RE: ISAPI log question regarding authentication
Thanks for the reply. I just was not sure. I have to troubleshoot our app as I did not think we were sending back a 401 error. Again, thanks for the reply. From: Rainer Jung [rainer.j...@kippdata.de] Sent: Friday, June 11, 2010 16:36 To: Tomcat Users List Subject: Re: ISAPI log question regarding authentication On 11.06.2010 23:21, Savoy, Melinda wrote: > I am working in my local Eclipse development environment on a Windows XP box. > (As stated in a previous post, I was able to get authentication working in > the Windows 2003 environment after talking to a MS IIS engineer) > > I just got off of a phone call with another IIS engineer at Microsoft > regarding the authentication issue again that I am getting Windows XP and we > spotted something interesting in the ISAPI log and wanted to run it by you > guys. > > I've now setup my IIS and browser in Windows XP to FORCE NTLM authentication > and I am getting in the request, per the ISAPI log, the credentials that it > passes from IIS to Tomcat. > > What is interesting is that it would appear that from the ISAPI log that the > AJP is returning a 401 code to the browser and therefore executing a Windows > Login prompt. Please see bolded/red type below. > > Below is a copy of the entries in my ISAPI log and wanted to get any input on > WHY it would appear that the redirector is returning a 401 status back to my > IE or Firefox browser(?): Because it receives a 401 response form your web application in Tomcat and forwards the response as is to the client. So why is your web application sending a 401? Regards, Rainer > [Fri Jun 11 15:46:59.853 2010] [2292:2200] [info] jk_isapi_plugin.c (2573): > Jakarta/ISAPI/isapi_redirector/1.2.30 initialized > [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1835): > Filter started > [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c > (1036): Attempting to map URI '/localhost/SCMIS/index.jsp' from 1 maps > [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): > Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap' > [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): > Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap' > [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (863): > Found a wildchar match '/SCMIS/*=scmisWorker' > [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1916): > check if [/SCMIS/index.jsp] points to the web-inf directory > [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1932): > [/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker > [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1972): > fowarding escaped URI [/SCMIS/index.jsp] > [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_worker.c (339): > Maintaining worker scmisWorker > [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2792): > Reading extension header HTTP_TOMCATWORKER6A6B: scmisWorker > [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2793): > Reading extension header HTTP_TOMCATWORKERIDX6A6B: 0 > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2794): > Reading extension header HTTP_TOMCATURI6A6B: /SCMIS/index.jsp > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2795): > Reading extension header HTTP_TOMCATQUERY6A6B: (null) > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2850): > Applying service extensions > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3108): > Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 > name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3120): > Service request headers=8 attributes=0 chunked=no content-length=0 available=0 > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_worker.c (116): found a > worker scmisWorker > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2162): > got a worker for name scmisWorker > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (3093): > acquired connection pool slot=0 after 0 retries > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (605): ajp > marshaling done > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (2376): > processing scmisWorker with 2 retries > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (1579): > (scmisWorker) all endpoints are disconnected. > [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_connect.c (480): socket > TCP_NODELAY set to On > [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (604): trying > to connect socket 2112 to 127.0.0.1:8009 > [Fri Jun 11 15:46:59.9
Re: What is the difference between ${param.P} and <%= request.getParameter("P") %>?
2010/6/12 Otmar Manuela : > > So the problem would not happen with ${param.P}, but only with > ${param.my-code}. I guess with parameters with dashes in it, it treats it > as a calculation and therefore returns a 0. > Yes, it does. BTW, you can use ${param['my-code']} > Regarding the javascript attack in the code sample, you are probably right. > I guess a escaping the XML characters will probably help a lot > already, but it does require more thought. > or use ${fn:escapeXml( ... )} The URI for the fn prefix is http://java.sun.com/jsp/jstl/functions Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ISAPI log question regarding authentication
On 11.06.2010 23:21, Savoy, Melinda wrote: I am working in my local Eclipse development environment on a Windows XP box. (As stated in a previous post, I was able to get authentication working in the Windows 2003 environment after talking to a MS IIS engineer) I just got off of a phone call with another IIS engineer at Microsoft regarding the authentication issue again that I am getting Windows XP and we spotted something interesting in the ISAPI log and wanted to run it by you guys. I've now setup my IIS and browser in Windows XP to FORCE NTLM authentication and I am getting in the request, per the ISAPI log, the credentials that it passes from IIS to Tomcat. What is interesting is that it would appear that from the ISAPI log that the AJP is returning a 401 code to the browser and therefore executing a Windows Login prompt. Please see bolded/red type below. Below is a copy of the entries in my ISAPI log and wanted to get any input on WHY it would appear that the redirector is returning a 401 status back to my IE or Firefox browser(?): Because it receives a 401 response form your web application in Tomcat and forwards the response as is to the client. So why is your web application sending a 401? Regards, Rainer [Fri Jun 11 15:46:59.853 2010] [2292:2200] [info] jk_isapi_plugin.c (2573): Jakarta/ISAPI/isapi_redirector/1.2.30 initialized [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1835): Filter started [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (1036): Attempting to map URI '/localhost/SCMIS/index.jsp' from 1 maps [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap' [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap' [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (863): Found a wildchar match '/SCMIS/*=scmisWorker' [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1916): check if [/SCMIS/index.jsp] points to the web-inf directory [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1932): [/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1972): fowarding escaped URI [/SCMIS/index.jsp] [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_worker.c (339): Maintaining worker scmisWorker [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2792): Reading extension header HTTP_TOMCATWORKER6A6B: scmisWorker [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2793): Reading extension header HTTP_TOMCATWORKERIDX6A6B: 0 [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2794): Reading extension header HTTP_TOMCATURI6A6B: /SCMIS/index.jsp [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2795): Reading extension header HTTP_TOMCATQUERY6A6B: (null) [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2850): Applying service extensions [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3108): Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3120): Service request headers=8 attributes=0 chunked=no content-length=0 available=0 [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_worker.c (116): found a worker scmisWorker [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2162): got a worker for name scmisWorker [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (3093): acquired connection pool slot=0 after 0 retries [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (605): ajp marshaling done [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (2376): processing scmisWorker with 2 retries [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (1579): (scmisWorker) all endpoints are disconnected. [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_connect.c (480): socket TCP_NODELAY set to On [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (604): trying to connect socket 2112 to 127.0.0.1:8009 [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (630): socket 2112 connected to 127.0.0.1:8009 [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (967): Connected socket 2112 to (127.0.0.1:8009) [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): sending to ajp13 pos=4 len=524 max=8192 [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 12 34 02 08 02 02 00 08 48 54 54 50 2F 31 2E 31 - .4..HTTP/1.1 [Fri Jun 11 15:46:
Re: mod_jk stability issues
On 11.06.2010 20:06, LES wrote: I only added socket_timeout in after looking at the included file in 1.2.30. I was hoping that there was something in that file that I was missing. I attached the log files that you asked for. Looking through them, I don't see any notable increases in response times. This is a system that is not (yet) actively used, so there is very little load. The thread dumps and the gc log do not seem to indicate that tomcat is pausing in some meaningful way. Also, during this time period, the http connectors in the tomcat instances are responding without delay (hitting the manager page). Another detail is that bouncing tomcat will clear up this problem for some unknown period of time. Here is the worker.properties file: *** ... Any thoughts? Thanx for the time, LES http://old.nabble.com/file/p28858465/modjk_log_files.tar.gz modjk_log_files.tar.gz You have a locking issue in your webapp. Look at the thread dump. the threads used for processing of requests coming in via the AJP connector are named TP-ProcessorN where N is some number. There are 188 of them that hang in the stack: java.lang.Object.wait(Native Method) java.lang.Object.wait(Object.java:485) com.tc.object.lockmanager.impl.ClientLock.waitForLock(ClientLock.java:688) com.tc.object.lockmanager.impl.ClientLock.basicLock(ClientLock.java:242) com.tc.object.lockmanager.impl.ClientLock.lock(ClientLock.java:133) com.tc.object.lockmanager.impl.ClientLock.lock(ClientLock.java:120) com.tc.object.lockmanager.impl.ClientLockManagerImpl.lock(ClientLockManagerImpl.java:341) com.tc.object.lockmanager.impl.StripedClientLockManagerImpl.lock(StripedClientLockManagerImpl.java:105) com.tc.object.lockmanager.impl.ThreadLockManagerImpl.lock(ThreadLockManagerImpl.java:46) com.tc.object.tx.ClientTransactionManagerImpl.begin(ClientTransactionManagerImpl.java:232) com.tc.object.bytecode.ManagerImpl.begin(ManagerImpl.java:355) com.tc.object.bytecode.ManagerImpl.beginLock(ManagerImpl.java:340) com.tc.object.bytecode.ManagerUtil.beginLock(ManagerUtil.java:180) com.tc.object.bytecode.ManagerUtil.beginLock(ManagerUtil.java:162) com.terracotta.session.util.Lock.getWriteLock(Lock.java:36) com.terracotta.session.util.DefaultSessionId.getWriteLock(DefaultSessionId.java:64) com.terracotta.session.SessionDataStore.find(SessionDataStore.java:144) com.terracotta.session.TerracottaSessionManager.getSessionIfExists(TerracottaSessionManager.java:426) com.terracotta.session.SessionRequest.getTerracottaSession(SessionRequest.java:104) com.terracotta.session.SessionRequest.getSession(SessionRequest.java:63) org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:206) The locks they are waiting for are not the same, i.e. 188 different ones. Another problem is 4 more threads also waiting for locks in the stack: java.lang.Thread.sleep(Native Method) com.beip.domain.integration.cognos.c8.exec.ConnectionManager.getConnection(ConnectionManager.java:132) com.beip.domain.integration.cognos.c8.request.ConversationManager.validateReportPath(ConversationManager.java:80) com.beip.domain.integration.cognos.c8.request.ConversationManager.createConversation(ConversationManager.java:43) sun.reflect.GeneratedMethodAccessor11599.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:86) groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:226) groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:899) groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:740) org.codehaus.groovy.runtime.InvokerHelper.invokePojoMethod(InvokerHelper.java:765) org.codehaus.groovy.runtime.InvokerHelper.invokeMethod(InvokerHelper.java:753) org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodN(ScriptBytecodeAdapter.java:167) com.beip.gap.framework.controller.C8Controller$_closure2.doCall(script1274905317445.groovy:63) sun.reflect.GeneratedMethodAccessor11597.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:86) groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:226) org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:250) org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnCurrentN(ScriptBytecodeAdapter.java:77) com.beip.gap.framework.controller.C8Controller$_closure2.doCall(script1274905317445.groovy) sun.reflect.GeneratedMethodAccessor11596.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:8
Re: What is the difference between ${param.P} and <%= request.getParameter("P") %>?
Thanks for the replies. I figured out what was causing the problem. I was using parameters with dashes in it and that was causing this problem. Since I only tested with different parameters with dashes in them, I assume it was happening with all parameters. My bad! So the problem would not happen with ${param.P}, but only with ${param.my-code}. I guess with parameters with dashes in it, it treats it as a calculation and therefore returns a 0. Regarding the javascript attack in the code sample, you are probably right. I guess a escaping the XML characters will probably help a lot already, but it does require more thought. Otmar On 6/9/2010 4:09 AM, Pid wrote: On 08/06/2010 19:06, Otmar Manuela wrote: Hi, I have a contact page, which contains a struts form. However, on that page, when trying to read the URL parameters, I get a zero instead of the parameter value, unless I use<%= request.getParameter() %>. Example: URL loading the contact form page: http://www.somedomain.com/contact.do?itemCode=ABC Contact Form Page: .. Please send me info regarding ${param.itemCode} Submit . The paragraph in the Contact Form page above shows "Please send me info regarding 0". If I change ${param.itemCode} with<%= request.getParameter("itemCode") %>, I get "Please send me info regarding ABC", which is what I want to show. This is the first time I encountered this issue. Normally both would return the same thing. Any idea what is happening? I'm trying to avoid the "<%= %>" syntax as much as possible. Hard to know which JSP version you're using without knowing which Tomcat version, and which version number you have in your web.xml. It's usually a good idea to tell us everything about your environment, including exact Tomcat, OS, JVM and any relevant library versions. If you want to use EL scripting then you may also need to check it's enabled by default (jsp-config section of web.xml if memory servers) p P.S. Also, the above code is probably horribly exposed to javascript attacks, you should not display raw parameter information anywhere in your HTML Thanks, Otmar - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ISAPI log question regarding authentication
I am working in my local Eclipse development environment on a Windows XP box. (As stated in a previous post, I was able to get authentication working in the Windows 2003 environment after talking to a MS IIS engineer) I just got off of a phone call with another IIS engineer at Microsoft regarding the authentication issue again that I am getting Windows XP and we spotted something interesting in the ISAPI log and wanted to run it by you guys. I've now setup my IIS and browser in Windows XP to FORCE NTLM authentication and I am getting in the request, per the ISAPI log, the credentials that it passes from IIS to Tomcat. What is interesting is that it would appear that from the ISAPI log that the AJP is returning a 401 code to the browser and therefore executing a Windows Login prompt. Please see bolded/red type below. Below is a copy of the entries in my ISAPI log and wanted to get any input on WHY it would appear that the redirector is returning a 401 status back to my IE or Firefox browser(?): [Fri Jun 11 15:46:59.853 2010] [2292:2200] [info] jk_isapi_plugin.c (2573): Jakarta/ISAPI/isapi_redirector/1.2.30 initialized [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1835): Filter started [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (1036): Attempting to map URI '/localhost/SCMIS/index.jsp' from 1 maps [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap' [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap' [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (863): Found a wildchar match '/SCMIS/*=scmisWorker' [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1916): check if [/SCMIS/index.jsp] points to the web-inf directory [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1932): [/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1972): fowarding escaped URI [/SCMIS/index.jsp] [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_worker.c (339): Maintaining worker scmisWorker [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2792): Reading extension header HTTP_TOMCATWORKER6A6B: scmisWorker [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2793): Reading extension header HTTP_TOMCATWORKERIDX6A6B: 0 [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2794): Reading extension header HTTP_TOMCATURI6A6B: /SCMIS/index.jsp [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2795): Reading extension header HTTP_TOMCATQUERY6A6B: (null) [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2850): Applying service extensions [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3108): Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3120): Service request headers=8 attributes=0 chunked=no content-length=0 available=0 [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_worker.c (116): found a worker scmisWorker [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2162): got a worker for name scmisWorker [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (3093): acquired connection pool slot=0 after 0 retries [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (605): ajp marshaling done [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (2376): processing scmisWorker with 2 retries [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (1579): (scmisWorker) all endpoints are disconnected. [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_connect.c (480): socket TCP_NODELAY set to On [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (604): trying to connect socket 2112 to 127.0.0.1:8009 [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (630): socket 2112 connected to 127.0.0.1:8009 [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (967): Connected socket 2112 to (127.0.0.1:8009) [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): sending to ajp13 pos=4 len=524 max=8192 [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 12 34 02 08 02 02 00 08 48 54 54 50 2F 31 2E 31 - .4..HTTP/1.1 [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0010 00 00 10 2F 53 43 4D 49 53 2F 69 6E 64 65 78 2E - .../SCMIS/index. [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0020 6A 73 70 00 00
RE: HTTP Status 408!
can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply > Date: Fri, 11 Jun 2010 12:32:44 -0700 > From: neo21_ze...@yahoo.com > Subject: Re: HTTP Status 408! > To: users@tomcat.apache.org > > > > > > I installed the Tomcat 7 RC but the problem persists. > So it's definitely a bug from my app. After the logout is made the redirect > is made from flex(navigateToUrl - function) do you think this could be an > issue? > > > > > > From: Mark Thomas > To: Tomcat Users List > Sent: Thu, June 10, 2010 10:35:48 PM > Subject: Re: HTTP Status 408! > > On 10/06/2010 15:39, neo21 zerro wrote: > > > > Yes I am requesting a protected resource but I don't know why is this > > happening. > > > > > > I've tried to set all sort of cookies in my browser but nothing > > works.The problem is that I'm not using jsp like Pid said > > and I think I should try to use jsp...for my login page. > > Are there other versions of Tomcat ? I mean newer versions, like 7 ? > > That assumes a) there is a bug in Tomcat and b) that it is fixed in a > newer version of 6.0.26. > > I have yet to see any evidence in this thread that there is a bug in Tomcat. > > Mark > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 408!
I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas To: Tomcat Users List Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: > > Yes I am requesting a protected resource but I don't know why is this > happening. > > > I've tried to set all sort of cookies in my browser but nothing > works.The problem is that I'm not using jsp like Pid said > and I think I should try to use jsp...for my login page. > Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Timer leak detection, false positives
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Thomas wrote: >> This thread belongs to EhCache, and by inspecting the code, it looks like >> the timer should be cancelled properly when the application is shut down. > Does the app wait for the thread to stop or does it just cary on? It doesn't wait, from what I can see. So that could explain it. Cheers, Marcus -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwSiJMACgkQXjXn6TzcAQnSjQCfQLGZj51Zz8mv8SHXt4h0Cl6A Zx0An1Ac31VgDNL2ZdSqduMoboXpVzet =1dWL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk stability issues
I only added socket_timeout in after looking at the included file in 1.2.30. I was hoping that there was something in that file that I was missing. I attached the log files that you asked for. Looking through them, I don't see any notable increases in response times. This is a system that is not (yet) actively used, so there is very little load. The thread dumps and the gc log do not seem to indicate that tomcat is pausing in some meaningful way. Also, during this time period, the http connectors in the tomcat instances are responding without delay (hitting the manager page). Another detail is that bouncing tomcat will clear up this problem for some unknown period of time. Here is the worker.properties file: *** # Define 1 real worker using ajp13 worker.list=lb,jkstatus,cas # Set properties for worker1 (ajp13) worker.template.type=ajp13 worker.template.retries=4 worker.template.lbfactor=1 worker.template.reply_timeout=30 worker.template.max_reply_timeouts=10 worker.template.connection_pool_timeout=60 worker.template.connection_pool_minsize=0 worker.template.ping_mode=A worker.template.ping_timeout=1 #worker.template.socket_timeout=10 worker.template.socket_keepalive=true worker.template.socket_connect_timeout=1 worker.tomcat01-instance1.reference=worker.template worker.tomcat01-instance1.host=tomcat01.barnhardt.local worker.tomcat01-instance1.port=8009 worker.tomcat01-instance2.reference=worker.template worker.tomcat01-instance2.host=tomcat01.barnhardt.local worker.tomcat01-instance2.port=18009 worker.tomcat02-instance1.reference=worker.template worker.tomcat02-instance1.host=tomcat02.barnhardt.local worker.tomcat02-instance1.port=8009 worker.tomcat02-instance2.reference=worker.template worker.tomcat02-instance2.host=tomcat02.barnhardt.local worker.tomcat02-instance2.port=18009 worker.cas.type=ajp13 worker.cas.host=localhost worker.cas.port=8009 worker.cas.lbfactor=1 worker.cas.connection_pool_timeout=600 worker.cas.socket_keepalive=1 worker.cas.socket_timeout=60 # Set properties for lb which use the other workers worker.lb.type=lb #worker.lb.method=B worker.lb.sticky_session=True worker.lb.balance_workers=tomcat01-instance1,tomcat01-instance2,tomcat02-instance1,tomcat02-instance2 # Define a 'jkstatus' worker using status worker.jkstatus.type=status Any thoughts? Thanx for the time, LES LES wrote: > > Ok, let me see if I can correlate the various logs and I will post them > later today. Thanx for the help. > > LES > > Rainer Jung-3 wrote: >> >> On 11.06.2010 16:28, LES wrote: >>> >>> Well, your suggested changes worked...until today. It was absolutely >>> rock >>> solid. Then, the last two days, with no load I started receiving >>> errno=110 >>> again. It didn't last all day, only a couple of hours yesterday and a >>> couple today. I have added a socket timeout and am trying to track down >>> any >>> issues on the tomcat side that could have contributed. Any idea where I >>> should look?? >> >> 1) I'm not a big fan of "socket_timeout". It can do more harm than good. >> >> 2) "where should I look": Errno 110 is a timeout, so maybe mod_jk just >> does what you told it to: timing out. Why? There might be a problem on >> the backend (performance problem, thread deadlocks or similar). Activate >> an access log on the backend (Tomcat) and add "%D" to the log pattern >> which will give you millisecond response times for Tomcat. Then it's >> easier to check, whether responses get slow. You can also monito the >> "busy" counts in the jk status worker display. >> >> Finally: Look at the mod_jk log file or provide it for us. >> >> Regards, >> >> Rainer >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > > http://old.nabble.com/file/p28858465/modjk_log_files.tar.gz modjk_log_files.tar.gz -- View this message in context: http://old.nabble.com/mod_jk-stability-issues-tp28662097p28858465.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk stability issues
Ok, let me see if I can correlate the various logs and I will post them later today. Thanx for the help. LES Rainer Jung-3 wrote: > > On 11.06.2010 16:28, LES wrote: >> >> Well, your suggested changes worked...until today. It was absolutely >> rock >> solid. Then, the last two days, with no load I started receiving >> errno=110 >> again. It didn't last all day, only a couple of hours yesterday and a >> couple today. I have added a socket timeout and am trying to track down >> any >> issues on the tomcat side that could have contributed. Any idea where I >> should look?? > > 1) I'm not a big fan of "socket_timeout". It can do more harm than good. > > 2) "where should I look": Errno 110 is a timeout, so maybe mod_jk just > does what you told it to: timing out. Why? There might be a problem on > the backend (performance problem, thread deadlocks or similar). Activate > an access log on the backend (Tomcat) and add "%D" to the log pattern > which will give you millisecond response times for Tomcat. Then it's > easier to check, whether responses get slow. You can also monito the > "busy" counts in the jk status worker display. > > Finally: Look at the mod_jk log file or provide it for us. > > Regards, > > Rainer > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/mod_jk-stability-issues-tp28662097p28857494.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why my web application automatically switchs to https?
On 11/06/2010 15:53, Luca Fagioli wrote: > Il 11/06/2010 16:01, Caldarale, Charles R ha scritto: >>> From: Pid [mailto:p...@pidster.com] >>> Subject: Re: Why my web application automatically switchs to https? >>> >>> Exact Tomcat, JVM, OS versions? >>> >>> Are you using HTTPD/IIS as well? >>> >>> Does the HTML contain hardcoded URLs? >>> >>> Are you using a framework like Struts? >>> >> And are you running Tomcat under Eclipse or some other IDE? (Those >> often use their own configurations, ignoring what you've specified.) >> >> Which web.xml was changed? (Modifying the one in tomcat's conf >> directory would be a mistake.) >> >> Post the complete WEB-INF/web.xml from your webapp. >> >> - Chuck >> > > Thank you guys, > but the problem starts to be even more complicated. The application i've > started to working with is running in the Sterling Integrator (Gentran > Integration Suite) environment, and turned out that its servlet > container is not Tomcat, but Jetty. > > I'm in a big trouble, i think. I've posted the same question in the > Jetty users list, but less traffic out there. > > By the way, this is the web.xml of the application: > > > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> > > Cedacri Web > > SessionExpiredFilter > com.innovery.cedacri.servlets.SessionExpiredFilter > > > > SessionExpiredFilter > /* > > > > dispatcherAN > com.innovery.cedacri.servlets.RequestDispatcherANAGRAFICA > > > > dispatcherSE > com.innovery.cedacri.servlets.RequestDispatcherSERVERS > > > > dispatcherIN > com.innovery.cedacri.servlets.RequestDispatcherINCOMING > > > > dispatcherOU > com.innovery.cedacri.servlets.RequestDispatcherOUTGOING > > > > dispatcherOUI > com.innovery.cedacri.servlets.RequestDispatcherOUTGOINGISTITUTI > > > > dispatcherCO > com.innovery.cedacri.servlets.RequestDispatcherCONFIGURAZIONI > > > > dispatcherDE > com.innovery.cedacri.servlets.RequestDispatcherDEPOSITO > > > > dispatcherRE > com.innovery.cedacri.servlets.RequestDispatcherRECUPERO > > > > dispatcherFI > com.innovery.cedacri.servlets.RequestDispatcherFILIALI > > > > dispatcherII > com.innovery.cedacri.servlets.RequestDispatcherINCOMINGISTITUTI > > > > dispatcherTJ > com.innovery.cedacri.servlets.RequestDispatcherTEMPLATEJCL > > > > Logout > com.innovery.cedacri.servlets.Logout > > > > dispatcherAN > /dispatcherAN > > > dispatcherSE > /dispatcherSE > > > dispatcherIN > /dispatcherIN > > > dispatcherOU > /dispatcherOU > > > dispatcherOUI > /dispatcherOUI > > > dispatcherCO > /dispatcherCO > > > dispatcherDE > /dispatcherDE > > > dispatcherRE > /dispatcherRE > > > dispatcherFI > /dispatcherFI > > > dispatcherII > /dispatcherII > > > dispatcherTJ > /dispatcherTJ > > > Logout > /Logout > > > > login.jsp > If you're using container managed security, you should never make a direct request for the login form. Maybe one of those servlets is doing the HTTPS redirect. p > > http://www.stercomm.com/uix/security > tld/userautho.tld > > > http://jakarta.apache.org/taglibs/xtags-1.0 > tld/taglibs-xtags.tld > > > > > The entire Cedacri dashboard > application > /* > > > NONE > > > > > > > > Luca > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > signature.asc Description: OpenPGP digital signature
Re: mod_jk stability issues
On 11.06.2010 16:28, LES wrote: Well, your suggested changes worked...until today. It was absolutely rock solid. Then, the last two days, with no load I started receiving errno=110 again. It didn't last all day, only a couple of hours yesterday and a couple today. I have added a socket timeout and am trying to track down any issues on the tomcat side that could have contributed. Any idea where I should look?? 1) I'm not a big fan of "socket_timeout". It can do more harm than good. 2) "where should I look": Errno 110 is a timeout, so maybe mod_jk just does what you told it to: timing out. Why? There might be a problem on the backend (performance problem, thread deadlocks or similar). Activate an access log on the backend (Tomcat) and add "%D" to the log pattern which will give you millisecond response times for Tomcat. Then it's easier to check, whether responses get slow. You can also monito the "busy" counts in the jk status worker display. Finally: Look at the mod_jk log file or provide it for us. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why my web application automatically switchs to https?
Il 11/06/2010 16:01, Caldarale, Charles R ha scritto: From: Pid [mailto:p...@pidster.com] Subject: Re: Why my web application automatically switchs to https? Exact Tomcat, JVM, OS versions? Are you using HTTPD/IIS as well? Does the HTML contain hardcoded URLs? Are you using a framework like Struts? And are you running Tomcat under Eclipse or some other IDE? (Those often use their own configurations, ignoring what you've specified.) Which web.xml was changed? (Modifying the one in tomcat's conf directory would be a mistake.) Post the complete WEB-INF/web.xml from your webapp. - Chuck Thank you guys, but the problem starts to be even more complicated. The application i've started to working with is running in the Sterling Integrator (Gentran Integration Suite) environment, and turned out that its servlet container is not Tomcat, but Jetty. I'm in a big trouble, i think. I've posted the same question in the Jetty users list, but less traffic out there. By the way, this is the web.xml of the application: 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> Cedacri Web SessionExpiredFilter com.innovery.cedacri.servlets.SessionExpiredFilter SessionExpiredFilter /* dispatcherAN com.innovery.cedacri.servlets.RequestDispatcherANAGRAFICA dispatcherSE com.innovery.cedacri.servlets.RequestDispatcherSERVERS dispatcherIN com.innovery.cedacri.servlets.RequestDispatcherINCOMING dispatcherOU com.innovery.cedacri.servlets.RequestDispatcherOUTGOING dispatcherOUI com.innovery.cedacri.servlets.RequestDispatcherOUTGOINGISTITUTI dispatcherCO com.innovery.cedacri.servlets.RequestDispatcherCONFIGURAZIONI dispatcherDE com.innovery.cedacri.servlets.RequestDispatcherDEPOSITO dispatcherRE com.innovery.cedacri.servlets.RequestDispatcherRECUPERO dispatcherFI com.innovery.cedacri.servlets.RequestDispatcherFILIALI dispatcherII com.innovery.cedacri.servlets.RequestDispatcherINCOMINGISTITUTI dispatcherTJ com.innovery.cedacri.servlets.RequestDispatcherTEMPLATEJCL Logout com.innovery.cedacri.servlets.Logout dispatcherAN /dispatcherAN dispatcherSE /dispatcherSE dispatcherIN /dispatcherIN dispatcherOU /dispatcherOU dispatcherOUI /dispatcherOUI dispatcherCO /dispatcherCO dispatcherDE /dispatcherDE dispatcherRE /dispatcherRE dispatcherFI /dispatcherFI dispatcherII /dispatcherII dispatcherTJ /dispatcherTJ Logout /Logout login.jsp http://www.stercomm.com/uix/security tld/userautho.tld http://jakarta.apache.org/taglibs/xtags-1.0 tld/taglibs-xtags.tld The entire Cedacri dashboard application /* NONE Luca - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk stability issues
Well, your suggested changes worked...until today. It was absolutely rock solid. Then, the last two days, with no load I started receiving errno=110 again. It didn't last all day, only a couple of hours yesterday and a couple today. I have added a socket timeout and am trying to track down any issues on the tomcat side that could have contributed. Any idea where I should look?? Thanx, LES Rainer Jung-3 wrote: > > On 25.05.2010 14:48, LES wrote: >> I can't believe I missed the millisecond thing. :) > > No problem, it's our fault not using consistent time units. The latest > 1.2.30 has a useful default configuration in the src tarball. But yours > looks good too. > > Regards, > > Rainer > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/mod_jk-stability-issues-tp28662097p28855964.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Why my web application automatically switchs to https?
> From: Pid [mailto:p...@pidster.com] > Subject: Re: Why my web application automatically switchs to https? > > Exact Tomcat, JVM, OS versions? > > Are you using HTTPD/IIS as well? > > Does the HTML contain hardcoded URLs? > > Are you using a framework like Struts? And are you running Tomcat under Eclipse or some other IDE? (Those often use their own configurations, ignoring what you've specified.) Which web.xml was changed? (Modifying the one in tomcat's conf directory would be a mistake.) Post the complete WEB-INF/web.xml from your webapp. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Timer leak detection, false positives
On 11/06/2010 14:13, Marcus Better wrote: > Hi, > > I run a Grails app on Tomcat 6.0.26 (OpenJDK 6, Debian). When undeploying, > it reports several leaked objects, including a timer thread that was left > running. > > This thread belongs to EhCache, and by inspecting the code, it looks like > the timer should be cancelled properly when the application is shut down. > Therefore I suspect that it might be a false positive. Is this likely or > not? Does the app wait for the thread to stop or does it just cary on? If it doesn't wait then there is a good chance the thread will still be running when Tomcat checks for leaks and hence will get reported. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why my web application automatically switchs to https?
On 11/06/2010 14:31, Luca Fagioli wrote: > Hi, > i can't figure out why a web application i'm working with, keep on > switching automatically from http to https after each jsp:forward. > > I've tried to add to web.xml the following snippet: > > > > > > The entire dashboard >application > /* > > > > > NONE > > > > > > > hoping to force the application to a plain http communication, but no > results. > > Any ideas? Ideas no, questions yes: Exact Tomcat, JVM, OS versions? Are you using HTTPD/IIS as well? Does the HTML contain hardcoded URLs? Are you using a framework like Struts? p > Thanks, > Luca > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > signature.asc Description: OpenPGP digital signature
Re: Timer leak detection, false positives
On 11/06/2010 14:13, Marcus Better wrote: > Hi, > > I run a Grails app on Tomcat 6.0.26 (OpenJDK 6, Debian). When undeploying, > it reports several leaked objects, including a timer thread that was left > running. > > This thread belongs to EhCache, and by inspecting the code, it looks like > the timer should be cancelled properly when the application is shut down. > Therefore I suspect that it might be a false positive. Is this likely or > not? It's possible. Can you build a small test case in web app form that replicates this? p > The app uses Spring's EhCacheManagerFactoryBean, which calls > EhCacheManager.shutdown() during application context shutdown. That in turn > calls cancel() and purge() on the Timer. > > Cheers, > > Marcus - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Why my web application automatically switchs to https?
Hi, i can't figure out why a web application i'm working with, keep on switching automatically from http to https after each jsp:forward. I've tried to add to web.xml the following snippet: The entire dashboard application /* NONE hoping to force the application to a plain http communication, but no results. Any ideas? Thanks, Luca - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Timer leak detection, false positives
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I run a Grails app on Tomcat 6.0.26 (OpenJDK 6, Debian). When undeploying, it reports several leaked objects, including a timer thread that was left running. This thread belongs to EhCache, and by inspecting the code, it looks like the timer should be cancelled properly when the application is shut down. Therefore I suspect that it might be a false positive. Is this likely or not? The app uses Spring's EhCacheManagerFactoryBean, which calls EhCacheManager.shutdown() during application context shutdown. That in turn calls cancel() and purge() on the Timer. Cheers, Marcus -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwSNpIACgkQXjXn6TzcAQnjvgCg6K4tHVM9v2hFB4IBOYnPOeij 7EEAoI/5JtwAbb3BvD5JP/cvmOZWvlBw =tsrG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Invalidate problem with Opera
Søren Blidorf wrote: In my webapp I use session.invalidate(). It works fine in IE, but not in Opera. I get no error but the user is still logged in. Any idears? A guess, and a way to check it : The guess is that a side-effect of session.invalidate() is that in the next response to the browser, the JSESSIONID cookie should be deleted. The check : - get the Fiddler2 add-on for IE and install it - get a similar add-on for Opera and install it (These add-ons allow you to see which HTTP headers the server is sending to the browser; as a more complex alternative, use Wireshark or so). Then call up the respective browser, trigger the add-on, and start and stop a session. At the start of a session, you should see a response from the server including a Set-Cookie header, for a JSESSIONID cookie. In the last response from the server (after your logout), there should be a Set-Cookie header, which cancels the JSESSIONID cookie (probably by setting the expiration to "now"). This HTTP header should be identical in both cases. If it is, and it works in one case and not the other, then it is either a browser bug, or the Set-Cookie header itself which is not entirely correct (unlikely, I guess). By "it works", I mean that the result should be to delete the cookie in the browser. If the cookie is deleted, then at the next request to the server, no JSESSIONID cookie is sent, and Tomcat will consider this as a new session. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Invalidate problem with Opera
In my webapp I use session.invalidate(). It works fine in IE, but not in Opera. I get no error but the user is still logged in. Any idears? Soren
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
After debugging my apps I notice that all session context all correctly invalidated except one context. I have made test with four context, three of them are correctly invalidated and just one remains the user's session. I don't understand what is happened with this case. Best regards, Mariano 2010/6/11 Mariano López > I just tried requireReauthentication in SingleSignOn valve and always > drives me to login page, so with this does not work. > > Best regards, > > Mariano > > > -- Forwarded message -- > From: Pid > Date: 2010/6/10 > Subject: Re: How to finalize all sessions in a server with SingleSignOn > valve activated ? > To: Tomcat Users List > > > On 10/06/2010 09:05, Mariano López wrote: > > According to > > > http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On > > > > *As soon as the user logs out of one web application (for example, by > > invalidating the corresponding session if form based login is used), the > > user's sessions in *all* web applications will be invalidated. Any > > subsequent attempt to access a protected resource in any application > > will require the user to authenticate himself or herself again.* > > Yes, I know what it says, and it works for me - but I'm not using a > custom JAAS setup. > > > This is just what i need, i suppose that this is a bug. > > The point I was making was that I wasn't sure if custom JAAS > automatically worked with the SSO valve, although my gut feeling is that > it should. > > Maybe one of the devs will have something to say. > > Did you try setting "requireReauthentication"? > > > p > > > I will search in bug database for this problem. > > > > Thank you very much for your help, > > > > Mariano > > > > 2010/6/9 Pid mailto:p...@pidster.com>> > > > > On 09/06/2010 11:58, Mariano López wrote: > > > Yes, all of the apps are in the same Host. > > > > > > Here is my server.xml file: > > > > > > > > > > > > >> > resourceName="jdbc/ds_usuarios_jaas_Local" > > > appName="Usuarios" > > > > > > > > > userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP" > > > > > > > > > roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/> > > > > > >> > unpackWARs="true" autoDeploy="false" > > > xmlValidation="false" xmlNamespaceAware="false"> > > > > > > > className="org.apache.catalina.authenticator.SingleSignOn" /> > > > > > > > > > > > > > I don't know if the SSO valve makes any guarantees about working with > > custom JAASRealm's. > > > > Try setting "requireReauthentication" to true. > > > > http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#SingleSign On > > Valve > > > > > > p > > > > > > > > > > > > > >
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
I just tried requireReauthentication in SingleSignOn valve and always drives me to login page, so with this does not work. Best regards, Mariano -- Forwarded message -- From: Pid Date: 2010/6/10 Subject: Re: How to finalize all sessions in a server with SingleSignOn valve activated ? To: Tomcat Users List On 10/06/2010 09:05, Mariano López wrote: > According to > http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On > > *As soon as the user logs out of one web application (for example, by > invalidating the corresponding session if form based login is used), the > user's sessions in *all* web applications will be invalidated. Any > subsequent attempt to access a protected resource in any application > will require the user to authenticate himself or herself again.* Yes, I know what it says, and it works for me - but I'm not using a custom JAAS setup. > This is just what i need, i suppose that this is a bug. The point I was making was that I wasn't sure if custom JAAS automatically worked with the SSO valve, although my gut feeling is that it should. Maybe one of the devs will have something to say. Did you try setting "requireReauthentication"? p > I will search in bug database for this problem. > > Thank you very much for your help, > > Mariano > > 2010/6/9 Pid mailto:p...@pidster.com>> > > On 09/06/2010 11:58, Mariano López wrote: > > Yes, all of the apps are in the same Host. > > > > Here is my server.xml file: > > > > > > > >> resourceName="jdbc/ds_usuarios_jaas_Local" > > appName="Usuarios" > > > > > userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP" > > > > > roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/> > > > >> unpackWARs="true" autoDeploy="false" > > xmlValidation="false" xmlNamespaceAware="false"> > > > > className="org.apache.catalina.authenticator.SingleSignOn" /> > > > > > > > > I don't know if the SSO valve makes any guarantees about working with > custom JAASRealm's. > > Try setting "requireReauthentication" to true. > > http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On > Valve > > > p > > > > > signature.asc Description: PGP signature - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat in Eclipse Error 500 java.lang.ClassNotFoundException
On 11/06/2010 05:21, Vitalstatistix wrote: > > Yeh that was just a dodgy hack to get around my initial errors when using > javac. I found out later the reason why javac wasn't working on my servlet > class was because servlet-api.jar wasn't on the classpath, > after adding that I was able to compile it the normal way. Also the solution > is NOT to put it in the WEB-INF folder, you need to have your .class file in > the build/classes/ folder. It'll eventually need to end up in WEB-INF/classes/my/package.AServlet.class or, inside a jar, e.g. WEB-INF/lib/myservlets.jar or you won't be able to deploy the web app... p > Pid * wrote: >> >> On 10/06/2010 03:20, Vitalstatistix wrote: >>> >>> >>> SOLVED: >>> >>> There was no HelloServlet.class file so I had to put an empty main method >>> into the HelloServlet.java class and run it to generate the >>> HelloServlet.class file, then I placed the class file in the WEB-INF >>> folder >>> and it all worked fine. >> >> Er, what? >> >> 1. There's no need for an empty main method. >> 2. We usually just compile a .java file to get a .class >> >> >> p >> >>> Vitalstatistix wrote: Hey, I've just been working on this tutorial here: http://www.ibm.com/developerworks/opensource/library/os-eclipse-tomcat/index.html It has been pretty good and I've got the jsp page to show the time but when I try going to the HelloServlet I get the error 500. http://www.ibm.com/developerworks/opensource/library/os-eclipse-tomcat/index.html Error Report type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Wrapper cannot find servlet class com.example.servlets.HelloServlet or a class it depends on org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) java.lang.Thread.run(Unknown Source) root cause java.lang.ClassNotFoundException: com.example.servlets.HelloServlet org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1516) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1361) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) java.lang.Thread.run(Unknown Source) web.xml file generated in my Eclipse web project http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; id="WebApp_ID" version="2.5"> FirstWebProject index.html index.htm index.jsp default.html default.htm default.jsp HelloServlet HelloServlet com.example.servlets.HelloServlet HelloServlet /HelloServlet Sorry I don't know how to add code tags in this forum. I'm using Tomcat 6. I've made no changes to ANY web.xml files, I simply followed that short basic tutorial step by step. My HelloServlet.java class is exactly the same as in the tutorial and is in the same package. Could you please tell me why it can't seem to find the class? Thanks heaps, :) >>> >> >> >> >> >> > signature.asc Description: OpenPGP digital signature
Re: [OT] Re: problems at thejarbar.org
Hello tomcats !! :) A quick question as I tackle configuring jndi resource for first time: I was referred to using jndi in production environmrnt snd hsve noted through documentation found in test server that there are 3 possible places to define jndi resources: 1)the server .xml(for every webapp in server if I am correct. 2)context.xml 3)web.xml As I am planning on only using this resource for multiple webapps in same domain, am I right in asuming server.xml is correct choice to define jndi resource? In addition I am to define jndi used in server.xml again in web.xml? I now need to know how / where to configure parameters for mysql connections or are the defaults acceptable for production? -- From: Sent: Thursday, June 03, 2010 12:41 AM To: "Tomcat Users List" Subject: Re: [OT] Re: problems at thejarbar.org Ok I appreciatethis big help. I am expecting a small amount of users though so does that mean that a datasource realm may be overkill? I am not implying that this is what was being said earlier, just trying to learn more. I have noticed though that forum posters seem to assume a lot at times, an example was that I need to learn maven which itself was a good headsup although I am familiar with it already. The sad thing is that with sun/oracle transition maven documentation is rotten and many of the plugins need a revamp, especially ones for full stack jee severs I learnt a little start of this year and everything was too fresh (jboss 6 not even released yet or is it?) or was very outdated for me as I started Java when JSE 6 was released so have little interest in knowing how to use maven in legacy systems unless I get employment in enterprise(hopefuly soon), Java is in a mess st the moment with no news on JSE7 and very little info from Oracle. I took it as a blessing in disguise an started getting to know JSF and hibernate and other stuff. PS can anyone confirm that there is firefox bug when selecting a different locale for i8n testing? I am able only to change locale few times. -- From: "Christopher Schultz" Sent: Wednesday, June 02, 2010 6:25 AM To: "Tomcat Users List" Subject: Re: [OT] Re: problems at thejarbar.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yucca Nel, On 6/2/2010 8:27 PM, yucca...@live.co.za wrote: There was a question as to why I am using a realm and application based realm and I have no idea howcome people think I am not using only tomcat realm? It's not that we think you're using a non-Tomcat Realm: it's that we think you're using the /wrong/ Tomcat Realm. See... JDBCRealm uses its own set of credentials to connect to the database and uses a single Connection object, requiring lots of synchronization to protect that shared resource. Basically, it's not appropriate for production because of those two facts. Instead, we're suggesting that you set up a DataSource and then use a DataSourceRealm which will use a connection-per-authentication-attempt and is much more high-performance. hibernate is not doing any security related stuff other than persisiting new users and thier credentials to mysql. Tomcat is only managing security and hibernate everything else... Hope this clears up discussion. :) Is hibernate using a Tomcat-created DataSource? If not, you're making your life harder by placing database connection configuration in several places instead of just one. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwGW8IACgkQ9CaO5/Lv0PALlwCgwejhODA7bB92UMEbgpIPGb8R 3RoAn3BXDzQWZ5497EKzaSP1W84Mtqu2 =zCtF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about licensincing of tomcat 6 latest
On 11/06/2010 06:55, Gurkan Erdogdu wrote: > Hello Kartikey; > > You could use with giving required "NOTICE" for the Apache Tomcat (Apache > Tomcat NOTICE file includes notices, > http://svn.apache.org/repos/asf/tomcat/trunk/NOTICE) and your product must > include "ASL V2 license text file" that is readable by your > prospects/customers etc. > > Please also look at http://www.apache.org/licenses/LICENSE-2.0.txt about ASL > V2 license items. (Specifically Item 4 :Redistribution) > > If you have a specific question, you could ask it to the legal mailing list, > legal-disc...@apache.org Be aware that the legal-discuss list is not going to provide you with free legal advice. If you are unsure how to interpret the ALv2 or what it may mean in your specific circumstances then you will have to pay a lawyer to tell you. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org