Re: Tomcat JVM Crash

2014-10-13 Thread Ognjen Blagojevic 

Chad,

On 10.10.2014 18:12, Chad Maniccia wrote:

I have reported my findings to Oracle. They need to fix the bug, but for us the 
best solution was just to move away from JSSE and switch to APR OpenSSL which 
is the recommend solution to begin with.


Thank you for reporting that back to us.

Could you also send bug ID, so other interested Tomcat users may keep 
track of the problem?


-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 SSL issue

2014-10-13 Thread Ognjen Blagojevic 

Baran,

On 10.10.2014 21:06, Baran Topal wrote:

Then I received 2 files from the certificate authority, abc.com.cer
and abc.om.p7b


What certificates do those files contain?



Connector port=443
maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25
maxSpareThreads=75 enableLookups=false
disableUploadTimeout=true acceptCount=100
scheme=https secure=true SSLEnabled=true
clientAuth=false sslProtocol=TLS
keyAlias=server keystoreFile=/path/to/JKSfile/your_site_name.jks
keystorePass=your_keystore_password /


Attribute maxSpareThreads is not listed in docs:

  http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

You could also add protocol attribute to force JSSE connector (BIO or 
NIO), to prevent connector auto-selection.




To clean the things up, I want to delete my keystore but is it fine if
I generate the key with another alias, e.g. tomcat as in the tomcat
documentation?


Private key necessary for encryption is in your keystore. If you delete 
your private key, and generate new key pair in new keystore your signed 
certificate becomes worthless. You will need to ask your CA (and, 
possibly, pay) for another certificate.


If you just want to rename key in keystore, use keytool -changealias.



2) I have the files, cer and crt (p7b), so is fine or should I need stg extra?


You would need complete certificate chain in order to set up HTTPS. You 
need to check do you have a complete chain in cer file or not.




3) Is the order of import important?`first crt then cer?


If you have the complete chain in cer file, then you will just import 
the cer file.




4) What are the correct import commands? Should I trust tomcat
documentation or authorities documentation?


In what parts the two are different? You should use keytool -importcert 
command.


-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Custom Realm

2014-10-13 Thread Daniel Mikusa 
On Sun, Oct 12, 2014 at 8:26 AM, Service Symphony 
mee...@servicesymphony.com wrote:

 I have got it working, since the server is not started yet, none of the
 underlying infrastructure is available in the realm class constructor.

 Sent from my iPhone

  On 11 Oct 2014, at 22:37, Meeraj Kunnumpurath 
 mee...@servicesymphony.com wrote:
 
  Hi,
 
  I have some specific requirements for security and I have been trying to
 right a custom realm, that reads information from the database.
 
  1. I have added a datasource in the global naming resources section in
 the server.xml
  2. I have packaged the realm class in a JAR file and copied it the
 server lib
  3. I have included a context.xml in the WAR META-INF, that declares the
 realm from (2)
 
  In the constructor of the realm class, I try to look up the datasource,
 
  1. If I use new InitialContext().lookup, I get a name not found
 exception.
  2. If I try to get the global naming context, by calling getServer from
 RealBase, getServer returns a null reference.
 
  This is the entry in server.xml
 
 Resource name=MyDS
auth=Container
type=javax.sql.DataSource
driverClassName=oracle.jdbc.OracleDriver
factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
url=jdbc:oracle:thin:@10.211.55.7:1521:xe
username=meeraj
password=password
maxTotal=20
maxIdle=10
maxWaitMillis=-1
accessToUnderlyingConnectionAllowed=true/
 
  This is the entry in the context.xml
 
  Realm className=com.ss.security.provider.DatabaseRealm digest=SHA1/
 
  This is the constructor of the Realm class
 
  public DatabaseRealm() throws NamingException {
  Context context = null;
  try {
  context = new InitialContext();
  template = new SimpleJdbcTemplate((DataSource)
 context.lookup(MyDS));
  } finally {
  if (context != null) context.close();
  }
  }
 
  Any pointers will be highly appreciated.
 
  Many thanks
 
  --
  Meeraj Kunnumpurath
  Director and Executive Principal
  Service Symphony Ltd
  00 44 7702 693597
  mee...@servicesymphony.com


For what it's worth, DataSourceRealm sounds very similar to this.  Might
serve as a good example.


http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?view=markup

Dan

Re: Tomcat Connection Pool Problems with XtraBackup

2014-10-13 Thread John Smith 
On Sun, Oct 12, 2014 at 5:56 AM, Stefan Mayr ste...@mayr-stefan.de wrote:

 Hi John,

 Am 11.10.2014 23:30, schrieb John Smith:

 I'm trying to workout a managed backup scheme on a MySQL production
 database with XtraBackup. According to our DBA, XtraBackup doesn't lock
 the
 database, but issues a series of SHOW TABLE STATUS commands and then works
 on the file system level.

 Still, just as XtraBackup runs my logs start to blow up with connection
 pool errors:

 Error getting database connection:[http-nio-8080-exec-5] Timeout: Pool
 empty. Unable to fetch a connection in 10 seconds, none
 available[size:100;
 busy:100; idle:0; lastwait:1].

 There's some suggestion that turning off 'innodb-stats-on-metadata' might
 help so we're trying that.

 ...
 Anything else seem like it could be tweaked in relation to XtraBackup?

 TIA,
 John


 XtraBackup can operate without locks if your database contains only InnoDB
 tables. For other storage engines like MyISAM it still uses locks. A
 problem we seen is high IO load during XtraBackup. Your DBA could check
 iostats while backup is in progress. If this makes your database server
 unresponsive he could try to throttle the backup:
 http://www.percona.com/doc/percona-xtrabackup/2.2/
 innobackupex/throttling_ibk.html

 -Stefan

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


Stefan,

Thanks, that seems to be the problem. We have all InnoDB, and the backup
runs without locks, but the it runs under fairly heavy IO load. It seems
like turning 'innodb-stats-on-metadata' to OFF lessened the strain that the
SHOW STATUS queries from XtraBackup caused. Bumping up maxActive allowed
the pool to handle the slowdown of application queries during the backup.
This has worked so far but if it repeats I'll look into the throttling.
That was my first sense, that it wasn't locking, just pushing too hard on
the DB.

Very helpful. Thanks.

-John

Re: Windows Tomcat install folder

2014-10-13 Thread John Smith 


 I don't know about the recommended way, but personally I hate the
 SPACE in Program Files, so I definitely prefer the 2nd option.


Same, I don't even bother with the second level directory. I just install
to c:\apache-tomcat...

Accessing Connector from within Servlet

2014-10-13 Thread Sean K 
Hi,
I am new to the tomcat user group but have been using tomcat for some years.

My situation is odd -- the customer wants the product to remove an external
JAR which requires me to make the SSL mutual connection manually, and then
post the Soap message.

So far I have been successful in doing that.

However, this overall solution is installed on different computer
locations, I need to allow this to work flexibly.   Right now, I have hard
coded the path to the TrustStore and KeyStore so that my code can access
those and use the password which I know, so that my HttpClient side code to
build the correct SSL connection to the external SSL server.  (This is a
mutual peer authenticated SSL connection).

From the ServletContext or when the java servlet starts (where my
httpclient component runs witihin), I need to get access to the tomcat
connector, and determine the attributes of it.  I guess one brute force
method is to get the environment variable for catalina.home or
catalina.base and then scan for the conf/server.xml and parse that But
I figure there must be a cleaner and better way.

I also scanned the objects that are acessible from the Response, Request,
or ServletContext.  None of them seem to point to the Connector in a way
that I can inspect it, or get current properties of it.   For example,
within the org.apache.catalina.connector.ResponseFacade, I noticed that its
embedded object of HttpResponse is protected but it has the Connector.
Seems like I need to hack that to get that Connector info.

There must be a better way.

-- 
Sean

Re: JAX-WS Web Services

2014-10-13 Thread Leo Donahue 
On Sun, Oct 12, 2014 at 9:16 AM, Meeraj Kunnumpurath 
mee...@servicesymphony.com wrote:

 Hi,

 I am porting an application from Weblogic 12 to Tomcat 8. The application
 has a set of web services that implement javax.xml.ws.ProviderSOAPMessage
 exposed by declaring them as servlets in web.xml. However, it doesn't seem
 to be working in Tomcat, when access the WSDL URL, I get a 404.

 Regards

 --
 *Meeraj Kunnumpurath*


I posted something similar to this a few months back, maybe this link will
help?  https://www.mail-archive.com/users%40tomcat.apache.org/msg113562.html

I can't really answer your question directly because I can't help you
troubleshoot a 404 without more info.

leo

Tomcat7 and Tomcat8 bug or configuration problem

2014-10-13 Thread C. Kaeppelin 
Dear Sir,
I only replaced in the web.xml file of webapps examples
!-- Define the context-relative URL(s) to be protected --
 url-pattern/jsp/security/protected/*/url-pattern
by
!-- Define the context-relative URL(s) to be protected --
 url-pattern/jsp/plugin/*/url-pattern
then in my browser i typed :
localhost:8080/examples/jsp/plugin/plugin.jsp
After authentication i did not get the clock as usual with tomcat 6. Do the 
test please.
Thank you for your answer.
Best regards
Charles Kaeppelin
PS This pb is idem with vista and windows8.1, my java run time is java 7, 
Tomcat runs stand alone (without apache)

Re: Tomcat7 and Tomcat8 bug or configuration problem

2014-10-13 Thread Mark Thomas 
On 13/10/2014 22:52, C. Kaeppelin wrote:
 Dear Sir,
 I only replaced in the web.xml file of webapps examples
 !-- Define the context-relative URL(s) to be protected --
  url-pattern/jsp/security/protected/*/url-pattern
 by
 !-- Define the context-relative URL(s) to be protected --
  url-pattern/jsp/plugin/*/url-pattern
 then in my browser i typed :
 localhost:8080/examples/jsp/plugin/plugin.jsp
 After authentication i did not get the clock as usual with tomcat 6. Do the 
 test please.
 Thank you for your answer.

There is no Tomcat bug here. Everything is working exactly as intended.

Google for Java applet httpOnly

Mark

 Best regards
 Charles Kaeppelin
 PS This pb is idem with vista and windows8.1, my java run time is java 7, 
 Tomcat runs stand alone (without apache)
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat windows authentication domain login issue

2014-10-13 Thread tantaryu 
I need some idea on what's wrong with my tomcat configuration for windows
authentication. I followed the tomcat windows authentication tutorial and
uses the manager web application comes with tomcat to do a poc. In my
web.xml I change  and also changes the auth-constraint to the following 

.

This is my krb5.ini


This is my jaas.conf


The weird thing is regardless of what username and password I put in when I
accessed the tomcat manager web-app the debug message shown is the same.



I added this in my server.xml



When I tried login, it doesn't seem to recognize the valid credential. The
app keeps on asking me to enter a valid credential. What do I need to change
to make it work?



--
View this message in context: 
http://tomcat.10.x6.nabble.com/Tomcat-windows-authentication-domain-login-issue-tp5023801.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

javax.naming.NamingException: Resource DTMManager not found on Tomcat 6.0

2014-10-13 Thread Rajeev Singh 
Hi,
Environment: Redhat Linux
Tomcat: Version 6.0

I'm getting exception like
javax.naming.NamingException: Resource 
/WEB-INF/classes/META-INF/services/com.sun.org.apache.xml.internal.dtm.DTMManager
 not found

javax.naming.NamingException: Resource 
/WEB-INF/classes/net/sourceforge/jtds/jdbc/Driver.class not found

in lookup method of org.apache.naming.resources.ProxyDirContext.

In my application this isn't causing a logic issue, but this bug is manifesting 
as a notable performance problem. Every time a bad path is passed into the 
ProxyDirContext it's actually causing quite a lot of NamingExceptions to be 
thrown as it tries alternative paths (see BaseDirContext.lookup). All of these 
exceptions are swallowed but what I'm seeing is that this is happening many 
times over the course of a request as my application is looking up different 
resources, and the time it takes to build all of these swallowed 
NamingExceptions has become significant.

The path where the tomcat tries to search the resource doesn't exists. I tried 
searching the configuration files in conf folder of Tomcat but nowhere this 
type  of path  is mentioned.
Any help/pointer on how tomcat figures out resource path will be of great help.

Thanks,
Rajeev. 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org