RE: [E] Re: Cannot get a connection, pool error Timeout waiting for ideal object
Hi Chris, Thanks a lot for your help!!Much appreciated!! We could able to locate context.xml under " /apps/apache-tomcat-7.0.67/conf" path - see below: WEB-INF/web.xml Could you please check which are the parameters to add/modify/delete. Also we could locate another "context.xml" under " /apps/apache-tomcat-7.0.67/webapps/host-manager/META-INF" and " /apps/apache-tomcat-7.0.67/webapps/manager/META-INF" path - could you please advise if we need to make any change here: > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqHXlsdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFh93w/+PO/2xkpVXDwEZQHL cGmR7kT7YuGNHU+ROu/cDuITm2TKMPzkl4HcvVS6heIbe/bZUVHm7Xf66mF9ArUc WKXJ4KB6JDnrF3Lgpg3otMFNs65Kd90Ku5Azos/QF7evmKGoJ386HyQCoJPRCPW4 qaIUB1qhbhESbPSs+WUkH5RSDUXpw6YA8+Q9ZgpFaNrEncAL7mZFLcM60NMLHLFQ 6l1zbz8i6fzXvjzWhYHdEBOOqVtaaR8vMK8QQ3RzWEwz0jtRS+P9dTfXfny40gRg 2B0yC5ZbcW+v7ya7VxhScjOrGnFQawsxyzW2i+DQfynERLMkZtpz3kxOqiGHehAV Qbe3yUgS8QaEh0rmD6hjFQMIUtDtr93ULlFGU27/Bl18cI02X/DQJn6D+dChSdus o85UImx/KfxTEFPru6gGFrrWHdMNvs2jh2PcEdRNf/X104kgZAdfcf9P9LtB7zZH LbERS+bqrY8UaloITcPl8hluPb57xfMn0F3SKo/52ZXQj5pB4NlUX66tAZGp1mfg id5OdHrbFsF4lyaULnF54oh5AfOnL3azkz8InZSfVeX+mnEFNfGF0mrWB76vGKBk Wwff96PGK5a6LnsHmIm8lEw5ZGYK8hkaELFTPA51qF8WQUWKMoXNVD2KtfVa/NUw hAbcuPVPHWqlgWZazlxyY7fs+WE= =sdf2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [E] Re: Cannot get a connection, pool error Timeout waiting for ideal object
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arpan, On 2/16/18 3:13 PM, Halder, Arpan [ITSUS Non J] wrote: > We could locate the parameters in "jdbc-pool.html" file located > under apache-tomcat-7.0.67/webapps/docs" path. Is there somewhere > else we need to look into for this file? Could you please advise on > where we could find the file. I think you might need another member of your team to advise you on this subject and maybe represent you within this community. The file in question is part of Tomcat's user manual. It is not a configuration file, and is not a part of your own application. > Also in case the mentioned file is correct file but it is not > configured for our database - could you please let me know what is > the process of modification/setting up parameters and what are the > parameters we need to set in case it is not done for our case. The real configuration is usually in a file called context.xml in your application's META-INF directory. - -chris > -Original Message- From: Christopher Schultz > [mailto:ch...@christopherschultz.net] Sent: Friday, February 16, > 2018 2:24 PM To: users@tomcat.apache.org Subject: [EXTERNAL] Re: > [E] Re: Cannot get a connection, pool error Timeout waiting for > ideal object > > Arpan, > > On 2/15/18 8:54 AM, Halder, Arpan [ITSUS Non J] wrote: >> We have already setup below parameters in jdbc-pool.html (see >> below) – could you please advise if we need to modify/add >> anything else here: > >> And here is an example on how to configure a resource for JNDI >> lookups Resource >> name="jdbc/TestDB" auth="Container" type="javax.sql.DataSource" >> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" >> testWhileIdle="true" testOnBorrow="true" testOnReturn="false" >> validationQuery="SELECT 1" validationInterval="3" >> timeBetweenEvictionRunsMillis="3" maxActive="100" >> minIdle="10" maxWait="1" initialSize="10" >> removeAbandonedTimeout="60" removeAbandoned="true" >> logAbandoned="true" minEvictableIdleTimeMillis="3" >> jmxEnabled="true" >> jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionS t > >> >> ate; > > > org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer" >> username="root" password="password" >> driverClassName="com.mysql.jdbc.Driver" >> url="jdbc:mysql://localhost:3306/mysql"/ > > Looks like you copy/pasted that from the Tomcat documentation. How > about copy/pasting your actual configuration (without any secrets, > of course) just in case there are any errors in your > interpretation. > > Are you sure you don't have capacity problems? If you have only > e.g. 10 connections available but hundreds of users, perhaps you > simply need more connections. Are you sure the database is > available and reachable via the network? > > Sometimes timeouts are simply a reality. But if you start to see > "timeout" errors and the database is NOT DOWN and still reachable, > but everything grinds to a halt, then you certainly have a > resource problem. > > I disagree with another poster about abandoned connections: do not > remove them. Log them and allow the pool to become exhausted. That > way, you'll end up finding and fixing the problems instead of just > continuing to bleed. > > -chris > > - > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqHXlsdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFh93w/+PO/2xkpVXDwEZQHL cGmR7kT7YuGNHU+ROu/cDuITm2TKMPzkl4HcvVS6heIbe/bZUVHm7Xf66mF9ArUc WKXJ4KB6JDnrF3Lgpg3otMFNs65Kd90Ku5Azos/QF7evmKGoJ386HyQCoJPRCPW4 qaIUB1qhbhESbPSs+WUkH5RSDUXpw6YA8+Q9ZgpFaNrEncAL7mZFLcM60NMLHLFQ 6l1zbz8i6fzXvjzWhYHdEBOOqVtaaR8vMK8QQ3RzWEwz0jtRS+P9dTfXfny40gRg 2B0yC5ZbcW+v7ya7VxhScjOrGnFQawsxyzW2i+DQfynERLMkZtpz3kxOqiGHehAV Qbe3yUgS8QaEh0rmD6hjFQMIUtDtr93ULlFGU27/Bl18cI02X/DQJn6D+dChSdus o85UImx/KfxTEFPru6gGFrrWHdMNvs2jh2PcEdRNf/X104kgZAdfcf9P9LtB7zZH LbERS+bqrY8UaloITcPl8hluPb57xfMn0F3SKo/52ZXQj5pB4NlUX66tAZGp1mfg id5OdHrbFsF4lyaULnF54oh5AfOnL3azkz8InZSfVeX+mnEFNfGF0mrWB76vGKBk Wwff96PGK5a6LnsHmIm8lEw5ZGYK8hkaELFTPA51qF8WQUWKMoXNVD2KtfVa/NUw hAbcuPVPHWqlgWZazlxyY7fs+WE= =sdf2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [E] Re: Cannot get a connection, pool error Timeout waiting for ideal object
Hi Chris, Thank you for your reply!! We could locate the parameters in "jdbc-pool.html" file located under apache-tomcat-7.0.67/webapps/docs" path. Is there somewhere else we need to look into for this file? Could you please advise on where we could find the file. Also in case the mentioned file is correct file but it is not configured for our database - could you please let me know what is the process of modification/setting up parameters and what are the parameters we need to set in case it is not done for our case. Thank you in advance and appreciate your help!! Thanks and Regards, Arpan Arpan Halder Tata Consultancy Services providing services to: Global Data and Analytics Application Support / ITAS Route 22 West▪NJ 08876 ▪ USA Mobile: +1 (908) 392 2947 -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, February 16, 2018 2:24 PM To: users@tomcat.apache.org Subject: [EXTERNAL] Re: [E] Re: Cannot get a connection, pool error Timeout waiting for ideal object -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arpan, On 2/15/18 8:54 AM, Halder, Arpan [ITSUS Non J] wrote: > We have already setup below parameters in jdbc-pool.html (see > below) – could you please advise if we need to modify/add anything > else here: > > And here is an example on how to configure a resource for JNDI > lookups Resource > name="jdbc/TestDB" auth="Container" type="javax.sql.DataSource" > factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" > testWhileIdle="true" testOnBorrow="true" testOnReturn="false" > validationQuery="SELECT 1" validationInterval="3" > timeBetweenEvictionRunsMillis="3" maxActive="100" minIdle="10" > maxWait="1" initialSize="10" removeAbandonedTimeout="60" > removeAbandoned="true" logAbandoned="true" > minEvictableIdleTimeMillis="3" jmxEnabled="true" > jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionSt ate; > > org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer" > username="root" password="password" > driverClassName="com.mysql.jdbc.Driver" > url="jdbc:mysql://localhost:3306/mysql"/ Looks like you copy/pasted that from the Tomcat documentation. How about copy/pasting your actual configuration (without any secrets, of course) just in case there are any errors in your interpretation. Are you sure you don't have capacity problems? If you have only e.g. 10 connections available but hundreds of users, perhaps you simply need more connections. Are you sure the database is available and reachable via the network? Sometimes timeouts are simply a reality. But if you start to see "timeout" errors and the database is NOT DOWN and still reachable, but everything grinds to a halt, then you certainly have a resource problem. I disagree with another poster about abandoned connections: do not remove them. Log them and allow the pool to become exhausted. That way, you'll end up finding and fixing the problems instead of just continuing to bleed. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqHL+YACgkQHPApP6U8 pFgbDxAAhmn6nD0edc0F/3eh3izdZ9KnV5sUAC/E5ubv/1tc+KiE/GPZUhiy/qSa n4Am3KEhXmyee+ZcQFUg1PNqeZGgq/uLdppeZHG0Vsv0lYH/I1xBJMoluEpDzzQN nnRFQEHCqlB+ujBP5G4bQGLRuh5fhwVRz9lktoQnwDybG/KjzTh56+SZmYXABSEn JMFEbr6+ADafPVUiSmu8uMklenH5YXYMXiiB6dAXdtpP/SHAGxko05c0j1g+Snq1 WrM17qKpGI2qdQaXlfr8NChBuXrNQz8zj+2HJrNxzRLDa56GmVBq7tbvgwQwmdTb r1vqW1sEl4l3y8fnUxFJlyoQixQ8wPKDQH7H8NPpMkts4SyRULqRwpJvp6/L+TYy D8Ge2j+9uZCxUcccA0ds3E8j1r+FjtpU6w8Ut1ZJIb071JmtEDlvRTYyAEt0Q69w 3MJa0dA59DJ8l4/A2KzNuDhFYtkmuf1UmBHxw6qsfqsseqFD3AzDVcbirpxwNdIj 1mtbH91Fl+hSN4Ww4gGQLXjUfLf1o8MR0bkeLy5236k2UajuH1Jbvf8xCh6GlQoc yp7PH61Kw5vb2M5Yjqg0C0OSgXspagYYATCM4Y2QTBATUrpLHTLYv679yKXCMPgq wQlvIn4+jpxnFpB2fhY5ZWH0VdilWhXG8uhGz2FJCI9XhWUaAws= =vd5m -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: asgard tomcat application 404
On 15.02.2018 23:39, Tim Dunphy wrote: I'm trying to get Netflix Asgard tomcat app working. I'm using tomcat 9. I'm using windows. [...] Tomcat is about as much involved in this as is Windows. To second Christopher's OT answer: This is a problem of the deployed application, not of Tomcat. You should look for help in the Asgard community. Tomcat doesn't use spring, thus there's not even common ground. Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [E] RE: Tomcat 8.5.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Margaret, On 2/15/18 10:46 PM, Bauer, Margaret M (Peggy) wrote: > I am not using 8.5, but in older tomcat you must set the below in > the server.xml > > autoDeploy="true"> That is the default configuration. So... what is your suggestion exactly ? - -chris > On Thu, Feb 15, 2018 at 1:25 PM, Lawrence Lim >wrote: > >> Red Hat Enterprise Linux Server release 6.9 (Santiago) >> >> Yes. I did check the logs. It does not log anything when I >> deploy. But, it logs something when I undeploy. >> >> Lawrence Lim Software Developer - >> >> ENBRIDGE TEL: 780-969-6208 10175 101 St NW, Edmonton, Alberta >> T5J 0H3 >> >> enbridge.com Integrity. Safety. Respect. >> >> -Original Message- From: Satish Chhatpar 02 >> [mailto:chhatp...@cpwplc.com] Sent: Thursday, February 15, 2018 >> 10:58 AM To: users@tomcat.apache.org Subject: [External] Re: >> Tomcat 8.5.23 >> >> Which operating system? Did you check the logs? >> >> Sent using OWA for iPhone From: >> Lawrence Lim Sent: Thursday, February >> 15, 2018 11:09:54 PM To: users@tomcat.apache.org Subject: Tomcat >> 8.5.23 >> >> Hi, >> >> >> >> I just installed tomcat 8.5.23. I am having problems deploying >> web apps via manager. To reproduce: >> >> >> >> 1. Login to tomcat manager >> >> >> >> 2. Go to " WAR file to deploy" >> >> >> >> 3. Pick a war file >> >> >> >> >> >> Error message: FAIL - File upload failed, no file >> >> >> >> >> >> Workaround: Copy war file to the tomcat webapps directory >> >> >> >> >> >> I also tried using localhost:8080, same result. So, it's not some >> weird networking constraint. >> >> >> Lawrence Lim Software Developer - >> >> ENBRIDGE TEL: 780-969-6208 10175 101 St NW, Edmonton, Alberta >> T5J 0H3 >> >> enbridge.com Integrity. Safety. Respect. >> >> ::DISCLAIMER:: >> >> >> Confidentiality Notice from Dixons Carphone plc (registered in >> England & Wales No.07105905) of 1 Portal Way, London, W3 6RS >> ("Dixons Carphone"). The information contained in this e-mail and >> any attachments may be legally privileged, proprietary and/or >> confidential. If you received this e-mail in error, please notify >> the sender by return, permanently delete the e-mail and destroy >> all hard copies immediately. No warranty is made as to the >> completeness or accuracy of the information contained in this >> e-mail. Opinions, conclusions and statements of intent in this >> e-mail are those of the sender and will not bind any Dixons >> Carphone group company (Dixons Carphone Group) unless confirmed >> by an authorised representative independently of this e-mail. We >> do not accept responsibility for viruses; you must scan for >> these. E-mails sent to and from Dixons Carphone Group are >> routinely monitored for record keeping, quality control, training >> purposes, to ensure regulatory compliance and to prevent viruses >> and unauthorised use of our computer systems. The Carphone >> Warehouse Limited (registered in England & Wales No.02142673) is >> a member of the Dixons Carphone Group and is authorised and >> regulated by the Financial Conduct Authority. >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqHMcsACgkQHPApP6U8 pFgjpRAAuawUIvJ6cBsStytSyqy9dRCbLM6XcYO72w2JAe6OriGwzSmPlFgJtGnD QuNwSgyZc0g7ePG6fpg6+QCQ6aA3wOEeBMVbUH0oj+KssdhyizNf/j1sGEEJ/Kwd MPoCXZX0ekZWRqCNlzzs6j4czunSbi6rm2AGP7UZGW3HqCV6hYzc5qvLhrZf2ddN 7bsRlp9rqmdCuLr3etzJ5pXE1ewbcHQGc83hKvGNYzgBUkTkYfImYU1nJQjcae03 BquueYMJA4clfh6NFiknAAhOb8Ok5Sl+CKUPnmsxwJz1s/41plVNeMuWFTbe7gy2 7OhLXBSSkb+rUloNBmWD2ACjL+/yb7KohPTCH0zK7xQQjYqenS4+MPgT8XH/hWJ2 na6+yEqqFxEE8XuvW5EuZSGwYp5yjnLKfZuCz9tvibs4pCFSiARpF1ChcCCmtSZN TDOrQEU2qoplfM8Vn6SX4VGi5nBq82AKP9UxRsgrC7gRl4MdEVBFLBlzgsHmSAA+ hE9gAnsLx5TI4q3ktSoMDwRMy92rAJrAOnmKyaD4RrWag2sTi9oV845fyI15V0JA DV0dsjf9YQvQVDnDamyaWlNc2iVeK9YsxHquKGWSff794oHx5Na82SSWOEH7r5cO mvsc9aTR5Z7rXfXJfbsJRBYHOWWCw9WrLds86WseShdl6Ps0mw4= =p7Hf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] asgard tomcat application 404
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim, On 2/15/18 5:39 PM, Tim Dunphy wrote: > I'm trying to get Netflix Asgard tomcat app working. I'm using > tomcat 9. I'm using windows. > > I can load up the tomcat management and other interfaces no > problem. > > But when I navigate to /asgard I get a 404 error: > > HTTP Status 404 – Not Found Type Status Report > > Message /asgard/ > > Description The origin server did not find a current representation > for the target resource or is not willing to disclose that one > exists. > > Apache Tomcat/9.0.5 > > I have JAVA_HOME set to C:\Program Files\Java\jdk1.8.0_162 > > I placed the asgard.war file in the tomcat\webapps directory. > > This is what I have in my catalina logs: > > 15-Feb-2018 15:59:30.048 INFO [main] > org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was > scanned for TLDs yet contained no TLDs. Enable debug logging for > this logger for a complete list of JARs that were scanned but no > TLDs were found in them. Skipping unneeded JARs during scanning can > improve startup time and JSP compilation time. 15-Feb-2018 > 15:59:33.402 SEVERE [main] > org.apache.catalina.core.StandardContext.startInternal One or more > listeners failed to start. Full details will be found in the > appropriate container log file 15-Feb-2018 15:59:33.404 SEVERE > [main] org.apache.catalina.core.StandardContext.startInternal > Context [/asgard] startup failed due to previous errors > > I have this in the asgard.log file: > > > > [2018-02-15 15:59:33,389] [main] > springframework.web.context.ContextLoaderContext initialization > failed org.springframework.beans.factory.BeanCreationException: > Error creating bean with name 'pluginManager' defined in > ServletContext resource [/WEB-INF/applicationContext.xml]: > Invocation of init method failed; nested exception is > java.lang.NullPointerException: Cannot invoke method getAt() on > null object at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511 ) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorSe rvice.java:112) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorSe rvice.java:134) > > Caused by: java.lang.NullPointerException: Cannot invoke method getAt() > on null object ... 5 more [2018-02-15 15:59:33,397] [main] > grails.web.context.GrailsContextLoaderError initializing the > application: Error creating bean with name 'pluginManager' defined > in ServletContext resource [/WEB-INF/applicationContext.xml]: > Invocation of init method failed; nested exception is > java.lang.NullPointerException: Cannot invoke method getAt() on > null object > org.springframework.beans.factory.BeanCreationException: Error > creating bean with name 'pluginManager' defined in ServletContext > resource [/WEB-INF/applicationContext.xml]: Invocation of init > method failed; nested exception is java.lang.NullPointerException: > Cannot invoke method getAt() on null object at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511 ) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorSe rvice.java:112) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorSe rvice.java:134) > > Caused by: java.lang.NullPointerException: Cannot invoke method getAt() > on null object ... 5 more [2018-02-15 15:59:33,401] [main] > grails.web.context.GrailsContextLoaderError initializing > Grails: Error creating bean with name 'pluginManager' defined in > ServletContext resource [/WEB-INF/applicationContext.xml]: > Invocation of init method failed; nested exception is > java.lang.NullPointerException: Cannot invoke method getAt() on > null object > org.springframework.beans.factory.BeanCreationException: Error > creating bean with name 'pluginManager' defined in ServletContext > resource [/WEB-INF/applicationContext.xml]: Invocation of init > method failed; nested exception is java.lang.NullPointerException: > Cannot invoke method getAt() on null object at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511 ) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorSe rvice.java:112) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorSe rvice.java:134) > > Caused by: java.lang.NullPointerException: Cannot invoke method getAt() > on null object > > And this is what I have in the localhost log: > > 15-Feb-2018 15:59:30.077 INFO [main] > org.apache.catalina.core.ApplicationContext.log No Spring > WebApplicationInitializer types
Re: [E] Re: Cannot get a connection, pool error Timeout waiting for ideal object
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arpan, On 2/15/18 8:54 AM, Halder, Arpan [ITSUS Non J] wrote: > We have already setup below parameters in jdbc-pool.html (see > below) – could you please advise if we need to modify/add anything > else here: > > And here is an example on how to configure a resource for JNDI > lookups Resource > name="jdbc/TestDB" auth="Container" type="javax.sql.DataSource" > factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" > testWhileIdle="true" testOnBorrow="true" testOnReturn="false" > validationQuery="SELECT 1" validationInterval="3" > timeBetweenEvictionRunsMillis="3" maxActive="100" minIdle="10" > maxWait="1" initialSize="10" removeAbandonedTimeout="60" > removeAbandoned="true" logAbandoned="true" > minEvictableIdleTimeMillis="3" jmxEnabled="true" > jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionSt ate; > > org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer" > username="root" password="password" > driverClassName="com.mysql.jdbc.Driver" > url="jdbc:mysql://localhost:3306/mysql"/ Looks like you copy/pasted that from the Tomcat documentation. How about copy/pasting your actual configuration (without any secrets, of course) just in case there are any errors in your interpretation. Are you sure you don't have capacity problems? If you have only e.g. 10 connections available but hundreds of users, perhaps you simply need more connections. Are you sure the database is available and reachable via the network? Sometimes timeouts are simply a reality. But if you start to see "timeout" errors and the database is NOT DOWN and still reachable, but everything grinds to a halt, then you certainly have a resource problem. I disagree with another poster about abandoned connections: do not remove them. Log them and allow the pool to become exhausted. That way, you'll end up finding and fixing the problems instead of just continuing to bleed. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqHL+YACgkQHPApP6U8 pFgbDxAAhmn6nD0edc0F/3eh3izdZ9KnV5sUAC/E5ubv/1tc+KiE/GPZUhiy/qSa n4Am3KEhXmyee+ZcQFUg1PNqeZGgq/uLdppeZHG0Vsv0lYH/I1xBJMoluEpDzzQN nnRFQEHCqlB+ujBP5G4bQGLRuh5fhwVRz9lktoQnwDybG/KjzTh56+SZmYXABSEn JMFEbr6+ADafPVUiSmu8uMklenH5YXYMXiiB6dAXdtpP/SHAGxko05c0j1g+Snq1 WrM17qKpGI2qdQaXlfr8NChBuXrNQz8zj+2HJrNxzRLDa56GmVBq7tbvgwQwmdTb r1vqW1sEl4l3y8fnUxFJlyoQixQ8wPKDQH7H8NPpMkts4SyRULqRwpJvp6/L+TYy D8Ge2j+9uZCxUcccA0ds3E8j1r+FjtpU6w8Ut1ZJIb071JmtEDlvRTYyAEt0Q69w 3MJa0dA59DJ8l4/A2KzNuDhFYtkmuf1UmBHxw6qsfqsseqFD3AzDVcbirpxwNdIj 1mtbH91Fl+hSN4Ww4gGQLXjUfLf1o8MR0bkeLy5236k2UajuH1Jbvf8xCh6GlQoc yp7PH61Kw5vb2M5Yjqg0C0OSgXspagYYATCM4Y2QTBATUrpLHTLYv679yKXCMPgq wQlvIn4+jpxnFpB2fhY5ZWH0VdilWhXG8uhGz2FJCI9XhWUaAws= =vd5m -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Dynamic session cookie domain... possible?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Phillipe, On 2/14/18 6:50 PM, Philippe Busque wrote: > I'm migrating from Tomcat 8.0.X to Tomcat 9.0.5 and I have a issue > I've been dragging for too long that I wise to correct. I have been > searching for a workaround and so far, I've found nothing so far > that work out of the box. > > Here is the situation: > > We have a single webapp that can handle multiple domains, some of > which are sub-domains. Example: www.example1.com, > images.example1.com, assets.example1.com, www.example2.com > > As far as I know Tomcat only allows us to set define a domain > through a sessionCookieDomain in the context. But this domain is > fixed. If I set sessionCookieDomain=".example1.com", this will > break www.example2.com and vice-versa. > > If I leave sessionCookieDomain empty, I don't get sub-domain > support as no domain is set and the browser fallback to the current > domain serviced. > > All the manipulation of the session cookie are managed in the > org.apache.catalina.connector.Response class and is not > customizable. > > So far, when we were using Tomcat 8, we were able to do a > workaround by overriding the method addSessionCookieInternal inside > the Response class through a facade, but this is a dirty hack and I > would rather not alter any of Tomcat's inner classes... And a proxy > is out of the question, Response not being an interface. > > The other workaround I can think of is splitting *.example1.com > & example2.com into 2 separate tomcat instance or webapps, but that > would only duplicate the resources required (ram + disk space) for > as many different domains we decide to support. > > > Is there therefor a better way to handle manipulating session > cookies, or is it frozen and out of reach for multiple subdomain? > > A "SessionCookieProcessor", which would take the context & the > cookie, would be most welcome for such a case This all comes down to how cookies actually work. The simply trust is that the web browser isn't going to let you set a cookie for another domain. I'm not even sure how your "hack" even worked. You said that you couldn't use a Proxy... I assume you mean java.lang.reflect.Proxy, right? Well... what about a reverse-proxy (a networking component) that serves all applications under a single domain name? (e.g. examples-all.com)? Then all applications can appear to be using the same shared domain name? If you can't do that, and you really need to support multiple hostnames, then you'll have to do something like trampolining: 1. Client makes a request to https://www.example1.com/resource 2. Respond with 302 ; Set-Cookie: JSESSIONID=foo ; Location:https://www.exmaple2.com/create-session 3. Client follows redirect to https://www.example2.com/create-session 4. Respond with 302 ; Set-Cookie JSESSIONID=bar ; Location: https://www.example1.com/back-from-hostname2 5. Do whatever you need to do afterwards. This is awkward, but it will work. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqHLnIACgkQHPApP6U8 pFi8Vw//V3H/owH7QbLlok99pF5LJ3BHxHQya2AIg5+q2PtqHFSx4dANERF0GL4h /wsdb6UxnQnIkn4rCSSJ46ZMfNTVzkocJPKpWFOIbBrBeuMvqG3Zdtvn/xkAlEFy Bb7kUr3ZFNxiGE+6mZ2bwD79N9FosvWi3Uh7dH2brskcwf+IVvkSd2KR3GsW6Kiy kqovAkAAF+c1BvfnWZrtljoErAUtuwSVELRCxwf+0WvyktrDDLz2EZjP3WlevBck cJyZ0o88dLTN7Apcb054kGVvbY1r0peOkJjmfxs4n/FnOtOTiL6fBIYe+PLBgS0w UNH2XQfBP8+a8cNHi8/8kUtuprHctx+U5aldto+Gm96h9CnDOiwBBJCVx7JN0w9O kdV5yYGLLgHsPOFStFfOl7Oz9I7xNZaHkPSY9X5L1oue8mEQri9aTSUAHW9d2lc7 84Uu543p7prxjgiDhl+jhg7ILxBmKU8NvoAJcYsDQLnDi6KFfeN9rY69QEVE/t9Y l6PfK+QTgPxnlGkwptHayAPr+PyiQIlczpLRyBOwBNCcKc3fNBkb8NTrxXVSxgdB /6tseX0aNQgaTL9+aMxRSMff7vCVU+NZv8LEVWGuYGe5yIc5RtvulvLPwpTZ2hgj 4NLQonTHcj417+xjavtkZjvUKEL53G++7mrYF/Ghs/1z4NoFWok= =RCyY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: using default cacerts AND custom keystore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 2/14/18 3:34 PM, Chris Cheshire wrote: > On Wed, Feb 14, 2018 at 12:30 PM, Mark Thomas> wrote: >> On 14/02/18 17:17, Chris Cheshire wrote: >>> I am trying to set up my webapp to connect to an external >>> database via ssl. The database uses a self-signed certificate. >>> I have created a keystore with the self-signed CA and the >>> client key & cert. This keystore is configured via JAVA_OPTS in >>> setenv.sh >>> >>> JAVA_OPTS="-Djavax.net.ssl.keyStore=$CATALINA_BASE/conf/mysql.jks >>> \ -Djavax.net.ssl.keyStorePassword=password \ >>> -Djavax.net.ssl.trustStore=$CATALINA_BASE/conf/mysql.jks \ >>> -Djavax.net.ssl.trustStorePassword=password" >>> >>> This allows me to connect to the database without a problem. >>> However now I cannot connect to any external web service >>> because their certs will no longer validate. >>> >>> How do I configure tomcat such that the default cacerts is used >>> in addition to my self-signed certificates without importing >>> those into the default keystore (which is a Bad Idea™)? >> >> This is nothing to do with Tomcat. Tomcat plays no role in >> out-going TLS connections. >> >> The short answer is rather than using system properties, you >> should set the keystore and truststore programmatically so they >> apply just to the database connections rather than globally. >> > > So after a bit of digging [1,2] I found that this is achieved by > adding the following parameters to the mysql jdbc url in the > resource definition: > > clientCertificateKeyStoreUrl=file://${catalina.base}/conf/mysql.jks > > clientCertificateKeyStorePassword=password > trustCertificateKeyStoreUrl=file://${catalina.base}/conf/mysql.jks > trustCertificateKeyStorePassword=changeit > > Note that [2] has a couple of errors. A) it specifies > clientCertificateKeyStore[Url|Password] in lieu of trustStore > system property, that should be > trustCertificateKeyStore[Url|Password] B) it specifies specifies > the urls in the form file:path_to_truststore_file, that is also > incorrect it should be file://path_to_truststore_file (which will > give a triple slash if an absolute path is used) > > > [1] > https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-con figuration-properties.html > > [2] https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using - -ssl.html It might depend upon the version of Connector/J you are using. For example, I have this in my connection URL: '...=file:/etc/mysql/mysql.jks' Only a single leading / for an absolute path in my case, and it works as expected. The use of file:// was a historical mistake web browser users made, thinking that // was necessary between the protocol and anything after it. It was never the case, and any software requiring a URL like file:/// should be considered broken. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqHLOUACgkQHPApP6U8 pFiChA//XG5SJL66UWaSOdTELykxG6lHvoCqg/HKiN9i+sRH5kfyjWg1Yn4gUh4d psLFHvINo3lWpfchY+CJ76xSIq6NKXfAOXohxfYJUgXSGr6reRPj1dFMhAbsE0XW y8dzlilT6G8vWVFgYe3zwTEVQv30Rn+yc5mo4lspt2BR3Mw9YmiJL9l1z0Fj83+6 Bgaeq+oLXbO6x1QfFxWcDi5jdlkKUyTcbTuoRGUvCSMm6TfB7+lEcs2JKZSxw2hw c62iR8cPwkQElBfhL08GMsbO2ay/hpPDIzajxW/iMiX6g3V1QkaNQnj3dTSoUegC 59OSxg9KCXSfMe7SydSYBH5SE8ruElseFh7cn4PUuCLY0vaFlJEf+iaviJMxXsTS Ysj3YdfG5mCHxnFlNHKHz5tYv7wRs6ruhmYTxvQob73hgJyIxtUfCcn7XiwBOvey xpCxfuBNv91B8VAkDxGf2bk4XK+YRrrCK/1FZDXGrcqGfDRocE5UwbaajkBojZva aZceEm7nzYS8dYL4NQTj8gLwWyyYe96h9xF1muQhDvYGp7qdNle+C9sUf/jzS6KP 5VV+wOMxBtyXA2624xh+1iL2kcdDE7A9nPOPdBZgnBfr+OH9lG7YACr/aNLCNfJs 6EoNn8GNZSNL8CaPLb8LpvfcN69t04cblKUul0Fidq8VtVfOsxk= =rMes -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org