Re: JMX currentThreadsBusy less than connections/requests when use APR connector

2017-03-08 Thread linbo liao
Hi, Here is the Connector configuration: I use wrk, the currentThreadsBusy is higher than the value in ab testing, but most of time is less than 40. ./wrk -t100 -c 100 -d 10s http://10.211.55.4:8080/ For APR connector, will it get one thread from the poll to deal with each request?

Spring fails with Tomcat 8.0.41 and unpackWARs=false

2017-03-08 Thread Thomas Meyer
Hi, if anybody else is hitting this: This commit seems to have broken the Spring when running under Tomcat with unpackWARs=false - https://github.com/apache/tomcat80/commit/7e767cc6efe79cdd367213da3c1f88711a29ad7a#diff-a72fb99b0729353084d2c437f749e718 I did open a Jira Bug report against

Re: Logging TLS Session Failures

2017-03-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Durga, On 3/8/17 10:02 AM, Durga Srinivasu Karuturi wrote: > We are using JSSE only not APR. Looking for handshake failures. > > Yes, using JSSE SSL debug, we are able to get all handshake > (-Djavax.net.debug=ssl:handshake) logs including

RE: Tomcat WebSocket does not always send asynchronous messages

2017-03-08 Thread Pesonen, Harri
Here are my versions of these test files: /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You

Re: Logging TLS Session Failures

2017-03-08 Thread Durga Srinivasu Karuturi
Chris, We are using JSSE only not APR. Looking for handshake failures. Yes, using JSSE SSL debug, we are able to get all handshake (-Djavax.net.debug=ssl:handshake) logs including success cases. These are still quite bit expense logs and meant for debug purposes. As you said it might impact

Re: JMX currentThreadsBusy less than connections/requests when use APR connector

2017-03-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Linbo, On 3/7/17 10:14 PM, linbo liao wrote: > I setup local environment to test Tomcat monitor. > > The Environment: > > Tomcat: 8.5.5 VM: Ubuntu 14.04.1 LTS HTTP PORT: 8080 IP: > 10.211.55.4 > > Tomcat use APR connector, I test the tomcat via

Re: Logging TLS Session Failures

2017-03-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Durga, On 3/8/17 9:29 AM, Durga Srinivasu Karuturi wrote: > We have a requirement in our application to log all TLS session > failures. Specifically, what kind of failures? Failed handshakes? Initial or re-negotiation? Are you using JSSE or APR?

RE: JMX currentThreadsBusy less than connections/requests when use APR connector

2017-03-08 Thread smith
Our production usage also has same phenomenon that my "currentThreadsBusy" always not high (3-5), but my "currentThreadCount" will go to 200-300 sometimes. I know that at some busy time, more threads will be created, so the thread pool get high, but at the same time, the busy threads will also

Logging TLS Session Failures

2017-03-08 Thread Durga Srinivasu Karuturi
Hi, We have a requirement in our application to log all TLS session failures. We are using Tomcat 8.5.11 using JSSE for SSL layer. Is there any way to configure tomcat to log/trace any TLS Failure on tomcat sessions? Thanks, Durga Srinivasu

RE: Tomcat WebSocket does not always send asynchronous messages

2017-03-08 Thread Pesonen, Harri
Hello, and sorry for top-posting, I don't know how to configure Outlook to do it differently. I was finally able to run your test. I had a lot of trouble doing it: * did not have SVN, downloaded TortoiseSVN * tried to open the project in IDEA, but failed miserably, I really hope that there was

RE: httpOnly issue

2017-03-08 Thread Pritchett, Mark S. (CONT)
Hi All I owe an apology, sorry. Although I'd removed all apps I hadn't removed the instrumentation settings from start up. With these removed the issue has gone away. Thanks for the support Mark -Original Message- From: Pritchett, Mark S. (CONT) Sent: 08 March 2017 13:29 To: Tomcat

Re: JMX currentThreadsBusy less than connections/requests when use APR connector

2017-03-08 Thread Suvendu Sekhar Mondal
Linbo, "currentThreadsBusy" is number of busy threads. These are the threads are being actively use. If you are seeing this count > 0 for long time(depending on your application type), then most likely you have "hung thread". In that case thread dump analysis will show you root of the problem.

RE: httpOnly issue

2017-03-08 Thread Pritchett, Mark S. (CONT)
Hi Mark The problem remains if I remove all the webapps except ROOT. Regards Mark -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 08 March 2017 13:23 To: Tomcat Users List Subject: Re: httpOnly issue On 08/03/17 12:53, Pritchett, Mark S.

Re: httpOnly issue

2017-03-08 Thread Mark Thomas
On 08/03/17 12:53, Pritchett, Mark S. (CONT) wrote: > Hi All > > My first posting. > > Server version: Apache Tomcat/7.0.67 > JVM Version:1.7.0_131-mockbuild_2017_02_07_02_15-b00 > > A vulnerability scan has shown that tomcat doesn't apply httpOnly to come > cookies. > I need to determine

httpOnly issue

2017-03-08 Thread Pritchett, Mark S. (CONT)
Hi All My first posting. Server version: Apache Tomcat/7.0.67 JVM Version:1.7.0_131-mockbuild_2017_02_07_02_15-b00 A vulnerability scan has shown that tomcat doesn't apply httpOnly to come cookies. I need to determine if this can be 'corrected'. We're scanning using ZAP,

Re: Propagation of Subject with JAAS and SecurityManager enabled

2017-03-08 Thread kommersz
Well, if there are no hints, here is my view. I checked the code for locations where org.apache.catalina.Globals.SUBJECT_ATTR (or the String "javax.security.auth.subject") is used. There are seemingly two locations: - org.apache.catalina.connector.Request.setUserPrincipal(...) -