Re: Question about custom JSSEImplementation
On Thu, Sep 22, 2016 at 4:07 PM, Mark Thomaswrote: > > It is only used by BIO which has been removed in 8.5.x. Even in 8.0.x I > don't see anywhere obvious it could help unless you: > a) set bindOnInit to false > and > b) start/stop the connector frequently > > In that case, it could speed up the connector start time. > > Mark > Thank you Mark, your feedback is of great help: we are using NIO connectors that are started once and we do not set/use bindOnInit so we can probably just get rid of this old legacy code. Thank you, Jacopo
Question about custom JSSEImplementation
Hi all, I am reviewing some legacy code in Apache OFBiz [*], in the attempt to simplify its integration with Tomcat 8.0.+ and in preparation to upgrade to Tomcat 8.5.+. I have noticed that OFBiz, which starts a Tomcat instance in embedded mode, uses a legacy class that extends the Tomcat's JSSEImplementation class. This implementation, in particular, overrides the getServerFactory(...) method to save an instance of ServerSocketFactory and return it if already set [**]. Unfortunately I don't know enough about Tomcat internals to understand if the OFBiz implementation makes any sense: do you have any feedback to share on how this code could affect the behavior of Tomcat? Maybe a difference in performance in the setup of an encrypted connection? As a side note, OFBiz seems to work fine even when I switch to the Tomcat standard implementation by setting: sslImplementationName=org.apache.tomcat.util.net.jsse.JSSEImplementation Thanks in advance, Jacopo [*] http://ofbiz.apache.org/ [**] the OFBiz legacy implementation (simplified) of JSSEImplementation: public class SSLImpl extends JSSEImplementation { protected ServerSocketFactory ssFactory = null; @Override public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) { if (this.ssFactory == null) { this.ssFactory = (new JSSEImplementation()).getServerSocketFactory(endpoint); } return ssFactory; } }
Re: Enabling X-XSS-Protection
Hi Mark, I have created a ticket and attached a patch to it: https://bz.apache.org/bugzilla/show_bug.cgi?id=58735 Thanks, Jacopo On 08/10/2015, Mark Thomas wrote: > On 08/10/2015, Jacopo Cappellato wrote: >>... >> Do you think that HttpHeaderSecurityFilter should be enhanced to support >> this (I could provide a patch for this)? Is there another way? > A patch to add support for this header would be great. > Mark
Enabling X-XSS-Protection
Hi all, I am looking for a way to add the X-XSS-Protection header (*) to the response from Tomcat. I am currently using the Tomcat's HttpHeaderSecurityFilter that allows to setup other useful security related headers but it doesn't seem to support the X-XSS-Protection header (**). Do you think that HttpHeaderSecurityFilter should be enhanced to support this (I could provide a patch for this)? Is there another way? Thanks in advance, Jacopo (*) https://www.owasp.org/index.php/List_of_useful_HTTP_headers (**) https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html
Re: Issue running Websockets JSR356 with Tomcat 7.0.50 Embedded
Any hints? I would really appreciate if someone could provide some pointers (e.g. classes involved etc) about the implementation of the mechanism used to discover and deploy endpoints; I will then try to study the code in order to figure out why it doesn't work when I set jarScanner.setScanClassPath(false) Thanks, Jacopo On Feb 14, 2014, at 7:58 PM, Jacopo Cappellato jacopo.cappell...@gmail.com wrote: Here is the client code that I use to recreate the problem: public static void main(String[] args) throws Exception { String currentDir = new File(.).getCanonicalPath(); String tomcatDir = currentDir + File.separatorChar + tomcat; String webRoot = currentDir + File.separatorChar + examples; Tomcat tomcat = new Tomcat(); tomcat.setBaseDir(tomcatDir); tomcat.setPort(8080); tomcat.addWebapp(/examples, webRoot); // this code gets the JarScanner and sets scanClassPath to false: // with this setting the websockets are not deployed Container[] containers = tomcat.getService().getContainer().findChildren(); StandardHost host = (StandardHost)containers[0]; containers = host.findChildren(); StandardContext ctx = (StandardContext)containers[0]; StandardJarScanner jarScanner = (StandardJarScanner)ctx.getJarScanner(); jarScanner.setScanClassPath(false); // if this is set to true the websockets are deployed successfully tomcat.start(); while (true) { Thread.sleep(9); } } I run this code from a folder containing the examples webapp and the Tomcat jars. Is there a way to deploy successfully the websockets with setScanClassPath(false) ? Thanks, Jacopo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue running Websockets JSR356 with Tomcat 7.0.50 Embedded
On Feb 25, 2014, at 4:20 PM, Mark Thomas ma...@apache.org wrote: On 25/02/2014 15:14, Jacopo Cappellato wrote: Any hints? I would really appreciate if someone could provide some pointers (e.g. classes involved etc) about the implementation of the mechanism used to discover and deploy endpoints; I will then try to study the code in order to figure out why it doesn't work when I set jarScanner.setScanClassPath(false) Presumably because the Endpoints you are trying to deploy are not part of the web application (i.e. in WEB-INF/classes or WEB-INF/lib) and loaded by the web application but are on the class path. Well, actually in my unit test (posted in this thread) I am deploying the examples application of Tomcat, and the websockets in it are under the WEB-INF folder. Jacopo Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Websocket classes in tomcat-embed-core-7.0.52.jar
On Feb 20, 2014, at 9:10 AM, Ralph Schaer ralphsch...@gmail.com wrote: Hi The embedded core jar 7.0.52 no longer contains the websocket classes. It only contains an empty org.apache.tomcat.websocket package Version 7.0.50 of the embedded core contains all the websocket classes. Is this a intentional change or maybe a bug in the build process? This is true, however the embedded distribution now has a separate jar with the websockets implementation: tomcat7-embed-websocket.jar Jacopo Ralph - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue running Websockets JSR356 with Tomcat 7.0.50 Embedded
Here is the client code that I use to recreate the problem: public static void main(String[] args) throws Exception { String currentDir = new File(.).getCanonicalPath(); String tomcatDir = currentDir + File.separatorChar + tomcat; String webRoot = currentDir + File.separatorChar + examples; Tomcat tomcat = new Tomcat(); tomcat.setBaseDir(tomcatDir); tomcat.setPort(8080); tomcat.addWebapp(/examples, webRoot); // this code gets the JarScanner and sets scanClassPath to false: // with this setting the websockets are not deployed Container[] containers = tomcat.getService().getContainer().findChildren(); StandardHost host = (StandardHost)containers[0]; containers = host.findChildren(); StandardContext ctx = (StandardContext)containers[0]; StandardJarScanner jarScanner = (StandardJarScanner)ctx.getJarScanner(); jarScanner.setScanClassPath(false); // if this is set to true the websockets are deployed successfully tomcat.start(); while (true) { Thread.sleep(9); } } I run this code from a folder containing the examples webapp and the Tomcat jars. Is there a way to deploy successfully the websockets with setScanClassPath(false) ? Thanks, Jacopo On Feb 13, 2014, at 6:47 PM, Jacopo Cappellato jacopo.cappell...@gmail.com wrote: Hello all, I did further tests and I have now implemented a test client that executes a Tomcat embedded instance that is successfully running websockets. The client code resembles quite closely what we are doing in OFBiz to prepare the Tomcat instance... and I think I have found the settings that is causing the issue in OFBiz. When in OFBiz we create the Context objects we set in their JarScanner (we use the StandardJarScanner): setScanClassPath(false) I have noticed that if in my test client I set the same the websockets are not mounted; they only work with setScanClassPath(true). Since I doubt we will be able to set it to true in OFBiz, I would really appreciate if you could provide some hints about the mechanism that Tomcat uses to deploy websockets. Am I completely off track? Thanks, Jacopo On Jan 29, 2014, at 4:42 PM, Jacopo Cappellato jacopo.cappell...@gmail.com wrote: Hello all, I am trying to deploy and use Websockets using the Tomcat 7.0.50 *Embedded* distribution [*]. Some more details on my environment: * I have the following jars in my classpath: ** tomcat-7.0.50-tomcat-embed-core.jar ** tomcat-7.0.50-tomcat-embed-jasper.jar ** tomcat-7.0.50-tomcat-embed-logging-log4j.jar ** tomcat-7.0.50-tomcat7-websocket.jar ** tomcat-7.0.50-websocket-api.jar ** ecj-4.2.2.jar ** annotations-api-3.0.jar ** jsp-api-2.2.jar ** servlet-api-3.0.jar * I have mounted the examples webapp that comes with Tomcat (Core distribution) using the Embedded Tomcat instance: all the examples work fine (including the websocket-deprecated ones) except for the Websockets JSR356 ones When I try to run the Websockets JSR356 examples, when I try to Connect (either using the programmatic API or the annotation API) I get the message: Info: WebSocket connection closed. Nothing appears in the console. Any hints would be greatly appreciated. Thanks in advance Jacopo [*] The reason I am using the Embedded version of Tomcat is that I am trying to add support for Websockets to Apache OFBiz (ofbiz.apache.org) and OFBiz runs Tomcat in embedded mode. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue running Websockets JSR356 with Tomcat 7.0.50 Embedded
Hello all, I did further tests and I have now implemented a test client that executes a Tomcat embedded instance that is successfully running websockets. The client code resembles quite closely what we are doing in OFBiz to prepare the Tomcat instance... and I think I have found the settings that is causing the issue in OFBiz. When in OFBiz we create the Context objects we set in their JarScanner (we use the StandardJarScanner): setScanClassPath(false) I have noticed that if in my test client I set the same the websockets are not mounted; they only work with setScanClassPath(true). Since I doubt we will be able to set it to true in OFBiz, I would really appreciate if you could provide some hints about the mechanism that Tomcat uses to deploy websockets. Am I completely off track? Thanks, Jacopo On Jan 29, 2014, at 4:42 PM, Jacopo Cappellato jacopo.cappell...@gmail.com wrote: Hello all, I am trying to deploy and use Websockets using the Tomcat 7.0.50 *Embedded* distribution [*]. Some more details on my environment: * I have the following jars in my classpath: ** tomcat-7.0.50-tomcat-embed-core.jar ** tomcat-7.0.50-tomcat-embed-jasper.jar ** tomcat-7.0.50-tomcat-embed-logging-log4j.jar ** tomcat-7.0.50-tomcat7-websocket.jar ** tomcat-7.0.50-websocket-api.jar ** ecj-4.2.2.jar ** annotations-api-3.0.jar ** jsp-api-2.2.jar ** servlet-api-3.0.jar * I have mounted the examples webapp that comes with Tomcat (Core distribution) using the Embedded Tomcat instance: all the examples work fine (including the websocket-deprecated ones) except for the Websockets JSR356 ones When I try to run the Websockets JSR356 examples, when I try to Connect (either using the programmatic API or the annotation API) I get the message: Info: WebSocket connection closed. Nothing appears in the console. Any hints would be greatly appreciated. Thanks in advance Jacopo [*] The reason I am using the Embedded version of Tomcat is that I am trying to add support for Websockets to Apache OFBiz (ofbiz.apache.org) and OFBiz runs Tomcat in embedded mode. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Issue running Websockets JSR356 with Tomcat 7.0.50 Embedded
Hello all, I am trying to deploy and use Websockets using the Tomcat 7.0.50 *Embedded* distribution [*]. Some more details on my environment: * I have the following jars in my classpath: ** tomcat-7.0.50-tomcat-embed-core.jar ** tomcat-7.0.50-tomcat-embed-jasper.jar ** tomcat-7.0.50-tomcat-embed-logging-log4j.jar ** tomcat-7.0.50-tomcat7-websocket.jar ** tomcat-7.0.50-websocket-api.jar ** ecj-4.2.2.jar ** annotations-api-3.0.jar ** jsp-api-2.2.jar ** servlet-api-3.0.jar * I have mounted the examples webapp that comes with Tomcat (Core distribution) using the Embedded Tomcat instance: all the examples work fine (including the websocket-deprecated ones) except for the Websockets JSR356 ones When I try to run the Websockets JSR356 examples, when I try to Connect (either using the programmatic API or the annotation API) I get the message: Info: WebSocket connection closed. Nothing appears in the console. Any hints would be greatly appreciated. Thanks in advance Jacopo [*] The reason I am using the Embedded version of Tomcat is that I am trying to add support for Websockets to Apache OFBiz (ofbiz.apache.org) and OFBiz runs Tomcat in embedded mode. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue running Websockets JSR356 with Tomcat 7.0.50 Embedded
Thank you Mark! Please see inline: On Jan 29, 2014, at 4:50 PM, Mark Thomas ma...@apache.org wrote: On 29/01/2014 15:42, Jacopo Cappellato wrote: Hello all, I am trying to deploy and use Websockets using the Tomcat 7.0.50 *Embedded* distribution [*]. Java version? 1.7.0_40 Some more details on my environment: * I have the following jars in my classpath: ** tomcat-7.0.50-tomcat-embed-core.jar ** tomcat-7.0.50-tomcat-embed-jasper.jar ** tomcat-7.0.50-tomcat-embed-logging-log4j.jar ** tomcat-7.0.50-tomcat7-websocket.jar ** tomcat-7.0.50-websocket-api.jar ** ecj-4.2.2.jar ** annotations-api-3.0.jar ** jsp-api-2.2.jar ** servlet-api-3.0.jar * I have mounted the examples webapp that comes with Tomcat (Core distribution) using the Embedded Tomcat instance: all the examples work fine (including the websocket-deprecated ones) except for the Websockets JSR356 ones I think you may have duplicated some classes there. Some of those API JARs may not be required. When I try to run the Websockets JSR356 examples, when I try to Connect (either using the programmatic API or the annotation API) I get the message: Info: WebSocket connection closed. Nothing appears in the console. The HTTP headers send and received would help you to debug / enable us to provide you with some pointers. The error I am getting in the browser is the following: [Error] WebSocket connection to 'ws://localhost:8080/examples/websocket/echoAnnotation' failed: Unexpected response code: 404 (echo.xhtml, line 0) It seems like the endpoint was not mounted but I amy be wrong. Thanks, Jacopo Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Fine tune or disable JMX activity
Hi all, I am a committer of the Apache OFBiz project; OFBiz uses Tomcat 7.0.28 in embedded mode. While doing some profiling with Java VisualVM I have noticed that a lot of object (java.util.TreeMap$Entry) are created even when there is no traffic; they don't represent a memory leak because a garbage collection removes them all, but the still grow at a very high pace; they seem to be generated by JMX support in Tomcat. Is it possible? Is there a way to disable JMX related activity (if not needed, of course)? I am worried that this could cause an unnecessary waste of server resources (more frequent GCs etc...). Thanks in advance, Jacopo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fine tune or disable JMX activity
On Jun 22, 2012, at 5:11 PM, Pid wrote: On 22/06/2012 16:09, Jacopo Cappellato wrote: Hi all, I am a committer of the Apache OFBiz project; OFBiz uses Tomcat 7.0.28 in embedded mode. While doing some profiling with Java VisualVM I have noticed that a lot of object (java.util.TreeMap$Entry) are created even when there is no traffic; they don't represent a memory leak because a garbage collection removes them all, but the still grow at a very high pace; they seem to be generated by JMX support in Tomcat. Can you explain a little about how you concluded that Tomcat's JMX support is responsible? I am actually not sure if Tomcat is responsible for this (it could actually be completely unrelated); I think it is related to JMX because I have found that most of the objects are created in the following stack: https://cwiki.apache.org/confluence/download/attachments/27850262/profiler-snapshot.png Regards, Jacopo p Is it possible? Is there a way to disable JMX related activity (if not needed, of course)? I am worried that this could cause an unnecessary waste of server resources (more frequent GCs etc...). Thanks in advance, Jacopo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fine tune or disable JMX activity
On Jun 22, 2012, at 5:45 PM, Caldarale, Charles R wrote: So let's see... you're using VisualVM which depends on JMX to retrieve the information it reports, and you want to disable JMX? I think you're observing self-induced behavior. ah ah, yes I think you are quite right and it was a dumb question indeed. By the way, thank you, it helped me. Jacopo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: OutOfMemoryError happening in embedded instance of Tomcat 6 (Apache OFBiz project)
Filip, thank you for your help. Your suggestion actually helped to identify the root of our issues: it was not related to Tomcat 6 but instead it was an issue in the version of DBCP we were using (a snapshot of November 2007); we have upgraded it to the HEAD and the errors seem gone away (we are running some load testing sessions right now). Thanks so much and sorry for the off-topic. Jacopo On Jul 7, 2008, at 6:03 PM, Filip Hanik - Dev Lists wrote: just use the -XX:+HeapDumpOnOutOfMemoryError and see what is causing the OOME Filip Jacopo Cappellato wrote: Hi all, I am one of the committers and PMC member of the Apache OFBiz project (ofbiz.apache.org). Our project is using an embedded instance of Tomcat to run the web applications that compose the OFBiz suite of ERP applications. A few weeks ago, with rev. 659490, we have upgraded Tomcat from to 5.5.23 to 6.0.16. Since then, we have noticed in some production server some OutOfMemoryError: Java heap space exceptions that make the instances pretty unstable after some time they are up. My suspect is that we are not creating the Tomcat instance in the right way, but I am not sure where is the error... and I'm not sure about the question I should ask here. However, maybe someone of you could help with some advices or hints. This is the code we used to create the instance of Tomcat 5.5.23 (that was working fine): http://svn.apache.org/viewvc/ofbiz/trunk/framework/catalina/src/org/ofbiz/catalina/container/CatalinaContainer.java?revision=585848view=markup and this is the new code for 6.0.16: http://svn.apache.org/viewvc/ofbiz/trunk/framework/catalina/src/org/ofbiz/catalina/container/CatalinaContainer.java?view=markup Thanks so much, Jacopo - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OutOfMemoryError happening in embedded instance of Tomcat 6 (Apache OFBiz project)
Hi all, I am one of the committers and PMC member of the Apache OFBiz project (ofbiz.apache.org). Our project is using an embedded instance of Tomcat to run the web applications that compose the OFBiz suite of ERP applications. A few weeks ago, with rev. 659490, we have upgraded Tomcat from to 5.5.23 to 6.0.16. Since then, we have noticed in some production server some OutOfMemoryError: Java heap space exceptions that make the instances pretty unstable after some time they are up. My suspect is that we are not creating the Tomcat instance in the right way, but I am not sure where is the error... and I'm not sure about the question I should ask here. However, maybe someone of you could help with some advices or hints. This is the code we used to create the instance of Tomcat 5.5.23 (that was working fine): http://svn.apache.org/viewvc/ofbiz/trunk/framework/catalina/src/org/ofbiz/catalina/container/CatalinaContainer.java?revision=585848view=markup and this is the new code for 6.0.16: http://svn.apache.org/viewvc/ofbiz/trunk/framework/catalina/src/org/ofbiz/catalina/container/CatalinaContainer.java?view=markup Thanks so much, Jacopo - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]