Re: Compressed SVG support (*.svgz) in Tomcat

2014-01-02 Thread David Law

Chris,

thanks for that. :-)

I'm starting a new project today, so I'll have
to wait til weekend to try out the Rule.

Marks Filter was nearly right: just needed to move the
chain.doFilter(request, response); // (invokes 
DefaultServlet.serveResource(...))

AFTER
((HttpServletResponse) response).addHeader(Content-Encoding, gzip);

Apart from that there's another workaround: I got a change
through in 2011 to PrimeFaces to allow setting Content-Encoding
for StreamedContent, so with a suitable BackingBean for
p:graphicImage it works since PrimeFaces v3.4.3.

All the Best,
DaveLaw

On 01/01/2014 19:36, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

avid,

On 12/31/13, 10:43 AM, David Law wrote:

there's nothing to debate: the standard says svgz's need
Content-Encoding: gzip so thats what we have to do.

At this rate, we'll never get the Internet finished by Easter...

https://issues.apache.org/bugzilla/show_bug.cgi?id=55945

It just occurred to me that you could also use urlrewrite[1] to do
this. If you configure the Filter to match only .svgz files, then I
think you only need this configuration:

rule
   set type=response-header name=Content-Encodinggzip/set
/rule

If you want to map the filter to more than that, then you'll want to
predicate the rule using from:

rule matchtype=wildcard
   from*.svgz/from
   set type=response-header name=Content-Encodinggzip/set
/rule

I haven't tested any of this. It will probably require some tweaking.

I was going to add an enhancement request to Bugzilla for a Filter
like the one Mark wrote, but I figured that urlrewrite could do it,
too. Perhaps such a filter would still be a good example.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55946

- -chris

[1] http://www.tuckey.org/urlrewrite/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSxGAWAAoJEBzwKT+lPKRYYhEQAI4/5XoPs05NXaxViPMTn+en
UuLyjnzfbCS85Szr+PaoAFze2f8UwOpRpBYk+Xy9Gms6Zs/Nr+STDiDZ2MxiPw6K
LoKPxQJIh4Lt54kD6OuqdO1dr5Umf1Bs2cQ2k2o2ntK1BwV7hw+UOSVSLGEq4biM
ByG2YCttB4dR5elL2ykjjgxpiqlCbeYS5iWQTtAoKX78jM0Ti7nuLwn51oYCrAgS
VNz73VXm8NFM1y5sxbmUsqmm28HrXWjk0B5kaqeT7xRwCxkuvNf7eHvfCu/qIE/c
2EiEbMaEij2kk9Geldo+Tn6pmXM6gVAOeqTQwylqhOe34mWd8iLsp3QF5erc+XgQ
ktcQoNfPcnUulFmIm+EAg4HUyvLwE0RIXj/yRAs3CbvUupgxeyxO/yLcdukaKh+O
7cT5JKPBFm0uoUjZW0OcDfkvND2r4PvcRrSeauH6yUMuDsAocDQbUTD+n89NPbVh
iVvQsxNLY1x2Eu5cJ1niMpR6HRtGjyusZVQyBW5M4q1p9im100eTIW3MXcviB4xr
c3uOo/D73Xci5h+MjfFY8KAgjsw2KMCgIGuzVYU5c3CHG5hVk4OPAFXMtIP/NE83
ORE4PJbdTad/oQaPd4I5r2ugcPZno4GFIB67IOxgy3MZgsoX9Y81B0vU8AsK1fj9
G8XTtkNXOibqh2rX/06T
=54if
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



System.out.println statements not captured in catalina.out

2014-01-02 Thread Tapajyoti Roybarman
Hi,

I need to record all debug statements (System.out.println(xyz)) from my 
application in catalina.out log. When I start Tomcat it creates the log 
file and only records statements till the server startup. But after that, 
none of the System.out.println() statements present in my JSPs get 
recorded in catalina.out file. Though I can see these statements in the 
Tomcat console.

Tomcat Version : apache-tomcat-7.0.27

OS : Windows 7

I am attaching few files which might be of some help.

logging.properties -- present in tomcat/conf

catalina.2013-12-31.log -- example, so that you can see what gets 
generated. Present in tomcat/logs

log4j.properties -- present in tomcat/webapps/myapp/WEB-INF/classes

  

I have seen the documentation present in 
http://tomcat.apache.org/tomcat-7.0-doc/logging.html But, the problem is 
that I can only use the default configuration (JULI). I cannot go for any 
other option. So, I need to find out a way using my current configuration 
only.

Thanks in advance.

Best Regards,
Tapajyoti 
=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Java to JavaScript RMI framework available.

2014-01-02 Thread Johan Compagner
does it also do the other way around?
So also having the endpoint on the server that has methods that can be
called from javascript in a very easy way?



On 31 December 2013 01:55, Igor Urisman igor.uris...@gmail.com wrote:

 Folks,

 I needed to write this for something I am working on and thought there
 might be a wider audience for it.
 Tomcat 8 supports standard compliant Websockets, which provide convenient
 asynchronous full-duplex
 server to client data transport. The framework I am offering builds on top
 of that a feature rich remote
 method invocation paradigm.  Please check it out.

 https://github.com/iurisman/FERMI
 Apache 2.0 license.

 Happy coding.
 Igor.




-- 
Johan Compagner
Servoy


All worker threads of my tomcat have been occupied!

2014-01-02 Thread Benimaur Gao
hi, all

I found my tomcat refusing to work this morning.
I tried jstack to get some info, and then I found a lot of thread call
stack like:

http-8082-154 daemon prio=10 tid=0x7f711c21f800 nid=0x5b0a waiting on
 condition [0x7f70dc887000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
 at java.lang.Thread.sleep(Native Method)
 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:132)
 at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
 at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
 at
 org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
 at
 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
 at
 org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
 at java.lang.Thread.run(Thread.java:662)



Actually, when I used grep to get more clue
# grep -B5 -A7 org.apache.catalina.valves.ErrorReportValve.invoke 14446.dump

I got:

Dump File: 14446.dump.1388636053
 execute external commands: ^[[01;31mgrep -B5 -A7
 org.apache.catalina.valves.ErrorReportValve.invoke^[[00m
 http-8082-200 daemon prio=10 tid=0x7f711c14b000 nid=0x6a52 waiting
 on condition [0x7f70d9a59000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
 at java.lang.Thread.sleep(Native Method)
 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:132)
 at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
 at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
 at
 org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
 at
 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
 at
 org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
 at java.lang.Thread.run(Thread.java:662)

 http-8082-199 daemon prio=10 tid=0x7f711c148800 nid=0x69f3 waiting
 on condition [0x7f70d9b5a000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
 at java.lang.Thread.sleep(Native Method)
 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:132)
 at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
 at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
 at
 org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
 at
 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
 at
 org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
 at java.lang.Thread.run(Thread.java:662)

 http-8082-198 daemon prio=10 tid=0x7f711c146000 nid=0x6992 waiting
 on condition [0x7f70d9c5b000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
 at java.lang.Thread.sleep(Native Method)
 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:132)
 at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
 at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
 at
 org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
 at
 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
 at
 org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
 at java.lang.Thread.run(Thread.java:662)
 ... ...

 http-8082-2 daemon prio=10 tid=0x7f711c002800 nid=0x38a4 waiting on
 condition [0x7f7124b7a000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
 at java.lang.Thread.sleep(Native Method)
 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:132)
 at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
 at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
 at
 

Re: JSVC error

2014-01-02 Thread Brett Delle Grazie
Hi,

On 2 January 2014 07:02, vicky vicky007aggar...@yahoo.co.in wrote:


 I've build the JSVC on same machine over which I m running my tomcat
 instance

 I have compiled the JSVC in the following manner but still i'm getting
 the  Segmentation fault  exception while executing the startup script,
 please suggest how to fix this:-

 Step1:
  export CFLAGS=-arch i386 -arch x86_64
  export LDFLAGS=-arch i386 -arch x86_64


I think you should only use one of these 'arch' commands, not both. Most
makefile based systems can only build for one architecture at a time.
The architecture of JSVC chosen should match that of your JVM.


 Step2:
 cd /root/test/commons-daemon-1.0.14-native-src/unix
  ./configure
 ++=
 *** Current host ***
 checking build system type... x86_64-unknown-linux-gnu
 checking host system type... x86_64-unknown-linux-gnu
 checking cached host system type... ok
 *** C-Language compilation tools ***
 checking for gcc... gcc
 checking for C compiler default output file name... a.out
 checking whether the C compiler works... yes
 checking whether we are cross compiling... no
 checking for suffix of executables...
 checking for suffix of object files... o
 checking whether we are using the GNU C compiler... yes
 checking whether gcc accepts -g... yes
 checking for gcc option to accept ANSI C... none needed
 checking for ranlib... ranlib
 checking for strip... strip
 *** Host support ***
 checking C flags dependant on host system type... ok
 *** Java compilation tools ***
 checking for JDK os include directory...  linux
 gcc flags added
 checking for cap_init in -lcap... no
 *** Writing output files ***
 configure: creating ./config.status
 config.status: creating Makefile
 config.status: creating Makedefs
 config.status: creating native/Makefile
 *** All done ***
 Now you can issue make
 ++
 Step3:
 make
  +command output +=
 (cd native; make  all)
 make[1]: Entering directory
 `/root/test/commons-daemon-1.0.14-native-src/unix/native'
 gcc -m64  jsvc-unix.o libservice.a -ldl -lpthread -o ../jsvc
 make[1]: Leaving directory
 `/root/test/commons-daemon-1.0.14-native-src/unix/native'
 +++


  Vicky
 From: André Warnier a...@ice-sa.com
 To: Tomcat Users List users@tomcat.apache.org
 Sent: Tuesday, 31 December 2013 8:34 PM
 Subject: Re: JSVC error


 vicky wrote:
  Even after defining the $CATALINA_PID  $JAVA_HOME variable , i'm still
 the getting segmentation error(detailed error mentioned below)
 

 In my experience, a segmentation fault often occurs when the *binary*
 that you are
 trying to run, is not made for the platform on which you are trying to run
 it.
 For example, you try to use under Solaris a binary made for Linux; or
 trying to run a
 64-bit binary on a 32-bit platform.  Stuff of that kind.
 So, are you sure that the jsvc that you're using matches your platform ?
 What about file (path_to)/jsvc ? what does it say ?



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
Kind regards,

Brett Delle Grazie


Re: Single error page for multiple web applications

2014-01-02 Thread Maarten van Hulsentop
Thank you all for your input!
I do realize that our use case is somewhat odd, as we have multiple webapps
that have shared resources and are related in that sense.
For now, we should go for the duplication of resources (using Tomcat 7).
However, the webAppMount option looks like a fair option to me, once we
have migrated to Tomcat 8.

Regards,

Maarten



2014/1/1 Christopher Schultz ch...@christopherschultz.net

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Leo,

 On 12/31/13, 3:58 PM, Leo Donahue wrote:
  On Dec 31, 2013 3:15 AM, Maarten van Hulsentop
  maar...@vanhulsentop.nl wrote:
 
  Hello,
 
  We are using Tomcat to host a number of web applications as a
  uniform solution. We trying to implement something that seems to
  be an odd requirement, evh it is really a use case for us.
 
  We would like to define a single [default] error page for all
  web applications residing on this Tomcat instance. After some
  experimentation and googling around, it seems that there is no
  clear-cut solution for
  this.
  I see a few options;
 
  - Let the global conf/web.xml define error pages for all web
  applications at once. However these are always relative to the
  web application context, and require every web application to
  pack the error pages again, which is
  a
  duplicate of resources and defeats the DRY principle.
 
  I asked a question similar to this a while back regarding JSF
  templates.
 
  If you pick a location to share this resource among all web apps,
  then your web apps aren't self contained.
 
  The solution is in your build / deploy process.

 +1

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJSxGvAAAoJEBzwKT+lPKRYWxsQALL6eBfL6J9Gv1Lkw1YY4sHo
 BmVEDiOW2fKpI8U7XJgWeGOJosN0Pd7hrBh4NP8KZtqP8Xx+t7yf+R0iIaftp6a9
 cN237abc629k5x8k3Cg5XwY94mVMVYRTbLu4BnlsERVCVskw+A4dhcAfwwdJRykc
 fg0FbLN0WV33uYz7zFsSl0hxP2Yhxl1ZQBocn8OgwdiEkO17K6NLZhfD54AX3W5i
 CfyXRImO6hdpHg3+XTgEQvyfP0/Ydw4n7B8XqRBN9fjOWc2hQp+SYR6Th8BrPWz1
 tRLDR07SmN3BlwSikAiiX7tibzWAfLBK5ENDJ2nUVWhAlp4A9Hbz6W+eOrHu1Bzy
 ghYVs+MMWqd0axBomKVvBq4giL1jhSB2fMno6HdLup/+FF4cdGmfK3eWM5h15rwq
 +hoXjJguZIA2riKlbn5oPKYTEpiP65ufZ5Wa2ylY5KOgQTvENYWgYNj/3p3E9gQY
 PIh9IFUjSXaeG4dZnx9ouUNGO8cBaFPYiBfTaaPyY0DRsatV96z6zCKu249GEcgM
 GZ1gumDJN0mbfsUayqGfBkhneUi83xwDItejjYxyhlxMv3bYesMxGcnmH1bN5UlC
 n/s438m6CpfvIVTq/aQH0AZqStOeVKR5uBX6nqF+yFb7IWa2XpbVonAjYjlsVMDk
 IaUOf1dAf8ISd41svgSc
 =qThL
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: max_packet_size for data in mod_jk

2014-01-02 Thread Rainer Jung
On 31.12.2013 18:44, frenchc44 wrote:
 Due to large payloads, we wanted to increase the max_packet size of the
 mod_jk/ajp layer in order to see if it will help with performance. However,
 it appears the max_packet_size for non- header requests is capped at 8192
 bytes despite the documentation stating that it should be 65536. I am using
 mod_jk version 1.2.31 
 
 [Tue Dec 31 11:54:09 2013][12492:12640] [debug]
 ajp_connection_tcp_send_message::jk_ajp_common.c (1145): sending to ajp13
 pos=4 len=8192 max=16384
 
 Here is some code from jk_ajp_common.c that sets the max size but appears to
 ignore the max_packet_size...
 
 Line 1708:  if (ae-left_bytes_to_send  0) {
 int len = AJP13_MAX_SEND_BODY_SZ;
 if (ae-left_bytes_to_send 
 (jk_uint64_t)AJP13_MAX_SEND_BODY_SZ) {
 len = (int)ae-left_bytes_to_send;
 }
 
 Any help would be much appreciated. 

That's quite possible. The original problem that was solved with
max_packet_size was big headers, because the AJP protocol needs to fit
all headers into one AJP packet. The problem arose when people were
using https and client certs and wanted to forward client cert details
from Apache to Tomcat. Then often 8KB were not enough.

Are you sure, that bigger AJP packets will be a significant win in your
situation? Request and response bodies are streamed, so there is no
obvious limitation and packets will be relayed as data comes in.

I'm willing to look into how easy it would be to making max_packet_size
work even for other packets (in combination with packetSize on the
Tomcat side), but would like to first understand better why you think it
would make a noticeable difference for you.

Regards,

Rainer


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: max_packet_size for data in mod_jk

2014-01-02 Thread frenchc44
Thanks Rainer.  To be honest, we don't really know what to expect from a
larger packet size, but we think it could only help since it would reduce
round trips between apache/tomcat.  My main objective with this thread is to
confirm my suspicion that the max_packet_size is not for request post data
and rather for header. 



--
View this message in context: 
http://tomcat.10.x6.nabble.com/max-packet-size-for-data-in-mod-jk-tp5009929p5009990.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: JSVC error

2014-01-02 Thread Mark Eggers

On 1/1/2014 11:02 PM, vicky wrote:


I've build the JSVC on same machine over which I m running my tomcat instance

I have compiled the JSVC in the following manner but still i'm getting the  
Segmentation fault  exception while executing the startup script, please 
suggest how to fix this:-

Step1:
  export CFLAGS=-arch i386 -arch x86_64
  export LDFLAGS=-arch i386 -arch x86_64
Step2:
cd /root/test/commons-daemon-1.0.14-native-src/unix
  ./configure
++=
*** Current host ***
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking cached host system type... ok
*** C-Language compilation tools ***
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for ranlib... ranlib
checking for strip... strip
*** Host support ***
checking C flags dependant on host system type... ok
*** Java compilation tools ***
checking for JDK os include directory...  linux
gcc flags added
checking for cap_init in -lcap... no
*** Writing output files ***
configure: creating ./config.status
config.status: creating Makefile
config.status: creating Makedefs
config.status: creating native/Makefile
*** All done ***
Now you can issue make
++
Step3:
make
  +command output +=
(cd native; make  all)
make[1]: Entering directory 
`/root/test/commons-daemon-1.0.14-native-src/unix/native'
gcc -m64  jsvc-unix.o libservice.a -ldl -lpthread -o ../jsvc
make[1]: Leaving directory 
`/root/test/commons-daemon-1.0.14-native-src/unix/native'
+++


  Vicky
From: André Warnier a...@ice-sa.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Tuesday, 31 December 2013 8:34 PM
Subject: Re: JSVC error


vicky wrote:

Even after defining the $CATALINA_PID  $JAVA_HOME variable , i'm still the 
getting segmentation error(detailed error mentioned below)



In my experience, a segmentation fault often occurs when the *binary* that 
you are
trying to run, is not made for the platform on which you are trying to run it.
For example, you try to use under Solaris a binary made for Linux; or trying to 
run a
64-bit binary on a 32-bit platform.  Stuff of that kind.
So, are you sure that the jsvc that you're using matches your platform ?
What about file (path_to)/jsvc ? what does it say ?


Vicky,

Your CFLAGS and LDFLAGS settings appear that you're trying to compile a 
fat binary on MacOS. Is this true?


If so, I don't think MacOS supports a 32 bit JRE any more. I'm not 
certain, since I don't have a Macintosh, but some people at $work do. 
They indicate that they can no longer run applets in Chrome (32 bit) but 
require Firefox or Safari (64 bit).


What happens when you don't use those flags (or at least not the -arch 
386 for those flags)?


. . . just my two cents
/mde/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: System.out.println statements not captured in catalina.out

2014-01-02 Thread Mark Eggers

On 1/2/2014 12:42 AM, Tapajyoti Roybarman wrote:

Hi,

I need to record all debug statements (System.out.println(xyz)) from my
application in catalina.out log. When I start Tomcat it creates the log
file and only records statements till the server startup. But after that,
none of the System.out.println() statements present in my JSPs get
recorded in catalina.out file. Though I can see these statements in the
Tomcat console.

Tomcat Version : apache-tomcat-7.0.27

OS : Windows 7

I am attaching few files which might be of some help.

logging.properties -- present in tomcat/conf

catalina.2013-12-31.log -- example, so that you can see what gets
generated. Present in tomcat/logs

log4j.properties -- present in tomcat/webapps/myapp/WEB-INF/classes



I have seen the documentation present in
http://tomcat.apache.org/tomcat-7.0-doc/logging.html But, the problem is
that I can only use the default configuration (JULI). I cannot go for any
other option. So, I need to find out a way using my current configuration
only.

Thanks in advance.

Best Regards,
Tapajyoti


Tapajyoti,

The list strips attachments, so they didn't come through. If you need to 
send information to the list, it's best to either post it up on 
something like pastebin (if it's huge) or include it inline if it's not. 
Most people prefer inline.


That said, are you in control of the applications? Can you make source 
code changes? If so, don't use System.out.println() as your error mechanism.


Use something like log4j, with / without commons logging or slf4j. Write 
the appropriate configuration file, and direct all of your logging from 
the application to that file.


You can do this for all aspects of your application (JSP, servlets, 
listeners, filters, plain old java objects).


Opinion:

IMHO there's hardly ever any reason to set up logging in a JSP. Logging 
is usually required when you're doing model or controller work (which 
belongs in POJOs or servlets) in the view component (JSP). Don't do 
this. At the very least wrap this logic up in beans, and place the 
logging there. It's also easier to test that way.


. . . just my two cents
/mde/



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: JSVC error

2014-01-02 Thread vicky
I'm compiling  running JSVC on Linux machine ==Red Hat Enterprise Linux 
Server release 6.3 (Santiago)

I tried the below steps but still i'm getting the segmetation error.

1. export CFLAGS=-m64
2.  ./configure
3.   make

Can somebody pls  share the source link for JSVC ,from where I can try 
downloading  compiling the binaries again

Thanks
Vicky



On Thursday, 2 January 2014 10:06 PM, Mark Eggers its_toas...@yahoo.com wrote:
  
On 1/1/2014 11:02 PM, vicky wrote:

 I've build the JSVC on same machine over which I m running my tomcat instance

 I have compiled the JSVC in the following manner but still i'm getting the  
 Segmentation fault  exception while executing the startup script, please 
 suggest how to fix this:-

 Step1:
   export CFLAGS=-arch i386 -arch x86_64
   export LDFLAGS=-arch i386 -arch x86_64
 Step2:
 cd /root/test/commons-daemon-1.0.14-native-src/unix
   ./configure
 ++=
 *** Current host ***
 checking build system type... x86_64-unknown-linux-gnu
 checking host system type... x86_64-unknown-linux-gnu
 checking cached host system type... ok
 *** C-Language compilation tools ***
 checking for gcc... gcc
 checking for C compiler default output file name... a.out
 checking whether the C compiler works... yes
 checking whether we are cross compiling... no
 checking for suffix of executables...
 checking for suffix of object files... o
 checking whether we are using the GNU C compiler... yes
 checking whether gcc accepts -g... yes
 checking for gcc option to accept ANSI C... none needed
 checking for ranlib... ranlib
 checking for strip... strip
 *** Host support ***
 checking C flags dependant on host system type... ok
 *** Java compilation tools ***
 checking for JDK os include directory...  linux
 gcc flags added
 checking for cap_init in -lcap... no
 *** Writing output files ***
 configure: creating ./config.status
 config.status: creating Makefile
 config.status: creating Makedefs
 config.status: creating native/Makefile
 *** All done ***
 Now you can issue make
 ++
 Step3:
 make
   +command output +=
 (cd native; make  all)
 make[1]: Entering directory 
 `/root/test/commons-daemon-1.0.14-native-src/unix/native'
 gcc -m64  jsvc-unix.o libservice.a -ldl -lpthread -o ../jsvc
 make[1]: Leaving directory 
 `/root/test/commons-daemon-1.0.14-native-src/unix/native'
 +++


   Vicky
 From: André Warnier a...@ice-sa.com
 To: Tomcat Users List users@tomcat.apache.org
 Sent: Tuesday, 31 December 2013 8:34 PM
 Subject: Re: JSVC error


 vicky wrote:
 Even after defining the $CATALINA_PID  $JAVA_HOME variable , i'm still the 
 getting segmentation error(detailed error mentioned below)


 In my experience, a segmentation fault often occurs when the *binary* that 
 you are
 trying to run, is not made for the platform on which you are trying to run it.
 For example, you try to use under Solaris a binary made for Linux; or trying 
 to run a
 64-bit binary on a 32-bit platform.  Stuff of that kind.
 So, are you sure that the jsvc that you're using matches your platform ?
 What about file (path_to)/jsvc ? what does it say ?

Vicky,

Your CFLAGS and LDFLAGS settings appear that you're trying to compile a 
fat binary on MacOS. Is this true?

If so, I don't think MacOS supports a 32 bit JRE any more. I'm not 
certain, since I don't have a Macintosh, but some people at $work do. 
They indicate that they can no longer run applets in Chrome (32 bit) but 
require Firefox or Safari (64 bit).

What happens when you don't use those flags (or at least not the -arch 
386 for those flags)?

. . . just my two cents
/mde/



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JSVC error

2014-01-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

André,

On 12/31/13, 10:04 AM, André Warnier wrote:
 vicky wrote:
 Even after defining the $CATALINA_PID  $JAVA_HOME variable ,
 i'm still the getting segmentation error(detailed error mentioned
 below)
 
 
 In my experience, a segmentation fault often occurs when the
 *binary* that you are trying to run, is not made for the platform
 on which you are trying to run it.

Nah, you get way weirder errors when that happens. jsvc is probably
somewhat fragile when it gets unexpected input. While that should
probably be fixed, the problem here is very likely to be
configuration-related.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSxaMdAAoJEBzwKT+lPKRYMawP/jKbAjfnKSmbWl451eHrVF6G
9pHHjI95HccBEgbH3DryaBosQoomAogq9eqNnztma4r0/kwIwNr+KfzLYk2qJVDn
GYGQjbZoN8SBcPqwS8PAILKHXFGreV1S2f0zeMXg6CtH2hixqgenDMhyZUSPebxz
lJutDTnVKW1XCFxXN6LBJwSgF8hKDSPuEE3f42rmsbvNQSkQ6eXO+Q01iMSq4xoI
GCZTL6sANaOr0wamCserlXBQVyZ8kVXsY5xTFhrMzmOBxVN38Kd8ZjqmA8UG+yWv
1KUAio+29shzx+sXlZNmmFpDZ9OgZ61rTrtrsXfNYTpvxIRkihDOFmWOgUM40H2V
1CkuidokYXtW+v0a8TrD712rfSLQSjYLkXRwSk/yUwnR2h2n/7T9sWREndDM45+p
97KB4CgATx7ZRfjeQ9ER4jftTHYfqu+btLew0ObR9A05ccxm94sdAAHS87xtfJaD
UspJX0uc2FfY+JeNCGdyFzFzG/MiCKFNqcZWcJToDJSZMPmTcTFVBBlF7lSlcL64
Q813rXptw4F0+PSx+WPE8p4NcdRdwOsuuU5EjuIO+Q25xNArnPSNxEnkc9aBjC5w
R3CANQNTT71IMU9FN7w82So5zCwf7udfLI59VpGpq19NZhe4Fr6jyvK6mBILbfME
oyBofYjilJC3FqACOvst
=rGEu
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: JSVC error

2014-01-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 1/2/14, 11:34 AM, Mark Eggers wrote:
 On 1/1/2014 11:02 PM, vicky wrote:
 
 I've build the JSVC on same machine over which I m running my
 tomcat instance
 
 I have compiled the JSVC in the following manner but still i'm
 getting the  Segmentation fault  exception while executing the
 startup script, please suggest how to fix this:-
 
 Step1: export CFLAGS=-arch i386 -arch x86_64 export
 LDFLAGS=-arch i386 -arch x86_64 Step2: cd
 /root/test/commons-daemon-1.0.14-native-src/unix ./configure 
 ++= *** Current host
 *** checking build system type... x86_64-unknown-linux-gnu 
 checking host system type... x86_64-unknown-linux-gnu checking
 cached host system type... ok *** C-Language compilation tools
 *** checking for gcc... gcc checking for C compiler default
 output file name... a.out checking whether the C compiler
 works... yes checking whether we are cross compiling... no 
 checking for suffix of executables... checking for suffix of
 object files... o checking whether we are using the GNU C
 compiler... yes checking whether gcc accepts -g... yes checking
 for gcc option to accept ANSI C... none needed checking for
 ranlib... ranlib checking for strip... strip *** Host support
 *** checking C flags dependant on host system type... ok *** Java
 compilation tools *** checking for JDK os include directory...
 linux gcc flags added checking for cap_init in -lcap... no ***
 Writing output files *** configure: creating ./config.status 
 config.status: creating Makefile config.status: creating
 Makedefs config.status: creating native/Makefile *** All done
 *** Now you can issue make 
 ++ 
 Step3: make +command output
 += (cd native; make  all) make[1]: Entering
 directory 
 `/root/test/commons-daemon-1.0.14-native-src/unix/native' gcc
 -m64  jsvc-unix.o libservice.a -ldl -lpthread -o ../jsvc make[1]:
 Leaving directory 
 `/root/test/commons-daemon-1.0.14-native-src/unix/native' 
 +++
 
 
 Vicky From: André Warnier a...@ice-sa.com To: Tomcat Users List
 users@tomcat.apache.org Sent: Tuesday, 31 December 2013 8:34
 PM Subject: Re: JSVC error
 
 
 vicky wrote:
 Even after defining the $CATALINA_PID  $JAVA_HOME variable ,
 i'm still the getting segmentation error(detailed error
 mentioned below)
 
 
 In my experience, a segmentation fault often occurs when the 
 *binary* that you are trying to run, is not made for the platform
 on which you are trying to run it. For example, you try to use
 under Solaris a binary made for Linux; or trying to run a 64-bit
 binary on a 32-bit platform.  Stuff of that kind. So, are you
 sure that the jsvc that you're using matches your platform ? 
 What about file (path_to)/jsvc ? what does it say ?
 
 Vicky,
 
 Your CFLAGS and LDFLAGS settings appear that you're trying to
 compile a fat binary on MacOS. Is this true?
 
 If so, I don't think MacOS supports a 32 bit JRE any more.

Apple's JVMs came in 32-bit flavors, and they got rid of it with
Mavericks (thanks, Apple). Older OS Xs may still have the Apple JVM
available and reasonably up-to-date. No current version of Oracle or
OpenJDK is available for Mac OS X.

 I'm not certain, since I don't have a Macintosh, but some people at
 $work do. They indicate that they can no longer run applets in
 Chrome (32 bit) but require Firefox or Safari (64 bit).

Correct. Google won't release a 64-bit version of Chrome on Mac so
lots of stuff simply does not work (including Java plug-ins). (Thanks,
Google.)

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSxaPUAAoJEBzwKT+lPKRYd6kQAKhwax7ok35XGFZZ/jIgjoie
+xDUfgRnxGOJery88aPsnmwPpAcFKRK5YSYJTHdLdOF4lIXo3gWOxiCCSyC26crj
k4XMvPzmZ/qw2mX1rwz5I/yVhG9WjpWoYziVu97ZsxE9yAdqOlm2yokL+r68lHWG
0adeBiy4KCUfDr7uNbkukcCUadW7NtP/l02vNet2JOVk1iALgAmSDfWbBPwuEXNv
hBKrvWWKQDt+FzoU1h+hirdEpp3XNSiXNlRiOYU4GWgfHwWVjrj6GkSt/1i8rhkR
N1UuzLZeNzKLzsRZCtvNEYwETs8GGnl1dMI61KBEkoDR3/mT8sfEFNd4GyjWp3v+
hw0w3bX9TQbYOFM8cX5KpKMsWtOCHc1N1BfHu/wEipRF+bhJ6+SbvbtISyyxFinY
+mEMlIK2ZVYLNpdQlmZRBubFy5M6uSMGqOoWIfC7S9pr9kSG4Uw9+PVR4oxFocwj
Uiop2lwzzUYj6FHSdWpgmMVujR64d8cYZgZiIYwmKoxLSx7MwVHPk9zktwOYMtpv
sLTODrhmB7vb+ADZwmgDnn3Ei+mDZMyYu86Rxo5IDrJnB3XKCMO+LZSWBIIitG9O
Mz8/rUaBtWIU6jUxTSlnoqEUY6X9vP6SC7WVk/B+md2KMEZM4F0y5EDdXRokAm3x
HcRcLXQ2lM+23gwXt+Pq
=9YX5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: System.out.println statements not captured in catalina.out

2014-01-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Tapajyoti,

On 1/2/14, 3:42 AM, Tapajyoti Roybarman wrote:
 I need to record all debug statements (System.out.println(xyz))
 from my application in catalina.out log. When I start Tomcat it
 creates the log file and only records statements till the server
 startup. But after that, none of the System.out.println()
 statements present in my JSPs get recorded in catalina.out file.
 Though I can see these statements in the Tomcat console.

What is the Tomcat console?

Have you set swallowOutput=true in any of your Context elements
(check CATALINA_BASE/context.xml,
CATALINA_BASE/conf/[engine]/[host]/[webapp].xml, and your web app's
META-INF/context.xml files)?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSxaR2AAoJEBzwKT+lPKRYiFsP/1FPnbt+M4GUKfxiWzKgjS2Y
emckQi9Oxf+TU90iAFuo8mVEWIMUvr1+x0dGlsbHRhfzTbVSnjWi+j+g43IYTnrx
zPFVz7rW0Ibe5CPc/+ah0YahHIMDvaGd1ivN4TERLuxVBNuJwZrEBMy2B9o6SvIn
uJN2OeHi5/LlHhCV68TfNfp+gRVxZUb2bYihH838i+XEVtFf+yfAbJ6LQ1gxdm72
zjVvYKU8h/f95W/vjOlcDzBivih1uBIzAKTMBY4Zi7XIqNx65vgkFwHFQOkMaNxH
nWixwTzZibmrxufMJbo82D0gECKJ7vxzorwcE4Z7HPXae5kKgDjK6GUCamcy52hp
nq8pxBPpW04iSXc8AB3UMTAeWp7znFzbx9Ryey8B4NkQsz2/+BAwhIf4G4rT4w7d
bp7488GigUrECo7mQu/mnaJn5PtpsQ9pKS1s8E/5nh9qztrjWPMVJf9zCPXxrAV9
4sGSWNRV0WLjjuKedJzmbUH3JKqbIcmLNVuUkmw5m5/ut+zOjpW49Jc5c0pNRlT3
V7sAFXSIWGLeki+O5ZhOxKy1eFMdiUrEHD5mgufnQjfZyjnRthAT2c0/32zODSYD
by9rlAHpxI5GEpNAWHSVe+kYTsknfmXFUKsbOT5PDtk2q0gpUHFd+vZ6Bxltujkp
d714JrexPZ5jpQI1Sgto
=/A98
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: All worker threads of my tomcat have been occupied!

2014-01-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Benimaur,

On 1/2/14, 5:20 AM, Benimaur Gao wrote:
 I found my tomcat refusing to work this morning. I tried jstack to
 get some info, and then I found a lot of thread call stack like:
 
 http-8082-154 daemon prio=10 tid=0x7f711c21f800 nid=0x5b0a
 waiting on
 condition [0x7f70dc887000] java.lang.Thread.State:
 TIMED_WAITING (sleeping) at java.lang.Thread.sleep(Native
 Method) at 
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:132)

Your
 
context (aka web application) is reloading. That's the only time
StandardContextValve calls Thread.sleep() -- and only in Tomcat 6.
Tomcat 7 and 8 don't do this.

The request coming from the remote client (indicated by the use of the
http-- thread name) is waiting on the webapp to complete its
reload. You'll see one of these threads in this state for each request
you got since the webapp started reloading.

 It seems all of the 200 JIoEndpoint$Worker threads had been
 occupied. and I guess that's why tomcat refuse to serve any
 incoming request.

Sounds about right.

 After I got a copy of the source of my tomcat. I found $ grep -B3
 -A8 context.getPaused\(\) 
 /home/benimaur/workspace/eclipse/tomcat/src/org/apache/catalina/core/StandardContextValve.java

 
 126- 127-// Wait if we are reloading 128-boolean
 reloaded = false; 129:while (context.getPaused()) { 130-
 reloaded = true; 131-try { 132-
 Thread.sleep(1000); 133-} catch (InterruptedException
 e) { 134-; 135-} 136-} 137-
 
 
 It seems context had been set to reload state at some time, but I
 can't figure out under what  circumstance would put tomcat into
 such state. does any one here could give me more clue? thanks in
 advance.

Do you use the manager app? What are your Engine settings for things
like reloading, etc. from server.xml?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSxaYzAAoJEBzwKT+lPKRY7FAP/1UHDzaui8CrPV2E5JvCRDvF
QlMagAJmIN0+2Lm9LwTNG05ExmOTiH3AEf3hfiBC+YrzWc+jDYbCasDwjoCYMEuS
ZYgRIMO+nfzVyMhDEK8e9/AHfEg7YN/4R6EmWH4bv8MvMmnS9px1JzGI78BfggkT
v550utxeKGIS/C21YRwJWsqFg16TdfRWhBLe/TZYbdpoNzkHjTstTJ+18iAZZZpC
0rkqpT4QW/KL28CGFNdo4hmN459zFBoLte1p3ZfMXBmvg4WmOavaGBlyblNQWD8k
BMlaidAjRdkZXdI9zXGqz9NVGPP87+YAPPQxAXw2zcnqYyNTHhtA62mn3keq3gS7
cMuyrTXezFvdkOS+pQn3NtEQeI57S8GEO/WZnmNHpQYOQEyUVKPGBiyK3tYmcDVf
3bWIRykp7kP6HG2gxHaeIZWhwo6ub6UtFiSSW413NzX4x4k4EuP7bWO5rdMwgK2i
bIZTV8KLwkF7x8xsxDAIZdkhBgydQRzN1XtO+nB6mNql7v/hl5kf1ncHQK8ed2FW
jy2qzgqI43XF3gtnTrk6FLUeMYxDfaavTB/6Ge7d7AQHKClAy9Qc4WPdjANu6zkC
jJ/pu1BBD85Aa2pkswYwnCmnGUgtfjBLCmMeSrkhLSPqxvll/oQkoF0Qz4wGkOJL
2UARqAHN6uEn7c6XZ4Yb
=gfWU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: All worker threads of my tomcat have been occupied!

2014-01-02 Thread Caldarale, Charles R
 From: Benimaur Gao [mailto:benim...@gmail.com] 
 Subject: All worker threads of my tomcat have been occupied!

 I tried jstack to get some info, and then I found a lot of thread call
 stack like:

 http-8082-154 daemon prio=10 tid=0x7f711c21f800 nid=0x5b0a waiting on
 condition [0x7f70dc887000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
 at java.lang.Thread.sleep(Native Method)
 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:132)

 It seems all of the 200 JIoEndpoint$Worker threads had been occupied.

 It seems context had been set to reload state at some time, but I can't
 figure out under what  circumstance would put tomcat into such state.

Try looking at the threads _not_ doing the wait from StandardContextValve; one 
of those should be involved in reloading the webapp and perhaps you can find 
out what it's waiting for.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
I need TLSv1.2 support for tomcat, can any one help me by providing
TLS v1.2 patch, also where should i actually apply the patch, in JDK /
Tomcat / Tomcat Native ??
Also what will be the preferable connector settings ?

I am using following connector in Apache Tomcat/7.0.42

Connector port=8443
   protocol=HTTP/1.1
   maxThreads=200
   scheme=https secure=true SSLEnabled=true
   SSLCertificateFile=/home/mudassir/pay/p.pem
   SSLCertificateKeyFile=/home/mudassir/p/p-key.pem
   sslEnabledProtocols=TLSv1.2
   SSLCACertificateFile=/home/mudassir/p/AdminCA1.pem /

An error occurred during a connection to confidential.com:8443. Cannot
communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)


CRITICAL - Cannot make SSL connection
140441642727072:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:724:
HTTP CRITICAL - Error on receive
root@confidential:/opt/tomcat7#

I have tried 7.0.42 . 7.0.47 ,6.0.36 and 6.0.37 but nothing helped me
yet. Can you please help me on this ?

tcp0  0 0.0.0.0:84430.0.0.0:*
LISTEN  9757/java

Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.27 using APR
version 1.4.6.
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener
initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1e 11 Feb 2013)
Jan 01, 2014 5:37:55 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8443]
Jan 01, 2014 5:37:55 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [ajp-apr-8009]
Jan 01, 2014 5:37:55 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2588 ms
Jan 01, 2014 5:37:55 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jan 01, 2014 5:37:55 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.42
Jan 01, 2014 5:37:55 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /opt/tomcat7/webapps/confidential.war
Jan 01, 2014 5:37:59 PM org.hibernate.annotations.common.Version clinit
INFO: HCANN01: Hibernate Commons Annotations {4.0.2.Final}
Jan 01, 2014 5:37:59 PM org.hibernate.Version logVersion
INFO: HHH000412: Hibernate Core {4.2.4.Final}
Jan 01, 2014 5:37:59 PM org.hibernate.cfg.Environment clinit


Re: JSVC error

2014-01-02 Thread Ognjen Blagojevic

Vicky,

On 31.12.2013 11:16, vicky wrote:

./startdaemon.sh: line 13:  7429 Segmentation fault  (core dumped) ./bin/jsvc -cp 
$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/tomcat-juli.jar -outfile 
$CATALINA_BASE/logs/catalina.out -errfile $CATALINA_BASE/logs/catalina.err 
-Dcatalina.home=$CATALINA_HOME -pidfile $CATALINA_PID 
-Dcatalina.base=$CATALINA_BASE 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties 
org.apache.catalina.startup.Bootstrap start


That is a bug in daemon 1.0.14. It is resolved in daemon 1.0.15. More 
info here:


https://www.mail-archive.com/dev@tomcat.apache.org/msg72208.html
https://issues.apache.org/jira/browse/DAEMON-291
https://issues.apache.org/bugzilla/show_bug.cgi?id=54890

-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Caldarale, Charles R
 From: Mudassir Aftab [mailto:withmudas...@gmail.com] 
 Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47

 I need TLSv1.2 support for tomcat

That's available by default with current OpenSSL versions.

 Also what will be the preferable connector settings ?

Whatever you need them to be.  The values depend entirely on your applications 
and environment.

 I am using following connector in Apache Tomcat/7.0.42
 Connector port=8443
 . . .
sslEnabledProtocols=TLSv1.2

The above attribute is for the BIO and NIO connectors, not the APR one you are 
using.  You should instead specify:
   SSLProtocol=TLSv1
if you want to eliminate SSLv3 (but your client might not like that).  You can 
also set SSLCipherSuite to avoid enabling insecure encryption mechanisms (see 
http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).

 An error occurred during a connection to confidential.com:8443. Cannot
 communicate securely with peer: no common encryption algorithm(s).

This means the client you're using and your build of OpenSSL have nothing in 
common.  Use Wireshark or tcpdump and determine just which protocols your 
client is attempting to negotiate with, and insure that those are enabled in 
your build of OpenSSL.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: JSVC error

2014-01-02 Thread André Warnier

Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

André,

On 12/31/13, 10:04 AM, André Warnier wrote:

vicky wrote:

Even after defining the $CATALINA_PID  $JAVA_HOME variable ,
i'm still the getting segmentation error(detailed error mentioned
below)


In my experience, a segmentation fault often occurs when the
*binary* that you are trying to run, is not made for the platform
on which you are trying to run it.


Nah, you get way weirder errors when that happens. jsvc is probably
somewhat fragile when it gets unexpected input. While that should
probably be fixed, the problem here is very likely to be
configuration-related.



I was only talking about my experience.
I don't usually do weird things.
Your mileage may be different.

The OP never told us what file jsvc is telling him though.
For example on one of our systems :

# uname -a
Linux server.company.com 2.6.26-2-amd64 #1 SMP Tue Jan 25 05:59:43 UTC 2011 
x86_64 GNU/Linux
# find / -name jsvc -exec file {} \;
/usr/share/doc/jsvc: directory
/usr/bin/jsvc: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked 
(uses shared libs), for GNU/Linux 2.6.8, stripped


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Java to JavaScript RMI framework available.

2014-01-02 Thread Igor Urisman
Johan,


On Thu, Jan 2, 2014 at 1:25 AM, Johan Compagner jcompag...@servoy.comwrote:

 does it also do the other way around?
 So also having the endpoint on the server that has methods that can be
 called from javascript in a very easy way?


 It doesn't. There is already a mechanism that sits above simple message
passing, for calling into
the server: XMLHttpRequest, aka AJAX.  Competing with that would have taken
more thought and
effort that so far I have been able to put into FERMI. I imagine that if
this gets some acceptance,
offering a fully symmetric RMI may become a viable idea.  Not on the
immediate roadmap, though.
-Igor.



 On 31 December 2013 01:55, Igor Urisman igor.uris...@gmail.com wrote:

  Folks,
 
  I needed to write this for something I am working on and thought there
  might be a wider audience for it.
  Tomcat 8 supports standard compliant Websockets, which provide convenient
  asynchronous full-duplex
  server to client data transport. The framework I am offering builds on
 top
  of that a feature rich remote
  method invocation paradigm.  Please check it out.
 
  https://github.com/iurisman/FERMI
  Apache 2.0 license.
 
  Happy coding.
  Igor.
 



 --
 Johan Compagner
 Servoy



RE: Java to JavaScript RMI framework available.

2014-01-02 Thread Martin Gainty
Johann-
 
If your design supports Comet, Polling or Piggyback you *may* to take a look at 
Joe Walker's DWR..(Direct Web Remoting)

http://directwebremoting.org/dwr/index.html

*Mit freundlichen grüßen*
Martin --


  



 Date: Thu, 2 Jan 2014 15:54:01 -0800
 Subject: Re: Java to JavaScript RMI framework available.
 From: igor.uris...@gmail.com
 To: users@tomcat.apache.org
 
 Johan,
 
 
 On Thu, Jan 2, 2014 at 1:25 AM, Johan Compagner jcompag...@servoy.comwrote:
 
  does it also do the other way around?
  So also having the endpoint on the server that has methods that can be
  called from javascript in a very easy way?
 
 
  It doesn't. There is already a mechanism that sits above simple message
 passing, for calling into
 the server: XMLHttpRequest, aka AJAX. Competing with that would have taken
 more thought and
 effort that so far I have been able to put into FERMI. I imagine that if
 this gets some acceptance,
 offering a fully symmetric RMI may become a viable idea. Not on the
 immediate roadmap, though.
 -Igor.
 
 
 
  On 31 December 2013 01:55, Igor Urisman igor.uris...@gmail.com wrote:
 
   Folks,
  
   I needed to write this for something I am working on and thought there
   might be a wider audience for it.
   Tomcat 8 supports standard compliant Websockets, which provide convenient
   asynchronous full-duplex
   server to client data transport. The framework I am offering builds on
  top
   of that a feature rich remote
   method invocation paradigm. Please check it out.
  
   https://github.com/iurisman/FERMI
   Apache 2.0 license.
  
   Happy coding.
   Igor.
  
 
 
 
  --
  Johan Compagner
  Servoy
 
  

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
Hi ,

Thanks for reply,

I am using following environment

Description:Ubuntu 12.04.3 LTS
javac 1.7.0_45
apache-tomcat-7.0.42.tar.gz
apr-1.5.0.tar.gz
tomcat-native-1.1.29-src.tar.gz
openssl 1.0.1-4ubuntu5.10

and this how i am configuring Tomcat Native

./configure --with-apr=/usr/local/apr/bin/apr-1-config
--with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/tomcat7/lib

Server.xml:
   Connector port=8443  protocol=HTTP/1.1
   maxThreads=200
   sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2
   clientAuth=false
   scheme=https secure=true SSLEnabled=true
   SSLCertificateFile=/home/mudassir/cert.pem
   SSLCertificateKeyFile=/home/mudassir/cert-key.pem
   SSLCACertificateFile=/home/mudassir/CA.pem /

Regards,
Mudassir Aftab



On Fri, Jan 3, 2014 at 2:28 AM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Mudassir Aftab [mailto:withmudas...@gmail.com]
  Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47

  I need TLSv1.2 support for tomcat

 That's available by default with current OpenSSL versions.

  Also what will be the preferable connector settings ?

 Whatever you need them to be.  The values depend entirely on your
 applications and environment.

  I am using following connector in Apache Tomcat/7.0.42
  Connector port=8443
  . . .
 sslEnabledProtocols=TLSv1.2

 The above attribute is for the BIO and NIO connectors, not the APR one you
 are using.  You should instead specify:
SSLProtocol=TLSv1
 if you want to eliminate SSLv3 (but your client might not like that).  You
 can also set SSLCipherSuite to avoid enabling insecure encryption
 mechanisms (see
 http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).

  An error occurred during a connection to confidential.com:8443. Cannot
  communicate securely with peer: no common encryption algorithm(s).

 This means the client you're using and your build of OpenSSL have nothing
 in common.  Use Wireshark or tcpdump and determine just which protocols
 your client is attempting to negotiate with, and insure that those are
 enabled in your build of OpenSSL.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
I have also tried to apply following patch in tomcat native but it did not
helped.

https://issues.apache.org/bugzilla/attachment.cgi?id=30150

tomcat-native-1.1.29-src.tar.gz


On Fri, Jan 3, 2014 at 5:21 AM, Mudassir Aftab withmudas...@gmail.comwrote:

 Hi ,

 Thanks for reply,

 I am using following environment

 Description:Ubuntu 12.04.3 LTS
 javac 1.7.0_45
 apache-tomcat-7.0.42.tar.gz
 apr-1.5.0.tar.gz
 tomcat-native-1.1.29-src.tar.gz
 openssl 1.0.1-4ubuntu5.10

 and this how i am configuring Tomcat Native

 ./configure --with-apr=/usr/local/apr/bin/apr-1-config
 --with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME

 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/tomcat7/lib

 Server.xml:

Connector port=8443  protocol=HTTP/1.1
maxThreads=200
 sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2
clientAuth=false

scheme=https secure=true SSLEnabled=true
SSLCertificateFile=/home/mudassir/cert.pem
SSLCertificateKeyFile=/home/mudassir/cert-key.pem
SSLCACertificateFile=/home/mudassir/CA.pem /

 Regards,
 Mudassir Aftab



 On Fri, Jan 3, 2014 at 2:28 AM, Caldarale, Charles R 
 chuck.caldar...@unisys.com wrote:

  From: Mudassir Aftab [mailto:withmudas...@gmail.com]
  Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47

  I need TLSv1.2 support for tomcat

 That's available by default with current OpenSSL versions.

  Also what will be the preferable connector settings ?

 Whatever you need them to be.  The values depend entirely on your
 applications and environment.

  I am using following connector in Apache Tomcat/7.0.42
  Connector port=8443
  . . .
 sslEnabledProtocols=TLSv1.2

 The above attribute is for the BIO and NIO connectors, not the APR one
 you are using.  You should instead specify:
SSLProtocol=TLSv1
 if you want to eliminate SSLv3 (but your client might not like that).
  You can also set SSLCipherSuite to avoid enabling insecure encryption
 mechanisms (see
 http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).

  An error occurred during a connection to confidential.com:8443. Cannot
  communicate securely with peer: no common encryption algorithm(s).

 This means the client you're using and your build of OpenSSL have nothing
 in common.  Use Wireshark or tcpdump and determine just which protocols
 your client is attempting to negotiate with, and insure that those are
 enabled in your build of OpenSSL.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mudassir,

On 1/2/14, 7:21 PM, Mudassir Aftab wrote:
 Connector port=8443  protocol=HTTP/1.1 maxThreads=200 
 sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2

Setting sslProtocol and sslEnabledProtocols will not affect an
OpenSSL-based connector (which you have configured). As Chuck
previously stated, you need to use different configuration attributes
when using OpenSSL. Please read the documentation for the APR
connector and those configuration attributes that affect the SSL engine.

You might want to tell us how you are trying to connect, too. Also,
run openssl ciphers on your system to see what ciphers are supported
by your OpenSSL, and compare those to the list supported by your
client. Perhaps you have a legitimate mismatch and TLS 1.2 itself
isn't the problem.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSxgTjAAoJEBzwKT+lPKRYcYcQAK9VZ5EncegU2zmkArxtf7dO
NvIdSzKW9oyjDngFRc/pSga79Crj1SbnhY/SrwZLCv81MWuSjjgFpIBi/RlFMjpG
ScFBU4NNT5HxGl0+0Eec9qcw93ObTKGPf8SkDjAfvpI2uzNH8DK/lHdqbqAksVGO
dZGdYPAHMx4ssTc6ADKtwaXmbdJW2yo0VNp1t5bsUEJE2BYPnV8kh0djj2fME0zo
B951A6YKyeL37c+zcAHEdbqKS1tmpk7bwuyhsXnmPCdrh6pRcqBuEGWKywCvDPw6
dopMmAd7ngGcEM4v24L5Fsv7nm2KeZL+BY+pyehxJCnP4EEobw0KtGEvzsMQn+hP
tPQ2mpxEaKIgPxe09soHCYxTM5HqtXdK25pNZBpOcTBWCJH1tz+sA5z6h7ruJNI6
fVszEZEtCevkvwkP9GYWZ3mhdvHXE1rGtpc4u2/vCJCr0Hbszv0YS6LgQVWAxrQY
b0qJLeYX+MAUGdC0Y3jLT/qes1XeK4wlugfFTP3Q2l6sKo2g7sWt8b2QDc9bKjHV
kAmG1OPEzMe9d3IU6+2IPg0R3Ztdv9u2jUXZMzbmhfrs1B4c0tvRt769GKlxgRpS
FulJgmIamfnHuRIVGUJUc30tr7e3Ozg0TduAuxnXEseb5gPR34k5O2hZO4bvqZpT
HzFL8i8XSzQPIOQTM47s
=xCfN
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
I have just configured latest version , following is the log

Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR
version 1.5.0.
Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Jan 03, 2014 12:33:59 AM org.apache.catalina.core.AprLifecycleListener
initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8443]
Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8080]
Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [ajp-apr-8009]
Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3145 ms
Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardService
startInternal
INFO: Starting service Catalina
Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardEngine
startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/host-manager
Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/docs
Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/manager
Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/ROOT
Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/examples
Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler [http-apr-8443]
Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler [http-apr-8080]
Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler [ajp-apr-8009]
Jan 03, 2014 12:34:07 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 7422 ms



On Fri, Jan 3, 2014 at 5:31 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Mudassir,

 On 1/2/14, 7:21 PM, Mudassir Aftab wrote:
  Connector port=8443  protocol=HTTP/1.1 maxThreads=200
  sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2

 Setting sslProtocol and sslEnabledProtocols will not affect an
 OpenSSL-based connector (which you have configured). As Chuck
 previously stated, you need to use different configuration attributes
 when using OpenSSL. Please read the documentation for the APR
 connector and those configuration attributes that affect the SSL engine.

 You might want to tell us how you are trying to connect, too. Also,
 run openssl ciphers on your system to see what ciphers are supported
 by your OpenSSL, and compare those to the list supported by your
 client. Perhaps you have a legitimate mismatch and TLS 1.2 itself
 isn't the problem.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJSxgTjAAoJEBzwKT+lPKRYcYcQAK9VZ5EncegU2zmkArxtf7dO
 NvIdSzKW9oyjDngFRc/pSga79Crj1SbnhY/SrwZLCv81MWuSjjgFpIBi/RlFMjpG
 ScFBU4NNT5HxGl0+0Eec9qcw93ObTKGPf8SkDjAfvpI2uzNH8DK/lHdqbqAksVGO
 dZGdYPAHMx4ssTc6ADKtwaXmbdJW2yo0VNp1t5bsUEJE2BYPnV8kh0djj2fME0zo
 B951A6YKyeL37c+zcAHEdbqKS1tmpk7bwuyhsXnmPCdrh6pRcqBuEGWKywCvDPw6
 dopMmAd7ngGcEM4v24L5Fsv7nm2KeZL+BY+pyehxJCnP4EEobw0KtGEvzsMQn+hP
 tPQ2mpxEaKIgPxe09soHCYxTM5HqtXdK25pNZBpOcTBWCJH1tz+sA5z6h7ruJNI6
 fVszEZEtCevkvwkP9GYWZ3mhdvHXE1rGtpc4u2/vCJCr0Hbszv0YS6LgQVWAxrQY
 b0qJLeYX+MAUGdC0Y3jLT/qes1XeK4wlugfFTP3Q2l6sKo2g7sWt8b2QDc9bKjHV
 kAmG1OPEzMe9d3IU6+2IPg0R3Ztdv9u2jUXZMzbmhfrs1B4c0tvRt769GKlxgRpS
 FulJgmIamfnHuRIVGUJUc30tr7e3Ozg0TduAuxnXEseb5gPR34k5O2hZO4bvqZpT
 HzFL8i8XSzQPIOQTM47s
 =xCfN
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
Thanks for keep replying,  is there any way to restrict the cipher suite in
the connector configuration?

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5



On Fri, Jan 3, 2014 at 5:35 AM, Mudassir Aftab withmudas...@gmail.comwrote:

 I have just configured latest version , following is the log

 Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener init
 INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR
 version 1.5.0.
 Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener init

 INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
 [false], random [true].
 Jan 03, 2014 12:33:59 AM org.apache.catalina.core.AprLifecycleListener
 initializeSSL
 INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [http-apr-8443]
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [http-apr-8080]
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [ajp-apr-8009]
 Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.Catalina load
 INFO: Initialization processed in 3145 ms
 Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardService
 startInternal
 INFO: Starting service Catalina
 Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardEngine
 startInternal
 INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
 Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/host-manager
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/docs
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/manager
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/ROOT
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/examples
 Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
 INFO: Starting ProtocolHandler [http-apr-8443]
 Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
 INFO: Starting ProtocolHandler [http-apr-8080]
 Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
 INFO: Starting ProtocolHandler [ajp-apr-8009]
 Jan 03, 2014 12:34:07 AM org.apache.catalina.startup.Catalina start
 INFO: Server startup in 7422 ms



 On Fri, Jan 3, 2014 at 5:31 AM, Christopher Schultz 
 ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Mudassir,

 On 1/2/14, 7:21 PM, Mudassir Aftab wrote:
  Connector port=8443  protocol=HTTP/1.1 maxThreads=200
  sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2

 Setting sslProtocol and sslEnabledProtocols will not affect an
 OpenSSL-based connector (which you have configured). As Chuck
 previously stated, you need to use different configuration attributes
 when using OpenSSL. Please read the documentation for the APR
 connector and those configuration 

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
How can i test this ? can i test this with Firefox 25 ?


Regards,
Mudassir Aftab


On Fri, Jan 3, 2014 at 5:41 AM, Mudassir Aftab withmudas...@gmail.comwrote:

 Thanks for keep replying,  is there any way to restrict the cipher suite
 in the connector configuration?


 ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5



 On Fri, Jan 3, 2014 at 5:35 AM, Mudassir Aftab withmudas...@gmail.comwrote:

 I have just configured latest version , following is the log

 Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener
 init
 INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR
 version 1.5.0.
 Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener
 init

 INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
 [false], random [true].
 Jan 03, 2014 12:33:59 AM org.apache.catalina.core.AprLifecycleListener
 initializeSSL
 INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [http-apr-8443]
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [http-apr-8080]
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [ajp-apr-8009]
 Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.Catalina load
 INFO: Initialization processed in 3145 ms
 Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardService
 startInternal
 INFO: Starting service Catalina
 Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardEngine
 startInternal
 INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
 Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory
 /opt/tomcat7/webapps/host-manager
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/docs
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/manager
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/ROOT
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/examples
 Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
 INFO: Starting ProtocolHandler [http-apr-8443]
 Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
 INFO: Starting ProtocolHandler [http-apr-8080]
 Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
 INFO: Starting ProtocolHandler [ajp-apr-8009]
 Jan 03, 2014 12:34:07 AM org.apache.catalina.startup.Catalina start
 INFO: Server startup in 7422 ms



 On Fri, Jan 3, 2014 at 5:31 AM, Christopher Schultz 
 ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Mudassir,

 On 1/2/14, 7:21 PM, Mudassir Aftab wrote:
  Connector port=8443  protocol=HTTP/1.1 maxThreads=200
  sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2

 Setting sslProtocol and sslEnabledProtocols will not affect an
 OpenSSL-based connector (which you have configured). As Chuck
 

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Caldarale, Charles R
 From: Mudassir Aftab [mailto:withmudas...@gmail.com] 
 Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

Don't top post - it makes it really hard to follow the conversation.

 is there any way to restrict the cipher suite in
 the connector configuration?

You were already told how:

  You can also set SSLCipherSuite to avoid enabling insecure encryption 
  mechanisms (see 
  http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).

- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
Also how can i restrict cipher in the connector ??

Testing localhost:8443
** TLSv1:EXP-ADH-RC4-MD5 - ENABLED - WEAK 40 bits **
** TLSv1:ADH-AES128-SHA - ENABLED - WEAK 128 bits **
** TLSv1:EXP-ADH-DES-CBC-SHA - ENABLED - WEAK 40 bits **
** TLSv1:ADH-AES256-SHA - ENABLED - WEAK 256 bits **
** TLSv1:ADH-DES-CBC3-SHA - ENABLED - WEAK 168 bits **
** TLSv1:ADH-DES-CBC-SHA - ENABLED - WEAK 56 bits **
** TLSv1:ADH-RC4-MD5 - ENABLED - WEAK 128 bits **
** SSLv3:EXP-ADH-RC4-MD5 - ENABLED - WEAK 40 bits **
** SSLv3:ADH-AES128-SHA - ENABLED - WEAK 128 bits **
** SSLv3:EXP-ADH-DES-CBC-SHA - ENABLED - WEAK 40 bits **
** SSLv3:ADH-AES256-SHA - ENABLED - WEAK 256 bits **
** SSLv3:ADH-DES-CBC3-SHA - ENABLED - WEAK 168 bits **
** SSLv3:ADH-DES-CBC-SHA - ENABLED - WEAK 56 bits **
** SSLv3:ADH-RC4-MD5 - ENABLED - WEAK 128 bits **




On Fri, Jan 3, 2014 at 5:58 AM, Mudassir Aftab withmudas...@gmail.comwrote:

 How can i test this ? can i test this with Firefox 25 ?


 Regards,
 Mudassir Aftab


 On Fri, Jan 3, 2014 at 5:41 AM, Mudassir Aftab withmudas...@gmail.comwrote:

 Thanks for keep replying,  is there any way to restrict the cipher suite
 in the connector configuration?


 ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5



 On Fri, Jan 3, 2014 at 5:35 AM, Mudassir Aftab withmudas...@gmail.comwrote:

 I have just configured latest version , following is the log

 Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener
 init
 INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR
 version 1.5.0.
 Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener
 init

 INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
 [false], random [true].
 Jan 03, 2014 12:33:59 AM org.apache.catalina.core.AprLifecycleListener
 initializeSSL
 INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [http-apr-8443]
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [http-apr-8080]
 Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
 INFO: Initializing ProtocolHandler [ajp-apr-8009]
 Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.Catalina load
 INFO: Initialization processed in 3145 ms
 Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardService
 startInternal
 INFO: Starting service Catalina
 Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardEngine
 startInternal
 INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
 Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory
 /opt/tomcat7/webapps/host-manager
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/docs
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/manager
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory /opt/tomcat7/webapps/ROOT
 Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory 

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
How can i specify AES256-SHA256 cipher in tomcat connector? or where should
i specify this ?

Regards,
Mudassir Aftab


Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
Should i use following APR connector attribute ?

   Connector port=8443
protocol=org.apache.coyote.http11.Http11AprProtocol
   maxThreads=200
   sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2
   clientAuth=false
   ciphers=AES256-SHA256
   scheme=https secure=true SSLEnabled=true
   SSLCertificateFile=p.pem
   SSLCertificateKeyFile=key.pem
   SSLCACertificateFile=AdminCA1.pem /


Re: All worker threads of my tomcat have been occupied!

2014-01-02 Thread Benimaur Gao
@ Chuck
that's very strange. I failed to find any thread stack relevant to tomcat
reloading.

@ Chris
No, I do not use the manager app. All settings in my server.xml are just
using the default value, except one modification to Context block to set
the real deployment path.

My question is: what's the condition to trigger tomcat redeployment, and
how to avoid it? after all, I don't think it's a proper setting for online
server. Does it leave me no choice but upgrading my tomcat?



On Fri, Jan 3, 2014 at 2:16 AM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Benimaur Gao [mailto:benim...@gmail.com]
  Subject: All worker threads of my tomcat have been occupied!

  I tried jstack to get some info, and then I found a lot of thread call
  stack like:

  http-8082-154 daemon prio=10 tid=0x7f711c21f800 nid=0x5b0a waiting
 on
  condition [0x7f70dc887000]
 java.lang.Thread.State: TIMED_WAITING (sleeping)
  at java.lang.Thread.sleep(Native Method)
  at
 
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:132)

  It seems all of the 200 JIoEndpoint$Worker threads had been occupied.

  It seems context had been set to reload state at some time, but I can't
  figure out under what  circumstance would put tomcat into such state.

 Try looking at the threads _not_ doing the wait from StandardContextValve;
 one of those should be involved in reloading the webapp and perhaps you can
 find out what it's waiting for.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




RE: All worker threads of my tomcat have been occupied!

2014-01-02 Thread Caldarale, Charles R
 From: Benimaur Gao [mailto:benim...@gmail.com] 
 Subject: Re: All worker threads of my tomcat have been occupied!

Don't top post - it makes the conversation very difficult to follow.

 that's very strange. I failed to find any thread stack relevant to 
 tomcat reloading.

Perhaps you could post the stack trace somewhere we could look at it (e.g., 
pastebin).

 All settings in my server.xml are just using the default value, except one 
 modification to Context block to set the real deployment path.

?? Please elaborate on that (be specific).

 what's the condition to trigger tomcat redeployment, and how to avoid it?

The redeployment triggers are specified by WatchedResource elements nested 
inside Context elements.  By default, WEB-INF/web.xml is the only monitored 
file, specified in the global conf/context.xml.  Any chance someone did a touch 
on your webapp's web.xml?

 Does it leave me no choice but upgrading my tomcat?

Always good to stay up to date, but it's not likely to be relevant here.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Caldarale, Charles R
 From: Mudassir Aftab [mailto:withmudas...@gmail.com] 
 Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

 Should i use following APR connector attribute ?
Connector port=8443
protocol=org.apache.coyote.http11.Http11AprProtocol
maxThreads=200
sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2
clientAuth=false
ciphers=AES256-SHA256
scheme=https secure=true SSLEnabled=true
SSLCertificateFile=p.pem
SSLCertificateKeyFile=key.pem
SSLCACertificateFile=AdminCA1.pem /

For the third time, the APR Connector has no sslProtocol nor 
sslEnabledProtocols attributes; the proper ones for specifying the protocol and 
encryption algorithms are SSLProtocol and SSLCipherSuite, respectively.  For 
the last time, read the doc:
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native

(If you don't start paying attention to the responses you're getting, you will 
end up just being ignored.)

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: All worker threads of my tomcat have been occupied!

2014-01-02 Thread Benimaur Gao
gotcha!
I moved tomcat home directory to another partition by using 'cp -r' at that
time. That's why tomcat start to reload.
Thank you!

the whole stack trace is post here
http://pastebin.com/KB9cWMFw


On Fri, Jan 3, 2014 at 1:32 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Benimaur Gao [mailto:benim...@gmail.com]
  Subject: Re: All worker threads of my tomcat have been occupied!

 Don't top post - it makes the conversation very difficult to follow.

  that's very strange. I failed to find any thread stack relevant to
  tomcat reloading.

 Perhaps you could post the stack trace somewhere we could look at it
 (e.g., pastebin).

  All settings in my server.xml are just using the default value, except
 one
  modification to Context block to set the real deployment path.

 ?? Please elaborate on that (be specific).

  what's the condition to trigger tomcat redeployment, and how to avoid it?

 The redeployment triggers are specified by WatchedResource elements
 nested inside Context elements.  By default, WEB-INF/web.xml is the only
 monitored file, specified in the global conf/context.xml.  Any chance
 someone did a touch on your webapp's web.xml?

  Does it leave me no choice but upgrading my tomcat?

 Always good to stay up to date, but it's not likely to be relevant here.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org