Re: Tomcat JVM Crash
Chad, On 10.10.2014 18:12, Chad Maniccia wrote: I have reported my findings to Oracle. They need to fix the bug, but for us the best solution was just to move away from JSSE and switch to APR OpenSSL which is the recommend solution to begin with. Thank you for reporting that back to us. Could you also send bug ID, so other interested Tomcat users may keep track of the problem? -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 SSL issue
Baran, On 10.10.2014 21:06, Baran Topal wrote: Then I received 2 files from the certificate authority, abc.com.cer and abc.om.p7b What certificates do those files contain? Connector port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true clientAuth=false sslProtocol=TLS keyAlias=server keystoreFile=/path/to/JKSfile/your_site_name.jks keystorePass=your_keystore_password / Attribute maxSpareThreads is not listed in docs: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html You could also add protocol attribute to force JSSE connector (BIO or NIO), to prevent connector auto-selection. To clean the things up, I want to delete my keystore but is it fine if I generate the key with another alias, e.g. tomcat as in the tomcat documentation? Private key necessary for encryption is in your keystore. If you delete your private key, and generate new key pair in new keystore your signed certificate becomes worthless. You will need to ask your CA (and, possibly, pay) for another certificate. If you just want to rename key in keystore, use keytool -changealias. 2) I have the files, cer and crt (p7b), so is fine or should I need stg extra? You would need complete certificate chain in order to set up HTTPS. You need to check do you have a complete chain in cer file or not. 3) Is the order of import important?`first crt then cer? If you have the complete chain in cer file, then you will just import the cer file. 4) What are the correct import commands? Should I trust tomcat documentation or authorities documentation? In what parts the two are different? You should use keytool -importcert command. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Custom Realm
On Sun, Oct 12, 2014 at 8:26 AM, Service Symphony mee...@servicesymphony.com wrote: I have got it working, since the server is not started yet, none of the underlying infrastructure is available in the realm class constructor. Sent from my iPhone On 11 Oct 2014, at 22:37, Meeraj Kunnumpurath mee...@servicesymphony.com wrote: Hi, I have some specific requirements for security and I have been trying to right a custom realm, that reads information from the database. 1. I have added a datasource in the global naming resources section in the server.xml 2. I have packaged the realm class in a JAR file and copied it the server lib 3. I have included a context.xml in the WAR META-INF, that declares the realm from (2) In the constructor of the realm class, I try to look up the datasource, 1. If I use new InitialContext().lookup, I get a name not found exception. 2. If I try to get the global naming context, by calling getServer from RealBase, getServer returns a null reference. This is the entry in server.xml Resource name=MyDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver factory=org.apache.tomcat.jdbc.pool.DataSourceFactory url=jdbc:oracle:thin:@10.211.55.7:1521:xe username=meeraj password=password maxTotal=20 maxIdle=10 maxWaitMillis=-1 accessToUnderlyingConnectionAllowed=true/ This is the entry in the context.xml Realm className=com.ss.security.provider.DatabaseRealm digest=SHA1/ This is the constructor of the Realm class public DatabaseRealm() throws NamingException { Context context = null; try { context = new InitialContext(); template = new SimpleJdbcTemplate((DataSource) context.lookup(MyDS)); } finally { if (context != null) context.close(); } } Any pointers will be highly appreciated. Many thanks -- Meeraj Kunnumpurath Director and Executive Principal Service Symphony Ltd 00 44 7702 693597 mee...@servicesymphony.com For what it's worth, DataSourceRealm sounds very similar to this. Might serve as a good example. http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?view=markup Dan
Re: Tomcat Connection Pool Problems with XtraBackup
On Sun, Oct 12, 2014 at 5:56 AM, Stefan Mayr ste...@mayr-stefan.de wrote: Hi John, Am 11.10.2014 23:30, schrieb John Smith: I'm trying to workout a managed backup scheme on a MySQL production database with XtraBackup. According to our DBA, XtraBackup doesn't lock the database, but issues a series of SHOW TABLE STATUS commands and then works on the file system level. Still, just as XtraBackup runs my logs start to blow up with connection pool errors: Error getting database connection:[http-nio-8080-exec-5] Timeout: Pool empty. Unable to fetch a connection in 10 seconds, none available[size:100; busy:100; idle:0; lastwait:1]. There's some suggestion that turning off 'innodb-stats-on-metadata' might help so we're trying that. ... Anything else seem like it could be tweaked in relation to XtraBackup? TIA, John XtraBackup can operate without locks if your database contains only InnoDB tables. For other storage engines like MyISAM it still uses locks. A problem we seen is high IO load during XtraBackup. Your DBA could check iostats while backup is in progress. If this makes your database server unresponsive he could try to throttle the backup: http://www.percona.com/doc/percona-xtrabackup/2.2/ innobackupex/throttling_ibk.html -Stefan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Stefan, Thanks, that seems to be the problem. We have all InnoDB, and the backup runs without locks, but the it runs under fairly heavy IO load. It seems like turning 'innodb-stats-on-metadata' to OFF lessened the strain that the SHOW STATUS queries from XtraBackup caused. Bumping up maxActive allowed the pool to handle the slowdown of application queries during the backup. This has worked so far but if it repeats I'll look into the throttling. That was my first sense, that it wasn't locking, just pushing too hard on the DB. Very helpful. Thanks. -John
Re: Windows Tomcat install folder
I don't know about the recommended way, but personally I hate the SPACE in Program Files, so I definitely prefer the 2nd option. Same, I don't even bother with the second level directory. I just install to c:\apache-tomcat...
Accessing Connector from within Servlet
Hi, I am new to the tomcat user group but have been using tomcat for some years. My situation is odd -- the customer wants the product to remove an external JAR which requires me to make the SSL mutual connection manually, and then post the Soap message. So far I have been successful in doing that. However, this overall solution is installed on different computer locations, I need to allow this to work flexibly. Right now, I have hard coded the path to the TrustStore and KeyStore so that my code can access those and use the password which I know, so that my HttpClient side code to build the correct SSL connection to the external SSL server. (This is a mutual peer authenticated SSL connection). From the ServletContext or when the java servlet starts (where my httpclient component runs witihin), I need to get access to the tomcat connector, and determine the attributes of it. I guess one brute force method is to get the environment variable for catalina.home or catalina.base and then scan for the conf/server.xml and parse that But I figure there must be a cleaner and better way. I also scanned the objects that are acessible from the Response, Request, or ServletContext. None of them seem to point to the Connector in a way that I can inspect it, or get current properties of it. For example, within the org.apache.catalina.connector.ResponseFacade, I noticed that its embedded object of HttpResponse is protected but it has the Connector. Seems like I need to hack that to get that Connector info. There must be a better way. -- Sean
Re: JAX-WS Web Services
On Sun, Oct 12, 2014 at 9:16 AM, Meeraj Kunnumpurath mee...@servicesymphony.com wrote: Hi, I am porting an application from Weblogic 12 to Tomcat 8. The application has a set of web services that implement javax.xml.ws.ProviderSOAPMessage exposed by declaring them as servlets in web.xml. However, it doesn't seem to be working in Tomcat, when access the WSDL URL, I get a 404. Regards -- *Meeraj Kunnumpurath* I posted something similar to this a few months back, maybe this link will help? https://www.mail-archive.com/users%40tomcat.apache.org/msg113562.html I can't really answer your question directly because I can't help you troubleshoot a 404 without more info. leo
Tomcat7 and Tomcat8 bug or configuration problem
Dear Sir, I only replaced in the web.xml file of webapps examples !-- Define the context-relative URL(s) to be protected -- url-pattern/jsp/security/protected/*/url-pattern by !-- Define the context-relative URL(s) to be protected -- url-pattern/jsp/plugin/*/url-pattern then in my browser i typed : localhost:8080/examples/jsp/plugin/plugin.jsp After authentication i did not get the clock as usual with tomcat 6. Do the test please. Thank you for your answer. Best regards Charles Kaeppelin PS This pb is idem with vista and windows8.1, my java run time is java 7, Tomcat runs stand alone (without apache)
Re: Tomcat7 and Tomcat8 bug or configuration problem
On 13/10/2014 22:52, C. Kaeppelin wrote: Dear Sir, I only replaced in the web.xml file of webapps examples !-- Define the context-relative URL(s) to be protected -- url-pattern/jsp/security/protected/*/url-pattern by !-- Define the context-relative URL(s) to be protected -- url-pattern/jsp/plugin/*/url-pattern then in my browser i typed : localhost:8080/examples/jsp/plugin/plugin.jsp After authentication i did not get the clock as usual with tomcat 6. Do the test please. Thank you for your answer. There is no Tomcat bug here. Everything is working exactly as intended. Google for Java applet httpOnly Mark Best regards Charles Kaeppelin PS This pb is idem with vista and windows8.1, my java run time is java 7, Tomcat runs stand alone (without apache) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat windows authentication domain login issue
I need some idea on what's wrong with my tomcat configuration for windows authentication. I followed the tomcat windows authentication tutorial and uses the manager web application comes with tomcat to do a poc. In my web.xml I change and also changes the auth-constraint to the following . This is my krb5.ini This is my jaas.conf The weird thing is regardless of what username and password I put in when I accessed the tomcat manager web-app the debug message shown is the same. I added this in my server.xml When I tried login, it doesn't seem to recognize the valid credential. The app keeps on asking me to enter a valid credential. What do I need to change to make it work? -- View this message in context: http://tomcat.10.x6.nabble.com/Tomcat-windows-authentication-domain-login-issue-tp5023801.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
javax.naming.NamingException: Resource DTMManager not found on Tomcat 6.0
Hi, Environment: Redhat Linux Tomcat: Version 6.0 I'm getting exception like javax.naming.NamingException: Resource /WEB-INF/classes/META-INF/services/com.sun.org.apache.xml.internal.dtm.DTMManager not found javax.naming.NamingException: Resource /WEB-INF/classes/net/sourceforge/jtds/jdbc/Driver.class not found in lookup method of org.apache.naming.resources.ProxyDirContext. In my application this isn't causing a logic issue, but this bug is manifesting as a notable performance problem. Every time a bad path is passed into the ProxyDirContext it's actually causing quite a lot of NamingExceptions to be thrown as it tries alternative paths (see BaseDirContext.lookup). All of these exceptions are swallowed but what I'm seeing is that this is happening many times over the course of a request as my application is looking up different resources, and the time it takes to build all of these swallowed NamingExceptions has become significant. The path where the tomcat tries to search the resource doesn't exists. I tried searching the configuration files in conf folder of Tomcat but nowhere this type of path is mentioned. Any help/pointer on how tomcat figures out resource path will be of great help. Thanks, Rajeev. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org