Re: HP-UX Tomcat refuses connections after boot
Hi, It seems like one of the lines in your catalina.sh file can't find the "touch" command. I'm guessing that starting/stopping manually is not quite the same thing as the server coming up via "/sbin/rc3.d/S998Tomcat start" when it comes to the path that has the touch command in it. On 1/29/07, mocherla14 <[EMAIL PROTECTED]> wrote: Effect: Right after booting from HP-UX PA-RISC, Tomcat refuses connections. Description: No startup error messages are logged and processes are up and running. Checking /etc/rc.log: Starting Tomcat server Output from "/sbin/rc3.d/S998Tomcat start": Using CATALINA_BASE: /opt/mediation/Tomcat5.5 Using CATALINA_HOME: /opt/mediation/Tomcat5.5 Using CATALINA_TMPDIR: /opt/mediation/Tomcat5.5/temp Using JRE_HOME: /opt/mediation/java/jre15_15002 /opt/mediation/Tomcat5.5/bin/catalina.sh[233]: touch: not found. If Tomcat is manually stopped and restarted, it accepts connections. -- View this message in context: http://www.nabble.com/HP-UX-Tomcat-refuses-connections-after-boot-tf3140138.html#a8703374 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
HP-UX Tomcat refuses connections after boot
Effect: Right after booting from HP-UX PA-RISC, Tomcat refuses connections. Description: No startup error messages are logged and processes are up and running. Checking /etc/rc.log: Starting Tomcat server Output from "/sbin/rc3.d/S998Tomcat start": Using CATALINA_BASE: /opt/mediation/Tomcat5.5 Using CATALINA_HOME: /opt/mediation/Tomcat5.5 Using CATALINA_TMPDIR: /opt/mediation/Tomcat5.5/temp Using JRE_HOME: /opt/mediation/java/jre15_15002 /opt/mediation/Tomcat5.5/bin/catalina.sh[233]: touch: not found. If Tomcat is manually stopped and restarted, it accepts connections. -- View this message in context: http://www.nabble.com/HP-UX-Tomcat-refuses-connections-after-boot-tf3140138.html#a8703374 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking again
John and Peter SE seems definitely O/T so please email me offline on this topic of Social Engineering..Perhaps this is a project which the government never discloses? Admittedly I have no information as to the definition and or implications of such a plan Thanks, Martin-- --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. - Original Message - From: "John Caron" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Monday, January 29, 2007 3:17 PM Subject: Re: session hijacking again > Hi Peter: > > Peter Stavrinides wrote: >> Do you use Java? > > yes > >> >> We are a financial institution, we use a Java Framework based on >> servlets with SSL, but if you ask my opinion SSL is not the big issue. >> The vast majority of hacked sites are social engineering attacks. Secure >> your database (do not store clear text passwords in the database) >> minimize access of staff, require strong passwords (8 characters and >> numbers). No strategy or amount of code is foolproof, although yes It is >> also worth the extra effort to make your application a bit smart, but it >> is better to focus your attention on preventing social engineering, >> because no matter how clever you make it if the passwords are easily >> guessed or users careless its all for nothing. >> >> Design your application like a container that reloads its body, that way >> you can implement security and logging application wide with minimal code. >> >> We secure our application like this: on login (after authentication) we >> store in state for the duration of that session, the users unique id and >> session id and for logging purposes the current IP. (no cookies etc are >> used at all, because cookies are stored on the client which is out of >> our control). > > doesnt the client have to return a jsessionid cookie? > >> >> We perform a check for each new login to ensure at least the user id and >> session id does NOT exist in state before allowing the new login. We do >> not allow two concurrent logins with the same account. >> >> If you wish to implement session id switching you have to destroy the >> users old session and recreate it and update the session id in state (to >> me again, just my humble opinion, not so important)... it is far more >> useful to use a session timer that times out after a few minutes of >> inactivity, it will automatically call a sign out but you can keep the >> users details in the server state until the browser closes, if they try >> to continue activity, then you ask them to sign in again and add their >> new session id back into your state object. When the browser closes a >> session listener cleans out the session so the users details are discarded. >> >> Again paranoid coding is not going to prevent social engineering, >> educating users might... by far the most effective strategy is to tell >> users to never give out their password, give them a support number and >> inform them about what the support personnel is and isn't allowed to ask >> them for. Lastly tell users exactly what type of email they will and >> won't receive from your organization. When they login to your site tell >> them they should ALWAYS check that the domain name appears correctly in >> the address bar. > > thank you very much for your advice, i will use it! > > John > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Apache2, Tomcat5.5, mod_jk and HTTP content-type
I'm trying to connect Apache2 with mod_jk to Tomcat5.5. Almost everything seems to work. However, if I have cookies disabled, Tomcat will rewrite all urls to include ;jsessionid=X (which is I want and expect). Unfortunately, it seems as though Apache2 insists on determining the content-type of the response based on the extension of the file requested. This means that: if i request "/myservlet/index.html" I get "Content-Type: text/html; charset=UTF-8" if i request "/myservlet/index.html;jsessionid=12341243123412341234" I get "Content-Type: text/plain; charset=UTF-8" Obviously, this is a problem. I looked through the apache docs and the mod_jk docs, but I didn't find a way to disable this behavior. I could possibly set the DefaultType directive to "text/html", but this would leave .gif/.jpg/.css/etc broken. I also didn't find much through google. Any pointers would be greatly appreciated. -Joe
Re: Tomcat and MySQL sync problems
Luiz Siqueira wrote: > Sorry about this message but I'm a little despaired. > > I create a JAR library with the business logic, I use Hibernate and > MySQL. Everything work fine but when I try use the JAR from a WebApp > using the bundled TomCat on NetBeans 5.5 I got an server error. I > believe that the problem is that the server don't know about Hibernate > and the MySQL drive. I don't know well Tomcat and need know what to > do, maybe some one can help me. When starting a new thread (ie sending a message to the list about a new topic) please do not reply to an existing message and change the subject line. To many of the list archiving services and mail clients used by list subscribers this makes your new message appear as part of the old thread. This makes it harder for other users to find relevant information when searching the lists. This is known as thread hijacking and is behaviour that is frowned upon on this list. Frequent offenders will be removed from the list. It should also be noted that many list subscribers automatically ignore any messages that hijack another thread. The correct procedure is to create a new message with a new subject. This will start a new thread. Mark tomcat-user-owner - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6.0.8 & JSF 1.2 RI
I found that with Tomcat 6.0.8, I didn't need to initialize the JspRuntimeContext, however my ELResolver is never actually hit. I placed print outs in the constructor and all the overridden methods of my ELResolver to determine if they were ever called. Only the constructor is ever called. The following code is in the listener. It runs, because I see the constructor print out. public void contextInitialized(ServletContextEvent servletContextEvent) { ServletContext servletContext = servletContextEvent.getServletContext(); JspFactory jspFactory = JspFactory.getDefaultFactory(); JspApplicationContext jspApplicationContext = jspFactory.getJspApplicationContext(servletContext); jspApplicationContext.addELResolver(new DCELResolver()); } When the pages are rendered, the getValue method and others are never called. I was certain to make sure no resolvers are in faces-confg.xml. Is there anything else that may cause the resolver stack to get recreated as the default, and thus losing my resolver? srowen wrote: > > I am seeing the same problem, via a different route. Check this out -- it > solves this specific problem for me: > > http://issues.apache.org/bugzilla/show_bug.cgi?id=39804 > > I made a simple listener which calls > Class.forName("org.apache.jasper.compiler.JspRuntimeContext"); first > > Sean > -- View this message in context: http://www.nabble.com/Tomcat-6.0.8---JSF-1.2-RI-tf3059080.html#a8699791 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTP PUT - HOW TO CONFIG?
-Original Message- From: Zhan, Jimmy [mailto:[EMAIL PROTECTED] Sent: Monday, January 29, 2007 3:20 PM To: Tomcat Users List Subject: RE: HTTP PUT - HOW TO CONFIG? Hi Robert, Thanks for your help. After I added that readonly into web.xml, I can put files into /webapps/incoming. Right now it is ok for me. Because user ONLY can put files under /webapps/incoming dir. Also, in this way, tomcat does not require userID and password. Now there are three questions: 1. How to config to force using userID and password? I add putusero1 into "tomcat-users.xml", it's useless. [Robert Harper] Look at the documents. You'll have to set up the security and determine what kind of authentication you want. This may be version dependent so I won't go into too much detail here. I am using 5.0 because that was the newest version when I developed my app and I don't see a big reason to change right now. 2. How to config another servlet to handle PUT in web.xml? PUT org.apache.jasper.servlet.??? 1 1 2 2 ? [Robert Harper] Create your servlet extending the HttpServlet and set the "servlet-class" value to the package_path.ClassName for your servlet. Use the "security-constraint" area in the web.xml file to set what you will and won't handle and other options. See the Tomcat documentation for your version on where and how to do this. PUT /MyPUT/PUT-Handler 3. How to turn on client request log in tomcat side? [Robert Harper] I used log() method inherited from HttpServlet to log my messages. I created a little wrapper method so I could easily force certain patterns to the messages. Where they land is in the logger specification in your web.xml configuration in the servlet's context. The easiest way to configure the logging directory, file names, and other settings is with the admin app. What version are you using? Thanks Jimmy -Original Message- From: Robert Harper [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 12:07 PM To: 'Tomcat Users List' Subject: RE: HTTP PUT - HOW TO CONFIG? The problem is that the default servlet is handling the request(s) unless you have some other servlet do it. By default, the doPut() will check to see if the readonly property has been changed to false. If it has not, default behavior, it will return the forbidden error. If you change this to false, then you loose control of security and anything sent via a PUT will be allowed. You may want this but it also leaves you open to easy attacks. If you are sure you want to do this, try adding the following to the default servlet's configuration in the web.xml file. Where this is could vary based on the version of Tomcat you are running. readonly false Most would prefer not to do this and would prefer to either write a filter or servlet to track the PUTs and have something to protect your system. You will not see anything in a log file because the default servlet does not write anything to the logs when it refuses the request. For Tomcat 5.0 the document to read on what the default servlet does and doesn't do would be found here. http://tomcat.apache.org/tomcat-5.0-doc/default-servlet.html Robert S. Harper Senior Engineer Information Access Technology, Inc. 1100 East 6600 South, Suite 300 Salt Lake City Utah USA 84121-7411 (801)265-8800 Ext. 255 FAX (801)265-8880 -Original Message- From: Zhan, Jimmy [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 10:48 AM To: Tomcat Users List Subject: RE: HTTP PUT - HOW TO CONFIG? Hi, I got some progress. I used a Python program to send a HTTP PUT request to my tomcat server. The Python allow my pick any local file to upload to tomcat server box. And I got response back from tomcat with error code 403(Forbidden). I'm thing, tomcat can handler the HTTP PUT, but need do something about config. Hope someone can help out of this config crabe. I have the client side log to look at, but I don't see any log in tomcat server side. Could anyone tell me how to turn on tomcat tracing log? I have 8 default log files there, but none tracing this test. They are: admin.2007-01-26.log, catalina.2007-01-26.log, host-manager.2007-01-26.log, jakarta_service_20070126.log, locahost.2007-01-26.log, manager.2007-01-26.log, stderr_20070126.log, stdout_20070126.log. Here is my test client side tracing: -- <> C:\Python25>Python QuickPut.py -v C:\Python25\put.txt http://localhost:8080/incomming/put_test1.txt myUserID myPasswd <>: Sending HEAD request to: http://localhost:8080/incomming/put_test1.txt Auth: {'uname': 'myUserID', 'pswd': 'myPassw
Re: session hijacking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, John Caron wrote: > We plan on using SSL to do the initial authentication, but then use > session ids without SSL for the data transfer. Okay, thanks for clarifying that. This is definitely a good thing to do, and it appears that session hijacking /will/ then be one of your only worries. >> Like AOL users, and some others going through proxies, etc. It's a >> relatively effective mechanism, and you might want to allow users to >> opt-in to this type of thing. You'll notice that some sites have a >> checkbox in the login form that says "Restrict my session to this >> computer", and when that's enabled, you do the IP verification. That >> allows AOL (or other) users to opt-out of the security mechanism. > > Hmm I didnt know that about "opt-out" security. We arent really doing > web sites, we are enabling data access by scientific programs. Oh, okay. So, you have something like an XML-based web service or something like that? You could offer a standard configuration for your customers (which uses IP checks) and then provide instructions to users for whom this poses a problem to disable this checking. Make the "configurability" of this feature part of the login request (i.e. add an optional parameter like verifyIPAddress=true|false) so that it cannot be changed after login to subvert your protection. >> This is likely to cause problems with the browser getting out of sync >> with the server. Also, I'm not sure if you can change the session id in >> TC, so you might not be able to do this without a bunch of hacking >> around in the TC session code. > > yeah, im thinking i prefer the IP check, since our users tend to not be > dialup. But Im wondering if i will have to "hack around" the tomcat code > to do IP checking. Not at all. You have a few options: 1. Write a filter, applied to all URLs, that checks for a session flag -- something like "verifyIPAddress" -- which is the IP address of the user who logged-in. If the IP for the request != login IP, then do something simple like sendError(FORBIDDEN) or whatever. This is probably the easiest thing to do. Of course, you will have to put this session attribute into the session at some point, which is somewhat problematic since if you use container-managed logins, you never know when the login takes place. Are you using container-managed logins? 2. You can replace the authenticator and authorization system with something else. I routinely recommend securityfilter, which is an Open Source project ans can be found at http://securityfilter.sourceforge.net. You can customize many parts of the login process, including what happens during and after login -- including something like setting a session attribute to turn on (or off) IP checking. You can also build IP checking into the additional code you write for authorization. Needless to say, this is more complex, but gives you greater control over the process. >> What are the implications of session hijacking for your service? Do you >> have any trade secrets or anything like that which are considered >> sensitive? What about potentially destructive modes of operation -- for >> instance, can a user delete or otherwise modify data? If you generally >> have read-only data, you might not need to worry too much about session >> hijacking. > > Its read-only, and no trade secrets or $$ involved. So im not convinced > we even need to worry about session hijacking, but i'd like to know what > are options are. I think that after your investigation, you may find that spending a lot of time preventing session hijacking is simply not worth it. >> I'm glad to see that someone is actually thinking about security issues >> instead of implementing something that sounds good. Nice job, John! > > thanks, but i havent done anything yet! Actually, that's the point: most people start "doing" before they have finished /thinking/. You are at least doing things in the proper order ;) Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFvnWN9CaO5/Lv0PARAvu5AJ9of7roniGwPAN4POlmdwkTcgM9jgCfak7R lbMJowQLBIjV/saklBw6gfo= =7AMj -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTP PUT - HOW TO CONFIG?
Hi Robert, Thanks for your help. After I added that readonly into web.xml, I can put files into /webapps/incoming. Right now it is ok for me. Because user ONLY can put files under /webapps/incoming dir. Also, in this way, tomcat does not require userID and password. Now there are three questions: 1. How to config to force using userID and password? I add putusero1 into "tomcat-users.xml", it's useless. 2. How to config another servlet to handle PUT in web.xml? PUT org.apache.jasper.servlet.??? 1 1 2 2 ? PUT /MyPUT/PUT-Handler 3. How to turn on client request log in tomcat side? Thanks Jimmy -Original Message- From: Robert Harper [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 12:07 PM To: 'Tomcat Users List' Subject: RE: HTTP PUT - HOW TO CONFIG? The problem is that the default servlet is handling the request(s) unless you have some other servlet do it. By default, the doPut() will check to see if the readonly property has been changed to false. If it has not, default behavior, it will return the forbidden error. If you change this to false, then you loose control of security and anything sent via a PUT will be allowed. You may want this but it also leaves you open to easy attacks. If you are sure you want to do this, try adding the following to the default servlet's configuration in the web.xml file. Where this is could vary based on the version of Tomcat you are running. readonly false Most would prefer not to do this and would prefer to either write a filter or servlet to track the PUTs and have something to protect your system. You will not see anything in a log file because the default servlet does not write anything to the logs when it refuses the request. For Tomcat 5.0 the document to read on what the default servlet does and doesn't do would be found here. http://tomcat.apache.org/tomcat-5.0-doc/default-servlet.html Robert S. Harper Senior Engineer Information Access Technology, Inc. 1100 East 6600 South, Suite 300 Salt Lake City Utah USA 84121-7411 (801)265-8800 Ext. 255 FAX (801)265-8880 -Original Message- From: Zhan, Jimmy [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 10:48 AM To: Tomcat Users List Subject: RE: HTTP PUT - HOW TO CONFIG? Hi, I got some progress. I used a Python program to send a HTTP PUT request to my tomcat server. The Python allow my pick any local file to upload to tomcat server box. And I got response back from tomcat with error code 403(Forbidden). I'm thing, tomcat can handler the HTTP PUT, but need do something about config. Hope someone can help out of this config crabe. I have the client side log to look at, but I don't see any log in tomcat server side. Could anyone tell me how to turn on tomcat tracing log? I have 8 default log files there, but none tracing this test. They are: admin.2007-01-26.log, catalina.2007-01-26.log, host-manager.2007-01-26.log, jakarta_service_20070126.log, locahost.2007-01-26.log, manager.2007-01-26.log, stderr_20070126.log, stdout_20070126.log. Here is my test client side tracing: -- <> C:\Python25>Python QuickPut.py -v C:\Python25\put.txt http://localhost:8080/incomming/put_test1.txt myUserID myPasswd <>: Sending HEAD request to: http://localhost:8080/incomming/put_test1.txt Auth: {'uname': 'myUserID', 'pswd': 'myPasswd'} HEAD response code: 404 Response headers: Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1024 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive HEAD response code: 404 Response headers: Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1024 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive PUTing to: http://localhost:8080/incomming/put_test1.txt Data: Content-Length: 29, Snippet: "This is a HTTP PUT test file." Getting reply... Got reply Done: 403: Forbidden Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 964 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 6.0.7: JspContext is null in ELContext
I set up the ELResolver stack as follows: javax.servlet.jsp.el.ImplicitObjectELResolver demo.resolver.DCELResolver javax.el.MapELResolver javax.el.ResourceBundleELResolver javax.el.ListELResolver javax.el.ArrayELResolver javax.el.BeanELResolver demo.resolver.DebugELResolver javax.servlet.jsp.el.ScopedAttributeELResolver However, when I get the JspContext from the ELContext it is null. PageContext pageContext = (PageContext) elContext.getContext(JspContext.class); System.out.println("Page Context: " + ((pageContext != null) ? pageContext.toString() : "null")); The above code in my demo resolver prints out null when a request is made. Why is the JspContext not setup? What do I need to do to set it up? -- View this message in context: http://www.nabble.com/Tomcat-6.0.7%3A-JspContext-is-null-in-ELContext-tf3138268.html#a8697547 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking again
Hi Peter: Peter Stavrinides wrote: Do you use Java? yes We are a financial institution, we use a Java Framework based on servlets with SSL, but if you ask my opinion SSL is not the big issue. The vast majority of hacked sites are social engineering attacks. Secure your database (do not store clear text passwords in the database) minimize access of staff, require strong passwords (8 characters and numbers). No strategy or amount of code is foolproof, although yes It is also worth the extra effort to make your application a bit smart, but it is better to focus your attention on preventing social engineering, because no matter how clever you make it if the passwords are easily guessed or users careless its all for nothing. Design your application like a container that reloads its body, that way you can implement security and logging application wide with minimal code. We secure our application like this: on login (after authentication) we store in state for the duration of that session, the users unique id and session id and for logging purposes the current IP. (no cookies etc are used at all, because cookies are stored on the client which is out of our control). doesnt the client have to return a jsessionid cookie? We perform a check for each new login to ensure at least the user id and session id does NOT exist in state before allowing the new login. We do not allow two concurrent logins with the same account. If you wish to implement session id switching you have to destroy the users old session and recreate it and update the session id in state (to me again, just my humble opinion, not so important)... it is far more useful to use a session timer that times out after a few minutes of inactivity, it will automatically call a sign out but you can keep the users details in the server state until the browser closes, if they try to continue activity, then you ask them to sign in again and add their new session id back into your state object. When the browser closes a session listener cleans out the session so the users details are discarded. Again paranoid coding is not going to prevent social engineering, educating users might... by far the most effective strategy is to tell users to never give out their password, give them a support number and inform them about what the support personnel is and isn't allowed to ask them for. Lastly tell users exactly what type of email they will and won't receive from your organization. When they login to your site tell them they should ALWAYS check that the domain name appears correctly in the address bar. thank you very much for your advice, i will use it! John - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking again
Hi Christopher: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, John Caron wrote: Our application is serving large amounts of scientific data over HTTP. The user needs to login to access the data. We would like to use session ids to reduce the login overhead. We cant afford the overhead of HTTPS encryption of teh data (3 times slower ?). I think that SSL is much slower than that. Usually, special hardware is required to make SSL perform well enough to handle heavy traffic. A recent paper estimated 3-9X slower, but for my problem (large binary file transfer) Im guessing 2-3X for fast CPUs. That paper, BTW, suggests that faster general CPUs are the way to go vs specialized hardware. Performance Analysis of TLS Web Servers CRISTIAN COARFA, PETER DRUSCHEL, and DAN S. WALLACH, Rice University ACM Transactions on Computer Systems, Vol. 24, No. 1, February 2006. We realize this makes us vulnerable to session hijacking. Still, we arent transferring financial information, so tentatively we think its a reasonable risk. Just make sure that your users don't use the same username and password they use for their online banking. Seriously. That's the worst part of all these websites these days that don't use SSL: it's not that the passwords go in the clear (what do I care if someone hacks into my NewYorkTimes.com account?), but that most people use the same credentials for everything, because it's easy. You might want to put a warning about that on your site. We plan on using SSL to do the initial authentication, but then use session ids without SSL for the data transfer. # Some services make secondary checks against the identity of the user. For example, a web server could check with each request made that the IP address of the user matched the one last used during that session. This does not prevent attacks by somebody who shares the same IP address, however, and could be frustrating for users who's IP address is liable to change during a browsing session. Like AOL users, and some others going through proxies, etc. It's a relatively effective mechanism, and you might want to allow users to opt-in to this type of thing. You'll notice that some sites have a checkbox in the login form that says "Restrict my session to this computer", and when that's enabled, you do the IP verification. That allows AOL (or other) users to opt-out of the security mechanism. Hmm I didnt know that about "opt-out" security. We arent really doing web sites, we are enabling data access by scientific programs. # Alternatively, some services will change the value of the cookie with each and every request. This dramatically reduces the window in which an attacker can operate and makes it easy to identify whether an attack has taken place, but can cause other technical problems (for example, preventing the back button from working properly, on the web). This is likely to cause problems with the browser getting out of sync with the server. Also, I'm not sure if you can change the session id in TC, so you might not be able to do this without a bunch of hacking around in the TC session code. yeah, im thinking i prefer the IP check, since our users tend to not be dialup. But Im wondering if i will have to "hack around" the tomcat code to do IP checking. I would like to implement one or both of these in Tomcat: 1) IP checking and 2) session id switching. I guess others have thought about this. Does anyone have any advice or pointers (or code!) to get started. What are the implications of session hijacking for your service? Do you have any trade secrets or anything like that which are considered sensitive? What about potentially destructive modes of operation -- for instance, can a user delete or otherwise modify data? If you generally have read-only data, you might not need to worry too much about session hijacking. Its read-only, and no trade secrets or $$ involved. So im not convinced we even need to worry about session hijacking, but i'd like to know what are options are. One other thing you should probably do is reduce the session timeout from the default of 30 minutes to maybe 5 minutes. You'll close the window a little more for anyone who is snooping. good idea, thanks. Another method that you didn't mention (but that the Wikipedia entry does mention) is the use of very long session ids. This reduces guessability of the session id, so someone is very unlikely to, through dumb luck, guess a currently valid session id. Newer Tomcat versions (not sure which) allow you to specify the number of characters in the session id. The default is 16, but I'd imagine that you can go up to some crazy number like 4096 or something. I don't recommend 4096-character session ids ;) Without SSL, though, remember that anyone who is capable of hijacking the session is probably also capable of sniffing your users' credentials. What are the implications of that? If it is
Re: datasource-realm troubles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver, Walter, Oliver (BR/ICI3) wrote: > In META-INF/Context.xml i defined a datasource: > > and in web.xml a resource reference: > > [snip] > With hibernate everything works fine, no problems, but if i define a > datasource realm in Context.xml > > defined in context.xml, you must use a JNDI DataSource defined in , not one that has been 'd into your webapp: http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html Since you /are/ defining your in your context.xml file, I don't think you need the . It may be confusing things. (??) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFvjJg9CaO5/Lv0PARAtg+AKCuupNMHcG674pWY3Un4vic1X4W9ACgkKbT BkHHXRVFMmI6U3mQqtBcbEE= =t8Sv -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and MySQL sync problems
Not sure if it is the same problem, but we had similar issue and resolved it by increasing value of wait_timeout in /etc/my.cnf: wait_timeout=2147483647 I am not sure if the issue we were seeing was tied wth Tomcat or not though. Martin On 1/29/07, Chris Long <[EMAIL PROTECTED]> wrote: Hello, I'm having a problem where it seems Tomcat and MySQL go out of sync and I am no longer able to connect to the MySQL database. The only way I've found to be able to reconnect to my database is to restart Tomcat. This generally seems to happen some time over the course of the night and I notice the problem when I check on things in the morning, but it doesn't seem to happen every time. Does anyone have any idea what may be causing this and how to fix it? Here is a list of what I'm using: Tomcat 5.5.17 MySQL 14.12 Hibernate 3.2 mysql-connector-java-5.0.4 JAVA 1.5 Windows XP Pro [Jan 29 2007 (Mon)9:30:56 EST] ERROR [http--Processor20]( org.hibernate.util.JDBCExceptionReporter) - No operations allowed after connection closed.Connection was implicitly closed due to underlying exception/error: ** BEGIN NESTED EXCEPTION ** com.mysql.jdbc.CommunicationsException MESSAGE: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.net.SocketException MESSAGE: Software caused connection abort: socket write error STACKTRACE: java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java :65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:2637) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1554) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665) at com.mysql.jdbc.Connection.execSQL(Connection.java:3176) at com.mysql.jdbc.PreparedStatement.executeInternal( PreparedStatement.java:1153) at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java :1266) at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java :186) at org.hibernate.loader.Loader.getResultSet(Loader.java:1778) at org.hibernate.loader.Loader.doQuery(Loader.java:662) at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections( Loader.java:224) at org.hibernate.loader.Loader.doList(Loader.java:2211) at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095) at org.hibernate.loader.Loader.list(Loader.java:2090) at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:388) at org.hibernate.hql.ast.QueryTranslatorImpl.list( QueryTranslatorImpl.java:338) at org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java :172) at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1121) at org.hibernate.impl.QueryImpl.list(QueryImpl.java:79) at org.hibernate.impl.AbstractQueryImpl.uniqueResult( AbstractQueryImpl.java:804) at com.tne.nres.projectTracker.ProjectTrackerServlet.validateUser(Unknown Source) at com.tne.nres.projectTracker.ProjectTrackerServlet.doPost(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection (Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) ** END NESTED EXCEPTION ** Last packet sent to the server was 16 ms ago. STACKTRACE: com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.net.SocketException MESSAGE:
Re: TCP Connection Aborted problems
We'll repeat the stresstest with subsequent threaddump tomorrow morning. However, I just experienced the same TCP Connections aborted scenario on another test server running the same web service ('/demo-e/servlet'), and I managed to get a threaddump from there: [2007-01-29 17:21:07] [info] Console CTRL+BREAK event signaled [2007-01-29 17:21:07] [info] Full thread dump Java HotSpot(TM) Client VM (1.5.0_09-b03 mixed mode, sharing): [2007-01-29 17:21:07] [info] [2007-01-29 17:21:07] [info] "ajp-8009-3" [2007-01-29 17:21:07] [info] daemon [2007-01-29 17:21:07] [info] prio=6 tid=0x03943448 [2007-01-29 17:21:07] [info] nid=0xeb4 [2007-01-29 17:21:07] [info] in Object.wait() [2007-01-29 17:21:07] [info] [0x0448f000..0x0448fb6c] [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Native Method) [2007-01-29 17:21:07] [info]- waiting on <0x0965eb60> (a org.apache.tomcat.util.net.AprEndpoint$Worker) [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Unknown Source) [2007-01-29 17:21:07] [info]at org.apache.tomcat.util.net.AprEndpoint$Worker.await(AprEndpoint.java:1255) [2007-01-29 17:21:07] [info]- locked <0x0965eb60> (a org.apache.tomcat.util.net.AprEndpoint$Worker) [2007-01-29 17:21:07] [info]at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1280) [2007-01-29 17:21:07] [info]at java.lang.Thread.run(Unknown Source) [2007-01-29 17:21:07] [info] [2007-01-29 17:21:07] [info] "ajp-8009-2" [2007-01-29 17:21:07] [info] daemon [2007-01-29 17:21:07] [info] prio=6 tid=0x0309d090 [2007-01-29 17:21:07] [info] nid=0x11b0 [2007-01-29 17:21:07] [info] in Object.wait() [2007-01-29 17:21:07] [info] [0x043ef000..0x043efcec] [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Native Method) [2007-01-29 17:21:07] [info]- waiting on <0x0954b1b8> (a org.apache.tomcat.util.net.AprEndpoint$Worker) [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Unknown Source) [2007-01-29 17:21:07] [info]at org.apache.tomcat.util.net.AprEndpoint$Worker.await(AprEndpoint.java:1255) [2007-01-29 17:21:07] [info]- locked <0x0954b1b8> (a org.apache.tomcat.util.net.AprEndpoint$Worker) [2007-01-29 17:21:07] [info]at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1280) [2007-01-29 17:21:07] [info]at java.lang.Thread.run(Unknown Source) [2007-01-29 17:21:07] [info] [2007-01-29 17:21:07] [info] "ajp-8009-Poller-7" [2007-01-29 17:21:07] [info] daemon [2007-01-29 17:21:07] [info] prio=6 tid=0x0393dcf0 [2007-01-29 17:21:07] [info] nid=0x17e8 [2007-01-29 17:21:07] [info] in Object.wait() [2007-01-29 17:21:07] [info] [0x043af000..0x043afd6c] [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Native Method) [2007-01-29 17:21:07] [info]- waiting on <0x0954b238> (a org.apache.tomcat.util.net.AprEndpoint$Poller) [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Unknown Source) [2007-01-29 17:21:07] [info]at org.apache.tomcat.util.net.AprEndpoint$Poller.run(AprEndpoint.java:1127) [2007-01-29 17:21:07] [info]- locked <0x0954b238> (a org.apache.tomcat.util.net.AprEndpoint$Poller) [2007-01-29 17:21:07] [info]at java.lang.Thread.run(Unknown Source) [2007-01-29 17:21:07] [info] [2007-01-29 17:21:07] [info] "ajp-8009-Poller-6" [2007-01-29 17:21:07] [info] daemon [2007-01-29 17:21:07] [info] prio=6 tid=0x0391d030 [2007-01-29 17:21:07] [info] nid=0x1150 [2007-01-29 17:21:07] [info] in Object.wait() [2007-01-29 17:21:07] [info] [0x0436f000..0x0436f9ec] [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Native Method) [2007-01-29 17:21:07] [info]- waiting on <0x0954b2c8> (a org.apache.tomcat.util.net.AprEndpoint$Poller) [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Unknown Source) [2007-01-29 17:21:07] [info]at org.apache.tomcat.util.net.AprEndpoint$Poller.run(AprEndpoint.java:1127) [2007-01-29 17:21:07] [info]- locked <0x0954b2c8> (a org.apache.tomcat.util.net.AprEndpoint$Poller) [2007-01-29 17:21:07] [info]at java.lang.Thread.run(Unknown Source) [2007-01-29 17:21:07] [info] [2007-01-29 17:21:07] [info] "ajp-8009-Poller-5" [2007-01-29 17:21:07] [info] daemon [2007-01-29 17:21:07] [info] prio=6 tid=0x038fc370 [2007-01-29 17:21:07] [info] nid=0x114c [2007-01-29 17:21:07] [info] in Object.wait() [2007-01-29 17:21:07] [info] [0x0432f000..0x0432fa6c] [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Native Method) [2007-01-29 17:21:07] [info]- waiting on <0x0954b358> (a org.apache.tomcat.util.net.AprEndpoint$Poller) [2007-01-29 17:21:07] [info]at java.lang.Object.wait(Unknown Source) [2007-01-29 17:21:07] [info]at org.apache.tomcat.util.net.AprEndpoint$Poller.run(AprEndpoint.java:1127) [2007-01-29 17:21:07] [info]- locked <0x0954b358> (a org.apache.tomcat.util.net.AprEndpoint$Poller) [2007-01-29 17:21:07] [info]at java.lang.Thread.run(Unknown Source) [2007-01-29 17:21:07] [info] [2007-01-29 17:21:07] [info] "ajp-8009-Poller-4" [2007-01-29 17:21:07] [info] daemon [
Re: How do I increase performance on Tomcat?
On 1/29/07, Nelson, Tracy M. <[EMAIL PROTECTED]> wrote: | From: Gaurav Kushwaha [mailto:[EMAIL PROTECTED] | Sent: Monday, 29 January, 2007 06:11 | | I have an application that has been working fine for last half an year | or so. Recently the load has started increasing and the time it takes to | serve a request is going up significantly. When I look at the resource | utilization(memory and CPU), it hardly shows an increase. Garbage | collection | is also not the culprit. What might be causing this performance hit ? The first step is to measure the different components of your app to see where the degradation is. Is it an external resource (database, message server, etc.)? Is it internal? Where is the app spending all its time? If you can, get a performance analysis tool like JProbe. Otherwise, maybe you could instrument your code with simple timestamping of method entry/exit points. The first step to solving performance problems is always finding out where the performance is going... JProbe is hardely useable for production servers. Try to use something lightweightier. regards Leon - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: datasource-realm troubles
Hello David, thanks for the reply. We are talking about your 2. description. The file is named "context.xml" and it is stored in the war`s META-INF directory. The full error output is: 106627 [http-8080-Processor24] DEBUG com.jmangos.beans.LoginBean - Validating given password. 106627 [http-8080-Processor24] DEBUG com.jmangos.persistance.hibernate.AccountDAO - finding Account instance with property: username, value: test7 106827 [http-8080-Processor24] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/jmangos] - Exception performing authentication javax.naming.NameNotFoundException: Name jdbc is not bound in this Context at org.apache.naming.NamingContext.lookup(NamingContext.java:769) at org.apache.naming.NamingContext.lookup(NamingContext.java:152) at org.apache.catalina.realm.DataSourceRealm.open(DataSourceRealm.java:401) at org.apache.catalina.realm.DataSourceRealm.authenticate(DataSourceRealm.java:282) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) As you can see in the second line: 106627 [http-8080-Processor24] DEBUG com.jmangos.persistance.hibernate.AccountDAO - finding Account instance with property: username, value: test7 Hibernate is working well using the same datasource. My full context.xml is: regards Oliver > -Ursprüngliche Nachricht- > Von: David Smith [mailto:[EMAIL PROTECTED] > Gesendet: Montag, 29. Januar 2007 17:11 > An: Tomcat Users List > Betreff: Re: datasource-realm troubles > > I would guess from the outset that your "Context.xml" file isn't being > used. Where are your putting it and what are you naming it? > What's the > name of your webapp when deployed? > > Quick checks: > > 1. It has to be named to match your webapp if your are storing it in > Catalina/localhost and deploying an expanded webapp. If the webapp is > named fubar, then the file should be named fubar.xml. > > 2. If deploying a .war file, it has to be named context.xml > (note: case > is important) and stored in the war files META-INF directory. > > > --David > > Walter, Oliver (BR/ICI3) wrote: > > >Hello, > > > >i have some trouble using a datasource realm in tomcat 5.5.20, jdk > >1.5.0_09. > > > >In META-INF/Context.xml i defined a datasource: > > > > > type="javax.sql.DataSource" maxActive="10" maxIdle="2" > >maxWait="1" > > username="" password="" > > driverClassName="com.mysql.jdbc.Driver" > > > >url="jdbc:mysql://localhost:3306/realmd?autoReconnect=true" /> > > > >and in web.xml a resource reference: > > > > > > DB Connection > > jdbc/mangos > > javax.sql.DataSource > > Container > > > > > >With hibernate everything works fine, no problems, but if i define a > >datasource realm in Context.xml > > > > debug="4" > > dataSourceName="jdbc/mangos" > > userTable=... /> > > > >it can`t find the resource name: > > > >javax.naming.NameNotFoundException: Name jdbc is not bound in this > >Context > > at > >org.apache.naming.NamingContext.lookup(NamingContext.java:769) > > at > >org.apache.naming.NamingContext.lookup(NamingContext.java:152) > > at > >org.apache.catalina.realm.DataSourceRealm.open(DataSourceReal > m.java:401) > > at > >org.apache.catalina.realm.DataSourceRealm.authenticate(DataSo > urceRealm.j > >ava:282) > > ... > > > >I tried already the following namings, jdbc/mangos, > >java:comp/env/jdbc/mangos, mangos, java:/comp/env/jdbc/mangos > >with no luck. > > > >I can workaround this issue, when defining the resource in server.xml > > > >and create a >type="javax.sql.DataSource" /> > >in Context.xml, but i would prefer, doing Realm and Datasource > >definition together in Context.xml. > > > > > >The second issue i run into is programming my webapp against > the realm > >interface. I want to built > >up
RE: How do I increase performance on Tomcat?
| From: Gaurav Kushwaha [mailto:[EMAIL PROTECTED] | Sent: Monday, 29 January, 2007 06:11 | | I have an application that has been working fine for last half an year | or so. Recently the load has started increasing and the time it takes to | serve a request is going up significantly. When I look at the resource | utilization(memory and CPU), it hardly shows an increase. Garbage | collection | is also not the culprit. What might be causing this performance hit ? The first step is to measure the different components of your app to see where the degradation is. Is it an external resource (database, message server, etc.)? Is it internal? Where is the app spending all its time? If you can, get a performance analysis tool like JProbe. Otherwise, maybe you could instrument your code with simple timestamping of method entry/exit points. The first step to solving performance problems is always finding out where the performance is going... - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: datasource-realm troubles
I would guess from the outset that your "Context.xml" file isn't being used. Where are your putting it and what are you naming it? What's the name of your webapp when deployed? Quick checks: 1. It has to be named to match your webapp if your are storing it in Catalina/localhost and deploying an expanded webapp. If the webapp is named fubar, then the file should be named fubar.xml. 2. If deploying a .war file, it has to be named context.xml (note: case is important) and stored in the war files META-INF directory. --David Walter, Oliver (BR/ICI3) wrote: >Hello, > >i have some trouble using a datasource realm in tomcat 5.5.20, jdk >1.5.0_09. > >In META-INF/Context.xml i defined a datasource: > > type="javax.sql.DataSource" maxActive="10" maxIdle="2" >maxWait="1" > username="" password="" > driverClassName="com.mysql.jdbc.Driver" > >url="jdbc:mysql://localhost:3306/realmd?autoReconnect=true" /> > >and in web.xml a resource reference: > > > DB Connection > jdbc/mangos > javax.sql.DataSource > Container > > >With hibernate everything works fine, no problems, but if i define a >datasource realm in Context.xml > > dataSourceName="jdbc/mangos" > userTable=... /> > >it can`t find the resource name: > >javax.naming.NameNotFoundException: Name jdbc is not bound in this >Context > at >org.apache.naming.NamingContext.lookup(NamingContext.java:769) > at >org.apache.naming.NamingContext.lookup(NamingContext.java:152) > at >org.apache.catalina.realm.DataSourceRealm.open(DataSourceRealm.java:401) > at >org.apache.catalina.realm.DataSourceRealm.authenticate(DataSourceRealm.j >ava:282) > ... > >I tried already the following namings, jdbc/mangos, >java:comp/env/jdbc/mangos, mangos, java:/comp/env/jdbc/mangos >with no luck. > >I can workaround this issue, when defining the resource in server.xml > >and create a type="javax.sql.DataSource" /> >in Context.xml, but i would prefer, doing Realm and Datasource >definition together in Context.xml. > > >The second issue i run into is programming my webapp against the realm >interface. I want to built >up the Navigation Panel dynamically based on the users asigned roles, >but when i try to access >GenericPrincipal i get "java.lang.NoClassDefFoundError: >org/apache/catalina/realm/GenericPrincipal". > >I also can workaround this issue by copying the catalina into my >webapp`s classpath (WEB-INF/lib/), >but i`m pretty this is not correct. > >I would be appreciate for any help. > >Regards Oliver > > > > > >- >To start a new topic, e-mail: users@tomcat.apache.org >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and MySQL sync problems
Sorry about this message but I'm a little despaired. I create a JAR library with the business logic, I use Hibernate and MySQL. Everything work fine but when I try use the JAR from a WebApp using the bundled TomCat on NetBeans 5.5 I got an server error. I believe that the problem is that the server don't know about Hibernate and the MySQL drive. I don't know well Tomcat and need know what to do, maybe some one can help me. 2007/1/29, David Smith <[EMAIL PROTECTED]>: It appears your code is holding on to a connection to the database. Bad design practice. Review your code for any place that might keep hold of a connection between requests and make sure the connection is closed. Also, If you haven't done so yet, use a database connection pool. If using tomcat's built-in one, set testOnBorrow to "true" and set validationQuery to something simple like "select 1". The idea being that the connections will be validated just before they are borrowed and used, closed and recreated if they fail. Lastly, please avoid autoReconnect=true in the connection url as the first query will still error out. There is documentation on mysql's site recommending this option not be used. --David Scott Purcell wrote: >If I remember correctly, MySQL basically disconnects and shutdowns after >a certain amount of time. I remember doing something with a >"reload="true" in the datasource to prevent this. > >Hopefully someone else may clue you in better, but you may want to check >the datasource props and see if this is valid. > > >Scott > >-Original Message- >From: Chris Long [mailto:[EMAIL PROTECTED] >Sent: Monday, January 29, 2007 8:54 AM >To: users@tomcat.apache.org >Subject: Tomcat and MySQL sync problems > >Hello, > >I'm having a problem where it seems Tomcat and MySQL go out of sync and >I am >no longer able to connect to the MySQL database. The only way I've >found to >be able to reconnect to my database is to restart Tomcat. This >generally >seems to happen some time over the course of the night and I notice the >problem when I check on things in the morning, but it doesn't seem to >happen >every time. > >Does anyone have any idea what may be causing this and how to fix it? > >Here is a list of what I'm using: > >Tomcat 5.5.17 >MySQL 14.12 >Hibernate 3.2 >mysql-connector-java-5.0.4 >JAVA 1.5 >Windows XP Pro > > >[Jan 29 2007 (Mon)9:30:56 EST] ERROR [http--Processor20]( >org.hibernate.util.JDBCExceptionReporter) - No operations allowed after >connection closed.Connection was implicitly closed due to underlying >exception/error: > > >** BEGIN NESTED EXCEPTION ** > >com.mysql.jdbc.CommunicationsException >MESSAGE: Communications link failure due to underlying exception: > >** BEGIN NESTED EXCEPTION ** > >java.net.SocketException >MESSAGE: Software caused connection abort: socket write error > >STACKTRACE: > >java.net.SocketException: Software caused connection abort: socket write >error >at java.net.SocketOutputStream.socketWrite0(Native Method) >at >java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) >at java.net.SocketOutputStream.write(SocketOutputStream.java:136) >at >java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java >:65) >at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) >at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:2637) >at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1554) >at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665) >at com.mysql.jdbc.Connection.execSQL(Connection.java:3176) >at com.mysql.jdbc.PreparedStatement.executeInternal( >PreparedStatement.java:1153) >at >com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java >:1266) >at >org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java >:186) >at org.hibernate.loader.Loader.getResultSet(Loader.java:1778) >at org.hibernate.loader.Loader.doQuery(Loader.java:662) >at >org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections( >Loader.java:224) >at org.hibernate.loader.Loader.doList(Loader.java:2211) >at >org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095) >at org.hibernate.loader.Loader.list(Loader.java:2090) >at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:388) >at org.hibernate.hql.ast.QueryTranslatorImpl.list( >QueryTranslatorImpl.java:338) >at >org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java >:172) >at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1121) >at org.hibernate.impl.QueryImpl.list(QueryImpl.java:79) >at org.hibernate.impl.AbstractQueryImpl.uniqueResult( >AbstractQueryImpl.java:804) >at >com.tne.nres.projectTracker.ProjectTrackerServlet.validateUser(Unknown >Source) >at com.tne.nres.projectTracker.ProjectTrackerServlet.doPost(Unknown >Source) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:80
Re: Tomcat and MySQL sync problems
It appears your code is holding on to a connection to the database. Bad design practice. Review your code for any place that might keep hold of a connection between requests and make sure the connection is closed. Also, If you haven't done so yet, use a database connection pool. If using tomcat's built-in one, set testOnBorrow to "true" and set validationQuery to something simple like "select 1". The idea being that the connections will be validated just before they are borrowed and used, closed and recreated if they fail. Lastly, please avoid autoReconnect=true in the connection url as the first query will still error out. There is documentation on mysql's site recommending this option not be used. --David Scott Purcell wrote: >If I remember correctly, MySQL basically disconnects and shutdowns after >a certain amount of time. I remember doing something with a >"reload="true" in the datasource to prevent this. > >Hopefully someone else may clue you in better, but you may want to check >the datasource props and see if this is valid. > > >Scott > >-Original Message- >From: Chris Long [mailto:[EMAIL PROTECTED] >Sent: Monday, January 29, 2007 8:54 AM >To: users@tomcat.apache.org >Subject: Tomcat and MySQL sync problems > >Hello, > >I'm having a problem where it seems Tomcat and MySQL go out of sync and >I am >no longer able to connect to the MySQL database. The only way I've >found to >be able to reconnect to my database is to restart Tomcat. This >generally >seems to happen some time over the course of the night and I notice the >problem when I check on things in the morning, but it doesn't seem to >happen >every time. > >Does anyone have any idea what may be causing this and how to fix it? > >Here is a list of what I'm using: > >Tomcat 5.5.17 >MySQL 14.12 >Hibernate 3.2 >mysql-connector-java-5.0.4 >JAVA 1.5 >Windows XP Pro > > >[Jan 29 2007 (Mon)9:30:56 EST] ERROR [http--Processor20]( >org.hibernate.util.JDBCExceptionReporter) - No operations allowed after >connection closed.Connection was implicitly closed due to underlying >exception/error: > > >** BEGIN NESTED EXCEPTION ** > >com.mysql.jdbc.CommunicationsException >MESSAGE: Communications link failure due to underlying exception: > >** BEGIN NESTED EXCEPTION ** > >java.net.SocketException >MESSAGE: Software caused connection abort: socket write error > >STACKTRACE: > >java.net.SocketException: Software caused connection abort: socket write >error >at java.net.SocketOutputStream.socketWrite0(Native Method) >at >java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) >at java.net.SocketOutputStream.write(SocketOutputStream.java:136) >at >java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java >:65) >at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) >at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:2637) >at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1554) >at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665) >at com.mysql.jdbc.Connection.execSQL(Connection.java:3176) >at com.mysql.jdbc.PreparedStatement.executeInternal( >PreparedStatement.java:1153) >at >com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java >:1266) >at >org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java >:186) >at org.hibernate.loader.Loader.getResultSet(Loader.java:1778) >at org.hibernate.loader.Loader.doQuery(Loader.java:662) >at >org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections( >Loader.java:224) >at org.hibernate.loader.Loader.doList(Loader.java:2211) >at >org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095) >at org.hibernate.loader.Loader.list(Loader.java:2090) >at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:388) >at org.hibernate.hql.ast.QueryTranslatorImpl.list( >QueryTranslatorImpl.java:338) >at >org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java >:172) >at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1121) >at org.hibernate.impl.QueryImpl.list(QueryImpl.java:79) >at org.hibernate.impl.AbstractQueryImpl.uniqueResult( >AbstractQueryImpl.java:804) >at >com.tne.nres.projectTracker.ProjectTrackerServlet.validateUser(Unknown >Source) >at com.tne.nres.projectTracker.ProjectTrackerServlet.doPost(Unknown >Source) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >ApplicationFilterChain.java:252) >at org.apache.catalina.core.ApplicationFilterChain.doFilter( >ApplicationFilterChain.java:173) >at org.apache.catalina.core.StandardWrapperValve.invoke( >StandardWrapperValve.java:213) >at org.apache.catalina.core.StandardContextValve.invoke( >StandardContextValve.java:178) >at org.apache.catalina.core.StandardHostValve.invoke( >StandardHostVa
datasource-realm troubles
Hello, i have some trouble using a datasource realm in tomcat 5.5.20, jdk 1.5.0_09. In META-INF/Context.xml i defined a datasource: and in web.xml a resource reference: DB Connection jdbc/mangos javax.sql.DataSource Container With hibernate everything works fine, no problems, but if i define a datasource realm in Context.xml it can`t find the resource name: javax.naming.NameNotFoundException: Name jdbc is not bound in this Context at org.apache.naming.NamingContext.lookup(NamingContext.java:769) at org.apache.naming.NamingContext.lookup(NamingContext.java:152) at org.apache.catalina.realm.DataSourceRealm.open(DataSourceRealm.java:401) at org.apache.catalina.realm.DataSourceRealm.authenticate(DataSourceRealm.j ava:282) ... I tried already the following namings, jdbc/mangos, java:comp/env/jdbc/mangos, mangos, java:/comp/env/jdbc/mangos with no luck. I can workaround this issue, when defining the resource in server.xml and create a in Context.xml, but i would prefer, doing Realm and Datasource definition together in Context.xml. The second issue i run into is programming my webapp against the realm interface. I want to built up the Navigation Panel dynamically based on the users asigned roles, but when i try to access GenericPrincipal i get "java.lang.NoClassDefFoundError: org/apache/catalina/realm/GenericPrincipal". I also can workaround this issue by copying the catalina into my webapp`s classpath (WEB-INF/lib/), but i`m pretty this is not correct. I would be appreciate for any help. Regards Oliver - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can servlets safely spawn threads?
If you are spawning threads from your servlet, make sure that they are cleaned up when the servlet is destroyed. Otherwise, you will have a thread leak. I have ran into this problem when the webapp is reloaded without restarting the server. Each leaked thread has a reference to its classloader, preventing that classloader from being garbage collected. Reload enough time will run the perm space out of memory. Bill On 1/29/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Danny, David Delbecq wrote: > 1) Your servlet must always take care to finish all Threads it has > spawned. This mean when servlet gets unloaded, you must have provided a > mecanism in your servlet to stop all running threads your servlet has > created. Remaining Threads not handled by container can either cause > tomcat to not stop when requested or prevent garbage collecting of > webapp when reloading. Consider using an existing thread pool component. It should have a graceful shutdown capability already built into it. David is right: you have to make sure to shut it down when appropriate. > In general, try to avoid spawning your own thread. I agree, which is why I recommend using a thread pool. Yes, you are still technically spawning your own threads (the container will not do it for you), but the point is that you will not be spawning a thread for each request. Set up your thread pool to have a "reasonable" number of threads for your application. You do not want to have loads of users submit jobs that will each spawn a new thread. If you run out of threads in the thread pool, you simply tell the user to come back later. Management of this type of resource is essential to maintaining a stable and useful system. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFvgK+9CaO5/Lv0PARAoIFAJ45DgOyFV9qxS2e+Qt9uHNTtkWpywCdHbnq pltJVjDsmhZMg0143155k7M= =pbEp -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6.0.8 & JSF 1.2 RI
I found the reason a few days ago: I overlooked that I had the jsp lib in 2 different locations, so they were loaded in different classloaders. Thanks to all replies. martind wrote: > > I am able to use JSF 1.2_03 RI inside Tomcat 6.0.8. Ensure you have > the JSTL 1.2 also loaded. > > Martin > > On 1/22/07, Zaphod <[EMAIL PROTECTED]> wrote: >> >> I try to use the JSF 1.2_03 RI with Tomcat 6.0.8. >> >> I get a NullPointerException: >> Servlet.service() for servlet jsp threw exception >> java.lang.NullPointerException >> at org.apache.jsp.VDVRequest_jsp._jspInit(VDVRequest_jsp.java:25) >> at >> org.apache.jasper.runtime.HttpJspBase.init(HttpJspBase.java:80) >> at >> org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:157) >> at >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:320) >> at >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) >> at >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) >> at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >> at >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) >> at >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) >> at java.lang.Thread.run(Unknown Source) >> >> >> in VDVRequest_jsp.java: >> public void _jspInit() { >> _005fjspx_005ftagPool_005ff_005fview = >> org.apache.jasper.runtime.TagHandlerPool.getTagHandlerPool(getServletConfig()); >> _005fjspx_005ftagPool_005fh_005foutputText_005fvalue_005fnobody = >> org.apache.jasper.runtime.TagHandlerPool.getTagHandlerPool(getServletConfig()); >> [here is line no. 25:] >> _el_expressionfactory = >> JspFactory.getDefaultFactory().getJspApplicationContext(getServletConfig().getServletContext()).getExpressionFactory(); >> _jsp_annotationprocessor = (org.apache.AnnotationProcessor) >> getServletConfig().getServletContext().getAttribute(org.apache.AnnotationProcessor.class.getName()); >> } >> >> I suppose JspFactory.getDefaultFactory() is null. >> But why? >> I suppose it is a configuration problem or a tomcat bug. >> >> I have the jsf-api, jsf-impl and jstl JARs in my lib folder and I >> switched >> verfication off. >> >> Is there any workaround to initialize the JspFactory? >> > > > > -- View this message in context: http://www.nabble.com/Tomcat-6.0.8---JSF-1.2-RI-tf3059080.html#a8691266 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and MySQL sync problems
If I remember correctly, MySQL basically disconnects and shutdowns after a certain amount of time. I remember doing something with a "reload="true" in the datasource to prevent this. Hopefully someone else may clue you in better, but you may want to check the datasource props and see if this is valid. Scott -Original Message- From: Chris Long [mailto:[EMAIL PROTECTED] Sent: Monday, January 29, 2007 8:54 AM To: users@tomcat.apache.org Subject: Tomcat and MySQL sync problems Hello, I'm having a problem where it seems Tomcat and MySQL go out of sync and I am no longer able to connect to the MySQL database. The only way I've found to be able to reconnect to my database is to restart Tomcat. This generally seems to happen some time over the course of the night and I notice the problem when I check on things in the morning, but it doesn't seem to happen every time. Does anyone have any idea what may be causing this and how to fix it? Here is a list of what I'm using: Tomcat 5.5.17 MySQL 14.12 Hibernate 3.2 mysql-connector-java-5.0.4 JAVA 1.5 Windows XP Pro [Jan 29 2007 (Mon)9:30:56 EST] ERROR [http--Processor20]( org.hibernate.util.JDBCExceptionReporter) - No operations allowed after connection closed.Connection was implicitly closed due to underlying exception/error: ** BEGIN NESTED EXCEPTION ** com.mysql.jdbc.CommunicationsException MESSAGE: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.net.SocketException MESSAGE: Software caused connection abort: socket write error STACKTRACE: java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java :65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:2637) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1554) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665) at com.mysql.jdbc.Connection.execSQL(Connection.java:3176) at com.mysql.jdbc.PreparedStatement.executeInternal( PreparedStatement.java:1153) at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java :1266) at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java :186) at org.hibernate.loader.Loader.getResultSet(Loader.java:1778) at org.hibernate.loader.Loader.doQuery(Loader.java:662) at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections( Loader.java:224) at org.hibernate.loader.Loader.doList(Loader.java:2211) at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095) at org.hibernate.loader.Loader.list(Loader.java:2090) at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:388) at org.hibernate.hql.ast.QueryTranslatorImpl.list( QueryTranslatorImpl.java:338) at org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java :172) at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1121) at org.hibernate.impl.QueryImpl.list(QueryImpl.java:79) at org.hibernate.impl.AbstractQueryImpl.uniqueResult( AbstractQueryImpl.java:804) at com.tne.nres.projectTracker.ProjectTrackerServlet.validateUser(Unknown Source) at com.tne.nres.projectTracker.ProjectTrackerServlet.doPost(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc essConnection (Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) ** END NESTED EXCEPTION ** Last packet sent to th
Re: Tomcat and MySQL sync problems
Hi We had a simliar problem with Oracle and Tomcat 4.1.30 and a firewall in between and I don't remember the exact error message, so I'm not sure if this helps: The problem was that Tomcat held the DB connection open infinitely, and the firewall after a while decided it wanted to drop the connection. For a new request, Tomcat just used one of its connections from its pool and took a long time to recognize that the firewall had closed its connection. Solution: set an explicit timeout in server.xml: ... timeBetweenEvictionRunsMillis6 numTestsPerEvictionRun5 minEvictableIdleTimeMillis60 Andy Chris Long wrote: Hello, I'm having a problem where it seems Tomcat and MySQL go out of sync and I am no longer able to connect to the MySQL database. The only way I've found to be able to reconnect to my database is to restart Tomcat. This generally seems to happen some time over the course of the night and I notice the problem when I check on things in the morning, but it doesn't seem to happen every time. Does anyone have any idea what may be causing this and how to fix it? Here is a list of what I'm using: Tomcat 5.5.17 MySQL 14.12 Hibernate 3.2 mysql-connector-java-5.0.4 JAVA 1.5 Windows XP Pro [Jan 29 2007 (Mon)9:30:56 EST] ERROR [http--Processor20]( org.hibernate.util.JDBCExceptionReporter) - No operations allowed after connection closed.Connection was implicitly closed due to underlying exception/error: ** BEGIN NESTED EXCEPTION ** com.mysql.jdbc.CommunicationsException MESSAGE: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.net.SocketException MESSAGE: Software caused connection abort: socket write error STACKTRACE: java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java :65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:2637) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1554) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665) at com.mysql.jdbc.Connection.execSQL(Connection.java:3176) at com.mysql.jdbc.PreparedStatement.executeInternal( PreparedStatement.java:1153) at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java :1266) at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java :186) at org.hibernate.loader.Loader.getResultSet(Loader.java:1778) at org.hibernate.loader.Loader.doQuery(Loader.java:662) at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections( Loader.java:224) at org.hibernate.loader.Loader.doList(Loader.java:2211) at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095) at org.hibernate.loader.Loader.list(Loader.java:2090) at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:388) at org.hibernate.hql.ast.QueryTranslatorImpl.list( QueryTranslatorImpl.java:338) at org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java :172) at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1121) at org.hibernate.impl.QueryImpl.list(QueryImpl.java:79) at org.hibernate.impl.AbstractQueryImpl.uniqueResult( AbstractQueryImpl.java:804) at com.tne.nres.projectTracker.ProjectTrackerServlet.validateUser(Unknown Source) at com.tne.nres.projectTracker.ProjectTrackerServlet.doPost(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection (Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool
Re: XML Parse problem in a webapp context.xml
Mark, here is the stacktrace. Hope that helps. -P Jan 26, 2007 1:01:51 PM org.apache.tomcat.util.digester.Digester endElement SEVERE: End event threw exception java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:899) at org.apache.catalina.startup.SetNextNamingRule.end(SetNextNamingRule.java:98) at org.apache.tomcat.util.digester.Rule.end(Rule.java:229) at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1058) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(U nknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDis patcher.dispatch(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unkno wn Source) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:800) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:740) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:1003) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:279) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5299) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4072) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:451) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Caused by: java.lang.NullPointerException at java.util.Hashtable.put(Unknown Source) at org.apache.catalina.deploy.NamingResources.addResource(NamingResources.java:278) ... 47 more Jan 26, 2007 1:01:51 PM org.apache.catalina.startup.ContextConfig processContextConfig SEVERE: Parse error in default web.xml java.lang.NullPointerException at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2726) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2752) at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1061) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(Unknown Source)
Tomcat and MySQL sync problems
Hello, I'm having a problem where it seems Tomcat and MySQL go out of sync and I am no longer able to connect to the MySQL database. The only way I've found to be able to reconnect to my database is to restart Tomcat. This generally seems to happen some time over the course of the night and I notice the problem when I check on things in the morning, but it doesn't seem to happen every time. Does anyone have any idea what may be causing this and how to fix it? Here is a list of what I'm using: Tomcat 5.5.17 MySQL 14.12 Hibernate 3.2 mysql-connector-java-5.0.4 JAVA 1.5 Windows XP Pro [Jan 29 2007 (Mon)9:30:56 EST] ERROR [http--Processor20]( org.hibernate.util.JDBCExceptionReporter) - No operations allowed after connection closed.Connection was implicitly closed due to underlying exception/error: ** BEGIN NESTED EXCEPTION ** com.mysql.jdbc.CommunicationsException MESSAGE: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.net.SocketException MESSAGE: Software caused connection abort: socket write error STACKTRACE: java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java :65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:2637) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1554) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665) at com.mysql.jdbc.Connection.execSQL(Connection.java:3176) at com.mysql.jdbc.PreparedStatement.executeInternal( PreparedStatement.java:1153) at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java :1266) at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java :186) at org.hibernate.loader.Loader.getResultSet(Loader.java:1778) at org.hibernate.loader.Loader.doQuery(Loader.java:662) at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections( Loader.java:224) at org.hibernate.loader.Loader.doList(Loader.java:2211) at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095) at org.hibernate.loader.Loader.list(Loader.java:2090) at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:388) at org.hibernate.hql.ast.QueryTranslatorImpl.list( QueryTranslatorImpl.java:338) at org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java :172) at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1121) at org.hibernate.impl.QueryImpl.list(QueryImpl.java:79) at org.hibernate.impl.AbstractQueryImpl.uniqueResult( AbstractQueryImpl.java:804) at com.tne.nres.projectTracker.ProjectTrackerServlet.validateUser(Unknown Source) at com.tne.nres.projectTracker.ProjectTrackerServlet.doPost(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection (Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) ** END NESTED EXCEPTION ** Last packet sent to the server was 16 ms ago. STACKTRACE: com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.net.SocketException MESSAGE: Software caused connection abort: socket write error STACKTRACE: java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutput
Re: Can servlets safely spawn threads?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Danny, David Delbecq wrote: > 1) Your servlet must always take care to finish all Threads it has > spawned. This mean when servlet gets unloaded, you must have provided a > mecanism in your servlet to stop all running threads your servlet has > created. Remaining Threads not handled by container can either cause > tomcat to not stop when requested or prevent garbage collecting of > webapp when reloading. Consider using an existing thread pool component. It should have a graceful shutdown capability already built into it. David is right: you have to make sure to shut it down when appropriate. > In general, try to avoid spawning your own thread. I agree, which is why I recommend using a thread pool. Yes, you are still technically spawning your own threads (the container will not do it for you), but the point is that you will not be spawning a thread for each request. Set up your thread pool to have a "reasonable" number of threads for your application. You do not want to have loads of users submit jobs that will each spawn a new thread. If you run out of threads in the thread pool, you simply tell the user to come back later. Management of this type of resource is essential to maintaining a stable and useful system. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFvgK+9CaO5/Lv0PARAoIFAJ45DgOyFV9qxS2e+Qt9uHNTtkWpywCdHbnq pltJVjDsmhZMg0143155k7M= =pbEp -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat bundled Hibernate MySQL
I create a JAR library with the business logic, I use Hibernate and MySQL. Everything work fine but when I try use the JAR from a WebApp using the bundled TomCat on NetBeans 5.5 I got an server error. I believe that the problem is that the server don't know about Hibernate and the MySQL drive. I don't know well Tomcat, maybe you can help me. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Jars of different webapps causing problem
Hi there, I have problem running two webapps deployed on my Tomcat 5.X, which otherwise works fine, when deployed separately. Both the webapps have the same jars related to visibroker (vbjorb and vbjsec). When I try running both the webapp together in the same tomcat instance, my first app throws a ClassCastException (from visibroker). But when I remove the visibroker jars from the second app and then run the webapps, then my first app does not throw the exception. It seems like the visibroker jars loaded in my second app. is affecting the classes which were loaded in the first app. From what I know, there would be different classloaders for different web application. If that is correct, why would I end up with this problem ? Am I missing something ? Thanks a ton. Amit Chhajed *** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: www.rbs.com www.rbsgc.com www.rbsmarkets.com ***
Re: Can servlets safely spawn threads?
En l'instant précis du 01/29/07 11:33, Danny Ayers s'exprimait en ces termes: > Hi, > > I would be grateful is someone could answer these questions: > > * Can servlets safely spawn threads? short answer, yes. They *can*. However that does not mean all spawned Threads are safe. > > * If so, under what conditions? 1) Your servlet must always take care to finish all Threads it has spawned. This mean when servlet gets unloaded, you must have provided a mecanism in your servlet to stop all running threads your servlet has created. Remaining Threads not handled by container can either cause tomcat to not stop when requested or prevent garbage collecting of webapp when reloading. 2) Never have your spawned thread access request-time specific informations. This mean no request/response object passed to spawned threads. Avoid passing the Session object too. Lots of stuffs exposed by tomcat to servlet are assuming only one thread will work on it, the http thread, as such, there is quite a good amount of possible use of ThreadLocal variables. 3) if possible, spawn daemon threads, and name your threads, this ease a lot debugging. I have seen working web application spawning their own thread. Applications using the Quartz scheduler are an example of them. The Quartz scheduler spawns a few threads a provides mecanism for servlet to stop them. In general, try to avoid spawning your own thread. however, it's not always possible, and the Specs does not forbid spawning thread. But handle them properly. The best way, if you need your own thread, is to never use in the spawned thread object managed byt the container. > > I tried to find the answers searching the web, but found conflicting > views. > So I thought it worth asking about a specific servlet container > implemention. > > I'm trying to make a very simple asynchronous messaging system on top of > HTTP. What I have in mind requires that the servlet called would complete > the request-response in "reasonable" time, yet may initiate other > processes > that are potentially long-running. The easiest approach would be to > have the > servlet spawning another thread in which to run the other process, and > return a response to the client immediately. But is this possible without > running straight into concurrency breakage? > > More background at : > > http://dannyayers.com/2007/01/28/a-servlets-problem > > Thanks, > Danny. > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How do I increase performance on Tomcat?
> From: Gaurav Kushwaha [mailto:[EMAIL PROTECTED] > I have an application that has been working fine for last > half an year > or so. Recently the load has started increasing and the time > it takes to > serve a request is going up significantly. When I look at the resource > utilization(memory and CPU), it hardly shows an increase. > Garbage collection > is also not the culprit. What might be causing this performance hit ? My two first checks would be: - Lock contention (or other resource contention) in your relational database if you use one. - Bandwidth constraints between server and database, or server and clients. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How do I increase performance on Tomcat?
Hi, I have an application that has been working fine for last half an year or so. Recently the load has started increasing and the time it takes to serve a request is going up significantly. When I look at the resource utilization(memory and CPU), it hardly shows an increase. Garbage collection is also not the culprit. What might be causing this performance hit ? Thanks in advance, Gaurav Singh Kushwaha http://www.chakpak.com Ph: +91-9880101496 Bangalore, India.
Re: Tomcat Production Date processing
Jacob Rhoden wrote: Sql problem: java.sql.SQLException: Cannot convert value '2007-01-28 01:19:15' from column 5(2007-01-28 01:19:15 ) to DATE. For future reference, If you receive this error in your servlet, it can be resolved by upgrading the mysql connector to the latest version. Best Regards, Jacob - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem with static files served from NAS
Hi This is a side/follow-up thread to 'HTTP response code "200 -" in access log'. One contributor hinted that files being served from a NAS could cause problems = files not being able to be read sometimes. This could yield the access log entries with HTTP code 200 but no content length ('200 -'), as observed for static files. Does anyone have (bad) experience using NAS for a tomcat instance that also serves static files? No httpd and no APR involved. Tomcat 5.0.28/JDK1.4.2_06 on Solaris 9 and Debian. Thanks Andy -- -- [EMAIL PROTECTED] Tel +41 44 268 89 61 Fax +41 44 261 27 50 Ergon Informatik AG, Kleinstrasse 15, CH-8008 Zürich http://www.ergon.ch __ e r g o nsmart people - smart software smime.p7s Description: S/MIME Cryptographic Signature
Re: Tomcat not reading context path directive
Alan Cooper wrote: > I'm running Tomcat 5.5.12 (Red Hat Enterprise Linux stock packages). > > I am trying to set a Context path directive for /ejava/appname > > Tomcat is ignoring the Context path and instead taking the context from > the xml file name (so it's reading the file and the docBase directive). That's just the way it's designed to be: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html > The servlet is served, just not from the desired context. I am setting > the context up in /etc/tomcat5/Catalina/localhost/bield.xml. [...] > override="true" > privileged="true" antiResourceLocking="false" > antiJARLocking="false"> > >type="org.apache.catalina.UserDatabase"/> > > > > > Any ideas where I'm going wrong? Remove the "path" attribute and instead name the file "ejava#bield.xml". Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TCP Connection Aborted problems
I had a look at your log files. It really looks like something is wrong on the remote=tomcat side (or in between mod_jk and tomcat). Please do a couple of thread dumps for the tomcat JVM immediately after your stress test, during the time you cannot send request via mod_jk. Under Windows you have to run Tomcat from the console in order to be able to do a JVM thread dump. You create a thread dump by Typing Ctrl-Break. It should go to your catalina.out. It start with a line containing 'ull thread'. Regards, Rainer JNeuhoff wrote: As a followup from the http://www.nabble.com/mod_jk-replacement--tf3050993.html I am still looking for a working solution of the err=-53 (TCP Connection aborted) problem. To summarize what is happening: We have a Windows 2003 server (with Apache 2.0.59, mod_jk 1.2.20 and Tomcat 5.5.17). It was subjected by 2 client workstations from the same subnet to a stresstest involving 2 users. These were rapidly clicking on weblinks within our website. Their click-rate was faster on purpose than the Tomcat service could handle. The average response time from our servlet is about 0.15 seconds, but can go up to 0.5 seconds or more depending on server load and how many MySQL database queries it has to do. After just a minute or two, the server became unresponsive. Even though both Apache and Tomcat continued to run and receive requests the underlying TCP connections for the responses resulted in err=53 or err=54 conditions, hence the web browsing clients became unable to receive the responses. Even a re-start of the Apache and Tomcat NT services didn't clear up this stalemate scenario with the TCP connections. Judgeing by the mod_jk.log entries, mod_jk tries to connect to Tomcat, and part of it is doing a ping to Tomcat and waiting in vain for a pong. Is there a way to configure the connection pool so that it will really clear up stale TCP connections before re-using them? We using the following configuration: httpd.conf: Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 # WinNT MPM # ThreadsPerChild: constant number of worker threads in the server process # MaxRequestsPerChild: maximum number of requests a server process serves ThreadsPerChild 250 MaxRequestsPerChild 0 ### mod_jk 1.x configuration for connecting to Tomcat 5.5 # Load mod_jk module # Update this path to match your modules location LoadModulejk_module modules/mod_jk.so Declare the module for #AddModule mod_jk.c # Where to find workers.properties # Update this path to match your conf directory location (put workers.properties next to h JkWorkersFile "C:/Program Files/Apache Software Foundation/Tomcat 5.5/conf/workers.propert # Where to put jk logs # Update this path to match your logs directory location (put mod_jk.log next to access_lo JkLogFile "C:/Program Files/Apache Software Foundation/Tomcat 5.5/logs/mod_jk.log" # Set the jk log level [debug/error/info] #JkLogLevelinfo JkLogLeveldebug # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T %r %s" # Send ever
Re: Can't startup Tomcat properly, help!
You can only run two versions of tomcat if they are configured to use different network ports. Make sore both versions are using a different port. Best Regards, Jacob ICT Department wrote: New problem, although the one from the other day still exists about the IE issues with starting JSPWiki - just can't even attempt to sort this as now Tomcat won't start correctly! Basically, we installed SonicWall ViewPoint (Firewall software for creating reports of Internet usage etc) on Friday, and ever since then when I've attempted to "Start Service" (Tomcat), it seems to go through the blue bar loading but it hasn't started properly..and the "Start Service" option is still available!! However it looks to me that ViewPoint does use Tomcat to run it's application on..C:\ViewPoint4\Tomcat\ is a separate installation to the one I have for JSPWiki! Any ideas how to resolve this issue? Thanks for reading! Regards Chris Tamburro ICT Department St. Edward's School Cheltenham, UK - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
TCP Connection Aborted problems
As a followup from the http://www.nabble.com/mod_jk-replacement--tf3050993.html I am still looking for a working solution of the err=-53 (TCP Connection aborted) problem. To summarize what is happening: We have a Windows 2003 server (with Apache 2.0.59, mod_jk 1.2.20 and Tomcat 5.5.17). It was subjected by 2 client workstations from the same subnet to a stresstest involving 2 users. These were rapidly clicking on weblinks within our website. Their click-rate was faster on purpose than the Tomcat service could handle. The average response time from our servlet is about 0.15 seconds, but can go up to 0.5 seconds or more depending on server load and how many MySQL database queries it has to do. After just a minute or two, the server became unresponsive. Even though both Apache and Tomcat continued to run and receive requests the underlying TCP connections for the responses resulted in err=53 or err=54 conditions, hence the web browsing clients became unable to receive the responses. Even a re-start of the Apache and Tomcat NT services didn't clear up this stalemate scenario with the TCP connections. Judgeing by the mod_jk.log entries, mod_jk tries to connect to Tomcat, and part of it is doing a ping to Tomcat and waiting in vain for a pong. Is there a way to configure the connection pool so that it will really clear up stale TCP connections before re-using them? We using the following configuration: httpd.conf: Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 # WinNT MPM # ThreadsPerChild: constant number of worker threads in the server process # MaxRequestsPerChild: maximum number of requests a server process serves ThreadsPerChild 250 MaxRequestsPerChild 0 ### mod_jk 1.x configuration for connecting to Tomcat 5.5 # Load mod_jk module # Update this path to match your modules location LoadModulejk_module modules/mod_jk.so Declare the module for #AddModule mod_jk.c # Where to find workers.properties # Update this path to match your conf directory location (put workers.properties next to h JkWorkersFile "C:/Program Files/Apache Software Foundation/Tomcat 5.5/conf/workers.propert # Where to put jk logs # Update this path to match your logs directory location (put mod_jk.log next to access_lo JkLogFile "C:/Program Files/Apache Software Foundation/Tomcat 5.5/logs/mod_jk.log" # Set the jk log level [debug/error/info] #JkLogLevelinfo JkLogLeveldebug # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T %r %s" # Send everything for context /jsp-examples to worker named worker1 (ajp13) JkMount /jsp-examples/* ajp13 # Send everything for context /servlets-examples to worker named worker1 (ajp13) JkMount /servletsp-examples/* ajp13
Can't startup Tomcat properly, help!
New problem, although the one from the other day still exists about the IE issues with starting JSPWiki - just can't even attempt to sort this as now Tomcat won't start correctly! Basically, we installed SonicWall ViewPoint (Firewall software for creating reports of Internet usage etc) on Friday, and ever since then when I've attempted to "Start Service" (Tomcat), it seems to go through the blue bar loading but it hasn't started properly..and the "Start Service" option is still available!! However it looks to me that ViewPoint does use Tomcat to run it's application on..C:\ViewPoint4\Tomcat\ is a separate installation to the one I have for JSPWiki! Any ideas how to resolve this issue? Thanks for reading! Regards Chris Tamburro ICT Department St. Edward's School Cheltenham, UK - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat Production Date processing
Hi Guys, I am getting a very strange problem I have no idea where to start and I thought you guys might know, its possible its not may not be a tomcat problem... I am running netbeans 5.5(tomcat 5.5.17)/java 1.5/mysql connector 3.1.13 The production server has java 1.6/mysql connecter 3.1.13/tomcat 5.5.17 My most recent version of my app is returnning the following sql error in response to a ResultSet.getDate(xx); Sql problem: java.sql.SQLException: Cannot convert value '2007-01-28 01:19:15' from column 5(2007-01-28 01:19:15 ) to DATE. I cant find any info about this anywhere! Thanks, Jacob - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can servlets safely spawn threads?
Hi, I would be grateful is someone could answer these questions: * Can servlets safely spawn threads? * If so, under what conditions? I tried to find the answers searching the web, but found conflicting views. So I thought it worth asking about a specific servlet container implemention. I'm trying to make a very simple asynchronous messaging system on top of HTTP. What I have in mind requires that the servlet called would complete the request-response in "reasonable" time, yet may initiate other processes that are potentially long-running. The easiest approach would be to have the servlet spawning another thread in which to run the other process, and return a response to the client immediately. But is this possible without running straight into concurrency breakage? More background at : http://dannyayers.com/2007/01/28/a-servlets-problem Thanks, Danny. -- http://dannyayers.com
Tomcat not reading context path directive
HI there, I'm running Tomcat 5.5.12 (Red Hat Enterprise Linux stock packages). I am trying to set a Context path directive for /ejava/appname Tomcat is ignoring the Context path and instead taking the context from the xml file name (so it's reading the file and the docBase directive). The servlet is served, just not from the desired context. I am setting the context up in /etc/tomcat5/Catalina/localhost/bield.xml. My xml file looks like: override="true" privileged="true" antiResourceLocking="false" antiJARLocking="false"> Any ideas where I'm going wrong? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cannot authenticate client with Tomcat 5.0.28
[EMAIL PROTECTED] wrote: Hi everyone, I work for a municipality we need to implement a service that can log users(from a browser) by electronic identity card. I've installed a card reader, and created https connector for tomcat 5.5 that way: maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="99" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="mypath/tomcat.jks" keystorePass="*" keystoreType="JKS" truststoreFile="mypath/tomcat.jks" truststorePass="*" truststoreType="JKS" /> For server authentication, I've created a self-signed certificate using java tool keytool: keytool -genkey -v -alias tomcat -keyalg RSA -validity 3650 -keystore mypath\tomcat.jks because i don't need to obtain a trusted certificate from a certification authority. The problem is for the client. When I insert a smartcard, the card reader software installs a card certificate in Internet Explorer and in Firefox. This certificate is at the "bottom" of a chain of 3 certificates, so I downloaded via web the chain of certificates, then installed the chain in both browsers, then added the root CA certificate to the repository truststore of the server: keytool -import -v -file pathToCer\root.cer -keystore mypath\tomcat.jks -trustcacerts this, as instructions found in Internet, should be enough for tomcat to recognize the client certificate. But when trying to access https://myservername:7443 i get "Error estabilishing an ecrypted connection Error code: -1" whit Firefox, Explorer instead prompts me asking for pin of the card(this is necessary i think to use private key in the card) then "Cannot display page"(or something similar, i've installed browser in a non-english language) I tested the server trying to replace browser certificate with another self-signed certificate, then importing it in the truststore and it works well. So i think it's a problem of how client certificate is stored in the truststore file. I also tried to import all certificates in the truststore(the client card certificate, the intermediate cert., the root cert.) but it doesn't work. Can anybody help me?I'm sure i did something wrong importing certificates but i can't understand what. thanks! Castalia -- Passa a Infostrada. ADSL e Telefono senza limiti e senza canone Telecom http://click.libero.it/infostrada29ge07 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Hej, i had same problem las week, seems when you install tomcat apr is also intalles so the configuracion for ssl is different. Try with: *** are your actual pasword... works for me, have luck! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cannot authenticate client with Tomcat 5.0.28
Hi everyone, I work for a municipality we need to implement a service that can log users(from a browser) by electronic identity card. I've installed a card reader, and created https connector for tomcat 5.5 that way: For server authentication, I've created a self-signed certificate using java tool keytool: keytool -genkey -v -alias tomcat -keyalg RSA -validity 3650 -keystore mypath\tomcat.jks because i don't need to obtain a trusted certificate from a certification authority. The problem is for the client. When I insert a smartcard, the card reader software installs a card certificate in Internet Explorer and in Firefox. This certificate is at the "bottom" of a chain of 3 certificates, so I downloaded via web the chain of certificates, then installed the chain in both browsers, then added the root CA certificate to the repository truststore of the server: keytool -import -v -file pathToCer\root.cer -keystore mypath\tomcat.jks -trustcacerts this, as instructions found in Internet, should be enough for tomcat to recognize the client certificate. But when trying to access https://myservername:7443 i get "Error estabilishing an ecrypted connection Error code: -1" whit Firefox, Explorer instead prompts me asking for pin of the card(this is necessary i think to use private key in the card) then "Cannot display page"(or something similar, i've installed browser in a non-english language) I tested the server trying to replace browser certificate with another self-signed certificate, then importing it in the truststore and it works well. So i think it's a problem of how client certificate is stored in the truststore file. I also tried to import all certificates in the truststore(the client card certificate, the intermediate cert., the root cert.) but it doesn't work. Can anybody help me?I'm sure i did something wrong importing certificates but i can't understand what. thanks! Castalia -- Passa a Infostrada. ADSL e Telefono senza limiti e senza canone Telecom http://click.libero.it/infostrada29ge07 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session hijacking again
Do you use Java? We are a financial institution, we use a Java Framework based on servlets with SSL, but if you ask my opinion SSL is not the big issue. The vast majority of hacked sites are social engineering attacks. Secure your database (do not store clear text passwords in the database) minimize access of staff, require strong passwords (8 characters and numbers). No strategy or amount of code is foolproof, although yes It is also worth the extra effort to make your application a bit smart, but it is better to focus your attention on preventing social engineering, because no matter how clever you make it if the passwords are easily guessed or users careless its all for nothing. Design your application like a container that reloads its body, that way you can implement security and logging application wide with minimal code. We secure our application like this: on login (after authentication) we store in state for the duration of that session, the users unique id and session id and for logging purposes the current IP. (no cookies etc are used at all, because cookies are stored on the client which is out of our control). We perform a check for each new login to ensure at least the user id and session id does NOT exist in state before allowing the new login. We do not allow two concurrent logins with the same account. If you wish to implement session id switching you have to destroy the users old session and recreate it and update the session id in state (to me again, just my humble opinion, not so important)... it is far more useful to use a session timer that times out after a few minutes of inactivity, it will automatically call a sign out but you can keep the users details in the server state until the browser closes, if they try to continue activity, then you ask them to sign in again and add their new session id back into your state object. When the browser closes a session listener cleans out the session so the users details are discarded. Again paranoid coding is not going to prevent social engineering, educating users might... by far the most effective strategy is to tell users to never give out their password, give them a support number and inform them about what the support personnel is and isn't allowed to ask them for. Lastly tell users exactly what type of email they will and won't receive from your organization. When they login to your site tell them they should ALWAYS check that the domain name appears correctly in the address bar. John Caron wrote: Hello: Our application is serving large amounts of scientific data over HTTP. The user needs to login to access the data. We would like to use session ids to reduce the login overhead. We cant afford the overhead of HTTPS encryption of teh data (3 times slower ?). We realize this makes us vulnerable to session hijacking. Still, we arent transferring financial information, so tentatively we think its a reasonable risk. The Wikipedia article (http://en.wikipedia.org/wiki/Session_hijacking) suggest a couple of things that help, that seem reasonable to me: # Some services make secondary checks against the identity of the user. For example, a web server could check with each request made that the IP address of the user matched the one last used during that session. This does not prevent attacks by somebody who shares the same IP address, however, and could be frustrating for users who's IP address is liable to change during a browsing session. # Alternatively, some services will change the value of the cookie with each and every request. This dramatically reduces the window in which an attacker can operate and makes it easy to identify whether an attack has taken place, but can cause other technical problems (for example, preventing the back button from working properly, on the web). I would like to implement one or both of these in Tomcat: 1) IP checking and 2) session id switching. I guess others have thought about this. Does anyone have any advice or pointers (or code!) to get started. Thanks for any help. John Caron Unidata/UCAR - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Peter Stavrinides Albourne Partners (Cyprus) Ltd Tel: +357 22 750652 If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Please visit http://www.albourne.com/email.html for important additional terms relating to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]