Re: So You Want High Performance ( cont )
On Fri, Oct 25, 2013 at 10:30 AM, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Stephen, > > On 10/25/13, 9:13 AM, Stephen More wrote: >> On Fri, Oct 25, 2013 at 5:14 AM, Felix Schumacher >> wrote: >>> On Do, 2013-10-24 at 11:29 -0400, Stephen More wrote: >>>> I came across this paper by Peter Lin ( >>>> http://tomcat.apache.org/articles/performance.pdf ). In a >>>> simple xml addressbook war he summarizes how different >>>> variables affect the speed of the application. In one test he >>>> compares: Sun X1 400mhz Ultra Sparc IIe - 5 requests/sec AMD >>>> 2ghz XP - 25 request/sec It appears that both used Tomcat >>>> 4.1.19 and Sun Jdk1.4.1_01 >>>> >>>> In an attempt to see what todays numbers look like I rebuilt >>>> the war ( svn co >>>> https://maven-examples.googlecode.com/svn/trunk/addrbook ) and >>>> deployed in my environment Core i7-3720 QM @ 2.60 GHz SSD disk >>>> java version "1.7.0_45" apache-tomcat-7.0.42 >>>> >>>> package the war - mvn package execute jmeter - mvn verify >>>> >>>> Jmeter shows my Throughput of 2.2 requests/sec ! With all the >>>> advances over the years ( or overhead ) are we just slowing >>>> down or are one of our results flawed ? ( I am running in >>>> VirtualBox - I think this would slow some things down - but not >>>> this much. ) >>>> >>>> Are others seeing similar results ? >>> I get almost the same throughput, but I don't believe it is >>> tomcats fault (well not directly). >>> >>> If you look at the stacktraces while doing the jmeter test, you >>> will see very often a stack trace like this: >>> >>> "http-nio-8080-exec-8" daemon prio=10 tid=0x7fb83400b800 >>> nid=0x2511 runnable [0x7fb88847b000] java.lang.Thread.State: >>> RUNNABLE at >>> com.sun.org.apache.xml.internal.dtm.ref.ExpandedNameTable.getExpandedTypeID(ExpandedNameTable.java:160) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.addNode(DOM2DTM.java:293) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.nextNode(DOM2DTM.java:524) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.getHandleFromNode(DOM2DTM.java:680) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.getHandleOfNode(DOM2DTM.java:732) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.DTMManagerDefault.getDTMHandleFromNode(DTMManagerDefault.java:576) >>> >>> > - - locked <0xf20af5e8> (a >>> com.sun.org.apache.xml.internal.dtm.ref.DTMManagerDefault) at >>> com.sun.org.apache.xpath.internal.XPathContext.getDTMHandleFromNode(XPathContext.java:188) >>> >>> > at com.sun.org.apache.xpath.internal.XPath.execute(XPath.java:305) >>> at >>> org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.eval(JSTLXPathImpl.java:222) >>> >>> > at >>> org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.evaluate(JSTLXPathImpl.java:287) >>> >>> > at >>> org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.evaluate(JSTLXPathImpl.java:385) >>> >>> > at >>> org.apache.taglibs.standard.tag.common.xml.XPathUtil.valueOf(XPathUtil.java:213) >>> >>> > at >>> org.apache.taglibs.standard.tag.common.xml.ExprSupport.doStartTag(ExprSupport.java:73) >>> >>> > at >>> org.apache.taglibs.standard.tag.el.xml.ExprTag.doStartTag(ExprTag.java:71) >>> >>> > at >>> org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fout_005f0(simple_005f100_jsp.java:411) >>> >>> > at >>> org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fforEach_005f1(simple_005f100_jsp.java:377) >>> >>> > at >>> org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fforEach_005f0(simple_005f100_jsp.java:336) >>> >>> > at >>> org.apache.jsp.simple_005f100_jsp._jspService(simple_005f100_jsp.java:118) >>> >>> > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >>> >>> >>> If you search for >>> "com.sun.org.apache.xpath.internal.XPathContext.getDTMHandleFromNode >>> >>> > slow jstl" you will get to a bugzilla entry for jstl from >>> htt
Re: So You Want High Performance ( cont )
On Fri, Oct 25, 2013 at 10:30 AM, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Stephen, > > On 10/25/13, 9:13 AM, Stephen More wrote: >> On Fri, Oct 25, 2013 at 5:14 AM, Felix Schumacher >> wrote: >>> On Do, 2013-10-24 at 11:29 -0400, Stephen More wrote: >>>> I came across this paper by Peter Lin ( >>>> http://tomcat.apache.org/articles/performance.pdf ). In a >>>> simple xml addressbook war he summarizes how different >>>> variables affect the speed of the application. In one test he >>>> compares: Sun X1 400mhz Ultra Sparc IIe - 5 requests/sec AMD >>>> 2ghz XP - 25 request/sec It appears that both used Tomcat >>>> 4.1.19 and Sun Jdk1.4.1_01 >>>> >>>> In an attempt to see what todays numbers look like I rebuilt >>>> the war ( svn co >>>> https://maven-examples.googlecode.com/svn/trunk/addrbook ) and >>>> deployed in my environment Core i7-3720 QM @ 2.60 GHz SSD disk >>>> java version "1.7.0_45" apache-tomcat-7.0.42 >>>> >>>> package the war - mvn package execute jmeter - mvn verify >>>> >>>> Jmeter shows my Throughput of 2.2 requests/sec ! With all the >>>> advances over the years ( or overhead ) are we just slowing >>>> down or are one of our results flawed ? ( I am running in >>>> VirtualBox - I think this would slow some things down - but not >>>> this much. ) >>>> >>>> Are others seeing similar results ? >>> I get almost the same throughput, but I don't believe it is >>> tomcats fault (well not directly). >>> >>> If you look at the stacktraces while doing the jmeter test, you >>> will see very often a stack trace like this: >>> >>> "http-nio-8080-exec-8" daemon prio=10 tid=0x7fb83400b800 >>> nid=0x2511 runnable [0x7fb88847b000] java.lang.Thread.State: >>> RUNNABLE at >>> com.sun.org.apache.xml.internal.dtm.ref.ExpandedNameTable.getExpandedTypeID(ExpandedNameTable.java:160) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.addNode(DOM2DTM.java:293) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.nextNode(DOM2DTM.java:524) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.getHandleFromNode(DOM2DTM.java:680) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.getHandleOfNode(DOM2DTM.java:732) >>> >>> > at >>> com.sun.org.apache.xml.internal.dtm.ref.DTMManagerDefault.getDTMHandleFromNode(DTMManagerDefault.java:576) >>> >>> > - - locked <0xf20af5e8> (a >>> com.sun.org.apache.xml.internal.dtm.ref.DTMManagerDefault) at >>> com.sun.org.apache.xpath.internal.XPathContext.getDTMHandleFromNode(XPathContext.java:188) >>> >>> > at com.sun.org.apache.xpath.internal.XPath.execute(XPath.java:305) >>> at >>> org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.eval(JSTLXPathImpl.java:222) >>> >>> > at >>> org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.evaluate(JSTLXPathImpl.java:287) >>> >>> > at >>> org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.evaluate(JSTLXPathImpl.java:385) >>> >>> > at >>> org.apache.taglibs.standard.tag.common.xml.XPathUtil.valueOf(XPathUtil.java:213) >>> >>> > at >>> org.apache.taglibs.standard.tag.common.xml.ExprSupport.doStartTag(ExprSupport.java:73) >>> >>> > at >>> org.apache.taglibs.standard.tag.el.xml.ExprTag.doStartTag(ExprTag.java:71) >>> >>> > at >>> org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fout_005f0(simple_005f100_jsp.java:411) >>> >>> > at >>> org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fforEach_005f1(simple_005f100_jsp.java:377) >>> >>> > at >>> org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fforEach_005f0(simple_005f100_jsp.java:336) >>> >>> > at >>> org.apache.jsp.simple_005f100_jsp._jspService(simple_005f100_jsp.java:118) >>> >>> > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >>> >>> >>> If you search for >>> "com.sun.org.apache.xpath.internal.XPathContext.getDTMHandleFromNode >>> >>> > slow jstl" you will get to a bugzilla entry for jstl from >>> htt
Re: So You Want High Performance ( cont )
On Fri, Oct 25, 2013 at 5:14 AM, Felix Schumacher wrote: > On Do, 2013-10-24 at 11:29 -0400, Stephen More wrote: >> I came across this paper by Peter Lin ( >> http://tomcat.apache.org/articles/performance.pdf ). In a simple xml >> addressbook war he summarizes how different variables affect the speed >> of the application. In one test he compares: >> Sun X1 400mhz Ultra Sparc IIe - 5 requests/sec >> AMD 2ghz XP - 25 request/sec >> It appears that both used Tomcat 4.1.19 and Sun Jdk1.4.1_01 >> >> In an attempt to see what todays numbers look like I rebuilt the war ( >> svn co https://maven-examples.googlecode.com/svn/trunk/addrbook ) and >> deployed in my environment >> Core i7-3720 QM @ 2.60 GHz >> SSD disk >> java version "1.7.0_45" >> apache-tomcat-7.0.42 >> >> package the war - mvn package >> execute jmeter - mvn verify >> >> Jmeter shows my Throughput of 2.2 requests/sec ! With all the advances >> over the years ( or overhead ) are we just slowing down or are one of >> our results flawed ? ( I am running in VirtualBox - I think this would >> slow some things down - but not this much. ) >> >> Are others seeing similar results ? > I get almost the same throughput, but I don't believe it is tomcats > fault (well not directly). > > If you look at the stacktraces while doing the jmeter test, you will see > very often a stack trace like this: > > "http-nio-8080-exec-8" daemon prio=10 tid=0x7fb83400b800 nid=0x2511 > runnable [0x7fb88847b000] >java.lang.Thread.State: RUNNABLE > at > com.sun.org.apache.xml.internal.dtm.ref.ExpandedNameTable.getExpandedTypeID(ExpandedNameTable.java:160) > at > com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.addNode(DOM2DTM.java:293) > at > com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.nextNode(DOM2DTM.java:524) > at > com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.getHandleFromNode(DOM2DTM.java:680) > at > com.sun.org.apache.xml.internal.dtm.ref.dom2dtm.DOM2DTM.getHandleOfNode(DOM2DTM.java:732) > at > com.sun.org.apache.xml.internal.dtm.ref.DTMManagerDefault.getDTMHandleFromNode(DTMManagerDefault.java:576) > - locked <0xf20af5e8> (a > com.sun.org.apache.xml.internal.dtm.ref.DTMManagerDefault) > at > com.sun.org.apache.xpath.internal.XPathContext.getDTMHandleFromNode(XPathContext.java:188) > at com.sun.org.apache.xpath.internal.XPath.execute(XPath.java:305) > at > org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.eval(JSTLXPathImpl.java:222) > at > org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.evaluate(JSTLXPathImpl.java:287) > at > org.apache.taglibs.standard.tag.common.xml.JSTLXPathImpl.evaluate(JSTLXPathImpl.java:385) > at > org.apache.taglibs.standard.tag.common.xml.XPathUtil.valueOf(XPathUtil.java:213) > at > org.apache.taglibs.standard.tag.common.xml.ExprSupport.doStartTag(ExprSupport.java:73) > at > org.apache.taglibs.standard.tag.el.xml.ExprTag.doStartTag(ExprTag.java:71) > at > org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fout_005f0(simple_005f100_jsp.java:411) > at > org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fforEach_005f1(simple_005f100_jsp.java:377) > at > org.apache.jsp.simple_005f100_jsp._jspx_meth_x_005fforEach_005f0(simple_005f100_jsp.java:336) > at > org.apache.jsp.simple_005f100_jsp._jspService(simple_005f100_jsp.java:118) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > > > If you search for > "com.sun.org.apache.xpath.internal.XPathContext.getDTMHandleFromNode > slow jstl" you will get to a bugzilla entry for jstl from > https://issues.apache.org/bugzilla/show_bug.cgi?id=27717 which is > closed. > > That bugentry suggested, that an xslt-Transfrom would be faster, than > using and if you try to replace the forEach loop with a > transform, you will get better response times (on my system throughput > went up from 1.6 r/s to 23.6 r/s for one thread. (I try to attach my > changes, but sometimes the list strips attachements...) > > So either the bug has been reintroduced into jstl, or it is really slow > and should be avoided. Felix - thanks for your help. The current jstl version in the pom.xml is 1.2 which looks like it was released in July 2006. Bug 27717 was not fixed until December 2010. I built and installed from source: http://svn.apache.org/repos/asf//tomcat/taglibs/standard/trunk/ and now I am getting 44 r/s !! I now ha
Re: So You Want High Performance ( cont )
On Thu, Oct 24, 2013 at 4:14 PM, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Stephen, > > On 10/24/13, 11:29 AM, Stephen More wrote: >> I came across this paper by Peter Lin ( >> http://tomcat.apache.org/articles/performance.pdf ). In a simple >> xml addressbook war he summarizes how different variables affect >> the speed of the application. In one test he compares: Sun X1 >> 400mhz Ultra Sparc IIe - 5 requests/sec AMD 2ghz XP - 25 >> request/sec It appears that both used Tomcat 4.1.19 and Sun >> Jdk1.4.1_01 >> >> In an attempt to see what todays numbers look like I rebuilt the >> war ( svn co >> https://maven-examples.googlecode.com/svn/trunk/addrbook ) and >> deployed in my environment Core i7-3720 QM @ 2.60 GHz SSD disk java >> version "1.7.0_45" apache-tomcat-7.0.42 >> >> package the war - mvn package execute jmeter - mvn verify >> >> Jmeter shows my Throughput of 2.2 requests/sec ! With all the >> advances over the years ( or overhead ) are we just slowing down or >> are one of our results flawed ? ( I am running in VirtualBox - I >> think this would slow some things down - but not this much. ) > > VirtualBox is likely making this run terribly, though it can depend a > lot on the environment, hardware, configuration, etc. Try running > natively. You got 2.2 req/sec? That sounds ... completely > unacceptable. Something must be terribly wrong. Ok, I tried natively for 1 thread I got 1.2 req/sec - my task manager showed some cores doing absolutely nothing so I re-ran it with 8 threads to get 5.0 req/sec. I agree this is unacceptable - something must be wrong - but what ? > What is your testing procedure? I am running apache-tomcat-7.0.42-windows-x64 natively, I execute jmeter via maven on a separate machine. >> Are others seeing similar results ? > > I don't think anyone has bothered to benchmark that example code in a > while... If anyone else could benchmark that code I sure would like to know your results. > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.14 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJSaX+uAAoJEBzwKT+lPKRYJoIP/RybdmUaJQxKjTeg55+Y0rTY > 1QxJJHx02PveszjT3Mm6M0JP5mGV/oD3CM9q83cYZ94FUx0b8+JtLbOtqwg7cgTQ > QaASdlxevwdebyJ9SN7Vwdq/TicVanZzBGRN8jsEn4hX11FNRwWpc/pAae7dGiM3 > biR5ke+h97nhEgNCxTyAztmRmTJMGk2dqd7pZxX8gDqCISNmrCp9qHdS4ftlF+bZ > IoGVq349rfUSfyjC0zHsbK4kjTvjIc4tiPpOeA9qmUs6ybINYxAIOcmYbnejxqXg > tjM1DqBqNr3fxan+1EpcHe9iHHG5nViJ2SRKlJta2xQRsCgPVlH5jkL6buL7VrMg > tNIs5rDw8dJ19Cm4vEYS6AVzQmZW+iqij/USJ9jZgUWd3+Zo5TUJWR1VRLJZN/LL > Z8oNhOYXVXnoImutTZu0Xz1c73/sUjc/QLi1B7F49RxevNtCqw15oWxofCuPAZG5 > tqwNAXdxjof2bqmUXLcDYbYBzbQ6psR2M4dBh55REZVx7LiBxThmZ12IXUUU3Rij > LnS9622g+EymBO92Gf67V6dCDI03wqf03a7mziMSgS8M3h17rGR0cc1irqxyEx8b > jrIgGR8ajpw/JXqC9xasN8rXQ9auca0AfpKyVOutZv+BTKA3QqmBtPm28namMJUA > 6IUx6yr5IBEU/C2+oWck > =EL8r > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
So You Want High Performance ( cont )
I came across this paper by Peter Lin ( http://tomcat.apache.org/articles/performance.pdf ). In a simple xml addressbook war he summarizes how different variables affect the speed of the application. In one test he compares: Sun X1 400mhz Ultra Sparc IIe - 5 requests/sec AMD 2ghz XP - 25 request/sec It appears that both used Tomcat 4.1.19 and Sun Jdk1.4.1_01 In an attempt to see what todays numbers look like I rebuilt the war ( svn co https://maven-examples.googlecode.com/svn/trunk/addrbook ) and deployed in my environment Core i7-3720 QM @ 2.60 GHz SSD disk java version "1.7.0_45" apache-tomcat-7.0.42 package the war - mvn package execute jmeter - mvn verify Jmeter shows my Throughput of 2.2 requests/sec ! With all the advances over the years ( or overhead ) are we just slowing down or are one of our results flawed ? ( I am running in VirtualBox - I think this would slow some things down - but not this much. ) Are others seeing similar results ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java version "1.7.0_25" + apache-tomcat-7.0.41 = Illegal type for StackMapType: -4
No, I do not know which JAR is failing. I set the level to FINEST for every entry in logging.properties but it does not indicate a specific jar or class file. Is there a specific log entry I should use that will display that info ? I can tell you my app includes JDO from datanucleus, JSF from Mojarra and Spring. On Fri, Jun 21, 2013 at 12:14 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Stephen, > > On 6/21/13 11:10 AM, Stephen More wrote: > > My web application has been working great with jdk1.6. At this > > point I am trying to upgrade to jdk1.7, when I deploy my war tomcat > > is throwing: > > > > Caused by: java.lang.RuntimeException: Illegal type for > > StackMapType: -4 at > > > org.apache.tomcat.util.bcel.classfile.StackMapType.setType(StackMapType.java:73) > > I > > > don't get this exception when I launch my webapp, but I do not have > any annotations, etc. > > Do you know which JAR is failing? > > I would expect this kind of thing if you used a current BCEL against a > newer .class file generated for example by Java 8, which BCEL might > not yet support (or at least the version Tomcat uses). > > Can you enable debug logging and see if you can see which JAR or > .class file is being scanned when this occurs? > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJRxHvWAAoJEBzwKT+lPKRY5eUP/jOyYWJbZ0lL7Izd4v2lrWy6 > 3Wxz/eXiHNY/aynp8eeICWq1B+clcJK5cRhLt+3y1V5FZwj8+Pei13JBNjeCOosp > 5GzdRnZ8+siTcHVVHUaqUykitOjiEbWPoWwOzS0Z+qdGDWDb+zRo80t4fYAA3VCb > v+PQTHwSDRrmFshjQplCxkkhyMIaacGOfF221ssHQC6LkfMVtUMnZaHWRjPEotd9 > 5djYmcKGQhrBMmgaIAS3agwGbacs4Of+nY1Kz5dWTyNpnS7cJKWwKHMAIXyzqq+Z > e8zqYM4LkodIlZPGtOgRgZV1/AQ3yO31TQgJ4O2YCXp829XefIz5/JedU6wiIZI9 > Phm0gkl22a/AGKm3Dljr24V/lTKZy8wl7CoK/sCF3WvMBXyhletn0YS71v1WcI6K > msdyT1KvKUqYJ519gs7GU48CSYe01DCxpH+7rOW4gYQsRgAXcB11krrm7o3CuIE+ > NUM0YQz/0uhpUc9Xm6zq2je8J0gXWcw+KjbwV3HCvkVrj5jSqnH2hleXY94SEW/p > ccG0opRaPj8s5v0N1EhoS/uecfmlrhDBFNE0YSp5lvq2NW0WDkffs7otKqVu8XV9 > YEShan5Y7wCNMlnzJG6L9IZ6uWzjf0W66SJ5I1IQ6JRsO4hrOF0lC0VTXgVGFtoF > 1wAAGW3l8u/otEhi3C1u > =GnPP > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
java version "1.7.0_25" + apache-tomcat-7.0.41 = Illegal type for StackMapType: -4
My web application has been working great with jdk1.6. At this point I am trying to upgrade to jdk1.7, when I deploy my war tomcat is throwing: Jun 21, 2013 10:58:10 AM org.apache.catalina.core.ContainerBase addChildInternal SEVERE: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/crm]] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:976) at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1653) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) at java.util.concurrent.FutureTask.run(FutureTask.java:166) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:724) Caused by: java.lang.RuntimeException: Illegal type for StackMapType: -4 at org.apache.tomcat.util.bcel.classfile.StackMapType.setType(StackMapType.java:73) at org.apache.tomcat.util.bcel.classfile.StackMapType.(StackMapType.java:65) at org.apache.tomcat.util.bcel.classfile.StackMapType.(StackMapType.java:52) at org.apache.tomcat.util.bcel.classfile.StackMapEntry.(StackMapEntry.java:55) at org.apache.tomcat.util.bcel.classfile.StackMap.(StackMap.java:73) at org.apache.tomcat.util.bcel.classfile.Attribute.readAttribute(Attribute.java:145) at org.apache.tomcat.util.bcel.classfile.Code.(Code.java:85) at org.apache.tomcat.util.bcel.classfile.Attribute.readAttribute(Attribute.java:126) at org.apache.tomcat.util.bcel.classfile.FieldOrMethod.(FieldOrMethod.java:58) at org.apache.tomcat.util.bcel.classfile.Method.(Method.java:72) at org.apache.tomcat.util.bcel.classfile.ClassParser.readMethods(ClassParser.java:268) at org.apache.tomcat.util.bcel.classfile.ClassParser.parse(ClassParser.java:128) at org.apache.catalina.startup.ContextConfig.processAnnotationsStream(ContextConfig.java:2118) at org.apache.catalina.startup.ContextConfig.processAnnotationsJar(ContextConfig.java:1994) at org.apache.catalina.startup.ContextConfig.processAnnotationsUrl(ContextConfig.java:1960) at org.apache.catalina.startup.ContextConfig.processAnnotations(ContextConfig.java:1945) at org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1319) at org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:878) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:376) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5269) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ... 11 more Is there a config/development change I have to make or is this a bug ? -Thanks Stephen More
Re: IE + Flash + mod_jk issue
On Tue, May 12, 2009 at 4:58 PM, Rainer Jung wrote: > On 12.05.2009 22:33, Stephen More wrote: >> I have a flash application ( Macromedia Breeze Presentation ) that is >> working fine when I access it directly from tomcat's port 8080. >> >> When I access it through apache using mod_jk, IE loads some of the >> flash files, but not all. >> The problem is only appearing with IE, it is working fine with Firefox. >> >> Here are my options: >> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories >> >> Could this be a mod_jk issue or should I be looking at something else ? I found a solution. I needed to remove the following from my apache httpd config: AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/html I guess a better solution might be: http://www.robertswarthout.com/2007/05/ie-6-apache-mod_deflate-blank-pages/ -Steve - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
IE + Flash + mod_jk issue
I have a flash application ( Macromedia Breeze Presentation ) that is working fine when I access it directly from tomcat's port 8080. When I access it through apache using mod_jk, IE loads some of the flash files, but not all. The problem is only appearing with IE, it is working fine with Firefox. Here are my options: JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories Could this be a mod_jk issue or should I be looking at something else ? Any help is appreciated. -Thanks Steve More - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Cookie problem in 5.5.26
I see in version 5.5.26 there are "Cookie handling/parsing changes!" 5.5.25 and prior I was able to read cookie values that included colons: cookie-name: lastaccess cookie-value: 10/30/2008%2010:41:00%20AM 5.5.26 and after: cookie-name: lastaccess cookie-value: 10/30/2008%2010 Other threads are suggesting setVersion(1) when creating the cookie. The problem is that I am not creating this cookie. It is being created on a different system and I just need to read it. How can I read this "3rd party" cookie-value in tomcat 5.5.26 and greater ? -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
>> > > Take out the path attribute; it's not allowed unless the element is > in server.xml (where it should never be, these days). It should be ignored, > but... Done. >> ... >> useContextClassLoader="false" /> > > Just for grins, what happens if you set useContextClassloader to "true"? > This should allow the > LoginModule and Principal classes to be part of the webapp. 5.5.26 seems to work fine when useContextClassloader=true 5.5.23 no longer works if useContextClassloader=true StackTrace from 5.5.23: javax.security.auth.login.LoginException: unable to find LoginModule class: com.acme.MyLoginModule at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:366) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:619) -Steve - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
On Wed, Jun 18, 2008 at 2:10 PM, Caldarale, Charles R > Just to verify, your declaration is within the webapp's , > correct? > Could you post the element for the webapp? I'd like to see if > there's anything odd in it. My declaration is stored in META-INF/context.xml of the war. >> java.lang.ClassNotFoundException: com.acme.MyUser > > So you're the one that sells all that stuff to Wile E Coyote? Beep Beep ! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
>> This setup has worked out of the box on both 5.5.23 and 6.0.16 without >> any changes to my CLASSPATH environment variable. > > Do you have anything in CLASSPATH? You shouldn't. Nope. CLASSPATH is empty. >> If I need to run multiple versions of a realm am I now forced >> to run multiple instances of tomcat ? > > Don't know; this would require more research. Do you have a stack trace for > the class not found exception? The binary download does not output a stack trace for the error. I added the stack trace to the src and recompiled. Here it is: ERROR main org.apache.catalina.realm.JAASRealm - JAASRealm error: java.lang.ClassNotFoundException: com.acme.MyUser at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at org.apache.catalina.realm.JAASRealm.parseClassNames(JAASRealm.java:275) at org.apache.catalina.realm.JAASRealm.start(JAASRealm.java:560) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4126) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) -Steve - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
>> Just after that I am seeing a SEVERE message that it can not find my >> classes where I extend javax.security.Principal. These classes can be >> found in the deployed war file. > > Which is not where they're supposed to be. To quote from the doc: "Place > the compiled classes on > Tomcat's classpath"; note this is not the webapp's classpath. This can be > specified in Tomcat's startup > scripts, or the classes can be put in whatever you have java.endorsed.dirs > set to. The principal and role > classes must not be packaged with the webapp, since the Realm is independent. Is "Tomcat's classpath" defined somewhere in the docs ? I see a Classloading section: http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html but it does not really talk about "Tomcat's classpath". > Here's the doc: > http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JAASRealm Can the realm doc get updated to say: 3. Place the compiled classes on Tomcat's classpath ( e.g. $CATALINA_HOME/commons/endorsed ) > Packaging with the webapp may have erroneously "worked" in the past if you > fiddled with the > CLASSPATH environment variable, which can lead to lots of other nasty issues. This setup has worked out of the box on both 5.5.23 and 6.0.16 without any changes to my CLASSPATH environment variable. This has been working very well since it allows me to run different versions of my Realm inside 1 instance of tomcat. If I need to run multiple versions of a realm am I now forced to run multiple instances of tomcat ? -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAASRealm problem moving from 5.5.23 -> 5.5.26
I have been using 5.5.23 with a JAASRealm for some time now. In trying to upgrade to 5.5.26 I am now seeing a new log entry in catalina.out Jun 18, 2008 8:40:09 AM org.apache.catalina.realm.JAASRealm parseClassNames Just after that I am seeing a SEVERE message that it can not find my classes where I extend javax.security.Principal. These classes can be found in the deployed war file. Other people are seeing similar issues: http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/200804.mbox/[EMAIL PROTECTED] Is this a bug, or am I now required to move this jar out of the war and into a shared classpath ? -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: access Connector Address from within war file
On Wed, Feb 27, 2008 at 12:26 PM, Caldarale, Charles R wrote: > > From within a war file, I need to access the Connector Address. > > Why don't you tell us what you're really trying to do, and what Tomcat > level you're trying to do it on. > > It's not at all clear what you mean by "Connector Address"; the local IP > address on which the connector is listening? It's usually 0.0.0.0, so > that doesn't make much sense. OK, I am currently running multiple tomcats on 1 server so they are not bound to 0.0.0.0. instance one will be 1.2.3.4:8080 instance two will be 1.2.3.5:8080 instance three will be 1.2.3.6:8080 All instances will join 1 JGroup. I can send messages to this group and each one responds back with a message. The thing is, I need to tell the messages apart...which message came from 1.2.3.4 vs 1.2.3.6 I decided to use the local ip address that tomcat is bound to. Using the method in my previous email I have found this will only work when re-deploying a war and not on server startup, apparently the thread pool is not available during the war init phase. -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
access Connector Address from within war file
>From within a war file, I need to access the Connector Address. Currently I am doing this by: javax.management.MBeanServer mBeanServer = org.apache.commons.modeler.Registry.getRegistry( null, null ).getMBeanServer(); javax.management.ObjectName identifier = new javax.management.ObjectName( "Catalina:type=ThreadPool,*" ); java.util.Set objectNameSet = mBeanServer.queryNames( identifier, null ); for( java.util.Iterator i = objectNameSet.iterator(); i.hasNext(); identifier = (javax.management.ObjectName)i.next()) { if( identifier != null ) { String connectorAddress = identifier.getKeyProperty( "name" ); } } Is there an easier or better way to accomplish the same thing ? -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6.0 and JSF 1.2
On Fri, Feb 22, 2008 at 11:04 AM, wrote: > I would like to work with JSF 1.2 embedded in Tomcat 6.0 > Where can I find an "How-to" ? Give this a try: http://www.exadel.com/tutorial/jsf/jsftutorial-kickstart.html Once you get a handle on JSF, then I would suggest looking into facelets. http://www.jsfcentral.com/articles/facelets_1.html http://www.ibm.com/developerworks/java/library/j-facelets/ -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I make a redirection?
On Wed, Feb 27, 2008 at 2:24 AM, nkarytia wrote: > every time the user types in http://mysite.com/hello in the address bar of > his browser it gets redirected to another site like hello.newsite.com. Is > this possible? Is mysite.com running Tomcat, httpd, or something else ? This can be done with HTML, in the directory of hello you need to place an index file that has the following code: http://hello.newsite.com"; http-equiv="refresh"> -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Server output console cannot view fully
On Wed, Feb 27, 2008 at 6:40 AM, tlgkumar wrote: > using this i can create the project and got output nicely, > but my problem is i cannot view the server output cosole printouts, > in my project i am using lots of print statements, In general you should move away from print statements and use a logging api. I would suggest you look at: http://www.slf4j.org/manual.html and log4j. Then you can send all of your low level output to a file, and have error level messages emailed. -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Storing sessions to disk like Apache HTTP server
On Wed, Feb 27, 2008 at 9:41 AM, Andrew R Feller wrote: > Is there any way to store sessions to disk like Apache HTTP server? Can I ask why do you want to ? -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NIO connector in Tomcat 6.0.14
On Thu, Oct 25, 2007 at 12:19 PM, Filip Hanik - Dev Lists wrote: > browser don't work the way you might it expect to, firefox for example, > will not display anything until the entire request is complete. so the > chat example is no good that way. > write a client application for your comet, to test how it works Does anyone have java code to test that the chat comet example is working correctly ? -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NIO Java or TC - What are u using it 4?
On Fri, Feb 22, 2008 at 10:58 PM, Bill Barker wrote: > Well, you need it for Comet Is there a way you can deploy Comet applications to tomcat 5.5 or do you have to upgrade to 6.0 ? -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk + HTTP Push problems
I have created a Servlet that uses multipart/x-mixed-replace to push out data. ( See: http://www.servlets.com/jservlet2/examples/ch06/#ex06_13 ) This works perfectly fine between tomcat 5.5 and Firefox. When tomcat is front-ended with httpd + mod_jk, the live push no longer works. Is this a known deficiency in mod_jk or would this be a bug ? -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
error page for ViewExpiredException using JSF-RI 1.2
I am currently using JSF-RI 1.2_07, facelets 1.1.13 and tomcat 5.5.23 Within my web.xml the following works as expected: java.lang.Exception /redirect.jsp The following is NOT working: javax.faces.application.ViewExpiredException /redirect.jsp Is there a bug why tomcat is not catching this exception ? ( 1.2_07 on GlassFish is working as expected. ) 2008-01-22 18:58:47,774 ERROR [[Faces Servlet]:250] Servlet.service() for servlet Faces Servlet threw exception javax.faces.application.ViewExpiredException: viewId:/index.cgi - View /index.cgi could not be restored. at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:186) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:104) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at net.sourceforge.jams.JAMSFilter.doFilter(JAMSFilter.java:100) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:619) -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: application-managed security model and isUserInRole getRemoteUser
On 10/12/07, Christopher Schultz wrote: > Yes, this is how to do it. If you don't want to do it yourself, you can > use securityfilter (http://securityfilter.sourceforge.net), which has > already been written. Thanks, securityfilter is a great example. > > ?? - stick with container-based security and find a way to make > > cookies for "Remember Me" work. > > I think you're out of luck, here, too. I think I found a way to make it work, but it is too difficult. You can create your own org.apache.catalina.authenticator to look at cookies, but it requires making changes to catalina.jar. I prefer to stick with war files so I will go with application based security. -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Certificates, CLIENT-CERT Authentication and Authorization
There seems to be good documentation for configuring Realms. I currently have a JAASRealm working by implementing a javax.security.auth.spi.LoginModule I have found very little documentation for custom Authenticators. Your _outline_ is helpful, but I am still struggling. My class which extends org.apache.catalina.authenticator.BasicAuthenticator contains: org.apache.catalina.Realm realm = context.getRealm(); log.trace( "Info: " + realm.getInfo() ); The logs are outputting "Info: org.apache.catalina.realm.RealmBase/1.0" Any clue on how to get it to use "org.apache.catalina.realm.JAASRealm/1.0" ? My web.xml still contains BASIC CUSTOMRealm Thanks for any insight or pointers to documentation on Authenticators. -Steve More On 9/26/07, Edwin K. Brown wrote: > I'm doing this to provide an _outline_ of what is needed to be done to get > CLIENT-CERT authentication and authorization working in Tomcat 6. This is > high level because each implementation will have to be done to suit your own > needs. > > > > This first part deals with the JAAS related code that you have to create: > > > > * The Tomcat documentation states that the > org.apache.catalina.realm.JAASRealm has to be used to get this working. > Actually, the JAASRealm should be extended or you create a class that extends > org.apache.catalina.realm.RealmBase. For purposes of this post, lets call > this class CertJASSRealm. > * In CertJASSRealm, the authenticate(X509Certificate certs[]) method > needs to be over-ridden/implemented to perform the certificate validation. > * In CertJASSRealm, the getPrincipal(String username) and > getPrincipal(String username, String subject) methods needs to be > over-ridden/implemented to create the principal. > * The Tomcat documentation states that it is best to implement your own > Role and User class, and that is definitively the case! > * Create a class to handle the role. > * Create a class to handle the user. This seems to be one of the keys > to getting this right. Let's call this class CertJASSUser. The getRoles() > method needs to be implemented to retrieve the roles associated with this > user. In the "demo" that I did, I had this return a set array of roles. I > imagine in "the real world," this would go to some external source like LDAP, > a database, or a file, to retrieve roles, if any, for the user. > * In CertJAASUser, implement hasRole(String role) that determines if > the user has the role name passed in. > * Implement a LoginModule class and a CallbackHandler class to the JAAS > specification to suit your needs. > * Let's call the CallbackHandler class CertCallbackHandler. I created a > method that sets the certificates, public void setCerts(X509Certificate[] > certs), for use later on during the login() process. > * Let's call the LoginModule implementation CertLoginModule. The > initialize(Subject, CallbackHandler, Map, Map) method should do any > initialization needed. The login() method should do the "login" using the > certificates from the CertCallbackHandler object. > * Make sure you create the JAAS configuration file. The name of the > module in this example is CertJaas. > > > > This second part deals with SSL authentication. This has to make it possible > to get the authentication with certificates: > > * Create a class that extends > org.apache.catalina.authenticator.AuthenticatorBase. Let's call this class > CertSSLAuthenticator > * Implement authenticate(Request request, Response response, > LoginConfig config). The TOMCAT class SSLAuthenticator is a good class to use > as a model for what to do for the authentication process. I think CRL lookup > or OCSP could be used in this method. > > > > > > This third part deals with what you have to do to get TOMCAT to recognize > that you have JAASRelam code that you want to be used instead of what TOMCAT > provides. Please note that JAASRealm is the ONLY JAAS implementation that > TOMCAT will recognize "out of the box" without make the following changes. > Believe me, if you don't do the following, you will NOT get it working > properly. You will have to extract, modify, and replace some files in > catalina.jar. > > * Make a copy of catalina.jar. > * Extract org/apache/catalina/authenticator/mbeans-descriptors.xml > * Copy the mbean tag with attribute name "SSLAuthenticator". > * Change the name attribute to the name of the file you created to do > the SSL authentication in the second part. In this case, the name would be > CertSSLAuthenticator. > * Modify the type attribute to the full class name of the SSL > authenticator class. > * Save the file and replace it in the catalina jar. > * Extract org/apache/catalina/startup/Authenticators.properties > * There is an entry for CLIENT-CERT: > CLIENT-CERT=org.apache.catalina.authenticator.SSLAuthenticator. C
Re: Debugging session replication in 5.5.23
The problem was not with a config of tomcats server.xml it was a problem with the war. session data is now getting replicated. If you ask why, you can look at: http://jcifs.samba.org/src/docs/ntlmhttpauth.html So the only question that remains is "Will JCIFS NTLM HTTP Authentication work in a cluster with session replication" ? If anyone has any insights feel free to post. -Thanks Steve More On 10/19/07, Stephen More wrote: > I thought I would try this on a off the shelf apache-tomcat-6.0.14: > > > > receiver.tcpListenPort="9074" > > > Results in logs of: > WARNING: Manager [ > [EMAIL PROTECTED] does not > implement ClusterManager, addition to cluster has been aborted. > > > The docs say "The default value is the > org.apache.catalina.ha.session.DeltaManager" and > DeltaManager does implement the ClusterManager interface. > > > I must be missing something, but what ? > > > > -Steve More > > > > On 10/19/07, Stephen More wrote: > > I am trying to setup a tomcat cluster on 1 box with mod_jk, > > > > > > > receiver.tcpListenPort="9074" > > doClusterLog="true" > > /> > > > > > > > > > receiver.tcpListenPort="9076" > > doClusterLog="true" > > /> > > > > my web.xml has > > > > session data is NOT getting replicated. My logs are showing: > > > > DEBUG TP-Processor1 org.apache.catalina.cluster.tcp.ReplicationValve - > > Context /tomcatTest: Found session > > 73F82C596FCE430AB6B7208B03E58BB4.worker6 but it isnt a ClusterSession. > > > > DEBUG TP-Processor3 org.apache.catalina.cluster.tcp.ReplicationValve - > > Context /tomcatTest: Requested session > > 3A9739F62613B5AECB8D1D3C6FF5E590.worker6 is invalid, removed or not > > replicated at this node. > > > > What is preventing my session from becoming a ClusterSession ? > > > > -Thanks > > Steve More > > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Debugging session replication in 5.5.23
I thought I would try this on a off the shelf apache-tomcat-6.0.14: Results in logs of: WARNING: Manager [ [EMAIL PROTECTED] does not implement ClusterManager, addition to cluster has been aborted. The docs say "The default value is the org.apache.catalina.ha.session.DeltaManager" and DeltaManager does implement the ClusterManager interface. I must be missing something, but what ? -Steve More On 10/19/07, Stephen More <[EMAIL PROTECTED]> wrote: > I am trying to setup a tomcat cluster on 1 box with mod_jk, > > > receiver.tcpListenPort="9074" > doClusterLog="true" > /> > > > > receiver.tcpListenPort="9076" > doClusterLog="true" > /> > > my web.xml has > > session data is NOT getting replicated. My logs are showing: > > DEBUG TP-Processor1 org.apache.catalina.cluster.tcp.ReplicationValve - > Context /tomcatTest: Found session > 73F82C596FCE430AB6B7208B03E58BB4.worker6 but it isnt a ClusterSession. > > DEBUG TP-Processor3 org.apache.catalina.cluster.tcp.ReplicationValve - > Context /tomcatTest: Requested session > 3A9739F62613B5AECB8D1D3C6FF5E590.worker6 is invalid, removed or not > replicated at this node. > > What is preventing my session from becoming a ClusterSession ? > > -Thanks > Steve More > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Debugging session replication in 5.5.23
I am trying to setup a tomcat cluster on 1 box with mod_jk, my web.xml has session data is NOT getting replicated. My logs are showing: DEBUG TP-Processor1 org.apache.catalina.cluster.tcp.ReplicationValve - Context /tomcatTest: Found session 73F82C596FCE430AB6B7208B03E58BB4.worker6 but it isnt a ClusterSession. DEBUG TP-Processor3 org.apache.catalina.cluster.tcp.ReplicationValve - Context /tomcatTest: Requested session 3A9739F62613B5AECB8D1D3C6FF5E590.worker6 is invalid, removed or not replicated at this node. What is preventing my session from becoming a ClusterSession ? -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
application-managed security model and isUserInRole getRemoteUser
If I implement application-managed security ( I need to use cookies for "Remember Me" ), is there a way to make it such that HttpServletRequest.getRemoteUser() and HttpServletRequest.isUserInRole(java.lang.String role) will respond with values from the actual logged in user ? I see an old thread from 2001 ( http://mail-archives.apache.org/mod_mbox/struts-dev/200108.mbox/[EMAIL PROTECTED] ) In servlet 2.3, you can legally wrap a request (or response, for that matter, but it's request that matters for this purpose) before handing it on via RequestDispatcher. Indeed, you can set up a Filter that gets control before the servlet does and plays the same game. Therefore, you can modify what isUserInRole() or getUserPrincipal() will return to the called servlet. Now that it is 2007, is the Filter + RequestDispatcher still the way to implement this or is there a better way ? Is there an example of this somewhere out there ? Other options I am thinking of: - write my own Realm implementation ?? - stick with container-based security and find a way to make cookies for "Remember Me" work. -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm + Expired Passwords
On 8/22/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: > 1. Checks to see if the Session exists and has a Principal. > 2. Checks to see if the Session contains my "User" object. >If not, it loads the User object and performs the "real" login >(as opposed to the basic authentication provided by the container). > 3. Checks to see what the user's "status" is. >If the user is in the "must change password" state, I send them >to the "change password" screen. Using the default tomcat realms I see 2 possibilities: 1. use the JDBCRealm and create a SQL view for user_roles. If the user has an expired password, then a role called "expiredPassword" should exist as a row in this view. 2. use the JAASRealm, if the password is expired add the role "expiredPassword". Both of these would require a Filter that checks for the existence of the role "expiredPassword" and redirect as needed. I just find it hard to believe that there is no open-source project/library to mange users that includes the above functionality. -Steve - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm + Expired Passwords
In looking at the docs: http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html there is no Attribute for "userCredExpireCol". How do I configure the JDBCRealm to look at an expiration column ? -Steve On 8/22/07, Peter Stavrinides <[EMAIL PROTECTED]> wrote: > I also didn't understand exactly what you mean, but 'JDBCRealm'... implies > using a database, so the simple way is to redirect and use a web form to > change it, which is easy enough. If you don't want to use a web form then its > an entirely different story, I assume some sort of extension or customization > to Tomcat is required. > > Peter > > Christopher Schultz wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Stephen, > > > > Stephen More wrote: > > > >> Has anyone written or know of a JDBCRealm that supports an expired > >> password ? > >> > > > > Can you phrase that in a different way? I wouldn't want my JDBCRealm to > > allow expired passwords to be used. > > > > Do you mean that you want expired-password-users to be forced to change > > their password before doing anything else? > > > > - -chris > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.7 (MingW32) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iD8DBQFGyzw79CaO5/Lv0PARAmHNAKClt64b23+I7sH00qjLDGffNkbY/wCgniR1 > > 99vbSIqBOgDuLkLX7D8V4ys= > > =QI3O > > -END PGP SIGNATURE- > > > > - > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm + Expired Passwords
On 8/21/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: > Stephen More wrote: > > Has anyone written or know of a JDBCRealm that supports an expired password > > ? > > Do you mean that you want expired-password-users to be forced to change > their password before doing anything else? Yes, this is exactly what I am looking for: "I want expired-password-users to be forced to change their password before doing anything else." Does such a Realm/project exist ? -Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm + Expired Passwords
Has anyone written or know of a JDBCRealm that supports an expired password ? -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can one Global JNDI resources reference another ?
I think I have come across a "chicken and egg" scenario. I want to have a connection pool that is globally accessible, so I added the following to my I tested this section and can access this resource fine from any webapp. Now I want to make a PersistenceManagerFactory global. I end up with this error: javax.naming.NamingException: Connection Factory "java:comp/env/jdbc/GlobalPool" not found javax.naming.NameNotFoundException: Name comp is not bound in this Context Is there a way I can reference a Global JNDI resource from another one ? -Thanks Steve More P.S. This is on version 5.5.17 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
hardening and securing tomcat in a production environment
Is there a published list of items that need to be configured in order to harden and secure tomcat in a production environment ? What items need to be configured, and what items need to be removed ? I am currently interested in version 5.5. -Thanks Steve More - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with Tomcat & MySQL using JNDI
I think I have identified the problem. I deployed a 'broken' HelloWorld war file to tomcat by coping it to apache-tomcat-5.5.17/webapps. Tomcat then expanded it, so there is now both a war file and a expanded directory structure. In all of my attempts to fix the code, I was modifying the code within the expanded structure and nothing seemed to work. Once I delete the war file, everything now worked. Why does tomcat work like this ? I would have expected one of the following: - Expand the war then delete the war - Do not expand the war Can someone shed some light on where I might have gone wrong ? -Thanks Steve More On 5/19/06, Stephen More <[EMAIL PROTECTED]> wrote: On 5/17/06, Parsons Technical Services <[EMAIL PROTECTED]> wrote: > Now I will assume you have reviewed http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html > for a per context and Yes > http://tomcat.apache.org/tomcat-5.5-doc/config/globalresources.html for a > global approach. Yes. > Now for a few questions. > Is the jndi for one app or several? Right now, one app. > Well if for one app, you can set it up in the context of the app. I have been trying to do this. > Both cases you need to add the drivers to the common/lib (thus the reason a > simple war won't do). I have copied mysql-connector-java-3.1.12-bin.jar to apache-tomcat-5.5.17/common/lib > Class.forName("com.mysql.jdbc.Driver"); > > connection = > DriverManager.getConnection( > "jdbc:mysql://192.168.1.19:3306/golive", > "daname", > "depassword"); > I have this working fine. Now that we have verified this first layer ( JDBC Driver installed OK ), how can I test the next layer ? $CATALINA_HOME/webapps/DBTest/META-INF/context.xml What can I do to verify that my context.xml is set correctly ? -Thanks Steve More > - Original Message - > From: "Stephen More" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, May 17, 2006 5:34 PM > Subject: Help with Tomcat & MySQL using JNDI > > > Is there a war file available for download that will do nothing more than: > select 'HelloWorld from MySQL'; using JNDI ? > > > I have tried following many examples on the web and I keep ending up with: > Cannot create JDBC driver of class '' for connect URL 'null' > > At this point I am pulling out my hair and thinking their must be a > bug in tomcat 5.5.17 ! > > Can anyone provide me with a simple working war using MySQL ? > > > -Thanks > Steve More > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with Tomcat & MySQL using JNDI
On 5/17/06, Parsons Technical Services <[EMAIL PROTECTED]> wrote: Now I will assume you have reviewed http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html for a per context and Yes http://tomcat.apache.org/tomcat-5.5-doc/config/globalresources.html for a global approach. Yes. Now for a few questions. Is the jndi for one app or several? Right now, one app. Well if for one app, you can set it up in the context of the app. I have been trying to do this. Both cases you need to add the drivers to the common/lib (thus the reason a simple war won't do). I have copied mysql-connector-java-3.1.12-bin.jar to apache-tomcat-5.5.17/common/lib Class.forName("com.mysql.jdbc.Driver"); connection = DriverManager.getConnection( "jdbc:mysql://192.168.1.19:3306/golive", "daname", "depassword"); I have this working fine. Now that we have verified this first layer ( JDBC Driver installed OK ), how can I test the next layer ? $CATALINA_HOME/webapps/DBTest/META-INF/context.xml What can I do to verify that my context.xml is set correctly ? -Thanks Steve More - Original Message - From: "Stephen More" <[EMAIL PROTECTED]> To: Sent: Wednesday, May 17, 2006 5:34 PM Subject: Help with Tomcat & MySQL using JNDI Is there a war file available for download that will do nothing more than: select 'HelloWorld from MySQL'; using JNDI ? I have tried following many examples on the web and I keep ending up with: Cannot create JDBC driver of class '' for connect URL 'null' At this point I am pulling out my hair and thinking their must be a bug in tomcat 5.5.17 ! Can anyone provide me with a simple working war using MySQL ? -Thanks Steve More - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Help with Tomcat & MySQL using JNDI
Is there a war file available for download that will do nothing more than: select 'HelloWorld from MySQL'; using JNDI ? I have tried following many examples on the web and I keep ending up with: Cannot create JDBC driver of class '' for connect URL 'null' At this point I am pulling out my hair and thinking their must be a bug in tomcat 5.5.17 ! Can anyone provide me with a simple working war using MySQL ? -Thanks Steve More - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disabling put and delete http methods
My jakarta-tomcat-5.0.28/conf/web.xml now contains: Disallowed Location /* PUT DELETE But when I try to: DELETE /tomcat-docs/changelog.html I get 403 Access Denied instead of a 404 or 405. It does not appear that the DELETE option has been disabled. What else do I need to configure ? -Thanks Steve More On 3/25/06, Bill Barker <[EMAIL PROTECTED]> wrote: > Well, your is pretty much of a cluster-f*ck. Firstly, > you need /*. Then you need > (which is deny-from-all, what you have below is > allow-from-authenticated-users). > > I'm guessing that there is more that you're not telling us. While I'm way > too lazy to test this myself, I'm having trouble believing that your > particular mis-configuration would result in the error you are seeing. > > "Stephen More" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > I am having problems trying to disable put and delete. > I have searched the Internet and they all say the same thing. > > Add the following: > > > > Disallowed Location > * > DELETE > PUT > > > * > > > > So I added that to jakarta-tomcat-5.0.28/conf/web.xml and restart. > While this stops all deletes and puts it is also stopping all gets and > posts too ! > > What am I doing wrong ? I placed it near the end of the file after > the mime-mappings. > > -Thanks > Steve More > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Disabling put and delete http methods
I am having problems trying to disable put and delete. I have searched the Internet and they all say the same thing. Add the following: Disallowed Location * DELETE PUT * So I added that to jakarta-tomcat-5.0.28/conf/web.xml and restart. While this stops all deletes and puts it is also stopping all gets and posts too ! What am I doing wrong ? I placed it near the end of the file after the mime-mappings. -Thanks Steve More - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]