Re: FarmWarDeployer via tomcat web manager
Keiichi Fujino kfuj...@apache.org wrote on 14.04.2015 09:33:21: From: Keiichi Fujino kfuj...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 14.04.2015 09:33 Subject: Re: FarmWarDeployer via tomcat web manager 2015-04-14 14:22 GMT+09:00 kimmo.sundg...@heeros.com: Caldarale, Charles R chuck.caldar...@unisys.com wrote on 14.04.2015 06:06:37: From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Date: 14.04.2015 06:07 Subject: RE: FarmWarDeployer via tomcat web manager From: Keiichi Fujino [mailto:kfuj...@apache.org] Subject: Re: FarmWarDeployer via tomcat web manager I changed war-listen path to webapps, and everything works fine untils I restart my Tomcat 1 (master node). After restarting tomcat my war file goes empty in webapps folder. ( file size 0). I saw that farmwardeployer run some kind of cleaning ( or clear) function. Please show how to reproduce this in more detail. And attach your configuration(server.xml). Don't attach server.xml, since the list strips almost all attachments. Post it inline in the e-mail, with any sensitive information obfuscated and preferably with comments removed. - Chuck Hi this is my server.xml from tomcat 1. ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.startup.VersionLoggerListener / Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8081 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=tomcat1 Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=6 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=1/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=5000 selectorTimeout=100 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.* \.html|.*\.css|.*\.txt/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/opt/tomcat/apache-tomcat-8.0.18/temp/war-temp/ I think The following configuration is not correct. deployDir=/opt/tomcat/apache-tomcat-8.0.18/webapps/ watchDir=/opt/tomcat/apache-tomcat-8.0.18/webapps/ When deployDir and watchDir are set to the same value, FarmWarDeployer does not work work properly. (see FarmWarDeployer.copy). -- Keiichi.Fujino Ok. I try same directory because I try to get work this farmwardeployer via manager. Web Manager used webapps so I can't found any other solutions. Summary: We can't use Farmwardeployer via web manager. I hope someone of you code this feature for tomcat some day=) Thank you for all the replies! -Kimmo
Re: FarmWarDeployer via tomcat web manager
2015-04-14 14:22 GMT+09:00 kimmo.sundg...@heeros.com: Caldarale, Charles R chuck.caldar...@unisys.com wrote on 14.04.2015 06:06:37: From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Date: 14.04.2015 06:07 Subject: RE: FarmWarDeployer via tomcat web manager From: Keiichi Fujino [mailto:kfuj...@apache.org] Subject: Re: FarmWarDeployer via tomcat web manager I changed war-listen path to webapps, and everything works fine untils I restart my Tomcat 1 (master node). After restarting tomcat my war file goes empty in webapps folder. ( file size 0). I saw that farmwardeployer run some kind of cleaning ( or clear) function. Please show how to reproduce this in more detail. And attach your configuration(server.xml). Don't attach server.xml, since the list strips almost all attachments. Post it inline in the e-mail, with any sensitive information obfuscated and preferably with comments removed. - Chuck Hi this is my server.xml from tomcat 1. ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.startup.VersionLoggerListener / Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8081 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=tomcat1 Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=6 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=1/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=5000 selectorTimeout=100 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.css|.*\.txt/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/opt/tomcat/apache-tomcat-8.0.18/temp/war-temp/ I think The following configuration is not correct. deployDir=/opt/tomcat/apache-tomcat-8.0.18/webapps/ watchDir=/opt/tomcat/apache-tomcat-8.0.18/webapps/ When deployDir and watchDir are set to the same value, FarmWarDeployer does not work work properly. (see FarmWarDeployer.copy). -- Keiichi.Fujino
Re: FarmWarDeployer via tomcat web manager
2015-04-14 15:58 GMT+09:00 kimmo.sundg...@heeros.com: Keiichi Fujino kfuj...@apache.org wrote on 14.04.2015 09:33:21: From: Keiichi Fujino kfuj...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 14.04.2015 09:33 Subject: Re: FarmWarDeployer via tomcat web manager 2015-04-14 14:22 GMT+09:00 kimmo.sundg...@heeros.com: Caldarale, Charles R chuck.caldar...@unisys.com wrote on 14.04.2015 06:06:37: From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Date: 14.04.2015 06:07 Subject: RE: FarmWarDeployer via tomcat web manager From: Keiichi Fujino [mailto:kfuj...@apache.org] Subject: Re: FarmWarDeployer via tomcat web manager I changed war-listen path to webapps, and everything works fine untils I restart my Tomcat 1 (master node). After restarting tomcat my war file goes empty in webapps folder. ( file size 0). I saw that farmwardeployer run some kind of cleaning ( or clear) function. Please show how to reproduce this in more detail. And attach your configuration(server.xml). Don't attach server.xml, since the list strips almost all attachments. Post it inline in the e-mail, with any sensitive information obfuscated and preferably with comments removed. - Chuck Hi this is my server.xml from tomcat 1. ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.startup.VersionLoggerListener / Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8081 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=tomcat1 Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=6 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=1/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=5000 selectorTimeout=100 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.* \.html|.*\.css|.*\.txt/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/opt/tomcat/apache-tomcat-8.0.18/temp/war-temp/ I think The following configuration is not correct. deployDir=/opt/tomcat/apache-tomcat-8.0.18/webapps/ watchDir=/opt/tomcat/apache-tomcat-8.0.18/webapps/ When deployDir and watchDir are set to the same value, FarmWarDeployer does not work work properly. (see FarmWarDeployer.copy). -- Keiichi.Fujino Ok. I try same directory because I try to get work this farmwardeployer via manager. Web Manager used webapps so I can't found any other solutions. Summary: We
RFE: read keystorePass from file
Hi, I'd like to suggest the addition of an option that would allow reading the keystore password (the password protecting the private key used by secure connectors) from file. My use case: I manage tomcat configuration including server.xml with a Configuration System (Ansible). This allows me to template and store tomcat configuration in a Source Control System (as I do for other services). The problem is that I need a secure tomcat connector and the only way to provide a password to protect private keys seems to be to write it in server.xml. Which means that the password end up being committed to SCM ( defeating the purpose of protecting the keystore with a password). If tomcat could read the password from a file than I could generate it randomly on the target host and store it on a file only tomcat can read. I hope my suggestion could be considered and I'm ready to further discuss my use case if further information are required. Regards, Luca PS: this has nothing to do with obfuscating the password (which has already been discussed on this list)
Re: RFE: read keystorePass from file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Luca, On 4/14/15 1:07 PM, Luca Menegus wrote: Hi, I'd like to suggest the addition of an option that would allow reading the keystore password (the password protecting the private key used by secure connectors) from file. My use case: I manage tomcat configuration including server.xml with a Configuration System (Ansible). This allows me to template and store tomcat configuration in a Source Control System (as I do for other services). The problem is that I need a secure tomcat connector and the only way to provide a password to protect private keys seems to be to write it in server.xml. Which means that the password end up being committed to SCM ( defeating the purpose of protecting the keystore with a password). If tomcat could read the password from a file than I could generate it randomly on the target host and store it on a file only tomcat can read. I hope my suggestion could be considered and I'm ready to further discuss my use case if further information are required. Regards, Luca PS: this has nothing to do with obfuscating the password (which has already been discussed on this list) This seems reasonable, but you do have another option: a parameterized server.xml that pulls the password value in from another place. Examples include an ant-based build with filtering or external XML entities. If you'd still like this feature, please open a Bugzilla enhancement request. https://bz.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%209 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVLUrRAAoJEBzwKT+lPKRYojIP/3IiPp9yeixqM+TJSuq25umH sdnLalXOtJYDrM78zoA8Q+E8YtseCf8CcZII6QFgWVUVTRTZYD//tJEuhKwbhhA5 I894oqL1G6k3z4yfExX7TsE5+RE6mBEfoMKCpF4nIXbcfaSlqXoZ1ZcNhmPjS0Jz 4yJK9GWayNmRN7211vLSXd6DrvZ5WsubqNxlq/E5td/kR7cIALNx8mTylD6GvgF8 7TCSPY2ZiUPJQu27rrutwnYU/p9ea9GPNr6lFcF6yt2NDt0TMWkhFAe8UXveIzVT HdIuhCyENGhTjy7tE6kpyvgB9E85SXN1nkx4mkyzoOqhjeJFfo+1OLujcNnCmtOH yrcmVUG2zzboiSh7xy1ehegC54jc3P8J3jTglem1JtWs5c3Yr64EORu7CotbsPxs FRAN/8+loo0b/mZzuxJdDt3h0eQsYsF00h7zOT0Pn2rU/dEo79TBSwglnESIivFx +6DxHyKF4kuoppcSD9HjJRwOGLrA5x5Ck1aEgAOCjdLdJaQDkhZ7X8FkFgTyuwzz 5slSYAHq0JJsoglXBaVSv/gBLuaCxzMomsjIsD+kJ4X7e/bVxvbA6BjtaywTMx7L VwBv8EygkZV7/ap9k15n/4+nk80/wyVTgZD0ig3ceQX/kVs1zTLtIYOxdzjOj6cs OuvJXECVb1iUjTaipAjf =1teY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AW: Rfc6265 cookies starting with a dot
On 14/04/2015 09:05, Peter Schroer wrote: This isn't possible because I'm writing some kind of proxy and I dont't have any influence on the websites (and the cookies of course). It would be possible to ignore invalid cookies if tomcat could be configured to do so. The error message is from the application setting the cookie. If ignoring invalid cookies is an option, could you catch the IAE, ignore it (or log it) and carry on? Mark Greetings Peter -Ursprüngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Dienstag, 14. April 2015 16:02 An: Tomcat Users List Betreff: Re: Rfc6265 cookies starting with a dot On 14/04/2015 07:53, Peter Schroer wrote: Hello, I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error: java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6 265Coo kieProcessor.java:180) org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6 265Coo kieProcessor.java:122) org.apache.catalina.connector.Response.generateCookieString(Response.j ava:95 9) org.apache.catalina.connector.Response.addCookie(Response.java:907) org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade. java:3 92) org.esigate.servlet.impl.ResponseSender.sendResponse(ResponseSender.ja va:70) com.bahn.esiExtensions.ExtendedProxyServlet.doFilter(ExtendedProxyServ let.ja va:104) Is there a way to stop tomcat from throwing this error? Don't use an invalid value for the domain when creating the cookie. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance question...
Could you please share the reference/link to spring framework fix as only code cache increase didn't help? Regards, Vishal -Original Message- From: PerfGuru [mailto:myunipor...@yahoo.com.INVALID] Sent: Monday, April 13, 2015 5:23 PM To: Jeffrey Janner; 'Tomcat Users List' Subject: Re: Performance question... Sorry Jeff my Tocat emails are bouncing from the email address use so using another one that works. Last Friday the development team tried the spring framework fix sugested and it fixed the problem of higher than normal cpu and performance. We did try the other idea of increasing the code cache but as expected it did not make a difference. Again thanks for all the suggestions.-Tony From: Jeffrey Janner jeffrey.jan...@polydyne.com To: 'Tomcat Users List' users@tomcat.apache.org; 'PerfGuru' myunipor...@yahoo.com Sent: Friday, April 10, 2015 1:03 PM Subject: RE: Performance question... -Original Message- From: PerfGuru [mailto:myunipor...@yahoo.com.INVALID] Sent: Thursday, April 09, 2015 10:17 AM To: Tomcat Users List Subject: Re: Performance question... Looks like we have two potential root causes. 1. Spring Framework 4.0.0 and jdk 1.7.0_51 are used which might be one of the root causes according to a Spring Framework bug.. The fix is to upgrade the Spring Framework version.2. The codecache is too small in 1.7.0_51 and leads to performance/cpu utilization issues. The fix is to try increasing to 4x the default size, setup printing out codecashe size when app server stopped. Also in 1.7.0_80 this was fixed and in 1.8 the default codecache size was increased by 4x. Regards,-Tony [Jeffrey Janner] Tony, Last public update of Java is 1.7.0_75/76. Are you sure that _80 is the one we want? Also, do you know if updating the Java would help with the Spring bug? Can you send me a link to the bug? Thanks, Jeff From: Linus Brimstedt linus.brimst...@viskan.se To: PerfGuru myunipor...@yahoo.com; users users@tomcat.apache.org Sent: Tuesday, April 7, 2015 5:55 PM Subject: Re: Performance question... Hello Try to do a java thread dump and check the stuck threads (possibly by comparing with the output of the tomcat server status page). Hopefully this will give you a clue about what the threads are doing at that time. If the application uses a database, you may see that they are stuck waiting for the dB reply. It could also be that it's waiting for disk (perhaps you have too much logging enabled) etc. How do you simulate your users and do you have proper timing between requests of each users? If a real user on average take 10 seconds between requests and you have a timing of 1 second between requests in your load test, you are simulating 10x the load you think.. Br L On 7 Apr 2015 18:56, PerfGuru myunipor...@yahoo.com.invalid wrote: Hi All,We are noticing when running a simple load test of 25 virtual users that our Tomcat server is running at 40% CPU and transactions are taking over 40 seconds. We setup a test where we focused (in a loop) one of the longer response time requests. The access logs show the log response time and the developers have monitoring via their own logs where they record response times for queries and other things but do not show the response times as being nearly as long as the access logs indicate.We connected up visualvm 1.3.7 remotely and using the sampler the only method response time above 2 seconds on average was the TaskQuery.take() which was over 100 seconds for some reason.We are using some version of 7.x for tomcat and also for the jdk. The tomcat config file is shown below. We are in the process of setting up visualvm on the unix server where Tomcat is running so we can use local mode for visualvm instead of remote. Any ideas/thoughts appreciated.-Tony Connector port=25500 secure=true compressableMimeType=text/html,text/xml noCompressionUserAgents=gozilla, traviata compression=on disableUploadTimeout=true connectionTimeout=2 acceptCount=100 redirectPort=8443 enableLookups=false minSpareThreads=25 maxThreads=512 maxHttpHeaderSize=8192/
Re: SSLCertificateKeyFile directive question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 4/14/15 7:05 PM, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco) wrote: Yes, I'm only needed to configure LDAP over SSL. Okay. I have not been able to find any information on certificate directives for JNDI realm similar to httpd server.xml LDAPTrustedGlobalCert CA_BASE64 /.pem and LDAPTrustedMode SSL. Right: it appears no such options exist. They probably ought to exist. Where are similar directives configured? - From my previous message: you'll need to set the javax.net.ssl.trustStore system property to point to your own trust store which contains the lowest certificate you are willing to completely trust. You may choose to trust the whole CA or maybe just the leaf certificate for the LDAP server (which might be slightly more appropriate/safe for your purpoases). Note that this will set the trustStore for everything in the JVM (except for Tomcat, which allows you to specify your own trustStore on a per-Connector basis), so you'd better be careful that you aren't affecting other components that use the JVM's global trustStore. Oracle's documentation for that system property says: javax.net.ssl.trustStore This property is used to specify the location of the trust store. A trust store is a key store that is used when making decisions about which clients and servers can be trusted. The property takes a String value that specifies a valid trust store location. The default value is jssecacerts, if available, or cacerts. So, basically, you create a trustStore (using keytool) that contains all of the certificates that you trust, and then you just make SSL connections and those servers which have been signed by the certs in the trustStore will be trusted. So, throw your PEM file(s) into a trustStore and point javax.net.ssl.trustStore at it and you should be good. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVLerHAAoJEBzwKT+lPKRYXRYQALqF3AQH+yxx3y5DVj3yKRUA WmLAOd+n+Bpip9VdHsiH0KJjrWkI3vlUVBDTaQF6E0JjE1XNfEPOsNidH3hs4PlA iq1ZcUDhqzAN1dXlU5LKJUd7hBS+gA3ETMQp2KzCJ0S/hk4yVrJwJTLXJ5/E2huV lLxg4jckhvxaM4DvrNVZUQvj6a4rxCUTaHu8+YL7vik6voHhtriKv8aO/6hCpUNz cCegj2e/g7RD8eLPGfJ6MBUtyBAzeK/i535wk/wFMZ+puC3MIBR1pH/iMpUkGqMM RHSPoVvVkow1PA1qziBNnD3bgW658oyMFNY+jkxZOwDm2Mo4fpXh5hll6fMlPALF ZxvxQqsqsN0DaXNJcBadfFi1zw94w1kEYVY/ncHGhsta4qPcpdNYvSphA9uGlgGz FyXgFBAEJGPS738kB2qOwfkPJMwVyOQ+Y0n8ROuL4u57EcdVaki6FFFJRCPajSaX RCoRnXjmWJbnr2HnCN00PPwpGLt78a8qiArEazjbCDaLTqSlD2xp0X0H9Nf9MPhP r5FIRCjZrsVpULgs/HDFjpSc+Q4duahUTA7O1Q+Wo61KX5hIGU+vfBnid/ayn0my 5V4jko1m1SHYxPFy2THsbrm1zhx9rwbOYt9CwXMDFsrsr+Ry0jY5fe+s08WCHb7D xDVhjmxM+6ssZKnKzu/o =Hed1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Rfc6265 cookies starting with a dot
On 14/04/2015 07:53, Peter Schroer wrote: Hello, I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error: java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265Coo kieProcessor.java:180) org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265Coo kieProcessor.java:122) org.apache.catalina.connector.Response.generateCookieString(Response.java:95 9) org.apache.catalina.connector.Response.addCookie(Response.java:907) org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:3 92) org.esigate.servlet.impl.ResponseSender.sendResponse(ResponseSender.java:70) com.bahn.esiExtensions.ExtendedProxyServlet.doFilter(ExtendedProxyServlet.ja va:104) Is there a way to stop tomcat from throwing this error? Don't use an invalid value for the domain when creating the cookie. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Rfc6265 cookies starting with a dot
This isn't possible because I'm writing some kind of proxy and I dont't have any influence on the websites (and the cookies of course). It would be possible to ignore invalid cookies if tomcat could be configured to do so. Greetings Peter -Ursprüngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Dienstag, 14. April 2015 16:02 An: Tomcat Users List Betreff: Re: Rfc6265 cookies starting with a dot On 14/04/2015 07:53, Peter Schroer wrote: Hello, I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error: java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6 265Coo kieProcessor.java:180) org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6 265Coo kieProcessor.java:122) org.apache.catalina.connector.Response.generateCookieString(Response.j ava:95 9) org.apache.catalina.connector.Response.addCookie(Response.java:907) org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade. java:3 92) org.esigate.servlet.impl.ResponseSender.sendResponse(ResponseSender.ja va:70) com.bahn.esiExtensions.ExtendedProxyServlet.doFilter(ExtendedProxyServ let.ja va:104) Is there a way to stop tomcat from throwing this error? Don't use an invalid value for the domain when creating the cookie. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Cluster - Session replication error: Unable to apply diff
Hello, I have a working Tomcat 8.0.15 cluster with 3 members with the BackupManager as session manager. The session replication is mostly working except in a few cases. In those cases, I get the following error: 09-Apr-2015 12:16:58.369 SEVERE [Tribes-Task-Receiver-6] org.apache.catalina.tribes.tipis.AbstractReplicatedMap.messageReceived Unable to apply diff to key:3B286B4C7CA060163A00988969D21923 java.lang.NullPointerException at org.apache.catalina.ha.session.DeltaSession.applyDiff(DeltaSession.java:164) at org.apache.catalina.tribes.tipis.AbstractReplicatedMap.messageReceived(AbstractReplicatedMap.java:664) at org.apache.catalina.tribes.group.GroupChannel.messageReceived(GroupChannel.java:293) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:81) at org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.messageReceived(TcpFailureDetector.java:112) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:81) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:81) at org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor.messageReceived(ThroughputInterceptor.java:89) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:81) at org.apache.catalina.tribes.group.ChannelCoordinator.messageReceived(ChannelCoordinator.java:260) at org.apache.catalina.tribes.transport.ReceiverBase.messageDataReceived(ReceiverBase.java:240) at org.apache.catalina.tribes.transport.nio.NioReplicationTask.drainChannel(NioReplicationTask.java:206) at org.apache.catalina.tribes.transport.nio.NioReplicationTask.run(NioReplicationTask.java:97) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) I was able to replicate the problem with a scenario in the application, but I was not able to understand the underlying problem. This happens when the user is making a very specific request and this request arrives on a Tomcat where his session is not stored, forcing the Tomcat to fetch the session elsewhere. The 3 tomcats are on the same network with a very low network latency. Does anybody has some advice on how to debug this problem? For now, I got around it with sticky sessions on mod_jk, but I find this very unsatisfactory. Thank you in advance for your help, //Théo signature.asc Description: Message signed with OpenPGP using GPGMail
Re: RFE: read keystorePass from file
2015-04-14 20:13 GMT+03:00 Christopher Schultz ch...@christopherschultz.net: Luca, On 4/14/15 1:07 PM, Luca Menegus wrote: Hi, I'd like to suggest the addition of an option that would allow reading the keystore password (the password protecting the private key used by secure connectors) from file. My use case: I manage tomcat configuration including server.xml with a Configuration System (Ansible). This allows me to template and store tomcat configuration in a Source Control System (as I do for other services). The problem is that I need a secure tomcat connector and the only way to provide a password to protect private keys seems to be to write it in server.xml. Which means that the password end up being committed to SCM ( defeating the purpose of protecting the keystore with a password). If tomcat could read the password from a file than I could generate it randomly on the target host and store it on a file only tomcat can read. I hope my suggestion could be considered and I'm ready to further discuss my use case if further information are required. Regards, Luca PS: this has nothing to do with obfuscating the password (which has already been discussed on this list) This seems reasonable, but you do have another option: a parameterized server.xml that pulls the password value in from another place. Examples include an ant-based build with filtering or external XML entities. https://wiki.apache.org/tomcat/FAQ/Password If you'd still like this feature, please open a Bugzilla enhancement request. https://bz.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%209 http://tomcat.apache.org/bugreport.html#How_to_submit_patches_and_enhancement_requests Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Rfc6265 cookies starting with a dot
Hello, I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error: java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265Coo kieProcessor.java:180) org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265Coo kieProcessor.java:122) org.apache.catalina.connector.Response.generateCookieString(Response.java:95 9) org.apache.catalina.connector.Response.addCookie(Response.java:907) org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:3 92) org.esigate.servlet.impl.ResponseSender.sendResponse(ResponseSender.java:70) com.bahn.esiExtensions.ExtendedProxyServlet.doFilter(ExtendedProxyServlet.ja va:104) Is there a way to stop tomcat from throwing this error? Using the old cookie processor is not an option because the old processor isn't able to handle cookies containing umlauts. Thanks in advance Peter
tomcat meetup during apachecon
Hi, If you are @apachecon in Austin feel first to join: http://sched.co/35Hk Cheers Jean-Frederic - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSLCertificateKeyFile directive question
Yes, I'm only needed to configure LDAP over SSL. I have not been able to find any information on certificate directives for JNDI realm similar to httpd server.xml LDAPTrustedGlobalCert CA_BASE64 /.pem and LDAPTrustedMode SSL. Where are similar directives configured? Thanks -John -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, April 13, 2015 3:53 PM To: Tomcat Users List Subject: Re: SSLCertificateKeyFile directive question -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 4/13/15 3:15 PM, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco) wrote: Christopher, thank you for the information. Yes, I'm trying to configure LDAPS for connection to Active Directory. Does the SSL connector need to be configured for LDAPS, or just create the JNDI realm? The SSL connector is completely irrelevant, here. If you want to configure for incoming TLS connections from web users, then look to the Connector configuration. For authentication against JNDI, you only need JNDIRealm. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVLEjIAAoJEBzwKT+lPKRYSuUQAKQUupUfYcJfZbyc/bl3t+NV fnBOxmLgc019J9BvmYUU87RQfd+bJJdMbAGjJ3x+r9PamygsgPZ+WhfWVFamu8fM of0fcmMH/981+B9vjw5FMNeiQbvFkILnr9ypcuP0a/Gi/ImGWL6byB25vH380OzR yjJo5IGzwv4RatVErExxOPtFt/vpclAe6Vre8sXw5Hd3B8kz9SqZWvflLScsFj60 dKxK3uwlrO1VK8wRmpULJMGiz5OdMNBGDSffLeDoHtoUq2wUMPjGVby03G8zCskg J3lH/HbEDIMlCVanPhzntP8hD00jzoyFj28PQ+v5LrpgjgOfEHAMehjDZxKSBhDr 848zL9yvRPF2n/9f2aJ96l6Kjpt4tCbvuFYutdNBFNgwFutDzIuC8FdpLJS8T77N fZSVj/B0apYgcCJwSfsUvQbmre0Q+LQeTznAzekUK+SDDO180zkZ4LwgI3n7soW+ yFaT0HXp29p3TJOE76TfNx7TEbmXKCdlGRJ3ZhjXpF/W8YkJx8LVxRqqZUtEedx4 2G8NYdu427yqajp9VqIH22GZxWgyzJCJzNMbiHeoOX0aGYmaOpDi/dQNuDfVWROK Kc7qfMGgAO+DAnYQaFTQwtUBfcn8fkAOX4qaYOShWC9WIt1HuCsqvz3EC+vcLtsN QZSX2yOgM/KBUxBgmerw =Ansq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org