Re: Ways to identify poorly designed client aplications sending request to Tomcat !

[Utkarsh Dave]

Hi Chris,

Thanks for the response.

On Fri, Mar 31, 2017 at 10:16 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Utkarsh,
>
> On 3/30/17 3:34 PM, Utkarsh Dave wrote:
> > What makes you say that?
>
> What makes me say what?
>
> > Past cases, I saw where implementation or not using the JSESSION
> > was making the connection over and over again for multiple
> > transactions
>
> Of course. HTTP is a connectionless protocol, so making many
> connections with a single session is appropriate.
>
> But you are saying that your clients are not re-using sessions and so
> you want some suggestions.
>
> I got your point. Actually i meant both reusing connections and sessions
both. But as we do not any symptom here, we will leave this for now. Thanks
a lot for calrification on session timeout and using the same session for
connections.

> > What JVM are you using? We using Orcale JDK 1.7.0.131
>
> Okay, that's reasonably recent, though still unsupported. I'd move up
> to Java 8 if possible.
>
Ok.

>
> > Yes, 58 applications.
>
> Okay, then the presence of 58 WebappClassLoader objects in memory is
> not concerning.
>
> I don't see any indications of any problems with "poor socket
> implementations".
>
> If you have 58 applications deployed and you are only using 787MiB of
> heap, that seems fairly good to me.
>
> It's not really clear what you're asking for, here. Can you expand a
> little bit on what you hope to accomplish?
>
Yes, i will try to be more clear. So, the thing is my server with tomcat 7,
has around 58 application deployed. There are 4-5 tools/applications that
sends requests to my server. Suddenly the tomcat on all my test set ups
stop responding and GUI/web access was slow and sluggish. I found tomcat
memory was less than 100 mb, which is unusual then normal. So I am trying
to find what consuming memory in tomcat. As Memory heap dump (i used
eclipse memory analyzer tool) didn't helped much. I was wondering what is
the reason of tomcat going bad. Or it is just i need to add more memory to
heap from 1.2 G to 2.4?
I am trying to see if jconsole will be helpful here. Any thoughts on
debugging this.
I alrady reviewed the localhost_Access logs to see all the requests and
there response time and response size. Compared them to a working server.
Not much of help yet.

>
> - -chris
>
> > On Thu, Mar 30, 2017 at 12:01 PM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Utkarsh,
> >
> > On 3/29/17 7:33 PM, Utkarsh Dave wrote:
>  Hello all,
> 
>  My tomcat (7.0.72) hosts several web aplications in the
>  server (based in linux 6.8). There are many clients or 3rd
>  party applications working as client to my server (having
>  tomcat and web applications). There are instances when poorly
>  designed client application can affect severly to Tomcat.
>  Connections/sessions not being reused or closed is one of
>  them.
> >
> > If you have too many sessions, you have two options:
> >
> > 1. Lower the session-timeout (default: 30min) 2. Identify places in
> > the code where sessions are being created but do not need to be
> > created
> >
>  My question is the way to prove/identify such symptoms of the
>  3rd party applications.
> 
>  I have a situation where all the applications and web/GUI
>  access slows down and tomcat shows as consuming 100% cpu
>  (even though overall CPU is less) My diagnosis shows memory
>  tests for tomcat failing (less than 100KB of free heap left),
>  And so i generated memory heap dump and thread dumps. Below
>  are the results. Based on below, does this qualify for a
>  poorly socket implemetation ? Any thoughts will be helpful.
> >
> > What makes you say that?
> >
>  Memory heap dump generated is of Size: 787.3 MB Classes:
>  139k Objects: 19.3m Class Loader: 1.6k
> 
>  Overview shows 580.9 MB occupied by remainder's.
> 
>  Problem suspect:- 465 MB occupied by remainder
> 
>  152.2 MB- leak suspect 1 6 instances of
>  "com.sun.xml.bind.v2.runtime.JAXBContextImpl", loaded by
>  "org.apache.catalina.loader.WebappClassLoader @ 0xacc38e98"
>  occupy 159,582,744 (19.33%) bytes.
> >
> > It's certainly possible that JAXB and/or your XML-pasring library
> > could be leaking memory. Older XML parsers would keep the whole
> > XML document text pinned in memory if some other part of the code
> > grabbed a single XML attribute and hung-onto the reference. This
> > was actually fixed in the implementation of String.substring, I
> > believe.
> >
> > What JVM are you using?
> >
>  91 MB- leak suspect 2 58 instances of
>  "org.apache.catalina.loader.WebappClassLoader", loaded by
>  "java.net.URLClassLoader @ 0xa6b8e038" occupy 95,396,344
>  (11.56%) bytes
> >
> > How many applications do you have loaded in the same JVM? If you
> > have 58, then that's how many WebappClassLoader 

RE: changing tomcat default password

[Caldarale, Charles R]

> From: Theresa Whitney [mailto:theresa.whit...@nisd.net] 
> Subject: changing tomcat default password

> I am trying to address a security vulnerability notification for several
> servers.  We have tomcat6 installed.

Right there is your biggest security problem - Tomcat 6 has reached end of life 
and may not receive any more fixes.  To quote from the "Which version?" page:

"Users of Tomcat 6 should be aware that Tomcat 6 has now reached end of life. 
Users of Tomcat 6.x should upgrade to Tomcat 7.x or later."
http://tomcat.apache.org/whichversion.html


> The notification indicates that I need to change the default passwords
> in the admin-users.xml file.

No such file is distributed with a standard Tomcat; are you sure you have the 
right file name?  In which directory is it located?

> Can I just change the password in the xml file?

Difficult to say, since it's not part of an official Tomcat.

> Sorry for my ignorance ... I am a total newbie.

As we all were at some point.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-Original Message-


-- 
Theresa Whitney
Systems Administrator - Server Support
Northside ISD
ph: (210) 397-7727
email:  theresa.whit...@nisd.net

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

changing tomcat default password

[Theresa Whitney]

I am trying to address a security vulnerability notification for several
servers.  We have tomcat6 installed.  The notification indicates that I
need to change the default passwords in the admin-users.xml file.  When I
view the file it looks like everything is commented out.  And there are
several places where a password is set.  I have also confirmed that the
tomcat service is running and the only dependencies are for winsock and
tcpip drivers.

I am not familiar with tomcat or making any changes to any configurations.

Can I just change the password in the xml file?
Do I need to stop and restart services and if so, just the tomcat service?
What is affected by stopping and restarting services?

Sorry for my ignorance ... I am a total newbie.

-- 
Theresa Whitney
Systems Administrator - Server Support
Northside ISD
ph: (210) 397-7727
email:  theresa.whit...@nisd.net

Re: how to access HTTPServletRequest in RealmBase

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

André,

On 3/30/17 3:41 PM, André Warnier (tomcat) wrote:
> On 30.03.2017 20:10, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>> 
>> Konstantin,
>> 
>> On 3/30/17 4:19 AM, Konstantin Kolinko wrote:
>>> 2017-03-30 11:02 GMT+03:00 Jan Vávra :
 Hello, I have written a custom Realm and I need to access to
 the request headers. The authentication should be computed
 from client certificate + id from custom http header
 X-IdUser. Can I somehow access to the HTTPServletRequest
 instance  ?
>>> 
>>> Not possible, by design.
>>> 
>>> An Authenticator (a valve) can access request and its headers.
>>> A Realm cannot.
>> 
>> I've always been frustrated by this, and it's one reason I do not
>> use Tomcat's build-in authentication. I need to log
>> authentication failures and their sources (IP address) and this
>> information is simply not available through the Tomcat-provided
>> APIs.
>> 
>> I think there is definitely an opportunity here for improvement.
>> 
> 
> A naive question or three (I can't really ask any other kind in
> Java) :
> 
> 1) what is calling the following method ? 
> https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/realm
/DataSourceRealm.html#authenticate%28java.lang.String,%20java.lang.Strin
g%29

Within
> 
Tomcat, one of the Authenticator classes is going to be calling
that method. (BasicAuthenticator, FormAuthenticator, etc.).

> 2) And (assuming that if you want to do non-standard things in the 
> Realm, it means that you are writing your own custom Realm), isn't
> there a possibility for any caller of (1) above, to pass anything
> it wants in the "credentials" argument ?
> 
> (such as a caller IP address, the content of a HTTP header, etc.) 
> (to be parsed out and used by the authenticate method, for logging
> e.g.)

Absolutely, you could do that.

But let's say that I want to write my own Realm implementation so I
can e.g. write the user's IP address to a table when they
authenticate. Okay, I write a Realm but the interface doesn't contain
any of that data.

So, I decide that I want to package the IP address into the username
field for authenticate(String username, String password). Sounds good,
but then I'd need to write my own Authenticator that knows that the
username is actually IP-address + username instead of just username
like usual.

And if I'm going to write my own Realm *and* Authenticator, why don't
I just write everything myself and skip the Tomcat-provided code?

> 3) and, still assuming much, might one then perhaps use this
> element to specify a class which would perform ditto parsing, prior
> to the authentication itself ? 
> http://tomcat.apache.org/tomcat-9.0-doc/config/credentialhandler.html

The
> 
CredentialHandler's job is to take the user's credential (the
password) and compare it to the value that was stored in the user
database. Providing a custom CredentialHandler only allows you to
support different types of password-munging.

Note that the CredentialHandler doesn't have access to any data
storage system (like the user database). The Realm is designed to
fetch the user's stored credential from the user database and then
delegate the comparison to the CredentialHandler. This allows someone
to support e.g. a hashing algorithm that Tomcat has never seen before.
But it doesn't allow the user database to store anything new.

Tomcat is attempting to separate the concerns of various things into
separate classes / interfaces. This allows a great deal of re-use of
code. For example, there are "authenticators" (which don't
authenticate) for the following: HTTP Basic, HTTP Digest, CLIENT-CERT,
FORM. And there are Realms (which actually authenticate) for the
following user databases: JDBC, DataStore(also JDBC), LDAP/JNDI, JAAS,
and "memory" (really "file").

If there was one class for each setup, you'd need an explosion of classe
s:

HttpBasicLDAPAuthenticator
HttpBasicJDBCAuthenticator
HttpBasicDataSourceAuthenticator
HttpBasicJAASAuthenticator
HttpDigestLDAPAuthenticator
HttpDigestJDBCAuthenticator
HttpDigestDataSourceAuthenticator
etc.

There are some authenticators that only make sense for some realm
methods. For example, the SSLAuthenticator is never going to call
Realm.authenticate(username, password). So in a way, these interfaces
are already a bit "impure".

But the idea for the Realm was "let's have a class/interface whose job
is simply to say yes/no to authentication requests and also to
determine if a user is authorized for a role-based permission".
There's really no reason to make that HTTP-specific. What does it mean
to have a username and password that match with or without an IP address
?

There is nothing HTTP-specific about a Realm, which is why this
complexity is left-out of the Realm interface.

But some people need their applications to use some information
available from the HTTP request as part of their authentication (or,

Re: Ways to identify poorly designed client aplications sending request to Tomcat !

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Utkarsh,

On 3/30/17 3:34 PM, Utkarsh Dave wrote:
> What makes you say that?

What makes me say what?

> Past cases, I saw where implementation or not using the JSESSION
> was making the connection over and over again for multiple
> transactions

Of course. HTTP is a connectionless protocol, so making many
connections with a single session is appropriate.

But you are saying that your clients are not re-using sessions and so
you want some suggestions.

> What JVM are you using? We using Orcale JDK 1.7.0.131

Okay, that's reasonably recent, though still unsupported. I'd move up
to Java 8 if possible.

> Yes, 58 applications.

Okay, then the presence of 58 WebappClassLoader objects in memory is
not concerning.

I don't see any indications of any problems with "poor socket
implementations".

If you have 58 applications deployed and you are only using 787MiB of
heap, that seems fairly good to me.

It's not really clear what you're asking for, here. Can you expand a
little bit on what you hope to accomplish?

- -chris

> On Thu, Mar 30, 2017 at 12:01 PM, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
> Utkarsh,
> 
> On 3/29/17 7:33 PM, Utkarsh Dave wrote:
 Hello all,
 
 My tomcat (7.0.72) hosts several web aplications in the
 server (based in linux 6.8). There are many clients or 3rd
 party applications working as client to my server (having
 tomcat and web applications). There are instances when poorly
 designed client application can affect severly to Tomcat.
 Connections/sessions not being reused or closed is one of
 them.
> 
> If you have too many sessions, you have two options:
> 
> 1. Lower the session-timeout (default: 30min) 2. Identify places in
> the code where sessions are being created but do not need to be
> created
> 
 My question is the way to prove/identify such symptoms of the
 3rd party applications.
 
 I have a situation where all the applications and web/GUI
 access slows down and tomcat shows as consuming 100% cpu
 (even though overall CPU is less) My diagnosis shows memory
 tests for tomcat failing (less than 100KB of free heap left),
 And so i generated memory heap dump and thread dumps. Below
 are the results. Based on below, does this qualify for a
 poorly socket implemetation ? Any thoughts will be helpful.
> 
> What makes you say that?
> 
 Memory heap dump generated is of Size: 787.3 MB Classes:
 139k Objects: 19.3m Class Loader: 1.6k
 
 Overview shows 580.9 MB occupied by remainder's.
 
 Problem suspect:- 465 MB occupied by remainder
 
 152.2 MB- leak suspect 1 6 instances of 
 "com.sun.xml.bind.v2.runtime.JAXBContextImpl", loaded by 
 "org.apache.catalina.loader.WebappClassLoader @ 0xacc38e98"
 occupy 159,582,744 (19.33%) bytes.
> 
> It's certainly possible that JAXB and/or your XML-pasring library 
> could be leaking memory. Older XML parsers would keep the whole
> XML document text pinned in memory if some other part of the code
> grabbed a single XML attribute and hung-onto the reference. This
> was actually fixed in the implementation of String.substring, I
> believe.
> 
> What JVM are you using?
> 
 91 MB- leak suspect 2 58 instances of 
 "org.apache.catalina.loader.WebappClassLoader", loaded by 
 "java.net.URLClassLoader @ 0xa6b8e038" occupy 95,396,344
 (11.56%) bytes
> 
> How many applications do you have loaded in the same JVM? If you
> have 58, then that's how many WebappClassLoader objects we'd expect
> to be present. If you have less than that, you probably have
> applications that are not undeploying or reloading cleanly.
> 
 79.1 MB - leak suspect 3 4 instances of "com.rsa.sslj.x.aO",
 loaded by "sun.misc.Launcher$ExtClassLoader @ 0xa6b763b0"
 occupy 82,968,424 (10.05%) bytes.
> 
> Is that a 3rd-party JSSE library?
> 
 In the thread dumps I see these threads repeatedly. I wonder
 these pointing to com.rsa.sslj.x.
 
 "http-bio-8443-exec-230" daemon prio=10 tid=0x1130a400
 nid=0x411b runnable [0x01be1000] java.lang.Thread.State:
 RUNNABLE at java.net.SocketInputStream.socketRead0(Native
 Method) at 
 java.net.SocketInputStream.read(SocketInputStream.java:153)
 at 
 java.net.SocketInputStream.read(SocketInputStream.java:122)
 at com.rsa.sslj.x.ap.c(Unknown Source) at
 com.rsa.sslj.x.ap.a(Unknown Source) at
 com.rsa.sslj.x.ap.b(Unknown Source) at 
 com.rsa.sslj.x.ap.b(Unknown Source) at 
 com.rsa.sslj.x.al.read(Unknown Source) at 
 org.apache.coyote.http11.InternalInputBuffer.fill(InternalInputBuff
er.
>
 
java:519)
 
 
> at
 org.apache.coyote.http11.InternalInputBuffer.fill(InternalInputBuff
er.
>
 
java:504)
 
 
> at
 org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(
Htt
>
 
p11Processor.java:168)
 
 
> at
 

Re: Setting up HTTP/2 with no SSL connector ?

[Laurent Perez]

Yes I was under the false impression that Chrome did support h2c ; it does
not, as you pointed.
HTTP/2 works fine now.

Thanks

On Thu, Mar 30, 2017 at 10:46 PM, Mark Thomas  wrote:

> On 30 March 2017 20:53:06 BST, Laurent Perez 
> wrote:
> >Thank you Mark.
> >
> >h2c is enabled : 30-Mar-2017 21:30:33.373 INFOS [main]
> >org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
> >The ["http-nio-8080"] connector has been configured to support HTTP
> >upgrade
> >to [h2c]
> >
> >However org.apache.catalina.connector.Request#newPushBuilder returns
> >null.
> >Processor is a Http11Processor and it does not override the return
> >false
> >of org.apache.coyote.AbstractProcessor#isPushSupported. It's as if the
> >upgrade did not plug in.
> >
> >Using the apr+ssl connector, same client works fine (i.e pushBuilder is
> >not
> >null).
> >
> >Client is Chrome 56. Where could I check in tomcat source to see if the
> >client is sending the h2c upgrade token ?
>
> I'm fairly sure most browsers including chrome do not support h2c.
>
> Chrome developer tools should show you the network traffic.
>
> Mark
>
>
> >
> >laurent
> >
> >
> >
> >On Thu, Mar 30, 2017 at 9:07 PM, Mark Thomas  wrote:
> >>
> >> On 30/03/17 18:02, Laurent Perez wrote:
> >> > Hi
> >> >
> >> > I managed to run the servlets/serverpush/simpleimage HTTP/2 push
> >example
> >> > from Tomcat 9 trunk with the SSL Http11AprProtocol connnector and
> >> >  >> > className="org.apache.coyote.http2.Http2Protocol"/>.
> >> >
> >> > Now I would like to enable HTTP/2 but without SSL : my certificates
> >are
> >> > either hosted under my load balancer or Apache itself, and I do not
> >require
> >> > SSL between mod_proxy and Tomcat.
> >> >
> >> > But org.apache.coyote.AbstractProcessor#isPushSupported then
> >returns
> >false,
> >> > as if the UpgradeProtocol did not fire.
> >> >
> >> > Is it possible to enable HTTP/2 with no SSL connector ?
> >>
> >> Yes. You need to add the  block to an HTTP
> >> connector. You should see in the start-up log that h2c is enabled via
> >> HTTP Upgrade.
> >>
> >> Mark
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >
> >
> >
> >--
> >http://cv.laurentperez.fr
> >J2EE, HTML5, JS, CSS3
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
http://cv.laurentperez.fr
J2EE, HTML5, JS, CSS3

Re: Intercepting WebSocket ping messages

[Mark Thomas]

On 31/03/17 15:03, Robert Lewis wrote:
> We have a Server <-> Client connection. The client periodically sends pings
> to the server, and Tomcat will respond with a sendPong() on a container
> thread, but the same instance of WsRemoteEndpointImplServer we are actively
> sending writes on. WsRemoteEndpointImplServer.doWrite() does not seem
> thread safe, so I have a feeling that tomcat handling the pongs on a
> separate thread is interfering with our constant calls to doWrite() on the
> same instance of WsRemoteEndpointImplServer.
> 
> If I could synchronize the pong with our application application calls to
> sendBinary(), I could fix a potential problem. If it is not supported,
> completely understand. I apologize as I have yet to time this perfectly
> where the calls do overlap. Do you happen to know if these calls will be
> synchronized by the container?

Yes, Tomcat should handle this for you.

> I attached logging into WsRemoteEndpointImplServer (for doWrite() and
> onWritePossible()), this includes start and end of the function calls, and
> each start will show a hashcode of the WsRemoteEndpointImplServer instance,
> and a hashcode of the SendHandler instance (endpointhash:handlerhash),
> where two threads are making what seems not so thread safe calls.

"seems"? Can you be more precise. To be clear, if you can show exactly
what the problem is / how the thread-safety problem occurs then you
stand a much greater chance of it being fixed.

Mark


> The first
> thread is the application calling down to doWrite() (locked at the
> application level) and the second thread is a container thread responding
> to a ping:
> 
> Thread 1 (Application Synchronized)
> 
> http-nio-8443-exec-5: doWrite (start) 909703826:81194941
>   java.lang.Thread.getStackTrace(Thread.java:1556)
> 
> org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doWrite(WsRemoteEndpointImplServer.java:81)
> 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:453)
> 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:341)
> 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:273)
> 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendBytes(WsRemoteEndpointImplBase.java:134)
> 
> org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendBinary(WsRemoteEndpointBasic.java:43)
> 
> com.thingworx.communications.server.connection.jsr356.Jsr356ServerConnection.sendBinaryMessage(Jsr356ServerConnection.java:613)
> 
> com.thingworx.communications.common.contexts.BaseContext.write(BaseContext.java:95)
> 
> com.thingworx.communications.common.messaging.ThingworxMessage.writeContent(ThingworxMessage.java:39)
> 
> com.thingworx.communications.server.modules.ServerCommunicationModuleBase.registerServerConnection(ServerCommunicationModuleBase.java:141)
> 
> com.thingworx.communications.server.connection.jsr356.Jsr356ServerConnection.registerConnection(Jsr356ServerConnection.java:332)
> 
> com.thingworx.communications.server.connection.jsr356.Jsr356ServerConnection.onMessage(Jsr356ServerConnection.java:304)
>   sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   java.lang.reflect.Method.invoke(Method.java:498)
> 
> org.apache.tomcat.websocket.pojo.PojoMessageHandlerWholeBase.onMessage(PojoMessageHandlerWholeBase.java:80)
> 
> org.apache.tomcat.websocket.WsFrameBase.sendMessageBinary(WsFrameBase.java:592)
> 
> org.apache.tomcat.websocket.WsFrameBase.processDataBinary(WsFrameBase.java:549)
>   org.apache.tomcat.websocket.WsFrameBase.processData(WsFrameBase.java:301)
> 
> org.apache.tomcat.websocket.WsFrameBase.processInputBuffer(WsFrameBase.java:131)
> 
> org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:71)
> 
> org.apache.tomcat.websocket.server.WsHttpUpgradeHandler$WsReadListener.onDataAvailable(WsHttpUpgradeHandler.java:185)
> 
> org.apache.coyote.http11.upgrade.AbstractServletInputStream.onDataAvailable(AbstractServletInputStream.java:198)
> 
> org.apache.coyote.http11.upgrade.AbstractProcessor.upgradeDispatch(AbstractProcessor.java:96)
> 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:664)
> 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
> 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
> 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>   java.lang.Thread.run(Thread.java:745)
> http-nio-8443-exec-5: 

Re: A problem of accessing an application

[M. Osama Alghwell]

Thanks for reply. Actually I did all, and the log is clear, of course when
Tomcat starts and I checked the log stating the deploying starts and
finishes in few milliseconds. I also tried to name the file with the
complete path using #, as mentioned in the document (the file name is
MyOrg#OrgAPP#Field.xml) but it didn't work. The 404 page always come up. I
am wondering if the path for the application is read correctly? I am using
Linux since end of 90s, that is why I am having problems with Windows
environment.
Now, if I changed the name of the file to any name.xml and add Field in the
docBase, will it works? or this is contradicting with tomcat.
Thanks

On Fri, Mar 31, 2017 at 3:52 PM, Olaf Kock  wrote:

>
> Am 31.03.2017 um 15:42 schrieb M. Osama Alghwell:
> > docBase="E:\MyOrg\OrgAPP\Field"
> >
> > This will cause the service to not work (I did it and after changing I do
> > restart for the service) which meand Tomcat won't start
>
> Whatever you set as a docbase, it must be a fully deployable web
> application - e.g. you set the docbase to the directory that also
> contains your WEB-INF directory - according to what you described
> earlier, it would have been your Field directory.
>
> I've been bitten often enough by the backslash to be interpreted as an
> escape sign that I'm religiously only using the forward slash as a
> directory separator. This works even on windows. Try
> E:/MyOrg/OrgAPP/Field. And copy this from some place, e.g. Explorer, so
> that you can be extra extra /extra/ sure that there's no typo. I've seen
> problems come and go when the directory names contained spaces or other
> weird characters, you might want to double check this as well.
>
> If tomcat doesn't start: What's in the logs? Where does the startup
> process stop? Any error logged?
>
> Olaf
>
>
> >
> > On Fri, Mar 31, 2017 at 2:59 PM, Mark Thomas  wrote:
> >
> >> On 31/03/17 13:36, M. Osama Alghwell wrote:
> >>> I installed Tomcat 8 and application on Windows 2012 server. The
> >> structure
> >>> is as follows:
> >>> Driver --> E:
> >>> A main drictory named --> MyOrg
> >>> Two directories under MyOrg --> OrgAPP & OrgServer
> >>>
> >>> Under OrgAPP another directory named --> Field
> >>> Under Field all the directories for the application including WEB-INF
> >>>
> >>> Under OrgServer --> Tomcat8
> >>> Under Tomcat8 --> Apache-Tomcat
> >>> Under Apache-Tomcat the Tomcat 8 files
> >>>
> >>> in Tomcat 8 document saying to install an application outside webapps
> >> this
> >>> can be down by an xml file in conf/Catalina/localhost/app.xml (the
> >> Engine
> >>> is Catalina and the host is localhost)  which I did (the file is
> >> Field.xml.
> >>> In Field.xml I put 
> >> This needs to be:
> >>
> >> docBase="E:\MyOrg\OrgAPP\Field"
> >>
> >> Try that and if that doesn't work provide the appropriate error
> >> information.
> >>
> >> Mark
> >>
> >>
> >>> Now, Tomcat 8 as a service works and I can open the manager GUI and
> find
> >>> Field as one of the listed applications. But if I click on it to open
> it
> >>> the 404 page comes up!
> >>> Other thing, if I add to the URL in the Context \Field, the service (I
> >> need
> >>> to restart it) won't work.
> >>> Any suggession? Shall I change the name of the xml file and add the
> >> \Field
> >>> in the Context?
> >>> Thank you
> >>>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
*M. Osama Alghwell*

Re: Intercepting WebSocket ping messages

[Robert Lewis]

We have a Server <-> Client connection. The client periodically sends pings
to the server, and Tomcat will respond with a sendPong() on a container
thread, but the same instance of WsRemoteEndpointImplServer we are actively
sending writes on. WsRemoteEndpointImplServer.doWrite() does not seem
thread safe, so I have a feeling that tomcat handling the pongs on a
separate thread is interfering with our constant calls to doWrite() on the
same instance of WsRemoteEndpointImplServer.

If I could synchronize the pong with our application application calls to
sendBinary(), I could fix a potential problem. If it is not supported,
completely understand. I apologize as I have yet to time this perfectly
where the calls do overlap. Do you happen to know if these calls will be
synchronized by the container?

I attached logging into WsRemoteEndpointImplServer (for doWrite() and
onWritePossible()), this includes start and end of the function calls, and
each start will show a hashcode of the WsRemoteEndpointImplServer instance,
and a hashcode of the SendHandler instance (endpointhash:handlerhash),
where two threads are making what seems not so thread safe calls. The first
thread is the application calling down to doWrite() (locked at the
application level) and the second thread is a container thread responding
to a ping:

Thread 1 (Application Synchronized)

http-nio-8443-exec-5: doWrite (start) 909703826:81194941
  java.lang.Thread.getStackTrace(Thread.java:1556)

org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doWrite(WsRemoteEndpointImplServer.java:81)

org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:453)

org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:341)

org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:273)

org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendBytes(WsRemoteEndpointImplBase.java:134)

org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendBinary(WsRemoteEndpointBasic.java:43)

com.thingworx.communications.server.connection.jsr356.Jsr356ServerConnection.sendBinaryMessage(Jsr356ServerConnection.java:613)

com.thingworx.communications.common.contexts.BaseContext.write(BaseContext.java:95)

com.thingworx.communications.common.messaging.ThingworxMessage.writeContent(ThingworxMessage.java:39)

com.thingworx.communications.server.modules.ServerCommunicationModuleBase.registerServerConnection(ServerCommunicationModuleBase.java:141)

com.thingworx.communications.server.connection.jsr356.Jsr356ServerConnection.registerConnection(Jsr356ServerConnection.java:332)

com.thingworx.communications.server.connection.jsr356.Jsr356ServerConnection.onMessage(Jsr356ServerConnection.java:304)
  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  java.lang.reflect.Method.invoke(Method.java:498)

org.apache.tomcat.websocket.pojo.PojoMessageHandlerWholeBase.onMessage(PojoMessageHandlerWholeBase.java:80)

org.apache.tomcat.websocket.WsFrameBase.sendMessageBinary(WsFrameBase.java:592)

org.apache.tomcat.websocket.WsFrameBase.processDataBinary(WsFrameBase.java:549)
  org.apache.tomcat.websocket.WsFrameBase.processData(WsFrameBase.java:301)

org.apache.tomcat.websocket.WsFrameBase.processInputBuffer(WsFrameBase.java:131)

org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:71)

org.apache.tomcat.websocket.server.WsHttpUpgradeHandler$WsReadListener.onDataAvailable(WsHttpUpgradeHandler.java:185)

org.apache.coyote.http11.upgrade.AbstractServletInputStream.onDataAvailable(AbstractServletInputStream.java:198)

org.apache.coyote.http11.upgrade.AbstractProcessor.upgradeDispatch(AbstractProcessor.java:96)

org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:664)

org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)

org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)

java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  java.lang.Thread.run(Thread.java:745)
http-nio-8443-exec-5: onWritePossible (start) 909703826:81194941
  java.lang.Thread.getStackTrace(Thread.java:1556)

org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.onWritePossible(WsRemoteEndpointImplServer.java:97)

org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doWrite(WsRemoteEndpointImplServer.java:89)

org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:453)

Re: A problem of accessing an application

[Mark Thomas]

On 31/03/17 14:42, M. Osama Alghwell wrote:
> docBase="E:\MyOrg\OrgAPP\Field"
> 
> This will cause the service to not work (I did it and after changing I do
> restart for the service) which meand Tomcat won't start

To quote my previous response:


... if that doesn't work provide the appropriate error information.


Mark


> 
> On Fri, Mar 31, 2017 at 2:59 PM, Mark Thomas  wrote:
> 
>> On 31/03/17 13:36, M. Osama Alghwell wrote:
>>> I installed Tomcat 8 and application on Windows 2012 server. The
>> structure
>>> is as follows:
>>> Driver --> E:
>>> A main drictory named --> MyOrg
>>> Two directories under MyOrg --> OrgAPP & OrgServer
>>>
>>> Under OrgAPP another directory named --> Field
>>> Under Field all the directories for the application including WEB-INF
>>>
>>> Under OrgServer --> Tomcat8
>>> Under Tomcat8 --> Apache-Tomcat
>>> Under Apache-Tomcat the Tomcat 8 files
>>>
>>> in Tomcat 8 document saying to install an application outside webapps
>> this
>>> can be down by an xml file in conf/Catalina/localhost/app.xml (the
>> Engine
>>> is Catalina and the host is localhost)  which I did (the file is
>> Field.xml.
>>> In Field.xml I put 
>>
>> This needs to be:
>>
>> docBase="E:\MyOrg\OrgAPP\Field"
>>
>> Try that and if that doesn't work provide the appropriate error
>> information.
>>
>> Mark
>>
>>
>>> Now, Tomcat 8 as a service works and I can open the manager GUI and find
>>> Field as one of the listed applications. But if I click on it to open it
>>> the 404 page comes up!
>>> Other thing, if I add to the URL in the Context \Field, the service (I
>> need
>>> to restart it) won't work.
>>> Any suggession? Shall I change the name of the xml file and add the
>> \Field
>>> in the Context?
>>> Thank you
>>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A problem of accessing an application

[Olaf Kock]

Am 31.03.2017 um 15:42 schrieb M. Osama Alghwell:
> docBase="E:\MyOrg\OrgAPP\Field"
>
> This will cause the service to not work (I did it and after changing I do
> restart for the service) which meand Tomcat won't start

Whatever you set as a docbase, it must be a fully deployable web
application - e.g. you set the docbase to the directory that also
contains your WEB-INF directory - according to what you described
earlier, it would have been your Field directory.

I've been bitten often enough by the backslash to be interpreted as an
escape sign that I'm religiously only using the forward slash as a
directory separator. This works even on windows. Try
E:/MyOrg/OrgAPP/Field. And copy this from some place, e.g. Explorer, so
that you can be extra extra /extra/ sure that there's no typo. I've seen
problems come and go when the directory names contained spaces or other
weird characters, you might want to double check this as well.

If tomcat doesn't start: What's in the logs? Where does the startup
process stop? Any error logged?

Olaf


>
> On Fri, Mar 31, 2017 at 2:59 PM, Mark Thomas  wrote:
>
>> On 31/03/17 13:36, M. Osama Alghwell wrote:
>>> I installed Tomcat 8 and application on Windows 2012 server. The
>> structure
>>> is as follows:
>>> Driver --> E:
>>> A main drictory named --> MyOrg
>>> Two directories under MyOrg --> OrgAPP & OrgServer
>>>
>>> Under OrgAPP another directory named --> Field
>>> Under Field all the directories for the application including WEB-INF
>>>
>>> Under OrgServer --> Tomcat8
>>> Under Tomcat8 --> Apache-Tomcat
>>> Under Apache-Tomcat the Tomcat 8 files
>>>
>>> in Tomcat 8 document saying to install an application outside webapps
>> this
>>> can be down by an xml file in conf/Catalina/localhost/app.xml (the
>> Engine
>>> is Catalina and the host is localhost)  which I did (the file is
>> Field.xml.
>>> In Field.xml I put 
>> This needs to be:
>>
>> docBase="E:\MyOrg\OrgAPP\Field"
>>
>> Try that and if that doesn't work provide the appropriate error
>> information.
>>
>> Mark
>>
>>
>>> Now, Tomcat 8 as a service works and I can open the manager GUI and find
>>> Field as one of the listed applications. But if I click on it to open it
>>> the 404 page comes up!
>>> Other thing, if I add to the URL in the Context \Field, the service (I
>> need
>>> to restart it) won't work.
>>> Any suggession? Shall I change the name of the xml file and add the
>> \Field
>>> in the Context?
>>> Thank you
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A problem of accessing an application

[M. Osama Alghwell]

docBase="E:\MyOrg\OrgAPP\Field"

This will cause the service to not work (I did it and after changing I do
restart for the service) which meand Tomcat won't start

On Fri, Mar 31, 2017 at 2:59 PM, Mark Thomas  wrote:

> On 31/03/17 13:36, M. Osama Alghwell wrote:
> > I installed Tomcat 8 and application on Windows 2012 server. The
> structure
> > is as follows:
> > Driver --> E:
> > A main drictory named --> MyOrg
> > Two directories under MyOrg --> OrgAPP & OrgServer
> >
> > Under OrgAPP another directory named --> Field
> > Under Field all the directories for the application including WEB-INF
> >
> > Under OrgServer --> Tomcat8
> > Under Tomcat8 --> Apache-Tomcat
> > Under Apache-Tomcat the Tomcat 8 files
> >
> > in Tomcat 8 document saying to install an application outside webapps
> this
> > can be down by an xml file in conf/Catalina/localhost/app.xml (the
> Engine
> > is Catalina and the host is localhost)  which I did (the file is
> Field.xml.
> > In Field.xml I put 
>
> This needs to be:
>
> docBase="E:\MyOrg\OrgAPP\Field"
>
> Try that and if that doesn't work provide the appropriate error
> information.
>
> Mark
>
>
> > Now, Tomcat 8 as a service works and I can open the manager GUI and find
> > Field as one of the listed applications. But if I click on it to open it
> > the 404 page comes up!
> > Other thing, if I add to the URL in the Context \Field, the service (I
> need
> > to restart it) won't work.
> > Any suggession? Shall I change the name of the xml file and add the
> \Field
> > in the Context?
> > Thank you
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
*M. Osama Alghwell*

[ANN] Apache Tomcat 8.5.13 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.13.

Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.

Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers technologies.

Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
features pulled forward from the 9.0.x branch. The notable changes since
8.5.12 include:

- Various HTTP/2 improvements

- Fixes for sendfile related issues that could cause subsequent requests
  to experience IllegalStateExceptions

- Servlet 4.0 early access updates


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.x, 6.x, 7.x and 8.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Intercepting WebSocket ping messages

[Mark Thomas]

On 30/03/17 21:13, Robert Lewis wrote:
> Is there a way to intercept a ping message to send a pong?

The API doesn't support this.


> I need to do this synchronize sends to the endpoint.

Could you clarify your requirement? Tomcat should handle pong messages
automatically for you (as required by the spec).

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A problem of accessing an application

[Mark Thomas]

On 31/03/17 13:36, M. Osama Alghwell wrote:
> I installed Tomcat 8 and application on Windows 2012 server. The structure
> is as follows:
> Driver --> E:
> A main drictory named --> MyOrg
> Two directories under MyOrg --> OrgAPP & OrgServer
> 
> Under OrgAPP another directory named --> Field
> Under Field all the directories for the application including WEB-INF
> 
> Under OrgServer --> Tomcat8
> Under Tomcat8 --> Apache-Tomcat
> Under Apache-Tomcat the Tomcat 8 files
> 
> in Tomcat 8 document saying to install an application outside webapps this
> can be down by an xml file in conf/Catalina/localhost/app.xml (the Engine
> is Catalina and the host is localhost)  which I did (the file is Field.xml.
> In Field.xml I put 

This needs to be:

docBase="E:\MyOrg\OrgAPP\Field"

Try that and if that doesn't work provide the appropriate error information.

Mark


> Now, Tomcat 8 as a service works and I can open the manager GUI and find
> Field as one of the listed applications. But if I click on it to open it
> the 404 page comes up!
> Other thing, if I add to the URL in the Context \Field, the service (I need
> to restart it) won't work.
> Any suggession? Shall I change the name of the xml file and add the \Field
> in the Context?
> Thank you
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

A problem of accessing an application

[M. Osama Alghwell]

I installed Tomcat 8 and application on Windows 2012 server. The structure
is as follows:
Driver --> E:
A main drictory named --> MyOrg
Two directories under MyOrg --> OrgAPP & OrgServer

Under OrgAPP another directory named --> Field
Under Field all the directories for the application including WEB-INF

Under OrgServer --> Tomcat8
Under Tomcat8 --> Apache-Tomcat
Under Apache-Tomcat the Tomcat 8 files

in Tomcat 8 document saying to install an application outside webapps this
can be down by an xml file in conf/Catalina/localhost/app.xml (the Engine
is Catalina and the host is localhost)  which I did (the file is Field.xml.
In Field.xml I put 
Now, Tomcat 8 as a service works and I can open the manager GUI and find
Field as one of the listed applications. But if I click on it to open it
the 404 page comes up!
Other thing, if I add to the URL in the Context \Field, the service (I need
to restart it) won't work.
Any suggession? Shall I change the name of the xml file and add the \Field
in the Context?
Thank you

-- 
*M. Osama Alghwell*

[ANN] Apache Tomcat 9.0.0.M19 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.0.M19.

Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 9.0.0.M19 is a milestone release of the 9.0.x branch and
has been made to provide users with early access to the new features in
Apache Tomcat 9.0.x so that they may provide feedback. The notable
changes compared to 9.0.0.M18 include:

- Various HTTP/2 improvements

- Fixes for sendfile related issues that could cause subsequent requests
  to experience IllegalStateExceptions

- Servlet 4.0 updates


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-90.cgi

Migration guides from Apache Tomcat 5.x, 6.x, 7.x and 8.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org