Re: Websocket client with SSL and authentication
On 10/03/2017 02:41, radiatejava wrote: Tomcat team, I have few questions on websocket: Hi. I am not member of the Tomcat team, but I will try to give you some answer or hints... [...] 2. Is there any sample code for how to put in SSL (keystore and truststore) websocket client ? You should set that up at the JVM level, IMHO. If you really want to do that specifically for the WS client, you can see https://github.com/apache/tomcat/blob/trunk/test/org/apache/tomcat/websocket/TestWebSocketFrameClientSSL.java 3. I want to create a websocket client within the Tomcat jvm. I know there is an example TestWebSocketFrameClientSSL.java as part of Tomcat project but wanted to know if that is the only way to create a websocket. For example, if I have other websocket implementation libraries in my tomcat server lib folder, how do I ensure I get the implementation I want ? Which websocket implementation will I get when I do : ContainerProvider.getWebSocketContainer(); I had a similar problem, as I use both Tyrus and Tomcat WS clients. The implementation returned by ContainerProvider.getWebSocketContainer() was undefined. Sometimes Tyrus, sometimes Tomcat. So, I instantiate the specific type of each lib to be sure of what I get. For Tomcat WS client, this is : WebSocketContainer container = new WsWebSocketContainer(); Hope this helps, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to restrict access to specific webapp + denyStatus
On 09/03/17 23:51, Diego Gomes wrote: > My questions: > > - For the first statement, that configuration I did (Student.xml) is > the correct way? Yes. > - Why the 404 denyStatus is not working? > > I am running tomcat 7.0.11 http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?view=log Search for "denyStatus" Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What is the correct way to use scanManifest
On 10/03/17 00:14, Hoa Phan wrote: > looks like I can't overwrite the webapp context.xml with tomcat > context.xml. I have no control over the WAR file until tomcat deployed it :( I have confirmed (via remote debugging) that using ... in $CATALINA_BASE/conf/context.xml disables manifest processing. > If I try to use tomcat server.xml and add > > > > > > > inside it somehow breaks the webapp. That is expected. The above snippet is invalid in server.xml. > Is there any other way for me to set this scanmanifest to false. You need to figure out what you are doing wrong with conf/context.xml Mark > > Says if I took all the jars that I saw reported as > WARNING: Failed to scan... > java.io.FileNotFoundException: .../common/lib/jonas_timer.jar (No such file > or directory) > > And append them to: > tomcat.util.scan.StandardJarScanFilter.jarsToSkip > > in catalina.properties, would that help ? > > On Fri, Mar 10, 2017 at 10:33 AM, Mark Thomas wrote: > >> On 09/03/17 21:38, Hoa Phan wrote: >>> I'll try that and see how it goes, thanks Mark. Btw, when I was >> debugging I >>> couldn't find where this method get called at all: >>> public void setScanManifest(boolean scanManifest) { >>> this.scanManifest = scanManifest; >>> } >>> >>> This props default to true: >>> private boolean scanManifest = true; >>> >>> And the StandardJarScanner always been constructed like: >>> jarScanner = new StandardJarScanner(); >>> >>> How would scanManifest ever be set to false... >> >> Via the digester when processing server.xml or context.xml. Take a look >> at org.apache.catalina.startup.ContextRuleSet >> >> Mark >> >> >>> >>> Regards, >>> >>> Hoa Phan. >>> >>> >>> >>> >>> On Fri, Mar 10, 2017 at 6:44 AM, Mark Thomas wrote: >>> On 09/03/17 13:15, Hoa Phan wrote: > Hi, > > I see that since 8.0.38 we added a scanManifest props to JarScanner. > But when I added the props > into: container/tomcat8x/apache-tomcat-8.0.38/conf/context.xml > > > WEB-INF/web.xml > ${catalina.base}/conf/web.xml > > > > > > > > > It doesn't work and the prop is still true on startup: Hmm. That should work. Are you sure that file is being read at startup? One way to check is to deliberately break it and see what happens. Mark > > > Must I put this in the context.xml of the webapp itself. I deploy the > webapp via a war file and have no control over the war content until > tomcat deploys it which is too late... > > Is there any other way for me to turn this off using global config of > tomcat. > > Thanks much. > > Regards, > > Hoa Phan > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to restrict access to specific webapp + denyStatus
Thanks Mark! In that link just say that is possible, but do not say how to get 404 and not 403. Diego On 10 Mar 2017, at 06:17, Mark Thomas wrote: On 09/03/17 23:51, Diego Gomes wrote: > My questions: > > - For the first statement, that configuration I did (Student.xml) is > the correct way? Yes. > - Why the 404 denyStatus is not working? > > I am running tomcat 7.0.11 http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?view=log Search for "denyStatus" Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to restrict access to specific webapp + denyStatus
On 10.03.2017 11:04, Diego Gomes wrote: Thanks Mark! In that link just say that is possible, but do not say how to get 404 and not 403. No, what that link says, it that the denyStatus feature was only introduced in a later version of tomcat 7, than the one you are using. You should at least upgrade to the latest available tomcat 7 version, and preferably to the latest available tomcat version. See here : http://tomcat.apache.org/whichversion.html Diego On 10 Mar 2017, at 06:17, Mark Thomas wrote: On 09/03/17 23:51, Diego Gomes wrote: My questions: - For the first statement, that configuration I did (Student.xml) is the correct way? Yes. - Why the 404 denyStatus is not working? I am running tomcat 7.0.11 http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?view=log Search for "denyStatus" Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to restrict access to specific webapp + denyStatus
Ohh, I see now! Thanks Mark and André! I'll plan to upgrade it! Diego On 10 Mar 2017, at 07:10, André Warnier (tomcat) wrote: > On 10.03.2017 11:04, Diego Gomes wrote: > Thanks Mark! > > In that link just say that is possible, but do not say how to get 404 and not > 403. No, what that link says, it that the denyStatus feature was only introduced in a later version of tomcat 7, than the one you are using. You should at least upgrade to the latest available tomcat 7 version, and preferably to the latest available tomcat version. See here : http://tomcat.apache.org/whichversion.html > > Diego > > On 10 Mar 2017, at 06:17, Mark Thomas wrote: > > On 09/03/17 23:51, Diego Gomes wrote: > > > >> My questions: >> >> - For the first statement, that configuration I did (Student.xml) is >> the correct way? > > Yes. > >> - Why the 404 denyStatus is not working? >> >> I am running tomcat 7.0.11 > > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?view=log > > Search for "denyStatus" > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging TLS Session Failures
Thanks, Will explore JSSE options. On Thu, Mar 9, 2017 at 7:18 PM, Jammy Chen wrote: > If you are using JSSE which you mentioned in earlier post, you probably can > only enable debug for all or specially one > -Djavax.net.debug=ssl:record or -Djavax.net.debug=ssl:handshake - but it > will log all sessions > > You could try to register a customized SSL socket factory in JSSE, you may > extend the default sun impl to overwrite the method, catch the exception > and log the failure, and throw it. > > 2017-03-09 20:04 GMT+08:00 Durga Srinivasu Karuturi < > durgasriniv...@gmail.com>: > > > Our application meaning on RHEL machine within JVM with embedded tomcat > > (with single web-app) > > > > Okay, tomcat may not have this information on handshake failures. > > > > I need to see little higher level for capturing these failures. > > > > Thanks for answers so far. > > > > Thanks, > > Durga Srinivasu > > > > On Thu, Mar 9, 2017 at 3:44 PM, André Warnier (tomcat) > > wrote: > > > > > On 09.03.2017 09:34, Durga Srinivasu Karuturi wrote: > > > > > >> This is one of the requirement from FIPS/CC certification. > > >> > > >> Thanks, > > >> Durga Srinivasu > > >> > > >> > > > Durga, > > > > > > I believe that in your original post, you said : > > > "We have a requirement in our application to log all TLS session > > failures." > > > > > > You should probably have another look a the precise requirements, and > the > > > exact definition of "our application". > > > Because it may be that the requirements are wrong, as far as you are > > > concerned. > > > > > > It depends on what is included in "our application". > > > In the java servlet container (like Tomcat) terminology, an > "application" > > > is a webapp. > > > A webapp runs inside a servlet container. > > > The servlet container (here Tomcat) runs inside a java JVM. > > > The java JVM runs inside an OS. > > > The OS runs inside a host. > > > > > > In that hierarchy, a webapp only sees a request, when the servlet > > > container has received this request on one of its ports, and > "delegates" > > > the request to the webapp. > > > By that time, the webapp does not even know through which interface the > > > request came in, nor if that interface required HTTP, HTTPS or whatever > > > other communications protocol. > > > And if a TLS connection from a browser failed, the webapp is not even > > > called, so it does not know anything about it. > > > Of course the webapp cannot log a failure, if it is never called when > > that > > > failure happens. > > > > > > To move one level up : if a TLS connection from a browser fails, Tomcat > > > probably never even sees that (because the connection never reaches > > > Tomcat). So Tomcat cannot log this failure either. Tomcat is just > telling > > > some underlying layer of software (in the JVM, in the OS, or in some > > > external library), what kind of connections to accept. But it does not > > > manage these connections, it just "gets" a connection when it succeeds. > > > > > > So if you (your team, your company) is responsible for providing the > > whole > > > service, including the host, the OS, the JVM, the servlet container, > and > > > the webapp inside it, then the requirement may make sense. And then you > > > have to look for the component, at the right level, which can provide > > that > > > information. (But it is not the webapp, and it is not Tomcat). > > > > > > At the other extreme, if you are providing only the web application, > then > > > the requirement does not make sense /for you/, because it is > impossible. > > > It is not that it does not make sense in general, but "as part of the > > > webapp" it does not make sense. > > > > > > And that is what Christopher is also telling you (in a lot less words). > > > > > > > > > > > > On Wed, Mar 8, 2017 at 11:03 PM, Christopher Schultz < > > >> ch...@christopherschultz.net> wrote: > > >> > > >> -BEGIN PGP SIGNED MESSAGE- > > >>> Hash: SHA256 > > >>> > > >>> Durga, > > >>> > > >>> On 3/8/17 10:02 AM, Durga Srinivasu Karuturi wrote: > > >>> > > We are using JSSE only not APR. Looking for handshake failures. > > > > Yes, using JSSE SSL debug, we are able to get all handshake > > (-Djavax.net.debug=ssl:handshake) logs including success cases. > > These are still quite bit expense logs and meant for debug > > purposes. As you said it might impact performance that's the > > reason, trying for any other optimal solution here. > > > > >>> > > >>> I know of no way to be notified about handshake failures on the > server > > >>> side. You may not be able to fulfill this requirement if using Java > > >>> for your crypto. > > >>> > > >>> Honestly, I'm not sure why you care about failed TLS handshakes. Are > > >>> you trying to implement a NIDS in your application? This is > > >>> better-handled by a network component specifically-designed for this > > >>> kind of thing. > > >>> > > >>> - -chris > > >>> -BEGIN PGP SIGNA
Tomcat 7 installation on Sun Solaris 10
Hi All, We need to install tomcat 7.0.68 or higher version on Sun Solaris 10. Can you let me know if there is any version compatibility matrix for Tomcat 7 ? Thanks & Regards Subhro Paul Tata Consultancy Services Website: http://www.tcs.com Experience certainty. IT Services Business Solutions Consulting =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Re: Tomcat 7 installation on Sun Solaris 10
On 10/03/17 14:07, Subhro Paul wrote: > Hi All, > > We need to install tomcat 7.0.68 or higher version on Sun Solaris 10. Can you > let me know if there is any version compatibility matrix for Tomcat 7 ? http://tomcat.apache.org/whichversion.html The OS doesn't matter. What matters is the Java version available. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 8.0.x series roadmap
Hi All, Our product uses Tomcat 8.0.x series and we recently upgraded to tomcat 8.0.41 in our product. http://tomcat.apache.org/whichversion.html shows that 8.0.41 as superseded. So, I wanted to understand whether 8.0.x line is actively being maintained or not? We are primarily concerned about security vulnerability fixes and need to understand how long those would continue to be delivered on 8.0.x series. Moving to 8.5.x requires significant efforts from our side and thus trying to understand pros and cons of remaining on 8.0.x line. Thanks, KK
Required changes to move an app from TomEE 7.0.1 to Tomcat 8.5.11
I'm currently running a somewhat simple CXF/REST/Spring app in TomEE 7.0.1. It uses the CXF libraries in WEB-INF/lib, not in the container. It uses a couple of Environment strings, and some DataSource resources, all of which it gets from JNDI. I'm considering moving this app from TomEE to Tomcat, because as far as I can see, I don't need anything that TomEE provides over Tomcat, and I'm also running into classloader conflicts now that I've added more code using CXF pieces that I haven't used before. I'm pursuing those issues with the TomEE team (ok, Romain), as I'd like to get these issues resolved now that I've run into them, but I have to consider alternative strategies if it's going to take too long to get them resolved. If I attempt to port this to Tomcat, I'm guessing all of the required changes will be in "conf". It appears that in TomEE, I define DataSource Resources in "tomee.xml" and environment strings (and other things) in "Context.xml", but in Tomcat I define all of those in "Context.xml". I assume that's correct? I also need to understand if there are any syntax differences between the "Resource" entries I define in "tomee.xml" and the similar ones I define in "Context.xml" in Tomcat. For instance, in my DataSource Resources in TomEE, I set the "type" to "DataSource", although I see in the Tomcat example it uses "javax.sql.DataSource". Will both of these work in Tomcat? In my current app, I also define the other DataSource properties in the "body" of the "Resource" element, like "key = value", one on each line. In the Tomcat example, they are set as traditional XML attributes. I would also guess that both of these strategies would work in Tomcat, correct? I also have to determine what the required "JNDI prefix" is for Tomcat. Presently, in my TomEE app, I don't need a prefix for the environment entries, but I need to prefix my datasource JNDI names with "openejb:Resource/". What will I need to prefix my JNDI references with in Tomcat? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.x series roadmap
On 10/03/2017 16:21, KK Gupta wrote: > Hi All, > > Our product uses Tomcat 8.0.x series and we recently upgraded to tomcat > 8.0.41 in our product. > > http://tomcat.apache.org/whichversion.html shows that 8.0.41 as superseded. > So, I wanted to understand whether 8.0.x line is actively being maintained > or not? For now, yes but the expectation is users will move to 8.5.x sooner rather than later. > We are primarily concerned about security vulnerability fixes and need to > understand how long those would continue to be delivered on 8.0.x series. The initial plan was that these would have stopped already. The most likely scenario at the moment s that 8.0.x moves to a 3 to 6 monthly release cycle but that depends on there being a release manager to do the releases. > Moving to 8.5.x requires significant efforts from our side and thus trying > to understand pros and cons of remaining on 8.0.x line. Why so much work? 8.0.x to 8.5.x should be a fairly smooth upgrade. If there are problems it would help to know what they are. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
get NPE from NamingContextListener in app moved from TomEE to Tomcat
I have a CXF/REST/Spring/JDBC app running in TomEE (7.0.1). I've decided to try to move it to Tomcat (8.5.11) because of some classloader conflicts (CXF classes) I'm now seeing in trying to add some new code to the app. Initially, I'm just running the server in Eclipse. When I add the apps to Tomcat and start it up, without changing the server conf, it starts up, but it fails to find my JNDI resources (obviously). I have the following DataSource definition in the "tomee.xml" file in TomEE, which is working fine: -- testOnBorrow = true testOnReturn = true testWhileIdle = true logValidationErrors = true validationQuery = select 1 from dual JdbcDriver = oracle.jdbc.OracleDriver InitialSize = 2 MaxActive = 2 MinIdle = 2 MaxIdle = 2 JdbcUrl = ... UserName = ... Password = ... - When I attempt to add this Resource definition to the "context.xml" file in Tomcat 8.5.11, I see errors like the following, and Tomcat fails to start up: Caused by: java.lang.NullPointerException at java.util.StringTokenizer.(StringTokenizer.java:199) at java.util.StringTokenizer.(StringTokenizer.java:221) at org.apache.catalina.core.NamingContextListener.createSubcontexts(NamingContextListener.java:1300) at org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1081) at org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:661) at org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:249) - I've tried converting the Resource definition to look more "normal", but nothing I've tried makes any difference. This is the current state of it: -- -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Required changes to move an app from TomEE 7.0.1 to Tomcat 8.5.11
On 10/03/2017 16:29, KARR, DAVID wrote: > I'm currently running a somewhat simple CXF/REST/Spring app in TomEE > 7.0.1. It uses the CXF libraries in WEB-INF/lib, not in the > container. It uses a couple of Environment strings, and some > DataSource resources, all of which it gets from JNDI. > > I'm considering moving this app from TomEE to Tomcat, because as far > as I can see, I don't need anything that TomEE provides over Tomcat, > and I'm also running into classloader conflicts now that I've added > more code using CXF pieces that I haven't used before. I'm pursuing > those issues with the TomEE team (ok, Romain), as I'd like to get > these issues resolved now that I've run into them, but I have to > consider alternative strategies if it's going to take too long to get > them resolved. > > If I attempt to port this to Tomcat, I'm guessing all of the required > changes will be in "conf". It appears that in TomEE, I define > DataSource Resources in "tomee.xml" and environment strings (and > other things) in "Context.xml", but in Tomcat I define all of those > in "Context.xml". I assume that's correct? It is context.xml (case matters) but otherwise correct. > I also need to understand if there are any syntax differences between > the "Resource" entries I define in "tomee.xml" and the similar ones I > define in "Context.xml" in Tomcat. Almost certainly since these are container specific configuration files. > For instance, in my DataSource Resources in TomEE, I set the "type" > to "DataSource", although I see in the Tomcat example it uses > "javax.sql.DataSource". Will both of these work in Tomcat? No. Tomcat expects the full class name. > In my > current app, I also define the other DataSource properties in the > "body" of the "Resource" element, like "key = value", one on each > line. In the Tomcat example, they are set as traditional XML > attributes. I would also guess that both of these strategies would > work in Tomcat, correct? No. Tomcat requires the XML format. > I also have to determine what the required "JNDI prefix" is for > Tomcat. Presently, in my TomEE app, I don't need a prefix for the > environment entries, but I need to prefix my datasource JNDI names > with "openejb:Resource/". What will I need to prefix my JNDI > references with in Tomcat? java:comp/env Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: get NPE from NamingContextListener in app moved from TomEE to Tomcat
On 10/03/2017 17:39, KARR, DAVID wrote: > I have a CXF/REST/Spring/JDBC app running in TomEE (7.0.1). I've decided to > try to move it to Tomcat (8.5.11) because of some classloader conflicts (CXF > classes) I'm now seeing in trying to add some new code to the app. > > Initially, I'm just running the server in Eclipse. > > When I add the apps to Tomcat and start it up, without changing the server > conf, it starts up, but it fails to find my JNDI resources (obviously). > > I have the following DataSource definition in the "tomee.xml" file in TomEE, > which is working fine: > -- > > testOnBorrow = true > testOnReturn = true > testWhileIdle = true > logValidationErrors = true > validationQuery = select 1 from dual > JdbcDriver = oracle.jdbc.OracleDriver > InitialSize = 2 > MaxActive = 2 > MinIdle = 2 > MaxIdle = 2 > JdbcUrl = ... > UserName = ... > Password = ... > > - > > When I attempt to add this Resource definition to the "context.xml" file in > Tomcat 8.5.11, I see errors like the following, and Tomcat fails to start up: > > Caused by: java.lang.NullPointerException > at java.util.StringTokenizer.(StringTokenizer.java:199) > at java.util.StringTokenizer.(StringTokenizer.java:221) > at > org.apache.catalina.core.NamingContextListener.createSubcontexts(NamingContextListener.java:1300) > at > org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1081) > at > org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:661) > at > org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:249) > - > > I've tried converting the Resource definition to look more "normal", but > nothing I've tried makes any difference. This is the current state of it: > -- >testOnBorrow="true" testOnReturn="true" testWhileIdle="true" > logValidationErrors="true" validationQuery="select 1 from dual" > JdbcDriver="oracle.jdbc.OracleDriver" > InitialSize="2" MaxActive="2" MinIdle="2" MaxIdle="2" > JdbcUrl="..." > UserName="..." Password="..."> > > -- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: getRealPath is a bad idea?
Chuck >> How do you all configure the location of a special folder that is not >> part of the deployment package itself? A site-specific config file perhaps? > > Take a look at this: > http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html > > A element within allows specification of areas outside > of the Tomcat deployment that the webapp can access via ServletContext > .getResource() or getResourceAsStream(). Thanks for pointing that out. Hmm... It looks like getResourceAsStream might work. We use a library to processes the files. Currently we supply it with a java.io.File as an input source, but the library also can accept a java.io.InputStream for input too. -- Cris Berneburg CACI Lead Software Engineer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Moved app from TomEE to Tomcat, now getting Spring errors failing to go through proxy for XML validation
I have an app using CXF/REST/Spring/JDBC that is working pretty well in TomEE (7.0.1). I'm trying to move it to Tomcat (8.5.11) because it doesn't need to be in TomEE, and I'm having problems adding additional features due to aspects of TomEE. I'm first testing the port by running Tomcat in Eclipse. I had previously verified that the app works fine in the same environment when running in TomEE. I moved all of my Resource and Environment entries to the Tomcat context.xml file. When I start it up, I'm seeing errors like the following: --- org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 1 in XML document from ServletContext resource [/WEB-INF/applicationContext.xml] is invalid; nested exception is org.xml.sax.SAXParseException; systemId: http://.../ProxyWarning.html; lineNumber: 1; columnNumber: 3; The markup in the document preceding the root element must be well-formed. at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399) ... Caused by: org.xml.sax.SAXParseException; systemId: http://.../ProxyWarning.html; lineNumber: 1; columnNumber: 3; The markup in the document preceding the root element must be well-formed. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203) --- That URL that I've elided is the page we see in our enterprise when we try to reach the internet without going through our proxy. So, this app that was working fine in TomEE now is getting this proxy error when it runs in Tomcat. Any ideas what I might be missing? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JMX currentThreadsBusy less than connections/requests when use APR connector
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Linbo, On 3/9/17 7:31 PM, linbo liao wrote: > 1、The load-generating vm has 2 cores. With only 2 cores, you can only actually do 2 things at once. Perhaps you need more load-generating computers. > 2、Can I use currentThreadsBusy to monitor the performance of Tomcat > using APR connector? Yes, you can use that with any connector. The threads are Java threads. Only the underlying file descriptors are being managed by APR versus Java's BIO/NIO/2 stream managers. - -chris > 2017-03-10 0:42 GMT+08:00 Christopher Schultz > : > > Linbo, > > On 3/8/17 8:13 PM, linbo liao wrote: Here is the Connector configuration: >>> protocol="org.apache.coyote.http11.Http11AprProtocol" maxHttpHeaderSize="8192" maxThreads="400" acceptorThreadCount="4" maxKeepAliveRequests="-1" enableLookups="false" disableUploadTimeout="true" connectionTimeout="2" /> I use wrk, the currentThreadsBusy is higher than the value in ab testing, but most of time is less than 40. ./wrk -t100 -c 100 -d 10s http://10.211.55.4:8080/ > > I've never used wrk. How many CPU cores does your load-generating > computer have? > For APR connector, will it get one thread from the poll to deal with each request? > > For both NIO/2 and APR, you'll have one accepter thread (4 in your > case) and one poller thread for many (400 in your case) > request-processing threads. > > It's possible that your server is handling the requests fast > enough that they never pile-up enough to use more than 40 threads. > > Congratulations: you can handle the load you are putting on the > server. :) > > -chris > 2017-03-08 22:45 GMT+08:00 Christopher Schultz : Linbo, On 3/7/17 10:14 PM, linbo liao wrote: >>> I setup local environment to test Tomcat monitor. >>> >>> The Environment: >>> >>> Tomcat: 8.5.5 VM: Ubuntu 14.04.1 LTS HTTP PORT: 8080 >>> IP: 10.211.55.4 >>> >>> Tomcat use APR connector, I test the tomcat via ab >>> command, find JMX currentThreadsBusy < 10 all of the >>> time. >>> >>> ab -n 10 -c 100 10.211.55.4:8080/ >>> >>> I tried to search the reason but without the result. >>> For BIO each thread to handle one connection, so >>> currentThreadsBusy can show the performance of tomcat. >>> >>> But for APR connector, what's the meaning of >>> currentThreadsBusy? Please post your configuration. It seems that ab isn't a very good load-generator for several reasons. But you should be able to get more than Java 10 threads working at a tim e. You are probably expecting ~100 threads busy at all times, right? -chris > > -- - --- > > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: > users-h...@tomcat.apache.org > > >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYwuuvAAoJEBzwKT+lPKRYfCUP/1OEAoFvKMAY2Rmh9X0Gy+WN ZIfnZOOUnC3onnEpgCGxucxXzfkf9jGljhIIqr+mXYu1urbhpgUaoGXT8CS7S4bn SSE7GSQwaQ0dyqdzhc4F2/4LzMZ1J1u+Jakn/uQhlDv4eIrYMo4tNVGEaGdVA7jo hU6Auy4ATY5NW/0zeefnukq8fp+CyyMGPESJGsCDL5czVjZ8zXyHo/4Px2kGyryt 7GM/R+8RpapnrA3WFQs65MTMn7cQAbAZOSgvzUfCC6VQicn/rMuND07OgN7I4MUG soEpRDjwY/41ynEUL5wID6uHsWJ9KrRldybhSQzwpI3FVNPHDCe3hRxNWPN0eULT /u8fCK2jyswscRqfTuk1NKEQGJ4XQqMVo+Y0cJ9BAncUPA5OUN2zD/DLnIa06yLv OXs3HjyFgwwEN9wMBxQyMedam5BkcjzjD6A5zdIV0isHyROa3idVl3B8HYyslhk5 seLlCPOehr2MJsluzZjiciv4estnUf2Dm43aTc8c/1I12AMmLudAxkbGB5a4bkUt mb4LXpV+pPuQ/rdWrBAuyvfAXYvlgjKmcWrKltrpzFuTU+VLW8GC/1IsLwYlDcpW oilPZtfKEUp1hnsT8bKC1pywT3lX5MYT4acxbXcOAw1cSY+ocwPmum4J3NKBfcQP mR5U4hKAZ926OQYwC/f6 =E3ng -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: get NPE from NamingContextListener in app moved from TomEE to Tomcat
> -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Friday, March 10, 2017 9:42 AM > To: Tomcat Users List > Subject: Re: get NPE from NamingContextListener in app moved from TomEE > to Tomcat > > On 10/03/2017 17:39, KARR, DAVID wrote: > > I have a CXF/REST/Spring/JDBC app running in TomEE (7.0.1). I've > decided to try to move it to Tomcat (8.5.11) because of some classloader > conflicts (CXF classes) I'm now seeing in trying to add some new code to > the app. > > > > Initially, I'm just running the server in Eclipse. > > > > When I add the apps to Tomcat and start it up, without changing the > server conf, it starts up, but it fails to find my JNDI resources > (obviously). > > > > I have the following DataSource definition in the "tomee.xml" file in > TomEE, which is working fine: > > -- > > > > testOnBorrow = true > > testOnReturn = true > > testWhileIdle = true > > logValidationErrors = true > > validationQuery = select 1 from dual > > JdbcDriver = oracle.jdbc.OracleDriver > > InitialSize = 2 > > MaxActive = 2 > > MinIdle = 2 > > MaxIdle = 2 > > JdbcUrl = ... > > UserName = ... > > Password = ... > > > > - > > > > When I attempt to add this Resource definition to the "context.xml" > file in Tomcat 8.5.11, I see errors like the following, and Tomcat fails > to start up: > > > > Caused by: java.lang.NullPointerException > > at java.util.StringTokenizer.(StringTokenizer.java:199) > > at java.util.StringTokenizer.(StringTokenizer.java:221) > > at > org.apache.catalina.core.NamingContextListener.createSubcontexts(NamingC > ontextListener.java:1300) > > at > org.apache.catalina.core.NamingContextListener.addResource(NamingContext > Listener.java:1081) > > at > org.apache.catalina.core.NamingContextListener.createNamingContext(Namin > gContextListener.java:661) > > at > org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingCont > extListener.java:249) > > - > > > > I've tried converting the Resource definition to look more "normal", > but nothing I've tried makes any difference. This is the current state > of it: > > -- > > auth="Container" > > name="jdbc/tst36" not id=... That was it, thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Websocket client with SSL and authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern. On 3/9/17 8:41 PM, radiatejava wrote: > Tomcat team, I have few questions on websocket: > > 1. I am looking for Java websocket client sample code that uses > basic (user) auth. AIUI, you'll have to authenticate using standard HTTP WWW-Authenticate, and *then* upgrade your connection to WebSocket. > 2. Is there any sample code for how to put in SSL (keystore and > truststore) websocket client ? https://bz.apache.org/bugzilla/show_bug.cgi?id=55801 Specify an SSLContext in your user properties: http://tomcat.apache.org/tomcat-8.0-doc/web-socket-howto.html#Tomcat_Web Socket_specific_configuration - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYwu4MAAoJEBzwKT+lPKRYreEQALIPJL4tmb9dOL7S+Phhh/YO Kxw77Gj7Axm6OG6f6i7CKINIHJcOoZrzZiMTFOE4aqdVbWkePafwIXbOZV8sD1et GPgvVHrpbGtJOc9C1Z8fxkGDn78fFFjPc6weKoyQMUAu2Glc7ux77J6kESZp3QVL fbKdf/iE0aXRUf1XX074KrPgTjZEzvglJUz87jwrq8YtRsKp8KW1XWQ+RdW9TxOh gRYe8a9Oap8/QBZwbpkQIOxRZqDSQjYg8rsma/aBA0Q4heLz1gmZJMlxcc6FRaIu VpifrHj3SV2YCig/oTU2iH+LSvZVJI1AHeMvTTqLNO0J6QGnTXN0BTsUHVDbHjeW c59MbUIkF5qVK1gUTETiMtdOxBBVNv6IbU8oAaITZ4OoZPk3/IVRV2UPmN3oCqD3 IdsLKPNRN7y/9UKjs8cNdo8vqg3rDKL7xLAkBcIJKmo0GCrUFXC9XfSUgV9BAQih R41QoyHxPRNxv8LCnqX/rA1718oLoMDXfq2K7QviJfo2crn65kM6OvdGuml7llBX h/tl02gAIoapdnkool9gi34/opuWmfiY4kluZUBAIp5r/0QYd7WKa78fimv1GQVC pMnhcaD3P1tadeaDIFl92yUVWIXbcCGpiUC9ZBRg7FlW3Ttl1wXaDQ+E/rkKVk2l wLNTn5gLK3xPR++txDaK =W59o -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: getRealPath is a bad idea?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cris, On 3/10/17 12:56 PM, Berneburg, Cris J. - US wrote: > Chuck > >>> How do you all configure the location of a special folder that >>> is not part of the deployment package itself? A site-specific >>> config file perhaps? >> >> Take a look at this: >> http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html >> >> A element within allows specification of >> areas outside of the Tomcat deployment that the webapp can access >> via ServletContext .getResource() or getResourceAsStream(). > > Thanks for pointing that out. Hmm... It looks like > getResourceAsStream might work. We use a library to processes the > files. Currently we supply it with a java.io.File as an input > source, but the library also can accept a java.io.InputStream for > input too. Don't forget to close the InputStream when you are done ;) I see a ton of code like this: configureFromPropertiesFile(app.getResourceAsStream("/config.file")) I suspect the JVM does finally close all that junk up, but it's really bad programming practice IMHO. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYwu8eAAoJEBzwKT+lPKRYxuEQAKdgNAu6UvD1MM7faL/BrIzX VnYoBlpMwJ8wEWBRqtg7MrLkhzCFnhrtO/hhVxc2tAeliz2Pk7VlXMv34vlt/uCl r/t+o4lPju9WsJaT1AmjkytBGLum9Ab5VBMbmsS/jtyiJ9iC/ghR0VbJJG6yB3B9 +Ycbfb9wodLXJ5UYzzNEuLBOndR3P1etw1OSRRxdG8g8eI3GPYM+L8NeqP7s9jhf 9up3PbT0k1GOo4Jhqo1bvzBoMEfVptQKn2E+QzrtaeYcMNPS7Slr79gWG8jBYEeV cfIDxhQ1nIabmT4Rqke1K/Ek/duTRXXIuPj1QNVSr0uEgi3pgfaNgQCyhwjj32+l U1PFOXeADoCh/ofzpGUoxnkXhXNXCNPFdjvmpjUwahB6x1YqgIPqOEZvIbuCiAnT yPlBncszQlpurrsmR7AWvW28p8NhScjwYYeGG6VRfBhLKMLvTrnfSeQBNcq//vfn wPSyVpn4zH28X2Mqe83VYCLXqXne5QPITffshOFYylUQPhikrSdLSgylCl6Cnoya n/cqjCmJTVrOH+BBiIOtjYZWDCvodX6E95W+pUb4BOtrdp1a5A31L58RU3hiorqo xv1ZbWWpUASNTQXJQFkJMGYNCU2aRbxgW6/65Tv6chgpF1pDa5xKN43ArVyhsoIu y1uf4m+Q8hgeM8Fvv2XA =gSr+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Moved app from TomEE to Tomcat, now getting Spring errors failing to go through proxy for XML validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 3/10/17 1:07 PM, KARR, DAVID wrote: > I have an app using CXF/REST/Spring/JDBC that is working pretty > well in TomEE (7.0.1). I'm trying to move it to Tomcat (8.5.11) > because it doesn't need to be in TomEE, and I'm having problems > adding additional features due to aspects of TomEE. > > I'm first testing the port by running Tomcat in Eclipse. I had > previously verified that the app works fine in the same > environment when running in TomEE. > > I moved all of my Resource and Environment entries to the Tomcat > context.xml file. > > When I start it up, I'm seeing errors like the following: > --- > org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: > > Line 1 in XML document from ServletContext resource > [/WEB-INF/applicationContext.xml] is invalid; nested exception is > org.xml.sax.SAXParseException; systemId: > http://.../ProxyWarning.html; lineNumber: 1; columnNumber: 3; The > markup in the document preceding the root element must be > well-formed. at > org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBe anDefinitions(XmlBeanDefinitionReader.java:399) > > > ... > Caused by: org.xml.sax.SAXParseException; systemId: > http://.../ProxyWarning.html; lineNumber: 1; columnNumber: 3; The > markup in the document preceding the root element must be > well-formed. at > com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXP arseException(ErrorHandlerWrapper.java:203) > > > - --- > > That URL that I've elided is the page we see in our enterprise > when we try to reach the internet without going through our proxy. > > So, this app that was working fine in TomEE now is getting this > proxy error when it runs in Tomcat. Any ideas what I might be > missing? That error seems to be that the markup is bad. Are you saying that the markup is bad because the resource you are requesting ends up being an HTTP BAD REQUEST or other response rather than the XML document you are expecting? How did you have TomEE configured for a proxy before? Generally, proxies are configured for the whole JVM. http://stackoverflow.com/questions/120797/how-do-i-set-the-proxy-to-be-u sed-by-the-jvm In Tomcat, you generally do this in one of two ways: 1. For a standard command-line launch (e.g. testing, *NIX systems, etc.) create/edit CATALINA_BASE/bin/setenv.sh and add the following line : CATALINA_OPTS="$CATALINA_OPTS -Dhttp.proxyHost=... ..." 2. For Windows Service-based services, open the Tomcat Service Manager (tomcatXw.exe //ES//) and add the appropriate system properties to the "system properties" tab. FYI There will be a few presentations at TomcatCon/ApacheCon in Miami in May. that might interest you, including a presentation by Romain on TomEE and Meecrowave. http://events.linuxfoundation.org/events/apachecon-north-america/attend/ register- Hope that helps, - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYwvEIAAoJEBzwKT+lPKRYDWQP/2ohd4RsfEmWSJD/9SJaSSGT 16seqbJqIg6rmwpREZNa7I++YOoiBFImKyeRlYTwQFfZP46cbJymrpLzwp8P73dX SwG5szY9atjAQ+sdYUDksv/meCc5XvjDrF4em/dr2C7XPkcvoXy+lqRarTzHwrDU gtrqd30+ULsDaY2AmGCiekHqP8+N8SJAqS0iiat3fwTyrIuGS8Cxc0PC5e55aGl9 gBQPVibu0e0V3KtGGltsA3HqCKzn2cWhyMyXTNLn01qyXLwwQ2nMyuIuxMfaS2Mz LQkaxAja6e8SZg1cWZDNurjaEFxsOCSAK+nSjoztph6+9Cukp4gA1E1v33DjMGAp nnqoGZi9RWu5Le/kr7BHcOxgAEnWahPBvgyglOY2x57xfoqjUjcY7bJhUXSiEXix E0nmybgXmutA8ugnqdGnUVQx+K1vAq+bMu8oIafkKYYA/JnLPHr/mXDI6Y7PGcdX 3BOlDd6ORq+jMg8P8AktDPYyBnnq/OYX7rdpNpIoVWNFsPoSfb7tChNJgPFRSODf c+c8BISqxYyNECQh6y+HTTbadg8xU9vnb46AJg10mjn78tdvykjfRveGQVj5JJA4 G47G8P3b4sztO3KXNvPkbtCXbasrf0O1XZRBSeHNjhadyT7EXhRbGoqXMxe1aUHv cx7/QMdM5nGexmcfTtoj =VCwa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: getRealPath is a bad idea?
Chris Thanks for taking the time to help me out. I appreciate it. Sorry, my response is kinda wordy. :-P > If you really REALLY want a file path, you could use the catalina.base system > property or the tmpdir and go from there. The former is Tomcat-specific, of > course, and the tmpdir would be *anywhere*, but if you just really REALLY need > a path on the disk, you could get it from there. Aha! Yes, that could work. >> Also, maybe I'm not asking the right question. How do you all >> configure the location of a special folder that is not part of the >> deployment package itself? A site-specific config file perhaps? > > Well-known location like /etc/myapp/config.cfg? Well-known > configuration URL like https://internal-config.myapp.com/config.cfg? Actually it's Windows. Also, the config file should live in a folder that is (1) obvious and (2) we have access to. >> Currently I'm using getRealPath for a relative-path location > [SNIP] > > If the file can be bundled with the WAR file (which would be best), then you > should get > ServletContext.getResource("/path/rooted/in/the/WAR/file/config.cfg"). Unfortunately it's a site-specific configuration, meaning the value for the setting may be different for each environment, so it really cannot be bundled as-is. The file would need to be tweaked before starting the webapp. Well, I suppose it could be bundled if, after deploying the webapp, we extracted the config file, modified it for the current location, and then reinserted it into the WAR file... But that sounds like a lot of work and not what you intended anyway. ;-) Actually, that's exactly how we handle other custom settings, only without using a WAR file. It's clumsy, and I wish there were a better way of doing it. So instead of having to tweak the configuration after every deployment, we would only do it 1x for the first time the application is installed. That would be great. I'm not sure I understand how to configure a custom resource or am even grasping the concept. Can the resource (config file location) be defined in the application context web.xml? If so, wouldn't it already be too late since that would mean the config file is already bundled with the application? Unless the location of the config file in the resource definition can be expressed as an OS-path (not virtual) to point outside of the webapp's home. Guess I could explain it better. It's a custom report-generation engine. A template file is read by a library, processed, dumped to an output file, then served to the client. There is a folder with template input files and another folder with the output files. Based on what you and Chuck said, it looks like the input templates can be claimed as Resources. Since the library can accept a java.io.InputStream, then the input templates could be included in a WAR file, if we used one. However, the output folder needs to live outside a WAR file, and we need a non-virtual way of specifying the folder (an actual OS path) so the library can write the output there. AND we currently don't use a WAR file. But we could, provided the config file issue can be taken care of. If so, how do you resolve a virtual path to a resource outside the WAR file since it's outside the package "folder" structure of the WAR? Hence the use of getRealPath, so all this configuration juggling can simply be bypassed. I feel like I'm stuck in a "which came first, the chicken or the egg" loop. -- Cris Berneburg CACI Lead Software Engineer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Moved app from TomEE to Tomcat, now getting Spring errors failing to go through proxy for XML validation
> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, March 10, 2017 10:32 AM > To: Tomcat Users List > Subject: Re: Moved app from TomEE to Tomcat, now getting Spring errors > failing to go through proxy for XML validation > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > David, > > On 3/10/17 1:07 PM, KARR, DAVID wrote: > > I have an app using CXF/REST/Spring/JDBC that is working pretty well > > in TomEE (7.0.1). I'm trying to move it to Tomcat (8.5.11) because it > > doesn't need to be in TomEE, and I'm having problems adding additional > > features due to aspects of TomEE. > > > > I'm first testing the port by running Tomcat in Eclipse. I had > > previously verified that the app works fine in the same environment > > when running in TomEE. > > > > I moved all of my Resource and Environment entries to the Tomcat > > context.xml file. > > > > When I start it up, I'm seeing errors like the following: > > --- > > org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: > > > > > Line 1 in XML document from ServletContext resource > > [/WEB-INF/applicationContext.xml] is invalid; nested exception is > > org.xml.sax.SAXParseException; systemId: > > http://.../ProxyWarning.html; lineNumber: 1; columnNumber: 3; The > > markup in the document preceding the root element must be well-formed. > > at > > org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBe > anDefinitions(XmlBeanDefinitionReader.java:399) > > > > > > > ... > > Caused by: org.xml.sax.SAXParseException; systemId: > > http://.../ProxyWarning.html; lineNumber: 1; columnNumber: 3; The > > markup in the document preceding the root element must be well-formed. > > at > > com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXP > arseException(ErrorHandlerWrapper.java:203) > > > > > > > - --- > > > > That URL that I've elided is the page we see in our enterprise when we > > try to reach the internet without going through our proxy. > > > > So, this app that was working fine in TomEE now is getting this proxy > > error when it runs in Tomcat. Any ideas what I might be missing? > > That error seems to be that the markup is bad. Are you saying that the > markup is bad because the resource you are requesting ends up being an > HTTP BAD REQUEST or other response rather than the XML document you are > expecting? The former, as it fails to get through the proxy. > How did you have TomEE configured for a proxy before? Generally, proxies > are configured for the whole JVM. Curiously, I can't find any evidence that I had configured a proxy for TomEE. I never saw this error when running the app in TomEE. > In Tomcat, you generally do this in one of two ways: > > 1. For a standard command-line launch (e.g. testing, *NIX systems, > etc.) create/edit CATALINA_BASE/bin/setenv.sh and add the following line > : > > CATALINA_OPTS="$CATALINA_OPTS -Dhttp.proxyHost=... ..." That worked, thanks. > 2. For Windows Service-based services, open the Tomcat Service Manager > (tomcatXw.exe //ES//) and add the appropriate system properties to the > "system properties" tab. > > FYI There will be a few presentations at TomcatCon/ApacheCon in Miami in > May. that might interest you, including a presentation by Romain on > TomEE and Meecrowave. > > http://events.linuxfoundation.org/events/apachecon-north-america/attend/ > register- Thanks. Hopefully those will be recorded.
Re: getRealPath is a bad idea?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cris, On 3/10/17 2:02 PM, Berneburg, Cris J. - US wrote: > Chris > > Thanks for taking the time to help me out. I appreciate it. > Sorry, my response is kinda wordy. :-P > >> If you really REALLY want a file path, you could use the >> catalina.base system property or the tmpdir and go from there. >> The former is Tomcat-specific, of course, and the tmpdir would >> be *anywhere*, but if you just really REALLY need a path on the >> disk, you could get it from there. > > Aha! Yes, that could work. It will work, but it's going to suck. :( >>> Also, maybe I'm not asking the right question. How do you all >>> configure the location of a special folder that is not part of >>> the deployment package itself? A site-specific config file >>> perhaps? >> >> Well-known location like /etc/myapp/config.cfg? Well-known >> configuration URL like >> https://internal-config.myapp.com/config.cfg? > > Actually it's Windows. Also, the config file should live in a > folder that is (1) obvious and (2) we have access to. > >>> Currently I'm using getRealPath for a relative-path location >> [SNIP] >> >> If the file can be bundled with the WAR file (which would be >> best), then you should get >> ServletContext.getResource("/path/rooted/in/the/WAR/file/config.cfg") . > >> >> > Unfortunately it's a site-specific configuration, meaning the > value for the setting may be different for each environment, so it > really cannot be bundled as-is. The file would need to be tweaked > before starting the webapp. > > Well, I suppose it could be bundled if, after deploying the > webapp, we extracted the config file, modified it for the current > location, and then reinserted it into the WAR file... But that > sounds like a lot of work and not what you intended anyway. ;-) > Actually, that's exactly how we handle other custom settings, only > without using a WAR file. It's clumsy, and I wish there were a > better way of doing it. So instead of having to tweak the > configuration after every deployment, we would only do it 1x for > the first time the application is installed. That would be great. That's super-ugly. Better to have an external configuration file. That supports the Principle of Least Surprise[1]. > I'm not sure I understand how to configure a custom resource or am > even grasping the concept. Can the resource (config file > location) be defined in the application context web.xml? If so, > wouldn't it already be too late since that would mean the config > file is already bundled with the application? Unless the location > of the config file in the resource definition can be expressed as > an OS-path (not virtual) to point outside of the webapp's home. I would use a well-known location for the file. Maybe the application can be installed anywhere, but the config file needs to be in %APPDATA%\YourCompany\YourProduct\config.properties Would that be okay? Or are you saying that you need to do things like configure the JNDI DataSource that would usually be in context.xml? > Guess I could explain it better. It's a custom report-generation > engine. A template file is read by a library, processed, dumped > to an output file, then served to the client. There is a folder > with template input files and another folder with the output > files. Neither of those are in the WAR, right? Obviously, not the output files, but what about the input templates? > Based on what you and Chuck said, it looks like the input > templates can be claimed as Resources. Since the library can accept > a java.io.InputStream, then the input templates could be included > in a WAR file, if we used one. Be specific when you use a term like "Resources". That has a special meaning to Tomcat, and actually multiple meanings depending upon the context. Which did you mean, here? You can certainly include the templates in the WAR file, but I suspect that one of your features is clients being able to build their own templates? > However, the output folder needs to live outside a WAR file, and > we need a non-virtual way of specifying the folder (an actual OS > path) so the library can write the output there. AND we currently > don't use a WAR file. But we could, provided the config file issue > can be taken care of. If so, how do you resolve a virtual path to > a resource outside the WAR file since it's outside the package > "folder" structure of the WAR? To WAR or not to WAR, that isn't really the question. But you should always work as if you were confined to a WAR file. To directly answer your question about translating virtual paths to real paths, the answer is "you can't (at least not reliably)". > Hence the use of getRealPath, so all this configuration juggling > can simply be bypassed. > > I feel like I'm stuck in a "which came first, the chicken or the > egg" loop. I would go for a well-known-location and just tell your customers "the config file has to go HERE". Maybe y
Re:[OT] get NPE from NamingContextListener in app moved from TomEE to Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/10/17 12:42 PM, Mark Thomas wrote: > On 10/03/2017 17:39, KARR, DAVID wrote: >> I have a CXF/REST/Spring/JDBC app running in TomEE (7.0.1). I've >> decided to try to move it to Tomcat (8.5.11) because of some >> classloader conflicts (CXF classes) I'm now seeing in trying to >> add some new code to the app. >> >> Initially, I'm just running the server in Eclipse. >> >> When I add the apps to Tomcat and start it up, without changing >> the server conf, it starts up, but it fails to find my JNDI >> resources (obviously). >> >> I have the following DataSource definition in the "tomee.xml" >> file in TomEE, which is working fine: -- >> testOnBorrow = true >> testOnReturn = true testWhileIdle = true logValidationErrors = >> true validationQuery = select 1 from dual JdbcDriver = >> oracle.jdbc.OracleDriver InitialSize = 2 MaxActive = 2 MinIdle = >> 2 MaxIdle = 2 JdbcUrl = ... UserName = ... Password = ... >> - >> >> When I attempt to add this Resource definition to the >> "context.xml" file in Tomcat 8.5.11, I see errors like the >> following, and Tomcat fails to start up: Caused >> by: java.lang.NullPointerException at >> java.util.StringTokenizer.(StringTokenizer.java:199) at >> java.util.StringTokenizer.(StringTokenizer.java:221) at >> org.apache.catalina.core.NamingContextListener.createSubcontexts(Nami ngContextListener.java:1300) >> >> at org.apache.catalina.core.NamingContextListener.addResource(NamingContext Listener.java:1081) >> at >> org.apache.catalina.core.NamingContextListener.createNamingContext(Na mingContextListener.java:661) >> >> at org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingCont extListener.java:249) >> - >> >> I've tried converting the Resource definition to look more >> "normal", but nothing I've tried makes any difference. This is >> the current state of it: -- > id="jdbc/tst36" type="javax.sql.DataSource" auth="Container" > > name="jdbc/tst36" not id=... Hmm. When 'name' is null we should have a better behavior than NPE. :( - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYwwgwAAoJEBzwKT+lPKRYLlsQAImSopWlV03jve4cZaGtli9F qJGKdhl6IvMbzvWn1LGyUQ1ckPddR9LETy1pUcfoffKDdfpHx6LbOUCA8pcKsBD6 67SzS5ynruQlZZb3ikJA+R4GpNZ1LNu7zu0VPogV7BW7U09kTuoDlhO6pfYJ5DuW br9NtxR/6en5uWi77w8+0P3fLyCnUcxtatmw/o3P8DCUGrX5LIhj7NvRdyEEmSY6 HbOsIB83bP3deC1yRdx3/7O5jVn7Go8aL8B5rjHuu3am3HRHD1RZArSSg5FCS3zd Bt08yC4FumFBExRf6XRyjU544tygSe0Y1AEliiQb/i+e8s0CnpsDuz2QKm8t2CaG yCNElAYubjyzeG1dvBM7rarP3vJv/QRRhJ3eZ7KuxnxRZX9LOYIQoZfYxuYEeTUg Qs3neW1c1ESIezD4isFnfQALk0QSzPX+A2Btr8wzCUQWNOiN/MD3udVfafpuPVkY FqZdhb1aPu03SScv/y2luUTJpKtxdGz9cXjMz9dp6lcbDtOAFBzP93CrMy4vWYXs vryD9gbMVvuA7hWeKiTkIAIdoTCAw9Z3DxLpohC5v+3CCAy3Au37ke3kXE4ZAwh5 dERhqY78F00bbf3OI2VlNQdV75anDiyD3nuVS4D82w3OL1od4MIYCueU0sDzSwfI fueFuqYlmqZSLvRXTo3Y =GKYG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re:[OT] get NPE from NamingContextListener in app moved from TomEE to Tomcat
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re:[OT] get NPE from NamingContextListener in app moved from TomEE > to Tomcat > > name="jdbc/tst36" not id=... > Hmm. When 'name' is null we should have a better behavior than NPE. :( It gets your attention... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: getRealPath is a bad idea?
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: getRealPath is a bad idea? > I would use a well-known location for the file. Maybe the application > can be installed anywhere, but the config file needs to be in > %APPDATA%\YourCompany\YourProduct\config.properties An alternative is to have the customer define the location in a Java system property via setenv.bat (or sevice properties) when installing the webapp. (I know, not pretty, but it's the webapp doing the lookup, not Tomcat.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org