Re: DBCP abandoned trace - unable to understand the leak
On 10/11/2010 06:51, sasidhar prabhakar wrote: After changing time out value now I am getting this problem org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object Shall we guess what you set it to? My guess is 7. Am I right? What else did you change? p On Tue, Nov 9, 2010 at 5:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: Sasidhar, On 11/8/2010 12:31 AM, sasidhar prabhakar wrote: On Thu, Nov 4, 2010 at 9:10 PM, Christopher Schultz ch...@christopherschultz.net wrote: I have found that these exceptions can occur even when there is no leak. Specifically, if your SQL query takes a long time to run (that is, more than the ababdonedTimeout), another request to the connection pool complains about the connection and calls it abandoned. I think your right. Timeout I mentioned 30sec deafault is 300sec. This is my context.xml ?xml version=1.0 encoding=UTF-8? Context path= path is not allowed in context.xml: remove it. validationQuery=SELECT * from dual SELECT *? Wow. How about SELECT 1 FROM dual? testOnBorrow=true removeAbandoned=true removeAbandonedTimeout=30 That's a 30-second abandoned timeout. username=scott password=*** tiger, right? Technically speaking, the connection hasn't been leaked, but the connection pool can't really guess the reason why the connection hasn't been returned. Can you time your queries to see how long they take? Could you post your Resource configuration for your DataSource? For some queries it took more than 30 seconds, from getting data from ip_to_geo table, which has 3 million rows in it. That could be your problem: you should probably increase your removeAbandonedTimeout value to something more appropriate for your application. You might also want a dba to check out your queries and your database structure. 3 million rows isn't that much, even for Oracle :) Another note: I notice that you are using a DataSource object that survives for the life of the DAO object, and is even created by the object in its constructor. Every DAO has only one instance for the entire life of application. Is this correct approach. So Every thread accessing the same datasource object to get connection. It was just a recommendation which gives you flexibility: your webapp (or the container, etc.) has the freedom to discard and completely re-build the DataSource for your webapp if you always go to the JNDI context to get the DataSource. Otherwise, you will force a webapp restart just to get a new DataSource. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: DBCP abandoned trace - unable to understand the leak
Sorry for that. I changed it 300 seconds. On Wed, Nov 10, 2010 at 2:12 AM, Pid p...@pidster.com wrote: On 10/11/2010 06:51, sasidhar prabhakar wrote: After changing time out value now I am getting this problem org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object Shall we guess what you set it to? My guess is 7. Am I right? What else did you change? p On Tue, Nov 9, 2010 at 5:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: Sasidhar, On 11/8/2010 12:31 AM, sasidhar prabhakar wrote: On Thu, Nov 4, 2010 at 9:10 PM, Christopher Schultz ch...@christopherschultz.net wrote: I have found that these exceptions can occur even when there is no leak. Specifically, if your SQL query takes a long time to run (that is, more than the ababdonedTimeout), another request to the connection pool complains about the connection and calls it abandoned. I think your right. Timeout I mentioned 30sec deafault is 300sec. This is my context.xml ?xml version=1.0 encoding=UTF-8? Context path= path is not allowed in context.xml: remove it. validationQuery=SELECT * from dual SELECT *? Wow. How about SELECT 1 FROM dual? testOnBorrow=true removeAbandoned=true removeAbandonedTimeout=30 That's a 30-second abandoned timeout. username=scott password=*** tiger, right? Technically speaking, the connection hasn't been leaked, but the connection pool can't really guess the reason why the connection hasn't been returned. Can you time your queries to see how long they take? Could you post your Resource configuration for your DataSource? For some queries it took more than 30 seconds, from getting data from ip_to_geo table, which has 3 million rows in it. That could be your problem: you should probably increase your removeAbandonedTimeout value to something more appropriate for your application. You might also want a dba to check out your queries and your database structure. 3 million rows isn't that much, even for Oracle :) Another note: I notice that you are using a DataSource object that survives for the life of the DAO object, and is even created by the object in its constructor. Every DAO has only one instance for the entire life of application. Is this correct approach. So Every thread accessing the same datasource object to get connection. It was just a recommendation which gives you flexibility: your webapp (or the container, etc.) has the freedom to discard and completely re-build the DataSource for your webapp if you always go to the JNDI context to get the DataSource. Otherwise, you will force a webapp restart just to get a new DataSource. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DBCP abandoned trace - unable to understand the leak
On 10/11/2010 08:29, sasidhar prabhakar wrote: Sorry for that. I changed it 300 seconds. OK What else did you change? [hint hint] p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Single webapp multiple contexts
Hi. Quite apart from all the other answers you already got, check the UrlRewriteFilter at www.tuckey.org, to see if it does not provide an alternative way of doing what you want. Rob Gregory wrote: Hello Tomcat Users, I am trying to create multiple 'dynamic' contexts using just a single code base. For example we currently deploy a webapps within a context of let's say 'A'. This listens quite happily for requests coming in the form of http://localhost/A/index.htm. What I need to be able to do is have this same code base also listen for requests in the form of http://localhost/B/index.htm. I have played with using 'fake' context.xml e.g. A.xml = Context useHttpOnly=true docBase=C:/0600/ieseries.war path=/A / B.xml = Context useHttpOnly=true docBase=C:/0600/ieseries.war path=/B / This seems to work but the war is expanded into both contexts and what I really need is a single code base preferably without the requirement of using a .war file. I have looked at virtual hosts but this seems to involve changing the host name which is also not what I am trying to achieve. Using Tomcat 6.0.29 under Java(TM) SE Runtime Environment (build 1.6.0_14-b08). CATALINA_HOME is C:/0600. Can anyone give me a gentle push in the right direction if this is at all possible. Thanks in advance. Rob - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: setenv.sh in an individual tomcat catalina base
Hi Ziggy. Sorry then. I was too lazy to go back to check, and I must have confused your post with another one. Ziggy wrote: Hi Andre, I am using a standard Tomcat installation downloaded from tomcat.apache.org. I am confused as to how you determined that am using a packaged version of Tomcat :) -- D On Tue, Nov 9, 2010 at 3:55 PM, André Warnier a...@ice-sa.com wrote: Hi. As I recall, you are using a packaged version of Tomcat (meaning not the original one from the tomcat website download, but one already packaged by the people who do such things for your OS version). You should then look carefully at what scripts are used to start/stop Tomcat on your particular system (starting with /etc/init.d/tomcat e.g.), what they invoke and when, to determine what you can put into CATALINA_HOME/x and CATALINA_BASE/y. For example, these packages often use a file /etc/default/tomcat that sets some environment values, which are later used to determine what other scripts do. What Konstantin indicates below is based on the standard catalina.sh as provided in the standard Tomcat download, but there is no guarantee that this script has not been modified (or is even used) in your particular package. Ziggy wrote: I am using Tomcat v5.5 Do you mean that for newer versions of Tomcat, if i want to move some of the scripts from $CATALINA_HOME/bin to $CATALINA_BASE/bin i will not be able to? Thanks On Tue, Nov 9, 2010 at 1:38 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2010/11/9 Ziggy zigg...@gmail.com: Are there any side effects to doing this? Can tomcat use both $CATALINA_BASE/bin/ and $CATALINA_HOME/bin during startup? From catalina.sh: if [ -r $CATALINA_BASE/bin/setenv.sh ]; then . $CATALINA_BASE/bin/setenv.sh elif [ -r $CATALINA_HOME/bin/setenv.sh ]; then . $CATALINA_HOME/bin/setenv.sh fi i.e. it takes setenv.sh from $CATALINA_BASE if it exists, otherwise from $CATALINA_HOME. All the other script files are supposed to remain in $CATALINA_HOME/bin. I am talking about the latest version of those scripts. I do not know how old your Tomcat version is. You may look at your catalina.sh for yourself. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DBCP abandoned trace - unable to understand the leak
On 10/11/2010 09:41, sasidhar prabhakar wrote: private static DataSource dataSource; Getting the DataSource shouldn't be an expensive operation, so 'optimising' by retaining a static reference to it doesn't make much sense. Try just getting a fresh DataSource every time - your DB queries are taking far longer to process than any theoretical performance improvement gained here. p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: [OT] Re: DBCP abandoned trace - unable to understand the leak
On 04/11/2010 11:09, Peter Crowther wrote: On 4 November 2010 10:54, Mark Thomas ma...@apache.org wrote: On 04/11/2010 05:01, sasidhar prabhakar wrote: I have one doubt. You have a question not a doubt I see this on many forums, and have come to realise it's associated with speakers of at least one of the widely-used languages in India. I've just come to accept that doubt is the most obvious English translation of the concept - though I agree with you that question is more understandable to most English speakers. To sasidhar prabhakar: if you don't mind me asking, what's your native language and what's the word or phrase that you're translating as doubt? When this comes up in forums, I'd like to be able to tell the poster that question is probably a better English translation than doubt, and I would be able to do that more easily if I knew the original word or phrase that you're translating. I like it when my questions go unanswered too. That's why I lurk on mailing lists, looking for an opportunity to throw a question out there that'll sit waiting for an answer for weeks, or ideally indefinitely. ;) p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: DBCP abandoned trace - unable to understand the leak
On 04/11/2010 15:41, Mikolaj Rydzewski wrote:
On Thu, 4 Nov 2010 10:37:25 -0500, Propes, Barry L
barry.l.pro...@citi.com wrote:
Not sure if it matters or not, but in your SponserSummaryDAO
method, it appears you establish the rs as null, but don't ever close
it? You might specifically try that.
And is it necessary to reassign all those variables (connection, rs,
pstmt) to null again in those catch blocks?
One more reason to use well designed utilities like commons-dbutils or
jdbc-template.
Or at least to use a static method to close the db objects stop
putting the same boiler plate in all of the finally blocks.
public class DB {
public static void close(ResultSet obj) {
if (obj == null)
return;
try {
obj.close();
}
catch (SQLException e) {
// catch or log
e.printStackTrace();
}
}
public static void close(Statement obj) {
if (obj == null)
return;
try {
obj.close();
}
catch (SQLException e) {
// catch or log
e.printStackTrace();
}
}
public static void close(Connection obj) {
if (obj == null)
return;
try {
obj.close();
}
catch (SQLException e) {
// catch or log
e.printStackTrace();
}
}
}
ResultSet rs = null;
PreparedStatement ps = null;
Connection cn = null;
try {
// ... do DB stuff
}
catch (SQLException e) {
// ... log or something
}
finally {
DB.close(rs);
DB.close(ps);
DB.close(cn);
}
p
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
Re: DBCP abandoned trace - unable to understand the leak
On 10/11/2010 09:02, Pid wrote: On 04/11/2010 12:04, sasidhar prabhakar wrote: dataSource = ConnectionUtil.getDataSource(); } Is the class you posted the only DAO? Could the leak be from another class? Can you post ConnectionUtil.java? Given the SQL seen so far and that some queries take longer than 30s to complete, my money is on the the app trying to process more long running queries in parallel then the pool has connections available. With a low time-out (30s), the pool was abandoning the connections. With a long time-out (300s), the pool was becoming exhausted. If this analysis is correct, the fix is to address the root cause of the long running queries. Unless you are lucky and there is one poorly performing query, the chances are the application and/or database have architectural issues that will require significant work to put right. Web applications should not routinely be running queries as part of request processing that take in excess of a second or so to run. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DBCP abandoned trace - unable to understand the leak
On 04/11/2010 07:50, sasidhar prabhakar wrote:
We are using struts and following DAO pattern.
This is the code
public String getCountryName(long ipSum){
String name = null;
Connection connection = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try{
connection = dataSource.getConnection();
pstmt = connection.prepareStatement(select country_name from
ip_to_geo where ? between ip_from and ip_to);
That query looks like a candidate for being slow to me.
pstmt.setString(1, +ipSum);
Minor: but pstmt.setString(1, String.valueOf(ipSum)) would be better.
Slightly less minor, is the question, why are you converting a long to a
string and then attempting to conduct a range operation on it?
There's another method: pstmt.setLong(1, ipSum) which might work, unless
your DB tables are strangely constructed.
p
rs = pstmt.executeQuery();
if( rs.next() ){
name = rs.getString(1);
}
}catch(Exception ex){
ex.printStackTrace();
}finally{
try{if( rs!=null)rs.close();}catch(SQLException
ex){ex.printStackTrace();}
try {if( pstmt != null)pstmt.close();} catch (SQLException ex)
{ex.printStackTrace();}
try {if( connection != null)connection.close();} catch
(SQLException ex) {ex.printStackTrace();}
connection = null;
pstmt = null;
rs = null;
}
return name;
}
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
Re: DBCP abandoned trace - unable to understand the leak
On 04/11/2010 12:04, sasidhar prabhakar wrote: dataSource = ConnectionUtil.getDataSource(); } Is the class you posted the only DAO? Could the leak be from another class? Can you post ConnectionUtil.java? p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: DBCP abandoned trace - unable to understand the leak
On Wed, Nov 10, 2010 at 3:02 AM, Pid p...@pidster.com wrote:
On 04/11/2010 12:04, sasidhar prabhakar wrote:
dataSource = ConnectionUtil.getDataSource();
}
Is the class you posted the only DAO? Could the leak be from another
class?
Some other DAOs are there. Which takes more than removeAbandonedTimeout.
Except timeout I didn't find any unclosed connections, statements and
results.
Can you post ConnectionUtil.java?
This is DAO class
import java.sql.*;
import javax.sql.*;
import javax.naming.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class ConnectionUtil {
private static Log log = LogFactory.getLog(ConnectionUtil.class);
private static String dataSourceJNDIName = java:comp/env/jdbc/ds;
private static DataSource dataSource;
public static DataSource getDataSource() {
if(dataSource == null) {
try {
log.info(In the ConnectionUtil:getDataSource():Befor calling lookup on
context);
Context ctx = new InitialContext();
dataSource = (DataSource)ctx.lookup(dataSourceJNDIName);
ctx.close();
} catch(Exception e) {
log.error(Can not create DataSource +e.getMessage());
throw new IllegalStateException(e.getMessage());
}
}
return dataSource;
}
public static void setDataSource(DataSource ds) {
dataSource = ds;
}
public static Connection getConnection() throws SQLException {
return getDataSource().getConnection();
}
public static void beginTransaction(Connection conn) throws SQLException {
conn.setAutoCommit(false);
}
public static void endTransaction(Connection conn) throws SQLException {
conn.setAutoCommit(true);
}
public static void commit(Connection conn) throws SQLException {
conn.commit();
}
public static void rollback(Connection conn) throws SQLException {
conn.rollback();
}
public static void close(Connection conn) {
if (conn != null) {
try {
if( !conn.isClosed() )
conn.close();
} catch(SQLException e) {
log.error(SQL Exception caught while closing Connection :+
e.getMessage());
}
}
}
public static void close(Statement stm) {
if (stm != null) {
try {
stm.close();
} catch(SQLException e) {
log.error(SQL Exception caught while closing Statement :+ e.getMessage());
}
}
}
public static void close(ResultSet rs) {
if (rs != null) {
try {
rs.close();
} catch(SQLException e) {
log.error(SQL Exception caught while closing ResultSet :+ e.getMessage());
}
}
}
}
p
Re: DBCP abandoned trace - unable to understand the leak
When I get this problem, I tried the query in DB manually by this query *select count(*) from v$process;* * * The count some times very less, like if total connections are 200 it shows * * some times 60,40,162 like this. On Wed, Nov 10, 2010 at 3:20 AM, Mark Thomas ma...@apache.org wrote: On 10/11/2010 09:02, Pid wrote: On 04/11/2010 12:04, sasidhar prabhakar wrote: dataSource = ConnectionUtil.getDataSource(); } Is the class you posted the only DAO? Could the leak be from another class? Can you post ConnectionUtil.java? Given the SQL seen so far and that some queries take longer than 30s to complete, my money is on the the app trying to process more long running queries in parallel then the pool has connections available. With a low time-out (30s), the pool was abandoning the connections. With a long time-out (300s), the pool was becoming exhausted. If this analysis is correct, the fix is to address the root cause of the long running queries. Unless you are lucky and there is one poorly performing query, the chances are the application and/or database have architectural issues that will require significant work to put right. Web applications should not routinely be running queries as part of request processing that take in excess of a second or so to run. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 Feedback on memory leak detection/prevention
Dear Tomcat users, I'm impressed by the level of in-depth analysis and actions that have been taken to build leak detection, prevention and remediation in Tomcat 7. I was wondering if users had any feedback on how effective the memory leak detection/prevention features has been in practice/production? --Thanks, Rohit Kelapure
Tomcat application with memory leak
Version: 6.0.26 I currently have 2 apps deployed in my tomcat container. I originally was running tomcat with 1024M of memory. The symptom was the applications would stop responding after approximately 5 days. The log stated there was out of memory errors. Symptoms: 1. Users could not access either of the applications within the tomcat container 2. Tomcat did not respond to the shutdown script (had to be killed with kill -9) 3. Tomcat log files had stopped responding. 4. There were a lot of messages (134) java.lang.OutOfMemoryError: Java heap space in the localhost* logfile (normally there are a few or none) In an attempt to resolve the problem, I increased memory to 2048. This allows the applications to work for about 3 weeks before like symptoms happen. I have two questions: 1. How can I run 2 tomcat containers on the same server, so I can separate the applications for further debugging. 2. What are some steps to use in identifying the problem. Best regards, Greg - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat application with memory leak
From: Robillard, Greg L [mailto:greg.l.robill...@lmco.com] Subject: Tomcat application with memory leak In an attempt to resolve the problem, I increased memory to 2048. That doesn't resolve it, it merely postpones it - as you discovered. How can I run 2 tomcat containers on the same server, so I can separate the applications for further debugging. You would have to configure them for different IP addresses or ports - which would likely impact your clients. You might well spend more time on that than you would in fixing the real problem. 2. What are some steps to use in identifying the problem. Run a profiler or other heap analysis tool to find out where your webapps are leaking memory. Take a look at these for more information: http://wiki.apache.org/tomcat/FAQ/Memory http://wiki.apache.org/tomcat/OutOfMemory - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat application with memory leak
On 10/11/2010 14:50, Robillard, Greg L wrote: Version: 6.0.26 I currently have 2 apps deployed in my tomcat container. I originally was running tomcat with 1024M of memory. The symptom was the applications would stop responding after approximately 5 days. The log stated there was out of memory errors. Can you start a completely new thread please? This is an edited reply to the somewhat lengthy Re: DBCP abandoned trace - unable to understand the leak thread appears inside it if you view mail in threaded view. You can't just edit the subject body - it doesn't remove the mail thread id header. p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Tomcat cluster error (null pointer exc ept) on NioReceiver.java:266 [Solved]
Hi, finally i found that people from Security have started a security agent
that was killing/screening connection on port 4000, and I didn't know anything,
they drive me mad Stefano.
Da: Stefano Suzzi s.su...@protesa.it
A: Tomcat Users List users@tomcat.apache.org
Cc:
Data: Tue, 26 Oct 2010 17:06:07 +0200
Oggetto: Re: Tomcat cluster error (null pointer except) on NioReceiver.java:266
In the post before I sed why accept() returns null, so i was investigating
in tomcat and jdk_1.6 source code, and I found that the method accept in
ServerSocketChannel.java can return null in case of non-blocking socket e no
connection available. Should this be tested? and why ask for session
replication when the connection is not established? plus, from the logs it
looks like that later is not retry again to re-establish the connection.
Anyway, it seems that in my production environment the request does not stay
pending enough to be accepted, any suggestion about what I can check?
Thanks. Stefano.Source:
http://www.javakey.net/source/jdk/1.6/java/nio/channels/ServerSocketChannel.java.html
I add the comment found in the api doc: Returns: The socket
channel for the new connection, or null if this channel is in
non-blocking mode and no connection is available to be accepted
http://download.oracle.com/javase/6/docs/api/java/nio/channels/ServerSocketChannel.html#accept%28%29
NioReceiver.java snippet: -- 257
// get an iterator over the set of selected keys 258 Iterator it =
selector.selectedKeys().iterator(); 259 // look at each key in the selected
set 260 while (it.hasNext()) { 261 SelectionKey key = (SelectionKey)
it.next(); 262 // Is a new connection coming in? 263 if
(key.isAcceptable()) { 264 ServerSocketChannel server =
(ServerSocketChannel) key.channel(); 265 SocketChannel channel =
server.accept(); 266
channel.socket().setReceiveBufferSize(getRxBufSize());catalina.out
pieces: INFO: Starting Servlet Engine: Apache Tomcat/6.0.26 20-oct-2010
11:49:23 org.apache.catalina.ha.tcp.SimpleTcpCluster start INFO: Cluster is
about to start 20-oct-2010 11:49:23
org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver
Server Socket bound to:/10.75.64.205:4000 20-oct-2010 11:49:23
org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO:
Setting cluster mcast soTimeout to 500 20-oct-2010 11:49:23
org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO:
Sleeping for 1000 milliseconds to establish cluster membership, start
level:4 20-oct-2010 11:49:24 org.apache.catalina.ha.tcp.SimpleTcpCluster
memberAdded INFO: Replication member
added:org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 75, 64,
206}:4000,{10, 75, 64, 206},4000, alive=32137,id={-61 -37 107 -64 -44 -77 71
29 -102 -121 -88 16 -50 -54 43 97 }, payload={}, command={}, domain={}, ]
20-oct-2010 11:49:24 org.apache.catalina.ha.tcp.SimpleTcpCluster
memberAdded INFO: Replication member
added:org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 75, 64,
207}:4000,{10, 75, 64, 207},4000, alive=72301,id={-49 -8 114 -44 118 127 77
29 -78 104 101 -87 -73 62 -111 100 }, payload={}, command={}, domain={}, ]
20-oct-2010 11:49:24 org.apache.catalina.tribes.membership.McastServiceImpl
waitForMembers INFO: Done sleeping, membership established, start level:4
20-oct-2010 11:49:24 org.apache.catalina.tribes.membership.McastServiceImpl
waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster
membership, start level:8 20-oct-2010 11:49:24
org.apache.catalina.tribes.transport.nio.NioReceiver listen GRAVE: Unable to
process request in NioReceiver java.lang.NullPointerExceptionat
org.apache.catalina.tribes.transport.nio.NioReceiver.listen(NioReceiver.java:266)
at
org.apache.catalina.tribes.transport.nio.NioReceiver.run(NioReceiver.java:353)
at java.lang.Thread.run(Thread.java:619)
.. 20-oct-2010 11:49:26
org.apache.catalina.ha.session.DeltaManager getAllClusterSessions
ADVERTENCIA: Gestor [localhost#/yadas], requiriendo estado de sesión desde
org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 75, 64,
207}:4000,{10, 75, 64, 207},4000, alive=74309,id={-49 -8 114 -44 118 127 77
29 -78 104 101 -87 -73 62 -111 100 }, payload={}, command={}, domain={}, ].
Esta operación se agotará si no se recibe estado de sesión dentro de 60
segundos. 20-oct-2010 11:49:26
org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor report
INFO: ThroughputInterceptor Report[ Tx Msg:1 messages
Sent:0,00 MB (total) Sent:0,00 MB (application) Time:0,01 seconds
Tx Speed:0,06 MB/sec (total) TxSpeed:0,06 MB/sec (application)
Error Msg:0Rx Msg:0 messages Rx Speed:0,00 MB/sec (since 1st msg)
Re: Tomcat 7 Feedback on memory leak detection/prevention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rohit, On 11/10/2010 9:40 AM, Rohit Kelapure wrote: I'm impressed by the level of in-depth analysis and actions that have been taken to build leak detection, prevention and remediation in Tomcat 7. I was wondering if users had any feedback on how effective the memory leak detection/prevention features has been in practice/production? You can read Mark's presentation from ApacheCon NA 2010 here: http://people.apache.org/~markt/presentations/2010-11-04-Memory-Leaks-60mins.pdf I recall that he said during the presentation that it had resulted in the correction of many bugs in 3rd-party libraries such as log4j -- can't remember any others off-hand. While these leak-prevention strategies haven't helped on my own projects, we've seen a lot of folks posting to the list recently who are seeing the warning messages and, as a result, looking into their own code and libraries to find these leaks and fix them. In the cases where people actually post-back after they fix things, it's usually 50/50 application code holding references or a 3rd-party library. We always encourage the library folks to upgrade to the latest version of their library, and to report any lingering bugs that Tomcat detects to those maintainers. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzazuMACgkQ9CaO5/Lv0PBEfQCfcFBS+FVGbpXVRmif5d0TouJg 0ZAAni74MCOhkd6vzE9yuP7pGR69DZOy =R3Ni -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DBCP abandoned trace - unable to understand the leak
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sasidhar, On 11/10/2010 3:29 AM, sasidhar prabhakar wrote: Sorry for that. I changed it 300 seconds. Perhaps you could post your entire configuration. It stops us from asking too many questions, and generally gets right to the problem. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzaz00ACgkQ9CaO5/Lv0PCvBgCeP6H0UewerbUbLyLs/f7Ud3Tk zJ4An2qjPJl+8KtKF7e0Q84b9MYjnBTR =dNVW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Service Temporary Unavailable! and IIS6 Tomcat 6.0 Connector (isapi_redirect)
My website has crashed again and coming up with the following error when the website and jakarta virtual directories are set up to use the same application pool: Service Temporary Unavailable! The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Jakarta/ISAPI/isapi_redirector/1.2.31 (1026297) isapi_redirect.log is no longer logging anymore and when I try to change the application pool for jakarta virtual directory in IIS, I get the following error message; Re: HTTP Error 403 - Forbidden: Access is denied - IIS6 Tomcat 6.0 Connector. My workers.properties and uriworkersmap.properties are configured as follows respectively: #uriworkmap.properties - IIS # An entry that lists all the workers defined workers.tomcat_home=C:\Program Files\Apache Software Foundation\Tomcat 6.0 #workers.java_home=C:\Program Files\Java\jdk1.6.0_22 #workers.java_home=C:\Program Files\Java\jre6 workers.java_home=C:\Program Files\Java\jrockit-R28.0.1-jre1.6.0_20 worker.list=worker1 # Entries that define the host and port associated with these workers worker.worker1.host=www.map.hackney.gov.uk:8080 #worker.worker1.host=localhost:8080 worker.worker1.port=8009 worker.worker1.type=ajp13 worker.worker1.lbfactor=1 worker.worker1.connection_pool_timeout=600 worker.worker1.socket_keepalive=1 worker.worker1.socket_timeout=120 #uriworkmap.properties - IIS # #This file provides sample mappings for example wlb #worker defined in workmap.properties.minimal #The general syntax fro this file is: #[URL]=[worker name] /geoserver/*=worker1 /geoserver/*=worker1;fail_on_status=-404,-500,503 # Use web server error page for all errors /geoserver/*=worker1;use_server_errors=400 # Use web server error page only for technical errors /geoserver/*=worker1;use_server_errors=500 /www.map.hackney.gov.uk/geoserver/*=worker1 /jkmanager=jkstatus System Environment: Windows 2003 Server Tomcat 6.0 IIS 6.0 isapi_redirector 1.2.31 Can somebody please, tell me why my application works for a while and crashes using the above settings? Any help will be appreciated. Thanks. Anthony. -- View this message in context: http://old.nabble.com/HTTP-Error-403---Forbidden%3A-Access-is-denied---IIS6---Tomcat-6.0-Connector-tp30160779p30182687.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
CARGO: A tool for easy manipulation of your Java EE server(s)
Hello, Tomcat enthusiasts This is S. Ali Tokmen from the Codehaus CARGO team. I'm sending this short e-mail to tell you about the immediate availability of CARGO 1.0.4. First question, what is CARGO? CARGO is an open source application that can start, stop, configure and deploy applications as well as configuration files on many, many Java server containers. CARGO is available as a simple Java library, a set of ANT tasks as well as a Maven2 plugin. Of course, Tomcat is part of the servers supported by CARGO... In detail, supported versions include all Tomcat version from 4.x to the latest Tomcat 7.0.4. Second question, what would you need CARGO for? Well, typical use cases for CARGO are: * *Functional and integration testing on a real server environment*: indeed, CARGO can be used to download, configure, start and stop Tomcat and also to deploy all your datasources and applications to it; so you can do real-world tests. o JUnit lovers: See our short article showing you how to configure, start and stop one of the many application servers supported by CARGO with your application in order to run your real-world tests on http://cargo.codehaus.org/Functional+testing o Maven2 users: Try out the CARGO archetypes that show you how to integrate server-based testing in your Maven2 builds: http://cargo.codehaus.org/Maven2+Archetypes * *Multi-server testing*: since CARGO uses the exact same API whether you use Tomcat or any other server, you can reuse the exact same configuration to test your application on different servers. o The list of supported servers and features supported on each server can be found on http://cargo.codehaus.org/Containers * *Automated deployment*: CARGO supports remote deployment on many servers. You therefore can use CARGO to automatically deploy your applications (and their prerequisites) on your favorite servers. * ... and more For more information, please visit http://cargo.codehaus.org/ -- S. Ali Tokmen http://ali.tokmen.com/ GSM (fr): +33 66 43 00 555 [Orange] GSM (tr): +90 555 266 52 73 [Avea] My AIM, ICQ, MSN Messenger and Yahoo IM contact details are on http://contact.ali.tokmen.com
Re: DBCP abandoned trace - unable to understand the leak
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pid,
On 11/10/2010 3:51 AM, Pid wrote:
finally {
DB.close(rs);
DB.close(ps);
DB.close(cn);
}
I've gone further in our code:
DB.close(cn, ps, rs);
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkzbBuQACgkQ9CaO5/Lv0PAyfQCfa1L4FPpWHDZ6Yido3v2HtIo0
OKcAn2MG1rL+h7rcNSzmuzhEF2h3czON
=ShLV
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] SecurityManager and Java Policy Files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I'm resurrecting this thread because I'd like to return my attention to running my webapp under a SecurityManager. On 3/25/2010 4:03 PM, Christopher Schultz wrote: This is off-topic in that it doesn't really have anything to do specifically with Tomcat, but I would be willing to bet that readers would be interested in the answer. Besides, the pool of brain cells available to this list is rather deep and I'd love an explanation of policies. I recently tried to set up Tomcat 6.x running under a SecurityManager. As I fell down the rabbit hole, I saw that lots of things needed to be granted to my code, which all makes sense in general. What I don't quite get is the hierarchy of checks that are done. Can anyone recommend any literature for understanding the Zen of Java's SecurityManager and, more specifically, how to properly write your application to operate under one? I'm looking for references that explain the interaction between the SecurityManager itself, the policy, signed code, and the use of AccessController/PrivilegedAction. Online resources and articles as well as dead trees would be fine. My Google-fu just isn't turning up anything relevant. I get either horribly technical specifications of things or trifles that just say run under a SecurityManager and everything will be secure!. Any help would be greatly appreciated. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzbC3gACgkQ9CaO5/Lv0PASFwCeLUDSfK0n+jFbli4sqRRWPGEf avYAn0oksVC/YT1Gai/w936m2h7sp6eM =IPIw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] SecurityManager and Java Policy Files
On 10/11/2010 21:15, Christopher Schultz wrote: I'm looking for references that explain the interaction between the SecurityManager itself, the policy, signed code, and the use of AccessController/PrivilegedAction. Online resources and articles as well as dead trees would be fine. My Google-fu just isn't turning up anything relevant. I get either horribly technical specifications of things or trifles that just say run under a SecurityManager and everything will be secure!. Any help would be greatly appreciated. I don't recall ever finding anything that useful. What I can do is condense my limited knowledge into a few lines that may help. For code to perform some actions (e.g. reading a file, exiting the JVM etc) it needs the associated permission when running under a security manager. The policy file handles mapping code to permissions. When code tries to perform a protected function then: - if no privileged block is present in the call stack then every class in the call stack must have the necessary permission - if a privileged block is present in the call stack then every class in the call stack from the class performing the action to the privileged block must have the necessary permission To take a specific example, consider the PersistentManager. It needs to read/write sessions from the file system, create objects, manipulate class loaders and a bunch of other stuff that requires permissions. Session loading/unloading can be triggered by a web application so it is possible for web app code to be in the call stack for a call to load(). Web apps have minimal permissions that do not include the permissions needed by the load() method. The PersistentManager class does have the necessary permissions. The load() method uses a privileged block so web apps can call the load() method without having the necessary permissions. To be secure the load() method has to make sure web apps can't trick it into doing something it shouldn't. Does that help? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] SecurityManager and Java Policy Files
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 11/10/2010 4:29 PM, Mark Thomas wrote:
On 10/11/2010 21:15, Christopher Schultz wrote:
Any help would be greatly appreciated.
I don't recall ever finding anything that useful. What I can do is
condense my limited knowledge into a few lines that may help.
Thanks for confirming that I've found thus far: good references are
difficult to find.
For code to perform some actions (e.g. reading a file, exiting the JVM
etc) it needs the associated permission when running under a security
manager.
The policy file handles mapping code to permissions.
Check.
When code tries to perform a protected function then:
- if no privileged block is present in the call stack then every class
in the call stack must have the necessary permission
This is something that I've only recently realized. When I initially
tried to use a SecurityManaget, I found that I basically had to poke
holes in the policy for /everything/. What I wanted to do was restrict
certain code to, for instance, write to my log file(s) or to make a
connection to the database. Without a privileged block, I had to allow
just about all the code to make network connections because nearly any
code could call into a database routine which (of course), may create a
database connection on demand.
The privileged blocks appear to allow me to restrict the code that can
do that to a very specific set of classes -- ones that explicitly
attempt a privileged action using AccessController.
- if a privileged block is present in the call stack then every class in
the call stack from the class performing the action to the privileged
block must have the necessary permission
Gotcha.
To take a specific example, consider the PersistentManager. It needs to
read/write sessions from the file system, create objects, manipulate
class loaders and a bunch of other stuff that requires permissions.
Session loading/unloading can be triggered by a web application so it is
possible for web app code to be in the call stack for a call to load().
A good parallel to my JDBC connection example from above: any part of my
webapp can try to use my database services, yet those outside classes
shouldn't be able to directly make a database connection.
Web apps have minimal permissions that do not include the permissions
needed by the load() method. The PersistentManager class does have the
necessary permissions.
The load() method uses a privileged block so web apps can call the
load() method without having the necessary permissions. To be secure the
load() method has to make sure web apps can't trick it into doing
something it shouldn't.
Does that help?
Yes, very much.
To be explicit, if I want a class (say, DbStuff) to be able to make a
database connection yet prevent other classes from doing so, I need to
do something like this:
public class DbStuff
{
protected Connection getConnection()
{
Connection conn = null;
AccessController.doPrivileged(new PrivilegedActionConnection() {
public Connection run()
{
DataSource ds = // get from JNDI
return ds.getConnection();
}
});
}
public ListPerson getPeople()
{
Connection conn = null;
try {
conn = getConnection();
// SELECT * FROM people
return people;
}
}
}
public class MyTest
{
public static void main(String[] args)
{
new DbStuff().getPeople();
}
}
So, if I give access to connect, etc. in my policy file to the DbStuff
class, then DbStuff can use it's own getConnection method to obtain
database connections, but MyTest would be unable to, say, use
DriverManager to create a new connection to the database. Do I have that
right?
Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkzbEccACgkQ9CaO5/Lv0PDWjACfeLTFxPEbfW0uTrMEy8Iq5hQG
7i8An0wOcfuRTC9jAdOe0ZzL8UZHiAR9
=H6e3
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Any tools to detect tomcat services failure, and start it again automatically?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill, On 11/7/2010 2:35 AM, Bill Wang wrote: Thanks to Christopher , Rainer, and Rainer again. I will try to understand the jsvc. But for SMF, because we don't run tomcat as root, I am not sure if SMF can be set and run by normal user. I need check that first. My idea is, for most applications, normally I get three options: start, stop and status. But tomcat's catalina.sh has only two choices, startup and shutdown. I can't find exist command/script to show the tomcat status. If I can show the status, I can write the script to start the tomcat, when its status show tomcat service is down. So is it possible to ask tomcat develop team to write a general script or tool to detect tomcat status directly? You could log an enhancement in bugzilla. As always, patches are welcome. Just understand that almost all code needs to be deployed into a web application, and you might not be able to convince most Tomcat users to deploy a special web application merely to provide status information. It might be better to define protocol for determining status (such as a simple HEAD request to a configurable URL that returns a specific string in the response, or a specific HTTP response code if everything is okay) and then write a small piece of code to check it from the command line and integrate that into catalina.sh. Provide a sample implementation (.jsp?) and let users choose how they want to do reporting. The reason something like this doesn't really exist is that it's so poorly defined. What is healthy for one webapp/server might not be sufficient for another one. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzbE5MACgkQ9CaO5/Lv0PCTFgCdFPwqIvj4aVnN4GDRHfCt2mzD nEgAn3FngaWKXbyfyd+IABcRsBVx6HTn =Ppeo -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] SecurityManager and Java Policy Files
For debugging purposes, this http://blogs.sun.com/xuelei/entry/fine_granularity_diagnosis_on_security might be useful. And once you succeeded there's always room for improvement, e.g. http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html ;) Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] SecurityManager and Java Policy Files
On 10/11/2010 21:42, Christopher Schultz wrote:
To be explicit, if I want a class (say, DbStuff) to be able to make a
database connection yet prevent other classes from doing so, I need to
do something like this:
public class DbStuff
{
protected Connection getConnection()
{
Connection conn = null;
AccessController.doPrivileged(new PrivilegedActionConnection() {
public Connection run()
{
DataSource ds = // get from JNDI
return ds.getConnection();
}
});
}
public ListPerson getPeople()
{
Connection conn = null;
try {
conn = getConnection();
// SELECT * FROM people
return people;
}
}
}
public class MyTest
{
public static void main(String[] args)
{
new DbStuff().getPeople();
}
}
So, if I give access to connect, etc. in my policy file to the DbStuff
class, then DbStuff can use it's own getConnection method to obtain
database connections, but MyTest would be unable to, say, use
DriverManager to create a new connection to the database. Do I have that
right?
You do, but...
The way DbStuff is written I could extend it and call the protected
getConnection() method directly. You should probably make that method
private.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
