Re: EOFException in AjpNioProcessor
Jesse Barnum wrote: On Dec 18, 2013, at 1:40 PM, André Warnier a...@ice-sa.com wrote: Jesse Barnum wrote: On Dec 18, 2013, at 12:27 PM, Jesse Barnum jsb_tom...@360works.com wrote: I'm seeing this error a lot in my log files. It happens when I am trying to read from the request InputStream. Should I be concerned about this, or is it just the equivalent of the user clicking 'stop' in their browser? SEVERE: An error occurred while handling request /WSMRegister/LicenseCheck/handshake java.io.EOFException Forgot to mention, I'm running version 7.0.35 on Ubuntu Linux on Amazon EC2. Well, it seems that you have the explanation right there. If com.prosc.licensecheck.LicenseCheck.doPost is your code, then that's where the problem is : you are trying to read from the request input stream, when there is no more data to read and you have already seen it's EOF. Why there is no more data to read is another question, and it could be that the client did something wrong. But the code in those classes who do the read, obviously is not coping well with that case. Yes, com.prosc.licensecheck.ListCheck.doPost is my code. It would not be hard to catch the exception there and ignore it. I guess another way to phrase the question is, what would cause a java.io.EOFException to get thrown? I don't want to ignore it if it's trying to tell me something important. I am used to seeing ClientAbortException: java.net.SocketException: Broken pipe. Is the EOFException basically the same thing? My concern is that there might be some misconfiguration between the Apache front end and the Tomcat NIO connector that might be causing it. First I will state that I am not a Java specialist, so take the following with a grain of caution. This being said, I believe that these two exceptions mean two different things. A broken pipe exception occurs when your program can legitimately expect more data to be present on the stream being read, tries to read it, and gets back an error because the stream, unexpectedly, does not exist anymore (typically, because the other party supposed to write to that stream has gone away without warning). An EOF exception is different : you are reading from a stream. At some point, the read() returns an EOF condition, indicating that no more data is present. That's not an exception yet, it is a normal condition for which you should be testing, and when it occurs you should stop reading. (I do not remember precisely how your code should test for this in Java. It may be that an EOF is indicated by the fact that the read() returns 0 bytes. Or maybe you should test explicitly by means of something like if (stream.eof) then ..) after each read(). But you do NOT stop reading, and you do one more read() nevertheless. /Then/ you get this exception, because now, you are trying to read /past/ the end of the file/stream (EOF). (It's like : you are approaching train-track crossing; you see the red light, and you should stop; but you don't, and you proceed nevertheless. The EOF exception is the train that happens to be passing just then). Note that it may not be directly your code per se which already reads the request input-stream and already reaches the EOF. An earlier call to HttpServletRequest.getParameters() for example, would trigger the reading of the whole body of a POST request, to parse the POST parameters, and would already leave the request input-stream at EOF, before you even try your first explicit read(). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: EOFException in AjpNioProcessor
André Warnier wrote: Jesse Barnum wrote: On Dec 18, 2013, at 1:40 PM, André Warnier a...@ice-sa.com wrote: Jesse Barnum wrote: On Dec 18, 2013, at 12:27 PM, Jesse Barnum jsb_tom...@360works.com wrote: I'm seeing this error a lot in my log files. It happens when I am trying to read from the request InputStream. Should I be concerned about this, or is it just the equivalent of the user clicking 'stop' in their browser? SEVERE: An error occurred while handling request /WSMRegister/LicenseCheck/handshake java.io.EOFException Forgot to mention, I'm running version 7.0.35 on Ubuntu Linux on Amazon EC2. Well, it seems that you have the explanation right there. If com.prosc.licensecheck.LicenseCheck.doPost is your code, then that's where the problem is : you are trying to read from the request input stream, when there is no more data to read and you have already seen it's EOF. Why there is no more data to read is another question, and it could be that the client did something wrong. But the code in those classes who do the read, obviously is not coping well with that case. Yes, com.prosc.licensecheck.ListCheck.doPost is my code. It would not be hard to catch the exception there and ignore it. I guess another way to phrase the question is, what would cause a java.io.EOFException to get thrown? I don't want to ignore it if it's trying to tell me something important. I am used to seeing ClientAbortException: java.net.SocketException: Broken pipe. Is the EOFException basically the same thing? My concern is that there might be some misconfiguration between the Apache front end and the Tomcat NIO connector that might be causing it. First I will state that I am not a Java specialist, so take the following with a grain of caution. This being said, I believe that these two exceptions mean two different things. A broken pipe exception occurs when your program can legitimately expect more data to be present on the stream being read, tries to read it, and gets back an error because the stream, unexpectedly, does not exist anymore (typically, because the other party supposed to write to that stream has gone away without warning). An EOF exception is different : you are reading from a stream. At some point, the read() returns an EOF condition, indicating that no more data is present. That's not an exception yet, it is a normal condition for which you should be testing, and when it occurs you should stop reading. (I do not remember precisely how your code should test for this in Java. It may be that an EOF is indicated by the fact that the read() returns 0 bytes. Or maybe you should test explicitly by means of something like if (stream.eof) then ..) after each read(). But you do NOT stop reading, and you do one more read() nevertheless. /Then/ you get this exception, because now, you are trying to read /past/ the end of the file/stream (EOF). (It's like : you are approaching train-track crossing; you see the red light, and you should stop; but you don't, and you proceed nevertheless. The EOF exception is the train that happens to be passing just then). Note that it may not be directly your code per se which already reads the request input-stream and already reaches the EOF. An earlier call to HttpServletRequest.getParameters() for example, would trigger the reading of the whole body of a POST request, to parse the POST parameters, and would already leave the request input-stream at EOF, before you even try your first explicit read(). Just adding something, to make the distinction clearer still: These 2 exceptions are really different, in the sense that - for the broken pipe exception, there is essentially nothing that your code can do about it, other than catching the exception and trying to recover cleanly from it. That the client writing to the socket that you are reading, would suddenly abort and go away, is not something that you can control. - for the EOFexception however, it indicates that you do something wrong in your logic. You should not be trying to read from that stream anymore, because - either you already got a warning that it was at EOF, and you just ignored it - or else you are not properly testing for EOF while reading In this case, just catching the exception and ignoring it is not really the right thing to do. You should fix the logic that causes it to happen. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: EOFException in AjpNioProcessor
HI André, -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Sunday, December 22, 2013 12:25 PM To: Tomcat Users List Subject: Re: EOFException in AjpNioProcessor I guess another way to phrase the question is, what would cause a java.io.EOFException to get thrown? I don't want to ignore it if it's trying to tell me something important. I am used to seeing ClientAbortException: java.net.SocketException: Broken pipe. Is the EOFException basically the same thing? My concern is that there might be some misconfiguration between the Apache front end and the Tomcat NIO connector that might be causing it. First I will state that I am not a Java specialist, so take the following with a grain of caution. This being said, I believe that these two exceptions mean two different things. A broken pipe exception occurs when your program can legitimately expect more data to be present on the stream being read, tries to read it, and gets back an error because the stream, unexpectedly, does not exist anymore (typically, because the other party supposed to write to that stream has gone away without warning). An EOF exception is different : you are reading from a stream. At some point, the read() returns an EOF condition, indicating that no more data is present. That's not an exception yet, it is a normal condition for which you should be testing, and when it occurs you should stop reading. (I do not remember precisely how your code should test for this in Java. It may be that an EOF is indicated by the fact that the read() returns 0 bytes. Or maybe you should test explicitly by means of something like if (stream.eof) then ..) after each read(). But you do NOT stop reading, and you do one more read() nevertheless. /Then/ you get this exception, because now, you are trying to read /past/ the end of the file/stream (EOF). (It's like : you are approaching train-track crossing; you see the red light, and you should stop; but you don't, and you proceed nevertheless. The EOF exception is the train that happens to be passing just then). Note that the reason for a EOFException is slightly different than just reading from a stream when there is no more data present. In Java (and .Net), when you read from a Stream which is finished (there is no more data present), read() returns -1. Even when you repeatedly call read(), you will still get -1, but no exception. Normally you do just while ((read = input.read(buffer)) 0) { ...} to test for the end of stream/data. An EOFException however indicates that a higher logic was processing data but unexpectedly received the end of stream. In this case, it is the AjpNioProcessor which reads from the AJP connection and expects further AJP packets from the client, but the client unexpectedly closes the exception instead of sending the required packets. This is why the EOFException is thrown. This can indicate either a problem with the connection between Tomcat and the AJP client (e.g. mod_jk, ISAPI redirector etc.), but I suspect the AJP client intentionally closes the connection if e.g. the HTTP client which connected to the outer Webserver (HTTPD, IIS) aborted the HTTP connection (or there was some other error) so this error is reflected at Tomcat (which can therefore throw this exception). Otherwise Tomcat or the Webappp would not know that there was an error and if it e.g. was sending a 10 GB file, it would continue to send it. So, the EOFException here is not caused by an error in the code, but it should probably be catched (like an IOException) to properly handle it. Regards, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Some security-related questions / enhancements for the Windows Installer
Hi André, thanks for your reply. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Thursday, December 19, 2013 5:17 PM To: Tomcat Users List; kpreis...@apache.org Subject: Re: Some security-related questions / enhancements for the Windows Installer snip Hi. In the meantime, I checked on my (venerable and also German) Windows XP SP3 laptop, and the LocalService and NetworkService accounts also exist indeed, although under the names NETZWERKDIENST and LOKALER DIENST (as written, capitals and all). So Jeffrey was right, but you'd probably need to use their SID and find out the non-localised names. I attach a screenshot of the dialog under XP, changing the startup user of the Tomcat 6 service to start under LOKALER DIENST. The list will probably skip it, but I copied you directly too. (The funny thing is that it tends to imply that the account LOKALER DIENST under XP, does not by default have the permissions required to run a local service..) Thanks, I recevced it. This message also showed on my system (Server 2012 R2) when changing the user to Local Service. It could even be started and stopped, without any further file permissions changes : [2013-12-19 17:07:34] [info] Procrun (2.0.6.0) started [2013-12-19 17:07:34] [info] Running Service... [2013-12-19 17:07:34] [info] Starting service... [2013-12-19 17:07:45] [info] Service started in 11500 ms. [2013-12-19 17:07:58] [info] Stopping service... [2013-12-19 17:08:00] [info] Service stopped. [2013-12-19 17:08:00] [info] Run service finished. [2013-12-19 17:08:00] [info] Procrun finished. So personally too, I think it may be a good idea to install Tomcat as LocalService rather than LocalSystem in the future. If only because it reduces the permissions of Tomcat, and thus theoretically the possibility of mischief by Tomcat apps. I also could start Tomcat when changing the user of the service to Local Service, however without any further file permission changes, Tomcat has no write access to its directory preventing it from working correctly (e.g. it cannot write log files, and Jasper shows HTTP Status 500 - java.lang.IllegalStateException: No output folder errors). So, if Tomcat is set up to run on an non-administrative account like Local Service, one must ajust the file permissions so that this user has full access to the Tomcat directory. I have not yet looked into how the build of the installer works (res/Tomcat.nsi) (e.g. if it has an option to change file permissions, or if one would need to run icacls.exe directly), and if its possible to specify the user under wich Tomcat should run (as I guess the installation of the service is done by Commons Daemon). Regards, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] EOFException in AjpNioProcessor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 12/22/13, 8:54 AM, Konstantin Preißer wrote: Note that the reason for a EOFException is slightly different than just reading from a stream when there is no more data present. In Java (and .Net), when you read from a Stream which is finished (there is no more data present), read() returns -1. Even when you repeatedly call read(), you will still get -1, but no exception. Normally you do just while ((read = input.read(buffer)) 0) { ...} to test for the end of stream/data. It's important to note for beginners that you want the comparison operator to be = and not just . If you use 0 than you run the risk of attempting to read from a stream that has stalled and getting zero bytes (and stopping) when there may future bytes on the stream. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSt50SAAoJEBzwKT+lPKRYClgP/ifi8rNiMQ46G+7YqA6tX9Y6 YNShZN1SPQ3AC6onDjYpxoR5EgDxP+gw48nYUyQdrjt4L7q8osTN3ahicS4ru4L9 EEqRwI9rcxKvhiecUozcZoNhBESes6NVDhJUi8tRSS5l8c+m3wMA5unhcfHKAltM 0P+yQdeobVeNaWFtB1GZQM7ocRB3GJ8oHpnSM1aXo4NOIsVsjKXL9za/z/0wftVg c7eLUs3UCO4EDGv2VY6E6HLAyW1bUBiOgU+RchPyXfdcslDnH1MhblaOPFdiAKyO h8tjaPvlzfmKSz5qSGLKOsjAl5PO3Rt+y2KdTwzzetANzSkAl3HR0OEvqzHstnPM 2kaFLkIxUij44aaFQKZ9SAzLES1F51sbU5VrAaiRTILR/NWe7Tst2WcJgL/0kkHa vGIIpfxGRIgDcAG8XhLEKX8JHZj+vwaQCflJ3Os/yTzSW0HpRv+Dq5HRVruhnue7 os4wnVr0JIMoBvDMfS2W6U/uBbARgJKvQLozRnOqTrGmK2qC/AGH40R8Ax/EYplK CJvktEc9iCRMexs8C0rKUM7YSnU0fswu3gwYa1lrP6M3rwIjadsp3qKXWDWO7thB OKeSYogIiIxVLgS98kbN9i1Jb1TT3XWsdCSSUkvPY5UtKlUPM3EvUZpOeZP/EDTS OtjJydoSZ0SfeYIu+WDj =rc4j -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org