RE: Tomcat's container architecture - Authenticator
Hi Carlo! Thank you for being help me J My question is about invoke method in AuthenticatorBase.java. If you look at invoke code you can see that: - the method first action is check if there is any Principal in the Request - if there isn’t a Principal it tests if there is a Principal in the internal session(Session) - if there is a Principal(in Session) it puts the Principal and the authentication method in the Request - and the method(invoke) follows, and it tries to authenticate Request HttpRequest hrequest = (HttpRequest) request; HttpResponse hresponse = (HttpResponse) response; // Have we got a cached authenticated Principal to record? if (cache) { Principal principal = ((HttpServletRequest) request.getRequest()).getUserPrincipal(); if (principal == null) { Session session = getSession(hrequest); if (session != null) { principal = session.getPrincipal(); if (principal != null) { if (log.isDebugEnabled()) log.debug(We have cached auth type + session.getAuthType() + for principal + session.getPrincipal()); hrequest.setAuthType(session.getAuthType()); hrequest.setUserPrincipal(principal); } } } } If we look know to authenticate method in FormAuthenticator.java class: - the first think it does is check is there is a Principal in the Request - if there is a Principal, it returns true // Have we already authenticated someone? Principal principal = hreq.getUserPrincipal(); String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); if (principal != null) { if (log.isDebugEnabled()) log.debug(Already authenticated ' + principal.getName() + '); // Associate the session with any existing SSO session if (ssoId != null) associate(ssoId, getSession(request, true)); return (true); } My question is: why we are putting the Principal in the Request? Why we can’t just authenticate the user if there is a principal in internal Session?! Doesn’t make sense, put the Principal in the Request, and after in the authentication method we just test if there is a Principal in the Request and return true. In others words, what kind of security this process provides?! Was I cleat enough? Thanks for everything, Regards from Braga, Portugal Bárbara Vieira From: Carlo Politi [mailto:[EMAIL PROTECTED] Sent: terça-feira, 27 de Novembro de 2007 23:49 To: [EMAIL PROTECTED] Subject: Re: Tomcat's container architecture - Authenticator Hi Bárbara, i can help you because I'm doing a new authenticator as work of my thesis. I have analyzed BasicAuthenticator and modified it; could you tell me the right point of your problem? - Messaggio originale - Da: Bárbara Vieira [EMAIL PROTECTED] A: users@tomcat.apache.org Inviato: Mercoledì 28 novembre 2007, 0:23:49 Oggetto: Tomcat's container architecture - Authenticator Hi there! This question is about Authenticator package. I appreciate if anyone can help me. I’m implementing a Valve and a Realm to provides authentication and authorization using two authentications methods at the same time : FORM and CERT-CLIENT. Obviously, I’m looking to authenticator package code, more precisely to AuthenticatorBase.class and FormAuthenticator.class, and analyzing that. In this analyze has emerged some questions about what the author are doing in invoke method in AuthenticatiorBase class. In other words, what I would like to know is, why the author are putting the Principal on the request, and the next step is authenticate the request?! I don’t understand the reason why we have to pass the request to authenticate method in FormAuthenticator class, because that method isn’t doing anything if the request has a principal. This doesn’t make any sense, because first we put the principal on the request and next, in the authenticate method, we just test if the request has a principal. Why we have to put the principal on the request?! Why we cannot just authenticate the user if the request has a principal, or if the principal is in internal session?! I’m a little bit confused about that J Thanks for everything, Regards from Braga, Portugal, Bárbara Vieira _ http://us.rd.yahoo.com/mail_it/taglines/*http:/it.messenger.yahoo.com Yahoo! Messenger with Voice: chiama da PC a telefono a tariffe esclusive
Re: clustering iis with JK
Dmitry Beransky wrote: Hi, Is it possible to implement the following setup with JK/isapi_redirect? 1. Two clustered IIS instances 2. Two load-balanced Tomcat instances 3. Each IIS uses JK to forward requests to two load-balanced Tomcat instances I know how to do each individual item in isolation, but I can't figure, once I put all three together, how to ensure that requests belonging to the same session are consistently served to the appropriate Tomcat instance. Any pointers? For IIS clustering I am considering NLB. Since want IIS clustering for mostly for reliability rather than scalability, an easy way out would be to do a fail over setup, but this is plan B. To isolate the layers: - Load-balancing the web servers (IIS) - Maybe stickyness already in the web layer, mainly in case you use SSL - Load-balancing between IIS layer and the Tomcat layer using the isapi redirector, including stickyness - Maybe session replication between the Tomcat instances to further increase transparency of nore failures Simple setup would be: - No session replication between Tomcat nodes (no Tomcat-Cluster). In case a node fails, the users with sessions on the nodes have to login again. OK, if sessions are cheap, i.e. not much work lost, not much information in the session, and failure rate is low (application, hardware, network relatively stable). - Combined with sticky forwarding by the isapi redirector (uses URL encoded sessions or standard Java session cookie JSESSIONID combined with the jvmRoute setting in server.xml of the Tomcat backends; TC adds the jvmRoute to the session id, and isapi redirector sees this tag in the URL or cookie and maps it to the correct backend). Works very robust. - Load-Balancing or high availability in the IIS layer would still be your job. Stickyness demand on the IIS layer itself depends on the fact, if the IIS layer is stateless (should be, apart from the SSL case, were you want to have a relatively good stickyness; don't need 100%, but the less sticky the LB to the IIS is, the more SSL handshakes you get). More complex setup: - Add session replication to the TC backends. Most likely nevertheles you want to keep stickyness with the isapi redirector, to reduce dependency on the rpelication during the time you actually didn't have a node failure. Regards, Rainer Thanks Dmitry - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Including in a JSP the result of a servlet that forwards
Hi all, If I make a jsp:include (in fact I am using Tiles, but the result is the same) of a result of a servlet which, in turn, makes an ApplicationDispatcher.forward, I have a strange effect: - only the page forwarded by the servlet will be visible to the user; - the rest of the JSP page is executed, but it gives a Stream closed error. I tested on Tomcat 5.5.25 and Jetty 6.1.1rc1 (embedded in Cargo, Maven 2 plugin), that (correct me if I am wrong) shares the Jasper engine with Tomcat. Independently from the fact if it is a good or a bad idea to forward into a servlet that is included, is this the normal behaviour or is it a bug? Thanks in advance Antonio - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and ClassLoaders
Hi, I have an application that uses the embedded version of tomcat. In my classpath I have some jars that are the same as the webapp I deploy in tomcat. Now the problem is, that the webapp uses the jars from the classpath of the ‘root’ application and not the jars that the webapp has in his classpath(e.g. libs dir). How can I prevent the webapplication from using the jars from the ‘root’ application? I tried to start the program and tomcat with different classloaders, but nothing changed. Regards, Auke No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.9/1155 - Release Date: 27-11-2007 20:30
RE: multithreaded with taglibs
Sorry chris, I didn't understand u then... it is a good solution (great minds think alike!). This solution is good but we must write to the out of the jsp before the thread is running (we bypass this because the thread will write to a pre-decided file name). is there another way to do it, without writing to the out? I guess not, I m just checking that I m not missing something. Thanks Yair -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 27, 2007 6:17 PM To: Tomcat Users List Subject: Re: multithreaded with taglibs -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yair, Yair Ben-Meir wrote: Btw - i thought of something: maybe the img tag will run a thread, return an outout to the page with some new image name, and release the jsp to continue. The thread will do the work and save the new image under the name the tag returned to the page. At the end of the page, a wait tag will be for waiting to whole of the threads to finish. That's the best thing I thought of till now. That's exactly what I was suggesting. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTELo9CaO5/Lv0PARAg3oAJ45nSggqD5/U92iGMUX8ZqexbMhNACgv3lD Oun0j/lB3Xa2CmnTVrC14BM= =uTJw -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.0.* Docuemntation available?
hello, i am looking for a detailed manual on the configuration parameters of tomcat 5.0. I can only find one for 5.5 does anyone has a link/document for me? // Stefan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.0.* Docuemntation available?
From: Stefan Rainer [mailto:[EMAIL PROTECTED] Subject: Tomcat 5.0.* Docuemntation available? i am looking for a detailed manual on the configuration parameters of tomcat 5.0. I can only find one for 5.5 The docs are included in every Tomcat download, and installed as a webapp. Older Tomcat levels are kept in the archive: http://archive.apache.org/dist/tomcat/ - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Including in a JSP the result of a servlet that forwards
Hi Antonio- https://java.sun.com/products/servlet/2.1/api/javax.servlet.RequestDispatche r.html#forward(javax.servlet.ServletRequest,%20javax.servlet.ServletResponse ) where the most relevant part is This method may not be used if the calling servlet has already output any response to the client. decide which servlet is constructing the response and forward to that servlet Anyone? Martin-- - Original Message - From: Antonio Petrelli [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Wednesday, November 28, 2007 6:41 AM Subject: Including in a JSP the result of a servlet that forwards Hi all, If I make a jsp:include (in fact I am using Tiles, but the result is the same) of a result of a servlet which, in turn, makes an ApplicationDispatcher.forward, I have a strange effect: - only the page forwarded by the servlet will be visible to the user; - the rest of the JSP page is executed, but it gives a Stream closed error. I tested on Tomcat 5.5.25 and Jetty 6.1.1rc1 (embedded in Cargo, Maven 2 plugin), that (correct me if I am wrong) shares the Jasper engine with Tomcat. Independently from the fact if it is a good or a bad idea to forward into a servlet that is included, is this the normal behaviour or is it a bug? Thanks in advance Antonio - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Including in a JSP the result of a servlet that forwards
2007/11/28, Martin Gainty [EMAIL PROTECTED]: Hi Antonio- https://java.sun.com/products/servlet/2.1/api/javax.servlet.RequestDispatche r.html#forward(javax.servlet.ServletRequest,%20javax.servlet.ServletResponse ) where the most relevant part is This method may not be used if the calling servlet has already output any response to the client. decide which servlet is constructing the response and forward to that servlet In the 2.4 version of the servlet we have: http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/RequestDispatcher.html#forward(javax.servlet.ServletRequest,%20javax.servlet.ServletResponse) where the relevant (for me) is: snip forward should be called before the response has been committed to the client (before response body output has been flushed).If the response already has been committed, this method throws an IllegalStateException. Uncommitted output in the response buffer is automatically cleared before the forward. /snip But response.isCommitted returns false (!), the implementation is ServletResponseWrapperInclude: http://tomcat.apache.org/tomcat-5.5-doc/jasper/docs/api/org/apache/jasper/runtime/ServletResponseWrapperInclude.html And I don't see any IllegalStateException. So I now ask, is there a way to know if I can forward or not? Thanks Antonio - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat becomes non-response for ~30 seconds
Are you swapping during garbage collection? Ronald. On Tue Nov 27 19:58:24 CET 2007 Tomcat Users List users@tomcat.apache.org wrote: Folks: We're having an intermittent problem with Tomcat becoming non-responsive for a while (between 30 seconds and several minutes) and then recovering without any intervention. There are no error messages in the Tomcat logs. Any ideas what might be causing this or where to look? We're running Tomcat 5.5.20 on linux. Thanks, Jared -- View this message in context: http://www.nabble.com/Tomcat-becomes-non-response-for-%7E30-seconds-tf4883561.html#a13976711 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to make Tomcat shutdown itself if the address it is trying to bind is already in use.
if [ -z $(netstat -lnp | grep 8080) ] then echo Tomcat running exit -1 else [ continue with startup-script ] fi do the same for port 8009 (AJP) however, the best way would be to first check if tomcat is running before starting it up remember: a fool with a tool is still a fool... gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OpenSSL + APR + Tomcat 5.5.2 Help
Hi folks, Again I call on your expert assistance: I have a tomcat 5.5.2 server running on a Debian Etch linux box. Its configured to use APR 1.1.3 and I want to get SSL going. I've successfully managed this using JSSE but not OpenSSL. I installed openssl using apt, as well as the APR libraries. Tomcat was installed with the binaries from Apache. I ran the following commands (with help from http://marc.info): - Create private key and certificate request for my own certificate authority openssl req -new -newkey rsa:1024 -nodes -out ssl/ca/ca.csr -keyout ssl/ca/ca.key - Self-sign openssl x509 -trustout -signkey ssl/ca/ca.key -days 365 -req -in ssl/ca/ca.csr -out ssl/ca/ca.pem -Import into Java's security thingy keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file ssl/ca/ca.pem -alias tomcat -Created a file CA's serial numbers? echo 02 ssl/ca/ca.srl -Created a keystore keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore ~/.keystore -storetype JKS -Create a certficate request for the server keytool -certreq -keyalg RSA -alias tomcat -file ssl/certreq.csr -keystore .keystore (This certificate got sent off to verisign, but in the meantime I thought I'd try signing myself off to see SSL working) openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/certreq.csr -out ssl/selfcert.crt -days 365 - Import my self-cert into the keystore keytool -import -alias tomcat -keystore .keystore -trustcacerts -file ssl/selfcert.crt Then I had this in server.xml Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/home/tomcat5/.keystore keystorePass=password / The docs said that it would pickup .keystore in the user's home directory but I thought I'd set it explicitly. When I restart tomcat I see in the log: 28-Nov-2007 14:59:26 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 And no errors alluding to SSL anywhere else. When I try to access https://myserver:8443 firefox tells me that the connection was interrupted, following a lengthy pause. keytool -list shows 1 entry. Since I'm a bit of a newbie to SSL, and there is nothing in the log, I am stuck as for what to do next. I gather that since I use APR I might need other settings in my server.conf, but the documentation is vauge on whether I need both the keystore attributes and the openssl stuff, or just the ssl stuff, or what. If I were to add the SSLEngine, SSLCertificateFile, SSLCertificateKeyFile attributes, what values would I feed them based on the previous steps? Does anyone have any good howtos for the openssl side of things (the first line of the official docs is a caveat that the howto applies to JSSE only!) Thanks in advance Dan Garland __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: clustering iis with JK
Hi Rainer, It's the item #3 on your Simple Setup list that I'm basically asking about (I already have #1 set up and working, and parts of #2). Here's where my problem with #3 lies: Let's say we have two load-balanced (clustered) web/IIS servers: W1 and W2, each configured with sticky forwarding by isapi_redirectors JK1 JK2 to Tomcat servers T1 T2. Let's follow this scenario 1. Request (R1) comes to the web cluster (C) and gets dispatched to W1. R1 is a new request, so it's gets arbitrarily sent to T2, where it's assigned a new session (S1) 2. Request R2 from session S1 comes to C. Let's say it gets dispatched to W1 again (C wouldn't know anything about S1). Since JK1 knows about S1, R2(S1) will be forwarded to T2, which started S1 --- everything is fine. 3. Request R3 from session S1 comes to C. And since C doesn't know anything about S1, R3(S1) is load-balanced to W2. JK2 at this point doesn't know anything about S1. To it, it's a new session, so it may forward it either to T1 or T2. If R3(S1) gets sent to T2, we are good. If not - our app is in trouble. I'm new to all this, so I might be missing something basic. I do realize that Tomcat session replication (your more complex setup) makes this problem moot. But, let's say, I do not take the session relication route, can I still make sure that #3 from above does not happen? Thanks Dmitry On Nov 28, 2007 3:02 AM, Rainer Jung [EMAIL PROTECTED] wrote: Dmitry Beransky wrote: Hi, Is it possible to implement the following setup with JK/isapi_redirect? 1. Two clustered IIS instances 2. Two load-balanced Tomcat instances 3. Each IIS uses JK to forward requests to two load-balanced Tomcat instances I know how to do each individual item in isolation, but I can't figure, once I put all three together, how to ensure that requests belonging to the same session are consistently served to the appropriate Tomcat instance. Any pointers? For IIS clustering I am considering NLB. Since want IIS clustering for mostly for reliability rather than scalability, an easy way out would be to do a fail over setup, but this is plan B. To isolate the layers: - Load-balancing the web servers (IIS) - Maybe stickyness already in the web layer, mainly in case you use SSL - Load-balancing between IIS layer and the Tomcat layer using the isapi redirector, including stickyness - Maybe session replication between the Tomcat instances to further increase transparency of nore failures Simple setup would be: - No session replication between Tomcat nodes (no Tomcat-Cluster). In case a node fails, the users with sessions on the nodes have to login again. OK, if sessions are cheap, i.e. not much work lost, not much information in the session, and failure rate is low (application, hardware, network relatively stable). - Combined with sticky forwarding by the isapi redirector (uses URL encoded sessions or standard Java session cookie JSESSIONID combined with the jvmRoute setting in server.xml of the Tomcat backends; TC adds the jvmRoute to the session id, and isapi redirector sees this tag in the URL or cookie and maps it to the correct backend). Works very robust. - Load-Balancing or high availability in the IIS layer would still be your job. Stickyness demand on the IIS layer itself depends on the fact, if the IIS layer is stateless (should be, apart from the SSL case, were you want to have a relatively good stickyness; don't need 100%, but the less sticky the LB to the IIS is, the more SSL handshakes you get). More complex setup: - Add session replication to the TC backends. Most likely nevertheles you want to keep stickyness with the isapi redirector, to reduce dependency on the rpelication during the time you actually didn't have a node failure. Regards, Rainer Thanks Dmitry - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cross-domain calls when third-party cookies are not allowed
Hi, Tnx for your feedback. What I have understood, the P3P policy file is kind of dead since the lack of support from the browser implementers ( from www.w3c.org: The P3P Specification Working Group took this step as there was insufficient support from current Browser implementers for the implementation of P3P 1.1 ). Is this correct? regards, /jonas Leon Rosenberg-3 wrote: I believe if you set the p3p policy correctly (in your tomcat) ie7 will accept the third party cookies. regards Leon On Nov 22, 2007 11:05 PM, J.Gustafsson [EMAIL PROTECTED] wrote: Hi, I have an interesting problem (I think) that I wonder if someone could assist me with. I want to do cross-domain scripting. I have some java-script that makes a cross-domain http request to a Tomcat server. This works fine as long as third-party cookies are allowed in the browser. Tomcat can keep track of the session by the jsessionId. If cookies are not allowed at all in the browser, I simple let the java-script decide to not make a cross-domain call at all. Those are not interesting for my application. My problems appear when first part cookies are allowed, but third-party is not (the default settings in IE7 I think). The java-script will think that cookies are allowed and make the cross-domain http call. Since third party cookies are not allowed, Tomcat is not allowed to set a jsessionId on a cookie, but instead add the jsessionId on the URL. This is unfortunately not good enough for me. When third-party cookies are allowed, my java-script provides a first-part cookie in the cross-domain http call. I use this value to identify the user, and set it on the session created by Tomcat. If however Tomcat cannot set cookies, since third-party cookie is not allowed, I simply cannot do like this. So what do I actually want to achieve? I would like Tomcat to bypass its sanity check when URL-rewrite is done. I want Tomcat to create a session with a key (jsessionId) I provides it with. Does this sound totally insane? Maybe it is. Perhaps there is another solution I have not thought of? I know there is another solution, running Tomcat session-less and write to a file/db for each call, but because of performance reasons, I would like to avoid this. Any ideas/proposals? /jonas -- View this message in context: http://www.nabble.com/Cross-domain-calls-when-third-party-cookies-are-not-allowed-tf4858744.html#a13904100 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Cross-domain-calls-when-third-party-cookies-are-not-allowed-tf4858744.html#a13995129 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ApacheTomcat Connector mod_jk, receiving 0711-244 ERROR when I do a make
Hi Rainer, You never know who your talking to and where they are when you get into a group. I was out sick yesterday, so I am just catching up. Could you provide (sorry, if you did already) precise information about your platform (I remember AIX, but which version)? Also: which version of Apache httpd (1.3.X) do you use? We are AIX 5.3 TL6 SP3 on this system. Apache web server 1.3.31 Tomcat is at 5.5.20 Apache was installed from the Linux package CD for Jun 2007. It is a rpm install. I think the binaries are built into the package and installed through the rpm process. I needed to install the devel part for apxs to be installed. This was also rpm install for the devel rpm file below. apache-1.3.31-1ssl.aix5.1.ppc.rpm apache-devel-1.3.31-1ssl.aix5.1.ppc.rpm apache-manual-1.3.31-1ssl.aix5.1.ppc.rpm Tomcat was a tar file which I untared into a work directory and then copied to /opt/freeware Do you have an idea, if your Apache httpd was compiled with the same compiler, that you use? I don't know enough about AIX, but it could be, that we are getting into binary compatibility problems, if your httpd was compiled with gcc and you are using a different compiler. whence apxs /usr/sbin/apxs apxs -q cc xlc apxs -q CFLAGS -O2 -DAIX=510 -U__STR__ -DAIX_BIND_PROCESSOR -DMOD_SSL=208119 -DUSE_HSREGEX -DEA PI apxs file. ## ## Configuration ## my $CFG_TARGET= q(httpd);# substituted via Makefile.tmpl my $CFG_CC= q(xlc);# substituted via Makefile.tmpl my $CFG_CFLAGS= q(-O2 -DAIX=510 -U__STR__ -DAIX_BIND_PROCESSOR -DMOD_SSL =208119 -DUSE_HSREGEX -DEAPI `../apaci`);# substituted via Makefile. tmpl my $CFG_CFLAGS_SHLIB = q(-DSHARED_MODULE); # substituted via Makefile.tmpl my $CFG_LD_SHLIB = q(ld); # substituted via Makefile.tmpl my $CFG_LDFLAGS_SHLIB = q(-H512 -T512 -bhalt:4 -bM:SRE -bnoentry -bI:/opt/freewa re/apache/libexec/httpd.exp -lc); # substituted via Makefile.tmpl my $CFG_LIBS_SHLIB= q();# substituted via Makefile.tmpl my $CFG_PREFIX= q(/opt/freeware/apache);# substituted via AP ACI install my $CFG_SBINDIR = q(/opt/freeware/apache/sbin); # substituted vi a APACI install my $CFG_INCLUDEDIR= q(/opt/freeware/apache/include);# substituted vi a APACI install my $CFG_LIBEXECDIR= q(/opt/freeware/apache/libexec);# substituted vi a APACI install my $CFG_SYSCONFDIR= q(/etc/opt/freeware/apache);# substituted via AP ACI install Would you be willing to do a couple of tests, if I would send you instraumented code? (Like doing another 2 or three compilation, check if it starts and if not provide output resp. gdb bt). I unfortunately don't have the platform, and this place in the code didn't produce any problem for years on Linux/Solaris/Windows. Sure, if you think it would help. By the way thanks for all the help.. Rich
Re: clustering iis with JK
Dmitry Beransky wrote: Hi Rainer, It's the item #3 on your Simple Setup list that I'm basically asking about (I already have #1 set up and working, and parts of #2). Here's where my problem with #3 lies: Let's say we have two load-balanced (clustered) web/IIS servers: W1 and W2, each configured with sticky forwarding by isapi_redirectors JK1 JK2 to Tomcat servers T1 T2. Let's follow this scenario 1. Request (R1) comes to the web cluster (C) and gets dispatched to W1. R1 is a new request, so it's gets arbitrarily sent to T2, where it's assigned a new session (S1) 2. Request R2 from session S1 comes to C. Let's say it gets dispatched to W1 again (C wouldn't know anything about S1). Since JK1 knows about S1, R2(S1) will be forwarded to T2, which started S1 --- everything is fine. 3. Request R3 from session S1 comes to C. And since C doesn't know anything about S1, R3(S1) is load-balanced to W2. JK2 at this point doesn't know anything about S1. To it, it's a new session, so it may forward it either to T1 or T2. If R3(S1) gets sent to T2, we are good. If not - our app is in trouble. The stickyness feature of the isapi redirector is stateless, i.e. it has no idea, which sessions are on node T1 or T2. The nodes T1 and T2 themselves add their names (jvmRoute) to the sesiond ID, and the session ID from there on is part of any further request, because it either is included by URL rewriting (this has to be done by the webapp developer) or by the session cookie (automatically resend by the browser, assuming it supports cookies). So with every request belonging to S1 the browser will send a session id, and at the end of the session id the isapi redirector sees the name of the correct tomcat node and sends the request there. Even if it never saw any request for the same session before. Does that answer your question? I'm new to all this, so I might be missing something basic. I do realize that Tomcat session replication (your more complex setup) makes this problem moot. But, let's say, I do not take the session relication route, can I still make sure that #3 from above does not happen? Thanks Dmitry Regards, Rainer On Nov 28, 2007 3:02 AM, Rainer Jung [EMAIL PROTECTED] wrote: Dmitry Beransky wrote: Hi, Is it possible to implement the following setup with JK/isapi_redirect? 1. Two clustered IIS instances 2. Two load-balanced Tomcat instances 3. Each IIS uses JK to forward requests to two load-balanced Tomcat instances I know how to do each individual item in isolation, but I can't figure, once I put all three together, how to ensure that requests belonging to the same session are consistently served to the appropriate Tomcat instance. Any pointers? For IIS clustering I am considering NLB. Since want IIS clustering for mostly for reliability rather than scalability, an easy way out would be to do a fail over setup, but this is plan B. To isolate the layers: - Load-balancing the web servers (IIS) - Maybe stickyness already in the web layer, mainly in case you use SSL - Load-balancing between IIS layer and the Tomcat layer using the isapi redirector, including stickyness - Maybe session replication between the Tomcat instances to further increase transparency of nore failures Simple setup would be: - No session replication between Tomcat nodes (no Tomcat-Cluster). In case a node fails, the users with sessions on the nodes have to login again. OK, if sessions are cheap, i.e. not much work lost, not much information in the session, and failure rate is low (application, hardware, network relatively stable). - Combined with sticky forwarding by the isapi redirector (uses URL encoded sessions or standard Java session cookie JSESSIONID combined with the jvmRoute setting in server.xml of the Tomcat backends; TC adds the jvmRoute to the session id, and isapi redirector sees this tag in the URL or cookie and maps it to the correct backend). Works very robust. - Load-Balancing or high availability in the IIS layer would still be your job. Stickyness demand on the IIS layer itself depends on the fact, if the IIS layer is stateless (should be, apart from the SSL case, were you want to have a relatively good stickyness; don't need 100%, but the less sticky the LB to the IIS is, the more SSL handshakes you get). More complex setup: - Add session replication to the TC backends. Most likely nevertheles you want to keep stickyness with the isapi redirector, to reduce dependency on the rpelication during the time you actually didn't have a node failure. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat's container architecture - Authenticator
Only a question: what do you have to do with this auth? do you need to develope a new one or simply study it? ___ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it
Re: clustering iis with JK
Does that answer your question? Oh! I think it does. I was assuming that isapi_redirect maintained an internal map of sessions and tomcat nodes, but if the jvmRoute is in the session id, then it shouldn't matter which IIS/isapi is serving the request, it will still go to the correct instance of tomcat as long as it's available. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RemoteAddrValve
Hello there, Using tomcat 5.5.25 + jdk1.5.0_13 By default /tomcat/conf/Catalina/localhost/manager.xml looks like ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false !-- Link to the user database we will get roles from -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context I'm changing it to: ?xml version=1.0 encoding=UTF-8? Context path=/manager docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Valve classname=org.apache.catalina.valves.RemoteAddrValve allow=192.9.202.231/ !-- Link to the user database we will get roles from -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context But no success to implement IP restriction for /manager here is the error: SEVERE: Parse error in context.xml for /manager java.lang.NullPointerException at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2726) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2752) at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1279) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:533) at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:220) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:872) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1693) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1242) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:782) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:722) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:987) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:279) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5071) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3984) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) Nov 28, 2007 6:50:49 PM org.apache.catalina.startup.ContextConfig
Re: OpenSSL + APR + Tomcat 5.5.2 Help
OK so I tried it with the attributes set and now I get java.lang.Exception: Error setting private key (error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) Which I take to mean that my server key is not the same as the certificate key. Where did I go wrong? SSLEngine=on SSLCertificateFile=/home/tomcat5/ssl/myverisign.crt SSLCertificateKeyFile=/home/tomcat5/ssl/ca/ca.key Did I send the wrong thing to verisign? Dan Daniel M Garland wrote: Hi folks, Again I call on your expert assistance: I have a tomcat 5.5.2 server running on a Debian Etch linux box. Its configured to use APR 1.1.3 and I want to get SSL going. I've successfully managed this using JSSE but not OpenSSL. I installed openssl using apt, as well as the APR libraries. Tomcat was installed with the binaries from Apache. I ran the following commands (with help from http://marc.info): - Create private key and certificate request for my own certificate authority openssl req -new -newkey rsa:1024 -nodes -out ssl/ca/ca.csr -keyout ssl/ca/ca.key - Self-sign openssl x509 -trustout -signkey ssl/ca/ca.key -days 365 -req -in ssl/ca/ca.csr -out ssl/ca/ca.pem -Import into Java's security thingy keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file ssl/ca/ca.pem -alias tomcat -Created a file CA's serial numbers? echo 02 ssl/ca/ca.srl -Created a keystore keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore ~/.keystore -storetype JKS -Create a certficate request for the server keytool -certreq -keyalg RSA -alias tomcat -file ssl/certreq.csr -keystore .keystore (This certificate got sent off to verisign, but in the meantime I thought I'd try signing myself off to see SSL working) openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/certreq.csr -out ssl/selfcert.crt -days 365 - Import my self-cert into the keystore keytool -import -alias tomcat -keystore .keystore -trustcacerts -file ssl/selfcert.crt Then I had this in server.xml Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/home/tomcat5/.keystore keystorePass=password / The docs said that it would pickup .keystore in the user's home directory but I thought I'd set it explicitly. When I restart tomcat I see in the log: 28-Nov-2007 14:59:26 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 And no errors alluding to SSL anywhere else. When I try to access https://myserver:8443 firefox tells me that the connection was interrupted, following a lengthy pause. keytool -list shows 1 entry. Since I'm a bit of a newbie to SSL, and there is nothing in the log, I am stuck as for what to do next. I gather that since I use APR I might need other settings in my server.conf, but the documentation is vauge on whether I need both the keystore attributes and the openssl stuff, or just the ssl stuff, or what. If I were to add the SSLEngine, SSLCertificateFile, SSLCertificateKeyFile attributes, what values would I feed them based on the previous steps? Does anyone have any good howtos for the openssl side of things (the first line of the official docs is a caveat that the howto applies to JSSE only!) Thanks in advance Dan Garland __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Create New Data Source
Hello list , Can someone please tell me how do I test the connectivity from tomcat server to oracle database. I am good on Unix/databases but new to Tomcat. I have oracle instance named as : lawtst . lawtest running at cemcp62 . (system name) user name is - sdhotre -password is password . I see following fields when I click on create data source . Where do the above values go or is there an example somewhere that I can follow? Data Sources Property Value JNDI Name: Data Source URL: JDBC Driver Class: User Name: Password: Max. Active Connections: Max. Idle Connections: Max. Wait for Connection: Validation Query: Thanks Shekhar Dhotre. Unix Admin. CobbEnergy (Atlanta).
Re: multithreaded with taglibs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yair, Yair Ben-Meir wrote: This solution is good but we must write to the out of the jsp before the thread is running (we bypass this because the thread will write to a pre-decided file name). is there another way to do it, without writing to the out? I'm not sure I understand what you mean. Are you asking how to continue evaluating the JSP while the image is being generated? Easy. Create a class like this: public class ParallelImageGenerator { public ParallelImageGenerator() { ... } public String getGeneratedFilename() { ... } public void start() { ... } public void wait() { ... } } Then, from your tagStart method in your custom tag library, do something like this: pig = new ParallelImageGenerator(); pig.start(); jspOut.print(img src=\ + pig.getGeneratedFilename() + \ /); // Register the 'pig' object somewhere so you can go back and wait // on all of the image generators. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTZ9n9CaO5/Lv0PARAkxKAKCP/PK410pUbBTrWxS9G5fIhE6aYgCfb6dJ 0RnxBh6+CfToeccD3lgS/6M= =Iksk -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat becomes non-response for ~30 seconds
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jared, jnedzel wrote: We're having an intermittent problem with Tomcat becoming non-responsive for a while (between 30 seconds and several minutes) and then recovering without any intervention. There are no error messages in the Tomcat logs. Here's a silly question: what does a thread-dump during those pauses look like? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTZ+49CaO5/Lv0PARArxDAKCVsJw7mtwHxZZxEZBYIgOUZ4yobwCZAVjK SKXAqTz7BBCMxXs6j2tDPWA= =1UjQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat's container architecture - Authenticator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barbara, Bárbara Vieira wrote: My question is: why we are putting the Principal in the Request? So that request.getUserPrincipal() will return a value. Why we can’t just authenticate the user if there is a principal in internal Session?! Doesn’t make sense, put the Principal in the Request, and after in the authentication method we just test if there is a Principal in the Request and return true. A request may be checked multiple times for authentication (think server-side forwards, etc.) so it's a small optimization to cache the principal in the request -- and it satisfies the requirement that request.getUserPrincipal() actually works, so it makes sense. In others words, what kind of security this process provides?! There will never be a Principal object that has not been properly authenticated. Is that good enough security for you? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTaC89CaO5/Lv0PARArZNAJ9GTktlPVu1+Q3a9CMkxbtdAB5V4QCeJJwm K6u4yM6jdG/l+IA/p/WT0TI= =lF0e -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RemoteAddrValve
probably that path attribute is wrong, correct? Not needed on 5x? -Original Message- From: Niki Diulgerov [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 10:57 AM To: Tomcat Users List Subject: RemoteAddrValve Hello there, Using tomcat 5.5.25 + jdk1.5.0_13 By default /tomcat/conf/Catalina/localhost/manager.xml looks like ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false !-- Link to the user database we will get roles from -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context I'm changing it to: ?xml version=1.0 encoding=UTF-8? Context path=/manager docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Valve classname=org.apache.catalina.valves.RemoteAddrValve allow=192.9.202.231/ !-- Link to the user database we will get roles from -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context But no success to implement IP restriction for /manager here is the error: SEVERE: Parse error in context.xml for /manager java.lang.NullPointerException at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2726) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2752) at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1279) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:533) at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:220) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:872) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1693) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1242) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:782) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:722) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:987) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:279) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5071) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3984) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
RE: Create New Data Source
here ya go, Shekhar...see my XML config for JNDI. Keep in mind, I'm on an older version oF TC, so you can probably align and list your param attributes all in one, or more conveniently than I was able to. Resource name=jdbc/myoracle auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/myoracle parameter namefactory/name valueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter parameter namedriverClassName/name valueoracle.jdbc.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@192.222.44.999:1521:SID/value /parameter parameter nameusername/name valueuser_name/value /parameter parameter namepassword/name valuexx/value /parameter parameter namemaxActive/name value125/value /parameter parameter namemaxIdle/name value15/value /parameter parameter namemaxWait/name value7000/value /parameter parameter nameremoveAbandoned/name valuetrue/value /parameter parameter nameremoveAbandonedTimeout/name value60/value /parameter parameter namelogAbandoned/name valuetrue/value /parameter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 11:02 AM To: Tomcat Users List Subject: Create New Data Source Hello list , Can someone please tell me how do I test the connectivity from tomcat server to oracle database. I am good on Unix/databases but new to Tomcat. I have oracle instance named as : lawtst . lawtest running at cemcp62 . (system name) user name is - sdhotre -password is password . I see following fields when I click on create data source . Where do the above values go or is there an example somewhere that I can follow? Data Sources Property Value JNDI Name: Data Source URL: JDBC Driver Class: User Name: Password: Max. Active Connections: Max. Idle Connections: Max. Wait for Connection: Validation Query: Thanks Shekhar Dhotre. Unix Admin. CobbEnergy (Atlanta). - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RemoteAddrValve
Probably wrong? but I saw almost the same example here http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html so cant understand what's wrong ...I'm using completely fresh installation of 5.5.25 whthout any changes except these mentioned here Best regards, Nikolay Diulgerov Network Administrator E-mail: [EMAIL PROTECTED] Telephone : +33 4 89 87 77 77 Fax : +33 4 89 87 77 00 Web: http://www.codix-france.com Propes, Barry L wrote: probably that path attribute is wrong, correct? Not needed on 5x? -Original Message- From: Niki Diulgerov [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 10:57 AM To: Tomcat Users List Subject: RemoteAddrValve Hello there, Using tomcat 5.5.25 + jdk1.5.0_13 By default /tomcat/conf/Catalina/localhost/manager.xml looks like ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false !-- Link to the user database we will get roles from -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context I'm changing it to: ?xml version=1.0 encoding=UTF-8? Context path=/manager docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Valve classname=org.apache.catalina.valves.RemoteAddrValve allow=192.9.202.231/ !-- Link to the user database we will get roles from -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context But no success to implement IP restriction for /manager here is the error: SEVERE: Parse error in context.xml for /manager java.lang.NullPointerException at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2726) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2752) at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1279) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:533) at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:220) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:872) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1693) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1242) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:782) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:722) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:987) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:279) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5071) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3984) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at
Re: Create New Data Source
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shekhar, You might want to start here: http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html#Database%20Connection%20Pool%20(DBCP)%20Configurations This page might be helpful for more Oracle questions: http://www.oracle.com/technology/tech/java/sqlj_jdbc/htdocs/jdbc_faq.htm [EMAIL PROTECTED] wrote: I see following fields when I click on create data source . Where do the above values go or is there an example somewhere that I can follow? User Name: Password: These two should be obvious. JNDI Name: You get to make this one up. Usually it's something similar to the name of the database, but you can make it anything you'd like (I recommend against using / characters in the name, though). Try lawdb or something. This name needs to match the JNDI data source name that your application is expecting. JDBC Driver Class: This is the name of the JDBC driver's class. It depends on the driver you are using for Oracle. Often, it's something like oracle.jdbc.driver.OracleDriver. Data Source URL: This also depends on the driver you are using. The thin driver takes URLs like this: jdbc:oracle:thin:username/password@database For you, this would be: jdbc:oracle:thin:sdhotre/[EMAIL PROTECTED]:1521:lawtst ^user ^pass ^ host ^ port ^ SID Max. Active Connections: Max. Idle Connections: Max. Wait for Connection: Validation Query: These depend on what resource allocation and validation you want for connection pooling. You should read: http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html#Database%20Connection%20Pool%20(DBCP)%20Configurations and http://commons.apache.org/dbcp/configuration.html For development and testing, I *always* set maxActive=1, maxIdle=1, and maxWait=1000 (10 seconds). For Oracle, a good validation query might be SELECT 1 FROM DUAL. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTaZ/9CaO5/Lv0PARAo1AAJ0VG9AvcTBrJ2vQHimRcJ1GRAy3xACfbK+U /+n1hb2kchfkWkEyZcBIDb8= =jOZF -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RemoteAddrValve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry, Propes, Barry L wrote: probably that path attribute is wrong, correct? Not needed on 5x? Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but installing a context.xml file. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTab+9CaO5/Lv0PARAj0bAJ0UP0BX3iNRDJYY9wfH9jqDjqK0dgCfSBNW qjPF788qRxxE9IImbMGEXfg= =chY2 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RemoteAddrValve
hmmm...ok...what is the one that is forgone in that version? The docBase? -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 11:36 AM To: Tomcat Users List Subject: Re: RemoteAddrValve -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry, Propes, Barry L wrote: probably that path attribute is wrong, correct? Not needed on 5x? Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but installing a context.xml file. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTab+9CaO5/Lv0PARAj0bAJ0UP0BX3iNRDJYY9wfH9jqDjqK0dgCfSBNW qjPF788qRxxE9IImbMGEXfg= =chY2 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RemoteAddrValve
From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: RemoteAddrValve Propes, Barry L wrote: probably that path attribute is wrong, correct? Not needed on 5x? Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but installing a context.xml file. Nope, the path attribute is not allowed, and must be removed. The path is derived from the name of the file the Context element is in. Note that the OP is not installing a context.xml file, he's modifying the one in conf/Catalina/localhost/manager.xml. However the erroneous path attribute is not likely the source of the NPE. One possible cause is extraneous control characters in the file, such as the ordering prefix some editors like to throw in at the beginning when editing Unicode. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RemoteAddrValve
OK with this version of manager.xml it works perfect: The difference is in the way IP is written and in the fact that allow starts on new row ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Valve className=org.apache.catalina.valves.RemoteAddrValve allow=192\.9\.202\.231/ ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context Best regards, Nikolay Diulgerov Network Administrator E-mail: [EMAIL PROTECTED] Telephone : +33 4 89 87 77 77 Fax : +33 4 89 87 77 00 Web: http://www.codix-france.com Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: RemoteAddrValve Propes, Barry L wrote: probably that path attribute is wrong, correct? Not needed on 5x? Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but installing a context.xml file. Nope, the path attribute is not allowed, and must be removed. The path is derived from the name of the file the Context element is in. Note that the OP is not installing a context.xml file, he's modifying the one in conf/Catalina/localhost/manager.xml. However the erroneous path attribute is not likely the source of the NPE. One possible cause is extraneous control characters in the file, such as the ordering prefix some editors like to throw in at the beginning when editing Unicode. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat's container architecture - Authenticator
Hi Carlo!! In fact I have to develop a new one and at the same time study and analyze Authenticator package code. Why are you asking? -Original Message- From: Carlo Politi [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 28 de Novembro de 2007 16:52 To: Tomcat Users List Subject: Re: Tomcat's container architecture - Authenticator Only a question: what do you have to do with this auth? do you need to develope a new one or simply study it? ___ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat hangs on writing JSP page to socket
On Nov 28, 2007 1:50 PM, Adam Feuer [EMAIL PROTECTED] wrote: Folks, We're getting intermittent problems where one tomcat thread hangs for up to 10 minutes writing JSP pages to a socket. We think the socket is an HTTP TCP socket. The stack trace from a thread dump for the hung thread is below. This happens multiple times per day at seemingly random intervals. We have not been able to reproduce this reliably and has been happening for as long as we have data (6+ months), so doesn't seem to be tied to a specific recent change. We run Struts 1.35, Tomcat 5.5.9, Linux 2.4.21 (Redhat) on four boxes behind a Netscaler load balancer. All boxes exhibit the same problem at different random intervals. Has anyone seen this problem? If so, do you know of a fix? -adam FWIW, I've noticed similar behavior, but in my case it is easy to reproduce: 1. use a browser to request a long-running and/or large-page-producing web page ; 2. abort the page load before it is done. At that point I see the HTTP response thread blocked writing to the (now closed) socket, with it timing out TCP-wise in about 8 min (Solaris box, Tomcat 5.0.19, JDK 1.4.2_13). - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat hangs on writing JSP page to socket
Folks, We're getting intermittent problems where one tomcat thread hangs for up to 10 minutes writing JSP pages to a socket. We think the socket is an HTTP TCP socket. The stack trace from a thread dump for the hung thread is below. This happens multiple times per day at seemingly random intervals. We have not been able to reproduce this reliably and has been happening for as long as we have data (6+ months), so doesn't seem to be tied to a specific recent change. We run Struts 1.35, Tomcat 5.5.9, Linux 2.4.21 (Redhat) on four boxes behind a Netscaler load balancer. All boxes exhibit the same problem at different random intervals. Has anyone seen this problem? If so, do you know of a fix? -adam Thread 18114: (state = IN_NATIVE) - java.net.SocketOutputStream.socketWrite0(java.io.FileDescriptor, byte[], int, int) @bci=0 (Compiled frame; information may be imprecise) - java.net.SocketOutputStream.socketWrite (byte[], int, int) @bci=44, line=92 (Compiled frame) - java.net.SocketOutputStream.write(byte[], int, int) @bci=4, line=136 (Compiled frame) - org.apache.coyote.Response.action(org.apache.coyote.ActionCode, java.lang.Object ) @bci=31, line=182 (Compiled frame) - java.io.PrintWriter.flush() @bci=15, line=270 (Compiled frame) - org.apache.struts.tiles.taglib.InsertTag.doEndTag() @bci=18, line=462 (Interpreted frame) - org.apache.jsp.pages.SearchNarrowBy_jsp._jspx_meth_tiles_insert_0 ( javax.servlet.jsp.PageContext) @bci=50, line=724 (Interpreted frame) - org.apache.jsp.pages.SearchNarrowBy_jsp._jspService( javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @bci=286, line=120 (Compiled frame) - org.apache.jasper.runtime.HttpJspBase.service( javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @bci=3, line=97 (Interpreted frame) - javax.servlet.http.HttpServlet.service(javax.servlet.ServletRequest , javax.servlet.ServletResponse) @bci=30, line=802 (Interpreted frame) - org.apache.jasper.servlet.JspServletWrapper.service( javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean) @bci=186, line=322 (Compiled frame) - org.apache.jasper.servlet.JspServlet.serviceJspFile( javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.Throwable, boolean) @bci=129, line=291 (Compiled frame) - javax.servlet.http.HttpServlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=30, line=802 (Compiled frame) - org.apache.catalina.core.ApplicationFilterChain.doFilter( javax.servlet.ServletRequest , javax.servlet.ServletResponse) @bci=101, line=173 (Compiled frame) - org.apache.catalina.core.ApplicationDispatcher.invoke( javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=396, line=672 (Compiled frame) - org.apache.catalina.core.ApplicationDispatcher.doInclude( javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=368, line=574 (Compiled frame) - org.apache.catalina.core.ApplicationDispatcher.include ( javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=55, line=499 (Compiled frame) - org.apache.jasper.runtime.JspRuntimeLibrary.include( javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.String , javax.servlet.jsp.JspWriter, boolean) @bci=45, line=966 (Compiled frame) - org.apache.jasper.runtime.PageContextImpl.doInclude(java.lang.String, boolean) @bci=14, line=633 (Compiled frame) - sun.reflect.GeneratedMethodAccessor59.invoke (java.lang.Object, java.lang.Object[]) @bci=71 (Interpreted frame) - sun.reflect.DelegatingMethodAccessorImpl.invoke(java.lang.Object, java.lang.Object[]) @bci=6, line=25 (Compiled frame) - java.lang.reflect.Method.invoke (java.lang.Object, java.lang.Object[]) @bci=111, line=585 (Compiled frame) - org.apache.struts.tiles.taglib.InsertTag.doEndTag() @bci=18, line=462 (Interpreted frame) - org.apache.jsp.pages.SearchPageLayout_jsp._jspx_meth_tiles_insert_5 ( javax.servlet.jsp.PageContext) @bci=50, line=235 (Interpreted frame) - org.apache.jsp.pages.SearchPageLayout_jsp._jspService( javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @bci=381, line=101 (Interpreted frame) - org.apache.jasper.runtime.HttpJspBase.service( javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @bci=3, line=97 (Interpreted frame) - javax.servlet.http.HttpServlet.service(javax.servlet.ServletRequest , javax.servlet.ServletResponse) @bci=30, line=802 (Interpreted frame) - org.apache.jasper.servlet.JspServletWrapper.service( javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean) @bci=186, line=322 (Compiled frame) - org.apache.jasper.servlet.JspServlet.serviceJspFile( javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.Throwable, boolean) @bci=129, line=291 (Compiled frame) -- Adam Feuer adamfeuer1 at gmail dot com -- Adam Feuer adamfeuer1
RE: RemoteAddrValve
From: Niki Diulgerov [mailto:[EMAIL PROTECTED] Subject: Re: RemoteAddrValve if I remove the Valve directive there is no error... Valve classname=org.apache.catalina.valves.RemoteAddrValve allow=192.9.202.231/ It's className, not classname. Case matters. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat becomes non-response for ~30 seconds
If the CPU is maxed out, the thread dump will provide lightweight process numbers. Using a tool like prstat -L on Solaris, you can figure out which lightweight process (thread) it is, and at least confirm that it is the GC thread. the output from prstat is indexed at 1, but the stack dump is indexed at 0, so you need to either add one to the stack dump lwp id, or subtract one from the prstat output. I'm sure there is an equivalent command for prstat in other operating systems, but I do not know what it is. Mark On Nov 28, 2007 12:04 PM, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jared, jnedzel wrote: We're having an intermittent problem with Tomcat becoming non-responsive for a while (between 30 seconds and several minutes) and then recovering without any intervention. There are no error messages in the Tomcat logs. Here's a silly question: what does a thread-dump during those pauses look like? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTZ+49CaO5/Lv0PARArxDAKCVsJw7mtwHxZZxEZBYIgOUZ4yobwCZAVjK SKXAqTz7BBCMxXs6j2tDPWA= =1UjQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RemoteAddrValve
oh so I did recall correctly! ; ) Thought I'd seen Chuck punch that through a time or two. : ) -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 11:48 AM To: Tomcat Users List Subject: RE: RemoteAddrValve From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: RemoteAddrValve Propes, Barry L wrote: probably that path attribute is wrong, correct? Not needed on 5x? Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but installing a context.xml file. Nope, the path attribute is not allowed, and must be removed. The path is derived from the name of the file the Context element is in. Note that the OP is not installing a context.xml file, he's modifying the one in conf/Catalina/localhost/manager.xml. However the erroneous path attribute is not likely the source of the NPE. One possible cause is extraneous control characters in the file, such as the ordering prefix some editors like to throw in at the beginning when editing Unicode. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat's container architecture - Authenticator
Hi Chris!! A request may be checked multiple times for authentication (think server-side forwards, etc.) so it's a small optimization to cache the principal in the request -- and it satisfies the requirement that request.getUserPrincipal() actually works, so it makes sense. This is not a answer to my question. If you look at the sequence that Request object does in the invoke method in AuthenticatorBase, and authenticate method in the FormAuthenticator, you'll see that my question isn't that. I know that caching data is a optimization. But if we have the Principal in cache, why we have to call the authenticator method(FormAuthenticator)? That call doesn't provide any additional security, can you understand now? -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 28 de Novembro de 2007 17:09 To: Tomcat Users List Cc: 'Carlo Politi' Subject: Re: Tomcat's container architecture - Authenticator -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barbara, Bárbara Vieira wrote: My question is: why we are putting the Principal in the Request? So that request.getUserPrincipal() will return a value. Why we can’t just authenticate the user if there is a principal in internal Session?! Doesn’t make sense, put the Principal in the Request, and after in the authentication method we just test if there is a Principal in the Request and return true. A request may be checked multiple times for authentication (think server-side forwards, etc.) so it's a small optimization to cache the principal in the request -- and it satisfies the requirement that request.getUserPrincipal() actually works, so it makes sense. In others words, what kind of security this process provides?! There will never be a Principal object that has not been properly authenticated. Is that good enough security for you? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTaC89CaO5/Lv0PARArZNAJ9GTktlPVu1+Q3a9CMkxbtdAB5V4QCeJJwm K6u4yM6jdG/l+IA/p/WT0TI= =lF0e -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat hangs on writing JSP page to socket
On Nov 28, 2007 11:03 AM, Jim Cox [EMAIL PROTECTED] wrote: FWIW, I've noticed similar behavior, but in my case it is easy to reproduce: 1. use a browser to request a long-running and/or large-page-producing web page ; 2. abort the page load before it is done. At that point I see the HTTP response thread blocked writing to the (now closed) socket, with it timing out TCP-wise in about 8 min (Solaris box, Tomcat 5.0.19, JDK 1.4.2_13). Jim, We tried to reproduce the problem yesterday using this technique, after some research showed others with that problem- stopping the page load while a page is downloading doesn't cause problems on our systems, though. The symptoms are similar- except that in our case, the user experiencing the problem has to wait minutes for the page to load. -adam -- Adam Feuer adamfeuer1 at gmail dot com
Re: Create New Data Source
Christopher and Propes thanks a lot !! Christopher Schultz [EMAIL PROTECTED] 11/28/2007 12:33 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject Re: Create New Data Source -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shekhar, You might want to start here: http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html#Database%20Connection%20Pool%20(DBCP)%20Configurations This page might be helpful for more Oracle questions: http://www.oracle.com/technology/tech/java/sqlj_jdbc/htdocs/jdbc_faq.htm [EMAIL PROTECTED] wrote: I see following fields when I click on create data source . Where do the above values go or is there an example somewhere that I can follow? User Name: Password: These two should be obvious. JNDI Name: You get to make this one up. Usually it's something similar to the name of the database, but you can make it anything you'd like (I recommend against using / characters in the name, though). Try lawdb or something. This name needs to match the JNDI data source name that your application is expecting. JDBC Driver Class: This is the name of the JDBC driver's class. It depends on the driver you are using for Oracle. Often, it's something like oracle.jdbc.driver.OracleDriver. Data Source URL: This also depends on the driver you are using. The thin driver takes URLs like this: jdbc:oracle:thin:username/password@database For you, this would be: jdbc:oracle:thin:sdhotre/[EMAIL PROTECTED]:1521:lawtst ^user ^pass ^ host ^ port ^ SID Max. Active Connections: Max. Idle Connections: Max. Wait for Connection: Validation Query: These depend on what resource allocation and validation you want for connection pooling. You should read: http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html#Database%20Connection%20Pool%20(DBCP)%20Configurations and http://commons.apache.org/dbcp/configuration.html For development and testing, I *always* set maxActive=1, maxIdle=1, and maxWait=1000 (10 seconds). For Oracle, a good validation query might be SELECT 1 FROM DUAL. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTaZ/9CaO5/Lv0PARAo1AAJ0VG9AvcTBrJ2vQHimRcJ1GRAy3xACfbK+U /+n1hb2kchfkWkEyZcBIDb8= =jOZF -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AccessControlException in Coyote Http11Processor (Tomcat 6.0.14). Bug in Coyote ?
Hi Mark, On Tue, 27 Nov 2007 18:21:20 + Mark Thomas wrote: Can you run the faulty instance with: -Djava.security.debug=access,failure and report the failure message. I thought on this, but the exception looks pretty self explanatory. I'll try it anyway, in case anything new comes up. The machine is used in production so this will be applied on the next tomcat restart(might be several days from now). If you can reproduce this at will then -Djava.security.debug=all would be better but it will generate lots of log data I have also seen problems with policy files where I have had to use ${file.separator} rather than / but that was with java.io.FilePermission on Windows rather than in the codebase. Cheers -- Delian - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Create New Data Source
you bet. Barry is fine,thanks! : ) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 2:43 PM To: Tomcat Users List Cc: Tomcat Users List Subject: Re: Create New Data Source Christopher and Propes thanks a lot !! Christopher Schultz [EMAIL PROTECTED] 11/28/2007 12:33 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject Re: Create New Data Source -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shekhar, You might want to start here: http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html#Database%20Connection%20Pool%20(DBCP)%20Configurations This page might be helpful for more Oracle questions: http://www.oracle.com/technology/tech/java/sqlj_jdbc/htdocs/jdbc_faq.htm [EMAIL PROTECTED] wrote: I see following fields when I click on create data source . Where do the above values go or is there an example somewhere that I can follow? User Name: Password: These two should be obvious. JNDI Name: You get to make this one up. Usually it's something similar to the name of the database, but you can make it anything you'd like (I recommend against using / characters in the name, though). Try lawdb or something. This name needs to match the JNDI data source name that your application is expecting. JDBC Driver Class: This is the name of the JDBC driver's class. It depends on the driver you are using for Oracle. Often, it's something like oracle.jdbc.driver.OracleDriver. Data Source URL: This also depends on the driver you are using. The thin driver takes URLs like this: jdbc:oracle:thin:username/password@database For you, this would be: jdbc:oracle:thin:sdhotre/[EMAIL PROTECTED]:1521:lawtst ^user ^pass ^ host ^ port ^ SID Max. Active Connections: Max. Idle Connections: Max. Wait for Connection: Validation Query: These depend on what resource allocation and validation you want for connection pooling. You should read: http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html#Database%20Connection%20Pool%20(DBCP)%20Configurations and http://commons.apache.org/dbcp/configuration.html For development and testing, I *always* set maxActive=1, maxIdle=1, and maxWait=1000 (10 seconds). For Oracle, a good validation query might be SELECT 1 FROM DUAL. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTaZ/9CaO5/Lv0PARAo1AAJ0VG9AvcTBrJ2vQHimRcJ1GRAy3xACfbK+U /+n1hb2kchfkWkEyZcBIDb8= =jOZF -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RemoteAddrValve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: RemoteAddrValve Propes, Barry L wrote: probably that path attribute is wrong, correct? Not needed on 5x? Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but installing a context.xml file. Nope, the path attribute is not allowed, and must be removed. Apologies - I misspoke. Since I didn't see any path in the Context element (it had been added to the second one in the OP), I assumed Barry was referring to docBase and forgot to mention that. I'm an idiot. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTedf9CaO5/Lv0PARAqOVAJ9ABE9eHkdLVI8LMYcbfkeSBwnsYQCfc2Si BDkYtI4eSYZ9tWBVawim7lw= =VZvy -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RemoteAddrValve
From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: RemoteAddrValve I'm an idiot. End of the month - time to reboot :-) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat's container architecture - Authenticator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bárbara, Bárbara Vieira wrote: But if we have the Principal in cache, why we have to call the authenticator method(FormAuthenticator)? That call doesn't provide any additional security, can you understand now? That's a good question. Given the current implementation, it doesn't seem to make sense. On the other hand, the original designers could have determined that some /other/ authenticator might want to wrap (or otherwise change) a request even if the Principal were already available. If you're writing your own, why not simply re-write the code the way you think best and then test the heck out of it. Try the tomcat-dev list to see if someone can answer. Perhaps it's just legacy code that could be further optimized. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTekx9CaO5/Lv0PARAoo/AJ47Gx7MrW/kVBkpjmu7b40dovvS4QCfWAlm sQYLWxYa/+5ImWvYJNraz6w= =wlbi -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RemoteAddrValve
no you're not dude! You've helped me a lot! I've told you so before! -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 4:11 PM To: Tomcat Users List Subject: Re: RemoteAddrValve -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: RemoteAddrValve Propes, Barry L wrote: probably that path attribute is wrong, correct? Not needed on 5x? Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but installing a context.xml file. Nope, the path attribute is not allowed, and must be removed. Apologies - I misspoke. Since I didn't see any path in the Context element (it had been added to the second one in the OP), I assumed Barry was referring to docBase and forgot to mention that. I'm an idiot. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTedf9CaO5/Lv0PARAqOVAJ9ABE9eHkdLVI8LMYcbfkeSBwnsYQCfc2Si BDkYtI4eSYZ9tWBVawim7lw= =VZvy -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to make Tomcat shutdown itself if the address it is trying to bind is already in use.
Thank you Gregor for the suggestion. I was trying to see if there is a way to do this from within my application code which is running under Tomcat. The issue is that I don't have direct control over the scripts that start Tomcat. Thanks Shaji -Original Message- From: Gregor Schneider [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 8:10 AM To: Tomcat Users List Subject: Re: How to make Tomcat shutdown itself if the address it is trying to bind is already in use. if [ -z $(netstat -lnp | grep 8080) ] then echo Tomcat running exit -1 else [ continue with startup-script ] fi do the same for port 8009 (AJP) however, the best way would be to first check if tomcat is running before starting it up remember: a fool with a tool is still a fool... gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 6.0 with Apache 2.2 front-end
Hi, Can anyone provide links to a few tutorials on running Tomcat 6.0 with Apache on the front-end? I know there are 2 recommended techniques, mod_jk and mod_proxy. I'd like to use mod_proxy because it appears to be easier and I do not require a great deal of flexibility. I'm running on Windows Server 2003. I have Apache Running. I have Tomcat running (through port 8080). I just want to know how to communicate between them. thanks, Brent -- View this message in context: http://www.nabble.com/Tomcat-6.0-with-Apache-2.2-front-end-tf4893923.html#a14015513 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6.0 with Apache 2.2 front-end
three options mod_proxy_http mod_jk mod_proxy_ajp Filip loknor wrote: Hi, Can anyone provide links to a few tutorials on running Tomcat 6.0 with Apache on the front-end? I know there are 2 recommended techniques, mod_jk and mod_proxy. I'd like to use mod_proxy because it appears to be easier and I do not require a great deal of flexibility. I'm running on Windows Server 2003. I have Apache Running. I have Tomcat running (through port 8080). I just want to know how to communicate between them. thanks, Brent - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6.0 with Apache 2.2 front-end
Filip Hanik - Dev Lists wrote: three options mod_proxy_http mod_jk mod_proxy_ajp Filip Yep just found the other option, and a site that got me up to speed very quickly. I can now communicate between Apache and Tomcat. http://blog.taragana.com/index.php/archive/5-steps-to-integrate-tomcat-55-with-apache-20 Thanks, Brent -- View this message in context: http://www.nabble.com/Tomcat-6.0-with-Apache-2.2-front-end-tf4893923.html#a14018301 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session not being replicated - DeltaManager
Guys, I have setup a cluster where i have two tomcat instances (one on windows and the other on linux), the two instances are able to detect each other and form a cluster. On top of them i have apache/mod_jk as a load-balancer which has been set NOT to use sticky-sessions, since i want to test my app with a session replication scenario...Also i tried to test this setup with a simple two page app, where in one jsp i am setting a string in session and the other displaying it. NOW for some reasons the sessions are not getting replicated between the two tomcat-instances, and i dont have any clue as to why would that be the case...so if some can please assist me on this...below is my worker.properties and the server.xml file (for the tomcat instances).. WORKER.PROPERTIES worker.list=worker1,worker2,lbworker # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 worker.worker1.host=farhan-pc worker.worker1.port=8009 worker.worker1.lbfactor=2 worker.worker2.type=ajp13 worker.worker2.host=eng2 worker.worker2.port=8009 worker.worker2.lbfactor=2 worker.lbworker.type=lb #worker.lbworker.sticky_session=false worker.lbworker.balance_workers=worker1,worker2 SERVER.XML - (the cluster section, further let me add that i have added in the jvmRoute attribute in the engine element which matches the tomcat worker name as in worker.properties..) --- Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ /Channel ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster -- View this message in context: http://www.nabble.com/Session-not-being-replicated---DeltaManager-tf4894832.html#a14018491 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OT - Tomcat and Stanford NLP POS Tagger
Hi: We are trying to implement servlet setup with Tomcat 5.0.28 and JDK 1.5.x using POS (Parts of Speech) Tagger. We can not get it to work. Unfortunately, there are no error messages in the log files for us to debug. So, I was wondering - anybody in this newsgroup was successful in getting POS Tagger (specifically Standford's) to work properly. I would appreciate any pointers. It works fine as a stand-alone application. Also, we checked their user group not much response so far. Also, googled without much success. Thanks. -vasu - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session not being replicated - DeltaManager
Mistakenly put the wrong worker.properties in my last post where the worker.lbworker.sticky_session=false was commented which is not the case Farhan. mfs wrote: Guys, I have setup a cluster where i have two tomcat instances (one on windows and the other on linux), the two instances are able to detect each other and form a cluster. On top of them i have apache/mod_jk as a load-balancer which has been set NOT to use sticky-sessions, since i want to test my app with a session replication scenario...Also i tried to test this setup with a simple two page app, where in one jsp i am setting a string in session and the other displaying it. NOW for some reasons the sessions are not getting replicated between the two tomcat-instances, and i dont have any clue as to why would that be the case...so if some can please assist me on this...below is my worker.properties and the server.xml file (for the tomcat instances).. WORKER.PROPERTIES worker.list=worker1,worker2,lbworker # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 worker.worker1.host=farhan-pc worker.worker1.port=8009 worker.worker1.lbfactor=2 worker.worker2.type=ajp13 worker.worker2.host=eng2 worker.worker2.port=8009 worker.worker2.lbfactor=2 worker.lbworker.type=lb #worker.lbworker.sticky_session=false worker.lbworker.balance_workers=worker1,worker2 SERVER.XML - (the cluster section, further let me add that i have added in the jvmRoute attribute in the engine element which matches the tomcat worker name as in worker.properties..) --- Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ /Channel ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster -- View this message in context: http://www.nabble.com/Session-not-being-replicated---DeltaManager-tf4894832.html#a14018733 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat's container architecture - Authenticator
Christopher Schultz [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bárbara, Bárbara Vieira wrote: But if we have the Principal in cache, why we have to call the authenticator method(FormAuthenticator)? That call doesn't provide any additional security, can you understand now? That's a good question. Given the current implementation, it doesn't seem to make sense. On the other hand, the original designers could have determined that some /other/ authenticator might want to wrap (or otherwise change) a request even if the Principal were already available. You can't easily wrap the TC internal Request for 5.5+. But this is the main reason. When deriving from AuthenticatorBase, the actual Authenticator implementation has the final say (via it's authenticate method) on who to except. The Authenticators that ship with Tomcat will accept that a previous Valve has authenticated the user (e.g. a custom SSO Valve), but that isn't actually part of the contract for Authenticator. This suggests that the OP would have an easier time if she created a custom Valve (that doesn't implement the Authentictor interface), say com.myfirm.mypackage.MySSLAuthValve, and in web.xml specify FORM auth. Since configured Valves get invoked before Container Valves (as TC is structured now), it would have first choice of authenticating. If MySSLAuthValve sets the Principal in the Request, then TC's FormAuthenticator will just quietly accept it. If it doesn't, then you get normal FORM auth from TC. If you're writing your own, why not simply re-write the code the way you think best and then test the heck out of it. Try the tomcat-dev list to see if someone can answer. Perhaps it's just legacy code that could be further optimized. Suggestions on how to improve the Authenticators that ship with TC are always welcome on [EMAIL PROTECTED] But help on rolling-your-own-Authenticator will likely get you pointed back to this list :). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTekx9CaO5/Lv0PARAoo/AJ47Gx7MrW/kVBkpjmu7b40dovvS4QCfWAlm sQYLWxYa/+5ImWvYJNraz6w= =wlbi -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6.0 with Apache 2.2 front-end
using mod_proxy_http, you want to enable ProxyPreserveHost On Filip loknor wrote: Filip Hanik - Dev Lists wrote: three options mod_proxy_http mod_jk mod_proxy_ajp Filip Yep just found the other option, and a site that got me up to speed very quickly. I can now communicate between Apache and Tomcat. http://blog.taragana.com/index.php/archive/5-steps-to-integrate-tomcat-55-with-apache-20 Thanks, Brent - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AccessControlException in Coyote Http11Processor (Tomcat 6.0.14). Bug in Coyote ?
Delian Krustev wrote: Hi Mark, On Tue, 27 Nov 2007 18:21:20 + Mark Thomas wrote: Can you run the faulty instance with: -Djava.security.debug=access,failure and report the failure message. I thought on this, but the exception looks pretty self explanatory. I'll try it anyway, in case anything new comes up. The machine is used in production so this will be applied on the next tomcat restart(might be several days from now). It should show more information. If there is something subtle going on with the permissions then it should make it easier to figure out. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]