Re: Seeking tips on multi-host, multi-context deployments
All of which is splendid, but it would've been better if you hadn't hijacked the Incorporating changes compiling Tomcat thread by replying to my last message editing the subject body. Please start a new thread instead, in future. p signature.asc Description: OpenPGP digital signature
Re: catalina_pid file contains +1 pid number instead of correct pid
On 29/09/2011 06:30, Raghu GS wrote: Konstantin Kolinko wrote: 2011/9/27 Raghu GS raghu...@i10n.com: Hello Everybody We are using Tomcat 6.20 in CentOS 5.3 server. 6.0.20 ?? You should read http://tomcat.apache.org/security-6.html as well as all the fixed issues in changelog. I have recently enabled catalina_pid functionality using environment variable. The PID file got created and contains +1 PID number. If the Tomcat's real PID number 5446, the pid file would contain 5447 as PID number. catalina.sh is a shell script file. There are not many secrets there and it is editable. You should try to debug what really goes on on your system. IIRC there were some talks about using exec command vs eval command in the script to launch the process. Anyway, if CATALINA_PID file were not working I think somebody would report it, but 6.0.20 was so old ago and I do not remember such reports. Please help me to resolve this problem as we are using tomcat in 10 of our servers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Actually the PID number in the PID file is not wildly incorrect. So, please suggest me an easy to implement solution. Upgrade to the latest 6.0.33 and try again? p signature.asc Description: OpenPGP digital signature
Re: Using namespaces within XML documents produced from JSPXs
On 28 September 2011 18:11, Konstantin Kolinko knst.koli...@gmail.comwrote: 1) I replaced opening svg tag with: svg xmlns=http://www.w3.org/2000/svg; width=450 height=500 viewBox=0 0 450 500 xmlns:c=http://java.sun.com/jsp/jstl/core; xmlns:fn=http://java.sun.com/jsp/jstl/functions; xmlns:jsp=http://java.sun.com/JSP/Page; xmlns:foo=bar jsp:directive.page contentType=image/svg+xml / titleJSP 2.0 JSPX/title foo:xBar!/foo:x Note xmlns declaration and foo:x element. The page, http://localhost:8080/examples/jsp/jsp2/jspx/textRotate.jspx?name=JSPX renders correctly and gives me: ?xml version=1.0 encoding=UTF-8? svg xmlns:foo=bar xmlns=http://www.w3.org/2000/svg; viewBox=0 0 450 500 height=500 width=450titleJSP 2.0 JSPX/titlefoo:xBar!/foo:xg id=testContent() With correct xmlns:foo=bar and foo:xBar!/foo:x. This is what isn't working on Tomcat 6.0.32 for me. Note additionally that http://www.w2.org/2000/svg; should be a taglib uri too to fully mirror my example. Perhaps I'm being too optimistic that the namespace attribute 'xmlns' would be made available to the custom tag??
[OT] Tomcat on its own SVN repository?
Hello list, I was trying to get the source code in order to implement my own idea of a remote address valve (as mentioned in a previous thread). But I use git-svn, and discovered that Tomcat is on a repository with 1M+ changes on it! git svn clone is therefore woefully impractical. Is there any plan to move each project at least to its own SVN repo, if not git? -- Francis Galiegue ONE2TEAM Ingénieur système Mob : +33 (0) 683 877 875 Tel : +33 (0) 178 945 552 f...@one2team.com 40 avenue Raymond Poincaré 75116 Paris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using namespaces within XML documents produced from JSPXs
2011/9/29 Paul Wilson paulalexwil...@gmail.com: On 28 September 2011 18:11, Konstantin Kolinko knst.koli...@gmail.comwrote: This is what isn't working on Tomcat 6.0.32 for me. Note additionally that http://www.w2.org/2000/svg; should be a taglib uri too to fully mirror my example. Perhaps I'm being too optimistic that the namespace attribute 'xmlns' would be made available to the custom tag?? As I wrote, taglib can only generate text. It cannot generate org.w3c.dom.Element. The following will work for you: foo:xyz xmlns:foo=path/to/foo/ns foo:p/ bar:q xmlns:bar=path/to/bar/ns / /foo:xyz Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Accessing Tomcat manager app
Hi I have installed tom cat 7.0.21 I have changed the tomcat-users.xml file as below tomcat-users role rolename=Standard/ role rolename=admin/ role rolename=manager-script/ role rolename=tomcat/ role rolename=role1/ user name=mgr password=tomcat roles=standard,manager-script/ user name=tomcat password=tomcat roles=tomcat/ user name=role1 password=tomcat roles=role1/ user name=both password=tomcat roles=tomcat,role1/ /tomcat-users Still I am not able to access the manager app. Thanks for your time -- regards KRS
Re: [OT] Tomcat on its own SVN repository?
2011/9/29 Francis GALIEGUE f...@one2team.com: Hello list, I was trying to get the source code in order to implement my own idea of a remote address valve (as mentioned in a previous thread). But I use git-svn, and discovered that Tomcat is on a repository with 1M+ changes on it! git svn clone is therefore woefully impractical. Is there any plan to move each project at least to its own SVN repo, if not git? No. Why? If it ain't broken do not fix it. The project has 10+ years of history, and all its versions are related. Also we sometimes copy code from other ASF projects. BTW, there are read-only git mirrors at ASF elsewhere. http://www.apache.org/dev/contributors.html http://git.apache.org/ Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat on its own SVN repository?
If you need a git clone use: https://github.com/apache/ and search clone started with tomcat 2011/9/29 Francis GALIEGUE f...@one2team.com: Hello list, I was trying to get the source code in order to implement my own idea of a remote address valve (as mentioned in a previous thread). But I use git-svn, and discovered that Tomcat is on a repository with 1M+ changes on it! git svn clone is therefore woefully impractical. Is there any plan to move each project at least to its own SVN repo, if not git? -- Francis Galiegue ONE2TEAM Ingénieur système Mob : +33 (0) 683 877 875 Tel : +33 (0) 178 945 552 f...@one2team.com 40 avenue Raymond Poincaré 75116 Paris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Olivier Lamy Talend : http://talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Accessing Tomcat manager app
2011/9/29 krishnaroopa senthilkumar krishnaro...@gmail.com: Hi I have installed tom cat 7.0.21 I have changed the tomcat-users.xml file as below tomcat-users role rolename=manager-script/ user name=mgr password=tomcat roles=standard,manager-script/ /tomcat-users The manager-script role gives access only to the text interface of manager (used by scripts connecting remotely). See web.xml file of the manager application for the actual list of supported roles. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat on its own SVN repository?
On Thu, Sep 29, 2011 at 10:35, Konstantin Kolinko knst.koli...@gmail.com wrote: [...] No. Why? If it ain't broken do not fix it. Depends on the point of view, I guess :) SVN is broken to my eyes... The project has 10+ years of history, and all its versions are related. Also we sometimes copy code from other ASF projects. BTW, there are read-only git mirrors at ASF elsewhere. http://www.apache.org/dev/contributors.html http://git.apache.org/ Yep, I see that! I'll use this as a base then. Thanks, -- Francis Galiegue ONE2TEAM Ingénieur système Mob : +33 (0) 683 877 875 Tel : +33 (0) 178 945 552 f...@one2team.com 40 avenue Raymond Poincaré 75116 Paris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using namespaces within XML documents produced from JSPXs
On 29 September 2011 09:28, Konstantin Kolinko knst.koli...@gmail.comwrote: The following will work for you: foo:xyz xmlns:foo=path/to/foo/ns foo:p/ bar:q xmlns:bar=path/to/bar/ns / /foo:xyz Unfortunately (this is the first thing I tried), the client won't accept the namespace being bound on the element itself, and requires that it be bound on the XML's root tag. Looks like I'm stuck. Thanks for your help, much appreciated! Paul
Re: Accessing Tomcat manager app
Great!.. Thanks a lot. I included manager-gui role and able to access. Next thing, I had a war file insight.war and placed it under webapps folders I am able to access as http://localhost:8080/insight/index.html But i need to access it directly as http://localhost:8080/index.html Heard that need be changed in context setting.. but could not get it. Thanks again KRS On Thu, Sep 29, 2011 at 2:08 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2011/9/29 krishnaroopa senthilkumar krishnaro...@gmail.com: Hi I have installed tom cat 7.0.21 I have changed the tomcat-users.xml file as below tomcat-users role rolename=manager-script/ user name=mgr password=tomcat roles=standard,manager-script/ /tomcat-users The manager-script role gives access only to the text interface of manager (used by scripts connecting remotely). See web.xml file of the manager application for the actual list of supported roles. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- regards KRS
Re: Accessing Tomcat manager app
2011/9/29 krishnaroopa senthilkumar krishnaro...@gmail.com: Great!.. Thanks a lot. I included manager-gui role and able to access. Next thing, I had a war file insight.war and placed it under webapps folders I am able to access as http://localhost:8080/insight/index.html But i need to access it directly as http://localhost:8080/index.html Heard that need be changed in context setting.. but could not get it. Thanks again Have you seen FAQ? Just rename your file into ROOT.war. It is the easiest way. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Seeking tips on multi-host, multi-context deployments
On 28/09/2011 19:25, Sam Hokin wrote: (2) Dell 1950 8-CPU servers running Fedora 14 Linux 2.6.35, one with 2 GB RAM and one with 4 GB RAM That seems low but if it works for you... (2) Tomcat 7.0.16 instances, one on each server, running clustered contexts in distributable mode, under Sun JDK 1.6.0 Worth updating to 7.0.21 (or 7.0.22 which will hopefully be released in a few days). P.S. One option I've considered is to run KVM and run each host in its own virtual OS. To me that's a ridiculous amount of OS overhead to deal with occasional Tomcat outages, but it probably would be one solution, much more difficult to maintain than a single Tomcat instance per server running all the hosts and contexts. If you've had experience running multiple Tomcat instances in separate virtual machines, I'd be curious to hear how it went. I wouldn't go as far as a VM per host but you might want to consider multiple Tomcat instances per server with, for example, a Tomcat instance per host. Separate CATALINA_HOME (the binary) and CATALINA_BASE (one per host) provides separate Java process for each host with minimal overhead. Your memory requirements will increase but not by much. You can split the apps between hosts any way you like. The ASF uses this to run the main, test1 and test2 Jira instances from a single Tomcat binary. Tomcat upgrades take me about 5 minutes from start to finish with about 2 minutes downtime. The downtime is pretty much all due to the time it takes Jira to stop and start. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Logging properties of attributes in the HttpSession
Hi,
I am logging all local host access using the following config:
Valve className=org.apache.catalina.valves.AccessLogValve directory=logs
prefix=localhost_access_log. suffix=.txt
pattern='%h %l %u %{userObject}s %t %r %s %b'
resolveHosts=false/
The userObject HttpSession attribute is a Java Object and right now it
is logging it by calling its toString method.
I wanted to log a specific property of that object (userId) so I tried
%{userObject.userId}s but that did not print anything.
Is it possible to log properties of an object that is in session? I
can add the information to the toString method but I want avoid that
for now (I would have to re check the whole application 1500+ pages to
make sure that it is not called anywhere else).
Thanks,
Rich
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Regarding missing requst parameter infos in RequestFacade
Hi, I am using cocoon 2.1.9 as my web application frame work on tomcat 6.0.33 I get strange problem that I get request object and also able to get values of querystring and sessionid from the request object. (RequestFacade) But when try to get request-parameter using the same object it some times gives empty as value.(even if the request parameter is there in the request). Refreshing the same request url on browser (Firefox) again give me request parameter but consequent tries ends in empty request-parameter. I need help that how to check at which point the request parameter is initialized by tomcat. Thanks! with regards, Saravanan.N
Re: Regarding missing requst parameter infos in RequestFacade
On Thu, Sep 29, 2011 at 3:27 PM, Sharun superstar saravanan.nedunchezhi...@gmail.com wrote: Hi, I am using cocoon 2.1.9 as my web application frame work on tomcat 6.0.33 I get strange problem that I get request object and also able to get values of querystring and sessionid from the request object. (RequestFacade) But when try to get request-parameter using the same object it some times gives empty as value.(even if the request parameter is there in the request). Refreshing the same request url on browser (Firefox) again give me request parameter but consequent tries ends in empty request-parameter. I need help that how to check at which point the request parameter is initialized by tomcat. Thanks! with regards, Saravanan.N
Tomcat 7 :: Tomcat-Native
Hi all, I'm trying to set up APR SSL, and at catalina.out is: INFO: An older version 1.1.20 of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of 1.1.22 Sep 29, 2011 5:07:40 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. So, I compiled 1.1.22, from several ways: ./configure \ --prefix=/opt/apache-tomcat-7.0.21/ \ --with-ssl=yes \ --with-java-home=/usr/java/jdk1.6.0_23/ \ --with-apr=/opt/apr-1.4.2/ \ $@ ./configure \ --with-ssl=yes \ --with-java-home=/usr/java/jdk1.6.0_23/ \ --with-apr=/opt/apr-1.4.2/ \ $@ And JAVA_OPTS at catalina: export JAVA_HOME=/usr/java/jdk1.6.0_23 export CATALINA_HOME=/opt/apache-tomcat-7.0.21 export JAVA_OPTS=-Xms256m -Xmx912m -XX:PermSize=500m -XX:MaxPermSize=1024m -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false -Djava.library.path=/usr/java/jdk1.6.0_23/jre/lib/i386/client:/usr/java/jdk1.6.0_23/jre/lib/i386:/usr/java/jdk1.6.0_23/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib:/opt/apache-tomcat-7.0.21/lib No way to load tomcat-native 1.1.22... Any suggestions? Thanks!! Laura,
Re: Using namespaces within XML documents produced from JSPXs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 9/29/2011 4:43 AM, Paul Wilson wrote: On 29 September 2011 09:28, Konstantin Kolinko knst.koli...@gmail.comwrote: The following will work for you: foo:xyz xmlns:foo=path/to/foo/ns foo:p/ bar:q xmlns:bar=path/to/bar/ns / /foo:xyz Unfortunately (this is the first thing I tried), the client won't accept the namespace being bound on the element itself, and requires that it be bound on the XML's root tag. Looks like I'm stuck. Silly question: why not just do your own XML root tag? ?xml version=1.0 encoding=UTF-8 ? foo:xyz xmlns:foo=path/to/foo/ns xmlns:bar=path/to/bar/ns real-foo-taglib:whatever ... /real-foo-taglib:whatever bar:q / /foo:xyz ? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6Ei54ACgkQ9CaO5/Lv0PCO2QCfYMhDvjiiiwPli2Nufy5fdTBT WHIAn3S1QDb3XguxuwyeipBQ+uiOp0Wo =NtJl -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: catalina_pid file contains +1 pid number instead of correct pid
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Raghu, On 9/29/2011 1:30 AM, Raghu GS wrote: I have recently enabled catalina_pid functionality using environment variable. The PID file got created and contains +1 PID number. So, when you look at the PID file you get, say 1235 but when you run a ps you see your JVM process is PID 1234? I'm surprised that's the case. I would buy that the pid of the /script/ was 1234 and that the JVM is 1235 but I guess strange things can sometimes happen. Actually the PID number in the PID file is not wildly incorrect. So, please suggest me an easy to implement solution. We're not entirely sure of the problem, so coming up with a solution isn't going to be terribly easy. Can you show us what happens when you do this: $ bin/shutdown.sh $ bin/startup.sh $ cat $CATALINA_PID $ ps aux | grep 'java\PID' - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6EkTQACgkQ9CaO5/Lv0PCXPQCfbsvgBvgDP85OKgFVrkJ9Lb6L EWgAn2zBw4rPnqAkMKvP19gzI11ZGSCq =zVEw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 :: Tomcat-Native
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lunita, On 9/29/2011 11:12 AM, Lunita wrote: I'm trying to set up APR SSL, and at catalina.out is: INFO: An older version 1.1.20 of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of 1.1.22 Sep 29, 2011 5:07:40 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. So, I compiled 1.1.22, from several ways: Good. Did you get a binary out of either of these processes? Generally speaking, you'll have to run make at some point in order to do the compile, and then you'll have to copy the binary somewhere that makes sense. I generally put the binary into CATALINA_HOME/bin and then set -Djava.library.path=$CATALINA_HOME/bin. And JAVA_OPTS at catalina: export JAVA_HOME=/usr/java/jdk1.6.0_23 export CATALINA_HOME=/opt/apache-tomcat-7.0.21 export JAVA_OPTS=-Xms256m -Xmx912m -XX:PermSize=500m -XX:MaxPermSize=1024m -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false - -Djava.library.path=/usr/java/jdk1.6.0_23/jre/lib/i386/client:/usr/java/jdk1.6.0_23/jre/lib/i386:/usr/java/jdk1.6.0_23/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib:/opt/apache-tomcat-7.0.21/lib So where is your libapr-1.1.11.so file located? No way to load tomcat-native 1.1.22... Sure there is a way to load it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6EkyMACgkQ9CaO5/Lv0PD+pACbByjdPdCQ/F8g1gnrD7DD36jM gHUAn0UHzOiLUOiZHB45pZrPx4/c4B/s =nSSr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Regarding missing requst parameter infos in RequestFacade
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sharun,
Marking OT because this is almost certainly not a Tomcat issue, but
Cocoon configuration or something else.
On 9/29/2011 9:27 AM, Sharun superstar wrote:
I am using cocoon 2.1.9 as my web application frame work on tomcat
6.0.33
I'm on Cocoon 2.1.11. You and me both need to upgrade badly! I also
happen to be using Tomcat 6.0.32 in production.
I get strange problem that I get request object and also able to
get values of querystring and sessionid from the request object.
(RequestFacade)
So... that's how things are supposed to work, so that's not a problem.
But when try to get request-parameter using the same object it some
times gives empty as value.(even if the request parameter is there
in the request).
Exactly what does your configuration look like? We have pipelines like
this:
map:match pattern=report/full.xml
map:generate
src={global:base-url}/report.xml.do;jsessionid={request:requestedSessionId}?id={request-param:id}
/
map:transform
src={global:stylesheet-url}/responses-to-cinclude.xsl
map:parameter name=base-url value={global:base-url} /
map:parameter name=include-foo
value={request-param:include-foo} /
/map:transform
map:transform
src={global:stylesheet-url}/resources-to-cinclude.xsl
map:parameter name=rsid-param value={request-param:rsid} /
/map:transform
map:transform type=cinclude /
map:serialize type=xml /
/map:match
The above {request-param:foo} settings seem to work reliably for me.
All of our requests are GET... all POST requests are handled by
non-Cocoon-based code.
Refreshing the same request url on browser (Firefox) again give me
request parameter but consequent tries ends in empty
request-parameter.
That's certainly strange. Have you tried observing the HTTP traffic
using something like fiddler, LiveHTTPHeaders, etc. to see what the
client is sending?
I need help that how to check at which point the request parameter
is initialized by tomcat.
Request parameters are read from POST requests the first time any of
the ServletRequest.getParameter* family of methods are called. I'm not
entirely sure when GET parameters are parsed... probably at the same
time. If you use {request-param:foo}, that will translate (eventually)
into a call to ServletRequest.getParameter(foo), so this should work
consistently.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6ElQ0ACgkQ9CaO5/Lv0PCqOgCeLMRx2dQOONiQAYHCjf3zH/d/
iXYAoJcaWJK7kjmDP4spi3bkKu+sccla
=Kiw1
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Seeking tips on multi-host, multi-context deployments
HUGE apologies, Pid! I had no idea that a changed subject would keep my email in a previous thread. I saw no visible connection to your thread, I didn't know that my email client (Thunderbird) would pass the reference to your thread back in the email header. I'll be sure to start a fresh thread in the future, very embarrassing. Believe me, no thread hijacking was intended, it was just mailing list incompetence. (I also have no idea how to pull that reference from this reply, sorry.) And thanks for the tip, Mark, I'll give multiple Tomcat instances a try, I guess that's pretty obvious, I was trying to reduce the overhead of updates by running a single container. And I thought that having 30-odd Tomcat instances (or whatever) would be a much larger drain on resources than a single Tomcat instance with 30 hosts; sounds like it isn't. And more memory - yes. I'll get those servers up to 8 GB each. But what I was looking for was a reference to some sort of multi-context multi-host HOW-TO, which I'm guessing does not exist. I don't want to ask you folks to get into the details of my specific situation, that's my job. On 9/29/2011 1:19 AM, Pid wrote: All of which is splendid, but it would've been better if you hadn't hijacked the Incorporating changes compiling Tomcat thread by replying to my last message editing the subject body. Please start a new thread instead, in future. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 :: Tomcat-Native
Hi Chris, The steps I followed to compile are, configure, make and make install. I see the libtcnative and its liks at $CATALINA_HOME/lib/. /opt/apr-1.4.2/lib/ apr.explibapr-1.a libapr-1.lalibapr-1.so libapr-1.so.0 libapr-1.so.0.4.2 pkgconfig/ I added the /opt/apr-1.4.2/ path to java.library.path, but not response. Greetings, 2011/9/29 Christopher Schultz ch...@christopherschultz.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lunita, On 9/29/2011 11:12 AM, Lunita wrote: I'm trying to set up APR SSL, and at catalina.out is: INFO: An older version 1.1.20 of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of 1.1.22 Sep 29, 2011 5:07:40 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. So, I compiled 1.1.22, from several ways: Good. Did you get a binary out of either of these processes? Generally speaking, you'll have to run make at some point in order to do the compile, and then you'll have to copy the binary somewhere that makes sense. I generally put the binary into CATALINA_HOME/bin and then set -Djava.library.path=$CATALINA_HOME/bin. And JAVA_OPTS at catalina: export JAVA_HOME=/usr/java/jdk1.6.0_23 export CATALINA_HOME=/opt/apache-tomcat-7.0.21 export JAVA_OPTS=-Xms256m -Xmx912m -XX:PermSize=500m -XX:MaxPermSize=1024m -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false - -Djava.library.path=/usr/java/jdk1.6.0_23/jre/lib/i386/client:/usr/java/jdk1.6.0_23/jre/lib/i386:/usr/java/jdk1.6.0_23/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib:/opt/apache-tomcat-7.0.21/lib So where is your libapr-1.1.11.so file located? No way to load tomcat-native 1.1.22... Sure there is a way to load it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6EkyMACgkQ9CaO5/Lv0PD+pACbByjdPdCQ/F8g1gnrD7DD36jM gHUAn0UHzOiLUOiZHB45pZrPx4/c4B/s =nSSr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging properties of attributes in the HttpSession
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rich,
On 9/29/2011 9:18 AM, Richard Sayre wrote:
I am logging all local host access using the following config:
Valve className=org.apache.catalina.valves.AccessLogValve
directory=logs prefix=localhost_access_log. suffix=.txt
pattern='%h %l %u %{userObject}s %t %r %s %b'
resolveHosts=false/
The userObject HttpSession attribute is a Java Object and right now
it is logging it by calling its toString method.
Right.
I wanted to log a specific property of that object (userId) so I
tried %{userObject.userId}s but that did not print anything.
Right. It's looking for an object in the session with the key
userObject.userId, rather than doing what you expect, which is to
get userObject and then call getUserId on it with no arguments.
AccessLogValve doesn't do that kind of thing: it's not very smart.
(It's nice and fast, though).
Is it possible to log properties of an object that is in session?
Not with the current code: you'd have to modify the AccessLogValve.
I can add the information to the toString method but I want avoid
that for now (I would have to re check the whole application 1500+
pages to make sure that it is not called anywhere else).
Honestly, no code should be depending on the return value of toString
on any complex object. I'm not saying it doesn't happen... I'm just
saying that it /shouldn't/ happen.
Adding such a feature to AccessLogValve is certainly possible, but I'm
sure that it won't be added to the %{...}s syntax because of the
overhead of parsing the {...} to determine how to dereference and
navigate the object tree, etc. Such code exists: it's available
through any number of libraries and the syntax all looks the same or
similar (Java EL, etc.): it just needs to be configured to do that.
I'd be in support of a *new* escape sequence that would support this
kind of thing because I think it would be useful but it needs to be
distinct from the existing one so that it doesn't kill performance for
everyone who is already using it. To be sure, AccessLogValve is
intended to be run for every request, so speed is of the essence :)
Patches are always welcome.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6ElvQACgkQ9CaO5/Lv0PBiuQCfUErS2/N6sbJ/CgfYPmc3CSZY
ZhAAoLayLJI66d35xwsla/Y8lUboTcco
=K166
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 :: Tomcat-Native
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lunita, On 9/29/2011 12:02 PM, Lunita wrote: The steps I followed to compile are, configure, make and make install. I see the libtcnative and its liks at $CATALINA_HOME/lib/. /opt/apr-1.4.2/lib/ apr.explibapr-1.a libapr-1.lalibapr-1.so libapr-1.so.0 libapr-1.so.0.4.2 pkgconfig/ I added the /opt/apr-1.4.2/ path to java.library.path, but not response. You'd need to add /opt/apr-1.4.2/lib, not /opt/apr-1.4.2, to your java.library.path. [ From a previous message ]: export JAVA_OPTS=-Xms256m -Xmx912m -XX:PermSize=500m -XX:MaxPermSize=1024m -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false - -Djava.library.path=/usr/java/jdk1.6.0_23/jre/lib/i386/client :/usr/java/jdk1.6.0_23/jre/lib/i386 :/usr/java/jdk1.6.0_23/jre/../lib/i386 :/usr/java/packages/lib/i386 :/lib :/usr/lib :/opt/apache-tomcat-7.0.21/lib I don't see /opt/apt-1.4.2 in there anywhere. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6El9sACgkQ9CaO5/Lv0PDmHgCfVymCPawcTzcu8q6HOud3oyZ+ MswAoJoj07XFcyhxwvMHwLzWPg2zIild =zsF3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging properties of attributes in the HttpSession
Thanks, I'm trying to log the user name. I am not using Tomcat for
authentication and I need that info in my access logs. Perhaps I will
create a new attribute to hold that value rather than accessing the
object I have in session and calling toString.
On that note if I know the username, is it possible to somehow inject
it so that Tomcat logs it using the %u pattern. Previously we used
Tomcats built in authentication but we recently switched to Spring
Security. If I could still use %u, then I could use the 'common'
pattern and in turn use FastCommonAccessLogValve. If not I will use
the HTTP Session.
Thanks,
Rich
On Thu, Sep 29, 2011 at 1:34 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rich,
On 9/29/2011 9:18 AM, Richard Sayre wrote:
I am logging all local host access using the following config:
Valve className=org.apache.catalina.valves.AccessLogValve
directory=logs prefix=localhost_access_log. suffix=.txt
pattern='%h %l %u %{userObject}s %t %r %s %b'
resolveHosts=false/
The userObject HttpSession attribute is a Java Object and right now
it is logging it by calling its toString method.
Right.
I wanted to log a specific property of that object (userId) so I
tried %{userObject.userId}s but that did not print anything.
Right. It's looking for an object in the session with the key
userObject.userId, rather than doing what you expect, which is to
get userObject and then call getUserId on it with no arguments.
AccessLogValve doesn't do that kind of thing: it's not very smart.
(It's nice and fast, though).
Is it possible to log properties of an object that is in session?
Not with the current code: you'd have to modify the AccessLogValve.
I can add the information to the toString method but I want avoid
that for now (I would have to re check the whole application 1500+
pages to make sure that it is not called anywhere else).
Honestly, no code should be depending on the return value of toString
on any complex object. I'm not saying it doesn't happen... I'm just
saying that it /shouldn't/ happen.
Adding such a feature to AccessLogValve is certainly possible, but I'm
sure that it won't be added to the %{...}s syntax because of the
overhead of parsing the {...} to determine how to dereference and
navigate the object tree, etc. Such code exists: it's available
through any number of libraries and the syntax all looks the same or
similar (Java EL, etc.): it just needs to be configured to do that.
I'd be in support of a *new* escape sequence that would support this
kind of thing because I think it would be useful but it needs to be
distinct from the existing one so that it doesn't kill performance for
everyone who is already using it. To be sure, AccessLogValve is
intended to be run for every request, so speed is of the essence :)
Patches are always welcome.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6ElvQACgkQ9CaO5/Lv0PBiuQCfUErS2/N6sbJ/CgfYPmc3CSZY
ZhAAoLayLJI66d35xwsla/Y8lUboTcco
=K166
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: connection pooling configuration for DB2 in tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Krish, On 9/28/2011 5:51 PM, rad muthu wrote: I am looking for DB2 connection pooling configuration used in DB2. http://lmgtfy.com/?q=DB2+connection+pooling+configuration+used+in+DB2 http://catb.org/~esr/faqs/smart-questions.html - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6EmnkACgkQ9CaO5/Lv0PBxewCghSe/L7oRq8bqhtmrOWkLjJHF eUMAn2dQxPpG+2EnqKRhRkrzxy/mnco+ =Y0Ic -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7.0.6 FIN_WAIT2 Connections and Connection Keep-Alive
Tomcat version 7.0.6 listening on local machine 10.3.4.7 and accepting incoming POST connections from 4 remote machines, 10.12.5.10[2-5]. Configured in standalone mode, using HTTP connector. Remote machines are sending constant stream of POST messages...~100 kbit/sec. All POST traffic is accepted and acknowledged, but, RESET packets cause remotes machines to re-establish new connections, causing errors on sender's side and slowing down rate of transfer. Traffic headers show local machine is sending Connection: close on post acknowledgement messages. Despite fact that remote machines' POST messages contain Connection: Keep-Alive header. == post traffic header ... == POST /myapp HTTP/1.0 HOST: 10.3.4.7:8080 Connection: Keep-Alive Authorization: Basic Y2VybmVyOnlpbiZ5YW5n Content-type: multipart/form-data; boundary=--1803119234 Content-Length: 59970 1803119234 Content-Disposition: form-data; name=xml ?xml version=1.0 encoding=ISO- --- == response header ... == 1803119234-- HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Date: Fri, 23 Sep 2011 18:27:25 GMT Connection: close == # netstat -anp | grep 8080 tcp0 0 :::8081 :::* LISTEN 23107/java tcp0 0 :::10.3.4.7:8080:::10.12.5.103:39809 FIN_WAIT2 - tcp0 0 :::10.3.4.7:8080:::10.12.5.104:33033 FIN_WAIT2 - tcp0 0 :::10.3.4.7:8080:::10.12.5.102:57077 FIN_WAIT2 - tcp0 0 :::10.3.4.7:8080:::10.12.5.105:39624 FIN_WAIT2 - I've tried various connector configurations and protocols; HTTP, NIO, connectionTimeout, etc. Here's what my connector config looks like currently: Connector port=8080 protocol=org.apache.coyote.http11.Http11Protocol connectionTimeout=3 connectionLinger=100 keepAliveTimeout=3000 maxKeepAliveRequests=2000 disableUploadTimeout=true maxThreads=500 minSpareThreads=150 maxSpareThreads=300 acceptCount=200 socket.soKeepAlive=yes enableLookups=false / === Why fin_wait2 state? I would expect to see ESTABLISHED connections and and Keep-Alive in response header. Why are RESET packets being sent back to remote machines? Thanks for any feedback you can provide. -wr - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.6 FIN_WAIT2 Connections and Connection Keep-Alive
On 29.09.2011 18:28, rapponcape wrote: Tomcat version 7.0.6 listening on local machine 10.3.4.7 and accepting incoming POST connections from 4 remote machines, 10.12.5.10[2-5]. Configured in standalone mode, using HTTP connector. 7.0.6 was not ment for production use. Start with the latest 7.0 release. Remote machines are sending constant stream of POST messages...~100 kbit/sec. All POST traffic is accepted and acknowledged, but, RESET packets cause remotes machines to re-establish new connections, causing errors on sender's side and slowing down rate of transfer. Traffic headers show local machine is sending Connection: close on post acknowledgement messages. Despite fact that remote machines' POST messages contain Connection: Keep-Alive header. == post traffic header ... == POST /myapp HTTP/1.0 Aha, the client is using HTTP 1.0 and not 1.1. This could be one reason for Tomcat closing the connection. See below. HOST: 10.3.4.7:8080 Connection: Keep-Alive Authorization: Basic Y2VybmVyOnlpbiZ5YW5n Content-type: multipart/form-data; boundary=--1803119234 Content-Length: 59970 1803119234 Content-Disposition: form-data; name=xml ?xml version=1.0 encoding=ISO- --- == response header ... == 1803119234-- HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Date: Fri, 23 Sep 2011 18:27:25 GMT Connection: close You see: no Content-Length header. It's likely dynamic content, so it is streamed, the length of the content is not known in advance. This means Tomcat has either to use chunked encoding, which needs a HTTP/1.1 client, or it must simply close the connection at the end of the transfer, which it does. == # netstat -anp | grep 8080 tcp0 0 :::8081 :::* LISTEN 23107/java tcp0 0 :::10.3.4.7:8080:::10.12.5.103:39809 FIN_WAIT2 - tcp0 0 :::10.3.4.7:8080:::10.12.5.104:33033 FIN_WAIT2 - tcp0 0 :::10.3.4.7:8080:::10.12.5.102:57077 FIN_WAIT2 - tcp0 0 :::10.3.4.7:8080:::10.12.5.105:39624 FIN_WAIT2 - I've tried various connector configurations and protocols; HTTP, NIO, connectionTimeout, etc. Here's what my connector config looks like currently: Connector port=8080 protocol=org.apache.coyote.http11.Http11Protocol connectionTimeout=3 connectionLinger=100 keepAliveTimeout=3000 maxKeepAliveRequests=2000 disableUploadTimeout=true maxThreads=500 minSpareThreads=150 maxSpareThreads=300 acceptCount=200 socket.soKeepAlive=yes enableLookups=false / === Why fin_wait2 state? I would expect to see ESTABLISHED connections and and Keep-Alive in response header. Why are RESET packets being sent back to remote machines? Because Tomcat said Connection: close, which means the client is not allowed to reuse the connection and Tomcat closes its side. Likely the client is nevertheless trying to reuse the connection, which will be answered by RST by the OS. Since your client doesn't send the FIN package, the state is FIN_WAIT2. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging properties of attributes in the HttpSession
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 9/29/2011 12:18 PM, Richard Sayre wrote: Thanks, I'm trying to log the user name. I am not using Tomcat for authentication and I need that info in my access logs. So, that means that %u isn't an option, then? :( Perhaps I will create a new attribute to hold that value rather than accessing the object I have in session and calling toString. You have a couple of options, here: 1. Write a Filter that wraps HttpServletRequest and overrides the getRemoteUser to return userObject.getUserId. Then, use %u in your access log pattern. 2. Write a Filter that checks the session for userObject and no userId, and sets userId as appropriate. 3. Modify your login process to set both userObject and, say, userId in the session. I would say those are in order of easiest-to-hardest. On that note if I know the username, is it possible to somehow inject it so that Tomcat logs it using the %u pattern. Yup, see above. Previously we used Tomcats built in authentication but we recently switched to Spring Security. If I could still use %u, then I could use the 'common' pattern and in turn use FastCommonAccessLogValve. If not I will use the HTTP Session. Hmm I'm surprised that Spring Security doesn't better integrate with the container in order to provide ServletRequest.getPrincipal and ServletRequest.getRemoteUser. I wonder if there is a Filter that already exists in Spring Security that would do what I suggested in #1. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6Er6AACgkQ9CaO5/Lv0PB+FACgqb6s6BSBcoiMf4Ka1+awxArC UHoAnR0LSUHNGRnuyHSpvW7vEYONDJuK =NFZ/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging properties of attributes in the HttpSession
Ahh yes I just discovered it when you replied: http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.html Thanks Rich On Thu, Sep 29, 2011 at 3:19 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 9/29/2011 12:18 PM, Richard Sayre wrote: Thanks, I'm trying to log the user name. I am not using Tomcat for authentication and I need that info in my access logs. So, that means that %u isn't an option, then? :( Perhaps I will create a new attribute to hold that value rather than accessing the object I have in session and calling toString. You have a couple of options, here: 1. Write a Filter that wraps HttpServletRequest and overrides the getRemoteUser to return userObject.getUserId. Then, use %u in your access log pattern. 2. Write a Filter that checks the session for userObject and no userId, and sets userId as appropriate. 3. Modify your login process to set both userObject and, say, userId in the session. I would say those are in order of easiest-to-hardest. On that note if I know the username, is it possible to somehow inject it so that Tomcat logs it using the %u pattern. Yup, see above. Previously we used Tomcats built in authentication but we recently switched to Spring Security. If I could still use %u, then I could use the 'common' pattern and in turn use FastCommonAccessLogValve. If not I will use the HTTP Session. Hmm I'm surprised that Spring Security doesn't better integrate with the container in order to provide ServletRequest.getPrincipal and ServletRequest.getRemoteUser. I wonder if there is a Filter that already exists in Spring Security that would do what I suggested in #1. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6Er6AACgkQ9CaO5/Lv0PB+FACgqb6s6BSBcoiMf4Ka1+awxArC UHoAnR0LSUHNGRnuyHSpvW7vEYONDJuK =NFZ/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
problem configuring tomcat7 in ubuntu 10.04
Hi, I am new to both tomcat 7 and ubuntu. How can i configure tomcat server in ubuntu 10.04 ? I am novice to ubuntu and tomcat so It would be nice if anyone could explain in detail. (I tried but could not configure.) Regards, Anisha Karki
Re: problem configuring tomcat7 in ubuntu 10.04
Please explain exactly what would you like to achieve. To install Tomcat you need to download it from tomcat.apache.org , untar archive and start it by running $tomcat_path/bin/catalina.sh start . Best Regards -- Piotr Pawlowski GOYELLO System Administrator Od: Anisha Karki [karki.ani...@gmail.com] Wysłano: 29 września 2011 21:02 Do: users@tomcat.apache.org Temat: problem configuring tomcat7 in ubuntu 10.04 Hi, I am new to both tomcat 7 and ubuntu. How can i configure tomcat server in ubuntu 10.04 ? I am novice to ubuntu and tomcat so It would be nice if anyone could explain in detail. (I tried but could not configure.) Regards, Anisha Karki - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problem configuring tomcat7 in ubuntu 10.04
Hi, I downloaded tomcat 7.0.0 unzipped it and kept in /user/local/tomcat7/. Now i dont know how to proceed further in ubuntu. In windows i started tomcat by running the executable files. But in ubuntu i am stuck. Is there any documentation or step by step explanation on how to configure and make tomcat work (in ubuntu) ? Regards, Anisha Karki 2011/9/29 Piotr Pawlowski piotr.pawlow...@goyello.com Please explain exactly what would you like to achieve. To install Tomcat you need to download it from tomcat.apache.org , untar archive and start it by running $tomcat_path/bin/catalina.sh start . Best Regards -- Piotr Pawlowski GOYELLO System Administrator Od: Anisha Karki [karki.ani...@gmail.com] Wysłano: 29 września 2011 21:02 Do: users@tomcat.apache.org Temat: problem configuring tomcat7 in ubuntu 10.04 Hi, I am new to both tomcat 7 and ubuntu. How can i configure tomcat server in ubuntu 10.04 ? I am novice to ubuntu and tomcat so It would be nice if anyone could explain in detail. (I tried but could not configure.) Regards, Anisha Karki - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Should Form Authentication Valve restore request body on a PUT?
In Tomcat 6, Form Authentication valve restores the original request after a
POST with successful authentication and redirect is followed by the client's
GET. In case of the POST, the valve also restores the original request's body.
However, it doesn't do that for a PUT. If I am not mistaken, it should restore
the body on PUT as well. Do I misunderstand something?
The patch would be in FormAuthenticator.restoreRequest(Request, Session) [1],
to change from
if (POST.equalsIgnoreCase(saved.getMethod())) {
to
if (POST.equalsIgnoreCase(saved.getMethod()) ||
PUT.equalsIgnoreCase(saved.getMethod())
) {
[1]
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?view=markup#l450
--
Nicholas Sushkin, Senior Software Engineer, Manager of IT Operations
Open Finance - Secure, Accurate, Industrial Strength Aggregation
http://www.openfinance.com
smime.p7s
Description: S/MIME cryptographic signature
RE: problem configuring tomcat7 in ubuntu 10.04
From: Anisha Karki [mailto:karki.ani...@gmail.com] Subject: Re: problem configuring tomcat7 in ubuntu 10.04 I downloaded tomcat 7.0.0 That would be a serious error; the current version is 7.0.21. 7.0.0 never got beyond beta. Is there any documentation or step by step explanation on how to configure and make tomcat work (in ubuntu) ? You don't need to build Tomcat - it's pure Java. Have you bothered to read any of the docs? http://tomcat.apache.org/tomcat-7.0-doc/index.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problem configuring tomcat7 in ubuntu 10.04
I read that but its not clear on how to manage directories in ubuntu i.e Where should tomcat be placed ? and what is the command to run the tomcat server ? On Thu, Sep 29, 2011 at 2:46 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Anisha Karki [mailto:karki.ani...@gmail.com] Subject: Re: problem configuring tomcat7 in ubuntu 10.04 I downloaded tomcat 7.0.0 That would be a serious error; the current version is 7.0.21. 7.0.0 never got beyond beta. Is there any documentation or step by step explanation on how to configure and make tomcat work (in ubuntu) ? You don't need to build Tomcat - it's pure Java. Have you bothered to read any of the docs? http://tomcat.apache.org/tomcat-7.0-doc/index.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problem configuring tomcat7 in ubuntu 10.04
On Thu, Sep 29, 2011 at 1:26 PM, Anisha Karki karki.ani...@gmail.com wrote: I read that but its not clear on how to manage directories in ubuntu i.e Where should tomcat be placed ? Anywhere you want -- it's your server. and what is the command to run the tomcat server ? Excerpted quote from the documentation: the full distribution (ZIP file or tarball) includes a file called RUNNING.txt which is about exactly that... FWIW, -- Hassan Schroeder hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.6 FIN_WAIT2 Connections and Connection Keep-Alive
Thanks for your reply. Followup 7.0.6 was not ment for production use. Start with the latest 7.0 release. Will attempt to test with latest stable 7.0.21 Aha, the client is using HTTP 1.0 and not 1.1. This could be one reason for Tomcat closing the connection. See below. When I reconfigure and put Apache in front of Tomcat and use a jkmount with AJP connector, response is normal and without error. Appears to only happen when tomcat is standalone. You see: no Content-Length header. I I do see Content-Length in the POST header On Thu, Sep 29, 2011 at 1:49 PM, Rainer Jung rainer.j...@kippdata.de wrote: On 29.09.2011 18:28, rapponcape wrote: Tomcat version 7.0.6 listening on local machine 10.3.4.7 and accepting incoming POST connections from 4 remote machines, 10.12.5.10[2-5]. Configured in standalone mode, using HTTP connector. 7.0.6 was not ment for production use. Start with the latest 7.0 release. Remote machines are sending constant stream of POST messages...~100 kbit/sec. All POST traffic is accepted and acknowledged, but, RESET packets cause remotes machines to re-establish new connections, causing errors on sender's side and slowing down rate of transfer. Traffic headers show local machine is sending Connection: close on post acknowledgement messages. Despite fact that remote machines' POST messages contain Connection: Keep-Alive header. == post traffic header ... == POST /myapp HTTP/1.0 Aha, the client is using HTTP 1.0 and not 1.1. This could be one reason for Tomcat closing the connection. See below. HOST: 10.3.4.7:8080 Connection: Keep-Alive Authorization: Basic Y2VybmVyOnlpbiZ5YW5n Content-type: multipart/form-data; boundary=--1803119234 Content-Length: 59970 1803119234 Content-Disposition: form-data; name=xml ?xml version=1.0 encoding=ISO- --- == response header ... == 1803119234-- HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Date: Fri, 23 Sep 2011 18:27:25 GMT Connection: close You see: no Content-Length header. It's likely dynamic content, so it is streamed, the length of the content is not known in advance. This means Tomcat has either to use chunked encoding, which needs a HTTP/1.1 client, or it must simply close the connection at the end of the transfer, which it does. == # netstat -anp | grep 8080 tcp 0 0 :::8081 :::* LISTEN 23107/java tcp 0 0 :::10.3.4.7:8080 :::10.12.5.103:39809 FIN_WAIT2 - tcp 0 0 :::10.3.4.7:8080 :::10.12.5.104:33033 FIN_WAIT2 - tcp 0 0 :::10.3.4.7:8080 :::10.12.5.102:57077 FIN_WAIT2 - tcp 0 0 :::10.3.4.7:8080 :::10.12.5.105:39624 FIN_WAIT2 - I've tried various connector configurations and protocols; HTTP, NIO, connectionTimeout, etc. Here's what my connector config looks like currently: Connector port=8080 protocol=org.apache.coyote.http11.Http11Protocol connectionTimeout=3 connectionLinger=100 keepAliveTimeout=3000 maxKeepAliveRequests=2000 disableUploadTimeout=true maxThreads=500 minSpareThreads=150 maxSpareThreads=300 acceptCount=200 socket.soKeepAlive=yes enableLookups=false / === Why fin_wait2 state? I would expect to see ESTABLISHED connections and and Keep-Alive in response header. Why are RESET packets being sent back to remote machines? Because Tomcat said Connection: close, which means the client is not allowed to reuse the connection and Tomcat closes its side. Likely the client is nevertheless trying to reuse the connection, which will be answered by RST by the OS. Since your client doesn't send the FIN package, the state is FIN_WAIT2. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Should Form Authentication Valve restore request body on a PUT?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nicholas,
On 9/29/2011 3:37 PM, Nicholas Sushkin wrote:
In Tomcat 6, Form Authentication valve restores the original
request after a POST with successful authentication and redirect is
followed by the client's GET. In case of the POST, the valve also
restores the original request's body. However, it doesn't do that
for a PUT.
That's not entirely surprising.
If I am not mistaken, it should restore the body on PUT as well. Do
I misunderstand something?
The servlet spec (v3.0, SRV 13.6.3.1) has this to say:
If the form based login is invoked because of an HTTP request, the
original request parameters must be preserved by the container for use
if, on successful authentication, it redirects the call to the
requested resource.
It doesn't say what kinds of HTTP verbs should or should not be
supported, but GET and PUT seem entirely obvious. It doesn't say that
the request body needs to be maintained, only the request
parameters. Since the servlet specification doesn't have any
provisions for fetching request parameters from PUT operations, I
suppose the spec therefore doesn't directly recommend that PUT bodies
be stored for later use like when POST is used.
The patch would be in FormAuthenticator.restoreRequest(Request,
Session) [1], to change from
if (POST.equalsIgnoreCase(saved.getMethod())) {
to
if (POST.equalsIgnoreCase(saved.getMethod()) ||
PUT.equalsIgnoreCase(saved.getMethod())) {
On the face of it, that seems reasonable. I haven't read-through the
code that then replays the saved-request so I'm not sure if there's
more to be done.
I do have one question: why are you using Form-based authentication
with PUT requests? It seems like HTTP Digest or something like that
would make more sense when clients can expect to send data without
being challenged a-priori for credentials.
Another workaround would just be to use POST.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6E3VsACgkQ9CaO5/Lv0PD67gCdGvoSAw3CJKRokEg0GNvDz7Tn
62oAnjovksaQNSkPiPDXg9jl9RSROVup
=JpnY
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.6 FIN_WAIT2 Connections and Connection Keep-Alive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 wr, On 9/29/2011 4:49 PM, rapponcape wrote: Aha, the client is using HTTP 1.0 and not 1.1. This could be one reason for Tomcat closing the connection. See below. When I reconfigure and put Apache in front of Tomcat and use a jkmount with AJP connector, response is normal and without error. Appears to only happen when tomcat is standalone. That's probably because Apache httpd is proxying the HTTP/1.0 request and converting it into an HTTP/1.1 request and managing the chunked response itself. Or, possibly, httpd is buffering the entire response before sending the headers to the client and can provide a content-length header. Have you looked at the conversation between httpd and Tomcat? You see: no Content-Length header. I I do see Content-Length in the POST header Rainer was talking about the response, not the request. Seems pretty clear that HTTP/1.0 + no content-length = problem. You have a few options: 1. Use Apache httpd in the middle. That may not always work even though it worked in your tests. 2. Buffer the response on the server in order to determine the content-length, and send that in your response. 3. Have your clients use HTTP 1.1. Honestly, I'm unclear as to why there are so many clients out there that only use HTTP 1.0. I guess there are some features that aren't dumb-client-friendly (chunking, for instance) and it's easier to implement. Boo. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6E3qgACgkQ9CaO5/Lv0PByWACaAoJqRQjc2by/e70lrXK51fb+ Y4UAn0rDFDND3DBvozYrXlrzQ3M05YRN =MWT/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Harold, On 9/22/2011 11:51 AM, BARRON, HAROLD H CTR DISA EE wrote: Classification: UNCLASSIFIED Thank god none of this is classified. I might have to write a plan of action to temporarily mitigate this issue until the update is posted. I just want to be able to present it in a way that my users that my users will not have a problem understanding when I do. Here's your plan: We're gonna set a pre-shared secret on both our web servers and our application servers and bounce everything. Then the chances of this attack being carried-out are reduced to the key space of the secret. So, make-up a big long string of random characters and set: workers.properties: worker.myWorker.secret=[super secret string] server.xml: Connector request.secret=[super secret string] ... mod_jk has a 8192-character limit on each configuration line of workers.properties. The form of the directive is: worker.[workerName].secret=[here goes the secret] That means that you have (8192 - 15 - strlen(workerName)) characters for your shared secret. That's a big space to search. This is not a terribly arduous technique to mitigate this attack. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6E4yEACgkQ9CaO5/Lv0PDKkQCgjJoCQkxYOuodTu1/CAHYdGtD 3vkAoJ3k/mgmruwYSvVKPBBHzduEwmgI =Su3s -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Harold, On 9/22/2011 11:51 AM, BARRON, HAROLD H CTR DISA EE wrote: Classification: UNCLASSIFIED Thank god none of this is classified. I might have to write a plan of action to temporarily mitigate this issue until the update is posted. I just want to be able to present it in a way that my users that my users will not have a problem understanding when I do. Here's your plan: We're gonna set a pre-shared secret on both our web servers and our application servers and bounce everything. Addendum : And then we're gonna make sure that the configuration files of Tomcat are given appropriate permissions so that only Tomcat and authorized users can browse said secret. End of addendum. Then the chances of this attack being carried-out are reduced to the key space of the secret. So, make-up a big long string of random characters and set: workers.properties: worker.myWorker.secret=[super secret string] server.xml: Connector request.secret=[super secret string] ... mod_jk has a 8192-character limit on each configuration line of workers.properties. The form of the directive is: worker.[workerName].secret=[here goes the secret] That means that you have (8192 - 15 - strlen(workerName)) characters for your shared secret. That's a big space to search. This is not a terribly arduous technique to mitigate this attack. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6E4yEACgkQ9CaO5/Lv0PDKkQCgjJoCQkxYOuodTu1/CAHYdGtD 3vkAoJ3k/mgmruwYSvVKPBBHzduEwmgI =Su3s -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with ImageIO
I saw this problem while loading a TGA reader. I was able to first resolve
the problem by disabling JreMemoryLeakPreventionListener, but a better
solution seems to be to put a static initializer in my webapp code that
forces the container to re-scan for reader implementations once the webapp
classloader is up. For example:
static {
ImageIO.scanForPlugins();
}
, and was able to resolve it by calling
Thad Humphries-2 wrote:
I believe I'm seeing the same problem that Simone (msg #210515) is having
(this after running Tomcat for YEARS without a hitch).
I use JAI and JAI-IMAGE I/O in various servlets. I'm running Java 1.5.17
without the JAI or JAI-IMAGE I/O installed. I've put jai_codec.jar,
jai_core.jar, and jai_imageio.jar in my application's WEB-INF/lib
directory.
My application runs without a hitch on Tomcat 6.0.14 on a Linux server
(and
has run fine for over a year). I have also run it on a Macintosh with
Tomcat 6.0.20.
Today I installed Tomcat 6.0.26 on Linux and tried running my webapp.
Under
this version of Tomcat, IteratorImageReader returned by
ImageIO.getImageReadersByFormatName(tiff) returns false for hasNext().
What gives?
Are you seeing this, Simone?
--
Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be --Christopher
Marlowe, 'Doctor Faustus' (v, 121-24)
--
View this message in context:
http://old.nabble.com/Problems-with-ImageIO-tp28169228p32553281.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Defining JDBC resource and AutoDeploy
OS: Linux / CentOS / 2.6.18-028stab092.1 Tomcat: 5.5.23 I have simple XML-RPC -WebApp, that uses MySQL database. Currently I have defined the JDBC resource in server.xml inside the Host -tags as follows: Context docBase=mywebapp path=/mywebapp reloadable=true source=org.eclipse.jst.j2ee.server:mywebapp Resource name=jdbc/MyDB auth=Container type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver factory=org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory url=jdbc:mysql://server.com:3306/db_name username=db_username password=db_password maxActive=20 maxIdle=10 maxWait=5 validationQuery=SELECT 1 testOnBorrow=TRUE testWhileIdle=TRUE timeBetweenEvictionRunsMillis=1 minEvictableIdleTimeMillis=6 / /Context In the WebApp the connection is formed like this: DataSource ds =(DataSource)ctx.lookup(java:comp/env/jdbc/MyDB); Connection conn=ds.getConnection(); This works fine, but when resource is defined in server.xml, WebApp AutoDeploy won't work and even the manager application can't undeploy it. If I take the Context -element out of the server.xml (and put it elsewhere) AutoDeploy works, but database connections throw: javax.naming.NameNotFoundException: Name jdbc is not bound in this Context I've tried to put the context element in several different files, including: -webapps/mywebapp/WEB-INF/context.xml -context.xml in SERVERROOT/conf/ -server.xml, only the Resource -tag in GlobalNamingResources -element None of these work, and I end up with the same exception. There must be a way to get both the MySQL connection and AutoDeployment at the same time. Can somebody point me to right direction? -Arttu - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Defining JDBC resource and AutoDeploy
Try: * conf/Catalina/localhost/mywebapp.xml OR * webapps/mywebapp/META-INF/context.xml OR * If you put it in GlobalNamingResources then you have to add a Resource-Link to Context. See the Configuration documentation. http://tomcat.apache.org/tomcat-5.5-doc/config/context.html has all the details. On Fri, 2011-09-30 at 06:17 +0300, Arttu Tanner wrote: OS: Linux / CentOS / 2.6.18-028stab092.1 Tomcat: 5.5.23 I have simple XML-RPC -WebApp, that uses MySQL database. Currently I have defined the JDBC resource in server.xml inside the Host -tags as follows: Context docBase=mywebapp path=/mywebapp reloadable=true source=org.eclipse.jst.j2ee.server:mywebapp Resource name=jdbc/MyDB auth=Container type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver factory=org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory url=jdbc:mysql://server.com:3306/db_name username=db_username password=db_password maxActive=20 maxIdle=10 maxWait=5 validationQuery=SELECT 1 testOnBorrow=TRUE testWhileIdle=TRUE timeBetweenEvictionRunsMillis=1 minEvictableIdleTimeMillis=6 / /Context In the WebApp the connection is formed like this: DataSource ds =(DataSource)ctx.lookup(java:comp/env/jdbc/MyDB); Connection conn=ds.getConnection(); This works fine, but when resource is defined in server.xml, WebApp AutoDeploy won't work and even the manager application can't undeploy it. If I take the Context -element out of the server.xml (and put it elsewhere) AutoDeploy works, but database connections throw: javax.naming.NameNotFoundException: Name jdbc is not bound in this Context I've tried to put the context element in several different files, including: -webapps/mywebapp/WEB-INF/context.xml -context.xml in SERVERROOT/conf/ -server.xml, only the Resource -tag in GlobalNamingResources -element None of these work, and I end up with the same exception. There must be a way to get both the MySQL connection and AutoDeployment at the same time. Can somebody point me to right direction? -Arttu - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
