RE: Fwd: Tomcat-embed-core-9.0.12.jar bug about Content-Length Corrupting Parsing logic for Subsequent Request

[Caldarale, Charles R]

> From: Bhavesh Mistry [mailto:mistry.p.bhav...@gmail.com] 
> Subject: Re: Fwd: Tomcat-embed-core-9.0.12.jar bug about Content-Length
Corrupting 
> Parsing logic for Subsequent Request

> I am stating following when you have request/response on the same TCP 
> connection.  for example,

> My understanding (please correct me if my wrong):

It's wrong.  All TCP traffic, including HTTP requests, is a stream of bytes.
There are no indications where one request ends and another starts other
than the content length in each request.  If the malformed request specifies
a length smaller than the actual content size, the next request will appear
to start somewhere in the content stream.  Similarly, if the
request-specified content length is larger than the sent size, the connector
consumes part of the next request as the content of the prior.  There is no
way for a server to correct this client misbehavior, other than by the
server administrator disabling keep-alive - with serious performance impacts
for well-mannered clients.  Fix your broken client.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Tomcat 8 runs under Java 7, but not Java 8

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: Re: Tomcat 8 runs under Java 7, but not Java 8

> Excerpt from the relevant time period, catalina.2018-12-18.log:

> > 18-Dec-2018 20:18:55.419 SEVERE [main]
org.apache.catalina.core.StandardServer.await 
> > StandardServer.await: create[localhost:8005]:
> >  java.net.BindException: Address already in use (Bind failed)

> > 18-Dec-2018 20:31:12.604 SEVERE [main]
org.apache.coyote.AbstractProtocol.init Failed 
> > to initialize end point associated with ProtocolHandler
["https-jsse-nio-443"]
> >  java.net.BindException: Address already in use

> > 18-Dec-2018 20:31:55.545 SEVERE [main]
org.apache.catalina.core.StandardServer.await 
> > StandardServer.await: create[localhost:8005]:
> >  java.net.BindException: Address already in use (Bind failed)

The above indicates you have a Tomcat (or something much like it) already
running...

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Translation help wanted

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Translation help wanted

> There is no need to have an en-BR, en-US and eu-AU when simply "en" will
work.

Might need an en-EastEnders or en-Yorkshire though...

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Translation help wanted

[Caldarale, Charles R]

> From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
> Subject: Re: Translation help wanted

> Ok, I take it back. I don't think there's an AI smart enough to translate
this one :

> "The attribute directive (declared in line [{1}] and whose name attribute
is [{0}], the 
> value of this name-from-attribute attribute) must be of type
java.lang.String, is 
> "required" and not a "rtexprvalue"."

Maybe we should translate it to English first...

  - Chuck

"This is the sort of bloody nonsense up with which I will not put."
(probably Churchill, in The Strand magazine)


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Handling empty Host in HTTP Header

[Caldarale, Charles R]

> From: Mani [mailto:mani.chandraseka...@protonmail.com.INVALID] 
> Subject: Handling empty Host in HTTP Header

> May I know, when is the next official tomcat release planned? 

Releases for Tomcat versions under active development (including the 8.5
leg) normally occur in the first week of each calendar month.  Last-minute
glitches can affect the schedule, of course.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Cookie Header Not Being Parsed

[Caldarale, Charles R]

> From: Durand, Dustin [mailto:dustin_dur...@intuit.com] 
> Subject: Cookie Header Not Being Parsed

> I've been attempting to track down an issue where the cookies aren't being

> parsed out of the cookie header in rare cases. We're using a java service 
> that utilizes JSession, so this causes the users session to be lost every 
> time one of these failures occurs.

> Version: Tomcat 8.5.31 and 8.5.34 (Attempted to upgrade)

Thanks for supplying the version info; many people forget.

> During the load tests we see the rare request come into the service where
the 
> filter dumps the cookie header which includes the expected cookies, but
when 
> the filter attempts to pull the cookies from the HttpServletRequest
they're 
> missing. To make it more interesting, the value cookie header usually
matches 
> the previous request(s) cookie header value for that user, which was
parsed 
> successfully.

The last sentence is the key point, indicating the probable source of the
problem: your application is likely hanging on to some reference to the
prior request and inadvertently using it when a new request shows up.  This
often takes the form of instance variables in a servlet being used to hold
request information.  Since the servlet object is shared across all requests
using it, information leakage can occur between concurrent requests; this is
also true for filters used in the request handling.  Leakage can also occur
with other singletons used by the webapp, or in any persistent data
maintained by the app (e.g., in a session object).

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Tomcat Clustering Support

[Caldarale, Charles R]

> From: Mark Thomas [mailto:ma...@apache.org] 
> Subject: Re: Tomcat Clustering Support

> Thread A is in the middle of processing a request. It is evaluating some
> EL which requires access to the view map which in turn causes the
> ViewMap to update the session.
> com.sun.faces.application.view.ViewScopeManager.processEvent locks the
> ViewMap object. It then tries to update the session. To do this it
> requires the session lock. Thread A is waiting for this lock.

Assuming the ViewMap is used by multiple sessions, this locking order goes
against the usual protocol of more local before more global.  Might be
possible to file a bug report with Mojarra, but given that the code appears
to be in a com.sun class, that might not get anywhere.

> Thread B is at the end of a request. The session has been updated and it
> is attempting to write the updated session attributes to the cluster.
> The session lock has been obtained. The individual attributes are being
> written. The code has reached the ViewMap object. In order to write this
> object, the ViewMap object must be locked. Thread B is waiting for this
> lock.

This is the generally the more desirable order.

> Has anyone on the users list come across this problem before? If so, how
> have you solved it? Suggestions for alternative solutions also welcome.

Can the thread doing the session synchronization lock the session, get a
shallow copy of the attributes, unlock the session, then process the
attributes?  Not sure if that would maintain sufficient coherency.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Contexts: can there be a hierarchy?

[Caldarale, Charles R]

> From: Jäkel, Guido [mailto:g.jae...@dnb.de] 
> Subject: RE: Contexts: can there be a hierarchy?

> why do you call it not really a hierachy? If you name the deployments e.g.
>   ROOT.war
>   foo.war
>   foo#bar.war
> then the "expected" will happen: The longest context path will match to
the 
> corresponding container:

> * all /foo/bar{,/.*} will be served by foo#bar.war,
> * all other /foo{,/.*} will be servered by foo.war
> * all other {,.*} will be served by ROOT.war

It's a hierarchy for the URLs, but not from a webapp location, construction,
or execution perspective - /foo/bar is completely independent of /foo, not
inside or a subset of it.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Contexts: can there be a hierarchy?

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: Contexts: can there be a hierarchy?

> Suppose we have a Tomcat 8 server

Let's hope that's Tomcat 8.5, since 8.0 has reached EOL.

> Is there a way to set up contexts in a hierarchy, such that requests for 
> "https://xyz.example/foo/ham,; "https://xyz.example/foo/spam,; and 
> "https://xyz.example/foo/eggs; go to distinct webapp contexts?

Not really a hierarchy, but just name your .war files (or directories)
appropriately:
foo#ham[.war]
foo#eggs[.war]

Look here for more info:
http://tomcat.apache.org/tomcat-8.5-doc/config/context.html#Naming

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Servlet Threads Changing Instance Data

[Caldarale, Charles R]

> From: Jerry Malcolm [mailto:techst...@malcolms.com] 
> Subject: Re: Servlet Threads Changing Instance Data

> I'm not sure what you mean by typically there is only one servlet 
> object.  There's one class.  But a new instance is created on each 
> request, right?

No - there's only one instance of each defined servlet.  All requests for a
particular servlet share that instance.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Problem with CATALINA_OPTS in setenv.sh

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Problem with CATALINA_OPTS in setenv.sh
 
> > "With the -XX:+AlwaysPreTouch option the JVM touches every single
> > byte of the max heap size with a '0', resulting in the memory being
> > allocated in the physical memory in addition to being reserved in
> > the internal data structure (virtual memory). Pretouching is single
> > threaded, so it is expected behavior that it causes JVM startup to
> > be delayed. The trade off is that it will reduce page access time
> > later, as the pages will already be loaded into memory."

> Sounds like garbage to me. The OS isn't going to keep pages in RAM
> just because they are zeroed. Also, unless the JVM does it exactly
> correctly (which it probably *is* doing), the zeroing-operation might
> actually be a no-op.

Definitely not a no-op - it will cause the guest OS to allocate what it
thinks are real pages, create VMAs, and do all sorts of other bookkeeping
that is pointless in a VM environment.  The hypervisor has the last word
here, and it will happily swap pages that the guest OS thinks are in
pseudo-real memory.  That's why the pre-touch option is useless in anything
other than a dedicated bare-metal system.

> > The fact that Tomcat is crashing during the pre-touch would
> > indicate that you can't actually use a 2 GiB heap on a supposed 4
> > GiB VM - something other than the heap is eating up a lot of space.
> > You should probably remove the option and reduce the heap size.

> But the process isn't failing on pre-touch. It's failing when it's
> trying to bind a socket to a port.

Doing the bind requires additional non-heap process and kernel memory; I
suspect this puts it over the limit imposed by either the guest OS or
hypervisor.  

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.


-Original Message-


The most likely result from using AlwaysPreTouch is that you get more
memory pressure and therefore more swapping to virtual memory. I can't
really see a use-case for this option. I'm guessing your dev requested
this because #security or #sawitonstackoverflow. Given that it crashes
your JVM, I'd say you have a decent argument for NOT using this option
even if it fails the sniff test for other reasons.


- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjWTQACgkQHPApP6U8
pFgRlBAAl6yo/nyrV7NnaCXMz34b+6OLqpPjTiR5Rm06YoGuoZD5CDpiDgwMR59O
qJmKn6545gtF/CjbjOLdtJCeHH+hMzEKy2JcEfBIkc0pen5jK+AQmFVMl7xpfx+/
qjD08IWALpqAuKTPEZQNUVCAOIVPjOdLuk9wsOXtyTa8TBAoy50nVk9h+O72+Zpr
z25ynggKA/wDzs49NoHaN0x8o8+Y40IJr02dQ9O4QGh+Jt3OT7QxJMDuu7OvFNko
E/Y8PsUeiENSGxVtprw7HbBYhLYQJ8aD3fCk9munDlnyzWhf5ASy5nnRncQfhMsP
XyI8pJKvV+qZNveBIj4jBwO81vjRzUGyUeYwmSPmZq6dFU4ZhNktFEi/iCTy2seb
S36rvGQg16/ekBZtNhqJDdIbeImbjggVK8dwPTqv5FoMx1w8XQB57vh1ROhPo7u2
9esbImd262rdQuE9feAfrY6hi0t9iU40rrCzFntvFm+TpcNyouOgXX7fFIXnVWz8
oGRRYOGFOreSLHjHLn4Nptl220o0Ux8n1iZ7mZDMJSPueidov95YExrYFKawUxwc
kZJi/gEfZfcd3YpxLcH3O6I2vTJmvGPYgIIBIfBR0gSqgGhN9ad87rVoEqM+AE8D
TCsdOSDS7A+PqU50Efwqspp1Xae9z2SXSg5e66kGjKQiJ0oua6A=
=Nn19
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



smime.p7s
Description: S/MIME cryptographic signature

RE: Problem with CATALINA_OPTS in setenv.sh

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: Problem with CATALINA_OPTS in setenv.sh

> I've been experimenting with some CATALINA_OPTS changes, as recommended 
> by our webapp developer, and one of them is causing Tomcat to "crash on 
> takeoff" with stacktraces like this:
> > 30-Jul-2018 22:58:00.708 SEVERE [main]
org.apache.coyote.AbstractProtocol.init
> > Failed to initialize end point associated with ProtocolHandler
["http-nio-80"]
> >  java.net.SocketException: Cannot allocate memory

> We're running on a Google Compute instance, with 1 CPU and 4G of memory, 

> What the webapp developer asked for was (after I'd vetted his request 
> against the Java 8 docs)
> > -Xms2048m -Xmx2048m -XX:+ScavengeBeforeFullGC -XX:+AlwaysPreTouch
> > -XX:+CMSScavengeBeforeRemark -XX:+CMSClassUnloadingEnabled
> > -XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled

> which produced the crash-on-takeoff, and I was able to narrow it down to 
> specifically the "-XX:+AlwaysPreTouch" that was doing it.

> Anybody have any insights into why that parameter would cause Tomcat to 
> crash on takeoff?

A bit of research shows that +AlwaysPreTouch seems like a really, really bad
idea for anything but small, bare-metal, dedicated systems, and especially
useless on a VM:

"With the -XX:+AlwaysPreTouch option the JVM touches every single byte of
the max heap size with a '0', resulting in the memory being allocated in the
physical memory in addition to being reserved in the internal data structure
(virtual memory). Pretouching is single threaded, so it is expected behavior
that it causes JVM startup to be delayed. The trade off is that it will
reduce page access time later, as the pages will already be loaded into
memory."

The fact that Tomcat is crashing during the pre-touch would indicate that
you can't actually use a 2 GiB heap on a supposed 4 GiB VM - something other
than the heap is eating up a lot of space.  You should probably remove the
option and reduce the heap size.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Tomcat JDBC Pool memory leak when using StatementFinalizer interceptor

[Caldarale, Charles R]

> From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] 
> Subject: Re: Tomcat JDBC Pool memory leak when using StatementFinalizer
interceptor

> Am 11.07.2018 um 16:22 schrieb Martin Knoblauch:
> >   Now it might be, that we are just using the StatementFinalizer in a
wrong
> > manner. And what we see is expected behavior. Below is our pool
> > configuration. Maybe something is just missing :-)

> The docs in the interceptor says one has to call close on the 
> connection, that the statements created. Does your application call 
> close on the connection?

This section of the doc includes a decent model that your webapp code should
be following:
http://tomcat.apache.org/tomcat-8.0-doc/jndi-datasource-examples-howto.html#
Random_Connection_Closed_Exceptions

Proper use of a finally block is critical.

  - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Re: Tomcat 5.5.17 migration to 6

[Caldarale, Charles R]

> From: David Babooram [mailto:david.baboo...@digicelgroup.com] 
> Subject: Re: Re: Tomcat 5.5.17 migration to 6

> But by decision was based on what was presented in the Apache site. In
that, upgrade from 
> 5.5 was known to only go to 6.

Seriously, don't even think about "upgrading" to another very dead level.
There haven't been updates to Tomcat 6 for over a year; subsequent fixes for
known security holes and other issues have been applied to current levels,
but none of those will ever be retrofitted to Tomcat 6 (and 7, in the not
too distant future).  8.5 or 9.0 are the only sensible choices.

> Nevertheless.. is there some official documents on migrating to 8.5?

Due to the age of where you're starting from (over 12 years old), you're not
going to find anything specific for that level to a current one.  What you
can do is read all of the Migration Guides linked from here:
http://tomcat.apache.org/migration.html
and get a sense of the changes needed for your webapp configurations.

You may well need to update JVM versions as well; if the one you're using is
also 12 years old, it's scary dangerous.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Getting the Manager app running on localhost.. Please help

[Caldarale, Charles R]

> From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com] 
> Subject: Re: Getting the Manager app running on localhost.. Please help

> FYI, I'm on MacOS (Sierra 10.12.6). I just now

> 1) installed apache-tomcat-8.5.32
> 2) added these two lines to tomcat-users.xml
>
>   
>   

Note that such an addition must be done outside of the sample role/user
elements, since they are commented out.  A common error is failing to remove
or otherwise avoid the comment markers.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Is it possible and how

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Is it possible and how

> On 2/28/18 11:12 AM, M. Osama Alghwell wrote:
> > I have a Java application that run on windows and using to Tomcat 
> > (unfortunately it is Tomcat 4.5 and I an assigned to upgrade it).

There was no Tomcat 4.5; 4.1, 5.0, and 5.5 were released, many years ago.

> > Is it possible to move to Linux platform? and is it possible to
> > jump to Tomcat 8.x? what action should be taken?

> While that sounds like a big jump (Windows -> Linux, Tomcat 4.x ->
> 8.x), it shouldn't be a *huge* change. You'll also need a Java upgrade
> as well, of course (Tomcat 8 requires Java 7 or later; I recommend
> Java 8).

Reading the migration guides would also be useful, although they don't go
all the way back to Tomcat 4:
http://tomcat.apache.org/migration.html

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Running as user tomcat

[Caldarale, Charles R]

> From: Peter@Kreuser-Online [mailto:l...@kreuser.name] 
> Subject: Re: Running as user tomcat

> Am 23.02.2018 um 18:36 schrieb Cheltenham, Chris
:

> > I am trying to run tomcat as a non root user.
 
> > It will start as the tomcat user but it will not bind to connector 443
unless it starts as root.

> Unix will not let you open ports below 1024 as non-root user!

> You may use a proxy in front of it or maybe use iptables to be able to use
standard ports AND user tomcat.

And definitely read the wiki entry about this, before doing anything else:
https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileg
es.3F

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

[Caldarale, Charles R]

> From: Eric Robinson [mailto:eric.robin...@psmnv.com] 
> Subject: RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than
Tomcat 6?

> if JVM instance "A" is configured as follows on server 1 under tomcat6/jdk
1.6, then 
> instance "A" on server 2 is configured the same, except it is running
under tomcat 
> 8/jdk 1.8. Yet the tomcat 8 ones used 50% more memory, on average. 

> JAVA_OPTS="-Xms16M -Xmx192M \
> -XX:MaxPermSize=192M \

Note that PermGen is no longer used in Java 8, and the above should log a
warning:

Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=192m;
support was removed in 8.0

Here's a brief overview:
https://blogs.oracle.com/poonam/about-g1-garbage-collector,-permanent-genera
tion-and-metaspace

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Trying to understand How Tomcat uses Keystore for SSL

[Caldarale, Charles R]

> From: Don Flinn [mailto:fl...@alum.mit.edu] 
> Subject: Re: Trying to understand How Tomcat uses Keystore for SSL

> Attached is a first cut at setting up SSL for Tomcat.  It is in MicroSoft
Word.

Most attachments are automatically stripped by the mailing list server.  You
can either send it in plain text or post it somewhere publicly accessible.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.




smime.p7s
Description: S/MIME cryptographic signature

RE: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload

[Caldarale, Charles R]

> From: Baron Fujimoto [mailto:ba...@hawaii.edu] 
> Subject: Re: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution
via JSP upload

> I haven't seen an announcement for 8.0.47, nor does the Apache Tomcat
> website seem to reference it yet, but it appears to be available in the
> distribution archive(s). E.g.:

> 

> Is this 8.0.47 blessed for use?

Pretty much - the voting process completed over the weekend (it passed), but
the announcement isn't made until the mirrors all catch up.  Should be fine
to use from the archive.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Trouble using SSL with Tomcat 9

[Caldarale, Charles R]

> From: Don Flinn [mailto:fl...@alum.mit.edu] 
> Subject: Re: Trouble using SSL with Tomcat 9

> I installed a new download of tomcat 9, established one application with
> php/java bridge (need php and java access). Set the SSL port to an unused
> port, 443, and ran my app who's only out put is an H1 message.  This time
I
> get the expected error from Chrome with the red warning about bad
> certificate.  However, the redirect went to https://localhost/Financial/
> index.php - i.e. NO port number and of course drilling down couldn't find
> my app which is at port 443, I believe.

Port 443 is the standard HTTPS port, so it won't show up in the https: URL
since it's the default.

Unless you're running Tomcat as root (a very, very bad idea), you'll need to
use iptables or equivalent to let Tomcat listen on port 443.
https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileg
es.3F

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: More, Re: This is weird (cross-posted to Tomcat and Debian Lists): Tomcat 8.5 is going to /var/lib/tomcat7/webapps/ROOT

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: More, Re: This is weird (cross-posted to Tomcat and Debian
Lists):
> Tomcat 8.5 is going to /var/lib/tomcat7/webapps/ROOT

> If I remember right, Linux file systems can have not only symbolic links 
> to files, but also multiple hard links to the same file. Is there an 
> easy way to look for something like that?

Without doing a full directory search, you can't tell if a symlink target
references a directory entry you're interested in.  You can use "ls -l" to
see the link count on a file; if a non-directory file has a link count more
than 1, there's another hard link to it (directories always have a link
count >= 2).

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Performance issue 8.5.20 (metaspace related?)

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Performance issue 8.5.20 (metaspace related?)
 
> > > That sounds like a healthy behavior to me. That means GC is
> > > occurring and Metaspace is getting cleaned up. Why do you think
> > > Metaspace is the problem?

> > Because I can observe that when the metaspace is collected the
> > requests become fast. I observer that a few hours ago, looking at
> > the metaspace graph of the java console and doing requests just
> > after the collect.

> RMI is known for flagrantly wasting permgen/metaspace because of all
> the Proxy objects and special throw-away Class objects it uses, etc.
> But I'm not sure why the metaspace filling up would have such a
> dramatic effect on performance.

> At any rate, this is not a problem with Tomcat itself: this is likely
> entirely JVM-related.

Is it possible that the system is getting into swapping?  The heap has been
set to 20 GiB, but I didn't see any mention of how much actual memory the
system has.  Do you really need a 20 GiB heap?  Sometimes smaller is better.
Might also want to try turning off UseHugeTLBFS.

I wonder if there are heap objects tied up due to dead but not collected
metaspace items; when metaspace is GC'd, the heap usage might well shrink
also.  (This might be a G1GC bug, but that seems unlikely.)  Perhaps the RMI
mechanism (which I haven't looked at in many years) is searching an
ever-growing set of soft/weak references that are removed when metaspace is
collected.  A smaller heap might help there.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: Refreshing webapps slows server

[Caldarale, Charles R]

> From: Jerry Malcolm [mailto:techst...@malcolms.com] 
> Subject: Refreshing webapps slows server

> I have a very weird situation.

Actually, it's fairly common.

> This is somewhat circumstantial.  But TC will run fine for days and 
> never hits OutofMemory situations.  But as soon as I start replacing 
> webapp jar files, things start going bad.  So it appears that the issue 
> is caused by replacing jar files.

This sounds like a classic case of retaining references to now obsolete
classes or instances thereof.  Take a look at the Wiki:
https://wiki.apache.org/tomcat/FAQ/Memory
especially, the link to "classloaders are not being garbage collected" and
these:
https://wiki.apache.org/tomcat/OutOfMemory
https://wiki.apache.org/tomcat/MemoryLeakProtection

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: This is weird: can't bind to 443

[Caldarale, Charles R]

> From: Igal @ Lucee.org [mailto:i...@lucee.org] 
> Subject: Re: This is weird: can't bind to 443

> I agree about the "one more thing to go wrong", but fronting Tomcat with 
> a Web Server gives a performance hit?  I mean, sure, now requests for 
> Tomcat have another step to go through, but all of the static resources 
> (assuming there are static resources) will supposedly be handled more 
> efficiently by a web server, no?

Um, no.  A lot of work has gone into improving Tomcat performance over the
past few years, to the point where it's largely on par with httpd.  Put both
in the mix (assuming you're not using httpd for other reasons), and what
you've mostly done is add latency.

> The added layer usually provides more security as well, provided that the 
> web server doesn't add new vulnerabilities, of course.

Pretty much all components have (undiscovered) vulnerabilities, so having
more components actually increases the attack surface.

> I personally use nginx for SSL termination, which I find easier than 
> Tomcat, though it's been many years since I last tried to setup Tomcat 
> with https.

Now that Tomcat can use OpenSSL directly, it's easier than it used to be.
That said, if you do have a front end to Tomcat, might as well do the SSL
termination there to simplify things.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

RE: This is weird: can't bind to 443

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: Re: This is weird: can't bind to 443

> > Binding on ports < 1024 on Linux require elevated permissions, no?

> If so, somebody please elaborate.

That's a Linux restriction/feature - must be superuser to use the low port
numbers.

> It currently seems to be running under a user called "tomcat7."

That's good.

> By contrast, the one we've got running on a local CentOS box runs under
root.

That's bad.

> The installation on the Google Debian instance was via an apt-get, and it
put 
> things in places other than where I was expecting them to be

That's a problem with all the 3rd-party repackaged versions of Tomcat.  Best
to use a real one from tomcat.apache.org.

> Any suggestions on what to do about it?

You should never run Tomcat under root - that means the webapps have full
control of the system.  Any webapp bugs open it up to hackers.  Take a look
at the FAQ for how to avoid that problem:

https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileg
es.3F

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.


-Original Message-


--
JHHL

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



smime.p7s
Description: S/MIME cryptographic signature

RE: RemoteEndpoint.Async sendText blocking

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: RemoteEndpoint.Async sendText blocking

> When the BIO connector is in use, you end up with weird things like
> this. I would switch to BIO if you want to use async.

Might want to rephrase that...  Presumably Chris meant "switch to NIO".

Note that the BIO connector is removed (yay!) in Tomcat 8.5 and above.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [Tomcat 8.5] Cannot obtain singleton resource with startStopThreads > 1

[Caldarale, Charles R]

> From: MrChuoi [mailto:mrch...@gmail.com] 
> Subject: Re: [Tomcat 8.5] Cannot obtain singleton resource with 
> startStopThreads > 1

> OK. I will put the resource in the context of each webapp to see what is
> going on, but what I don't understand is why this configuration works when
> I start webapps one-by-one sequentially?

I suspect you're not getting a singleton either way (at least you're not 
supposed to).  If you want a singleton, I believe it needs to be specified in 
conf/server.xml via  and a  in the 
 element of each webapp that needs it.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [Tomcat 8.5] Cannot obtain singleton resource with startStopThreads > 1

[Caldarale, Charles R]

> From: MrChuoi [mailto:mrch...@gmail.com]
> Subject: Re: [Tomcat 8.5] Cannot obtain singleton resource with 
> startStopThreads > 1

> Hi Mark,

Don't top-post.  Follow the mailing list guidelines published here:
http://tomcat.apache.org/lists.html#tomcat-users

> And to simplify the declaration of Resource in Tomcat, I put the  ...> in %CATALINA_HOME%\conf\context.xml. Is this a mistake?

That would appear to be one source of difficulty: the items configured in the 
global conf/context.xml are applied to each webapp individually, so you will 
get one instance of the resource for each webapp.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Under system account, Tomcat starts even with shutdown port conflict

[Caldarale, Charles R]

> From: Igor Cicimov [mailto:icici...@gmail.com] 
> Subject: Re: Under system account, Tomcat starts even with shutdown port 
> conflict

> If you are trying to run it on port <1024 you need authbind enabled

Read the original message.  The OP is running on Windows, not Linux, so there 
are no restrictions on port usage.  Some other process is using the port.

Since there are multiple ways to stop Tomcat (especially when running as a 
Windows service), non-availability of the shutdown port is not considered fatal.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.5.4 and LegacyCookieProcessor

[Caldarale, Charles R]

> From: jared.paul.wal...@gmail.com [mailto:jared.paul.wal...@gmail.com] On 
> Behalf Of Jared Walker
> Subject: Tomcat 8.5.4 and LegacyCookieProcessor

> We are migrating to the version of tomcat identified in the subject

Before exposing an almost year-old version to the nasty real world, you might 
want to look at this:
http://tomcat.apache.org/security-8.html
and then pick a newer level (hint: 8.5.15 would be good).

> 1. What are the security and compatibility concerns when using the
> legacy processor

Sorry, can't answer that one.

> 2. The header for LegacyCookieProcesor.java explicitly states: "This
> class is not thread-safe."

> Can someone here with background knowledge explain exactly whats not
> thread-safe about the processor?  Does this mean you cannot use it for
> multiple simultaneous requests (pretty hindering for a server) or does
> this mean that you cannot have multiple threads parse the cookie
> contents of a request in parallel (which isn't a very normal thing to
> do)?

It's neither, really; there is one instance of CookieProcessor per , 
and the fields within LegacyCookieProcessor that make it not thread-safe are 
only set (in Tomcat) when the  is initialized.  Were you to 
dynamically reset the fields while requests were in progress, you could get in 
trouble.  The fields are described here:

http://tomcat.apache.org/tomcat-8.5-doc/config/cookie-processor.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: CLOSE_WAIT between Application (Tomcat) and Apache HTTPD

[Caldarale, Charles R]

> From: Adhavan Mathiyalagan [mailto:adhav@gmail.com] 
> Subject: Re: CLOSE_WAIT between Application (Tomcat) and Apache HTTPD

What part of do not top-post do you not understand?

> The Application port is configured in the catalina.properties file
> HTTP_PORT=8030
> JVM_ROUTE=dl360x3805.8030

Those are not tags that mean anything to Tomcat.  If your application is using 
port 8030 on its own, it's your application's responsibility to clean up after 
itself properly.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: changing tomcat default password

[Caldarale, Charles R]

> From: Theresa Whitney [mailto:theresa.whit...@nisd.net] 
> Subject: changing tomcat default password

> I am trying to address a security vulnerability notification for several
> servers.  We have tomcat6 installed.

Right there is your biggest security problem - Tomcat 6 has reached end of life 
and may not receive any more fixes.  To quote from the "Which version?" page:

"Users of Tomcat 6 should be aware that Tomcat 6 has now reached end of life. 
Users of Tomcat 6.x should upgrade to Tomcat 7.x or later."
http://tomcat.apache.org/whichversion.html


> The notification indicates that I need to change the default passwords
> in the admin-users.xml file.

No such file is distributed with a standard Tomcat; are you sure you have the 
right file name?  In which directory is it located?

> Can I just change the password in the xml file?

Difficult to say, since it's not part of an official Tomcat.

> Sorry for my ignorance ... I am a total newbie.

As we all were at some point.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-Original Message-


-- 
Theresa Whitney
Systems Administrator - Server Support
Northside ISD
ph: (210) 397-7727
email:  theresa.whit...@nisd.net

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Migration

[Caldarale, Charles R]

> From: M. Osama Alghwell [mailto:malghw...@gmail.com] 
> Subject: Migration

> I have been asked by a company to update their existing working tomcat 5
> application, which is working on an old Windows 2003 platform and accessing
> SQL 2005. The new servers are Windows and SQL 2012. I downloaded  and
> installed Tomcat 8.5.12. So, what I need to
> do for migrating the existing application to work on the new environment?

The first step is to read the migration guides:
http://tomcat.apache.org/migration.html

You'll need to look at all the ones that change levels, since the steps are 
cumulative and there is no 5 -> 8.5 doc.

Once you've absorbed that, come back with specific questions.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: getRealPath is a bad idea?

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: getRealPath is a bad idea?

> I would use a well-known location for the file. Maybe the application
> can be installed anywhere, but the config file needs to be in
> %APPDATA%\YourCompany\YourProduct\config.properties

An alternative is to have the customer define the location in a Java system 
property via setenv.bat (or sevice properties) when installing the webapp.  (I 
know, not pretty, but it's the webapp doing the lookup, not Tomcat.)

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Re:[OT] get NPE from NamingContextListener in app moved from TomEE to Tomcat

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re:[OT] get NPE from NamingContextListener in app moved from TomEE 
> to Tomcat

> > name="jdbc/tst36" not id=...

> Hmm. When 'name' is null we should have a better behavior than NPE. :(

It gets your attention...

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache Tomcat 9

[Caldarale, Charles R]

> From: pina.freder...@gmail.com [mailto:pina.freder...@gmail.com] 
> Subject: Apache Tomcat 9


> I'm trying to teach myself Java Web App Development but can't seem to get 
> this issue resolved.

> Mar 09, 2017 5:44:17 PM org.apache.catalina.core.StandardServer await
> SEVERE: StandardServer.await: create[localhost:8080]: 
> java.net.BindException: Address already in use: JVM_Bind

You already have something on your laptop that's using port 8080.  Either stop 
running that program, or configure your Tomcat to use a different port in the 
 element of server.xml.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: getRealPath is a bad idea?

[Caldarale, Charles R]

> From: Berneburg, Cris J. - US [mailto:cberneb...@caci.com] 
> Subject: RE: getRealPath is a bad idea?

> How do you all configure the location of a special folder that is not part of 
> the 
> deployment package itself?  A site-specific config file perhaps?

Take a look at this:
http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html

A  element within  allows specification of areas outside of 
the Tomcat deployment that the webapp can access via 
ServletContext.getResource() or getResourceAsStream().

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: CVE-2017-6056.

[Caldarale, Charles R]

> From: Paralos Trainings [mailto:paralostranin...@gmail.com] 
> Subject: CVE-2017-6056.

> I'd like to know if the latest version of Tomcat 7 and Tomcat 8 are
> affected by CVE-2017-6056.

Real Tomcat releases (downloaded from tomcat.apache.org) are not affected.  
Some 3rd-party repackaged versions do have the problem due to failure on their 
part to include relevant fixes.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: I want hide apache-coyote1.1 infomation on my tomcat 5.0.28

[Caldarale, Charles R]

> From: grkim [mailto:gr...@injeinc.co.kr] 
> Subject: I want hide apache-coyote1.1 infomation on my tomcat 5.0.28

> I saw "apache-coyote1.1" information on my tomcat reply  when I use curl -
> I IP:PORT on my tomcat 5.0.28.

> I want to hide this for security reason.

Seriously?  By running such an old version of Tomcat (released 11.5 years ago), 
you have much more serious security issues than exposure of the Tomcat version. 
 You desperately need to upgrade.

> Doesn't support it on 5.0. version? Or is there any other solution for
> this issue?

> Anybody please give me the solution. 

Upgrade to a supported level, ASAP.  Not doing so is extreme negligence.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Getting "Invalid message received with signature xxxxx" messages in catalina.out

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: Re: Getting "Invalid message received with signature x" messages 
> in catalina.out

> > No, 8009 is the default port for communication between httpd and Tomcat.  
> > 8005 is 
> > the default shutdown port.

> > If you're not using it, remove (or comment out) the declaration.

> Can somebody point me to the right docs, so I can learn more about this?

Start with the FAQ:
https://wiki.apache.org/tomcat/FAQ/Connectors

Then the official places:
http://tomcat.apache.org/tomcat-8.5-doc/config/http.html
http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Getting "Invalid message received with signature xxxxx" messages in catalina.out

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: Re: Getting "Invalid message received with signature x" messages 
> in catalina.out

> This is interesting:
>  

> Isn't 8009 some sort of backchannel control port, perhaps the one used 
> for controlled shutdown of Tomcat?

No, 8009 is the default port for communication between httpd and Tomcat.  8005 
is the default shutdown port.

> It seems to be defined as an AJP port "straight out of the box," is also 
> so-defined on our own Tomcat server, and is presumably so-defined at all 
> our other customer installations.

Correct.  If you're not using it, remove (or comment out) the declaration.


> And yet this is the first time I've ever seen these error messages.

Something with access to your network is probing that port.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: war file incompletely deployed

[Caldarale, Charles R]

> From: Christoph P.U. Kukulies [mailto:k...@kukulies.org] 
> Subject: Re: war file incompletely deployed

> This makes sense somehow, but wouldn't a local move or copy from within 
> the server's filesystem have the same complications?

No, a local mv or rename in a modern file system simply changes the directory 
structure; no copy is performed.  A copy does stand a chance of being caught in 
the middle, but the timing window is much, much smaller.  Best to use mv/rename 
whenever possible.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: war file incompletely deployed

[Caldarale, Charles R]

> From: Christoph P.U. Kukulies [mailto:k...@kukulies.org] 
> Subject: war file incompletely deployed

> I started developing a webapp (Windows 7, tomcat 7/x64). I generate a  
> WAR file using eclipse/maven. Once built I copy over the war file
> to a network share on the tomcat server. The share is the tomcat webapps 
> directory.

> Once done tomcat autodeploys the .war file into the webapps subdirectory 
> with the name of the war file (without extension).

Copying over a network link to the final deployment location can be 
problematic.  Tomcat's auto-deployment may see a partially written file and 
initiate deployment prematurely.  Best if you can copy the file to a temporary 
location on the target server and then mv or rename it to the desired spot.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: MaxInactiveInterval

[Caldarale, Charles R]

> From: Mark Thomas [mailto:ma...@apache.org] 
> Subject: Re: MaxInactiveInterval

> On 04/11/2016 15:07, André Warnier (tomcat) wrote:
> > A log message in an application running under Tomcat 8 mentions the
> > "MaxInactiveInterval" setting, saying that it is a bit short..
> > 
> > I think that I understand the meaning of the setting (the time for which
> > a session remains valid, even without interactions).
> > But where in the webapp context, and under what name, should an
> > equivalent parameter be specified ?

> Set it in web.xml. Same with distributable.

This really appears to be a problem in the servlet spec (not surprising), which 
mentions the getMaxInactiveInterval() and setMaxInactiveInterval() APIs but 
only vaguely ties them to the session-timeout element of session-config.  
Tomcat doc does not normally describe the nuances of the servlet spec, but 
something that associates the config name with the API might be useful.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 9 exe, High CPU usage due to TCP I/O with itself

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself

> On 10/27/16 1:45 PM, Dustin Delage wrote:
> > Looks like the app is now slated for redevelopment. Thanks
> > everyone.

> I still think this has nothing to do with your application...

Maybe, maybe not.  On a fresh install of Tomcat 9.0.0.M11 using JDK 1.8.0_102 
running as a service on Windows 7 Pro, I see the following ports in use:

Protocol  Local Address Remote AddressState
TCP   :8009   :0  LISTENING
TCP   :8080   :0  LISTENING
TCP   :8005   :0  LISTENING
TCP   :55089  :55090  ESTABLISHED
TCP   :55090  :55089  ESTABLISHED
TCP   :55091  :55092  ESTABLISHED
TCP   :55092  :55091  ESTABLISHED
TCP   :55093  :55094  ESTABLISHED
TCP   :55094  :55093  ESTABLISHED
TCP   :55095  :55096  ESTABLISHED
TCP   :55096  :55095  ESTABLISHED
TCP   :55097  :55098  ESTABLISHED
TCP   :55098  :55097  ESTABLISHED
TCP   :55099  :55100  ESTABLISHED
TCP   :55100  :55099  ESTABLISHED
TCPV6 :8009   :0  LISTENING
TCPV6 :8080   :0  LISTENING

I haven't figured out what all the paired ports with established connections 
are used for yet; maybe stdin, stdout, stderr, and ??  If some of the ports are 
redirects of stdout and/or stderr, the webapp could be dumping a lot of junk 
there, causing the high CPU usage.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Single sign on

[Caldarale, Charles R]

> From: Linux Support [mailto:ossuppor...@gmail.com] 
> Subject: Single sign on

> Using 8.5.5 on solaris. Can you please point me in the direction of some
> documentation/link/blog for how to set up the SSO for a application
> deployed.

Start here.
http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Single_Sign_On_Valve

If you want to utilize an existing authentication/authorization system, look 
through this to see if there's a Realm you can use:
http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html
http://tomcat.apache.org/tomcat-8.5-doc/config/jaspic.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Host appBase vs. Context docBase

[Caldarale, Charles R]

> From: Igal @ Lucee.org [mailto:i...@lucee.org] 
> Subject: Host appBase vs. Context docBase

> Suppose that I have an application at C:\WebApps\App1

Suppose you tell us your Tomcat version.

> 
> 
> 

> 
> 
>   
> 

Both of the above are incorrect.  It is highly unlikely that you want the 
 name to be App1.  The appBase attribute of  must point to a 
directory where one or more webapps are located for automatic deployment.  It 
must never point to a specific webapp.  The path attribute of the  
element must not be used unless the  element is in server.xml, which 
it should not be.  The docBase attribute is used only when the  
element is located in conf/Catalina/[host]/[appName].xml.

You need to read the documentation for , , and deployment for 
the Tomcat version you're using.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: apache-tomcat-9.0.0.M10: Change Context-Path in META-INF/context.xml not working

[Caldarale, Charles R]

> From: Maik Brauer [mailto:m...@brauer.nrw] 
> Subject: apache-tomcat-9.0.0.M10: Change Context-Path in META-INF/context.xml 
> not working

> I have a standard Tomcat9 installation. I just put a helloworld.war in the 
> webapps folder 
> and inside the META-INF I put the context.xml with a different path like: 
> 

Which is not allowed.

> But the context is still http://localhost/helloworld instead 
> http://localhost/newcontext.

As it should be.

> I tried so many things, but it is not possible to get Tomcat convinced to use 
> the new path.

Correct.

> Anybody who can help?

Read the doc:
http://tomcat.apache.org/tomcat-9.0-doc/config/context.html

In particular, this sentence describing the path attribute:

"This attribute must only be used when statically defining a Context in 
server.xml. In all other circumstances, the path will be inferred from the 
filenames used for either the .xml context file or the docBase."

Rename your .war file if you want a different context name.  You may also place 
your webapp outside of the appBase directory, and place a [context_name].xml 
file in conf/Catalina/localhost with a docBase attribute pointing to the webapp 
location.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache TomCat 5.5

[Caldarale, Charles R]

> From: Pham, Mary (NIH/OD/ORS) [E] [mailto:maryp...@mail.nih.gov] 
> Subject: Apache TomCat 5.5

> We have been using one of the old Apache TomCat on windows server 2008R2, IIS 
> 7.

Firstly, it's Tomcat, not TomCat.

> We need to apply a header directive in Apache "Strict-Transport-Security" so 
> that our web site 
> would be secured as the Government required.

Your web site is pretty much guaranteed to be _insecure_ as long as you're 
running that old - and unsupported - version of Tomcat.  The last Tomcat 5.5 
release was nearly four years ago, and many, many vulnerabilities have been 
addressed since then.  SSL does not protect you against those.  You really must 
upgrade to a supported level (preferably 8.5), after carefully reading the 
migration guides:
http://tomcat.apache.org/migration.html

Not doing so makes anything else you try pointless.

> My question is where can I insert this line?

As suggested by Daniel, a filter is your best bet - but upgrade Tomcat first.  
Not doing so leaves you subject to many more liabilities than lack of HSTS.

 - Chuck 


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Trouble setting TOMCAT_USER

[Caldarale, Charles R]

> From: Jorge Alfonso [mailto:jo...@qbex.com] 
> Subject: RE: Trouble setting TOMCAT_USER

> In order to setup the users for Tomcat you have to edit the file
> tomcat-users.xml

 That has absolutely nothing to do with what the OP is asking about.  The 
tomcat-users.xml file is the toy control for what users can be authenticated 
and authorized by Tomcat, not what userid Tomcat runs under.

Unfortunately, the OP is using a 3rd-party repackaged version of Tomcat, which 
the Apache organization has neither control nor even knowledge of.  Whatever 
startup mechanism that kicks off that particular Tomcat is specific to the 
repackager, and the query will need to be submitted to whatevever support 
organization that has.

 - Chuck 

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.5 Resource Setting Says it's being ignored but documentation shows it is supported

[Caldarale, Charles R]

> From: McKenzie, Mitch [mailto:mmcken...@markelcorp.com] 
> Subject: Tomcat 8.5 Resource Setting Says it's being ignored but 
> documentation shows it is supported


> Seeing the following  warning for all of my datasources when tomcat 8.5.4 
> starts up : 
> Ignoring unknown property: value of "3" for "validationInterval" property

As you should.

> factory="org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"

> I see validationInterval in the docs here: 
> https://tomcat.apache.org/tomcat-8.5-doc/jdbc-pool.html

Which is the doc for org.apache.tomcat.jdbc.pool.  If you're using DBCP2, you 
should be looking at the following doc, which is linked to from at least two 
places in the Tomcat web pages:
http://commons.apache.org/proper/commons-dbcp/configuration.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Set up postgresql on tomcat7

[Caldarale, Charles R]

> From: Andrew Davis [mailto:drsockmon...@gmail.com] 
> Subject: Re: Set up postgresql on tomcat7

> Its a redhat ..  i don't think tomcat 7 or later will run on this.

Stop top posting; read the rules here:
http://tomcat.apache.org/lists.html#tomcat-users

The distributor of your OS is completely irrelevant.  What's important is the 
version of the JVM you have installed.  Look at this page to see what version 
of Tomcat will run with your JVM:
http://tomcat.apache.org/whichversion.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Unable to access Manager App, Host Manager and Server Status urls

[Caldarale, Charles R]

> From: Andrew M [mailto:bluemind2...@yahoo.com.INVALID] 
> Subject: Unable to access Manager App, Host Manager and Server Status urls

> I have added these three lines in my tomcat-users.xml file:
> 
> 

And did you remove the comment markers that bracket that area of the file?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Native Library Error using Context forward in server.xml

[Caldarale, Charles R]

> From: Pietag, Tobias (Enterprise Security Services) 
> [mailto:tobias.pie...@hpe.com] 
> Subject: RE: Native Library Error using Context forward in server.xml

> We are using the Context in the server.xml to change the root application to 
> a 
> different webapp. 

That's a really, really bad idea.  Name your default webapp ROOT, and be done 
with it.  Alternatively, construct a ROOT webapp that does nothing but redirect 
to iiq (or vice-versa).

>  deployOnStartup="true" >
>    

Read the doc and discover why that path attribute is using an illegal value, 
even when in server.xml.
 
> So that the webapp can be call from https://url:8443/ and 
> https://url:8443/iiq. 

You should do this with a redirect.

> If the webapp is open from both URLs, it will result in the following error.

That's because it's not "the webapp"; your configuration forces it to be 
deployed twice, once as the default, once as iiq.  Each deployment uses a 
separate classloader so the underlying classes (and native library references) 
cannot be mixed.
 
> It seems that the tomcat sees both URLs as different applications and tries 
> to load native library twice.

Exactly.

> After removing the Context element it's working without any error.

Except you cannot reach the webapp without using iiq in the URL.

> Is this the normal behavior with the Context element ?

Yes.

> Is there an option to change this behavior, or does it look like a bug ?

It's a bug in your configuration and deployment strategy.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomat8.5 write logs with incorret os permission

[Caldarale, Charles R]

> From: 韭菜 [mailto:jiu...@qq.com] 
> Subject: tomat8.5 write logs with incorret os permission

> When using tomcat8.0, it starts and write logs as follows: 
> (apache-tomcat-8.0.x) -rw-rw-r-- 1 app app 873710 Aug  4 20:08 catalina.log  
> When using tomcat8.5.x (include tomcat 9.0.x), it starts and write logs as 
> follows: 
> (apache-tomcat-8.5.4) -rw-r- 1 app app 100824 Aug  4 20:10 catalina.log 

A highly appropriate change, much needed to prevent untrusted users from 
accessing private information in the log.

> So, tomcat8.5 caused other os users can not read its logs and webapps logs 
> that deployed 
> at tomcat8.5. the logs files should has permission 664, not 640.

Definitely not a good idea.

> I thinks it is not good for java webapp devlopers ,  when my web app write 
> logs as 
> data log, the logs files can not rsync by other users and hosts.

As it should be.

> but it works at tomcat7.0.x and tomcat8.0.x

"Works" is your definition; any site interested at all in secure operations 
would consider the old permissions to be dangerous and broken.

> So I asked users to require further support for tomcat8.x write log files 
> feature.

Definitely a bad idea to relax the default permissions back to where they were. 
 If you want to expose your own system to abuse, you can set umask as 
documented in the changelog.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Internal Error 500

[Caldarale, Charles R]

> From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
> Subject: Re: Internal Error 500

> On 04.08.2016 11:15, Syed Mudassir Ahmed wrote:
> > What are the various reasons for the tomcat server to throw internal server
> > error 500?

> In general, search Google for : http status codes

Note that this is the same OP that works for an "expert" IT consulting company 
and wanted volunteers on this mailing list to do his work for him.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8 RemoteIpValve Issues

[Caldarale, Charles R]

> From: Kasa, Nubli [mailto:mmohd...@iu.edu] 
> Subject: RE: Tomcat 8 RemoteIpValve Issues

> This doesn't seem to be the case with a fresh new install on Tomcat 8 on 
> Ubuntu. Our sysadmin 
> also did a fresh install on Redhat with the same result.

Install of what?  A real Tomcat from tomcat.apache.org, or a 3rd-party 
repackaged (and reconfigured) version?  For the latter, you may need to consult 
with the 3rd party, since they've been known to change the defaults somewhat 
arbitrarily.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Issue with Tomcat7

[Caldarale, Charles R]

> From: Olaf Kock [mailto:tom...@olafkock.de] 
> Subject: Re: Issue with Tomcat7

> If you want 1:1 attention, go the paid route. If you want community
> support: State your problem. If you want free community 1:1 attention:
> Good luck - state explicitly that this is what you're looking for and
> see who answers. I won't.

What's really annoying is that the OP works for an IT consulting company that 
is getting paid for their "expertise".  Sure looks like another attempt to get 
someone else to do their job and then take credit for it (monetary and 
otherwise).

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 7.0.70 War Redeployed every few minutes

[Caldarale, Charles R]

> From: Andrew Moore [mailto:andrew.mo...@petcircle.com.au] 
> Subject: Tomcat 7.0.70 War Redeployed every few minutes

> We noticed that we were getting Connection Refused when trying to connect
> to port 8080 remotely. And then we could see this was being caused by the
> war redeploying automatically every few minutes.

This can be caused by an inappropriate timestamp on the .war file - one that's 
in the future.  Another possibility is that something is doing a touch on .jar 
or .class files in the expanded directory.  Or maybe the timestamps on the 
files inside the .war are off.

Might want to look at the deployment doc:
http://tomcat.apache.org/tomcat-7.0-doc/deployer-howto.html#Deploying_on_a_running_Tomcat_server
to see if this is similar to what you see going on.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Servlet overridden by Apache Tomcat welcome page?

[Caldarale, Charles R]

> From: Mark Eggers [mailto:its_toas...@yahoo.com.INVALID] 
> Subject: Re: Servlet  overridden by Apache Tomcat welcome 
> page?

> I just played with Eclipse Neon (newest release). It does copy over a
> Tomcat configuration into your workspace, and then runs Tomcat from that
> (sort of like RUNNING.txt).

I thought there was some way to disable such obnoxiousness, but I don't 
remember the details.

> That being said, Eclipse does not handle ROOT well at all by default. If
> I tell Maven to have a final name of ROOT, then Eclipse edits the
> workspace server.xml with:
> 
> path="/ROOT"
>reloadable="true"
>source="org.eclipse.jst.jee.server:CSEFive"/>
> 

Clearly broken.  (Also, there is no  attribute of "source".)

> If I name things normally, then the application comes up as CSEFive, and
> the portion of server.xml reads as follows:
> 
> docBase="CSEFive"
>path="/CSEFive"
>reloadable="true"
>source="org.eclipse.jst.jee.server:CSEFive"/>
> 

Other than the source attribute, at least that's legal.

> The only way that I know of to manage this from within Eclipse is the
> following:

> Right-mouse click on the project, and go the the following in the drop
> down menu:

> Properties->Web Project Settings

> Change the Context root to /

Strictly speaking, this isn't correct; the default webapp must have an empty 
path string.

> Run your project from within Eclipse, and it will come up as
> http://localhost:8080/

That's an accident, since the path attribute is not valid.

> Eclipse will rewrite the server.xml in your workspace to:
> 
> docBase="CSEFive"
>path="/"
>reloadable="true"
>source="org.eclipse.jst.jee.server:CSEFive"/>
> 

The path attribute is illegal.  You would think after this number of years, 
Eclipse would at least get the syntax right.

> In any case, once you move out of an Eclipse-controlled Tomcat,

Which seems to be highly desirable, given the mess Eclipse is making.

> the WAR file needs to be named ROOT.war (case matters, even on Windows).

As Hassan previously noted.

> You'll need to move Tomcat's default ROOT web application to another
> location.

Or just delete it.

> In short, it's an Eclipse artifact.

A seriously broken artifact.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Servlet overridden by Apache Tomcat welcome page?

[Caldarale, Charles R]

> From: Paul Roubekas [mailto:paul@orthogroup.holdings] 
> Subject: Re: Servlet  overridden by Apache Tomcat welcome 
> page?

> After making the above suggested changes the desired behavior goes
> away.  Now instead of my application's landing page I get the tomcat
> welcome page.

You appear to have ignored what Hassan S said earlier in this thread; I'll 
repeat it here:

"Assuming a default installation, you should see the index.jsp page
associated with the *default context*, which in Tomcat is named
ROOT (case sensitive).

"You need to move or delete the existing ROOT and rename your
own WAR file (or directory) to ROOT."

I suspect you did not delete the existing ROOT directory.

> I am using Eclipse Mars.2  Is it possible I simply
> implemented the suggestions incorrectly?  Below is what eclipse did to
> the server.xml file.

>  path="/ROOT##000" reloadable="true"
> source="org.eclipse.jst.jee.server:ROOT##000">

I'm not an Eclipse user, but any IDE that blindly updates configuration files 
without your explicit permission sounds extremely dangerous.  Others may have 
suggestions about how to stop such bad behavior.  You really, really do not 
want to put any  elements in server.xml.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-- 
The people that bring you Usque .

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Configuring Tomcat to support TLSv1.2

[Caldarale, Charles R]

> From: Daniel Savard [mailto:daniel.sav...@gmail.com] 
> Subject: Re: Configuring Tomcat to support TLSv1.2

> > The SSL_VERSION parameter was already defined by the vendor.

> I still would delete the SSL_VERSION from the catalina.sh or comment it at
> least and adopt the suggested approach to configure everything in the
> server.xml file instead.

The proper place to define environment variables is in bin/setenv.sh, not 
catalina.sh nor startup.sh.  The setenv.sh file (when present) is automatically 
invoked by catalina.sh during Tomcat startup. 

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Updating Apache Tomcat to a current version

[Caldarale, Charles R]

> From: paul.greene.va [mailto:paul.greene...@verizon.net] 
> Subject: Re: Updating Apache Tomcat to a current version

> when you drop the WAR file into the webapps directory, does tomcat 
> automatically 
> expand the contents of the file?

Depends on how you have configured Tomcat; look at the unpackWARs description:
http://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Standard_Implementation

> And is the WAR file format a typical way for vendors to distribute their apps 
> to 
> their customers, or is it normally a customer created file?

Usually in a .war file.  This is actually a .jar file with a specific directory 
structure as defined by the servlet spec (which would be useful to at least 
skim over):
http://jcp.org/aboutJava/communityprocess/final/jsr315/index.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Remove Port from Https URL || SSL Port Issue || Important

[Caldarale, Charles R]

> From: Christoph Nenning [mailto:christoph.nenn...@lex-com.net] 
> Subject: Re: Remove Port from Https URL || SSL Port Issue || Important

> ports below 1024 are privileged ports and can be opened by root only. Of 
> course you don't want to run tomcat as root. There are several ways to 
> open them anyway as non-root, e.g. the capability CAP_NET_BIND_SERVICE or 
> the tool authbind  (not sure if available in your version of redhat).

There's a wiki entry for this:
http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Unable to update or delete Windows Service

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Unable to update or delete Windows Service

> I've got a Windows service called "foo" and I'm able to edit the
> configuration successfully by running the following command:

> C:\> %CATALINA_HOME%\bin\tomcat8w.exe //ES//foo

> But if I try to update the service from the command-line, or update
> the service, I get an error "Error parsing command line" with no
> further information.

Example of the command line that's failing?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Order of attributes significant in zipfileset?

[Caldarale, Charles R]

> From: Dave Glasser [mailto:dglas...@pobox.com] 
> Subject: Order of attributes significant in zipfileset?

> If you have a  element with both a dir and a file attribute, it 
> will produce 
> different results depending on the order in which those attributes appear.

Not surprising.

> I want to make clear that I'm aware that the docs for fileset say:
> "Either dir or file must be specified" and that I might be doing it wrong. 
> You could argue 
> otherwise, but perhaps that does in fact unambiguously imply that having both 
> is incorrect 
> and hence the behavior is undefined. 

Yes, it's undefined.  The file attribute is documented as a "shortcut for 
specifying a single-file fileset" - you should not use both dir and file.  If 
you want a single file in a particular directory, use just the file attribute:



 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT if/else or not if/else

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: OT if/else or not if/else

> Unless the JIT can prove that there are no side-effects, it's not
> going to perform any speculative computations for a possible branch.

True, but due to inlining of many methods, the side effects are often visible.  
It's quite common for compilers to generate reads out of order when it can be 
proven they are not impacted by any subsequent write operations.

> it's not easy to decide if either of those two methods have any
> side-effects.

Actually, given the JVM architecture, it is quite easy - the compiler (the real 
one, not javac) has the callee method implementation available when it's 
processing the caller.  This is not true with most languages.  If a subsequent 
class definition invalidates such a determination, the compiler deoptimizes the 
generated method, and, if needed, recompiles it.

> If the method is private or final in the declared type,
> it can be evaluated completely, but that's a somewhat rare case.

Nope (see above).

> Presumably, the if-without-else case would actually free the compiler
> to evaluate those predicates "early", but that wouldn't be considered
> "speculative" in my mind because those side-effects would have
> happened anyway (since all branches will be evaluated).

Only certain reads can be issued in such instances, since any writes are 
expected to be in order (unless you're dealing with the rather bonkers C++ 
memory model).  The predicate evaluation isn't speculative, but reads from 
inside the predicated area are often lifted out of the blocks, and it's these 
that are speculative.

> The only potential problem would be with an early branch that throws an
> exception, in which case any side-effects of a later predicate would
> be ... surprising.

If a predicate evaluation might cause a write, it pretty much precludes looking 
at them out of order.

 - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT if/else or not if/else

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: OT if/else or not if/else

> If you use else-less-if, then there is never an opportunity for
> parellelization, since the program is going to assume that those
> predicates are (a) independent and (b) ordered in a way that the
> programmer intended.

Not quite true.  Modern compilers and CPU cores will speculatively execute code 
sequences in parallel that may later be abandoned when the results of predicate 
evaluation are available; this can be done for both the if-else-if and the 
else-less-if forms.  Regardless, the if-else-if form is much preferred, in 
terms of providing both the compiler and the maintainer with more information 
(and is certainly not premature optimization, by any stretch of the 
imagination).

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT if/else or not if/else

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: OT if/else or not if/else

> > Actually, a good compiler should generate the same code for switch
> > and if ... else if, assuming the boolean expressions used with the
> > ifs are compatible with a switch operand.

> Do you know of such a compiler (for Java)? I've never seen a compiler
> generate a switch bytecode when a "switch" statement wasn't present in
> the original Java source.

I'm not talking about the front end, but rather the native code generators 
after optimization (e.g., the C2 compiler for the Oracle JVM).  The bytecodes 
aren't representative of what actually gets executed.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT if/else or not if/else

[Caldarale, Charles R]

> From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com] 
> Subject: OT if/else or not if/else

> I was wondering if using if/else is not actually slowing down your code.
> Lets say I have three possible conditions, A, B and C, which are exclusive.
> My native approach would be:
> if (A){...}
> if (B){...}
> if (C){...}

> now some people would 'optimize' it as
> if (A){ ...} else if (B) {} else if (C) { }
> and I think in the world of single-cpu computers this optimization could
> work.

This doesn't really have anything to do with the number of CPUs, but rather 
whether or not a single core can execute instructions in parallel 
(vectorization or multiple execution ports).

> But what is now, given that compilers can optimize stuff like this and tell
> the processor to calculate all 3 branches simultaneously, which is not
> possible for ifelse.

These two sets of code are semantically different.  Unless the compiler (not 
the programmer) can prove that A, B, and C are mutually exclusive, the first 
example requires checking all three.  Also, unless the block of code executed 
for a prior true condition can be proven to not affect a later predicate (e.g., 
cannot alias, no side effects), the compiler must issue the three statement 
blocks in order.  Depending on the memory ordering model in play for the 
statements, the compiler may be able to issue speculative reads for each block 
of code, but that's very, very language specific.

A modern CPU core can also speculatively execute instructions, and will likely 
do so with either sequence (assuming typical memory ordering constraints).

> Which one would you choose?

Definitely the if ... else if ... sequence, or the corresponding switch 
statement, if feasible.  Give the compiler as much help as you can to figure 
out the programming intent.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT if/else or not if/else

[Caldarale, Charles R]

> From: David kerber [mailto:dcker...@verizon.net] 
> Subject: Re: OT if/else or not if/else

> But I would add that if the conditions can be reduced to enumerations, a 
> Switch would be even faster.

Actually, a good compiler should generate the same code for switch and if ... 
else if, assuming the boolean expressions used with the ifs are compatible with 
a switch operand.

 - Chuck
 

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: context root with relative path

[Caldarale, Charles R]

> From: Dimitar Valov [mailto:dimitar.va...@gmail.com] 
> Subject: Re: context root with relative path

> System.out.println(new File("C:").exists()); prints true, so I guess it
> works okay.

Depends on the definition of "okay"; that only tells us that the C drive's 
current directory is present.  As Konstantin pointed out, the normalization 
should have produced "C:\" - which will also pass the exists() test.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: context root with relative path

[Caldarale, Charles R]

> From: Mark Thomas [mailto:ma...@apache.org] 
> Subject: Re: context root with relative path

On 19/04/2016 19:38, Dimitar Valov wrote:
> All static resources such as index.html will not be found when application
> is added with , for example tomcat
> is put inside the application's META-INF.

Not that it's pertinent to the resource retrieval problem, but a path attribute 
of "/" is never correct ("" might be what is wanted).  But since path 
attributes on  elements located in META-INF/context.xml are not 
allowed, it doesn't really matter for this particular issue.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Information about incident ID 2205106170494020972

[Caldarale, Charles R]

> From: Yin, Ivan [mailto:ivan@sap.com] 
> Subject: Information about incident ID 2205106170494020972

> When I tried to click one button in the web application deployed in Tomcat 7, 
> it throws 
> an error message as below:

> This page can't be displayed. Contact support for additional information.
> The incident ID is: 2205106170494020972.

> May I know what is the meaning of this incident ID and how I can solve this 
> issue?

The message does not come from Tomcat itself, but most likely a webapp deployed 
under Tomcat.  As the message says, you'll need to contact the support 
personnel for the webapp.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.5.0 and 9.0.0 M4

[Caldarale, Charles R]

> From: Lulseged Zerfu [mailto:zlulse...@hotmail.com] 
> Subject: Tomcat 8.5.0 and 9.0.0 M4

> I was trying to test HTTP/2 and tried versions 8.5.0 and 9.0.0.M4. I was not
> able to start these releases because I get NoClassDefFoundError.

> Caused by: java.lang.NoClassDefFoundError:

> Class javax/servlet/ServletContainerInitializer is found in the
> servlet-api.jar which is inplace.

In place where (be precise)?

Make sure the .jar is not in more than one location; it should be only in 
Tomcat's lib directory, nowhere else.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Why the tomcat source code uses obsolete ant build configuration? why not maven or gradle?

[Caldarale, Charles R]

> From: George Sexton [mailto:geor...@mhsoftware.com] 
> Subject: Re: Why the tomcat source code uses obsolete ant build 
> configuration? why not maven or gradle?

> In my opinion (and it's probably not shared by many, but I don't care), 
> Maven sucks.

+many to that

Another "solution" in search of a problem.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: contextDestroyed() method not called

[Caldarale, Charles R]

> From: Daniel Savard [mailto:daniel.sav...@gmail.com] 
> Subject: Re: contextDestroyed() method not called

Read the mailing list rules: don't top post.
http://tomcat.apache.org/lists.html#tomcat-users

> I'm running it on Window 2012 Server as well as Linux RHEL.

Ok, good to know.

> And no, I am not sending a terminate signal with kill -9. That's why I
> said I am stopping the application or the instance (both cases depict
> the same behavior) rather than saying I am terminating it.

Again, how are you doing this?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: contextDestroyed() method not called

[Caldarale, Charles R]

> From: Daniel Savard [mailto:daniel.sav...@gmail.com] 
> Subject: contextDestroyed() method not called

> I noticed a problem with one of my web applications which requires
> some cleanup when shutdown. It seems this cleanup isn't happening even
> if everything has been put in the contextDestroyed() method of my web
> listener.

> I find it difficult to believe this is a bug in Tomcat, so, I guess I
> am doing something wrong. Someone can provide some guidance to
> identify the cause of such undesirable behavior?

Missing a couple useful bits of information:

1) What OS are you running on?

2) More importantly, how are you shutting down Tomcat?  (Using kill -9 would 
not be a good choice...)

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8 Hung State

[Caldarale, Charles R]

> From: Theo Sweeny [mailto:theo.swe...@avios.com] 
> Subject: Tomcat 8 Hung State

> yesterday Tomcat 8 went into a hung state, because an external API went 
> offline.

> Eventually the external service was restored but Tomcat was unable to 
> recovery from it.

> When a new connection is sent to Tomcat the connection hangs as no additional 
> thread 
> can be allocated to the new request.

> Here is an example of the log -

> com.spring.application.repository.product.price.IlogPriceRepository.getPrices_aroundBody0
> (IlogPriceRepository.java:104)

Note that this is application, not Tomcat, code.

> Are there any ideas as to why Tomcat is unable to free up its threads?

Because your webapp code never returns to Tomcat.  Whatever requests your 
webapp made to the external API were likely lost, but your webapp was still 
expecting response(s).  The webapp needs to include some kind of timeout and 
recovery logic when accessing an external API to make sure it doesn't get stuck 
there forever.  Nothing Tomcat can do about anti-social behavior inside your 
webapp, other than report it.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Idle Thread high CPU

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Idle Thread high CPU

> My version of 'top' (Debian Linux) doesn't show thread ids. :(

Can you try "top -H" (case sensitive option)?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Advice on Cluster in one machine

[Caldarale, Charles R]

> From: Edwin Quijada [mailto:listas_quij...@hotmail.com] 
> Subject: Re: Advice on Cluster in one machine

> Daniel, can you give the idea to do a parallel
> deployment approach? What tools I need ?

No tools, other than possibly changes to your build script.  The doc is here:
http://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Parallel_deployment

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat can not locate the folders of CSS files inside a web app, if the url-pattern of a servlet is set to / inside web.xml

[Caldarale, Charles R]

> From: Junqiang Zhang [mailto:junqiangzh...@gmail.com] 
> Subject: Re: Tomcat can not locate the folders of CSS files inside a web app,
> if the url-pattern of a servlet is set to / inside web.xml

Don't top-post.  See item 6 under 
http://tomcat.apache.org/lists.html#tomcat-users

> I did map my servlet to the url-pattern "/".

The point we're trying to make is that you must not use a servlet mapping of 
"/" unless your servlet can handle the duties of DefaultServlet, including 
delivering static content such as CSS files and images.  Your mappings need to 
be more specific (as you appear to have already discovered, based on your first 
message).

> Is there any setting could let web browsers find the static content inside 
> the webapp
> directory? If I put the static content into some other places, can web 
> browsers find 
> the css file?

Note that web browsers do not "find" the content inside the webapp directory; 
that's entirely up to the servlets of the webapp, including Tomcat's built-in 
DefaultServlet - if you haven't disabled it by mapping something else to "/".  
Correct your servlet mapping and things will work as desired.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat can not locate the folders of CSS files inside a web app, if the url-pattern of a servlet is set to / inside web.xml

[Caldarale, Charles R]

> From: Chris Gamache [mailto:cgama...@gmail.com] 
> Subject: Re: Tomcat can not locate the folders of CSS files inside a web app, 
> if the url-pattern of a servlet is set to / inside web.xml

> /mywebapp/css/style.css is where that file should be located if exists in
> the spot indicated in the tree diagram.

> I don't think the default servlet plays in to this...

Clearly it does, as Violeta stated.  Since the webapp is overriding the mapping 
for "/", Tomcat's DefaultServlet will never get used, so there is _nothing_ 
available to deliver static content.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Multiple domian names one web site different content

[Caldarale, Charles R]

> From: David kerber [mailto:dcker...@verizon.net] 
> Subject: Re: Multiple domian names one web site different content

> No, one tomcat instance can't listen on two different ports at the same 
> time.

??? If that were true, Tomcat couldn't support both HTTP and HTTPS.  Simply 
configure multiple  elements, one for each desired port number.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Understanding how to controlling what data is written to log4j appenders

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Understanding how to controlling what data is written to log4j 
> appenders

> Can you confirm that the class in question is actually using log4j for
> output? There's little that can be done if the class is using
> System.out/System.err directly.

Setting swallowOutput in the associated  should help in such a 
situation.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: context doesnt pick up

[Caldarale, Charles R]

> From: prashant sharma [mailto:pacificmist.0...@gmail.com] 
> Subject: Re: context doesnt pick up

> I thing you need to place the web app outside tomcat lets say in
> /users/myfolder/test
> And then  set docbase path in /conf/Catalina/localhost/test.xml
> to 
> and then stop start tomcat.

That doesn't help when both deployOnStartup and autoDeploy are set to false.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: context doesnt pick up

[Caldarale, Charles R]

> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] 
> Subject: RE: context doesnt pick up

> If all you have in the  element is the docBase and your webapp is 
> located 
> in the 's appBase directory, you don't need a  element at all.

Sorry, since you have both deployOnStartup and autoDeploy set to false, you 
will need the  element inside server.xml - that's the only way to get 
a webapp going when you have disabled all the other mechanisms.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: context doesnt pick up

[Caldarale, Charles R]

> From: Me Self [mailto:wmso...@gmail.com] 
> Subject: context doesnt pick up

> When I put the context in server.xml it works fine, but if I put the same
> context tag in a xml file under /conf/Catalina/localhost/test.xml then
> tomcat doesn't pick it up. I would rather want to use the latter.

> The test.xml is
> 
> 

> What Am I missing?

Reading the doc, which for the docBase attribute states:
"The value of this field must not be set unless the Context element is defined 
in server.xml or the docBase is not located under the Host's appBase."

http://tomcat.apache.org/tomcat-8.0-doc/config/context.html

I suspect that if you examined the logs you would find an error message related 
to deployment of the test webapp.

If all you have in the  element is the docBase and your webapp is 
located in the 's appBase directory, you don't need a  element 
at all.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Does Tomcat need a non-ssl connector?

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: Re: Does Tomcat need a non-ssl connector?

> On 2/12/16, 11:40 AM, m...@kimwana.com wrote:

> > Perhaps I should have phrased this differently. I want to force
> > clients to ssl. When they hit http://app.myurl.com their browser
> > should load https://app.myurl.com

> Wouldn't mind knowing that myself. All the Tomcat installations I'm
> responsible for are set up to simply reject non-secured connections 
> (that's EASY, just comment out the non-secured connector); I'm
> sure some customers would like it to behave as you describe.

Read the servlet spec.  Simply set transport-guarantee to CONFIDENTIAL for all 
URL patterns (/*).  You can do this in the global conf/web.xml, if desired.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Is there a way for code running on Tomcat 7+ to determine the URL of the Web App it's running under?

[Caldarale, Charles R]

> From: Dougherty, Gregory T., M.S. [mailto:dougherty.greg...@mayo.edu] 
> Subject: Re: Is there a way for code running on Tomcat 7+ to determine the 
> URL of the Web App it's running under?

> You can honestly tell who¹s calling you, since you can throw an exception,
> catch it, then look at the stack trace.

Or just call Thread.getStackTrace()...

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: 1catalina.org.apache.juli.FileHandler

[Caldarale, Charles R]

> From: rich...@xentu.com [mailto:rich...@xentu.com] 
> Subject: 1catalina.org.apache.juli.FileHandler

> I'm trying to understand logging.properties.

Make sure you carefully read this first:
http://tomcat.apache.org/tomcat-8.0-doc/logging.html

> Should I have jar on my system somewhere containing
> 1catalina.org.apache.juli.FileHandler?

Not exactly.  The 1catalina is a prefix, as noted by this line in the above doc:

"A prefix may be added to handler names, so that multiple handlers of a single 
class may be instantiated. A prefix is a String which starts with a digit, and 
ends with '.'. For example, 22foobar. is a valid prefix."

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: rotate catalina.out without restart?

[Caldarale, Charles R]

> From: Harald Dunkel [mailto:harald.dun...@aixigo.de] 
> Subject: Re: rotate catalina.out without restart?

> OK, then the question is why does catalina.sh write to catalina.out
> at all? stdout/stderr of the script would be sufficient.

And where would you have the output go when Tomcat is run as a service?  The 
redirection to catalina.out is there not for the benefit of the script, but 
rather to handle sloppily-written webapps that dump things into stdout or 
stderr rather than using a logger.  If you want to eliminate writing to 
catalina.out, set swallowOutput to true in the  elements of the 
offending (and offensive) webapps.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: More, Re: Tomcat 7.0.67 crashing on takeoff

[Caldarale, Charles R]

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: Re: More, Re: Tomcat 7.0.67 crashing on takeoff

> On 1/26/16 2:25 PM, Mark Thomas wrote:
> > Setting xmlParsingProtection="false" on the
> > JreMemoryLeakPreventionListener should stop the exception.

> Ok, but how? Is there a way to do that from a configuration file? I'm 
> looking at 
>  but I 
> don't have a clue what to do with what I see.

You found the right documentation page.  Update the 
JreMemoryLeakPreventionListener entry in your conf/server.xml to look like this:



 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Problem With proxi.cgi

[Caldarale, Charles R]

> From: Luciano Martin Galletti [mailto:gallett...@hotmail.com] 
> Subject: RE: Problem With proxi.cgi

> Yes both xml files are inside 

Be precise; exactly which xml files are you referring to?

> C:\Program Files\Apache Software Foundation\Tomcat 
> 7.0\webapps\examples\WEB-INF

As Mark already stated, the context.xml file should be under META-INF, not 
WEB-INF.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.0.18 is not getting started

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Tomcat 8.0.18 is not getting started

> 1. Please don't top-post. André is continuing to bottom-post and you
> are continuing to top-post. This makes the conversation unreadable.
> The convention on this list is to top-post. [1]
   ^

Uh - no, the convention is to _not top-post.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.0.15

[Caldarale, Charles R]

> From: Julie Sur [mailto:julie...@gmail.com] 
> Subject: Re: Tomcat 8.0.15

> I am using tomcat 8.0.15, jdk1.8.0_45 with my application and I am seeing
> below errors in my log. Is this a bug with the tomcat version that I am
> using ?

Could be, but it's more likely an application bug.  Try running with the 
current level (8.0.30).

> TomcatLog Error processing request java.lang.NullPointerException
>  at
> org.apache.catalina.connector.Request.notifyAttributeAssigned(Request.java:1492)

Is your webapp hanging onto a request or response object after the request has 
completed?  Typical errors include storing the reference in a ThreadLocal, 
servlet instance field, or static field.

> TomcatLog Error finishing response java.lang.NullPointerException
>  at
> org.apache.coyote.http11.InternalNioOutputBuffer.flushBuffer(InternalNioOutputBuffer.java:234)

Have you tried one of the other  types?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How do I block 'Unloading class sun.reflect....' messages?

[Caldarale, Charles R]

> From: Lee Bassom [mailto:lbas...@interactions.com] 
> Subject: Re: How do I block 'Unloading class sun.reflect' messages?

> -XX:+PrintGCDetails

I'm going to guess that the above enables the class unloading messages.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Conditional Deployment

[Caldarale, Charles R]

> From: kidambi madhu [mailto:madhu.kida...@gmail.com] 
> Subject: Conditional Deployment

> We are facing an issue related to Deployment (Specifically Auto Deployment)
> in Tomcat 7

> We have a build process setup from Jenkins tool to build and auto ftp the
> war file to the "Webapps" folder of Tomcat.

> When the application is executing the long running taks, though the war
> file is placed/updated in web apps, tomcat is unable to stop the
> application due to task execution and we are unable to stop Tomcat as well

> We are forced to kill Tomcat and re trigger the Jenkins build.

Try using parallel deployment:
http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Parallel_deployment

This should let you leave the existing tasks running, but new requests will 
utilize the new version of the webapp.

Obviously, the details of your deployment process will need to change to 
include a version on the .war file.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Fwd:

[Caldarale, Charles R]

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Subject: Re: Fwd:

> > First of all, I have a context.xml file in the WEB-INF folder of my
> > application (call it "myApplication" henceforth) that looks like:

Also note that WEB-INF is not the correct directory for context.xml.  The OP 
really, really needs to read the documentation:
http://tomcat.apache.org/tomcat-8.0-doc/config/context.html

The OP also needs to learn to use a subject line - he has a history of failing 
to do so.

 - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org