Re: JVM keystores and CA

[Jose María Zaragoza]

Hi

El mar., 16 oct. 2018 a las 1:49, Igor Cicimov () escribió:
>
> Hi all,
>
> I just want to clarify something that I've been seeing behave differently
> on various Java versions during the years. In case we have the following
> setting:
>
> -Djavax.net.ssl.trustStore=/keystore/truststore.jks"
>
> in Tomcat's default config file, is JVM suppose to fall back to the global
> CA store on the server under /etc/ssl/certs for verification in case *any*
> of the certificates returned by a trusted domain are not present in the
> above JKS store? By any I mean, all the certs in the chain returned by the
> SSL handshake.
>
> For example, lets say we have a situation like this:
>
> DigiCert Global Root G2 -> RapidSSL TLS RSA CA G1 -> CN=*.mydomain.com
>
> Lets say I have imported the *CN=*.mydomain.com *
> certificate in the truststore.jks, the question is is JVM going to look
> under /etc/ssl/certs for RapidSSL in order to validate the CN signature and
> then for DigiCert to validate the RapidSSL cert?
>
> As I said I had a mixed luck with this over the years, sometimes it works
> as (I) expect it to work i.e. verify the certs by looking at the system CA
> store and sometimes this is not the case.

My experience is that if you store a server certificate in the
truststore.jks , don't search anyone more.
This behaviour makes sense for me because you are saying that you
trust in that certificate because you verified ( by other means ) it
before
Even if certificate is expired ( and server send it expired too,
obviously ) , I think that is validated as trusted

Regards






>
> Thanks for any help/insites.
>
> Igor

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Alias name does not identify a key entry

[Jose María Zaragoza]

El mar., 26 jun. 2018 a las 17:03, Cybulski, Adam M
() escribió:
>
>
> Hello, I'm using Tomcat 8.5.4, on a server 2008R2 machine,  and I'm unable to 
> start the SSL connector.
>
> My connector syntax is as follows:
>
>   connectionTimeout="2"
>redirectPort="8443" />
>
>protocol="HTTP/1.1"
>maxThreads="150"
>scheme="https"
>secure="true"
>SSLEnabled="true"
>keystoreFile="c:\tomcat8\meg.keystore"
>keystorePass="keystorepass"
>keyAlias="meg" />
>
> To which I receive this error in Catalina.log:
>
> SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize 
> end point associated with ProtocolHandler ["https-openssl-nio-8443"]
>  java.lang.IllegalArgumentException: java.io.IOException: Alias name meg does 
> not identify a key entry
>
> However, meg is in my keystore:
>
>
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 3 entries
>
> root, Jun 25, 2018, trustedCertEntry,
> Certificate fingerprint (SHA1): 
> 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:
> 68:85:18:68
> meg, Jun 25, 2018, trustedCertEntry,
> Certificate fingerprint (SHA1): 
> 72:66:E4:05:94:C4:5B:4A:8A:26:20:F1:C5:7D:73:3B:
> 6F:24:D1:59
> tomcat, Jun 25, 2018, PrivateKeyEntry,
> Certificate fingerprint (SHA1): 
> AC:D9:3B:37:E4:37:A3:E7:D2:27:D1:CF:88:D3:79:70:
> 84:C8:16:82
>
> I used these steps to manage the certs:
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore c:\Tomcat8\meg.keystore
>
> keytool -certreq -keyalg RSA -alias tomcat -file c:\tomcat8\tomcatreq.csr 
> -keystore c:\Tomcat8\meg.keystore
>
> Sent CSR to InCommon CA, downloaded x509 certificate, and x509 
> intermedites/root certificates.
>
> keytool -import -alias root -keystore c:\Tomcat8\meg.keystore -trustcacerts 
> -file "C:\Tomcat8\meg_library_albany_edu_interm.cer"
>
> keytool -import -alias meg -keystore c:\Tomcat8\meg.keystore -file 
> "C:\Tomcat8\meg_library_albany_edu_cert.cer"
>
> Any help you can give me in resolving this error is greatly appreciated.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Hi

I guess that meg entry should be a PrivateKeyEntry ( public
certificate + private key ) , not a trustedCertEntry
I think that meg_library_albany_edu_cert.cer only contains a public certificate

Honestly, I use openssl to create .p12 key stores
Something like

openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out
KEYSTORE.p12 -name "meg" -CAfile MY-CA-CERT.crt -caname myCA -chain

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL issue

[Jose María Zaragoza]

2017-10-09 17:01 GMT+02:00 John Ellis :

> I posted questions about this a couple of weeks ago I think it was. I have
> been trying to get Tomcat running on a secure port with a valid SSL
> certificate. We finally got version 9.0.0.M20 setup successfully on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I go
> through all the steps using the keytool commands to submit a certificate
> (we use Cacert.org) and try to plug that certificate into the mix it
> doesn’t work. I still get an error message telling me that I will have to
> create an exception to go to that IP address and port. Last Friday I even
> deleted the certificate and all the keystore file, etc. and got the same
> exact error. So it appears that Tomcat is not seeing the certificate at all
> since I get the same error about having to add an exception whether or not
> I have a valid certificate in place on the server.
>
> The lines we added to the server.xml file to get the secure port working
> are-
>
>
>
> 
>   maxThreads="150" scheme="https" secure="true"
>
>   clientAuth="false" sslProtocol="TLS"
>
> keystoreFile="/home/tomcat9.0.
> 0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks"
>
> keystorePass="changeit" />
>


Maybe you should use  element, do you ?

Read:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

Each secure connector must define at least one *SSLHostConfig*





>
>
> John Ellis
>
>
>
> 405.285.2500 office
>
>
>
> [image: United States]
>
> [image: bize-logo-rgb-original_Ryan_Revised_portal size][image:
> cid:image002.jpg@01CECFDA.65B42CD0]
>
>
>
> http://biz-e.io
>
>
>

Re: 2 Way SSL integration with Webservices - Inbound connection not trusted

[Jose María Zaragoza]

Hi:

2017-08-16 6:59 GMT+02:00 Vinoth Raja :
> Hi Chris,
>
> In the above conversation, the server presents the list of acceptable
> client certificates to the client. Does that happen for you?
>
> [ Yes . It prints the list of acceptable certificate when
> certificateVerification is set to required. It prints the acceptable
> certificates from cacerts.

Sorry for this semi-offtopic ,
but I'm interested about the list of DN of CA sent by TLS server in
SERVER HELLO message.
I mean the list under "Acceptable client certificate CA names" header
(output text in Cris' mail )

How I can set it in Tomcat 8.5 ? Does it works either JSSE & native TLS ?
How is the client behaviour if it doesnt have an certificate signed by
an "acceptable CA" ?

Thanks and regards


> Application is not reachable from browser once certificateVerification is
> set to required. It shows "ERR_BAD_SSL_CLIENT_AUTH_CERT".
> I have tried setting different trustStore from setenv.bat but doesnt seems
> to take effect]
>
>
>> Can I set the truststore in SSLContext before making outbound call?
>> will it trust the client request.
>
> What outbound call? Tomcat only handles incoming HTTP/TLS connections.
> [i meant the web service call. yes I am talking about trusting the incoming
> TLS connection]
>
> On Wed, Aug 16, 2017 at 12:34 AM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Vinoth,
>>
>> On 8/15/17 11:42 AM, Vinoth Raja wrote:
>> > clientAuth="true" Is not valid attribute for connector in tomcat
>> > 8.5.15. I have tried setting certificateVerifucation as required
>> > but application URL is not reachable and it was complaining about
>> > certificate.
>>
>> Does the browser prompt for a certificate?
>>
>> If you use "openssl s_client -connect [hostname]:[port]" does the
>> connection show that trusted certificates are presented?
>>
>> For example:
>>
>> $ openssl s_client -connect host:port
>>
>> CONNECTED(0003)
>> [server certificate]
>>
>> Acceptable client certificate CA names
>> /CN=client-certificate1
>> /CN=client-certificate2
>> ...
>> Requested Signature Algorithms:
>> RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RS
>> A+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+
>> SHA1:DSA+SHA1:ECDSA+SHA1
>> Shared Requested Signature Algorithms:
>> RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RS
>> A+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+
>> SHA1:DSA+SHA1:ECDSA+SHA1
>> Peer signing digest: SHA512
>> Server Temp Key: ECDH, P-256, 256 bits
>> - ---
>> SSL handshake has read 2582 bytes and written 138 bytes
>> - ---
>> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>> Server public key is 4096 bit
>> Secure Renegotiation IS supported
>> Compression: NONE
>> Expansion: NONE
>> No ALPN negotiated
>> SSL-Session:
>> Protocol  : TLSv1.2
>> Cipher: ECDHE-RSA-AES256-GCM-SHA384
>> Session-ID:
>> Session-ID-ctx:
>> Master-Key: [session key]
>> Key-Arg   : None
>> PSK identity: None
>> PSK identity hint: None
>> SRP username: None
>> Start Time: 1502814654
>> Timeout   : 300 (sec)
>> Verify return code: 10 (certificate has expired)
>> - ---
>> [DISCONNECT]
>>
>> In the above conversation, the server presents the list of acceptable
>> client certificates to the client. Does that happen for you?
>>
>> > Can I set the truststore in SSLContext before making outbound call?
>> > will it trust the client request.
>>
>> What outbound call? Tomcat only handles incoming HTTP/TLS connections.
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlmTIpIACgkQHPApP6U8
>> pFga/g/8DIfIj6QoCQeMaMu3EoPJO2VjCHfCj11OoxXMkWr3NRlbXPkmtEYo6lQ6
>> qBeokSYok+OrLXlY6EM40ofq5rU/5kTzNf4kb116d5na8gz+9DoaVaDC5S+LNzjH
>> dKSu2eQXSZA+6OHSo55mH0AGQ1dyY9sZlySCqEJpOSYZMx61lZLz3NjUZqZEZ1wH
>> BYeLv1VXHhnB59oyEJNuSaUBlST7iinjfGya/T16/H61gQCV3Sz+aIkmv1IWT82A
>> kVYK7UasYg119wKk/2lJskYqloULngGWIbdZo+BrGoSyvBs0BKipErgSBIKwVFVD
>> KmTsXPzrftnSmvKuTJgI45QiEYLtWqzVsJof8q2oaGId+KnPJl+HiOAhvIXFaYg5
>> 3zsZfi9JRZwJu59CYwew+UVX/+ogwMhjDMgCMsceaGaXqiTwni0T95s2GqSbbUwr
>> HSwzXiyCHs7Kh8foWSmrDbrS0OZ1Rs3BvR2vhHMpmvjLxSMbtY0QwUK9arzmcRxJ
>> +PWlUlAkZaILcwLo5GR1LVNZzx71l5gYcC8FHQZkeBTmH8Rzedvi5riu2g6suRC2
>> T37R0u1iZ7iQTWNH0jLCHZyOWwy1La0fD7t6er7oB3Rq1F+2njNw/gIkLwRWni3V
>> YQo+KjoHP5v9ao7tA6Qjs76vqfnj9r1C7IplYeCEbecTnLNTF/w=
>> =0zTG
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For ad

Re: Error 404 - The requested resource is not available

[Jose María Zaragoza]

2017-01-11 22:49 GMT+01:00 fonsin2008 . :
> Hi all!
>
> First, I need to say that I'm new(ignorant) with Tomcat. One of our
> systems is written with tomcat, but today something went wrong and the
> following error appears on the webpage:
>
> --Estado HTTP 404 - /evaluacion/WEB-INF/pages/login/forma_login.jsp
> --__
> --type Informe de estado
> --mensaje /evaluacion/WEB-INF/pages/login/forma_login.jsp
> --descripción El recurso requerido no está disponible.
> --
> --Apache Tomcat/6.0.37
>
> The file exists on the virtualserver, at
>
> home/desarrollo/produccioncbi/virtualhost/cbi_desarrollo/evaluacion/WEB-INF/pages/login
>
> And:
> ls -l
> -rw-r--r-- 1  desarrollo 3744 feb 11  2015 forma_login.jsp
>
> the evaluacion.war file lives at
> /home/desarrollo/produccioncbi/virtualhost/cbi_desarrollo
>
> And in /WEB-INF/classes/struts.xm I found:
> ./WEB-INF/classes/struts.xml:   name="forma_login">/WEB-INF/pages/login/forma_login.jsp
>
> So, I can't figure out why this error appears. May be I'm missing
> something obvious. I also googled it, but I only found permission
> errors and wrong paths.
>

Maybe you must paste more text from struts.xml, for example, element
wrapping 
I guess you are invoking a wrong URL ( probably you should invoke an
action or something like this )




> If you need some additional information, feel free to ask.
>
> Thank you guys for your time!
>
> Jesus Mager
> [www.h1n1-al.blogspot.com]
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How do deal with 'sslv3 alert handshake failure'?

[Jose María Zaragoza]

2016-09-27 16:29 GMT+02:00 Persson, Magnus (SE-TLX)
:
> Hi,
>
> We started out with tomcat 7.0.35 and got that running with our REST
> servlet.
>
> When we upgraded to tomcat 7.0.63 we got this error when we tried to
> create a new session:
>
> {
>  "message": "[Errno 1] _ssl.c:507: error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"
> }
>
> Through Google we found out that we needed to add "SSLv2Hello" to the
> enabled protocols so we changed our connector in server.xml like this
> (only added SSLv2Hello):
>
>  maxThreads="150" scheme="https" secure="true"
> keystoreFile="${catalina.base}/conf/keystore"
> keystorePass="*" clientAuth="false"
> sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"
> URIEncoding="UTF-8" />
>
> We upgraded to tomcat 7.0.68 and it works fine with above connector in
> server.xml
>
> When we upgraded to tomcat 7.0.70 we got the sslv3 error again even
> though we have SSLv2Hello in the enabled protocols:
>
> {
>  "message": "[Errno 1] _ssl.c:507: error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"
> }
>
> What do we need to change in the server.xml file to bypass the ssl3
> error this time?

Hello:


I'm not sure but you can try these options:

http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames


Note that SSLv2 and SSLv3 are inherently unsafe.

>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TLS 1.2 Handshake on Tomcat 7.0.39 Getting Internal Error: Key format must be RAW

[Jose María Zaragoza]

2016-09-21 19:16 GMT+02:00 André Warnier (tomcat) :
> On 21.09.2016 18:49, Christopher Schultz wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Ron,
>>
>> On 9/21/16 11:58 AM, Roskens, Ronald wrote:

 -Original Message- From: Christopher Schultz
 [mailto:ch...@christopherschultz.net] Sent: Wednesday, September
 21, 2016 9:40 AM To: Tomcat Users List Subject: Re: TLS 1.2
 Handshake on Tomcat 7.0.39 Getting Internal Error: Key format
 must be RAW

>>>
>>> 
>>>
 This may be the most promising page on the Internet, but of
 course Red Hat wants you to pay to read it:

 https://access.redhat.com/solutions/1309153

 I can't see the "verified solution", or I'd reprint it here
 without permission :)
>>>
>>>
>>> The resolution says to either disable TLS 1.2 or FIPS mode.
>>>
>>> The root cause is the PKCS#11 implementation included in Java 7 and
>>> 8 does not support TLS 1.2 when in FIPS mode as documented in
>>> OpenJDK bug JDK-8029661
>>> (https://bugs.openjdk.java.net/browse/JDK-8029661)
>>>
>>> See also:
>>> https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/F
>>
>> IPS.html
>>
>> Thanks
>>>
>>>
>> for posting this.
>>
>> Good old FIPS: hobbling real security since 1994.
>>
>
> Thanks also, but does this explain fully the symptoms seen by the OP ?  As I
> recall, he had 3 apparently similar servers, configured similarly, but where
> 2 were seeing the problem and the third one not.
> Or was there another difference which he did not tell us about, and where ?
>
>

I'd try to run

cat /proc/sys/crypto/fips_enabled












>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [jdbc-pool] Validation query leaves transaction open

[Jose María Zaragoza]

2016-08-12 13:46 GMT+02:00 John Huss :
> In every database I have used every query requires a transaction. Often
> they will start them automatically if you don't do it explicitly.

Right , but I guess that Tomcat uses JDBC connections and I wonder why
for executing validationQuery sentence, Tomcat doesn't use autocommit
= true setting


> On Fri, Aug 12, 2016 at 4:13 AM Jose María Zaragoza 
> wrote:
>
>> 2016-08-11 21:33 GMT+02:00 John Huss :
>> > I have verified that in version 8.0.36 of tomcat jdbc the validation
>> query
>> > functionality does not commit the transaction it starts in order to run
>> the
>> > validation query, which can cause an open transaction for a very long
>> time
>> > (possibly until the database crashes).  This seems to be especially
>> > problematic if you have a large pool where the connections are idle for a
>> > large period of time.
>> >
>> > I also tested against version 9.0.0M9, and in that version the problem is
>> > fixed.  However, nothing about this appears in the release notes for any
>> > version (9.0, 8.5, or 8.0).  If this bug has indeed been fixed it should
>> be
>> > documented in the release notes.  Also, back-porting the fix to the 8.0
>> > branch would be very helpful.
>> >
>> > For the time being I am working around the problem by changing my
>> > validation query from "SELECT 1" to be "SELECT 1; COMMIT" (using
>> > postgresql).  This prevents the issue.
>>
>>
>> I wonder why a validationQuery needs to open a new transaction
>>
>>
>> >
>> > This was reported previously (three years ago) here:
>> >
>> https://mail-archives.apache.org/mod_mbox/tomcat-users/201301.mbox/%3CCAPw873vy%2B9kWMQiFPbnTX6g1FSQ8oTVhDJ3Zagp9UkUZ3d5qjw%40mail.gmail.com%3E
>> >
>> > Thanks,
>> > John
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [jdbc-pool] Validation query leaves transaction open

[Jose María Zaragoza]

2016-08-11 21:33 GMT+02:00 John Huss :
> I have verified that in version 8.0.36 of tomcat jdbc the validation query
> functionality does not commit the transaction it starts in order to run the
> validation query, which can cause an open transaction for a very long time
> (possibly until the database crashes).  This seems to be especially
> problematic if you have a large pool where the connections are idle for a
> large period of time.
>
> I also tested against version 9.0.0M9, and in that version the problem is
> fixed.  However, nothing about this appears in the release notes for any
> version (9.0, 8.5, or 8.0).  If this bug has indeed been fixed it should be
> documented in the release notes.  Also, back-porting the fix to the 8.0
> branch would be very helpful.
>
> For the time being I am working around the problem by changing my
> validation query from "SELECT 1" to be "SELECT 1; COMMIT" (using
> postgresql).  This prevents the issue.


I wonder why a validationQuery needs to open a new transaction


>
> This was reported previously (three years ago) here:
> https://mail-archives.apache.org/mod_mbox/tomcat-users/201301.mbox/%3CCAPw873vy%2B9kWMQiFPbnTX6g1FSQ8oTVhDJ3Zagp9UkUZ3d5qjw%40mail.gmail.com%3E
>
> Thanks,
> John

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Increased memory consumption due to url encoding

[Jose María Zaragoza]

2016-08-10 14:29 GMT+02:00 Lazar Kirchev :
> Hello Christopher,
>
> I tried with 32 MB and even 24 MB heap and the CPU usage and response time
> remained the almost the same (the difference is negligible) as with 1 GB
> heap. The cumulative allocated memory for the HeapByteBuffer remains about
> 400 MB, but of course the frequency of GCs is increased.


A newbie question:

if you tried with 32 MB ( I guess -Xmx size ) , why is not raised an OOM error ?
are those 400MB allocated outside heap ?

Thanks

>
> Regards,
> Lazar
>
> On Tue, Aug 9, 2016 at 7:27 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Lazar,
>>
>> On 8/9/16 8:40 AM, Lazar Kirchev wrote:
>> > Hello! When handling requests which make use of request dispatcher,
>> > Tomcat 7.0.70 allocates more memory in comparison to 7.0.69. This
>> > seems to come from the encoding of the path introduced with this
>> > change http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/
>> > apache/catalina/core/ApplicationContext.java?r1=1741024&r2=1741023&pat
>> hrev=
>> >
>> >
>> 1741024
>> > 5 requests to a very simple servlet which only gets a request
>> > dispatcher for some path lead to allocation of about 400 MB.
>> > However, after a GC they are freed and this actually does not
>> > influence CPU or response time. Has anybody noticed this effect and
>> > what do you think about it?
>>
>> What happens if you set the heap size very low (e.g. 32MiB) and run
>> the same test? Does the memory usage grow to 400MiB, or does the
>> request performance start to degrade?
>>
>> I'm curious if you are just seeing the effect of the GC doing its job
>> correctly.
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIcBAEBCAAGBQJXqgSPAAoJEBzwKT+lPKRY6+8P/2vzkhQJkPKjYAFln5wkbPp7
>> lbIVDvcH5546ch4nTQsrMPiUT/m71wwDytn6qOMzP9dIbAXjC3tBJI+nqDthkZyQ
>> ScmIi2A93JQl0aOHrMzCuS3cFk0sNdwK3n2sk8ZcFd5/KZ5cwxkyeUqwiRVbU5bA
>> MjJsEiq+r7Vgo6V3mAxMwaKS7mwLc1hcgJMrhJA8gjfeHzxhzeG0mcrIGrg5cGvl
>> mTHLovt9x1ts4KNApdt4DUSg+Yt3Fx/Gj1aoL1x1KbPM9VIJSb52IG/03WPMxIkq
>> fSM71fbZHpjZy19uV+e50sHzM0fg96RsrlQ7m5Uvjgqkz6zxNYlsX3tC0z1E7oEr
>> wq1Qi0C3dCbRe6vqnN3znYg+DyrlZ/R+qO8+35GD3ljiiDuJLpevYFNVjNceFn1Y
>> Qno6W8/2Dp1eHTxaAAVY4hhbdZyzLgxD+lOu+THkOnoZwx8Bw8TXStHIdbwtMfSz
>> 9jGuZU4W/t9uTgW6ZnauS16v2EKUbicFY9L5FB3vrRUi1qm+pYVMUdQoZtVl2yL6
>> ZoDTEZTGzvpNUoJLGDzWjp9QkXkVGIrgM7+uYXIDcMUn7QrmLLab7oGJO1pLuAlz
>> 9BJiLpjqja5eAHp/Bz1ud5ZZhBaNECJIqhkjma/+LAC1Meullf3ct4FRmL8aGfUz
>> m0ntWlqyXwr6EbmRjbFE
>> =FTq+
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: jdbc check available database

[Jose María Zaragoza]

2016-08-09 10:52 GMT+02:00 Andrea Galli :
> Thank you Christoph , but in this how-to there isn't any example for SQL
> Server.

This is my configuration (context.xml) for a SQL Server connection pool



You need a SQL Server JDBC driver


>
> -Messaggio originale-
> Da: Christoph Nenning [mailto:christoph.nenn...@lex-com.net]
> Inviato: martedì 2 agosto 2016 09:44
> A: Tomcat Users List 
> Oggetto: Re: jdbc check available database
>
>> Hello guys,
>>
>> I’ve SQL Server database with Tomcat 7 and, when I restart only
> database,
>>  webapps on Tomcat didn’t works , it show me error to connect to
> database ..
>>
>> In webapp context I use jdbc driver for connect, so there is a kind of
>> method for retry to connect to database when it return available?
>>
>>
>>
>
> Hi,
>
> I suggest to use a DataSource instead of dealing with jdbc connections on
> your own.
>
> see:
> http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html
>
>
> Regards,
> Christoph
>
>
> This Email was scanned by Sophos Anti Virus
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple SSL config with single IP on Tomat 8.5.4

[Jose María Zaragoza]

2016-08-04 17:17 GMT+02:00 Kent Smotherman :
> From: Mark Thomas 
> To: Tomcat Users List 
> Cc:
> Date: Wed, 3 Aug 2016 15:49:12 -0700
> Subject: Re: Multiple SSL config with single IP on Tomcat 8.5.4
> On 03/08/2016 15:05, Kent Smotherman wrote:
>> I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a
> single
>> IP. My relevant server.xml looks like this:
>>
>> >connectionTimeout="2"
>>URIEncoding="UTF-8"
>>redirectPort="9443" />
>> >maxThreads="150" scheme="https" secure="true" hostName="
>> firstnationalsculpturepark.com"
>>clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
>> firstnationalsculpturepark.com"
>>>
>> 
>> > certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>>certificateKeystorePassword="xxx"
>>certificateKeyAlias="firstnationalsculpturepark"
>> />
>>  
>> 
>>
>> This gives me this error on startup:
>>
>> 03-Aug-2016 16:47:04.541 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'hostName' to 'firstnationalsculpturepark.com' did not find a matching
>> property.
>>
>> I'm not sure what I'm doing wrong, as the hostName property is indicated
> in
>> the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
>> then causes an error trying to find the default keystore file since it
>> isn't using the one I've specified, but that is expected.)
>
> Take another look at the error messge. It is complaining about an
> invalid attribute on the Connector, not the SSLHostConfig.
>
> Mark
>
> ---
>
> Thanks! I removed the hostName attribute from the Connector, and now all I
> have left is the same error complaining that it cannot find .keystore, when
> it should be looking for twinfeats.keystore:
>
>  protocol="org.apache.coyote.http11.Http11NioProtocol"
>maxThreads="150" scheme="https" secure="true"
>clientAuth="false" sslProtocol="TLS"
>defaultSSLHostConfigName="www.twinfeats.com">
>   
>   certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>certificateKeystorePassword="takara36"
>certificateKeyAlias="firstnationalsculpturepark"
>   />
>   
>   
>   certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>certificateKeystorePassword="x"
>certificateKeyAlias="twinfeats"
>   />
>   
> 
>
> And the error:
>
> 04-Aug-2016 10:01:16.755 SEVERE [main]
> org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
> type [JKS] with path [/home/twinfeats/.keystore] due to
> [/home/twinfeats/.keystore (No such file or directory)]
>  java.io.FileNotFoundException: /home/twinfeats/.keystore (No such file or
> directory)
>
> I've reviewed my server.xml as excerpted above, but I don't see any
> remaining silly mistakes.  Any clues?


According doc:

"certificateKeystoreFile

The pathname of the keystore file where you have stored the server
certificate and key to be loaded. By default, the pathname is the file
.keystore in the operating system home directory of the user that is
running Tomcat. If your keystoreType doesn't need a file use "" (empty
string) or NONE for this parameter. **Relative paths will be resolved
against $CATALINA_BASE**. A URL may also be used for this attribute."

I would try a relative path


PD: I wonder why the same keystore has got different
certificateKeystorePassword

>
> Thanks!
>
> Kent

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple domian names one web site different content

[Jose María Zaragoza]

Maybe my question does't have to do with current thread ( an probably
doesn't have any sense at all) but :

would be possible to define "VirtualHost" according the destination port ?
I know that VirtualHost diferent domain name, but i want to keep the
same domain name
and to define
2 connectors , listening on 8080 and 8081
Requests to 8080 go to /webapps-app1 and requests to 8081 go to /webapps-app2

is it possible in a only one Tomcat instance ? or  I need to configure
2 tomcat instances ?

Thanks and regards






2016-03-04 19:11 GMT+01:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Andrew,
>
> On 3/4/16 7:44 AM, Andrew Hardy wrote:
>> New to web servers.
>
> Welcome.
>
>> This may be a spring MVC question rather than tomcat, I'm not
>> sure.
>>
>> I understand I can map multiple domains to a single ip address
>> using DNS.  I have read some stuff on how to set up multiple
>> virtual hosts on the same host (ip address) on tomcat which
>> requests can be diverted to depending on which domain name was used
>> to make the request.
>>
>> Alternatively I am wondering about not having multiple virtual
>> hosts (which I am guessing would be more useful if there was
>> significant difference between between the sites) but have a single
>> site which has a single layout structure etc but serves up
>> specifically tailored content from a selected content store BASED
>> on the domain used to make the request.
>>
>> Is this anything to do with tomcat or do I have to some how tell
>> which domain was used when the http session is begun and set which
>> content at that point using spring MVC.  Perhaps the (first)
>> request / session includes the domain used and I so need to access
>> that programatically?
>
> You mean one single instance of the application that handles the
> hostname of the request to make decisions? Sounds good, and doesn't
> really involve Tomcat.
>
> If you have a session contained in a single web application, you could
> either store the initial server hostname in the session and use that
> until the session ends, or you could always pull the hostname from
> each incoming request. Presumably, it won't be changing. Or, you could
> cross-check those hostnames and maybe change configuration or complain
> and log the user out in that event.
>
> Again, not much to do with Tomcat, which will just route all
> appropriate requests to your application.
>
>> Is there a reason for this situation that I should not do things
>> the way I suggest? but should use multiple "identical duplicate"
>> web sites (virtual hosts) apart from each of which being hard coded
>> to access a specific content store?
>
> For me, it always comes down to complexity. If you know you can do
> this with a webapp-per-domain, then that's certainly a possibility but
> you'll need more heap space for multiple web applications, and so you
> might not scale as well.
>
> On the other hand, you may have to significantly re-work your web
> application to be able to handle one-single-webapp that can
> auto-switch configuration based upon the client's server-hostname. If
> that's the case, then running a single-application represents more
> risk -- at least for now.
>
> If I were designing things from scratch and I knew I'd be supporting
> marge numbers of configurations, I'd go with the
> single-webapp-instance approach because it's more scalable.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbZz9oACgkQ9CaO5/Lv0PD0mQCfShH1CZqKimD+mwBpOJimFMvt
> qpgAni7S3D76ekXUrChiIfHZKRisUOsK
> =jNpf
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Cors-Filter

[Jose María Zaragoza]

2016-02-26 9:08 GMT+01:00 RICHARD DOUST :
> My question is, why doesn't it work, or, how can I debug it?

Are you tested to allow to all origins (default option) ? Only for
testing purpose, I mean:

cors.allowed.origins
*

At first sight, your settings should work, but ...


> I guess I'm going to have to figure out how to get the code for org.apache 
> associated with the jar file so that I can see the source in Eclipse and set 
> a breakpoint.
> I have read elsewhere that any http page that attempts to mix in https 
> content is as insecure as the page that uses http exclusively, being subject 
> to man in the middle attacks and that once you need https everything needs to 
> be https, but in a large SPA, that seems to me to mean a lot of potentially 
> unnecessary overhead. I'd like to know what some experts think.
>
> Thanks
>
> Sent from my iPad
>
>> On Feb 26, 2016, at 2:42 AM, André Warnier (tomcat)  wrote:
>>
>>> On 25.02.2016 22:59, RICHARD DOUST wrote:
>>> Hi,
>>>
>>> I’m running Tomcat 7.0. Can’t find the version.bat file, so I don’t know 
>>> more than that. It’s installed on a Windows computer running Windows Server 
>>> 2003 DataCenter Edition. (How’s that for refusing to upgrade?) Anyway, it’s 
>>> a client’s box. I’m trying to migrate an application to JavaScript from 
>>> GWT, but that’s beside the point. The problem is, I’m unable to send an 
>>> XMLHttpRequest to this Tomcat instance via https. The site is being served 
>>> by the same domain, but via http.
>>>
>>> I get:
>>>
>>> Failed to load resource: Origin http://www.domain.com is not allowed by 
>>> Access-Control-Allow-Origin.   
>>> https://www.domain.com/application/api/request
>>> XMLHttpRequest cannot load https://www.domain.com/application/api/reqeuest. 
>>> Origin http://www.domain.com is not allowed by Access-Control-Allow-Origin.
>>>
>>> This is an excerpt my web.xml file for the war:
>>>

CorsFilter
org.apache.catalina.filters.CorsFilter

cors.allowed.origins
 http://www.domain.com, 
 http://beta.domain.com:8080, http://localhost:8080
 

cors.allowed.methods
GET,POST,HEAD,OPTIONS,PUT

  


 CorsFilter
 /api/*

>>>
>>>
>>> I’d like to debug this, but I don’t know how to go about it. Am I suffering 
>>> from a basic misunderstanding? Does cors not allow http to https? Anyway, 
>>> any help would be appreciated.
>>>
>>
>> Honestly, I don't know much about CORS, but I looked at the specs, here :
>> http://tools.ietf.org/html/rfc6454 (*)
>> and it seems to me indeed that in
>> 3.2, Q: Why not just use the host?,
>> it indeed says that the scheme "http" or "https", is part of the origin.
>> I interpret this as meaning that if the HTML page was obtained from 
>> "http://www.domain.com";, a call made from within it, to 
>> "https://www.domain.com"; would not qualify as "from the same origin".
>>
>> Further in 3.2.1, it gives some examples :
>>
>> Each of the following resources has a different origin from the
>>   others.
>>
>>   http://example.com/
>>   http://example.com:8080/
>>   http://www.example.com/
>>   https://example.com:80/
>>   https://example.com/
>>   http://example.org/
>>
>>
>> (*) pointed at by the on-line Tomcat documentation :
>> https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
>> -> cors.allowed.origins -> "origin"
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Detecting Expired Session via JavaScript?

[Jose María Zaragoza]

2015-12-01 19:17 GMT+01:00 Jose María Zaragoza :
> 2015-12-01 18:30 GMT+01:00 Jerry Malcolm :
>> I'm looking for a way to detect that the current session has expired (or
>> logged out via another tab on the browser).  I know I could just issue dummy
>> requests to the server and see if a login page comes back.  But issuing
>> requests automatically resets the session timer.
>
> Only if the request goes to the same application.
> You can create a HttpSessionListener who saves some info on a shared
> store when session is expired.
> Anothe REST service could check the status of the session when is
> requested by your page


Other option is to use Comet long polling ( requires servlet 3.x )
with an only one event sent by server to browser :session expired
When browser receives it, stop polling until user is logged in again

Or websockets ...



>
> You only need to think the way to map  Tomcat session with REST
> requests ( a random string created on load page  and store it in a
> local javascript variable and sent to server when logging in ? I don't
> know )
>
>
>
>
> I need a benign way to
>> query that doesn't keep the session alive forever.
>>
>> I'm sure this problem has been solved before.  But basically, I want to know
>> that the session is no longer valid and force the user back to the login
>> page.  I know one possibility is to set the Tomcat timer to 30 min
>> expiration, and then keep a '29 minute' timer running in the browser.  But
>> my clients can change the tomcat session timer length.  And also this
>> doesn't account for a logoff using the same session on a different browser
>> tab.  I'd really like a pro-active query method if anything like that
>> exists.
>>
>> Suggestion?
>>
>> Thanks.
>>
>> Jerry
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Detecting Expired Session via JavaScript?

[Jose María Zaragoza]

2015-12-01 18:30 GMT+01:00 Jerry Malcolm :
> I'm looking for a way to detect that the current session has expired (or
> logged out via another tab on the browser).  I know I could just issue dummy
> requests to the server and see if a login page comes back.  But issuing
> requests automatically resets the session timer.

Only if the request goes to the same application.
You can create a HttpSessionListener who saves some info on a shared
store when session is expired.
Anothe REST service could check the status of the session when is
requested by your page

You only need to think the way to map  Tomcat session with REST
requests ( a random string created on load page  and store it in a
local javascript variable and sent to server when logging in ? I don't
know )




I need a benign way to
> query that doesn't keep the session alive forever.
>
> I'm sure this problem has been solved before.  But basically, I want to know
> that the session is no longer valid and force the user back to the login
> page.  I know one possibility is to set the Tomcat timer to 30 min
> expiration, and then keep a '29 minute' timer running in the browser.  But
> my clients can change the tomcat session timer length.  And also this
> doesn't account for a logoff using the same session on a different browser
> tab.  I'd really like a pro-active query method if anything like that
> exists.
>
> Suggestion?
>
> Thanks.
>
> Jerry
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [PROPOSAL] Tomcat Webinar series

[Jose María Zaragoza]

2015-11-12 23:29 GMT+01:00 Mark Thomas :
> All,
>
> I've been wondering if there would be any interest in a Tomcat Webinar
> series. I'm thinking ~10 minutes of presentation followed by Q&A on
> topics of interest to this community with the webinars taking place
> every 1/2/4 weeks depending on interest. The webinars would also be
> recorded and uploaded somewhere - probably youtube - and linked from
> tomcat.apache.org.


+1



>
> My initial thoughts on possible topics are:
>
> - Intro to Tomcat 9 (the first milestone release is in progress as
>   I type this)
>
> - TLS virtual hosting with Tomcat 9
>
> - Generating TLS keys for Tomcat
>
> - HTTP/2 and Tomcat 9
>
> - Connector selection: BIO vs NIO vs NIO2 vs APR
>
> - Proxy protocol choice HTTP vs AJP
>
> Other topics as requested by the users@ community.
>
> Presenters would be one of the Tomcat committers. Obviously, I'm happy
> to do these but I hope some of my fellow committers will agree to do
> some presentations as well.
>
> Thoughts, feedback, topic suggestions welcome.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question for posgresq, and jdbc.jar placement.

[Jose María Zaragoza]

2015-10-22 18:26 GMT+02:00 Christopher Schultz :
> Ognjen,
>
> On 10/22/15 9:10 AM, Ognjen Blagojevic wrote:
>> Jose & Chris,
>>
>> On 21.10.2015 20:47, Christopher Schultz wrote:
>>> Jose,
>>>
>>> On 10/21/15 7:33 AM, Jose María Zaragoza wrote:
>>>> IMHO
>>>>
>>>> $CATALINA_HOME/lib  would be the right place
>>>
>>> +1
>>
>> Are you willing to elaborate why do you prefer $CATALINA_HOME instead of
>> $CATALINA_BASE?
>>
>> I don't have multiple Tomcat instances running, but I still split
>> $CATALINA_HOME and $CATALINA_BASE to different directories in order to
>> make Tomcat upgrades easier. Everything that is different from original
>> installation goes to $CATALINA_BASE (bin/setenv.sh, conf/*, logs,
>> webapp, etc... as well as additional jars including lib/(jdbc).jar. Thus
>> when I upgrade Tomcat and change $CATALINA_HOME I don't have to think
>> about additional jars.
>
> Our build process auto-builds CATALINA_BASE and so it's (marginally)
> more convenient to have it in CATALINA_HOME. We also have 4 applications
> running on each server from the same CATALINA_HOME and different
> CATALINA_BASEs, but they all use the same JDBC driver.
>
> IMHO, it doesn't matter which one you use. I would have +1'd Jose
> whichever one he said.

Cool !

>Honestly, CATALINA_BASE is probably much better,
> since it won't interfere with other applications that might not need the
> driver, or might require a different version, etc.

Honestly I've never needed to use CATALINA_BASE
But I 've a question

every instance uses only its CATALINA_BASE directories or there is any
kind of delegation hierachy for libraries ?

For example,if my webapp doesn't find a jar file on $CATALINA_BASE/lib
, doest it search on $CATALINA_HOME/lib ?

Regards




>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question for posgresq, and jdbc.jar placement.

[Jose María Zaragoza]

2015-10-21 13:19 GMT+02:00 Andrew Davis :

> Ok, I'm embarrassed.
>
> I've got a UBUNTU (GUI included) install of Tomcat7 installed from command
> line.
>
> Inside my machine I have what looks like two locations that play a key
> role.
>
> OPTION 1 for the jdbc.jar file?
>   I think that this is the "$CATALINA" base
>   Path:  usr/share/tomcat7
>  Folders Inside: (bin, common, conf, lib, log, server, shared)
>  Files Inside: (defaults.md5sum, defaults.template,
> logrotate.md5sum, logrotate.template)
>
> OPTION 2 for the jdbc.jar file?
>  I'm not sure if this would be the "$CATALINA" home
>  Path: var/lib/tomcat7
>  Folders Inside: (common, conf, logs, server, shared, webapps,
> work)
>  **When I upload a .war file from the
> http://localhost/manager/html interface it is placed in the "webapps"**
>
>
>
Probably you have symbolic links in /usr/share/tomcat7
Have a look

ls -lrt tomcat7




>
> OPTION 3 for the jdbc.jar file?***  *This is working, but I am going
> to write multiple apps which would use this .jar file.
> do I just include multiple copies of the .jar, or is there a central place
> to put it (please no jokes here).
> [image: Inline image 2]
>


IMHO

$CATALINA_HOME/lib  would be the right place





>
>
> Andy...
>

Re: Multiple JSESSIONID cookies being presented.

[Jose María Zaragoza]

2015-09-09 18:08 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
>> Sent: Tuesday, September 08, 2015 4:58 PM
>> To: Tomcat Users List 
>> Subject: RE: Multiple JSESSIONID cookies being presented.
>>
>> > From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>> > Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> > > Thanks for the clarification of what's supposed to happen on
>> receipt, Jose.
>> > > However, I am describing what happens on first contact from the
>> client to the server.
>> > > The browser sends https://hostname/APP2, and Tomcat returns:
>> > > JSESSIONID=, path=/and   JSESSIONID=, path=/APP2/
>>
>> > Indeed, it doesn't make sense for me to return different id (  ,
>> >  ) if you are accesing to only one context (/APP2)
>>
>> > Are you sure that your webapp deployed in /APP2 is not accesing to
>> > resources ( session-aware resources as JSP, servlet, .. .I mean)
>> > stored in ROOT context ?
>>
>> As I think someone previously mentioned, the client (browser) may well
>> be sending an unsolicited request to the default webapp, such as when
>> trying to retrieve favicon.ico.  You might want to run Fiddler or
>> Wireshark on the client to see exactly what's being sent to the server.
>>
>
> And there's no way to keep a browser from asking for the favicon.ico file 
> from the root.
> We don't have one, so I would expect a 404 is sent, which looking at the 
> access log file is what happens.
> However, is this the issue?  I tested this doing a manual 
> https://hostname/favicon.ico and see that we also return our root app's error 
> page. We also seem to be doing that for the auto-generated request, judging 
> by the bytes returned value, even though it won't get displayed.
> And I bet that the error page is setting the session cookie for some reason.
> Does that sound reasonable?

If you write https://hostname/favicon.ico into your browser's url address bar
does it return a JSESSIONID ?
If it does , why do your error html page is creating a HTTP session ?
Is it a error.jsp ?





> Is my solution just providing a favicon.ico file?
> Jeff
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple JSESSIONID cookies being presented.

[Jose María Zaragoza]

2015-09-08 22:57 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>> Sent: Tuesday, September 08, 2015 9:08 AM
>> To: Tomcat Users List 
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> 2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>> >> -Original Message-
>> >> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> >> Sent: Friday, September 04, 2015 12:46 PM
>> >> To: Tomcat Users List 
>> >> Subject: Re: Multiple JSESSIONID cookies being presented.
>> >>
>> >> -BEGIN PGP SIGNED MESSAGE-
>> >> Hash: SHA256
>> >>
>> >> Jeffrey,
>> >>
>> >> On 9/4/15 12:37 PM, Jeffrey Janner wrote:
>> >> > I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but I'm
>> >> > also seeing this on Windows (version doesn't matter), with Tomcat
>> >> > 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java 7U51.
>> >> >
>> >> > I have 2 contexts installed in Tomcat, one is ROOT, the other
>> >> > APP2. Both contexts start off at a login screen unique to the
>> >> > context and provided by it (not using container auth).
>> >> >
>> >> > When I connect to ROOT, no problem, but when I connect to APP2, I
>> >> > get 2 JSESSIONID cookies, one with the path "/" and the other with
>> >> > the path "/APP2/".
>> >>
>> >> I would expect this behavior: you have one ROOT app (cookie path=/)
>> >> and one APP2 app (cookie path=/APP2). Your browser will send both
>> >> cookies to /APP2 because / is a prefix of /APP2.
>> >>
>> > Chris -
>> > I wanted to come back to this case.
>> > Why is the above "expected behavior"?
>> > The client is connecting directly as "https://hostname/APP2"; and never
>> going directly to the ROOT app, yet gets both JSESSIONIDs from Tomcat on
>> first connection.  To me, this seems like a bug.
>> > Only being an admin, I've not fully read the spec, so not sure if the
>> above is really expected behavior.
>>
>>
>> http://www.ietf.org/rfc/rfc2109.txt
>>
>> The following rules apply to choosing applicable cookie-values from
>>among all the cookies the user agent has.
>>
>> Domain Selection
>> The origin server's fully-qualified host name must domain-match
>> the Domain attribute of the cookie.
>>
>>Path Selection
>> The Path attribute of the cookie must match a prefix of the
>> request-URI.
>>
>>Max-Age Selection
>> Cookies that have expired should have been discarded and thus
>> are not forwarded to an origin server.
>>
>>If multiple cookies satisfy the criteria above, they are ordered in
>>the Cookie header such that those with more specific Path attributes
>>precede those with less specific.  Ordering with respect to other
>>attributes (e.g., Domain) is unspecified.
>>
>>
>>
> Thanks for the clarification of what's supposed to happen on receipt, Jose.
> However, I am describing what happens on first contact from the client to the 
> server.
> The browser sends https://hostname/APP2, and Tomcat returns:
> JSESSIONID=, path=/and   JSESSIONID=, path=/APP2/

Sorry, I misunderstood
IMHO, that behaviour is strange .
Indeed, it doesn't make sense for me to return different id (  ,
 ) if you are accesing to only one context (/APP2)

Are you sure that your webapp deployed in /APP2 is not accesing to
resources ( session-aware resources as JSP, servlet, .. .I mean)
stored in ROOT context ?


>
> My contention is that it shouldn't be sending the first one, since it should 
> never route the request to the ROOT app, so it should not be generating a 
> cookie for it.
>
> However, taking what you say above at face value, are you saying that HaProxy 
> should only be forwarding the cookie with path=/APP2/ or should it forward 
> all of them and let Tomcat figure it out.

I don't know.
In a later email, I talked you about using another cookie ( SRV_ID )
to balance between backend servers. This feature is implemented by HA
Proxy ( 1.5 at least )


>
> Jeff

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ServletRequest.getRemoteHost() not working when Tomcat is behind Nginx (Nginx as a reverse proxy)

[Jose María Zaragoza]

2015-09-08 22:10 GMT+02:00 Brian :
> Hello José,
>
> That’s a nice idea indeed (A VERY NICE ONE!), but an extra work because of 
> the networking effort. I'm talking about a site that can get hundreds of 
> requests per second.

But you would want to execute ServletRequest.getRemoteHost() in every
request , right ? That was your question.
I don't know how is the Tomcat 6's ServletRequest.getRemoteHost()
implementation , but I guess it's not very different to my code

Regards




>
> Since Nginx has access to this information, I bet there must be a way to pass 
> it to Tomcat the same way the IP address can be passed! But for some reason I 
> can't find it and I have spent quite some time looking for it.
>
> Thanks a lot!
>
>
>> -Original Message-
>> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>> Sent: martes, 08 de septiembre de 2015 02:58 p.m.
>> To: Tomcat Users List 
>> Subject: Re: ServletRequest.getRemoteHost() not working when Tomcat is
>> behind Nginx (Nginx as a reverse proxy)
>>
>> 2015-09-08 21:22 GMT+02:00 Brian :
>> > Hi,
>> >
>> >
>> >
>> > First of all, I'm using:
>> >
>> > - Tomcat 7.0.50
>> >
>> > - Nginx 1.4.7
>> >
>> >
>> >
>> > When I use Tomcat alone, ServletRequest.getRemoteHost()
>> >
>> (http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getRe
>> > moteHost()
>> >
>> <http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getRe
>> > moteHost())>  )  works fine. But when Tomcat is behind Nginx (Nginx acting
>> > as a reverse proxy), it does not.
>> >
>> > Just to make myself clear, this is the architecture I'm talking about:
>> >
>> >
>> >
>> > Client -> Nginx (as a reverse proxy) -> Tomcat.
>> >
>> >
>> >
>> > The problem is that ServletRequest.getRemoteHost() gives me the hostname of
>> > the proxy itself (meaning Nginx) and not that of the client.
>> >
>> >
>> >
>> > I was able to get the IP address of the visitor (and not that of the host
>> > where Nginx is running) doing this on Nginx:
>> >
>> >
>> >
>> > server {
>> >
>> > listen 80;
>> >
>> > server_name www.acme.com acme.com;
>> >
>> > location / {
>> >
>> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> > <--- This line did the trick
>> >
>> > proxy_set_header Host $http_host;
>> >
>> > proxy_pass http://152.53.163.220:80/;
>> >
>> > }
>> >
>> > }
>> >
>> >
>> >
>> > And then inspecting the content of the "X-Forwarded-For" header in my java
>> > programming. But what do I do to obtain the remote hostname? I guess it is
>> > something similar, but I haven't found a solution. What I want to know is:
>> >
>> > - Exactly what configuration do I need in Nginx
>> >
>> > - Exactly what do I do from Java to obtain the value.
>>
>> Why not do you perform a reverse DNS lookup by code ? Something like :
>>
>> InetAddress addr = InetAddress.getByName("xx.xx.xx.xx");
>> String host = addr.getCanonicalHostName();
>> System.out.println(host);
>>
>> You only need to extract 'X-Forwarded-For' header from request  and
>> execute that piece of code
>>
>>
>> Regards
>>
>> >
>> >
>> >
>> > Thanks in advance,
>> >
>> >
>> >
>> > Brian
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ServletRequest.getRemoteHost() not working when Tomcat is behind Nginx (Nginx as a reverse proxy)

[Jose María Zaragoza]

2015-09-08 21:22 GMT+02:00 Brian :
> Hi,
>
>
>
> First of all, I'm using:
>
> - Tomcat 7.0.50
>
> - Nginx 1.4.7
>
>
>
> When I use Tomcat alone, ServletRequest.getRemoteHost()
> (http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getRe
> moteHost()
>  moteHost())>  )  works fine. But when Tomcat is behind Nginx (Nginx acting
> as a reverse proxy), it does not.
>
> Just to make myself clear, this is the architecture I'm talking about:
>
>
>
> Client -> Nginx (as a reverse proxy) -> Tomcat.
>
>
>
> The problem is that ServletRequest.getRemoteHost() gives me the hostname of
> the proxy itself (meaning Nginx) and not that of the client.
>
>
>
> I was able to get the IP address of the visitor (and not that of the host
> where Nginx is running) doing this on Nginx:
>
>
>
> server {
>
> listen 80;
>
> server_name www.acme.com acme.com;
>
> location / {
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> <--- This line did the trick
>
> proxy_set_header Host $http_host;
>
> proxy_pass http://152.53.163.220:80/;
>
> }
>
> }
>
>
>
> And then inspecting the content of the "X-Forwarded-For" header in my java
> programming. But what do I do to obtain the remote hostname? I guess it is
> something similar, but I haven't found a solution. What I want to know is:
>
> - Exactly what configuration do I need in Nginx
>
> - Exactly what do I do from Java to obtain the value.

Why not do you perform a reverse DNS lookup by code ? Something like :

InetAddress addr = InetAddress.getByName("xx.xx.xx.xx");
String host = addr.getCanonicalHostName();
System.out.println(host);

You only need to extract 'X-Forwarded-For' header from request  and
execute that piece of code


Regards

>
>
>
> Thanks in advance,
>
>
>
> Brian
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple JSESSIONID cookies being presented.

[Jose María Zaragoza]

2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Sent: Friday, September 04, 2015 12:46 PM
>> To: Tomcat Users List 
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Jeffrey,
>>
> Now, it's been doing this since at least Tomcat 6, I have one running now, 
> and I've never had a problem with it using direct connections.  But now we 
> are front-ending with HaProxy and going to two backend tomcats, and using the 
> JSESSIONID to support sticky-sessions.  I'm afraid the multiple cookies is 
> confusing HaProxy. (Yes, I'm going to ask that user community.)
> Jeff


You could use another cookie to implement stickyness

"You can add a cookie SOME-COOKIE-NAME prefix directive into the
backend. Then simply add the cookie directive within each server. Then
HAProxy will append a cookie (or add onto an existing one) a
identifier for each server. This cookie will be sent back in
subsequent requests from the client, letting HAProxy know which server
to send the request to. This looks like the following:"

backend nodes
# Other options above omitted for brevity
 cookie SRV_ID prefix
server web01 127.0.0.1:9000 cookie check
server web02 127.0.0.1:9001 cookie check
server web03 127.0.0.1:9002 cookie check


https://serversforhackers.com/load-balancing-with-haproxy

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple JSESSIONID cookies being presented.

[Jose María Zaragoza]

2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Sent: Friday, September 04, 2015 12:46 PM
>> To: Tomcat Users List 
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Jeffrey,
>>
>> On 9/4/15 12:37 PM, Jeffrey Janner wrote:
>> > I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but I'm
>> > also seeing this on Windows (version doesn't matter), with Tomcat
>> > 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java 7U51.
>> >
>> > I have 2 contexts installed in Tomcat, one is ROOT, the other
>> > APP2. Both contexts start off at a login screen unique to the
>> > context and provided by it (not using container auth).
>> >
>> > When I connect to ROOT, no problem, but when I connect to APP2, I
>> > get 2 JSESSIONID cookies, one with the path "/" and the other with
>> > the path "/APP2/".
>>
>> I would expect this behavior: you have one ROOT app (cookie path=/)
>> and one APP2 app (cookie path=/APP2). Your browser will send both
>> cookies to /APP2 because / is a prefix of /APP2.
>>
> Chris -
> I wanted to come back to this case.
> Why is the above "expected behavior"?
> The client is connecting directly as "https://hostname/APP2"; and never going 
> directly to the ROOT app, yet gets both JSESSIONIDs from Tomcat on first 
> connection.  To me, this seems like a bug.
> Only being an admin, I've not fully read the spec, so not sure if the above 
> is really expected behavior.


http://www.ietf.org/rfc/rfc2109.txt

The following rules apply to choosing applicable cookie-values from
   among all the cookies the user agent has.

Domain Selection
The origin server's fully-qualified host name must domain-match
the Domain attribute of the cookie.

   Path Selection
The Path attribute of the cookie must match a prefix of the
request-URI.

   Max-Age Selection
Cookies that have expired should have been discarded and thus
are not forwarded to an origin server.

   If multiple cookies satisfy the criteria above, they are ordered in
   the Cookie header such that those with more specific Path attributes
   precede those with less specific.  Ordering with respect to other
   attributes (e.g., Domain) is unspecified.



> Now, it's been doing this since at least Tomcat 6, I have one running now, 
> and I've never had a problem with it using direct connections.  But now we 
> are front-ending with HaProxy and going to two backend tomcats, and using the 
> JSESSIONID to support sticky-sessions.  I'm afraid the multiple cookies is 
> confusing HaProxy. (Yes, I'm going to ask that user community.)
> Jeff
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: validationQuery doesn't work (DBCP 7.0.59)

[Jose María Zaragoza]

2015-06-15 17:59 GMT+02:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jose,
>
> It looks like your issue is mostly solved...
>
> On 6/15/15 4:42 AM, Jose María Zaragoza wrote:
>> I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4
>>
>> The context.xml settings are
>>
>>
>> > timeBetweenEvictionRunsMillis="0"/>
>
> Are you sure you want to do this? The docs don't say anything about
> the value of "0", though one might reasonably expect that this
> disables eviction runs.
>
> The default for "testWhileIdle" is "false", which means that the
> default value of timeBetweenEvictionRunsMillis is not relevant.


sure ?
I was following the guide in this link:
http://www.codingpedia.org/ama/tomcat-jdbc-connection-pool-configuration-for-production-and-development/

"timeBetweenEvictionRunsMillis > 0 AND removeAbandoned=true AND
removeAbandonedTimeout > 0 means the pool sweeper is enabled."

I want to be sure that eviction thread of inactive thread is not executed .
is that paragrah false ?

Regards




>
> I would remove this unnecessary configuration, or you may confuse
> people (or yourself) into thinking that it has an actual meaning.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVfvZnAAoJEBzwKT+lPKRYCG8QALcZ6KqFWYxB3YZSr49R+pGx
> a3PZwLWO/FabNjkqRy1t2N3/mMJBDFRmwUOw1II+jPpgDl8E6X3cuyyYBBFl1YnU
> 08CJIbKeNclUq6coU52/huvESTCaqa/q+YxknJRq9JFla5yDZlSNQFbQ1QiY/Ei0
> YtcZrzgzRIzeYTVrTlYkb1kuZouKU2KL2DCVS9NoY+s/R5ZSjAs+O4Cpg6V5BcuO
> oEhrwijaQ8+yVWAzGt9+s9j0ohf40ryUcbFB86uY3O4TmebMMZEBMvmTPJ/dpVqt
> GJYCDnr3nLfe6FTr7IK8YinFaWRAJ8U/h0JPs1OthJn1ZiLvLy2N5JeK+YAtx0oI
> l2dxkKr5COFU+DzslUjhiF6/AQJElA/ldqZYJKWeDUJ2oQaEyicPRkdvgknDIjcu
> vNJidFEWZ/4LA48D0OnQ9HLAWYUmXXeiTYXtxWekxpv5RSTL9xZh4rGylWvnbZXi
> WpZxl66RCmk1Lfe5VEIt8jWtRydOOYR4CnBkFoMZj4vSuOysnspnaHMAblEsJuUW
> u02MVC7ZxzG+FepQAMoriQKaEdih1cPNRj3y2Dq2cWZW82RpwS8CoLzgZi9FlSkg
> rPXWpsQ5OJNVmnhdAPaaEHKwIGxObScJZnBVFZgPzU7DRbh7q0SMQexIgnSB5blj
> kEnwEfkaLRF295pU+APM
> =OTjA
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: validationQuery doesn't work (DBCP 7.0.59)

[Jose María Zaragoza]

2015-06-15 16:35 GMT+02:00 Daniel Mikusa :
> On Mon, Jun 15, 2015 at 4:42 AM, Jose María Zaragoza 
> wrote:
>
>> Hello:
>>
>>
>> I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4
>>
>> The context.xml settings are
>>
>>
>> >   factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
>
>   driverClassName="org.postgresql.Driver"
>>   initialSize="0"  maxActive="100" maxIdle="20"
>> maxWait="1" mindIdle="0"
>>   name="datasource/bbdd" password="fake"
>> removeAbandoned="true"
>>
>>
>> url="jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3&loadBalanceHosts=false"
>>   username="foo" validationQuery="SELECT 1"
>> testOnBorrow="true" timeBetweenEvictionRunsMillis="0"/>
>>
>>
>> I've configured JDBC driver in failover mode ( as you can see in URL
>> definition )
>>
>> When I test this configuration ( I stop/start databases but , at
>> least, there is one running ) , sometimes I'm getting this error
>> message:
>>
>>
>> org.apache.ibatis.exceptions.PersistenceException:
>> ### Error querying database.  Cause:
>> org.postgresql.util.PSQLException: This connection has been closed.
>>
>> How is it possible if testOnBorrow="true" and validationQuery="SELECT 1" ?
>>
>
> Try setting validationInterval to a lower value.  It defaults to 30s, which
> means it will only run the query once per 30s.
>
> http://tomcat.apache.org/tomcat-8.0-doc/jdbc-pool.html#Tomcat_JDBC_Enhanced_Attributes


You got it !

Thanks
Now I need to understand which is the best value ( in performance terms )


Regards




>
>
>> How I can debug if validationQuery is working as I want  ?
>>
>
> 1.) Start Tomcat, make sure the app is working.
> 2.) Stop the DB.
> 3.) Your app should stop working, since it can't get a connection.  Also,
> any pooled connections will now be bad.
> 4.) Start the DB.
> 5.) Your app should be working again.  If the pool is configured properly
> as your app requests connections, it should remove the bad connections and
> replace them with new ones.
>
> Dan
>
>
>
>>
>>
>> Thanks and regards
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: validationQuery doesn't work (DBCP 7.0.59)

[Jose María Zaragoza]

2015-06-15 13:09 GMT+02:00 Mark Thomas :
> On 15/06/2015 11:39, Jose María Zaragoza wrote:
>> 2015-06-15 11:39 GMT+02:00 Mark Thomas :
>>> On 15/06/2015 09:42, Jose María Zaragoza wrote:
>>>> Hello:
>>>>
>>>>
>>>> I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4
>>>>
>>>> The context.xml settings are
>>>>
>>>>
>>>> >>>   factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
>>>>   driverClassName="org.postgresql.Driver"
>>>>   initialSize="0"  maxActive="100" maxIdle="20"
>>>> maxWait="1" mindIdle="0"
>>>>   name="datasource/bbdd" password="fake" 
>>>> removeAbandoned="true"
>>>>
>>>> url="jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3&loadBalanceHosts=false"
>>>>   username="foo" validationQuery="SELECT 1"
>>>> testOnBorrow="true" timeBetweenEvictionRunsMillis="0"/>
>>>>
>>>>
>>>> I've configured JDBC driver in failover mode ( as you can see in URL
>>>> definition )
>>>>
>>>> When I test this configuration ( I stop/start databases but , at
>>>> least, there is one running ) , sometimes I'm getting this error
>>>> message:
>>>>
>>>>
>>>> org.apache.ibatis.exceptions.PersistenceException:
>>>> ### Error querying database.  Cause:
>>>> org.postgresql.util.PSQLException: This connection has been closed.
>>>>
>>>> How is it possible if testOnBorrow="true" and validationQuery="SELECT 1" ?
>>>
>>> Application borrows connection.
>>> You shut down database.
>>> Application uses connection.
>>>
>>
>> Not really.
>
> Look at the logs again. The same connection object is being used before
> and after you stop the database.


Right, because Tomcat DBCP gives the same connection.
And it shouldn't because that connection should be validated before.

>
> It looks more like the application is hanging onto the connection for an
> extended period of time (which defeats the point of using a connection
> pool in the first place).

I'm sure that it doesn't. The application doesn't keep any connection
. Ask to Tomcat DBCP for a connection when it needs to execute any
query
Doesn't make sense to keep a pool of pooled connections


>
>> Paste logs
>>
>> 1) Performs query
>>
>> 2015/06/15 12:20:22.379 INFO [getData] - Getting record from database id:0
>> 2015/06/15 12:20:22.379 DEBUG [JdbcTransaction] [openConnection] -
>> Opening JDBC Connection
>> 2015/06/15 12:20:22.613 DEBUG [JdbcTransaction] [setDesiredAutoCommit]
>> - Setting autocommit to false on JDBC Connection
>> [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
>> 2015/06/15 12:20:22.613  DEBUG [queryData] [debug] - ooo Using
>> Connection 
>> [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
>> 2015/06/15 12:20:22.613 DEBUG [queryData] [debug] - ==>  Preparing:
>> SELECT * FROM data WHERE id = ? ORDER BY autoid DESC LIMIT 1
>> 2015/06/15 12:20:22.613 DEBUG [queryData] [debug] - ==> Parameters: 0(String)
>> 2015/06/15 12:20:22.847  DEBUG [queryData] [debug] - <==  Total: 1
>> 2015/06/15 12:20:22.847DEBUG [JdbcTransaction] [resetAutoCommit] -
>> Resetting autocommit to true on JDBC Connection
>> [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
>> 2015/06/15 12:20:23.065 DEBUG [JdbcTransaction] [close] - Closing JDBC
>> Connection 
>> [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
>>
>>
>> 2) Stop database
>>
>> 3) Performs query again
>>
>>
>> 2015/06/15 12:20:28.801 INFO [getDatosIVRCRM] - Getting record from
>> database id:0
>> 2015/06/15 12:20:28.801 DEBUG [JdbcTransaction] [openConnection] -
>> Opening JDBC Connection
>> 2015/06/15 12:20:28.801  DEBUG [JdbcTransaction]
>> [setDesiredAutoCommit] - Setting autocommit to false on JDBC
>> Connection 
>> [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
>> 2015/06/15 12:20:28.802 DEBUG [queryData] [debug] - ooo Using
>> Connecti

Re: validationQuery doesn't work (DBCP 7.0.59)

[Jose María Zaragoza]

2015-06-15 11:39 GMT+02:00 Mark Thomas :
> On 15/06/2015 09:42, Jose María Zaragoza wrote:
>> Hello:
>>
>>
>> I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4
>>
>> The context.xml settings are
>>
>>
>> >   factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
>>   driverClassName="org.postgresql.Driver"
>>   initialSize="0"  maxActive="100" maxIdle="20"
>> maxWait="1" mindIdle="0"
>>   name="datasource/bbdd" password="fake" 
>> removeAbandoned="true"
>>
>> url="jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3&loadBalanceHosts=false"
>>   username="foo" validationQuery="SELECT 1"
>> testOnBorrow="true" timeBetweenEvictionRunsMillis="0"/>
>>
>>
>> I've configured JDBC driver in failover mode ( as you can see in URL
>> definition )
>>
>> When I test this configuration ( I stop/start databases but , at
>> least, there is one running ) , sometimes I'm getting this error
>> message:
>>
>>
>> org.apache.ibatis.exceptions.PersistenceException:
>> ### Error querying database.  Cause:
>> org.postgresql.util.PSQLException: This connection has been closed.
>>
>> How is it possible if testOnBorrow="true" and validationQuery="SELECT 1" ?
>
> Application borrows connection.
> You shut down database.
> Application uses connection.
>

Not really.
Paste logs

1) Performs query

2015/06/15 12:20:22.379 INFO [getData] - Getting record from database id:0
2015/06/15 12:20:22.379 DEBUG [JdbcTransaction] [openConnection] -
Opening JDBC Connection
2015/06/15 12:20:22.613 DEBUG [JdbcTransaction] [setDesiredAutoCommit]
- Setting autocommit to false on JDBC Connection
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:22.613  DEBUG [queryData] [debug] - ooo Using
Connection 
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:22.613 DEBUG [queryData] [debug] - ==>  Preparing:
SELECT * FROM data WHERE id = ? ORDER BY autoid DESC LIMIT 1
2015/06/15 12:20:22.613 DEBUG [queryData] [debug] - ==> Parameters: 0(String)
2015/06/15 12:20:22.847  DEBUG [queryData] [debug] - <==  Total: 1
2015/06/15 12:20:22.847DEBUG [JdbcTransaction] [resetAutoCommit] -
Resetting autocommit to true on JDBC Connection
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:23.065 DEBUG [JdbcTransaction] [close] - Closing JDBC
Connection 
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]


2) Stop database

3) Performs query again


2015/06/15 12:20:28.801 INFO [getDatosIVRCRM] - Getting record from
database id:0
2015/06/15 12:20:28.801 DEBUG [JdbcTransaction] [openConnection] -
Opening JDBC Connection
2015/06/15 12:20:28.801  DEBUG [JdbcTransaction]
[setDesiredAutoCommit] - Setting autocommit to false on JDBC
Connection 
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:28.802 DEBUG [queryData] [debug] - ooo Using
Connection 
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:28.802  DEBUG [queryDatosIVRCRM] [debug] - ==>
Preparing: SELECT * FROM data WHERE id = ? ORDER BY autoid DESC LIMIT
1
2015/06/15 12:20:28.802 DEBUG [queryData] [debug] - ==> Parameters: 0(String)
2015/06/15 12:20:28.802  [getData] - [EXCEPTION]
org.apache.ibatis.exceptions.PersistenceException:
### Error querying database.  Cause:
org.postgresql.util.PSQLException: This connection has been closed.


Both queries are executed by different thread ( http thread )

One important thing:

if I wait 20 seconds between calls, *the second one works fine* . I
dont know why
Looks like the validationQuery check doesn't detect that the
connection is broken . I don't know what response is waiting to mark
as OK that pooled connection


Regards


















>> How I can debug if validationQuery is working as I want  ?
>
> Check your database logs.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

validationQuery doesn't work (DBCP 7.0.59)

[Jose María Zaragoza]

Hello:


I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4

The context.xml settings are





I've configured JDBC driver in failover mode ( as you can see in URL
definition )

When I test this configuration ( I stop/start databases but , at
least, there is one running ) , sometimes I'm getting this error
message:


org.apache.ibatis.exceptions.PersistenceException:
### Error querying database.  Cause:
org.postgresql.util.PSQLException: This connection has been closed.

How is it possible if testOnBorrow="true" and validationQuery="SELECT 1" ?
How I can debug if validationQuery is working as I want  ?


Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [SECURITY] CVE-2014-0230: Apache Tomcat DoS

[Jose María Zaragoza]

2015-05-06 13:59 GMT+02:00 Mark Thomas :
> On 06/05/2015 09:14, André Warnier wrote:
>> Jose María Zaragoza wrote:
>>> 2015-05-06 0:53 GMT+02:00 Mark Thomas :
>>>> -BEGIN PGP SIGNED MESSAGE-
>>>> Hash: SHA256
>>>>
>>>> CVE-2014-0230 Denial of Service
>>>>
>>>> Severity: Low
>>>>
>>>> Vendor: The Apache Software Foundation
>>>>
>>>> Versions Affected:
>>>> - - Apache Tomcat 8.0.0-RC1 to 8.0.8
>>>> - - Apache Tomcat 7.0.0 to 7.0.54
>>>> - - Apache Tomcat 6.0.0 to 6.0.43
>>>>
>>>> Description:
>>>> When a response for a request with a request body is returned to the
>>>> user agent before the request body is fully read, by default Tomcat
>>>> swallows the remaining request body so that the next request on the
>>>> connection may be processed.
>>>
>>>
>>> I'm trying to understand when that behaviour is happening
>>> When is a response returned before the request body is fully read ?
>>> What happens when  the remaining request body is read ?
>>>
>>
>> Guess for Q1 : when the original request's target is an area which
>> requires authentication, and the request is not ?
>
> Yes that is one case. Generally these are error conditions. Either
> Tomcat or the app knows after reading the headers (and maybe the first
> part of the response body) exactly what the response is going to be and
> that the rest of the request body can be skipped. Although Tomcat
> ignores the remainder of the body it needs to read it as most clients
> don't read the response until the client has fully written the request
> (which means Tomcat has to read it).
>
>> Q2 : That is explained in the message : it is discarded.
>> It's just that it may be very large (and/or slow), and Tomcat may have a
>> thread busy for a while reading it to the end.
>
> Exactly. The only reason this gets classed as a DoS (and it was on the
> border of being/not being a vulnerability is that Tomcat didn't place
> any limit on how much data it would read and ignore. There are easier
> ways to DoS a Tomcat server than use this vector.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>



Great. Thanks

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [SECURITY] CVE-2014-0230: Apache Tomcat DoS

[Jose María Zaragoza]

2015-05-06 0:53 GMT+02:00 Mark Thomas :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> CVE-2014-0230 Denial of Service
>
> Severity: Low
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
> - - Apache Tomcat 8.0.0-RC1 to 8.0.8
> - - Apache Tomcat 7.0.0 to 7.0.54
> - - Apache Tomcat 6.0.0 to 6.0.43
>
> Description:
> When a response for a request with a request body is returned to the
> user agent before the request body is fully read, by default Tomcat
> swallows the remaining request body so that the next request on the
> connection may be processed.


I'm trying to understand when that behaviour is happening
When is a response returned before the request body is fully read ?
What happens when  the remaining request body is read ?

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Web filter to forward some requests to another remote webserver

[Jose María Zaragoza]

2015-01-14 22:03 GMT+01:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jose,
>
> On 1/14/15 3:54 PM, Jose María Zaragoza wrote:
>> 2015-01-14 20:05 GMT+01:00 Christopher Schultz
>> : Jose,
>>
>> On 1/14/15 8:27 AM, Jose María Zaragoza wrote:
>>>>> 2015-01-14 12:46 GMT+01:00 André Warnier :
>>>>>> Jose María Zaragoza wrote:
>>>>>>>
>>>>>>> Hello:
>>>>>>>
>>>>>>> I would like to create a web filter to forward some
>>>>>>> requests to another webserver,
>>>>>>>
>>>>>>> The filter receives an
>>>>>>> "application/x-www-form-urlencoded" request , inspects
>>>>>>> the value of a parameter and chooses to forward to
>>>>>>> another remote webserver ( as a proxy )
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> I agree with you . I'll try to use an Apache httpd front-end
>>>>>
>>>>> Anyway, I've seen that if I execute
>>>>>
>>>>> Map parameter = ((HttpServletRequest)
>>>>> request).getParameterMap();
>>>>>
>>>>> , then request.getInputStream is empty
>>>>>
>>>>>
>>>>> But if I execute
>>>>>
>>>>> Map parameter = ((HttpServletRequest)
>>>>> request).getParameterMap(); chain.doFilter(request,
>>>>> response);
>>>>>
>>>>> , the next filter in the chain receives the body ( as I
>>>>> expect it )
>>>>>
>>>>> I don't understand this behaviour
>>
>> I think that might be a bug... calling
>> HttpServletRequest.getParameter* should cause the request entity to
>> be parsed, as long as the content type is
>> application/x-www-form-urlencoded. I think getParameterMap counts,
>> but I'd have to review the spec & javadoc (where some fun spec
>> requirements are hidden!).
>>
>> Anyhow, when you call HttpServletRequest.getParameter*, the
>> container *must* consume the request, according to the spec.
>>
>>
>>> Thanks.
>>
>>> In my case, all requests to be forwarded are POST requests  (
>>> and content type is application/x-www-form-urlencoded ) According
>>> to your reply, if I've got a chain of filters and the first one
>>> calls getParameterMap , do the next filters lose the content of
>>> the payload ?
>
> Correct. Once the request entity has been read (which happens when you
> call request.getParameter*), it's no longer available to the application.
>
>>> I tested to call several times to getParameterMap method on the
>>> same webfilter and it always returned the right values. Looks
>>> like getParameterMap doesn't consume() payload, but ... if I call
>>> getInputStream() after getParameterMap() , the stream is empty
>>
>>> I'm using Tomcat 7.0.50 and I cannot understand the logic of
>>> this
>
> Interesting. I find that surprising... I'll look into that.


Some things are sure:

- getParameterMap() consumes the payload ( at least in POST
application/x-www-form-urlencoded requests )

- consecutives calls to request.getParameterMap() ( same filter or the
next one )  always return the data.

So, looks like getParameterMap()  implements some kind of cache
I guess this is specific for servlet spec implementation in Tomcat ,
so it wouldn't be portable




>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJUttm6AAoJEBzwKT+lPKRYcSAP/jxIW6s7nsU+aI/XLVW02bxp
> Nqb6qkZAVuyvpLRxi6UXDIINR00jb06+ijaz21fLn0F3G0KNQXDPmKi+jcC6zX1P
> rB6pJsbfJQYGfkZ0pdF12q+WzFwq1CQbJ4fFlK6WDtKxzoo4XKjlFHwByEPU4yKU
> GgyEGX+OD0hIh6nzPyC5pR1iXBLC25f9rsqrlOL+S4sN2MXYLZlHUuBgqN0dOoqH
> MN4r5WaaDBQVhadMmi8PScZm3iFMwdjFro7ry4FOuqB5uH6cV6oLIpfzP6F9cTQ2
> AUKiL1z6m5VdzsTbtJN0LwqvbILECClcrXJK1OCDL/Uzj04uqCL/+r88mVdjswAJ
> lacktHZzF+oPoY2oDDgMAPZTuPlr6nM2D4LETVYpSpUZIGWlJsDmNF/Fe7MAcAo6
> ZoC16FSYDTDpEIwXmNzEgWRMn0400DLmdLaS+zO5Sr2h3EI793qVok8Q44yE2Tg8
> Um7AdcpBhPzinbXK/OZMoj0YwcBmQDwo4Srdz1hxABc2VG+siCUu1NbwDa3qU+Tx
> 8Spi1d3Wpnbv2Vuw+1oNnD79EsH1Q3ookRoQTn9B3GDsr7FWs+WZAlSDQERRe+nR
> 84qswLpAWIC63Geqr3pH4Trsxaa+ge4RX66J8u6vIGYGaxsKJWblqsj02o19Y+O0
> hu9eG7FK+q7/+7NR7cj5
> =mRkw
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Web filter to forward some requests to another remote webserver

[Jose María Zaragoza]

2015-01-14 20:05 GMT+01:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jose,
>
> On 1/14/15 8:27 AM, Jose María Zaragoza wrote:
>> 2015-01-14 12:46 GMT+01:00 André Warnier :
>>> Jose María Zaragoza wrote:
>>>>
>>>> Hello:
>>>>
>>>> I would like to create a web filter to forward some requests
>>>> to another webserver,
>>>>
>>>> The filter receives an "application/x-www-form-urlencoded"
>>>> request , inspects the value of a parameter and chooses to
>>>> forward to another remote webserver ( as a proxy )
>>
>>
>> Thanks
>>
>> I agree with you . I'll try to use an Apache httpd front-end
>>
>> Anyway, I've seen that if I execute
>>
>> Map parameter = ((HttpServletRequest)
>> request).getParameterMap();
>>
>> , then request.getInputStream is empty
>>
>>
>> But if I execute
>>
>> Map parameter = ((HttpServletRequest)
>> request).getParameterMap(); chain.doFilter(request, response);
>>
>> , the next filter in the chain receives the body ( as I expect it
>> )
>>
>> I don't understand this behaviour
>
> I think that might be a bug... calling
> HttpServletRequest.getParameter* should cause the request entity to be
> parsed, as long as the content type is
> application/x-www-form-urlencoded. I think getParameterMap counts, but
> I'd have to review the spec & javadoc (where some fun spec
> requirements are hidden!).
>
> Anyhow, when you call HttpServletRequest.getParameter*, the container
> *must* consume the request, according to the spec.


Thanks.

In my case, all requests to be forwarded are POST requests  ( and
content type is application/x-www-form-urlencoded )
According to your reply, if I've got a chain of filters and the first
one calls getParameterMap , do the next filters lose the content of
the payload ?

I tested to call several times to getParameterMap method on the same
webfilter and it always returned the right values.
Looks like getParameterMap doesn't consume() payload, but ... if I
call getInputStream() after getParameterMap() , the stream is empty

I'm using Tomcat 7.0.50 and I cannot understand the logic of this


Regards


 If you want to
> pull-in the request entity, you'll have to read it yourself using
> HttpServletRequest.getInputStream / HttpServletRequest.getReader. That
> means parsing it yourself, buffering it yourself, etc. You also get to
> wrap the request and re-supply the buffered request to the local web
> application should you choose to process it locally instead of proxy
> it remotely.
>
> Also note that Tomcat supplies some response headers itself that
> cannot be overridden, so you can't be a completely-transparent reverse
> proxy. Keep that in mind if you decide to go down this road...
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJUtr3zAAoJEBzwKT+lPKRYDzkP/1XM5y72x41YBG56xgcvzsV6
> wQ1S5TLuEvzPGPBAR7sFWv+qCeZecIJ9WvkBTgaKiPm4Dn8rxLCvf34yaNTsHg7P
> D0POXQrON36lZmUfg9utIySv4L0Y88MCFpdEkJr38ENTOK7bhAGsNK6kITeR2rXJ
> z8XOOmMVgMYSGKqbUK3gbBKpifdr0fuSobcDPnJkOv751e63/jMzf0IBI2z3tQhe
> xsXEd3JaCjguzOIXBCgbXaZUxEk3EgBjHm3xlHX1GEYSIwr/PHqyTtK4a82r25Ny
> dhWbMsQc8hV018helpTVPj9ae0IUQXaDTsP+aXgXOwrzKXu1pLpMGeXjery54uwY
> gJG32tMfNKLVikiq5xIKBHObzplei/jHjDn66w9Z0W3SZiGhtg9xDynpgqFPxKHY
> iv/m5bwO0jPEUU7Yq99uu+jMwfJJDIWtWSKKrQ3IzmxJ6uNsiPhKX2jfTUn3wJ19
> 9q9ur/fER9nB9q4GAjUUVVe07Z4NH9ofPvXTKJExklpH64nCx99zmBYqXcLdsaxb
> 2uGJcl6bu7sKWm0GzL7+kSnvFhOfkfM9mDoVgNbxKyJEHRcurA91PL2DguEOuUtV
> g9pXrY+Sfd2siq2K1O1TX7wPOebNc/HFIWPux6rtGXB8/pc3XPhaM2UwlxpHfLzp
> YyN10GOrc+HacHHbtwHs
> =vczy
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Web filter to forward some requests to another remote webserver

[Jose María Zaragoza]

2015-01-14 12:46 GMT+01:00 André Warnier :
> Jose María Zaragoza wrote:
>>
>> Hello:
>>
>> I would like to create a web filter to forward some requests to
>> another webserver,
>>
>> The filter receives an "application/x-www-form-urlencoded" request ,
>> inspects the value of a parameter and chooses to forward to another
>> remote webserver ( as a proxy )


Thanks

I agree with you . I'll try to use an Apache httpd front-end

Anyway, I've seen that if I execute

Map parameter = ((HttpServletRequest)
request).getParameterMap();

, then request.getInputStream is empty


But if I execute

Map parameter = ((HttpServletRequest)
request).getParameterMap();
chain.doFilter(request, response);

, the next filter in the chain receives the body ( as I expect it )

I don't understand this behaviour


Regards



>>
>> I've seen some posts where they open a HttpURLConnection to remote
>> server and send the request. This is right for me, but I'd would like
>> if there is another way ( easier ) to implement it.
>>
>
> Hi.
>
> The only easier way is to do your proxying before the request even gets to
> Tomcat (e.g. via an Apache httpd front-end, which conditionally proxies to
> Tomcat or to the other webserver).  That is easier, because Apache httpd
> already has well-tested and widely-used proxy modules built-in.  But of
> course it depends on whether the Apache front-end would be able to test the
> "parameter" you are referring to.
> (It can do that kind of thing via Apache directives such as "SetEnvIf", and
> via mod_rewrite).
>
> For Tomcat, there is no such ready-made Proxy webapp available, so you have
> to do it yourself.
> That can be relatively simple or quite complicated, depending on what the
> requests are and what the proxied-to application is like.
> There was a thread on this list a couple of days ago which was related to a
> similar case.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Web filter to forward some requests to another remote webserver

[Jose María Zaragoza]

Hello:

I would like to create a web filter to forward some requests to
another webserver,

The filter receives an "application/x-www-form-urlencoded" request ,
inspects the value of a parameter and chooses to forward to another
remote webserver ( as a proxy )

I've seen some posts where they open a HttpURLConnection to remote
server and send the request. This is right for me, but I'd would like
if there is another way ( easier ) to implement it.

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: META-INF/context.xml and deploy issue (web.xml removed?)

[Jose María Zaragoza]

2014-12-04 9:48 GMT+01:00 m...@ow2.org :
> Hi,
>
> Is anyone can help me to find out what I am missing ?
> Thanks

Hi:

I asked a similar question time ago

http://grokbase.com/t/tomcat/users/13chhkj0qx/modify-content-in-meta-inf-context-xml

I hope it helps you

Regards




>
> Le 02/12/2014 10:36, m...@ow2.org a écrit :
>> Hello,
>>
>> I'm facing an issue with tomcat 6. In order to setup a JDNI, we
>> added a context.xml file to our application (XWiki) in the
>> already-deployed folder webapps/xwiki/META-INF/ and configured the
>> existing webapps/xwiki/WEB-INF/web.xml accordingly.
>>
>> update of web.xml triggered the app reload which is expected.
>>
>> At this point I wanted to adjust the database configuration, ie by
>> modifying webapps/xwiki/META-INF/context.xml. When I do this the
>> changes are not taken into account because the file
>> Catalina/localhost/xwiki.xml is not overwritten by Tomcat.
>>
>> The solution that came into my mind has been to force Tomcat to
>> update the file bt deleting Catalina/localhost/xwiki.xml - which
>> has indeed make Tomcat undeploy and deploy the app again.
>>
>> Here are my questions: 1) As there is no war file involved, what
>> does "undeploy" and "deploy" means ? What is being done exactly ?
>>
>> 2) Why is the file webapps/xwiki/WEB-INF/web.xml is missing, after
>> I remove xwiki.xml and the app is redeployed ? (no web.xml = no
>> deployment so at the moment I have to manually restore a backup of
>> this file)
>>
>> Thanks !
>>
>>
>
>
> --
> Martin
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to access Sessions outside of class

[Jose María Zaragoza]

2014-10-28 13:44 GMT+01:00 Jason Ricles :
>
> Martin,
>
> I can not use hazelcast due to regulations I have to abide by, is where any
> other built in way besides sockets that will allow me to share data between
> the two processes?


You could use an embedded ( or not ) messaging broker ( like ActiveMQ ) .
Or any kind of in-memory database


>
>
> On Tue, Oct 28, 2014 at 8:24 AM, Martin Grigorov 
> wrote:
>
> > Hi,
> >
> > In this case you will have to share the data between the processes.
> > A simple and easy solution would be to use http://hazelcast.com/, for
> > example.
> >
> > On Tue, Oct 28, 2014 at 2:06 PM, Jason Ricles 
> > wrote:
> >
> > > No,
> > >
> > > it is external as in it is running in a daemon on a linux machine where
> > the
> > > tomcat server is also running.
> > >
> > > On Tue, Oct 28, 2014 at 4:35 AM, Johan Compagner 
> > > wrote:
> > >
> > > > >
> > > > >
> > > > > I would like to be able to access my sessions from an external java
> > > > class,
> > > > > however each time I do sessionList.getsize() it keeps coming back as
> > 0,
> > > > but
> > > > > there is an active sessions. Is there any way I can access the active
> > > > > sessions in tomcat from an external java class?
> > > > >
> > > > > Jason
> > > > >
> > > >
> > > > What is an external java class? Is it in the same class loader? so it
> > is
> > > > just part of the webapplication?
> > > > then the above approach should work fine
> > > >
> > > >
> > > > --
> > > > Johan Compagner
> > > > Servoy
> > > >
> > >
> >

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ChunkedInputFilter: No data available due to previous error

[Jose María Zaragoza]

2014-10-15 13:33 GMT+02:00 Jose María Zaragoza :

>
> Hello:
>
> I'm using Tomcat 6.0.24 and sometimes I'm getting an IOException like :
>
> Caused by: java.io.IOException: No data available due to previous error
> at
> org.apache.coyote.http11.filters.ChunkedInputFilter.checkError(ChunkedInputFilter.java:588)
> ~[tomcat-coyote-6.0.24.jar:na]
> at
> org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:153)
> ~[tomcat-coyote-6.0.24.jar:na]
> at
> org.apache.coyote.http11.InternalInputBuffer.doRead(InternalInputBuffer.java:710)
> ~[tomcat-coyote-6.0.24.jar:na]
> at org.apache.coyote.Request.doRead(Request.java:428)
> ~[tomcat-coyote-6.0.24.jar:na]
> at
> org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:304)
> ~[catalina-6.0.24.jar:na]
> at
> org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:405)
> ~[tomcat-coyote-6.0.24.jar:na]
> at
> org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:327)
> ~[catalina-6.0.24.jar:na]
> at
> org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:162)
> ~[catalina-6.0.24.jar:na]
> at org.apache.cxf.helpers.IOUtils.copy(IOUtils.java:154)
> ~[cxf-api-2.7.8.jar:2.7.8]
> at org.apache.cxf.helpers.IOUtils.copy(IOUtils.java:104)
> ~[cxf-api-2.7.8.jar:2.7.8]
> at
> org.apache.cxf.helpers.IOUtils.copyAndCloseInput(IOUtils.java:110)
> ~[cxf-api-2.7.8.jar:2.7.8]
> at
> org.apache.cxf.interceptor.LoggingInInterceptor.logging(LoggingInInterceptor.java:158)
> ~[cxf-api-2.7.8.jar:2.7.8]
> ... 24 common frames omitted
>
>
> I cannot see the request that throws this error
> I don't know if it's caused by a malformed request
>
> The requests (which are fine )  usually are POST requests with
>
> Http-Method: POST
> Content-Type: text/xml; charset=utf-8
> Headers: {Accept=[text/html, image/gif, image/jpeg, */*; q=.2],
> connection=[Keep-Alive], content-type=[text/xml; charset=utf-8],
> host=[x.x.x.x], transfer-encoding=[chunked], user-agent=[Java1.6.0_20]}
>
> Could be a malformed request ? How I could see it ? ( I guess tcpdump ...)
> Any known bug in 6.0.24 ?
>
> Thanks
>




Hello:

Finally this issue was caused by a malformed chunked request

Regards

ChunkedInputFilter: No data available due to previous error

[Jose María Zaragoza]

Hello:

I'm using Tomcat 6.0.24 and sometimes I'm getting an IOException like :

Caused by: java.io.IOException: No data available due to previous error
at
org.apache.coyote.http11.filters.ChunkedInputFilter.checkError(ChunkedInputFilter.java:588)
~[tomcat-coyote-6.0.24.jar:na]
at
org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:153)
~[tomcat-coyote-6.0.24.jar:na]
at
org.apache.coyote.http11.InternalInputBuffer.doRead(InternalInputBuffer.java:710)
~[tomcat-coyote-6.0.24.jar:na]
at org.apache.coyote.Request.doRead(Request.java:428)
~[tomcat-coyote-6.0.24.jar:na]
at
org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:304)
~[catalina-6.0.24.jar:na]
at
org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:405)
~[tomcat-coyote-6.0.24.jar:na]
at
org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:327)
~[catalina-6.0.24.jar:na]
at
org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:162)
~[catalina-6.0.24.jar:na]
at org.apache.cxf.helpers.IOUtils.copy(IOUtils.java:154)
~[cxf-api-2.7.8.jar:2.7.8]
at org.apache.cxf.helpers.IOUtils.copy(IOUtils.java:104)
~[cxf-api-2.7.8.jar:2.7.8]
at
org.apache.cxf.helpers.IOUtils.copyAndCloseInput(IOUtils.java:110)
~[cxf-api-2.7.8.jar:2.7.8]
at
org.apache.cxf.interceptor.LoggingInInterceptor.logging(LoggingInInterceptor.java:158)
~[cxf-api-2.7.8.jar:2.7.8]
... 24 common frames omitted


I cannot see the request that throws this error
I don't know if it's caused by a malformed request

The requests (which are fine )  usually are POST requests with

Http-Method: POST
Content-Type: text/xml; charset=utf-8
Headers: {Accept=[text/html, image/gif, image/jpeg, */*; q=.2],
connection=[Keep-Alive], content-type=[text/xml; charset=utf-8],
host=[x.x.x.x], transfer-encoding=[chunked], user-agent=[Java1.6.0_20]}

Could be a malformed request ? How I could see it ? ( I guess tcpdump ...)
Any known bug in 6.0.24 ?

Thanks

Re: Why is my Tomcat connection getting terminated/closed?!!

[Jose María Zaragoza]

>
>
> Hi,
>
> The issue still isnt resolved .I have tried putting in
> validationquery,testOnborrow ,and removeabandoned=true.

Are you try

testOnReturn = true

?

Looks like if when Apache Solr closes resources, and it requires to
close the database connection, something has already closed the
underlying connection .
Maybe if DBCP test it before , the connection be evicted

>But I got this
> exception :
>
> java.sql.SQLException: Already closed.
> at
> org.apache.tomcat.dbcp.dbcp.PoolableConnection.close(PoolableConnection.java:84)
> at
> org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.close(PoolingDataSource.java:189)
> at
> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.closeResources(Unknown
> Source)
> at
> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.hasnext(Unknown
> Source)
>
> Another interesting thing to note is that I set removeAbandoned=false,and
> now I get the same exception with a different reason:
>
> Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset
> at
> com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1368)
> at
> com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1355)
> at com.microsoft.sqlserver.jdbc.TDSChannel.read(IOBuffer.java:1532)
> at
> com.microsoft.sqlserver.jdbc.TDSReader.readPacket(IOBuffer.java:3274)
> at
> com.microsoft.sqlserver.jdbc.TDSReader.nextPacket(IOBuffer.java:3227)
> at
> com.microsoft.sqlserver.jdbc.TDSReader.ensurePayload(IOBuffer.java:3203)
> at
> com.microsoft.sqlserver.jdbc.TDSReader.readBytes(IOBuffer.java:3518)
> at
> com.microsoft.sqlserver.jdbc.TDSReader.readWrappedBytes(IOBuffer.java:35
>
>
> Help appreciated folks!
>
> Regards
>
> Aniket

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Why is my Tomcat connection getting terminated/closed?!!

[Jose María Zaragoza]

2014-05-21 13:28 GMT+02:00 Aniket Bhoi :
> On Tue, May 20, 2014 at 5:28 PM, Daniel Mikusa wrote:
>
>> On May 20, 2014, at 7:47 AM, Aniket Bhoi  wrote:
>>
>> > It has been working perfectly fine thus far.As far as i have analysed
>> there
>> > have been no changes to the firewall or database settings.I will however
>> > try and implement your suggestion to setup a validation query.
>>
>> 1.) Don’t top post.  Reply inline, like this, or at the bottom.  This is
>> the convention we follow on this list.
>>
>> 2.) The fact that you have not recently changed your firewall or database
>> settings doesn’t really mean much.  The problem may have not happened
>> before because it just didn’t get triggered.  From the db / firewall side,
>> what commonly causes this is a timeout.  The connection is open and idle
>> for too long and either the DB server or firewall disconnects it.  Perhaps
>> the connections just haven’t idled long enough until now.
>>
>> 3.) It’s generally good practice to have a validation query / testOnBorrow
>> (or one of the other tests) enabled.  If you didn’t have this before, you
>> should consider adding it regardless of the problem.  It can help with
>> other things too.
>>
>> Dan
>>
>>
>>I  checked the code and the server settings,and We already have
> validation query and testOnBorrow in place.We found out from our data
> management team,that there have been many sleeping connections from the
> tomcat servers to the database.
>
> Sleeping threads =
> http://dinesql.blogspot.in/2010/07/sql-server-sleeping-status-and.html
>
> We got those connection threads killed just to make sure there the
> connection pool limit isnt breached.However even after cleaning up those
> connection threads to the DB ,we still gett the same exception.
>
> Aniket

Another option is to set testOnReturn=true.
As your problem is closing connections already closed ,test them
before returning them to pool.
Maybe it works.






>
>> >
>> >
>> > On Tue, May 20, 2014 at 5:12 PM, Daniel Mikusa > >wrote:
>> >
>> >> On May 20, 2014, at 7:35 AM, Aniket Bhoi  wrote:
>> >>
>> >>> I have Apache Solr,hosted on my apache Tomcat Server
>> >>>
>> >>> Details:
>> >>>
>> >>> Tomcat version:
>> >>> Apache Tomcat/6.0.18
>> >>
>> >> This is really, really old.  You should upgrade.
>> >>
>> >>>
>> >>> OS details
>> >>> SUSE Linux Enterprise Server 11 (x86_64)
>> >>> VERSION = 11
>> >>> PATCHLEVEL = 1
>> >>>
>> >>> While running indexing on this server,It failed.
>> >>>
>> >>> Log excerpt:
>> >>> SEVERE: Can not close connection
>> >>> java.sql.SQLException: Already closed.
>> >>
>> >> Hard to say why this is happening (database server setting, firewall,
>> bad
>> >> code, etc.) but something is closing the connection and not telling the
>> >> pool.  You can work around this by setting a validation query on your
>> >> connection pool and enabling “testOnBorrow”.  That will instruct the
>> pool
>> >> to check connections before they are given out.  Bad connections will be
>> >> closed and replaced, if needed.
>> >>
>> >> Dan
>> >>
>> >>>   at
>> >>>
>> >>
>> org.apache.tomcat.dbcp.dbcp.PoolableConnection.close(PoolableConnection.java:84)
>> >>>   at
>> >>>
>> >>
>> org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.close(PoolingDataSource.java:189)
>> >>>   at
>> >>>
>> >>
>> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.closeResources(Unknown
>> >>> Source)
>> >>>   at
>> >>>
>> >>
>> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.hasnext(Unknown
>> >>> Source)
>> >>>   at
>> >>>
>> >>
>> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.access$500(Unknown
>> >>> Source)
>> >>>   at
>> >>>
>> >>
>> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator$1.hasNext(Unknown
>> >>> Source)
>> >>>   at
>> >>> org.apache.solr.handler.dataimport.EntityProcessorBase.getNext(Unknown
>> >>> Source)
>> >>>   at
>> >>> org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(Unknown
>> >>> Source)
>> >>>   at
>> >>>
>> >>
>> org.apache.solr.handler.dataimport.ThreadedEntityProcessorWrapper.nextRow(Unknown
>> >>> Source)
>> >>>   at
>> >>>
>> >>
>> org.apache.solr.handler.dataimport.DocBuilder$EntityRunner.runAThread(Unknown
>> >>> Source)
>> >>>   at
>> >>>
>> >>
>> org.apache.solr.handler.dataimport.DocBuilder$EntityRunner.access$000(Unknown
>> >>> Source)
>> >>>   at
>> >>>
>> org.apache.solr.handler.dataimport.DocBuilder$EntityRunner$1.run(Unknown
>> >>> Source)
>> >>>   at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
>> >>> Source)
>> >>>   at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>> >>> Source)
>> >>>   at java.lang.Thread.run(Unknown Source)
>> >>>
>> >>>
>> >>> I suspect this to be an issue with the tomcat connection thread to the
>> >>> database being terminated/timed out.
>> >>>
>> >>> Need help as to why this is happening!.
>> >>>
>> >>> Rega

Re: Why is my Tomcat connection getting terminated/closed?!!

[Jose María Zaragoza]

2014-05-20 13:42 GMT+02:00 Daniel Mikusa :
> On May 20, 2014, at 7:35 AM, Aniket Bhoi  wrote:
>
>> I have Apache Solr,hosted on my apache Tomcat Server
>>
>> Details:
>>
>> Tomcat version:
>> Apache Tomcat/6.0.18
>
> This is really, really old.  You should upgrade.
>
>>
>> OS details
>> SUSE Linux Enterprise Server 11 (x86_64)
>> VERSION = 11
>> PATCHLEVEL = 1
>>
>> While running indexing on this server,It failed.
>>
>> Log excerpt:
>> SEVERE: Can not close connection
>> java.sql.SQLException: Already closed.
>
> Hard to say why this is happening (database server setting, firewall, bad 
> code, etc.) but something is closing the connection and not telling the pool. 
>  You can work around this by setting a validation query on your connection 
> pool and enabling “testOnBorrow”.  That will instruct the pool to check 
> connections before they are given out.  Bad connections will be closed and 
> replaced, if needed.

My first search:

http://stackoverflow.com/questions/16331959/java-sql-sqlexception-already-closed






>
> Dan
>
>>at
>> org.apache.tomcat.dbcp.dbcp.PoolableConnection.close(PoolableConnection.java:84)
>>at
>> org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.close(PoolingDataSource.java:189)
>>at
>> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.closeResources(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.hasnext(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.access$500(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator$1.hasNext(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.EntityProcessorBase.getNext(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.ThreadedEntityProcessorWrapper.nextRow(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.DocBuilder$EntityRunner.runAThread(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.DocBuilder$EntityRunner.access$000(Unknown
>> Source)
>>at
>> org.apache.solr.handler.dataimport.DocBuilder$EntityRunner$1.run(Unknown
>> Source)
>>at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
>> Source)
>>at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>> Source)
>>at java.lang.Thread.run(Unknown Source)
>>
>>
>> I suspect this to be an issue with the tomcat connection thread to the
>> database being terminated/timed out.
>>
>> Need help as to why this is happening!.
>>
>> Regards
>>
>> Aniket
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CORS issue with Tomcat and Android Webview

[Jose María Zaragoza]

2014-04-29 0:38 GMT+02:00 Terence M. Bandoian :
> On 4/28/2014 5:32 PM, Terence M. Bandoian wrote:
>>
>> On 4/28/2014 3:08 PM, Jose María Zaragoza wrote:
>>>
>>> 2014-04-28 21:55 GMT+02:00 Terence M. Bandoian :
>>>>
>>>> On 4/26/2014 6:56 AM, Jose María Zaragoza wrote:
>>>>>
>>>>> 2014-04-26 13:16 GMT+02:00 Martin Gainty :
>>>>>>>
>>>>>>> Date: Sat, 26 Apr 2014 11:43:05 +0530
>>>>>>> Subject: Re: CORS issue with Tomcat and Android Webview
>>>>>>> From: ankising...@gmail.com
>>>>>>> To: users@tomcat.apache.org
>>>>>>>
>>>>>>> On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian
>>>>>>> wrote:
>>>>>>>
>>>>>>>> On 4/24/2014 11:16 PM, Ankit Singhal wrote:
>>>>>>>>
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> I did more research on this and figure out the issue.If you see the
>>>>>>>>> headers
>>>>>>>>> from Android and look into Origin Header.
>>>>>>>>>
>>>>>>>>> Origin: file://
>>>>>>>>>
>>>>>>>>> Tomcat CORS filter tries to validate the URI in Origin header and
>>>>>>>>> considers
>>>>>>>>> "file://" as an invalid URI and returns back 403.
>>>>>>>>>
>>>>>>>>> I have applied * params. So
>>>>>>>>> shouldn't
>>>>>>>>> CORS
>>>>>>>>> filter honor this ?
>>>>>>>>>
>>>>>>>>> I agree that Client also has the problem , but still server should
>>>>>>>>> also
>>>>>>>>> allow...
>>>>>>>>>
>>>>> Hi:
>>>>>
>>>>> I'm watching this flowchart
>>>>> https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png
>>>>>
>>>>> and I wonder if Tomcat 7 checks if the request received belongs to the
>>>>> right type.
>>>>> I mean, if browser sends a simple request ( eg. POST + application/xml
>>>>> content-type header )
>>>>> WC3 spec says that request should be a preflight request  , does
>>>>> Tomcat check this case ?
>>>>>
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>
>>>> Hi, Jose-
>>>>
>>>> I don't see where the W3C spec requires a preflight request for simple
>>>> requests.
>>>>
>>>>
>>>> -Terence Bandoian
>>>
>>>
>>> Sorry, I meant non-simple request.
>>> For example, if I perform a cross-domain POST request (within
>>> application/xml content-type header ),
>>> I guess that a preflight request is required , right ?
>>> What happens, if it's not sent , on Tomcat? Should it check it ?
>>>
>>> Regards
>>
>>
>>
>> Hi, Jose-
>>
>> I don't see in the W3C spec where preflight requests are required at all.
>> Can you point me to where you've found that?
>>
>> -Terence Bandoian
>>
>
>
> I meant to say I don't see where the W3C spec requires preflight requests to
> be sent.

According to

http://www.w3.org/TR/cors/#simple-cross-origin-request
Cross-Origin Request with Preflight
[
Go to the next step if the following conditions are true. *Otherwise,
make a preflight request.*

- For request method there either is a method cache match or it is a
simple method and the force preflight flag is unset.
- For every header of author request headers there either is a header
cache match for the field name or it is a simple header.
/]

So, I understand that if I make a POST request within application/xml
content-type header, it's a simple method but Content-type:
application/xml is not a simple header, according to
http://www.w3.org/TR/cors/#simple-method
I understand that client must to make a preflight request

Maybe I'm wrong


Regards




















>
> -Terence
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CORS issue with Tomcat and Android Webview

[Jose María Zaragoza]

2014-04-28 21:55 GMT+02:00 Terence M. Bandoian :
> On 4/26/2014 6:56 AM, Jose María Zaragoza wrote:
>>
>> 2014-04-26 13:16 GMT+02:00 Martin Gainty :
>>>>
>>>> Date: Sat, 26 Apr 2014 11:43:05 +0530
>>>> Subject: Re: CORS issue with Tomcat and Android Webview
>>>> From: ankising...@gmail.com
>>>> To: users@tomcat.apache.org
>>>>
>>>> On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian
>>>> wrote:
>>>>
>>>>> On 4/24/2014 11:16 PM, Ankit Singhal wrote:
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> I did more research on this and figure out the issue.If you see the
>>>>>> headers
>>>>>> from Android and look into Origin Header.
>>>>>>
>>>>>> Origin: file://
>>>>>>
>>>>>> Tomcat CORS filter tries to validate the URI in Origin header and
>>>>>> considers
>>>>>> "file://" as an invalid URI and returns back 403.
>>>>>>
>>>>>> I have applied * params. So shouldn't
>>>>>> CORS
>>>>>> filter honor this ?
>>>>>>
>>>>>> I agree that Client also has the problem , but still server should
>>>>>> also
>>>>>> allow...
>>>>>>
>> Hi:
>>
>> I'm watching this flowchart
>> https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png
>>
>> and I wonder if Tomcat 7 checks if the request received belongs to the
>> right type.
>> I mean, if browser sends a simple request ( eg. POST + application/xml
>> content-type header )
>> WC3 spec says that request should be a preflight request  , does
>> Tomcat check this case ?
>>
>>
>>
>> Regards
>>
>
>
> Hi, Jose-
>
> I don't see where the W3C spec requires a preflight request for simple
> requests.
>
>
> -Terence Bandoian


Sorry, I meant non-simple request.
For example, if I perform a cross-domain POST request (within
application/xml content-type header ),
I guess that a preflight request is required , right ?
What happens, if it's not sent , on Tomcat? Should it check it ?

Regards










>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CORS issue with Tomcat and Android Webview

[Jose María Zaragoza]

2014-04-26 13:16 GMT+02:00 Martin Gainty :
>> Date: Sat, 26 Apr 2014 11:43:05 +0530
>> Subject: Re: CORS issue with Tomcat and Android Webview
>> From: ankising...@gmail.com
>> To: users@tomcat.apache.org
>>
>> On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian 
>> wrote:
>>
>> > On 4/24/2014 11:16 PM, Ankit Singhal wrote:
>> >
>> >> Hi
>> >>
>> >> I did more research on this and figure out the issue.If you see the
>> >> headers
>> >> from Android and look into Origin Header.
>> >>
>> >> Origin: file://
>> >>
>> >> Tomcat CORS filter tries to validate the URI in Origin header and
>> >> considers
>> >> "file://" as an invalid URI and returns back 403.
>> >>
>> >> I have applied * params. So shouldn't CORS
>> >> filter honor this ?
>> >>
>> >> I agree that Client also has the problem , but still server should also
>> >> allow...
>> >>

Hi:

I'm watching this flowchart
https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png

and I wonder if Tomcat 7 checks if the request received belongs to the
right type.
I mean, if browser sends a simple request ( eg. POST + application/xml
content-type header )
WC3 spec says that request should be a preflight request  , does
Tomcat check this case ?



Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CORS issue with Tomcat and Android Webview

[Jose María Zaragoza]

2014-04-24 19:00 GMT+02:00 Terence M. Bandoian :
> On 4/22/2014 1:37 PM, Jose María Zaragoza wrote:
>>
>> -- Forwarded message --
>> From: Terence M. Bandoian 
>> Date: 2014-04-22 20:12 GMT+02:00
>> Subject: Re: CORS issue with Tomcat and Android Webview
>> To: Tomcat Users List 
>>
>>
>> On 4/22/2014 11:03 AM, Ankit Singhal wrote:
>>>
>>> Also we tried to give the same call from Android App to some different
>>> Node
>>> server and things worked fine. So it seems some problem with Tomcat only.
>>>
>>
>> A silly question:
>>
>> What does it have to do Tomcat's CORS support with W3C Widget Access
>> specification ?
>>
>> I have no idea about Phonegap but it looks like that it prefers to
>> follow that specification for managing requests to different domains ,
>> right ?
>
>
>
> Hi, Jose-
>
> The request/response headers in the original post were difficult for me to
> follow but basically, requests to Tomcat are successful when tested with
> Chrome (desktop? laptop? server? same as Tomcat?) and unsuccessful when
> tested from an Android device. What are the differences between the two
> environments? Do those differences have any effect on request processing by
> the Tomcat CORS filter? If it were me, I'd find out.


Well , I have no idea, but according this page

http://www.html5rocks.com/en/tutorials/cors/

if Content-Type is application/json , then request is a "not simple
request" ( sic. ) and it requires a OPTIONS preflight request (
including "Origin" header)
And "Once the preflight request gives permissions, the browser makes
the actual request"

First case (Chrome browser) did but, but the second didn't

Are you test to change the Content-Type ?

Regards







>
> -Terence Bandoian
>
>
>>
>>> On Tue, Apr 22, 2014 at 9:22 PM, Ankit Singhal
>>> wrote:
>>>
>>>> Hi All
>>>>
>>>>
>>>>
>>>> I am facing a strange problem with Tomcat 8 and CORS. I am developing a
>>>> Hybrid web app using ionicframework, AngularJS, Cordova as front end and
>>>> Tomcat 8 and Spring 3 as back-end.
>>>>
>>>>
>>>>
>>>> For easy development I am testing the functionality in chrome , where
>>>> things are working fine. I added CORS filter with standard configuration
>>>> to
>>>> allow CROSS ORIGIN requests from browser.
>>>>
>>>>
>>>>
>>>> Today I converted my app into Android App and started making AJAX calls
>>>> to
>>>> tomcat server. To my surprise things stopped working . I debugged
>>>> further
>>>> and anomalies in the headers of browser and Android webview.
>>>>
>>>>
>>>>
>>>> Browser sends 2 requests for same call OPTION and POST. But Android
>>>> Webview only send POST request.
>>>>
>>>>
>>>>
>>>> Browser Request Headers:
>>>>
>>>>
>>>>
>>>> OPTION:
>>>>
>>>> Remote Address:54.254.159.166:80
>>>>
>>>> Request URL:http://medistreet.in/auth2
>>>>
>>>> Request Method:OPTIONS
>>>>
>>>> Status Code:200 OK
>>>>
>>>> Request Headers
>>>>
>>>> OPTIONS /auth2 HTTP/1.1
>>>>
>>>> Host: medistreet.in
>>>>
>>>> Connection: keep-alive
>>>>
>>>> Access-Control-Request-Method: POST
>>>>
>>>> Origin: http://localhost
>>>>
>>>> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
>>>> (KHTML,
>>>> like Gecko) Chrome/34.0.1847.116 Safari/537.36
>>>>
>>>> Access-Control-Request-Headers: accept, content-type
>>>>
>>>> Accept: */*
>>>>
>>>> Referer: http://localhost/
>>>>
>>>> Accept-Encoding: gzip,deflate,sdch
>>>>
>>>> Accept-Language: en-US,en;q=8
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> POST:
>>>>
>>>>
>>>>
>>>> Remote Address:54.254.159.166:80
>>>>
>>>> Request URL:http://medistreet.in/auth2
>>>>
>>>> Request Method:POST
>>>>
>>>> Status Code:200 OK
>>>>
>>>>
>>>

Re: CORS issue with Tomcat and Android Webview

[Jose María Zaragoza]

-- Forwarded message --
From: Terence M. Bandoian 
Date: 2014-04-22 20:12 GMT+02:00
Subject: Re: CORS issue with Tomcat and Android Webview
To: Tomcat Users List 


On 4/22/2014 11:03 AM, Ankit Singhal wrote:
>
> Also we tried to give the same call from Android App to some different Node
> server and things worked fine. So it seems some problem with Tomcat only.
>


A silly question:

What does it have to do Tomcat's CORS support with W3C Widget Access
specification ?

I have no idea about Phonegap but it looks like that it prefers to
follow that specification for managing requests to different domains ,
right ?

>
> On Tue, Apr 22, 2014 at 9:22 PM, Ankit Singhal wrote:
>
>> Hi All
>>
>>
>>
>> I am facing a strange problem with Tomcat 8 and CORS. I am developing a
>> Hybrid web app using ionicframework, AngularJS, Cordova as front end and
>> Tomcat 8 and Spring 3 as back-end.
>>
>>
>>
>> For easy development I am testing the functionality in chrome , where
>> things are working fine. I added CORS filter with standard configuration to
>> allow CROSS ORIGIN requests from browser.
>>
>>
>>
>> Today I converted my app into Android App and started making AJAX calls to
>> tomcat server. To my surprise things stopped working . I debugged further
>> and anomalies in the headers of browser and Android webview.
>>
>>
>>
>> Browser sends 2 requests for same call OPTION and POST. But Android
>> Webview only send POST request.
>>
>>
>>
>> Browser Request Headers:
>>
>>
>>
>> OPTION:
>>
>> Remote Address:54.254.159.166:80
>>
>> Request URL:http://medistreet.in/auth2
>>
>> Request Method:OPTIONS
>>
>> Status Code:200 OK
>>
>> Request Headers
>>
>> OPTIONS /auth2 HTTP/1.1
>>
>> Host: medistreet.in
>>
>> Connection: keep-alive
>>
>> Access-Control-Request-Method: POST
>>
>> Origin: http://localhost
>>
>> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/34.0.1847.116 Safari/537.36
>>
>> Access-Control-Request-Headers: accept, content-type
>>
>> Accept: */*
>>
>> Referer: http://localhost/
>>
>> Accept-Encoding: gzip,deflate,sdch
>>
>> Accept-Language: en-US,en;q=0.8
>>
>>
>>
>>
>>
>> POST:
>>
>>
>>
>> Remote Address:54.254.159.166:80
>>
>> Request URL:http://medistreet.in/auth2
>>
>> Request Method:POST
>>
>> Status Code:200 OK
>>
>>
>>
>> Request Headers
>>
>> Accept:application/json, text/plain, */*
>>
>> Accept-Encoding:gzip,deflate,sdch
>>
>> Accept-Language:en-US,en;q=0.8
>>
>> Connection:keep-alive
>>
>> Content-Length:39
>>
>> Content-Type:application/json;charset=UTF-8
>>
>> Host:medistreet.in
>>
>> Origin:http://localhost
>>
>> Referer:http://localhost/
>>
>> User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/34.0.1847.116 Safari/537.36
>>
>>
>>
>>
>>
>> Android Request Headers:
>>
>>
>>
>> Request URL:http://medistreet.in/auth2
>>
>> Request Method:POST
>>
>> Status Code:403 Forbidden
>>
>> Request Headers
>>
>> POST http://medistreet.in/auth2 
>> HTTP/1.1
>>
>> Accept: application/json, text/plain, */*
>>
>> Origin: file://
>>
>> User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT1033 Build/KXB20.25-1.31)
>> AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile
>> Safari/537.36
>>
>> Content-Type: application/json;charset=UTF-8
>>
>>
>>
>>
>>
>> The difference here I see is with Number of headers and specially Origin
>> Header  which contains "file://". To overcome this I added  more option
>> is CORS filter:
>>
>>
>>
>> 
>>
>> CorsFilter
>>
>> org.apache.catalina.filters.CorsFilter
>>
>> 
>>
>> cors.allowed.origins
>>
>> *
>>
>> 
>>
>> 
>>
>> 
>>
>> CorsFilter
>>
>> /*
>>
>> 
>>
>>
>>
>> Another strange thing is that when we send the same Android request
>> Headers from POSTMAN (chrome REST plugin) request is successful.
>>
>>
>>
>> POSTMAN Headers:
>>
>>
>>
>> Remote Address:54.254.159.166:80
>>
>> Request URL:http://medistreet.in/auth2
>>
>> Request Method:POST
>>
>> Status Code:200 OK
>>
>> Request Headers
>>
>> Accept:application/json, text/plain, */*
>>
>> Accept-Encoding:gzip,deflate,sdch
>>
>> Accept-Language:en-US,en;q=0.8
>>
>> Cache-Control:no-cache
>>
>> Connection:keep-alive
>>
>> Content-Length:39
>>
>> Content-Type:application/json;charset=UTF-8
>>
>> Cookie:fbm_464284963672217=base_domain=.medistreet.in;
>> JSESSIONID=87435755F03D7B045DD6E33D1D16AC51;
>> fbsr_464284963672217=dUjASqF-nWquTFPk_-5wAtI0jTImBNkVxglUT-gHNSw.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUQ0UEZZVXE4eDFIa3V6OW9RV3RlVzE4clQ3SmtVRjBzU1VVcXhfV1BENG8tV1BZYjZuTVdDdDJGMmw4TjJUeUxLSzhIYUU1TUc2MkY5cXZOaXRMN3NGdklNZkhySmluYkdjMWs1THAyZnZYa2Zpa1lLVGJ0OWlZeXVvRDNWUDhTblp4czJCeTQ4RTlYY1ZjUmhGWGJsNnFMeG5YcWxxQ0d3b0hRM1ctRWhlLU02ejVITnhhakJtaVFRVk9PanFBVUtMSlk4Y3pLa0RtejFSY3RjTEFRaW16X1lkLUFkUngxUGwzajVNczdWOFdiMW9xeC05QjA0T2xraXktVU9ZalpSRUJsZjhibnZjQXQ2aUZTc1d2QTA3TjVUYnFIekVxQ0JIYjJNRG4tSUJhajl6TEMwQlVpckM0YzJXbC1GVDNhcyIsImlzc3VlZF9hdCI6MTM5ODE4MDg2NCwidXNlcl9pZCI6Ij

Re: jax-ws and tomcat 7 with ssl

[Jose María Zaragoza]

2014-03-18 22:58 GMT+01:00 Maria Cristina Siena
:
> Hi,
>
> I developed a web service using jax-ws and configured Tomcat to support SSL
> connection. Here are my steps:
>
> ** Step 1 - Generate a self-signed server certificate
>
> Use JDK 1.7 keytool:
>
> keytool -genkey -alias trackerdev -keypass changeit -storepass changeit
> -keystore D:\Tomcat7\htdkeystore\trackerdev.ks -ext san=ip:xx.x.x.xxx
>
> Is CN=xx.x.x.xxx, OU=it, O=companynamehere, L=citynamehere,
> ST=provincenamehere, C=ca correct?
>   [no]:  yes
>
> ** Step 2 - Configure Tomcat to support SSL connection
>
> On the dev server:
>
> Modify TOMCAT_HOME\conf\server.xml by adding the following block where
> keystoreFile and keystorePass are set to values from the previous step:
>
>  maxThreads="150" scheme="https" secure="true" clientAuth="false"
> sslProtocol="TLS"
>keystoreFile="htdkeystore/trackerdev.ks"
> keystorePass="changeit" />
>
> ** Step 3 - Export the generated server certificate to a certificate
> file
>
> On the dev server:
>
> keytool -export -alias trackerdev -storepass changeit -file
> D:\Tomcat7\htdkeystore\serverdev.cer -keystore
> D:\Tomcat7\htdkeystore\trackerdev.ks
>
> ** Step 4 - Import the server certificate into the truststore file (Open
> an administrator cmd window and hit Shift, Ctrl, Enter)
>
> Copy serverdev.cer from the dev server and on the local machine:
>
> keytool -import -v -trustcacerts -alias trackerdev -file
> C:\fromdevserver\serverdev.cer -keystore "C:\Program
> Files\Java\jdk1.7.0_51\jre\lib\security\cacerts" -keypass changeit
> -storepass changeit
>
> Trust this certificate? [no]:  yes
>
> ** Step 5 - Modify webapps's web.xml
>
> Add the following:
> 
> 
>
> com.sun.xml.ws.transport.http.servlet.WSServletContextListener
> 
> 
> 
> tracker
> 
> com.sun.xml.ws.transport.http.servlet.WSServlet
> 
> 
> 
> tracker
> /tracker
> 
> 
> 
> securedapp
> /tracker
> 
> 
> CONFIDENTIAL
> 
> 
>
> ** MY QUESTION IS THIS:
>
> I tested the web service using https and it worked for me. I provided
> another team with my server certificate so that they could add it to their
> truststore file but I have no idea if they did or not. All I know is that
> they got an error loading the wsdl. The exception they got was:
>
> Error loading [https://xx.x.x.xxx:8444/appname/tracker?wsdl]
> org.apache.xmlbeans.XmlException: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
> They claim that the certificate is not properly signed. Well, I don't know.
> It is a self-signed certificate.
>
> Any ideas would help!
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


I guess that they must add your PK certificate to their keystore. Ask them

Read the next link ( in Spanish ):
http://danielriab.wordpress.com/2012/08/13/java-pkix-path-building-failed/

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Filter behaviour ( settinf Content-Length header )

[Jose María Zaragoza]

2014-02-27 17:24 GMT+01:00 Konstantin Kolinko :
> 2014-02-27 18:31 GMT+04:00 Jose María Zaragoza :
>>
>> And what do you recommend to me for forcing to return  a Content-Type ?
>> Some weird clients require it
>>
>> If I cannot do it with a Filter , where can I do it ?
>>
>
> You can do it in a Filter.
>
> As I said,
> 1. The header must be set before writing anything to the output
> stream. That is per HTTP/1.1 protocol.
> 2. The header must have correct value.
>
> How to implement that is up to you (do not expect me to teach you java
> programming, but maybe others here will do).
>
> If you do not know the length before response is generated, a solution
> can be to buffer the response before writing it out.
>
> Buffering can be done by writing an adapter around servlet response
> that replaces default output stream with a buffered one. The adapter
> can be implemented by extending
> javax.servlet.http.HttpServletResponseWrapper class.  Some caching
> frameworks have filters that perform such buffering and caching.


Thanks.
Finally, I did it with a servlet and it works

I tried with a Filter and a HttpServletResponseWrapper. Long time
before asking here.
And I wrapped the response output stream into a FilterOutputStream ,
so I could count every byte written
I got the right content length . All OK and I was happy.
But , when I tried set the header with
wrapper.setHeader("Content-Length", count ) , and as you told me
before, the response headers had already been flushed ( i checked
isCommited() )
I could modify output stream data but I couldn't modify response
headers. I don't understand but it is

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Filter behaviour ( settinf Content-Length header )

[Jose María Zaragoza]

Thanks


And what do you recommend to me for forcing to return  a Content-Type ?
Some weird clients require it

If I cannot do it with a Filter , where can I do it ?

2014-02-27 12:41 GMT+01:00 Konstantin Kolinko :
> 2014-02-27 12:18 GMT+04:00 Jose María Zaragoza :
>> Hello:
>>
>> I'm using Tomcat 6.0.24 and I'm testing how to return Content-Length header
>> So I've defined a Filter and declared in web.xml of my web application
>>
>> If I do this:
>>
>> HttpServletResponse httpResponse = (HttpServletResponse) response;
>> chain.doFilter(request, response);
>> httpResponse.setHeader("Content-Length", "200");
>>
>> doesn't work ( it doesn't set the header and
>> Transfer-Encoding:chunked is returned )
>> )
>>
>> but
>>
>> HttpServletResponse httpResponse = (HttpServletResponse) response;
>> httpResponse.setHeader("Content-Length", "200");
>> chain.doFilter(request, response);
>>
>> does and it works OK
>>
>> Why ?
>> Does anyone use a filter to set Content-Length header ?
>> Must I declared in web.xml of Tomcat ?
>>
>>
>
> 1. Why are you using such an old build of 6.0.x?
> 2. You cannot set headers when any part of the response has already
> been sent to client. At that time headers have already been sent over
> the wire.
> See ServletResponse.isCommitted().
> 3. You should be careful with that header. If you set it to a wrong
> value you may break something.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Filter behaviour ( settinf Content-Length header )

[Jose María Zaragoza]

Hello:

I'm using Tomcat 6.0.24 and I'm testing how to return Content-Length header
So I've defined a Filter and declared in web.xml of my web application

If I do this:

HttpServletResponse httpResponse = (HttpServletResponse) response;
chain.doFilter(request, response);
httpResponse.setHeader("Content-Length", "200");

doesn't work ( it doesn't set the header and
Transfer-Encoding:chunked is returned )
)

but

HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Content-Length", "200");
chain.doFilter(request, response);

does and it works OK

Why ?
Does anyone use a filter to set Content-Length header ?
Must I declared in web.xml of Tomcat ?


Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

UserDatabase resource into META-INF/context.xml

[Jose María Zaragoza]

Hello:

I'm using Tomcat 6.0.24

I want to set a realm per only one application, so I define in its
META-INF/context.xml








my-users.xml is stored in $CATALINA_BASE/conf/


But it doesn't work; a javax.naming.NameNotFoundException exception is
thrown when Tomcat restarts


If I put  under GlobalNamingResources in server.xml , works
fine, But I would prefer to held all configuration in context.xml

is it possible ? or do I need to use GlobalNamingResources ?
is the pathname right ?


Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Modify content in META-INF/context.xml

[Jose María Zaragoza]

2013/12/18 Jeffrey Janner :

> I think that at 6.x you need to do one of the following to the context.xml 
> file located in the configBase ($CATALINA_BASE/conf/[enginename]/[hostname]/):
> 1. make the changes to the file there and reload the webapp
> 2. make the changes in the META_INF file and copy it to the configBase, then 
> reload the webapp
> 3. delete the file from the configBase, then redeploy the webapp.
>
> With 7.x (at least the latest version) you get the copyXML paramter in the 
>  element which will give you more control over the process.
> Jeff


Hello Jeffrey:

Thanks a lot. You're right in all the points
I was testing all this options yesterday and I would like feedbak the
results to the list , but you did it before than me

Finally, my choice is the 3º option

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Modify content in META-INF/context.xml

[Jose María Zaragoza]

> Automatic deployment has had a bit of an overhaul in Tomcat 8 and those 
> changes have been back-ported to 7.0.x for the next release. The behaviour in 
> a number of edge cases is now clearly defined:
> http://ci.apache.org/projects/tomcat/tomcat8/docs/config/automatic-deployment.html
>
> In your case, you'd want to deploy as a WAR with unpackWARs set to true.
> Then, any time you edit the META-INF/context.xml in the unpacked directory 
> the web application will be redeployed using the new context.xml
>
> This might work with 6 but I can't remember (it is a long time since I looked 
> at the 6.0.x automatic deployment code).
>
> -
>
>
> I'm on 6.0.26 and have this setting in my conf/server.xml file.
>
>unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
>
>
> I was thinking it handled this kind of thing, but I may be wrong.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org




Thanks

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Modify content in META-INF/context.xml

[Jose María Zaragoza]

2013/12/17 André Warnier :
> Hi.
> Without having any idea really of the precise mechanism behind database
> connections, I can still imagine that with the possibility of pooled
> connections to said database(s), it may be difficult to detect such a change
> in the corresponding context.xml and apply them "on the fly". Even more so
> if such connections could be shared between different applications.


Thanks, but I didn't said that I neeed to apply changes "on the fly".
Indeed, I said "Restart the web application is not a problem"

I only wan't to have to redeploy the web application to modify
META-INF/context.xml and apply changes.


Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Modify content in META-INF/context.xml

[Jose María Zaragoza]

Hello:

I'm using Apache Tomcat 6.0.24 and I've deployed a web application
that defines its resources into META-INF/context.xml , especially
information about connection pool

Sometimes I''ve to edit that file to change some data , i.e, database's JDBC url

I've seen that restart web application is not enough to apply these
changes  , so I need to redeploy the web application ( I mean, unpack
WAR file, modify it , repack it again, copy to deploy folder ...)

My question:

Do you know other way to modify META-INF/context.xml and apply the
changes and don't have to redeploy the WAR file ?

Restart the web application is not a problem, but restart Tomcat is

Any ideas ?

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: What if my database is unavailable at startup?

[Jose María Zaragoza]

2013/12/13 Dames, Kristopher J :
>> With testOnBorrow="true" ( I think that is the default value in Tomcat
>> 6 ) + validationQuery="SELECT 1 FROM DUAL" , that should work
>>
>
> So you are saying my configuration should work as-is to allow Tomcat to 
> create a database connection pool to a database that was unavailable when 
> Tomcat was started?


Yes , I do it and it works
But I dont use some parameters like maxOpenPreparedStatements ,
accessToUnderlyingConnectionAllowed
Furthermore, I use default values for testOnXXX
The others , at first sight, are similar


>
>
>
>> I've never used
>>
>> maxOpenPreparedStatements="0"
>> accessToUnderlyingConnectionAllowed="false"
>>
>> what are they for ?
>>
>
> maxOpenPreparedStatements: The maximum number of open statements that can be 
> allocated from the statement pool at the same time
> accessToUnderlyingConnectionAllowed: Allows the raw physical connection to 
> the database to be accessed by the webapp
>
> This email contains information which may be PROPRIETARY IN NATURE OR 
> OTHERWISE PROTECTED BY LAW FROM DISCLOSURE and is intended only for the use 
> of the addresses(s) named above.  If you have received this email in error, 
> please contact the sender immediately.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: What if my database is unavailable at startup?

[Jose María Zaragoza]

With testOnBorrow="true" ( I think that is the default value in Tomcat
6 ) + validationQuery="SELECT 1 FROM DUAL" , that should work

I've never used

maxOpenPreparedStatements="0"
accessToUnderlyingConnectionAllowed="false"

what are they for ?




2013/12/13 Dames, Kristopher J :
> Daniel,
>
> I use tomcat 6.0.32. Here is an example Resource tag:
>
>  accessToUnderlyingConnectionAllowed="false"
> auth="Container"
> defaultAutoCommit="true"
> defaultReadOnly="false"
> defaultSchema="x"
> driverClassName="oracle.jdbc.driver.OracleDriver"
> factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
> initialSize="0"
> logAbandoned="false"
> maxActive="20"
> maxIdle="8"
> maxOpenPreparedStatements="0"
> maxWait="5000"
> minEvictableIdleTimeMillis="180"
> minIdle="5"
> name="jdbc/x"
> numTestsPerEvictionRun="3"
> password="x"
> poolPreparedStatements="false"
> removeAbandoned="true"
> removeAbandonedTimeout="300"
> testOnBorrow="true"
> testOnReturn="false"
> testWhileIdle="true"
> timeBetweenEvictionRunsMillis="180"
> type="javax.sql.DataSource"
> url="jdbc:oracle:thin:@x.y.com:1521:x"
> username="x"
> validationQuery="SELECT 1 FROM DUAL"
> />
>
> This email contains information which may be PROPRIETARY IN NATURE OR 
> OTHERWISE PROTECTED BY LAW FROM DISCLOSURE and is intended only for the use 
> of the addresses(s) named above.  If you have received this email in error, 
> please contact the sender immediately.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

META-INF/context.xml & connection pool

[Jose María Zaragoza]

Hello:

I'm using Tomcat 6.0.23
Yes, I know is an old release

Anyway, I would like to use tomcat-jdbc connection pool JAR

So, I 've stored a context.xml into META-INF folder in my WAR, as







My question is

should I store JAR ( tomcat-jdbc-x.x.x.jar & tomcat-juli-x.x.x.jar )
into WEB-INF/lib folder in WAR
or into $TOMCAT_HOME/lb folder ?

Could there be a problem by store them into the own WAR ( WEB-INF/lib ) ?


Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

context.xml in META-INF

[Jose María Zaragoza]

Hello:

I'm using Tomcat 6.0.23 .
Yes, I know it's an old release

I would like to use

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Release a database connection from pool

[Jose María Zaragoza]

2013/9/10 Christopher Schultz 

> It can't: not all JDBC drivers use TCP/IP, so the only thing the DBCP
> can do is call Connection.close and hope the driver does something
> intelligent.

It makes sense


>
> That's up to the database server. I can't imagine a db server that
> would not know what to do under these circumstances.

OK. Thanks Christopher

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Release a database connection from pool

[Jose María Zaragoza]

2013/9/9 Daniel Mikusa :
> On Sep 9, 2013, at 2:56 PM, Jose María Zaragoza  wrote:
>>
>> Or does it do anything more by using propietary driver's commands? I
>> asking me if ( some ) database servers need a special command to
>> finish a connection/session ?
>
> Not sure what you mean here.  Can you elaborate?

Thanks.

I would like to know if closing the underlying TCP connection is
enough to notify to database server that it has to release any
resource reserved for that connection.

Or some database servers have got a propietary way ( a protocol , i
mean ) to finish connections ( known by propietary driver )
Of course, finally, the TCP connection is closed but I wonder if there
is any message interchange between driver and database server to
finish the connection.

Really my question is if an intermediate firewall finishes the
connection , the database server realizes that it must to release its
resources

I don't know if I explained better ...


Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Release a database connection from pool

[Jose María Zaragoza]

Hello:

I've got a simple question.
I'm using Tomcat 6 & DBCP library ( bit I've got the same question
with Tomcat JDBC pool )


My question is:

when DBCP wants to release a database connection from the pool ( for
example , if it is idle for more than minEvictableIdleTimeMillis )

does it just close the TCP socket connection ( FIN packet )?
If it does, is it enough for remote database server knows that it has
to release its resources ?

Or does it do anything more by using propietary driver's commands? I
asking me if ( some ) database servers need a special command to
finish a connection/session ?


Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [Probe]- Tomcat deployment

[Jose María Zaragoza]

http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html


2013/8/3 vicky :
> Hi Guys,
>
> Is there a way by which we can handle the tomcat deployment of war files from 
> a central location via a Web UI screen ?
>
> I 'm aware of PROBE (http://code.google.com/p/psi-probe/) by which we can do 
> the deployment from a Web UI screen but for that we need to
> individually deploy the Probe.war  across all instances .
>
> Is there a way out by which we can handle the tomcat deployments from a 
> central location ( i.e  by avoiding  deploying probe.war on all instances)
> on todifferent physical machines.
>
> Please suggest & share your valuable thoughts
>
>
> Thanks
> Vicky

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Share info across different sessions & servers

[Jose María Zaragoza]

rverStaticMember=new
> StaticMember(remoteHostIPv4Address,remoteHostPort,0);
>  }
> }
>
>  //tribes always uses 4000 if available (otherwise
> it uses 4001, 4002 etc)
>  //this application will output the actual tribes
> address => std output
>  //but setting remoteHostPort to 4000 may not be
> appropriate if you have a router
>  //if you have a router then the remote host needs
> to know the IPv4 for the router and
>  //the redirection port number pointing to a tribes
> socket for a LAN machine
>  //for example:
>  //the remote router has fixed IP address say
> 203.12.32.235
>  //the remote machine running tribes (on p4000) has
> fixed LAN address say 192.168.1.63
>  //(in Linux you set fixed LAN IP address in the
> '/etc/hosts' file)
>  //lets say you create a port-forwarding in the
> router so port 4 redirects to 192.168.1.63 / port 4000
>  //in such a case the value for
> remoteHostIPv4Address will be 203.12.32.235
>  //and remoteHostPort will be 4
>  //ie {203.12.32.235 , 4} => redirects to =>
> {192.168.1.63 , 4000}
>  //if there is no router (say you have 2 VPS), then
> no redirect is required
>  //whereupon remoteHostPort will probably be 4000
> (as long as that address is free when tribes starts)
>
>
> msgListener = new MyMessageListener();
> mbrListener = new MyMemberListener();
> myChannel = new GroupChannel();
> myChannel.addMembershipListener(mbrListener);
> myChannel.addChannelListener(msgListener);
> myChannel.start(Channel.DEFAULT);
> log("TRIBES HAS STARTED ON PORT: "+Integer.toString(getLocalPort()));
> }
>
> void sendMessage(String message,Member member) throws ChannelException{
> Member[] group = new Member[]{member};
> this.myChannel.send(group,new
> ByteMessage(message.getBytes(UTF8)),Channel.SEND_OPTIONS_DEFAULT);
> }
>
> String addressesForThisMachine() throws SocketException{
> String ss="network addresses for this machine: ";
> Enumerationee;
> Enumerationei;
> ei=NetworkInterface.getNetworkInterfaces();
>  while(ei.hasMoreElements()){
>  ee=((NetworkInterface)ei.nextElement()).getInetAddresses();
>   while(ee.hasMoreElements()){
>   ss=ss+ee.nextElement().getHostAddress()+";";
>   }
>  }
> return ss;
> }
>
>
> /*
>  * subserver will run this
>  */
> private void engageInDialogue(){
>  do{
>   try{
>   this.sendMessage("* hello superserver *",superServerStaticMember);
>   }
>   catch (ChannelException ex) {
>   TribesRemote.log(ex);
>   }
>   try {
>   Thread.currentThread().sleep(1);
>   }
>   catch (InterruptedException ex) {
>   System.exit(0);
>   }
>   if(System.currentTimeMillis()-lastMessageTime()>12000){
>   log("no messages in last 12 seconds");
>   }
>  }while(true);
> }
> /*
>  * superserver will run this
>  */
> private void waitForMessages(){
>  do{
>   try{
>   Thread.currentThread().sleep(1);
>   }
>   catch (InterruptedException ex) {
>   System.exit(0);
>   }
>  }while(true);
> }
>
>  int getLocalPort() {
>  return this.myChannel.getLocalMember(true).getPort();
>  }
>
>  private void engage(){
>   if(this.amSuperServer){
>   this.waitForMessages();
>   }
>   else{
>   this.engageInDialogue();
>   }
>  }
>
>  private long lastMessageTime() {
>  return this.lastMessageReceived;
>  }
>
>  void messageReceived(String message, Member sender) throws
> ChannelException {
>  this.lastMessageReceived=System.currentTimeMillis();
>   if(this.amSuperServer){
>   this.sendMessage(message + " ((hello back ))",sender);
>   }
>  }
>
>  private static class MyMessageListener implements ChannelListener{
>
>   @Override
>   public void messageReceived(Serializable s,Member sender){
>   byte[] b=((ByteMessage)s).getMessage();
>   String message=new String(b,TribesRemote.UTF8);
>   TribesRemote.log("message received:  "+message);
>try{
>TribesRemote.tribesRemote.messageReceived(message,sender);
>}
>catch (ChannelException ex) {
>TribesRemote.log(ex);
>}
>   }
>
>   @Override
>   public boolean accept(Serializable msg, Member sender) {
>   return true;
>   }
>  }
>
>  //this is part of clustering that has not been removed from tribes
>  private static class MyMe

Re: Share info across different sessions & servers

[Jose María Zaragoza]

Thanks Vince.
I'll take a look , but , it doesn't look trivial , not at all

Regards


2013/7/4 Vince Stewart 

> Hi Jose,
>
> a couple of things,
> 1) I use embedded Tomcat to build my application and this has allowed me to
> maintain 2 single-line patches in tribes classes by adding tribes source
> code to my compilations. However those patches are only necessary with
> large messages that take more than 3 seconds to be transmitted from the
> transmitting machine to the Internet Service Provider machine (approx 0.5
> meg for my system). There is a config setting (Sender/Transport/timeout)
> that's supposed to alter this 3 second timeout limit but I'm not sure it
> works.
> 2) The implementation is not at all trivial. You have to register
> StaticMember objects because usual member discovery does not work over
> wide-area network (WAN). I allocate one machine as "SuperServer" and all
> other machines have to enroll with SuperServer at startup. All machines
> need to have a unique combination of Ipv4 address and port number (which
> might represent a redirection port for use by the router whereupon
> networked machines also need LAN addresses set). Once registration is
> complete, all sub-Server machines can send/receive SuperServer and vice
> versa.
>
> There is a tutorial on-line which is adequate but not for WAN. I think you
> have at least two weeks of work in front of you using tribes but I am very
> happy I used this method.
> None of my code would add much (except confusion) to that in the tutorial.
> Make sure you start without multicast enabled as it currently is suitable
> only for LAN.
>
>  ///Class Constructor
>  public ServerMessaging() throws SocketException{
>  this.myChannel=new GroupChannel();
>  ChannelListener msgListener = new ServerMessaging.MyMessageListener();
>  MembershipListener mbrListener = new ServerMessaging.MyMemberListener();
>  myChannel.addMembershipListener(mbrListener);
>  myChannel.addChannelListener(msgListener);
>   try{
>
>
> myChannel.start(Channel.MBR_TX_SEQ|Channel.MBR_RX_SEQ|Channel.SND_TX_SEQ|Channel.SND_RX_SEQ);//no
> multicast
>   }
>   catch(ChannelException e){
>   U.log(e);
>   }
>  }
>
> public void detectOrderNumber_EnrollWithSuperServer() throws
> ChannelException{
> setMyServerOrderStatus(); // machine reads its mac address or some file;
> then from a table will set serverOrderNumber to 0 for superserver ; others
> 1,2,3...
>  if(this.getServerOrderNumber()==0){  meaning this is the superserver
>  someObject.doSomeThingMaybe();
>  }
>  else{
>  this.sendAckRequiredMessage(0,"Enrollment"); /// first argument specifies
> SuperServer, member 0 (a table will need to be provided to hold IPv4
> address and port for each member)
>  }
> }
>

Re: Share info across different sessions & servers

[Jose María Zaragoza]

Thanks Vince.
This could be an option.
The documentation is poor and I don't see many examples in the web

Could you send to  me some code as example & server.xml configuration ?

Regards





2013/7/3 Vince Stewart 

> I have am using "tribes" messaging to send messages between remote
> applications which include tomcat embedded. You construct your message and
> submit to a "sendMessage" process. All running apps are always listening
> for messages. They receive the message and then may or may not reply or
> broadcast as a result.
>
>
> On Wed, Jul 3, 2013 at 7:43 AM, Jose María Zaragoza  >wrote:
>
> > Thanks Christopher :
> >
> > Maybe I explained myself badly
> > I really need to send messages to a specific web session , not share data
> >
> > I need to pass some data ( message ) to a specific session from a remote
> > system ( a remote process from a remote system).
> > Finally, this data is passed to client's browser by AJAX Reverse
> >
> > My idea is the session creates a dynamic Queue and it configures itself
> as
> > Consumer
> > If I pass the Queue to remote process ( in message.replyTo() ) , the
> remote
> > process can send data to that specific session
> >
> > I could use a RDBS but , in this case, session needs to create a thread
> to
> > polling on a share table. And I don't like this idea, sorry.
> >
> > memcached sounds good but I don't know anything about it and I don't know
> > is is based on a event-driven architecture
> >
> >
> >
> > I need
> >
> > 1) send data/message from a remote process to a specific web session
> > 2) execute some code in this session
> > 3) consume ( a.k.a, delete ) that message
> >
> > Persistence is not a requirement but ActiveMQ allows it
> >
> > I'l try it with ActiveMQ
> >
> > Thanks again and regards
> >
> >
> >
> >
> >
> > 2013/7/2 Christopher Schultz 
> >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA256
> > >
> > > Jose,
> > >
> > > On 7/2/13 3:22 AM, Jose María Zaragoza wrote:
> > > > Thanks I need to share formatted text data  ( XML, key/value,
> > > > ...I'm not sure yet )
> > > >
> > > > I don't understand your comment about JMS . I will use a JMS broker
> > > > as ActiveMQ . Probably it will be embebbed into the same JVM than
> > > > Tomcat server. ActiveMQ supports  persistent messages
> > >
> > > While JMS may work, it's really not the right solution. JMS is a
> > > messaging service, and you want a data-storage service.
> > >
> > > > I could use a database but I don't want to be making polling every
> > > > X seconds by a session
> > >
> > > You don't have to pull any data that the user doesn't need, do you?
> > >
> > > If you don't want to use a RDBMS, how about something like memcached?
> > > I asked about using memcached a while back on this list and got some
> > > other suggestions as well (as memcached doesn't make a great fail-safe
> > > shared-data storage system... it's really meant to be more of a cache
> > > of data available elsewhere).
> > >
> > > - -chris
> > > -BEGIN PGP SIGNATURE-
> > > Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> > > Comment: GPGTools - http://gpgtools.org
> > > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> > >
> > > iQIcBAEBCAAGBQJR0ycOAAoJEBzwKT+lPKRYaAsP+wfhqoLQWwJoYLpur0Z5VOeJ
> > > GUmylaW+kllpcbdFdVG81691rjUW1Ph5yQ2MQzPFKv0bCp2cyHMWQuJgAp1rq/Lo
> > > T6Bpba6IHeyucxEAk0XZfGu4efS+wc39ncq9C3GPamEvrN+locYGtM/lqSpkSxKz
> > > 5ADXD9o2//U5Nk00N0KHPH4xsp/wtx0NJgT1p9f1VUKgU9pVvGFhHvrozvdAEcnv
> > > 9U7IQroNO7uR3RnKL/rq9CH3MsxL/gbWCWEZ21WkaguLFysc67naaSQvimIoLok9
> > > eUfCK6Z5Bll4VeefK6YlA6E49sj01NZD1zuj0J/DGUiwBuFiNSZc1Z2NOZlue7Oo
> > > efpaRkjINouIfyk3RONa8/ZuNWf80ImX5vvJKEYK7ujc2LB7G8+ID95Toeej0eyg
> > > cZWHZo3N67nYgker4Kp4xn4VXBs4QfDzY/uOfsUyp8voNcCz6lBo38w8T3jvVJzV
> > > ci18cbWdRXQ3NrlaBkI8qJeEzMWAegM7C1IqJUspmlDHvsUIiamGA+ZF6nBNPr16
> > > w3lx8X8xWjGM63OQaoYMbTc2ZXFCkP0zkXXEcx49zyGMSEDSk2NySw2HkAOh9iVx
> > > tr7YCDChtFg8mBQPY6CiiasEtn8j9JMK/XawdDI34LTsO1molB5OvJDGo558BqMm
> > > 3hK/JZGxPkEPapvOfWRM
> > > =tOMh
> > > -END PGP SIGNATURE-
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >
> >
>
>
>
> --
> Vince Stewart
>

Re: Share info across different sessions & servers

[Jose María Zaragoza]

Thanks Christopher :

Maybe I explained myself badly
I really need to send messages to a specific web session , not share data

I need to pass some data ( message ) to a specific session from a remote
system ( a remote process from a remote system).
Finally, this data is passed to client's browser by AJAX Reverse

My idea is the session creates a dynamic Queue and it configures itself as
Consumer
If I pass the Queue to remote process ( in message.replyTo() ) , the remote
process can send data to that specific session

I could use a RDBS but , in this case, session needs to create a thread to
polling on a share table. And I don't like this idea, sorry.

memcached sounds good but I don't know anything about it and I don't know
is is based on a event-driven architecture



I need

1) send data/message from a remote process to a specific web session
2) execute some code in this session
3) consume ( a.k.a, delete ) that message

Persistence is not a requirement but ActiveMQ allows it

I'l try it with ActiveMQ

Thanks again and regards





2013/7/2 Christopher Schultz 

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jose,
>
> On 7/2/13 3:22 AM, Jose María Zaragoza wrote:
> > Thanks I need to share formatted text data  ( XML, key/value,
> > ...I'm not sure yet )
> >
> > I don't understand your comment about JMS . I will use a JMS broker
> > as ActiveMQ . Probably it will be embebbed into the same JVM than
> > Tomcat server. ActiveMQ supports  persistent messages
>
> While JMS may work, it's really not the right solution. JMS is a
> messaging service, and you want a data-storage service.
>
> > I could use a database but I don't want to be making polling every
> > X seconds by a session
>
> You don't have to pull any data that the user doesn't need, do you?
>
> If you don't want to use a RDBMS, how about something like memcached?
> I asked about using memcached a while back on this list and got some
> other suggestions as well (as memcached doesn't make a great fail-safe
> shared-data storage system... it's really meant to be more of a cache
> of data available elsewhere).
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJR0ycOAAoJEBzwKT+lPKRYaAsP+wfhqoLQWwJoYLpur0Z5VOeJ
> GUmylaW+kllpcbdFdVG81691rjUW1Ph5yQ2MQzPFKv0bCp2cyHMWQuJgAp1rq/Lo
> T6Bpba6IHeyucxEAk0XZfGu4efS+wc39ncq9C3GPamEvrN+locYGtM/lqSpkSxKz
> 5ADXD9o2//U5Nk00N0KHPH4xsp/wtx0NJgT1p9f1VUKgU9pVvGFhHvrozvdAEcnv
> 9U7IQroNO7uR3RnKL/rq9CH3MsxL/gbWCWEZ21WkaguLFysc67naaSQvimIoLok9
> eUfCK6Z5Bll4VeefK6YlA6E49sj01NZD1zuj0J/DGUiwBuFiNSZc1Z2NOZlue7Oo
> efpaRkjINouIfyk3RONa8/ZuNWf80ImX5vvJKEYK7ujc2LB7G8+ID95Toeej0eyg
> cZWHZo3N67nYgker4Kp4xn4VXBs4QfDzY/uOfsUyp8voNcCz6lBo38w8T3jvVJzV
> ci18cbWdRXQ3NrlaBkI8qJeEzMWAegM7C1IqJUspmlDHvsUIiamGA+ZF6nBNPr16
> w3lx8X8xWjGM63OQaoYMbTc2ZXFCkP0zkXXEcx49zyGMSEDSk2NySw2HkAOh9iVx
> tr7YCDChtFg8mBQPY6CiiasEtn8j9JMK/XawdDI34LTsO1molB5OvJDGo558BqMm
> 3hK/JZGxPkEPapvOfWRM
> =tOMh
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Share info across different sessions & servers

[Jose María Zaragoza]

Thanks
I need to share formatted text data  ( XML, key/value, ...I'm not sure yet )

I don't understand your comment about JMS . I will use a JMS broker as
ActiveMQ . Probably it will be embebbed into the same JVM than Tomcat
server. ActiveMQ supports  persistent messages


I could use a database but I don't want to be making polling every X
seconds by a session


Regards



2013/7/2 mailingl...@j-b-s.de 

> Hi!
>
> What kind of data do you want to share? Just a view "bytes"? Is there an
> requirement concerning durability/persistence/performance?
> Is this user=session related or do you want to share data in general?
> Usually if you have a session id the lb will route your user always to the
> same container? What about session replication, a database, terracotta?
>
> JMS: i doubt this will be working... you need a persistent message or a
> container started after the change was send will not noticed about it...
>
> Jens
>
>
>
> Sent from my iPhone
>
> On 02.07.2013, at 08:45, Jose María Zaragoza  wrote:
>
> > Hello:
> >
> > I need to share data between sessions running in different Tomcat server.
> >
> > I 'd been thinking about using a JMS broker (as ActiveMQ ):
> >
> > - when a new session is created in Tomcat A, it's created a new unique
> > topic for this session
> > - the session registers itself as listener of that topic ( the only one
> > listener )
> > - publish the name of this topic by some way , so it can be found by
> > another session in Tomcat B
> >
> > I don't know if somebody has used something like this sometime, and how
> > he/she did it
> > Any suggestion/opinion  ?
> >
> > I'm not sure either use only one topic for all session created or one
> topic
> > per session ?
> > I think that one topic per session is more safe because if I use one
> topic
> > for all sessions, if one message is not read quickly by one consumer ( a
> > session ), could block the topic,
> > Obviously , i'll define a TTL for messages/topic
> >
> > Thanks and regards
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Share info across different sessions & servers

[Jose María Zaragoza]

Hello:

I need to share data between sessions running in different Tomcat server.

I 'd been thinking about using a JMS broker (as ActiveMQ ):

- when a new session is created in Tomcat A, it's created a new unique
topic for this session
- the session registers itself as listener of that topic ( the only one
listener )
- publish the name of this topic by some way , so it can be found by
another session in Tomcat B

I don't know if somebody has used something like this sometime, and how
he/she did it
Any suggestion/opinion  ?

I'm not sure either use only one topic for all session created or one topic
per session ?
I think that one topic per session is more safe because if I use one topic
for all sessions, if one message is not read quickly by one consumer ( a
session ), could block the topic,
Obviously , i'll define a TTL for messages/topic

Thanks and regards

Re: Tomcat 6.x leak with WSS4J library

[Jose María Zaragoza]

Thanks you very much, Christopher :

1)

Finally

-
-Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false

worked for me, but I want to find out the root cause for leaking. I afraid
to accelerate OOM in PermGen  with many redeploys

2)


>Perhaps a container-loaded component (wss4j?) is being configured to
>use a webapp-loaded component (log4j?). Have you placed anything that
>didn't come with Tomcat into Tomcat's lib/ directory?


I don't use log4j.jar and I guess neither another library in my WEB-INF/lib
( looking at Maven dependences ).

I don't have log4j.jar in $TOMCAT_HOME\lib



My web application uses slf4j + logback and I've got jcl-over-slf4j as a
Maven dependence

and I exclude that another library uses commons-logging with Maven
exclusion option



 commons-logging
   commons-logging



So, if logging system leaks, should be slf4j + logback, but I'm not sure




























2013/6/20 Christopher Schultz 

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jose,
>
> On 6/19/13 5:02 PM, Jose María Zaragoza wrote:
> > Thanks !
> >
> >> You should at least upgrade to 6.0.37. 6.0.24
> >
> > I agree with you but I can't. Anyway, I tested my webapp in Tomcat
> > 6.0.37 and it throws the same error; it only works in latest Tomcat
> > 7.x
>
> You really need to. Tell your bosses that you are vulnerable to a
> number of "important" security vulnerabilities that have been
> published for years, now.
>
> >> Why is your web application attempting to get a message's
> >> signature
> > during shutdown?
> >
> > I explained myself  badly . I wanted to say "after my webapp  is
> > redeployed and without any restart, the next requests to my webapp
> > throws that exception.
>
> This suggests that some component is being de-configured on webapp
> shutdown but then you are still trying to use it after the webapp
> shutdown (when the next version of the webapp).
>
> Perhaps a container-loaded component (wss4j?) is being configured to
> use a webapp-loaded component (log4j?). Have you placed anything that
> didn't come with Tomcat into Tomcat's lib/ directory?
>
> >> I think you have to use a ServletContextListener to properly
> >> tear-down your resources, otherwise they may be torn-down after
> >> Tomcat does things such as nulling-out static field references,
> >> which is likely to be the problem you are encountering, here.
> >
> > I agree but I have no idea how free resources managed by wss4j
> > library . I'm not an expert in JVM profiling but I can investigate
> > about it.
> >
> >> That's because the "log" reference is null. -
> >> -Dorg.apache.catalina.loader.
> >> WebappClassLoader.ENABLE_CLEAR_REFERENCES=false
> >
> > Great ! It could be a solution. I hope don't have collateral
> > effects ...
>
> The collateral effect is likely to be that your webapp doesn't crash
> (at least for this issue) but you might end up with a webapp-reload
> memory leak if you don't already have one.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJRwl9PAAoJEBzwKT+lPKRYMFoQAJ4CZa4iwUItpl8VlizLfaBE
> idgDbjWrZEEUp78iqo3+aJKnrLZpJIiHpx80PvXgJ8Dc9ifZS5jiObkfzcCdxwZj
> DMNCctEAIg6fmtnttFY5m8f73geLA8QBY2agie6BaxdfnXqFRPyGwefeVcuymnbv
> wkVu4W6XPXPSAZJhYaF3vS+L3hD3CUtStwg2/TEAlxaWtFgH+rDcmdwJsAQPkUxI
> FEYJTk5asTyQE/9Voq+wzHG3ygu9ZW48EgvHQAKtjPWpDk7FhYbiK0uVfB7W5F7F
> UbixxonlNO+KMW/zPqtDt9+wPXux9T1m8c3iflek/Oai9LfFflb+mw4x2UhSFx+d
> nN518ZsBB6mUyoOxgllGQECZSTT8xB/JFX7VxAMhTtpIn2ltFMhKhPKSKamRPKZb
> nwQcxHf7PC/AxXaZT429Qj1d0+rPi0MMeLhYShleestWnuYdM733fYwdru8rBRjx
> HWxDpFsJtp/LOKkJGTbw/0AT8yxkVXLKRjTxGOB7NWxSO/VCNq2l0H9711ECUAAK
> ki6MdbPog7nXgMwVAmegtJjSjg124Q8iGw9YiKSuRRWeZ6FuInLB7umlijUac81Z
> apZu1G8gfbpcQM36//cVEsFShCAKION2h+n9KE/bhLvYyBvS03u6tTyUS65VR9EY
> j9mkawDqdULHtGYNiv8V
> =2NOw
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat 6.x leak with WSS4J library

[Jose María Zaragoza]

Thanks !

>You should at least upgrade to 6.0.37. 6.0.24

I agree with you but I can't. Anyway, I tested my webapp in Tomcat 6.0.37
and it throws the same error; it only works in latest Tomcat 7.x

>Why is your web application attempting to get a message's signature
during shutdown?

I explained myself  badly . I wanted to say "after my webapp  is redeployed
and without any restart, the next requests to my webapp throws that
exception.

>I think you have to use a ServletContextListener to properly tear-down
>your resources, otherwise they may be torn-down after Tomcat does
>things such as nulling-out static field references, which is likely to
>be the problem you are encountering, here.

I agree but I have no idea how free resources managed by wss4j library .
I'm not an expert in JVM profiling but I can investigate about it

> That's because the "log" reference is null.
>- -Dorg.apache.catalina.loader.
> WebappClassLoader.ENABLE_CLEAR_REFERENCES=false

Great !
It could be a solution. I hope don't have collateral effects ...


Regards and thank you very much




2013/6/19 Christopher Schultz 

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
>

Tomcat 6.x leak with WSS4J library

[Jose María Zaragoza]

Hello:

This isn't an error in Tomcat, but it's an error what happens in my web
application by using Apache CXF +  WSS4J.

I'm using Tomcat 6.0.24 and I've found that it's fixed in 7.0.41 ( but not
in 6.03.7 )
But , for bussiness matters, I cannot upgrade from 6.0.24 to 7.x

I would like if somebody can address to me about what I could patch in my
Tomcat 6.x server
to fix some that was solved in 7.x. If more info is needed , I don't any
problem providing it
I pasted the mail what I sent to Apache CXF mail list. Thanks

Q:

I'm using WSS4J with Apache CXF 2.7.3, for signing SOAP messages
So, I'm using WSS4J 1.6.9 and xmlsec 1.5.3

These SOAP messages are sent by my WAR application to a remote webservice

When I redeploy my WAR into Tomcat server *without restart it*  , I always
get the next exception:

Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature:
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:105)
~[wss4j-1.6.9.jar:1.6.9]
 at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
~[wss4j-1.6.9.jar:1.6.9]
 at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
 at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
 at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
 at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
[cxf-api-2.7.3.jar:2.7.3]
 at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
~[cxf-api-2.7.3.jar:2.7.3]
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
~[cxf-api-2.7.3.jar:2.7.3]
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
~[cxf-rt-frontend-simple-2.7.3.jar:2.7.3]
 at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
~[cxf-rt-frontend-jaxws-2.7.3.jar:2.7.3]
 ... 41 common frames omitted
Caused by: org.apache.ws.security.WSSecurityException: Signature creation
failed
 at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:558)
~[wss4j-1.6.9.jar:1.6.9]
 at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:99)
~[wss4j-1.6.9.jar:1.6.9]
 ... 52 common frames omitted
Caused by: java.lang.NullPointerException: null
 at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.marshal(DOMReference.java:297)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.marshal(DOMSignedInfo.java:268)
~[xmlsec-1.5.3.jar:1.5.3]
 at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:216)
~[xmlsec-1.5.3.jar:1.5.3]
 at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:329)
~[xmlsec-1.5.3.jar:1.5.3]
 at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:553)
~[wss4j-1.6.9.jar:1.6.9]
 ... 53 common frames omitted


Any idea ?
I've to restart Tomcat server and all works fine again
Looks like a leak

When fails, if  I enable debug logging level, I don't see the the log
message in DOMReference.java , line 297

if (log.isDebugEnabled())
{
  log.debug("Marshalling Reference");

 }

When I restart Tomcat, this log message is shown

My CXF client configuration is

https://.*";>
  
   
  
  
  
   



 
  

 
 

 
 
 
 http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 http://www.w3.org/2001/10/xml-exc-c14n#"/>
 http://www.w3.org/2000/09/xmldsig#sha1"/>
 
 
 
 

maxIdleTime + Tomcat 6.0.23

[Jose María Zaragoza]

Hello:


I'm using Tomcat 6.0.23 and I'm looking info about threads created by
Tomcat HTTP Connector for processing requests.

I've seen that

- I cannot define a minSpareThread in Connector , in server.xml . And
default value is 0
I have to create a Executor to be able to define a minSpareThread

am I right ? why ?

- There isn't a property like maxIdleTime in Connector , so idle threads
remain forever
Why isn's there a default value ?

Again , I have to create a Executor to be able to define a maxIdleTime

am I right ? why ?


Thanks and regars

maxWait

[Jose María Zaragoza]

Hello:

I'm using Tomcat 6.0.23
I'm using DBCP library to pooling database connections.

When I define a  in context.xml
and set  maxWait to 2000 ms ,
sometimes datasource.getConnection() method lasts 15 seconds.

I've to define loginTimeout parameter in JDBC driver to get the effect that
I want  : a timeout retrieving a Connection

What is the meaning of maxWait ? When is triggered this timeout (maxWait) ?


Thanks and regards

validationQuery with Tomcat 7 JDBC Pool

[Jose María Zaragoza]

Hello:

I was using validationQuery in Tomcat 6 for JNDI datasources, so to check
connections before borrowing to the caller
And, about documentacion, testOnBorrow parameter is true by default

testOnBorrow - true or false: whether a connection should be validated
using the validation query each time it is borrowed from the pool. Default:
true

http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html

And all works fine


Now , I want to use JDBC Pool with a new web application deployed on that
Tomcat 6.
So, I consider it as an standalone application, and I use
org.apache.tomcat.jdbc.pool.DataSource class ( I use Spring-MyBatis to
configure datasource , injecting it as a  bean)

I've read in Tomcat 7 JDBC pool documentation that testOnBorrow is false by
default in this case
Is it right ? Must I define testOnBorrow = true explicitly ?
It's little bit strange that default values be different either access by
JNDI or bean  instantiation

Should I use org.apache.tomcat.jdbc.pool.DataSourceFactory instead
of org.apache.tomcat.jdbc.pool.DataSource ?
My doubt is if one is better than other in performance terms

Should I use META-INF/context.xml and to use  ?

Thanks and regards

Re: Tomcat Jdbc Pool - NumActive vs actual Established Connections

[Jose María Zaragoza]

2013/4/16 Kiren Pillay 

> Hi All,
>
> I am using the tomcat-jdpc-pool from within my spring application. I am
> noticing a discrepancy between the numActive/numIdle values that the pool
> reports versus the actual number of established connections to the
> database.
>
> For example, the pool reports 0 active and 4 idle connections while my
> netstat shows 5 connections established. Is this the correct behaviour?
>
>
Hello:

You could run netstat command to show socket TCP status and PID

Regards

Re: Tomcat JDBC Pooling - Connections

[Jose María Zaragoza]

Hi:

But I can see that you aren't using Tomcat JDBC pool, but oracle.jdbc.pool.
OracleDataSource , right ?


And I don't know how you set up your datasource to more than 200 maxActive
connections
Indeed, I don't know how you define the size of connection pool


Regards



2013/4/8 Madan KN 

> # 99% percent of the time we do have need for 200 active sessions across
> our application cluster. But due to some high spikes we end up with 2000
> sessions which is ending up in the pool with out getting evicted.*
>
> *
> # I think once the application is out of peak the connections are returned
> in either Round Robin/Random order, which is not making the condition for
> connections inactivity timeout and sweeper is failing to evict those
> connections.
> *
> *
> # How do we set something like LIFO, so that we can control and use only
> required connections during normal operating scenarios & evict which are
> not required.*
> *
> *
> *---
> *Configuration Being Used*
> ---
>   type="oracle.jdbc.pool.OracleDataSource"
>  driverClassName="oracle.jdbc.driver.OracleDriver"
>  factory="oracle.jdbc.pool.OracleDataSourceFactory"
>  queryTimeout="50"
>
>
> _connectionProperties="oracle.jdbc.ReadTimeout=3,oracle.net.CONNECT_TIMEOUT=3"
> url="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=
> test.dev.com)(PORT=1522))(ADDRESS=(PROTOCOL=TCP)(HOST=test.dev.com
> )(PORT=1522))(LOAD_BALANCE=yes)(CONNECT_DATA=
> (SERVER=DEDICATED)(SERVICE_NAME=test.service.com)))"
>  user="xx"
>  password="xxx"
>  connectionCachingEnabled="true"
>  connectionCacheName="testPool"
>
>
> connectionCacheProperties="MaxLimit=20,InitialLimit=10,MaxStatementsLimit=80,InactivityTimeout=1800"/>
>
>
> *Thanks*,
> Madan KN
>
>
>
> On Mon, Apr 8, 2013 at 6:15 PM, Daniel Mikusa  wrote:
>
> > On Apr 8, 2013, at 3:23 AM, Madan KN wrote:
> >
> > > *Hi All,*
> > >
> > > Currently we are using tomcat jdbc pooling for oracle 11g R12.
> >
> > What version of Tomcat are you using?  If you are using the pool directly
> > outside of Tomcat, what version of it are you using?
> >
> > > The problem
> > > we are facing is during the peak traffic (less than %2) of time the
> > > connections spike up to more than 100 sessions & never comes back to
> the
> > > normal / desired pool size.
> >
> > It would be helpful to see your configuration.  Please post it here,
> minus
> > comments.
> >
> > > Due to the connections are returned either in
> > > Round-Robin/Random to the application.
> >
> > How are you determining this?  Can you provide some background on why you
> > think this is causing a problem?
> >
> > >
> > > Is there a way we can try LIFO so that connections to evict idle /
> > unwanted
> > > pool size beyond certain limit?
> >
> > Not sure exactly what you mean here.  Is the "fairQueue" option what you
> > are looking for?
> >
> >   https://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html
> >
> > Dan
> >
> >
> > >
> > > *Madan KN*
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>

Re: Tomcat7 - ajax and connection pool : "connection closed" despite the use of "validationQuery" and "testOnBorrow"

[Jose María Zaragoza]

And that's right . You can define any SQL , but you prefer the easiest (
and fastest )

Indeed , you could use SELECT 1 FROM DUAL in MySQL, but it's not required
by using FROM DUAL
>From MySQL doc

"DUAL is purely for the convenience of people who require that all SELECT
statements should have FROM and possibly other clauses. MySQL may ignore
the clauses. MySQL does not require FROM DUAL if no tables are referenced."

I think that Oracle requires "FROM" word in queries ( I think )









2013/4/5 Propes, Barry L 

> Ok, thanks for clarification. I thought it had to be "from some faux table
> or object."
>
>
> -Original Message-
> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
> Sent: Friday, April 05, 2013 3:44 PM
> To: Tomcat Users List
> Subject: Re: Tomcat7 - ajax and connection pool : "connection closed"
> despite the use of "validationQuery" and "testOnBorrow"
>
> 'select 1 from dual' works in Oracle DB
>
> In MySQL, "select 1"
>
>
> 2013/4/5 Propes, Barry L 
>
> >  I could be wrong, but is that validationQuery attribute correct?
> >
> > "SELECT 1"  ? - I have validationQuery="select 1 from dual" in mine,
> > and my doc states it has to be a valid SQL statement returning at least
> one row.
> >
> > That may not factor in at all, just noticed it. Looked maybe out of
> kilter.
> >
> > -Original Message-
> > From: Jean-Claude Haw-King-Chon [mailto:jchaw-king-c...@medifirst.fr]
> > Sent: Friday, April 05, 2013 10:38 AM
> > To: Tomcat Users List
> > Subject: Re: Tomcat7 - ajax and connection pool : "connection closed"
> > despite the use of "validationQuery" and "testOnBorrow"
> >
> > ..
> >
> > My configuration :
> >
> >  >  name="jdbc/607"
> >  auth="Container"
> >  type="javax.sql.DataSource"
> >  username="x"
> >  password="x"
> >  driverClassName="com.mysql.jdbc.Driver"
> >  url="jdbc:mysql://localhost:3306/X"
> >  removeAbandoned="true"
> >  removeAbandonedTimeout="300"
> >  testOnBorrow="true"
> >  validationQuery="SELECT 1"
> >  logAbandoned="true"
> > />
> > Tomcat 7.0.29
> > Linux Fedora Core 12
> >
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat7 - ajax and connection pool : "connection closed" despite the use of "validationQuery" and "testOnBorrow"

[Jose María Zaragoza]

'select 1 from dual' works in Oracle DB

In MySQL, "select 1"


2013/4/5 Propes, Barry L 

>  I could be wrong, but is that validationQuery attribute correct?
>
> "SELECT 1"  ? - I have validationQuery="select 1 from dual" in mine, and
> my doc states it has to be a valid SQL statement returning at least one row.
>
> That may not factor in at all, just noticed it. Looked maybe out of kilter.
>
> -Original Message-
> From: Jean-Claude Haw-King-Chon [mailto:jchaw-king-c...@medifirst.fr]
> Sent: Friday, April 05, 2013 10:38 AM
> To: Tomcat Users List
> Subject: Re: Tomcat7 - ajax and connection pool : "connection closed"
> despite the use of "validationQuery" and "testOnBorrow"
>
> ..
>
> My configuration :
>
>   name="jdbc/607"
>  auth="Container"
>  type="javax.sql.DataSource"
>  username="x"
>  password="x"
>  driverClassName="com.mysql.jdbc.Driver"
>  url="jdbc:mysql://localhost:3306/X"
>  removeAbandoned="true"
>  removeAbandonedTimeout="300"
>  testOnBorrow="true"
>  validationQuery="SELECT 1"
>  logAbandoned="true"
> />
> Tomcat 7.0.29
> Linux Fedora Core 12
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat7 - ajax and connection pool : "connection closed" despite the use of "validationQuery" and "testOnBorrow"

[Jose María Zaragoza]

Hi Konstantin:

About this link

http://commons.apache.org/proper/commons-dbcp/configuration.html

If you have enabled "removeAbandoned" then it is possible that a connection
is reclaimed by the pool because it is considered to be abandoned. This
mechanism is triggered when (getNumIdle() < 2) and (getNumActive() >
getMaxActive() - 3)

I know that it's about  DBCP , not JDBC Pool in Tomcat 7, but
Do you know if it's the same  mechanism ?
In this case, this mechanism only is useful when pool is about to be
exhausted, right ?


Regards






>  Do you have queries that run or are used for more than 5 minutes in a
> single request?
> If so, then your removeAbandonedTimeout is too short and
> "removeAbandoned" will close them.
>
> http://commons.apache.org/proper/commons-dbcp/configuration.html
>
> BTW, your pool size is 8.
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat JDBC connection pool + JMX

[Jose María Zaragoza]

> Here's what I see when I look at a Tomcat server with a tomcat-jdbc 
> connection pool defined.
>
>   
> tomcat.jdbc:name="",type=ConnectionPool,class=org.apache.tomcat.jdbc.pool.DataSource
>
> I think this might also work (although it appears read-only).
>
>   Catalina:type=DataSource,class=javax.sql.DataSource,name=""
>


Thanks
But I don't define any JDNI name (  I don't need it )
This is my code ( Spring )

 
 
 
 
 
 
 
 



Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat JDBC connection pool + JMX

[Jose María Zaragoza]

2013/3/27 Charles Richard :
> Hi,
>
> There might be better ways but I monitor the c3p0 connection pool using
> jmxterm (my jar jmxterm-1.0-alpha-4-uber.jar).
>
> For c3p0, the mbean is com.mchange.Pooled...
>
> Hope this helps a little!


Thanks.
I use cmdline-jmxclient-0.10.3.jar
But I need  to know the path where MBean's Tomcat JDBC connection pool
 is registered to monitorize
Remember is a standalone application

For example, Tomcat's datasource MBean is registered in
Catalina:type=DataSource,path=$paths,host=localhost,class=javax.sql

.DataSource,name="$name"

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat JDBC connection pool + JMX

[Jose María Zaragoza]

Hello:


I'm using tomcat-jdbc as a connection pool in a standalone application.

I would like monitorize this pool by JMX .

How I can do that ?
What is the name of MBean ?


Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple JSESSIONID

[Jose María Zaragoza]

> The moral of the story is that nested URL spaces is a bad idea where
> sessions are concerned. We easily fixed that problem by moving the
> /-mounted webapp to a unique URL prefix (which wasn't trivial, since
> we had inter-webapp links, etc.) but it solved all of those weird
> problems.

Thanks.
But I've observed that any answer recommends to me to changing JSESSIONID name.
And I don't know why because that is the reason of my problems :  same
cookie name for different contexts

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple JSESSIONID

[Jose María Zaragoza]

2013/3/1 Nick Williams :
> APOLOGIES FOR TOP POSTING! (see below, were I correctly inline post this 
> apology)
>
> On Mar 1, 2013, at 1:58 PM, Nick Williams wrote:
>
>> Browsers send all of the cookies because that's the compliant thing to do. 
>> RFC-2109 [1] says:
>>
>>> If multiple cookies satisfy the criteria above, they are ordered in
>>> the Cookie header such that those with more specific Path attributes
>>> precede those with less specific.  Ordering with respect to other
>>> attributes (e.g., Domain) is unspecified.
>>
>>
>> Based on that, assuming Tomcat follows the rules Christopher says it does, 
>> you should be okay. The /app/myapplication cookie should always come first, 
>> and assuming it is valid Tomcat should always prefer it.
>>
>> Nick
>>
>> [1] http://www.ietf.org/rfc/rfc2109.txt
>
> My apologies for top posting! I don't normally do that. Slip of the 
> keyboard...


Thanks Nick
My apologies for top posting, too. I forgot it

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple JSESSIONID

[Jose María Zaragoza]

Thanks for your answers.

I wonder why browsers don't send only one JSESSIONID
If I request an URL as www.mydomain.com/app/myapplication/action.do
and it has got 2 cookies with the same name, one for www.mydomain.com/
and another for www.mydomain.com/app/myapplication/  , IMHO, that a
browser should send the most restrictive

Indeed, I don't know if there is some browser working like that.


Christopher,
if the browser sends a JSESSIONID to Tomcat and this JSESSIONID is not
tracked by the server , does any error happen ?  or is it created a
new session with a new identifier ?

Thanks and regards



2013/2/28 Caldarale, Charles R :
>> From: Nick Williams [mailto:nicho...@nicholaswilliams.net]
>> Subject: Re: Multiple JSESSIONID
>
>> > That's interesting. I would recommend a servlet filter that captures
>> > addCookie and friends to see where that "extra" one is being added.
>
>> The two JSESSIONIDs immediately above are in the request, so they're added
>> by the browser, not the server
>
> Unless the browser is part of a hacking attack, the JSESSIONID cookies 
> originally came from the server.  The filter would have to be applied to both 
> the ROOT and /app/myapplication contexts, so it might best be placed in 
> conf/web.xml to cover all webapps.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
> MATERIAL and is thus for use only by the intended recipient. If you received 
> this in error, please contact the sender and delete the e-mail and its 
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Multiple JSESSIONID

[Jose María Zaragoza]

Hello:

We're using Tomcat 6.0.24 as servlet container

This server listens for requests under the URL
www.mydomain.com/app/myaplication/


I've seen in my web browser that it has got 2 JSESSIONID for the same
domain at the same time


JSESSIONID: x
www.mydomain.com
/

and

JSESSIONID: 
www.mydomain.com
/app/myapplication/


Cheking request to my Tomcat server, I see


POST /app/myaplication/action/play.do

Cookie: DWRSESSIONID=F71Wlww0mrwuExOQoE3aLslewQj;
JSESSIONID=x;
JSESSIONID=yy;


How does Tomcat server handle this situation ? I'm talking about
session managing
Does it read the first JSESSIONID ? Does it read every JSESSIONID ?
Can this cause problems ?

I know I can rename JSESSIONID  when it's serve by my Tomcat server,
but I want to be sure that I need to do that

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[OT] tomcat7-maven-plugin

[Jose María Zaragoza]

Hello:

How is it possible that tomcat7-maven-plugin has got a 'deploy' goal
but not 'undeploy' goal ?

Regards


2013/2/27 Olivier Lamy :
> 2013/2/27 Richard McAleer :
>> Hi,
>> We're using tomcat7-maven-plugin 2.1 to build an executable war using the
>> standalone-war-only goal.  The maven build still generates the normal war
>> file as well as the executable .war created by the plugin.  However, since
>> the standalone-war-only goal generates a war that is both executable and
>> deployable, we really don't need to generate the normal war file.
>>
>> Is there a good way of generating just the executable war's using the
>> plugin?  We could probably have maven delete the original .war file and
>> rename the executable .war to the normal webapp name, but that doesn't seem
>> like the best way of doing it.
> Currently no. As the generated executable war/jar contains this war
> (not an exploded war) so it's mandatory to have it.
> BTW what is your use case ?
>>
>> Thanks,
>> Richard
>>
>> --
>> Richard McAleer
>> Developer
>> Web Development Team
>>
>> *CARIS* 
>> 115 Waggoners Lane
>> Fredericton, New Brunswick
>> CanadaE3B 2L4
>> Tel: +1.506.458.8533 Fax: +1.506.459.3849
>> www.caris.com 
>>
>> *Connect with CARIS*
>> Twitter  | LinkedIn
>>  | Facebook
>> 
>> | Google+
>> 
>> | YouTube 
>>
>> Download your free copy of CARIS Easy View today!
>> www.caris.com/easyview 
>>
>> _
>> This email and any files transmitted with it are confidential and intended
>> only for the addressee(s). If you are not the intended recipient(s) please
>> notify us by email reply. You should not use, disclose, distribute or copy
>> this communication if received in error.
>>
>> Any views or opinions expressed in this email are solely those of the author
>> and do not necessarily represent those of the company. No binding contract
>> will result from this email until such time as a written document is signed
>> on behalf of the company.
>>
>
>
>
> --
> Olivier Lamy
> Talend: http://coders.talend.com
> http://twitter.com/olamy | http://linkedin.com/in/olamy
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [FWD: Help Debugging 404 errors]

[Jose María Zaragoza]

> OK, I double clicked. Can you give me some more details on choosing root
> folder and webapps folder? I see three radio buttons that are all greyed
> out. I don't know how to click on them.
>  "Use workspace metadata (dones not modify Tomcat installation)"
>  "Use the tomcat installation (takes control of Tomcat installation)"
>  "Use the custom location (does not modify Tomcat installation)"


Maybe you have to remove the Tomcat entry from Servers tab.
So, you can :

- check "Use the tomcat installation"
- set Server path to Tomcat root folder ( by example, C:\tomcat7.0 )
- set Deploy path (  ( by example, C:\tomcat7.0\webapps  )

If you project has got Dynamic Web Module facet ( right mouse button
on project -> Properties -> Project Facets ) , you can run project on
server clicking right mouse button -> Run as )

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [FWD: Help Debugging 404 errors]

[Jose María Zaragoza]

> They actually use a pseudo-CATALINA_BASE (I think) and run the server from:
>
> workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp[n]
>
> n is the number of your server in your Servers project.
>
> There is no bin directory, and there's an extra directory called wtpwebapps
> which contains an empty ROOT application.


You can change all this configuration by double-clicking over the
server icon in Servers tab.
And choose root folder and webapps folder

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: 64 Bit Tomcat

[Jose María Zaragoza]

2013/1/30 Patrick Flaherty :
> Hello,
>
> I have an open question about 32 bit vs 64 bit. We are currently deploying
> our app with 32 bit JVM and Tomcat. We are running into memory issues
> as we add more functionality (some via tools in the open source ecosystem).

Depends on what memory issues are you talking about.
For example , we are using Tomcat 6.0.24 & JVM ( JDK 7) 64-bit , and
I've got problems with PermGen memory space and redeployments (
althought it's a known problem )
But the normal behaviour is right

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get active session list

[Jose María Zaragoza]

Sorry, I'm not following this thread but
Don't you want to use

http://localhost:8080/manager/html/sessions?path=/

?

You only have to parse this plain HTML webpage
I know that it's not very elegant but 


Regards




2012/11/20 Cosio, Raul :
> As far as I know there is no way to get the list of active sessions for 
> security reasons, some time ago I wanted to display in my application a list 
> of active sessions, what I did is to implement some listeners, it is tricky 
> but fun once you understand how it works.
>
> The first listener I implemented was an HttpSessionListener (declared in my 
> web.xml file), the listener has a method sessionCreated() and 
> sessionDestroyed() that I used to update my list of active sessions.
>
> The tricky part is when the server is restarted, because tomcat serializes 
> the sessions and after a restart there will be active sessions that are 
> created without a sessionCreated() event (which makes sense because they were 
> not destroyed, just serialized). I handle this situation with a 
> SessionActivationListener interface that has a method sessionDidActivate(), 
> usefult to update my list of active sessions.
>
> The SessionActivationListener is used for any attribute that you add to a 
> session with the setAttribute() method. To make this listener available I 
> just added an object that implements the listener in the 
> HttpSessionListener.sessionCreated() method.
>
> Regards
>
> -Original Message-
> From: Felipe Jaekel [mailto:fkjae...@gmail.com]
> Sent: Thursday, October 18, 2012 3:59 PM
> To: Tomcat Users List
> Subject: Re: Get active session list
>
> Found the following:
>
> context = (Context) wrapper.getParent();
>> host = (Host) context.getParent();
>>
>
>
>> Context ctx = (Context) host.findChild(name);
>> Manager manager = ctx.getManager();
>> Session [] sessions = manager.findSessions();
>
>
> Had the same doubt I had when I looked at the PSI Probe code some days ago:
> how to handle the wrapper property?
>
>
> As a alternative I tried to implement *HttpSessionActivationListener*, but
> the methods aren't called when I restart the server.
>
> Thanks again for the help,
> Phillip
>
>
> 2012/10/18 Christopher Schultz 
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Felipe,
>>
>> On 10/18/12 9:34 AM, Felipe Jaekel wrote:
>> > I need to get the active session list. Searching about I saw a lot
>> > of people with the same question, but no answer.
>> >
>> > I don't want to write a list inside a HttpSessionListener and keep
>> > the session list there, because I use session serialization and the
>> > list inside the listener would be destroyed in case the server is
>> > restarted.
>>
>> You *can* get notification of sessions being de-serialized from the
>> disk to maintain your list. Look at the other session-related
>> listeners in the servlet API.
>>
>> You could also use JMX to get a list of sessions. Use JConsole to
>> poke-around in Tomcat's JMX beans and find the one(s) that expose
>> sessions. You may have to make your webapp "privileged" in order to
>> make JMX calls.
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>>
>> iEYEARECAAYFAlCAEgwACgkQ9CaO5/Lv0PARBACfZ+EG7KJWXt+49sbB1kVsLunF
>> A4MAoKv1hM4KBlaAS4a1UaP0ePqfRr3W
>> =n3WU
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> Notice:  This e-mail message, together with any attachments, contains
> information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station,
> New Jersey, USA 08889), and/or its affiliates Direct contact information
> for affiliates is available at
> http://www.merck.com/contact/contacts.html) that may be confidential,
> proprietary copyrighted and/or legally privileged. It is intended solely
> for the use of the individual or entity named on this message. If you are
> not the intended recipient, and have received this message in error,
> please notify us immediately by reply e-mail and then delete it from
> your system.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Modify Cache-Control header

[Jose María Zaragoza]

Hi:

I'm using Tomcat 6  ( I don't remember the exact release, I hope to be
forgiven by Pid )

I need to modify Cache-Control header in some responses ( forcing them
to not be cached )
What is the best way to do it ?

a) To implement a Valve ( check request context path and if it match
,to modify response header )
b) To implement a filter
c) Others  ( any property in Tomcat's configuration files that I don't know )

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Logging of user's login attempts

[Jose María Zaragoza]

2012/11/9 Christopher Gross 

>
>  Perhaps
> someone else who has done this can chime in, but I'll keep looking around.
>  I think you got me started on the right track.
>


Well, I'm used to extending  UserDatabaseRealm class and to configure
Tomcat with it, so I can have more control , by example , logging.

Re: handling expired sessions in Tomcat

[Jose María Zaragoza]

2012/11/5 Miguel Gonzalez :
> Dear all,
>
>   When an user is logged on our system (a Struts app), when the session 
> expires, the user gets a java error report. Is there any way to handle this 
> and either to show a custom jsp page or redirect the user to the login form? 
> I have googled this, but I can't find this info.

If you use Realm to authenticate the users , it's easy by configuration

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat question

[Jose María Zaragoza]

2012/10/22 André Warnier :
> Wiley, Maxie wrote:
>>
>>
>> Is it possible to remove an installation of a compiler on a production web
>> server(tomcat)?

Jasper?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get active session list

[Jose María Zaragoza]

2012/10/18 Felipe Jaekel :
> I need to get the active session list. Searching abou I saw a lot of
> people with the same question, but no answer.


https://code.google.com/p/psi-probe/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6.0 queries

[Jose María Zaragoza]

2012/10/13 vivek aggarwal :
> Hello All,
>
> Can you guys please help in understanding my following concerns/queries :-
>
> 1.  How can we configure the number of threads for managing simultaenous HTTP 
> connection requests coming from Apache. Is there any connection time out value
> we have at the tomcat side which we can configure ?

Well, maybe I'm wrong but I think there isn't HTTP connection
requests, but TCP connection requests.

You can have a look at
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html (Standard
Implementation)
Look at 'maxThreads' ,'connectionTimeout' and 'acceptCount', IMHO


Q2 & Q3  I'm not sure how to answer them, sorry

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org