Re: access to Manager

[Francis GALIEGUE]

On Sat, May 28, 2011 at 00:27, abdelghni belfkih  wrote:
> hi guys,
>
> I can't access to the manager/html cuz i don't know how create a user login.
>
> Plz help me.
>

[c'est dans la doc de base]

This is in the base documentation of Tomcat. And anyway, I strongly
recommend AGAINST the HTML version of it. Why? It requires a Web
browser for input.

Try the text version instead. Everything is documented.

-- 
Francis Galiegue
ONE2TEAM
Ingénieur système
Mob : +33 (0) 683 877 875
Tel : +33 (0) 178 945 552
f...@one2team.com
40 avenue Raymond Poincaré
75116 Paris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

access to Manager

[abdelghni belfkih]

hi guys,

I can't access to the manager/html cuz i don't know how create a user login.

Plz help me.


-- 
Élève Ingénieur en TIC
Option : *Informatique, Réseaux et Systèmes*
Institut National des Postes et Télécommunication
Mobile : +212672673731
E-mail : blfkih.i...@gmail.com

Re: Piping tomcat logs to rsyslog

[Mark Eggers]

> From: Eric Lorson 

> To: users@tomcat.apache.org
> Cc: 
> Sent: Friday, May 27, 2011 9:21 AM
> Subject: Piping tomcat logs to rsyslog
> 
> 
> For internal security reasons I need to prevent our tomcat logs from writing
> to the webserver local disk. We set up a rsyslog server and want to pipe the
> log data directly to rsyslog. 
> 
> I am trying to work out how to configure tomcat to send all lpg data to
> STDOUT or named pipe and have the rsyslog agent send the data to rsyslog on
> a separate server. 
> 
> We are on CentOS 5.6, Tomcat 6 and rsyslog 5.8.1. 
> 
> I need to know: 
> 1) do we use the default logging library or log4j 
> 2) where is this configured in the tomcat config 
> 
> Thanks, 
> Eric



>From a Google search: juli logging syslog


http://remcojansen.posterous.com/2009/11/how-to-send-tomcats-access-log-to.html


Note, I have not tried this.

. . . . just my two cents.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Piping tomcat logs to rsyslog

[Eric Lorson]

For internal security reasons I need to prevent our tomcat logs from writing
to the webserver local disk. We set up a rsyslog server and want to pipe the
log data directly to rsyslog. 

I am trying to work out how to configure tomcat to send all lpg data to
STDOUT or named pipe and have the rsyslog agent send the data to rsyslog on
a separate server. 

We are on CentOS 5.6, Tomcat 6 and rsyslog 5.8.1. 

I need to know: 
1) do we use the default logging library or log4j 
2) where is this configured in the tomcat config 

Thanks, 
Eric

-- 
View this message in context: 
http://old.nabble.com/Piping-tomcat-logs-to-rsyslog-tp31717657p31717657.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Weird problerm accessing request headers from tomcat

[André Warnier]

Hi.

I believe that you are making the often-made confusion between "environment values" (or 
variables), and HTTP headers content.

In particular, here :

 Apache1 inserts the following variables into the requests it forwards to 
Apache1 (I suppose you meant Apache2 here)


No. It does not do that.  It adds some HTTP headers. This is different, see 
below.

. Apache1 (I suppose you meant Apache2 here) can see them, I have checked that using 
cgi-bin/printenv (some

values anonymized):

HTTP_X_FORWARDED_FOR="aa.bb.cc.dd"
HTTP_X_FORWARDED_HOST="xxx.yyy.net"
HTTP_X_FORWARDED_PORT="443"
HTTP_X_FORWARDED_PROTOCOL="https"
HTTP_X_FORWARDED_SERVER="aaa.bbb.ccc"

Your check does not show that at all. It shows something that is just confusing enough to 
get you confused as to what you are seeing. ;-)


But you have excuses for your confusion, because the Apache documentation itself is very 
confusing as to "environment variables".


What the cgi-bin script sees, are indeed "environment values".
These are set by the Apache process (Apache2), just before it executes the cgi-bin script. 
So the cgi-bin script sees them in its environment when it runs.

(like with $ENV{'HTTP_X_FORWARDED_PORT'})

But there is no one-to-one relationship between what Apache finds in HTTP request headers, 
and the environment values which it sets for the cgi-bin scripts that it runs.
Apache does "convert" some of the request HTTP header values into cgi-bin environment 
variables, but :
- the name of the environment variable may be different from the corresponding HTTP header 
label (you see this yourself above : a HTTP header named "X-forwarded-for:" has been 
passed to the cgi-bin script as the environment value named "HTTP_X_FORWARDED_FOR")

- not all HTTP headers are converted and passed that way
- some environment values passed to the cgi-bin script are not, and never were, HTTP 
headers of the request (for example, the cgi-bin environment values "QUERY_STRING", or 
"SCRIPT_FILENAME")


On the other hand :

When a HTTP proxy server forwards a HTTP request to another HTTP server via the HTTP 
protocol, it forwards *all* the request headers and request content to this other server, 
as a HTTP request (otherwise, it would not be a valid HTTP proxy server).  But it cannot 
forward "environment values", because there is no defined way of doing this over the HTTP 
protocol. (*)



But now I see your second post, and your problem is in fact much simpler.

By doing this :
h:outputText style="font: bold 14px sans-serif;"
> value="X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']}" />

what you are actually trying to retrieve, is the content of the HTTP request 
header
"X_FORWARDED_HOST:" (I guess), but this HTTP header does not exist in the 
request.
What you are giving as a HTTP header name, is actually what the cgi-bin environment value 
name was for your cgi-bin.

Which, as I try to explain at long length above, is not the same thing.

So you get back a null, and you think that the header was not there.
But it is there, only under its real HTTP header name.
Try something like
  value="X_FORWARDED_HOST: #{header['X-Forwarded-for']}" />"
instead.

(Noise of self-slap on face ?).



(*) However, when the proxy protocol used is AJP (as it is between Apache and Tomcat when 
using the mod_jk connector, or the mod_proxy_ajp connector), /then/ some additional values 
/can/ be passed along with the request (because the AJP protocol allows that). On the 
Tomcat side, these then appear as "request attributes" which the webapp can retrieve (via 
request.getAttribute(name)), but not as "environment values" of the Tomcat process for 
example.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Weird problerm accessing request headers from tomcat

[Martin Knoblauch]

Hi Martin,

the reverse proxy (gateway) in my case would be "apache1" me thinks. "apache2" 
definitely does not use mod_proxy/ProxyPass. It is just loadbalancing two 
tomcat 

instances using "mod_jk".

My problem is (maybe I was not clear) that "apache2" does see the 
X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers apparently 
added by "apache1", but that those are not visible in the requests reaching 
tomcat. If, just as an experiment, I use "RequestHeader set" in the "apache2" 
ssl configuration, tomcat sees them. Same is true for the "_PORT" and 
"_PROTOCOL" headers that are added on "apache1" via "RequestHeader set".

Did I express myself better this time? There must be some handling differences 
between headers added from mod_proxy (if that is used by apache1 I will not 
find 

out before some time next week) and those added by mod_headers.

Thanks

Martin :-)
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www:   http://www.knobisoft.de



- Original Message 
> From: Martin Gainty 
> To: Tomcat Users List 
> Sent: Fri, May 27, 2011 3:29:32 PM
> Subject: RE: Weird problerm accessing request headers  from tomcat
> 
> 
> when your Apache2 is configured as reverse-proxy you are fowarding  
>IP,RequestedHost and Proxy-Server specifically:
> 
> When acting in a  reverse-proxy mode (using the ProxyPass directive, for 
>example),
>  mod_proxy_http adds several request headers in
> order to  pass information to the origin server. These headers
>  are:
> 
> X-Forwarded-ForThe IP address of the  client.X-Forwarded-HostThe original 
>host requested by the client in the Host 
>
>HTTP request header.X-Forwarded-ServerThe hostname of  the proxy 
server.
> 
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
> 
> is this not the  case?
> Martin 
> __ 
> 
> 
> 
> 
> 
> 
> > Date: Fri, 27 May 2011 05:53:14 -0700
> >  From: spamt...@knobisoft.de
> > Subject:  Weird problerm accessing request headers  from tomcat
> > To: users@tomcat.apache.org; us...@httpd.apache.org
> > 
> >  Hi,
> > 
> >  sorry for the crosspost, but I am not sure where to  ask. I am trying to 
> > understand a weird problem accessing HTTP request  headers from a jsf page.
> > 
> >  The setup is as follows:
> > 
> > apache1 -> apache2 -> mod_jk -> tomcat
> > 
> >  Apache1 is accessible from the Internet and forwards requests to my 
>application 
>
> > to apache2. I have no direct control over the setup of apache1 and I  
> > cannot 
>look 
>
> > at the configuration. Apache2 (2.0.63 on Linux) is  answering requests from 
>the 
>
> > intranet and forwards them via mod_jk  (1.2.30) to two loadbanced tomcats 
>(Linux, 
>
> > 6.0.32).
> > 
> >  Apache1 inserts the following variables into the requests it  forwards to 
> > Apache1. Apache1 can see them, I have checked that using  cgi-bin/printenv 
>(some 
>
> > values anonymized):
> > 
> >  HTTP_X_FORWARDED_FOR="aa.bb.cc.dd"
> >  HTTP_X_FORWARDED_HOST="xxx.yyy.net"
> > HTTP_X_FORWARDED_PORT="443"
> >  HTTP_X_FORWARDED_PROTOCOL="https"
> >  HTTP_X_FORWARDED_SERVER="aaa.bbb.ccc"
> > 
> >  If I try to read  those variables from the tomcat application using this 
> > facelett  code:
> > 
> >  >  value="X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']}"  />
> > 
> >   >  value="X_FORWARDED_PROTOCOL: 
>#{header['X_FORWARDED_PROTOCOL']}" 
>
> >  />
> > 
> >   >  value="X_FORWARDED_PORT: #{header['X_FORWARDED_PORT']}" />
> >  
> >   >  value="X_FORWARDED_FOR:  #{header['X_FORWARDED_FOR']}" />
> > 
> >  >  value="X_FORWARDED_SERVER: 
> > #{header['X_FORWARDED_SERVER']}" 
>/>
> >  
> > 
> >  
> > Only  X_FORWARDED_PORT and X_FORWARDED_PROTOCOL are set. The other three 
> > are 

> >  empty/null. It seem that somewhere they get dropped between Apache2, 
> > mod_jk 
>and 
>
> > Tomcat.
> > 
> >  Now, I know that _PORT and _PROTOCOL are  inserted at Apache1 using 
> > 'RequestHeader set X_FORWARDED_PROTOCOL  "https"', while I do not know how 
>the 
>
> > other three are generated. If I  add 'RequestHeader set X_FORWARDED_HOST 
> > "xxx.yyy.net"' to the  configuration from apache2, the application sees 
> > that 

> > header as well.  Confused? so am I :-(
> > 
> > Happy weekend
> > 
> > Martin 
> > --
> > Martin  Knoblauch
> > email: k n o b i AT knobisoft DOT de
> > www:  http://www.knobisoft.de
> > 
> > 
> >  -
> > To  unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >  For additional commands, e-mail: users-h...@tomcat.apache.org
> > 
> 

-
To unsubscribe, e-mail: users-unsubscr...@to

RE: Weird problerm accessing request headers from tomcat

[Martin Gainty]

when your Apache2 is configured as reverse-proxy you are fowarding 
IP,RequestedHost and Proxy-Server specifically:

When acting in a reverse-proxy mode (using the ProxyPass directive, for 
example),
mod_proxy_http adds several request headers in
order to pass information to the origin server. These headers
are:

X-Forwarded-ForThe IP address of the client.X-Forwarded-HostThe original 
host requested by the client in the Host 
   HTTP request header.X-Forwarded-ServerThe hostname of the proxy server.

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

is this not the case?
Martin 
__ 






> Date: Fri, 27 May 2011 05:53:14 -0700
> From: spamt...@knobisoft.de
> Subject: Weird problerm accessing request headers  from tomcat
> To: users@tomcat.apache.org; us...@httpd.apache.org
> 
> Hi,
> 
>  sorry for the crosspost, but I am not sure where to ask. I am trying to 
> understand a weird problem accessing HTTP request headers from a jsf page.
> 
>  The setup is as follows:
> 
> apache1 -> apache2 -> mod_jk -> tomcat
> 
> Apache1 is accessible from the Internet and forwards requests to my 
> application 
> to apache2. I have no direct control over the setup of apache1 and I cannot 
> look 
> at the configuration. Apache2 (2.0.63 on Linux) is answering requests from 
> the 
> intranet and forwards them via mod_jk (1.2.30) to two loadbanced tomcats 
> (Linux, 
> 6.0.32).
> 
>  Apache1 inserts the following variables into the requests it forwards to 
> Apache1. Apache1 can see them, I have checked that using cgi-bin/printenv 
> (some 
> values anonymized):
> 
> HTTP_X_FORWARDED_FOR="aa.bb.cc.dd"
> HTTP_X_FORWARDED_HOST="xxx.yyy.net"
> HTTP_X_FORWARDED_PORT="443"
> HTTP_X_FORWARDED_PROTOCOL="https"
> HTTP_X_FORWARDED_SERVER="aaa.bbb.ccc"
> 
>  If I try to read those variables from the tomcat application using this 
> facelett code:
> 
>  value="X_FORWARDED_HOST: #{header['X_FORWARDED_HOST']}" />
> 
>  value="X_FORWARDED_PROTOCOL: 
> #{header['X_FORWARDED_PROTOCOL']}" 
> />
> 
>  value="X_FORWARDED_PORT: #{header['X_FORWARDED_PORT']}" />
> 
>  value="X_FORWARDED_FOR: #{header['X_FORWARDED_FOR']}" />
> 
>  value="X_FORWARDED_SERVER: #{header['X_FORWARDED_SERVER']}" />
> 
> 
>  
> Only X_FORWARDED_PORT and X_FORWARDED_PROTOCOL are set. The other three are 
> empty/null. It seem that somewhere they get dropped between Apache2, mod_jk 
> and 
> Tomcat.
> 
>  Now, I know that _PORT and _PROTOCOL are inserted at Apache1 using 
> 'RequestHeader set X_FORWARDED_PROTOCOL "https"', while I do not know how the 
> other three are generated. If I add 'RequestHeader set X_FORWARDED_HOST 
> "xxx.yyy.net"' to the configuration from apache2, the application sees that 
> header as well. Confused? so am I :-(
> 
> Happy weekend
> 
> Martin 
> --
> Martin Knoblauch
> email: k n o b i AT knobisoft DOT de
> www:   http://www.knobisoft.de
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
  

Re: Tomcat 5.5.27, session lost, cookies

[Diego Ruotolo]

Il 27/05/2011 15.04, Filippo Machi ha scritto:
> @Filippo: Ciao! There are no "strange" or blank character on cookie
> value, it's just the JSESSIONID "as is". It's a value generated by
> Tomcat, isn't it?
>
> Ciao Diego,
> I meant, maybe there's ANOTHER cookie in the incoming request that contains
> one or
> more not valid characters and it causes tomcat to fail the parsing of all
> other cookies,
> included the JSESSIONID one.
> ciao
> Fil
Mmm... no. There are just 2 cookies: JSESSIONID and I18n cookie : the
latter contains just values like "IT_it" . Sometimes ALSO a dup
JSESSIONID is set, or a "jsessionid" (in lower case) : that's part of
our webapp, maybe I should fix it... :-)
Thanks,

ciao
-- 

Ing. Diego Ruotolo
Software developer

Re: Tomcat 5.5.27, session lost, cookies

[Filippo Machi]

On Fri, May 27, 2011 at 12:26 PM, Diego Ruotolo wrote:

> Hi everybody !
>
> Thanks to all of you for your replies. Unfortunately (or fortunately) I
> spent the whole morning trying to reproduce the problem but everything
> works fine today!
>
> @Filippo: Ciao! There are no "strange" or blank character on cookie
> value, it's just the JSESSIONID "as is". It's a value generated by
> Tomcat, isn't it?
>

Ciao Diego,
I meant, maybe there's ANOTHER cookie in the incoming request that contains
one or
more not valid characters and it causes tomcat to fail the parsing of all
other cookies,
included the JSESSIONID one.
ciao
Fil

Weird problerm accessing request headers from tomcat

[Martin Knoblauch]

Hi,

 sorry for the crosspost, but I am not sure where to ask. I am trying to 
understand a weird problem accessing HTTP request headers from a jsf page.

 The setup is as follows:

apache1 -> apache2 -> mod_jk -> tomcat

Apache1 is accessible from the Internet and forwards requests to my application 
to apache2. I have no direct control over the setup of apache1 and I cannot 
look 
at the configuration. Apache2 (2.0.63 on Linux) is answering requests from the 
intranet and forwards them via mod_jk (1.2.30) to two loadbanced tomcats 
(Linux, 
6.0.32).

 Apache1 inserts the following variables into the requests it forwards to 
Apache1. Apache1 can see them, I have checked that using cgi-bin/printenv (some 
values anonymized):

HTTP_X_FORWARDED_FOR="aa.bb.cc.dd"
HTTP_X_FORWARDED_HOST="xxx.yyy.net"
HTTP_X_FORWARDED_PORT="443"
HTTP_X_FORWARDED_PROTOCOL="https"
HTTP_X_FORWARDED_SERVER="aaa.bbb.ccc"

 If I try to read those variables from the tomcat application using this 
facelett code:












 
Only X_FORWARDED_PORT and X_FORWARDED_PROTOCOL are set. The other three are 
empty/null. It seem that somewhere they get dropped between Apache2, mod_jk and 
Tomcat.

 Now, I know that _PORT and _PROTOCOL are inserted at Apache1 using 
'RequestHeader set X_FORWARDED_PROTOCOL "https"', while I do not know how the 
other three are generated. If I add 'RequestHeader set X_FORWARDED_HOST 
"xxx.yyy.net"' to the configuration from apache2, the application sees that 
header as well. Confused? so am I :-(

Happy weekend

Martin 
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www:   http://www.knobisoft.de


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Log4j.properties settings in documentation

[chris derham]

All,

I think that I have found a problem in the documentation for setting up
log4j.properties at
http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j. The same
text is on the tomcat 6.0 documentation. It specifies

log4j.appender.CATALINA.conversionPattern = %d [%t] %-5p %c- %m%n

When I run that I receive the following exception

log4j:ERROR Could not find value for key log4j.appender.CATALINA.layout
log4j:WARN No such property [conversionPattern] in
org.apache.log4j.DailyRollingFileAppender.
log4j:ERROR No layout set for the appender named [CATALINA].

It works fine if I update the setting to

log4j.appender.CATALINA.layout.conversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.CATALINA.layout=org.apache.log4j.PatternLayout

The same issue is present for catalina, localhost, manager, host-manager and
console appenders.

Is this something that I am doing wrong, or is the documentation wrong?

Chris

P.S. assuming that the documentation is wrong, does everybody stick with
juli logging? I mean if this has been wrong since v6, nobody can be using it
right? I guess juli logging provides everything most people need?

Re: Tomcat 5.5.27, session lost, cookies

[Diego Ruotolo]

Hi everybody !

Thanks to all of you for your replies. Unfortunately (or fortunately) I
spent the whole morning trying to reproduce the problem but everything
works fine today!

@Filippo: Ciao! There are no "strange" or blank character on cookie
value, it's just the JSESSIONID "as is". It's a value generated by
Tomcat, isn't it?

@Marcos: I have no logs... I tried to log this morning using log4j at
DEBUG level, but, as I said in the beginning, everything works fine today...

@Christopher: here's the access logs, with all the HTTP calls
(everything's fine, these are NOT the logs of the fail scenario):

127.0.0.1 - - [27/May/2011:11:29:41 +0200] "POST
/servlet/it.dianoema.dnweb.library.servlets.Automation HTTP/1.1" 200 2070
127.0.0.1 - - [27/May/2011:11:29:41 +0200] "POST
/servlet/it.dianoema.dnweb.library.servlets.ConsoleServlet HTTP/1.1" 200
1698
127.0.0.1 - - [27/May/2011:11:29:41 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.StampaEtichette?azione=PRINT&stampante_autom=false&printer=Etichette
HTTP/1.1" 200 6066
127.0.0.1 - - [27/May/2011:11:29:45 +0200] "POST
/servlet/it.dianoema.dnweb.dnlis.servlets.AzioniSuRichieste HTTP/1.1" 200 7
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "POST
/servlet/it.dianoema.dnweb.dnlis.servlets.GetSkel HTTP/1.1" 200 7
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.StampaEtichette?azione=VOID
HTTP/1.1" 200 582
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.GetFiltro?TEMPLATE=templates/gsp/head.template
HTTP/1.1" 200 5489
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dngsp.ShowQuery?TEMPLATE=templates%2Fgsp%2Flist.template&ELENCO=Pazienti&SESSION_REM=ALL&QUERY=PazientiGSP&FIELD_Reparto=noe_dnweb&FIELD_ExtCodice=&FIELD_Codice=&FIELD_CodiceRicovero=&FIELD_Cognome=&FIELD_Nome=&FIELD_00_DataUltimaRichiesta=&FIELD_01_DataUltimaRichiesta=&COND_Cognome=+LIKE+&COND_Nome=+LIKE+&COND_00_DataUltimaRichiesta=SHORT_DATE%3E%3D&COND_01_DataUltimaRichiesta=SHORT_DATE%3C%3D&SORTS=&AGG_REP=yes&REP_IN=yes
HTTP/1.1" 200 4
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.GetSkel?SKEL=/dnlis/templates/gsp/tail.template&GSP=ON&AMB=OFF
HTTP/1.1" 200 2280
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.Context HTTP/1.1" 200 2565


I'll explain you our flow:
we call the servlet Automation that starts a thread who sequentially
calls all the other servlets, when the thread has finished the control
is returned to Automation servlet.
Not all servlet are called by thread: lots of them are invoked because
the previous servlet returned an HTML page containing frames that have a
servlet URL in the src attribute. Let's make an example:

Automation --> Thread started --> Call servlet 1 --> HTML is returned
--> Call servlet 2 (it's in the HTML page) --> Thread end --> Automation

Usually the problem occours when invoking servlet from the HTML page
(servlet 2 in the example above, servlet called GetFiltro in the access
logs).

Things I've tried to do:
- increase size of connector input stream buffer, from 2048 to 4096,
using bufferSize attribute
- force the "Set-Cookie" attribute in every response, forcing the
JSESSIONID cookie

If you want I have the entire HTTP headers of request/response.

I'll try again to reproduce the problem, I will send you more details
when it will occour again.

Thanks everybody!

Best regards


Il 27/05/2011 10.33, Filippo Machi ha scritto:
> Ciao!
> Please read my comment inline..
>
> On Fri, May 27, 2011 at 12:12 AM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> Filippo,
>
> On 5/26/2011 10:50 AM, Filippo Machi wrote:
> >>> One of our legacy (non java) server was used to put a blank (' ')
> character
> >>> as value of a cookie.
>
> The value itself is blank, or the value /contains/ a blank?
>
>
> > the value contains a blank
>
>
>
> Please give us an example of a "Cooke:" header from your client and
> maybe we can suggest a solution (a few come to mind, but I'm unwilling
> to describe them until I see an example).
>
>
> > here it's an example, I used firebug to grab the cookie header
> contained in
> > the request:
>
> >
> AA=01*49qmsEhufMY7I6g/OnGT2tN3ThrCZH6vJ342kTDsssuRgEhlqwftbRTaikwi9I3HIx5yoK1ng4tY
> > 5JuIUe3x9o0Jptimu3uvVgeQAKc5htM=;
> > __utma=125866390.1346069185.1295258223.1306326749.1306484681.40;
> > __utmz=125866390.1306326795.39.29.utmcsr=
>
>
> > as you can see there are different cookies, the first one (AA) it's the
> > guilty. It has a blank here
>
> > ...4tY 5Ju...
>
> > thanks
> > Fil
>
>
>
> -chris
>>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-- 
Diego Ruotolo - NoemaLife S.p.A.

Ing. Diego Ruotolo
Software developer

NoemaLife S.p.A.
Via Gobetti, 52
40129 Bologna - ITALY
T +39 051 

Re: JkExtractSSL not sending SSL information to tomcat

[Rainer Jung]

On 25.05.2011 15:18, Christopher Schultz wrote:
> André,
> 
> On 5/24/2011 7:13 PM, André Warnier wrote:
>> Christopher Schultz wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> Marc,
>>>
>>> On 5/24/2011 10:56 AM, Marc Boorshtein wrote:
 I've setup a pretty generic httpd(2.2.19)+mod_jk to tomcat 6 on Oracle
 Linux 5 (CentOS 5 equiv) with SSL setup.  With JkExtractSSL and the
 correct SSLOptions in the httpd configuration files.  I can see the
 SSL environment variables in /cgi-bin/printenv but no headers or
 environment variables in the backend tomcat app.  Am I missing
 something?
>>>
>>> Something just tickled my brain, here: you said "environment variables
>>> or headers". The data stored in environment variables on the Apache
>>> httpd side are neither stored in environment variables (since the
>>> environment is shared, and a multi-threaded server would never work) nor
>>> in request headers (because that's not really appropriate).
>>>
>>> Instead, they are stored in the request /attributes/.
>>>
>>> Unfortunately, the mod_jk documentation doesn't make that clear. I'll
>>> try to find a reference, even if it's only in the source code.
>>>
>> Checkup JkEnvVar.
>> http://grokbase.com/topic/2007/04/19/howto-forward-user-name-from-apache-via-mod-jk-to-tomcat/00UYI-2ef5d4aI6oZhrQPFf3JD0
> 
> Yeah, except that JkEnvVar puts the environment variable FOO into the
> request attribute "FOO", while JkExtractSSL puts them under attribute
> keys defined by the servlet specification. That was not clear at all
> from the existing documentation (at least not without having read the
> servlet spec as well and drawing a logical conclusion).

Being late here, I used to suggest taking a look at

http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issues with getRemoteAddress

[André Warnier]

Filippo Machi wrote:

On Fri, May 27, 2011 at 11:20 AM, André Warnier  wrote:


Filippo Machi wrote:


we're using tomcat 7.0.12

 Ok.



 1) You have serverA running Tomcat, and Tomcat listens on port 8080.

The (network) IP address of serverA is : 


85.214.x.x

(apart from the loopback address 127.0.0.1)


This Tomcat has some IP-based access Valve which :



we have a filter, not a valve,  (a class implementing
javax.servlet.Filter)
that authenticates incoming request
according to:
- a particular key contained as parameter in the request
- the ip of the incoming request
- a cookie
those checks are applied in the exact order I listed them, if all of them
fails, then the user
is redirected to the login page as follows

request.getServletContext()
  .getRequestDispatcher(LOGIN_PAGE_REDIRECT_URL)
  .forward(request, response);

I don't know whether it matters but we have a chain of filters and the
authorization one I described is applied
after a filter that, in some cases perform a forward


request.getServletContext().getRequestDispatcher(remappedResource).forward(request,
response);

but I think it shouldn't be the cause of the issue...


- for requests from 127.0.0.1, allows them through without authentication


- for requests /not/ from 127.0.0.1, requires authentication in the form
of
a cookie, and if that cookie is not present, returns a login page.

The requester IP address is obtained by the Valve using the
getRemoteAddress() method.

2) On the same serverA, there is a cron job which runs from time to time.
This cron job runs a PHP script, which
- connects to "127.0.0.1:8080"
- sends a HTTP request over that connection, directed to a specific
Tomcat
application
- receives a response from Tomcat

3) there are also other clients (not on serverA), which access other
applications (or the same application) on serverA/Tomcat directly, by
addressing their requests to ?
(IP or name).



there are other clients (browsers) accessing serverA using the server name


 (it cannot be 127.0.0.1:8080, since these clients are not on serverA)

The IP's of those clients are :


something like 93.35.x.x



And what you are seeing in the logs, is that from time to time, a request
which seems to come from the PHP script (and should thus have a client IP
address of 127.0.0.1 and go through without authentication), instead
seems
to come from another IP (and thus is caught by the Valve and returns a
login
page).
And you also see this in the log of the PHP script : it shows that it
receives a login page, instead of the expected response. (*)



Yes, that's exactely what we're experiencing (the only detail that differs
it's that authentication is performed by a filter, not a valve)


 One more question : this IP-filter Valve, is that something written

in-house ?



Yes, we coded the filter.


 I do not see anything particularly wrong in the server.xml which you

sent.
But it does confirm that you have a single  in Tomcat.

One additional question :
The crontab PHP script sends a request to Tomcat from time to time.
Is that request directed to a specific application that only the PHP script
is using, or is that same application also used by other clients ?




Yes, we have only one web application used by all our clients, included the
php script.


Mmm. That's a bit more complicated for what I had in mind.
Would it be a problem to have 2 separate instances of that application (one for the PHP 
script, one for the other clients) ?


I have little time now, but what I have in mind would be roughly as follows :
- you add a second  in your server.xml file, with a hostname of e.g. 
"internal.company.com"

- for that second Host, you create a separate "webapps" directory, e.g.
(tomcat_dir)/webapps2
- in that directory, you copy your application, e.g. as
(tomcat_dir)/webapps2/yourapp/*  (the same application name, and exactly all the same 
files, no changes)

- in the local "hosts" file of your machine, you add the line
127.0.0.1 internal.company.com
- you change your PHP script to access "http://internal.company.com:8080"; instead of 
"http://127.0.0.1:8080";


The rest later, I have to go now.. but think about it.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issues with getRemoteAddress

[Filippo Machi]

On Fri, May 27, 2011 at 11:20 AM, André Warnier  wrote:

> Filippo Machi wrote:
>
>>
>> we're using tomcat 7.0.12
>>
>>  Ok.
>
>
>>  1) You have serverA running Tomcat, and Tomcat listens on port 8080.
>>> The (network) IP address of serverA is : 
>>>
>> 85.214.x.x
>>
>> (apart from the loopback address 127.0.0.1)
>>
>>> This Tomcat has some IP-based access Valve which :
>>>
>>>
>> we have a filter, not a valve,  (a class implementing
>> javax.servlet.Filter)
>> that authenticates incoming request
>> according to:
>> - a particular key contained as parameter in the request
>> - the ip of the incoming request
>> - a cookie
>> those checks are applied in the exact order I listed them, if all of them
>> fails, then the user
>> is redirected to the login page as follows
>>
>> request.getServletContext()
>>   .getRequestDispatcher(LOGIN_PAGE_REDIRECT_URL)
>>   .forward(request, response);
>>
>> I don't know whether it matters but we have a chain of filters and the
>> authorization one I described is applied
>> after a filter that, in some cases perform a forward
>>
>>
>> request.getServletContext().getRequestDispatcher(remappedResource).forward(request,
>> response);
>>
>> but I think it shouldn't be the cause of the issue...
>>
>>
>> - for requests from 127.0.0.1, allows them through without authentication
>>
>>> - for requests /not/ from 127.0.0.1, requires authentication in the form
>>> of
>>> a cookie, and if that cookie is not present, returns a login page.
>>>
>>> The requester IP address is obtained by the Valve using the
>>> getRemoteAddress() method.
>>>
>>> 2) On the same serverA, there is a cron job which runs from time to time.
>>> This cron job runs a PHP script, which
>>> - connects to "127.0.0.1:8080"
>>> - sends a HTTP request over that connection, directed to a specific
>>> Tomcat
>>> application
>>> - receives a response from Tomcat
>>>
>>> 3) there are also other clients (not on serverA), which access other
>>> applications (or the same application) on serverA/Tomcat directly, by
>>> addressing their requests to ?
>>> (IP or name).
>>>
>>>
>> there are other clients (browsers) accessing serverA using the server name
>>
>>
>>  (it cannot be 127.0.0.1:8080, since these clients are not on serverA)
>>>
>>> The IP's of those clients are :
>>>
>> something like 93.35.x.x
>>
>>
>>> And what you are seeing in the logs, is that from time to time, a request
>>> which seems to come from the PHP script (and should thus have a client IP
>>> address of 127.0.0.1 and go through without authentication), instead
>>> seems
>>> to come from another IP (and thus is caught by the Valve and returns a
>>> login
>>> page).
>>> And you also see this in the log of the PHP script : it shows that it
>>> receives a login page, instead of the expected response. (*)
>>>
>>>
>> Yes, that's exactely what we're experiencing (the only detail that differs
>> it's that authentication is performed by a filter, not a valve)
>>
>>
>>  One more question : this IP-filter Valve, is that something written
>>> in-house ?
>>>
>>>
>> Yes, we coded the filter.
>>
>>
>>  I do not see anything particularly wrong in the server.xml which you
> sent.
> But it does confirm that you have a single  in Tomcat.
>
> One additional question :
> The crontab PHP script sends a request to Tomcat from time to time.
> Is that request directed to a specific application that only the PHP script
> is using, or is that same application also used by other clients ?
>
>
>
Yes, we have only one web application used by all our clients, included the
php script.



>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Issues with getRemoteAddress

[André Warnier]

Filippo Machi wrote:


we're using tomcat 7.0.12


Ok.




1) You have serverA running Tomcat, and Tomcat listens on port 8080.
The (network) IP address of serverA is : 

85.214.x.x

(apart from the loopback address 127.0.0.1)

This Tomcat has some IP-based access Valve which :



we have a filter, not a valve,  (a class implementing javax.servlet.Filter)
that authenticates incoming request
according to:
- a particular key contained as parameter in the request
- the ip of the incoming request
- a cookie
those checks are applied in the exact order I listed them, if all of them
fails, then the user
is redirected to the login page as follows

request.getServletContext()
   .getRequestDispatcher(LOGIN_PAGE_REDIRECT_URL)
   .forward(request, response);

I don't know whether it matters but we have a chain of filters and the
authorization one I described is applied
after a filter that, in some cases perform a forward

request.getServletContext().getRequestDispatcher(remappedResource).forward(request,
response);

but I think it shouldn't be the cause of the issue...


- for requests from 127.0.0.1, allows them through without authentication

- for requests /not/ from 127.0.0.1, requires authentication in the form of
a cookie, and if that cookie is not present, returns a login page.

The requester IP address is obtained by the Valve using the
getRemoteAddress() method.

2) On the same serverA, there is a cron job which runs from time to time.
This cron job runs a PHP script, which
- connects to "127.0.0.1:8080"
- sends a HTTP request over that connection, directed to a specific Tomcat
application
- receives a response from Tomcat

3) there are also other clients (not on serverA), which access other
applications (or the same application) on serverA/Tomcat directly, by
addressing their requests to ?
(IP or name).



there are other clients (browsers) accessing serverA using the server name



(it cannot be 127.0.0.1:8080, since these clients are not on serverA)

The IP's of those clients are :

something like 93.35.x.x



And what you are seeing in the logs, is that from time to time, a request
which seems to come from the PHP script (and should thus have a client IP
address of 127.0.0.1 and go through without authentication), instead seems
to come from another IP (and thus is caught by the Valve and returns a login
page).
And you also see this in the log of the PHP script : it shows that it
receives a login page, instead of the expected response. (*)



Yes, that's exactely what we're experiencing (the only detail that differs
it's that authentication is performed by a filter, not a valve)



One more question : this IP-filter Valve, is that something written
in-house ?



Yes, we coded the filter.



I do not see anything particularly wrong in the server.xml which you sent.
But it does confirm that you have a single  in Tomcat.

One additional question :
The crontab PHP script sends a request to Tomcat from time to time.
Is that request directed to a specific application that only the PHP script is using, or 
is that same application also used by other clients ?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

"Missing" requests on server - IIS -> ISAPI redirect -> Tomcat 6

[Thomas Andraschko]

Hi,

we have a problem that some requests are missing on our application.
As far we can see, the requests are arrived at IIS but not at Tomcat.
Also we do not know if the request are processed by IIS but there were never 
problems with our ASP.Net application which runs directly on IIS.
I also added the AccessLogValve but AFAICS the request is already lost and not 
added to logs.

For example:
The users clicks on a link and the request is sent but it's not arrived at our 
application.
No error logs, no entry in the AccessLog, no entry in the windows event logs 
and no entry in our application!
The request is never arrived at our application and the request seems to be 
lost... The browser will automatically retry after 120 seconds and the 
request/response is finished after few seconds or milliseconds.

Our environment:
Hardware Firewall and Loadbalancer (This should not be a problem because the 
request arrives at IIS)
Windows 2003 32bit with IIS 6

ISAPI redirector 1.2.26.0

Tomcat 6.0.16

Anyone ever had a similiar problem?

Thanks!

Best regards,
Thomas

Re: Tomcat 5.5.27, session lost, cookies

[Filippo Machi]

Ciao!
Please read my comment inline..

On Fri, May 27, 2011 at 12:12 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Filippo,
>
> On 5/26/2011 10:50 AM, Filippo Machi wrote:
> > One of our legacy (non java) server was used to put a blank (' ')
> character
> > as value of a cookie.
>
> The value itself is blank, or the value /contains/ a blank?
>

the value contains a blank


>
> Please give us an example of a "Cooke:" header from your client and
> maybe we can suggest a solution (a few come to mind, but I'm unwilling
> to describe them until I see an example).
>

here it's an example, I used firebug to grab the cookie header contained in
the request:

AA=01*49qmsEhufMY7I6g/OnGT2tN3ThrCZH6vJ342kTDsssuRgEhlqwftbRTaikwi9I3HIx5yoK1ng4tY
5JuIUe3x9o0Jptimu3uvVgeQAKc5htM=;
__utma=125866390.1346069185.1295258223.1306326749.1306484681.40;
__utmz=125866390.1306326795.39.29.utmcsr=


as you can see there are different cookies, the first one (AA) it's the
guilty. It has a blank here

...4tY 5Ju...

thanks
Fil


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk3e0EcACgkQ9CaO5/Lv0PD6ZgCfZYbQ0mgHBVH7lCiGEiiQ5jwd
> YWsAmwUmoJuGlbNvIRouWyWXLbSPsq6o
> =U5r9
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Issues with getRemoteAddress

[Filippo Machi]

Ciao Andrè,
thanks for your answer!
I really appreciate all the time you spend, thanks again.
Please find my inline answers..


On Thu, May 26, 2011 at 7:12 PM, André Warnier  wrote:

> Hi.
>
> First, tell us what precise version of Tomcat you are using (x.y.z format).
>

we're using tomcat 7.0.12


>
> Then, one minute I think that I am starting to understand your setup, but
> the next minute I am lost again.
>

Sorry, maybe I wasn't clean enough, but it looks to me that you have quite a
clear picture of our setup and issue


>
> The way I understand it now (please correct whatever needs to be) :
>
> 1) You have serverA running Tomcat, and Tomcat listens on port 8080.
> The (network) IP address of serverA is : 
>

85.214.x.x

(apart from the loopback address 127.0.0.1)
>
> This Tomcat has some IP-based access Valve which :
>

we have a filter, not a valve,  (a class implementing javax.servlet.Filter)
that authenticates incoming request
according to:
- a particular key contained as parameter in the request
- the ip of the incoming request
- a cookie
those checks are applied in the exact order I listed them, if all of them
fails, then the user
is redirected to the login page as follows

request.getServletContext()
   .getRequestDispatcher(LOGIN_PAGE_REDIRECT_URL)
   .forward(request, response);

I don't know whether it matters but we have a chain of filters and the
authorization one I described is applied
after a filter that, in some cases perform a forward

request.getServletContext().getRequestDispatcher(remappedResource).forward(request,
response);

but I think it shouldn't be the cause of the issue...


- for requests from 127.0.0.1, allows them through without authentication
> - for requests /not/ from 127.0.0.1, requires authentication in the form of
> a cookie, and if that cookie is not present, returns a login page.
>
> The requester IP address is obtained by the Valve using the
> getRemoteAddress() method.
>
> 2) On the same serverA, there is a cron job which runs from time to time.
> This cron job runs a PHP script, which
> - connects to "127.0.0.1:8080"
> - sends a HTTP request over that connection, directed to a specific Tomcat
> application
> - receives a response from Tomcat
>
> 3) there are also other clients (not on serverA), which access other
> applications (or the same application) on serverA/Tomcat directly, by
> addressing their requests to ?
> (IP or name).
>

there are other clients (browsers) accessing serverA using the server name


> (it cannot be 127.0.0.1:8080, since these clients are not on serverA)
>
> The IP's of those clients are :


something like 93.35.x.x


>   (just an idea, to distinguish them from the above)
>
> And what you are seeing in the logs, is that from time to time, a request
> which seems to come from the PHP script (and should thus have a client IP
> address of 127.0.0.1 and go through without authentication), instead seems
> to come from another IP (and thus is caught by the Valve and returns a login
> page).
> And you also see this in the log of the PHP script : it shows that it
> receives a login page, instead of the expected response. (*)
>

Yes, that's exactely what we're experiencing (the only detail that differs
it's that authentication is performed by a filter, not a valve)


>
> Or else, what is the problem precisely ?
>
> One more question : this IP-filter Valve, is that something written
> in-house ?
>

Yes, we coded the filter.


> (At some point, we may want to see the content of the conf/server.xml of
> your Tomcat also.
> Make a copy, remove any sensitive information like exact IP addresses,
> passwords etc., and paste it directly into a message here.  Do not paste it
> as an attachment, this list often strips them).
>

As requested, but I don't think my colleagues change it too much since we're
now setting up our production environment.






  
  
  
  
  
  
  
  
  

  
  


  

  
  





















  
  

  
  


  

  







  

  





>
>
> (*) If this is what happens, it is indeed bizarre, and it should never
> happen.
> It introduces a strong suspicion that there is something wrong with the
> Valve..
>
> As a separate comment, not to mix with the above :
> In all generality, if your serverA is connected to the Internet, it is not
> surprising per se, that your server would receive from time to time a
> request, directed to the same URL as the one used by your PHP script, but
> coming from an external unknown IP.
> That happens all the time, as there are plenty of nefarious bots out there
> looking for server weaknesses all the time.
> But these external unknown IP clients should then receive the login page in
> return.
> If your PHP script receives this login page however, then it looks as if
> your IP-filter Valve may be mixing up its requests/responses.

Re: Monitoring memory usage of JVM

[Mikolaj Rydzewski]

On Fri, 27 May 2011 09:50:06 +0200, André Warnier wrote:


Searching the WWW, I am finding (too) many interpretations of the
output of "-verbose:gc" (or "-verbosegc", none of them starting from
exactly the format above.
I can kind of guess what the above means, but where can I find an
"authoritative" interpretation for Sun/Oracle Java 1.6 ?

Also, does anyone know if there is a way to specify that instead of
the unreadable leading timestamp above, one can get a 
nicely-formatted

one ?
(-XX:+PrintGCTimeStamps ?)


I use the following options:

-Xloggc:gc.log -XX:+PrintGCDetails -XX:+PrintGCTimeStamps

We use nice tool from HP (HPJmeter) at work. It parses GC logfile and 
produces various graphs. I guess you can download it for free from 
www.hp.com/go/java


--
Mikolaj Rydzewski 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Monitoring memory usage of JVM

[André Warnier]

Pid wrote:

On 26/05/2011 21:50, André Warnier wrote:

André Warnier wrote:

Pid wrote:

On 26/05/2011 20:16, Caldarale, Charles R wrote:

From: André Warnier [mailto:a...@ice-sa.com] Subject: Monitoring
memory usage of JVM
I am thinking of a couple of command-line options for the JVM,
to dump for example some information each time a GC happens,

Try -verbose:gc and -Xloggc:

The jmap & jstat commands shipped with the JDK are also useful.



Thanks to both.
I'll try these out.


For now, I have used the "-verbose:gc and -Xloggc:" command-line
options, and added the jmap command into one of the other monitoring
shell scripts I created.
I'll have to wait for the next GC to see the output of the switches.  As
the application isn't doing anything right now, that could take a while.

But a question about "jstat" in the meantime :
In the documentation of jstat, it has this to say about the /lvmid/ part :

port
The default port for communicating with the remote server. If the
hostname is omitted or the protocol specifies an optimized, local
protocol, then port is ignored. Otherwise, treatment of the port
parameter is implementation specific. For the default rmi protocol, the
port indicates the port number for the rmiregistry on the remote host.
If port is omitted, and protocol indicates rmi, then the default
rmiregistry port (1099) is used.

Is this the same port which I otherwise set for jconsole, iow via the
option :
-Dcom.sun.management.jmxremote.port=


Yes, AFAIK.  There's also a companion utility 'jstatd'.



I'll just continue adding here, so that everything stays together.

the output of the "-verbose:gc" switch looks as follows :
...
36980.453: [GC 479482K->271910K(994752K), 0.0135340 secs]
37085.411: [GC 511334K->269236K(992320K), 0.0130770 secs]
37750.377: [GC 508660K->276295K(999168K), 0.0124960 secs]
38078.813: [GC 524999K->286052K(997184K), 0.0077580 secs]
38187.341: [GC 534756K->295781K(1004032K), 0.0096650 secs]
38341.838: [GC 553765K->300854K(1001600K), 0.0230050 secs]
...
Searching the WWW, I am finding (too) many interpretations of the output of "-verbose:gc" 
(or "-verbosegc", none of them starting from exactly the format above.
I can kind of guess what the above means, but where can I find an "authoritative" 
interpretation for Sun/Oracle Java 1.6 ?


Also, does anyone know if there is a way to specify that instead of the unreadable leading 
timestamp above, one can get a nicely-formatted one ?

(-XX:+PrintGCTimeStamps ?)


By the way, I know that there is an over-abudance of articles on the WWW about Java memory 
tuning, but here is one I found serendipitiously :

http://fedora.fiz-karlsruhe.de/docs/Wiki.jsp?page=Java%20Heap%20%26%20GC%20Tuning
Even if it appears to have been written mainly for one kind of application, it is short, 
readable, to-the-point, and I think usable in a broader context.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org