Re: tomcat7-maven-plugin doesn't understand Maven filtering of context files?
2012/8/29 Knute Snortum ksnor...@catalystitservices.com: -Original Message- From: Olivier Lamy [mailto:ol...@apache.org] Sent: Tuesday, August 28, 2012 2:17 PM To: Tomcat Users List Subject: Re: tomcat7-maven-plugin doesn't understand Maven filtering of context files? Hi, Inline 2012/8/28 Knute Snortum ksnor...@catalystitservices.com: If this is the wrong mailing list for tomcat7-maven-plugin, could someone direct me to the right place? I'm developing a Vaadin web app in Eclipse Juno on Windows 7 and I'm using the tomcat7-maven-plugin 2.0-beta-1 to help in development by running the app in Tomcat inside of the IDE -- or I'm trying. The error I'm getting is: org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean definition with name 'dataSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Could not resolve placeholder 'db.driverClassName' in string value [${db.driverClassName}] applicationContext.xml is my Spring context file. I have placeholders in it to point to the correct database based on Maven profiles and filtering. So a piece of applicationContext.xml looks like this: bean id=dataSource class=org.apache.commons.dbcp.BasicDataSource destroy-method=close property name=driverClassName value=${db.driverClassName} / property name=url value=${db.url} / property name=username value=${db.username} / property name=password value=${db.password} / property name=maxActive value=10 / property name=maxIdle value=1 / /bean As you can see, Tomcat (or Spring?) is finding the dataSource bean that does not have the placeholders replaced yet. The odd thing is that in the war file and the directory under target that the war file is created from, all the place holders have been correctly substituted. I can see them in an editor. The context file with the placeholders is the one still sitting in my development folder. So my question is, why isn't the Tomcat plugin seeing the context file in the war file or folder? And if it looks in the development folder for the file, can Maven filtering work with the plugin?. as you are using gwt maven plugin, I'm not sure that works. Something you can do is using sys properties in tomcat7/6-maven-plugin (spring placeholder resolves against sys props too). Add you sys props as it: http://tomcat.apache.org/maven-plugin-2.0-SNAPSHOT/tomcat6-maven- plugin/examples/add-system-properties.html Well, I'm using Maven filtering, and the reason for that is my client requires that I use Maven profiling to set the development and the production environments. So I'd have to a Maven Tomcat plugin in each profile -- which maybe I'll do. I need the GWT plugin because this is a Vaadin project and Vaadin uses GWT. Below is part of the messages created by Maven et al in my IDE console. I've left out the clean and testing messages and most of the stacktrace, which I think is from Spring anyway: [INFO] [INFO] --- gwt-maven-plugin:2.4.0:compile (default) @ dpt --- [INFO] auto discovered modules [com.catalystitservices.nike.dpt.widgetset.DptWidgetset] [INFO] com.catalystitservices.nike.dpt.widgetset.DptWidgetset is up to date. GWT compilation skipped [INFO] [INFO] --- maven-war-plugin:2.2:war (default-war) @ dpt --- [INFO] Packaging webapp [INFO] Assembling webapp [dpt] in [C:\Projects\DPT\target\dpt] [INFO] Processing war project [INFO] Copying webapp webResources [C:\Projects\DPT\src/main/webapp/] to [C:\Projects\DPT\target\dpt] [INFO] Copying webapp resources [C:\Projects\DPT\src\main\webapp] [INFO] Webapp assembled in [1442 msecs] [INFO] Building war: C:\Projects\DPT\target\dpt.war [INFO] [INFO] --- tomcat7-maven-plugin:2.0-beta-1:exec-war-only (tomcat-run) @ dpt --- [INFO] [INFO] --- maven-install-plugin:2.3.1:install (default-install) @ dpt --- [INFO] Installing C:\Projects\DPT\target\dpt.war to C:\Users\ksnortum\.m2\repository\com\nike\dpt\dpt\1.1-SNAPSHOT\dpt-1.1 -SNAPSHOT.war [INFO] Installing C:\Projects\DPT\pom.xml to C:\Users\ksnortum\.m2\repository\com\nike\dpt\dpt\1.1-SNAPSHOT\dpt-1.1 -SNAPSHOT.pom [INFO] Installing C:\Projects\DPT\target\dpt-1.1-SNAPSHOT-war-exec.jar to C:\Users\ksnortum\.m2\repository\com\nike\dpt\dpt\1.1-SNAPSHOT\dpt-1.1 -SNAPSHOT-exec-war.jar [INFO] [INFO] tomcat-maven-plugin:1.1:run (default-cli) @ dpt you are using an old version here ? Don't you have duplicate entries in your pom ? There's no duplicate. The one I have looks like this: plugin groupIdorg.apache.tomcat.maven/groupId artifactIdtomcat7-maven-plugin/artifactId version${tomcat7MavenPlugin}/version ... And my properties look like:
Access Tomcat cluster info thru MBean
I am running my Tomcat is running in clustered mode with four instances configured to same machine. In the application, I need to retrieve information regarding all the running instances of this cluster (nodes) through MBean. Information like instance IP, instance name are my primary requirement. Have tried to retrieve Cluster Mbean by querying [b]*:type=Cluster,* [/b], It returns basic cluster information but it does not contain any information of the instances. If someone can suggest me a way to achieve this will be nice. Regards Awdhesh
Re: Access Tomcat cluster info thru MBean
Awdhesh Kumar awdh...@adobe.com wrote: I am running my Tomcat is running in clustered mode with four instances configured to same machine. In the application, I need to retrieve information regarding all the running instances of this cluster (nodes) through MBean. Information like instance IP, instance name are my primary requirement. Have tried to retrieve Cluster Mbean by querying [b]*:type=Cluster,* [/b], It returns basic cluster information but it does not contain any information of the instances. If someone can suggest me a way to achieve this will be nice. Regards Awdhesh Tomcat version? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Access Tomcat cluster info thru MBean
I am working with Tomcat 7.0.X. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, August 29, 2012 12:57 PM To: Tomcat Users List Subject: Re: Access Tomcat cluster info thru MBean Awdhesh Kumar awdh...@adobe.com wrote: I am running my Tomcat is running in clustered mode with four instances configured to same machine. In the application, I need to retrieve information regarding all the running instances of this cluster (nodes) through MBean. Information like instance IP, instance name are my primary requirement. Have tried to retrieve Cluster Mbean by querying [b]*:type=Cluster,* [/b], It returns basic cluster information but it does not contain any information of the instances. If someone can suggest me a way to achieve this will be nice. Regards Awdhesh Tomcat version? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Running tomcat on windows - getting a threaddump - Unable to open the Event Mutex
Hi everybody, so far, to get a threaddump from tomcat I used to run : # jstack -l tomcat-pid threaddump.txt now, I would like to use the tomcat systray but when I click threaddump the following message appears: The specified file cannot be found Unable to open the Event Mutex What's wrong ? Regards Jean-Louis
Re: Pass an object from one Webapp to another on two differents servers
I posted mistakenly in the Tomcat forum instead of here Tomcat-User (I just moved my thread). Can you help me? Best regards. -- View this message in context: http://tomcat.10.n6.nabble.com/Pass-an-object-from-one-Webapp-to-another-on-two-differents-servers-tp4985870p4985967.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Pass an object from one Webapp to another on two differents servers
Without being a Tomcat expert I don't think that is possible like that. On the other hand it looks just like what happens when you buy something online 1. You go to a webshop and put something in your cart, 2. you are redirected to a payment site (ie. quickpay.com), 3. after payment you are redirected back to the webshop and confirmation is showed. What really happens (as far as I remember) is, that when you redirect from server1 you give as parameter what is called a return URL, this is the address of the page shown in step 3 above (confirmation). Part of this URL is some variable that enables you to tell who the user is (ie. sessionID). When server2 is finished it will send a redirect to the client, redirecting it to the return URL server1 gave it. Part of the redirect URL send by server2 is another variable (callback/status) that enables server1 to make a request directly to server2 to fetch whatever it needs (ie. xml markup or a simple string). This last step is used by webshops to check against the payment site that the user actually did put in correct creditcard details and not just cancelled, before returning to the confirmation page. I think what you are looking for is exactly that. F1 submits to Server_2 (perhaps including session ID or something else uniquely identifying the user). When Servlet_2 completes it redirects to JSP_1 giving some URL as a parameter (ie. redirect-url-to-Server_1.com?callback=some-url-with-unique-identifier). Then JSP_1 can open a connection and retrieve the user-specific message/object (if the object can somehow be transfered, normally this requires either Serializable interface, some kind of xml markup to recreate the object or something else like that) . Hope it helps you out! Med venlig hilsen/Kind regards Casper W. Schmidt Den 29-08-2012 13:30, Léa Massiot skrev: I posted mistakenly in the Tomcat forum instead of here Tomcat-User (I just moved my thread). Can you help me? Best regards. -- View this message in context: http://tomcat.10.n6.nabble.com/Pass-an-object-from-one-Webapp-to-another-on-two-differents-servers-tp4985870p4985967.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Access Tomcat cluster info thru MBean
On 29/08/2012 08:29, Awdhesh Kumar wrote: I am working with Tomcat 7.0.X. Just to be clear, do you mean Tomcat 7.0.x built from tc7.0.x/trunk in svn or do you mean some unknown Tomcat 7 version? Mark -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, August 29, 2012 12:57 PM To: Tomcat Users List Subject: Re: Access Tomcat cluster info thru MBean Awdhesh Kumar awdh...@adobe.com wrote: I am running my Tomcat is running in clustered mode with four instances configured to same machine. In the application, I need to retrieve information regarding all the running instances of this cluster (nodes) through MBean. Information like instance IP, instance name are my primary requirement. Have tried to retrieve Cluster Mbean by querying [b]*:type=Cluster,* [/b], It returns basic cluster information but it does not contain any information of the instances. If someone can suggest me a way to achieve this will be nice. Regards Awdhesh Tomcat version? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Initial memory pool field is left empty
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martijn, On 8/29/12 3:54 AM, Martijn Niesen wrote: Ruud is not in the office at the moment so I will answer your question(s). If possible, please post back to the Tomcat users' list. We get the following error: [com.businessobjects.wp.om.OMReportElementContainer (Erorr: INF)] On the server we see that the tomcat service is running and we don’t see any errors in the windows event viewer. This looks like an error reported in a client, not a server (though it may be an error from the server being reported on the client). If there's nothing in the log files on the server, there might not be anything we can do to help. I recommend contacting the original application developer or even SAP/BO to find out how to get more information. Isn't that why people pay huge license fees to companies like SAP -- to get support? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlA+EsEACgkQ9CaO5/Lv0PDFsgCgtNu5K2Z2R5dxDGz2Z905mmEu 3DQAoIb2ptMQzb6pLGMDPIiqir0bpYrk =AH/M -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat on windows - getting a threaddump - Unable to open the Event Mutex
2012/8/29 jean-louis.ma...@bull.net: I would like to use the tomcat systray but when I click threaddump the following message appears: The specified file cannot be found Unable to open the Event Mutex What's wrong ? https://issues.apache.org/jira/browse/DAEMON-252 Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ClassCastException org.apache.jasper.runtime.ELContextImpl cannot be cast to org.apache.jasper.el.ELContextImpl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Konstantin, On 8/28/12 5:28 PM, Konstantin Kolinko wrote: 2012/8/29 Dale Ogilvie dale_ogil...@trimble.com: -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Not quite. My point was the loading of the EL implementation is likely to be triggered by user code. If the webapp class loader is the TCCL loader than classes from the web app will be loaded before those from the container. If the web app contains container classes then it is possible that they get loaded from the webapp rather than from Tomcat. (Enabling the security manager enables additional class loading checks that would stop this). Those classes from the webapp then have references held to them. They will work right up unto the point Tomcat tries to access the class outside of the webapp they were loaded from. Mark I'm still not quite sure what you are saying matches exactly what I'm seeing Mark. Have you ever tried to run with SecurityManager being enabled? So, it appears to me that the class *loading* is occurring from app1 in step 4. I'm only pushing this because it kind looks buggy to me. Class loading does not always use TCCL. Sometimes it uses otherclass.getClassLoader(). See e.g. javadoc of java.lang.Class#forName(String). So it is quite valid for it to load a class from app1 even if current TCCL belongs to app2. ...and it's worth pointing out that Tomcat cannot protect against this kind of ClassLoading, since Tomcat can't wrap every ClassLoader that ever gets created in the JVM. The container can control lots of things, but this isn't one of them. The same is true for example with Threads: Tomcat can't prevent a webapp from spewing threads even though the container is ostensibly in control. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlA+E94ACgkQ9CaO5/Lv0PDsbgCfRrQb0C7StOuGg/PTqYlMro2t uWwAoLRlLkSJY1ODrpmxte2GJiAbGnN0 =Dkxq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Windows Path Not Found for urandom
I verified this behavior on one of my production systems. Details: Tomcat: 6.0.33 Native lib: 1.1.20 Sun JDK:C:\Program Files\Java\jdk1.6.0_33\jre\bin\server\jvm.dll Pretty sure this is an issue with the OpenSSL library included in the distribution. The question is, is it something to be worried about? Is it addressed in a new release? I know there is a newer version of the native libs, but the online links to the changelog are broken. Jeff -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, August 28, 2012 10:21 AM To: Tomcat Users List [users@tomcat.apache.org] Subject: Windows Path Not Found for urandom apologize for the lack of details in advance, but I don't have the specifics yet. I have a customer that is using Tomcat (6.0.33?) on Windows and are monitoring the process with SysInternals Process Monitor. About every 5 seconds, they are seeing Tomcat.exe generate a Path Not Found error on a QueryOpen operation for the path D:\dev\urandom with a duration of around 0.2. Since the path contains urandom, I assume it has something to do with the SSL routines. If they followed our standard install instructions, they should be using Tomcat 6.0.33 with the native/APR libraries that come with the installer. I'm thinking it's nothing to worry about. ___ ___ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Windows Path Not Found for urandom
Forgot to mention below, OS is Windows Web Server 2008 R2. If that makes any difference. -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Wednesday, August 29, 2012 9:26 AM To: 'Tomcat Users List' Subject: RE: Windows Path Not Found for urandom I verified this behavior on one of my production systems. Details: Tomcat: 6.0.33 Native lib: 1.1.20 Sun JDK: C:\Program Files\Java\jdk1.6.0_33\jre\bin\server\jvm.dll Pretty sure this is an issue with the OpenSSL library included in the distribution. The question is, is it something to be worried about? Is it addressed in a new release? I know there is a newer version of the native libs, but the online links to the changelog are broken. Jeff -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, August 28, 2012 10:21 AM To: Tomcat Users List [users@tomcat.apache.org] Subject: Windows Path Not Found for urandom apologize for the lack of details in advance, but I don't have the specifics yet. I have a customer that is using Tomcat (6.0.33?) on Windows and are monitoring the process with SysInternals Process Monitor. About every 5 seconds, they are seeing Tomcat.exe generate a Path Not Found error on a QueryOpen operation for the path D:\dev\urandom with a duration of around 0.2. Since the path contains urandom, I assume it has something to do with the SSL routines. If they followed our standard install instructions, they should be using Tomcat 6.0.33 with the native/APR libraries that come with the installer. I'm thinking it's nothing to worry about. __ _ ___ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. ___ ___ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Broken link in docs
Review the problem below and discovered that it's just a broken link on the index.html page in the Headlines section. That link points as below. It should be: http://tomcat.apache.org/native-doc/miscellaneous/changelog.html which is what the link is on the left-nav menu. I don't have bugzilla access, so could someone with access please make the entry/change? -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Wednesday, July 11, 2012 6:29 PM To: 'Tomcat Users List' Subject: Broken link in docs http://tomcat.apache.org/native-doc/changelog.html Comes up missing. Clinked on from main Native Doc page. Jeff ___ ___ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat and Squid
Hi everyone, I'm checking caching possibilities. Setup: Users send requests via http-post with embedded http-get requests to a Tomcat web server. I don't want to touch this for the moment. Tomcat sends the embedded http-get requests to remote servers, receives the requested data, processes the data and returns the result. I want to cache the data of the remote servers with Squid Proxy. I think it's necessary to redirect the http-get requests from Tomcat to Squid. I would say Squid should be behind Tomcat and not in front of it like a reverse proxy ... but I'm not a specialist. Could this work? If so, is it a good idea to redirect the Tomcat http-get requests to Squid? How? I gratefully appreciate any advice. Cheers, Farkas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Nondeterministic behaviour of security constraints in Tomcat 7
Hello everyone, I'm experiencing a weird behaviour with certain combinations of security constraints having the following pattern: (i) one security constraint applies to (at least) two overlapping URL patterns ending in /*, where one is more specific than the other (e.g., /a/* and /a/b/*) (ii) a second security constraint applies only to the less specific URL pattern (e.g. /a/*), and (iii) the two security constraints apply to different (possibly overlapping) sets of methods. One such example is as follows: servlet-mapping servlet-nametest/servlet-name url-pattern/*/url-pattern /servlet-mapping login-config auth-methodBASIC/auth-method realm-nametest/realm-name /login-config security-constraint web-resource-collection web-resource-name/ url-pattern/a/*/url-pattern url-pattern/a/b/*/url-pattern http-methodPOST/http-method /web-resource-collection /security-constraint security-constraint web-resource-collection web-resource-name/ url-pattern/a/*/url-pattern http-methodGET/http-method /web-resource-collection auth-constraint/ /security-constraint The problem occurs for HTTP requests matching to the most specific URL pattern (in the above example, /a/b, /a/b/c, etc.), but on methods other than the ones mentioned in the first security constraint (in the above example, GET). For instance, each time I deploy a web application with the above-mentioned deployment descriptor in Tomcat, or each time I redeploy it or restart the server in case it is already deployed, I get randomly either of the two following behaviours: 1) GET /a/b requests are allowed, i.e. no authentication is required 2) GET /a/b requests are denied, i.e. the response requires authentication (HTTP 401) Notice that the behaviour remains then constant until I restart the server or re-deploy the application. Also, adding arbitrary roles in either of the two auth-constraints, does not seem to change the result. According to the Java Servlet Specification, 1) is the correct behaviour. In fact, such requests shall be allowed to any (possibly unauthenticated) users, because the constraint with the most specific pattern (the first one) matches to the request, but it does not mention the method of the request (GET). I tested several different combinations of security constraints, but this issue seems to occur only with those of this kind. Tests were done on Tomcat 7.0.29 running on both a Debian and a Windows machine. Have anyone experienced a similar problem or is aware of possible explanations? Best regards, Matteo Casalino Research Associate Security Trust SAP Research, SAP Labs France SAS - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Windows Path Not Found for urandom
-Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, August 28, 2012 10:21 AM To: Tomcat Users List [users@tomcat.apache.org] Subject: Windows Path Not Found for urandom apologize for the lack of details in advance, but I don't have the specifics yet. I have a customer that is using Tomcat (6.0.33?) on Windows and are monitoring the process with SysInternals Process Monitor. About every 5 seconds, they are seeing Tomcat.exe generate a Path Not Found error on a QueryOpen operation for the path D:\dev\urandom with a duration of around 0.2. Since the path contains urandom, I assume it has something to do with the SSL routines. If they followed our standard install instructions, they should be using Tomcat 6.0.33 with the native/APR libraries that come with the installer. I'm thinking it's nothing to worry about. ___ ___ OK, more information on this. They are using the same environment as mine, except, they are not using SSL. They have no SSL connector defined, nothing listening on port 443 or 8443 or with SSLEnabled set or anything. Here are the connector entries from their server.xml: Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Connector address=0.0.0.0 port=80 maxHttpHeaderSize=8192 maxThreads=50 enableLookups=false redirectPort=443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / I'm thinking it has to do with the SSLEngine being set to on in the APRLifecycleListener. Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / The question is why? Will setting it to off cause any problems? Anyone know why on is the default when there is no SSL connector configured by default? Jeff __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and Squid
2012/8/29 Farkas H farkas@gmail.com: Hi everyone, I'm checking caching possibilities. Setup: Users send requests via http-post with embedded http-get requests to a Tomcat web server. I don't want to touch this for the moment. Tomcat sends the embedded http-get requests to remote servers, Tomcat by itself does not send any outcoming requests. If a webapplication sends those, you have to ask its author. receives the requested data, processes the data and returns the result. I want to cache the data of the remote servers with Squid Proxy. I think it's necessary to redirect the http-get requests from Tomcat to Squid. I would say Squid should be behind Tomcat and not in front of it like a reverse proxy ... but I'm not a specialist. Could this work? If so, is it a good idea to redirect the Tomcat http-get requests to Squid? How? I gratefully appreciate any advice. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Path Not Found for urandom
2012/8/29 Jeffrey Janner jeffrey.jan...@polydyne.com: The question is, is it something to be worried about? -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, August 28, 2012 10:21 AM To: Tomcat Users List [users@tomcat.apache.org] Subject: Windows Path Not Found for urandom apologize for the lack of details in advance, but I don't have the specifics yet. I have a customer that is using Tomcat (6.0.33?) on Windows and are monitoring the process with SysInternals Process Monitor. About every 5 seconds, they are seeing Tomcat.exe generate a Path Not Found error on a QueryOpen operation for the path D:\dev\urandom with a duration of around 0.2. Since the path contains urandom, I assume it has something to do with the SSL routines. If they followed our standard install instructions, they should be using Tomcat 6.0.33 with the native/APR libraries that come with the installer. 1. Can you stop top-posting? http://en.wikipedia.org/wiki/Posting_style#Choosing_the_proper_posting_style 2. Confidentiality Notices are self-contradictory on a publicly archived mailing list. The question is, is it something to be worried about? 1. I'd be worried if there were something at that path. Would randomness of something be compromised if there were a readable file there? If there is nothing there and nothing can be created there, I think it is not much of an issue, though an interesting one to investigate. 2. If the file is opened by Java classes, you might try to run with a SecurityManager to find what tries to open it. 3. You might try to create a file there (empty? small? unreadable?). Maybe something would start to fail (with EOFException or similar), or will hang waiting for data (and a threaddump will show what it is). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Virtual Host Alias ignored?
Tomcat 6 (standalone), several virtual hosts I have a A record for mydomain.com and a CNAME record for www.mydomain.com. When I enter domain.com in my browser, everything works fine but www.domain.com results in Server not found. 1. Is my configuration correct when no https is required? 2. Is it possible there's a DNS issue? Connector address=192.168.100.98 port=80 protocol=HTTP/1.1 connectionTimeout=2 useIPVHosts=true / ... Host name=mydomain.com appBase=/home/websites/mydomain.com/webapps unpackWARs=true autoDeploy=true Alias192.168.100.98/Alias Aliaswww.mydomain.com/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=/home/websites/mydomain.com/logs prefix=mydomain.com_access suffix=.log pattern=common resolveHosts=false / /Host This only seems to be a problem when there is no https configured for the host (Connector reconnectPort attribute is not specified.) For example, this works fine: Connector address=192.168.100.99 port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 useIPVHosts=true / Connector address=192.168.100.99 port=443 useIPVHosts=true protocol=org.apache.coyote.http11.Http11Protocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA keystoreType=PKCS12 keystoreFile=/certs/www.anotherDomain.com.pkcs12 keystorePass=password / Host name=anotherDomain.com appBase=/home/websites/anotherDomain.com/webapps unpackWARs=true autoDeploy=true Aliaswww.anotherDomain.com/Alias AliasanotherDomain.com/Alias Alias192.168.100.99/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=/home/websites/anotherDomain.com/logs prefix=anotherDomain.com_access. suffix=.log pattern=common resolveHosts=false / /Host
RE: tomcat7-maven-plugin doesn't understand Maven filtering of context files?
[part of message deleted] [INFO] [INFO] tomcat-maven-plugin:1.1:run (default-cli) @ dpt you are using an old version here ? Don't you have duplicate entries in your pom ? There's no duplicate. The one I have looks like this: plugin groupIdorg.apache.tomcat.maven/groupId artifactIdtomcat7-maven-plugin/artifactId version${tomcat7MavenPlugin}/version ... And my properties look like: tomcat7MavenPlugin2.0-beta-1/tomcat7MavenPlugin Ok but the logs doesn't says that :-) True. I'm not sure why. I'll fool with it some. What cli are you using ? If I understand you, it's this: mvn clean install tomcat:run -P development I'm making that up because it's actually run from an Eclipse form. When I run that from the command line in the project folder, I get the same results so I think it's right... I just noticed that the CLI should be: mvn clean install tomcat7:run -P development ...with tomcat7 not tomcat. This gives me the Tomcat 2.0-beta-1 version that we were excepting. I also notice the debug flag (-e?) and that gives me a ton of info. Should I repost the output, or some of it? Add as an attachment? BTW do you have any sample project to reproduce your issue ? It would be complex to do this, but I'm going to try. I'm not sure how I would post that. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat7-maven-plugin doesn't understand Maven filtering of context files?
2012/8/29 Knute Snortum ksnor...@catalystitservices.com: [part of message deleted] [INFO] [INFO] tomcat-maven-plugin:1.1:run (default-cli) @ dpt you are using an old version here ? Don't you have duplicate entries in your pom ? There's no duplicate. The one I have looks like this: plugin groupIdorg.apache.tomcat.maven/groupId artifactIdtomcat7-maven-plugin/artifactId version${tomcat7MavenPlugin}/version ... And my properties look like: tomcat7MavenPlugin2.0-beta-1/tomcat7MavenPlugin Ok but the logs doesn't says that :-) True. I'm not sure why. I'll fool with it some. What cli are you using ? If I understand you, it's this: mvn clean install tomcat:run -P development I'm making that up because it's actually run from an Eclipse form. When I run that from the command line in the project folder, I get the same results so I think it's right... I just noticed that the CLI should be: mvn clean install tomcat7:run -P development ...with tomcat7 not tomcat. This gives me the Tomcat 2.0-beta-1 version that we were excepting. I also notice the debug flag (-e?) and that gives me a ton of info. Should I repost the output, or some of it? Add as an attachment? Regarding the flag have a look at what mvn -h says :-) (-X is for full debug trace) Maybe in a jira issue yes but not sure that will help BTW do you have any sample project to reproduce your issue ? It would be complex to do this, but I'm going to try. I'm not sure how I would post that. Just share a project via bitbucket or github. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual Host Alias ignored?
2012/8/29 Jeff Wild jw...@dlblair.com: Tomcat 6 (standalone), several virtual hosts I have a A record for mydomain.com and a CNAME record for www.mydomain.com. When I enter domain.com in my browser, everything works fine but www.domain.com results in Server not found. 1. Is my configuration correct when no https is required? 2. Is it possible there's a DNS issue? Connector address=192.168.100.98 port=80 protocol=HTTP/1.1 connectionTimeout=2 useIPVHosts=true / Alias is just a textual string that is matched against data sent by incoming HTTP request. No DNS lookup happens at Tomcat side. Your useIPVHosts=true effectively disables host name matching. (Target IP address of incoming request will be used instead of the value of the Host header). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Windows Path Not Found for urandom
-Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, August 29, 2012 10:56 AM To: Tomcat Users List Subject: Re: Windows Path Not Found for urandom 2012/8/29 Jeffrey Janner jeffrey.jan...@polydyne.com: The question is, is it something to be worried about? -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, August 28, 2012 10:21 AM To: Tomcat Users List [users@tomcat.apache.org] Subject: Windows Path Not Found for urandom apologize for the lack of details in advance, but I don't have the specifics yet. I have a customer that is using Tomcat (6.0.33?) on Windows and are monitoring the process with SysInternals Process Monitor. About every 5 seconds, they are seeing Tomcat.exe generate a Path Not Found error on a QueryOpen operation for the path D:\dev\urandom with a duration of around 0.2. Since the path contains urandom, I assume it has something to do with the SSL routines. If they followed our standard install instructions, they should be using Tomcat 6.0.33 with the native/APR libraries that come with the installer. 1. Can you stop top-posting? http://en.wikipedia.org/wiki/Posting_style#Choosing_the_proper_posting_ style [Jeff Janner] sorry, using that POS that Microsoft calls a email tool, and I sometimes forget. 2. Confidentiality Notices are self-contradictory on a publicly archived mailing list. [Jeff Janner] Hopefully, I've fixed the outbound filter that applies that automatically. The question is, is it something to be worried about? 1. I'd be worried if there were something at that path. Would randomness of something be compromised if there were a readable file there? If there is nothing there and nothing can be created there, I think it is not much of an issue, though an interesting one to investigate. 2. If the file is opened by Java classes, you might try to run with a SecurityManager to find what tries to open it. 3. You might try to create a file there (empty? small? unreadable?). Maybe something would start to fail (with EOFException or similar), or will hang waiting for data (and a threaddump will show what it is). Best regards, Konstantin Kolinko [Jeff Janner] Well, in trying to answer (1. 3.) above, I actually created the file (empty). Below is what I get in the catalina.log no matter whether I have an SSL connector or not, and whether the SSLEngine parameter of the APRLifecycleListener is on or off. Notice that it tries to read it 3 times. I don't see the errors if the file is missing. It doesn’t seem to affect processing at all, except that I don't get anymore errors about it anywhere, even the process monitor tool, after startup. It was interesting that on startup with the file, process monitor reported 3 read attempts, but without the file, it shows 6 PATH NOT FOUND errors. And that's before any access of the app. I'm not knowledgeable enough to know if it's affecting the SSL encryption, but I'm beginning to think it isn't. I didn't notice is issues, hangs or slowness, but it might actually affect things if the file had enough data to meet the minimum byte requirements for SSL's entropy requirements. The interesting thing was, I'm not seeing the issue here with the same frequency that the customer is. In testing, with the file missing, besides the initial 6 PNFs, I could only get them to generate when I tried to login. On connection, we throw up a regular jsp with a form for login credentials (not a Tomcat controlled auth form - don't ask me why or get me started, the decision was made way back at Tomcat 4.x). If I pass login, it generates 1 PNF, if I fail, it generates 2. So I'm thinking it's definitely something in our code, and my customer must have something trying to login every 5 seconds. Still, there are two good academic questions about why Tomcat tries to read it 3 times on startup, and what happens to SSL if the file exists (though I'm not sure the SSL code is trying to read it under Windows, since I didn't see any evidence during testing). 012-08-29 11:52:29 Commons Daemon procrun stderr initialized Aug 29, 2012 11:52:29 AM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. Aug 29, 2012 11:52:29 AM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Aug 29, 2012 11:52:29 AM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Aug 29, 2012 11:52:29 AM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 Aug 29, 2012 11:52:29 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 415 ms Aug 29, 2012 11:52:29 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina
testing auto sig
sorry, had garbage at end of post. Wondering if it's auto sig or something else. Please ignore Jeff
Re: Nondeterministic behaviour of security constraints in Tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matteo, On 8/29/12 11:24 AM, CASALINO, Matteo Maria wrote: Hello everyone, I'm experiencing a weird behaviour with certain combinations of security constraints having the following pattern: (i) one security constraint applies to (at least) two overlapping URL patterns ending in /*, where one is more specific than the other (e.g., /a/* and /a/b/*) (ii) a second security constraint applies only to the less specific URL pattern (e.g. /a/*), and (iii) the two security constraints apply to different (possibly overlapping) sets of methods. One such example is as follows: servlet-mapping servlet-nametest/servlet-name url-pattern/*/url-pattern /servlet-mapping login-config auth-methodBASIC/auth-method realm-nametest/realm-name /login-config security-constraint web-resource-collection web-resource-name/ url-pattern/a/*/url-pattern url-pattern/a/b/*/url-pattern http-methodPOST/http-method /web-resource-collection /security-constraint security-constraint web-resource-collection web-resource-name/ url-pattern/a/*/url-pattern http-methodGET/http-method /web-resource-collection auth-constraint/ /security-constraint The problem occurs for HTTP requests matching to the most specific URL pattern (in the above example, /a/b, /a/b/c, etc.), but on methods other than the ones mentioned in the first security constraint (in the above example, GET). For instance, each time I deploy a web application with the above-mentioned deployment descriptor in Tomcat, or each time I redeploy it or restart the server in case it is already deployed, I get randomly either of the two following behaviours: 1) GET /a/b requests are allowed, i.e. no authentication is required 2) GET /a/b requests are denied, i.e. the response requires authentication (HTTP 401) Notice that the behaviour remains then constant until I restart the server or re-deploy the application. Also, adding arbitrary roles in either of the two auth-constraints, does not seem to change the result. According to the Java Servlet Specification, 1) is the correct behaviour. In fact, such requests shall be allowed to any (possibly unauthenticated) users, because the constraint with the most specific pattern (the first one) matches to the request, but it does not mention the method of the request (GET). I tested several different combinations of security constraints, but this issue seems to occur only with those of this kind. Tests were done on Tomcat 7.0.29 running on both a Debian and a Windows machine. Have anyone experienced a similar problem or is aware of possible explanations? Would it be possible for you to set up a simple test case and package it as a WAR? Also, write-up a set of URLs and your expectations about whether they should work or not and attach all that to a Bugzilla report: https://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%207 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA+Wh0ACgkQ9CaO5/Lv0PAMKACgsDluZYIQAkebPrCFlJbCpfDE musAoIM15SWO2FdkWeeWBZQC1FQlA63J =VJM6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Path Not Found for urandom
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 8/29/12 1:57 PM, Jeffrey Janner wrote: Aug 29, 2012 11:52:29 AM org.apache.catalina.session.ManagerBase setRandomFile WARNING: Error reading /dev/urandom java.io.EOFException at java.io.DataInputStream.readFully(DataInputStream.java:180) at java.io.DataInputStream.readLong(DataInputStream.java:399) at org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java:548) at org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java:993) at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767) at org.apache.catalina.session.StandardManager.start(StandardManager.java:630) ManagerBase uses whatever it has been configured to use for the random file and defaults to /dev/urandom. The code in question should not execute unless /dev/urandom actually exists -- see line 546 here: http://svn.apache.org/viewvc/tomcat/tc6.0.x/tags/TOMCAT_6_0_33/java/org/apache/catalina/session/ManagerBase.java?view=markup So, does /dev/urandom exist? Or, rather, does a file-exists check for that path return true? Try this: System.out.println(new File(/dev/urandom).exists()); ...and see what happens. There is a setRandomFile(String s) method on ManagerBase, but it is not documented anywhere in the Tomcat 6 documentation (nor can it be found in the Tomcat 7 documentation). You could try to set the randomFile attribute on your Manager element to point to some other file-based source of randomness, but I doubt it will work. On Microsoft Windows, I think you want to have that set to a path that does not exist so that java.security.SecureRandom (by default) gets used for randomness. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA+YwsACgkQ9CaO5/Lv0PAfiQCgs8t5/Q72qkuQrE1G6tCFDeGF /qAAn3hHEtTHsQuWTK5mvEKbXOSw5AWF =Ke5I -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Path Not Found for urandom
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 8/29/12 11:39 AM, Jeffrey Janner wrote: OK, more information on this. They are using the same environment as mine, except, they are not using SSL. They have no SSL connector defined, nothing listening on port 443 or 8443 or with SSLEnabled set or anything. Here are the connector entries from their server.xml: Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Connector address=0.0.0.0 port=80 maxHttpHeaderSize=8192 maxThreads=50 enableLookups=false redirectPort=443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / I'm thinking it has to do with the SSLEngine being set to on in the APRLifecycleListener. It doesn't. Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / The question is why? Will setting it to off cause any problems? If they are not attempting to use APR-based SSL, then there will be no problems. If they are trying to use those (doesn't look like it from the above configuration) then it will ruin their day. Anyone know why on is the default when there is no SSL connector configured by default? That just means that the APR library will allow SSL to be configured. The APR lifecycle listener starts long before the connectors, so it can't interrogate the connectors to determine whether or not it is needed. Your real problem is with the session manager, not anything having to do with SSL. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA+Y8QACgkQ9CaO5/Lv0PCwAACfUFJvmz9iwWikSOVdBAO7SvQ0 glsAnjj338P+PFB5HZGoJNCYYTWwkFzV =Mwfs -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and Squid
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Farkas, On 8/29/12 11:08 AM, Farkas H wrote: I'm checking caching possibilities. Setup: Users send requests via http-post with embedded http-get requests to a Tomcat web server. I don't want to touch this for the moment. Sounds insane. Tomcat sends the embedded http-get requests to remote servers, receives the requested data, processes the data and returns the result. That's called being a proxy, and Tomcat isn't the best tool for that job. I want to cache the data of the remote servers with Squid Proxy. Er, okay. I think it's necessary to redirect the http-get requests from Tomcat to Squid. First, you can't (properly) redirect a POST, so redirecting the client from Tomcat to Squid doesn't make any sense. I think what you mean is that instead of Tomcat (really your proxying-webapp) contacting the back-end server directly, you want to contact Squid instead. That's easy: use the hostname/IP address/whatever where Squid lives instead of contacting the backend server directly. I would say Squid should be behind Tomcat and not in front of it like a reverse proxy ... but I'm not a specialist. Obviously not. Could this work? So you have: Client - Tomcat - remote servers and you want: Client - Tomcat - Squid - remote servers If remote servers is well-defined (like you are always contacting the same set of servers), then you'll be fine. If you need to proxy the entire Internet (which I suspect is the case), then you are boned unless you want to double-proxy, which is just silly in this case. Can't squid perform the response mutation that you desire? Why do you even need Tomcat in the mix? If so, is it a good idea to redirect the Tomcat http-get requests to Squid? How? I gratefully appreciate any advice. Perhaps you mean forward and not redirect, but then your Tomcat instance is not actually doing anything, right? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA+ZQ0ACgkQ9CaO5/Lv0PBJOQCeLRLSHEWiPth23zhaKHpgmtzx /WcAnAhaP0pm2VtKA0TNvJ7iPmwviRuM =Ixoa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Windows Path Not Found for urandom
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, August 29, 2012 1:44 PM To: Tomcat Users List Subject: Re: Windows Path Not Found for urandom -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 8/29/12 1:57 PM, Jeffrey Janner wrote: Aug 29, 2012 11:52:29 AM org.apache.catalina.session.ManagerBase setRandomFile WARNING: Error reading /dev/urandom java.io.EOFException at java.io.DataInputStream.readFully(DataInputStream.java:180) at java.io.DataInputStream.readLong(DataInputStream.java:399) at org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java :548) at org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java :993) at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767) at org.apache.catalina.session.StandardManager.start(StandardManager.java :630) ManagerBase uses whatever it has been configured to use for the random file and defaults to /dev/urandom. The code in question should not execute unless /dev/urandom actually exists -- see line 546 here: http://svn.apache.org/viewvc/tomcat/tc6.0.x/tags/TOMCAT_6_0_33/java/org /apache/catalina/session/ManagerBase.java?view=markup So, does /dev/urandom exist? Or, rather, does a file-exists check for that path return true? Try this: System.out.println(new File(/dev/urandom).exists()); ...and see what happens. There is a setRandomFile(String s) method on ManagerBase, but it is not documented anywhere in the Tomcat 6 documentation (nor can it be found in the Tomcat 7 documentation). You could try to set the randomFile attribute on your Manager element to point to some other file-based source of randomness, but I doubt it will work. On Microsoft Windows, I think you want to have that set to a path that does not exist so that java.security.SecureRandom (by default) gets used for randomness. - -chris Chris - This was on a test of what would happen if the C:\dev\urandom did exist on a Windows system, for some strange reason. It didn't seem to do anything operationally by being there and empty. But it did find the source of the initial 6 PNFs being reported by the Process Monitor tool. Why 6? Beats me, I haven't studied the code. My big question now is what's in my company's code that generates the PNF during login verification/error reporting. Leaning toward something to do with generating a new sessionid, but I've not had the chance to look (or get a programmer to check it). Jeff
RE: Virtual Host Alias ignored?
-Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, August 29, 2012 11:49 AM To: Tomcat Users List Subject: Re: Virtual Host Alias ignored? 2012/8/29 Jeff Wild jw...@dlblair.com: Tomcat 6 (standalone), several virtual hosts I have a A record for mydomain.com and a CNAME record for www.mydomain.com. When I enter domain.com in my browser, everything works fine but www.domain.com results in Server not found. 1. Is my configuration correct when no https is required? 2. Is it possible there's a DNS issue? Connector address=192.168.100.98 port=80 protocol=HTTP/1.1 connectionTimeout=2 useIPVHosts=true / Alias is just a textual string that is matched against data sent by incoming HTTP request. No DNS lookup happens at Tomcat side. Your useIPVHosts=true effectively disables host name matching. (Target IP address of incoming request will be used instead of the value of the Host header). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Granted, so if my DNS is set up correctly (www.mydomain.com CNAME points to mydomain.com) then requests to www.mydomain.com should appear to tomcat as coming from the same IP as mydomain.com. So why isn't this working? Something wrong with my configuration? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Nondeterministic behaviour of security constraints in Tomcat 7
From: CASALINO, Matteo Maria [mailto:matteo.maria.casal...@sap.com] Subject: Nondeterministic behaviour of security constraints in Tomcat 7 The problem occurs for HTTP requests matching to the most specific URL pattern (in the above example, /a/b, /a/b/c, etc.), Please state where in the servlet spec that /a/b should be matched by /a/b/*. (If the request for /a/b were to be redirected to /a/b/, that would be matched.) You might want to add /a/b as an explicit url-pattern to avoid having requests to that target being handled by the /a/* rule. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Windows Path Not Found for urandom
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, August 29, 2012 1:44 PM To: Tomcat Users List Subject: Re: Windows Path Not Found for urandom -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 8/29/12 1:57 PM, Jeffrey Janner wrote: Aug 29, 2012 11:52:29 AM org.apache.catalina.session.ManagerBase setRandomFile WARNING: Error reading /dev/urandom java.io.EOFException at java.io.DataInputStream.readFully(DataInputStream.java:180) at java.io.DataInputStream.readLong(DataInputStream.java:399) at org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java :548) at org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java :993) at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767) at org.apache.catalina.session.StandardManager.start(StandardManager.java :630) ManagerBase uses whatever it has been configured to use for the random file and defaults to /dev/urandom. The code in question should not execute unless /dev/urandom actually exists -- see line 546 here: http://svn.apache.org/viewvc/tomcat/tc6.0.x/tags/TOMCAT_6_0_33/java/org /apache/catalina/session/ManagerBase.java?view=markup So, does /dev/urandom exist? Or, rather, does a file-exists check for that path return true? Try this: System.out.println(new File(/dev/urandom).exists()); ...and see what happens. There is a setRandomFile(String s) method on ManagerBase, but it is not documented anywhere in the Tomcat 6 documentation (nor can it be found in the Tomcat 7 documentation). You could try to set the randomFile attribute on your Manager element to point to some other file-based source of randomness, but I doubt it will work. On Microsoft Windows, I think you want to have that set to a path that does not exist so that java.security.SecureRandom (by default) gets used for randomness. - -chris Chris - Looking at that code, it looks like the only way to set the file is to change it there and recompile. The manager element doesn't have anything to do with the session manager. What we really need is a way for Tomcat to understand that it's on windows and automatically use that java.security routine you mentioned. Even a way of setting the filepath as null in the server.xml or context.xml would probably be helpful. Not that it's really that big a deal. Apparantly, from my testing, it only happens twice/context at startup. My real problem is somewhere else. On login, we call request.getSession, which I'm pretty sure is generating a new sessionid (verified by turning off cookies), and thus generating the first PNF. On bad login credentials, we invalidate() the session, which I'm guessing is doing the second PNF. Overall, I'm thinking nothing to worry about, right? Jeff
Re: Windows Path Not Found for urandom
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff, On 8/29/12 4:04 PM, Jeffrey Janner wrote: This was on a test of what would happen if the C:\dev\urandom did exist on a Windows system, for some strange reason. It didn't seem to do anything operationally by being there and empty. Right: if the file doesn't work out, Tomcat falls-back to java.security.SecureRandom (or whatever you have configured for randomClass in your Manager). But it did find the source of the initial 6 PNFs being reported by the Process Monitor tool. Did you mean FileNotFoundExceptions? I'm not sure what a PNF is. Why 6? Beats me, I haven't studied the code. How many webapps do you have deployed? You'll get a separate Manager instance for each deployed webapp (and therefore an error for each one). My big question now is what's in my company's code that generates the PNF during login verification/error reporting. Leaning toward something to do with generating a new sessionid, but I've not had the chance to look (or get a programmer to check it). If your random source runs out of data -- which is what happens when the file is there but has zero bytes, you'll get a single error per deployed webapp and then the manager(s) will switch-over to java.secure.SecureRandom. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA+gnAACgkQ9CaO5/Lv0PBylACfUljXDzs2WgsEZ/Vj229+431P DCoAn3ACEa+UfHXtxKdcDgta6jMp4qe/ =KlqJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Path Not Found for urandom
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff, On 8/29/12 4:54 PM, Jeffrey Janner wrote: Looking at that code, it looks like the only way to set the file is to change it there and recompile. Not at all: you should be able to configure the Manager by setting attributes on the Manager element in your context.xml. If you don't already have one, add one and then set the randomFile attribute to whatever you want. The manager element doesn't have anything to do with the session manager. Er, it has everything to do with it. Manager configures the session manager. If you don't believe me, read the documentation and/or the code. What we really need is a way for Tomcat to understand that it's on windows and automatically use that java.security routine you mentioned. It will. You created a zero-length file in C:\dev\urandom and it's causing a one-time error message. Don't do that! Even a way of setting the filepath as null in the server.xml or context.xml would probably be helpful. You could do that, or you could set it to a path that points to nothing. Under normal circumstances, you wouldn't find a C:\dev\urandom file in a Microsoft Windows environment, so the default automatically falls-back to java.security.SecureRandom. Why don't you just remove that file? Not that it's really that big a deal. Apparently, from my testing, it only happens twice/context at startup. It should happen once, but I suppose anything is possible -- especially if you have an ... odd deployment configuration. My real problem is somewhere else. On login, we call request.getSession, which I'm pretty sure is generating a new sessionid (verified by turning off cookies), and thus generating the first PNF. On bad login credentials, we invalidate() the session, which I'm guessing is doing the second PNF. Invalidating the session shouldn't require any entropy to be read, so I wouldn't expect any failure. Overall, I'm thinking nothing to worry about, right? If I were you, I'd delete the file and move on with my life: the error message will go away and otherwise the system will operate exactly as before. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA+g+kACgkQ9CaO5/Lv0PDhuACfaQ4v0010KLSlJAdCowaV3Hzh e/AAn1TC3demwBOsqs8NEIDgMJLjk+P+ =G/Aa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual Host Alias ignored?
2012/8/30 Jeff Wild jw...@dlblair.com: -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, August 29, 2012 11:49 AM To: Tomcat Users List Subject: Re: Virtual Host Alias ignored? 2012/8/29 Jeff Wild jw...@dlblair.com: Tomcat 6 (standalone), several virtual hosts I have a A record for mydomain.com and a CNAME record for www.mydomain.com. When I enter domain.com in my browser, everything works fine but www.domain.com results in Server not found. 1. Is my configuration correct when no https is required? 2. Is it possible there's a DNS issue? Connector address=192.168.100.98 port=80 protocol=HTTP/1.1 connectionTimeout=2 useIPVHosts=true / Alias is just a textual string that is matched against data sent by incoming HTTP request. No DNS lookup happens at Tomcat side. Your useIPVHosts=true effectively disables host name matching. (Target IP address of incoming request will be used instead of the value of the Host header). Granted, so if my DNS is set up correctly (www.mydomain.com CNAME points to mydomain.com) then requests to www.mydomain.com should appear to tomcat as coming from the same IP as mydomain.com. So why isn't this working? 1. I suppose you mean to the same IP instead of from the same IP. 2. Tomcat does not care what your DNS server knows. It does not care what names match to what addresses. It operates on data received in an HTTP request. Do you know how HTTP protocol operates? 3. useIPVHosts=true vs useIPVHosts=false are two substantially different modes of operation Something wrong with my configuration? Well, it works. But it does not do what you wanted. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat7-maven-plugin doesn't understand Maven filtering of context files?
-Original Message- From: Olivier Lamy [mailto:ol...@apache.org] Sent: Wednesday, August 29, 2012 9:32 AM To: Tomcat Users List Subject: Re: tomcat7-maven-plugin doesn't understand Maven filtering of context files? [section deleted] What cli are you using ? If I understand you, it's this: mvn clean install tomcat:run -P development I'm making that up because it's actually run from an Eclipse form. When I run that from the command line in the project folder, I get the same results so I think it's right... I just noticed that the CLI should be: mvn clean install tomcat7:run -P development ...with tomcat7 not tomcat. This gives me the Tomcat 2.0-beta-1 version that we were excepting. I also notice the debug flag (-e?) and that gives me a ton of info. Should I repost the output, or some of it? Add as an attachment? Regarding the flag have a look at what mvn -h says :-) (-X is for full debug trace) Maybe in a jira issue yes but not sure that will help BTW do you have any sample project to reproduce your issue ? It would be complex to do this, but I'm going to try. I'm not sure how I would post that. Just share a project via bitbucket or github. I created a test project in Github: https://github.com/ksnortum/Tomcat7MavenPluginTester It demonstrates what I believe is a bug in tomcat7-maven-plugin. The Tomcat server that is created does not use the configuration files (e.g.: web.xml) in the war file or the war directory that is created. It uses the project files, that is, the ones in src/main/webapp/WEB-INF. If you use Maven web resource filtering, the war file is changed but the project file isn't. This is correct. But if tomcat7-maven-plugin doesn't use the war configuration files, then how can you properly test the war file? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Broken link in docs
2012/7/12 Jeffrey Janner jeffrey.jan...@polydyne.com: http://tomcat.apache.org/native-doc/changelog.html Comes up missing. Clinked on from main Native Doc page. Corrected. Thank you. The live site will catch up in ~an hour. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Facing Memory leak - 64 bit Tomcat 6.0.35 with windows 2008 R2(64 bit JVM 1.6.0_33)
Hi, We are using 64 bit Tomcat 6.0.35 with windows 2008 R2 (64 bit JVM 1.6.0_33) and facing memory leak issues(OutOfMemoryError ) after a short interval of time( ~30 minutes). We deploy a web application on this version of tomcat and while working with the GUI part of the application we face memory leak, but same application works fine on this windows server for 32 bit JVM. Please help us if this is an issue with 64 bit Tomcat version or with 64bit JVM or with its combination. kindly let us know a solution or any work around or for this. Thanks and Regards, Shailendra Singh