AW: AW: java
Hi > > I am not sure that this related, be we were having issues after > > updating from 1.8.0_31 to 1.8.0_72 with certificates signed by > > root-cas that have a md5 signature. While the CA signature in the CA > > certificate does not provide any security, a bug in the jre rejected > > the certificate even though the certificate itself was signed with > > sha1. Maybe this is related. > > Do you mean rejecting SHA-1 signatures instead of SHA-256? > MD5 hasn't been used for certificate signatures for quite a few years. No, I mean MD5. A customer of ours had a CA that was created using MD5 in the Root Certificate in 2004. (Customers setup, not ours.) But the server certificate was correctly signed using SHA1. Still java rejected the certificate, because of the weak (but irrelevant) signature of the CA certificate. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: java
Hi > With jdk 1.8.0.45 our ldap communication is giving results. As soon as we > change tomcat to use jdk1.8.0_51, I am getting below > exception. I am not sure security changes in jdk 1.8.0_51 preventing the ldap > certificate loaded in cacerts in java not communicating > properly to our ldap server. I am not sure that this related, be we were having issues after updating from 1.8.0_31 to 1.8.0_72 with certificates signed by root-cas that have a md5 signature. While the CA signature in the CA certificate does not provide any security, a bug in the jre rejected the certificate even though the certificate itself was signed with sha1. Maybe this is related. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: SocketTimeoutException in CoyoteInputStream
8.0.26 > -Ursprüngliche Nachricht- > Von: Mark Thomas [mailto:ma...@apache.org] > Gesendet: Montag, 18. Juli 2016 13:37 > An: Tomcat Users List > Betreff: Re: SocketTimeoutException in CoyoteInputStream > > On 18 July 2016 12:06:42 CEST, "Steffen Heil (Mailinglisten)" > wrote: > > Tomcat version? > > Mark > > > >Hi > > > > > >I am getting the following exception: > > > >2016-07-18 07:46:52.667 /http/httpmodule WARN null - error during > >upload > >| java.net.SocketTimeoutException > >| at > >org.apache.tomcat.util.net.NioBlockingSelector.read(NioBlockingSelector > >.java:202) > >| at > >org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:25 > >0) > >| at > >org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:23 > >1) > >| at > >org.apache.coyote.http11.InternalNioInputBuffer.fill(InternalNioInputBu > >ffer.java:133) > >| at > >org.apache.coyote.http11.InternalNioInputBuffer$SocketInputBuffer.doRea > >d(InternalNioInputBuffer.java:177) > >| at > >org.apache.coyote.http11.filters.IdentityInputFilter.doRead(IdentityInp > >utFilter.java:110) > >| at > >org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer > >.java:416) > >| at org.apache.coyote.Request.doRead(Request.java:469) > >| at > >org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.jav > >a:342) > >| at > >org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:395) > >| at > >org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:367) > >| at > >org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream. > >java:156) > > > >This happens when I try to read about 100MB from the client using > >(repeatedly) request..getInputStream().read(...). > >It happens 42 Seconds after the upload was started. > > > >I did not set any timeout on the connector and the default is supposed > >to be 60 seconds. > > > > > >So I have the following questions: > > > >1. Does it make any sense to catch this exception and call read again? > >2. Can I configure the read timeout on a per connection basis? > >3. Why is the exception thrown after just 42 seconds? > > > > > >Regards, > > Steffen > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
SocketTimeoutException in CoyoteInputStream
Hi I am getting the following exception: 2016-07-18 07:46:52.667 /http/httpmodule WARN null - error during upload | java.net.SocketTimeoutException | at org.apache.tomcat.util.net.NioBlockingSelector.read(NioBlockingSelector.java:202) | at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:250) | at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:231) | at org.apache.coyote.http11.InternalNioInputBuffer.fill(InternalNioInputBuffer.java:133) | at org.apache.coyote.http11.InternalNioInputBuffer$SocketInputBuffer.doRead(InternalNioInputBuffer.java:177) | at org.apache.coyote.http11.filters.IdentityInputFilter.doRead(IdentityInputFilter.java:110) | at org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:416) | at org.apache.coyote.Request.doRead(Request.java:469) | at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:342) | at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:395) | at org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:367) | at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:156) This happens when I try to read about 100MB from the client using (repeatedly) request..getInputStream().read(...). It happens 42 Seconds after the upload was started. I did not set any timeout on the connector and the default is supposed to be 60 seconds. So I have the following questions: 1. Does it make any sense to catch this exception and call read again? 2. Can I configure the read timeout on a per connection basis? 3. Why is the exception thrown after just 42 seconds? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Memory Leak
Hi
> > Here, the log. I am quite sure how to go about troubleshooting it.
> > Any help is greatly appreciated.
> The application has a memory leak. You need to get it fixed.
> > catalina.out.prob:SEVERE: The web application [] appears to have
> > started a thread named
> > [cluster-ClusterId{value='5745ebcecdb2e06579174645',
> > description='null'}-devnymongodb01.meridiancapital.com:27017] but has
> > failed to stop it. This is very likely to create a memory leak.
There MIGHT be a memory leak but this does NOT have to be one.
I have seen several libraries that tell their maintenance threads to stop and
they actually DO, but the library itself does no join() so the thread stops a
little later (depending on the library, "little" was between a few milliseconds
and 10 minutes).
But this message is only logged when the application is stopped, so if it runs
out of memory during operation, this is a rather unrelated shutdown problem.
Anyway, check if there is a memory leak by taking a memory dump (probably using
jmap) and analyze that.
Eclipse MAT has nice tools for this.
> > MemTotal:8061448 kB
> > MemFree: 5399052 kB
This means that your server has 5.3 GB free memory.
Do you configure the amount of memory assigned to tomcat in any way?
If you have 5.3 GB of free memory while tomcat starves, you misconfigured that.
(Misconfiguration might as well include not configuring min/max heap sizes at
all.)
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
NPE in tomcat because of WebSocket API and Lambdas
Hi
I just got the following NPE in tomcat:
java.lang.NullPointerException
at org.apache.tomcat.websocket.Util.getGenericType(Util.java:217)
at org.apache.tomcat.websocket.Util.getMessageType(Util.java:171)
at
org.apache.tomcat.websocket.WsSession.addMessageHandler(WsSession.java:198)
at ...
at
org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:138)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:701)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
That happened because eclipse "cleaned up" my code:
session.addMessageHandler( new
MessageHandler.Whole() {
@Override
public void onMessage( String text )
{
processor.received( text );
}
} );
session.addMessageHandler( new
MessageHandler.Whole() {
@Override
public void onMessage( ByteBuffer data )
{
processor.received( data );
}
} );
Resulting in:
session.addMessageHandler( (Whole) text ->
processor.received( text ) );
session.addMessageHandler( (Whole) data ->
processor.received( data ) );
So I understand that tomcat tries to get the type of the message handler using
reflection.
While I believe this is a bad API, it's not tomcats fault. However it should
not throw a NPE...
But I think there is no other way for the to register message handlers, right?
So do I need to stick to the anonymous classes or is there a way to make it
work with lambdas?
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
AW: AW: AW: AW: How to cancel download on the server side
Hi > It is a dirty Tomcat specific trick that will only work as long as the code > is the way it is but if you throw a ClientAbortException wrapped > in a ServletException you shouldn't see that log message. Thanks a lot, this was just what I was looking for. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: AW: AW: How to cancel download on the server side
Hi > throw new ServletException(); That was the difference. I threw a IllegalStateException(), so tomcat sent "0\r\n". I changed my code to throw a ServletException() and now it works. Thanks for that. One very little thing left: Is there a way to suppress the logged exception: Jun 03, 2016 11:00:18 PM org.apache.catalina.core.StandardWrapperValve invoke SCHWERWIEGEND: Servlet.service() for servlet [Stream] in context with path [] threw exception [null] with root cause javax.servlet.ServletException ... at com.osiris4.http.servlets.Stream.doRequest(Stream.java:36) at com.osiris4.http.servlets.Base.service(Base.java:36) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) BTW: Why does it say "exception [null]"? As I regard closing a connection a valid result of processing a request, I would have expected a way to cleanly terminate a connection without logging a severe exception. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: AW: How to cancel download on the server side
Hi > > Yes, we thought about that. However it still leaves the problem of a > > lot of storage on the server that is used for no reason and increasing > > the time to download the backup.. > So it's better to buffer the huge download in memory instead of on the disk? > Maybe I don't understand the use case. NO. We want to stream the results to the client... It usually is several times bigger than the memory at hand. > It sounds like Mark may have a solution for you in another branch of this > thread, anyway. Did I miss a message on the list? So far I only got his question about the tomcat version... Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: AW: How to cancel download on the server side
> > That's another story. > > I tried that. And the internet explorer as well as curl report an error, if > > the download stops without the ending 0\r\n. > > > > But I had to set "Connection: close" and "Transfer-Encoding: chunked" > > myself and encode the chunk headers myself. > > If I leave these two headers out, tomcat managed the transfer-encoding (as > > I set no Content-Length header) which I would prefer. > > However then I find no way to close the connection. If I call "close()" on > > the OutputStream tomcat sends 0\r\n. > > Even if I throw an exception, tomcat "correctly" closes the stream. > > I did not find any way to close it without that. > > > > Is there any way to do so? > > Tomcat version? 8.0.26 Steffen smime.p7s Description: S/MIME cryptographic signature
AW: How to cancel download on the server side
Hi > I believe that, while the HTTP specification supports what you want to do, > neither servers nor clients support it. For example, you can > use "trailers" (headers end the end of the response) to tell the client what > happened, but I suspect that no client will actually read > them or act on them. I did not even know such things exist. A quick google check seems to indicate that you are right: No real client supports them in a way usable for me. > You can always force a disconnect by simply closing the response stream. > Usually, the client will either tell the user that the download > failed (connection closed before response - or chunk of response - > completed), more likely just shows the user a blank page or saves > an incomplete file. That's another story. I tried that. And the internet explorer as well as curl report an error, if the download stops without the ending 0\r\n. But I had to set "Connection: close" and "Transfer-Encoding: chunked" myself and encode the chunk headers myself. If I leave these two headers out, tomcat managed the transfer-encoding (as I set no Content-Length header) which I would prefer. However then I find no way to close the connection. If I call "close()" on the OutputStream tomcat sends 0\r\n. Even if I throw an exception, tomcat "correctly" closes the stream. I did not find any way to close it without that. Is there any way to do so? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: How to cancel download on the server side
Hi > We had a similar problem. We just added a "preparation" step before the > actual download. > > 1. User clicks on "request download" link 2. jQuery sends a request to > servlet and instructs it to prepare the download 3. Meanwhile > the request download link has been changed with Javascript to "preparing > download..." > 4. jQuery periodically asks the servlet if the download is ready or if the > preparation has failed 5. If it is ready, the "preparing > download..." is replaced by "download file" - if it has failed, an error > message would be displayed > > This of course will only work if the client supports Javascript. But even if > it doesn't you can work with HTTP reloads and/or redirects > and using unique IDs to identify your client and their download. Yes, we thought about that. However it still leaves the problem of a lot of storage on the server that is used for no reason and increasing the time to download the backup.. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
How to cancel download on the server side
Hi I am streaming a huge file from a servlet to the browser. It can easily be multiple gigabytes. Currently the data is prepared on the server, stored in a file and then sent to the client with a "Content-Disposition: attachment" header, so the browser handles it as a download. After the transfer the file is immediately deleted. This kind of works but has two big disadvantages: 1. The client has to wait a long time until the first byte is transferred. I am afraid I could run into browser (or generic client) timeouts. 2. I need a lot of storage on the server. The data I have could easily be streamed directly to the client without storing it on the server at all. I would not know the precise size of the data In advance, but it could be transferred using "Transfer-Encoding: junked" so this would not be a problem. My problem is that if anything goes wrong while creating the data I have no way to notify the client, as the response headers were already sent way before. So I am looking for a way to cancel the download from the server side and letting the client know that something went wrong. Simply stopping sending data is not enough, the client needs to know that the data is incomplete. Probably the only way to do that would be to abruptly disconnect the http(s) connection without completing the download using a "0\r\n" end marker. So my questions are: 1. How can I force tomcat to disconnect a client like that? 2. Does anyone here have tried anything like that before? What client side reactions did you notice? Best regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: AW: WebSocket asynchronous reads
Hi > > Which means I have to either buffer all incoming messages until I am > > ready to process them (might occupy lots of memory) or I have to drop > > them. Both is not really ideal. > I'm largely ignorant of the asynchronous world, but I do have a question > about what you're asking. Are you really asking if Tomcat can > buffer all that data for you (which might occupy lots of memory) until you > are ready to accept it? It seems like if you aren't comfortable > with dropping the data on the floor, then it's your responsibility to accept > the data and deal with it yourself, right? No. I am asking tomcat not to read data from the socket, if the app is not ready to receive it in the first place. The data will then stay in the os inbound buffers and fill up the receive window, so the *sender* will be blocked eventually. TCP allows the sender to know, when the receiver cannot handle more data right away, just the websocket api cannot. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Connection resets without timeout
Hi
For everyone following this thread, here are some conclusions I came up with.
First I need to correct myself: I saw FIN/ACK, not FIN/FIN+ACK (at least I
could not reproduce that).
So when the client program gets closed, the tcp stack of the client sends FIN
and the server running tomcat replies with FIN+ACK.
What I did not realize earlier is, that this does NOT close the tcp connection
at all. It isn't even supposed to.
Because TCP offers no way to reliably close a connection.
Instead it simply tells the server that the client will not send any more
payload data. So the connection is "half-closed".
But by definition the server may still send data to the client [2]. And the
client has no way to prevent that [1].
So tomcat known that there will be no additional data, but it is absolutely
valid to send more.
As the connection cannot be "closed" there is no way to detect that the client
application is gone.
As soon as tomcat sends something, the client tcp stack recognized incoming
packets that do not match an open connection and therefor sends RST.
At that point of the connection is completely gone and tomcat does report that
to the servlet (using onError, as writing failed).
While I did a lot in the area of networking and even implemented my own NIO
stack, I must confess I never realized that tcp connections cannot be closed by
one side.
Regards,
Steffen
[1] This is not strictly true, as the client might send RST instead of FIN, but
that could lead to packet loss for data send before the RST.
[2] If you think about HTTP/1.0 you see how that can be useful. In a POST/PUT
request the client payload is send to the server. The server needs to detect
the end of that payload. That can be done using "Content-Length"-Header or
chunked encodinig ("0" terminator) or by closing the connection (inbound only)
after the data. However, even if the inbound connection is closed, the response
should still be sent to the client, so in that case the client even expects
some answer after he sent FIN...
> -Ursprüngliche Nachricht-
> Von: Steffen Heil (Mailinglisten) [mailto:li...@steffen-heil.de]
> Gesendet: Dienstag, 25. August 2015 18:13
> An: Tomcat Users List
> Betreff: Connection resets without timeout
>
> Hi
>
>
> When using async servlets with timeout set to 0, tomcat seems not to detect,
> if the client closes the connection.
> At least the servlet listener is not notified.
>
> I expected "AsyncListener.onComplete" or "AsyncListener.onError" or
> "AsyncListener.onTimeout", but none of these are called.
> The only thing called is "ReadListener.onAllDataRead" but that’s expected as
> the request is a POST request with few inbound data but
> long running outbound data.
>
> Now we have no way to detect when the connection to the client is broken.
> On TCP level the connection was closed (FIN/FIN+ACK), so tomcat should know
> that the connection is gone.
> Is there any way to get notified about that or at least to check manually?
>
>
> Regards,
> Steffen
>
>
>
> BTW: I am posting new questions that are not direct follow-ups as top
> messages. If there is another policy for this list, please let me
> know.
smime.p7s
Description: S/MIME cryptographic signature
AW: WebSocket asynchronous reads
Hi > >Is there a way to tell tomcat to stop receiving data for a certain > >websocket? > >(Not to close it, but not to read from inputstream for some time.) > Sorry, no. > The best you can do is a no-op branch in the message handler. Which means I have to either buffer all incoming messages until I am ready to process them (might occupy lots of memory) or I have to drop them. Both is not really ideal. I don’t know, if the websocket specification already defines something, but are there any plans to implement such a feature? >From my POV it would be rather easy not to unregister a certain connection in >the read selector and reregister it later on. However such an API would need to exposed somehow. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
WebSocket asynchronous reads
Hi Is there a way to tell tomcat to stop receiving data for a certain websocket? (Not to close it, but not to read from inputstream for some time.) Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Exception using Async Servlet
Hi Doing a lot of additional testing, I found the reason for the exception. In the "WriteListener.onError(Throwable)" handler, we released all our resources using a central function that included calling "context.complete()". It seems like tomcat does not like that call. However there are only two cases: 1. That call is NOT allowed in onError, then it should throw an exception right away. 2. That call IS allowed in onError, then it should not leave some internal inconsistency (as the later exception implies). BTW: 1. Calling "context.complete()" in "AsyncListener.onError(AsyncEvent)" seems not to be a problem. 2. The exception also prevents a call to "AsyncListener.onError(AsyncEvent)", so a WriteListener can hide the end of the connection completely from the AsyncListener. However to my understand those should be to separate state machines... Doing these tests, I recognized I did a lot of guessing about the interactions between the 3 different callbacks. Is there any documentation on how they interact? Regards, Steffen > -Ursprüngliche Nachricht- > Von: Steffen Heil (Mailinglisten) [mailto:li...@steffen-heil.de] > Gesendet: Mittwoch, 26. August 2015 10:04 > An: Tomcat Users List > Betreff: AW: Exception using Async Servlet > > Hi > > > > Make sure you are using the latest 8.0.26 release. There have been some > > fixes around async dispatch. If you still see the issue then > > we'll need a test case (as simple as possible) that reproduces the issue > > for us to investigate. > > I just upgraded to 8.0.26. But I see the same exception again: > > Aug 26, 2015 9:42:41 AM org.apache.catalina.connector.CoyoteAdapter > asyncDispatch > SCHWERWIEGEND: Exception while processing an asynchronous request > java.lang.IllegalStateException: Calling [asyncError()] is not valid for a > request with Async state [MUST_COMPLETE] > at > org.apache.coyote.AsyncStateMachine.asyncError(AsyncStateMachine.java:351) > at > org.apache.coyote.http11.AbstractHttp11Processor.action(AbstractHttp11Processor.java:820) > at org.apache.coyote.Request.action(Request.java:378) > at > org.apache.catalina.core.AsyncContextImpl.setErrorState(AsyncContextImpl.java:419) > at > org.apache.catalina.connector.CoyoteAdapter.asyncDispatch(CoyoteAdapter.java:332) > at > org.apache.coyote.http11.AbstractHttp11Processor.asyncDispatch(AbstractHttp11Processor.java:1709) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:649) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > > > I *think* this happens in the following case: > > 1. A client opens an html file using https that gets dispatched to an Async > servlet. > > 2. The servlet calls startAsync, registers read/write/context handlers: > AsyncContext context = request.startAsync(); > context.setTimeout( 0 ); > ServletInputStream input = request.getInputStream(); > ServletOutputStream output = response.getOutputStream(); > ChannelProcessor processor = new ChannelProcessor( ... ); > context.addListener( processor ); > input.setReadListener( processor ); > output.setWriteListener( processor ); > > 3. The server writes some data to "output". > 4. As the client is not sending data, "onAllDataRead" is called and the > reference to "input" is dropped. > 5. "onWritePossible" is called, but there is no more data to send for now. > 6. The client window is closed. (BTW: The servlet is not notified about that > at all.) > 7. Later, an server event occurs and the server writes to "output" again > (after checking "isReady"). > > I think this is the point, the exception is logged. > > > I will try to create a testcase, but stripping down that code is far from > easy as it is in the middle of a framework. > > > I would also like to increase logging in tomcat, but I could not find out, > how to do so. > My current logging.properties consists of the following only: > > > handlers = java.util.logging.ConsoleHandler > .handlers = java.util.logging.ConsoleHandler > > .level = TRACE > org.apache.level = TRACE > > > I suspect that should set any logger to TRACE, but only a few lines are > logged... > > > Regards, > Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Exception using Async Servlet
Hi > Make sure you are using the latest 8.0.26 release. There have been some fixes > around async dispatch. If you still see the issue then > we'll need a test case (as simple as possible) that reproduces the issue for > us to investigate. I just upgraded to 8.0.26. But I see the same exception again: Aug 26, 2015 9:42:41 AM org.apache.catalina.connector.CoyoteAdapter asyncDispatch SCHWERWIEGEND: Exception while processing an asynchronous request java.lang.IllegalStateException: Calling [asyncError()] is not valid for a request with Async state [MUST_COMPLETE] at org.apache.coyote.AsyncStateMachine.asyncError(AsyncStateMachine.java:351) at org.apache.coyote.http11.AbstractHttp11Processor.action(AbstractHttp11Processor.java:820) at org.apache.coyote.Request.action(Request.java:378) at org.apache.catalina.core.AsyncContextImpl.setErrorState(AsyncContextImpl.java:419) at org.apache.catalina.connector.CoyoteAdapter.asyncDispatch(CoyoteAdapter.java:332) at org.apache.coyote.http11.AbstractHttp11Processor.asyncDispatch(AbstractHttp11Processor.java:1709) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:649) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) I *think* this happens in the following case: 1. A client opens an html file using https that gets dispatched to an Async servlet. 2. The servlet calls startAsync, registers read/write/context handlers: AsyncContext context = request.startAsync(); context.setTimeout( 0 ); ServletInputStream input = request.getInputStream(); ServletOutputStream output = response.getOutputStream(); ChannelProcessor processor = new ChannelProcessor( ... ); context.addListener( processor ); input.setReadListener( processor ); output.setWriteListener( processor ); 3. The server writes some data to "output". 4. As the client is not sending data, "onAllDataRead" is called and the reference to "input" is dropped. 5. "onWritePossible" is called, but there is no more data to send for now. 6. The client window is closed. (BTW: The servlet is not notified about that at all.) 7. Later, an server event occurs and the server writes to "output" again (after checking "isReady"). I think this is the point, the exception is logged. I will try to create a testcase, but stripping down that code is far from easy as it is in the middle of a framework. I would also like to increase logging in tomcat, but I could not find out, how to do so. My current logging.properties consists of the following only: handlers = java.util.logging.ConsoleHandler .handlers = java.util.logging.ConsoleHandler .level = TRACE org.apache.level = TRACE I suspect that should set any logger to TRACE, but only a few lines are logged... Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: AW: Asynchronous writes (Servlet and WebSocket)
Hi > The equivalent code for NIO is in > org.apache.coyote.http11.InternalNioOutputBuffer Thanks for the reference. I took a short look at it. As soon as I have a little time left, I will analyze it in more depth, as I am very interested in NIO... For now the assertion that write are indeed asynchronous is enough for me. > No. It is too invasive to back port to the stable 8.0.x and it also requires > removing support for BIO and comet which we don't want to > do in 8.0.x. Will this be rather a 8.1.x (mid term) or 9.0.x (long term) change? Is the code in trunk considered stable? > 8.0.x releases are on a roughly monthly cycle. The most recent (8.0.26) was > announced today. Thanks for the hint, I missed that one. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Connection resets without timeout
Hi When using async servlets with timeout set to 0, tomcat seems not to detect, if the client closes the connection. At least the servlet listener is not notified. I expected "AsyncListener.onComplete" or "AsyncListener.onError" or "AsyncListener.onTimeout", but none of these are called. The only thing called is "ReadListener.onAllDataRead" but that’s expected as the request is a POST request with few inbound data but long running outbound data. Now we have no way to detect when the connection to the client is broken. On TCP level the connection was closed (FIN/FIN+ACK), so tomcat should know that the connection is gone. Is there any way to get notified about that or at least to check manually? Regards, Steffen BTW: I am posting new questions that are not direct follow-ups as top messages. If there is another policy for this list, please let me know. smime.p7s Description: S/MIME cryptographic signature
Exception using Async Servlet
Hi I am using servlets with startAsync to be able to read and write asynchronously. However from time to time the following is logged: Aug 25, 2015 5:52:32 PM org.apache.catalina.connector.CoyoteAdapter asyncDispatch SCHWERWIEGEND: Exception while processing an asynchronous request java.lang.IllegalStateException: Calling [asyncError()] is not valid for a request with Async state [MUST_COMPLETE] at org.apache.coyote.AsyncStateMachine.asyncError(AsyncStateMachine.java:348) at org.apache.coyote.http11.AbstractHttp11Processor.action(AbstractHttp11Processor.java:820) at org.apache.coyote.Request.action(Request.java:378) at org.apache.catalina.core.AsyncContextImpl.setErrorState(AsyncContextImpl.java:406) at org.apache.catalina.connector.CoyoteAdapter.asyncDispatch(CoyoteAdapter.java:332) at org.apache.coyote.http11.AbstractHttp11Processor.asyncDispatch(AbstractHttp11Processor.java:1709) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:649) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1527) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1484) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) There is no code of our own involved so I am wondering if my configuration is invalid or I am using the servlet in an incorrect way. I would post some of the code we use here, but it is not really small, so where would I need to start searching or posting? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Asynchronous writes (Servlet and WebSocket)
Hi Thanks for assuring me, that it really is asynchronous. That was a blocker for us. > archive? I'm guessing you mean achieve. Yes, I did. Sorry, not a native English speaker... > No, it will buffer it all in the SocketWrapper. You won't get another > notification until the buffered data has been written. Ok. > Yes, assuming you are not using the BIO connector (where it always blocks > regardless). NIO only. > > Where is that implemented? > The detail varies between versions due to the refactoring that has gone on > over time in the connectors but in trunk that is all handled > by SocketWrapperBase.writeNonBlocking() I am using 8.0.24. There I did not find such a class. > Generally, the trunk code should be easier to follow because of the > refactoring. Will these refactorings be in the next release? When is it due? Best regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Asynchronous writes (Servlet and WebSocket)
Hi I am investigating, how I can archive asynchronous writes with tomcat. For servlets I came up with code like this: final AsyncContext context = request.startAsync(); final ServletInputStream input = request.getInputStream(); final ServletOutputStream output = response.getOutputStream(); ChannelProcessor processor = new ChannelProcessor( channel, input, output ); context.addListener( processor ); input.setReadListener( processor ); output.setWriteListener( processor ); While ChannelProcessor is my class that implements (beside others) WriteListener, so I get notified, when the ServletOutputStream is ready to send more data. However, looking at the code, I suspect that "output.write( byte[] buffer )" will still block, if the amount of data in buffer is larger than the maximum size of the OutputBuffer used by that connection: Call stack: CoyoteOutputStream.write (is ServletOutputStream.write) OutputBuffer.write ByteChunk.append ByteChunk.flushBuffer OutputBuffer.realWriteBytes ... from here on I am not sure. For WebSockets there is session.getAsyncRemote().sendBinary( buffer, handkler ); But that calls ServletOutputStream.write (maybe from another thread) So, are these really asynchronous? Is a call to ServletOutputStream.write always guaranteed to return without blocking?` Where is that implemented? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
URI Templates
Hi
I have several servlets with mappings such as
/a/*
/b/*
/c/*
And so on.
One of these mappings was for the old Tomcat 7.0.27 websocket implementation:
/ws/*
That worked.
Now, with the new JSR version in Tomcat 8, I cannot get this to work.
The problem is, that all of the following paths shall match:
/ws/a/b
/ws/a/c
/ws/d/e
While these would work using /ws/{one}/{two}, the folloing won't:
/ws/a/b/c
/ws/x/Y/z/a
And I cannot know in advance, how many slashed there are.
(This is for a framework, not a specific application.)
Is there any way to match those? Or to add a usual servlet mapping instead of
an URI Template?
(Prefered prorgrammatically, not per web.xml, not per annotations.)
While I would prefer a clean solution, I am also fine with one that works in
tomcat only (using tomcat private functions).
Best regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
Forcing SSL Renotiation
Hi My tomcat installation offers pages through https only. So when accessing these pages, an ssl connection is established. Later on, a user may decide to "log in", hence hitting a page, that requires client certificates, and the browser pops up a selection dialog for a certificate. Once chosen, the server recognized the user by its certificate, and everything is fine. So far, so good. Now I have 2 problems: 1. When clicking "logout" in the application, the server terminates its internal session for that user, but the ssl connection is not terminated. That means, as soon as anyone clicks login again, the old certificate is reused. So the user cannot login using another certificate. 2. The second problem with that is, that if the certificate was on a smartcard and that card was removed, that cannot be detected. Is there any way to tell tomcat to tell the browser to drop the tls session state and "restart"? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
How to configure a TrustManager in code?
Hi I am creating several components for my web application in java code instead of the xml files. For this I am using a privileged servlet that (besides other things) creates a Connector and a Realm. That's working fine. As I can do context.setRealm(...) I can use a Realm that is loaded in my code (thus using my classloader). I can also set the class name for the TrustManager using the following code when creating the Connector instance: nioConnector.setAttribute( "trustManagerClassName", "mypackage.AcceptingTrustManager" ); While this works, it uses the tomcat classloader instead of my own. So I have to public a single class of my application in a jar file inside tomcats lib folder. Is there another way to set the TrustManager - preferably in a way that does not require changes in the classpath for tomcat? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Choosing provider to load pkcs12 keystore for ssl
Hi
Okay, I must have overlooked the "keystoreProvider" attribute completely.
Sorry for that and thanks a lot for the hint.
However that only solved the loading part of the problem.
The certificate is still unusable.
When I try to connect, the browser reports an error.
I set javax.net.debug=all and got the output below.
I notice, that the server and the client cannot agree on the ciphersuite (fatal
error: 40: no cipher suites in common) but I am lost
on what I would need to configure.
I did remove all settings of sslProtocol, sslProtocols and ciphers, as I think
my old defaults will not match a ECC certificate, but
still it does not work.
Any further hint?
Best regards,
Steffen
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for
SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for
SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for
SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for
SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for
TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for
TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for
TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for
TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for
TLSv1.1
[Raw read]: length = 5
: 16 03 01 00 99 .
[Raw read]: length = 153
: 01 00 00 95 03 03 34 CF F9 BC B4 23 4E F7 B2 EA ..4#N...
0010: 0A F9 2B C1 24 8C 87 9F E6 C6 94 C8 BC 42 5E 68 ..+.$B^h
0020: 35 5F B3 58 4C 59 00 00 2E C0 2B C0 2F C0 0A C0 5_.XLY+./...
0030: 09 C0 13 C0 14 C0 12 C0 07 C0 11 00 33 00 32 00 3.2.
0040: 45 00 39 00 38 00 88 00 16 00 2F 00 41 00 35 00 E.9.8./.A.5.
0050: 84 00 0A 00 05 00 04 01 00 00 3E FF 01 00 01 00 ..>.
0060: 00 0A 00 08 00 06 00 17 00 18 00 19 00 0B 00 02
0070: 01 00 00 23 00 00 33 74 00 00 00 05 00 05 01 00 ...#..3t
0080: 00 00 00 00 0D 00 12 00 10 04 01 05 01 02 01 04
0090: 03 05 03 02 03 04 02 02 02 .
osiris4-exec-1, READ: TLSv1 Handshake, length = 153
*** ClientHello, TLSv1.2
RandomCookie: GMT: 869202108 bytes = { 180, 35, 78, 247, 178, 234, 10, 249,
43, 193, 36, 140, 135, 159, 230, 198, 148, 200, 188, 66,
94, 104, 53, 95, 179, 88, 76, 89 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Choosing provider to load pkcs12 keystore for ssl
Hi
I am using tomcat with the NIO connector, so I load the ssl certificate and
private key from a keystore in pkcs12 format.
This works fine using RSA.
Now I want to switch to a certificate using ECC and that EC is not supported by
the JRE. It IS however supported by bouncycastle.
In my own code I need to specify "BC", when opening the keystore usng
KeyStore.getInstance("PKCS12","BC").
Then I can load and use that certificate.
However there seems no way to do the same with the tomcat connector.
Is it possible?
How can I configure tomcat to use another provider?
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
AW: Adding Connectors
Hi > I think this should be discussed on the users' list. I'm cross-posting this > message one time for that purpose. See below. Sorry, as I assumed that in a state where tomcat does not start connectors defined in server.xml it should also not start other connectors, I regarded this as a bug. That's why I sent it to the developers' list... > What happens if you set bindOnInit=false in server.xml? That may only affect > those connectors defined there, but it may also put Tomcat into a state > where none of the Connectors are started until after webapp initialization. By documentation it only conrols, wheather it is bound on init or start, not when it is started... Anyway I would have tried your suggestion, but: From the documentation I see on a "bindOnInit" for connectors. However I don't have any connectors in my tomcat for usual deploys. (I did include one for debugging only.) Regards, Steffen
Small bug in Tomcat and interest in wildcard patch
Hi
I looked into the source of tomcat 7 (7.0.x trunk) to extend it to support
wildcard aliases (such as *.example.com).
I found the class org.apache.tomcat.util.http.mapper.Mapper.
Looking at it, I found a small bug (lines 210-213):
if (pos < 0) {
log.error("No host found: " + hostName);
}
Host mappedHost = hosts[pos];
This can of course raise an IndexOutOfBoundsException.
But that's not the point of this mail.
I have non-optimal patch that extends the feature I need but that patch is
not optimal.
Is there any interest for that feature in the community and any chance to
get such a patch accepted into the codebase?
Then I would do some cleanups and improvements and publish the patch.
I would do with the following constraints:
- Wildcards would be automatically detected. (Just use hostnames starting
with "*.")
- As long as no wildcards are defined, there would be no performance penalty
for the patch.
- Wildcard processing would be as fast as possible.
- Wildcards would match any number of subdomains (*.example.com would match
a.b.c.d.example.com, but not example.com)
- Direct matches would always have precedence as do narrower wildcards.
Still open for suggestions.
So again:
Is there any interest for that feature in the community and any chance to
get such a patch accepted into the codebase?
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
How to do a clean connector shut down?
Sorry, I already posted this question with the wrong subject.
(I started the mail earlier, when I had another problem...)
Hi
I need to start and stop a connector inside a servlet.
That works with the following code:
final org.apache.catalina.connector.Connector nioConnector =
new org.apache.catalina.connector.Connector(
"org.apache.coyote.http11.Http11NioProtocol" );
nioConnector.setAttribute( "executor", "osiris4Executor" );
nioConnector.setPort( port );
nioConnector.setRedirectPort( 443 );
service.addConnector( nioConnector );
Then I can access the application using that port.
I can also remove the connector again:
try {
nioConnector.stop();
} catch ( LifecycleException e ) {
e.printStackTrace();
}
service.removeConnector( nioConnector );
However, I seem to miss some step, because a
"NioBlockingSelector.BlockPoller-X" thread is left.
As I called the upper code in a testcase in a loop I ended up with lots of
such threads.
What do I have to do to completely remove a connector?
(BTW: How can I find and use an executor that is defined in server.xml using
the code above?)
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
Connector with wrong protocol
Hi
I need to start and stop a connector inside a servlet.
That works with the following code:
final org.apache.catalina.connector.Connector nioConnector =
new org.apache.catalina.connector.Connector(
"org.apache.coyote.http11.Http11NioProtocol" );
nioConnector.setAttribute( "executor", "osiris4Executor" );
nioConnector.setPort( port );
nioConnector.setRedirectPort( 443 );
service.addConnector( nioConnector );
Then I can access the application using that port.
I can also remove the connector again:
try {
nioConnector.stop();
} catch ( LifecycleException e ) {
e.printStackTrace();
}
service.removeConnector( nioConnector );
However, I seem to miss some step, because a
"NioBlockingSelector.BlockPoller-X" thread is left.
As I called the upper code in a testcase in a loop I ended up with lots of
such threads.
What do I have to do to completely remove a connector?
(BTW: How can I find and use an executor that is defined in server.xml using
the code above?)
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
Configure connectors while running tomcat from webapp
Hi Currently I need to find a way to replace the ssl certificate used by a (nio) connector at runtime. It also needs to be done by the (only) webapp. Is there a way to do this? Soon we will need a way to change the ip address a connector is listening on. Both could be solved by removing a connector and adding a new one. Can this be done by a webapp? That webapp is completely trusted and there are no other webapps in this tomcat and no other services at all on that server. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
NullPointerException in NioBlockingSelector - not a problem though
Hi I cannot reproduce it, but I've seen the following error in my logs a few times now: SEVERE: Error reading request, ignored java.lang.NullPointerException at org.apache.tomcat.util.net.NioBlockingSelector.read(NioBlockingSelector.java :193) at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:246) at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:227) at org.apache.coyote.http11.upgrade.UpgradeNioProcessor.fillReadBuffer(UpgradeN ioProcessor.java:183) at org.apache.coyote.http11.upgrade.UpgradeNioProcessor.readSocket(UpgradeNioPr ocessor.java:144) at org.apache.coyote.http11.upgrade.UpgradeNioProcessor.read(UpgradeNioProcesso r.java:113) at org.apache.catalina.websocket.WsFrame.nextFrame(WsFrame.java:213) at org.apache.catalina.websocket.WsInputStream.nextFrame(WsInputStream.java:68) at org.apache.catalina.websocket.StreamInbound.onData(StreamInbound.java:117) at org.apache.coyote.http11.upgrade.UpgradeProcessor.upgradeDispatch(UpgradePro cessor.java:83) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac tProtocol.java:583) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java: 1653) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja va:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9 08) at java.lang.Thread.run(Thread.java:662) This error seems to happen only during shutdown. So it's not a real issue. I am using an own-build tomcat 7.0.33/rev. 1397285. I know it's not the current and released version, but it seems that code has not changed since. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Accidentally remove catalina.out file
Hi > > > What should happen when catalina.out is deleted? Please, I need to > > > resolve this question. > > So far as I know it's just a logfile and all that happens is that you > > lost the log output. The file should be created on the next start of > > the server. > Even when the server is running and the file is deleted? Thank you. If you are running on linux (which I suppose is true, if you are calling gzip catalina.out), the file was not actually deleted. The tomcat process opened that file and kept it open. Gzip read the file, and *unlinked* it, which is actually a delete if and only if there is no other link. However, as tomcat still has an active file handle, there is. So tomcat keeps logging into a file that is not accessible as "catalina.out" any more. As long as tomcat is running, you can (at least as root) access that file anyway: 1. Find the process id of the process writing the log (tomcat) 2. List /proc//fd to see which file handle it is (usually 1 and 2 for catalina.out) 3. Copy the log using the file handle. For example from my server: root@www:~# rm /isp/logs/tomcat/catalina.out root@www:~# pgrep java 4690 root@www:~# ls -al /proc/4690/fd | grep catalina.out l-wx-- 1 root root 64 2012-11-29 19:17 1 -> /isp/logs/tomcat/catalina.out (deleted) l-wx-- 1 root root 64 2012-11-29 19:17 2 -> /isp/logs/tomcat/catalina.out (deleted) root@www:~# copy /proc/4690/fd/1 /root/logsaved WARNING: As soon as you restart tomcat, the last reference to the unlinked file will be gone and linux will remove the file for good. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: AW: AW: WebSockets and HTTPS problems
Hi > See if this fixes if for you: > http://people.apache.org/~markt/dev/tomcat-7/v7.0.33-r1397089/apache- > tomcat-7.0.33-r1397089.tar.gz Preliminary tests look promising. Everything worked (using a few single click tests so far). Thanks! > This is not an official release. Use it at your own risk. Understood. Is there any reason to expect this version to be in any way worse than 7.0.32? Is there any estimation, when a new release might happen? (No urge, just asking) > I'll take it down again in a few days. As for me, you may already do so. > Any feedback appreciated. Again, so far everything worked. We will test it a lot more in the next days and I will report back. Thanks again, Steffen smime.p7s Description: S/MIME cryptographic signature
Sending through WebSockets
Hi I have a server with several websocket connections. (Or at least I will have at some time, see thread about ssl problems...) Now just as in the chat example, I need to send some data from time to time so some (but not neccessarily all) of those connections. Now, what happens if one of the clients stalls? I suspect the server sending buffer will fill up and the server will eventually block sending to that connection. Is there a way to prevent this? Can I detect if a sending buffer is full? Can I set its size? Can I register a notification to be notified when there is space in the sending buffer? Best regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: AW: WebSockets and HTTPS problems
Hi > I just took a look at this. The examples work out of the box for HTTPS with > BIO but not with NIO. This looks like a Tomcat bug at this point. > I'll take a look. What would I need to do to switch to BIO for now? And does Comet work with BIO? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: WebSockets and HTTPS problems
Hi > Check to see if the WebSocket examples that ship with Tomcat work with > your configuration. If they don't compare the differences between the > default configuration and you configuration to and find the change that > breaks stuff. First, thanks for the reply. I downloaded tomcat 7.0.32 again and replaced the connectors in the configuration with my own (minus the executor references). Nothing else was changed. The WebSocket chat example works with http on port 80, but not on port 8443. It says: > Info: WebSocket connection opened. > * Guest3 has joined. And as soon as I send something: > Info: WebSocket closed. The message does not get back to the client. So the problem must in my connector configuration: I don't see it; how can this happen? What can I do to debug this any further? Best regards, Steffen smime.p7s Description: S/MIME cryptographic signature
WebSockets and HTTPS problems
Hi We have a web application that makes more and more use of websockets. (In fact we emulate websockets with comet servlets for older browsers and want to use real websockets for current ones.) We implemented our websocket support using tomcat 7.0.30 and a servlet extending org.apache.catalina.websocket.WebSocketServlet. (Meanwhile we updated to 7.0.32 but no improvement.) That worked very well with IE10, FF and Chrome using http/ws. But as soon as we switched to https/wss, we have the very same problem in all those browsers: The socket connects and the server sends data to the client, which gets processed correctly, but then after a few short messages or some very short time (<1s), the connection breaks. I did some testing using 'stunnel' in front of tomcat and that worked. So the problem cannot be client-based. This leaves two possible causes: a) A configuration problem in my tomcat instance. b) A bug in tomcat. By conf/server.xml is rather short [1], my conf/context.xml and my conf/web.xml are empty (except for the root node, of course). Do you see any error in my configuration? What can I do to debug this? I tried to enable logging in tomcat [2], but it seems that did not suffice to make tomcat more verbose... Maybe I misunderstood the logging configuration. Any help would be much appreciated... Regards, Steffen [1] server.xml - - [2] logging.properties - handlers = java.util.logging.ConsoleHandler .handlers = java.util.logging.ConsoleHandler java.util.logging.ConsoleHandler.level = ALL java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter org.apache.coyote.http11.Http11NioProtocol.level = ALL org.apache.catalina.core.ContainerBase.[XXXEngine].[XXXHost].level = ALL org.apache.catalina.core.ContainerBase.[XXXEngine].[XXXHost].handlers = org.apache.juli.FileHandler - smime.p7s Description: S/MIME cryptographic signature
AW: AW: How to cancel upload?
Hi > Actually, I'm not entirely correct and I am now remembering this has been > discussed before on either this list or the tomcat-dev list. Do you remember anything else about that thread? Something that might help me find it... ? > Are you throwing an exception, or closing the inputstream? I tried to throw an exception (IOException) but it seemed tomcat would then read the stream "for me". I tried to close the inputstream I got from ServletUpload, I think I did not try to close request.getInputStream() yet. I will try. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: How to cancel upload?
Hi > > Short question: How can I prevent tomcat to receive the complete post > data? > > Stop sending the data before it's all been sent. Sorry, I don't understand what you mean. If you mean to send only small parts and only those that are wanted, that's nothing I can do. I need to support the upload of really huge files (tested up to 9 GB so far and need to go beyond), while I cannot allow any user to block the complete bandwidth by uploading gigabytes of files that are not wanted - which I can usually detect within the first few bytes. And the thing they are uploading is exactly one file... The browser cannot split them. > AFAIK Tomcat processes the request before the user code in a servlet is > active, so you can't do it from inside a servlet. Hm. Tomcat does NOT parse these POST parameters (at least not by default and not in my case). I know for sure, that my code detects unwanted files with only a few bytes received. (I can tell by printing a simple line to the logs, and I can see that line nearly immediately after starting a 9GB upload, yet the browser continues to upload everything.) I just cannot cancel the upload. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
How to cancel upload?
Hi
Short question: How can I prevent tomcat to receive the complete post data?
Long question:
I have a servlet that uses apache commons fileupload to process incoming
uploads using the streaming api.
Short version of the code:
InputStream inputStream;
try {
ServletFileUpload upload = new ServletFileUpload();
iterator = upload.getItemIterator( request );
if ( ! iterator.hasNext() )
return;
FileItemStream item = iterator.next();
if ( item.isFormField() || ! "file".equals( item.getFieldName() ) )
return;
inputStream = item.openStream();
use( inputStream )
} finally {
try {
inputStream.close();
} catch ( Throwable ignored ) {
// just ignore
}
}
Now, the method use(InputStream) may decide that this file is not wanted and
may NOT read the inputstream fully. Or there may be more field, that I am
not interested in. I want to abort reading the request, as there may be
several hundred megabytes of data coming.
However inputStream.close() in FileItemStream seams to read everything that
follows. So I tried not to close that steam. Still some component read
everything, I suspect tomcat did so - to allow keepalive connections. Then I
tried to throw an IOException, but no change.
So my question is: How can I prevent tomcat to receive the complete post
data?
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
AW: Is it possible to configure 2 SSL connectors on one Tomcat instance?
Hi > If you have only 1 ip address then you might have a problem. The problem > with name based virtual hosts under https/ssl is that ssl handshake (which > involves server sending a certificate for some > domain) happens after tcp/ip connection is established - before the HOST > part of the http request can be read. So if you would have 2 different https > virtual domains on same ip:port, the server wouldn't know which certificate > to send just after a tcp/ip connection was established, because it must > decide what certificate to send based on information which is inside the HTTP > request, which can be read only after establishing a ssl connection. This is a > general problem, not just Tomcat specific. While this is true for the outdated SSL, it is not true for "current" TLS. There is an TLS extension around (since 2003) that allows multiple certificates on one ip. That are 8 years by now! (rfc3546, §3.1) Some https server support it. Sadly java / tomcat don't. And that IS a tomcat problem. Yet not a bug, but a missing feature. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Several hosts within one tomcat / catch-all problem
Hi > Perhaps I don't understand, but I agree with Pid's suggestion: just use > defaultHost -- that's what it's for, right? Yes, if you have only one. However we have the following setup: App1: domain1.tld, www.domain1.tld App2: domain2.tld, www.domain2.tld, additional.domain2.tld App3: domain3.tld, www.domain3.tld, another.domain3.tld Now, defaultHost resolves the issue for ONE of these. But what we really need id: App1: domain1.tld, *.domain1.tld App2: domain2.tld, *.domain2.tld App3: domain3.tld, *.domain3.tld This cannot be done with defaultHost, can it? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Several hosts within one tomcat / catch-all problem
Hi We have a web application which usually runs on a certain host all alone - it is the only context for that host. However, it allows to use different hostnames and therefore we use aliases in our server.xml per host. Now more and more users of those application want to use more subdomains and we have lots of trouble keeping the server.xml updates with all those hostnames. It would be a huge advantage to be able to tell tomcat to use all subdomains of a given domain in one step. Such as *.domain.tdl Or domain.tld So here are my questions: 1) Can this somehow be archived using tomcat 6? (We are currently running 6.0.29.) 2) Can the somehow be archived using tomcat 7? (As I believe (and fear) the answer to the first two questions are "no", two more:) 3) Would it be difficult to add this feature? 4) Where would I start to work on if I tried to create a patch for tomcat myself? 5) Would there be any chances to get that patch later-on included into trunk? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: OFFTOPIC: Java String problem - possible VM bug
Hi > You're right, it doesn't, at least on Windows. Just verified that: r...@www:/opt/java/jdk1.6.0_21# ./bin/java -server -version java version "1.6.0_21" Java(TM) SE Runtime Environment (build 1.6.0_21-b06) Java HotSpot(TM) 64-Bit Server VM (build 17.0-b16, mixed mode) r...@www:/opt/java/jdk1.6.0_21# ./bin/java -client -version java version "1.6.0_21" Java(TM) SE Runtime Environment (build 1.6.0_21-b06) Java HotSpot(TM) 64-Bit Server VM (build 17.0-b16, mixed mode) So, there really is no client vm. > There is a -XX option to limit or disable SSE usage: > > -XX:UseSSE=n Thanks, great tip. Hard to find more infomation on the web though. Even sun does not list that option. However -XX:UseSSE=3 seems to have solved it. At least I could restart tomcat 32 times without exception. Without that switch I did not get above 5 times today. Allow me a side question: A long time ago, I decided to use the following options for tomcat: -server // even no other choice -Xmx1024m // differs per machine -Xincgc -Djava.net.preferIPv4Stack=true -XX:UseSSE=3 // that's new... So what about that gc choice? Is it sane for tomcat? I read a bit about the new G1 collector? Is it better? Is there any recommendation for tomcat? And once again: Thanks a lot, you solved my original problem! Owe you one. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: OFFTOPIC: Java String problem - possible VM bug
Strange. I just looked at the sun/oracle download page and the most recent jdk there (jdk-6u21-linux-x64.bin) is still the very same I downloaded, that is b06. I downloaded it again and checked the md5sum, it is identical. Where can I get that b07 ? > -Ursprüngliche Nachricht- > Von: Steffen Heil [mailto:li...@steffen-heil.de] > Gesendet: Dienstag, 31. August 2010 01:46 > An: 'Tomcat Users List' > Betreff: AW: OFFTOPIC: Java String problem - possible VM bug > > Hi > > > > Which 6u21? Just to be confusing, Sun/Oracle has released two 6u21 > levels: > > b06 and b07. > > java version "1.6.0_21" > Java(TM) SE Runtime Environment (build 1.6.0_21-b06) > Java HotSpot(TM) 64-Bit Server VM (build 17.0-b16, mixed mode) > > So I should update, right? > > > > http://marc.info/?l=tomcat-user&m=127855283122103&w=2 > > Interesting. > However, the neweset should be fixed sind b04: > > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2192460 > > > > Note that the Windows vs Linux may be a bit of a red herring if the CPU > chips > > are not identical, since different instructions are generated for > different > > chips. > > The linux box has intel core i7 920 (xen domU), the windows host has intel > core2duo t5670. > > > > Does it fail if run in -client mode? > > Didn't test that, as > 1) I always run tomcat in server mode. > 2) I thougth 64bit vms would not have a client mode > > Should I test that? > > > Regards, > Steffen smime.p7s Description: S/MIME cryptographic signature
AW: OFFTOPIC: Java String problem - possible VM bug
Hi > From your original post > "The exception is only thrown under 64bit Linux Server-VM, within tomcat. It > is neither thrown under 64bit Windows, nor on the very same Linux VM as > standalone testcase, nor when a debugger is remotely attached. > " > > Sounds like you're saying it only happens within Tomcat, sooo. kinda > would seem version(s) of tomcat this has manifested itself within would be > helpful for those debugging to have exact same environment from which to > try and replicate the *bug. Either you misposted or I'm misunderstanding. > Either way, I have same environment, I'll try and reproduce. That standalone application that i used as testcase never threw that exception. I noted, that the exception only occurred within tomcat, as I suspected it a problem with compiler optimizations and concurrency, which I don't have in a standalone test case. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: OFFTOPIC: Java String problem - possible VM bug
Hi > Which 6u21? Just to be confusing, Sun/Oracle has released two 6u21 levels: > b06 and b07. java version "1.6.0_21" Java(TM) SE Runtime Environment (build 1.6.0_21-b06) Java HotSpot(TM) 64-Bit Server VM (build 17.0-b16, mixed mode) So I should update, right? > http://marc.info/?l=tomcat-user&m=127855283122103&w=2 Interesting. However, the neweset should be fixed sind b04: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2192460 > Note that the Windows vs Linux may be a bit of a red herring if the CPU chips > are not identical, since different instructions are generated for different > chips. The linux box has intel core i7 920 (xen domU), the windows host has intel core2duo t5670. > Does it fail if run in -client mode? Didn't test that, as 1) I always run tomcat in server mode. 2) I thougth 64bit vms would not have a client mode Should I test that? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: OFFTOPIC: Java String problem - possible VM bug
Hi
> What version tomcat?
I see this under 6.0.29 [and I think under 6.0.18 before, but I am not
sure], but as this is pure java code, not calling any tomcat code and not
probably affected by tomcat code, I don't think that matters. (That's why I
labeled that off-topic.)
However, if it even could be of any help solving this mystery, I will
provide any information needed.
Regards,
Steffen
>
>
> On Mon, Aug 30, 2010 at 3:38 PM, Steffen Heil
wrote:
>
> > Hi
> >
> > I am sorry, I am asking something not really related to tomcat here.
> > While this may sound like a beginners question, I think I really what
> > I am doing in java, but this time I suspect I have found a scenario
> > where the sun/oracle VM exposes a bug with pure String handling.
> >
> > So anyone who can find a bug in the procedure posted below is very
> welcome.
> > So is everyone who can direct me to some place better suited to ask
> > this question.
> >
> > Finding bugs in a static method that only takes immutable arguments
> > usually seems easy... Turns out, it is not.
> >
> > However, please note that I already tried to debug this in various
> > ways and the exception does NOT occur, as soon as a debugger is
> > attached. The exception is only thrown under 64bit Linux Server-VM,
> > within tomcat. It is neither thrown under 64bit Windows, nor on the
> > very same Linux VM as standalone testcase, nor when a debugger is
> > remotely attached. The JREs testest are 1.6u20 and 1.6u21.
> >
> > The code in question is the following:
> >
> >
> >@SuppressWarnings( "null" )
> >public final static String replaceAll( String stack, String ...
> > replacements )
> >{
> >try {
> >if ( stack == null )
> >return stack;
> >int index, pos;
> >String niddle = null, string;
> >int niddleLength, stringLength;
> >for ( index = 0; true; index += 2 ) {
> >if ( index >= replacements.length )
> >return stack;
> >niddle = replacements[ index ];
> >pos = stack.indexOf( niddle );
> >if ( pos != - 1 )
> >break;
> >}
> >StringBuilder buffer = new StringBuilder( stack
);
> >niddleLength = niddle.length();
> >string = replacements[ index + 1 ];
> >if ( string == null )
> >do
> >buffer.delete( pos, pos +
> > niddleLength );
> >while ( ( pos = buffer.indexOf( niddle,
> > pos
> > ) ) != - 1 );
> >else {
> >stringLength = string.length();
> >do {
> > /*331*/ buffer.replace( pos, pos + niddleLength,
> > string );
> >pos += stringLength;
> >} while ( ( pos = buffer.indexOf(
> > niddle, pos ) ) != - 1 );
> >}
> >index += 2;
> >for ( ; index < replacements.length; index += 2 )
{
> >niddle = replacements[ index ];
> >string = replacements[ index + 1 ];
> >niddleLength = niddle.length();
> >if ( string == null )
> >for ( pos = 0; ( pos =
> > buffer.indexOf( niddle, pos ) ) != - 1; )
> >buffer.delete( pos, pos
> > + niddleLength );
> >else {
> >stringLength = string.length();
> >for ( pos = 0; ( pos =
> > buffer.indexOf( niddle, pos ) ) != - 1; pos += stringLength )
> >buffer.replace( pos,
> > pos + niddleLength, string );
> >}
> >}
> >return buffer.toString();
> >} catch ( Throwable t ) { (code to dump the
>
OFFTOPIC: Java String problem - possible VM bug
Hi
I am sorry, I am asking something not really related to tomcat here.
While this may sound like a beginners question, I think I really what I am
doing in java, but this time I suspect I have found a scenario where the
sun/oracle VM exposes a bug with pure String handling.
So anyone who can find a bug in the procedure posted below is very welcome.
So is everyone who can direct me to some place better suited to ask this
question.
Finding bugs in a static method that only takes immutable arguments usually
seems easy... Turns out, it is not.
However, please note that I already tried to debug this in various ways and
the exception does NOT occur, as soon as a debugger is attached. The
exception is only thrown under 64bit Linux Server-VM, within tomcat. It is
neither thrown under 64bit Windows, nor on the very same Linux VM as
standalone testcase, nor when a debugger is remotely attached. The JREs
testest are 1.6u20 and 1.6u21.
The code in question is the following:
@SuppressWarnings( "null" )
public final static String replaceAll( String stack, String ...
replacements )
{
try {
if ( stack == null )
return stack;
int index, pos;
String niddle = null, string;
int niddleLength, stringLength;
for ( index = 0; true; index += 2 ) {
if ( index >= replacements.length )
return stack;
niddle = replacements[ index ];
pos = stack.indexOf( niddle );
if ( pos != - 1 )
break;
}
StringBuilder buffer = new StringBuilder( stack );
niddleLength = niddle.length();
string = replacements[ index + 1 ];
if ( string == null )
do
buffer.delete( pos, pos +
niddleLength );
while ( ( pos = buffer.indexOf( niddle, pos
) ) != - 1 );
else {
stringLength = string.length();
do {
/*331*/ buffer.replace( pos, pos + niddleLength,
string );
pos += stringLength;
} while ( ( pos = buffer.indexOf( niddle,
pos ) ) != - 1 );
}
index += 2;
for ( ; index < replacements.length; index += 2 ) {
niddle = replacements[ index ];
string = replacements[ index + 1 ];
niddleLength = niddle.length();
if ( string == null )
for ( pos = 0; ( pos =
buffer.indexOf( niddle, pos ) ) != - 1; )
buffer.delete( pos, pos +
niddleLength );
else {
stringLength = string.length();
for ( pos = 0; ( pos =
buffer.indexOf( niddle, pos ) ) != - 1; pos += stringLength )
buffer.replace( pos, pos +
niddleLength, string );
}
}
return buffer.toString();
} catch ( Throwable t ) {
(code to dump the arguments and the stack trace) ...
}
}
Note, that when the method is called, there are two arguments: one String
and a String[] with a length of 1004 Strings (I guarantee that this
String array is NOT modified during execution, not even afterwards.)
The execption is (it is thrown indirectly in the marked line 331):
java.lang.StringIndexOutOfBoundsException: start > length()
at
java.lang.AbstractStringBuilder.replace(AbstractStringBuilder.java:799)
at java.lang.StringBuilder.replace(StringBuilder.java:271)
at
com.osiris4.core.utils.StringUtils.replaceAll(StringUtils.java:331)
I can provide real arguments that lead to this exception, however, as there
are more than 1000 Strings (partially large ones) involved, I will skip them
here.
Anyone interested will get them by mail. I have various samples.
Currently this prevents loading my web application in about one of three
times. (And it also happens during internal computations which prevents
further work.) Sometimes this error can be "reproduced" (by restarting
tomcat) 10 times in a row, sometimes it does not occur within 20 restarts at
all. (Without changing anything in the systems configuration.)
Sorry again, for asking off-topic, but I don
AW: slow servlet filter for ByteArrayOutputStream response Wrapper
Hi I just read that reply and noticed that I have the same fault in my code. How can I measure the length of the utf8-Encoding? The only way I can think of is to convert the String to byte[] and the take its length. However at that point it does not make any sense to use a writer, it would be more suitable to use the OutputStream and send that byte[], right? Is there another way to get the correct content-length? Regards, Steffen > -Ursprüngliche Nachricht- > Von: Konstantin Kolinko [mailto:knst.koli...@gmail.com] > Gesendet: Dienstag, 1. Juni 2010 11:41 > An: Tomcat Users List > Betreff: Re: slow servlet filter for ByteArrayOutputStream response Wrapper > > 2010/6/1 Manny Mondeo : > > httpRes.setContentLength(content.toString().length()); > > Also, the above, or simplier "content.length()", will give you the length > measured in characters, but Content-Length must be the length measured > in bytes. For a multi-byte charset such as UTF-8 those are certainly not the > same. (Unless all your characters are 7-bit). > > > httpRes.setContentType( "text/html; charset=UTF-8" ) ; > > out.write(content); > > out.flush(); > > out.close(); > > > > } > > > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: md5
You are using the wrong util (at least in a wrong way).
> md5 -s apache-tomcat-6.0.26.zip
MD5 ("apache-tomcat-6.0.26.zip") = d0892b5662287d18c06b167c4bba249d
This command seems to hash the argument instead of the file.
This IS the hash of the string.
Try
> md5sum apache-tomcat-6.0.26.zip
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
AW: Would like to extract every request to servelt except index.html
Hi Assuming you need to redirect everything except "/index.html", then the following will probably work: default /index.html SearchServerServlet / index.html Note that this will NOT catch index.html files in different folders. Regards, Steffen -Ursprüngliche Nachricht- Von: Paul Taylor [mailto:paul_t...@fastmail.fm] Gesendet: Freitag, 2. April 2010 10:52 An: Tomcat Users List Betreff: Would like to extract every request to servelt except index.html I would like every request to be redirected to a central servlet EXCEPT if the request is simply index.html, but at the moment everything gets redirected to the servlet, how could I do what I want This is extract from my web.xml SearchServerServlet / index.html thanks Paul - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: AW: Virtualization (Xen, vmware) + Tomcat
Hi Looks fine, no direct pointers... Only one strange thing: root 13234 0.1 2.5 4484708 412636 pts/0 Sl Mar30 1:12 /usr/local/jdk/bin/java -Djava.util.logging.config.file=/usr/local/jakarta/tomcat/conf/logging.prope rties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/jakarta/tomcat/common/endorsed -classpath /usr/local/jakarta/tomcat/bin/bootstrap.jar -Dcatalina.base=/usr/local/jakarta/tomcat -Dcatalina.home=/usr/local/jakarta/tomcat -Djava.io.tmpdir=/usr/local/jakarta/tomcat/temp org.apache.catalina.startup.Bootstrap start root 24865 2.2 0.0 10132 360 ?Rs Mar30 13:28 jsvc.exec -user tomcat -cp ./bootstrap.jar -Djava.endorsed.dirs=../common/endorsed -outfile ../logs/catalina.out -errfile ../logs/catalina.err -verbose -Xmx1024M -Xms512M org.apache.catalina.startup.Bootstrap -security Are these lines complete? Especially the last one? The first one has all the arguments needed by tomcat, but has no heap size arguments for the VM. The second line has the heap sizes, but no tomcat arguments. Also try the following: 1. stop all java processes and anything trying to start tomcat for you 2. cd /usr/local/jakarta/tomcat/bin 3. su tomcat 4. ./catalina.sh run What happens? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Virtualization (Xen, vmware) + Tomcat
And maybe `xm info` in the dom0. -Ursprüngliche Nachricht- Von: Steffen Heil [mailto:li...@steffen-heil.de] Gesendet: Mittwoch, 31. März 2010 00:12 An: 'Tomcat Users List' Betreff: AW: Virtualization (Xen, vmware) + Tomcat Hi Can you post: - `uname -a` inside both your dom0 as well as your domU - the config file for your domU - `ps aux | grep java` inside your domU - `free` inside your domU - `xm list` inside your dom0 Maybe there will be hints to help you. I am running lots of tomcats in domUs (actually all non-development installations are virtualized), and I never had a problem related to xen. Regards, Steffen -Ursprüngliche Nachricht- Von: Eric Laflamme [mailto:elafla...@iweb.com] Gesendet: Dienstag, 30. März 2010 19:16 An: Tomcat Users List Betreff: Re: Virtualization (Xen, vmware) + Tomcat Hi Peter, Here is the information about the server: We have a Xen Host with CentOS release 5.4 (Final) In that host, we have a vm with CentOS release 5.4 (Final) We install a cPanel 11.25 The version of tomcat is 5.5.28 The tomcat we use is the one package with cPanel. We already communicate with their support. A lot of time.. But they are, like us, clueless on how to solve this problem. So I came here as another step to try to resolve this issue. I don't know if the problem is Tomcat itself or Tomcat only have a symptom of another problem. But as we only have this problem and log of the problem by now, we start with tomcat to maybe found what is the real problem. -- Eric Laflamme [iWeb] IT Architecture Specialist Spécialiste de l'Architecture TI http://www.iWeb.com/ Le 2010-03-30 à 12:01, Peter Crowther a écrit : > On 30 March 2010 16:45, Caldarale, Charles R wrote: > >>> From: peter.crowth...@googlemail.com >>> [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther >>> Subject: Re: Virtualization (Xen, vmware) + Tomcat >>> >>>> Error occurred during initialization of VM >>>> Could not reserve enough space for object heap >>> >>> OK, so that's the Java virtual machine running Tomcat not >>> being able to extend its heap. >> >> Actually, that's the JVM trying to allocate the *initial* space for the >> heap, not extend it. There hasn't been any attempt to load and run Tomcat >> yet. >> >> >> My mistake. In that case, if Eric's seeing lots of those in the log files, > it implies that the JVM intended to host Tomcat is repeatedly failing to > start and some other process is repeatedly trying to start Tomcat. > > Eric, could you tell us more about your statement that "Tomcat is running > inside the VM and is, by the way, a cPanel"? > - What operating system? > - What version of Tomcat? > - Did you download the Tomcat directly from http://tomcat.apache.org, or was > it packaged with some third-party software? > > In particular, if it's a version of Tomcat that was packaged with cPanel, > you may well be better asking them about the issue. > > - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: Virtualization (Xen, vmware) + Tomcat
Hi Can you post: - `uname -a` inside both your dom0 as well as your domU - the config file for your domU - `ps aux | grep java` inside your domU - `free` inside your domU - `xm list` inside your dom0 Maybe there will be hints to help you. I am running lots of tomcats in domUs (actually all non-development installations are virtualized), and I never had a problem related to xen. Regards, Steffen -Ursprüngliche Nachricht- Von: Eric Laflamme [mailto:elafla...@iweb.com] Gesendet: Dienstag, 30. März 2010 19:16 An: Tomcat Users List Betreff: Re: Virtualization (Xen, vmware) + Tomcat Hi Peter, Here is the information about the server: We have a Xen Host with CentOS release 5.4 (Final) In that host, we have a vm with CentOS release 5.4 (Final) We install a cPanel 11.25 The version of tomcat is 5.5.28 The tomcat we use is the one package with cPanel. We already communicate with their support. A lot of time.. But they are, like us, clueless on how to solve this problem. So I came here as another step to try to resolve this issue. I don't know if the problem is Tomcat itself or Tomcat only have a symptom of another problem. But as we only have this problem and log of the problem by now, we start with tomcat to maybe found what is the real problem. -- Eric Laflamme [iWeb] IT Architecture Specialist Spécialiste de l'Architecture TI http://www.iWeb.com/ Le 2010-03-30 à 12:01, Peter Crowther a écrit : > On 30 March 2010 16:45, Caldarale, Charles R wrote: > >>> From: peter.crowth...@googlemail.com >>> [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther >>> Subject: Re: Virtualization (Xen, vmware) + Tomcat >>> Error occurred during initialization of VM Could not reserve enough space for object heap >>> >>> OK, so that's the Java virtual machine running Tomcat not >>> being able to extend its heap. >> >> Actually, that's the JVM trying to allocate the *initial* space for the >> heap, not extend it. There hasn't been any attempt to load and run Tomcat >> yet. >> >> >> My mistake. In that case, if Eric's seeing lots of those in the log files, > it implies that the JVM intended to host Tomcat is repeatedly failing to > start and some other process is repeatedly trying to start Tomcat. > > Eric, could you tell us more about your statement that "Tomcat is running > inside the VM and is, by the way, a cPanel"? > - What operating system? > - What version of Tomcat? > - Did you download the Tomcat directly from http://tomcat.apache.org, or was > it packaged with some third-party software? > > In particular, if it's a version of Tomcat that was packaged with cPanel, > you may well be better asking them about the issue. > > - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: AW: Shutdown hook for correctly unloading drivers
Hi > > I am thinking about a strategy to iterate over all running threads and > > interrupt (and if absolutely necessary stop) all threads started by a > > certain classloader (not sure if it is possible, but I suspect so - might > > require instrumention though.) > Tomcat can already do this. Great. Where can I find the code for this and how is it enabled? Is there any documentation of that feature? > You don't want to use it though. In my testing the JVM crashed about 50% of the time. I don't understand this. It should definitely not crash. (It might (but should not) leak resources however...) > Better to fix the thread leak. For sure. > Tomcat will also tell you which threads weren't stopped along with a bunch of other memory leak checks. Where can I find this? I would be very much interested. Never seen that. Beside my interest for all the above, my webapp has a plugin mechanism that also has to be able unload plugins, so I am working on code to make that really happen. Relying on these plugins developers is not that good idea. BTW: I am also planning on deadlock detection and on restarting blocking modules. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Shutdown hook for correctly unloading drivers
Hi You wrote, that when an application is unloaded, that tomcat discards all references to the classes of that web application, therefore the garbage collector could effectively "unload" that application. However, there are web applications that have own threads (file reaper, connection pool, etc.). That means that there is no real way to safely unload a web application. I am thinking about a strategy to iterate over all running threads and interrupt (and if absolutely necessary stop) all threads started by a certain classloader (not sure if it is possible, but I suspect so - might require instrumention though.) Regards, Steffen -Ursprüngliche Nachricht- Von: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Gesendet: Sonntag, 28. März 2010 16:39 An: Tomcat Users List Betreff: RE: Shutdown hook for correctly unloading drivers > From: Steffen Heil [mailto:li...@steffen-heil.de] > Subject: AW: Shutdown hook for correctly unloading drivers > > This does not hold, as soon as Threads are involved, right? I don't understand your comment; Thread objects always exist, and what do you think that has to do with unloading classes? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: Shutdown hook for correctly unloading drivers
Hi > > How does tomcat unload classes? > It doesn't, at least not directly. Tomcat simply eliminates all references to the classes; the actual unloading is done by GC at some point in the future. > > Is there even a way in java to do this? > Just the above. But making the classes unreachable should be adequate for whatever purpose you have in mind. This does not hold, as soon as Threads are involved, right? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Is it possible to set the port for tomcat manager to 8080 and root port 80???
> > That's another discussion, but it could really make sense, if you use a > > connector bound to a non-public interface (or even localhost) just for > > administration. > Which is what the RemoteAddrValve is for. Yes, I know. Still some people might prefer complete separation (instead of hiding) and even might see an advantage to have something else mounted on the same path from the outside. But let's stop this thread. It is as simple as: The manager app cannot work with other hosts except the own. (Which is usually fine, BTW) Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Why is tomcat taking so long to start?
> While this may be an unsupported version of Tomcat, version support is not an issue for us here. Support is not an issue for you, still you are asking for support? smime.p7s Description: S/MIME cryptographic signature
AW: Shutdown hook for correctly unloading drivers
Hi > > I would like to know, if there is a shutdown-hook for Tomcat > > available. Or what the prefered way is, to correctly unload drivers > > like JDBC drivers. > Tomcat has unloaded the driver. That won't be causing your memory leak. How does tomcat unload classes? Some (especially some pool implementations) have own threads. Is there even a way in java to do this? It would be great, if tomcat could guarantee that a webapp is completely unloaded. (Currently we restart the whole tomcat process.) I just thought so far, that this would not be possible... ? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Is it possible to set the port for tomcat manager to 8080 and root port 80???
Hi > As Pid pointed out, this doesn't work: the scope of the manager webapp is the it's deployed under. I didn't realize that part of his last line... > The whole idea smacks of security through obscurity - which means you've accomplished nothing. That's another discussion, but it could really make sense, if you use a connector bound to a non-public interface (or even localhost) just for administration. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Is it possible to set the port for tomcat manager to 8080 and root port 80???
Hi > Is it possible to set the port for tomcat manager to 8080 and root port > 80??? Yes. You need to define TWO nodes, each with its own (using different ports) an its own , each with its own , one with the manager as , one with the other web applications. However, I don't know precisely, how clean the manager is implemented and if it can handle this scenario correctly. I am not using the manager at all. Regards Steffen smime.p7s Description: S/MIME cryptographic signature
Tomcat 7
Hi I know (from this list) that there is work going on for tomcat7. However it is not even listed on the homepage as alpha/beta. Can someone comment on the status of development for tomcat 7 and some propable timeframe (in years or months) for a beta or stable version? Note: I don't expect precise answers as I know this is hard to tell. I am just searching for something like 'propably end of this year' or 'not before 2012' or such... And: How usable are the current snapshots? It's all about what to use to start new development: tomcat 6 or tomcat 7? For an application that won't make into production until mid 2011 and will need something like comet connections - which I understand will follow a common standard under tomcat 7? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Comet Request identification
Hi I am using a ConcurrentHashMap on event.getHttpServletRequest() and this works quite well. - I am not sure, if this is by occasion or by design though. Regards, Steffen -Ursprüngliche Nachricht- Von: Animesh Sonkar [mailto:akson...@gmail.com] Gesendet: Montag, 15. März 2010 15:30 An: users@tomcat.apache.org Betreff: Comet Request identification Hi, I create a comet connection using sockets and sending a post request. To prevent the server from terminating the request (calling END event) i am sending some heartbeat messages as chunked data on the same socket/request connection. Is there a way in comet to identify, that the heartbeat message came from an existing connection/request. So here is a case: 1. I send a post request over a socket with transfer-encoding chunked and Connection:keep alive headers. 2. The CometProcessor receives a BEGIN and a READ event. I save the request and response objects. 3. After some time i send a chunked data over the same socket to keep request alive 4. The CometProcessor receives a READ event. Now in step 4 : is it possible to recognize that the chunked data came for the same connection. My main problem is to identify that on a END event, which connnection got terminated. Thanks, Animesh Sorry about blabberring my thoughts.. smime.p7s Description: S/MIME cryptographic signature
AW: Multiple SSL certificates on same server
Hi > I'm not using XP, but a Unix server OS, and my domains are radically different - so the wildcard cert won't work either. This is not about the OS the tomcat is running on, but about the OS the client browser is using... There are certificates with multiple names (even radically different ones) however, they will work for you. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: tomcat memory usage
Hi > So, static members are stored outside the heap? Where are they stored? > PermGen? For sure, no. ALL persistent java objects are on the heap. With optimization some very short living objects may reside on the stack only. References to static objects ARE probably stored in PermGen, but the objects themselfes are surely not. They are created as any other object during object initialization using the new operator. I am not sure, where the Class objects themselfes reside. Maybe they are on PermGen or they are in the heap and are referenced in PermGen. Whereever they are, static references are in there. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: Comet Connection Writeable?
Hi I'd like to try it. However I am not accustomed to building tomcat. Do you have this compiled somewhere? Best regards, Steffen -Ursprüngliche Nachricht- Von: Filip Hanik - Dev Lists [mailto:devli...@hanik.com] Gesendet: Dienstag, 19. Januar 2010 15:50 An: Tomcat Users List Betreff: Re: Comet Connection Writeable? Hi Steffen, At http://svn.apache.org/viewvc/tomcat/sandbox/gdev6x/ I implemented the feature you are looking for. Where you would do CometEvent.interestOps(CometEvent.CometOperation.OP_WRITE); and you will receive a CometEvent.EventType.WRITE When I tried to write sample applications against this, it turned out to be very complex programming. You can check out that branch and build it and see if its something we should still pursue Filip On 01/18/2010 09:06 AM, Steffen Heil wrote: > Hi > > I am using comet connections for some time now in a server push manner: > Whenever the server needs to inform the client about some event, it sends a > packet to the client and waits for a reply in the same connection. > As soon, as a READ event is triggered, that reply is read and the next > message can be sent. > > Now, this requires a round-trip-time between the client and the server and > is inappropriate for larger amounts of data especially on high latency > connections. > > I am seeking for a way to determine (from a comet servlets point of view) if > a connection is writeable - this is, if output buffers are empty and I can > send additional data. > > Note, that sending a huge amount of data at once is not an option, I need to > send distinct parts... > > > So here are my questions: > > - How can I detect if a connection is writeable? > - That is, how can I detect if the output buffers are empty? > - Is there a way to use comet connection for something like a selector? > > Regards, >Steffen > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Comet Connection Writeable?
Hi I am using comet connections for some time now in a server push manner: Whenever the server needs to inform the client about some event, it sends a packet to the client and waits for a reply in the same connection. As soon, as a READ event is triggered, that reply is read and the next message can be sent. Now, this requires a round-trip-time between the client and the server and is inappropriate for larger amounts of data especially on high latency connections. I am seeking for a way to determine (from a comet servlets point of view) if a connection is writeable - this is, if output buffers are empty and I can send additional data. Note, that sending a huge amount of data at once is not an option, I need to send distinct parts... So here are my questions: - How can I detect if a connection is writeable? - That is, how can I detect if the output buffers are empty? - Is there a way to use comet connection for something like a selector? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Embedded Tomcat again
Hi Once a year I spend some days trying to figure out, how to used embedded tomcat. I didn't find a working (real live) example so far. Can anyone help? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
SSL Client Certificates and web appliactions
Hi I need to setup tomcat to use https certificates for client authentication. Does anyone have a working example for this? Which certificates does tomcat accept in that case? Which way can be used by the appliaction to detect which certificate was used? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
AW: [TOMCAT] Internal Tomcat Server error (HTTP Status 500): NoClassDefFound
Hi
> The method yielding the problem is the following one:
>
> private static PageLifecycleFactory getDefaultInstance()
>{
> if (defaultInstance == null)
> {
> defaultInstance = new DefaultStrutsPageLifecycleFactory();
> }
>
> return defaultInstance;
>}
Make that function *synchronized* !
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
AW: XP/Vista/Office 2007/IE Compatibility Question
Hi > Good afternoon. My company, Centocor, is in the process of upgrading its > operating System from Windows 2000 to XP/Vista and its Office 2000 to > Office 2007. They have installed on, I'm not sure how many, some computers > Apache Tomcat, version 5.5. Please answer the following questions at your > earliest convenience: > > > > 1) Is the software compatible with XP? If not, what is the compatible > version and what are the costs involved in upgrading? > > 2) Is the software compatible with Vista? If not, what is the compatible > version and what are the costs involved in upgrading? > > 3) If the software is not independent of Office 2007, is it compatible > with it? If not, what is the compatible version and what are the costs > involved in upgrading? > > 4) If the software is not independent of IE, what versions of it are > compatible? Basically I get the idea, you have no idea what tomcat is all aboout. Check out it's homepage first. Upgrading has no costs except for you to learn how to. Most web applications are compatible with every version of tomcat, but that depends on your webapps. You need to check those. Tomcat itself only depends on the JVM, which is already available for any windows. Tomcat's service helper may need adjustments, I don't know. > You not going to have any problems with the above... except that Vista is alergic to a hell of a lot of good stuff... if you can, try stay on XP... nothing to do with Tomcat... Vista sucks... This is off-topic and this list is not a good place to discuss about advantages or disadvantages of vista. However I want to note, that there are people, who prefer vista over xp, like me. (I agree, the windows explorer made a little step back, but overall it's IMHO better.) > http://www.iexbeta.com/wiki/index.php/Windows_Vista_RC_1_Software_Compatibil ity_List Did you note the RC_1 in the url? Vista is at SP1 and things are different now. Also I want to note, that every decent program I use, worked on vista flawlessly since RC1... Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Re: HTTPS and Virtual Hosts
Hi Actually, most answers in this thread are more or less outdated. It IS possible to use one IP with multiple certificates, just not with tomcat to far. There IS (since June 2003, that is more than 5 years!) a TLS extension SNI (server name indication) that does the trick: It sends Information about the requested hostname to the server during ClientHello handshake. It IS supported by almost all browsers in their current versions. See: http://www.ietf.org/rfc/rfc3546.txt, Section 3.1 See: http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-host s-with-mod_gnutls/ I hope this will find it's way into java/tomat soon. Regards, Steffen -Ursprüngliche Nachricht- Von: Johnny Kewl [mailto:[EMAIL PROTECTED] Gesendet: Montag, 22. September 2008 15:02 An: Tomcat Users List Betreff: Re: [OT] RE: HTTPS and Virtual Hosts - Original Message - From: "Peter Crowther" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" Sent: Monday, September 22, 2008 2:30 PM Subject: [OT] RE: HTTPS and Virtual Hosts [Marked OT as this is not even remotely about Tomcat] > From: Johnny Kewl [mailto:[EMAIL PROTECTED] > http://support.microsoft.com/kb/257591 ... OK... > If it send the HOST info in step one ... which it doesn't as far as I can see... > and the server chose the correct > cert I see no problem, the secure session hasnt even > kicked in yet ;) Yes, exactly. So anything sent across the wire (such as the host header) is subject to eavesdropping. The URL, in particular, MUST NOT be sent in cleartext - consider a URL of the form https://www.innocentsite.com/myphotos/notsoinnocent/llamapr0n372.jpg *. The user would no doubt expect SSL to defend his/her access to that URL from eavesdropping :-). The case for not sending the host header in cleartext is weaker, but still present. Consider a blog site such as LiveJournal, for example. It hosts a range of content, separated onto one hostname per blog. Some of that content is pretty explicit, and some people might get rather upset if they knew that *even though they thought they were on a secure channel* then others could eavesdrop on the mere fact that they were reading *that* content, rather than some other innocent content that happened to be on the same IP. So I consider that the ID vul is still present, even via disclosure of just the host header. > If not what is the vulnerability? Whatever cert is sent what > oput there by > the admin dudes, and will be checked client side anyway ;) You're thinking about ID vuls from the side of the server admin. Broaden your thinking - what might a *client* get upset about? - Peter Ok... its off thread, but I disagree the secure session doesnt start out secure... even a certificate is clear text, dont see the big deal... once you in a session, different story... I guess this means you not going to help me with my new book ;) Curve Ball technology for biz sake... ha ha --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
RE: Blocking threads in Tomcat
Hi If you are on linux, do the following: killall -3 java Then look into catalina.out. It will print all stack traces, including monitors being hold and waited for. Regards, Steffen > -Original Message- > From: Fredrik Tolf [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 01, 2008 6:11 AM > To: Tomcat Users List > Subject: Blocking threads in Tomcat > > Hi list! > > I've had some issues with requests not being carried out in > parallel by Tomcat. My problem is that I haven't been able to > figure out when a worker thread blocks and when it does not. > > To try and pin down the behavior, I did a little experiment. > I took a servlet that I had, that handles to separate URLs; > let's call them "/a" > and "/b". To try out the parallelism, I added a little delay > in the servlet code by calling Thread.sleep(1). I then > tried them out in two browser tabs, and I find the results > much enigmatic. > > When I try to access "/a" in one tab and "/b" in another, > they both load in 10 seconds each -- that is, if I start the > request for "/a" at 12:00:10 and the request for "/b" at > 12:00:15, the request for "/a" will finish at 12:00:20, and > the request for "/b" will finish at 12:00:25. As one would expect. > > However, when I request "/a" in both tabs, the requests seem > to be carried out in sequence -- that is, if I again start > the request in tab > 1 for "/a" at 12:00:10 and the request for in tab 2 for, also > for "/a", at 12:00:15, the request for tab 1 will finish at > 12:00:20, and the request for tab 2 will finish at 12:00:30. > > Why is this? Is Tomcat explicitly not handling two requests > for the exact same URL in parallel? It is the only > explanation I can think of, but I cannot figure out how or > why it would make sense. If it is indeed the case, can I > somehow tell Tomcat to not do that? > > Thanks for your attention! > > Fredrik Tolf > > > > - > To start a new topic, e-mail: users@tomcat.apache.org To > unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > smime.p7s Description: S/MIME cryptographic signature
RE: tomcat embedded
Hi > > Sorry to ask again, but this is a common feature that I > > cannot find any > > documentation for... > > I think the answer is google like hell, that what we ended up > doing a long while ago... > Its not that no one uses it, its everywhere... like inside > every application server out there. But its complex. I think that's true, but it absolutely lacks documentations or even small examples! > Its not that easy getting from TC's xml config to what a full > TC needs because the xml is actually a class "waiting to be made". > So embedded TC is not in the same league as the full TC... > no easy swap out. > > Its very likely that you'll start with embedded, and end up > backing out to the full version, so a good place to start >is actually with the full versions source. > TC 6's are easier to understand than TC 5's What do you mean by backing out to the full version? I am using tomcat since 4.x (several years) as full version, but most installations are one host, one app only. Since this application requires tomcat and is seldomly used with anything else, I think it would make perfect sense to include tomcat embedded into that app. One big reason is the ease of upgrades... Do you have a minimal working example to start with? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: tomcat embedded
Hi Sorry to ask again, but this is a common feature that I cannot find any documentation for... Is there really no documentation for tomcat embedded nor anyone who uses it? Regards, Steffen > -Original Message- > From: Steffen Heil [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 15, 2008 10:36 PM > To: 'Tomcat Users List' > Subject: tomcat embedded > > Hi > > I am searching for some documentation about tomcat embedded. > I am trying to convert a very simple setup (configuration > below) to java code, not using any xml file. > > Any link, hint, etc. would be helpful. > Could someone give me a hint? > > Regards, > Steffen > > > === server.xml > == > > > > namePrefix="application-exec-" > maxThreads="150" minSpareThreads="4" /> > protocol="HTTP/1.1" > connectionTimeout="2" /> > protocol="HTTP/1.1" >SSLEnabled="true" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" >keystoreFile="file.p12" keystorePass="password" > keystoreType="PKCS12" URIEncoding="UTF-8" /> > >unpackWARs="false" > autoDeploy="false" xmlValidation="false" xmlNamespaceAware="false"> > docBase="/opt/application" /> > directory="logs" >prefix="access-" suffix=".txt" pattern="combined" > resolveHosts="false" fileDateFormat="-MM-dd"/> > > > > > > > === context.xml > = > > > > > > === web.xml > = > > xmlns="http://java.sun.com/xml/ns/javaee"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; > version="2.5"> > > default > > org.apache.catalina.servlets.DefaultServlet rvlet-class> > > debug > 0 > > > listings > false > > 1 > > > default > / > > > ext > x-application/ext > > > smime.p7s Description: S/MIME cryptographic signature
tomcat embedded
Hi I am searching for some documentation about tomcat embedded. I am trying to convert a very simple setup (configuration below) to java code, not using any xml file. Any link, hint, etc. would be helpful. Could someone give me a hint? Regards, Steffen === server.xml == === context.xml = === web.xml = http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; version="2.5"> default org.apache.catalina.servlets.DefaultServlet debug 0 listings false 1 default / ext x-application/ext smime.p7s Description: S/MIME cryptographic signature
RE: Top mail servers
Hi > I would suggest investigating several different MUAs and > deciding which one best balances the capability you need with > the pain of configuring it. Properly setting up an MUA, > *any* MUA, is not simple. I agree with this, if you replace MUA with MTA... However, my personal preference is definitely exim 4.x. It's very fast, relyable and flexible. The configuration language is even turing complete... Be aware, that it's initial configuration may be a huge step. On debian/ubuntu you get a multi-file configuration by default, which is good, if the package is updated. However I found it more easy to do administration using a single-file config. (you may start copying the auto-generated config from the multi-file system to /etc/exim4/exim4.conf.) Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Comet-Client
Hi I am searching for comet clients for java, perl and C. (I know, this is basically the wrong list, but I expect to find people here who had the same problem and maybe solutions...) In Java HTTPClient, which is my favorite http client for java doesn't seem to support tranfer-encoding: chunked (at least I see no way to find the end of one chunk and the start of the next). In Perl Net::HTTP::NB does not seem to support non-blocking writes. In C I found nothing so far. So, at this point ANY hint would be appeciated. My - maybe strange looking goal - is to forward any TCP-connection through a http comet connection backed by tomcat. The funny thing is, I think I have completed to had part - the server inbetween. But I think I cannot create the clients. I would like to have them as small as possible, maybe as C or perl, but I could live with java as well. (I love java for the server-side, but not really for the client side.) On problem is, that the components need to be non-blocking or thread-safe AND they need to support HTTP as waell as HTTPS. Any hints or links appreciated... Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: mod_jk malfunction?
Hi > This symptom occured only after their host suspended their > account ... They propably changed the configuration thatfor. Are they sure, the configuration is the same again? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: Get rid of 8080 port in Tomcat 3.3
Hi > That's the way You should go: > http://www.linux.org.mt/article/tomcat-ports I totally disagree. First, it would surely be best to update to 6.0 and run it using jsvc However, let's look at the solution in the link above. 1. "The Apache solution". (Which should be called the "httpd" solution.) This will work, and might be okay, if you are already running apache on that system. BUT tomcat itself can be faster (at least newer ones, I don't know about 3.x) without httpd. 2. The IP tables solution You webapplication will not know about the different port and encode urls incorrecly. Bad Idea and impossible if SSL is required. 3. The rinetd solution Good for development and tests. Adds a little overhead AND destroy a lot of logging and security, as tomcat will always see ONE client ip. 4. IPchains alternative see 2. UPGRADE. Otherwise get jsvc to work for you. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: Running Tomcat 5.5.9 in AIX 5.2 with Java 5 64-bit - Tomcat freezes at a high level of workload
Hi First, 5.5.9 is definitly outdated. Update. [This might help.] Second, if tomcat is not reaction to kill -9, then it's you VM or even the OS that has a problem. Javacode can never to anything against kill -9, which is only handled by the OS. [This is only about symptoms.] Regards, Steffen > -Original Message- > From: Matthew Lee [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 29, 2006 8:24 AM > To: users@tomcat.apache.org > Subject: Running Tomcat 5.5.9 in AIX 5.2 with Java 5 64-bit - > Tomcat freezes at a high level of workload > > Hello All, > > Setup > - > We are researching into a site running a Webapplication using > the following setup: > > IBM AIX 5.2 > Tomcat 5.5.9 > Java 5 64-bits (IBM Patch level is set to pap64dev-20061003a > and downloaded from the IBM URL of : > http://www-128.ibm.com/developerworks/java/jdk/aix/service.html) > There is 16Gb of memory on the server with > 6 CPU on the > server which is running both Tomcat and the Oracle/Progress > DBMS components. > Tomcat startup script has allocated 2 Gb of memory as min and max. > > Symptoms > -- > When Tomcat is under heavy load running a webappliccation (at > around 180 users although it varies), Tomcat 8080 will > "freeze", whereby no more new uses can access the > Webapplication, nor can they access the Tomcat Manager page. > > During this "freezes/hanging", we can perform a "telnet" to > :8080 from a Unix prompt on the server, so it > seems that the Tomcat 8080 port is able to listen, although > not able to process any request. > > The worst thing about this is when the hanging occurs, the > normal "shutdown.sh" script cannot shut down the hanging > Tomcat process. > We also find that the "kill" command is ineffective using any > signal, including "-9". Therefore, when the hanging occurs, > the only to restart Tomcat and the associated webapp is to > reboot the whole server. > > While the Tomcat server hangs, all other process seems to run > correctly - for example, we have an Oracle database and > Progress DBMS components such as Webspeed and Appserver and > they all continue to run with no problem. > The CPU time is NOT fully utilized when the Tomcat freezes up. > We have not been able to find any error message associated > with the catalina.out log when the freeze occurs. > > Research Done So Far > --- > We did a search thru the email archive > (http://marc.theaimsgroup.com/) using the keywords of "tomcat > aix hangs", the most relevant entry I found was the following: > http://marc.theaimsgroup.com/?t=11609794843&r=1&w=2 > But the above uses much older component as follow, and did > not seem like a good match: > to our setup: > > Tomcat 3.3.1a > > AIX 5.3 > > IBM JDK 1.3.1 > > Apache/1.3.28 > The last reply on the above posting was also not conclusive > in what the root cause was. > Other things found in Bugzilla which we initially thought > were relevant > were: > http://issues.apache.org/bugzilla/show_bug.cgi?id=4 > http://issues.apache.org/bugzilla/show_bug.cgi?id=34693 > http://issues.apache.org/bugzilla/show_bug.cgi?id=32040 > Again, upon closer inspection we were unable to find ways to > apply the info in the above entries in our situation. > > The one entry where we have extracted some application was > the following: > http://issues.apache.org/bugzilla/show_bug.cgi?id=31142 > > I tried a telnet task with ANT 1.6.2: > > - AIX 5.1 it's OK > > - AIX 5.2 it's not OK the task freeze. I must make a CTRL-C > to stop it > > > > > > You may want to try adding -Djava.net.preferIPv4Stack=true > to the Ant > command > > line to see if that helps. I have seen some very long delays on AIX > > 5.2 > with the > > IBM 1.4 VM when it needs to resolve remote addresses. > So we have now implemented the above in our Tomcat startup > script and see whether the Tomcat server will hold up. > Other things we are trying is to switch to using Java 5 > 32-bit to run our Tomcat 5.5.9 instead of Tomcat 64-bit and > see how things goes - the system has been stable for 24 hours > so far using this setting. > > Questions > > Has anyone encountered similarly issues in the past, > especially with Tomcat 5 on AIX 5.2 + Java 5? > > Any suggestion from you good folks on what other setting to > configure in order to increase our chance to get some error > messages logged during a system freezes/hanging? > > Conclusion > > Thanks for reviewing the above and any suggestion you might > have on this. > > Best Regards, > Matthew smime.p7s Description: S/MIME cryptographic signature
RE: tomcat memory usage.
Hi > Description : > right after system(tomcat) is started, the "top" command show > that tomcat process will use 210M memory, the heap size > (using Jprofiler) is 58m/20m(total/used). there is a 150M gap > between total process memory size and java heap size. There needs to be some memory for the JVM as well as your classes. Furthermore GCs may keep two copies of the youngest generation part of the heap. > So my questions are: > 1, what is the difference between java process memory size > and java heap size ? why can it be 150M in right after tomcat > is started ? > 2, why the gap between top can heap can grows from 150M to > 320M, where does 170M more memory gone ? I assume it was needed in between. However, memory allocated by the JVM not not neccessarily lost. Not being used that may be swapped out. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: How do I update the commons-fileupdate JAR from 1.0 to 1.2?
Hi > I downloaded Wireshark and I think you are absolutely right. > > The packets are not even reaching my machine in this situation. > Something in between is stopping them. So this is not a Tomcat question at all. > Can you offer me any suggestions as to how I can track down > the problem? > > My phone is operating on an Orange network in the UK. Call them. Ask them. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: How do I update the commons-fileupdate JAR from 1.0 to 1.2?
Hi > Apparently the reason Apache rejects this request is that > there is a Content Length check for -1 in the FileUploadBase > class. BTW, this makes me think about your setup. Do you have apache in front of tomcat? Then try tomcat standalone first. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: How do I update the commons-fileupdate JAR from 1.0 to 1.2?
Hi > The URL of my servlet is > http://www.noveleditions.com/gaaradio/servlet/GAARadioServlet. > My servlet does read from the input stream of the http > servet request, and doesn't use FileUploadBase directly. The > servlet lives in a webapp directory called gaaradio. The > servlet mapping is set up and works fine when the HTTP POST > data is less than 2016 bytes. However in the case where I get > the 411 code my servlet is never invoked. > I know this because > I have the RequestDumperValve turned on in Tomcat and no logs > are output in that case. For me this sounds like an transparent proxy issue. Try tcpdump / wireshark on the system running tomcat and see if the request even reaches that computer. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: Is Tomcat a good solution for me?
Hi > I currently have PWS running in '98se with ASP pages. > I don't expect to expand the web pages. These two sentences make me think the following: PWS is basically nothing different than IIS, but compiled for Windows 98. As Windows XP comes with IIS this is propably the best chiose for you. There you have asp and you can use the components already do. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: catalina.sh "==" artifact
Hi Sorry, but 5 answers of the kind "RTFM" are simply not nice. It's just a sentence, so here it goes: > If you use > > java -Djava.security.manager -Djava.security.policy==someURL SomeApp > > (note the double equals) then just the specified policy file will be used; > all the ones indicated in the security properties file will be ignored. [http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html] Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: placing context.xml in META-INF works?
Hi > 2) User places our clean database file in the "recommended > location on the server machine. i.e c"\databse\ourfile.gdb" A off-topic side note on this: The c and the backslashes suggest you are using windows. The gdb extension suggest you are using firebird or interbase. My recommendation: Change the extension to fdb, as gdb is handled specially by windows system restore and you might end up having clients whose computers back up a copy the the database to system restore on any webapp restart... Se firebird lists for more details. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: Tomcat 5.5.17 has max 40 KB / sec
Hi
I know, reasking the same question if there was no answer, is no good style.
However I had problems using apache-lists earlier and I don't know wether my
mail made it to the list.
So could anyone please respond, that the mail itself made it?
(Solutions to my problem are welcome as well :D )
Sorry and regard,
Steffen
> -Original Message-
> From: Steffen Heil [mailto:[EMAIL PROTECTED]
> Sent: Saturday, September 23, 2006 3:27 AM
> To: 'Tomcat Users List'
> Subject: Tomcat 5.5.17 has max 40 KB / sec
>
> Hi
>
> I use tomcat 5.5.17 and want to upload files. As this was
> *very* slow in some cases, I wrote a benchmark servlet. Code is below.
> I get the following statistics:
>
> 1. Running server on debian linux it accepts about 8.5 MB /
> sec. (Could slowed down by VM overhead.) 2. Running server on
> windows xp it accepts about 3.5 MB / sec when the client is
> connected over an rinetd redirection.
> 3. Running server on windows xp it accepts ONLY 40 KB / sec
> when the clinet is connected directly.
>
> This problem applies to Internet Explorer 6.0 as client only.
> It does not occur so with Firebird (but still only about 2.4
> MB / sec).
>
> Using wireshark I found that the Internet Explorer is sending
> only 8 KB
> (exactly) followed by an tcp PSH, which is not answered by
> the windows xp machine running tomcat for 0.2 sec. That gives
> me exactly the 40 KB/sec.
>
> I would say, my xp tcp stack is damaged, but it works with
> the same server, when redirected through an external rinetd.
>
> What can I do ?
> Where can I start debugging ?
> Anyone having similar problems ?
>
> If possible, please also reply to me directly (CC).
>
> Regards,
>Steffen
>
>
>
> -->8--
> --
> -->---
>
> package mypackage;
>
> import java.io.InputStream;
>
> import javax.servlet.ServletException;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
>
>
> public class UpstreamBenchmark extends HttpServlet implements
> Runnable {
>
> private long start = -1;
>
> private int total;
>
> private Thread thread;
>
> private final byte[] buffer = new byte[ 4096 ];
>
>
> public void run()
> {
> while ( !Thread.interrupted() ) {
> if ( start != -1 ) {
> long time =
> System.currentTimeMillis() - start + 1;
> double speed = ( total / 1.024 ) / time;
> System.out.println( "speed: " +
> speed + "
> kb/sec" );
> }
> try {
> Thread.sleep( 500 );
> } catch ( Throwable t ) {
> t.printStackTrace();
> }
> }
> }
>
>
> @Override
> public void destroy()
> {
> thread.interrupt();
> super.destroy();
> }
>
>
> @Override
> public void init()
> throws ServletException
> {
> super.init();
> thread = new Thread( this );
> thread.start();
> }
>
>
> @Override
> protected final void doPost( HttpServletRequest
> request, HttpServletResponse response )
> {
> try {
> total = 0;
> start = System.currentTimeMillis();
> InputStream is = request.getInputStream();
> int read;
> while ( ( read = is.read( buffer ) ) != -1 )
> total += read;
> is.close();
> System.out.println( "read " + total + "
> bytes." );
> } catch ( Throwable t ) {
> t.printStackTrace();
> }
> start = -1;
> }
>
> }
>
smime.p7s
Description: S/MIME cryptographic signature
Tomcat 5.5.17 has max 40 KB / sec
Hi
I use tomcat 5.5.17 and want to upload files. As this was *very* slow in
some cases, I wrote a benchmark servlet. Code is below.
I get the following statistics:
1. Running server on debian linux it accepts about 8.5 MB / sec. (Could
slowed down by VM overhead.)
2. Running server on windows xp it accepts about 3.5 MB / sec when the
client is connected over an rinetd redirection.
3. Running server on windows xp it accepts ONLY 40 KB / sec when the clinet
is connected directly.
This problem applies to Internet Explorer 6.0 as client only.
It does not occur so with Firebird (but still only about 2.4 MB / sec).
Using wireshark I found that the Internet Explorer is sending only 8 KB
(exactly) followed by an tcp PSH, which is not answered by the windows xp
machine running tomcat for 0.2 sec. That gives me exactly the 40 KB/sec.
I would say, my xp tcp stack is damaged, but it works with the same server,
when redirected through an external rinetd.
What can I do ?
Where can I start debugging ?
Anyone having similar problems ?
If possible, please also reply to me directly (CC).
Regards,
Steffen
-->8---
package mypackage;
import java.io.InputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class UpstreamBenchmark extends HttpServlet implements Runnable
{
private long start = -1;
private int total;
private Thread thread;
private final byte[] buffer = new byte[ 4096 ];
public void run()
{
while ( !Thread.interrupted() ) {
if ( start != -1 ) {
long time = System.currentTimeMillis() -
start + 1;
double speed = ( total / 1.024 ) / time;
System.out.println( "speed: " + speed + "
kb/sec" );
}
try {
Thread.sleep( 500 );
} catch ( Throwable t ) {
t.printStackTrace();
}
}
}
@Override
public void destroy()
{
thread.interrupt();
super.destroy();
}
@Override
public void init()
throws ServletException
{
super.init();
thread = new Thread( this );
thread.start();
}
@Override
protected final void doPost( HttpServletRequest request,
HttpServletResponse response )
{
try {
total = 0;
start = System.currentTimeMillis();
InputStream is = request.getInputStream();
int read;
while ( ( read = is.read( buffer ) ) != -1 )
total += read;
is.close();
System.out.println( "read " + total + " bytes." );
} catch ( Throwable t ) {
t.printStackTrace();
}
start = -1;
}
}
smime.p7s
Description: S/MIME cryptographic signature
