Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
On Mon, May 30, 2016 at 11:26 PM, Conor Skylerwrote: > Hello list, > > I'm trying to install the certificates I bought from GoDaddy into my Tomcat > server, however so far I've been unsuccessful to achieve this. > > My system specs are: > OS: Amazon Linux (fully updated) > Tomcat version: 8.0.32, installed from the repos > Java version: $ java -version > openjdk version "1.8.0_91" > OpenJDK Runtime Environment (build 1.8.0_91-b14) > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) > > To install the certificates I followed this tutorial from GoDaddy website: > > https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 > which explains how to create a KeyStore and configure the in > the server.xml file. > Follow these instructions. > > Now, judging from the official Tomcat documentation in > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I > first need to conver the .crt files provided by GoDaddy to PKCS12 format -- > I wonder then why the instructions in GoDaddy's website state other thing! > There's more than one way to do this. If you started out by following the GoDaddy instructions to generate your CSR, then continue to follow them to import your signed certificate. > > But then I read this piece of documentation that left me completely > bewildered: > To import an existing certificate signed by your own CA into a PKCS12 > keystore using OpenSSL you would execute a command like: > > openssl pkcs12 -export -in mycert.crt -inkey mykey.key >-out mycert.p12 -name tomcat -CAfile myCA.crt >-caname root -chain > > In this example there's a reference to a 'mykey.key' file that I don't > have a clue how to obtain it or from where it comes since when I > download the certificates provided by GoDaddy, there's no such .key > file: I can download several different types of certificates in .crt > format but there isn't any .key file to download. > This has to do with the way that you generated the CSR. The GoDaddy instructions have you using keytool and a keystore. In this case, your private key will exist in the keystore, so you won't have a .key file and that's OK. > > I tried contacting their support and well, they weren't any helpful at > all, they pointed me to the repository where all the certificates are > stored and told me to 'find someone that knows how to handle them' -- > thanks for nothing :( > > Finally I want to say that I have Tomcat running smooth at port 8080, > I even configured an administrator user to access the status page > which works perfectly, my problem is that I just can't find how to > properly install and configure the SSL. > Follow the GoDaddy instructions. They should work. If you get stuck on a specific step, let us know. Dan > > What I'm not sure though is what part or steps I'm missing, I believe > this has to be much more simpler that it's been so far for me but > seriously I can't wrap my mind around it. > > Thank you very much for taking the time to read this n00b's help scream. > > Best regards, > -Conor >
Re: Grails war file not starting on Tomcat 7.0.64
On Thu, Sep 3, 2015 at 3:26 AM, Ashish Guptawrote: > Hi , > > I have a grails application war file, built in production mode. The Grails > version I am using is 2.1.1 and I am building the war from command prompt. > My OS is UBUNTU 12.0.4. > > The war is generated without errors . But when I am deploying it to > Tomcat(7.0.64), the app is not starting. > > I am getting the following info in the log: > > localhost.log > > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext log > INFO: No Spring WebApplicationInitializer types detected on classpath > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext log > INFO: Initializing Spring root WebApplicationContext > > catalina.out > > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext > startInternal > SEVERE: One or more listeners failed to start. Full details will be found > in the appropriate container log file > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext > startInternal > SEVERE: Context [/App] startup failed due to previous errors > This is indicating that your application failed to start properly. Try looking in the `logs/catalina.-mm-dd.log` file for more details. There should be an exception that shows you why the app failed to start. Dan > > My Java details are : > > java version "1.6.0_45" > Java(TM) SE Runtime Environment (build 1.6.0_45-b06) > Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode) > > Also found this on my grails server log: > > INFO groovy.grails.commons.spring.GrailsWebApplicationContext Refreshing > > org.codehaus.groovy.grails.commons.spring.GrailsWebApplicationContext@4dde8e1b > : > startup date [Thu Sep 03 12:40:52 IST 2015]; parent: Root > WebApplicationContext > [2015-09-03 12:40:53.180] INFO > groovy.grails.commons.spring.GrailsWebApplicationContext Bean > 'dataSourceUnproxied' of type [class > org.apache.tomcat.jdbc.pool.DataSource] is not eligible for getting > processed by all BeanPostProcessors (for example: not eligible for > auto-proxying) > [2015-09-03 12:40:53.181] INFO > groovy.grails.commons.spring.GrailsWebApplicationContext Bean 'dataSource' > of type [class > org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy] is not > eligible for getting processed by all BeanPostProcessors (for example: not > eligible for auto-proxying) > > Any help will be appreciated. > Thanks in advance , > Ashish. >
Re: Grails war file not starting on Tomcat 7.0.64
On Thu, Sep 3, 2015 at 7:30 AM, Ashish Gupta <ashish.gu...@thinkvidya.com> wrote: > > Hi , > > > > I have a grails application war file, built in production mode. The > Grails > > version I am using is 2.1.1 and I am building the war from command > prompt. > > My OS is UBUNTU 12.0.4. > > > > The war is generated without errors . But when I am deploying it to > > Tomcat(7.0.64), the app is not starting. > > > > I am getting the following info in the log: > > > > localhost.log > > > > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext log > > INFO: No Spring WebApplicationInitializer types detected on classpath > > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext log > > INFO: Initializing Spring root WebApplicationContext > > > > catalina.out > > > > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext > > startInternal > > SEVERE: One or more listeners failed to start. Full details will be found > > in the appropriate container log file > > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext > > startInternal > > SEVERE: Context [/App] startup failed due to previous errors > > > > This is indicating that your application failed to start properly. Try > looking in the `logs/catalina.-mm-dd.log` file for more details. There > should be an exception that shows you why the app failed to start. > > Thanks for the response. > > This is the message I am getting in catalina.-mm-dd.log : > > org.apache.catalina.core.StandardContext startInternal > SEVERE: One or more listeners failed to start. Full details will be found > in the appropriate container log file > Sep 3, 2015 4:46:55 PM org.apache.catalina.core.StandardContext > startInternal > SEVERE: Context [] startup failed due to previous errors > > Just wanted to make sure, it this error related to some configuration > specific to my project or is a general issue. > It's an issue with the app or the app's configuration, not Tomcat. There should be an exception in the logs which gives you more details. Look through `logs/`. The exception will tell you what the application did to cause the problem. Dan > > > > > > > > > > > > > > > > > > > > On Thu, Sep 3, 2015 at 4:48 PM, Daniel Mikusa <dmik...@pivotal.io> wrote: > > > On Thu, Sep 3, 2015 at 3:26 AM, Ashish Gupta < > ashish.gu...@thinkvidya.com> > > wrote: > > > > > Hi , > > > > > > I have a grails application war file, built in production mode. The > > Grails > > > version I am using is 2.1.1 and I am building the war from command > > prompt. > > > My OS is UBUNTU 12.0.4. > > > > > > The war is generated without errors . But when I am deploying it to > > > Tomcat(7.0.64), the app is not starting. > > > > > > I am getting the following info in the log: > > > > > > localhost.log > > > > > > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext > log > > > INFO: No Spring WebApplicationInitializer types detected on classpath > > > Sep 03, 2015 12:29:49 PM org.apache.catalina.core.ApplicationContext > log > > > INFO: Initializing Spring root WebApplicationContext > > > > > > catalina.out > > > > > > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext > > > startInternal > > > SEVERE: One or more listeners failed to start. Full details will be > found > > > in the appropriate container log file > > > Sep 03, 2015 12:31:05 PM org.apache.catalina.core.StandardContext > > > startInternal > > > SEVERE: Context [/App] startup failed due to previous errors > > > > > > > This is indicating that your application failed to start properly. Try > > looking in the `logs/catalina.-mm-dd.log` file for more details. > There > > should be an exception that shows you why the app failed to start. > > > > Dan > > > > > > > > > > > > My Java details are : > > > > > > java version "1.6.0_45" > > > Java(TM) SE Runtime Environment (build 1.6.0_45-b06) > > > Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode) > > > > > > Also found this on my grails server log: > > > > > > INFO groovy.grails.commons.spring.GrailsWebApplicationContext > Refreshing > > > > > > > > > org.codehaus.groovy.grails.commons.spring.Grails
Re: Is Container Managed Transactions possible in case of Tomcat ?
On Wed, Aug 19, 2015 at 12:03 PM, Sreyan Chakravarty sreyan.mail...@gmail.com wrote: I planning to use JPA (Hibernate) in a small project that I am developing. Now I have heard a lot about the benefits of using Container Managed Transactions(CMT) for JPA in web apps. But most of the tutorials on the web use either GlassFish or JBoss, so I was wondering is CMT supported by Tomcat. Send me a link to the documentation for this if there is any. Please note that I am going to use a datasource to connect to my database and I am using persistence.xml(JPA style) to use Hibernate. If you're referring to JTA, then no. Tomcat doesn't implement that. Tomcat only implements a subset of the JEE spec. http://tomcat.apache.org/whichversion.html However most of the parts of the spec that Tomcat does not implement can be pulled in via libraries. For JTA you can use a third party implementation with Tomcat. Atomikos, JOTM and Bitronix are ones that come to mind. These docs are a little dated, but should get you started. http://www.atomikos.com/Documentation/TomcatIntegration http://jotm.objectweb.org/current/jotm/doc/howto-tomcat-jotm.html Dan
Re: Many Threads in TIMED_WAITING (parking) - [org.apache.tomcat.util.threads.TaskQueue]
On Thu, Jul 16, 2015 at 10:37 AM, Robert Anderson ranom...@gmail.com wrote: Hi, Sometimes, in moments of high traffic for our patterns (170 req/sec), we have a lot of threads like that: ajp-apr-8009-exec-115 ^ 16/07/2015 - 11:13:37 - End of Execute daemon prio=10 tid=0x2aaab5c36800 nid=0x12f9 waiting on condition [0x4ddcb000] java.lang.Thread.State: TIMED_WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for 0x000609a53198 (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject) at java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:226) at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:2082) at java.util.concurrent.LinkedBlockingQueue.poll(LinkedBlockingQueue.java:467) at org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:86) at org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:32) at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1068) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) This is not a problem. The thread is in the pool waiting for work. It's what you'd normally see on a server that's not handling any requests. Thus, Tomcat hangs (all available threads stay in that state) and we have to restart the service. Server version: Apache Tomcat/7.0.63 Server built: Jun 30 2015 08:08:33 UTC Server number: 7.0.63.0 OS Name:Linux OS Version: 2.6.18-194.17.1.el5 Architecture: amd64 JVM Version:1.7.0_80-b15 JVM Vendor: Oracle Corporation We are using tomcat-native (APR connector) and Apache (2.2.3) as load balancer with mod_jk. server.xml ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=off / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=8009 enableLookups=false connectionTimeout=6 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=tomsrv04 Realm className=org.apache.catalina.realm.LockOutRealm Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase digest=SHA/ /Realm Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true Valve className=org.apache.catalina.valves.StuckThreadDetectionValve threshold=60 interruptThreadThreshold=120 / /Host /Engine /Service /Server Any suggestions? This could be an issue with HTTPD talking to Tomcat. - When the problem occurs, check the access logs for both and see if the request is making it from HTTPD to Tomcat. - Also when the problem occurs, try hitting Tomcat directly while the problem is occurring. See if you can access your app when you bypass HTTPD. - Post your HTTPD config - Make sure timeouts are configured appropriately - http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html Do you have a firewall in between HTTPD Tomcat? Is there anything that could be breaking the connection? Dan
Re: Many Threads in TIMED_WAITING (parking) - [org.apache.tomcat.util.threads.TaskQueue]
On Thu, Jul 16, 2015 at 12:04 PM, Robert Anderson ranom...@gmail.com wrote: Thanks, Dan. This is not a problem. The thread is in the pool waiting for work. It's what you'd normally see on a server that's not handling any requests. It's awkward. Everything is going normal and suddenly, many threads start waiting on the same monitor. After restart Tomcat, everything works without even make any changes in Apache (service or config files). The scenario you're describing can happen and it doesn't necessarily mean there's a problem with Tomcat. If you're seeing lots of threads waiting for work, it just means that you've got lots of free workers. The server could still be really busy if you got a couple threads running and working like mad. A full thread dump would be helpful, to see what else is happening at the time. You can also look at multiple thread dumps 10 - 15 seconds apart to see what the threads are doing over time (i.e. is thread #X at the same place across all the threads?) - When the problem occurs, check the access logs for both and see if the request is making it from HTTPD to Tomcat. OK. I'll check You'll probably also want to configure the access logs to log the amount of time the request took to process. That'll give you some understanding of how much time was spent at each hop. In Tomcat that's done by adding %D to the access log pattern. https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Access_Log_Valve/Attributes HTTPD is the same, but it logs in micro seconds instead of milliseconds. http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats - Also when the problem occurs, try hitting Tomcat directly while the problem is occurring. See if you can access your app when you bypass HTTPD. I've already tried this. Tomcat becomes very very very slow when it happens. Interesting. What's the CPU usage like at the time? If it's high, you might want to look at gc logging to see if you've got a lot of GC happening. Dan - Post your HTTPD config worker.properties: worker.list=balancer worker.tomsrv01.type=ajp13 worker.tomsrv01.host=x.y.z.1 worker.tomsrv01.port=8009 worker.tomsrv01.lbfactor=1 worker.tomsrv01.connect_timeout=1 worker.tomsrv01.prepost_timeout=1 worker.tomsrv01.socket_timeout=1800 worker.tomsrv01.connection_pool_timeout=60 worker.tomsrv02.type=ajp13 worker.tomsrv02.host=x.y.z.2 worker.tomsrv02.port=8009 worker.tomsrv02.lbfactor=1 worker.tomsrv02.connect_timeout=1 worker.tomsrv02.prepost_timeout=1 worker.tomsrv02.socket_timeout=1800 worker.tomsrv02.connection_pool_timeout=60 worker.tomsrv04.type=ajp13 worker.tomsrv04.host=x.y.z.3 worker.tomsrv04.port=8009 worker.tomsrv04.lbfactor=1 worker.tomsrv04.connect_timeout=1 worker.tomsrv04.prepost_timeout=1 worker.tomsrv04.socket_timeout=1800 worker.tomsrv04.connection_pool_timeout=60 worker.balancer.type=lb worker.balancer.balance_workers=tomsrv01,tomsrv02,tomsrv04 worker.balancer.sticky_session=1 - Make sure timeouts are configured appropriately - Ok Do you have a firewall in between HTTPD Tomcat? Is there anything that could be breaking the connection? No. Best regards. 2015-07-16 12:44 GMT-03:00 Daniel Mikusa dmik...@pivotal.io: On Thu, Jul 16, 2015 at 10:37 AM, Robert Anderson ranom...@gmail.com wrote: Hi, Sometimes, in moments of high traffic for our patterns (170 req/sec), we have a lot of threads like that: ajp-apr-8009-exec-115 ^ 16/07/2015 - 11:13:37 - End of Execute daemon prio=10 tid=0x2aaab5c36800 nid=0x12f9 waiting on condition [0x4ddcb000] java.lang.Thread.State: TIMED_WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for 0x000609a53198 (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject) at java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:226) at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:2082) at java.util.concurrent.LinkedBlockingQueue.poll(LinkedBlockingQueue.java:467) at org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:86) at org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:32) at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1068) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) This is not a problem. The thread is in the pool waiting for work. It's what you'd normally see on a server that's not handling any requests. Thus, Tomcat hangs (all available threads stay in that state) and we have
Re: Session replication/fail-over for medium sized tomcat farm
On Fri, Jul 3, 2015 at 9:17 AM, Charles Richard charle...@thelearningbar.com wrote: On Fri, Jul 3, 2015 at 9:58 AM, Daniel Mikusa dmik...@pivotal.io wrote: On Fri, Jul 3, 2015 at 8:36 AM, Charles Richard charle...@thelearningbar.com wrote: Hi, We are currently using a product called Terracotta to do session fail-over/replication but are considering moving away from this product as it doesn't seem to support Java 7 and Tomcat 7. What products exist out there that would help with session fail-over/replication? I only know of 3: - Terracotta - Hazelcast - Tomcat native session failover (is not recommended for many tomcat nodes) I think that recommendation is just for the DeltaManager. You can use the BackupManager with larger numbers of nodes since it's not replicating session data to all of the nodes in the cluster. http://tomcat.apache.org/tomcat-7.0-doc/config/cluster-manager.html In addition to that Redis and Memcached are two popular ways of sharing session state. Dan In the link you sent, it mentions the following: Downside of the BackupManager: not quite as battle tested as the delta manager. Naturally this statement makes sense because DeltaManager is the default. More people are going to use it. BackupManager has been around for quite a while though. Looking at SVN, it's been almost 9 years. I'd say that gives it a certain amount of credibility. http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/ha/session/BackupManager.java?revision=433703view=markup Are you aware of companies using this for their Tomcat farms? I have worked with multiple customers using it in production. Not as common as DeltaManager, but it's being used. Dan Thanks, Charles I want to make sure i know all options before making a decision. Thanks, Charles
Re: Session replication/fail-over for medium sized tomcat farm
On Fri, Jul 3, 2015 at 8:36 AM, Charles Richard charle...@thelearningbar.com wrote: Hi, We are currently using a product called Terracotta to do session fail-over/replication but are considering moving away from this product as it doesn't seem to support Java 7 and Tomcat 7. What products exist out there that would help with session fail-over/replication? I only know of 3: - Terracotta - Hazelcast - Tomcat native session failover (is not recommended for many tomcat nodes) I think that recommendation is just for the DeltaManager. You can use the BackupManager with larger numbers of nodes since it's not replicating session data to all of the nodes in the cluster. http://tomcat.apache.org/tomcat-7.0-doc/config/cluster-manager.html In addition to that Redis and Memcached are two popular ways of sharing session state. Dan I want to make sure i know all options before making a decision. Thanks, Charles
Re: detect requests that take a long time to process
On Fri, Jun 19, 2015 at 9:07 AM, Kaouthar Ghorbel gkaout...@gmail.com wrote: hello ,my webapplication is very slow , i want to know how can i detect requests that take a long time to process in tomcat 8. 1.) Add %D or %T to your access log format. That will log info about how long the request took to process. %D - Time taken to process the request, in millis %T - Time taken to process the request, in seconds http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Access_Log_Valve 2.) This valve can also help. It'll dump a stack trace when a request takes longer than the configure threshold. http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Stuck_Thread_Detection_Valve Dan thanks
Re: SSL configuration using PFX as keystore
On Fri, Jun 19, 2015 at 12:42 AM, Michael Salisbury mich...@skypoint.co.nz wrote: Hi there, I’m trying to get the above working using Tomcat 8.0, previously working with 7.0. This is part of a WebDAV connector in Confluence. It seems I can connect from anything other than a Windows Mini Redirector client (Windows 7 or 8.1, x86 or x64). Using a web browser or 3rd party client (CyberDuck for instance) connects OK. What happens when you try to connect with the Windows Mini Redirector? Do you get a client error? If so, what? Do you get any errors or messages in the Tomcat logs? If not, you might try running wireshark to investigate further. Capture packets from a working client and packets from the MS client then look to see what's different. That said, the fact that it's working for a large selection of clients except one, seems to point to a problem with the client and not your Tomcat setup. What makes you think this is a Tomcat issue? Was there something specific you had to do in Tomcat 7 to make the MS client work? Dan There are some registry keys in Windows one needs to enable to get this working first: [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet] BasicAuthLevel=dword:0001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters] BasicAuthLevel=dword:0001 UseBasicAuth=dword:0001 Server.xml Connector port=9443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 protocol=org.apache.coyote.http11.Http11NioProtocol enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocols=TLS SSLEnabled=true URIEncoding=UTF-8 keystoreType=PKCS12 keystoreFile=${catalina.base}/conf/certname.pfx keystorePass=keypassword/ I’m fairly new to this, but have done a fair bit of reading to get it working previously in Tomcat7…so any help would be greatly appreciated. Kind regards *Michael Salisbury* *Senior Systems Architect* | *P* 07 960 7011 | *E* mich...@skypoint.co.nz | *W* skypoint.co.nz Waikato Innovation Park, Ruakura Rd, PO Box 9466, Hamilton 3240, NZ [image: cid:image001.png@01CF0265.772EC520] Please send any support enquiries to *E* supp...@skypoint.co.nz [image: MCSA_2013(rgb)_14802] [image: HP Accredited Technical Professional]
Re: validationQuery doesn't work (DBCP 7.0.59)
On Mon, Jun 15, 2015 at 4:42 AM, Jose María Zaragoza demablo...@gmail.com wrote: Hello: I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4 The context.xml settings are Resource auth=Container type=javax.sql.DataSource factory=org.apache.tomcat.jdbc.pool.DataSourceFactory driverClassName=org.postgresql.Driver initialSize=0 maxActive=100 maxIdle=20 maxWait=1 mindIdle=0 name=datasource/bbdd password=fake removeAbandoned=true url=jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3amp;loadBalanceHosts=false username=foo validationQuery=SELECT 1 testOnBorrow=true timeBetweenEvictionRunsMillis=0/ I've configured JDBC driver in failover mode ( as you can see in URL definition ) When I test this configuration ( I stop/start databases but , at least, there is one running ) , sometimes I'm getting this error message: org.apache.ibatis.exceptions.PersistenceException: ### Error querying database. Cause: org.postgresql.util.PSQLException: This connection has been closed. How is it possible if testOnBorrow=true and validationQuery=SELECT 1 ? Try setting validationInterval to a lower value. It defaults to 30s, which means it will only run the query once per 30s. http://tomcat.apache.org/tomcat-8.0-doc/jdbc-pool.html#Tomcat_JDBC_Enhanced_Attributes How I can debug if validationQuery is working as I want ? 1.) Start Tomcat, make sure the app is working. 2.) Stop the DB. 3.) Your app should stop working, since it can't get a connection. Also, any pooled connections will now be bad. 4.) Start the DB. 5.) Your app should be working again. If the pool is configured properly as your app requests connections, it should remove the bad connections and replace them with new ones. Dan Thanks and regards - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RewriteCond
On Sat, May 30, 2015 at 5:07 AM, Frank Lehmann frank-lehm...@freenet.de wrote: Hi Dan, First, please don't top post. -- Don't know what you mean, i am at qnalist.com and pushed the button reply to: This is top posting. http://en.wikipedia.org/wiki/Posting_style#Top-posting We prefer that people who write to the list use an inline style or bottom post. http://en.wikipedia.org/wiki/Posting_style#Interleaved_style or http://en.wikipedia.org/wiki/Posting_style#Bottom-posting The idea is that if everyone does the same thing, it's easier to read and follow conversations on the list. I don't know the website you're using, but you can subscribe your email here. I believe that's the preferred way to interact with the list. http://tomcat.apache.org/lists.html Reply inline like this or at the bottom. -- See above. Second, what is the mistake you're referring to? -- I explained, that the words, which are in the condpattern valvue do not match. Third, we don't know. -- I have this rewritecond set: RewriteCond %{HTTP_USER_AGENT} (android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|mobile|palmos|webos) So, my opinion is, that any word of the string from the user-agent will match the string set in the third value of the rule. But it does not. nothing will happen. Have you tried something simpler first? Like the example I sent you. Does it work? From what you've posted, it's not clear if there's a Tomcat configuration problem (i.e. it's not starting the valve / reading the rules) or if the rule in question is not working as you'd expect. If it's the later, then you're going to need to adjust the rule to make it work. I haven't tried that rule, so I can't say if it will work or not. You still haven't provided any configuration or explanation of what you did. Where did you configure the valve? In server.xml? In the Context for an app? Where did you put the rewrite.config file? -- My configuration is as follows: Windows 2012 R2 Tomcat 8.0 in directory tomcat/webapps Which version? There are currently 23 different releases of the 8.0 branch. server.xml in /conf directory with valve ...rewritevalve set. rewrite.config file in directory /conf/catalina/localhost Rewrite.config will controled after restart tomcat service, because if mistakes in the rule, tomcat won't start Sorry, not sure I follow you here. Are you saying that Tomcat is failing to start? If so, are you getting an error or exception? If so, include that here. Dan
Re: RewriteCond
On Tue, May 26, 2015 at 12:12 PM, Frank Lehmann frank-lehm...@freenet.de wrote: Hi Dan, First, please don't top post. Reply inline like this or at the bottom. you are right, i have used this documentation for setting the rewrite rule. This doc has is mistake in placing the rewrite.config file, but i solved it. Second, what is the mistake you're referring to? My problem is, that the test condition never works. Every test rule is ignored. So what is the reason why every test condition is ignored ? Third, we don't know. You still haven't provided any configuration or explanation of what you did. Where did you configure the valve? In server.xml? In the Context for an app? Where did you put the rewrite.config file? I did a quick test and it worked for me. 1.) I added this to the context for the examples app: `Valve className=org.apache.catalina.valves.rewrite.RewriteValve /` 2.) I added `webapps/examples/WEB-INF/rewrite.config` to the examples app. 3.) In that file, I put the following. ``` RewriteRule ^/junk$ /does-not-exist [R] ``` 4.) I started Tomcat and sent this request with curl. `curl -vv http://localhost:8080/examples/junk`. The response was a 302 redirect to http://localhost:8080/examples/does-not-exist;. Dan
Re: Tomcat 8.0.22 - Putting all Libraries in a Separate Folder to reduce War file size
On Tue, May 26, 2015 at 6:21 AM, Aditya Chopra adity...@turvo.com wrote: The reason i am trying to reduce the war file size is because its size has gone upto 55MB and time taken for copying it to the server for deployments has increased. What you're trying to do may seem like a good idea, but in practice is usually not. There are a handful of things that can go wrong with it (library version issues, classpath casting issues, etc...). You're hitting just one of those problems and as you can see it's not easy to debug (none of them are really). All for what? A marginally smaller WAR file. Unless you're on dial-up, it's likely that the time you spend debugging issues will far exceed the time you spend uploading files, and that's something that can be automated. Solutions to the problem of a larger WAR file that I would suggest (I'm sure others can add to this list): a.) just live with the upload time. 55M is not that crazy. run the upload while you're doing something else or at night. b.) get a faster Internet connection c.) build your project on a remote server, possibly a CI server, that has better bandwidth. Is there any best practice around this that we should be following? Put everything into the WAR file. This is my opinion, but I find it makes life a lot easier. Dan Anyways, i will also check Spring usage to see why the threat context class loader isn’t being used. Aditya On 26-May-2015, at 3:37 pm, Mark Thomas ma...@apache.org wrote: On 26/05/2015 10:53, Aditya Chopra wrote: This thread does beg the question *why* do you want to reduce the size of your WAR. Doing so creates problems as you have found. In WEB-INF/lib i only have 2 JARs, which are my application JAR’s. All other dependent JAR’s i have moved to /mylibs. Below mentioned com.myapp.CustomGrantedAuth class is part of my application JAR present under WEB-INF/lib. You'll need to speak to the Spring folks to see why the thread context class loader isn't being used. Whether that is a Spring bug or a Spring usage error in your part I don't know. Mark Here is the stack trace: DEBUG [http-nio-8080-exec-3] (DefaultExceptionHandler.java:123) - error. java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: com.myapp.CustomGrantedAuth at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:36) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:124) at com.arl.mg.services.CustomTokenStore$2.mapRow(CustomTokenStore.java:1) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:708) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737) at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:811) at com.arl.mg.services.CustomTokenStore.readAuthentication(CustomTokenStore.java:121) at com.arl.mg.services.CustomTokenServices.loadAuthentication(CustomTokenServices.java:139) at org.springframework.security.oauth2.provider.filter.OAuth2ProtectedResourceFilter.doFilter(OAuth2ProtectedResourceFilter.java:53) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at com.arl.mg.error.CustomExceptionHandlerFilter.doFilter(CustomExceptionHandlerFilter.java:59) at org.springframework.security.oauth2.provider.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:79) at org.springframework.security.oauth2.provider.filter.CompositeFilter.doFilter(CompositeFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at
Re: RewriteCond
On Mon, May 25, 2015 at 11:30 AM, Frank Lehmann frank-lehm...@freenet.de wrote: Hi helpers, i want to rewrite my url when a mobile user reaches my homepage. I found this condition on the web after several searchings. But it will not work. All other condition also not working, i have tested many conditions. How can i rewrite a url when a mobile client is getting my homepage ? Hassan mentioned one way, that's the UrlRewrite filter. Since you're on Tomcat 8, there's also a rewrite filter built-in. It uses a similar syntax to HTTPD, which is probably what you found posted on the internet. https://tomcat.apache.org/tomcat-8.0-doc/rewrite.html Thanks for help. RewriteCond %{HTTP_USER_AGENT} (android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|mobile|palmos|webos) [NC] RewriteRule ^(.+)$ http://www.dashandwerk.net/mobile/ [L] Where / how did you attempt to configure this? Dan My environment. Tomcat 8 Windows 2012 R2 Homepage under folder webapps/root - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Try to deploy war and keep access to my webapp in browser without entering context root name
On Thu, May 21, 2015 at 12:03 PM, Mark Eggers its_toas...@yahoo.com.invalid wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5/21/2015 8:56 AM, Евгений Кузнецов wrote: Hello, I asked question in stakoverflow http://stackoverflow.com/questions/30304478/tomcat-deploying-a-webapp- which-is-accessed-via-browser-without-context-root-na I ll repeat it here: I have a webapp (spring mvc 4 application) which code is placed in |tomcat-7/webapp/mywebapp/| folder. Webapp is accessed in browser with url |http://my-web-app.loc:8080| (i.e. without context root name |mywebapp| after port number). I have following setups in |tomcat-7/conf/server.xml|: |Host name=my-web-app.loc appBase=webapps unpackWARs=true autoDeploy=true Context path= docBase=mywebapp reloadable=true allowLinking=true antiJARLocking=true copyXML=true / Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=mywebapp.access. suffix=.log pattern=common resolveHosts=true / /Host | I delploy webapp by placing war-file into |/webapp| folder. But after war-file is unpacked and webapp is successfully deployed, I can access to webapp only with |http://my-web-app.loc:8080/mywebapp| url. Url |http://my-web-app.loc:8080| directs me to 404 tomcat error page. What I have to setup to access to webapp with |http://my-web-app.loc:8080| url? Rename mywebapp.war to ROOT.war (case is important) and deploy. . . . just my two cents /mde/ +1 - That will be the easiest solution and then you can probably remove the Context/ tag from your server.xml, which is something that's frowned upon. Dan -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJVXgG0AAoJEEFGbsYNeTwtkIoH/ixe/TEPmdDSwyfnGoivBjbP BE1/p095dcm2K/sEn9FfxddgC7a2gIYa+2Nlu4IHrMoBk+hKH4FLfN5cQid7ZbIk 2PUwbxnC/tWULIJ8AWgLE8x6aIyHgNMeuSjZCMcKV90FNANhouDsh0XAg6Fod+Ky CELckKpJKCGaAvfc/o8NNR2atJDrXdOUl1ApTgJ21RDcipBCp5dPQGCL3qZljjS5 tJtsXz3+fIutS8D+5walqG/mjUtLXDuWp5nCCOsq2uYGiCaIH6ISwdlAZpOm2kzN fbTpmm4wjwn3GKYx6bNlLL624nd/ac6e6JHaUVcpDah4iQqfHJzSL3dTB1+7Vyw= =jkyz -END PGP SIGNATURE- --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue while Configuring SSL in tomcat6
On Mon, May 4, 2015 at 8:35 PM, jairaj kamal jairaj.ka...@gmail.com wrote: First, please stop top posting. Reply inline or at the bottom. It's the convention followed on this list. Hello, when I checked with below command I find my keystore created type as JKS and we are using tool Keytool. Initially we received 2 certificates TestRoot.cer Test.cer, when found things not working, we are now trying to import certs of PKCS#12 format (.pfk) via Keytool The format of your keystore is *not* the problem. If it were the problem, you would see an exception in Tomcat. The problem you're seeing is different. *#Testing Keystore type* *D:\Program Files (x86)\Java\jdk1.6.0_27\binkeytool -list -v -keystore C:\Users\* *svcr2wadmin\nedr2wqajob1\Test.keystore* *Enter keystore password:* *Keystore type: JKS* *Keystore provider: SUN* *#Earlier tried steps:* keytool -genkey -alias report2web -keyalg RSA -keystore C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore keytool -certreq -keyalg RSA -alias report2web -file C:\Users\svcr2wadmin\nedr2wqajob1\Test.csr -keystore C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore keytool -import -alias root -keystore C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -trustcacerts -file C:\Users\svcr2wadmin\nedr2wqajob1\TestRoot.cer keytool -import -alias *nedr2wqajob1 *-keystore C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -file C:\Users\svcr2wadmin\nedr2wqajob1\Test.cer Then also did below keytool -import -alias nedr2wjob1_non_prod_p7b -keystore C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -file C:\Users\svcr2wadmin\nedr2wqajob1\Test.pfx # But Below is the error coming while importing the latest .pfx certificated shared D:\Program Files (x86)\Java\jdk1.6.0_27\binkeytool -import -alias nedr2wjob1QAJob1 -keystore C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -file C:\Users\svcr2wadmin\nedr2wqajob1\*Test.pfx* Enter keystore password: *keytool error: java.lang.Exception: Input not an X.509 certificate* #Certificate status as observed in the browser 1. nedr2wqajob1 is the alias name of certificate Test.cer - It shows for non Root certificate as Your connection to *nedr2wqajob1 *is encrypted with obsolete cryptography, The connections uses TLS 1.0. The connection uses AES_128_CBC with SHA1 for message authentication and DHE_RSA as the key exchange mechanism. You might need to a.) check what crypto is supported by your version of the JVM and b.) configure it to not use certain known insecure crypto. More on this here: http://wiki.apache.org/tomcat/HowTo/SSLCiphers 2. Error message showing in chrome browser as below “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.” Who did you purchase your certificate from? Dan Let me know what to do to resolve this ? *Jairaj Kamal* On Mon, May 4, 2015 at 6:51 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jairaj, On 5/4/15 5:35 PM, jairaj kamal wrote: Attached find the error coming in browser,looks to be issue with Root certificate. This list strips attachments. Please copy/paste any messages into the text of your post. Also we tried PKCS#12 format certs but getting below Error The keystore format won't change what gets sent to the client. D:\Program Files (x86)\Java\jdk1.6.0_27\binkeytool -import -alias nedr2wjob1_no n_prod_p7b -keystore C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keysto re -file C:\Users\svcr2wadmin\nedr2wqajob1\nedr2wjob1_non_prod.p7b Enter keystore password: *keytool error: java.lang.Exception: Input not an X.509 certificate* If you really have a PKCS12 keystore, they you'll need to specify the keystore type on the command-line. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVSAYcAAoJEBzwKT+lPKRYLREQAMPD6shOiwK7On4wTmMbsuJR ifabn95GXN4ia+L80IlvqyY17Mjfe1VzMYsVhLgpJRiEQmSMoy3ChxbeD+2h3Pzc 38GXZWg8anBHaHqceQDhaiHW2HYNW1HV7IzG22gYDlfi0zwv8JYbpxqQXr7Kf+9q CtO8sUt4hTxWW9zYl5mTa2xB7vXr7jl5k0UTTCF7nNuraXGhFBWifebYZ1AxFJEp aP6n80rglMC9/K4SVCGRaGjGbHKcN7fiJX1InswWNnGzfWgIvt4HxlZeQwNFrQaa N35MGu9pINQ/iofrW/7M5Vp1oqQNMWRSRpU6t9QK3FO6crfNpIuNxmwf46oeEiQh 7HKF+sBmWlWC4QTdpdMiHNg1Ux2XhZrOzpo657QdrLKPKKLHAqtqcmrlJDTCs6Bs lI7NvQXMpMyc466Q0EvemQPkjoyeYr2uRJo8pcscATrvPPqD+chqEstgc6UjHDsZ NQqgDIPxPjKrZf1RUj3oEM693ezMCcvTICAMWbcjzTXrrDBFRPFgrM7gSrGjd/ib 17XsI5+cO3Rc4Ai3d6ss+uMf2HI7/DRQwYEs1h4dUu4Ug1WmRTOEEXV4nFkDUGBS AkoQqx77phGcy3XiASB0Dc96CrkbkVXCtmPYf2RH5OXivzkIztn78WSexWv4q01L sP/r1a2F394bEExnUXIX =7onF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue while Configuring SSL in tomcat6
On Sun, May 3, 2015 at 7:48 PM, jairaj kamal jairaj.ka...@gmail.com wrote: Hello, I created a keystore via Keytool, CSR file and received below root and intermediate certificates. I have got both TestRoot.cer TestCA.cer certificates imported in keystore via keytool but still in browser it shows in red and looks issue with certificate is not resolved yet. Do i need to convert dot extension of above certs to PKCS12 format, how to resolve it ? There's a lot that could be going on here. You need to try and narrow down the problem. 1.) Include the Connector / tag from `conf/server.xml` so we can see how you've configured Tomcat. 2.) Include the exact version of Tomcat you're using. 3.) Are you connecting directly to Tomcat or is there an HTTPD or some other server acting as a reverse proxy in between? 4.) Look at the certificate as displayed by your browser. In Chrome, click the lock in the tool bar, other browsers are similar. Look at the details on the certificate and see what certificate you're being presented. Is it the once that you purchased? or perhaps an older self-signed on? That should get you started. Dan *Jairaj Kamal*
Re: Tomcat Thread issue
On Thu, Apr 23, 2015 at 7:15 AM, Subhro Paul subhro.p...@tcs.com wrote: Dear Team, One of our client's website stopped working yesterday. We observed that Tomcat servers were not working properly during that time. We have checked the memory usage of the server was fine but in the Catalina.out log we found it was already reached to max thread which is 512 though the number of connections to the server was normal. We took a thread dump from the server using VisualVM and we got the below message from threaddump: Since a thread dump is a point in time snapshot, you should always take multiple thread dumps, with a few seconds in between each one. This gives you additional perspective as to what's happening with the threads over a period of time. http-8080-1 - Thread t@22 java.lang.Thread.State: BLOCKED at java.util.Vector$1.nextElement(Vector.java:320) - waiting to lock 37749687 (a java.util.Vector) owned by http-8080-116 t@161 at org.apache.jsp.includes.header_jsp.isExcludePath(header_jsp.java:116) at org.apache.jsp.includes.header_jsp._jspService(header_jsp.java:314) Look at what header.jsp is doing. It seems to be doing something with the Vector class which is causing the thread to block. at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488) at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:968) at org.apache.jsp.home.customer_005fservice.bill.my_005fbill_jsp._jspService(my_005fbill_jsp.java:126) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:269) at org.apache.catalina.valves.RemoteHostValve.invoke(RemoteHostValve.java:81) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:701) Locked ownable synchronizers: - None This was coming for different threads. Once we restarted the servers, the website back to normal again but we got the below exception in the log : Apr 22, 2015 11:15:28 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: A web application appears to have started a thread named [http-8080-1] but has failed to stop it. This is very likely to create a memory leak. This
Re: Problem with Tomcat6 catalina.out
On Wed, Apr 1, 2015 at 2:30 AM, Bhagyashree Jog rani...@gmail.com wrote: I am getting the following error on deploying tomcat org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.lang.NoClassDefFoundError: org/bouncycastle/crypto/modes/CBCBlockCipher You're missing a JAR file, or it's in the wrong place, and this class can't be found. Find the right JAR file and put it into the $CATALINA_BASE/lib directory. at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineSetMode(Unknown Source) at javax.crypto.Cipher$Transform.setModePadding(Cipher.java:357) at javax.crypto.Cipher.chooseProvider(Cipher.java:847) at javax.crypto.Cipher.init(Cipher.java:1348) at sun.security.ssl.CipherBox.init(CipherBox.java:175) at sun.security.ssl.CipherBox.newCipherBox(CipherBox.java:208) at sun.security.ssl.CipherSuite$BulkCipher.newCipher(CipherSuite.java:467) at sun.security.ssl.CipherSuite$BulkCipher.isAvailable(CipherSuite.java:507) at sun.security.ssl.CipherSuite$BulkCipher.isAvailable(CipherSuite.java:485) at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:190) at sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:342) at sun.security.ssl.SSLContextImpl.getDefaultCipherSuiteList(SSLContextImpl.java:293) at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:576) at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:494) at sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:313) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:152) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:352) at java.lang.Thread.run(Thread.java:722) *This error is logged into catalina.out continuously and catalina.out gets full in short time. tomcat version is : 6.0.24. Please help* This is **really** old. You need to upgrade to 6.0.43 ASAP. Dan -- Bhagyashree N Jog
Re: Issues with SSL to resolve poodle vulnerability
On Fri, Mar 13, 2015 at 10:17 AM, MICHELLE RENEE LARSON mr...@psu.edu wrote: We use a software called iDashboards it is tomcat running on windows I have installed an SSL and when you go to the site https://idashboards-dev.outreach.psu.edu/idashboards/ it shows that the SSL is installed and you connect via https however when you go to an ssl checker it says no ssl if installed any idea why it would not show. Using sslshopper.com ssl checker idashboards-dev.outreach.psu.edu resolves to 146.186.231.156 While the DNS does resolve for me, the site does not seem accessible. This may or may not be intentional. Also, looking at a site like http://www.isitdownrightnow.com/idashboards-dev.outreach.psu.edu.html show's it's not accessible. Given that sslshopper.com is a public site, it's probably having the same access issues. Dan No SSL certificates were found on idashboards-dev.outreach.psu.edu. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall. I have 448 and 8443 open on both the local firewall and on network firewall. We are running tomcat 7.0.35 on Server 2008 r2 Here is the edited server.xml Connector port=443 protocol=org.apache.coyote.http11.Http11NioProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\SSL\keystore.jks keystorePass=$@GCceate345 keyAlias=tomcat / Michelle larson Systems Administrator II Outreach Technology Services The Pennsylvania State University The 329 Bldg, Suite 311, Innovation Park University Park, PA 16802 Phone: 814-863-6612
Re: Persistance on Tomcat 8.0 and Cluster
On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler adied...@tecracer.de wrote: Hello Daniel, That you for your reply. You mean, that session persistance was enabled and a failover was recordnized by the loadbalancer and the session was still available on the remaining node? No. I'm just talking about your configuration. You have two conflicting things configured. 1.) You have a session store created. This is going to store your sessions into the database. It's *not* clustering (at least by the definition Tomcat uses), but can be an effective way to share sessions across multiple Tomcat instances. 2.) You have a cluster defined. This is going to tell Tomcat to replicate session data directly between your Tomcat nodes. As you pointed out previously, this can be problematic on AWS where they don't support multicast. It's also conflicting with #1, which is what the error you reported is telling you. In short, remove the Cluster/ tag, the error should go away. Dan -Ursprüngliche Nachricht- Von: Daniel Mikusa [mailto:dmik...@pivotal.io] Gesendet: Freitag, 27. Februar 2015 14:21 An: Tomcat Users List Betreff: Re: Persistance on Tomcat 8.0 and Cluster On Fri, Feb 27, 2015 at 8:15 AM, Alexander Diedler adied...@tecracer.de wrote: Hello, I have to build a two node failover cluster with 2 tomcats 8.0.15 servers. This cluster is on AWS Cloud, so technical we cannot use Mulicast etc. so we have to use Persistance stored the Session information in a database. The application was in grails and was delivered as a war file tot he tomcat. But what I get is this error message in the nodes: WARNING [localhost-startStop-1] org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [ org.apache.catalina.session.PersistentManager[]] does not implement ClusterManager, addition to cluster has been aborted. In the global /conf/context.xml is this: Resource name=jdbc/sessions auth=Container type=javax.sql.DataSource username=username password=password driverClassName=net.sourceforge.jtds.jdbc.Driver url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer; maxActive=1000 maxIdle=30 maxWait=3600 validationQuery=select 1 removeAbandoned=true removeAbandonedTimeout=60/ Manager className=org.apache.catalina.session.PersistentManager distributable=true processExpiresFrequency=3 saveOnRestart=true minIdleSwap=1800 maxIdleSwap=3600 maxInactiveInterval=3600 maxIdleBackup=0 Store className=org.apache.catalina.session.JDBCStore dataSourceName=jdbc/sessions sessionAppCol=app_name sessionDataCol=session_data sessionIdCol=session_id sessionLastAccessedCol=last_access sessionMaxInactiveCol=max_inactive sessionTable=tomcat_sessions sessionValidCol=valid_session / /Manager And in server.xml we use globally: Inside the engine tag Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 /Cluster What do we wrong? If you're using session persistence like a DB to share your sessions across multiple nodes, you don't need the Cluster / tag. That's only necessary if you're replicating sessions directly between your cluster nodes. Dan Greetings Alexander
Re: Persistance on Tomcat 8.0 and Cluster
On Fri, Feb 27, 2015 at 8:15 AM, Alexander Diedler adied...@tecracer.de wrote: Hello, I have to build a two node failover cluster with 2 tomcats 8.0.15 servers. This cluster is on AWS Cloud, so technical we cannot use Mulicast etc. so we have to use Persistance stored the Session information in a database. The application was in grails and was delivered as a war file tot he tomcat. But what I get is this error message in the nodes: WARNING [localhost-startStop-1] org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [ org.apache.catalina.session.PersistentManager[]] does not implement ClusterManager, addition to cluster has been aborted. In the global /conf/context.xml is this: Resource name=jdbc/sessions auth=Container type=javax.sql.DataSource username=username password=password driverClassName=net.sourceforge.jtds.jdbc.Driver url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer; maxActive=1000 maxIdle=30 maxWait=3600 validationQuery=select 1 removeAbandoned=true removeAbandonedTimeout=60/ Manager className=org.apache.catalina.session.PersistentManager distributable=true processExpiresFrequency=3 saveOnRestart=true minIdleSwap=1800 maxIdleSwap=3600 maxInactiveInterval=3600 maxIdleBackup=0 Store className=org.apache.catalina.session.JDBCStore dataSourceName=jdbc/sessions sessionAppCol=app_name sessionDataCol=session_data sessionIdCol=session_id sessionLastAccessedCol=last_access sessionMaxInactiveCol=max_inactive sessionTable=tomcat_sessions sessionValidCol=valid_session / /Manager And in server.xml we use globally: Inside the engine tag Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 /Cluster What do we wrong? If you're using session persistence like a DB to share your sessions across multiple nodes, you don't need the Cluster / tag. That's only necessary if you're replicating sessions directly between your cluster nodes. Dan Greetings Alexander
Re: Persistance on Tomcat 8.0 and Cluster
On Fri, Feb 27, 2015 at 9:39 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 2/27/15 9:24 AM, Daniel Mikusa wrote: On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler adied...@tecracer.de wrote: Hello Daniel, That you for your reply. You mean, that session persistance was enabled and a failover was recordnized by the loadbalancer and the session was still available on the remaining node? No. I'm just talking about your configuration. You have two conflicting things configured. 1.) You have a session store created. This is going to store your sessions into the database. It's *not* clustering (at least by the definition Tomcat uses), but can be an effective way to share sessions across multiple Tomcat instances. 2.) You have a cluster defined. This is going to tell Tomcat to replicate session data directly between your Tomcat nodes. As you pointed out previously, this can be problematic on AWS where they don't support multicast. It's also conflicting with #1, which is what the error you reported is telling you. In short, remove the Cluster/ tag, the error should go away. Are you sure that's best? My intent was just to answer the question that was asked. I was trying to stay out of this part of the discussion :) If the goal is uninterrupted fail-over, then perhaps using the BackupManager or DeltaManager with static membership is the better strategy. +1 I generally prefer session replication and if static membership will work I'd agree that's the way to go. Sometimes that is tricky on AWS because the IP addresses can change, then your config needs updated and it can get messy. On the subject of what's better, when using a shared storage approach for sessions you'd probably want to go with Redis or Memcached and not a JDBC backed store. Performance should be much better. Dan I guess the real question is for the OP: do you need clustering (i.e. session replication between nodes) or is it okay if a user has to login again and possibly re-start a workflow if they get failed-over to another node? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU8IGMAAoJEBzwKT+lPKRY5SQQAIPfDPyKNssUyEOJw5ouA9Qw 7chcfdhWVjiF83ecdXbZSxzS9hRi0l4pNdXVmU/LLQGNGfg+idtusrrG+fa4A4iE xrs36Wt5DCN2+ejCFlWbrW1Ixk58DTLVdXMJ+F67QTIEp59MmKpGOdTXWlWKs8HI Xgpq8hEJPMJbaUcEPu87iJbLviVoeWJD9i0TEeA/dcjdl0sR+WdH/VGBtS0TaAkX ZMaR0Tkp/Fx4hLWUwe2s5QFrQ6n8Mpeggr76owXuSSD2+J0PYPkezs/ctvssn7OJ YhHWPV5OQ52/YY3FFI5e8pEJZeX2D+FT+XS0CzI7EKsJ+UD9RgU/RVRv/iuKnLA9 GImVr2aAAycCnqGZzDyOrMpO0MfHw9SqLttLdliX8HI383WODYNbrKoON6KaAQRK MSwqbZ/YJcDczXVjzHxJZnggvhg2IYupQ89quSpf47kKL6bBw3607feiURegvSd5 +xiONk3OifRDbcEv/Q3fGwU5rMYzPaf3f/6Jx0/j9jq/ijVKDUI0fvkqaZnCAev4 o7p67AT6iyH31haRtLL72XFWm6/63hLXQ94qecOKyneAxu8/eWh+ajltAi28mMbk GFI4iqQCcij9gjcGX++dDoNoe9qGsDj5ZIhVTWXC4hEnsZF64yQG+KHJ+Gss9JV7 rbRTDWfS/YlVI/sBMiUz =KZKi -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help setting up sqlite data source
On Wed, Feb 25, 2015 at 2:19 AM, nandy r nandy0...@yahoo.com.invalid wrote: Hello, I wanted to setup tomcat+hibernate+JOTM+sqlite but could not find any information on sqlite setup. I did read a document on setting up datasources and also one tomcat document relating to mysql, postgresql. It appears I need to supply a resource name, auth, factory, driver class and url, which could be: resource name- any name I want to supply auth-does this apply to sqlite Set this to `Container`. factory -whats the factory for sqlite??? Omit the `factory` attribute and you'll use the default. It's almost certainly what you want. The factory attribute is used to specify a different connection pool implementation. Using the default is OK, unless you have a strong preference as to which implementation you use. driverclass-class of jdbc driver lib This needs to be the name of the JDBC Driver class that you'll use. I haven't used SQLite so I can't say what it would be. This is also one of the few properties that are specific to your database of choice. url-connection string This is the second commonly used property that will be specific to your database. You'd need to look at the docs for the SQLite JDBC driver to see what the URL should look like. Generally it'll start with jdbc: So please let me know how to setup the sqlite database and if you have a working configuration that would be great! 1.) Download your JDBC driver. Put it into the lib directory of your Tomcat server. 2.) Edit conf/server.xml. Locate the GlobalNamingResources tag. Add a new Resource/ within this block. [1] 3.) Here's a minimal example, you just need to fill in the blanks. For more options, see here [2]. Resource name=jdbc/your-jndi-name auth=Container type=javax.sql.DataSource username=your-db-user password=your-db-pass driverClassName=driver-class-name url=jdbc:... / 4.) Create a file in the `conf/Catalina/localhost/` directory with the same name as your application, but with the .xml extension. For example, if my WAR file is called `superCoolApp.war`. I'd create `conf/Catalina/localhost/superCoolApp.xml`. This will store configuration specific to your app. In that file, add the following. [3] Context ResourceLink name=jdbc/your-jndi-name global=jdbc/your-jndi-name type=javax.sql.DataSource / /Context This configuration will tell Tomcat that your app is allowed to use the global Resource we defined above. 5.) Restart your Tomcat server. This will pick up the changes in conf/server.xml. 6.) In your application, use JNDI to retrieve a connect. Example of this here [4]. You should also check out the docs here. While they're not specific to your database, much of the information is still valid. Sections like the Preventing database connection pool leaks, Common Problems and the code samples for accessing a db connection are not DB specific. Dan Alternatively, you can skip steps #2 #3 above and just put the Resource/ tag directly into the `conf/Catalina/localhost` Context/ block, in place of the ResourceLink/ tag. I prefer the steps above which create a global, shared resource. This alternative creates a pool specific to your app. [1] - http://tomcat.apache.org/tomcat-8.0-doc/jndi-resources-howto.html#Global_configuration [2] - http://commons.apache.org/proper/commons-dbcp/configuration.html [3] - http://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Resource_Links [4] - http://tomcat.apache.org/tomcat-8.0-doc/jndi-resources-howto.html#Using_resources [5] - http://tomcat.apache.org/tomcat-8.0-doc/jndi-datasource-examples-howto.html TIA, nandy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: when idle tomcat runs on 3.9% CPU
On Tue, Feb 24, 2015 at 7:33 AM, Peter Irbizon peterirbi...@gmail.com wrote: Hello, I would like to know if it is normal that tomcat7 runs on 3.9% CPU when idle? I saw all other processes are at 0%, only tomcat7 is always at least 3.9%. 1.) What's your system like? How many CPUs / cores? Is it a VM or hardware? What is the specific version of Tomcat? of Java? What OS are you running? 2.) How are you determining it's idle? As John mention, do you have any apps deployed? Do you know if traffic is hitting the server? 3.) Can you run a profiler and attach it to Tomcat? It'll tell you what's happening inside the JVM. Dan
Re: Tomcat 6 database connection issue
On Tue, Feb 24, 2015 at 10:08 AM, Mark Maciolek mark.macio...@unh.edu wrote: On 2/23/2015 2:46 PM, Daniel Mikusa wrote: On Feb 23, 2015 12:49 PM, Mark Maciolek mark.macio...@unh.edu wrote: On 2/23/2015 12:37 PM, Daniel Mikusa wrote: On Mon, Feb 23, 2015 at 12:25 PM, Mark Maciolek mark.macio...@unh.edu wrote: On 2/23/2015 9:55 AM, Daniel Mikusa wrote: On Mon, Feb 23, 2015 at 9:46 AM, Mark Maciolek mark.macio...@unh.edu wrote: hi, operating system: Scientific Linux release 6.6 (Carbon) postgres version postgresql-server-8.4.2 tomcat version tomcat6-6.0.24 Tomcat starts and I can reach page at the 8080 port on the server when I add the following xml file and restart tomcat I get this error: Feb 23, 2015 9:28:16 AM org.apache.catalina.startup.ContextConfig processContextConfig SEVERE: Parse error in context.xml for /cooa org.xml.sax.SAXParseException; systemId: file:///etc/tomcat6/Catalina/ localhost/cooa.xml; lineNumber: 21; columnNumber: 12; Error at (21, 12: null ?xml version=1.0 encoding=UTF-8? Context path=/web/opal/webapps docBase=/web/opal/webapps/ROOT debug=5 reloadable=true allowLinking=true Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver url=jdbc:postgresql://127.0.0.1:5432/cooa username=dbuser password=* maxActive=20 maxIdle=10 maxWait=1 /Resource This could be the list or a copy / paste issue, but you should not have the on the opening resource tag. It should be after your last attribute (i.e. after maxWait. You also don't need the closing Resource tag. Ex: Context path=/web/opal/webapps docBase=/web/opal/webapps/ROOT debug=5 reloadable=true allowLinking=true Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver url=jdbc:postgresql://127.0.0.1:5432/cooa username=dbuser password=* maxActive=20 maxIdle=10 maxWait=1 / /Context Dan PS: Remove path, it's not valid here. Remove debug, I don't think that does anything. Also, you probably want to remove docBase because you're pointing to something in the webapps folder (i.e. appBase), and you should only use docBase if your app is outside of the appBase folder. /Context Line #21 is the /Resource ran file past xml parse checker and reports everything okay. Been googling it for two days now and can not figure out what I have done wrong. Mark -- Mark Maciolek Network Administrator Morse Hall Room 339 603-862-3050 https://www.unh.edu/research/support-units/research-computing-center - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org hi, Changing the xml file per your suggestions loads now and my jsp pages now load as long as they don't need a database connection. I expect to see new postgres processes similar to this from a working server: postgres 407 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60176) idle postgres 408 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60177) idle postgres 409 7734 0 Feb17 ?00:01:01 postgres: dbuser eosearthdata 127.0.0.1(60178) idle postgres 410 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60179) idle postgres 411 7734 0 Feb17 ?00:01:01 postgres: dbuser eosearthdata 127.0.0.1(60180) idle Starting tomcat does not start the additional postgres processes on my server. It is trying to though: Do you have Postgres running on the same machine as Tomcat? Looks like it's waiting trying to make a connection, although it's a little hard to say because it looks like you're using a custom pool (edu.unh.sr.cooa.DBPool?). Dan hi, yes, postgres and tomcat are on same server, OK. It does seem like its hanging on connection. Have you actually tried the connection details outside of Tomcat? Perhaps with a command line tool or simple Java app? it is a custom pool because when moved to production server it will be sharing tomcat and postgres resources with other web sites. I don't know your circumstances but as an fyi Tomcat can share connection pools across multiple apps on one server. For testing purposes I would be willing to make it a standard pool. If you could, that would be helpful. Thanks Dan hi, added this line to my context xml and pool connections start factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
Re: Tomcat 6 database connection issue
On Mon, Feb 23, 2015 at 9:46 AM, Mark Maciolek mark.macio...@unh.edu wrote: hi, operating system: Scientific Linux release 6.6 (Carbon) postgres version postgresql-server-8.4.2 tomcat version tomcat6-6.0.24 Tomcat starts and I can reach page at the 8080 port on the server when I add the following xml file and restart tomcat I get this error: Feb 23, 2015 9:28:16 AM org.apache.catalina.startup.ContextConfig processContextConfig SEVERE: Parse error in context.xml for /cooa org.xml.sax.SAXParseException; systemId: file:///etc/tomcat6/Catalina/localhost/cooa.xml; lineNumber: 21; columnNumber: 12; Error at (21, 12: null ?xml version=1.0 encoding=UTF-8? Context path=/web/opal/webapps docBase=/web/opal/webapps/ROOT debug=5 reloadable=true allowLinking=true Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver url=jdbc:postgresql://127.0.0.1:5432/cooa username=dbuser password=* maxActive=20 maxIdle=10 maxWait=1 /Resource This could be the list or a copy / paste issue, but you should not have the on the opening resource tag. It should be after your last attribute (i.e. after maxWait. You also don't need the closing Resource tag. Ex: Context path=/web/opal/webapps docBase=/web/opal/webapps/ROOT debug=5 reloadable=true allowLinking=true Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver url=jdbc:postgresql://127.0.0.1:5432/cooa username=dbuser password=* maxActive=20 maxIdle=10 maxWait=1 / /Context Dan PS: Remove path, it's not valid here. Remove debug, I don't think that does anything. Also, you probably want to remove docBase because you're pointing to something in the webapps folder (i.e. appBase), and you should only use docBase if your app is outside of the appBase folder. /Context Line #21 is the /Resource ran file past xml parse checker and reports everything okay. Been googling it for two days now and can not figure out what I have done wrong. Mark -- Mark Maciolek Network Administrator Morse Hall Room 339 603-862-3050 https://www.unh.edu/research/support-units/research-computing-center - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 database connection issue
On Mon, Feb 23, 2015 at 12:25 PM, Mark Maciolek mark.macio...@unh.edu wrote: On 2/23/2015 9:55 AM, Daniel Mikusa wrote: On Mon, Feb 23, 2015 at 9:46 AM, Mark Maciolek mark.macio...@unh.edu wrote: hi, operating system: Scientific Linux release 6.6 (Carbon) postgres version postgresql-server-8.4.2 tomcat version tomcat6-6.0.24 Tomcat starts and I can reach page at the 8080 port on the server when I add the following xml file and restart tomcat I get this error: Feb 23, 2015 9:28:16 AM org.apache.catalina.startup.ContextConfig processContextConfig SEVERE: Parse error in context.xml for /cooa org.xml.sax.SAXParseException; systemId: file:///etc/tomcat6/Catalina/ localhost/cooa.xml; lineNumber: 21; columnNumber: 12; Error at (21, 12: null ?xml version=1.0 encoding=UTF-8? Context path=/web/opal/webapps docBase=/web/opal/webapps/ROOT debug=5 reloadable=true allowLinking=true Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver url=jdbc:postgresql://127.0.0.1:5432/cooa username=dbuser password=* maxActive=20 maxIdle=10 maxWait=1 /Resource This could be the list or a copy / paste issue, but you should not have the on the opening resource tag. It should be after your last attribute (i.e. after maxWait. You also don't need the closing Resource tag. Ex: Context path=/web/opal/webapps docBase=/web/opal/webapps/ROOT debug=5 reloadable=true allowLinking=true Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver url=jdbc:postgresql://127.0.0.1:5432/cooa username=dbuser password=* maxActive=20 maxIdle=10 maxWait=1 / /Context Dan PS: Remove path, it's not valid here. Remove debug, I don't think that does anything. Also, you probably want to remove docBase because you're pointing to something in the webapps folder (i.e. appBase), and you should only use docBase if your app is outside of the appBase folder. /Context Line #21 is the /Resource ran file past xml parse checker and reports everything okay. Been googling it for two days now and can not figure out what I have done wrong. Mark -- Mark Maciolek Network Administrator Morse Hall Room 339 603-862-3050 https://www.unh.edu/research/support-units/research-computing-center - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org hi, Changing the xml file per your suggestions loads now and my jsp pages now load as long as they don't need a database connection. I expect to see new postgres processes similar to this from a working server: postgres 407 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60176) idle postgres 408 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60177) idle postgres 409 7734 0 Feb17 ?00:01:01 postgres: dbuser eosearthdata 127.0.0.1(60178) idle postgres 410 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60179) idle postgres 411 7734 0 Feb17 ?00:01:01 postgres: dbuser eosearthdata 127.0.0.1(60180) idle Starting tomcat does not start the additional postgres processes on my server. It is trying to though: Do you have Postgres running on the same machine as Tomcat? Looks like it's waiting trying to make a connection, although it's a little hard to say because it looks like you're using a custom pool (edu.unh.sr.cooa.DBPool?). Dan When I kill -3 tomcat pid 2015-02-23 12:16:21 Full thread dump OpenJDK 64-Bit Server VM (23.25-b01 mixed mode): http-8080-7 daemon prio=10 tid=0x7f133c1b3000 nid=0x7134 in Object.wait() [0x7f1348f39000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0xbae00240 (a org.apache.tomcat.util.net.AprEndpo int$Worker) at java.lang.Object.wait(Object.java:502) at org.apache.tomcat.util.net.AprEndpoint$Worker.await(AprEndpoint.java: 1511) - locked 0xbae00240 (a org.apache.tomcat.util.net.AprEndpoint$ Worker) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:15 36) at java.lang.Thread.run(Thread.java:701) http-8080-6 daemon prio=10 tid=0x7f135001b800 nid=0x712e in Object.wait() [0x7f134903a000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0xbae002d8
Re: Tomcat 6 database connection issue
On Feb 23, 2015 12:49 PM, Mark Maciolek mark.macio...@unh.edu wrote: On 2/23/2015 12:37 PM, Daniel Mikusa wrote: On Mon, Feb 23, 2015 at 12:25 PM, Mark Maciolek mark.macio...@unh.edu wrote: On 2/23/2015 9:55 AM, Daniel Mikusa wrote: On Mon, Feb 23, 2015 at 9:46 AM, Mark Maciolek mark.macio...@unh.edu wrote: hi, operating system: Scientific Linux release 6.6 (Carbon) postgres version postgresql-server-8.4.2 tomcat version tomcat6-6.0.24 Tomcat starts and I can reach page at the 8080 port on the server when I add the following xml file and restart tomcat I get this error: Feb 23, 2015 9:28:16 AM org.apache.catalina.startup.ContextConfig processContextConfig SEVERE: Parse error in context.xml for /cooa org.xml.sax.SAXParseException; systemId: file:///etc/tomcat6/Catalina/ localhost/cooa.xml; lineNumber: 21; columnNumber: 12; Error at (21, 12: null ?xml version=1.0 encoding=UTF-8? Context path=/web/opal/webapps docBase=/web/opal/webapps/ROOT debug=5 reloadable=true allowLinking=true Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver url=jdbc:postgresql://127.0.0.1:5432/cooa username=dbuser password=* maxActive=20 maxIdle=10 maxWait=1 /Resource This could be the list or a copy / paste issue, but you should not have the on the opening resource tag. It should be after your last attribute (i.e. after maxWait. You also don't need the closing Resource tag. Ex: Context path=/web/opal/webapps docBase=/web/opal/webapps/ROOT debug=5 reloadable=true allowLinking=true Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver url=jdbc:postgresql://127.0.0.1:5432/cooa username=dbuser password=* maxActive=20 maxIdle=10 maxWait=1 / /Context Dan PS: Remove path, it's not valid here. Remove debug, I don't think that does anything. Also, you probably want to remove docBase because you're pointing to something in the webapps folder (i.e. appBase), and you should only use docBase if your app is outside of the appBase folder. /Context Line #21 is the /Resource ran file past xml parse checker and reports everything okay. Been googling it for two days now and can not figure out what I have done wrong. Mark -- Mark Maciolek Network Administrator Morse Hall Room 339 603-862-3050 https://www.unh.edu/research/support-units/research-computing-center - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org hi, Changing the xml file per your suggestions loads now and my jsp pages now load as long as they don't need a database connection. I expect to see new postgres processes similar to this from a working server: postgres 407 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60176) idle postgres 408 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60177) idle postgres 409 7734 0 Feb17 ?00:01:01 postgres: dbuser eosearthdata 127.0.0.1(60178) idle postgres 410 7734 0 Feb17 ?00:01:00 postgres: dbuser eosearthdata 127.0.0.1(60179) idle postgres 411 7734 0 Feb17 ?00:01:01 postgres: dbuser eosearthdata 127.0.0.1(60180) idle Starting tomcat does not start the additional postgres processes on my server. It is trying to though: Do you have Postgres running on the same machine as Tomcat? Looks like it's waiting trying to make a connection, although it's a little hard to say because it looks like you're using a custom pool (edu.unh.sr.cooa.DBPool?). Dan hi, yes, postgres and tomcat are on same server, OK. It does seem like its hanging on connection. Have you actually tried the connection details outside of Tomcat? Perhaps with a command line tool or simple Java app? it is a custom pool because when moved to production server it will be sharing tomcat and postgres resources with other web sites. I don't know your circumstances but as an fyi Tomcat can share connection pools across multiple apps on one server. For testing purposes I would be willing to make it a standard pool. If you could, that would be helpful. Thanks Dan Mark When I kill -3 tomcat pid 2015-02-23 12:16:21 Full thread dump OpenJDK 64-Bit Server VM (23.25-b01 mixed mode): http-8080-7 daemon prio=10 tid=0x7f133c1b3000 nid=0x7134 in Object.wait() [0x7f1348f39000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native
Re: WorkManager replacement
On Fri, Feb 13, 2015 at 9:49 AM, Kevin Hale Boyes kcbo...@gmail.com wrote: We already use Spring in the project so I'll have a look there. http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#scheduling Dan Thanks On 13 February 2015 at 05:29, Daniel Mikusa dmik...@pivotal.io wrote: On Thu, Feb 12, 2015 at 11:59 PM, Kevin Hale Boyes kcbo...@gmail.com wrote: I currently have an application running on weblogic that I'm moving over to tomcat 8. One of the things the application does is run background jobs using the commonj WorkManager. These jobs are managed by weblogic which seems to be the recommended practice. What is the best/recommended way to run background jobs in Tomcat 8? Personally I'd use Spring, which has a nice and simple way to schedule tasks. I'd also be using Spring for other things though and I'm not sure I'd pull it in just for scheduled tasks. A quick google search came up with this library. http://commonj.myfoo.de/ Haven't personally used it though. I suppose another option would be to just use java.util.concurrent. Dan Thanks, Kevin
Re: WorkManager replacement
On Thu, Feb 12, 2015 at 11:59 PM, Kevin Hale Boyes kcbo...@gmail.com wrote: I currently have an application running on weblogic that I'm moving over to tomcat 8. One of the things the application does is run background jobs using the commonj WorkManager. These jobs are managed by weblogic which seems to be the recommended practice. What is the best/recommended way to run background jobs in Tomcat 8? Personally I'd use Spring, which has a nice and simple way to schedule tasks. I'd also be using Spring for other things though and I'm not sure I'd pull it in just for scheduled tasks. A quick google search came up with this library. http://commonj.myfoo.de/ Haven't personally used it though. I suppose another option would be to just use java.util.concurrent. Dan Thanks, Kevin
Re: tomcat severe error when shutting down service but startup is clean
On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com wrote: I keep getting these weird tomcat errors on shutdown on a newly built system using tomcat 7.0.57 on a windows 2012 server with jdk 1.7 that I can't figure out. This is the catalina log: Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc SEVERE: The web application [/identityiq] registered the JDBC driver [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered. This is saying that there was a problem unregistering this JDBC driver. It's my understanding that this is common for JDBC drivers and why it's generally recommended that you put them in either $CATALINA_HOME/lib or $CATALINA_BASE/lib instead of bundled with the web app. Can you give that a try and see if this message goes away? Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/identityiq] appears to have started a thread named [Thread-3] but has failed to stop it. This is very likely to create a memory leak. Something (possibly your JDBC driver) in your app is starting a thread. Because the app starts the thread, it's responsible to cleaning it up. This message is telling you that the thread is not being cleaned up. If you take a thread dump when your app is running and then stop the app, you should be able to get an idea as to what created this thread. The jdbc driver I am using is in the folder identityiq under the webapps directory in tomcat. It is the sqljdbc4.jar driver. This driver is not in the tomcat\lib directory. Please help because I am getting no help from the vender. Thank you. Is there any reason it's bundled with the app and not in the lib directory? Usually you'd put JDBC drivers in the lib directory. Dan On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com wrote: I keep getting these weird tomcat errors on shutdown on a newly built system using tomcat 7.0.57 on a windows 2012 server with jdk 1.7 that I can't figure out. This is the catalina log: Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc SEVERE: The web application [/identityiq] registered the JDBC driver [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered. Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/identityiq] appears to have started a thread named [Thread-3] but has failed to stop it. This is very likely to create a memory leak. The jdbc driver I am using is in the folder identityiq under the webapps directory in tomcat. It is the sqljdbc4.jar driver. This driver is not in the tomcat\lib directory. Please help because I am getting no help from the vender. Thank you. Kevin Wirth Sr. Systems Engineer Information Services Astoria Bank * (516) 327-7762 | * kwi...@astoriabank.commailto: kwi...@astoriabank.com Astoria Federal Savings is now Astoria Bank. We can now be contacted at our new email addresses @astoriabank.com. This e-mail and any attachments that accompany it are confidential and may be legally privileged. It is intended solely for the use of the individual(s) to whom it was intended to be addressed. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, please immediately return the e-mail to the sender and delete the original and any copy from your computer. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to its intended recipient, you are herewith notified that any dissemination, distribution, copying or retention of this communication or the information contained herein is strictly prohibited.
Re: tomcat severe error when shutting down service but startup is clean
On Thu, Feb 12, 2015 at 9:43 AM, Wirth, Kevin kwi...@astoriabank.com wrote: If I move it won't the app break because it will look for the driver in the folder and not find it? 1.) Please don't top post. Reply inline like this or at the bottom. 2.) No. The app doesn't look for the driver in that specific location. It looks on the classpath. Since the lib directory is also on the classpath, it will still be available. Dan -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, February 12, 2015 9:37 AM To: Tomcat Users List Subject: Re: tomcat severe error when shutting down service but startup is clean You need to move, not copy. Copying is not enough, as webapp jars are preferred over Tomcat ones. Also having the same class in two places may result in a behaviour that you do not expect. http://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html 2015-02-12 17:33 GMT+03:00 Wirth, Kevin kwi...@astoriabank.com: Ok, I will copy the driver into tomcat\lib and see what happens. Thank you. -Original Message- From: Daniel Mikusa [mailto:dmik...@pivotal.io] Sent: Thursday, February 12, 2015 9:31 AM To: Tomcat Users List Subject: Re: tomcat severe error when shutting down service but startup is clean On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com wrote: I keep getting these weird tomcat errors on shutdown on a newly built system using tomcat 7.0.57 on a windows 2012 server with jdk 1.7 that I can't figure out. This is the catalina log: Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc SEVERE: The web application [/identityiq] registered the JDBC driver [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered. This is saying that there was a problem unregistering this JDBC driver. It's my understanding that this is common for JDBC drivers and why it's generally recommended that you put them in either $CATALINA_HOME/lib or $CATALINA_BASE/lib instead of bundled with the web app. Can you give that a try and see if this message goes away? Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/identityiq] appears to have started a thread named [Thread-3] but has failed to stop it. This is very likely to create a memory leak. Something (possibly your JDBC driver) in your app is starting a thread. Because the app starts the thread, it's responsible to cleaning it up. This message is telling you that the thread is not being cleaned up. If you take a thread dump when your app is running and then stop the app, you should be able to get an idea as to what created this thread. The jdbc driver I am using is in the folder identityiq under the webapps directory in tomcat. It is the sqljdbc4.jar driver. This driver is not in the tomcat\lib directory. Please help because I am getting no help from the vender. Thank you. Is there any reason it's bundled with the app and not in the lib directory? Usually you'd put JDBC drivers in the lib directory. Dan On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com wrote: I keep getting these weird tomcat errors on shutdown on a newly built system using tomcat 7.0.57 on a windows 2012 server with jdk 1.7 that I can't figure out. This is the catalina log: Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc SEVERE: The web application [/identityiq] registered the JDBC driver [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered. Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/identityiq] appears to have started a thread named [Thread-3] but has failed to stop it. This is very likely to create a memory leak. The jdbc driver I am using is in the folder identityiq under the webapps directory in tomcat. It is the sqljdbc4.jar driver. This driver is not in the tomcat\lib directory. Please help because I am getting no help from the vender. Thank you. Kevin Wirth Sr. Systems Engineer Information Services Astoria Bank * (516) 327-7762 | * kwi...@astoriabank.commailto: kwi...@astoriabank.com Astoria Federal Savings is now Astoria Bank. We can now be contacted at our new email addresses @astoriabank.com. This e-mail and any attachments that accompany it are confidential and may be legally privileged. It is intended solely for the use of the individual(s) to whom it was intended to be addressed. Access to this e-mail
Re: tomcat severe error when shutting down service but startup is clean
On Thu, Feb 12, 2015 at 11:20 AM, Wirth, Kevin kwi...@astoriabank.com wrote: -Original Message- From: Daniel Mikusa [mailto:dmik...@pivotal.io] Sent: Thursday, February 12, 2015 9:52 AM To: Tomcat Users List Subject: Re: tomcat severe error when shutting down service but startup is clean On Thu, Feb 12, 2015 at 9:43 AM, Wirth, Kevin kwi...@astoriabank.com wrote: If I move it won't the app break because it will look for the driver in the folder and not find it? 1.) Please don't top post. Reply inline like this or at the bottom. 2.) No. The app doesn't look for the driver in that specific location. It looks on the classpath. Since the lib directory is also on the classpath, it will still be available. Dan Update: I added this to the java tab -Dsun.lang.ClassLoader.allowArraySyntax=true and all of the severe errors are gone except one: Feb 12, 2015 11:14:17 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/identityiq] appears to have started a thread named [Thread-3] but has failed to stop it. This is very likely to create a memory leak. Any ideas? Something in your app is starting a thread. Because the app starts the thread, it's responsible to cleaning it up. This message is telling you that the thread is not being cleaned up. If you take a thread dump when your app is running and then stop the app, you should be able to get an idea as to what created this thread. http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F Dan -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, February 12, 2015 9:37 AM To: Tomcat Users List Subject: Re: tomcat severe error when shutting down service but startup is clean You need to move, not copy. Copying is not enough, as webapp jars are preferred over Tomcat ones. Also having the same class in two places may result in a behaviour that you do not expect. http://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html 2015-02-12 17:33 GMT+03:00 Wirth, Kevin kwi...@astoriabank.com: Ok, I will copy the driver into tomcat\lib and see what happens. Thank you. -Original Message- From: Daniel Mikusa [mailto:dmik...@pivotal.io] Sent: Thursday, February 12, 2015 9:31 AM To: Tomcat Users List Subject: Re: tomcat severe error when shutting down service but startup is clean On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com wrote: I keep getting these weird tomcat errors on shutdown on a newly built system using tomcat 7.0.57 on a windows 2012 server with jdk 1.7 that I can't figure out. This is the catalina log: Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc SEVERE: The web application [/identityiq] registered the JDBC driver [com.microsoft.sqlserver.jdbc.SQLServerDriver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered. This is saying that there was a problem unregistering this JDBC driver. It's my understanding that this is common for JDBC drivers and why it's generally recommended that you put them in either $CATALINA_HOME/lib or $CATALINA_BASE/lib instead of bundled with the web app. Can you give that a try and see if this message goes away? Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/identityiq] appears to have started a thread named [Thread-3] but has failed to stop it. This is very likely to create a memory leak. Something (possibly your JDBC driver) in your app is starting a thread. Because the app starts the thread, it's responsible to cleaning it up. This message is telling you that the thread is not being cleaned up. If you take a thread dump when your app is running and then stop the app, you should be able to get an idea as to what created this thread. The jdbc driver I am using is in the folder identityiq under the webapps directory in tomcat. It is the sqljdbc4.jar driver. This driver is not in the tomcat\lib directory. Please help because I am getting no help from the vender. Thank you. Is there any reason it's bundled with the app and not in the lib directory? Usually you'd put JDBC drivers in the lib directory. Dan On Thu, Feb 12, 2015 at 9:06 AM, Wirth, Kevin kwi...@astoriabank.com wrote: I keep getting these weird tomcat errors on shutdown on a newly built system using tomcat 7.0.57 on a windows 2012 server with jdk 1.7 that I can't figure out. This is the catalina log: Feb 12, 2015 8:54:31 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc SEVERE: The web application
Re: Issue when using tomcat JDBC Connection Pool with a shared resource
On Fri, Feb 6, 2015 at 9:57 AM, Jean-Louis Mateo jean-louis.ma...@bull.net wrote: Hi Dan, Thank you for having replied to this issue. First of all, now it works fine but I would like to answer your questions... Not sure about this global attribute. I don't believe it's an attribute of the pool. Why did you add it? That's what I've read here http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Resource_Definitions The global attribute is on the ResourceLink tag, not the Resource tag. 2.) It has no url or driver set. Thanks. The issue was here and I should have read it more closely about the name property (at the same above url): name: The name of the resource link to be created, relative to the java:comp/env context. So... Before, in my context file ResourceLink name=jdbc/LocalTestDB E R R O R this jndi name doesn't exist global=sharedDataSource type=javax.sql.DataSource/ After, in my context file ResourceLink name=jdbc/TestDB - That's the right name global=sharedDataSource type=javax.sql.DataSource/ Now it works fine Note: In a way, you were right global property is no need in GlobalNamingResources (server.xml) Only global (from context.xml, ResourceLink) and name (from server.xml, GlobalNamingResources-Resource) are needed and have to match Awesome! Glad you caught that and were able to get it working. Dan You have initialSize set to 2. This should attempt to make connections when you start Tomcat. Do you see any errors at that time? There were no errors. At launching time, the pool is well created with 2 connexions in LISTENING state (netstat -an) This is unrelated, but don't set path here. The path attribute is ignore here. The path is determined by the name of the xml file, which just happens to be test-app as well. OK. path is no longer set. Do you have anything set in conf/context.xml or in your web.xml? See the attached file Best Regards Jean-Louis Matéo -Message d'origine- De : Daniel Mikusa [mailto:dmik...@pivotal.io] Envoyé : vendredi 6 février 2015 14:06 À : Tomcat Users List Objet : Re: Issue when using tomcat JDBC Connection Pool with a shared resource On Fri, Feb 6, 2015 at 6:27 AM, Jean-Louis Mateo jean-louis.ma...@bull.net wrote: Hi, I would like to use the Tomcat JDBC Connection Pool with a shared resource so I’ve read : http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Standalone and http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Resource_L inks …. and tried to do the same but when I try to access to my servlet I get the following message: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' A couple odd things here... 1.) It's trying to use DBCP, not the jdbc connection pool. 2.) It has no url or driver set. at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(Ba sicDataSource.java:1452) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicData Source.java:1371) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSou rce.java:1044) at testPackage.DBTest.doGet(DBTest.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:620) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli cationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi lterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli cationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi lterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa lve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa lve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat orBase.java:612) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja va:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja va:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:9
Re: Issue when using tomcat JDBC Connection Pool with a shared resource
On Fri, Feb 6, 2015 at 6:27 AM, Jean-Louis Mateo jean-louis.ma...@bull.net wrote: Hi, I would like to use the Tomcat JDBC Connection Pool with a shared resource so I’ve read : http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Standalone and http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Resource_Links …. and tried to do the same but when I try to access to my servlet I get the following message: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' A couple odd things here... 1.) It's trying to use DBCP, not the jdbc connection pool. 2.) It has no url or driver set. at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1452) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1371) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) at testPackage.DBTest.doGet(DBTest.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:620) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:612) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at sun.jdbc.odbc.JdbcOdbcDriver.getProtocol(JdbcOdbcDriver.java:524) at sun.jdbc.odbc.JdbcOdbcDriver.knownURL(JdbcOdbcDriver.java:493) at sun.jdbc.odbc.JdbcOdbcDriver.acceptsURL(JdbcOdbcDriver.java:307) at java.sql.DriverManager.getDriver(DriverManager.java:262) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1437) ... 25 more Environment : Win 7 Java - jdk 1.7.0.65 Tomcat - 7.0.57 MySQL - 5.1.18 Tomcat service properties: -Dcatalina.home=Y:\Programs\Tomcat\Tomcat7 -Dcatalina.base=Y:\00-Prod\data\catalina -Djava.endorsed.dirs=Y:\Programs\Tomcat\Tomcat7\endorsed -Djava.io.tmpdir=Y:\Programs\Tomcat\Tomcat7\temp -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=Y:\Programs\Tomcat\Tomcat7\conf\logging.properties -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -XX:MaxPermSize=512m CATALINA_HOME/lib contents … tomcat-dbcp.jar tomcat-jdbc.jar … CATALINA_BASE/lib contents: mysql-connector-java-5.1.18-bin.jar CATALINA_BASE/conf/server.xml ... … GlobalNamingResources … What else do you have defined in this block? -- Resource name=sharedDataSource
Re: persisting sessions best practices
On Tue, Jan 27, 2015 at 3:03 AM, Aristedes Maniatis a...@ish.com.au wrote: Thank you to Dan and Chris for your valuable comments. On 1/19/15 9:21 AM, Daniel Mikusa wrote: Question 1: Is the documentation still correct after all these years of BackupManager being used? Is it still considered of lower reliability? It's just saying that less people use it. Because DeltaManager is the default and works fine in a lot of cases, the majority of users are just going to stick with it. Naturally then less people use BackupManager. It's not implying that BackupManager has problems. I've see BackupManager used a bunch of times and it worked great every time. Great. Then just as a summary, let me outline the options: Choice 1: to stick or not to stick If you use sticky sessions, then any session persistence layer is just there as a backup in case of failure of that node. So, for example, memcache would be used almost entirely to write entries and is never read from. You've got the gist of it. Sticky sessions get you 90% of the way there. If that's good enough for your usage, you can stop there. If you can't afford to lose a session then you've got to go the remaining 10% and setup clustering or shared storage for the session data. If you don't use sticky sessions, then the session persistence layer becomes a new point of failure and needs its own redundancy and load balancing. Correct. Tomcat's Clustering support works in a peer to peer fashion, so data is replicated between the Tomcat nodes. If you use a session store, session data is persisted to that store. The store itself could be a single node or multiple nodes in an HA configuration. That's up to you though. Dan Choices 2: which backend * JDBC * memcache * backup manager (can only be used in sticky mode) * delta manager For my needs I think the backupManager is the way to go. No extra moving parts, very simple to implement and not too much extra network traffic. On Mon, Jan 19, 2015 at 11:05 AM, Christopher Schultz wrote: My question would be whether you are engineering to solve a problem that does not yet exist. We went through this conversation years ago at $work, and decided that users having to re-authenticate in the event of a failure was an okay compromise given all the work it would require to keep a high-availability cluster up and running. Our user's needs simply aren't that critical. This is actually designed to make our life easier with sysadmin more than anything. We can then take an instance offline to adjust memory usage, attach a profiler or anything else, without worrying about doing it out of hours or slowly waiting for all sessions to expire. If you have commit rights to the tomcat documentation, can I suggest that you add your notes about HttpSession.setAttribute(). That hint is absolutely invaluable! Thanks Ari -- -- Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DisableExplicitGC
On Wed, Jan 21, 2015 at 2:59 PM, Mike Seda mike.s...@lillegroup.com wrote: Is it advisable to have the following JVM option set in Tomcat 7 (with Java 7)? -XX:+DisableExplicitGC It may or may not make a difference. Some questions like these come to mind... - How would you feel if one of the applications you deployed called System.gc()? - How about if it called it a lot? or at a really inconvenient time? - How much do you trust your apps or their developers? - Does one of your apps rely on that functionality for some reason? Or will this prevent Tomcat itself from calling System.gc() when it needs to? I really doubt Tomcat would call that. Dan
Re: DisableExplicitGC
On Wed, Jan 21, 2015 at 3:51 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 1/21/15 3:16 PM, Daniel Mikusa wrote: On Wed, Jan 21, 2015 at 2:59 PM, Mike Seda mike.s...@lillegroup.com wrote: Is it advisable to have the following JVM option set in Tomcat 7 (with Java 7)? -XX:+DisableExplicitGC It may or may not make a difference. Some questions like these come to mind... - How would you feel if one of the applications you deployed called System.gc()? - How about if it called it a lot? or at a really inconvenient time? - How much do you trust your apps or their developers? - Does one of your apps rely on that functionality for some reason? Our application does not call System.gc automatically, but we have that ability through an admin screen where we can say do GC now, and we call it. Sometimes when we have a heap that's been high for a while - -- say, tripping our monitoring software a lot -- we go in there and hit the GC button to see what happens. Usually, heap usage goes down to 25% of what it had been before... it's just that the JVM hadn't done a full GC in a while because it didn't need to. I've done that too, but initiated the GC through jvisualvm. I was wondering if DisableExplicitGC would prevent that as well, so I did a quick test and it seemed to prevent it. Guess that's something to consider too. Dan Or will this prevent Tomcat itself from calling System.gc() when it needs to? I really doubt Tomcat would call that. Tomcat calls System.gc() in only one place -- StandardHost.findReloadedContextMemoryLeaks -- which is mostly a debugging tool. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUwBFtAAoJEBzwKT+lPKRYiVMP/RAaAjPpKJWio+0I2Zrwnvu1 xryvw4Ua7DiVzh9ZVFy2NWvw92ReSUWxw6Uf2sKUVOwuC0X5HhnKh7VKtS1fy3h0 6zt/o3StQfugEx/lPA7L1uREJOedM1GOHcKeHNKhC3JQUVH2VKELraO+TMYkCiDU iiMr7pxoPC/TvCYFKQNgVom5TSEcYi18RL//UU/gBZPk+2ZHV8DbyW0wbLG65Lu2 FDEZw01tEqrRpIZrRndECL+9NbGEv6vLte1bPEk+2pImcaIKYME+z20ztsa8KfA1 kbQO6yLvhW4tREH/3SZqfacway4qOxjKQFWqDmkosm7HJXXKlEqsDT+Mi19mTD26 QvD8aQ6tCp5m6SPG89MN5dk6zHtnjVXrjaVMVx75e0IwSN35aJcUm3g5fTdXLwR6 vB4U3T958jt5/uD/k9QxJVB15R8+YdU29iBdxKKQ2C86eGa6jUdizaexNPPnaGPi R9xrSpHo9JjR/5uC1fIcSgwC6JfVH+j8y5j5Yx87vDllD70IkIgh6wtqxdBmL5as 7poC/h8D3TmZwKVtXoAf+DaFIZye9tqxyD8x56XLjVLfBSt9eta0ppunPtqY61KT feHBshR7IXvkP29h2rHnP0Yo5abFgQgz8+jFJSmhKpX9CuKtscToCE9Wbgf5ejST HZSKRwOUMcCVomv4hTwq =WE8p -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: persisting sessions best practices
On Sun, Jan 18, 2015 at 9:27 PM, Aristedes Maniatis a...@ish.com.au wrote: I have some applications currently using sticky sessions in tomcat 7. Everything works well except that restarting tomcat requires disabling mod_jk new sessions to an instance, waiting for sessions to expire and then several hours later restarting the instance. This process is slow and not resilient to unexpected failures. So I want to persist sessions and allow session failure in the cluster. It appears that I have several approaches: * JDBC * memcache [1] * DeltaManager * BackupManager I discounted JDBC quite quickly because I don't want to add any load to my existing database. DeltaManager seems simple, but I'm weary of sending lots of data to all the nodes in my cluster (there are 12) which aren't even running the application. I would agree. You don't want DeltaManager with that many cluster nodes. This is just my opinion but I wouldn't go over three or four nodes with DeltaManager. So BackupManager seems better for my needs. However the documentation [2] suggests that BackupManager may not be as reliable. Agree, BackupManager seems like it'll fit your needs better. Do you mean this comment? Downside of the BackupManager: not quite as battle tested as the delta manager. Question 1: Is the documentation still correct after all these years of BackupManager being used? Is it still considered of lower reliability? It's just saying that less people use it. Because DeltaManager is the default and works fine in a lot of cases, the majority of users are just going to stick with it. Naturally then less people use BackupManager. It's not implying that BackupManager has problems. I've see BackupManager used a bunch of times and it worked great every time. My next decision is between memcache and BackupManager/DeltaManager. memcache will require another service to be running, so slightly more maintenance and one more thing to fail. However memcache seems to be very commonly used and I'm not sure why. Are there benefits it will bring to this arrangement (such as visibility of live sessions in some sort of GUI) or something else I'm not seeing. I've not personally used memcache, but I have used redis, so I guess that's a similar approach. The technology was a nice fit, but it didn't seem like a huge win versus the out-of-the-box session replication. Both worked and both were fast enough for what I needed. I stuck with the out-of-the-box stuff because it's distributed and replicated by default and didn't require an extra server. Where I've mainly used redis is in restricted environments where direct communication from one node to the other is not possible, like in some cloud environments, or when it's not as easy to setup like when multicast is disabled. Dan Question 2: Are there advantages to running memcache as a session store? I'll be continuing to use sticky sessions since I think that will be more reliable (the system will survive the failure of the session store/replication, whatever I choose). Thanks for any advice Ari [1] https://code.google.com/p/memcached-session-manager/ [2] http://tomcat.apache.org/tomcat-7.0-doc/cluster-howto.html -- -- Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] persisting sessions best practices
On Mon, Jan 19, 2015 at 11:05 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 1/19/15 9:21 AM, Daniel Mikusa wrote: I've not personally used memcache, but I have used redis, so I guess that's a similar approach. Are you using Redis for session persistence? Yes, but I have used it for other things. It's a good project. The technology was a nice fit, but it didn't seem like a huge win versus the out-of-the-box session replication. Both worked and both were fast enough for what I needed. I stuck with the out-of-the-box stuff because it's distributed and replicated by default and didn't require an extra server. Aah, so you evaluated it and discarded it as an option for sessions because it didn't offer much over what comes with Tomcat? Basically. I was curious and tried it out. It worked fine, although I can't say I tested it exhaustively. Main reasons I stuck with clustering support in Tomcat are a.) it's all include with Tomcat, no additional JAR's or code needed b.) I'm very familiar with it's configuration troubleshooting c.) no additional server needed and d.) session data is automatically distributed across multiple nodes with Tomcat, for Redis I'd have to set that up or live with it being a single point of failure. Where I've mainly used redis is in restricted environments where direct communication from one node to the other is not possible, like in some cloud environments, or when it's not as easy to setup like when multicast is disabled. I'm curious because I looked at a handful of packages for this kind of thing (we are storing authentication nonces that need to be accessible from all of our Tomcat servers) and we settled on memcached if only for its simplicity and solid reputation. Some things it cannot do: 1. Replicate to other nodes. You can do sharding, but it's pretty low-brow and the shards don't actually know about each other. All of the smarts are in the client. The server doesn't do any of this. Evidently, there are some flavors of memcached that have been hacked to provide replication to other nodes, but it's not part of the main distribution and didn't seem ... safe. I believe the situation with Redis is similar. There some ways to do this with the stable 2.x release, but those have their are drawbacks. There's official clustering support in 3.0, which is still beta, though. It's supposed to resolve these issues. 2. Dump its database to disk. If you restart, you lose everything. You can save state with Redis. It's pretty flexible about how you configure it too, giving you different trade-offs between durability and performance. 3. Allow you to browse. Basically, if you know an item's key, you can fetch its value. If you don't, you are out of luck. You can't just poke around looking for things. There is no equivalent of SELECT * LIMIT 5 just to see what's in there. I think you'd be looking for the KEYS command. http://redis.io/commands/keys This is off topic, but it's really why I like Redis so I'm going to share. With Redis, not only can a key point to a value, but it can also point to other data structures like sets, lists, hashes and sorted sets. Something I've found to be very handy. Dan Does Redis do any of the above? Honestly, I think what Tomcat needs is a session manager for Cassandra or something similar: something intended to be a primary data store and not a cache (like memcached is). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUvStFAAoJEBzwKT+lPKRYXP8P/iQknECivamRE2+XPH9KSnzh BMwnq1TudZ20qFZbwnxA33Yli4DwEM6Sug7mph+R3iDVgqkR5srMfNeGUciwwFN7 4IUObktVQxg21VbSachilfi2Aat33FYTlmtHf+plDQAr0ig41pOKhujuF6pWWM3V RNJZQgmAivQXgA86RavIaVX+7x4HeB+w8iTYQm6dGbCpTWIADeqBuT358dTKRX+D Ricvs1M7C37LJNCyymKSgKlxAf7MF39viW9lHBsMp45o166vWcAGjj6juNuXDyBD xdk6UbkqbGIQ+No1W20BQZEm7mL8cCq8NYqs6YHwf9rV3v6rP4E0CTH1ubNN4q/K AwWtT5ijP7xA3cPxXEs7XdL6ynsMMJublk2/+V/+ctPE2XP7kfQCMBYhPSiux1Kc ILikydk5u0X0Dudmes4r9g6+wabnR9OC6/lB3c6BRG6kOdbj+VJo+23vbUQZkAHt lCVjjTirrvb6YLXuv+IXUomAlLn7bzQ39M1L1UO5wsRUd2kICnpZ7G5Cs3n5r98B WWSBLvChvez/hnt2HP3PlTBstW06R1Ds9FvkSMtVoO3roQSPEx6b1QCEsnw1NXCL SvAgN43FzXZxOyr+ZohGzUhSELXQI5v7pV6p3Bj+tMrAL/+fzMiS4KoJqDWc7/nB 3NlP1g/7RN1IYnLkFm+q =Po13 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Occasional long wait for a JDBC connection
) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1081) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658) at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1566) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1523) - locked 0xfecbac90 (a org.apache.tomcat.util.net.SecureNioChannel) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) On Tue, Jan 13, 2015 at 8:21 AM, Daniel Mikusa dmik...@pivotal.io wrote: On Tue, Jan 13, 2015 at 9:51 AM, Darren Davis dar...@virtualvoodoo.net wrote: Recently we deployed our production application on a Tomcat 8.0.14 web server. We are using the Tomcat JDBC Connection pool against MySQL 5. Our web application uses Spring (3.2.11.RELEASE) /Hibernate (3.6.10.Final) for transaction management. We are using a Cent OS 6 linux server in the cloud running the 2.6.32-504 kernel. We're using the 1.8.0_25 jdk. Ever since deployment, we've noticed that a couple of times per day, when Spring is attempting to prepare/open a new JDBC Connection, the thread in question times out for about 15 minutes, and then resumes as if everything is fine. What's the CPU usage like at this time? Seems unlikely, but maybe your in the middle of a massive full GC. The line that appears to be hanging from the hibernate side is factory.getConnectionProvider().getConnection(), which I think simply asks for a connection from the pool. Out of curiosity how did you determine this? Did you take a thread dump? If not, that would be a good place to start. Grab three or four thread dumps during that 15 minute window. The thread dump will tell you exactly what's happening in the thread at the time. Looking at multiple dumps will also show you if the thread has progressed from one dump to the next. Instructions for taking at thread dump can be found here: http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F Dan The following options are defined in the Resource definition: auth=Container factory=org.apache.tomcat.jdbc.pool.DataSourceFactory type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver maxActive=500 maxIdle=55 maxWait=15000 validationQuery=Select 1 testOnBorrow=true defaultAutoCommit=false At this time of year, our user load peaks around 150, so we shouldn't be coming close to the maxActive defined. MySql is configured to allow for 1010 maximum connections (we have two Tomcat instances that point to it, configured similarly) This application has ran for years without a problem against a Tomcat 6 instance, but after moving to Jdk 8 and Tomcat 8, we're seeing this 15 minute wait. Any ideas on what could cause this sort of thing, and as there additional logging we
Re: Occasional long wait for a JDBC connection
On Tue, Jan 13, 2015 at 9:51 AM, Darren Davis dar...@virtualvoodoo.net wrote: Recently we deployed our production application on a Tomcat 8.0.14 web server. We are using the Tomcat JDBC Connection pool against MySQL 5. Our web application uses Spring (3.2.11.RELEASE) /Hibernate (3.6.10.Final) for transaction management. We are using a Cent OS 6 linux server in the cloud running the 2.6.32-504 kernel. We're using the 1.8.0_25 jdk. Ever since deployment, we've noticed that a couple of times per day, when Spring is attempting to prepare/open a new JDBC Connection, the thread in question times out for about 15 minutes, and then resumes as if everything is fine. What's the CPU usage like at this time? Seems unlikely, but maybe your in the middle of a massive full GC. The line that appears to be hanging from the hibernate side is factory.getConnectionProvider().getConnection(), which I think simply asks for a connection from the pool. Out of curiosity how did you determine this? Did you take a thread dump? If not, that would be a good place to start. Grab three or four thread dumps during that 15 minute window. The thread dump will tell you exactly what's happening in the thread at the time. Looking at multiple dumps will also show you if the thread has progressed from one dump to the next. Instructions for taking at thread dump can be found here: http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F Dan The following options are defined in the Resource definition: auth=Container factory=org.apache.tomcat.jdbc.pool.DataSourceFactory type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver maxActive=500 maxIdle=55 maxWait=15000 validationQuery=Select 1 testOnBorrow=true defaultAutoCommit=false At this time of year, our user load peaks around 150, so we shouldn't be coming close to the maxActive defined. MySql is configured to allow for 1010 maximum connections (we have two Tomcat instances that point to it, configured similarly) This application has ran for years without a problem against a Tomcat 6 instance, but after moving to Jdk 8 and Tomcat 8, we're seeing this 15 minute wait. Any ideas on what could cause this sort of thing, and as there additional logging we could turn on to try and figure out what is happening inside the pool to make it wait so long?
Re: question on EL Lambda expression in a JSP on Tomcat 8_0_15
On Tue, Jan 13, 2015 at 4:11 PM, Anup Aggarwal codeteste...@gmail.com wrote: Hi, I am trying to run this EL Lambda expression in a JSP on Tomcat 8_0_15 ${(incr = x-x+1; incr(10)} This could be a typo in your email, but you have an extra ( at the beginning before incr =. Dan But I get this exception org.apache.jasper.JasperException: /TestLambda.jsp (line: 44, column: 42) The function incr must be used with a prefix when a default namespace is not specified org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:42) Thanks and help will be appreciated to resolve this.
Re: Static files with default servlet in tomcat 8.0.9
On Mon, Jan 12, 2015 at 9:55 AM, Srikanth Hugar srikanth.hu...@gmail.com wrote: Hello, I am trying to configure static files with default servlet in tomcat 8.0.9 but could not succeed. My directory structure in deployed webapp is: - WEB-INF - static -css -images -js - META-INF and* web.xml* configuration using default servlet is : !-- static URLs -- servlet-mapping servlet-namedefault/servlet-name url-pattern/res/*/url-pattern /servlet-mapping Have you tried removing this and just accessing your files at /myapp/static/...? But when i make request from my page with URL it fails with 404. http://SUB.DOMAIN.COM/myapp/*res/static/*js/imports/jquerymin.js What could be the problem? No idea, but you could try one of these steps to debug further. - enable more logging, like for `org.apache.catalina.servlets.DefaultServlet` - step into it with a debugger Dan How can i make it work? I tried to find information from web, but could not help. Thanks.
Re: Startup of tomcat 8 takes twice as long as startup of tomcat 6
On Mon, Dec 15, 2014 at 8:33 AM, gch...@gmx.de gch...@gmx.de wrote: Hi, we used to deploy our webapp in a tomcat 6.0.35 and want to upgrade to tomcat 8.0.9. Try the latest Tomcat 8 release, 8.0.15, and see if that helps. During testing we discovered, that the startup process of tomcat 8 is twice as long as the startup process of tomcat 6 (with the same single webapp deployed) How long does Tomcat 8 take to start without any apps deployed? My test system is as follows: Windows 7, JRE 1.7.0, Tomcat 6.0.35/8.0.9 Inspection of the log files revealed, that the additional time is used for class loading: Log of tomcat 6: ... Nov 28, 2014 5:07:59 PM org.apache.tomcat.util.digester.Digester endDocument Fein: endDocument() Nov 28, 2014 5:07:59 PM org.apache.catalina.loader.WebappClassLoader loadClass Fein: loadClass(org.springframework.web.util.Log4jConfigListener, false) ... Fein: Parent class loader is: WebappClassLoader context: delegate: false repositories: -- Parent Classloader: org.apache.catalina.loader.StandardClassLoader@189ff97 Nov 28, 2014 5:08:08 PM org.apache.jasper.compiler.JspRuntimeContext initClassPath Fein: Compilation classpath initialized: ... Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init Fein: Scratch dir for the JSP engine is: ... Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init Fein: IMPORTANT: Do not modify the generated servlets Nov 28, 2014 5:08:08 PM org.apache.catalina.core.StandardContext start Fein: Starting completed ... Nov 28, 2014 5:08:09 PM org.apache.catalina.startup.Catalina start Information: Server startup in 10861 ms Log of tomcat 8: ... 28-Nov-2014 16:09:09.128 FINER [localhost-startStop-1] org.apache.tomcat.util.scan.StandardJarScanner.scan Not scanning JAR [file:/C:/Program%20Files/tomcat%208/tolina_webserver-3.0.0-SNAPSHOT-20141103-130423/bin/tomcat-juli.jar] from classpath 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass loadClass(org.apache.jasper.servlet.JasperInitializer, false) 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass Delegating to parent classloader1 java.net.URLClassLoader@1c47dd5 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass Loading class from parent ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.compiler.JspRuntimeContext.init Parent class loader is: WebappClassLoader context: /manager delegate: false -- Parent Classloader: java.net.URLClassLoader@1c47dd5 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.compiler.JspRuntimeContext.initClassPath Compilation classpath initialized: ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.servlet.JspServlet.init Scratch dir for the JSP engine is: ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.servlet.JspServlet.init IMPORTANT: Do not modify the generated servlets 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.tomcat.util.modeler.Registry.registerComponent Managed= Catalina:type=JspMonitor,WebModule=//localhost/manager,name=jsp,J2EEApplication=none,J2EEServer=none 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.tomcat.util.modeler.BaseModelMBean.preRegister preRegister org.apache.jasper.servlet.JspServlet@1067d4c Catalina:type=JspMonitor,WebModule=//localhost/manager,name=jsp,J2EEApplication=none,J2EEServer=none 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Starting completed 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/manager]] to [STARTING] 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/manager]] to [STARTED] ... 28-Nov-2014 16:09:28.377 FINE [main] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [StandardServer[8005]] to [STARTED] 28-Nov-2014 16:09:28.377 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 21443 ms Searching the web and the mail archives resulted in quite a few hints how to improve performance generally. I followed the instructions on wiki.apache.org/tomcat/HowTo/FasterStartUp, in particular: - Disabling JAR scanning (metadata-complete=true, absolute-ordering/ in the web-app. - in catalina.properties: tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\*.jar org.apache.catalina.startup.ContextConfig.jarsToSkip=\*.jar org.apache.catalina.startup.TldConfig.jarsToSkip=\*.jar - Removing the web socket API and
Re: Startup of tomcat 8 takes twice as long as startup of tomcat 6
On Mon, Dec 15, 2014 at 8:40 AM, Yaragalla Muralidhar yaragallamur...@gmail.com wrote: for me it is taking more than that. I have deployed a simple war file. How simple? What about when you run it without any apps deployed? How fast does it startup then? It took so long to deploy it. omcat-8.0.15\webapps\ROOT has finished in 240 ms 15-Dec-2014 19:08:32.348 INFO [main] org.apache.coyote.AbstractProtocol.start St arting ProtocolHandler [http-nio-8080] 15-Dec-2014 19:08:32.357 INFO [main] org.apache.coyote.AbstractProtocol.start St arting ProtocolHandler [ajp-nio-8009] 15-Dec-2014 19:08:32.360 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 336069 ms Have you tried anything listed here? http://wiki.apache.org/tomcat/HowTo/FasterStartUp If so, what were the results? Dan PS. If you have a profiler, hook it up to Tomcat and see what's taking so long. Most of the time it's the app, unless you're hitting one of the issues on the wiki page I listed above. *Thanks and Regards,* Muralidhar Yaragalla. *http://yaragalla.blogspot.in/ http://yaragalla.blogspot.in/* On Mon, Dec 15, 2014 at 7:03 PM, gch...@gmx.de gch...@gmx.de wrote: Hi, we used to deploy our webapp in a tomcat 6.0.35 and want to upgrade to tomcat 8.0.9. During testing we discovered, that the startup process of tomcat 8 is twice as long as the startup process of tomcat 6 (with the same single webapp deployed) My test system is as follows: Windows 7, JRE 1.7.0, Tomcat 6.0.35/8.0.9 Inspection of the log files revealed, that the additional time is used for class loading: Log of tomcat 6: ... Nov 28, 2014 5:07:59 PM org.apache.tomcat.util.digester.Digester endDocument Fein: endDocument() Nov 28, 2014 5:07:59 PM org.apache.catalina.loader.WebappClassLoader loadClass Fein: loadClass(org.springframework.web.util.Log4jConfigListener, false) ... Fein: Parent class loader is: WebappClassLoader context: delegate: false repositories: -- Parent Classloader: org.apache.catalina.loader.StandardClassLoader@189ff97 Nov 28, 2014 5:08:08 PM org.apache.jasper.compiler.JspRuntimeContext initClassPath Fein: Compilation classpath initialized: ... Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init Fein: Scratch dir for the JSP engine is: ... Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init Fein: IMPORTANT: Do not modify the generated servlets Nov 28, 2014 5:08:08 PM org.apache.catalina.core.StandardContext start Fein: Starting completed ... Nov 28, 2014 5:08:09 PM org.apache.catalina.startup.Catalina start Information: Server startup in 10861 ms Log of tomcat 8: ... 28-Nov-2014 16:09:09.128 FINER [localhost-startStop-1] org.apache.tomcat.util.scan.StandardJarScanner.scan Not scanning JAR [file:/C:/Program%20Files/tomcat%208/tolina_webserver-3.0.0-SNAPSHOT-20141103-130423/bin/tomcat-juli.jar] from classpath 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass loadClass(org.apache.jasper.servlet.JasperInitializer, false) 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass Delegating to parent classloader1 java.net.URLClassLoader@1c47dd5 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass Loading class from parent ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.compiler.JspRuntimeContext.init Parent class loader is: WebappClassLoader context: /manager delegate: false -- Parent Classloader: java.net.URLClassLoader@1c47dd5 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.compiler.JspRuntimeContext.initClassPath Compilation classpath initialized: ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.servlet.JspServlet.init Scratch dir for the JSP engine is: ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.servlet.JspServlet.init IMPORTANT: Do not modify the generated servlets 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.tomcat.util.modeler.Registry.registerComponent Managed= Catalina:type=JspMonitor,WebModule=//localhost/manager,name=jsp,J2EEApplication=none,J2EEServer=none 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.tomcat.util.modeler.BaseModelMBean.preRegister preRegister org.apache.jasper.servlet.JspServlet@1067d4c Catalina:type=JspMonitor,WebModule=//localhost/manager,name=jsp,J2EEApplication=none,J2EEServer=none 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Starting completed 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for
Re: Re: Startup of tomcat 8 takes twice as long as startup of tomcat 6
On Mon, Dec 15, 2014 at 11:54 AM, gch...@gmx.de gch...@gmx.de wrote: Hello Daniel, thank you very much for your quick reply. Sure, np. One quick note, on this list we prefer posters to not top post. Either reply inline like me or at the bottom. It's convention we've landed on to help make reading threads easier. Comparing the startup times for Tomcat 6.0.35 and Tomcat 8.0.15 without any apps deployed (and without any tuning, such as disabling jar scanning) shows me that Tomcat 8.0.15 is much faster than Tomcat 6.0.35 (53 ms opposed to 933 ms). Therefore, the problem has to come from the app, as you assumed. I also deployed our app to both tomcats and got the following startup times: Tomcat 6.0.35: 11675 ms Tomcat 8.0.15: 21964 ms Since the very same app was deployed to both tomcats, there still has to be some difference in the startup process which results in a slower startup in Tomcat 8.0.15. My thought for the difference would be this: http://wiki.apache.org/tomcat/HowTo/FasterStartUp#JAR_scanning You mentioned that you had tried the fixes listed here, right? Can you talk a little more about what you tried and what if any impact those changes had on the startup time? I will try a profiler to describe the problem more precisely. Excellent! That should help to pinpoint the problem. Dan Gero Gesendet: Montag, 15. Dezember 2014 um 16:04 Uhr Von: Daniel Mikusa dmik...@pivotal.io An: Tomcat Users List users@tomcat.apache.org Betreff: Re: Startup of tomcat 8 takes twice as long as startup of tomcat 6 On Mon, Dec 15, 2014 at 8:33 AM, gch...@gmx.de gch...@gmx.de wrote: Hi, we used to deploy our webapp in a tomcat 6.0.35 and want to upgrade to tomcat 8.0.9. Try the latest Tomcat 8 release, 8.0.15, and see if that helps. During testing we discovered, that the startup process of tomcat 8 is twice as long as the startup process of tomcat 6 (with the same single webapp deployed) How long does Tomcat 8 take to start without any apps deployed? My test system is as follows: Windows 7, JRE 1.7.0, Tomcat 6.0.35/8.0.9 Inspection of the log files revealed, that the additional time is used for class loading: Log of tomcat 6: ... Nov 28, 2014 5:07:59 PM org.apache.tomcat.util.digester.Digester endDocument Fein: endDocument() Nov 28, 2014 5:07:59 PM org.apache.catalina.loader.WebappClassLoader loadClass Fein: loadClass(org.springframework.web.util.Log4jConfigListener, false) ... Fein: Parent class loader is: WebappClassLoader context: delegate: false repositories: -- Parent Classloader: org.apache.catalina.loader.StandardClassLoader@189ff97 Nov 28, 2014 5:08:08 PM org.apache.jasper.compiler.JspRuntimeContext initClassPath Fein: Compilation classpath initialized: ... Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init Fein: Scratch dir for the JSP engine is: ... Nov 28, 2014 5:08:08 PM org.apache.jasper.servlet.JspServlet init Fein: IMPORTANT: Do not modify the generated servlets Nov 28, 2014 5:08:08 PM org.apache.catalina.core.StandardContext start Fein: Starting completed ... Nov 28, 2014 5:08:09 PM org.apache.catalina.startup.Catalina start Information: Server startup in 10861 ms Log of tomcat 8: ... 28-Nov-2014 16:09:09.128 FINER [localhost-startStop-1] org.apache.tomcat.util.scan.StandardJarScanner.scan Not scanning JAR [file:/C:/Program%20Files/tomcat%208/tolina_webserver-3.0.0-SNAPSHOT-20141103-130423/bin/tomcat-juli.jar] from classpath 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass loadClass(org.apache.jasper.servlet.JasperInitializer, false) 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass Delegating to parent classloader1 java.net.URLClassLoader@1c47dd5 28-Nov-2014 16:09:09.128 FINE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoader.loadClass Loading class from parent ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.compiler.JspRuntimeContext.init Parent class loader is: WebappClassLoader context: /manager delegate: false -- Parent Classloader: java.net.URLClassLoader@1c47dd5 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.compiler.JspRuntimeContext.initClassPath Compilation classpath initialized: ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.servlet.JspServlet.init Scratch dir for the JSP engine is: ... 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1] org.apache.jasper.servlet.JspServlet.init IMPORTANT: Do not modify the generated servlets 28-Nov-2014 16:09:28.362 FINE [localhost-startStop-1
Re: Multiple instances?
On Thu, Dec 11, 2014 at 3:45 AM, Billy Bones gael.ther...@gmail.com wrote: Ok, then I'll completly wright another systemd unit derivated from the one provided by CentOS. Yup, that what I thought about the CATALINA_HOME and BASE, so as you suggested, I'll test to run individual units and saw how it's going on. Many thanks guys. When you get something working, please share your solution :) I'm interested to see what you work out and I'm sure others will be as well. Dan 2014-12-10 18:10 GMT+01:00 Daniel Mikusa dmik...@pivotal.io: On Wed, Dec 10, 2014 at 10:35 AM, Billy Bones gael.ther...@gmail.com wrote: Hi Christopher, Many thanks for your answer, well, I'm pretty comfortable with systemd myself as I rely on it for my Fedora box for a long time ago, but on this particular topic regarding tomcat, I don't really understand the purpose of this special sentence. As you pointed it, for me too usually caps names == env variables but as on the tomcat-sysd script it's simply called without futher sources I'm not quite sure for now. Well, lets see if another *NIX Admin already had started multi-instances tomcat on systemd distributions :D Starting different instances of Tomcat is mostly just a matter of setting the CATALINA_HOME and CATALINA_BASE environment variables to the right locations. I'm sure systemd has a way for you to set environment variables, so that should be sufficient to start different instances. For more details on CATALINA_HOME and CATALINA_BASE, check out the RUNNING.txt file in your download or look here. http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/RUNNING.txt?view=markup I'd suggest getting everything working with multiple instance first. Once you can start the instances from the command line then worry about starting them with systemd. Another way would be to completly duplicate the tomcat directory and service unit and start both at runtime but... doesn't seems too shiny for a new server :D Also an option, but not as efficient. Dan 2014-12-10 16:27 GMT+01:00 Christopher Schultz ch...@christopherschultz.net : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Billy, On 12/10/14 9:57 AM, Billy Bones wrote: Hi guys, I'm currently preparing a migration of our Operating System which handle our current tomcat installation from an OLD Linux using init scripts to a CentOS7 release using sytemd. Hrm. Good luck getting help with systemd. The ASF doesn't even support init.d scripts, though I'm sure many *NIX admins here can help with init.d scripts (including myself). systemd is a bit new, to ... we'll see. Because I don't want to disturb the way the old server handle the webapps (not yet :-) ), I have to start 2 separated instances of tomcat on the new machine. Using init script to boot multiples instance is quite easy, but know I'll use systemd and I have to adapt. I installed my OS and Tomcat from the CentOS repos, take a look at the tomcat.service unit and tomcat-sysd script to see how the things work. But now I'm a little bit disappointed, I don't understand how to have multiple instances. I created a tomcat@jcr.service unit file on my systemd directory and read about the steps to achieve. The first step said that *by default SERVICE_NAME=tomcat. and must be defined BEFORE tomcat-sysd is called* Well, OK, but how am I suppose to do that? Using environnement variables? PreStartExec directive? Environnement directive? I have no idea. Generally, whenever I see something in ALL_CAPS that needs to be set to a value, it's an environment variable. With systemd, it could mean just about anything. I really don't get it, even looking at the tomcat-sysd wrapper script which indicate me HOW the system run multiple instance don't help me to understand WHERE am I suppose to put that information. I understand that I have to create a new unit file, a new /etc/sysconfig/tomcat file named according to the systemd unit, but I don't get it about the SERVICE_NAME. So if someone could help me a little bit, I'll be happy ^^ Ultimately, it will all boil down to CATALINA_BASE and CATALINA_HOME as far as Tomcat is concerned. The SERVICE_NAME is probably a systemd-only thing. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUiGZWAAoJEBzwKT+lPKRYsI0QAMI0IOCB2PjgBFKKb7Q1KtfF EpplWZmWEg7FL20HzTTjWM41r0IX5jZv1zFVBI8Na2mjtQ0v1KUUzPWnWo2+mGus nyrHl7HcY80LL9t4v3XwIpY0wE5pNgmTtnH+6JdHsahNNTN6NceK/j1IJoUPUFBj 9tdWHCM+bM6rP49nYBvBV3XPClw7nEc+NO3ddMeAY+zli71TuTnwIyC3Dp1v6ONW iNxheXHfDGACU1Qo7t9xL33g8cng06RD+LOjV
Re: Multiple instances?
On Wed, Dec 10, 2014 at 10:35 AM, Billy Bones gael.ther...@gmail.com wrote: Hi Christopher, Many thanks for your answer, well, I'm pretty comfortable with systemd myself as I rely on it for my Fedora box for a long time ago, but on this particular topic regarding tomcat, I don't really understand the purpose of this special sentence. As you pointed it, for me too usually caps names == env variables but as on the tomcat-sysd script it's simply called without futher sources I'm not quite sure for now. Well, lets see if another *NIX Admin already had started multi-instances tomcat on systemd distributions :D Starting different instances of Tomcat is mostly just a matter of setting the CATALINA_HOME and CATALINA_BASE environment variables to the right locations. I'm sure systemd has a way for you to set environment variables, so that should be sufficient to start different instances. For more details on CATALINA_HOME and CATALINA_BASE, check out the RUNNING.txt file in your download or look here. http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/RUNNING.txt?view=markup I'd suggest getting everything working with multiple instance first. Once you can start the instances from the command line then worry about starting them with systemd. Another way would be to completly duplicate the tomcat directory and service unit and start both at runtime but... doesn't seems too shiny for a new server :D Also an option, but not as efficient. Dan 2014-12-10 16:27 GMT+01:00 Christopher Schultz ch...@christopherschultz.net : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Billy, On 12/10/14 9:57 AM, Billy Bones wrote: Hi guys, I'm currently preparing a migration of our Operating System which handle our current tomcat installation from an OLD Linux using init scripts to a CentOS7 release using sytemd. Hrm. Good luck getting help with systemd. The ASF doesn't even support init.d scripts, though I'm sure many *NIX admins here can help with init.d scripts (including myself). systemd is a bit new, to ... we'll see. Because I don't want to disturb the way the old server handle the webapps (not yet :-) ), I have to start 2 separated instances of tomcat on the new machine. Using init script to boot multiples instance is quite easy, but know I'll use systemd and I have to adapt. I installed my OS and Tomcat from the CentOS repos, take a look at the tomcat.service unit and tomcat-sysd script to see how the things work. But now I'm a little bit disappointed, I don't understand how to have multiple instances. I created a tomcat@jcr.service unit file on my systemd directory and read about the steps to achieve. The first step said that *by default SERVICE_NAME=tomcat. and must be defined BEFORE tomcat-sysd is called* Well, OK, but how am I suppose to do that? Using environnement variables? PreStartExec directive? Environnement directive? I have no idea. Generally, whenever I see something in ALL_CAPS that needs to be set to a value, it's an environment variable. With systemd, it could mean just about anything. I really don't get it, even looking at the tomcat-sysd wrapper script which indicate me HOW the system run multiple instance don't help me to understand WHERE am I suppose to put that information. I understand that I have to create a new unit file, a new /etc/sysconfig/tomcat file named according to the systemd unit, but I don't get it about the SERVICE_NAME. So if someone could help me a little bit, I'll be happy ^^ Ultimately, it will all boil down to CATALINA_BASE and CATALINA_HOME as far as Tomcat is concerned. The SERVICE_NAME is probably a systemd-only thing. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUiGZWAAoJEBzwKT+lPKRYsI0QAMI0IOCB2PjgBFKKb7Q1KtfF EpplWZmWEg7FL20HzTTjWM41r0IX5jZv1zFVBI8Na2mjtQ0v1KUUzPWnWo2+mGus nyrHl7HcY80LL9t4v3XwIpY0wE5pNgmTtnH+6JdHsahNNTN6NceK/j1IJoUPUFBj 9tdWHCM+bM6rP49nYBvBV3XPClw7nEc+NO3ddMeAY+zli71TuTnwIyC3Dp1v6ONW iNxheXHfDGACU1Qo7t9xL33g8cng06RD+LOjV/0d7JX3YJh5okoLL2m6ACHrQI7c knlon9yX0skzLhesZnkPeePli7Atk0s54SdH71MZe41ZJvlb/DAYmIqlkg1H7CGA fJlWmCfU0RwwNDdNq9prfQt/LFePnKQJ6PNO75afkfROKqnklYBe4imqpGqg1ij1 vRMyemYobM83m2/xpZ3l5FWwk+DoJiWBC9MdAJ/M6TYXU8y3ERPtyzEfVfsTRnzu Q6XQ5wcJzJmazA3SK4h743auSbNLp9iVrAH5Rhh5iAxCZTtf5Et1zgBfocpTh12X xmgnsJtLTZ3jKNxdx9wD8zsXK0JYtWCYwisXRj6fGQuUU7INLDqRL7dVdl8VrHRQ ra4UXRhg8cKLd8YFbd78UxJK66TP/EyQqv1cIwTGF+XSS87pvAnR1T36cQ4e5KIB xwylVvlwSd9BvhatJtJw =w7Y2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat cluster with static membership
On Tue, Dec 9, 2014 at 9:16 AM, Théo Chamley theo...@mley.fr wrote: On 2014-12-08 21:22, Ameer Mawia wrote: Hi Theo, Since you are using static membership and NOT dynamic(multi-cast) which auto-detect members, my current understanding says that you will have to add entry of all the members of your cluster in each of nodes server.xml. Example: My cluster has two nodes. So to configure these I had add these two members entries in both node's server.xml(since running on the same machine, they have varying port with same ip): Interceptor className=org.apache.catalina.tribes.group.interceptors. StaticMembershipInterceptor Member className=org.apache.catalina.tribes.membership.StaticMember port=4000 host=192.168.1.6 uniqueId={10,1,0,100,0,0,0,0,0,0,0,0,0,0,0,0}/ Member className=org.apache.catalina.tribes.membership.StaticMember port=4001 host=192.168.1.6 uniqueId={10,1,0,101,0,0,0,0,0,0,0,0,0,0,0,0}/ Regards, Ameer Mawia On Mon, Dec 8, 2014 at 8:26 PM, Théo Chamley theo...@mley.fr wrote: Hello, I am trying to setup a simple Tomcat cluster with static membership. I can't use multicast because I am on a virtualization environment that does not allow it. Debian 7 Tomcat 8.0.14 Oracle JVM 1.8.0_25 Both Tomcat are ok on their own, but I can't seem to make the clustering work: the sessions are not replicated from one to another. Following the official documentation, I wrote this configuration : Engine name=Catalina defaultHost=localhost Cluster className=org.apache.catalina.ha.tcp. SimpleTcpCluster Manager className=org.apache.catalina.ha.session. BackupManager expireSessionsOnShutdown=false notifyListenersOnReplication=true mapSendOptions=6/ Channel className=org.apache.catalina.tribes.group. GroupChannel Receiver className=org.apache. catalina.tribes.transport.nio.NioReceiver address=0.0.0.0 port=4110 selectorTimeout=100 maxThreads=6/ Interceptor className=org.apache.catalina.tribes.group. interceptors.StaticMembershipInterceptor Member className=org.apache. catalina.tribes.membership.StaticMember port=4110 host=my.server.1 domain=staging-cluster uniqueId={1,2,3,4,5,6,7,8,9, 10,11,12,13,14,15,0}/ /Interceptor Sender className=org.apache.catalina.tribes.transport. ReplicationTransmitter Transport className=org.apache. catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group. interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group. interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group. interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp. ReplicationValve filter=.*\.gif|.*\.js|.*\. jpeg|.*\.jpg|.*\.png|.*\.css|. *\.txt/ ClusterListener className=org.apache.catalina.ha.session. ClusterSessionListener/ /Cluster [...] /Engine Note: I changed the host and uniqId on the StaticMembershipInterceptor on the other Tomcat. This is not a network problem as I can telnet into the 4110 port from one server to another. Also, by running a tcpdump, I can't see any trafic between the two servers. The Tomcats seem to be doing something, because I have the following in my catalina.out: ** 08-Dec-2014 15:38:15.309 INFO [main] org.apache.catalina.ha.tcp. SimpleTcpCluster.startInternal Cluster is about to start 08-Dec-2014 15:38:15.312 INFO [main] org.apache.catalina.tribes. transport.ReceiverBase.bind Receiver Server Socket bound to:/0.0.0.0:4110 08-Dec-2014 15:38:15.328 INFO [Thread-5] org.apache.catalina.ha.tcp. SimpleTcpCluster.memberAdded Replication member added:org.apache.catalina.tribes.membership. StaticMember[t cp://my.server.1:4110,my.server.1,4110, alive=0, securePort=-1, UDP Port=-1, id={1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 }, payload={}, command={}, domain={115 116 97 103 105 110 103 45 99 ...(15)}, ] 08-Dec-2014 15:38:15.330 INFO [main] org.apache.catalina.tribes. membership.McastServiceImpl.setupSocket Setting cluster mcast soTimeout to 500 08-Dec-2014 15:38:15.332 INFO [main] org.apache.catalina.tribes. membership.McastServiceImpl.waitForMembers Sleeping for 1000 milliseconds to establish cluster membership, sta rt level:4 08-Dec-2014 15:38:16.155 INFO [Membership-MemberAdded.] org.apache.catalina.ha.tcp.SimpleTcpCluster.memberAdded Replication member
Re: How to configure security for remote access to WebSocket
On Fri, Dec 5, 2014 at 6:21 AM, Des Magner des.mag...@gmail.com wrote: Hi I cannot access any websocket applications when my client runs on a different machine from tomcat. It works fine if everything is on the same machine but once I access from a different machine I see the error below in my Firebug console: NetworkError: 403 Forbidden - http://remote-host:8080/ examples/websocket/chat I have tested with all the sample websocket apps that come with tomcat and both with versions 7 and 8 of tomcat. I guess I need to configure some security constraint somewhere to allow access but I cannot find any documentation on it. Maybe look at the access log and verify that your request is making it to the Tomcat server. If you're on a corporate network, your request might be being blocked by a proxy or some other network device. Dan Thanks Des - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to configure security for remote access to WebSocket
On Fri, Dec 5, 2014 at 9:29 AM, Des Magner des.mag...@gmail.com wrote: I checked the logs and the the request does not seem to be making it to tomcat. There is no reference to it in the access log file. That would almost certainly indicate that something is blocking it. If the request hit Tomcat and Tomcat were the one telling you that access was denied, you would have a line in the access log. It is my own server so blocking should not be an issue. I checked the firewall logs and I don't see anything, Look at your browser or OS and see if it's configured to use a proxy. If it is, perhaps look at excluding the IP address of your server so that requests to it do not go through the proxy. But do I need to open other ports to allow access? My understanding is that with Websocket everything gets tunnelled through port 8080? You shouldn't need to open any additional ports, everything will go on your HTTP port. Dan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Documentation on Connectors needs updating
On Mon, Dec 1, 2014 at 2:05 PM, Igal @ getRailo.org i...@getrailo.org wrote: Chris, On 11/28/2014 6:26 AM, Christopher Schultz wrote: 4. Tomcat can server static content just as quickly as httpd. I remember that years ago it was recommended to front Tomcat with a web server in order to serve static content. I understand from your statement that this is not the case anymore. Were there any benchmark tests done for that? Any published sources that can be cited? Pid and I did some benchmarks for a talk we gave at SpringOne this year. Included in that are some basic tests serving up static files, NIO vs APR. We didn't test Tomcat vs HTTPD though. Results are on Github here. https://github.com/dmikusa-pivotal/s12gx-2014-fastest-servlets/blob/master/LoadTestResults/Results.md You can also run the tests yourself. All the config and everything that should be needed to set them up is in the Github project. Dan What about the overhead of session management for requests of static content? Is there any overhead there as opposed to using an http server? Thanks, Igal
Re: How to setup rewrite valve for angularjs
On Thu, Nov 20, 2014 at 9:08 PM, Tay Kai Yang kaiyang@gmail.com wrote: Hi I have been reading up tomcat 8's user doc. But I have some problems understanding the setup of rewrite valve. I think I should add the rewrite valve class name and XML settings to /conf/server.xml, but I am not sure what to do next. Where should I place my rewrite.config, how do I activate rewrite my war context only? See the second option here... http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html#Configuration It can also be in the context.xml of a webapp. The valve will then use a rewrite.config file containing the rewrite directives, it must be placed in the WEB-INF folder of the web application Have anyone written a tutorial or can point me to a source for how-to? The docs seem pretty thorough but if you need a tutorial you could look for a mod_rewrite tutorial. This valve is designed to be similar to mod_rewrite, so a tutorial for that should be mostly applicable here. Dan I am trying to set a single page angularjs app to point /context/path/path/... To /context/index.jsp Any idea on how to do that? Thanks. Kai yang
Re: Release calendar of Apache Tomcat versions
On Thu, Nov 20, 2014 at 7:00 AM, Iago Alonso Alonso infia...@udc.es wrote: I want to know where I can find the release calendar of the Apache Tomcat versions in order to do an analysis of the project. I have been searching in the Wiki, Google, etc but I don't found anything by the moment. I don't believe there's anything in calendar form, but yo see past release dates, start with the announcements here: http://tomcat.apache.org/ Then proceed to the older announcements here: http://tomcat.apache.org/oldnews.html You can learn more about future versions by joining the mailing lists here: http://tomcat.apache.org/lists.html Specifically dev and announce. Dan Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat JDBC pool - too many connections in TIME_WAIT state
On Thu, Nov 6, 2014 at 2:36 AM, Vasily Kukhta v.b.kuk...@gmail.com wrote: I have received additional details - the application starts getting java.sql.SQLException: Listener refused the connection with the following error: ORA-12519, TNS:no appropriate service handler found, although the amount of listeners in the DB is large enough. I have some concerns about the removeAbandonedTimeout property, it is set to 5 seconds now. Maybe the pool abandones every connection after 5 seconds, opens a new connection, and the previous connection goes to TIME_WAIT status consuming server resources? The removeAbandonedTimeout will take effect when your application takes a connection from the pool and holds it for more than 5 seconds. This would happen for things like a long running query (runs more than 5s) or if your app's not properly closing the connection. It's easy enough to see if this is happening too often, because you can simply enable logAbandoned (i.e. set it to true) and the pool will log a stack trace when it detects an abandoned connection. Dan Thank you! 2014-11-05 23:15 GMT+03:00 Filip Hanik fi...@hanik.com: this is part of the TCP lifecycle, you can adjust this timeout yourself on the Operating system level http://www.cs.northwestern.edu/~agupta/cs340/project2/TCPIP_State_Transition_Diagram.pdf cat /proc/sys/net/ipv4/tcp_fin_timeoutecho 15 /proc/sys/net/ipv4/tcp_fin_timeout On Wed, Nov 5, 2014 at 7:36 AM, Daniel Mikusa dmik...@pivotal.io wrote: On Wed, Nov 5, 2014 at 9:13 AM, Vasily Kukhta v.b.kuk...@gmail.com wrote: Hello all! I have developed an application using Tomcat JDBC pool. Everything is fine except that the pool leaves hundreds of TCP connections in TIME_WAIT state, I have to ask, but are you sure it's the pool? TCP connections in the TIME_WAIT state would indicate that a connection was closed. Given that the job of the pool is to keep the connections open and reuse them, it just seems a little odd. which kills the server sooner or later... Could you please suggest what to fix, my configuration is below: PoolProperties pp = new PoolProperties(); String connprops = oracle.net.CONNECT_TIMEOUT=3000;oracle.jdbc.ReadTimeout=3000;oracle.net.READ_TIMEOUT=3000; pp.setUsername(user); pp.setPassword(pass); pp.setConnectionProperties(connprops); pp.setDriverClassName(oracle.jdbc.OracleDriver); pp.setTestOnBorrow(true); pp.setTestOnConnect(true); pp.setTestWhileIdle(true); pp.setMaxWait(1000); pp.setMinEvictableIdleTimeMillis(1); pp.setTimeBetweenEvictionRunsMillis(5000); pp.setValidationInterval(1); pp.setValidationQuery(SELECT 1 FROM DUAL); pp.setRemoveAbandoned(true); pp.setRemoveAbandonedTimeout(5); pp.setJdbcInterceptors(org.apache.tomcat.jdbc.pool.interceptor.QueryTimeoutInterceptor(queryTimeout=3)); dataSource = new DataSource(); dataSource.setPoolProperties(pp); Nothing is jumping out at me as incorrect. Maybe try without the connection properties (i.e. the driver level timeouts)? Maybe try increasing the log level for org.apache.tomcat.jdbc.pool to FINEST or DEBUG. That might generate some additional logging to show why the connections are being closed. Also, check that your server is not timing out the connection, perhaps due to a server side limit. I've see this happen a lot. Although it seems unlikely, it's probably also worth checking that there's no firewall or network device that could be closing the connections. Dan Thank you in advance!
Re: Trying to filter noise from catalina.out.
On Tue, Nov 4, 2014 at 6:12 PM, Brandon Darbro bdar...@uievolution.com wrote: Looking for configuration help. Using tomcat7 7.0.34 from rpm package tomcat7-7.0.34-3.jpp6.noarch. Followed the instructions for using log4j for catalina.out found here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j These are instructions for using Log4j with Tomcat. It would enable you to control the files that Tomcat creates with log content. This includes files like catalina.-mm-dd.log, localhost.-mm-dd.log and other files that by default have the date in their name, however it does not allow you to control catalina.out. The catalina.out file represents anything written to STDOUT or STDERR by Tomcat or your applications. This would include things like an application directly writing to System.out or System.err or an application that is configured to log to STDOUT / STDERR or as some logging framework's call it the console. If you have application's writing to STDOUT / STDERR directly, you can use Tomcat's swallowOutput option to capture this output and run it through the logging system. http://tomcat.apache.org/tomcat-7.0-doc/config/context.html If you have applications that are logging to STDOUT / STDERR, you can control what's logged by editing the application specific logging configuration or by instructing them to log to a file and not STDOUT / STDERR. For the record, Tomcat writes very little to STDOUT / STDERR and it doesn't use EHCache so it's almost certain that the exception you're seeing is coming from an application. Dan Took the example log4j.properties file from the instructions above, corrected the logging paths for /var/log/tomcat7, and put it through a properties to xml converter. Replaced log4j.properties with log4j.xml, and logging is working. Now we want to try and filter out an Exception we are willing to live with, but can't have overflowing our log. Added the following filter: filter class=org.apache.log4j.filter.ExpressionFilter param name=expression value=EXCEPTION ~= java.io.NotSerializableException / param name=acceptOnMatch value=false/ /filter Yet we continue to get the exception in the log: Nov 4, 2014 1:52:45 PM net.sf.ehcache.distribution.RMISynchronousCacheReplicator replicatePutNotification SEVERE: Exception on replication of putNotification. error marshalling arguments; nested exception is: java.io.NotSerializableException: com.fakename.services.cache.ehcache.EHCacheServiceImpl. Continuing... java.rmi.MarshalException: error marshalling arguments; nested exception is: java.io.NotSerializableException: com.fakename.services.cache.ehcache.EHCacheServiceImpl at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:138) ...snip... Caused by: java.io.NotSerializableException: com.fakename.services.cache.ehcache.EHCacheServiceImpl at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1164) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1518) ...snip... What am I doing wrong? Full xml and/or log of error available if requested. *Brandon Darbro - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat JDBC pool - too many connections in TIME_WAIT state
On Wed, Nov 5, 2014 at 9:13 AM, Vasily Kukhta v.b.kuk...@gmail.com wrote: Hello all! I have developed an application using Tomcat JDBC pool. Everything is fine except that the pool leaves hundreds of TCP connections in TIME_WAIT state, I have to ask, but are you sure it's the pool? TCP connections in the TIME_WAIT state would indicate that a connection was closed. Given that the job of the pool is to keep the connections open and reuse them, it just seems a little odd. which kills the server sooner or later... Could you please suggest what to fix, my configuration is below: PoolProperties pp = new PoolProperties(); String connprops = oracle.net.CONNECT_TIMEOUT=3000;oracle.jdbc.ReadTimeout=3000;oracle.net.READ_TIMEOUT=3000; pp.setUsername(user); pp.setPassword(pass); pp.setConnectionProperties(connprops); pp.setDriverClassName(oracle.jdbc.OracleDriver); pp.setTestOnBorrow(true); pp.setTestOnConnect(true); pp.setTestWhileIdle(true); pp.setMaxWait(1000); pp.setMinEvictableIdleTimeMillis(1); pp.setTimeBetweenEvictionRunsMillis(5000); pp.setValidationInterval(1); pp.setValidationQuery(SELECT 1 FROM DUAL); pp.setRemoveAbandoned(true); pp.setRemoveAbandonedTimeout(5); pp.setJdbcInterceptors(org.apache.tomcat.jdbc.pool.interceptor.QueryTimeoutInterceptor(queryTimeout=3)); dataSource = new DataSource(); dataSource.setPoolProperties(pp); Nothing is jumping out at me as incorrect. Maybe try without the connection properties (i.e. the driver level timeouts)? Maybe try increasing the log level for org.apache.tomcat.jdbc.pool to FINEST or DEBUG. That might generate some additional logging to show why the connections are being closed. Also, check that your server is not timing out the connection, perhaps due to a server side limit. I've see this happen a lot. Although it seems unlikely, it's probably also worth checking that there's no firewall or network device that could be closing the connections. Dan Thank you in advance!
Re: SSL acceleration
On Tue, Nov 4, 2014 at 11:47 AM, Anthony Bonafide bonafideanth...@gmail.com wrote: Hello All, I am using a third party load balancer which accepts HTTPS connections, decrypts them and sends the unencrypted connection to Tomcat(SSL Acceleration). I am currently using tomcat 5 and I am in the process of upgrading to Tomcat 7. I am having an issue setting up Tomcat7 to accept the connections from my load balancer. In tomcat 5 I have the 2 connectors set up as so with everything working: Connector port=8080 maxHttpHeaderSize=8192 maxPostSize=512000 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector port=8081 maxHttpHeaderSize=8192 maxPostSize=512000 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8444 acceptCount=100 connectionTimeout=2 scheme=https proxyPort=443 disableUploadTimeout=true / The load balancer sends unencrypted HTTPS traffic to Tomcat via port 8081. This is setup is n place now with the current setup so the client does not have HTTPS changed to HTTP during a session, do to tomcat thinking the HTTPS connection is unencrypted and it should be changed to HTTP. There is no keystore or certs used by tomcat, all certs are placed on the load balancer. During setup of Tomcat 7 I copied the previous connector setup, resolving the following URLS I get the following responses respectively(I get the same results with my currenttly working Tomcat5 setup): https://localhost:8081/ - Secure connection fails http://localhost:8081/ - Apache Tomcat 7.0.56 page showing that everything works. My settings for tomcat 7 are: Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=8081 protocol=HTTP/1.1 maxThreads=150 SSLEnabled=false scheme=https secure=true clientAuth=false sslProtocol=TLS proxyPort=443/ I was wondering if there is a way to setup Tomcat 7 to accept the unencrypted request(SSL Acceleration) from the load balancer, process the request and send back a response without changing the scheme to HTTP? Also as expected my load balancer is not able to establish a connection with Tomcat7 over HTTPS port 8081. Any advice would be greatly appreciated. If your load balancer is terminating SSL and properly setting X-Forwarded-* headers you can probably get away with one connector for HTTP traffic and the RemoveIpValve. The valve will use the X-Forwarded-* headers to modify the request object so that your apps can see if the request came in over SSL. http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_IP_Valve Dan
Re: troubleshoot tomcat database connection
On Mon, Nov 3, 2014 at 1:58 PM, Mark Maciolek m...@sr.unh.edu wrote: hi, system is running Scientific Linux release 6.5 rpm installed tomcat6-servlet-2.5-api-6.0.24-78.el6_5.noarch tomcat6-javadoc-6.0.24-78.el6_5.noarch tomcat6-lib-6.0.24-78.el6_5.noarch tomcat-native-1.1.30-1.el6.x86_64 tomcat6-el-2.1-api-6.0.24-78.el6_5.noarch tomcat6-admin-webapps-6.0.24-78.el6_5.noarch apache-tomcat-apis-0.1-1.el6.noarch tomcat6-jsp-2.1-api-6.0.24-78.el6_5.noarch tomcat6-webapps-6.0.24-78.el6_5.noarch tomcat-servlet-3.0-api-7.0.33-4.el6.noarch tomcat6-6.0.24-78.el6_5.noarch tomcat6-docs-webapp-6.0.24-78.el6_5.noarch For what it's worth, 6.0.24 is pretty old. You should strongly consider upgrading to 6.0.41, or whatever is the latest at the time you go to upgrade. httpd-2.2.15-31.sl6.x86_64 tomcat starts and I can reach the page on the 8080 port Good! It never starts the connection host name connection from the server.xml Hmm, not sure what you mean here. Are you talking about virtual hosting with Tomcat? http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html I do a kill -3 on the tomcat pid and this is what the logs shows: INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory examples Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory sample Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory docs Nov 3, 2014 1:19:11 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Nov 3, 2014 1:19:11 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Nov 3, 2014 1:19:11 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/54 config=null Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 1307 ms 2014-11-03 13:19:37 Full thread dump OpenJDK 64-Bit Server VM (23.25-b01 mixed mode): TP-Monitor daemon prio=10 tid=0x7feca454d800 nid=0x729f in Object.wait() [0x7feca241] java.lang.Thread.State: TIMED_WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0xba74ea78 (a org.apache.tomcat.util. threads.ThreadPool$MonitorRunnable) at org.apache.tomcat.util.threads.ThreadPool$MonitorRunnable.run( ThreadPool.java:565) - locked 0xba74ea78 (a org.apache.tomcat.util. threads.ThreadPool$MonitorRunnable) at java.lang.Thread.run(Thread.java:701) TP-Processor4 daemon prio=10 tid=0x7feca452f000 nid=0x729e runnable [0x7feca2511000] java.lang.Thread.State: RUNNABLE at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.AbstractPlainSocketImpl.accept( AbstractPlainSocketImpl.java:375) at java.net.ServerSocket.implAccept(ServerSocket.java:478) at java.net.ServerSocket.accept(ServerSocket.java:446) at org.apache.jk.common.ChannelSocket.accept( ChannelSocket.java:307) at org.apache.jk.common.ChannelSocket.acceptConnections( ChannelSocket.java:661) at org.apache.jk.common.ChannelSocket$SocketAcceptor. runIt(ChannelSocket.java:872) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:690) at java.lang.Thread.run(Thread.java:701) TP-Processor3 daemon prio=10 tid=0x7feca452d000 nid=0x729d in Object.wait() [0x7feca2612000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0xba74e3a8 (a org.apache.tomcat.util. threads.ThreadPool$ControlRunnable) at java.lang.Object.wait(Object.java:502) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:662) - locked 0xba74e3a8 (a org.apache.tomcat.util. threads.ThreadPool$ControlRunnable) at java.lang.Thread.run(Thread.java:701) TP-Processor2 daemon prio=10 tid=0x7feca4532000 nid=0x729c in Object.wait() [0x7feca2713000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0xba74e010 (a org.apache.tomcat.util. threads.ThreadPool$ControlRunnable) at java.lang.Object.wait(Object.java:502) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
Re: troubleshoot tomcat database connection
On Mon, Nov 3, 2014 at 2:52 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 11/3/14 2:41 PM, Mark Maciolek wrote: On 11/3/2014 2:29 PM, Daniel Mikusa wrote: On Mon, Nov 3, 2014 at 1:58 PM, Mark Maciolek m...@sr.unh.edu wrote: hi, system is running Scientific Linux release 6.5 rpm installed tomcat6-servlet-2.5-api-6.0.24-78.el6_5.noarch tomcat6-javadoc-6.0.24-78.el6_5.noarch tomcat6-lib-6.0.24-78.el6_5.noarch tomcat-native-1.1.30-1.el6.x86_64 tomcat6-el-2.1-api-6.0.24-78.el6_5.noarch tomcat6-admin-webapps-6.0.24-78.el6_5.noarch apache-tomcat-apis-0.1-1.el6.noarch tomcat6-jsp-2.1-api-6.0.24-78.el6_5.noarch tomcat6-webapps-6.0.24-78.el6_5.noarch tomcat-servlet-3.0-api-7.0.33-4.el6.noarch tomcat6-6.0.24-78.el6_5.noarch tomcat6-docs-webapp-6.0.24-78.el6_5.noarch For what it's worth, 6.0.24 is pretty old. You should strongly consider upgrading to 6.0.41, or whatever is the latest at the time you go to upgrade. httpd-2.2.15-31.sl6.x86_64 tomcat starts and I can reach the page on the 8080 port Good! It never starts the connection host name connection from the server.xml Hmm, not sure what you mean here. Are you talking about virtual hosting with Tomcat? http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html not currently just this one site on the server serving jsp file. I do a kill -3 on the tomcat pid and this is what the logs shows: INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT Nov 3, 2014 1:19:10 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory examples Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory sample Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory docs Nov 3, 2014 1:19:11 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Nov 3, 2014 1:19:11 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Nov 3, 2014 1:19:11 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/54 config=null Nov 3, 2014 1:19:11 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 1307 ms 2014-11-03 13:19:37 Full thread dump OpenJDK 64-Bit Server VM (23.25-b01 mixed mode): TP-Monitor daemon prio=10 tid=0x7feca454d800 nid=0x729f in Object.wait() [0x7feca241] java.lang.Thread.State: TIMED_WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0xba74ea78 (a org.apache.tomcat.util. threads.ThreadPool$MonitorRunnable) at org.apache.tomcat.util.threads.ThreadPool$MonitorRunnable.run( ThreadPool.java:565) - locked 0xba74ea78 (a org.apache.tomcat.util. threads.ThreadPool$MonitorRunnable) at java.lang.Thread.run(Thread.java:701) TP-Processor4 daemon prio=10 tid=0x7feca452f000 nid=0x729e runnable [0x7feca2511000] java.lang.Thread.State: RUNNABLE at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.AbstractPlainSocketImpl.accept( AbstractPlainSocketImpl.java:375) at java.net.ServerSocket.implAccept(ServerSocket.java:478) at java.net.ServerSocket.accept(ServerSocket.java:446) at org.apache.jk.common.ChannelSocket.accept( ChannelSocket.java:307) at org.apache.jk.common.ChannelSocket.acceptConnections( ChannelSocket.java:661) at org.apache.jk.common.ChannelSocket$SocketAcceptor. runIt(ChannelSocket.java:872) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:690) at java.lang.Thread.run(Thread.java:701) TP-Processor3 daemon prio=10 tid=0x7feca452d000 nid=0x729d in Object.wait() [0x7feca2612000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0xba74e3a8 (a org.apache.tomcat.util. threads.ThreadPool$ControlRunnable) at java.lang.Object.wait(Object.java:502) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:662) - locked 0xba74e3a8 (a org.apache.tomcat.util. threads.ThreadPool$ControlRunnable) at java.lang.Thread.run(Thread.java:701) TP-Processor2 daemon prio=10 tid=0x7feca4532000 nid=0x729c in Object.wait() [0x7feca2713000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method
Re: Authentication Memcached + Tomcat
On Nov 1, 2014 10:31 AM, Nilson Uehara nilueh...@gmail.com wrote: Dan, I'm trying to implement Memcached with SASL authentication https://code.google.com/p/memcached/wiki/SASLHowto But I can not get Tomcat to connect to it Nilson Uehara Please don't top post. Reply inline or at the bottom. It is the convention we follow on this list. As far as your question, I'm struggling to see how this is related to Tomcat. You need to describe more about what you're doing or we're not going to be able to help. Try including relevant config, log output and error messages. Dan 2014-10-31 18:18 GMT-02:00 Daniel Mikusa dmik...@pivotal.io: On Fri, Oct 31, 2014 at 3:51 PM, Nilson Uehara nilueh...@gmail.com wrote: I'm testing Memcached to implement failover on my Tomcat servers. Is there any way of implementing security by user / password? Can you clarify this request? Are these two separate thoughts, or is memcached somehow related to the security question? If it's just security you're after, then see this section in the docs. http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html Dan
Re: Authentication Memcached + Tomcat
On Fri, Oct 31, 2014 at 3:51 PM, Nilson Uehara nilueh...@gmail.com wrote: I'm testing Memcached to implement failover on my Tomcat servers. Is there any way of implementing security by user / password? Can you clarify this request? Are these two separate thoughts, or is memcached somehow related to the security question? If it's just security you're after, then see this section in the docs. http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html Dan
Re: NameNotFoundException: Name [jdbc/weblogin01b] is not bound in this Context. Unable to find [jdbc]
On Wed, Oct 29, 2014 at 12:45 PM, vince.w...@thomsonreuters.com wrote: Hello I'm having difficulty getting a JDBC DataSource using Tomcat 8. I want to define the JDBC details in server.xml so the database identified depends on the server and not the application. It will be beneficial for me if the applications only need to know the JDBC name and not password details. Thus I'm using GlobalNamingResources in server.xml and ResourceLink in context.xml I'm obviously not getting it right because I get this exception: javax.naming.NameNotFoundException: Name [jdbc/weblogin01b] is not bound in this Context. Unable to find [jdbc]. Sometimes when you get a NameNotFoundException, it's because the pool encountered an error when it was being created. Hence it doesn't actually exists. A couple things you can do to troubleshoot. 1.) Set an initial size for your pool. This will force it to make at least one connection at startup which will generally cause it to fail fast, if there is a problem. You can then look in the logs to see the error. 2.) Connect with jconsole or jvisualvm and look at the mbeans for Tomcat. When the pool is actually there, you should see it in the mbeans. at org.apache.naming.NamingContext.lookup(NamingContext.java:818) at org.apache.naming.NamingContext.lookup(NamingContext.java:166) at org.apache.naming.factory.ResourceLinkFactory.getObjectInstance(ResourceLinkFactory.java:92) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321) at org.apache.naming.NamingContext.lookup(NamingContext.java:841) at org.apache.naming.NamingContext.lookup(NamingContext.java:152) at org.apache.naming.NamingContext.lookup(NamingContext.java:829) at org.apache.naming.NamingContext.lookup(NamingContext.java:166) In CATALINA_BASE/conf/server.xml I have included a variety of slightly different resources all aiming to get to the same database schema hopefully one of them will be right: GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / Resource name=jdbc/weblogin01 username=weblogin01 password=x auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.pool.OracleDataSource This looks suspect. I'm pretty sure you want the JDBC driver name. description=Global Address Database url=jdbc:oracle:thin:@10.15.120.29:1522:DGSPC You could add initialSize here, try 1. maxActive=15 maxIdle=3 / Resource name=jdbc/weblogin01b user=weblogin01 password=x auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver factory=oracle.jdbc.pool.OracleDataSourceFactory You're using a different factory (specifically Oracle's implementation), so the configuration attributes are going to be different. Not sure how to set initial size with this implementation. url=jdbc:oracle:thin:@10.15.120.29:1522:DGSPC maxActive=20 maxIdle=3 maxWait=-1 / Resource name=jdbc/weblogin01c user=weblogin01 password=x auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@10.15.120.29:1522:DGSPC maxActive=20 maxIdle=3 maxWait=-1 / This looks the most right. I'd also try adding initialSize of 1. /GlobalNamingResources In META-INF/context.xml I have a ResourceLink to each resource Context path=/testDbAccess ResourceLink name=jdbc/weblogin01 global=jdbc/weblogin01 type=javax.sql.DataSource/ ResourceLink name=jdbc/weblogin01b global=jdbc/weblogin01b type=javax.sql.DataSource/ ResourceLink name=jdbc/weblogin01c global=jdbc/weblogin01c type=javax.sql.DataSource/ These look OK. /Context In web.xml I made no changes related to JDBC on the understanding that the ResourceLink elements will be sufficient. In Java code I try to get a DataSource as follows: String dbUser = weblogin01b; try { Context initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); // Get data source ds = (DataSource) envCtx.lookup(jdbc/ + dbUser); if (ds == null) { logger.log(Level.WARNING,Null datasource for + dbUser); } } I get similar exceptions for each of the names: jdbc/weblogin01 jdbc/weblogin01b jdbc/weblogin01c Didn't test this, but it looks OK. Dan After years using GlassFish, I'm
Re: How can Tomcat be started at boot time as a non-root user
On Tue, Oct 14, 2014 at 7:06 AM, Léa Massiot lmhe...@orange.fr wrote: Hello and thank you for reading my post. My question is about how can Tomcat be started at boot time as a non-root user. The OS is Debian Wheezy. Below is what I did already: root chown -R tomcat7.tomcat7 /opt/tomcat7/ I created a new file: /etc/init.d/tomcat7 Owner and owner group: root Permissions: 755 --- #! /bin/sh export JAVA_HOME=/opt/jdk1.7.0_67/ case $1 in start) /bin/bash /opt/tomcat7/bin/startup.sh ;; stop) /bin/bash /opt/tomcat7/bin/shutdown.sh ;; restart) /bin/bash /opt/tomcat7/bin/shutdown.sh /bin/bash /opt/tomcat7/bin/startup.sh ;; esac exit 0 --- I ran: root update-rc.d tomcat7 defaults Added to /etc/rc0.d/: K01tomcat7 Added to /etc/rc1.d/: K01tomcat7 Added to /etc/rc2.d/: S17tomcat7 Added to /etc/rc3.d/: S17tomcat7 Added to /etc/rc4.d/: S17tomcat7 Added to /etc/rc5.d/: S17tomcat7 Added to /etc/rc6.d/: K01tomcat7 At boot time, tomcat is started as root. How can it be started as tomcat7? What about this? http://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon Dan Best regards. -- View this message in context: http://tomcat.10.x6.nabble.com/How-can-Tomcat-be-started-at-boot-time-as-a-non-root-user-tp5023810.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Custom Realm
On Sun, Oct 12, 2014 at 8:26 AM, Service Symphony mee...@servicesymphony.com wrote: I have got it working, since the server is not started yet, none of the underlying infrastructure is available in the realm class constructor. Sent from my iPhone On 11 Oct 2014, at 22:37, Meeraj Kunnumpurath mee...@servicesymphony.com wrote: Hi, I have some specific requirements for security and I have been trying to right a custom realm, that reads information from the database. 1. I have added a datasource in the global naming resources section in the server.xml 2. I have packaged the realm class in a JAR file and copied it the server lib 3. I have included a context.xml in the WAR META-INF, that declares the realm from (2) In the constructor of the realm class, I try to look up the datasource, 1. If I use new InitialContext().lookup, I get a name not found exception. 2. If I try to get the global naming context, by calling getServer from RealBase, getServer returns a null reference. This is the entry in server.xml Resource name=MyDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver factory=org.apache.tomcat.jdbc.pool.DataSourceFactory url=jdbc:oracle:thin:@10.211.55.7:1521:xe username=meeraj password=password maxTotal=20 maxIdle=10 maxWaitMillis=-1 accessToUnderlyingConnectionAllowed=true/ This is the entry in the context.xml Realm className=com.ss.security.provider.DatabaseRealm digest=SHA1/ This is the constructor of the Realm class public DatabaseRealm() throws NamingException { Context context = null; try { context = new InitialContext(); template = new SimpleJdbcTemplate((DataSource) context.lookup(MyDS)); } finally { if (context != null) context.close(); } } Any pointers will be highly appreciated. Many thanks -- Meeraj Kunnumpurath Director and Executive Principal Service Symphony Ltd 00 44 7702 693597 mee...@servicesymphony.com For what it's worth, DataSourceRealm sounds very similar to this. Might serve as a good example. http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?view=markup Dan
Re: Tomcat JDBC pool - auto reconnect
On Fri, Oct 10, 2014 at 9:51 AM, Vasily Kukhta v.b.kuk...@gmail.com wrote: Hi friends, I have a question regarding the ability of Tomcat JDBC pool to reconnect automatically to a database in case of temporarily network failures. I'm developing a high-load application which uses Oracle 11g database. It may happen that the DB can become unavailable for several minutes - it is located in another geographic region, so network failures can happen sometimes and the DB becomes unresponsive. Can the Tomcat JDBC pool automatically reconnect to the DB when it becomes online again? In a manner of speaking. You can configure the pool to test connections, remove bad ones and try to replace them with new, good connections. See validationQuery, testWhileIdle and testOn* here. http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes The trick is that the pool doesn't know when your DB comes back online, so you might get exceptions while the DB is offline (especially if it's down for a long time). It will start talking again once the DB comes back online though. Is this done by default or it should be configured somehow? No. You need to set a validation query and set at least one of the test* attributes to true. Dan Thank you in advance! Best regards, Vasily Kukhta.
Re: Quite a few TCP connection established on start of Tomcat
On Fri, Oct 10, 2014 at 12:33 PM, Gangadhar Tumkur rajmc...@gmail.com wrote: Hello, We have moved to Tomcat 7.0.51 from JBoss 4x as the application server for our product using Java 8.0.20. After starting Tomcat application server and when we run netstat -a -b we see that there are quite a few TCP connections established related to Tomcat as you see below. [image: Inline image 1] I can't see the picture. It looks like the list may have stripped it. Can you just copy and paste the text? Dan Does anyone have an answer as to why so many connections opened? Thanks for taking time to answer. Raj
Re: Maven Tomcat 6/7/8 plugin
On Sun, Oct 5, 2014 at 2:00 PM, Matthias Hryniszak pad...@gmail.com wrote: It seems I might have expressed myself purely. Let me rephrase: I'm looking for RemoteIpValve support in maven-tomcat7-plugin. Perhaps you could use RemoteIPFilter instead? You can configure that through web.xml. http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_IP_Filter Dan I know the valve itself exists since long before version 7 and I am already using it in production. What I'm on to here is running Maven-managed web applications in development and as far as I can see it's been added ~2 weeks after the release of 2.2 version of that plugin Alternatively if you know of a way to persuade Apache CXF to present the endpoint URL using HTTPS scheme when running mvn tomcat7:run. CXF does it automatically if the RemoteIpValve is installed and proper header exists (as in the isSecure() method returns true). Otherwise it does just HTTP and that in turn makes my local HAProxy do a 302 to HTTPS which ends up in an infinite loop and that's not exactly the result I was hoping for... Cheers, Matthias 2014-10-05 19:31 GMT+02:00 Konstantin Kolinko knst.koli...@gmail.com: 2014-10-05 18:01 GMT+04:00 Matthias Hryniszak pad...@gmail.com: Hi all, I'm new to this list so let me briefly introduce myself. My name is Matthias and I live in Poland. I'm a software architect for Lumesse, an British software development company. The core of our development is talent acquisition and talent management software. The part I'm working with is e-learning solutions. Now that you all know me let me ask you a question: are there any plans on releasing a new version of the maven-tomcat7-plugin and/or an upgrade to maven-tomcat8-plugin? We're falling short a bit on the lack of remote IP valve in the current release RemoteIpValve does exist in Tomcat 7 http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_IP_Valve and I was wondering if that's going to be released any time soon. Please note the last release (2.2) was November 2013 and there's been lots of changes so it'd be great to have them stabilized and released - not to mention the upgrade over embedded Tomcat version. It is being developed on a branch, http://svn.apache.org/viewvc/tomcat/maven-plugin/branches/tc8.x/ See archives of tomcat dev mailing list for discussions. Thus far, integration tests are failing, http://markmail.org/message/xc5r6yycrvmjh2vx Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Open quote is expected for attribute {1} associated with an element type username
On Thu, Oct 2, 2014 at 2:16 PM, Gibran Castillo gibran.e.casti...@gmail.com wrote: I installed Tomcat 8.0.12 in my MacBook OS X 10.9.5 here /Library/Tomcat/Home. Home is a symbolic link that will always point to the current version Tomcat directory, in this case /Library/Tomcat/apache-tomcat-8.0.12 In the /Library/Tomcat/Home/conf/tomcat-users.xml file I added the following: role rolename=manager-gui/ user username=“admin” password=password” roles=manager-gui”/ Did you copy and paste this from somewhere? If so, try deleting it and manually typing, especially the quote characters. Dan When I start tomcat with the out of the box setup everything looks good except that is throwing an exception regarding user *username=“admin”* password=adminpw” roles=manager-gui”/, see below... I am not sure what is going on, this is suppose to work out of the box Using CATALINA_BASE: /Library/Tomcat/Home Using CATALINA_HOME: /Library/Tomcat/Home Using CATALINA_TMPDIR: /Library/Tomcat/Home/temp Using JRE_HOME: /Library/Java/JavaVirtualMachines/jdk1.7.0_60.jdk/Contents/Home Using CLASSPATH: /Library/Tomcat/Home/bin/bootstrap.jar:/Library/Tomcat/Home/bin/tomcat-juli.jar .../Home/logs/catalina.2014-10-02.log 02-Oct-2014 12:19:44.120 INFO [main] org.apache.catalina.core.AprLifecycleListener.init The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /Users/gibranecastillo/Library/Java/Extensions:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java:. 02-Oct-2014 12:19:44.551 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler [http-nio-8080] 02-Oct-2014 12:19:44.670 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read 02-Oct-2014 12:19:44.676 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler [ajp-nio-8009] 02-Oct-2014 12:19:44.683 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read 02-Oct-2014 12:19:44.684 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1236 ms *02-Oct-2014 12:19:44.726 SEVERE [main] org.apache.tomcat.util.digester.Digester.fatalError Parse Fatal Error at line 37 column 18: Open quote is expected for attribute {1} associated with an element type username.* * org.xml.sax.SAXParseException; lineNumber: 37; columnNumber: 18; Open quote is expected for attribute {1} associated with an element type username.* at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:441) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1436) at com.sun.org.apache.xerces.internal.impl.XMLScanner.scanAttributeValue(XMLScanner.java:829) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(XMLDocumentFragmentScannerImpl.java:1546) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1318) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2770) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:648) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1476) at org.apache.catalina.users.MemoryUserDatabase.open(MemoryUserDatabase.java:430) at org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:102) at org.apache.naming.factory.FactoryBase.getObjectInstance(FactoryBase.java:94)
Re: Session lost in Tomcat 5.5.36
On Tue, Sep 30, 2014 at 6:56 AM, Diego Ruotolo druot...@noemalife.com wrote: Hi everybody, Working on my company webapp I notice the following problem: sometimes the jsession cookie is lost, and therefore my whole http session is lost. The context is: - Tomcat v. 5.5.36 - JDK 1.5.0 Both of these pieces of software are very old and no longer supported. There are very likely bugs and security issues in them which will never get fixed. You should consider upgrading ASAP. As a bonus, upgrading may solve the problem you're having. http://tomcat.apache.org/tomcat-55-eol.html Dan - O.S. Windows - Client: Internet Explorer 8 Here is my use case: - I made a POST request to a servlet of my webapp - While processing this request, I create a new http session - Processing of the request will process a velocity template as last step - This velocity template contains 3 calls to 3 different servlets of my webapp, these 3 calls are made through an HTTP GET - While processing one of these 3 requests, Tomcat does not append jsessionid parameter to the requested URL: I have debugged Tomcat classes therefore I am sure of this This problem does not occur always, but just sometimes. While debugging Tomcat classes, I noticed that Tomcat starts 3 threads to manage the 3 GET requests of the velocity template, so maybe it is a concurrency problem. Finally, I noticed that this problem does not happen if I set the Windows registry key HKCU\Software\Microsoft\Internet Explorer\Main – TabProcGrowth to 0 or 1, which forces Internet Explorer to use one process for all tabs, not one process for single tab (which is the default). Do I miss some configuration settings? Do I have to set some particular parameter / cookie in the first response (or in the velocity template) ? If you need more details please tell me. Thanks in advice, Kind regards Diego
Re: Tomcat returns Jsp source code as text/plain to the browser
On Tue, Sep 30, 2014 at 9:04 AM, Gadi Sastiel gadi.sast...@gmail.com wrote: Hi , we are behind Apache. , we have HTTP and AJP connectors. Java 1.7.17 it was reproduced on Latest chrome and firefox I've seen similar issues when Apache HTTPD is not configured correctly. How are you proxying requests to your Tomcat server? mod_proxy? mod_jk? Can you include relevant configuration? I can see the request on the tomcat access log. Can you include the log entries from both HTTPD Tomcat? Dan On Tue, Sep 30, 2014 at 2:59 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-09-30 15:30 GMT+04:00 Gadi Sastiel gadi.sast...@gmail.com: Hi all, Tomcat version 7.0.30 Operating System – Windows server 2008 and above. When I concatenate “ ( quotes) to the end of the url when accessing a jsp for example: /pages/somePage.jsp” The browser returns the source code of the JSP. Does anyone see such a behavior before ? I cannot reproduce this with the currently being tested 7.0.56 (release candidate), nor with the current Tomcat 6 and Tomcat 8. Is your Tomcat directly accessible via HTTP port, or it is behind another HTTP server (IIS, Apache HTTPD)? What Connector is used to access it (Bio/Nio/Apr, HTTP or AJP protocol)? What web browser are you using? What version of Java is used to run it? How can I filter it out ? That depends on the root cause. Is the source code displayed by Tomcat or by other web server? Is this request mentioned in Tomcat access log file? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat returns Jsp source code as text/plain to the browser
On Tue, Sep 30, 2014 at 10:32 AM, Gadi Sastiel gadi.sast...@gmail.com wrote: I have in httpd.conf: LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so # Configure mod_proxy_html to understand HTML4/XHTML1 IfModule proxy_html_module Include conf/extra/proxy-html.conf /IfModule LoadModule jk_module modules/mod_jk.so Looks like you're loading both mod_proxy mod_jk. Which one are you using? There should be more to this config. Possibly some ProxyPass statements or a JkMount? Dan Gadi On Tue, Sep 30, 2014 at 4:38 PM, Daniel Mikusa dmik...@pivotal.io wrote: On Tue, Sep 30, 2014 at 9:04 AM, Gadi Sastiel gadi.sast...@gmail.com wrote: Hi , we are behind Apache. , we have HTTP and AJP connectors. Java 1.7.17 it was reproduced on Latest chrome and firefox I've seen similar issues when Apache HTTPD is not configured correctly. How are you proxying requests to your Tomcat server? mod_proxy? mod_jk? Can you include relevant configuration? I can see the request on the tomcat access log. Can you include the log entries from both HTTPD Tomcat? Dan On Tue, Sep 30, 2014 at 2:59 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-09-30 15:30 GMT+04:00 Gadi Sastiel gadi.sast...@gmail.com: Hi all, Tomcat version 7.0.30 Operating System – Windows server 2008 and above. When I concatenate “ ( quotes) to the end of the url when accessing a jsp for example: /pages/somePage.jsp” The browser returns the source code of the JSP. Does anyone see such a behavior before ? I cannot reproduce this with the currently being tested 7.0.56 (release candidate), nor with the current Tomcat 6 and Tomcat 8. Is your Tomcat directly accessible via HTTP port, or it is behind another HTTP server (IIS, Apache HTTPD)? What Connector is used to access it (Bio/Nio/Apr, HTTP or AJP protocol)? What web browser are you using? What version of Java is used to run it? How can I filter it out ? That depends on the root cause. Is the source code displayed by Tomcat or by other web server? Is this request mentioned in Tomcat access log file? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat xml files in conf/Catalina/localhost
On Fri, Sep 19, 2014 at 12:28 PM, Miguel Pereira miguelaperei...@gmail.com wrote: Hey all, I was wondering where I could get some more information about these xml files. On one system they are created every time I deploy a web application and on another they are not.. I would prefer that tomcat does not create them. Anyone want to point me in the right direction? Some explanation of these files can be found here. http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Introduction http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context See also the copyXML attribute further down on that page. That could be why you're seeing these files show up. Dan Thank you, Miguel
Re: Tomcat xml files in conf/Catalina/localhost
On Fri, Sep 19, 2014 at 1:32 PM, Miguel Pereira miguelaperei...@gmail.com wrote: Thank you very much Dan, I looked at the links and noticed I am running tomcat 7 locally and 6 on our DEV environment. I also noticed that copyXML is present in the documentation for tomcat 7 and defaults to false. Finally In an individual file at /META-INF/context.xml inside the application files. In Tomcat 6 this file is *automatically* copied to $CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to application's base file name plus a .xml extension. (This automated copying became *optional* in Tomcat 7). Would you happen to know if it is possible to achive the same in tomcat 6? ( We will not be upgrading for a while ) I think the obvious solution would be to remove META-INF/context.xml from your WAR file and put any config there into another context configuration location, assuming that is an option for you. What is your rationale for not wanting it copied? i.e. what is the problem that copying it causes? Maybe there is another way to resolve that problem. Dan Miguel On Fri, Sep 19, 2014 at 12:41 PM, Daniel Mikusa dmik...@pivotal.io wrote: On Fri, Sep 19, 2014 at 12:28 PM, Miguel Pereira miguelaperei...@gmail.com wrote: Hey all, I was wondering where I could get some more information about these xml files. On one system they are created every time I deploy a web application and on another they are not.. I would prefer that tomcat does not create them. Anyone want to point me in the right direction? Some explanation of these files can be found here. http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Introduction http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context See also the copyXML attribute further down on that page. That could be why you're seeing these files show up. Dan Thank you, Miguel
Re: Tomcat xml files in conf/Catalina/localhost
On Fri, Sep 19, 2014 at 3:33 PM, Miguel Pereira miguelaperei...@gmail.com wrote: Ahhh, thanks Dan, Unfortunately these are 3rd party apps what we receive as a WAR. I am not sure that unzipping them and rezipping them is ideal nor maintainable. The main reason is that the context fragments remain after the apps are undeployed which throw non fatal errors on subsequent tomcat restarts. This is primarly a problem during development when testing new applications. I feel that the way we are undeploying applications is at the heart issue. The documentation Deleting a WAR file will trigger an undeploy of the application with the *removal* of any associated expanded directory, *context file* and work directory. Any current user sessions will not be persisted. Seems to make it clear the the context file is removed but I am experiencing that is not the case or the third party tool we are using is not properly undeploying the application. What version of Tomcat 6 are you using? If it's not the latest one, it would be worth trying the latest version to see if that clears up this trouble. Might also be worth trying a different method of undeploying the application, like the manager or JMX, to see if that removes the context file. Dan I'll be doing some more digging, Miguel On Fri, Sep 19, 2014 at 2:45 PM, Daniel Mikusa dmik...@pivotal.io wrote: On Fri, Sep 19, 2014 at 1:32 PM, Miguel Pereira miguelaperei...@gmail.com wrote: Thank you very much Dan, I looked at the links and noticed I am running tomcat 7 locally and 6 on our DEV environment. I also noticed that copyXML is present in the documentation for tomcat 7 and defaults to false. Finally In an individual file at /META-INF/context.xml inside the application files. In Tomcat 6 this file is *automatically* copied to $CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to application's base file name plus a .xml extension. (This automated copying became *optional* in Tomcat 7). Would you happen to know if it is possible to achive the same in tomcat 6? ( We will not be upgrading for a while ) I think the obvious solution would be to remove META-INF/context.xml from your WAR file and put any config there into another context configuration location, assuming that is an option for you. What is your rationale for not wanting it copied? i.e. what is the problem that copying it causes? Maybe there is another way to resolve that problem. Dan Miguel On Fri, Sep 19, 2014 at 12:41 PM, Daniel Mikusa dmik...@pivotal.io wrote: On Fri, Sep 19, 2014 at 12:28 PM, Miguel Pereira miguelaperei...@gmail.com wrote: Hey all, I was wondering where I could get some more information about these xml files. On one system they are created every time I deploy a web application and on another they are not.. I would prefer that tomcat does not create them. Anyone want to point me in the right direction? Some explanation of these files can be found here. http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Introduction http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context See also the copyXML attribute further down on that page. That could be why you're seeing these files show up. Dan Thank you, Miguel
Re: Possibly Losing Session when Clustered
On Mon, Sep 15, 2014 at 10:46 AM, Peter Kirby lpki...@harding.edu wrote: I'm running CentOS 7 and I've tried this on Tomcat 7.0.55 and 8.0.12, both with the same results. This also works perfectly fine in a production environment with 7.0.55. I'm running CAS and without clustering Tomcat, the login page works perfectly. When I attempt to cluster Tomcat, I have to hit the login page twice. The first time I log in, it simply clears the fields and goes back to the login page. The second time I log in it works. I'm posting to this list because I'm pretty sure it's something I'm missing with Tomcat config, not CAS the application as it works just fine in production. I have tried this with a fully configured cluster section in server.xml and with just uncommenting the default cluster tag. It happens either way. If I don't have a cluster section at all in server.xml, CAS works as it should. The logs aren't showing any errors or anything that seems useful to this problem. I have run out of things to try and it works fine on 3 out of 4 of the Tomcat servers. I have gone so far as to completely wipe out this one server and build it back from scratch. Never-the-less, the problem remains. I've run out of things to try and would appreciate any suggestions anyone may have. Thanks, Peter -- Peter Kirby System and Database Administrator @ Harding University Peter, Have you tried deploying a simple test application to confirm that clustering is working properly? If you deploy an app that has something like a simple session based counter in it, you can use that to confirm that each node in the cluster is setup correctly and that session data is being replicated. Dan
Re: Possibly Losing Session when Clustered
On Mon, Sep 15, 2014 at 3:38 PM, Peter Kirby lpki...@harding.edu wrote: On Mon, Sep 15, 2014 at 2:01 PM, Peter Kirby lpki...@harding.edu wrote: On Mon, Sep 15, 2014 at 10:26 AM, Daniel Mikusa dmik...@pivotal.io wrote: Have you tried deploying a simple test application to confirm that clustering is working properly? I just setup a small session counter and it appears to not be shared across the different servers correctly. Thanks for the suggestion. I'll keep working on that and reply again if, after fixing session info, I still have the same problem. Well, if I had known it would be that fast of a fix, I would not have replied to the email. I had accidentally left one server on Tomcat 8.0.12 and the other on Tomcat 7.0.55. After they were both on the same version, the session information is shared perfectly, which is what I expected. However, the original problem remains. I discovered I don't even have to submit the page to fix the broken session. I can go to the web page and after it loads hit refresh. That takes care of the first page that just resets. After the refresh button I can log in as normal. If I do actually submit the first time, the jessionid variable shows up in the URL when the page comes up the second time in case that's helpful. Thanks for your time. It might be helpful to look at the access logs on your Tomcat instances and also whatever is in front of them. This might start to give an account of what happens after the request leaves your browser. Also might be helpful to increase the log level for clustering. I think the following should be helpful. org.apache.catalina.ha.level = FINEST org.apache.catalina.tribes.level = CONFIG Note, you'll probably also have to set the log level of your handler to FINEST, otherwise that'll filter out these messages. 1catalina.org.apache.juli.FileHandler.level = FINEST or set .level for whatever handler the messages are being sent to. Dan
Re: Stop writing System.our and System.err in catalina.out
On Tue, Sep 9, 2014 at 5:12 AM, André Warnier a...@ice-sa.com wrote: Vijay Kumar wrote: Hi, I have deployed one web application in Tomcat which uses JULI logger internally for application level logging. I can change the Mode to OFF while going to production. But there are few System.out.println statements along with e.printStackTrace which are writing in catalina.out file. This is causing to shutdown Tomcat when catalina.out file grows huge. Can any one suggest me how to stop writing these statement in catalina.out file. Search the list archives ? See swallowOutput. http://tomcat.apache.org/tomcat-7.0-doc/config/context.html Dan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: PKCS 12 issues in apache tomcat
On Mon, Sep 8, 2014 at 9:57 PM, Siva K Chittamuru cskal...@gmail.com wrote: Hello, I am using Apache tomcat version 7 Which version specifically? and trying to configure SSL. Here is what I did so far. 1. Generated CSR using OpenSSL and purchased certificate from geotrust. 2. Imported the cert from Geotrust to the PEM keystore. 3. Converted keystore to PKCS 12. 4. Configured SSL connector in server.xml and pointed the keystore to PKCS 12 I have created. Which connector? BIO, NIO, APR? A configuration snippet, minus sensitive information would be helpful. Issue: There is another application that provides SSL certificate which I need to add to signers section of tomcat PKCS 12 file. I need some help with adding the cert to signers section. I tried adding the cert using IBM iKeyman, it appears that tomcat does not like the PKCS12 file modified using iKeyman. Any suggestions or help is appreciated. Not familiar with that tool, but I would suggest trying to use either Java's keytool or OpenSSL to verify that the PKCS12 file is still valid. Depending on the connector you've configured, Tomcat will either use the JVM or OpenSSL to access the key store. Making sure that your key store can read them using standard tools is a good troubleshooting step. Ex: keytool -list -keystore {path to keystore.pfx} -storetype PKCS12 -v Dan
Re: web.xml authentication and Tomcat Realm
On Thu, Sep 4, 2014 at 8:02 PM, Dalecki, Janusz jdale...@tycoint.com wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, 5 September 2014 12:03 AM To: Tomcat Users List Subject: Re: web.xml authentication and Tomcat Realm -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Janusz, On 9/4/14 2:30 AM, Dalecki, Janusz wrote: -Original Message- From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] Sent: Thursday, 4 September 2014 3:29 PM To: Tomcat Users List Subject: Re: web.xml authentication and Tomcat Realm On 4. September 2014 05:35:42 MESZ, Dalecki, Janusz jdale...@tycoint.com wrote: Hi, I am just wondering whether somehow I can use web.xml login-config/ to point to the Tomcat JDBC Realm that I am using. Are those two completely disjoint or I can link them together. They are disjoint. web.xml is for the developer who has (almost) no knowledge of the context (environment) in which his application will run. context.xml (or equivalents) is the tool for the administrator to provide that knowledge to the application. It might be silly question, but if I use web.xml login-config element – where do I specify password? I am probably missing something. The Realm takes care of the credentials. For a DataSourceRealm of JDBCRealm, the usernames and passwords are stored in a relational database. For other Realms, the credentials are stored in other places. For instance, if you use a MemoryRealm, the passwords are typically stored in an XML file in CATALINA_BASE/conf/tomcat-users.xml. Using a MemoryRealm isn't really a good idea for a production system for a number of reasons. (Note that using JDBCRealm will give you terrible performance: use a DataSourceRealm instead with a JNDI DataSource.) You really need to read this: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUCHEbAAoJEBzwKT+lPKRYlbsP/jPqVIkl3MhZJdmswWD5AL5y proOErqB/ytVoT2TvvwSb4oXUe0NI/BqmbCCXW7oaExljcw7Dqvtbt+PH0oW5uAu G8BXAq2IhJrfrufz1pDZzxx/zWqlQZ1xTVwlKkdYHknx/0jv4IfwUsMZNwz9OeOa uAJAckflhSPY/qI3/pD9HNoFpZoUS/UEpbmxIeSrjf7jsTJdWI+64xuFXsv6d/1D /NbYpaf+AznqpSuKogjNy/HTb6B1cl8NESJyB+umwxSn7H0bO07GX+CRAzpFpQxt Li48qkFrMMZBvTGtQEZmMw+wyOQ28gQ9lLQFs1h2QAuFCGouoW59jY96NJzSuuu1 cSFGlUNcG4m9oW0zCNlpB0/YD0IODY13QVPPSqVFJhApg6m9uG4os/jb/aMNQ8xo 6Hv6ri2xYGOCC6f/lhaOR7nSdeFEUSin+XHkF1y6xCBNmBSaZMjDbTt2xga134Fl dis1i3zEd7W+EZjiY/jerpRWMGuE9oR1g+PbYbVSnU/Ts+sjqvZflJmtgE+MdJ8a AHPcX0x+8PfPlYBs6yzm0nAHxxqiQdijzzBCwi8KZr7UQPWCtUaHIjmaljUJ+eST 9U3Ue/ePrdyiJm18p7TmfeKI+aDR8g09oadbb9fOKCUz3DyLRH7Qo9uLmBCzZOIt 3LJeFneb/hJ25+opQa7X =fCiU -END PGP SIGNATURE- Hi, Sorry I need to explain my problem more clearly. I have put JDBCRealm configuration with all details in the META-INF folder: Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.postgresql.Driver connectionURL=jdbc:postgresql://localhost:5432/df_Scheduler?user=postgresamp;password=admin userTable=users userNameCol=userName userCredCol=password userRoleTable=user_roles roleNameCol=roleName/ In my web.xml I have login-config element and security constraint as follows: security-constraint web-resource-collection web-resource-nameAdmin/web-resource-name url-pattern/auth/*/url-pattern /web-resource-collection auth-constraint role-nameSYSADMIN/role-name /auth-constraint /security-constraint security-role role-nameSYSADMIN/role-name /security-role login-config auth-methodBASIC/auth-method !--realm-nameAdmin/realm-name-- /login-config I have defined users and passwords as explained in the TOMCAT Realm Configuration – HOW TO. When I ask for a page */auth/* the user/password dialog box pops up and no matter what I type in in user name field and password field and pops up again for ever. What am I doing wrong? 1.) Do you have users defined in the database? Do you have the proper roles assigned to those users? 2.) Do you see any errors listed in the log? Either at startup or when you attempt to login? 3.) For more info, you could try increasing the log level for the org. apache.catalina.realm package. Dan
Re: How a script can determine latest version of Tomcat
On Thu, Sep 4, 2014 at 1:48 PM, David P. Caldwell da...@code.davidpcaldwell.com wrote: I have a small program that downloads and installs an arbitrary version of Tomcat, using the API provided by Apache to select the proper mirror, and so forth. The script currently takes the Tomcat version as an argument. My script provides a default (which in my case is the latest version of Tomcat 7), but I have to manually update that default whenever I notice a new version has been released. What would be the best way for the script itself to determine the latest available version? Obviously I would give points for easy and points for robust, knowing that those two things might be in conflict. I can think of many horrifying ways to do it: * loop through integers starting with the last known version, attempting to download 7.0.x, until getting a 404 * scraping and parsing the HTML at http://archive.apache.org/dist/tomcat/tomcat-7/, which I expect is rather stable I did this recently for Tomcat 8. Here's the command I used, which works on my Mac. LATEST_VERSION=$(curl -s http://tomcat.apache.org/download-80.cgi | grep h3 id=\8.0. | xpath '/h3/text()' 2/dev/null) A slight variation works on Ubuntu if you install xpath. LATEST_VERSION=$(curl -s http://tomcat.apache.org/download-80.cgi | grep h3 id=\8.0. | xpath -e '/h3/text()' 2/dev/null) I'm sure there are other ways to do it, this was just the first one I put together that worked for me. Dan So my challenge isn't coming up with *a* way to do it, but coming up with the best way. Suggestions? -- David P. Caldwell http://www.davidpcaldwell.com/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configured JDBCRealm
On Tue, Sep 2, 2014 at 9:59 PM, Dalecki, Janusz jdale...@tycoint.com wrote: -Original Message- From: Daniel Mikusa [mailto:dmik...@pivotal.io] Sent: Tuesday, 2 September 2014 10:04 PM To: Tomcat Users List Subject: Re: Configured JDBCRealm On Tue, Sep 2, 2014 at 7:00 AM, Dalecki, Janusz jdale...@tycoint.com wrote: Hi, I have configured JDBCRealm Tomcat with the following: Context Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.postgresql.Driver connectionURL=jdbc:postgresql://localhost:5432/df_Scheduler?user=postgresamp;password=admin userTable=users userNameCol=userName userCredCol=password userRoleTable=user_roles roleNameCol=roleName/ /Context I have a few questions: 1) How can I get hold of this realm object within my Java app? 2) Even if I get the instance of the JDBCRealm - how do I get the list of all roles available? What's the purpose of doing this? This is just me, but if I wanted to get a list of my users or roles, I would use JDBC and pull them from the database. Then I don't have to tie my application to Tomcat's internal classes. Dan Hi, Thanks for the reply. So what is the purpose of Tomcat’s Realms - I thought that was exactly the reason why they are there – so I don’t have to pull the users from the database. Almost. They're there so that Tomcat can pull users from the database (or from where ever the realm gets its data). I say Tomcat because they're internal components to Tomcat (see the org.apache.tomcat package name) and so an application developer would not generally interact with them directly. The typical course for an application developer would be to declare his or her security requirements in the application and simply let Tomcat will enforce them. This keeps your app portable, since the application only uses the Servlet spec. Not sure what you're goal is here, since you declined to answer but if you need more access to the user data, like if you wanted to create a user and role administration page, you'd need to write your own data access code. Also is there any way of getting hold of the instance of JDBCRealm I have configured? I don't believe it's possible using the Servlet apis. Dan
Re: UTF-8 encoded request URI
On Wed, Sep 3, 2014 at 7:45 AM, Lulseged Zerfu zlulse...@hotmail.com wrote: Hi I am getting bad request from tomcat when I send UTF-8 encoded request to my application. Can you give an example of the request? Are the non-ascii characters in the URL or in the payload of your request (or both)? I have configured connector in my server.xml with URIEncoding=”UTF-8”. Not necessary with Tomcat 8. The default for URIEncoding is UTF-8. Unless you have set the system property org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true. That will override the URIEncoding and set it to ISO-8859-1. I have set charset in the request to UTF-8. How can I solve 400 Bad request? How can I tell tomcat to decode request URI instead of responding with 400 Bad request? You seem certain that the 400 error is due to the encoding. Perhaps it's something else? What have you done to troubleshoot this? Have you tried stepping through things with a debugger? Dan I will appreciate any help. I am using tomcat 8.0.11 on windows 8 x64. I have also tried with tomcat 7.0.55. BRLulseged
Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55
On Wed, Sep 3, 2014 at 11:36 AM, Robert Anderson ranom...@gmail.com wrote: Hi, In a privileged context, a have the following jsp to test a global jndi resource: %@ page session=false import=java.util.*,java.sql.*,javax.naming.*, javax.sql.*,org.apache.commons.dbcp.* contentType=text/html % %! protected void doLookup(JspWriter out) throws ServletException, IOException { Context ctx; try { ctx = new InitialContext(); Object o = ctx.lookup(java:jdbc/cacheapp); out.println(o); } catch (NamingException e) { out.println(e.getMessage()); } catch (Exception e) { } } % html head titleTest JNDI/title /head body h1Teste JNDI/h1 hr/ % doLookup(out); % hr/ /body /html Versions earlier than 6.0.41: org.apache.tomcat.jdbc.pool.DataSource@29050dfd {ConnectionPool[defaultAutoCommit=null; defaultReadOnly=null; defaultTransactionIsolation=-1; defaultCatalog=null; driverClassName=com.intersys.jdbc.CacheDriver; maxActive=10; maxIdle=2; minIdle=1; initialSize=10; maxWait=1; testOnBorrow=true; testOnReturn=false; timeBetweenEvictionRunsMillis=5000; numTestsPerEvictionRun=0; minEvictableIdleTimeMillis=6; testWhileIdle=false; testOnConnect=false; password=; url=jdbc:Cache://localhost:1972/USER; username=tomcat; validationQuery=select 1 from dual; validationQueryTimeout=-1; validatorClassName=null; validationInterval=0; accessToUnderlyingConnectionAllowed=true; removeAbandoned=true; removeAbandonedTimeout=300; logAbandoned=false; connectionProperties=null; initSQL=null; jdbcInterceptors=null; jmxEnabled=true; fairQueue=true; useEquals=true; abandonWhenPercentageFull=0; maxAge=0; useLock=false; dataSource=null; dataSourceJNDI=null; suspectTimeout=0; alternateUsernameAllowed=true; commitOnReturn=false; rollbackOnReturn=false; useDisposableConnectionFacade=true; logValidationErrors=false; propagateInterruptState=false; ignoreExceptionOnPreLoad=false; } 6.0.41 and 7.0.55: Name jdbc is not bound in this Context You'll usually see this when the resource is not successfully created for some reason. Do you see any errors in the logs that might indicate a problem with the resource? Connection issue, missing JDBC driver, etc... You can also see if the resource exists by looking for it through jconsole or jvisualvm. Can you confirm it exists? Lastly you mentioned it's a global resource. Can you confirm that there's a resource link setup? Dan That is a bug? We are having a issue in psi-probe because this behavior change ( https://code.google.com/p/psi-probe/issues/detail?id=411). Thanks in advance.
Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55
On Wed, Sep 3, 2014 at 11:51 AM, Robert Anderson ranom...@gmail.com wrote: Ok! :) Steps to reproduce: 1)Download and unpack 6.0.39 http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.39/bin/apache-tomcat-6.0.39.tar.gz 2) Create a global jndi resouce in server.xml GlobalNamingResources Resource name=jdbc/cacheapp auth=Container type=javax.sql.DataSource removeAbandoned=true removeAbandonedTimeout=300 maxActive=10 maxIdle=2 minIdle=1 maxWait=1 validationQuery=select 1 from dual testOnBorrow=true validationInterval=0 username=_system password=SYS driverClassName=com.intersys.jdbc.CacheDriver url=jdbc:Cache://localhost:1972/USER/ /GlobalNamingResources ... 3) Install psi-probe: https://code.google.com/p/psi-probe/downloads/detail?name=probe-2.3.3.zip, unpack and copy probe.war to webapps dir; 4) Edit tomcat-users.xml role rolename=probeuser / role rolename=poweruser / role rolename=poweruserplus / role rolename=manager / user username=admin password=t0psecret roles=manager / 5) Start tomcat and go to http://localhost:8080/probe/datasources.htm It will list global jndi resources. I think the question is how does it list these? You haven't added any resource links, so technically there are no resources available to your application through JNDI. See the Introduction section here, which states why resource links are necessary. http://tomcat.apache.org/tomcat-7.0-doc/config/globalresources.html#Introduction Have you tried looking at your running 6.0.41 server, connecting with JMX and looking at the MBeans? Is your database connection pool resources actually available? Dan Instead of Tomcat 6.0.39, use 6.0.41 and probe will not list global jndi resources anymore. Thanks. 2014-09-03 12:39 GMT-03:00 Filip Hanik fi...@hanik.com: can you post your configuration file. that will be the only way we can help you fix it, as I doubt tomcat will go back to pre 6.0.41 days :) Filip On Wed, Sep 3, 2014 at 9:36 AM, Robert Anderson ranom...@gmail.com wrote: Hi, In a privileged context, a have the following jsp to test a global jndi resource: %@ page session=false import=java.util.*,java.sql.*,javax.naming.*, javax.sql.*,org.apache.commons.dbcp.* contentType=text/html % %! protected void doLookup(JspWriter out) throws ServletException, IOException { Context ctx; try { ctx = new InitialContext(); Object o = ctx.lookup(java:jdbc/cacheapp); out.println(o); } catch (NamingException e) { out.println(e.getMessage()); } catch (Exception e) { } } % html head titleTest JNDI/title /head body h1Teste JNDI/h1 hr/ % doLookup(out); % hr/ /body /html Versions earlier than 6.0.41: org.apache.tomcat.jdbc.pool.DataSource@29050dfd {ConnectionPool[defaultAutoCommit=null; defaultReadOnly=null; defaultTransactionIsolation=-1; defaultCatalog=null; driverClassName=com.intersys.jdbc.CacheDriver; maxActive=10; maxIdle=2; minIdle=1; initialSize=10; maxWait=1; testOnBorrow=true; testOnReturn=false; timeBetweenEvictionRunsMillis=5000; numTestsPerEvictionRun=0; minEvictableIdleTimeMillis=6; testWhileIdle=false; testOnConnect=false; password=; url=jdbc:Cache://localhost:1972/USER; username=tomcat; validationQuery=select 1 from dual; validationQueryTimeout=-1; validatorClassName=null; validationInterval=0; accessToUnderlyingConnectionAllowed=true; removeAbandoned=true; removeAbandonedTimeout=300; logAbandoned=false; connectionProperties=null; initSQL=null; jdbcInterceptors=null; jmxEnabled=true; fairQueue=true; useEquals=true; abandonWhenPercentageFull=0; maxAge=0; useLock=false; dataSource=null; dataSourceJNDI=null; suspectTimeout=0; alternateUsernameAllowed=true; commitOnReturn=false; rollbackOnReturn=false; useDisposableConnectionFacade=true; logValidationErrors=false; propagateInterruptState=false; ignoreExceptionOnPreLoad=false; } 6.0.41 and 7.0.55: Name jdbc is not bound in this Context That is a bug? We are having a issue in psi-probe because this behavior change ( https://code.google.com/p/psi-probe/issues/detail?id=411). Thanks in advance.
Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55
On Wed, Sep 3, 2014 at 1:09 PM, Robert Anderson ranom...@gmail.com wrote: Thanks, Daniel. But my question the question is why that was working in 6.0.39 and the firsts releases of 7.0.x? Hard to say because I don't know the application's code, so I'm not sure what it is doing. It's a pretty safe bet it isn't pulling that information from JNDI though (because there aren't any resource links). However it's doing this, it would seem that something has changed and broke the app. Attaching a debugger and seeing what happens when you hit that URL might give you some more details. Dan Tomcat is not bind in java:global name anymore. Was it a feature request or is it a bug? Em 03/09/2014 13:48, Daniel Mikusa dmik...@pivotal.io escreveu: On Wed, Sep 3, 2014 at 11:51 AM, Robert Anderson ranom...@gmail.com wrote: Ok! :) Steps to reproduce: 1)Download and unpack 6.0.39 http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.39/bin/apache-tomcat-6.0.39.tar.gz 2) Create a global jndi resouce in server.xml GlobalNamingResources Resource name=jdbc/cacheapp auth=Container type=javax.sql.DataSource removeAbandoned=true removeAbandonedTimeout=300 maxActive=10 maxIdle=2 minIdle=1 maxWait=1 validationQuery=select 1 from dual testOnBorrow=true validationInterval=0 username=_system password=SYS driverClassName=com.intersys.jdbc.CacheDriver url=jdbc:Cache://localhost:1972/USER/ /GlobalNamingResources ... 3) Install psi-probe: https://code.google.com/p/psi-probe/downloads/detail?name=probe-2.3.3.zip, unpack and copy probe.war to webapps dir; 4) Edit tomcat-users.xml role rolename=probeuser / role rolename=poweruser / role rolename=poweruserplus / role rolename=manager / user username=admin password=t0psecret roles=manager / 5) Start tomcat and go to http://localhost:8080/probe/datasources.htm It will list global jndi resources. I think the question is how does it list these? You haven't added any resource links, so technically there are no resources available to your application through JNDI. See the Introduction section here, which states why resource links are necessary. http://tomcat.apache.org/tomcat-7.0-doc/config/globalresources.html#Introduction Have you tried looking at your running 6.0.41 server, connecting with JMX and looking at the MBeans? Is your database connection pool resources actually available? Dan Instead of Tomcat 6.0.39, use 6.0.41 and probe will not list global jndi resources anymore. Thanks. 2014-09-03 12:39 GMT-03:00 Filip Hanik fi...@hanik.com: can you post your configuration file. that will be the only way we can help you fix it, as I doubt tomcat will go back to pre 6.0.41 days :) Filip On Wed, Sep 3, 2014 at 9:36 AM, Robert Anderson ranom...@gmail.com wrote: Hi, In a privileged context, a have the following jsp to test a global jndi resource: %@ page session=false import=java.util.*,java.sql.*,javax.naming.*, javax.sql.*,org.apache.commons.dbcp.* contentType=text/html % %! protected void doLookup(JspWriter out) throws ServletException, IOException { Context ctx; try { ctx = new InitialContext(); Object o = ctx.lookup(java:jdbc/cacheapp); out.println(o); } catch (NamingException e) { out.println(e.getMessage()); } catch (Exception e) { } } % html head titleTest JNDI/title /head body h1Teste JNDI/h1 hr/ % doLookup(out); % hr/ /body /html Versions earlier than 6.0.41: org.apache.tomcat.jdbc.pool.DataSource@29050dfd {ConnectionPool[defaultAutoCommit=null; defaultReadOnly=null; defaultTransactionIsolation=-1; defaultCatalog=null; driverClassName=com.intersys.jdbc.CacheDriver; maxActive=10; maxIdle=2; minIdle=1; initialSize=10; maxWait=1; testOnBorrow=true; testOnReturn=false; timeBetweenEvictionRunsMillis=5000; numTestsPerEvictionRun=0; minEvictableIdleTimeMillis=6; testWhileIdle=false; testOnConnect=false; password=; url=jdbc:Cache://localhost:1972/USER; username=tomcat; validationQuery=select 1 from dual; validationQueryTimeout=-1; validatorClassName=null; validationInterval=0; accessToUnderlyingConnectionAllowed=true; removeAbandoned=true; removeAbandonedTimeout=300; logAbandoned=false; connectionProperties=null; initSQL=null; jdbcInterceptors=null; jmxEnabled=true; fairQueue=true; useEquals=true
Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55
On Wed, Sep 3, 2014 at 2:33 PM, Robert Anderson ranom...@gmail.com wrote: This is the complete code that was working: https://code.google.com/p/psi-probe/source/browse/trunk/core/src/main/java/com/googlecode/psiprobe/beans/ResourceResolverBean.java public List getApplicationResources() throws NamingException { logger.info(Reading GLOBAL resources); List resources = new ArrayList(); MBeanServer server = getMBeanServer(); if (server != null) { try { Set dsNames = server.queryNames(new ObjectName( Catalina:type=Resource,resourcetype=Global,*), null); for (Iterator it = dsNames.iterator(); it.hasNext();) { ObjectName objectName = (ObjectName) it.next(); ApplicationResource resource = new ApplicationResource (); logger.info(reading resource: + objectName); Do you see this being logged? Dan resource.setName(getStringAttribute(server, objectName, name)); resource.setType(getStringAttribute(server, objectName, type)); resource.setScope(getStringAttribute(server, objectName, scope)); resource.setAuth(getStringAttribute(server, objectName, auth)); resource.setDescription(getStringAttribute(server, objectName, description)); lookupResource(resource, true, true); resources.add(resource); } } catch (Exception e) { logger.error(There was an error querying JMX server:, e); } } return resources; } public void lookupResource(ApplicationResource resource, boolean contextBound, boolean global) { DataSourceInfo dataSourceInfo = null; if (contextBound) { try { String jndiName = resolveJndiName(resource.getName(), global ); Object o = new InitialContext().lookup(jndiName); //The exception is here resource.setLookedUp(true); for (Iterator it = datasourceMappers.iterator(); it.hasNext ();) { DatasourceAccessor accessor = (DatasourceAccessor) it. next(); dataSourceInfo = accessor.getInfo(o); if (dataSourceInfo != null) { break; } } } catch (Throwable e) { resource.setLookedUp(false); dataSourceInfo = null; logger.error(Failed to lookup: + resource.getName(), e); // // make sure we always re-throw ThreadDeath // if (e instanceof ThreadDeath) { throw (ThreadDeath) e; } } } else { resource.setLookedUp(false); } We are suspecting that this fix broke something: https://issues.apache.org/bugzilla/show_bug.cgi?id=56451. 2014-09-03 15:25 GMT-03:00 Filip Hanik fi...@hanik.com: On Wed, Sep 3, 2014 at 11:09 AM, Robert Anderson ranom...@gmail.com wrote: Thanks, Daniel. But my question the question is why that was working in 6.0.39 and the firsts releases of 7.0.x? Tomcat is not bind in java:global name anymore. Was it a feature request or is it a bug? Not sure, the resource links have been around for a long time. It may have been a security feature to not expose . However, I'm sure there was a reason for it, and very unlikely it will change back You can get around it by adding a ResourceLink element in your conf/context.xml, as this setting will apply to all your apps deployed. Filip Em 03/09/2014 13:48, Daniel Mikusa dmik...@pivotal.io escreveu: On Wed, Sep 3, 2014 at 11:51 AM, Robert Anderson ranom...@gmail.com wrote: Ok! :) Steps to reproduce: 1)Download and unpack 6.0.39 http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.39/bin/apache-tomcat-6.0.39.tar.gz 2) Create a global jndi resouce in server.xml GlobalNamingResources Resource name=jdbc/cacheapp auth=Container type=javax.sql.DataSource removeAbandoned=true removeAbandonedTimeout=300 maxActive=10 maxIdle=2 minIdle=1 maxWait=1 validationQuery=select 1 from dual testOnBorrow=true validationInterval=0 username=_system password=SYS driverClassName=com.intersys.jdbc.CacheDriver url=jdbc:Cache://localhost:1972/USER/ /GlobalNamingResources ... 3) Install psi-probe: https://code.google.com/p/psi-probe/downloads/detail?name=probe-2.3.3.zip
Re: Global JNDI resources lookup behavior difference between version 6.0.39 and 6.0.41/7.0.55
On Wed, Sep 3, 2014 at 11:51 AM, Robert Anderson ranom...@gmail.com wrote: Ok! :) Steps to reproduce: 1)Download and unpack 6.0.39 http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.39/bin/apache-tomcat-6.0.39.tar.gz 2) Create a global jndi resouce in server.xml GlobalNamingResources Resource name=jdbc/cacheapp auth=Container type=javax.sql.DataSource removeAbandoned=true removeAbandonedTimeout=300 maxActive=10 maxIdle=2 minIdle=1 maxWait=1 validationQuery=select 1 from dual testOnBorrow=true validationInterval=0 username=_system password=SYS driverClassName=com.intersys.jdbc.CacheDriver url=jdbc:Cache://localhost:1972/USER/ /GlobalNamingResources ... 3) Install psi-probe: https://code.google.com/p/psi-probe/downloads/detail?name=probe-2.3.3.zip, unpack and copy probe.war to webapps dir; 4) Edit tomcat-users.xml role rolename=probeuser / role rolename=poweruser / role rolename=poweruserplus / role rolename=manager / user username=admin password=t0psecret roles=manager / 5) Start tomcat and go to http://localhost:8080/probe/datasources.htm It will list global jndi resources. Instead of Tomcat 6.0.39, use 6.0.41 and probe will not list global jndi resources anymore. I tried these steps with Tomcat 7.0.55 and was able to replicate the problem. I was also able to resolve the problem by adding a ResourceLink tag. ?xml version='1.0' encoding='utf-8'? Context privileged=true ResourceLink name=jdbc/myDb global=jdbc/myDb / /Context I'm going to try with Tomcat 6.0.39 and 6.0.41 as well. Dan Thanks. 2014-09-03 12:39 GMT-03:00 Filip Hanik fi...@hanik.com: can you post your configuration file. that will be the only way we can help you fix it, as I doubt tomcat will go back to pre 6.0.41 days :) Filip On Wed, Sep 3, 2014 at 9:36 AM, Robert Anderson ranom...@gmail.com wrote: Hi, In a privileged context, a have the following jsp to test a global jndi resource: %@ page session=false import=java.util.*,java.sql.*,javax.naming.*, javax.sql.*,org.apache.commons.dbcp.* contentType=text/html % %! protected void doLookup(JspWriter out) throws ServletException, IOException { Context ctx; try { ctx = new InitialContext(); Object o = ctx.lookup(java:jdbc/cacheapp); out.println(o); } catch (NamingException e) { out.println(e.getMessage()); } catch (Exception e) { } } % html head titleTest JNDI/title /head body h1Teste JNDI/h1 hr/ % doLookup(out); % hr/ /body /html Versions earlier than 6.0.41: org.apache.tomcat.jdbc.pool.DataSource@29050dfd {ConnectionPool[defaultAutoCommit=null; defaultReadOnly=null; defaultTransactionIsolation=-1; defaultCatalog=null; driverClassName=com.intersys.jdbc.CacheDriver; maxActive=10; maxIdle=2; minIdle=1; initialSize=10; maxWait=1; testOnBorrow=true; testOnReturn=false; timeBetweenEvictionRunsMillis=5000; numTestsPerEvictionRun=0; minEvictableIdleTimeMillis=6; testWhileIdle=false; testOnConnect=false; password=; url=jdbc:Cache://localhost:1972/USER; username=tomcat; validationQuery=select 1 from dual; validationQueryTimeout=-1; validatorClassName=null; validationInterval=0; accessToUnderlyingConnectionAllowed=true; removeAbandoned=true; removeAbandonedTimeout=300; logAbandoned=false; connectionProperties=null; initSQL=null; jdbcInterceptors=null; jmxEnabled=true; fairQueue=true; useEquals=true; abandonWhenPercentageFull=0; maxAge=0; useLock=false; dataSource=null; dataSourceJNDI=null; suspectTimeout=0; alternateUsernameAllowed=true; commitOnReturn=false; rollbackOnReturn=false; useDisposableConnectionFacade=true; logValidationErrors=false; propagateInterruptState=false; ignoreExceptionOnPreLoad=false; } 6.0.41 and 7.0.55: Name jdbc is not bound in this Context That is a bug? We are having a issue in psi-probe because this behavior change ( https://code.google.com/p/psi-probe/issues/detail?id=411). Thanks in advance.
Re: Manager app + RemoteAddrValve + 403 Access Denied
On Mon, Sep 1, 2014 at 12:36 PM, Shanti Suresh sha...@umich.edu wrote: Hi Dan, On Fri, Aug 29, 2014 at 12:34 PM, Daniel Mikusa dmik...@pivotal.io wrote: Can you access the JMXProxy servlet directly? http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Using_the_JMX_Proxy_Servlet Thanks for the note and the references. On accessing the JMXProxy servlet directly, I get a 403 Access Denied as well. Have you configured access to the manager app? http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring_Manager_Application_Access I would like localhost to access the JMXProxy servlet without a password. And hence, I used the RemoteAddrValve in the manager-context within manager.xml to configure access. This setup used to work in 7.0.23 with just an IP address restriction and no password. So using a RemoteAddrValve will allow you to restrict access by IP address, but the manager application is still configured to require authentication. See this note from the link I sent previously. It would be quite unsafe to ship Tomcat with default settings that allowed anyone on the Internet to execute the Manager application on your server. Therefore, the Manager application is shipped with the requirement that anyone who attempts to use it must authenticate themselves, using a username and password that have one of manager-** roles associated with them (the role name depends on what functionality is required). Further, there is no username in the default users file ($CATALINA_BASE/conf/tomcat-users.xml) that is assigned to those roles. Therefore, access to the Manager application is completely disabled by default. Did you do something in your previous setup to disable authentication? I have a perl script that periodically invokes JSPs within the manager application; these JSPs then invoke the JMXProxy servlet. So I thought I could get the same thing to happen in 7.0.52. How are the JSP's invoking the JMXProxyServlet? Are they sending an HTTP request? Dan I know I am missing something. Thanks, -Shanti
Re: Configured JDBCRealm
On Tue, Sep 2, 2014 at 7:00 AM, Dalecki, Janusz jdale...@tycoint.com wrote: Hi, I have configured JDBCRealm Tomcat with the following: Context Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.postgresql.Driver connectionURL=jdbc:postgresql://localhost:5432/df_Scheduler?user=postgresamp;password=admin userTable=users userNameCol=userName userCredCol=password userRoleTable=user_roles roleNameCol=roleName/ /Context I have a few questions: 1) How can I get hold of this realm object within my Java app? 2) Even if I get the instance of the JDBCRealm - how do I get the list of all roles available? What's the purpose of doing this? This is just me, but if I wanted to get a list of my users or roles, I would use JDBC and pull them from the database. Then I don't have to tie my application to Tomcat's internal classes. Dan Regards, Janusz This e-mail contains privileged and confidential information intended for the use of the addressees named above. If you are not the intended recipient of this e-mail, you are hereby notified that you must not disseminate, copy or take any action in respect of any information contained in it. If you have received this e-mail in error, please notify the sender immediately by e-mail and immediately destroy this e-mail and its attachments.
Re: Manager app + RemoteAddrValve + 403 Access Denied
On Tue, Sep 2, 2014 at 10:53 AM, Shanti Suresh sha...@umich.edu wrote: Hi Dan, On Tue, Sep 2, 2014 at 7:50 AM, Daniel Mikusa dmik...@pivotal.io wrote: So using a RemoteAddrValve will allow you to restrict access by IP address, but the manager application is still configured to require authentication. See this note from the link I sent previously. It would be quite unsafe to ship Tomcat with default settings that allowed anyone on the Internet to execute the Manager application on your server. Therefore, the Manager application is shipped with the requirement that anyone who attempts to use it must authenticate themselves, using a username and password that have one of manager-** roles associated with them (the role name depends on what functionality is required). Further, there is no username in the default users file ($CATALINA_BASE/conf/tomcat-users.xml) that is assigned to those roles. Therefore, access to the Manager application is completely disabled by default. Did you do something in your previous setup to disable authentication? That's what I am looking hard and I can't seem to find anything different I did, in manager's web.xml in 7.0.23. There is nothing in manager's META-INF/context.xml either. How are the JSP's invoking the JMXProxyServlet? Are they sending an HTTP request? The JSPs simply forward the request to the jmxproxy servlet as follows, in the heapused.jsp: --start of heapused.jsp:- jsp:forward page=/jmxproxy/ jsp:param name=get value=java.lang:type=Memory / jsp:param name=att value=HeapMemoryUsage / jsp:param name=key value=used / /jsp:forward --end of heapused.jsp I tried adding this to my manager app and it was triggering a 403. A quick investigation showed the 403 was coming from the CRF filter (i.e. 403 with direct access, success with nonce in the URL). Maybe you're seeing the same thing? Dan
Re: Manager app + RemoteAddrValve + 403 Access Denied
On Tue, Sep 2, 2014 at 4:41 PM, Shanti Suresh sha...@umich.edu wrote: Hi Dan, On Tue, Sep 2, 2014 at 12:19 PM, Daniel Mikusa dmik...@pivotal.io wrote: I tried adding this to my manager app and it was triggering a 403. A quick investigation showed the 403 was coming from the CRF filter (i.e. 403 with direct access, success with nonce in the URL). Maybe you're seeing the same thing? Hi Daniel, Did you succeed when you used curl on the localhost running the Tomcat service? I didn't try curl. I believe it should work, assuming you send the right nonce. So in order to get a nonce in the URL, did you first log in? Yes, but that was just because it was the quickest way to get a nonce to test. I just copied and pasted it. Another way to get the nonce would be to create a page like links.jsp. On that page, you could just output the links. Ex: %= response.encodeURL(heapused.jsp) % As long as you're using response.encodeURL, the nonce will be automatically added to the link. The only other thing you need to do is to add /links.jsp (or whatever URL you expose) to the entryPoints parameter of the CsrfPreventionFilter in web.xml (for the manager app). You could then modify your script to hit the link and grab the list of URLs with nonce included. I suppose you could also just list your custom JSP pages as entryPoints, however that's going to bypass the CsrfProtectionFilter for them. Please note the caution provided in the entry points documentation Entry points will be limited to HTTP GET requests and should not trigger any security sensitive actions. Also, if you don't care you could just remove the CsrfProtectionFilter, but it's not something I would recommend. Dan If you can list the steps you followed, then I'd appreciate it. Running Tomcat in DEBUG mode, although it says the following, I still get a 403. 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- No applicable constraint located 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.authenticator.AuthenticatorBase- Not subject to any constraint : Below is the DEBUG snippet for the request: - Tomcat Debug log snippet: 2014-09-02 16:24:48,418 [catalina-exec-3] DEBUG org.apache.catalina.connector.CoyoteAdapter- The variable [uriBC] has value [/manager/heapused.jsp] 2014-09-02 16:24:48,418 [catalina-exec-3] DEBUG org.apache.catalina.connector.CoyoteAdapter- The variable [semicolon] has value [-1] 2014-09-02 16:24:48,418 [catalina-exec-3] DEBUG org.apache.catalina.connector.CoyoteAdapter- The variable [enc] has value [UTF-8]2014-09-02 16:24:48,419 [catalina-exec-3] DEBUG org.apache.catalina.authenticator.AuthenticatorBase- Security checking request GET /manager/heapused.jsp 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[Status interface]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[JMX Proxy interface]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[Text Manager interface (for scripts)]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[Status interface]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[JMX Proxy interface]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[Text Manager interface (for scripts)]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[Status interface]' against GET /heapused.jsp -- false2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420 [catalina-exec-3] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[JMX Proxy interface]' against GET /heapused.jsp -- false 2014-09-02 16:24:48,420
Re: can't make external lib jars loaded with Resources in tomcat 8
On Aug 29, 2014 4:56 PM, Sergei Kovalev skov...@gmail.com wrote: Can anybody provide working example how to externalize libs for application under tomcat 8? I have done below but it does not work, libs not getting loaded. Resources PreResources base=C:\Projects\tomcat\apache-tomcat-8.0.11\hostlibs\myhost className=org.apache.catalina.webresources.DirResourceSet webAppMount=/WEB-INF/lib/ /Resources This looks ok at first glance. I haven't used it on Windows though. Have you tried using forward slashes in the path? What about doubling up the backslashes? Dan Thanks
Re: Manager app + RemoteAddrValve + 403 Access Denied
On Fri, Aug 29, 2014 at 12:15 PM, Shanti Suresh sha...@umich.edu wrote: Greetings, I am running Tomcat 7.0.52. I am a bit unsure as to why localhost is being denied a JMXProxy servlet query with a 403. I tried using curl as: curl http://localhost:8090/manager/heapused.jsp I have CATALINA_HOME/conf/Catalina/localhost/manager.xml set as follows: Context path=/manager privileged=true docBase=/opt/tomcat/mgmt/apache/webapps/manager Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127\.0\.0\.1/ /Context I have heapused.jsp under the manager app as follows: jsp:forward page=/jmxproxy/ jsp:param name=get value=java.lang:type=Memory / jsp:param name=att value=HeapMemoryUsage / jsp:param name=key value=used / /jsp:forward File permissions are: -rw-rw-r-- 1 user group 189 Aug 29 10:29 manager/heapused.jsp Appreciate any tips. Thank you, -Shanti Can you access the JMXProxy servlet directly? http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Using_the_JMX_Proxy_Servlet Have you configured access to the manager app? http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring_Manager_Application_Access Dan
Re: Install Tomcat on Oracle Enterprise Linux
On Tue, Aug 26, 2014 at 3:08 AM, Vijay Kumar vijy.gan...@gmail.com wrote: Hi, Can i install Tomcat on Oracle Enterprise Linux. Can you install a JVM on it? If so, then Tomcat will very likely run there. Could you please share us the link/doc which i need to refer. http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt or download Tomcat and look at the RUNNING.txt file that comes with it. Dan Thanks, Vijay G
Re: How can we configure deployXML=true in security manager ?
On Thu, Aug 14, 2014 at 6:39 AM, Utkarsh Dave utkarshkd...@gmail.com wrote: We upgraded from Tomcat 7.0.41 to tomcat 7.0.53. We are starting the Tomcat as -security so as to enable security manager. I also see the changelog of 7.0.48 mentioning about this change When running under a security manager, change the default value of the Host's deployXML attribute to false. add If a Host is configured with a value of false for deployXML, a web application has an embedded descriptor at META-INF/context.xml and no explicit descriptor has been defined for this application, do not allow the application to start. The reason for this is that the embedded descriptor may contain configuration necessary for secure operation such as a RemoteAddrValve. As a result many of the applications are not starting in my project. How can we fix this? Don't rely on the contents of your application's META-INF/context.xml files. As the note you quoted mentions, when you set -security it is going to set deployXML to false. This is explained a bit more in the docs for deployXML. Set to false if you want to disable parsing the context XML descriptor embedded inside the application (located at /META-INF/context.xml). Security conscious environments should set this to false to prevent applications from interacting with the container's configuration. The administrator will then be responsible for providing an external context configuration file, and putting it in the location defined by the xmlBase attribute. If this flag is false, a descriptor is located at /META-INF/context.xml and no descriptor is present in xmlBase then the context will fail to start in case the descriptor contains necessary configuration for secure deployment (such as a RemoteAddrValve) which should not be ignored. The flag's value defaults to true unless a security manager is enabled when the default is false. To work around this just move all the necessary configuration that was in /META-INF/context.xml into conf/Catalina/localhost/app.xml (i.e. conf/service/host/app.xml). Dan -Thanks Utkarsh
Re: Max threads and Connector
On Wed, Aug 13, 2014 at 12:16 AM, Ahmed Hosni ahmedhosni...@gmail.com wrote: I am using nginx webserver with tomcat 7 in production environment , I am trying to optemize performance changing connector port type from http to ajp and increasing maxThreads attribute in connector, does that really can enhance performance? I don't know if anyone can completely answer that question for you. We might be able to give you some information about how those settings have affected our environments or hypothesize about how they would effect yours. Ultimately you should try both options and measure the performance of each one. Then you can compare the two and know the answer for your specific environment and applications. Dan