Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

[Daniel Mikusa]

On Mon, May 30, 2016 at 11:26 PM, Conor Skyler 
wrote:

> Hello list,
>
> I'm trying to install the certificates I bought from GoDaddy into my Tomcat
> server, however so far I've been unsuccessful to achieve this.
>
> My system specs are:
> OS: Amazon Linux (fully updated)
> Tomcat version: 8.0.32, installed from the repos
> Java version: $ java -version
> openjdk version "1.8.0_91"
> OpenJDK Runtime Environment (build 1.8.0_91-b14)
> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>
> To install the certificates I followed this tutorial from GoDaddy website:
>
> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
> which explains how to create a KeyStore and configure the  in
> the server.xml file.
>

Follow these instructions.


>
> Now, judging from the official Tomcat documentation in
> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I
> first need to conver the .crt files provided by GoDaddy to PKCS12 format --
> I wonder then why the instructions in GoDaddy's website state other thing!
>

There's more than one way to do this.  If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.


>
> But then I read this piece of documentation that left me completely
> bewildered:
> To import an existing certificate signed by your own CA into a PKCS12
> keystore using OpenSSL you would execute a command like:
>
> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>-out mycert.p12 -name tomcat -CAfile myCA.crt
>-caname root -chain
>
> In this example there's a reference to a 'mykey.key' file that I don't
> have a clue how to obtain it or from where it comes since when I
> download the certificates provided by GoDaddy, there's no such .key
> file: I can download several different types of certificates in .crt
> format but there isn't any .key file to download.
>

This has to do with the way that you generated the CSR.  The GoDaddy
instructions have you using keytool and a keystore.  In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.


>
> I tried contacting their support and well, they weren't any helpful at
> all, they pointed me to the repository where all the certificates are
> stored and told me to 'find someone that knows how to handle them' --
> thanks for nothing :(
>
> Finally I want to say that I have Tomcat running smooth at port 8080,
> I even configured an administrator user to access the status page
> which works perfectly, my problem is that I just can't find how to
> properly install and configure the SSL.
>

Follow the GoDaddy instructions.  They should work.  If you get stuck on a
specific step, let us know.

Dan


>
> What I'm not sure though is what part or steps I'm missing, I believe
> this has to be much more simpler that it's been so far for me but
> seriously I can't wrap my mind around it.
>
> Thank you very much for taking the time to read this n00b's help scream.
>
> Best regards,
> -Conor
>

Re: Grails war file not starting on Tomcat 7.0.64

[Daniel Mikusa]

On Thu, Sep 3, 2015 at 3:26 AM, Ashish Gupta 
wrote:

> Hi ,
>
> I have a grails application war file, built in production mode. The Grails
> version I am using is 2.1.1 and I am building the war from command prompt.
> My OS is UBUNTU 12.0.4.
>
> The war is generated without errors . But when I am deploying it to
> Tomcat(7.0.64), the app is not starting.
>
> I am getting the following info in the log:
>
> localhost.log
>
> Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext log
> INFO: No Spring WebApplicationInitializer types detected on classpath
> Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext log
> INFO: Initializing Spring root WebApplicationContext
>
> catalina.out
>
> Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext
> startInternal
> SEVERE: One or more listeners failed to start. Full details will be found
> in the appropriate container log file
> Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext
> startInternal
> SEVERE: Context [/App] startup failed due to previous errors
>

This is indicating that your application failed to start properly.  Try
looking in the `logs/catalina.-mm-dd.log` file for more details.  There
should be an exception that shows you why the app failed to start.

Dan



>
> My Java details are :
>
> java version "1.6.0_45"
> Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
> Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
>
> Also found this on my grails server log:
>
>  INFO groovy.grails.commons.spring.GrailsWebApplicationContext Refreshing
>
> org.codehaus.groovy.grails.commons.spring.GrailsWebApplicationContext@4dde8e1b
> :
> startup date [Thu Sep 03 12:40:52 IST 2015]; parent: Root
> WebApplicationContext
> [2015-09-03 12:40:53.180] INFO
> groovy.grails.commons.spring.GrailsWebApplicationContext Bean
> 'dataSourceUnproxied' of type [class
> org.apache.tomcat.jdbc.pool.DataSource] is not eligible for getting
> processed by all BeanPostProcessors (for example: not eligible for
> auto-proxying)
> [2015-09-03 12:40:53.181] INFO
> groovy.grails.commons.spring.GrailsWebApplicationContext Bean 'dataSource'
> of type [class
> org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy] is not
> eligible for getting processed by all BeanPostProcessors (for example: not
> eligible for auto-proxying)


>
> Any help will be appreciated.
> Thanks in advance ,
> Ashish.
>

Re: Grails war file not starting on Tomcat 7.0.64

[Daniel Mikusa]

On Thu, Sep 3, 2015 at 7:30 AM, Ashish Gupta <ashish.gu...@thinkvidya.com>
wrote:

> > Hi ,
> >
> > I have a grails application war file, built in production mode. The
> Grails
> > version I am using is 2.1.1 and I am building the war from command
> prompt.
> > My OS is UBUNTU 12.0.4.
> >
> > The war is generated without errors . But when I am deploying it to
> > Tomcat(7.0.64), the app is not starting.
> >
> > I am getting the following info in the log:
> >
> > localhost.log
> >
> > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext log
> > INFO: No Spring WebApplicationInitializer types detected on classpath
> > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext log
> > INFO: Initializing Spring root WebApplicationContext
> >
> > catalina.out
> >
> > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext
> > startInternal
> > SEVERE: One or more listeners failed to start. Full details will be found
> > in the appropriate container log file
> > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext
> > startInternal
> > SEVERE: Context [/App] startup failed due to previous errors
> >
>
> This is indicating that your application failed to start properly.  Try
> looking in the `logs/catalina.-mm-dd.log` file for more details.  There
> should be an exception that shows you why the app failed to start.
>
> Thanks for the response.
>
> This is the message I am getting in catalina.-mm-dd.log :
>
> org.apache.catalina.core.StandardContext startInternal
> SEVERE: One or more listeners failed to start. Full details will be found
> in the appropriate container log file
> Sep 3, 2015 4:46:55 PM org.apache.catalina.core.StandardContext
> startInternal
> SEVERE: Context [] startup failed due to previous errors
>
> Just wanted to make sure, it this error related to some configuration
> specific to my project or is a general issue.
>

It's an issue with the app or the app's configuration, not Tomcat.  There
should be an exception in the logs which gives you more details.  Look
through `logs/`.  The exception will tell you what the application did to
cause the problem.

Dan



>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Thu, Sep 3, 2015 at 4:48 PM, Daniel Mikusa <dmik...@pivotal.io> wrote:
>
> > On Thu, Sep 3, 2015 at 3:26 AM, Ashish Gupta <
> ashish.gu...@thinkvidya.com>
> > wrote:
> >
> > > Hi ,
> > >
> > > I have a grails application war file, built in production mode. The
> > Grails
> > > version I am using is 2.1.1 and I am building the war from command
> > prompt.
> > > My OS is UBUNTU 12.0.4.
> > >
> > > The war is generated without errors . But when I am deploying it to
> > > Tomcat(7.0.64), the app is not starting.
> > >
> > > I am getting the following info in the log:
> > >
> > > localhost.log
> > >
> > > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: No Spring WebApplicationInitializer types detected on classpath
> > > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: Initializing Spring root WebApplicationContext
> > >
> > > catalina.out
> > >
> > > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext
> > > startInternal
> > > SEVERE: One or more listeners failed to start. Full details will be
> found
> > > in the appropriate container log file
> > > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext
> > > startInternal
> > > SEVERE: Context [/App] startup failed due to previous errors
> > >
> >
> > This is indicating that your application failed to start properly.  Try
> > looking in the `logs/catalina.-mm-dd.log` file for more details.
> There
> > should be an exception that shows you why the app failed to start.
> >
> > Dan
> >
> >
> >
> > >
> > > My Java details are :
> > >
> > > java version "1.6.0_45"
> > > Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
> > > Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
> > >
> > > Also found this on my grails server log:
> > >
> > >  INFO groovy.grails.commons.spring.GrailsWebApplicationContext
> Refreshing
> > >
> > >
> >
> org.codehaus.groovy.grails.commons.spring.Grails

Re: Is Container Managed Transactions possible in case of Tomcat ?

[Daniel Mikusa]

On Wed, Aug 19, 2015 at 12:03 PM, Sreyan Chakravarty 
sreyan.mail...@gmail.com wrote:

 I planning to use JPA (Hibernate) in a small project that I am developing.
 Now I have heard a lot about the benefits of using Container Managed
 Transactions(CMT) for JPA in web apps. But most of the tutorials on the web
 use either GlassFish or JBoss, so I was wondering is CMT supported by
 Tomcat. Send me a link to the documentation for this if there is any.
 Please note that I am going to use a datasource to connect to my database
 and I am using persistence.xml(JPA style) to use Hibernate.


If you're referring to JTA, then no.  Tomcat doesn't implement that.
Tomcat only implements a subset of the JEE spec.

http://tomcat.apache.org/whichversion.html

However most of the parts of the spec that Tomcat does not implement can be
pulled in via libraries.  For JTA you can use a third party implementation
with Tomcat.  Atomikos, JOTM and Bitronix are ones that come to mind.

These docs are a little dated, but should get you started.

http://www.atomikos.com/Documentation/TomcatIntegration
http://jotm.objectweb.org/current/jotm/doc/howto-tomcat-jotm.html

Dan

Re: Many Threads in TIMED_WAITING (parking) - [org.apache.tomcat.util.threads.TaskQueue]

[Daniel Mikusa]

On Thu, Jul 16, 2015 at 10:37 AM, Robert Anderson ranom...@gmail.com
wrote:

 Hi,

 Sometimes, in moments of high traffic for our patterns (170 req/sec), we
 have a lot of threads like that:

 ajp-apr-8009-exec-115 ^ 16/07/2015 - 11:13:37 - End of Execute daemon
 prio=10 tid=0x2aaab5c36800 nid=0x12f9 waiting on condition
 [0x4ddcb000]
java.lang.Thread.State: TIMED_WAITING (parking)
 at sun.misc.Unsafe.park(Native Method)
 - parking to wait for  0x000609a53198 (a
 java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
 at java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:226)
 at

 java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:2082)
 at
 java.util.concurrent.LinkedBlockingQueue.poll(LinkedBlockingQueue.java:467)
 at org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:86)
 at org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:32)
 at

 java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1068)
 at

 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
 at

 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at

 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:745)


This is not a problem.  The thread is in the pool waiting for work.  It's
what you'd normally see on a server that's not handling any requests.



 Thus, Tomcat hangs (all available threads stay in that state) and we have
 to restart the service.

 Server version: Apache Tomcat/7.0.63
 Server built:   Jun 30 2015 08:08:33 UTC
 Server number:  7.0.63.0
 OS Name:Linux
 OS Version: 2.6.18-194.17.1.el5
 Architecture:   amd64
 JVM Version:1.7.0_80-b15
 JVM Vendor: Oracle Corporation

 We are using tomcat-native (APR connector) and Apache (2.2.3) as load
 balancer with mod_jk.


 server.xml

 ?xml version='1.0' encoding='utf-8'?
 Server port=8005 shutdown=SHUTDOWN
   Listener className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=off /
   Listener className=org.apache.catalina.core.JasperListener /
   Listener
 className=org.apache.catalina.core.JreMemoryLeakPreventionListener /
   Listener
 className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener /
   Listener
 className=org.apache.catalina.core.ThreadLocalLeakPreventionListener /
   GlobalNamingResources
 Resource name=UserDatabase auth=Container
   type=org.apache.catalina.UserDatabase
   description=User database that can be updated and saved
   factory=org.apache.catalina.users.MemoryUserDatabaseFactory
   pathname=conf/tomcat-users.xml /
   /GlobalNamingResources

   Service name=Catalina

 Connector port=8080 protocol=HTTP/1.1
connectionTimeout=2
redirectPort=8443 /
 Connector port=8009 enableLookups=false connectionTimeout=6
 protocol=AJP/1.3 redirectPort=8443 /

 Engine name=Catalina defaultHost=localhost jvmRoute=tomsrv04

   Realm className=org.apache.catalina.realm.LockOutRealm
 Realm className=org.apache.catalina.realm.UserDatabaseRealm
resourceName=UserDatabase digest=SHA/
   /Realm

   Host name=localhost  appBase=webapps
 unpackWARs=true autoDeploy=true

 Valve className=org.apache.catalina.valves.StuckThreadDetectionValve
 threshold=60 interruptThreadThreshold=120 /
   /Host
 /Engine
   /Service
 /Server


 Any suggestions?


This could be an issue with HTTPD talking to Tomcat.
   - When the problem occurs, check the access logs for both and see if the
request is making it from HTTPD to Tomcat.
   - Also when the problem occurs, try hitting Tomcat directly while the
problem is occurring.  See if you can access your app when you bypass HTTPD.
   - Post your HTTPD config
   - Make sure timeouts are configured appropriately  -
http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html

Do you have a firewall in between HTTPD  Tomcat?  Is there anything that
could be breaking the connection?

Dan

Re: Many Threads in TIMED_WAITING (parking) - [org.apache.tomcat.util.threads.TaskQueue]

[Daniel Mikusa]

On Thu, Jul 16, 2015 at 12:04 PM, Robert Anderson ranom...@gmail.com
wrote:

 Thanks, Dan.

 This is not a problem.  The thread is in the pool waiting for work.  It's
 what you'd normally see on a server that's not handling any requests.

 It's awkward. Everything is going normal and suddenly, many threads start
 waiting on the same monitor. After restart Tomcat, everything works without
 even make any changes in Apache (service or config files).


The scenario you're describing can happen and it doesn't necessarily mean
there's a problem with Tomcat.  If you're seeing lots of threads waiting
for work, it just means that you've got lots of free workers.  The server
could still be really busy if you got a couple threads running and working
like mad.

A full thread dump would be helpful, to see what else is happening at the
time.  You can also look at multiple thread dumps 10 - 15 seconds apart to
see what the threads are doing over time (i.e. is thread #X at the same
place across all the threads?)


  - When the problem occurs, check the access logs for both and see if the
 request is making it from HTTPD to Tomcat.

 OK. I'll check


You'll probably also want to configure the access logs to log the amount of
time the request took to process.  That'll give you some understanding of
how much time was spent at each hop.  In Tomcat that's done by adding %D
to the access log pattern.


https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Access_Log_Valve/Attributes

HTTPD is the same, but it logs in micro seconds instead of milliseconds.

  http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats



- Also when the problem occurs, try hitting Tomcat directly while the
 problem is occurring.  See if you can access your app when you bypass
 HTTPD.

 I've already tried this. Tomcat becomes very very very slow when it
 happens.


Interesting.  What's the CPU usage like at the time?  If it's high, you
might want to look at gc logging to see if you've got a lot of GC happening.

Dan




- Post your HTTPD config

 worker.properties:

 worker.list=balancer

 worker.tomsrv01.type=ajp13
 worker.tomsrv01.host=x.y.z.1
 worker.tomsrv01.port=8009
 worker.tomsrv01.lbfactor=1
 worker.tomsrv01.connect_timeout=1
 worker.tomsrv01.prepost_timeout=1
 worker.tomsrv01.socket_timeout=1800
 worker.tomsrv01.connection_pool_timeout=60

 worker.tomsrv02.type=ajp13
 worker.tomsrv02.host=x.y.z.2
 worker.tomsrv02.port=8009
 worker.tomsrv02.lbfactor=1
 worker.tomsrv02.connect_timeout=1
 worker.tomsrv02.prepost_timeout=1
 worker.tomsrv02.socket_timeout=1800
 worker.tomsrv02.connection_pool_timeout=60

 worker.tomsrv04.type=ajp13
 worker.tomsrv04.host=x.y.z.3
 worker.tomsrv04.port=8009
 worker.tomsrv04.lbfactor=1
 worker.tomsrv04.connect_timeout=1
 worker.tomsrv04.prepost_timeout=1
 worker.tomsrv04.socket_timeout=1800
 worker.tomsrv04.connection_pool_timeout=60

 worker.balancer.type=lb
 worker.balancer.balance_workers=tomsrv01,tomsrv02,tomsrv04
 worker.balancer.sticky_session=1

- Make sure timeouts are configured appropriately  -

 Ok


 Do you have a firewall in between HTTPD  Tomcat?  Is there anything that
 could be breaking the connection?

 No.


 Best regards.


 2015-07-16 12:44 GMT-03:00 Daniel Mikusa dmik...@pivotal.io:

  On Thu, Jul 16, 2015 at 10:37 AM, Robert Anderson ranom...@gmail.com
  wrote:
 
   Hi,
  
   Sometimes, in moments of high traffic for our patterns (170 req/sec),
 we
   have a lot of threads like that:
  
   ajp-apr-8009-exec-115 ^ 16/07/2015 - 11:13:37 - End of Execute daemon
   prio=10 tid=0x2aaab5c36800 nid=0x12f9 waiting on condition
   [0x4ddcb000]
  java.lang.Thread.State: TIMED_WAITING (parking)
   at sun.misc.Unsafe.park(Native Method)
   - parking to wait for  0x000609a53198 (a
   java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
   at
 java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:226)
   at
  
  
 
 java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:2082)
   at
  
 
 java.util.concurrent.LinkedBlockingQueue.poll(LinkedBlockingQueue.java:467)
   at org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:86)
   at org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:32)
   at
  
  
 
 java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1068)
   at
  
  
 
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
   at
  
  
 
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
   at
  
  
 
 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
   at java.lang.Thread.run(Thread.java:745)
  
 
  This is not a problem.  The thread is in the pool waiting for work.  It's
  what you'd normally see on a server that's not handling any requests.
 
 
  
   Thus, Tomcat hangs (all available threads stay in that state) and we
 have

Re: Session replication/fail-over for medium sized tomcat farm

[Daniel Mikusa]

On Fri, Jul 3, 2015 at 9:17 AM, Charles Richard 
charle...@thelearningbar.com wrote:

 On Fri, Jul 3, 2015 at 9:58 AM, Daniel Mikusa dmik...@pivotal.io wrote:

  On Fri, Jul 3, 2015 at 8:36 AM, Charles Richard 
  charle...@thelearningbar.com wrote:
 
   Hi,
  
   We are currently using a product called Terracotta to do session
   fail-over/replication but are considering moving away from this product
  as
   it doesn't seem to support Java 7 and Tomcat 7.
  
   What products exist out there that would help with session
   fail-over/replication?  I only know of 3:
  
   - Terracotta
   - Hazelcast
   - Tomcat native session failover (is not recommended for many tomcat
  nodes)
  
 
  I think that recommendation is just for the DeltaManager.  You can use
 the
  BackupManager with larger numbers of nodes since it's not replicating
  session data to all of the nodes in the cluster.
 
  http://tomcat.apache.org/tomcat-7.0-doc/config/cluster-manager.html
 
  In addition to that Redis and Memcached are two popular ways of sharing
  session state.
 
  Dan
 
   In the link you sent, it mentions the following:

 Downside of the BackupManager: not quite as battle tested as the delta
 manager. 


Naturally this statement makes sense because DeltaManager is the default.
More people are going to use it.  BackupManager has been around for quite a
while though.  Looking at SVN, it's been almost 9 years.  I'd say that
gives it a certain amount of credibility.

http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/ha/session/BackupManager.java?revision=433703view=markup


 Are you aware of companies using this for their Tomcat farms?


I have worked with multiple customers using it in production.  Not as
common as DeltaManager, but it's being used.

Dan




 Thanks,
 Charles

 
  
   I want to make sure i know all options before making a decision.
  
   Thanks,
   Charles
  
 

Re: Session replication/fail-over for medium sized tomcat farm

[Daniel Mikusa]

On Fri, Jul 3, 2015 at 8:36 AM, Charles Richard 
charle...@thelearningbar.com wrote:

 Hi,

 We are currently using a product called Terracotta to do session
 fail-over/replication but are considering moving away from this product as
 it doesn't seem to support Java 7 and Tomcat 7.

 What products exist out there that would help with session
 fail-over/replication?  I only know of 3:

 - Terracotta
 - Hazelcast
 - Tomcat native session failover (is not recommended for many tomcat nodes)


I think that recommendation is just for the DeltaManager.  You can use the
BackupManager with larger numbers of nodes since it's not replicating
session data to all of the nodes in the cluster.

http://tomcat.apache.org/tomcat-7.0-doc/config/cluster-manager.html

In addition to that Redis and Memcached are two popular ways of sharing
session state.

Dan



 I want to make sure i know all options before making a decision.

 Thanks,
 Charles

Re: detect requests that take a long time to process

[Daniel Mikusa]

On Fri, Jun 19, 2015 at 9:07 AM, Kaouthar Ghorbel gkaout...@gmail.com
wrote:

 hello ,my webapplication is very slow , i want to know how can i detect
 requests that take a long time to process in tomcat 8.


1.) Add %D or %T to your access log format.  That will log info about
how long the request took to process.

%D - Time taken to process the request, in millis
%T - Time taken to process the request, in seconds

http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Access_Log_Valve

2.) This valve can also help.  It'll dump a stack trace when a request
takes longer than the configure threshold.

http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Stuck_Thread_Detection_Valve

Dan




 thanks

Re: SSL configuration using PFX as keystore

[Daniel Mikusa]

On Fri, Jun 19, 2015 at 12:42 AM, Michael Salisbury mich...@skypoint.co.nz
wrote:

  Hi there,

 I’m trying to get the above working using Tomcat 8.0, previously working
 with 7.0.  This is part of a WebDAV connector in Confluence.

 It seems I can connect from anything other than a Windows Mini Redirector
 client (Windows 7 or 8.1, x86 or x64).  Using a web browser or 3rd party
 client (CyberDuck for instance) connects OK.


What happens when you try to connect with the Windows Mini Redirector?  Do
you get a client error?  If so, what?  Do you get any errors or messages in
the Tomcat logs?  If not, you might try running wireshark to investigate
further.  Capture packets from a working client and packets from the MS
client then look to see what's different.

That said, the fact that it's working for a large selection of clients
except one, seems to point to a problem with the client and not your Tomcat
setup.  What makes you think this is a Tomcat issue?  Was there something
specific you had to do in Tomcat 7 to make the MS client work?

Dan



 There are some registry keys in Windows one needs to enable to get this
 working first:



 [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet]

 BasicAuthLevel=dword:0001



 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters]

 BasicAuthLevel=dword:0001

 UseBasicAuth=dword:0001



 Server.xml

 Connector port=9443 maxHttpHeaderSize=8192

 maxThreads=150 minSpareThreads=25 maxSpareThreads=75

 protocol=org.apache.coyote.http11.Http11NioProtocol

 enableLookups=false disableUploadTimeout=true

 acceptCount=100 scheme=https secure=true

 clientAuth=false sslProtocols=TLS SSLEnabled=true

 URIEncoding=UTF-8

 keystoreType=PKCS12

 keystoreFile=${catalina.base}/conf/certname.pfx

 keystorePass=keypassword/



 I’m fairly new to this, but have done a fair bit of reading to get it
 working previously in Tomcat7…so any help would be greatly appreciated.



 Kind regards



 *Michael Salisbury*



 *Senior Systems Architect*   |   *P*  07 960 7011  |   *E*
 mich...@skypoint.co.nz   |   *W*  skypoint.co.nz



 Waikato Innovation Park, Ruakura Rd, PO Box 9466, Hamilton 3240, NZ





 [image: cid:image001.png@01CF0265.772EC520]



 Please send any support enquiries to *E* supp...@skypoint.co.nz



 [image: MCSA_2013(rgb)_14802]  [image: HP Accredited Technical
 Professional]

Re: validationQuery doesn't work (DBCP 7.0.59)

[Daniel Mikusa]

On Mon, Jun 15, 2015 at 4:42 AM, Jose María Zaragoza demablo...@gmail.com
wrote:

 Hello:


 I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4

 The context.xml settings are


 Resource auth=Container type=javax.sql.DataSource
   factory=org.apache.tomcat.jdbc.pool.DataSourceFactory

  driverClassName=org.postgresql.Driver
   initialSize=0  maxActive=100 maxIdle=20
 maxWait=1 mindIdle=0
   name=datasource/bbdd password=fake
 removeAbandoned=true


 url=jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3amp;loadBalanceHosts=false
   username=foo validationQuery=SELECT 1
 testOnBorrow=true timeBetweenEvictionRunsMillis=0/


 I've configured JDBC driver in failover mode ( as you can see in URL
 definition )

 When I test this configuration ( I stop/start databases but , at
 least, there is one running ) , sometimes I'm getting this error
 message:


 org.apache.ibatis.exceptions.PersistenceException:
 ### Error querying database.  Cause:
 org.postgresql.util.PSQLException: This connection has been closed.

 How is it possible if testOnBorrow=true and validationQuery=SELECT 1 ?


Try setting validationInterval to a lower value.  It defaults to 30s, which
means it will only run the query once per 30s.

http://tomcat.apache.org/tomcat-8.0-doc/jdbc-pool.html#Tomcat_JDBC_Enhanced_Attributes


 How I can debug if validationQuery is working as I want  ?


1.) Start Tomcat, make sure the app is working.
2.) Stop the DB.
3.) Your app should stop working, since it can't get a connection.  Also,
any pooled connections will now be bad.
4.) Start the DB.
5.) Your app should be working again.  If the pool is configured properly
as your app requests connections, it should remove the bad connections and
replace them with new ones.

Dan





 Thanks and regards

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RewriteCond

[Daniel Mikusa]

On Sat, May 30, 2015 at 5:07 AM, Frank Lehmann frank-lehm...@freenet.de
wrote:

 Hi Dan,

 First, please don't top post.
 -- Don't know what you mean, i am at qnalist.com and pushed the button
 reply to:


This is top posting.

http://en.wikipedia.org/wiki/Posting_style#Top-posting

We prefer that people who write to the list use an inline style or bottom
post.

http://en.wikipedia.org/wiki/Posting_style#Interleaved_style

or

http://en.wikipedia.org/wiki/Posting_style#Bottom-posting

The idea is that if everyone does the same thing, it's easier to read and
follow conversations on the list.

I don't know the website you're using, but you can subscribe your email
here.  I believe that's the preferred way to interact with the list.

http://tomcat.apache.org/lists.html


 Reply inline like this or at the bottom.
 -- See above.

 Second, what is the mistake you're referring to?
 -- I explained, that the words, which are in the condpattern valvue do not
 match.

 Third, we don't know.
 -- I have this rewritecond set:
 RewriteCond %{HTTP_USER_AGENT}

 (android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|mobile|palmos|webos)

 So, my opinion is, that any word of the string from the user-agent will
 match the string set in the third value of the rule.
 But it does not. nothing will happen.


Have you tried something simpler first?  Like the example I sent you.  Does
it work?  From what you've posted, it's not clear if there's a Tomcat
configuration problem (i.e. it's not starting the valve / reading the
rules) or if the rule in question is not working as you'd expect.

If it's the later, then you're going to need to adjust the rule to make it
work.  I haven't tried that rule, so I can't say if it will work or not.


  You still haven't provided any configuration or
 explanation of what you did.  Where did you configure the valve?  In
 server.xml?  In the Context for an app?  Where did you put the
 rewrite.config file?

 -- My configuration is as follows:

 Windows 2012 R2
 Tomcat 8.0 in directory tomcat/webapps


Which version?  There are currently 23 different releases of the 8.0 branch.


 server.xml in /conf directory with valve ...rewritevalve set.
 rewrite.config file in directory /conf/catalina/localhost

 Rewrite.config will controled after restart tomcat service, because if
 mistakes in the rule, tomcat won't start


Sorry, not sure I follow you here.  Are you saying that Tomcat is failing
to start?  If so, are you getting an error or exception?  If so, include
that here.

Dan

Re: RewriteCond

[Daniel Mikusa]

On Tue, May 26, 2015 at 12:12 PM, Frank Lehmann frank-lehm...@freenet.de
wrote:

 Hi Dan,


First, please don't top post.  Reply inline like this or at the bottom.



 you are right, i have used this documentation for setting the rewrite rule.

 This doc has is mistake in placing the rewrite.config file, but i solved
 it.


Second, what is the mistake you're referring to?


 My problem is, that the test condition never works.


 Every test rule is ignored.

 So what is the reason why every test condition is ignored ?


Third, we don't know.  You still haven't provided any configuration or
explanation of what you did.  Where did you configure the valve?  In
server.xml?  In the Context for an app?  Where did you put the
rewrite.config file?

I did a quick test and it worked for me.

1.) I added this to the context for the examples app:  `Valve
className=org.apache.catalina.valves.rewrite.RewriteValve /`

2.) I added `webapps/examples/WEB-INF/rewrite.config` to the examples app.

3.) In that file, I put the following.

```
RewriteRule ^/junk$ /does-not-exist   [R]
```

4.) I started Tomcat and sent  this request with curl.  `curl -vv
http://localhost:8080/examples/junk`.  The response was a 302 redirect to 
http://localhost:8080/examples/does-not-exist;.

Dan

Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size

[Daniel Mikusa]

On Tue, May 26, 2015 at 6:21 AM, Aditya Chopra adity...@turvo.com wrote:

 The reason i am trying to reduce the war file size is because its size has
 gone upto 55MB and time taken for copying it to the server for deployments
 has increased.


What you're trying to do may seem like a good idea, but in practice is
usually not.  There are a handful of things that can go wrong with it
(library version issues, classpath casting issues, etc...).  You're hitting
just one of those problems and as you can see it's not easy to debug (none
of them are really).  All for what?  A marginally smaller WAR file.  Unless
you're on dial-up, it's likely that the time you spend debugging issues
will far exceed the time you spend uploading files, and that's something
that can be automated.

Solutions to the problem of a larger WAR file that I would suggest (I'm
sure others can add to this list):

   a.) just live with the upload time.  55M is not that crazy.  run the
upload while you're doing something else or at night.
   b.) get a faster Internet connection
   c.) build your project on a remote server, possibly a CI server, that
has better bandwidth.



 Is there any best practice around this that we should be following?


Put everything into the WAR file.  This is my opinion, but I find it makes
life a lot easier.

Dan




 Anyways, i will also check Spring usage to see why the threat context
 class loader isn’t being used.

 Aditya


  On 26-May-2015, at 3:37 pm, Mark Thomas ma...@apache.org wrote:
 
  On 26/05/2015 10:53, Aditya Chopra wrote:
 
  This thread does beg the question *why* do you want to reduce the size
  of your WAR. Doing so creates problems as you have found.
 
  In WEB-INF/lib i only have 2 JARs, which are my application JAR’s. All
 other dependent JAR’s i have moved to /mylibs.
 
  Below mentioned com.myapp.CustomGrantedAuth class is part of my
 application JAR present under WEB-INF/lib.
 
  You'll need to speak to the Spring folks to see why the thread context
  class loader isn't being used. Whether that is a Spring bug or a Spring
  usage error in your part I don't know.
 
  Mark
 
 
 
  Here is the stack trace:
 
  DEBUG [http-nio-8080-exec-3] (DefaultExceptionHandler.java:123) - error.
  java.lang.IllegalArgumentException: java.lang.ClassNotFoundException:
 com.myapp.CustomGrantedAuth
   at
 org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:36)
   at
 com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:124)
   at
 com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:1)
   at
 org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93)
   at
 org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60)
   at
 org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:708)
   at
 org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644)
   at
 org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695)
   at
 org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727)
   at
 org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737)
   at
 org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:811)
   at
 com.arl.mg.services.CustomTokenStore.readAuthentication(CustomTokenStore.java:121)
   at
 com.arl.mg.services.CustomTokenServices.loadAuthentication(CustomTokenServices.java:139)
   at
 org.springframework.security.oauth2.provider.filter.OAuth2ProtectedResourceFilter.doFilter(OAuth2ProtectedResourceFilter.java:53)
   at
 org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79)
   at
 com.arl.mg.error.CustomExceptionHandlerFilter.doFilter(CustomExceptionHandlerFilter.java:59)
   at
 org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79)
   at
 org.springframework.security.oauth2.provider.filter.CompositeFilter.doFilter(CompositeFilter.java:59)
   at
 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
   at
 org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
   at
 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
   at
 org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
   at
 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
   at
 org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
   at
 

Re: RewriteCond

[Daniel Mikusa]

On Mon, May 25, 2015 at 11:30 AM, Frank Lehmann frank-lehm...@freenet.de
wrote:

 Hi helpers,

 i want to rewrite my url when a mobile user reaches my homepage.

 I found this condition on the web after several searchings.

 But it will not work.
 All other condition also not working, i have tested many conditions.

 How can i rewrite a url when a mobile client is getting my homepage ?


Hassan mentioned one way, that's the UrlRewrite filter.  Since you're on
Tomcat 8, there's also a rewrite filter built-in.  It uses a similar syntax
to HTTPD, which is probably what you found posted on the internet.

https://tomcat.apache.org/tomcat-8.0-doc/rewrite.html


 Thanks for help.


 RewriteCond %{HTTP_USER_AGENT}
 (android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|mobile|palmos|webos)
 [NC]
 RewriteRule ^(.+)$ http://www.dashandwerk.net/mobile/ [L]


Where / how did you attempt to configure this?

Dan




 My environment.

 Tomcat 8

Windows 2012 R2
 Homepage under folder webapps/root

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Try to deploy war and keep access to my webapp in browser without entering context root name

[Daniel Mikusa]

On Thu, May 21, 2015 at 12:03 PM, Mark Eggers its_toas...@yahoo.com.invalid
 wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 5/21/2015 8:56 AM, Евгений Кузнецов wrote:
  Hello,
 
  I asked question in stakoverflow
  http://stackoverflow.com/questions/30304478/tomcat-deploying-a-webapp-
 which-is-accessed-via-browser-without-context-root-na
 
 
 
 
  I ll repeat it here:
 
  I have a webapp (spring mvc 4 application) which code is placed in
   |tomcat-7/webapp/mywebapp/| folder. Webapp is accessed in browser
  with url |http://my-web-app.loc:8080| (i.e. without context root
  name |mywebapp| after port number). I have following setups in
  |tomcat-7/conf/server.xml|:
 
  |Host name=my-web-app.loc appBase=webapps unpackWARs=true
  autoDeploy=true Context path= docBase=mywebapp
  reloadable=true allowLinking=true antiJARLocking=true
  copyXML=true / Valve
  className=org.apache.catalina.valves.AccessLogValve
  directory=logs prefix=mywebapp.access. suffix=.log
  pattern=common resolveHosts=true / /Host |
 
  I delploy webapp by placing war-file into |/webapp| folder. But
  after war-file is unpacked and webapp is successfully deployed, I
  can access to webapp only with
  |http://my-web-app.loc:8080/mywebapp| url. Url
  |http://my-web-app.loc:8080| directs me to 404 tomcat error page.
 
  What I have to setup to access to webapp with
  |http://my-web-app.loc:8080| url?
 

 Rename mywebapp.war to ROOT.war (case is important) and deploy.

 . . . just my two cents
 /mde/


+1 - That will be the easiest solution and then you can probably remove the
Context/ tag from your server.xml, which is something that's frowned upon.

Dan



 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2

 iQEcBAEBAgAGBQJVXgG0AAoJEEFGbsYNeTwtkIoH/ixe/TEPmdDSwyfnGoivBjbP
 BE1/p095dcm2K/sEn9FfxddgC7a2gIYa+2Nlu4IHrMoBk+hKH4FLfN5cQid7ZbIk
 2PUwbxnC/tWULIJ8AWgLE8x6aIyHgNMeuSjZCMcKV90FNANhouDsh0XAg6Fod+Ky
 CELckKpJKCGaAvfc/o8NNR2atJDrXdOUl1ApTgJ21RDcipBCp5dPQGCL3qZljjS5
 tJtsXz3+fIutS8D+5walqG/mjUtLXDuWp5nCCOsq2uYGiCaIH6ISwdlAZpOm2kzN
 fbTpmm4wjwn3GKYx6bNlLL624nd/ac6e6JHaUVcpDah4iQqfHJzSL3dTB1+7Vyw=
 =jkyz
 -END PGP SIGNATURE-

 ---
 This email is free from viruses and malware because avast! Antivirus
 protection is active.
 http://www.avast.com


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue while Configuring SSL in tomcat6

[Daniel Mikusa]

On Mon, May 4, 2015 at 8:35 PM, jairaj kamal jairaj.ka...@gmail.com wrote:

First, please stop top posting.  Reply inline or at the bottom.  It's the
convention followed on this list.

Hello, when I checked with below command I find my keystore created type as
 JKS and we are using tool Keytool. Initially we received 2 certificates
 TestRoot.cer  Test.cer, when found things not working, we are now
 trying to import certs of PKCS#12 format (.pfk) via Keytool


The format of your keystore is *not* the problem.  If it were the problem,
you would see an exception in Tomcat.  The problem you're seeing is
different.



 *#Testing Keystore type*

 *D:\Program Files (x86)\Java\jdk1.6.0_27\binkeytool -list -v -keystore
 C:\Users\*

 *svcr2wadmin\nedr2wqajob1\Test.keystore*

 *Enter keystore password:*


 *Keystore type: JKS*

 *Keystore provider: SUN*


 *#Earlier tried steps:*

 keytool -genkey -alias report2web -keyalg RSA -keystore
 C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore


 keytool -certreq -keyalg RSA -alias report2web -file
 C:\Users\svcr2wadmin\nedr2wqajob1\Test.csr -keystore
 C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore


 keytool -import -alias root -keystore
 C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -trustcacerts -file
 C:\Users\svcr2wadmin\nedr2wqajob1\TestRoot.cer


 keytool -import -alias *nedr2wqajob1 *-keystore
 C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -file
 C:\Users\svcr2wadmin\nedr2wqajob1\Test.cer


  Then also did below


 keytool -import -alias nedr2wjob1_non_prod_p7b -keystore
 C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -file
 C:\Users\svcr2wadmin\nedr2wqajob1\Test.pfx


 # But
 Below is the error coming while importing the latest .pfx certificated
 shared

  D:\Program Files (x86)\Java\jdk1.6.0_27\binkeytool -import -alias
 nedr2wjob1QAJob1 -keystore C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore
 -file C:\Users\svcr2wadmin\nedr2wqajob1\*Test.pfx*

 Enter keystore password:

 *keytool error: java.lang.Exception: Input not an X.509 certificate*

 #Certificate status as observed in the browser

 1. nedr2wqajob1 is the alias name of certificate Test.cer - It shows for
 non Root certificate as Your connection to *nedr2wqajob1  *is encrypted
 with obsolete cryptography, The connections uses TLS 1.0. The connection
 uses AES_128_CBC with SHA1 for message authentication and DHE_RSA as the
 key exchange mechanism.


You might need to a.) check what crypto is supported by your version of the
JVM and b.) configure it to not use certain known insecure crypto.

More on this here:  http://wiki.apache.org/tomcat/HowTo/SSLCiphers




 2. Error message showing in chrome browser as below

 “This CA Root certificate is not trusted because it is not in the
 Trusted Root Certification Authorities store.”


Who did you purchase your certificate from?

Dan






 Let me know what to do to resolve this ?

 *Jairaj Kamal*


 On Mon, May 4, 2015 at 6:51 PM, Christopher Schultz 
 ch...@christopherschultz.net wrote:

  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA256
 
  Jairaj,
 
  On 5/4/15 5:35 PM, jairaj kamal wrote:
   Attached find the error coming in browser,looks to be issue with
   Root certificate.
 
  This list strips attachments. Please copy/paste any messages into the
  text of your post.
 
   Also we tried PKCS#12 format certs but getting below Error
 
  The keystore format won't change what gets sent to the client.
 
   D:\Program Files (x86)\Java\jdk1.6.0_27\binkeytool -import -alias
   nedr2wjob1_no n_prod_p7b -keystore
   C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keysto re
   -file C:\Users\svcr2wadmin\nedr2wqajob1\nedr2wjob1_non_prod.p7b
   Enter keystore password: *keytool error: java.lang.Exception: Input
   not an X.509 certificate*
 
  If you really have a PKCS12 keystore, they you'll need to specify the
  keystore type on the command-line.
 
  - -chris
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v2
  Comment: GPGTools - http://gpgtools.org
 
  iQIcBAEBCAAGBQJVSAYcAAoJEBzwKT+lPKRYLREQAMPD6shOiwK7On4wTmMbsuJR
  ifabn95GXN4ia+L80IlvqyY17Mjfe1VzMYsVhLgpJRiEQmSMoy3ChxbeD+2h3Pzc
  38GXZWg8anBHaHqceQDhaiHW2HYNW1HV7IzG22gYDlfi0zwv8JYbpxqQXr7Kf+9q
  CtO8sUt4hTxWW9zYl5mTa2xB7vXr7jl5k0UTTCF7nNuraXGhFBWifebYZ1AxFJEp
  aP6n80rglMC9/K4SVCGRaGjGbHKcN7fiJX1InswWNnGzfWgIvt4HxlZeQwNFrQaa
  N35MGu9pINQ/iofrW/7M5Vp1oqQNMWRSRpU6t9QK3FO6crfNpIuNxmwf46oeEiQh
  7HKF+sBmWlWC4QTdpdMiHNg1Ux2XhZrOzpo657QdrLKPKKLHAqtqcmrlJDTCs6Bs
  lI7NvQXMpMyc466Q0EvemQPkjoyeYr2uRJo8pcscATrvPPqD+chqEstgc6UjHDsZ
  NQqgDIPxPjKrZf1RUj3oEM693ezMCcvTICAMWbcjzTXrrDBFRPFgrM7gSrGjd/ib
  17XsI5+cO3Rc4Ai3d6ss+uMf2HI7/DRQwYEs1h4dUu4Ug1WmRTOEEXV4nFkDUGBS
  AkoQqx77phGcy3XiASB0Dc96CrkbkVXCtmPYf2RH5OXivzkIztn78WSexWv4q01L
  sP/r1a2F394bEExnUXIX
  =7onF
  -END PGP SIGNATURE-
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

Re: Issue while Configuring SSL in tomcat6

[Daniel Mikusa]

On Sun, May 3, 2015 at 7:48 PM, jairaj kamal jairaj.ka...@gmail.com wrote:

 Hello,

 I created a keystore via Keytool, CSR file and received below root and
 intermediate certificates.

 I have got both TestRoot.cer  TestCA.cer certificates imported in keystore
 via keytool but still in browser it shows in red and looks issue with
 certificate is not resolved yet.

 Do i need to convert dot extension of above certs to PKCS12 format, how to
 resolve it ?


There's a lot that could be going on here.  You need to try and narrow down
the problem.

1.) Include the Connector / tag from `conf/server.xml` so we can see how
you've configured Tomcat.
2.) Include the exact version of Tomcat you're using.
3.) Are you connecting directly to Tomcat or is there an HTTPD or some
other server acting as a reverse proxy in between?
4.) Look at the certificate as displayed by your browser.  In Chrome, click
the lock in the tool bar, other browsers are similar.  Look at the details
on the certificate and see what certificate you're being presented.  Is it
the once that you purchased?  or perhaps an older self-signed on?

That should get you started.

Dan




 *Jairaj Kamal*

Re: Tomcat Thread issue

[Daniel Mikusa]

On Thu, Apr 23, 2015 at 7:15 AM, Subhro Paul subhro.p...@tcs.com wrote:

 Dear Team,

 One of our client's website stopped working yesterday. We observed that
 Tomcat servers were not working properly during that time. We have checked
 the memory usage of the server was fine but in the Catalina.out log we
 found it was already reached to max thread which is 512 though the number
 of connections to the server was normal. We took a thread dump from the
 server using VisualVM and we got the below message from threaddump:


Since a thread dump is a point in time snapshot, you should always take
multiple thread dumps, with a few seconds in between each one.  This gives
you additional perspective as to what's happening with the threads over a
period of time.



 http-8080-1 - Thread t@22

java.lang.Thread.State: BLOCKED

 at java.util.Vector$1.nextElement(Vector.java:320)

 - waiting to lock 37749687 (a java.util.Vector) owned by
 http-8080-116 t@161

 at
 org.apache.jsp.includes.header_jsp.isExcludePath(header_jsp.java:116)

 at
 org.apache.jsp.includes.header_jsp._jspService(header_jsp.java:314)


Look at what header.jsp is doing.  It seems to be doing something with the
Vector class which is causing the thread to block.



 at
 org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

 at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

 at
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)

 at
 org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)

 at
 org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)

 at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

 at
 org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)

 at
 org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551)

 at
 org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488)

 at
 org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:968)

 at
 org.apache.jsp.home.customer_005fservice.bill.my_005fbill_jsp._jspService(my_005fbill_jsp.java:126)

 at
 org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

 at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

 at
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)

 at
 org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)

 at
 org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)

 at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

 at
 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

 at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

 at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

 at
 org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:269)

 at
 org.apache.catalina.valves.RemoteHostValve.invoke(RemoteHostValve.java:81)

 at
 org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555)

 at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

 at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

 at
 org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)

 at
 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)

 at
 org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

 at java.lang.Thread.run(Thread.java:701)



Locked ownable synchronizers:

 -  None



 This was coming for different threads. Once we restarted the servers, the
 website back to normal again but we got the below exception in the log :



 Apr 22, 2015 11:15:28 AM org.apache.catalina.loader.WebappClassLoader
 clearReferencesThreads

 SEVERE: A web application appears to have started a thread named
 [http-8080-1] but has failed to stop it. This is very likely to create a
 memory leak.


This 

Re: Problem with Tomcat6 catalina.out

[Daniel Mikusa]

On Wed, Apr 1, 2015 at 2:30 AM, Bhagyashree Jog rani...@gmail.com wrote:

 I am getting the following error on deploying tomcat

 org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
 SEVERE: Socket accept failed
 java.lang.NoClassDefFoundError:
 org/bouncycastle/crypto/modes/CBCBlockCipher


You're missing a JAR file, or it's in the wrong place, and this class can't
be found.  Find the right JAR file and put it into the $CATALINA_BASE/lib
directory.


 at

 org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineSetMode(Unknown
 Source)
 at javax.crypto.Cipher$Transform.setModePadding(Cipher.java:357)
 at javax.crypto.Cipher.chooseProvider(Cipher.java:847)
 at javax.crypto.Cipher.init(Cipher.java:1348)
 at sun.security.ssl.CipherBox.init(CipherBox.java:175)
 at sun.security.ssl.CipherBox.newCipherBox(CipherBox.java:208)
 at
 sun.security.ssl.CipherSuite$BulkCipher.newCipher(CipherSuite.java:467)
 at
 sun.security.ssl.CipherSuite$BulkCipher.isAvailable(CipherSuite.java:507)
 at
 sun.security.ssl.CipherSuite$BulkCipher.isAvailable(CipherSuite.java:485)
 at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:190)
 at

 sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:342)
 at

 sun.security.ssl.SSLContextImpl.getDefaultCipherSuiteList(SSLContextImpl.java:293)
 at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:576)
 at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:494)
 at
 sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:313)
 at

 org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:152)
 at
 org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:352)
 at java.lang.Thread.run(Thread.java:722)

 *This error is logged into catalina.out continuously and catalina.out gets
 full in short time. tomcat version is : 6.0.24. Please help*


This is **really** old.   You need to upgrade to 6.0.43 ASAP.

Dan



 --
 Bhagyashree  N Jog

Re: Issues with SSL to resolve poodle vulnerability

[Daniel Mikusa]

On Fri, Mar 13, 2015 at 10:17 AM, MICHELLE RENEE LARSON mr...@psu.edu
wrote:

 We use a software called iDashboards it is tomcat running on windows I
 have installed an SSL and when you go to the site
 https://idashboards-dev.outreach.psu.edu/idashboards/ it shows that the
 SSL is installed and you connect via https however when you go to an ssl
 checker it says no ssl if installed any idea why it would not show.



 Using sslshopper.com ssl checker





 idashboards-dev.outreach.psu.edu resolves to 146.186.231.156


While the DNS does resolve for me, the site does not seem accessible.  This
may or may not be intentional.  Also, looking at a site like
http://www.isitdownrightnow.com/idashboards-dev.outreach.psu.edu.html
show's it's not accessible.  Given that sslshopper.com is a public site,
it's probably having the same access issues.

Dan








 No SSL certificates were found on idashboards-dev.outreach.psu.edu. Make
 sure that the name resolves to the correct server and that the SSL port
 (default is 443) is open on your server's firewall.












 I have 448 and 8443 open on both the local firewall and on network
 firewall.



 We are running tomcat 7.0.35 on Server 2008 r2



 Here is the edited server.xml



 Connector port=443

protocol=org.apache.coyote.http11.Http11NioProtocol

SSLEnabled=true

maxThreads=150

scheme=https

secure=true

clientAuth=false

sslProtocol=TLS

keystoreFile=C:\SSL\keystore.jks

keystorePass=$@GCceate345

keyAlias=tomcat /







 Michelle larson

 Systems Administrator II

 Outreach Technology Services

 The Pennsylvania State University

 The 329 Bldg, Suite 311, Innovation Park

 University Park, PA 16802

 Phone: 814-863-6612

Re: Persistance on Tomcat 8.0 and Cluster

[Daniel Mikusa]

On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler adied...@tecracer.de
wrote:

 Hello Daniel,
 That you for your reply. You mean, that session persistance was enabled
 and a failover was recordnized by the loadbalancer and the session was
 still available on the remaining node?


No. I'm just talking about your configuration.  You have two conflicting
things configured.

1.) You have a session store created.  This is going to store your sessions
into the database.  It's *not* clustering (at least by the definition
Tomcat uses), but can be an effective way to share sessions across multiple
Tomcat instances.

2.) You have a cluster defined.  This is going to tell Tomcat to replicate
session data directly between your Tomcat nodes.  As you pointed out
previously, this can be problematic on AWS where they don't support
multicast.  It's also conflicting with #1, which is what the error you
reported is telling you.

In short, remove the Cluster/ tag, the error should go away.

Dan



 -Ursprüngliche Nachricht-
 Von: Daniel Mikusa [mailto:dmik...@pivotal.io]
 Gesendet: Freitag, 27. Februar 2015 14:21
 An: Tomcat Users List
 Betreff: Re: Persistance on Tomcat 8.0 and Cluster

 On Fri, Feb 27, 2015 at 8:15 AM, Alexander Diedler adied...@tecracer.de
 wrote:

  Hello,
  I have to build a two node failover cluster with 2 tomcats 8.0.15
 servers.
  This cluster is on AWS Cloud, so technical we cannot use Mulicast etc.
  so we have to use Persistance stored the Session information in a
 database.
  The application was in grails and was delivered as a war file tot he
  tomcat.
 
  But what I get is this error message in the nodes:
  WARNING [localhost-startStop-1]
  org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [
  org.apache.catalina.session.PersistentManager[]] does not implement
  ClusterManager, addition to cluster has been aborted.
 
  In the global /conf/context.xml is this:
  Resource name=jdbc/sessions auth=Container
 type=javax.sql.DataSource
 username=username 
 password=password
  driverClassName=net.sourceforge.jtds.jdbc.Driver
 
 
 url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer;
  maxActive=1000
  maxIdle=30
  maxWait=3600
  validationQuery=select 1 
  removeAbandoned=true
 removeAbandonedTimeout=60/
 
  Manager className=org.apache.catalina.session.PersistentManager
  distributable=true
  processExpiresFrequency=3
  saveOnRestart=true
  minIdleSwap=1800
  maxIdleSwap=3600
  maxInactiveInterval=3600
  maxIdleBackup=0
  
 
  Store className=org.apache.catalina.session.JDBCStore
  dataSourceName=jdbc/sessions
  sessionAppCol=app_name
  sessionDataCol=session_data
  sessionIdCol=session_id
  sessionLastAccessedCol=last_access
  sessionMaxInactiveCol=max_inactive
  sessionTable=tomcat_sessions
  sessionValidCol=valid_session /
  /Manager
 
 
  And in server.xml we use globally:
  Inside the engine tag
 
Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
   channelSendOptions=8
 
 
  /Cluster
 
  What do we wrong?
 

 If you're using session persistence like a DB to share your sessions
 across multiple nodes, you don't need the Cluster / tag.  That's only
 necessary if you're replicating sessions directly between your cluster
 nodes.

 Dan


 
  Greetings
  Alexander
 
 
 

Re: Persistance on Tomcat 8.0 and Cluster

[Daniel Mikusa]

On Fri, Feb 27, 2015 at 8:15 AM, Alexander Diedler adied...@tecracer.de
wrote:

 Hello,
 I have to build a two node failover cluster with 2 tomcats 8.0.15 servers.
 This cluster is on AWS Cloud, so technical we cannot use Mulicast etc. so
 we have to use Persistance stored the Session information in a database.
 The application was in grails and was delivered as a war file tot he
 tomcat.

 But what I get is this error message in the nodes:
 WARNING [localhost-startStop-1]
 org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [
 org.apache.catalina.session.PersistentManager[]] does not implement
 ClusterManager, addition to cluster has been aborted.

 In the global /conf/context.xml is this:
 Resource name=jdbc/sessions auth=Container type=javax.sql.DataSource
username=username 
password=password
 driverClassName=net.sourceforge.jtds.jdbc.Driver

 url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer;
 maxActive=1000
 maxIdle=30
 maxWait=3600
 validationQuery=select 1 
 removeAbandoned=true
removeAbandonedTimeout=60/

 Manager className=org.apache.catalina.session.PersistentManager
 distributable=true
 processExpiresFrequency=3
 saveOnRestart=true
 minIdleSwap=1800
 maxIdleSwap=3600
 maxInactiveInterval=3600
 maxIdleBackup=0
 

 Store className=org.apache.catalina.session.JDBCStore
 dataSourceName=jdbc/sessions
 sessionAppCol=app_name
 sessionDataCol=session_data
 sessionIdCol=session_id
 sessionLastAccessedCol=last_access
 sessionMaxInactiveCol=max_inactive
 sessionTable=tomcat_sessions
 sessionValidCol=valid_session /
 /Manager


 And in server.xml we use globally:
 Inside the engine tag

   Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
  channelSendOptions=8


 /Cluster

 What do we wrong?


If you're using session persistence like a DB to share your sessions across
multiple nodes, you don't need the Cluster / tag.  That's only necessary
if you're replicating sessions directly between your cluster nodes.

Dan



 Greetings
 Alexander

Re: Persistance on Tomcat 8.0 and Cluster

[Daniel Mikusa]

On Fri, Feb 27, 2015 at 9:39 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Daniel,

 On 2/27/15 9:24 AM, Daniel Mikusa wrote:
  On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler
  adied...@tecracer.de wrote:
 
  Hello Daniel, That you for your reply. You mean, that session
  persistance was enabled and a failover was recordnized by the
  loadbalancer and the session was still available on the
  remaining node?
 
 
  No. I'm just talking about your configuration.  You have two
  conflicting things configured.
 
  1.) You have a session store created.  This is going to store your
  sessions into the database.  It's *not* clustering (at least by
  the definition Tomcat uses), but can be an effective way to share
  sessions across multiple Tomcat instances.
 
  2.) You have a cluster defined.  This is going to tell Tomcat to
  replicate session data directly between your Tomcat nodes.  As you
  pointed out previously, this can be problematic on AWS where they
  don't support multicast.  It's also conflicting with #1, which is
  what the error you reported is telling you.
 
  In short, remove the Cluster/ tag, the error should go away.

 Are you sure that's best?


My intent was just to answer the question that was asked.  I was trying to
stay out of this part of the discussion :)


 If the goal is uninterrupted fail-over, then
 perhaps using the BackupManager or DeltaManager with static membership
 is the better strategy.


+1 I generally prefer session replication and if static membership will
work I'd agree that's the way to go.  Sometimes that is tricky on AWS
because the IP addresses can change, then your config needs updated and it
can get messy.

On the subject of what's better, when using a shared storage approach for
sessions you'd probably want to go with Redis or Memcached and not a JDBC
backed store.  Performance should be much better.

Dan


 I guess the real question is for the OP: do you need clustering (i.e.
 session replication between nodes) or is it okay if a user has to
 login again and possibly re-start a workflow if they get failed-over
 to another node?

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJU8IGMAAoJEBzwKT+lPKRY5SQQAIPfDPyKNssUyEOJw5ouA9Qw
 7chcfdhWVjiF83ecdXbZSxzS9hRi0l4pNdXVmU/LLQGNGfg+idtusrrG+fa4A4iE
 xrs36Wt5DCN2+ejCFlWbrW1Ixk58DTLVdXMJ+F67QTIEp59MmKpGOdTXWlWKs8HI
 Xgpq8hEJPMJbaUcEPu87iJbLviVoeWJD9i0TEeA/dcjdl0sR+WdH/VGBtS0TaAkX
 ZMaR0Tkp/Fx4hLWUwe2s5QFrQ6n8Mpeggr76owXuSSD2+J0PYPkezs/ctvssn7OJ
 YhHWPV5OQ52/YY3FFI5e8pEJZeX2D+FT+XS0CzI7EKsJ+UD9RgU/RVRv/iuKnLA9
 GImVr2aAAycCnqGZzDyOrMpO0MfHw9SqLttLdliX8HI383WODYNbrKoON6KaAQRK
 MSwqbZ/YJcDczXVjzHxJZnggvhg2IYupQ89quSpf47kKL6bBw3607feiURegvSd5
 +xiONk3OifRDbcEv/Q3fGwU5rMYzPaf3f/6Jx0/j9jq/ijVKDUI0fvkqaZnCAev4
 o7p67AT6iyH31haRtLL72XFWm6/63hLXQ94qecOKyneAxu8/eWh+ajltAi28mMbk
 GFI4iqQCcij9gjcGX++dDoNoe9qGsDj5ZIhVTWXC4hEnsZF64yQG+KHJ+Gss9JV7
 rbRTDWfS/YlVI/sBMiUz
 =KZKi
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Help setting up sqlite data source

[Daniel Mikusa]

On Wed, Feb 25, 2015 at 2:19 AM, nandy r nandy0...@yahoo.com.invalid
wrote:

 Hello,
 I wanted to setup tomcat+hibernate+JOTM+sqlite but could not find any
 information on sqlite setup.
 I did read a document on setting up datasources and also one tomcat
 document relating to mysql, postgresql.
 It appears I need to supply a resource name, auth, factory, driver class
 and url, which could be:
 resource name- any name I want to supply
 auth-does this apply to sqlite


Set this to `Container`.


 factory -whats the factory for sqlite???


Omit the `factory` attribute and you'll use the default.  It's almost
certainly what you want.  The factory attribute is used to specify a
different connection pool implementation.  Using the default is OK, unless
you have a strong preference as to which implementation you use.


 driverclass-class of jdbc driver lib


This needs to be the name of the JDBC Driver class that you'll use.   I
haven't used SQLite so I can't say what it would be.  This is also one of
the few properties that are specific to your database of choice.


 url-connection string


This is the second commonly used property that will be specific to your
database.  You'd need to look at the docs for the SQLite JDBC driver to see
what the URL should look like.  Generally it'll start with jdbc:



 So please let me know how to setup the sqlite database and if you have a
 working configuration that would be great!


1.) Download your JDBC driver.  Put it into the lib directory of your
Tomcat server.
2.) Edit conf/server.xml.  Locate the GlobalNamingResources tag.  Add a
new Resource/ within this block. [1]
3.) Here's a minimal example, you just need to fill in the blanks.  For
more options, see here [2].

Resource name=jdbc/your-jndi-name
   auth=Container
   type=javax.sql.DataSource
   username=your-db-user
   password=your-db-pass
   driverClassName=driver-class-name
   url=jdbc:...  /

4.) Create a file in the `conf/Catalina/localhost/` directory with the same
name as your application, but with the .xml extension.  For example, if
my WAR file is called `superCoolApp.war`.  I'd create
`conf/Catalina/localhost/superCoolApp.xml`.  This will store configuration
specific to your app.  In that file, add the following. [3]

Context
ResourceLink name=jdbc/your-jndi-name
global=jdbc/your-jndi-name type=javax.sql.DataSource /
/Context

This configuration will tell Tomcat that your app is allowed to use the
global Resource we defined above.

5.) Restart your Tomcat server.  This will pick up the changes in
conf/server.xml.

6.) In your application, use JNDI to retrieve a connect.  Example of this
here [4].

You should also check out the docs here.  While they're not specific to
your database, much of the information is still valid.  Sections like the
Preventing database connection pool leaks, Common Problems and the code
samples for accessing a db connection are not DB specific.

Dan

Alternatively, you can skip steps #2  #3 above and just put the
Resource/ tag directly into the `conf/Catalina/localhost` Context/
block, in place of the ResourceLink/ tag.  I prefer the steps above which
create a global, shared resource.  This alternative creates a pool specific
to your app.

[1] -
http://tomcat.apache.org/tomcat-8.0-doc/jndi-resources-howto.html#Global_configuration
[2] - http://commons.apache.org/proper/commons-dbcp/configuration.html
[3] -
http://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Resource_Links
[4] -
http://tomcat.apache.org/tomcat-8.0-doc/jndi-resources-howto.html#Using_resources
[5] -
http://tomcat.apache.org/tomcat-8.0-doc/jndi-datasource-examples-howto.html


 TIA,
 nandy



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: when idle tomcat runs on 3.9% CPU

[Daniel Mikusa]

On Tue, Feb 24, 2015 at 7:33 AM, Peter Irbizon peterirbi...@gmail.com
wrote:

 Hello,
 I would like to know if it is normal that tomcat7 runs on 3.9% CPU when
 idle? I saw all other processes are at 0%, only tomcat7 is always at least
 3.9%.


1.) What's your system like?  How many CPUs / cores?  Is it a VM or
hardware?  What is the specific version of Tomcat?  of Java?  What OS are
you running?

2.) How are you determining it's idle?  As John mention, do you have any
apps deployed?  Do you know if traffic is hitting the server?

3.) Can you run a profiler and attach it to Tomcat?  It'll tell you what's
happening inside the JVM.

Dan

Re: Tomcat 6 database connection issue

[Daniel Mikusa]

On Tue, Feb 24, 2015 at 10:08 AM, Mark Maciolek mark.macio...@unh.edu
wrote:


 On 2/23/2015 2:46 PM, Daniel Mikusa wrote:

 On Feb 23, 2015 12:49 PM, Mark Maciolek mark.macio...@unh.edu wrote:


 On 2/23/2015 12:37 PM, Daniel Mikusa wrote:

 On Mon, Feb 23, 2015 at 12:25 PM, Mark Maciolek mark.macio...@unh.edu
 wrote:

  On 2/23/2015 9:55 AM, Daniel Mikusa wrote:

  On Mon, Feb 23, 2015 at 9:46 AM, Mark Maciolek mark.macio...@unh.edu
 
 wrote:

hi,

 operating system:
 Scientific Linux release 6.6 (Carbon)

 postgres version
 postgresql-server-8.4.2

 tomcat version
 tomcat6-6.0.24

 Tomcat starts and I can reach page at the 8080 port on the server
 when I add the following xml file and restart tomcat I get this
 error:

 Feb 23, 2015 9:28:16 AM org.apache.catalina.startup.ContextConfig
 processContextConfig
 SEVERE: Parse error in context.xml for /cooa
 org.xml.sax.SAXParseException; systemId:
 file:///etc/tomcat6/Catalina/
 localhost/cooa.xml;
 lineNumber: 21; columnNumber: 12; Error at (21, 12: null

 ?xml version=1.0 encoding=UTF-8?

 Context
path=/web/opal/webapps
docBase=/web/opal/webapps/ROOT
debug=5
reloadable=true
allowLinking=true

 Resource
name=jdbc/postgres
auth=Container
type=javax.sql.DataSource
driverClassName=org.postgresql.Driver
url=jdbc:postgresql://127.0.0.1:5432/cooa
username=dbuser
password=*
maxActive=20
maxIdle=10
maxWait=1
 /Resource

This could be the list or a copy / paste issue, but you should not

 have

 the
  on the opening resource tag.  It should be after your last

 attribute

 (i.e. after maxWait.  You also don't need the closing Resource tag.

 Ex:

 Context
path=/web/opal/webapps
docBase=/web/opal/webapps/ROOT
debug=5
reloadable=true
allowLinking=true
 Resource
name=jdbc/postgres
auth=Container
type=javax.sql.DataSource
driverClassName=org.postgresql.Driver
url=jdbc:postgresql://127.0.0.1:5432/cooa
username=dbuser
password=*
maxActive=20
maxIdle=10
maxWait=1 /
 /Context

 Dan

 PS:  Remove path, it's not valid here.  Remove debug, I don't
 think
 that does anything.  Also, you probably want to remove docBase because
 you're pointing to something in the webapps folder (i.e. appBase), and

 you

 should only use docBase if your app is outside of the appBase folder.



  /Context

 Line #21 is the /Resource ran file past xml parse checker and

 reports

 everything okay.

 Been googling it for two days now and can not figure out what I have

 done

 wrong.

 Mark


 --

 Mark Maciolek
 Network Administrator
 Morse Hall Room 339
 603-862-3050
 https://www.unh.edu/research/support-units/research-computing-center


 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


hi,

 Changing the xml file per your suggestions loads now and  my jsp pages

 now

 load as long as they don't need a database connection.

 I expect to see new postgres processes similar to this from a working
 server:

 postgres   407  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60176) idle
 postgres   408  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60177) idle
 postgres   409  7734  0 Feb17 ?00:01:01 postgres: dbuser
 eosearthdata 127.0.0.1(60178) idle
 postgres   410  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60179) idle
 postgres   411  7734  0 Feb17 ?00:01:01 postgres: dbuser
 eosearthdata 127.0.0.1(60180) idle

 Starting tomcat  does not start the additional postgres processes on my
 server.
 It is trying to though:

  Do you have Postgres running on the same machine as Tomcat?  Looks
 like
 it's waiting trying to make a connection, although it's a little hard to
 say because it looks like you're using a custom pool
 (edu.unh.sr.cooa.DBPool?).

 Dan

  hi,

 yes, postgres and tomcat are on same server,

 OK. It does seem like its hanging on connection. Have you actually tried
 the connection details outside of Tomcat? Perhaps with a command line tool
 or simple Java app?

  it is a custom pool because when moved to production server it will be

 sharing tomcat and postgres resources with other web sites.

 I don't know your circumstances but as an fyi Tomcat can share connection
 pools across multiple apps on one server.

  For testing purposes I would be willing to make it a standard pool.

 If you could, that would be helpful.

 Thanks

 Dan

 hi,

 added this line to my context xml and pool connections start

 factory=org.apache.tomcat.jdbc.pool.DataSourceFactory

Re: Tomcat 6 database connection issue

[Daniel Mikusa]

On Mon, Feb 23, 2015 at 9:46 AM, Mark Maciolek mark.macio...@unh.edu
wrote:

 hi,

 operating system:
 Scientific Linux release 6.6 (Carbon)

 postgres version
 postgresql-server-8.4.2

 tomcat version
 tomcat6-6.0.24

 Tomcat starts and I can reach page at the 8080 port on the server
 when I add the following xml file and restart tomcat I get this error:

 Feb 23, 2015 9:28:16 AM org.apache.catalina.startup.ContextConfig
 processContextConfig
 SEVERE: Parse error in context.xml for /cooa
 org.xml.sax.SAXParseException; systemId: 
 file:///etc/tomcat6/Catalina/localhost/cooa.xml;
 lineNumber: 21; columnNumber: 12; Error at (21, 12: null

 ?xml version=1.0 encoding=UTF-8?

 Context
 path=/web/opal/webapps
 docBase=/web/opal/webapps/ROOT
 debug=5
 reloadable=true
 allowLinking=true

 Resource
 name=jdbc/postgres
 auth=Container
 type=javax.sql.DataSource
 driverClassName=org.postgresql.Driver
 url=jdbc:postgresql://127.0.0.1:5432/cooa
 username=dbuser
 password=*
 maxActive=20
 maxIdle=10
 maxWait=1
 /Resource


This could be the list or a copy / paste issue, but you should not have the
 on the opening resource tag.  It should be after your last attribute
(i.e. after maxWait.  You also don't need the closing Resource tag.

Ex:

Context
path=/web/opal/webapps
docBase=/web/opal/webapps/ROOT
debug=5
reloadable=true
allowLinking=true
Resource
name=jdbc/postgres
auth=Container
type=javax.sql.DataSource
driverClassName=org.postgresql.Driver
url=jdbc:postgresql://127.0.0.1:5432/cooa
username=dbuser
password=*
maxActive=20
maxIdle=10
maxWait=1 /
/Context

Dan

PS:  Remove path, it's not valid here.  Remove debug, I don't think
that does anything.  Also, you probably want to remove docBase because
you're pointing to something in the webapps folder (i.e. appBase), and you
should only use docBase if your app is outside of the appBase folder.




 /Context

 Line #21 is the /Resource ran file past xml parse checker and reports
 everything okay.

 Been googling it for two days now and can not figure out what I have done
 wrong.

 Mark


 --

 Mark Maciolek
 Network Administrator
 Morse Hall Room 339
 603-862-3050
 https://www.unh.edu/research/support-units/research-computing-center


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 database connection issue

[Daniel Mikusa]

On Mon, Feb 23, 2015 at 12:25 PM, Mark Maciolek mark.macio...@unh.edu
wrote:


 On 2/23/2015 9:55 AM, Daniel Mikusa wrote:

 On Mon, Feb 23, 2015 at 9:46 AM, Mark Maciolek mark.macio...@unh.edu
 wrote:

  hi,

 operating system:
 Scientific Linux release 6.6 (Carbon)

 postgres version
 postgresql-server-8.4.2

 tomcat version
 tomcat6-6.0.24

 Tomcat starts and I can reach page at the 8080 port on the server
 when I add the following xml file and restart tomcat I get this error:

 Feb 23, 2015 9:28:16 AM org.apache.catalina.startup.ContextConfig
 processContextConfig
 SEVERE: Parse error in context.xml for /cooa
 org.xml.sax.SAXParseException; systemId: file:///etc/tomcat6/Catalina/
 localhost/cooa.xml;
 lineNumber: 21; columnNumber: 12; Error at (21, 12: null

 ?xml version=1.0 encoding=UTF-8?

 Context
  path=/web/opal/webapps
  docBase=/web/opal/webapps/ROOT
  debug=5
  reloadable=true
  allowLinking=true

 Resource
  name=jdbc/postgres
  auth=Container
  type=javax.sql.DataSource
  driverClassName=org.postgresql.Driver
  url=jdbc:postgresql://127.0.0.1:5432/cooa
  username=dbuser
  password=*
  maxActive=20
  maxIdle=10
  maxWait=1
 /Resource

  This could be the list or a copy / paste issue, but you should not have
 the
  on the opening resource tag.  It should be after your last attribute
 (i.e. after maxWait.  You also don't need the closing Resource tag.

 Ex:

 Context
  path=/web/opal/webapps
  docBase=/web/opal/webapps/ROOT
  debug=5
  reloadable=true
  allowLinking=true
 Resource
  name=jdbc/postgres
  auth=Container
  type=javax.sql.DataSource
  driverClassName=org.postgresql.Driver
  url=jdbc:postgresql://127.0.0.1:5432/cooa
  username=dbuser
  password=*
  maxActive=20
  maxIdle=10
  maxWait=1 /
 /Context

 Dan

 PS:  Remove path, it's not valid here.  Remove debug, I don't think
 that does anything.  Also, you probably want to remove docBase because
 you're pointing to something in the webapps folder (i.e. appBase), and you
 should only use docBase if your app is outside of the appBase folder.



 /Context

 Line #21 is the /Resource ran file past xml parse checker and reports
 everything okay.

 Been googling it for two days now and can not figure out what I have done
 wrong.

 Mark


 --

 Mark Maciolek
 Network Administrator
 Morse Hall Room 339
 603-862-3050
 https://www.unh.edu/research/support-units/research-computing-center


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


  hi,

 Changing the xml file per your suggestions loads now and  my jsp pages now
 load as long as they don't need a database connection.

 I expect to see new postgres processes similar to this from a working
 server:

 postgres   407  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60176) idle
 postgres   408  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60177) idle
 postgres   409  7734  0 Feb17 ?00:01:01 postgres: dbuser
 eosearthdata 127.0.0.1(60178) idle
 postgres   410  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60179) idle
 postgres   411  7734  0 Feb17 ?00:01:01 postgres: dbuser
 eosearthdata 127.0.0.1(60180) idle

 Starting tomcat  does not start the additional postgres processes on my
 server.
 It is trying to though:


Do you have Postgres running on the same machine as Tomcat?  Looks like
it's waiting trying to make a connection, although it's a little hard to
say because it looks like you're using a custom pool
(edu.unh.sr.cooa.DBPool?).

Dan




 When I  kill -3 tomcat pid

 2015-02-23 12:16:21
 Full thread dump OpenJDK 64-Bit Server VM (23.25-b01 mixed mode):

 http-8080-7 daemon prio=10 tid=0x7f133c1b3000 nid=0x7134 in
 Object.wait() [0x7f1348f39000]
java.lang.Thread.State: WAITING (on object monitor)
 at java.lang.Object.wait(Native Method)
 - waiting on 0xbae00240 (a 
 org.apache.tomcat.util.net.AprEndpo
 int$Worker)
 at java.lang.Object.wait(Object.java:502)
 at 
 org.apache.tomcat.util.net.AprEndpoint$Worker.await(AprEndpoint.java:
 1511)
 - locked 0xbae00240 (a 
 org.apache.tomcat.util.net.AprEndpoint$
 Worker)
 at 
 org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:15
 36)
 at java.lang.Thread.run(Thread.java:701)

 http-8080-6 daemon prio=10 tid=0x7f135001b800 nid=0x712e in
 Object.wait() [0x7f134903a000]
java.lang.Thread.State: WAITING (on object monitor)
 at java.lang.Object.wait(Native Method)
 - waiting on 0xbae002d8

Re: Tomcat 6 database connection issue

[Daniel Mikusa]

On Feb 23, 2015 12:49 PM, Mark Maciolek mark.macio...@unh.edu wrote:


 On 2/23/2015 12:37 PM, Daniel Mikusa wrote:

 On Mon, Feb 23, 2015 at 12:25 PM, Mark Maciolek mark.macio...@unh.edu
 wrote:

 On 2/23/2015 9:55 AM, Daniel Mikusa wrote:

 On Mon, Feb 23, 2015 at 9:46 AM, Mark Maciolek mark.macio...@unh.edu
 wrote:

   hi,

 operating system:
 Scientific Linux release 6.6 (Carbon)

 postgres version
 postgresql-server-8.4.2

 tomcat version
 tomcat6-6.0.24

 Tomcat starts and I can reach page at the 8080 port on the server
 when I add the following xml file and restart tomcat I get this error:

 Feb 23, 2015 9:28:16 AM org.apache.catalina.startup.ContextConfig
 processContextConfig
 SEVERE: Parse error in context.xml for /cooa
 org.xml.sax.SAXParseException; systemId: file:///etc/tomcat6/Catalina/
 localhost/cooa.xml;
 lineNumber: 21; columnNumber: 12; Error at (21, 12: null

 ?xml version=1.0 encoding=UTF-8?

 Context
   path=/web/opal/webapps
   docBase=/web/opal/webapps/ROOT
   debug=5
   reloadable=true
   allowLinking=true

 Resource
   name=jdbc/postgres
   auth=Container
   type=javax.sql.DataSource
   driverClassName=org.postgresql.Driver
   url=jdbc:postgresql://127.0.0.1:5432/cooa
   username=dbuser
   password=*
   maxActive=20
   maxIdle=10
   maxWait=1
 /Resource

   This could be the list or a copy / paste issue, but you should not
have

 the
  on the opening resource tag.  It should be after your last
attribute
 (i.e. after maxWait.  You also don't need the closing Resource tag.

 Ex:

 Context
   path=/web/opal/webapps
   docBase=/web/opal/webapps/ROOT
   debug=5
   reloadable=true
   allowLinking=true
 Resource
   name=jdbc/postgres
   auth=Container
   type=javax.sql.DataSource
   driverClassName=org.postgresql.Driver
   url=jdbc:postgresql://127.0.0.1:5432/cooa
   username=dbuser
   password=*
   maxActive=20
   maxIdle=10
   maxWait=1 /
 /Context

 Dan

 PS:  Remove path, it's not valid here.  Remove debug, I don't think
 that does anything.  Also, you probably want to remove docBase because
 you're pointing to something in the webapps folder (i.e. appBase), and
you
 should only use docBase if your app is outside of the appBase folder.



 /Context

 Line #21 is the /Resource ran file past xml parse checker and
reports
 everything okay.

 Been googling it for two days now and can not figure out what I have
done
 wrong.

 Mark


 --

 Mark Maciolek
 Network Administrator
 Morse Hall Room 339
 603-862-3050
 https://www.unh.edu/research/support-units/research-computing-center


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


   hi,

 Changing the xml file per your suggestions loads now and  my jsp pages
now
 load as long as they don't need a database connection.

 I expect to see new postgres processes similar to this from a working
 server:

 postgres   407  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60176) idle
 postgres   408  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60177) idle
 postgres   409  7734  0 Feb17 ?00:01:01 postgres: dbuser
 eosearthdata 127.0.0.1(60178) idle
 postgres   410  7734  0 Feb17 ?00:01:00 postgres: dbuser
 eosearthdata 127.0.0.1(60179) idle
 postgres   411  7734  0 Feb17 ?00:01:01 postgres: dbuser
 eosearthdata 127.0.0.1(60180) idle

 Starting tomcat  does not start the additional postgres processes on my
 server.
 It is trying to though:

 Do you have Postgres running on the same machine as Tomcat?  Looks like
 it's waiting trying to make a connection, although it's a little hard to
 say because it looks like you're using a custom pool
 (edu.unh.sr.cooa.DBPool?).

 Dan

 hi,

 yes, postgres and tomcat are on same server,

OK. It does seem like its hanging on connection. Have you actually tried
the connection details outside of Tomcat? Perhaps with a command line tool
or simple Java app?

 it is a custom pool because when moved to production server it will be
sharing tomcat and postgres resources with other web sites.

I don't know your circumstances but as an fyi Tomcat can share connection
pools across multiple apps on one server.


 For testing purposes I would be willing to make it a standard pool.

If you could, that would be helpful.

Thanks

Dan


 Mark



 When I  kill -3 tomcat pid

 2015-02-23 12:16:21
 Full thread dump OpenJDK 64-Bit Server VM (23.25-b01 mixed mode):

 http-8080-7 daemon prio=10 tid=0x7f133c1b3000 nid=0x7134 in
 Object.wait() [0x7f1348f39000]
 java.lang.Thread.State: WAITING (on object monitor)
  at java.lang.Object.wait(Native

Re: WorkManager replacement

[Daniel Mikusa]

On Fri, Feb 13, 2015 at 9:49 AM, Kevin Hale Boyes kcbo...@gmail.com wrote:

 We already use Spring in the project so I'll have a look there.


http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#scheduling

Dan


 Thanks

 On 13 February 2015 at 05:29, Daniel Mikusa dmik...@pivotal.io wrote:

  On Thu, Feb 12, 2015 at 11:59 PM, Kevin Hale Boyes kcbo...@gmail.com
  wrote:
 
   I currently have an application running on weblogic that I'm moving
 over
  to
   tomcat 8.
   One of the things the application does is run background jobs using the
   commonj WorkManager.  These jobs are managed by weblogic which seems to
  be
   the recommended practice.
  
   What is the best/recommended way to run background jobs in Tomcat 8?
  
 
  Personally I'd use Spring, which has a nice and simple way to schedule
  tasks.  I'd also be using Spring for other things though and I'm not sure
  I'd pull it in just for scheduled tasks.
 
  A quick google search came up with this library.
 
 http://commonj.myfoo.de/
 
  Haven't personally used it though.
 
  I suppose another option would be to just use java.util.concurrent.
 
  Dan
 
 
  
   Thanks,
   Kevin
  
 

Re: WorkManager replacement

[Daniel Mikusa]

On Thu, Feb 12, 2015 at 11:59 PM, Kevin Hale Boyes kcbo...@gmail.com
wrote:

 I currently have an application running on weblogic that I'm moving over to
 tomcat 8.
 One of the things the application does is run background jobs using the
 commonj WorkManager.  These jobs are managed by weblogic which seems to be
 the recommended practice.

 What is the best/recommended way to run background jobs in Tomcat 8?


Personally I'd use Spring, which has a nice and simple way to schedule
tasks.  I'd also be using Spring for other things though and I'm not sure
I'd pull it in just for scheduled tasks.

A quick google search came up with this library.

   http://commonj.myfoo.de/

Haven't personally used it though.

I suppose another option would be to just use java.util.concurrent.

Dan



 Thanks,
 Kevin

Re: tomcat severe error when shutting down service but startup is clean

[Daniel Mikusa]

On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com
wrote:

 I keep getting these weird tomcat errors on shutdown on a newly built
 system using tomcat 7.0.57 on  a windows 2012 server with jdk 1.7 that I
 can't figure out.  This is the catalina log:
 Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader
 clearReferencesJdbc
 SEVERE: The web application [/identityiq] registered the JDBC driver
 [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to unregister it
 when the web application was stopped. To prevent a memory leak, the JDBC
 Driver has been forcibly unregistered.


This is saying that there was a problem unregistering this JDBC driver.
It's my understanding that this is common for JDBC drivers and why it's
generally recommended that you put them in either $CATALINA_HOME/lib or
$CATALINA_BASE/lib instead of bundled with the web app.  Can you give that
a try and see if this message goes away?


 Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader
 clearReferencesThreads
 SEVERE: The web application [/identityiq] appears to have started a thread
 named [Thread-3] but has failed to stop it. This is very likely to create a
 memory leak.


Something (possibly your JDBC driver) in your app is starting a thread.
Because the app starts the thread, it's responsible to cleaning it up.
This message is telling you that the thread is not being cleaned up.  If
you take a thread dump when your app is running and then stop the app, you
should be able to get an idea as to what created this thread.



 The jdbc driver I am using is in the folder identityiq under the webapps
 directory in tomcat.  It is the sqljdbc4.jar driver.  This driver is not in
 the tomcat\lib directory.  Please help because I am getting no help from
 the vender.  Thank you.


Is there any reason it's bundled with the app and not in the lib
directory?  Usually you'd put JDBC drivers in the lib directory.

Dan

On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com
wrote:

 I keep getting these weird tomcat errors on shutdown on a newly built
 system using tomcat 7.0.57 on  a windows 2012 server with jdk 1.7 that I
 can't figure out.  This is the catalina log:
 Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader
 clearReferencesJdbc
 SEVERE: The web application [/identityiq] registered the JDBC driver
 [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to unregister it
 when the web application was stopped. To prevent a memory leak, the JDBC
 Driver has been forcibly unregistered.
 Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader
 clearReferencesThreads
 SEVERE: The web application [/identityiq] appears to have started a thread
 named [Thread-3] but has failed to stop it. This is very likely to create a
 memory leak.

 The jdbc driver I am using is in the folder identityiq under the webapps
 directory in tomcat.  It is the sqljdbc4.jar driver.  This driver is not in
 the tomcat\lib directory.  Please help because I am getting no help from
 the vender.  Thank you.

 Kevin Wirth
 Sr. Systems Engineer
 Information Services
 Astoria Bank
 * (516) 327-7762  |   *  kwi...@astoriabank.commailto:
 kwi...@astoriabank.com

 Astoria Federal Savings is now Astoria Bank.  We can now be contacted at
 our new email addresses @astoriabank.com.


 This e-mail and any attachments that accompany it are confidential and may
 be legally privileged. It is intended solely for the use of the
 individual(s) to whom it was intended to be addressed. Access to this
 e-mail by anyone else is unauthorized. If you are not the intended
 recipient, please immediately return the e-mail to the sender and delete
 the original and any copy from your computer. If the reader of this message
 is not the intended recipient, or an employee or agent responsible for
 delivering this message to its intended recipient, you are herewith
 notified that any dissemination, distribution, copying or retention of this
 communication or the information contained herein is strictly prohibited.

Re: tomcat severe error when shutting down service but startup is clean

[Daniel Mikusa]

On Thu, Feb 12, 2015 at 9:43 AM, Wirth, Kevin kwi...@astoriabank.com
wrote:

 If I move it won't the app break because it will look for the driver in
 the folder and not find it?


1.) Please don't top post.  Reply inline like this or at the bottom.

2.) No.  The app doesn't look for the driver in that specific location.  It
looks on the classpath.  Since the lib directory is also on the classpath,
it will still be available.

Dan



 -Original Message-
 From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
 Sent: Thursday, February 12, 2015 9:37 AM
 To: Tomcat Users List
 Subject: Re: tomcat severe error when shutting down service but startup is
 clean

 You need to move, not copy.

 Copying is not enough, as webapp jars are preferred over Tomcat ones.
 Also having the same class in two places may result in a behaviour that
 you do not expect.
 http://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html


 2015-02-12 17:33 GMT+03:00 Wirth, Kevin kwi...@astoriabank.com:
  Ok, I will copy the driver into tomcat\lib and see what happens.  Thank
 you.
 
  -Original Message-
  From: Daniel Mikusa [mailto:dmik...@pivotal.io]
  Sent: Thursday, February 12, 2015 9:31 AM
  To: Tomcat Users List
  Subject: Re: tomcat severe error when shutting down service but
  startup is clean
 
  On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com
  wrote:
 
  I keep getting these weird tomcat errors on shutdown on a newly built
  system using tomcat 7.0.57 on  a windows 2012 server with jdk 1.7
  that I can't figure out.  This is the catalina log:
  Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader
  clearReferencesJdbc
  SEVERE: The web application [/identityiq] registered the JDBC driver
  [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to
  unregister it when the web application was stopped. To prevent a
  memory leak, the JDBC Driver has been forcibly unregistered.
 
 
  This is saying that there was a problem unregistering this JDBC driver.
  It's my understanding that this is common for JDBC drivers and why it's
 generally recommended that you put them in either $CATALINA_HOME/lib or
 $CATALINA_BASE/lib instead of bundled with the web app.  Can you give that
 a try and see if this message goes away?
 
 
  Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader
  clearReferencesThreads
  SEVERE: The web application [/identityiq] appears to have started a
  thread named [Thread-3] but has failed to stop it. This is very
  likely to create a memory leak.
 
 
  Something (possibly your JDBC driver) in your app is starting a thread.
  Because the app starts the thread, it's responsible to cleaning it up.
  This message is telling you that the thread is not being cleaned up.  If
 you take a thread dump when your app is running and then stop the app, you
 should be able to get an idea as to what created this thread.
 
 
 
  The jdbc driver I am using is in the folder identityiq under the
  webapps directory in tomcat.  It is the sqljdbc4.jar driver.  This
  driver is not in the tomcat\lib directory.  Please help because I am
  getting no help from the vender.  Thank you.
 
 
  Is there any reason it's bundled with the app and not in the lib
 directory?  Usually you'd put JDBC drivers in the lib directory.
 
  Dan
 
  On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com
  wrote:
 
  I keep getting these weird tomcat errors on shutdown on a newly built
  system using tomcat 7.0.57 on  a windows 2012 server with jdk 1.7
  that I can't figure out.  This is the catalina log:
  Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader
  clearReferencesJdbc
  SEVERE: The web application [/identityiq] registered the JDBC driver
  [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to
  unregister it when the web application was stopped. To prevent a
  memory leak, the JDBC Driver has been forcibly unregistered.
  Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader
  clearReferencesThreads
  SEVERE: The web application [/identityiq] appears to have started a
  thread named [Thread-3] but has failed to stop it. This is very
  likely to create a memory leak.
 
  The jdbc driver I am using is in the folder identityiq under the
  webapps directory in tomcat.  It is the sqljdbc4.jar driver.  This
  driver is not in the tomcat\lib directory.  Please help because I am
  getting no help from the vender.  Thank you.
 
  Kevin Wirth
  Sr. Systems Engineer
  Information Services
  Astoria Bank
  * (516) 327-7762  |   *  kwi...@astoriabank.commailto:
  kwi...@astoriabank.com
 
  Astoria Federal Savings is now Astoria Bank.  We can now be contacted
  at our new email addresses @astoriabank.com.
 
 
  This e-mail and any attachments that accompany it are confidential
  and may be legally privileged. It is intended solely for the use of
  the
  individual(s) to whom it was intended to be addressed. Access to this
  e-mail

Re: tomcat severe error when shutting down service but startup is clean

[Daniel Mikusa]

On Thu, Feb 12, 2015 at 11:20 AM, Wirth, Kevin kwi...@astoriabank.com
wrote:



 -Original Message-
 From: Daniel Mikusa [mailto:dmik...@pivotal.io]
 Sent: Thursday, February 12, 2015 9:52 AM
 To: Tomcat Users List
 Subject: Re: tomcat severe error when shutting down service but startup is
 clean

 On Thu, Feb 12, 2015 at 9:43 AM, Wirth, Kevin kwi...@astoriabank.com
 wrote:

  If I move it won't the app break because it will look for the driver
  in the folder and not find it?
 

 1.) Please don't top post.  Reply inline like this or at the bottom.

 2.) No.  The app doesn't look for the driver in that specific location.
 It looks on the classpath.  Since the lib directory is also on the
 classpath, it will still be available.

 Dan
 Update: I added this to the java tab
 -Dsun.lang.ClassLoader.allowArraySyntax=true and all of the severe errors
 are gone except one:
 Feb 12, 2015 11:14:17 AM org.apache.catalina.loader.WebappClassLoader
 clearReferencesThreads
 SEVERE: The web application [/identityiq] appears to have started a thread
 named [Thread-3] but has failed to stop it. This is very likely to create a
 memory leak.

 Any ideas?


Something in your app is starting a thread. Because the app starts the
thread, it's responsible to cleaning it up. This message is telling you
that the thread is not being cleaned up.  If you take a thread dump when
your app is running and then stop the app, you should be able to get an
idea as to what created this thread.

http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F

Dan




 
  -Original Message-
  From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
  Sent: Thursday, February 12, 2015 9:37 AM
  To: Tomcat Users List
  Subject: Re: tomcat severe error when shutting down service but
  startup is clean
 
  You need to move, not copy.
 
  Copying is not enough, as webapp jars are preferred over Tomcat ones.
  Also having the same class in two places may result in a behaviour
  that you do not expect.
  http://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html
 
 
  2015-02-12 17:33 GMT+03:00 Wirth, Kevin kwi...@astoriabank.com:
   Ok, I will copy the driver into tomcat\lib and see what happens.
   Thank
  you.
  
   -Original Message-
   From: Daniel Mikusa [mailto:dmik...@pivotal.io]
   Sent: Thursday, February 12, 2015 9:31 AM
   To: Tomcat Users List
   Subject: Re: tomcat severe error when shutting down service but
   startup is clean
  
   On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin
   kwi...@astoriabank.com
   wrote:
  
   I keep getting these weird tomcat errors on shutdown on a newly
   built system using tomcat 7.0.57 on  a windows 2012 server with jdk
   1.7 that I can't figure out.  This is the catalina log:
   Feb 12, 2015 8:54:31 AM
   org.apache.catalina.loader.WebappClassLoader
   clearReferencesJdbc
   SEVERE: The web application [/identityiq] registered the JDBC
   driver [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to
   unregister it when the web application was stopped. To prevent a
   memory leak, the JDBC Driver has been forcibly unregistered.
  
  
   This is saying that there was a problem unregistering this JDBC driver.
   It's my understanding that this is common for JDBC drivers and why
   it's
  generally recommended that you put them in either $CATALINA_HOME/lib
  or $CATALINA_BASE/lib instead of bundled with the web app.  Can you
  give that a try and see if this message goes away?
  
  
   Feb 12, 2015 8:54:31 AM
   org.apache.catalina.loader.WebappClassLoader
   clearReferencesThreads
   SEVERE: The web application [/identityiq] appears to have started a
   thread named [Thread-3] but has failed to stop it. This is very
   likely to create a memory leak.
  
  
   Something (possibly your JDBC driver) in your app is starting a thread.
   Because the app starts the thread, it's responsible to cleaning it up.
   This message is telling you that the thread is not being cleaned up.
   If
  you take a thread dump when your app is running and then stop the app,
  you should be able to get an idea as to what created this thread.
  
  
  
   The jdbc driver I am using is in the folder identityiq under the
   webapps directory in tomcat.  It is the sqljdbc4.jar driver.  This
   driver is not in the tomcat\lib directory.  Please help because I
   am getting no help from the vender.  Thank you.
  
  
   Is there any reason it's bundled with the app and not in the lib
  directory?  Usually you'd put JDBC drivers in the lib directory.
  
   Dan
  
   On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin
   kwi...@astoriabank.com
   wrote:
  
   I keep getting these weird tomcat errors on shutdown on a newly
   built system using tomcat 7.0.57 on  a windows 2012 server with jdk
   1.7 that I can't figure out.  This is the catalina log:
   Feb 12, 2015 8:54:31 AM
   org.apache.catalina.loader.WebappClassLoader
   clearReferencesJdbc
   SEVERE: The web application

Re: Issue when using tomcat JDBC Connection Pool with a shared resource

[Daniel Mikusa]

On Fri, Feb 6, 2015 at 9:57 AM, Jean-Louis Mateo jean-louis.ma...@bull.net
wrote:

 Hi Dan,

 Thank you for having replied to this issue.
 First of all, now it works fine but I would like to answer your
 questions...

  Not sure about this global attribute.  I don't believe it's an
 attribute of the pool.  Why did you add it?
 That's what I've read here
 http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Resource_Definitions


The global attribute is on the ResourceLink tag, not the Resource tag.




  2.) It has no url or driver set.
 Thanks. The issue was here and  I should have read it more closely
 about the name property (at the same above url):
 name: The name of the resource link to be created,
 relative to the java:comp/env context.
 So...
 Before, in my context file
 ResourceLink  name=jdbc/LocalTestDB  E R R O
 R  this jndi name doesn't exist
 global=sharedDataSource
 type=javax.sql.DataSource/

 After, in my context file
 ResourceLink   name=jdbc/TestDB - That's the right
 name
 global=sharedDataSource
 type=javax.sql.DataSource/

 Now it works fine

 Note: In a way, you were right global property is no need in
 GlobalNamingResources (server.xml)
 Only global (from context.xml, ResourceLink) and name
 (from server.xml, GlobalNamingResources-Resource) are needed and have to
 match


Awesome!  Glad you caught that and were able to get it working.

Dan




  You have initialSize set to 2.  This should attempt to make connections
 when you start Tomcat.  Do you see any errors at that time?
 There were no errors. At launching time, the pool is well created
 with 2 connexions in LISTENING state (netstat -an)

  This is unrelated, but don't set path here.  The path attribute is
 ignore here.  The path is determined by the name of the xml file, which
 just happens to be test-app as well.
 OK. path is no longer set.

  Do you have anything set in conf/context.xml or in your web.xml?
 See the attached file


 Best Regards

 Jean-Louis Matéo


 -Message d'origine-
 De : Daniel Mikusa [mailto:dmik...@pivotal.io]
 Envoyé : vendredi 6 février 2015 14:06
 À : Tomcat Users List
 Objet : Re: Issue when using tomcat JDBC Connection Pool with a shared
 resource

 On Fri, Feb 6, 2015 at 6:27 AM, Jean-Louis Mateo 
 jean-louis.ma...@bull.net
 wrote:

   Hi,
 
 
 
  I would like to use the Tomcat JDBC Connection Pool with a shared
  resource so I’ve read :
 
   http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Standalone and
  http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Resource_L
  inks
 
 
 
  …. and tried to do the same but when I try to access to my servlet I
  get the following message:
 
 
 
  org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC
  driver of class '' for connect URL 'null'
 

 A couple odd things here...

 1.) It's trying to use DBCP, not the jdbc connection pool.
 2.) It has no url or driver set.


   at
  org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(Ba
  sicDataSource.java:1452)
 
  at
  org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicData
  Source.java:1371)
 
  at
  org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSou
  rce.java:1044)
 
  at testPackage.DBTest.doGet(DBTest.java:62)
 
  at
  javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
 
  at
  javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 
  at
  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
  cationFilterChain.java:303)
 
  at
  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
  lterChain.java:208)
 
  at
  org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 
  at
  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
  cationFilterChain.java:241)
 
  at
  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
  lterChain.java:208)
 
  at
  org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
  lve.java:220)
 
  at
  org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
  lve.java:122)
 
  at
  org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
  orBase.java:612)
 
  at
  org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
  va:170)
 
  at
  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
  va:103)
 
  at
  org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:9

Re: Issue when using tomcat JDBC Connection Pool with a shared resource

[Daniel Mikusa]

On Fri, Feb 6, 2015 at 6:27 AM, Jean-Louis Mateo jean-louis.ma...@bull.net
wrote:

  Hi,



 I would like to use the Tomcat JDBC Connection Pool with a shared resource
 so I’ve read :

  http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Standalone and
 http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Resource_Links



 …. and tried to do the same but when I try to access to my servlet I get
 the following message:



 org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver
 of class '' for connect URL 'null'


A couple odd things here...

1.) It's trying to use DBCP, not the jdbc connection pool.
2.) It has no url or driver set.


  at
 org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1452)

 at
 org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1371)

 at
 org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)

 at testPackage.DBTest.doGet(DBTest.java:62)

 at
 javax.servlet.http.HttpServlet.service(HttpServlet.java:620)

 at
 javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

 at
 org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

 at
 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

 at
 org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:612)

 at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

 at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

 at
 org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

 at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

 at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)

 at
 org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)

 at
 org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)

 at
 org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)

 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

 at
 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

 at java.lang.Thread.run(Thread.java:745)

 Caused by: java.lang.NullPointerException

 at
 sun.jdbc.odbc.JdbcOdbcDriver.getProtocol(JdbcOdbcDriver.java:524)

 at
 sun.jdbc.odbc.JdbcOdbcDriver.knownURL(JdbcOdbcDriver.java:493)

 at
 sun.jdbc.odbc.JdbcOdbcDriver.acceptsURL(JdbcOdbcDriver.java:307)

 at java.sql.DriverManager.getDriver(DriverManager.java:262)

 at
 org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1437)

 ... 25 more

 



 Environment :

 Win 7

 Java - jdk 1.7.0.65

 Tomcat - 7.0.57

 MySQL - 5.1.18



 



 Tomcat service properties:

 -Dcatalina.home=Y:\Programs\Tomcat\Tomcat7

 -Dcatalina.base=Y:\00-Prod\data\catalina

 -Djava.endorsed.dirs=Y:\Programs\Tomcat\Tomcat7\endorsed

 -Djava.io.tmpdir=Y:\Programs\Tomcat\Tomcat7\temp

 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager


 -Djava.util.logging.config.file=Y:\Programs\Tomcat\Tomcat7\conf\logging.properties

 -Dcom.sun.management.jmxremote

 -Dcom.sun.management.jmxremote.port=8099

 -Dcom.sun.management.jmxremote.ssl=false

 -Dcom.sun.management.jmxremote.authenticate=false

 -XX:MaxPermSize=512m



 



 CATALINA_HOME/lib contents

 …

 tomcat-dbcp.jar

 tomcat-jdbc.jar

 …



 



 CATALINA_BASE/lib contents:

 mysql-connector-java-5.1.18-bin.jar

 



 CATALINA_BASE/conf/server.xml

 ...

 …

   GlobalNamingResources

…


What else do you have defined in this block?


  --

 Resource  name=sharedDataSource

Re: persisting sessions best practices

[Daniel Mikusa]

On Tue, Jan 27, 2015 at 3:03 AM, Aristedes Maniatis a...@ish.com.au wrote:

 Thank you to Dan and Chris for your valuable comments.

 On 1/19/15 9:21 AM, Daniel Mikusa wrote:
  Question 1: Is the documentation still correct after all these years of
 BackupManager being used? Is it still considered of lower reliability?
 
  It's just saying that less people use it. Because DeltaManager is the
 default and works fine in a lot of cases, the majority of users are just
 going to stick with it. Naturally then less people use BackupManager. It's
 not implying that BackupManager has problems. I've see BackupManager used a
 bunch of times and it worked great every time.


 Great. Then just as a summary, let me outline the options:

 Choice 1: to stick or not to stick
 If you use sticky sessions, then any session persistence layer is just
 there as a backup in case of failure of that node. So, for example,
 memcache would be used almost entirely to write entries and is never read
 from.


You've got the gist of it.  Sticky sessions get you 90% of the way there.
If that's good enough for your usage, you can stop there.  If you can't
afford to lose a session then you've got to go the remaining 10% and setup
clustering or shared storage for the session data.


 If you don't use sticky sessions, then the session persistence layer
 becomes a new point of failure and needs its own redundancy and load
 balancing.


Correct.  Tomcat's Clustering support works in a peer to peer fashion, so
data is replicated between the Tomcat nodes.  If you use a session store,
session data is persisted to that store.  The store itself could be a
single node or multiple nodes in an HA configuration.  That's up to you
though.

Dan




 Choices 2: which backend

 * JDBC
 * memcache
 * backup manager (can only be used in sticky mode)
 * delta manager


 For my needs I think the backupManager is the way to go. No extra moving
 parts, very simple to implement and not too much extra network traffic.


 On Mon, Jan 19, 2015 at 11:05 AM, Christopher Schultz wrote:
  My question would be whether you are engineering to solve a problem that
 does not yet exist. We went through this conversation years ago at $work,
 and decided that users having to re-authenticate in the event of a failure
 was an okay compromise given all the work it would require to keep a
 high-availability cluster up and running. Our user's needs simply aren't
 that critical.


 This is actually designed to make our life easier with sysadmin more than
 anything. We can then take an instance offline to adjust memory usage,
 attach a profiler or anything else, without worrying about doing it out of
 hours or slowly waiting for all sessions to expire.

 If you have commit rights to the tomcat documentation, can I suggest that
 you add your notes about HttpSession.setAttribute(). That hint is
 absolutely invaluable!

 Thanks
 Ari




 --
 --
 Aristedes Maniatis
 ish
 http://www.ish.com.au
 Level 1, 30 Wilson Street Newtown 2042 Australia
 phone +61 2 9550 5001   fax +61 2 9550 4001
 GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: DisableExplicitGC

[Daniel Mikusa]

On Wed, Jan 21, 2015 at 2:59 PM, Mike Seda mike.s...@lillegroup.com wrote:

 Is it advisable to have the following JVM option set in Tomcat 7 (with
 Java 7)?
 -XX:+DisableExplicitGC


It may or may not make a difference.  Some questions like these come to
mind...

  - How would you feel if one of the applications you deployed called
System.gc()?
  - How about if it called it a lot? or at a really inconvenient time?
  - How much do you trust your apps or their developers?
  - Does one of your apps rely on that functionality for some reason?



 Or will this prevent Tomcat itself from calling System.gc() when it
 needs to?


I really doubt Tomcat would call that.

Dan

Re: DisableExplicitGC

[Daniel Mikusa]

On Wed, Jan 21, 2015 at 3:51 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Daniel,

 On 1/21/15 3:16 PM, Daniel Mikusa wrote:
  On Wed, Jan 21, 2015 at 2:59 PM, Mike Seda
  mike.s...@lillegroup.com wrote:
 
  Is it advisable to have the following JVM option set in Tomcat 7
  (with Java 7)? -XX:+DisableExplicitGC
 
 
  It may or may not make a difference.  Some questions like these
  come to mind...
 
  - How would you feel if one of the applications you deployed
  called System.gc()? - How about if it called it a lot? or at a
  really inconvenient time? - How much do you trust your apps or
  their developers? - Does one of your apps rely on that
  functionality for some reason?

 Our application does not call System.gc automatically, but we have
 that ability through an admin screen where we can say do GC now, and
 we call it. Sometimes when we have a heap that's been high for a while
 - -- say, tripping our monitoring software a lot -- we go in there and
 hit the GC button to see what happens. Usually, heap usage goes down
 to 25% of what it had been before... it's just that the JVM hadn't
 done a full GC in a while because it didn't need to.


I've done that too, but initiated the GC through jvisualvm.

I was wondering if DisableExplicitGC would prevent that as well, so I did a
quick test and it seemed to prevent it.  Guess that's something to consider
too.

Dan



  Or will this prevent Tomcat itself from calling System.gc() when
  it needs to?
 
  I really doubt Tomcat would call that.

 Tomcat calls System.gc() in only one place --
 StandardHost.findReloadedContextMemoryLeaks -- which is mostly a
 debugging tool.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUwBFtAAoJEBzwKT+lPKRYiVMP/RAaAjPpKJWio+0I2Zrwnvu1
 xryvw4Ua7DiVzh9ZVFy2NWvw92ReSUWxw6Uf2sKUVOwuC0X5HhnKh7VKtS1fy3h0
 6zt/o3StQfugEx/lPA7L1uREJOedM1GOHcKeHNKhC3JQUVH2VKELraO+TMYkCiDU
 iiMr7pxoPC/TvCYFKQNgVom5TSEcYi18RL//UU/gBZPk+2ZHV8DbyW0wbLG65Lu2
 FDEZw01tEqrRpIZrRndECL+9NbGEv6vLte1bPEk+2pImcaIKYME+z20ztsa8KfA1
 kbQO6yLvhW4tREH/3SZqfacway4qOxjKQFWqDmkosm7HJXXKlEqsDT+Mi19mTD26
 QvD8aQ6tCp5m6SPG89MN5dk6zHtnjVXrjaVMVx75e0IwSN35aJcUm3g5fTdXLwR6
 vB4U3T958jt5/uD/k9QxJVB15R8+YdU29iBdxKKQ2C86eGa6jUdizaexNPPnaGPi
 R9xrSpHo9JjR/5uC1fIcSgwC6JfVH+j8y5j5Yx87vDllD70IkIgh6wtqxdBmL5as
 7poC/h8D3TmZwKVtXoAf+DaFIZye9tqxyD8x56XLjVLfBSt9eta0ppunPtqY61KT
 feHBshR7IXvkP29h2rHnP0Yo5abFgQgz8+jFJSmhKpX9CuKtscToCE9Wbgf5ejST
 HZSKRwOUMcCVomv4hTwq
 =WE8p
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: persisting sessions best practices

[Daniel Mikusa]

On Sun, Jan 18, 2015 at 9:27 PM, Aristedes Maniatis a...@ish.com.au wrote:

 I have some applications currently using sticky sessions in tomcat 7.
 Everything works well except that restarting tomcat requires disabling
 mod_jk new sessions to an instance, waiting for sessions to expire and then
 several hours later restarting the instance. This process is slow and not
 resilient to unexpected failures.

 So I want to persist sessions and allow session failure in the cluster. It
 appears that I have several approaches:

 * JDBC
 * memcache [1]
 * DeltaManager
 * BackupManager

 I discounted JDBC quite quickly because I don't want to add any load to my
 existing database. DeltaManager seems simple, but I'm weary of sending lots
 of data to all the nodes in my cluster (there are 12) which aren't even
 running the application.


I would agree.  You don't want DeltaManager with that many cluster nodes.
This is just my opinion but I wouldn't go over three or four nodes with
DeltaManager.


 So BackupManager seems better for my needs. However the documentation [2]
 suggests that BackupManager may not be as reliable.


Agree, BackupManager seems like it'll fit your needs better.

Do you mean this comment?  Downside of the BackupManager: not quite as
battle tested as the delta manager.



 Question 1: Is the documentation still correct after all these years of
 BackupManager being used? Is it still considered of lower reliability?


It's just saying that less people use it.  Because DeltaManager is the
default and works fine in a lot of cases, the majority of users are just
going to stick with it.  Naturally then less people use BackupManager.
It's not implying that BackupManager has problems.  I've see BackupManager
used a bunch of times and it worked great every time.



 My next decision is between memcache and BackupManager/DeltaManager.
 memcache will require another service to be running, so slightly more
 maintenance and one more thing to fail. However memcache seems to be very
 commonly used and I'm not sure why. Are there benefits it will bring to
 this arrangement (such as visibility of live sessions in some sort of GUI)
 or something else I'm not seeing.


I've not personally used memcache, but I have used redis, so I guess that's
a similar approach.  The technology was a nice fit, but it didn't seem like
a huge win versus the out-of-the-box session replication.  Both worked and
both were fast enough for what I needed.  I stuck with the out-of-the-box
stuff because it's distributed and replicated by default and didn't require
an extra server.  Where I've mainly used redis is in restricted
environments where direct communication from one node to the other is not
possible, like in some cloud environments, or when it's not as easy to
setup like when multicast is disabled.

Dan



 Question 2: Are there advantages to running memcache as a session store?
 I'll be continuing to use sticky sessions since I think that will be more
 reliable (the system will survive the failure of the session
 store/replication, whatever I choose).



 Thanks for any advice

 Ari




 [1] https://code.google.com/p/memcached-session-manager/
 [2] http://tomcat.apache.org/tomcat-7.0-doc/cluster-howto.html
 --
 --
 Aristedes Maniatis
 ish
 http://www.ish.com.au
 Level 1, 30 Wilson Street Newtown 2042 Australia
 phone +61 2 9550 5001   fax +61 2 9550 4001
 GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] persisting sessions best practices

[Daniel Mikusa]

On Mon, Jan 19, 2015 at 11:05 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Daniel,

 On 1/19/15 9:21 AM, Daniel Mikusa wrote:
  I've not personally used memcache, but I have used redis, so I
  guess that's a similar approach.

 Are you using Redis for session persistence?


Yes, but I have used it for other things.  It's a good project.



  The technology was a nice fit, but it didn't seem like a huge win
  versus the out-of-the-box session replication.  Both worked and
  both were fast enough for what I needed.  I stuck with the
  out-of-the-box stuff because it's distributed and replicated by
  default and didn't require an extra server.

 Aah, so you evaluated it and discarded it as an option for sessions
 because it didn't offer much over what comes with Tomcat?


Basically.  I was curious and tried it out.  It worked fine, although I
can't say I tested it exhaustively.   Main reasons I stuck with clustering
support in Tomcat are a.) it's all include with Tomcat, no additional JAR's
or code needed b.) I'm very familiar with it's configuration 
troubleshooting c.) no additional server needed and d.) session data is
automatically distributed across multiple nodes with Tomcat, for Redis I'd
have to set that up or live with it being a single point of failure.



  Where I've mainly used redis is in restricted environments where
  direct communication from one node to the other is not possible,
  like in some cloud environments, or when it's not as easy to
  setup like when multicast is disabled.

 I'm curious because I looked at a handful of packages for this kind of
 thing (we are storing authentication nonces that need to be accessible
 from all of our Tomcat servers) and we settled on memcached if only
 for its simplicity and solid reputation.

 Some things it cannot do:

 1. Replicate to other nodes. You can do sharding, but it's pretty
low-brow and the shards don't actually know about each other.
All of the smarts are in the client. The server doesn't do any
of this. Evidently, there are some flavors of memcached that
have been hacked to provide replication to other nodes, but
it's not part of the main distribution and didn't seem ... safe.


I believe the situation with Redis is similar.  There some ways to do this
with the stable 2.x release, but those have their are drawbacks.  There's
official clustering support in 3.0, which is still beta, though.  It's
supposed to resolve these issues.


 2. Dump its database to disk. If you restart, you lose everything.


You can save state with Redis.  It's pretty flexible about how you
configure it too, giving you different trade-offs between durability and
performance.



 3. Allow you to browse. Basically, if you know an item's key,
you can fetch its value. If you don't, you are out of luck. You
can't just poke around looking for things. There is no
equivalent of SELECT * LIMIT 5 just to see what's in there.


I think you'd be looking for the KEYS command.

   http://redis.io/commands/keys

This is off topic, but it's really why I like Redis so I'm going to share.
With Redis, not only can a key point to a value, but it can also point to
other data structures like sets, lists, hashes and sorted sets.  Something
I've found to be very handy.

Dan



 Does Redis do any of the above?

 Honestly, I think what Tomcat needs is a session manager for Cassandra
 or something similar: something intended to be a primary data store
 and not a cache (like memcached is).

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUvStFAAoJEBzwKT+lPKRYXP8P/iQknECivamRE2+XPH9KSnzh
 BMwnq1TudZ20qFZbwnxA33Yli4DwEM6Sug7mph+R3iDVgqkR5srMfNeGUciwwFN7
 4IUObktVQxg21VbSachilfi2Aat33FYTlmtHf+plDQAr0ig41pOKhujuF6pWWM3V
 RNJZQgmAivQXgA86RavIaVX+7x4HeB+w8iTYQm6dGbCpTWIADeqBuT358dTKRX+D
 Ricvs1M7C37LJNCyymKSgKlxAf7MF39viW9lHBsMp45o166vWcAGjj6juNuXDyBD
 xdk6UbkqbGIQ+No1W20BQZEm7mL8cCq8NYqs6YHwf9rV3v6rP4E0CTH1ubNN4q/K
 AwWtT5ijP7xA3cPxXEs7XdL6ynsMMJublk2/+V/+ctPE2XP7kfQCMBYhPSiux1Kc
 ILikydk5u0X0Dudmes4r9g6+wabnR9OC6/lB3c6BRG6kOdbj+VJo+23vbUQZkAHt
 lCVjjTirrvb6YLXuv+IXUomAlLn7bzQ39M1L1UO5wsRUd2kICnpZ7G5Cs3n5r98B
 WWSBLvChvez/hnt2HP3PlTBstW06R1Ds9FvkSMtVoO3roQSPEx6b1QCEsnw1NXCL
 SvAgN43FzXZxOyr+ZohGzUhSELXQI5v7pV6p3Bj+tMrAL/+fzMiS4KoJqDWc7/nB
 3NlP1g/7RN1IYnLkFm+q
 =Po13
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Occasional long wait for a JDBC connection

[Daniel Mikusa]

)
 at

 org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
 at

 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
 at

 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at

 org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
 at

 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
 at

 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
 at

 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at

 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
 at

 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
 at

 org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
 at

 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
 at

 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
 at

 org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
 at

 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
 at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537)
 at

 org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1081)
 at

 org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658)
 at

 org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222)
 at

 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1566)
 at

 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1523)
 - locked 0xfecbac90 (a
 org.apache.tomcat.util.net.SecureNioChannel)
 at

 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at

 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at

 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:745)

 On Tue, Jan 13, 2015 at 8:21 AM, Daniel Mikusa dmik...@pivotal.io wrote:

  On Tue, Jan 13, 2015 at 9:51 AM, Darren Davis dar...@virtualvoodoo.net
  wrote:
 
   Recently we deployed our production application on a Tomcat 8.0.14 web
   server.  We are using the Tomcat JDBC Connection pool against MySQL 5.
  Our
   web application uses Spring (3.2.11.RELEASE) /Hibernate (3.6.10.Final)
  for
   transaction management.  We are using a Cent OS 6 linux server in the
  cloud
   running the 2.6.32-504 kernel.  We're using the 1.8.0_25 jdk.
  
  
  
   Ever since deployment, we've noticed that a couple of times per day,
 when
   Spring is attempting to prepare/open a new JDBC Connection, the thread
 in
   question times out for about 15 minutes, and then resumes as if
  everything
   is fine.
  
 
  What's the CPU usage like at this time?  Seems unlikely, but maybe your
 in
  the middle of a massive full GC.
 
 
  
   The line that appears to be hanging from the hibernate side is
   factory.getConnectionProvider().getConnection(), which I think simply
  asks
   for a connection from the pool.
  
 
  Out of curiosity how did you determine this?  Did you take a thread dump?
  If not, that would be a good place to start.  Grab three or four thread
  dumps during that 15 minute window.  The thread dump will tell you
 exactly
  what's happening in the thread at the time.  Looking at multiple dumps
 will
  also show you if the thread has progressed from one dump to the next.
 
  Instructions for taking at thread dump can be found here:
 
 
 
 
 http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
 
  Dan
 
 
  
   The following options are defined in the Resource definition:
   auth=Container
   factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
   type=javax.sql.DataSource
   driverClassName=com.mysql.jdbc.Driver
   maxActive=500
   maxIdle=55
   maxWait=15000
   validationQuery=Select 1
   testOnBorrow=true
   defaultAutoCommit=false
  
   At this time of year, our user load peaks around 150, so we shouldn't
 be
   coming close to the maxActive defined.  MySql is configured to allow
 for
   1010 maximum connections (we have two Tomcat instances that point to
 it,
   configured similarly)
 
 
   This application has ran for years without a problem against a Tomcat 6
   instance, but after moving to Jdk 8 and Tomcat 8, we're seeing this 15
   minute wait.
  
   Any ideas on what could cause this sort of thing, and as there
 additional
   logging we

Re: Occasional long wait for a JDBC connection

[Daniel Mikusa]

On Tue, Jan 13, 2015 at 9:51 AM, Darren Davis dar...@virtualvoodoo.net
wrote:

 Recently we deployed our production application on a Tomcat 8.0.14 web
 server.  We are using the Tomcat JDBC Connection pool against MySQL 5.  Our
 web application uses Spring (3.2.11.RELEASE) /Hibernate (3.6.10.Final) for
 transaction management.  We are using a Cent OS 6 linux server in the cloud
 running the 2.6.32-504 kernel.  We're using the 1.8.0_25 jdk.



 Ever since deployment, we've noticed that a couple of times per day, when
 Spring is attempting to prepare/open a new JDBC Connection, the thread in
 question times out for about 15 minutes, and then resumes as if everything
 is fine.


What's the CPU usage like at this time?  Seems unlikely, but maybe your in
the middle of a massive full GC.



 The line that appears to be hanging from the hibernate side is
 factory.getConnectionProvider().getConnection(), which I think simply asks
 for a connection from the pool.


Out of curiosity how did you determine this?  Did you take a thread dump?
If not, that would be a good place to start.  Grab three or four thread
dumps during that 15 minute window.  The thread dump will tell you exactly
what's happening in the thread at the time.  Looking at multiple dumps will
also show you if the thread has progressed from one dump to the next.

Instructions for taking at thread dump can be found here:


http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F

Dan



 The following options are defined in the Resource definition:
 auth=Container
 factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
 type=javax.sql.DataSource
 driverClassName=com.mysql.jdbc.Driver
 maxActive=500
 maxIdle=55
 maxWait=15000
 validationQuery=Select 1
 testOnBorrow=true
 defaultAutoCommit=false

 At this time of year, our user load peaks around 150, so we shouldn't be
 coming close to the maxActive defined.  MySql is configured to allow for
 1010 maximum connections (we have two Tomcat instances that point to it,
 configured similarly)


 This application has ran for years without a problem against a Tomcat 6
 instance, but after moving to Jdk 8 and Tomcat 8, we're seeing this 15
 minute wait.

 Any ideas on what could cause this sort of thing, and as there additional
 logging we could turn on to try and figure out what is happening inside the
 pool to make it wait so long?

Re: question on EL Lambda expression in a JSP on Tomcat 8_0_15

[Daniel Mikusa]

On Tue, Jan 13, 2015 at 4:11 PM, Anup Aggarwal codeteste...@gmail.com
wrote:

 Hi,

 I am trying to run this EL Lambda expression in a JSP on Tomcat 8_0_15

 ${(incr = x-x+1; incr(10)}


This could be a typo in your email, but you have an extra ( at the
beginning before incr =.

Dan



 But I get this exception

 org.apache.jasper.JasperException: /TestLambda.jsp (line: 44, column: 42)
 The function incr must be used with a prefix when a default namespace is
 not specified


 org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:42)



 Thanks and help will be appreciated to resolve this.

Re: Static files with default servlet in tomcat 8.0.9

[Daniel Mikusa]

On Mon, Jan 12, 2015 at 9:55 AM, Srikanth Hugar srikanth.hu...@gmail.com
wrote:

 Hello,

I am trying to configure static files with default servlet in tomcat
 8.0.9 but could not succeed.

 My directory structure in deployed webapp is:

 - WEB-INF
 - static
  -css
  -images
  -js
 - META-INF

 and* web.xml* configuration using default servlet is :

   !-- static URLs --
 servlet-mapping
 servlet-namedefault/servlet-name
 url-pattern/res/*/url-pattern
 /servlet-mapping


Have you tried removing this and just accessing your files at
/myapp/static/...?


 But when i make request from my page with URL it fails with 404.
 http://SUB.DOMAIN.COM/myapp/*res/static/*js/imports/jquerymin.js

 What could be the problem?


No idea, but you could try one of these steps to debug further.

  - enable more logging, like for
`org.apache.catalina.servlets.DefaultServlet`
  - step into it with a debugger

Dan


How can i make it work?



 I tried to find information from web, but could not help.

 Thanks.

Re: Startup of tomcat 8 takes twice as long as startup of tomcat 6

[Daniel Mikusa]

On Mon, Dec 15, 2014 at 8:33 AM, gch...@gmx.de gch...@gmx.de wrote:



 Hi,

 we used to deploy our webapp in a tomcat 6.0.35 and want to upgrade to
 tomcat 8.0.9.


Try the latest Tomcat 8 release, 8.0.15, and see if that helps.


 During testing we discovered, that the startup process of tomcat 8 is
 twice as long as the startup process of tomcat 6 (with the same single
 webapp deployed)


How long does Tomcat 8 take to start without any apps deployed?



 My test system is as follows:
 Windows 7, JRE 1.7.0, Tomcat 6.0.35/8.0.9

 Inspection of the log files revealed, that the additional time is used for
 class loading:

 Log of tomcat 6:
 ...
 Nov 28, 2014 5:07:59 PM org.apache.tomcat.util.digester.Digester
 endDocument
 Fein: endDocument()
 Nov 28, 2014 5:07:59 PM org.apache.catalina.loader.WebappClassLoader
 loadClass
 Fein: loadClass(org.springframework.web.util.Log4jConfigListener, false)
 ...
 Fein: Parent class loader is: WebappClassLoader
 context:
 delegate: false
 repositories:
 -- Parent Classloader:
 org.apache.catalina.loader.StandardClassLoader@189ff97
 Nov 28, 2014 5:08:08 PM org.apache.jasper.compiler.JspRuntimeContext
 initClassPath
 Fein: Compilation classpath initialized: ...
 Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init
 Fein: Scratch dir for the JSP engine is: ...
 Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init
 Fein: IMPORTANT: Do not modify the generated servlets
 Nov 28, 2014 5:08:08 PM org.apache.catalina.core.StandardContext start
 Fein: Starting completed
 ...
 Nov 28, 2014 5:08:09 PM org.apache.catalina.startup.Catalina start
 Information: Server startup in 10861 ms

 Log of tomcat 8:
 ...
 28-Nov-2014 16:09:09.128 FINER [localhost-startStop-1]
 org.apache.tomcat.util.scan.StandardJarScanner.scan Not scanning JAR
 [file:/C:/Program%20Files/tomcat%208/tolina_webserver-3.0.0-SNAPSHOT-20141103-130423/bin/tomcat-juli.jar]
 from classpath
 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
 org.apache.catalina.loader.WebappClassLoader.loadClass
 loadClass(org.apache.jasper.servlet.JasperInitializer, false)
 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
 org.apache.catalina.loader.WebappClassLoader.loadClass Delegating to parent
 classloader1 java.net.URLClassLoader@1c47dd5
 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
 org.apache.catalina.loader.WebappClassLoader.loadClass Loading class from
 parent
 ...
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.jasper.compiler.JspRuntimeContext.init Parent class loader is:
 WebappClassLoader
 context: /manager
 delegate: false
 -- Parent Classloader:
 java.net.URLClassLoader@1c47dd5
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.jasper.compiler.JspRuntimeContext.initClassPath Compilation
 classpath initialized: ...
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.jasper.servlet.JspServlet.init Scratch dir for the JSP engine
 is: ...
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.jasper.servlet.JspServlet.init IMPORTANT: Do not modify the
 generated servlets
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.tomcat.util.modeler.Registry.registerComponent Managed=
 Catalina:type=JspMonitor,WebModule=//localhost/manager,name=jsp,J2EEApplication=none,J2EEServer=none
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.tomcat.util.modeler.BaseModelMBean.preRegister preRegister
 org.apache.jasper.servlet.JspServlet@1067d4c
 Catalina:type=JspMonitor,WebModule=//localhost/manager,name=jsp,J2EEApplication=none,J2EEServer=none
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.catalina.core.StandardContext.startInternal Starting completed
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for
 [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/manager]]
 to [STARTING]
 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
 org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for
 [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/manager]]
 to [STARTED]
 ...
 28-Nov-2014 16:09:28.377 FINE [main]
 org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for
 [StandardServer[8005]] to [STARTED]
 28-Nov-2014 16:09:28.377 INFO [main]
 org.apache.catalina.startup.Catalina.start Server startup in 21443 ms

 Searching the web and the mail archives resulted in quite a few hints how
 to improve performance generally.
 I followed the instructions on wiki.apache.org/tomcat/HowTo/FasterStartUp,
 in particular:
 - Disabling JAR scanning (metadata-complete=true, absolute-ordering/
 in the web-app.
 - in catalina.properties:
 tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\*.jar
 org.apache.catalina.startup.ContextConfig.jarsToSkip=\*.jar
 org.apache.catalina.startup.TldConfig.jarsToSkip=\*.jar
 - Removing the web socket API and 

Re: Startup of tomcat 8 takes twice as long as startup of tomcat 6

[Daniel Mikusa]

On Mon, Dec 15, 2014 at 8:40 AM, Yaragalla Muralidhar 
yaragallamur...@gmail.com wrote:

 for me it is taking more than that. I have deployed a simple war file.


How simple?  What about when you run it without any apps deployed?  How
fast does it startup then?


 It took so long to deploy it.

 omcat-8.0.15\webapps\ROOT has finished in 240 ms
 15-Dec-2014 19:08:32.348 INFO [main]
 org.apache.coyote.AbstractProtocol.start St
 arting ProtocolHandler [http-nio-8080]
 15-Dec-2014 19:08:32.357 INFO [main]
 org.apache.coyote.AbstractProtocol.start St
 arting ProtocolHandler [ajp-nio-8009]
 15-Dec-2014 19:08:32.360 INFO [main]
 org.apache.catalina.startup.Catalina.start
 Server startup in 336069 ms


Have you tried anything listed here?

   http://wiki.apache.org/tomcat/HowTo/FasterStartUp

If so, what were the results?

Dan

PS.  If you have a profiler, hook it up to Tomcat and see what's taking so
long.  Most of the time it's the app, unless you're hitting one of the
issues on the wiki page I listed above.



 *Thanks and Regards,*
 Muralidhar Yaragalla.

 *http://yaragalla.blogspot.in/ http://yaragalla.blogspot.in/*

 On Mon, Dec 15, 2014 at 7:03 PM, gch...@gmx.de gch...@gmx.de wrote:
 
 
 
  Hi,
 
  we used to deploy our webapp in a tomcat 6.0.35 and want to upgrade to
  tomcat 8.0.9.
  During testing we discovered, that the startup process of tomcat 8 is
  twice as long as the startup process of tomcat 6 (with the same single
  webapp deployed)
 
  My test system is as follows:
  Windows 7, JRE 1.7.0, Tomcat 6.0.35/8.0.9
 
  Inspection of the log files revealed, that the additional time is used
 for
  class loading:
 
  Log of tomcat 6:
  ...
  Nov 28, 2014 5:07:59 PM org.apache.tomcat.util.digester.Digester
  endDocument
  Fein: endDocument()
  Nov 28, 2014 5:07:59 PM org.apache.catalina.loader.WebappClassLoader
  loadClass
  Fein: loadClass(org.springframework.web.util.Log4jConfigListener, false)
  ...
  Fein: Parent class loader is: WebappClassLoader
  context:
  delegate: false
  repositories:
  -- Parent Classloader:
  org.apache.catalina.loader.StandardClassLoader@189ff97
  Nov 28, 2014 5:08:08 PM org.apache.jasper.compiler.JspRuntimeContext
  initClassPath
  Fein: Compilation classpath initialized: ...
  Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init
  Fein: Scratch dir for the JSP engine is: ...
  Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init
  Fein: IMPORTANT: Do not modify the generated servlets
  Nov 28, 2014 5:08:08 PM org.apache.catalina.core.StandardContext start
  Fein: Starting completed
  ...
  Nov 28, 2014 5:08:09 PM org.apache.catalina.startup.Catalina start
  Information: Server startup in 10861 ms
 
  Log of tomcat 8:
  ...
  28-Nov-2014 16:09:09.128 FINER [localhost-startStop-1]
  org.apache.tomcat.util.scan.StandardJarScanner.scan Not scanning JAR
 
 [file:/C:/Program%20Files/tomcat%208/tolina_webserver-3.0.0-SNAPSHOT-20141103-130423/bin/tomcat-juli.jar]
  from classpath
  28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
  org.apache.catalina.loader.WebappClassLoader.loadClass
  loadClass(org.apache.jasper.servlet.JasperInitializer, false)
  28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
  org.apache.catalina.loader.WebappClassLoader.loadClass Delegating to
 parent
  classloader1 java.net.URLClassLoader@1c47dd5
  28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
  org.apache.catalina.loader.WebappClassLoader.loadClass Loading class from
  parent
  ...
  28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
  org.apache.jasper.compiler.JspRuntimeContext.init Parent class loader
 is:
  WebappClassLoader
  context: /manager
  delegate: false
  -- Parent Classloader:
  java.net.URLClassLoader@1c47dd5
  28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
  org.apache.jasper.compiler.JspRuntimeContext.initClassPath Compilation
  classpath initialized: ...
  28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
  org.apache.jasper.servlet.JspServlet.init Scratch dir for the JSP engine
  is: ...
  28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
  org.apache.jasper.servlet.JspServlet.init IMPORTANT: Do not modify the
  generated servlets
  28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
  org.apache.tomcat.util.modeler.Registry.registerComponent Managed=
 
 Catalina:type=JspMonitor,WebModule=//localhost/manager,name=jsp,J2EEApplication=none,J2EEServer=none
  28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
  org.apache.tomcat.util.modeler.BaseModelMBean.preRegister preRegister
  org.apache.jasper.servlet.JspServlet@1067d4c
 
 Catalina:type=JspMonitor,WebModule=//localhost/manager,name=jsp,J2EEApplication=none,J2EEServer=none
  28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
  org.apache.catalina.core.StandardContext.startInternal Starting completed
  28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
  org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for
 
 

Re: Re: Startup of tomcat 8 takes twice as long as startup of tomcat 6

[Daniel Mikusa]

On Mon, Dec 15, 2014 at 11:54 AM, gch...@gmx.de gch...@gmx.de wrote:

 Hello Daniel,

 thank you very much for your quick reply.


Sure, np.  One quick note, on this list we prefer posters to not top post.
Either reply inline like me or at the bottom.  It's convention we've landed
on to help make reading threads easier.



 Comparing the startup times for Tomcat 6.0.35 and Tomcat 8.0.15 without
 any apps deployed
 (and without any tuning, such as disabling jar scanning) shows me
 that Tomcat 8.0.15 is much faster than Tomcat 6.0.35 (53 ms opposed to 933
 ms).

 Therefore, the problem has to come from the app, as you assumed.

 I also deployed our app to both tomcats and got the following startup
 times:
 Tomcat 6.0.35: 11675 ms
 Tomcat 8.0.15: 21964 ms


 Since the very same app was deployed to both tomcats, there still has to
 be some difference in
 the startup process which results in a slower startup in Tomcat 8.0.15.


My thought for the difference would be this:
http://wiki.apache.org/tomcat/HowTo/FasterStartUp#JAR_scanning

You mentioned that you had tried the fixes listed here, right?  Can you
talk a little more about what you tried and what if any impact those
changes had on the startup time?



 I will try a profiler to describe the problem more precisely.


Excellent!  That should help to pinpoint the problem.

Dan



 Gero

  Gesendet: Montag, 15. Dezember 2014 um 16:04 Uhr
  Von: Daniel Mikusa dmik...@pivotal.io
  An: Tomcat Users List users@tomcat.apache.org
  Betreff: Re: Startup of tomcat 8 takes twice as long as startup of
 tomcat 6
 
  On Mon, Dec 15, 2014 at 8:33 AM, gch...@gmx.de gch...@gmx.de wrote:
  
  
  
   Hi,
  
   we used to deploy our webapp in a tomcat 6.0.35 and want to upgrade to
   tomcat 8.0.9.
  
 
  Try the latest Tomcat 8 release, 8.0.15, and see if that helps.
 
 
   During testing we discovered, that the startup process of tomcat 8 is
   twice as long as the startup process of tomcat 6 (with the same single
   webapp deployed)
  
 
  How long does Tomcat 8 take to start without any apps deployed?
 
 
  
   My test system is as follows:
   Windows 7, JRE 1.7.0, Tomcat 6.0.35/8.0.9
  
   Inspection of the log files revealed, that the additional time is used
 for
   class loading:
  
   Log of tomcat 6:
   ...
   Nov 28, 2014 5:07:59 PM org.apache.tomcat.util.digester.Digester
   endDocument
   Fein: endDocument()
   Nov 28, 2014 5:07:59 PM org.apache.catalina.loader.WebappClassLoader
   loadClass
   Fein: loadClass(org.springframework.web.util.Log4jConfigListener,
 false)
   ...
   Fein: Parent class loader is: WebappClassLoader
   context:
   delegate: false
   repositories:
   -- Parent Classloader:
   org.apache.catalina.loader.StandardClassLoader@189ff97
   Nov 28, 2014 5:08:08 PM org.apache.jasper.compiler.JspRuntimeContext
   initClassPath
   Fein: Compilation classpath initialized: ...
   Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init
   Fein: Scratch dir for the JSP engine is: ...
   Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init
   Fein: IMPORTANT: Do not modify the generated servlets
   Nov 28, 2014 5:08:08 PM org.apache.catalina.core.StandardContext start
   Fein: Starting completed
   ...
   Nov 28, 2014 5:08:09 PM org.apache.catalina.startup.Catalina start
   Information: Server startup in 10861 ms
  
   Log of tomcat 8:
   ...
   28-Nov-2014 16:09:09.128 FINER [localhost-startStop-1]
   org.apache.tomcat.util.scan.StandardJarScanner.scan Not scanning JAR
  
 [file:/C:/Program%20Files/tomcat%208/tolina_webserver-3.0.0-SNAPSHOT-20141103-130423/bin/tomcat-juli.jar]
   from classpath
   28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
   org.apache.catalina.loader.WebappClassLoader.loadClass
   loadClass(org.apache.jasper.servlet.JasperInitializer, false)
   28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
   org.apache.catalina.loader.WebappClassLoader.loadClass Delegating to
 parent
   classloader1 java.net.URLClassLoader@1c47dd5
   28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1]
   org.apache.catalina.loader.WebappClassLoader.loadClass Loading class
 from
   parent
   ...
   28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
   org.apache.jasper.compiler.JspRuntimeContext.init Parent class
 loader is:
   WebappClassLoader
   context: /manager
   delegate: false
   -- Parent Classloader:
   java.net.URLClassLoader@1c47dd5
   28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
   org.apache.jasper.compiler.JspRuntimeContext.initClassPath Compilation
   classpath initialized: ...
   28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
   org.apache.jasper.servlet.JspServlet.init Scratch dir for the JSP
 engine
   is: ...
   28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1]
   org.apache.jasper.servlet.JspServlet.init IMPORTANT: Do not modify the
   generated servlets
   28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1

Re: Multiple instances?

[Daniel Mikusa]

On Thu, Dec 11, 2014 at 3:45 AM, Billy Bones gael.ther...@gmail.com wrote:

 Ok, then I'll completly wright another systemd unit derivated from the one
 provided by CentOS.

 Yup, that what I thought about the CATALINA_HOME and BASE, so as you
 suggested, I'll test to run individual units and saw how it's going on.

 Many thanks guys.


When you get something working, please share your solution :)

I'm interested to see what you work out and I'm sure others will be as well.

Dan




 2014-12-10 18:10 GMT+01:00 Daniel Mikusa dmik...@pivotal.io:

  On Wed, Dec 10, 2014 at 10:35 AM, Billy Bones gael.ther...@gmail.com
  wrote:
 
   Hi Christopher,
  
   Many thanks for your answer, well, I'm pretty comfortable with systemd
   myself as I rely on it for my Fedora box for a long time ago, but on
 this
   particular topic regarding tomcat, I don't really understand the
 purpose
  of
   this special sentence.
   As you pointed it, for me too usually caps names == env variables but
 as
  on
   the tomcat-sysd script it's simply called without futher sources I'm
 not
   quite sure for now.
  
   Well, lets see if another *NIX Admin already had started
 multi-instances
   tomcat on systemd distributions :D
  
 
  Starting different instances of Tomcat is mostly just a matter of setting
  the CATALINA_HOME and CATALINA_BASE environment variables to the right
  locations.  I'm sure systemd has a way for you to set environment
  variables, so that should be sufficient to start different instances.
 
  For more details on CATALINA_HOME and CATALINA_BASE, check out the
  RUNNING.txt file in your download or look here.
 
 
 
 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/RUNNING.txt?view=markup
 
  I'd suggest getting everything working with multiple instance first.
 Once
  you can start the instances from the command line then worry about
 starting
  them with systemd.
 
 
  
   Another way would be to completly duplicate the tomcat directory and
   service unit and start both at runtime but... doesn't seems too shiny
  for a
   new server :D
  
 
  Also an option, but not as efficient.
 
  Dan
 
 
  
   2014-12-10 16:27 GMT+01:00 Christopher Schultz 
   ch...@christopherschultz.net
   :
  
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
   
Billy,
   
On 12/10/14 9:57 AM, Billy Bones wrote:
 Hi guys,

 I'm currently preparing a migration of our Operating System which
 handle our current tomcat installation from an OLD Linux using init
 scripts to a CentOS7 release using sytemd.
   
Hrm. Good luck getting help with systemd. The ASF doesn't even
 support
init.d scripts, though I'm sure many *NIX admins here can help with
init.d scripts (including myself). systemd is a bit new, to ... we'll
   see.
   
 Because I don't want to disturb the way the old server handle the
 webapps (not yet :-) ), I have to start 2 separated instances of
 tomcat on the new machine.

 Using init script to boot multiples instance is quite easy, but
 know I'll use systemd and I have to adapt.

 I installed my OS and Tomcat from the CentOS repos, take a look at
 the tomcat.service unit and tomcat-sysd script to see how the
 things work. But now I'm a little bit disappointed, I don't
 understand how to have multiple instances.

 I created a tomcat@jcr.service unit file on my systemd directory
 and read about the steps to achieve.

 The first step said that *by default SERVICE_NAME=tomcat. and must
 be defined BEFORE tomcat-sysd is called*

 Well, OK, but how am I suppose to do that? Using environnement
 variables? PreStartExec directive? Environnement directive?
   
I have no idea. Generally, whenever I see something in ALL_CAPS that
needs to be set to a value, it's an environment variable. With
systemd, it could mean just about anything.
   
 I really don't get it, even looking at the tomcat-sysd wrapper
 script which indicate me HOW the system run multiple instance don't
 help me to understand WHERE am I suppose to put that information.

 I understand that I have to create a new unit file, a new
 /etc/sysconfig/tomcat file named according to the systemd unit, but
 I don't get it about the SERVICE_NAME.

 So if someone could help me a little bit, I'll be happy ^^
   
Ultimately, it will all boil down to CATALINA_BASE and CATALINA_HOME
as far as Tomcat is concerned. The SERVICE_NAME is probably a
systemd-only thing.
   
Good luck,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
   
iQIcBAEBCAAGBQJUiGZWAAoJEBzwKT+lPKRYsI0QAMI0IOCB2PjgBFKKb7Q1KtfF
EpplWZmWEg7FL20HzTTjWM41r0IX5jZv1zFVBI8Na2mjtQ0v1KUUzPWnWo2+mGus
nyrHl7HcY80LL9t4v3XwIpY0wE5pNgmTtnH+6JdHsahNNTN6NceK/j1IJoUPUFBj
9tdWHCM+bM6rP49nYBvBV3XPClw7nEc+NO3ddMeAY+zli71TuTnwIyC3Dp1v6ONW
iNxheXHfDGACU1Qo7t9xL33g8cng06RD+LOjV

Re: Multiple instances?

[Daniel Mikusa]

On Wed, Dec 10, 2014 at 10:35 AM, Billy Bones gael.ther...@gmail.com
wrote:

 Hi Christopher,

 Many thanks for your answer, well, I'm pretty comfortable with systemd
 myself as I rely on it for my Fedora box for a long time ago, but on this
 particular topic regarding tomcat, I don't really understand the purpose of
 this special sentence.
 As you pointed it, for me too usually caps names == env variables but as on
 the tomcat-sysd script it's simply called without futher sources I'm not
 quite sure for now.

 Well, lets see if another *NIX Admin already had started multi-instances
 tomcat on systemd distributions :D


Starting different instances of Tomcat is mostly just a matter of setting
the CATALINA_HOME and CATALINA_BASE environment variables to the right
locations.  I'm sure systemd has a way for you to set environment
variables, so that should be sufficient to start different instances.

For more details on CATALINA_HOME and CATALINA_BASE, check out the
RUNNING.txt file in your download or look here.

  http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/RUNNING.txt?view=markup

I'd suggest getting everything working with multiple instance first.  Once
you can start the instances from the command line then worry about starting
them with systemd.



 Another way would be to completly duplicate the tomcat directory and
 service unit and start both at runtime but... doesn't seems too shiny for a
 new server :D


Also an option, but not as efficient.

Dan



 2014-12-10 16:27 GMT+01:00 Christopher Schultz 
 ch...@christopherschultz.net
 :

  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA256
 
  Billy,
 
  On 12/10/14 9:57 AM, Billy Bones wrote:
   Hi guys,
  
   I'm currently preparing a migration of our Operating System which
   handle our current tomcat installation from an OLD Linux using init
   scripts to a CentOS7 release using sytemd.
 
  Hrm. Good luck getting help with systemd. The ASF doesn't even support
  init.d scripts, though I'm sure many *NIX admins here can help with
  init.d scripts (including myself). systemd is a bit new, to ... we'll
 see.
 
   Because I don't want to disturb the way the old server handle the
   webapps (not yet :-) ), I have to start 2 separated instances of
   tomcat on the new machine.
  
   Using init script to boot multiples instance is quite easy, but
   know I'll use systemd and I have to adapt.
  
   I installed my OS and Tomcat from the CentOS repos, take a look at
   the tomcat.service unit and tomcat-sysd script to see how the
   things work. But now I'm a little bit disappointed, I don't
   understand how to have multiple instances.
  
   I created a tomcat@jcr.service unit file on my systemd directory
   and read about the steps to achieve.
  
   The first step said that *by default SERVICE_NAME=tomcat. and must
   be defined BEFORE tomcat-sysd is called*
  
   Well, OK, but how am I suppose to do that? Using environnement
   variables? PreStartExec directive? Environnement directive?
 
  I have no idea. Generally, whenever I see something in ALL_CAPS that
  needs to be set to a value, it's an environment variable. With
  systemd, it could mean just about anything.
 
   I really don't get it, even looking at the tomcat-sysd wrapper
   script which indicate me HOW the system run multiple instance don't
   help me to understand WHERE am I suppose to put that information.
  
   I understand that I have to create a new unit file, a new
   /etc/sysconfig/tomcat file named according to the systemd unit, but
   I don't get it about the SERVICE_NAME.
  
   So if someone could help me a little bit, I'll be happy ^^
 
  Ultimately, it will all boil down to CATALINA_BASE and CATALINA_HOME
  as far as Tomcat is concerned. The SERVICE_NAME is probably a
  systemd-only thing.
 
  Good luck,
  - -chris
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1
  Comment: GPGTools - http://gpgtools.org
 
  iQIcBAEBCAAGBQJUiGZWAAoJEBzwKT+lPKRYsI0QAMI0IOCB2PjgBFKKb7Q1KtfF
  EpplWZmWEg7FL20HzTTjWM41r0IX5jZv1zFVBI8Na2mjtQ0v1KUUzPWnWo2+mGus
  nyrHl7HcY80LL9t4v3XwIpY0wE5pNgmTtnH+6JdHsahNNTN6NceK/j1IJoUPUFBj
  9tdWHCM+bM6rP49nYBvBV3XPClw7nEc+NO3ddMeAY+zli71TuTnwIyC3Dp1v6ONW
  iNxheXHfDGACU1Qo7t9xL33g8cng06RD+LOjV/0d7JX3YJh5okoLL2m6ACHrQI7c
  knlon9yX0skzLhesZnkPeePli7Atk0s54SdH71MZe41ZJvlb/DAYmIqlkg1H7CGA
  fJlWmCfU0RwwNDdNq9prfQt/LFePnKQJ6PNO75afkfROKqnklYBe4imqpGqg1ij1
  vRMyemYobM83m2/xpZ3l5FWwk+DoJiWBC9MdAJ/M6TYXU8y3ERPtyzEfVfsTRnzu
  Q6XQ5wcJzJmazA3SK4h743auSbNLp9iVrAH5Rhh5iAxCZTtf5Et1zgBfocpTh12X
  xmgnsJtLTZ3jKNxdx9wD8zsXK0JYtWCYwisXRj6fGQuUU7INLDqRL7dVdl8VrHRQ
  ra4UXRhg8cKLd8YFbd78UxJK66TP/EyQqv1cIwTGF+XSS87pvAnR1T36cQ4e5KIB
  xwylVvlwSd9BvhatJtJw
  =w7Y2
  -END PGP SIGNATURE-
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

Re: Tomcat cluster with static membership

[Daniel Mikusa]

On Tue, Dec 9, 2014 at 9:16 AM, Théo Chamley theo...@mley.fr wrote:

 On 2014-12-08 21:22, Ameer Mawia wrote:

 Hi Theo,

 Since you are using static membership and NOT dynamic(multi-cast) which
 auto-detect members, my current understanding says that you will have to
 add entry of all the members of your cluster in each of nodes server.xml.
 Example:

 My cluster has two nodes. So to configure these I had add these two
 members
 entries in both node's server.xml(since running on the same machine, they
 have varying port with same ip):

   Interceptor
 className=org.apache.catalina.tribes.group.interceptors.
 StaticMembershipInterceptor
 Member
 className=org.apache.catalina.tribes.membership.StaticMember
 port=4000
 host=192.168.1.6
 uniqueId={10,1,0,100,0,0,0,0,0,0,0,0,0,0,0,0}/

 Member
 className=org.apache.catalina.tribes.membership.StaticMember
 port=4001
 host=192.168.1.6
 uniqueId={10,1,0,101,0,0,0,0,0,0,0,0,0,0,0,0}/

 Regards,
 Ameer Mawia


 On Mon, Dec 8, 2014 at 8:26 PM, Théo Chamley theo...@mley.fr wrote:

  Hello,

 I am trying to setup a simple Tomcat cluster with static membership. I
 can't use multicast because I am on a virtualization environment that
 does
 not allow it.

 Debian 7
 Tomcat 8.0.14
 Oracle JVM 1.8.0_25

 Both Tomcat are ok on their own, but I can't seem to make the clustering
 work: the sessions are not replicated from one to another.
 Following the official documentation, I wrote this configuration :

 Engine name=Catalina defaultHost=localhost
 Cluster className=org.apache.catalina.ha.tcp.
 SimpleTcpCluster
 Manager className=org.apache.catalina.ha.session.
 BackupManager
expireSessionsOnShutdown=false
notifyListenersOnReplication=true
mapSendOptions=6/
 Channel className=org.apache.catalina.tribes.group.
 GroupChannel
Receiver className=org.apache.
 catalina.tribes.transport.nio.NioReceiver
   address=0.0.0.0
   port=4110
   selectorTimeout=100
   maxThreads=6/

Interceptor className=org.apache.catalina.tribes.group.
 interceptors.StaticMembershipInterceptor
   Member className=org.apache.
 catalina.tribes.membership.StaticMember
   port=4110
   host=my.server.1
   domain=staging-cluster
   uniqueId={1,2,3,4,5,6,7,8,9,
 10,11,12,13,14,15,0}/
/Interceptor

Sender className=org.apache.catalina.tribes.transport.
 ReplicationTransmitter
   Transport className=org.apache.
 catalina.tribes.transport.nio.PooledParallelSender/
/Sender
Interceptor className=org.apache.catalina.tribes.group.
 interceptors.TcpFailureDetector/
Interceptor className=org.apache.catalina.tribes.group.
 interceptors.MessageDispatch15Interceptor/
Interceptor className=org.apache.catalina.tribes.group.
 interceptors.ThroughputInterceptor/
/Channel
Valve className=org.apache.catalina.ha.tcp.
 ReplicationValve
 filter=.*\.gif|.*\.js|.*\.
 jpeg|.*\.jpg|.*\.png|.*\.css|.
 *\.txt/
ClusterListener className=org.apache.catalina.ha.session.
 ClusterSessionListener/
 /Cluster
 [...]
 /Engine

 Note: I changed the host and uniqId on the StaticMembershipInterceptor on
 the other Tomcat.

 This is not a network problem as I can telnet into the 4110 port from one
 server to another.
 Also, by running a tcpdump, I can't see any trafic between the two
 servers.

 The Tomcats seem to be doing something, because I have the following in
 my
 catalina.out:

 **
 08-Dec-2014 15:38:15.309 INFO [main] org.apache.catalina.ha.tcp.
 SimpleTcpCluster.startInternal
 Cluster is about to start
 08-Dec-2014 15:38:15.312 INFO [main] org.apache.catalina.tribes.
 transport.ReceiverBase.bind
 Receiver Server Socket bound to:/0.0.0.0:4110
 08-Dec-2014 15:38:15.328 INFO [Thread-5] org.apache.catalina.ha.tcp.
 SimpleTcpCluster.memberAdded
 Replication member added:org.apache.catalina.tribes.membership.
 StaticMember[t
 cp://my.server.1:4110,my.server.1,4110, alive=0, securePort=-1, UDP
 Port=-1, id={1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 }, payload={},
 command={}, domain={115 116 97
  103 105 110 103 45 99 ...(15)}, ]
 08-Dec-2014 15:38:15.330 INFO [main] org.apache.catalina.tribes.
 membership.McastServiceImpl.setupSocket Setting cluster mcast soTimeout
 to 500
 08-Dec-2014 15:38:15.332 INFO [main] org.apache.catalina.tribes.
 membership.McastServiceImpl.waitForMembers Sleeping for 1000
 milliseconds
 to establish cluster membership, sta
 rt level:4
 08-Dec-2014 15:38:16.155 INFO [Membership-MemberAdded.]
 org.apache.catalina.ha.tcp.SimpleTcpCluster.memberAdded Replication
 member 

Re: How to configure security for remote access to WebSocket

[Daniel Mikusa]

On Fri, Dec 5, 2014 at 6:21 AM, Des Magner des.mag...@gmail.com wrote:

 Hi

 I cannot access any websocket applications when my client runs on a
 different machine from tomcat. It works fine if everything is on the same
 machine but once I access from a different machine I see the error below in
 my Firebug console:

 NetworkError: 403 Forbidden - http://remote-host:8080/
 examples/websocket/chat


 I have tested with all the sample websocket apps that come with tomcat and
 both with versions 7 and 8 of tomcat. I guess I need to configure some
 security constraint somewhere to allow access but I cannot find any
 documentation on it.


Maybe look at the access log and verify that your request is making it to
the Tomcat server.  If you're on a corporate network, your request might be
being blocked by a proxy or some other network device.

Dan



 Thanks
 Des


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to configure security for remote access to WebSocket

[Daniel Mikusa]

On Fri, Dec 5, 2014 at 9:29 AM, Des Magner des.mag...@gmail.com wrote:

 I checked the logs and the the request does not seem to be making it to
 tomcat. There is no reference to it in the access log file.


That would almost certainly indicate that something is blocking it.  If the
request hit Tomcat and Tomcat were the one telling you that access was
denied, you would have a line in the access log.


 It is my own server so blocking should not be an issue. I checked the
 firewall logs and I don't see anything,


Look at your browser or OS and see if it's configured to use a proxy.  If
it is, perhaps look at excluding the IP address of your server so that
requests to it do not go through the proxy.


 But do I need to open other ports to allow access? My understanding is
 that with Websocket everything gets tunnelled through port 8080?


You shouldn't need to open any additional ports, everything will go on your
HTTP port.

Dan




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Documentation on Connectors needs updating

[Daniel Mikusa]

On Mon, Dec 1, 2014 at 2:05 PM, Igal @ getRailo.org i...@getrailo.org
wrote:

 Chris,

 On 11/28/2014 6:26 AM, Christopher Schultz wrote:
  4. Tomcat can server static content just as quickly as httpd.

 I remember that years ago it was recommended to front Tomcat with a web
 server in order to serve static content.  I understand from your
 statement that this is not the case anymore.

 Were there any benchmark tests done for that?  Any published sources
 that can be cited?


Pid and I did some benchmarks for a talk we gave at SpringOne this year.
Included in that are some basic tests serving up static files, NIO vs APR.
We didn't test Tomcat vs HTTPD though.

Results are on Github here.


https://github.com/dmikusa-pivotal/s12gx-2014-fastest-servlets/blob/master/LoadTestResults/Results.md

You can also run the tests yourself.  All the config and everything that
should be needed to set them up is in the Github project.

Dan



 What about the overhead of session management for requests of static
 content?  Is there any overhead there as opposed to using an http server?

 Thanks,


 Igal

Re: How to setup rewrite valve for angularjs

[Daniel Mikusa]

On Thu, Nov 20, 2014 at 9:08 PM, Tay Kai Yang kaiyang@gmail.com wrote:

 Hi
 I have been reading up tomcat 8's user doc. But I have some problems
 understanding the setup of rewrite valve. I think I should add the rewrite
 valve class name and XML settings to /conf/server.xml, but I am not sure
 what to do next. Where should I place my rewrite.config, how do I activate
 rewrite my war context only?


See the second option here...

http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html#Configuration

It can also be in the context.xml of a webapp. The valve will then use a
rewrite.config file containing the rewrite directives, it must be placed in
the WEB-INF folder of the web application



 Have anyone written a tutorial or can point me to a source for how-to?


The docs seem pretty thorough but if you need a tutorial you could look for
a mod_rewrite tutorial.  This valve is designed to be similar to
mod_rewrite, so a tutorial for that should be mostly applicable here.

Dan


 I am trying to set a single page angularjs app to point
 /context/path/path/... To /context/index.jsp

 Any idea on how to do that?


 Thanks.
 Kai yang

Re: Release calendar of Apache Tomcat versions

[Daniel Mikusa]

On Thu, Nov 20, 2014 at 7:00 AM, Iago Alonso Alonso infia...@udc.es wrote:

 I want to know where I can find the release calendar of the Apache Tomcat
 versions in order to do an analysis of the project. I have been searching
 in the Wiki, Google, etc but I don't found anything by the moment.


I don't believe there's anything in calendar form, but yo see past release
dates, start with the announcements here:  http://tomcat.apache.org/
Then proceed to the older announcements here:
http://tomcat.apache.org/oldnews.html

You can learn more about future versions by joining the mailing lists here:
 http://tomcat.apache.org/lists.html  Specifically dev and announce.

Dan



 Thanks.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat JDBC pool - too many connections in TIME_WAIT state

[Daniel Mikusa]

On Thu, Nov 6, 2014 at 2:36 AM, Vasily Kukhta v.b.kuk...@gmail.com wrote:

 I have received additional details - the application starts getting
 java.sql.SQLException: Listener refused the connection with the following
 error: ORA-12519, TNS:no appropriate service handler found, although the
 amount of listeners in the DB is large enough. I have some concerns about
 the removeAbandonedTimeout property, it is set to 5 seconds now. Maybe
 the pool abandones every connection after 5 seconds, opens a new
 connection, and the previous connection goes to TIME_WAIT status consuming
 server resources?


The removeAbandonedTimeout will take effect when your application takes a
connection from the pool and holds it for more than 5 seconds.  This would
happen for things like a long running query (runs more than 5s) or if your
app's not properly closing the connection.

It's easy enough to see if this is happening too often, because you can
simply enable logAbandoned (i.e. set it to true) and the pool will log a
stack trace when it detects an abandoned connection.

Dan




 Thank you!


 2014-11-05 23:15 GMT+03:00 Filip Hanik fi...@hanik.com:

  this is part of the TCP lifecycle, you can adjust this timeout yourself
 on
  the Operating system level
 
 
 
 http://www.cs.northwestern.edu/~agupta/cs340/project2/TCPIP_State_Transition_Diagram.pdf
 
  cat /proc/sys/net/ipv4/tcp_fin_timeoutecho 15 
  /proc/sys/net/ipv4/tcp_fin_timeout
 
 
  On Wed, Nov 5, 2014 at 7:36 AM, Daniel Mikusa dmik...@pivotal.io
 wrote:
 
   On Wed, Nov 5, 2014 at 9:13 AM, Vasily Kukhta v.b.kuk...@gmail.com
   wrote:
  
Hello all!
   
I have developed an application using Tomcat JDBC pool. Everything is
   fine
except that the pool leaves hundreds of TCP connections in TIME_WAIT
   state,
   
  
   I have to ask, but are you sure it's the pool?  TCP connections in the
   TIME_WAIT state would indicate that a connection was closed.  Given
 that
   the job of the pool is to keep the connections open and reuse them, it
  just
   seems a little odd.
  
  
which kills the server sooner or later... Could you please suggest
 what
   to
fix, my configuration is below:
   
PoolProperties pp = new PoolProperties();
   
String connprops =
   
   
  
 
 oracle.net.CONNECT_TIMEOUT=3000;oracle.jdbc.ReadTimeout=3000;oracle.net.READ_TIMEOUT=3000;
   
pp.setUsername(user);
pp.setPassword(pass);
pp.setConnectionProperties(connprops);
   
pp.setDriverClassName(oracle.jdbc.OracleDriver);
   
pp.setTestOnBorrow(true);
pp.setTestOnConnect(true);
   
pp.setTestWhileIdle(true);
   
pp.setMaxWait(1000);
pp.setMinEvictableIdleTimeMillis(1);
pp.setTimeBetweenEvictionRunsMillis(5000);
   
pp.setValidationInterval(1);
pp.setValidationQuery(SELECT 1 FROM DUAL);
   
pp.setRemoveAbandoned(true);
pp.setRemoveAbandonedTimeout(5);
   
   
   
  
 
 pp.setJdbcInterceptors(org.apache.tomcat.jdbc.pool.interceptor.QueryTimeoutInterceptor(queryTimeout=3));
dataSource = new DataSource();
dataSource.setPoolProperties(pp);
   
  
   Nothing is jumping out at me as incorrect.  Maybe try without the
   connection properties (i.e. the driver level timeouts)?  Maybe try
   increasing the log level for org.apache.tomcat.jdbc.pool to FINEST or
   DEBUG.  That might generate some additional logging to show why the
   connections are being closed.
  
   Also, check that your server is not timing out the connection, perhaps
  due
   to a server side limit.  I've see this happen a lot.  Although it seems
   unlikely, it's probably also worth checking that there's no firewall or
   network device that could be closing the connections.
  
   Dan
  
  
Thank you in advance!
   
  
 

Re: Trying to filter noise from catalina.out.

[Daniel Mikusa]

On Tue, Nov 4, 2014 at 6:12 PM, Brandon Darbro bdar...@uievolution.com
wrote:

 Looking for configuration help.

 Using tomcat7 7.0.34 from rpm package tomcat7-7.0.34-3.jpp6.noarch.

 Followed the instructions for using log4j for catalina.out found here:
 http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j


These are instructions for using Log4j with Tomcat.  It would enable you to
control the files that Tomcat creates with log content.  This includes
files like catalina.-mm-dd.log, localhost.-mm-dd.log and other
files that by default have the date in their name, however it does not
allow you to control catalina.out.

The catalina.out file represents anything written to STDOUT or STDERR by
Tomcat or your applications.  This would include things like an application
directly writing to System.out or System.err or an application that is
configured to log to STDOUT / STDERR or as some logging framework's call it
the console.

If you have application's writing to STDOUT / STDERR directly, you can use
Tomcat's swallowOutput option to capture this output and run it through
the logging system.

  http://tomcat.apache.org/tomcat-7.0-doc/config/context.html

If you have applications that are logging to STDOUT / STDERR, you can
control what's logged by editing the application specific logging
configuration or by instructing them to log to a file and not STDOUT /
STDERR.

For the record, Tomcat writes very little to STDOUT / STDERR and it doesn't
use EHCache so it's almost certain that the exception you're seeing is
coming from an application.

Dan





 Took the example log4j.properties file from the instructions above,
 corrected the logging paths for /var/log/tomcat7, and put it through a
 properties to xml converter.  Replaced log4j.properties with log4j.xml,
 and logging is working.

 Now we want to try and filter out an Exception we are willing to live
 with, but can't have overflowing our log.

 Added the following filter:
 filter class=org.apache.log4j.filter.ExpressionFilter
 param name=expression value=EXCEPTION ~=
 java.io.NotSerializableException /
 param name=acceptOnMatch value=false/
 /filter

 Yet we continue to get the exception in the log:

 Nov 4, 2014 1:52:45 PM
 net.sf.ehcache.distribution.RMISynchronousCacheReplicator
 replicatePutNotification
 SEVERE: Exception on replication of putNotification. error marshalling
 arguments; nested exception is:
 java.io.NotSerializableException:
 com.fakename.services.cache.ehcache.EHCacheServiceImpl. Continuing...
 java.rmi.MarshalException: error marshalling arguments; nested exception
 is:
 java.io.NotSerializableException:
 com.fakename.services.cache.ehcache.EHCacheServiceImpl
 at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:138)
 ...snip...
 Caused by: java.io.NotSerializableException:
 com.fakename.services.cache.ehcache.EHCacheServiceImpl
 at
 java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1164)
 at
 java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1518)
 ...snip...

 What am I doing wrong?  Full xml and/or log of error available if
 requested.

 *Brandon Darbro


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat JDBC pool - too many connections in TIME_WAIT state

[Daniel Mikusa]

On Wed, Nov 5, 2014 at 9:13 AM, Vasily Kukhta v.b.kuk...@gmail.com wrote:

 Hello all!

 I have developed an application using Tomcat JDBC pool. Everything is fine
 except that the pool leaves hundreds of TCP connections in TIME_WAIT state,


I have to ask, but are you sure it's the pool?  TCP connections in the
TIME_WAIT state would indicate that a connection was closed.  Given that
the job of the pool is to keep the connections open and reuse them, it just
seems a little odd.


 which kills the server sooner or later... Could you please suggest what to
 fix, my configuration is below:

 PoolProperties pp = new PoolProperties();

 String connprops =

 oracle.net.CONNECT_TIMEOUT=3000;oracle.jdbc.ReadTimeout=3000;oracle.net.READ_TIMEOUT=3000;

 pp.setUsername(user);
 pp.setPassword(pass);
 pp.setConnectionProperties(connprops);

 pp.setDriverClassName(oracle.jdbc.OracleDriver);

 pp.setTestOnBorrow(true);
 pp.setTestOnConnect(true);

 pp.setTestWhileIdle(true);

 pp.setMaxWait(1000);
 pp.setMinEvictableIdleTimeMillis(1);
 pp.setTimeBetweenEvictionRunsMillis(5000);

 pp.setValidationInterval(1);
 pp.setValidationQuery(SELECT 1 FROM DUAL);

 pp.setRemoveAbandoned(true);
 pp.setRemoveAbandonedTimeout(5);


 pp.setJdbcInterceptors(org.apache.tomcat.jdbc.pool.interceptor.QueryTimeoutInterceptor(queryTimeout=3));
 dataSource = new DataSource();
 dataSource.setPoolProperties(pp);


Nothing is jumping out at me as incorrect.  Maybe try without the
connection properties (i.e. the driver level timeouts)?  Maybe try
increasing the log level for org.apache.tomcat.jdbc.pool to FINEST or
DEBUG.  That might generate some additional logging to show why the
connections are being closed.

Also, check that your server is not timing out the connection, perhaps due
to a server side limit.  I've see this happen a lot.  Although it seems
unlikely, it's probably also worth checking that there's no firewall or
network device that could be closing the connections.

Dan


 Thank you in advance!

Re: SSL acceleration

[Daniel Mikusa]

On Tue, Nov 4, 2014 at 11:47 AM, Anthony Bonafide bonafideanth...@gmail.com
 wrote:

 Hello All,

 I am using a third party load balancer which accepts HTTPS connections,
 decrypts them and sends the unencrypted connection to Tomcat(SSL
 Acceleration). I am currently using tomcat 5 and I am in the process of
 upgrading to Tomcat 7. I am having an issue setting up Tomcat7 to accept
 the connections from my load balancer. In tomcat 5 I have the 2 connectors
 set up as so with everything working:

 Connector port=8080 maxHttpHeaderSize=8192 maxPostSize=512000
maxThreads=150 minSpareThreads=25 maxSpareThreads=75
enableLookups=false redirectPort=8443 acceptCount=100
connectionTimeout=2 disableUploadTimeout=true /

 Connector port=8081 maxHttpHeaderSize=8192 maxPostSize=512000
maxThreads=150 minSpareThreads=25 maxSpareThreads=75
enableLookups=false redirectPort=8444 acceptCount=100
connectionTimeout=2 scheme=https proxyPort=443
 disableUploadTimeout=true /


 The load balancer sends unencrypted HTTPS traffic to Tomcat via port 8081.
 This is setup is n place now with the current setup so the client does not
 have HTTPS changed to HTTP during a session, do to tomcat thinking the
 HTTPS connection is unencrypted and it should be changed to HTTP. There is
 no keystore or certs used by tomcat, all certs are placed on the load
 balancer.

 During setup of Tomcat 7 I copied the previous connector setup, resolving
 the following URLS I get the following responses respectively(I get the
 same results with my currenttly working Tomcat5 setup):

 https://localhost:8081/ - Secure connection fails
 http://localhost:8081/ - Apache Tomcat 7.0.56 page showing that everything
 works.

 My settings for tomcat 7 are:

  Connector port=8080 protocol=HTTP/1.1
connectionTimeout=2
redirectPort=8443 /


Connector port=8081 protocol=HTTP/1.1
maxThreads=150 SSLEnabled=false scheme=https
 secure=true
clientAuth=false sslProtocol=TLS proxyPort=443/


 I was wondering if there is a way to setup Tomcat 7 to accept the
 unencrypted request(SSL Acceleration) from the load balancer, process the
 request and send back a response without changing the scheme to HTTP?

 Also as expected my load balancer is not able to establish a connection
 with Tomcat7 over HTTPS port 8081.

 Any advice would be greatly appreciated.


If your load balancer is terminating SSL and properly setting
X-Forwarded-* headers you can probably get away with one connector for
HTTP traffic and the RemoveIpValve.  The valve will use the X-Forwarded-*
headers to modify the request object so that your apps can see if the
request came in over SSL.

   http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_IP_Valve

Dan

Re: troubleshoot tomcat database connection

[Daniel Mikusa]

On Mon, Nov 3, 2014 at 1:58 PM, Mark Maciolek m...@sr.unh.edu wrote:

 hi,

 system is running Scientific Linux release 6.5
 rpm installed

 tomcat6-servlet-2.5-api-6.0.24-78.el6_5.noarch
 tomcat6-javadoc-6.0.24-78.el6_5.noarch
 tomcat6-lib-6.0.24-78.el6_5.noarch
 tomcat-native-1.1.30-1.el6.x86_64
 tomcat6-el-2.1-api-6.0.24-78.el6_5.noarch
 tomcat6-admin-webapps-6.0.24-78.el6_5.noarch
 apache-tomcat-apis-0.1-1.el6.noarch
 tomcat6-jsp-2.1-api-6.0.24-78.el6_5.noarch
 tomcat6-webapps-6.0.24-78.el6_5.noarch
 tomcat-servlet-3.0-api-7.0.33-4.el6.noarch
 tomcat6-6.0.24-78.el6_5.noarch
 tomcat6-docs-webapp-6.0.24-78.el6_5.noarch


For what it's worth, 6.0.24 is pretty old.  You should strongly consider
upgrading to 6.0.41, or whatever is the latest at the time you go to
upgrade.



 httpd-2.2.15-31.sl6.x86_64

 tomcat starts and I can reach the page on the 8080 port


Good!



 It never starts the connection host name connection from the server.xml


Hmm, not sure what you mean here.  Are you talking about virtual hosting
with Tomcat?

  http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html



 I do a kill -3 on the tomcat pid and this is what the logs shows:

 INFO: Starting Servlet Engine: Apache Tomcat/6.0.24
 Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig
 deployDescriptor
 INFO: Deploying configuration descriptor host-manager.xml
 Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig
 deployDescriptor
 INFO: Deploying configuration descriptor manager.xml
 Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory ROOT
 Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory examples
 Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory sample
 Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.HostConfig
 deployDirectory
 INFO: Deploying web application directory docs
 Nov 3, 2014 1:19:11 PM org.apache.coyote.http11.Http11Protocol start
 INFO: Starting Coyote HTTP/1.1 on http-8080
 Nov 3, 2014 1:19:11 PM org.apache.jk.common.ChannelSocket init
 INFO: JK: ajp13 listening on /0.0.0.0:8009
 Nov 3, 2014 1:19:11 PM org.apache.jk.server.JkMain start
 INFO: Jk running ID=0 time=0/54  config=null
 Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.Catalina start
 INFO: Server startup in 1307 ms
 2014-11-03 13:19:37
 Full thread dump OpenJDK 64-Bit Server VM (23.25-b01 mixed mode):

 TP-Monitor daemon prio=10 tid=0x7feca454d800 nid=0x729f in
 Object.wait() [0x7feca241]
java.lang.Thread.State: TIMED_WAITING (on object monitor)
 at java.lang.Object.wait(Native Method)
 - waiting on 0xba74ea78 (a org.apache.tomcat.util.
 threads.ThreadPool$MonitorRunnable)
 at org.apache.tomcat.util.threads.ThreadPool$MonitorRunnable.run(
 ThreadPool.java:565)
 - locked 0xba74ea78 (a org.apache.tomcat.util.
 threads.ThreadPool$MonitorRunnable)
 at java.lang.Thread.run(Thread.java:701)

 TP-Processor4 daemon prio=10 tid=0x7feca452f000 nid=0x729e runnable
 [0x7feca2511000]
java.lang.Thread.State: RUNNABLE
 at java.net.PlainSocketImpl.socketAccept(Native Method)
 at java.net.AbstractPlainSocketImpl.accept(
 AbstractPlainSocketImpl.java:375)
 at java.net.ServerSocket.implAccept(ServerSocket.java:478)
 at java.net.ServerSocket.accept(ServerSocket.java:446)
 at org.apache.jk.common.ChannelSocket.accept(
 ChannelSocket.java:307)
 at org.apache.jk.common.ChannelSocket.acceptConnections(
 ChannelSocket.java:661)
 at org.apache.jk.common.ChannelSocket$SocketAcceptor.
 runIt(ChannelSocket.java:872)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
 ThreadPool.java:690)
 at java.lang.Thread.run(Thread.java:701)

 TP-Processor3 daemon prio=10 tid=0x7feca452d000 nid=0x729d in
 Object.wait() [0x7feca2612000]
java.lang.Thread.State: WAITING (on object monitor)
 at java.lang.Object.wait(Native Method)
 - waiting on 0xba74e3a8 (a org.apache.tomcat.util.
 threads.ThreadPool$ControlRunnable)
 at java.lang.Object.wait(Object.java:502)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
 ThreadPool.java:662)
 - locked 0xba74e3a8 (a org.apache.tomcat.util.
 threads.ThreadPool$ControlRunnable)
 at java.lang.Thread.run(Thread.java:701)

 TP-Processor2 daemon prio=10 tid=0x7feca4532000 nid=0x729c in
 Object.wait() [0x7feca2713000]
java.lang.Thread.State: WAITING (on object monitor)
 at java.lang.Object.wait(Native Method)
 - waiting on 0xba74e010 (a org.apache.tomcat.util.
 threads.ThreadPool$ControlRunnable)
 at java.lang.Object.wait(Object.java:502)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
 

Re: troubleshoot tomcat database connection

[Daniel Mikusa]

On Mon, Nov 3, 2014 at 2:52 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Mark,

 On 11/3/14 2:41 PM, Mark Maciolek wrote:
 
  On 11/3/2014 2:29 PM, Daniel Mikusa wrote:
  On Mon, Nov 3, 2014 at 1:58 PM, Mark Maciolek m...@sr.unh.edu
  wrote:
 
  hi,
 
  system is running Scientific Linux release 6.5 rpm installed
 
  tomcat6-servlet-2.5-api-6.0.24-78.el6_5.noarch
  tomcat6-javadoc-6.0.24-78.el6_5.noarch
  tomcat6-lib-6.0.24-78.el6_5.noarch
  tomcat-native-1.1.30-1.el6.x86_64
  tomcat6-el-2.1-api-6.0.24-78.el6_5.noarch
  tomcat6-admin-webapps-6.0.24-78.el6_5.noarch
  apache-tomcat-apis-0.1-1.el6.noarch
  tomcat6-jsp-2.1-api-6.0.24-78.el6_5.noarch
  tomcat6-webapps-6.0.24-78.el6_5.noarch
  tomcat-servlet-3.0-api-7.0.33-4.el6.noarch
  tomcat6-6.0.24-78.el6_5.noarch
  tomcat6-docs-webapp-6.0.24-78.el6_5.noarch
 
  For what it's worth, 6.0.24 is pretty old.  You should strongly
  consider upgrading to 6.0.41, or whatever is the latest at the
  time you go to upgrade.
 
 
  httpd-2.2.15-31.sl6.x86_64
 
  tomcat starts and I can reach the page on the 8080 port
 
  Good!
 
 
  It never starts the connection host name connection from the
  server.xml
 
  Hmm, not sure what you mean here.  Are you talking about virtual
  hosting with Tomcat?
 
  http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html
 
 
 
 not currently just this one site on the server serving jsp file.
  I do a kill -3 on the tomcat pid and this is what the logs
  shows:
 
  INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 Nov 3, 2014
  1:19:10 PM org.apache.catalina.startup.HostConfig
  deployDescriptor INFO: Deploying configuration descriptor
  host-manager.xml Nov 3, 2014 1:19:10 PM
  org.apache.catalina.startup.HostConfig deployDescriptor INFO:
  Deploying configuration descriptor manager.xml Nov 3, 2014
  1:19:10 PM org.apache.catalina.startup.HostConfig
  deployDirectory INFO: Deploying web application directory ROOT
  Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig
  deployDirectory INFO: Deploying web application directory
  examples Nov 3, 2014 1:19:11 PM
  org.apache.catalina.startup.HostConfig deployDirectory INFO:
  Deploying web application directory sample Nov 3, 2014 1:19:11
  PM org.apache.catalina.startup.HostConfig deployDirectory INFO:
  Deploying web application directory docs Nov 3, 2014 1:19:11 PM
  org.apache.coyote.http11.Http11Protocol start INFO: Starting
  Coyote HTTP/1.1 on http-8080 Nov 3, 2014 1:19:11 PM
  org.apache.jk.common.ChannelSocket init INFO: JK: ajp13
  listening on /0.0.0.0:8009 Nov 3, 2014 1:19:11 PM
  org.apache.jk.server.JkMain start INFO: Jk running ID=0
  time=0/54  config=null Nov 3, 2014 1:19:11 PM
  org.apache.catalina.startup.Catalina start INFO: Server startup
  in 1307 ms 2014-11-03 13:19:37 Full thread dump OpenJDK 64-Bit
  Server VM (23.25-b01 mixed mode):
 
  TP-Monitor daemon prio=10 tid=0x7feca454d800 nid=0x729f
  in Object.wait() [0x7feca241] java.lang.Thread.State:
  TIMED_WAITING (on object monitor) at
  java.lang.Object.wait(Native Method) - waiting on
  0xba74ea78 (a org.apache.tomcat.util.
  threads.ThreadPool$MonitorRunnable) at
  org.apache.tomcat.util.threads.ThreadPool$MonitorRunnable.run(
  ThreadPool.java:565) - locked 0xba74ea78 (a
  org.apache.tomcat.util. threads.ThreadPool$MonitorRunnable) at
  java.lang.Thread.run(Thread.java:701)
 
  TP-Processor4 daemon prio=10 tid=0x7feca452f000
  nid=0x729e runnable [0x7feca2511000]
  java.lang.Thread.State: RUNNABLE at
  java.net.PlainSocketImpl.socketAccept(Native Method) at
  java.net.AbstractPlainSocketImpl.accept(
  AbstractPlainSocketImpl.java:375) at
  java.net.ServerSocket.implAccept(ServerSocket.java:478) at
  java.net.ServerSocket.accept(ServerSocket.java:446) at
  org.apache.jk.common.ChannelSocket.accept(
  ChannelSocket.java:307) at
  org.apache.jk.common.ChannelSocket.acceptConnections(
  ChannelSocket.java:661) at
  org.apache.jk.common.ChannelSocket$SocketAcceptor.
  runIt(ChannelSocket.java:872) at
  org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
  ThreadPool.java:690) at java.lang.Thread.run(Thread.java:701)
 
  TP-Processor3 daemon prio=10 tid=0x7feca452d000
  nid=0x729d in Object.wait() [0x7feca2612000]
  java.lang.Thread.State: WAITING (on object monitor) at
  java.lang.Object.wait(Native Method) - waiting on
  0xba74e3a8 (a org.apache.tomcat.util.
  threads.ThreadPool$ControlRunnable) at
  java.lang.Object.wait(Object.java:502) at
  org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
  ThreadPool.java:662) - locked 0xba74e3a8 (a
  org.apache.tomcat.util. threads.ThreadPool$ControlRunnable) at
  java.lang.Thread.run(Thread.java:701)
 
  TP-Processor2 daemon prio=10 tid=0x7feca4532000
  nid=0x729c in Object.wait() [0x7feca2713000]
  java.lang.Thread.State: WAITING (on object monitor) at
  java.lang.Object.wait(Native Method

Re: Authentication Memcached + Tomcat

[Daniel Mikusa]

On Nov 1, 2014 10:31 AM, Nilson Uehara nilueh...@gmail.com wrote:

 Dan,
 I'm trying to implement Memcached with SASL authentication

 https://code.google.com/p/memcached/wiki/SASLHowto

 But I can not get Tomcat to connect to it

 Nilson Uehara

Please don't top post. Reply inline or at the bottom. It is the convention
we follow on this list.

As far as your question, I'm struggling to see how this is related to
Tomcat. You need to describe more about what you're doing or we're not
going to be able to help.

Try including relevant config, log output and error messages.

Dan


 2014-10-31 18:18 GMT-02:00 Daniel Mikusa dmik...@pivotal.io:

  On Fri, Oct 31, 2014 at 3:51 PM, Nilson Uehara nilueh...@gmail.com
  wrote:
 
   I'm testing Memcached to implement failover on my Tomcat servers.
  
   Is there any way of implementing security by user / password?
  
 
  Can you clarify this request?  Are these two separate thoughts, or is
  memcached somehow related to the security question?
 
  If it's just security you're after, then see this section in the docs.
 
http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html
 
  Dan
 

Re: Authentication Memcached + Tomcat

[Daniel Mikusa]

On Fri, Oct 31, 2014 at 3:51 PM, Nilson Uehara nilueh...@gmail.com wrote:

 I'm testing Memcached to implement failover on my Tomcat servers.

 Is there any way of implementing security by user / password?


Can you clarify this request?  Are these two separate thoughts, or is
memcached somehow related to the security question?

If it's just security you're after, then see this section in the docs.

  http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html

Dan

Re: NameNotFoundException: Name [jdbc/weblogin01b] is not bound in this Context. Unable to find [jdbc]

[Daniel Mikusa]

On Wed, Oct 29, 2014 at 12:45 PM, vince.w...@thomsonreuters.com wrote:

 Hello
 I'm having difficulty getting a JDBC DataSource using Tomcat 8.

 I want to define the JDBC details in server.xml so the database identified
 depends on the server and not the application. It will be beneficial for me
 if the applications only need to know the JDBC name and not password
 details.

 Thus I'm using GlobalNamingResources in server.xml
 and ResourceLink in context.xml

 I'm obviously not getting it right because I get this exception:

 javax.naming.NameNotFoundException: Name [jdbc/weblogin01b] is not bound
 in this Context. Unable to find [jdbc].


Sometimes when you get a NameNotFoundException, it's because the pool
encountered an error when it was being created.  Hence it doesn't actually
exists.  A couple things you can do to troubleshoot.

1.) Set an initial size for your pool.  This will force it to make at least
one connection at startup which will generally cause it to fail fast, if
there is a problem.  You can then look in the logs to see the error.

2.) Connect with jconsole or jvisualvm and look at the mbeans for Tomcat.
When the pool is actually there, you should see it in the mbeans.


 at org.apache.naming.NamingContext.lookup(NamingContext.java:818)
 at org.apache.naming.NamingContext.lookup(NamingContext.java:166)
 at
 org.apache.naming.factory.ResourceLinkFactory.getObjectInstance(ResourceLinkFactory.java:92)
 at
 javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
 at org.apache.naming.NamingContext.lookup(NamingContext.java:841)
 at org.apache.naming.NamingContext.lookup(NamingContext.java:152)
 at org.apache.naming.NamingContext.lookup(NamingContext.java:829)
 at org.apache.naming.NamingContext.lookup(NamingContext.java:166)

 In CATALINA_BASE/conf/server.xml

 I have included a variety of slightly different resources all aiming to
 get to the same database schema hopefully one of them will be right:

 GlobalNamingResources
 !-- Editable user database that can also be used by
  UserDatabaseRealm to authenticate users
 --
 Resource name=UserDatabase auth=Container
   type=org.apache.catalina.UserDatabase
   description=User database that can be updated and saved
   factory=org.apache.catalina.users.MemoryUserDatabaseFactory
   pathname=conf/tomcat-users.xml /


 Resource name=jdbc/weblogin01
 username=weblogin01
 password=x
 auth=Container
 type=javax.sql.DataSource
 driverClassName=oracle.jdbc.pool.OracleDataSource


This looks suspect.  I'm pretty sure you want the JDBC driver name.


 description=Global Address Database
 url=jdbc:oracle:thin:@10.15.120.29:1522:DGSPC


You could add initialSize here, try 1.

maxActive=15
 maxIdle=3 /

 Resource name=jdbc/weblogin01b
 user=weblogin01
 password=x
 auth=Container
 type=javax.sql.DataSource
 driverClassName=oracle.jdbc.OracleDriver
 factory=oracle.jdbc.pool.OracleDataSourceFactory


You're using a different factory (specifically Oracle's implementation), so
the configuration attributes are going to be different.  Not sure how to
set initial size with this implementation.


 url=jdbc:oracle:thin:@10.15.120.29:1522:DGSPC
 maxActive=20
 maxIdle=3
 maxWait=-1 /

 Resource name=jdbc/weblogin01c
 user=weblogin01
 password=x
 auth=Container
 type=javax.sql.DataSource
 driverClassName=oracle.jdbc.OracleDriver
 url=jdbc:oracle:thin:@10.15.120.29:1522:DGSPC
 maxActive=20
 maxIdle=3
 maxWait=-1 /


This looks the most right.  I'd also try adding initialSize of 1.



 /GlobalNamingResources

 In META-INF/context.xml

 I have a ResourceLink to each resource

 Context path=/testDbAccess
 ResourceLink name=jdbc/weblogin01
 global=jdbc/weblogin01
 type=javax.sql.DataSource/
 ResourceLink name=jdbc/weblogin01b
 global=jdbc/weblogin01b
 type=javax.sql.DataSource/
 ResourceLink name=jdbc/weblogin01c
 global=jdbc/weblogin01c
 type=javax.sql.DataSource/


These look OK.


 /Context

 In web.xml I made no changes related to JDBC on the understanding that the
 ResourceLink elements will be sufficient.

 In Java code I try to get a DataSource as follows:

 String dbUser = weblogin01b;
 try {
 Context initCtx = new InitialContext();
 Context envCtx = (Context) initCtx.lookup(java:comp/env);

 // Get data source
 ds = (DataSource) envCtx.lookup(jdbc/ + dbUser);
 if (ds == null) {
 logger.log(Level.WARNING,Null datasource for  + dbUser);
 }
 }

 I get similar exceptions for each of the names:
 jdbc/weblogin01
 jdbc/weblogin01b
 jdbc/weblogin01c


Didn't test this, but it looks OK.

Dan



 After years using GlassFish, I'm 

Re: How can Tomcat be started at boot time as a non-root user

[Daniel Mikusa]

On Tue, Oct 14, 2014 at 7:06 AM, Léa Massiot lmhe...@orange.fr wrote:

 Hello and thank you for reading my post.

 My question is about how can Tomcat be started at boot time as a non-root
 user.

 The OS is Debian Wheezy.

 Below is what I did already:

 root chown -R tomcat7.tomcat7 /opt/tomcat7/

 I created a new file: /etc/init.d/tomcat7
 Owner and owner group: root
 Permissions: 755
 ---
 #! /bin/sh

 export JAVA_HOME=/opt/jdk1.7.0_67/
 case $1 in

 start)
   /bin/bash /opt/tomcat7/bin/startup.sh
   ;;

 stop)
   /bin/bash /opt/tomcat7/bin/shutdown.sh
   ;;

 restart)
   /bin/bash /opt/tomcat7/bin/shutdown.sh
   /bin/bash /opt/tomcat7/bin/startup.sh
   ;;
 esac

 exit 0
 ---

 I ran:
 root update-rc.d tomcat7 defaults

 Added to /etc/rc0.d/: K01tomcat7
 Added to /etc/rc1.d/: K01tomcat7
 Added to /etc/rc2.d/: S17tomcat7
 Added to /etc/rc3.d/: S17tomcat7
 Added to /etc/rc4.d/: S17tomcat7
 Added to /etc/rc5.d/: S17tomcat7
 Added to /etc/rc6.d/: K01tomcat7

 At boot time, tomcat is started as root.
 How can it be started as tomcat7?


What about this?

   http://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon

Dan



 Best regards.



 --
 View this message in context:
 http://tomcat.10.x6.nabble.com/How-can-Tomcat-be-started-at-boot-time-as-a-non-root-user-tp5023810.html
 Sent from the Tomcat - User mailing list archive at Nabble.com.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Custom Realm

[Daniel Mikusa]

On Sun, Oct 12, 2014 at 8:26 AM, Service Symphony 
mee...@servicesymphony.com wrote:

 I have got it working, since the server is not started yet, none of the
 underlying infrastructure is available in the realm class constructor.

 Sent from my iPhone

  On 11 Oct 2014, at 22:37, Meeraj Kunnumpurath 
 mee...@servicesymphony.com wrote:
 
  Hi,
 
  I have some specific requirements for security and I have been trying to
 right a custom realm, that reads information from the database.
 
  1. I have added a datasource in the global naming resources section in
 the server.xml
  2. I have packaged the realm class in a JAR file and copied it the
 server lib
  3. I have included a context.xml in the WAR META-INF, that declares the
 realm from (2)
 
  In the constructor of the realm class, I try to look up the datasource,
 
  1. If I use new InitialContext().lookup, I get a name not found
 exception.
  2. If I try to get the global naming context, by calling getServer from
 RealBase, getServer returns a null reference.
 
  This is the entry in server.xml
 
 Resource name=MyDS
auth=Container
type=javax.sql.DataSource
driverClassName=oracle.jdbc.OracleDriver
factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
url=jdbc:oracle:thin:@10.211.55.7:1521:xe
username=meeraj
password=password
maxTotal=20
maxIdle=10
maxWaitMillis=-1
accessToUnderlyingConnectionAllowed=true/
 
  This is the entry in the context.xml
 
  Realm className=com.ss.security.provider.DatabaseRealm digest=SHA1/
 
  This is the constructor of the Realm class
 
  public DatabaseRealm() throws NamingException {
  Context context = null;
  try {
  context = new InitialContext();
  template = new SimpleJdbcTemplate((DataSource)
 context.lookup(MyDS));
  } finally {
  if (context != null) context.close();
  }
  }
 
  Any pointers will be highly appreciated.
 
  Many thanks
 
  --
  Meeraj Kunnumpurath
  Director and Executive Principal
  Service Symphony Ltd
  00 44 7702 693597
  mee...@servicesymphony.com


For what it's worth, DataSourceRealm sounds very similar to this.  Might
serve as a good example.


http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?view=markup

Dan

Re: Tomcat JDBC pool - auto reconnect

[Daniel Mikusa]

On Fri, Oct 10, 2014 at 9:51 AM, Vasily Kukhta v.b.kuk...@gmail.com wrote:

 Hi friends,

 I have a question regarding the ability of Tomcat JDBC pool to reconnect
 automatically to a database in case of temporarily network failures.

 I'm developing a high-load application which uses Oracle 11g database. It
 may happen that the DB can become unavailable for several minutes - it is
 located in another geographic region, so network failures can happen
 sometimes and the DB becomes unresponsive. Can the Tomcat JDBC pool
 automatically reconnect to the DB when it becomes online again?


In a manner of speaking.  You can configure the pool to test connections,
remove bad ones and try to replace them with new, good connections.  See
validationQuery, testWhileIdle and testOn* here.

  http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The trick is that the pool doesn't know when your DB comes back online, so
you might get exceptions while the DB is offline (especially if it's down
for a long time).  It will start talking again once the DB comes back
online though.


 Is this done by default or it should be configured somehow?


No.  You need to set a validation query and set at least one of the test*
attributes to true.

Dan



 Thank you in advance!

 Best regards,
 Vasily Kukhta.

Re: Quite a few TCP connection established on start of Tomcat

[Daniel Mikusa]

On Fri, Oct 10, 2014 at 12:33 PM, Gangadhar Tumkur rajmc...@gmail.com
wrote:

 Hello,

 We have moved to Tomcat 7.0.51 from JBoss 4x as the application server for
 our product using Java 8.0.20. After starting Tomcat application server and
 when we run netstat -a -b we see that there are quite a few TCP connections
 established related to Tomcat as you see below.

 [image: Inline image 1]


I can't see the picture.  It looks like the list may have stripped it.  Can
you just copy and paste the text?

Dan



 Does anyone have an answer as to why so many connections opened?

 Thanks for taking time to answer.

 Raj

Re: Maven Tomcat 6/7/8 plugin

[Daniel Mikusa]

 On Sun, Oct 5, 2014 at 2:00 PM, Matthias Hryniszak pad...@gmail.com
wrote:

 It seems I might have expressed myself purely. Let me rephrase:

 I'm looking for RemoteIpValve support in maven-tomcat7-plugin.


Perhaps you could use RemoteIPFilter instead?  You can configure that
through web.xml.


http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_IP_Filter

Dan


 I know the
 valve itself exists since long before version 7 and I am already using it
 in production. What I'm on to here is running Maven-managed web
 applications in development and as far as I can see it's been added ~2
 weeks after the release of 2.2 version of that plugin

 Alternatively if you know of a way to persuade Apache CXF to present the
 endpoint URL using HTTPS scheme when running mvn tomcat7:run. CXF does it
 automatically if the RemoteIpValve  is installed and proper header exists
 (as in the isSecure() method returns true). Otherwise it does just HTTP and
 that in turn makes my local HAProxy do a 302 to HTTPS which ends up in an
 infinite loop and that's not exactly the result I was hoping for...

 Cheers,
 Matthias

 2014-10-05 19:31 GMT+02:00 Konstantin Kolinko knst.koli...@gmail.com:

  2014-10-05 18:01 GMT+04:00 Matthias Hryniszak pad...@gmail.com:
   Hi all,
  
   I'm new to this list so let me briefly introduce myself. My name is
   Matthias and I live in Poland. I'm a software architect for Lumesse, an
   British software development company. The core of our development is
  talent
   acquisition and talent management software. The part I'm working with
 is
   e-learning solutions.
  
   Now that you all know me let me ask you a question: are there any plans
  on
   releasing a new version of the maven-tomcat7-plugin and/or an upgrade
 to
   maven-tomcat8-plugin? We're falling short a bit on the lack of remote
 IP
   valve in the current release
 
  RemoteIpValve does exist in Tomcat 7
 
 http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_IP_Valve
 
   and I was wondering if that's going to be
   released any time soon. Please note the last release (2.2) was November
   2013 and there's been lots of changes so it'd be great to have them
   stabilized and released - not to mention the upgrade over embedded
 Tomcat
   version.
 
  It is being developed on a branch,
  http://svn.apache.org/viewvc/tomcat/maven-plugin/branches/tc8.x/
 
  See archives of tomcat dev mailing list for discussions.
 
  Thus far, integration tests are failing,
  http://markmail.org/message/xc5r6yycrvmjh2vx
 
 
  Best regards,
  Konstantin Kolinko
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

Re: Open quote is expected for attribute {1} associated with an element type username

[Daniel Mikusa]

On Thu, Oct 2, 2014 at 2:16 PM, Gibran Castillo gibran.e.casti...@gmail.com
 wrote:

 I installed Tomcat 8.0.12 in my MacBook OS X 10.9.5
  here /Library/Tomcat/Home.  Home is a symbolic link that will always point
 to the current version Tomcat directory, in this case
 /Library/Tomcat/apache-tomcat-8.0.12

 In the /Library/Tomcat/Home/conf/tomcat-users.xml file I added the
 following:
   role rolename=manager-gui/
   user username=“admin” password=password” roles=manager-gui”/


Did you copy and paste this from somewhere?  If so, try deleting it and
manually typing, especially the quote characters.

Dan



 When I start tomcat with the out of the box setup everything looks good
 except that is throwing an exception regarding user
 *username=“admin”* password=adminpw”
 roles=manager-gui”/, see below... I am not sure what is going on, this is
 suppose to work out of the box

 Using CATALINA_BASE:   /Library/Tomcat/Home

 Using CATALINA_HOME:   /Library/Tomcat/Home

 Using CATALINA_TMPDIR: /Library/Tomcat/Home/temp

 Using JRE_HOME:
 /Library/Java/JavaVirtualMachines/jdk1.7.0_60.jdk/Contents/Home

 Using CLASSPATH:

 /Library/Tomcat/Home/bin/bootstrap.jar:/Library/Tomcat/Home/bin/tomcat-juli.jar


 .../Home/logs/catalina.2014-10-02.log

 02-Oct-2014 12:19:44.120 INFO [main]
 org.apache.catalina.core.AprLifecycleListener.init The APR based Apache
 Tomcat Native library which allows optimal performance in production
 environments was not found on the java.library.path:

 /Users/gibranecastillo/Library/Java/Extensions:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java:.

 02-Oct-2014 12:19:44.551 INFO [main]
 org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
 [http-nio-8080]

 02-Oct-2014 12:19:44.670 INFO [main]
 org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
 selector for servlet write/read

 02-Oct-2014 12:19:44.676 INFO [main]
 org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
 [ajp-nio-8009]

 02-Oct-2014 12:19:44.683 INFO [main]
 org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
 selector for servlet write/read

 02-Oct-2014 12:19:44.684 INFO [main]
 org.apache.catalina.startup.Catalina.load Initialization processed in 1236
 ms

 *02-Oct-2014 12:19:44.726 SEVERE [main]
 org.apache.tomcat.util.digester.Digester.fatalError Parse Fatal Error at
 line 37 column 18: Open quote is expected for attribute {1} associated
 with an  element type  username.*

 * org.xml.sax.SAXParseException; lineNumber: 37; columnNumber: 18; Open
 quote is expected for attribute {1} associated with an  element type
 username.*

 at

 com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)

 at

 com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)

 at

 com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:441)

 at

 com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)

 at

 com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1436)

 at

 com.sun.org.apache.xerces.internal.impl.XMLScanner.scanAttributeValue(XMLScanner.java:829)

 at

 com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(XMLDocumentFragmentScannerImpl.java:1546)

 at

 com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1318)

 at

 com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2770)

 at

 com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606)

 at

 com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)

 at

 com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848)

 at

 com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777)

 at

 com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)

 at

 com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)

 at

 com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:648)

 at
 org.apache.tomcat.util.digester.Digester.parse(Digester.java:1476)

 at

 org.apache.catalina.users.MemoryUserDatabase.open(MemoryUserDatabase.java:430)

 at

 org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:102)

 at

 org.apache.naming.factory.FactoryBase.getObjectInstance(FactoryBase.java:94)

Re: Session lost in Tomcat 5.5.36

[Daniel Mikusa]

On Tue, Sep 30, 2014 at 6:56 AM, Diego Ruotolo druot...@noemalife.com
wrote:

 Hi everybody,



 Working on my company webapp I notice the following problem: sometimes the
 jsession cookie is lost, and therefore my whole http session is lost.



 The context is:

 - Tomcat v. 5.5.36

- JDK 1.5.0


Both of these pieces of software are very old and no longer supported.
There are very likely bugs and security issues in them which will never get
fixed.  You should consider upgrading ASAP.  As a bonus, upgrading may
solve the problem you're having.

  http://tomcat.apache.org/tomcat-55-eol.html

Dan



 - O.S. Windows

 - Client: Internet Explorer 8



 Here is my use case:

 -  I made a POST request to a servlet of my webapp

 -  While processing this request, I create a new http session

 -  Processing of the request will process a velocity template
 as last step

 -  This velocity template contains 3 calls to 3 different
 servlets of my webapp, these 3 calls are made through an HTTP GET

 -  While processing one of these 3 requests, Tomcat does not
 append jsessionid parameter to the requested URL: I have debugged Tomcat
 classes therefore I am sure of this



 This problem does not occur always, but just sometimes. While debugging
 Tomcat classes, I noticed that Tomcat starts 3 threads to manage the 3 GET
 requests of the velocity template, so maybe it is a concurrency problem.

 Finally, I noticed that this problem does not happen if I set the Windows
 registry key HKCU\Software\Microsoft\Internet Explorer\Main – TabProcGrowth
 to 0 or 1, which forces Internet Explorer to use one process for all tabs,
 not one process for single tab (which is the default).



 Do I miss some configuration settings? Do I have to set some particular
 parameter / cookie in the first response (or in the velocity template) ?

 If you need more details please tell me.



 Thanks in advice,



 Kind regards



 Diego

Re: Tomcat returns Jsp source code as text/plain to the browser

[Daniel Mikusa]

On Tue, Sep 30, 2014 at 9:04 AM, Gadi Sastiel gadi.sast...@gmail.com
wrote:

 Hi , we are behind Apache. , we have HTTP and AJP connectors.
 Java 1.7.17 it was reproduced on Latest chrome and firefox


I've seen similar issues when Apache HTTPD is not configured correctly.
How are you proxying requests to your Tomcat server? mod_proxy? mod_jk?
Can you include relevant configuration?


 I can see the request on the tomcat access log.


Can you include the log entries from both HTTPD  Tomcat?

Dan


On Tue, Sep 30, 2014 at 2:59 PM, Konstantin Kolinko knst.koli...@gmail.com
 wrote:

  2014-09-30 15:30 GMT+04:00 Gadi Sastiel gadi.sast...@gmail.com:
   Hi all,
  
  
  
   Tomcat version 7.0.30
  
   Operating System – Windows server 2008 and above.
  
  
  
   When I concatenate “ ( quotes)  to the end of the url when accessing a
  jsp
  
   for example:  /pages/somePage.jsp”
  
   The browser returns the source code of the JSP.
  
  
  
   Does anyone see such a behavior before ?
  
 
  I cannot reproduce this with the currently being tested 7.0.56
  (release candidate), nor with the current Tomcat 6 and Tomcat 8.
 
  Is your Tomcat directly accessible via HTTP port, or it is behind
  another HTTP server (IIS, Apache HTTPD)?  What Connector is used to
  access it (Bio/Nio/Apr,  HTTP or AJP protocol)?
 
  What web browser are you using? What version of Java is used to run it?
 
 
   How can I filter it out ?
 
  That depends on the root cause.
 
  Is the source code displayed by Tomcat or by other web server? Is this
  request mentioned in Tomcat access log file?
 
 
  Best regards,
  Konstantin Kolinko
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

Re: Tomcat returns Jsp source code as text/plain to the browser

[Daniel Mikusa]

On Tue, Sep 30, 2014 at 10:32 AM, Gadi Sastiel gadi.sast...@gmail.com
wrote:

 I have in httpd.conf:

 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_http_module modules/mod_proxy_http.so

 # Configure mod_proxy_html to understand HTML4/XHTML1
 IfModule proxy_html_module
 Include conf/extra/proxy-html.conf
 /IfModule

 LoadModule jk_module modules/mod_jk.so


Looks like you're loading both mod_proxy  mod_jk.  Which one are you
using?  There should be more to this config.  Possibly some ProxyPass
statements or a JkMount?

Dan




 Gadi

 On Tue, Sep 30, 2014 at 4:38 PM, Daniel Mikusa dmik...@pivotal.io wrote:

  On Tue, Sep 30, 2014 at 9:04 AM, Gadi Sastiel gadi.sast...@gmail.com
  wrote:
 
   Hi , we are behind Apache. , we have HTTP and AJP connectors.
   Java 1.7.17 it was reproduced on Latest chrome and firefox
  
 
  I've seen similar issues when Apache HTTPD is not configured correctly.
  How are you proxying requests to your Tomcat server? mod_proxy? mod_jk?
  Can you include relevant configuration?
 
 
   I can see the request on the tomcat access log.
  
 
  Can you include the log entries from both HTTPD  Tomcat?
 
  Dan
 
 
  On Tue, Sep 30, 2014 at 2:59 PM, Konstantin Kolinko 
  knst.koli...@gmail.com
   wrote:
  
2014-09-30 15:30 GMT+04:00 Gadi Sastiel gadi.sast...@gmail.com:
 Hi all,



 Tomcat version 7.0.30

 Operating System – Windows server 2008 and above.



 When I concatenate “ ( quotes)  to the end of the url when
 accessing
  a
jsp

 for example:  /pages/somePage.jsp”

 The browser returns the source code of the JSP.



 Does anyone see such a behavior before ?

   
I cannot reproduce this with the currently being tested 7.0.56
(release candidate), nor with the current Tomcat 6 and Tomcat 8.
   
Is your Tomcat directly accessible via HTTP port, or it is behind
another HTTP server (IIS, Apache HTTPD)?  What Connector is used to
access it (Bio/Nio/Apr,  HTTP or AJP protocol)?
   
What web browser are you using? What version of Java is used to run
 it?
   
   
 How can I filter it out ?
   
That depends on the root cause.
   
Is the source code displayed by Tomcat or by other web server? Is
 this
request mentioned in Tomcat access log file?
   
   
Best regards,
Konstantin Kolinko
   
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
   
   
  
 

Re: Tomcat xml files in conf/Catalina/localhost

[Daniel Mikusa]

On Fri, Sep 19, 2014 at 12:28 PM, Miguel Pereira miguelaperei...@gmail.com
wrote:

 Hey all,

 I was wondering where I could get some more information about these xml
 files. On one system they are created every time I deploy a web application
 and on another they are not.. I would prefer that tomcat does not create
 them. Anyone want to point me in the right direction?


Some explanation of these files can be found here.

   http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Introduction

http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context

See also the copyXML attribute further down on that page.  That could be
why you're seeing these files show up.

Dan



 Thank you,
 Miguel

Re: Tomcat xml files in conf/Catalina/localhost

[Daniel Mikusa]

On Fri, Sep 19, 2014 at 1:32 PM, Miguel Pereira miguelaperei...@gmail.com
wrote:

 Thank you very much Dan,

 I looked at the links and noticed I am running tomcat 7 locally and 6 on
 our DEV environment.
 I also noticed that copyXML is present in the documentation for tomcat 7
 and defaults to false.
 Finally
 
 In an individual file at /META-INF/context.xml inside the application
 files. In Tomcat 6 this file is *automatically* copied to
 $CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to application's
 base file name plus a .xml extension. (This automated copying became
 *optional* in Tomcat 7).
 

 Would you happen to know if it is possible to achive the same in tomcat 6?
 ( We will not be upgrading for a while )


I think the obvious solution would be to remove META-INF/context.xml from
your WAR file and put any config there into another context configuration
location, assuming that is an option for you.  What is your rationale for
not wanting it copied?  i.e. what is the problem that copying it causes?
 Maybe there is another way to resolve that problem.

Dan





 Miguel

 On Fri, Sep 19, 2014 at 12:41 PM, Daniel Mikusa dmik...@pivotal.io
 wrote:

  On Fri, Sep 19, 2014 at 12:28 PM, Miguel Pereira 
  miguelaperei...@gmail.com
  wrote:
 
   Hey all,
  
   I was wondering where I could get some more information about these xml
   files. On one system they are created every time I deploy a web
  application
   and on another they are not.. I would prefer that tomcat does not
 create
   them. Anyone want to point me in the right direction?
  
 
  Some explanation of these files can be found here.
 
 
  http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Introduction
 
 
 
 http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context
 
  See also the copyXML attribute further down on that page.  That could
 be
  why you're seeing these files show up.
 
  Dan
 
 
 
   Thank you,
   Miguel
  
 

Re: Tomcat xml files in conf/Catalina/localhost

[Daniel Mikusa]

On Fri, Sep 19, 2014 at 3:33 PM, Miguel Pereira miguelaperei...@gmail.com
wrote:

 Ahhh, thanks Dan,

 Unfortunately these are 3rd party apps what we receive as a WAR. I am not
 sure that unzipping them and rezipping them is ideal nor maintainable. The
 main reason is that the context fragments remain after the apps are
 undeployed which throw non fatal errors on subsequent tomcat restarts. This
 is primarly a problem during development when testing new applications.

 I feel that the way we are undeploying applications is at the heart issue.
 The documentation
 
 Deleting a WAR file will trigger an undeploy of the application with the
 *removal* of any associated expanded directory, *context file* and work
 directory. Any current user sessions will not be persisted.
 
 Seems to make it clear the the context file is removed but I am
 experiencing that is not the case or the third party tool we are using is
 not properly undeploying the application.


What version of Tomcat 6 are you using?  If it's not the latest one, it
would be worth trying the latest version to see if that clears up this
trouble.

Might also be worth trying a different method of undeploying the
application, like the manager or JMX, to see if that removes the context
file.

Dan



 I'll be doing some more digging,
 Miguel



 On Fri, Sep 19, 2014 at 2:45 PM, Daniel Mikusa dmik...@pivotal.io wrote:

  On Fri, Sep 19, 2014 at 1:32 PM, Miguel Pereira 
 miguelaperei...@gmail.com
  
  wrote:
 
   Thank you very much Dan,
  
   I looked at the links and noticed I am running tomcat 7 locally and 6
 on
   our DEV environment.
   I also noticed that copyXML is present in the documentation for tomcat
 7
   and defaults to false.
   Finally
   
   In an individual file at /META-INF/context.xml inside the application
   files. In Tomcat 6 this file is *automatically* copied to
   $CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to
 application's
   base file name plus a .xml extension. (This automated copying became
   *optional* in Tomcat 7).
   
  
   Would you happen to know if it is possible to achive the same in tomcat
  6?
   ( We will not be upgrading for a while )
  
 
  I think the obvious solution would be to remove META-INF/context.xml from
  your WAR file and put any config there into another context configuration
  location, assuming that is an option for you.  What is your rationale for
  not wanting it copied?  i.e. what is the problem that copying it causes?
   Maybe there is another way to resolve that problem.
 
  Dan
 
 
 
  
  
   Miguel
  
   On Fri, Sep 19, 2014 at 12:41 PM, Daniel Mikusa dmik...@pivotal.io
   wrote:
  
On Fri, Sep 19, 2014 at 12:28 PM, Miguel Pereira 
miguelaperei...@gmail.com
wrote:
   
 Hey all,

 I was wondering where I could get some more information about these
  xml
 files. On one system they are created every time I deploy a web
application
 and on another they are not.. I would prefer that tomcat does not
   create
 them. Anyone want to point me in the right direction?

   
Some explanation of these files can be found here.
   
   
   
  http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Introduction
   
   
   
  
 
 http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context
   
See also the copyXML attribute further down on that page.  That
 could
   be
why you're seeing these files show up.
   
Dan
   
   
   
 Thank you,
 Miguel

   
  
 

Re: Possibly Losing Session when Clustered

[Daniel Mikusa]

On Mon, Sep 15, 2014 at 10:46 AM, Peter Kirby lpki...@harding.edu wrote:

 I'm running CentOS 7 and I've tried this on Tomcat 7.0.55 and 8.0.12, both
 with the same results.  This also works perfectly fine in a production
 environment with 7.0.55.

 I'm running CAS and without clustering Tomcat, the login page works
 perfectly.  When I attempt to cluster Tomcat, I have to hit the login page
 twice.  The first time I log in, it simply clears the fields and goes back
 to the login page.  The second time I log in it works.  I'm posting to this
 list because I'm pretty sure it's something I'm missing with Tomcat config,
 not CAS the application as it works just fine in production.

 I have tried this with a fully configured cluster section in server.xml and
 with just uncommenting the default cluster tag.  It happens either way.  If
 I don't have a cluster section at all in server.xml, CAS works as it
 should.

 The logs aren't showing any errors or anything that seems useful to this
 problem.  I have run out of things to try and it works fine on 3 out of 4
 of the Tomcat servers.  I have gone so far as to completely wipe out this
 one server and build it back from scratch.  Never-the-less, the problem
 remains.

 I've run out of things to try and would appreciate any suggestions anyone
 may have.

 Thanks,
 Peter

 --
 Peter Kirby
 System and Database Administrator @ Harding University


Peter,

Have you tried deploying a simple test application to confirm that
clustering is working properly?  If you deploy an app that has something
like a simple session based counter in it, you can use that to confirm that
each node in the cluster is setup correctly and that session data is being
replicated.

Dan

Re: Possibly Losing Session when Clustered

[Daniel Mikusa]

On Mon, Sep 15, 2014 at 3:38 PM, Peter Kirby lpki...@harding.edu wrote:

 On Mon, Sep 15, 2014 at 2:01 PM, Peter Kirby lpki...@harding.edu wrote:

  On Mon, Sep 15, 2014 at 10:26 AM, Daniel Mikusa dmik...@pivotal.io
  wrote:
 
  Have you tried deploying a simple test application to confirm that
  clustering is working properly?
 
 
  I just setup a small session counter and it appears to not be shared
  across the different servers correctly.  Thanks for the suggestion.  I'll
  keep working on that and reply again if, after fixing session info, I
 still
  have the same problem.


 Well, if I had known it would be that fast of a fix, I would not have
 replied to the email.  I had accidentally left one server on Tomcat 8.0.12
 and the other on Tomcat 7.0.55.  After they were both on the same version,
 the session information is shared perfectly, which is what I expected.

 However, the original problem remains.  I discovered I don't even have to
 submit the page to fix the broken session.  I can go to the web page and
 after it loads hit refresh.  That takes care of the first page that just
 resets.  After the refresh button I can log in as normal.

 If I do actually submit the first time, the jessionid variable shows up in
 the URL when the page comes up the second time in case that's helpful.

 Thanks for your time.


It might be helpful to look at the access logs on your Tomcat instances and
also whatever is in front of them.  This might start to give an account of
what happens after the request leaves your browser.

Also might be helpful to increase the log level for clustering.  I think
the following should be helpful.

org.apache.catalina.ha.level = FINEST
org.apache.catalina.tribes.level = CONFIG

Note, you'll probably also have to set the log level of your handler to
FINEST, otherwise that'll filter out these messages.

1catalina.org.apache.juli.FileHandler.level = FINEST

or set .level for whatever handler the messages are being sent to.

Dan

Re: Stop writing System.our and System.err in catalina.out

[Daniel Mikusa]

On Tue, Sep 9, 2014 at 5:12 AM, André Warnier a...@ice-sa.com wrote:

 Vijay Kumar wrote:

 Hi,

 I have deployed one web application in Tomcat which uses JULI logger
 internally for application level logging. I can change the Mode to OFF
 while going to production. But there are few System.out.println statements
 along with e.printStackTrace which are writing in catalina.out file. This
 is causing to shutdown Tomcat when catalina.out file grows huge.

 Can any one suggest me how to stop writing these statement in catalina.out
 file.

  Search the list archives ?


See swallowOutput.

http://tomcat.apache.org/tomcat-7.0-doc/config/context.html

Dan



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: PKCS 12 issues in apache tomcat

[Daniel Mikusa]

On Mon, Sep 8, 2014 at 9:57 PM, Siva K Chittamuru cskal...@gmail.com
wrote:

 Hello,

 I am using Apache tomcat version 7


Which version specifically?


 and trying to configure SSL. Here is what I did so far.

 1. Generated CSR using OpenSSL and purchased certificate from geotrust.

 2. Imported the cert from Geotrust to the PEM keystore.

 3. Converted keystore to PKCS 12.

 4. Configured SSL connector in server.xml and pointed the keystore to PKCS
 12 I have created.


Which connector?  BIO, NIO, APR? A configuration snippet, minus sensitive
information would be helpful.



 Issue: There is another application that provides SSL certificate which I
 need to add to signers section of tomcat PKCS 12 file. I need some help
 with adding the cert to signers section.

 I tried adding the cert using IBM iKeyman, it appears that tomcat does not
 like the PKCS12 file modified using iKeyman.

 Any suggestions or help is appreciated.


Not familiar with that tool, but I would suggest trying to use either
Java's keytool or OpenSSL to verify that the PKCS12 file is still valid.
 Depending on the connector you've configured, Tomcat will either use the
JVM or OpenSSL to access the key store.  Making sure that your key store
can read them using standard tools is a good troubleshooting step.

Ex:

  keytool -list -keystore {path to keystore.pfx} -storetype PKCS12 -v

Dan

Re: web.xml authentication and Tomcat Realm

[Daniel Mikusa]

On Thu, Sep 4, 2014 at 8:02 PM, Dalecki, Janusz jdale...@tycoint.com
wrote:



 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: Friday, 5 September 2014 12:03 AM
 To: Tomcat Users List
 Subject: Re: web.xml authentication and Tomcat Realm

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Janusz,

 On 9/4/14 2:30 AM, Dalecki, Janusz wrote:
  -Original Message- From: Felix Schumacher
  [mailto:felix.schumac...@internetallee.de] Sent: Thursday, 4 September
  2014 3:29 PM To: Tomcat Users List Subject: Re: web.xml authentication
  and Tomcat Realm
 
 
 
  On 4. September 2014 05:35:42 MESZ, Dalecki, Janusz
  jdale...@tycoint.com wrote:
  Hi, I am just wondering whether somehow I can use web.xml
  login-config/ to point to the Tomcat JDBC Realm that I am using.
  Are those two completely disjoint or I can link them together.
  They are disjoint.
 
  web.xml is for the developer who has (almost) no knowledge of the
  context (environment) in which his application will run.
 
  context.xml (or equivalents) is the tool for the administrator to
  provide that knowledge to the application.
 

  It might be silly question, but if I use web.xml login-config element
  – where do I specify password? I am probably missing something.

 The Realm takes care of the credentials. For a DataSourceRealm of
 JDBCRealm, the usernames and passwords are stored in a relational database.
 For other Realms, the credentials are stored in other places.

 For instance, if you use a MemoryRealm, the passwords are typically stored
 in an XML file in CATALINA_BASE/conf/tomcat-users.xml. Using a MemoryRealm
 isn't really a good idea for a production system for a number of reasons.

 (Note that using JDBCRealm will give you terrible performance: use a
 DataSourceRealm instead with a JNDI DataSource.)

 You really need to read this:
 http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUCHEbAAoJEBzwKT+lPKRYlbsP/jPqVIkl3MhZJdmswWD5AL5y
 proOErqB/ytVoT2TvvwSb4oXUe0NI/BqmbCCXW7oaExljcw7Dqvtbt+PH0oW5uAu
 G8BXAq2IhJrfrufz1pDZzxx/zWqlQZ1xTVwlKkdYHknx/0jv4IfwUsMZNwz9OeOa
 uAJAckflhSPY/qI3/pD9HNoFpZoUS/UEpbmxIeSrjf7jsTJdWI+64xuFXsv6d/1D
 /NbYpaf+AznqpSuKogjNy/HTb6B1cl8NESJyB+umwxSn7H0bO07GX+CRAzpFpQxt
 Li48qkFrMMZBvTGtQEZmMw+wyOQ28gQ9lLQFs1h2QAuFCGouoW59jY96NJzSuuu1
 cSFGlUNcG4m9oW0zCNlpB0/YD0IODY13QVPPSqVFJhApg6m9uG4os/jb/aMNQ8xo
 6Hv6ri2xYGOCC6f/lhaOR7nSdeFEUSin+XHkF1y6xCBNmBSaZMjDbTt2xga134Fl
 dis1i3zEd7W+EZjiY/jerpRWMGuE9oR1g+PbYbVSnU/Ts+sjqvZflJmtgE+MdJ8a
 AHPcX0x+8PfPlYBs6yzm0nAHxxqiQdijzzBCwi8KZr7UQPWCtUaHIjmaljUJ+eST
 9U3Ue/ePrdyiJm18p7TmfeKI+aDR8g09oadbb9fOKCUz3DyLRH7Qo9uLmBCzZOIt
 3LJeFneb/hJ25+opQa7X
 =fCiU
 -END PGP SIGNATURE-
 Hi,
 Sorry I need to explain my problem more clearly.
 I have put JDBCRealm configuration with all details in the META-INF folder:
 Realm className=org.apache.catalina.realm.JDBCRealm
 driverName=org.postgresql.Driver
 connectionURL=jdbc:postgresql://localhost:5432/df_Scheduler?user=postgresamp;password=admin
 userTable=users userNameCol=userName userCredCol=password
 userRoleTable=user_roles roleNameCol=roleName/

 In my web.xml I have login-config element and security constraint as
 follows:
 security-constraint
 web-resource-collection
 web-resource-nameAdmin/web-resource-name
 url-pattern/auth/*/url-pattern
 /web-resource-collection
 auth-constraint
 role-nameSYSADMIN/role-name
 /auth-constraint
 /security-constraint

 security-role
 role-nameSYSADMIN/role-name
 /security-role
 login-config
 auth-methodBASIC/auth-method
 !--realm-nameAdmin/realm-name--
 /login-config
 I have defined users and passwords as explained in the TOMCAT Realm
 Configuration – HOW TO.
 When I ask for a page */auth/* the user/password dialog box pops up and no
 matter what I type in in user name field and password field and pops up
 again for ever.
 What am I doing wrong?


1.) Do you have users defined in the database?  Do you have the proper
roles assigned to those users?

2.) Do you see any errors listed in the log?  Either at startup or when you
attempt to login?

3.) For more info, you could try increasing the log level for the org.
apache.catalina.realm package.

Dan

Re: How a script can determine latest version of Tomcat

[Daniel Mikusa]

On Thu, Sep 4, 2014 at 1:48 PM, David P. Caldwell 
da...@code.davidpcaldwell.com wrote:

 I have a small program that downloads and installs an arbitrary
 version of Tomcat, using the API provided by Apache to select the
 proper mirror, and so forth.

 The script currently takes the Tomcat version as an argument. My
 script provides a default (which in my case is the latest version of
 Tomcat 7), but I have to manually update that default whenever I
 notice a new version has been released.

 What would be the best way for the script itself to determine the
 latest available version? Obviously I would give points for easy and
 points for robust, knowing that those two things might be in
 conflict.

 I can think of many horrifying ways to do it:

 * loop through integers starting with the last known version,
 attempting to download 7.0.x, until getting a 404
 * scraping and parsing the HTML at
 http://archive.apache.org/dist/tomcat/tomcat-7/, which I expect is
 rather stable


I did this recently for Tomcat 8.  Here's the command I used, which works
on my Mac.

   LATEST_VERSION=$(curl -s http://tomcat.apache.org/download-80.cgi | grep
h3 id=\8.0. | xpath '/h3/text()' 2/dev/null)

A slight variation works on Ubuntu if you install xpath.

   LATEST_VERSION=$(curl -s http://tomcat.apache.org/download-80.cgi | grep
h3 id=\8.0. | xpath -e '/h3/text()' 2/dev/null)

I'm sure there are other ways to do it, this was just the first one I put
together that worked for me.

Dan

So my challenge isn't coming up with *a* way to do it, but coming up
 with the best way.

 Suggestions?

 -- David P. Caldwell
 http://www.davidpcaldwell.com/

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configured JDBCRealm

[Daniel Mikusa]

On Tue, Sep 2, 2014 at 9:59 PM, Dalecki, Janusz jdale...@tycoint.com
wrote:



 -Original Message-
 From: Daniel Mikusa [mailto:dmik...@pivotal.io]
 Sent: Tuesday, 2 September 2014 10:04 PM
 To: Tomcat Users List
 Subject: Re: Configured JDBCRealm

 On Tue, Sep 2, 2014 at 7:00 AM, Dalecki, Janusz jdale...@tycoint.com
 wrote:

  Hi,
  I have configured JDBCRealm Tomcat with the following:
 
  Context
 
  Realm className=org.apache.catalina.realm.JDBCRealm
  driverName=org.postgresql.Driver
 
 connectionURL=jdbc:postgresql://localhost:5432/df_Scheduler?user=postgresamp;password=admin
  userTable=users userNameCol=userName userCredCol=password
  userRoleTable=user_roles roleNameCol=roleName/
 
  /Context
  I have a few questions:
 
  1)  How can I get hold of this realm object within my  Java app?
  2)  Even if I get the instance of the JDBCRealm - how do I get the
  list of all roles available?
 

 What's the purpose of doing this?

 This is just me, but if I wanted to get a list of my users or roles, I
 would use JDBC and pull them from the database.  Then I don't have to tie
 my application to Tomcat's internal classes.

 Dan

 Hi,
 Thanks for the reply.
 So what is the purpose of Tomcat’s Realms - I thought that was exactly the
 reason why they are there – so I don’t have to pull the users from the
 database.


Almost.  They're there so that Tomcat can pull users from the database (or
from where ever the realm gets its data).  I say Tomcat because they're
internal components to Tomcat (see the org.apache.tomcat package name) and
so an application developer would not generally interact with them
directly.  The typical course for an application developer would be
to declare his or her security requirements in the application and simply
let Tomcat will enforce them.  This keeps your app portable, since the
application only uses the Servlet spec.

Not sure what you're goal is here, since you declined to answer but if you
need more access to the user data, like if you wanted to create a user and
role administration page, you'd need to write your own data access code.


 Also is there any way of getting hold of the instance of JDBCRealm I have
 configured?


I don't believe it's possible using the Servlet apis.

Dan

Re: UTF-8 encoded request URI

[Daniel Mikusa]

On Wed, Sep 3, 2014 at 7:45 AM, Lulseged Zerfu zlulse...@hotmail.com
wrote:

 Hi  I am getting bad request from tomcat when I send UTF-8 encoded request
 to my application.


Can you give an example of the request?  Are the non-ascii characters in
the URL or in the payload of your request (or both)?


 I have configured connector in my server.xml with URIEncoding=”UTF-8”.


Not necessary with Tomcat 8.  The default for URIEncoding is UTF-8.
 Unless you have set the system
property org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true.  That will
override the URIEncoding and set it to ISO-8859-1.

I have set charset in the request to UTF-8. How can I solve 400 Bad
 request? How can I tell tomcat to decode request URI instead of responding
 with 400 Bad request?


You seem certain that the 400 error is due to the encoding.  Perhaps it's
something else?  What have you done to troubleshoot this?  Have you tried
stepping through things with a debugger?

Dan


 I will appreciate any help.
 I am using tomcat 8.0.11 on windows 8 x64. I have also tried with tomcat
 7.0.55. BRLulseged

Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55

[Daniel Mikusa]

On Wed, Sep 3, 2014 at 11:36 AM, Robert Anderson ranom...@gmail.com wrote:

 Hi,


 In a privileged context, a have the following jsp to test a global jndi
 resource:

 %@ page session=false import=java.util.*,java.sql.*,javax.naming.*,
 javax.sql.*,org.apache.commons.dbcp.* contentType=text/html %
 %!

 protected void doLookup(JspWriter out) throws ServletException, IOException
 {
  Context ctx;
  try {
   ctx = new InitialContext();
   Object o = ctx.lookup(java:jdbc/cacheapp);
   out.println(o);


  } catch (NamingException e) {
   out.println(e.getMessage());
  } catch (Exception e) {
  }
  }

 %

 html
 head
   titleTest JNDI/title
 /head
 body

 h1Teste JNDI/h1
 hr/
 %
 doLookup(out);
 %
 hr/

 /body
 /html


 Versions earlier than 6.0.41:

 org.apache.tomcat.jdbc.pool.DataSource@29050dfd
 {ConnectionPool[defaultAutoCommit=null;
 defaultReadOnly=null; defaultTransactionIsolation=-1; defaultCatalog=null;
 driverClassName=com.intersys.jdbc.CacheDriver; maxActive=10; maxIdle=2;
 minIdle=1; initialSize=10; maxWait=1; testOnBorrow=true;
 testOnReturn=false; timeBetweenEvictionRunsMillis=5000;
 numTestsPerEvictionRun=0; minEvictableIdleTimeMillis=6;
 testWhileIdle=false; testOnConnect=false; password=;
 url=jdbc:Cache://localhost:1972/USER; username=tomcat;
 validationQuery=select 1 from dual; validationQueryTimeout=-1;
 validatorClassName=null; validationInterval=0;
 accessToUnderlyingConnectionAllowed=true; removeAbandoned=true;
 removeAbandonedTimeout=300; logAbandoned=false; connectionProperties=null;
 initSQL=null; jdbcInterceptors=null; jmxEnabled=true; fairQueue=true;
 useEquals=true; abandonWhenPercentageFull=0; maxAge=0; useLock=false;
 dataSource=null; dataSourceJNDI=null; suspectTimeout=0;
 alternateUsernameAllowed=true; commitOnReturn=false;
 rollbackOnReturn=false; useDisposableConnectionFacade=true;
 logValidationErrors=false; propagateInterruptState=false;
 ignoreExceptionOnPreLoad=false; }


 6.0.41 and 7.0.55:

 Name jdbc is not bound in this Context


You'll usually see this when the resource is not successfully created for
some reason.  Do you see any errors in the logs that might indicate a
problem with the resource?  Connection issue, missing JDBC driver, etc...

You can also see if the resource exists by looking for it through jconsole
or jvisualvm.  Can you confirm it exists?

Lastly you mentioned it's a global resource.  Can you confirm that there's
a resource link setup?

Dan



 That is a bug?


 We are having a issue in psi-probe because this behavior change (
 https://code.google.com/p/psi-probe/issues/detail?id=411).


 Thanks in advance.

Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55

[Daniel Mikusa]

On Wed, Sep 3, 2014 at 11:51 AM, Robert Anderson ranom...@gmail.com wrote:

 Ok! :)

 Steps to reproduce:

 1)Download and unpack 6.0.39


 http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.39/bin/apache-tomcat-6.0.39.tar.gz

 2) Create a global jndi resouce in server.xml

 
 GlobalNamingResources
 Resource name=jdbc/cacheapp auth=Container
 type=javax.sql.DataSource removeAbandoned=true
 removeAbandonedTimeout=300
maxActive=10 maxIdle=2 minIdle=1
 maxWait=1
validationQuery=select 1 from dual
testOnBorrow=true
validationInterval=0
username=_system password=SYS
 driverClassName=com.intersys.jdbc.CacheDriver
url=jdbc:Cache://localhost:1972/USER/

   /GlobalNamingResources
 ...

 3) Install psi-probe:
 https://code.google.com/p/psi-probe/downloads/detail?name=probe-2.3.3.zip,
 unpack and copy probe.war to webapps dir;

 4)  Edit tomcat-users.xml

 role rolename=probeuser /
   role rolename=poweruser /
   role rolename=poweruserplus /
   role rolename=manager /

   user username=admin password=t0psecret roles=manager /

 5) Start tomcat and go to  http://localhost:8080/probe/datasources.htm

 It will list global jndi resources.


I think the question is how does it list these?  You haven't added any
resource links, so technically there are no resources available to your
application through JNDI.  See the Introduction section here, which states
why resource links are necessary.


http://tomcat.apache.org/tomcat-7.0-doc/config/globalresources.html#Introduction

Have you tried looking at your running 6.0.41 server, connecting with JMX
and looking at the MBeans?  Is your database connection pool resources
actually available?

Dan


 Instead of Tomcat 6.0.39, use 6.0.41 and probe will not list global jndi
 resources anymore.


 Thanks.



 2014-09-03 12:39 GMT-03:00 Filip Hanik fi...@hanik.com:

  can you post your configuration file. that will be the only way we can
 help
  you fix it, as I doubt tomcat will go back to pre 6.0.41 days :)
 
  Filip
 
 
 
  On Wed, Sep 3, 2014 at 9:36 AM, Robert Anderson ranom...@gmail.com
  wrote:
 
   Hi,
  
  
   In a privileged context, a have the following jsp to test a global jndi
   resource:
  
   %@ page session=false import=java.util.*,java.sql.*,javax.naming.*,
   javax.sql.*,org.apache.commons.dbcp.* contentType=text/html %
   %!
  
   protected void doLookup(JspWriter out) throws ServletException,
  IOException
   {
Context ctx;
try {
 ctx = new InitialContext();
 Object o = ctx.lookup(java:jdbc/cacheapp);
 out.println(o);
  
  
} catch (NamingException e) {
 out.println(e.getMessage());
} catch (Exception e) {
}
}
  
   %
  
   html
   head
 titleTest JNDI/title
   /head
   body
  
   h1Teste JNDI/h1
   hr/
   %
   doLookup(out);
   %
   hr/
  
   /body
   /html
  
  
   Versions earlier than 6.0.41:
  
   org.apache.tomcat.jdbc.pool.DataSource@29050dfd
   {ConnectionPool[defaultAutoCommit=null;
   defaultReadOnly=null; defaultTransactionIsolation=-1;
  defaultCatalog=null;
   driverClassName=com.intersys.jdbc.CacheDriver; maxActive=10; maxIdle=2;
   minIdle=1; initialSize=10; maxWait=1; testOnBorrow=true;
   testOnReturn=false; timeBetweenEvictionRunsMillis=5000;
   numTestsPerEvictionRun=0; minEvictableIdleTimeMillis=6;
   testWhileIdle=false; testOnConnect=false; password=;
   url=jdbc:Cache://localhost:1972/USER; username=tomcat;
   validationQuery=select 1 from dual; validationQueryTimeout=-1;
   validatorClassName=null; validationInterval=0;
   accessToUnderlyingConnectionAllowed=true; removeAbandoned=true;
   removeAbandonedTimeout=300; logAbandoned=false;
  connectionProperties=null;
   initSQL=null; jdbcInterceptors=null; jmxEnabled=true; fairQueue=true;
   useEquals=true; abandonWhenPercentageFull=0; maxAge=0; useLock=false;
   dataSource=null; dataSourceJNDI=null; suspectTimeout=0;
   alternateUsernameAllowed=true; commitOnReturn=false;
   rollbackOnReturn=false; useDisposableConnectionFacade=true;
   logValidationErrors=false; propagateInterruptState=false;
   ignoreExceptionOnPreLoad=false; }
  
  
   6.0.41 and 7.0.55:
  
   Name jdbc is not bound in this Context
  
   That is a bug?
  
  
   We are having a issue in psi-probe because this behavior change (
   https://code.google.com/p/psi-probe/issues/detail?id=411).
  
  
   Thanks in advance.
  
 

Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55

[Daniel Mikusa]

On Wed, Sep 3, 2014 at 1:09 PM, Robert Anderson ranom...@gmail.com wrote:

 Thanks, Daniel. But my question the question is why that was working in
 6.0.39 and the firsts releases of 7.0.x?


Hard to say because I don't know the application's code, so I'm not sure
what it is doing.  It's a pretty safe bet it isn't pulling that information
from JNDI though (because there aren't any resource links).  However it's
doing this, it would seem that something has changed and broke the app.
 Attaching a debugger and seeing what happens when you hit that URL might
give you some more details.

Dan


 Tomcat is not bind in java:global name anymore. Was it a feature request
 or is it a bug?
 Em 03/09/2014 13:48, Daniel Mikusa dmik...@pivotal.io escreveu:

  On Wed, Sep 3, 2014 at 11:51 AM, Robert Anderson ranom...@gmail.com
  wrote:
 
   Ok! :)
  
   Steps to reproduce:
  
   1)Download and unpack 6.0.39
  
  
  
 
 http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.39/bin/apache-tomcat-6.0.39.tar.gz
  
   2) Create a global jndi resouce in server.xml
  
   
   GlobalNamingResources
   Resource name=jdbc/cacheapp auth=Container
   type=javax.sql.DataSource removeAbandoned=true
   removeAbandonedTimeout=300
  maxActive=10 maxIdle=2
 minIdle=1
   maxWait=1
  validationQuery=select 1 from dual
  testOnBorrow=true
  validationInterval=0
  username=_system password=SYS
   driverClassName=com.intersys.jdbc.CacheDriver
  
  url=jdbc:Cache://localhost:1972/USER/
  
 /GlobalNamingResources
   ...
  
   3) Install psi-probe:
  
 
 https://code.google.com/p/psi-probe/downloads/detail?name=probe-2.3.3.zip,
   unpack and copy probe.war to webapps dir;
  
   4)  Edit tomcat-users.xml
  
   role rolename=probeuser /
 role rolename=poweruser /
 role rolename=poweruserplus /
 role rolename=manager /
  
 user username=admin password=t0psecret roles=manager /
  
   5) Start tomcat and go to  http://localhost:8080/probe/datasources.htm
  
   It will list global jndi resources.
  
 
  I think the question is how does it list these?  You haven't added any
  resource links, so technically there are no resources available to your
  application through JNDI.  See the Introduction section here, which
 states
  why resource links are necessary.
 
 
 
 
 http://tomcat.apache.org/tomcat-7.0-doc/config/globalresources.html#Introduction
 
  Have you tried looking at your running 6.0.41 server, connecting with JMX
  and looking at the MBeans?  Is your database connection pool resources
  actually available?
 
  Dan
 
 
   Instead of Tomcat 6.0.39, use 6.0.41 and probe will not list global
 jndi
   resources anymore.
  
  
   Thanks.
  
  
  
   2014-09-03 12:39 GMT-03:00 Filip Hanik fi...@hanik.com:
  
can you post your configuration file. that will be the only way we
 can
   help
you fix it, as I doubt tomcat will go back to pre 6.0.41 days :)
   
Filip
   
   
   
On Wed, Sep 3, 2014 at 9:36 AM, Robert Anderson ranom...@gmail.com
wrote:
   
 Hi,


 In a privileged context, a have the following jsp to test a global
  jndi
 resource:

 %@ page session=false
  import=java.util.*,java.sql.*,javax.naming.*,
 javax.sql.*,org.apache.commons.dbcp.* contentType=text/html %
 %!

 protected void doLookup(JspWriter out) throws ServletException,
IOException
 {
  Context ctx;
  try {
   ctx = new InitialContext();
   Object o = ctx.lookup(java:jdbc/cacheapp);
   out.println(o);


  } catch (NamingException e) {
   out.println(e.getMessage());
  } catch (Exception e) {
  }
  }

 %

 html
 head
   titleTest JNDI/title
 /head
 body

 h1Teste JNDI/h1
 hr/
 %
 doLookup(out);
 %
 hr/

 /body
 /html


 Versions earlier than 6.0.41:

 org.apache.tomcat.jdbc.pool.DataSource@29050dfd
 {ConnectionPool[defaultAutoCommit=null;
 defaultReadOnly=null; defaultTransactionIsolation=-1;
defaultCatalog=null;
 driverClassName=com.intersys.jdbc.CacheDriver; maxActive=10;
  maxIdle=2;
 minIdle=1; initialSize=10; maxWait=1; testOnBorrow=true;
 testOnReturn=false; timeBetweenEvictionRunsMillis=5000;
 numTestsPerEvictionRun=0; minEvictableIdleTimeMillis=6;
 testWhileIdle=false; testOnConnect=false; password=;
 url=jdbc:Cache://localhost:1972/USER; username=tomcat;
 validationQuery=select 1 from dual; validationQueryTimeout=-1;
 validatorClassName=null; validationInterval=0;
 accessToUnderlyingConnectionAllowed=true; removeAbandoned=true;
 removeAbandonedTimeout=300; logAbandoned=false;
connectionProperties=null;
 initSQL=null; jdbcInterceptors=null; jmxEnabled=true;
 fairQueue=true;
 useEquals=true

Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55

[Daniel Mikusa]

On Wed, Sep 3, 2014 at 2:33 PM, Robert Anderson ranom...@gmail.com wrote:

 This is the complete code that was working:

 https://code.google.com/p/psi-probe/source/browse/trunk/core/src/main/java/com/googlecode/psiprobe/beans/ResourceResolverBean.java


 public List getApplicationResources() throws NamingException {
 logger.info(Reading GLOBAL resources);
 List resources = new ArrayList();

 MBeanServer server = getMBeanServer();
 if (server != null) {
 try {
 Set dsNames = server.queryNames(new ObjectName(
 Catalina:type=Resource,resourcetype=Global,*), null);
 for (Iterator it = dsNames.iterator(); it.hasNext();) {
 ObjectName objectName = (ObjectName) it.next();
 ApplicationResource resource = new ApplicationResource
 ();

 logger.info(reading resource:  + objectName);


Do you see this being logged?

Dan



 resource.setName(getStringAttribute(server, objectName,
 name));
 resource.setType(getStringAttribute(server, objectName,
 type));
 resource.setScope(getStringAttribute(server,
 objectName,
 scope));
 resource.setAuth(getStringAttribute(server, objectName,
 auth));
 resource.setDescription(getStringAttribute(server,
 objectName, description));

 lookupResource(resource, true, true);

 resources.add(resource);
 }
 } catch (Exception e) {
 logger.error(There was an error querying JMX server:, e);
 }
 }
 return resources;
 } public void lookupResource(ApplicationResource resource, boolean
 contextBound, boolean global) {
 DataSourceInfo dataSourceInfo = null;
 if (contextBound) {
 try {
 String jndiName = resolveJndiName(resource.getName(),
 global
 );
 Object o = new InitialContext().lookup(jndiName); //The
 exception is here
 resource.setLookedUp(true);
 for (Iterator it = datasourceMappers.iterator(); it.hasNext
 ();) {
 DatasourceAccessor accessor = (DatasourceAccessor) it.
 next();
 dataSourceInfo = accessor.getInfo(o);
 if (dataSourceInfo != null) {
 break;
 }
 }

 } catch (Throwable e) {
 resource.setLookedUp(false);
 dataSourceInfo = null;
 logger.error(Failed to lookup:  + resource.getName(), e);
 //
 // make sure we always re-throw ThreadDeath
 //
 if (e instanceof ThreadDeath) {
 throw (ThreadDeath) e;
 }
 }
 } else {
 resource.setLookedUp(false);
 }

 We are suspecting that this fix broke something:
 https://issues.apache.org/bugzilla/show_bug.cgi?id=56451.



 2014-09-03 15:25 GMT-03:00 Filip Hanik fi...@hanik.com:

  On Wed, Sep 3, 2014 at 11:09 AM, Robert Anderson ranom...@gmail.com
  wrote:
 
   Thanks, Daniel. But my question the question is why that was working in
   6.0.39 and the firsts releases of 7.0.x?
   Tomcat is not bind in java:global name anymore. Was it a feature
  request
   or is it a bug?
  
 
  ​Not sure, the resource links have been around for a long time. It may
 have
  been a security feature to not expose .
  However, I'm sure there was a reason for it, and very unlikely it will
  change back
  You can get around it by adding a ResourceLink element in your
  conf/context.xml, as this setting will apply to all your apps deployed.
 
  Filip
 
 
 
   Em 03/09/2014 13:48, Daniel Mikusa dmik...@pivotal.io escreveu:
  
On Wed, Sep 3, 2014 at 11:51 AM, Robert Anderson ranom...@gmail.com
 
wrote:
   
 Ok! :)

 Steps to reproduce:

 1)Download and unpack 6.0.39



   
  
 
 http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.39/bin/apache-tomcat-6.0.39.tar.gz

 2) Create a global jndi resouce in server.xml

 
 GlobalNamingResources
 Resource name=jdbc/cacheapp auth=Container
 type=javax.sql.DataSource removeAbandoned=true
 removeAbandonedTimeout=300
maxActive=10 maxIdle=2
   minIdle=1
 maxWait=1
validationQuery=select 1 from dual
testOnBorrow=true
validationInterval=0
username=_system
 password=SYS
 driverClassName=com.intersys.jdbc.CacheDriver

url=jdbc:Cache://localhost:1972/USER/

   /GlobalNamingResources
 ...

 3) Install psi-probe:

   
  
 
 https://code.google.com/p/psi-probe/downloads/detail?name=probe-2.3.3.zip

Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55

[Daniel Mikusa]

On Wed, Sep 3, 2014 at 11:51 AM, Robert Anderson ranom...@gmail.com wrote:

 Ok! :)

 Steps to reproduce:

 1)Download and unpack 6.0.39


 http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.39/bin/apache-tomcat-6.0.39.tar.gz

 2) Create a global jndi resouce in server.xml

 
 GlobalNamingResources
 Resource name=jdbc/cacheapp auth=Container
 type=javax.sql.DataSource removeAbandoned=true
 removeAbandonedTimeout=300
maxActive=10 maxIdle=2 minIdle=1
 maxWait=1
validationQuery=select 1 from dual
testOnBorrow=true
validationInterval=0
username=_system password=SYS
 driverClassName=com.intersys.jdbc.CacheDriver
url=jdbc:Cache://localhost:1972/USER/

   /GlobalNamingResources
 ...

 3) Install psi-probe:
 https://code.google.com/p/psi-probe/downloads/detail?name=probe-2.3.3.zip,
 unpack and copy probe.war to webapps dir;

 4)  Edit tomcat-users.xml

 role rolename=probeuser /
   role rolename=poweruser /
   role rolename=poweruserplus /
   role rolename=manager /

   user username=admin password=t0psecret roles=manager /

 5) Start tomcat and go to  http://localhost:8080/probe/datasources.htm

 It will list global jndi resources.


 Instead of Tomcat 6.0.39, use 6.0.41 and probe will not list global jndi
 resources anymore.


I tried these steps with Tomcat 7.0.55 and was able to replicate the
problem.  I was also able to resolve the problem by adding a ResourceLink
tag.

?xml version='1.0' encoding='utf-8'?
Context privileged=true
ResourceLink name=jdbc/myDb global=jdbc/myDb /
/Context

I'm going to try with Tomcat 6.0.39 and 6.0.41 as well.

Dan




 Thanks.



 2014-09-03 12:39 GMT-03:00 Filip Hanik fi...@hanik.com:

  can you post your configuration file. that will be the only way we can
 help
  you fix it, as I doubt tomcat will go back to pre 6.0.41 days :)
 
  Filip
 
 
 
  On Wed, Sep 3, 2014 at 9:36 AM, Robert Anderson ranom...@gmail.com
  wrote:
 
   Hi,
  
  
   In a privileged context, a have the following jsp to test a global jndi
   resource:
  
   %@ page session=false import=java.util.*,java.sql.*,javax.naming.*,
   javax.sql.*,org.apache.commons.dbcp.* contentType=text/html %
   %!
  
   protected void doLookup(JspWriter out) throws ServletException,
  IOException
   {
Context ctx;
try {
 ctx = new InitialContext();
 Object o = ctx.lookup(java:jdbc/cacheapp);
 out.println(o);
  
  
} catch (NamingException e) {
 out.println(e.getMessage());
} catch (Exception e) {
}
}
  
   %
  
   html
   head
 titleTest JNDI/title
   /head
   body
  
   h1Teste JNDI/h1
   hr/
   %
   doLookup(out);
   %
   hr/
  
   /body
   /html
  
  
   Versions earlier than 6.0.41:
  
   org.apache.tomcat.jdbc.pool.DataSource@29050dfd
   {ConnectionPool[defaultAutoCommit=null;
   defaultReadOnly=null; defaultTransactionIsolation=-1;
  defaultCatalog=null;
   driverClassName=com.intersys.jdbc.CacheDriver; maxActive=10; maxIdle=2;
   minIdle=1; initialSize=10; maxWait=1; testOnBorrow=true;
   testOnReturn=false; timeBetweenEvictionRunsMillis=5000;
   numTestsPerEvictionRun=0; minEvictableIdleTimeMillis=6;
   testWhileIdle=false; testOnConnect=false; password=;
   url=jdbc:Cache://localhost:1972/USER; username=tomcat;
   validationQuery=select 1 from dual; validationQueryTimeout=-1;
   validatorClassName=null; validationInterval=0;
   accessToUnderlyingConnectionAllowed=true; removeAbandoned=true;
   removeAbandonedTimeout=300; logAbandoned=false;
  connectionProperties=null;
   initSQL=null; jdbcInterceptors=null; jmxEnabled=true; fairQueue=true;
   useEquals=true; abandonWhenPercentageFull=0; maxAge=0; useLock=false;
   dataSource=null; dataSourceJNDI=null; suspectTimeout=0;
   alternateUsernameAllowed=true; commitOnReturn=false;
   rollbackOnReturn=false; useDisposableConnectionFacade=true;
   logValidationErrors=false; propagateInterruptState=false;
   ignoreExceptionOnPreLoad=false; }
  
  
   6.0.41 and 7.0.55:
  
   Name jdbc is not bound in this Context
  
   That is a bug?
  
  
   We are having a issue in psi-probe because this behavior change (
   https://code.google.com/p/psi-probe/issues/detail?id=411).
  
  
   Thanks in advance.
  
 

Re: Manager app + RemoteAddrValve + 403 Access Denied

[Daniel Mikusa]

On Mon, Sep 1, 2014 at 12:36 PM, Shanti Suresh sha...@umich.edu wrote:

 Hi Dan,



 On Fri, Aug 29, 2014 at 12:34 PM, Daniel Mikusa dmik...@pivotal.io
 wrote:

 
  Can you access the JMXProxy servlet directly?
 
 
 
 
 http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Using_the_JMX_Proxy_Servlet
 
 
 Thanks for the note and the references.  On accessing the JMXProxy servlet
 directly, I get a 403 Access Denied as well.


  Have you configured access to the manager app?
 
 
 
 
 http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring_Manager_Application_Access
 
 
 I would like localhost to access the JMXProxy servlet without a password.
  And hence, I used the RemoteAddrValve in the manager-context within
 manager.xml to configure access. This setup used to work in 7.0.23 with
 just an IP address restriction and no password.


So using a RemoteAddrValve will allow you to restrict access by IP address,
but the manager application is still configured to require authentication.
 See this note from the link I sent previously.

It would be quite unsafe to ship Tomcat with default settings that allowed
anyone on the Internet to execute the Manager application on your server.
Therefore, the Manager application is shipped with the requirement that
anyone who attempts to use it must authenticate themselves, using a
username and password that have one of manager-** roles associated with
them (the role name depends on what functionality is required). Further,
there is no username in the default users file
($CATALINA_BASE/conf/tomcat-users.xml) that is assigned to those roles.
Therefore, access to the Manager application is completely disabled by
default. 

Did you do something in your previous setup to disable authentication?


 I have a perl script that
 periodically invokes JSPs within the manager application; these JSPs then
 invoke the JMXProxy servlet.  So I thought I could get the same thing to
 happen in 7.0.52.


How are the JSP's invoking the JMXProxyServlet?  Are they sending an HTTP
request?

Dan




 I know I am missing something.

 Thanks,

 -Shanti

Re: Configured JDBCRealm

[Daniel Mikusa]

On Tue, Sep 2, 2014 at 7:00 AM, Dalecki, Janusz jdale...@tycoint.com
wrote:

 Hi,
 I have configured JDBCRealm Tomcat with the following:

 Context

 Realm className=org.apache.catalina.realm.JDBCRealm
 driverName=org.postgresql.Driver
 connectionURL=jdbc:postgresql://localhost:5432/df_Scheduler?user=postgresamp;password=admin
 userTable=users userNameCol=userName userCredCol=password
 userRoleTable=user_roles roleNameCol=roleName/

 /Context
 I have a few questions:

 1)  How can I get hold of this realm object within my  Java app?
 2)  Even if I get the instance of the JDBCRealm - how do I get the
 list of all roles available?


What's the purpose of doing this?

This is just me, but if I wanted to get a list of my users or roles, I
would use JDBC and pull them from the database.  Then I don't have to tie
my application to Tomcat's internal classes.

Dan



 Regards,
 Janusz


 

 This e-mail contains privileged and confidential information intended for
 the use of the addressees named above. If you are not the intended
 recipient of this e-mail, you are hereby notified that you must not
 disseminate, copy or take any action in respect of any information
 contained in it. If you have received this e-mail in error, please notify
 the sender immediately by e-mail and immediately destroy this e-mail and
 its attachments.

Re: Manager app + RemoteAddrValve + 403 Access Denied

[Daniel Mikusa]

On Tue, Sep 2, 2014 at 10:53 AM, Shanti Suresh sha...@umich.edu wrote:

 Hi Dan,


 On Tue, Sep 2, 2014 at 7:50 AM, Daniel Mikusa dmik...@pivotal.io wrote:

 
 
 
  So using a RemoteAddrValve will allow you to restrict access by IP
 address,
  but the manager application is still configured to require
 authentication.
   See this note from the link I sent previously.
 
  It would be quite unsafe to ship Tomcat with default settings that
 allowed
  anyone on the Internet to execute the Manager application on your server.
  Therefore, the Manager application is shipped with the requirement that
  anyone who attempts to use it must authenticate themselves, using a
  username and password that have one of manager-** roles associated with
  them (the role name depends on what functionality is required). Further,
  there is no username in the default users file
  ($CATALINA_BASE/conf/tomcat-users.xml) that is assigned to those roles.
  Therefore, access to the Manager application is completely disabled by
  default. 
 
  Did you do something in your previous setup to disable authentication?
 
 
 That's what I am looking hard and I can't seem to find anything different I
 did, in manager's web.xml in 7.0.23.  There is nothing in manager's
 META-INF/context.xml either.

 
 
  How are the JSP's invoking the JMXProxyServlet?  Are they sending an HTTP
  request?
 
 
 The JSPs simply forward the request to the jmxproxy servlet as follows, in
 the heapused.jsp:

 --start of heapused.jsp:-
 jsp:forward page=/jmxproxy/
 jsp:param name=get value=java.lang:type=Memory /
 jsp:param name=att value=HeapMemoryUsage /
 jsp:param name=key value=used /
 /jsp:forward
 --end of heapused.jsp


I tried adding this to my manager app and it was triggering a 403.  A quick
investigation showed the 403 was coming from the CRF filter (i.e. 403 with
direct access, success with nonce in the URL).  Maybe you're seeing the
same thing?

Dan

Re: Manager app + RemoteAddrValve + 403 Access Denied

[Daniel Mikusa]

On Tue, Sep 2, 2014 at 4:41 PM, Shanti Suresh sha...@umich.edu wrote:

 Hi Dan,


 On Tue, Sep 2, 2014 at 12:19 PM, Daniel Mikusa dmik...@pivotal.io wrote:

 
 
  I tried adding this to my manager app and it was triggering a 403.  A
 quick
  investigation showed the 403 was coming from the CRF filter (i.e. 403
 with
  direct access, success with nonce in the URL).  Maybe you're seeing the
  same thing?
 
  Hi Daniel,

 Did you succeed when you used curl on the localhost running the Tomcat
 service?


I didn't try curl.  I believe it should work, assuming you send the right
nonce.


 So in order to get a nonce in the URL, did you first log in?


Yes, but that was just because it was the quickest way to get a nonce to
test.  I just copied and pasted it.

Another way to get the nonce would be to create a page like links.jsp.
 On that page, you could just output the links.

Ex:

  %= response.encodeURL(heapused.jsp) %

As long as you're using response.encodeURL, the nonce will be
automatically added to the link.  The only other thing you need to do is to
add /links.jsp (or whatever URL you expose) to the entryPoints
parameter of the CsrfPreventionFilter in web.xml (for the manager app).
 You could then modify your script to hit the link and grab the list of
URLs with nonce included.

I suppose you could also just list your custom JSP pages as entryPoints,
however that's going to bypass the CsrfProtectionFilter for them.  Please
note the caution provided in the entry points documentation Entry points
will be limited to HTTP GET requests and should not trigger any security
sensitive actions.

Also, if you don't care you could just remove the CsrfProtectionFilter, but
it's not something I would recommend.

Dan


  If
 you can list the steps you followed, then I'd appreciate it.

 Running Tomcat in DEBUG mode, although it says the following, I still get a
 403.

 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   No applicable constraint located
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.authenticator.AuthenticatorBase-  Not subject to any
 constraint
 :

 Below is the DEBUG snippet for the request:

 -  Tomcat Debug log snippet:
 2014-09-02 16:24:48,418 [catalina-exec-3] DEBUG
 org.apache.catalina.connector.CoyoteAdapter- The variable [uriBC] has value
 [/manager/heapused.jsp]
 2014-09-02 16:24:48,418 [catalina-exec-3] DEBUG
 org.apache.catalina.connector.CoyoteAdapter- The variable [semicolon] has
 value [-1]
 2014-09-02 16:24:48,418 [catalina-exec-3] DEBUG
 org.apache.catalina.connector.CoyoteAdapter- The variable [enc] has value
 [UTF-8]2014-09-02 16:24:48,419 [catalina-exec-3] DEBUG
 org.apache.catalina.authenticator.AuthenticatorBase- Security checking
 request GET /manager/heapused.jsp
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[Status interface]' against GET /heapused.jsp -- false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[HTML Manager interface (for humans)]' against GET
 /heapused.jsp -- false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[JMX Proxy interface]' against GET /heapused.jsp --
 false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[Text Manager interface (for scripts)]' against GET
 /heapused.jsp -- false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[Status interface]' against GET /heapused.jsp -- false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[HTML Manager interface (for humans)]' against GET
 /heapused.jsp -- false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[JMX Proxy interface]' against GET /heapused.jsp --
 false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[Text Manager interface (for scripts)]' against GET
 /heapused.jsp -- false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[Status interface]' against GET /heapused.jsp --
 false2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[HTML Manager interface (for humans)]' against GET
 /heapused.jsp
  -- false
 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG
 org.apache.catalina.realm.RealmBase-   Checking constraint
 'SecurityConstraint[JMX Proxy interface]' against GET /heapused.jsp --
 false
 2014-09-02 16:24:48,420

Re: can't make external lib jars loaded with Resources in tomcat 8

[Daniel Mikusa]

On Aug 29, 2014 4:56 PM, Sergei Kovalev skov...@gmail.com wrote:

 Can anybody provide working example how to externalize libs for
application
 under tomcat 8?
 I have done below but it does not work, libs not getting loaded.


 Resources
PreResources
  base=C:\Projects\tomcat\apache-tomcat-8.0.11\hostlibs\myhost
 className=org.apache.catalina.webresources.DirResourceSet
 webAppMount=/WEB-INF/lib/

 /Resources

This looks ok at first glance.

I haven't used it on Windows though. Have you tried using forward slashes
in the path? What about doubling up the backslashes?

Dan



 Thanks

Re: Manager app + RemoteAddrValve + 403 Access Denied

[Daniel Mikusa]

On Fri, Aug 29, 2014 at 12:15 PM, Shanti Suresh sha...@umich.edu wrote:

 Greetings,

 I am running Tomcat 7.0.52.

 I am a bit unsure as to why localhost is being denied a JMXProxy servlet
 query with a 403.  I tried using curl as:

 curl http://localhost:8090/manager/heapused.jsp

 I have CATALINA_HOME/conf/Catalina/localhost/manager.xml set as follows:

 Context path=/manager privileged=true
  docBase=/opt/tomcat/mgmt/apache/webapps/manager
Valve className=org.apache.catalina.valves.RemoteAddrValve
 allow=127\.0\.0\.1/
 /Context

 I have heapused.jsp under the manager app as follows:

 jsp:forward page=/jmxproxy/
 jsp:param name=get value=java.lang:type=Memory /
 jsp:param name=att value=HeapMemoryUsage /
 jsp:param name=key value=used /
 /jsp:forward

 File permissions are:
  -rw-rw-r-- 1 user group 189 Aug 29 10:29 manager/heapused.jsp

 Appreciate any tips.

 Thank you,

   -Shanti


Can you access the JMXProxy servlet directly?


http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Using_the_JMX_Proxy_Servlet

Have you configured access to the manager app?


http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring_Manager_Application_Access

Dan

Re: Install Tomcat on Oracle Enterprise Linux

[Daniel Mikusa]

On Tue, Aug 26, 2014 at 3:08 AM, Vijay Kumar vijy.gan...@gmail.com wrote:

 Hi,

 Can i install Tomcat on Oracle Enterprise Linux.


Can you install a JVM on it?  If so, then Tomcat will very likely run
there.




 Could you please share us the link/doc which i need to refer.


http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt

or download Tomcat and look at the RUNNING.txt file that comes with it.

Dan




 Thanks,
 Vijay G

Re: How can we configure deployXML=true in security manager ?

[Daniel Mikusa]

On Thu, Aug 14, 2014 at 6:39 AM, Utkarsh Dave utkarshkd...@gmail.com
wrote:

 We upgraded from Tomcat 7.0.41 to tomcat 7.0.53.
 We are starting the Tomcat as -security so as to enable security manager.
 I also see the changelog of 7.0.48 mentioning about this change
 When running under a security manager, change the default value of the
 Host's deployXML attribute to false.
 add If a Host is configured with a value of false for deployXML, a web
 application has an embedded descriptor at META-INF/context.xml and no
 explicit descriptor has been defined for this application, do not allow the
 application to start. The reason for this is that the embedded descriptor
 may contain configuration necessary for secure operation such as a
 RemoteAddrValve.
 

 As a result many of the applications are not starting in my project.
 How can we fix this?


Don't rely on the contents of your application's META-INF/context.xml
files.  As the note you quoted mentions, when you set -security it is
going to set deployXML to false.  This is explained a bit more in the
docs for deployXML.

Set to false if you want to disable parsing the context XML descriptor
embedded inside the application (located at /META-INF/context.xml).
Security conscious environments should set this to false to prevent
applications from interacting with the container's configuration. The
administrator will then be responsible for providing an external context
configuration file, and putting it in the location defined by the xmlBase
attribute. If this flag is false, a descriptor is located at
/META-INF/context.xml and no descriptor is present in xmlBase then the
context will fail to start in case the descriptor contains necessary
configuration for secure deployment (such as a RemoteAddrValve) which
should not be ignored. The flag's value defaults to true unless a security
manager is enabled when the default is false.

To work around this just move all the necessary configuration that was in
/META-INF/context.xml into conf/Catalina/localhost/app.xml (i.e.
conf/service/host/app.xml).

Dan



 -Thanks
 Utkarsh

Re: Max threads and Connector

[Daniel Mikusa]

On Wed, Aug 13, 2014 at 12:16 AM, Ahmed Hosni ahmedhosni...@gmail.com
wrote:

 I am using nginx webserver with tomcat 7 in production environment , I am
 trying to optemize performance changing connector port type from http to
 ajp and increasing maxThreads attribute in connector, does that really can
 enhance performance?


I don't know if anyone can completely answer that question for you.  We
might be able to give you some information about how those settings have
affected our environments or hypothesize about how they would effect yours.
 Ultimately you should try both options and measure the performance of each
one.  Then you can compare the two and know the answer for your specific
environment and applications.

Dan