Re: Tomcat 7.0.28 ignoring context copyXML attribute and web-fragments

2015-09-28 Thread Fernando González 
Upgrading the package solves these issues, but other appear: the xml file
not being actually copied.

"dpkg -s tomcat7" still returns 7.0.28. So it is quite probably not correct
anymore. Now we know that manual installation is the way to go, thanks!

On Mon, Sep 28, 2015 at 9:18 AM, Fernando González 
wrote:

> Yeah, normally I install "real Tomcat" but this server is not under my
> control. I'll try to update the Debian package and/or to a manually
> installed one and report back if the issues are gone.
>
> Many many thanks for the hint!
>
> On Mon, Sep 28, 2015 at 2:10 AM, Caldarale, Charles R <
> chuck.caldar...@unisys.com> wrote:
>
>> > From: Fernando González [mailto:fergo...@gmail.com]
>> > Subject: Tomcat 7.0.28 ignoring context copyXML attribute and
>> web-fragments
>>
>> > I am using Tomcat 7.0.28 and I am deploying a .war with a context.xml
>> > that sets the copyXML attribute to "true".
>>
>> That version is over three years old and does not include copyXML in a
>>  element.  Not keeping up with current releases opens your website
>> up to attacks fixed in later versions.
>>
>> > when I copy the war to the webapps folder, I get the following
>> > message in catalina.out:
>>
>> > "Setting property 'copyXML' to 'true' did not find a matching property."
>>
>> As you should.
>>
>> > and the context.xml will not be copied to conf/Catalina/localhost/.
>>
>> You can set copyXML in the  element if you insist on running old
>> software.
>>
>> > The o.s. is a Debian 7 and the administrator said he just installed
>> tomcat from the debian
>> > package. The command "dpkg -s tomcat7" gives me version 7.0.28.
>>
>> Which may or may not be correct, since third-party distributions often
>> cherry-pick changes to include, along with generally corrupting the
>> standard Tomcat file layout.
>>
>> I strongly recommend that you deinstall the Debian package and use a
>> current, real Tomcat from tomcat.apache.org.
>>
>>  - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail and
>> its attachments from all computers.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Need help understanding support for Unix Domain Sockets in Tomcat 7.0.x

2015-09-28 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Frederik,

On 9/28/15 11:13 AM, Frederik Nosi wrote:
> Hi, On 09/26/2015 02:04 AM, Christopher Schultz wrote: Graham,
> 
> On 9/25/15 7:23 PM, Graham Leggett wrote:
 On 25 Sep 2015, at 10:33 PM, Christopher Schultz 
  wrote:
 
> While I obviously agree with the sentiment, I do feel bad
> for the OP who has to fight this battle.
 It is important however to clarify that this isn’t a typical 
 scenario, lest someone cites this thread as to why they
 should be doing the same thing.
 
> 1. All the code we currently have in tcnative uses APR for 
> everything, and I'm not sure if APR supports AF_UNIX
> sockets, or even if it would have to support them to do
> this.
 The as-yet-unreleased v1.6 of APR does support unix domain 
 sockets, although the docs for it don’t appear to be very
 clear.
 
> 2. The plumbing required to configure an AF_UNIX socket is 
> non-trivial, and it's currently all wired-around using
> AF_INET sockets, so it's got hostname, port, etc. I suppose
> we could stuff the inode's name into the hostname and
> ignore the port number or something like that, but it's
> fairly hacky.
 Currently APR seems to accept the UDS filename where the IP 
 address would otherwise be provided.
 
> So this is a non-trivial amount of work, here.
> 
> Srini, is there any chance your employer would pay someone
> to write this code? Patches are always welcome, and Tomcat
> is otherwise completely free…
 If there was a push for unix domain sockets from Tomcat it
 would definitely help working out whether the APR_UNIX
 implementation does what it needs to do, and gets properly
 documented and v1.6 released.
> I don't really see this happening.
> 
> I'm fairly sure that the widespread use of HTTP/2 is going to kill
> AJP forever, leaving only mod_proxy_http(2) as a viable long-term 
> connector. Nobody is ever going to bother writing an AF_UNIX
> connector for HTTP/2, so I think this idea is very likely to die in
> this thread.
> 
>> Not sure on this, as AJP is quite handy. Expecialy load balancing
>> java webapps and i find mod_jk quite good at this.

Remember, it's not mod_jk doing the load-balancing, it's Apache httpd.
mod_jk is simply providing the channel over which the proxying is
being done. In a thread on the dev list, I'm a little more defensive
of AJP because of its ability to pass data out-of-band with respect to
the tunneled HTTP message. There definitely is utility there.

>> Out of curiosity, why do you think so? What does offer HTTP/2
>> that can be handy in a reverse proxy scenario? Compression /
>> streams?

It's not that I think HTTP/2 offers a particular advantage over AJP,
but HTTP/2 *will* be implemented and it offers a number of advantages
over AJP (specifically, encryption as part of the HTTPS protocol).
Currently, AJP doesn't support the connection-oriented web protocols
like Websocket, and it just seems like it will be a huge effort to get
AJP to be able to tunnel everything that both HTTP and HTTP/2 offer.

Since HTTP/2 is going to (eventually) have to support all this, and
httpd is going to (eventually) implement HTTP/2 proxying, I'm not sure
I see a great benefit to continuing to maintain AJP and mod_jk along
with it.

mod_jk was great when proxying was otherwise very complicated with
Apache httpd. That's no longer the case, and I think it makes sense to
push mod_proxy_http to support all the great features that AJP/mod_jk
is currently providing. There is no great need to maintain two
components that do pretty much the same thing, when one of those
components (mod_jk) has a very narrow use-case and the other
(mod_proxy_http) has very wide applicability.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWCWY6AAoJEBzwKT+lPKRYVboP/3t1DbLZ3IgizG6ISeuQmDJC
kxlFnxhKZ5EErI3o9BUIs/e65/iWqVNNhY6AMJOPcMKEfLDc7SsF0Vu5+Y/Si4K8
5Y+s1l1t5peLJB6eNxAGaCEULE3DwBtCF2Zwok99OdGWEzXI8NzHpCUIPdJ2Uh0g
ezeaY1MAkYTzs1JGsN+m7u4Z04h6khnhS6hSseFoCKyF1nFHTb+f7xjBbT9dN2CO
kBANTK+CjT/WtOw3pjb9EMJ7AbRO4AgoT2gfuuol+LDTeQZiWcwQpLXLIxKN84ra
rStt1ijPGVUbar4q/DHq+gbUk4CeDQwcpVqTBeos2r+GSV2BqWiGrqdTstA6qUXl
evn61o0PTOA9raNTn8PIhxWhJOuKn6gQOGvW2NQzVuqAzLTqeqep8cCsvcQkjQkj
NlbjSrCJR5iiP0V/Q68cqX6qgJvZcMjQ4EFHxswKxS19xg4NhHU3wW1CuhzShZxa
DUfxVDTT1Jnk36CaX2ijIY/q7oxQMDfuuLub4Tmg974o4HcPuNG/c0Y72A7yZbaZ
mxwfxezGGu9QAwyVzAg1EF7QOaCgO1tvIjfimuG6ye27bJeX6WTT6FDvdHFYsCjk
H6e/j5qv3OLff217Y73g+LLiDlbqO+RbowBSzGNBTZtnMKaxrqG0tYObfJmk5stY
mIYPp6B/CrsY3fSlPDna
=QplG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need help understanding support for Unix Domain Sockets in Tomcat 7.0.x

2015-09-28 Thread Frederik Nosi 

Hi,
On 09/26/2015 02:04 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Graham,

On 9/25/15 7:23 PM, Graham Leggett wrote:

On 25 Sep 2015, at 10:33 PM, Christopher Schultz
 wrote:


While I obviously agree with the sentiment, I do feel bad for
the OP who has to fight this battle.

It is important however to clarify that this isn’t a typical
scenario, lest someone cites this thread as to why they should be
doing the same thing.


1. All the code we currently have in tcnative uses APR for
everything, and I'm not sure if APR supports AF_UNIX sockets, or
even if it would have to support them to do this.

The as-yet-unreleased v1.6 of APR does support unix domain
sockets, although the docs for it don’t appear to be very clear.


2. The plumbing required to configure an AF_UNIX socket is
non-trivial, and it's currently all wired-around using AF_INET
sockets, so it's got hostname, port, etc. I suppose we could
stuff the inode's name into the hostname and ignore the port
number or something like that, but it's fairly hacky.

Currently APR seems to accept the UDS filename where the IP
address would otherwise be provided.


So this is a non-trivial amount of work, here.

Srini, is there any chance your employer would pay someone to
write this code? Patches are always welcome, and Tomcat is
otherwise completely free…

If there was a push for unix domain sockets from Tomcat it would
definitely help working out whether the APR_UNIX implementation
does what it needs to do, and gets properly documented and v1.6
released.

I don't really see this happening.

I'm fairly sure that the widespread use of HTTP/2 is going to kill AJP
forever, leaving only mod_proxy_http(2) as a viable long-term
connector. Nobody is ever going to bother writing an AF_UNIX connector
for HTTP/2, so I think this idea is very likely to die in this thread.


Not sure on this, as AJP is quite handy. Expecialy load balancing java 
webapps and i find mod_jk quite good at this.
Out of curiosity, why do you think so? What does offer HTTP/2 that can 
be handy in a reverse proxy scenario? Compression / streams?





- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWBeEhAAoJEBzwKT+lPKRYzU0QAIKV6imgl5CIyQW60QaTxERY
92VX4/s305D02r1Pp2Mji/kxmnylLgRq1ZQEwq7Jnygcm8NKPjHQQtOieSlSTHEO
S/OvB8p57arsY8N5JRcf2+mequYcNx5CbeWSSbqp2DS7KEli8FKyDHKpeioNVmZX
qWaWqG1mADxQBoLOgsk0opa82R18VadRQL4iKk+K28S3QLIFoIlOpi5pWOaothiV
RHBPQ282FfSJMfwhqmtirS3ZyqNu9Tve/e21kz1eCeBh/9L9sOI6E2EFKcF2Mq1Q
2PPoY3EuxSIlUeVKQgZZL+QPUy3UDcWmlsm6WNxCLQRIkpSXLfmJr2JpAwJaL2if
6Ssd9nVizP29WcnKQa8qWC50vrlbOROb9OaI/2t/zjdAWFKRdyG2FKHJQB+lolxV
+A+xiHIaATrcLTtkbbwm+dcUl6KFx/UMKmCLdK7+m19RDmTdeYeUSEvNXidZopb8
mZe4T87KbOrwMpqAjlehlqSOY3B993ZQu3bQdB+S1H0AdjXAL+C7umtzNX3qFb1C
KmJBpmt6AhIzaLYCiwHK3sYEp0BW5PYTMrM6MNJErheGvbxmfo7yPTYsVgfmTsMM
VS6kZqCXogj/FPaIna8X3UJr4BSEP5Dwx5AUZXS4qd1EcFT7gSKYD5+1vApsfUGh
cjAzQL+QFx/pl3DEtG8w
=whRf
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Parallel Deployment: Can I request a specific webapp version?

2015-09-28 Thread Ludovic Pénet 



>> You have competing requirements:
>>
>> 1. All servers are the same
>>
>2. Some subset users get a different version of the application
>>
>
>All servers would have all versions of the app, thats the  whole point
>:)
>I.e.
>Instead of
>Server 1 - 3: App Version 001
>Server 4 - 6: App Version 002
>
>I would have
>Server 1-6:  App Version  001 + 002
>
>Parallel deployment makes this possible and simple to use.
As far as I understand (and use it on a daily basis), parallel deployment 
allows to upgrade a webapp to a new version with no downtime, new sessions 
being handled by the newest version and existing ones beinig handled by the 
version already handling them.

That the only case where I see parallel deployment using multiple versions. And 
so I see no case where new sessions arr handled by two different versions.

So, it seems to me that // deployment is not a fit for your requirements.

I find them interesting anyway, as I would really like to be able to have a 
finer control on the selection of the "current" version.

This would allow transparent downgrades, without removing or stopping a version 
and help solve a stupid problem I had several times : // deployment sort 
versions alphabetically. So, version 1.1.9 is prefered to 1.1.10, for 
instance...

Ludovic


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.28 ignoring context copyXML attribute and web-fragments

2015-09-28 Thread Fernando González 
Yeah, normally I install "real Tomcat" but this server is not under my
control. I'll try to update the Debian package and/or to a manually
installed one and report back if the issues are gone.

Many many thanks for the hint!

On Mon, Sep 28, 2015 at 2:10 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Fernando González [mailto:fergo...@gmail.com]
> > Subject: Tomcat 7.0.28 ignoring context copyXML attribute and
> web-fragments
>
> > I am using Tomcat 7.0.28 and I am deploying a .war with a context.xml
> > that sets the copyXML attribute to "true".
>
> That version is over three years old and does not include copyXML in a
>  element.  Not keeping up with current releases opens your website
> up to attacks fixed in later versions.
>
> > when I copy the war to the webapps folder, I get the following
> > message in catalina.out:
>
> > "Setting property 'copyXML' to 'true' did not find a matching property."
>
> As you should.
>
> > and the context.xml will not be copied to conf/Catalina/localhost/.
>
> You can set copyXML in the  element if you insist on running old
> software.
>
> > The o.s. is a Debian 7 and the administrator said he just installed
> tomcat from the debian
> > package. The command "dpkg -s tomcat7" gives me version 7.0.28.
>
> Which may or may not be correct, since third-party distributions often
> cherry-pick changes to include, along with generally corrupting the
> standard Tomcat file layout.
>
> I strongly recommend that you deinstall the Debian package and use a
> current, real Tomcat from tomcat.apache.org.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Parallel Deployment: Can I request a specific webapp version?

2015-09-28 Thread Linus Brimstedt 
Hello,



On 27 September 2015 at 23:55, Christopher Schultz <
ch...@christopherschultz.net> wrote:

>
> You have competing requirements:
>
> 1. All servers are the same
>
2. Some subset users get a different version of the application
>

All servers would have all versions of the app, thats the  whole point :)
I.e.
Instead of
Server 1 - 3: App Version 001
Server 4 - 6: App Version 002

I would have
Server 1-6:  App Version  001 + 002

Parallel deployment makes this possible and simple to use.


> Sounds like they can't co-exist without some kind of compromise. We
> are offering one that works with currently-available software.
>

Please elaborate

/Linus


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJWCGXOAAoJEBzwKT+lPKRYi5sQAJ9A8eJrs4kxIXIECSl/bbtd
> wdEWpDc2QxJ7eZ/o999ZfDfABylZAt0opRGCyqrxt4humh1TJvECWl2HGNiLjdR7
> ciD+4dtjDTCpv7yfEfCJXn4YL60RK35lJ5lXBGsBClmVg2y5vwdqng8KGg/pVotN
> AIe6BHBsiTLuY5Kep6K9RElYPab/71noN/U4j1N12Jf5puKDU+Spbc07Fy5OGsCl
> 5p0s7HsysHeFDiWY9uMIgtF2pJSgoFFF6+S2RHu+wON9m4OciNvZJlh2IYzgM24W
> lJOYm4jqqyHR6Bx3UoXIOFc4HAXwoX13xxPLYbLuILTW7DyFFzkBltTAFqFvC5Fn
> moAGs3jgFqdxlexJ49UjMSO+CCdMCnwvH9zOLM/HDZEN1UItwsCVeU0hiXLC6a8Y
> 5aHjNkLo71IeZq7sjOxw1h/3fMvazbBYwu+VZE//4WKBSaqE//KlKOJBUgPZ2R2R
> S5+MjW97+sgj4wpsZRlt8jmMpcugfn6lWMtpvGj4/NXykoomYnpmsF7cJhgH47S+
> 3fdeRymyw9BnsNvJNULbfjXZoUL9XFpH6WQb5127cYzBrapIYOSoTYn+H/SaeGgi
> pXMJspKz8qb8W9f3yBekQFM7kGcP1cBvp6JTAGwbsTx8VM5oJlffNi7RAVEO6DeV
> IqyVpqOKOnu2GwhpzIs5
> =6+bn
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

*Linus Brimstedt *
CTO
+46 70 - 683 98 54
linus.brimst...@viskan.se

*Viskan Distanshandel System AB*
Druveforsvägen 8
504 33 Borås, Sweden
+46 33 - 20 60 20
www.viskan.se

Re: NIO2 SSL Handshake usage

2015-09-28 Thread Mark Thomas 
On 28/09/2015 11:50, kamalakannan chandrakumar wrote:
> I'm not talking about Handler classes in SecureNIOChannel.
> It is for SecureNIO2Channel.

Those are internal Tomcat classes. They are not designed for re-use
outside of Tomcat.

Mark

> 
> Regards,
> Kamal.
> 
> 
> On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat  wrote:
> 
>> 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar <
>> chandrakumarkamalakan...@gmail.com>:
>>
>>> Hi,
>>>

 Please let me why there is no way to set Handler class or Future task
>> is
 not returned for
 SSL handshake in SecureNIO2Channel. How to use those classes for
>> writing
 client code ?
 This was working fine with NIO code (SecureNIOChannel).
>>>
>>> I don't understand. Can you clarify what is this handler you are talking
>> about in the SecureNioChannel class ?
>>
>> Rémy
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: NIO2 SSL Handshake usage

2015-09-28 Thread Mark Thomas 
On 28/09/2015 11:50, kamalakannan chandrakumar wrote:
> I'm not talking about Handler classes in SecureNIOChannel.
> It is for SecureNIO2Channel.

Those are internal Tomcat classes. They are not designed for re-use
outside of Tomcat.

Mark

> 
> Regards,
> Kamal.
> 
> 
> On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat  wrote:
> 
>> 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar <
>> chandrakumarkamalakan...@gmail.com>:
>>
>>> Hi,
>>>

 Please let me why there is no way to set Handler class or Future task
>> is
 not returned for
 SSL handshake in SecureNIO2Channel. How to use those classes for
>> writing
 client code ?
 This was working fine with NIO code (SecureNIOChannel).
>>>
>>> I don't understand. Can you clarify what is this handler you are talking
>> about in the SecureNioChannel class ?
>>
>> Rémy
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: NIO2 SSL Handshake usage

2015-09-28 Thread kamalakannan chandrakumar 
Thanks ! If it is not for external purpose, pl let me know which API should
I look
to use NIO2 SSL implementation.
This is for testing java client code to communicate with server.

Regards,
Kamal.

On Mon, Sep 28, 2015 at 4:49 PM, Mark Thomas  wrote:

> On 28/09/2015 12:16, kamalakannan chandrakumar wrote:
> > Mark,
> >
> > Thanks! Just curious to know how it is used internally for NIO2.
> > I understand that it is internal, but please let me know the details.
>
> Try reading the source code.
>
> There is no API to set the completion handler because that is handled
> internally to the class. Look at handshakeReadCompletionHandler and
> handshakeWriteCompletionHandler.
>
> Mark
>
>
> >
> > Regards,
> > Kamal.
> >
> > On Mon, Sep 28, 2015 at 4:44 PM, Mark Thomas  wrote:
> >
> >> On 28/09/2015 11:50, kamalakannan chandrakumar wrote:
> >>> I'm not talking about Handler classes in SecureNIOChannel.
> >>> It is for SecureNIO2Channel.
> >>
> >> Those are internal Tomcat classes. They are not designed for re-use
> >> outside of Tomcat.
> >>
> >> Mark
> >>
> >>>
> >>> Regards,
> >>> Kamal.
> >>>
> >>>
> >>> On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat 
> wrote:
> >>>
>  2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar <
>  chandrakumarkamalakan...@gmail.com>:
> 
> > Hi,
> >
> >>
> >> Please let me why there is no way to set Handler class or Future
> task
>  is
> >> not returned for
> >> SSL handshake in SecureNIO2Channel. How to use those classes for
>  writing
> >> client code ?
> >> This was working fine with NIO code (SecureNIOChannel).
> >
> > I don't understand. Can you clarify what is this handler you are
> >> talking
>  about in the SecureNioChannel class ?
> 
>  Rémy
> 
> >>>
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: NIO2 SSL Handshake usage

2015-09-28 Thread kamalakannan chandrakumar 
Mark,

Thanks! Just curious to know how it is used internally for NIO2.
I understand that it is internal, but please let me know the details.

Regards,
Kamal.

On Mon, Sep 28, 2015 at 4:44 PM, Mark Thomas  wrote:

> On 28/09/2015 11:50, kamalakannan chandrakumar wrote:
> > I'm not talking about Handler classes in SecureNIOChannel.
> > It is for SecureNIO2Channel.
>
> Those are internal Tomcat classes. They are not designed for re-use
> outside of Tomcat.
>
> Mark
>
> >
> > Regards,
> > Kamal.
> >
> >
> > On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat  wrote:
> >
> >> 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar <
> >> chandrakumarkamalakan...@gmail.com>:
> >>
> >>> Hi,
> >>>
> 
>  Please let me why there is no way to set Handler class or Future task
> >> is
>  not returned for
>  SSL handshake in SecureNIO2Channel. How to use those classes for
> >> writing
>  client code ?
>  This was working fine with NIO code (SecureNIOChannel).
> >>>
> >>> I don't understand. Can you clarify what is this handler you are
> talking
> >> about in the SecureNioChannel class ?
> >>
> >> Rémy
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: NIO2 SSL Handshake usage

2015-09-28 Thread Mark Thomas 
On 28/09/2015 12:16, kamalakannan chandrakumar wrote:
> Mark,
> 
> Thanks! Just curious to know how it is used internally for NIO2.
> I understand that it is internal, but please let me know the details.

Try reading the source code.

There is no API to set the completion handler because that is handled
internally to the class. Look at handshakeReadCompletionHandler and
handshakeWriteCompletionHandler.

Mark


> 
> Regards,
> Kamal.
> 
> On Mon, Sep 28, 2015 at 4:44 PM, Mark Thomas  wrote:
> 
>> On 28/09/2015 11:50, kamalakannan chandrakumar wrote:
>>> I'm not talking about Handler classes in SecureNIOChannel.
>>> It is for SecureNIO2Channel.
>>
>> Those are internal Tomcat classes. They are not designed for re-use
>> outside of Tomcat.
>>
>> Mark
>>
>>>
>>> Regards,
>>> Kamal.
>>>
>>>
>>> On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat  wrote:
>>>
 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar <
 chandrakumarkamalakan...@gmail.com>:

> Hi,
>
>>
>> Please let me why there is no way to set Handler class or Future task
 is
>> not returned for
>> SSL handshake in SecureNIO2Channel. How to use those classes for
 writing
>> client code ?
>> This was working fine with NIO code (SecureNIOChannel).
>
> I don't understand. Can you clarify what is this handler you are
>> talking
 about in the SecureNioChannel class ?

 Rémy

>>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: NIO2 SSL Handshake usage

2015-09-28 Thread Rémy Maucherat 
2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar <
chandrakumarkamalakan...@gmail.com>:

> Hi,
>
> >
> > Please let me why there is no way to set Handler class or Future task is
> > not returned for
> > SSL handshake in SecureNIO2Channel. How to use those classes for writing
> > client code ?
> > This was working fine with NIO code (SecureNIOChannel).
>
> I don't understand. Can you clarify what is this handler you are talking
about in the SecureNioChannel class ?

Rémy

Re: NIO2 SSL Handshake usage

2015-09-28 Thread kamalakannan chandrakumar 
I'm not talking about Handler classes in SecureNIOChannel.
It is for SecureNIO2Channel.

Regards,
Kamal.


On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat  wrote:

> 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar <
> chandrakumarkamalakan...@gmail.com>:
>
> > Hi,
> >
> > >
> > > Please let me why there is no way to set Handler class or Future task
> is
> > > not returned for
> > > SSL handshake in SecureNIO2Channel. How to use those classes for
> writing
> > > client code ?
> > > This was working fine with NIO code (SecureNIOChannel).
> >
> > I don't understand. Can you clarify what is this handler you are talking
> about in the SecureNioChannel class ?
>
> Rémy
>

Re: NIO2 SSL Handshake usage

2015-09-28 Thread kamalakannan chandrakumar 
Hi,

>
> Please let me why there is no way to set Handler class or Future task is
> not returned for
> SSL handshake in SecureNIO2Channel. How to use those classes for writing
> client code ?
> This was working fine with NIO code (SecureNIOChannel).
>
> Regards,
> Kamal.
>
>
>
>
>
>

Re: Parallel Deployment: Can I request a specific webapp version?

2015-09-28 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Linus,

On 9/28/15 2:37 AM, Linus Brimstedt wrote:
> On 27 September 2015 at 23:55, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
>> 
>> You have competing requirements:
>> 
>> 1. All servers are the same
>> 
> 2. Some subset users get a different version of the application
>> 
> 
> All servers would have all versions of the app, thats the  whole
> point :) I.e. Instead of Server 1 - 3: App Version 001 Server 4 -
> 6: App Version 002
> 
> I would have Server 1-6:  App Version  001 + 002
> 
> Parallel deployment makes this possible and simple to use.

Sure, you can push multiple versions of your application to all your
servers, but the caveat is that all new users will be using the new
application: you can't upgrade selected users (like your own QA
testers, for instance). So this isn't an ideal solution, regardless of
how simple it is.

>> Sounds like they can't co-exist without some kind of compromise.
>> We are offering one that works with currently-available
>> software.
>> 
> 
> Please elaborate

We've already explained:

1. Upgrade some load-balanced nodes
2. wait (???)
3. Profit

If you want your QA team to be able to use the new version of the
application but none of your "real" users, then try something like this:

1. Remove N/f from your load-balancer and upgrade using parallel
   deplyment
   (N = # of nodes and f=some factor of nodes you want to use for
testing)
   (Existing users will still see version V-1 while new users will
see version V. The lb will not send new users to these servers,
so nobody will see version V at all.)
2. Configure your QA team's browsers so that the lb allows them to
   go to the servers you have upgraded, and get version V
3. Proceed with testing
4. When you are satisfied, put the nodes from step #1 back into the lb
   normal rotation
5. Upgrade the remaining nodes whenever you feel comfortable

This means that, for a time, not all servers are identical. But you do
achieve your primary objective: blue/green production deployment with
a private interstitial testing phase.

Your prior use of parallel deployment did not meet your primary
criterion: namely that it upgrades too many people at once.

I think you have to decide which requirement is more important: the
private testing phase (which my proposal achieves) or the consistent
configuration of all servers (which your proposal achieves).

I still believe your requirements are at odds with each other.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWCbxDAAoJEBzwKT+lPKRY1vsP/iu70XKXfhZVM4sTA+VsK220
keAIjTUESeSKCF3IZoOtMR/xaC+3rsgCGlVjtyS8JOOkQ5/nHvD+e3XktXL8WZo0
dvynCuFeLFBj89PY3pnDcYnr8AOxnbzlgvKC2dsvE1qKrII1/au9yz3juM2EpO5c
x4avtBklG7/+8hU7sTjpykOK5/7pMXLv5KsmeX6mzoJJky9f5WXuZ6K20jKc7m2b
zdjdgXG6hPvwoOh33ybO/vPPx0h0Ih6eflQqhqEblo2xb+XYWCeSTgMwrOR0nXWK
LXZh2Yyyt7AIozvI1abp97m6kFB9KLSX9QRIb1EmiAnfnkQYCfhWpAPeUcc3ZV/h
yh2h1qON8bCTeed97GWdpPu9o5l1l4EXIKgOk+iLV4rS0CjMQ/ybl6ePOrGApQs9
q7vncmX3V4fZGdYf1qXj7ME7RcgE7U+TwRuR40wPB8McU+BVtI3d/S4I5W+9DBF7
q9+B+EmZ1jCjrwzEot57TuYxM+oT8Lsykm43Esic3CeOxOBdp8phwe65AmZHTxJV
IIhTOdFuwZzL/n2dZx0dNspjc54Df1dgPoGw0OBa8c8BHPBz8ImskLONBQHZwRvy
ejwS00Pps7B/DeiquuZLOUilJo4UP5fS8NbpLPMt/5sBb4L9pgQRXs7jFwxQ0A1y
b6nF/Y5moFILPkWAfuB8
=w+9s
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: NIO2 SSL Handshake usage

2015-09-28 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Kamal,

On 9/28/15 7:47 AM, kamalakannan chandrakumar wrote:
> Thanks ! If it is not for external purpose, pl let me know which
> API should I look to use NIO2 SSL implementation. This is for
> testing java client code to communicate with server.

Are you trying to use an NIO2 client as a test against Tomcat? Or are
you trying to test Tomcat's NIO2 connector, and you don't really care
what the client is?

ApacheBench ("ab") from the httpd project is a fairly good client,
though it's got some threading issues which make it non-ideal. It is
very easy to use, though.

Apache JMeter is a great client, but requires more in the way of setup.

If you want to use NIO2 for writing your own client, I you're going to
have to adapt the code to meet your needs... probably by liberally
stealing the code and not trying to use an "API" that Tomcat doesn't
actually provide.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWCbpIAAoJEBzwKT+lPKRYZVcP/0S4QtCIqMzVu9I+spYHZOkJ
gVsa+RAJ3/nF8T4W1o6K2qE+J84fAkblyH/GzdAdCXC79QNMwOOenqVYXKdlZeCx
oA4QgaOUgGtGGKrtHW1tsBCKQYofK4INX68l+8SLMVEmDKroIsbz77xx9ZGFzuJc
urqKSGtRLdP1QkYfcmVMn8sU123rEozQ4bujfxly6VR2x+i3Rm5MfjmnT5UUgY4z
QxVyFfoYXRvG7bPLN+DhdHjqIOyPVqEckiHQw14rzrcT6c8HcYwRFwNZqMTerDWB
4IrEc+DwrPu5AbZkhv84qQwBw4+QoHZ9wZtABbYVuBbQTy4AhOst7O/T+k8wAWAU
kNr9w+5f6oSeAOIzEmaBuDdAlm1qfmyHiYOyGTS97UKKh7Rk71xJdBQ7od/hPDYv
Bq4LBeaTT1DGJEwiBu7781hHvNKxn7QjY2vpwe9R0Vyg1JqYnrSopaWGCDp48htm
xVlV+sp1ZevnyhGIUXhwg7sh0UwDxYlZemcDfwYKJoKgwMWxDwMKG0K2HOKyxXpm
pu+OPV72xQWykCB8OtufvEnnQ9FSquuJ6GYusqM71jCaERasoKKR2ZJv307s7P8k
k7MyaE7TEgBuvp+VxGi12rO82Ksmyg+ErcWLbnutyKJHeBA9De4S09omTAYTqhRu
gGo9L1iN7lfQWitjj5Qc
=7Otz
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need help understanding support for Unix Domain Sockets in Tomcat 7.0.x

2015-09-28 Thread tomcat 

On 28.09.2015 18:09, Christopher Schultz wrote:
...




Not sure on this, as AJP is quite handy. Expecialy load balancing
java webapps and i find mod_jk quite good at this.


Remember, it's not mod_jk doing the load-balancing, it's Apache httpd.
mod_jk is simply providing the channel over which the proxying is
being done.


I don't think that's true.

In the case of mod_proxy_ajp, it is mod_proxy and mod_proxy_balancer who do the 
load-balancing.


But mod_proxy* are not used with mod_jk; it does its own balancing.

 In a thread on the dev list, I'm a little more defensive

of AJP because of its ability to pass data out-of-band with respect to
the tunneled HTTP message. There definitely is utility there.

+1.  Passing Apache httpd's "environment variables" for instance, becoming "request 
attributes" in Tomcat.


...



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org