Re: Apache/mod_jk serves random files from tomcat
We were not using APR. Since this was a live project I had no choice but switch to regular http proxy which doesn't work as well as AJP (speed/functionality) but is consistent. Alas, as much as I'd like to help with solving this issue, I wasn't able to reproduce in a test environment and the production environment is now live so I can't mess with it. Cheers! Yuval Perlov www.r-u-on.com On Mar 10, 2009, at 6:27 PM, Rainer Jung wrote: Hi Yuval, did you find out in the meantime, whether you were using the tcnative (aka APR) connector? Regards, Rainer On 19.02.2009 11:34, Yuval Perlov wrote: Just the swapping responses has me concerned. Thank you so much for the rest of your responses we will put them to good use once we give up on AJP completely. Yuval On Feb 18, 2009, at 8:45 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 2/17/2009 1:48 PM, Yuval Perlov wrote: Is APR part of tomcat or apache [httpd]? APR is the Apache Portable Runtime. Technically, it's its own beast and is used by both httpd and Tomcat (optionally). If I am running on linux and have no .so files in my tomcat directory does that mean I have no APR installed? The Tomcat directory isn't the only place .so files could be located. Anywhere in the java.library.path is possible. If you have an AprLifecycleListener configured in your server.xml, then you are attempting to use APR. If you get a message in catalina.out on startup that says something like APR Configured or APR library not found then you have your answer. On a more positive note, we switched to proxy_http (after making the necessary code changes) and everything works now - no more mixed content. Of course we lost a lot of necessary functionality: 1. request.isSecure() doesn't work You can always use https :) 2. we don't know the server name we are hit with (since it is hard coded in httpd.conf) This should be an option in mod_proxy. Is it not? ProxyPreserveHost? 3. we have no access to the source IP (for geo location) Why not use mod_headers to convert the original IP address into an X-Original-IP header. Better yet, use the X-Forwarded-For header that should be set by default by mod_proxy. BTW - Am I the only one that is seriously worried that this kind of problem can even exist on a platform of this maturity? Which problem? The swapping-responses problem or everything else you've outlined about your inadequate configuration? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Getting the tomcat server IP
You are right, should have been: request.getLocalAddr() - my bad. Also, from the socket object you can always call socket.getLocalAddress() on an outgoing connection. This is useful if you want to make sure you are getting the IP for a particular network. Yuval On Feb 21, 2009, at 7:57 PM, Rusty Wright wrote: Yuval, wouldn't that give you the client's address? I thought she wanted the server's ip address, with the added wrinkle that her server has multiple network interfaces. Yuval Perlov wrote: request.getRemoteAddr(); You can only get your actual IP after opening a connection. Of course it can change depending on where the connection is coming from. Alternatively you can open a connection to a known public server, and figure out your IP using the resulting socket. If you are going through a NAT this might not be your actual IP but the IP on your side of the NAT. Yuval Perov On Feb 20, 2009, at 2:21 AM, Natalie Forood wrote: Hello, Can you tell me how I can get the IP address of the interface that is running Tomcat? I can't use localhost, I need the IP of the physical interface. Thanks, Natalie - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Getting the tomcat server IP
request.getRemoteAddr(); You can only get your actual IP after opening a connection. Of course it can change depending on where the connection is coming from. Alternatively you can open a connection to a known public server, and figure out your IP using the resulting socket. If you are going through a NAT this might not be your actual IP but the IP on your side of the NAT. Yuval Perov On Feb 20, 2009, at 2:21 AM, Natalie Forood wrote: Hello, Can you tell me how I can get the IP address of the interface that is running Tomcat? I can't use localhost, I need the IP of the physical interface. Thanks, Natalie - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
Just the swapping responses has me concerned. Thank you so much for the rest of your responses we will put them to good use once we give up on AJP completely. Yuval On Feb 18, 2009, at 8:45 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 2/17/2009 1:48 PM, Yuval Perlov wrote: Is APR part of tomcat or apache [httpd]? APR is the Apache Portable Runtime. Technically, it's its own beast and is used by both httpd and Tomcat (optionally). If I am running on linux and have no .so files in my tomcat directory does that mean I have no APR installed? The Tomcat directory isn't the only place .so files could be located. Anywhere in the java.library.path is possible. If you have an AprLifecycleListener configured in your server.xml, then you are attempting to use APR. If you get a message in catalina.out on startup that says something like APR Configured or APR library not found then you have your answer. On a more positive note, we switched to proxy_http (after making the necessary code changes) and everything works now - no more mixed content. Of course we lost a lot of necessary functionality: 1. request.isSecure() doesn't work You can always use https :) 2. we don't know the server name we are hit with (since it is hard coded in httpd.conf) This should be an option in mod_proxy. Is it not? ProxyPreserveHost? 3. we have no access to the source IP (for geo location) Why not use mod_headers to convert the original IP address into an X-Original-IP header. Better yet, use the X-Forwarded-For header that should be set by default by mod_proxy. BTW - Am I the only one that is seriously worried that this kind of problem can even exist on a platform of this maturity? Which problem? The swapping-responses problem or everything else you've outlined about your inadequate configuration? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmcV0AACgkQ9CaO5/Lv0PBw4wCgtvTgf5Jy6z30u9Z3z/8M9ViN stwAn1urDcjts1xtPvSMiSuL00jEMYPV =/Ge+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
Is APR part of tomcat or apache? If I am running on linux and have no .so files in my tomcat directory does that mean I have no APR installed? On a more positive note, we switched to proxy_http (after making the necessary code changes) and everything works now - no more mixed content. Of course we lost a lot of necessary functionality: 1. request.isSecure() doesn't work 2. we don't know the server name we are hit with (since it is hard coded in httpd.conf) 3. we have no access to the source IP (for geo location) 4. We had to some make all client redirection code use the full URL with the server name - turns out client redirect uses the server name from the request so it tries to hit the 8080 port (tomcat) instead of 80 (httpd). BTW - Am I the only one that is seriously worried that this kind of problem can even exist on a platform of this maturity? Yuval Perlov www.r-u-on.com On Feb 17, 2009, at 1:38 AM, dave smith wrote: Sorry for not providing an update sooner. I disabled the APR and the problem went away. On 2/12/09, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 2/12/2009 3:12 AM, Yuval Perlov wrote: I actually upgraded from mod_jk 1.2.26 to 27 to try and make the problem go away. Ha! Okay. Sorry for a bad tip. ;) So, I'm definitely not going to be able to help you from here on out, but I know that folks like Rainer and Mladen could use some more information, so I'll go ahead and ask for some. The mixup occurs only in tomcat originated data - the static stuff coming from httpd stays fine. Good to know. Moreover, in the past I had it setup so the static stuff came from tomcat as well. This naturally resulted in significantly more hits between apache and tomcat which made the problem appear much faster (hence my theory that some resource is being depleted over time). Is this something you can reproduce reliably in a test environment? Does it require heavy load in order for this behavior to manifest itself? Or, is it just after 5M requests everything goes to hell? I'm wondering if concurrency is the problem or maybe something silly like logging or maintaining worker status that somehow corrupts something. It's very odd that responses would be crossed. I don't think any of that stuff is shared between threads/processes in mod_jk/httpd, but I suppose when you overwrite memory (which is the only explanation I can think of), you can't really expect the program to operate properly. Oh, are you using worker or prefork MPM? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmUplsACgkQ9CaO5/Lv0PANwQCeM7IEsDUu+o8cKjZP3kxAZgXP 7g4AoLyLW2cvmLC7AGGJnEf8jHBzNBvM =E4BT -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
I actually upgraded from mod_jk 1.2.26 to 27 to try and make the problem go away. I see the mixup in the file sizes so thought a trace was not necessary. The mixup occurs only in tomcat originated data - the static stuff coming from httpd stays fine. Moreover, in the past I had it setup so the static stuff came from tomcat as well. This naturally resulted in significantly more hits between apache and tomcat which made the problem appear much faster (hence my theory that some resource is being depleted over time). Yuval On Feb 11, 2009, at 3:44 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 2/11/2009 1:56 AM, Yuval Perlov wrote: What leads me to believe this is unrelated to my application code is that restarting apache makes the problem go away. So, when your site goes crazy, a simple httpd-bounce does the trick? No Tomcat restart or anything required? Existing users and sessions are all preserved and pretty much the problem just magically goes away? Crazy. I see that you are using httpd 2.2.10. Have you tried downgrading to 2.0.x to see if that helps? I've heard some folks having trouble with mod_jk 1.2.27, so you might try downgrading to 1.2.26 unless something vital is in the .27 release that you need. Those are easier fixes than switching to proxy_http or removing httpd altogether. If you watch the network traffic with a TCP sniffer like wireshark, does it look like request A results in response B instead of (expected) response A? When the server goes crazy, can you start sending TRACE requests to see if those get mixed-up? Does all traffic get jumbled, or just the stuff bound for Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmS1lgACgkQ9CaO5/Lv0PBNTwCghqlzDnFDppy0WmgHGTdKjMoQ czQAnijlks4T6XAM72WuC3EgMN1NB+0Q =xzLb -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
We started restarting apache on a regular basis but if a user is in mid request (consider a user that just filled a big form and is upload a file). I moved all static content to apache so tomcat is now only delivering the actual jsp file. The result was that the mix up took longer to appear, however when it did USERS STARTED SEEING EACH OTHERS DATA!!! (before that, the mixup was usually with images etc just because there are more of them). I am actually amazed that this can even happen in such a mature version and that such a small number of us are experiencing it. This is slowly killing our project. Trying to move to proxy_ajp did not help which makes the whole thing even more mysterious - these are two separate code bases, no? (BTW - are mod_jk developers reading this?) We are contemplating two approaches: 1) moving to proxy_http. My only concern is that this won't help - maybe the problem is unrelated to AJP? Upgrading has helped some users but not all and the problem exists in both mod_jk and proxy_ajp. 2) getting rid of apache and moving tomcat to the front (much harder to configure but ensures we are rid of this problem). Any Thoughts? Regards, Yuval Perlov On Feb 5, 2009, at 11:27 PM, LukeK wrote: JohnHardin wrote: * Have others (that now seem to be fixed) gotten things to work by updating to the latest mod_jk (1.2.27)? I suspect that it's related to 1.2.27 - I have been playing around with older versions. .24 and .25 have had issues forwarding certain request headers, but so far .26 seems to be working OK. Is periodically restarting apache a suitable (if not hackish) work- around until we can get our production environment upgraded? That'd be my fallback position. Cheers! Luke -- View this message in context: http://www.nabble.com/Apache-mod_jk- serves-random-files-from-tomcat-tp18385568p21861548.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
Thanks! The problem as far as I can tell is a simple mixup of http requests so user identities don't play into this. It might look like it since user A is getting the results of user B but as far as session management goes it is unaffected by this. The URLs are very short. This happens at random. This only starts to happen after the server has been running for a while - it's as if some resource is being consumed and once it's done this problem starts emerging. When it starts happening it happens to all users. What leads me to believe this is unrelated to my application code is that restarting apache makes the problem go away. User data is managed on the session object and I am not interfering with it in any way (no direct cookie code). This is also the reason I believe tomcat only will work. Also we have been running for sometime in a tomcat only mode and never had this problem (which is not definite evidence, i know). The reason I am not jumping to proxy_http is that the application is currently using IP geo location which I suspect will not be available once we are behind a http proxy. We will be shutting off this functionality just so we can switch to proxy_http but it takes a few day to test. Yuval On Feb 11, 2009, at 4:38 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 2/10/2009 3:44 PM, Yuval Perlov wrote: We started restarting apache on a regular basis but if a user is in mid request (consider a user that just filled a big form and is upload a file). So it appears that Apache is, over time, losing track of user identities? That seems odd since neither mod_jk nor Apache httpd actually do anything but forward the identity information from the browser to Tomcat. Either an HTTP cookie or a URL parameter is used to identify sessions, and both are provided with every request. Do you have unusually long URLs? Unusually long request bodies? I'm just trying to think of why any data would be mixed-up. Does this happen seemingly randomly, or only for certain pages on your site? Certain source IP addresses? We had some users that were getting all messed up before we recognized that they were doing through google's cache which was seriously confusing just about everything. Fortunately, we could see from our server logs that some requests came from the /real/ remote user and others came from google's domain. Otherwise, all I can think of is that you have some bug in your application shrug. How are you doing authentication? How about user identification - aside from relying on session data in Tomcat. We are contemplating two approaches: 1) moving to proxy_http. My only concern is that this won't help - maybe the problem is unrelated to AJP? Upgrading has helped some users but not all and the problem exists in both mod_jk and proxy_ajp. Trying mod_proxy_http will certainly give you more information. Can you reproduce this problem in a safe environment? 2) getting rid of apache and moving tomcat to the front (much harder to configure but ensures we are rid of this problem). Are you /sure/ that a Tomcat-only setup doesn't exhibit this problem? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmSOi0ACgkQ9CaO5/Lv0PBpiwCdH2pRuaVP7TRl7E6tOqZbkUQM yuUAniM9m8+Mo9aWiu2G8XQcZjXf2W/M =l0Xk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Resource Mixup when using AJP proxy (strange one)
Setup: For one of our projects we are using httpd in front of tomcat. At the moment everything is routed via tomcat, static and dynamic content alike (except for one directory of images that resides outside the application). We are using AJP proxy. Symptoms: After running for a while (day or two depending how much traffic we have) the web pages render funny. It seems as if the wrong resources are being sent - when I go over the DOM I see that objects that have the right URL for background images etc. are dealt the wrong pictures. It seems as though the connection is not thread safe (this is just how it seems - I don't know if it is the actual problem). This happens only on the https channel and does not affect the :80 virtual host! Versions (latest versions): Redhat Fedora 10 Server version: Apache/2.2.10 (Unix) Tomcat: 6.0.16 Config file: VirtualHost 216.139.214.167:443 ServerAdmin sea...@patentest.co.il DocumentRoot /home/apache/www/ html/patentest.co.il ServerName www.patentest.co.il SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW: +SSLv2:+EXP:+eNULL SSLCertificateFile certs/www.patentest.co.il.crt SSLCertificateKeyFile certs/www.patentest.co.il.key SSLCACertificateFile certs/gd_bundle.crt ErrorLog logs/patentest.co.il_ssl_error_log CustomLog logs/patentest.co.il_ssl_log common SetEnvIf User-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown Alias /ptimg/ home/images/images/ ProxyPass /ipmaster ! ProxyPass /ptimg ! ProxyPass / ajp://localhost:8009/ /VirtualHost If anyone has seen this or has some ideas how to troubleshoot and isolate, I'd be most grateful. Regards, Yuval Perlov www.r-u-on.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Resource Mixup when using AJP proxy (strange one)
Setup: For one of our projects we are using httpd in front of tomcat. At the moment everything is routed via tomcat, static and dynamic content alike (except for one directory of images that resides outside the application). We are using AJP proxy. Symptoms: After running for a while (day or two depending how much traffic we have) the web pages render funny. It seems as if the wrong resources are being sent - when I go over the DOM I see that objects that have the right URL for background images etc. are dealt the wrong pictures. It seems as though the connection is not thread safe (this is just how it seems - I don't know if it is the actual problem). This happens only on the https channel and does not affect the :80 virtual host! Versions (latest versions): Redhat Fedora 10 Server version: Apache/2.2.10 (Unix) Tomcat: 6.0.16 Config file: VirtualHost 216.139.214.167:443 ServerAdmin sea...@patentest.co.il DocumentRoot /home/apache/ www/html/patentest.co.il ServerName www.patentest.co.il SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW: +SSLv2:+EXP:+eNULL SSLCertificateFile certs/www.patentest.co.il.crt SSLCertificateKeyFile certs/www.patentest.co.il.key SSLCACertificateFile certs/gd_bundle.crt ErrorLog logs/patentest.co.il_ssl_error_log CustomLog logs/patentest.co.il_ssl_log common SetEnvIf User-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown Alias /ptimg/ home/images/images/ ProxyPass /ipmaster ! ProxyPass /ptimg ! ProxyPass / ajp://localhost:8009/ /VirtualHost If anyone has seen this or has some ideas how to troubleshoot and isolate, I'd be most grateful. Regards, Yuval Perlov www.r-u-on.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
/* AJP with one exceptions
I am trying to configure httpd-tomcat ajp bridge that will catch all requests except for one directory to be served from httpd. Ideally I'd like to map /* to the AJP except for one /staticcontent directory to be served from apache. Has anyone done this? Thanks, Yuval Perlov www.r-u-on.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: /* AJP with one exceptions
I tried this - thought I was missing something so I asked. For some reason this does not work on mac. On Dec 22, 2008, at 3:37 PM, Rainer Jung wrote: On 22.12.2008 13:27, Yuval Perlov wrote: I am trying to configure httpd-tomcat ajp bridge that will catch all requests except for one directory to be served from httpd. Ideally I'd like to map /* to the AJP except for one /staticcontent directory to be served from apache. Has anyone done this? When using mod_jk: JkUnMount /staticcontent/* * - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: /* AJP with one exceptions
That did the trick. Thanks a bunch! Yuval On Dec 22, 2008, at 4:51 PM, Rainer Jung wrote: On 22.12.2008 15:41, Yuval Perlov wrote: I tried this - thought I was missing something so I asked. For some reason this does not work on mac. If you use an older version of mod_jk than 1.2.27, you need to use the syntax JkUnMount /staticcontent/* MYWORKER instead, and MYWORKER is the name of the worker you want to unmount. The use of '*' to match all workers was only introduced recently. Also there is no more general pattern allowed in this place, only exactly '*' or a worker name. Make sure you put your JkMount and your JkUnMount in the same place. Version 1.2.27 allows nicely to check the resulting mounting in the status worker. If it still does not work, post versions and config. Regards, Rainer On Dec 22, 2008, at 3:37 PM, Rainer Jung wrote: On 22.12.2008 13:27, Yuval Perlov wrote: I am trying to configure httpd-tomcat ajp bridge that will catch all requests except for one directory to be served from httpd. Ideally I'd like to map /* to the AJP except for one /staticcontent directory to be served from apache. Has anyone done this? When using mod_jk: JkUnMount /staticcontent/* * - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: File system resource for static content
The problem with this approach is that when you upgrade the war file the files will be deleted. I believe It is better to save the files outside the web app and deliver them either with a symbolic link from within your war file or using a reader servlet. Yuval Perlov www.r-u-on.com On Dec 14, 2008, at 7:17 PM, Steve Ochani wrote: Send reply to: Tomcat Users List users@tomcat.apache.org Date sent: Sun, 14 Dec 2008 12:56:17 +0100 From: Robert Drescher robert.dresc...@gmail.com To: users@tomcat.apache.org Subject:File system resource for static content Hello users, I'm trying to find the best practice way for implementing the following: I want a servlet to perform file uploads and to store the files in the local filesystem. This part is not that hard to do as i'm currently writing into the javax.servlet.context.tempdir. The problem is that i need to store the files in a directory, that will be accessible from the web. My tutor at university gave me the hint that this is best done with a resource which points to a local directory and that's mapped to the webapp. So I imagine that http://localhost:8080/WebTest/Upload is my servlet mapping and that http://localhost:8080/WebTest/files/ points to this resource. I do something very similar using apache commons upload project. I have a separate files directory in my webapp directory and I use the following code to initialize a path to save my uploaded files: ServletContext sc = getServletContext(); String path = sc.getRealPath(/files); I can then access a file in the that files directory via http://server:8080/appname/files/filename -Steve O. But all my research in the documentation did not bring any success. I know that i can specify resources in the context.xml, but not how I specify the path on the local system or how to do the mapping... If anyone already did this and can provide me with configuration examples, I'd very much appreciate it. I am using Tomcat 5.5 on Linux (not the pre-packaged), the application is deployed as war, my context.xml is located in META-INF ?xml version=1.0 encoding=UTF-8? Context privileged=true antiResourceLocking=false antiJARLocking=false path=WebTest / - My web.xml is the following: - ?xml version=1.0 encoding=UTF-8? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; descriptionTest Internetapplikationen/description servlet descriptionController Servlet/description display-nameController Servlet/display-name servlet-nameController/servlet-name servlet-classorg.agility.webtest.control.Controller/servlet-cla ss /servlet servlet-mapping servlet-nameController/servlet-name url-pattern/Controller/url-pattern /servlet-mapping welcome-file-list welcome-fileLogin.jsp/welcome-file /welcome-file-list /web-app -- Thank you very much for your help Robert - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: File system resource for static content
The image would work because it is a separate hit (not embedded). For general info, if you did want to embed you would use jsp:include You can also have the servlet map to something like /files/* and parse the path to find out which file is being requested - this makes the file url feel more native than /reader?file=fff One more thing, since you are serving the file and not the web container, you need to handle the Content-Type tag on your own. I am not aware of anyway to access tomcat's internal table but creating something of your own should not be a big issue (see this table http://www.iangraham.org/books/html4ed/appb/mimetype.html) . For an exercise this isn't a must but some browsers will take issue with the server not reporting content-type correctly. Yuval Perlov www.r-u-on.com On Dec 14, 2008, at 9:29 PM, Robert Drescher wrote: Exactly. Since we are supposed to write an application that's running without extracting the war, Steves approach was my first try, but it's not working that way :( Also, symlinks are a good way in posix systems, but then the app is not platform independent anymore. The approach of a reader servlet sounds good, but how can I implement this to include the files into a jsp then? In other words, if /App/Reader is my reader servlet, can I include an image into jsp with img src=/App/Reader?file=image.jpg /? 2008/12/14 Yuval Perlov yu...@r-u-on.com The problem with this approach is that when you upgrade the war file the files will be deleted. I believe It is better to save the files outside the web app and deliver them either with a symbolic link from within your war file or using a reader servlet. Yuval Perlov www.r-u-on.com On Dec 14, 2008, at 7:17 PM, Steve Ochani wrote: Send reply to: Tomcat Users List users@tomcat.apache.org Date sent: Sun, 14 Dec 2008 12:56:17 +0100 From: Robert Drescher robert.dresc...@gmail.com To: users@tomcat.apache.org Subject:File system resource for static content Hello users, I'm trying to find the best practice way for implementing the following: I want a servlet to perform file uploads and to store the files in the local filesystem. This part is not that hard to do as i'm currently writing into the javax.servlet.context.tempdir. The problem is that i need to store the files in a directory, that will be accessible from the web. My tutor at university gave me the hint that this is best done with a resource which points to a local directory and that's mapped to the webapp. So I imagine that http://localhost:8080/WebTest/Upload is my servlet mapping and that http://localhost:8080/WebTest/files/ points to this resource. I do something very similar using apache commons upload project. I have a separate files directory in my webapp directory and I use the following code to initialize a path to save my uploaded files: ServletContext sc = getServletContext(); String path = sc.getRealPath(/files); I can then access a file in the that files directory via http://server:8080/appname/files/filename -Steve O. But all my research in the documentation did not bring any success. I know that i can specify resources in the context.xml, but not how I specify the path on the local system or how to do the mapping... If anyone already did this and can provide me with configuration examples, I'd very much appreciate it. I am using Tomcat 5.5 on Linux (not the pre-packaged), the application is deployed as war, my context.xml is located in META-INF ?xml version=1.0 encoding=UTF-8? Context privileged=true antiResourceLocking=false antiJARLocking=false path=WebTest / - My web.xml is the following: - ?xml version=1.0 encoding=UTF-8? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; descriptionTest Internetapplikationen/description servlet descriptionController Servlet/description display-nameController Servlet/display-name servlet-nameController/servlet-name servlet-classorg.agility.webtest.control.Controller/servlet-cla ss /servlet servlet-mapping servlet-nameController/servlet-name url-pattern/Controller/url-pattern /servlet-mapping welcome-file-list welcome-fileLogin.jsp/welcome-file /welcome-file-list /web-app -- Thank you very much for your help Robert - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: address bar shows ip instead of domain name
Where ever you forward, that's what the address bar shows On Jul 28, 2008, at 7:45 PM, nilanthan wrote: Hi, I have a website hosted on netfirms. I have a domain,exmaple, mydomain.com and it forwards to an address http:/xx.xx.xxx.xx:8080/folder1/ welcome.action where xx is the ip of the server. Im runningTomcat 5.5 alone without apache. The problem is that when a users goes to www.mydomain.com, it takes them to the site but in the address bar it shows http:/xx.xx.xxx.xx:8080/folder1/welcome.action instead of mydomain.com. Is this an issue with DNS or something in Tomcat? I will have multiple sites running in the future so I cannot place the site folder in the ROOT directory. Thanks. -- View this message in context: http://www.nabble.com/address-bar-shows-ip-instead-of-domain-name-tp18694567p18694567.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat suddenly dies without a whisper
Did you check the Java heap? What is the max heap defined. It would be good to add gc logging. Yuval Perlov www.r-u-on.com On May 16, 2008, at 6:38 AM, [EMAIL PROTECTED] wrote: Hi, We are running Tomcat 5.5 on a powerful VM Server. MS Sql Server is also on the VM. It is fronted by an apache web server on another box. When under load (heavy but not excessive) we suddenly find tomcat dies, without any error messages we can find. Memory looks good. We are a little perplexed as to where to look next. Any ideas? cheers, David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: InvalidClassException between Tomcat and Eclipse
It is also affected by the compiler version. It is most advisable to add serialVersionUID Yuval Perlov www.r-u-on.com On May 17, 2008, at 7:16 AM, Dola Woolfe wrote: Hi, I get java.io.InvalidClassException when I send a serialized class from an application launched by Eclipse to a JSP page, compiled by the server. I thought that serialVersionUID was strictly a function of members, signatures, etc - but that doesn't appear to be the case. A workaround is to define serialVersionUID explicitly, but I would like to understand what's going on. Many thanks in advance! Dola - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to display UK Pound Sign
Probably the encoding has changed On May 12, 2008, at 5:15 PM, Stephen Nelson-Smith wrote: I've just upgraded from 4.1.37 to 6.0.16. My app works, but where my code usually displays a British Pound sign, I get an odd char - a ? in a diamond on Linux, an empty box on Windows. Here's the html that the app produces, shown in hexl-mode in emacs: 5860: 223e 4361 7368 2050 7269 6365 20a3 0a3c Cash Price .. a3 is correct for £, 0a is a return char, I believe? Nothing else has changed on the machine. I did the same upgrade on a different machine and got exactly the same behaviour. Any pointers? S. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to display UK Pound Sign
Use the pound; to side step the issue. diff the old and the new page to see what changed (something must have, right?) On May 12, 2008, at 5:33 PM, Stephen Nelson-Smith wrote: Hello, On Mon, May 12, 2008 at 3:30 PM, Yuval Perlov [EMAIL PROTECTED] wrote: Probably the encoding has changed Which encoding? I don't believe the source code has changed. How would I test and/or change this? Where? S. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat problem on a multiple CPU system
Perhaps you have some contention between the threads or intensive IO. Can you elaborate a little about the servlet job? Time it takes, kind of processing it does, etc. Yuval Perlov R-U-ON On May 4, 2008, at 11:21 PM, Gilbert, Antoine wrote: Hi I have a 2x quad core (8 cpu units) server. If I start a java program and this one is launching (at the same time) 8 thread doing some CPU intensive jobs, all the CPU are used at 100%, and that's what I'm expecting.. But, if I am using tomcat, and I call a servlet 8 times to process these 8 jobs, it take longer to execute these same 8 jobs and all the CPU are not used at 100%, it's more like 30%... Any idea about this problem or behavior ? I'm using Tomcat 5.5.17, windows, JDK 1.6 Antoine - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how do I dynamically include files
% getServletContext().getRequestDispatcher(fileName).include(req,resp); % On May 1, 2008, at 10:35 PM, Jonathan Mast wrote: I know this not exactly a Tomcat issue, but thought someone could help. Here is what I'm trying to do: Dynamically include a file where the file name is dynamic. Neither of the following lines of code work: jsp:include page=directory/%=fileName% flush=true/ %@ include file=directory/%=fileName% % The %=fileName% is not getting evaluated like one would think it should, it is just being rendered as a literal. Any way around this? Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: httpd SSL - Tomcat VS. Tomcat SSL standalone?
I believe (intuition, haven't checked) it is the latency the TCP adds to the setup which messes up with the threads scheduler (i'll ellaborate...) When you are in Tomcat only, between the http header coming in (IO) and you sending a response (again IO) you can usually get away with a single time slice. It is a simple system with IO queueing up and very little room for randomness (used in a loose way but you get my meaning). Once the request is divided into two separate workers with IO between them, there are two things coming into play: 1) You are not taking full advantage of the timeslice so there is more context switching (twice the threads doing the same work is another way to look at it). 2) There is more room for randomness in the system. In fact what we observed in the short time we let it run is that there were times it worked and then bursts of high CPU usage with very little happening. Important to note: most of our requests are handled from memory (no IO in the servlet). I believe this is a big part of it. What seemed to help (but not enough in our case) was to reduce the overall number of threads in the system and configure httpd to have less threads than tomcat (strange, I know). I speculate this reduced context switching and reduced the connection load between them. However, throughput was still erratic at times with bursts of very rapid processing followed by periods of indigestion (was not a GC problem). Hope this helps... Yuval Perlov R-U-ON PS It is windows. On Apr 30, 2008, at 4:37 PM, Larry Prikockis wrote: Yuval Perlov wrote: Out tomcat servers are handling around 30K SSL hits every 5 minutes with very little effort (10% cpu average on a dual core machine, good response time). We tried to put in httpd in front thinking we can squeeze out better performance and memory consumption. The system just couldn't handle the load and we had to roll back (quickly) to a tomcat only configuration. hmmm... that sounds suspiciously similar to what we had happening. I just can't see why Apache Httpd wouldn't be able to handle SSL connections at least as well as Tomcat, so there's clearly something else going on here. Is your system on Windows, Linux, something else? And what versions of Tomcat/Apache were you using? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how do I dynamically include files
Actually, I just checked some of our code and this: jsp:include page=%=(String)request.getAttribute(main)%/ jsp:include works... I think the problem is that you are do mix a string and a runtime expression in a tag. These are not html tags - the variables are passed to a function - it's all or nothing. Try: % String path = directory/+fileName; % jsp:include page=%=path% flush=true/ On May 1, 2008, at 11:10 PM, Hassan Schroeder wrote: On Thu, May 1, 2008 at 12:35 PM, Jonathan Mast [EMAIL PROTECTED] wrote: Dynamically include a file where the file name is dynamic. Neither of the following lines of code work: jsp:include page=directory/%=fileName% flush=true/ with JSTL:jsp:include page=${fileName} / (assuming that fileName is in a JSTL scope, of course) HTH --- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: httpd SSL - Tomcat VS. Tomcat SSL standalone?
Out tomcat servers are handling around 30K SSL hits every 5 minutes with very little effort (10% cpu average on a dual core machine, good response time). We tried to put in httpd in front thinking we can squeeze out better performance and memory consumption. The system just couldn't handle the load and we had to roll back (quickly) to a tomcat only configuration. Hope this helps... Yuval Perlov www.r-u-on.com On Apr 28, 2008, at 6:27 PM, Larry Prikockis wrote: I know the latest edition of the O'Reilly Tomcat book by Brittain and Darwin strongly advocates the use of standalone Tomcat as opposed to the traditional httpd-Tomcat approach, but this seems to be somewhat of a paradigm shift for most people. I'm interested in hearing what the wider community thinks... Specifically, we have a webapp on a Windows 2003 server that utilizes Apache 2.2 SSL as a frontend and mod_proxy_ajp to send requests to Tomcat 5.5.17 (on the same server). By eliminating the Apache frontend and just using a Tomcat SSL connector directly, we saw performance increases that absolutely dwarfed (400+%) everything else we were achieving by tuning various connection parameters of Apache httpd and Tomcat. While I would expect hitting Tomcat directly would be a little faster than going through the Apache proxy setup, we didn't expect such dramatic differences. In fact, when comparing Apache w/o SSL - Tomcat, the performance was only a little worse than hitting Tomcat HTTP directly. My questions: 1) Any thoughts on why the Apache SSL - Tomcat combination should be so much slower? 2) Are there any security downsides to using Tomcat SSL directly as opposed to fronting it with Apache httpd? 3) anyone else have any similar (or contradictory?) experiences? thanks- Larry Prikockis -- Larry Prikockis System Administrator [EMAIL PROTECTED] Phone: (240)737-2900 Vecna Technologies, Inc. 5004 Lehigh Rd College Park, MD 20740-3821 Phone: (301) 864-7253 Fax: (301) 699-3180 240-737-1699 (office) www.vecna.com Better Technology, Better World (TM) The contents of this message may be privileged and confidential. Therefore, if this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getInputStream problem
I am not sure this will encourage you but I've got the same setup and it works. Is that the whole jsp and nothing but? is there any servlet that does something before it? To isolate, you might want to use curl or some other tool to issue the post command. Yuval Perlov www.r-u-on.com On Mar 16, 2008, at 5:25 PM, Ofer Kalisky wrote: No answer yet, so I thought I'd send you this link: http://archives.java.sun.com/cgi-bin/wa?A2=ind0106L=jsp- interestF=S=P=49196 which talks about doing something of the sort, but notice, I am _not_ calling getParameter before the getInputStream, so why am I still not getting anything from it? - Original Message - From: Ofer Kalisky To: Tomcat Users List Sent: Sunday, March 16, 2008 11:53 AM Subject: getInputStream problem I have a JSP that looks like this: % byte[] bytes = new byte[100]; int n = request.getInputStream().read(bytes); System.out.println(Bytes len: + n); % and a python script that looks like this: import httplib h1 = httplib.HTTPConnection('localhost', 8080) h1.putrequest('POST', '/SendM9/test.jsp') h1.putheader('Content-Type','application/x-www-form-urlencoded') h1.putheader('Content-Length','4') h1.endheaders() h1.send('koko') h1.getresponse() however, I get Bytes len: -1. Looking inside the variables I see that the parameters were parsed (paremetersParsed = true). Why does the servlet take my input stream and doesn't let me parse myself the content? __ Information from ESET NOD32 Antivirus, version of virus signature database 2949 (20080315) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: sym link to serve documents within web application.
You should probably create a servlet that serves external files... Yuval Perlov www.r-u-on.com On Mar 7, 2008, at 4:32 PM, Maffitt, David wrote: I agree that that is the most likely response and that there are good reasons why links are a bad idea. To counter that though, if that were strictly true, the allowLinking attribute should not be provided. Given that links are allowed, the principle of least astonishment dictates that tomcat should treat soft links like the OS does and just delete the link. Perhaps another attribute like 'deleteLinksRecursively' is needed. -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2008 06:48 AM To: Tomcat Users List Subject: Re: sym link to serve documents within web application. Christopher Schultz wrote: David, Maffitt, David wrote: | We have a different problem with this. Tomcat will follow the link | and delete the contents of the linked-to directory when the app is | redeployed. We have to be sure that the link is deleted before | redeploying. Not a problem if one always deploys from a script but a | potential disaster if someone just drops the new war in webapps. | This is not the behavior we were expecting. Is this a bug or a | feature? :- I would file it as a bug, though you're likely to get a response like if it's not part of the webapp, what is it doing in there and your webapp should be completely self-contained, etc. Yep, that is exactly the response you'll get ;) Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The materials in this message are private and may contain Protected Healthcare Information. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: sessionID moves to other PC
This is what I use to make sure dynamic data is not cached: resp.setHeader(Expires, Sat, 6 May 1995 12:00:00 GMT); resp.setHeader(Cache-Control, no-store, no-cache, must- revalidate); resp.addHeader(Cache-Control, post-check=0, pre-check=0); resp.setHeader(Pragma, no-cache); On Feb 28, 2008, at 11:25 AM, Sascha Monteiro wrote: Hi, When I see this behaviour I don't see the output on the server (thanks Yuval) It is just suddenly on my browser.. Maybe it's my wireless Cable Modem...maybe caching or so... I'll do some more debugging in the weekend.. ta - Original Message - From: Christopher Schultz [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, February 27, 2008 3:44 AM Subject: Re: sessionID moves to other PC -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sascha, Sascha Monteiro wrote: | I now put % out.println(session.getId()); % in the page.. | I see my sessionID, but then navigate to another page and then see the | sessionID of the other user! | then I press reload in my browser, and I get my own session again, till | I navigate again... This sounds suspiciously like you are storing either the session object or the request object somewhere you should not be (such as in a member of one of your servlets or JSPs or something). Can you post a little bit of code from the servlet that ends up with the wrong session? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfEJdkACgkQ9CaO5/Lv0PAUgACgnBBJmJ1Mn4kbNKy0GlIEzmVA WEwAn1RHgNfHmkDpJ/uMwx40elrkxTWX =QCiV -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: sessionID moves to other PC
Maybe the browser is getting an old page from the cache? Clear the browser cache and see if its better. Also, use a System.out.println() and make sure what you are seeing on the browser is what really happens on the server. Yuval Perlov www.r-u-on.com On Feb 26, 2008, at 10:22 AM, Sascha Monteiro wrote: Thanks, I now put % out.println(session.getId()); % in the page.. I see my sessionID, but then navigate to another page and then see the sessionID of the other user! then I press reload in my browser, and I get my own session again, till I navigate again... I am not sure if the session is related to the visible ip-address..?? I do come from a shared internet connection through a router on a cable connection. I cannot imagine I am mixing variables, I only use session.getAttribute session.setAttribute and base my query (to mysql) on the tablename in the session and the sessionID should be unique to the user...and I don't refer to a sessionID anywhere.. ta Sascha - Original Message - From: Yuval Perlov [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, February 26, 2008 7:51 PM Subject: Re: sessionID moves to other PC Make sure cookies are enabled. If they are: There are two options (1) that it is indeed the same session and that there is a huge Tomcat bug (2) that these are two separate sessions but that you are somehow mixing the data - local bug. To determine which is it, you could do a toString() on the session and print it to the page. If the strings differ, tomcat is doing fine and you should check where you mix the variables. Yuval Perlov http://www.r-u-on.com/ On Feb 26, 2008, at 5:58 AM, Sascha Monteiro wrote: Hi, I am struggeling with securing my pages where private data needs to be read from a table. I am using JSP in Tomcat5.5.23 btw. (which is hosted at eatj.com) If I login on my page with 2 different userID's, from 2 different computers (but sharing a Internet connection..!!!) I will suddenly see data from the other userID, which is pretty sensitive (financial information) When a user logs in, I am setting the userID and the table to use with session.setAttribute(usernamers.getString(1)); session.setAttribute(tablenamers.getString(3)); then when I need to query the database, I use session.getAttribute(tablename); I have put %=session.getId()% in the head, and I see the ID appearing, but suddenly changes when navigating between pages... :-( I hope this makes sense and that someone can help me... I only found an old bug re duplicateID's, but that was in 2005... cheers Sascha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: sessionID moves to other PC
Make sure cookies are enabled. If they are: There are two options (1) that it is indeed the same session and that there is a huge Tomcat bug (2) that these are two separate sessions but that you are somehow mixing the data - local bug. To determine which is it, you could do a toString() on the session and print it to the page. If the strings differ, tomcat is doing fine and you should check where you mix the variables. Yuval Perlov http://www.r-u-on.com/ On Feb 26, 2008, at 5:58 AM, Sascha Monteiro wrote: Hi, I am struggeling with securing my pages where private data needs to be read from a table. I am using JSP in Tomcat5.5.23 btw. (which is hosted at eatj.com) If I login on my page with 2 different userID's, from 2 different computers (but sharing a Internet connection..!!!) I will suddenly see data from the other userID, which is pretty sensitive (financial information) When a user logs in, I am setting the userID and the table to use with session.setAttribute(usernamers.getString(1)); session.setAttribute(tablenamers.getString(3)); then when I need to query the database, I use session.getAttribute(tablename); I have put %=session.getId()% in the head, and I see the ID appearing, but suddenly changes when navigating between pages... :-( I hope this makes sense and that someone can help me... I only found an old bug re duplicateID's, but that was in 2005... cheers Sascha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ssl.SessionId Cache keeps growing
This is a tricky one so bare with me... We are using Tomcat 5.5 on windows running Java SSL. There are MANY concurrent clients using SSL. After investigating what seemed to be a memory leak and taking a memory dump we realized that the memory is not leaking but rather growing with a SoftReference cache (it took some courage to wait and see that the memory stops growing about 100mb from the end). jhat tells us our top instances are: 635474 instances of class [B 635260 instances of SoftReference 633929 instances of CacheEntry 617521 instances of com.sun.net.ssl.internal.ssl.sessionId This block takes about 850MB! It gets there after a few days. (do not confuse with an HttpSession problem - the sessions are invalidated immediately but do not affect the ssl.sessionid cache). While it doesn't create an OutOfMemoryException (since its a SoftReference structure) it seriously affects gc performance. I'd be really interested to know if: 1. Any one has ever met this problem? 2. Is there anyway to access the ssl.SessionId object and invalidate it during the HttpServletRequest life cycle? 3. Anyway to limit or even disable SSL SessionId for a particular connector (or, as a last resort to all connectors). 4. Does anyone know of a mechanism to flush all SoftReference or limit their number? 5. Can you think of any other way to tackle this? 6. What were the guys in Sun thinking??? Thanks! Yuval Perlov - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ssl.SessionId Cache keeps growing
Well, this is not session problems I am having but SSL Sessions - you can't have a secure connection without using one of those. On a side note, I'd like to argue that if you have users logging in, you can't help having some kind of object on the server side telling you which user is actually sending the request. Yuval Perlov www.r-u-on.com On Jan 22, 2008, at 3:42 AM, Jonadan wrote: IMHO, there isn't much you can do about once you use sessions. The problem with session is that there is no natural way telling that session is ended and can be discarded! So system may have to keep session objects for long. For this reason, I always avoid to use sessions. If this is a major problem for you, alternative techniques might be worth trying! Regards. -- View this message in context: http://www.nabble.com/ssl.SessionId- Cache-keeps-growing-tp14999824p15010907.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ssl.SessionId Cache keeps growing
On Jan 21, 2008, at 11:50 PM, Caldarale, Charles R wrote: From: Yuval Perlov [mailto:[EMAIL PROTECTED] Subject: ssl.SessionId Cache keeps growing 1. Any one has ever met this problem? I haven't, but it's definitely an interesting one. 2. Is there anyway to access the ssl.SessionId object and invalidate it during the HttpServletRequest life cycle? Couldn't find any such mechanism in the Tomcat code, but I didn't do an exhaustive search. 3. Anyway to limit or even disable SSL SessionId for a particular connector (or, as a last resort to all connectors). There is such a mechanism in JSSE, but Tomcat doesn't appear to use it. The class (interface) of interest is javax.net.ssl.SSLSessionContext, and the relevant methods are setSessionCacheSize() and setSessionTimeout(). Tomcat does not seem to have any references to SSLSessionContext, although the pertinent object could be retrieved via the getServerSessionContext() of javax.net.ssl.SSLContext, which Tomcat does use. (But don't confuse this SSLContext with the two others from different packages.) Been all over those objects thinking I can set a system wide default. Couldn't :-) 4. Does anyone know of a mechanism to flush all SoftReference or limit their number? Try an allocation of a gigantic array to force SoftReferences to be discarded, then clear the reference to the array, and force another GC. Ugly, and it probably has really nasty side effects. This is creative but extremely dangerous since I don't know how much real free memory I have. I will combine this approach with SoftReference - i.e. will create many smaller arrays and SoftReference them. I think the SoftReference cache is LRU so once my first array disappears I know I have full control of the cache. Ugly but might just have one less side effect. Thanks! 5. Can you think of any other way to tackle this? Submit an enhancement request, preferably with a patch for new attributes on the Contector elements to control the behavior. How do I do that? 6. What were the guys in Sun thinking??? Looks like Sun provided the necessary hooks, but the defaults (infinite) are a mite questionable. I was hoping for a system property or two that might be used to specify the values, but couldn't find any (which doesn't necessarily mean they're not there). I have a feeling they are keeping the SoftReferences even after their default time has elapsed just by looking at the numbers in cache and estimating the size of my client population. Also by the fact that it takes several days for the cache to build up. It seems to me like someone in sun thought there is no downside to keeping all this junk in memory if it is soft. Yuval Perlov www.r-u-on.com - Chuck - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]