Re: Connection pool in a clustered environment
Hi Chris, thanks for the explanations. I just completed a first dirty test and it is actually working fine. I believe I did something wrong on my first trial. I did put the distributable="true" attribute in the Context element of my context file in $CATALINA_BASE/conf/[[enginename]/[hostname]/mywebapp.xml instead of adding the empty element in $CATALINA_BASE/webapps/mywebapp/WEB-INF/web.xml. It seems the former is not working, at least with Tomcat 8.0.32 - Daniel Savard 2016-03-08 15:08 GMT-05:00 Christopher Schultz : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Daniel, > > On 3/8/16 2:27 PM, Daniel Savard wrote: >> I wonder how you handle a pool of connections (not necessarily to >> a database, think about something generic) in a clustered >> environement. > > Generally, there is nothing to be done, here. Each node is considered > completely separate with the exception of trading HttpSession informatio > n. > >> I defined a pool of connections in my application context and I >> did put it in the context with the setAttribute() method. Since >> each instance is doing this, what will happen when an instance is >> shutdown? > > I believe that no context-scoped data is sent between cluster nodes, > so ... nothing will happen. > >> These connections depend on the IP/protocol/port on both sides. >> So, since the instance is down, one party no longer exists. What >> is happening if a take over instance receives an incoming request >> which refers to one of these connections? >> >> Do I have to handle this in my code? Do I have to reinitialize the >> connection pool if such an event happen? > > If your application maintains its own connection pool, then you should > create it with each webapp start and destroy it with each webapp stop. > > I don't think there are any cluster-related issues, here. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlbfMTIACgkQ9CaO5/Lv0PCL5gCguI2eODlB+8Brz9gpjJZGGzpM > jD4An1Nag5xcNN+2vXKq7xpw6H8Gdhg/ > =Gx0w > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Modjk surfacing errno 115
If we're receiving an error 115, could this mean that any timeout is kind of irrelevant? The first attempt to create the socket immediately ends with this code. 100ms later, per retry_interval, the same error is immediately returned. The code at line 627 tests the return val from this line which creates the socket: ret = nb_connect(sd, (struct sockaddr *)addr, , l); The third argument is the timeout, which isn't even set. I see it's been corrected in version 1.2.41, using the var connect_timeout. Since its blank for us, could this have any effect? Here are the same log lines bu this time with their timestamp (apologies for not having this from the start): [Wed Feb 03 10:15:01.014 2016] [119069:3584969584] [info] jk_open_socket::jk_connect.c (627): connect to _hostip_port failed (errno=115) [Wed Feb 03 10:15:01.014 2016] [119069:3584969584] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket to (_hostip_port) (errno=115) [Wed Feb 03 10:15:01.014 2016] [119069:3584969584] [error] ajp_send_request::jk_ajp_common.c (1621): (_hostname_port) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115) [Wed Feb 03 10:15:01.014 2016] [119069:3584969584] [info] ajp_service::jk_ajp_common.c (2614): (_hostname_port) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1) [Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [info] jk_open_socket::jk_connect.c (627): connect to _hostip_port failed (errno=115) [Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): Failed opening socket to (_hostip_port) (errno=115) [Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [error] ajp_send_request::jk_ajp_common.c (1621): (_hostname_port) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115) [Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [info] ajp_service::jk_ajp_common.c (2614): (_hostname_port) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2) [Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [error] ajp_service::jk_ajp_common.c (2634): (_hostname_port) connecting to tomcat failed. [Wed Feb 03 10:15:01.115 2016] [119069:3584969584] [info] service::jk_lb_worker.c (1469): service failed, worker _hostname_port is in local error state We don't see this issue in any other environment, and we have several environments all running the same configuration. > This means 3 seconds connect timeout. So it seems either your network, an intermediary between > Apache and Tomcat, or Tomcat has a problem of allowing to establish a new connection in 3 seconds. > Although the connect is typically done by the backend OS, once the app/TC/JVM gets slow in accepting > new connections, the accept queue fills up and then new connects will fail. We've tried setting socket_connect_timeout to 1 (10s) with no affect, probably because our code ignore the timeout value as noted above. Do newer versions fix this, and would this help us here? I'm guessing if no timeout is passed then the call should waiting forever. We've conducted several tests with the netcat command, establishing connections to the AJP port from the Apache server with no errors or latency. While the problem is at its worst, while traffic is at it's highest, these tests connect immediately. > Did you check whether you observe long GC pauses for your Tomcat JVMs? There were no long pauses, I can see nothing abnormal here. GC behavior is consistent when problem is introduced to when it is at it's worst. Thread count in well below limits as well, no abnormal spikes. I'm trying to create a safe thread dump to send, but there is too much proprietary data still. Let me know if you'd like still this info if helpful, and I'll keep pruning it. On Fri, Mar 4, 2016 at 3:58 PM, Rainer Jung wrote: > Am 05.03.2016 um 00:09 schrieb Max Lynch: > >> Hi Rainer, I will do my best to provide those things. >> >> Here is what looks like the full sequence from the our log: >> >> [46055:3512666992] [info] jk_open_socket::jk_connect.c (627): connect to >> _ip_:12409 failed (errno=115) >> [46055:3512666992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): >> Failed opening socket to (_ip_:12409) (errno=115) >> [46055:3512666992] [error] ajp_send_request::jk_ajp_common.c (1621): >> (_hostname_) connecting to backend failed. Tomcat is probably not started >> or is listening on the wrong port (errno=115) >> [46055:3512666992] [info] ajp_service::jk_ajp_common.c (2614): >> (_hostname_) >> sending request to tomcat failed (recoverable), because of error during >> request sending (attempt=1) >> [46055:3512666992] [info] jk_open_socket::jk_connect.c (627): connect to >> _ip_:12409 failed (errno=115) >> [46055:3512666992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (992): >> Failed opening socket to (_ip_:12409) (errno=115) >
Re: NullPointerException in MemoryRealm after upgrading to Tomcat 8.0.32 from 7.0.26
Okay, so I checked out Tomcat 8.0.32 from source control. I then reverted MemoryRealm's authenticate method to how it was in 7.0.26 and built Tomcat and now my authentication works. This of course is not a solution, but it obviates most of my other questions. I guess the important question is: how do I set the CredentialHandler on the MemoryRealm? === --- MemoryRealm.java (revision 1734183) +++ MemoryRealm.java (working copy) @@ -115,16 +115,16 @@ GenericPrincipal principal = principals.get(username); -boolean validated; -if (principal == null) { -validated = false; -} else { -if (credentials == null || principal.getPassword() == null) { -if (log.isDebugEnabled()) - log.debug(sm.getString("memoryRealm.authenticateFailure", username)); -return (null); +boolean validated = false; +if (principal != null && credentials != null) { +if (hasMessageDigest()) { +// Hex hashes should be compared case-insensitive +validated = (digest(credentials) + .equalsIgnoreCase(principal.getPassword())); +} else { +validated = +(digest(credentials).equals(principal.getPassword())); } -validated = getCredentialHandler().matches(credentials, principal.getPassword()); } if (validated) { On Tue, Mar 8, 2016 at 3:43 PM, Jason Overland wrote: > Hi, I'm upgrading an existing Vaadin 6 application from Tomcat 7.0.26 > to Tomcat 8.0.32 and have some questions. I'm using Windows 7 and > debugging in Eclipse. > > For authentication our configuration is using a MemoryRealm with > digest="SHA". We are storing usernames and passwords in a > tomcat-users.xml file. We are using a jaas.config which specifies to > use a org.apache.catalina.realm.JAASMemoryLoginModule. We have our > own implementation of a CallbackModule. For the upgrade I have added > a CredentialHandler node inside our Realm as suggested in the > documentation. > > server.xml: > > > > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > name="UserDatabase" pathname="conf/tomcat-users.xml" > type="org.apache.catalina.UserDatabase"/> > > > ... > > > className="org.apache.catalina.realm.MessageDigestCredentialHandler"/> > > > > jaas.config: > /** JAAS Login Configuration for the Application **/ > > JAASTomcat { >org.apache.catalina.realm.JAASMemoryLoginModule required debug=true; > }; > > our LoginController: > > callbackHandler = new LoginFormCallBackHandler(user); > tomcatLoginContext = new LoginContext("JAASTomcat", callbackHandler); > ... > tomcatLoginContext.login(); > > > our CallbackHandler: > public class LoginFormCallBackHandler implements CallbackHandler, > Serializable { > > private static final long serialVersionUID = 1L; > private LoginEvent logins = null; > private User user; > public LoginFormCallBackHandler(User user) > { > this.user = user; > } > > public void setLogins(LoginEvent loginEvent) { > logins = loginEvent; > } > > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > boolean gotName = false; > for (int i = 0; i < callbacks.length; i++) { > if (callbacks[i] instanceof NameCallback) { > // get the username from the loginform event > NameCallback nc = (NameCallback) callbacks[i]; > > nc.setName(logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_USERNAME)); > user.username = nc.getName(); > gotName = true; > } else if (callbacks[i] instanceof TextInputCallback) { > TextInputCallback cb = (TextInputCallback) callbacks[i]; > if (cb.getPrompt().equals("catalinaBase")) { > cb.setText(System.getenv("CATALINA_BASE");); > } > } else if (callbacks[i] instanceof PasswordCallback) { > // get the password from the loginform event > PasswordCallback pc = (PasswordCallback) callbacks[i]; > try { > MessageDigest md = MessageDigest.getInstance("SHA"); > > md.update(logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_PASSWORD).getBytes()); > user.password = String.format("%x", new > BigInteger(1, md.digest())); > } > catch (NoSuchAlgorithmException nsae) > { > user.password = > logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_PASSWORD); > } > pc.setPassword(user.password.toCharArray()); > } else { > System.out.println("Unrecognized Callback: " + callbacks[i]); > } > } > if (gotNa
NullPointerException in MemoryRealm after upgrading to Tomcat 8.0.32 from 7.0.26
Hi, I'm upgrading an existing Vaadin 6 application from Tomcat 7.0.26 to Tomcat 8.0.32 and have some questions. I'm using Windows 7 and debugging in Eclipse. For authentication our configuration is using a MemoryRealm with digest="SHA". We are storing usernames and passwords in a tomcat-users.xml file. We are using a jaas.config which specifies to use a org.apache.catalina.realm.JAASMemoryLoginModule. We have our own implementation of a CallbackModule. For the upgrade I have added a CredentialHandler node inside our Realm as suggested in the documentation. server.xml: ... jaas.config: /** JAAS Login Configuration for the Application **/ JAASTomcat { org.apache.catalina.realm.JAASMemoryLoginModule required debug=true; }; our LoginController: callbackHandler = new LoginFormCallBackHandler(user); tomcatLoginContext = new LoginContext("JAASTomcat", callbackHandler); ... tomcatLoginContext.login(); our CallbackHandler: public class LoginFormCallBackHandler implements CallbackHandler, Serializable { private static final long serialVersionUID = 1L; private LoginEvent logins = null; private User user; public LoginFormCallBackHandler(User user) { this.user = user; } public void setLogins(LoginEvent loginEvent) { logins = loginEvent; } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { boolean gotName = false; for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { // get the username from the loginform event NameCallback nc = (NameCallback) callbacks[i]; nc.setName(logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_USERNAME)); user.username = nc.getName(); gotName = true; } else if (callbacks[i] instanceof TextInputCallback) { TextInputCallback cb = (TextInputCallback) callbacks[i]; if (cb.getPrompt().equals("catalinaBase")) { cb.setText(System.getenv("CATALINA_BASE");); } } else if (callbacks[i] instanceof PasswordCallback) { // get the password from the loginform event PasswordCallback pc = (PasswordCallback) callbacks[i]; try { MessageDigest md = MessageDigest.getInstance("SHA"); md.update(logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_PASSWORD).getBytes()); user.password = String.format("%x", new BigInteger(1, md.digest())); } catch (NoSuchAlgorithmException nsae) { user.password = logins.getLoginParameter(LoginView.LOGINFORM_PARAMETER_PASSWORD); } pc.setPassword(user.password.toCharArray()); } else { System.out.println("Unrecognized Callback: " + callbacks[i]); } } if (gotName) logins = null; } } This all worked in Tomcat 7 but unfortunately isn't working in Tomcat 8. I was getting "WARNING: Unable to determine Catalina base to load file conf/tomcat-users.xml" and so I had to start responding to TextInputCallback "catalinaBase" as required by the new getCatalinaBase method on JAASMemoryLoginModule. I got past that and now I'm getting a NullPointerException: Authentication failed: java.lang.NullPointerException at org.apache.catalina.realm.MemoryRealm.authenticate(MemoryRealm.java:127) at org.apache.catalina.realm.JAASMemoryLoginModule.login(JAASMemoryLoginModule.java:288) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at com.lizardtech.es.adminui.vaadin.jaas.LoginController.onLogin(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.vaadin.event.ListenerMethod.receiveEvent(ListenerMethod.java:510) at com.vaadin.event.EventRouter.fireEvent(EventRouter.java:164) at com.vaadin.ui.AbstractComponent.fireEvent(AbstractComponent.java:1219) at com.vaadin.ui.LoginForm$2.handleParameters(LoginForm.java:103) at com.vaadin.ui.Window.handleParameters(Window.
Re: Mapping servlet to non English url pattern
Yuval, On 3/8/2016 2:35 PM, Yuval Schwartz wrote: > On Tue, Mar 8, 2016 at 10:53 PM, Mark Thomas wrote: > >> On 08/03/2016 20:20, Christopher Schultz wrote: >>> Yuval, >>> >>> On 3/8/16 12:38 PM, Yuval Schwartz wrote: Hello Christopher, thanks, responses below. >>> On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: >>> Yuval, >>> On 3/8/16 3:14 AM, Yuval Schwartz wrote: >>> Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux >>> >>> Hello, >>> >>> I want to map my servlet to a Hebrew url pattern. >>> Hmm. >>> >>> I tried placing the hebrew url pattern both in the >>> "@webservlet" annotation (urlpatterns attribute) and in the >>> the web.xml file. In both cases it doesn't work, it's as if >>> there's nothing mapped to the url specified. >>> >>> I though to specify the URIEncoding parameter of the >>> connector but saw that this defaults to "utf-8" in tomcat 8. >>> Yes, it does. >>> So you are trying to set the url-pattern for a servlet mapping? >>> When you do it -- either using @WebServlet or -- can you connect via JMX to observe the pattern that's been read into the configuration? First, I'd want to make sure that the Hebrew characters haven't been destroyed by the loading process of the XML file or by the compiler, or even by Tomcat. >>> >>> > Can you give me some direction on how I would do this? Maybe a > little more detail on jmx? There could be encoding/decoding going > on in the browser (firefox) and in all the elements you mentioned > on the server side. Any way to see the final String that the > server is using to match the Url pattern? >>> >>> Yeah, that's why I was suggesting using JMX, since Tomcat exposes all >>> the configuration through it. >>> >>> Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool >>> that contains a JMX client... both jconsole and VisualVM require that >>> you go to the "plug-ins" configuration and install an >>> easy-to-find-and-install plug-in for JMX) on the same machine (it's >>> easiest this way). >>> >>> (I just checked, and VisualVM calls the plug-in >>> "VisualVM-MBeans".)visualvisual >>> >>> Then, connect to the Tomcat instance and go to the BMeans tab. >>> >>> You'll find your servlet under /Catalina/Servlet/host/context/[servlet]. >>> .. >>> >>> >>> Aw, crap. The mappings themselves aren't actually published via JMX. Hmm >> >> Yes they are. >> >> You need to look at the operations. findMappings() will list them. >> > > I did this and it worked: > The english patterns show up fine, as expected. > The hebrew pattern shows up as a bunch of question marks (eg: > -?-) > The URLEncoded pattern shows up as wierd symbols (eg: diamond shape, tm > symbol). > > Could this be something in my IDE (Netbeans) settings? The logs for > example, display hebrew characters as question marks. Although my project > encoding is set as UTF-8. > > Thanks. > > > >> >> Mark Are you developing on Windows? (ah, you are) If so, could you check how you launch NetBeans? My netbeans.conf file contains this on the netbeans_default_options line: -J-Dfile.encoding=UTF-8 Also, if you're using Maven with NetBeans, UTF-8 has to be set there as well. My projects contain the following in pom.xml: UTF-8 If you have cygwin installed on Windows, you can use the following: file -bi [filename] will tell you the encoding and mime-type. iconv will help you convert from us-ascii to UTF-8. The syntax is: iconv -f [from-encoding] -t [to-encoding] [input-file] > output-file I suspect there are native Windows tools to do this, but I'd have to wander about and find them. Notepad will tell you when you open a file what encoding the file is. You could then do a "save as" and select the correct encoding. Sadly, NetBeans does not have a plugin to do this. . . . just my two cents /mde/ signature.asc Description: OpenPGP digital signature
Re: Mapping servlet to non English url pattern
Sorry, I should also say, I specified in the beginning that I am using Amazon linux AMI but that is my production server. Right now, I'm testing in my development environment and this is on a windows system. All the rest of the versions I mentioned are the same. Could it be something with the Windows system that is not handling utf8 correctly? On Wed, Mar 9, 2016 at 12:35 AM, Yuval Schwartz wrote: > > > On Tue, Mar 8, 2016 at 10:53 PM, Mark Thomas wrote: > >> On 08/03/2016 20:20, Christopher Schultz wrote: >> > Yuval, >> > >> > On 3/8/16 12:38 PM, Yuval Schwartz wrote: >> >> Hello Christopher, thanks, responses below. >> > >> >> On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < >> >> ch...@christopherschultz.net> wrote: >> > >> >> Yuval, >> > >> >> On 3/8/16 3:14 AM, Yuval Schwartz wrote: >> > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux >> > >> > Hello, >> > >> > I want to map my servlet to a Hebrew url pattern. >> > >> >> Hmm. >> > >> > I tried placing the hebrew url pattern both in the >> > "@webservlet" annotation (urlpatterns attribute) and in the >> > the web.xml file. In both cases it doesn't work, it's as if >> > there's nothing mapped to the url specified. >> > >> > I though to specify the URIEncoding parameter of the >> > connector but saw that this defaults to "utf-8" in tomcat 8. >> > >> >> Yes, it does. >> > >> >> So you are trying to set the url-pattern for a servlet mapping? >> > >> >> When you do it -- either using @WebServlet or -- >> >> can you connect via JMX to observe the pattern that's been read >> >> into the configuration? First, I'd want to make sure that the >> >> Hebrew characters haven't been destroyed by the loading process of >> >> the XML file or by the compiler, or even by Tomcat. >> > >> > >> >>> Can you give me some direction on how I would do this? Maybe a >> >>> little more detail on jmx? There could be encoding/decoding going >> >>> on in the browser (firefox) and in all the elements you mentioned >> >>> on the server side. Any way to see the final String that the >> >>> server is using to match the Url pattern? >> > >> > Yeah, that's why I was suggesting using JMX, since Tomcat exposes all >> > the configuration through it. >> > >> > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool >> > that contains a JMX client... both jconsole and VisualVM require that >> > you go to the "plug-ins" configuration and install an >> > easy-to-find-and-install plug-in for JMX) on the same machine (it's >> > easiest this way). >> > >> > (I just checked, and VisualVM calls the plug-in >> > "VisualVM-MBeans".)visualvisual >> > >> > Then, connect to the Tomcat instance and go to the BMeans tab. >> > >> > You'll find your servlet under /Catalina/Servlet/host/context/[servlet]. >> > .. >> > >> > >> > Aw, crap. The mappings themselves aren't actually published via JMX. Hmm >> >> Yes they are. >> >> You need to look at the operations. findMappings() will list them. >> > > I did this and it worked: > The english patterns show up fine, as expected. > The hebrew pattern shows up as a bunch of question marks (eg: > -?-) > The URLEncoded pattern shows up as wierd symbols (eg: diamond shape, tm > symbol). > > Could this be something in my IDE (Netbeans) settings? The logs for > example, display hebrew characters as question marks. Although my project > encoding is set as UTF-8. > > Thanks. > > > >> >> Mark >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
Re: Question about your recent security (CVE-2015-5345) fix in 7.0.68 build
Thanks Chris for the reply. Looks like my understanding of the fix is incorrect. I assumed (my bad) that, with the fix for this CVE in place (tomcat 7.0.68) + setting the additional context attribute (mapperContextRootRedirectEnabled="false"), all the redirects for that webapp where context attribute was set, will completely be disabled. You mentioned that only "protected directories" inside the deployed web application is covered in this CVE fix. Can you please help me understand what this protected directories are & how to configure this in tomcat ? regards Harish Krishnan On Tue, Mar 8, 2016 at 7:59 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Harish, > > On 3/7/16 6:02 PM, Harish Krishnan wrote: > > Unfortunately, i still could not verify this vulnerability as it > > still appears not fixed & my requests get redirected. > > What makes you think that the requests should not be redirected? > > > Instead of using the manager webapp that comes default in tomcat, > > we created a sample webapp with the following security constraint > > - > > hello.html > > > > sercure-hello > > /* > > > > NONE > > > > > > Accessing http://localhost:8080/a (which exist) gets redirected to > > http://localhost:8080/a/ & then get 404. Accessing > > http://localhost:8080/b (does not exist) simply gets 404. > > Where did you deploy this sample web application? > > > I have set the context attribute (mapperContextRootRedirectEnabled) > > as well - > antiResourceLocking="false" privileged="true"> > > > > My question simply boils down to, What additional setting i need to > > do for the above redirect to NOT happen. > > Which redirect? A redirect for a protected directory inside of a > deployed web application (which is what this CVE covers) or the > redirect for a deployed web application (which is not what this CVE > covers)? > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlbe9twACgkQ9CaO5/Lv0PBaqQCeMMYqM8+hPnekw1NM8I5NNa0J > uaQAn2Kp35FIKikIFfZdlao4Un1NCNGe > =/uiq > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Mapping servlet to non English url pattern
On Tue, Mar 8, 2016 at 10:53 PM, Mark Thomas wrote: > On 08/03/2016 20:20, Christopher Schultz wrote: > > Yuval, > > > > On 3/8/16 12:38 PM, Yuval Schwartz wrote: > >> Hello Christopher, thanks, responses below. > > > >> On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < > >> ch...@christopherschultz.net> wrote: > > > >> Yuval, > > > >> On 3/8/16 3:14 AM, Yuval Schwartz wrote: > > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux > > > > Hello, > > > > I want to map my servlet to a Hebrew url pattern. > > > >> Hmm. > > > > I tried placing the hebrew url pattern both in the > > "@webservlet" annotation (urlpatterns attribute) and in the > > the web.xml file. In both cases it doesn't work, it's as if > > there's nothing mapped to the url specified. > > > > I though to specify the URIEncoding parameter of the > > connector but saw that this defaults to "utf-8" in tomcat 8. > > > >> Yes, it does. > > > >> So you are trying to set the url-pattern for a servlet mapping? > > > >> When you do it -- either using @WebServlet or -- > >> can you connect via JMX to observe the pattern that's been read > >> into the configuration? First, I'd want to make sure that the > >> Hebrew characters haven't been destroyed by the loading process of > >> the XML file or by the compiler, or even by Tomcat. > > > > > >>> Can you give me some direction on how I would do this? Maybe a > >>> little more detail on jmx? There could be encoding/decoding going > >>> on in the browser (firefox) and in all the elements you mentioned > >>> on the server side. Any way to see the final String that the > >>> server is using to match the Url pattern? > > > > Yeah, that's why I was suggesting using JMX, since Tomcat exposes all > > the configuration through it. > > > > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool > > that contains a JMX client... both jconsole and VisualVM require that > > you go to the "plug-ins" configuration and install an > > easy-to-find-and-install plug-in for JMX) on the same machine (it's > > easiest this way). > > > > (I just checked, and VisualVM calls the plug-in > > "VisualVM-MBeans".)visualvisual > > > > Then, connect to the Tomcat instance and go to the BMeans tab. > > > > You'll find your servlet under /Catalina/Servlet/host/context/[servlet]. > > .. > > > > > > Aw, crap. The mappings themselves aren't actually published via JMX. Hmm > > Yes they are. > > You need to look at the operations. findMappings() will list them. > I did this and it worked: The english patterns show up fine, as expected. The hebrew pattern shows up as a bunch of question marks (eg: -?-) The URLEncoded pattern shows up as wierd symbols (eg: diamond shape, tm symbol). Could this be something in my IDE (Netbeans) settings? The logs for example, display hebrew characters as question marks. Although my project encoding is set as UTF-8. Thanks. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: Advice on Cluster in one machine
> From: Edwin Quijada [mailto:listas_quij...@hotmail.com] > Subject: Re: Advice on Cluster in one machine > Daniel, can you give the idea to do a parallel > deployment approach? What tools I need ? No tools, other than possibly changes to your build script. The doc is here: http://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Parallel_deployment - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mapping servlet to non English url pattern
On Tue, Mar 8, 2016 at 10:55 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Yuval, > > On 3/8/16 3:47 PM, Yuval Schwartz wrote: > > On Tue, Mar 8, 2016 at 10:20 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Yuval, > > > > On 3/8/16 12:38 PM, Yuval Schwartz wrote: > Hello Christopher, thanks, responses below. > > On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Yuval, > > On 3/8/16 3:14 AM, Yuval Schwartz wrote: > >>> Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon > >>> Linux > >>> > >>> Hello, > >>> > >>> I want to map my servlet to a Hebrew url pattern. > > Hmm. > > >>> I tried placing the hebrew url pattern both in the > >>> "@webservlet" annotation (urlpatterns attribute) and in > >>> the the web.xml file. In both cases it doesn't work, > >>> it's as if there's nothing mapped to the url > >>> specified. > >>> > >>> I though to specify the URIEncoding parameter of the > >>> connector but saw that this defaults to "utf-8" in > >>> tomcat 8. > > Yes, it does. > > So you are trying to set the url-pattern for a servlet > mapping? > > When you do it -- either using @WebServlet or > -- can you connect via JMX to observe the > pattern that's been read into the configuration? First, I'd > want to make sure that the Hebrew characters haven't been > destroyed by the loading process of the XML file or by the > compiler, or even by Tomcat. > > > > Can you give me some direction on how I would do this? > > Maybe a little more detail on jmx? There could be > > encoding/decoding going on in the browser (firefox) and in > > all the elements you mentioned on the server side. Any way > > to see the final String that the server is using to match > > the Url pattern? > > > > Yeah, that's why I was suggesting using JMX, since Tomcat exposes > > all the configuration through it. > > > > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other > > tool that contains a JMX client... both jconsole and VisualVM > > require that you go to the "plug-ins" configuration and install an > > easy-to-find-and-install plug-in for JMX) on the same machine > > (it's easiest this way). > > > > (I just checked, and VisualVM calls the plug-in > > "VisualVM-MBeans".)visualvisual > > > > Then, connect to the Tomcat instance and go to the BMeans tab. > > > > You'll find your servlet under > > /Catalina/Servlet/host/context/[servlet]. .. > > > > > > Aw, crap. The mappings themselves aren't actually published via > > JMX. Hmm . > > > > I've done a lot of guessing and checking. For example, I > > used the URLEncoder to get the encoded form of my urls and > > put that in the url pattern. > > > > Good. So you have some set of Unicode escapes like \u0fe64 or > > whatever in the url-pattern string in your annotation? > > > > > >> No, I don't have any unicode escapes. I have (for the purpose of > >> testing) two strings, one is the string with the utf-8 > >> characters, the other is an encoded form of the url (which is > >> encoded into a series of "%" followed by two English letters). Do > >> you recommend having something else here? > > Can you copy/paste your @WebServlet annotation into your next post? I > think that will clear things up. > @WebServlet(name="SomeServlet", urlPatterns={"/help/why-no-work", "/iw/help/למה-לא-עובד", "/iw/help/%D7%9C%D7%9E%D7%94-%D7%9C%D7%90-%D7%A2%D7%95%D7%91%D7%93"} (the last pattern is the same as the second to last, just encoded) I will try the other stuff suggested and get back to you. > > >> Some more info: I placed a filter on pattern "/*". When my > >> request with the UTF-8 url comes in, I call > >> httpRequest.getServletPath() and httpRequest.getRequestURI(). As > >> expected, I get the UTF-8 version of the servlet path (ie: > >> decoded) and the ASCII request URI (ie: encoded) respectively. > > Good idea. So, does your application get what you expected in the > String servlet path? > > >> This means that the request is reaching my server. It's the next > >> step, the step where the servlet path is mapped to my specified > >> url pattern, that I want to explore. But I don't know how to > >> explore this. Where can I control how the url pattern is matched > >> with the incoming url? > > You can't, other than following the rules of the servlet spec. Since > you can get a Filter in the mix, try mapping the filter to "/smaller" > where "smaller" is something narrower than "*" that gets you closer to > what you were trying to accomplish. For instance, if you are trying to > map to /עברית, then try mapping your filter to /ת* or something like > that. (I have no idea what the left-to-right rules are for > string-matching, etc. since Hebrew s
Re: Advice on Cluster in one machine
Daniel, can you give the idea to do a parallel deployment approach? What tools I need ? From: Daniel Savard Sent: Tuesday, March 8, 2016 7:20 PM To: Tomcat Users List Subject: Re: Advice on Cluster in one machine On the zero downtime deployments side, I would prefer a parallel deployment approach. You can deploy a new version within the same instance and have zero downtime as well without building a cluster. I haven't experiment yet with this, but it is something I am looking forward to test in short term. - Daniel Savard 2016-03-08 10:48 GMT-05:00 Christopher Schultz : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Edwin, > > On 3/8/16 8:19 AM, Edwin Quijada wrote: >> I am new using Tomcat so I have a question about performance. I >> have installed a cluster with 2 tomcats and apache webserver like >> proxy in front of Tomcat cluster but this whole thing is in one >> server, somebody tell me that is not useful beacuse is in the same >> server that is better give more resources to one tomcat and not >> split the resources in two. > > Performance-wise, your friend is right: a two-node cluster on one > machine is going to use more resources than a single node on that machin > e. > > However, running two cluster nodes on a single server isn't a > completely stupid idea. If you want to have zero-downtime deployments, > you can take one node down, upgrade it, then switch. So there's value > there. As for fault-tolerance, the single point of failure is the > whole machine: if that server isn't available, no services are available > . > > That's why people usually have a hardware load balancer (fairly > simple, fairly reliable) and several web/app servers, just in case one > of them fails. If one node fails, the service is still available. > >> Somebody here can give any advice about this configuration what do >> you think about this ? In this server I have websockets in cluster >> and I am having problems with websockets in cluster > > Clustering and websockets have little to do with one another, since > the connection goes to one node and the cluster really just manages > things like sessions (which are orthogonal to connections, protocols, > etc.). > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlbe9DcACgkQ9CaO5/Lv0PCvSACeP5LxHVddVmygYBSDCMy/bzyI > kcsAoMRRZOREaWubUGJFrviRSx/cVAUK > =1OIe > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mapping servlet to non English url pattern
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 3/8/16 3:47 PM, Yuval Schwartz wrote: > On Tue, Mar 8, 2016 at 10:20 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Yuval, > > On 3/8/16 12:38 PM, Yuval Schwartz wrote: Hello Christopher, thanks, responses below. On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: Yuval, On 3/8/16 3:14 AM, Yuval Schwartz wrote: >>> Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon >>> Linux >>> >>> Hello, >>> >>> I want to map my servlet to a Hebrew url pattern. Hmm. >>> I tried placing the hebrew url pattern both in the >>> "@webservlet" annotation (urlpatterns attribute) and in >>> the the web.xml file. In both cases it doesn't work, >>> it's as if there's nothing mapped to the url >>> specified. >>> >>> I though to specify the URIEncoding parameter of the >>> connector but saw that this defaults to "utf-8" in >>> tomcat 8. Yes, it does. So you are trying to set the url-pattern for a servlet mapping? When you do it -- either using @WebServlet or -- can you connect via JMX to observe the pattern that's been read into the configuration? First, I'd want to make sure that the Hebrew characters haven't been destroyed by the loading process of the XML file or by the compiler, or even by Tomcat. > Can you give me some direction on how I would do this? > Maybe a little more detail on jmx? There could be > encoding/decoding going on in the browser (firefox) and in > all the elements you mentioned on the server side. Any way > to see the final String that the server is using to match > the Url pattern? > > Yeah, that's why I was suggesting using JMX, since Tomcat exposes > all the configuration through it. > > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other > tool that contains a JMX client... both jconsole and VisualVM > require that you go to the "plug-ins" configuration and install an > easy-to-find-and-install plug-in for JMX) on the same machine > (it's easiest this way). > > (I just checked, and VisualVM calls the plug-in > "VisualVM-MBeans".)visualvisual > > Then, connect to the Tomcat instance and go to the BMeans tab. > > You'll find your servlet under > /Catalina/Servlet/host/context/[servlet]. .. > > > Aw, crap. The mappings themselves aren't actually published via > JMX. Hmm . > > I've done a lot of guessing and checking. For example, I > used the URLEncoder to get the encoded form of my urls and > put that in the url pattern. > > Good. So you have some set of Unicode escapes like \u0fe64 or > whatever in the url-pattern string in your annotation? > > >> No, I don't have any unicode escapes. I have (for the purpose of >> testing) two strings, one is the string with the utf-8 >> characters, the other is an encoded form of the url (which is >> encoded into a series of "%" followed by two English letters). Do >> you recommend having something else here? Can you copy/paste your @WebServlet annotation into your next post? I think that will clear things up. >> Some more info: I placed a filter on pattern "/*". When my >> request with the UTF-8 url comes in, I call >> httpRequest.getServletPath() and httpRequest.getRequestURI(). As >> expected, I get the UTF-8 version of the servlet path (ie: >> decoded) and the ASCII request URI (ie: encoded) respectively. Good idea. So, does your application get what you expected in the String servlet path? >> This means that the request is reaching my server. It's the next >> step, the step where the servlet path is mapped to my specified >> url pattern, that I want to explore. But I don't know how to >> explore this. Where can I control how the url pattern is matched >> with the incoming url? You can't, other than following the rules of the servlet spec. Since you can get a Filter in the mix, try mapping the filter to "/smaller" where "smaller" is something narrower than "*" that gets you closer to what you were trying to accomplish. For instance, if you are trying to map to /עברית, then try mapping your filter to /ת* or something like that. (I have no idea what the left-to-right rules are for string-matching, etc. since Hebrew should be right-to-left, but prefix-matching is usually written in a left-to-right fashion). >> Although I can only conceive two options for how the incoming url >> is matched with the url pattern and I've tried both (either the >> UTF-8 version of the request url is matched against the pattern >> or the encoded version is matched against the pattern). Tomcat is doing a left-to-right pattern-match, character-by-character, as long as there wasn't an exact-match that was found (which would have been done roughly using String.equals, though in Tomcat it's working with characte
Re: Mapping servlet to non English url pattern
On 08/03/2016 20:20, Christopher Schultz wrote: > Yuval, > > On 3/8/16 12:38 PM, Yuval Schwartz wrote: >> Hello Christopher, thanks, responses below. > >> On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < >> ch...@christopherschultz.net> wrote: > >> Yuval, > >> On 3/8/16 3:14 AM, Yuval Schwartz wrote: > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux > > Hello, > > I want to map my servlet to a Hebrew url pattern. > >> Hmm. > > I tried placing the hebrew url pattern both in the > "@webservlet" annotation (urlpatterns attribute) and in the > the web.xml file. In both cases it doesn't work, it's as if > there's nothing mapped to the url specified. > > I though to specify the URIEncoding parameter of the > connector but saw that this defaults to "utf-8" in tomcat 8. > >> Yes, it does. > >> So you are trying to set the url-pattern for a servlet mapping? > >> When you do it -- either using @WebServlet or -- >> can you connect via JMX to observe the pattern that's been read >> into the configuration? First, I'd want to make sure that the >> Hebrew characters haven't been destroyed by the loading process of >> the XML file or by the compiler, or even by Tomcat. > > >>> Can you give me some direction on how I would do this? Maybe a >>> little more detail on jmx? There could be encoding/decoding going >>> on in the browser (firefox) and in all the elements you mentioned >>> on the server side. Any way to see the final String that the >>> server is using to match the Url pattern? > > Yeah, that's why I was suggesting using JMX, since Tomcat exposes all > the configuration through it. > > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool > that contains a JMX client... both jconsole and VisualVM require that > you go to the "plug-ins" configuration and install an > easy-to-find-and-install plug-in for JMX) on the same machine (it's > easiest this way). > > (I just checked, and VisualVM calls the plug-in > "VisualVM-MBeans".)visualvisual > > Then, connect to the Tomcat instance and go to the BMeans tab. > > You'll find your servlet under /Catalina/Servlet/host/context/[servlet]. > .. > > > Aw, crap. The mappings themselves aren't actually published via JMX. Hmm Yes they are. You need to look at the operations. findMappings() will list them. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mapping servlet to non English url pattern
Thanks again, see below... On Tue, Mar 8, 2016 at 10:20 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Yuval, > > On 3/8/16 12:38 PM, Yuval Schwartz wrote: > > Hello Christopher, thanks, responses below. > > > > On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Yuval, > > > > On 3/8/16 3:14 AM, Yuval Schwartz wrote: > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux > > Hello, > > I want to map my servlet to a Hebrew url pattern. > > > > Hmm. > > > I tried placing the hebrew url pattern both in the > "@webservlet" annotation (urlpatterns attribute) and in the > the web.xml file. In both cases it doesn't work, it's as if > there's nothing mapped to the url specified. > > I though to specify the URIEncoding parameter of the > connector but saw that this defaults to "utf-8" in tomcat 8. > > > > Yes, it does. > > > > So you are trying to set the url-pattern for a servlet mapping? > > > > When you do it -- either using @WebServlet or -- > > can you connect via JMX to observe the pattern that's been read > > into the configuration? First, I'd want to make sure that the > > Hebrew characters haven't been destroyed by the loading process of > > the XML file or by the compiler, or even by Tomcat. > > > > > >> Can you give me some direction on how I would do this? Maybe a > >> little more detail on jmx? There could be encoding/decoding going > >> on in the browser (firefox) and in all the elements you mentioned > >> on the server side. Any way to see the final String that the > >> server is using to match the Url pattern? > > Yeah, that's why I was suggesting using JMX, since Tomcat exposes all > the configuration through it. > > Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool > that contains a JMX client... both jconsole and VisualVM require that > you go to the "plug-ins" configuration and install an > easy-to-find-and-install plug-in for JMX) on the same machine (it's > easiest this way). > > (I just checked, and VisualVM calls the plug-in > "VisualVM-MBeans".)visualvisual > > Then, connect to the Tomcat instance and go to the BMeans tab. > > You'll find your servlet under /Catalina/Servlet/host/context/[servlet]. > .. > > > Aw, crap. The mappings themselves aren't actually published via JMX. Hmm > . > > >> I've done a lot of guessing and checking. For example, I used > >> the URLEncoder to get the encoded form of my urls and put that in > >> the url pattern. > > Good. So you have some set of Unicode escapes like \u0fe64 or whatever > in the url-pattern string in your annotation? > No, I don't have any unicode escapes. I have (for the purpose of testing) two strings, one is the string with the utf-8 characters, the other is an encoded form of the url (which is encoded into a series of "%" followed by two English letters). Do you recommend having something else here? Some more info: I placed a filter on pattern "/*". When my request with the UTF-8 url comes in, I call httpRequest.getServletPath() and httpRequest.getRequestURI(). As expected, I get the UTF-8 version of the servlet path (ie: decoded) and the ASCII request URI (ie: encoded) respectively. This means that the request is reaching my server. It's the next step, the step where the servlet path is mapped to my specified url pattern, that I want to explore. But I don't know how to explore this. Where can I control how the url pattern is matched with the incoming url? Although I can only conceive two options for how the incoming url is matched with the url pattern and I've tried both (either the UTF-8 version of the request url is matched against the pattern or the encoded version is matched against the pattern). > > >> Therefore, the xml loading process/compiler/tomcat/netbeans > >> shouldn't do anything to change it (in the case where I encode > >> the pattern), but the servlet still isn't found. > > Well, if you use annotations, the XML shouldn't be a problem at all, > of course. But you said you were having problems using the > web.xml-based configuration, too, right? > > When you type the URL into your browser, are you just typing the > Hebrew right into the browser, or have you UTF/URL-escaped it first > and then copy/pasted it into the browser (or, better yet, provide a > link from another page that isn't giving you any problems). > I load the url into the href attribute of an "a" tag. I have tried placing the regular hebrew into the attribute as well as placing the encoded form of the hebrew (ie: /package/[some hebrew] & /package/%D7%99%D7... respectively). The latter is how wikipedia does it, inspect the elements to see for yourself ( https://he.wikipedia.org/wiki/%D7%9E%D7%9C%D7%97%D7%9E%D7%AA_%D7%94%D7%A2%D7%A6%D7%9E%D7%90%D7%95%D7%AA) (...the browser automatically encodes the link when I copy it :) > > You might want to make s
Re: Mapping servlet to non English url pattern
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 3/8/16 12:38 PM, Yuval Schwartz wrote: > Hello Christopher, thanks, responses below. > > On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Yuval, > > On 3/8/16 3:14 AM, Yuval Schwartz wrote: Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux Hello, I want to map my servlet to a Hebrew url pattern. > > Hmm. > I tried placing the hebrew url pattern both in the "@webservlet" annotation (urlpatterns attribute) and in the the web.xml file. In both cases it doesn't work, it's as if there's nothing mapped to the url specified. I though to specify the URIEncoding parameter of the connector but saw that this defaults to "utf-8" in tomcat 8. > > Yes, it does. > > So you are trying to set the url-pattern for a servlet mapping? > > When you do it -- either using @WebServlet or -- > can you connect via JMX to observe the pattern that's been read > into the configuration? First, I'd want to make sure that the > Hebrew characters haven't been destroyed by the loading process of > the XML file or by the compiler, or even by Tomcat. > > >> Can you give me some direction on how I would do this? Maybe a >> little more detail on jmx? There could be encoding/decoding going >> on in the browser (firefox) and in all the elements you mentioned >> on the server side. Any way to see the final String that the >> server is using to match the Url pattern? Yeah, that's why I was suggesting using JMX, since Tomcat exposes all the configuration through it. Launch Tomcat, then fire-up jconsole (or VisualVM, or any other tool that contains a JMX client... both jconsole and VisualVM require that you go to the "plug-ins" configuration and install an easy-to-find-and-install plug-in for JMX) on the same machine (it's easiest this way). (I just checked, and VisualVM calls the plug-in "VisualVM-MBeans".)visualvisual Then, connect to the Tomcat instance and go to the BMeans tab. You'll find your servlet under /Catalina/Servlet/host/context/[servlet]. .. Aw, crap. The mappings themselves aren't actually published via JMX. Hmm . >> I've done a lot of guessing and checking. For example, I used >> the URLEncoder to get the encoded form of my urls and put that in >> the url pattern. Good. So you have some set of Unicode escapes like \u0fe64 or whatever in the url-pattern string in your annotation? >> Therefore, the xml loading process/compiler/tomcat/netbeans >> shouldn't do anything to change it (in the case where I encode >> the pattern), but the servlet still isn't found. Well, if you use annotations, the XML shouldn't be a problem at all, of course. But you said you were having problems using the web.xml-based configuration, too, right? When you type the URL into your browser, are you just typing the Hebrew right into the browser, or have you UTF/URL-escaped it first and then copy/pasted it into the browser (or, better yet, provide a link from another page that isn't giving you any problems). You might want to make sure that Tomcat is delivering all responses in UTF-8, so that the browser (hopefully) decides to send the URL for the *next* page in UTF-8 instead of some weird ISO-8859-1 mess. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbfNBIACgkQ9CaO5/Lv0PAEswCcD9K3iwDplOASR81WtIMQZVFb 77YAnisxPAcn8/vuAU1PNDQgnvGuLVlo =LmWf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection pool in a clustered environment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 3/8/16 2:27 PM, Daniel Savard wrote: > I wonder how you handle a pool of connections (not necessarily to > a database, think about something generic) in a clustered > environement. Generally, there is nothing to be done, here. Each node is considered completely separate with the exception of trading HttpSession informatio n. > I defined a pool of connections in my application context and I > did put it in the context with the setAttribute() method. Since > each instance is doing this, what will happen when an instance is > shutdown? I believe that no context-scoped data is sent between cluster nodes, so ... nothing will happen. > These connections depend on the IP/protocol/port on both sides. > So, since the instance is down, one party no longer exists. What > is happening if a take over instance receives an incoming request > which refers to one of these connections? > > Do I have to handle this in my code? Do I have to reinitialize the > connection pool if such an event happen? If your application maintains its own connection pool, then you should create it with each webapp start and destroy it with each webapp stop. I don't think there are any cluster-related issues, here. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbfMTIACgkQ9CaO5/Lv0PCL5gCguI2eODlB+8Brz9gpjJZGGzpM jD4An1Nag5xcNN+2vXKq7xpw6H8Gdhg/ =Gx0w -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Advice on Cluster in one machine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 3/8/16 2:20 PM, Daniel Savard wrote: > On the zero downtime deployments side, I would prefer a parallel > deployment approach. You can deploy a new version within the same > instance and have zero downtime as well without building a > cluster. > > I haven't experiment yet with this, but it is something I am > looking forward to test in short term. Having two JVMs also means that you can upgrade Tomcat and/or the JVM without bringing down the service. Of course, on a single machine, you would still need to bring down the service for package updates, etc. Then of course, there's VMs... it's possible to go completely crazy unless you take a step back and decide what your uptime requirements truly are. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbfK3IACgkQ9CaO5/Lv0PACqQCgrf9MsJ2UVfqAcYRur0ilpccb +JAAnjThwm8Y5yeAvpcSEKtlvyIClwid =AwVQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Connection pool in a clustered environment
Hi everyone, I wonder how you handle a pool of connections (not necessarily to a database, think about something generic) in a clustered environement. I defined a pool of connections in my application context and I did put it in the context with the setAttribute() method. Since each instance is doing this, what will happen when an instance is shutdown? These connections depend on the IP/protocol/port on both sides. So, since the instance is down, one party no longer exists. What is happening if a take over instance receives an incoming request which refers to one of these connections? Do I have to handle this in my code? Do I have to reinitialize the connection pool if such an event happen? Regards, - Daniel Savard - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Advice on Cluster in one machine
On the zero downtime deployments side, I would prefer a parallel deployment approach. You can deploy a new version within the same instance and have zero downtime as well without building a cluster. I haven't experiment yet with this, but it is something I am looking forward to test in short term. - Daniel Savard 2016-03-08 10:48 GMT-05:00 Christopher Schultz : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Edwin, > > On 3/8/16 8:19 AM, Edwin Quijada wrote: >> I am new using Tomcat so I have a question about performance. I >> have installed a cluster with 2 tomcats and apache webserver like >> proxy in front of Tomcat cluster but this whole thing is in one >> server, somebody tell me that is not useful beacuse is in the same >> server that is better give more resources to one tomcat and not >> split the resources in two. > > Performance-wise, your friend is right: a two-node cluster on one > machine is going to use more resources than a single node on that machin > e. > > However, running two cluster nodes on a single server isn't a > completely stupid idea. If you want to have zero-downtime deployments, > you can take one node down, upgrade it, then switch. So there's value > there. As for fault-tolerance, the single point of failure is the > whole machine: if that server isn't available, no services are available > . > > That's why people usually have a hardware load balancer (fairly > simple, fairly reliable) and several web/app servers, just in case one > of them fails. If one node fails, the service is still available. > >> Somebody here can give any advice about this configuration what do >> you think about this ? In this server I have websockets in cluster >> and I am having problems with websockets in cluster > > Clustering and websockets have little to do with one another, since > the connection goes to one node and the cluster really just manages > things like sessions (which are orthogonal to connections, protocols, > etc.). > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlbe9DcACgkQ9CaO5/Lv0PCvSACeP5LxHVddVmygYBSDCMy/bzyI > kcsAoMRRZOREaWubUGJFrviRSx/cVAUK > =1OIe > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Understanding how to controlling what data is written to log4j appenders
Chris -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, March 08, 2016 11:36 AM To: Tomcat Users List Subject: Re: Understanding how to controlling what data is written to log4j appenders [SNIP] > Yeah, it's a shame it's the case, but to understand how logging works, > you also have to understand how the logger configures itself (which isn't > a big deal), and that also means understanding how Java ClassLoaders work. > > I didn't even say anything about ClassLoaders, but that's why this is all > happening: when log4j is loaded, it only has visibility to the classes > that have been loaded by its own ClassLoader or those "higher up" in the > chain of ClassLoaders that go up to the initial ClassLoader that the JVM > starts to load everything. > > You can even break the chain of ClassLoaders a bit if you want. > > For example, Tomcat uses its own bootstrap ClassLoader to load some very > basic things, then loads the container in a separate ClassLoader so that > it doesn't interfere with anything the web applications are doin g. > > Then each web application gets its own ClassLoader which doesn't have > visibility into the server's ClassLoader. There are some games being > played with which classes are and are not available to either (or both) > Tomcat and the applications, much of which is not visible to the user > unless they (a) understand it and (b) configure it differently from the > default. Ah, OK, interesting - thanks for explaining that. > The upshot is that, if you have your own log4j.jar file bundled with your > application (which I think you *should*), then when you try to initialize > it, it will initialize based upon the application's logging configuration > and basically be completely separate from Tomcat's logging configuration. That's good to know and makes sense. > Then there is System.out, which is shared by everyone. So if your web > application's logger is configure to log to System.out, then Tomcat's logger > can capture that logging and *also* redirect it to wherever it wants. Thanks, I did not know that. Might be handy if refactoring the application to replace System.out with logger calls is prohibitive. > It's kind of like a river, where you can redirect the water almost wherever > you want (except that this river can also clone water molecules and send > them in two directions *at once*). Okay, terrible analogy. Sorry. Ha, ha, ha! :-) -- Cris Berneburg, Lead Software Engineer, CACI
Re: Mapping servlet to non English url pattern
Hello Christopher, thanks, responses below. On Tue, Mar 8, 2016 at 6:23 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Yuval, > > On 3/8/16 3:14 AM, Yuval Schwartz wrote: > > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux > > > > Hello, > > > > I want to map my servlet to a Hebrew url pattern. > > Hmm. > > > I tried placing the hebrew url pattern both in the "@webservlet" > > annotation (urlpatterns attribute) and in the the web.xml file. In > > both cases it doesn't work, it's as if there's nothing mapped to > > the url specified. > > > > I though to specify the URIEncoding parameter of the connector but > > saw that this defaults to "utf-8" in tomcat 8. > > Yes, it does. > > So you are trying to set the url-pattern for a servlet mapping? > > When you do it -- either using @WebServlet or -- can > you connect via JMX to observe the pattern that's been read into the > configuration? First, I'd want to make sure that the Hebrew characters > haven't been destroyed by the loading process of the XML file or by > the compiler, or even by Tomcat. > Can you give me some direction on how I would do this? Maybe a little more detail on jmx? There could be encoding/decoding going on in the browser (firefox) and in all the elements you mentioned on the server side. Any way to see the final String that the server is using to match the Url pattern? I've done a lot of guessing and checking. For example, I used the URLEncoder to get the encoded form of my urls and put that in the url pattern. Therefore, the xml loading process/compiler/tomcat/netbeans shouldn't do anything to change it (in the case where I encode the pattern), but the servlet still isn't found. Thanks. > Can you confirm that the browser is sending the URL without ruining it > as well? > > Tomcat's Mapper follows the spec-defined rules for mapping a URL to a > servlet, so it's possible that another servlet will take-over the > mapping, depending upon how it's defined. Remember, the spec says that > an exact-match wins, followed by a prefix-match (/foo/bar/baz/*) > (longest match wins), followed by an extension-match (*.img), followed > by things like welcome-file resources, etc. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlbe/IMACgkQ9CaO5/Lv0PCupACbBDmQYb9WmxM6R0F+FpKK6bB5 > /DMAnAv7tv6nYOcfQDXFl1NltegV47lA > =L+ec > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Advice on Cluster in one machine
On 3/8/2016 8:54 AM, Christopher Schultz wrote: > Edwin, > > On 3/8/16 11:46 AM, Edwin Quijada wrote: > > >> From: Christopher Schultz >> Sent: Tuesday, March 8, 2016 3:48 >> PM To: Tomcat Users List Subject: Re: Advice on Cluster in one >> machine > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > >> Edwin, > >> On 3/8/16 8:19 AM, Edwin Quijada wrote: >>> I am new using Tomcat so I have a question about performance. I >>> have installed a cluster with 2 tomcats and apache webserver >>> like proxy in front of Tomcat cluster but this whole thing is in >>> one server, somebody tell me that is not useful beacuse is in the >>> same server that is better give more resources to one tomcat and >>> not split the resources in two. > >> Performance-wise, your friend is right: a two-node cluster on one >> machine is going to use more resources than a single node on that >> machin e. > >> However, running two cluster nodes on a single server isn't a >> completely stupid idea. If you want to have zero-downtime >> deployments, you can take one node down, upgrade it, then switch. >> So there's value there. As for fault-tolerance, the single point of >> failure is the whole machine: if that server isn't available, no >> services are available . > >> That's why people usually have a hardware load balancer (fairly >> simple, fairly reliable) and several web/app servers, just in case >> one of them fails. If one node fails, the service is still >> available. > >>> Somebody here can give any advice about this configuration what >>> do you think about this ? In this server I have websockets in >>> cluster and I am having problems with websockets in cluster > >> Clustering and websockets have little to do with one another, >> since the connection goes to one node and the cluster really just >> manages things like sessions (which are orthogonal to connections, >> protocols, etc.). > >> OK, so if I want to run my app like myserver.com I can use apache >> like reverse proxy to do this and still working with websockets , >> I want to do this something like this > >> Apache -> Tomcat -> DB > >> but the websocket still works ? > > I'm not sure how well websockets work through httpd right now. I'm > certainly no expert on websocket, so someone else will have to give > you better information. Note that the database is also not relevant. > > But in general, yes, you can use httpd as a reverse proxy for multiple > Tomcats. > > -chris I'm not an expert on websockets either, but it looks like this: https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html will work. I'm not sure how to fit together all of the pieces, but it looks possible at least. . . . just my two cents /mde/ signature.asc Description: OpenPGP digital signature
Re: Understanding how to controlling what data is written to log4j appenders
Yes, I agree. I changed the file name in the default tomcat appender to be called tomcat and the one in the log4j file in the classes is called cfcc which makes more sense as that is the web applications context name. I'll keep plugging at it. I really thank you for your help. -Joleen On Tue, Mar 8, 2016 at 11:52 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Joleen, > > On 3/8/16 11:44 AM, Joleen Barker wrote: > > Hello Christopher, > > > > I thank you for your comments. I had changed the swallowOutput=true > > back when I changed the default tomcat logging to use the log4j > > properties files. I did rename the cfcc log I had to read tomcat > > and it comes up and captures the starting/stopping details but > > that's about it. There were a few other things but not many. I am > > not sure if you saw the 3rd log4j.properties set of details I > > placed in the email I sent with my configs. That held the changes I > > made to the vendors log4j. I left the CFCC appender in the classes > > log4j and changed the "stdout" to read CFCC and any logging that > > said "stdout" changed to CFCC. > > > > It was my hope that all the messages written would then go to my > > cfcc log but they didn't. I did see a few regarding SSH connections > > but that was all. The others are still going to the catalina.out. > > Remember that having two appenders to the same file is likely to cause > a problem. Especially if they are from two separate log4j.properties > files. > > You'll likely get two components opening the same file for writing. > Last one wins, and you'll get zero errors. > > > I will continue to work on this and test. > > > > If there is anything you think of and want to send it my way to try > > I will try it right away. > > > > I know that was very boring to read all that I posted. I thank > > everyone for their time. If I make progress and find the missing > > link I will send the results. > > Good luck. This stuff isn't always easy. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlbfA2AACgkQ9CaO5/Lv0PAATgCfRXXiwJk8AeeVycCZsAHJjTKu > uxIAmwWGQ180VdoFPxaadS33kik9xoe2 > =h5HR > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Advice on Cluster in one machine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Edwin, On 3/8/16 11:46 AM, Edwin Quijada wrote: > > > From: Christopher Schultz > Sent: Tuesday, March 8, 2016 3:48 > PM To: Tomcat Users List Subject: Re: Advice on Cluster in one > machine > > -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > > Edwin, > > On 3/8/16 8:19 AM, Edwin Quijada wrote: >> I am new using Tomcat so I have a question about performance. I >> have installed a cluster with 2 tomcats and apache webserver >> like proxy in front of Tomcat cluster but this whole thing is in >> one server, somebody tell me that is not useful beacuse is in the >> same server that is better give more resources to one tomcat and >> not split the resources in two. > > Performance-wise, your friend is right: a two-node cluster on one > machine is going to use more resources than a single node on that > machin e. > > However, running two cluster nodes on a single server isn't a > completely stupid idea. If you want to have zero-downtime > deployments, you can take one node down, upgrade it, then switch. > So there's value there. As for fault-tolerance, the single point of > failure is the whole machine: if that server isn't available, no > services are available . > > That's why people usually have a hardware load balancer (fairly > simple, fairly reliable) and several web/app servers, just in case > one of them fails. If one node fails, the service is still > available. > >> Somebody here can give any advice about this configuration what >> do you think about this ? In this server I have websockets in >> cluster and I am having problems with websockets in cluster > > Clustering and websockets have little to do with one another, > since the connection goes to one node and the cluster really just > manages things like sessions (which are orthogonal to connections, > protocols, etc.). > > OK, so if I want to run my app like myserver.com I can use apache > like reverse proxy to do this and still working with websockets , > I want to do this something like this > > Apache -> Tomcat -> DB > > but the websocket still works ? I'm not sure how well websockets work through httpd right now. I'm certainly no expert on websocket, so someone else will have to give you better information. Note that the database is also not relevant. But in general, yes, you can use httpd as a reverse proxy for multiple Tomcats. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbfA74ACgkQ9CaO5/Lv0PDVUQCgw6fUafLXMoCKsEGW5ucUxgjx gfEAoKJHYBWtn7MAdhGYlllsgcSZeuah =YX3V -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Understanding how to controlling what data is written to log4j appenders
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joleen, On 3/8/16 11:44 AM, Joleen Barker wrote: > Hello Christopher, > > I thank you for your comments. I had changed the swallowOutput=true > back when I changed the default tomcat logging to use the log4j > properties files. I did rename the cfcc log I had to read tomcat > and it comes up and captures the starting/stopping details but > that's about it. There were a few other things but not many. I am > not sure if you saw the 3rd log4j.properties set of details I > placed in the email I sent with my configs. That held the changes I > made to the vendors log4j. I left the CFCC appender in the classes > log4j and changed the "stdout" to read CFCC and any logging that > said "stdout" changed to CFCC. > > It was my hope that all the messages written would then go to my > cfcc log but they didn't. I did see a few regarding SSH connections > but that was all. The others are still going to the catalina.out. Remember that having two appenders to the same file is likely to cause a problem. Especially if they are from two separate log4j.properties files. You'll likely get two components opening the same file for writing. Last one wins, and you'll get zero errors. > I will continue to work on this and test. > > If there is anything you think of and want to send it my way to try > I will try it right away. > > I know that was very boring to read all that I posted. I thank > everyone for their time. If I make progress and find the missing > link I will send the results. Good luck. This stuff isn't always easy. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbfA2AACgkQ9CaO5/Lv0PAATgCfRXXiwJk8AeeVycCZsAHJjTKu uxIAmwWGQ180VdoFPxaadS33kik9xoe2 =h5HR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Advice on Cluster in one machine
From: Christopher Schultz Sent: Tuesday, March 8, 2016 3:48 PM To: Tomcat Users List Subject: Re: Advice on Cluster in one machine -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Edwin, On 3/8/16 8:19 AM, Edwin Quijada wrote: > I am new using Tomcat so I have a question about performance. I > have installed a cluster with 2 tomcats and apache webserver like > proxy in front of Tomcat cluster but this whole thing is in one > server, somebody tell me that is not useful beacuse is in the same > server that is better give more resources to one tomcat and not > split the resources in two. Performance-wise, your friend is right: a two-node cluster on one machine is going to use more resources than a single node on that machin e. However, running two cluster nodes on a single server isn't a completely stupid idea. If you want to have zero-downtime deployments, you can take one node down, upgrade it, then switch. So there's value there. As for fault-tolerance, the single point of failure is the whole machine: if that server isn't available, no services are available . That's why people usually have a hardware load balancer (fairly simple, fairly reliable) and several web/app servers, just in case one of them fails. If one node fails, the service is still available. > Somebody here can give any advice about this configuration what do > you think about this ? In this server I have websockets in cluster > and I am having problems with websockets in cluster Clustering and websockets have little to do with one another, since the connection goes to one node and the cluster really just manages things like sessions (which are orthogonal to connections, protocols, etc.). OK, so if I want to run my app like myserver.com I can use apache like reverse proxy to do this and still working with websockets , I want to do this something like this Apache -> Tomcat -> DB but the websocket still works ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Understanding how to controlling what data is written to log4j appenders
Hello Christopher, I thank you for your comments. I had changed the swallowOutput=true back when I changed the default tomcat logging to use the log4j properties files. I did rename the cfcc log I had to read tomcat and it comes up and captures the starting/stopping details but that's about it. There were a few other things but not many. I am not sure if you saw the 3rd log4j.properties set of details I placed in the email I sent with my configs. That held the changes I made to the vendors log4j. I left the CFCC appender in the classes log4j and changed the "stdout" to read CFCC and any logging that said "stdout" changed to CFCC. It was my hope that all the messages written would then go to my cfcc log but they didn't. I did see a few regarding SSH connections but that was all. The others are still going to the catalina.out. I will continue to work on this and test. If there is anything you think of and want to send it my way to try I will try it right away. I know that was very boring to read all that I posted. I thank everyone for their time. If I make progress and find the missing link I will send the results. -Joleen On Tue, Mar 8, 2016 at 11:16 AM, Cris Berneburg - US wrote: > Chris, > > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Tuesday, March 08, 2016 10:44 AM > To: Tomcat Users List > Subject: Re: Understanding how to controlling what data is written to > log4j appenders > > [SNIP] > > >> # stdout is set to be a ConsoleAppender. > >> log4j.appender.stdout=org.apache.log4j.ConsoleAppender > > > > This is what is killing you, plus everything that looks like this: > > > > log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, stdou > t > > > > Everything that says log4j.logger.[something]=[level], stdout > > > > Is going to send those log messages to the "stdout" appender, which is > tied > > to System.out. You'll need to do one of two things to dig yourself out: > > > > 1. Use swallowOutput="true" on your , which performs some magic > to take > > System.out from applications' calls and redirect it elsewhere else (to > the tomcat- > > defined loggers that can be configured in Tomcat's log4j.properties > file). > > > > 2. Change the "stdout" appender to be something other than > ConsoleAppender, and > > point it at a file on the disk. > > > > I'm not a fan of the first option, but it's sometimes the quickest way > to handle > > everything all at once, and usually doesn't require any changes to the > application's > > configuration. > > [SNIP] > > >> # Set root logger level to ERROR and its only appender to stdout. > >> log4j.rootLogger=ERROR, CFCC > >> > >> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender > > > > That should probably work. > > > > But if you removed log4j.jar from the application, only the global > log4j.properties > > file will be read. It's okay to have log4j.jar in the bin/ directory as > well as your > > webapp's WEB-INF/lib directory. The former will run/configure Tomcat's > logging, and > > the latter will run/configure the application's logging. In fact, if the > application > > initializes log4j itself (usually by creating a new PropertyConfigurator > object), then > > weird things can happen with the application re-defining the global > configuration for > > Tomcat. > > > > I'd recommend having two .jar files and two .properties files, just to > be safe. > > Thanks for taking the time to explain these 2 concepts. It has helped me, > and hopefully the question's originator, understand the interaction between > Tomcat and log4j a little better. > > -- > Cris Berneburg, Lead Software Engineer, CACI > >
Re: Understanding how to controlling what data is written to log4j appenders
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cris, On 3/8/16 11:16 AM, Cris Berneburg - US wrote: > Chris, > > -Original Message- From: Christopher Schultz > [mailto:ch...@christopherschultz.net] Sent: Tuesday, March 08, 2016 > 10:44 AM To: Tomcat Users List Subject: Re: Understanding how to > controlling what data is written to log4j appenders > > [SNIP] > >>> # stdout is set to be a ConsoleAppender. >>> log4j.appender.stdout=org.apache.log4j.ConsoleAppender >> >> This is what is killing you, plus everything that looks like >> this: >> >> log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, >> stdou t >> >> Everything that says log4j.logger.[something]=[level], stdout >> >> Is going to send those log messages to the "stdout" appender, >> which is tied to System.out. You'll need to do one of two things >> to dig yourself out: >> >> 1. Use swallowOutput="true" on your , which performs >> some magic to take System.out from applications' calls and >> redirect it elsewhere else (to the tomcat- defined loggers that >> can be configured in Tomcat's log4j.properties file). >> >> 2. Change the "stdout" appender to be something other than >> ConsoleAppender, and point it at a file on the disk. >> >> I'm not a fan of the first option, but it's sometimes the >> quickest way to handle everything all at once, and usually >> doesn't require any changes to the application's configuration. > > [SNIP] > >>> # Set root logger level to ERROR and its only appender to >>> stdout. log4j.rootLogger=ERROR, CFCC >>> >>> log4j.appender.CFCC = >>> org.apache.log4j.DailyRollingFileAppender >> >> That should probably work. >> >> But if you removed log4j.jar from the application, only the >> global log4j.properties file will be read. It's okay to have >> log4j.jar in the bin/ directory as well as your webapp's >> WEB-INF/lib directory. The former will run/configure Tomcat's >> logging, and the latter will run/configure the application's >> logging. In fact, if the application initializes log4j itself >> (usually by creating a new PropertyConfigurator object), then >> weird things can happen with the application re-defining the >> global configuration for Tomcat. >> >> I'd recommend having two .jar files and two .properties files, >> just to be safe. > > Thanks for taking the time to explain these 2 concepts. It has > helped me, and hopefully the question's originator, understand the > interaction between Tomcat and log4j a little better. Yeah, it's a shame it's the case, but to understand how logging works, you also have to understand how the logger configures itself (which isn't a big deal), and that also means understanding how Java ClassLoaders work. I didn't even say anything about ClassLoaders, but that's why this is all happening: when log4j is loaded, it only has visibility to the classes that have been loaded by its own ClassLoader or those "higher up" in the chain of ClassLoaders that go up to the initial ClassLoader that the JVM starts to load everything. You can even break the chain of ClassLoaders a bit if you want. For example, Tomcat uses its own bootstrap ClassLoader to load some very basic things, then loads the container in a separate ClassLoader so that it doesn't interfere with anything the web applications are doin g. Then each web application gets its own ClassLoader which doesn't have visibility into the server's ClassLoader. There are some games being played with which classes are and are not available to either (or both) Tomcat and the applications, much of which is not visible to the user unless they (a) understand it and (b) configure it differently from the default. The upshot is that, if you have your own log4j.jar file bundled with your application (which I think you *should*), then when you try to initialize it, it will initialize based upon the application's logging configuration and basically be completely separate from Tomcat's logging configuration. Then there is System.out, which is shared by everyone. So if your web application's logger is configure to log to System.out, then Tomcat's logger can capture that logging and *also* redirect it to wherever it wants. It's kind of like a river, where you can redirect the water almost wherever you want (except that this river can also clone water molecules and send them in two directions *at once*). Okay, terrible analogy. Sorry. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbe/2sACgkQ9CaO5/Lv0PCDFACgoMbWEU6jFVj4sfuw54I/61Ck WmMAn3ZbQOJQvPmvcu5wdY4zSFXS76Fw =q5s7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Warning response header
On Tue, Mar 8, 2016 at 10:58 AM, Mark Eggers wrote: > Chris, > > On 3/8/2016 7:52 AM, Christopher Schultz wrote: > > Mark, > > > > On 3/7/16 5:47 PM, Mark Eggers wrote: > >> Sean, > > > >> I just noticed something else: > > > >> On 3/7/2016 2:11 PM, Sean Dawson wrote: > >>> On Sun, Mar 6, 2016 at 12:48 PM, Sean Dawson > >>> wrote: > >>> > > Tomcat 8_32 Windows 7 Java 8_51 RestEasy 3.0.11.Final GWT 2.7.0 > (Jetty jetty-9.3.5.v20151012) > > Servlet code makes a RestEasy call to another servlet (same > container) - second servlet sets the 'Warning' HTTP header on > response. Would like to access that in first servlet but when > running in Tomcat, that header is not included. > > Code to get header in first servlet: > > Object headers = ((ClientResponseFailure) > e).getResponse().getResponseHeaders().get("Warning"); > > Also tried: getHeaders(), getStringHeaders(), and > getHeaderString(). > > When running GWT in superdev mode in IntelliJ (15.0.4) using > Jetty, the above returns a List with one item that contains the > warning string. When remote debugging Tomcat, that call > returns null. > > Added this to web app xml, and also tried Tomcat > conf/web.xml... > > CorsFilter > org.apache.catalina.filters.CorsFilter > > > > > cors.exposed.headers > Warning > CorsFilter > /* > > Also tried cors.allowed.headers. > > Any pointers? > > > >>> > >>> Alright, lets try this again. Simple reproducible testcase... > >>> > >>> - download latest Tomcat 8 for Windows 64-bit zip > >>> http://mirrors.ocf.berkeley.edu/apache/tomcat/tomcat-8/v8.0.32/bin/ap > > ache-tomcat-8.0.32-windows-x64.zip > >>> > >>> > > - extract somewhere > >>> - delete everything in webapps folder - build project below, put > >>> in webapps folder - go to: http://localhost:8080/one - check > >>> response headers... no Warning header > >>> > >>> ** pom.xml ** > >>> > >>> http://maven.apache.org/POM/4.0.0"; > >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >>> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > >>> http://maven.apache.org/maven-v4_0_0.xsd";> > >>> 4.0.0 > >>> > >>> test tcTest > >>> war 1.0-SNAPSHOT > >>> > >>> tcTest Maven Webapp > >>> http://maven.apache.org > >>> > >>> org.glassfish > >>> javax.servlet 3.1.1 > >>> org.jboss.resteasy > >>> resteasy-client > >>> 3.0.11.Final > >>> > >>> ROOT > >>> > >>> > >>> ** web.xml ** > >>> > >>> > >>> >>> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"; > > >>> > >>> Archetype Created Web > >>> Application > >>> > >>> One > >>> pkg.ServletOne > >>> > >>> One > >>> /one/* > >>> > >>> Two > >>> pkg.ServletTwo > >>> > >>> Two > >>> /two/* > >>> > >>> > >>> ** index.html ** > >>> > >>> > >>> Hello World! > >>> > >>> > >>> ** Caller interface ** > >>> > >>> > >>> package pkg; > >>> > >>> import javax.ws.rs.GET; import javax.ws.rs.Path; > >>> > >>> public interface Caller { @GET @Path("two") String makeCall(); } > >>> > >>> > >>> > >>> ** Servlet one ** > >>> > >>> > >>> package pkg; > >>> > >>> import java.io.IOException; > >>> > >>> import javax.servlet.ServletException; import > >>> javax.servlet.http.HttpServlet; import > >>> javax.servlet.http.HttpServletRequest; import > >>> javax.servlet.http.HttpServletResponse; import > >>> javax.ws.rs.core.MediaType; > >>> > >>> import org.jboss.resteasy.client.ProxyBuilder; > >>> > >>> public class ServletOne extends HttpServlet { Caller caller; > >>> > >>> @Override public void init() throws ServletException { caller = > >>> ProxyBuilder.build(Caller.class, "http://localhost:8080";).now(); > >>> } > >>> > >>> @Override protected void doGet(HttpServletRequest request, > >>> HttpServletResponse response) throws ServletException, > >>> IOException { String result = caller.makeCall(); > >>> response.getWriter().println(result); } } > >>> > >>> > >>> ** Servlet two ** > >>> > >>> > >>> package pkg; > >>> > >>> import java.io.IOException; > >>> > >>> import javax.servlet.ServletException; import > >>> javax.servlet.http.HttpServlet; import > >>> javax.servlet.http.HttpServletRequest; import > >>> javax.servlet.http.HttpServletResponse; > >>> > >>> public class ServletTwo extends HttpServlet { @Override protected > >>> void doGet(HttpServletRequest request, HttpServletResponse > >>> response) throws ServletException, IOException { > >>> addHeader(response); response.getWriter().println("Ok"); } > >>> > >>> void addHeader(HttpServletResponse response) { > >>> response.setHeader("Warning", "This is a warning"); // also tried > >>> addHeader() } } > >>> > > > >> >> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"; > > > > >> Should probably be: > > > >> http://xmlns.jcp.org/xml/ns/javaee"; > >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >> xsi:schemaLocation="http://xmlns.jcp.org/x
Re: Mapping servlet to non English url pattern
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 3/8/16 3:14 AM, Yuval Schwartz wrote: > Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux > > Hello, > > I want to map my servlet to a Hebrew url pattern. Hmm. > I tried placing the hebrew url pattern both in the "@webservlet" > annotation (urlpatterns attribute) and in the the web.xml file. In > both cases it doesn't work, it's as if there's nothing mapped to > the url specified. > > I though to specify the URIEncoding parameter of the connector but > saw that this defaults to "utf-8" in tomcat 8. Yes, it does. So you are trying to set the url-pattern for a servlet mapping? When you do it -- either using @WebServlet or -- can you connect via JMX to observe the pattern that's been read into the configuration? First, I'd want to make sure that the Hebrew characters haven't been destroyed by the loading process of the XML file or by the compiler, or even by Tomcat. Can you confirm that the browser is sending the URL without ruining it as well? Tomcat's Mapper follows the spec-defined rules for mapping a URL to a servlet, so it's possible that another servlet will take-over the mapping, depending upon how it's defined. Remember, the spec says that an exact-match wins, followed by a prefix-match (/foo/bar/baz/*) (longest match wins), followed by an extension-match (*.img), followed by things like welcome-file resources, etc. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbe/IMACgkQ9CaO5/Lv0PCupACbBDmQYb9WmxM6R0F+FpKK6bB5 /DMAnAv7tv6nYOcfQDXFl1NltegV47lA =L+ec -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Understanding how to controlling what data is written to log4j appenders
Chris, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, March 08, 2016 10:44 AM To: Tomcat Users List Subject: Re: Understanding how to controlling what data is written to log4j appenders [SNIP] >> # stdout is set to be a ConsoleAppender. >> log4j.appender.stdout=org.apache.log4j.ConsoleAppender > > This is what is killing you, plus everything that looks like this: > > log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, stdou t > > Everything that says log4j.logger.[something]=[level], stdout > > Is going to send those log messages to the "stdout" appender, which is tied > to System.out. You'll need to do one of two things to dig yourself out: > > 1. Use swallowOutput="true" on your , which performs some magic to > take > System.out from applications' calls and redirect it elsewhere else (to the > tomcat- > defined loggers that can be configured in Tomcat's log4j.properties file). > > 2. Change the "stdout" appender to be something other than ConsoleAppender, > and > point it at a file on the disk. > > I'm not a fan of the first option, but it's sometimes the quickest way to > handle > everything all at once, and usually doesn't require any changes to the > application's > configuration. [SNIP] >> # Set root logger level to ERROR and its only appender to stdout. >> log4j.rootLogger=ERROR, CFCC >> >> log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender > > That should probably work. > > But if you removed log4j.jar from the application, only the global > log4j.properties > file will be read. It's okay to have log4j.jar in the bin/ directory as well > as your > webapp's WEB-INF/lib directory. The former will run/configure Tomcat's > logging, and > the latter will run/configure the application's logging. In fact, if the > application > initializes log4j itself (usually by creating a new PropertyConfigurator > object), then > weird things can happen with the application re-defining the global > configuration for > Tomcat. > > I'd recommend having two .jar files and two .properties files, just to be > safe. Thanks for taking the time to explain these 2 concepts. It has helped me, and hopefully the question's originator, understand the interaction between Tomcat and log4j a little better. -- Cris Berneburg, Lead Software Engineer, CACI
Re: Question about your recent security (CVE-2015-5345) fix in 7.0.68 build
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Harish, On 3/7/16 6:02 PM, Harish Krishnan wrote: > Unfortunately, i still could not verify this vulnerability as it > still appears not fixed & my requests get redirected. What makes you think that the requests should not be redirected? > Instead of using the manager webapp that comes default in tomcat, > we created a sample webapp with the following security constraint > - > hello.html > > sercure-hello > /* > > NONE > > > Accessing http://localhost:8080/a (which exist) gets redirected to > http://localhost:8080/a/ & then get 404. Accessing > http://localhost:8080/b (does not exist) simply gets 404. Where did you deploy this sample web application? > I have set the context attribute (mapperContextRootRedirectEnabled) > as well - antiResourceLocking="false" privileged="true"> > > My question simply boils down to, What additional setting i need to > do for the above redirect to NOT happen. Which redirect? A redirect for a protected directory inside of a deployed web application (which is what this CVE covers) or the redirect for a deployed web application (which is not what this CVE covers)? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbe9twACgkQ9CaO5/Lv0PBaqQCeMMYqM8+hPnekw1NM8I5NNa0J uaQAn2Kp35FIKikIFfZdlao4Un1NCNGe =/uiq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Warning response header
Chris, On 3/8/2016 7:52 AM, Christopher Schultz wrote: > Mark, > > On 3/7/16 5:47 PM, Mark Eggers wrote: >> Sean, > >> I just noticed something else: > >> On 3/7/2016 2:11 PM, Sean Dawson wrote: >>> On Sun, Mar 6, 2016 at 12:48 PM, Sean Dawson >>> wrote: >>> Tomcat 8_32 Windows 7 Java 8_51 RestEasy 3.0.11.Final GWT 2.7.0 (Jetty jetty-9.3.5.v20151012) Servlet code makes a RestEasy call to another servlet (same container) - second servlet sets the 'Warning' HTTP header on response. Would like to access that in first servlet but when running in Tomcat, that header is not included. Code to get header in first servlet: Object headers = ((ClientResponseFailure) e).getResponse().getResponseHeaders().get("Warning"); Also tried: getHeaders(), getStringHeaders(), and getHeaderString(). When running GWT in superdev mode in IntelliJ (15.0.4) using Jetty, the above returns a List with one item that contains the warning string. When remote debugging Tomcat, that call returns null. Added this to web app xml, and also tried Tomcat conf/web.xml... CorsFilter org.apache.catalina.filters.CorsFilter > cors.exposed.headers Warning CorsFilter /* Also tried cors.allowed.headers. Any pointers? >>> >>> Alright, lets try this again. Simple reproducible testcase... >>> >>> - download latest Tomcat 8 for Windows 64-bit zip >>> http://mirrors.ocf.berkeley.edu/apache/tomcat/tomcat-8/v8.0.32/bin/ap > ache-tomcat-8.0.32-windows-x64.zip >>> >>> > - extract somewhere >>> - delete everything in webapps folder - build project below, put >>> in webapps folder - go to: http://localhost:8080/one - check >>> response headers... no Warning header >>> >>> ** pom.xml ** >>> >>> http://maven.apache.org/POM/4.0.0"; >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >>> http://maven.apache.org/maven-v4_0_0.xsd";> >>> 4.0.0 >>> >>> test tcTest >>> war 1.0-SNAPSHOT >>> >>> tcTest Maven Webapp >>> http://maven.apache.org >>> >>> org.glassfish >>> javax.servlet 3.1.1 >>> org.jboss.resteasy >>> resteasy-client >>> 3.0.11.Final >>> >>> ROOT >>> >>> >>> ** web.xml ** >>> >>> >>> >> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"; > >>> >>> Archetype Created Web >>> Application >>> >>> One >>> pkg.ServletOne >>> >>> One >>> /one/* >>> >>> Two >>> pkg.ServletTwo >>> >>> Two >>> /two/* >>> >>> >>> ** index.html ** >>> >>> >>> Hello World! >>> >>> >>> ** Caller interface ** >>> >>> >>> package pkg; >>> >>> import javax.ws.rs.GET; import javax.ws.rs.Path; >>> >>> public interface Caller { @GET @Path("two") String makeCall(); } >>> >>> >>> >>> ** Servlet one ** >>> >>> >>> package pkg; >>> >>> import java.io.IOException; >>> >>> import javax.servlet.ServletException; import >>> javax.servlet.http.HttpServlet; import >>> javax.servlet.http.HttpServletRequest; import >>> javax.servlet.http.HttpServletResponse; import >>> javax.ws.rs.core.MediaType; >>> >>> import org.jboss.resteasy.client.ProxyBuilder; >>> >>> public class ServletOne extends HttpServlet { Caller caller; >>> >>> @Override public void init() throws ServletException { caller = >>> ProxyBuilder.build(Caller.class, "http://localhost:8080";).now(); >>> } >>> >>> @Override protected void doGet(HttpServletRequest request, >>> HttpServletResponse response) throws ServletException, >>> IOException { String result = caller.makeCall(); >>> response.getWriter().println(result); } } >>> >>> >>> ** Servlet two ** >>> >>> >>> package pkg; >>> >>> import java.io.IOException; >>> >>> import javax.servlet.ServletException; import >>> javax.servlet.http.HttpServlet; import >>> javax.servlet.http.HttpServletRequest; import >>> javax.servlet.http.HttpServletResponse; >>> >>> public class ServletTwo extends HttpServlet { @Override protected >>> void doGet(HttpServletRequest request, HttpServletResponse >>> response) throws ServletException, IOException { >>> addHeader(response); response.getWriter().println("Ok"); } >>> >>> void addHeader(HttpServletResponse response) { >>> response.setHeader("Warning", "This is a warning"); // also tried >>> addHeader() } } >>> > >> > Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"; > > >> Should probably be: > >> http://xmlns.jcp.org/xml/ns/javaee"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee >> http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"; version="3.1"> > >> (sorry for the word wrapping). > >> I normally don't use web.xml in my 3.1 applications. I end up >> using annotations instead. > > It probably doesn't matter, since the servlet EG clarified that a > container needs to behave the same regardless of the spec-version > stated in the web.xml file. (Wh
Re: Warning response header
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 3/7/16 5:47 PM, Mark Eggers wrote: > Sean, > > I just noticed something else: > > On 3/7/2016 2:11 PM, Sean Dawson wrote: >> On Sun, Mar 6, 2016 at 12:48 PM, Sean Dawson >> wrote: >> >>> >>> Tomcat 8_32 Windows 7 Java 8_51 RestEasy 3.0.11.Final GWT 2.7.0 >>> (Jetty jetty-9.3.5.v20151012) >>> >>> Servlet code makes a RestEasy call to another servlet (same >>> container) - second servlet sets the 'Warning' HTTP header on >>> response. Would like to access that in first servlet but when >>> running in Tomcat, that header is not included. >>> >>> Code to get header in first servlet: >>> >>> Object headers = ((ClientResponseFailure) >>> e).getResponse().getResponseHeaders().get("Warning"); >>> >>> Also tried: getHeaders(), getStringHeaders(), and >>> getHeaderString(). >>> >>> When running GWT in superdev mode in IntelliJ (15.0.4) using >>> Jetty, the above returns a List with one item that contains the >>> warning string. When remote debugging Tomcat, that call >>> returns null. >>> >>> Added this to web app xml, and also tried Tomcat >>> conf/web.xml... >>> >>> CorsFilter >>> org.apache.catalina.filters.CorsFilter >>> >>> >>> cors.exposed.headers >>> Warning >>> CorsFilter >>> /* >>> >>> Also tried cors.allowed.headers. >>> >>> Any pointers? >>> >>> >> >> Alright, lets try this again. Simple reproducible testcase... >> >> - download latest Tomcat 8 for Windows 64-bit zip >> http://mirrors.ocf.berkeley.edu/apache/tomcat/tomcat-8/v8.0.32/bin/ap ache-tomcat-8.0.32-windows-x64.zip >> >> - - extract somewhere >> - delete everything in webapps folder - build project below, put >> in webapps folder - go to: http://localhost:8080/one - check >> response headers... no Warning header >> >> ** pom.xml ** >> >> http://maven.apache.org/POM/4.0.0"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >> http://maven.apache.org/maven-v4_0_0.xsd";> >> 4.0.0 >> >> test tcTest >> war 1.0-SNAPSHOT >> >> tcTest Maven Webapp >> http://maven.apache.org >> >> org.glassfish >> javax.servlet 3.1.1 >> org.jboss.resteasy >> resteasy-client >> 3.0.11.Final >> >> ROOT >> >> >> ** web.xml ** >> >> >> > Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"; > >> >> Archetype Created Web >> Application >> >> One >> pkg.ServletOne >> >> One >> /one/* >> >> Two >> pkg.ServletTwo >> >> Two >> /two/* >> >> >> ** index.html ** >> >> >> Hello World! >> >> >> ** Caller interface ** >> >> >> package pkg; >> >> import javax.ws.rs.GET; import javax.ws.rs.Path; >> >> public interface Caller { @GET @Path("two") String makeCall(); } >> >> >> >> ** Servlet one ** >> >> >> package pkg; >> >> import java.io.IOException; >> >> import javax.servlet.ServletException; import >> javax.servlet.http.HttpServlet; import >> javax.servlet.http.HttpServletRequest; import >> javax.servlet.http.HttpServletResponse; import >> javax.ws.rs.core.MediaType; >> >> import org.jboss.resteasy.client.ProxyBuilder; >> >> public class ServletOne extends HttpServlet { Caller caller; >> >> @Override public void init() throws ServletException { caller = >> ProxyBuilder.build(Caller.class, "http://localhost:8080";).now(); >> } >> >> @Override protected void doGet(HttpServletRequest request, >> HttpServletResponse response) throws ServletException, >> IOException { String result = caller.makeCall(); >> response.getWriter().println(result); } } >> >> >> ** Servlet two ** >> >> >> package pkg; >> >> import java.io.IOException; >> >> import javax.servlet.ServletException; import >> javax.servlet.http.HttpServlet; import >> javax.servlet.http.HttpServletRequest; import >> javax.servlet.http.HttpServletResponse; >> >> public class ServletTwo extends HttpServlet { @Override protected >> void doGet(HttpServletRequest request, HttpServletResponse >> response) throws ServletException, IOException { >> addHeader(response); response.getWriter().println("Ok"); } >> >> void addHeader(HttpServletResponse response) { >> response.setHeader("Warning", "This is a warning"); // also tried >> addHeader() } } >> > > Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"; > > > Should probably be: > > http://xmlns.jcp.org/xml/ns/javaee"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee > http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"; version="3.1"> > > (sorry for the word wrapping). > > I normally don't use web.xml in my 3.1 applications. I end up > using annotations instead. It probably doesn't matter, since the servlet EG clarified that a container needs to behave the same regardless of the spec-version stated in the web.xml file. (Which I think is a very stupid position to take.) The behavior is supposed to be whatever the highest spec-compliance version the container su
Re: Understanding how to controlling what data is written to log4j appenders
On 08.03.2016 15:15, Joleen Barker wrote: Thank you for the idea. Worst case scenario, that is what I would have to do but I'm hoping someone that may have more experience than myself with be able to see that one thing I am missing. Another pair of eyes is always a good thing. Unfortunately Joleen, you are here encountering the typical "irresistible force against unmovable object" paradigm. Every programmer in the world suffers from hubris and laziness. Java and Tomcat programmers are no different. Logging is boring, and it is thus not something that the average program author thinks about very much or spends a lot of time on, until their supposedly perfect opus (here the hubris element) crashes badly, and they are at a loss to explain where or why. And when that happens, rather than going through the code again, and insert the simple and explicit logging statements which could have been there in the first place, they would much rather "delegate" the work to some outside agent, whose setup is preferably to be done by someone else (here the laziness element). And since this external logging agent has no idea of the logic of the piece of code it is supposed to log things about, perforce it has to be some quite complex opus itself, with a lot of cryptic configuration elements telling it where to insert itself, what to pick up and where to send it. Hence something like log4j (which is in itself an admirable piece of work, and may well be an opus of a magnitude and complexity similar to Tomcat, say. Ok, not quite; it's jar file is only about 1/3 the size of the Tomcat jars). So anyway, in the same way that no normal programmer really likes going through the code of someone else and attempting to understand it, not many people like to go through the log4j configuration file of someone else (which pretty much looks like its own programming language). So unless you find a really empathic soul here, it looks like you may now be pretty much on your own now, or to say this more canonically : the implementation details are left as an exercise to the reader. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Advice on Cluster in one machine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Edwin, On 3/8/16 8:19 AM, Edwin Quijada wrote: > I am new using Tomcat so I have a question about performance. I > have installed a cluster with 2 tomcats and apache webserver like > proxy in front of Tomcat cluster but this whole thing is in one > server, somebody tell me that is not useful beacuse is in the same > server that is better give more resources to one tomcat and not > split the resources in two. Performance-wise, your friend is right: a two-node cluster on one machine is going to use more resources than a single node on that machin e. However, running two cluster nodes on a single server isn't a completely stupid idea. If you want to have zero-downtime deployments, you can take one node down, upgrade it, then switch. So there's value there. As for fault-tolerance, the single point of failure is the whole machine: if that server isn't available, no services are available . That's why people usually have a hardware load balancer (fairly simple, fairly reliable) and several web/app servers, just in case one of them fails. If one node fails, the service is still available. > Somebody here can give any advice about this configuration what do > you think about this ? In this server I have websockets in cluster > and I am having problems with websockets in cluster Clustering and websockets have little to do with one another, since the connection goes to one node and the cluster really just manages things like sessions (which are orthogonal to connections, protocols, etc.). - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbe9DcACgkQ9CaO5/Lv0PCvSACeP5LxHVddVmygYBSDCMy/bzyI kcsAoMRRZOREaWubUGJFrviRSx/cVAUK =1OIe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Understanding how to controlling what data is written to log4j appenders
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joleen, On 3/7/16 12:31 PM, Joleen Barker wrote: > The only thing I can think of to help you understand where I am at > is to post the different log4j.properties config files I have. So I > will post the one I have that went in for my default Tomcat > messages and is working fine. Perfect. > Updated log4j.properties file I now use in my CATALINA/lib > directory and is my base of my understanding for the changes I made > to the Vendor's log4j.properties file. > > My appender that rolls daily is CFCC and is getting most of what > was in the catalina.out log originally (this one I was happy > with): > > log4j.rootLogger = INFO, CATALINA This one looks fine. > Below this line is the Vendor's original one that was in the > /classes directory ( I also removed their > log4j-1.2.8-1.jar that was in the /lib directory folder as > it was older than the one I was using that is log4j-1.2.17.jar): (most of this is boring) > # Set root logger level to ERROR and its only appender to stdout. > log4j.rootLogger=ERROR, stdout Interesting, but only until: > # stdout is set to be a ConsoleAppender. > log4j.appender.stdout=org.apache.log4j.ConsoleAppender This is what is killing you, plus everything that looks like this: log4j.logger.com.proginet.sift.struts=${cfi.struts.logging.level}, stdou t Everything that says log4j.logger.[something]=[level], stdout Is going to send those log messages to the "stdout" appender, which is tied to System.out. You'll need to do one of two things to dig yourself out: 1. Use swallowOutput="true" on your , which performs some magic to take System.out from applications' calls and redirect it elsewhere else (to the tomcat-defined loggers that can be configured in Tomcat's log4j.properties file). 2. Change the "stdout" appender to be something other than ConsoleAppender, and point it at a file on the disk. I'm not a fan of the first option, but it's sometimes the quickest way to handle everything all at once, and usually doesn't require any changes to the application's configuration. > Below this line is my updated vendor log4j.properties file (I > really just added my CFCC appender information and changed anything > that read to use "stdout" since the log4j.rootLogger was set to > that to "CFCC" and then moved any logger and additivity to the > bottom of the file. But I'm thinking I may need to give the Tomcat > log4j CFCC appender a different file name to separate the > application log information from Tomcats log4j output that gets > written to the CFCC appender now. I also don't know what happens > to the rollover if the two arr referencing the same file name. I > was thinking it may roll over twice of something. What do you > think, can they both use the same one? I was trying to make it > similar to what happens in the product by default.) > > > # Set root logger level to ERROR and its only appender to stdout. > log4j.rootLogger=ERROR, CFCC > > log4j.appender.CFCC = org.apache.log4j.DailyRollingFileAppender That should probably work. But if you removed log4j.jar from the application, only the global log4j.properties file will be read. It's okay to have log4j.jar in the bin/ directory as well as your webapp's WEB-INF/lib directory. The former will run/configure Tomcat's logging, and the latter will run/configure the application's logging. In fact, if the application initializes log4j itself (usually by creating a new PropertyConfigurator object), then weird things can happen with the application re-defining the global configuration for Tomcat. I'd recommend having two .jar files and two .properties files, just to be safe. > # stdout is set to be a ConsoleAppender. > log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender > log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout > log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [%t] > %-5p %c %x - %m%n The comment is wrong; the ConsuleAppender is called CONSOLE, not stdout. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbe8zIACgkQ9CaO5/Lv0PD6/gCfabK0eTyRhBgC/cNDj8fAV3L0 1csAniZXE2j9DPzqYg2vPEGs+KwzNegn =PKZ3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Advice on Cluster in one machine
From: André Warnier (tomcat) Sent: Tuesday, March 8, 2016 1:46 PM To: users@tomcat.apache.org Subject: Re: Advice on Cluster in one machine On 08.03.2016 14:19, Edwin Quijada wrote: > Hi! > I am new using Tomcat so I have a question about performance. I have > installed a cluster with 2 tomcats and apache webserver like proxy in front > of Tomcat cluster but this whole thing is in one server, somebody tell me > that is not useful beacuse is in the same server that is better give more > resources to one tomcat and not split the resources in two. > > Somebody here can give any advice about this configuration what do you think > about this ? In this server I have websockets in cluster and I am having > problems with websockets in cluster > > > Any advice ? > Hi. If you *really* want to test which of the configurations provides the best results with your particular caseload, then you will have a lot of work ahead of you to build a representative workload and an appropriate test/measurement framework. Non-authoritative advice : Intuitively, just the fact of having a front-end and a cluster configuration all on the same server, will already introduce a significant overhead which a simpler configuration would not have. Intuitively thus, I would recommend to try the simplest configuration first, and only if you see problems, then measure what the problem is, and come back for help here. No need to over-complicate your setup and maintenance before then. Unless you need it also for something else, forget the httpd front-end and the clustered Tomcats, and have a single Tomcat act directly as the webserver/websocket server. OK, thks. I did this configuration because I will use a lot of users to my app . Someboyd told me that for this case is much better to use Apache like proxy to redirect request to Tomcat besides dont use port 8080 . I have used Tomcat as webapp before always using 8080 port but now I wanted dont use the port 8080 just use myserver.com/app1 or use subdomains for app. I take your advice. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Understanding how to controlling what data is written to log4j appenders
Thank you for the idea. Worst case scenario, that is what I would have to do but I'm hoping someone that may have more experience than myself with be able to see that one thing I am missing. Another pair of eyes is always a good thing. -Joleen On Tue, Mar 8, 2016 at 8:39 AM, Cris Berneburg - US wrote: > Joleen > > >-Original Message- > >From: Joleen Barker [mailto:oldenuf2no...@gmail.com] > >Sent: Monday, March 07, 2016 3:54 PM > >To: Tomcat Users List > >Subject: Re: Understanding how to controlling what data is written to > log4j appenders > > > >One more thing I tried was to change the parent for the rootlogger from > CFCC to be CONSOLE to attempt to make it to where my log was not the parent > and it still didn't change it. I am getting 0 messages in my cfcc log and > everything still going to catalina.out. > > > >I know I'm so close to figuring out what little setting I am missing. > > > > > > > >On Mon, Mar 7, 2016 at 2:07 PM, Joleen Barker > >wrote: > > > >> There is a comment that says: > >> > >> #stdout is set to be a ConsoleAppender > >> > >> But I changed the "stdout" that was set as the parent to CFCC so I > >> thought then everything would go to the parent but I don't receive any > of the logs. > >> My cfcc log is just about empty except for the startup details. So I > >> went ahead and changed the CATALINABASE/lib log4j.properties file name > >> appender CFCC to go to a file named tomcat instead so I could > >> differentiate between the application logs and the tomcat logs. > >> > >> Now I get the startup messages in a log called tomcat (this is fine) > >> and not one message in my cfcc log. Even with my updated > >> log4j.properties file sitting in the WEB-INF/classes directory so I > >> must have something configured wrong that they are all still going to > >> the standard Stdout/Stderr. > >> > >> > >> > >> On Mon, Mar 7, 2016 at 12:54 PM, Joleen Barker > >> > >> wrote: > >> > >>> I forgot to tell Chuck that the swallowOutput parm is set to true in > >>> the context. When you see the vendor's log4j.properties you will see > >>> why there were so many messages still going to the catalina.out due > >>> to them using stdout. > >>> > >>> -Joleen > >>> > >>> On Mon, Mar 7, 2016 at 12:31 PM, Joleen Barker > >>> > >>> wrote: > >>> > Hello Christopher, Charles, and Cris, > > Thank you for all the responses. Thank you for the encouragement. I > dusted off my pants and went back at it. I made changes to the > Vendors log4j.properties file. When I really looked at it I was able > to determine they were things I was familiar with and the layout was > just throwing me off so I moved things around so the layout was > similar to the default log4j.properties I had. So I think I am > getting this a lot more. However, there are still some messages > going to the catalina.out. I think this will answer Chucks question > as to if the product was really using log4j. > > The only thing I can think of to help you understand where I am at > is to post the different log4j.properties config files I have. So I > will post the one I have that went in for my default Tomcat messages > and is working fine. > > Updated log4j.properties file I now use in my CATALINA/lib directory > and is my base of my understanding for the changes I made to the > Vendor's log4j.properties file. > > My appender that rolls daily is CFCC and is getting most of what was > in the catalina.out log originally (this one I was happy with): > > [SNIP] > > Below this line is my updated vendor log4j.properties file (I really > just added my CFCC appender information and changed anything that > read to use "stdout" since the log4j.rootLogger was set to that to > "CFCC" and then moved any logger and additivity to the bottom of the > file. But I'm thinking I may need to give the Tomcat log4j CFCC > appender a different file name to separate the application log > information from Tomcats log4j output that gets written to the CFCC > appender now. I also don't know what happens to the rollover if the > two arr referencing the same file name. I was thinking it may roll > over twice of something. What do you think, can they both use the > same one? I was trying to make it similar to what happens in the > product by default.) > > [SNIP] > > I know, it's a lot to look at. Thank you for the help. > > Exactly what messages are in the default Tomcat logs that are not making > it into the log4j logs? > > As I am new to log4j, I am somewhat intimidated by your configuration, and > am not sure how much more helpful I can be. :-) > > However, if I were in your shoes, I would try a systematic approach in > experimentation. I would comment out everything in all the log > configurations. Then, one at a time, uncomment one logger and one > appender, restart the container, and see ho
Re: Configuring a custom folder for Tomcat configuration files
Hi, sorry about that but this was answered after I had sent this email to the mailing list. Pardon me for that. On Tue, Mar 8, 2016 at 7:06 PM, Daniel Savard wrote: > Your question has been answered and you shouldn't cross post questions. > - > Daniel Savard > > > 2016-03-08 3:31 GMT-05:00 Chiranga Alwis : > > Hi, > > > > please refer the question in stackoverflow > > > http://stackoverflow.com/questions/35862427/configuring-custom-tomcat-configuration-folder > > . > > > > Is this possible? Any help is highly appreciated. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
QOSFilter in tomcat 8
Hello all, Is there a QosFilter available for Tomcat 8, like there is one for jetty Theory: https://www.eclipse.org/jetty/documentation/current/qos-filter.html Src: https://github.com/eclipse/jetty.project/blob/ac24196b0d341534793308d585161381d5bca4ac/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/QoSFilter.java Thanks Bhuvan
Re: Advice on Cluster in one machine
On 08.03.2016 14:19, Edwin Quijada wrote: Hi! I am new using Tomcat so I have a question about performance. I have installed a cluster with 2 tomcats and apache webserver like proxy in front of Tomcat cluster but this whole thing is in one server, somebody tell me that is not useful beacuse is in the same server that is better give more resources to one tomcat and not split the resources in two. Somebody here can give any advice about this configuration what do you think about this ? In this server I have websockets in cluster and I am having problems with websockets in cluster Any advice ? Hi. If you *really* want to test which of the configurations provides the best results with your particular caseload, then you will have a lot of work ahead of you to build a representative workload and an appropriate test/measurement framework. Non-authoritative advice : Intuitively, just the fact of having a front-end and a cluster configuration all on the same server, will already introduce a significant overhead which a simpler configuration would not have. Intuitively thus, I would recommend to try the simplest configuration first, and only if you see problems, then measure what the problem is, and come back for help here. No need to over-complicate your setup and maintenance before then. Unless you need it also for something else, forget the httpd front-end and the clustered Tomcats, and have a single Tomcat act directly as the webserver/websocket server. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Understanding how to controlling what data is written to log4j appenders
Joleen >-Original Message- >From: Joleen Barker [mailto:oldenuf2no...@gmail.com] >Sent: Monday, March 07, 2016 3:54 PM >To: Tomcat Users List >Subject: Re: Understanding how to controlling what data is written to log4j >appenders > >One more thing I tried was to change the parent for the rootlogger from CFCC >to be CONSOLE to attempt to make it to where my log was not the parent and it >still didn't change it. I am getting 0 messages in my cfcc log and everything >still going to catalina.out. > >I know I'm so close to figuring out what little setting I am missing. > > > >On Mon, Mar 7, 2016 at 2:07 PM, Joleen Barker >wrote: > >> There is a comment that says: >> >> #stdout is set to be a ConsoleAppender >> >> But I changed the "stdout" that was set as the parent to CFCC so I >> thought then everything would go to the parent but I don't receive any of >> the logs. >> My cfcc log is just about empty except for the startup details. So I >> went ahead and changed the CATALINABASE/lib log4j.properties file name >> appender CFCC to go to a file named tomcat instead so I could >> differentiate between the application logs and the tomcat logs. >> >> Now I get the startup messages in a log called tomcat (this is fine) >> and not one message in my cfcc log. Even with my updated >> log4j.properties file sitting in the WEB-INF/classes directory so I >> must have something configured wrong that they are all still going to >> the standard Stdout/Stderr. >> >> >> >> On Mon, Mar 7, 2016 at 12:54 PM, Joleen Barker >> >> wrote: >> >>> I forgot to tell Chuck that the swallowOutput parm is set to true in >>> the context. When you see the vendor's log4j.properties you will see >>> why there were so many messages still going to the catalina.out due >>> to them using stdout. >>> >>> -Joleen >>> >>> On Mon, Mar 7, 2016 at 12:31 PM, Joleen Barker >>> >>> wrote: >>> Hello Christopher, Charles, and Cris, Thank you for all the responses. Thank you for the encouragement. I dusted off my pants and went back at it. I made changes to the Vendors log4j.properties file. When I really looked at it I was able to determine they were things I was familiar with and the layout was just throwing me off so I moved things around so the layout was similar to the default log4j.properties I had. So I think I am getting this a lot more. However, there are still some messages going to the catalina.out. I think this will answer Chucks question as to if the product was really using log4j. The only thing I can think of to help you understand where I am at is to post the different log4j.properties config files I have. So I will post the one I have that went in for my default Tomcat messages and is working fine. Updated log4j.properties file I now use in my CATALINA/lib directory and is my base of my understanding for the changes I made to the Vendor's log4j.properties file. My appender that rolls daily is CFCC and is getting most of what was in the catalina.out log originally (this one I was happy with): [SNIP] Below this line is my updated vendor log4j.properties file (I really just added my CFCC appender information and changed anything that read to use "stdout" since the log4j.rootLogger was set to that to "CFCC" and then moved any logger and additivity to the bottom of the file. But I'm thinking I may need to give the Tomcat log4j CFCC appender a different file name to separate the application log information from Tomcats log4j output that gets written to the CFCC appender now. I also don't know what happens to the rollover if the two arr referencing the same file name. I was thinking it may roll over twice of something. What do you think, can they both use the same one? I was trying to make it similar to what happens in the product by default.) [SNIP] I know, it's a lot to look at. Thank you for the help. Exactly what messages are in the default Tomcat logs that are not making it into the log4j logs? As I am new to log4j, I am somewhat intimidated by your configuration, and am not sure how much more helpful I can be. :-) However, if I were in your shoes, I would try a systematic approach in experimentation. I would comment out everything in all the log configurations. Then, one at a time, uncomment one logger and one appender, restart the container, and see how the logs behave. If that one piece of the configuration does not work, then tweak it and retry. Once that portion works, then I would move onto the next logger and appender and repeat. To sum up, if the configuration is complex, simplify it. Once the simple configuration works, then adjust to handle a more advanced setup. -Joleen On Fri, Mar 4, 2016 at 4:33 PM, Cris Berneburg - US > wrote: > Hi Joleen >
Re: Configuring a custom folder for Tomcat configuration files
Your question has been answered and you shouldn't cross post questions. - Daniel Savard 2016-03-08 3:31 GMT-05:00 Chiranga Alwis : > Hi, > > please refer the question in stackoverflow > http://stackoverflow.com/questions/35862427/configuring-custom-tomcat-configuration-folder > . > > Is this possible? Any help is highly appreciated. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Advice on Cluster in one machine
Hi! I am new using Tomcat so I have a question about performance. I have installed a cluster with 2 tomcats and apache webserver like proxy in front of Tomcat cluster but this whole thing is in one server, somebody tell me that is not useful beacuse is in the same server that is better give more resources to one tomcat and not split the resources in two. Somebody here can give any advice about this configuration what do you think about this ? In this server I have websockets in cluster and I am having problems with websockets in cluster Any advice ? Thks In Advance
Re: Tomcat 7.0.63 - socketBuffer "-1" - linux platform behaviour
I realised my attachment didnt go through. Here is my source code: My adapter service implementation looks like this: public class dummyAdapter implements Adapter { public boolean asyncDispatch(Request arg0, Response arg1, SocketStatus arg2) throws Exception { return false; } public boolean event(Request arg0, Response arg1, SocketStatus arg2) throws Exception { return false; } public String getDomain() { return null; } public void log(Request arg0, Response arg1, long arg2) { } public void service(Request req, Response res) throws Exception { System.out.println("We got em"); Thread.sleep(6); String resp = new String("We got request for |" + req.requestURI().toString() + "|"); ByteChunk bc = new ByteChunk(); byte[] respBA = resp.getBytes("utf-8"); bc.setBytes(respBA, 0, respBA.length); res.setContentLength(respBA.length); res.doWrite(bc); res.finish(); } public void checkRecycled(Request arg0, Response arg1) { } public void errorDispatch(Request arg0, Response arg1) { } } BrokerProtocolHandler is: public class BrokerProtocolHandler extends org.apache.coyote.http11.Http11Protocol { public BrokerProtocolHandler() { super(); } public AbstractEndpoint getEndpoint() { return endpoint; } } Cheers, Rashmi Ms.Rashmi R.Katagall IBM(ISL), Rajiv Gandhi Infotech Pk, Phase 2 Hinjewadi, Pune. Tel: 020-42026585 | Cell: 08380099916 | Email: rashmikatag...@in.ibm.com From: Rashmi R Katagall/India/IBM@IBMIN To: users@tomcat.apache.org Date: 2016-03-07 04:58 PM Subject:Tomcat 7.0.63 - socketBuffer "-1" - linux platform behaviour Hi, I have implemented a service using Http11Protocol and I have disabled the socketBuffer for the object by setting its value to "-1". When the client disconnects before the server responds, then on windows I see the exception: SEVERE: Error processing request java.net.SocketException: Unrecognized Windows Sockets error: 0: socket write er ror at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:125) at java.net.SocketOutputStream.write(SocketOutputStream.java:171) at org.apache.coyote.http11.InternalOutputBuffer$OutputStreamOutputBuffe r.doWrite(InternalOutputBuffer.java:243) at org.apache.coyote.http11.filters.IdentityOutputFilter.doWrite(Identit yOutputFilter.java:84) at org.apache.coyote.http11.AbstractOutputBuffer.doWrite(AbstractOutputB uffer.java:192) at org.apache.coyote.Response.doWrite(Response.java:499) at dummyAdapter.service(dummyAdapter.java:49) But on linux, I don't see any exception raised. The source code and jar file- To execute the code run: java TomcatCipherTst This will start the listener on port 7677 and wait for client to connect. The server responds only after 60 seconds. So, to recreate the client needs to disconnect before 60 seconds. I am looking for help to understand why there is no exception raised on linux when the client disconnects before server responds unlike that on windows. Thanks, Rashmi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Configuring a custom folder for Tomcat configuration files
Hi, please refer the question in stackoverflow http://stackoverflow.com/questions/35862427/configuring-custom-tomcat-configuration-folder . Is this possible? Any help is highly appreciated.
Mapping servlet to non English url pattern
Tomcat version: 8.0.22 Jdk: 1.8.0_05 Server: Amazon Linux Hello, I want to map my servlet to a Hebrew url pattern. I tried placing the hebrew url pattern both in the "@webservlet" annotation (urlpatterns attribute) and in the the web.xml file. In both cases it doesn't work, it's as if there's nothing mapped to the url specified. I though to specify the URIEncoding parameter of the connector but saw that this defaults to "utf-8" in tomcat 8. Any suggestions on how I can get this working? Thank you.