from:"Howard W. Smith, Jr."

Chris,

On Tue, Mar 4, 2014 at 4:18 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 Dmitry,

 On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote:
  Howard, My connector config is the following (i've already posted
  that):
 
  Connector port=8443 maxHttpHeaderSize=8192 maxThreads=15000
  enableLookups=false disableUploadTimeout=true acceptCount=100
  scheme=https secure=true SSLEnabled=true compression=off
  SSLCertificateFile=/opt/tomcat/mycompany.com.crt
  SSLCertificateKeyFile=/opt/tomcat/mycompany.com.key /
 
  Also -Dhttps.protocols=TLSv1 option is passed to java machine
 
  The reason for me to use apr connector is https performance, isn't
  NIO much slower in that?

 I don't have any recent performance data, but using OpenSSL is
 apparently measurably faster than using JSSE.

 On the other hand, is the NIO connector does not crash, isn't that a
 point in its favor?


Can you please clarify your statements above? are you saying that OpenSSL
implies (or equals) NIO or APR?

I'm asking, because I only use NIO connector without SSL.

Re: Tomcat 7.0.52 NIO + Atmospere 1.0.18 damaged responses

On Wed, Mar 5, 2014 at 8:35 AM, Jan Dosoudil jan.dosou...@aura.cz wrote:

Hi,
we have application running on Tomcat 7.0.52 with Nio connector (a lot
older versions too), it uses MyFaces (2.1.12), RichFaces (4.3.5),
Atmosphere framework (1.0.18). Atmosphere framework is configured to use
long-polling with Tomcat Nio comet support.

I searched atmosphere google groups mail list, earlier, this morning, for

tomcat nio ssl

and found,

https://groups.google.com/forum/?fromgroups#!searchin/atmosphere-framework/tomcat$20nio$20ssl/atmosphere-framework/J685km4oOvM/2qZMzo4wyfAJ

that topic mentioned something similar to what you are stating here, and i
think they were using same/similar version of atmosphere (1.0.1x).

Sometimes simple request takes a long time to finish (correlates with
connectionTimeout set on Connector) and response is damaged. Here is
example of damaged response from server:

HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C524EA667CA4087407A5DCDEA1712E53; Path=/app/;
HttpOnly
Location: http://192.168.1.156:8080/app/login
Content-Length: 0
Date: Tue, 28 Jan 2014 16:10:54 GMT

Response packet contains exactly this data, no more data (headers) before
0. Example contains redirect but problem appears in JSF pages too. 0 is
end of chunked encoded response.

Problem went away by switching atmosphere from long-polling to WebSockets

+1 and this was mentioned in that thread (URL above), too.

so I think there may be problem in Atmospere framework long polling and
Tomcat async support. I've found workaround using socket.bufferPool=0 but
i think it's not final solution.

I don't have simple testcase to easily reproduce this problem. I've tried
turning on Tomcat debug logs, debugging Tomcat and so on but without usable
results. My opinion is that atmosphere framework uses NioChannel which
doesn't own but I'm not able to confirm or reject it.

Can you suggest me how to debug this problem or give me some tip to find
final solution?

have you considered upgrading to latest atmosphere version, retesting your
app, and sending a mail to atmosphere list about these issues?

also, is it a requirement or preference to use long-polling instead of
websocket? usually, i think it is default or recommended to upgrade to
websocket, and fallback to long-polling. is long-polling to support target
multiple-servers/platforms and/or clients?

Thanks,
Jan Dosoudil

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

On Mar 5, 2014 11:09 AM, Christopher Schultz ch...@christopherschultz.net
wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,

 On 3/5/14, 9:45 AM, Howard W. Smith, Jr. wrote:
  Chris,
 
  On Tue, Mar 4, 2014 at 4:18 PM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
  Dmitry,
 
  On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote:
  Howard, My connector config is the following (i've already
  posted that):
 
  Connector port=8443 maxHttpHeaderSize=8192
  maxThreads=15000 enableLookups=false
  disableUploadTimeout=true acceptCount=100 scheme=https
  secure=true SSLEnabled=true compression=off
  SSLCertificateFile=/opt/tomcat/mycompany.com.crt
  SSLCertificateKeyFile=/opt/tomcat/mycompany.com.key /
 
  Also -Dhttps.protocols=TLSv1 option is passed to java machine
 
  The reason for me to use apr connector is https performance,
  isn't NIO much slower in that?
 
  I don't have any recent performance data, but using OpenSSL is
  apparently measurably faster than using JSSE.
 
  On the other hand, is the NIO connector does not crash, isn't
  that a point in its favor?
 
 
  Can you please clarify your statements above? are you saying that
  OpenSSL implies (or equals) NIO or APR?

 APR implies OpenSSL, and I suppose vice-versa. APR is native code and
 uses OpenSSL for its SSL engine. All of the pure-Java connectors (BIO,
 NIO, and possible a soon-to-be-available NIO2 connector) all use JSSE
 (Java Secure Sockets Extension) for SSL. For whatever reason, OpenSSL
 is measurably faster than JSSE.

 If you are fronting Tomcat with a web server which terminates SSL
 itself, then I see no particular reason to use the connectors over the
 NIO connectors.

 (Note that you can still use APR for its entropy capabilities even if
 not using it for SSL. You'll get session ids coming from OpenSSL's
 random source instead of Java's. I'm not sure that matters too much.)

 - -chris

Understood. Thanks Chris!

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJTF0qNAAoJEBzwKT+lPKRYkIUQALqutaNWH1pLL1Gg89RgHyb+
 01ORV9O6q2fwtsIgW5WPurZr6gJAcf8K2C1bAkE6WCudgLrHjaTwQtb5peWFqHr0
 IiCLa2bVxkDXDPFy5ESViPTML6UPiOHBXa707ZAK3vzRB5jy6fHbqMVvPBRx4CzD
 T0jKAqU9Odj38QBaUWvCi1BNgc0J5i4OyXBDNJmchyB0G6tN29vYo9zpaUnl972e
 4qLzmWEGBzUnQ6y2zTga2fOZQJ4Lu5hQCLYmoCM84sU1Xl9BjHJ1Tn1mWm7jEm7V
 zMlIgFlJ/y65AUCqSRerMO5V5y4N+44CeQ2WV5v3hes4htAqRV7BFOgCfQW8e6Ng
 oqn4KLQU81rCOsN61tQIv1j17wkP6vux9WbaDScr+UVfjFZgdygaZvOLkmDs/bXG
 +b3DNsGVswOU4it2Y/cp6NAzwWDQfdfQUYDn9U/XOi9MnYSXNf+2dorTqnUhZ3Y7
 mbxrCFpwKdbgXTkvs1UPwOZVhJ8dBuno/HofKuqbd+s9SkF/eXZNdyWolRUQ8sdK
 KFWgByHW+18IM1RiBieu9/iGA1U4nUz0HvLo0UxXpN1GAXO/67/Hv2h/LiqB/tQh
 yVFbvEZV5bR64D9FoPFReGQG4as2NBfIrbFz4XhqHwps5DDYm7WsS4hK87PE7fNC
 qeyeWruqGubsZfwDrfft
 =ihsJ
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Optimization on simple requests

On Tue, Mar 4, 2014 at 1:54 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 John,

 On 3/4/14, 1:17 PM, John Smith wrote:
  Tomcat 7.0.42 on RHEL6.
 
  Assume that Tomcat is serving only one jsp page. Say it just
  rewrites a parameter value from the querystring to the html within
  the jsp.
 
  Also assume that there are ~200,000 users attempting to access that
  page - say almost simultaneously.
 
  What are the most relevant optimizations I can make to a single
  instance of tomcat for this scenario?

 So you want the highest-performance solution to the above scenario?

 As for Tomcat configuration, I would use the NIO connector with a
 large number of max connections (you'll have to see what practical
 size to give it) and a large number of threads in your thread pool
 (i.e. executor).

 NIO gets you the benefit of not blocking waiting for a second (or
 third, etc.) keepalive request to arrive over a connection before that
 thread can be used to do some real work. If all connections are
 Connection:close then this is less of an issue.

 If you have a big, beefy CPU relative to your Internet connection's
 bandwidth, you should probably enable compression on the connector:
 that will help you push bytes back to the client faster. You'll have
 to test whether or not this actually helps you in your particular
 situation, because you are trading CPU time for I/O time.

 Define only one Host element in your server.xml, and name it
 whatever your public hostname is: there is a slight optimization in
 the mapper that works slightly faster if you have exactly one Host
 element, and if that name matches the Host header from the request.
 (There is an even faster case for where there are no elements in the
 host list, then the default is used, but I'm not sure how to get a
 zero-element host list and yet still have a default host).

 Don't add any Valves or Filters that you don't absolutely need.

 I would remove any intermediate proxies that don't absolutely need to
 be there (like Apache httpd, Microsoft IIS, nginx, etc.). Tomcat
 itself comes fairly well-configured for performance out of the box
 (except for the use of the BIO connector, which gets the job done and
 it very stable and reliable, but certainly does not win any speed
 contests).

 If you want to optimize the hell out of the experience, you'll want to
 dump JSP: there's a lot of setup that goes into creating the
 environment in which a JSP page runs, and you don't mention that you
 need any of it above.

 If you just need to write HEADER + some value from query string +
 FOOTER, then try to do that all in 3 I/O writes, like this would be in
 a servlet:

 static final String HEADER = htmlheadtitleMy Fast
 Page/title/headbodyh1My Fast Page/h1pYour parameter value
 is i;
 static final String FOOTER = /i/p/body/html;

 void doGet(request, response) {

   ServletOutputStream out = response.getOutputStream();
   out.print(HEADER);
   out.print(request.getParameter(key));
   out.print(FOOTER);
 }

 To save network bandwidth, remove any non-essential whitespace from
 your text as I have done above.


+1 Chris.

What about, also, a servlet/filter to set header for caching resources on
the client for some period of time (if/when applicable)? :)



 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJTFiFPAAoJEBzwKT+lPKRYR5wP/iiaEcMIFxKBE9Rr9EP6ZhA+
 +fxznQ1QED232LlhvAAcAiAjnOOv/dzLxmC62dai9EZoV0/24WcMpYaEjaRo2jZu
 jIyeGb4Dn4ommJj7aPG+yesPRRTBY6j23SIauWbnRNBCggn/YCpOnjERuUHPtjMO
 G4kDeZaHGGjfirwTuPYCKxiKlYow6C4H8HUzLH84BvuktPPCgO16qbtCSCI0st+b
 av4pza4lzKSO3YsjS3PBNa7eI9q7zvLYqTeB7TziyLq7Jf5OOWPL73qUVJUgb54A
 M6GzvsdIYWHCigGZff0iHT3oNbDEteSVK7TPLP8+XzI8x8F+xsn5G8yv5wXhStDH
 44g2E2hZLwLhaaSiJqtxKGb2kTwoJA+CX33MnbngOkMGUO7SmRMlkx77d08GiYoA
 uvOKep8zz7R4Is8EZu5sdzUQSxPx2Y59uzQNMiBeER47d+hfu4aOl241QUrN2osO
 NsddzzXB6i9auvdhDdGUkNwbT2Iy8NtMKPBUvM+LWz2GC+8+/WyVeRjhQ5N3BUwc
 5YHCKrHVEgZR/NO7j6HvsqXBdUnbt8JNFp0O6XtkCUtlilDabki50wIqVXn/jEmc
 rG9YJKYDFDQdxJSEnpeZEw5+iDmORkSyIOEMw5htqVCCgeBRp2jeATVWKpdcM76G
 EJD/P6bdni3Vj7kthhjs
 =ADJI
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

2014-03-04 Thread Howard W. Smith, Jr.

On Mar 4, 2014 2:49 AM, Dmitry Batiyevskiy dmitry.batiyevs...@ardas.dp.ua
wrote:

 Howard,
 My connector config is the following (i've already posted that):

   Connector port=8443 maxHttpHeaderSize=8192
  maxThreads=15000
  enableLookups=false disableUploadTimeout=true
  acceptCount=100 scheme=https secure=true
  SSLEnabled=true
  compression=off
  SSLCertificateFile=/opt/tomcat/mycompany.com.crt
  SSLCertificateKeyFile=/opt/tomcat/mycompany.com.key /


Okay, thanks.

 Also -Dhttps.protocols=TLSv1 option is passed to java machine

 The reason for me to use apr connector is https performance, isn't NIO
much
 slower in that?


Chris recommended NIO. I'll let him answer your question.

 Regards,

 Dmitry Batiyevskiy

 Ardas Group Inc.

 www.ardas.dp.ua


 2014-03-04 2:04 GMT+02:00 Howard W. Smith, Jr. smithh032...@gmail.com:

  On Mon, Mar 3, 2014 at 11:22 AM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
   Dmitry,
  
   On 3/3/14, 6:06 AM, Dmitry Batiyevskiy wrote:
Can you advice how we can find the problem in app/environment like
this? What are possible ways to debug this?
  
   Honestly, I'd try switching to the NIO connector and resume your
   testing. If all is well, it may point to a bug in the APR connector
   and/or tcnative itself. If you are having similar problems with the
   pure-Java connectors, then the problem is likely something you are
   doing in your application that is causing an invalid state. You'll
   probably get better information from the Java stack trace than from an
   assertion-failure.
  
   Give that a try and let us know how things go.
 
 
  +1 Chris
 
  I have found much /continued/ success using NIO connector across tomcat
and
  atmosphere versions.

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

On Thu, Feb 20, 2014 at 11:00 AM, Dmitry Batiyevskiy 
dmitry.batiyevs...@ardas.dp.ua wrote:

 We have upgraded tomcat 7.0.42 to 7.0.50
 We have an app which is built around atmosphere framework and uses
 websockets
 After upgrade tomcat instance which has only this app dies in few hours
 after deploy (the whole java process dies)


How did you configure atmosphere?

which version of atmosphere are you using?

can you share your web.xml (atmosphere config)?

which atmosphere-related dependencies?

is atmosphere-related dependencies in tomcat/lib or in your WAR file?

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

On Mon, Mar 3, 2014 at 6:26 AM, Howard W. Smith, Jr. smithh032...@gmail.com
 wrote:


 On Thu, Feb 20, 2014 at 11:00 AM, Dmitry Batiyevskiy 
 dmitry.batiyevs...@ardas.dp.ua wrote:

 We have upgraded tomcat 7.0.42 to 7.0.50
 We have an app which is built around atmosphere framework and uses
 websockets
 After upgrade tomcat instance which has only this app dies in few hours
 after deploy (the whole java process dies)


 How did you configure atmosphere?

 which version of atmosphere are you using?

 can you share your web.xml (atmosphere config)?

 which atmosphere-related dependencies?

 is atmosphere-related dependencies in tomcat/lib or in your WAR file?


also, are you specifying servlet 3.0 (or 2.5) in your web.xml? can you
copy/paste that config as well?

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

On Mon, Mar 3, 2014 at 6:41 AM, Dmitry Batiyevskiy 
dmitry.batiyevs...@ardas.dp.ua wrote:

 Atmosphere dependencies from pom.xml:

 dependency
 groupIdorg.atmosphere.extensions/groupId
 artifactIdatmosphere-gwt20-server/artifactId
 version2.0.2/version
 /dependency

 dependency
 groupIdorg.atmosphere/groupId
 artifactIdatmosphere-runtime/artifactId
 version2.0.5/version
 /dependency


Looks good, but have you tried latest version (Atmosphere 2.1.0 runtime) ?
I don't know the appropriate 'gwt' version to use with Atmosphere 2.1.0
runtime. I think you can search the atmosphere wiki or mail list, or post a
mail there.

I know that Atmosphere 2.0.3 had specific changes/fixes that were in-line
with Tomcat 7.0.42, which supports your report that 7.0.42 is working (as
expected).



 Dependencies are in war file


okay.



 Atmosphere config from web.xml:

 servlet
 descriptionAtmosphereServlet/description
 servlet-nameAtmosphereServlet/servlet-name
 servlet-classorg.atmosphere.cpr.AtmosphereServlet/servlet-class
 load-on-startup1/load-on-startup
 async-supportedtrue/async-supported
 init-param


okay, good, i was looking for the async-supported to be set, since you're
using servlet 3.0.


 param-nameorg.atmosphere.cpr.AtmosphereInterceptor/param-name

 param-valuecom.mycompany.communicationengine.interceptor.SecurityContextInterceptor/param-value

 /init-param
 init-param
 param-nameorg.atmosphere.cpr.packages/param-name
 param-valuecom.mycompany.atm/param-value
 /init-param
 init-param
 param-nameorg.atmosphere.useNative/param-name
 param-valuetrue/param-value
 /init-param


snip


 init-param

 param-nameorg.atmosphere.cpr.broadcaster.maxProcessingThreads/param-name
 param-value30/param-value
 /init-param
 init-param

 param-nameorg.atmosphere.cpr.broadcaster.maxAsyncWriteThreads/param-name
 param-value30/param-value
 /init-param
 /servlet


/snip

Jeanfrancois advised me to accept the default config/settings (for
maxProcessingThreads and maxAsyncWriteThreads) instead of specifying low
values like you have (30). what happens when you comment out these
(atmosphere config) lines from your web.xml when using tomcat 7.0.50?

maybe someone here on tomcat list can advise why your max threads settings
is working with tomcat 7.0.42, but not with tomcat 7.0.50.



 This is top of web.xml:

 web-app xmlns=http://java.sun.com/xml/ns/javaee;
 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 xsi:schemaLocation=http://java.sun.com/xml/ns/javaee
 http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd;
 version=3.0


okay, good.



 Regards,

 Dmitry Batiyevskiy

 Ardas Group Inc.

 www.ardas.dp.ua


 2014-03-03 13:28 GMT+02:00 Howard W. Smith, Jr. smithh032...@gmail.com:

  On Mon, Mar 3, 2014 at 6:26 AM, Howard W. Smith, Jr. 
  smithh032...@gmail.com
   wrote:
 
  
   On Thu, Feb 20, 2014 at 11:00 AM, Dmitry Batiyevskiy 
   dmitry.batiyevs...@ardas.dp.ua wrote:
  
   We have upgraded tomcat 7.0.42 to 7.0.50
   We have an app which is built around atmosphere framework and uses
   websockets
   After upgrade tomcat instance which has only this app dies in few
 hours
   after deploy (the whole java process dies)
  
  
   How did you configure atmosphere?
  
   which version of atmosphere are you using?
  
   can you share your web.xml (atmosphere config)?
  
   which atmosphere-related dependencies?
  
   is atmosphere-related dependencies in tomcat/lib or in your WAR file?
  
  
  also, are you specifying servlet 3.0 (or 2.5) in your web.xml? can you
  copy/paste that config as well?

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

On Mon, Mar 3, 2014 at 9:52 AM, Dmitry Batiyevskiy 
dmitry.batiyevs...@ardas.dp.ua wrote:

 Thanks, I will try updating atmosphere and/or changing maxProcessingThreads


may not be completely related, but what is your maxThreads value in your
Connector .../ in server.xml ?

mine is below (found in tomee/conf/server.xml)

Connector port=8080
protocol=org.apache.coyote.http11.Http11NioProtocol
   maxThreads=150 connectionTimeout=2
acceptorThreadCount=2
   redirectPort=8443 socket.directBuffer=false/




 Regards,

 Dmitry Batiyevskiy

 Ardas Group Inc.

 www.ardas.dp.ua


 2014-03-03 16:33 GMT+02:00 Howard W. Smith, Jr. smithh032...@gmail.com:

  On Mon, Mar 3, 2014 at 6:41 AM, Dmitry Batiyevskiy 
  dmitry.batiyevs...@ardas.dp.ua wrote:
 
   Atmosphere dependencies from pom.xml:
  
   dependency
   groupIdorg.atmosphere.extensions/groupId
   artifactIdatmosphere-gwt20-server/artifactId
   version2.0.2/version
   /dependency
  
   dependency
   groupIdorg.atmosphere/groupId
   artifactIdatmosphere-runtime/artifactId
   version2.0.5/version
   /dependency
  
 
  Looks good, but have you tried latest version (Atmosphere 2.1.0 runtime)
 ?
  I don't know the appropriate 'gwt' version to use with Atmosphere 2.1.0
  runtime. I think you can search the atmosphere wiki or mail list, or
 post a
  mail there.
 
  I know that Atmosphere 2.0.3 had specific changes/fixes that were in-line
  with Tomcat 7.0.42, which supports your report that 7.0.42 is working (as
  expected).
 
 
  
   Dependencies are in war file
  
 
  okay.
 
 
  
   Atmosphere config from web.xml:
  
   servlet
   descriptionAtmosphereServlet/description
   servlet-nameAtmosphereServlet/servlet-name
   servlet-classorg.atmosphere.cpr.AtmosphereServlet/servlet-class
   load-on-startup1/load-on-startup
   async-supportedtrue/async-supported
   init-param
  
 
  okay, good, i was looking for the async-supported to be set, since you're
  using servlet 3.0.
 
 
   param-nameorg.atmosphere.cpr.AtmosphereInterceptor/param-name
  
  
 
 param-valuecom.mycompany.communicationengine.interceptor.SecurityContextInterceptor/param-value
  
   /init-param
   init-param
   param-nameorg.atmosphere.cpr.packages/param-name
   param-valuecom.mycompany.atm/param-value
   /init-param
   init-param
   param-nameorg.atmosphere.useNative/param-name
   param-valuetrue/param-value
   /init-param
  
 
  snip
 
 
   init-param
  
  
 
 param-nameorg.atmosphere.cpr.broadcaster.maxProcessingThreads/param-name
   param-value30/param-value
   /init-param
   init-param
  
  
 
 param-nameorg.atmosphere.cpr.broadcaster.maxAsyncWriteThreads/param-name
   param-value30/param-value
   /init-param
   /servlet
  
 
  /snip
 
  Jeanfrancois advised me to accept the default config/settings (for
  maxProcessingThreads and maxAsyncWriteThreads) instead of specifying low
  values like you have (30). what happens when you comment out these
  (atmosphere config) lines from your web.xml when using tomcat 7.0.50?
 
  maybe someone here on tomcat list can advise why your max threads
 settings
  is working with tomcat 7.0.42, but not with tomcat 7.0.50.
 
 
  
   This is top of web.xml:
  
   web-app xmlns=http://java.sun.com/xml/ns/javaee;
   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
   xsi:schemaLocation=http://java.sun.com/xml/ns/javaee
   http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd;
   version=3.0
  
  
  okay, good.
 
 
  
   Regards,
  
   Dmitry Batiyevskiy
  
   Ardas Group Inc.
  
   www.ardas.dp.ua
  
  
   2014-03-03 13:28 GMT+02:00 Howard W. Smith, Jr. 
 smithh032...@gmail.com
  :
  
On Mon, Mar 3, 2014 at 6:26 AM, Howard W. Smith, Jr. 
smithh032...@gmail.com
 wrote:
   

 On Thu, Feb 20, 2014 at 11:00 AM, Dmitry Batiyevskiy 
 dmitry.batiyevs...@ardas.dp.ua wrote:

 We have upgraded tomcat 7.0.42 to 7.0.50
 We have an app which is built around atmosphere framework and uses
 websockets
 After upgrade tomcat instance which has only this app dies in few
   hours
 after deploy (the whole java process dies)


 How did you configure atmosphere?

 which version of atmosphere are you using?

 can you share your web.xml (atmosphere config)?

 which atmosphere-related dependencies?

 is atmosphere-related dependencies in tomcat/lib or in your WAR
 file?


also, are you specifying servlet 3.0 (or 2.5) in your web.xml? can
 you
copy/paste that config as well?

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

On Mon, Mar 3, 2014 at 6:41 AM, Dmitry Batiyevskiy 
dmitry.batiyevs...@ardas.dp.ua wrote:

 init-param
 param-nameorg.atmosphere.useNative/param-name
 param-valuetrue/param-value
 /init-param


also, i wonder what your test results will be if you comment out the lines
above from your web.xml.

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

On Mon, Mar 3, 2014 at 11:22 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 Dmitry,

 On 3/3/14, 6:06 AM, Dmitry Batiyevskiy wrote:
  Can you advice how we can find the problem in app/environment like
  this? What are possible ways to debug this?

 Honestly, I'd try switching to the NIO connector and resume your
 testing. If all is well, it may point to a bug in the APR connector
 and/or tcnative itself. If you are having similar problems with the
 pure-Java connectors, then the problem is likely something you are
 doing in your application that is causing an invalid state. You'll
 probably get better information from the Java stack trace than from an
 assertion-failure.

 Give that a try and let us know how things go.


+1 Chris

I have found much /continued/ success using NIO connector across tomcat and
atmosphere versions.

Re: Newbie Help - Up and Running with Tomcat on Windows

2014-02-25 Thread Howard W. Smith, Jr.

On Tue, Feb 25, 2014 at 7:55 AM, Daniel Mikusa dmik...@gopivotal.comwrote:

It might be something as obvious as not having Java EE
 installed separately.  Perhaps Tomee+ will provide all that is needed.

 What specifically do you need?  Tomcat is not a full JEE container.  It
 implements the Servlet, JSP, EL and WebSockets specs.

   http://tomcat.apache.org/whichversion.html

 If you need more then you could look at something like Apache Tomee or
 Apache Geronimo.


+1 i agree, if you need full JEE container, my recommendation is TomEE.

When I was trying to migrate from Glassfish to tomcat, i found it very
difficult to run my Java EE (JSF) web application via Tomcat 7. I had to
search for JARs and place them in tomcat/lib folder. Even after locating
some JARs and placing them in tomcat/lib folder, I failed to run my JSF web
aplication via tomcat7. I have seen (many) others have success running
their Java EE (JSF) web application via tomcat7.

After multiple failed attempts in late 2012, trying to run my JSF web
application in tomcat 7, I downloaded tomee, emailed my questions to tomee
user list, and finally, i had success running my JSF web application via
tomee (which is tomcat + java EE, etc...).

I don't recommend using Geronimo. I think Geronimo
effort/development/maintenance has transitioned to TomEE. Again, I
definitely recommend TomEE, and tomee user list is just as helpful as
tomcat user list. many of your tomcat-related questions can/should be asked
on tomcat list.

FYI, I have been using NetBeans 7.2+ to start/stop TomEE via
NetBeans/tomcat7 plugin. I usually build WAR via NetBeans, and drop my WAR
in tomee/webapps folder. On my development PC/server, I use NetBeans to
start/stop TomEE server, and on my production server, I use tomcat7w.exe
(or the equivalent that is installed in tomee/bin folder) to
install/start/stop the tomcat7 (or tomee) Windows Service on my Windows
Server 2003/2008 server.

My development server is Windows Server 2008 (Vista version), and my
production server is Windows Server 2008 (Windows 7) version. I would
assume that you should have no issues using Windows 8.x; i really don't
have any experience with Windows 8.x though.

Re: Newbie Help - Up and Running with Tomcat on Windows

2014-02-25 Thread Howard W. Smith, Jr.

On Tue, Feb 25, 2014 at 10:30 AM, Daniel Mikusa dmik...@gopivotal.comwrote:

 On Feb 25, 2014, at 10:13 AM, Howard W. Smith, Jr. smithh032...@gmail.com
 wrote:

  On Tue, Feb 25, 2014 at 7:55 AM, Daniel Mikusa dmik...@gopivotal.com
 wrote:
 
   It might be something as obvious as not having Java EE
  installed separately.  Perhaps Tomee+ will provide all that is needed.
 
  What specifically do you need?  Tomcat is not a full JEE container.  It
  implements the Servlet, JSP, EL and WebSockets specs.
 
   http://tomcat.apache.org/whichversion.html
 
  If you need more then you could look at something like Apache Tomee or
  Apache Geronimo.
 
 
  +1 i agree, if you need full JEE container, my recommendation is TomEE.

 I don't believe Tomee is a full JEE container.  As I understand it, it
 targets the Web Profile.

Apache TomEE, pronounced Tommy, is an all-Apache stack aimed at Java
 EE 6 Web Profile certification

   https://tomee.apache.org/apache-tomee.html

 The Web Profile is a subset of the full JEE platform.  This contrasts to
 Apache Geronimo which targets the full JEE stack.

 
  When I was trying to migrate from Glassfish to tomcat, i found it very
  difficult to run my Java EE (JSF) web application via Tomcat 7. I had to
  search for JARs and place them in tomcat/lib folder. Even after locating
  some JARs and placing them in tomcat/lib folder, I failed to run my JSF
 web
  aplication via tomcat7. I have seen (many) others have success running
  their Java EE (JSF) web application via tomcat7.
 
  After multiple failed attempts in late 2012, trying to run my JSF web
  application in tomcat 7, I downloaded tomee, emailed my questions to
 tomee
  user list, and finally, i had success running my JSF web application via
  tomee (which is tomcat + java EE, etc...).
 
  I don't recommend using Geronimo. I think Geronimo
  effort/development/maintenance has transitioned to TomEE. Again, I
  definitely recommend TomEE, and tomee user list is just as helpful as
  tomcat user list. many of your tomcat-related questions can/should be
 asked
  on tomcat list.

 I can't comment on the fitness of either project, as I don't use them
 personally, but my understanding is that they are not competing projects.
  TomEE, like the JEE Web Profile, is simply a middle ground between Tomcat
 and Geronimo.

 Dan


agree on all counts, Dan. I stand corrected, thanks.

My response was not intended to show any level of competition between TomEE
and Geronimo. I think both projects share committers, or the same person as
lead for both projects. Recently, I learned/read that Geronimo targeted or
was developed for IBM.

As a TomEE user, i know that TomEE is alive and well. I don't think the
same could be said about Geronimo.



 
  FYI, I have been using NetBeans 7.2+ to start/stop TomEE via
  NetBeans/tomcat7 plugin. I usually build WAR via NetBeans, and drop my
 WAR
  in tomee/webapps folder. On my development PC/server, I use NetBeans to
  start/stop TomEE server, and on my production server, I use tomcat7w.exe
  (or the equivalent that is installed in tomee/bin folder) to
  install/start/stop the tomcat7 (or tomee) Windows Service on my Windows
  Server 2003/2008 server.
 
  My development server is Windows Server 2008 (Vista version), and my
  production server is Windows Server 2008 (Windows 7) version. I would
  assume that you should have no issues using Windows 8.x; i really don't
  have any experience with Windows 8.x though.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 appears slow to process jsp pages

2014-02-12 Thread Howard W. Smith, Jr.

On Wed, Feb 12, 2014 at 9:57 AM, john.kief...@engilitycorp.com wrote:

 Testing Tomcat 8 I watch the console and see the Java and sql processing
 complete, then wait a full minute for the webpage to appear. With Tomcat 7
 there is no wait. Just to verify, while composing this I opened a web page
 within the application and stared at a white screen for almost exactly
 sixty seconds.  I


I have used Tomcat 7.0.32+ (7.0.32, 34, 35, 37, 39, 40, 42, 47, ...) since
I use TomEE, and I experienced that some time in the past. When I
experienced that, I closed the browser with anticipation to break/cancel
the HTTP request, and reopened browser and webapp page. Eventually, as time
went on, i did not experience that anymore, and I don't see that anymore.
There was 'maybe' some app changes that I made (and/or some improvements
between Tomcat and TomEE), but it may have been caused by database
deadlock. I'm not sure. I haven't experienced that for some months now,
maybe 6+ months.

you may need to change your jdbc Resource/ settings. One of tomcat
committers, Christopher Schultz wrote a good article about tomcat jdbc[1]
and how to configure it to meet your needs. I think i read it a few times
and changed my jdbc settings sometime ago, and I think that may have solved
the tomcat-request-white-page-in-browser issue/behavior that I experienced
in the past.


[1]
http://blog.christopherschultz.net/index.php/2009/03/16/properly-handling-pooled-jdbc-connections/

Re: Clustering without Apache in the front

2014-02-07 Thread Howard W. Smith, Jr.

On Wed, Jan 29, 2014 at 10:24 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

  Now, as Chris pointed out - it would be great to design your app
  that it saves the intermediate work to a database or some secondary
  store that can be retrieved upon login again. Think shopping
  cart, you are shopping around, the instance goes down, you need to
  login again, and a nice application would persist shopping cart for
  you, not so nice application would not, so when logged in again -
  the shopping cart would be available or not :)

 Exactly. Our strategy - for those interested - is to include enough
 information in each request / form to allow users whose work is
 interrupted by a login to resume their workflow (in progress) after an
 interrupted session. This has the added benefit of allowing users to
 go get a cup of coffee, have their session expire, and pick-up where
 they left-off after a quick re-login.


+1 just experienced this in an (on-the-job) online training that I'm
completing.

I started an online training 'session' (in a single browser) hours ago,
started multitasking on-the-job, go back to the online training, and scroll
down (via wheel on my mouse) a little and read the page, multitask, come
back to online training, scroll down (via wheel on my mouse) more and do
some more reading, and later after more multitasking, the session was
closed (maybe via AJAX), and I have a 404 error in the browser.

So, i close the browser, click the URL to begin/resume the online training,
and the online training opens in the browser to the very exact position on
the page that I was last reading. Now, that is real nice!

I don't know what they are doing, but they may have some AJAX method on the
client that updates database on server, and database update includes what
part/position of the page I last read.

Re: unable to start Tomcat through the Windows Services panel

2014-02-06 Thread Howard W. Smith, Jr.

On Wed, Feb 5, 2014 at 2:09 PM, javier_esp...@hna.honda.com wrote:

 OK, this is what I see in the Event Viewer under General tab
 The tomcat7 service terminated with service-specific error Incorrect
 function..

 Under Details tab, I see the following in XML view
 - Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event;
   - System
 Provider Name=Service Control Manager Guid=
 {555908d1-a6d7-4695-8e1e-26931d2012f4} EventSourceName=Service
 Control Manager /
 EventID Qualifiers=491527024/EventID
 Version0/Version
 Level2/Level
 Task0/Task
 Opcode0/Opcode
 Keywords0x8080/Keywords
 TimeCreated SystemTime=2014-02-05T19:04:06.253413900Z /
 EventRecordID67562/EventRecordID
 Correlation /
 Execution ProcessID=872 ThreadID=6044 /
 ChannelSystem/Channel
 ComputerTORAHMLF3DTKX1.am.mds.honda.com/Computer
 Security /
 /System
   - EventData
 Data Name=param1tomcat7/Data
 Data Name=param2%%1/Data
 /EventData
   /Event

   Can anyone tell me what that is trying to tell me?

   Thank you


did you see anything else in the Event Viewer that occurred around the same
time that this event occurred (in Event Viewer)?

also, i wonder if he following can help solve this issue?

  - EventData
Data Name=param1tomcat7/Data
Data Name=param2%%1/Data
/EventData

Re: unable to start Tomcat through the Windows Services panel

2014-02-06 Thread Howard W. Smith, Jr.

On Thu, Feb 6, 2014 at 11:42 AM, Jeffrey Janner jeffrey.jan...@polydyne.com
 wrote:

  -Original Message-
  From: André Warnier [mailto:a...@ice-sa.com]
  Sent: Thursday, February 06, 2014 10:33 AM
  To: Tomcat Users List
  Subject: Re: unable to start Tomcat through the Windows Services panel

  Hi.

  javier_esp...@hna.honda.com wrote:
   OK, this is what I see in the Event Viewer under General tab The
   tomcat7 service terminated with service-specific error Incorrect
   function..

  Let's start from the beginning.

  If you don't get logfiles in the Tomcat/logs directory, then chances
  are that Windows does not even begin to run Tomcat, and that there is
  an error right at the start, when it tries to run it.

  So first read this : http://wiki.apache.org/tomcat/FAQ/Windows#Q11

  That will explain /what/ you are actually running, when you (try to)
  run Tomcat as a Service in Windows, and why it is different from
  running Tomcat in a command window.
  Go ahead, read it, we'll wait right here.

  ... some time later :

  Now you know
  - that tomcat7.exe is a Windows executable program
  - it is the program which the Windows Service Manager tries to start,
  when you start the
  Tomcat7 Service
  - but tomcat7.exe is not really Tomcat; it is a wrapper program that
  runs the Java JVM which in turn runs Tomcat.

  And to start the Java JVM, and pass to this java JVM the appropriate
  parameters, tomcat7.exe reads these parameters from the Windows
  Registry somewhere.

  And to be nice, the Tomcat developers have even provided a specialised
  GUI editor, that allows you to view, set or modify these Tomcat
  Registry parameters that are used by tomcat7.exe.
  And that is the program tomcat7w.exe.  So go ahead now, double-click on
  tomcat7w.exe, and look at the information it shows in the various tabs.
  That is probably where something is wrong.

  Or else what is wrong, is that the version of tomcat7.exe that you have
  installed, does not match the version of Windows that you are running.
  For example, tomcat7.exe is a 32-bit program, but your Windows PC runs
  a 64-bit version of Windows.  Or vice-versa.

  Or that in the Service definition of the Tomcat7 Service, the path to
  tomcat7.exe is incorrect.
  You see that path in the first tab of the GUI.

 André -
 Good points. I'd been following this thread out of curiosity and was just
 beginning to think that it was obviously a service configuration error.

Agreed, and I was following this thread for the same reason.

 I don't have the entire thread handy, and haven't looked at MarkMail, but
 I don't remember anyone asking the OP exactly *how* he installed the
 service.

I had the same thought.

 One would assume he used the bat file that is designed to do this, since
 he mentions running tomcat from the console using startup.bat (a clear
 giveaway that he's not using the fine Windows installer package that
 someone spent a lot of time crafting).

Honestly, I forgot all the specific details of how/when I installed
tomcat/tomee as a Windows service, but I found it quite intuitive...using
the .bat file approach via Windows Command Prompt. The .bat file informed
me of the proper 'usage', and I easily installed tomcat/tomee as a Windows
Service, via command line (or .bat file), accordingly.

And I do use the tomcat7w.exe to modify java options, etc... I never have
to open Windows 'Services' to start/stop tomcat/tomee.

Re: Clustering without Apache in the front

2014-01-28 Thread Howard W. Smith, Jr.

On Tue, Jan 28, 2014 at 3:42 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 Thus I will probably never have to use clustering.


Loving your responses on this topic, Chris. I do not want to hijack this
thread, but i find this topic interesting, and your responses make it more
interesting!

Honestly, I don't need clustering (yet) in my app, but I feel as though
endusers of my app will be fine in a failover situation (as you described
in this thread). Endusers of my app have to login a lot since I set session
expired = 15 minutes. no complaints from the endusers, because they are in
and out of the app...all day, (almost) every day.

the only time I really need failover is when I 'might' want to update the
app's software. the app is quite stable now and not many software changes
right now, so again, there's not much of a need for failover. :)

still listening in on this topic. :)

Re: Clustering without Apache in the front

2014-01-28 Thread Howard W. Smith, Jr.

On Tue, Jan 28, 2014 at 8:59 PM, Neven Cvetkovic
neven.cvetko...@gmail.comwrote:

 On Tue, Jan 28, 2014 at 3:54 PM, Howard W. Smith, Jr. 
 smithh032...@gmail.com wrote:

   Thus I will probably never have to use clustering.
 
  Loving your responses on this topic, Chris. I do not want to hijack this
  thread, but i find this topic interesting, and your responses make it
 more
  interesting!
 
 
 +1. Great discussion, as always :)


  Honestly, I don't need clustering (yet) in my app, but I feel as though
  endusers of my app will be fine in a failover situation (as you described
  in this thread). Endusers of my app have to login a lot since I set
 session
  expired = 15 minutes. no complaints from the endusers, because they are
 in
  and out of the app...all day, (almost) every day.
 

 Ultimately, session stickiness works great to handle load balancing
 (workload management), but it is not enough for session failover. In the
 unlikely event that the serving tomcat instance dies, the user will be sent
 over to the other tomcat instance (that doesn't know anything about you,
 i.e. doesn't have your session data), and will probably need to login
 again. Now, as Chris pointed out - it would be great to design your app
 that it saves the intermediate work to a database or some secondary store
 that can be retrieved upon login again. Think shopping cart, you are
 shopping around, the instance goes down, you need to login again, and a
 nice application would persist shopping cart for you, not so nice
 application would not, so when logged in again - the shopping cart would be
 available or not :)


+1 (000,000,000,...)

wow, thanks Neven. That was a great thought/analogy right there. As someone
that uses amazon.com quite often, I do like the shopping cart feature, even
though I have not recognized if my shopping cart was saved across
sessions... oh, but you just jogged my memory, and a product that I looked
at recently, amazon.com sent that product (and similar products) to my
email... so evidently, 'interests' are persisted per user/session.

'not so nice application would not'... wow, i definitely accept that as
constructive criticism. thanks.


 Now, if your end users can live with that scenario - that's great - no need
 for session replication, clustering your instances, network chatter, etc...
 It definitely simplifies the configuration and setup.

 However, if your end users (i.e. your Service-Level-Agreement / SLA) do
 require a proper session failover, you will need some sort of session
 replication to successfully implement that feature. That's not trivial and
 depends on the appserver (e.g. Tomcat, JBoss, WebSphere, Weblogic). Session
 replication is not part of the official JEE/Servlet spec, but most modern
 and serious appservers would provide some way of replicating sessions and
 clustering appserver instances.


+1 definitely here for tomcat (a serious appserver). :)



 Now, if you could make you application stateless - you could possibly turn
 off the sticky sessions.  Makes things very easy to scale!


+1 thanks. even though my app is Java Server Faces app, I would say it is
quite stateless in nature/design, since users accomplish majority of their
daily tasks via one-page requests. of course,

1. one page is required to login
2. another/one page is required to search/filter/navigate-to target data
that already exists in the database
3. another/one page is required to add/update data, or to take some action
against that data (print data/form, email data/form to customer, etc...)

and this is normal user activity; some users let their session expire after
completing steps 1 and 2 above, or steps 1, 2, and 3 above.

In reference to the shopping cart suggestion, I would assume that you would
suggest that steps 2 and 3, above, are persisted, so users can resume
previous session.


 :))

 the only time I really need failover is when I 'might' want to update the
  app's software. the app is quite stable now and not many software changes
  right now, so again, there's not much of a need for failover. :)
 

 Excellent! Keep it simple!


+1 thanks; that's my goal...keep it simple (for the endusers). :)


 Good luck!
 Neven

Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system

2014-01-24 Thread Howard W. Smith, Jr.

On Fri, Jan 24, 2014 at 11:41 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,

 On 1/23/14, 11:31 PM, Howard W. Smith, Jr. wrote:
  Instead of downloading Linux and trying it out, on my own, I just
  decided to stay with Windows. it just works (for me).

 I'm honestly glad to hear that you are having a good experience with it.

 Do you manage a lot of machines, or just one or two?


Just 2 servers for now.


 Until recently,
 the *NIX world didn't have great (maybe just inexpensive/free)
 cluster-management utilities like Puppet. I believe Windows had that
 capability (e.g. Tivoli) much earlier, though I think it was initially
 aimed at administering fleets of workstations, not servers. Extending
 that capability to manage servers was probably trivial.

  I hope things have changed, but everyone I ever knew that ran
  Windows Server OSs in production had scheduled rolling-reboots of
  their servers because things just tended to work when they did
  that. Otherwise, stuff would fail with some regularity (like
  every 3 days). It's not clear to be whether restarting the OS or
  restarting the application did the trick -- as we all know, most
  Tomcat problems are actually webapp problems. In all my time
  working with Linux servers, I've never had to resort to such
  foolishness, nor has anyone else I have known. I've had servers
  running for over a year without a reboot. (They usually get a
  reboot for certain software upgrades, so years-running servers
  don't really exist... or shouldn't).
 
 
  I have seen posts on this list about people experiencing issues
  with Windows updates and their tomcat/database not starting or
  shutting down successfully (or as expected)... i do not experience
  these things...at all. Yes, I did send several emails to the tomee
  list, asking why did my tomee/tomcat server restart at night around
  3am. I, then, learned it was the automatic Windows updates that I
  configured. So, after I learned that it was the automatic updates
  and that my app shutdown properly and restarted automatically
  (since I configured the tomcat/tomee service to start,
  automatically on/after boot), and no database corruption and no
  errors in the log. My Java EE app and tomcat/tomee shuts down and
  restarts gracefully inspite/through-it all.

 Great! I wish you the best of luck.


Thanks. At the moment, I don't have a need for cluster management, because
the app performs really well, but I'm hoping to refactor the app (quite) a
bit, so I can market the app to other businesses. After all that, i may
need to consider cluster management, more servers etc.

Also, some day, I may consider migrating to Linux. On the to-do list when I
have bandwidth to do so.



 - -chris

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJS4pehAAoJEBzwKT+lPKRYrMAQAJH9Jyz6V1C2Cx913B//NdKI
 rzSZOgBDRMLwi3eORY/cE5FJ0bW+5khP9BryIJ/AeHxY4zDyMgx8ICJot/wtI1QI
 Ru2hdjr+YMjE4TZmtpI9khBgKwb5HKJ7q27RQaxgN08BzH/t0tPQOmrIxO0+Z1lO
 mxiEw7DomEG0Xbsv4u2oAlu8GlBYOMWZ5AC4a/ag1u2k65kS/JEneLYSBNepuMlJ
 aIRfd4WUE+qjoykHo9uSR6XLaJEj5igozuCCrCcIL7u5NuBzeH3Gc56GGnV0V9Ye
 Qygpr+T0j6MS+Yza92ybng7g7QcKB6lh5maMYalnj/G/bU2I1Q4mcBtZsxsrevin
 NB5QJgvbZ+wZJeWQMH5h92v//zh0c8r0WZrVTF81ZYxXYo8HAwRFagKzY6qBxBeS
 njnXim86JBooPW1JhxYalrNgKV1pK7MxfTNkfvmK18L3ALMhf5A2qhd8Q3BIsWOQ
 Yi6t4JUlOGM32/3NcYcIT6/rYdIEZLOv9VEabV5WvcMQnq++ViUHjV64hWlknvCB
 hoRHN45ipj51vC6VRY6nq/FZ+L5gIWzb9q719sVGjwfLiFkF63biVppwYO5adWD+
 pubXRs7Toxd1uYGM0bi3ruq/dL9B6m9EzIKN6nZsW4wrTWIvVNU/i0IWoNXHffJw
 ygFownq0oWKSG86riRfZ
 =6Aq+
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Notification strategy for OutOfMemoryError

On Thu, Jan 23, 2014 at 8:21 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 Glad to see my thoughts were useful. If you'd care to post your code
 to either the list or onto the wiki, I'm sure it would be useful to
 someone.


+1 I love it when others share code, and thanks for suggesting that Chris.

Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system

On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Konstantin,

 On 1/22/14, 9:03 AM, Konstantin Preißer wrote:
  Hi Jeffrey,
 
  -Original Message- From: Jeffrey Janner
  [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21,
  2014 10:19 PM
 
  Eureka, I finally figured it out! It was a real eureka moment,
  some remembrance burned its way up from my subconscious and I had
  the answer. Ready guys?  Really surprised no one mentioned it. It
  was Windows F-ing Firewall!
 
  Good to hear that you could find and solve the problem.
 
  (Off topic:)
 
  I HATE WINDOWS!!
 
  What I can't quite understand is, how one can hate Windows or its
  F-ing firewall, if they just do what they were configured to
  do... ;-)
 
  When setting up the Windows Firewall, I normally only create rules
  for specific (TCP) ports, not for specific executables, so that the
  firewall allows connections to a TCP port regardless of what the
  name or path of the executable is.

 Actually, as surprising as it can sometimes be, I find that the
 Windows firewall is better than iptables *because* it /can/ do things
 like this. You can make your system a bit safer.

 For instance, if your server is compromised (yes, I know, once you're
 owned, you're owned) and the attacker installs some malware of some
 kind, that malware will not be able to bind to a port or even make
 outgoing connections, even on standard outgoing ports -- for
 instance HTTP.

 Lots of malware connects to external CC servers to give instructions,
 and the Windows wirewall makes it easy to prevent that from happening
 even when ports like 80 are used -- and typically left wide-open on
 servers.

 - -chris


+1 chris, and for these reasons/features (and more), I LOVE WINDOWS (SERVER
2008)!!! :)

Re: [OT] Out of memory exception - top posting

On Thu, Jan 23, 2014 at 2:08 PM, André Warnier a...@ice-sa.com wrote:


 Either people don't read the rules, or they do not understand the rule, or
 they just ignore it.


I agree. As a tomcat/tomee user, I joined the list, primarily, to listen in
on topics (that interest me), so I learned, very quickly, that top-posting
is not preferred, here.


 Anyway, it seems that we're spending more time lately asking people to not
 top-post, than actually providing answers to their questions.


Actually, it seems as though (tomcat lead) Mark Thomas (and others) have
been quite tolerable of recent top-posting, and still offer advice and
responses (sometimes) without the inevitable, 'don't top post'
phrase/response.

+1 for those always and/or unconditionally providing support to tomcat
users.

Also, gmail makes it easy for me to honor the rule against top-posting.

Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system

On Thu, Jan 23, 2014 at 10:07 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,

 On 1/23/14, 9:05 PM, Howard W. Smith, Jr. wrote:
  On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
  -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
 
  Konstantin,
 
  On 1/22/14, 9:03 AM, Konstantin Preißer wrote:
  Hi Jeffrey,
 
  -Original Message- From: Jeffrey Janner
  [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January
  21, 2014 10:19 PM
 
  Eureka, I finally figured it out! It was a real eureka
  moment, some remembrance burned its way up from my
  subconscious and I had the answer. Ready guys?  Really
  surprised no one mentioned it. It was Windows F-ing
  Firewall!
 
  Good to hear that you could find and solve the problem.
 
  (Off topic:)
 
  I HATE WINDOWS!!
 
  What I can't quite understand is, how one can hate Windows or
  its F-ing firewall, if they just do what they were configured
  to do... ;-)
 
  When setting up the Windows Firewall, I normally only create
  rules for specific (TCP) ports, not for specific executables,
  so that the firewall allows connections to a TCP port
  regardless of what the name or path of the executable is.
 
  Actually, as surprising as it can sometimes be, I find that the
  Windows firewall is better than iptables *because* it /can/ do
  things like this. You can make your system a bit safer.
 
  For instance, if your server is compromised (yes, I know, once
  you're owned, you're owned) and the attacker installs some
  malware of some kind, that malware will not be able to bind to a
  port or even make outgoing connections, even on standard
  outgoing ports -- for instance HTTP.
 
  Lots of malware connects to external CC servers to give
  instructions, and the Windows wirewall makes it easy to prevent
  that from happening even when ports like 80 are used -- and
  typically left wide-open on servers.
 
  - -chris
 
 
  +1 chris, and for these reasons/features (and more), I LOVE WINDOWS
  (SERVER 2008)!!! :)

 It's firewall notwithstanding, Microsoft Windows is a really terrible
 server OS. At least Powershell gave admins the capability to do things
 without having to use a GUI for every damn thing, but there is just
 too much BS in a Windows box for me to ever consider it for a server.


You are definitely entitled to your opinion and OS preference. Since
majority of my experience has been Windows (and even though I love being a
keyboard user and hate to operate a mouse), the GUI does not bother me,
since I have learned to use keyboard shortcuts to help me operate Windows
apps (or GUI, as you call it), been doing those keyboard shortcuts for
almost 20 years now. :)



 Add to that the fact that you have to pay insane license fees, though
 you would also have to do that I suppose if you used SCO, AIX, etc.
 Solaris, BSD, and Linux are all free and have entire ecosystems that
 aren't dominated by the closed-source paradigm.


Actually, I have found Linux to be 'attractive', since it is 'free' and
since there is less GUI and more command-line there. I had some exposure to
Linux and Unix in the past, and I fell in love with UNIX just before I
graduated from college, and it was at that point that I made that
statement, I can see myself doing this (SPARC machine, Unix OS, and
keyboard, programming etc...) for the next 5 to 10 years (as a career)...I
was really in love with the keyboard (most of all, in the computer lab). :)

Instead of downloading Linux and trying it out, on my own, I just decided
to stay with Windows. it just works (for me). And I usually only need 1 or
2 client access licenses (CALs) per server, since I am the primary person
that remotely access the server. The servers are primarily used as file
servers, until recently, when I developed my first Java EE web application
within the last 2 years, so now 1 of the 2 Windows servers are used only as
a web (app) server.


 I hope things have changed, but everyone I ever knew that ran Windows
 Server OSs in production had scheduled rolling-reboots of their
 servers because things just tended to work when they did that.
 Otherwise, stuff would fail with some regularity (like every 3 days).
 It's not clear to be whether restarting the OS or restarting the
 application did the trick -- as we all know, most Tomcat problems are
 actually webapp problems. In all my time working with Linux servers,
 I've never had to resort to such foolishness, nor has anyone else I
 have known. I've had servers running for over a year without a reboot.
 (They usually get a reboot for certain software upgrades, so
 years-running servers don't really exist... or shouldn't).


I have seen posts on this list about people experiencing issues with
Windows updates and their tomcat/database not starting or shutting down
successfully (or as expected)... i do not experience these things...at all.
Yes, I did

Re: Getting 404 before the container starts all servlets

2014-01-11 Thread Howard W. Smith, Jr.

On Sat, Jan 11, 2014 at 4:40 AM, Mark Thomas ma...@apache.org wrote:

 On 10/01/2014 23:08, Adrian Tarau wrote:
  I tried with 7.0.47 and I still get 404 regardless of the the state of
  bindOnInit.

 Tomcat doesn't serve *any* requests until everything (including
 applications) has started up. bindOnInit only controls when it starts
 accepting connections.

 You should only see any response (including 404s) once all the
 applications have reported that they have started.

 From what you describe it appears that your application is continuing to
 do some initialisation after it has reported it is started.

 Servlets do use lazy init by default but a request to a servlet should
 not complete until after the servlet has finished initialising.

 All the indications are that the 404s you are seeing are a result of how
 your application is designed.


+1, and well said, Mark!

Re: exception-message header reveals path to document root in 404 response.

2014-01-11 Thread Howard W. Smith, Jr.

On Fri, Jan 10, 2014 at 7:02 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

 Here's Tomcat's standard 404 response:

 HTTP/1.1 404 Not Found
 Server: Apache-Coyote/1.1
 Content-Type: text/html;charset=utf-8
 Content-Length: 1027
 Date: Fri, 10 Jan 2014 23:59:34 GMT


Wow, when I saw this last night, I shook my head and said to myself,

Server: Apache-Coyote/1.1

this may be one of the reasons why my server/web-app are subject to
repeat-offender attacks from certain/few IP addresses in China/Vietnam.

I never new that a 404 would expose the server name (apache coyote). I
guess/assume that once they see that server name in the 404 response, some
of those bots continue to try and try.

Re: exception-message header reveals path to document root in 404 response.

2014-01-11 Thread Howard W. Smith, Jr.

On Sat, Jan 11, 2014 at 9:01 AM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
  Subject: Re: exception-message header reveals path to document root in
 404 response.

  Wow, when I saw this last night, I shook my head and said to myself,

  Server: Apache-Coyote/1.1

  this may be one of the reasons why my server/web-app are subject to
  repeat-offender attacks from certain/few IP addresses in China/Vietnam.

 For the truly paranoid (to quote from the docs), look at the server
 attribute of the Connector element:
 http://tomcat.apache.org/tomcat-7.0-doc/config/http.html

+1 and LOL.

server

Overrides the Server header for the http response. If set, the value for
this attribute overrides the Tomcat default and any Server header set by a
web application. If not set, any value specified by the application is
used. If the application does not specify a value then Apache-Coyote/1.1 is
used. Unless you are paranoid, you won't need this feature.

Thanks Chuck for the response and for quoting the user guide. I have not
set 'server' on the Connector and still have no need of setting the
'server' attribute. Nice to know that that is available. :)

Re: Error when performing a reset of the server

2014-01-08 Thread Howard W. Smith, Jr.

Chuck,

On Wed, Jan 8, 2014 at 6:58 PM, Chuck Johnson chuck.john...@simpson.eduwrote:

 I haven't had the error occur when I have had to restart the Tomcat
 server, my co-worker is the person who has experienced it and my
 understanding is that it happens when she attempts to perform a reset and
 the only way that she resolves it is to reboot the windows server.


That says it all right there.

You (and/or your user) have success.

your coworker (and/or her user (ID/acct/profile)) does not have success.

your coworker 'only' has success when she restarts windows server.

when restarting the windows server, the service must be configured to
'automatic', and a clean restart usually = clean (re)start of tomcat...I
would assume.

This answer[1] on stackoverflow may hint on a solution and/or cause of the
error that your coworker is experiencing.

I have tomcat 7.0.47 (via tomee+) running on Windows 2008 R2 64-bit with
jdk1.7.0_45, and I only login to the server with one user ID, and I use
tomcat7w.exe to start/stop service, manually, but service is configured to
start automatically when server is (re)started. The user ID that I always
use...was also responsible for adding tomcat/tomee as Windows service.

Who or what user (ID) usually has success start/stopping tomcat manually
via tomcat7w.exe or via Windows Services window/app?

Was your coworker able to start/stop tomcat in the past with no issues? if
so, what changed? new install of tomcat? new config of tomcat? different
user (ID) added tomcat as windows service? ...


[1] http://stackoverflow.com/a/19710121/933054

Re: [OT] Garbage Collectors

2013-12-18 Thread Howard W. Smith, Jr.

On Wed, Dec 18, 2013 at 6:11 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 1. What JVM are you using?




Answer: [X] Sun/Oracle/OpenJDK Java 1.7




 2. What kind of web application are you running?


 Answer: [X] A moderately busy web site (1M requests/mo/server)


 3. What is your total heap size?


-Xms4096m
-Xmx4096m
-XX:MaxPermSize=384m (will share this as well, just because)


but I think I can change to -Xms/-Xmx1250m, because heap used seem to max
out at (+/-)1024m.



 4. Are you explicitly specifying a Garbage Collector? If not, just say
 so and skip the rest of the questions.


-XX:+UseConcMarkSweepGC
-XX:+CMSClassUnloadingEnabled



 5. What led you to use [GC X] instead of the JVM's default collector?


I've seen CMS recommended almost any/everywhere.



 6. Did you do any actual performance testing to see if the switch from
 the default to [GC X] made any difference?


No.



 6. Have you spent a lot of time tuning [GC X]?


A little...over time. I primarily adjusted -Xms/-Xmx a few times.



 7. Did your tuning exercise yield any useful results?


Yes. I don't experience OutOfMemory exceptions, and app runs just fine.



 8. Did your users notice any difference after you implemented [GC X],
 or just your own load-testing team?


No. My app has been configured to use CMS ever since the beginning of
time/production.



 If you think there's anything else I should know about your experience
 with [GC X], please let me know.


To answer #4, I searched google, and found this[1], and that helped me
answer your question. :)

I am sure that I can lower my -Xms/-Xmx4096m heap size, but with 32GB of
RAM on the server, i'm not really pressed to do so. The server is used just
for the app.


[1] http://www.cubrid.org/blog/textyle/428187

Re: [OT] Garbage Collectors

2013-12-18 Thread Howard W. Smith, Jr.

On Wed, Dec 18, 2013 at 6:57 PM, Leon Rosenberg rosenberg.l...@gmail.comwrote:

 On Thu, Dec 19, 2013 at 12:51 AM, Howard W. Smith, Jr. 
 smithh032...@gmail.com wrote:

  On Wed, Dec 18, 2013 at 6:11 PM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
 
   3. What is your total heap size?
  
 
  -Xms4096m
  -Xmx4096m
  -XX:MaxPermSize=384m (will share this as well, just because)
 
 
  but I think I can change to -Xms/-Xmx1250m, because heap used seem to max
  out at (+/-)1024m.
 
 
 Don't, GC works best if used heap is  half of allowed heap. So keep at
 least 2G (You know that you can specify 4G instead of 4096M, right? :-))


Thanks Leon. I have been considering changing it to 2048M (or 2G, as you
say). No, I didn't know I could specify '4G'. :)

Re: What if my database is unavailable at startup?

2013-12-13 Thread Howard W. Smith, Jr.

OP,

On Fri, Dec 13, 2013 at 2:24 PM, Dames, Kristopher J 
kristopher.da...@mercy.net wrote:

 I use tomcat 6 and have noticed if a database is not available when tomcat
 starts, tomcat will not try to connect once the database becomes available.
 Tomcat must be restarted to establish the database connection. What are
 best practices regarding this? Is there a way in tomcat to get it to
 automatically retry so I don't have to restart tomcat? I use DBCP but am
 willing to try some other pool.


Barry,

On Fri, Dec 13, 2013 at 4:59 PM, Propes, Barry L barry.l.pro...@citi.comwrote:

 I use DBCP and Oracle as well, and am also on Tomcat 6 - 6.0.26. Take a
 look at mine, as I have NO trouble with it, and see if you can configure it
 similarly with success. NOTE - remove those other two parameters that Jose
 mentions in a prior email.

   Resource
 auth=Container
 description=mytomcatapp
 name=jdbc/myoracle
 type=javax.sql.DataSource
 driverClassName=oracle.jdbc.driver.OracleDriver
 username=username
 password=password
 url=jdbc:oracle:thin:@cgnrdb1p:1648:SERVNAME
 maxIdle=30
 maxWait=1
 maxActive=10
 testOnBorrow=true
 timeBetweenEvictionRunsMillis=-1
 minEvictableIdleTimeMillis=28800
 poolPreparedStatements=true
 removeAbandoned=true
 removeAbandonedTimeout=300
 logAbandoned=false/


are you suggesting that your (or a correct(ed)) Resource will solve the
problem stated in OP (above)?

can/should we assume that your URL is referencing a database on a different
machine, same network/intranet/LAN?

  url=jdbc:oracle:thin:@x.y.com:1521:x

it seems as though OP is referencing a database somewhere on the 'internet'.

Re: Pooled Connections Lost After 10 Minutes (600 seconds)

2013-12-09 Thread Howard W. Smith, Jr.

Alec, Dan, and Chris,

On Wed, Dec 4, 2013 at 1:01 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Dan,

 On 12/3/13, 12:32 PM, Daniel Mikusa wrote:
  On Dec 3, 2013, at 12:14 PM, Tomcat Random
  tomcat.ran...@gmail.com wrote:
 
  I considered using a validation query but it seemed like extra
  overhead when the default behavior was not, um, behaving in the
  default way.
 
  The overhead is typically minimal.  Running SELECT 1 or some
  other very simply query is not likely to bring your database to
  it's knees.  It might add a small amount of latency as the pool
  will need to execute the query before it give the connection to
  your application, but that's likely to be dwarfed by whatever your
  application does with the connection after it gets it.
 
  If you are concerned you can do a couple things to make the process
  even more lightweight.
 
  1.) With MySQL and use /* ping */ SELECT 1 as the validation
  query.  This is a special case with the MySQL JDBC driver that uses
  even less resources.

 +1

 We use this everywhere. I've never actually benchmarked it, but since
 it does not execute a query on the server, it pretty much has to be
 faster by any measure.

  2.) You can use the tomcat-jdbc connection pool which has a
  validationInterval setting.  This will ensure that the validation
  query is only executed one time during the specified time interval.
 
 I haven't moved to tomcat-pool yet, but this was my initial reaction
 to Alec's question about usually not needing the validation query.

  ...or you can go without a validation query, but it's not something
  I would recommend and not something I see done very often.  The
  minimal overhead is usually worth knowing that you get a valid
  connection from the pool.

 +1

 If you don't use a validation query, you need additional try/catch
 blocks around all your getConnection() calls, and a loop to re-try
 just in case the first connection was bad.

 I think without a validationQuery, your pool will effectively dry-up
 over time.


+1 interesting topic and responses. Thanks!

Since I'm using TomEE, tomcat jdbc pool is default, and below is the config.

Resource id=jdbc/dbJta type=javax.sql.DataSource
  JdbcDriver org.apache.derby.jdbc.EmbeddedDriver
  JdbcUrl jdbc:derby:X:/myPathToMyDB;create=true
  UserName 
  Password 
  JtaManaged true
  jmxEnabled true
  InitialSize 10
  MaxActive 30
  MaxIdle 20
  MaxWait 1
  minIdle 10
  suspectTimeout 60
  removeAbandoned true
  removeAbandonedTimeout 180
  timeBetweenEvictionRunsMillis 3
  jdbcInterceptors=StatementCache(max=1024)
/Resource

As you can see, I am one of those rare cases that Dan mentioned...not using
validationQuery. Not so much intentional, but I'm still somewhat novice as
tomcat user.

With that said, I have not had the need to add try/catch to ensure I get a
good connection from the pool. I don't have high traffic coming to my web
app, but there are times when multiple users are using the app, and I see
absolutely 'no' connection issues (ever), and performance is quite
good/sound as well.

So, I do hear the recommendations, in this thread, about validation query,
but my app has not told me yet...that it needs the validation query. :)

Re: [OT] Symantic has a first tomcat worm ;-)

2013-11-26 Thread Howard W. Smith, Jr.

On Tue, Nov 26, 2013 at 5:53 AM, André Warnier a...@ice-sa.com wrote:

 So yes, by any means, have the Manager disabled by default, even when
 subsequently enabled restrict it by default to localhost, ...


+1

Re: Java +GC question

2013-11-24 Thread Howard W. Smith, Jr.

On Sun, Nov 24, 2013 at 7:15 PM, André Warnier a...@ice-sa.com wrote:

 Caldarale, Charles R wrote:

 From: André Warnier [mailto:a...@ice-sa.com] Subject: Java +GC question


  java version 1.6.0_26


 Do we need to tell you to upgrade?


 Whatever happened to the Never change a running system ?


I usually hear it said like this, if it ain't broke, then don't fix it. :)

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

2013-11-11 Thread Howard W. Smith, Jr.

On Mon, Nov 11, 2013 at 5:41 AM, André Warnier a...@ice-sa.com wrote:

 Howard W. Smith, Jr. wrote:

 On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. 
 smithh032...@gmail.com wrote:

  Caused by: java.net.SocketTimeoutException
 at
 org.apache.tomcat.util.net.NioBlockingSelector.write(
 NioBlockingSelector.java:127)
 at
 org.apache.tomcat.util.net.NioSelectorPool.write(
 NioSelectorPool.java:174)
  at
 org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(
 InternalNioOutputBuffer.java:163)


 my apologies, based on this exception (above), I decided to provide you
 with the following from my tomee/conf/server.xml:


 Connector port=8080
 protocol=org.apache.coyote.http11.Http11NioProtocol
maxThreads=150 connectionTimeout=2
 acceptorThreadCount=2
redirectPort=8443 socket.directBuffer=false/


 I guess the answer may be the connectionTimeout=... (above), but still
 would like to know recommendations of others based on experience with web
 application serving mobile clients. thanks.


 AFAIK, the connectionTimeout above applies specifically to this :
 - the client opens a TCP connection to the server
 - but then the client does not send any request over that connection
 (so the server waits and waits, until that timeout strikes).
 This is a classic way of doing a DoS attack : many clients connect and
 don't send a request (or do it very slowly), tying up server resources
 until the server is overwhelmed.
 In some Connector configurations, this does not necessarily tie up a
 Thread (only a TCP socket), but it does have the potential to tie up
 limited resources.
 The value of 2 above is in milliseconds, so after a connection is
 established, the server will wait up to 20 seconds for a request to be
 received.
 I would not expect nowadays that any client, on any type of connection,
 would take that long to send a request on an established connection.  So I
 would certainly not make it larger, and you can probably reduce it
 significantly, and save resources.



Great, thank you!

I left it as-is and given the situation (which I communicated earlier), I
saw no need to increase the connectionTimeout value. Noted your
recommendation about decreasing the value...for now.

thanks again!

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

2013-11-11 Thread Howard W. Smith, Jr.

On Mon, Nov 11, 2013 at 10:23 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,


 I might recommend using a Filter like this:

 filter() {
try {
  chain.doFilter();
} catch (SocketTimeoutException ste) {
  application.log(Got STE for request  + request.getRequestURI()
 + with client  + request.getHeader(User-Agent));
}
 }

 ... or something like that. It might help uncover patterns in dropped
 connections.


agreed, i decided to do this (below) yesterday evening (to prevent the
stacktrace in the log file; noted your recommendation/usage of catching
SocketTimeoutException, thanks),

try {
chain.doFilter(req, res);
} catch (org.apache.catalina.connector.ClientAbortException e) {
logger.error(caught
org.apache.catalina.connector.ClientAbortException:  + e.getMessage());
}


since I already know the culprit(s); see details/explanation, below.



 Maybe Igor is right and the problem is some browser (e.g. MSIE 8) and not
 necessarily mobile clients.


it is the mobile device phone/internet connection that is lost, recycled,
recovered (or however you want to explain it). see below (and saved a copy
on gist[1], too).

user1 (iPad, internal verizon wireless 4G phone/internet connection)
connects and accesses login.xhtml page

70.215.84.34 - - [09/Nov/2013:13:08:20 -0500] GET /webapp/index.jsf
HTTP/1.1 302 -
70.215.84.34 - - [09/Nov/2013:13:08:22 -0500] GET /webapp/login.jsf
HTTP/1.1 200 1445
70.215.84.34 - - [09/Nov/2013:13:08:25 -0500] GET
/webapp/javax.faces.resource/primefaces.css.jsf?ln=primefacesv=4.0.3
HTTP/1.1 200 10036


user1 (iPad); note localhost_access_log and tomcat7-stderr log lines below;
note the request filenames, date/time, and exceptions

70.215.84.34 - - [09/Nov/2013:13:09:00 -0500] GET
/webapp/javax.faces.resource/jquery/jquery.js.jsf?ln=primefacesv=4.0.3
HTTP/1.1 200 -
70.215.84.34 - - [09/Nov/2013:13:09:00 -0500] GET
/webapp/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefacesv=4.0.3
HTTP/1.1 200 -

Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl
handleResourceRequest
SEVERE: Error trying to load resource jquery/jquery.js with library
primefaces :null
ClientAbortException:  java.net.SocketTimeoutException
at
org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:413)

Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl
handleResourceRequest
SEVERE: Error trying to load resource jquery/jquery-plugins.js with library
primefaces :null
ClientAbortException:  java.net.SocketTimeoutException
at
org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:413)


user1 (iPad, different IP address) clicks Login button on login.xhtml, POST
to server, successful login, server redirects to index.xhtml

70.208.164.166 - - [09/Nov/2013:13:09:52 -0500] POST /webapp/login.jsf
HTTP/1.1 302 -
70.208.164.166 - - [09/Nov/2013:13:09:52 -0500] GET /webapp/index.jsf
HTTP/1.1 200 7008

Nov 09, 2013 1:09:52 PM pf.ApplicationScopeBean login
INFO: sessionId = user1B4584B981555A703B8E0DA189D2294F5

Nov 09, 2013 1:09:52 PM jsf.users.pf_UsersController loginUser
INFO: user1 (iPad) logged in at 11/09/2013 01:09 PM


user1 (iPad) GET resource, user2 initiate/GET websocket, user1 initiate/GET
websocket, respectively

70.208.164.166 - - [09/Nov/2013:13:09:53 -0500] GET
/webapp/resources/images/loading_circleThickBox.gif?pfdrid_c=true HTTP/1.1
304 -

166.137.105.198 - - [09/Nov/2013:13:09:53 -0500] GET
/webapp/primepush/user27BF5C51CF354C1F4926B835CB7F2083E?X-Atmosphere-Transport=closeX-Atmosphere-tracking-id=f2a3916c-62a0-477e-b226-539857827c2e
HTTP/1.1 200 -

70.208.164.166 - - [09/Nov/2013:13:09:54 -0500] GET
/webapp/primepush/user1B4584B981555A703B8E0DA189D2294F5?X-Atmosphere-tracking-id=0X-Atmosphere-Framework=2.0.3-jqueryX-Atmosphere-Transport=websocketX-Atmosphere-TrackMessageSize=trueX-Cache-Date=0X-atmo-protocol=true
HTTP/1.1 101 -


[1]
https://gist.github.com/smithh032772/7380812#file-2013-11-11-discussion_details-txt

Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

Using Tomcat 7.0.47 via TomEE 1.6.0 along with MyFaces 2.1.13

Recently, I have been experiencing the SocketTimeoutException when web
application is serving resources to 'mobile clients'. Yesterday, user was
attempting to login from mobile iPad via an internal wireless phone
connection. Since my web application is accessed by mobile clients and
since I started using TomEE (tomcat7 and myfaces), I have seen the 'Error
trying to load resource ...' (below), but I have not seen the
SocketTimeoutException until I recently started using Tomcat 7.0.47 and
MyFaces 2.1.13.

I saved the first occurrence (Nov 8, 2013) of this exception on gist[1] and
saved Nov 9, 2013 occurrence on gist as well. I do have a web/servlet
filter in place, and I assume that I can catch the SocketTimeoutException
(when client is mobile) to prevent the stacktrace in the log, but this
exception is 'now' being logged to tomcat7-stderr, but this
SocketTimeoutException was not logged with previous versions of Tomcat
7.0.x and MyFaces 2.1.x. I assume that this is new logging behavior of
MyFaces 2.1.13 (or there is something new about Tomcat 7.0.47) but I may be
mistaking.

Please see all below, and advise how I can prevent this exception, if I can
adjust some tomcat settings to increase the socket timeout value, or
recommendations about serving resources to 'mobile clients'. I'm thinking
that I can increase the expiration of client resources from my web/servlet
filter, so this will not occur as often. This exception does not occur
everytime, but i'm sure you can understand that this 'can' happen
frequently and sporadically, depending on the connection between server and
mobile-device-via-wireless-phone-connection.


localhost_access_log shows the follow (please note the filenames and time
difference between the 1, 2, and 3rd lines below)


x.x.x.x - - [09/Nov/2013:13:08:25 -0500] GET
/webapp/javax.faces.resource/primefaces.css.jsf?ln=primefacesv=4.0.3
HTTP/1.1 200 10036

x.x.x.x - - [09/Nov/2013:13:09:00 -0500] GET
/webapp/javax.faces.resource/jquery/jquery.js.jsf?ln=primefacesv=4.0.3
HTTP/1.1 200 -

x.x.x.x - - [09/Nov/2013:13:09:00 -0500] GET
/webapp/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefacesv=4.0.3
HTTP/1.1 200 -


tomcat7-stderr

Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl
handleResourceRequest
SEVERE: Error trying to load resource jquery/jquery.js with library
primefaces :null
ClientAbortException:  java.net.SocketTimeoutException
at
org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:413)

Caused by: java.net.SocketTimeoutException
at
org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127)
at
org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174)
at
org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163)

Nov 09, 2013 1:09:00 PM org.apache.myfaces.application.ResourceHandlerImpl
handleResourceRequest
SEVERE: Error trying to load resource jquery/jquery-plugins.js with library
primefaces :null
ClientAbortException:  java.net.SocketTimeoutException

Caused by: java.net.SocketTimeoutException
at
org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127)
at
org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174)
at
org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163)


[1] https://gist.github.com/smithh032772/7380812

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. 
smithh032...@gmail.com wrote:

 Caused by: java.net.SocketTimeoutException
 at
 org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127)
 at
 org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174)
  at
 org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163)


my apologies, based on this exception (above), I decided to provide you
with the following from my tomee/conf/server.xml:


Connector port=8080
protocol=org.apache.coyote.http11.Http11NioProtocol
   maxThreads=150 connectionTimeout=2
acceptorThreadCount=2
   redirectPort=8443 socket.directBuffer=false/


I guess the answer may be the connectionTimeout=... (above), but still
would like to know recommendations of others based on experience with web
application serving mobile clients. thanks.

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

On Sun, Nov 10, 2013 at 5:08 PM, Igor Cicimov icici...@gmail.com wrote:


 In my experience SocketTimeoutException comes up in case of misbehaving
 browser (read IE 8 and older), i.e. the client fails to send the complete
 request and the socket timeout strikes.


interesting, thanks. This error occurs when different endusers are
accessing web application via Google Chrome on Android tablet or phone, and
Google Chrome (or Safari) on iPad.



 You don't provide information about the Java and OS version you are running
 your app on since this might be related to one of them (or maybe I missed
 that info).


my apologies,

JVM: Java HotSpot(TM) 64-Bit Server VM (24.45-b08, mixed mode)
Java: version 1.7.0_45, vendor Oracle Corporation
OS: Microsoft Windows Server 2008 R2 64-bit


 For Sun Java for example you can try the following:

 -Dsun.net.client.defaultReadTimeout=180

 which will increase the socket timeout to 30 minutes lets say if the
 default one is not enough in case or slow client. Another thing to check is
 your OS socket timeout setting, on linux systems for example:

 net.ipv4.tcp_keepalive_time = 300

 and try adjusting it according to your needs.


noted, thanks.



 Would love to hear some other people experiences and thoughts regarding
 this as well, this is really annoying one to troubleshoot.


agreed/ditto. thanks for your response.

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

On Sun, Nov 10, 2013 at 5:08 PM, Igor Cicimov icici...@gmail.com wrote:

 For Sun Java for example you can try the following:

 -Dsun.net.client.defaultReadTimeout=180

 which will increase the socket timeout to 30 minutes lets say if the
 default one is not enough in case or slow client. Another thing to check is
 your OS socket timeout setting, on linux systems for example:

 net.ipv4.tcp_keepalive_time = 300

 and try adjusting it according to your needs.

 Would love to hear some other people experiences and thoughts regarding
 this as well, this is really annoying one to troubleshoot.


I like the following that was mentioned in a stackoverflow answer[1]:

 It just means the client isn't sending. You don't need to worry about it.
Browser clients come and go in all sorts of strange ways.

 I wouldn't put the server read timeout too high: it ties up a thread. If
a client opens a connection to the server and doesn't send anything
immediately it is misbehaving pretty badly.

I agree with all of that and based on that, I will not modify the NIO
connectiontimeout value. I would like to prevent the stacktrace from being
logged in tomcat7-stderr log file, so I think I will catch the exception in
my servlet filter.


[1] http://stackoverflow.com/a/17079991/933054

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

On Sun, Nov 10, 2013 at 8:54 PM, Igor Cicimov icici...@gmail.com wrote:

 

Also you didn't say anything about any load balancer or proxy fronting your
 application. It is worth checking the timeouts there as well and align them
 with the
 connection timeout on your server (in case you do use one of course).


there is no load balancer or proxy fronting the web application. thanks.

Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients

On Sun, Nov 10, 2013 at 8:54 PM, Igor Cicimov icici...@gmail.com wrote:

 There is heaps of articles and questions in various forums


you're right... i searched google for ClientAbortException in tomcat nabble
archive, and saw many posts.

Re: Web Service Client Response when Old Gen is 100%

2013-11-06 Thread Howard W. Smith, Jr.

On Wed, Nov 6, 2013 at 1:43 AM, Muhammad Ali Orakzai m.orak...@gmail.comwrote:


 I am using the following environment

 Windows Server 2003 32 bit


How much RAM? Also, did you configure your virtual memory (or paging file)
settings?


 Apache Tomcat 7.0.27


Others on the list will/may recommend you to upgrade to a newer version of
Tomcat 7.0.x for security fixes/updates and bug fixes, but should not be
necessary to fix this issue of yours.


 We have created a SOAP based web service which is calling 2 external SOAP
 services. We were getting OutOfMemoryError which was resloved by making the
 service object static.


interesting.

are you recycling or releasing memory to GC, or are you caching (or never
releasing) data from your app... every time you call 2 external SOAP
services?

i think you may need to refactor your code/app to release memory at some
point, if it's not doing that already.

at your earliest convenience, read this post below:

How to Fix Memory Leaks in Java[1]

Now whenever the server memory reaches 100% one of
 the external service response is too slow (takes about 2-3 minutes).


okay.


 Restarting tomcat resolves the issue but this issue is occurring 25-26
 hours interval.


i can definitely understand that this is not acceptable.



  I am using the following jvm settings

 -XX:MaxPermSize=100m
 -XX:+UseConcMarkSweepGC
 -XX:+CMSClassUnloadingEnabled


In my app, I use the following:

-Xms1024m
-Xmx1024m
-XX:MaxPermSize=384m
-XX:+UseTLAB
-XX:+UseConcMarkSweepGC
-XX:+CMSClassUnloadingEnabled

there are strategies on how to use -Xms and -Xmx to improve performance
(and/or prevent out of memory error). you may want to research that a bit.


[1] http://java.dzone.com/news/how-fix-memory-leaks-java

Re: how to reply

2013-11-06 Thread Howard W. Smith, Jr.

On Wed, Nov 6, 2013 at 9:42 PM, Konstantin Kolinko
knst.koli...@gmail.comwrote:

 There are too many goodies with mailing lists. The forums are lacking much.


+1

I am quite active in forum.primefaces.org, and I get email alerts to my @
hotmail.com account and have to go to the primefaces forum and read/reply,
but it is much much nicer having (Apache) tomcat/tomee/activemq mail lists
sending emails to my @gmail.com account, and I can use the nice features of
gmail from Google Chrome browser on my desktop and mobile devices and
read/reply, accordingly, if interested/necessary.

And gmail.com now groups 'forum' emails (optional, per your preference), so
emails from Apache mail lists are grouped under the Forums tab. i'm loving
all that (and more).

Re: [ANN] New committer: Konstantin Preißer

2013-09-24 Thread Howard W. Smith, Jr.

On Tue, Sep 24, 2013 at 6:20 PM, Mark Thomas ma...@apache.org wrote:

 On behalf of the Tomcat committers I am pleased to announce that
 Konstantin Preißer has been voted in as a new Tomcat committer.

 In addition to a number of high quality bug reports and patches,
 Konstantin is also responsible for the makeover the Tomcat web site and
 Tomcat 8 documentation has received.

 Please join me in welcoming him.

 Regards,

 Mark


congrats Konstantin and  keep up the good work!

Re: New website skin looks great

2013-09-13 Thread Howard W. Smith, Jr.

On Thu, Sep 12, 2013 at 4:28 PM, Campbell, Lance la...@illinois.edu wrote:

  WOW!  I love the new design of the tomcat web site.  It looks much more
 professional and refined.  It is also much easier to read.  The prior
 background colors caused the text to run together.   This is so much
 better.  I love the subtle but clear separation and grouping of information.
 

 **


+1 me too, thanks for the post.

Re: Local VisualVM connection to Tomcat

2013-07-22 Thread Howard W. Smith, Jr.

On Mon, Jul 22, 2013 at 3:10 PM, honyk j.tosov...@email.cz wrote:

 On 2013-06-28 Christopher Schultz wrote:
  On 6/27/13 5:17 PM, honyk wrote:
   I realized that my tomcat runs as a service but I am logged as an
   user and in this case the tomcat is not visible to me. I'll test it
   differently tomorrow.
 
  Try running VisualVM as an administrator.

 I've found the problem, but I have no remedy for it yet.
 https://java.net/projects/visualvm/lists/users/archive/2013-07/message/2

 Briefly, the service uses the TMP environment variable as it is specified
 for the given user, but when that user is logged remotely, the suffix
 \session_number is added at the end of this path so these both do not
 match and VisualVM doesn't detect my tomcat/JVM as expected.


I know Chris bashed me for this earlier (on this list), politely, and/or
recommended or said something about not to login via administrator into my
Windows Server 2008 R2 web app server running TomEE (tomcat7), but...

in response to this thread, I login to my Windows SErver 2008 R2 web app
server, always, as administrator, and yes (confirmed as Chuck mentioned
earlier in this thread),

 The possibility of services interacting with the desktop disappeared some
time ago.

so, I just specify a JMX port in my java settings for my TomEE (tomcat7)
running as windows service, and specify the JMX port in Java Visual VM, and
voila, I think this is saved to Windows registry (or somewhere), and I
always see my TomEE (tomcat7) instance when I run Java Visual VM.

Of course, the JMX port is not opened on the firewall/router. i just login
remotely via remote desktop connection and do what I need to do (stop
tomcat7 service, update my app in tomee/webapps, and start tomcat7 service).

Others may disagree, but i have found this to be quite secure and as it was
said earlier in this thread... a piece of cake. :)

Re: Moving Tomcat to work externally.

2013-07-12 Thread Howard W. Smith, Jr.

On Fri, Jul 12, 2013 at 11:52 AM, Terence M. Bandoian tere...@tmbsw.comwrote:

 Really generous responses.


That's very normal on this list. I have found Apache user lists to be very
(user) friendly. :)

Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log

2013-07-09 Thread Howard W. Smith, Jr.

On Tue, Jul 9, 2013 at 2:18 AM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
  Subject: Re: How to handle CONNECT ... HTTP 1.1 400 in
 localhost_access_log

  why would the same IP address be hitting my server when 400 is the
  response?

  and they will continue attempting these CONNECT... requests until
  they get a 404 or what?

 Because they're trying to break in.  Any response indicates there's
 something to poke around in.

  The 'HTTP Forbidden error' returned by RemoteAddrValve would seem to
 fuel
  future/continual attempts as well as error 400. right?

 True, which is why it's best just to have a firewall or the TCP/IP stack
 completely ignore the traffic, and not send anything back.  By the time the
 request gets to Tomcat, the TCP connection is established, so the
 antagonist knows there's something there.

Done. Thanks. Will continue to monitor logs, occasionally, to see if my
changes, made at the firewall level, blocks the IP addresses that are
repeat offenders. :)

  - Chuck

 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log

2013-07-09 Thread Howard W. Smith, Jr.

On Tue, Jul 9, 2013 at 8:16 AM, Mark Thomas ma...@apache.org wrote:

 On 09/07/2013 12:54, Howard W. Smith, Jr. wrote:
  On Tue, Jul 9, 2013 at 2:18 AM, Caldarale, Charles R 
  chuck.caldar...@unisys.com wrote:

  From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
  Subject: Re: How to handle CONNECT ... HTTP 1.1 400 in
  localhost_access_log

  why would the same IP address be hitting my server when 400 is the
  response?

  and they will continue attempting these CONNECT... requests until
  they get a 404 or what?

  Because they're trying to break in.  Any response indicates there's
  something to poke around in.

  The 'HTTP Forbidden error' returned by RemoteAddrValve would seem to
  fuel
  future/continual attempts as well as error 400. right?

  True, which is why it's best just to have a firewall or the TCP/IP stack
  completely ignore the traffic, and not send anything back.  By the time
 the
  request gets to Tomcat, the TCP connection is established, so the
  antagonist knows there's something there.

  Done. Thanks. Will continue to monitor logs, occasionally, to see if my
  changes, made at the firewall level, blocks the IP addresses that are
  repeat offenders. :)

 fail2ban is your friend

 The ASF uses it pretty much everywhere.

 Mark

thanks Mark. researching that nowfor Windows Server 2008. :)

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log

2013-07-08 Thread Howard W. Smith, Jr.

A few minutes ago, I just recognized the following in the
localhost_access_log:

183.60.48.25 - - [08/Jul/2013:15:15:26 -0400] CONNECT
tcpconn2.tencent.com:443 HTTP/1.1 400 -

and then searched all localhost_access_log files and found more
occurrences[1].

This is my first time seeing this type of request, but I assume it is very
similar to the HEAD /... request attempts by bots/etc. Based on the 400
server response, I assume that i have nothing to worry about here, but it
seems as though the same IP address is attempting these 'CONNECT ...'
attempts, multiple times per day, almost every day. :(

Any advise on how to handle these requests (if necessary) and/or
information about these type of 'CONNECT ...' requests would be
appreciated. Thanks.


[1] https://gist.github.com/smithh032772/5951621

Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log

2013-07-08 Thread Howard W. Smith, Jr.

On Mon, Jul 8, 2013 at 3:40 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
  Subject: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log

  183.60.48.25 - - [08/Jul/2013:15:15:26 -0400] CONNECT
  tcpconn2.tencent.com:443 HTTP/1.1 400 -

  Any advise on how to handle these requests (if necessary) and/or
  information about these type of 'CONNECT ...' requests would be
  appreciated. Thanks.

 It's from somewhere in China (who'da thunk it?); you can always black list
 it with the RemoteAddrValve, but it will likely pop up from somewhere else.

You beat me to the punch, Chuck. I thought about you when I just searched
the IP database[1] for the IP address, and was about to reply again with
this info, but thanks, I definitely need to blacklist that IP address.

[1] https://ipdb.at/ip/183.60.48.25

Re: How to handle CONNECT ... HTTP 1.1 400 in localhost_access_log

2013-07-08 Thread Howard W. Smith, Jr.

Chris,

On Mon, Jul 8, 2013 at 11:50 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,

 On 7/8/13 3:45 PM, Howard W. Smith, Jr. wrote:
  On Mon, Jul 8, 2013 at 3:40 PM, Caldarale, Charles R 
  chuck.caldar...@unisys.com wrote:
 
  From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
  Subject: How to handle CONNECT ... HTTP 1.1 400 in
  localhost_access_log
 
  183.60.48.25 - - [08/Jul/2013:15:15:26 -0400] CONNECT
  tcpconn2.tencent.com:443 HTTP/1.1 400 -
 
  Any advise on how to handle these requests (if necessary)
  and/or information about these type of 'CONNECT ...' requests
  would be appreciated. Thanks.
 
  It's from somewhere in China (who'da thunk it?); you can always
  black list it with the RemoteAddrValve, but it will likely pop up
  from somewhere else.
 
 
  You beat me to the punch, Chuck. I thought about you when I just
  searched the IP database[1] for the IP address, and was about to
  reply again with this info, but thanks, I definitely need to
  blacklist that IP address.
 
  [1] https://ipdb.at/ip/183.60.48.25

 Feel free to just drop the whole IP block with iptables or at a firewall
 closer to the edge of your network.


Interesting. sounds like a good idea, thanks.

That is, of course, unless you need to serve clients in China.


definitely have no need, desire, or requirement to serve clients in China.
:)

why would the same IP address be hitting my server when 400 is the
response? is that definitely a sign to China that a server (of some sort)
is returning error 400? and they will continue attempting these CONNECT
... requests until they get a 404 or what?

The 'HTTP Forbidden error' returned by RemoteAddrValve would seem to fuel
future/continual attempts as well as error 400. right?



 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJR24h9AAoJEBzwKT+lPKRYGO4QAJVD94MNoQ3XqQ8poGA2AwfV
 8E2e1XW6gPzmqAlpPv4hlwYGNWFhe7zCyixjJG2zXpC2H+g2uU4dxEpB+fQzAdLZ
 QqjIhLXkY+lcGJisacvvIW9bLxJxVHaRPgZ7nPiYYkomXB7xdeoG/XHdbyjzACIx
 niMAAYhd9hvI3K8ti8wgFmPnabMaOCVs4U9tOJa4M0GWBjlgMR32RCwB0dVBb9cw
 uzaXjySXqXaXXxsAIG1EbRTraVVOmaJQZHa6RK0rfG3jKdXoTJhLlcdfeQXAR/AY
 3fZeMgP2JAB2ko0h2g6XdIEvW/EPJzT/wlEoLZJ7L3iWpT/7C9VfelmAgmNnxtam
 zPNATFRIwkrPZ0qC/Z4d7Hgogpc4G5V1rB/jJjMi3JhLQM2oUQsf2U8zprZi1MHt
 uDAflKl4wmnge5joQAWhp2m6+U1y4Cv47yT46hRu7A51PHBoruOUrogTTuy3HZk0
 qeHFZ1OkGJdfJCocWixpJnXvLSezfTZcDs7BYGYrwXkVRgc7GTY8RcLPgv7Z/C/u
 sBqEk3unmnGMaNSt6V8yVls287OUKT2Q1yYyP8iDOHgMXtolQIoh87xOEOKAagol
 DgST7p0M0xbFgLZSYpvYyHkbjw8zuwUJa2/WW6EbIzHZ9hH4Nqoq5ByNK2uOLm/a
 4D7PIkPUJuxao5PYTWdB
 =Ael/
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: websockets questions

2013-07-05 Thread Howard W. Smith, Jr.

On Fri, Jul 5, 2013 at 3:40 AM, André Warnier a...@ice-sa.com wrote:

 We're still one level remote of thinking of any implementation, and trying
 to understand
 1) how exactly websockets works


Most websocket implementations (RI/glassfish, atmosphere, tomcat, etc...)
are open source, so diving in the code is definitely an 'option' for
understanding how websockets work.


 2) if that general technology is, today, sufficently mature and stable
 for us to develop an application based on it, or we should wait another 6
 months, a year,..


honestly, I think it is sufficiently mature, since websockets are becoming
the trend (incorporated in RI/glassfish/JavaEE7, I've seen recent tomcat
7.0.35+ releases that had websocket changes, no need to mention how 'alive'
atmosphere is...smile).

i think it is more a question of feasibility for you and your team to join
in on the trend/fun...


 But we are a small outfit, and the fact that Google may be using it (with
 a backup team of 50 developers to shore up their implementation) does not
 really help us.


funny. google's backup team of 50 developers versus how many open source
developers using/coding atmosphere, tomcat, glassfish-websockets
(grizzly?). :)



 The reason why I put this question on the Tomcat users list is because it
 is a list I'm subscribed to, because I know that it is a good-quality list
 with little noise, because I know that Mark and Rainer are - to various
 degrees probably - involved in Tomcat support for websockets.


+1


 for the moment the general information available on websockets seems
 otherwise a bit scarce.


true, but websocket open source code is plentiful and available. :)


 This being said, the information already gathered here on this list tends
 to vindicate my posting on it. It has already cleared up a number of points
 for us, and added a couple of questions which we did not think of asking.
 Thanks.


IMO (or maybe based on fact/history), not much chatter about websockets on
tomcat user list, but if you find your way to atmosphere google groups mail
list, there will be plenty of chatter over there. I will not encourage you
to venture over to atmosphere google groups and ask questions such as this,
since I'm sure the desire/goal over there is to post topics related to
'using atmosphere and any questions/issues while attempting to use
atmosphere and atmosphere's trunk (latest version(s))'. i'm definitely
someone that love to use latest versions of open source software.

sometime ago, when I migrated from glassfish to tomcat/tomee (so I could do
websockets, um, more effortlessly in my web app), I came across the fact
that Jeanfrancois (Atmosphere developer/committer) had something to do with
the websocket implementation in glassfish/RI, i think it is called grizzly,
but I could be wrong. I'm not as versed with glassfish/RI as I used to
be..when I was a glassfish 'user'. :)

FYI, at the moment, i'm not writing low level websocket client/server code;
i'm using PrimeFaces Push only/entirely, which is PrimeFaces + atmosphere.
:)

definitely not trying to encourage you to use a certain framework; one
thing I like about Tomcat list is that there is a wide range of topics that
I can listen to and/or chime-in on, when interested and when feasible. :)

I love this user community (mail list).

Re: websockets questions

2013-07-04 Thread Howard W. Smith, Jr.

On Thu, Jul 4, 2013 at 1:43 PM, Pierre Goupil goupilpie...@gmail.comwrote:

 Regarding browser support, a framework like Atmosphere handles pretty well
 having WebSockets when they are available and falling-back to another Comet
 implementation (such as long-polling or http-streaming) when they are not.


agreed, but I think the goal/desire, here, is to not use Atmosphere.

Re: Tomcat 7.0.4 - Ignoring certain URLs from session timeout

2013-06-25 Thread Howard W. Smith, Jr.

On Tue, Jun 25, 2013 at 12:49 AM, Nagaraj Mandya nman...@gmail.com wrote:


 All requests from my client pass in the session cookie. However, I do not
 want the session timeout counter to get reset for certain URLs.


Is your app a (JSF) web application?

AJAX and Partial Page update/rendering should meet this requirement of
yours.

Re: New behavior of Oracle Java 1.7.0_25: AWT thread and console icon

2013-06-21 Thread Howard W. Smith, Jr.

Chris,

On Fri, Jun 21, 2013 at 12:28 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 All,

 I just upgraded to 1.7.0_25 on my Mac and I noticed that when I launch
 Tomcat, I get a dock icon indicating that it is running. This does not
 happen on 1.7.0_21, the previous version I was running.


Per this email of yours, I just upgraded from 1.7.0_21 to 1.7.0_25 as well,
thanks for the heads up!



 For some reason, 1.7.0_25 triggers something launching the AWT thread
 (on my Mac, that's called AWT-AppKit) which causes the dock icon to be
 shown.

 Removing the dock icon is easy enough: just run in headless mode by
 adding this system property to CATALINA_OPTS:

-Djava.awt.headless=true


I have this option set as I running tomcat/tomee as a Windows service, so
I'm good.


 Or, if you want your icon to look pretty (it is otherwise completely
 useless), you can use these two system properties (on Mac OS) to style it:

-Xdock:name=[title of icon you want]
-Xdock:icon=path to icon file to use

 I'm not sure what properties to set on Windows, Gnome, KDE, or any
 other system.


Me too (and not really a concern/requirement of mine). :)



 Hope that helps,
 - -chris


It does help. thanks!


 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJRxH86AAoJEBzwKT+lPKRYyiMQAI5wPrkQZ+z4Jd21IONaHqcH
 tixutzG8PC+7sff9wYR10bnPpE29x9/VdxddKPJ51Yrazf4xxr654FUKkgdP6u+5
 DDRe5rlN7Quy5CVBzu9XKDRW5NHBZTlTWrTBdHPTCdXpKI7jAvDpkW750NNpnKvA
 8Cq0GwC44YOm+DStp8bsZTBkONR5dbYdpNscH+r0Nw98fFrAP83bZRTQHah2ujCj
 urcNCwH7dZPT7WjZUcvYns5oWfsiZOCGvwKSJz5uBaS98uMbQfSfXl4FFL9fGKay
 OXKW73RgklaUctIH5U3rvlGd876N66ddmUTMqS07hN45ABYsixpV7VUkZsPzF30m
 hwl/pjf2qF07CkVJweCNdenT7NOLQ3Mx9hR4alOTTIvaMHij4/6S9YD87Fh+paiI
 NuqRJTLnnxBQA0PXoYLAQx/PeqvcRyeibZ/kZhdzJ4lN3qF99lfHxMjNtzHwu4xj
 f+tP4u9s9udZ15d0yBA1/13eD75hEUM9RBf6f5cVGmUz7jolFRCiHoHV7ETJNPei
 OoBOpR3/iSaLU94gWl4twMXrkKCor3HLHyvfNc7+mBA6XM+y6EYi9vHFzPuaKvcB
 fmkMtr7V5DcbUTm4vPCS0N6rnUxloQ+8aYi12xefZvlBWEhQcdzGIzKpKLnXbt1c
 ODGdKUTq0rXNJPWSxT39
 =4KXG
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat hangs every day

2013-05-17 Thread Howard W. Smith, Jr.

I don't use HttpClient, directly, but if I'm not mistaking, javax.mail.jar
(JavaMail) and Google Calendar API uses HttpClient, and I use JavaMail and
Google Calendar API, directly, in my app.

Google Calendar API seemed to always close their connections and I have
even experienced downtime (host unknown and/or server error responses from
Google Calendar API service), and I have experienced downtime (unknown host
exceptions) when using JavaMail to connect to GMAIL (via IMAP connection)
to check-for-and-download emails.

Some months ago, I recognized that I had many unclosed connections on my
Windows Server 2008 production server, where Tomcat was running my app.
Instead of blame Tomcat, I listened in on Tomcat user list and I searched
the internet, and learned that the unclosed connections were due to my
inexperience (using JavaMail), so I refactored my code and closed my
JavaMail IMAP connection when checking-and-downloading emails from GMAIL
(google) servers.

I just searched google,

stackoverflow tomcat httpclient timeout[1]

and found the following:

Best Practice to Use HttpClient in Multithreaded Environment[2]

Using Apache HttpClient how to set the TIMEOUT on a request and response[3]

and many more search results (and related links) that you can read.


[1] http://lmgtfy.com/?q=stackoverflow+tomcat+httpclient+timeout

[2]
http://stackoverflow.com/questions/1281219/best-practice-to-use-httpclient-in-multithreaded-environment

[3]
http://stackoverflow.com/questions/9873810/using-apache-httpclient-how-to-set-the-timeout-on-a-request-and-response





On Fri, May 17, 2013 at 8:02 AM, Paolo Botta paolo.bo...@cabril.it wrote:

 Sorry for the question, but if I set the timeout on the HttpClient I force
 the client to close the connection after the timeout, but have I informed
 the server that there is a timeout, so the server close the connection
 after
 the timeout? I mean HttpClient tells to the server about the timeout?

 Thx
 Paolo

 -Messaggio originale-
 Da: chk...@gmail.com [mailto:chk...@gmail.com] Per conto di Christian
 Kaltepoth
 Inviato: venerdì 17 maggio 2013 13:30
 A: Tomcat Users List
 Oggetto: Re: Tomcat hangs every day

 Hey,

 I'm also not an expert for HttpClient, but when creating connections to
 remote services it is usually a good idea to set connection timeouts and
 socket timeouts so that the client doesn't block forever if there are
 problems with the connection. Exactly this seems to be the problem in your
 case.

 Best regards

 Christian Kaltepoth




 2013/5/17 Sascha Troll sascha.tr...@geberit.com

  Christian,
 
  thanks for this.
 
  Can you give me a hint. I am just the server guy, so I can tell the
  developer.
 
  Thanks a lot !
 
  Sascha
 
 
 
  From:   Christian Kaltepoth christ...@kaltepoth.de
  To: Tomcat Users List users@tomcat.apache.org
  Date:   17.05.2013 11:24
  Subject:Re: Tomcat hangs every day
  Sent by:chk...@gmail.com
 
 
 
  Seems like you have a class called SearchClientRemoteClient which uses
  HTTPClient. Many threads seems to wait for remote responses. I guess
  you don't set any timeouts for the HTTPClient and therefore many
  threads hang in HttpClient.executeMethod() forever. You should ALWAYS
  set timeouts when using HTTPClient. :)
 
  I hope this helps :)
 
  Christian
 
 
  2013/5/17 Sascha Troll sascha.tr...@geberit.com
 
   Hi !
  
   I have problem with our Tomcat 7.0.40 (upgrade already done from
   7.0.39 and 7.0.37 and still the same issue).
  
   Its still running, but not longer accepting any connection on port
 8080.
  
   Attached are the thread dumps which were created this morning when
   the server was not longer available.
   I cannot find any deadlocks and need some help to find the cause.
  
  
  
   Thanks
   Sascha
  
  
  
  
 
  --
  
   Disclaimer:
   The content of this e-mail (including attachments) is confidential
   and intended for the use of the addressee only. If you are not the
   intended recipient please delete the e-mail; dissemination or
   disclosure of its content to anyone is strictly prohibited!
   Before opening an attachment please check it for viruses. We accept
   no liability for any damage caused by viruses.
  
   
   - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
   For additional commands, e-mail: users-h...@tomcat.apache.org
  
 
 
 
  --
  Christian Kaltepoth
  Blog: http://blog.kaltepoth.de/
  Twitter: http://twitter.com/chkal
  GitHub: https://github.com/chkal
 
 
 
 
 
 
  --
  
  Disclaimer:
  The content of this e-mail (including attachments) is confidential and
  intended for the use of the addressee only. If you are not the
  intended recipient please delete the e-mail; dissemination or

Re: Multiple tomcat containers or instance on same servers

2013-05-01 Thread Howard W. Smith, Jr.

On Wed, May 1, 2013 at 8:51 PM, chris derham ch...@derham.me.uk wrote:

  If anyone else wants to chip in with any relevant additions, let me
  know. I might be able to have a look at updating the documentation
  page later, but being as I'm a developer my linguistic skills have
  never really been approved off so not sure any changes will be
  approved :-)
 
  HTH
 
  Chris

 I've added some comments to
 http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html -


+1 I like the comments you added Chris!

 You must edit CATALINA_BASE\conf\server.xml to specify a unique IP/port
for the instance to listen on.

You gave some examples in those comments. it would be nice to see examples
to clarify the statement above, too.

Re: getting the request that created the session

On Mon, Apr 29, 2013 at 9:54 AM, André Warnier a...@ice-sa.com wrote:


 - under Unix/Linux, there is a command tail -f filename, which
 continuously watches for any lines added to a file and displays them.  It
 doesn't seem to be very intensive in terms of resources used.
 - and on the other hand, you probably have a session expiration timeout.
 So you could in theory say that you note the start of a session, and then
 update this each time there is a new access to that same session.  And then
 periodically, you go through your table and for each session which you
 haven't seen since some time = the session timeout, you consider it
 expired.

 At which time of course I don't know if this is any simpler than the
 solution which you are exploring right now.
 ;-)


With all respect, I have to say that looks like a lot of I/O right there
and a huge hit in performance and I would assume this would hit memory in a
bad way as well, but please correct/enlighten me.

Also, I'm following this thread, because I have filter in place for similar
reason, keeping track of new sessions created, expiring, etc..., and filter
meets my need 100% and don't see why one would want to 'avoid' using a
filter.

Yes, I was looking at the performance of 'filter' and all that i'm doing in
'filter' on 'every request', but in retrospect, I don't see my filter
implementation being much of an hinderance in performance. I have to take
another look though and confirm what I'm saying here.

Re: getting the request that created the session

On Mon, Apr 29, 2013 at 10:54 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256
  
  Even, the requests are keepalived they look to me as if they were
  executed parallel. At least from the chrome timeline. But its
  hard to tell without further investigation.

 Yeah, you might have to use a packet-sniffer.


definitely sounds like overkill. how much code you need to write for such a
thing, all because one would want to avoid using a filter???

Re: getting the request that created the session

Leon,

On Mon, Apr 29, 2013 at 11:02 AM, Leon Rosenberg
rosenberg.l...@gmail.comwrote:

 Hello Howard,
 the sniffer thing has nothing to do with original topic, I was just
 wandering that some requests were having session marked as new, which
 actually shouldn't be the case. Or in other word, the naive understanding
 of session.isNew method is that it should only return true once. But it did
 to it multiple times. The was strange, and christopher and myself were
 talking about investigating it further.


Okay/understood.

Back to your question, filter is ok, too many filters are making stack
 traces fuller than needed, and the order of the filter could be a problem.
 Listener is asked _before_ anything happens.


Good point(s).

About how many filters are you trying to consolidate by using this approach?

I have seen recommendations of adding filters for file types, filters for
login/session-management, etc... I have taken those concepts and put those
in one filter which I have implemented and maintain and have done my best
to ensure that it is 'thread-safe' as well. Some months ago, I reported an
issue to tomcat JIRA/issue list, and those guys shot down my filter and
said that it is not thread-safe. Since then, I have made some code changes
in the filter and related sources (referenced by the filter), and did my
best to make sure it is more threadsafe, even did some research on
thread-safe filters (when injecting via CDI), etc...

also, I am using OmniFaces gzip filter. To my knowledge, that is 2 filters
in my app, that I see in stacktrace, when I have issues to
troubleshoot/debug. When I am debugging, I often wonder why 'filter' show
up all the time in stacktrace, but then of course, I have to remember that
every user/HTTP request has to pass through the filter. So, okay, moving
forward, ignore the fact that the (only) filter(s i have in my app) showed
up in the stacktrace.



 regards
 Leon


 On Mon, Apr 29, 2013 at 4:59 PM, Howard W. Smith, Jr. 
 smithh032...@gmail.com wrote:

  On Mon, Apr 29, 2013 at 10:54 AM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
   -BEGIN PGP SIGNED MESSAGE-
   Hash: SHA256

Even, the requests are keepalived they look to me as if they were
executed parallel. At least from the chrome timeline. But its
hard to tell without further investigation.
  
   Yeah, you might have to use a packet-sniffer.
  
  
  definitely sounds like overkill. how much code you need to write for
 such a
  thing, all because one would want to avoid using a filter???

Re: getting the request that created the session

On Mon, Apr 29, 2013 at 12:55 PM, Leon Rosenberg
rosenberg.l...@gmail.comwrote:

Whether you want to have multiple filters or not is a decision based on
your coding guidelines, architectural principles and what not.
Since you are the only user of your filters, it's free to you to use as
many (or few) filter as possible. Personally I would like to separate by
concerns and have multiple filters, because it makes it easier to use,
maintain and test. But this is personal opinion.
However, in my case, I am developing a library that is used by others in
their projects (http://moskito.anotheria.net). It comes already with 8
filters (

http://server04.test.anotheria.net:8080/moskitodemo/mui/mskShowProducersByCategory?pCategory=filter
)
and this is a lot. Of course the end user (developer) only chooses the
filters he needs, and not everyone needs everything. However, since its a
lib, you don't want it to show up in your stack traces every request, you'd
rather forget, that you have it at all. Therefore I'm trying to choose a
less visible approach ;-) Also it's easier to add one listener to web.xml
as to add a listener AND a filter. And I need the listener, to know when
sessions expire anyway ;-)
But again, your situation is obviously different from mine ;-) But if you
want to count sessions and all the other funny stuff, give moskito a
chance:

https://confluence.opensource.anotheria.net/display/MSK/HowTo+embed+MoSKito+WebUI+into+a+maven+built+war
https://confluence.opensource.anotheria.net/display/MSK/Integration+Guide

Agreed-and-understood on all points. I am definitely interested in a better
approach to managing/monitoring sessions in my web app (that is why i find
this thread interesting), but ATM, my current session-management/monitoring
implementation meets /my/ requirements.

If/when I get a moment (or some bandwidth), I may take a look at your what
you have developed. Thanks.

regards,
Howard

Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404

2013-04-20 Thread Howard W. Smith, Jr.

On Sat, Apr 20, 2013 at 7:22 AM, André Warnier a...@ice-sa.com wrote:


 5) if the scheme works, and it does the effect of making this type of
 server-scanning uneconomical, bot developers will look for other ways to
 find vulnerable targets.


IMHO, I don't see why bots will get 'turned off' by having to wait longer
for a response from (potentially vulnerable) targets. I know that we are
talking a 'numbers game', and the more vulnerable targets that are
compromised, then I'm sure the developers of these bots +1 Like that, or
mission accomplished. It is my assumption that these bots are automated
and can run 'for life', why would they stop doing what they are doing just
because of a delayed response. I'm sure these bots are already facing a
delayed response. I'm quite sure many web servers and/or web applications
do not respond that well/fast.

6) intuitively, it seems that implementing this would not be very
 complicated, and that the foreseeable cost per server, in terms of
 complexity and performance, would be quite low.  The burden imposed on
 normal clients would also seem to be small.
 Maybe this should be evaluated in terms of a comparison with any other
 method that could provide some similar benefit at lower costs.
 7) once implemented, it would be something which does not require any
 special skills or and special effort on the part of the vast majority of
 people that download and install tomcat.  Which means that it has a real
 chance to automatically spread over time to a large proportion of servers.
 This is quite unlike any other bot-fighting measure that I have seen
 mentioned so far in this thread.


+1 I like the fact that a scheme is proposed that would require 'no
learning curve' and no required 'standard procedure' to be implemented when
attempting to adapt or take advantage of the solution/scheme.

But I still think that if all /tomcat/ users were informed via an 'ANN'
(announcement) email to deactivate or remove /tomcat/ manager app(s), and
somehow a survey is made available a few weeks/months /later/, where
cooperative /tomcat/ users can report-on how many 'attempted attacks'
showed up in their access logs after removing /tomcat/ manager app(s), and
then somehow publicize the survey results to the world, especially, in a
way that bot-developers can see that they are wasting their time, because
/tomcat/ users have made a concerted effort to /declare war against/ these
bots /and bot developers/.

also, if an 'ANN' email was sent, where /expert tomcat/ users can
derive/develop a list of the popular/frequent URLs that bots use when
attempting to compromise /tomcat/ servers.

also, for a certain amount of time, /immediate/ future releases of tomcat
should have manager app(s) as a separate download /available/, and 'ANN'
email will inform them that this is a change as we are attempting to ward
off the ongoing/obvious bot attacks against /tomcat/.

Yes, I know this will require additional steps and probably be rejected by
some/many tomcat users, especially those that are very very 'dependent' on
tomcat manager apps. manager apps are probably the 'primary' target, so
remove it from the install package, and make it a separate install, and ask
users for an honest effort to participate in this effort for the reason(s)
discussed in this thread.

we are a village, we have to start with tomcat, first, and then other app
servers can adapt 'schemes' that work...especially after it become a known
fact that bots are 'not' compromising tomcat servers anymore, /or/ they are
compromising less tomcat servers, because tomcat users are tired of these
bot attacks, and have made a concerted effort to stop/end
tomcat-bot-attacks.

Whatever scheme is implemented, if the survey results are positive and the
implementation meets the requirement/goal, then other servers will hear of
this good news, and adapt the scheme/solution, accordingly.

/my two cents/

Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404

2013-04-19 Thread Howard W. Smith, Jr.

On Thu, Apr 18, 2013 at 12:26 PM, André Warnier a...@ice-sa.com wrote:


 My contention is that this would be self-defeating for the bots.


 91.121.172.164 - - [03/Apr/2013:08:19:50 +0200] GET /robots.txt HTTP/1.1
 404 360 - Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)


 I definitely saw this in my local access log last night. I was working
with someone's test-case that they sent me, and I stumbled on the 404 error
(see below) in my browser, which clearly shows that this is a tomcat/tomee
server. do the bots read the 404 error HTTP response and check if the
response includes the string lowercase('tomcat') ?

HTTP Status 404 - /prova_fileupload_primefaces/

type Status report

message /prova_fileupload_primefaces/

description The requested resource is not available.

Apache Tomcat (TomEE)/7.0.39


---

it really showed up like this, below; i copied the text to text editor and
copied the text above.

HTTP Status 404 - /prova_fileupload_primefaces/
--

*type* Status report

*message* */prova_fileupload_primefaces/*

*description* *The requested resource is not available.*
--
Apache Tomcat (TomEE)/7.0.39

Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404

On Wed, Apr 17, 2013 at 10:45 AM, chris derham ch...@derham.me.uk wrote:

 The OWASP recommendations for securing tomcat suggest removing all items
 under
 catalina_home/webapps as a first step. Just a thought.

 The first step an attacker performs when conducting a focused attack,
 is to map out the server. The presence of a response to
 http://server:8080/manager/html/ would seem to indicate a default
 install of tomcat. Once that have this initial reconnaissance
 performed, they will move onto using known exploits against it. By
 removing manager app from the default install, this would be made one
 step harder. You can't really prevent a dedicated attacker, but making
 it one step harder to attack your server, might make the
 not-bothered-which-server-I-attack guy move on to easier pickings


+1 Chris! When I migrated from Glassfish 3.1.2.2 to Tomcat/tomee late last
year, this is really what I wanted. I forgot the default port (since I'm no
longer a Glassfish user), but I liked how Glassfish defaulted home-grown
web apps on port 8080, and Glassfish Admin web application was on port 4848
(just remembered that).

When I experienced my first 'attack' on my development server, that is what
I wanted. it would be nice to know how to re-configure my tomcat/tomee, so
the manager app will be on port 4848, or something like that, but being the
novice that I am, I did not know how to do it, and I honestly confess that
I did not read the tomcat documentation on how to do it. :)

Trying to catch up on all the responses. I wanted to respond to a few other
posts, but thought I might keep reading. Now, I will go back to reading
more of the responses.



 If you deliberately delay 404 by a known amount of time, it will still
 stick out, and they can use this just as much as a positive
 indication.


I agree with this. 'delay 404' sounds like a good idea, but how many of
those botnet developers are on this list 'today', reading this discussion?
In no time, and IMHO, I'm sure they can/will develop a botnet that is
'tolerant' of delay 404, or something similar.

Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404

On Wed, Apr 17, 2013 at 1:59 PM, Leo Donahue - RDSA IT 
leodona...@mail.maricopa.gov wrote:

 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
 HTTP/1.0 404

 People *do* do this (notice their computer sucking) but mostly (at least
 Americans) will just go out and buy another one, assuming that their
 computer just isn't fast enough to work well after owning it for a few
 years.

 soapboxIt's sad that most of us have more computing resources beneath
 our fingertips than spacecraft do, yet we upgrade every few years because
 MS Office has gotten fatter. /soapbox

 And no one ever uses (or knows about) the restore partition when their pc
 becomes full of junk.

 However, the old P4 laptop I have running XP with 2GB of RAM and dedicated
 video RAM doesn't do much for websites these days running a lot of
 graphics.. ahem Silverlight, flash, etc...  The web is also getting fat.

[OT] response to previous [OT] chatter above. :)

You all get me laughing a lot by listening in on discussions/threads.

Anyway, I have definitely recognized what Chris is talking about, and
honestly, I have been the one that have 'supported' friends and
family...telling them to 'restore-to-factory' their Windows laptop/desktop,
whenever it gets slow; I got 'tired' of trying to go through Windows
registry and startup folders, trying to figure out what malware was
maliciously installed, etc

Quite a few times, I have had to bring home PCs, belonging to friends, and
do this restore-to-factory, and I have had to 'remind' family to
'restore-to-factory'. Finally, and recently, I restored my 2005 Dell
Windows XP laptop, last year (maybe), and gave it to my 9-year-old
daughter. It definitely could not meet my requirements to develop/test
software. :)

 - -chris

Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404

On Wed, Apr 17, 2013 at 2:39 PM, André Warnier a...@ice-sa.com wrote:


 Some other calculations :
 According to the same Netcraft site, of the 600 million websites, 60% are
 Apache (I guess that this includes httpd and Tomcat (or else Tomcat is in
 others).


This is good to know, and honestly, I'm glad to see/know this. I recently
learned that the webhost of my family business 'public' website is using
Apache as well. I recognized this while looking at some specs in the admin
console, provided by the web host on the admin console pages of their
website.

Anyway, again, I like the idea that you're proposing, but a friendly
reminder... something I have recognized (even being new to the list) is
that a *huge* *majority* of *tomcat* endusers are using *older* tomcat
versions, and even though you all recommend them to update their tomcat
version for security reasons, how many of them do their best to 'always'
have the latest-n-greatest version of tomcat.

So, even if 'delay 404' was added, I don't think many of the
already-existing apache/tomcat websites will have this new 'delay 404'
feature. :)

Also, the 'delay 404' basically requires a possible change or release note
that says, undeploy or delete manager app (etc...), so this 'delay 404'
feature can be used, since tomcat's manager app is one of the popular URLs
that hackers or bots, target.

just my two cents...



 --**--**-
 To unsubscribe, e-mail: 
 users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404

On Wed, Apr 17, 2013 at 3:45 PM, Leo Donahue - RDSA IT 
leodona...@mail.maricopa.gov wrote:


 Not knowing anything about the history of the HTTP 404 method, if a server
 does not find a matching request URI, why was it decided that the protocol
 would even respond at all?  Seems like the request could have just been
 ignored or dropped.

 [Way OT...]
 If you get this to work, then the next place you can take this idea is to
 the phone company.  Why should my phone even ring at all if I know the
 caller is from an 800 number... or from some other list of people I don't
 care to talk to ... I would love it if those guys had to wait 10 or 20
 seconds between rings... that would be great!!


+1 being facetious here, but IMHO, when André proposed the 'delay 404' (or
at least when I started reading this thread earlier this afternoon), I
thought, wow, it would be nice to respond to these bots with a 2GB-size
html page instead of returning 404. I know such an idea will ever be
implemented, but was just a thought. That will surely rock their world and
the web server's world (which we don't want, of course).

Re: explanation of resource-ref in web.xml

On Wed, Apr 17, 2013 at 10:38 PM, Leo Donahue - RDSA IT 
leodona...@mail.maricopa.gov wrote:

 From: Jakub 1983 [jjaku...@gmail.com]
 Sent: Wednesday, April 17, 2013 7:26 PM
 To: Tomcat Users List
 Subject: explanation of resource-ref in web.xml

 What the hell is resource-ref in web.xml used for ?

 I use it in a context, to define a Resource such as a database
 connection.

 There is an example here:
 http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html#MySQL_DBCP_Example

I saw your first email to the list, and then after your 2nd separate email
to the list, I searched google for the following:

tomcat resource-ref web.xml [1]

and found many search results that should get you on your way. Of which, I
found [2], [3], [4], [5]

[1] http://lmgtfy.com/?q=tomcat+resource-ref+web.xml
[2] http://www.mulesoft.com/tomcat-mysql
[3]
http://www.mkyong.com/tomcat/how-to-configure-mysql-datasource-in-tomcat-6/
[4]
http://stackoverflow.com/questions/2887967/what-is-resource-ref-in-web-xml-used-for
[5]
http://stackoverflow.com/questions/9078511/resource-ref-usage-in-web-xml-with-tomcat-5-5-and-spring

Re: ParNew promotion failed in verbose GC logs

2013-04-16 Thread Howard W. Smith, Jr.

On Tue, Apr 16, 2013 at 7:11 AM, David kerber dcker...@verizon.net wrote:

 On 4/16/2013 5:30 AM, André Warnier wrote:


  Premature optimization is the root of all evil
 http://en.wikiquote.org/wiki/**Donald_Knuthhttp://en.wikiquote.org/wiki/Donald_Knuth


 No doubt; I learned that one long ago.  Get it working correctly first,
 and only then start trying to optimize pieces that aren't working well
 enough.


 Wow, good catch, David (and thank you for the LOL)! I'm learning, and at
least the last 6 months, have been doing my best, trying 'not' to optimize,
prematurely! Still, working on that one, too. :)

Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)

2013-04-16 Thread Howard W. Smith, Jr.

On Tue, Apr 16, 2013 at 10:31 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,

 On 4/15/13 4:02 PM, Howard W. Smith, Jr. wrote:
  On Mon, Apr 15, 2013 at 1:08 PM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
  Howard,
 
  On 4/14/13 9:53 PM, Howard W. Smith, Jr. wrote:
  I am definitely relying on  user HttpSessions, and I do
  JPA-level caching (statement cache and query results cache).
  pages are PrimeFaces and primefaces = xhtml, html, jquery,
  and MyFaces/OpenWebBeans to help with speed/performance.  And
  right now, the app handles on a 'few' simultaneous
  connections/users that do small and large fetches/inserts
  from/into relational database. :)
 
  You can tune the JPA caching, etc. to meet your environmental
  needs, etc., so you don't *need* a huge heap. If you find that
  you need to be able to improve your performance, you might be
  able to increase your cache size if it in fact improves things.
 
  doing this, and just made some code changes to tap a little more
  into JPA caching, but one of my endusers just did a user operation
  on one of the pages, and he sent me a screen capture of the nasty
  eclipselink error that he experienced. evidently, i need to tweak
  caching or do not use the cache at that point in the app. :)

 Just remember that caching isn't always a worthwhile endeavor, and
 that the cache itself has an associated cost (e.g. memory use,
 management of the cache, etc.).


Noted, and per my experience (already), I have definitely recognized that.
Thanks.


 If your users don't use cached data very much


Smiling... um, well, the endusers don't 'know' that they 'are' using the
cache, but I did enlighten the one enduser, yesterday, that reported that
eclipselink issue (that was most likely caused by my use of the 'readonly'
query hint). And for the record, they 'are' using the cache, since there
are common pages/data that they access and/or request, multiple times,
daily (and throughout the day), and even multiple times, most likely,
throughout each session.


 or, worse, make so many varied requests that the cache is thrashing the
 whole time, then you are actually hurting performance:
 you may as well go directly to the database each time.


They definitely make varied requests, 'too', throughout the day and during
each session, and since I like to monitor performance via jvisualvm, I am
recognizing a lot of 'eclipselink' code that is executed, since i commonly
use readonly and query-results-cache query hints, but performance seems
worse when readonly and/or query-results-cache are not used (when I look at
the times in jvisualvm).

just today, i recognized a query, such as following which was performing
very poorly, even though the JOIN was on a primary/foreign key, and ORDER
BY on primary key (which 'should' be fast):

@NamedQuery(name = OrderCostDetails.findByOrderId, query = SELECT ocd
FROM OrderCostDetails ocd JOIN ocd.orders o WHERE o.orderId = :orderId
ORDER BY ocd.costDetailsId),


so, I commented out that named query, and replaced it with the following,

@NamedQuery(name = OrderCostDetails.findByOrderId, query = SELECT
o.orderCostDetails FROM Orders o WHERE o.orderId = :orderId)


also, parameterized the use of query hints (see code below) in the
@Stateless EJB that uses the named query to select data from database,

q = em.createNamedQuery(OrderCostDetails.findByOrderId)
  .setParameter(orderId, id)
  .setHint(eclipselink.query-results-cache, true);
if (readOnly) {
q.setHint(eclipselink.read-only, true);
}
list = q.getResultList();
if (list == null || list.isEmpty()) {
return null;
}


and added the following in the @Stateless EJB after query results are
retrieved from the database,

// ORDER BY ocd.serviceAbbr, ocd.nbrOfPassengers
Collections.sort(list, new ComparatorOrderCostDetails() {
@Override
public int compare(OrderCostDetails ocd1, OrderCostDetails ocd2) {
String ocd1SortKey = ocd1.getServiceAbbr() +
ocd1.getNbrOfPassengers();
String ocd2SortKey = ocd2.getServiceAbbr() +
ocd2.getNbrOfPassengers();
return ((Comparable)ocd1SortKey).compareTo(ocd2SortKey);
}
});


and now, this query, is 'no longer' a hotspot in jvisualvm; it doesn't even
show up in the 'calls' list/view of jvisualvm.

Why did I target this query? because this query seemed as though it should
be fast, but the eclipselink code was executing some 'twisted' method and a
'normalized' method, etc..., so I said to myself, I need to refactor this
query/code, so all that eclipselink code will not hinder performance.

I think the performance improved because of the following: Orders has
OrderCostDetails (1 to many), search Orders via primary key (OrderId) is
much easier than searching OrderCostDetails JOIN(ed) to Orders WHERE
Orders.OrderId = :orderId. So, I am 'sure' that eclipselink is NOT calling
some 'twist' (or normalize

Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404

On Mon, Apr 15, 2013 at 7:49 AM, Pid p...@pidster.com wrote:


 I'm persisting in this point because I don't want other users to
 continue believing the fallacy that 'hiding' Tomcat behind Apache HTTPD
 alone improves their security.


And your persistence is appreciated, and I definitely appreciate all the
responses/discussion. :)

Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)

On Mon, Apr 15, 2013 at 7:40 AM, David kerber dcker...@verizon.net wrote:

 On 4/14/2013 11:10 PM, Howard W. Smith, Jr. wrote:

 On Sun, Apr 14, 2013 at 10:52 PM, Mark Thomasma...@apache.org  wrote:

  On 14/04/2013 21:53, Howard W. Smith, Jr. wrote:

  On Sun, Apr 14, 2013 at 6:51 PM, Christopher Schultz
 ch...@christopherschultz.net  wrote:

   -BEGIN PGP SIGNED MESSAGE-

 Hash: SHA256

 Howard,

 On 4/11/13 10:38 PM, Howard W. Smith, Jr. wrote:

  On Thu, Apr 4, 2013 at 2:32 PM, Christopher Schultz
 ch...@christopherschultz.net  wrote:

   Your heap settings should be tailored to your environment and

 usage scenarios.


 Interesting. I suppose 'your environment' means memory available,
 operating system, hardware. Usage scenarios? hmmm... please clarify
 with a brief example, thanks. :)


 Here's an example: Let's say that your webapp doesn't use HttpSessions
 and does no caching. You need to be able to handle 100 simultaneous
 connections that do small fetches/inserts from/into a relational
 database. Your pages are fairly simple and don't have any kind of
 heavyweight app framework taking-up a whole bunch of memory to do
 simple things.


  Thanks Chris for the example. This is definitely not my app. I am
 definitely relying on  user HttpSessions, and I do JPA-level caching
 (statement cache and query results cache). pages are PrimeFaces and
 primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with
 speed/performance.  And right now, the app handles on a 'few'
 simultaneous
 connections/users that do small and large fetches/inserts from/into
 relational database. :)

 Hopefully one day, my app will be support 100+ simultaneous
 connections/users.



   For this situation, you can probably get away with a 64MiB heap. If

 your webapp uses more than 64MiB, there is probably some kind of
 problem. If you only need a 64MiB heap, then you can probably run on
 fairly modest hardware: there's no need to lease that 128GiB server
 your vendor is trying to talk you into.


  Understood, thanks. I have Xms/Xmx = 1024m, and I rarely see used
 memory
 get over 400 or 500m. the production server has 32GB RAM.


 I'll summarize a number of JavaOne sesisons I've been to on GC and
 performance (caveat - this was a couple of years ago and GC design has
 moved on since then).

 - GC pause time
 - throughput
 - small memory footprint

 You can optimise for any two of the above at the expense of the third.

 Assuming you opt for min GC pause time and max throughput the question
 then becomes how much heap do you need? If you look at your steady state
 heap usage graph (it should be a saw-tooth) then take the heap usage at
 the
 bottom of the saw-tooth and multiply it by 5 - that is the heap size you
 should use for the GC to work optimally.

 HTH,

 Mark


  Interesting, that does help, Mark, thanks. 250 x 5 = 1,250. I guess I
 was
 pretty close on target when I set Xms/Xmx = 1024m.

 Prior to seeing your email/response, I checked the server again, and it
 was
 no saw-tooth at all, it was at 250 (bottom), and then saw-tooth graph came
 into play...minutes later.


 Make sure you give it enough time for the memory use to stabilize.


Will do (and doing that), thanks.  :)


 Depending on your app and usage patterns, it can take up to days for the
 sawtooth to stabilize and start showing.  One of mine takes a couple of
 hours, and another a few days for that pattern to become visible.


I see it stabilize 'in minutes' (after/during usage of the app).

Just now (prior to writing this email), I was looking at the app's usage
(via monitoring the app's own data/record audit trail page), and then
decided to check-on the app to see how it is doing/performing via
jvisualvm, and voila, again, I saw no saw-tooth[1].

I saw this, 5 to 15 minutes after a period of inactivity in the app, but
before I logged into the app, as I stated above, I checked the app's audit
trail (which can definitely be a 'heavy-lifting' database query, depending
on work done within the app on selected date, default = current date), and
it[1] still showed no activity (or saw-tooth); I assume activity within the
app can = definite/obvious saw-tooth graph (which also means, GC is working
while app is being used).

What I mentioned above is very normal behavior for my app.

[1] http://img805.imageshack.us/img805/8453/20130415jvisualvm01.png





 --**--**-
 To unsubscribe, e-mail: 
 users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)

On Mon, Apr 15, 2013 at 11:18 AM, Mark Eggers its_toas...@yahoo.com wrote:

On 4/15/2013 7:25 AM, David kerber wrote:

On 4/15/2013 10:10 AM, Howard W. Smith, Jr. wrote:

On Mon, Apr 15, 2013 at 7:40 AM, David kerberdcker...@verizon.net
wrote:

On 4/14/2013 11:10 PM, Howard W. Smith, Jr. wrote:

On Sun, Apr 14, 2013 at 10:52 PM, Mark Thomasma...@apache.org
wrote:

On 14/04/2013 21:53, Howard W. Smith, Jr. wrote:

On Sun, Apr 14, 2013 at 6:51 PM, Christopher Schultz

ch...@christopherschultz.net wrote:

-BEGIN PGP SIGNED MESSAGE-

Hash: SHA256

Howard,

On 4/11/13 10:38 PM, Howard W. Smith, Jr. wrote:

On Thu, Apr 4, 2013 at 2:32 PM, Christopher Schultz

ch...@christopherschultz.net wrote:

Your heap settings should be tailored to your environment and

usage scenarios.

Interesting. I suppose 'your environment' means memory available,
operating system, hardware. Usage scenarios? hmmm... please clarify
with a brief example, thanks. :)

Here's an example: Let's say that your webapp doesn't use
HttpSessions
and does no caching. You need to be able to handle 100 simultaneous
connections that do small fetches/inserts from/into a relational
database. Your pages are fairly simple and don't have any kind of
heavyweight app framework taking-up a whole bunch of memory to do
simple things.

Thanks Chris for the example. This is definitely not my app. I am

definitely relying on user HttpSessions, and I do JPA-level caching
(statement cache and query results cache). pages are PrimeFaces and
primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help
with
speed/performance. And right now, the app handles on a 'few'
simultaneous
connections/users that do small and large fetches/inserts from/into
relational database. :)

Hopefully one day, my app will be support 100+ simultaneous
connections/users.

For this situation, you can probably get away with a 64MiB
heap. If

your webapp uses more than 64MiB, there is probably some kind of
problem. If you only need a 64MiB heap, then you can probably run on
fairly modest hardware: there's no need to lease that 128GiB server
your vendor is trying to talk you into.

Understood, thanks. I have Xms/Xmx = 1024m, and I rarely see used

memory
get over 400 or 500m. the production server has 32GB RAM.

I'll summarize a number of JavaOne sesisons I've been to on GC and
performance (caveat - this was a couple of years ago and GC design has
moved on since then).

- GC pause time
- throughput
- small memory footprint

You can optimise for any two of the above at the expense of the third.

Assuming you opt for min GC pause time and max throughput the question
then becomes how much heap do you need? If you look at your steady
state
heap usage graph (it should be a saw-tooth) then take the heap
usage at
the
bottom of the saw-tooth and multiply it by 5 - that is the heap
size you
should use for the GC to work optimally.

HTH,

Mark

Interesting, that does help, Mark, thanks. 250 x 5 = 1,250. I
guess I

was
pretty close on target when I set Xms/Xmx = 1024m.

Prior to seeing your email/response, I checked the server again, and it
was
no saw-tooth at all, it was at 250 (bottom), and then saw-tooth
graph came
into play...minutes later.

Make sure you give it enough time for the memory use to stabilize.

Will do (and doing that), thanks. :)

Depending on your app and usage patterns, it can take up to days for the
sawtooth to stabilize and start showing. One of mine takes a couple of
hours, and another a few days for that pattern to become visible.

I see it stabilize 'in minutes' (after/during usage of the app).

Just now (prior to writing this email), I was looking at the app's usage
(via monitoring the app's own data/record audit trail page), and then
decided to check-on the app to see how it is doing/performing via
jvisualvm, and voila, again, I saw no saw-tooth[1].

I saw this, 5 to 15 minutes after a period of inactivity in the app, but
before I logged into the app, as I stated above, I checked the app's
audit
trail (which can definitely be a 'heavy-lifting' database query,
depending
on work done within the app on selected date, default = current date),
and
it[1] still showed no activity (or saw-tooth); I assume activity
within the
app can = definite/obvious saw-tooth graph (which also means, GC is
working
while app is being used).

What I mentioned above is very normal behavior for my app.

[1]
http://img805.imageshack.us/**img805/8453/**20130415jvisualvm01.pnghttp://img805.imageshack.us/img805/8453/20130415jvisualvm01.png

These graphs are only showing ~40 seconds of data. I'll bet if you let
the app run for several minutes or hours, you'll see it.

Yep, there's no history in that data.

Agreed! :)

What you can do (probably in a test environment) is the following:

1. Set up monitoring (visualvm, psi-probe

Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)

On Mon, Apr 15, 2013 at 1:08 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,

 On 4/14/13 9:53 PM, Howard W. Smith, Jr. wrote:
  I am definitely relying on  user HttpSessions, and I do JPA-level
  caching (statement cache and query results cache). pages are
  PrimeFaces and primefaces = xhtml, html, jquery, and
  MyFaces/OpenWebBeans to help with speed/performance.  And right
  now, the app handles on a 'few' simultaneous connections/users that
  do small and large fetches/inserts from/into relational database.
  :)

 You can tune the JPA caching, etc. to meet your environmental needs,
 etc., so you don't *need* a huge heap. If you find that you need to be
 able to improve your performance, you might be able to increase your
 cache size if it in fact improves things.


doing this, and just made some code changes to tap a little more into JPA
caching, but one of my endusers just did a user operation on one of the
pages, and he sent me a screen capture of the nasty eclipselink error that
he experienced. evidently, i need to tweak caching or do not use the cache
at that point in the app. :)

i explained to him that i did some major changes in the app, related to
caching... and i told him that it was for 'performance improvement', and
told him the same as Mark just told me, Google is your friend (and told him
that 'wiki' keyword in the search is your friend, too).  :)



  sometimes, i do keep large amount of data in user HttpSession
  objects, but still being somewhat junior java/jsf developer and
  listening to you all on tomcat list and other senior java/jsf
  developers, I want to move some of my logic and caching of data
  from SessionScoped beans to RequestScoped beans.

 You might be able to have your cake and eat it, too. There is an
 interesting class called WeakReference that you can use to interact
 with the memory manager and garbage-collector. If you have a bunch of
 stuff cached in the session, as long as you could re-construct the
 cache given some value (like user_id or whatever), you can make the
 big, cached stuff in the session into so-called weak-references. If
 the GC wants to re-claim memory, it can discard weak references and
 the WeakReference object will then point to null. That allows you to
 have a nice cache that auto-cleans if you start running low on memory.


very interesting. since i'm using gson to accept some JSON-wrapped data
into my app from our public website (static pages and formmail, only, for
now, until i integrate it with the web app i developed for personnel, only,
for now), i didn't like the warning/msg when tomcat/tomee 'stops'...says
that weak reference could not be deleted or something like that (sorry, i
forgot exactly what it said).  Anyway, i followed some issue in gson's
issue tracker (on code.google.com), and someone offered some code to delete
gson from weak reference, so i decided to add that to my app, when i
shutdown app.

so, i do know that the weak reference class is available. really have not
'used' it yet, though. :)

i have some things in mind what I want to do with that large session scoped
data. I am considering caching it at application level and all users have
ability to update that huge List and extract data. I was thinking of
using @Singleton Lock(READ) to control access. it takes no time at all to
search the List for the information that it needs, and it takes no time
at all to re-populate the List. Since we discuss GC a lot on this list, i
wonder if you all recommend to set the 'list' to null, first, and then
List ... = new ArrayList(newList), or new ArrayList(newList) is
sufficient for good GC.



 I've written a Filter and HttpSession wrapper that can do that kind of
 thing transparently to the application code. I don't actually use it
 right now -- it was just a proof-of concept -- but it's a quick and
 dirty way to get caching but also save a safety valve.


that's nice proof of concept! I guess i've heard so much bad about people
not cleaning up threadlocals, that I try to avoid usage of threadlocal, but
it's interesting, so much talk on this list about threadlocals, but they
threadlocals seem to be used by many implementations/software out there.
Not naming any names. :)




 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJRbDQhAAoJEBzwKT+lPKRY2voP/RejVzXwT9q3Bpq8C85sdmaU
 rf4l8aSAeHY9iZDuU27dGIPYcM8eD503UFdLxNrLQmsAnIGgecxcybSzTCIaA8Q1
 kqtA58KOOkSwjWzSzyLhr7glDELXlB7BW1wiKuclrSE99NLmLQIwt5osvjv6qYxi
 jPTU0y1LEKs9mXFjCmwpdjxryttMOPL+3NMjYy0PrauwxtWR1uPS3r+1bhkjtbSs
 srx4aV98bFso7NydTPrbGahOHRnY1s7deNq1AzcaYsKV0ASky5cgagmk9qRyfxMd
 UBAo4+cxQG2V9ccGO4PR+cuL6JQuLhfxexneFfR+FSbFPCmM9axNBexqi73BL79q
 1aOffzSKLc9gS1I7MjXgMwc20K+bDYmnWOsePAJpCIt9Jl3S77AKQYzBWapCXCu0
 H

Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)

2013-04-14 Thread Howard W. Smith, Jr.

On Sun, Apr 14, 2013 at 6:51 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,

 On 4/11/13 10:38 PM, Howard W. Smith, Jr. wrote:
  On Thu, Apr 4, 2013 at 2:32 PM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
  Your heap settings should be tailored to your environment and
  usage scenarios.
 
  Interesting. I suppose 'your environment' means memory available,
  operating system, hardware. Usage scenarios? hmmm... please clarify
  with a brief example, thanks. :)

 Here's an example: Let's say that your webapp doesn't use HttpSessions
 and does no caching. You need to be able to handle 100 simultaneous
 connections that do small fetches/inserts from/into a relational
 database. Your pages are fairly simple and don't have any kind of
 heavyweight app framework taking-up a whole bunch of memory to do
 simple things.


Thanks Chris for the example. This is definitely not my app. I am
definitely relying on  user HttpSessions, and I do JPA-level caching
(statement cache and query results cache). pages are PrimeFaces and
primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with
speed/performance.  And right now, the app handles on a 'few' simultaneous
connections/users that do small and large fetches/inserts from/into
relational database. :)

Hopefully one day, my app will be support 100+ simultaneous
connections/users.



 For this situation, you can probably get away with a 64MiB heap. If
 your webapp uses more than 64MiB, there is probably some kind of
 problem. If you only need a 64MiB heap, then you can probably run on
 fairly modest hardware: there's no need to lease that 128GiB server
 your vendor is trying to talk you into.


Understood, thanks. I have Xms/Xmx = 1024m, and I rarely see used memory
get over 400 or 500m. the production server has 32GB RAM.




 On the other hand, maybe you have aggressive caching of data that
 benefits from having a large amount of heap space. Or maybe you need
 to support 1000 simultaneous connections and need to do XSLT
 processing of multi-megabyte XML documents and your XSLTs don't allow
 stream-processing of the XML document (oops).


Interesting.


Or maybe you have to keep a large amount of data in users' HttpSession
 objects (maybe a few
 dozen MiB) and you need to support a few thousand simultaneous users
 (not connections). 10k users each with a 5MiB heap = 48GiB.


sometimes, i do keep large amount of data in user HttpSession objects, but
still being somewhat junior java/jsf developer and listening to you all on
tomcat list and other senior java/jsf developers, I want to move some of my
logic and caching of data from SessionScoped beans to RequestScoped beans.

That's interesting that you say, '10k users each with 5MB heap = 48 GB'; i
never thought about calculating a size estimate per user; maybe, i should
do that when i am done with all of my optimizing of the app. i've been in
optimize mode for the last 5 to 8 months (slowly-but-surely, mojarra to
myfaces, JSF managed beans to CDI managed beans, in preparation for JSF 2.2
and/or Java EE 7, glassfish to tomcat/tomee, and other things after/while
listening to you all about JVM tuning, preventing/debugging/resolving
memory leaks, etc...


 There is no such thing as a good recommendation for heap size unless
 the person making the recommendation really understands your use case(s).


understood/agreed




 I generally have these two suggestions that I've found to be
 universally reasonable:

 1. Make -Xms = -Xmx to eliminate heap thrashing: the JVM is going to
 eat-up that large heap space at some point if you have sized things
 correctly, so you may as well not make the memory manager have to work
 any harder than necessary.


doing this, as I've seen this recommended quite often on this list and
others (tomee, openwebbeans, openejb).

if you have sized things correctly? size things correctly = set -Xms and
-Xmx appropriately to meet your system/software requirements?




 2. Run with the lowest heap space that is reasonable for your
 environment. I like doing this because it actually helps you diagnose
 things more easily when they go wrong: a small heap yields a smaller
 heap-dump file, is GC'd more frequently and therefore contains fewer
 long-lived dead objects, and will cause an OOME sooner if you have
 some kind of leak. Of course, nobody wants to experience an OOME but
 you also don't want to watch a 50GiB heap fill-up 800 bytes at a time
 due to a small leak.


Agreed and this is definitely/really nice to know. Listening to you all
here on tomcat list, that is why I lowered Xms/Xmx from 4096 to 1024MB.
Listening to you, now, and since I hardly ever see heap rise above 500 or
600m, I could lower Xms/Xmx from 1024 to maybe 800/900m, but remember, I
shutdown-deploy-start tomee/tomcat quite often, almost daily, so i'm really
not giving it a chance to see if OOME will occur, even when set to 1024m.

i have

Re: Re : Memory leak in Tomcat 6.0.35 ( 64 bit)

2013-04-14 Thread Howard W. Smith, Jr.

On Sun, Apr 14, 2013 at 10:52 PM, Mark Thomas ma...@apache.org wrote:

 On 14/04/2013 21:53, Howard W. Smith, Jr. wrote:

 On Sun, Apr 14, 2013 at 6:51 PM, Christopher Schultz 
 ch...@christopherschultz.net wrote:

  -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Howard,

 On 4/11/13 10:38 PM, Howard W. Smith, Jr. wrote:

 On Thu, Apr 4, 2013 at 2:32 PM, Christopher Schultz 
 ch...@christopherschultz.net wrote:

  Your heap settings should be tailored to your environment and
 usage scenarios.


 Interesting. I suppose 'your environment' means memory available,
 operating system, hardware. Usage scenarios? hmmm... please clarify
 with a brief example, thanks. :)


 Here's an example: Let's say that your webapp doesn't use HttpSessions
 and does no caching. You need to be able to handle 100 simultaneous
 connections that do small fetches/inserts from/into a relational
 database. Your pages are fairly simple and don't have any kind of
 heavyweight app framework taking-up a whole bunch of memory to do
 simple things.


 Thanks Chris for the example. This is definitely not my app. I am
 definitely relying on  user HttpSessions, and I do JPA-level caching
 (statement cache and query results cache). pages are PrimeFaces and
 primefaces = xhtml, html, jquery, and MyFaces/OpenWebBeans to help with
 speed/performance.  And right now, the app handles on a 'few' simultaneous
 connections/users that do small and large fetches/inserts from/into
 relational database. :)

 Hopefully one day, my app will be support 100+ simultaneous
 connections/users.



  For this situation, you can probably get away with a 64MiB heap. If
 your webapp uses more than 64MiB, there is probably some kind of
 problem. If you only need a 64MiB heap, then you can probably run on
 fairly modest hardware: there's no need to lease that 128GiB server
 your vendor is trying to talk you into.


 Understood, thanks. I have Xms/Xmx = 1024m, and I rarely see used memory
 get over 400 or 500m. the production server has 32GB RAM.


 I'll summarize a number of JavaOne sesisons I've been to on GC and
 performance (caveat - this was a couple of years ago and GC design has
 moved on since then).

 - GC pause time
 - throughput
 - small memory footprint

 You can optimise for any two of the above at the expense of the third.

 Assuming you opt for min GC pause time and max throughput the question
 then becomes how much heap do you need? If you look at your steady state
 heap usage graph (it should be a saw-tooth) then take the heap usage at the
 bottom of the saw-tooth and multiply it by 5 - that is the heap size you
 should use for the GC to work optimally.

 HTH,

 Mark


Interesting, that does help, Mark, thanks. 250 x 5 = 1,250. I guess I was
pretty close on target when I set Xms/Xmx = 1024m.

Prior to seeing your email/response, I checked the server again, and it was
no saw-tooth at all, it was at 250 (bottom), and then saw-tooth graph came
into play...minutes later.

Thanks again!



 --**--**-
 To unsubscribe, e-mail: 
 users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat access log reveals hack attempt: HEAD /manager/html HTTP/1.0 404

2013-04-13 Thread Howard W. Smith, Jr.

On Apr 13, 2013 3:55 PM, Mark Eggers its_toas...@yahoo.com wrote:

 On 4/10/2013 5:47 PM, Howard W. Smith, Jr. wrote:

 Some legit 404s definitely show up for every enduser that access the
webapp
 via mobile device, because PrimeFaces has 2 files that no longer exist in
 the JAR file, and I just reported this in their Issue Tracker.

 127.0.0.1 - - [10/Apr/2013:20:00:54 -0400] GET
 /apple-touch-icon-precomposed.png HTTP/1.1 404 -
 127.0.0.1 - - [10/Apr/2013:20:00:54 -0400] GET /apple-touch-icon.png
 HTTP/1.1 404 -

 Also, netbeans IDE and start-stop-tomcat implementation results in the
 following:

 127.0.0.1 - - [10/Apr/2013:20:11:05 -0400] HEAD
 /netbeans-tomcat-status-test HTTP/1.1 404 -
 127.0.0.1 - - [10/Apr/2013:20:11:05 -0400] HEAD
 /netbeans-tomcat-status-test HTTP/1.1 404 -
 127.0.0.1 - - [10/Apr/2013:20:11:05 -0400] HEAD
 /netbeans-tomcat-status-test HTTP/1.1 404 -


 A little off-topic here . . .

 This is analogous to the favicon.ico file. Mobile devices (Android and
iOS at least) use these so you can create a bookmark on the desktop (or
whatever the mobile devices call it).

 So, make a nice icon (png, 100x100) for your site. Then users can
bookmark the site and put the link on the desktop.


Correct. I learned about this a few days ago, when I posted this as a
primefaces issue in primefaces mobile forum and issue tracker, a few days
ago. Someone responded with some URLs to blogs that discuss this. Now, I
know how to handle this and now I know this is not an issue. :-)

 And yes, NetBeans seems to do that in order to figure out when Tomcat
starts up (even if it's already started). It also issues a start command to
the manager application for your web application (even if autoDeploy=true).

 . . . . just my two cents.
 /mde/


Thanks!



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.39 randoms start and crash

Antoine Philippe,


On Fri, Apr 12, 2013 at 6:17 PM, antoine philippe chaker 
philippe.cha...@gmail.com wrote:

 Hi all,

 Caused by: java.lang.IllegalStateException: Unable to complete the scan for
 annotations for web application [/autodis] due to a StackOverflowError.
 Possible root causes include a too low setting for -Xss and illegal cyclic
 inheritance dependencies. The class hierarchy being processed was

 [org.bouncycastle.asn1.ASN1EncodableVector-org.bouncycastle.asn1.DEREncodableVector-org.bouncycastle.asn1.ASN1EncodableVector]


I think I've seen you in atmosphere google groups, so I wanted to listen in
on the outcome of this thread, but then I saw the error message above, and
it reminded me of the cyclic references I had in my app (even though this
seems to be tomcat code).

Since the error mention -Xss, can you share your java memory options to the
list?

FYI, your post just motivated me to ask a question in a separate topic,
since I'm using Tomcat 7.0.39 (via TomEE 1.6.0 snapshot) and Atmosphere
1.0.13 (snapshot).

java.net.SocketTimeoutException: Read timed out

After reading antoine philippe chaker's last email/post, that motivated me
to pose a question as well.

I am using Tomcat 7.0.39 (via TomEE 1.6.0 snapshot), Atmosphere 1.0.13
(snapshot...recently downloaded within the last week), and OmniFaces Gzip
filter, and Google Calendar API (v3).

A bit of background... hmmm, some weeks ago, I started using tomcat 7.0.39
along with google calendar API (v3) and Atmosphere 1.0.12, and I'm sure
requests to google calendar is about the same. Recently, I added Atmosphere
1.0.13, and I started experiencing issues related to adding events on
google calendar from my app.

Now, I'm sure, I could revert back to Atmosphere 1.0.12, and see how that
works for next few days. Also, I could check to make sure that there has
been no internet connection downtime to/for the server, especially when
these issues are occurring.

At any rate, the log seems to only record one exception, and then it seems
as though all subsequent attempts/requests (to google calendar) are failing
with some exception that is not being recorded in the logs. 3 or 4 days
ago, there was a different exception, but they both seemed somewhat related
to (JSON) http response.

The first time I experienced an issue, the exception started here (my code
is the last line below)

at
com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:159)
at
com.google.api.client.googleapis.json.GoogleJsonResponseException.execute(GoogleJsonResponseException.java:203)
at
com.google.api.client.googleapis.services.GoogleClient.executeUnparsed(GoogleClient.java:237)
at
com.google.api.client.http.json.JsonHttpRequest.executeUnparsed(JsonHttpRequest.java:207)
at
com.google.api.services.calendar.Calendar$Events$Insert.execute(Calendar.java:2775)
at
utils.googleCalendar.GoogleCalendarUtil.addEventToCalendar(GoogleCalendarUtil.java:134)

and then today, i experienced a different issue/exception (my code is the
last line below)

at com.google.api.client.http.HttpResponse.getContent(HttpResponse.java:380)
at
com.google.api.client.http.json.JsonHttpParser.parserForResponse(JsonHttpParser.java:118)
at
com.google.api.client.http.json.JsonHttpParser.parse(JsonHttpParser.java:90)
at com.google.api.client.http.HttpResponse.parseAs(HttpResponse.java:499)
at
com.google.api.services.calendar.Calendar$Events$Insert.execute(Calendar.java:2776)
at
utils.googleCalendar.GoogleCalendarUtil.addEventToCalendar(GoogleCalendarUtil.java:134)


The stack trace below is the exception that occurred today. Does this look
like a tomcat or google calendar issue? google calendar API has usage
limits, so I am leaning toward google calendar API, but please advise.


java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at sun.net.www.MeteredStream.read(Unknown Source)
at java.io.FilterInputStream.read(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(Unknown
Source)
at java.util.zip.CheckedInputStream.read(Unknown Source)
at java.util.zip.GZIPInputStream.readUByte(Unknown Source)
at java.util.zip.GZIPInputStream.readUShort(Unknown Source)
at java.util.zip.GZIPInputStream.readHeader(Unknown Source)
at java.util.zip.GZIPInputStream.init(Unknown Source)
at java.util.zip.GZIPInputStream.init(Unknown Source)
at com.google.api.client.http.HttpResponse.getContent(HttpResponse.java:380)
at
com.google.api.client.http.json.JsonHttpParser.parserForResponse(JsonHttpParser.java:118)
at
com.google.api.client.http.json.JsonHttpParser.parse(JsonHttpParser.java:90)
at com.google.api.client.http.HttpResponse.parseAs(HttpResponse.java:499)
at
com.google.api.services.calendar.Calendar$Events$Insert.execute(Calendar.java:2776)
at
utils.googleCalendar.GoogleCalendarUtil.addEventToCalendar(GoogleCalendarUtil.java:134)
at
utils.googleCalendar.GoogleCalendarUtil.deleteAndAddEvents(GoogleCalendarUtil.java:197)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at

Re: java.net.SocketTimeoutException: Read timed out

On Fri, Apr 12, 2013 at 7:45 PM, antoine philippe chaker 
philippe.cha...@gmail.com wrote:

 I think that Chuck is right : it has nothing to do with Tomcat, it's more a
 problem of communication between your webapp and the Google API.


Agreed. :)

Re: java.net.SocketTimeoutException: Read timed out

On Fri, Apr 12, 2013 at 7:25 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
  Subject: java.net.SocketTimeoutException: Read timed out

  The stack trace below is the exception that occurred today. Does this
 look
  like a tomcat or google calendar issue?

 It has nothing to do with Tomcat; it's your webapp that opened the
 connection to Google - Tomcat is completely unaware of it.  Whether it's a
 Google limitation or a bug in your webapp can't be determined from just the
 stack trace.  Best if you could get a network traffic capture for the
 incident and see if the request to Google is malformed, which might well
 result in the Google server ignoring it.

  - Chuck

I agree, Chuck. Honestly, I didn't think it was my app, but your response
lead me to believe that I may need to take a closer look at the (data I'm
sending in the) request. I know that I'm sending google-maps URLs in the
google calendar event description, and that may lead to this exception
(should have provided that earlier).

com.google.api.client.googleapis.json.GoogleJsonResponseException: 503
Service Unavailable
{
  code : 503,
  errors : [ {
domain : global,
message : Backend Error,
reason : backendError
  } ],
  message : Backend Error
}
at
com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:159)
at
com.google.api.client.googleapis.json.GoogleJsonResponseException.execute(GoogleJsonResponseException.java:203)
at
com.google.api.client.googleapis.services.GoogleClient.executeUnparsed(GoogleClient.java:237)
at
com.google.api.client.http.json.JsonHttpRequest.executeUnparsed(JsonHttpRequest.java:207)
at
com.google.api.services.calendar.Calendar$Events$Insert.execute(Calendar.java:2775)
at
utils.googleCalendar.GoogleCalendarUtil.addEventToCalendar(GoogleCalendarUtil.java:134)

 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java.net.SocketTimeoutException: Read timed out