Apache Tomcat product release roadmap

2017-01-10 Thread Akshat Tandon
Hi All,

I want to know what is the frequency of product release cycle of Apache
Tomcat, Is there any product roadmap list available anywhere ?

*Thanks and Regards*
*Akshat Tandon*


Re: 404 errors accessing webapp URLs using local IP address on fresh Tomcat 8.5.9 install

2017-01-10 Thread modjklist
Thanks for the help Christopher, 

I resolved this by adding 192.168.0.2 to hostB's httpd.conf file as a 
VirtualHost, then including JkMount for mod_jk. 

- Original Message -

From: "Christopher Schultz"  
To: "Tomcat Users List"  
Sent: Tuesday, January 10, 2017 11:50:27 AM 
Subject: Re: 404 errors accessing webapp URLs using local IP address on fresh 
Tomcat 8.5.9 install 

-BEGIN PGP SIGNED MESSAGE- 
Hash: SHA256 

To whom it may concern, 

On 1/9/17 12:57 AM, modjkl...@comcast.net wrote: 
> I have two Linux servers connected via a cross-connect cable with 
> internal IP addresses 192.168.0.1 (hostA) and 192.168.0.2 (hostB). 
> 
> 
> hostA runs CentOS 5, and hostB CentOS 7. 
> 
> hostB runs Apache 2.4.x, and Tomcat 8.5.9. All web traffic gets 
> routed to port 443 (e.g. HTTPS) of Apache web server hostB. All web 
> application traffic (e.g. 
> https://www.example.com/mywebapp/somepage) is then passed to Tomcat 
> via mod_jk version 1.2.42 on port 8009. Additionally, hostB Apache 
> web server is configured to listen on 192.168.0.2 port 8009 (hostA 
> Apache web server is not configured as such). 
> 
> If hostA attempts to access a webpage on hostB (via hostB external 
> IP address) from a browser or command line, such as: [root@hostA 
> ~]# curl -I http://www.example.com/mywebapp/somepage 
> 
> it returns status 200 (good). 
> 
> Now, if I modify the hostA /etc/hosts file hostA accesses to my 
> website (www.example.com) on hostB through the cross-connect cable 
> (e.g. 192.168.0.2 rather than the external IP address), the webpage 
> returns error 404. 
> 
> What can I change to get status 200? 
> 
> My web addresses are xxx.xxx.xxx.xxx (e.g. IPv4). I know Tomcat 
> configures IPv6 by default. So, I modified the setenv.sh as 
> follows: 
> 
> CATALINA_OPTS="-Xms512M -Xmx1024M -Djava.awt.headless=true 
> -Djava.net.preferIPv4Stack=true 
> -Djava.net.preferIPv4Addresses=true" 
> 
> This didn't change the result. 
> 
> As another clue, I observe that hostA always reports status 200 
> (good) when accessing any hostB webpage in www.example.com that is 
> NOT part of /mywebapp, for both internal and external IP addresses. 
> 
> 
> Any ideas what I can try to resolve this? I'm new to Tomcat and 
> this is fresh install (previously used GlassFish) on a brand new 
> server. Thanks in advance for any advice. 

What does hostA say when you issue "host [hostB]" from the command-line? 

- -chris 
-BEGIN PGP SIGNATURE- 
Comment: GPGTools - http://gpgtools.org 
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ 

iQIcBAEBCAAGBQJYdTsDAAoJEBzwKT+lPKRYQY8QAL2d3o6cqoNJ4ENxOA9al6i+ 
VETnlJ5JjDsAC0hzbd0c8eRZj8NryptV9hbx7nmVeIRNs+Pgr56BxIsmih+QGT+p 
vDCdeJEfcYXPdStpPOmBu1u+FfCJDIUEFevxigqYsvav/1UUXdoV3aW8ThyQaddd 
30ecS9NmTaijYZjHA/ufTOymuFgSnwAwkO7PbwV1hWG/JNqnXNLM+Dywkv/5CqH/ 
DpbquCyiDrvDZVCBsvOUIRGfXyH3czxOHycGfl8GarNoskuvrc9gxHkSwc3HvIau 
qlfd7g9SICwrLeVcm02SbTkkUJV/xIV6p5csPMKt5bID3+MciX+XjOoFlo6GWVGY 
6UtZ0OFvznvgb2wgOMEmf9N1ORqj1a8765VDae2oTJhpNoygW55/WwJT/s24gohz 
xEGTw5Fqddo8s8IzTWbIOChWSwQ1V/1gtjJJgn/O/JUyAobFvMipWAGLztfo/w4V 
+shtlh/+rRAigFrgc7cYAfp4+SMbnDCD4MBJHBdrgjAQuH1bg4+CbdN6WkhNsi0+ 
rcPFUJUQPxmdN1HtYAUmeXXEfMPuMJNhP3Dsq6L7RpEmKAFdkwrPe2AXkP/TzbeH 
yy/4M1Ng1EBMZuWHnEylo3o0A4qtp139o3B/gJiwZ5CVnQXxCwv0MsjiY9Z6wPPm 
FuzFy8TTIECLskz4vn5C 
=LNg6 
-END PGP SIGNATURE- 

- 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
For additional commands, e-mail: users-h...@tomcat.apache.org 




Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread Joleen Barker
As always, thank you Christopher, I'll take a look at the slides.

And Thank you to the other for pointing me in some directions for this.

-Joleen

On Tue, Jan 10, 2017 at 3:19 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Joleen,
>
> On 1/10/17 11:10 AM, Joleen Barker wrote:
> > Hello All,
> >
> > Details: Tomcat Version: 7.0.64.0 Java Version: 1.8.0 OS: AIX 6.1
> > Database: Oracle 11
> >
> > The web application installed on the server above makes data
> > connections to run file transfers from point A to point B. The
> > default Database connection setting that are set when the
> > application server comes up are as follows:
> >
> > DataBasePoolingFlag - APACHE MaxActive - 400 MaxIdle - 20 MinIdle -
> > 10
> >
> > We had an incident where all these connections were actually used
> > up due to a script someone had that looped. I need to determine at
> > any given point in time how many DB connections exist from the web
> > application to the DB. There may be more than one way to do this. I
> > am sure there is a DB command that could be run against the schema
> > but the schema is pointed to by many servers. I am  wondering if
> > there is a java command of some kind that I could run that may tell
> > me how many connections are open at that time or possibly a tomcat
> > or apache command.
>
> This may be helpful:
>
> http://people.apache.org/~schultz/ApacheCon%20NA%202016/Monitoring%20Apa
> che%20Tomcat%20with%20JMX.pdf
>
> Slides 15-16 show you where you can find the DataSource information
> via JMX, and then later on in the presentation there are slides to
> show how you can get that information via HTTP instead of JMX. Scripts
> are provided to fetch a value at intervals, track values over time, etc.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYdUHCAAoJEBzwKT+lPKRY8lAP/0C6wfLboz4K2MxaHR/86moX
> sKIev9jV+wQ17n0nf1Wj1UA7GDGALye485Z2XMgIjlOaXmufVClfa3MWY07z+bv2
> R67AmDQ797jlCwTAAhpaRtB0FJmX4cd0EnJkC9r03NCH+kPRIK8G91bkgn8ehw4L
> x0jrgKO/N0UEpshNI/baPxRJRX7yr83g2ZHiKVoFAXM25rEcJNSPOkvlTkBxZ5Yv
> RCQuobinJa9X64p8beYXSkO/9wbP+b5/wcUxpewfvByK9Hits+n33/Mbq5RpKlR7
> vIHpwDJKlTo2/8ivIDHngIPiRQetlXEgwSWwN+5Fsr+V4bFSh6XnzIBAiB8SNoua
> A9m71pyOoyQhdAAQzNfWwtLPWg9jrDaIRB7bj+HnbrKnCUa4rDyWfUDm4IwanfLW
> QcDUggAgD151UstbSAQafLKJb0TBCWqHpIAvsJwCziOb6LnvtIf5xoLe7s48JZE9
> 44YfDFI4qg0NSdP59vF/Z1Ho5sveScHrcgmB03BGWVunj9caclqKOWWnJOscAVLJ
> UXQG0B6VvboLJRgKUU4/z0s1a2sOcTLRUz+H1Ib9giqLirI6NVYUSg0lEZdVm5BA
> 0Ctwd6qD7G1j8e4ZiuChC3paCA0nYVhEea0dAVHXB+ZYER89yeoBzPkZnc/vWLEe
> LO1AZaxZ2nDebk0ubBn9
> =JgPw
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


Re: LogAbandoned Stack Trace?

2017-01-10 Thread Phil Steitz
On 1/10/17 12:48 PM, Christopher Schultz wrote:
> Phil,
>
> On 1/8/17 5:41 PM, Phil Steitz wrote:
> > On 1/6/17 3:44 PM, Jerry Malcolm wrote:
> >> On 1/6/2017 4:30 PM, Christopher Schultz wrote:
> >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
> >>>
> >>> Jerry,
> >>>
> >>> On 1/6/17 10:35 AM, Jerry Malcolm wrote:
>  I'm getting "too many connections" errors.
> >>> Where?
> >>>
> >>> Can you provide an exact error message and, better yet, a
> >>> stack trace?
> >>>
>  I'm pretty sure I am configured with enough connections that
>  I shouldn't run out.  So I'm assuming I'm leaving some
>  connections open.
> >>> That's a good assumption.
> >>>
>  I have LogAbandoned="true" in my jdbc resource statements.
>  The doc says TC will log a stack trace of abandoned
>  connections.  But I don't see any stack traces.  Would they
>  be in stderr, stdout, catalina log? Or is it that I'm
>  actually not getting any abandoned?
> >>> Which db connection pool are you using? Standard (DBCP-based)
> >>> or tomcat-pool? A full (sanitized)  configuration
> >>> would help.
> >>>
> >>> - -chris
> >>>
> >> Chris, Stack trace follows.  It looks like it may be mySQL
> >> that's rejecting the connection.  But even if that's the case,
> >> it's probably because I'm not closing some connections, which
> >> should still generate a logAbandoned stack trace, correct?  I
> >> believe I'm using dbcp.  Not doing anything fancy... Just
> >> defining data source resources in the context file:
> >>
> >>  >> name="jdbc/cis" auth="Container" type="javax.sql.DataSource"
> >> maxTotal="100" maxIdle="30" maxWaitMillis="1"
> >> removeAbandoned="true" removeAbandonedTimeout="60"
> >> logAbandoned="true" username="" password="xxx"
> >> driverClassName="com.mysql.jdbc.Driver"
> >> url="jdbc:mysql://localhost:3306/xx" />
> > In dbcp 2, the "removeAbandoned" config option was replaced by
> > removedAbondonedOnBorrow and removeAbandonedOnMaintenance.  You
> > need to set one of these to true the get abandoned connection
> > cleanup to work.  See [1].
>
> > |Phil
>
> > [1]
> > http://commons.apache.org/proper/commons-dbcp/configuration.html
>
> +1
>
> Jerry never said what version of Tomcat he was using... I was assuming
> a DBCP 1.x-based version given his configuration.

>From the stack trace, you can see dbcp2 in the package names.  I am
correct in assuming that tomcat does not kindly
s/removeAbandoned/removeAbandonedOnBorrow, right?

Phil
>
> -chris
> >
-
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For
additional commands, e-mail: users-h...@tomcat.apache.org > >



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Abhishek,

On 1/10/17 8:03 AM, Kumar, Abhishek (IT Information Services ) wrote:
> Hi Peter,
> 
> Thank You!
> 
> So, the solution would be to switch to the upgraded version for
> this fix?

You could also completely remove access to the manager application
from untrusted IP addresses/ranges. IIRC CSRF tokens are only
generated once the user has been allowed to access the application. So
using e.g. RemoteAddressFilter before CSRF filter should protect
against an unauthenticated attacker from gaining a CSRF token.

But your version of Tomcat is quite old (more than 2 years out of
date), so upgrading should be on your short list of things to do.

http://tomcat.apache.org/security-8.html

- -chris

> -Original Message- From: Kreuser, Peter
> [mailto:pkreu...@airplus.com] Sent: Tuesday, January 10, 2017 5:25
> PM To: Tomcat Users List  Subject: AW:
> Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
> 
> Hi Abishek,
> 
>> -Ursprüngliche Nachricht- Von: Kumar, Abhishek (IT
>> Information Services )
>> [mailto:abhishek.kum...@originenergy.com.au] Gesendet: Dienstag,
>> 10. Januar 2017 12:17 An: users@tomcat.apache.org Betreff:
>> Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
>> 
>> 
>> Hi,
>> 
>> The Apache Tomcat web server running on the Load balancer is
>> affected by an information disclosure vulnerability in the index
>> page of the Manager and Host Manager applications. An
>> unauthenticated attacker can exploit this vulnerability to obtain
>> a valid cross-site request forgery (CSRF) token during the
>> redirect issued when requesting /manager/ or /host-manager/. This
>> token can be utilized by an attacker to construct a CSRF attack.
>> 
>> This is a Vulnerability issue with Tomcat 8.0.15.
>> 
>> We have this version of Tomcat installed in our Servers.
>> 
>> As suggested by Tomcat, this has been addressed and fixed after
>> 8.0.32 versions.
>> 
>> Restrict access to the /manager URL from unauthorised IP
>> addresses by implementing access control lists that only permit
>> authorised management stations or subnets. For more information,
>> see:
>> 
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org
_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32=DgIFAg=Zg
VRmm3mf2P1-XDAyDsu4A=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs=54n
d4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I
8Aqk6kymbu3u2k=
>>
>>
>>
>> 
But, We do not want to upgrade the Tomcat right now.
>> 
>> Is there a way to implement this fix in our current Tomcat
>> Version.
>> 
>> 
>> Kind Regards, Abhishek Kumar
>> 
>> Note: This email, including any attachments, is confidential. If
>> you have received this email in error, please advise the sender
>> and delete it and all copies of it from your system. If you are
>> not the intended recipient of this email, you must not use,
>> print, distribute, copy or disclose its content to anyone
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
> from a security standpoint there is no way around updating.
> 
> Specifically the CSRF attack is executed from the client, so
> whoever is at one of the authorized management stations will be
> executing the CSRF requests.
> 
> Aside from this one vulnerability all versions up to the current
> 8.0.40 fix a whole load of flaws. So whenever you restrict access
> to the management console (via RemoteAddrValve), all other
> vulnerabilities that are more than Info disclosures will still
> persist.
> 
> Best regards
> 
> Peter
> 
> 
> Peter Kreuser AirPlus International Security Officer - Application
> Development
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdUNLAAoJEBzwKT+lPKRYZ80P/3DNa4kW6z8cB1sdmm6GUK8O
Y7f0uzEYIIlirTqy091taJI7eH3jXpURtA2gJMy7LXFfTLkLFGOiM4FqPZdSQyuO
FcptphXkoYSejGdr0tFMA7LhefTkHvJWkpcIfZVELfeED+ZpWPKK1ttoXwOi/SRF
Jg1pdhssRTTfve+aZMdiYW/+ARWgT1FG53Cl+7FXPETr64jvTxnAz77PGTHj5g0a
GHZf98b05pmHuQdb1fYJg7GG1Jez2GhbVs5FU6+NWxNA+s3XgPp0nG1hKeNJTbAR
wO97nZoKyABPlznEpcZZVreLU5T/AF4+fnpEIAAwD7OyvGrmVZKJI66foex1ctPg
HCH4SrHMNgfeyhB0S5TjYEfWhlxTy7GsctKiFZOLbfKEH74VGe1zEesF3XdTmBAs
OLBPjCgFQyvbOyr68RVv9Sk8uM+aYXFWJfpk18dMevr87LM1NEEscbZ4c+0y2WWP
Tu2hN8Ig/SBw7amUn4qBIDbABnGO5RHcWmENa4HavlKwW+eGMZsPsl/Ktj43+f5E

Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joleen,

On 1/10/17 11:10 AM, Joleen Barker wrote:
> Hello All,
> 
> Details: Tomcat Version: 7.0.64.0 Java Version: 1.8.0 OS: AIX 6.1 
> Database: Oracle 11
> 
> The web application installed on the server above makes data
> connections to run file transfers from point A to point B. The
> default Database connection setting that are set when the
> application server comes up are as follows:
> 
> DataBasePoolingFlag - APACHE MaxActive - 400 MaxIdle - 20 MinIdle -
> 10
> 
> We had an incident where all these connections were actually used
> up due to a script someone had that looped. I need to determine at
> any given point in time how many DB connections exist from the web
> application to the DB. There may be more than one way to do this. I
> am sure there is a DB command that could be run against the schema
> but the schema is pointed to by many servers. I am  wondering if
> there is a java command of some kind that I could run that may tell
> me how many connections are open at that time or possibly a tomcat
> or apache command.

This may be helpful:

http://people.apache.org/~schultz/ApacheCon%20NA%202016/Monitoring%20Apa
che%20Tomcat%20with%20JMX.pdf

Slides 15-16 show you where you can find the DataSource information
via JMX, and then later on in the presentation there are slides to
show how you can get that information via HTTP instead of JMX. Scripts
are provided to fetch a value at intervals, track values over time, etc.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdUHCAAoJEBzwKT+lPKRY8lAP/0C6wfLboz4K2MxaHR/86moX
sKIev9jV+wQ17n0nf1Wj1UA7GDGALye485Z2XMgIjlOaXmufVClfa3MWY07z+bv2
R67AmDQ797jlCwTAAhpaRtB0FJmX4cd0EnJkC9r03NCH+kPRIK8G91bkgn8ehw4L
x0jrgKO/N0UEpshNI/baPxRJRX7yr83g2ZHiKVoFAXM25rEcJNSPOkvlTkBxZ5Yv
RCQuobinJa9X64p8beYXSkO/9wbP+b5/wcUxpewfvByK9Hits+n33/Mbq5RpKlR7
vIHpwDJKlTo2/8ivIDHngIPiRQetlXEgwSWwN+5Fsr+V4bFSh6XnzIBAiB8SNoua
A9m71pyOoyQhdAAQzNfWwtLPWg9jrDaIRB7bj+HnbrKnCUa4rDyWfUDm4IwanfLW
QcDUggAgD151UstbSAQafLKJb0TBCWqHpIAvsJwCziOb6LnvtIf5xoLe7s48JZE9
44YfDFI4qg0NSdP59vF/Z1Ho5sveScHrcgmB03BGWVunj9caclqKOWWnJOscAVLJ
UXQG0B6VvboLJRgKUU4/z0s1a2sOcTLRUz+H1Ib9giqLirI6NVYUSg0lEZdVm5BA
0Ctwd6qD7G1j8e4ZiuChC3paCA0nYVhEea0dAVHXB+ZYER89yeoBzPkZnc/vWLEe
LO1AZaxZ2nDebk0ubBn9
=JgPw
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: TomcatCon @ ApacheCon

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Coty,

On 1/9/17 2:48 PM, Coty Sutherland wrote:
> Would anyone be interested (and is it within the guidelines) to
> talk about the differences in some tomcat distributions? Like the 
> difference in the Red Hat linux and Debian tomcat distributions,
> for example. I know it isn't 100% ASF Tomcat, but I get a lot of
> inquiries about where to find stuff on freenode so it might be a
> helpful conversation for the community to have. On the other hand I
> don't want to blur the lines between where responsibilities lie,
> where people should ask questions, etc...

+1

Perhaps we could have some representatives from the various
distributions give a joint presentation. Coty, are you in any way
involved with the RHEL package-management of Tomcat? Emmanuel Bourg
appears to be involved with the Debian package-managed distributions
of Tomcat.

The speakers might want to come prepared to be hit with a few
tomatoes, since distro-specific weirdness is something of a popular
topic. Often "install the official ASF distribution" seems to fix many
issues posted here.

I think it would be a good idea to use some of that time to solicit
feedback from the audience about what the distros could do to make
things easier... and perhaps what Tomcat could to to make things
easier for the distros. Package-managed versions of Tomcat always seem
to be hideously out-of-date, for example. Perhaps that's due to our
distribution style (new version) which is quite different from httpd's
style (patches + occasional new versions).

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdUCIAAoJEBzwKT+lPKRYXDoP/01Pcii1MxSNh8+9SjNt39b2
1IT0L1oy/JThdnuidyxwSrgNfhb5hZCpWWbEaoXHBS2tS6UUTPeTcuCoPQUQ0klw
2+Ij9PsQ94PB1zAKmWFBc7kxlv1zePEJEJSquqMsz2MBt3XYSHRuATJSzmFucqDs
2DiSuTXV7TC9uQuOWVKDPj4052vQbAdsqHH32RqAPdqcQP67U9+YJqZkouigj5ng
tTEI8ph6UfZDv/k0u5i/CUEbRN4T4U5LORSJBrWI7ubNjLWx+/lLQKdAXcLxFHDh
uthvVYTawJwKxHY/U+542QbZ7uR2WKr6NQjbE5/t0Scun+vws1BCnIJ04VENePF4
i0jK9KrNeRnsWQLj2RAc7xOgEC26Rv8LXokRgUFR5QRSvaIOL/jTbP8VLO0O9ugh
JeYTg7ERAaCvy2OGGaidxVrhcVFBRz1jAk/kyhe5EYJNutnYcN4m8xuLkIkndv2/
RT9czqsiuflNeI3W1zxihFsjoc9Dnh2Pzwi2ZMolQqgmz+YBdT6+4moFyooB9M5b
XMumkAzPkc9pidABw7AJWzDRipxoCvf3v86EeXuXL5+vDAME1fzGMHDSp61PPvy9
MNu45qKyV2XPr7K0kAM6YnIpqGucWVVsm0qKTyUCtpvWWrmv9fYbpVHAnRNvlgiu
HkFYQ5kfrULRSrJhYr/A
=q9P5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: TomcatCon @ ApacheCon

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jean-Frederic,

On 1/9/17 9:00 AM, jean-frederic clere wrote:
> On 01/09/2017 12:57 PM, Mark Thomas wrote:
>> All,
>> 
>> There is the opportunity (if we can pull it together as a
>> community) to run a dedicated Tomcat conference alongside
>> ApacheCon NA 2017. The dates are May 16 to 18.
>> 
>> The call for papers closes on Feb 11 so we have around a month to
>> get organised. We'll also need to convince the conference
>> organisers that a) there is a demand for this and b) we have a
>> plan.
>> 
>> Getting the right content is going to be critical to success.
>> I've been thinking about this for a while and I think we can
>> identify the right content if as many folks as possible on this
>> list answer the following question:
>> 
>> "What topic(s) need to be covered in a Tomcat conference to make
>> it as easy as possible to get your employer to pay for you to
>> attend?"
>> 
>> We have up to three days and potentially multiple tracks so even
>> if you think you have a niche requirement, please speak up. We
>> typically have a number of Tomcat committers speaking at
>> ApacheCon so finding someone to cover a particular topic
>> shouldn't be too tricky. Equally, if you have a topic you could
>> present on that you think others would find useful, speak up.
>> 
>> Do feel free to add your +1 if someone else mentions a topic your
>> are interested first. Having an idea of how popular the topics
>> are would also be helpful.
>> 
>> Also, we don't have to stick to the standard "Sit and listen to
>> someone present for 40 mins" format. Discussions, workshops,
>> hackathons are all possible.
>> 
>> Some topic ideas to get the ball rolling.
>> 
>> Hands-on workshop: Configuring TLS with Apache Tomcat Reverse
>> Proxying to Apache Tomcat Load-balancing with Apache Tomcat 
>> Clustering  with Apache Tomcat Tomcat Clinic (like the users list
>> but with everyone in the same room)
>> 
>> I look forward to hearing your topic ideas.
> 
> The classical tomcat-next (presenting 8.5 and 9 + migration +
> openssl) easily fill a room and an afternoon of workshop. Proxy and
> Load-balancing are also often asked...
> 
> What about tomcat in cloud?

+1 even though this sounds silly.

I for one would like to have a practical introduction to using Tomcat
on auto-scaling clusters in e.g. Amazon EC2.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdT8HAAoJEBzwKT+lPKRYvOMP/RJBTONuB75djeRyy0yYW6qi
+OBkwRTl8Id3KG3t3bqKMg6gmW9UMGQRLUBkVhDNqp2Dguk5/s1Lgjocrk1caU/5
KZkH/7zYvD9b53LDe1mtf3lymDaihdyQVBsh9G5UmDztkl/SLIrk0C3+j9cTnQrS
c/G55V6B3h6XnJQQY70atg2S1e8hxVoNT0mvo5AKQZJiDcgGia50qdVyxpVImmQ/
g5E0KVGrCbP3W+TBcyGZ05UWY/ZhsCS5L3rHXENCswsroZdabgXEdk0h+BbXiFFI
M9vV0itGnTp51tA8jOXiw5ft1M86BgREgJgjtm6gSzoWGFr4zMeoen/jd2S/zmwu
oBZ8+s450ozugi9G9TGhuPgYjBQuayI11ucv4a8jtDnM5eZuKJzB3JJlEKHmRLlE
JaVVxqfiss2h2NjAimId2zI+jPcHP6ji8Zm6IQWEuOBtsS8hwMAuHQVgddettcBr
MWwfeqwxB2Z3kmrIXzfxqPuICFlB2dsv8PhqTwqmtgworjiU8hydod7eaQ5DpaX5
i3ix6v8F2hEql7lJst/b2G8VldW8epTR/GQg6SXiN23qNQFYmpG+xjZw7pKGsyI5
dhK9Ydyly92zTgzcUjS6+UaHiUvYyWCP899+aCcjw/vIM2dKrrHJmCS02iYkrGZ+
7aKKYWbEKjASHeVKfG7t
=VdRJ
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: TomcatCon @ ApacheCon

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 1/9/17 6:57 AM, Mark Thomas wrote:
> There is the opportunity (if we can pull it together as a
> community) to run a dedicated Tomcat conference alongside ApacheCon
> NA 2017. The dates are May 16 to 18.

Interesting.

> The call for papers closes on Feb 11 so we have around a month to
> get organised. We'll also need to convince the conference
> organisers that a) there is a demand for this and b) we have a
> plan.
> 
> Getting the right content is going to be critical to success. I've
> been thinking about this for a while and I think we can identify
> the right content

I have a single presentation submitted already for consideration. The
topic is "Let's Encrypt Apache Tomcat" ;)

I was also planning on reprising one of my previous presentations,
either the "Monitoring" or "Load-balancing" one, or possibly the
credential-handlers one. They have all been fairly well-attended in
the past.

If you wanted to really get a LOT of sessions going, I'd be willing to
do all of them, though it *is* a lot of talking.

> "What topic(s) need to be covered in a Tomcat conference to make it
> as easy as possible to get your employer to pay for you to
> attend?"
> 
> We have up to three days and potentially multiple tracks so even if
> you think you have a niche requirement, please speak up. We
> typically have a number of Tomcat committers speaking at ApacheCon
> so finding someone to cover a particular topic shouldn't be too
> tricky. Equally, if you have a topic you could present on that you
> think others would find useful, speak up.
> 
> Do feel free to add your +1 if someone else mentions a topic your
> are interested first. Having an idea of how popular the topics are
> would also be helpful.
> 
> Also, we don't have to stick to the standard "Sit and listen to
> someone present for 40 mins" format. Discussions, workshops,
> hackathons are all possible.
> 
> Some topic ideas to get the ball rolling.
> 
> Hands-on workshop: Configuring TLS with Apache Tomcat

+0

> Reverse Proxying to Apache Tomcat Load-balancing with Apache
> Tomcat Clustering  with Apache Tomcat

+1 to all 3

> Tomcat Clinic (like the users list but with everyone in the same
> room)

Evidently, Daniel Rugguri tried this a few years ago with a "Let's
solve your mox_proxy problem" workshop, and literally nobody showed
up. I'm skeptical about a workshop for a few reasons:

1. Attendees might not have a "problem to solve" and therefore see a
workshop as a waste of their time.

2. Anyone with a problem to solve isn't going to wait-around for the
conference to get it solved.

Maybe we could instead have more like a live-demo of setting things up
from scratch. So it's not an AMA (AUA?) with a topic of e.g.
"custering" but instead have a session titled something like
"Clustering A - Z" where we build a live cluster while the audience
watches and asks questions in real time.

Jean-Frederic and I were musing in Austin (?) about getting a small
number of Raspberry Pi-type devices on the stage with activity/state
lights on them, build a cluster, and then start unplugging things to
show what actually happens when disaster strikes in your environment,
and how the cluster reacts.

I'm not sure that could be done in 1 hour, especially with all of the
questions we are likely to get or scenarios we might like to demonstrate
.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdT6gAAoJEBzwKT+lPKRYpEYP/3/MmieTpAEdhTO6GNm4yj5P
fPTQcCE3v2QeY+mGCNUIfoVs5iD+azrh62OHT9cIO3SFTbd+iMt3ZI2LRB4Pmsxy
vrhlgfaiBvg/y8OCCQrh0fR0kgSqG2WLCvXg4b4zzTUYbyHAc7XlT5EPQMiuHz8W
9MXVCdHBn19/kOf0zJ8Kh5xGCmm1ONuir/idVgg9OSWMTFzVQf6rNHAmXvOTIy5E
iUIeggk0F6Nu9yiI+x4U2hRVgsk7p+OYefAlo2btSjcQXBKvXFiKFi3mDWT6q3BM
CCYWUO2+kbO6kQJVoNWuOBqYQFHZbLlwQDt8xMxCpmpZytldTJDUzZ2wgketLlPc
FfcDnvHg779PLwG8M8GKskjOerPgf2BDtGkfB7wOcfC1NT+BT99eW7E8vXef3rWg
+cmYQRUmi5o2PM/UdHQSSfZP/RklioD9cq+FTREL5iUVQlJ2ASR3CoiU7lBGtPLm
SNKyPxjVQablIOlXKWCCMqFZSGjpxEqr6Mydbj2JKjAChQiO9CU5KwTAjjYbMaO0
PI77MgSZufSicbG3oFpKYKHN5cQBEI3sD+hPYG5C2BiDpYVrlDasXz5llLuw15IS
kRjYWlTV5LC491zbwj1P6fz/LrKwQqoHz6GvrBn56YLRiLIO1YhQH07W0gvXATK9
q3qPhL22wc6PPv0THBh3
=vvsN
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: does Tomcat 8.5.9 have UTF-8 encoding throughout by default?

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

To whom it may concern,

On 1/7/17 5:57 PM, modjkl...@comcast.net wrote:
> Anyone know if it has UTF-8 encoding throughout out-of-the-box, or
> do I need to configure it to be so?
> 
> I'm seeing some headers using iso-8859-1 and I'm not sure where 
> they're being generated.

Tomcat 8.5 and higher is *mostly* configured for UTF-8 out of the box.

If you give some more details, we might be able to help a little more.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdTudAAoJEBzwKT+lPKRYNigP/1jiB4Pau/xFyZUAf/XfQNYG
6oFdhABAB+x4QHYshNfDk8yqi270r+N0oCom4QlE0IFKu6LlHq9bsuqJwlgkSm+c
Vmi6B5/6Z4vkvSntTVkzSKeoVG2hv8FqCoh9AcRepFzpifPUNkHklyUMIuyRPYTE
m0t3SU25HJS4ScDNlGR2id2tXy/DgYqfBxF2uE61YBsYh4bm5/+Y4+ElfgdskxBx
XlJ4RICrv62hhnxPHXS1ugF/RJnSpcY5Iw6PS21Hrxpp7sIWTfGUxYklfqOIZ6u1
C9yeyvnl+iGshbAD24nqzazZzqyOjhVq49eyVLvhr9f5fA4DLwMlVh3p1NE6jEnE
3OUlEbSC9NlfQJkdubmEN2sfOA3TQ+QfhwWc6HALM9JdH6hIe88qvYBCEAq4+8ms
67Qwvr47PaxfLLHS5RPOGtcRrHcgDkjO+yEB9yc5o22+IJ5FqBEaeRaXcCPpOKKb
R+NhOwTF+KOKuEJ2ZI+FBgHmI0aT9UCZCvtMgUIK/rtWITPvSu/72FeHlGsVM3k3
dCDE1RiNj4Tv1jo/khfHzP78zLDlcCHgsN7Q/zuPBEmVMB2tA502+wLSq0Ve0z43
B58andaX/TMDotoIH9XMNbGLjTLZPwixZlAv8Erxpi1TcvWrQG6ZQsYJMluWxgCK
uMS8KFUFC3dQC5d9Gzvh
=8o/K
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Spurious "Internal Server Errors" accessing "jkmanager" after upgrading Apache, "mod_jk" and OpenSSL

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Martin,

On 1/9/17 9:01 AM, Martin Knoblauch wrote:
> Hi everyone,
> 
> just in case the "final" solution is of interest: the problem was
> as usual in the configuration. We did not set the following
> directive for the LDAP connection pool:
> 
> LDAPConnectionPoolTTL #seconds
> 
> If the directive is missing, a value of "-1" is implied, meaning
> "keep connections open for ever". The LDAP server on the other side
> sets an "idle connection timeout" of 600 seconds. As a result a
> lookup would fail if it happened 600+ seconds after the first usage
> of the connection. 600 seconds is exactly the lifetime of the LDAP
> cache. Given the time of the year, usage of the test/integ/devel
> environment is minimal and there were no "new" lookups during the
> cache lifetime, leading to the repeated failures...
> 
> Setting
> 
> LDAPConnectionPoolTTL 60
> 
> 
> solved the problem for good.
> 
> Happy New Year !!!

Thanks for coming-back and explaining the problem. Looks like I was
right about LDAP. It seems like mod_auth_ldap should be a little more
chatty when problems like that happen. :(

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdTtkAAoJEBzwKT+lPKRYfV0P+QFGQO5dMSHuiyhwmOLH9i12
2LPnzrYRmqaFNekYiXoHfP1pEU2OCcGArUXz33jyaa3b+QijKljBzH6UZ8fiPDWU
zqM9CaidqGk5ot/qmpUMtH4xHIyaL+VG4cvqxGR235cdz8x/iWazloduMWw0ZWzP
mHXZMp7LXEMwgYG3/dGSrHTXeRsjtOyH3wtck8L5qsNg8PV2GyVi/iC9fP9ZwXRM
5/9MMVHr0LvttXDKyUA5ekRKZLHkZRucx4e6kBn79TR3CLdjYbJVH7ruCsZVRnDz
cwU6dKQ5ehk3F27KZrG+RcKVXO9PudU6Wm4JySAh+d+FtfaWZda/wQAFIvqcgweP
CawPgkp6E1tsDGQ4ju3gw/S95WMSHZhD3ga6NLto5Q56wGVM71bEXiNrBeK7MMQ9
HZRMzd5A6WkUOc7u7BqQYPM1BjIRcVVm1tgNBZjT8OqKR2+cH6LwqfLnotQbWpLM
TO/h3LAF8KKnO4n/eGmM7azicObjQLIzvSog97ivK55m51euWfFKQs7goBFq8Ef7
y49O8toXesfRhHjUkXM6ltm3xBY19qXR2AWUzpAaLxYiZMETml0sUylTLEMUVwLT
YuEU1VO+7dyiXfHBB829sWhC3I97cBc6UCoXg00TzQqrIvFsYy0/Ok5YQ2CCG6Qy
THm9D9TDqX3dZ/Lc+AJe
=rVs7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: 404 errors accessing webapp URLs using local IP address on fresh Tomcat 8.5.9 install

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

To whom it may concern,

On 1/9/17 12:57 AM, modjkl...@comcast.net wrote:
> I have two Linux servers connected via a cross-connect cable with
> internal IP addresses 192.168.0.1 (hostA) and 192.168.0.2 (hostB).
> 
> 
> hostA runs CentOS 5, and hostB CentOS 7.
> 
> hostB runs Apache 2.4.x, and Tomcat 8.5.9. All web traffic gets
> routed to port 443 (e.g. HTTPS) of Apache web server hostB. All web
> application traffic (e.g.
> https://www.example.com/mywebapp/somepage) is then passed to Tomcat
> via mod_jk version 1.2.42 on port 8009. Additionally, hostB Apache
> web server is configured to listen on 192.168.0.2 port 8009 (hostA
> Apache web server is not configured as such).
> 
> If hostA attempts to access a webpage on hostB (via hostB external
> IP address) from a browser or command line, such as: [root@hostA
> ~]# curl -I http://www.example.com/mywebapp/somepage
> 
> it returns status 200 (good).
> 
> Now, if I modify the hostA /etc/hosts file hostA accesses to my
> website (www.example.com) on hostB through the cross-connect cable
> (e.g. 192.168.0.2 rather than the external IP address), the webpage
> returns error 404.
> 
> What can I change to get status 200?
> 
> My web addresses are xxx.xxx.xxx.xxx (e.g. IPv4). I know Tomcat
> configures IPv6 by default. So, I modified the setenv.sh as
> follows:
> 
> CATALINA_OPTS="-Xms512M -Xmx1024M -Djava.awt.headless=true
> -Djava.net.preferIPv4Stack=true
> -Djava.net.preferIPv4Addresses=true"
> 
> This didn't change the result.
> 
> As another clue, I observe that hostA always reports status 200
> (good) when accessing any hostB webpage in www.example.com that is
> NOT part of /mywebapp, for both internal and external IP addresses.
> 
> 
> Any ideas what I can try to resolve this? I'm new to Tomcat and
> this is fresh install (previously used GlassFish) on a brand new
> server. Thanks in advance for any advice.

What does hostA say when you issue "host [hostB]" from the command-line?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdTsDAAoJEBzwKT+lPKRYQY8QAL2d3o6cqoNJ4ENxOA9al6i+
VETnlJ5JjDsAC0hzbd0c8eRZj8NryptV9hbx7nmVeIRNs+Pgr56BxIsmih+QGT+p
vDCdeJEfcYXPdStpPOmBu1u+FfCJDIUEFevxigqYsvav/1UUXdoV3aW8ThyQaddd
30ecS9NmTaijYZjHA/ufTOymuFgSnwAwkO7PbwV1hWG/JNqnXNLM+Dywkv/5CqH/
DpbquCyiDrvDZVCBsvOUIRGfXyH3czxOHycGfl8GarNoskuvrc9gxHkSwc3HvIau
qlfd7g9SICwrLeVcm02SbTkkUJV/xIV6p5csPMKt5bID3+MciX+XjOoFlo6GWVGY
6UtZ0OFvznvgb2wgOMEmf9N1ORqj1a8765VDae2oTJhpNoygW55/WwJT/s24gohz
xEGTw5Fqddo8s8IzTWbIOChWSwQ1V/1gtjJJgn/O/JUyAobFvMipWAGLztfo/w4V
+shtlh/+rRAigFrgc7cYAfp4+SMbnDCD4MBJHBdrgjAQuH1bg4+CbdN6WkhNsi0+
rcPFUJUQPxmdN1HtYAUmeXXEfMPuMJNhP3Dsq6L7RpEmKAFdkwrPe2AXkP/TzbeH
yy/4M1Ng1EBMZuWHnEylo3o0A4qtp139o3B/gJiwZ5CVnQXxCwv0MsjiY9Z6wPPm
FuzFy8TTIECLskz4vn5C
=LNg6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: LogAbandoned Stack Trace?

2017-01-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Phil,

On 1/8/17 5:41 PM, Phil Steitz wrote:
> On 1/6/17 3:44 PM, Jerry Malcolm wrote:
>> On 1/6/2017 4:30 PM, Christopher Schultz wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>> 
>>> Jerry,
>>> 
>>> On 1/6/17 10:35 AM, Jerry Malcolm wrote:
 I'm getting "too many connections" errors.
>>> Where?
>>> 
>>> Can you provide an exact error message and, better yet, a
>>> stack trace?
>>> 
 I'm pretty sure I am configured with enough connections that
 I shouldn't run out.  So I'm assuming I'm leaving some
 connections open.
>>> That's a good assumption.
>>> 
 I have LogAbandoned="true" in my jdbc resource statements.
 The doc says TC will log a stack trace of abandoned
 connections.  But I don't see any stack traces.  Would they
 be in stderr, stdout, catalina log? Or is it that I'm
 actually not getting any abandoned?
>>> Which db connection pool are you using? Standard (DBCP-based)
>>> or tomcat-pool? A full (sanitized)  configuration
>>> would help.
>>> 
>>> - -chris
>>> 
>> Chris, Stack trace follows.  It looks like it may be mySQL
>> that's rejecting the connection.  But even if that's the case,
>> it's probably because I'm not closing some connections, which
>> should still generate a logAbandoned stack trace, correct?  I
>> believe I'm using dbcp.  Not doing anything fancy... Just
>> defining data source resources in the context file:
>> 
>> > name="jdbc/cis" auth="Container" type="javax.sql.DataSource" 
>> maxTotal="100" maxIdle="30" maxWaitMillis="1" 
>> removeAbandoned="true" removeAbandonedTimeout="60" 
>> logAbandoned="true" username="" password="xxx" 
>> driverClassName="com.mysql.jdbc.Driver" 
>> url="jdbc:mysql://localhost:3306/xx" />
> In dbcp 2, the "removeAbandoned" config option was replaced by 
> removedAbondonedOnBorrow and removeAbandonedOnMaintenance.  You
> need to set one of these to true the get abandoned connection
> cleanup to work.  See [1].
> 
> |Phil
> 
> [1]
> http://commons.apache.org/proper/commons-dbcp/configuration.html

+1

Jerry never said what version of Tomcat he was using... I was assuming
a DBCP 1.x-based version given his configuration.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYdTqkAAoJEBzwKT+lPKRYE3IP/27WYTjNJMy9zKO6/0EGKH7C
SNhRRlz+uFWZsgVLlHHX1DVMnjBKRcfQBVqRPWflUe4LYWxVFxBAHuZ+luOBtZJp
4WgFBaroj/D8PQUKPkoetAN8iQU/BZ8Axn64bOp4WmaREyoS+vCkUiyRP6+a5Uve
wEjYATrNBGe4ISQQ5rpqHHR4XHNvY0xSXWtopkgowp2Y3ykyae+6SPlufK4CYf7n
m09YJszTc1sqCPQ1kCrbi0CVtF2RPOPqE2PGEA03t2Xk4aeAJROv17/FgvYVNS1G
D3wzKmhCt3qlx1D/IsdM2giujHGA3nhojKzF1XaLUPjt8UauZBIN51JO2wDKOhJH
FJJ6p+5pb4IRqOweEtYoDsoDzXUJr5nSd0AIxT43IFgXbNTH7t41j5hNdZ3dr1WE
/hPrMa8sEGu5Yv6jfuf4Xlw9h/R9WCnSiACxlHFvGKBf1edsOHoJnR7gkYTZpC3H
cdRW7q9zSU1qre96ODHmT9rXWq25hyKs0p7ig5cOKyG0f7zFrJRLgwvuW4oMgPvU
2piKjBrNIzEo/dOyjjkVMoqGr5Bj7LOr8q6vCEJO+lQ+RbQU76zLJ5Yg0vlUsO+A
qlyAi2mDcBJpQEvt6OjNt1zhlQ7Wet7okp25ki+0jozJu33jBfn2NP0Uiqk4HYsL
LqwPhvP8UM9rSkobr8ox
=rO7t
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread Joleen Barker
Thank you Andre and calder.

On the AIX side this worked. I am limited also I think due to the shell. If
I use the -p tcp option it gives me a long list of counts of TCP
connections and bytes. This command gave me similar on AIX:

netstat -a|grep 1526

tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
ESTABLISHED

On Tue, Jan 10, 2017 at 12:40 PM, André Warnier (tomcat) 
wrote:

> On 10.01.2017 18:06, Joleen Barker wrote:
>
>> Hi Andre - I played around a little more and ran the command netstat -a |
>> grep 1526 which is the port number and received information that looks
>> like
>> 11 connections are open at this time. Do you know what the number is that
>> follows the machine name in the forth column for example the 51186?
>>
>
> I do not know AIX. Maybe try :
> netstat -h
> and/or
> man netstat
>
> (and also try the command without the grep, to see the column headers)
>
>
>
>> netstat -a | grep 1526
>>
>> tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
>> ESTABLISHED
>>
>> On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker 
>> wrote:
>>
>> Hello Filippo - I do not have JConsole available and the proposed idea is
>>> past my knowledge level.
>>>
>>> Hello André - This was an interesting idea but it didn't work for me. I
>>> only have the ksh available and could only use netstat -p tcp but the
>>> output didn't make sense to me.
>>>
>>> On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) 
>>> wrote:
>>>
>>> On 10.01.2017 17:10, Joleen Barker wrote:

 Hello All,
>
> Details:
> Tomcat Version: 7.0.64.0
> Java Version: 1.8.0
> OS: AIX 6.1
> Database: Oracle 11
>
> The web application installed on the server above makes data
> connections
> to
> run file transfers from point A to point B. The default Database
> connection
> setting that are set when the application server comes up are as
> follows:
>
> DataBasePoolingFlag - APACHE
> MaxActive - 400
> MaxIdle - 20
> MinIdle - 10
>
> We had an incident where all these connections were actually used up
> due
> to
> a script someone had that looped. I need to determine at any given
> point
> in
> time how many DB connections exist from the web application to the DB.
> There may be more than one way to do this. I am sure there is a DB
> command
> that could be run against the schema but the schema is pointed to by
> many
> servers. I am  wondering if there is a java command of some kind that I
> could run that may tell me how many connections are open at that time
> or
> possibly a tomcat or apache command.
>
> Thank you for the help in advance.
>
>
> Hi.
 Maybe an "out of the box" answer, not using java.
 I don't know how the following commands fare under AIX, but on a Linux
 system, the OS-level command :
 ~# netstat -pan --tcp | grep ESTABLISHED
 will show you pretty much all TCP connections that are established
 between any process and any other, local or remote.

 Sample output :

 tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002
   ESTABLISHED 11096/java
 tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564

Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread tomcat

On 10.01.2017 18:06, Joleen Barker wrote:

Hi Andre - I played around a little more and ran the command netstat -a |
grep 1526 which is the port number and received information that looks like
11 connections are open at this time. Do you know what the number is that
follows the machine name in the forth column for example the 51186?


I do not know AIX. Maybe try :
netstat -h
and/or
man netstat

(and also try the command without the grep, to see the column headers)



netstat -a | grep 1526

tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
ESTABLISHED

On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker 
wrote:


Hello Filippo - I do not have JConsole available and the proposed idea is
past my knowledge level.

Hello André - This was an interesting idea but it didn't work for me. I
only have the ksh available and could only use netstat -p tcp but the
output didn't make sense to me.

On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) 
wrote:


On 10.01.2017 17:10, Joleen Barker wrote:


Hello All,

Details:
Tomcat Version: 7.0.64.0
Java Version: 1.8.0
OS: AIX 6.1
Database: Oracle 11

The web application installed on the server above makes data connections
to
run file transfers from point A to point B. The default Database
connection
setting that are set when the application server comes up are as follows:

DataBasePoolingFlag - APACHE
MaxActive - 400
MaxIdle - 20
MinIdle - 10

We had an incident where all these connections were actually used up due
to
a script someone had that looped. I need to determine at any given point
in
time how many DB connections exist from the web application to the DB.
There may be more than one way to do this. I am sure there is a DB
command
that could be run against the schema but the schema is pointed to by many
servers. I am  wondering if there is a java command of some kind that I
could run that may tell me how many connections are open at that time or
possibly a tomcat or apache command.

Thank you for the help in advance.



Hi.
Maybe an "out of the box" answer, not using java.
I don't know how the following commands fare under AIX, but on a Linux
system, the OS-level command :
~# netstat -pan --tcp | grep ESTABLISHED
will show you pretty much all TCP connections that are established
between any process and any other, local or remote.

Sample output :

tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002
  ESTABLISHED 11096/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564
  ESTABLISHED 2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53677
  ESTABLISHED 2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53659
  ESTABLISHED 2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53656
  ESTABLISHED 2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53620
  ESTABLISHED 2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53608
  ESTABLISHED 2677/java
tcp6   0  0 127.0.0.1:45142 127.0.0.1:11002
  ESTABLISHED 11096/java
tcp6   0  0 127.0.0.1:43558 127.0.0.1:11002
  ESTABLISHED 11096/java
tcp6   0  0 127.0.0.1:45128 127.0.0.1:11002
  ESTABLISHED 11096/java
tcp6   0  0 127.0.0.1:45069 127.0.0.1:11002
  ESTABLISHED 11096/java

I presume that you could easily find out the process-id of your Tomcat,
and the port number under which the database is accessed.
It would be a simple matter to "grep" the above and count the lines, to
get the answer you seem to want.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org









-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread calder
The fourth column is the "Local Address" (local machine) - in the case, a
machine-name (vs IP address) and the port value (such as 51186) the machine
is listening on. Of course, the machine-name will resolve to an IP address,
so in some netstat output, you might see
tcp  0  0  10.240.100.20:51186  10.240.100.55:1526  ESTABLISHED
- or possibly -
tcp  0  0  0.0.0.0:51186  10.240.100.55:1526  ESTABLISHED
- or possibly -
tcp  0  0  127.0.0.1:51186  10.240.100.55:1526  ESTABLISHED

This Local Address is the address to which the socket in question is bound
to and which it receives connections on.

The fifth column is the "Foreign Address" (destination machine), sometimes
shown with its port# (as is the case here) and a connection is established.


On Tue, Jan 10, 2017 at 5:06 PM, Joleen Barker 
wrote:

> Hi Andre - I played around a little more and ran the command netstat -a |
> grep 1526 which is the port number and received information that looks like
> 11 connections are open at this time. Do you know what the number is that
> follows the machine name in the forth column for example the 51186?
>
> netstat -a | grep 1526
>
> tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker 
> wrote:
>
> > Hello Filippo - I do not have JConsole available and the proposed idea is
> > past my knowledge level.
> >
> > Hello André - This was an interesting idea but it didn't work for me. I
> > only have the ksh available and could only use netstat -p tcp but the
> > output didn't make sense to me.
> >
> > On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) 
> > wrote:
> >
> >> On 10.01.2017 17:10, Joleen Barker wrote:
> >>
> >>> Hello All,
> >>>
> >>> Details:
> >>> Tomcat Version: 7.0.64.0
> >>> Java Version: 1.8.0
> >>> OS: AIX 6.1
> >>> Database: Oracle 11
> >>>
> >>> The web application installed on the server above makes data
> connections
> >>> to
> >>> run file transfers from point A to point B. The default Database
> >>> connection
> >>> setting that are set when the application server comes up are as
> follows:
> >>>
> >>> DataBasePoolingFlag - APACHE
> >>> MaxActive - 400
> >>> MaxIdle - 20
> >>> MinIdle - 10
> >>>
> >>> We had an incident where all these connections were actually used up
> due
> >>> to
> >>> a script someone had that looped. I need to determine at any given
> point
> >>> in
> >>> time how many DB connections exist from the web application to the DB.
> >>> There may be more than one way to do this. I am sure there is a DB
> >>> command
> >>> that could be run against the schema but the schema is pointed to by
> many
> >>> servers. I am  wondering if there is a java command of some kind that I
> >>> could run that may tell me how many connections are open at that time
> or
> >>> possibly a tomcat or apache command.
> >>>
> >>> Thank you for the help in advance.
> >>>
> >>>
> >> Hi.
> >> Maybe an "out of the box" answer, not using java.
> >> I don't know how the following commands fare under AIX, but on a Linux
> >> system, the OS-level command :
> >> ~# netstat -pan --tcp | grep ESTABLISHED
> >> will show you pretty much all TCP connections that are established
> >> between any process and any other, local or remote.
> >>
> >> Sample output :
> >>
> >> tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002
> >>  ESTABLISHED 11096/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53677
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53659
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53656
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53620
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53608
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:45142 127.0.0.1:11002
> >>  ESTABLISHED 11096/java
> >> tcp6   0  0 127.0.0.1:43558 

Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread Joleen Barker
Hi Andre - I played around a little more and ran the command netstat -a |
grep 1526 which is the port number and received information that looks like
11 connections are open at this time. Do you know what the number is that
follows the machine name in the forth column for example the 51186?

netstat -a | grep 1526

tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
ESTABLISHED

tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
ESTABLISHED

On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker 
wrote:

> Hello Filippo - I do not have JConsole available and the proposed idea is
> past my knowledge level.
>
> Hello André - This was an interesting idea but it didn't work for me. I
> only have the ksh available and could only use netstat -p tcp but the
> output didn't make sense to me.
>
> On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) 
> wrote:
>
>> On 10.01.2017 17:10, Joleen Barker wrote:
>>
>>> Hello All,
>>>
>>> Details:
>>> Tomcat Version: 7.0.64.0
>>> Java Version: 1.8.0
>>> OS: AIX 6.1
>>> Database: Oracle 11
>>>
>>> The web application installed on the server above makes data connections
>>> to
>>> run file transfers from point A to point B. The default Database
>>> connection
>>> setting that are set when the application server comes up are as follows:
>>>
>>> DataBasePoolingFlag - APACHE
>>> MaxActive - 400
>>> MaxIdle - 20
>>> MinIdle - 10
>>>
>>> We had an incident where all these connections were actually used up due
>>> to
>>> a script someone had that looped. I need to determine at any given point
>>> in
>>> time how many DB connections exist from the web application to the DB.
>>> There may be more than one way to do this. I am sure there is a DB
>>> command
>>> that could be run against the schema but the schema is pointed to by many
>>> servers. I am  wondering if there is a java command of some kind that I
>>> could run that may tell me how many connections are open at that time or
>>> possibly a tomcat or apache command.
>>>
>>> Thank you for the help in advance.
>>>
>>>
>> Hi.
>> Maybe an "out of the box" answer, not using java.
>> I don't know how the following commands fare under AIX, but on a Linux
>> system, the OS-level command :
>> ~# netstat -pan --tcp | grep ESTABLISHED
>> will show you pretty much all TCP connections that are established
>> between any process and any other, local or remote.
>>
>> Sample output :
>>
>> tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53677
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53659
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53656
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53620
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53608
>>  ESTABLISHED 2677/java
>> tcp6   0  0 127.0.0.1:45142 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>> tcp6   0  0 127.0.0.1:43558 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>> tcp6   0  0 127.0.0.1:45128 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>> tcp6   0  0 127.0.0.1:45069 127.0.0.1:11002
>>  ESTABLISHED 11096/java
>>
>> I presume that you could easily find out the process-id of your Tomcat,
>> and the port number under which the database is accessed.
>> It would be a simple matter to "grep" the above and count the lines, to
>> get the answer you seem to want.
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>


Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread Joleen Barker
Hello Filippo - I do not have JConsole available and the proposed idea is
past my knowledge level.

Hello André - This was an interesting idea but it didn't work for me. I
only have the ksh available and could only use netstat -p tcp but the
output didn't make sense to me.

On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) 
wrote:

> On 10.01.2017 17:10, Joleen Barker wrote:
>
>> Hello All,
>>
>> Details:
>> Tomcat Version: 7.0.64.0
>> Java Version: 1.8.0
>> OS: AIX 6.1
>> Database: Oracle 11
>>
>> The web application installed on the server above makes data connections
>> to
>> run file transfers from point A to point B. The default Database
>> connection
>> setting that are set when the application server comes up are as follows:
>>
>> DataBasePoolingFlag - APACHE
>> MaxActive - 400
>> MaxIdle - 20
>> MinIdle - 10
>>
>> We had an incident where all these connections were actually used up due
>> to
>> a script someone had that looped. I need to determine at any given point
>> in
>> time how many DB connections exist from the web application to the DB.
>> There may be more than one way to do this. I am sure there is a DB command
>> that could be run against the schema but the schema is pointed to by many
>> servers. I am  wondering if there is a java command of some kind that I
>> could run that may tell me how many connections are open at that time or
>> possibly a tomcat or apache command.
>>
>> Thank you for the help in advance.
>>
>>
> Hi.
> Maybe an "out of the box" answer, not using java.
> I don't know how the following commands fare under AIX, but on a Linux
> system, the OS-level command :
> ~# netstat -pan --tcp | grep ESTABLISHED
> will show you pretty much all TCP connections that are established between
> any process and any other, local or remote.
>
> Sample output :
>
> tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002
>  ESTABLISHED 11096/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53677
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53659
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53656
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53620
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53608
>  ESTABLISHED 2677/java
> tcp6   0  0 127.0.0.1:45142 127.0.0.1:11002
>  ESTABLISHED 11096/java
> tcp6   0  0 127.0.0.1:43558 127.0.0.1:11002
>  ESTABLISHED 11096/java
> tcp6   0  0 127.0.0.1:45128 127.0.0.1:11002
>  ESTABLISHED 11096/java
> tcp6   0  0 127.0.0.1:45069 127.0.0.1:11002
>  ESTABLISHED 11096/java
>
> I presume that you could easily find out the process-id of your Tomcat,
> and the port number under which the database is accessed.
> It would be a simple matter to "grep" the above and count the lines, to
> get the answer you seem to want.
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread tomcat

On 10.01.2017 17:10, Joleen Barker wrote:

Hello All,

Details:
Tomcat Version: 7.0.64.0
Java Version: 1.8.0
OS: AIX 6.1
Database: Oracle 11

The web application installed on the server above makes data connections to
run file transfers from point A to point B. The default Database connection
setting that are set when the application server comes up are as follows:

DataBasePoolingFlag - APACHE
MaxActive - 400
MaxIdle - 20
MinIdle - 10

We had an incident where all these connections were actually used up due to
a script someone had that looped. I need to determine at any given point in
time how many DB connections exist from the web application to the DB.
There may be more than one way to do this. I am sure there is a DB command
that could be run against the schema but the schema is pointed to by many
servers. I am  wondering if there is a java command of some kind that I
could run that may tell me how many connections are open at that time or
possibly a tomcat or apache command.

Thank you for the help in advance.



Hi.
Maybe an "out of the box" answer, not using java.
I don't know how the following commands fare under AIX, but on a Linux system, the 
OS-level command :

~# netstat -pan --tcp | grep ESTABLISHED
will show you pretty much all TCP connections that are established between any process and 
any other, local or remote.


Sample output :

tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002 ESTABLISHED 
11096/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564 ESTABLISHED 
2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53677 ESTABLISHED 
2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53659 ESTABLISHED 
2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53656 ESTABLISHED 
2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53620 ESTABLISHED 
2677/java
tcp6   0  0 127.0.0.1:8009  127.0.0.1:53608 ESTABLISHED 
2677/java
tcp6   0  0 127.0.0.1:45142 127.0.0.1:11002 ESTABLISHED 
11096/java
tcp6   0  0 127.0.0.1:43558 127.0.0.1:11002 ESTABLISHED 
11096/java
tcp6   0  0 127.0.0.1:45128 127.0.0.1:11002 ESTABLISHED 
11096/java
tcp6   0  0 127.0.0.1:45069 127.0.0.1:11002 ESTABLISHED 
11096/java

I presume that you could easily find out the process-id of your Tomcat, and the port 
number under which the database is accessed.
It would be a simple matter to "grep" the above and count the lines, to get the answer you 
seem to want.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread Filippo Machi
Ciao Joleen,
maybe you could retrieve this information connecting via JMX (JConsole,
VisualVM) to the tomcat instances.
According to the way the datasource is configured, you could find a JMX
bean exposing this information.
Before that, tomcat should be launched in a way JMX connections are allowed
from remote.
For example, connecting via JMX I can find something under Catalina/Data
Source/etc etc.
HTH


On Tue, Jan 10, 2017 at 5:10 PM, Joleen Barker 
wrote:

> Hello All,
>
> Details:
> Tomcat Version: 7.0.64.0
> Java Version: 1.8.0
> OS: AIX 6.1
> Database: Oracle 11
>
> The web application installed on the server above makes data connections to
> run file transfers from point A to point B. The default Database connection
> setting that are set when the application server comes up are as follows:
>
> DataBasePoolingFlag - APACHE
> MaxActive - 400
> MaxIdle - 20
> MinIdle - 10
>
> We had an incident where all these connections were actually used up due to
> a script someone had that looped. I need to determine at any given point in
> time how many DB connections exist from the web application to the DB.
> There may be more than one way to do this. I am sure there is a DB command
> that could be run against the schema but the schema is pointed to by many
> servers. I am  wondering if there is a java command of some kind that I
> could run that may tell me how many connections are open at that time or
> possibly a tomcat or apache command.
>
> Thank you for the help in advance.
>
> Joleen
>


Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread Joleen Barker
Hello All,

Details:
Tomcat Version: 7.0.64.0
Java Version: 1.8.0
OS: AIX 6.1
Database: Oracle 11

The web application installed on the server above makes data connections to
run file transfers from point A to point B. The default Database connection
setting that are set when the application server comes up are as follows:

DataBasePoolingFlag - APACHE
MaxActive - 400
MaxIdle - 20
MinIdle - 10

We had an incident where all these connections were actually used up due to
a script someone had that looped. I need to determine at any given point in
time how many DB connections exist from the web application to the DB.
There may be more than one way to do this. I am sure there is a DB command
that could be run against the schema but the schema is pointed to by many
servers. I am  wondering if there is a java command of some kind that I
could run that may tell me how many connections are open at that time or
possibly a tomcat or apache command.

Thank you for the help in advance.

Joleen


RE: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token

2017-01-10 Thread Kumar, Abhishek (IT Information Services )
Hi Peter,

Thank You!

So, the solution would be to switch to the upgraded version for this fix?

Thanks and Regards,
Abhishek Kumar

-Original Message-
From: Kreuser, Peter [mailto:pkreu...@airplus.com] 
Sent: Tuesday, January 10, 2017 5:25 PM
To: Tomcat Users List 
Subject: AW: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token

Hi Abishek,
 
> -Ursprüngliche Nachricht-
> Von: Kumar, Abhishek (IT Information Services ) 
> [mailto:abhishek.kum...@originenergy.com.au] 
> Gesendet: Dienstag, 10. Januar 2017 12:17
> An: users@tomcat.apache.org
> Betreff: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
> 
> 
> Hi,
> 
> The Apache Tomcat web server running on the Load balancer is affected by an 
> information disclosure vulnerability in the index page of the Manager and 
> Host Manager applications. An unauthenticated attacker can exploit this 
> vulnerability to obtain a valid cross-site request forgery (CSRF) token 
> during the redirect issued when requesting /manager/ or /host-manager/. This 
> token can be utilized by an attacker to construct a CSRF attack.
> 
> This is a Vulnerability issue with Tomcat 8.0.15.
> 
> We have this version of Tomcat installed in our Servers.
> 
> As suggested by Tomcat, this has been addressed and fixed after 8.0.32 
> versions.
> 
> Restrict access to the /manager URL from unauthorised IP addresses by 
> implementing access control lists that only permit authorised management 
> stations or subnets. For more information, see:
> 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32=DgIFAg=ZgVRmm3mf2P1-XDAyDsu4A=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k=
> 
> 
> But, We do not want to upgrade the Tomcat right now.
> 
> Is there a way to implement this fix in our current Tomcat Version.
> 
> 
> Kind Regards,
> Abhishek Kumar
> 
> Note: This email, including any attachments, is confidential. If you have 
> received this email in error, please advise the sender and delete it and all 
> copies of it from your system. If you are not the intended recipient of this 
> email, you must not use, print, distribute, copy or disclose its content to 
> anyone
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


from a security standpoint there is no way around updating.

Specifically the CSRF attack is executed from the client, so whoever is at one 
of the authorized management stations will be executing the CSRF requests.

Aside from this one vulnerability all versions up to the current 8.0.40 fix a 
whole load of flaws. So whenever you restrict access to the management console 
(via RemoteAddrValve), all other vulnerabilities that are more than Info 
disclosures will still persist.

Best regards

Peter


Peter Kreuser
AirPlus International 
Security Officer - Application Development

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



AW: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token

2017-01-10 Thread Kreuser, Peter
Hi Abishek,
 
> -Ursprüngliche Nachricht-
> Von: Kumar, Abhishek (IT Information Services ) 
> [mailto:abhishek.kum...@originenergy.com.au] 
> Gesendet: Dienstag, 10. Januar 2017 12:17
> An: users@tomcat.apache.org
> Betreff: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
> 
> 
> Hi,
> 
> The Apache Tomcat web server running on the Load balancer is affected by an 
> information disclosure vulnerability in the index page of the Manager and 
> Host Manager applications. An unauthenticated attacker can exploit this 
> vulnerability to obtain a valid cross-site request forgery (CSRF) token 
> during the redirect issued when requesting /manager/ or /host-manager/. This 
> token can be utilized by an attacker to construct a CSRF attack.
> 
> This is a Vulnerability issue with Tomcat 8.0.15.
> 
> We have this version of Tomcat installed in our Servers.
> 
> As suggested by Tomcat, this has been addressed and fixed after 8.0.32 
> versions.
> 
> Restrict access to the /manager URL from unauthorised IP addresses by 
> implementing access control lists that only permit authorised management 
> stations or subnets. For more information, see:
> 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32=DgIFAg=ZgVRmm3mf2P1-XDAyDsu4A=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k=
> 
> 
> But, We do not want to upgrade the Tomcat right now.
> 
> Is there a way to implement this fix in our current Tomcat Version.
> 
> 
> Kind Regards,
> Abhishek Kumar
> 
> Note: This email, including any attachments, is confidential. If you have 
> received this email in error, please advise the sender and delete it and all 
> copies of it from your system. If you are not the intended recipient of this 
> email, you must not use, print, distribute, copy or disclose its content to 
> anyone
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


from a security standpoint there is no way around updating.

Specifically the CSRF attack is executed from the client, so whoever is at one 
of the authorized management stations will be executing the CSRF requests.

Aside from this one vulnerability all versions up to the current 8.0.40 fix a 
whole load of flaws. So whenever you restrict access to the management console 
(via RemoteAddrValve), all other vulnerabilities that are more than Info 
disclosures will still persist.

Best regards

Peter


Peter Kreuser
AirPlus International 
Security Officer - Application Development

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token

2017-01-10 Thread Kumar, Abhishek (IT Information Services )

Hi,

The Apache Tomcat web server running on the Load balancer is affected by an 
information disclosure vulnerability in the index page of the Manager and Host 
Manager applications. An unauthenticated attacker can exploit this 
vulnerability to obtain a valid cross-site request forgery (CSRF) token during 
the redirect issued when requesting /manager/ or /host-manager/. This token can 
be utilized by an attacker to construct a CSRF attack.

This is a Vulnerability issue with Tomcat 8.0.15.

We have this version of Tomcat installed in our Servers.

As suggested by Tomcat, this has been addressed and fixed after 8.0.32 versions.

Restrict access to the /manager URL from unauthorised IP addresses by 
implementing access control lists that only permit authorised management 
stations or subnets. For more information, see:

https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32=DgIFAg=ZgVRmm3mf2P1-XDAyDsu4A=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k=


But, We do not want to upgrade the Tomcat right now.

Is there a way to implement this fix in our current Tomcat Version.


Kind Regards,
Abhishek Kumar

Note: This email, including any attachments, is confidential. If you have 
received this email in error, please advise the sender and delete it and all 
copies of it from your system. If you are not the intended recipient of this 
email, you must not use, print, distribute, copy or disclose its content to 
anyone

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Possible bug with Transfer-Encoding: chunked on Tomcat 8.5.9

2017-01-10 Thread Enrico Olivelli
I have found a work-around for my case.
The original code of my servlet was like this:

ObjectMapper mapper = new ObjectMapper();   // Jackson Mapper
mapper.readValue(request.getInputStream(), "utf-8")

I have added a buffer to hold all the request:
byte[] content = readFully(request.getInputStream());
mapper.readValue(content, "utf-8")

Now the error has disappeared.
I have not checked the code of Jackson Mapper.
Is is possible that the ChunkedInputFilter breaks in case of reading more
times after the end of the stream ? (calling ServletInputStream#read more
times after -1 marker)

Should I file an issue ?
I'm really sorry but today I have not time to create a working JUnit
testcase to demostrate the issue. I can work on it next days.


-- Enrico



2017-01-09 16:31 GMT+01:00 Enrico Olivelli :

> Hi, I am upgrading from Tomcat 8.0.33 to 8.5.9.
> I have the following error during a POST made with Apache-HttpClient 4.3.6
>
> I this this is the bad "POST"
>
> FINE Jan 09, 2017 3:45:15 PM org.apache.coyote.http11.Http11InputBuffer
> parseRequestLine
> BUONO: Received [POST /majordodo HTTP/1.1
> Transfer-Encoding: chunked
> Content-Type: application/json;charset=utf-8
> Host: sviluppo06-cs7.sviluppo.dna:11986
> Connection: Keep-Alive
> User-Agent: Apache-HttpClient/4.3.6 (java 1.5)
> Accept-Encoding: gzip,deflate
> Authorization: Basic bWFnbmV3czptYWduZXdz
>
> 10b78
> ]
>
>
> this is the stack trace of the error:
> java.io.IOException: Invalid end of line sequence (character other than CR
> or LF found)
> at org.apache.coyote.http11.filters.ChunkedInputFilter.
> throwIOException(ChunkedInputFilter.java:655)
> at org.apache.coyote.http11.filters.ChunkedInputFilter.
> parseCRLF(ChunkedInputFilter.java:475)
> at org.apache.coyote.http11.filters.ChunkedInputFilter.
> doRead(ChunkedInputFilter.java:262)
> at org.apache.coyote.http11.Http11InputBuffer.doRead(
> Http11InputBuffer.java:256)
> at org.apache.coyote.Request.doRead(Request.java:540)
> at org.apache.catalina.connector.InputBuffer.realReadBytes(
> InputBuffer.java:319)
> at org.apache.catalina.connector.InputBuffer.checkByteBufferEof(
> InputBuffer.java:627)
> at org.apache.catalina.connector.InputBuffer.read(InputBuffer.
> java:342)
> at org.apache.catalina.connector.CoyoteInputStream.read(
> CoyoteInputStream.java:183)
>
>
> Is it a client error on 'chunked' encoding format or is there some change
> on Tomcat code which processes his kind of encoding ?
>
> I think that the client is sending a broken request, but before the
> upgrade I did not get the error, is it possible ?
>
> I'm using Nio (not Nio2) http Connector, I'm going to to try Nio2
>
> Thank you
> Enrico Olivelli
>
> .
>


RE: JSP compilation fails with Java 9

2017-01-10 Thread Patil, Shital
Tomcat 9.0.0.M15
ecj-4.6.1.jar

With Java 9 build 146 JSP's are broken.
Surprisingly with Java 9 build 151, same tomcat started compiling and executing 
JSPs very well :) 

Now that’s called sun chasers


-Original Message-
From: Rémy Maucherat [mailto:r...@apache.org] 
Sent: 10 January 2017 04:56
To: Tomcat Users List 
Subject: Re: JSP compilation fails with Java 9

2017-01-09 1:16 GMT-06:00 Patil, Shital :

> We are assessing Java 9(early access) and JSP compilation is badly 
> broken with Java 9. Even basic java objects(java.lang.Object) are not 
> accessible while compilation. Appears to be because of jigsaw(modular)
>
> Any solution or alternative to this problem ?
>
> I tested Java 9 relatively recently, and normally JSP compilation is 
> the
last remaining issue. I can confirm what was said: JDT doesn't have modules 
support, and it doesn't have a planning for it from what I saw. There have been 
some significant updates to the modules lately, so it would be unfair to blame 
the JDT people at this point.

Rémy


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: 09 January 2017 17:40
To: Tomcat Users List 
Subject: Re: JSP compilation fails with Java 9

As far as I am aware, the JDT compiler that Jasper uses by default does not yet 
support Java 9.

You should be able to configure Jasper to use javac for Java 9.

From memory (I tested this some time ago), a basic JSP worked with Java 9. 
Whether more complex JSPs might hit some Jigsaw related issues is TBD. Worst 
case, you should be able to work-around them with command line options when 
starting Tomcat.

I've looked at Java 9 support a couple of times but partly because it is still 
in a state of flux and partly because the JDT support was not there I haven't 
taken it very far.

Mark
--
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] 
Sent: 09 January 2017 19:55
To: Tomcat Users List 
Subject: Re: JSP compilation fails with Java 9

1. Tomcat full version number =?

2. ecj.jar version (in Tomcat's lib directory) =?

3. Does it work with a later version of ecj.jar?  It is "JDT Core Batch 
Compiler"
Downloadable from
http://download.eclipse.org/eclipse/downloads/
http://download.eclipse.org/eclipse/downloads/drops4/R-4.6.2-201611241400/

(Tomcat 8.5 ships with 4.5.1, Tomcat 9 uses 4.6.1,  latest release is 4.6.2,  
but there is also a milestone build of 4.7 available)

Best regards,
Konstantin Kolinko


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org