Re: Windows Authentication

[tomcat]

On 04.03.2016 07:16, Chanchal Kariwala wrote:

I am using Tomcat 8.0.32 and I have followed the guide given at

-

https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server)
-

https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w

Windows AD Auth is working i.e. when I access the site, I am asked for
credentials and when I enter the correct credentials, the restricted
resource is displayed.

However my question is why the browser is asking for credentials? Why isn't
it accessing TGT Cache in the OS to fetch the user's credentials?

I have enabled Integrated Windows Auth in IE Settings. I have added the
site in Intranet Sites and set "Logon by Current User" in Custom Level
setting for Intranet.




Hi.

The real *key* to debugging such issues, is to use some plugin or add-on to the browser, 
to enable the capture and visualisation of the HTTP dialog back and forth between the 
browser and the server.

Since you are using IE, I suggest "Fiddler2".
Install it, close your browser, re-open the browser, start Fiddler2 in capture mode, and 
then do an access to the webserver.  When prompted for an id/pw, enter them.
Then stop Fiddler2 and examine the HTTP exchanges, starting with your initial request to 
the webserver.


You are correct in thinking that, normally, the login should happen automatically in the 
background, and you should never see this browser login dialog.
WIA authentication is a multiple-step process between the browser and the webserver, and 
in the background between the webserver and a Domain Controller.

That the login dialog appears in your case, means :
1) that the integrated WIA failed
2) that the Domain is configured to allow HTTP Basic authentication in a second step, 
after WIA fails.  That is the login dialog that you see.


So, something is not working as it should in the WIA step.
But to know exactly what, requires examining the HTTP exchanges.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Windows Authentication

[Chanchal Kariwala]

I am using Tomcat 8.0.32 and I have followed the guide given at

   -
   
https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server)
   -
   https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w

Windows AD Auth is working i.e. when I access the site, I am asked for
credentials and when I enter the correct credentials, the restricted
resource is displayed.

However my question is why the browser is asking for credentials? Why isn't
it accessing TGT Cache in the OS to fetch the user's credentials?

I have enabled Integrated Windows Auth in IE Settings. I have added the
site in Intranet Sites and set "Logon by Current User" in Custom Level
setting for Intranet.


Thanks,
Chanchal R. Kariwala
Product Engineer
Seclore Technology
chanchal.kariw...@seclore.com
www.seclore.com

Re: Understanding how to controlling what data is written to log4j appenders

[Joleen Barker]

Hello,

I don't know if I should use a new thread or not but this is a continuation
of this issue. I found that even after my changes there was very little
being written to my new log and there were still many of the product
messages being written to the catalina.out. It has now come to my attention
that the web application contains a log4j.jar file in the /lib
directory and a log4j.properties file in the /classes directory.
This log4j.properties file has a lot more items in it and I believe is the
reason all the messages from the product are still going to the
catalina.out log.

Here I was so proud of myself for getting the logs to go to an appender and
the log rolling over as expected only to find the catalina.out still
growing with messages from the application.

I am unsure how to get these messages to be added to my log file that is
being used from the log4j.properties file that is in the CATALINA_BASE/lib
directory.

One of the other things I noticed is the vendor has a tomcat-juli.jar in
the CATALINA_BASE/lib as well as in the CATALINA_BASE/bin directory where
it should be. Would the one that is in the CATALINA_BASE/lib directory be
doing anything. Maybe it is there in error and not really effecting
anything but I don't know.

I did read in a note on the tomcat web page that gave the instructions to
use the log4j logging that the steps it had written were not needed if you
just want to use log4j in your own web application - in that case, you
would just put log4j and the log4j.properties in the WEB-INF/lib and the
WEB-INF/classes of your web application which it appears the vendor did. So
I think I would need to edit their log4j.properties file.

Am I on the right track at all here?

Would it be bad to post their log4j.properties along with mine to see how I
can edit it to have the info go to the new log?

-Joleen

On Fri, Dec 4, 2015 at 4:49 PM, Joleen Barker 
wrote:

> Hello Chris,
>
> As of now I am not using JULI any longer. I am using the log4j v1.2.17.jar
>
> Eventually I will jump in to the log4j v2 users and try my hand at that.
>
> Thank you for the clarification on where to go for information. I
> completely missed seeing the log4j mailing list. Could you send me the
> url to signup for it.
>
> Have a wonderful weekend.
>
> -Joleen
>
>
>
> On Fri, Dec 4, 2015 at 1:11 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Joleen,
>>
>> On 12/3/15 11:55 PM, Joleen Barker wrote:
>> > The information you gave me for the additivity was PERFECT! It did
>> exactly
>> > what I was looking for. This also really allowed me to understand what
>> > processes were writing to which log. I have the settings in place in my
>> > test environment now and if all goes well the changes will be added in
>> the
>> > production environment soon.
>>
>> Glad you are making progress.
>>
>> There are many folks here who have experience with log4j (myself and,
>> evidently, Konstantin as well), but for more thorough log4j help, you're
>> probably going to wait to go over to the log4j mailing list.
>>
>> If JULI is in the mix (the default logging framework for Tomcat) and you
>> are using logging.properties, then you want to stay /here/ for those
>> questions. Similarly, for configuration involving Tomcat's
>> container-defined loggers ("categories" in older log4j-speak), here is
>> also the best place to post.
>>
>> -chris
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Stuck threads reading socket

[Woonsan Ko]

Hi,

I have tomcat instances (6.0.44) which are proxied by Apache 2.4.18
(+mod_proxy). SSL enabled on Apache side.
One day it was not responding and observed that all the catalina-exec
threads (25 maxthreads at the moment) were stuck in reading socket in
the thread dumps like the following (increasing maxthreads to 128
circumvented the issue for now, btw):

"catalina-exec-26537" daemon prio=10 tid=0x7f3787ff6000 nid=0x51bc
runnable [0x7f3776a4a000]
   java.lang.Thread.State: RUNNABLE
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at 
org.apache.coyote.http11.InternalInputBuffer.fill(InternalInputBuffer.java:733)
at 
org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:364)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:814)
at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:620)
at 
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:396)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)

I want to find a way to determine the root cause(s). Maybe some bad
requests are coming in or something else.. No DDoS was reported.
So, I thought about turning on tomcat AccessLogValve with %I in format
(to print out thread name) to associate the request info with the
stuck thread. I can also get more info from apache2 access logs based
on that. However, AccessLogValve probably leaves a log only after
completing the other valves, so I'm doubtful if it can help in my
case.
What would you recommend to find the root cause in this case?

Thanks in advance,

Woonsan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat access log - body of a request shows in the next request

[rails]

I have a weird behavior in my tomcat (7).

An external app sends a bunch of DELETE requests with a body to my TomCat
WebApp.
The body is being neglected in the webapp (I dont know why the app sends
it, the paramters the webapp needs are in the url).
When the app sends about 20 request - a few are being ignored by the webApp.

Looking at the Tomcat access logs I see the following strange thing.
Right after the delete (line 2) The body of the delete is concatenated to
the next request as a prefix(line 3).

Then I get 505.

Below - line 3 contains a prefix before POST /rest/dogs/tag HTTP/1.1" 405
1013.


172.31.13.77 - - [03/Mar/2016:14:08:43 +] "GET /rest/dogs/123
HTTP/1.1" 200 4095
172.31.13.77 - - [03/Mar/2016:14:09:07 +] "DELETE /rest/dogs/123
HTTP/1.1" 200 63
172.31.13.77 - - [03/Mar/2016:14:09:07 +] "{..HERE IS THE
BODY(PayLoad) OF PREVIOUS DELETE.}POST /rest/dogs/tag HTTP/1.1" 405 1013

Re: Context PreResources configuration question

[Mark Thomas]

On 03/03/2016 17:08, Philippe Busque wrote:



> Is it normal that the context is initialized BEFORE the host is started,
> while expecting the host to create the structure, but failing because
> the structure is not present?
> 
> Should the expand be executed after the host created the proper
> structure for the context to expand it wars?

Generally, the expectation is the the appBase already exists. I'm fairly
sure I didn't test the case you describe and I can easily imagine it
failing.

I'll take a look. It should be possible to get this fixed before the
next release.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Context PreResources configuration question

[Philippe Busque]

The Wed, 02 Mar 2016 22:29:35, Mark Thomas wrote :

That was pretty much a perfect question. A clear problem statement. A
clear description of what you expected to happen vs. what actually
happened. A clear description of what you tried. If only all posts to
the users list were like this.

This is an easy fix. The problem is that with no docBase defined and a
path of "", tomcat is going to use a docBase of "ROOT". That means
Tomcat is going to look for these files in "work/example1/ROOT" not in
"work/example1".

Generally, I'd recommend a slightly different directory structure.
Something like:
webapps-example1/ROOT.war
which auto expands into
webapps-example1/ROOT

Mark

Thank you. I know how it is when someone stop at your desk for help, but not 
giving you any details on what the problem is :)



I followed your advices. I created separated webapps under our ${catalina.base} 
folder webapps-example1, webapps-example2 and so on, with a ROOT.war in each of 
them (what we usually do with single webapps deployment).

It work... partially. I'm getting random crash with the same error as when it 
couldn't find the libraries.

org.apache.jasper.JasperException: The absolute uri: 
 http://java.sun.com/jsp/jstl/core cannot be 
resolved in either web.xml or the jar files deployed with this application

I first thought it was browser cache, but after testing a few time with wget on 
Tomcat itself and still getting the error, I have the feeling I'm hitting a 
cache inside tomcat. Why it's random, I have no clue.



Next I tried the docBase approach I totally forgot about that setting  after we 
removed them when they got a behaviour change midway in Tomcat 7 and it was 
recommended not to used them.

With webapps-example1 and webapps-example2, everything and a configured 
docBase, everything worked. Multiple refresh did not cause random class not 
found without the docBase.  However, since I have a dozen webapps, leaving 12 
extra webapps folders under ${catalina.base} fell  a bit cumbersome.


So I tried again with the following directory structure :
webapps/example1/ROOT
webapps/example2/ROOT


It worked like a charm too, but I noticed something that may be a priority 
order issues between ContextConfig and HostConfig.

With this configuration:

--
   http://www.example1.com>" appBase="webapps/example1" 
unpackWARs="true" autoDeploy="false">
 
 
 
 
 
 
   
--


if I create ${catalina.base}/webapps and none of it's host appBase, I get the 
following error:

--
Mar 03, 2016 11:19:07 AM org.apache.catalina.startup.ContextConfig beforeStart
SEVERE: Exception fixing docBase for context []
java.io.IOException: Unable to create the directory 
[/vol0/home/cda/servers/CDA1/webapps/mediagrif/ROOT]
   at org.apache.catalina.startup.ExpandWar.expand(ExpandWar.java:115)
   at 
org.apache.catalina.startup.ContextConfig.fixDocBase(ContextConfig.java:617)
   at 
org.apache.catalina.startup.ContextConfig.beforeStart(ContextConfig.java:753)
   at 
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:307)
   at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
   at 
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
   at 
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:394)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:144)
   at 
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
   at 
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
   at java.util.concurrent.FutureTask.run(FutureTask.java:266)
   at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
   at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
   at java.lang.Thread.run(Thread.java:745)


   // Create the new document base directory
   if(!docBase.mkdir() && !docBase.isDirectory()) {
   throw new IOException(sm.getString("expandWar.createFailed", 
docBase));
   }

--

The source reveal that ExpandWar try to do a mkdir but not a mkdirs  . Since 
the parent is absent, it fail and crash.

BUT, some moment later, the HostConfig class is creating those exact parents, 
recursively.

-
   if (host.getCreateDirs()) {
   File[] dirs = new File[] 
{host.getAppBaseFile(),host.getConfigBaseFile()};
   for (int i=0; i

Tomcat Training

[Brookbanks, Paul]

Could someone in the Toronto, Ontario, Canada area recommend a place that 
provides tomcat administrative training. I would consider online training but 
prefer an "in-class" environment. Specific need: Multiple instance 
installation, management, and monitoring.

Thank you.



[RegenerationCropped]
Paul Brookbanks
T: 416 709 9645 Ext: 287
F: 416 709 9648
2238 Dundas St. West. Suite 307
Toronto Ontario
M6R 3A9


P Please consider the environment before printing this email or any attachments.

This e-mail is intended only for the named recipient(s) and may contain 
information that is privileged, confidential and/or exempt from disclosure 
under applicable law. No waiver of privilege, confidence or otherwise is 
intended by virtue of communication via the internet. Any unauthorized use, 
dissemination or copying is strictly prohibited. If you have received this 
e-mail in error, or are not named as a recipient, please immediately notify the 
sender and destroy all copies of this e-mail. Please be aware that internet 
communications are subject to the risk of data corruption, transmission errors, 
and privacy breaches.

Re: Performance regression from 7 to 8

[George Sexton]

On 3/3/2016 4:06 AM, Tullio Bettinazzi wrote:

I've an application in which I write a page from a Buffered Stream directly to 
the Servlet output stream (more or less 300kb).

In 7 it works perfectly (100ms).

In 8 , depending from the network connection and mainly from the
http client itself (the browser in the PC) the same operation takes from
  50ms to 4500 ms.


One of the things I would look at is the browser debug window. Open the 
debugger, and go to the Networks/Timings tab and load both pages. That 
would give some insights as to what's happening. Perhaps it is the page. 
Perhaps there's something else.




On the same PC I find more or less the same time using Chrome and Firefox also 
changing network connections (wifi, lan, adsl).

Could someone suggest a solution ?

Tks
Tullio



--
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.connectdaily.com

RE: Performance regression from 7 to 8

[Tullio Bettinazzi]

So many questions.
The JVM is the same 1.8.0_65.
The server is the same and empty (nobody is working on it except me)
The network connection is the same (same cable, same client same browser) but 
different client exhibits a constant behaviour in 7 and a very variable 
behaviour in 8 (but on the same client is stable).
What do you mean with test setup ? I use my application as test.
No Apache in front, directly calling Tomcat.
Memory tuned ? no tuning at all raw, standard installations for both 7 and 8.
Tks
Tullio


> From: tom...@olafkock.de
> Subject: Re: Performance regression from 7 to 8
> To: users@tomcat.apache.org
> Date: Thu, 3 Mar 2016 14:24:54 +0100
> 
> Tullio,
> 
> just checking:
> * Have you isolated this to be a tomcat 7 vs 8 issue or could it also be
> a same-time change of the JVM? Network connection? Caching?
> * What's the test setup that you're using? Memory tuned? Apache in
> front? HTTP connector? AJP?
> 
> Olaf
> 
> Am 03.03.2016 um 12:06 schrieb Tullio Bettinazzi:
> > I've an application in which I write a page from a Buffered Stream directly 
> > to the Servlet output stream (more or less 300kb).
> >
> > In 7 it works perfectly (100ms).
> >
> > In 8 , depending from the network connection and mainly from the 
> > http client itself (the browser in the PC) the same operation takes from
> >  50ms to 4500 ms.
> >
> > On the same PC I find more or less the same time using Chrome and Firefox 
> > also changing network connections (wifi, lan, adsl).
> >
> > Could someone suggest a solution ?
> >
> > Tks
> > Tullio
> >   
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
  

Re: Performance regression from 7 to 8

[Olaf Kock]

Tullio,

just checking:
* Have you isolated this to be a tomcat 7 vs 8 issue or could it also be
a same-time change of the JVM? Network connection? Caching?
* What's the test setup that you're using? Memory tuned? Apache in
front? HTTP connector? AJP?

Olaf

Am 03.03.2016 um 12:06 schrieb Tullio Bettinazzi:
> I've an application in which I write a page from a Buffered Stream directly 
> to the Servlet output stream (more or less 300kb).
>
> In 7 it works perfectly (100ms).
>
> In 8 , depending from the network connection and mainly from the 
> http client itself (the browser in the PC) the same operation takes from
>  50ms to 4500 ms.
>
> On the same PC I find more or less the same time using Chrome and Firefox 
> also changing network connections (wifi, lan, adsl).
>
> Could someone suggest a solution ?
>
> Tks
> Tullio
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Performance regression from 7 to 8

[Tullio Bettinazzi]

I've an application in which I write a page from a Buffered Stream directly to 
the Servlet output stream (more or less 300kb).

In 7 it works perfectly (100ms).

In 8 , depending from the network connection and mainly from the 
http client itself (the browser in the PC) the same operation takes from
 50ms to 4500 ms.

On the same PC I find more or less the same time using Chrome and Firefox also 
changing network connections (wifi, lan, adsl).

Could someone suggest a solution ?

Tks
Tullio