date:20140801


Deme Carv wrote:

I am getting the error from subject when running the below code in
Websphere in my RAD. It is very interesting that this code doesn't cause
any error in Server. The server runs up Tomcat 6 but I must set the same
code to run in Websphere. 


Well, if it is working in Tomcat but not in Websphere, then are you not asking your 
question on the wrong help forum ?



I have searched for hours in web but I didn't

find nothing that I could at least give a try. I attached a pdf with the
libs that I found in each place. I guess that it might exist some conflict
but I have no idea why it is working in Tomcat but it is not working in
Websphere.

Error message in browser:

Error 500:
org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV

Error message in RAD console:
java.lang.NoSuchMethodError:
org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV

at org.apache.xalan.serialize.SerializerToXML.seriali
ze(SerializerToXML.java:2578)

org.apache.xalan.serialize.SerializerToXML serializertoxml = new
org.apache.xalan.serialize.SerializerToXML();

My code snippet:
java.io.FileWriter filewriter = new java.io.FileWriter(file);

serializertoxml.setWriter(filewriter);

serializertoxml.serialize(node); // the error happens here

serializertoxml.flushWriter();

filewriter.write(\n);

filewriter.close();






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: NoSuchMethodError: org/apache/xml/utils/TreeWalker


André Warnier wrote:

Deme Carv wrote:

I am getting the error from subject when running the below code in
Websphere in my RAD. It is very interesting that this code doesn't cause
any error in Server. The server runs up Tomcat 6 but I must set the same
code to run in Websphere. 


Well, if it is working in Tomcat but not in Websphere, then are you not 
asking your question on the wrong help forum ?



I have searched for hours in web but I didn't

find nothing that I could at least give a try.


Addendum :

You could try asking here :
http://www.websphereusergroup.org/go/forum/view/108057/185109/websphere_application_server
(found after a single Google search for websphere help forum)


 I attached a pdf with the
libs that I found in each place. I guess that it might exist some 
conflict

but I have no idea why it is working in Tomcat but it is not working in
Websphere.

Error message in browser:

Error 500:
org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV 



Error message in RAD console:
java.lang.NoSuchMethodError:
org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV 



at org.apache.xalan.serialize.SerializerToXML.seriali
ze(SerializerToXML.java:2578)

org.apache.xalan.serialize.SerializerToXML serializertoxml = new
org.apache.xalan.serialize.SerializerToXML();

My code snippet:
java.io.FileWriter filewriter = new java.io.FileWriter(file);

serializertoxml.setWriter(filewriter);

serializertoxml.serialize(node); // the error happens here

serializertoxml.flushWriter();

filewriter.write(\n);

filewriter.close();






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: NoSuchMethodError: org/apache/xml/utils/TreeWalker

On Thu, Jul 31, 2014 at 8:13 PM, Deme Carv demec...@gmail.com wrote:

 I am getting the error from subject when running the below code in
 Websphere in my RAD. It is very interesting that this code doesn't cause
 any error in Server. The server runs up Tomcat 6 but I must set the same
 code to run in Websphere. I have searched for hours in web but I didn't
 find nothing that I could at least give a try. I attached a pdf with the
 libs that I found in each place. I guess that it might exist some conflict
 but I have no idea why it is working in Tomcat but it is not working in
 Websphere.

 Error message in browser:

 Error 500:
 org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV

 Error message in RAD console:
 java.lang.NoSuchMethodError:
 org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV


NoSuchMethodErrors often occur when you have the wrong version of a library
on your class path.  This happens because your code is looking for one
version, that has method X while the library you've included has a
different version without method X.

I don't know a lot about WebSphere, but I do recall that it ships with an
older set of libraries and that it prefers those libraries (it calls this
parent first) over ones in the application (it calls this parent last).
 I've seen cases where switching to parent last mode has resolved similar
issues.

If that doesn't help, I second André's suggestion to look for help in a
more appropriate forum.

Dan



 at org.apache.xalan.serialize.SerializerToXML.seriali
 ze(SerializerToXML.java:2578)

 org.apache.xalan.serialize.SerializerToXML serializertoxml = new
 org.apache.xalan.serialize.SerializerToXML();

 My code snippet:
 java.io.FileWriter filewriter = new java.io.FileWriter(file);

 serializertoxml.setWriter(filewriter);

 serializertoxml.serialize(node); // the error happens here

 serializertoxml.flushWriter();

 filewriter.write(\n);

 filewriter.close();


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Application Already Running Message at Login

2014-08-01 Thread Fletcher, Christine

I recently uninstalled Tomcat 6 and installed Tomcat 7.0.42 on a Windows Server 
2008 R2.  Tomcat is installed as a service on this machine, set to 
automatically start at system boot.  There is also an icon in the tray of the 
service account that owns the software to start and stop Tomcat.

Whenever I login to the server as the service account, I receive the message 
An instance of the 'Tomcat7'  application is already running.  Where can I 
check and turn off where it is trying to start Tomcat on login, as it is 
already running as a service?

Christine Fletcher

COMET End event subtype= null

2014-08-01 Thread Elias Kopsiaftis

I am developing a COMET application that is primarily based on the example
given on the documentation of the chat server. My problem is that when two
users connect, the connection held open by the comet servlet is closed. I
know this because I am getting END events in my log.
The confusing part is, it will randomly fail, and when it does, subtype is
null. When I  say randomly fail, I mean get the END event when you are not
supposed to. Does subtype being null point to anything? This is so
frustrating because it fails randomly. I am on Tomcat7 on linux. I can
provide more info if its needed

SSL redirect problems

TC 7.0.54 / RHEL 6

I have two physical servers, each running an instance of TC. The servers
are behind a hardware loadbalancer. IPTables is routing request on 80 to
8080. Tomcat runs under a non-root user. All good.

I needed to protect an area of our webapp under SSL. Went ahead and
installed the cert on each server. I can go directly to each server by IP
under SSL and get the cert (with the expected IP doesn't match FQDN
warning).

But when I go through the loadbalancer I can't access anything under port
8443. I redirected 443 to 8443 on each TC server using IPTables, but still
no luck.

Is there anything I'm missing? I understand I can install the cert on the
loadbalancer instead, or use httpd as a proxy, but I'd rather just leave it
the way it is if there's any other option.

TIA,
John

Re: COMET End event subtype= null

2014-08-01 Thread Elias Kopsiaftis

ok looks like i have the configuration of
org.apache.catalina.valves.CometConnectionManagerValve
wrong. sorry about that. Still have the random disconnect error though


On Fri, Aug 1, 2014 at 10:46 AM, Elias Kopsiaftis yemi...@gmail.com wrote:

 I am developing a COMET application that is primarily based on the example
 given on the documentation of the chat server. My problem is that when two
 users connect, the connection held open by the comet servlet is closed. I
 know this because I am getting END events in my log.
 The confusing part is, it will randomly fail, and when it does, subtype is
 null. When I  say randomly fail, I mean get the END event when you are not
 supposed to. Does subtype being null point to anything? This is so
 frustrating because it fails randomly. I am on Tomcat7 on linux. I can
 provide more info if its needed

Re: SSL redirect problems

On Fri, Aug 1, 2014 at 11:13 AM, John Smith tomcat.ran...@gmail.com wrote:

 TC 7.0.54 / RHEL 6

 I have two physical servers, each running an instance of TC. The servers
 are behind a hardware loadbalancer. IPTables is routing request on 80 to
 8080.


This seems unnecessary.  If you have a hardware load balancer in front of
Tomcat, it is the only thing that would ever talk to Tomcat.  Thus if you
just configure it to go to port 8080 you don't need the iptables rule.  I
can't imagine it's hurting anything, but just thought I'd mention it.


 Tomcat runs under a non-root user. All good.

 I needed to protect an area of our webapp under SSL. Went ahead and
 installed the cert on each server. I can go directly to each server by IP
 under SSL and get the cert (with the expected IP doesn't match FQDN
 warning).


You probably want the SSL certificate installed on your hardware load
balancer.  End client's browsers are going to connect to the hardware load
balancer, not Tomcat.  Thus you'd want the certificate there so your end
users can benefit from it.

Ex:  browser - HTTPS - load balancer - HTTP or HTTPS - Tomcat

If you put an SSL certificate on your Tomcat servers, that would allow you
to secure the connection between your load balancer and Tomcat.  Depending
on your network and security requirements this may or may not be necessary.
 I'd say most people don't do this because terminating SSL on the load
balancer is sufficient.  It just depends on your requirements though.


 But when I go through the loadbalancer I can't access anything under port
 8443. I redirected 443 to 8443 on each TC server using IPTables, but still
 no luck.

 Is there anything I'm missing?


The load balancer is almost certainly listening on port 80 and 443.  To
test, you'd want to connect to the load balancer on one of those ports.
 The load balancer would then connect to one of your backend nodes and
proxy the request on your behalf.  Your browser will not connect directly
to the backend nodes (see my point above about not needing the iptables
rule), unless you specifically point it to the ip address of one of the
backend nodes.


 I understand I can install the cert on the
 loadbalancer instead, or use httpd as a proxy, but I'd rather just leave it
 the way it is if there's any other option.


I think you'd want it on the load balancer.  Possibly with additional certs
on your backend nodes, if you want HTTPS communication between the load
balancer and the Tomcat nodes.

Dan

Re: NoSuchMethodError: org/apache/xml/utils/TreeWalker

2014-08-01 Thread Deme Carv

Fistlly, thank you both of all for answering. I am very glad for very rapid
comments. I attached a file in my original question which tells the jar I
have in both situation. I guess it might not be delivered to the forum. I
know that there is RAD involved but there are as well apache libraries
included and I am sure there are a lot of people in this forum with huge
experience in such libraries. I don't think my root cause is related to the
Websphere server. I guess that there are some conflict between jars. Even
though you might think different, could you at least tell me if you see
some conflict in this libraries? The problem arises when
apache.xalan.serialize.SerializerToXML run with libraries below.

C:\IBM\SDP\runtimes\base_v61\lib
C:\Rad\workspace\my_app\WebContent\WEB-INF\lib.eclipseproductactivation.jar
activation-impl.jarclasses12.jaraspectjrt.jarcommons-collections.jarbase.jar
commons-fileupload.jarbootstrap.jarcommons-io-1.4.jarbsf-engines.jar
commons-logging.jarcommandlineutils.jaribmjzos.jarEJBCommandTarget.jar
javax.jarffdcSupport.jarjstl.jarhtmlshell.jarjta.jarinstallver.jarjzos.jar
installxml.jarlog4j-1.2.14.jariscdeploy.jarmail.jarivblogbr.jar
quartz-1.6.0.jarIVTClient.jarquartz-all-1.6.0.jarj2ee.jarspring.jarjacl.jar
standard.jarlaunchclient.jarxalan-2.4.1.jarlmproxy.jarxerces-1.4.4.jar
mail-impl.jarmarshall.jarnif.jarpc-appext.jarphysicalrep.jarpmirm4arm.jar
rrd-appext.jarrsadbutils.jarrsahelpers.jarserviceadapter.jar
sib.api.jmsra.rarsib.ra.rarsljc.jarspy-sl.jarspy.jarsqlserver.jarstartup.jar
tcljava.jarurlprotocols.jarutil.jarwsatlib.jarwsif-compatb.jar

2014-08-01 9:05 GMT-03:00 Daniel Mikusa dmik...@pivotal.io:

On Thu, Jul 31, 2014 at 8:13 PM, Deme Carv demec...@gmail.com wrote:

I am getting the error from subject when running the below code in
Websphere in my RAD. It is very interesting that this code doesn't cause
any error in Server. The server runs up Tomcat 6 but I must set the same
code to run in Websphere. I have searched for hours in web but I didn't
find nothing that I could at least give a try. I attached a pdf with the
libs that I found in each place. I guess that it might exist some
conflict
but I have no idea why it is working in Tomcat but it is not working in
Websphere.

Error message in browser:

Error 500:

org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV

Error message in RAD console:
java.lang.NoSuchMethodError:

org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV

NoSuchMethodErrors often occur when you have the wrong version of a library
on your class path. This happens because your code is looking for one
version, that has method X while the library you've included has a
different version without method X.

I don't know a lot about WebSphere, but I do recall that it ships with an
older set of libraries and that it prefers those libraries (it calls this
parent first) over ones in the application (it calls this parent last).
I've seen cases where switching to parent last mode has resolved similar
issues.

If that doesn't help, I second André's suggestion to look for help in a
more appropriate forum.

Dan

at org.apache.xalan.serialize.SerializerToXML.seriali
ze(SerializerToXML.java:2578)

org.apache.xalan.serialize.SerializerToXML serializertoxml = new
org.apache.xalan.serialize.SerializerToXML();

My code snippet:
java.io.FileWriter filewriter = new java.io.FileWriter(file);

serializertoxml.setWriter(filewriter);

serializertoxml.serialize(node); // the error happens here

serializertoxml.flushWriter();

filewriter.write(\n);

filewriter.close();

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL redirect problems

Daniel Mikusa wrote:

On Fri, Aug 1, 2014 at 11:13 AM, John Smith tomcat.ran...@gmail.com wrote:

TC 7.0.54 / RHEL 6

I have two physical servers, each running an instance of TC. The servers
are behind a hardware loadbalancer. IPTables is routing request on 80 to
8080.

This seems unnecessary. If you have a hardware load balancer in front of
Tomcat, it is the only thing that would ever talk to Tomcat. Thus if you
just configure it to go to port 8080 you don't need the iptables rule. I
can't imagine it's hurting anything, but just thought I'd mention it.

Tomcat runs under a non-root user. All good.

I needed to protect an area of our webapp under SSL. Went ahead and
installed the cert on each server. I can go directly to each server by IP
under SSL and get the cert (with the expected IP doesn't match FQDN
warning).

You probably want the SSL certificate installed on your hardware load
balancer. End client's browsers are going to connect to the hardware load
balancer, not Tomcat. Thus you'd want the certificate there so your end
users can benefit from it.

Ex: browser - HTTPS - load balancer - HTTP or HTTPS - Tomcat

If you put an SSL certificate on your Tomcat servers, that would allow you
to secure the connection between your load balancer and Tomcat. Depending
on your network and security requirements this may or may not be necessary.
I'd say most people don't do this because terminating SSL on the load
balancer is sufficient. It just depends on your requirements though.

But when I go through the loadbalancer I can't access anything under port
8443. I redirected 443 to 8443 on each TC server using IPTables, but still
no luck.

Is there anything I'm missing?

The load balancer is almost certainly listening on port 80 and 443. To
test, you'd want to connect to the load balancer on one of those ports.
The load balancer would then connect to one of your backend nodes and
proxy the request on your behalf. Your browser will not connect directly
to the backend nodes (see my point above about not needing the iptables
rule), unless you specifically point it to the ip address of one of the
backend nodes.

I understand I can install the cert on the
loadbalancer instead, or use httpd as a proxy, but I'd rather just leave it
the way it is if there's any other option.

I think you'd want it on the load balancer. Possibly with additional certs
on your backend nodes, if you want HTTPS communication between the load
balancer and the Tomcat nodes.

Not contradicting anything Daniel is saying, but maybe something to add, and maybe that's
the missing part of the original puzzle :

If Tomcat is expecting HTTPS requests on port 8443, then any re-direct or response that it
is sending back is going to include that port number after the hostname.

(even inside the pages, if you use absolute URL links there).
So the browser who ultimately receives this, is going to try to talk to port
8443.
But that will not work, if your front-end is expecting further requests on port 443, and
blocks 8443.
Unless in all your Tomcat responses, you arrange to replace any reference to port 8443, by
443, before they reach the browser again.

Maybe using a browser plugin like HttpFox, LiveHttpHeaders or Fiddler2 would allow you to
see more clearly what is going on there.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL redirect problems


  TC 7.0.54 / RHEL 6
 
  I have two physical servers, each running an instance of TC. The servers
  are behind a hardware loadbalancer. IPTables is routing request on 80 to
  8080.


 This seems unnecessary.  If you have a hardware load balancer in front of
 Tomcat, it is the only thing that would ever talk to Tomcat.  Thus if you
 just configure it to go to port 8080 you don't need the iptables rule.  I
 can't imagine it's hurting anything, but just thought I'd mention it.


Not at all, it would seem like a better choice than an OS level redirect
like iptables.



  Tomcat runs under a non-root user. All good.
 
  I needed to protect an area of our webapp under SSL. Went ahead and
  installed the cert on each server. I can go directly to each server by IP
  under SSL and get the cert (with the expected IP doesn't match FQDN
  warning).
 

 You probably want the SSL certificate installed on your hardware load
 balancer.  End client's browsers are going to connect to the hardware load
 balancer, not Tomcat.  Thus you'd want the certificate there so your end
 users can benefit from it.

 Ex:  browser - HTTPS - load balancer - HTTP or HTTPS - Tomcat

 If you put an SSL certificate on your Tomcat servers, that would allow you
 to secure the connection between your load balancer and Tomcat.  Depending
 on your network and security requirements this may or may not be necessary.
  I'd say most people don't do this because terminating SSL on the load
 balancer is sufficient.  It just depends on your requirements though.


Ok, that makes sense. I think just on the loadbalancer will work. In our
configuration, unencrypted traffic between the LB and the servers is
subject to minimal risk, and our security requirements aren't critical.



  But when I go through the loadbalancer I can't access anything under port
  8443. I redirected 443 to 8443 on each TC server using IPTables, but
 still
  no luck.
 
  Is there anything I'm missing?


 The load balancer is almost certainly listening on port 80 and 443.  To
 test, you'd want to connect to the load balancer on one of those ports.
  The load balancer would then connect to one of your backend nodes and
 proxy the request on your behalf.  Your browser will not connect directly
 to the backend nodes (see my point above about not needing the iptables
 rule), unless you specifically point it to the ip address of one of the
 backend nodes.



Sorry, I'm a bit unclear on this. What method of connecting would let me
test?


 I think you'd want it on the load balancer.  Possibly with additional certs
 on your backend nodes, if you want HTTPS communication between the load
 balancer and the Tomcat nodes.

 Dan


Thanks so much for the detailed and quick reply.
John

Re: NoSuchMethodError: org/apache/xml/utils/TreeWalker

By the way, pardon my ignorance, but what's a RAD ?
I did look it up in Google, but it comes up with either Rite Aid Corporation or a unit
of nuclear radiation..

Deme Carv wrote:

2014-08-01 9:05 GMT-03:00 Daniel Mikusa dmik...@pivotal.io:

On Thu, Jul 31, 2014 at 8:13 PM, Deme Carv demec...@gmail.com wrote:

conflict

but I have no idea why it is working in Tomcat but it is not working in
Websphere.

Error message in browser:

Error 500:

org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV

Error message in RAD console:
java.lang.NoSuchMethodError:

org/apache/xml/utils/TreeWalker.init(Lorg/xml/sax/ContentHandler;Lorg/apache/xpath/DOMHelperV
NoSuchMethodErrors often occur when you have the wrong version of a library
on your class path. This happens because your code is looking for one
version, that has method X while the library you've included has a
different version without method X.

If that doesn't help, I second André's suggestion to look for help in a
more appropriate forum.

Dan

at org.apache.xalan.serialize.SerializerToXML.seriali
ze(SerializerToXML.java:2578)

org.apache.xalan.serialize.SerializerToXML serializertoxml = new
org.apache.xalan.serialize.SerializerToXML();

My code snippet:
java.io.FileWriter filewriter = new java.io.FileWriter(file);

serializertoxml.setWriter(filewriter);

serializertoxml.serialize(node); // the error happens here

serializertoxml.flushWriter();

filewriter.write(\n);

filewriter.close();

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL redirect problems

2014-08-01 Thread Mark Thomas

On 01/08/2014 16:30, Daniel Mikusa wrote:
 You probably want the SSL certificate installed on your hardware load
 balancer.  End client's browsers are going to connect to the hardware load
 balancer, not Tomcat.  Thus you'd want the certificate there so your end
 users can benefit from it.

That depends on whether the load-balancer is operating at layer 4 or
layer 7.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: NoSuchMethodError: org/apache/xml/utils/TreeWalker

2014-08-01 Thread Deme Carv

Sorry, it is my fault. Rational Application Development. Basicaly it is an
IBM version of Eclipse. Let's say, like there is a Spring version of
eclipse wich comes with Fabric server easily settled, IBM provides RAD wich
has easily setting of Websphere. I guess that I am facing the error because
some jar wich comes with RAD or Websphere is conflicting when I am using
Xarlan but I am not that experienced in Xarlan so I don't know which I
could try remove or update from the previous list.


2014-08-01 12:51 GMT-03:00 André Warnier a...@ice-sa.com:

 By the way, pardon my ignorance, but what's a RAD ?
 I did look it up in Google, but it comes up with either Rite Aid
 Corporation or a unit of nuclear radiation..


 Deme Carv wrote:

 Fistlly, thank you both of all for answering. I am very glad for very
 rapid
 comments. I attached a file in my original question which tells the jar I
 have in both situation. I guess it might not be delivered to the forum. I
 know that there is RAD involved but there are as well apache libraries
 included and I am sure there are a lot of people in this forum with huge
 experience in such libraries. I don't think my root cause is related to
 the
 Websphere server. I guess that there are some conflict between jars. Even
 though you might think different, could you at least tell me if you see
 some conflict in this libraries? The problem arises when
 apache.xalan.serialize.SerializerToXML run with libraries below.

 C:\IBM\SDP\runtimes\base_v61\lib
 C:\Rad\workspace\my_app\WebContent\WEB-INF\lib.
 eclipseproductactivation.jar
 activation-impl.jarclasses12.jaraspectjrt.jarcommons-
 collections.jarbase.jar
 commons-fileupload.jarbootstrap.jarcommons-io-1.4.jarbsf-engines.jar
 commons-logging.jarcommandlineutils.jaribmjzos.jarEJBCommandTarget.jar
 javax.jarffdcSupport.jarjstl.jarhtmlshell.jarjta.
 jarinstallver.jarjzos.jar
 installxml.jarlog4j-1.2.14.jariscdeploy.jarmail.jarivblogbr.jar
 quartz-1.6.0.jarIVTClient.jarquartz-all-1.6.0.jarj2ee.
 jarspring.jarjacl.jar
 standard.jarlaunchclient.jarxalan-2.4.1.jarlmproxy.jarxerces-1.4.4.jar
 mail-impl.jarmarshall.jarnif.jarpc-appext.jarphysicalrep.jarpmirm4arm.jar
 rrd-appext.jarrsadbutils.jarrsahelpers.jarserviceadapter.jar
 sib.api.jmsra.rarsib.ra.rarsljc.jarspy-sl.jarspy.
 jarsqlserver.jarstartup.jar
 tcljava.jarurlprotocols.jarutil.jarwsatlib.jarwsif-compatb.jar


 2014-08-01 9:05 GMT-03:00 Daniel Mikusa dmik...@pivotal.io:

  On Thu, Jul 31, 2014 at 8:13 PM, Deme Carv demec...@gmail.com wrote:

  I am getting the error from subject when running the below code in
 Websphere in my RAD. It is very interesting that this code doesn't cause
 any error in Server. The server runs up Tomcat 6 but I must set the same
 code to run in Websphere. I have searched for hours in web but I didn't
 find nothing that I could at least give a try. I attached a pdf with the
 libs that I found in each place. I guess that it might exist some

 conflict

 but I have no idea why it is working in Tomcat but it is not working in
 Websphere.

 Error message in browser:

 Error 500:

  org/apache/xml/utils/TreeWalker.init(Lorg/xml/
 sax/ContentHandler;Lorg/apache/xpath/DOMHelperV

 Error message in RAD console:
 java.lang.NoSuchMethodError:

  org/apache/xml/utils/TreeWalker.init(Lorg/xml/
 sax/ContentHandler;Lorg/apache/xpath/DOMHelperV
 NoSuchMethodErrors often occur when you have the wrong version of a
 library
 on your class path.  This happens because your code is looking for one
 version, that has method X while the library you've included has a
 different version without method X.

 I don't know a lot about WebSphere, but I do recall that it ships with an
 older set of libraries and that it prefers those libraries (it calls this
 parent first) over ones in the application (it calls this parent last).
  I've seen cases where switching to parent last mode has resolved
 similar
 issues.

 If that doesn't help, I second André's suggestion to look for help in a
 more appropriate forum.

 Dan


  at org.apache.xalan.serialize.SerializerToXML.seriali
 ze(SerializerToXML.java:2578)

 org.apache.xalan.serialize.SerializerToXML serializertoxml = new
 org.apache.xalan.serialize.SerializerToXML();

 My code snippet:
 java.io.FileWriter filewriter = new java.io.FileWriter(file);

 serializertoxml.setWriter(filewriter);

 serializertoxml.serialize(node); // the error happens here

 serializertoxml.flushWriter();

 filewriter.write(\n);

 filewriter.close();


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL redirect problems

 Not contradicting anything Daniel is saying, but maybe something to add,
 and maybe that's the missing part of the original puzzle :

 If Tomcat is expecting HTTPS requests on port 8443, then any re-direct or
 response that it is sending back is going to include that port number after
 the hostname.
 (even inside the pages, if you use absolute URL links there).
 So the browser who ultimately receives this, is going to try to talk to
 port 8443.
 But that will not work, if your front-end is expecting further requests on
 port 443, and blocks 8443.
 Unless in all your Tomcat responses, you arrange to replace any reference
 to port 8443, by 443, before they reach the browser again.

 Maybe using a browser plugin like HttpFox, LiveHttpHeaders or Fiddler2
 would allow you to see more clearly what is going on there.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


Well, that's the part that seems confusing. Left as default, I would have
thought connecting through the LB on 8443 would have worked. Actually I'm
still not clear on which part of the chain is having a problem. Originally,
I had no iptable redirect - I just added it in the great tradition of
programming - try everything and anything until it works. I don't care if
the user has to have 8443 in the URL. Just to be clear, you are suggesting
that then problem would be the iptables redirect?

Re: SSL redirect problems

On Fri, Aug 1, 2014 at 11:54 AM, Mark Thomas ma...@apache.org wrote:

 On 01/08/2014 16:30, Daniel Mikusa wrote:
  You probably want the SSL certificate installed on your hardware load
  balancer.  End client's browsers are going to connect to the hardware
 load
  balancer, not Tomcat.  Thus you'd want the certificate there so your end
  users can benefit from it.

 That depends on whether the load-balancer is operating at layer 4 or
 layer 7.

 Mark


Mark, I have to check which layer it's operating at, but does that mean
that, depending on the layer, the cert should *not* be on the LB?

Re: COMET End event subtype= null

2014-08-01 Thread Elias Kopsiaftis

ok now it is properly configured(I was missing the slash at the end of the
tag), but Im still getting null for event subtypes. Any thoughts?


On Fri, Aug 1, 2014 at 11:18 AM, Elias Kopsiaftis yemi...@gmail.com wrote:

 ok looks like i have the configuration of 
 org.apache.catalina.valves.CometConnectionManagerValve
 wrong. sorry about that. Still have the random disconnect error though


 On Fri, Aug 1, 2014 at 10:46 AM, Elias Kopsiaftis yemi...@gmail.com
 wrote:

 I am developing a COMET application that is primarily based on the
 example given on the documentation of the chat server. My problem is that
 when two users connect, the connection held open by the comet servlet is
 closed. I know this because I am getting END events in my log.
 The confusing part is, it will randomly fail, and when it does, subtype
 is null. When I  say randomly fail, I mean get the END event when you are
 not supposed to. Does subtype being null point to anything? This is so
 frustrating because it fails randomly. I am on Tomcat7 on linux. I can
 provide more info if its needed

Re: SSL redirect problems


John Smith wrote:

Not contradicting anything Daniel is saying, but maybe something to add,

and maybe that's the missing part of the original puzzle :

If Tomcat is expecting HTTPS requests on port 8443, then any re-direct or
response that it is sending back is going to include that port number after
the hostname.
(even inside the pages, if you use absolute URL links there).
So the browser who ultimately receives this, is going to try to talk to
port 8443.
But that will not work, if your front-end is expecting further requests on
port 443, and blocks 8443.
Unless in all your Tomcat responses, you arrange to replace any reference
to port 8443, by 443, before they reach the browser again.

Maybe using a browser plugin like HttpFox, LiveHttpHeaders or Fiddler2
would allow you to see more clearly what is going on there.



Well, that's the part that seems confusing. Left as default, I would have
thought connecting through the LB on 8443 would have worked. Actually I'm
still not clear on which part of the chain is having a problem. Originally,
I had no iptable redirect - I just added it in the great tradition of
programming - try everything and anything until it works. I don't care if
the user has to have 8443 in the URL. Just to be clear, you are suggesting
that then problem would be the iptables redirect?



No, I am not really going that far.  I am suggesting that that may be the kind of thing 
that is happening, and that you may want to investigate with a browser plugin, that the 
requests/responses are really what you are expecting.
Your initial explanation was a bit confusing and lacking in precise details, as to what 
the load balancer really does, where IPtables does what, and how your tomcats are 
configured (re Connectors, and possibly IPtables too).  So we're all kind of guessing 
here, and just trying to give you some tips, to either simplify your setup, or to figure 
out better what is happening.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL redirect problems



 No, I am not really going that far.  I am suggesting that that may be
 the kind of thing that is happening, and that you may want to investigate
 with a browser plugin, that the requests/responses are really what you are
 expecting.
 Your initial explanation was a bit confusing and lacking in precise
 details, as to what the load balancer really does, where IPtables does
 what, and how your tomcats are configured (re Connectors, and possibly
 IPtables too).  So we're all kind of guessing here, and just trying to give
 you some tips, to either simplify your setup, or to figure out better what
 is happening.



Well, lets remove the IP tables. I know the certs work because as I said I
can access them directly by going to either server on 8443 directly. The
connectors are configured correctly. There's no security info in web.xml.
The entire site should be available over SSL.

Using Charles, with LB:8443 I get connection refused - without any other
particularly useful info in the response.

Re: SSL redirect problems


John Smith wrote:



No, I am not really going that far.  I am suggesting that that may be

the kind of thing that is happening, and that you may want to investigate
with a browser plugin, that the requests/responses are really what you are
expecting.
Your initial explanation was a bit confusing and lacking in precise
details, as to what the load balancer really does, where IPtables does
what, and how your tomcats are configured (re Connectors, and possibly
IPtables too).  So we're all kind of guessing here, and just trying to give
you some tips, to either simplify your setup, or to figure out better what
is happening.




Well, lets remove the IP tables. I know the certs work because as I said I
can access them directly by going to either server on 8443 directly. The
connectors are configured correctly. There's no security info in web.xml.
The entire site should be available over SSL.

Using Charles, with LB:8443 I get connection refused - without any other
particularly useful info in the response.


There is no response, since you are not even able to connect to that IP:port.
If you are using the IP of the LB, then the LB is not accepting connections on 
port 8443.
You won't get much further, unless you solve that first.
But I thought that you wanted your users to access via port 443 ?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: NoSuchMethodError: org/apache/xml/utils/TreeWalker

On Fri, Aug 1, 2014 at 11:58 AM, Deme Carv demec...@gmail.com wrote:

 Sorry, it is my fault. Rational Application Development. Basicaly it is an
 IBM version of Eclipse. Let's say, like there is a Spring version of
 eclipse wich comes with Fabric server easily settled, IBM provides RAD wich
 has easily setting of Websphere. I guess that I am facing the error because
 some jar wich comes with RAD or Websphere is conflicting when I am using
 Xarlan but I am not that experienced in Xarlan so I don't know which I
 could try remove or update from the previous list.


First, please don't top post.  The convention adopted on this list is to
either reply inline (like this) or at the bottom of requests.

Second, maybe try running with the -verbose jvm option?  That should show
you what classes are loaded and from where they are loaded.  Look for the
class that is causing the problem and that should let you see if it's
loading the one you expect.

Dan





 2014-08-01 12:51 GMT-03:00 André Warnier a...@ice-sa.com:

  By the way, pardon my ignorance, but what's a RAD ?
  I did look it up in Google, but it comes up with either Rite Aid
  Corporation or a unit of nuclear radiation..
 
 
  Deme Carv wrote:
 
  Fistlly, thank you both of all for answering. I am very glad for very
  rapid
  comments. I attached a file in my original question which tells the jar
 I
  have in both situation. I guess it might not be delivered to the forum.
 I
  know that there is RAD involved but there are as well apache libraries
  included and I am sure there are a lot of people in this forum with huge
  experience in such libraries. I don't think my root cause is related to
  the
  Websphere server. I guess that there are some conflict between jars.
 Even
  though you might think different, could you at least tell me if you see
  some conflict in this libraries? The problem arises when
  apache.xalan.serialize.SerializerToXML run with libraries below.
 
  C:\IBM\SDP\runtimes\base_v61\lib
  C:\Rad\workspace\my_app\WebContent\WEB-INF\lib.
  eclipseproductactivation.jar
  activation-impl.jarclasses12.jaraspectjrt.jarcommons-
  collections.jarbase.jar
  commons-fileupload.jarbootstrap.jarcommons-io-1.4.jarbsf-engines.jar
  commons-logging.jarcommandlineutils.jaribmjzos.jarEJBCommandTarget.jar
  javax.jarffdcSupport.jarjstl.jarhtmlshell.jarjta.
  jarinstallver.jarjzos.jar
  installxml.jarlog4j-1.2.14.jariscdeploy.jarmail.jarivblogbr.jar
  quartz-1.6.0.jarIVTClient.jarquartz-all-1.6.0.jarj2ee.
  jarspring.jarjacl.jar
  standard.jarlaunchclient.jarxalan-2.4.1.jarlmproxy.jarxerces-1.4.4.jar
 
 mail-impl.jarmarshall.jarnif.jarpc-appext.jarphysicalrep.jarpmirm4arm.jar
  rrd-appext.jarrsadbutils.jarrsahelpers.jarserviceadapter.jar
  sib.api.jmsra.rarsib.ra.rarsljc.jarspy-sl.jarspy.
  jarsqlserver.jarstartup.jar
  tcljava.jarurlprotocols.jarutil.jarwsatlib.jarwsif-compatb.jar
 
 
  2014-08-01 9:05 GMT-03:00 Daniel Mikusa dmik...@pivotal.io:
 
   On Thu, Jul 31, 2014 at 8:13 PM, Deme Carv demec...@gmail.com wrote:
 
   I am getting the error from subject when running the below code in
  Websphere in my RAD. It is very interesting that this code doesn't
 cause
  any error in Server. The server runs up Tomcat 6 but I must set the
 same
  code to run in Websphere. I have searched for hours in web but I
 didn't
  find nothing that I could at least give a try. I attached a pdf with
 the
  libs that I found in each place. I guess that it might exist some
 
  conflict
 
  but I have no idea why it is working in Tomcat but it is not working
 in
  Websphere.
 
  Error message in browser:
 
  Error 500:
 
   org/apache/xml/utils/TreeWalker.init(Lorg/xml/
  sax/ContentHandler;Lorg/apache/xpath/DOMHelperV
 
  Error message in RAD console:
  java.lang.NoSuchMethodError:
 
   org/apache/xml/utils/TreeWalker.init(Lorg/xml/
  sax/ContentHandler;Lorg/apache/xpath/DOMHelperV
  NoSuchMethodErrors often occur when you have the wrong version of a
  library
  on your class path.  This happens because your code is looking for one
  version, that has method X while the library you've included has a
  different version without method X.
 
  I don't know a lot about WebSphere, but I do recall that it ships with
 an
  older set of libraries and that it prefers those libraries (it calls
 this
  parent first) over ones in the application (it calls this parent last).
   I've seen cases where switching to parent last mode has resolved
  similar
  issues.
 
  If that doesn't help, I second André's suggestion to look for help in a
  more appropriate forum.
 
  Dan
 
 
   at org.apache.xalan.serialize.SerializerToXML.seriali
  ze(SerializerToXML.java:2578)
 
  org.apache.xalan.serialize.SerializerToXML serializertoxml = new
  org.apache.xalan.serialize.SerializerToXML();
 
  My code snippet:
  java.io.FileWriter filewriter = new java.io.FileWriter(file);
 
  serializertoxml.setWriter(filewriter);
 
  serializertoxml.serialize(node); // the error happens here

Re: SSL redirect problems

2014-08-01 Thread David kerber


On 8/1/2014 12:35 PM, John Smith wrote:




No, I am not really going that far.  I am suggesting that that may be

the kind of thing that is happening, and that you may want to investigate
with a browser plugin, that the requests/responses are really what you are
expecting.
Your initial explanation was a bit confusing and lacking in precise
details, as to what the load balancer really does, where IPtables does
what, and how your tomcats are configured (re Connectors, and possibly
IPtables too).  So we're all kind of guessing here, and just trying to give
you some tips, to either simplify your setup, or to figure out better what
is happening.




Well, lets remove the IP tables. I know the certs work because as I said I
can access them directly by going to either server on 8443 directly. The
connectors are configured correctly. There's no security info in web.xml.
The entire site should be available over SSL.

Using Charles, with LB:8443 I get connection refused - without any other
particularly useful info in the response.



Is your LB configured to listen on 8443, or on 443?  It won't pick up 
the port it's supposed to listen on from the TC instances; you have to 
specify it.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL redirect problems

On Fri, Aug 1, 2014 at 11:49 AM, John Smith tomcat.ran...@gmail.com wrote:

 
   TC 7.0.54 / RHEL 6
  
   I have two physical servers, each running an instance of TC. The
 servers
   are behind a hardware loadbalancer. IPTables is routing request on 80
 to
   8080.
 
 
  This seems unnecessary.  If you have a hardware load balancer in front of
  Tomcat, it is the only thing that would ever talk to Tomcat.  Thus if you
  just configure it to go to port 8080 you don't need the iptables rule.  I
  can't imagine it's hurting anything, but just thought I'd mention it.


 Not at all, it would seem like a better choice than an OS level redirect
 like iptables.



   Tomcat runs under a non-root user. All good.
  
   I needed to protect an area of our webapp under SSL. Went ahead and
   installed the cert on each server. I can go directly to each server by
 IP
   under SSL and get the cert (with the expected IP doesn't match FQDN
   warning).
  
 
  You probably want the SSL certificate installed on your hardware load
  balancer.  End client's browsers are going to connect to the hardware
 load
  balancer, not Tomcat.  Thus you'd want the certificate there so your end
  users can benefit from it.
 
  Ex:  browser - HTTPS - load balancer - HTTP or HTTPS - Tomcat
 
  If you put an SSL certificate on your Tomcat servers, that would allow
 you
  to secure the connection between your load balancer and Tomcat.
  Depending
  on your network and security requirements this may or may not be
 necessary.
   I'd say most people don't do this because terminating SSL on the load
  balancer is sufficient.  It just depends on your requirements though.


 Ok, that makes sense. I think just on the loadbalancer will work. In our
 configuration, unencrypted traffic between the LB and the servers is
 subject to minimal risk, and our security requirements aren't critical.



   But when I go through the loadbalancer I can't access anything under
 port
   8443. I redirected 443 to 8443 on each TC server using IPTables, but
  still
   no luck.
  
   Is there anything I'm missing?
 
 
  The load balancer is almost certainly listening on port 80 and 443.  To
  test, you'd want to connect to the load balancer on one of those ports.
   The load balancer would then connect to one of your backend nodes and
  proxy the request on your behalf.  Your browser will not connect directly
  to the backend nodes (see my point above about not needing the iptables
  rule), unless you specifically point it to the ip address of one of the
  backend nodes.



 Sorry, I'm a bit unclear on this. What method of connecting would let me
 test?


To test, you would just open your browser and connect to the load balancer.
 For example, put http://you-lb-dns-name/ and for SSL
https://your-lb-dns-name.
 If everything works, you'll get a response from your application.

Behind the scenes, this will send a request to the load balancer, either
via HTTP or HTTPS.  If you're load balancer is functioning at layer 7, like
Mark mentioned, it'll get the HTTP request and proxy this to one of your
backend servers.  The backend server will then process the request and
return it to the load balancer.  The load balancer will then return the
response to your browser.

As your testing keep this process in mind.  If you encounter a problem just
try to break down the flow from your browser to the server and back.  If
you look at the request at each hop through this process, you can often
find where things went wrong.  For example, did the request hit the LB?  If
not, maybe we have a firewall issue or ports are configured right.  If so,
did it hit one of the backend servers?  If not, maybe there's a config
issue in the lb.  If it did, what response did it get?  A 4xx / 5xx error,
ok something went wrong on the backend, need to investigate the logs there
for more details.

Hope that helps to clarify.

Dan




  I think you'd want it on the load balancer.  Possibly with additional
 certs
  on your backend nodes, if you want HTTPS communication between the load
  balancer and the Tomcat nodes.
 
  Dan
 

 Thanks so much for the detailed and quick reply.
 John

Re: SSL redirect problems



 As your testing keep this process in mind.  If you encounter a problem just
 try to break down the flow from your browser to the server and back.  If
 you look at the request at each hop through this process, you can often
 find where things went wrong.  For example, did the request hit the LB?  If
 not, maybe we have a firewall issue or ports are configured right.  If so,
 did it hit one of the backend servers?  If not, maybe there's a config
 issue in the lb.  If it did, what response did it get?  A 4xx / 5xx error,
 ok something went wrong on the backend, need to investigate the logs there
 for more details.

 Hope that helps to clarify.

 Dan


Dan,

It did. It was one of those cases where the simplest answer was assumed but
not tested. The loadbalancer was not listening on 443 or 8443. I was able
to have it redirect 443 to 8443 successfully. I also took your advice and
redirected 80 to 8080 instead of using iptables.

Thanks for your help. So many knowledgeable people on here.

John

Re: SSL redirect problems




 Is your LB configured to listen on 8443, or on 443?  It won't pick up the
 port it's supposed to listen on from the TC instances; you have to specify
 it.


Nailed it. Simplest solution, I didn't even consider it.

Thanks,
John

Re: SSL redirect problems



  There is no response, since you are not even able to connect to that
 IP:port.
 If you are using the IP of the LB, then the LB is not accepting
 connections on port 8443.
 You won't get much further, unless you solve that first.
 But I thought that you wanted your users to access via port 443 ?


Thanks, This was the problem. So simple I should have looked there first.
Facepalms. I was able to redirect 443 to 8443 on the LB with success.

Re: SSL redirect problems

2014-08-01 Thread David kerber


On 8/1/2014 1:33 PM, John Smith wrote:






Is your LB configured to listen on 8443, or on 443?  It won't pick up the
port it's supposed to listen on from the TC instances; you have to specify
it.



Nailed it. Simplest solution, I didn't even consider it.

Thanks,
John



Thanks for letting us know what the issue was; many people never come 
back and tell us what fixed it.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL redirect problems

2014-08-01 Thread Mark Thomas

On 01/08/2014 17:06, John Smith wrote:
 On Fri, Aug 1, 2014 at 11:54 AM, Mark Thomas ma...@apache.org wrote:
 
 On 01/08/2014 16:30, Daniel Mikusa wrote:
 You probably want the SSL certificate installed on your hardware load
 balancer.  End client's browsers are going to connect to the hardware
 load
 balancer, not Tomcat.  Thus you'd want the certificate there so your end
 users can benefit from it.

 That depends on whether the load-balancer is operating at layer 4 or
 layer 7.

 Mark


 Mark, I have to check which layer it's operating at, but does that mean
 that, depending on the layer, the cert should *not* be on the LB?

TLS is layer 5 so if the LB is operating at layer 4 it can't host the
cert. Some LBs can operate at layer 5 so it will depend on your LB
and/or its configuration.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Restricting SSL access within webapp

In my webapp there's a directory '/admin' that's protected under SSL. Users
are forced to use SSL via a security constraint in web.xml. It works great.

As mentioned in the docs and other places, it would be good to prevent SSL
everywhere else on the site, but I searched around and couldn't find
anything that works.I tried adding another security constraint with
transport guarantee set to NONE for url-pattern '/*' but it didn't prevent
https access to the site as a whole.

What's the correct way to selectively restrict https to only one area of a
webapp?

TIA,
John

Re: SSL redirect problems



 Thanks for letting us know what the issue was; many people never come back
 and tell us what fixed it.

 My pleasure. This list is awesome.

Re: SSL redirect problems




 TLS is layer 5 so if the LB is operating at layer 4 it can't host the
 cert. Some LBs can operate at layer 5 so it will depend on your LB
 and/or its configuration.

 Mark


I see. That's good to know. The LB is at 7.

RE: Restricting SSL access within webapp

2014-08-01 Thread Caldarale, Charles R

 From: John Smith [mailto:tomcat.ran...@gmail.com] 
 Subject: Restricting SSL access within webapp

 What's the correct way to selectively restrict https to only one area of a 
 webapp?

Why would you want to do that?  Other than a few extra server CPU cycles, 
what's the harm in allowing SSL anywhere at the client's discretion?

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Restricting SSL access within webapp