Re: tomcat-embed 8.5.9 - runtime changes to SSLHostConfig objects

[Jesse Schulman]

On Mon, Jan 9, 2017 at 1:53 PM Mark Thomas  wrote:

> On 09/01/2017 20:13, Jesse Schulman wrote:
> > On Thu, Jan 5, 2017 at 9:48 PM Jesse Schulman 
> wrote:
> >
> >> On Thu, Jan 5, 2017 at 2:08 PM Mark Thomas  wrote:
> >>
> >> On 05/01/2017 21:05, Jesse Schulman wrote:
> >>> We are using tomcat-embed 8.5.9, java8 and running on Centos7.  Given
> >>> Tomcat's new support for SNI, we wish to support
> adding/removing/updating
> >>> certificates via our application at runtime without restarting tomcat
> or
> >>> binding/unbinding the port.
> >>>
> >>> Our configuration is very simple, we have a single servlet for all
> >>> requests, so we have a single connector/endpoint to manage all
> >>> SSLHostConfigs.
> >>>
> >>> It appears that by manipulating the list of SSLHostConfig objects in
> the
> >>> AbstractEndpoint we can achieve what we want, there however don't
> appear
> >> to
> >>> be any public methods available that allow that kind of operation.
> >>
> >> It should be possible with the current API. What can't you do?
> >>
> >>
> >> I don't think I can modify an existing/added SSLHostConfig (remove an
> old
> >> expiring certificate and add a new certificate).  I also don't think I
> can
> >> remove the SSLHostConfig for a given SNI hostname once it has been
> added.
> >>
> >>> I was able to extend a few tomcat classes (Connector,
> >>> AbstractHttp11JsseProtocol, NioEndpoint) to expose what I need and
> verify
> >>> that I can change the SSLHostConfig at runtime, however I would prefer
> to
> >>> use APIs fully supported by tomcat.
> >>>
> >>> Is there any way to do what I want with the currently available APIs,
> or
> >>> are there any plans to expose this kind of functionality?
> >>
> >> It depends exactly what you want to do.
> >>
> >> AbstractEndpoint.addSslHostConfig()
> >> AbstractEndpoint.findSslHostConfigs()
> >>
> >> should be enough.
> >>
> >>
> >> It seems addSslHostConfig does a putIfAbsent, which means I can't
> replace
> >> an existing SSLHostConfig to update the certificate for an SNI hostname
> (or
> >> the default SSLHostConfig).  I also can't remove an SSLHostConfig
> entirely,
> >> which is something we'd like to support in our application.  For me it
> >> would be simplest to create a new SSLHostConfig and replace the old one
> >> when there is a need to update a certificate.
> >>
> >>
> >>
> >>> If not, are there any risks or issues with taking the approach
> described
> >>> above by extending classes to expose what I need?
> >>
> >> It depends what you want to do. Generally, there is a risk we'll change
> >> an API you are depending on since a lot of those are treated as internal
> >> APIs. Some sample code might help.
> >>
> >>
> >> I would of course test when we upgrade tomcat, and leverage any new APIs
> >> that would allow me to remove any of my custom code.
> >>
> >> I extended AbstractHttp11JsseProtocol just so I could control which
> >> endpoint implementation was used and so I could get access to my
> endpoint
> >> implementation.  My protocol is basically a copy of Http11NioProtocol
> that
> >> constructs my endpoint implementation and has a getter for the same.
> >>
> >> The endpoint is where I added functionality and looks like this:
> >>
> >> public class MyNioEndpoint extends NioEndpoint {
> >> private static final MyLogger LOGGER =
> >> MyLogger.getLogger(MyNioEndpoint.class.getName());
> >>
> >> public void removeSSLHostConfig(String sniHostName) {
> >> if (Strings.isNullOrEmpty(sniHostName)) {
> >> LOGGER.error("Cannot remove host config for invalid
> hostname:
> >> " + sniHostName);
> >> return;
> >> }
> >>
> >> if (sniHostName.equals(getDefaultSSLHostConfigName())) {
> >> LOGGER.error("Cannot remove default SSLHostConfig");
> >> return;
> >> }
> >>
> >> SSLHostConfig removed = sslHostConfigs.remove(sniHostName);
> >> if (removed != null)
> >> releaseSSLContext(removed);
> >> }
> >>
> >> public void addOrUpdateSSLHostConfig(SSLHostConfig config) {
> >> if (config == null) {
> >> LOGGER.error("null SSLHostConfig provided");
> >> return;
> >> }
> >>
> >> String hostName = config.getHostName();
> >> if (Strings.isNullOrEmpty(hostName)) {
> >> LOGGER.error("Invalid SSLHostConfig provided, cannot
> >> add/update, hostname was empty");
> >> return;
> >> }
> >>
> >> for (SSLHostConfig loadedConfig : findSslHostConfigs()) {
> >> if (hostName.equals(loadedConfig.getHostName())) {
> >> sslHostConfigs.remove(hostName);
> >> releaseSSLContext(loadedConfig);
> >> addSslHostConfig(loadedConfig);
> >> return;
> >> }
> >> }
> >>
> >> addSslHostConfig(config);
> >> }
> >>
> >> }
> >>
> >> Thanks for the 

Re: TomcatCon @ ApacheCon

[David Landis]

>
> Embedded Tomcat and microservices?  With and as an alternative to Spring
> Boot?
>
> -Terence Bandoian
>  http://www.tmbsw.com/
>
>
+1. Something to do with using Tomcat within a microservices architecture,
possibly with Docker and Kubernetes.

Re: JSP compilation fails with Java 9

[Rémy Maucherat]

2017-01-09 1:16 GMT-06:00 Patil, Shital :

> We are assessing Java 9(early access) and JSP compilation is badly broken
> with Java 9. Even basic java objects(java.lang.Object) are not accessible
> while compilation. Appears to be because of jigsaw(modular)
>
> Any solution or alternative to this problem ?
>
> I tested Java 9 relatively recently, and normally JSP compilation is the
last remaining issue. I can confirm what was said: JDT doesn't have modules
support, and it doesn't have a planning for it from what I saw. There have
been some significant updates to the modules lately, so it would be unfair
to blame the JDT people at this point.

Rémy

Re: tomcat-embed 8.5.9 - runtime changes to SSLHostConfig objects

[Mark Thomas]

On 09/01/2017 20:13, Jesse Schulman wrote:
> On Thu, Jan 5, 2017 at 9:48 PM Jesse Schulman  wrote:
> 
>> On Thu, Jan 5, 2017 at 2:08 PM Mark Thomas  wrote:
>>
>> On 05/01/2017 21:05, Jesse Schulman wrote:
>>> We are using tomcat-embed 8.5.9, java8 and running on Centos7.  Given
>>> Tomcat's new support for SNI, we wish to support adding/removing/updating
>>> certificates via our application at runtime without restarting tomcat or
>>> binding/unbinding the port.
>>>
>>> Our configuration is very simple, we have a single servlet for all
>>> requests, so we have a single connector/endpoint to manage all
>>> SSLHostConfigs.
>>>
>>> It appears that by manipulating the list of SSLHostConfig objects in the
>>> AbstractEndpoint we can achieve what we want, there however don't appear
>> to
>>> be any public methods available that allow that kind of operation.
>>
>> It should be possible with the current API. What can't you do?
>>
>>
>> I don't think I can modify an existing/added SSLHostConfig (remove an old
>> expiring certificate and add a new certificate).  I also don't think I can
>> remove the SSLHostConfig for a given SNI hostname once it has been added.
>>
>>> I was able to extend a few tomcat classes (Connector,
>>> AbstractHttp11JsseProtocol, NioEndpoint) to expose what I need and verify
>>> that I can change the SSLHostConfig at runtime, however I would prefer to
>>> use APIs fully supported by tomcat.
>>>
>>> Is there any way to do what I want with the currently available APIs, or
>>> are there any plans to expose this kind of functionality?
>>
>> It depends exactly what you want to do.
>>
>> AbstractEndpoint.addSslHostConfig()
>> AbstractEndpoint.findSslHostConfigs()
>>
>> should be enough.
>>
>>
>> It seems addSslHostConfig does a putIfAbsent, which means I can't replace
>> an existing SSLHostConfig to update the certificate for an SNI hostname (or
>> the default SSLHostConfig).  I also can't remove an SSLHostConfig entirely,
>> which is something we'd like to support in our application.  For me it
>> would be simplest to create a new SSLHostConfig and replace the old one
>> when there is a need to update a certificate.
>>
>>
>>
>>> If not, are there any risks or issues with taking the approach described
>>> above by extending classes to expose what I need?
>>
>> It depends what you want to do. Generally, there is a risk we'll change
>> an API you are depending on since a lot of those are treated as internal
>> APIs. Some sample code might help.
>>
>>
>> I would of course test when we upgrade tomcat, and leverage any new APIs
>> that would allow me to remove any of my custom code.
>>
>> I extended AbstractHttp11JsseProtocol just so I could control which
>> endpoint implementation was used and so I could get access to my endpoint
>> implementation.  My protocol is basically a copy of Http11NioProtocol that
>> constructs my endpoint implementation and has a getter for the same.
>>
>> The endpoint is where I added functionality and looks like this:
>>
>> public class MyNioEndpoint extends NioEndpoint {
>> private static final MyLogger LOGGER =
>> MyLogger.getLogger(MyNioEndpoint.class.getName());
>>
>> public void removeSSLHostConfig(String sniHostName) {
>> if (Strings.isNullOrEmpty(sniHostName)) {
>> LOGGER.error("Cannot remove host config for invalid hostname:
>> " + sniHostName);
>> return;
>> }
>>
>> if (sniHostName.equals(getDefaultSSLHostConfigName())) {
>> LOGGER.error("Cannot remove default SSLHostConfig");
>> return;
>> }
>>
>> SSLHostConfig removed = sslHostConfigs.remove(sniHostName);
>> if (removed != null)
>> releaseSSLContext(removed);
>> }
>>
>> public void addOrUpdateSSLHostConfig(SSLHostConfig config) {
>> if (config == null) {
>> LOGGER.error("null SSLHostConfig provided");
>> return;
>> }
>>
>> String hostName = config.getHostName();
>> if (Strings.isNullOrEmpty(hostName)) {
>> LOGGER.error("Invalid SSLHostConfig provided, cannot
>> add/update, hostname was empty");
>> return;
>> }
>>
>> for (SSLHostConfig loadedConfig : findSslHostConfigs()) {
>> if (hostName.equals(loadedConfig.getHostName())) {
>> sslHostConfigs.remove(hostName);
>> releaseSSLContext(loadedConfig);
>> addSslHostConfig(loadedConfig);
>> return;
>> }
>> }
>>
>> addSslHostConfig(config);
>> }
>>
>> }
>>
>> Thanks for the reply, your help/suggestions are much appreciated!
>> Jesse
>>
>>
> I am bumping this, I think I made it sound as if I had all my questions
> answered (since I didn't put any questions in my response).  Here are my
> remaining questions:
> 
> Is there an existing/supported way to remove/replace an existing
> SSLHostConfig in 

Re: Tomcat 8, 8.5 and 9 returning another apps environment with context.lookup() from a .parallelStream()

[Mark Thomas]

On 09/01/2017 19:57, Christopher Zinn wrote:
> Thanks for the information.  I was not expecting such a great response so
> quickly.
> 
> We are going to test the workaround that sets the java.util.concurrent.
> ForkJoinPool.common.threadFactory property as that will be the easiest for
> us to configure and deploy to our Tomcat instances.

The correct value for that property is:

java.util.concurrent.ForkJoinPool$ForkJoinTaskFactory

As I dig into this further, I realise it isn't that simple.

1. There will still be a memory leak.

2. The threads will have the wrong thread context class loader and your
JNDI lookups will fail.

3. ForEach is hard-coded to use the common ForkJoin pool.

As far as I can see, you only option is to correctly set the thread
context class before you do the JNDI lookup. Because of the way the
ForkJoinPool is written that is going to prevent the code ever running
under a SecurityManager (which may not be an issue for you) because
InnocuousForkJoinWorkerThread is hard-coded to throw an Exception if you
call setContextClassLoader().

It looks like ForkJoin was not designed with a multi-class loader
environment in mind. We should be able to get most of this fixed but
without adding significant complexity, the end result is going to be
that ForkJoinWorkerThreads always use the system class loader. That
means if you want to use JNDI, you are going to have to set the thread
context class loader yourself.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat-embed 8.5.9 - runtime changes to SSLHostConfig objects

[Jesse Schulman]

On Thu, Jan 5, 2017 at 9:48 PM Jesse Schulman  wrote:

> On Thu, Jan 5, 2017 at 2:08 PM Mark Thomas  wrote:
>
> On 05/01/2017 21:05, Jesse Schulman wrote:
> > We are using tomcat-embed 8.5.9, java8 and running on Centos7.  Given
> > Tomcat's new support for SNI, we wish to support adding/removing/updating
> > certificates via our application at runtime without restarting tomcat or
> > binding/unbinding the port.
> >
> > Our configuration is very simple, we have a single servlet for all
> > requests, so we have a single connector/endpoint to manage all
> > SSLHostConfigs.
> >
> > It appears that by manipulating the list of SSLHostConfig objects in the
> > AbstractEndpoint we can achieve what we want, there however don't appear
> to
> > be any public methods available that allow that kind of operation.
>
> It should be possible with the current API. What can't you do?
>
>
> I don't think I can modify an existing/added SSLHostConfig (remove an old
> expiring certificate and add a new certificate).  I also don't think I can
> remove the SSLHostConfig for a given SNI hostname once it has been added.
>
> > I was able to extend a few tomcat classes (Connector,
> > AbstractHttp11JsseProtocol, NioEndpoint) to expose what I need and verify
> > that I can change the SSLHostConfig at runtime, however I would prefer to
> > use APIs fully supported by tomcat.
> >
> > Is there any way to do what I want with the currently available APIs, or
> > are there any plans to expose this kind of functionality?
>
> It depends exactly what you want to do.
>
> AbstractEndpoint.addSslHostConfig()
> AbstractEndpoint.findSslHostConfigs()
>
> should be enough.
>
>
> It seems addSslHostConfig does a putIfAbsent, which means I can't replace
> an existing SSLHostConfig to update the certificate for an SNI hostname (or
> the default SSLHostConfig).  I also can't remove an SSLHostConfig entirely,
> which is something we'd like to support in our application.  For me it
> would be simplest to create a new SSLHostConfig and replace the old one
> when there is a need to update a certificate.
>
>
>
> > If not, are there any risks or issues with taking the approach described
> > above by extending classes to expose what I need?
>
> It depends what you want to do. Generally, there is a risk we'll change
> an API you are depending on since a lot of those are treated as internal
> APIs. Some sample code might help.
>
>
> I would of course test when we upgrade tomcat, and leverage any new APIs
> that would allow me to remove any of my custom code.
>
> I extended AbstractHttp11JsseProtocol just so I could control which
> endpoint implementation was used and so I could get access to my endpoint
> implementation.  My protocol is basically a copy of Http11NioProtocol that
> constructs my endpoint implementation and has a getter for the same.
>
> The endpoint is where I added functionality and looks like this:
>
> public class MyNioEndpoint extends NioEndpoint {
> private static final MyLogger LOGGER =
> MyLogger.getLogger(MyNioEndpoint.class.getName());
>
> public void removeSSLHostConfig(String sniHostName) {
> if (Strings.isNullOrEmpty(sniHostName)) {
> LOGGER.error("Cannot remove host config for invalid hostname:
> " + sniHostName);
> return;
> }
>
> if (sniHostName.equals(getDefaultSSLHostConfigName())) {
> LOGGER.error("Cannot remove default SSLHostConfig");
> return;
> }
>
> SSLHostConfig removed = sslHostConfigs.remove(sniHostName);
> if (removed != null)
> releaseSSLContext(removed);
> }
>
> public void addOrUpdateSSLHostConfig(SSLHostConfig config) {
> if (config == null) {
> LOGGER.error("null SSLHostConfig provided");
> return;
> }
>
> String hostName = config.getHostName();
> if (Strings.isNullOrEmpty(hostName)) {
> LOGGER.error("Invalid SSLHostConfig provided, cannot
> add/update, hostname was empty");
> return;
> }
>
> for (SSLHostConfig loadedConfig : findSslHostConfigs()) {
> if (hostName.equals(loadedConfig.getHostName())) {
> sslHostConfigs.remove(hostName);
> releaseSSLContext(loadedConfig);
> addSslHostConfig(loadedConfig);
> return;
> }
> }
>
> addSslHostConfig(config);
> }
>
> }
>
> Thanks for the reply, your help/suggestions are much appreciated!
> Jesse
>
>
I am bumping this, I think I made it sound as if I had all my questions
answered (since I didn't put any questions in my response).  Here are my
remaining questions:

Is there an existing/supported way to remove/replace an existing
SSLHostConfig in AbstractEndpoint that is exposed via the Connector similar
to how addSslHostConfig and findSslHostConfigs are exposed?  Such that I
don't need the MyEndpoint class I shared 

Re: TomcatCon @ ApacheCon

[Woonsan Ko]

On Mon, Jan 9, 2017 at 2:14 PM, Terence M. Bandoian  wrote:
> On 1/9/2017 8:00 AM, jean-frederic clere wrote:
>>
>> On 01/09/2017 12:57 PM, Mark Thomas wrote:
>>>
>>> All,
>>>
>>> There is the opportunity (if we can pull it together as a community) to
>>> run a dedicated Tomcat conference alongside ApacheCon NA 2017. The dates
>>> are May 16 to 18.
>>>
>>> The call for papers closes on Feb 11 so we have around a month to get
>>> organised. We'll also need to convince the conference organisers that a)
>>> there is a demand for this and b) we have a plan.
>>>
>>> Getting the right content is going to be critical to success. I've been
>>> thinking about this for a while and I think we can identify the right
>>> content if as many folks as possible on this list answer the following
>>> question:
>>>
>>> "What topic(s) need to be covered in a Tomcat conference to make it as
>>> easy as possible to get your employer to pay for you to attend?"
>>>
>>> We have up to three days and potentially multiple tracks so even if you
>>> think you have a niche requirement, please speak up. We typically have a
>>> number of Tomcat committers speaking at ApacheCon so finding someone to
>>> cover a particular topic shouldn't be too tricky. Equally, if you have a
>>> topic you could present on that you think others would find useful,
>>> speak up.
>>>
>>> Do feel free to add your +1 if someone else mentions a topic your are
>>> interested first. Having an idea of how popular the topics are would
>>> also be helpful.
>>>
>>> Also, we don't have to stick to the standard "Sit and listen to someone
>>> present for 40 mins" format. Discussions, workshops, hackathons are all
>>> possible.
>>>
>>> Some topic ideas to get the ball rolling.
>>>
>>> Hands-on workshop: Configuring TLS with Apache Tomcat
>>> Reverse Proxying to Apache Tomcat
>>> Load-balancing with Apache Tomcat
>>> Clustering  with Apache Tomcat
>>> Tomcat Clinic (like the users list but with everyone in the same room)
>>>
>>> I look forward to hearing your topic ideas.
>>
>> The classical tomcat-next (presenting 8.5 and 9 + migration + openssl)
>> easily fill a room and an afternoon of workshop.
>> Proxy and Load-balancing are also often asked...
>>
>> What about tomcat in cloud?
>>
>> Cheers
>>
>> Jean-Frederic
>>
>>> Mark
>>>
>
>
> Embedded Tomcat and microservices?  With and as an alternative to Spring
> Boot?

+1
I happened to implement a custom TomcatEmbeddedServletContainerFactory
to support multiple wars deployment with spring-boot for some reasons
(e.g, some requires multiple wars together anyway even in micro
service env) before.
It would be nice if we can discuss/share alternatives to create
cloud-friendly single executable artifacts.

Woonsan

>
> -Terence Bandoian
>  http://www.tmbsw.com/
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8, 8.5 and 9 returning another apps environment with context.lookup() from a .parallelStream()

[Christopher Zinn]

Thanks for the information.  I was not expecting such a great response so
quickly.

We are going to test the workaround that sets the java.util.concurrent.
ForkJoinPool.common.threadFactory property as that will be the easiest for
us to configure and deploy to our Tomcat instances.

- Chris



On Mon, Jan 9, 2017 at 11:57 AM, Mark Thomas  wrote:

> On 09/01/2017 14:29, Mark Thomas wrote:
> > On 08/01/2017 22:04, Christopher Zinn wrote:
>
> 
>
> >>We are running into an issue where we have multiple copies of the
> same
> >> WAR loaded on a Tomcat instance each with its own context.xml.
> >> The initial problem I was trying to diagnose was A JNDI lookup to a
> >> Connection Pool in one of the WARs was returning the connection pool of
> one
> >> of the others.
> >> The problem only happens when the JNDI lookup is performed within a
> >> parallelStream().
> >>
> >>I was able to produce a very simple WAR with a single servlet and a
> >> context XML to reproduce the problem I'm having (See below).
> >>
> >>If you run the servlet from the first application, it works
> correctly.
> >> You will see that it only ever looks up 'Test 1'.
> >> When I run the servlet from the second application it will only return
> Test
> >> 1 in the first part (stream()) but a mix of 'Test 1' and 'Test 2' in the
> >> parallelStream() part.
>
> 
>
> > A quick look at the JRE source code suggests this is handled correctly
> > but the code isn't the easiest to trace through. I'll set up the
> > provided test case and take a closer look. That may take an hour or two.
>
> I can confirm that the root cause is a JRE bug. Unless you are running
> under a SecurityManager the default ForkJoinWorkerThreadFactory does not
> take any steps to ensure correct operation in a multi-class loader
> environment.
>
> You have a couple of work-arounds available
> - Run under a SecurityManager
> - Set the java.util.concurrent.ForkJoinPool.common.threadFactory system
>   property to
> java.util.concurrent.ForkJoinPool.InnocuousForkJoinWorkerThreadFactory
>
> Meanwhile, I'll be doing the following:
>
> - Updating Tomcat's JreMemoryLeakPreventionListener to include
>   protection for this memory leak.
> - Adding this leak to https://github.com/markt-asf/memory-leaks
> - Raising a JRE bug
> - Pinging our friendly Oracle contact to get this fixed (we've been
>   pretty successful at getting this fixed recently)
>
> Cheers,
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: TomcatCon @ ApacheCon

[Terence M. Bandoian]

On 1/9/2017 8:00 AM, jean-frederic clere wrote:

On 01/09/2017 12:57 PM, Mark Thomas wrote:

All,

There is the opportunity (if we can pull it together as a community) to
run a dedicated Tomcat conference alongside ApacheCon NA 2017. The dates
are May 16 to 18.

The call for papers closes on Feb 11 so we have around a month to get
organised. We'll also need to convince the conference organisers that a)
there is a demand for this and b) we have a plan.

Getting the right content is going to be critical to success. I've been
thinking about this for a while and I think we can identify the right
content if as many folks as possible on this list answer the following
question:

"What topic(s) need to be covered in a Tomcat conference to make it as
easy as possible to get your employer to pay for you to attend?"

We have up to three days and potentially multiple tracks so even if you
think you have a niche requirement, please speak up. We typically have a
number of Tomcat committers speaking at ApacheCon so finding someone to
cover a particular topic shouldn't be too tricky. Equally, if you have a
topic you could present on that you think others would find useful,
speak up.

Do feel free to add your +1 if someone else mentions a topic your are
interested first. Having an idea of how popular the topics are would
also be helpful.

Also, we don't have to stick to the standard "Sit and listen to someone
present for 40 mins" format. Discussions, workshops, hackathons are all
possible.

Some topic ideas to get the ball rolling.

Hands-on workshop: Configuring TLS with Apache Tomcat
Reverse Proxying to Apache Tomcat
Load-balancing with Apache Tomcat
Clustering  with Apache Tomcat
Tomcat Clinic (like the users list but with everyone in the same room)

I look forward to hearing your topic ideas.

The classical tomcat-next (presenting 8.5 and 9 + migration + openssl)
easily fill a room and an afternoon of workshop.
Proxy and Load-balancing are also often asked...

What about tomcat in cloud?

Cheers

Jean-Frederic


Mark




Embedded Tomcat and microservices?  With and as an alternative to Spring 
Boot?


-Terence Bandoian
 http://www.tmbsw.com/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TomcatCon @ ApacheCon

[Coty Sutherland]

Would anyone be interested (and is it within the guidelines) to talk
about the differences in some tomcat distributions? Like the
difference in the Red Hat linux and Debian tomcat distributions, for
example. I know it isn't 100% ASF Tomcat, but I get a lot of inquiries
about where to find stuff on freenode so it might be a helpful
conversation for the community to have. On the other hand I don't want
to blur the lines between where responsibilities lie, where people
should ask questions, etc...

On Mon, Jan 9, 2017 at 12:06 PM, Igal @ Lucee.org  wrote:
> On 1/9/2017 3:57 AM, Mark Thomas wrote:
>>
>> "What topic(s) need to be covered in a Tomcat conference to make it as
>> easy as possible to get your employer to pay for you to attend?"
>
>
> load balancing
> performance
> security
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TomcatCon @ ApacheCon

[Igal @ Lucee.org]

On 1/9/2017 3:57 AM, Mark Thomas wrote:

"What topic(s) need to be covered in a Tomcat conference to make it as
easy as possible to get your employer to pay for you to attend?"


load balancing
performance
security



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8, 8.5 and 9 returning another apps environment with context.lookup() from a .parallelStream()

[Mark Thomas]

On 09/01/2017 14:29, Mark Thomas wrote:
> On 08/01/2017 22:04, Christopher Zinn wrote:



>>We are running into an issue where we have multiple copies of the same
>> WAR loaded on a Tomcat instance each with its own context.xml.
>> The initial problem I was trying to diagnose was A JNDI lookup to a
>> Connection Pool in one of the WARs was returning the connection pool of one
>> of the others.
>> The problem only happens when the JNDI lookup is performed within a
>> parallelStream().
>>
>>I was able to produce a very simple WAR with a single servlet and a
>> context XML to reproduce the problem I'm having (See below).
>>
>>If you run the servlet from the first application, it works correctly.
>> You will see that it only ever looks up 'Test 1'.
>> When I run the servlet from the second application it will only return Test
>> 1 in the first part (stream()) but a mix of 'Test 1' and 'Test 2' in the
>> parallelStream() part.



> A quick look at the JRE source code suggests this is handled correctly
> but the code isn't the easiest to trace through. I'll set up the
> provided test case and take a closer look. That may take an hour or two.

I can confirm that the root cause is a JRE bug. Unless you are running
under a SecurityManager the default ForkJoinWorkerThreadFactory does not
take any steps to ensure correct operation in a multi-class loader
environment.

You have a couple of work-arounds available
- Run under a SecurityManager
- Set the java.util.concurrent.ForkJoinPool.common.threadFactory system
  property to
java.util.concurrent.ForkJoinPool.InnocuousForkJoinWorkerThreadFactory

Meanwhile, I'll be doing the following:

- Updating Tomcat's JreMemoryLeakPreventionListener to include
  protection for this memory leak.
- Adding this leak to https://github.com/markt-asf/memory-leaks
- Raising a JRE bug
- Pinging our friendly Oracle contact to get this fixed (we've been
  pretty successful at getting this fixed recently)

Cheers,

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Possible bug with Transfer-Encoding: chunked on Tomcat 8.5.9

[Enrico Olivelli]

Hi, I am upgrading from Tomcat 8.0.33 to 8.5.9.
I have the following error during a POST made with Apache-HttpClient 4.3.6

I this this is the bad "POST"

FINE Jan 09, 2017 3:45:15 PM org.apache.coyote.http11.Http11InputBuffer
parseRequestLine
BUONO: Received [POST /majordodo HTTP/1.1
Transfer-Encoding: chunked
Content-Type: application/json;charset=utf-8
Host: sviluppo06-cs7.sviluppo.dna:11986
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.3.6 (java 1.5)
Accept-Encoding: gzip,deflate
Authorization: Basic bWFnbmV3czptYWduZXdz

10b78
]


this is the stack trace of the error:
java.io.IOException: Invalid end of line sequence (character other than CR
or LF found)
at
org.apache.coyote.http11.filters.ChunkedInputFilter.throwIOException(ChunkedInputFilter.java:655)
at
org.apache.coyote.http11.filters.ChunkedInputFilter.parseCRLF(ChunkedInputFilter.java:475)
at
org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:262)
at
org.apache.coyote.http11.Http11InputBuffer.doRead(Http11InputBuffer.java:256)
at org.apache.coyote.Request.doRead(Request.java:540)
at
org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:319)
at
org.apache.catalina.connector.InputBuffer.checkByteBufferEof(InputBuffer.java:627)
at
org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:342)
at
org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:183)


Is it a client error on 'chunked' encoding format or is there some change
on Tomcat code which processes his kind of encoding ?

I think that the client is sending a broken request, but before the upgrade
I did not get the error, is it possible ?

I'm using Nio (not Nio2) http Connector, I'm going to to try Nio2

Thank you
Enrico Olivelli

.

Re: Tomcat 8.5 - APR 1.2.10 SSL CPU issue ?

[David Oswell]

Hi Mark,

For reproducing, if you're making the requests locally to the server that
might be why you're not seeing the issue occur. I had been testing between
servers (client on server A, tomcat on server B); I tried this morning
doing a wget locally to tomcat and do not see the issue occur (no
WSAECONNABORTED status) while doing the wget remotely does get the aborted
status.


in sslnetwork.c:ssl_socket_recv adding the following debug statements;


 if (s == 0 && (SSL_get_shutdown(con->ssl) & SSL_RECEIVED_SHUTDOWN)) {
con->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
return APR_EOF;
}
printf("ssl_socket_recv:: Have value for i: %d\n", i);
printf("ssl_socket_recv:: Have value for s: %d\n", s);
printf("ssl_socket_recv:: Have value for rv: %d\n", rv);
printf("ssl_socket_recv:: con->shutdown_type: %d\n", con->shutdown_type);
fflush(stdout);

switch (i) {
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:




Outputs:
Local server (wget --no-check-certificate  https://localhost:8443/examples
)

ssl_socket_recv:: Have value for i: 5
ssl_socket_recv:: Have value for s: -1
ssl_socket_recv:: Have value for rv: 730054
ssl_socket_recv:: con->shutdown_type: 2



While on remote server performing the same request (wget
--no-check-certificate https://serverB:8443/examples)

ssl_socket_recv:: Have value for i: 5
ssl_socket_recv:: Have value for s: -1
ssl_socket_recv:: Have value for rv: 730053
ssl_socket_recv:: con->shutdown_type: 2




Thanks,





On Fri, Jan 6, 2017 at 5:43 PM, David Oswell  wrote:

> Yep that would, Originally I had just turned the return 0 to throw an
> IOException - which as it would fall through to the else would be the same
> effect.
>
> I'll see if a java client would do the same, I'm using a golang
> client/console app for testing.
> I just tried with wget and see the WSAECONNABORTED status within APR.
> It also seems a bit time dependent, might be a case of whether APR is
> getting to the socket read before or after the FIN packet coming though ??
>
>
>
> On Fri, Jan 6, 2017 at 5:11 PM, Mark Thomas  wrote:
>
>> On 06/01/2017 21:50, David Oswell wrote:
>> > I've somehow gotten the build for tcnative working here (more shocked I
>> > finally got openssl to build!)
>> >
>> > There seems to be a slight difference in how the shutdown occurs. When
>> the
>> > APR_EGENERAL is returned its due to falling through the
>> SSL_ERROR_SYSCALL
>> > block in sslnetwork.c:ssl_socket_recv,
>> > This seems to be due to a difference in the value returned by;
>> > sslnetwork.c:324 :rv =
>> > apr_get_netos_error();
>> >
>> > on the bad case (quick socket close), rv is (730053) which
>> > is WSAECONNABORTED   - APR_STATUS_IS_ECONNABORTED
>> > on a good disconnect case (slower socket close) rv is (730054)
>> > = WSAECONNRESET  - APR_STATUS_IS_ECONNRESET
>> >
>> > I suspect a check with APR_STATUS_IS_ECONNABORTED(rv) might be needed to
>> > capture this scenario (WSAECONNABORTED), however I'm not sure how else
>> this
>> > status might occur, and if any of those cases should not flag it as
>> closed
>> > - although reading on WSAECONNABORTED it sounds like this is a close
>> case.
>> > Not sure if it's an exception case or just normal EOF though.
>>
>> Thanks. That is really useful information.
>>
>> I've been trying to re-create the original issue that led to this odd
>> 'treat an error as eagain' code but without success. I have found a
>> couple of other bugs (now fixed) so it wasn't a complete waste of time.
>>
>> When I added this hack I was fairly sure I was missing something and it
>> is looking increasingly like this code was fixing a symptom rather than
>> the root cause. Given that I can't re-create the original problem, I'm
>> leaning towards removing the special handling for EGENERAL and letting
>> it trigger a close.
>>
>> If you remove the
>> else if (-result == Status.APR_EGENERAL && isSecure()) {
>> ...
>> }
>>
>> block, does that fix the problem you are seeing?
>>
>> Mark
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Tomcat 8, 8.5 and 9 returning another apps environment with context.lookup() from a .parallelStream()

[Mark Thomas]

On 08/01/2017 22:04, Christopher Zinn wrote:
> Hello all,
>This is my first time posting to a mailing list so hopefully I'm doing
> this correctly.

Welcome to the Apache Tomcat community.

As problem reports go, this is pretty much perfect. And it includes a
simple test case. Many, many thanks.

>We are running into an issue where we have multiple copies of the same
> WAR loaded on a Tomcat instance each with its own context.xml.
> The initial problem I was trying to diagnose was A JNDI lookup to a
> Connection Pool in one of the WARs was returning the connection pool of one
> of the others.
> The problem only happens when the JNDI lookup is performed within a
> parallelStream().
> 
>I was able to produce a very simple WAR with a single servlet and a
> context XML to reproduce the problem I'm having (See below).
> 
>If you run the servlet from the first application, it works correctly.
> You will see that it only ever looks up 'Test 1'.
> When I run the servlet from the second application it will only return Test
> 1 in the first part (stream()) but a mix of 'Test 1' and 'Test 2' in the
> parallelStream() part.
> 
>Thanks in advance for any advice or comments to our issue.

My initial comments are that this is rather odd. The correct JNDI
context is looked up via the thread context class loader. The class
loader from one web application should not be visible to another. I
wonder if when parallelStream() is first called some form of shared
thread-pool is set up that retains a reference to the current thread
context class loader?

A quick look at the JRE source code suggests this is handled correctly
but the code isn't the easiest to trace through. I'll set up the
provided test case and take a closer look. That may take an hour or two.

Mark


> 
> ---
> My Environment:  (The problem happens to us on our CENTOS Linux
> environments as well)
> Server version: Apache Tomcat/8.5.9
> Server built:   Dec 5 2016 20:18:12 UTC
> Server number:  8.5.9.0
> OS Name:Windows 10
> OS Version: 10.0
> Architecture:   amd64
> JVM Version:1.8.0_111-b14
> JVM Vendor: Oracle Corporation
> 
> Runtime.getRuntime().availableProcessors() returns 12 on my machine.
> CPU: Intel i7-5820K
> 
> 
> My Test Servlet:
> @WebServlet(urlPatterns = "/test")
> public final class MyServlet extends HttpServlet
> {
> private static List someNumbers = generateNonsense();
> 
> @Override
> protected void doGet(HttpServletRequest request, HttpServletResponse
> response) throws ServletException, IOException
> {
> StringBuilder answerBuilder = new StringBuilder();
> 
> // This should be okay.
> someNumbers.stream().forEach( number ->
> {
> answerBuilder.append(".stream() Looked up ")
> .append(lookupEnvironmentValue())
> .append("");
> });
> 
>  // This is most likely bad
> someNumbers.parallelStream().forEach( number ->
> {
> synchronized (MyServlet.class)
> {
> answerBuilder.append(".parallelStream() Looked up ")
> .append(lookupEnvironmentValue())
> .append("");
> }
> });
> 
> response.setContentType("text/html");
> response.getWriter().write(answerBuilder.toString());
> }
> 
> private String lookupEnvironmentValue()
> {
> try
> {
> Context context = new InitialContext();
> return (String) context.lookup("java:comp/env/testName");
> }
> catch(NamingException e)
> {
> e.printStackTrace();
> return e.getMessage();
> }
> }
> 
> private static List generateNonsense()
> {
> List nonsense = new ArrayList<>();
> for(int n=0; n<1000; n++)
> nonsense.add(n);
> 
> return nonsense;
> }
> }
> 
> 
> My test context.xml
> 
>  override="false"/>
> 
> 
> 
> Preparing Tomcat:
> Step 1: Download the core.zip of Tomcat 8, 8.5 or 9
> Step 2: create a apache-tomcat-8.5.9/conf/Catalina/localhost directory
> Step 3: create two files in this directory with the contents of my
> context.xml: test1.xml and test2.xml and change the value and path in the
> second one to '2'
> Step 4: Create a WAR with just the sample servlet I have here. and then
> drop them in apache-tomcat-8.5.9/webapps directory / call them test1.war
> and test2.war
> Step 5: Go into apache-tomcat-8.5.9/bin and catalina start to start it up.
> 
> The urls to test for me are:
> http://localhost:8080/test1/test
> http://localhost:8080/test2/test
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JSP compilation fails with Java 9

[Konstantin Kolinko]

2017-01-09 10:16 GMT+03:00 Patil, Shital :
> We are assessing Java 9(early access) and JSP compilation is badly broken 
> with Java 9. Even basic java objects(java.lang.Object) are not accessible 
> while compilation. Appears to be because of jigsaw(modular)
>
> Any solution or alternative to this problem ?


1. Tomcat full version number =?

2. ecj.jar version (in Tomcat's lib directory) =?

3. Does it work with a later version of ecj.jar?  It is "JDT Core
Batch Compiler"
Downloadable from
http://download.eclipse.org/eclipse/downloads/
http://download.eclipse.org/eclipse/downloads/drops4/R-4.6.2-201611241400/

(Tomcat 8.5 ships with 4.5.1, Tomcat 9 uses 4.6.1,  latest release is
4.6.2,  but there is also a milestone build of 4.7 available)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Spurious "Internal Server Errors" accessing "jkmanager" after upgrading Apache, "mod_jk" and OpenSSL

[Martin Knoblauch]

Hi everyone,

 just in case the "final" solution is of interest: the problem was as usual
in the configuration. We did not set the following directive for the LDAP
connection pool:

LDAPConnectionPoolTTL #seconds

If the directive is missing, a value of "-1" is implied, meaning "keep
connections open for ever". The LDAP server on the other side sets an "idle
connection timeout" of 600 seconds. As a result a lookup would fail if it
happened 600+ seconds after the first usage of the connection. 600 seconds
is exactly the lifetime of the LDAP cache. Given the time of the year,
usage of the test/integ/devel environment is minimal and there were no
"new" lookups during the cache lifetime, leading to the repeated failures...

Setting

LDAPConnectionPoolTTL 60


solved the problem for good.

Happy New Year !!!
Martin

On Fri, Dec 30, 2016 at 12:33 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Martin,
>
> On 12/29/16 3:47 AM, Martin Knoblauch wrote:
> > that is an interesting pointer. We are of course securing the
> > "jkmanager" app. And guess what we are using: LDAP. The funky thing
> > is that it is working most of the time. It fails just after some
> > time. Refreshing the URL cures it again - for some time. What did
> > you do to fix your problem?
>
> I'm glad to see you are on your way to solving your problem.
>
> In my case, it was an expired TLS certificate being used for the
> OpenLDAP process or something similar, so it wasn't anything to do
> with httpd itself. I've also been experimenting with a fall-back for
> LDAP that maybe wouldn't be 100% up-to-date with the LDAP database,
> but at least it wouldn't cause 500 errors.
>
> Good luck,
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYZZ1PAAoJEBzwKT+lPKRYThcP/RT/zeHoLhgsUvjhteXT2crZ
> mqSnIzvDKTfTuktDROxZhL+BnSo4dirt0HcHz8yQ6c+hAlS6d2JtGGtpPiNPeigX
> 4+0H9H6Nq9pCwK586wPqUusPs4bh1cbXBquAsdv3mG1w/cge+mgnYI6h7DSVBOgD
> ir84T+7dnEZ25ygiN1e8Hp7DLyxWD/oRd594LIcTRtGisD0hRGGOc5xujmHxdhtQ
> 0X8lQIlViL67Mo13hrFJQh7DO461MYxXElP+Ui39bq/i2rxSxrU4Xz/PjYb8LUhK
> rRxNR7E8b59u+HxtiGMzM6wuRHBPsw4i575DGnSbTWPEjzER5ekLnV2FGdJA7rm5
> u1qENAbq9YuJ5I7NPFxSIC4iVtAI8vYEs86vG/JOtyGwMpy3L1uTpX0oYpEB+6nh
> vUvl3l9S6aBqrYpHI/fG/SH3Y9jZ746d6GjyeLnEGIdjVFTxjbtFFlZH+EiQLMPx
> IIr7zloPAQ+pNl5LjHoBsTjoTHtx6vnIYYFMfsl+vLAuFfHqJPqNh0qUuHoj4Esm
> Rnl5cywGGqLSWiTCSwCdAtt2U8CyA4g6L9slYGp2USkAzBFEI1OFSDuy5A+fol+y
> owkMlAkoMFxg8IM0c0VJofzUz/5IYiVLLRyth5ZfoxH3YK0WKZ8wQ5489bMQbQrt
> QcVRNw4hG9IEkOaWrRhB
> =W4NN
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de

Re: TomcatCon @ ApacheCon

[jean-frederic clere]

On 01/09/2017 12:57 PM, Mark Thomas wrote:
> All,
> 
> There is the opportunity (if we can pull it together as a community) to
> run a dedicated Tomcat conference alongside ApacheCon NA 2017. The dates
> are May 16 to 18.
> 
> The call for papers closes on Feb 11 so we have around a month to get
> organised. We'll also need to convince the conference organisers that a)
> there is a demand for this and b) we have a plan.
> 
> Getting the right content is going to be critical to success. I've been
> thinking about this for a while and I think we can identify the right
> content if as many folks as possible on this list answer the following
> question:
> 
> "What topic(s) need to be covered in a Tomcat conference to make it as
> easy as possible to get your employer to pay for you to attend?"
> 
> We have up to three days and potentially multiple tracks so even if you
> think you have a niche requirement, please speak up. We typically have a
> number of Tomcat committers speaking at ApacheCon so finding someone to
> cover a particular topic shouldn't be too tricky. Equally, if you have a
> topic you could present on that you think others would find useful,
> speak up.
> 
> Do feel free to add your +1 if someone else mentions a topic your are
> interested first. Having an idea of how popular the topics are would
> also be helpful.
> 
> Also, we don't have to stick to the standard "Sit and listen to someone
> present for 40 mins" format. Discussions, workshops, hackathons are all
> possible.
> 
> Some topic ideas to get the ball rolling.
> 
> Hands-on workshop: Configuring TLS with Apache Tomcat
> Reverse Proxying to Apache Tomcat
> Load-balancing with Apache Tomcat
> Clustering  with Apache Tomcat
> Tomcat Clinic (like the users list but with everyone in the same room)
> 
> I look forward to hearing your topic ideas.

The classical tomcat-next (presenting 8.5 and 9 + migration + openssl)
easily fill a room and an afternoon of workshop.
Proxy and Load-balancing are also often asked...

What about tomcat in cloud?

Cheers

Jean-Frederic

> 
> Mark
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TomcatCon @ ApacheCon

[Joleen Barker]

I would like to understand garbage collections better. Such as what
instances or situations experienced someone would make a change to a
setting.

Thank you,

Joleen

On Mon, Jan 9, 2017 at 6:57 AM, Mark Thomas  wrote:

> All,
>
> There is the opportunity (if we can pull it together as a community) to
> run a dedicated Tomcat conference alongside ApacheCon NA 2017. The dates
> are May 16 to 18.
>
> The call for papers closes on Feb 11 so we have around a month to get
> organised. We'll also need to convince the conference organisers that a)
> there is a demand for this and b) we have a plan.
>
> Getting the right content is going to be critical to success. I've been
> thinking about this for a while and I think we can identify the right
> content if as many folks as possible on this list answer the following
> question:
>
> "What topic(s) need to be covered in a Tomcat conference to make it as
> easy as possible to get your employer to pay for you to attend?"
>
> We have up to three days and potentially multiple tracks so even if you
> think you have a niche requirement, please speak up. We typically have a
> number of Tomcat committers speaking at ApacheCon so finding someone to
> cover a particular topic shouldn't be too tricky. Equally, if you have a
> topic you could present on that you think others would find useful,
> speak up.
>
> Do feel free to add your +1 if someone else mentions a topic your are
> interested first. Having an idea of how popular the topics are would
> also be helpful.
>
> Also, we don't have to stick to the standard "Sit and listen to someone
> present for 40 mins" format. Discussions, workshops, hackathons are all
> possible.
>
> Some topic ideas to get the ball rolling.
>
> Hands-on workshop: Configuring TLS with Apache Tomcat
> Reverse Proxying to Apache Tomcat
> Load-balancing with Apache Tomcat
> Clustering  with Apache Tomcat
> Tomcat Clinic (like the users list but with everyone in the same room)
>
> I look forward to hearing your topic ideas.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: JSP compilation fails with Java 9

[Mark Thomas]

On 09/01/2017 07:16, Patil, Shital wrote:
> We are assessing Java 9(early access) and JSP compilation is badly
> broken with Java 9. Even basic java objects(java.lang.Object) are not
> accessible while compilation. Appears to be because of
> jigsaw(modular)
> 
> Any solution or alternative to this problem ?

As far as I am aware, the JDT compiler that Jasper uses by default does
not yet support Java 9.

You should be able to configure Jasper to use javac for Java 9.

>From memory (I tested this some time ago), a basic JSP worked with Java
9. Whether more complex JSPs might hit some Jigsaw related issues is
TBD. Worst case, you should be able to work-around them with command
line options when starting Tomcat.

I've looked at Java 9 support a couple of times but partly because it is
still in a state of flux and partly because the JDT support was not
there I haven't taken it very far.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

TomcatCon @ ApacheCon

[Mark Thomas]

All,

There is the opportunity (if we can pull it together as a community) to
run a dedicated Tomcat conference alongside ApacheCon NA 2017. The dates
are May 16 to 18.

The call for papers closes on Feb 11 so we have around a month to get
organised. We'll also need to convince the conference organisers that a)
there is a demand for this and b) we have a plan.

Getting the right content is going to be critical to success. I've been
thinking about this for a while and I think we can identify the right
content if as many folks as possible on this list answer the following
question:

"What topic(s) need to be covered in a Tomcat conference to make it as
easy as possible to get your employer to pay for you to attend?"

We have up to three days and potentially multiple tracks so even if you
think you have a niche requirement, please speak up. We typically have a
number of Tomcat committers speaking at ApacheCon so finding someone to
cover a particular topic shouldn't be too tricky. Equally, if you have a
topic you could present on that you think others would find useful,
speak up.

Do feel free to add your +1 if someone else mentions a topic your are
interested first. Having an idea of how popular the topics are would
also be helpful.

Also, we don't have to stick to the standard "Sit and listen to someone
present for 40 mins" format. Discussions, workshops, hackathons are all
possible.

Some topic ideas to get the ball rolling.

Hands-on workshop: Configuring TLS with Apache Tomcat
Reverse Proxying to Apache Tomcat
Load-balancing with Apache Tomcat
Clustering  with Apache Tomcat
Tomcat Clinic (like the users list but with everyone in the same room)

I look forward to hearing your topic ideas.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org