Re: Tomcat 7 Web Service Shutdown Can't Stop Threads
Chris sing a song for us. Em 04/03/2016 16:13, "Chris Brown" escreveu: > Tomcat version: 7.0.42 > Server OS: Sun Solaris > UCP Version: Oracle 12c > Oracle Driver: ojdbc7 > JDK version: 1.8.0_31 > > Issue Description: > When tomcat shuts down our web service during a hot deployment threads are > left running that tomcat cannot shutdown. I believe the threads are from > the universal connection pool. We use oracle's universal connection pool > (ucp.jar). After multiple deployments the threads build up and cause high > CPU usage from the 2 tomcat threads. > > Log Error Examples: > Feb 08, 2016 8:00:25 PM org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads > SEVERE: The web application [/RatingService] appears to have started a > thread named [UCP-worker-thread-3] but has failed to stop it. This is very > likely to create a memory leak. > Feb 08, 2016 8:00:25 PM org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads > SEVERE: The web application [/RatingService] appears to have started a > thread named [Thread-438] but has failed to stop it. This is very likely to > create a memory leak. > Feb 27, 2016 6:15:14 PM org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads > SEVERE: The web application [/RatingService] appears to have started a > thread named > [oracle.jdbc.driver.BlockSource.ThreadedCachingBlockSource.BlockReleaser] > but has failed to stop it. This is very likely to create a memory leak. > Feb 27, 2016 6:15:14 PM org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads > SEVERE: The web application [/RatingService] appears to have started a > thread named [ForkJoinPool.commonPool-worker-32] but has failed to stop it. > This is very likely to create a memory leak. > Feb 27, 2016 6:15:14 PM org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads > SEVERE: The web application [/RatingService] appears to have started a > thread named [Timer-121] but has failed to stop it. This is very likely to > create a memory leak. > > Correction made to code to try and fix issue: > I added a ServletContextListener to our web service. On the > contextDestroyed method we destroy the connection pools. Our web service > uses 2 connection pools. > > I also upgraded to Tomcat 8 and the issue still occurred, but the messages > are now warnings instead of SEVERE errors. > > I've searched the web and have tried many suggestions that have not helped > except destroying the connection pools, but the issue still occurs. Please > help!!! > > Thank you, > Chris Brown > Systems Consultant > National Council on > Compensation Insurance > 901 Peninsula Corporate Circle > Boca Raton, FL 33487-1362 > (P) 561-893-2324 > chris_br...@ncci.com > > > > > > The information contained in this e-mail message is intended only for the > personal and confidential use of the recipient(s) named above. This message > may be an attorney-client communication and/or work product and as such is > privileged and confidential. If the reader of this message is not the > intended recipient or an agent responsible for delivering it to the > intended recipient, you are hereby notified that you have received this > document in error and that any review, dissemination, distribution, or > copying of this message is strictly prohibited. If you have received this > communication in error, please notify us immediately by e-mail, and delete > the original message. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Multiple domian names one web site different content
There is another approach, which is what I use. I presume that you are using some kind of web programming language such as ASP, ColdFusion (which I use) or something like that. All (I believe) web servers maintain a list of CGI Variables, one of which is: SERVER_NAME Your server's fully qualified domain name (e.g. www.cgi101.com) ColdFusion and I presume others allow you access to this variable. I then wrote a little program which is set up as the home page for all sites on my server. This little program then accesses the SERVER_NAME that was called in the URL. If this variable is www.Site1.com control is transferred to the directory/home page for Site1. If it is www.Site2.com it goes to the directory/home page for Site 2. I have hosted as many as twenty two entirely separate sites using this technique. I presume that you don't want to have twenty two separate tomcat instances running on your server. John Matlock On Fri, Mar 4, 2016 at 2:55 PM, Jeffrey Janner wrote: > > -Original Message- > > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > > Sent: Friday, March 04, 2016 3:36 PM > > To: Tomcat Users List > > Subject: Re: Multiple domian names one web site different content > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Jose, > > > > On 3/4/16 3:46 PM, Jose María Zaragoza wrote: > > > Maybe my question does't have to do with current thread ( an > > > probably doesn't have any sense at all) but : > > > > > > would be possible to define "VirtualHost" according the destination > > > port ? I know that VirtualHost diferent domain name, but i want to > > > keep the same domain name and to define 2 connectors , listening on > > > 8080 and 8081 Requests to 8080 go to /webapps-app1 and requests to > > > 8081 go to /webapps-app2 > > > > > > is it possible in a only one Tomcat instance ? or I need to > > > configure 2 tomcat instances ? > > > > You would need to configure Tomcat to listen on two different > > interfaces (or two different ports as you have above), plus have those > > in separate s in Tomcat's configuration so their > > s wouldn't interfere. > > > > More trouble than it's worth IMO. > > > > - -chris > > Chris's approach is correct. That's the only way to separate > by . > If you are stuck with that approach for some reason, it's what you'd need > to do. But might as well have two separate tomcat instances. After all, > that is what setting up multiple configs is really accomplishing. > The only advantage this gives you is if you are tight on memory and need > to share the JVM's heap space between the webapp. (note: this only shares > the memory, neither has access to the other's objects.) > Used to do this for some smallish webapps on Windows, primarily to give > each webapp/host it's own connector set for 80/443 without having to do > dances around that default host stuff. > Nowadays, I'm on linux with a load-balancing front-end that can properly > serve the correct SSL certificate, so it's not so important. > > Jeff > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Modjk surfacing errno 115
Am 05.03.2016 um 00:09 schrieb Max Lynch: Hi Rainer, I will do my best to provide those things. Here is what looks like the full sequence from the our log: [46055:3512666992] [info] jk_open_socket::jk_connect.c (627): connect to _ip_:12409 failed (errno=115) [46055:3512666992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket to (_ip_:12409) (errno=115) [46055:3512666992] [error] ajp_send_request::jk_ajp_common.c (1621): (_hostname_) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115) [46055:3512666992] [info] ajp_service::jk_ajp_common.c (2614): (_hostname_) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1) [46055:3512666992] [info] jk_open_socket::jk_connect.c (627): connect to _ip_:12409 failed (errno=115) [46055:3512666992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket to (_ip_:12409) (errno=115) [46055:3512666992] [error] ajp_send_request::jk_ajp_common.c (1621): (_hostname_) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115) [46055:3512666992] [info] ajp_service::jk_ajp_common.c (2614): (_hostname_) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2) [46055:3512666992] [error] ajp_service::jk_ajp_common.c (2634): (_hostname_) connecting to tomcat failed. [46055:3512666992] [info] service::jk_lb_worker.c (1469): service failed, worker _hostname_ is in error state OK, so errno 115 occurs in jk_connect.c line 627. The code there is expected to handle 115 but will not wait longer than socket_connect_timeout. You can see after this sequence the backend worker is marked as Bad. Here is the config: JkWorkerProperty worker.list=jkstatus,ajp_app,ajp_app2,ajp_app3,... JkWorkerProperty worker.jkstatus.type=status JkWorkerProperty worker.lb_member_template.type=ajp13 JkWorkerProperty worker.lb_member_template.activation=Active JkWorkerProperty worker.lb_member_template.ping_mode=A JkWorkerProperty worker.lb_member_template.connection_pool_timeout=600 JkWorkerProperty worker.lb_member_template.socket_keepalive=True JkWorkerProperty worker.lb_member_template.socket_timeout=30 I usually recommend *not* to use the general socket_timeout. Remove it. I do suggest to set ping_timeout to e.g. 10 seconds (it is the default, but making it explicit kind of ducoments it in your config). JkWorkerProperty worker.lb_member_template.socket_connect_timeout=3000 This means 3 seconds connect timeout. So it seems either your network, an intermediary between Apache and Tomcat, or Tomcat has a problem of allowing to establish a new connection in 3 seconds. Although the connect is typically done by the backend OS, once the app/TC/JVM gets slow in accepting new connections, the accept queue fills up and then new connects will fail. Did you check whether you observe long GC pauses for your Tomcat JVMs? Enable a very verbose GC log and have a look. I typically avoid very short timeouts, so try setting socket_connect_timeout to 1. If the root cause isn't just a short term hickup, this will not mitigate the problem but should result in slightly better stability in general. JkWorkerProperty worker.lb_member_template.recover_time=30 JkWorkerProperty worker.lb_member_template.recovery_options=7 JkWorkerProperty worker.lb_worker_template.type=lb JkWorkerProperty worker.ajp_app.reference=worker.lb_worker_template JkWorkerProperty worker.ajp_app.balance_workers=_hostname1_ajpport1, _hostname1_ajpport2, ..., _hostname34_ajpport15 JkWorkerProperty worker._hostname_ajpportX.reference=worker.lb_member_template JkWorkerProperty worker._hostname_ajpportX.host=_hostname_ JkWorkerProperty worker._hostname_ajpportX.port= Looks fine except for the socket_timeout and the very short socket_connect_timeout. will this list accept attachments for the other details such as netstat output and thread dumps? Not sure, but you can try. If it doesn't work, you can also send privately to me and I will summarize. If the problem persists for a long enough time, you can also try opening a new connection to your Tomcat AJP connector from the mod_jk machine by running a telnet from the mod_jk machine to the remote Tomcat port. If there is a longer hang, you should notice it with telnet as well. Of course you can't speak AJP using telnet, but it can show you whether there really is a connect problem. You might argue, that the problem disappears when you restart Apache. But that might be due to the fact, that then all existing connections get closed and resources (like threads) are freed on the Tomcat/JVM side. I suspect the question is, what keeps those resources busy. So let's have a look at netstat and thread dumps and probably try the little telnet experiment. Regards, Rainer --
Re: Modjk surfacing errno 115
Hi Rainer, I will do my best to provide those things. Here is what looks like the full sequence from the our log: [46055:3512666992] [info] jk_open_socket::jk_connect.c (627): connect to _ip_:12409 failed (errno=115) [46055:3512666992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket to (_ip_:12409) (errno=115) [46055:3512666992] [error] ajp_send_request::jk_ajp_common.c (1621): (_hostname_) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115) [46055:3512666992] [info] ajp_service::jk_ajp_common.c (2614): (_hostname_) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1) [46055:3512666992] [info] jk_open_socket::jk_connect.c (627): connect to _ip_:12409 failed (errno=115) [46055:3512666992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket to (_ip_:12409) (errno=115) [46055:3512666992] [error] ajp_send_request::jk_ajp_common.c (1621): (_hostname_) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115) [46055:3512666992] [info] ajp_service::jk_ajp_common.c (2614): (_hostname_) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2) [46055:3512666992] [error] ajp_service::jk_ajp_common.c (2634): (_hostname_) connecting to tomcat failed. [46055:3512666992] [info] service::jk_lb_worker.c (1469): service failed, worker _hostname_ is in error state You can see after this sequence the backend worker is marked as Bad. Here is the config: JkWorkerProperty worker.list=jkstatus,ajp_app,ajp_app2,ajp_app3,... JkWorkerProperty worker.jkstatus.type=status JkWorkerProperty worker.lb_member_template.type=ajp13 JkWorkerProperty worker.lb_member_template.activation=Active JkWorkerProperty worker.lb_member_template.ping_mode=A JkWorkerProperty worker.lb_member_template.connection_pool_timeout=600 JkWorkerProperty worker.lb_member_template.socket_keepalive=True JkWorkerProperty worker.lb_member_template.socket_timeout=30 JkWorkerProperty worker.lb_member_template.socket_connect_timeout=3000 JkWorkerProperty worker.lb_member_template.recover_time=30 JkWorkerProperty worker.lb_member_template.recovery_options=7 JkWorkerProperty worker.lb_worker_template.type=lb JkWorkerProperty worker.ajp_app.reference=worker.lb_worker_template JkWorkerProperty worker.ajp_app.balance_workers=_hostname1_ajpport1, _hostname1_ajpport2, ..., _hostname34_ajpport15 JkWorkerProperty worker._hostname_ajpportX.reference=worker.lb_member_template JkWorkerProperty worker._hostname_ajpportX.host=_hostname_ JkWorkerProperty worker._hostname_ajpportX.port= will this list accept attachments for the other details such as netstat output and thread dumps? Thanks, Max L On Fri, Mar 4, 2016 at 1:22 PM, Rainer Jung wrote: > Am 04.03.2016 um 20:35 schrieb Max Lynch: > >> Hi there, >> >> We have a very heavily used implementation of modjk 1.2.35 running in >> Apache 2.2.15 i686 on CentOS 6.7 x86_64. After Apache startup, our system >> will perform optimally with no errors for about 24 hours, after which we >> begin to see this message: >> >> connecting to backend failed. Tomcat is probably not started or is >> listening on the wrong port (errno=115) >> > > Errno 115 on RHEL is EINPROGRESS. That means the call didn't finish but > one could retry it. This indicates we might be able to improve the code, > but it is also possible that e.g. a configured socket_connect_timeout was > reached. To check, we would need the full mod_jk log lines (and if several > different log lines show up for one event all of them) including the > columns with source file name and line number etc. > > It would also be very useful to see your configuration. You can remove IP > adresses, ports, secrets etc. and rename your workers but we should see the > timeout setting, cping settings and so on. > > Once we start seeing this error for one backend/worker, we begin seeing the >> same errors for eventually all workers. This problem doesn't go away until >> we restart Apache. Our setup consists of 720 workers per apache, with >> multiple apache servers, and each apache server also has several other >> sites configured with modjk serving other tomcat backends. It should be >> noted that we do not see the same error with other sites, nor do we have >> so >> many workers defined for any other site. >> > > We've searched through past mailings to try and find the same issue. The >> couple times we saw it brought up the error code 110 was also mentioned. >> It >> should be noted we do not see the same pattern. errno 110 does show but >> outside of the window when the problem begins and is at its worst. We >> believe this issue is not configuration related. >> >> We're posting this here to try and gather more data. Our process prohibits >> an upgrade of any kind without plenty of evidence supporting our position. >> Hoping that some individual
RE: Multiple domian names one web site different content
> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, March 04, 2016 3:36 PM > To: Tomcat Users List > Subject: Re: Multiple domian names one web site different content > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Jose, > > On 3/4/16 3:46 PM, Jose María Zaragoza wrote: > > Maybe my question does't have to do with current thread ( an > > probably doesn't have any sense at all) but : > > > > would be possible to define "VirtualHost" according the destination > > port ? I know that VirtualHost diferent domain name, but i want to > > keep the same domain name and to define 2 connectors , listening on > > 8080 and 8081 Requests to 8080 go to /webapps-app1 and requests to > > 8081 go to /webapps-app2 > > > > is it possible in a only one Tomcat instance ? or I need to > > configure 2 tomcat instances ? > > You would need to configure Tomcat to listen on two different > interfaces (or two different ports as you have above), plus have those > in separate s in Tomcat's configuration so their > s wouldn't interfere. > > More trouble than it's worth IMO. > > - -chris Chris's approach is correct. That's the only way to separate by . If you are stuck with that approach for some reason, it's what you'd need to do. But might as well have two separate tomcat instances. After all, that is what setting up multiple configs is really accomplishing. The only advantage this gives you is if you are tight on memory and need to share the JVM's heap space between the webapp. (note: this only shares the memory, neither has access to the other's objects.) Used to do this for some smallish webapps on Windows, primarily to give each webapp/host it's own connector set for 80/443 without having to do dances around that default host stuff. Nowadays, I'm on linux with a load-balancing front-end that can properly serve the correct SSL certificate, so it's not so important. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Modjk surfacing errno 115
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, On 3/4/16 2:35 PM, Max Lynch wrote: > Hi there, > > We have a very heavily used implementation of modjk 1.2.35 running > in Apache 2.2.15 > We're posting this here to try and gather more data. Our process > prohibits an upgrade of any kind without plenty of evidence > supporting our position. You might want to upgrade httpd just based upon the series of CVEs that have been fixed between 2.2.15 and current 2.2.31. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbaBlUACgkQ9CaO5/Lv0PCbsgCeLdWCya/nKXj1eEZwHkzlYunp 4gcAniBzlcG4K4vj+fBORsNE/CFNBmW2 =FLcO -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple domian names one web site different content
On Fri, 2016-03-04 at 21:46 +0100, Jose María Zaragoza wrote: > Maybe my question does't have to do with current thread ( an probably > doesn't have any sense at all) but : > > would be possible to define "VirtualHost" according the destination port ? > I know that VirtualHost diferent domain name, but i want to keep the > same domain name > and to define > 2 connectors , listening on 8080 and 8081 > Requests to 8080 go to /webapps-app1 and requests to 8081 go to /webapps-app2 > Is there an implied requirement that host:8080/webapp1 should be serviced ONLY on 8080 and likewise for 8081/webapp2? If so I think a config along these lines would work: where ${app-base1} and ${app-base2} are distinct non-nested directories and webapp1 and webapp2 are located within the respective app-bases. But read the Configuration reference for details. http://tomcat.apache.org/tomcat-8.0-doc/config/ Depending on which version of Tomcat you're using. > is it possible in a only one Tomcat instance ? or I need to configure > 2 tomcat instances ? > > Thanks and regards > > > > > > > 2016-03-04 19:11 GMT+01:00 Christopher Schultz : > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Andrew, > > > > On 3/4/16 7:44 AM, Andrew Hardy wrote: > >> New to web servers. > > > > Welcome. > > > >> This may be a spring MVC question rather than tomcat, I'm not > >> sure. > >> > >> I understand I can map multiple domains to a single ip address > >> using DNS. I have read some stuff on how to set up multiple > >> virtual hosts on the same host (ip address) on tomcat which > >> requests can be diverted to depending on which domain name was used > >> to make the request. > >> > >> Alternatively I am wondering about not having multiple virtual > >> hosts (which I am guessing would be more useful if there was > >> significant difference between between the sites) but have a single > >> site which has a single layout structure etc but serves up > >> specifically tailored content from a selected content store BASED > >> on the domain used to make the request. > >> > >> Is this anything to do with tomcat or do I have to some how tell > >> which domain was used when the http session is begun and set which > >> content at that point using spring MVC. Perhaps the (first) > >> request / session includes the domain used and I so need to access > >> that programatically? > > > > You mean one single instance of the application that handles the > > hostname of the request to make decisions? Sounds good, and doesn't > > really involve Tomcat. > > > > If you have a session contained in a single web application, you could > > either store the initial server hostname in the session and use that > > until the session ends, or you could always pull the hostname from > > each incoming request. Presumably, it won't be changing. Or, you could > > cross-check those hostnames and maybe change configuration or complain > > and log the user out in that event. > > > > Again, not much to do with Tomcat, which will just route all > > appropriate requests to your application. > > > >> Is there a reason for this situation that I should not do things > >> the way I suggest? but should use multiple "identical duplicate" > >> web sites (virtual hosts) apart from each of which being hard coded > >> to access a specific content store? > > > > For me, it always comes down to complexity. If you know you can do > > this with a webapp-per-domain, then that's certainly a possibility but > > you'll need more heap space for multiple web applications, and so you > > might not scale as well. > > > > On the other hand, you may have to significantly re-work your web > > application to be able to handle one-single-webapp that can > > auto-switch configuration based upon the client's server-hostname. If > > that's the case, then running a single-application represents more > > risk -- at least for now. > > > > If I were designing things from scratch and I knew I'd be supporting > > marge numbers of configurations, I'd go with the > > single-webapp-instance approach because it's more scalable. > > > > - -chris > > -BEGIN PGP SIGNATURE- > > Comment: GPGTools - http://gpgtools.org > > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > > > iEYEARECAAYFAlbZz9oACgkQ9CaO5/Lv0PD0mQCfShH1CZqKimD+mwBpOJimFMvt > > qpgAni7S3D76ekXUrChiIfHZKRisUOsK > > =jNpf > > -END PGP SIGNATURE- > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail
RE: Understanding how to controlling what data is written to log4j appenders
Hi Joleen -Original Message- From: Joleen Barker [mailto:oldenuf2no...@gmail.com] Sent: Thursday, March 03, 2016 11:23 PM To: Tomcat Users List Subject: Re: Understanding how to controlling what data is written to log4j appenders > Hello, > > I don't know if I should use a new thread or not but this is a continuation > of this issue. I found that even after my changes there was very little being > written to my new log and there were still many of the product messages being > written to the catalina.out. It has now come to my attention that the web > application contains a log4j.jar file in the /lib directory and a > log4j.properties file in the /classes directory. > This log4j.properties file has a lot more items in it and I believe is the > reason all the messages from the product are still going to the catalina.out > log. > > Here I was so proud of myself for getting the logs to go to an appender and > the log rolling over as expected only to find the catalina.out still growing > with messages from the application. Hey, that's a good start! I just completed refactoring our app to use log4j2, and it was a challenge. While I am new to using log4j, maybe we can stumble thru your problem and solve it together. > I am unsure how to get these messages to be added to my log file that is > being used from the log4j.properties file that is in the CATALINA_BASE/lib > directory. > > One of the other things I noticed is the vendor has a tomcat-juli.jar in the > CATALINA_BASE/lib as well as in the CATALINA_BASE/bin directory where it > should be. Would the one that is in the CATALINA_BASE/lib directory be doing > anything. Maybe it is there in error and not really effecting anything but I > don't know. > > I did read in a note on the tomcat web page that gave the instructions to use > the log4j logging that the steps it had written were not needed if you just > want to use log4j in your own web application - in that case, you would just > put log4j and the log4j.properties in the WEB-INF/lib and the WEB-INF/classes > of your web application which it appears the vendor did. So I think I would > need to edit their log4j.properties file. > > Am I on the right track at all here? I would check a few things: 1. Check the container/application startup messages for autoconfig or default config notifications. This may be a moot point since you already said "the logs to go to an appender and the log rolling over as expected". 2. Check the log4j config files: a. For appenders that go to Console or System_Out. b. That the logger(s) refer to the appender(s) you want. c. Check the logger(s) "level" to ensure the messages levesl are >= that minimum threshold. 3. If you are in doubt as to which log4j config file is in use and have the ability to experiment, try changing the config files (and restarting the container?) to see how that affects the logs. Often what I will do is try to break something with invalid syntax - if that causes an error then I know I am editing the correct file, but if no error is generated, then I don't even have the correct file and know I should be looking elsewhere. 4. Check the application code to be sure it is not writing to System.out or calling exception printStackTrace directly. 5. Is there an "adaptor" for connecting the Tomcat logging interface to log4j that needs to be configured? I did not use the logging interface built into Tomcat, so I cannot provide help with that. > Would it be bad to post their log4j.properties along with mine to see how I > can edit it to have the info go to the new log? > > -Joleen > > On Fri, Dec 4, 2015 at 4:49 PM, Joleen Barker > wrote: > >> Hello Chris, >> >> As of now I am not using JULI any longer. I am using the log4j >> v1.2.17.jar >> >> Eventually I will jump in to the log4j v2 users and try my hand at that. >> >> Thank you for the clarification on where to go for information. I >> completely missed seeing the log4j mailing list. Could you send me the >> url to signup for it. >> >> Have a wonderful weekend. >> >> -Joleen >> >> >> >> On Fri, Dec 4, 2015 at 1:11 PM, Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> >>> Joleen, >>> >>> On 12/3/15 11:55 PM, Joleen Barker wrote: The information you gave me for the additivity was PERFECT! It did >>> exactly what I was looking for. This also really allowed me to understand what processes were writing to which log. I have the settings in place in my test environment now and if all goes well the changes will be added in >>> the production environment soon. >>> >>> Glad you are making progress. >>> >>> There are many folks here who have experience with log4j (myself and, >>> evidently, Konstantin as well), but for more thorough log4j help, >>> you're probably going to wait to go over to the log4j mailing list. >>> >>> If JULI is in the mix (the default logging framework for Tomcat) and >>> you are using logging.pr
Re: Multiple domian names one web site different content
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jose, On 3/4/16 3:46 PM, Jose María Zaragoza wrote: > Maybe my question does't have to do with current thread ( an > probably doesn't have any sense at all) but : > > would be possible to define "VirtualHost" according the destination > port ? I know that VirtualHost diferent domain name, but i want to > keep the same domain name and to define 2 connectors , listening on > 8080 and 8081 Requests to 8080 go to /webapps-app1 and requests to > 8081 go to /webapps-app2 > > is it possible in a only one Tomcat instance ? or I need to > configure 2 tomcat instances ? You would need to configure Tomcat to listen on two different interfaces (or two different ports as you have above), plus have those in separate s in Tomcat's configuration so their s wouldn't interfere. More trouble than it's worth IMO. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbZ/7QACgkQ9CaO5/Lv0PCkSACeMSZQwKieHP+h3caeV+aKVKnN 3BYAoMRm2Y/fKndlsCsti72ujxKP7wi2 =Yxuf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 Web Service Shutdown Can't Stop Threads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris, On 3/4/16 2:13 PM, Chris Brown wrote: > Tomcat version: 7.0.42 Server OS: Sun Solaris UCP Version: Oracle > 12c Oracle Driver: ojdbc7 That doesn't look like an Oracle JDBC driver version I've seen before. Can you clarify? > JDK version: 1.8.0_31 You might want to upgrade Tomcat and Java. Those are somewhat old. > Issue Description: When tomcat shuts down our web service during a > hot deployment threads are left running that tomcat cannot > shutdown. I believe the threads are from the universal connection > pool. We use oracle's universal connection pool (ucp.jar). After > multiple deployments the threads build up and cause high CPU usage > from the 2 tomcat threads. > > Log Error Examples: Feb 08, 2016 8:00:25 PM > org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads SEVERE: The web application [/RatingService] > appears to have started a thread named [UCP-worker-thread-3] but > has failed to stop it. This is very likely to create a memory > leak. Feb 08, 2016 8:00:25 PM > org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads SEVERE: The web application [/RatingService] > appears to have started a thread named [Thread-438] but has failed > to stop it. This is very likely to create a memory leak. Feb 27, > 2016 6:15:14 PM org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads SEVERE: The web application [/RatingService] > appears to have started a thread named > [oracle.jdbc.driver.BlockSource.ThreadedCachingBlockSource.BlockReleas er] > but has failed to stop it. This is very likely to create a memory > leak. Feb 27, 2016 6:15:14 PM > org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads SEVERE: The web application [/RatingService] > appears to have started a thread named > [ForkJoinPool.commonPool-worker-32] but has failed to stop it. This > is very likely to create a memory leak. Feb 27, 2016 6:15:14 PM > org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads SEVERE: The web application [/RatingService] > appears to have started a thread named [Timer-121] but has failed > to stop it. This is very likely to create a memory leak. > > Correction made to code to try and fix issue: I added a > ServletContextListener to our web service. On the contextDestroyed > method we destroy the connection pools. Our web service uses 2 > connection pools. How exactly are you destroying the connection pools? > I also upgraded to Tomcat 8 and the issue still occurred, but the > messages are now warnings instead of SEVERE errors. That's just an effect of Tomcat downgrading the log level under which it logs those issues. > I've searched the web and have tried many suggestions that have > not helped except destroying the connection pools, but the issue > still occurs. Please help!!! After you get those messages in the log, if you do a thread dump on the JVM, do you still see those threads running? Generally speaking, Tomcat should be able to shut down even with the above errors. Hopefully, none of those threads are non-daemon threads, meaning that they shouldn't stop the JVM from stopping once the JVM's main thread terminates. If your web application leaves those threads running after deployment, then multiple re-deployments without a Tomcat/JVM restart will likely result in a large memory leak. (Those threads will pin the web application's ClassLoader in memory along with all the classes it ever loaded, and these will pile-up until you have exhausted your permgen or other heap spaces). > [UCP-worker-thread-3] This is almost certainly something form Oracle's UCP > [Thread-438] This could be anything. A thread dump could tell you what it might be. > [oracle.jdbc.driver.BlockSource.ThreadedCachingBlockSource.BlockReleaser ] Obviously, this is a thread from Oracle's JDBC driver. > [ForkJoinPool.commonPool-worker-32] Maybe something from UCP? Not sure. > [Timer-121] This is usually a thread started by TimerTask, a stock Java class. But any component may have created this thread. It might be worth searching your own code to see if a TimerTask is being launched and never shut-down when your web application is shutting down. Make arrangements to make sure that you shut these down when the application is going out of service. For the Oracle-specific threads, read the documentation or search online for how to stop those threads as the application is coming down. There could be a bug in the library(ies) that might be fixed in a more recent version. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbZ/woACgkQ9CaO5/Lv0PBwvwCeLblpAKfIen1G0nmZvoqkLgWe qCoAnR84mW3an4+BOVKvzuQTI2fTTodx =5+gA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mai
Re: Modjk surfacing errno 115
Am 04.03.2016 um 20:35 schrieb Max Lynch: Hi there, We have a very heavily used implementation of modjk 1.2.35 running in Apache 2.2.15 i686 on CentOS 6.7 x86_64. After Apache startup, our system will perform optimally with no errors for about 24 hours, after which we begin to see this message: connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115) Errno 115 on RHEL is EINPROGRESS. That means the call didn't finish but one could retry it. This indicates we might be able to improve the code, but it is also possible that e.g. a configured socket_connect_timeout was reached. To check, we would need the full mod_jk log lines (and if several different log lines show up for one event all of them) including the columns with source file name and line number etc. It would also be very useful to see your configuration. You can remove IP adresses, ports, secrets etc. and rename your workers but we should see the timeout setting, cping settings and so on. Once we start seeing this error for one backend/worker, we begin seeing the same errors for eventually all workers. This problem doesn't go away until we restart Apache. Our setup consists of 720 workers per apache, with multiple apache servers, and each apache server also has several other sites configured with modjk serving other tomcat backends. It should be noted that we do not see the same error with other sites, nor do we have so many workers defined for any other site. We've searched through past mailings to try and find the same issue. The couple times we saw it brought up the error code 110 was also mentioned. It should be noted we do not see the same pattern. errno 110 does show but outside of the window when the problem begins and is at its worst. We believe this issue is not configuration related. We're posting this here to try and gather more data. Our process prohibits an upgrade of any kind without plenty of evidence supporting our position. Hoping that some individuals might have seen this particular issue, or if there is any data on whether this could be a bug. Hopefully we're correct in thinking this issue is not a configuration problem, but we'll help to rule out. It could also be interesting to capture the output of "netstat -an" during the time that the problem happens. And finally the same on the Tomcat side as well as a thread dump of the Tomcat JVM. Once you provide the full log line, I can check, whether the 1.2.41 code actually has improvements related to errno 115 or not. Knowing the place in the code where the error occurs might also give us an idea, what might have happened and how to check further (e.g. Tomcat not accepting connections, firewall idle connection drop between mod_jk and Tomcat etc. etc.). Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Multiple domian names one web site different content
> From: David kerber [mailto:dcker...@verizon.net] > Subject: Re: Multiple domian names one web site different content > No, one tomcat instance can't listen on two different ports at the same > time. ??? If that were true, Tomcat couldn't support both HTTP and HTTPS. Simply configure multiple elements, one for each desired port number. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple domian names one web site different content
On 3/4/2016 3:46 PM, Jose María Zaragoza wrote: Maybe my question does't have to do with current thread ( an probably doesn't have any sense at all) but : would be possible to define "VirtualHost" according the destination port ? I know that VirtualHost diferent domain name, but i want to keep the same domain name and to define 2 connectors , listening on 8080 and 8081 Requests to 8080 go to /webapps-app1 and requests to 8081 go to /webapps-app2 is it possible in a only one Tomcat instance ? or I need to configure 2 tomcat instances ? No, one tomcat instance can't listen on two different ports at the same time. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple domian names one web site different content
Maybe my question does't have to do with current thread ( an probably doesn't have any sense at all) but : would be possible to define "VirtualHost" according the destination port ? I know that VirtualHost diferent domain name, but i want to keep the same domain name and to define 2 connectors , listening on 8080 and 8081 Requests to 8080 go to /webapps-app1 and requests to 8081 go to /webapps-app2 is it possible in a only one Tomcat instance ? or I need to configure 2 tomcat instances ? Thanks and regards 2016-03-04 19:11 GMT+01:00 Christopher Schultz : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Andrew, > > On 3/4/16 7:44 AM, Andrew Hardy wrote: >> New to web servers. > > Welcome. > >> This may be a spring MVC question rather than tomcat, I'm not >> sure. >> >> I understand I can map multiple domains to a single ip address >> using DNS. I have read some stuff on how to set up multiple >> virtual hosts on the same host (ip address) on tomcat which >> requests can be diverted to depending on which domain name was used >> to make the request. >> >> Alternatively I am wondering about not having multiple virtual >> hosts (which I am guessing would be more useful if there was >> significant difference between between the sites) but have a single >> site which has a single layout structure etc but serves up >> specifically tailored content from a selected content store BASED >> on the domain used to make the request. >> >> Is this anything to do with tomcat or do I have to some how tell >> which domain was used when the http session is begun and set which >> content at that point using spring MVC. Perhaps the (first) >> request / session includes the domain used and I so need to access >> that programatically? > > You mean one single instance of the application that handles the > hostname of the request to make decisions? Sounds good, and doesn't > really involve Tomcat. > > If you have a session contained in a single web application, you could > either store the initial server hostname in the session and use that > until the session ends, or you could always pull the hostname from > each incoming request. Presumably, it won't be changing. Or, you could > cross-check those hostnames and maybe change configuration or complain > and log the user out in that event. > > Again, not much to do with Tomcat, which will just route all > appropriate requests to your application. > >> Is there a reason for this situation that I should not do things >> the way I suggest? but should use multiple "identical duplicate" >> web sites (virtual hosts) apart from each of which being hard coded >> to access a specific content store? > > For me, it always comes down to complexity. If you know you can do > this with a webapp-per-domain, then that's certainly a possibility but > you'll need more heap space for multiple web applications, and so you > might not scale as well. > > On the other hand, you may have to significantly re-work your web > application to be able to handle one-single-webapp that can > auto-switch configuration based upon the client's server-hostname. If > that's the case, then running a single-application represents more > risk -- at least for now. > > If I were designing things from scratch and I knew I'd be supporting > marge numbers of configurations, I'd go with the > single-webapp-instance approach because it's more scalable. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlbZz9oACgkQ9CaO5/Lv0PD0mQCfShH1CZqKimD+mwBpOJimFMvt > qpgAni7S3D76ekXUrChiIfHZKRisUOsK > =jNpf > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Modjk surfacing errno 115
Hi there, We have a very heavily used implementation of modjk 1.2.35 running in Apache 2.2.15 i686 on CentOS 6.7 x86_64. After Apache startup, our system will perform optimally with no errors for about 24 hours, after which we begin to see this message: connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115) Once we start seeing this error for one backend/worker, we begin seeing the same errors for eventually all workers. This problem doesn't go away until we restart Apache. Our setup consists of 720 workers per apache, with multiple apache servers, and each apache server also has several other sites configured with modjk serving other tomcat backends. It should be noted that we do not see the same error with other sites, nor do we have so many workers defined for any other site. We've searched through past mailings to try and find the same issue. The couple times we saw it brought up the error code 110 was also mentioned. It should be noted we do not see the same pattern. errno 110 does show but outside of the window when the problem begins and is at its worst. We believe this issue is not configuration related. We're posting this here to try and gather more data. Our process prohibits an upgrade of any kind without plenty of evidence supporting our position. Hoping that some individuals might have seen this particular issue, or if there is any data on whether this could be a bug. Hopefully we're correct in thinking this issue is not a configuration problem, but we'll help to rule out. Thanks
Tomcat 7 Web Service Shutdown Can't Stop Threads
Tomcat version: 7.0.42 Server OS: Sun Solaris UCP Version: Oracle 12c Oracle Driver: ojdbc7 JDK version: 1.8.0_31 Issue Description: When tomcat shuts down our web service during a hot deployment threads are left running that tomcat cannot shutdown. I believe the threads are from the universal connection pool. We use oracle's universal connection pool (ucp.jar). After multiple deployments the threads build up and cause high CPU usage from the 2 tomcat threads. Log Error Examples: Feb 08, 2016 8:00:25 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/RatingService] appears to have started a thread named [UCP-worker-thread-3] but has failed to stop it. This is very likely to create a memory leak. Feb 08, 2016 8:00:25 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/RatingService] appears to have started a thread named [Thread-438] but has failed to stop it. This is very likely to create a memory leak. Feb 27, 2016 6:15:14 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/RatingService] appears to have started a thread named [oracle.jdbc.driver.BlockSource.ThreadedCachingBlockSource.BlockReleaser] but has failed to stop it. This is very likely to create a memory leak. Feb 27, 2016 6:15:14 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/RatingService] appears to have started a thread named [ForkJoinPool.commonPool-worker-32] but has failed to stop it. This is very likely to create a memory leak. Feb 27, 2016 6:15:14 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/RatingService] appears to have started a thread named [Timer-121] but has failed to stop it. This is very likely to create a memory leak. Correction made to code to try and fix issue: I added a ServletContextListener to our web service. On the contextDestroyed method we destroy the connection pools. Our web service uses 2 connection pools. I also upgraded to Tomcat 8 and the issue still occurred, but the messages are now warnings instead of SEVERE errors. I've searched the web and have tried many suggestions that have not helped except destroying the connection pools, but the issue still occurs. Please help!!! Thank you, Chris Brown Systems Consultant National Council on Compensation Insurance 901 Peninsula Corporate Circle Boca Raton, FL 33487-1362 (P) 561-893-2324 chris_br...@ncci.com The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. This message may be an attorney-client communication and/or work product and as such is privileged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple domian names one web site different content
Thank you do much Chris, I really appreciate your input and taking the time to respond. Sent with AquaMail for Android http://www.aqua-mail.com On 4 March 2016 18:12:11 Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, On 3/4/16 7:44 AM, Andrew Hardy wrote: New to web servers. Welcome. This may be a spring MVC question rather than tomcat, I'm not sure. I understand I can map multiple domains to a single ip address using DNS. I have read some stuff on how to set up multiple virtual hosts on the same host (ip address) on tomcat which requests can be diverted to depending on which domain name was used to make the request. Alternatively I am wondering about not having multiple virtual hosts (which I am guessing would be more useful if there was significant difference between between the sites) but have a single site which has a single layout structure etc but serves up specifically tailored content from a selected content store BASED on the domain used to make the request. Is this anything to do with tomcat or do I have to some how tell which domain was used when the http session is begun and set which content at that point using spring MVC. Perhaps the (first) request / session includes the domain used and I so need to access that programatically? You mean one single instance of the application that handles the hostname of the request to make decisions? Sounds good, and doesn't really involve Tomcat. If you have a session contained in a single web application, you could either store the initial server hostname in the session and use that until the session ends, or you could always pull the hostname from each incoming request. Presumably, it won't be changing. Or, you could cross-check those hostnames and maybe change configuration or complain and log the user out in that event. Again, not much to do with Tomcat, which will just route all appropriate requests to your application. Is there a reason for this situation that I should not do things the way I suggest? but should use multiple "identical duplicate" web sites (virtual hosts) apart from each of which being hard coded to access a specific content store? For me, it always comes down to complexity. If you know you can do this with a webapp-per-domain, then that's certainly a possibility but you'll need more heap space for multiple web applications, and so you might not scale as well. On the other hand, you may have to significantly re-work your web application to be able to handle one-single-webapp that can auto-switch configuration based upon the client's server-hostname. If that's the case, then running a single-application represents more risk -- at least for now. If I were designing things from scratch and I knew I'd be supporting marge numbers of configurations, I'd go with the single-webapp-instance approach because it's more scalable. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbZz9oACgkQ9CaO5/Lv0PD0mQCfShH1CZqKimD+mwBpOJimFMvt qpgAni7S3D76ekXUrChiIfHZKRisUOsK =jNpf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: clustered environment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Usair, On 3/1/16 12:00 AM, uzair rashid wrote: > Background,: windows boxes, cms servers, bobj, tomcat servers > 7.057. Distributed landscape. (Clustered) > > Ive configured the server xml for clustering and distributable to > true in the web xml. > > In the cms, we have a Java null pointer exception. At login it > first says page is expired and then once in it gives an > jasperexception.java.lang.nullpointer exception: while trying to > invoke the method > cpm.businessobjects.bip.core.web.appcontext.appweb session > context. Get productlocale () of an object returned . We have no idea what any of that stuff is. > The peculiar thing is, in our production environment, there is > absolutely no issue. Same versions, etc.? > Things, I've tried: > > 1. Matched conf directory to production 2. Deleted tomcat work > directory 3. Restarted tomcat > > Stderr below: > > 2016-02-29 18:00:56 Commons Daemon procrun stderr initialized > > Feb 29, 2016 6:01:03 PM > org.apache.catalina.startup.VersionLoggerListener log > > INFO: Server version:Apache Tomcat/7.0.57 You might want to upgrade if possible. That version of Tomcat is nearly 18 months old. > INFO: TLD skipped. URI: http://java.sun.com/jstl/core is already > defined > > Feb 29, 2016 6:02:16 PM org.apache.catalina.session.StandardManager > doLoad > > SEVERE: IOException while loading persisted sessions: > java.io.EOFException > > java.io.EOFException > > at > java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream. java:2280) > > at > java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputSt ream.java:2749) > > at > java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:779) > > at java.io.ObjectInputStream.(ObjectInputStream.java:279) > > at > org.apache.catalina.util.CustomObjectInputStream.(CustomObjectIn putStream.java:56) > > at > org.apache.catalina.session.StandardManager.doLoad(StandardManager.jav a:244) > > at > org.apache.catalina.session.StandardManager.load(StandardManager.java: 202) > > at > org.apache.catalina.session.StandardManager.startInternal(StandardMana ger.java:489) > > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext .java:5501) > > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase. java:901) > > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877 ) > > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649) > > at > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java :1245) > > at > org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig. java:1895) > > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439 ) > > at > java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) > > at java.util.concurrent.FutureTask.run(FutureTask.java:138) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecu tor.java:886) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. java:908) > > at java.lang.Thread.run(Thread.java:743) This is Tomcat not being able to read your stored sessions file. Not the issue you are currently reporting, but you might want to get this fixed. > Feb 29, 2016 6:03:12 PM com.sun.faces.config.ConfigureListener > contextInitialized > > INFO: Initializing Mojarra (1.2_16-20110421-1728-SNAPSHOT) for > context '/BOE' > SEVERE: Servlet.service() for servlet equinoxbridgeservlet threw > exception > > java.lang.IllegalStateException: Cannot call sendError() after the > response has been committed > > at > org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade. java:450) > > > at > com.businessobjects.http.servlet.internal.BundlePathAwareServiceHandler. serviceHelper(BundlePathAwareServiceHandler.java:254) Bad state management by the application. No NullPointerExceptions found in the log file. Can you re-state your question? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbZ1P4ACgkQ9CaO5/Lv0PDAuQCfdmudJg2VyFtJ+87jBWt0M/nr 1dIAn1ueY0cwmymjbQWfRwdfIYwLNgZq =NKVv -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple domian names one web site different content
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, On 3/4/16 7:44 AM, Andrew Hardy wrote: > New to web servers. Welcome. > This may be a spring MVC question rather than tomcat, I'm not > sure. > > I understand I can map multiple domains to a single ip address > using DNS. I have read some stuff on how to set up multiple > virtual hosts on the same host (ip address) on tomcat which > requests can be diverted to depending on which domain name was used > to make the request. > > Alternatively I am wondering about not having multiple virtual > hosts (which I am guessing would be more useful if there was > significant difference between between the sites) but have a single > site which has a single layout structure etc but serves up > specifically tailored content from a selected content store BASED > on the domain used to make the request. > > Is this anything to do with tomcat or do I have to some how tell > which domain was used when the http session is begun and set which > content at that point using spring MVC. Perhaps the (first) > request / session includes the domain used and I so need to access > that programatically? You mean one single instance of the application that handles the hostname of the request to make decisions? Sounds good, and doesn't really involve Tomcat. If you have a session contained in a single web application, you could either store the initial server hostname in the session and use that until the session ends, or you could always pull the hostname from each incoming request. Presumably, it won't be changing. Or, you could cross-check those hostnames and maybe change configuration or complain and log the user out in that event. Again, not much to do with Tomcat, which will just route all appropriate requests to your application. > Is there a reason for this situation that I should not do things > the way I suggest? but should use multiple "identical duplicate" > web sites (virtual hosts) apart from each of which being hard coded > to access a specific content store? For me, it always comes down to complexity. If you know you can do this with a webapp-per-domain, then that's certainly a possibility but you'll need more heap space for multiple web applications, and so you might not scale as well. On the other hand, you may have to significantly re-work your web application to be able to handle one-single-webapp that can auto-switch configuration based upon the client's server-hostname. If that's the case, then running a single-application represents more risk -- at least for now. If I were designing things from scratch and I knew I'd be supporting marge numbers of configurations, I'd go with the single-webapp-instance approach because it's more scalable. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbZz9oACgkQ9CaO5/Lv0PD0mQCfShH1CZqKimD+mwBpOJimFMvt qpgAni7S3D76ekXUrChiIfHZKRisUOsK =jNpf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Understanding how to controlling what data is written to log4j appenders
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: Understanding how to controlling what data is written to log4j > appenders > Can you confirm that the class in question is actually using log4j for > output? There's little that can be done if the class is using > System.out/System.err directly. Setting swallowOutput in the associated should help in such a situation. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Understanding how to controlling what data is written to log4j appenders
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joleen, On 3/3/16 11:23 PM, Joleen Barker wrote: > I don't know if I should use a new thread or not but this is a > continuation of this issue. Replying to this issue is entirely appropriate. > I found that even after my changes there was very little being > written to my new log and there were still many of the product > messages being written to the catalina.out. It has now come to my > attention that the web application contains a log4j.jar file in the > /lib directory and a log4j.properties file in the > /classes directory. This log4j.properties file has a lot > more items in it and I believe is the reason all the messages from > the product are still going to the catalina.out log. > > Here I was so proud of myself for getting the logs to go to an > appender and the log rolling over as expected only to find the > catalina.out still growing with messages from the application. > > I am unsure how to get these messages to be added to my log file > that is being used from the log4j.properties file that is in the > CATALINA_BASE/lib directory. Where is the class that is producing the log messages? Is it in the application, or has it been loaded by Tomcat because it's in CATALINA_BASE/lib, for example? Can you confirm that the class in question is actually using log4j for output? There's little that can be done if the class is using System.out/System.err directly. Also, does the log4j.properties file in the web application have any logging going to a ConsoleAppender? That's just the same as printing to System.out. > One of the other things I noticed is the vendor has a > tomcat-juli.jar in the CATALINA_BASE/lib as well as in the > CATALINA_BASE/bin directory where it should be. Would the one that > is in the CATALINA_BASE/lib directory be doing anything. Maybe it > is there in error and not really effecting anything but I don't > know. Tomcat will probably pick-up both JAR files, but the second one will be ignored, since the one in the bin/ directory will be preferred, and will be in the parent ClassLoader. Are those two .jar files identical? > I did read in a note on the tomcat web page that gave the > instructions to use the log4j logging that the steps it had written > were not needed if you just want to use log4j in your own web > application - in that case, you would just put log4j and the > log4j.properties in the WEB-INF/lib and the WEB-INF/classes of your > web application which it appears the vendor did. Right: the Tomcat configuration is only required if you want to use log4j for *Tomcat logging* instead of the standard JULI-based logging. > So I think I would need to edit their log4j.properties file. Possibly. As long as there is no use of ConsoleAppender in there (or catalina.out!), it should be fine. > Am I on the right track at all here? > > Would it be bad to post their log4j.properties along with mine to > see how I can edit it to have the info go to the new log? Just make sure to sanitize the configuration files. Make sure there aren't SMTP credentials or anything else in there. Also, you probably want to remove anything vendor-specific, such as thresholds for certain vendor-specific classes. Those don't really matter and also you want to protect the guilty. ;) - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbZzlcACgkQ9CaO5/Lv0PA3QwCfXoVVcy6iq6uVnMDCEyLuOO40 w+8An3qB2/Z4q4R7YWMrRVGIEgHK1ASQ =q5Ob -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat access log - body of a request shows in the next request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 3/4/16 3:26 AM, Mark Thomas wrote: > On 03/03/2016 22:18, rails wrote: >> I have a weird behavior in my tomcat (7). >> >> An external app sends a bunch of DELETE requests with a body to >> my TomCat WebApp. The body is being neglected in the webapp (I >> dont know why the app sends it, the paramters the webapp needs >> are in the url). When the app sends about 20 request - a few are >> being ignored by the webApp. >> >> Looking at the Tomcat access logs I see the following strange >> thing. Right after the delete (line 2) The body of the delete is >> concatenated to the next request as a prefix(line 3). > > You need to use something like Wireshark to confirm that the > requests being sent are spec compliant. If they are, you could have > hit a Tomcat bug and we'll need the simplest possible test case you > can put put together to demonstrate the issue. Even if the messages are NOT spec-compliant, Tomcat shouldn't treat one request as two. (Unless the pipelined message is so mangled that the client really is making more than one request on a single connection .) - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbZzIAACgkQ9CaO5/Lv0PAghQCcDabSaI6RdCwQuHETrpxICHWZ tWoAmwcl6EhwFHWzluEwHvYxRT1UX0yC =xVYr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Training
On 04.03.2016 17:58, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 3/3/16 11:39 AM, Brookbanks, Paul wrote: Could someone in the Toronto, Ontario, Canada area recommend a place that provides tomcat administrative training. I would consider online training but prefer an “in-class” environment. Specific need: Multiple instance installation, management, and monitoring. Come to ApacheCon NA in Vancouver, BC in May: http://events.linuxfoundation.org/events/apachecon-north-america I'll (likely) be giving a talk on monitoring Apache Tomcat and (separately) working with Tomcat's new container-managed authentication framework. I'm not sure about any other presentations, specifically, but there will likely be more Tomcat-related material at the conference. There's also the "hallway track" where you can corner various knowledgeable people and ask about how to do particular things. Recently, the Tomcat community (actually, just markt) has been presenting semi-regular webinars that are about 20 minutes long. Have a look at this page for more information: http://tomcat.apache.org/presentations.html One of the items not specifically on that list is "how to do multi-instance installation", though it will certainly be covered under "how to set up Tomcat so as to make upgrades easier". I'd be willing to do that presentation... I just need some time to get it together and we can schedule a webinar for it. In a quite recent post, Mark also provided a link to a presentation he made in the past about front-end/back-end configurations, which may be relevant. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Training
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 3/3/16 11:39 AM, Brookbanks, Paul wrote: > Could someone in the Toronto, Ontario, Canada area recommend a > place that provides tomcat administrative training. I would > consider online training but prefer an “in-class” environment. > Specific need: Multiple instance installation, management, and > monitoring. Come to ApacheCon NA in Vancouver, BC in May: http://events.linuxfoundation.org/events/apachecon-north-america I'll (likely) be giving a talk on monitoring Apache Tomcat and (separately) working with Tomcat's new container-managed authentication framework. I'm not sure about any other presentations, specifically, but there will likely be more Tomcat-related material at the conference. There's also the "hallway track" where you can corner various knowledgeable people and ask about how to do particular things. Recently, the Tomcat community (actually, just markt) has been presenting semi-regular webinars that are about 20 minutes long. Have a look at this page for more information: http://tomcat.apache.org/presentations.html One of the items not specifically on that list is "how to do multi-instance installation", though it will certainly be covered under "how to set up Tomcat so as to make upgrades easier". I'd be willing to do that presentation... I just need some time to get it together and we can schedule a webinar for it. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbZvqgACgkQ9CaO5/Lv0PBiDQCeP6e/Aivzbol7b3ZwHSY3DCIY Ch4AoKrXnKOW7nDpdH5+KKjOccj72Gjd =r/RY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Performance regression from 7 to 8
The rules: http://tomcat.apache.org/lists.html#tomcat-users -> 6. do not top-post -> 7. use plain text in your e-mail No clue what is instruction in your piece of code is "the yellow" one. 2016-03-04 13:24 GMT+03:00 Tullio Bettinazzi : > The problem is all in this small piece of code > ByteArrayOutputStream bbs = new ByteArrayOutputStream(); > BufferedOutputStream bos = new BufferedOutputStream(bbs); > trans.eseguiTrasformazioneOut(bos); > try { > bos.flush(); > initReponse(xpFileTypeOut.getMimeType(), xpFilename); > bbs.writeTo(getOutputStream()); > } catch (IOException ex) { > Messaggi.getErrori().getLogger().error("Errore in emettiFile ", > ex); > } > The yellow instruction take 100 ms in Tomcat7, quite stable on all clients, > in Tomcat8 it takes from 50 ms to 4500 ms stable on a single client PC but > very different from client to client. > Tks > Tullio > >> Subject: Re: Performance regression from 7 to 8 >> To: users@tomcat.apache.org >> From: ma...@apache.org >> Date: Fri, 4 Mar 2016 09:42:22 + >> >> On 04/03/2016 09:39, Tullio Bettinazzi wrote: >> > I applied tour suggestion and analyzed, with firebug, the composition of >> > the time. >> > The difference between 7 and 8 is the "receiving" time which is more or >> > less zero in 7 and 2sec. in 8. >> > How can I understand such difference ? >> >> Try creating the simplest possible web application that demonstrates the >> problem. >> >> Mark >> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What would happen if there were 2 log4j.jar files in the same library
Thank you. I will make sure there is only one in the lib directory. -Joleen On Fri, Mar 4, 2016 at 9:54 AM, Chris Gamache wrote: > Hi Joleen, > > You may already know most of this, but just in case: > > Inside or outside of tomcat, if you have two classes in the same classpath, > both with the same class name and package name, it's often hit-or-miss > which one will get picked. Weird things happen. And different weird things > happen with different flavours of JVM or the same JVM make on different > platforms. > > Evaluate your dependencies and eliminate the duplicates. This is often > wickedly difficult to do manually. There are several different dependency > management tools you can use-- Maven is my choice, but there are others > like Ivy and Gradle. Sometimes they build and manage dependencies. Other > times they just manage dependencies. > > If you need to have multiple versions of the same class inside your JVM, > rolling them up using OSGi is a (very complicated but effective, IMO) way > to handle that. > > hope this helps! > > CG > > > On Fri, Mar 4, 2016 at 9:05 AM, Joleen Barker > wrote: > > > I saw there is log4j-1.2.8-1.jar and log4j-1.2.17.jar in the WEB-INF/lib > > directory for a web application and I wonder what happens if there are > two > > in the same library. > > > > Thank you, > > > > -Joleen > > >
Re: Stuck threads reading socket
Thank you so much, Mark! It helped a lot! Appreciate much for sharing the slides, too. Cheers, Woonsan On Fri, Mar 4, 2016 at 3:28 AM, Mark Thomas wrote: > On 04/03/2016 00:51, Woonsan Ko wrote: >> I have tomcat instances (6.0.44) which are proxied by Apache 2.4.18 >> (+mod_proxy). SSL enabled on Apache side. >> One day it was not responding and observed that all the catalina-exec >> threads (25 maxthreads at the moment) were stuck in reading socket in >> the thread dumps like the following (increasing maxthreads to 128 >> circumvented the issue for now, btw): > > > >> What would you recommend to find the root cause in this case? > > That looks like a common configuration error. > > Take a look at this: > http://home.apache.org/~markt/presentations/2015-04-15-Tomcat-clustering-part-1-reverse-proxies.pdf > > Particularly slides 29 to 34. > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context PreResources configuration question
On 03/03/2016 20:37, Mark Thomas wrote: > On 03/03/2016 17:08, Philippe Busque wrote: > > > >> Is it normal that the context is initialized BEFORE the host is started, >> while expecting the host to create the structure, but failing because >> the structure is not present? >> >> Should the expand be executed after the host created the proper >> structure for the context to expand it wars? > > Generally, the expectation is the the appBase already exists. I'm fairly > sure I didn't test the case you describe and I can easily imagine it > failing. > > I'll take a look. It should be possible to get this fixed before the > next release. Fixed. Will be in the next releases of 9.0.x, 8.0.x and 7.0.x. 6.0.x doesn;t have the "create missing appBase" feature. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What would happen if there were 2 log4j.jar files in the same library
Hi Joleen, You may already know most of this, but just in case: Inside or outside of tomcat, if you have two classes in the same classpath, both with the same class name and package name, it's often hit-or-miss which one will get picked. Weird things happen. And different weird things happen with different flavours of JVM or the same JVM make on different platforms. Evaluate your dependencies and eliminate the duplicates. This is often wickedly difficult to do manually. There are several different dependency management tools you can use-- Maven is my choice, but there are others like Ivy and Gradle. Sometimes they build and manage dependencies. Other times they just manage dependencies. If you need to have multiple versions of the same class inside your JVM, rolling them up using OSGi is a (very complicated but effective, IMO) way to handle that. hope this helps! CG On Fri, Mar 4, 2016 at 9:05 AM, Joleen Barker wrote: > I saw there is log4j-1.2.8-1.jar and log4j-1.2.17.jar in the WEB-INF/lib > directory for a web application and I wonder what happens if there are two > in the same library. > > Thank you, > > -Joleen >
What would happen if there were 2 log4j.jar files in the same library
I saw there is log4j-1.2.8-1.jar and log4j-1.2.17.jar in the WEB-INF/lib directory for a web application and I wonder what happens if there are two in the same library. Thank you, -Joleen
Re: Windows Authentication
On 04.03.2016 14:40, George Stanchev wrote: It does not look like HTTP Basic. Did you try different browsers? IE, Chrome, FF? Do you get same behavior with all? Is the user logging in member of the domain your IWA is set up to? Did you try /un/-checking the "Enable WIA authentication" checkbox in IE ? (I know it sounds counter-intuitive, but try it). If you set up a 3rd party IWA provider (such as Waffle), does it act the same on all 3 browsers? There was a recent issue with Waffle that one of my developers submitted that was dealing with similar issues [1]. You might want to go over that thread to see it can give you pointers. [1] https://github.com/dblock/waffle/issues/268 -Original Message- From: Chanchal Kariwala [mailto:chanchal.kariw...@seclore.com] Sent: Friday, March 04, 2016 2:52 AM To: Tomcat Users List Subject: Re: Windows Authentication But how does the browser decide on Basic Auth? Usually 401 Response contains WWW-Authenticate: Basic realm="MyREALM" to indicate Basic Auth Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 3:16 PM, André Warnier (tomcat) wrote: On 04.03.2016 10:11, Chanchal Kariwala wrote: I tries what you asked and I have observed the following 1. Browser sends a request for the resource Server replies with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers Fine. 2. Browser sends a new request with the following in Request Headers Authorization: Negotiate YHkGBisGAQUFAqBvMG2gMDAuBgorBg Also seems fine. (But difficult to tell, as these tokens are "opaque" by design). Server replies again with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers But this does not seem ok. It seems that the browser and server are failing to agree on an authentication method, and dropping down to HTTP Basic. 3. At this point the browser shows HTTP Basic Auth form and sends the following in Headers Authorization: Negotiate YIIK1QYGKwYBBQUCoIIKyTCCCsWgMDAuBgkqhkiC9xIBAgIGCSqGS (*Really huge value, much much longer than the first one*) Now the Server replies with HTTP 200 and the following in headers WWW-Authenticate: Negotiate oYHzMIHwoAMKAQChCwYJKoZIhvcSAQICom0 Set-Cookie: JSESSIONID=541FE2EDD35690BBDE99..; Path=/webapp/; HttpOnly So yes WIA is failing.. Can you help me out with the next step in debugging? I think at this point, you need to go to your Windows network sysadmins, with the information above, and ask them what is going on. There are just too many possible reasons, in the Windows Domain environment, why this could fail. (browser, browser version, workstation OS version, browser settings, Domain Controller settings, Domain networkn policies, membership of Domain or not, etc.). Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 1:20 PM, André Warnier (tomcat) wrote: On 04.03.2016 07:16, Chanchal Kariwala wrote: I am using Tomcat 8.0.32 and I have followed the guide given at - https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) - https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w Windows AD Auth is working i.e. when I access the site, I am asked for credentials and when I enter the correct credentials, the restricted resource is displayed. However my question is why the browser is asking for credentials? Why isn't it accessing TGT Cache in the OS to fetch the user's credentials? I have enabled Integrated Windows Auth in IE Settings. I have added the site in Intranet Sites and set "Logon by Current User" in Custom Level setting for Intranet. Hi. The real *key* to debugging such issues, is to use some plugin or add-on to the browser, to enable the capture and visualisation of the HTTP dialog back and forth between the browser and the server. Since you are using IE, I suggest "Fiddler2". Install it, close your browser, re-open the browser, start Fiddler2 in capture mode, and then do an access to the webserver. When prompted for an id/pw, enter them. Then stop Fiddler2 and examine the HTTP exchanges, starting with your initial request to the webserver. You are correct in thinking that, normally, the login should happen automatically in the background, and you should never see this browser login dialog. WIA authentication is a multiple-step process between the browser and the webserver, and in the background between the webserver and a Domain Controller. That the login dialog appears in your case, means : 1) that the integrated WIA failed 2) that the Domain is configured to allow HTTP Basic authentication in a second step, after WIA fails. That is the login dialog that you see. So, something is not working as it should in the WIA step. But to know exactly what, requires examining the HTTP exchanges.
RE: Windows Authentication
It does not look like HTTP Basic. Did you try different browsers? IE, Chrome, FF? Do you get same behavior with all? Is the user logging in member of the domain your IWA is set up to? If you set up a 3rd party IWA provider (such as Waffle), does it act the same on all 3 browsers? There was a recent issue with Waffle that one of my developers submitted that was dealing with similar issues [1]. You might want to go over that thread to see it can give you pointers. [1] https://github.com/dblock/waffle/issues/268 -Original Message- From: Chanchal Kariwala [mailto:chanchal.kariw...@seclore.com] Sent: Friday, March 04, 2016 2:52 AM To: Tomcat Users List Subject: Re: Windows Authentication But how does the browser decide on Basic Auth? Usually 401 Response contains WWW-Authenticate: Basic realm="MyREALM" to indicate Basic Auth Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 3:16 PM, André Warnier (tomcat) wrote: > On 04.03.2016 10:11, Chanchal Kariwala wrote: > >> I tries what you asked and I have observed the following >> >> 1. Browser sends a request for the resource Server replies with HTTP >> 401 and WWW-Authenticate: Negotiate in Response Headers >> > > Fine. > > >> 2. Browser sends a new request with the following in Request Headers >> Authorization: Negotiate YHkGBisGAQUFAqBvMG2gMDAuBgorBg >> >> > Also seems fine. (But difficult to tell, as these tokens are "opaque" by > design). > > Server replies again with HTTP 401 and WWW-Authenticate: Negotiate in >> Response Headers >> >> > But this does not seem ok. It seems that the browser and server are > failing to agree on an authentication method, and dropping down to HTTP > Basic. > > > 3. At this point the browser shows HTTP Basic Auth form and sends the >> following in Headers >> Authorization: Negotiate >> YIIK1QYGKwYBBQUCoIIKyTCCCsWgMDAuBgkqhkiC9xIBAgIGCSqGS (*Really huge >> value, much much longer than the first one*) >> >> Now the Server replies with HTTP 200 and the following in headers >> WWW-Authenticate: Negotiate oYHzMIHwoAMKAQChCwYJKoZIhvcSAQICom0 >> Set-Cookie: JSESSIONID=541FE2EDD35690BBDE99..; Path=/webapp/; HttpOnly >> >> So yes WIA is failing.. >> Can you help me out with the next step in debugging? >> >> > I think at this point, you need to go to your Windows network sysadmins, > with the information above, and ask them what is going on. > There are just too many possible reasons, in the Windows Domain > environment, why this could fail. (browser, browser version, workstation OS > version, browser settings, Domain Controller settings, Domain networkn > policies, membership of Domain or not, etc.). > > >> >> >> Thanks, >> Chanchal R. Kariwala >> Product Engineer >> Seclore Technology >> chanchal.kariw...@seclore.com >> www.seclore.com >> >> >> >> On Fri, Mar 4, 2016 at 1:20 PM, André Warnier (tomcat) >> wrote: >> >> On 04.03.2016 07:16, Chanchal Kariwala wrote: >>> >>> I am using Tomcat 8.0.32 and I have followed the guide given at - https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) - https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w Windows AD Auth is working i.e. when I access the site, I am asked for credentials and when I enter the correct credentials, the restricted resource is displayed. However my question is why the browser is asking for credentials? Why isn't it accessing TGT Cache in the OS to fetch the user's credentials? I have enabled Integrated Windows Auth in IE Settings. I have added the site in Intranet Sites and set "Logon by Current User" in Custom Level setting for Intranet. Hi. >>> >>> The real *key* to debugging such issues, is to use some plugin or add-on >>> to the browser, to enable the capture and visualisation of the HTTP >>> dialog >>> back and forth between the browser and the server. >>> Since you are using IE, I suggest "Fiddler2". >>> Install it, close your browser, re-open the browser, start Fiddler2 in >>> capture mode, and then do an access to the webserver. When prompted for >>> an >>> id/pw, enter them. >>> Then stop Fiddler2 and examine the HTTP exchanges, starting with your >>> initial request to the webserver. >>> >>> You are correct in thinking that, normally, the login should happen >>> automatically in the background, and you should never see this browser >>> login dialog. >>> WIA authentication is a multiple-step process between the browser and the >>> webserver, and in the background between the webserver and a Domain >>> Controller. >>> That the login dialog appears in your case, means : >>> 1) that the integrated WIA failed >>> 2) that the Domain is configured to allow HTTP Basic authentication in a >>> second step, after WIA fails. That is the login dialog that
RE: Performance regression from 7 to 8
Done and nothing changed. Any suggestion ? Here the code. package axioma.rubik.engine.web.servlet; import java.io.*; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.*; @WebServlet(name="Test8", description="Direct update of data", urlPatterns={"/Test8"}) public class Test8Servlet extends HttpServlet { private static final long serialVersionUID = 1L; @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { fai(response); } catch (Exception ex) { ex.printStackTrace(); } } public void fai(HttpServletResponse response) throws IOException { ByteArrayOutputStream bbs = new ByteArrayOutputStream(); BufferedOutputStream bos = new BufferedOutputStream(bbs); for(int i = 0; i < 40; i++) { bos.write(96); } bos.flush(); bbs.writeTo(response.getOutputStream()); } } > Date: Fri, 4 Mar 2016 12:58:02 +0100 > Subject: Re: Performance regression from 7 to 8 > From: r...@apache.org > To: users@tomcat.apache.org > > 2016-03-04 12:42 GMT+01:00 Mark Thomas : > > > On 04/03/2016 11:17, Tullio Bettinazzi wrote: > > > This servlet reproduces the problem perfectly. > > > > Getting better but still some room for improvement. > > - You don't need to implement doPost() > > - You don't need to call System.gc() (or if you do look there for > > the problem) > > > > Yes, it's on every get and will cause a major concurrency issue. > > > > - You do need to remove the use of the ComunicationChannelHttp and > > Cronometro classes (and if that fixes the problem look there > > for the root cause) > > - The try/catch in doGet() should not be necessary either > > > > Also writing individual bytes is more costly even if there's some buffering. > > Rémy > > > > > Mark > > > > > package axioma.rubik.engine.web.servlet; > > > > > > import java.io.*; > > > import javax.servlet.ServletException; > > > import javax.servlet.annotation.WebServlet; > > > import javax.servlet.http.*; > > > import axioma.rubik.engine.web.ComunicationChannelHttp; > > > import it.axioma.rubik.engine.Cronometro; > > > > > > @WebServlet(name="Test8", description="Direct update of data", > > urlPatterns={"/Test8"}) > > > public class Test8Servlet extends HttpServlet { > > > > > > private static final long serialVersionUID = 1L; > > > > > > @Override > > > protected void doPost(HttpServletRequest request, > > HttpServletResponse response) throws ServletException, IOException { > > > this.doGet(request,response); > > > } > > > > > > @Override > > > protected void doGet(HttpServletRequest request, HttpServletResponse > > response) throws ServletException, IOException { > > > try { > > > fai(response); > > > System.gc(); > > > } catch (Exception ex) { > > > ex.printStackTrace(); > > > } > > > ComunicationChannelHttp.CONTEXT_MANAGER.clean(); > > > } > > > > > > public void fai(HttpServletResponse response) { > > > Cronometro crono = new Cronometro(); > > > ByteArrayOutputStream bbs = new ByteArrayOutputStream(); > > > BufferedOutputStream bos = new BufferedOutputStream(bbs); > > > try { > > > for(int i = 0; i < 40; i++) { > > > bos.write(96); > > > } > > > bos.flush(); > > > System.out.println("Step 1 : "+crono.elapsed()); > > > bbs.writeTo(response.getOutputStream()); > > > System.out.println("Step 1 : "+crono.elapsed()); > > > } catch (IOException ex) { > > > ex.printStackTrace(); > > > } > > > } > > > > > > } > > > > > > > > >> Subject: Re: Performance regression from 7 to 8 > > >> To: users@tomcat.apache.org > > >> From: ma...@apache.org > > >> Date: Fri, 4 Mar 2016 10:38:30 + > > >> > > >> On 04/03/2016 10:24, Tullio Bettinazzi wrote: > > >>> The problem is all in this small piece of code > > >>> ByteArrayOutputStream bbs = new ByteArrayOutputStream(); > > >>> BufferedOutputStream bos = new BufferedOutputStream(bbs); > > >>> trans.eseguiTrasformazioneOut(bos); > > >>> try { > > >>> bos.flush(); > > >>> initReponse(xpFileTypeOut.getMimeType(), xpFilename); > > >>> bbs.writeTo(getOutputStream()); > > >>> } catch (IOException ex) { > > >>> Messaggi.getErrori().getLogger().error("Errore in > > emettiFile ", ex); > > >>> } > > >>> The yellow instruction take 100 ms in Tomcat7, quite stable on all > > clients, in Tomcat8 it takes from 50 ms to 4500 ms stable on a single > > client PC but very different from client to client. > > >>> Tks > > >>> Tullio > > >> > > >> I'll repeat what I said previously: > > >> > > >> Try creating the *si
Multiple domian names one web site different content
New to web servers. This may be a spring MVC question rather than tomcat, I'm not sure. I understand I can map multiple domains to a single ip address using DNS. I have read some stuff on how to set up multiple virtual hosts on the same host (ip address) on tomcat which requests can be diverted to depending on which domain name was used to make the request. Alternatively I am wondering about not having multiple virtual hosts (which I am guessing would be more useful if there was significant difference between between the sites) but have a single site which has a single layout structure etc but serves up specifically tailored content from a selected content store BASED on the domain used to make the request. Is this anything to do with tomcat or do I have to some how tell which domain was used when the http session is begun and set which content at that point using spring MVC. Perhaps the (first) request / session includes the domain used and I so need to access that programatically? Is there a reason for this situation that I should not do things the way I suggest? but should use multiple "identical duplicate" web sites (virtual hosts) apart from each of which being hard coded to access a specific content store? Thanks for any help. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Performance regression from 7 to 8
2016-03-04 12:42 GMT+01:00 Mark Thomas : > On 04/03/2016 11:17, Tullio Bettinazzi wrote: > > This servlet reproduces the problem perfectly. > > Getting better but still some room for improvement. > - You don't need to implement doPost() > - You don't need to call System.gc() (or if you do look there for > the problem) > Yes, it's on every get and will cause a major concurrency issue. > - You do need to remove the use of the ComunicationChannelHttp and > Cronometro classes (and if that fixes the problem look there > for the root cause) > - The try/catch in doGet() should not be necessary either > Also writing individual bytes is more costly even if there's some buffering. Rémy > > Mark > > > package axioma.rubik.engine.web.servlet; > > > > import java.io.*; > > import javax.servlet.ServletException; > > import javax.servlet.annotation.WebServlet; > > import javax.servlet.http.*; > > import axioma.rubik.engine.web.ComunicationChannelHttp; > > import it.axioma.rubik.engine.Cronometro; > > > > @WebServlet(name="Test8", description="Direct update of data", > urlPatterns={"/Test8"}) > > public class Test8Servlet extends HttpServlet { > > > > private static final long serialVersionUID = 1L; > > > > @Override > > protected void doPost(HttpServletRequest request, > HttpServletResponse response) throws ServletException, IOException { > > this.doGet(request,response); > > } > > > > @Override > > protected void doGet(HttpServletRequest request, HttpServletResponse > response) throws ServletException, IOException { > > try { > > fai(response); > > System.gc(); > > } catch (Exception ex) { > > ex.printStackTrace(); > > } > > ComunicationChannelHttp.CONTEXT_MANAGER.clean(); > > } > > > > public void fai(HttpServletResponse response) { > > Cronometro crono = new Cronometro(); > > ByteArrayOutputStream bbs = new ByteArrayOutputStream(); > > BufferedOutputStream bos = new BufferedOutputStream(bbs); > > try { > > for(int i = 0; i < 40; i++) { > > bos.write(96); > > } > > bos.flush(); > > System.out.println("Step 1 : "+crono.elapsed()); > > bbs.writeTo(response.getOutputStream()); > > System.out.println("Step 1 : "+crono.elapsed()); > > } catch (IOException ex) { > > ex.printStackTrace(); > > } > > } > > > > } > > > > > >> Subject: Re: Performance regression from 7 to 8 > >> To: users@tomcat.apache.org > >> From: ma...@apache.org > >> Date: Fri, 4 Mar 2016 10:38:30 + > >> > >> On 04/03/2016 10:24, Tullio Bettinazzi wrote: > >>> The problem is all in this small piece of code > >>> ByteArrayOutputStream bbs = new ByteArrayOutputStream(); > >>> BufferedOutputStream bos = new BufferedOutputStream(bbs); > >>> trans.eseguiTrasformazioneOut(bos); > >>> try { > >>> bos.flush(); > >>> initReponse(xpFileTypeOut.getMimeType(), xpFilename); > >>> bbs.writeTo(getOutputStream()); > >>> } catch (IOException ex) { > >>> Messaggi.getErrori().getLogger().error("Errore in > emettiFile ", ex); > >>> } > >>> The yellow instruction take 100 ms in Tomcat7, quite stable on all > clients, in Tomcat8 it takes from 50 ms to 4500 ms stable on a single > client PC but very different from client to client. > >>> Tks > >>> Tullio > >> > >> I'll repeat what I said previously: > >> > >> Try creating the *simplest possible* web application that demonstrates > the > >> problem. > >> > >> Mark > >> > >>> > Subject: Re: Performance regression from 7 to 8 > To: users@tomcat.apache.org > From: ma...@apache.org > Date: Fri, 4 Mar 2016 09:42:22 + > > On 04/03/2016 09:39, Tullio Bettinazzi wrote: > > I applied tour suggestion and analyzed, with firebug, the > composition of the time. > > The difference between 7 and 8 is the "receiving" time which is more > or less zero in 7 and 2sec. in 8. > > How can I understand such difference ? > > Try creating the simplest possible web application that demonstrates > the > problem. > > Mark > > > > Tks > > Tullio > > > > > > P.S. : same server, same client, same network, same code both 7 and > 8 installed from scratch > > > >> Subject: Re: Performance regression from 7 to 8 > >> To: users@tomcat.apache.org > >> From: geor...@mhsoftware.com > >> Date: Thu, 3 Mar 2016 09:30:33 -0700 > >> > >> > >> > >> On 3/3/2016 4:06 AM, Tullio Bettinazzi wrote: > >>> I've an application in which I write a page from a Buffered Stream > directly to the Servlet output stream (more or less 300kb). > >>> > >>> In 7 it works perfectly (100ms). > >>> > >>> In 8 , depending from the network connection and mainly from the >
Re: Performance regression from 7 to 8
On 04/03/2016 11:17, Tullio Bettinazzi wrote: > This servlet reproduces the problem perfectly. Getting better but still some room for improvement. - You don't need to implement doPost() - You don't need to call System.gc() (or if you do look there for the problem) - You do need to remove the use of the ComunicationChannelHttp and Cronometro classes (and if that fixes the problem look there for the root cause) - The try/catch in doGet() should not be necessary either Mark > package axioma.rubik.engine.web.servlet; > > import java.io.*; > import javax.servlet.ServletException; > import javax.servlet.annotation.WebServlet; > import javax.servlet.http.*; > import axioma.rubik.engine.web.ComunicationChannelHttp; > import it.axioma.rubik.engine.Cronometro; > > @WebServlet(name="Test8", description="Direct update of data", > urlPatterns={"/Test8"}) > public class Test8Servlet extends HttpServlet { > > private static final long serialVersionUID = 1L; > > @Override > protected void doPost(HttpServletRequest request, HttpServletResponse > response) throws ServletException, IOException { > this.doGet(request,response); > } > > @Override > protected void doGet(HttpServletRequest request, HttpServletResponse > response) throws ServletException, IOException { > try { > fai(response); > System.gc(); > } catch (Exception ex) { > ex.printStackTrace(); > } > ComunicationChannelHttp.CONTEXT_MANAGER.clean(); > } > > public void fai(HttpServletResponse response) { > Cronometro crono = new Cronometro(); > ByteArrayOutputStream bbs = new ByteArrayOutputStream(); > BufferedOutputStream bos = new BufferedOutputStream(bbs); > try { > for(int i = 0; i < 40; i++) { > bos.write(96); > } > bos.flush(); > System.out.println("Step 1 : "+crono.elapsed()); > bbs.writeTo(response.getOutputStream()); > System.out.println("Step 1 : "+crono.elapsed()); > } catch (IOException ex) { > ex.printStackTrace(); > } > } > > } > > >> Subject: Re: Performance regression from 7 to 8 >> To: users@tomcat.apache.org >> From: ma...@apache.org >> Date: Fri, 4 Mar 2016 10:38:30 + >> >> On 04/03/2016 10:24, Tullio Bettinazzi wrote: >>> The problem is all in this small piece of code >>> ByteArrayOutputStream bbs = new ByteArrayOutputStream(); >>> BufferedOutputStream bos = new BufferedOutputStream(bbs); >>> trans.eseguiTrasformazioneOut(bos); >>> try { >>> bos.flush(); >>> initReponse(xpFileTypeOut.getMimeType(), xpFilename); >>> bbs.writeTo(getOutputStream()); >>> } catch (IOException ex) { >>> Messaggi.getErrori().getLogger().error("Errore in emettiFile ", >>> ex); >>> } >>> The yellow instruction take 100 ms in Tomcat7, quite stable on all clients, >>> in Tomcat8 it takes from 50 ms to 4500 ms stable on a single client PC but >>> very different from client to client. >>> Tks >>> Tullio >> >> I'll repeat what I said previously: >> >> Try creating the *simplest possible* web application that demonstrates the >> problem. >> >> Mark >> >>> Subject: Re: Performance regression from 7 to 8 To: users@tomcat.apache.org From: ma...@apache.org Date: Fri, 4 Mar 2016 09:42:22 + On 04/03/2016 09:39, Tullio Bettinazzi wrote: > I applied tour suggestion and analyzed, with firebug, the composition of > the time. > The difference between 7 and 8 is the "receiving" time which is more or > less zero in 7 and 2sec. in 8. > How can I understand such difference ? Try creating the simplest possible web application that demonstrates the problem. Mark > Tks > Tullio > > > P.S. : same server, same client, same network, same code both 7 and 8 > installed from scratch > >> Subject: Re: Performance regression from 7 to 8 >> To: users@tomcat.apache.org >> From: geor...@mhsoftware.com >> Date: Thu, 3 Mar 2016 09:30:33 -0700 >> >> >> >> On 3/3/2016 4:06 AM, Tullio Bettinazzi wrote: >>> I've an application in which I write a page from a Buffered Stream >>> directly to the Servlet output stream (more or less 300kb). >>> >>> In 7 it works perfectly (100ms). >>> >>> In 8 , depending from the network connection and mainly from the >>> http client itself (the browser in the PC) the same operation takes from >>> 50ms to 4500 ms. >> >> One of the things I would look at is the browser debug window. Open the >> debugger, and go to the Networks/Timings tab and load both pages. That >> would give some insights as to what's happening. Perhaps it is the page. >> Perhaps there's something else. >> >>> >>
RE: Performance regression from 7 to 8
This servlet reproduces the problem perfectly. package axioma.rubik.engine.web.servlet; import java.io.*; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.*; import axioma.rubik.engine.web.ComunicationChannelHttp; import it.axioma.rubik.engine.Cronometro; @WebServlet(name="Test8", description="Direct update of data", urlPatterns={"/Test8"}) public class Test8Servlet extends HttpServlet { private static final long serialVersionUID = 1L; @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request,response); } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { fai(response); System.gc(); } catch (Exception ex) { ex.printStackTrace(); } ComunicationChannelHttp.CONTEXT_MANAGER.clean(); } public void fai(HttpServletResponse response) { Cronometro crono = new Cronometro(); ByteArrayOutputStream bbs = new ByteArrayOutputStream(); BufferedOutputStream bos = new BufferedOutputStream(bbs); try { for(int i = 0; i < 40; i++) { bos.write(96); } bos.flush(); System.out.println("Step 1 : "+crono.elapsed()); bbs.writeTo(response.getOutputStream()); System.out.println("Step 1 : "+crono.elapsed()); } catch (IOException ex) { ex.printStackTrace(); } } } > Subject: Re: Performance regression from 7 to 8 > To: users@tomcat.apache.org > From: ma...@apache.org > Date: Fri, 4 Mar 2016 10:38:30 + > > On 04/03/2016 10:24, Tullio Bettinazzi wrote: > > The problem is all in this small piece of code > > ByteArrayOutputStream bbs = new ByteArrayOutputStream(); > > BufferedOutputStream bos = new BufferedOutputStream(bbs); > > trans.eseguiTrasformazioneOut(bos); > > try { > > bos.flush(); > > initReponse(xpFileTypeOut.getMimeType(), xpFilename); > > bbs.writeTo(getOutputStream()); > > } catch (IOException ex) { > > Messaggi.getErrori().getLogger().error("Errore in emettiFile ", > > ex); > > } > > The yellow instruction take 100 ms in Tomcat7, quite stable on all clients, > > in Tomcat8 it takes from 50 ms to 4500 ms stable on a single client PC but > > very different from client to client. > > Tks > > Tullio > > I'll repeat what I said previously: > > Try creating the *simplest possible* web application that demonstrates the > problem. > > Mark > > > > >> Subject: Re: Performance regression from 7 to 8 > >> To: users@tomcat.apache.org > >> From: ma...@apache.org > >> Date: Fri, 4 Mar 2016 09:42:22 + > >> > >> On 04/03/2016 09:39, Tullio Bettinazzi wrote: > >>> I applied tour suggestion and analyzed, with firebug, the composition of > >>> the time. > >>> The difference between 7 and 8 is the "receiving" time which is more or > >>> less zero in 7 and 2sec. in 8. > >>> How can I understand such difference ? > >> > >> Try creating the simplest possible web application that demonstrates the > >> problem. > >> > >> Mark > >> > >> > >>> Tks > >>> Tullio > >>> > >>> > >>> P.S. : same server, same client, same network, same code both 7 and 8 > >>> installed from scratch > >>> > Subject: Re: Performance regression from 7 to 8 > To: users@tomcat.apache.org > From: geor...@mhsoftware.com > Date: Thu, 3 Mar 2016 09:30:33 -0700 > > > > On 3/3/2016 4:06 AM, Tullio Bettinazzi wrote: > > I've an application in which I write a page from a Buffered Stream > > directly to the Servlet output stream (more or less 300kb). > > > > In 7 it works perfectly (100ms). > > > > In 8 , depending from the network connection and mainly from the > > http client itself (the browser in the PC) the same operation takes from > > 50ms to 4500 ms. > > One of the things I would look at is the browser debug window. Open the > debugger, and go to the Networks/Timings tab and load both pages. That > would give some insights as to what's happening. Perhaps it is the page. > Perhaps there's something else. > > > > > On the same PC I find more or less the same time using Chrome and > > Firefox also changing network connections (wifi, lan, adsl). > > > > Could someone suggest a solution ? > > > > Tks > > Tullio > > > > -- > George Sexton > *MH Software, Inc.* > Voice: 303 438 9585 > http://www.connectdaily.com > >>> > >>> > >> > >> > >> - > >> To unsub
Re: Performance regression from 7 to 8
On 04/03/2016 10:24, Tullio Bettinazzi wrote: > The problem is all in this small piece of code > ByteArrayOutputStream bbs = new ByteArrayOutputStream(); > BufferedOutputStream bos = new BufferedOutputStream(bbs); > trans.eseguiTrasformazioneOut(bos); > try { > bos.flush(); > initReponse(xpFileTypeOut.getMimeType(), xpFilename); > bbs.writeTo(getOutputStream()); > } catch (IOException ex) { > Messaggi.getErrori().getLogger().error("Errore in emettiFile ", > ex); > } > The yellow instruction take 100 ms in Tomcat7, quite stable on all clients, > in Tomcat8 it takes from 50 ms to 4500 ms stable on a single client PC but > very different from client to client. > Tks > Tullio I'll repeat what I said previously: Try creating the *simplest possible* web application that demonstrates the problem. Mark > >> Subject: Re: Performance regression from 7 to 8 >> To: users@tomcat.apache.org >> From: ma...@apache.org >> Date: Fri, 4 Mar 2016 09:42:22 + >> >> On 04/03/2016 09:39, Tullio Bettinazzi wrote: >>> I applied tour suggestion and analyzed, with firebug, the composition of >>> the time. >>> The difference between 7 and 8 is the "receiving" time which is more or >>> less zero in 7 and 2sec. in 8. >>> How can I understand such difference ? >> >> Try creating the simplest possible web application that demonstrates the >> problem. >> >> Mark >> >> >>> Tks >>> Tullio >>> >>> >>> P.S. : same server, same client, same network, same code both 7 and 8 >>> installed from scratch >>> Subject: Re: Performance regression from 7 to 8 To: users@tomcat.apache.org From: geor...@mhsoftware.com Date: Thu, 3 Mar 2016 09:30:33 -0700 On 3/3/2016 4:06 AM, Tullio Bettinazzi wrote: > I've an application in which I write a page from a Buffered Stream > directly to the Servlet output stream (more or less 300kb). > > In 7 it works perfectly (100ms). > > In 8 , depending from the network connection and mainly from the > http client itself (the browser in the PC) the same operation takes from > 50ms to 4500 ms. One of the things I would look at is the browser debug window. Open the debugger, and go to the Networks/Timings tab and load both pages. That would give some insights as to what's happening. Perhaps it is the page. Perhaps there's something else. > > On the same PC I find more or less the same time using Chrome and Firefox > also changing network connections (wifi, lan, adsl). > > Could someone suggest a solution ? > > Tks > Tullio > -- George Sexton *MH Software, Inc.* Voice: 303 438 9585 http://www.connectdaily.com >>> >>> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance regression from 7 to 8
The problem is all in this small piece of code ByteArrayOutputStream bbs = new ByteArrayOutputStream(); BufferedOutputStream bos = new BufferedOutputStream(bbs); trans.eseguiTrasformazioneOut(bos); try { bos.flush(); initReponse(xpFileTypeOut.getMimeType(), xpFilename); bbs.writeTo(getOutputStream()); } catch (IOException ex) { Messaggi.getErrori().getLogger().error("Errore in emettiFile ", ex); } The yellow instruction take 100 ms in Tomcat7, quite stable on all clients, in Tomcat8 it takes from 50 ms to 4500 ms stable on a single client PC but very different from client to client. Tks Tullio > Subject: Re: Performance regression from 7 to 8 > To: users@tomcat.apache.org > From: ma...@apache.org > Date: Fri, 4 Mar 2016 09:42:22 + > > On 04/03/2016 09:39, Tullio Bettinazzi wrote: > > I applied tour suggestion and analyzed, with firebug, the composition of > > the time. > > The difference between 7 and 8 is the "receiving" time which is more or > > less zero in 7 and 2sec. in 8. > > How can I understand such difference ? > > Try creating the simplest possible web application that demonstrates the > problem. > > Mark > > > > Tks > > Tullio > > > > > > P.S. : same server, same client, same network, same code both 7 and 8 > > installed from scratch > > > >> Subject: Re: Performance regression from 7 to 8 > >> To: users@tomcat.apache.org > >> From: geor...@mhsoftware.com > >> Date: Thu, 3 Mar 2016 09:30:33 -0700 > >> > >> > >> > >> On 3/3/2016 4:06 AM, Tullio Bettinazzi wrote: > >>> I've an application in which I write a page from a Buffered Stream > >>> directly to the Servlet output stream (more or less 300kb). > >>> > >>> In 7 it works perfectly (100ms). > >>> > >>> In 8 , depending from the network connection and mainly from the > >>> http client itself (the browser in the PC) the same operation takes from > >>> 50ms to 4500 ms. > >> > >> One of the things I would look at is the browser debug window. Open the > >> debugger, and go to the Networks/Timings tab and load both pages. That > >> would give some insights as to what's happening. Perhaps it is the page. > >> Perhaps there's something else. > >> > >>> > >>> On the same PC I find more or less the same time using Chrome and Firefox > >>> also changing network connections (wifi, lan, adsl). > >>> > >>> Could someone suggest a solution ? > >>> > >>> Tks > >>> Tullio > >>> > >> > >> -- > >> George Sexton > >> *MH Software, Inc.* > >> Voice: 303 438 9585 > >> http://www.connectdaily.com > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
Re: Windows Authentication
But how does the browser decide on Basic Auth? Usually 401 Response contains WWW-Authenticate: Basic realm="MyREALM" to indicate Basic Auth Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 3:16 PM, André Warnier (tomcat) wrote: > On 04.03.2016 10:11, Chanchal Kariwala wrote: > >> I tries what you asked and I have observed the following >> >> 1. Browser sends a request for the resource >> Server replies with HTTP 401 and WWW-Authenticate: Negotiate in Response >> Headers >> > > Fine. > > >> 2. Browser sends a new request with the following in Request Headers >> Authorization: Negotiate YHkGBisGAQUFAqBvMG2gMDAuBgorBg >> >> > Also seems fine. (But difficult to tell, as these tokens are "opaque" by > design). > > Server replies again with HTTP 401 and WWW-Authenticate: Negotiate in >> Response Headers >> >> > But this does not seem ok. It seems that the browser and server are > failing to agree on an authentication method, and dropping down to HTTP > Basic. > > > 3. At this point the browser shows HTTP Basic Auth form and sends the >> following in Headers >> Authorization: Negotiate >> YIIK1QYGKwYBBQUCoIIKyTCCCsWgMDAuBgkqhkiC9xIBAgIGCSqGS (*Really huge >> value, much much longer than the first one*) >> >> Now the Server replies with HTTP 200 and the following in headers >> WWW-Authenticate: Negotiate oYHzMIHwoAMKAQChCwYJKoZIhvcSAQICom0 >> Set-Cookie: JSESSIONID=541FE2EDD35690BBDE99..; Path=/webapp/; HttpOnly >> >> So yes WIA is failing.. >> Can you help me out with the next step in debugging? >> >> > I think at this point, you need to go to your Windows network sysadmins, > with the information above, and ask them what is going on. > There are just too many possible reasons, in the Windows Domain > environment, why this could fail. (browser, browser version, workstation OS > version, browser settings, Domain Controller settings, Domain networkn > policies, membership of Domain or not, etc.). > > >> >> >> Thanks, >> Chanchal R. Kariwala >> Product Engineer >> Seclore Technology >> chanchal.kariw...@seclore.com >> www.seclore.com >> >> >> >> On Fri, Mar 4, 2016 at 1:20 PM, André Warnier (tomcat) >> wrote: >> >> On 04.03.2016 07:16, Chanchal Kariwala wrote: >>> >>> I am using Tomcat 8.0.32 and I have followed the guide given at - https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) - https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w Windows AD Auth is working i.e. when I access the site, I am asked for credentials and when I enter the correct credentials, the restricted resource is displayed. However my question is why the browser is asking for credentials? Why isn't it accessing TGT Cache in the OS to fetch the user's credentials? I have enabled Integrated Windows Auth in IE Settings. I have added the site in Intranet Sites and set "Logon by Current User" in Custom Level setting for Intranet. Hi. >>> >>> The real *key* to debugging such issues, is to use some plugin or add-on >>> to the browser, to enable the capture and visualisation of the HTTP >>> dialog >>> back and forth between the browser and the server. >>> Since you are using IE, I suggest "Fiddler2". >>> Install it, close your browser, re-open the browser, start Fiddler2 in >>> capture mode, and then do an access to the webserver. When prompted for >>> an >>> id/pw, enter them. >>> Then stop Fiddler2 and examine the HTTP exchanges, starting with your >>> initial request to the webserver. >>> >>> You are correct in thinking that, normally, the login should happen >>> automatically in the background, and you should never see this browser >>> login dialog. >>> WIA authentication is a multiple-step process between the browser and the >>> webserver, and in the background between the webserver and a Domain >>> Controller. >>> That the login dialog appears in your case, means : >>> 1) that the integrated WIA failed >>> 2) that the Domain is configured to allow HTTP Basic authentication in a >>> second step, after WIA fails. That is the login dialog that you see. >>> >>> So, something is not working as it should in the WIA step. >>> But to know exactly what, requires examining the HTTP exchanges. >>> >>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Windows Authentication
On 04.03.2016 10:11, Chanchal Kariwala wrote: I tries what you asked and I have observed the following 1. Browser sends a request for the resource Server replies with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers Fine. 2. Browser sends a new request with the following in Request Headers Authorization: Negotiate YHkGBisGAQUFAqBvMG2gMDAuBgorBg Also seems fine. (But difficult to tell, as these tokens are "opaque" by design). Server replies again with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers But this does not seem ok. It seems that the browser and server are failing to agree on an authentication method, and dropping down to HTTP Basic. 3. At this point the browser shows HTTP Basic Auth form and sends the following in Headers Authorization: Negotiate YIIK1QYGKwYBBQUCoIIKyTCCCsWgMDAuBgkqhkiC9xIBAgIGCSqGS (*Really huge value, much much longer than the first one*) Now the Server replies with HTTP 200 and the following in headers WWW-Authenticate: Negotiate oYHzMIHwoAMKAQChCwYJKoZIhvcSAQICom0 Set-Cookie: JSESSIONID=541FE2EDD35690BBDE99..; Path=/webapp/; HttpOnly So yes WIA is failing.. Can you help me out with the next step in debugging? I think at this point, you need to go to your Windows network sysadmins, with the information above, and ask them what is going on. There are just too many possible reasons, in the Windows Domain environment, why this could fail. (browser, browser version, workstation OS version, browser settings, Domain Controller settings, Domain networkn policies, membership of Domain or not, etc.). Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 1:20 PM, André Warnier (tomcat) wrote: On 04.03.2016 07:16, Chanchal Kariwala wrote: I am using Tomcat 8.0.32 and I have followed the guide given at - https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) - https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w Windows AD Auth is working i.e. when I access the site, I am asked for credentials and when I enter the correct credentials, the restricted resource is displayed. However my question is why the browser is asking for credentials? Why isn't it accessing TGT Cache in the OS to fetch the user's credentials? I have enabled Integrated Windows Auth in IE Settings. I have added the site in Intranet Sites and set "Logon by Current User" in Custom Level setting for Intranet. Hi. The real *key* to debugging such issues, is to use some plugin or add-on to the browser, to enable the capture and visualisation of the HTTP dialog back and forth between the browser and the server. Since you are using IE, I suggest "Fiddler2". Install it, close your browser, re-open the browser, start Fiddler2 in capture mode, and then do an access to the webserver. When prompted for an id/pw, enter them. Then stop Fiddler2 and examine the HTTP exchanges, starting with your initial request to the webserver. You are correct in thinking that, normally, the login should happen automatically in the background, and you should never see this browser login dialog. WIA authentication is a multiple-step process between the browser and the webserver, and in the background between the webserver and a Domain Controller. That the login dialog appears in your case, means : 1) that the integrated WIA failed 2) that the Domain is configured to allow HTTP Basic authentication in a second step, after WIA fails. That is the login dialog that you see. So, something is not working as it should in the WIA step. But to know exactly what, requires examining the HTTP exchanges. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Restricting manager app
On 04/03/2016 09:44, Martin Holz (for Usenet) wrote: > Hi, > > is there a simple a way to restrict, what the Tomcat manager app can do? > I want to deny deploying webapps or changing the configuration over the > net. But I want to allow starting, stopping and reloading. > > This could probably be done by security constraints or a servlet filter, > at least for text manager. But I wonder, if there is a simpler solution. Sorry, no. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Restricting manager app
Hi, is there a simple a way to restrict, what the Tomcat manager app can do? I want to deny deploying webapps or changing the configuration over the net. But I want to allow starting, stopping and reloading. This could probably be done by security constraints or a servlet filter, at least for text manager. But I wonder, if there is a simpler solution. Thanks Martin - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Performance regression from 7 to 8
On 04/03/2016 09:39, Tullio Bettinazzi wrote: > I applied tour suggestion and analyzed, with firebug, the composition of the > time. > The difference between 7 and 8 is the "receiving" time which is more or less > zero in 7 and 2sec. in 8. > How can I understand such difference ? Try creating the simplest possible web application that demonstrates the problem. Mark > Tks > Tullio > > > P.S. : same server, same client, same network, same code both 7 and 8 > installed from scratch > >> Subject: Re: Performance regression from 7 to 8 >> To: users@tomcat.apache.org >> From: geor...@mhsoftware.com >> Date: Thu, 3 Mar 2016 09:30:33 -0700 >> >> >> >> On 3/3/2016 4:06 AM, Tullio Bettinazzi wrote: >>> I've an application in which I write a page from a Buffered Stream directly >>> to the Servlet output stream (more or less 300kb). >>> >>> In 7 it works perfectly (100ms). >>> >>> In 8 , depending from the network connection and mainly from the >>> http client itself (the browser in the PC) the same operation takes from >>> 50ms to 4500 ms. >> >> One of the things I would look at is the browser debug window. Open the >> debugger, and go to the Networks/Timings tab and load both pages. That >> would give some insights as to what's happening. Perhaps it is the page. >> Perhaps there's something else. >> >>> >>> On the same PC I find more or less the same time using Chrome and Firefox >>> also changing network connections (wifi, lan, adsl). >>> >>> Could someone suggest a solution ? >>> >>> Tks >>> Tullio >>> >> >> -- >> George Sexton >> *MH Software, Inc.* >> Voice: 303 438 9585 >> http://www.connectdaily.com > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance regression from 7 to 8
I applied tour suggestion and analyzed, with firebug, the composition of the time. The difference between 7 and 8 is the "receiving" time which is more or less zero in 7 and 2sec. in 8. How can I understand such difference ? Tks Tullio P.S. : same server, same client, same network, same code both 7 and 8 installed from scratch > Subject: Re: Performance regression from 7 to 8 > To: users@tomcat.apache.org > From: geor...@mhsoftware.com > Date: Thu, 3 Mar 2016 09:30:33 -0700 > > > > On 3/3/2016 4:06 AM, Tullio Bettinazzi wrote: > > I've an application in which I write a page from a Buffered Stream directly > > to the Servlet output stream (more or less 300kb). > > > > In 7 it works perfectly (100ms). > > > > In 8 , depending from the network connection and mainly from the > > http client itself (the browser in the PC) the same operation takes from > > 50ms to 4500 ms. > > One of the things I would look at is the browser debug window. Open the > debugger, and go to the Networks/Timings tab and load both pages. That > would give some insights as to what's happening. Perhaps it is the page. > Perhaps there's something else. > > > > > On the same PC I find more or less the same time using Chrome and Firefox > > also changing network connections (wifi, lan, adsl). > > > > Could someone suggest a solution ? > > > > Tks > > Tullio > > > > -- > George Sexton > *MH Software, Inc.* > Voice: 303 438 9585 > http://www.connectdaily.com
Re: Windows Authentication
I tries what you asked and I have observed the following 1. Browser sends a request for the resource Server replies with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers 2. Browser sends a new request with the following in Request Headers Authorization: Negotiate YHkGBisGAQUFAqBvMG2gMDAuBgorBg Server replies again with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers 3. At this point the browser shows HTTP Basic Auth form and sends the following in Headers Authorization: Negotiate YIIK1QYGKwYBBQUCoIIKyTCCCsWgMDAuBgkqhkiC9xIBAgIGCSqGS (*Really huge value, much much longer than the first one*) Now the Server replies with HTTP 200 and the following in headers WWW-Authenticate: Negotiate oYHzMIHwoAMKAQChCwYJKoZIhvcSAQICom0 Set-Cookie: JSESSIONID=541FE2EDD35690BBDE99..; Path=/webapp/; HttpOnly So yes WIA is failing.. Can you help me out with the next step in debugging? Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 1:20 PM, André Warnier (tomcat) wrote: > On 04.03.2016 07:16, Chanchal Kariwala wrote: > >> I am using Tomcat 8.0.32 and I have followed the guide given at >> >> - >> >> https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) >> - >> >> https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w >> >> Windows AD Auth is working i.e. when I access the site, I am asked for >> credentials and when I enter the correct credentials, the restricted >> resource is displayed. >> >> However my question is why the browser is asking for credentials? Why >> isn't >> it accessing TGT Cache in the OS to fetch the user's credentials? >> >> I have enabled Integrated Windows Auth in IE Settings. I have added the >> site in Intranet Sites and set "Logon by Current User" in Custom Level >> setting for Intranet. >> >> >> > Hi. > > The real *key* to debugging such issues, is to use some plugin or add-on > to the browser, to enable the capture and visualisation of the HTTP dialog > back and forth between the browser and the server. > Since you are using IE, I suggest "Fiddler2". > Install it, close your browser, re-open the browser, start Fiddler2 in > capture mode, and then do an access to the webserver. When prompted for an > id/pw, enter them. > Then stop Fiddler2 and examine the HTTP exchanges, starting with your > initial request to the webserver. > > You are correct in thinking that, normally, the login should happen > automatically in the background, and you should never see this browser > login dialog. > WIA authentication is a multiple-step process between the browser and the > webserver, and in the background between the webserver and a Domain > Controller. > That the login dialog appears in your case, means : > 1) that the integrated WIA failed > 2) that the Domain is configured to allow HTTP Basic authentication in a > second step, after WIA fails. That is the login dialog that you see. > > So, something is not working as it should in the WIA step. > But to know exactly what, requires examining the HTTP exchanges. > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat access log - body of a request shows in the next request
In addition to Mark's answer: Please add the *exact* tomcat version number ("7" is not sufficient) that you're running (make sure it's not an old one - it's unnecessary to hunt down bugs if they're long fixed. Also, when you crosspost (http://serverfault.com/questions/761445/tomcat-access-log-body-of-a-request-shows-in-the-next-request. Elsewhere?), please mention this in all places, you're generating duplicate work or dangling unanswered threads in one or more places. More here: http://meta.stackexchange.com/questions/141823/why-is-cross-posting-wrong-on-an-external-site Olaf Am 04.03.2016 um 09:26 schrieb Mark Thomas: > On 03/03/2016 22:18, rails wrote: >> I have a weird behavior in my tomcat (7). >> >> An external app sends a bunch of DELETE requests with a body to my TomCat >> WebApp. >> The body is being neglected in the webapp (I dont know why the app sends >> it, the paramters the webapp needs are in the url). >> When the app sends about 20 request - a few are being ignored by the webApp. >> >> Looking at the Tomcat access logs I see the following strange thing. >> Right after the delete (line 2) The body of the delete is concatenated to >> the next request as a prefix(line 3). > You need to use something like Wireshark to confirm that the requests > being sent are spec compliant. If they are, you could have hit a Tomcat > bug and we'll need the simplest possible test case you can put put > together to demonstrate the issue. > > Mark > > >> Then I get 505. >> >> Below - line 3 contains a prefix before POST /rest/dogs/tag HTTP/1.1" 405 >> 1013. >> >> >> 172.31.13.77 - - [03/Mar/2016:14:08:43 +] "GET /rest/dogs/123 >> HTTP/1.1" 200 4095 >> 172.31.13.77 - - [03/Mar/2016:14:09:07 +] "DELETE /rest/dogs/123 >> HTTP/1.1" 200 63 >> 172.31.13.77 - - [03/Mar/2016:14:09:07 +] "{..HERE IS THE >> BODY(PayLoad) OF PREVIOUS DELETE.}POST /rest/dogs/tag HTTP/1.1" 405 1013 >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Stuck threads reading socket
On 04/03/2016 00:51, Woonsan Ko wrote: > I have tomcat instances (6.0.44) which are proxied by Apache 2.4.18 > (+mod_proxy). SSL enabled on Apache side. > One day it was not responding and observed that all the catalina-exec > threads (25 maxthreads at the moment) were stuck in reading socket in > the thread dumps like the following (increasing maxthreads to 128 > circumvented the issue for now, btw): > What would you recommend to find the root cause in this case? That looks like a common configuration error. Take a look at this: http://home.apache.org/~markt/presentations/2015-04-15-Tomcat-clustering-part-1-reverse-proxies.pdf Particularly slides 29 to 34. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat access log - body of a request shows in the next request
On 03/03/2016 22:18, rails wrote: > I have a weird behavior in my tomcat (7). > > An external app sends a bunch of DELETE requests with a body to my TomCat > WebApp. > The body is being neglected in the webapp (I dont know why the app sends > it, the paramters the webapp needs are in the url). > When the app sends about 20 request - a few are being ignored by the webApp. > > Looking at the Tomcat access logs I see the following strange thing. > Right after the delete (line 2) The body of the delete is concatenated to > the next request as a prefix(line 3). You need to use something like Wireshark to confirm that the requests being sent are spec compliant. If they are, you could have hit a Tomcat bug and we'll need the simplest possible test case you can put put together to demonstrate the issue. Mark > > Then I get 505. > > Below - line 3 contains a prefix before POST /rest/dogs/tag HTTP/1.1" 405 > 1013. > > > 172.31.13.77 - - [03/Mar/2016:14:08:43 +] "GET /rest/dogs/123 > HTTP/1.1" 200 4095 > 172.31.13.77 - - [03/Mar/2016:14:09:07 +] "DELETE /rest/dogs/123 > HTTP/1.1" 200 63 > 172.31.13.77 - - [03/Mar/2016:14:09:07 +] "{..HERE IS THE > BODY(PayLoad) OF PREVIOUS DELETE.}POST /rest/dogs/tag HTTP/1.1" 405 1013 > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org