Re: Tomcat session with uncertain problem

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Terrence,

On 11/11/13, 4:31 PM, Terence M. Bandoian wrote:
> On 11/11/2013 2:29 PM, Jose Irrazabal wrote:
>> Thanks for the reply
>> 
>> I generate the session in a servlet in doPost method that would
>> be:
>> 
>> protected void doPost ( HttpServletRequest request ,
>> HttpServletResponse response) throws ServletException ,
>> IOException {
>> 
>> */ / create the session* HttpSession session = request.getSession
>> ( ) ;
>> 
>> */ / set attribute* session.setAttribute ( " idser " p_iduser )
>> ; session.setAttribute ( "username" , p_username ) ;
>> 
>> */ / redirect to page " menu.jsp "* response.sendRedirect ( "
>> menu.jsp " ) ;
>> 
>> 
>> } */ / end method*
>> 
>> On page " menu.jsp " I get the attribute with :
>> 
>> session = request.getSession ( false); String userid = (String )
>> session.getAttribute ( " userid " ) ; String user = (String )
>> session.getAttribute ( "user") ;
>> 
>> It is possible that this code *HttpSession session =
> request.getSession ( )* ;
>> this bad and how I can correct it.
>> 
>> It is possible that this code:* session = request.getSession
>> (false )*, this bad and how I can correct it.
>> 
>> They could give me an example of how to work with sessions
>> (create and capture) in a Java application with JSP, please
>> 
> 
> 
> Hi, Jose-
> 
> Is your request variable the implicit object provided by the JSP 
> container?  Do you maintain a reference to the request object
> anywhere?
> 
> Do you maintain a reference to the session object anywhere?  Also,
> there is an implicit session object provided by the JSP container
> which is set before your code is executed in a JSP page so it
> shouldn't have to be set again in menu.jsp.  However, if you do
> call request.getSession and include a false argument, it would
> probably be best to check for a null return value.
> 
> Are you sure your servlet is always executed before menu.jsp for a
> given session?
> 
> One thing you might consider is implementing HttpSessionListener
> and removing all of your application-specific attributes in the 
> sessionDestroyed method.  That might help make the situation more
> clear.
> 
> You might also consider setting your session attributes in a
> servlet filter rather than in a servlet.  That would eliminate the
> need for a redirect.

request -> servlet -> JSP using a forward is fairly typical. Redirects
are slightly less common but there's no reason there should be any
suspicion about a problem, there.

In this case, the data is being stored in the session (and not the
request) so doing a redirect (or forward) is not much different from a
pass-through filter.

It's pretty clear that the code above is for example/testing purposes,
so I wouldn't treat this as a real-world scenario.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgVMVAAoJEBzwKT+lPKRYiUkQAKKB9omhIY3bpxuaJUHRQsK2
kMsfkDkMzScF0BaYsmAJsaSjj2cATfytprWK5jpujiBINz5SB01EeweF5L555dVW
mcFqXqIczbD6vTSG/dt0Vm1Cj694DMrwsGgWszlIlrnyRB6KyBQBV2KSQ+xk/0eV
uDMj2bxu8+BpbDH76d/muJabc9GIw9d7KnnLYOUGfXIvyCiAXb6QhJzkMsPnR0nC
8fb1iaU0dHbZIA35YjSHR4b6XCkFCKsRv++lpMvQ3qhlIWUhj42thfJ7cHV8AtBD
vyjXV+uSDtRDR9bc/mDQIUgEb43iXyypX3UHmMRzXXr3iqJqI7UXG4P26K6NZufu
r/wb9vVs/K2Cg6Yk9ZTuYhtuy42G3q4PIA79fDQt3j+iSDZlARSjL7txRwkYIflA
ccYUokcvs4LC0kpwxZc0NT9GoYGHAK37uu3S5hJK5ntGtxvQE1/p2ggf8MHEPejE
+mT5Vx/vry9gaDrRoiWQsZ3d7nRrVNAh3Vi0W6QElC05gL2kmQJNPbU1EzsZJjE5
YTpGkqEi9YdDe/2k2WKXdVWRttB2E+5oqjWekJCtcoEUCH8GwHVkqHEFXjYgg92v
ffoXKYfdTt0y6G8VczDNOjy4EBZ5i4x4rY33fvI7KQJiHZsdAKZZK+Hh8mfo90wd
TJsTun+TpAjAvyceMCvb
=jtLW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat session with uncertain problem

[Terence M. Bandoian]

On 11/11/2013 2:29 PM, Jose Irrazabal wrote:
> Thanks for the reply
>
> I generate the session in a servlet in doPost method that would be:
>
> protected void doPost ( HttpServletRequest request , HttpServletResponse
> response)
> throws ServletException , IOException {
>
> */ / create the session*
> HttpSession session = request.getSession ( ) ;
>
> */ / set attribute*
> session.setAttribute ( " idser " p_iduser ) ;
> session.setAttribute ( "username" , p_username ) ;
>
> */ / redirect to page " menu.jsp "*
> response.sendRedirect ( " menu.jsp " ) ;
>
>
> } */ / end method*
>
> On page " menu.jsp " I get the attribute with :
>
> session = request.getSession ( false);
> String userid = (String ) session.getAttribute ( " userid " ) ;
> String user = (String ) session.getAttribute ( "user") ;
>
> It is possible that this code *HttpSession session =
request.getSession ( )* ;
> this bad and how I can correct it.
>
> It is possible that this code:* session = request.getSession (false )*,
> this bad and how I can correct it.
>
> They could give me an example of how to work with sessions (create and
> capture) in a Java application with JSP, please
>


Hi, Jose-

Is your request variable the implicit object provided by the JSP
container?  Do you maintain a reference to the request object anywhere?

Do you maintain a reference to the session object anywhere?  Also, there
is an implicit session object provided by the JSP container which is set
before your code is executed in a JSP page so it shouldn't have to be
set again in menu.jsp.  However, if you do call request.getSession and
include a false argument, it would probably be best to check for a null
return value.

Are you sure your servlet is always executed before menu.jsp for a given
session?

One thing you might consider is implementing HttpSessionListener and
removing all of your application-specific attributes in the
sessionDestroyed method.  That might help make the situation more clear.

You might also consider setting your session attributes in a servlet
filter rather than in a servlet.  That would eliminate the need for a
redirect.

-Terence Bandoian


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat session with uncertain problem

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jose,

On 11/11/13, 3:29 PM, Jose Irrazabal wrote:
> I generate the session in a servlet in doPost method that would
> be:
> 
> protected void doPost ( HttpServletRequest request ,
> HttpServletResponse response) throws ServletException , IOException
> {
> 
> */ / create the session* HttpSession session = request.getSession (
> ) ;
> 
> */ / set attribute* session.setAttribute ( " idser " p_iduser ) ; 
> session.setAttribute ( "username" , p_username ) ;
> 
> */ / redirect to page " menu.jsp "* response.sendRedirect ( "
> menu.jsp " ) ;
> 
> 
> } */ / end method*
> 
> On page " menu.jsp " I get the attribute with :
> 
> session = request.getSession ( false); String userid = (String )
> session.getAttribute ( " userid " ) ; String user = (String )
> session.getAttribute ( "user") ;

So you are saying that with a simple servlet and JSP you can
demonstrate that Tomcat is swapping session ids between two users?
Please provide a WAR file including source that demonstrates the
problem, and includes instructions for how to "see" the problem.

You won't be able to post a WAR file to the list, so throw it on
DropBox or something like that. Don't create a Bugzilla entry because
I'm sure this isn't a Tomcat bug.

> It is possible that this code *HttpSession session =
> request.getSession ( )* ; this bad and how I can correct it.

Very unlikely.

> It is possible that this code:* session = request.getSession (false
> )*, this bad and how I can correct it.

I wouldn't bother having that line in your JSP at all: it just does
what the JSP container will do for you, anyway (except that the
container will pass "true" as the boolean argument to that method).

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgUP1AAoJEBzwKT+lPKRYg8MP/i+X3mi5w2BKVjC8nNv8KTvN
NyfJ6rye0ljxwmH2QH7qqlP/s6GXP+S+vYeTeT9F6q3a/w1p4ZQIginYuBnnD0k0
FC4qSc2waIls7xs8/ICvWYBt/EvhIF4i8TJ1qJ2fZyMcHN8G3Z+BYlP44KYrT5nn
sT0VQZwIoWgfgv+m1halW3Rk4eHdyvmFlp10stUQ0Tjfrr40W7z78BHvZ3qfXG85
oMVXtlyFZf/HS7n87D7DMzpRJjccTVC4vhuFaVFiSdZzITRd7C+GYK1CfENdFtMW
ea7ImL1nsss/3bOSQWyH0eivE1WBcRVSHucQlXNKzDZh4DerLp9CMQ50u4wz9jPa
haf3vkDwHiFqN/rvRVz3MsZOetFkioxUugzc62rNPCTUmBJ36pHUDFHFyBVMbPxY
aX2YVAYr+6AGOUfv+fHcnqi7ydREBcDNpYNlP9Pw4Q7ayYxkRnWxk5h+Jj8KkJXH
0walKBAXQZ3lPxInnbBUIdXGPRPDDA69Dxk7w1IvXOxK5otmo93Y7CcqSB5kX0GQ
vfq8vIS5c71jO/31nJbFQTXnKDCjKNPCKPS14i/ugA5Ueenocaw0BN02m+EAsUWD
S/d7onMbo09Xh3wA42R9DVMwKXNzOSB68xa1gGTbU8YBrDSDeU+le3vhDQWUt425
TYdnem1yOQGzYzKKsGs2
=/zLa
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting Error the the Time of deploying .war file

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

André,

On 11/11/13, 6:49 AM, André Warnier wrote:
> Saurabh Saraswat wrote:
>> Dear all,
>> 
>> I am getting the "Connection was reset error" while deploying the
>> .war file of my web application on the apache-tomcat server. I am
>> deploying the file using Tomcat-Manager and its giving the above
>> mentions error after uploading 50 %.
> 
> What is the size of that file ? You may be hitting a maximum upload
> file size. ( -- maxPostSize)
> 
>> 
>> Can u please tell me the reason of this. This is the snapshot of
>> error.
> 
> Better : check the Tomcat logs. The error should be mentioned there
> too, probably with an explanation.

I'd like to know if the error occurred on the client or the server (or
both). What do the logs say?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgUMxAAoJEBzwKT+lPKRY/YAQAMH6aV9nwjNu9JmnosGLoylz
b7qWxiwoku2SvQhDoTCwbeJQ41drCU2j8mPS0VDV/ZNDIYf51h32xNuRAR1PFZMU
Blatb8/zab4/lR0zlaCLy82vqS1AueEYT6b3TXaZjMSk5rt5rCFodbQcEPY2L7qq
INJwDS6Yfkhtr8PjsuO717/rIYLrZbEbjBfQqSqn+v5ytuoKEhUebd1gUQ/2dkdO
4YgA6X0c+xKs+mo1oohFTMICnHsLHZ/TSSwFV89V+oNxBVQrKsdPAlV84jMcs01R
TKLKMahlbVcAqzbP+dP09NZSSCOoQQ0ScXOFB24w1oaO1BXGSRDlwyr4yW2UVwFf
gcef/sBFQvrVPg2gInVYzg+nADBG5RuUV20Dz0CpWqVUYMRCM4qO+tX2lD5KOhzD
+sCAHWjsrhVBov6mo/vITwhCK4XwV0/G+Jqn/1rnRKwTbBMELjmbS7163FOMvpmc
MWRpZWbLGINaUmsWVfL6KaJhkvJYNjVIyGq8iGIt0El1gzGjJoH5nkcFEx5nIngF
Kw25DF/mHBV03sXhoqRGy2xNQckGQP3UGtPzSWUoB0Ha5FesyILzbhkK8Tc4BYjC
/l+a9O9FVHMTpbeZhtsngOhOMsdGuA6V+7ux/G9dSb9u5S764yg1FM+7+kEYE2Qz
s8tYdNdlnVBf58DizTBG
=Pvix
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat session with uncertain problem

[Jose Irrazabal]

Thanks for the reply

I generate the session in a servlet in doPost method that would be:

protected void doPost ( HttpServletRequest request , HttpServletResponse
response)
throws ServletException , IOException {

*/ / create the session*
HttpSession session = request.getSession ( ) ;

*/ / set attribute*
session.setAttribute ( " idser " p_iduser ) ;
session.setAttribute ( "username" , p_username ) ;

*/ / redirect to page " menu.jsp "*
response.sendRedirect ( " menu.jsp " ) ;


} */ / end method*

On page " menu.jsp " I get the attribute with :

session = request.getSession ( false);
String userid = (String ) session.getAttribute ( " userid " ) ;
String user = (String ) session.getAttribute ( "user") ;

It is possible that this code *HttpSession session = request.getSession ( )* ;
this bad and how I can correct it.

It is possible that this code:* session = request.getSession (false )*,
this bad and how I can correct it.

They could give me an example of how to work with sessions (create and
capture) in a Java application with JSP, please


2013/11/11 Christopher Schultz 

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jose,
>
> On 11/11/13, 8:24 AM, Jose Irrazabal wrote:
> > Thanks for the answer, then it can be when generating the session?
> >
> > I use a servlet to create the session with the code: *HttpSession
> > session = request.getSession ();* Then I add the attributes:
> > *session.setAttribute ("idUser" p_iduser);* *
> > session.setAttribute ("username", p_username);* *
> > session.setAttribute ("idrol" p_idrol);* And redirected to the page
> > "principal.jsp" : *response.sendRedirect ("principal.jsp");* On
> > page "principal.jsp", recovery attributes for display: *session =
> > request.getSession (false);* * Id_user String = (String)
> > session.getAttribute ("idUser");* * String username = (String)
> > session.getAttribute ("username");* * Idrol String = (String)
> > session.getAttribute ("idrol");*
>
> Note that "session" should be an implicit variable in every page,
> already set to the user's session. You should not have to call
> request.getSession in your page at all.
>
> > This is where the problem occurred, a user session captured the
> > other user sesion,  may then this used procedure is bad?
>
> Usually this kind of thing happens because you have stored a reference
> to a HttpServletRequest or HttpSession object somewhere you should not
> have.
>
> Can you:
>
> a. Try to reproduce this issue with current Tomcat 7.0.47
>
> b. Create a minimal, simple test WAR that demonstrates your problem
> and post it somewhere
>
> This is very unlikely to be a bug in Tomcat, but more likely a bug in
> your own code.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.15 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJSgPXYAAoJEBzwKT+lPKRYRl0P/i7xEX9mo05Lmkpd1q2gil3s
> jr5+jn10y52heuIPR+kttkjQIYH49l0IqlME3GLsItjTL7m6HoYaQa/CVKY4ksWo
> M2ZhXFKQTu0995Dsye8zTAmP5IxDx6ZI2PXmG3crCt4e4G2tjfNNe1WrqLJjvG97
> w8jHL/F2J5AA6lLZp+8L3hm4o6mAzDuEnpVsJRB7EKLj06P02PtQG6j6lVleoioj
> qIUiSDnYtjurByQahgyXOJnk73ZV/CDX+fTmmezOapk+XmzlRSyRLPDBQRLUfsgp
> eqjY02e5RV0yusLZD0M15ENieHOf1e4inhI4eHBn77yRe0y4KU0Q1HjGcKNlpgsN
> yTEFQ2Votn/39V6ZEm79ee4rVvcFc9I4J+UqX/4b7OxTffUHa021+3gl1uHIIiNX
> TZCOrbQBHXzPD/qhPXk1FjHRm6/SzPwBypcKho+0hc8cPtPa7+O/9gu3gcPRdpgd
> O0uKB1Ypqv+729JJuXYk0lDdG+vCsDl3j3tYYGoFmwpWn4UiuTBLMaa/eBLnnIBW
> +mfXkpcyADywXcAGgAi94DIRCeP252kO0/+T6E8csroTQF9zi7v/c23CaiBZu5Qw
> efs2jC7Iq4IMvBsmNj8CwWAr2O09dur3E40WeRNuV4q4QNxuhFzaV5t7x7VapqmA
> eJ9Hk5jgb6qpVbITld8T
> =csbX
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

[Howard W. Smith, Jr.]

On Mon, Nov 11, 2013 at 10:23 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Howard,
>
>
> I might recommend using a Filter like this:
>
> filter() {
>try {
>  chain.doFilter();
>} catch (SocketTimeoutException ste) {
>  application.log("Got STE for request " + request.getRequestURI()
> + with client " + request.getHeader("User-Agent"));
>}
> }
>
> ... or something like that. It might help uncover patterns in dropped
> connections.


agreed, i decided to do this (below) yesterday evening (to prevent the
stacktrace in the log file; noted your recommendation/usage of catching
SocketTimeoutException, thanks),

try {
chain.doFilter(req, res);
} catch (org.apache.catalina.connector.ClientAbortException e) {
logger.error("caught
org.apache.catalina.connector.ClientAbortException: " + e.getMessage());
}


since I already know the culprit(s); see details/explanation, below.



> Maybe Igor is right and the problem is some browser (e.g. MSIE 8) and not
> necessarily mobile clients.
>

it is the mobile device phone/internet connection that is lost, recycled,
recovered (or however you want to explain it). see below (and saved a copy
on gist[1], too).

user1 (iPad, internal verizon wireless 4G phone/internet connection)
connects and accesses login.xhtml page

70.215.84.34 - - [09/Nov/2013:13:08:20 -0500] "GET /webapp/index.jsf
HTTP/1.1" 302 -
70.215.84.34 - - [09/Nov/2013:13:08:22 -0500] "GET /webapp/login.jsf
HTTP/1.1" 200 1445
70.215.84.34 - - [09/Nov/2013:13:08:25 -0500] "GET
/webapp/javax.faces.resource/primefaces.css.jsf?ln=primefaces&v=4.0.3
HTTP/1.1" 200 10036


user1 (iPad); note localhost_access_log and tomcat7-stderr log lines below;
note the request filenames, date/time, and exceptions

70.215.84.34 - - [09/Nov/2013:13:09:00 -0500] "GET
/webapp/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=4.0.3
HTTP/1.1" 200 -
70.215.84.34 - - [09/Nov/2013:13:09:00 -0500] "GET
/webapp/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=4.0.3
HTTP/1.1" 200 -

Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl
handleResourceRequest
SEVERE: Error trying to load resource jquery/jquery.js with library
primefaces :null
ClientAbortException:  java.net.SocketTimeoutException
at
org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:413)

Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl
handleResourceRequest
SEVERE: Error trying to load resource jquery/jquery-plugins.js with library
primefaces :null
ClientAbortException:  java.net.SocketTimeoutException
at
org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:413)


user1 (iPad, different IP address) clicks Login button on login.xhtml, POST
to server, successful login, server redirects to index.xhtml

70.208.164.166 - - [09/Nov/2013:13:09:52 -0500] "POST /webapp/login.jsf
HTTP/1.1" 302 -
70.208.164.166 - - [09/Nov/2013:13:09:52 -0500] "GET /webapp/index.jsf
HTTP/1.1" 200 7008

Nov 09, 2013 1:09:52 PM pf.ApplicationScopeBean login
INFO: sessionId = user1B4584B981555A703B8E0DA189D2294F5

Nov 09, 2013 1:09:52 PM jsf.users.pf_UsersController loginUser
INFO: user1 (iPad) logged in at 11/09/2013 01:09 PM


user1 (iPad) GET resource, user2 initiate/GET websocket, user1 initiate/GET
websocket, respectively

70.208.164.166 - - [09/Nov/2013:13:09:53 -0500] "GET
/webapp/resources/images/loading_circleThickBox.gif?pfdrid_c=true HTTP/1.1"
304 -

166.137.105.198 - - [09/Nov/2013:13:09:53 -0500] "GET
/webapp/primepush/user27BF5C51CF354C1F4926B835CB7F2083E?X-Atmosphere-Transport=close&X-Atmosphere-tracking-id=f2a3916c-62a0-477e-b226-539857827c2e
HTTP/1.1" 200 -

70.208.164.166 - - [09/Nov/2013:13:09:54 -0500] "GET
/webapp/primepush/user1B4584B981555A703B8E0DA189D2294F5?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.0.3-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&X-atmo-protocol=true
HTTP/1.1" 101 -


[1]
https://gist.github.com/smithh032772/7380812#file-2013-11-11-discussion_details-txt

RE: [OT] RE: Baked-in context paths

[Jeffrey Janner]

> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Thursday, November 07, 2013 10:07 AM
> To: Tomcat Users List
> Subject: Re: [OT] RE: Baked-in context paths
> 
> 
> Jeff,
> 
> On 11/7/13, 10:17 AM, Jeffrey Janner wrote:
> >> -Original Message- From: Leo Donahue - OETX
> >> [mailto:leodona...@mail.maricopa.gov] Sent: Wednesday, November 06,
> >> 2013 4:29 PM To: Tomcat Users List Subject: [OT] RE: Baked-in
> context
> >> paths
> >>
> >>> -Original Message- From: Leo Donahue - OETX
> >>> [mailto:leodona...@mail.maricopa.gov] Subject: RE: Baked-in context
> >>> paths
> >>>
> >>>
> >>> B KK
> >>>
> >>>
> KKCB  [  X  ܚX KK[XZ[
> >>>
> >>>  \ \  ][  X  ܚX P X ]
> >>>  \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
> >>>
> >>>  \ \  Z[ X ]  \X K ܙ B
> >>
> >> I don't know why my email client keeps adding this junk.  There
> isn't
> >> even a carriage return after this line.  Sorry for the wasted bits.
> >
> > You must be using Outlook. My Outlook tends to do that every time I
> > reply to one of Chris' PGP-signed messages. The trick is to make sure
> > you remove all the PGP signature and all the header bits associated
> > with it.
> 
> :(
> 
> I didn't know that was happening. I used to use PGP/MIME but evidently
> that made my messages invisible (i.e. no-content) for some people with
> ... less capable email readers. So I switched to in-message signatures
> which seemed to be a bit more compatible.
> 
> Apologies for the inconvenience.
> 
> - -chris

No real problem Chris.  I normally delete everything at the end of a message 
that's not relevant to the message.  It's just that I sometimes forget to 
remove the "BEGIN PGP MESSAGE" and hash line at the top of the message, and so 
for some reason Outlook still puts in a bunch of junk at the end.
Not really your fault. If only MS would support industry standards better, we'd 
all be better off. (I also can't set it to not top-post replies.)

Re: Tomcat setting as a service after installing the binaries

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jojy,

On 11/11/13, 5:34 AM, Jojy George wrote:
> I just checked and found out that it was problem with the wrong
> jdk version. it was using 32 bit instead of 64 bit and i installed
> the 64 bit and that fixed the issue.

Just checking: do you actually need a 64-bit JVM? If a 32-bit JVM will
work okay for you, you might want to use it instead. It's likely to be
a bit faster as long as you don't need large heaps (>~1.5GiB).

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgRFpAAoJEBzwKT+lPKRYqkYP/1ooG6AIbrcW5nT0vIe/HQ3e
4aL5TpJ3QkjemSjUNT7cObx0NZog1J/X/6GHuQs5u0gayI0Km/qU/QUAYEyD5pCh
cYCYnLijFCcg5L/Rgtl9wHMPivs32+h05FwticD27IY9WDuS+t6wm8dOGU1yidxl
/AX+4izIX5TH2KbJIGAUBpIkxmoNzhjZ9N5enNL38Uz1rLJBd4SAqA0NQC5N4PJ/
8nOjjrvYqvW6lxcZJxCjKmd4tq/IqXetj5tT1Gkxaf1cqOykn8jmk4ou4/C26VjX
hn+dfV8RcjTmvJrhLvjCorUSzsHFVnCv3xwkwZGsBbK8MJGQrQZY8lucFvd3pM2Z
4CyXnNccnap6meNDrqtHjVEjRoQaIAGoR0n0VGqwfqN78qwpXOhaQriRy2g/ncrL
fuMj2nusTM4BG5NB465wmoTF609IOm+sb4garH4P547LM5Rn/zhyMM/3bNq1Usi6
T3/33Lbt2MdFrMm9PO5gKd58N/JWJzXlTEKEq5fRrHPM/aRysRIkJep51L9zePa4
Tac5Vhmt0BVwbJiAPzix1xwVaBF/Qkqb4IPaMqKsXz8G6cIRBHrWmxRTbzdXmVjL
IVJYD01JlQs4Trqpkm2q0jbiWAyDkwoLr4LjWfVIv0xb5pUlCUX8RiQYz4pQI6m2
8yUALsz1/P8RkamxZPOk
=Rgbf
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat setting as a service after installing the binaries

[Konstantin Kolinko]

2013/11/11 Jojy George :
> HI All,
>
> I am trying to set and run tomcat as a service after installing it as
> binary instead using the windows installer. But i am not able to start it
> after setting it as service, it is giving the below exception when i am
> trying to start the tomcat service.
>
> Do anybody has got any idea why this error is coming and anybody has got
> any resolution for the same.
>
>
>
>
> [2013-11-11 14:42:44] [info] Service Tomcat6 name Apache Tomcat 6.0 Tomcat6
> [2013-11-11 14:42:44] [info] Service Tomcat6 installed
> [2013-11-11 14:42:44] [info] Commons Daemon procrun finished.
> [2013-11-11 14:42:52] [info] Commons Daemon procrun (1.0.2.0) started

1. Your OS = ?

2. How old is your version of Tomcat 6 that it uses Commons Daemon 1.0.2?

The current version of Commons Daemon is 1.0.15.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Restrict the use of JDK classes Tomcat 7 or 6

[Aurélien Terrestris]

Hello Analia

I'm glad that you could play successfully with the Security Manager as
I advised first :D


About permissions, here you have a doc :

http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc3.html#20211

best regards

2013/11/11 ANALIA DE PEDRO SANTAMARIA <100074...@alumnos.uc3m.es>:
> Hello,
>
> I have been working with the Security Manager and I think it is a good
> aproximation of what I need, thank you very much for the advice. I have
> read that it is possible to create your own Permission class, but I haven't
> found any documentation or example. Could anybody tell me where I can find
> information about create a Permission class?
>
> Thank you very much.
>
>
> 2013/10/23 Caldarale, Charles R 
>
>> > From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> > Subject: Re: Restrict the use of JDK classes Tomcat 7 or 6
>>
>> > When you say "Java classes", are you talking about re-defining
>> > something like java.lang.String? If so, then the servlet spec (3.0:
>> > 10.7.2) prohibits web applications from loading classes from any of
>> > these packages from a web application class loader.
>> >   java.*
>> >   javax.*
>> > Looking at current trunk, Tomcat appears to take a lazy view and just
>> > look for these two classes:
>> >   javax.servlet.Servlet
>> >   javax.el.Expression
>> > So it looks like you might be able to redefine java.lang.String if you
>> > want.
>>
>> As I recall, the JVM itself prevents loading of java.* classes from
>> anywhere other than the registered JRE jar locations.  Not sure about
>> javax.* classes.
>>
>>  - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail and
>> its attachments from all computers.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Http url connection : server returned http response code 400

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Vicky,

On 11/11/13, 10:02 AM, vicky b wrote:
> I am  getting server returned http response code 400  when  i run
> below code from my tomcat however it works fine when i run it in
> WAS whch has proxy server   settings.
> 
> URL url = new URL(reqUrl); HttpURLConnection con =
> (HttpURLConnection)url.openConnection(); con.setDoOutput(true); 
> con.setRequestMethod(request.getMethod()); 
> if(request.getContentType() != null) { 
> con.setRequestProperty("Content-Type", request.getContentType()); 
> } con.setRequestProperty("Referer", request.getHeader("Referer")); 
> int clength = request.getContentLength(); if(clength > 0) { 
> con.setDoInput(true); InputStream istream =
> request.getInputStream(); OutputStream os = con.getOutputStream(); 
> final int length = 5000; byte[] bytes = new byte[length]; int
> bytesRead = 0; while ((bytesRead = istream.read(bytes, 0, length))
> > 0) { os.write(bytes, 0, bytesRead); } } else { 
> con.setRequestMethod("GET"); } out.clear(); out =
> pageContext.pushBody(); OutputStream ostream =
> response.getOutputStream(); System.out.println(" finished
> getOUTputsteram"); response.setContentType(con.getContentType()); 
> InputStream in = con.getInputStream(); final int length = 5000; 
> byte[] bytes = new byte[length]; int bytesRead = 0; while
> ((bytesRead = in.read(bytes, 0, length)) > 0) { 
> ostream.write(bytes, 0, bytesRead); }

So you have a quick-and-dirty proxy servlet, right?

There are a number of optimizations, etc that you should probably
make, but none of the above code uses any Tomcat code (other than
fetching information from the incoming request, which presumably works
correctly).

It looks like you are getting a 400 from the server your code is
contacting. Have you looked at the request that is actually being sent?

Under what conditions do you get a 400 response? I see you are
unconditionally setting con.setDoOutput(true) even if you don't intend
to send any data. You conditionally call setDoInput which doens't make
a great deal of sense. I think you have these two calls reversed in
your head.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgPnjAAoJEBzwKT+lPKRYg7QP/2DIfwXWl/d5XTXxLwn637H7
voM3qF26zyoObW5F/Z2TmTDnidmTb/D4PSn/ZE+1cKJcbgBWoY36fJ+MFaAXhptf
5MQet22E7xCUWs0n9Y9QbcPA7J5ZaGDap4O3ukW5C8O4/+vPkkNnjlIycNRa/P+/
UvfvZVxVeZR2xioar4L81gr0CgBzCALUjCPQ5pLqh14NOMzl9nfNbxmkCUvQYpGa
YpWmVhF7QKuv08fJxNLzEzjuZS+gQZn1SdqaMWoO3ebUrWMIpNiiv/xZC/oJInIT
qfxvDrRpRpzzbhIWUwdfj4PzXHDJz0OlUVN5UzDY0WocDMddN1QeaRuQaZQnLpsK
Cy27E8wWJrATd4vdki7FteQCIyZBPB6A/sBy0nKSArvn13uGowcdgPpTsc+sW5hP
GxRiohnpH9vWj2IMDSuBtnnipDp/+f7JsvjQqOQ2Pmw2Zs6BwCAG8v7ufDFil6Lj
NDhIPJ7FFeCmso+DeWItmBQq7iQV7mQaZ9DKhS9y/1hd0ZF/kqTv5KgKzpu12BTE
2GauCWxIt9qiCuVgNEpp4cEsV4sptxV+XI4k5DtFVB0EMcX9gGVNYjxJSQP/4efG
tjgA6jG2Ea/YM2KU2cJu0F2mFL3qKr3Vh47K5NE+mHtFMhrygz8nH5zX+s9nvF6F
5vrRBravwnLLOk/ZGOU2
=Zxr5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Restrict the use of JDK classes Tomcat 7 or 6

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Analia,

On 11/11/13, 10:25 AM, ANALIA DE PEDRO SANTAMARIA wrote:
> I have been working with the Security Manager and I think it is a
> good aproximation of what I need, thank you very much for the
> advice. I have read that it is possible to create your own
> Permission class, but I haven't found any documentation or example.
> Could anybody tell me where I can find information about create a
> Permission class?

Try searching for "java custom SecurityManager" instead.

Writing your own Permission isn't going to help unless the
SecurityManager already knows how to check for that kind of
permission, and the code attempting to run under the SM understands
that it needs to request a privileged action.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgPiHAAoJEBzwKT+lPKRYlmYQAMNG0tbc5EzKjcm1Eqp12JdK
jD1l9CxtWe4cWIaLtzeRypb3SgP+HgrFkfk5p4wtjQb4WnWItLBq9JTIj23c1gvZ
ePHgySzchxWL8UPMRbiDDBnoLPn25Vk6Cy9wnanL7AMy/gBn9DggtY9PrJJEXEVm
EZ6HY1tQrmgW1C4U3621Rlw5HYEP3u9t2zhXCYe5m27jm4DtcBSyq+eedlI5fxKI
iFF4zEh+vdpE/+Xi3PDi8Ksg6iDoOANx09S1x5dUgdi/v8Agl1Cf7jUmOc75Vk+b
TpDvDb/et+fltfbzN7XGVK9cqzp5ZaDgtJ+tw2EBY5/FVl/QEr1utIjc5K8gdN1J
KYamOpp/qhfUIQGWN1sO2Pzzd+dmDlyqp5pRd2pxyZcwZhqpd4Gki+JcIpN4yaKu
R/dV92GU3SzyTRCFxZ8DZdCcck6CU/XQrvzL2horjtRoguMsGiU3KnE+AtnvS/CJ
X6D2FMPltk2o4NPM5mn8anDyLCNUOf3Z+8x5I4nA6nVYJXgSgr6XUNZUiinXjyJx
CWmJTMwaPqFiNvTNOuw3q3p7KCFppznzmHashbOrB3qgbf44evEcsVO5kanOgwGw
qMGT+YqCIjRUoaLsJxruzMd/JgmkiEYCf+2+BWruLhp/qa9Sh7MTOFHC/KnW+oUc
779tOTmWizs7tqxKXWR7
=ohPG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

André,

On 11/11/13, 5:41 AM, André Warnier wrote:
> Howard W. Smith, Jr. wrote:
>> On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. < 
>> smithh032...@gmail.com> wrote:
>> 
>>> Caused by: java.net.SocketTimeoutException at 
>>> org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127)
>>>
>>>
>>> 
at
>>> org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174)
>>>
>>>
>>> 
at
>>> org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163)
>>>
>>>
>>
>>
>>> 
my apologies, based on this exception (above), I decided to provide you
>> with the following from my tomee/conf/server.xml:
>> 
>> 
>> > protocol="org.apache.coyote.http11.Http11NioProtocol" 
>> maxThreads="150" connectionTimeout="2" 
>> acceptorThreadCount="2" redirectPort="8443"
>> socket.directBuffer="false"/>
>> 
>> 
>> I guess the answer may be the connectionTimeout="..." (above),
>> but still would like to know recommendations of others based on
>> experience with web application serving mobile clients. thanks.
>> 
> 
> AFAIK, the "connectionTimeout" above applies specifically to this
> : - the client opens a TCP connection to the server - but then the
> client does not send any request over that connection (so the
> server waits and waits, until that timeout strikes).

More specifically, it's the timeout within which the client must send
the *request line* of the request. The whole request can take 10
minutes (e.g. huge streaming upload) for all Tomcat cares, as long as
the initial request line arrives within that 20 seconds.

> This is a classic way of doing a DoS attack : many clients connect
> and don't send a request (or do it very slowly), tying up server
> resources until the server is overwhelmed. In some Connector
> configurations, this does not necessarily tie up a Thread (only a
> TCP socket), but it does have the potential to tie up limited
> resources. The value of 2 above is in milliseconds, so after a
> connection is established, the server will wait up to 20 seconds
> for a request to be received. I would not expect nowadays that any
> client, on any type of connection, would take that long to send a
> request on an established connection.  So I would certainly not
> make it larger, and you can probably reduce it significantly, and
> save resources.

+1

If a client doesn't send the request within about 5 seconds, I don't
think it's going to send it at all. (Probably less than 5 seconds,
honestly, but I've never bothered to collect the data on my servers to
substantiate that assertion).

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgPe8AAoJEBzwKT+lPKRYDH0QAMnXTmInl/aRqYQY8nONf16K
2Scj1Jk4r2X9fjRaGXnO9p5A3vmnrTnUEruaKBl1Jym8Y0nMFbPtSBsxXaKTfRBH
uvIZAj0jyKkuS7oaXBGAjCkRP8ZGNWyHgjB/e+EBWg7dinAl3zfe6Ims4EBIUxc5
GL3fdbyX6uMhV7snMilYXT3OJcp8vPXDGTG6apOLoepfbMxCiBdYpV0MEKO6FEu1
v5lSoN5Clk3g1d9i7utxrfV/cegsABxRDxNpo56SrjdajVkfrOOzr9Wf1Qqy+bIe
nxMcK+AT/V/SNxpHjQ07grK5lBMjqd/vA4AgKDCQGX+qgfoF+6q7lA6YAk6wP7M9
QrBEe9Vj7Q9TLNE+DhClh/BZV5WYcXjUq6q4PI+G0XJYxwYHNcEGEj/ror5+Rqdg
af7iru3koQUFXqIHCblvjESmDsxLTmuI+Bh3NEZrm/VLdM2BiLAnnJQeILIhy2Ez
YZPq1LlbQojYBGITgii72wD9eS1TR309quFT5YQXd1GsTbCUU2Z/uOxPAJ9BZDJF
6nZZLvdRh0sBptqtomzgaYMcSrVBbBanoRwWxE2Gwo2iKHkpnhkWlG1mdyLEjeNk
Rq2+HzdEOHNPLXB9i528huvQKPP1BTPlUtuWd5d3aAVIb9yHoG5oesTsidPsXoLY
scuBEQREmP7qMtaOSGq5
=tEDl
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Restrict the use of JDK classes Tomcat 7 or 6

[ANALIA DE PEDRO SANTAMARIA]

Hello,

I have been working with the Security Manager and I think it is a good
aproximation of what I need, thank you very much for the advice. I have
read that it is possible to create your own Permission class, but I haven't
found any documentation or example. Could anybody tell me where I can find
information about create a Permission class?

Thank you very much.


2013/10/23 Caldarale, Charles R 

> > From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> > Subject: Re: Restrict the use of JDK classes Tomcat 7 or 6
>
> > When you say "Java classes", are you talking about re-defining
> > something like java.lang.String? If so, then the servlet spec (3.0:
> > 10.7.2) prohibits web applications from loading classes from any of
> > these packages from a web application class loader.
> >   java.*
> >   javax.*
> > Looking at current trunk, Tomcat appears to take a lazy view and just
> > look for these two classes:
> >   javax.servlet.Servlet
> >   javax.el.Expression
> > So it looks like you might be able to redefine java.lang.String if you
> > want.
>
> As I recall, the JVM itself prevents loading of java.* classes from
> anywhere other than the registered JRE jar locations.  Not sure about
> javax.* classes.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Howard,

On 11/10/13, 9:25 AM, Howard W. Smith, Jr. wrote:
> On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. < 
> smithh032...@gmail.com> wrote:
> 
>> Caused by: java.net.SocketTimeoutException at 
>> org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127)
>>
>> 
at
>> org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174)
>>
>> 
at
>> org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163)
>>
>
>> 
> my apologies, based on this exception (above), I decided to provide
> you with the following from my tomee/conf/server.xml:
> 
> 
>  protocol="org.apache.coyote.http11.Http11NioProtocol" 
> maxThreads="150" connectionTimeout="2" acceptorThreadCount="2" 
> redirectPort="8443" socket.directBuffer="false"/>
> 
> 
> I guess the answer may be the connectionTimeout="..." (above), but
> still would like to know recommendations of others based on
> experience with web application serving mobile clients. thanks.

I might recommend using a Filter like this:

filter() {
   try {
 chain.doFilter();
   } catch (SocketTimeoutException ste) {
 application.log("Got STE for request " + request.getRequestURI()
+ with client " + request.getHeader("User-Agent"));
   }
}

... or something like that. It might help uncover patterns in dropped
connections. Maybe Igor is right and the problem is some browser (e.g.
MSIE 8) and not necessarily mobile clients.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgPZaAAoJEBzwKT+lPKRYhQoQAKgd26kNQJzv+9GDrJLlDTWk
1c0GCYjLT6ckC4J5cUbnStznl8OeGg6Qyxvk9uN02WKUNtAqfWbbd7LE7B/0zoZp
UiM88GmhMWZNG2ezsX2pn9yJ0CNqTLkVmPPLf6vyxC/FACXb10ACM0MOeCKHQ+pb
+IsX0IPfyvz3TieLWM89cJboHAHn/4Pt6yBvdi/6IBzD8jKzOk1XsGcfwP2Qwq6j
up1U6oer2T6AidhNIrZ1yUStFe1vIujh3FwCmRM9FIgDNeeIrBPkOzMG8TTDju7a
Z7Q1h3xu7gtbh6r/zSM9uj9q2SaunJorOVISrwINZTRSm19UMafzUEzUz6Mz3KNw
XJzVV7Q3gez2pbKwwxOkBlmqXx2JTFPk2Q6Llwddcg7rx5XWg7MOyM/JuYOaQcby
h/ZIkOltZDP9AA2JJMaitay+GJIZiZu0B9ZXtD4snGkZt4+4VouRQi0LE9lNOVgH
8I4W3tcQAo/CExufvtQVJQk/QwE+DFbBtPdNua99qBrtiubtBOHJHTMMMseaj6Ic
cyzGzGR6Y7xOGHb4RzxnjLTFuBLTfsmNC9P2f3362MICIMnMpGQBIrkIydzhIsPI
KEC+gvoS9J1V1JUzwCjwCY3AZc6d7YjF0ubChdjcN5Is3dLECkE1UCiPCNXRiTS/
0YR4TBnfnzIBMlvqY5+D
=ogzq
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat session with uncertain problem

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jose,

On 11/11/13, 8:24 AM, Jose Irrazabal wrote:
> Thanks for the answer, then it can be when generating the session?
> 
> I use a servlet to create the session with the code: *HttpSession
> session = request.getSession ();* Then I add the attributes: 
> *session.setAttribute ("idUser" p_iduser);* *
> session.setAttribute ("username", p_username);* *
> session.setAttribute ("idrol" p_idrol);* And redirected to the page
> "principal.jsp" : *response.sendRedirect ("principal.jsp");* On
> page "principal.jsp", recovery attributes for display: *session =
> request.getSession (false);* * Id_user String = (String)
> session.getAttribute ("idUser");* * String username = (String)
> session.getAttribute ("username");* * Idrol String = (String)
> session.getAttribute ("idrol");*

Note that "session" should be an implicit variable in every page,
already set to the user's session. You should not have to call
request.getSession in your page at all.

> This is where the problem occurred, a user session captured the
> other user sesion,  may then this used procedure is bad?

Usually this kind of thing happens because you have stored a reference
to a HttpServletRequest or HttpSession object somewhere you should not
have.

Can you:

a. Try to reproduce this issue with current Tomcat 7.0.47

b. Create a minimal, simple test WAR that demonstrates your problem
and post it somewhere

This is very unlikely to be a bug in Tomcat, but more likely a bug in
your own code.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgPXYAAoJEBzwKT+lPKRYRl0P/i7xEX9mo05Lmkpd1q2gil3s
jr5+jn10y52heuIPR+kttkjQIYH49l0IqlME3GLsItjTL7m6HoYaQa/CVKY4ksWo
M2ZhXFKQTu0995Dsye8zTAmP5IxDx6ZI2PXmG3crCt4e4G2tjfNNe1WrqLJjvG97
w8jHL/F2J5AA6lLZp+8L3hm4o6mAzDuEnpVsJRB7EKLj06P02PtQG6j6lVleoioj
qIUiSDnYtjurByQahgyXOJnk73ZV/CDX+fTmmezOapk+XmzlRSyRLPDBQRLUfsgp
eqjY02e5RV0yusLZD0M15ENieHOf1e4inhI4eHBn77yRe0y4KU0Q1HjGcKNlpgsN
yTEFQ2Votn/39V6ZEm79ee4rVvcFc9I4J+UqX/4b7OxTffUHa021+3gl1uHIIiNX
TZCOrbQBHXzPD/qhPXk1FjHRm6/SzPwBypcKho+0hc8cPtPa7+O/9gu3gcPRdpgd
O0uKB1Ypqv+729JJuXYk0lDdG+vCsDl3j3tYYGoFmwpWn4UiuTBLMaa/eBLnnIBW
+mfXkpcyADywXcAGgAi94DIRCeP252kO0/+T6E8csroTQF9zi7v/c23CaiBZu5Qw
efs2jC7Iq4IMvBsmNj8CwWAr2O09dur3E40WeRNuV4q4QNxuhFzaV5t7x7VapqmA
eJ9Hk5jgb6qpVbITld8T
=csbX
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Http url connection : server returned http response code 400

[vicky b]

HI All,

  I am  getting server returned http response code 400  when  i run below
code from my tomcat however it works fine when i run it in WAS whch has
proxy server   settings.

URL url = new URL(reqUrl);
HttpURLConnection con = (HttpURLConnection)url.openConnection();
con.setDoOutput(true);
con.setRequestMethod(request.getMethod());
if(request.getContentType() != null) {
  con.setRequestProperty("Content-Type", request.getContentType());
}
  con.setRequestProperty("Referer", request.getHeader("Referer"));
int clength = request.getContentLength();
if(clength > 0) {
con.setDoInput(true);
InputStream istream = request.getInputStream();
OutputStream os = con.getOutputStream();
final int length = 5000;
  byte[] bytes = new byte[length];
  int bytesRead = 0;
  while ((bytesRead = istream.read(bytes, 0, length)) > 0) {
os.write(bytes, 0, bytesRead);
  }
}
  else {
con.setRequestMethod("GET");
  }
out.clear();
  out = pageContext.pushBody();
OutputStream ostream = response.getOutputStream();
System.out.println(" finished getOUTputsteram");
response.setContentType(con.getContentType());
 InputStream in = con.getInputStream();
 final int length = 5000;
  byte[] bytes = new byte[length];
  int bytesRead = 0;
  while ((bytesRead = in.read(bytes, 0, length)) > 0) {
ostream.write(bytes, 0, bytesRead);
  }
-- 



*Thanks & Regards Vickyb*

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

[Howard W. Smith, Jr.]

On Mon, Nov 11, 2013 at 5:41 AM, André Warnier  wrote:

> Howard W. Smith, Jr. wrote:
>
>> On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. <
>> smithh032...@gmail.com> wrote:
>>
>>  Caused by: java.net.SocketTimeoutException
>>> at
>>> org.apache.tomcat.util.net.NioBlockingSelector.write(
>>> NioBlockingSelector.java:127)
>>> at
>>> org.apache.tomcat.util.net.NioSelectorPool.write(
>>> NioSelectorPool.java:174)
>>>  at
>>> org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(
>>> InternalNioOutputBuffer.java:163)
>>>
>>>
>> my apologies, based on this exception (above), I decided to provide you
>> with the following from my tomee/conf/server.xml:
>>
>>
>> > protocol="org.apache.coyote.http11.Http11NioProtocol"
>>maxThreads="150" connectionTimeout="2"
>> acceptorThreadCount="2"
>>redirectPort="8443" socket.directBuffer="false"/>
>>
>>
>> I guess the answer may be the connectionTimeout="..." (above), but still
>> would like to know recommendations of others based on experience with web
>> application serving mobile clients. thanks.
>>
>>
> AFAIK, the "connectionTimeout" above applies specifically to this :
> - the client opens a TCP connection to the server
> - but then the client does not send any request over that connection
> (so the server waits and waits, until that timeout strikes).
> This is a classic way of doing a DoS attack : many clients connect and
> don't send a request (or do it very slowly), tying up server resources
> until the server is overwhelmed.
> In some Connector configurations, this does not necessarily tie up a
> Thread (only a TCP socket), but it does have the potential to tie up
> limited resources.
> The value of 2 above is in milliseconds, so after a connection is
> established, the server will wait up to 20 seconds for a request to be
> received.
> I would not expect nowadays that any client, on any type of connection,
> would take that long to send a request on an established connection.  So I
> would certainly not make it larger, and you can probably reduce it
> significantly, and save resources.
>
>
>
Great, thank you!

I left it as-is and given the situation (which I communicated earlier), I
saw no need to increase the connectionTimeout value. Noted your
recommendation about decreasing the value...for now.

thanks again!

Re: Tomcat session with uncertain problem

[David kerber]

With this code, you're not *creating* a session, you're retrieving the 
session that the user has connected with (request.getSession()). 
Usually this king issue occurs when the variable "session" is stored 
with an inappropriate scope, so that it is accessible from more than one 
class instance.




On 11/11/2013 8:24 AM, Jose Irrazabal wrote:

Thanks for the answer, then it can be when generating the session?

I use a servlet to create the session with the code:
   *HttpSession session = request.getSession ();*
Then I add the attributes:
  *session.setAttribute ("idUser" p_iduser);*
* session.setAttribute ("username", p_username);*
* session.setAttribute ("idrol" p_idrol);*
And redirected to the page "principal.jsp" :
 *response.sendRedirect ("principal.jsp");*
On page "principal.jsp", recovery attributes for display:
  *session = request.getSession (false);*
* Id_user String = (String) session.getAttribute ("idUser");*
* String username = (String) session.getAttribute ("username");*
* Idrol String = (String) session.getAttribute ("idrol");*

This is where the problem occurred, a user session captured the other user
sesion,  may then this used procedure is bad?

thanks


2013/11/11 Mark Thomas 


On 11/11/2013 11:54, Jose Irrazabal wrote:

Hi All,

I use Apache Tomcat/7.0.29 to deploy my applications, and I'm with a
problem of duplicated user session or something, as uncertain occurs

when a

user adquire a session takes of another user and I reported 3 cases of

this

type of security error.


Exactly what problem do you observe?


I need your help to know how the JSESSIONID is generated because I

suspect

that the error is when generated the session. Exemplo: *JSESSIONID*:
5DC89FC25D2CEC391A0EC1D3F07F0941


It is generated from a SecureRandom. That is not going to be the source
of the problem you are seeing.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat session with uncertain problem

[Jose Irrazabal]

Thanks for the answer, then it can be when generating the session?

I use a servlet to create the session with the code:
  *HttpSession session = request.getSession ();*
Then I add the attributes:
 *session.setAttribute ("idUser" p_iduser);*
* session.setAttribute ("username", p_username);*
* session.setAttribute ("idrol" p_idrol);*
And redirected to the page "principal.jsp" :
*response.sendRedirect ("principal.jsp");*
On page "principal.jsp", recovery attributes for display:
 *session = request.getSession (false);*
* Id_user String = (String) session.getAttribute ("idUser");*
* String username = (String) session.getAttribute ("username");*
* Idrol String = (String) session.getAttribute ("idrol");*

This is where the problem occurred, a user session captured the other user
sesion,  may then this used procedure is bad?

thanks


2013/11/11 Mark Thomas 

> On 11/11/2013 11:54, Jose Irrazabal wrote:
> > Hi All,
> >
> > I use Apache Tomcat/7.0.29 to deploy my applications, and I'm with a
> > problem of duplicated user session or something, as uncertain occurs
> when a
> > user adquire a session takes of another user and I reported 3 cases of
> this
> > type of security error.
>
> Exactly what problem do you observe?
>
> > I need your help to know how the JSESSIONID is generated because I
> suspect
> > that the error is when generated the session. Exemplo: *JSESSIONID*:
> > 5DC89FC25D2CEC391A0EC1D3F07F0941
>
> It is generated from a SecureRandom. That is not going to be the source
> of the problem you are seeing.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Reg: Connection pool stats

[Daniel Mikusa]

On Nov 11, 2013, at 12:59 AM, Anu Prab  wrote:

> On Nov 7, 2013, at 11:58 PM, Anu Prab  wrote:
> 
 I am using Tomcat 7.0.42 and Tomcat jdbc pool.
>> 
>>> Just to be perfectly clear, how are you using this?  With a 
>> tag in your Tomcat >configuration or are you creating the pool in your
>> code?  Either way, include the necessary >config or code which shows how
>> you've defined the pool.
>> 
>>> The pool configuration is in context.xml. A sample of the config looks
> like
>> this:
>> 
>>> >> auth="Container"
>>>type="javax.sql.DataSource"
>>> fairQueue="true"
>>>factory=""
> 
>> What factory are you using?  It's important to share.  Without it we don't
> know which pool you're using.
> 
> A customized factory which extends org.apache.tomcat.jdbc.pool.
> DataSourceFactory
> Few minutes, not sure of the exact timing. Yes, all are 0.
> 
>> Also, what happens when you try to get a connection after the pool count
> has dropped to 0?  >Does it get a new connection?  Does it hang waiting?
> Does it generate any error messages?
> 
>> Is there any reason why you might be getting disconnected from the
> database side or from a >firewall in between your application and the
> database?
> 
> I can still get newer connections even after the count drops to 0.
> 
> 
> Hi,
> 
> Also, when I enabled logAbandoned as you suggested, I see this exception
> after about 17-18 minutes.
> 
> org.apache.tomcat.jdbc.pool.ConnectionPool abandon
> WARNING: Connection has been abandoned
> PooledConnection[oracle.jdbc.driver.T4CConnection@2726965a
> ]:java.lang.Exception
>at
> org.apache.tomcat.jdbc.pool.ConnectionPool.getThreadDump(ConnectionPool.java:1065)
>at
> org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:707)
>at
> org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:634)
>at
> org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:188)

This explains the behavior that you're seeing.  It appears that your 
connections are being flagged as abandoned and thus removed from the pool.  

Take a look at the generated stack trace and see what part of your code is 
holding onto the connection.  This could be legitimate, in the case where you 
have a long running process (like a batch job) or it could be a code error 
(like you don't have proper try..catch..finally blocks setup to close 
connections).

Dan

> 
> -Anu


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat session with uncertain problem

[Mark Thomas]

On 11/11/2013 11:54, Jose Irrazabal wrote:
> Hi All,
> 
> I use Apache Tomcat/7.0.29 to deploy my applications, and I'm with a
> problem of duplicated user session or something, as uncertain occurs when a
> user adquire a session takes of another user and I reported 3 cases of this
> type of security error.

Exactly what problem do you observe?

> I need your help to know how the JSESSIONID is generated because I suspect
> that the error is when generated the session. Exemplo: *JSESSIONID*:
> 5DC89FC25D2CEC391A0EC1D3F07F0941

It is generated from a SecureRandom. That is not going to be the source
of the problem you are seeing.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat session with uncertain problem

[Jose Irrazabal]

Hi All,

I use Apache Tomcat/7.0.29 to deploy my applications, and I'm with a
problem of duplicated user session or something, as uncertain occurs when a
user adquire a session takes of another user and I reported 3 cases of this
type of security error.

I need your help to know how the JSESSIONID is generated because I suspect
that the error is when generated the session. Exemplo: *JSESSIONID*:
5DC89FC25D2CEC391A0EC1D3F07F0941

I will appreciate any help. Thanking You!

Re: Getting Error the the Time of deploying .war file

[André Warnier]

Saurabh Saraswat wrote:

Dear all,

I am getting the "Connection was reset error" while deploying the .war file
of my web application on the apache-tomcat server. I am deploying the file
using Tomcat-Manager and its giving the above mentions error after
uploading 50 %.


What is the size of that file ? You may be hitting a maximum upload file size.
( -- maxPostSize)



Can u please tell me the reason of this.
This is the snapshot of error.


Better : check the Tomcat logs. The error should be mentioned there too, probably with an 
explanation.





[image: Inline image 1]



This list strips most attachments, this one did not make it.




 I will appreciate any help. Thanking You!


 *Best Regards,*

*Saurabh Sarasvat*




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Getting Error the the Time of deploying .war file

[Saurabh Saraswat]

Dear all,

I am getting the "Connection was reset error" while deploying the .war file
of my web application on the apache-tomcat server. I am deploying the file
using Tomcat-Manager and its giving the above mentions error after
uploading 50 %.

Can u please tell me the reason of this.
This is the snapshot of error.

[image: Inline image 1]


 I will appreciate any help. Thanking You!


 *Best Regards,*

*Saurabh Sarasvat*

Re: Tomcat setting as a service after installing the binaries

[André Warnier]

Jojy George wrote:

Hi Toni,

Thanks for this info.

I was able to download the files , but i am not sure what else needs to be
done after that? i need to just copy the files to the bin folder? that's
enough? is there anything else i need to do ? recreate the service with
this additional options ? when you say "replace your tomcat6w.exe and
tomcat6.exe respectively" what i need to do with these exe's ?

is there any documentation which you can point me to that would be great.


See here : http://wiki.apache.org/tomcat/FAQ/Windows#Q11




Thanks for your help
'
Regards
Jojy


On Mon, Nov 11, 2013 at 3:16 PM, Antonio Vidal Ferrer <
antonio.vi...@globalia-sistemas.com> wrote:


It seems that you are using 32bits binaries in a 64 bits platform.
Download 64 bits versions of tomcat6.exe and tomcat6w.exe, and replace them.

For doing so, go here:

http://commons.apache.org/proper/commons-daemon/download_daemon.cgi

Select browse download area, then go to binaries, then select windows, and
download file commons-daemon-1.0.15-bin-windows.zip

Inside that zip file, you'll find prunmgr.exe and amd64/prunsrv.exe,
replace your tomcat6w.exe and tomcat6.exe respectively, and restart
service, it should start without further problem.

Hope it works.

Best,

Toni.
On 11/11/13 10:18, Jojy George wrote:


 HI All,

I am trying to set and run tomcat as a service after installing it as
binary instead using the windows installer. But i am not able to start it
after setting it as service, it is giving the below exception when i am
trying to start the tomcat service.

Do anybody has got any idea why this error is coming and anybody has got
any resolution for the same.




[2013-11-11 14:42:44] [info] Service Tomcat6 name Apache Tomcat 6.0
Tomcat6
[2013-11-11 14:42:44] [info] Service Tomcat6 installed
[2013-11-11 14:42:44] [info] Commons Daemon procrun finished.
[2013-11-11 14:42:52] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:42:52] [info] Debugging Service...
[2013-11-11 14:42:52] [info] Starting service...
[2013-11-11 14:42:52] [206  javajni.c] [error] %1 is not a valid Win32
application.
[2013-11-11 14:42:52] [985  prunsrv.c] [error] Failed creating java
C:\jdk1.7.0_15\jre\bin\server\jvm.dll
[2013-11-11 14:42:52] [1280 prunsrv.c] [error] ServiceStart returned 1
[2013-11-11 14:42:52] [info] Debug service finished.
[2013-11-11 14:42:52] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:05] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:05] [info] Updating service...
[2013-11-11 14:43:05] [info] Service Tomcat6 updated
[2013-11-11 14:43:05] [info] Update service finished.
[2013-11-11 14:43:05] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:12] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:12] [info] Updating service...
[2013-11-11 14:43:12] [info] Service Tomcat6 updated
[2013-11-11 14:43:12] [info] Update service finished.
[2013-11-11 14:43:12] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:20] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:20] [info] Updating service...
[2013-11-11 14:43:20] [info] Service Tomcat6 updated
[2013-11-11 14:43:20] [info] Update service finished.
[2013-11-11 14:43:20] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:29] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:29] [info] Running Service...
[2013-11-11 14:43:29] [info] Starting service...
[2013-11-11 14:43:29] [206  javajni.c] [error] %1 is not a valid Win32
application.
[2013-11-11 14:43:29] [985  prunsrv.c] [error] Failed creating java
C:\jdk1.7.0_15\jre\bin\server\jvm.dll
[2013-11-11 14:43:29] [1280 prunsrv.c] [error] ServiceStart returned 1
[2013-11-11 14:43:29] [info] Run service finished.
[2013-11-11 14:43:29] [info] Commons Daemon procrun finished.


Thanks
Jojy




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

[André Warnier]

Howard W. Smith, Jr. wrote:

On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. <
smithh032...@gmail.com> wrote:


Caused by: java.net.SocketTimeoutException
at
org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127)
at
org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174)
 at
org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163)



my apologies, based on this exception (above), I decided to provide you
with the following from my tomee/conf/server.xml:





I guess the answer may be the connectionTimeout="..." (above), but still
would like to know recommendations of others based on experience with web
application serving mobile clients. thanks.



AFAIK, the "connectionTimeout" above applies specifically to this :
- the client opens a TCP connection to the server
- but then the client does not send any request over that connection
(so the server waits and waits, until that timeout strikes).
This is a classic way of doing a DoS attack : many clients connect and don't send a 
request (or do it very slowly), tying up server resources until the server is overwhelmed.
In some Connector configurations, this does not necessarily tie up a Thread (only a TCP 
socket), but it does have the potential to tie up limited resources.
The value of 2 above is in milliseconds, so after a connection is established, the 
server will wait up to 20 seconds for a request to be received.
I would not expect nowadays that any client, on any type of connection, would take that 
long to send a request on an established connection.  So I would certainly not make it 
larger, and you can probably reduce it significantly, and save resources.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat setting as a service after installing the binaries

[Jojy George]

Hi,

I just checked and found out that it was problem with the wrong jdk
version. it was using 32 bit instead of 64 bit and i installed the 64 bit
and that fixed the issue.

Thanks for your help.

Regards
Jojy


R


On Mon, Nov 11, 2013 at 3:35 PM, Jojy George  wrote:

> Hi Toni,
>
> Thanks for this info.
>
> I was able to download the files , but i am not sure what else needs to be
> done after that? i need to just copy the files to the bin folder? that's
> enough? is there anything else i need to do ? recreate the service with
> this additional options ? when you say "replace your tomcat6w.exe and
> tomcat6.exe respectively" what i need to do with these exe's ?
>
> is there any documentation which you can point me to that would be great.
>
> Thanks for your help
> '
> Regards
> Jojy
>
>
> On Mon, Nov 11, 2013 at 3:16 PM, Antonio Vidal Ferrer <
> antonio.vi...@globalia-sistemas.com> wrote:
>
>> It seems that you are using 32bits binaries in a 64 bits platform.
>> Download 64 bits versions of tomcat6.exe and tomcat6w.exe, and replace them.
>>
>> For doing so, go here:
>>
>> http://commons.apache.org/proper/commons-daemon/download_daemon.cgi
>>
>> Select browse download area, then go to binaries, then select windows,
>> and download file commons-daemon-1.0.15-bin-windows.zip
>>
>> Inside that zip file, you'll find prunmgr.exe and amd64/prunsrv.exe,
>> replace your tomcat6w.exe and tomcat6.exe respectively, and restart
>> service, it should start without further problem.
>>
>> Hope it works.
>>
>> Best,
>>
>> Toni.
>> On 11/11/13 10:18, Jojy George wrote:
>>
>>
>>  HI All,
>>>
>>> I am trying to set and run tomcat as a service after installing it as
>>> binary instead using the windows installer. But i am not able to start it
>>> after setting it as service, it is giving the below exception when i am
>>> trying to start the tomcat service.
>>>
>>> Do anybody has got any idea why this error is coming and anybody has got
>>> any resolution for the same.
>>>
>>>
>>>
>>>
>>> [2013-11-11 14:42:44] [info] Service Tomcat6 name Apache Tomcat 6.0
>>> Tomcat6
>>> [2013-11-11 14:42:44] [info] Service Tomcat6 installed
>>> [2013-11-11 14:42:44] [info] Commons Daemon procrun finished.
>>> [2013-11-11 14:42:52] [info] Commons Daemon procrun (1.0.2.0) started
>>> [2013-11-11 14:42:52] [info] Debugging Service...
>>> [2013-11-11 14:42:52] [info] Starting service...
>>> [2013-11-11 14:42:52] [206  javajni.c] [error] %1 is not a valid Win32
>>> application.
>>> [2013-11-11 14:42:52] [985  prunsrv.c] [error] Failed creating java
>>> C:\jdk1.7.0_15\jre\bin\server\jvm.dll
>>> [2013-11-11 14:42:52] [1280 prunsrv.c] [error] ServiceStart returned 1
>>> [2013-11-11 14:42:52] [info] Debug service finished.
>>> [2013-11-11 14:42:52] [info] Commons Daemon procrun finished.
>>> [2013-11-11 14:43:05] [info] Commons Daemon procrun (1.0.2.0) started
>>> [2013-11-11 14:43:05] [info] Updating service...
>>> [2013-11-11 14:43:05] [info] Service Tomcat6 updated
>>> [2013-11-11 14:43:05] [info] Update service finished.
>>> [2013-11-11 14:43:05] [info] Commons Daemon procrun finished.
>>> [2013-11-11 14:43:12] [info] Commons Daemon procrun (1.0.2.0) started
>>> [2013-11-11 14:43:12] [info] Updating service...
>>> [2013-11-11 14:43:12] [info] Service Tomcat6 updated
>>> [2013-11-11 14:43:12] [info] Update service finished.
>>> [2013-11-11 14:43:12] [info] Commons Daemon procrun finished.
>>> [2013-11-11 14:43:20] [info] Commons Daemon procrun (1.0.2.0) started
>>> [2013-11-11 14:43:20] [info] Updating service...
>>> [2013-11-11 14:43:20] [info] Service Tomcat6 updated
>>> [2013-11-11 14:43:20] [info] Update service finished.
>>> [2013-11-11 14:43:20] [info] Commons Daemon procrun finished.
>>> [2013-11-11 14:43:29] [info] Commons Daemon procrun (1.0.2.0) started
>>> [2013-11-11 14:43:29] [info] Running Service...
>>> [2013-11-11 14:43:29] [info] Starting service...
>>> [2013-11-11 14:43:29] [206  javajni.c] [error] %1 is not a valid Win32
>>> application.
>>> [2013-11-11 14:43:29] [985  prunsrv.c] [error] Failed creating java
>>> C:\jdk1.7.0_15\jre\bin\server\jvm.dll
>>> [2013-11-11 14:43:29] [1280 prunsrv.c] [error] ServiceStart returned 1
>>> [2013-11-11 14:43:29] [info] Run service finished.
>>> [2013-11-11 14:43:29] [info] Commons Daemon procrun finished.
>>>
>>>
>>> Thanks
>>> Jojy
>>>
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Tomcat setting as a service after installing the binaries

[Jojy George]

Hi Toni,

Thanks for this info.

I was able to download the files , but i am not sure what else needs to be
done after that? i need to just copy the files to the bin folder? that's
enough? is there anything else i need to do ? recreate the service with
this additional options ? when you say "replace your tomcat6w.exe and
tomcat6.exe respectively" what i need to do with these exe's ?

is there any documentation which you can point me to that would be great.

Thanks for your help
'
Regards
Jojy


On Mon, Nov 11, 2013 at 3:16 PM, Antonio Vidal Ferrer <
antonio.vi...@globalia-sistemas.com> wrote:

> It seems that you are using 32bits binaries in a 64 bits platform.
> Download 64 bits versions of tomcat6.exe and tomcat6w.exe, and replace them.
>
> For doing so, go here:
>
> http://commons.apache.org/proper/commons-daemon/download_daemon.cgi
>
> Select browse download area, then go to binaries, then select windows, and
> download file commons-daemon-1.0.15-bin-windows.zip
>
> Inside that zip file, you'll find prunmgr.exe and amd64/prunsrv.exe,
> replace your tomcat6w.exe and tomcat6.exe respectively, and restart
> service, it should start without further problem.
>
> Hope it works.
>
> Best,
>
> Toni.
> On 11/11/13 10:18, Jojy George wrote:
>
>
>  HI All,
>>
>> I am trying to set and run tomcat as a service after installing it as
>> binary instead using the windows installer. But i am not able to start it
>> after setting it as service, it is giving the below exception when i am
>> trying to start the tomcat service.
>>
>> Do anybody has got any idea why this error is coming and anybody has got
>> any resolution for the same.
>>
>>
>>
>>
>> [2013-11-11 14:42:44] [info] Service Tomcat6 name Apache Tomcat 6.0
>> Tomcat6
>> [2013-11-11 14:42:44] [info] Service Tomcat6 installed
>> [2013-11-11 14:42:44] [info] Commons Daemon procrun finished.
>> [2013-11-11 14:42:52] [info] Commons Daemon procrun (1.0.2.0) started
>> [2013-11-11 14:42:52] [info] Debugging Service...
>> [2013-11-11 14:42:52] [info] Starting service...
>> [2013-11-11 14:42:52] [206  javajni.c] [error] %1 is not a valid Win32
>> application.
>> [2013-11-11 14:42:52] [985  prunsrv.c] [error] Failed creating java
>> C:\jdk1.7.0_15\jre\bin\server\jvm.dll
>> [2013-11-11 14:42:52] [1280 prunsrv.c] [error] ServiceStart returned 1
>> [2013-11-11 14:42:52] [info] Debug service finished.
>> [2013-11-11 14:42:52] [info] Commons Daemon procrun finished.
>> [2013-11-11 14:43:05] [info] Commons Daemon procrun (1.0.2.0) started
>> [2013-11-11 14:43:05] [info] Updating service...
>> [2013-11-11 14:43:05] [info] Service Tomcat6 updated
>> [2013-11-11 14:43:05] [info] Update service finished.
>> [2013-11-11 14:43:05] [info] Commons Daemon procrun finished.
>> [2013-11-11 14:43:12] [info] Commons Daemon procrun (1.0.2.0) started
>> [2013-11-11 14:43:12] [info] Updating service...
>> [2013-11-11 14:43:12] [info] Service Tomcat6 updated
>> [2013-11-11 14:43:12] [info] Update service finished.
>> [2013-11-11 14:43:12] [info] Commons Daemon procrun finished.
>> [2013-11-11 14:43:20] [info] Commons Daemon procrun (1.0.2.0) started
>> [2013-11-11 14:43:20] [info] Updating service...
>> [2013-11-11 14:43:20] [info] Service Tomcat6 updated
>> [2013-11-11 14:43:20] [info] Update service finished.
>> [2013-11-11 14:43:20] [info] Commons Daemon procrun finished.
>> [2013-11-11 14:43:29] [info] Commons Daemon procrun (1.0.2.0) started
>> [2013-11-11 14:43:29] [info] Running Service...
>> [2013-11-11 14:43:29] [info] Starting service...
>> [2013-11-11 14:43:29] [206  javajni.c] [error] %1 is not a valid Win32
>> application.
>> [2013-11-11 14:43:29] [985  prunsrv.c] [error] Failed creating java
>> C:\jdk1.7.0_15\jre\bin\server\jvm.dll
>> [2013-11-11 14:43:29] [1280 prunsrv.c] [error] ServiceStart returned 1
>> [2013-11-11 14:43:29] [info] Run service finished.
>> [2013-11-11 14:43:29] [info] Commons Daemon procrun finished.
>>
>>
>> Thanks
>> Jojy
>>
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat setting as a service after installing the binaries

[Antonio Vidal Ferrer]

It seems that you are using 32bits binaries in a 64 bits platform. 
Download 64 bits versions of tomcat6.exe and tomcat6w.exe, and replace them.


For doing so, go here:

http://commons.apache.org/proper/commons-daemon/download_daemon.cgi

Select browse download area, then go to binaries, then select windows, 
and download file commons-daemon-1.0.15-bin-windows.zip


Inside that zip file, you'll find prunmgr.exe and amd64/prunsrv.exe, 
replace your tomcat6w.exe and tomcat6.exe respectively, and restart 
service, it should start without further problem.


Hope it works.

Best,

Toni.
On 11/11/13 10:18, Jojy George wrote:



HI All,

I am trying to set and run tomcat as a service after installing it as
binary instead using the windows installer. But i am not able to start it
after setting it as service, it is giving the below exception when i am
trying to start the tomcat service.

Do anybody has got any idea why this error is coming and anybody has got
any resolution for the same.




[2013-11-11 14:42:44] [info] Service Tomcat6 name Apache Tomcat 6.0 Tomcat6
[2013-11-11 14:42:44] [info] Service Tomcat6 installed
[2013-11-11 14:42:44] [info] Commons Daemon procrun finished.
[2013-11-11 14:42:52] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:42:52] [info] Debugging Service...
[2013-11-11 14:42:52] [info] Starting service...
[2013-11-11 14:42:52] [206  javajni.c] [error] %1 is not a valid Win32
application.
[2013-11-11 14:42:52] [985  prunsrv.c] [error] Failed creating java
C:\jdk1.7.0_15\jre\bin\server\jvm.dll
[2013-11-11 14:42:52] [1280 prunsrv.c] [error] ServiceStart returned 1
[2013-11-11 14:42:52] [info] Debug service finished.
[2013-11-11 14:42:52] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:05] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:05] [info] Updating service...
[2013-11-11 14:43:05] [info] Service Tomcat6 updated
[2013-11-11 14:43:05] [info] Update service finished.
[2013-11-11 14:43:05] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:12] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:12] [info] Updating service...
[2013-11-11 14:43:12] [info] Service Tomcat6 updated
[2013-11-11 14:43:12] [info] Update service finished.
[2013-11-11 14:43:12] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:20] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:20] [info] Updating service...
[2013-11-11 14:43:20] [info] Service Tomcat6 updated
[2013-11-11 14:43:20] [info] Update service finished.
[2013-11-11 14:43:20] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:29] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:29] [info] Running Service...
[2013-11-11 14:43:29] [info] Starting service...
[2013-11-11 14:43:29] [206  javajni.c] [error] %1 is not a valid Win32
application.
[2013-11-11 14:43:29] [985  prunsrv.c] [error] Failed creating java
C:\jdk1.7.0_15\jre\bin\server\jvm.dll
[2013-11-11 14:43:29] [1280 prunsrv.c] [error] ServiceStart returned 1
[2013-11-11 14:43:29] [info] Run service finished.
[2013-11-11 14:43:29] [info] Commons Daemon procrun finished.


Thanks
Jojy





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat setting as a service after installing the binaries

[Antonio Vidal Ferrer]

It seems that you are using 32bits binaries in a 64 bits platform. 
Download 64 bits versions of tomcat6.exe and tomcat6w.exe, and replace them.


For doing so, go here:

http://commons.apache.org/proper/commons-daemon/download_daemon.cgi

Select browse download area, then go to binaries, then select windows, 
and download file commons-daemon-1.0.15-bin-windows.zip


Inside that zip file, you'll find prunmgr.exe and amd64/prunsrv.exe, 
replace your tomcat6w.exe and tomcat6.exe respectively, and restart 
service, it should start without further problem.


Hope it works.

Best,

Toni.

On 11/11/13 10:18, Jojy George wrote:

%1 is not a valid Win32

Tomcat setting as a service after installing the binaries

[Jojy George]

HI All,

I am trying to set and run tomcat as a service after installing it as
binary instead using the windows installer. But i am not able to start it
after setting it as service, it is giving the below exception when i am
trying to start the tomcat service.

Do anybody has got any idea why this error is coming and anybody has got
any resolution for the same.




[2013-11-11 14:42:44] [info] Service Tomcat6 name Apache Tomcat 6.0 Tomcat6
[2013-11-11 14:42:44] [info] Service Tomcat6 installed
[2013-11-11 14:42:44] [info] Commons Daemon procrun finished.
[2013-11-11 14:42:52] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:42:52] [info] Debugging Service...
[2013-11-11 14:42:52] [info] Starting service...
[2013-11-11 14:42:52] [206  javajni.c] [error] %1 is not a valid Win32
application.
[2013-11-11 14:42:52] [985  prunsrv.c] [error] Failed creating java
C:\jdk1.7.0_15\jre\bin\server\jvm.dll
[2013-11-11 14:42:52] [1280 prunsrv.c] [error] ServiceStart returned 1
[2013-11-11 14:42:52] [info] Debug service finished.
[2013-11-11 14:42:52] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:05] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:05] [info] Updating service...
[2013-11-11 14:43:05] [info] Service Tomcat6 updated
[2013-11-11 14:43:05] [info] Update service finished.
[2013-11-11 14:43:05] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:12] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:12] [info] Updating service...
[2013-11-11 14:43:12] [info] Service Tomcat6 updated
[2013-11-11 14:43:12] [info] Update service finished.
[2013-11-11 14:43:12] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:20] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:20] [info] Updating service...
[2013-11-11 14:43:20] [info] Service Tomcat6 updated
[2013-11-11 14:43:20] [info] Update service finished.
[2013-11-11 14:43:20] [info] Commons Daemon procrun finished.
[2013-11-11 14:43:29] [info] Commons Daemon procrun (1.0.2.0) started
[2013-11-11 14:43:29] [info] Running Service...
[2013-11-11 14:43:29] [info] Starting service...
[2013-11-11 14:43:29] [206  javajni.c] [error] %1 is not a valid Win32
application.
[2013-11-11 14:43:29] [985  prunsrv.c] [error] Failed creating java
C:\jdk1.7.0_15\jre\bin\server\jvm.dll
[2013-11-11 14:43:29] [1280 prunsrv.c] [error] ServiceStart returned 1
[2013-11-11 14:43:29] [info] Run service finished.
[2013-11-11 14:43:29] [info] Commons Daemon procrun finished.


Thanks
Jojy

Re: @ServerEndpoint Guice

[Marko Sanković]

Nick,

Thank you once again. In a servlet injector can be accessed through
getServletContext.getAttribute("Injector")

As you said, I had to implement static method that returns instance of
injector and use it in my EndpointConfiguration to instantiate
ServerEndpoint. This is what I have done:

// The listener installs Guice modules through GuiceServletConfigFactory

public class GuiceServletConfig extends GuiceServletContextListener {
  @Overrideprotected Injector getInjector() {return
GuiceServletConfigFactory.getInjector();}}


// GuiceServletConfigFactory has static method that returns instance of
injector

public class GuiceServletConfigFactory {private static final
Injector injector = Guice.createInjector(new
ServerModule(), new DispatchServletModule());public static
Injector getInjector() {return injector;}}


// ServerEndpoint uses WsEndpointConfiguration to instantiate it

@ServerEndpoint(value = "/wsendpoint", configurator =
WsEndpointConfigurator.class, decoders =
JsonRPCRequestDecoder.class)public class WsEndpoint { ... }


// WsEndpointConfiguration can access injector and use it to instantiate
ServerEndpoint class

public class WsEndpointConfigurator extends Configurator {
@Overridepublic  T getEndpointInstance(Class endpointClass)
  throws InstantiationException {return (T)
GuiceServletConfigFactory.getInjector().getInstance(
endpointClass);}}


The full source code: https://bitbucket.org/markosankovic/wsgwtp

On 7 November 2013 16:44, Nick Williams wrote:

>
> On Nov 6, 2013, at 4:24 PM, Marko Sanković wrote:
>
> > Nick, thanks for your quick response.
> >
> > Unfortunately, specifying javax.websocket.server.ServerEndpointConfig.
> > Configurator is still not enough. This is what I have tried so far:
> >
> > @ServerEndpoint(value = "/wsendpoint", configurator =
> > WsEndpointConfigurator.class)
> > public class WsEndpoint {
> >@Inject
> >InjectedSimpleBean injectedSimpleBean;
> >...
> > }
> >
> > and the WsEndpointConfigurator.java:
> >
> > public class WsEndpointConfigurator extends Configurator {
> >
> >@Inject
> >Injector injector;
> >
> >@Override
> >public  T getEndpointInstance(Class endpointClass)
> >throws InstantiationException {
> >return (T) injector.getInstance(endpointClass);
> >}
> > }
> >
> > As expected attribute injector is null. To my understanding configurator
> > has to be instantiated through guice, same for the class that
> instantiates
> > configurator (ServerEndpointConfig). How can I do that?
> >
> > Tyrus has the sample of what I really need:
> > https://tyrus.java.net/documentation/1.3/user-guide.html#d0e1075. In my
> > case, I have to achieve that with Google Guice and Tomcat 7.0.47.
> >
> > Thanks
>
> Marko,
>
> Guice is not going to be able to instantiate your WsEndpointConfigurator,
> so you cannot have your Injector injected. The same problem exists with
> Spring's SpringConfigurator. The container, not the framework, instantiates
> it. The solution is to call some static method to "look up" the injector.
> For SpringConfigurator, that means calling
> ContextLoader.getCurrentWebApplicationContext() and using the returned
> ApplicationContext to instantiate the endpoint. I do not know what the
> equivalent is in Guice because I have never used Guice before. However, I'm
> sure Guice has something similar. It wouldn't be very flexible if it didn't.
>
> Nick
>
> >
> > On 6 November 2013 16:23, Nick Williams  >wrote:
> >
> >>
> >> On Nov 6, 2013, at 7:55 AM, Marko Sanković wrote:
> >>
> >>> Hi,
> >>>
> >>> For the last couple of hours I've been trying to inject a simple object
> >>> into the class that is @ServerEndpoint annotated.
> >>>
> >>> As stated: Tomcat implements the Java WebSocket 1.0 API defined by
> >> JSR-356.
> >>>
> >>> I'm using Guice as dependency injection framework and Tomcat 7.0.47.
> >>>
> >>> This is how my websocket server endpoint looks like:
> >>>
> >>> ...
> >>> import com.google.inject.Inject;
> >>> ...
> >>> @ServerEndpoint("/wsendpoint")
> >>> public class WsEndpoint {
> >>>
> >>>   @Inject
> >>>   InjectedSimpleBean injectedSimpleBean;
> >>>
> >>>   ...
> >>> }
> >>>
> >>> I can connect to this endpoint, send and receive messages, but
> >>> injectedSimpleBean attribute is null (as expected).
> >>>
> >>> I guess I will have to change the
> >>> way
> >>
> java/org/apache/tomcat/websocket/server/DefaultServerEndpointConfigurator.java
> >>> instantiates endpoint class, the getEndpointInstace method will have to
> >>> call something like:
> >>>
> >>> injector.getInstance(clazz);
> >>>
> >>> but, then again the DefaultServerEndpointConfiguration will also have
> be
> >>> instantiated by the injector.
> >>>
> >>> Any help would be appreciated. Thanks
> >>
> >> Changing the Tomcat-specific class won't be necessary. You can do this
> >> with just the API. In your @ServerEndpoint annotation, you need to
> specify
> >> a d