Re: Tomcat & SOAP/Rest +/- jax-ws or Axis2 or cxf ????
On Sun, Nov 1, 2015 at 2:31 AM, N.s.Karthikwrote: > Hi > spec : jdk 1.7 > Container Tomcat 7.x > O/s : Oracle Linux > > Question : Need a *Simple & Single Framework to support both "SOAP & Rest"* > based services. > > Which one is the best to make use of ?? > > Jax-ws OR Axis2 OR Cxf or > > http://tomee.apache.org/apache-tomee.html
Re: Tomcat 8 reliability/performance on Windows 2008 R2 Server vs. RHEL/CentOS
On Thu, Oct 1, 2015 at 11:46 AM, Aurélien Terrestriswrote: > I recommend Linux for 2 reasons : > - easier to install and maintain a secured Tomcat (especially when > using different TOMCAT_HOME & TOMCAT_BASE, on Windows it's pretty > difficult to know how to secure all directories correctly) ; if you > have to deal with file uploading, you don't want a system which could > launch any exe,.. > - doesn't need to reboot every 3 days because of the memory > fragmentation or anything else > Multiple tomcat/tomee instances are running well on Windows 2008 R2 Server for me. - does 'not' reboot every 3 days at all - only reboots automatically at 3am when there is a Windows update for the Windows 2008 R2 Server - my apps shut down with no issues and restart (via Windows Service for each tomcat/tomee instance) with no issues - the embedded Apache Derby database is/has never corrupted due to loss of power or restart (for Windows update) - never had to set or maintain TOMCAT_HOME and/or TOMCAT_BASE environment variables - i only set/maintain JAVA_HOME and JRE_HOME environment variables (whenever there is a Java version update) - my 2 apps (and/or tomee instances) run under 500MB and 1GB of RAM, respectively, and CPU seem to max out between 4 to 10% (on average) - Java EE 6 full blown stack (JPA, JSF, JMS) running on main tomee instance using under 1 GB of RAM - Java EE 6 RESTful + JMS running on 2nd tomee instance using under 500MB of RAM - use tomcat7w.exe and tomee4restw.exe to start, stop, edit the Windows Services for the tomcat/tomee instances - Windows = piece of cake (for me) - as Andre' mentioned, use Remote Desktop connection to connect to the Windows 2008 R2 Server - i remove default tomcat/tomee web app (ROOT folder, etc...) and deploy my WAR to webapps folder - i'm loving tomcat/tomee on Windows Server - have 32 GB of RAM available, only using (approximately) 4GB because of my java heap settings for both tomcat/tomee settings
Re: Is Container Managed Transactions possible in case of Tomcat ?
On Aug 19, 2015 3:56 PM, Sreyan Chakravarty sreyan.mail...@gmail.com wrote: TomEE supports Apache OpenJPA. What if I wanted to use Hibernate as my JPA provider ? I searched Google for tomee hibernate tutorial And found http://tomee.apache.org/examples-trunk/jpa-hibernate/README.html https://rmannibucau.wordpress.com/2012/07/01/hibernate-tomee/ And many more. Please subscribe to the Apache TomEE user list, download latest version, and ask any further questions on the tomee user list. On Wed, Aug 19, 2015 at 9:53 PM, Alex Soto asot...@gmail.com wrote: Yeah in this case you should take a look at Apache TomEE which is Apache Tomcat + Java EE and you will get all of these for free :). El dc., 19 ag. 2015 a les 18:18, Daniel Mikusa (dmik...@pivotal.io) va escriure: On Wed, Aug 19, 2015 at 12:03 PM, Sreyan Chakravarty sreyan.mail...@gmail.com wrote: I planning to use JPA (Hibernate) in a small project that I am developing. Now I have heard a lot about the benefits of using Container Managed Transactions(CMT) for JPA in web apps. But most of the tutorials on the web use either GlassFish or JBoss, so I was wondering is CMT supported by Tomcat. Send me a link to the documentation for this if there is any. Please note that I am going to use a datasource to connect to my database and I am using persistence.xml(JPA style) to use Hibernate. If you're referring to JTA, then no. Tomcat doesn't implement that. Tomcat only implements a subset of the JEE spec. http://tomcat.apache.org/whichversion.html However most of the parts of the spec that Tomcat does not implement can be pulled in via libraries. For JTA you can use a third party implementation with Tomcat. Atomikos, JOTM and Bitronix are ones that come to mind. These docs are a little dated, but should get you started. http://www.atomikos.com/Documentation/TomcatIntegration http://jotm.objectweb.org/current/jotm/doc/howto-tomcat-jotm.html Dan
Re: RES: Configuring limits of requests/sessions/threads in Tomcat
On Tue, Apr 1, 2014 at 9:30 PM, Frederik Nosi frederik.n...@postecom.itwrote: If so, just put an nginx or such in front of you'r Tomcat, you dont need an application server for that, it's just like using a tank to shoot a mosquito :P Wow, LOL!
Re: [OT] timeout
On Mar 31, 2014 3:48 AM, André Warnier a...@ice-sa.com wrote: Howard W. Smith, Jr. wrote: On Sun, Mar 30, 2014 at 9:54 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: Re: timeout - and if that is not the reason, then find the person responsible for the in-between equipment and ask them why their junk closes the connection before your application has a chance to respond 'junk'? please clarify the usage of the word 'junk', here. :) I think the definition something of poor quality would fit in this case, if the poor quality were a result of configuring equipment without regard to the requirements of the network users. - Chuck understood, thanks Chuck. :) Yes, what I meant precisely was thus : if after receiving numerous complaints from your users and your boss that your application is misbehaving; after an in-depth review of the Apache httpd and tomcat on-line documentation; after a level-headed discussion of the issue with a group of independent experts; after a thorough witnessed interview of a significant sample of the users to ascertain their professional behaviour in front of a browser and the absence of any problem with their mouse buttons; after a careful and time-consuming examination of all the evidence, including the access logs of both tomcat and httpd; if after all that thus you would come to the inescapable conclusion that it is the intermediate firewall/gateway that is the cause of all the trouble, then when you talk to the people responsible for that equipment, the word that might come to mind then, to qualify this equipment and its settings seen as a whole, is junk. Thank you for offering me the opportunity to clarify this section of my previous post. You're welcome, the pleasure was [almost] all mine, and thank you for the clarification. :-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request for better deployment usability: should be able to specify context root inside war
On Mon, Mar 31, 2014 at 1:27 PM, Mark Eggers its_toas...@yahoo.com wrote: As far as Glassfish versus Apache Tomcat goes, they address different use cases. Glassfish is a J2EE application server. Apache Tomcat is a servlet container. While you can convince Apache Tomcat to do a lot of things, at some point it's better to run an application server if your requirements dictate it. Apache TomEE is a good choice. +1 TomEE is a good choice, and it makes you a Tomcat user, too. :) BTW, I like Glassfish and Apache TomEE. It just depends on my use case. As one that migrated from Glassfish to TomEE, my recommendation is TomEE. Concerning string concatenation, I think you would be surprised. Since strings are immutable, concatenating strings is very expensive if you're doing more than a few. I believe I read somewhere that concatenating 'n' strings is proportional to the quadratic of n. In short, ouch. Are there better places to spend time on optimization? Probably, but this depends on your application. Is concatenating 100 strings using the concatenation operator needlessly expensive? Most probably. In the past, i worked on a contract where I moved some string-processing Powerbuilder logic from PowerBuilder/client to database stored proc. Previously, the Powerbuilder client-side string-processing code took 1.5 hours to complete; after i moved the logic to database stored proc, it took 2 to 10 seconds to complete. :)
Re: timeout
On Sun, Mar 30, 2014 at 6:30 PM, André Warnier a...@ice-sa.com wrote: - and if that is not the reason, then find the person responsible for the in-between equipment and ask them why their junk closes the connection before your application has a chance to respond 'junk'? please clarify the usage of the word 'junk', here. :)
Re: timeout
On Sun, Mar 30, 2014 at 9:54 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: Re: timeout - and if that is not the reason, then find the person responsible for the in-between equipment and ask them why their junk closes the connection before your application has a chance to respond 'junk'? please clarify the usage of the word 'junk', here. :) I think the definition something of poor quality would fit in this case, if the poor quality were a result of configuring equipment without regard to the requirements of the network users. - Chuck understood, thanks Chuck. :)
Re: Detecting out-of-memory condition
On Mon, Mar 24, 2014 at 1:57 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] Subject: Detecting out-of-memory condition We have noticed that after a certain amount of continuous uptime, Tomcat eventually runs out of memory. Your app has a memory leak. I agree. My app runs well after/during continuous uptime, but about a month ago, a certain part of the app was used for annual reporting. Keep-alive session is available when accessing/using that part of the app, and there is a heck of amount of data being selected from database and/or stored in @SessionScoped beans. A memory leak was exposed in that part of the app. it's on my to-do list to review and refactor that part of the app to avoid/fix the memory leak in the future.
Re: Possible Tomcat 8.0.3 issue
On Mon, Mar 17, 2014 at 4:14 PM, Felipe Jaekel fkjae...@gmail.com wrote: My Tomcat 7 was running fine with this script, but last friday morning I started Tomcat 8 setting only this: *-Xms2048m -Xmx2048m -XX:MaxPermSize=1024m -Dorg.apache.el.parser.COERCE_TO_ZERO=false* and the applications crashed too. So I'd say that the problem is not my JVM config, but I'm interested on improving it. What arguments do you recommend to tune GC? Last friday afternoon I created a new Amazon EC2 instance with Tomcat 7 to check, and the problem is still there, so It was a damn coincidence that this problem started after I migrate to Tomcat 8. As I had a connection pool leak with Tomcat 8 it contributed for me to think that it could be Was the following in your Tomcat7 config before 'and' after migrating to tomcat8? -Dorg.apache.el.parser.COERCE_TO_ZERO=false*
Re: Possible Tomcat 8.0.3 issue
On Thu, Mar 13, 2014 at 9:33 AM, burghard.britzke b...@charmides.in-berlin.de wrote: may be restarting the context would even be sufficient? May be the FacesServlet has an issue which implementation are you using? which version? which version of PrimeFaces? earlier, in the thread, he provided the following: Chrome console output: Resource interpreted as Stylesheet but transferred with MIME type text/plain: http://spdata-apps.net/cliente/javax.faces.resource/theme.css.jsf?ln=primefaces-redmond . login.jsf:3 Resource interpreted as Script but transferred with MIME type text/plain: http://spdata-apps.net/cliente/javax.faces.resource/primefaces.js.jsf?ln=primefacesv=4.0.9 . login.jsf:3 Resource interpreted as Image but transferred with MIME type text/plain: http://spdata-apps.net/cliente/javax.faces.resource/loading26.gif.jsf?ln=image . login.jsf:22 GET http://spdata-apps.net/cliente/javax.faces.resource/primefaces.css.jsf?ln=primefacesv=4.0.9net::ERR_INVALID_CHUNKED_ENCODING login.jsf:3 primefacesv=4.0.9 PrimeFaces Elite 4.0.9 Since I usually scour PrimeFaces forum topics, this is the first person that I have heard/seen using tomcat 8.0.x with PrimeFaces.
Re: Possible Tomcat 8.0.3 issue
On Thu, Mar 13, 2014 at 11:47 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Felipe, On 3/13/14, 10:57 AM, Felipe Jaekel wrote: There are lots of this in catalina log: *12-Mar-2014 08:41:43.828 WARNING [http-nio-80-exec-28] com.sun.faces.application.resource.ResourceHandlerImpl.logMissingResource JSF1064: Unable to find or serve resource, primefaces.js, from library, primefaces.* *12-Mar-2014 08:41:43.829 WARNING [http-nio-80-exec-28] com.sun.faces.application.resource.ResourceHandlerImpl.logMissingResource * * org.apache.catalina.connector.ClientAbortException: java.io.IOException: Connection reset by peer* But these always appeared in my logs, I guess it happens when the client cancel the page load. Felipe, why would a user cancel the page load? is this quite common that user cancels page load? are there pages in your app that would provoke/motivate user(s) to cancel page load? this/some page(s) take a long time to load? I did found something strange in the access log. Applications crashed around 2:20PM. I checked for primefaces.js at this time in the access log and its all 200 status, but I noticed some very small response sizes in some requests, which explains the JavaScripts errors on Chrome console. Here are the log files and some print-screens: https://dl.dropboxusercontent.com/u/66737052/logs-12-03-2014.tar.bz2 Nothing changed in the system. I started to use Tomcat 8.0.3 in production on February 28th and the server is restarted daily to recycle PermGen space. I'm curious about this: what eats-up your PermGen space? if this behavior did not occur in tomcat7, why would it (start to) occur when using tomcat8? I'm using Mojarra 2.2.5. Mojarra 2.2.5 + tomcat8, hmmm Felipe, which servlet in your web.xml? servlet 2.5, 3.0, 3.1? Felipe, did you look at tomcat 8 migration guide (URL below)? https://tomcat.apache.org/migration-8.html This issue started to manifest at 10AM after a parallel deploy. At first only the icons disappeared from the new deployed version, but it was functional. Although new and old deployed versions had PrimeFaces 4.0.9, I started to think that might be something wrong with it, so I deployed a new version using 4.0.10. Problem was solved for some hours, but when it returned the status was what I mentioned above. Tried to parallel deploy with 4.0.8 but no success. After I restarted problem was solved, but in case it's relevant, there was only one version of each application running. My guess is still OOME: immediately after a parallel-deployment (which roughly doubles the non-session resident footprint of your web application, which you already say has PermGen issues) things start going wonky, and a JVM restart fixes things? My money is on an OOME. Note that they don't always have stack-traces along with them, so they are easy to miss when eyeballing log files. Felipe, can you share your java settings, similar to what I shared below? -Xms3G -Xmx3G -XX:MaxPermSize=384m -XX:+UseTLAB -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTIdMGAAoJEBzwKT+lPKRYkkkP/31gOfqH+wxtEFTKXbNRmKPx 56anmEVQqDo36icLTGRrXS9bhlq5UWZQvdm24n/aA2SeBYJWxOYK0eIU9SnY+Q5w CurqA7KLQPw0UVTXXR3k85etGT8Uuivfnup28bPeJTtsifOzlQOHNC/MpyBzhMaR vwhc94cXR3HC+eoM5mgGMHiMG17jT1P0ty6kCGuDPPNM3DwVyXxmZE0oQQ+Pgoq9 XGJEnW1uKJG0vmM4tNRWWCrWxxu0nypMml/a93IdAZNgCkoEUuHnRqS4Qtie9O/i sMjuJ/dBrc9qMpBfEvGUhLrO6whFbjnVqwfi6saXIcwvEUhs/w7h0dvOsgF9UxLa a8R3mR14QNmLR9Pmh+3OqdwVOx+m4bec5oXjWvitin9RsuaurdRqRDAmvXIWG4ab PLTDGaVmKPIx58uizN0WlQloj2haN7FPvlj18rlirb245KK23sYQHPWTRsOV/KXS wkzlSmzUoIePzCS6jQcCA+lKQ0Is/+JQvoTlBxOgCV1FlqtYR9LTd4qzTDzsTnuH wyhC1+ovscEZPDHlNBUu1RSJGvnB+YccWttcTeXQi3i25bitt+L3HqUyWE7VJbaL 9SetiKGcsJK/gx9NzSQXEwEoPXuTK3vPmW4HVgIg6X51TKORZpPsfknX/iBd1Hml VFCVjzEC334YBFgULc6a =w3Sk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat7w.exe
On Sun, Mar 9, 2014 at 3:53 PM, Leo Donahue donahu...@gmail.com wrote: On Fri, Mar 7, 2014 at 12:43 PM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: Actually, i hate clicking on things... I use Windows keyboard shortcuts as much as possible. Even when you run the following command, you still get a GUI. Tomcat7w //ES/Tomcat7 okay/true. Do you Ctrl + Tab your way through that dialog? yes. Plus, I don't know what this is supposed to edit, but it doesn't change the values in the Tomcat7w.exe dialog: Tomcat7 //ES//Tomcat7 --Startup=Auto (or Automatic) Running that command still shows Manual in the Startup type on the General tab. okay. i never used/tried --Startup=..., because after creating the Windows Service, I /simply/ use tomcat7w.exe (or Windows Start button Administratives Tools Services) to change the value to 'Automatic'.
Re: Tomcat7w.exe
On Mon, Mar 10, 2014 at 10:37 AM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: -Original Message- From: Leo Donahue [mailto:donahu...@gmail.com] Sent: Friday, March 07, 2014 11:10 AM To: users@tomcat.apache.org Subject: Tomcat7w.exe Did I miss something in the documentation about renaming this if one is running multiple windows services of Tomcat? ex: #Prod port 80 c:\apache-tomcat c:\apache-tomcat\apache-tomcat-7.0.52 service install Tomcat7 (from bin directory here) #Dev port 8080 c:\apache-tomcat-dev c:\apache-tomcat-dev\apache-tomcat-7.0.52 service install Tomcat7dev (from bin directory here) If I run the Tomcat7w.exe from #Dev, all of those settings point to #Prod. Unless I change the name of Tomcat7w.exe in #Dev to Tomcat7devw.exe, then everything is fine. Was that listed in the docs somewhere and I missed it? Leo, If you use the Windows installer that the foundation thoughtfully provides, you'll see that the installer actually renames the executables to whatever you put in the Windows Service Name field. So, if you use it to install one instance with the service name Prod, then in the bin directory, you will have Prod.exe and Prodw.exe. If you second instance uses the service name Dev, then the bin directory will have Dev.exe and Devw.exe. And when you go to look for those processes using Task Manager, or Process Explorer, or whatever tool you use, they will actually show up as those names. No more trying to figure out which Tomcat.exe is which. Jeff +1 that's good to know, as I may have a need to have multiple tomcat/tomee instances. Thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat7w.exe
On Fri, Mar 7, 2014 at 1:11 PM, Leo Donahue donahu...@gmail.com wrote: I blame my lack of command line upbringing for not catching that. I love my MS-DOS command-line days/upbringing (dating back to my first computer, 1986 Tandy 1000 SX, MS-DOS 5.0, maybe, and I don't remember using Windows way back at that time). Windows people click on things. Bad habits. Actually, i hate clicking on things... I use Windows keyboard shortcuts as much as possible.
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
Chris, On Tue, Mar 4, 2014 at 4:18 PM, Christopher Schultz ch...@christopherschultz.net wrote: Dmitry, On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote: Howard, My connector config is the following (i've already posted that): Connector port=8443 maxHttpHeaderSize=8192 maxThreads=15000 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true compression=off SSLCertificateFile=/opt/tomcat/mycompany.com.crt SSLCertificateKeyFile=/opt/tomcat/mycompany.com.key / Also -Dhttps.protocols=TLSv1 option is passed to java machine The reason for me to use apr connector is https performance, isn't NIO much slower in that? I don't have any recent performance data, but using OpenSSL is apparently measurably faster than using JSSE. On the other hand, is the NIO connector does not crash, isn't that a point in its favor? Can you please clarify your statements above? are you saying that OpenSSL implies (or equals) NIO or APR? I'm asking, because I only use NIO connector without SSL.
Re: Tomcat 7.0.52 NIO + Atmospere 1.0.18 damaged responses
On Wed, Mar 5, 2014 at 8:35 AM, Jan Dosoudil jan.dosou...@aura.cz wrote: Hi, we have application running on Tomcat 7.0.52 with Nio connector (a lot older versions too), it uses MyFaces (2.1.12), RichFaces (4.3.5), Atmosphere framework (1.0.18). Atmosphere framework is configured to use long-polling with Tomcat Nio comet support. I searched atmosphere google groups mail list, earlier, this morning, for tomcat nio ssl and found, https://groups.google.com/forum/?fromgroups#!searchin/atmosphere-framework/tomcat$20nio$20ssl/atmosphere-framework/J685km4oOvM/2qZMzo4wyfAJ that topic mentioned something similar to what you are stating here, and i think they were using same/similar version of atmosphere (1.0.1x). Sometimes simple request takes a long time to finish (correlates with connectionTimeout set on Connector) and response is damaged. Here is example of damaged response from server: 0 HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=C524EA667CA4087407A5DCDEA1712E53; Path=/app/; HttpOnly Location: http://192.168.1.156:8080/app/login Content-Length: 0 Date: Tue, 28 Jan 2014 16:10:54 GMT Response packet contains exactly this data, no more data (headers) before 0. Example contains redirect but problem appears in JSF pages too. 0 is end of chunked encoded response. Problem went away by switching atmosphere from long-polling to WebSockets +1 and this was mentioned in that thread (URL above), too. so I think there may be problem in Atmospere framework long polling and Tomcat async support. I've found workaround using socket.bufferPool=0 but i think it's not final solution. I don't have simple testcase to easily reproduce this problem. I've tried turning on Tomcat debug logs, debugging Tomcat and so on but without usable results. My opinion is that atmosphere framework uses NioChannel which doesn't own but I'm not able to confirm or reject it. Can you suggest me how to debug this problem or give me some tip to find final solution? have you considered upgrading to latest atmosphere version, retesting your app, and sending a mail to atmosphere list about these issues? also, is it a requirement or preference to use long-polling instead of websocket? usually, i think it is default or recommended to upgrade to websocket, and fallback to long-polling. is long-polling to support target multiple-servers/platforms and/or clients? Thanks, Jan Dosoudil - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
On Mar 5, 2014 11:09 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 3/5/14, 9:45 AM, Howard W. Smith, Jr. wrote: Chris, On Tue, Mar 4, 2014 at 4:18 PM, Christopher Schultz ch...@christopherschultz.net wrote: Dmitry, On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote: Howard, My connector config is the following (i've already posted that): Connector port=8443 maxHttpHeaderSize=8192 maxThreads=15000 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true compression=off SSLCertificateFile=/opt/tomcat/mycompany.com.crt SSLCertificateKeyFile=/opt/tomcat/mycompany.com.key / Also -Dhttps.protocols=TLSv1 option is passed to java machine The reason for me to use apr connector is https performance, isn't NIO much slower in that? I don't have any recent performance data, but using OpenSSL is apparently measurably faster than using JSSE. On the other hand, is the NIO connector does not crash, isn't that a point in its favor? Can you please clarify your statements above? are you saying that OpenSSL implies (or equals) NIO or APR? APR implies OpenSSL, and I suppose vice-versa. APR is native code and uses OpenSSL for its SSL engine. All of the pure-Java connectors (BIO, NIO, and possible a soon-to-be-available NIO2 connector) all use JSSE (Java Secure Sockets Extension) for SSL. For whatever reason, OpenSSL is measurably faster than JSSE. If you are fronting Tomcat with a web server which terminates SSL itself, then I see no particular reason to use the connectors over the NIO connectors. (Note that you can still use APR for its entropy capabilities even if not using it for SSL. You'll get session ids coming from OpenSSL's random source instead of Java's. I'm not sure that matters too much.) - -chris Understood. Thanks Chris! -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTF0qNAAoJEBzwKT+lPKRYkIUQALqutaNWH1pLL1Gg89RgHyb+ 01ORV9O6q2fwtsIgW5WPurZr6gJAcf8K2C1bAkE6WCudgLrHjaTwQtb5peWFqHr0 IiCLa2bVxkDXDPFy5ESViPTML6UPiOHBXa707ZAK3vzRB5jy6fHbqMVvPBRx4CzD T0jKAqU9Odj38QBaUWvCi1BNgc0J5i4OyXBDNJmchyB0G6tN29vYo9zpaUnl972e 4qLzmWEGBzUnQ6y2zTga2fOZQJ4Lu5hQCLYmoCM84sU1Xl9BjHJ1Tn1mWm7jEm7V zMlIgFlJ/y65AUCqSRerMO5V5y4N+44CeQ2WV5v3hes4htAqRV7BFOgCfQW8e6Ng oqn4KLQU81rCOsN61tQIv1j17wkP6vux9WbaDScr+UVfjFZgdygaZvOLkmDs/bXG +b3DNsGVswOU4it2Y/cp6NAzwWDQfdfQUYDn9U/XOi9MnYSXNf+2dorTqnUhZ3Y7 mbxrCFpwKdbgXTkvs1UPwOZVhJ8dBuno/HofKuqbd+s9SkF/eXZNdyWolRUQ8sdK KFWgByHW+18IM1RiBieu9/iGA1U4nUz0HvLo0UxXpN1GAXO/67/Hv2h/LiqB/tQh yVFbvEZV5bR64D9FoPFReGQG4as2NBfIrbFz4XhqHwps5DDYm7WsS4hK87PE7fNC qeyeWruqGubsZfwDrfft =ihsJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Optimization on simple requests
On Tue, Mar 4, 2014 at 1:54 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 3/4/14, 1:17 PM, John Smith wrote: Tomcat 7.0.42 on RHEL6. Assume that Tomcat is serving only one jsp page. Say it just rewrites a parameter value from the querystring to the html within the jsp. Also assume that there are ~200,000 users attempting to access that page - say almost simultaneously. What are the most relevant optimizations I can make to a single instance of tomcat for this scenario? So you want the highest-performance solution to the above scenario? As for Tomcat configuration, I would use the NIO connector with a large number of max connections (you'll have to see what practical size to give it) and a large number of threads in your thread pool (i.e. executor). NIO gets you the benefit of not blocking waiting for a second (or third, etc.) keepalive request to arrive over a connection before that thread can be used to do some real work. If all connections are Connection:close then this is less of an issue. If you have a big, beefy CPU relative to your Internet connection's bandwidth, you should probably enable compression on the connector: that will help you push bytes back to the client faster. You'll have to test whether or not this actually helps you in your particular situation, because you are trading CPU time for I/O time. Define only one Host element in your server.xml, and name it whatever your public hostname is: there is a slight optimization in the mapper that works slightly faster if you have exactly one Host element, and if that name matches the Host header from the request. (There is an even faster case for where there are no elements in the host list, then the default is used, but I'm not sure how to get a zero-element host list and yet still have a default host). Don't add any Valves or Filters that you don't absolutely need. I would remove any intermediate proxies that don't absolutely need to be there (like Apache httpd, Microsoft IIS, nginx, etc.). Tomcat itself comes fairly well-configured for performance out of the box (except for the use of the BIO connector, which gets the job done and it very stable and reliable, but certainly does not win any speed contests). If you want to optimize the hell out of the experience, you'll want to dump JSP: there's a lot of setup that goes into creating the environment in which a JSP page runs, and you don't mention that you need any of it above. If you just need to write HEADER + some value from query string + FOOTER, then try to do that all in 3 I/O writes, like this would be in a servlet: static final String HEADER = htmlheadtitleMy Fast Page/title/headbodyh1My Fast Page/h1pYour parameter value is i; static final String FOOTER = /i/p/body/html; void doGet(request, response) { ServletOutputStream out = response.getOutputStream(); out.print(HEADER); out.print(request.getParameter(key)); out.print(FOOTER); } To save network bandwidth, remove any non-essential whitespace from your text as I have done above. +1 Chris. What about, also, a servlet/filter to set header for caching resources on the client for some period of time (if/when applicable)? :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTFiFPAAoJEBzwKT+lPKRYR5wP/iiaEcMIFxKBE9Rr9EP6ZhA+ +fxznQ1QED232LlhvAAcAiAjnOOv/dzLxmC62dai9EZoV0/24WcMpYaEjaRo2jZu jIyeGb4Dn4ommJj7aPG+yesPRRTBY6j23SIauWbnRNBCggn/YCpOnjERuUHPtjMO G4kDeZaHGGjfirwTuPYCKxiKlYow6C4H8HUzLH84BvuktPPCgO16qbtCSCI0st+b av4pza4lzKSO3YsjS3PBNa7eI9q7zvLYqTeB7TziyLq7Jf5OOWPL73qUVJUgb54A M6GzvsdIYWHCigGZff0iHT3oNbDEteSVK7TPLP8+XzI8x8F+xsn5G8yv5wXhStDH 44g2E2hZLwLhaaSiJqtxKGb2kTwoJA+CX33MnbngOkMGUO7SmRMlkx77d08GiYoA uvOKep8zz7R4Is8EZu5sdzUQSxPx2Y59uzQNMiBeER47d+hfu4aOl241QUrN2osO NsddzzXB6i9auvdhDdGUkNwbT2Iy8NtMKPBUvM+LWz2GC+8+/WyVeRjhQ5N3BUwc 5YHCKrHVEgZR/NO7j6HvsqXBdUnbt8JNFp0O6XtkCUtlilDabki50wIqVXn/jEmc rG9YJKYDFDQdxJSEnpeZEw5+iDmORkSyIOEMw5htqVCCgeBRp2jeATVWKpdcM76G EJD/P6bdni3Vj7kthhjs =ADJI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
On Mar 4, 2014 2:49 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: Howard, My connector config is the following (i've already posted that): Connector port=8443 maxHttpHeaderSize=8192 maxThreads=15000 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true compression=off SSLCertificateFile=/opt/tomcat/mycompany.com.crt SSLCertificateKeyFile=/opt/tomcat/mycompany.com.key / Okay, thanks. Also -Dhttps.protocols=TLSv1 option is passed to java machine The reason for me to use apr connector is https performance, isn't NIO much slower in that? Chris recommended NIO. I'll let him answer your question. Regards, Dmitry Batiyevskiy Ardas Group Inc. www.ardas.dp.ua 2014-03-04 2:04 GMT+02:00 Howard W. Smith, Jr. smithh032...@gmail.com: On Mon, Mar 3, 2014 at 11:22 AM, Christopher Schultz ch...@christopherschultz.net wrote: Dmitry, On 3/3/14, 6:06 AM, Dmitry Batiyevskiy wrote: Can you advice how we can find the problem in app/environment like this? What are possible ways to debug this? Honestly, I'd try switching to the NIO connector and resume your testing. If all is well, it may point to a bug in the APR connector and/or tcnative itself. If you are having similar problems with the pure-Java connectors, then the problem is likely something you are doing in your application that is causing an invalid state. You'll probably get better information from the Java stack trace than from an assertion-failure. Give that a try and let us know how things go. +1 Chris I have found much /continued/ success using NIO connector across tomcat and atmosphere versions.
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
On Thu, Feb 20, 2014 at 11:00 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: We have upgraded tomcat 7.0.42 to 7.0.50 We have an app which is built around atmosphere framework and uses websockets After upgrade tomcat instance which has only this app dies in few hours after deploy (the whole java process dies) How did you configure atmosphere? which version of atmosphere are you using? can you share your web.xml (atmosphere config)? which atmosphere-related dependencies? is atmosphere-related dependencies in tomcat/lib or in your WAR file?
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
On Mon, Mar 3, 2014 at 6:26 AM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: On Thu, Feb 20, 2014 at 11:00 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: We have upgraded tomcat 7.0.42 to 7.0.50 We have an app which is built around atmosphere framework and uses websockets After upgrade tomcat instance which has only this app dies in few hours after deploy (the whole java process dies) How did you configure atmosphere? which version of atmosphere are you using? can you share your web.xml (atmosphere config)? which atmosphere-related dependencies? is atmosphere-related dependencies in tomcat/lib or in your WAR file? also, are you specifying servlet 3.0 (or 2.5) in your web.xml? can you copy/paste that config as well?
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
On Mon, Mar 3, 2014 at 6:41 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: Atmosphere dependencies from pom.xml: dependency groupIdorg.atmosphere.extensions/groupId artifactIdatmosphere-gwt20-server/artifactId version2.0.2/version /dependency dependency groupIdorg.atmosphere/groupId artifactIdatmosphere-runtime/artifactId version2.0.5/version /dependency Looks good, but have you tried latest version (Atmosphere 2.1.0 runtime) ? I don't know the appropriate 'gwt' version to use with Atmosphere 2.1.0 runtime. I think you can search the atmosphere wiki or mail list, or post a mail there. I know that Atmosphere 2.0.3 had specific changes/fixes that were in-line with Tomcat 7.0.42, which supports your report that 7.0.42 is working (as expected). Dependencies are in war file okay. Atmosphere config from web.xml: servlet descriptionAtmosphereServlet/description servlet-nameAtmosphereServlet/servlet-name servlet-classorg.atmosphere.cpr.AtmosphereServlet/servlet-class load-on-startup1/load-on-startup async-supportedtrue/async-supported init-param okay, good, i was looking for the async-supported to be set, since you're using servlet 3.0. param-nameorg.atmosphere.cpr.AtmosphereInterceptor/param-name param-valuecom.mycompany.communicationengine.interceptor.SecurityContextInterceptor/param-value /init-param init-param param-nameorg.atmosphere.cpr.packages/param-name param-valuecom.mycompany.atm/param-value /init-param init-param param-nameorg.atmosphere.useNative/param-name param-valuetrue/param-value /init-param snip init-param param-nameorg.atmosphere.cpr.broadcaster.maxProcessingThreads/param-name param-value30/param-value /init-param init-param param-nameorg.atmosphere.cpr.broadcaster.maxAsyncWriteThreads/param-name param-value30/param-value /init-param /servlet /snip Jeanfrancois advised me to accept the default config/settings (for maxProcessingThreads and maxAsyncWriteThreads) instead of specifying low values like you have (30). what happens when you comment out these (atmosphere config) lines from your web.xml when using tomcat 7.0.50? maybe someone here on tomcat list can advise why your max threads settings is working with tomcat 7.0.42, but not with tomcat 7.0.50. This is top of web.xml: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 okay, good. Regards, Dmitry Batiyevskiy Ardas Group Inc. www.ardas.dp.ua 2014-03-03 13:28 GMT+02:00 Howard W. Smith, Jr. smithh032...@gmail.com: On Mon, Mar 3, 2014 at 6:26 AM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: On Thu, Feb 20, 2014 at 11:00 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: We have upgraded tomcat 7.0.42 to 7.0.50 We have an app which is built around atmosphere framework and uses websockets After upgrade tomcat instance which has only this app dies in few hours after deploy (the whole java process dies) How did you configure atmosphere? which version of atmosphere are you using? can you share your web.xml (atmosphere config)? which atmosphere-related dependencies? is atmosphere-related dependencies in tomcat/lib or in your WAR file? also, are you specifying servlet 3.0 (or 2.5) in your web.xml? can you copy/paste that config as well?
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
On Mon, Mar 3, 2014 at 9:52 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: Thanks, I will try updating atmosphere and/or changing maxProcessingThreads may not be completely related, but what is your maxThreads value in your Connector .../ in server.xml ? mine is below (found in tomee/conf/server.xml) Connector port=8080 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 connectionTimeout=2 acceptorThreadCount=2 redirectPort=8443 socket.directBuffer=false/ Regards, Dmitry Batiyevskiy Ardas Group Inc. www.ardas.dp.ua 2014-03-03 16:33 GMT+02:00 Howard W. Smith, Jr. smithh032...@gmail.com: On Mon, Mar 3, 2014 at 6:41 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: Atmosphere dependencies from pom.xml: dependency groupIdorg.atmosphere.extensions/groupId artifactIdatmosphere-gwt20-server/artifactId version2.0.2/version /dependency dependency groupIdorg.atmosphere/groupId artifactIdatmosphere-runtime/artifactId version2.0.5/version /dependency Looks good, but have you tried latest version (Atmosphere 2.1.0 runtime) ? I don't know the appropriate 'gwt' version to use with Atmosphere 2.1.0 runtime. I think you can search the atmosphere wiki or mail list, or post a mail there. I know that Atmosphere 2.0.3 had specific changes/fixes that were in-line with Tomcat 7.0.42, which supports your report that 7.0.42 is working (as expected). Dependencies are in war file okay. Atmosphere config from web.xml: servlet descriptionAtmosphereServlet/description servlet-nameAtmosphereServlet/servlet-name servlet-classorg.atmosphere.cpr.AtmosphereServlet/servlet-class load-on-startup1/load-on-startup async-supportedtrue/async-supported init-param okay, good, i was looking for the async-supported to be set, since you're using servlet 3.0. param-nameorg.atmosphere.cpr.AtmosphereInterceptor/param-name param-valuecom.mycompany.communicationengine.interceptor.SecurityContextInterceptor/param-value /init-param init-param param-nameorg.atmosphere.cpr.packages/param-name param-valuecom.mycompany.atm/param-value /init-param init-param param-nameorg.atmosphere.useNative/param-name param-valuetrue/param-value /init-param snip init-param param-nameorg.atmosphere.cpr.broadcaster.maxProcessingThreads/param-name param-value30/param-value /init-param init-param param-nameorg.atmosphere.cpr.broadcaster.maxAsyncWriteThreads/param-name param-value30/param-value /init-param /servlet /snip Jeanfrancois advised me to accept the default config/settings (for maxProcessingThreads and maxAsyncWriteThreads) instead of specifying low values like you have (30). what happens when you comment out these (atmosphere config) lines from your web.xml when using tomcat 7.0.50? maybe someone here on tomcat list can advise why your max threads settings is working with tomcat 7.0.42, but not with tomcat 7.0.50. This is top of web.xml: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 okay, good. Regards, Dmitry Batiyevskiy Ardas Group Inc. www.ardas.dp.ua 2014-03-03 13:28 GMT+02:00 Howard W. Smith, Jr. smithh032...@gmail.com : On Mon, Mar 3, 2014 at 6:26 AM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: On Thu, Feb 20, 2014 at 11:00 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: We have upgraded tomcat 7.0.42 to 7.0.50 We have an app which is built around atmosphere framework and uses websockets After upgrade tomcat instance which has only this app dies in few hours after deploy (the whole java process dies) How did you configure atmosphere? which version of atmosphere are you using? can you share your web.xml (atmosphere config)? which atmosphere-related dependencies? is atmosphere-related dependencies in tomcat/lib or in your WAR file? also, are you specifying servlet 3.0 (or 2.5) in your web.xml? can you copy/paste that config as well?
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
On Mon, Mar 3, 2014 at 6:41 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua wrote: init-param param-nameorg.atmosphere.useNative/param-name param-valuetrue/param-value /init-param also, i wonder what your test results will be if you comment out the lines above from your web.xml.
Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed
On Mon, Mar 3, 2014 at 11:22 AM, Christopher Schultz ch...@christopherschultz.net wrote: Dmitry, On 3/3/14, 6:06 AM, Dmitry Batiyevskiy wrote: Can you advice how we can find the problem in app/environment like this? What are possible ways to debug this? Honestly, I'd try switching to the NIO connector and resume your testing. If all is well, it may point to a bug in the APR connector and/or tcnative itself. If you are having similar problems with the pure-Java connectors, then the problem is likely something you are doing in your application that is causing an invalid state. You'll probably get better information from the Java stack trace than from an assertion-failure. Give that a try and let us know how things go. +1 Chris I have found much /continued/ success using NIO connector across tomcat and atmosphere versions.
Re: Newbie Help - Up and Running with Tomcat on Windows
On Tue, Feb 25, 2014 at 7:55 AM, Daniel Mikusa dmik...@gopivotal.comwrote: It might be something as obvious as not having Java EE installed separately. Perhaps Tomee+ will provide all that is needed. What specifically do you need? Tomcat is not a full JEE container. It implements the Servlet, JSP, EL and WebSockets specs. http://tomcat.apache.org/whichversion.html If you need more then you could look at something like Apache Tomee or Apache Geronimo. +1 i agree, if you need full JEE container, my recommendation is TomEE. When I was trying to migrate from Glassfish to tomcat, i found it very difficult to run my Java EE (JSF) web application via Tomcat 7. I had to search for JARs and place them in tomcat/lib folder. Even after locating some JARs and placing them in tomcat/lib folder, I failed to run my JSF web aplication via tomcat7. I have seen (many) others have success running their Java EE (JSF) web application via tomcat7. After multiple failed attempts in late 2012, trying to run my JSF web application in tomcat 7, I downloaded tomee, emailed my questions to tomee user list, and finally, i had success running my JSF web application via tomee (which is tomcat + java EE, etc...). I don't recommend using Geronimo. I think Geronimo effort/development/maintenance has transitioned to TomEE. Again, I definitely recommend TomEE, and tomee user list is just as helpful as tomcat user list. many of your tomcat-related questions can/should be asked on tomcat list. FYI, I have been using NetBeans 7.2+ to start/stop TomEE via NetBeans/tomcat7 plugin. I usually build WAR via NetBeans, and drop my WAR in tomee/webapps folder. On my development PC/server, I use NetBeans to start/stop TomEE server, and on my production server, I use tomcat7w.exe (or the equivalent that is installed in tomee/bin folder) to install/start/stop the tomcat7 (or tomee) Windows Service on my Windows Server 2003/2008 server. My development server is Windows Server 2008 (Vista version), and my production server is Windows Server 2008 (Windows 7) version. I would assume that you should have no issues using Windows 8.x; i really don't have any experience with Windows 8.x though.
Re: Newbie Help - Up and Running with Tomcat on Windows
On Tue, Feb 25, 2014 at 10:30 AM, Daniel Mikusa dmik...@gopivotal.comwrote: On Feb 25, 2014, at 10:13 AM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: On Tue, Feb 25, 2014 at 7:55 AM, Daniel Mikusa dmik...@gopivotal.com wrote: It might be something as obvious as not having Java EE installed separately. Perhaps Tomee+ will provide all that is needed. What specifically do you need? Tomcat is not a full JEE container. It implements the Servlet, JSP, EL and WebSockets specs. http://tomcat.apache.org/whichversion.html If you need more then you could look at something like Apache Tomee or Apache Geronimo. +1 i agree, if you need full JEE container, my recommendation is TomEE. I don't believe Tomee is a full JEE container. As I understand it, it targets the Web Profile. Apache TomEE, pronounced Tommy, is an all-Apache stack aimed at Java EE 6 Web Profile certification https://tomee.apache.org/apache-tomee.html The Web Profile is a subset of the full JEE platform. This contrasts to Apache Geronimo which targets the full JEE stack. When I was trying to migrate from Glassfish to tomcat, i found it very difficult to run my Java EE (JSF) web application via Tomcat 7. I had to search for JARs and place them in tomcat/lib folder. Even after locating some JARs and placing them in tomcat/lib folder, I failed to run my JSF web aplication via tomcat7. I have seen (many) others have success running their Java EE (JSF) web application via tomcat7. After multiple failed attempts in late 2012, trying to run my JSF web application in tomcat 7, I downloaded tomee, emailed my questions to tomee user list, and finally, i had success running my JSF web application via tomee (which is tomcat + java EE, etc...). I don't recommend using Geronimo. I think Geronimo effort/development/maintenance has transitioned to TomEE. Again, I definitely recommend TomEE, and tomee user list is just as helpful as tomcat user list. many of your tomcat-related questions can/should be asked on tomcat list. I can't comment on the fitness of either project, as I don't use them personally, but my understanding is that they are not competing projects. TomEE, like the JEE Web Profile, is simply a middle ground between Tomcat and Geronimo. Dan agree on all counts, Dan. I stand corrected, thanks. My response was not intended to show any level of competition between TomEE and Geronimo. I think both projects share committers, or the same person as lead for both projects. Recently, I learned/read that Geronimo targeted or was developed for IBM. As a TomEE user, i know that TomEE is alive and well. I don't think the same could be said about Geronimo. FYI, I have been using NetBeans 7.2+ to start/stop TomEE via NetBeans/tomcat7 plugin. I usually build WAR via NetBeans, and drop my WAR in tomee/webapps folder. On my development PC/server, I use NetBeans to start/stop TomEE server, and on my production server, I use tomcat7w.exe (or the equivalent that is installed in tomee/bin folder) to install/start/stop the tomcat7 (or tomee) Windows Service on my Windows Server 2003/2008 server. My development server is Windows Server 2008 (Vista version), and my production server is Windows Server 2008 (Windows 7) version. I would assume that you should have no issues using Windows 8.x; i really don't have any experience with Windows 8.x though. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 appears slow to process jsp pages
On Wed, Feb 12, 2014 at 9:57 AM, john.kief...@engilitycorp.com wrote: Testing Tomcat 8 I watch the console and see the Java and sql processing complete, then wait a full minute for the webpage to appear. With Tomcat 7 there is no wait. Just to verify, while composing this I opened a web page within the application and stared at a white screen for almost exactly sixty seconds. I I have used Tomcat 7.0.32+ (7.0.32, 34, 35, 37, 39, 40, 42, 47, ...) since I use TomEE, and I experienced that some time in the past. When I experienced that, I closed the browser with anticipation to break/cancel the HTTP request, and reopened browser and webapp page. Eventually, as time went on, i did not experience that anymore, and I don't see that anymore. There was 'maybe' some app changes that I made (and/or some improvements between Tomcat and TomEE), but it may have been caused by database deadlock. I'm not sure. I haven't experienced that for some months now, maybe 6+ months. you may need to change your jdbc Resource/ settings. One of tomcat committers, Christopher Schultz wrote a good article about tomcat jdbc[1] and how to configure it to meet your needs. I think i read it a few times and changed my jdbc settings sometime ago, and I think that may have solved the tomcat-request-white-page-in-browser issue/behavior that I experienced in the past. [1] http://blog.christopherschultz.net/index.php/2009/03/16/properly-handling-pooled-jdbc-connections/
Re: Clustering without Apache in the front
On Wed, Jan 29, 2014 at 10:24 AM, Christopher Schultz ch...@christopherschultz.net wrote: Now, as Chris pointed out - it would be great to design your app that it saves the intermediate work to a database or some secondary store that can be retrieved upon login again. Think shopping cart, you are shopping around, the instance goes down, you need to login again, and a nice application would persist shopping cart for you, not so nice application would not, so when logged in again - the shopping cart would be available or not :) Exactly. Our strategy - for those interested - is to include enough information in each request / form to allow users whose work is interrupted by a login to resume their workflow (in progress) after an interrupted session. This has the added benefit of allowing users to go get a cup of coffee, have their session expire, and pick-up where they left-off after a quick re-login. +1 just experienced this in an (on-the-job) online training that I'm completing. I started an online training 'session' (in a single browser) hours ago, started multitasking on-the-job, go back to the online training, and scroll down (via wheel on my mouse) a little and read the page, multitask, come back to online training, scroll down (via wheel on my mouse) more and do some more reading, and later after more multitasking, the session was closed (maybe via AJAX), and I have a 404 error in the browser. So, i close the browser, click the URL to begin/resume the online training, and the online training opens in the browser to the very exact position on the page that I was last reading. Now, that is real nice! I don't know what they are doing, but they may have some AJAX method on the client that updates database on server, and database update includes what part/position of the page I last read.
Re: unable to start Tomcat through the Windows Services panel
On Wed, Feb 5, 2014 at 2:09 PM, javier_esp...@hna.honda.com wrote: OK, this is what I see in the Event Viewer under General tab The tomcat7 service terminated with service-specific error Incorrect function.. Under Details tab, I see the following in XML view - Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event; - System Provider Name=Service Control Manager Guid= {555908d1-a6d7-4695-8e1e-26931d2012f4} EventSourceName=Service Control Manager / EventID Qualifiers=491527024/EventID Version0/Version Level2/Level Task0/Task Opcode0/Opcode Keywords0x8080/Keywords TimeCreated SystemTime=2014-02-05T19:04:06.253413900Z / EventRecordID67562/EventRecordID Correlation / Execution ProcessID=872 ThreadID=6044 / ChannelSystem/Channel ComputerTORAHMLF3DTKX1.am.mds.honda.com/Computer Security / /System - EventData Data Name=param1tomcat7/Data Data Name=param2%%1/Data /EventData /Event Can anyone tell me what that is trying to tell me? Thank you did you see anything else in the Event Viewer that occurred around the same time that this event occurred (in Event Viewer)? also, i wonder if he following can help solve this issue? - EventData Data Name=param1tomcat7/Data Data Name=param2%%1/Data /EventData
Re: unable to start Tomcat through the Windows Services panel
On Thu, Feb 6, 2014 at 11:42 AM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Thursday, February 06, 2014 10:33 AM To: Tomcat Users List Subject: Re: unable to start Tomcat through the Windows Services panel Hi. javier_esp...@hna.honda.com wrote: OK, this is what I see in the Event Viewer under General tab The tomcat7 service terminated with service-specific error Incorrect function.. Let's start from the beginning. If you don't get logfiles in the Tomcat/logs directory, then chances are that Windows does not even begin to run Tomcat, and that there is an error right at the start, when it tries to run it. So first read this : http://wiki.apache.org/tomcat/FAQ/Windows#Q11 That will explain /what/ you are actually running, when you (try to) run Tomcat as a Service in Windows, and why it is different from running Tomcat in a command window. Go ahead, read it, we'll wait right here. ... some time later : Now you know - that tomcat7.exe is a Windows executable program - it is the program which the Windows Service Manager tries to start, when you start the Tomcat7 Service - but tomcat7.exe is not really Tomcat; it is a wrapper program that runs the Java JVM which in turn runs Tomcat. And to start the Java JVM, and pass to this java JVM the appropriate parameters, tomcat7.exe reads these parameters from the Windows Registry somewhere. And to be nice, the Tomcat developers have even provided a specialised GUI editor, that allows you to view, set or modify these Tomcat Registry parameters that are used by tomcat7.exe. And that is the program tomcat7w.exe. So go ahead now, double-click on tomcat7w.exe, and look at the information it shows in the various tabs. That is probably where something is wrong. Or else what is wrong, is that the version of tomcat7.exe that you have installed, does not match the version of Windows that you are running. For example, tomcat7.exe is a 32-bit program, but your Windows PC runs a 64-bit version of Windows. Or vice-versa. Or that in the Service definition of the Tomcat7 Service, the path to tomcat7.exe is incorrect. You see that path in the first tab of the GUI. André - Good points. I'd been following this thread out of curiosity and was just beginning to think that it was obviously a service configuration error. Agreed, and I was following this thread for the same reason. I don't have the entire thread handy, and haven't looked at MarkMail, but I don't remember anyone asking the OP exactly *how* he installed the service. I had the same thought. One would assume he used the bat file that is designed to do this, since he mentions running tomcat from the console using startup.bat (a clear giveaway that he's not using the fine Windows installer package that someone spent a lot of time crafting). Honestly, I forgot all the specific details of how/when I installed tomcat/tomee as a Windows service, but I found it quite intuitive...using the .bat file approach via Windows Command Prompt. The .bat file informed me of the proper 'usage', and I easily installed tomcat/tomee as a Windows Service, via command line (or .bat file), accordingly. And I do use the tomcat7w.exe to modify java options, etc... I never have to open Windows 'Services' to start/stop tomcat/tomee.
Re: Clustering without Apache in the front
On Tue, Jan 28, 2014 at 3:42 PM, Christopher Schultz ch...@christopherschultz.net wrote: Thus I will probably never have to use clustering. Loving your responses on this topic, Chris. I do not want to hijack this thread, but i find this topic interesting, and your responses make it more interesting! Honestly, I don't need clustering (yet) in my app, but I feel as though endusers of my app will be fine in a failover situation (as you described in this thread). Endusers of my app have to login a lot since I set session expired = 15 minutes. no complaints from the endusers, because they are in and out of the app...all day, (almost) every day. the only time I really need failover is when I 'might' want to update the app's software. the app is quite stable now and not many software changes right now, so again, there's not much of a need for failover. :) still listening in on this topic. :)
Re: Clustering without Apache in the front
On Tue, Jan 28, 2014 at 8:59 PM, Neven Cvetkovic neven.cvetko...@gmail.comwrote: On Tue, Jan 28, 2014 at 3:54 PM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: Thus I will probably never have to use clustering. Loving your responses on this topic, Chris. I do not want to hijack this thread, but i find this topic interesting, and your responses make it more interesting! +1. Great discussion, as always :) Honestly, I don't need clustering (yet) in my app, but I feel as though endusers of my app will be fine in a failover situation (as you described in this thread). Endusers of my app have to login a lot since I set session expired = 15 minutes. no complaints from the endusers, because they are in and out of the app...all day, (almost) every day. Ultimately, session stickiness works great to handle load balancing (workload management), but it is not enough for session failover. In the unlikely event that the serving tomcat instance dies, the user will be sent over to the other tomcat instance (that doesn't know anything about you, i.e. doesn't have your session data), and will probably need to login again. Now, as Chris pointed out - it would be great to design your app that it saves the intermediate work to a database or some secondary store that can be retrieved upon login again. Think shopping cart, you are shopping around, the instance goes down, you need to login again, and a nice application would persist shopping cart for you, not so nice application would not, so when logged in again - the shopping cart would be available or not :) +1 (000,000,000,...) wow, thanks Neven. That was a great thought/analogy right there. As someone that uses amazon.com quite often, I do like the shopping cart feature, even though I have not recognized if my shopping cart was saved across sessions... oh, but you just jogged my memory, and a product that I looked at recently, amazon.com sent that product (and similar products) to my email... so evidently, 'interests' are persisted per user/session. 'not so nice application would not'... wow, i definitely accept that as constructive criticism. thanks. Now, if your end users can live with that scenario - that's great - no need for session replication, clustering your instances, network chatter, etc... It definitely simplifies the configuration and setup. However, if your end users (i.e. your Service-Level-Agreement / SLA) do require a proper session failover, you will need some sort of session replication to successfully implement that feature. That's not trivial and depends on the appserver (e.g. Tomcat, JBoss, WebSphere, Weblogic). Session replication is not part of the official JEE/Servlet spec, but most modern and serious appservers would provide some way of replicating sessions and clustering appserver instances. +1 definitely here for tomcat (a serious appserver). :) Now, if you could make you application stateless - you could possibly turn off the sticky sessions. Makes things very easy to scale! +1 thanks. even though my app is Java Server Faces app, I would say it is quite stateless in nature/design, since users accomplish majority of their daily tasks via one-page requests. of course, 1. one page is required to login 2. another/one page is required to search/filter/navigate-to target data that already exists in the database 3. another/one page is required to add/update data, or to take some action against that data (print data/form, email data/form to customer, etc...) and this is normal user activity; some users let their session expire after completing steps 1 and 2 above, or steps 1, 2, and 3 above. In reference to the shopping cart suggestion, I would assume that you would suggest that steps 2 and 3, above, are persisted, so users can resume previous session. :)) the only time I really need failover is when I 'might' want to update the app's software. the app is quite stable now and not many software changes right now, so again, there's not much of a need for failover. :) Excellent! Keep it simple! +1 thanks; that's my goal...keep it simple (for the endusers). :) Good luck! Neven
Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
On Fri, Jan 24, 2014 at 11:41 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 1/23/14, 11:31 PM, Howard W. Smith, Jr. wrote: Instead of downloading Linux and trying it out, on my own, I just decided to stay with Windows. it just works (for me). I'm honestly glad to hear that you are having a good experience with it. Do you manage a lot of machines, or just one or two? Just 2 servers for now. Until recently, the *NIX world didn't have great (maybe just inexpensive/free) cluster-management utilities like Puppet. I believe Windows had that capability (e.g. Tivoli) much earlier, though I think it was initially aimed at administering fleets of workstations, not servers. Extending that capability to manage servers was probably trivial. I hope things have changed, but everyone I ever knew that ran Windows Server OSs in production had scheduled rolling-reboots of their servers because things just tended to work when they did that. Otherwise, stuff would fail with some regularity (like every 3 days). It's not clear to be whether restarting the OS or restarting the application did the trick -- as we all know, most Tomcat problems are actually webapp problems. In all my time working with Linux servers, I've never had to resort to such foolishness, nor has anyone else I have known. I've had servers running for over a year without a reboot. (They usually get a reboot for certain software upgrades, so years-running servers don't really exist... or shouldn't). I have seen posts on this list about people experiencing issues with Windows updates and their tomcat/database not starting or shutting down successfully (or as expected)... i do not experience these things...at all. Yes, I did send several emails to the tomee list, asking why did my tomee/tomcat server restart at night around 3am. I, then, learned it was the automatic Windows updates that I configured. So, after I learned that it was the automatic updates and that my app shutdown properly and restarted automatically (since I configured the tomcat/tomee service to start, automatically on/after boot), and no database corruption and no errors in the log. My Java EE app and tomcat/tomee shuts down and restarts gracefully inspite/through-it all. Great! I wish you the best of luck. Thanks. At the moment, I don't have a need for cluster management, because the app performs really well, but I'm hoping to refactor the app (quite) a bit, so I can market the app to other businesses. After all that, i may need to consider cluster management, more servers etc. Also, some day, I may consider migrating to Linux. On the to-do list when I have bandwidth to do so. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4pehAAoJEBzwKT+lPKRYrMAQAJH9Jyz6V1C2Cx913B//NdKI rzSZOgBDRMLwi3eORY/cE5FJ0bW+5khP9BryIJ/AeHxY4zDyMgx8ICJot/wtI1QI Ru2hdjr+YMjE4TZmtpI9khBgKwb5HKJ7q27RQaxgN08BzH/t0tPQOmrIxO0+Z1lO mxiEw7DomEG0Xbsv4u2oAlu8GlBYOMWZ5AC4a/ag1u2k65kS/JEneLYSBNepuMlJ aIRfd4WUE+qjoykHo9uSR6XLaJEj5igozuCCrCcIL7u5NuBzeH3Gc56GGnV0V9Ye Qygpr+T0j6MS+Yza92ybng7g7QcKB6lh5maMYalnj/G/bU2I1Q4mcBtZsxsrevin NB5QJgvbZ+wZJeWQMH5h92v//zh0c8r0WZrVTF81ZYxXYo8HAwRFagKzY6qBxBeS njnXim86JBooPW1JhxYalrNgKV1pK7MxfTNkfvmK18L3ALMhf5A2qhd8Q3BIsWOQ Yi6t4JUlOGM32/3NcYcIT6/rYdIEZLOv9VEabV5WvcMQnq++ViUHjV64hWlknvCB hoRHN45ipj51vC6VRY6nq/FZ+L5gIWzb9q719sVGjwfLiFkF63biVppwYO5adWD+ pubXRs7Toxd1uYGM0bi3ruq/dL9B6m9EzIKN6nZsW4wrTWIvVNU/i0IWoNXHffJw ygFownq0oWKSG86riRfZ =6Aq+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Notification strategy for OutOfMemoryError
On Thu, Jan 23, 2014 at 8:21 PM, Christopher Schultz ch...@christopherschultz.net wrote: Glad to see my thoughts were useful. If you'd care to post your code to either the list or onto the wiki, I'm sure it would be useful to someone. +1 I love it when others share code, and thanks for suggesting that Chris.
Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 1/22/14, 9:03 AM, Konstantin Preißer wrote: Hi Jeffrey, -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, 2014 10:19 PM Eureka, I finally figured it out! It was a real eureka moment, some remembrance burned its way up from my subconscious and I had the answer. Ready guys? Really surprised no one mentioned it. It was Windows F-ing Firewall! Good to hear that you could find and solve the problem. (Off topic:) I HATE WINDOWS!! What I can't quite understand is, how one can hate Windows or its F-ing firewall, if they just do what they were configured to do... ;-) When setting up the Windows Firewall, I normally only create rules for specific (TCP) ports, not for specific executables, so that the firewall allows connections to a TCP port regardless of what the name or path of the executable is. Actually, as surprising as it can sometimes be, I find that the Windows firewall is better than iptables *because* it /can/ do things like this. You can make your system a bit safer. For instance, if your server is compromised (yes, I know, once you're owned, you're owned) and the attacker installs some malware of some kind, that malware will not be able to bind to a port or even make outgoing connections, even on standard outgoing ports -- for instance HTTP. Lots of malware connects to external CC servers to give instructions, and the Windows wirewall makes it easy to prevent that from happening even when ports like 80 are used -- and typically left wide-open on servers. - -chris +1 chris, and for these reasons/features (and more), I LOVE WINDOWS (SERVER 2008)!!! :)
Re: [OT] Out of memory exception - top posting
On Thu, Jan 23, 2014 at 2:08 PM, André Warnier a...@ice-sa.com wrote: Either people don't read the rules, or they do not understand the rule, or they just ignore it. I agree. As a tomcat/tomee user, I joined the list, primarily, to listen in on topics (that interest me), so I learned, very quickly, that top-posting is not preferred, here. Anyway, it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. Actually, it seems as though (tomcat lead) Mark Thomas (and others) have been quite tolerable of recent top-posting, and still offer advice and responses (sometimes) without the inevitable, 'don't top post' phrase/response. +1 for those always and/or unconditionally providing support to tomcat users. Also, gmail makes it easy for me to honor the rule against top-posting.
Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
On Thu, Jan 23, 2014 at 10:07 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 1/23/14, 9:05 PM, Howard W. Smith, Jr. wrote: On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 1/22/14, 9:03 AM, Konstantin Preißer wrote: Hi Jeffrey, -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, 2014 10:19 PM Eureka, I finally figured it out! It was a real eureka moment, some remembrance burned its way up from my subconscious and I had the answer. Ready guys? Really surprised no one mentioned it. It was Windows F-ing Firewall! Good to hear that you could find and solve the problem. (Off topic:) I HATE WINDOWS!! What I can't quite understand is, how one can hate Windows or its F-ing firewall, if they just do what they were configured to do... ;-) When setting up the Windows Firewall, I normally only create rules for specific (TCP) ports, not for specific executables, so that the firewall allows connections to a TCP port regardless of what the name or path of the executable is. Actually, as surprising as it can sometimes be, I find that the Windows firewall is better than iptables *because* it /can/ do things like this. You can make your system a bit safer. For instance, if your server is compromised (yes, I know, once you're owned, you're owned) and the attacker installs some malware of some kind, that malware will not be able to bind to a port or even make outgoing connections, even on standard outgoing ports -- for instance HTTP. Lots of malware connects to external CC servers to give instructions, and the Windows wirewall makes it easy to prevent that from happening even when ports like 80 are used -- and typically left wide-open on servers. - -chris +1 chris, and for these reasons/features (and more), I LOVE WINDOWS (SERVER 2008)!!! :) It's firewall notwithstanding, Microsoft Windows is a really terrible server OS. At least Powershell gave admins the capability to do things without having to use a GUI for every damn thing, but there is just too much BS in a Windows box for me to ever consider it for a server. You are definitely entitled to your opinion and OS preference. Since majority of my experience has been Windows (and even though I love being a keyboard user and hate to operate a mouse), the GUI does not bother me, since I have learned to use keyboard shortcuts to help me operate Windows apps (or GUI, as you call it), been doing those keyboard shortcuts for almost 20 years now. :) Add to that the fact that you have to pay insane license fees, though you would also have to do that I suppose if you used SCO, AIX, etc. Solaris, BSD, and Linux are all free and have entire ecosystems that aren't dominated by the closed-source paradigm. Actually, I have found Linux to be 'attractive', since it is 'free' and since there is less GUI and more command-line there. I had some exposure to Linux and Unix in the past, and I fell in love with UNIX just before I graduated from college, and it was at that point that I made that statement, I can see myself doing this (SPARC machine, Unix OS, and keyboard, programming etc...) for the next 5 to 10 years (as a career)...I was really in love with the keyboard (most of all, in the computer lab). :) Instead of downloading Linux and trying it out, on my own, I just decided to stay with Windows. it just works (for me). And I usually only need 1 or 2 client access licenses (CALs) per server, since I am the primary person that remotely access the server. The servers are primarily used as file servers, until recently, when I developed my first Java EE web application within the last 2 years, so now 1 of the 2 Windows servers are used only as a web (app) server. I hope things have changed, but everyone I ever knew that ran Windows Server OSs in production had scheduled rolling-reboots of their servers because things just tended to work when they did that. Otherwise, stuff would fail with some regularity (like every 3 days). It's not clear to be whether restarting the OS or restarting the application did the trick -- as we all know, most Tomcat problems are actually webapp problems. In all my time working with Linux servers, I've never had to resort to such foolishness, nor has anyone else I have known. I've had servers running for over a year without a reboot. (They usually get a reboot for certain software upgrades, so years-running servers don't really exist... or shouldn't). I have seen posts on this list about people experiencing issues with Windows updates and their tomcat/database not starting or shutting down successfully (or as expected)... i do not experience these things...at all. Yes, I did
Re: Getting 404 before the container starts all servlets
On Sat, Jan 11, 2014 at 4:40 AM, Mark Thomas ma...@apache.org wrote: On 10/01/2014 23:08, Adrian Tarau wrote: I tried with 7.0.47 and I still get 404 regardless of the the state of bindOnInit. Tomcat doesn't serve *any* requests until everything (including applications) has started up. bindOnInit only controls when it starts accepting connections. You should only see any response (including 404s) once all the applications have reported that they have started. From what you describe it appears that your application is continuing to do some initialisation after it has reported it is started. Servlets do use lazy init by default but a request to a servlet should not complete until after the servlet has finished initialising. All the indications are that the 404s you are seeing are a result of how your application is designed. +1, and well said, Mark!
Re: exception-message header reveals path to document root in 404 response.
On Fri, Jan 10, 2014 at 7:02 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: Here's Tomcat's standard 404 response: HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1027 Date: Fri, 10 Jan 2014 23:59:34 GMT Wow, when I saw this last night, I shook my head and said to myself, Server: Apache-Coyote/1.1 this may be one of the reasons why my server/web-app are subject to repeat-offender attacks from certain/few IP addresses in China/Vietnam. I never new that a 404 would expose the server name (apache coyote). I guess/assume that once they see that server name in the 404 response, some of those bots continue to try and try.
Re: exception-message header reveals path to document root in 404 response.
On Sat, Jan 11, 2014 at 9:01 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: Re: exception-message header reveals path to document root in 404 response. Wow, when I saw this last night, I shook my head and said to myself, Server: Apache-Coyote/1.1 this may be one of the reasons why my server/web-app are subject to repeat-offender attacks from certain/few IP addresses in China/Vietnam. For the truly paranoid (to quote from the docs), look at the server attribute of the Connector element: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html +1 and LOL. server Overrides the Server header for the http response. If set, the value for this attribute overrides the Tomcat default and any Server header set by a web application. If not set, any value specified by the application is used. If the application does not specify a value then Apache-Coyote/1.1 is used. Unless you are paranoid, you won't need this feature. Thanks Chuck for the response and for quoting the user guide. I have not set 'server' on the Connector and still have no need of setting the 'server' attribute. Nice to know that that is available. :)
Re: Error when performing a reset of the server
Chuck, On Wed, Jan 8, 2014 at 6:58 PM, Chuck Johnson chuck.john...@simpson.eduwrote: I haven't had the error occur when I have had to restart the Tomcat server, my co-worker is the person who has experienced it and my understanding is that it happens when she attempts to perform a reset and the only way that she resolves it is to reboot the windows server. That says it all right there. You (and/or your user) have success. your coworker (and/or her user (ID/acct/profile)) does not have success. your coworker 'only' has success when she restarts windows server. when restarting the windows server, the service must be configured to 'automatic', and a clean restart usually = clean (re)start of tomcat...I would assume. This answer[1] on stackoverflow may hint on a solution and/or cause of the error that your coworker is experiencing. I have tomcat 7.0.47 (via tomee+) running on Windows 2008 R2 64-bit with jdk1.7.0_45, and I only login to the server with one user ID, and I use tomcat7w.exe to start/stop service, manually, but service is configured to start automatically when server is (re)started. The user ID that I always use...was also responsible for adding tomcat/tomee as Windows service. Who or what user (ID) usually has success start/stopping tomcat manually via tomcat7w.exe or via Windows Services window/app? Was your coworker able to start/stop tomcat in the past with no issues? if so, what changed? new install of tomcat? new config of tomcat? different user (ID) added tomcat as windows service? ... [1] http://stackoverflow.com/a/19710121/933054
Re: [OT] Garbage Collectors
On Wed, Dec 18, 2013 at 6:11 PM, Christopher Schultz ch...@christopherschultz.net wrote: 1. What JVM are you using? Answer: [X] Sun/Oracle/OpenJDK Java 1.7 2. What kind of web application are you running? Answer: [X] A moderately busy web site (1M requests/mo/server) 3. What is your total heap size? -Xms4096m -Xmx4096m -XX:MaxPermSize=384m (will share this as well, just because) but I think I can change to -Xms/-Xmx1250m, because heap used seem to max out at (+/-)1024m. 4. Are you explicitly specifying a Garbage Collector? If not, just say so and skip the rest of the questions. -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled 5. What led you to use [GC X] instead of the JVM's default collector? I've seen CMS recommended almost any/everywhere. 6. Did you do any actual performance testing to see if the switch from the default to [GC X] made any difference? No. 6. Have you spent a lot of time tuning [GC X]? A little...over time. I primarily adjusted -Xms/-Xmx a few times. 7. Did your tuning exercise yield any useful results? Yes. I don't experience OutOfMemory exceptions, and app runs just fine. 8. Did your users notice any difference after you implemented [GC X], or just your own load-testing team? No. My app has been configured to use CMS ever since the beginning of time/production. If you think there's anything else I should know about your experience with [GC X], please let me know. To answer #4, I searched google, and found this[1], and that helped me answer your question. :) I am sure that I can lower my -Xms/-Xmx4096m heap size, but with 32GB of RAM on the server, i'm not really pressed to do so. The server is used just for the app. [1] http://www.cubrid.org/blog/textyle/428187
Re: [OT] Garbage Collectors
On Wed, Dec 18, 2013 at 6:57 PM, Leon Rosenberg rosenberg.l...@gmail.comwrote: On Thu, Dec 19, 2013 at 12:51 AM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: On Wed, Dec 18, 2013 at 6:11 PM, Christopher Schultz ch...@christopherschultz.net wrote: 3. What is your total heap size? -Xms4096m -Xmx4096m -XX:MaxPermSize=384m (will share this as well, just because) but I think I can change to -Xms/-Xmx1250m, because heap used seem to max out at (+/-)1024m. Don't, GC works best if used heap is half of allowed heap. So keep at least 2G (You know that you can specify 4G instead of 4096M, right? :-)) Thanks Leon. I have been considering changing it to 2048M (or 2G, as you say). No, I didn't know I could specify '4G'. :)
Re: What if my database is unavailable at startup?
OP, On Fri, Dec 13, 2013 at 2:24 PM, Dames, Kristopher J kristopher.da...@mercy.net wrote: I use tomcat 6 and have noticed if a database is not available when tomcat starts, tomcat will not try to connect once the database becomes available. Tomcat must be restarted to establish the database connection. What are best practices regarding this? Is there a way in tomcat to get it to automatically retry so I don't have to restart tomcat? I use DBCP but am willing to try some other pool. Barry, On Fri, Dec 13, 2013 at 4:59 PM, Propes, Barry L barry.l.pro...@citi.comwrote: I use DBCP and Oracle as well, and am also on Tomcat 6 - 6.0.26. Take a look at mine, as I have NO trouble with it, and see if you can configure it similarly with success. NOTE - remove those other two parameters that Jose mentions in a prior email. Resource auth=Container description=mytomcatapp name=jdbc/myoracle type=javax.sql.DataSource driverClassName=oracle.jdbc.driver.OracleDriver username=username password=password url=jdbc:oracle:thin:@cgnrdb1p:1648:SERVNAME maxIdle=30 maxWait=1 maxActive=10 testOnBorrow=true timeBetweenEvictionRunsMillis=-1 minEvictableIdleTimeMillis=28800 poolPreparedStatements=true removeAbandoned=true removeAbandonedTimeout=300 logAbandoned=false/ are you suggesting that your (or a correct(ed)) Resource will solve the problem stated in OP (above)? can/should we assume that your URL is referencing a database on a different machine, same network/intranet/LAN? url=jdbc:oracle:thin:@x.y.com:1521:x it seems as though OP is referencing a database somewhere on the 'internet'.
Re: Pooled Connections Lost After 10 Minutes (600 seconds)
Alec, Dan, and Chris, On Wed, Dec 4, 2013 at 1:01 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dan, On 12/3/13, 12:32 PM, Daniel Mikusa wrote: On Dec 3, 2013, at 12:14 PM, Tomcat Random tomcat.ran...@gmail.com wrote: I considered using a validation query but it seemed like extra overhead when the default behavior was not, um, behaving in the default way. The overhead is typically minimal. Running SELECT 1 or some other very simply query is not likely to bring your database to it's knees. It might add a small amount of latency as the pool will need to execute the query before it give the connection to your application, but that's likely to be dwarfed by whatever your application does with the connection after it gets it. If you are concerned you can do a couple things to make the process even more lightweight. 1.) With MySQL and use /* ping */ SELECT 1 as the validation query. This is a special case with the MySQL JDBC driver that uses even less resources. +1 We use this everywhere. I've never actually benchmarked it, but since it does not execute a query on the server, it pretty much has to be faster by any measure. 2.) You can use the tomcat-jdbc connection pool which has a validationInterval setting. This will ensure that the validation query is only executed one time during the specified time interval. I haven't moved to tomcat-pool yet, but this was my initial reaction to Alec's question about usually not needing the validation query. ...or you can go without a validation query, but it's not something I would recommend and not something I see done very often. The minimal overhead is usually worth knowing that you get a valid connection from the pool. +1 If you don't use a validation query, you need additional try/catch blocks around all your getConnection() calls, and a loop to re-try just in case the first connection was bad. I think without a validationQuery, your pool will effectively dry-up over time. +1 interesting topic and responses. Thanks! Since I'm using TomEE, tomcat jdbc pool is default, and below is the config. Resource id=jdbc/dbJta type=javax.sql.DataSource JdbcDriver org.apache.derby.jdbc.EmbeddedDriver JdbcUrl jdbc:derby:X:/myPathToMyDB;create=true UserName Password JtaManaged true jmxEnabled true InitialSize 10 MaxActive 30 MaxIdle 20 MaxWait 1 minIdle 10 suspectTimeout 60 removeAbandoned true removeAbandonedTimeout 180 timeBetweenEvictionRunsMillis 3 jdbcInterceptors=StatementCache(max=1024) /Resource As you can see, I am one of those rare cases that Dan mentioned...not using validationQuery. Not so much intentional, but I'm still somewhat novice as tomcat user. With that said, I have not had the need to add try/catch to ensure I get a good connection from the pool. I don't have high traffic coming to my web app, but there are times when multiple users are using the app, and I see absolutely 'no' connection issues (ever), and performance is quite good/sound as well. So, I do hear the recommendations, in this thread, about validation query, but my app has not told me yet...that it needs the validation query. :)
Re: [OT] Symantic has a first tomcat worm ;-)
On Tue, Nov 26, 2013 at 5:53 AM, André Warnier a...@ice-sa.com wrote: So yes, by any means, have the Manager disabled by default, even when subsequently enabled restrict it by default to localhost, ... +1
Re: Java +GC question
On Sun, Nov 24, 2013 at 7:15 PM, André Warnier a...@ice-sa.com wrote: Caldarale, Charles R wrote: From: André Warnier [mailto:a...@ice-sa.com] Subject: Java +GC question java version 1.6.0_26 Do we need to tell you to upgrade? Whatever happened to the Never change a running system ? I usually hear it said like this, if it ain't broke, then don't fix it. :)
Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
On Mon, Nov 11, 2013 at 5:41 AM, André Warnier a...@ice-sa.com wrote: Howard W. Smith, Jr. wrote: On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: Caused by: java.net.SocketTimeoutException at org.apache.tomcat.util.net.NioBlockingSelector.write( NioBlockingSelector.java:127) at org.apache.tomcat.util.net.NioSelectorPool.write( NioSelectorPool.java:174) at org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket( InternalNioOutputBuffer.java:163) my apologies, based on this exception (above), I decided to provide you with the following from my tomee/conf/server.xml: Connector port=8080 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 connectionTimeout=2 acceptorThreadCount=2 redirectPort=8443 socket.directBuffer=false/ I guess the answer may be the connectionTimeout=... (above), but still would like to know recommendations of others based on experience with web application serving mobile clients. thanks. AFAIK, the connectionTimeout above applies specifically to this : - the client opens a TCP connection to the server - but then the client does not send any request over that connection (so the server waits and waits, until that timeout strikes). This is a classic way of doing a DoS attack : many clients connect and don't send a request (or do it very slowly), tying up server resources until the server is overwhelmed. In some Connector configurations, this does not necessarily tie up a Thread (only a TCP socket), but it does have the potential to tie up limited resources. The value of 2 above is in milliseconds, so after a connection is established, the server will wait up to 20 seconds for a request to be received. I would not expect nowadays that any client, on any type of connection, would take that long to send a request on an established connection. So I would certainly not make it larger, and you can probably reduce it significantly, and save resources. Great, thank you! I left it as-is and given the situation (which I communicated earlier), I saw no need to increase the connectionTimeout value. Noted your recommendation about decreasing the value...for now. thanks again!
Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
On Mon, Nov 11, 2013 at 10:23 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, I might recommend using a Filter like this: filter() { try { chain.doFilter(); } catch (SocketTimeoutException ste) { application.log(Got STE for request + request.getRequestURI() + with client + request.getHeader(User-Agent)); } } ... or something like that. It might help uncover patterns in dropped connections. agreed, i decided to do this (below) yesterday evening (to prevent the stacktrace in the log file; noted your recommendation/usage of catching SocketTimeoutException, thanks), try { chain.doFilter(req, res); } catch (org.apache.catalina.connector.ClientAbortException e) { logger.error(caught org.apache.catalina.connector.ClientAbortException: + e.getMessage()); } since I already know the culprit(s); see details/explanation, below. Maybe Igor is right and the problem is some browser (e.g. MSIE 8) and not necessarily mobile clients. it is the mobile device phone/internet connection that is lost, recycled, recovered (or however you want to explain it). see below (and saved a copy on gist[1], too). user1 (iPad, internal verizon wireless 4G phone/internet connection) connects and accesses login.xhtml page 70.215.84.34 - - [09/Nov/2013:13:08:20 -0500] GET /webapp/index.jsf HTTP/1.1 302 - 70.215.84.34 - - [09/Nov/2013:13:08:22 -0500] GET /webapp/login.jsf HTTP/1.1 200 1445 70.215.84.34 - - [09/Nov/2013:13:08:25 -0500] GET /webapp/javax.faces.resource/primefaces.css.jsf?ln=primefacesv=4.0.3 HTTP/1.1 200 10036 user1 (iPad); note localhost_access_log and tomcat7-stderr log lines below; note the request filenames, date/time, and exceptions 70.215.84.34 - - [09/Nov/2013:13:09:00 -0500] GET /webapp/javax.faces.resource/jquery/jquery.js.jsf?ln=primefacesv=4.0.3 HTTP/1.1 200 - 70.215.84.34 - - [09/Nov/2013:13:09:00 -0500] GET /webapp/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefacesv=4.0.3 HTTP/1.1 200 - Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl handleResourceRequest SEVERE: Error trying to load resource jquery/jquery.js with library primefaces :null ClientAbortException: java.net.SocketTimeoutException at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:413) Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl handleResourceRequest SEVERE: Error trying to load resource jquery/jquery-plugins.js with library primefaces :null ClientAbortException: java.net.SocketTimeoutException at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:413) user1 (iPad, different IP address) clicks Login button on login.xhtml, POST to server, successful login, server redirects to index.xhtml 70.208.164.166 - - [09/Nov/2013:13:09:52 -0500] POST /webapp/login.jsf HTTP/1.1 302 - 70.208.164.166 - - [09/Nov/2013:13:09:52 -0500] GET /webapp/index.jsf HTTP/1.1 200 7008 Nov 09, 2013 1:09:52 PM pf.ApplicationScopeBean login INFO: sessionId = user1B4584B981555A703B8E0DA189D2294F5 Nov 09, 2013 1:09:52 PM jsf.users.pf_UsersController loginUser INFO: user1 (iPad) logged in at 11/09/2013 01:09 PM user1 (iPad) GET resource, user2 initiate/GET websocket, user1 initiate/GET websocket, respectively 70.208.164.166 - - [09/Nov/2013:13:09:53 -0500] GET /webapp/resources/images/loading_circleThickBox.gif?pfdrid_c=true HTTP/1.1 304 - 166.137.105.198 - - [09/Nov/2013:13:09:53 -0500] GET /webapp/primepush/user27BF5C51CF354C1F4926B835CB7F2083E?X-Atmosphere-Transport=closeX-Atmosphere-tracking-id=f2a3916c-62a0-477e-b226-539857827c2e HTTP/1.1 200 - 70.208.164.166 - - [09/Nov/2013:13:09:54 -0500] GET /webapp/primepush/user1B4584B981555A703B8E0DA189D2294F5?X-Atmosphere-tracking-id=0X-Atmosphere-Framework=2.0.3-jqueryX-Atmosphere-Transport=websocketX-Atmosphere-TrackMessageSize=trueX-Cache-Date=0X-atmo-protocol=true HTTP/1.1 101 - [1] https://gist.github.com/smithh032772/7380812#file-2013-11-11-discussion_details-txt
Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
Using Tomcat 7.0.47 via TomEE 1.6.0 along with MyFaces 2.1.13 Recently, I have been experiencing the SocketTimeoutException when web application is serving resources to 'mobile clients'. Yesterday, user was attempting to login from mobile iPad via an internal wireless phone connection. Since my web application is accessed by mobile clients and since I started using TomEE (tomcat7 and myfaces), I have seen the 'Error trying to load resource ...' (below), but I have not seen the SocketTimeoutException until I recently started using Tomcat 7.0.47 and MyFaces 2.1.13. I saved the first occurrence (Nov 8, 2013) of this exception on gist[1] and saved Nov 9, 2013 occurrence on gist as well. I do have a web/servlet filter in place, and I assume that I can catch the SocketTimeoutException (when client is mobile) to prevent the stacktrace in the log, but this exception is 'now' being logged to tomcat7-stderr, but this SocketTimeoutException was not logged with previous versions of Tomcat 7.0.x and MyFaces 2.1.x. I assume that this is new logging behavior of MyFaces 2.1.13 (or there is something new about Tomcat 7.0.47) but I may be mistaking. Please see all below, and advise how I can prevent this exception, if I can adjust some tomcat settings to increase the socket timeout value, or recommendations about serving resources to 'mobile clients'. I'm thinking that I can increase the expiration of client resources from my web/servlet filter, so this will not occur as often. This exception does not occur everytime, but i'm sure you can understand that this 'can' happen frequently and sporadically, depending on the connection between server and mobile-device-via-wireless-phone-connection. localhost_access_log shows the follow (please note the filenames and time difference between the 1, 2, and 3rd lines below) x.x.x.x - - [09/Nov/2013:13:08:25 -0500] GET /webapp/javax.faces.resource/primefaces.css.jsf?ln=primefacesv=4.0.3 HTTP/1.1 200 10036 x.x.x.x - - [09/Nov/2013:13:09:00 -0500] GET /webapp/javax.faces.resource/jquery/jquery.js.jsf?ln=primefacesv=4.0.3 HTTP/1.1 200 - x.x.x.x - - [09/Nov/2013:13:09:00 -0500] GET /webapp/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefacesv=4.0.3 HTTP/1.1 200 - tomcat7-stderr Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl handleResourceRequest SEVERE: Error trying to load resource jquery/jquery.js with library primefaces :null ClientAbortException: java.net.SocketTimeoutException at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:413) Caused by: java.net.SocketTimeoutException at org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127) at org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174) at org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163) Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl handleResourceRequest SEVERE: Error trying to load resource jquery/jquery-plugins.js with library primefaces :null ClientAbortException: java.net.SocketTimeoutException Caused by: java.net.SocketTimeoutException at org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127) at org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174) at org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163) [1] https://gist.github.com/smithh032772/7380812
Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: Caused by: java.net.SocketTimeoutException at org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127) at org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174) at org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163) my apologies, based on this exception (above), I decided to provide you with the following from my tomee/conf/server.xml: Connector port=8080 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 connectionTimeout=2 acceptorThreadCount=2 redirectPort=8443 socket.directBuffer=false/ I guess the answer may be the connectionTimeout=... (above), but still would like to know recommendations of others based on experience with web application serving mobile clients. thanks.
Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
On Sun, Nov 10, 2013 at 5:08 PM, Igor Cicimov icici...@gmail.com wrote: In my experience SocketTimeoutException comes up in case of misbehaving browser (read IE 8 and older), i.e. the client fails to send the complete request and the socket timeout strikes. interesting, thanks. This error occurs when different endusers are accessing web application via Google Chrome on Android tablet or phone, and Google Chrome (or Safari) on iPad. You don't provide information about the Java and OS version you are running your app on since this might be related to one of them (or maybe I missed that info). my apologies, JVM: Java HotSpot(TM) 64-Bit Server VM (24.45-b08, mixed mode) Java: version 1.7.0_45, vendor Oracle Corporation OS: Microsoft Windows Server 2008 R2 64-bit For Sun Java for example you can try the following: -Dsun.net.client.defaultReadTimeout=180 which will increase the socket timeout to 30 minutes lets say if the default one is not enough in case or slow client. Another thing to check is your OS socket timeout setting, on linux systems for example: net.ipv4.tcp_keepalive_time = 300 and try adjusting it according to your needs. noted, thanks. Would love to hear some other people experiences and thoughts regarding this as well, this is really annoying one to troubleshoot. agreed/ditto. thanks for your response.
Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
On Sun, Nov 10, 2013 at 5:08 PM, Igor Cicimov icici...@gmail.com wrote: For Sun Java for example you can try the following: -Dsun.net.client.defaultReadTimeout=180 which will increase the socket timeout to 30 minutes lets say if the default one is not enough in case or slow client. Another thing to check is your OS socket timeout setting, on linux systems for example: net.ipv4.tcp_keepalive_time = 300 and try adjusting it according to your needs. Would love to hear some other people experiences and thoughts regarding this as well, this is really annoying one to troubleshoot. I like the following that was mentioned in a stackoverflow answer[1]: It just means the client isn't sending. You don't need to worry about it. Browser clients come and go in all sorts of strange ways. I wouldn't put the server read timeout too high: it ties up a thread. If a client opens a connection to the server and doesn't send anything immediately it is misbehaving pretty badly. I agree with all of that and based on that, I will not modify the NIO connectiontimeout value. I would like to prevent the stacktrace from being logged in tomcat7-stderr log file, so I think I will catch the exception in my servlet filter. [1] http://stackoverflow.com/a/17079991/933054
Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
On Sun, Nov 10, 2013 at 8:54 PM, Igor Cicimov icici...@gmail.com wrote: Also you didn't say anything about any load balancer or proxy fronting your application. It is worth checking the timeouts there as well and align them with the connection timeout on your server (in case you do use one of course). there is no load balancer or proxy fronting the web application. thanks.
Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
On Sun, Nov 10, 2013 at 8:54 PM, Igor Cicimov icici...@gmail.com wrote: There is heaps of articles and questions in various forums you're right... i searched google for ClientAbortException in tomcat nabble archive, and saw many posts.
Re: Web Service Client Response when Old Gen is 100%
On Wed, Nov 6, 2013 at 1:43 AM, Muhammad Ali Orakzai m.orak...@gmail.comwrote: I am using the following environment Windows Server 2003 32 bit How much RAM? Also, did you configure your virtual memory (or paging file) settings? Apache Tomcat 7.0.27 Others on the list will/may recommend you to upgrade to a newer version of Tomcat 7.0.x for security fixes/updates and bug fixes, but should not be necessary to fix this issue of yours. We have created a SOAP based web service which is calling 2 external SOAP services. We were getting OutOfMemoryError which was resloved by making the service object static. interesting. are you recycling or releasing memory to GC, or are you caching (or never releasing) data from your app... every time you call 2 external SOAP services? i think you may need to refactor your code/app to release memory at some point, if it's not doing that already. at your earliest convenience, read this post below: How to Fix Memory Leaks in Java[1] Now whenever the server memory reaches 100% one of the external service response is too slow (takes about 2-3 minutes). okay. Restarting tomcat resolves the issue but this issue is occurring 25-26 hours interval. i can definitely understand that this is not acceptable. I am using the following jvm settings -XX:MaxPermSize=100m -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled In my app, I use the following: -Xms1024m -Xmx1024m -XX:MaxPermSize=384m -XX:+UseTLAB -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled there are strategies on how to use -Xms and -Xmx to improve performance (and/or prevent out of memory error). you may want to research that a bit. [1] http://java.dzone.com/news/how-fix-memory-leaks-java
Re: how to reply
On Wed, Nov 6, 2013 at 9:42 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: There are too many goodies with mailing lists. The forums are lacking much. +1 I am quite active in forum.primefaces.org, and I get email alerts to my @ hotmail.com account and have to go to the primefaces forum and read/reply, but it is much much nicer having (Apache) tomcat/tomee/activemq mail lists sending emails to my @gmail.com account, and I can use the nice features of gmail from Google Chrome browser on my desktop and mobile devices and read/reply, accordingly, if interested/necessary. And gmail.com now groups 'forum' emails (optional, per your preference), so emails from Apache mail lists are grouped under the Forums tab. i'm loving all that (and more).
Re: [ANN] New committer: Konstantin Preißer
On Tue, Sep 24, 2013 at 6:20 PM, Mark Thomas ma...@apache.org wrote: On behalf of the Tomcat committers I am pleased to announce that Konstantin Preißer has been voted in as a new Tomcat committer. In addition to a number of high quality bug reports and patches, Konstantin is also responsible for the makeover the Tomcat web site and Tomcat 8 documentation has received. Please join me in welcoming him. Regards, Mark congrats Konstantin and keep up the good work!
Re: New website skin looks great
On Thu, Sep 12, 2013 at 4:28 PM, Campbell, Lance la...@illinois.edu wrote: WOW! I love the new design of the tomcat web site. It looks much more professional and refined. It is also much easier to read. The prior background colors caused the text to run together. This is so much better. I love the subtle but clear separation and grouping of information. ** +1 me too, thanks for the post.
Re: Local VisualVM connection to Tomcat
On Mon, Jul 22, 2013 at 3:10 PM, honyk j.tosov...@email.cz wrote: On 2013-06-28 Christopher Schultz wrote: On 6/27/13 5:17 PM, honyk wrote: I realized that my tomcat runs as a service but I am logged as an user and in this case the tomcat is not visible to me. I'll test it differently tomorrow. Try running VisualVM as an administrator. I've found the problem, but I have no remedy for it yet. https://java.net/projects/visualvm/lists/users/archive/2013-07/message/2 Briefly, the service uses the TMP environment variable as it is specified for the given user, but when that user is logged remotely, the suffix \session_number is added at the end of this path so these both do not match and VisualVM doesn't detect my tomcat/JVM as expected. I know Chris bashed me for this earlier (on this list), politely, and/or recommended or said something about not to login via administrator into my Windows Server 2008 R2 web app server running TomEE (tomcat7), but... in response to this thread, I login to my Windows SErver 2008 R2 web app server, always, as administrator, and yes (confirmed as Chuck mentioned earlier in this thread), The possibility of services interacting with the desktop disappeared some time ago. so, I just specify a JMX port in my java settings for my TomEE (tomcat7) running as windows service, and specify the JMX port in Java Visual VM, and voila, I think this is saved to Windows registry (or somewhere), and I always see my TomEE (tomcat7) instance when I run Java Visual VM. Of course, the JMX port is not opened on the firewall/router. i just login remotely via remote desktop connection and do what I need to do (stop tomcat7 service, update my app in tomee/webapps, and start tomcat7 service). Others may disagree, but i have found this to be quite secure and as it was said earlier in this thread... a piece of cake. :)
Re: Moving Tomcat to work externally.
On Fri, Jul 12, 2013 at 11:52 AM, Terence M. Bandoian tere...@tmbsw.comwrote: Really generous responses. That's very normal on this list. I have found Apache user lists to be very (user) friendly. :)
Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log
On Tue, Jul 9, 2013 at 2:18 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log why would the same IP address be hitting my server when 400 is the response? and they will continue attempting these CONNECT... requests until they get a 404 or what? Because they're trying to break in. Any response indicates there's something to poke around in. The 'HTTP Forbidden error' returned by RemoteAddrValve would seem to fuel future/continual attempts as well as error 400. right? True, which is why it's best just to have a firewall or the TCP/IP stack completely ignore the traffic, and not send anything back. By the time the request gets to Tomcat, the TCP connection is established, so the antagonist knows there's something there. Done. Thanks. Will continue to monitor logs, occasionally, to see if my changes, made at the firewall level, blocks the IP addresses that are repeat offenders. :) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log
On Tue, Jul 9, 2013 at 8:16 AM, Mark Thomas ma...@apache.org wrote: On 09/07/2013 12:54, Howard W. Smith, Jr. wrote: On Tue, Jul 9, 2013 at 2:18 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log why would the same IP address be hitting my server when 400 is the response? and they will continue attempting these CONNECT... requests until they get a 404 or what? Because they're trying to break in. Any response indicates there's something to poke around in. The 'HTTP Forbidden error' returned by RemoteAddrValve would seem to fuel future/continual attempts as well as error 400. right? True, which is why it's best just to have a firewall or the TCP/IP stack completely ignore the traffic, and not send anything back. By the time the request gets to Tomcat, the TCP connection is established, so the antagonist knows there's something there. Done. Thanks. Will continue to monitor logs, occasionally, to see if my changes, made at the firewall level, blocks the IP addresses that are repeat offenders. :) fail2ban is your friend The ASF uses it pretty much everywhere. Mark thanks Mark. researching that nowfor Windows Server 2008. :) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log
A few minutes ago, I just recognized the following in the localhost_access_log: 183.60.48.25 - - [08/Jul/2013:15:15:26 -0400] CONNECT tcpconn2.tencent.com:443 HTTP/1.1 400 - and then searched all localhost_access_log files and found more occurrences[1]. This is my first time seeing this type of request, but I assume it is very similar to the HEAD /... request attempts by bots/etc. Based on the 400 server response, I assume that i have nothing to worry about here, but it seems as though the same IP address is attempting these 'CONNECT ...' attempts, multiple times per day, almost every day. :( Any advise on how to handle these requests (if necessary) and/or information about these type of 'CONNECT ...' requests would be appreciated. Thanks. [1] https://gist.github.com/smithh032772/5951621
Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log
On Mon, Jul 8, 2013 at 3:40 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log 183.60.48.25 - - [08/Jul/2013:15:15:26 -0400] CONNECT tcpconn2.tencent.com:443 HTTP/1.1 400 - Any advise on how to handle these requests (if necessary) and/or information about these type of 'CONNECT ...' requests would be appreciated. Thanks. It's from somewhere in China (who'da thunk it?); you can always black list it with the RemoteAddrValve, but it will likely pop up from somewhere else. You beat me to the punch, Chuck. I thought about you when I just searched the IP database[1] for the IP address, and was about to reply again with this info, but thanks, I definitely need to blacklist that IP address. [1] https://ipdb.at/ip/183.60.48.25
Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log
Chris, On Mon, Jul 8, 2013 at 11:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 7/8/13 3:45 PM, Howard W. Smith, Jr. wrote: On Mon, Jul 8, 2013 at 3:40 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log 183.60.48.25 - - [08/Jul/2013:15:15:26 -0400] CONNECT tcpconn2.tencent.com:443 HTTP/1.1 400 - Any advise on how to handle these requests (if necessary) and/or information about these type of 'CONNECT ...' requests would be appreciated. Thanks. It's from somewhere in China (who'da thunk it?); you can always black list it with the RemoteAddrValve, but it will likely pop up from somewhere else. You beat me to the punch, Chuck. I thought about you when I just searched the IP database[1] for the IP address, and was about to reply again with this info, but thanks, I definitely need to blacklist that IP address. [1] https://ipdb.at/ip/183.60.48.25 Feel free to just drop the whole IP block with iptables or at a firewall closer to the edge of your network. Interesting. sounds like a good idea, thanks. That is, of course, unless you need to serve clients in China. definitely have no need, desire, or requirement to serve clients in China. :) why would the same IP address be hitting my server when 400 is the response? is that definitely a sign to China that a server (of some sort) is returning error 400? and they will continue attempting these CONNECT ... requests until they get a 404 or what? The 'HTTP Forbidden error' returned by RemoteAddrValve would seem to fuel future/continual attempts as well as error 400. right? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJR24h9AAoJEBzwKT+lPKRYGO4QAJVD94MNoQ3XqQ8poGA2AwfV 8E2e1XW6gPzmqAlpPv4hlwYGNWFhe7zCyixjJG2zXpC2H+g2uU4dxEpB+fQzAdLZ QqjIhLXkY+lcGJisacvvIW9bLxJxVHaRPgZ7nPiYYkomXB7xdeoG/XHdbyjzACIx niMAAYhd9hvI3K8ti8wgFmPnabMaOCVs4U9tOJa4M0GWBjlgMR32RCwB0dVBb9cw uzaXjySXqXaXXxsAIG1EbRTraVVOmaJQZHa6RK0rfG3jKdXoTJhLlcdfeQXAR/AY 3fZeMgP2JAB2ko0h2g6XdIEvW/EPJzT/wlEoLZJ7L3iWpT/7C9VfelmAgmNnxtam zPNATFRIwkrPZ0qC/Z4d7Hgogpc4G5V1rB/jJjMi3JhLQM2oUQsf2U8zprZi1MHt uDAflKl4wmnge5joQAWhp2m6+U1y4Cv47yT46hRu7A51PHBoruOUrogTTuy3HZk0 qeHFZ1OkGJdfJCocWixpJnXvLSezfTZcDs7BYGYrwXkVRgc7GTY8RcLPgv7Z/C/u sBqEk3unmnGMaNSt6V8yVls287OUKT2Q1yYyP8iDOHgMXtolQIoh87xOEOKAagol DgST7p0M0xbFgLZSYpvYyHkbjw8zuwUJa2/WW6EbIzHZ9hH4Nqoq5ByNK2uOLm/a 4D7PIkPUJuxao5PYTWdB =Ael/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: websockets questions
On Fri, Jul 5, 2013 at 3:40 AM, André Warnier a...@ice-sa.com wrote: We're still one level remote of thinking of any implementation, and trying to understand 1) how exactly websockets works Most websocket implementations (RI/glassfish, atmosphere, tomcat, etc...) are open source, so diving in the code is definitely an 'option' for understanding how websockets work. 2) if that general technology is, today, sufficently mature and stable for us to develop an application based on it, or we should wait another 6 months, a year,.. honestly, I think it is sufficiently mature, since websockets are becoming the trend (incorporated in RI/glassfish/JavaEE7, I've seen recent tomcat 7.0.35+ releases that had websocket changes, no need to mention how 'alive' atmosphere is...smile). i think it is more a question of feasibility for you and your team to join in on the trend/fun... But we are a small outfit, and the fact that Google may be using it (with a backup team of 50 developers to shore up their implementation) does not really help us. funny. google's backup team of 50 developers versus how many open source developers using/coding atmosphere, tomcat, glassfish-websockets (grizzly?). :) The reason why I put this question on the Tomcat users list is because it is a list I'm subscribed to, because I know that it is a good-quality list with little noise, because I know that Mark and Rainer are - to various degrees probably - involved in Tomcat support for websockets. +1 for the moment the general information available on websockets seems otherwise a bit scarce. true, but websocket open source code is plentiful and available. :) This being said, the information already gathered here on this list tends to vindicate my posting on it. It has already cleared up a number of points for us, and added a couple of questions which we did not think of asking. Thanks. IMO (or maybe based on fact/history), not much chatter about websockets on tomcat user list, but if you find your way to atmosphere google groups mail list, there will be plenty of chatter over there. I will not encourage you to venture over to atmosphere google groups and ask questions such as this, since I'm sure the desire/goal over there is to post topics related to 'using atmosphere and any questions/issues while attempting to use atmosphere and atmosphere's trunk (latest version(s))'. i'm definitely someone that love to use latest versions of open source software. sometime ago, when I migrated from glassfish to tomcat/tomee (so I could do websockets, um, more effortlessly in my web app), I came across the fact that Jeanfrancois (Atmosphere developer/committer) had something to do with the websocket implementation in glassfish/RI, i think it is called grizzly, but I could be wrong. I'm not as versed with glassfish/RI as I used to be..when I was a glassfish 'user'. :) FYI, at the moment, i'm not writing low level websocket client/server code; i'm using PrimeFaces Push only/entirely, which is PrimeFaces + atmosphere. :) definitely not trying to encourage you to use a certain framework; one thing I like about Tomcat list is that there is a wide range of topics that I can listen to and/or chime-in on, when interested and when feasible. :) I love this user community (mail list).
Re: websockets questions
On Thu, Jul 4, 2013 at 1:43 PM, Pierre Goupil goupilpie...@gmail.comwrote: Regarding browser support, a framework like Atmosphere handles pretty well having WebSockets when they are available and falling-back to another Comet implementation (such as long-polling or http-streaming) when they are not. agreed, but I think the goal/desire, here, is to not use Atmosphere.
Re: Tomcat 7.0.4 - Ignoring certain URLs from session timeout
On Tue, Jun 25, 2013 at 12:49 AM, Nagaraj Mandya nman...@gmail.com wrote: All requests from my client pass in the session cookie. However, I do not want the session timeout counter to get reset for certain URLs. Is your app a (JSF) web application? AJAX and Partial Page update/rendering should meet this requirement of yours.
Re: New behavior of Oracle Java 1.7.0_25: AWT thread and console icon
Chris, On Fri, Jun 21, 2013 at 12:28 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I just upgraded to 1.7.0_25 on my Mac and I noticed that when I launch Tomcat, I get a dock icon indicating that it is running. This does not happen on 1.7.0_21, the previous version I was running. Per this email of yours, I just upgraded from 1.7.0_21 to 1.7.0_25 as well, thanks for the heads up! For some reason, 1.7.0_25 triggers something launching the AWT thread (on my Mac, that's called AWT-AppKit) which causes the dock icon to be shown. Removing the dock icon is easy enough: just run in headless mode by adding this system property to CATALINA_OPTS: -Djava.awt.headless=true I have this option set as I running tomcat/tomee as a Windows service, so I'm good. Or, if you want your icon to look pretty (it is otherwise completely useless), you can use these two system properties (on Mac OS) to style it: -Xdock:name=[title of icon you want] -Xdock:icon=path to icon file to use I'm not sure what properties to set on Windows, Gnome, KDE, or any other system. Me too (and not really a concern/requirement of mine). :) Hope that helps, - -chris It does help. thanks! -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRxH86AAoJEBzwKT+lPKRYyiMQAI5wPrkQZ+z4Jd21IONaHqcH tixutzG8PC+7sff9wYR10bnPpE29x9/VdxddKPJ51Yrazf4xxr654FUKkgdP6u+5 DDRe5rlN7Quy5CVBzu9XKDRW5NHBZTlTWrTBdHPTCdXpKI7jAvDpkW750NNpnKvA 8Cq0GwC44YOm+DStp8bsZTBkONR5dbYdpNscH+r0Nw98fFrAP83bZRTQHah2ujCj urcNCwH7dZPT7WjZUcvYns5oWfsiZOCGvwKSJz5uBaS98uMbQfSfXl4FFL9fGKay OXKW73RgklaUctIH5U3rvlGd876N66ddmUTMqS07hN45ABYsixpV7VUkZsPzF30m hwl/pjf2qF07CkVJweCNdenT7NOLQ3Mx9hR4alOTTIvaMHij4/6S9YD87Fh+paiI NuqRJTLnnxBQA0PXoYLAQx/PeqvcRyeibZ/kZhdzJ4lN3qF99lfHxMjNtzHwu4xj f+tP4u9s9udZ15d0yBA1/13eD75hEUM9RBf6f5cVGmUz7jolFRCiHoHV7ETJNPei OoBOpR3/iSaLU94gWl4twMXrkKCor3HLHyvfNc7+mBA6XM+y6EYi9vHFzPuaKvcB fmkMtr7V5DcbUTm4vPCS0N6rnUxloQ+8aYi12xefZvlBWEhQcdzGIzKpKLnXbt1c ODGdKUTq0rXNJPWSxT39 =4KXG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat hangs every day
I don't use HttpClient, directly, but if I'm not mistaking, javax.mail.jar (JavaMail) and Google Calendar API uses HttpClient, and I use JavaMail and Google Calendar API, directly, in my app. Google Calendar API seemed to always close their connections and I have even experienced downtime (host unknown and/or server error responses from Google Calendar API service), and I have experienced downtime (unknown host exceptions) when using JavaMail to connect to GMAIL (via IMAP connection) to check-for-and-download emails. Some months ago, I recognized that I had many unclosed connections on my Windows Server 2008 production server, where Tomcat was running my app. Instead of blame Tomcat, I listened in on Tomcat user list and I searched the internet, and learned that the unclosed connections were due to my inexperience (using JavaMail), so I refactored my code and closed my JavaMail IMAP connection when checking-and-downloading emails from GMAIL (google) servers. I just searched google, stackoverflow tomcat httpclient timeout[1] and found the following: Best Practice to Use HttpClient in Multithreaded Environment[2] Using Apache HttpClient how to set the TIMEOUT on a request and response[3] and many more search results (and related links) that you can read. [1] http://lmgtfy.com/?q=stackoverflow+tomcat+httpclient+timeout [2] http://stackoverflow.com/questions/1281219/best-practice-to-use-httpclient-in-multithreaded-environment [3] http://stackoverflow.com/questions/9873810/using-apache-httpclient-how-to-set-the-timeout-on-a-request-and-response On Fri, May 17, 2013 at 8:02 AM, Paolo Botta paolo.bo...@cabril.it wrote: Sorry for the question, but if I set the timeout on the HttpClient I force the client to close the connection after the timeout, but have I informed the server that there is a timeout, so the server close the connection after the timeout? I mean HttpClient tells to the server about the timeout? Thx Paolo -Messaggio originale- Da: chk...@gmail.com [mailto:chk...@gmail.com] Per conto di Christian Kaltepoth Inviato: venerdì 17 maggio 2013 13:30 A: Tomcat Users List Oggetto: Re: Tomcat hangs every day Hey, I'm also not an expert for HttpClient, but when creating connections to remote services it is usually a good idea to set connection timeouts and socket timeouts so that the client doesn't block forever if there are problems with the connection. Exactly this seems to be the problem in your case. Best regards Christian Kaltepoth 2013/5/17 Sascha Troll sascha.tr...@geberit.com Christian, thanks for this. Can you give me a hint. I am just the server guy, so I can tell the developer. Thanks a lot ! Sascha From: Christian Kaltepoth christ...@kaltepoth.de To: Tomcat Users List users@tomcat.apache.org Date: 17.05.2013 11:24 Subject:Re: Tomcat hangs every day Sent by:chk...@gmail.com Seems like you have a class called SearchClientRemoteClient which uses HTTPClient. Many threads seems to wait for remote responses. I guess you don't set any timeouts for the HTTPClient and therefore many threads hang in HttpClient.executeMethod() forever. You should ALWAYS set timeouts when using HTTPClient. :) I hope this helps :) Christian 2013/5/17 Sascha Troll sascha.tr...@geberit.com Hi ! I have problem with our Tomcat 7.0.40 (upgrade already done from 7.0.39 and 7.0.37 and still the same issue). Its still running, but not longer accepting any connection on port 8080. Attached are the thread dumps which were created this morning when the server was not longer available. I cannot find any deadlocks and need some help to find the cause. Thanks Sascha -- Disclaimer: The content of this e-mail (including attachments) is confidential and intended for the use of the addressee only. If you are not the intended recipient please delete the e-mail; dissemination or disclosure of its content to anyone is strictly prohibited! Before opening an attachment please check it for viruses. We accept no liability for any damage caused by viruses. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Christian Kaltepoth Blog: http://blog.kaltepoth.de/ Twitter: http://twitter.com/chkal GitHub: https://github.com/chkal -- Disclaimer: The content of this e-mail (including attachments) is confidential and intended for the use of the addressee only. If you are not the intended recipient please delete the e-mail; dissemination or
Re: Multiple tomcat containers or instance on same servers
On Wed, May 1, 2013 at 8:51 PM, chris derham ch...@derham.me.uk wrote: If anyone else wants to chip in with any relevant additions, let me know. I might be able to have a look at updating the documentation page later, but being as I'm a developer my linguistic skills have never really been approved off so not sure any changes will be approved :-) HTH Chris I've added some comments to http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html - +1 I like the comments you added Chris! You must edit CATALINA_BASE\conf\server.xml to specify a unique IP/port for the instance to listen on. You gave some examples in those comments. it would be nice to see examples to clarify the statement above, too.
Re: getting the request that created the session
On Mon, Apr 29, 2013 at 9:54 AM, André Warnier a...@ice-sa.com wrote: - under Unix/Linux, there is a command tail -f filename, which continuously watches for any lines added to a file and displays them. It doesn't seem to be very intensive in terms of resources used. - and on the other hand, you probably have a session expiration timeout. So you could in theory say that you note the start of a session, and then update this each time there is a new access to that same session. And then periodically, you go through your table and for each session which you haven't seen since some time = the session timeout, you consider it expired. At which time of course I don't know if this is any simpler than the solution which you are exploring right now. ;-) With all respect, I have to say that looks like a lot of I/O right there and a huge hit in performance and I would assume this would hit memory in a bad way as well, but please correct/enlighten me. Also, I'm following this thread, because I have filter in place for similar reason, keeping track of new sessions created, expiring, etc..., and filter meets my need 100% and don't see why one would want to 'avoid' using a filter. Yes, I was looking at the performance of 'filter' and all that i'm doing in 'filter' on 'every request', but in retrospect, I don't see my filter implementation being much of an hinderance in performance. I have to take another look though and confirm what I'm saying here.
Re: getting the request that created the session
On Mon, Apr 29, 2013 at 10:54 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Even, the requests are keepalived they look to me as if they were executed parallel. At least from the chrome timeline. But its hard to tell without further investigation. Yeah, you might have to use a packet-sniffer. definitely sounds like overkill. how much code you need to write for such a thing, all because one would want to avoid using a filter???
Re: getting the request that created the session
Leon, On Mon, Apr 29, 2013 at 11:02 AM, Leon Rosenberg rosenberg.l...@gmail.comwrote: Hello Howard, the sniffer thing has nothing to do with original topic, I was just wandering that some requests were having session marked as new, which actually shouldn't be the case. Or in other word, the naive understanding of session.isNew method is that it should only return true once. But it did to it multiple times. The was strange, and christopher and myself were talking about investigating it further. Okay/understood. Back to your question, filter is ok, too many filters are making stack traces fuller than needed, and the order of the filter could be a problem. Listener is asked _before_ anything happens. Good point(s). About how many filters are you trying to consolidate by using this approach? I have seen recommendations of adding filters for file types, filters for login/session-management, etc... I have taken those concepts and put those in one filter which I have implemented and maintain and have done my best to ensure that it is 'thread-safe' as well. Some months ago, I reported an issue to tomcat JIRA/issue list, and those guys shot down my filter and said that it is not thread-safe. Since then, I have made some code changes in the filter and related sources (referenced by the filter), and did my best to make sure it is more threadsafe, even did some research on thread-safe filters (when injecting via CDI), etc... also, I am using OmniFaces gzip filter. To my knowledge, that is 2 filters in my app, that I see in stacktrace, when I have issues to troubleshoot/debug. When I am debugging, I often wonder why 'filter' show up all the time in stacktrace, but then of course, I have to remember that every user/HTTP request has to pass through the filter. So, okay, moving forward, ignore the fact that the (only) filter(s i have in my app) showed up in the stacktrace. regards Leon On Mon, Apr 29, 2013 at 4:59 PM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: On Mon, Apr 29, 2013 at 10:54 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Even, the requests are keepalived they look to me as if they were executed parallel. At least from the chrome timeline. But its hard to tell without further investigation. Yeah, you might have to use a packet-sniffer. definitely sounds like overkill. how much code you need to write for such a thing, all because one would want to avoid using a filter???
Re: getting the request that created the session
On Mon, Apr 29, 2013 at 12:55 PM, Leon Rosenberg rosenberg.l...@gmail.comwrote: Whether you want to have multiple filters or not is a decision based on your coding guidelines, architectural principles and what not. Since you are the only user of your filters, it's free to you to use as many (or few) filter as possible. Personally I would like to separate by concerns and have multiple filters, because it makes it easier to use, maintain and test. But this is personal opinion. However, in my case, I am developing a library that is used by others in their projects (http://moskito.anotheria.net). It comes already with 8 filters ( http://server04.test.anotheria.net:8080/moskitodemo/mui/mskShowProducersByCategory?pCategory=filter ) and this is a lot. Of course the end user (developer) only chooses the filters he needs, and not everyone needs everything. However, since its a lib, you don't want it to show up in your stack traces every request, you'd rather forget, that you have it at all. Therefore I'm trying to choose a less visible approach ;-) Also it's easier to add one listener to web.xml as to add a listener AND a filter. And I need the listener, to know when sessions expire anyway ;-) But again, your situation is obviously different from mine ;-) But if you want to count sessions and all the other funny stuff, give moskito a chance: https://confluence.opensource.anotheria.net/display/MSK/HowTo+embed+MoSKito+WebUI+into+a+maven+built+war https://confluence.opensource.anotheria.net/display/MSK/Integration+Guide Agreed-and-understood on all points. I am definitely interested in a better approach to managing/monitoring sessions in my web app (that is why i find this thread interesting), but ATM, my current session-management/monitoring implementation meets /my/ requirements. If/when I get a moment (or some bandwidth), I may take a look at your what you have developed. Thanks. regards, Howard
Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404
On Sat, Apr 20, 2013 at 7:22 AM, André Warnier a...@ice-sa.com wrote: 5) if the scheme works, and it does the effect of making this type of server-scanning uneconomical, bot developers will look for other ways to find vulnerable targets. IMHO, I don't see why bots will get 'turned off' by having to wait longer for a response from (potentially vulnerable) targets. I know that we are talking a 'numbers game', and the more vulnerable targets that are compromised, then I'm sure the developers of these bots +1 Like that, or mission accomplished. It is my assumption that these bots are automated and can run 'for life', why would they stop doing what they are doing just because of a delayed response. I'm sure these bots are already facing a delayed response. I'm quite sure many web servers and/or web applications do not respond that well/fast. 6) intuitively, it seems that implementing this would not be very complicated, and that the foreseeable cost per server, in terms of complexity and performance, would be quite low. The burden imposed on normal clients would also seem to be small. Maybe this should be evaluated in terms of a comparison with any other method that could provide some similar benefit at lower costs. 7) once implemented, it would be something which does not require any special skills or and special effort on the part of the vast majority of people that download and install tomcat. Which means that it has a real chance to automatically spread over time to a large proportion of servers. This is quite unlike any other bot-fighting measure that I have seen mentioned so far in this thread. +1 I like the fact that a scheme is proposed that would require 'no learning curve' and no required 'standard procedure' to be implemented when attempting to adapt or take advantage of the solution/scheme. But I still think that if all /tomcat/ users were informed via an 'ANN' (announcement) email to deactivate or remove /tomcat/ manager app(s), and somehow a survey is made available a few weeks/months /later/, where cooperative /tomcat/ users can report-on how many 'attempted attacks' showed up in their access logs after removing /tomcat/ manager app(s), and then somehow publicize the survey results to the world, especially, in a way that bot-developers can see that they are wasting their time, because /tomcat/ users have made a concerted effort to /declare war against/ these bots /and bot developers/. also, if an 'ANN' email was sent, where /expert tomcat/ users can derive/develop a list of the popular/frequent URLs that bots use when attempting to compromise /tomcat/ servers. also, for a certain amount of time, /immediate/ future releases of tomcat should have manager app(s) as a separate download /available/, and 'ANN' email will inform them that this is a change as we are attempting to ward off the ongoing/obvious bot attacks against /tomcat/. Yes, I know this will require additional steps and probably be rejected by some/many tomcat users, especially those that are very very 'dependent' on tomcat manager apps. manager apps are probably the 'primary' target, so remove it from the install package, and make it a separate install, and ask users for an honest effort to participate in this effort for the reason(s) discussed in this thread. we are a village, we have to start with tomcat, first, and then other app servers can adapt 'schemes' that work...especially after it become a known fact that bots are 'not' compromising tomcat servers anymore, /or/ they are compromising less tomcat servers, because tomcat users are tired of these bot attacks, and have made a concerted effort to stop/end tomcat-bot-attacks. Whatever scheme is implemented, if the survey results are positive and the implementation meets the requirement/goal, then other servers will hear of this good news, and adapt the scheme/solution, accordingly. /my two cents/
Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404
On Thu, Apr 18, 2013 at 12:26 PM, André Warnier a...@ice-sa.com wrote: My contention is that this would be self-defeating for the bots. 91.121.172.164 - - [03/Apr/2013:08:19:50 +0200] GET /robots.txt HTTP/1.1 404 360 - Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US) I definitely saw this in my local access log last night. I was working with someone's test-case that they sent me, and I stumbled on the 404 error (see below) in my browser, which clearly shows that this is a tomcat/tomee server. do the bots read the 404 error HTTP response and check if the response includes the string lowercase('tomcat') ? HTTP Status 404 - /prova_fileupload_primefaces/ type Status report message /prova_fileupload_primefaces/ description The requested resource is not available. Apache Tomcat (TomEE)/7.0.39 --- it really showed up like this, below; i copied the text to text editor and copied the text above. HTTP Status 404 - /prova_fileupload_primefaces/ -- *type* Status report *message* */prova_fileupload_primefaces/* *description* *The requested resource is not available.* -- Apache Tomcat (TomEE)/7.0.39
Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404
On Wed, Apr 17, 2013 at 10:45 AM, chris derham ch...@derham.me.uk wrote: The OWASP recommendations for securing tomcat suggest removing all items under catalina_home/webapps as a first step. Just a thought. The first step an attacker performs when conducting a focused attack, is to map out the server. The presence of a response to http://server:8080/manager/html/ would seem to indicate a default install of tomcat. Once that have this initial reconnaissance performed, they will move onto using known exploits against it. By removing manager app from the default install, this would be made one step harder. You can't really prevent a dedicated attacker, but making it one step harder to attack your server, might make the not-bothered-which-server-I-attack guy move on to easier pickings +1 Chris! When I migrated from Glassfish 3.1.2.2 to Tomcat/tomee late last year, this is really what I wanted. I forgot the default port (since I'm no longer a Glassfish user), but I liked how Glassfish defaulted home-grown web apps on port 8080, and Glassfish Admin web application was on port 4848 (just remembered that). When I experienced my first 'attack' on my development server, that is what I wanted. it would be nice to know how to re-configure my tomcat/tomee, so the manager app will be on port 4848, or something like that, but being the novice that I am, I did not know how to do it, and I honestly confess that I did not read the tomcat documentation on how to do it. :) Trying to catch up on all the responses. I wanted to respond to a few other posts, but thought I might keep reading. Now, I will go back to reading more of the responses. If you deliberately delay 404 by a known amount of time, it will still stick out, and they can use this just as much as a positive indication. I agree with this. 'delay 404' sounds like a good idea, but how many of those botnet developers are on this list 'today', reading this discussion? In no time, and IMHO, I'm sure they can/will develop a botnet that is 'tolerant' of delay 404, or something similar.
Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404
On Wed, Apr 17, 2013 at 1:59 PM, Leo Donahue - RDSA IT leodona...@mail.maricopa.gov wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404 People *do* do this (notice their computer sucking) but mostly (at least Americans) will just go out and buy another one, assuming that their computer just isn't fast enough to work well after owning it for a few years. soapboxIt's sad that most of us have more computing resources beneath our fingertips than spacecraft do, yet we upgrade every few years because MS Office has gotten fatter. /soapbox And no one ever uses (or knows about) the restore partition when their pc becomes full of junk. However, the old P4 laptop I have running XP with 2GB of RAM and dedicated video RAM doesn't do much for websites these days running a lot of graphics.. ahem Silverlight, flash, etc... The web is also getting fat. [OT] response to previous [OT] chatter above. :) You all get me laughing a lot by listening in on discussions/threads. Anyway, I have definitely recognized what Chris is talking about, and honestly, I have been the one that have 'supported' friends and family...telling them to 'restore-to-factory' their Windows laptop/desktop, whenever it gets slow; I got 'tired' of trying to go through Windows registry and startup folders, trying to figure out what malware was maliciously installed, etc Quite a few times, I have had to bring home PCs, belonging to friends, and do this restore-to-factory, and I have had to 'remind' family to 'restore-to-factory'. Finally, and recently, I restored my 2005 Dell Windows XP laptop, last year (maybe), and gave it to my 9-year-old daughter. It definitely could not meet my requirements to develop/test software. :) - -chris
Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404
On Wed, Apr 17, 2013 at 2:39 PM, André Warnier a...@ice-sa.com wrote: Some other calculations : According to the same Netcraft site, of the 600 million websites, 60% are Apache (I guess that this includes httpd and Tomcat (or else Tomcat is in others). This is good to know, and honestly, I'm glad to see/know this. I recently learned that the webhost of my family business 'public' website is using Apache as well. I recognized this while looking at some specs in the admin console, provided by the web host on the admin console pages of their website. Anyway, again, I like the idea that you're proposing, but a friendly reminder... something I have recognized (even being new to the list) is that a *huge* *majority* of *tomcat* endusers are using *older* tomcat versions, and even though you all recommend them to update their tomcat version for security reasons, how many of them do their best to 'always' have the latest-n-greatest version of tomcat. So, even if 'delay 404' was added, I don't think many of the already-existing apache/tomcat websites will have this new 'delay 404' feature. :) Also, the 'delay 404' basically requires a possible change or release note that says, undeploy or delete manager app (etc...), so this 'delay 404' feature can be used, since tomcat's manager app is one of the popular URLs that hackers or bots, target. just my two cents... --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404
On Wed, Apr 17, 2013 at 3:45 PM, Leo Donahue - RDSA IT leodona...@mail.maricopa.gov wrote: Not knowing anything about the history of the HTTP 404 method, if a server does not find a matching request URI, why was it decided that the protocol would even respond at all? Seems like the request could have just been ignored or dropped. [Way OT...] If you get this to work, then the next place you can take this idea is to the phone company. Why should my phone even ring at all if I know the caller is from an 800 number... or from some other list of people I don't care to talk to ... I would love it if those guys had to wait 10 or 20 seconds between rings... that would be great!! +1 being facetious here, but IMHO, when André proposed the 'delay 404' (or at least when I started reading this thread earlier this afternoon), I thought, wow, it would be nice to respond to these bots with a 2GB-size html page instead of returning 404. I know such an idea will ever be implemented, but was just a thought. That will surely rock their world and the web server's world (which we don't want, of course).
Re: explanation of resource-ref in web.xml
On Wed, Apr 17, 2013 at 10:38 PM, Leo Donahue - RDSA IT leodona...@mail.maricopa.gov wrote: From: Jakub 1983 [jjaku...@gmail.com] Sent: Wednesday, April 17, 2013 7:26 PM To: Tomcat Users List Subject: explanation of resource-ref in web.xml What the hell is resource-ref in web.xml used for ? I use it in a context, to define a Resource such as a database connection. There is an example here: http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html#MySQL_DBCP_Example I saw your first email to the list, and then after your 2nd separate email to the list, I searched google for the following: tomcat resource-ref web.xml [1] and found many search results that should get you on your way. Of which, I found [2], [3], [4], [5] [1] http://lmgtfy.com/?q=tomcat+resource-ref+web.xml [2] http://www.mulesoft.com/tomcat-mysql [3] http://www.mkyong.com/tomcat/how-to-configure-mysql-datasource-in-tomcat-6/ [4] http://stackoverflow.com/questions/2887967/what-is-resource-ref-in-web-xml-used-for [5] http://stackoverflow.com/questions/9078511/resource-ref-usage-in-web-xml-with-tomcat-5-5-and-spring
Re: ParNew promotion failed in verbose GC logs
On Tue, Apr 16, 2013 at 7:11 AM, David kerber dcker...@verizon.net wrote: On 4/16/2013 5:30 AM, André Warnier wrote: Premature optimization is the root of all evil http://en.wikiquote.org/wiki/**Donald_Knuthhttp://en.wikiquote.org/wiki/Donald_Knuth No doubt; I learned that one long ago. Get it working correctly first, and only then start trying to optimize pieces that aren't working well enough. Wow, good catch, David (and thank you for the LOL)! I'm learning, and at least the last 6 months, have been doing my best, trying 'not' to optimize, prematurely! Still, working on that one, too. :)
Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)
On Tue, Apr 16, 2013 at 10:31 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/15/13 4:02 PM, Howard W. Smith, Jr. wrote: On Mon, Apr 15, 2013 at 1:08 PM, Christopher Schultz ch...@christopherschultz.net wrote: Howard, On 4/14/13 9:53 PM, Howard W. Smith, Jr. wrote: I am definitely relying on user HttpSessions, and I do JPA-level caching (statement cache and query results cache). pages are PrimeFaces and primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with speed/performance. And right now, the app handles on a 'few' simultaneous connections/users that do small and large fetches/inserts from/into relational database. :) You can tune the JPA caching, etc. to meet your environmental needs, etc., so you don't *need* a huge heap. If you find that you need to be able to improve your performance, you might be able to increase your cache size if it in fact improves things. doing this, and just made some code changes to tap a little more into JPA caching, but one of my endusers just did a user operation on one of the pages, and he sent me a screen capture of the nasty eclipselink error that he experienced. evidently, i need to tweak caching or do not use the cache at that point in the app. :) Just remember that caching isn't always a worthwhile endeavor, and that the cache itself has an associated cost (e.g. memory use, management of the cache, etc.). Noted, and per my experience (already), I have definitely recognized that. Thanks. If your users don't use cached data very much Smiling... um, well, the endusers don't 'know' that they 'are' using the cache, but I did enlighten the one enduser, yesterday, that reported that eclipselink issue (that was most likely caused by my use of the 'readonly' query hint). And for the record, they 'are' using the cache, since there are common pages/data that they access and/or request, multiple times, daily (and throughout the day), and even multiple times, most likely, throughout each session. or, worse, make so many varied requests that the cache is thrashing the whole time, then you are actually hurting performance: you may as well go directly to the database each time. They definitely make varied requests, 'too', throughout the day and during each session, and since I like to monitor performance via jvisualvm, I am recognizing a lot of 'eclipselink' code that is executed, since i commonly use readonly and query-results-cache query hints, but performance seems worse when readonly and/or query-results-cache are not used (when I look at the times in jvisualvm). just today, i recognized a query, such as following which was performing very poorly, even though the JOIN was on a primary/foreign key, and ORDER BY on primary key (which 'should' be fast): @NamedQuery(name = OrderCostDetails.findByOrderId, query = SELECT ocd FROM OrderCostDetails ocd JOIN ocd.orders o WHERE o.orderId = :orderId ORDER BY ocd.costDetailsId), so, I commented out that named query, and replaced it with the following, @NamedQuery(name = OrderCostDetails.findByOrderId, query = SELECT o.orderCostDetails FROM Orders o WHERE o.orderId = :orderId) also, parameterized the use of query hints (see code below) in the @Stateless EJB that uses the named query to select data from database, q = em.createNamedQuery(OrderCostDetails.findByOrderId) .setParameter(orderId, id) .setHint(eclipselink.query-results-cache, true); if (readOnly) { q.setHint(eclipselink.read-only, true); } list = q.getResultList(); if (list == null || list.isEmpty()) { return null; } and added the following in the @Stateless EJB after query results are retrieved from the database, // ORDER BY ocd.serviceAbbr, ocd.nbrOfPassengers Collections.sort(list, new ComparatorOrderCostDetails() { @Override public int compare(OrderCostDetails ocd1, OrderCostDetails ocd2) { String ocd1SortKey = ocd1.getServiceAbbr() + ocd1.getNbrOfPassengers(); String ocd2SortKey = ocd2.getServiceAbbr() + ocd2.getNbrOfPassengers(); return ((Comparable)ocd1SortKey).compareTo(ocd2SortKey); } }); and now, this query, is 'no longer' a hotspot in jvisualvm; it doesn't even show up in the 'calls' list/view of jvisualvm. Why did I target this query? because this query seemed as though it should be fast, but the eclipselink code was executing some 'twisted' method and a 'normalized' method, etc..., so I said to myself, I need to refactor this query/code, so all that eclipselink code will not hinder performance. I think the performance improved because of the following: Orders has OrderCostDetails (1 to many), search Orders via primary key (OrderId) is much easier than searching OrderCostDetails JOIN(ed) to Orders WHERE Orders.OrderId = :orderId. So, I am 'sure' that eclipselink is NOT calling some 'twist' (or normalize
Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404
On Mon, Apr 15, 2013 at 7:49 AM, Pid p...@pidster.com wrote: I'm persisting in this point because I don't want other users to continue believing the fallacy that 'hiding' Tomcat behind Apache HTTPD alone improves their security. And your persistence is appreciated, and I definitely appreciate all the responses/discussion. :)
Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)
On Mon, Apr 15, 2013 at 7:40 AM, David kerber dcker...@verizon.net wrote: On 4/14/2013 11:10 PM, Howard W. Smith, Jr. wrote: On Sun, Apr 14, 2013 at 10:52 PM, Mark Thomasma...@apache.org wrote: On 14/04/2013 21:53, Howard W. Smith, Jr. wrote: On Sun, Apr 14, 2013 at 6:51 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/11/13 10:38 PM, Howard W. Smith, Jr. wrote: On Thu, Apr 4, 2013 at 2:32 PM, Christopher Schultz ch...@christopherschultz.net wrote: Your heap settings should be tailored to your environment and usage scenarios. Interesting. I suppose 'your environment' means memory available, operating system, hardware. Usage scenarios? hmmm... please clarify with a brief example, thanks. :) Here's an example: Let's say that your webapp doesn't use HttpSessions and does no caching. You need to be able to handle 100 simultaneous connections that do small fetches/inserts from/into a relational database. Your pages are fairly simple and don't have any kind of heavyweight app framework taking-up a whole bunch of memory to do simple things. Thanks Chris for the example. This is definitely not my app. I am definitely relying on user HttpSessions, and I do JPA-level caching (statement cache and query results cache). pages are PrimeFaces and primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with speed/performance. And right now, the app handles on a 'few' simultaneous connections/users that do small and large fetches/inserts from/into relational database. :) Hopefully one day, my app will be support 100+ simultaneous connections/users. For this situation, you can probably get away with a 64MiB heap. If your webapp uses more than 64MiB, there is probably some kind of problem. If you only need a 64MiB heap, then you can probably run on fairly modest hardware: there's no need to lease that 128GiB server your vendor is trying to talk you into. Understood, thanks. I have Xms/Xmx = 1024m, and I rarely see used memory get over 400 or 500m. the production server has 32GB RAM. I'll summarize a number of JavaOne sesisons I've been to on GC and performance (caveat - this was a couple of years ago and GC design has moved on since then). - GC pause time - throughput - small memory footprint You can optimise for any two of the above at the expense of the third. Assuming you opt for min GC pause time and max throughput the question then becomes how much heap do you need? If you look at your steady state heap usage graph (it should be a saw-tooth) then take the heap usage at the bottom of the saw-tooth and multiply it by 5 - that is the heap size you should use for the GC to work optimally. HTH, Mark Interesting, that does help, Mark, thanks. 250 x 5 = 1,250. I guess I was pretty close on target when I set Xms/Xmx = 1024m. Prior to seeing your email/response, I checked the server again, and it was no saw-tooth at all, it was at 250 (bottom), and then saw-tooth graph came into play...minutes later. Make sure you give it enough time for the memory use to stabilize. Will do (and doing that), thanks. :) Depending on your app and usage patterns, it can take up to days for the sawtooth to stabilize and start showing. One of mine takes a couple of hours, and another a few days for that pattern to become visible. I see it stabilize 'in minutes' (after/during usage of the app). Just now (prior to writing this email), I was looking at the app's usage (via monitoring the app's own data/record audit trail page), and then decided to check-on the app to see how it is doing/performing via jvisualvm, and voila, again, I saw no saw-tooth[1]. I saw this, 5 to 15 minutes after a period of inactivity in the app, but before I logged into the app, as I stated above, I checked the app's audit trail (which can definitely be a 'heavy-lifting' database query, depending on work done within the app on selected date, default = current date), and it[1] still showed no activity (or saw-tooth); I assume activity within the app can = definite/obvious saw-tooth graph (which also means, GC is working while app is being used). What I mentioned above is very normal behavior for my app. [1] http://img805.imageshack.us/img805/8453/20130415jvisualvm01.png --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)
On Mon, Apr 15, 2013 at 11:18 AM, Mark Eggers its_toas...@yahoo.com wrote: On 4/15/2013 7:25 AM, David kerber wrote: On 4/15/2013 10:10 AM, Howard W. Smith, Jr. wrote: On Mon, Apr 15, 2013 at 7:40 AM, David kerberdcker...@verizon.net wrote: On 4/14/2013 11:10 PM, Howard W. Smith, Jr. wrote: On Sun, Apr 14, 2013 at 10:52 PM, Mark Thomasma...@apache.org wrote: On 14/04/2013 21:53, Howard W. Smith, Jr. wrote: On Sun, Apr 14, 2013 at 6:51 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/11/13 10:38 PM, Howard W. Smith, Jr. wrote: On Thu, Apr 4, 2013 at 2:32 PM, Christopher Schultz ch...@christopherschultz.net wrote: Your heap settings should be tailored to your environment and usage scenarios. Interesting. I suppose 'your environment' means memory available, operating system, hardware. Usage scenarios? hmmm... please clarify with a brief example, thanks. :) Here's an example: Let's say that your webapp doesn't use HttpSessions and does no caching. You need to be able to handle 100 simultaneous connections that do small fetches/inserts from/into a relational database. Your pages are fairly simple and don't have any kind of heavyweight app framework taking-up a whole bunch of memory to do simple things. Thanks Chris for the example. This is definitely not my app. I am definitely relying on user HttpSessions, and I do JPA-level caching (statement cache and query results cache). pages are PrimeFaces and primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with speed/performance. And right now, the app handles on a 'few' simultaneous connections/users that do small and large fetches/inserts from/into relational database. :) Hopefully one day, my app will be support 100+ simultaneous connections/users. For this situation, you can probably get away with a 64MiB heap. If your webapp uses more than 64MiB, there is probably some kind of problem. If you only need a 64MiB heap, then you can probably run on fairly modest hardware: there's no need to lease that 128GiB server your vendor is trying to talk you into. Understood, thanks. I have Xms/Xmx = 1024m, and I rarely see used memory get over 400 or 500m. the production server has 32GB RAM. I'll summarize a number of JavaOne sesisons I've been to on GC and performance (caveat - this was a couple of years ago and GC design has moved on since then). - GC pause time - throughput - small memory footprint You can optimise for any two of the above at the expense of the third. Assuming you opt for min GC pause time and max throughput the question then becomes how much heap do you need? If you look at your steady state heap usage graph (it should be a saw-tooth) then take the heap usage at the bottom of the saw-tooth and multiply it by 5 - that is the heap size you should use for the GC to work optimally. HTH, Mark Interesting, that does help, Mark, thanks. 250 x 5 = 1,250. I guess I was pretty close on target when I set Xms/Xmx = 1024m. Prior to seeing your email/response, I checked the server again, and it was no saw-tooth at all, it was at 250 (bottom), and then saw-tooth graph came into play...minutes later. Make sure you give it enough time for the memory use to stabilize. Will do (and doing that), thanks. :) Depending on your app and usage patterns, it can take up to days for the sawtooth to stabilize and start showing. One of mine takes a couple of hours, and another a few days for that pattern to become visible. I see it stabilize 'in minutes' (after/during usage of the app). Just now (prior to writing this email), I was looking at the app's usage (via monitoring the app's own data/record audit trail page), and then decided to check-on the app to see how it is doing/performing via jvisualvm, and voila, again, I saw no saw-tooth[1]. I saw this, 5 to 15 minutes after a period of inactivity in the app, but before I logged into the app, as I stated above, I checked the app's audit trail (which can definitely be a 'heavy-lifting' database query, depending on work done within the app on selected date, default = current date), and it[1] still showed no activity (or saw-tooth); I assume activity within the app can = definite/obvious saw-tooth graph (which also means, GC is working while app is being used). What I mentioned above is very normal behavior for my app. [1] http://img805.imageshack.us/**img805/8453/**20130415jvisualvm01.pnghttp://img805.imageshack.us/img805/8453/20130415jvisualvm01.png These graphs are only showing ~40 seconds of data. I'll bet if you let the app run for several minutes or hours, you'll see it. Yep, there's no history in that data. Agreed! :) What you can do (probably in a test environment) is the following: 1. Set up monitoring (visualvm, psi-probe
Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)
On Mon, Apr 15, 2013 at 1:08 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/14/13 9:53 PM, Howard W. Smith, Jr. wrote: I am definitely relying on user HttpSessions, and I do JPA-level caching (statement cache and query results cache). pages are PrimeFaces and primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with speed/performance. And right now, the app handles on a 'few' simultaneous connections/users that do small and large fetches/inserts from/into relational database. :) You can tune the JPA caching, etc. to meet your environmental needs, etc., so you don't *need* a huge heap. If you find that you need to be able to improve your performance, you might be able to increase your cache size if it in fact improves things. doing this, and just made some code changes to tap a little more into JPA caching, but one of my endusers just did a user operation on one of the pages, and he sent me a screen capture of the nasty eclipselink error that he experienced. evidently, i need to tweak caching or do not use the cache at that point in the app. :) i explained to him that i did some major changes in the app, related to caching... and i told him that it was for 'performance improvement', and told him the same as Mark just told me, Google is your friend (and told him that 'wiki' keyword in the search is your friend, too). :) sometimes, i do keep large amount of data in user HttpSession objects, but still being somewhat junior java/jsf developer and listening to you all on tomcat list and other senior java/jsf developers, I want to move some of my logic and caching of data from SessionScoped beans to RequestScoped beans. You might be able to have your cake and eat it, too. There is an interesting class called WeakReference that you can use to interact with the memory manager and garbage-collector. If you have a bunch of stuff cached in the session, as long as you could re-construct the cache given some value (like user_id or whatever), you can make the big, cached stuff in the session into so-called weak-references. If the GC wants to re-claim memory, it can discard weak references and the WeakReference object will then point to null. That allows you to have a nice cache that auto-cleans if you start running low on memory. very interesting. since i'm using gson to accept some JSON-wrapped data into my app from our public website (static pages and formmail, only, for now, until i integrate it with the web app i developed for personnel, only, for now), i didn't like the warning/msg when tomcat/tomee 'stops'...says that weak reference could not be deleted or something like that (sorry, i forgot exactly what it said). Anyway, i followed some issue in gson's issue tracker (on code.google.com), and someone offered some code to delete gson from weak reference, so i decided to add that to my app, when i shutdown app. so, i do know that the weak reference class is available. really have not 'used' it yet, though. :) i have some things in mind what I want to do with that large session scoped data. I am considering caching it at application level and all users have ability to update that huge List and extract data. I was thinking of using @Singleton Lock(READ) to control access. it takes no time at all to search the List for the information that it needs, and it takes no time at all to re-populate the List. Since we discuss GC a lot on this list, i wonder if you all recommend to set the 'list' to null, first, and then List ... = new ArrayList(newList), or new ArrayList(newList) is sufficient for good GC. I've written a Filter and HttpSession wrapper that can do that kind of thing transparently to the application code. I don't actually use it right now -- it was just a proof-of concept -- but it's a quick and dirty way to get caching but also save a safety valve. that's nice proof of concept! I guess i've heard so much bad about people not cleaning up threadlocals, that I try to avoid usage of threadlocal, but it's interesting, so much talk on this list about threadlocals, but they threadlocals seem to be used by many implementations/software out there. Not naming any names. :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRbDQhAAoJEBzwKT+lPKRY2voP/RejVzXwT9q3Bpq8C85sdmaU rf4l8aSAeHY9iZDuU27dGIPYcM8eD503UFdLxNrLQmsAnIGgecxcybSzTCIaA8Q1 kqtA58KOOkSwjWzSzyLhr7glDELXlB7BW1wiKuclrSE99NLmLQIwt5osvjv6qYxi jPTU0y1LEKs9mXFjCmwpdjxryttMOPL+3NMjYy0PrauwxtWR1uPS3r+1bhkjtbSs srx4aV98bFso7NydTPrbGahOHRnY1s7deNq1AzcaYsKV0ASky5cgagmk9qRyfxMd UBAo4+cxQG2V9ccGO4PR+cuL6JQuLhfxexneFfR+FSbFPCmM9axNBexqi73BL79q 1aOffzSKLc9gS1I7MjXgMwc20K+bDYmnWOsePAJpCIt9Jl3S77AKQYzBWapCXCu0 H
Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)
On Sun, Apr 14, 2013 at 6:51 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/11/13 10:38 PM, Howard W. Smith, Jr. wrote: On Thu, Apr 4, 2013 at 2:32 PM, Christopher Schultz ch...@christopherschultz.net wrote: Your heap settings should be tailored to your environment and usage scenarios. Interesting. I suppose 'your environment' means memory available, operating system, hardware. Usage scenarios? hmmm... please clarify with a brief example, thanks. :) Here's an example: Let's say that your webapp doesn't use HttpSessions and does no caching. You need to be able to handle 100 simultaneous connections that do small fetches/inserts from/into a relational database. Your pages are fairly simple and don't have any kind of heavyweight app framework taking-up a whole bunch of memory to do simple things. Thanks Chris for the example. This is definitely not my app. I am definitely relying on user HttpSessions, and I do JPA-level caching (statement cache and query results cache). pages are PrimeFaces and primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with speed/performance. And right now, the app handles on a 'few' simultaneous connections/users that do small and large fetches/inserts from/into relational database. :) Hopefully one day, my app will be support 100+ simultaneous connections/users. For this situation, you can probably get away with a 64MiB heap. If your webapp uses more than 64MiB, there is probably some kind of problem. If you only need a 64MiB heap, then you can probably run on fairly modest hardware: there's no need to lease that 128GiB server your vendor is trying to talk you into. Understood, thanks. I have Xms/Xmx = 1024m, and I rarely see used memory get over 400 or 500m. the production server has 32GB RAM. On the other hand, maybe you have aggressive caching of data that benefits from having a large amount of heap space. Or maybe you need to support 1000 simultaneous connections and need to do XSLT processing of multi-megabyte XML documents and your XSLTs don't allow stream-processing of the XML document (oops). Interesting. Or maybe you have to keep a large amount of data in users' HttpSession objects (maybe a few dozen MiB) and you need to support a few thousand simultaneous users (not connections). 10k users each with a 5MiB heap = 48GiB. sometimes, i do keep large amount of data in user HttpSession objects, but still being somewhat junior java/jsf developer and listening to you all on tomcat list and other senior java/jsf developers, I want to move some of my logic and caching of data from SessionScoped beans to RequestScoped beans. That's interesting that you say, '10k users each with 5MB heap = 48 GB'; i never thought about calculating a size estimate per user; maybe, i should do that when i am done with all of my optimizing of the app. i've been in optimize mode for the last 5 to 8 months (slowly-but-surely, mojarra to myfaces, JSF managed beans to CDI managed beans, in preparation for JSF 2.2 and/or Java EE 7, glassfish to tomcat/tomee, and other things after/while listening to you all about JVM tuning, preventing/debugging/resolving memory leaks, etc... There is no such thing as a good recommendation for heap size unless the person making the recommendation really understands your use case(s). understood/agreed I generally have these two suggestions that I've found to be universally reasonable: 1. Make -Xms = -Xmx to eliminate heap thrashing: the JVM is going to eat-up that large heap space at some point if you have sized things correctly, so you may as well not make the memory manager have to work any harder than necessary. doing this, as I've seen this recommended quite often on this list and others (tomee, openwebbeans, openejb). if you have sized things correctly? size things correctly = set -Xms and -Xmx appropriately to meet your system/software requirements? 2. Run with the lowest heap space that is reasonable for your environment. I like doing this because it actually helps you diagnose things more easily when they go wrong: a small heap yields a smaller heap-dump file, is GC'd more frequently and therefore contains fewer long-lived dead objects, and will cause an OOME sooner if you have some kind of leak. Of course, nobody wants to experience an OOME but you also don't want to watch a 50GiB heap fill-up 800 bytes at a time due to a small leak. Agreed and this is definitely/really nice to know. Listening to you all here on tomcat list, that is why I lowered Xms/Xmx from 4096 to 1024MB. Listening to you, now, and since I hardly ever see heap rise above 500 or 600m, I could lower Xms/Xmx from 1024 to maybe 800/900m, but remember, I shutdown-deploy-start tomee/tomcat quite often, almost daily, so i'm really not giving it a chance to see if OOME will occur, even when set to 1024m. i have
Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)
On Sun, Apr 14, 2013 at 10:52 PM, Mark Thomas ma...@apache.org wrote: On 14/04/2013 21:53, Howard W. Smith, Jr. wrote: On Sun, Apr 14, 2013 at 6:51 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/11/13 10:38 PM, Howard W. Smith, Jr. wrote: On Thu, Apr 4, 2013 at 2:32 PM, Christopher Schultz ch...@christopherschultz.net wrote: Your heap settings should be tailored to your environment and usage scenarios. Interesting. I suppose 'your environment' means memory available, operating system, hardware. Usage scenarios? hmmm... please clarify with a brief example, thanks. :) Here's an example: Let's say that your webapp doesn't use HttpSessions and does no caching. You need to be able to handle 100 simultaneous connections that do small fetches/inserts from/into a relational database. Your pages are fairly simple and don't have any kind of heavyweight app framework taking-up a whole bunch of memory to do simple things. Thanks Chris for the example. This is definitely not my app. I am definitely relying on user HttpSessions, and I do JPA-level caching (statement cache and query results cache). pages are PrimeFaces and primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with speed/performance. And right now, the app handles on a 'few' simultaneous connections/users that do small and large fetches/inserts from/into relational database. :) Hopefully one day, my app will be support 100+ simultaneous connections/users. For this situation, you can probably get away with a 64MiB heap. If your webapp uses more than 64MiB, there is probably some kind of problem. If you only need a 64MiB heap, then you can probably run on fairly modest hardware: there's no need to lease that 128GiB server your vendor is trying to talk you into. Understood, thanks. I have Xms/Xmx = 1024m, and I rarely see used memory get over 400 or 500m. the production server has 32GB RAM. I'll summarize a number of JavaOne sesisons I've been to on GC and performance (caveat - this was a couple of years ago and GC design has moved on since then). - GC pause time - throughput - small memory footprint You can optimise for any two of the above at the expense of the third. Assuming you opt for min GC pause time and max throughput the question then becomes how much heap do you need? If you look at your steady state heap usage graph (it should be a saw-tooth) then take the heap usage at the bottom of the saw-tooth and multiply it by 5 - that is the heap size you should use for the GC to work optimally. HTH, Mark Interesting, that does help, Mark, thanks. 250 x 5 = 1,250. I guess I was pretty close on target when I set Xms/Xmx = 1024m. Prior to seeing your email/response, I checked the server again, and it was no saw-tooth at all, it was at 250 (bottom), and then saw-tooth graph came into play...minutes later. Thanks again! --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404
On Apr 13, 2013 3:55 PM, Mark Eggers its_toas...@yahoo.com wrote: On 4/10/2013 5:47 PM, Howard W. Smith, Jr. wrote: Some legit 404s definitely show up for every enduser that access the webapp via mobile device, because PrimeFaces has 2 files that no longer exist in the JAR file, and I just reported this in their Issue Tracker. 127.0.0.1 - - [10/Apr/2013:20:00:54 -0400] GET /apple-touch-icon-precomposed.png HTTP/1.1 404 - 127.0.0.1 - - [10/Apr/2013:20:00:54 -0400] GET /apple-touch-icon.png HTTP/1.1 404 - Also, netbeans IDE and start-stop-tomcat implementation results in the following: 127.0.0.1 - - [10/Apr/2013:20:11:05 -0400] HEAD /netbeans-tomcat-status-test HTTP/1.1 404 - 127.0.0.1 - - [10/Apr/2013:20:11:05 -0400] HEAD /netbeans-tomcat-status-test HTTP/1.1 404 - 127.0.0.1 - - [10/Apr/2013:20:11:05 -0400] HEAD /netbeans-tomcat-status-test HTTP/1.1 404 - A little off-topic here . . . This is analogous to the favicon.ico file. Mobile devices (Android and iOS at least) use these so you can create a bookmark on the desktop (or whatever the mobile devices call it). So, make a nice icon (png, 100x100) for your site. Then users can bookmark the site and put the link on the desktop. Correct. I learned about this a few days ago, when I posted this as a primefaces issue in primefaces mobile forum and issue tracker, a few days ago. Someone responded with some URLs to blogs that discuss this. Now, I know how to handle this and now I know this is not an issue. :-) And yes, NetBeans seems to do that in order to figure out when Tomcat starts up (even if it's already started). It also issues a start command to the manager application for your web application (even if autoDeploy=true). . . . . just my two cents. /mde/ Thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.39 randoms start and crash
Antoine Philippe, On Fri, Apr 12, 2013 at 6:17 PM, antoine philippe chaker philippe.cha...@gmail.com wrote: Hi all, Caused by: java.lang.IllegalStateException: Unable to complete the scan for annotations for web application [/autodis] due to a StackOverflowError. Possible root causes include a too low setting for -Xss and illegal cyclic inheritance dependencies. The class hierarchy being processed was [org.bouncycastle.asn1.ASN1EncodableVector-org.bouncycastle.asn1.DEREncodableVector-org.bouncycastle.asn1.ASN1EncodableVector] I think I've seen you in atmosphere google groups, so I wanted to listen in on the outcome of this thread, but then I saw the error message above, and it reminded me of the cyclic references I had in my app (even though this seems to be tomcat code). Since the error mention -Xss, can you share your java memory options to the list? FYI, your post just motivated me to ask a question in a separate topic, since I'm using Tomcat 7.0.39 (via TomEE 1.6.0 snapshot) and Atmosphere 1.0.13 (snapshot).
java.net.SocketTimeoutException: Read timed out
After reading antoine philippe chaker's last email/post, that motivated me to pose a question as well. I am using Tomcat 7.0.39 (via TomEE 1.6.0 snapshot), Atmosphere 1.0.13 (snapshot...recently downloaded within the last week), and OmniFaces Gzip filter, and Google Calendar API (v3). A bit of background... hmmm, some weeks ago, I started using tomcat 7.0.39 along with google calendar API (v3) and Atmosphere 1.0.12, and I'm sure requests to google calendar is about the same. Recently, I added Atmosphere 1.0.13, and I started experiencing issues related to adding events on google calendar from my app. Now, I'm sure, I could revert back to Atmosphere 1.0.12, and see how that works for next few days. Also, I could check to make sure that there has been no internet connection downtime to/for the server, especially when these issues are occurring. At any rate, the log seems to only record one exception, and then it seems as though all subsequent attempts/requests (to google calendar) are failing with some exception that is not being recorded in the logs. 3 or 4 days ago, there was a different exception, but they both seemed somewhat related to (JSON) http response. The first time I experienced an issue, the exception started here (my code is the last line below) at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:159) at com.google.api.client.googleapis.json.GoogleJsonResponseException.execute(GoogleJsonResponseException.java:203) at com.google.api.client.googleapis.services.GoogleClient.executeUnparsed(GoogleClient.java:237) at com.google.api.client.http.json.JsonHttpRequest.executeUnparsed(JsonHttpRequest.java:207) at com.google.api.services.calendar.Calendar$Events$Insert.execute(Calendar.java:2775) at utils.googleCalendar.GoogleCalendarUtil.addEventToCalendar(GoogleCalendarUtil.java:134) and then today, i experienced a different issue/exception (my code is the last line below) at com.google.api.client.http.HttpResponse.getContent(HttpResponse.java:380) at com.google.api.client.http.json.JsonHttpParser.parserForResponse(JsonHttpParser.java:118) at com.google.api.client.http.json.JsonHttpParser.parse(JsonHttpParser.java:90) at com.google.api.client.http.HttpResponse.parseAs(HttpResponse.java:499) at com.google.api.services.calendar.Calendar$Events$Insert.execute(Calendar.java:2776) at utils.googleCalendar.GoogleCalendarUtil.addEventToCalendar(GoogleCalendarUtil.java:134) The stack trace below is the exception that occurred today. Does this look like a tomcat or google calendar issue? google calendar API has usage limits, so I am leaning toward google calendar API, but please advise. java.net.SocketTimeoutException: Read timed out at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.net.SocketInputStream.read(Unknown Source) at sun.security.ssl.InputRecord.readFully(Unknown Source) at sun.security.ssl.InputRecord.read(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) at sun.security.ssl.AppInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read1(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at sun.net.www.MeteredStream.read(Unknown Source) at java.io.FilterInputStream.read(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(Unknown Source) at java.util.zip.CheckedInputStream.read(Unknown Source) at java.util.zip.GZIPInputStream.readUByte(Unknown Source) at java.util.zip.GZIPInputStream.readUShort(Unknown Source) at java.util.zip.GZIPInputStream.readHeader(Unknown Source) at java.util.zip.GZIPInputStream.init(Unknown Source) at java.util.zip.GZIPInputStream.init(Unknown Source) at com.google.api.client.http.HttpResponse.getContent(HttpResponse.java:380) at com.google.api.client.http.json.JsonHttpParser.parserForResponse(JsonHttpParser.java:118) at com.google.api.client.http.json.JsonHttpParser.parse(JsonHttpParser.java:90) at com.google.api.client.http.HttpResponse.parseAs(HttpResponse.java:499) at com.google.api.services.calendar.Calendar$Events$Insert.execute(Calendar.java:2776) at utils.googleCalendar.GoogleCalendarUtil.addEventToCalendar(GoogleCalendarUtil.java:134) at utils.googleCalendar.GoogleCalendarUtil.deleteAndAddEvents(GoogleCalendarUtil.java:197) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at
Re: java.net.SocketTimeoutException: Read timed out
On Fri, Apr 12, 2013 at 7:45 PM, antoine philippe chaker philippe.cha...@gmail.com wrote: I think that Chuck is right : it has nothing to do with Tomcat, it's more a problem of communication between your webapp and the Google API. Agreed. :)
Re: java.net.SocketTimeoutException: Read timed out
On Fri, Apr 12, 2013 at 7:25 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: java.net.SocketTimeoutException: Read timed out The stack trace below is the exception that occurred today. Does this look like a tomcat or google calendar issue? It has nothing to do with Tomcat; it's your webapp that opened the connection to Google - Tomcat is completely unaware of it. Whether it's a Google limitation or a bug in your webapp can't be determined from just the stack trace. Best if you could get a network traffic capture for the incident and see if the request to Google is malformed, which might well result in the Google server ignoring it. - Chuck I agree, Chuck. Honestly, I didn't think it was my app, but your response lead me to believe that I may need to take a closer look at the (data I'm sending in the) request. I know that I'm sending google-maps URLs in the google calendar event description, and that may lead to this exception (should have provided that earlier). com.google.api.client.googleapis.json.GoogleJsonResponseException: 503 Service Unavailable { code : 503, errors : [ { domain : global, message : Backend Error, reason : backendError } ], message : Backend Error } at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:159) at com.google.api.client.googleapis.json.GoogleJsonResponseException.execute(GoogleJsonResponseException.java:203) at com.google.api.client.googleapis.services.GoogleClient.executeUnparsed(GoogleClient.java:237) at com.google.api.client.http.json.JsonHttpRequest.executeUnparsed(JsonHttpRequest.java:207) at com.google.api.services.calendar.Calendar$Events$Insert.execute(Calendar.java:2775) at utils.googleCalendar.GoogleCalendarUtil.addEventToCalendar(GoogleCalendarUtil.java:134) THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java.net.SocketTimeoutException: Read timed out
On Fri, Apr 12, 2013 at 8:02 PM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: On Fri, Apr 12, 2013 at 7:25 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: java.net.SocketTimeoutException: Read timed out The stack trace below is the exception that occurred today. Does this look like a tomcat or google calendar issue? It has nothing to do with Tomcat; it's your webapp that opened the connection to Google - Tomcat is completely unaware of it. Whether it's a Google limitation or a bug in your webapp can't be determined from just the stack trace. Best if you could get a network traffic capture for the incident and see if the request to Google is malformed, which might well result in the Google server ignoring it. - Chuck I tweaked the google calendar exception-handling code, a bit, and downloaded Wireshark. The next time it happens, I should be ready to debug/troubleshoot. I should have mentioned last time, that to workaround/resolve the issue, I stop tomee/tomcat, restart, and I run the utility within the webapp which can do 'manual' updates/pushes to google calendar. that 'always' works... so, based on that, i am under the assumption that the webapp is not to be blamed for the exceptions that I'm experiencing...over time, but I'm (still) considering all what you said and recommended though. May not be to the best interest of Atmosphere committer, but I reverted back to Atmosphere 1.0.12 (even though Atmosphere 1.0.13 snapshot seems to have some good/valid fixes, that don't seem so applicable to me and my use case), as I found that/1.0.12 as a stable release, and I experienced no issues. If I experience this issue again, it is time to revert to tomcat 7.0.37 and/or 7.0.35, after diving into Wireshark, while the issue is occurring. Hmmm, i think i remember someone posting an issue with their 'tomcat5' after windows did an automatic update on their machine (I assume, as it did on mine that same morning), but I forgot what was the person's issue and if issue was resolved. I know...I'd have to search the archives or recent history, since it was earlier this week. :) just trying to think out loud of all the 'changes' that occurred. it is clearly not a data issue (since a restart of tomcat and running my 'manual google calendar update' utility updates google calendar, successfully, with the same data that was attempted to be pushed via @Schedule and MDB), and i am not convinced (yet) that my app is to blame, but my app consists of any/all dependencies that I'm using...including tomee/tomcat. :) one of the tomee committer has advised me to use @Asynchronous instead of JMS/ActiveMQ. considering that, but i really don't feel the JMS/ActiveMQ is 'broke'... so, if it ain't broke, don't fix it.
Re: RE : Tomcat 6.0.35 Crashed again
On Thu, Apr 11, 2013 at 10:41 AM, Mark H. Wood mw...@iupui.edu wrote: Really, no one else can tell you what settings to use. The best we can hope for is some accepted rules of thumb *as starting points* for further tuning. +1 to Dan, Neven, and Mark's responses. Please consider-or-do 'everything' that they mentioned/recommended. I did want to share my java settings for my currently-considered-a-low-scale JSF web app running on Windows Server 2008 R2 64bit server with 32GB RAM. -XX:HeapDumpPath=D:\apache-tomee-plus-1.6.0-SNAPSHOT\temp -XX:+HeapDumpOnOutOfMemoryError -Djava.awt.headless=true -Dcom.sun.management.jmxremote.port=422 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Xms1024m -Xmx1024m -XX:MaxPermSize=384m -XX:+UseTLAB -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled I am very pleased with the GC performance of my app, and I do like to monitor the performance of the app via JMX remote connection via Java Visual VM. My app runs between 200m to 500m, but I am keeping Xms/Xmx=1024m just to see if I ever get an OOME; so far, so good (never experienced an OOME), but recently, I did experience some unexpected/unwanted behavior with one of my @Schedule processes which was attempting to sync some data from database to/with Google Calendar, and google Calendar service returned google calendar error 503, and I recognized that the memory got up to 500m, and the google calendar error 503 did not resolve itself over an hour (@Schedule executes every 2 to 4 minutes, if error occurs, then data is appended to the queue for later retry attempt). I never seen that behavior and I don't know if I will see it again; i wish I would have done a 'heap dump' instead of a 'stop' tomee/tomcat. Everyday, I listen and read these questions/responses on tomcat list, and I can't believe that I forgot to do a 'heap dump'. :( Also, please note that I occasionally stop-deploy-and-start tomee/tomcat almost-on-a-daily-basis to deploy new app-or-configuration-or-library updates; also, the app or tomee (or tomcat) seem to accumlate threadlocals over time, and if uptime is 1 day, then I 'think' I see that memory is not released, and I think eventually as uptime increases, then the app/tomee/tomcat will result in OOME. :) At any rate, hope this helps. Howard