://www.ssllabs.com/ - use their "test my website" tool at the
bottom of their home page. It tells you about your certificates --
including making sure that you have a full cert chain and that the
certs are in the right order). It also tells you about other things
like if you are susceptible to BEAST and CRIME, and gives you a
"grade" based upon criteria I can't quite discern.

4. Use openssl's s_client:

   $ openssl s_client -connect hostname:port

It will give you some diagnostic information and actually let you
issue an HTTP request: it's pretty much 'telnet' except that it
tunnels it through SSL.

I'm sure there are other ways, too.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBzHoEACgkQ9CaO5/Lv0PADEACfcpk6Unx5E7loXtzLnB6UAtT7
Lm0AoKzuRAHpSGKuynGMaw/vGaqMEtq4
=JLtL
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: gc log filename variables in windows

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

To whom it may concern,

On 10/8/12 11:17 AM, MrVJTod wrote:
> In linux/solaris, I can specify 
> -Xloggc:/my/logs/sourcecode-gc-${NOW}.log And get a logfile named
> as such /my/logs/sourcecode-gc-1008-0938.log with the last time of
> startup as past of the log filename
> 
> But if I try to do something similar in Windows 
> -Xloggc:c:\my\logs\sourcecode-gc-${NOW}.log I get a logfile named 
> c:\my\logs\sourcecode-gc-${NOW}.log with the variable text as past
> of the log filename
> 
> Does tomcat on Windows not support variables in the GC filename? 
> I've tried a dozen different combinations $DATE  //${%DATE%}
> //  $[%DATE%]  //  $(%DATE%) ${DATE}  //  $[DATE]  //  $(DATE)  //
> $DATE  //  %DATE  //  %NOW% `%DATE%`  //  '%DATE%'  //  `cmd /c now
> /t`  //  'cmd /c now /t' %Y  //  % and several other
> iterations but the logfilename contains the variable that I was
> hoping would be replaced with a timestamp.
> 
> and I can't seem to find a solid reference for Windows GC log
> filenames.

This has nothing to do with GC filenames and everything to do with the
way cmd.exe does variable replacement.

First of all, cmd.exe does not recognize backtics (``) as meaningful
in any way, so that's not going to work. Second, sh-style $varname
doesn't work either.

cmd.exe (and every version of MS-DOS CLI before it) has always used
%varname% for variable replacement.

Lastly, the variable has to have a value. If you haven't set a value
for the DATE variable, then it will give you nothing. (Okay, I'm
floored: 'echo %DATE%' in cmd.exe actually gives you the current date
 - "Mon 10/08/2012" for me. That seems to be ringing a bell from back
in my MS-DOS days, but the value you get isn't very friendly: it's got
a space and it's localized for the current user: stupid American date
formatting.)

I'm not sure what the best way to get the current date in an
environment variable is. win32's "date" command totally sucks: you
can't tell it how to format the date. You also can't use
command-substitution (back ticks) to get the output from a program -
you could write one to get the proper date format - into an
environment variable. Child processes can't modify the environment of
the parent.

I think this is why people end up writing hideout scripts for win32
that do things like create another script on-the-fly and do
string-replacement directly on the script, then run it.

If you have your date in a variable, like 'NOW', then you ought to be
able to use "c:\my\logs\sourcecode-gc-%NOW%.log". Of course, that will
only work if you are launching Tomcat from the command-line and not if
you are running as a service.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBzHxMACgkQ9CaO5/Lv0PCJugCguC9GXRauvUyjjVOtuXO2mmuK
iDUAnj/YxvmDZWEvYZnwBGFgOAHjd5EN
=/dAU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: gc log filename variables in windows

[MrVJTod]

I understand. NOW, in my linux environment is set via a shell script in the
tomcat settings file as part of startup.

NOW=`date +"%m%d-%H%M"`

I wasn't thinking of the startup script like that.

I'll be moving on. Thanks.



--
View this message in context: 
http://tomcat.10.n6.nabble.com/gc-log-filename-variables-in-windows-tp4987672p4987677.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: gc log filename variables in windows

[MrVJTod]

windows command line isn't good at short code, but I've used this to rename
window log files on occasion

the first section parses the MMDD out of %DATE%
and the second section removes the colon/period/spaces out of %TIME% and
then trims the resulting string to just the first 4 characters HHMM.

if run from {something.bat)
REM ## BEGIN SCRIPT FILE
FOR %%A IN (%Date%) DO (
FOR /F "tokens=1-3 delims=/-" %%B in ("%%~A") DO (
SET Today=%%D%%B%%C
)
)
SET RightNow=%Time::=%
SET RightNow=%RightNow:.=%
SET RightNow=%RightNow: =%
SET RightNow=%RightNow:~0,4%
SET fileStamp=%TODAY%.%RIGHTNOW%
REM ## END SCRIPT FILE

which would result something like this 
20121008.1506

which could be used in a batch to rename files with a timestamp
rename file.txt file.%timestamp%.txt




--
View this message in context: 
http://tomcat.10.n6.nabble.com/gc-log-filename-variables-in-windows-tp4987672p4987678.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: gc log filename variables in windows

[MrVJTod]

and I'm not going to convert my few remaining windows JVMs to use batch files
instead of running as a service. 

this is just extra motivation to get these last windows JVMs converted to
*nix.



--
View this message in context: 
http://tomcat.10.n6.nabble.com/gc-log-filename-variables-in-windows-tp4987672p4987679.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [speculative] gc log filename variables in windows

[André Warnier]

MrVJTod wrote:

and I'm not going to convert my few remaining windows JVMs to use batch files
instead of running as a service. 


this is just extra motivation to get these last windows JVMs converted to
*nix.



I basically agree, and this is thus just a bit of intellectual musing :

In the Registry of my Windows XP laptop, under 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tomcat6, I see an "ImagePath" with a 
value "C:\apache-tomcat-6.0.24\bin\tomcat6.exe //RS//Tomcat6".


(tomcat6.exe being this "service wrapper" I was mentioning before : it provides the 
necessary wrapping to act as a Windows Service, and actually runs the JVM that runs Tomcat).


It may be possible to change this ImagePath to run a Windows .CMD file which would set the 
appropriate "NOW" variable and then run the above wrapper .exe.


And then, using tomcat6w.exe (the GUI registry editor which allows to set the environment 
which the wrapper passes to the JVM it runs), set a Java option including a reference to 
%NOW%.


If pigs can fly (and it seems that in some countries many people think they can - see 
http://planetsave.com/2011/03/28/can-pigs-fly/), it may even work.


Or, rather than playing around modifying things in the Registry, how about :
- create a user to run the Tomcat Service, and modify the Tomcat Service to run as that 
user (rather than as "LocalSystem")

- give that user a "logon script"
- set the NOW variable in the logon script of that user
Windows may call that script whenever it starts the Tomcat Service.

Again, just idle speculation but hey, this is a Tomcat list, not a Windows one.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org