Re: JVM keystores and CA

2018-10-16 Thread Jose María Zaragoza
Hi

El mar., 16 oct. 2018 a las 1:49, Igor Cicimov () escribió:
>
> Hi all,
>
> I just want to clarify something that I've been seeing behave differently
> on various Java versions during the years. In case we have the following
> setting:
>
> -Djavax.net.ssl.trustStore=/keystore/truststore.jks"
>
> in Tomcat's default config file, is JVM suppose to fall back to the global
> CA store on the server under /etc/ssl/certs for verification in case *any*
> of the certificates returned by a trusted domain are not present in the
> above JKS store? By any I mean, all the certs in the chain returned by the
> SSL handshake.
>
> For example, lets say we have a situation like this:
>
> DigiCert Global Root G2 -> RapidSSL TLS RSA CA G1 -> CN=*.mydomain.com
>
> Lets say I have imported the *CN=*.mydomain.com *
> certificate in the truststore.jks, the question is is JVM going to look
> under /etc/ssl/certs for RapidSSL in order to validate the CN signature and
> then for DigiCert to validate the RapidSSL cert?
>
> As I said I had a mixed luck with this over the years, sometimes it works
> as (I) expect it to work i.e. verify the certs by looking at the system CA
> store and sometimes this is not the case.

My experience is that if you store a server certificate in the
truststore.jks , don't search anyone more.
This behaviour makes sense for me because you are saying that you
trust in that certificate because you verified ( by other means ) it
before
Even if certificate is expired ( and server send it expired too,
obviously ) , I think that is validated as trusted

Regards






>
> Thanks for any help/insites.
>
> Igor

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Alias name does not identify a key entry

2018-06-26 Thread Jose María Zaragoza
El mar., 26 jun. 2018 a las 17:03, Cybulski, Adam M
() escribió:
>
>
> Hello, I'm using Tomcat 8.5.4, on a server 2008R2 machine,  and I'm unable to 
> start the SSL connector.
>
> My connector syntax is as follows:
>
>   connectionTimeout="2"
>redirectPort="8443" />
>
>protocol="HTTP/1.1"
>maxThreads="150"
>scheme="https"
>secure="true"
>SSLEnabled="true"
>keystoreFile="c:\tomcat8\meg.keystore"
>keystorePass="keystorepass"
>keyAlias="meg" />
>
> To which I receive this error in Catalina.log:
>
> SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize 
> end point associated with ProtocolHandler ["https-openssl-nio-8443"]
>  java.lang.IllegalArgumentException: java.io.IOException: Alias name meg does 
> not identify a key entry
>
> However, meg is in my keystore:
>
>
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 3 entries
>
> root, Jun 25, 2018, trustedCertEntry,
> Certificate fingerprint (SHA1): 
> 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:
> 68:85:18:68
> meg, Jun 25, 2018, trustedCertEntry,
> Certificate fingerprint (SHA1): 
> 72:66:E4:05:94:C4:5B:4A:8A:26:20:F1:C5:7D:73:3B:
> 6F:24:D1:59
> tomcat, Jun 25, 2018, PrivateKeyEntry,
> Certificate fingerprint (SHA1): 
> AC:D9:3B:37:E4:37:A3:E7:D2:27:D1:CF:88:D3:79:70:
> 84:C8:16:82
>
> I used these steps to manage the certs:
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore c:\Tomcat8\meg.keystore
>
> keytool -certreq -keyalg RSA -alias tomcat -file c:\tomcat8\tomcatreq.csr 
> -keystore c:\Tomcat8\meg.keystore
>
> Sent CSR to InCommon CA, downloaded x509 certificate, and x509 
> intermedites/root certificates.
>
> keytool -import -alias root -keystore c:\Tomcat8\meg.keystore -trustcacerts 
> -file "C:\Tomcat8\meg_library_albany_edu_interm.cer"
>
> keytool -import -alias meg -keystore c:\Tomcat8\meg.keystore -file 
> "C:\Tomcat8\meg_library_albany_edu_cert.cer"
>
> Any help you can give me in resolving this error is greatly appreciated.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Hi

I guess that meg entry should be a PrivateKeyEntry ( public
certificate + private key ) , not a trustedCertEntry
I think that meg_library_albany_edu_cert.cer only contains a public certificate

Honestly, I use openssl to create .p12 key stores
Something like

openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out
KEYSTORE.p12 -name "meg" -CAfile MY-CA-CERT.crt -caname myCA -chain

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat SSL issue

2017-10-09 Thread Jose María Zaragoza
2017-10-09 17:01 GMT+02:00 John Ellis :

> I posted questions about this a couple of weeks ago I think it was. I have
> been trying to get Tomcat running on a secure port with a valid SSL
> certificate. We finally got version 9.0.0.M20 setup successfully on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I go
> through all the steps using the keytool commands to submit a certificate
> (we use Cacert.org) and try to plug that certificate into the mix it
> doesn’t work. I still get an error message telling me that I will have to
> create an exception to go to that IP address and port. Last Friday I even
> deleted the certificate and all the keystore file, etc. and got the same
> exact error. So it appears that Tomcat is not seeing the certificate at all
> since I get the same error about having to add an exception whether or not
> I have a valid certificate in place on the server.
>
> The lines we added to the server.xml file to get the secure port working
> are-
>
>
>
> 
>   maxThreads="150" scheme="https" secure="true"
>
>   clientAuth="false" sslProtocol="TLS"
>
> keystoreFile="/home/tomcat9.0.
> 0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks"
>
> keystorePass="changeit" />
>


Maybe you should use  element, do you ?

Read:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

Each secure connector must define at least one *SSLHostConfig*





>
>
> John Ellis
>
>
>
> 405.285.2500 office
>
>
>
> [image: United States]
>
> [image: bize-logo-rgb-original_Ryan_Revised_portal size][image:
> cid:image002.jpg@01CECFDA.65B42CD0]
>
>
>
> http://biz-e.io
>
>
>


Re: 2 Way SSL integration with Webservices - Inbound connection not trusted

2017-08-16 Thread Jose María Zaragoza
Hi:

2017-08-16 6:59 GMT+02:00 Vinoth Raja :
> Hi Chris,
>
> In the above conversation, the server presents the list of acceptable
> client certificates to the client. Does that happen for you?
>
> [ Yes . It prints the list of acceptable certificate when
> certificateVerification is set to required. It prints the acceptable
> certificates from cacerts.

Sorry for this semi-offtopic ,
but I'm interested about the list of DN of CA sent by TLS server in
SERVER HELLO message.
I mean the list under "Acceptable client certificate CA names" header
(output text in Cris' mail )

How I can set it in Tomcat 8.5 ? Does it works either JSSE & native TLS ?
How is the client behaviour if it doesnt have an certificate signed by
an "acceptable CA" ?

Thanks and regards


> Application is not reachable from browser once certificateVerification is
> set to required. It shows "ERR_BAD_SSL_CLIENT_AUTH_CERT".
> I have tried setting different trustStore from setenv.bat but doesnt seems
> to take effect]
>
>
>> Can I set the truststore in SSLContext before making outbound call?
>> will it trust the client request.
>
> What outbound call? Tomcat only handles incoming HTTP/TLS connections.
> [i meant the web service call. yes I am talking about trusting the incoming
> TLS connection]
>
> On Wed, Aug 16, 2017 at 12:34 AM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Vinoth,
>>
>> On 8/15/17 11:42 AM, Vinoth Raja wrote:
>> > clientAuth="true" Is not valid attribute for connector in tomcat
>> > 8.5.15. I have tried setting certificateVerifucation as required
>> > but application URL is not reachable and it was complaining about
>> > certificate.
>>
>> Does the browser prompt for a certificate?
>>
>> If you use "openssl s_client -connect [hostname]:[port]" does the
>> connection show that trusted certificates are presented?
>>
>> For example:
>>
>> $ openssl s_client -connect host:port
>>
>> CONNECTED(0003)
>> [server certificate]
>>
>> Acceptable client certificate CA names
>> /CN=client-certificate1
>> /CN=client-certificate2
>> ...
>> Requested Signature Algorithms:
>> RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RS
>> A+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+
>> SHA1:DSA+SHA1:ECDSA+SHA1
>> Shared Requested Signature Algorithms:
>> RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RS
>> A+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+
>> SHA1:DSA+SHA1:ECDSA+SHA1
>> Peer signing digest: SHA512
>> Server Temp Key: ECDH, P-256, 256 bits
>> - ---
>> SSL handshake has read 2582 bytes and written 138 bytes
>> - ---
>> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>> Server public key is 4096 bit
>> Secure Renegotiation IS supported
>> Compression: NONE
>> Expansion: NONE
>> No ALPN negotiated
>> SSL-Session:
>> Protocol  : TLSv1.2
>> Cipher: ECDHE-RSA-AES256-GCM-SHA384
>> Session-ID:
>> Session-ID-ctx:
>> Master-Key: [session key]
>> Key-Arg   : None
>> PSK identity: None
>> PSK identity hint: None
>> SRP username: None
>> Start Time: 1502814654
>> Timeout   : 300 (sec)
>> Verify return code: 10 (certificate has expired)
>> - ---
>> [DISCONNECT]
>>
>> In the above conversation, the server presents the list of acceptable
>> client certificates to the client. Does that happen for you?
>>
>> > Can I set the truststore in SSLContext before making outbound call?
>> > will it trust the client request.
>>
>> What outbound call? Tomcat only handles incoming HTTP/TLS connections.
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlmTIpIACgkQHPApP6U8
>> pFga/g/8DIfIj6QoCQeMaMu3EoPJO2VjCHfCj11OoxXMkWr3NRlbXPkmtEYo6lQ6
>> qBeokSYok+OrLXlY6EM40ofq5rU/5kTzNf4kb116d5na8gz+9DoaVaDC5S+LNzjH
>> dKSu2eQXSZA+6OHSo55mH0AGQ1dyY9sZlySCqEJpOSYZMx61lZLz3NjUZqZEZ1wH
>> BYeLv1VXHhnB59oyEJNuSaUBlST7iinjfGya/T16/H61gQCV3Sz+aIkmv1IWT82A
>> kVYK7UasYg119wKk/2lJskYqloULngGWIbdZo+BrGoSyvBs0BKipErgSBIKwVFVD
>> KmTsXPzrftnSmvKuTJgI45QiEYLtWqzVsJof8q2oaGId+KnPJl+HiOAhvIXFaYg5
>> 3zsZfi9JRZwJu59CYwew+UVX/+ogwMhjDMgCMsceaGaXqiTwni0T95s2GqSbbUwr
>> HSwzXiyCHs7Kh8foWSmrDbrS0OZ1Rs3BvR2vhHMpmvjLxSMbtY0QwUK9arzmcRxJ
>> +PWlUlAkZaILcwLo5GR1LVNZzx71l5gYcC8FHQZkeBTmH8Rzedvi5riu2g6suRC2
>> T37R0u1iZ7iQTWNH0jLCHZyOWwy1La0fD7t6er7oB3Rq1F+2njNw/gIkLwRWni3V
>> YQo+KjoHP5v9ao7tA6Qjs76vqfnj9r1C7IplYeCEbecTnLNTF/w=
>> =0zTG
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: 

Re: Error 404 - The requested resource is not available

2017-01-11 Thread Jose María Zaragoza
2017-01-11 22:49 GMT+01:00 fonsin2008 . :
> Hi all!
>
> First, I need to say that I'm new(ignorant) with Tomcat. One of our
> systems is written with tomcat, but today something went wrong and the
> following error appears on the webpage:
>
> --Estado HTTP 404 - /evaluacion/WEB-INF/pages/login/forma_login.jsp
> --__
> --type Informe de estado
> --mensaje /evaluacion/WEB-INF/pages/login/forma_login.jsp
> --descripción El recurso requerido no está disponible.
> --
> --Apache Tomcat/6.0.37
>
> The file exists on the virtualserver, at
>
> home/desarrollo/produccioncbi/virtualhost/cbi_desarrollo/evaluacion/WEB-INF/pages/login
>
> And:
> ls -l
> -rw-r--r-- 1  desarrollo 3744 feb 11  2015 forma_login.jsp
>
> the evaluacion.war file lives at
> /home/desarrollo/produccioncbi/virtualhost/cbi_desarrollo
>
> And in /WEB-INF/classes/struts.xm I found:
> ./WEB-INF/classes/struts.xml:   name="forma_login">/WEB-INF/pages/login/forma_login.jsp
>
> So, I can't figure out why this error appears. May be I'm missing
> something obvious. I also googled it, but I only found permission
> errors and wrong paths.
>

Maybe you must paste more text from struts.xml, for example, element
wrapping 
I guess you are invoking a wrong URL ( probably you should invoke an
action or something like this )




> If you need some additional information, feel free to ask.
>
> Thank you guys for your time!
>
> Jesus Mager
> [www.h1n1-al.blogspot.com]
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: How do deal with 'sslv3 alert handshake failure'?

2016-09-27 Thread Jose María Zaragoza
2016-09-27 16:29 GMT+02:00 Persson, Magnus (SE-TLX)
:
> Hi,
>
> We started out with tomcat 7.0.35 and got that running with our REST
> servlet.
>
> When we upgraded to tomcat 7.0.63 we got this error when we tried to
> create a new session:
>
> {
>  "message": "[Errno 1] _ssl.c:507: error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"
> }
>
> Through Google we found out that we needed to add "SSLv2Hello" to the
> enabled protocols so we changed our connector in server.xml like this
> (only added SSLv2Hello):
>
>  maxThreads="150" scheme="https" secure="true"
> keystoreFile="${catalina.base}/conf/keystore"
> keystorePass="*" clientAuth="false"
> sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"
> URIEncoding="UTF-8" />
>
> We upgraded to tomcat 7.0.68 and it works fine with above connector in
> server.xml
>
> When we upgraded to tomcat 7.0.70 we got the sslv3 error again even
> though we have SSLv2Hello in the enabled protocols:
>
> {
>  "message": "[Errno 1] _ssl.c:507: error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"
> }
>
> What do we need to change in the server.xml file to bypass the ssl3
> error this time?

Hello:


I'm not sure but you can try these options:

http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames


Note that SSLv2 and SSLv3 are inherently unsafe.

>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: TLS 1.2 Handshake on Tomcat 7.0.39 Getting Internal Error: Key format must be RAW

2016-09-21 Thread Jose María Zaragoza
2016-09-21 19:16 GMT+02:00 André Warnier (tomcat) :
> On 21.09.2016 18:49, Christopher Schultz wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Ron,
>>
>> On 9/21/16 11:58 AM, Roskens, Ronald wrote:

 -Original Message- From: Christopher Schultz
 [mailto:ch...@christopherschultz.net] Sent: Wednesday, September
 21, 2016 9:40 AM To: Tomcat Users List Subject: Re: TLS 1.2
 Handshake on Tomcat 7.0.39 Getting Internal Error: Key format
 must be RAW

>>>
>>> 
>>>
 This may be the most promising page on the Internet, but of
 course Red Hat wants you to pay to read it:

 https://access.redhat.com/solutions/1309153

 I can't see the "verified solution", or I'd reprint it here
 without permission :)
>>>
>>>
>>> The resolution says to either disable TLS 1.2 or FIPS mode.
>>>
>>> The root cause is the PKCS#11 implementation included in Java 7 and
>>> 8 does not support TLS 1.2 when in FIPS mode as documented in
>>> OpenJDK bug JDK-8029661
>>> (https://bugs.openjdk.java.net/browse/JDK-8029661)
>>>
>>> See also:
>>> https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/F
>>
>> IPS.html
>>
>> Thanks
>>>
>>>
>> for posting this.
>>
>> Good old FIPS: hobbling real security since 1994.
>>
>
> Thanks also, but does this explain fully the symptoms seen by the OP ?  As I
> recall, he had 3 apparently similar servers, configured similarly, but where
> 2 were seeing the problem and the third one not.
> Or was there another difference which he did not tell us about, and where ?
>
>

I'd try to run

cat /proc/sys/crypto/fips_enabled












>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [jdbc-pool] Validation query leaves transaction open

2016-08-12 Thread Jose María Zaragoza
2016-08-12 13:46 GMT+02:00 John Huss <johnth...@gmail.com>:
> In every database I have used every query requires a transaction. Often
> they will start them automatically if you don't do it explicitly.

Right , but I guess that Tomcat uses JDBC connections and I wonder why
for executing validationQuery sentence, Tomcat doesn't use autocommit
= true setting


> On Fri, Aug 12, 2016 at 4:13 AM Jose María Zaragoza <demablo...@gmail.com>
> wrote:
>
>> 2016-08-11 21:33 GMT+02:00 John Huss <johnth...@gmail.com>:
>> > I have verified that in version 8.0.36 of tomcat jdbc the validation
>> query
>> > functionality does not commit the transaction it starts in order to run
>> the
>> > validation query, which can cause an open transaction for a very long
>> time
>> > (possibly until the database crashes).  This seems to be especially
>> > problematic if you have a large pool where the connections are idle for a
>> > large period of time.
>> >
>> > I also tested against version 9.0.0M9, and in that version the problem is
>> > fixed.  However, nothing about this appears in the release notes for any
>> > version (9.0, 8.5, or 8.0).  If this bug has indeed been fixed it should
>> be
>> > documented in the release notes.  Also, back-porting the fix to the 8.0
>> > branch would be very helpful.
>> >
>> > For the time being I am working around the problem by changing my
>> > validation query from "SELECT 1" to be "SELECT 1; COMMIT" (using
>> > postgresql).  This prevents the issue.
>>
>>
>> I wonder why a validationQuery needs to open a new transaction
>>
>>
>> >
>> > This was reported previously (three years ago) here:
>> >
>> https://mail-archives.apache.org/mod_mbox/tomcat-users/201301.mbox/%3CCAPw873vy%2B9kWMQiFPbnTX6g1FSQ8oTVhDJ3Zagp9UkUZ3d5qjw%40mail.gmail.com%3E
>> >
>> > Thanks,
>> > John
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [jdbc-pool] Validation query leaves transaction open

2016-08-12 Thread Jose María Zaragoza
2016-08-11 21:33 GMT+02:00 John Huss :
> I have verified that in version 8.0.36 of tomcat jdbc the validation query
> functionality does not commit the transaction it starts in order to run the
> validation query, which can cause an open transaction for a very long time
> (possibly until the database crashes).  This seems to be especially
> problematic if you have a large pool where the connections are idle for a
> large period of time.
>
> I also tested against version 9.0.0M9, and in that version the problem is
> fixed.  However, nothing about this appears in the release notes for any
> version (9.0, 8.5, or 8.0).  If this bug has indeed been fixed it should be
> documented in the release notes.  Also, back-porting the fix to the 8.0
> branch would be very helpful.
>
> For the time being I am working around the problem by changing my
> validation query from "SELECT 1" to be "SELECT 1; COMMIT" (using
> postgresql).  This prevents the issue.


I wonder why a validationQuery needs to open a new transaction


>
> This was reported previously (three years ago) here:
> https://mail-archives.apache.org/mod_mbox/tomcat-users/201301.mbox/%3CCAPw873vy%2B9kWMQiFPbnTX6g1FSQ8oTVhDJ3Zagp9UkUZ3d5qjw%40mail.gmail.com%3E
>
> Thanks,
> John

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Increased memory consumption due to url encoding

2016-08-11 Thread Jose María Zaragoza
2016-08-10 14:29 GMT+02:00 Lazar Kirchev :
> Hello Christopher,
>
> I tried with 32 MB and even 24 MB heap and the CPU usage and response time
> remained the almost the same (the difference is negligible) as with 1 GB
> heap. The cumulative allocated memory for the HeapByteBuffer remains about
> 400 MB, but of course the frequency of GCs is increased.


A newbie question:

if you tried with 32 MB ( I guess -Xmx size ) , why is not raised an OOM error ?
are those 400MB allocated outside heap ?

Thanks

>
> Regards,
> Lazar
>
> On Tue, Aug 9, 2016 at 7:27 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Lazar,
>>
>> On 8/9/16 8:40 AM, Lazar Kirchev wrote:
>> > Hello! When handling requests which make use of request dispatcher,
>> > Tomcat 7.0.70 allocates more memory in comparison to 7.0.69. This
>> > seems to come from the encoding of the path introduced with this
>> > change http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/
>> > apache/catalina/core/ApplicationContext.java?r1=1741024=1741023
>> hrev=
>> >
>> >
>> 1741024
>> > 5 requests to a very simple servlet which only gets a request
>> > dispatcher for some path lead to allocation of about 400 MB.
>> > However, after a GC they are freed and this actually does not
>> > influence CPU or response time. Has anybody noticed this effect and
>> > what do you think about it?
>>
>> What happens if you set the heap size very low (e.g. 32MiB) and run
>> the same test? Does the memory usage grow to 400MiB, or does the
>> request performance start to degrade?
>>
>> I'm curious if you are just seeing the effect of the GC doing its job
>> correctly.
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIcBAEBCAAGBQJXqgSPAAoJEBzwKT+lPKRY6+8P/2vzkhQJkPKjYAFln5wkbPp7
>> lbIVDvcH5546ch4nTQsrMPiUT/m71wwDytn6qOMzP9dIbAXjC3tBJI+nqDthkZyQ
>> ScmIi2A93JQl0aOHrMzCuS3cFk0sNdwK3n2sk8ZcFd5/KZ5cwxkyeUqwiRVbU5bA
>> MjJsEiq+r7Vgo6V3mAxMwaKS7mwLc1hcgJMrhJA8gjfeHzxhzeG0mcrIGrg5cGvl
>> mTHLovt9x1ts4KNApdt4DUSg+Yt3Fx/Gj1aoL1x1KbPM9VIJSb52IG/03WPMxIkq
>> fSM71fbZHpjZy19uV+e50sHzM0fg96RsrlQ7m5Uvjgqkz6zxNYlsX3tC0z1E7oEr
>> wq1Qi0C3dCbRe6vqnN3znYg+DyrlZ/R+qO8+35GD3ljiiDuJLpevYFNVjNceFn1Y
>> Qno6W8/2Dp1eHTxaAAVY4hhbdZyzLgxD+lOu+THkOnoZwx8Bw8TXStHIdbwtMfSz
>> 9jGuZU4W/t9uTgW6ZnauS16v2EKUbicFY9L5FB3vrRUi1qm+pYVMUdQoZtVl2yL6
>> ZoDTEZTGzvpNUoJLGDzWjp9QkXkVGIrgM7+uYXIDcMUn7QrmLLab7oGJO1pLuAlz
>> 9BJiLpjqja5eAHp/Bz1ud5ZZhBaNECJIqhkjma/+LAC1Meullf3ct4FRmL8aGfUz
>> m0ntWlqyXwr6EbmRjbFE
>> =FTq+
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: jdbc check available database

2016-08-09 Thread Jose María Zaragoza
2016-08-09 10:52 GMT+02:00 Andrea Galli :
> Thank you Christoph , but in this how-to there isn't any example for SQL
> Server.

This is my configuration (context.xml) for a SQL Server connection pool



You need a SQL Server JDBC driver


>
> -Messaggio originale-
> Da: Christoph Nenning [mailto:christoph.nenn...@lex-com.net]
> Inviato: martedì 2 agosto 2016 09:44
> A: Tomcat Users List 
> Oggetto: Re: jdbc check available database
>
>> Hello guys,
>>
>> I’ve SQL Server database with Tomcat 7 and, when I restart only
> database,
>>  webapps on Tomcat didn’t works , it show me error to connect to
> database ..
>>
>> In webapp context I use jdbc driver for connect, so there is a kind of
>> method for retry to connect to database when it return available?
>>
>>
>>
>
> Hi,
>
> I suggest to use a DataSource instead of dealing with jdbc connections on
> your own.
>
> see:
> http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html
>
>
> Regards,
> Christoph
>
>
> This Email was scanned by Sophos Anti Virus
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Multiple SSL config with single IP on Tomat 8.5.4

2016-08-04 Thread Jose María Zaragoza
2016-08-04 17:17 GMT+02:00 Kent Smotherman :
> From: Mark Thomas 
> To: Tomcat Users List 
> Cc:
> Date: Wed, 3 Aug 2016 15:49:12 -0700
> Subject: Re: Multiple SSL config with single IP on Tomcat 8.5.4
> On 03/08/2016 15:05, Kent Smotherman wrote:
>> I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a
> single
>> IP. My relevant server.xml looks like this:
>>
>> >connectionTimeout="2"
>>URIEncoding="UTF-8"
>>redirectPort="9443" />
>> >maxThreads="150" scheme="https" secure="true" hostName="
>> firstnationalsculpturepark.com"
>>clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
>> firstnationalsculpturepark.com"
>>>
>> 
>> > certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>>certificateKeystorePassword="xxx"
>>certificateKeyAlias="firstnationalsculpturepark"
>> />
>>  
>> 
>>
>> This gives me this error on startup:
>>
>> 03-Aug-2016 16:47:04.541 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'hostName' to 'firstnationalsculpturepark.com' did not find a matching
>> property.
>>
>> I'm not sure what I'm doing wrong, as the hostName property is indicated
> in
>> the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
>> then causes an error trying to find the default keystore file since it
>> isn't using the one I've specified, but that is expected.)
>
> Take another look at the error messge. It is complaining about an
> invalid attribute on the Connector, not the SSLHostConfig.
>
> Mark
>
> ---
>
> Thanks! I removed the hostName attribute from the Connector, and now all I
> have left is the same error complaining that it cannot find .keystore, when
> it should be looking for twinfeats.keystore:
>
>  protocol="org.apache.coyote.http11.Http11NioProtocol"
>maxThreads="150" scheme="https" secure="true"
>clientAuth="false" sslProtocol="TLS"
>defaultSSLHostConfigName="www.twinfeats.com">
>   
>   certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>certificateKeystorePassword="takara36"
>certificateKeyAlias="firstnationalsculpturepark"
>   />
>   
>   
>   certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>certificateKeystorePassword="x"
>certificateKeyAlias="twinfeats"
>   />
>   
> 
>
> And the error:
>
> 04-Aug-2016 10:01:16.755 SEVERE [main]
> org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
> type [JKS] with path [/home/twinfeats/.keystore] due to
> [/home/twinfeats/.keystore (No such file or directory)]
>  java.io.FileNotFoundException: /home/twinfeats/.keystore (No such file or
> directory)
>
> I've reviewed my server.xml as excerpted above, but I don't see any
> remaining silly mistakes.  Any clues?


According doc:

"certificateKeystoreFile

The pathname of the keystore file where you have stored the server
certificate and key to be loaded. By default, the pathname is the file
.keystore in the operating system home directory of the user that is
running Tomcat. If your keystoreType doesn't need a file use "" (empty
string) or NONE for this parameter. **Relative paths will be resolved
against $CATALINA_BASE**. A URL may also be used for this attribute."

I would try a relative path


PD: I wonder why the same keystore has got different
certificateKeystorePassword

>
> Thanks!
>
> Kent

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Multiple domian names one web site different content

2016-03-04 Thread Jose María Zaragoza
Maybe my question does't have to do with current thread ( an probably
doesn't have any sense at all) but :

would be possible to define "VirtualHost" according the destination port ?
I know that VirtualHost diferent domain name, but i want to keep the
same domain name
and to define
2 connectors , listening on 8080 and 8081
Requests to 8080 go to /webapps-app1 and requests to 8081 go to /webapps-app2

is it possible in a only one Tomcat instance ? or  I need to configure
2 tomcat instances ?

Thanks and regards






2016-03-04 19:11 GMT+01:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Andrew,
>
> On 3/4/16 7:44 AM, Andrew Hardy wrote:
>> New to web servers.
>
> Welcome.
>
>> This may be a spring MVC question rather than tomcat, I'm not
>> sure.
>>
>> I understand I can map multiple domains to a single ip address
>> using DNS.  I have read some stuff on how to set up multiple
>> virtual hosts on the same host (ip address) on tomcat which
>> requests can be diverted to depending on which domain name was used
>> to make the request.
>>
>> Alternatively I am wondering about not having multiple virtual
>> hosts (which I am guessing would be more useful if there was
>> significant difference between between the sites) but have a single
>> site which has a single layout structure etc but serves up
>> specifically tailored content from a selected content store BASED
>> on the domain used to make the request.
>>
>> Is this anything to do with tomcat or do I have to some how tell
>> which domain was used when the http session is begun and set which
>> content at that point using spring MVC.  Perhaps the (first)
>> request / session includes the domain used and I so need to access
>> that programatically?
>
> You mean one single instance of the application that handles the
> hostname of the request to make decisions? Sounds good, and doesn't
> really involve Tomcat.
>
> If you have a session contained in a single web application, you could
> either store the initial server hostname in the session and use that
> until the session ends, or you could always pull the hostname from
> each incoming request. Presumably, it won't be changing. Or, you could
> cross-check those hostnames and maybe change configuration or complain
> and log the user out in that event.
>
> Again, not much to do with Tomcat, which will just route all
> appropriate requests to your application.
>
>> Is there a reason for this situation that I should not do things
>> the way I suggest? but should use multiple "identical duplicate"
>> web sites (virtual hosts) apart from each of which being hard coded
>> to access a specific content store?
>
> For me, it always comes down to complexity. If you know you can do
> this with a webapp-per-domain, then that's certainly a possibility but
> you'll need more heap space for multiple web applications, and so you
> might not scale as well.
>
> On the other hand, you may have to significantly re-work your web
> application to be able to handle one-single-webapp that can
> auto-switch configuration based upon the client's server-hostname. If
> that's the case, then running a single-application represents more
> risk -- at least for now.
>
> If I were designing things from scratch and I knew I'd be supporting
> marge numbers of configurations, I'd go with the
> single-webapp-instance approach because it's more scalable.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbZz9oACgkQ9CaO5/Lv0PD0mQCfShH1CZqKimD+mwBpOJimFMvt
> qpgAni7S3D76ekXUrChiIfHZKRisUOsK
> =jNpf
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Cors-Filter

2016-02-26 Thread Jose María Zaragoza
2016-02-26 9:08 GMT+01:00 RICHARD DOUST :
> My question is, why doesn't it work, or, how can I debug it?

Are you tested to allow to all origins (default option) ? Only for
testing purpose, I mean:

cors.allowed.origins
*

At first sight, your settings should work, but ...


> I guess I'm going to have to figure out how to get the code for org.apache 
> associated with the jar file so that I can see the source in Eclipse and set 
> a breakpoint.
> I have read elsewhere that any http page that attempts to mix in https 
> content is as insecure as the page that uses http exclusively, being subject 
> to man in the middle attacks and that once you need https everything needs to 
> be https, but in a large SPA, that seems to me to mean a lot of potentially 
> unnecessary overhead. I'd like to know what some experts think.
>
> Thanks
>
> Sent from my iPad
>
>> On Feb 26, 2016, at 2:42 AM, André Warnier (tomcat)  wrote:
>>
>>> On 25.02.2016 22:59, RICHARD DOUST wrote:
>>> Hi,
>>>
>>> I’m running Tomcat 7.0. Can’t find the version.bat file, so I don’t know 
>>> more than that. It’s installed on a Windows computer running Windows Server 
>>> 2003 DataCenter Edition. (How’s that for refusing to upgrade?) Anyway, it’s 
>>> a client’s box. I’m trying to migrate an application to JavaScript from 
>>> GWT, but that’s beside the point. The problem is, I’m unable to send an 
>>> XMLHttpRequest to this Tomcat instance via https. The site is being served 
>>> by the same domain, but via http.
>>>
>>> I get:
>>>
>>> Failed to load resource: Origin http://www.domain.com is not allowed by 
>>> Access-Control-Allow-Origin.   
>>> https://www.domain.com/application/api/request
>>> XMLHttpRequest cannot load https://www.domain.com/application/api/reqeuest. 
>>> Origin http://www.domain.com is not allowed by Access-Control-Allow-Origin.
>>>
>>> This is an excerpt my web.xml file for the war:
>>>

CorsFilter
org.apache.catalina.filters.CorsFilter

cors.allowed.origins
 http://www.domain.com, 
 http://beta.domain.com:8080, http://localhost:8080
 

cors.allowed.methods
GET,POST,HEAD,OPTIONS,PUT

  


 CorsFilter
 /api/*

>>>
>>>
>>> I’d like to debug this, but I don’t know how to go about it. Am I suffering 
>>> from a basic misunderstanding? Does cors not allow http to https? Anyway, 
>>> any help would be appreciated.
>>>
>>
>> Honestly, I don't know much about CORS, but I looked at the specs, here :
>> http://tools.ietf.org/html/rfc6454 (*)
>> and it seems to me indeed that in
>> 3.2, Q: Why not just use the host?,
>> it indeed says that the scheme "http" or "https", is part of the origin.
>> I interpret this as meaning that if the HTML page was obtained from 
>> "http://www.domain.com;, a call made from within it, to 
>> "https://www.domain.com; would not qualify as "from the same origin".
>>
>> Further in 3.2.1, it gives some examples :
>>
>> Each of the following resources has a different origin from the
>>   others.
>>
>>   http://example.com/
>>   http://example.com:8080/
>>   http://www.example.com/
>>   https://example.com:80/
>>   https://example.com/
>>   http://example.org/
>>
>>
>> (*) pointed at by the on-line Tomcat documentation :
>> https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
>> -> cors.allowed.origins -> "origin"
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Detecting Expired Session via JavaScript?

2015-12-01 Thread Jose María Zaragoza
2015-12-01 18:30 GMT+01:00 Jerry Malcolm :
> I'm looking for a way to detect that the current session has expired (or
> logged out via another tab on the browser).  I know I could just issue dummy
> requests to the server and see if a login page comes back.  But issuing
> requests automatically resets the session timer.

Only if the request goes to the same application.
You can create a HttpSessionListener who saves some info on a shared
store when session is expired.
Anothe REST service could check the status of the session when is
requested by your page

You only need to think the way to map  Tomcat session with REST
requests ( a random string created on load page  and store it in a
local javascript variable and sent to server when logging in ? I don't
know )




I need a benign way to
> query that doesn't keep the session alive forever.
>
> I'm sure this problem has been solved before.  But basically, I want to know
> that the session is no longer valid and force the user back to the login
> page.  I know one possibility is to set the Tomcat timer to 30 min
> expiration, and then keep a '29 minute' timer running in the browser.  But
> my clients can change the tomcat session timer length.  And also this
> doesn't account for a logoff using the same session on a different browser
> tab.  I'd really like a pro-active query method if anything like that
> exists.
>
> Suggestion?
>
> Thanks.
>
> Jerry
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Detecting Expired Session via JavaScript?

2015-12-01 Thread Jose María Zaragoza
2015-12-01 19:17 GMT+01:00 Jose María Zaragoza <demablo...@gmail.com>:
> 2015-12-01 18:30 GMT+01:00 Jerry Malcolm <techst...@malcolms.com>:
>> I'm looking for a way to detect that the current session has expired (or
>> logged out via another tab on the browser).  I know I could just issue dummy
>> requests to the server and see if a login page comes back.  But issuing
>> requests automatically resets the session timer.
>
> Only if the request goes to the same application.
> You can create a HttpSessionListener who saves some info on a shared
> store when session is expired.
> Anothe REST service could check the status of the session when is
> requested by your page


Other option is to use Comet long polling ( requires servlet 3.x )
with an only one event sent by server to browser :session expired
When browser receives it, stop polling until user is logged in again

Or websockets ...



>
> You only need to think the way to map  Tomcat session with REST
> requests ( a random string created on load page  and store it in a
> local javascript variable and sent to server when logging in ? I don't
> know )
>
>
>
>
> I need a benign way to
>> query that doesn't keep the session alive forever.
>>
>> I'm sure this problem has been solved before.  But basically, I want to know
>> that the session is no longer valid and force the user back to the login
>> page.  I know one possibility is to set the Tomcat timer to 30 min
>> expiration, and then keep a '29 minute' timer running in the browser.  But
>> my clients can change the tomcat session timer length.  And also this
>> doesn't account for a logoff using the same session on a different browser
>> tab.  I'd really like a pro-active query method if anything like that
>> exists.
>>
>> Suggestion?
>>
>> Thanks.
>>
>> Jerry
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [PROPOSAL] Tomcat Webinar series

2015-11-12 Thread Jose María Zaragoza
2015-11-12 23:29 GMT+01:00 Mark Thomas :
> All,
>
> I've been wondering if there would be any interest in a Tomcat Webinar
> series. I'm thinking ~10 minutes of presentation followed by Q on
> topics of interest to this community with the webinars taking place
> every 1/2/4 weeks depending on interest. The webinars would also be
> recorded and uploaded somewhere - probably youtube - and linked from
> tomcat.apache.org.


+1



>
> My initial thoughts on possible topics are:
>
> - Intro to Tomcat 9 (the first milestone release is in progress as
>   I type this)
>
> - TLS virtual hosting with Tomcat 9
>
> - Generating TLS keys for Tomcat
>
> - HTTP/2 and Tomcat 9
>
> - Connector selection: BIO vs NIO vs NIO2 vs APR
>
> - Proxy protocol choice HTTP vs AJP
>
> Other topics as requested by the users@ community.
>
> Presenters would be one of the Tomcat committers. Obviously, I'm happy
> to do these but I hope some of my fellow committers will agree to do
> some presentations as well.
>
> Thoughts, feedback, topic suggestions welcome.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Question for posgresq, and jdbc.jar placement.

2015-10-22 Thread Jose María Zaragoza
2015-10-22 18:26 GMT+02:00 Christopher Schultz <ch...@christopherschultz.net>:
> Ognjen,
>
> On 10/22/15 9:10 AM, Ognjen Blagojevic wrote:
>> Jose & Chris,
>>
>> On 21.10.2015 20:47, Christopher Schultz wrote:
>>> Jose,
>>>
>>> On 10/21/15 7:33 AM, Jose María Zaragoza wrote:
>>>> IMHO
>>>>
>>>> $CATALINA_HOME/lib  would be the right place
>>>
>>> +1
>>
>> Are you willing to elaborate why do you prefer $CATALINA_HOME instead of
>> $CATALINA_BASE?
>>
>> I don't have multiple Tomcat instances running, but I still split
>> $CATALINA_HOME and $CATALINA_BASE to different directories in order to
>> make Tomcat upgrades easier. Everything that is different from original
>> installation goes to $CATALINA_BASE (bin/setenv.sh, conf/*, logs,
>> webapp, etc... as well as additional jars including lib/(jdbc).jar. Thus
>> when I upgrade Tomcat and change $CATALINA_HOME I don't have to think
>> about additional jars.
>
> Our build process auto-builds CATALINA_BASE and so it's (marginally)
> more convenient to have it in CATALINA_HOME. We also have 4 applications
> running on each server from the same CATALINA_HOME and different
> CATALINA_BASEs, but they all use the same JDBC driver.
>
> IMHO, it doesn't matter which one you use. I would have +1'd Jose
> whichever one he said.

Cool !

>Honestly, CATALINA_BASE is probably much better,
> since it won't interfere with other applications that might not need the
> driver, or might require a different version, etc.

Honestly I've never needed to use CATALINA_BASE
But I 've a question

every instance uses only its CATALINA_BASE directories or there is any
kind of delegation hierachy for libraries ?

For example,if my webapp doesn't find a jar file on $CATALINA_BASE/lib
, doest it search on $CATALINA_HOME/lib ?

Regards




>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Question for posgresq, and jdbc.jar placement.

2015-10-21 Thread Jose María Zaragoza
2015-10-21 13:19 GMT+02:00 Andrew Davis :

> Ok, I'm embarrassed.
>
> I've got a UBUNTU (GUI included) install of Tomcat7 installed from command
> line.
>
> Inside my machine I have what looks like two locations that play a key
> role.
>
> OPTION 1 for the jdbc.jar file?
>   I think that this is the "$CATALINA" base
>   Path:  usr/share/tomcat7
>  Folders Inside: (bin, common, conf, lib, log, server, shared)
>  Files Inside: (defaults.md5sum, defaults.template,
> logrotate.md5sum, logrotate.template)
>
> OPTION 2 for the jdbc.jar file?
>  I'm not sure if this would be the "$CATALINA" home
>  Path: var/lib/tomcat7
>  Folders Inside: (common, conf, logs, server, shared, webapps,
> work)
>  **When I upload a .war file from the
> http://localhost/manager/html interface it is placed in the "webapps"**
>
>
>
Probably you have symbolic links in /usr/share/tomcat7
Have a look

ls -lrt tomcat7




>
> OPTION 3 for the jdbc.jar file?***  *This is working, but I am going
> to write multiple apps which would use this .jar file.
> do I just include multiple copies of the .jar, or is there a central place
> to put it (please no jokes here).
> [image: Inline image 2]
>


IMHO

$CATALINA_HOME/lib  would be the right place





>
>
> Andy...
>


Re: Multiple JSESSIONID cookies being presented.

2015-09-09 Thread Jose María Zaragoza
2015-09-09 18:08 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>:
>> -Original Message-
>> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
>> Sent: Tuesday, September 08, 2015 4:58 PM
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Subject: RE: Multiple JSESSIONID cookies being presented.
>>
>> > From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>> > Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> > > Thanks for the clarification of what's supposed to happen on
>> receipt, Jose.
>> > > However, I am describing what happens on first contact from the
>> client to the server.
>> > > The browser sends https://hostname/APP2, and Tomcat returns:
>> > > JSESSIONID=, path=/and   JSESSIONID=, path=/APP2/
>>
>> > Indeed, it doesn't make sense for me to return different id (  ,
>> >  ) if you are accesing to only one context (/APP2)
>>
>> > Are you sure that your webapp deployed in /APP2 is not accesing to
>> > resources ( session-aware resources as JSP, servlet, .. .I mean)
>> > stored in ROOT context ?
>>
>> As I think someone previously mentioned, the client (browser) may well
>> be sending an unsolicited request to the default webapp, such as when
>> trying to retrieve favicon.ico.  You might want to run Fiddler or
>> Wireshark on the client to see exactly what's being sent to the server.
>>
>
> And there's no way to keep a browser from asking for the favicon.ico file 
> from the root.
> We don't have one, so I would expect a 404 is sent, which looking at the 
> access log file is what happens.
> However, is this the issue?  I tested this doing a manual 
> https://hostname/favicon.ico and see that we also return our root app's error 
> page. We also seem to be doing that for the auto-generated request, judging 
> by the bytes returned value, even though it won't get displayed.
> And I bet that the error page is setting the session cookie for some reason.
> Does that sound reasonable?

If you write https://hostname/favicon.ico into your browser's url address bar
does it return a JSESSIONID ?
If it does , why do your error html page is creating a HTTP session ?
Is it a error.jsp ?





> Is my solution just providing a favicon.ico file?
> Jeff
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ServletRequest.getRemoteHost() not working when Tomcat is behind Nginx (Nginx as a reverse proxy)

2015-09-08 Thread Jose María Zaragoza
2015-09-08 21:22 GMT+02:00 Brian :
> Hi,
>
>
>
> First of all, I'm using:
>
> - Tomcat 7.0.50
>
> - Nginx 1.4.7
>
>
>
> When I use Tomcat alone, ServletRequest.getRemoteHost()
> (http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getRe
> moteHost()
>  moteHost())>  )  works fine. But when Tomcat is behind Nginx (Nginx acting
> as a reverse proxy), it does not.
>
> Just to make myself clear, this is the architecture I'm talking about:
>
>
>
> Client -> Nginx (as a reverse proxy) -> Tomcat.
>
>
>
> The problem is that ServletRequest.getRemoteHost() gives me the hostname of
> the proxy itself (meaning Nginx) and not that of the client.
>
>
>
> I was able to get the IP address of the visitor (and not that of the host
> where Nginx is running) doing this on Nginx:
>
>
>
> server {
>
> listen 80;
>
> server_name www.acme.com acme.com;
>
> location / {
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> <--- This line did the trick
>
> proxy_set_header Host $http_host;
>
> proxy_pass http://152.53.163.220:80/;
>
> }
>
> }
>
>
>
> And then inspecting the content of the "X-Forwarded-For" header in my java
> programming. But what do I do to obtain the remote hostname? I guess it is
> something similar, but I haven't found a solution. What I want to know is:
>
> - Exactly what configuration do I need in Nginx
>
> - Exactly what do I do from Java to obtain the value.

Why not do you perform a reverse DNS lookup by code ? Something like :

InetAddress addr = InetAddress.getByName("xx.xx.xx.xx");
String host = addr.getCanonicalHostName();
System.out.println(host);

You only need to extract 'X-Forwarded-For' header from request  and
execute that piece of code


Regards

>
>
>
> Thanks in advance,
>
>
>
> Brian
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ServletRequest.getRemoteHost() not working when Tomcat is behind Nginx (Nginx as a reverse proxy)

2015-09-08 Thread Jose María Zaragoza
2015-09-08 22:10 GMT+02:00 Brian <brian...@emailbb.com>:
> Hello José,
>
> That’s a nice idea indeed (A VERY NICE ONE!), but an extra work because of 
> the networking effort. I'm talking about a site that can get hundreds of 
> requests per second.

But you would want to execute ServletRequest.getRemoteHost() in every
request , right ? That was your question.
I don't know how is the Tomcat 6's ServletRequest.getRemoteHost()
implementation , but I guess it's not very different to my code

Regards




>
> Since Nginx has access to this information, I bet there must be a way to pass 
> it to Tomcat the same way the IP address can be passed! But for some reason I 
> can't find it and I have spent quite some time looking for it.
>
> Thanks a lot!
>
>
>> -Original Message-
>> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>> Sent: martes, 08 de septiembre de 2015 02:58 p.m.
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Subject: Re: ServletRequest.getRemoteHost() not working when Tomcat is
>> behind Nginx (Nginx as a reverse proxy)
>>
>> 2015-09-08 21:22 GMT+02:00 Brian <brian...@emailbb.com>:
>> > Hi,
>> >
>> >
>> >
>> > First of all, I'm using:
>> >
>> > - Tomcat 7.0.50
>> >
>> > - Nginx 1.4.7
>> >
>> >
>> >
>> > When I use Tomcat alone, ServletRequest.getRemoteHost()
>> >
>> (http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getRe
>> > moteHost()
>> >
>> <http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getRe
>> > moteHost())>  )  works fine. But when Tomcat is behind Nginx (Nginx acting
>> > as a reverse proxy), it does not.
>> >
>> > Just to make myself clear, this is the architecture I'm talking about:
>> >
>> >
>> >
>> > Client -> Nginx (as a reverse proxy) -> Tomcat.
>> >
>> >
>> >
>> > The problem is that ServletRequest.getRemoteHost() gives me the hostname of
>> > the proxy itself (meaning Nginx) and not that of the client.
>> >
>> >
>> >
>> > I was able to get the IP address of the visitor (and not that of the host
>> > where Nginx is running) doing this on Nginx:
>> >
>> >
>> >
>> > server {
>> >
>> > listen 80;
>> >
>> > server_name www.acme.com acme.com;
>> >
>> > location / {
>> >
>> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> > <--- This line did the trick
>> >
>> > proxy_set_header Host $http_host;
>> >
>> > proxy_pass http://152.53.163.220:80/;
>> >
>> > }
>> >
>> > }
>> >
>> >
>> >
>> > And then inspecting the content of the "X-Forwarded-For" header in my java
>> > programming. But what do I do to obtain the remote hostname? I guess it is
>> > something similar, but I haven't found a solution. What I want to know is:
>> >
>> > - Exactly what configuration do I need in Nginx
>> >
>> > - Exactly what do I do from Java to obtain the value.
>>
>> Why not do you perform a reverse DNS lookup by code ? Something like :
>>
>> InetAddress addr = InetAddress.getByName("xx.xx.xx.xx");
>> String host = addr.getCanonicalHostName();
>> System.out.println(host);
>>
>> You only need to extract 'X-Forwarded-For' header from request  and
>> execute that piece of code
>>
>>
>> Regards
>>
>> >
>> >
>> >
>> > Thanks in advance,
>> >
>> >
>> >
>> > Brian
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Multiple JSESSIONID cookies being presented.

2015-09-08 Thread Jose María Zaragoza
2015-09-08 22:57 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>:
>> -Original Message-----
>> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>> Sent: Tuesday, September 08, 2015 9:08 AM
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> 2015-09-08 15:51 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>:
>> >> -Original Message-
>> >> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> >> Sent: Friday, September 04, 2015 12:46 PM
>> >> To: Tomcat Users List <users@tomcat.apache.org>
>> >> Subject: Re: Multiple JSESSIONID cookies being presented.
>> >>
>> >> -BEGIN PGP SIGNED MESSAGE-
>> >> Hash: SHA256
>> >>
>> >> Jeffrey,
>> >>
>> >> On 9/4/15 12:37 PM, Jeffrey Janner wrote:
>> >> > I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but I'm
>> >> > also seeing this on Windows (version doesn't matter), with Tomcat
>> >> > 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java 7U51.
>> >> >
>> >> > I have 2 contexts installed in Tomcat, one is ROOT, the other
>> >> > APP2. Both contexts start off at a login screen unique to the
>> >> > context and provided by it (not using container auth).
>> >> >
>> >> > When I connect to ROOT, no problem, but when I connect to APP2, I
>> >> > get 2 JSESSIONID cookies, one with the path "/" and the other with
>> >> > the path "/APP2/".
>> >>
>> >> I would expect this behavior: you have one ROOT app (cookie path=/)
>> >> and one APP2 app (cookie path=/APP2). Your browser will send both
>> >> cookies to /APP2 because / is a prefix of /APP2.
>> >>
>> > Chris -
>> > I wanted to come back to this case.
>> > Why is the above "expected behavior"?
>> > The client is connecting directly as "https://hostname/APP2; and never
>> going directly to the ROOT app, yet gets both JSESSIONIDs from Tomcat on
>> first connection.  To me, this seems like a bug.
>> > Only being an admin, I've not fully read the spec, so not sure if the
>> above is really expected behavior.
>>
>>
>> http://www.ietf.org/rfc/rfc2109.txt
>>
>> The following rules apply to choosing applicable cookie-values from
>>among all the cookies the user agent has.
>>
>> Domain Selection
>> The origin server's fully-qualified host name must domain-match
>> the Domain attribute of the cookie.
>>
>>Path Selection
>> The Path attribute of the cookie must match a prefix of the
>> request-URI.
>>
>>Max-Age Selection
>> Cookies that have expired should have been discarded and thus
>> are not forwarded to an origin server.
>>
>>If multiple cookies satisfy the criteria above, they are ordered in
>>the Cookie header such that those with more specific Path attributes
>>precede those with less specific.  Ordering with respect to other
>>attributes (e.g., Domain) is unspecified.
>>
>>
>>
> Thanks for the clarification of what's supposed to happen on receipt, Jose.
> However, I am describing what happens on first contact from the client to the 
> server.
> The browser sends https://hostname/APP2, and Tomcat returns:
> JSESSIONID=, path=/and   JSESSIONID=, path=/APP2/

Sorry, I misunderstood
IMHO, that behaviour is strange .
Indeed, it doesn't make sense for me to return different id (  ,
 ) if you are accesing to only one context (/APP2)

Are you sure that your webapp deployed in /APP2 is not accesing to
resources ( session-aware resources as JSP, servlet, .. .I mean)
stored in ROOT context ?


>
> My contention is that it shouldn't be sending the first one, since it should 
> never route the request to the ROOT app, so it should not be generating a 
> cookie for it.
>
> However, taking what you say above at face value, are you saying that HaProxy 
> should only be forwarding the cookie with path=/APP2/ or should it forward 
> all of them and let Tomcat figure it out.

I don't know.
In a later email, I talked you about using another cookie ( SRV_ID )
to balance between backend servers. This feature is implemented by HA
Proxy ( 1.5 at least )


>
> Jeff

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Multiple JSESSIONID cookies being presented.

2015-09-08 Thread Jose María Zaragoza
2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Sent: Friday, September 04, 2015 12:46 PM
>> To: Tomcat Users List 
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Jeffrey,
>>
>> On 9/4/15 12:37 PM, Jeffrey Janner wrote:
>> > I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but I'm
>> > also seeing this on Windows (version doesn't matter), with Tomcat
>> > 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java 7U51.
>> >
>> > I have 2 contexts installed in Tomcat, one is ROOT, the other
>> > APP2. Both contexts start off at a login screen unique to the
>> > context and provided by it (not using container auth).
>> >
>> > When I connect to ROOT, no problem, but when I connect to APP2, I
>> > get 2 JSESSIONID cookies, one with the path "/" and the other with
>> > the path "/APP2/".
>>
>> I would expect this behavior: you have one ROOT app (cookie path=/)
>> and one APP2 app (cookie path=/APP2). Your browser will send both
>> cookies to /APP2 because / is a prefix of /APP2.
>>
> Chris -
> I wanted to come back to this case.
> Why is the above "expected behavior"?
> The client is connecting directly as "https://hostname/APP2; and never going 
> directly to the ROOT app, yet gets both JSESSIONIDs from Tomcat on first 
> connection.  To me, this seems like a bug.
> Only being an admin, I've not fully read the spec, so not sure if the above 
> is really expected behavior.


http://www.ietf.org/rfc/rfc2109.txt

The following rules apply to choosing applicable cookie-values from
   among all the cookies the user agent has.

Domain Selection
The origin server's fully-qualified host name must domain-match
the Domain attribute of the cookie.

   Path Selection
The Path attribute of the cookie must match a prefix of the
request-URI.

   Max-Age Selection
Cookies that have expired should have been discarded and thus
are not forwarded to an origin server.

   If multiple cookies satisfy the criteria above, they are ordered in
   the Cookie header such that those with more specific Path attributes
   precede those with less specific.  Ordering with respect to other
   attributes (e.g., Domain) is unspecified.



> Now, it's been doing this since at least Tomcat 6, I have one running now, 
> and I've never had a problem with it using direct connections.  But now we 
> are front-ending with HaProxy and going to two backend tomcats, and using the 
> JSESSIONID to support sticky-sessions.  I'm afraid the multiple cookies is 
> confusing HaProxy. (Yes, I'm going to ask that user community.)
> Jeff
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Multiple JSESSIONID cookies being presented.

2015-09-08 Thread Jose María Zaragoza
2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Sent: Friday, September 04, 2015 12:46 PM
>> To: Tomcat Users List 
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Jeffrey,
>>
> Now, it's been doing this since at least Tomcat 6, I have one running now, 
> and I've never had a problem with it using direct connections.  But now we 
> are front-ending with HaProxy and going to two backend tomcats, and using the 
> JSESSIONID to support sticky-sessions.  I'm afraid the multiple cookies is 
> confusing HaProxy. (Yes, I'm going to ask that user community.)
> Jeff


You could use another cookie to implement stickyness

"You can add a cookie SOME-COOKIE-NAME prefix directive into the
backend. Then simply add the cookie directive within each server. Then
HAProxy will append a cookie (or add onto an existing one) a
identifier for each server. This cookie will be sent back in
subsequent requests from the client, letting HAProxy know which server
to send the request to. This looks like the following:"

backend nodes
# Other options above omitted for brevity
 cookie SRV_ID prefix
server web01 127.0.0.1:9000 cookie check
server web02 127.0.0.1:9001 cookie check
server web03 127.0.0.1:9002 cookie check


https://serversforhackers.com/load-balancing-with-haproxy

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: validationQuery doesn't work (DBCP 7.0.59)

2015-06-23 Thread Jose María Zaragoza
2015-06-15 17:59 GMT+02:00 Christopher Schultz ch...@christopherschultz.net:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Jose,

 It looks like your issue is mostly solved...

 On 6/15/15 4:42 AM, Jose María Zaragoza wrote:
 I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4

 The context.xml settings are


 Resource auth=Container type=javax.sql.DataSource [...]
 timeBetweenEvictionRunsMillis=0/

 Are you sure you want to do this? The docs don't say anything about
 the value of 0, though one might reasonably expect that this
 disables eviction runs.

 The default for testWhileIdle is false, which means that the
 default value of timeBetweenEvictionRunsMillis is not relevant.


sure ?
I was following the guide in this link:
http://www.codingpedia.org/ama/tomcat-jdbc-connection-pool-configuration-for-production-and-development/

timeBetweenEvictionRunsMillis  0 AND removeAbandoned=true AND
removeAbandonedTimeout  0 means the pool sweeper is enabled.

I want to be sure that eviction thread of inactive thread is not executed .
is that paragrah false ?

Regards





 I would remove this unnecessary configuration, or you may confuse
 people (or yourself) into thinking that it has an actual meaning.

 - -chris
 -BEGIN PGP SIGNATURE-
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJVfvZnAAoJEBzwKT+lPKRYCG8QALcZ6KqFWYxB3YZSr49R+pGx
 a3PZwLWO/FabNjkqRy1t2N3/mMJBDFRmwUOw1II+jPpgDl8E6X3cuyyYBBFl1YnU
 08CJIbKeNclUq6coU52/huvESTCaqa/q+YxknJRq9JFla5yDZlSNQFbQ1QiY/Ei0
 YtcZrzgzRIzeYTVrTlYkb1kuZouKU2KL2DCVS9NoY+s/R5ZSjAs+O4Cpg6V5BcuO
 oEhrwijaQ8+yVWAzGt9+s9j0ohf40ryUcbFB86uY3O4TmebMMZEBMvmTPJ/dpVqt
 GJYCDnr3nLfe6FTr7IK8YinFaWRAJ8U/h0JPs1OthJn1ZiLvLy2N5JeK+YAtx0oI
 l2dxkKr5COFU+DzslUjhiF6/AQJElA/ldqZYJKWeDUJ2oQaEyicPRkdvgknDIjcu
 vNJidFEWZ/4LA48D0OnQ9HLAWYUmXXeiTYXtxWekxpv5RSTL9xZh4rGylWvnbZXi
 WpZxl66RCmk1Lfe5VEIt8jWtRydOOYR4CnBkFoMZj4vSuOysnspnaHMAblEsJuUW
 u02MVC7ZxzG+FepQAMoriQKaEdih1cPNRj3y2Dq2cWZW82RpwS8CoLzgZi9FlSkg
 rPXWpsQ5OJNVmnhdAPaaEHKwIGxObScJZnBVFZgPzU7DRbh7q0SMQexIgnSB5blj
 kEnwEfkaLRF295pU+APM
 =OTjA
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: validationQuery doesn't work (DBCP 7.0.59)

2015-06-15 Thread Jose María Zaragoza
2015-06-15 11:39 GMT+02:00 Mark Thomas ma...@apache.org:
 On 15/06/2015 09:42, Jose María Zaragoza wrote:
 Hello:


 I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4

 The context.xml settings are


 Resource auth=Container type=javax.sql.DataSource
   factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
   driverClassName=org.postgresql.Driver
   initialSize=0  maxActive=100 maxIdle=20
 maxWait=1 mindIdle=0
   name=datasource/bbdd password=fake 
 removeAbandoned=true

 url=jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3amp;loadBalanceHosts=false
   username=foo validationQuery=SELECT 1
 testOnBorrow=true timeBetweenEvictionRunsMillis=0/


 I've configured JDBC driver in failover mode ( as you can see in URL
 definition )

 When I test this configuration ( I stop/start databases but , at
 least, there is one running ) , sometimes I'm getting this error
 message:


 org.apache.ibatis.exceptions.PersistenceException:
 ### Error querying database.  Cause:
 org.postgresql.util.PSQLException: This connection has been closed.

 How is it possible if testOnBorrow=true and validationQuery=SELECT 1 ?

 Application borrows connection.
 You shut down database.
 Application uses connection.


Not really.
Paste logs

1) Performs query

2015/06/15 12:20:22.379 INFO [getData] - Getting record from database id:0
2015/06/15 12:20:22.379 DEBUG [JdbcTransaction] [openConnection] -
Opening JDBC Connection
2015/06/15 12:20:22.613 DEBUG [JdbcTransaction] [setDesiredAutoCommit]
- Setting autocommit to false on JDBC Connection
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:22.613  DEBUG [queryData] [debug] - ooo Using
Connection 
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:22.613 DEBUG [queryData] [debug] - ==  Preparing:
SELECT * FROM data WHERE id = ? ORDER BY autoid DESC LIMIT 1
2015/06/15 12:20:22.613 DEBUG [queryData] [debug] - == Parameters: 0(String)
2015/06/15 12:20:22.847  DEBUG [queryData] [debug] - ==  Total: 1
2015/06/15 12:20:22.847DEBUG [JdbcTransaction] [resetAutoCommit] -
Resetting autocommit to true on JDBC Connection
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:23.065 DEBUG [JdbcTransaction] [close] - Closing JDBC
Connection 
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]


2) Stop database

3) Performs query again


2015/06/15 12:20:28.801 INFO [getDatosIVRCRM] - Getting record from
database id:0
2015/06/15 12:20:28.801 DEBUG [JdbcTransaction] [openConnection] -
Opening JDBC Connection
2015/06/15 12:20:28.801  DEBUG [JdbcTransaction]
[setDesiredAutoCommit] - Setting autocommit to false on JDBC
Connection 
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:28.802 DEBUG [queryData] [debug] - ooo Using
Connection 
[ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
2015/06/15 12:20:28.802  DEBUG [queryDatosIVRCRM] [debug] - ==
Preparing: SELECT * FROM data WHERE id = ? ORDER BY autoid DESC LIMIT
1
2015/06/15 12:20:28.802 DEBUG [queryData] [debug] - == Parameters: 0(String)
2015/06/15 12:20:28.802  [getData] - [EXCEPTION]
org.apache.ibatis.exceptions.PersistenceException:
### Error querying database.  Cause:
org.postgresql.util.PSQLException: This connection has been closed.


Both queries are executed by different thread ( http thread )

One important thing:

if I wait 20 seconds between calls, *the second one works fine* . I
dont know why
Looks like the validationQuery check doesn't detect that the
connection is broken . I don't know what response is waiting to mark
as OK that pooled connection


Regards


















 How I can debug if validationQuery is working as I want  ?

 Check your database logs.

 Mark


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: validationQuery doesn't work (DBCP 7.0.59)

2015-06-15 Thread Jose María Zaragoza
2015-06-15 13:09 GMT+02:00 Mark Thomas ma...@apache.org:
 On 15/06/2015 11:39, Jose María Zaragoza wrote:
 2015-06-15 11:39 GMT+02:00 Mark Thomas ma...@apache.org:
 On 15/06/2015 09:42, Jose María Zaragoza wrote:
 Hello:


 I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4

 The context.xml settings are


 Resource auth=Container type=javax.sql.DataSource
   factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
   driverClassName=org.postgresql.Driver
   initialSize=0  maxActive=100 maxIdle=20
 maxWait=1 mindIdle=0
   name=datasource/bbdd password=fake 
 removeAbandoned=true

 url=jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3amp;loadBalanceHosts=false
   username=foo validationQuery=SELECT 1
 testOnBorrow=true timeBetweenEvictionRunsMillis=0/


 I've configured JDBC driver in failover mode ( as you can see in URL
 definition )

 When I test this configuration ( I stop/start databases but , at
 least, there is one running ) , sometimes I'm getting this error
 message:


 org.apache.ibatis.exceptions.PersistenceException:
 ### Error querying database.  Cause:
 org.postgresql.util.PSQLException: This connection has been closed.

 How is it possible if testOnBorrow=true and validationQuery=SELECT 1 ?

 Application borrows connection.
 You shut down database.
 Application uses connection.


 Not really.

 Look at the logs again. The same connection object is being used before
 and after you stop the database.


Right, because Tomcat DBCP gives the same connection.
And it shouldn't because that connection should be validated before.


 It looks more like the application is hanging onto the connection for an
 extended period of time (which defeats the point of using a connection
 pool in the first place).

I'm sure that it doesn't. The application doesn't keep any connection
. Ask to Tomcat DBCP for a connection when it needs to execute any
query
Doesn't make sense to keep a pool of pooled connections



 Paste logs

 1) Performs query

 2015/06/15 12:20:22.379 INFO [getData] - Getting record from database id:0
 2015/06/15 12:20:22.379 DEBUG [JdbcTransaction] [openConnection] -
 Opening JDBC Connection
 2015/06/15 12:20:22.613 DEBUG [JdbcTransaction] [setDesiredAutoCommit]
 - Setting autocommit to false on JDBC Connection
 [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
 2015/06/15 12:20:22.613  DEBUG [queryData] [debug] - ooo Using
 Connection 
 [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
 2015/06/15 12:20:22.613 DEBUG [queryData] [debug] - ==  Preparing:
 SELECT * FROM data WHERE id = ? ORDER BY autoid DESC LIMIT 1
 2015/06/15 12:20:22.613 DEBUG [queryData] [debug] - == Parameters: 0(String)
 2015/06/15 12:20:22.847  DEBUG [queryData] [debug] - ==  Total: 1
 2015/06/15 12:20:22.847DEBUG [JdbcTransaction] [resetAutoCommit] -
 Resetting autocommit to true on JDBC Connection
 [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
 2015/06/15 12:20:23.065 DEBUG [JdbcTransaction] [close] - Closing JDBC
 Connection 
 [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]


 2) Stop database

 3) Performs query again


 2015/06/15 12:20:28.801 INFO [getDatosIVRCRM] - Getting record from
 database id:0
 2015/06/15 12:20:28.801 DEBUG [JdbcTransaction] [openConnection] -
 Opening JDBC Connection
 2015/06/15 12:20:28.801  DEBUG [JdbcTransaction]
 [setDesiredAutoCommit] - Setting autocommit to false on JDBC
 Connection 
 [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
 2015/06/15 12:20:28.802 DEBUG [queryData] [debug] - ooo Using
 Connection 
 [ProxyConnection[PooledConnection[org.postgresql.jdbc4.Jdbc4Connection@a7429f]]]
 2015/06/15 12:20:28.802  DEBUG [queryDatosIVRCRM] [debug] - ==
 Preparing: SELECT * FROM data WHERE id = ? ORDER BY autoid DESC LIMIT
 1
 2015/06/15 12:20:28.802 DEBUG [queryData] [debug] - == Parameters: 0(String)
 2015/06/15 12:20:28.802  [getData] - [EXCEPTION]
 org.apache.ibatis.exceptions.PersistenceException:
 ### Error querying database.  Cause:
 org.postgresql.util.PSQLException: This connection has been closed.


 Both queries are executed by different thread ( http thread )

 One important thing:

 if I wait 20 seconds between calls, *the second one works fine* . I
 dont know why

 Which suggests that the application hands the connection back during
 that 20 second period.

 Looks like the validationQuery check doesn't detect that the
 connection is broken .

 I see zero evidence to support that assumption.

 Mark


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail

Re: validationQuery doesn't work (DBCP 7.0.59)

2015-06-15 Thread Jose María Zaragoza
2015-06-15 16:35 GMT+02:00 Daniel Mikusa dmik...@pivotal.io:
 On Mon, Jun 15, 2015 at 4:42 AM, Jose María Zaragoza demablo...@gmail.com
 wrote:

 Hello:


 I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4

 The context.xml settings are


 Resource auth=Container type=javax.sql.DataSource
   factory=org.apache.tomcat.jdbc.pool.DataSourceFactory

   driverClassName=org.postgresql.Driver
   initialSize=0  maxActive=100 maxIdle=20
 maxWait=1 mindIdle=0
   name=datasource/bbdd password=fake
 removeAbandoned=true


 url=jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3amp;loadBalanceHosts=false
   username=foo validationQuery=SELECT 1
 testOnBorrow=true timeBetweenEvictionRunsMillis=0/


 I've configured JDBC driver in failover mode ( as you can see in URL
 definition )

 When I test this configuration ( I stop/start databases but , at
 least, there is one running ) , sometimes I'm getting this error
 message:


 org.apache.ibatis.exceptions.PersistenceException:
 ### Error querying database.  Cause:
 org.postgresql.util.PSQLException: This connection has been closed.

 How is it possible if testOnBorrow=true and validationQuery=SELECT 1 ?


 Try setting validationInterval to a lower value.  It defaults to 30s, which
 means it will only run the query once per 30s.

 http://tomcat.apache.org/tomcat-8.0-doc/jdbc-pool.html#Tomcat_JDBC_Enhanced_Attributes


You got it !

Thanks
Now I need to understand which is the best value ( in performance terms )


Regards






 How I can debug if validationQuery is working as I want  ?


 1.) Start Tomcat, make sure the app is working.
 2.) Stop the DB.
 3.) Your app should stop working, since it can't get a connection.  Also,
 any pooled connections will now be bad.
 4.) Start the DB.
 5.) Your app should be working again.  If the pool is configured properly
 as your app requests connections, it should remove the bad connections and
 replace them with new ones.

 Dan





 Thanks and regards

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



validationQuery doesn't work (DBCP 7.0.59)

2015-06-15 Thread Jose María Zaragoza
Hello:


I'm using Tomcat 7.0.59 and PostgreSQL JDBC driver 9.4-1201-jdbc4

The context.xml settings are


Resource auth=Container type=javax.sql.DataSource
  factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
  driverClassName=org.postgresql.Driver
  initialSize=0  maxActive=100 maxIdle=20
maxWait=1 mindIdle=0
  name=datasource/bbdd password=fake removeAbandoned=true

url=jdbc:postgresql://localhost:,localhost:5432,localhost:5433/bbdd?LoginTimeout=3amp;loadBalanceHosts=false
  username=foo validationQuery=SELECT 1
testOnBorrow=true timeBetweenEvictionRunsMillis=0/


I've configured JDBC driver in failover mode ( as you can see in URL
definition )

When I test this configuration ( I stop/start databases but , at
least, there is one running ) , sometimes I'm getting this error
message:


org.apache.ibatis.exceptions.PersistenceException:
### Error querying database.  Cause:
org.postgresql.util.PSQLException: This connection has been closed.

How is it possible if testOnBorrow=true and validationQuery=SELECT 1 ?
How I can debug if validationQuery is working as I want  ?


Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [SECURITY] CVE-2014-0230: Apache Tomcat DoS

2015-05-06 Thread Jose María Zaragoza
2015-05-06 0:53 GMT+02:00 Mark Thomas ma...@apache.org:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 CVE-2014-0230 Denial of Service

 Severity: Low

 Vendor: The Apache Software Foundation

 Versions Affected:
 - - Apache Tomcat 8.0.0-RC1 to 8.0.8
 - - Apache Tomcat 7.0.0 to 7.0.54
 - - Apache Tomcat 6.0.0 to 6.0.43

 Description:
 When a response for a request with a request body is returned to the
 user agent before the request body is fully read, by default Tomcat
 swallows the remaining request body so that the next request on the
 connection may be processed.


I'm trying to understand when that behaviour is happening
When is a response returned before the request body is fully read ?
What happens when  the remaining request body is read ?

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [SECURITY] CVE-2014-0230: Apache Tomcat DoS

2015-05-06 Thread Jose María Zaragoza
2015-05-06 13:59 GMT+02:00 Mark Thomas ma...@apache.org:
 On 06/05/2015 09:14, André Warnier wrote:
 Jose María Zaragoza wrote:
 2015-05-06 0:53 GMT+02:00 Mark Thomas ma...@apache.org:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 CVE-2014-0230 Denial of Service

 Severity: Low

 Vendor: The Apache Software Foundation

 Versions Affected:
 - - Apache Tomcat 8.0.0-RC1 to 8.0.8
 - - Apache Tomcat 7.0.0 to 7.0.54
 - - Apache Tomcat 6.0.0 to 6.0.43

 Description:
 When a response for a request with a request body is returned to the
 user agent before the request body is fully read, by default Tomcat
 swallows the remaining request body so that the next request on the
 connection may be processed.


 I'm trying to understand when that behaviour is happening
 When is a response returned before the request body is fully read ?
 What happens when  the remaining request body is read ?


 Guess for Q1 : when the original request's target is an area which
 requires authentication, and the request is not ?

 Yes that is one case. Generally these are error conditions. Either
 Tomcat or the app knows after reading the headers (and maybe the first
 part of the response body) exactly what the response is going to be and
 that the rest of the request body can be skipped. Although Tomcat
 ignores the remainder of the body it needs to read it as most clients
 don't read the response until the client has fully written the request
 (which means Tomcat has to read it).

 Q2 : That is explained in the message : it is discarded.
 It's just that it may be very large (and/or slow), and Tomcat may have a
 thread busy for a while reading it to the end.

 Exactly. The only reason this gets classed as a DoS (and it was on the
 border of being/not being a vulnerability is that Tomcat didn't place
 any limit on how much data it would read and ignore. There are easier
 ways to DoS a Tomcat server than use this vector.

 Mark


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Great. Thanks

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Web filter to forward some requests to another remote webserver

2015-01-15 Thread Jose María Zaragoza
2015-01-14 22:03 GMT+01:00 Christopher Schultz ch...@christopherschultz.net:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Jose,

 On 1/14/15 3:54 PM, Jose María Zaragoza wrote:
 2015-01-14 20:05 GMT+01:00 Christopher Schultz
 ch...@christopherschultz.net: Jose,

 On 1/14/15 8:27 AM, Jose María Zaragoza wrote:
 2015-01-14 12:46 GMT+01:00 André Warnier a...@ice-sa.com:
 Jose María Zaragoza wrote:

 Hello:

 I would like to create a web filter to forward some
 requests to another webserver,

 The filter receives an
 application/x-www-form-urlencoded request , inspects
 the value of a parameter and chooses to forward to
 another remote webserver ( as a proxy )


 Thanks

 I agree with you . I'll try to use an Apache httpd front-end

 Anyway, I've seen that if I execute

 MapString, String[] parameter = ((HttpServletRequest)
 request).getParameterMap();

 , then request.getInputStream is empty


 But if I execute

 MapString, String[] parameter = ((HttpServletRequest)
 request).getParameterMap(); chain.doFilter(request,
 response);

 , the next filter in the chain receives the body ( as I
 expect it )

 I don't understand this behaviour

 I think that might be a bug... calling
 HttpServletRequest.getParameter* should cause the request entity to
 be parsed, as long as the content type is
 application/x-www-form-urlencoded. I think getParameterMap counts,
 but I'd have to review the spec  javadoc (where some fun spec
 requirements are hidden!).

 Anyhow, when you call HttpServletRequest.getParameter*, the
 container *must* consume the request, according to the spec.


 Thanks.

 In my case, all requests to be forwarded are POST requests  (
 and content type is application/x-www-form-urlencoded ) According
 to your reply, if I've got a chain of filters and the first one
 calls getParameterMap , do the next filters lose the content of
 the payload ?

 Correct. Once the request entity has been read (which happens when you
 call request.getParameter*), it's no longer available to the application.

 I tested to call several times to getParameterMap method on the
 same webfilter and it always returned the right values. Looks
 like getParameterMap doesn't consume() payload, but ... if I call
 getInputStream() after getParameterMap() , the stream is empty

 I'm using Tomcat 7.0.50 and I cannot understand the logic of
 this

 Interesting. I find that surprising... I'll look into that.


Some things are sure:

- getParameterMap() consumes the payload ( at least in POST
application/x-www-form-urlencoded requests )

- consecutives calls to request.getParameterMap() ( same filter or the
next one )  always return the data.

So, looks like getParameterMap()  implements some kind of cache
I guess this is specific for servlet spec implementation in Tomcat ,
so it wouldn't be portable





 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUttm6AAoJEBzwKT+lPKRYcSAP/jxIW6s7nsU+aI/XLVW02bxp
 Nqb6qkZAVuyvpLRxi6UXDIINR00jb06+ijaz21fLn0F3G0KNQXDPmKi+jcC6zX1P
 rB6pJsbfJQYGfkZ0pdF12q+WzFwq1CQbJ4fFlK6WDtKxzoo4XKjlFHwByEPU4yKU
 GgyEGX+OD0hIh6nzPyC5pR1iXBLC25f9rsqrlOL+S4sN2MXYLZlHUuBgqN0dOoqH
 MN4r5WaaDBQVhadMmi8PScZm3iFMwdjFro7ry4FOuqB5uH6cV6oLIpfzP6F9cTQ2
 AUKiL1z6m5VdzsTbtJN0LwqvbILECClcrXJK1OCDL/Uzj04uqCL/+r88mVdjswAJ
 lacktHZzF+oPoY2oDDgMAPZTuPlr6nM2D4LETVYpSpUZIGWlJsDmNF/Fe7MAcAo6
 ZoC16FSYDTDpEIwXmNzEgWRMn0400DLmdLaS+zO5Sr2h3EI793qVok8Q44yE2Tg8
 Um7AdcpBhPzinbXK/OZMoj0YwcBmQDwo4Srdz1hxABc2VG+siCUu1NbwDa3qU+Tx
 8Spi1d3Wpnbv2Vuw+1oNnD79EsH1Q3ookRoQTn9B3GDsr7FWs+WZAlSDQERRe+nR
 84qswLpAWIC63Geqr3pH4Trsxaa+ge4RX66J8u6vIGYGaxsKJWblqsj02o19Y+O0
 hu9eG7FK+q7/+7NR7cj5
 =mRkw
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Web filter to forward some requests to another remote webserver

2015-01-14 Thread Jose María Zaragoza
2015-01-14 20:05 GMT+01:00 Christopher Schultz ch...@christopherschultz.net:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Jose,

 On 1/14/15 8:27 AM, Jose María Zaragoza wrote:
 2015-01-14 12:46 GMT+01:00 André Warnier a...@ice-sa.com:
 Jose María Zaragoza wrote:

 Hello:

 I would like to create a web filter to forward some requests
 to another webserver,

 The filter receives an application/x-www-form-urlencoded
 request , inspects the value of a parameter and chooses to
 forward to another remote webserver ( as a proxy )


 Thanks

 I agree with you . I'll try to use an Apache httpd front-end

 Anyway, I've seen that if I execute

 MapString, String[] parameter = ((HttpServletRequest)
 request).getParameterMap();

 , then request.getInputStream is empty


 But if I execute

 MapString, String[] parameter = ((HttpServletRequest)
 request).getParameterMap(); chain.doFilter(request, response);

 , the next filter in the chain receives the body ( as I expect it
 )

 I don't understand this behaviour

 I think that might be a bug... calling
 HttpServletRequest.getParameter* should cause the request entity to be
 parsed, as long as the content type is
 application/x-www-form-urlencoded. I think getParameterMap counts, but
 I'd have to review the spec  javadoc (where some fun spec
 requirements are hidden!).

 Anyhow, when you call HttpServletRequest.getParameter*, the container
 *must* consume the request, according to the spec.


Thanks.

In my case, all requests to be forwarded are POST requests  ( and
content type is application/x-www-form-urlencoded )
According to your reply, if I've got a chain of filters and the first
one calls getParameterMap , do the next filters lose the content of
the payload ?

I tested to call several times to getParameterMap method on the same
webfilter and it always returned the right values.
Looks like getParameterMap doesn't consume() payload, but ... if I
call getInputStream() after getParameterMap() , the stream is empty

I'm using Tomcat 7.0.50 and I cannot understand the logic of this


Regards


 If you want to
 pull-in the request entity, you'll have to read it yourself using
 HttpServletRequest.getInputStream / HttpServletRequest.getReader. That
 means parsing it yourself, buffering it yourself, etc. You also get to
 wrap the request and re-supply the buffered request to the local web
 application should you choose to process it locally instead of proxy
 it remotely.

 Also note that Tomcat supplies some response headers itself that
 cannot be overridden, so you can't be a completely-transparent reverse
 proxy. Keep that in mind if you decide to go down this road...

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUtr3zAAoJEBzwKT+lPKRYDzkP/1XM5y72x41YBG56xgcvzsV6
 wQ1S5TLuEvzPGPBAR7sFWv+qCeZecIJ9WvkBTgaKiPm4Dn8rxLCvf34yaNTsHg7P
 D0POXQrON36lZmUfg9utIySv4L0Y88MCFpdEkJr38ENTOK7bhAGsNK6kITeR2rXJ
 z8XOOmMVgMYSGKqbUK3gbBKpifdr0fuSobcDPnJkOv751e63/jMzf0IBI2z3tQhe
 xsXEd3JaCjguzOIXBCgbXaZUxEk3EgBjHm3xlHX1GEYSIwr/PHqyTtK4a82r25Ny
 dhWbMsQc8hV018helpTVPj9ae0IUQXaDTsP+aXgXOwrzKXu1pLpMGeXjery54uwY
 gJG32tMfNKLVikiq5xIKBHObzplei/jHjDn66w9Z0W3SZiGhtg9xDynpgqFPxKHY
 iv/m5bwO0jPEUU7Yq99uu+jMwfJJDIWtWSKKrQ3IzmxJ6uNsiPhKX2jfTUn3wJ19
 9q9ur/fER9nB9q4GAjUUVVe07Z4NH9ofPvXTKJExklpH64nCx99zmBYqXcLdsaxb
 2uGJcl6bu7sKWm0GzL7+kSnvFhOfkfM9mDoVgNbxKyJEHRcurA91PL2DguEOuUtV
 g9pXrY+Sfd2siq2K1O1TX7wPOebNc/HFIWPux6rtGXB8/pc3XPhaM2UwlxpHfLzp
 YyN10GOrc+HacHHbtwHs
 =vczy
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Web filter to forward some requests to another remote webserver

2015-01-14 Thread Jose María Zaragoza
Hello:

I would like to create a web filter to forward some requests to
another webserver,

The filter receives an application/x-www-form-urlencoded request ,
inspects the value of a parameter and chooses to forward to another
remote webserver ( as a proxy )

I've seen some posts where they open a HttpURLConnection to remote
server and send the request. This is right for me, but I'd would like
if there is another way ( easier ) to implement it.

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Web filter to forward some requests to another remote webserver

2015-01-14 Thread Jose María Zaragoza
2015-01-14 12:46 GMT+01:00 André Warnier a...@ice-sa.com:
 Jose María Zaragoza wrote:

 Hello:

 I would like to create a web filter to forward some requests to
 another webserver,

 The filter receives an application/x-www-form-urlencoded request ,
 inspects the value of a parameter and chooses to forward to another
 remote webserver ( as a proxy )


Thanks

I agree with you . I'll try to use an Apache httpd front-end

Anyway, I've seen that if I execute

MapString, String[] parameter = ((HttpServletRequest)
request).getParameterMap();

, then request.getInputStream is empty


But if I execute

MapString, String[] parameter = ((HttpServletRequest)
request).getParameterMap();
chain.doFilter(request, response);

, the next filter in the chain receives the body ( as I expect it )

I don't understand this behaviour


Regards




 I've seen some posts where they open a HttpURLConnection to remote
 server and send the request. This is right for me, but I'd would like
 if there is another way ( easier ) to implement it.


 Hi.

 The only easier way is to do your proxying before the request even gets to
 Tomcat (e.g. via an Apache httpd front-end, which conditionally proxies to
 Tomcat or to the other webserver).  That is easier, because Apache httpd
 already has well-tested and widely-used proxy modules built-in.  But of
 course it depends on whether the Apache front-end would be able to test the
 parameter you are referring to.
 (It can do that kind of thing via Apache directives such as SetEnvIf, and
 via mod_rewrite).

 For Tomcat, there is no such ready-made Proxy webapp available, so you have
 to do it yourself.
 That can be relatively simple or quite complicated, depending on what the
 requests are and what the proxied-to application is like.
 There was a thread on this list a couple of days ago which was related to a
 similar case.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: META-INF/context.xml and deploy issue (web.xml removed?)

2014-12-04 Thread Jose María Zaragoza
2014-12-04 9:48 GMT+01:00 m...@ow2.org m...@ow2.org:
 Hi,

 Is anyone can help me to find out what I am missing ?
 Thanks

Hi:

I asked a similar question time ago

http://grokbase.com/t/tomcat/users/13chhkj0qx/modify-content-in-meta-inf-context-xml

I hope it helps you

Regards





 Le 02/12/2014 10:36, m...@ow2.org a écrit :
 Hello,

 I'm facing an issue with tomcat 6. In order to setup a JDNI, we
 added a context.xml file to our application (XWiki) in the
 already-deployed folder webapps/xwiki/META-INF/ and configured the
 existing webapps/xwiki/WEB-INF/web.xml accordingly.

 update of web.xml triggered the app reload which is expected.

 At this point I wanted to adjust the database configuration, ie by
 modifying webapps/xwiki/META-INF/context.xml. When I do this the
 changes are not taken into account because the file
 Catalina/localhost/xwiki.xml is not overwritten by Tomcat.

 The solution that came into my mind has been to force Tomcat to
 update the file bt deleting Catalina/localhost/xwiki.xml - which
 has indeed make Tomcat undeploy and deploy the app again.

 Here are my questions: 1) As there is no war file involved, what
 does undeploy and deploy means ? What is being done exactly ?

 2) Why is the file webapps/xwiki/WEB-INF/web.xml is missing, after
 I remove xwiki.xml and the app is redeployed ? (no web.xml = no
 deployment so at the moment I have to manually restore a backup of
 this file)

 Thanks !




 --
 Martin

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: How to access Sessions outside of class

2014-10-28 Thread Jose María Zaragoza
2014-10-28 13:44 GMT+01:00 Jason Ricles jgr...@alum.lehigh.edu:

 Martin,

 I can not use hazelcast due to regulations I have to abide by, is where any
 other built in way besides sockets that will allow me to share data between
 the two processes?


You could use an embedded ( or not ) messaging broker ( like ActiveMQ ) .
Or any kind of in-memory database




 On Tue, Oct 28, 2014 at 8:24 AM, Martin Grigorov martin.grigo...@gmail.com
 wrote:

  Hi,
 
  In this case you will have to share the data between the processes.
  A simple and easy solution would be to use http://hazelcast.com/, for
  example.
 
  On Tue, Oct 28, 2014 at 2:06 PM, Jason Ricles jgr...@alum.lehigh.edu
  wrote:
 
   No,
  
   it is external as in it is running in a daemon on a linux machine where
  the
   tomcat server is also running.
  
   On Tue, Oct 28, 2014 at 4:35 AM, Johan Compagner jcompag...@servoy.com
   wrote:
  


 I would like to be able to access my sessions from an external java
class,
 however each time I do sessionList.getsize() it keeps coming back as
  0,
but
 there is an active sessions. Is there any way I can access the active
 sessions in tomcat from an external java class?

 Jason

   
What is an external java class? Is it in the same class loader? so it
  is
just part of the webapplication?
then the above approach should work fine
   
   
--
Johan Compagner
Servoy
   
  
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ChunkedInputFilter: No data available due to previous error

2014-10-17 Thread Jose María Zaragoza
2014-10-15 13:33 GMT+02:00 Jose María Zaragoza demablo...@gmail.com:


 Hello:

 I'm using Tomcat 6.0.24 and sometimes I'm getting an IOException like :

 Caused by: java.io.IOException: No data available due to previous error
 at
 org.apache.coyote.http11.filters.ChunkedInputFilter.checkError(ChunkedInputFilter.java:588)
 ~[tomcat-coyote-6.0.24.jar:na]
 at
 org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:153)
 ~[tomcat-coyote-6.0.24.jar:na]
 at
 org.apache.coyote.http11.InternalInputBuffer.doRead(InternalInputBuffer.java:710)
 ~[tomcat-coyote-6.0.24.jar:na]
 at org.apache.coyote.Request.doRead(Request.java:428)
 ~[tomcat-coyote-6.0.24.jar:na]
 at
 org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:304)
 ~[catalina-6.0.24.jar:na]
 at
 org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:405)
 ~[tomcat-coyote-6.0.24.jar:na]
 at
 org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:327)
 ~[catalina-6.0.24.jar:na]
 at
 org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:162)
 ~[catalina-6.0.24.jar:na]
 at org.apache.cxf.helpers.IOUtils.copy(IOUtils.java:154)
 ~[cxf-api-2.7.8.jar:2.7.8]
 at org.apache.cxf.helpers.IOUtils.copy(IOUtils.java:104)
 ~[cxf-api-2.7.8.jar:2.7.8]
 at
 org.apache.cxf.helpers.IOUtils.copyAndCloseInput(IOUtils.java:110)
 ~[cxf-api-2.7.8.jar:2.7.8]
 at
 org.apache.cxf.interceptor.LoggingInInterceptor.logging(LoggingInInterceptor.java:158)
 ~[cxf-api-2.7.8.jar:2.7.8]
 ... 24 common frames omitted


 I cannot see the request that throws this error
 I don't know if it's caused by a malformed request

 The requests (which are fine )  usually are POST requests with

 Http-Method: POST
 Content-Type: text/xml; charset=utf-8
 Headers: {Accept=[text/html, image/gif, image/jpeg, */*; q=.2],
 connection=[Keep-Alive], content-type=[text/xml; charset=utf-8],
 host=[x.x.x.x], transfer-encoding=[chunked], user-agent=[Java1.6.0_20]}

 Could be a malformed request ? How I could see it ? ( I guess tcpdump ...)
 Any known bug in 6.0.24 ?

 Thanks





Hello:

Finally this issue was caused by a malformed chunked request

Regards


ChunkedInputFilter: No data available due to previous error

2014-10-15 Thread Jose María Zaragoza
Hello:

I'm using Tomcat 6.0.24 and sometimes I'm getting an IOException like :

Caused by: java.io.IOException: No data available due to previous error
at
org.apache.coyote.http11.filters.ChunkedInputFilter.checkError(ChunkedInputFilter.java:588)
~[tomcat-coyote-6.0.24.jar:na]
at
org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:153)
~[tomcat-coyote-6.0.24.jar:na]
at
org.apache.coyote.http11.InternalInputBuffer.doRead(InternalInputBuffer.java:710)
~[tomcat-coyote-6.0.24.jar:na]
at org.apache.coyote.Request.doRead(Request.java:428)
~[tomcat-coyote-6.0.24.jar:na]
at
org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:304)
~[catalina-6.0.24.jar:na]
at
org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:405)
~[tomcat-coyote-6.0.24.jar:na]
at
org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:327)
~[catalina-6.0.24.jar:na]
at
org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:162)
~[catalina-6.0.24.jar:na]
at org.apache.cxf.helpers.IOUtils.copy(IOUtils.java:154)
~[cxf-api-2.7.8.jar:2.7.8]
at org.apache.cxf.helpers.IOUtils.copy(IOUtils.java:104)
~[cxf-api-2.7.8.jar:2.7.8]
at
org.apache.cxf.helpers.IOUtils.copyAndCloseInput(IOUtils.java:110)
~[cxf-api-2.7.8.jar:2.7.8]
at
org.apache.cxf.interceptor.LoggingInInterceptor.logging(LoggingInInterceptor.java:158)
~[cxf-api-2.7.8.jar:2.7.8]
... 24 common frames omitted


I cannot see the request that throws this error
I don't know if it's caused by a malformed request

The requests (which are fine )  usually are POST requests with

Http-Method: POST
Content-Type: text/xml; charset=utf-8
Headers: {Accept=[text/html, image/gif, image/jpeg, */*; q=.2],
connection=[Keep-Alive], content-type=[text/xml; charset=utf-8],
host=[x.x.x.x], transfer-encoding=[chunked], user-agent=[Java1.6.0_20]}

Could be a malformed request ? How I could see it ? ( I guess tcpdump ...)
Any known bug in 6.0.24 ?

Thanks


Re: Why is my Tomcat connection getting terminated/closed?!!

2014-06-17 Thread Jose María Zaragoza


 Hi,

 The issue still isnt resolved .I have tried putting in
 validationquery,testOnborrow ,and removeabandoned=true.

Are you try

testOnReturn = true

?

Looks like if when Apache Solr closes resources, and it requires to
close the database connection, something has already closed the
underlying connection .
Maybe if DBCP test it before , the connection be evicted

But I got this
 exception :

 java.sql.SQLException: Already closed.
 at
 org.apache.tomcat.dbcp.dbcp.PoolableConnection.close(PoolableConnection.java:84)
 at
 org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.close(PoolingDataSource.java:189)
 at
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.closeResources(Unknown
 Source)
 at
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.hasnext(Unknown
 Source)

 Another interesting thing to note is that I set removeAbandoned=false,and
 now I get the same exception with a different reason:

 Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset
 at
 com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1368)
 at
 com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1355)
 at com.microsoft.sqlserver.jdbc.TDSChannel.read(IOBuffer.java:1532)
 at
 com.microsoft.sqlserver.jdbc.TDSReader.readPacket(IOBuffer.java:3274)
 at
 com.microsoft.sqlserver.jdbc.TDSReader.nextPacket(IOBuffer.java:3227)
 at
 com.microsoft.sqlserver.jdbc.TDSReader.ensurePayload(IOBuffer.java:3203)
 at
 com.microsoft.sqlserver.jdbc.TDSReader.readBytes(IOBuffer.java:3518)
 at
 com.microsoft.sqlserver.jdbc.TDSReader.readWrappedBytes(IOBuffer.java:35


 Help appreciated folks!

 Regards

 Aniket

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Why is my Tomcat connection getting terminated/closed?!!

2014-05-21 Thread Jose María Zaragoza
2014-05-21 13:28 GMT+02:00 Aniket Bhoi aniket.b...@gmail.com:
 On Tue, May 20, 2014 at 5:28 PM, Daniel Mikusa dmik...@gopivotal.comwrote:

 On May 20, 2014, at 7:47 AM, Aniket Bhoi aniket.b...@gmail.com wrote:

  It has been working perfectly fine thus far.As far as i have analysed
 there
  have been no changes to the firewall or database settings.I will however
  try and implement your suggestion to setup a validation query.

 1.) Don’t top post.  Reply inline, like this, or at the bottom.  This is
 the convention we follow on this list.

 2.) The fact that you have not recently changed your firewall or database
 settings doesn’t really mean much.  The problem may have not happened
 before because it just didn’t get triggered.  From the db / firewall side,
 what commonly causes this is a timeout.  The connection is open and idle
 for too long and either the DB server or firewall disconnects it.  Perhaps
 the connections just haven’t idled long enough until now.

 3.) It’s generally good practice to have a validation query / testOnBorrow
 (or one of the other tests) enabled.  If you didn’t have this before, you
 should consider adding it regardless of the problem.  It can help with
 other things too.

 Dan


I  checked the code and the server settings,and We already have
 validation query and testOnBorrow in place.We found out from our data
 management team,that there have been many sleeping connections from the
 tomcat servers to the database.

 Sleeping threads =
 http://dinesql.blogspot.in/2010/07/sql-server-sleeping-status-and.html

 We got those connection threads killed just to make sure there the
 connection pool limit isnt breached.However even after cleaning up those
 connection threads to the DB ,we still gett the same exception.

 Aniket

Another option is to set testOnReturn=true.
As your problem is closing connections already closed ,test them
before returning them to pool.
Maybe it works.







 
 
  On Tue, May 20, 2014 at 5:12 PM, Daniel Mikusa dmik...@gopivotal.com
 wrote:
 
  On May 20, 2014, at 7:35 AM, Aniket Bhoi aniket.b...@gmail.com wrote:
 
  I have Apache Solr,hosted on my apache Tomcat Server
 
  Details:
 
  Tomcat version:
  Apache Tomcat/6.0.18
 
  This is really, really old.  You should upgrade.
 
 
  OS details
  SUSE Linux Enterprise Server 11 (x86_64)
  VERSION = 11
  PATCHLEVEL = 1
 
  While running indexing on this server,It failed.
 
  Log excerpt:
  SEVERE: Can not close connection
  java.sql.SQLException: Already closed.
 
  Hard to say why this is happening (database server setting, firewall,
 bad
  code, etc.) but something is closing the connection and not telling the
  pool.  You can work around this by setting a validation query on your
  connection pool and enabling “testOnBorrow”.  That will instruct the
 pool
  to check connections before they are given out.  Bad connections will be
  closed and replaced, if needed.
 
  Dan
 
at
 
 
 org.apache.tomcat.dbcp.dbcp.PoolableConnection.close(PoolableConnection.java:84)
at
 
 
 org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.close(PoolingDataSource.java:189)
at
 
 
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.closeResources(Unknown
  Source)
at
 
 
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.hasnext(Unknown
  Source)
at
 
 
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.access$500(Unknown
  Source)
at
 
 
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator$1.hasNext(Unknown
  Source)
at
  org.apache.solr.handler.dataimport.EntityProcessorBase.getNext(Unknown
  Source)
at
  org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(Unknown
  Source)
at
 
 
 org.apache.solr.handler.dataimport.ThreadedEntityProcessorWrapper.nextRow(Unknown
  Source)
at
 
 
 org.apache.solr.handler.dataimport.DocBuilder$EntityRunner.runAThread(Unknown
  Source)
at
 
 
 org.apache.solr.handler.dataimport.DocBuilder$EntityRunner.access$000(Unknown
  Source)
at
 
 org.apache.solr.handler.dataimport.DocBuilder$EntityRunner$1.run(Unknown
  Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
  Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
  Source)
at java.lang.Thread.run(Unknown Source)
 
 
  I suspect this to be an issue with the tomcat connection thread to the
  database being terminated/timed out.
 
  Need help as to why this is happening!.
 
  Regards
 
  Aniket
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Why is my Tomcat connection getting terminated/closed?!!

2014-05-20 Thread Jose María Zaragoza
2014-05-20 13:42 GMT+02:00 Daniel Mikusa dmik...@gopivotal.com:
 On May 20, 2014, at 7:35 AM, Aniket Bhoi aniket.b...@gmail.com wrote:

 I have Apache Solr,hosted on my apache Tomcat Server

 Details:

 Tomcat version:
 Apache Tomcat/6.0.18

 This is really, really old.  You should upgrade.


 OS details
 SUSE Linux Enterprise Server 11 (x86_64)
 VERSION = 11
 PATCHLEVEL = 1

 While running indexing on this server,It failed.

 Log excerpt:
 SEVERE: Can not close connection
 java.sql.SQLException: Already closed.

 Hard to say why this is happening (database server setting, firewall, bad 
 code, etc.) but something is closing the connection and not telling the pool. 
  You can work around this by setting a validation query on your connection 
 pool and enabling “testOnBorrow”.  That will instruct the pool to check 
 connections before they are given out.  Bad connections will be closed and 
 replaced, if needed.

My first search:

http://stackoverflow.com/questions/16331959/java-sql-sqlexception-already-closed







 Dan

at
 org.apache.tomcat.dbcp.dbcp.PoolableConnection.close(PoolableConnection.java:84)
at
 org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.close(PoolingDataSource.java:189)
at
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.closeResources(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.hasnext(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.access$500(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator$1.hasNext(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.EntityProcessorBase.getNext(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.ThreadedEntityProcessorWrapper.nextRow(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.DocBuilder$EntityRunner.runAThread(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.DocBuilder$EntityRunner.access$000(Unknown
 Source)
at
 org.apache.solr.handler.dataimport.DocBuilder$EntityRunner$1.run(Unknown
 Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
 Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
 Source)
at java.lang.Thread.run(Unknown Source)


 I suspect this to be an issue with the tomcat connection thread to the
 database being terminated/timed out.

 Need help as to why this is happening!.

 Regards

 Aniket


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: CORS issue with Tomcat and Android Webview

2014-04-29 Thread Jose María Zaragoza
2014-04-29 0:38 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com:
 On 4/28/2014 5:32 PM, Terence M. Bandoian wrote:

 On 4/28/2014 3:08 PM, Jose María Zaragoza wrote:

 2014-04-28 21:55 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com:

 On 4/26/2014 6:56 AM, Jose María Zaragoza wrote:

 2014-04-26 13:16 GMT+02:00 Martin Gainty mgai...@hotmail.com:

 Date: Sat, 26 Apr 2014 11:43:05 +0530
 Subject: Re: CORS issue with Tomcat and Android Webview
 From: ankising...@gmail.com
 To: users@tomcat.apache.org

 On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian
 tere...@tmbsw.comwrote:

 On 4/24/2014 11:16 PM, Ankit Singhal wrote:

 Hi

 I did more research on this and figure out the issue.If you see the
 headers
 from Android and look into Origin Header.

 Origin: file://

 Tomcat CORS filter tries to validate the URI in Origin header and
 considers
 file:// as an invalid URI and returns back 403.

 I have applied accept-origin*/accept-origin params. So
 shouldn't
 CORS
 filter honor this ?

 I agree that Client also has the problem , but still server should
 also
 allow...

 Hi:

 I'm watching this flowchart
 https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png

 and I wonder if Tomcat 7 checks if the request received belongs to the
 right type.
 I mean, if browser sends a simple request ( eg. POST + application/xml
 content-type header )
 WC3 spec says that request should be a preflight request  , does
 Tomcat check this case ?



 Regards


 Hi, Jose-

 I don't see where the W3C spec requires a preflight request for simple
 requests.


 -Terence Bandoian


 Sorry, I meant non-simple request.
 For example, if I perform a cross-domain POST request (within
 application/xml content-type header ),
 I guess that a preflight request is required , right ?
 What happens, if it's not sent , on Tomcat? Should it check it ?

 Regards



 Hi, Jose-

 I don't see in the W3C spec where preflight requests are required at all.
 Can you point me to where you've found that?

 -Terence Bandoian



 I meant to say I don't see where the W3C spec requires preflight requests to
 be sent.

According to

http://www.w3.org/TR/cors/#simple-cross-origin-request
Cross-Origin Request with Preflight
[
Go to the next step if the following conditions are true. *Otherwise,
make a preflight request.*

- For request method there either is a method cache match or it is a
simple method and the force preflight flag is unset.
- For every header of author request headers there either is a header
cache match for the field name or it is a simple header.
/]

So, I understand that if I make a POST request within application/xml
content-type header, it's a simple method but Content-type:
application/xml is not a simple header, according to
http://www.w3.org/TR/cors/#simple-method
I understand that client must to make a preflight request

Maybe I'm wrong


Regards





















 -Terence



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: CORS issue with Tomcat and Android Webview

2014-04-28 Thread Jose María Zaragoza
2014-04-28 21:55 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com:
 On 4/26/2014 6:56 AM, Jose María Zaragoza wrote:

 2014-04-26 13:16 GMT+02:00 Martin Gainty mgai...@hotmail.com:

 Date: Sat, 26 Apr 2014 11:43:05 +0530
 Subject: Re: CORS issue with Tomcat and Android Webview
 From: ankising...@gmail.com
 To: users@tomcat.apache.org

 On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian
 tere...@tmbsw.comwrote:

 On 4/24/2014 11:16 PM, Ankit Singhal wrote:

 Hi

 I did more research on this and figure out the issue.If you see the
 headers
 from Android and look into Origin Header.

 Origin: file://

 Tomcat CORS filter tries to validate the URI in Origin header and
 considers
 file:// as an invalid URI and returns back 403.

 I have applied accept-origin*/accept-origin params. So shouldn't
 CORS
 filter honor this ?

 I agree that Client also has the problem , but still server should
 also
 allow...

 Hi:

 I'm watching this flowchart
 https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png

 and I wonder if Tomcat 7 checks if the request received belongs to the
 right type.
 I mean, if browser sends a simple request ( eg. POST + application/xml
 content-type header )
 WC3 spec says that request should be a preflight request  , does
 Tomcat check this case ?



 Regards



 Hi, Jose-

 I don't see where the W3C spec requires a preflight request for simple
 requests.


 -Terence Bandoian


Sorry, I meant non-simple request.
For example, if I perform a cross-domain POST request (within
application/xml content-type header ),
I guess that a preflight request is required , right ?
What happens, if it's not sent , on Tomcat? Should it check it ?

Regards












 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: CORS issue with Tomcat and Android Webview

2014-04-26 Thread Jose María Zaragoza
2014-04-26 13:16 GMT+02:00 Martin Gainty mgai...@hotmail.com:
 Date: Sat, 26 Apr 2014 11:43:05 +0530
 Subject: Re: CORS issue with Tomcat and Android Webview
 From: ankising...@gmail.com
 To: users@tomcat.apache.org

 On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian 
 tere...@tmbsw.comwrote:

  On 4/24/2014 11:16 PM, Ankit Singhal wrote:
 
  Hi
 
  I did more research on this and figure out the issue.If you see the
  headers
  from Android and look into Origin Header.
 
  Origin: file://
 
  Tomcat CORS filter tries to validate the URI in Origin header and
  considers
  file:// as an invalid URI and returns back 403.
 
  I have applied accept-origin*/accept-origin params. So shouldn't CORS
  filter honor this ?
 
  I agree that Client also has the problem , but still server should also
  allow...
 

Hi:

I'm watching this flowchart
https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png

and I wonder if Tomcat 7 checks if the request received belongs to the
right type.
I mean, if browser sends a simple request ( eg. POST + application/xml
content-type header )
WC3 spec says that request should be a preflight request  , does
Tomcat check this case ?



Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: CORS issue with Tomcat and Android Webview

2014-04-24 Thread Jose María Zaragoza
2014-04-24 19:00 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com:
 On 4/22/2014 1:37 PM, Jose María Zaragoza wrote:

 -- Forwarded message --
 From: Terence M. Bandoian tere...@tmbsw.com
 Date: 2014-04-22 20:12 GMT+02:00
 Subject: Re: CORS issue with Tomcat and Android Webview
 To: Tomcat Users List users@tomcat.apache.org


 On 4/22/2014 11:03 AM, Ankit Singhal wrote:

 Also we tried to give the same call from Android App to some different
 Node
 server and things worked fine. So it seems some problem with Tomcat only.


 A silly question:

 What does it have to do Tomcat's CORS support with W3C Widget Access
 specification ?

 I have no idea about Phonegap but it looks like that it prefers to
 follow that specification for managing requests to different domains ,
 right ?



 Hi, Jose-

 The request/response headers in the original post were difficult for me to
 follow but basically, requests to Tomcat are successful when tested with
 Chrome (desktop? laptop? server? same as Tomcat?) and unsuccessful when
 tested from an Android device. What are the differences between the two
 environments? Do those differences have any effect on request processing by
 the Tomcat CORS filter? If it were me, I'd find out.


Well , I have no idea, but according this page

http://www.html5rocks.com/en/tutorials/cors/

if Content-Type is application/json , then request is a not simple
request ( sic. ) and it requires a OPTIONS preflight request (
including Origin header)
And Once the preflight request gives permissions, the browser makes
the actual request

First case (Chrome browser) did but, but the second didn't

Are you test to change the Content-Type ?

Regards








 -Terence Bandoian



 On Tue, Apr 22, 2014 at 9:22 PM, Ankit Singhal
 ankising...@gmail.comwrote:

 Hi All



 I am facing a strange problem with Tomcat 8 and CORS. I am developing a
 Hybrid web app using ionicframework, AngularJS, Cordova as front end and
 Tomcat 8 and Spring 3 as back-end.



 For easy development I am testing the functionality in chrome , where
 things are working fine. I added CORS filter with standard configuration
 to
 allow CROSS ORIGIN requests from browser.



 Today I converted my app into Android App and started making AJAX calls
 to
 tomcat server. To my surprise things stopped working . I debugged
 further
 and anomalies in the headers of browser and Android webview.



 Browser sends 2 requests for same call OPTION and POST. But Android
 Webview only send POST request.



 Browser Request Headers:



 OPTION:

 Remote Address:54.254.159.166:80

 Request URL:http://medistreet.in/auth2

 Request Method:OPTIONS

 Status Code:200 OK

 Request Headers

 OPTIONS /auth2 HTTP/1.1

 Host: medistreet.in

 Connection: keep-alive

 Access-Control-Request-Method: POST

 Origin: http://localhost

 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
 (KHTML,
 like Gecko) Chrome/34.0.1847.116 Safari/537.36

 Access-Control-Request-Headers: accept, content-type

 Accept: */*

 Referer: http://localhost/

 Accept-Encoding: gzip,deflate,sdch

 Accept-Language: en-US,en;q=8






 POST:



 Remote Address:54.254.159.166:80

 Request URL:http://medistreet.in/auth2

 Request Method:POST

 Status Code:200 OK



 Request Headers

 Accept:application/json, text/plain, */*

 Accept-Encoding:gzip,deflate,sdch

 Accept-Language:en-US,en;q=8

 Connection:keep-alive

 Content-Length:39

 Content-Type:application/json;charset=F-8


 Host:medistreet.in

 Origin:http://localhost

 Referer:http://localhost/

 User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
 (KHTML,
 like Gecko) Chrome/34.0.1847.116 Safari/537.36





 Android Request Headers:



 Request URL:http://medistreet.in/auth2

 Request Method:POST

 Status Code:403 Forbidden

 Request Headers

 POST http://medistreet.in/auth2
 HTTP/1.1http://medistreet.in/auth2%20HTTP/1.1

 Accept: application/json, text/plain, */*

 Origin: file://

 User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT1033
 Build/KXB20.25-1.31)
 AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0
 Mobile
 Safari/537.36

 Content-Type: application/json;charset=F-8






 The difference here I see is with Number of headers and specially Origin
 Header  which contains file://. To overcome this I added  more option
 is CORS filter:



 filter

 filter-nameCorsFilter/filter-name

 filter-classorg.apache.catalina.filters.CorsFilter/filter-class

 init-param

 param-namecors.allowed.origins/param-name

 param-value*/param-value

 /init-param

 /filter

 filter-mapping

 filter-nameCorsFilter/filter-name

 url-pattern/*/url-pattern

 /filter-mapping



 Another strange thing is that when we send the same Android request
 Headers from POSTMAN (chrome REST plugin) request is successful.



 POSTMAN Headers:



 Remote Address:54.254.159.166:80

 Request URL:http://medistreet.in/auth2

 Request Method:POST

 Status Code:200 OK

 Request Headers

 Accept:application/json, text

Re: CORS issue with Tomcat and Android Webview

2014-04-22 Thread Jose María Zaragoza
-- Forwarded message --
From: Terence M. Bandoian tere...@tmbsw.com
Date: 2014-04-22 20:12 GMT+02:00
Subject: Re: CORS issue with Tomcat and Android Webview
To: Tomcat Users List users@tomcat.apache.org


On 4/22/2014 11:03 AM, Ankit Singhal wrote:

 Also we tried to give the same call from Android App to some different Node
 server and things worked fine. So it seems some problem with Tomcat only.



A silly question:

What does it have to do Tomcat's CORS support with W3C Widget Access
specification ?

I have no idea about Phonegap but it looks like that it prefers to
follow that specification for managing requests to different domains ,
right ?


 On Tue, Apr 22, 2014 at 9:22 PM, Ankit Singhal ankising...@gmail.comwrote:

 Hi All



 I am facing a strange problem with Tomcat 8 and CORS. I am developing a
 Hybrid web app using ionicframework, AngularJS, Cordova as front end and
 Tomcat 8 and Spring 3 as back-end.



 For easy development I am testing the functionality in chrome , where
 things are working fine. I added CORS filter with standard configuration to
 allow CROSS ORIGIN requests from browser.



 Today I converted my app into Android App and started making AJAX calls to
 tomcat server. To my surprise things stopped working . I debugged further
 and anomalies in the headers of browser and Android webview.



 Browser sends 2 requests for same call OPTION and POST. But Android
 Webview only send POST request.



 Browser Request Headers:



 OPTION:

 Remote Address:54.254.159.166:80

 Request URL:http://medistreet.in/auth2

 Request Method:OPTIONS

 Status Code:200 OK

 Request Headers

 OPTIONS /auth2 HTTP/1.1

 Host: medistreet.in

 Connection: keep-alive

 Access-Control-Request-Method: POST

 Origin: http://localhost

 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
 like Gecko) Chrome/34.0.1847.116 Safari/537.36

 Access-Control-Request-Headers: accept, content-type

 Accept: */*

 Referer: http://localhost/

 Accept-Encoding: gzip,deflate,sdch

 Accept-Language: en-US,en;q=0.8





 POST:



 Remote Address:54.254.159.166:80

 Request URL:http://medistreet.in/auth2

 Request Method:POST

 Status Code:200 OK



 Request Headers

 Accept:application/json, text/plain, */*

 Accept-Encoding:gzip,deflate,sdch

 Accept-Language:en-US,en;q=0.8

 Connection:keep-alive

 Content-Length:39

 Content-Type:application/json;charset=UTF-8

 Host:medistreet.in

 Origin:http://localhost

 Referer:http://localhost/

 User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
 like Gecko) Chrome/34.0.1847.116 Safari/537.36





 Android Request Headers:



 Request URL:http://medistreet.in/auth2

 Request Method:POST

 Status Code:403 Forbidden

 Request Headers

 POST http://medistreet.in/auth2 
 HTTP/1.1http://medistreet.in/auth2%20HTTP/1.1

 Accept: application/json, text/plain, */*

 Origin: file://

 User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT1033 Build/KXB20.25-1.31)
 AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile
 Safari/537.36

 Content-Type: application/json;charset=UTF-8





 The difference here I see is with Number of headers and specially Origin
 Header  which contains file://. To overcome this I added  more option
 is CORS filter:



 filter

 filter-nameCorsFilter/filter-name

 filter-classorg.apache.catalina.filters.CorsFilter/filter-class

 init-param

 param-namecors.allowed.origins/param-name

 param-value*/param-value

 /init-param

 /filter

 filter-mapping

 filter-nameCorsFilter/filter-name

 url-pattern/*/url-pattern

 /filter-mapping



 Another strange thing is that when we send the same Android request
 Headers from POSTMAN (chrome REST plugin) request is successful.



 POSTMAN Headers:



 Remote Address:54.254.159.166:80

 Request URL:http://medistreet.in/auth2

 Request Method:POST

 Status Code:200 OK

 Request Headers

 Accept:application/json, text/plain, */*

 Accept-Encoding:gzip,deflate,sdch

 Accept-Language:en-US,en;q=0.8

 Cache-Control:no-cache

 Connection:keep-alive

 Content-Length:39

 Content-Type:application/json;charset=UTF-8

 Cookie:fbm_464284963672217=base_domain=.medistreet.in;
 JSESSIONID=87435755F03D7B045DD6E33D1D16AC51;
 fbsr_464284963672217=dUjASqF-nWquTFPk_-5wAtI0jTImBNkVxglUT-gHNSw.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUQ0UEZZVXE4eDFIa3V6OW9RV3RlVzE4clQ3SmtVRjBzU1VVcXhfV1BENG8tV1BZYjZuTVdDdDJGMmw4TjJUeUxLSzhIYUU1TUc2MkY5cXZOaXRMN3NGdklNZkhySmluYkdjMWs1THAyZnZYa2Zpa1lLVGJ0OWlZeXVvRDNWUDhTblp4czJCeTQ4RTlYY1ZjUmhGWGJsNnFMeG5YcWxxQ0d3b0hRM1ctRWhlLU02ejVITnhhakJtaVFRVk9PanFBVUtMSlk4Y3pLa0RtejFSY3RjTEFRaW16X1lkLUFkUngxUGwzajVNczdWOFdiMW9xeC05QjA0T2xraXktVU9ZalpSRUJsZjhibnZjQXQ2aUZTc1d2QTA3TjVUYnFIekVxQ0JIYjJNRG4tSUJhajl6TEMwQlVpckM0YzJXbC1GVDNhcyIsImlzc3VlZF9hdCI6MTM5ODE4MDg2NCwidXNlcl9pZCI6IjU3NjI1MjI2MiJ9

 Host:medistreet.in

 Origin:chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm

 User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 

Re: jax-ws and tomcat 7 with ssl

2014-03-18 Thread Jose María Zaragoza
2014-03-18 22:58 GMT+01:00 Maria Cristina Siena
mariacristinasi...@sourcecable.net:
 Hi,

 I developed a web service using jax-ws and configured Tomcat to support SSL
 connection. Here are my steps:

 ** Step 1 - Generate a self-signed server certificate

 Use JDK 1.7 keytool:

 keytool -genkey -alias trackerdev -keypass changeit -storepass changeit
 -keystore D:\Tomcat7\htdkeystore\trackerdev.ks -ext san=ip:xx.x.x.xxx

 Is CN=xx.x.x.xxx, OU=it, O=companynamehere, L=citynamehere,
 ST=provincenamehere, C=ca correct?
   [no]:  yes

 ** Step 2 - Configure Tomcat to support SSL connection

 On the dev server:

 Modify TOMCAT_HOME\conf\server.xml by adding the following block where
 keystoreFile and keystorePass are set to values from the previous step:

 Connector port=8444 protocol=HTTP/1.1 SSLEnabled=true
 maxThreads=150 scheme=https secure=true clientAuth=false
 sslProtocol=TLS
keystoreFile=htdkeystore/trackerdev.ks
 keystorePass=changeit /

 ** Step 3 - Export the generated server certificate to a certificate
 file

 On the dev server:

 keytool -export -alias trackerdev -storepass changeit -file
 D:\Tomcat7\htdkeystore\serverdev.cer -keystore
 D:\Tomcat7\htdkeystore\trackerdev.ks

 ** Step 4 - Import the server certificate into the truststore file (Open
 an administrator cmd window and hit Shift, Ctrl, Enter)

 Copy serverdev.cer from the dev server and on the local machine:

 keytool -import -v -trustcacerts -alias trackerdev -file
 C:\fromdevserver\serverdev.cer -keystore C:\Program
 Files\Java\jdk1.7.0_51\jre\lib\security\cacerts -keypass changeit
 -storepass changeit

 Trust this certificate? [no]:  yes

 ** Step 5 - Modify webapps's web.xml

 Add the following:
 listener
 listener-class

 com.sun.xml.ws.transport.http.servlet.WSServletContextListener
 /listener-class
 /listener
 servlet
 servlet-nametracker/servlet-name
 servlet-class
 com.sun.xml.ws.transport.http.servlet.WSServlet
 /servlet-class
 /servlet
 servlet-mapping
 servlet-nametracker/servlet-name
 url-pattern/tracker/url-pattern
 /servlet-mapping
 security-constraint
 web-resource-collection
 web-resource-namesecuredapp/web-resource-name
 url-pattern/tracker/url-pattern
 /web-resource-collection
 user-data-constraint
 transport-guaranteeCONFIDENTIAL/transport-guarantee
 /user-data-constraint
 /security-constraint

 ** MY QUESTION IS THIS:

 I tested the web service using https and it worked for me. I provided
 another team with my server certificate so that they could add it to their
 truststore file but I have no idea if they did or not. All I know is that
 they got an error loading the wsdl. The exception they got was:

 Error loading [https://xx.x.x.xxx:8444/appname/tracker?wsdl]
 org.apache.xmlbeans.XmlException: javax.net.ssl.SSLHandshakeException:
 sun.security.validator.ValidatorException: PKIX path building failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find
 valid certification path to requested target

 They claim that the certificate is not properly signed. Well, I don't know.
 It is a self-signed certificate.

 Any ideas would help!

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



I guess that they must add your PK certificate to their keystore. Ask them

Read the next link ( in Spanish ):
http://danielriab.wordpress.com/2012/08/13/java-pkix-path-building-failed/

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Filter behaviour ( settinf Content-Length header )

2014-02-27 Thread Jose María Zaragoza
Hello:

I'm using Tomcat 6.0.24 and I'm testing how to return Content-Length header
So I've defined a Filter and declared in web.xml of my web application

If I do this:

HttpServletResponse httpResponse = (HttpServletResponse) response;
chain.doFilter(request, response);
httpResponse.setHeader(Content-Length, 200);

doesn't work ( it doesn't set the header and
Transfer-Encoding:chunked is returned )
)

but

HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader(Content-Length, 200);
chain.doFilter(request, response);

does and it works OK

Why ?
Does anyone use a filter to set Content-Length header ?
Must I declared in web.xml of Tomcat ?


Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Filter behaviour ( settinf Content-Length header )

2014-02-27 Thread Jose María Zaragoza
Thanks


And what do you recommend to me for forcing to return  a Content-Type ?
Some weird clients require it

If I cannot do it with a Filter , where can I do it ?

2014-02-27 12:41 GMT+01:00 Konstantin Kolinko knst.koli...@gmail.com:
 2014-02-27 12:18 GMT+04:00 Jose María Zaragoza demablo...@gmail.com:
 Hello:

 I'm using Tomcat 6.0.24 and I'm testing how to return Content-Length header
 So I've defined a Filter and declared in web.xml of my web application

 If I do this:

 HttpServletResponse httpResponse = (HttpServletResponse) response;
 chain.doFilter(request, response);
 httpResponse.setHeader(Content-Length, 200);

 doesn't work ( it doesn't set the header and
 Transfer-Encoding:chunked is returned )
 )

 but

 HttpServletResponse httpResponse = (HttpServletResponse) response;
 httpResponse.setHeader(Content-Length, 200);
 chain.doFilter(request, response);

 does and it works OK

 Why ?
 Does anyone use a filter to set Content-Length header ?
 Must I declared in web.xml of Tomcat ?



 1. Why are you using such an old build of 6.0.x?
 2. You cannot set headers when any part of the response has already
 been sent to client. At that time headers have already been sent over
 the wire.
 See ServletResponse.isCommitted().
 3. You should be careful with that header. If you set it to a wrong
 value you may break something.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Filter behaviour ( settinf Content-Length header )

2014-02-27 Thread Jose María Zaragoza
2014-02-27 17:24 GMT+01:00 Konstantin Kolinko knst.koli...@gmail.com:
 2014-02-27 18:31 GMT+04:00 Jose María Zaragoza demablo...@gmail.com:

 And what do you recommend to me for forcing to return  a Content-Type ?
 Some weird clients require it

 If I cannot do it with a Filter , where can I do it ?


 You can do it in a Filter.

 As I said,
 1. The header must be set before writing anything to the output
 stream. That is per HTTP/1.1 protocol.
 2. The header must have correct value.

 How to implement that is up to you (do not expect me to teach you java
 programming, but maybe others here will do).

 If you do not know the length before response is generated, a solution
 can be to buffer the response before writing it out.

 Buffering can be done by writing an adapter around servlet response
 that replaces default output stream with a buffered one. The adapter
 can be implemented by extending
 javax.servlet.http.HttpServletResponseWrapper class.  Some caching
 frameworks have filters that perform such buffering and caching.


Thanks.
Finally, I did it with a servlet and it works

I tried with a Filter and a HttpServletResponseWrapper. Long time
before asking here.
And I wrapped the response output stream into a FilterOutputStream ,
so I could count every byte written
I got the right content length . All OK and I was happy.
But , when I tried set the header with
wrapper.setHeader(Content-Length, count ) , and as you told me
before, the response headers had already been flushed ( i checked
isCommited() )
I could modify output stream data but I couldn't modify response
headers. I don't understand but it is

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



UserDatabase resource into META-INF/context.xml

2014-02-06 Thread Jose María Zaragoza
Hello:

I'm using Tomcat 6.0.24

I want to set a realm per only one application, so I define in its
META-INF/context.xml

?xml version=1.0 encoding=UTF-8?
Context
Resource auth=Container
 description=User database that can be updated and saved
 factory=org.apache.catalina.users.MemoryUserDatabaseFactory
name=MyUserDatabase
 pathname=conf/my-users.xml
 type=org.apache.catalina.UserDatabase /

Realm className=org.apache.catalina.realm.UserDatabaseRealm
resourceName=MyUserDatabase/
/Context

my-users.xml is stored in $CATALINA_BASE/conf/


But it doesn't work; a javax.naming.NameNotFoundException exception is
thrown when Tomcat restarts


If I put Resource under GlobalNamingResources in server.xml , works
fine, But I would prefer to held all configuration in context.xml

is it possible ? or do I need to use GlobalNamingResources ?
is the pathname right ?


Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Modify content in META-INF/context.xml

2013-12-18 Thread Jose María Zaragoza
2013/12/18 Jeffrey Janner jeffrey.jan...@polydyne.com:

 I think that at 6.x you need to do one of the following to the context.xml 
 file located in the configBase ($CATALINA_BASE/conf/[enginename]/[hostname]/):
 1. make the changes to the file there and reload the webapp
 2. make the changes in the META_INF file and copy it to the configBase, then 
 reload the webapp
 3. delete the file from the configBase, then redeploy the webapp.

 With 7.x (at least the latest version) you get the copyXML paramter in the 
 Host element which will give you more control over the process.
 Jeff


Hello Jeffrey:

Thanks a lot. You're right in all the points
I was testing all this options yesterday and I would like feedbak the
results to the list , but you did it before than me

Finally, my choice is the 3º option

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Modify content in META-INF/context.xml

2013-12-17 Thread Jose María Zaragoza
Hello:

I'm using Apache Tomcat 6.0.24 and I've deployed a web application
that defines its resources into META-INF/context.xml , especially
information about connection pool

Sometimes I''ve to edit that file to change some data , i.e, database's JDBC url

I've seen that restart web application is not enough to apply these
changes  , so I need to redeploy the web application ( I mean, unpack
WAR file, modify it , repack it again, copy to deploy folder ...)

My question:

Do you know other way to modify META-INF/context.xml and apply the
changes and don't have to redeploy the WAR file ?

Restart the web application is not a problem, but restart Tomcat is

Any ideas ?

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Modify content in META-INF/context.xml

2013-12-17 Thread Jose María Zaragoza
2013/12/17 André Warnier a...@ice-sa.com:
 Hi.
 Without having any idea really of the precise mechanism behind database
 connections, I can still imagine that with the possibility of pooled
 connections to said database(s), it may be difficult to detect such a change
 in the corresponding context.xml and apply them on the fly. Even more so
 if such connections could be shared between different applications.


Thanks, but I didn't said that I neeed to apply changes on the fly.
Indeed, I said Restart the web application is not a problem

I only wan't to have to redeploy the web application to modify
META-INF/context.xml and apply changes.


Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Modify content in META-INF/context.xml

2013-12-17 Thread Jose María Zaragoza
 Automatic deployment has had a bit of an overhaul in Tomcat 8 and those 
 changes have been back-ported to 7.0.x for the next release. The behaviour in 
 a number of edge cases is now clearly defined:
 http://ci.apache.org/projects/tomcat/tomcat8/docs/config/automatic-deployment.html

 In your case, you'd want to deploy as a WAR with unpackWARs set to true.
 Then, any time you edit the META-INF/context.xml in the unpacked directory 
 the web application will be redeployed using the new context.xml

 This might work with 6 but I can't remember (it is a long time since I looked 
 at the 6.0.x automatic deployment code).

 -


 I'm on 6.0.26 and have this setting in my conf/server.xml file.

   Host name=localhost  appBase=webapps
 unpackWARs=true autoDeploy=true
 xmlValidation=false xmlNamespaceAware=false


 I was thinking it handled this kind of thing, but I may be wrong.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Thanks

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: What if my database is unavailable at startup?

2013-12-13 Thread Jose María Zaragoza
With testOnBorrow=true ( I think that is the default value in Tomcat
6 ) + validationQuery=SELECT 1 FROM DUAL , that should work

I've never used

maxOpenPreparedStatements=0
accessToUnderlyingConnectionAllowed=false

what are they for ?




2013/12/13 Dames, Kristopher J kristopher.da...@mercy.net:
 Daniel,

 I use tomcat 6.0.32. Here is an example Resource tag:

 Resource
 accessToUnderlyingConnectionAllowed=false
 auth=Container
 defaultAutoCommit=true
 defaultReadOnly=false
 defaultSchema=x
 driverClassName=oracle.jdbc.driver.OracleDriver
 factory=org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory
 initialSize=0
 logAbandoned=false
 maxActive=20
 maxIdle=8
 maxOpenPreparedStatements=0
 maxWait=5000
 minEvictableIdleTimeMillis=180
 minIdle=5
 name=jdbc/x
 numTestsPerEvictionRun=3
 password=x
 poolPreparedStatements=false
 removeAbandoned=true
 removeAbandonedTimeout=300
 testOnBorrow=true
 testOnReturn=false
 testWhileIdle=true
 timeBetweenEvictionRunsMillis=180
 type=javax.sql.DataSource
 url=jdbc:oracle:thin:@x.y.com:1521:x
 username=x
 validationQuery=SELECT 1 FROM DUAL
 /

 This email contains information which may be PROPRIETARY IN NATURE OR 
 OTHERWISE PROTECTED BY LAW FROM DISCLOSURE and is intended only for the use 
 of the addresses(s) named above.  If you have received this email in error, 
 please contact the sender immediately.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: What if my database is unavailable at startup?

2013-12-13 Thread Jose María Zaragoza
2013/12/13 Dames, Kristopher J kristopher.da...@mercy.net:
 With testOnBorrow=true ( I think that is the default value in Tomcat
 6 ) + validationQuery=SELECT 1 FROM DUAL , that should work


 So you are saying my configuration should work as-is to allow Tomcat to 
 create a database connection pool to a database that was unavailable when 
 Tomcat was started?


Yes , I do it and it works
But I dont use some parameters like maxOpenPreparedStatements ,
accessToUnderlyingConnectionAllowed
Furthermore, I use default values for testOnXXX
The others , at first sight, are similar





 I've never used

 maxOpenPreparedStatements=0
 accessToUnderlyingConnectionAllowed=false

 what are they for ?


 maxOpenPreparedStatements: The maximum number of open statements that can be 
 allocated from the statement pool at the same time
 accessToUnderlyingConnectionAllowed: Allows the raw physical connection to 
 the database to be accessed by the webapp

 This email contains information which may be PROPRIETARY IN NATURE OR 
 OTHERWISE PROTECTED BY LAW FROM DISCLOSURE and is intended only for the use 
 of the addresses(s) named above.  If you have received this email in error, 
 please contact the sender immediately.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



context.xml in META-INF

2013-11-28 Thread Jose María Zaragoza
Hello:

I'm using Tomcat 6.0.23 .
Yes, I know it's an old release

I would like to use

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



META-INF/context.xml connection pool

2013-11-28 Thread Jose María Zaragoza
Hello:

I'm using Tomcat 6.0.23
Yes, I know is an old release

Anyway, I would like to use tomcat-jdbc connection pool JAR

So, I 've stored a context.xml into META-INF folder in my WAR, as

Context

Resource auth=Container type=javax.sql.DataSource
 factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
 driverClassName=org.postgresql.Driver
 initialSize=0  maxActive=100 maxIdle=20 maxWait=1 mindIdle=0
 name=datasource/ddbb password= removeAbandoned=true
 url=jdbc:postgresql://localhost:5433/ddbb?LoginTimeout=3
 username=uu validationQuery=SELECT 1 testOnBorrow=true /

/Context

My question is

should I store JAR ( tomcat-jdbc-x.x.x.jar  tomcat-juli-x.x.x.jar )
into WEB-INF/lib folder in WAR
or into $TOMCAT_HOME/lb folder ?

Could there be a problem by store them into the own WAR ( WEB-INF/lib ) ?


Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Release a database connection from pool

2013-09-10 Thread Jose María Zaragoza
2013/9/10 Christopher Schultz ch...@christopherschultz.net

 It can't: not all JDBC drivers use TCP/IP, so the only thing the DBCP
 can do is call Connection.close and hope the driver does something
 intelligent.

It makes sense



 That's up to the database server. I can't imagine a db server that
 would not know what to do under these circumstances.

OK. Thanks Christopher

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Release a database connection from pool

2013-09-09 Thread Jose María Zaragoza
Hello:

I've got a simple question.
I'm using Tomcat 6  DBCP library ( bit I've got the same question
with Tomcat JDBC pool )


My question is:

when DBCP wants to release a database connection from the pool ( for
example , if it is idle for more than minEvictableIdleTimeMillis )

does it just close the TCP socket connection ( FIN packet )?
If it does, is it enough for remote database server knows that it has
to release its resources ?

Or does it do anything more by using propietary driver's commands? I
asking me if ( some ) database servers need a special command to
finish a connection/session ?


Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Release a database connection from pool

2013-09-09 Thread Jose María Zaragoza
2013/9/9 Daniel Mikusa dmik...@gopivotal.com:
 On Sep 9, 2013, at 2:56 PM, Jose María Zaragoza demablo...@gmail.com wrote:

 Or does it do anything more by using propietary driver's commands? I
 asking me if ( some ) database servers need a special command to
 finish a connection/session ?

 Not sure what you mean here.  Can you elaborate?

Thanks.

I would like to know if closing the underlying TCP connection is
enough to notify to database server that it has to release any
resource reserved for that connection.

Or some database servers have got a propietary way ( a protocol , i
mean ) to finish connections ( known by propietary driver )
Of course, finally, the TCP connection is closed but I wonder if there
is any message interchange between driver and database server to
finish the connection.

Really my question is if an intermediate firewall finishes the
connection , the database server realizes that it must to release its
resources

I don't know if I explained better ...


Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [Probe]- Tomcat deployment

2013-08-03 Thread Jose María Zaragoza
http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html


2013/8/3 vicky vicky007aggar...@yahoo.co.in:
 Hi Guys,

 Is there a way by which we can handle the tomcat deployment of war files from 
 a central location via a Web UI screen ?

 I 'm aware of PROBE (http://code.google.com/p/psi-probe/) by which we can do 
 the deployment from a Web UI screen but for that we need to
 individually deploy the Probe.war  across all instances .

 Is there a way out by which we can handle the tomcat deployments from a 
 central location ( i.e  by avoiding  deploying probe.war on all instances)
 on todifferent physical machines.

 Please suggest  share your valuable thoughts


 Thanks
 Vicky

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Share info across different sessions servers

2013-07-06 Thread Jose María Zaragoza
 for a LAN machine
  //for example:
  //the remote router has fixed IP address say
 203.12.32.235
  //the remote machine running tribes (on p4000) has
 fixed LAN address say 192.168.1.63
  //(in Linux you set fixed LAN IP address in the
 '/etc/hosts' file)
  //lets say you create a port-forwarding in the
 router so port 4 redirects to 192.168.1.63 / port 4000
  //in such a case the value for
 remoteHostIPv4Address will be 203.12.32.235
  //and remoteHostPort will be 4
  //ie {203.12.32.235 , 4} = redirects to =
 {192.168.1.63 , 4000}
  //if there is no router (say you have 2 VPS), then
 no redirect is required
  //whereupon remoteHostPort will probably be 4000
 (as long as that address is free when tribes starts)


 msgListener = new MyMessageListener();
 mbrListener = new MyMemberListener();
 myChannel = new GroupChannel();
 myChannel.addMembershipListener(mbrListener);
 myChannel.addChannelListener(msgListener);
 myChannel.start(Channel.DEFAULT);
 log(TRIBES HAS STARTED ON PORT: +Integer.toString(getLocalPort()));
 }

 void sendMessage(String message,Member member) throws ChannelException{
 Member[] group = new Member[]{member};
 this.myChannel.send(group,new
 ByteMessage(message.getBytes(UTF8)),Channel.SEND_OPTIONS_DEFAULT);
 }

 String addressesForThisMachine() throws SocketException{
 String ss=network addresses for this machine: ;
 EnumerationInetAddressee;
 EnumerationNetworkInterfaceei;
 ei=NetworkInterface.getNetworkInterfaces();
  while(ei.hasMoreElements()){
  ee=((NetworkInterface)ei.nextElement()).getInetAddresses();
   while(ee.hasMoreElements()){
   ss=ss+ee.nextElement().getHostAddress()+;;
   }
  }
 return ss;
 }


 /*
  * subserver will run this
  */
 private void engageInDialogue(){
  do{
   try{
   this.sendMessage(* hello superserver *,superServerStaticMember);
   }
   catch (ChannelException ex) {
   TribesRemote.log(ex);
   }
   try {
   Thread.currentThread().sleep(1);
   }
   catch (InterruptedException ex) {
   System.exit(0);
   }
   if(System.currentTimeMillis()-lastMessageTime()12000){
   log(no messages in last 12 seconds);
   }
  }while(true);
 }
 /*
  * superserver will run this
  */
 private void waitForMessages(){
  do{
   try{
   Thread.currentThread().sleep(1);
   }
   catch (InterruptedException ex) {
   System.exit(0);
   }
  }while(true);
 }

  int getLocalPort() {
  return this.myChannel.getLocalMember(true).getPort();
  }

  private void engage(){
   if(this.amSuperServer){
   this.waitForMessages();
   }
   else{
   this.engageInDialogue();
   }
  }

  private long lastMessageTime() {
  return this.lastMessageReceived;
  }

  void messageReceived(String message, Member sender) throws
 ChannelException {
  this.lastMessageReceived=System.currentTimeMillis();
   if(this.amSuperServer){
   this.sendMessage(message +  ((hello back )),sender);
   }
  }

  private static class MyMessageListener implements ChannelListener{

   @Override
   public void messageReceived(Serializable s,Member sender){
   byte[] b=((ByteMessage)s).getMessage();
   String message=new String(b,TribesRemote.UTF8);
   TribesRemote.log(message received:  +message);
try{
TribesRemote.tribesRemote.messageReceived(message,sender);
}
catch (ChannelException ex) {
TribesRemote.log(ex);
}
   }

   @Override
   public boolean accept(Serializable msg, Member sender) {
   return true;
   }
  }

  //this is part of clustering that has not been removed from tribes
  private static class MyMemberListener implements MembershipListener{

  @Override
  public void memberAdded(Member member){
  //TribesRemote.tribesRemote.memberDetected(member);
  }

  @Override
  public void memberDisappeared(Member member){
  //TribesRemote.tribesRemote.memberGone(member);
  }

  }







 }


 On Thu, Jul 4, 2013 at 6:57 PM, Jose María Zaragoza demablo...@gmail.com
 wrote:

  Thanks Vince.
  I'll take a look , but , it doesn't look trivial , not at all
 
  Regards
 
 
  2013/7/4 Vince Stewart stewart.vi...@gmail.com
 
   Hi Jose,
  
   a couple of things,
   1) I use embedded Tomcat to build my application and this has allowed
 me
  to
   maintain 2 single-line patches in tribes classes by adding tribes
 source
   code to my compilations. However those patches are only necessary with
   large messages that take more than 3 seconds to be transmitted from the
   transmitting machine to the Internet Service Provider machine (approx
 0.5
   meg for my system). There is a config setting
 (Sender/Transport/timeout)
   that's supposed to alter this 3 second timeout limit but I'm not sure
 it
   works.
   2) The implementation is not at all trivial. You have to register
   StaticMember objects because usual member discovery does not work over
   wide-area network

Re: Share info across different sessions servers

2013-07-04 Thread Jose María Zaragoza
Thanks Vince.
I'll take a look , but , it doesn't look trivial , not at all

Regards


2013/7/4 Vince Stewart stewart.vi...@gmail.com

 Hi Jose,

 a couple of things,
 1) I use embedded Tomcat to build my application and this has allowed me to
 maintain 2 single-line patches in tribes classes by adding tribes source
 code to my compilations. However those patches are only necessary with
 large messages that take more than 3 seconds to be transmitted from the
 transmitting machine to the Internet Service Provider machine (approx 0.5
 meg for my system). There is a config setting (Sender/Transport/timeout)
 that's supposed to alter this 3 second timeout limit but I'm not sure it
 works.
 2) The implementation is not at all trivial. You have to register
 StaticMember objects because usual member discovery does not work over
 wide-area network (WAN). I allocate one machine as SuperServer and all
 other machines have to enroll with SuperServer at startup. All machines
 need to have a unique combination of Ipv4 address and port number (which
 might represent a redirection port for use by the router whereupon
 networked machines also need LAN addresses set). Once registration is
 complete, all sub-Server machines can send/receive SuperServer and vice
 versa.

 There is a tutorial on-line which is adequate but not for WAN. I think you
 have at least two weeks of work in front of you using tribes but I am very
 happy I used this method.
 None of my code would add much (except confusion) to that in the tutorial.
 Make sure you start without multicast enabled as it currently is suitable
 only for LAN.

  ///Class Constructor
  public ServerMessaging() throws SocketException{
  this.myChannel=new GroupChannel();
  ChannelListener msgListener = new ServerMessaging.MyMessageListener();
  MembershipListener mbrListener = new ServerMessaging.MyMemberListener();
  myChannel.addMembershipListener(mbrListener);
  myChannel.addChannelListener(msgListener);
   try{


 myChannel.start(Channel.MBR_TX_SEQ|Channel.MBR_RX_SEQ|Channel.SND_TX_SEQ|Channel.SND_RX_SEQ);//no
 multicast
   }
   catch(ChannelException e){
   U.log(e);
   }
  }

 public void detectOrderNumber_EnrollWithSuperServer() throws
 ChannelException{
 setMyServerOrderStatus(); // machine reads its mac address or some file;
 then from a table will set serverOrderNumber to 0 for superserver ; others
 1,2,3...
  if(this.getServerOrderNumber()==0){  meaning this is the superserver
  someObject.doSomeThingMaybe();
  }
  else{
  this.sendAckRequiredMessage(0,Enrollment); /// first argument specifies
 SuperServer, member 0 (a table will need to be provided to hold IPv4
 address and port for each member)
  }
 }



Re: Share info across different sessions servers

2013-07-03 Thread Jose María Zaragoza
Thanks Vince.
This could be an option.
The documentation is poor and I don't see many examples in the web

Could you send to  me some code as example  server.xml configuration ?

Regards





2013/7/3 Vince Stewart stewart.vi...@gmail.com

 I have am using tribes messaging to send messages between remote
 applications which include tomcat embedded. You construct your message and
 submit to a sendMessage process. All running apps are always listening
 for messages. They receive the message and then may or may not reply or
 broadcast as a result.


 On Wed, Jul 3, 2013 at 7:43 AM, Jose María Zaragoza demablo...@gmail.com
 wrote:

  Thanks Christopher :
 
  Maybe I explained myself badly
  I really need to send messages to a specific web session , not share data
 
  I need to pass some data ( message ) to a specific session from a remote
  system ( a remote process from a remote system).
  Finally, this data is passed to client's browser by AJAX Reverse
 
  My idea is the session creates a dynamic Queue and it configures itself
 as
  Consumer
  If I pass the Queue to remote process ( in message.replyTo() ) , the
 remote
  process can send data to that specific session
 
  I could use a RDBS but , in this case, session needs to create a thread
 to
  polling on a share table. And I don't like this idea, sorry.
 
  memcached sounds good but I don't know anything about it and I don't know
  is is based on a event-driven architecture
 
 
 
  I need
 
  1) send data/message from a remote process to a specific web session
  2) execute some code in this session
  3) consume ( a.k.a, delete ) that message
 
  Persistence is not a requirement but ActiveMQ allows it
 
  I'l try it with ActiveMQ
 
  Thanks again and regards
 
 
 
 
 
  2013/7/2 Christopher Schultz ch...@christopherschultz.net
 
   -BEGIN PGP SIGNED MESSAGE-
   Hash: SHA256
  
   Jose,
  
   On 7/2/13 3:22 AM, Jose María Zaragoza wrote:
Thanks I need to share formatted text data  ( XML, key/value,
...I'm not sure yet )
   
I don't understand your comment about JMS . I will use a JMS broker
as ActiveMQ . Probably it will be embebbed into the same JVM than
Tomcat server. ActiveMQ supports  persistent messages
  
   While JMS may work, it's really not the right solution. JMS is a
   messaging service, and you want a data-storage service.
  
I could use a database but I don't want to be making polling every
X seconds by a session
  
   You don't have to pull any data that the user doesn't need, do you?
  
   If you don't want to use a RDBMS, how about something like memcached?
   I asked about using memcached a while back on this list and got some
   other suggestions as well (as memcached doesn't make a great fail-safe
   shared-data storage system... it's really meant to be more of a cache
   of data available elsewhere).
  
   - -chris
   -BEGIN PGP SIGNATURE-
   Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
   Comment: GPGTools - http://gpgtools.org
   Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
  
   iQIcBAEBCAAGBQJR0ycOAAoJEBzwKT+lPKRYaAsP+wfhqoLQWwJoYLpur0Z5VOeJ
   GUmylaW+kllpcbdFdVG81691rjUW1Ph5yQ2MQzPFKv0bCp2cyHMWQuJgAp1rq/Lo
   T6Bpba6IHeyucxEAk0XZfGu4efS+wc39ncq9C3GPamEvrN+locYGtM/lqSpkSxKz
   5ADXD9o2//U5Nk00N0KHPH4xsp/wtx0NJgT1p9f1VUKgU9pVvGFhHvrozvdAEcnv
   9U7IQroNO7uR3RnKL/rq9CH3MsxL/gbWCWEZ21WkaguLFysc67naaSQvimIoLok9
   eUfCK6Z5Bll4VeefK6YlA6E49sj01NZD1zuj0J/DGUiwBuFiNSZc1Z2NOZlue7Oo
   efpaRkjINouIfyk3RONa8/ZuNWf80ImX5vvJKEYK7ujc2LB7G8+ID95Toeej0eyg
   cZWHZo3N67nYgker4Kp4xn4VXBs4QfDzY/uOfsUyp8voNcCz6lBo38w8T3jvVJzV
   ci18cbWdRXQ3NrlaBkI8qJeEzMWAegM7C1IqJUspmlDHvsUIiamGA+ZF6nBNPr16
   w3lx8X8xWjGM63OQaoYMbTc2ZXFCkP0zkXXEcx49zyGMSEDSk2NySw2HkAOh9iVx
   tr7YCDChtFg8mBQPY6CiiasEtn8j9JMK/XawdDI34LTsO1molB5OvJDGo558BqMm
   3hK/JZGxPkEPapvOfWRM
   =tOMh
   -END PGP SIGNATURE-
  
   -
   To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
   For additional commands, e-mail: users-h...@tomcat.apache.org
  
  
 



 --
 Vince Stewart



Share info across different sessions servers

2013-07-02 Thread Jose María Zaragoza
Hello:

I need to share data between sessions running in different Tomcat server.

I 'd been thinking about using a JMS broker (as ActiveMQ ):

- when a new session is created in Tomcat A, it's created a new unique
topic for this session
- the session registers itself as listener of that topic ( the only one
listener )
- publish the name of this topic by some way , so it can be found by
another session in Tomcat B

I don't know if somebody has used something like this sometime, and how
he/she did it
Any suggestion/opinion  ?

I'm not sure either use only one topic for all session created or one topic
per session ?
I think that one topic per session is more safe because if I use one topic
for all sessions, if one message is not read quickly by one consumer ( a
session ), could block the topic,
Obviously , i'll define a TTL for messages/topic

Thanks and regards


Re: Share info across different sessions servers

2013-07-02 Thread Jose María Zaragoza
Thanks
I need to share formatted text data  ( XML, key/value, ...I'm not sure yet )

I don't understand your comment about JMS . I will use a JMS broker as
ActiveMQ . Probably it will be embebbed into the same JVM than Tomcat
server. ActiveMQ supports  persistent messages


I could use a database but I don't want to be making polling every X
seconds by a session


Regards



2013/7/2 mailingl...@j-b-s.de mailingl...@j-b-s.de

 Hi!

 What kind of data do you want to share? Just a view bytes? Is there an
 requirement concerning durability/persistence/performance?
 Is this user=session related or do you want to share data in general?
 Usually if you have a session id the lb will route your user always to the
 same container? What about session replication, a database, terracotta?

 JMS: i doubt this will be working... you need a persistent message or a
 container started after the change was send will not noticed about it...

 Jens



 Sent from my iPhone

 On 02.07.2013, at 08:45, Jose María Zaragoza demablo...@gmail.com wrote:

  Hello:
 
  I need to share data between sessions running in different Tomcat server.
 
  I 'd been thinking about using a JMS broker (as ActiveMQ ):
 
  - when a new session is created in Tomcat A, it's created a new unique
  topic for this session
  - the session registers itself as listener of that topic ( the only one
  listener )
  - publish the name of this topic by some way , so it can be found by
  another session in Tomcat B
 
  I don't know if somebody has used something like this sometime, and how
  he/she did it
  Any suggestion/opinion  ?
 
  I'm not sure either use only one topic for all session created or one
 topic
  per session ?
  I think that one topic per session is more safe because if I use one
 topic
  for all sessions, if one message is not read quickly by one consumer ( a
  session ), could block the topic,
  Obviously , i'll define a TTL for messages/topic
 
  Thanks and regards

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: Share info across different sessions servers

2013-07-02 Thread Jose María Zaragoza
Thanks Christopher :

Maybe I explained myself badly
I really need to send messages to a specific web session , not share data

I need to pass some data ( message ) to a specific session from a remote
system ( a remote process from a remote system).
Finally, this data is passed to client's browser by AJAX Reverse

My idea is the session creates a dynamic Queue and it configures itself as
Consumer
If I pass the Queue to remote process ( in message.replyTo() ) , the remote
process can send data to that specific session

I could use a RDBS but , in this case, session needs to create a thread to
polling on a share table. And I don't like this idea, sorry.

memcached sounds good but I don't know anything about it and I don't know
is is based on a event-driven architecture



I need

1) send data/message from a remote process to a specific web session
2) execute some code in this session
3) consume ( a.k.a, delete ) that message

Persistence is not a requirement but ActiveMQ allows it

I'l try it with ActiveMQ

Thanks again and regards





2013/7/2 Christopher Schultz ch...@christopherschultz.net

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Jose,

 On 7/2/13 3:22 AM, Jose María Zaragoza wrote:
  Thanks I need to share formatted text data  ( XML, key/value,
  ...I'm not sure yet )
 
  I don't understand your comment about JMS . I will use a JMS broker
  as ActiveMQ . Probably it will be embebbed into the same JVM than
  Tomcat server. ActiveMQ supports  persistent messages

 While JMS may work, it's really not the right solution. JMS is a
 messaging service, and you want a data-storage service.

  I could use a database but I don't want to be making polling every
  X seconds by a session

 You don't have to pull any data that the user doesn't need, do you?

 If you don't want to use a RDBMS, how about something like memcached?
 I asked about using memcached a while back on this list and got some
 other suggestions as well (as memcached doesn't make a great fail-safe
 shared-data storage system... it's really meant to be more of a cache
 of data available elsewhere).

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJR0ycOAAoJEBzwKT+lPKRYaAsP+wfhqoLQWwJoYLpur0Z5VOeJ
 GUmylaW+kllpcbdFdVG81691rjUW1Ph5yQ2MQzPFKv0bCp2cyHMWQuJgAp1rq/Lo
 T6Bpba6IHeyucxEAk0XZfGu4efS+wc39ncq9C3GPamEvrN+locYGtM/lqSpkSxKz
 5ADXD9o2//U5Nk00N0KHPH4xsp/wtx0NJgT1p9f1VUKgU9pVvGFhHvrozvdAEcnv
 9U7IQroNO7uR3RnKL/rq9CH3MsxL/gbWCWEZ21WkaguLFysc67naaSQvimIoLok9
 eUfCK6Z5Bll4VeefK6YlA6E49sj01NZD1zuj0J/DGUiwBuFiNSZc1Z2NOZlue7Oo
 efpaRkjINouIfyk3RONa8/ZuNWf80ImX5vvJKEYK7ujc2LB7G8+ID95Toeej0eyg
 cZWHZo3N67nYgker4Kp4xn4VXBs4QfDzY/uOfsUyp8voNcCz6lBo38w8T3jvVJzV
 ci18cbWdRXQ3NrlaBkI8qJeEzMWAegM7C1IqJUspmlDHvsUIiamGA+ZF6nBNPr16
 w3lx8X8xWjGM63OQaoYMbTc2ZXFCkP0zkXXEcx49zyGMSEDSk2NySw2HkAOh9iVx
 tr7YCDChtFg8mBQPY6CiiasEtn8j9JMK/XawdDI34LTsO1molB5OvJDGo558BqMm
 3hK/JZGxPkEPapvOfWRM
 =tOMh
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: Tomcat 6.x leak with WSS4J library

2013-06-20 Thread Jose María Zaragoza
Thanks you very much, Christopher :

1)

Finally

-
-Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false

worked for me, but I want to find out the root cause for leaking. I afraid
to accelerate OOM in PermGen  with many redeploys

2)


Perhaps a container-loaded component (wss4j?) is being configured to
use a webapp-loaded component (log4j?). Have you placed anything that
didn't come with Tomcat into Tomcat's lib/ directory?


I don't use log4j.jar and I guess neither another library in my WEB-INF/lib
( looking at Maven dependences ).

I don't have log4j.jar in $TOMCAT_HOME\lib



My web application uses slf4j + logback and I've got jcl-over-slf4j as a
Maven dependence

and I exclude that another library uses commons-logging with Maven
exclusion option

exclusions
exclusion
 groupIdcommons-logging/groupId
   artifactIdcommons-logging/artifactId
/exclusion
/exclusions

So, if logging system leaks, should be slf4j + logback, but I'm not sure




























2013/6/20 Christopher Schultz ch...@christopherschultz.net

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Jose,

 On 6/19/13 5:02 PM, Jose María Zaragoza wrote:
  Thanks !
 
  You should at least upgrade to 6.0.37. 6.0.24
 
  I agree with you but I can't. Anyway, I tested my webapp in Tomcat
  6.0.37 and it throws the same error; it only works in latest Tomcat
  7.x

 You really need to. Tell your bosses that you are vulnerable to a
 number of important security vulnerabilities that have been
 published for years, now.

  Why is your web application attempting to get a message's
  signature
  during shutdown?
 
  I explained myself  badly . I wanted to say after my webapp  is
  redeployed and without any restart, the next requests to my webapp
  throws that exception.

 This suggests that some component is being de-configured on webapp
 shutdown but then you are still trying to use it after the webapp
 shutdown (when the next version of the webapp).

 Perhaps a container-loaded component (wss4j?) is being configured to
 use a webapp-loaded component (log4j?). Have you placed anything that
 didn't come with Tomcat into Tomcat's lib/ directory?

  I think you have to use a ServletContextListener to properly
  tear-down your resources, otherwise they may be torn-down after
  Tomcat does things such as nulling-out static field references,
  which is likely to be the problem you are encountering, here.
 
  I agree but I have no idea how free resources managed by wss4j
  library . I'm not an expert in JVM profiling but I can investigate
  about it.
 
  That's because the log reference is null. -
  -Dorg.apache.catalina.loader.
  WebappClassLoader.ENABLE_CLEAR_REFERENCES=false
 
  Great ! It could be a solution. I hope don't have collateral
  effects ...

 The collateral effect is likely to be that your webapp doesn't crash
 (at least for this issue) but you might end up with a webapp-reload
 memory leak if you don't already have one.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJRwl9PAAoJEBzwKT+lPKRYMFoQAJ4CZa4iwUItpl8VlizLfaBE
 idgDbjWrZEEUp78iqo3+aJKnrLZpJIiHpx80PvXgJ8Dc9ifZS5jiObkfzcCdxwZj
 DMNCctEAIg6fmtnttFY5m8f73geLA8QBY2agie6BaxdfnXqFRPyGwefeVcuymnbv
 wkVu4W6XPXPSAZJhYaF3vS+L3hD3CUtStwg2/TEAlxaWtFgH+rDcmdwJsAQPkUxI
 FEYJTk5asTyQE/9Voq+wzHG3ygu9ZW48EgvHQAKtjPWpDk7FhYbiK0uVfB7W5F7F
 UbixxonlNO+KMW/zPqtDt9+wPXux9T1m8c3iflek/Oai9LfFflb+mw4x2UhSFx+d
 nN518ZsBB6mUyoOxgllGQECZSTT8xB/JFX7VxAMhTtpIn2ltFMhKhPKSKamRPKZb
 nwQcxHf7PC/AxXaZT429Qj1d0+rPi0MMeLhYShleestWnuYdM733fYwdru8rBRjx
 HWxDpFsJtp/LOKkJGTbw/0AT8yxkVXLKRjTxGOB7NWxSO/VCNq2l0H9711ECUAAK
 ki6MdbPog7nXgMwVAmegtJjSjg124Q8iGw9YiKSuRRWeZ6FuInLB7umlijUac81Z
 apZu1G8gfbpcQM36//cVEsFShCAKION2h+n9KE/bhLvYyBvS03u6tTyUS65VR9EY
 j9mkawDqdULHtGYNiv8V
 =2NOw
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Tomcat 6.x leak with WSS4J library

2013-06-19 Thread Jose María Zaragoza
Hello:

This isn't an error in Tomcat, but it's an error what happens in my web
application by using Apache CXF +  WSS4J.

I'm using Tomcat 6.0.24 and I've found that it's fixed in 7.0.41 ( but not
in 6.03.7 )
But , for bussiness matters, I cannot upgrade from 6.0.24 to 7.x

I would like if somebody can address to me about what I could patch in my
Tomcat 6.x server
to fix some that was solved in 7.x. If more info is needed , I don't any
problem providing it
I pasted the mail what I sent to Apache CXF mail list. Thanks

Q:

I'm using WSS4J with Apache CXF 2.7.3, for signing SOAP messages
So, I'm using WSS4J 1.6.9 and xmlsec 1.5.3

These SOAP messages are sent by my WAR application to a remote webservice

When I redeploy my WAR into Tomcat server *without restart it*  , I always
get the next exception:

Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature:
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:105)
~[wss4j-1.6.9.jar:1.6.9]
 at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
~[wss4j-1.6.9.jar:1.6.9]
 at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
 at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
 at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
 at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
[cxf-api-2.7.3.jar:2.7.3]
 at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
~[cxf-api-2.7.3.jar:2.7.3]
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
~[cxf-api-2.7.3.jar:2.7.3]
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
~[cxf-rt-frontend-simple-2.7.3.jar:2.7.3]
 at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
~[cxf-rt-frontend-jaxws-2.7.3.jar:2.7.3]
 ... 41 common frames omitted
Caused by: org.apache.ws.security.WSSecurityException: Signature creation
failed
 at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:558)
~[wss4j-1.6.9.jar:1.6.9]
 at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:99)
~[wss4j-1.6.9.jar:1.6.9]
 ... 52 common frames omitted
Caused by: java.lang.NullPointerException: null
 at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.marshal(DOMReference.java:297)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.marshal(DOMSignedInfo.java:268)
~[xmlsec-1.5.3.jar:1.5.3]
 at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:216)
~[xmlsec-1.5.3.jar:1.5.3]
 at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:329)
~[xmlsec-1.5.3.jar:1.5.3]
 at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:553)
~[wss4j-1.6.9.jar:1.6.9]
 ... 53 common frames omitted


Any idea ?
I've to restart Tomcat server and all works fine again
Looks like a leak

When fails, if  I enable debug logging level, I don't see the the log
message in DOMReference.java , line 297

if (log.isDebugEnabled())
{
  log.debug(Marshalling Reference);

 }

When I restart Tomcat, this log message is shown

My CXF client configuration is

http-conf:conduit name=https://.*;
  http-conf:tlsClientParameters
   sec:trustManagers
  sec:keyStore type=JKS password=xxx
resource=truststore.jks/
  /sec:trustManagers
  /http-conf:tlsClientParameters
   http-conf:client ConnectionTimeout=5000 ReceiveTimeout=1 /
/http-conf:conduit

jaxws:outInterceptors
 bean class=org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor
  constructor-arg
map
 entry key=action value=Signature/
 entry key=user value=xxx/
entry key=signatureUser value=/
 entry key=passwordCallbackClass
value=com.test.KeystorePasswordCallback/
 entry key=signaturePropFile
value=keystore.properties/
 entry key=signatureKeyIdentifier
value=DirectReference/
 entry key=signatureAlgorithm value=
http://www.w3.org/2000/09/xmldsig#rsa-sha1/
 entry key=sigCanonicalization value=
http://www.w3.org/2001/10/xml-exc-c14n#/
 entry key=signatureDigestAlgorithm value=
http://www.w3.org/2000/09/xmldsig#sha1/
 /map
 /constructor-arg
 /bean
 /jaxws:outInterceptors

/jaxws:client


Re: Tomcat 6.x leak with WSS4J library

2013-06-19 Thread Jose María Zaragoza
Thanks !

You should at least upgrade to 6.0.37. 6.0.24

I agree with you but I can't. Anyway, I tested my webapp in Tomcat 6.0.37
and it throws the same error; it only works in latest Tomcat 7.x

Why is your web application attempting to get a message's signature
during shutdown?

I explained myself  badly . I wanted to say after my webapp  is redeployed
and without any restart, the next requests to my webapp throws that
exception.

I think you have to use a ServletContextListener to properly tear-down
your resources, otherwise they may be torn-down after Tomcat does
things such as nulling-out static field references, which is likely to
be the problem you are encountering, here.

I agree but I have no idea how free resources managed by wss4j library .
I'm not an expert in JVM profiling but I can investigate about it

 That's because the log reference is null.
- -Dorg.apache.catalina.loader.
 WebappClassLoader.ENABLE_CLEAR_REFERENCES=false

Great !
It could be a solution. I hope don't have collateral effects ...


Regards and thank you very much




2013/6/19 Christopher Schultz ch...@christopherschultz.net

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256





maxIdleTime + Tomcat 6.0.23

2013-05-10 Thread Jose María Zaragoza
Hello:


I'm using Tomcat 6.0.23 and I'm looking info about threads created by
Tomcat HTTP Connector for processing requests.

I've seen that

- I cannot define a minSpareThread in Connector , in server.xml . And
default value is 0
I have to create a Executor to be able to define a minSpareThread

am I right ? why ?

- There isn't a property like maxIdleTime in Connector , so idle threads
remain forever
Why isn's there a default value ?

Again , I have to create a Executor to be able to define a maxIdleTime

am I right ? why ?


Thanks and regars


maxWait

2013-04-30 Thread Jose María Zaragoza
Hello:

I'm using Tomcat 6.0.23
I'm using DBCP library to pooling database connections.

When I define a Resource in context.xml
and set  maxWait to 2000 ms ,
sometimes datasource.getConnection() method lasts 15 seconds.

I've to define loginTimeout parameter in JDBC driver to get the effect that
I want  : a timeout retrieving a Connection

What is the meaning of maxWait ? When is triggered this timeout (maxWait) ?


Thanks and regards


validationQuery with Tomcat 7 JDBC Pool

2013-04-29 Thread Jose María Zaragoza
Hello:

I was using validationQuery in Tomcat 6 for JNDI datasources, so to check
connections before borrowing to the caller
And, about documentacion, testOnBorrow parameter is true by default

testOnBorrow - true or false: whether a connection should be validated
using the validation query each time it is borrowed from the pool. Default:
true

http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html

And all works fine


Now , I want to use JDBC Pool with a new web application deployed on that
Tomcat 6.
So, I consider it as an standalone application, and I use
org.apache.tomcat.jdbc.pool.DataSource class ( I use Spring-MyBatis to
configure datasource , injecting it as a  bean)

I've read in Tomcat 7 JDBC pool documentation that testOnBorrow is false by
default in this case
Is it right ? Must I define testOnBorrow = true explicitly ?
It's little bit strange that default values be different either access by
JNDI or bean  instantiation

Should I use org.apache.tomcat.jdbc.pool.DataSourceFactory instead
of org.apache.tomcat.jdbc.pool.DataSource ?
My doubt is if one is better than other in performance terms

Should I use META-INF/context.xml and to use Resource ?

Thanks and regards


Re: Tomcat Jdbc Pool - NumActive vs actual Established Connections

2013-04-17 Thread Jose María Zaragoza
2013/4/16 Kiren Pillay kirenpill...@gmail.com

 Hi All,

 I am using the tomcat-jdpc-pool from within my spring application. I am
 noticing a discrepancy between the numActive/numIdle values that the pool
 reports versus the actual number of established connections to the
 database.

 For example, the pool reports 0 active and 4 idle connections while my
 netstat shows 5 connections established. Is this the correct behaviour?


Hello:

You could run netstat command to show socket TCP status and PID

Regards


Re: Tomcat JDBC Pooling - Connections

2013-04-08 Thread Jose María Zaragoza
Hi:

But I can see that you aren't using Tomcat JDBC pool, but oracle.jdbc.pool.
OracleDataSource , right ?


And I don't know how you set up your datasource to more than 200 maxActive
connections
Indeed, I don't know how you define the size of connection pool


Regards



2013/4/8 Madan KN madan...@gmail.com

 # 99% percent of the time we do have need for 200 active sessions across
 our application cluster. But due to some high spikes we end up with 2000
 sessions which is ending up in the pool with out getting evicted.*

 *
 # I think once the application is out of peak the connections are returned
 in either Round Robin/Random order, which is not making the condition for
 connections inactivity timeout and sweeper is failing to evict those
 connections.
 *
 *
 # How do we set something like LIFO, so that we can control and use only
 required connections during normal operating scenarios  evict which are
 not required.*
 *
 *
 *---
 *Configuration Being Used*
 ---
 Resource name=jdbc/GlobalHotelsDS auth=Container
  type=oracle.jdbc.pool.OracleDataSource
  driverClassName=oracle.jdbc.driver.OracleDriver
  factory=oracle.jdbc.pool.OracleDataSourceFactory
  queryTimeout=50


 _connectionProperties=oracle.jdbc.ReadTimeout=3,oracle.net.CONNECT_TIMEOUT=3
 url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=
 test.dev.com)(PORT=1522))(ADDRESS=(PROTOCOL=TCP)(HOST=test.dev.com
 )(PORT=1522))(LOAD_BALANCE=yes)(CONNECT_DATA=
 (SERVER=DEDICATED)(SERVICE_NAME=test.service.com)))
  user=xx
  password=xxx
  connectionCachingEnabled=true
  connectionCacheName=testPool


 connectionCacheProperties=MaxLimit=20,InitialLimit=10,MaxStatementsLimit=80,InactivityTimeout=1800/


 *Thanks*,
 Madan KN



 On Mon, Apr 8, 2013 at 6:15 PM, Daniel Mikusa dmik...@vmware.com wrote:

  On Apr 8, 2013, at 3:23 AM, Madan KN wrote:
 
   *Hi All,*
  
   Currently we are using tomcat jdbc pooling for oracle 11g R12.
 
  What version of Tomcat are you using?  If you are using the pool directly
  outside of Tomcat, what version of it are you using?
 
   The problem
   we are facing is during the peak traffic (less than %2) of time the
   connections spike up to more than 100 sessions  never comes back to
 the
   normal / desired pool size.
 
  It would be helpful to see your configuration.  Please post it here,
 minus
  comments.
 
   Due to the connections are returned either in
   Round-Robin/Random to the application.
 
  How are you determining this?  Can you provide some background on why you
  think this is causing a problem?
 
  
   Is there a way we can try LIFO so that connections to evict idle /
  unwanted
   pool size beyond certain limit?
 
  Not sure exactly what you mean here.  Is the fairQueue option what you
  are looking for?
 
https://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html
 
  Dan
 
 
  
   *Madan KN*
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 



Re: Tomcat7 - ajax and connection pool : connection closed despite the use of validationQuery and testOnBorrow

2013-04-05 Thread Jose María Zaragoza
Hi Konstantin:

About this link

http://commons.apache.org/proper/commons-dbcp/configuration.html

If you have enabled removeAbandoned then it is possible that a connection
is reclaimed by the pool because it is considered to be abandoned. This
mechanism is triggered when (getNumIdle()  2) and (getNumActive() 
getMaxActive() - 3)

I know that it's about  DBCP , not JDBC Pool in Tomcat 7, but
Do you know if it's the same  mechanism ?
In this case, this mechanism only is useful when pool is about to be
exhausted, right ?


Regards






  Do you have queries that run or are used for more than 5 minutes in a
 single request?
 If so, then your removeAbandonedTimeout is too short and
 removeAbandoned will close them.

 http://commons.apache.org/proper/commons-dbcp/configuration.html

 BTW, your pool size is 8.

 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: Tomcat7 - ajax and connection pool : connection closed despite the use of validationQuery and testOnBorrow

2013-04-05 Thread Jose María Zaragoza
'select 1 from dual' works in Oracle DB

In MySQL, select 1


2013/4/5 Propes, Barry L barry.l.pro...@citi.com

  I could be wrong, but is that validationQuery attribute correct?

 SELECT 1  ? - I have validationQuery=select 1 from dual in mine, and
 my doc states it has to be a valid SQL statement returning at least one row.

 That may not factor in at all, just noticed it. Looked maybe out of kilter.

 -Original Message-
 From: Jean-Claude Haw-King-Chon [mailto:jchaw-king-c...@medifirst.fr]
 Sent: Friday, April 05, 2013 10:38 AM
 To: Tomcat Users List
 Subject: Re: Tomcat7 - ajax and connection pool : connection closed
 despite the use of validationQuery and testOnBorrow

 ..

 My configuration :

 Resource
  name=jdbc/607
  auth=Container
  type=javax.sql.DataSource
  username=x
  password=x
  driverClassName=com.mysql.jdbc.Driver
  url=jdbc:mysql://localhost:3306/X
  removeAbandoned=true
  removeAbandonedTimeout=300
  testOnBorrow=true
  validationQuery=SELECT 1
  logAbandoned=true
 /
 Tomcat 7.0.29
 Linux Fedora Core 12



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: Tomcat7 - ajax and connection pool : connection closed despite the use of validationQuery and testOnBorrow

2013-04-05 Thread Jose María Zaragoza
And that's right . You can define any SQL , but you prefer the easiest (
and fastest )

Indeed , you could use SELECT 1 FROM DUAL in MySQL, but it's not required
by using FROM DUAL
From MySQL doc

DUAL is purely for the convenience of people who require that all SELECT
statements should have FROM and possibly other clauses. MySQL may ignore
the clauses. MySQL does not require FROM DUAL if no tables are referenced.

I think that Oracle requires FROM word in queries ( I think )









2013/4/5 Propes, Barry L barry.l.pro...@citi.com

 Ok, thanks for clarification. I thought it had to be from some faux table
 or object.


 -Original Message-
 From: Jose María Zaragoza [mailto:demablo...@gmail.com]
 Sent: Friday, April 05, 2013 3:44 PM
 To: Tomcat Users List
 Subject: Re: Tomcat7 - ajax and connection pool : connection closed
 despite the use of validationQuery and testOnBorrow

 'select 1 from dual' works in Oracle DB

 In MySQL, select 1


 2013/4/5 Propes, Barry L barry.l.pro...@citi.com

   I could be wrong, but is that validationQuery attribute correct?
 
  SELECT 1  ? - I have validationQuery=select 1 from dual in mine,
  and my doc states it has to be a valid SQL statement returning at least
 one row.
 
  That may not factor in at all, just noticed it. Looked maybe out of
 kilter.
 
  -Original Message-
  From: Jean-Claude Haw-King-Chon [mailto:jchaw-king-c...@medifirst.fr]
  Sent: Friday, April 05, 2013 10:38 AM
  To: Tomcat Users List
  Subject: Re: Tomcat7 - ajax and connection pool : connection closed
  despite the use of validationQuery and testOnBorrow
 
  ..
 
  My configuration :
 
  Resource
   name=jdbc/607
   auth=Container
   type=javax.sql.DataSource
   username=x
   password=x
   driverClassName=com.mysql.jdbc.Driver
   url=jdbc:mysql://localhost:3306/X
   removeAbandoned=true
   removeAbandonedTimeout=300
   testOnBorrow=true
   validationQuery=SELECT 1
   logAbandoned=true
  /
  Tomcat 7.0.29
  Linux Fedora Core 12
 
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Tomcat JDBC connection pool + JMX

2013-03-27 Thread Jose María Zaragoza
Hello:


I'm using tomcat-jdbc as a connection pool in a standalone application.

I would like monitorize this pool by JMX .

How I can do that ?
What is the name of MBean ?


Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat JDBC connection pool + JMX

2013-03-27 Thread Jose María Zaragoza
2013/3/27 Charles Richard charle...@thelearningbar.com:
 Hi,

 There might be better ways but I monitor the c3p0 connection pool using
 jmxterm (my jar jmxterm-1.0-alpha-4-uber.jar).

 For c3p0, the mbean is com.mchange.Pooled...

 Hope this helps a little!


Thanks.
I use cmdline-jmxclient-0.10.3.jar
But I need  to know the path where MBean's Tomcat JDBC connection pool
 is registered to monitorize
Remember is a standalone application

For example, Tomcat's datasource MBean is registered in
Catalina:type=DataSource,path=$paths,host=localhost,class=javax.sql

.DataSource,name=$name

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat JDBC connection pool + JMX

2013-03-27 Thread Jose María Zaragoza
 Here's what I see when I look at a Tomcat server with a tomcat-jdbc 
 connection pool defined.

   
 tomcat.jdbc:name=jndi-path,type=ConnectionPool,class=org.apache.tomcat.jdbc.pool.DataSource

 I think this might also work (although it appears read-only).

   Catalina:type=DataSource,class=javax.sql.DataSource,name=jndi-path



Thanks
But I don't define any JDNI name (  I don't need it )
This is my code ( Spring )

 bean id=dataSource class=org.apache.tomcat.jdbc.pool.DataSource
destroy-method=close
 property name=driverClassName value=${database.driver} /
 property name=url value=${database.url} /
 property name=username value=${database.username} /
 property name=password value=${database.password} /
 property name=maxActive value=${database.maxactive} /
 property name=removeAbandoned 
value=${database.removeabandoned} /
 property name=validationQuery 
value=${database.validationquery} /

/bean

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Multiple JSESSIONID

2013-03-02 Thread Jose María Zaragoza
 The moral of the story is that nested URL spaces is a bad idea where
 sessions are concerned. We easily fixed that problem by moving the
 /-mounted webapp to a unique URL prefix (which wasn't trivial, since
 we had inter-webapp links, etc.) but it solved all of those weird
 problems.

Thanks.
But I've observed that any answer recommends to me to changing JSESSIONID name.
And I don't know why because that is the reason of my problems :  same
cookie name for different contexts

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Multiple JSESSIONID

2013-03-01 Thread Jose María Zaragoza
Thanks for your answers.

I wonder why browsers don't send only one JSESSIONID
If I request an URL as www.mydomain.com/app/myapplication/action.do
and it has got 2 cookies with the same name, one for www.mydomain.com/
and another for www.mydomain.com/app/myapplication/  , IMHO, that a
browser should send the most restrictive

Indeed, I don't know if there is some browser working like that.


Christopher,
if the browser sends a JSESSIONID to Tomcat and this JSESSIONID is not
tracked by the server , does any error happen ?  or is it created a
new session with a new identifier ?

Thanks and regards



2013/2/28 Caldarale, Charles R chuck.caldar...@unisys.com:
 From: Nick Williams [mailto:nicho...@nicholaswilliams.net]
 Subject: Re: Multiple JSESSIONID

  That's interesting. I would recommend a servlet filter that captures
  addCookie and friends to see where that extra one is being added.

 The two JSESSIONIDs immediately above are in the request, so they're added
 by the browser, not the server

 Unless the browser is part of a hacking attack, the JSESSIONID cookies 
 originally came from the server.  The filter would have to be applied to both 
 the ROOT and /app/myapplication contexts, so it might best be placed in 
 conf/web.xml to cover all webapps.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
 MATERIAL and is thus for use only by the intended recipient. If you received 
 this in error, please contact the sender and delete the e-mail and its 
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Multiple JSESSIONID

2013-03-01 Thread Jose María Zaragoza
2013/3/1 Nick Williams nicho...@nicholaswilliams.net:
 APOLOGIES FOR TOP POSTING! (see below, were I correctly inline post this 
 apology)

 On Mar 1, 2013, at 1:58 PM, Nick Williams wrote:

 Browsers send all of the cookies because that's the compliant thing to do. 
 RFC-2109 [1] says:

 If multiple cookies satisfy the criteria above, they are ordered in
 the Cookie header such that those with more specific Path attributes
 precede those with less specific.  Ordering with respect to other
 attributes (e.g., Domain) is unspecified.


 Based on that, assuming Tomcat follows the rules Christopher says it does, 
 you should be okay. The /app/myapplication cookie should always come first, 
 and assuming it is valid Tomcat should always prefer it.

 Nick

 [1] http://www.ietf.org/rfc/rfc2109.txt

 My apologies for top posting! I don't normally do that. Slip of the 
 keyboard...


Thanks Nick
My apologies for top posting, too. I forgot it

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Multiple JSESSIONID

2013-02-28 Thread Jose María Zaragoza
Hello:

We're using Tomcat 6.0.24 as servlet container

This server listens for requests under the URL
www.mydomain.com/app/myaplication/


I've seen in my web browser that it has got 2 JSESSIONID for the same
domain at the same time


JSESSIONID: x
www.mydomain.com
/

and

JSESSIONID: 
www.mydomain.com
/app/myapplication/


Cheking request to my Tomcat server, I see


POST /app/myaplication/action/play.do

Cookie: DWRSESSIONID=F71Wlww0mrwuExOQoE3aLslewQj;
JSESSIONID=x;
JSESSIONID=yy;


How does Tomcat server handle this situation ? I'm talking about
session managing
Does it read the first JSESSIONID ? Does it read every JSESSIONID ?
Can this cause problems ?

I know I can rename JSESSIONID  when it's serve by my Tomcat server,
but I want to be sure that I need to do that

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



[OT] tomcat7-maven-plugin

2013-02-27 Thread Jose María Zaragoza
Hello:

How is it possible that tomcat7-maven-plugin has got a 'deploy' goal
but not 'undeploy' goal ?

Regards


2013/2/27 Olivier Lamy ol...@apache.org:
 2013/2/27 Richard McAleer rmcal...@caris.com:
 Hi,
 We're using tomcat7-maven-plugin 2.1 to build an executable war using the
 standalone-war-only goal.  The maven build still generates the normal war
 file as well as the executable .war created by the plugin.  However, since
 the standalone-war-only goal generates a war that is both executable and
 deployable, we really don't need to generate the normal war file.

 Is there a good way of generating just the executable war's using the
 plugin?  We could probably have maven delete the original .war file and
 rename the executable .war to the normal webapp name, but that doesn't seem
 like the best way of doing it.
 Currently no. As the generated executable war/jar contains this war
 (not an exploded war) so it's mandatory to have it.
 BTW what is your use case ?

 Thanks,
 Richard

 --
 Richard McAleer
 Developer
 Web Development Team

 *CARIS* http://www.caris.com
 115 Waggoners Lane
 Fredericton, New Brunswick
 CanadaE3B 2L4
 Tel: +1.506.458.8533 Fax: +1.506.459.3849
 www.caris.com http://www.caris.com

 *Connect with CARIS*
 Twitter http://www.twitter.com/CARIS_GIS | LinkedIn
 http://www.linkedin.com/groups?mostPopular=gid=3217878 | Facebook
 https://www.facebook.com/pages/CARIS-The-Marine-GIS-Experts/123907500987669?v=app_4949752878
 | Google+
 https://plus.google.com/b/114389770462919844434/114389770462919844434/posts
 | YouTube http://www.youtube.com/user/CARISGIS

 Download your free copy of CARIS Easy View today!
 www.caris.com/easyview http://www.caris.com/easyview

 _
 This email and any files transmitted with it are confidential and intended
 only for the addressee(s). If you are not the intended recipient(s) please
 notify us by email reply. You should not use, disclose, distribute or copy
 this communication if received in error.

 Any views or opinions expressed in this email are solely those of the author
 and do not necessarily represent those of the company. No binding contract
 will result from this email until such time as a written document is signed
 on behalf of the company.




 --
 Olivier Lamy
 Talend: http://coders.talend.com
 http://twitter.com/olamy | http://linkedin.com/in/olamy

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [FWD: Help Debugging 404 errors]

2013-02-14 Thread Jose María Zaragoza
 OK, I double clicked. Can you give me some more details on choosing root
 folder and webapps folder? I see three radio buttons that are all greyed
 out. I don't know how to click on them.
  Use workspace metadata (dones not modify Tomcat installation)
  Use the tomcat installation (takes control of Tomcat installation)
  Use the custom location (does not modify Tomcat installation)


Maybe you have to remove the Tomcat entry from Servers tab.
So, you can :

- check Use the tomcat installation
- set Server path to Tomcat root folder ( by example, C:\tomcat7.0 )
- set Deploy path (  ( by example, C:\tomcat7.0\webapps  )

If you project has got Dynamic Web Module facet ( right mouse button
on project - Properties - Project Facets ) , you can run project on
server clicking right mouse button - Run as )

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [FWD: Help Debugging 404 errors]

2013-02-13 Thread Jose María Zaragoza
 They actually use a pseudo-CATALINA_BASE (I think) and run the server from:

 workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp[n]

 n is the number of your server in your Servers project.

 There is no bin directory, and there's an extra directory called wtpwebapps
 which contains an empty ROOT application.


You can change all this configuration by double-clicking over the
server icon in Servers tab.
And choose root folder and webapps folder

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: 64 Bit Tomcat

2013-01-30 Thread Jose María Zaragoza
2013/1/30 Patrick Flaherty pflah...@rampageinc.com:
 Hello,

 I have an open question about 32 bit vs 64 bit. We are currently deploying
 our app with 32 bit JVM and Tomcat. We are running into memory issues
 as we add more functionality (some via tools in the open source ecosystem).

Depends on what memory issues are you talking about.
For example , we are using Tomcat 6.0.24  JVM ( JDK 7) 64-bit , and
I've got problems with PermGen memory space and redeployments (
althought it's a known problem )
But the normal behaviour is right

Regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Get active session list

2012-11-20 Thread Jose María Zaragoza
Sorry, I'm not following this thread but
Don't you want to use

http://localhost:8080/manager/html/sessions?path=/contextpath

?

You only have to parse this plain HTML webpage
I know that it's not very elegant but 


Regards




2012/11/20 Cosio, Raul jose_raul_co...@merck.com:
 As far as I know there is no way to get the list of active sessions for 
 security reasons, some time ago I wanted to display in my application a list 
 of active sessions, what I did is to implement some listeners, it is tricky 
 but fun once you understand how it works.

 The first listener I implemented was an HttpSessionListener (declared in my 
 web.xml file), the listener has a method sessionCreated() and 
 sessionDestroyed() that I used to update my list of active sessions.

 The tricky part is when the server is restarted, because tomcat serializes 
 the sessions and after a restart there will be active sessions that are 
 created without a sessionCreated() event (which makes sense because they were 
 not destroyed, just serialized). I handle this situation with a 
 SessionActivationListener interface that has a method sessionDidActivate(), 
 usefult to update my list of active sessions.

 The SessionActivationListener is used for any attribute that you add to a 
 session with the setAttribute() method. To make this listener available I 
 just added an object that implements the listener in the 
 HttpSessionListener.sessionCreated() method.

 Regards

 -Original Message-
 From: Felipe Jaekel [mailto:fkjae...@gmail.com]
 Sent: Thursday, October 18, 2012 3:59 PM
 To: Tomcat Users List
 Subject: Re: Get active session list

 Found the following:

 context = (Context) wrapper.getParent();
 host = (Host) context.getParent();



 Context ctx = (Context) host.findChild(name);
 Manager manager = ctx.getManager();
 Session [] sessions = manager.findSessions();


 Had the same doubt I had when I looked at the PSI Probe code some days ago:
 how to handle the wrapper property?


 As a alternative I tried to implement *HttpSessionActivationListener*, but
 the methods aren't called when I restart the server.

 Thanks again for the help,
 Phillip


 2012/10/18 Christopher Schultz ch...@christopherschultz.net

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Felipe,

 On 10/18/12 9:34 AM, Felipe Jaekel wrote:
  I need to get the active session list. Searching about I saw a lot
  of people with the same question, but no answer.
 
  I don't want to write a list inside a HttpSessionListener and keep
  the session list there, because I use session serialization and the
  list inside the listener would be destroyed in case the server is
  restarted.

 You *can* get notification of sessions being de-serialized from the
 disk to maintain your list. Look at the other session-related
 listeners in the servlet API.

 You could also use JMX to get a list of sessions. Use JConsole to
 poke-around in Tomcat's JMX beans and find the one(s) that expose
 sessions. You may have to make your webapp privileged in order to
 make JMX calls.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

 iEYEARECAAYFAlCAEgwACgkQ9CaO5/Lv0PARBACfZ+EG7KJWXt+49sbB1kVsLunF
 A4MAoKv1hM4KBlaAS4a1UaP0ePqfRr3W
 =n3WU
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 Notice:  This e-mail message, together with any attachments, contains
 information of Merck  Co., Inc. (One Merck Drive, Whitehouse Station,
 New Jersey, USA 08889), and/or its affiliates Direct contact information
 for affiliates is available at
 http://www.merck.com/contact/contacts.html) that may be confidential,
 proprietary copyrighted and/or legally privileged. It is intended solely
 for the use of the individual or entity named on this message. If you are
 not the intended recipient, and have received this message in error,
 please notify us immediately by reply e-mail and then delete it from
 your system.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Modify Cache-Control header

2012-11-16 Thread Jose María Zaragoza
Hi:

I'm using Tomcat 6  ( I don't remember the exact release, I hope to be
forgiven by Pid )

I need to modify Cache-Control header in some responses ( forcing them
to not be cached )
What is the best way to do it ?

a) To implement a Valve ( check request context path and if it match
,to modify response header )
b) To implement a filter
c) Others  ( any property in Tomcat's configuration files that I don't know )

Thanks and regards

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Logging of user's login attempts

2012-11-09 Thread Jose María Zaragoza
2012/11/9 Christopher Gross cogr...@gmail.com


  Perhaps
 someone else who has done this can chime in, but I'll keep looking around.
  I think you got me started on the right track.



Well, I'm used to extending  UserDatabaseRealm class and to configure
Tomcat with it, so I can have more control , by example , logging.


Re: handling expired sessions in Tomcat

2012-11-05 Thread Jose María Zaragoza
2012/11/5 Miguel Gonzalez miguel_3_gonza...@yahoo.es:
 Dear all,

   When an user is logged on our system (a Struts app), when the session 
 expires, the user gets a java error report. Is there any way to handle this 
 and either to show a custom jsp page or redirect the user to the login form? 
 I have googled this, but I can't find this info.

If you use Realm to authenticate the users , it's easy by configuration

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat question

2012-10-22 Thread Jose María Zaragoza
2012/10/22 André Warnier a...@ice-sa.com:
 Wiley, Maxie wrote:


 Is it possible to remove an installation of a compiler on a production web
 server(tomcat)?

Jasper?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Get active session list

2012-10-18 Thread Jose María Zaragoza
2012/10/18 Felipe Jaekel fkjae...@gmail.com:
 I need to get the active session list. Searching abou I saw a lot of
 people with the same question, but no answer.


https://code.google.com/p/psi-probe/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 6.0 queries

2012-10-13 Thread Jose María Zaragoza
2012/10/13 vivek aggarwal vicky007aggar...@yahoo.co.in:
 Hello All,

 Can you guys please help in understanding my following concerns/queries :-

 1.  How can we configure the number of threads for managing simultaenous HTTP 
 connection requests coming from Apache. Is there any connection time out value
 we have at the tomcat side which we can configure ?

Well, maybe I'm wrong but I think there isn't HTTP connection
requests, but TCP connection requests.

You can have a look at
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html (Standard
Implementation)
Look at 'maxThreads' ,'connectionTimeout' and 'acceptCount', IMHO


Q2  Q3  I'm not sure how to answer them, sorry

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



  1   2   >