CONFIGURING HOW MUCH MEMORY TOMCAT USES

2012-10-08 Thread CHRISTOS STAVRINOU
Hello,

I want to configure the following

Initial memory pool

Maximum memory pool

Thread stack size

on tomcat 7 under Centos Linux but I don't know how.

The reason I want to increase the values of these parameters is because I get 
out of memory error when upload files with jsp code.

Please help

Thank you


Re: CONFIGURING HOW MUCH MEMORY TOMCAT USES

2012-10-08 Thread Pid
On 08/10/2012 08:04, CHRISTOS STAVRINOU wrote:
 Hello,
 
 I want to configure the following
 
 Initial memory pool
 
 Maximum memory pool
 
 Thread stack size
 
 on tomcat 7 under Centos Linux but I don't know how.
 
 The reason I want to increase the values of these parameters is because I get 
 out of memory error when upload files with jsp code.
 
 Please help
 
 Thank you

HELLO.  PLEASE READ:

 http://www.catb.org/esr/faqs/smart-questions.html


p

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature


How to check whether a SSL certificate has been correctly installed

2012-10-08 Thread Tom Anthony
Hi,

I just installed a third party certificate on Tomcat and was wondering
whether there was a way to check with confidence that the ceritiftcae has
been installed correctly on the server and that all communications between
client and server are encrypted.

Thanks for your help.



--
View this message in context: 
http://tomcat.10.n6.nabble.com/How-to-check-whether-a-SSL-certificate-has-been-correctly-installed-tp4987669.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ConnectionPoolMBean should not expose plain-text DB password

2012-10-08 Thread Mark H. Wood
On Fri, Oct 05, 2012 at 05:11:57PM -0400, Christopher Schultz wrote:
 On 10/5/12 1:51 PM, Te Li wrote:
  I am not familiar with JIoEndpoint discussed in 
  https://issues.apache.org/bugzilla/show_bug.cgi?id=53139.
  
  The issue I'm facing is something different. Apparently, some
  effort was made to hide the DB password, but the DB password is
  still exposed via another getter (getDbProperties()). This seems to
  be a bug to me.
  
  DB passwords are highly sensitive information. JMX admins shouldn't
  see those either. It's not a reasonable assumption that it's okay
  for JMX admins to see exposed DB passwords (which should never be
  exposed in plaintext or encrypted form). Those who work in a
  company would probably concur with this point.
 
 I think most of us work at companies, and I happen to disagree with you.
 
 Tomcat passwords -- at least those in server.xml -- are in plain-text
 form. All requests to obfuscate them have been denied because it is
 simply not possible to properly secure them: the key always must be
 available to the administrator in order to read the obfuscated
 password and therefore any steps to secure the password are a charade.
 
 There is a wealth of knowledge available via JMX, and it should only
 be exposed to administrators. Any JMX-enabled administrator will be
 able to deploy an arbitrary webapp to go and fetch the data you are
 trying to hide. You are wasting your time.

Well, I agree with both of you. :-)

The O.P. seems to want something like a military-style access control
system, in which it is possible to set up a structure where *no one*
has ultimate access; different roles have privileged access to
different aspects of the operation.  This is not an unreasonable
desire.  There are situations where it is advantageous (to the
organization) to operate in such a way that there are things a single
high-value captive cannot compromise.  Compare this to everyday
financial controls which require multiple signatures on a check or
several individuals with different keys to open a safe.  The highest
authorities can order things done, but cannot do them.  When wearing
my sysadmin hat, I work hard to make sure that I do not have to know
some of the secrets required to run our operation.

OTOH I agree that Tomcat is not set up to give you a heterarchial
access structure.  Very few products are.  I'm sure I never heard of
most of them and suppose that few of you all have either.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.


pgpJKCQyXtpu7.pgp
Description: PGP signature


Re: JDBCRealm conection timeout failure on getPassword

2012-10-08 Thread Aladin Dajani
Hello Mark,
Thanks for pointing out my missing localDataResource property.  It is
prominent enough in the wiki, I just failed to pay close attention.
With this property, the everything in META-INF/context.xml configuration
worked.
Other configurations still do not work except the one I described (Resource
in conf/server.xml AND conf/context.xml, Realm in the engine element of
conf/server.xml).

This covers the deployment scenarios that I may encounter.

If someone out there is interested in pursuing the reasons why other
scenarios did not work for me, I will be happy to provide more details and
info.  Otherwise, thanks to the input of all who responded to this thread,
I am happy with the configurations that do work for me.

BTW I checked the resource-ref element and from what I gather, it provides
a level of isolation between the resource name coded in the application and
the one actually defined in configuration files, so you can change the
latter without having to recompile your app.

Finally, for those interested, here are the contents of relevant config
files in my setup with comments removed and sensitive material replaced (I
am deploying my app as ROOT.war on Tomcat 7):

My application's web.xml
?xml version=1.0 encoding=UTF-8?
web-app xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns=
http://java.sun.com/xml/ns/javaee; xmlns:web=
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; xsi:schemaLocation=
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; id=WebApp_ID
version=3.0
  display-nameMyApp/display-name
  welcome-file-list
welcome-filedefault.jsp/welcome-file
  /welcome-file-list
  security-constraint
web-resource-collection
  web-resource-namemember-access/web-resource-name
  url-pattern /priv/* /url-pattern
  http-methodGET/http-method
  http-methodPOST/http-method
/web-resource-collection
auth-constraint
  role-name site-admin /role-name
  role-name admin /role-name
  role-name user /role-name
/auth-constraint
user-data-constraint
  transport-guaranteeNONE/transport-guarantee
/user-data-constraint
  /security-constraint
  filter
filter-nameAccessFilter/filter-name
filter-classcom.mydns.filter.MyFilter/filter-class
  /filter
  filter-mapping
filter-nameAccessFilter/filter-name
url-pattern/*/url-pattern
  /filter-mapping
  login-config
auth-methodFORM/auth-method
form-login-config
  form-login-page/login.jsp/form-login-page
  form-error-page/login.jsp/form-error-page
  !--  form-error-page/fail_login.jsp/form-error-page --
/form-login-config
  /login-config
  security-role
description System Administrator /description
role-name site-admin /role-name
  /security-role
  security-role
description Manager /description
role-name admin /role-name
  /security-role
  security-role
description User /description
role-name user /role-name
  /security-role
 /web-app
---
My app's META-INF/context.xml (if used):
?xml version=1.0 encoding=UTF-8?
Context
  Resource
name=jdbc/MyAppDB
type=javax.sql.DataSource
auth=Container
driverClassName=com.mysql.jdbc.Driver
maxActive=100
maxWait=1
maxIdle=30
password=password
logAbandoned=true
username=username
removeAbandoned=true
removeAbandonedTimeout=60
url=jdbc:mysql://localhost:3306/databasename
  /
  Realm className=org.apache.catalina.realm.DataSourceRealm
 dataSourceName=jdbc/MyAppDB
 userTable=users
 userNameCol=username
 userCredCol=password
 userRoleTable=roles
 roleNameCol=rolename
 digest=digestname
 localDataSource=true
 /
/Context

--
$CATALINA_HOME/conf/context.xml
?xml version=1.0 encoding=UTF-8?
Context
WatchedResourceWEB-INF/web.xml/WatchedResource
!--  MY RESOURCE ELEMENT GOES HERE --
/Context
-

$CATALINA_HOME/conf/server.xml

?xml version=1.0 encoding=UTF-8?
Server port=8005 shutdown=SHUTDOWN
  Listener SSLEngine=on
className=org.apache.catalina.core.AprLifecycleListener/
  Listener className=org.apache.catalina.core.JasperListener/
  Listener
className=org.apache.catalina.core.JreMemoryLeakPreventionListener/
  Listener
className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/
  Listener
className=org.apache.catalina.core.ThreadLocalLeakPreventionListener/
  GlobalNamingResources
Resource
auth=Container
description=User database that can be updated and saved
factory=org.apache.catalina.users.MemoryUserDatabaseFactory
name=UserDatabase
pathname=conf/tomcat-users.xml
type=org.apache.catalina.UserDatabase/

!-- MY RESOURCE ELEMENT GOES HERE --

  /GlobalNamingResources

  Service name=Catalina

Connector connectionTimeout=2 port=80 protocol=HTTP/1.1
redirectPort=8443/
Connector port=8009 protocol=AJP/1.3 redirectPort=8443/
Engine 

gc log filename variables in windows

2012-10-08 Thread MrVJTod
In linux/solaris, I can specify
 -Xloggc:/my/logs/sourcecode-gc-${NOW}.log 
And get a logfile named as such
 /my/logs/sourcecode-gc-1008-0938.log 
with the last time of startup as past of the log filename

But if I try to do something similar in Windows
 -Xloggc:c:\my\logs\sourcecode-gc-${NOW}.log 
I get a logfile named
 c:\my\logs\sourcecode-gc-${NOW}.log 
with the variable text as past of the log filename

Does tomcat on Windows not support variables in the GC filename?
I've tried a dozen different combinations
  $DATE  //${%DATE%}  //  $[%DATE%]  //  $(%DATE%)
  ${DATE}  //  $[DATE]  //  $(DATE)  //  $DATE  //  %DATE  //  %NOW%
  `%DATE%`  //  '%DATE%'  //  `cmd /c now /t`  //  'cmd /c now /t'
  %Y  //  %
and several other iterations
but the logfilename contains the variable that I was hoping would be
replaced with a timestamp.

and I can't seem to find a solid reference for Windows GC log filenames.




--
View this message in context: 
http://tomcat.10.n6.nabble.com/gc-log-filename-variables-in-windows-tp4987672.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: How to check whether a SSL certificate has been correctly installed

2012-10-08 Thread Adamus, Steven J.
Tom, 

Most if not all browsers let you view the certificate that was received
from the web server. You won't receive one unless you have an https
connection. If you can view it and verify it's the correct one, then
it's been installed correctly and the connection is encrypted. 

Steve

-Original Message-
From: users-return-237053-STEVEN.J.ADAMUS=saic@tomcat.apache.org
[mailto:users-return-237053-STEVEN.J.ADAMUS=saic@tomcat.apache.org]
On Behalf Of Tom Anthony
Sent: Monday, October 08, 2012 2:36 AM
To: users@tomcat.apache.org
Subject: How to check whether a SSL certificate has been correctly
installed

Hi,

I just installed a third party certificate on Tomcat and was wondering
whether there was a way to check with confidence that the ceritiftcae
has been installed correctly on the server and that all communications
between client and server are encrypted.

Thanks for your help.



--
View this message in context:
http://tomcat.10.n6.nabble.com/How-to-check-whether-a-SSL-certificate-ha
s-been-correctly-installed-tp4987669.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: gc log filename variables in windows

2012-10-08 Thread André Warnier

MrVJTod wrote:

In linux/solaris, I can specify
 -Xloggc:/my/logs/sourcecode-gc-${NOW}.log 
And get a logfile named as such
 /my/logs/sourcecode-gc-1008-0938.log 
with the last time of startup as past of the log filename


But if I try to do something similar in Windows
 -Xloggc:c:\my\logs\sourcecode-gc-${NOW}.log 
I get a logfile named
 c:\my\logs\sourcecode-gc-${NOW}.log 
with the variable text as past of the log filename


Does tomcat on Windows not support variables in the GC filename?
I've tried a dozen different combinations
  $DATE  //${%DATE%}  //  $[%DATE%]  //  $(%DATE%)
  ${DATE}  //  $[DATE]  //  $(DATE)  //  $DATE  //  %DATE  //  %NOW%
  `%DATE%`  //  '%DATE%'  //  `cmd /c now /t`  //  'cmd /c now /t'
  %Y  //  %
and several other iterations
but the logfilename contains the variable that I was hoping would be
replaced with a timestamp.

and I can't seem to find a solid reference for Windows GC log filenames.



Hi.

1) That's not really a Tomcat question, it's a Java JVM question.
So the question Does tomcat on Windows not support variables in the GC filename? is 
mis-directed. The -Xloggc is not a Tomcat parameter, it is a JVM parameter, interpreted 
by the JVM which runs Tomcat. Get the difference ?


2) Under Linux, where is the NOW variable set ? (probably in a Tomcat startup shell 
script, right ?)


3) How do you start (the JVM which runs) Tomcat under Windows ?
(If it is started as a Windows Service, it doesn't really have a Linux-like shell.  It - 
or rather the service wrapper (which runs the JVM which runs Tomcat) - takes its 
parameters from the Windows Registry, not the command-line.  No shell = no shell variables 
= no NOW).


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: How to check whether a SSL certificate has been correctly installed

2012-10-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom,

On 10/8/12 5:35 AM, Tom Anthony wrote:
 I just installed a third party certificate on Tomcat and was
 wondering whether there was a way to check with confidence that the
 ceritiftcae has been installed correctly on the server and that all
 communications between client and server are encrypted.

A couple of ways:

1. Connect via a web browser: use the https:// protocol. If the server
is speaking HTTP then you'll get an error message.

2. Use sslscan (http://www.titania.co.uk ; some Linux distros have it
in their package management systems). Just run sslscan [hostname]

3. https://www.ssllabs.com/ - use their test my website tool at the
bottom of their home page. It tells you about your certificates --
including making sure that you have a full cert chain and that the
certs are in the right order). It also tells you about other things
like if you are susceptible to BEAST and CRIME, and gives you a
grade based upon criteria I can't quite discern.

4. Use openssl's s_client:

   $ openssl s_client -connect hostname:port

It will give you some diagnostic information and actually let you
issue an HTTP request: it's pretty much 'telnet' except that it
tunnels it through SSL.

I'm sure there are other ways, too.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBzHoEACgkQ9CaO5/Lv0PADEACfcpk6Unx5E7loXtzLnB6UAtT7
Lm0AoKzuRAHpSGKuynGMaw/vGaqMEtq4
=JLtL
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: gc log filename variables in windows

2012-10-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

To whom it may concern,

On 10/8/12 11:17 AM, MrVJTod wrote:
 In linux/solaris, I can specify 
 -Xloggc:/my/logs/sourcecode-gc-${NOW}.log And get a logfile named
 as such /my/logs/sourcecode-gc-1008-0938.log with the last time of
 startup as past of the log filename
 
 But if I try to do something similar in Windows 
 -Xloggc:c:\my\logs\sourcecode-gc-${NOW}.log I get a logfile named 
 c:\my\logs\sourcecode-gc-${NOW}.log with the variable text as past
 of the log filename
 
 Does tomcat on Windows not support variables in the GC filename? 
 I've tried a dozen different combinations $DATE  //${%DATE%}
 //  $[%DATE%]  //  $(%DATE%) ${DATE}  //  $[DATE]  //  $(DATE)  //
 $DATE  //  %DATE  //  %NOW% `%DATE%`  //  '%DATE%'  //  `cmd /c now
 /t`  //  'cmd /c now /t' %Y  //  % and several other
 iterations but the logfilename contains the variable that I was
 hoping would be replaced with a timestamp.
 
 and I can't seem to find a solid reference for Windows GC log
 filenames.

This has nothing to do with GC filenames and everything to do with the
way cmd.exe does variable replacement.

First of all, cmd.exe does not recognize backtics (``) as meaningful
in any way, so that's not going to work. Second, sh-style $varname
doesn't work either.

cmd.exe (and every version of MS-DOS CLI before it) has always used
%varname% for variable replacement.

Lastly, the variable has to have a value. If you haven't set a value
for the DATE variable, then it will give you nothing. (Okay, I'm
floored: 'echo %DATE%' in cmd.exe actually gives you the current date
 - Mon 10/08/2012 for me. That seems to be ringing a bell from back
in my MS-DOS days, but the value you get isn't very friendly: it's got
a space and it's localized for the current user: stupid American date
formatting.)

I'm not sure what the best way to get the current date in an
environment variable is. win32's date command totally sucks: you
can't tell it how to format the date. You also can't use
command-substitution (back ticks) to get the output from a program -
you could write one to get the proper date format - into an
environment variable. Child processes can't modify the environment of
the parent.

I think this is why people end up writing hideout scripts for win32
that do things like create another script on-the-fly and do
string-replacement directly on the script, then run it.

If you have your date in a variable, like 'NOW', then you ought to be
able to use c:\my\logs\sourcecode-gc-%NOW%.log. Of course, that will
only work if you are launching Tomcat from the command-line and not if
you are running as a service.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBzHxMACgkQ9CaO5/Lv0PCJugCguC9GXRauvUyjjVOtuXO2mmuK
iDUAnj/YxvmDZWEvYZnwBGFgOAHjd5EN
=/dAU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: gc log filename variables in windows

2012-10-08 Thread MrVJTod
I understand. NOW, in my linux environment is set via a shell script in the
tomcat settings file as part of startup.

NOW=`date +%m%d-%H%M`

I wasn't thinking of the startup script like that.

I'll be moving on. Thanks.



--
View this message in context: 
http://tomcat.10.n6.nabble.com/gc-log-filename-variables-in-windows-tp4987672p4987677.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: gc log filename variables in windows

2012-10-08 Thread MrVJTod
windows command line isn't good at short code, but I've used this to rename
window log files on occasion

the first section parses the MMDD out of %DATE%
and the second section removes the colon/period/spaces out of %TIME% and
then trims the resulting string to just the first 4 characters HHMM.

if run from {something.bat)
REM ## BEGIN SCRIPT FILE
FOR %%A IN (%Date%) DO (
FOR /F tokens=1-3 delims=/- %%B in (%%~A) DO (
SET Today=%%D%%B%%C
)
)
SET RightNow=%Time::=%
SET RightNow=%RightNow:.=%
SET RightNow=%RightNow: =%
SET RightNow=%RightNow:~0,4%
SET fileStamp=%TODAY%.%RIGHTNOW%
REM ## END SCRIPT FILE

which would result something like this 
20121008.1506

which could be used in a batch to rename files with a timestamp
rename file.txt file.%timestamp%.txt




--
View this message in context: 
http://tomcat.10.n6.nabble.com/gc-log-filename-variables-in-windows-tp4987672p4987678.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: gc log filename variables in windows

2012-10-08 Thread MrVJTod
and I'm not going to convert my few remaining windows JVMs to use batch files
instead of running as a service. 

this is just extra motivation to get these last windows JVMs converted to
*nix.



--
View this message in context: 
http://tomcat.10.n6.nabble.com/gc-log-filename-variables-in-windows-tp4987672p4987679.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [speculative] gc log filename variables in windows

2012-10-08 Thread André Warnier

MrVJTod wrote:

and I'm not going to convert my few remaining windows JVMs to use batch files
instead of running as a service. 


this is just extra motivation to get these last windows JVMs converted to
*nix.



I basically agree, and this is thus just a bit of intellectual musing :

In the Registry of my Windows XP laptop, under 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tomcat6, I see an ImagePath with a 
value C:\apache-tomcat-6.0.24\bin\tomcat6.exe //RS//Tomcat6.


(tomcat6.exe being this service wrapper I was mentioning before : it provides the 
necessary wrapping to act as a Windows Service, and actually runs the JVM that runs Tomcat).


It may be possible to change this ImagePath to run a Windows .CMD file which would set the 
appropriate NOW variable and then run the above wrapper .exe.


And then, using tomcat6w.exe (the GUI registry editor which allows to set the environment 
which the wrapper passes to the JVM it runs), set a Java option including a reference to 
%NOW%.


If pigs can fly (and it seems that in some countries many people think they can - see 
http://planetsave.com/2011/03/28/can-pigs-fly/), it may even work.


Or, rather than playing around modifying things in the Registry, how about :
- create a user to run the Tomcat Service, and modify the Tomcat Service to run as that 
user (rather than as LocalSystem)

- give that user a logon script
- set the NOW variable in the logon script of that user
Windows may call that script whenever it starts the Tomcat Service.

Again, just idle speculation but hey, this is a Tomcat list, not a Windows one.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org