Re: Can't get RemoteIpValve to work

[Leon Rosenberg]

Thanks, yes I think my problem never was with the RemoteIpValve, and the
other project I copied configuration from actually didn't work despite me
thinking it did ;)
kr
Leon

On Wed, Mar 29, 2023 at 6:45 AM Mark Thomas  wrote:

> On 28/03/2023 21:08, Leon Rosenberg wrote:
> > Sorry it took a little longer. Turns out that the actual RemoteIpValve
> > works correctly, but the *Access Log Valve *doesn't. We were
> > primarily looking into the localhost_access*logs, hence the confusion:
> >
> > Headers with RemoteIpValue on:
> > header: host; value: api.myhost.com
> > header: user-agent; value: PostmanRuntime/7.29.2
> > header: accept; value: */*
> > header: postman-token; value: 16abea85-a8de-44d2-8885-c92e0eed7d9f
> > header: accept-encoding; value: gzip, deflate, br
> > header: cookie; value: JSESSIONID=5F8CF7FE92569665C1F1BD08FBEC3F22
> > header: x-forwarded-host; value: api.myhost.com
> > header: x-forwarded-server; value: api.myhost.com
> > header: connection; value: Keep-Alive
> >
> > remote host: 77.178.32.184
> > remote ip: 77.178.32.184
> >
> >
> > Headers with RemoteIpValue off:
> > header: host; value: api.myhost.com
> > header: user-agent; value: PostmanRuntime/7.29.2
> > header: accept; value: */*
> > header: postman-token; value: a3e6b8cc-d2e2-45b7-86d7-2f0d4ce16c96
> > header: accept-encoding; value: gzip, deflate, br
> > header: cookie; value: JSESSIONID=A76B5E16C7566DFFF764C43CF34742ED
> > header: x-forwarded-for; value: 77.178.32.184
> > header: x-forwarded-host; value: api.myhost.com
> > header: x-forwarded-server; value: api.myhost.com
> > header: connection; value: Keep-Alive
> > remote host: 10.138.0.3
> > remote ip: 10.138.0.3
> >
> >
> > however, the AccessLogValue, which is configured as:
> >
> >  directory="logs"
> > prefix="localhost_access_log" suffix=".txt"
> > pattern="%{X-Forwarded-For}i %a %l %u %t "%r"
> %s %b" />
> >
> > Prints the local address as %a. We added %{X-Forwarded-For}i as
> workaround,
> > so it works for now, but I'd expect %a to print the 'real' ip address
> > instead of the local one. Same config works on 8.5 interestingly enough.
>
> I think Konstantin mentioned this earlier in the thread. Look at the
> requestAttributesEnabled attribute for the AccessLogValve
>
> https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Access_Log_Valve
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Can't get RemoteIpValve to work

[Leon Rosenberg]

Sorry it took a little longer. Turns out that the actual RemoteIpValve
works correctly, but the *Access Log Valve *doesn't. We were
primarily looking into the localhost_access*logs, hence the confusion:

Headers with RemoteIpValue on:
header: host; value: api.myhost.com
header: user-agent; value: PostmanRuntime/7.29.2
header: accept; value: */*
header: postman-token; value: 16abea85-a8de-44d2-8885-c92e0eed7d9f
header: accept-encoding; value: gzip, deflate, br
header: cookie; value: JSESSIONID=5F8CF7FE92569665C1F1BD08FBEC3F22
header: x-forwarded-host; value: api.myhost.com
header: x-forwarded-server; value: api.myhost.com
header: connection; value: Keep-Alive

remote host: 77.178.32.184
remote ip: 77.178.32.184


Headers with RemoteIpValue off:
header: host; value: api.myhost.com
header: user-agent; value: PostmanRuntime/7.29.2
header: accept; value: */*
header: postman-token; value: a3e6b8cc-d2e2-45b7-86d7-2f0d4ce16c96
header: accept-encoding; value: gzip, deflate, br
header: cookie; value: JSESSIONID=A76B5E16C7566DFFF764C43CF34742ED
header: x-forwarded-for; value: 77.178.32.184
header: x-forwarded-host; value: api.myhost.com
header: x-forwarded-server; value: api.myhost.com
header: connection; value: Keep-Alive
remote host: 10.138.0.3
remote ip: 10.138.0.3


however, the AccessLogValue, which is configured as:



Prints the local address as %a. We added %{X-Forwarded-For}i as workaround,
so it works for now, but I'd expect %a to print the 'real' ip address
instead of the local one. Same config works on 8.5 interestingly enough.

Anyway, thanks for the help and sorry for the confusion.

kr
Leon


On Fri, Mar 24, 2023 at 7:54 PM Mark Thomas  wrote:

> And if you dump out the headers and the value of
> ServletRequest.getRemoteAddr() with (and without for completeness) the
> RemoteIpValve ?
>
> Mark
>
>
> On 24/03/2023 14:09, Leon Rosenberg wrote:
> > Full log output (dumping out headers, without the valve):
> >
> > 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO
> > n.a.c.extapi.ping.PingResource:38 - key: host; value: api.myhost.net
> > 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO
> > n.a.c.extapi.ping.PingResource:38 - key: user-agent; value: Wget/1.21.3
> > 6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO
> > n.a.c.extapi.ping.PingResource:38 - key: accept; value: */*
> > 6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO
> > n.a.c.extapi.ping.PingResource:38 - key: accept-encoding; value: identity
> > 6049755 2023-03-24 14:07:59,752 [http-apr-8080-exec-13] INFO
> > n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-for; value:
> > 217.110.113.178
> > 6049756 2023-03-24 14:07:59,753 [http-apr-8080-exec-13] INFO
> > n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-host; value:
> > api.myhost.net
> > 6049757 2023-03-24 14:07:59,754 [http-apr-8080-exec-13] INFO
> > n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-server; value:
> > api.myhost.net
> > 6049758 2023-03-24 14:07:59,755 [http-apr-8080-exec-13] INFO
> > n.a.c.extapi.ping.PingResource:38 - key: connection; value: Keep-Alive
> >
> >
> > 217.110.113.178 is my ip, so the value is correct.
> >
> > On Fri, Mar 24, 2023 at 3:07 PM Leon Rosenberg  >
> > wrote:
> >
> >> yeah, interestingly enough removing ipvalve and adding access log magic,
> >> puts the X-Forwarded-For in the localhost_access.log ... but strange
> >> nevertheless.
> >>
> >> On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas  wrote:
> >>
> >>> Maybe try commenting out the RemoteIpValve in Tomcat and retest so you
> >>> can see exactly what headers Tomcat is seeing. Alternatively, since
> this
> >>> is over http, Wireshark or similar could help.
> >>>
> >>> Mark
> >>>
> >>>
> >>> On 24/03/2023 10:29, Leon Rosenberg wrote:
> >>>> Hi,
> >>>>
> >>>> we have following setup
> >>>> apache 2.4 on a ubuntu host, in front of docker-container with tomcat9
> >>> (on
> >>>> same host).
> >>>> Connection is via apache mod_http/proxy.
> >>>>
> >>>> Internal IP of the host is 10.138.0.3 (where httpd and docker are
> >>> running).
> >>>> In localhost_access log we see always 10.138.0.3 address. If going
> >>> through
> >>>> port 8080 directly, without httpd, we see the correct IP-Address.
> >>>>
> >>>> We have added RemoteIpValve to server xml.
> >>>>  >>>>   remoteIpHeader="X-Forwarded-For"
> >>>>

Re: Can't get RemoteIpValve to work

[Leon Rosenberg]

Full log output (dumping out headers, without the valve):

6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO
n.a.c.extapi.ping.PingResource:38 - key: host; value: api.myhost.net
6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO
n.a.c.extapi.ping.PingResource:38 - key: user-agent; value: Wget/1.21.3
6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO
n.a.c.extapi.ping.PingResource:38 - key: accept; value: */*
6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO
n.a.c.extapi.ping.PingResource:38 - key: accept-encoding; value: identity
6049755 2023-03-24 14:07:59,752 [http-apr-8080-exec-13] INFO
n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-for; value:
217.110.113.178
6049756 2023-03-24 14:07:59,753 [http-apr-8080-exec-13] INFO
n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-host; value:
api.myhost.net
6049757 2023-03-24 14:07:59,754 [http-apr-8080-exec-13] INFO
n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-server; value:
api.myhost.net
6049758 2023-03-24 14:07:59,755 [http-apr-8080-exec-13] INFO
n.a.c.extapi.ping.PingResource:38 - key: connection; value: Keep-Alive


217.110.113.178 is my ip, so the value is correct.

On Fri, Mar 24, 2023 at 3:07 PM Leon Rosenberg 
wrote:

> yeah, interestingly enough removing ipvalve and adding access log magic,
> puts the X-Forwarded-For in the localhost_access.log ... but strange
> nevertheless.
>
> On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas  wrote:
>
>> Maybe try commenting out the RemoteIpValve in Tomcat and retest so you
>> can see exactly what headers Tomcat is seeing. Alternatively, since this
>> is over http, Wireshark or similar could help.
>>
>> Mark
>>
>>
>> On 24/03/2023 10:29, Leon Rosenberg wrote:
>> > Hi,
>> >
>> > we have following setup
>> > apache 2.4 on a ubuntu host, in front of docker-container with tomcat9
>> (on
>> > same host).
>> > Connection is via apache mod_http/proxy.
>> >
>> > Internal IP of the host is 10.138.0.3 (where httpd and docker are
>> running).
>> > In localhost_access log we see always 10.138.0.3 address. If going
>> through
>> > port 8080 directly, without httpd, we see the correct IP-Address.
>> >
>> > We have added RemoteIpValve to server xml.
>> > > >  remoteIpHeader="X-Forwarded-For"
>> >  protocolHeader="X-Forwarded-Proto"
>> >  internalProxies="10\.138\.0\.3"/>
>> >
>> > http config also has ProxyAddHeaders on, also I understand that to be
>> > default anyway:
>> >ProxyPass / http://10.138.0.3:8080/
>> >ProxyPassReverse / http://10.138.0.3:8080/
>> >ProxyErrorOverride Off
>> >ProxyAddHeaders On
>> >
>> >  Require all granted
>> > ProxyAddHeaders On
>> >
>> >
>> > When we print out all headers in a request, the X-Forwarded-For is
>> missing,
>> > so obviously tomcat does something with it, but doesn't trust the
>> httpd? So
>> > probably the line internalProxies="10\.138\.0\.3" is wrong, bug I can't
>> get
>> > my head around it.
>> >
>> > any help would be highly appreciated
>> > kr
>> > Leon
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

Re: Can't get RemoteIpValve to work

[Leon Rosenberg]

yeah, interestingly enough removing ipvalve and adding access log magic,
puts the X-Forwarded-For in the localhost_access.log ... but strange
nevertheless.

On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas  wrote:

> Maybe try commenting out the RemoteIpValve in Tomcat and retest so you
> can see exactly what headers Tomcat is seeing. Alternatively, since this
> is over http, Wireshark or similar could help.
>
> Mark
>
>
> On 24/03/2023 10:29, Leon Rosenberg wrote:
> > Hi,
> >
> > we have following setup
> > apache 2.4 on a ubuntu host, in front of docker-container with tomcat9
> (on
> > same host).
> > Connection is via apache mod_http/proxy.
> >
> > Internal IP of the host is 10.138.0.3 (where httpd and docker are
> running).
> > In localhost_access log we see always 10.138.0.3 address. If going
> through
> > port 8080 directly, without httpd, we see the correct IP-Address.
> >
> > We have added RemoteIpValve to server xml.
> >  >  remoteIpHeader="X-Forwarded-For"
> >  protocolHeader="X-Forwarded-Proto"
> >  internalProxies="10\.138\.0\.3"/>
> >
> > http config also has ProxyAddHeaders on, also I understand that to be
> > default anyway:
> >ProxyPass / http://10.138.0.3:8080/
> >ProxyPassReverse / http://10.138.0.3:8080/
> >ProxyErrorOverride Off
> >ProxyAddHeaders On
> >
> >  Require all granted
> > ProxyAddHeaders On
> >
> >
> > When we print out all headers in a request, the X-Forwarded-For is
> missing,
> > so obviously tomcat does something with it, but doesn't trust the httpd?
> So
> > probably the line internalProxies="10\.138\.0\.3" is wrong, bug I can't
> get
> > my head around it.
> >
> > any help would be highly appreciated
> > kr
> > Leon
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Can't get RemoteIpValve to work

[Leon Rosenberg]

Hi Konstantin,

Server version: Apache Tomcat/9.0.64
Server built:   Jun 2 2022 19:08:46 UTC
Server number:  9.0.64.0
OS Name:Linux
OS Version: 5.4.0-1092-gcp
Architecture:   amd64
JVM Version:1.8.0_332-b09
JVM Vendor: Temurin

kr
Leon



On Fri, Mar 24, 2023 at 1:17 PM Konstantin Kolinko 
wrote:

> пт, 24 мар. 2023 г. в 13:30, Leon Rosenberg :
> >
> > Hi,
> >
> > we have following setup
> > apache 2.4 on a ubuntu host, in front of docker-container with tomcat9
> (on
> > same host).
> > Connection is via apache mod_http/proxy.
> >
> > Internal IP of the host is 10.138.0.3 (where httpd and docker are
> running).
> > In localhost_access log we see always 10.138.0.3 address.
>
> Your version of Tomcat = ?
>
> If access log is all that you care about, you should note that the default
> value
> of requestAttributesEnabled attribute of AccessLogValve is false.
>
>
> https://tomcat.apache.org/tomcat-10.1-doc/config/valve.html#Access_Log_Valve
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Can't get RemoteIpValve to work

[Leon Rosenberg]

Hi,

we have following setup
apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 (on
same host).
Connection is via apache mod_http/proxy.

Internal IP of the host is 10.138.0.3 (where httpd and docker are running).
In localhost_access log we see always 10.138.0.3 address. If going through
port 8080 directly, without httpd, we see the correct IP-Address.

We have added RemoteIpValve to server xml.


http config also has ProxyAddHeaders on, also I understand that to be
default anyway:
  ProxyPass / http://10.138.0.3:8080/
  ProxyPassReverse / http://10.138.0.3:8080/
  ProxyErrorOverride Off
  ProxyAddHeaders On
  
Require all granted
ProxyAddHeaders On
  

When we print out all headers in a request, the X-Forwarded-For is missing,
so obviously tomcat does something with it, but doesn't trust the httpd? So
probably the line internalProxies="10\.138\.0\.3" is wrong, bug I can't get
my head around it.

any help would be highly appreciated
kr
Leon

Re: Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration

[Leon Rosenberg]

and to add a quick note to that, the log-output when I am using
trustedProxies is "skip" for nearly everything:

15-Jun-2021 00:22:09.543 FINE [ajp-nio-8013-exec-23]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request
/api/v1/loginpixel/B:0BB57BE90B9C750FE773604354BF6E4D1920EF76D5500AE8673BD599D668983223A8666226FED1087E61D0E99A19F6EBEB8E64DB0BEE6BC3A5F20DCDC06FE4C27EFEE1B535C49367BCFB034E176AF8E40EE0A43F54C1D0D4DEFAAE38C9C2426DD6E585F2A7548076C577D291011712E3BDEEE4D8DCBAE7D5B7A144B0B06011E9
with originalRemoteAddr '198.41.242.13'
15-Jun-2021 00:22:09.544 FINE [ajp-nio-8013-exec-7]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /photos/b/EA01F2D2BB616202A4F4A55E650D684D/300/ with
originalRemoteAddr '198.41.242.13'
15-Jun-2021 00:22:09.544 FINE [ajp-nio-8013-exec-9]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /photos/d/1390B1ED751C81B39B21785D818F4570/300/ with
originalRemoteAddr '198.41.242.13'
15-Jun-2021 00:22:09.544 FINE [ajp-nio-8013-exec-18]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /static-int/js/extRegUpdatePassword.js with originalRemoteAddr
'198.41.242.13'
15-Jun-2021 00:22:09.547 FINE [ajp-nio-8013-exec-15]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /static-int/js/websocket/websocket.js with originalRemoteAddr
'198.41.242.49'
15-Jun-2021 00:22:09.544 FINE [ajp-nio-8013-exec-16]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /photos/d/531BD3EA43EC8662E9BA9967689AEEBC/300/ with
originalRemoteAddr '198.41.242.13'
15-Jun-2021 00:22:09.548 FINE [ajp-nio-8013-exec-12]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /static-int/img/avatars/no_avatar_woman_1_lg.png with
originalRemoteAddr '198.41.242.73'
15-Jun-2021 00:22:09.549 FINE [ajp-nio-8013-exec-6]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /static-int/img/avatars/no_avatar_woman_4_lg.png with
originalRemoteAddr '198.41.242.119'
15-Jun-2021 00:22:09.640 FINE [ajp-nio-8013-exec-24]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /static-int/img/avatars/no_avatar_woman_5_lg.png with
originalRemoteAddr '198.41.242.153'
15-Jun-2021 00:22:09.651 FINE [ajp-nio-8013-exec-3]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /static-ext/firebase/firebase-messaging.js.map with
originalRemoteAddr '198.41.242.13'
15-Jun-2021 00:22:09.666 FINE [ajp-nio-8013-exec-8]
org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for
request /static-ext/firebase/firebase-app.js.map with originalRemoteAddr
'198.41.242.13'

On Tue, Jun 15, 2021 at 12:19 AM Leon Rosenberg 
wrote:

> ok, quick update: it didn't work with 198\.41\..* or .* at first, but it
> worked after I changed attribute name from trustedProxies to
> internalProxies.
> kr
> Leon
>
> On Mon, Jun 14, 2021 at 11:52 PM Leon Rosenberg 
> wrote:
>
>>
>>
>> On Mon, Jun 14, 2021 at 10:57 PM Christopher Schultz <
>> ch...@christopherschultz.net> wrote:
>>
>>> Leon,
>>>
>>> On 6/14/21 16:26, Leon Rosenberg wrote:
>>> > Thanks for the response Mark,
>>> >
>>> > quick question, do I have to add all cloudflare ips? They kindof
>>> > distributed along the world... Can I mark the thrustworthlyness by a
>>> header
>>> > instead?
>>> > kr
>>> > Leon
>>> >
>>> > On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas  wrote:
>>> >
>>> >> On 14/06/2021 17:01, Leon Rosenberg wrote:
>>> >>> hi,
>>> >>> I have a tomcat 8.5.15 behind an apache behind cloudflare. I am
>>> trying to
>>> >>> "see" the user's ip in my logs. When I print out the headers I see
>>> that I
>>> >>> have headers in the request
>>> >>> CF-Connecting-IP
>>> >>> and
>>> >>> X-Forwarded-For
>>> >>> with real user's up, say 93.72.251.122. But when I make a request to
>>> >>> request.getRemoteAddr() it returns 162.158.103.188 which is
>>> cloudflare's
>>> >>> ip address, not the real one.
>>> >>> I added to the server.xml the remoteipvalue in different
>>> configuration
>>> >> und
>>> >>> "Host", i.e.:
>>> >>>>> >>> remoteIpHeader="x-forwarded-for"
>>> >>> protocolHeader="x-forwarded-proto"
>>> >>

Re: Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration

[Leon Rosenberg]

ok, quick update: it didn't work with 198\.41\..* or .* at first, but it
worked after I changed attribute name from trustedProxies to
internalProxies.
kr
Leon

On Mon, Jun 14, 2021 at 11:52 PM Leon Rosenberg 
wrote:

>
>
> On Mon, Jun 14, 2021 at 10:57 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Leon,
>>
>> On 6/14/21 16:26, Leon Rosenberg wrote:
>> > Thanks for the response Mark,
>> >
>> > quick question, do I have to add all cloudflare ips? They kindof
>> > distributed along the world... Can I mark the thrustworthlyness by a
>> header
>> > instead?
>> > kr
>> > Leon
>> >
>> > On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas  wrote:
>> >
>> >> On 14/06/2021 17:01, Leon Rosenberg wrote:
>> >>> hi,
>> >>> I have a tomcat 8.5.15 behind an apache behind cloudflare. I am
>> trying to
>> >>> "see" the user's ip in my logs. When I print out the headers I see
>> that I
>> >>> have headers in the request
>> >>> CF-Connecting-IP
>> >>> and
>> >>> X-Forwarded-For
>> >>> with real user's up, say 93.72.251.122. But when I make a request to
>> >>> request.getRemoteAddr() it returns 162.158.103.188 which is
>> cloudflare's
>> >>> ip address, not the real one.
>> >>> I added to the server.xml the remoteipvalue in different configuration
>> >> und
>> >>> "Host", i.e.:
>> >>>> >>> remoteIpHeader="x-forwarded-for"
>> >>> protocolHeader="x-forwarded-proto"
>> >>> />
>> >>>
>> >>>> >>> remoteIpHeader="X-Forwarded-For"
>> >>> protocolHeader="X-Forwarded-Proto"
>> >>> />
>> >>>
>> >>> or assuming for defaults:
>> >>>> >>> />
>> >>>
>> >>> or even:
>> >>>> >>> remoteIpHeader="CF-Connecting-IP"
>> >>> />
>> >>>
>> >>> but none of them give me the getRemoteAddr properly. Is there a trick
>> to
>> >>> this configuration?
>> >>
>> >> You need to tell Tomcat that 162.158.103.188 is trusted. Setting
>> >> trustedProxies="162\.158.103\.188" should do the trick.
>> >>
>> >> There is debug logging in that Valve so you can set
>> >>
>> >> org.apache.catalina.valves.RemoteIpValve.level=FINE
>> >>
>> >> in $CATALINA_BASE/conf/logging.properties to get debug logging which
>> >> should help you see what is going on.
>> >>
>> >> Mark
>>
>> trustedProxies=".*" ??
>>
>>
> Hi Chris,
>
>
>> What happens if someone connects to your origin server directly? Would
>> you trust an X-Forwarded-For header from them?
>>
>
> That's an excellent question, Chris! I don't know the answer yet, the only
> thing we need the ip for is to have something in case of payment-fraud, and
> since you can't get any physical goods on this site I guess it would be ok
> to trust it.
> kr
> leon
>
>
>>
>> -chris
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

Re: Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration

[Leon Rosenberg]

On Mon, Jun 14, 2021 at 10:57 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Leon,
>
> On 6/14/21 16:26, Leon Rosenberg wrote:
> > Thanks for the response Mark,
> >
> > quick question, do I have to add all cloudflare ips? They kindof
> > distributed along the world... Can I mark the thrustworthlyness by a
> header
> > instead?
> > kr
> > Leon
> >
> > On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas  wrote:
> >
> >> On 14/06/2021 17:01, Leon Rosenberg wrote:
> >>> hi,
> >>> I have a tomcat 8.5.15 behind an apache behind cloudflare. I am trying
> to
> >>> "see" the user's ip in my logs. When I print out the headers I see
> that I
> >>> have headers in the request
> >>> CF-Connecting-IP
> >>> and
> >>> X-Forwarded-For
> >>> with real user's up, say 93.72.251.122. But when I make a request to
> >>> request.getRemoteAddr() it returns 162.158.103.188 which is
> cloudflare's
> >>> ip address, not the real one.
> >>> I added to the server.xml the remoteipvalue in different configuration
> >> und
> >>> "Host", i.e.:
> >>> >>> remoteIpHeader="x-forwarded-for"
> >>> protocolHeader="x-forwarded-proto"
> >>> />
> >>>
> >>> >>> remoteIpHeader="X-Forwarded-For"
> >>> protocolHeader="X-Forwarded-Proto"
> >>> />
> >>>
> >>> or assuming for defaults:
> >>> >>> />
> >>>
> >>> or even:
> >>> >>> remoteIpHeader="CF-Connecting-IP"
> >>> />
> >>>
> >>> but none of them give me the getRemoteAddr properly. Is there a trick
> to
> >>> this configuration?
> >>
> >> You need to tell Tomcat that 162.158.103.188 is trusted. Setting
> >> trustedProxies="162\.158.103\.188" should do the trick.
> >>
> >> There is debug logging in that Valve so you can set
> >>
> >> org.apache.catalina.valves.RemoteIpValve.level=FINE
> >>
> >> in $CATALINA_BASE/conf/logging.properties to get debug logging which
> >> should help you see what is going on.
> >>
> >> Mark
>
> trustedProxies=".*" ??
>
>
Hi Chris,


> What happens if someone connects to your origin server directly? Would
> you trust an X-Forwarded-For header from them?
>

That's an excellent question, Chris! I don't know the answer yet, the only
thing we need the ip for is to have something in case of payment-fraud, and
since you can't get any physical goods on this site I guess it would be ok
to trust it.
kr
leon


>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration

[Leon Rosenberg]

Thanks for the response Mark,

quick question, do I have to add all cloudflare ips? They kindof
distributed along the world... Can I mark the thrustworthlyness by a header
instead?
kr
Leon

On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas  wrote:

> On 14/06/2021 17:01, Leon Rosenberg wrote:
> > hi,
> > I have a tomcat 8.5.15 behind an apache behind cloudflare. I am trying to
> > "see" the user's ip in my logs. When I print out the headers I see that I
> > have headers in the request
> > CF-Connecting-IP
> > and
> > X-Forwarded-For
> > with real user's up, say 93.72.251.122. But when I make a request to
> > request.getRemoteAddr() it returns 162.158.103.188 which is cloudflare's
> > ip address, not the real one.
> > I added to the server.xml the remoteipvalue in different configuration
> und
> > "Host", i.e.:
> >> remoteIpHeader="x-forwarded-for"
> > protocolHeader="x-forwarded-proto"
> > />
> >
> >> remoteIpHeader="X-Forwarded-For"
> > protocolHeader="X-Forwarded-Proto"
> > />
> >
> > or assuming for defaults:
> >> />
> >
> > or even:
> >> remoteIpHeader="CF-Connecting-IP"
> > />
> >
> > but none of them give me the getRemoteAddr properly. Is there a trick to
> > this configuration?
>
> You need to tell Tomcat that 162.158.103.188 is trusted. Setting
> trustedProxies="162\.158.103\.188" should do the trick.
>
> There is debug logging in that Valve so you can set
>
> org.apache.catalina.valves.RemoteIpValve.level=FINE
>
> in $CATALINA_BASE/conf/logging.properties to get debug logging which
> should help you see what is going on.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration

[Leon Rosenberg]

hi,
I have a tomcat 8.5.15 behind an apache behind cloudflare. I am trying to
"see" the user's ip in my logs. When I print out the headers I see that I
have headers in the request
CF-Connecting-IP
and
X-Forwarded-For
with real user's up, say 93.72.251.122. But when I make a request to
request.getRemoteAddr() it returns 162.158.103.188 which is cloudflare's
ip address, not the real one.
I added to the server.xml the remoteipvalue in different configuration und
"Host", i.e.:
 

 

or assuming for defaults:
 

or even:
 

but none of them give me the getRemoteAddr properly. Is there a trick to
this configuration?

kr
Leon

Re: Tomcat Bandwidth Utilization Tool

[Leon Rosenberg]

MoSKito (http://www.moskito.org) does visualize the stats
from GlobalRequestProcessor:
http://burgershop-hamburg.demo.moskito.org/burgershop/moskito-inspect/mskShowProducer?pProducerId=GlobalRequestProcessor

You can see the bytes sent/received from every connector.

regards
Leon

On Fri, Aug 30, 2019 at 2:36 AM Michael Duffy  wrote:

> There is a " Bytes received: 0.00 MB Bytes sent: 12.03 MB" in the Tomcat
> Manager; however, the received count does not change and the sent count
> seems low.
>
> On Thu, Aug 29, 2019 at 7:09 PM Michael Duffy  wrote:
>
> > Is there a simple tool that will show bandwidth utilization to and from
> > the Tomcat server?
> >
> > I am looking for something that will provide an exact byte count of the
> > TCP/IP packets.
> >
> > I would have thought this would be an easy find; however, after hours of
> > Googling around I have not yet been successful.
> >
> > There are some options here:
> > https://www.comparitech.com/net-admin/free-bandwidth-monitoring-tools/
> ,but
> > none of them specifically mention integration with Tomcat.
> >
> > At the application level, if I just measure the byte flow into and out of
> > my application, I will miss the bytes in the TCP/IP headers.
> >
> > Any suggestions would be greatly appreciated.
> >
> > Thx.
> >
> > Mike
> >
> >
> >
>

Re: [OT] Question about the longevity of Java ..

[Leon Rosenberg]

Hi John,

personally I do not believe that this will ever happen, but for the sake of
an argument lets assume someone finally builds the skynet and assigns to it
the task to calculate PI with most precision. The skynet then takes over
and diverts all resources in the universe to PI calculation (killing or
enslaving all humans in the process) and calculates happily forever.
In such a case it will most definitely come up with another means of
communication as http, which is outdated even by human standards.
This new communication protocol will be implemented by something, which can
be called TomCat by coincidence, but will more likely be called something
0x234abe456d.
So no, there is no place for tomcat in the future ai.

As for your second question, tomcat to java is nothing close to what java
is to C. Tomcat is one of trillions of programs written with the language,
albeit a very useful and successful one. If you want something to be to
java as java to c, that would be scala (or something new yet to arise).

regards
Leon


On Mon, Mar 25, 2019 at 9:25 AM John Dale  wrote:

> Greetings;
>
> Generally speaking, how would folks feel about an AI taking over
> programming roles (and eventually requirements authoring)?
>
> My deepest curiosity may be this - at some point in the future, will
> AI use Tomcat as we do now, and does Tomcat get embedded deeply into
> some AI subsystem as a wholly complete heuristic collection (note
> lower case collection)?
>
> Or, does the low-level hardware finally climb its way up to Java, the
> most expressive programming language known to mankind, and relegate
> .NET, PHP, etc to their proper statio in life?
>
> Additionally, as such, in the future, when you buy your new computer
> from Wal Mart, it is a matter of deciding which Java/Tomcat flavor you
> want to have; I game, I porn, I database, I quilt, I skype, I like
> turtles?
>
> Second to lastly, is Tomcat to Java as is Java to C?  Will C
> eventually harden to static state and service Java like a good wife?
> Like .. a really good wife?
>
> I think these issues presently concern users of Java.
>
> Note: I have a B.A. in Philosophy with a Computer Science Minor, an MS
> MIS with Concentration in Entrepreneurship.
>
> Lastly, if you are immune to contextually relevant humor, perhaps you
> should reconsider that US H1B.
>
> Sincerely,
>
> John Dale, MS MIS/Entrepreneurship
>
> PS: Have a great week everyone.  Think hard this week (that's what she
> said).
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Number of tomcat downloads

[Leon Rosenberg]

A little background on the original question: we have some legal issues
with a client, among other things, he claims that our code isn't documented
well, because he run checkstyle on it, and it showed 6000 errors. My
argumentation was that default checkstyle settings aren't telling anything
about code quality (unless agreed upon upfront). I run checkstyle with
default settings on tomcat code base and it showed 85.412 errors using sun
code checks (yes, those from 1996). Most of them are like:

 
AbstractFramedStreamSourceChannel
this line produces multiple warnings, for example ',' not followed by a
whitespace and such.

if(attachments == null) - if not followed by a whitespace etc.

Hence if such a mature product like tomcat (with 10.000.000 installations)
contains 85412 errors and is considered well documented, he is using the
wrong tool for the task.

regards
Leon


On Tue, Feb 5, 2019 at 11:25 AM Leon Rosenberg 
wrote:

> Thank you very much Igal, Marc and Emmanuel.
>
> regards
> Leon
>
> On Tue, Feb 5, 2019 at 11:23 AM Emmanuel Bourg  wrote:
>
>> Le 05/02/2019 à 00:48, Leon Rosenberg a écrit :
>>
>> > I vaguely remember Marc naming some figures for number of tomcat
>> downloads
>> > sofar, but I couldn't find anything in the state of the cat slides.
>> > I checked on the website, but all I found was this:
>> >
>> > " Tomcat has been downloaded more than 10 million times: assuming even
>> a 1%
>> > production adoption rate results in more than 10 installations. "
>> > But this is from 2014 and I assume there should be a better number by
>> now.
>> >
>> > Anyone? Asking for a friend ;-)
>>
>> Some numbers, from Debian:
>>
>>
>> https://qa.debian.org/popcon-graph.php?packages=tomcat9+tomcat8+tomcat7+tomcat6&show_installed=on&want_legend=on&want_ticks=on&from_date=&to_date=&hlght_date=&date_fmt=%25Y-%25m&beenhere=1
>>
>> around 2400 installations reported by popcon, rather stable over the
>> years.
>>
>> From Ubuntu:
>>
>>   https://popcon.ubuntu.com/by_inst
>>
>>   tomcat6   15785
>>   tomcat72122
>>   tomcat8 117
>>
>> And from Netcraft:
>>
>>
>> https://news.netcraft.com/archives/2018/12/17/december-2018-web-server-survey.html
>>
>> Netcraft reported ~60 domains served by Tomcat.
>>
>> Emmanuel Bourg
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

Re: Number of tomcat downloads

[Leon Rosenberg]

Thank you very much Igal, Marc and Emmanuel.

regards
Leon

On Tue, Feb 5, 2019 at 11:23 AM Emmanuel Bourg  wrote:

> Le 05/02/2019 à 00:48, Leon Rosenberg a écrit :
>
> > I vaguely remember Marc naming some figures for number of tomcat
> downloads
> > sofar, but I couldn't find anything in the state of the cat slides.
> > I checked on the website, but all I found was this:
> >
> > " Tomcat has been downloaded more than 10 million times: assuming even a
> 1%
> > production adoption rate results in more than 10 installations. "
> > But this is from 2014 and I assume there should be a better number by
> now.
> >
> > Anyone? Asking for a friend ;-)
>
> Some numbers, from Debian:
>
>
> https://qa.debian.org/popcon-graph.php?packages=tomcat9+tomcat8+tomcat7+tomcat6&show_installed=on&want_legend=on&want_ticks=on&from_date=&to_date=&hlght_date=&date_fmt=%25Y-%25m&beenhere=1
>
> around 2400 installations reported by popcon, rather stable over the years.
>
> From Ubuntu:
>
>   https://popcon.ubuntu.com/by_inst
>
>   tomcat6   15785
>   tomcat72122
>   tomcat8 117
>
> And from Netcraft:
>
>
> https://news.netcraft.com/archives/2018/12/17/december-2018-web-server-survey.html
>
> Netcraft reported ~60 domains served by Tomcat.
>
> Emmanuel Bourg
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Number of tomcat downloads

[Leon Rosenberg]

Hi,

I vaguely remember Marc naming some figures for number of tomcat downloads
sofar, but I couldn't find anything in the state of the cat slides.
I checked on the website, but all I found was this:

" Tomcat has been downloaded more than 10 million times: assuming even a 1%
production adoption rate results in more than 10 installations. "
But this is from 2014 and I assume there should be a better number by now.

Anyone? Asking for a friend ;-)

regards
Leon

[OT] Happy New Year

[Leon Rosenberg]

I wish a happy and sound new year to all of the tomcat family!
See, Hear and Read all of you next year!

Leon

Re: insufficient memory for the Java Runtime Environment to continue

[Leon Rosenberg]

You should provide at least Java version.
Out of the blue you should have at least 2Gb for the OS, so if your server
is having 16 Gb, your Xmx and MaxPermSize shouldn't be more then 14 G
TOGETHER. Of course this only applies to versions of java below 1.8,
because there is no permspace in modern jvms anymore (called metaspace now)
and in this case this setting doesn't do anything. Still, you should reduce
Xmx to 13 or less.
Leon

On Sat, Dec 22, 2018 at 1:35 PM Dhaval Jaiswal 
wrote:

> I am facing issue of crashing JAVA process and log files attached for the
> same.
>
> Server total RAM is 16 GB.
>
> catalina.sh having following setting.
> export JAVA_MEM_OPTS="-Xms1g -Xmx15g -XX:MaxPermSize=1536m"
>
> Can some one help where could be the problem? Which threads are consuming
> memory. How can i get rid out of this issue.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Compression for Resources served through DefaultServlet

[Leon Rosenberg]

On Mon, Nov 26, 2018 at 10:27 PM Mark Thomas  wrote:

> On 26/11/2018 21:19, Leon Rosenberg wrote:
> > Good time of the day,
> >
> > I am debugging bad page insights reported by google for a mobile versus
> > desktop version of our site and I'm seeing that the static resources,
> > served by the DefaultServlet (aka files) aren't compressed, versus to
> > dynamic resources served by a servlet.
> > Tomcat version in question 8.5.15 and 8.5.31 (tested on both)
>
> http://tomcat.apache.org/tomcat-8.5-doc/config/http.html
>
> Search for sendfile.
>
> ?
>

I thought sendfile is NIO only, this was probably the mistake.

Thank you.
Leon


>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Compression for Resources served through DefaultServlet

[Leon Rosenberg]

Good time of the day,

I am debugging bad page insights reported by google for a mobile versus
desktop version of our site and I'm seeing that the static resources,
served by the DefaultServlet (aka files) aren't compressed, versus to
dynamic resources served by a servlet.
Tomcat version in question 8.5.15 and 8.5.31 (tested on both)

Connector setting:

There is a loadbalancer in front of the connector, but its transparent,
doesn't change anything.

Now when I request a resource like this:
https://www.mysite.com/rd/V-2.0.0-SNAPSHOT_2018-11-22T13:39:22,000/static-ext/bootstrap.css
(where rd is mapping to a servlet) the result is shown in inspect tab of
chrome as 18.K (obviously compressed) and the response headers indicate
that the file is gziped:

HTTP/1.1 200 Last-Modified: Tue, 31 Jul 02018 11:42:50 GMT Expires: Tue, 26
Nov 02019 21:15:04 GMT Content-Type: text/css Transfer-Encoding: chunked
Content-Encoding: gzip Vary: Accept-Encoding Date: Mon, 26 Nov 2018
21:15:04 GMT

If I make a request to a static file the file is not gziped:
https://www.mysite.com/static-ext/css/bootstrap.css
HTTP/1.1 200 Accept-Ranges: bytes ETag: W/"131194-1539850288000"
Last-Modified: Thu, 18 Oct 2018 08:11:28 GMT Content-Type: text/css
Content-Length: 131194 Date: Mon, 26 Nov 2018 20:53:37 GMT


Are there any specific settings to the default servlet to enable it to
support compression? Both files are css, hence they should be covered by
default compression types. Are there any other settings to try?

regards
Leon

Re: Number of Web Applications in one Tomcat

[Leon Rosenberg]

Clearly one webapp per tomcat. Makes everything easier. Also, if your apps
aren't really tiny, the memory overhead of tomcat is minimal compared to
the advantages.

Leon

On Mon, Oct 29, 2018 at 9:00 AM Ahmed, Tarek  wrote:

> Hi all,
>
> TLDR? Do you deploy one web application per tomcat instance or several?
>
> ---
>
> The long story:
>
> I'd like to sound out your opinion regarding the number of web
> applications deployed in one tomcat instance. The reason is, that at my
> place of work the developers prefer one webapp per tomcat, the admins would
> rather have as many webapps as possible in one tomcat instance (yeah,
> that's devops at its finest ;-)  ). As a developer I'm probably prejudiced,
> but the argument goes as follows:
>
>
> OPS (one tomcat, many webapps):
>
> - Saves memory (each tomcat has a memory footprint even without a web
> application running)
>
> - Saves extra file systems for each tomcat (logs, tomcat installation,
> temp directory)
>
> - Saves nagios monitoring configuration
>
> - Saves separate ports (security considerations)
>
> - Saves work distributing security patches
>
>
> DEV (one webapp per tomcat)
>
> - Start-up time of "fat tomcats" multiplies, which leads to worsened
> availablity (e.g., our fattest tomcat contains 32 web services. It takes 4
> minutes to start)
>
> - If one webapp goes haywire, it may crash the rest of them (OOM, no more
> threads, etc.)
>
> - For bug fixes in one application, you may need to restart the complete
> tomcat instance. Auto (re)deploy takes you only so far, since loaded
> classes may not always be unloaded cleanly, threads not closed etc. This is
> not always something that can be solved in your own code, third party
> libraries may cause problems, too (we had some issues with quartz and
> infinispan here).
>
> - If you ever need to profile your application in production, there is
> much less noise when analysing heap, thread dumps, cpu usage etc.
>
> - I might even think there is some improved security if webapps are
> isolated in several processes vs. being deployed in one VM (security
> arguments always work well with OPS :-)  )
>
>
> So, I want to get away from the one-tomcat-multiple-webapps scenario. One
> thing I started doing to subvert this policy is using spring boot with
> embedded tomcats which is cool in a lot of ways but not always feasible.
>
> What are your practices? Are there further pros and cons for one way or
> the other? Thanks so much for any input,
>
> many greetings,
>
> tarek
>
> --
> Tarek Ahmed
> Softwareentwicklung
>
>
> DIMDI
> Deutsches Institut für
> Medizinische Dokumentation und Information
> Waisenhausgasse 36-38a
> 50676 Köln
>
> Tel.: +49 221 4724-268
> Fax: +49 221 4724-444
> tarek.ah...@dimdi.de
> www.dimdi.de
>
> [image: tick] Das DIMDI unterstützt die Vereinbarkeit von Beruf und
> Familie und ist entsprechend zertifiziert.
>
>
> Das DIMDI ist ein Institut im Geschäftsbereich des Bundesministeriums für
> Gesundheit (BMG).
>

Re: Tomcat Binary Connector

[Leon Rosenberg]

Hey Anthony,

your last comment seems to indicate that you disagree with tomcat being
fixed requirement. Personally I feel opening a port and implementing all
the protocol handling completely negates of advantages of having tomcat in
your application. So maybe you should force a change in your requirements
instead of undermining them, if you feel they are nonsense.

That being said, if you need a binary protocol on top of http you might
want to check grpc. I am not sure how well it works with tomcat, there
might be issues, since they use netty for default. The advantage of grpc
would be multi-language support, http2 features, and the convenience that
no-one ever got fired for using google technology.

regards
Leon



On Sat, Sep 22, 2018 at 2:49 AM anthony berglas  wrote:

> We would like to run a binary protocol in a Tomcat container, so that
> binary sent to a specific port all ends up in a specific servlet. This is
> not AJP, we do not want Tomcat itself to look at the bits, just pass them
> through.
>
> So in Tomcat parlance we need a special Connector.
>
> Does such a thing exist or do we need to write it ourselves?
>
> Tomcat itself is a fixed requirement for the container architecture. Just
> having a process listening on a port is not considered to be enterprisy
> enough.
>
> Thanks,
>
> Anthony
>
> --
>
> Dr Anthony Berglas, anth...@berglas.org   Mobile: +61 4 4838 8874
> Just because it is possible to push twigs along the ground with ones nose
> does not necessarily mean that that is the best way to collect firewood.
>

Re: ApacheCon NA is in just under 3 weeks

[Leon Rosenberg]

I think that would be nice.
Leon

On Wed, Sep 5, 2018 at 12:40 PM Mark Thomas  wrote:

> All,
>
> ApacheCon North America starts in Montréal in just under three weeks.
> There are 2 days of Tomcat content starting on the Monday. If you
> haven't registered, now would be a good time to do so ;)
>
> The evening schedule is already looking pretty packed but Monday evening
> has been set aside for project gatherings and there are still rooms
> available.
>
> Thoughts on booking a room for a Tomcat related session?
>
> I've no firm thoughts on an agenda other than talk Tomcat stuff for an
> hour or so followed by moving to the hotel bar / coffee shop / somewhere
> with lots of comfy seats to continue chatting.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: [OT] What can prevent sessions from timeouting apart from real requests

[Leon Rosenberg]

Hi, actually the issue got resolved. The system in question wasn't tomcat
but jboss (hence the offtopic) and in particular undertow. Undertow seems
to have completely different session expiration handling than tomcat, they
actually prolong expiration timestamp every time an attribute is accessed...

Thanks for the insights!

Leon

On Mon, Aug 27, 2018 at 9:07 AM Jäkel, Guido  wrote:

> Dear Leon,
>
> I suggest to use the Tomcat Manager Application to investigate the session
> data:
>
> * Use the Session Display (/manager/html/sessions?path=/foo) to take a
> look on the different Timers (Creation Time, Last Accessed Time, Used Time,
> Inactive Timemm,TTL) or even the session data
>
> * Use the Connector Scoreborads on the Server Status Display
> (/manager/status) to detect stuck requests. I'm not sure if a stuck request
> may prevent a session cleanup (especially of "other" sessions)
>
> Another approach may be to snapshot a memory dump and investigate the
> session objects, e.g. with the Eclipse Memory Analyze Tool (aka MAT).
>
> Greetings
>
> Guido
>
> >-Original Message-
> >From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com]
> >Sent: Friday, August 24, 2018 11:25 AM
> >To: Tomcat Users List 
> >Subject: [OT] What can prevent sessions from timeouting apart from real
> requests
> >
> >Hi,
> >
> >one of the systems we are consulting has encountered a strange problem.
> The
> >sessions will build up indefinitely but never expire. Then, at one point
> >(at 02am in the night, 19K sessions would drop at once).
> >Of course the simplest explanation would be that someone is actively
> >requests something every 15 minutes (session timeout) keeping track of the
> >JSESSIONID. We are trying to track this through the access_log and such.
> >However, my question, is it possible to prevent session from timeouting by
> >doing something stupid code-wise? Like storing a session in a hashmap
> >somewhere, and accessing some attributes from time to time? My
> >understanding was that the session timeout is solely dependent on incoming
> >requests and handled by the container, but I was not 100% sure ;-)
> >
> >Thanks in advance
> >Leon
>

[OT] What can prevent sessions from timeouting apart from real requests

[Leon Rosenberg]

Hi,

one of the systems we are consulting has encountered a strange problem. The
sessions will build up indefinitely but never expire. Then, at one point
(at 02am in the night, 19K sessions would drop at once).
Of course the simplest explanation would be that someone is actively
requests something every 15 minutes (session timeout) keeping track of the
JSESSIONID. We are trying to track this through the access_log and such.
However, my question, is it possible to prevent session from timeouting by
doing something stupid code-wise? Like storing a session in a hashmap
somewhere, and accessing some attributes from time to time? My
understanding was that the session timeout is solely dependent on incoming
requests and handled by the container, but I was not 100% sure ;-)

Thanks in advance
Leon

Re: Tomcat stop and start using bash script

[Leon Rosenberg]

use -force option
bin/shutdown.sh -force

regards
Leon

On Wed, Jun 27, 2018 at 5:51 PM dhanesh1212121212 
wrote:

> Hi All,
>
> Trying to stop and start tomcat in production using bash script for war
> deployment.
>
> If tomcat not stopped properly then how we can kill the correct process and
> make sure it's stopped correctly.
>
> Regards,
> Dhanesh M.
>

Re: tomcat 6 vulnerability scan default error page help

[Leon Rosenberg]

Hi Mark,

I agree with you that the complaint about version number is rather a minor
one, however, I've had the same situation as one of our projects had to
pass through a PCI Compliance test, and this is what they really test for.

regards
Leon

On Wed, May 2, 2018 at 9:42 PM, Mark Thomas  wrote:

> On 02/05/18 20:27, Berneburg, Cris J. - US wrote:
> > We are getting dinged by a vulnerability scan for the default not-found
> error page being returned by Tomcat for a Status 404.
> >
> > On my dev server when requesting an invalid URL, Tomcat returns a Status
> 404 page that displays the Tomcat version.  Right, I need to do something
> about that.
> >
> > However, I can't find where the error-page for 404 is defined.  It's not
> defined in:
> > - webapps/ROOT/WEB-INF/web.xml
> > - conf/web.xml
> > - conf/server.xml
> > - conf/context.xml
> >
> > Also, I can't find a notFound or error page either.
> >
> > How do I get rid of or override the default error / 404 / not-found page
> if I can't find it or where it is currently defined?  Also, how is Tomcat
> returning the default 404 error page if it does not exist?  I hope it's not
> hardcoded in a servlet response.
> >
> > FYI, we're going to remove the ROOT, docs, and examples folders to
> mitigate other scan findings.
> >
> > And we're using Tomcat 6.0.37 (ahem).
>
> And you are worried about returning the version number? Have you seen
> how many real security issues (as opposed to this version number
> non-issue) there are in 6.0.37? I can't help but think your priorities
> are all wrong.
>
> Hiding the version info is trivial
> Create the following directory structure:
> $CATALINA_HOME/lib/org/apache/catalina/util
>
> Download this file:
> https://svn.apache.org/viewvc/tomcat/archive/tc6.0.x/trunk/
> java/org/apache/catalina/util/ServerInfo.properties?
> revision=1803960&view=co
>
> Place it in that directory and modify the three properties to whatever
> value you like.
>
> Restart Tomcat.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: tomcat 6 vulnerability scan default error page help

[Leon Rosenberg]

Hi Cris,

try to add following to your web.xml

404   
/error404.html

regards
Leon


On Wed, May 2, 2018 at 9:27 PM, Berneburg, Cris J. - US  wrote:

> We are getting dinged by a vulnerability scan for the default not-found
> error page being returned by Tomcat for a Status 404.
>
> On my dev server when requesting an invalid URL, Tomcat returns a Status
> 404 page that displays the Tomcat version.  Right, I need to do something
> about that.
>
> However, I can't find where the error-page for 404 is defined.  It's not
> defined in:
> - webapps/ROOT/WEB-INF/web.xml
> - conf/web.xml
> - conf/server.xml
> - conf/context.xml
>
> Also, I can't find a notFound or error page either.
>
> How do I get rid of or override the default error / 404 / not-found page
> if I can't find it or where it is currently defined?  Also, how is Tomcat
> returning the default 404 error page if it does not exist?  I hope it's not
> hardcoded in a servlet response.
>
> FYI, we're going to remove the ROOT, docs, and examples folders to
> mitigate other scan findings.
>
> And we're using Tomcat 6.0.37 (ahem).
>
> --
> Cris Berneburg
> CACI Lead Software Engineer
>
>

Re: [ANN] TomcatCon Schedules Announced

[Leon Rosenberg]

Hey Mark et al,

I noticed that for the roadshow only the general track is published but not
times for the single tracks... do you know any details? Also concerning the
length of a talk, is it also 45 minutes?
regards
Leon

On Mon, Apr 30, 2018 at 11:10 AM, Mark Thomas  wrote:

> All,
>
> I am delighted to announce the schedules are now available for:
>
> TomcatCon Berlin 13-14 June, 2018:
> http://apachecon.com/euroadshow18/tomcat-schedule.html
>
> TomcatCon Montréal 24-25 September, 2018:
> http://apachecon.dukecon.org/acna/2018/#/schedule/2018-09-24
>
> Full details, including registration links are available on the Tomcat
> website:
> http://tomcat.apache.org/conference.html
>
> See you there!
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: WebApp Caching Broken

[Leon Rosenberg]

Hello,

can you explain what you mean by 'caching' ?

regards
Leon

On Mon, Mar 5, 2018 at 10:26 PM, Kenneth Taylor <
kenneth.tay...@dataexpress.com> wrote:

> We are having a serious problem with Tomcat (8.5).  Twice it has decided
> to PERMANENTLY cache one of our webapps.  We are unable to update that
> webapp.  We’ve tried everything imaginable, short of uninstalling Tomcat,
> which is the next step.
>
>
>
> Where is this cache and how do we turn it off?
>
>
>
> Why in the world would anyone want Tomcat to work this way?  This is a
> fatal flaw worthy of a Darwin Award.
>
>
>
> Frustrated.
>
>
>
> Ken
>
>
>
> Disclaimer: This email from DMBGroup LLC, DMB Consulting Services LLC, or
> the personnel associated with either entity (collectively "*DMB*") and
> attachments, contain *CONFIDENTIAL, PRIVILEGED AND PROPRIETARY *information
> for exclusive use of the addressee individual(s) or entity. Unauthorized
> viewing, copying, disclosure, distribution or use of this e-mail or
> attachments may be subject to legal restriction or sanction. If received in
> error, notify sender immediately by return e-mail and delete original
> message and attachments. Nothing contained in this e-mail or attachments
> shall satisfy the requirements for a writing unless specifically stated.
> Nothing contained herein shall constitute a contract or electronic
> signature under the Electronic Signatures in Global and National Commerce
> Act, any version of the Uniform Electronic Transactions Act or any other
> statute governing electronic transactions. Opinions and statements
> expressed in this e-mail and any attachments are those of the individual
> sender and not necessarily of DMB. DMB does not guarantee this e-mail
> transmission is secured, error or virus-free. Neither DMB nor the sender of
> this e-mail accepts liability for errors or omissions in the contents of
> this e-mail, which arise as a result of e-mail transmission. .
>

Re: Requests for Tomcat-related topics for ApacheCon North America (Montréal, 24-27 Sept 2018)

[Leon Rosenberg]

On Mon, Feb 26, 2018 at 4:07 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> The CFP is open through the end of March, so if anyone is interested
> in giving a talk in Montréal, please don't be shy and sign-up.
>
> I've never known anyone's proposal to be declined, so don't feel as if
> there is some kind of bar you have to clear to be considered.


I bet, I know someone who'd be the first ;-)

regards
Leon

Re: GC allocation failure

[Leon Rosenberg]

On Mon, Jan 8, 2018 at 10:26 AM, Mark Thomas  wrote:

> On 08/01/18 15:16, Christopher Schultz wrote:
>
> 
>
> >> Therefore, the first time that the GC runs, the process can take
> >> longer. Also, the heap is more likely to be fragmented and require
> >> a heap compaction. To avoid that, till now my strategy is to: -
> >> Start application with the minimum heap size that application
> >> requires - When the GC starts up, it runs frequently and
> >> efficiently because the heap is small
> >
> > I think this is a reasonable expectation for someone who doesn't
> > understand the Black Art of Garbage Collection, but I'm not sure it's
> > actually true. I'm not claiming that I know any better than you do,
> > but I suspect that the collector takes its parameters very seriously,
> > and when you introduce artificial constraints (such as a smaller
> > minimum heap size), the GC will attempt to respect those constraints.
> > The reality is that those constraints are completely unnecessary; you
> > have only imposed them because you think you know better than the GC
> > algorithm.
>
> Generally, the more memory available, the more efficient GC is. The
> general rule is you can optimise for any two of the following at the
> expense of the third:
> - low pause time
> - high throughout
> - low memory usage
>
> It has been a few years since I listened to the experts talk about it
> but a good rule of thumb used to be that you should size your heap 3-5
> times bigger than the minimum heap used once the application memory
> usages reaches steady state (i.e. the minimum value of the sawtooth on
> the heap usage graph)
>
>
Actually G1, which is very usable with java8 and default in jdk9, doesn't
produce the sawtooth graph anymore.
I also think the amount of memory has less influence on GC Performance in
G1 or Shenandoah, but instead influence if they would perform a STW phase
(which of course is also performance related, but differently).
But I am not an expert either, so I might be wrong here.

As for OP's original statement: "When the GC starts up, it runs frequently
and
efficiently because the heap is small", I don't think it is correct
anymore, especially not for G1, as long as the object size is reasonable
(not Humongous).


Leon

Re: GC allocation failure

[Leon Rosenberg]

On Mon, Jan 8, 2018 at 10:16 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Suvendu,
>
> On 1/5/18 6:46 AM, Suvendu Sekhar Mondal wrote:
> > I really never found any explanation behind this "initial=max" heap
> > size theory until I saw your mail; although I see this type of
> > configuration in most of the places. It will be awesome if you can
> > tell more about benefits of this configuration.
>
> It's really just about saving the time it takes to resize the heap.
> Because the JVM will never shrink the heap (at least not in any JVMs
> I'm familiar with), a long-running server-side process will (likely)
> eventually use all of the heap you allow it to use. Basically, memory
> exists to be used, so why not use all of it immediately?
>
> > I usually do not set initial and max heap size to same value
> > because garbage collection is delayed until the heap is full.
>
> The heap is divided into sections. The first heap to be GC'd after JVM
> launch is likely to be the eden space which is relatively small, and
> few objects will survive the GC operation (lots of temporary String
> objects, etc. will die without being tenured). The only spaces that
> take a "long" time to clean are the tenured generation and the (until
> recently named/replaced) permanent generation (which isn't actually
> permanent). Cleaning those spaces is long, but a GC to clean those
> spaces should not happen for a long time after the JVM starts.
>
> Also, most collector algorithms/strategies have two separate types of
> operation: a short/minor GC and a long/full GC. As long as short/minor
> GC operations take place regularly, you should not experience
> application-pauses while the heap is reorganized.
>
> Finally, application pauses are likely to be long if the entire heap
> must be re-sized because then *everything* must be re-located.
>
> > Therefore, the first time that the GC runs, the process can take
> > longer. Also, the heap is more likely to be fragmented and require
> > a heap compaction. To avoid that, till now my strategy is to: -
> > Start application with the minimum heap size that application
> > requires - When the GC starts up, it runs frequently and
> > efficiently because the heap is small
>
> I think this is a reasonable expectation for someone who doesn't
> understand the Black Art of Garbage Collection, but I'm not sure it's
> actually true. I'm not claiming that I know any better than you do,
> but I suspect that the collector takes its parameters very seriously,
> and when you introduce artificial constraints (such as a smaller
> minimum heap size), the GC will attempt to respect those constraints.
> The reality is that those constraints are completely unnecessary; you
> have only imposed them because you think you know better than the GC
> algorithm.
>
> > - When the heap is full of live objects, the GC compacts the heap.
> > If sufficient garbage is still not recovered or any of the other
> > conditions for heap expansion are met, the GC expands the heap.
> >
> > Another thing, what if I know the server load varies a lot(from 10s
> > in night time to 1s during day time) during different time
> > frame, does "initial=max heap" apply for that situation also?
>
> My position is that initial==heap is always the right recipe for a
> server-side JVM, regardless of the load profile. Setting initial < max
> may even cause an OOM at the OS level in the future if the memory is
> over-committed (or, rather, WILL BE over-committed if/when the heap
> must expand).
>
>
>
To add some 2 cents to what christoph said (which was a very correct
explanation already), the only valid exception to the initial=heap rule in
my eyes, is when you actually not sure how much memory your process will
need. And if you have a bunch of microservices on one machine, you may want
not to spend all the memory without need.
So start a little bit lower but give room for expansion in case the process
need it.
For example I have a VM with 13 'small' JMVs on it. The difference between
ms and mx would be about 5 GB. In this specific case I suppose it is ok, to
provide different values at least for some time, and adjust later.

However, reading gc logs or using tools like jclarity can help you find the
proper pool size for your collector/jvm version/application better. Unless
you release and change your memory usage pattern every week or so, in this
case using xms!=xmx seems ok to me, as a safety net.

regards
Leon

[OT] JavaOne anyone?

[Leon Rosenberg]

Hi,

is anyone from the list at the java1?

regards
Leon

Re: [ANN] Webinar: Tomcat and MoSKito

[Leon Rosenberg]

Thanks Mark!
Leon

> On 24. Aug 2017, at 15:36, Mark Thomas  wrote:
> 
> Final reminder - this will be starting in just over 20 minutes.
> 
> Do join us if you can.
> 
> Mark
> 
> 
>> On 03/08/17 15:18, Mark Thomas wrote:
>> All,
>> 
>> The Tomcat community is hosting a webinar by Leon Rosenberg:
>> 
>> Monitoring your tomcat web-application in production with MoSKito. Get
>> full control of threads, memory and execution time usage of the JVM and
>> your code.
>> 
>> Topic: Tomcat and MoSKito
>> Time: Aug 24, 2017 14:00 UTC
>>   15:00 London, Dublin
>>   16:00 Amsterdam, Berlin, Rome, Stockholm, Vienna
>> 
>> Join from PC, Mac, Linux, iOS or Android:
>> https://pivotal.zoom.us/j/949439493
>> 
>> The webinar will be recorded and the recording made available on the
>> Tomcat YouTube channel shortly afterwards.
>> 
>> Hope to see you there.
>> 
>> Mark
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Where Tomcat webapp contexts live on Debian

[Leon Rosenberg]

On Tue, Aug 22, 2017 at 10:55 PM, Emmanuel Bourg  wrote:

> On 08/16/2017 09:24 AM, Leon Rosenberg wrote:
> > Debian has a long tradition of doing things in a very special way when it
> > comes to java. Long enough they shipped GnuJ as standard JVM with a
> debian
> > distribution, a piece of garbage that wasn't able to start simplest of
> java
> > programs.
>
> GCJ has been superseded by OpenJDK a lng time ago as the default
> Java runtime on Debian.
>
> > But there has been an as long tradition to reply to every question about
> > tomcat behaviour on a specific distribution by suggesting to throw the
> crap
> > away and download the vanilla tomcat form the one and only legal source
> ;-)
> > (at least in the past, to which debian belongs).
>
> FWIW, there is now a Tomcat committer maintaining the Tomcat package in
> Debian and controlling its quality. If you think there is something
> crappy about the packaging feel free to send a mail to me or to the
> debian-j...@lists.debian.org and I'll be happy to help.
>

Thank you. Mea culpa. My information seems outdated.
Leon


>
> Emmanuel Bourg
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat server apparently bouncing up and down

[Leon Rosenberg]

Since you told the context is rather huge, have you checked gc times? A
long running full gc can block the machine completely resulting in the
up/down behaviour from outside. GC options depend on JVM version I use:

export JAVA_OPTS="$JAVA_OPTS -XX:+DisableExplicitGC -verbose:GC
-XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:logs/gc.log "

alternatively moskito would also show you avg response times and gcs ;-)


regards

Leon


On Fri, Aug 18, 2017 at 11:13 PM, James H. H. Lampert <
jam...@touchtonecorp.com> wrote:

> On 8/18/17, 1:41 PM, Christopher Schultz wrote:
>
> You say that you aren't running it as a service. How then are you
>> running Tomcat?
>>
>
> startup.sh and shutdown.sh from a command line.
>
> Just starting catalina.sh from the CLI directly? If
>> you run it in the background, are you running it with nohup? If not,
>> your console closing might be killing the Java process. Hmm... but you
>> said that Tomcat does in fact shut down when you login and stop it.
>> Probably not a SIGHUP killing the process.
>>
>
> When it's unresponsive, it's apparently still running. But it's not just
> our context that's unresponsive; manager is also unresponsive. And we run
> with autodeploy disabled: aside from being a huge context that takes a
> while to deploy, it's also one that often needs to be stopped, have
> instance-specific values set in its web.inf, and then get restarted, before
> it can function normally.
>
> If you stop Tomcat (when it's unresponsive), then re-start it, does it
>> appear to work correctly right away, or do you need to do anything
>> else to get it to work again?
>>
>
> It opens up the port immediately, and serves a sign-on page for our webapp
> as soon as it's had a chance to initialize.
>
> I looked in the latest localhost access log, and no sign of anything
> suspicious there.
>
> --
> JHHL
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat memory

[Leon Rosenberg]

Fady, one thing,

analyzing heap dumps is hard especially a 10GB dump, you will need at least
40 Gb of memory an about 10 hours to start jhat.
What is fast is analyzing a histogram. A histogram is a list of all classes
in your JVM and amount of memory they use. It is very easy to use:

jmap -histo:live  >outputfile
the :live parameter is important, otherwise you will see dead objects as
well. Keep in mind a major gc will be triggered.

The output looks like this:

 num #instances #bytes  class name
--
   1: 98573   13165976  [C
   2:  4376   11325928  [B
   3: 965262316624  java.lang.String
   4: 405221296704  java.util.HashMap$Node
   5: 10954 807552  [Ljava.lang.Object;
   6:  7494 781480  java.lang.Class
   7:  6778 655464  [Ljava.util.HashMap$Node;
...

3103: 1 16
sun.util.locale.provider.TimeZoneNameUtility$TimeZoneNameGetter
3104: 1 16  sun.util.resources.LocaleData
3105: 1 16
sun.util.resources.LocaleData$LocaleDataResourceBundleControl
Total456560   37330672

This won't point you to exact direction of memory leak or resource
consumption, but you will see what classes are consuming memory. So if you
find out that class foo.bar.XYZBean has 10.000.000 instances and occupies 2
gb of memory, you know where to look.

Keep in mind that only memory directly used by a class is counted, so every
string will appear twice, as string and as byte array.

If you see that the used memory amount is growing, take multiple
histograms, every 10 minutes or so and analyse the differences. I wrote a
little script years ago for myself (
https://github.com/dvayanu/ldt/blob/c8b3c2b6f61de5c583db503f6fd5e2d8aa8b9aa0/java/ldt/histo/HistoDiffReader.java)
that takes two histograms and prints out the differences. This way you can
see if new instances of a specific class(es) are accumulated over time. In
this case you have a memory leak.

regards
Leon








On Thu, Aug 17, 2017 at 12:09 PM, André Warnier (tomcat) 
wrote:

> On 17.08.2017 11:21, Fady Haikal wrote:
>
>> Team,
>> Please i need some help her
>>
>
> Maybe start here ? http://lmgtfy.com/?q=analyse+tomcat+heap+dump
>
> (and this looks like it might help you :
> http://docs.oracle.com/javase/7/docs/technotes/tools/share/jhat.html)
>
> To restate the obvious :
> - this list here is manned by volunteers, who donate their time trying to
> help people who have problems with Tomcat, and who are doing their best, but
> - the list works best with people who also help themselves
> - we do not have access to your system, and we do not know your
> applications
> - we can only try to help, on the base of the information which you provide
> - there are 3 (possible) components to your problem :
>   a) the Java JVM which runs Tomcat
>   b) Tomcat itself, which runs your applications
>   c) the applications themselves
> Of these :
>   a) is controlled entirely by you, and is in fact the one which
> ultimately uses all that memory (but we do not know why either). Below you
> are showing the startup parameters of the JVM. They are not the default
> settings. So where do these parameters come from, and do you understand
> them ? (if you don't, you first need help with Java, not with Tomcat)
>   b) That is really the focus of this list. And we know that Tomcat, by
> itself, does not use 60GB or 10GB of memory, nor anywhere near it
>   c) we know nothing about, but it is likely that it is something there,
> which causes Tomcat (and Java) to use all that memory
> And about (c), maybe it is normal that it/they use this gigantic amount of
> memory. Maybe one of the applications allocates some gigantic array of data
> over time. Maybe one of these applications is really badly programmed and
> causes enormous "memory leaks". How would we know ? Are these your
> applications ? If not, have you contacted the people responsible for these
> applications, and described your problem to them ?
> (because again, with 99& probability, that is where the problem is)
>
> Try to collect some more specific data, and when you have it, post it
> here, and maybe someone will have an idea.  But as it is, the only thing
> known so far is that on your system, the Java JVM which runs tomcat is
> using up a lot of memory, increasingly over time, and that it ends up
> crashing with an OOM.
> That is not enough information for us to be able to help you.
>
> If you are desperate and in a hurry, maybe you need first to find a Java
> JVM specialist, who can help you poinpoint the problem more specifically.
>
>
>
>
>> Regards,
>>
>>
>> On Thu, Aug 17, 2017 at 9:46 AM, Fady Haikal 
>> wrote:
>>
>> @Suvendu,
>>> I took a heap dump from Java VisualVM but honestly i didnt know how i
>>> should analyse it, please some help here
>>>
>>> also please find below the java configuration i used

Re: [OT] Re: Where Tomcat webapp contexts live on Debian

[Leon Rosenberg]

Suse, and even Windows). I do not remember why we initially chose
> Debian as our main platform, but we now have some 40 servers with it.  We
> are "comfortable" with it (today as well as previously), we have no
> particular problem with it, and it would be costly and time-consuming to
> change to another main platform. Over time, we have learned how Debian (and
> other platforms) install things and where, and we have documented it. Our
> usage of Tomcat may be simple, but I cannot recall exactly how many years
> ago we last had a Tomcat issue which had to do with how Debian installs it
> on the disk.
> Other people's mileage may vary, but I thought it was worth mentioning
> this, to provide a balancing opinion.
>
>
>
> On 16.08.2017 09:24, Leon Rosenberg wrote:
>
>> Debian has a long tradition of doing things in a very special way when it
>> comes to java. Long enough they shipped GnuJ as standard JVM with a debian
>> distribution, a piece of garbage that wasn't able to start simplest of
>> java
>> programs.
>> But there has been an as long tradition to reply to every question about
>> tomcat behaviour on a specific distribution by suggesting to throw the
>> crap
>> away and download the vanilla tomcat form the one and only legal source
>> ;-)
>> (at least in the past, to which debian belongs).
>>
>> regards
>> Leon
>>
>> On Wed, Aug 16, 2017 at 7:43 AM, Peter Kreuser  wrote:
>>
>> I'd assume the service that starts tomcat sets the bin-Dir, that contains
>>> a setenv.sh, that has the CATALINA_HOME and BASE env-Varaibles, where you
>>> find the context-Files that have a docbase.
>>>
>>> I'd like to repeat the question: who did this setup?
>>>
>>> Peter Kreuser
>>>
>>> Am 15.08.2017 um 23:45 schrieb James H. H. Lampert <
>>>>
>>> jam...@touchtonecorp.com>:
>>>
>>>>
>>>> I think I've mentioned before that I have a Tomcat server on a Google
>>>>
>>> Compute Debian instance, that I installed with an "apt-get," rather than
>>> from an Apache download.
>>>
>>>>
>>>> I had to apt-get manager separately, which is odd to begin with.
>>>>
>>>> And things ended up in unexpected places.
>>>>
>>>> Some stuff (like the Catalina directory) wound up in /etc/tomcat7. Other
>>>>
>>> stuff (like the bin and lib directories) wound up in /usr/share/tomcat7.
>>>
>>>>
>>>> But the weirdest thing is where the webapp contexts wound up. The
>>>>
>>> default ROOT context (which doesn't look quite like the default ROOT
>>> context of anything I've installed from an Apache download) is in
>>> /var/lib/tomcat7/webapps/ROOT. But the manager and host-manager webapps
>>> are
>>> in /usr/share/tomcat7-admin/manager and /usr/share/tomcat7-admin/host-
>>> manager.
>>>
>>>>
>>>> Setting aside any questions of why whoever set this up for Debian did it
>>>>
>>> this way, all of this still raises a very big question:
>>>
>>>>
>>>> How is Tomcat finding all of this?
>>>>
>>>> --
>>>> JHHL
>>>>
>>>> -
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Where Tomcat webapp contexts live on Debian

[Leon Rosenberg]

Debian has a long tradition of doing things in a very special way when it
comes to java. Long enough they shipped GnuJ as standard JVM with a debian
distribution, a piece of garbage that wasn't able to start simplest of java
programs.
But there has been an as long tradition to reply to every question about
tomcat behaviour on a specific distribution by suggesting to throw the crap
away and download the vanilla tomcat form the one and only legal source ;-)
(at least in the past, to which debian belongs).

regards
Leon

On Wed, Aug 16, 2017 at 7:43 AM, Peter Kreuser  wrote:

> I'd assume the service that starts tomcat sets the bin-Dir, that contains
> a setenv.sh, that has the CATALINA_HOME and BASE env-Varaibles, where you
> find the context-Files that have a docbase.
>
> I'd like to repeat the question: who did this setup?
>
> Peter Kreuser
>
> > Am 15.08.2017 um 23:45 schrieb James H. H. Lampert <
> jam...@touchtonecorp.com>:
> >
> > I think I've mentioned before that I have a Tomcat server on a Google
> Compute Debian instance, that I installed with an "apt-get," rather than
> from an Apache download.
> >
> > I had to apt-get manager separately, which is odd to begin with.
> >
> > And things ended up in unexpected places.
> >
> > Some stuff (like the Catalina directory) wound up in /etc/tomcat7. Other
> stuff (like the bin and lib directories) wound up in /usr/share/tomcat7.
> >
> > But the weirdest thing is where the webapp contexts wound up. The
> default ROOT context (which doesn't look quite like the default ROOT
> context of anything I've installed from an Apache download) is in
> /var/lib/tomcat7/webapps/ROOT. But the manager and host-manager webapps are
> in /usr/share/tomcat7-admin/manager and /usr/share/tomcat7-admin/host-
> manager.
> >
> > Setting aside any questions of why whoever set this up for Debian did it
> this way, all of this still raises a very big question:
> >
> > How is Tomcat finding all of this?
> >
> > --
> > JHHL
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Automatically compressing localhost_access_log after rotation

[Leon Rosenberg]

On Thu, Aug 3, 2017 at 8:16 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Martin,
>
> On 8/3/17 5:47 AM, Martin Knoblauch wrote:
> > is there a way to compress the localhost_access_log.#.txt file
> > automatically after rotation?
>
> Not really. The file is rotated *during* log events, and stalling to
> compress a log file is probably not a great solution.
>
> > Alternatively/preferably is there a way to put the access logging
> > under "log4j"?
>
> Also not really, but if you are willing to write code, you can do it.
> The AccessLogValve handles its own logging to a file, but if you were
> to subclass AccessLogValve and override the "open" method and assign a
> value to the AccessLogValve.writer member that writes to a log4j
> logger, then I think you could probably do this.
>
> I believe that log4j will stall your access log during the
> compression, though, so you might want to think about whether or not
> you want to implement it this way.
>
> I think at least logback is performing file operations asynchronously to
log events so maybe using slf4j over logback would be a more reliable way.

regards
Leon

Re: Tomcat on macOS

[Leon Rosenberg]

On Sat, May 20, 2017 at 8:56 AM, Israel Timoteo  wrote:

>
>
> I have an additional question:
>
> 1) Would there be any recommendations for not having one Tomcat instance
> per physical server?
>

Only if your application can't utilise resources properly. If your
application fails to scale, fails to use all available cores or memory, you
should have multiple instances. Also if your total memory is insanely high,
like way above 64 Gb, you'd be better off with multiple instances. Also if
your app uses a lot of synchronisation, having multiple tomcats can help.
However, all of that is pretty improbable with a mac mini.
Rule of thumb: if you can bring your app with tomcat to near 100% CPU or
memory usage, no need for multiple instances.
HTH
Leon

P.S. kudos to you for hosting on macs ;-) Crazy but fun ;-)

Re: TomcatCon Meetup (UPDATE)

[Leon Rosenberg]

Awesome, thanks!

Sent from my iPhone

> On 18. May 2017, at 14:58, Huxing Zhang  wrote:
> 
> Hi All,
> 
> The pic for the meetup yesterday can be found here:
> 
> https://www.dropbox.com/s/vu02lnrs77up5mc/IMG_0591.JPG
> 
>> On Wed, May 17, 2017 at 8:46 PM, Coty Sutherland  wrote:
>> Sorry I had to run off, hopefully you guys had a productive meeting :)
>> 
>>> On May 17, 2017 7:02 PM, "Coty Sutherland"  wrote:
>>> 
>>> We're sitting next to the pool. The room is occupied :(
>>> 
>>> On May 17, 2017 9:12 AM, "Christopher Schultz" <
>>> ch...@christopherschultz.net> wrote:
>>> 
 All,
 
 Let's move the Meetup to "immediately following the Lightning Talks",
 since that is a popular event at the conference.
 
 -chris
 
> 
> All,
> 
> For those of you at ApacheCon in Miami, here are the details for the
 Tomcat Meetup. Come and meet fellow members of the community, committers,
 and new friends.
> 
> Time: 18:00 EDT
> Place: Escorial Conference Room (where all TomcatCon sessions are being
 held)
> 
> All are welcome to the meetup, and also the inevitable dinner and
 drinks to follow.
> 
> Thanks,
> -chris
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] ApacheCon anyone?

[Leon Rosenberg]

On Fri, May 12, 2017 at 7:25 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Leon,
>
> On 5/12/17 6:04 AM, Leon Rosenberg wrote:
> > Just wondering if there are any plans for an informal get-together
> > at the apache con in Miami next week? I know that Mark, Christopher
> > and some others are there as speakers, so maybe an informal meetup,
> > where non-commiters buy commiters a pizza or burger and have some
> > chat?
>
>
Hello Chris ;-)


> Wait... you are coming and not giving a talk on MosKito?!?
>

Yeah, strange isn't it? Unfortunately I haven't submitted and my decision
to come to apache con was rather spontaneous... But, know what Chris ?
You'll be there, I'll be there and my notebook will be there too, so you
can have a private presentation anytime you want ;-))) And everyone else
who's interested too ;-) So how about MoSkito-private-hour? ;-)

regards
Leon

P.S. and thanks for organisation efforts, I will keep all evenings free ;-)
Looking forward to meet you guys in person, after so many years ;-)


>
>

[OT] ApacheCon anyone?

[Leon Rosenberg]

Just wondering if there are any plans for an informal get-together at the
apache con in Miami next week? I know that Mark, Christopher and some
others are there as speakers, so maybe an informal meetup, where
non-commiters buy commiters a pizza or burger and have some chat?

regards
Leon

Re: Strange wait time in my application - Tomcat 7.0.67

[Leon Rosenberg]

Hi Tullio,

well I am biased of course, but there are multiple.
First, profiles are never used in production, MoSKito is aimed for
production use. Not test lab, not dev machine, production, hardcore on all
servers you've got.
Than MoSKito also offers analysis tools, thresholds, alerts, charts etc.
Finally MoSKito allows you to integrate business data into monitoring,
things like registration count, checkout, gender of user, and so on...

'standard profiler' - is something designed to be used in the development
environment.
moskito is an apm tool.

hope that helps
regards
Leon


On Mon, Oct 3, 2016 at 4:21 PM, Tullio Bettinazzi 
wrote:

> Please help me to understand diffrences beween Moskito and standard
> profilers.
>
> Tks
>
> Tullio
>
>
> ____
> Da: Leon Rosenberg 
> Inviato: lunedì 3 ottobre 2016 14.29
> A: Tomcat Users List
> Oggetto: Re: Strange wait time in my application - Tomcat 7.0.67
>
> Hi Tullio,
>
> you could download and integrate MoSKito -> http://www.moskito.org. After
> Health and Performance Monitoring for Java Applications | MoSKito<
> http://www.moskito.org/>
> www.moskito.org
> MoSKito: Health and Performance Monitoring for Java applications. Complete
> ecosystem for DevOps. Free and open source
>
>
>
> integration as described here
> blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/ or
> here: http://www.moskito.org/integration.html you can start your
> Integration for MoSKito, the Open Source Health and Performance Monitoring
> System for Java Applications<http://www.moskito.org/integration.html>
> www.moskito.org
> MoSKito Integration
>
>
>
> application and setup a tracer.
> A tracer, explained here:
> http://blog.anotheria.net/msk/newest-hottest-tracers/, can be used to
> automatically trace all requests passing a specific point and compare the
> execution times. It will keep the longest requests along with the execution
> time in each monitored component.
> So if there is some part of code you have, that lasts longer from time to
> time, the tracer will find it.
>
> regards
> Leon
>
>
> On Mon, Oct 3, 2016 at 2:12 PM, Mark Thomas  wrote:
>
> > On 03/10/2016 11:19, Tullio Bettinazzi wrote:
> > > I already use Yourkit but it doesn't seems a load problem.
> > >
> > > The delay is not spread over all operaions but concentred in only one
> or
> > two and allways takes 4 secs more than the normal operation  time.
> > >
> > > Could You suggest how to use Yourkit in this schenario ?
> >
> > I'd look at GC activity and detailed CPU profiling.
> >
> > Mark
> >
> > >
> > > Tks
> > >
> > > Tullio
> > >
> > >
> > > 
> > > Da: Mark Thomas 
> > > Inviato: lunedì 3 ottobre 2016 10.39
> > > A: Tomcat Users List
> > > Oggetto: Re: Strange wait time in my application - Tomcat 7.0.67
> > >
> > > On 03/10/2016 08:56, Tullio Bettinazzi wrote:
> > >> I've an application under tomcat.
> > >> When only a one or two users works on it everithing is ok.
> > >> When the number of users grows the application slows down.
> > >> Is not a memory nor a cpu problem : using top I see the system
> > resources quite free.
> > >> I don't see relevant garbage collection : heap size and permgen have
> > correct dimentions.
> > >> No other applications are running on the system.
> > >> I log more or less every relevant operation in my system (db query and
> > so on) and I see that every slowdown is concentered in a single
> operation.
> > >> I mean all operations take "normal" time but one or two of them take 4
> > seconds more.
> > >> The "slowing" operations are not the same in different executions, and
> > theydo not have a specific type (not only DB query, not only DB stored
> > procedures, not only.).
> > >> It seems like if the thread is frozen for a fixed amount fo time (4
> > seconds more or less) and then it restarts.
> > >> I don't think it's a "queue" problem because otherwise the wait time
> > would be unperdictable and not a "fixed" 4 seconds time.
> > >> I don't know any parameter impacting on that behaviour.
> > >> I use Tomcat 7.0.32 with JVM 1.7.0.67 on a Linux server.
> > >> Could someone suggest a solution for my problem or, at least, an
> > investigation strategy.
> > >
> > > https://www.yourkit.com/java/profiler/feat

Re: Strange wait time in my application - Tomcat 7.0.67

[Leon Rosenberg]

Hi Tullio,

you could download and integrate MoSKito -> http://www.moskito.org. After
integration as described here
blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/ or
here: http://www.moskito.org/integration.html you can start your
application and setup a tracer.
A tracer, explained here:
http://blog.anotheria.net/msk/newest-hottest-tracers/, can be used to
automatically trace all requests passing a specific point and compare the
execution times. It will keep the longest requests along with the execution
time in each monitored component.
So if there is some part of code you have, that lasts longer from time to
time, the tracer will find it.

regards
Leon


On Mon, Oct 3, 2016 at 2:12 PM, Mark Thomas  wrote:

> On 03/10/2016 11:19, Tullio Bettinazzi wrote:
> > I already use Yourkit but it doesn't seems a load problem.
> >
> > The delay is not spread over all operaions but concentred in only one or
> two and allways takes 4 secs more than the normal operation  time.
> >
> > Could You suggest how to use Yourkit in this schenario ?
>
> I'd look at GC activity and detailed CPU profiling.
>
> Mark
>
> >
> > Tks
> >
> > Tullio
> >
> >
> > 
> > Da: Mark Thomas 
> > Inviato: lunedì 3 ottobre 2016 10.39
> > A: Tomcat Users List
> > Oggetto: Re: Strange wait time in my application - Tomcat 7.0.67
> >
> > On 03/10/2016 08:56, Tullio Bettinazzi wrote:
> >> I've an application under tomcat.
> >> When only a one or two users works on it everithing is ok.
> >> When the number of users grows the application slows down.
> >> Is not a memory nor a cpu problem : using top I see the system
> resources quite free.
> >> I don't see relevant garbage collection : heap size and permgen have
> correct dimentions.
> >> No other applications are running on the system.
> >> I log more or less every relevant operation in my system (db query and
> so on) and I see that every slowdown is concentered in a single operation.
> >> I mean all operations take "normal" time but one or two of them take 4
> seconds more.
> >> The "slowing" operations are not the same in different executions, and
> theydo not have a specific type (not only DB query, not only DB stored
> procedures, not only.).
> >> It seems like if the thread is frozen for a fixed amount fo time (4
> seconds more or less) and then it restarts.
> >> I don't think it's a "queue" problem because otherwise the wait time
> would be unperdictable and not a "fixed" 4 seconds time.
> >> I don't know any parameter impacting on that behaviour.
> >> I use Tomcat 7.0.32 with JVM 1.7.0.67 on a Linux server.
> >> Could someone suggest a solution for my problem or, at least, an
> investigation strategy.
> >
> > https://www.yourkit.com/java/profiler/features/
> > Performance and Memory Java Profiler - YourKit Java Profiler<
> https://www.yourkit.com/java/profiler/features/>
> > www.yourkit.com
> > Easy to use performance and memory profiler for .NET framework. Supports
> ASP.NET, Silverlight, .NET Windows services and more.
> >
> >
> >
> >
> > Mark
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: question on Java / Tomcat / GC

[Leon Rosenberg]

On Thu, Jul 14, 2016 at 9:15 PM, Anthony Biacco  wrote:

> On Thu, Jul 14, 2016 at 11:41 AM, André Warnier (tomcat) 
> wrote:
>
> >
> Well, i'm not a GC expert by any stretch of the imagination, but i think
> with your PrintGC options the "GC (System.gc())" and the "Full GC
> (System.gc())" are the same GC.
> Since they're consistent at every hour, the application may be calling the
> System.gc
> You may want to check the code if you have access to it.
>
> -Tony
>

If you don't have access to the code you could just disable the gc
(recommended anyway):

-XX:+DisableExplicitGC

Since the app is running in tomcat6 it must be old, and a lot has been
happening with the gc since tomcat6 time.

Btw, you may want to add -XX:+PrintGCDetails for more insights into spaces.

Also shouldn't -XX:+UseParallelGC be default since 1.7?


regards

leon

Re: Memory Problem

[Leon Rosenberg]

Well the most obvious way to determine it is to lower your settings unless
it works, then lower it a little bit more.

regards
Leon

On Mon, May 9, 2016 at 6:13 PM, Edwin Quijada 
wrote:

> I am getting this error on my server
> Java HotSpot(TM) 64-Bit Server VM warning: INFO:
> os::commit_memory(0x7fe63ff4, 262144, 0) failed; error='Cannot
> allocate memory' (errno=12)
> #
> # There is insufficient memory for the Java Runtime Environment to
> continue.
> # Native memory allocation (mmap) failed to map 262144 bytes for
> committing reserved memory.
> # An error report file with more information is saved as:
> # /var/lib/tomcat8/bin/hs_err_pid14264.log
> Java HotSpot(TM) 64-Bit Server VM warning: INFO:
> os::commit_memory(0x7fe64b5f8000, 12288, 0) failed; error='Cannot
> allocate memory' (errno=12)
> [thread 140627084805888 also had an error]
>
>
> My server has 2 GB memory and I have 1024mb for Maxmen in catalina.opts
>
> How must be the memory amount ?
>
>
> TIA
>

Re: OT if/else or not if/else

[Leon Rosenberg]

On Mon, Apr 25, 2016 at 5:21 PM, Dougherty, Gregory T., M.S. <
dougherty.greg...@mayo.edu> wrote:

>
>
> Yes, we do, because, well, it is more informative. :-)
>
> if (a) Š
> else if (b) Š
> else if (c) Š
>
> Says you have three mutually exclusive options, and implies that a is more
> likely / more important than b, than c.
>
> Or, if ³a" is a method call, possibly that ³a² has some setup needed for
> ³b² and ³c².
>
> All of this is lost with multiple if statements.
>
>
> Then there¹s the everlasting wisdom of Knuth¹s comment about "premature
> optimization is the root of all evil².
>

Exactly my point.
if (a) Š
if (b) Š
if (c) Š

shorter and therefore easier than the other one ;-) if-else-if is just a
premature optimization to the above statement ;-)

Re: OT if/else or not if/else

[Leon Rosenberg]

On Mon, Apr 25, 2016 at 4:13 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Leon,
>
> On 4/22/16 12:24 PM, Leon Rosenberg wrote:
> > Hi guys,
> >
>
> I would always choose the case with the elses.
>
> First, I think it's more clear: if you expect that only one branch of
> the code will run, and no others, then the elses tell the reader that
> fact without any further commentary. The zero-else case might help you
> catch some logic errors (because for example you can log each entry
> into a branch) but there are of course other ways to do that.
>
> Second, it's more efficient, regardless of what type of processor you
> have. Let's take an example where there are more than 3 branches. How
> about something like a million branches (just to accentuate the
> point)? If one of the branches runs, the others are skipped. If all
> branches have an equal change of being chosen, then the CPU has to
> perform on average 50 predicates. If you put the common cases at
> the top, you can do even better. Let's assume the 80/20 rule applies,
> here, and you can take a guess that, on average, the CPU will only
> have to perform 10 predicates on average.
>

I don't think the example is valid (even if machines with 100.000 cpus and
more actually exist). But I remember from days of my study, which lies way
way back, that languages that are optimized for parallel processing would
be able to tell the compiler to execute all ifs in parallel. So if we stick
with a number of ifs which is less than the number of available cores/pipes
we could run it all in parallel. I don't think it is possible with if else,
unless it is transformed into something else.

The other thing that made me wonder is that most people on the list (or all
except me) actually considered if-else-if-else more readable. It not only
creates a more complex structure (visually and syntactically  (more
letters)). But also the semantics of an *else* are different as of an *if*.
This is like North Carolina ;-)
if (man){ do_man_thing; } else { do_woman_thing(); } doesn't work anymore,
even it worked 20 years ago. Talking about maintaining :-)

regards
Leon

>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlceJg8ACgkQ9CaO5/Lv0PAODQCfRCBvVgM2HSM2/CBEGtlBe0Pg
> MrcAn2OdBYKJR0OSApcBFfONJHOlKGY0
> =YeMH
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

OT if/else or not if/else

[Leon Rosenberg]

Hi guys,

this is completely off-topic ;-)

I was wondering if using if/else is not actually slowing down your code.
Lets say I have three possible conditions, A, B and C, which are exclusive.
My native approach would be:
if (A){...}
if (B){...}
if (C){...}

now some people would 'optimize' it as
if (A){ ...} else if (B) {} else if (C) { }
and I think in the world of single-cpu computers this optimization could
work.

But what is now, given that compilers can optimize stuff like this and tell
the processor to calculate all 3 branches simultaneously, which is not
possible for ifelse.

Which one would you choose?
Equally important, which one do you think is more readable? I would say if
else is hard to read, but this can be just personal impression.

regards
Leon

Re: [OT] Monitoring Tomcat

[Leon Rosenberg]

On Tue, Mar 29, 2016 at 4:57 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Leon,
>
> On 3/28/16 6:34 PM, Leon Rosenberg wrote:
> > Of course MoSKito: http://www.moskito.org
> >
> > Take a look at the step by step guide (start with step 1 not 0).
> > blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/
>
> You
> >
> should come to ApacheCon and give a presentation about MoSKito
> sometime. I'd love to see it.
>

Thanks for the invitation, I'd actually love to;-)
When is the next one (and where;-))
Leon


>
>

Re: Monitoring Tomcat

[Leon Rosenberg]

Of course MoSKito:
http://www.moskito.org

Take a look at the step by step guide (start with step 1 not 0).
blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/

regards
Leon

On Tue, Mar 29, 2016 at 12:23 AM, Edwin Quijada 
wrote:

> Hi!
> I have an app with Tomcat+Grails+Vaadin+PostgreSQL and I wanna monitor the
> speed and resources of this. I add to 1024mb to Tomcat because the app and
> DB is in the same server.
>
> What application can I use to monitor performance of this Tomcat ?
>
>
> TIA
>

Re: Why the tomcat source code uses obsolete ant build configuration? why not maven or gradle?

[Leon Rosenberg]

Hi Raja,

I think this question arises on this user list every now and then. I even
think there have been some effort to create a pom.xml for tomcat, but
without great success (after few replies you can imagine why).
Personally I totally understand you. From what I see ant is totally gone
and has been replaced by maven virtually everywhere. Also the tool support
for maven is much better as for ant. However, there are reasons why maven
has been so successful, and it is one of the reasons, why it still not used
here.

1) maven has an absolutely superior dependency management to what ant ever
had to offer, with or without ivy.
2) and more important, maven is not only a build tool, it defines the
project layout, the build cycles and how you have to work with the project
(meaning releases, branching etc). All of that is missing completely in
ant, ant lets you create whatever development system you want, but you have
to do it all the way alone. Maven gives you one, and if you agree to use
it, you will safe a lot of time and can put your effort in things that
matter more.

Now, see, this is exactly the problem. Tomcat as a project was there long
before maven team layed out how they imagine people should work. And since
tomcat is doing stuff it's own way, it will be a huge portion of work to
make it work with a pom. So if you want to work with a pom and maven, you
maybe start your work exactly there ;-)

regards
Leon

P.S. The opinion that "ant is gone" is of course solely mine and based on
personal experience only ;-) No flame please.


On Mon, Mar 28, 2016 at 5:57 PM, Raja Anbazhagan <
raja.anbazhagan1...@gmail.com> wrote:

> I'm new to tomcat project and I wanted to take a look at the code base to
> see if I can contribute in any which ways. But after going through the
> build process and setting up every other tools used to build ant, I'm a bit
> frustrated.
>
> Why didnt we migrated this project to a better build tool like maven or
> gradle so that the contributor can spend less time setting up the code and
> more time on actually working on the contribution part.?
>
> - Raja
>

Re: Monitoring Connections

[Leon Rosenberg]

On Wed, Oct 7, 2015 at 11:59 PM, Aurélien Terrestris 
wrote:

> Hi Jamie,
> 
>
> If you enjoy live monitoring, you need to have a look on Christopher's
> presentation (
>
> http://events.linuxfoundation.org/sites/events/files/slides/Monitoring%20Apache%20Tomcat%20with%20JMX.pdf
> ) who posts many answers to this mailing list.
>
>
> or if you want to go deeper, try MoSKito (http://www.moskito.org)

regards
Leon


>
>

Re: [Hardening] Running tomcat under a specific account

[Leon Rosenberg]

Hello Jan,

that would be better yes. For example some time ago, there were a virus
that would place a modified jsp in a webapp and try to access further data
from it. If the user, the tomcat runs under, would have limited permission,
such a malware would have less chances to actually do something harmful.
As for my personal opinion and 10++ years of experience with different
tomcat version in production environment, (attention, flame war can start
here), an apache httpd in front of tomcat does _not_ increase the security
_at_all_.
In fact I would argue that it adds its buffer overflows and bugs to the
bugs that could exists in tomcats code.

regards
Leon


On Wed, Feb 25, 2015 at 11:13 PM, Jan Tosovsky  wrote:

> Dear All,
>
> there are plenty resources mentioning it is a must to run tomcat as a
> dedicated user with limited permissions.
>
> Is it still true when tomcat doesn't run standalone, but via Apache web
> server connected via AJP? That webserver already runs in the restrictive
> mode.
>
> Thanks, Jan
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: Need Help!

[Leon Rosenberg]

On Wed, Jan 28, 2015 at 8:48 PM, David kerber  wrote:

> On 1/28/2015 2:03 PM, Hyder Hashmi wrote:
>
>> Hi,
>>
>> I am working on a small project and need your help in this.
>>
>> I have a java program in which I read and write in a file that is located
>> in the current folder.
>>
>> Now I have written a few servlets and trying to use the previous code
>> along with servlets.
>>
>> Tomcat is searching for the file in its bin folder and giving
>> FileNotFoundException.
>>
>
> To Tomcat, the /bin folder is it's current directory.


Not quite right, the directory you started from is your current directory.
Which can be TOMCAT_HOME or TOMCAT_HOME/bin etc.

Leon


>
>
>
>> If I use my java code without the servlet it is checking for the file in
>> current folder (which is my requirment).
>>
>
> It looks like you need to refactor your code to allow you to specify where
> to find the file when you call the method that does the work. Then the
> servlet and your pure java code can both specify as needed.  Of course, a
> servlet may not have permissions to anything outside of its own hierarchy,
> but that's a separate issue.
>
>
>
>
>> I want to ensure that when I use my java code along with servlets, it
>> should read and write in the file from current folder(Project folder in
>> tomcat's webapps).
>>
>> I am not using any IDE, the  code is written in Notepad and being
>> executed from CommandLine.
>>
>> I have spent long time on Internet to find the resolution but in vain.
>>
>> Request to help me with this situation .
>>
>> Hoping for a positive reply.
>>
>> Thanks for in advance for all the help.
>>
>> Regards,
>> Hyder.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: SAML 2.0 with container managed authentication in Tomcat

[Leon Rosenberg]

On Thu, Sep 11, 2014 at 2:26 PM, Maarten van Hulsentop <
maar...@vanhulsentop.nl> wrote:

> Dear Tomcat-users,
>
> We are investigating the best way to support SAML 2.0 (SP) authentication
> with our application. Our application is using container managed
> authentication provided by Tomcat, and works very well with basic
> authentication, form authentication, SPnego and others.
>
> My expectation would be that it should be possible to add a Valve and a
> Realm and have a 3rd party tool supply the SAML2 Relying Party
> implementation.
>
> So far, we have identified a couple of possible candidates.
> - Apache CXF Fediz. This project still seems young, but the integration
> would be as i expect.
> - Spring security might be possible to wrap into a Valve and Realm?
> - Picketlink? As stated on
>
> https://docs.jboss.org/author/display/PLINK/SAML+Authenticators+(Tomcat,JBossAS)


I have used picketlink with tomcat as SP and jboss wildfly as IDP and it
worked very well. Picketlink works great but the support is rather thin.

You may also want to check WSO2.

regards
Leon


P.S. Both provide Filters not Valves.

Re: Question on Thread Local

[Leon Rosenberg]

no :-)
Allow me to provide an example.
This class : MoSKitoWebUIContext.java (
https://github.com/anotheria/moskito/blob/master/moskito-webui/src/main/java/net/anotheria/moskito/webui/MoSKitoWebUIContext.java
)
Is a ThreadLocal that is used to store some information, for example
HttpSession.
In the beginning of the processing I am calling
MoSKitoWebUIContext.getCallContextAndReset(); //that initializes the
context and than
MoSKitoWebUIContext .getCallContext().setCurrentSession(HttpSession
currentSession);

from this time on the link to current session is stored in the ThreadLocal
variable, and whereever in the call I need it, I can simply call
MoSKitoWebUIContext .getCallContext().getCurrentSession() and obtain it,
without explicitly passing it through call trees. This allows me to pass
parameters from a very beginning of the processing to the very end of the
processing (or just everywhere) without passing them around and having them
in each and every method.

Another popular example would be to store the Locale the user is in for
i18n.

HTH
Leon


P.S. of course you need to clean up the thread locals at the end of
processing (at least in theory) and so on.


On Tue, Sep 2, 2014 at 10:22 PM, Leo Donahue  wrote:

> On Tue, Sep 2, 2014 at 3:00 PM, Leon Rosenberg 
> wrote:
>
> > From practical point of view ThreadLocal is a huge hashmap directly in
> the
> > ThreadClass where you can store a map of variables.
> > Something like Thread.Map>, in which you
> can
> > access variables that are 'attached' logically to the current Thread.
> > In practice its a nice way to pass information through layers of code
> > without adding it explicitly as parameter to every function on the way.
> > regards
> > Leon
> >
>
> At some point in the web application, a ThreadLocal is instantiated and its
> properties are set and then retrieved in a Filter.  Am I on track here?
>
> How is that different or more helpful than instantiating any other POJO
> with property setters?
>
> A POJO will be instantiated on every servlet request whereas the
> ThreadLocal is only created once?
>

Re: Question on Thread Local

[Leon Rosenberg]

>From practical point of view ThreadLocal is a huge hashmap directly in the
ThreadClass where you can store a map of variables.
Something like Thread.Map>, in which you can
access variables that are 'attached' logically to the current Thread.
In practice its a nice way to pass information through layers of code
without adding it explicitly as parameter to every function on the way.
regards
Leon

P.S. of course there are some technical aspects like ability to be passed
to the spawned threads etc, which I didn't mention :-)


On Tue, Sep 2, 2014 at 9:47 PM, Leo Donahue  wrote:

> I've been reading about using Thread Local in web applications and the
> general use case is to generate a transaction id in a filter so that the
> rest of the web application running in the thread local will have access to
> that transaction id.
>
> Thread Local is essentially a way to create a global variable so that you
> don't have to create a bean that generates said global data and pass that
> bean around to other classes, or inject it into the other classes?
>
> I am not sure I understand the difference between per-thread requests and
> servlet requests that already run in their own thread.
>
> In other words, what is the difference between using a Thread Local
> variable vs any other variable that is created inside a filter, or during a
> normal servlet request?
>

Re: VERY HIGH TRAFFIC TUNING

[Leon Rosenberg]

answering only to the one directed at me (or so I think):

On Thu, Jul 10, 2014 at 4:09 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Leon,
>
> > If you have very fast connections, go for a smaller amount. If you
> > have keepalive and slow connections, remember that every connection
> > can hold 1-2 threads without doing anything at all.
>
> Hmm?
>

If you have keepalive enabled, then every client will held an open
connection for some period of time. Depending on browser brand and version,
the browser will typically hold 1-2 connections to the server. So for every
logged in users that is clicking or issuing a request regularly (maybe once
a minute or so), you can end up having one or two threads, dependending on
how many connections the browsers holds.
Those threads would be idle most of the time, but still not available to
your threadpool. Usually they show up as Runnable somewhere in socket.read
in the thread dump. So if you have 100 users with 150 connections and 151
threads in your threadpool you can end up with a completely blocked server
with zero cpu usage.

regards
Leon

Re: VERY HIGH TRAFFIC TUNING

[Leon Rosenberg]

On Wed, Jul 9, 2014 at 4:47 AM, Hernán Marsili  wrote:

> Hi,
>

Hello Hernán,


>
> For the past 4 years we has been working with a 'stable' configuration in
> which we put APACHE in front of TOMCAT7 (previously Tomcat6) with mod_jk
> connector. We usually serve high traffic sites with about 7000 to 10.000
> concurrent users per box (8gb RAM / 4 vcpu) (50.000 active users total).
>
> We are OK with the performance, but sometimes we notice Tomcat stops
> responding normally while there are at least 2 full CPU left to be consumed
> (JAVA memory is fine).
>

Hard to tell from here, but dropping performance while still having
resources is often an indicator for synchronization issues. You should
analyze your thread usage. You could do it with jstack (save multiple
stacks in short slots, like every 10 seconds for 2-3 minutes). Check what
threads are in what states:
 - do you have any threads in BLOCKED state? If yes, what they are waiting
for?
 - what are you RUNNABLE threads doing? Are they waiting for something,
even not blocked - for example reading the database or reading the incoming
request.
 - is your amount of TIMED_WAITING threads sufficient? If you have non,
your thread pool is probably out of threads.



>
> This is the configuration we use for the connector:
>
>   emptySessionPath="true" redirectPort="8443" maxThreads="1024"
> minSpareThreads="32" enableLookups="false" request.registerRequests="false"
> />
>

Generally removing apache httpd can increase performance. I assume you have
a hardware loadbalancer in front of things, so httpd doesn't do you any
good.


>
> I have a couple of questions:
> 1) should we set a particular connector or let Tomcat7 decide? I understand
> using protocol="AJP/1.3" the auto-switch kicks in. But, for non-SSL high
> concurrency sites maybe is best to fixed on APR?
>

Warning, flame war is about to begin, but personally I always found that
the plain old java connector is the best option for speed. And the simplest
to use too. If you insist of having apache httpd in front, you may want to
try mod_proxy (or was it mod_proxy_ajp?) instead.


>
> 2) how many THREADS can we have? can we go beyond the 1024?
>

Depends on your OS. On modern linuxes sky is the limit. However context
switches can kill you too. If you have very fast connections, got for a
smaller amount. If you have keepalive and slow connections, remember that
every connection can hold 1-2 threads without doing anything at all. But
you can go up to 4096 without second thought, if you are really out of
threads. However, if your problem are blocked threads or a slow DB, you
will make things much much much worse.


>
> 3) is there any advantage on using processorCache?
>
> 4) We are not defining a CONNECTION TIMEOUT not a KEEP ALIVE. Any advice on
> this one? The average user session is 7 minutes.
>

If playing with CONNECTION_TIMEOUT, than better on OS level. But again that
depends on what is really happening within your application and with the
connections. You could monitor it with netstat and see if you have too many
CLOSE_WAITs or something. That it's easier to decide what to do.



>
> Thanks for the help!
> Hernán.
>

Leon.

P.S. needless to say, but having a monitoring tool like
http://www.moskito.org will help either ;-)

Re: CATALINA_PID != real PID

[Leon Rosenberg]

The usual Heisenbug.

regards
Leon


On Fri, May 23, 2014 at 1:24 PM, Арсений Зинченко wrote:

> Hi, Leon.
>
> Thanks for replay.
>
> Don't know why - but now it works good :-)
>

Re: CATALINA_PID != real PID

[Leon Rosenberg]

Hello Arseniy,

I don't know why it doesn't work for you, it works for me:

export CATALINA_PID=/opt/app/tomcat7/pid

*/opt/app/tomcat7*$ more pid

5856

ps aux | grep 5856:

thales5856  0.0 43.6 642472 228788 ?   Sl   Apr28  29:19
/opt/java/jdk1.7.0_45/bin/java
-Djava.util.logging.config.file=/opt/app/tomcat7/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -server
-Xmx256m -Djava.endorsed.dirs=/opt/app/tomcat7/endorsed -classpath
/opt/app/tomcat7/bin/bootstrap.jar:/opt/app/tomcat7/bin/tomcat-juli.jar
-Dcatalina.base=/opt/app/tomcat7 -Dcatalina.home=/opt/app/tomcat7
-Djava.io.tmpdir=/opt/app/tomcat7/temp
org.apache.catalina.startup.Bootstrap start

I am using CATALINA_PID solely to be able to use the force opton:

bin/shutdown.sh -force

for automatical releases from jenkins (the only way I know to wait until
shutdown is finished).

Maybe you have a wrapper script that starts another script, that starts
tomcat, and this is why your pid differ?


regards

Leon


On Fri, May 23, 2014 at 12:03 PM, Арсений Зинченко wrote:

> Hi, guys.
>
> I set:
>
> $ export CATALINA_PID="$CATALINA_HOME/conf/catalina.pid"
>
> Started *Tomcat*:
>
> $ ./bin/startup.shUsing CATALINA_BASE:
> /home/tomcats/apache-tomcat-7.0.53Using CATALINA_HOME:
> /home/tomcats/apache-tomcat-7.0.53Using CATALINA_TMPDIR:
> /home/tomcats/apache-tomcat-7.0.53/tempUsing JRE_HOME:
> /usr/java/jdk1.6.0_45/jre/Using CLASSPATH:
>
> /home/tomcats/apache-tomcat-7.0.53/bin/bootstrap.jar:/home/tomcats/apache-tomcat-7.0.53/bin/tomcat-juli.jarUsing
> CATALINA_PID:
> /home/tomcats/apache-tomcat-7.0.53/conf/catalina.pidTomcat started.
>
> Checked pid-file:
>
> $ cat /home/tomcats/apache-tomcat-7.0.53/conf/catalina.pid28461
>
> But - there is no process 28461:
>
> $ ps aux | grep 28461
> tomcats  28599  0.0  0.0 103240   872 pts/0S+   12:50   0:00 grep 28461
>
> $ ps -p 28461
>   PID TTY  TIME CMD
>
> And Tomcat's JVM runs with other PID:
>
> $ ps u | grep tomcat | grep java | grep -v grep | cut -d" " -f 330133
>
> So - for what exactly CATALINA_PID variable needs or - why it's return
> wrong number?
>
> From "*Tomcat the Definitive Guide*" of *Jason Brittain* book we know that:
>
> CATALINA_PID This variable may optionally hold the path to the process ID
> file that Tomcat should use when starting up and shutting down. None
>
> Use:
>
> $ cat /etc/redhat-releaseCentOS release 6.4 (Final)
>
> Thanks for advice.
>

Re: Application monitoring

[Leon Rosenberg]

Hello David,

yes there is. And I sent you two links to blog entries about exactly that.
Did you read them?

regards
Leon

P.S. in the examples the app specific info is monitored directly and not
via jmx, because that saves a lot of overhead, but reading jmx beans is
also supported.





On Mon, May 19, 2014 at 3:01 PM, David kerber  wrote:

> On 5/19/2014 8:52 AM, Leon Rosenberg wrote:
>
>> David,
>>
>> I already asked you why you are reinventing the wheel, but it seems, for
>> fun, which is a perfectly ok reason though.
>> However, maybe you'll find some insights on how other people do it here:
>> http://blog.anotheria.net/msk/the-complete-moskito-
>> integration-guide-step-6-moskito-control/and
>> here:
>> http://blog.anotheria.net/msk/case-study-monitoring-a-
>> cluster-of-java-daemon-processes/
>>
>
> Leon -
>
> I don't want to re-invent the wheel if there's already something that will
> do what I need, but I don't see what you're getting at.  Is there an
> already-existing tool that will let me look into multiple identical but
> independent tomcat apps, read various MBeans from each one and display that
> data in a single window?  The data I want to display is
> application-specific, and not generic stuff like heap usage, GC info, etc.
>
> I understand that I should be able to connect to any one app and read its
> MBeans with some standard JMX tool/interface, but that's essentially what
> I'm doing now (though without using JMX) and am trying to get away from.
>
> Dave
>
>
>
>
>> regards
>> Leon
>>
>>
>> On Mon, May 19, 2014 at 2:42 PM, David kerber 
>> wrote:
>>
>>  On 5/19/2014 8:27 AM, Neven Cvetkovic wrote:
>>>
>>>  On Mon, May 19, 2014 at 8:11 AM, David kerber 
>>>> wrote:
>>>>
>>>>
>>>>>I've uploaded code examples and the JmxExample.war:
>>>>>
>>>>>  https://wiki.apache.org/tomcat/Example%20Application%
>>>>>> 20Exposing%20Internals%20Using%20JMX
>>>>>>
>>>>>> So, just deploy JmxExample.war to your Tomcat instance, open up JMX
>>>>>> console
>>>>>> through JVisualVM or JConsole, and find the MBean, e.g.
>>>>>> JmxExampleApp:type=Counter
>>>>>>
>>>>>> You will see that the internal instance of MyCounter is exposed
>>>>>> through
>>>>>> JMX, and you will be able to set the name, initial count, reset the
>>>>>> counter, etc...
>>>>>>
>>>>>> The trick was to use @WebListener that registers the MBean instance
>>>>>> with
>>>>>> your MBeanServer upon application deployment. Your MBean instance will
>>>>>> wrap
>>>>>> around any of your application internals you would with to expose.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>  What kind of performance hit does this "wrapper" cause?  A couple
>>>> of my
>>>>
>>>>> app's instances take more than 4M transactions per day, up to several
>>>>> hundred per second at peak times.  So I can't afford much added work
>>>>> per
>>>>> request.
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>>   Hey David,
>>>>>
>>>>
>>>> Well, that depends what do you do for every transaction (request). In
>>>> the
>>>> above example with @WebListener, the app's performance should not be
>>>> affected significantly, all it does it registers a JMX MBean at app
>>>> deployment, and exposes the attributes and operations (getters/setters +
>>>> other public methods) to JMX clients invoke this MBean. Once you
>>>> undeploy
>>>> the app, it unregisters the MBean.
>>>>
>>>>
>>> Ok, that sounds promising.  I was worried that every request might have
>>> to
>>> go through the filter/wrapper before getting to my core processing code.
>>>   If the MBean classes only need to make (for example) getCounter() calls
>>> into my app's existing counters when needed, then that shouldn't be a
>>> problem.
>>>
>>>
>>>
>>>
>>>  Sure, performance will depend on how often you call JMX, and that might
>>>> shave few OS cycles away from standard app operations (4M tx per day),
&g

Re: Application monitoring

[Leon Rosenberg]

David,

I already asked you why you are reinventing the wheel, but it seems, for
fun, which is a perfectly ok reason though.
However, maybe you'll find some insights on how other people do it here:
http://blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-6-moskito-control/and
here:
http://blog.anotheria.net/msk/case-study-monitoring-a-cluster-of-java-daemon-processes/

regards
Leon


On Mon, May 19, 2014 at 2:42 PM, David kerber  wrote:

> On 5/19/2014 8:27 AM, Neven Cvetkovic wrote:
>
>> On Mon, May 19, 2014 at 8:11 AM, David kerber 
>> wrote:
>>
>>>
>>>   I've uploaded code examples and the JmxExample.war:
>>>
 https://wiki.apache.org/tomcat/Example%20Application%
 20Exposing%20Internals%20Using%20JMX

 So, just deploy JmxExample.war to your Tomcat instance, open up JMX
 console
 through JVisualVM or JConsole, and find the MBean, e.g.
 JmxExampleApp:type=Counter

 You will see that the internal instance of MyCounter is exposed through
 JMX, and you will be able to set the name, initial count, reset the
 counter, etc...

 The trick was to use @WebListener that registers the MBean instance with
 your MBeanServer upon application deployment. Your MBean instance will
 wrap
 around any of your application internals you would with to expose.

>>>
>>>
>>>
>>What kind of performance hit does this "wrapper" cause?  A couple of my
>>> app's instances take more than 4M transactions per day, up to several
>>> hundred per second at peak times.  So I can't afford much added work per
>>> request.
>>>
>>> Thanks!
>>>
>>>
>>>  Hey David,
>>
>> Well, that depends what do you do for every transaction (request). In the
>> above example with @WebListener, the app's performance should not be
>> affected significantly, all it does it registers a JMX MBean at app
>> deployment, and exposes the attributes and operations (getters/setters +
>> other public methods) to JMX clients invoke this MBean. Once you undeploy
>> the app, it unregisters the MBean.
>>
>
> Ok, that sounds promising.  I was worried that every request might have to
> go through the filter/wrapper before getting to my core processing code.
>  If the MBean classes only need to make (for example) getCounter() calls
> into my app's existing counters when needed, then that shouldn't be a
> problem.
>
>
>
>
>> Sure, performance will depend on how often you call JMX, and that might
>> shave few OS cycles away from standard app operations (4M tx per day), if
>> for example you want to make JMX calls every microsecond/second to plot
>> some charts, etc... that might put a dent in your app performance.
>>
>> Few questions for you:
>> - What kind of attributes/operations would you like to expose in your
>> application, by using JMX?
>>
>
> I am already keeping some counters and other information and exposing it
> through a browser interface into each instance (a .jsp).  But as the number
> of instances has grown from 3 to 12, monitoring each instance's status has
> become burdensome.  Hence my desire to consolidate the monitoring of all
> instances into a single location, and present the same information through
> the new interface I'm discussing here.  That data plus some startup
> parameters (the location of each app's various resources mostly) are all
> that I am looking to expose for now.
>
>
>
>  - What would you like to manage using JMX?
>>
>
> If by "managing", you mean controlling (changing settings, etc), I don't
> plan on doing any of that.  At least not for now.
>
>
>
>
>> It would be great to get some performance metrics and see how that affects
>> your application!
>>
>> Keep us posted :)
>>
>> Cheers!
>> n.
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat dependency on application server

[Leon Rosenberg]

Really, there are about 1 gazzillion valid ways to setup an application
consisting of n number of tomcats and m number of jbosses, running in same
or separate processes/vms/datacenters and doing stuff.
Maybe you should first find out, what your deployment architecture is, and
what your app does.
Probably ps is a good way to start to find out what is really running on
your machine and where.

Leon


On Sat, May 17, 2014 at 11:35 AM, Randhir Singh
wrote:

> I have 1 observation. In our developmental environment, I killed the Tomcat
> process and started the Tomcat it worked. But in the production
> environment,
> starting Tomcat was not enough and I had to restart JBoss & Tomcat in
> sequence for Tomcat to be up. Could it mean that JVM is crashing or
> something because of OOME in Tomcat.
>
> I could try to increase the heap & Permgen memory in Tomcat, would that
> help?
>
> Requesting a reply.
>
> Regards
>
> -Original Message-
> From: Randhir Singh [mailto:randhir.si...@sterlite.com]
> Sent: Saturday, May 17, 2014 11:00 AM
> To: 'Tomcat Users List'
> Subject: RE: Tomcat dependency on application server
>
> Thanks Chris for your answer. There were separate PID's on Linux for JBoss
> &
> Tomcat and I killed the Tomcat process. Would killing a Tomcat process also
> kill the JVM process? I had another related question of how to know the
> number of JVM's running, I mean the count of the number of JVM's.
>
> I hope, my query has been put across correctly.
>
> Requesting a reply.
>
> Regards
>
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Saturday, May 17, 2014 1:59 AM
> To: Tomcat Users List
> Subject: Re: Tomcat dependency on application server
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Randhir,
>
> On 5/15/14, 3:17 AM, Randhir Singh wrote:
> > Hi,
> >
> > We have JBoss as the application server & Tomcat as the web server in
> > our production & developmental setup which is on Red Hat Linux 5.X. We
> > have tomcat 6.X. My query is that if I need to restart tomcat, do I
> > need to restart JBoss & Tomcat both or just restarting Tomcat would be
> > enough. I am asking this query because I had killed the tomcat process
> > using kill -9 and while restarting tomcat it was not starting but when
> > I killed JBoss & tomcat and then restarted, Tomcat was up.
> >
> > I hope my query is clear whether Tomcat is dependent on JBoss.
>
> I'm fairly sure that there is only a single JVM for JBoss/Tomcat. If you
> killed one, you've killed the other.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTdnUaAAoJEBzwKT+lPKRYnH8QALfeHn4XVXB6KANb0hmAPEL3
> 7pNRaUW0AypQQjujzr7X4DKv3MOnMwWfIaiVcazNbtC7j+W3Mi6khksZIq1cz0At
> o9K0CDdJhAg5be9a68T7E5ko4mdy+rjX2ZsuX2LDdp5wyQaYWEXRWd3+hfBL2Gk7
> D+225vxnMUeB9gHLaVUQ4k/3TOZvO/DYT9TCnxOlviP1+QEek5chN6a9XDJpQKpg
> O/EVBudYmDMLu9QKbOJJ5jomKUUa/VPsjhwz4O32+2Zok5VWLIrct5joF3r2ej+p
> 5RfHLnijRcCX5QkZOAYM9mdvFuFb1+lNAUGKPJwZU47SI7delyJZwxqGJYmo495e
> Q2nGMqepgXlQhOtwuTMdSh9gFV6LqJeaWcW6ZpyMNXbkNSSRSIy3hgcZqRycsSUa
> dvBRg6j57MMhNiCDx9IVtxF+OqKbiiLNdb9tJRArSXdoSx3a1EYbRbmye3xWbrUv
> SYadbr14KBqTXxaK2qJBb7E3j/fn1J5NKEARQbM/ML5Q/0TaNIRMlmjbOt2yccYG
> pNRtC8FRkHWaN3eYtpM0vMNCZ/Cl/atzr3StoN/EX5bWjba6eaaXBaeKdG3FypyY
> jL0nQu7P0Ir1ASrcxlQeN5snLmI2G4AoFjenOhEsCDDQKixSiryzZRR6ZVqCPZ/k
> Bi3P3ZPYqngg8oU6s6b6
> =bJS6
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
> --
>
> *STL Disclaimer:*
> The content of this message may be legally privileged and confidential and
> are for the use of the intended recipient(s) only. It should not be read,
> copied and used by anyone other than the intended recipient(s). If you have
> received this message in error, please immediately notify the sender,
> preserve its confidentiality and delete it. Before opening any attachments
> please check them for viruses and defects. No employee or agent is
> authorised to conclude any binding agreement on behalf of Sterlite
> Technologies Limited with another party by email without express written
> confirmation by authorised person. Visit us at
> www.sterlitetechnologies.com
>  Please consider environment before printing this email !
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Slow page response time in tomcat 8.0.5

[Leon Rosenberg]

Hello Hariprasad,

you could embed moskito webui into your application, annotate your tags
with @Monitor and you would see how long they execute and what is the
execution path, which tags are called during an http request how often and
how long they execute. You can follow this link for more information on the
integration:
blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/

MoSKito itself: http://www.moskito.org

regards
Leon


On Thu, May 15, 2014 at 7:04 PM, Hariprasad Manchi
wrote:

> Hi,
> We are trying to use apache-tomcat 8.0.5 for our web application and have
> encountered performance issue with respect to the page response time.
> However, once the application is deployed in 8.0.5 we see a longer delay in
> response time from the server for the login page itself. With older version
> of tomcat i.e., tomcat 7.x(7.0.53), 6.x(6.0.18) we did not see such delay.
>
> We have 270 custom tags defined across 6 tld files in our application and
> have the tag pooling feature turned off in conf/web.xml (enablepooling is
> set to false; since this is a requirement for the application we had to
> turn it off).
>
> We tried to root cause the issue and used fidller tool to monitor the
> requests and response times. The browsers - both IE 11 and Chrome - were
> firing the requests quickly but were waiting for the response from the
> server. We do not know what is the actual cause for this delay. We have
> captured the traffic for both IE and Chrome and could send them if needed.
>
> Could you please advise how to proceed to identify the root cause for this
> delay? Or could you confirm this as already a known issue?
>
> Any help would be highly appreciated.
>
> We are not clear to which group the question should be posted, hence
> sending this email to both users and taglib-users email list.
>
> Regards,
> Hariprasad
>

Re: Application monitoring

[Leon Rosenberg]

Hello David,

I will not ask you why you are reinventing the wheel (ok, I lied, why are
you reinventing the wheel?).
You have multiple options available:
1) You could use jmx and publish your information as jmx beans.
2) You could use rmi between you 'collector' and the target apps.
3) You could use simple http (preferably json), but in that case I would
advice to setup a separate collector for it.

For any of the above options there are numbers of classes and utilities you
can use. For example jersey as jax-rs implementation is perfect for
exchange of json data, for rmi you could use DistributeMe (
http://www.distributeme.org) or spring-remote, and so on.

But yet again, why reinventing the wheel?

regards
Leon



On Wed, May 14, 2014 at 6:28 PM, David kerber  wrote:

> I am working on a small Tomcat servlet to monitor other tomcat-based
> applications running on the same physical machine, and am trying to figure
> out the best way to communicate between the monitoring app, and the
> monitored apps.
>
> My setup has several tomcat instances of a single application, each
> running from its own directory, and listening on its own TCP port.  So
> there is no direct communication between the instances.
>
> I'm trying to monitor various data about the application, not about tomcat
> itself or the JVM. So I want to collect such things as the number of
> requests it has processed, the last data received, etc, and not things like
> memory and cpu usage.  It is my app, so I can (and expect to need to) add
> methods or servlets to return the information I want to collect.
>
> My question is, what is the best way to make the request to get the data?
>  Would  URL request from the monitoring app to the monitored app be
> appropriate, and then parse the response out for display in a browser?  If
> so, what java class is likely to be useful for this communication?  I will
> have all the information needed to connect to the application instance
> (server, port, etc), but want it to be portable across OS types.
>
> Thanks!
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: No activity on tomcat.users since Tues?

[Leon Rosenberg]

I have even checked my email settings. But I've got some mails that google
bounces back some of the tomcat-user's emails. I am not sure if its just me
or google or the list.

regards
Leon


On Sat, May 10, 2014 at 8:54 PM, Tim Watts  wrote:

> Markmail seems to confirm this but kind of remarkable, huh?  I think the
> user community should get a promotion in recognition of our quantum leap
> in tomcat problem-solving skills!  (Or perhaps everyone's just busy
> reading the manual?)
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Test Mail, Please Ignore

[Leon Rosenberg]

I am wondering that I don't see any mails for a whole day on the list, this
is pretty unusual, so I try with a TestMail

Leon

Re: catalina.out is 13G

[Leon Rosenberg]

Hello Randhir,

whatever revert means.
However, if you remove the file the place will be occupied on most *'nix
system until a process restart. You will probably have to restart your
server to free this mount point's storage anyway.

regards
Leon


On Tue, Apr 22, 2014 at 4:20 PM, Randhir Singh
wrote:

> Hi,
>
> I have a immediate concern as the mount point on which Tomcat is placed is
> 99% and on checking I found that catalina.out is 13GB. I wanted to
> implement a solution for this but am not sure, can I take a backup of
> catalina.out and truncate catalina.out on the running application?
>
> Humbly requesting a revert on an immediate basis on whether I can truncate
> catalina.out after taking a backup on a running tomcat application.
>
> Regards
>
> --
>
> *STL Disclaimer:*
> The content of this message may be legally privileged and confidential and
> are for the use of the intended recipient(s) only. It should not be read,
> copied and used by anyone other than the intended recipient(s). If you have
> received this message in error, please immediately notify the sender,
> preserve its confidentiality and delete it. Before opening any attachments
> please check them for viruses and defects. No employee or agent is
> authorised to conclude any binding agreement on behalf of Sterlite
> Technologies Limited with another party by email without express written
> confirmation by authorised person. Visit us at
> www.sterlitetechnologies.com
>  Please consider environment before printing this email !
>
>
>
>
>

Re: Performance - Java Profiler, JVM instrmentation

[Leon Rosenberg]

On Tue, Apr 15, 2014 at 7:58 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Shanti,
>
> On 4/15/14, 10:51 AM, Shanti Suresh wrote:
> > Taking it one step further, could I request some recommendations on
> > how we might profile Java code running inside Tomcat?  Often, I am
> > stuck with finding out why an application is slow.  It could be a
> > consistent, progressive  or a sudden problem.  These applications
> > do not expose metrics via MBeans.  Say, for e.g., a vendor
> > application which has been heavily customized in-house.
>
> You need to use a Profiler for that. There are a number of fine
> Profilers available for Java. I use YourKit because they give free
> licenses to ASF committers.
>
> Hello Chris, et al,

last time I tried to use a profile on a production site it killed it within
a second. Usually the performance overhead of a profiler is so huge, that
you have no chance to run it in production.
And real problems do not occur in test labs ;-)

Leon

Re: Performance - Java Profiler, JVM instrmentation

[Leon Rosenberg]

On Tue, Apr 15, 2014 at 4:51 PM, Shanti Suresh  wrote:

> Greetings,
>

Hello Shanti,


>
> Chris' presentation on monitoring Tomcat is really nice work.  I found that
> quite useful.
>
> Taking it one step further, could I request some recommendations on how we
> might profile Java code running inside Tomcat?  Often, I am stuck with
> finding out why an application is slow.  It could be a consistent,
> progressive  or a sudden problem.  These applications do not expose metrics
> via MBeans.  Say, for e.g., a vendor application which has been heavily
> customized in-house.
>
> Some metrics that I find useful during these times are things like
> concurrent invocations, stall counts on components, call-stack,
> response-rate etc.
> Java Melody has a nice built-in dashboard of metrics.  Co-relating metrics
> like that is powerful and helps isolate relatively easy problems.  I find
> that the metrics skim the surface of more involved problems.
>
> In Tomcat, is there a way to go deeper into the performance of the code for
> root-cause analysis and isolate a section of the code or a flow in the code
> for troubleshooting?  How would one go about getting to that place?  Let's
> say, there is no budget for purchasing tools in that space.  I find Chris'
> example on writing filters to map to URL patterns for response-time metrics
> relevant.  I would also like stall counts, concurrent invocations etc.
>

There are tools that are doing exactly that for about 7 years out now.
You can go to http://newrelic.com and get it for as much as 150 USD per
server.
Or you can get all the same for free from http://www.moskito.org. And more.

regards
Leon



>
> Greatly appreciate your thoughts and opinions.
>
> Thanks,
>
>  -Shanti
>

Re: How to monitor performance of tomcat

[Leon Rosenberg]

How about http://www.moskito.org ?
It has everything you need including full control of jmx beans, memory
management, threads, your beans/pojos/classes, filters, urls, what not...

regards
Leon


On Tue, Apr 8, 2014 at 1:05 PM, Randhir Singh wrote:

> We have an application which has JBoss as the application server with
> Tomcat as the web server, our application has Oracle 11g as the database. I
> would give some further background to the issue we are facing, since the
> last 1 1/2 months, the application slows down. Sometimes it comes back to
> normal, specially on week-ends. But other times we restart JBoss & Tomcat
> to bring back the application to normal.
>
>
>
> We have been using jconsole to monitor tomcat like
>
>
>
> jconsole 10.101.17.79:8891
>
>
>
> which monitors our tomcat for a work order system. If the memory usage does
> not show spike and shows constant reading, the GC button is clicked to
> invoke the garbage collector.
>
>
>
> I checked out on the net and got some clue as below:
>
>
>
> 1)  Javamelody - It seems to be a 3rd party tool which is not
> recommended.
>
> 2)  There is a command mentioned to see the admin console,
> http:/// but it is not displaying the required page.
>
>
>
> Please give your inputs whether jconsole should be a help in the right
> direction or some other way to monitor the performance of Tomcat.
>
>
>
> Regards
>
> --
>
> *STL Disclaimer:*
> The content of this message may be legally privileged and confidential and
> are for the use of the intended recipient(s) only. It should not be read,
> copied and used by anyone other than the intended recipient(s). If you have
> received this message in error, please immediately notify the sender,
> preserve its confidentiality and delete it. Before opening any attachments
> please check them for viruses and defects. No employee or agent is
> authorised to conclude any binding agreement on behalf of Sterlite
> Technologies Limited with another party by email without express written
> confirmation by authorised person. Visit us at
> www.sterlitetechnologies.com
>  Please consider environment before printing this email !
>
>
>
>
>

Re: The Service Component

[Leon Rosenberg]

Hello Leo,


On Fri, Mar 7, 2014 at 6:49 PM, Leo Donahue  wrote:

> On Fri, Mar 7, 2014 at 9:01 AM, Leon Rosenberg 
> wrote:
> > Hello,
> >
> > I do use multiple connectors but one service.
> > Multiple connectors to separate user traffic from admin/management
> traffic.
> > For example if due to overload no threads are available to server http
> > request on the 'main' connector, I still can look into the app, to see
> what
> > is going on, over my "administrative" connector.
> >
> > Leon
>
> You are just changing the port number then in your "administrative"
> connector, in the same Service element?
>
yes:

for example





I would then point the front loadbalancer to 8080 and keep 8180 accessible
from the administration network only.

regards

Leon



>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: The Service Component

[Leon Rosenberg]

Hello,

I do use multiple connectors but one service.
Multiple connectors to separate user traffic from admin/management traffic.
For example if due to overload no threads are available to server http
request on the 'main' connector, I still can look into the app, to see what
is going on, over my "administrative" connector.

Leon


On Fri, Mar 7, 2014 at 5:44 PM, Leo Donahue  wrote:

> Who uses more than one Service in their server.xml and why?  I get
> that you can have multiple Connectors if you have multiple Service
> components but why use multiple connectors?
>
> Are there any docs on the use cases for these features?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: sudden increase in tomcat sessions..?

[Leon Rosenberg]

Hello Kumar,

can't you just ask your Ops guys to get your the load balancer config?
That would be much easier as guessing.

Usually you can configure how many samples the load balancer must try to
get and what is the timeout. For example if the setting is 3 with timeout
of 15 seconds, 3 requests would be send, and after a total of 45 seconds
the server would be marked as down and receive no more traffic. But(!) this
is subject of the specific configuration of your load balancer. So why not
just get it and check?

regards
Leon


On Tue, Feb 11, 2014 at 5:56 PM, Kumar Muthuramalingam  wrote:

> what I mean is if I am supposed to get a response for that Update.jsp file
> and I didn't get it for a while. Will the load balancer will check for it
> connectivity? Is there any timeout set for load balancer to get response.
>
> Thanks,
> Kumar.
>
>
> On Tue, Feb 11, 2014 at 8:13 AM, Daniel Mikusa  >wrote:
>
> > On Feb 10, 2014, at 7:22 PM, Kumar Muthuramalingam  >
> > wrote:
> >
> > > Before that can you tell me one thing please. Suppose if a page request
> > > (eg. /UpdateQuery.JSP) is coming from a load balancer to tomcat and the
> > > UpdateQuery.JSP is connected to some third party server. Assume if the
> > > tomcat is not getting any reply from the Query server for some seconds.
> > > Will the load balancer will send ping requests to tomcat to verify the
> > > connection of the application ?
> >
> > I've never seen a load balancer that works like that.  Usually they just
> > request a singe resource on a repeating cycle, like every second or two.
>  I
> > guess it really depends on your load balancer though.
> >
> > Dan
> >
> > >
> > > Thanks
> > > Kumar.
> > >
> > >
> > > On Mon, Feb 10, 2014 at 4:21 PM, Daniel Mikusa  > >wrote:
> > >
> > >> On Feb 10, 2014, at 4:07 PM, Kumar Muthuramalingam <
> > kumarkm...@gmail.com>
> > >> wrote:
> > >>
> > >>> Yes its the load balancer. and recently I found in the log that there
> > >> was a
> > >>> memory leak exception while the tomcat server was restarted.The
> session
> > >>> increase problem started from this particular date . Could this be a
> > >> cause
> > >>> for the tomcat to hang up and DOS occurred?
> > >>
> > >> Can you include the message you saw?  Otherwise it's tough to say.
> > >>
> > >>> One more question. I see this memory leak exception in only one
> tomcat
> > >>> catalina log file. I didn't see this in other servers log file. One
> > >> tomcat
> > >>> can handle 200 sessions. So once if it reaches the limit will the
> > >> requests
> > >>> will get diverted to other available servers so that the server
> > sessions
> > >>> also will increase? If so how to find that redirection in log file.
> > >>
> > >> You'd want to look at how your load balancer is setup.  Tomcat just
> > >> handles the requests that you send to it.  If you want to control how
> > >> requests are delivered to multiple Tomcat servers then you need to do
> > that
> > >> before the requests hit your Tomcat servers, like with your load
> > balancer.
> > >>
> > >> Dan
> > >>
> > >>>
> > >>> Sorry if I 'm crazy.
> > >>>
> > >>> Thanks,
> > >>> Kumar
> > >>>
> > >>>
> > >>> On Mon, Feb 10, 2014 at 2:19 PM, Daniel Mikusa <
> dmik...@gopivotal.com
> > >>> wrote:
> > >>>
> >  On Feb 10, 2014, at 1:59 PM, Kumar Muthuramalingam <
> > >> kumarkm...@gmail.com>
> >  wrote:
> > 
> > > Thanks for the reply. I accept this remedy will clear the issue.
> But
> > my
> > > question is how to verify the root cause of this DOS attack that
> > >> occurred
> > > earlier?
> > 
> >  As previously directed, look at your access logs.  That should show
> > you
> >  who is requesting this JSP file.
> > 
> >  If it's your load balancer (or some other trusted IP), then problem
> >  solved.  Just correct the JSP.
> > 
> >  If it's a third party then in additional to fixing the JSP, you'll
> >  probably want to investigate why they're calling that JSP so much.
>  I
> >  suppose you could even go so far as to blocking them with your
> > firewall
> > >> or
> >  a filter, but that's up to you.
> > 
> >  Dan
> > 
> > > What ever steps suggested above is to take a precaution or solve
> > > the issue. please help me.
> > >
> > > Thanks,
> > > Kumar.
> > >
> > >
> > > On Mon, Feb 10, 2014 at 12:06 PM, Daniel Mikusa <
> > dmik...@gopivotal.com
> > > wrote:
> > >
> > >> On Feb 10, 2014, at 11:56 AM, Kumar Muthuramalingam <
> >  kumarkm...@gmail.com>
> > >> wrote:
> > >>
> > >>> Thanks for your reply. I have 3 applications running under the
> > tomcat
> >  and
> > >>> only one application got a ping.jsp file others don't. And also I
> > >> could
> > >> see
> > >>> from the access logs that only the application that has got
> > ping.jsp
> >  file
> > >>> was pinged others were not. And the sessions are high only for
> this
> > >>> particular application. Now I g

Re: sudden increase in tomcat sessions..?

[Leon Rosenberg]

Hello,

I think some things are mixed up here. Since you are behind a load
balancer, its unlikely that you experience ping (icmp) DoS, at least that
it goes through till your server.
First, setup access logs in server.xml



 

Note: usually, if the load balancer is configured properly, tomcat will see
the IP of the original request. If not, it will be send in a header field
(in example X-Forwarded-For). If your load balancer doesn't send a header
field - change its configuration to send one, you will need it anyway.

Check that the page your loadbalancer uses to check whether tomcat behind
is available doesn't create a new session (session=false if its a jsp,
don't use request.getSession() if its a servlet).

If that doesn't help, download and install moskito following this guide:
http://blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/

This will allow you to make charts of your sessions, you will see if there
are any patterns in session increase/decrease, maybe also together with
other values like users or requests.

If you have multiple tomcats you can setup moskito-control and put all the
sessions from all tomcats into one chart:
http://blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-6-moskito-control/

good luck.

regards

Leon.

















On Sun, Feb 9, 2014 at 6:22 AM, Kumar Muthuramalingam
wrote:

> Thanks for your reply. What happened actually was there was a sudden
> increase in invalid sessions as I said before and we manually deleted those
> sessions using the tomcat manager. And then it appeared to be normal. But
> then it occurred three times in last two weeks. It' s a production
> environment.
> My question is not how to stop some thing so that it could stop the ping
> requests but I would like to know what could be the cause for it and how
> can I find the cause? Please help me.
>
> Thanks,
> Kumar.
>
>
> On Sat, Feb 8, 2014 at 9:01 PM, Martin Gainty  wrote:
>
> > DOS (Denial of Service) Attack
> >
> > one type is endless ping
> >
> > if someone is running a endless loop of ping attacks on your TC server
> >
> > you can disable ICMP on TC server
> >
> >
> https://www.serverintellect.com/support/windowsserversecurity/disable-icmp-requests/
> >
> >
> >
> > DOC attack usually results in TROJ_MDROPPER.* on system
> > NAV and McAfee can detect these malware attachments on Word Docs
> >
> >
> >
> http://blog.trendmicro.com/trendlabs-security-intelligence/trojanized-doc-files-in-targeted-attack/
> >
> >
> > HTH
> > Martin
> >
> >
> >
> >
> >
> > > Date: Sat, 8 Feb 2014 19:54:32 -0500
> > > Subject: Re: sudden increase in tomcat sessions..?
> > > From: kumarkm...@gmail.com
> > > To: users@tomcat.apache.org
> > >
> > > Hi David,
> > > Thanks for your reply. How can I verify that it is a DOC attack? which
> > > log i should refer.please guide me.
> > >
> > > Thanks,
> > > Kumar.
> > >
> > >
> > > On Sat, Feb 8, 2014 at 7:42 PM, David Kerber 
> > wrote:
> > >
> > > > On 2/8/2014 7:08 PM, Kumar Muthuramalingam wrote:
> > > >
> > > >> Hi,
> > > >> I 'm using tomcat version 6 and 7. One day there was a sudden
> increase
> > > >> in
> > > >> number of sessions in both tomcats. And all the sessions had no
> > username,
> > > >> same lastaccessed time, same created time and the inactive time was
> > > >> 00:00:00. It is not happening always but it happens some times on
> some
> > > >> day.
> > > >> Can't predict. And We have set the idle timeout as -1 because we
> have
> > to.
> > > >> When I try to dig the log. It showed that the load balancer IP was
> > sending
> > > >> many ping requests to our application. Can anybody tell why this is
> > > >> happening and how can I find the cause?
> > > >>
> > > >
> > > > DOS attack?
> > > >
> > > >
> > > >
> > > >> Thanks,
> > > >> Kumar.
> > > >>
> > > >>
> > > >
> > > > -
> > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > > >
> > > >
> >
> >
>

Re: Tomcat classloader memory leak when an object is stored into session

[Leon Rosenberg]

On Fri, Feb 7, 2014 at 8:38 AM, Michal Botka  wrote:

> Is there a way how to avoid this leak?
> I would like to develop an application which can be safely
> deployed/undeployed without restarting the server.
> OK, now I know that my application cannot store it's objects into
> session, but that is very strong requirement which the most of the
> applications don't meet.
> Thanks for help.
>

But do you have to serialize your sessions? Switching off session
serialization might help.
regards
Leon


>
> 2014-02-06 22:58 GMT+01:00 David Kerber :
> > On 2/6/2014 3:13 PM, Michal Botka wrote:
> >>
> >> When an application stores an object into the session and then the
> >> application is reloaded using Tomcat Web Application Manager, the
> >> classloader cannot be garbage collected. As a result, the
> >> "OutOfMemoryError: PermGen space" error occurs after several reloads.
> >
> >
> > This is true.  What is your question?
> >
> >
> >
> >>
> >> To illustrate the issue, you can find an example below.
> >> Thanks in advance :-)
> >>
> >>
> >> 1. The EvilClass class whose instances are stored into the session:
> >>
> >> public class EvilClass implements Serializable {
> >>
> >>  // Eat 100 MB from the JVM heap to see that the class is not
> >> garbage collected
> >>  protected static final byte[] MEM = new byte[100 << 20];
> >>
> >>  private String value;
> >>
> >>  public String getValue() {
> >>  return value;
> >>  }
> >>
> >>  public void setValue(String value) {
> >>  this.value = value;
> >>  }
> >>
> >> }
> >>
> >>
> >> 2. Servlet which stores EvilClass instances into session
> >>
> >> public class TestServlet extends HttpServlet {
> >>
> >>  @Override
> >>  protected void doGet(HttpServletRequest req, HttpServletResponse
> >> resp) throws ServletException, IOException {
> >>  EvilClass obj = new EvilClass();
> >>  obj.setValue(req.getRequestURI());
> >>  req.getSession().setAttribute("test", obj);
> >>  getServletContext().log("Attribute stored to session " + obj);
> >>  }
> >>
> >> }
> >>
> >>
> >> 3. web.xml part which maps the servlet to an URL
> >>
> >> 
> >> TestServlet
> >> test.TestServlet
> >> 
> >> 
> >> TestServlet
> >> /*
> >> 
> >>
> >>
> >> Steps to reproduce the issue:
> >> 1. Copy application WAR to the webapps directory.
> >> 2. Start Apache Tomcat.
> >> 3. Hit TestServlet.
> >> 4. Check Heap/PermGen size using Java VisualVM.
> >> 5. Reload the application thru Tomcat Web Application Manager.
> >> 6. Hit TestServlet again.
> >> 7. Perform GC and check Heap/PermGen size again.
> >>
> >>
> >> Environment:
> >> Apache Tomcat version: 7.0.50
> >> OS: Windows 7 64
> >> JVM: Java HotSpot(TM) 64-Bit Server VM (23.6-b04, mixed mode)
> >> Java: version 1.7.0_10, vendor Oracle Corporation
> >>
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat classloader memory leak when an object is stored into session

[Leon Rosenberg]

On Fri, Feb 7, 2014 at 12:45 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com]
> > Subject: Re: Tomcat classloader memory leak when an object is stored
> into session
>
> > > When an application stores an object into the session and then the
> > > application is reloaded using Tomcat Web Application Manager, the
> > > classloader cannot be garbage collected. As a result, the
> > > "OutOfMemoryError: PermGen space" error occurs after several reloads.
>
> > I think the OP states, that this shouldn't be the case.
>
> > Personally I'm struggling with this one. But since I don't use the
> > reloading anyway I will relax and wait for enlightenment that is sure to
> > come from Chuck ;-)
>
> Since you insist...
>

Thank you!
I knew we can always count on you (now seriously) ;-)

best regards
Leon


>
> Start with the Wiki:
> http://wiki.apache.org/tomcat/MemoryLeakProtection
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat classloader memory leak when an object is stored into session

[Leon Rosenberg]

On Thu, Feb 6, 2014 at 11:58 PM, David Kerber  wrote:

> On 2/6/2014 3:13 PM, Michal Botka wrote:
>
>> When an application stores an object into the session and then the
>> application is reloaded using Tomcat Web Application Manager, the
>> classloader cannot be garbage collected. As a result, the
>> "OutOfMemoryError: PermGen space" error occurs after several reloads.
>>
>
> This is true.  What is your question?


I think the OP states, that this shouldn't be the case.

Personally I'm struggling with this one. But since I don't use the
reloading anyway I will relax and wait for enlightenment that is sure to
come from Chuck ;-)

regards
Leon

Re: Java to JavaScript RMI framework available.

[Leon Rosenberg]

Hello Igor,

this looks really promising, I will take a deeper look in next year ;-)

Btw, Happy New Year to Everyone ;-)

Leon


On Tue, Dec 31, 2013 at 1:55 AM, Igor Urisman wrote:

> Folks,
>
> I needed to write this for something I am working on and thought there
> might be a wider audience for it.
> Tomcat 8 supports standard compliant Websockets, which provide convenient
> asynchronous full-duplex
> server to client data transport. The framework I am offering builds on top
> of that a feature rich remote
> method invocation paradigm.  Please check it out.
>
> https://github.com/iurisman/FERMI
> Apache 2.0 license.
>
> Happy coding.
> Igor.
>

Re: [OT] Garbage Collectors

[Leon Rosenberg]

On Thu, Dec 19, 2013 at 12:51 AM, Howard W. Smith, Jr. <
smithh032...@gmail.com> wrote:

> On Wed, Dec 18, 2013 at 6:11 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>
> > 3. What is your total heap size?
> >
>
> -Xms4096m
> -Xmx4096m
> -XX:MaxPermSize=384m (will share this as well, just because)
>
>
> but I think I can change to -Xms/-Xmx1250m, because heap used seem to max
> out at (+/-)1024m.
>
>
Don't, GC works best if used heap is < half of allowed heap. So keep at
least 2G (You know that you can specify 4G instead of 4096M, right? :-))
Leon

Re: [OT] Garbage Collectors

[Leon Rosenberg]

Hello,


On Thu, Dec 19, 2013 at 12:11 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I was recently discussing garbage collectors with a friend (yes, an
> exciting conversation) and I was wondering what the folks in the
> Tomcat community were using for their garbage collection needs.
>
> I'd like to run an informal poll. Feel free to reply to just me
> directly if you'd like to protect your reputation or not clog the list
> or to the whole list if you'd prefer.
>
> I know there are lots of lurkers on the list who rarely post and I'd
> encourage them to reply as well even if they don't feel like they are
> running anything of any importance.
>

I have too many (or consult many) but I will take the most visited.


>
> So, here are my questions:
>
> 1. What JVM are you using?
>
>[ ] Sun/Oracle/OpenJDK Java 1.5
>[ ] IBM Java 1.5
>[ ] Sun/Oracle/OpenJDK Java 1.6
>[ ] IBM Java 1.6
>[x] Sun/Oracle/OpenJDK Java 1.7
>[ ] IBM Java 1.7
>[ ] Sun/Oracle/OpenJDK Java 1.8
>[ ] Something else - please specify:
>
> 2. What kind of web application are you running?
>
>[ ] A toy, a research project, or something with virtually no use
>[ ] A moderately busy web site (<1M requests/mo/server)
>[ ] A moderately busy web site (<10M requests/mo/server)
>[ ] A busy web site (10M - 100M requests/mo/server)
>[x] A super-busy web site
>
> 3. What is your total heap size?
>
14 GB

>
> 4. Are you explicitly specifying a Garbage Collector? If not, just say
> so and skip the rest of the questions.
>
CMS + Options

>
> 5. What led you to use [GC X] instead of the JVM's default collector?
>
GC pauses

>
> 6. Did you do any actual performance testing to see if the switch from
> the default to [GC X] made any difference?
>
Yes

>
> 6. Have you spent a lot of time tuning [GC X]?
>
Yes :-)

>
> 7. Did your tuning exercise yield any useful results?
>
45 sec pauses eliminated

>
> 8. Did your users notice any difference after you implemented [GC X],
> or just your own load-testing team?
>
I assume so, we had servers taken out of the pool by lb due to connection
timeouts.

>
> If you think there's anything else I should know about your experience
> with [GC X], please let me know.
>
Well, it changes from version to version, so each new jdk version means
start from beginning. Some of the options in Java 6 do not make sense in
Java 7 and so on. But in general CMS is my personal choice for low-pause
collector, I haven't yet seen working G1.


>
> Thanks,
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.15 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJSsiu1AAoJEBzwKT+lPKRYdAsQAKWytJHCv3Kj8p8vWoDsCgEO
> LZd6Yq/j8j5uID+UM4pq8FgRN03TmmjujOZaQ769ljZqtd9w+VFf2+zPbt7gPqGI
> SDFACw+VtQxEmVUDhE4H0tBfz7h7SZ8QOPTyScx384mDAvRzJKaeGPwrbJBogvaW
> cvyzNtgFDywpNTCjyKT3JLoUfjm+CjLryK6bo3+6I7I3ikhyHVsYZHuls5DG9LNf
> mYJ2KGOeYN332VcJWaCElLiK2HQrFY+BxfJ+f7mH6ztmq0iawulg8bApUo+vllwD
> r2Ble1kc0pgwMn4jOoRAP1R9IaFSsPX8a87T1uFtnRS0vdW4BRy6O5xE1wjFQPuq
> 52jcFf7i5ZiFYIXO1/vWw9FjZ2DBXnjMuEEdPf5laHNXKJIMCnulKOC6W48eS6Rq
> E7hRa7h+RQ0CVk9Pjp2NGdiPAeRL44LRDWaPWmTH7iXUcaWg2IxC3OXXyezP6aPE
> 7DrKhW9jjxbQG/H3GXzX9Sptee+osfPUaU6sOND8EYUYLojg6b6XLxfbjLpedrsh
> eHC1zksbc0WkZxhnXDSPZV4+4y0djC0X+tNX/DPCs/wPpXEqmqeGSXc7sbnXoLYf
> 49jGRa6pz8MR1da5D78lSCxm407+UNJzbJuGfHFzjYqxjQEULKJTug4Z7Hs0MGne
> XzAqLyKxfgW0/4P5QzD6
> =EFcD
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

[OT] Symantic has a first tomcat worm ;-)

[Leon Rosenberg]

Morning everyone,

what can be greater start in the morning as reading about first tomcat worm
found by symantec ;-)

http://www.symantec.com/connect/blogs/all-your-tomcat-are-belong-bad-guys

Enjoy your caffe.

Leon

Re: Tomcat restart utility

[Leon Rosenberg]

Hello Vicky, et al,

I think the easiest way to give the developers the restart capabilities is
to get them ssh access to the user that is running tomcat.

This is easy, secure and convenient.

regards
Leon

On Thu, Nov 14, 2013 at 4:50 AM, vicky  wrote:

> Thanks Chris, I'm looking for restart capability only.
>
> Actually I have dozen of tomcat instances running on Linux machines, I
> want to give the restart capability to the developers team, can you please
> explain a bit
> that how I can achieve that .
>
> Many thanks again for responding & sharing the knowledge
>
>
> From: Christopher Schultz 
> To: Tomcat Users List 
> Sent: Wednesday, 13 November 2013 7:58 PM
> Subject: Re: Tomcat restart utility
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Vicky,
>
>
> On 11/13/13, 5:52 PM, vicky wrote:
> > Is there any other tool/utility with which we can do the deployment
> > & tomcat restart like PSI-PROBE.
> >
> > I'm having issues with PSI-PROBE ,restart functionality is not
> > available over there & following message is coming on restart
> > screen :-
> >
> > "This JVM is not controlled by Java Service Wrapper"
> >
> > Unable to figure out how to fix this
>
> Looks like PsiProbe only allows "restart" capabilities when you are
> using jsvc.
>
> In any case, using jsvc is probably the easiest way to control your
> JVM if you intend to make it "restartable". If you're on Windows, just
> use the Windows Service and use the service controller to restart Tomcat.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.15 (Darwin)
> Comment: GPGTools - http://gpgtools.org/
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJShC4oAAoJEBzwKT+lPKRYUCIP/3+Mcq+8a1Nve4OUWQrMkKsz
> EqRwgFDuCdHLwiqBoDFQDufiH3cKOL2h19FVPopNkf6eA4lnZjZF9bjGaPH7W/m7
> dLF53o1eeeDdFHYLvuO4I5ysJ5a3csx9VgCk7R+GHrw09z8LWsU3rS5pU4EyEy4i
> cbQo00h21Q2PlYZElRj35pCnQzVz1FmpDNqQ802gxyzDXDaexQQEnjEz/yMUg7VG
> 2d0igYnzu2Llzc2isNIdvbHb9FjpIJn713P1C093jAEOYtKUPwjvBn98QH7EJMvL
> 61QSKx85g+QT+r4k2BJ9MrqQ6BB90NojIYYfNdc8SySM7WRcNJvanGAuoPI0+uka
> MSZby7pji7UqIr/eLWNid42yJ57DJ0zbnaBHjkXH31QPwn3MWBZEwfAnI55ixyAJ
> +M9ZnjeNRxNRJoUjd/t5Amn4eB/Tv6tD2Sk1DTr5vZ2EWYi1mmp6CAAL6yjf1W2+
> nc2UhTwz3s0yNXiIQOfGI4jUpuoMZ0vJDFnkqyWOeMUjBhmLeAG9fF8xDuU2Uvhs
> Y8mfZjGdY6l+WxWfvrgMbrsindQ30RoNBxE+g3rLOEWC3AxV0W3l4Hg7l5MZ9b7H
> qx2GWZ5zCDbsHhwtS9N4qX2cxXtxVb7BlZegLh33CiCsyCU54OuY1rqUzK0E2xFC
> dSvhXBb6CNNaW5rljS38
> =3Bpd
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: [OT] [Fwd: TomEE Professional Support]

[Leon Rosenberg]

I got it too. I think its easier to delete and forget it, as to debate
about it. ;-)
regards
Leon


On Wed, Nov 13, 2013 at 2:15 PM, André Warnier  wrote:

> Hi.
>
> I got the following email in my personal email inbox.
>
> Isn't there some rule, or at least some matter of self-control, in not
> using email addresses collected on this list for commercial promotion ?
>
>  Original Message 
> From: - Wed Nov 13 13:48:37 2013
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 
> Return-Path:  us4.mcsv.net>
> X-Original-To: a...@ice-sa.com
> Delivered-To: andre.warn...@ice-sa.com
> Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
> client-ip=205.201.128.173; helo=mail173.us4.mcsv.net;
> envelope-from=bounce-mc.us3_22715643.227889-aw=ice-sa.com@
> mail173.us4.mcsv.net; receiver=a...@ice-sa.com
> Received: from mail173.us4.mcsv.net (mail173.us4.mcsv.net[205.201.128.173])   
>  by
> tor.combios.es (Postfix) with ESMTP id DCFAB3C0AD2   for ;
> Wed, 13 Nov 2013 13:48:25 +0100 (CET)
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=
> mail173.us4.mcsv.net; h=Subject:From:Reply-To:To:Date:Message-ID:List-
> Unsubscribe:Sender:Content-Type:MIME-Version; i=gurkanerdogdu=3Dyahoo.com@
> mail173.us4.mcsv.net; bh=Mxp5nGTBAhJ4tiDlAEgNxpJYWwM=;
> b=Ocyx3ymgzmK11vA3/+524g885jWe0hlVlLQwFLGw052EepxX/u3JqrGTIZv6+afps8yWKhHqpMRz
> DR1JqSg9JPIfmn6xVzPvr5X/5Ve5g78ZKmZm5BmxmCRNyqB4fIc5+iLuIas31KKRImjm5cpEh8P5
> RAauIo5RquVVHcBgVbU=
> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=
> mail173.us4.mcsv.net; b=BmLvRK7R5zl2/VRFdLZ09BJy50nOQFBXLcUoHLPQqfO
> o7DkgQbmi8Ug7bwNHNpotAwBLuXBIp2sW w8nzt6XeIcHys59itcvcLBKCt6zoR1
> vBv1RFw1OMSwlwuilV8u0zcNtNcav+LdWoW8zAnksyWOWL /knOPWkSMr9PbtPhtB4=;
> Received: from (127.0.0.1) by mail173.us4.mcsv.net id hgdqg0174lg1 for <
> a...@ice-sa.com>; Wed, 13 Nov 2013 12:47:58 + (envelope-from
> )
> Subject: TomEE Professional Support
> From: Apache TomEE Support 
> Reply-To: Apache TomEE Support 
> To:  
> Date: Wed, 13 Nov 2013 12:47:58 +
> Message-ID: <9781cf0ccdac7604f1f7fd52ea052bfdbb3.20131113124746@mail173.
> us4.mcsv.net>
> X-Mailer: MailChimp Mailer - **CID105b909b64a052bfdbb3**
> X-Campaign: mailchimp9781cf0ccdac7604f1f7fd52e.105b909b64
> X-campaignid: mailchimp9781cf0ccdac7604f1f7fd52e.105b909b64
> X-Report-Abuse: Please report abuse for this campaign here:
> http://www.mailchimp.com/abuse/abuse.phtml?u=9781cf0ccdac7604f1f7fd52e&id=
> 105b909b64&e=a052bfdbb3
> X-MC-User: 9781cf0ccdac7604f1f7fd52e
> x-accounttype: ff
> List-Unsubscribe:  105b909b64-a052bfd...@mailin1.us2.mcsv.net?subject=unsubscribe>, <
> http://blogspot.us3.list-manage.com/unsubscribe?u=
> 9781cf0ccdac7604f1f7fd52e&id=b75a8245a1&e=a052bfdbb3&c=105b909b64>
> Sender: "Apache TomEE Support"  mail173.us4.mcsv.net>
> x-mcda: FALSE
> Content-Type: multipart/alternative; boundary="_--=_MCPart_
> 1458955636"
> MIME-Version: 1.0
>
> 20% off TomEE Support from Java EE Guru Gurkan Erdogdu. He really knows
> Apache Tomcat, TomEE and related Java EE projects in source code level!
>
> 
> Email not displaying correctly?
> View it in your browser (http://us3.campaign-archive1.com/?u=
> 9781cf0ccdac7604f1f7fd52e&id=105b909b64&e=a052bfdbb3) .
>
>
> ** Support for Apache TomEE (http://blogspot.us3.list-
> manage1.com/track/click?u=9781cf0ccdac7604f1f7fd52e&id=
> bceee0c9ba&e=a052bfdbb3) Funs
> 
> BUY NOW (http://blogspot.us3.list-manage.com/track/click?u=
> 9781cf0ccdac7604f1f7fd52e&id=6a24f4ee0e&e=a052bfdbb3)
>
>
> ** TomEE Support : 20% Off
> 
>
>
> ** professional TomEE Support with NO HIDDEN COST!
>
> 
> http://blogspot.us3.list-manage.com/qr/coupon?e=
> a052bfdbb3&data=eyJjaWQiOiIxMDViOTA5YjY0IiwidW
> lkIjoiOTc4MWNmMGNjZGFjNzYwNGYxZjdmZDUyZSIsImNvZGUiOiIzYzE0OT
> g3NDIxIiwidGV4dCI6IjIwJSBvZmYgMSBUb21FRSBTdXBwb3J0IiwidGlkIj
> oiOTcxMDJlZDgyNiIsInVzZXMiOjF9&s=2" alt="20% off 1 TomEE Support"
> title="20% off 1 TomEE Support">http://9781cf0ccdac7604f1f7fd52e.
> 105b909b64.list-manage.com/3c14987421" alt="" style="display:none;margin-
> left:-px;">
> http://blogspot.us3.list-manage.com/track/click?u=
> 9781cf0ccdac7604f1f7fd52e&id=909133d7cd&e=a052bfdbb3
>
>
> ** TomEE Support Discount
> 
> Would you like to get Apache TomEE professional support from Java EE guru
> with no hidden cost! As a founder of the project Apache OpenWebBeans and
> several other big Java EE projects, Gurkan Erdogdu knows the Apache Tomcat
> and TomEE and related projects in source code level. For initial
> subscribers, we will apply 20% discount.
> BUY NOW (http://blogspot.us3.list-manage.com/track/click?u=
> 9781cf0ccdac7604f1f7fd52e&id=935336dc96&e=a052bfdb

Re: Tomcat Monitoring - Thread usage - currentThreadCount or currentThreadBusy

[Leon Rosenberg]

Hello Vikram,

if you are working on a monitoring solution for tomcat I suggest you take a
look at moskito: http://www.moskito.org.

regards
Leon


On Thu, Aug 15, 2013 at 3:42 AM, Vikram Jain  wrote:

> Hi Team,
>
> I'm Vikram Jain. My first query to Tomcat user group, looking forward to
> hear from you. :)
>
> I am working on Tomcat monitoring solution for a project and when it comes
> to monitoring 'Thread usage', I am wondering whether I should be comparing
> 'currentThreadCount' or 'currentThreadBusy' attribute against 'maxThread'
> to generate an alert.
> Is currentThreadBusy the actual represntation of the activeThread count ?
> If currentThreadCount increases when there is an increase in need of
> request processing threads and once the requests are processed, whether the
> currentThreadCount drops ?
>
> Please assist. If you find it relevant, please also update the docs to the
> benefit of other users :)
>
> Regards,
> Vikram
>

Re: javaagent is messing with webapp classpath

[Leon Rosenberg]

Hello,

yes, your java agent is probably not well coded :-)

regards
Leon


On Thu, Aug 1, 2013 at 8:33 PM, Alberto SOUZA  wrote:

> Hi,
>
> I have a javaagent that changes some specific classes of my project. But,
> when i start the server using the agent I get a lot of
> ClassNotFoundException for a  lot of classes... Like
> ServletContextListener. When I don't use the javaagent argument everything
> goes fine. Does anyone have an idea?
>
> Thanks!!
>

Re: Tomcat and IP transparency

[Leon Rosenberg]

Hello Joan,

I fear I have to disappoint you. If I understand you correctly you want to
manipulate the packets on the IP level, setting the source ip address to
the ip address of the originator of the packet, similar to what a
loadbalancer would do. It is possible technically, but it's a very
different kind of soup compared to http proxy and really hard to implement
in java, just because native access to the network interface isn't
something java was made for. And since it's not unfamiliar to the attack
vector known as IP Spoofing, it will only work in close distance
(network-wise).  But last time I was programming something on ip leveI is
about 15 years ago, so I may be wrong.

However, you other side, should be able to retrieve the contents of the
X-FORWARDED-FOR header and return it in the getRemoteAddress call to its
application. At least tomcat would do. So the question is, how much access
do you have to your blackbox? If you have access to the machine you could
do it with apache httpd and mod_proxy or mod_proxy_ajp. If not I would ask
the provider of the blackbox, how they handle proxies in general (and if
they do it at all). I they support some kind of proxy behavior, all you
need to do is mimic one, if not... well find another provider ;-)

It sounds a bit like SEO, and there are a lot of SEO providers with better
tech ;-)

regards
Leon


On Wed, Jul 31, 2013 at 9:04 PM, Joan Balagueró Ventus Proxy <
joan.balagu...@ventusproxy.com> wrote:

> Hello,
>
>
>
> I already asked this question to the Apache HttpClient Forum. They don't
> know if this is possible with java/Tomcat.
>
>
>
> I have developed a proxy servlet with an xml cache, running in a Tomcat
> 6.0.37 on Linux Centos6.4.
>
>
>
> When the incoming xml request (sent from an external client) is not found
> in
> the proxy cache, I use HttpClient 4.2.5 to create a new http request and
> redirect it to the provider application servers to get the xml response.
>
>
>
> So far, everything worked ok with all our clients. But now we've a provider
> that needs ip transparency. Then, the request created by httpclient needs
> to
> carry the origin ip address (that from the external client), not the proxy
> ip. My proxy gets correctly the external IP (using
> request.getRemoteAddr()),
> but when the provider application reads the IP provided by the http client
> using request.getRemoteAddr(), they obviously get the proxy IP.
>
>
>
> The provider software is a blackbox, then reading ips with
> 'request.getRemoteAddr()' is something that they cannot change now.
> Therefore, things like adding a 'X-Forwarded-for' header cannot be
> implemented in this scenario.
>
>
>
> Is it possible tot achieve this at  Tomcat level? Has anyone found an
> scenario like this?
>
>
>
> Thanks in advance,
>
> Joan.
>
>

Re: Multiple instances of Tomcat 7.0 on one server

[Leon Rosenberg]

Hello Mr. Random,

as usual there is no easy answer here.
I think the most correct answer would be RATHER NOT.
There is rather no performance to be gained but running multiple instances
of the same app in multiple tomcats on the same physical machine except for:
* you need a lot of heap per session. In this case you will probably be
able to save gc time and performance. So in case you need more than 12 Gb
Heap separation would make sense.
* you have multiple physical resources your app can't use properly. For
example if you could give each instance its own database or its own file
system.
* you have concurrency issues in your application.

Drawbacks:
- Database. If you have one. You will have more connections and evtl. more
locks. And both are limited resources.

If you want a more detailed answer, you should tell us a bit about your
app.
Or, better, you start to monitor your app, run one physical server with one
instance and another one with two and compare.
By using a monitoring tool like moskito: http://www.moskito.org.

regards
Leon


On Fri, Jul 19, 2013 at 7:37 PM, Tomcat Random wrote:

> We currently are setting a site that receives fairly heavy traffic (5000
> simultaneous users). We have two physical servers.
>
> As a general idea, is there performance to be gained by running multiple
> instances of Tomcat 7.0? For example, two instances on one physical server
> and two instances on the other physical server? Assume all are running the
> same webapp.
>
> TIA
>

Re: JSP in Static Resources

[Leon Rosenberg]

Hello Alireza,

what exactly was wrong with putting
contentType="text/css;charset=UTF-8"
on top of your css-jsps?
Actually each page should have content-type, so why not the css jsps?

Leon



On Sun, Jul 14, 2013 at 12:43 PM, Alireza Fattahi wrote:

> Well,
>
> If we want to follow up that post , then we should belive that:
> Setting the mime type is not working for css
> So
> we should use other ways to solve it.
>
> Is that true?!
> ~Regards,
> ~~Alireza Fattahi
>
>
> 
> From: André Warnier 
> To: Tomcat Users List 
> Sent: Sunday, 14 July 2013, 12:00
> Subject: Re: JSP in Static Resources
>
>
> Alireza Fattahi wrote:
> > Guys please concentrate on the main issue !!
>
> I believe that "the main issue" was already answered thoroughly by
> Konstantin earlier.
> Did you not read it ?
>
> >
> > I ask again:
> >
> > When you set jsp servlet to process the css files by adding:
> > 
> >jsp
> >*.css
> > 
> >
> >
> > The tomcat does not set the CSS file extension mime type to text/css.
> Although below line is set in localhost-config/web.xml
> >
> >
> >css
> >text/css
> >
> >
> >
> > When you manually set the content mime type <%@page
> contentType="text/css" %> every thing will work fine
> >
> >
> > ~Regards,
> > ~~Alireza Fattahi
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: Monitoring Tomcat - In-depth details

[Leon Rosenberg]

Hello,

check http://www.moskito.org out.
MoSKito is an open source project that has been around since 2007. It
supports most of the things you mentioned except byte-code instruction yet
(an agent is currently in development, but its not that easy to implement
;-)).
But you can integrate it along spring-bean, cdi-beans with decorators,
filters, java proxies etc pp. Check
https://confluence.opensource.anotheria.net/display/MSK/Integration+Guidefor
details.

regards
Leon

P.S. Feel free to ask directly or on moskito mailing list for support.


On Tue, Jul 2, 2013 at 4:11 PM, Shanti Suresh  wrote:

> All,
>
> For lack of funds initially and now for a stalemate in the project, we do
> not have a JVM monitoring tool yet.  JavaMelody was recently discussed.   I
> like the fact that there is a dashboard and history of metrics.  In looking
> at it, I find JavaMelody lacking in in-depth diagnostics of the JVM.  Top-N
> SQL statements, Transaction Tracing, metrics co-relation, call-back tree,
> thresholds and alerting are a few.
>
> Are there are any OpenSource projects that instrument the JVM at byte-code
> and provide detailed metrics more than what JMX offers?  Or am I missing
> something with JavaMelody?
>
> Thanks!
>
>  -Shanti
>

Re: Exeptions after upgrading to tomcat 7

[Leon Rosenberg]

On Sun, May 26, 2013 at 3:14 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com]
> > Subject: Re: Exeptions after upgrading to tomcat 7
>
> > Remove following lines from server.xml:
> >   
> >> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> >> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
> This is akin to burying one's head in the sand.  It would be much better
> to fix the actual problem by shutting down the auxiliary thread with an
> appropriate listener.  Sloppy programming should not be encouraged.
>

Chuck, with all respect, this is easier said than done.
First we are talking about a ThreadLocal, not Thread. It's tomcat who shuts
the threads done due to shutdown, not the app and not the library.
Now what is the negative impact of leaving a not-cleaned-up ThreadLocal?
- Memory footprint? Well, we are talking about few small objects, if the
app has millions of threads it probably has other problems.
- Garbage? Yes, but not more than any other Thread variable, it will be
collected by the GC once the Thread is collected.
- Reentrance? Any lib or code that uses ThreadLocals should initialize them
properly.

On the other hand efforts to clean it up.
You have to provide your own mechanism to clean up ThreadLocals someone
else created, because most libs aren't written for redeployment and simple
don't care. If they did, they would provide cleanup interfaces to their
libs, making them harder to use, but what for? Cleaning ThreadLocals up is
a bit like writing destructors.
Further, where is the safe place to actually clean up a ThreadLocal  The
same you created it? So if you want to ensure that you have your
threadlocal where you need it, you would set it up in filter, before
chain.doFilter() and clean it up in the finally block? Wait, what about
forwarded calls? They do not pass a filter, so your code would have to care
how it's been called. So RequestListener remains and it will surely have it
gotcha's too ;-)


All in one, a lot of hustle and bustle, and what for? To clean up 200 bytes
faster?
Maybe I'm missing something here, but I never seen how ThreadLocal does
real harm, neither I can imagine it, please enlighten me ;-)

regards
Leon



>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Exeptions after upgrading to tomcat 7

[Leon Rosenberg]

Hello Manuel,


On Sat, May 25, 2013 at 10:41 PM, Manuel LeNormand <
manuel.lenorm...@gmail.com> wrote:

> Hello all,
> I have a Solr instance running on a Tomcat 6 servlet, everything worked
> fine.
> While upgrading to Tomcat 7.0.34, I get exceptions I'm having a hard time
> to deal with.
> Two kind of exceptions occur on shutdown of service:
> 1. Memory leak due to threads that do not close - I understand it is not
> severe, and maybe on previous version was not monitored. Still, is there
> anything that is done on the servlet side that might resolve it, and what
> might be sides effects of this?
>

Remove following lines from server.xml:
  
  
  

They do no good unless you are hotdeploying new versions of wars in running
production servers, and no one does that ;-)

regards
Leon



> 2. Instance of MBeans that cannot be destroyed - btw,  the MBean instance
> is initiated under CATALINA_OPTS.
>
> Thanks in advance,
> Manuel
>
> Here are the LOGS:
> INFO: A valid shutdown command was received via the shutdown port. Stopping
> the Server instance.
> May 13, 2013 4:22:32 PM org.apache.coyote.AbstractProtocol pause
> INFO: Pausing ProtocolHandler ["http-bio-8080"]
> May 13, 2013 4:22:32 PM org.apache.coyote.AbstractProtocol pause
> INFO: Pausing ProtocolHandler ["ajp-bio-8009"]
> May 13, 2013 4:22:32 PM org.apache.catalina.core.StandardService
> stopInternal
> INFO: Stopping service Catalina
> May 13, 2013 4:22:35 PM org.apache.catalina.loader.WebappClassLoader
> clearReferencesThreads
> SEVERE: The web application [/solr] appears to have started a thread named
> [localhost-startStop-1-SendThread(zookeeper2:2181)] but has failed to stop
> it. This is very likely to create a memory leak.
> May 13, 2013 4:22:35 PM org.apache.catalina.loader.WebappClassLoader
> clearReferencesThreads
> SEVERE: The web application [/solr] appears to have started a thread named
> [localhost-startStop-1-EventThread] but has failed to stop it. This is very
> likely to create a memory leak.
> May 13, 2013 4:22:35 PM org.apache.catalina.loader.WebappClassLoader
> checkThreadLocalMapForLeaks
> SEVERE: The web application [/solr] created a ThreadLocal with key of type
> [org.apache.solr.schema.DateField.ThreadLocalDateFormat] (value
> [org.apache.solr.schema.DateField$ThreadLocalDateFormat@19c212b0]) and a
> value of type [org.apache.solr.schema.DateField.ISO8601CanonicalDateFormat]
> (value
> [org.apache.solr.schema.DateField$ISO8601CanonicalDateFormat@6b2ed43a])
> but failed to remove it when the web application was stopped. Threads are
> going to be renewed over time to try and avoid a probable memory leak.
> May 13, 2013 4:22:35 PM org.apache.catalina.loader.WebappClassLoader
> checkThreadLocalMapForLeaks
> SEVERE: The web application [/solr] created a ThreadLocal with key of type
> [org.apache.solr.schema.DateField.ThreadLocalDateFormat] (value
> [org.apache.solr.schema.DateField$ThreadLocalDateFormat@19c212b0]) and a
> value of type [org.apache.solr.schema.DateField.ISO8601CanonicalDateFormat]
> (value
> [org.apache.solr.schema.DateField$ISO8601CanonicalDateFormat@6b2ed43a])
> but failed to remove it when the web application was stopped. Threads are
> going to be renewed over time to try and avoid a probable memory leak.
> May 13, 2013 4:22:35 PM org.apache.coyote.AbstractProtocol stop
> INFO: Stopping ProtocolHandler ["http-bio-8080"]
> May 13, 2013 4:22:35 PM org.apache.coyote.AbstractProtocol stop
> INFO: Stopping ProtocolHandler ["ajp-bio-8009"]
> May 13, 2013 4:22:35 PM org.apache.coyote.AbstractProtocol destroy
> INFO: Destroying ProtocolHandler ["http-bio-8080"]
> May 13, 2013 4:22:35 PM org.apache.coyote.AbstractProtocol destroy
> INFO: Destroying ProtocolHandler ["ajp-bio-8009"]
> May 13, 2013 4:22:35 PM org.apache.catalina.util.LifecycleMBeanBase
> unregister
> WARNING: Failed to unregister MBean with name
> [Catalina:type=Executor,name=tomcatThreadPool] during component destruction
> javax.management.InstanceNotFoundException:
> Catalina:type=Executor,name=tomcatThreadPool
> at
> com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(Unknown
> Source)
> at
>
> com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.exclusiveUnregisterMBean(Unknown
> Source)
> at
>
> com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.unregisterMBean(Unknown
> Source)
> at com.sun.jmx.mbeanserver.JmxMBeanServer.unregisterMBean(Unknown
> Source)
> at
>
> org.apache.catalina.util.LifecycleMBeanBase.unregister(LifecycleMBeanBase.java:194)
> at
>
> org.apache.catalina.util.LifecycleMBeanBase.destroyInternal(LifecycleMBeanBase.java:73)
> at
>
> org.apache.catalina.core.StandardThreadExecutor.destroyInternal(StandardThreadExecutor.java:150)
> at
> org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:305)
> at
>
> org.apache.catalina.core.StandardService.destroyInternal(StandardService.java:589)
> at
> org.apache.catalina.util.LifecycleBase.d

Re: Monitoring Tomcat - Delta Values

[Leon Rosenberg]

Hello Shanti,


On Fri, May 3, 2013 at 10:57 PM, Shanti Suresh  wrote:

>
> I am interested in trending of the metrics - so data for four months, let's
> say.
> - Does moskito have a way of storing data?
>
yes it does:
https://confluence.opensource.anotheria.net/display/MSK/MoSKito+Central
https://confluence.opensource.anotheria.net/display/MSK/HowTo+Run+moskito-central+in+embedded+mode



> - What time-interval granularity have people found useful with JMX, without
> overloading the servers?  I collect some JMX stats in 1 minute intervals,
> but really would like every second.
>

every second is maybe a little overkill, but possible. What amount of
traffic does your application serve, that you need so detailed data?

regards
Leon


>
> Thanks.
>
>   -Shanti
>

Re: getting the request that created the session

[Leon Rosenberg]

Hello Howard et al,


On Mon, Apr 29, 2013 at 5:55 PM, Howard W. Smith, Jr. <
smithh032...@gmail.com> wrote:

> Leon,
>
> On Mon, Apr 29, 2013 at 11:02 AM, Leon Rosenberg
> wrote:
>
> Back to your question, filter is ok, too many filters are making stack
> > traces fuller than needed, and the order of the filter could be a
> problem.
> > Listener is asked _before_ anything happens.
> >
>
> Good point(s).
>
> About how many filters are you trying to consolidate by using this
> approach?
>
> I have seen recommendations of adding filters for file types, filters for
> login/session-management, etc... I have taken those concepts and put those
> in one filter which I have implemented and maintain and have done my best
> to ensure that it is 'thread-safe' as well. Some months ago, I reported an
> issue to tomcat JIRA/issue list, and those guys shot down my filter and
> said that it is not thread-safe. Since then, I have made some code changes
> in the filter and related sources (referenced by the filter), and did my
> best to make sure it is more threadsafe, even did some research on
> thread-safe filters (when injecting via CDI), etc...
>
> also, I am using OmniFaces gzip filter. To my knowledge, that is 2 filters
> in my app, that I see in stacktrace, when I have issues to
> troubleshoot/debug. When I am debugging, I often wonder why 'filter' show
> up all the time in stacktrace, but then of course, I have to remember that
> every user/HTTP request has to pass through the filter. So, okay, moving
> forward, ignore the fact that the (only) filter(s i have in my app) showed
> up in the stacktrace.
>

Whether you want to have multiple filters or not is a decision based on
your coding guidelines, architectural principles and what not.
Since you are the only user of your filters, it's free to you to use as
many (or few) filter as possible. Personally I would like to separate by
concerns and have multiple filters, because it makes it easier to use,
maintain and test. But this is personal opinion.
However, in my case, I am developing a library that is used by others in
their projects (http://moskito.anotheria.net). It comes already with 8
filters (
http://server04.test.anotheria.net:8080/moskitodemo/mui/mskShowProducersByCategory?pCategory=filter)
and this is a lot. Of course the end user (developer) only chooses the
filters he needs, and not everyone needs everything. However, since its a
lib, you don't want it to show up in your stack traces every request, you'd
rather forget, that you have it at all. Therefore I'm trying to choose a
less visible approach ;-) Also it's easier to add one listener to web.xml
as to add a listener AND a filter. And I need the listener, to know when
sessions expire anyway ;-)
But again, your situation is obviously different from mine ;-) But if you
want to count sessions and all the other funny stuff, give moskito a
chance:

https://confluence.opensource.anotheria.net/display/MSK/HowTo+embed+MoSKito+WebUI+into+a+maven+built+war
https://confluence.opensource.anotheria.net/display/MSK/Integration+Guide

regards
Leon


>
>
>
> > regards
> > Leon
> >
> >
> > On Mon, Apr 29, 2013 at 4:59 PM, Howard W. Smith, Jr. <
> > smithh032...@gmail.com> wrote:
> >
> > > On Mon, Apr 29, 2013 at 10:54 AM, Christopher Schultz <
> > > ch...@christopherschultz.net> wrote:
> > >
> > > > -BEGIN PGP SIGNED MESSAGE-
> > > > Hash: SHA256
> > > >  >
> > > > >> Even, the requests are keepalived they look to me as if they were
> > > > >> executed parallel. At least from the chrome timeline. But its
> > > > >> hard to tell without further investigation.
> > > >
> > > > Yeah, you might have to use a packet-sniffer.
> > > >
> > > >
> > > definitely sounds like overkill. how much code you need to write for
> > such a
> > > thing, all because one would want to avoid using a filter???
> > >
> >
>

Re: getting the request that created the session

[Leon Rosenberg]

On Mon, Apr 29, 2013 at 4:54 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Leon,
>
> On 4/29/13 10:36 AM, Leon Rosenberg wrote:
> > On Mon, Apr 29, 2013 at 3:49 PM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Leon,
> >
> >
> > So your initial implementation was a Filter that marked each
> > HttpSession with the origin IP address (so you could get the TLD
> > of the user) and then a Listener to keep track of the sessions?
> > What's wrong with that?
> >
> >
> >> It seemed to complicated. I now could strip it down to 1 file,
> >> that is both HttpSession and ServletRequest- Listener:
> >>
> http://svn.anotheria.net/opensource/moskito/trunk/moskito-web/java/net/anotheria/moskito/web/session/SessionByTldListener.java
>
> Note
> >>
> that, although this is a single class, you might get two separate
> objects created by Tomcat: one as the ServletContextListener and one
> as the HttpSessionListener. How do you attach the listeners to the
> webapp? Via web.xml or some other way?
>

one entry in the web.xml for now. It works at least in tomcat 7, but I
haven't tested it further. Its also the same object (now). But you are
right, I will make the counting part static ;-).


>
> I don't know what the container does if a  implements more
> than one interface... I've never personally cared about such a scenario.
>
> >> The drawback is, I can count only from second request, because
> >> the session is created later. And I don't want to create sessions
> >> on all requests. I'm thinking about moving (duplicating) the call
> >> in requestDestroyed.
>
> Well, you only care about requests that actually create sessions, so
> the "first request" is not really relevant. Or do you mean that the
> request listener gets the event /before/ the session is created. Hmm.
>

Exactly. Its also logical to me, that this happens this way, because at the
moment of request creation of the first request noone called
getSession(true) yet.

regards
Leon


>
> >> The request that occur simultaneously in chrome(only) are
> >> pictures and js, replied with 304:
> >
> >> 1. Request URL:
> >> http://localhost:8080/moskitodemo/js/wz_tooltip.js 2. Request
> >> Method: GET 3. Status Code: 304 Not Modified 4. Request
> >> Headersview source 1. Accept: */* 2. Accept-Encoding:
> >> gzip,deflate,sdch 3. Accept-Language: en-US,en;q=0.8 4.
> >> Cache-Control: max-age=0 5. Connection: keep-alive 6. Cookie:
> >> JSESSIONID=71474A695869D2494E2135CBCEAF 7. Host:
> >> localhost:8080 8. If-Modified-Since: Sat, 27 Apr 2013 21:49:44
> >> GMT 9. If-None-Match: W/"35082-1367099384000" 10. Referer:
> >> http://localhost:8080/moskitodemo/mui/mskShowAllProducers 11.
> >> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3)
> >> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.65
> >> Safari/537.36 5. Response Headersview source 1. Date: Mon, 29 Apr
> >> 2013 14:24:36 GMT 2. ETag: W/"35082-1367099384000" 3. Server:
> >> Apache-Coyote/1.1
> >
> >
> >> Even, the requests are keepalived they look to me as if they were
> >> executed parallel. At least from the chrome timeline. But its
> >> hard to tell without further investigation.
>
> Yeah, you might have to use a packet-sniffer.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJRfomfAAoJEBzwKT+lPKRY89cQAJjLc/xH++tfrNubd9eE+3s3
> UKI5prfRYogHXsXzUG/sB1GS2Gpii+6Qtzuen+/9eHp9zfirKWpWFhk2yPQi1MTz
> oyXQmrXOlYtKwg9iX7FQnkrHfzXbT3Qx5vzrHemf4uwOBhZ9SyutzJsomeHi8Ev0
> B7VMZoKz+APyDLQvCyEYKrJpFwtTcD18RaknUKQzgYxFafh98jL6J0icyv3gq9JW
> MJdl1VSgY0SdkoYitAmDE4Z0qQ9pV6QbS7z4W0VBC9UzxwsG6c+c94ncz3G4WKaa
> mTNvY7SO/PR/z7FNbfo9AO6pvCZ+5SGnxoQ6C99BdJ/Eo8F78tSVR36H7IC5gNKz
> rDJN5tLkCIRcWz3KHeqstL4EnB7FyO838bSamKdOExAEa5+zZCREf8T9D4L6dcCb
> s+bxB+j/fJKSIRXkfiqNozIJ+uwPmr1P/vEqiWEjEVdMJEo2ByTK4Jnx8FJcAi99
> sgVLK0fTH+7J85sSArF2zatZO8LxPE860rNR2CbU/NeeXI1MhxlJnGgPd6jIuOtA
> 8QA17rilYIOWp4icQOqubS2j4g3HmpgMDGnoD59DDJRN5odUPQEDzYYD04XjjeQp
> VZFSUdThfxSIzp4CBLmHXTiHXMkgflu5MF0aq0oa6T0eU6SNXkoAr7TC4wB/sHNR
> 2JCE36iSziLeIJHKTgmQ
> =W8Ia
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>