Re: How to set up TLS-PSK with Tomcat

2014-09-24 Thread Borislav Trifonov 

I don't know yet--it's the next thing I'll need to figure out.

On 9/22/2014 5:55 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Borislav,

On 9/20/14 11:57 PM, Borislav Trifonov wrote:

Switched to a configuration where Tomcat is now front-ended by
Nginx acting as a load balancer, so now the problem has moved to a
  different spot.

Just curious: how does Nginx do this? IIRC, Nginx can use either
OpenSSL or GnuTLS. What does the configuration look like? It seems
reasonable for httpd/APR to support PSK... perhaps it can be added if
it does not already exist.


As for the PSK: the computational expense of key exchange (we have
  many frequent short lived connections) is a con that brings zero
benefit to our setup, as the clients are fixed and already have the
  symmetric keys.

Makes sense.


I could ask the inverse question: if one controls not just the
server but also the clients, what's the point of public key
crypto?

You never mentioned that you had "control" of the clients. Using PSKs
  of course means you have some measure of control over the clients,
but it is not always so.


The only reason I'm relying on TLS is because the same server also
needs to occasionally support regular connections using
certificates.

Would it be an option to use something like stunnel (I'm not sure if
that allows PSKs, either) between the client and server? It's a lot of
extra processes, but it might get the job done.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUIBxHAAoJEBzwKT+lPKRYascP/jYod5rNgvfmJjF7FBdWp0ld
uVJJ6BnrfaNOwqEEjMMy/lj93k/bwrkNmdwivIjrQ8dV5HH1AS6HTFFJbU9lPril
fyY4Sz3HE9b1yDtKizqfxgs+7pJ6qCxRMY3LX/R/wk5R2RNgPvS8/0o1XeCsU3Ck
r8dh+wVH3eb0PpIRSvdc6jDZ9QoEyTgOZtqVrNwmeo5utVlszLm16rBenlrxHEen
iFHd7eVzayhsW7pvwNXaRO8UK5GpFKdE4yn3fEQu8OQmX3UR9hUREWJikE/3yszT
rSajQJW941YMw9fzW6B/tH8+JA21fvCL5pK7r2Nac+IWbXExRHbcdbtGpF2aUev9
184jE3W9qa27zanox4WCArkNwYSU4PskSpDfQPVCX6Wuem6fQP7zli+JA+HGHmdI
kRfTskkaH5u7fMANGJB7HVeH9GQIcBDHcsWpYeYVUB9sMk35TL8b3T/UvzP5SOGR
01doESxIsG5H10R9fUOKAEU2DIee+CmwMGWI58YbCNONWAabJ1tVIRzUp74XbfPc
aGPBie7p/xqpo/d9He5fnHWsyLLPHzyfsTRUnsCVwuCnZup/FRt1AnL1W6/TP4Lh
GpHc1EZxpXAlkEJPAGzVT3QwskGKg6RvQX3uqcIqquTdJ0o1OlpMfnFm6c59EwKa
Y825QMbFT7SZOL8ylSxu
=5Wp9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

autoDeploy triggers after Manager Deployment

2014-09-24 Thread Austin Jones 
I am deploying apps using the Tomcat Manager interface.  Tomcat 8.0.12 on
Linux.

I am setting the parameters:
path=/My_Application
context=/path/to/my/context.xml
war=/path/to/my/APP.war
update=true

This produces the log:

24-Sep-2014 16:52:35.933 INFO [http-nio-443-exec-17]
org.apache.catalina.startup.HostConfig.reload Reloading context
[/My_Application]
24-Sep-2014 16:52:35.933 INFO [http-nio-443-exec-17]
org.apache.catalina.core.StandardContext.reload Reloading Context with name
[/My_Application] has started
24-Sep-2014 16:52:45.050 INFO [http-nio-443-exec-17]
org.apache.catalina.core.StandardContext.reload Reloading Context with name
[/My_Application] is completed



24-Sep-2014 16:55:48.359 INFO
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.startup.HostConfig.undeploy Undeploying context
[/My_Application]
24-Sep-2014 16:55:49.861 INFO [localhost-startStop-4]
org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
configuration descriptor
/usr/local/apache-tomcat-8.0.12/conf/Catalina/localhost/My_Application.xml
24-Sep-2014 16:55:58.143 INFO [localhost-startStop-4]
org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of
configuration descriptor
/usr/local/apache-tomcat-8.0.12/conf/Catalina/localhost/My_Application.xml
has finished in 8,282 ms

My app is already deployed, which triggers HostConfig.check(name), and then
checkResources(app).  Tomcat takes the WAR branch ( resource.getName() ...
endsWith(".war") , and the app is reloaded.  The context.xml was also
updated by the manager, but the app.redeployResources map is only updated
with the WAR (due to the return statement in checkResources).

Moments later, a periodic lifecycle event fires, and HostConfig.check()
triggers a redeployment on the conf/Catalina/localhost/My_Application.xml
resource.

I have temporarily worked around the issue by disabling autoDeploy in
server.xml, but is this a bug, or a misconfiguration on my part?  It seems
like checkResources could automatically update app.redeployResources
entries which are older than the resource being updated, or maybe even the
current time at the start of the checkResources call.

-- 
*Austin Jones*
Senior Designer

*(619) 819-8844 x1040 Office*
*(619) 819-8840 Fax*

*3131 Camino Del Rio North, Suite 1500San Diego, CA 92108*

 [image: Avadyne Health]

http://www.avadynehealth.com

Benchmark Revenue Management has merged with Avadyne Health! Visit our
website to learn more about this exciting synthesis, bringing
technology-enabled services to healthcare revenue cycle management.

*CONFIDENTIALITY NOTICE: This e-mail communication, including any
attachments, is covered by the Electronic Communication Privacy Act of 1986
(18 U.S.C. sections 2510-21) and may contain information protected by the
federal regulations under the Health Insurance Portability and
Accountability Act of 1996 (45 C. F. R. Parts 160-164) or other
confidential information. If you are not the intended recipient (or
authorized to receive for the recipient), you are hereby notified that any
review, disclosure, dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please delete or destroy all copies of this
communication and any attachments.*

Re: ipfiltering in Tomcat 6 fails, works fine on Tomcat 7

2014-09-24 Thread Baran Topal 
Hi, following works under server.xml

   



But, i need to hide my admin directory containing admin.jsp pages (more
than 1 jsp page)

My admin directory is in WEB-INF and WEB-INF is in the same level with
/index.jsp but simply, not working when i ref. the context as /WEB-INF/admin


24 Eylül 2014 Çarşamba tarihinde, Baran Topal  yazdı:

> Hi Andre and Chris;
>
> I understand that Tomcat 6 has valve and Chris, means of context, I have
> the feeling that this context.xml may be relevant but i have seen in some
> links, conf/server.xml is the place to manipulate.
>
> And the thing is that i didn't see any selective setting to filter the IP
> for particular page group, namely, in my administrator path. This is the
> example that i found out.  className="org.apache.catalina.valves.RemoteAddrValve"
> allow="133.133.133.133|127.d+.d+.d+|::1|0:0:0:0:0:0:0:1" />
>
> Regards.
>
> P.S. tomcat mailing list is blocking this mail (treats as spam, why would
> it be?)
>
> 2014-09-24 18:16 GMT+02:00 André Warnier  >:
>
>> Baran Topal wrote:
>>
>>> Hi;
>>>
>>> Recently joined, first mail
>>>
>>> I have the following filtering which works fine on Tomcat 7 but not on
>>> Tomcat 6... It gives just 404.
>>>
>>>  Remote Address Filter
>>> org.apache.catalina.filters.RemoteAddrFilter>> class>
>>>  allow
>>> 127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1
>>>Remote Address
>>> Filter /administrator/*
>>> 
>>>
>>> How can I apply this filter on Tomcat 6.
>>>
>>> Details of Tomcat 6
>>> Server version: Apache Tomcat/6.0.36
>>> Server built:   Oct 16 2012 09:59:09
>>> Server number:  6.0.36.0
>>> OS Name:Windows 7
>>> OS Version: 6.1
>>> Architecture:   amd64
>>> JVM Version:1.7.0_21-b11
>>> JVM Vendor: Oracle Corporation
>>>
>>> Regards.
>>>
>>>
>> Hi. I had a quick look at the on-line documentation for Tomcat 6, and I
>> don't see a remote address *filter* there.  Tomcat 7 has it, but Tomcat 6
>> does not seem to have it.
>> Tomcat 6 has a Valve for that.
>>
>> https://tomcat.apache.org/tomcat-6.0-doc/config/filter.html
>> https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> 
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>>
>>
>

Re: Response mixed between users with mod_jk-1.2.40

2014-09-24 Thread Philippe Mouawad 
Hello,
Any feedback on this ?
Thanks

On Sun, Sep 7, 2014 at 11:49 PM, Philippe Mouawad <
philippe.moua...@gmail.com> wrote:

> Hello,
>
> I am working currently on an issue where an application is facing either
> Response mix or Session mix.
> For example:
> 1/ a user A gets the basket of customer B when going on basket detail
> (response mix)
> 2/ Cookies also get mixed up, more of session mix in this case
>
> The versions of components are the following:
>
>- Load Balancer => modjk_1.2.40 => Tomcat 5.5.23 (Yes very old)
>
>
> I have made some searches on bug database and found this issue which seems
> similar:
>
>- https://issues.apache.org/bugzilla/show_bug.cgi?id=47714
>
> But the issue is in state WORKSFORME so it is not a bug AFAIU.
>
> Also issue seems to be related to a bug fix that occured in mod_jk 1.2.27 :
> "AJP13: [CVE-2008-5519] Always send initial POST packet even if the client
> disconnected after sending request but before providing POST data. In that
> case or in case the client broke the connection in a middle of read send an
> zero size packet informing container about broken client connection.
> (mturk) "
>
> What makes me say this is that there is a JBoss solution document that
> says this:
> https://access.redhat.com/solutions/19239
>
> There is a known bug in mod_jk versions 1.2.26 and below that can cause
> session crosstalk
>
> "AJP13: [CVE-2008-5519] Always send initial POST packet even if the client
> disconnected after sending request but before providing POST data. In that
> case or in case the client broke the connection in a middle of read send an
> zero size packet informing container about broken client connection.
> (mturk) "
>
> So with version 1.2.40 no issue should remain Afaik.
>
> So I have 3 questions:
>
> 1) Does the fix in mod_jk require an upgrade to a particular tomcat
> version ?
>
> 2) The issue was related to a security problem, but how response mix did
> occur ?
>
> 3) The Bug 47714 close as Worksforme is not clear for me. Is it possible
> that non optimal config can lead to this issue, for example:
>
> - Not setting recovery_options ? what would be the technical explanation ?
>
> Request would be retried but how mix would occur ?
> I am besides this investigating load balancer and application issues.
>
> Thanks for help
> Regards
> Philippe M.
>
>
> --
> Cordialement.
> Philippe Mouawad.
>
>
>
>


-- 
Cordialement.
Philippe Mouawad.

Help for configuration in App Manager in apache-tomcat-7.0.29

2014-09-24 Thread Rosario Marin 
Hi I´m using the next version : apache-tomcat-7.0.29, and I have two web 
services in the same server, but in different port of deploy,

The question is that one of my ports in the App Manager to 'replegar' the 
button is disabled. In that part of the settings I can fix this?

Or what address I need to send  e-mail, for help?

Help and thanks!


Rosario Marín | Consultor | Stratus Technologies México, S.A. de C.V  | Tel.: 
+52(55)80-00-41-00 ext. 4242
Stratus: For an Always-On World |  
rosario.ma...@stratus.com.mx | 
www.stratus.mx

Stratus Technologies México, S.A. de C.V. con domicilio en Vito Alessio Robles 
No. 39-201 Col. Chimalistac, México 01050, D.F. es responsable de sus datos 
personales, los cuales serán tratados a efecto de dar contestación a las 
comunicaciones generadas por esta vía y para prestarle los servicios que se nos 
encomienden. Nuestro aviso de privacidad puede ser consultado en el sitio web 
www.stratusmexico.com

La presente comunicación ha sido dirigida únicamente para el destinatario y 
constituye información confidencial de nuestra empresa para todos los efectos 
de la ley. Si usted no es el destinatario, le pedimos destruya esta información 
y agradeceremos nos lo haga saber respondiendo a esta misma dirección. El 
contenido de este correo no implica ninguna obligación contractual para Stratus 
Technologies México, S.A. de C.V. ni relación formal alguna con el destinatario 
del mismo.

Re: Debugging Tomcat JDBC pool disconnects.

2014-09-24 Thread Filip Hanik 
If you implement a JdbcInterceptor, the method JdbcInterceptor.disconnected
will always be called.
If the disconnect is permanent, then JdbcInterceptor.reset(null,null) will
be called after disconnected

On Tue, Sep 23, 2014 at 9:41 AM, Todd Chapman  wrote:

> Hi,
>
> My application uses the Tomcat JDBC pool. While using netstat and tcpdump
> to diagnose connection problems I noticed that the client side occasionally
> closes a DB connection and opens a new one. That is unexpected based on my
> configuration.
>
> poolProperties.setInitialSize(10);
> poolProperties.setMinIdle(10);
> poolProperties.setMaxActive(100);
> poolProperties.setMaxIdle(100);
> poolProperties.setMaxWait(1);
> poolProperties.setTimeBetweenEvictionRunsMillis(3);
> poolProperties.setMinEvictableIdleTimeMillis(3);
> poolProperties.setTestWhileIdle(false);
> poolProperties.setTestOnBorrow(true);
> poolProperties.setValidationQuery("SELECT 1 AS data");
> poolProperties.setValidationInterval(3);
> poolProperties.setLogValidationErrors(true);
> poolProperties.setTestOnReturn(false);
> poolProperties. maxAge(0);
>
> I would expect the pool size to never shrink based on this configuration.
> Well maybe if borrow test fails but no validation errors are being logged.
>
> How can I figure out where close() is being called on the physical DB
> connection? I tried writing a JdbcInterceptor but it's disconnected()
> method gets called on the PooledConnection, not the physical connection.
>
> Does Tomcat JDBC Pool implement javax.sql.ConnectionEventListener
> interface?
>
> Thanks you for any help,
>
> -Todd
>

Could not load com.sun.org.apache.xerces.internal.impl - exception happends randomly (not all the time)

2014-09-24 Thread Cheng-Jun Li 

Hello, 

A) Version info of my system:

Server version: Apache Tomcat/7.0.53
Server built:   May 1 2014 10:53:10
Server number:  7.0.53.0
OS Name:Linux
OS Version: 3.0.58-0.6.2.1.5158.0.PTF-default
Architecture:   amd64
JVM Version:1.6.0_75-b31

Deployed app server: provisioningagent-web

da-00:/opt/tomcat/webapps # ls -trl
total 36480
-rwxr-x--- 1 mmas mmas 10444010 Jul  7 16:53 enumprovisioning-web.war
-rwxr-x--- 1 mmas mmas 26827266 Jul  7 17:03 provisioningagent-web.war
drwxr-xr-x 7 mmas mmas  480 Sep 24 09:53 enumprovisioning-web
drwxr-xr-x 9 mmas mmas  980 Sep 24 09:53 provisioningagent-web
da-00:/opt/tomcat/webapps #


B) Issue:

Below exception happens randomly (it does not happen all the time, but often):

Jul 10, 2014 6:15:19 AM org.apache.catalina.loader.WebappClassLoader loadClass 
INFO: Illegal access: this web application instance has been stopped already. 
Could not load com.sun.org.apache.xerces.internal.impl 
.dv.dtd.DTDDVFactoryImpl. The eventual following stack trace is caused by an 
error thrown for debugging purposes as well as to attempt to terminate the 
thread which caused the illegal access, and has no functional impact. 
java.lang.IllegalStateException at 
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1600)
 at 
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
 at 
com.sun.org.apache.xerces.internal.utils.ObjectFactory.findProviderClass(ObjectFactory.java:358)
 at 
com.sun.org.apache.xerces.internal.utils.ObjectFactory.newInstance(ObjectFactory.java:303)
 at 
com.sun.org.apache.xerces.internal.utils.ObjectFactory.newInstance(ObjectFactory.java:289)
 at 
com.sun.org.apache.xerces.internal.impl.dv.DTDDVFactory.getInstance(DTDDVFactory.java:60)
 at 
com.sun.org.apache.xerces.internal.impl.dv.DTDDVFactory.getInstance(DTDDVFactory.java:45)
 at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.(XML11Configuration.java:538)
 at 
com.sun.org.apache.xerces.internal.parsers.XIncludeAwareParserConfiguration.(XIncludeAwareParserConfiguration.java:125)
 at 
com.sun.org.apache.xerces.internal.parsers.XIncludeAwareParserConfiguration.(XIncludeAwareParserConfiguration.java:86)
 at 
com.sun.org.apache.xerces.internal.parsers.DOMParser.(DOMParser.java:133) 
at 
com.sun.org.apache.xerces.internal.parsers.DOMParser.(DOMParser.java:117) 
at 
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.(DocumentBuilderImpl.java:115)
 at 
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl.newDocumentBuilder(DocumentBuilderFactoryImpl.java:72)
 at 
com.ericsson.messaging.oe.impl.bpmanagement.bpfaultmgt.ActiveAlarmList.update(ActiveAlarmList.java:597)
 at 
com.ericsson.messaging.oe.impl.bpmanagement.bpfaultmgt.ActiveAlarmList.read(ActiveAlarmList.java:823)
 at com.ericsson.messaging.oe.impl.bpmanagement.bpfaultmgt.SAFaultDispatc 
her$ActiveAlarmListVerificationTask.run(SAFaultDispatcher.java:223) at 
java.util.TimerThread.mainLoop(Timer.java:512) at 
java.util.TimerThread.run(Timer.java:462)

We have done a lot of searches on the internet and found that many others have 
similar issue but we couldn't find a post which explains the root cause and how 
to prevent it to happen. Example:
http://www.devconnectprogram.com/forums/posts/list/1641.page
http://apache-xml-project.6118.n7.nabble.com/Could-not-load-DTDDVFactoryImpl-xerces-jar-td1020.html

The most strange part is that it does not happen all the time, but sometimes 
(often though).

We did verify the jar file (/opt/java/jre/lib/rt.jar) which contains 
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl. It is 
always there, and the class can be correctly loaded when this does not happen.

C) More info 

Here are the relevant code:

import javax.xml.parsers.DocumentBuilderFactory;
private static DocumentBuilderFactory factory;
factory = DocumentBuilderFactory.newInstance(); 
try {
DocumentBuilder docBuilder = factory.newDocumentBuilder();
} catch (Exception e) {}

We stumbled into this page 
http://www.databasesandlife.com/java-always-explicitly-specify-which-xml-parser-to-use/
 
The conclusion of the page is that:
Never do the following:
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
Because the new instance you get may not be what you want due to the system 
properties might have been changed by other apps deployed in the same container.
Yes this is exactly what our code ActiveAlarmList.java was doing!

So we thought that this might be the problem as we do "DocumentBuilderFactory 
dbf = DocumentBuilderFactory.newInstance();" in our code. 
However further investigation reveals that it's not that simple. 

We printed out the actual classes our code wants to load (under the condition 
when all is working fine - the exception not occruing), they are:
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl
com.sun.org.apache.xerces.internal.jaxp.

Re: ipfiltering in Tomcat 6 fails, works fine on Tomcat 7

2014-09-24 Thread Baran Topal 
Hi Andre and Chris;

I understand that Tomcat 6 has valve and Chris, means of context, I have
the feeling that this context.xml may be relevant but i have seen in some
links, conf/server.xml is the place to manipulate.

And the thing is that i didn't see any selective setting to filter the IP
for particular page group, namely, in my administrator path. This is the
example that i found out. 

Regards.

P.S. tomcat mailing list is blocking this mail (treats as spam, why would
it be?)

2014-09-24 18:16 GMT+02:00 André Warnier :

> Baran Topal wrote:
>
>> Hi;
>>
>> Recently joined, first mail
>>
>> I have the following filtering which works fine on Tomcat 7 but not on
>> Tomcat 6... It gives just 404.
>>
>>  Remote Address Filter
>> org.apache.catalina.filters.RemoteAddrFilter
>>  allow
>> 127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1
>>Remote Address
>> Filter /administrator/*
>> 
>>
>> How can I apply this filter on Tomcat 6.
>>
>> Details of Tomcat 6
>> Server version: Apache Tomcat/6.0.36
>> Server built:   Oct 16 2012 09:59:09
>> Server number:  6.0.36.0
>> OS Name:Windows 7
>> OS Version: 6.1
>> Architecture:   amd64
>> JVM Version:1.7.0_21-b11
>> JVM Vendor: Oracle Corporation
>>
>> Regards.
>>
>>
> Hi. I had a quick look at the on-line documentation for Tomcat 6, and I
> don't see a remote address *filter* there.  Tomcat 7 has it, but Tomcat 6
> does not seem to have it.
> Tomcat 6 has a Valve for that.
>
> https://tomcat.apache.org/tomcat-6.0-doc/config/filter.html
> https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: ipfiltering in Tomcat 6 fails, works fine on Tomcat 7

2014-09-24 Thread André Warnier 

Baran Topal wrote:

Hi;

Recently joined, first mail

I have the following filtering which works fine on Tomcat 7 but not on
Tomcat 6... It gives just 404.

 Remote Address Filter
org.apache.catalina.filters.RemoteAddrFilter
 allow
127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1
   Remote Address
Filter /administrator/*


How can I apply this filter on Tomcat 6.

Details of Tomcat 6
Server version: Apache Tomcat/6.0.36
Server built:   Oct 16 2012 09:59:09
Server number:  6.0.36.0
OS Name:Windows 7
OS Version: 6.1
Architecture:   amd64
JVM Version:1.7.0_21-b11
JVM Vendor: Oracle Corporation

Regards.



Hi. I had a quick look at the on-line documentation for Tomcat 6, and I don't see a remote 
address *filter* there.  Tomcat 7 has it, but Tomcat 6 does not seem to have it.

Tomcat 6 has a Valve for that.

https://tomcat.apache.org/tomcat-6.0-doc/config/filter.html
https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ipfiltering in Tomcat 6 fails, works fine on Tomcat 7

2014-09-24 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Baran,

On 9/24/14 11:36 AM, Baran Topal wrote:
> Recently joined, first mail

Welcome to the community.

> I have the following filtering which works fine on Tomcat 7 but not
> on Tomcat 6... It gives just 404.
> 
>  Remote Address Filter 
> org.apache.catalina.filters.RemoteAddrFilter
>
> 
 allow
> 127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1 
>Remote
> Address Filter
> /administrator/* 
> 
> How can I apply this filter on Tomcat 6.
> 
> Details of Tomcat 6 Server version: Apache Tomcat/6.0.36 Server
> built:   Oct 16 2012 09:59:09 Server number:  6.0.36.0 OS Name:
> Windows 7 OS Version: 6.1 Architecture:   amd64 JVM Version:
> 1.7.0_21-b11 JVM Vendor: Oracle Corporation

Tomcat 6 does not have the RemoteAddrFilter at all, so your web
application is probably not deploying at all. Check your log files and
you'll see that Something Bad is happening long before your request
comes in.

Tomcat 6 has a RemoteAddrValve, but that needs to be configured in
your  configuration instead of in web.xml.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUIucCAAoJEBzwKT+lPKRYxJYP/36reqmjk6R9LsGOxdRjPmZ8
bClC9aQDDvCyLq/foEu+PWDAiwK9BMkruC8pXbXPFomDQ6YBtV93zAUtdkOrdIyE
ojIrnog0kozmqGa9jMABRzK7+451jSf1TluL3b3p9u0KzEqudS6n49oz20N6hEdu
NyntHtwiTbOOEsvjV9cFy1A1es2ddyXV5VJWdTUhggPtE8i1GKVNtd7DbLQBmyiv
d+WRQ777ip1QLA5dOVMMepLEp1S4xwzcywhITBkddaneZfbDZn6o9Bv3Pl1fZzx4
83YIactG3AOtDeuYxTNniaCPzTuzNcoVsq3g/6Nqmp+BXn5wfuRWEqn70OEkkr87
MBDX0p412xomLrBH4xLg6wrd2DyXNpvPBEA/ldRyMjXAN88E8u24CzNy0ryxtQwb
cbXtiDjFXpCHJeHAL78W5va16sOLR/g+p25pVhPOjU6FsMkdIYSYPoDHiD8bSpk9
Ko7b23Cc5y7dzhlKlpojfa6rn2n9eO4vc+puqfZctImDKjMM1c2H8f+TXldnYqU7
zmpZv8at92AVwh/3g5UIbUMm4RpiQSJE/mxtqeQ9tFXZ5it2xQx98P0m9skovQrH
pe+TJB+KoMKiNr8SWD6TOFe8XKKVG6Dngp8sbCYs0yZhSYIE4Mlv3RTIWauQ1lGo
1k9oxXynaHtHJmhUOmKP
=sAnk
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

ipfiltering in Tomcat 6 fails, works fine on Tomcat 7

2014-09-24 Thread Baran Topal 
Hi;

Recently joined, first mail

I have the following filtering which works fine on Tomcat 7 but not on
Tomcat 6... It gives just 404.

 Remote Address Filter
org.apache.catalina.filters.RemoteAddrFilter
 allow
127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1
   Remote Address
Filter /administrator/*


How can I apply this filter on Tomcat 6.

Details of Tomcat 6
Server version: Apache Tomcat/6.0.36
Server built:   Oct 16 2012 09:59:09
Server number:  6.0.36.0
OS Name:Windows 7
OS Version: 6.1
Architecture:   amd64
JVM Version:1.7.0_21-b11
JVM Vendor: Oracle Corporation

Regards.

Re: Lots of configuration descriptors

2014-09-24 Thread Mark Thomas 
On 24/09/2014 14:53, Léa Massiot wrote:
> Ok. Sorry. Very good, I didn't know... I'm just a simple Tomcat user. I
> didn't mind to be rude.

No offence taken here.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Lots of configuration descriptors

2014-09-24 Thread Mark Thomas 
On 24/09/2014 14:58, David kerber wrote:
> On 9/24/2014 9:47 AM, Léa Massiot wrote:
>> Hello Mark,
>>
>> Thank you for your answer and for the info about the binary search.
>> This was the kind of info I was looking for.
>> Yet, I guess one has to view the source code to get that kind of
>> information... it's probably what you did...
> 
> Actually, he is the one person who might not need to look at the code;
> there's a fair chance that he wrote it in the first place.

:)

I did look at the code, but only to check that my memory of how it works
was correct.

For the record (see the svn history for the detail) it wasn't me that
wrote that part of the Mapper. It was originally written by Remy around
Tomcat 4.1.x and the basic algorithm hasn't changed since then.

I should add that most of the committers have tweaked the Mapper over
the years with Konstantin doing the most recent, significant changes to
address some threading issues.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Lots of configuration descriptors

2014-09-24 Thread Léa Massiot 
Ok. Sorry. Very good, I didn't know... I'm just a simple Tomcat user. I
didn't mind to be rude.



--
View this message in context: 
http://tomcat.10.x6.nabble.com/Lots-of-configuration-descriptors-tp5022940p5022954.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Lots of configuration descriptors

2014-09-24 Thread David kerber 

On 9/24/2014 9:47 AM, Léa Massiot wrote:

Hello Mark,

Thank you for your answer and for the info about the binary search.
This was the kind of info I was looking for.
Yet, I guess one has to view the source code to get that kind of
information... it's probably what you did...


Actually, he is the one person who might not need to look at the code; 
there's a fair chance that he wrote it in the first place.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Lots of configuration descriptors

2014-09-24 Thread Léa Massiot 
Hello Mark,

Thank you for your answer and for the info about the binary search.
This was the kind of info I was looking for.
Yet, I guess one has to view the source code to get that kind of
information... it's probably what you did...

Best regards.



--
View this message in context: 
http://tomcat.10.x6.nabble.com/Lots-of-configuration-descriptors-tp5022940p5022952.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Debugging Tomcat JDBC pool disconnects.

2014-09-24 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Todd,

On 9/23/14 11:41 AM, Todd Chapman wrote:
> My application uses the Tomcat JDBC pool. While using netstat and
> tcpdump to diagnose connection problems I noticed that the client
> side occasionally closes a DB connection and opens a new one. That
> is unexpected based on my configuration.
> 
> poolProperties.setInitialSize(10); poolProperties.setMinIdle(10); 
> poolProperties.setMaxActive(100); poolProperties.setMaxIdle(100); 
> poolProperties.setMaxWait(1);

Okay.

> poolProperties.setTimeBetweenEvictionRunsMillis(3); 
> poolProperties.setMinEvictableIdleTimeMillis(3); 
> poolProperties.setTestWhileIdle(false);

These 3 settings together don't make any sense: if you have disabled
idle-checking, then setting the schedule for idle-checking isn't
getting you anything.

> poolProperties.setTestOnBorrow(true); 
> poolProperties.setValidationQuery("SELECT 1 AS data"); 
> poolProperties.setValidationInterval(3);

The validation interval is specified in milliseconds. Are you sure you
want a value so low?

> poolProperties.setLogValidationErrors(true); 
> poolProperties.setTestOnReturn(false); poolProperties. maxAge(0);

Note that maxAge=0 is the default.

> I would expect the pool size to never shrink based on this
> configuration. Well maybe if borrow test fails but no validation
> errors are being logged.
> 
> How can I figure out where close() is being called on the physical
> DB connection? I tried writing a JdbcInterceptor but it's
> disconnected() method gets called on the PooledConnection, not the
> physical connection.
> 
> Does Tomcat JDBC Pool implement javax.sql.ConnectionEventListener
> interface?

Could this be the typical firewall-timeout where a network component
is dropping the connection in the middle, rather than one or the other
end of the connection dropping it?

What about the database itself? Are there any connection timeouts over
there?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUIsjfAAoJEBzwKT+lPKRYBsYP/irwy6tz9Xrf4sM9zGCWc/AS
aLVyRua/ZhPy+wLyi/LRXjCXHdEekANIqdrKV9jXOPyyIvnB4kwKo3nubPtzNgA3
GeHeJktLjoz0OMrUI1TPUEU8wab2VNqXBmxF+5yOTExDKSUSfUee4xj/0EVgJ2Jw
+0YvldtF5RCcTtNNSR38+lUreTTkmaMDGCvhfFY6xXwtU3f7jLUhj9RbFMEwjgDs
W9VOHF9YKoleiPrzXVxHzPvvJB7k1aSoGreDOorauDnXHK6s5/9BhX7HxLUFZ1U7
/xdJR8Ul8XjaxNV7zfW1BErUCvjD2V27ASNPNHSnMGrJbElBW8tR23LeH+9Au0fI
w2/G7MsOp4GpU6t/8I0uyLoiEz85USyRJdVn/PuDTrV3X4aKXt3nnT3wUSQelkyq
zW+MASMflDPoxEjXPkvb9WO6a8ZaFFQQlHauqIkT1GUEpM0ii1cY7IJPJYSAyvg/
eMYUFTn17Ml1GCQeLvUWbcbbvisfUJC0SZ7l+5zlUD5FsU/B71gmqgIjVLN+qW6C
CfV7rBUgKBzgb8LfU2GE4e7PxFUj+161pv/Vyaf8UoYvhhzdXCtg76qndRgbwugK
gW2j5FApz934BiHNJKzVKfHI5nJPOpL44N2fQAG+KyT1Ojc8pr0E+8FB67g1eTYE
IvLlYB4adCxQcIy9wqxN
=9crk
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Lots of configuration descriptors

2014-09-24 Thread Mark Thomas 
On 24/09/2014 11:24, Léa Massiot wrote:
> Hello and thank you for reading my post.
> 
> My question is about configuration descriptors and how Tomcat deals with a
> lot of them.
> 
> I have been thinking about a solution for a problem I have to solve.
> This solution would involve the creation of possibly a lot of configuration
> descriptors.
> 
> -- About "configuration descriptors" (just to make sure we are talking about
> the same thing) --
> (In my case) the configuration descriptors are XML files which contain only
> one XML "context" element.
> They are very simple.
> 
> For example:
> Name --- webapp#confdescr1.xml
> Contents --- 
> Location --- "webapp#confdescr1.xml" is put in
> "/etc/tomcat6/Catalina/localhost/"
> 
> Then, suppose that there is a file "my_file.txt" in the directory
> "/somewhere/on/the/filesystem/", 
> Tomcat can serve it via the URL "http:
> //localhost/webapp/confdescr1/my_file.txt".
> 
> -- My questions are: --
> Is Tomcat going "to behave nicely" (that is to say answer quick enough) if
> it has hundreds (even thousands) of configuration descriptors to deal with?

Yes.

> If a user wants to download the file "http:
> //localhost/webapp/confdescr1/my_file.txt", is it going to have to wait a
> long time while Tomcat is looking for the configuration descriptor
> "webapp#confdescr1.xml" to be able to serve the file "my_file.txt" stored in
> "/somewhere/on/the/filesystem/"?

No.

> Does Tomcat implement a mechanism to find a configuration descriptor
> quickly, like an index?

The descriptors are parsed at Context start so the issue isn't how
quickly Tomcat can find the descriptor file but how quickly Tomcat can
map the request to the right Context.

For the full details look in org.apache.catalina.mapper

The short version is that Tomcat performs a binary search through an
order list of context paths to find a match so, yes, it will be quick.

Mark

> I hope my question is clear enough. Best regards.
> 
> 
> 
> --
> View this message in context: 
> http://tomcat.10.x6.nabble.com/Lots-of-configuration-descriptors-tp5022940.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Lots of configuration descriptors

2014-09-24 Thread Léa Massiot 
Hello and thank you for reading my post.

My question is about configuration descriptors and how Tomcat deals with a
lot of them.

I have been thinking about a solution for a problem I have to solve.
This solution would involve the creation of possibly a lot of configuration
descriptors.

-- About "configuration descriptors" (just to make sure we are talking about
the same thing) --
(In my case) the configuration descriptors are XML files which contain only
one XML "context" element.
They are very simple.

For example:
Name --- webapp#confdescr1.xml
Contents --- 
Location --- "webapp#confdescr1.xml" is put in
"/etc/tomcat6/Catalina/localhost/"

Then, suppose that there is a file "my_file.txt" in the directory
"/somewhere/on/the/filesystem/", 
Tomcat can serve it via the URL "http:
//localhost/webapp/confdescr1/my_file.txt".

-- My questions are: --
Is Tomcat going "to behave nicely" (that is to say answer quick enough) if
it has hundreds (even thousands) of configuration descriptors to deal with?
If a user wants to download the file "http:
//localhost/webapp/confdescr1/my_file.txt", is it going to have to wait a
long time while Tomcat is looking for the configuration descriptor
"webapp#confdescr1.xml" to be able to serve the file "my_file.txt" stored in
"/somewhere/on/the/filesystem/"?
Does Tomcat implement a mechanism to find a configuration descriptor
quickly, like an index?

I hope my question is clear enough. Best regards.



--
View this message in context: 
http://tomcat.10.x6.nabble.com/Lots-of-configuration-descriptors-tp5022940.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org