from:"calder"

Re: Question for verification

2021-08-06 Thread calder

On Fri, Aug 6, 2021, 09:31  wrote:

> Verifying an assumption.
>
> All modern versions of Tomcat (8.5 and above) are compatible with Java 11.
>

GIYF

https://tomcat.apache.org/whichversion.html

Re: TLSv1.3 Support in Tomcat

2021-06-28 Thread calder

On Mon, Jun 28, 2021, 06:17 S Abirami 
wrote:

> Hi All,
>
> TLSv1.3 support is available in Tomcat.
>
> I tried just updating server.xml[sslEnabledProtocols=TLSv1.3] and
> restarted tomcat. It doesn't work.
>
> Please let me know any other configuration also needs to be changed.
>

You did not mention the version of Tomcat and Java you are using.

Re: Most recent security-related update to 8.5? And setting up access to Manager?

2021-06-19 Thread calder

On Sat, Jun 19, 2021, 10:31 James H. H. Lampert
 wrote:

> We are finally migrating customer installations from 7 to 8.5.
>
> Would anybody happen to know, off the top of his or her head, what the
> most recent security-related update to 8.5 is?
>
> I know that 68 is the most recent release, but what's the most recent
> one that addresses a significant security issue?
>

https://tomcat.apache.org/security-8.html

https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.68_(schultz)

Also, while I'm here, can somebody point me to an example of how to code
> the Manager's RemoteAddrValve setting
>

Always best to create a (separate) dedicated thread for an unrelated topic.

Re: Strange connection error

2021-06-10 Thread calder

On Thu, Jun 10, 2021, 15:11 Mark A. Claassen  wrote:


> Anyway, I will do some research on the debugging technique mentioned
> earlier.
>


https://support.f5.com/csp/article/K50557518

>

Re: Unable to start Tomcat 10.0.4

2021-03-16 Thread calder

On Tue, Mar 16, 2021, 11:46 Robert Turner  wrote:

> I suggest you have a read here:
> https://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support
> The documentation covers the details you need to correctly configure Tomcat
> and SSL and links to a related page about SSL configuration.
>
> Notice the line:
> Each secure connector must define at least one *SSLHostConfig*. The names
> of the *SSLHostConfig* elements must be unique and one of them must match
> the defaultSSLHostConfigName attribute of the *Connector*.
>
>
>
>
> On Tue, Mar 16, 2021 at 12:42 PM  wrote:
>
> > > If you look at the stack trace, it tells you what the problem is:
> >
> > >  Caused by: java.lang.IllegalArgumentException: No SSLHostConfig
> > > element was found with the hostName [_default_] to match the
> > > defaultSSLHostConfigName for the connector [https-openssl-nio-8443]
> >
> > > So it no longer looks like you are hitting a port in use issue.
> > Please suggest what configuration need to do. To remove this error. It
> >
>


Wild guess... malformed XML file

Re: File size truncated at 1.4GB during download from Tomcat WebApp

2020-10-04 Thread calder

On Sun, Oct 4, 2020, 16:12 Mauro Tridici  wrote:

>
>
> > On 3 Oct 2020, at 19:32, calder  wrote:
> >
> > On Sat, Oct 3, 2020, 11:43 Mauro Tridici  wrote:
> >
> >>
> >>> On 3 Oct 2020, at 17:03, calder  wrote:
> >>>
> >>> On Sat, Oct 3, 2020, 09:58 calder  wrote:
> >>>
> >>>> On Sat, Oct 3, 2020, 09:01 Mauro Tridici 
> wrote:
> >>>>
> >>>>>
> >>>>>
> >>>>> On 3 Oct 2020, at 15:14, Christopher Schultz <
> >>>>> ch...@christopherschultz.net> wrote:
> >>>>>
> >>>>> Mauro,
> >>>>>
> >>>>> On 10/3/20 08:47, Mauro Tridici wrote
> >>>>>
> >>>>> I’m struggling with the problem mentioned in this mail subject.
> >>>>> When I try to download a 5GB sized file using two different
> >>>>>
> >>>>>
> >>>> < snip >
> >>>>
> >>>> In your opinion, if the problem is related to the 32-bit overflow, is
> >>>>> there something that I can do in order to solve this issue.
> >>>>> Since I can’t modify any change to these two applications, I would
> like
> >>>>> to know if I can do something on the other sides.
> >>>>>
> >>>>
> >>>>
> >>>> This issue was reported to the IRODs team, they confirmed it, and
> >> pushed a
> >>>> fix.  You should check your version.
> >>>>
> >>>> The issue, which is now closed.
> >>>>
> >>>> https://github.com/irods-contrib/irods-rest/issues/66
> >>>>
> >>>
> >>> I also see your involvement in this issue,  which was marked as a Dup.
> >>>
> >>> https://github.com/irods-contrib/metalnx-web/issues/130
> >>>
> >>> ... and updated here
> >>> https://github.com/irods-contrib/metalnx-web/issues/143
> >>
> >>
> >> Hi Calder,
> >>
> >> thank you for your help and suggestions.
> >> Unfortunately, I’m still experiencing the same problem despite I’m using
> >> the last available version.
> >>
> >> Since I used also a different web application (not MetalNX) and I
> noticed
> >> the same problem, I was thinking that there is something to be changed
> in
> >> tomcat configuration.
> >> I will try to start again from scentsratch.
> >>
> >
> > Just to be sure ... did you check again to be sure you have the patch
> > installed?   I ask because two people who had the problem reported back
> > that the patch fixed the issue for them.
> >
> > Reading the comments, they did find where an "int" was being used for
> > "contentLength"  in the code.
> >
> >>
>
>
>
> Yes, Calder, I checked it.
> I also changed installation mode: I deployed MetalNX using docker-compose
> (as indicate in the updated official page)
> So, I think that also during installation latest version of MetalNX is
> used.
>
> Now, my question is: why using two different web applications I obtained
> the same behaviour?
> Is there something to be changed in tomcat configuration? Another user, on
> this forum, mentioned a “32bit problem”.
> My virtual machine has a 64bit OS. I need to change it? Sorry for this
> stupid question...
>


The "bit-ness" of the operating system doesn't influence the size (range)
of Java integers ... also, an "int" is the same size in a 32bit JVM and
64bit JVM.

You mention you have two different Java applications running on Tomcat ...
do they both use IRODS?

Or does one application use IRODS and the other application use some other
library?

Re: File size truncated at 1.4GB during download from Tomcat WebApp

2020-10-03 Thread calder

On Sat, Oct 3, 2020, 11:43 Mauro Tridici  wrote:

>
> > On 3 Oct 2020, at 17:03, calder  wrote:
> >
> > On Sat, Oct 3, 2020, 09:58 calder  wrote:
> >
> >> On Sat, Oct 3, 2020, 09:01 Mauro Tridici  wrote:
> >>
> >>>
> >>>
> >>> On 3 Oct 2020, at 15:14, Christopher Schultz <
> >>> ch...@christopherschultz.net> wrote:
> >>>
> >>> Mauro,
> >>>
> >>> On 10/3/20 08:47, Mauro Tridici wrote
> >>>
> >>> I’m struggling with the problem mentioned in this mail subject.
> >>> When I try to download a 5GB sized file using two different
> >>>
> >>>
> >> < snip >
> >>
> >> In your opinion, if the problem is related to the 32-bit overflow, is
> >>> there something that I can do in order to solve this issue.
> >>> Since I can’t modify any change to these two applications, I would like
> >>> to know if I can do something on the other sides.
> >>>
> >>
> >>
> >> This issue was reported to the IRODs team, they confirmed it, and
> pushed a
> >> fix.  You should check your version.
> >>
> >> The issue, which is now closed.
> >>
> >> https://github.com/irods-contrib/irods-rest/issues/66
> >>
> >
> > I also see your involvement in this issue,  which was marked as a Dup.
> >
> > https://github.com/irods-contrib/metalnx-web/issues/130
> >
> > ... and updated here
> > https://github.com/irods-contrib/metalnx-web/issues/143
>
>
> Hi Calder,
>
> thank you for your help and suggestions.
> Unfortunately, I’m still experiencing the same problem despite I’m using
> the last available version.
>
> Since I used also a different web application (not MetalNX) and I noticed
> the same problem, I was thinking that there is something to be changed in
> tomcat configuration.
> I will try to start again from scentsratch.
>

Just to be sure ... did you check again to be sure you have the patch
installed?   I ask because two people who had the problem reported back
that the patch fixed the issue for them.

Reading the comments, they did find where an "int" was being used for
"contentLength"  in the code.

>

Re: File size truncated at 1.4GB during download from Tomcat WebApp

2020-10-03 Thread calder

On Sat, Oct 3, 2020, 09:58 calder  wrote:

> On Sat, Oct 3, 2020, 09:01 Mauro Tridici  wrote:
>
>>
>>
>> On 3 Oct 2020, at 15:14, Christopher Schultz <
>> ch...@christopherschultz.net> wrote:
>>
>> Mauro,
>>
>> On 10/3/20 08:47, Mauro Tridici wrote
>>
>> I’m struggling with the problem mentioned in this mail subject.
>> When I try to download a 5GB sized file using two different
>>
>>
>  < snip >
>
> In your opinion, if the problem is related to the 32-bit overflow, is
>> there something that I can do in order to solve this issue.
>> Since I can’t modify any change to these two applications, I would like
>> to know if I can do something on the other sides.
>>
>
>
> This issue was reported to the IRODs team, they confirmed it, and pushed a
> fix.  You should check your version.
>
> The issue, which is now closed.
>
> https://github.com/irods-contrib/irods-rest/issues/66
>

I also see your involvement in this issue,  which was marked as a Dup.

https://github.com/irods-contrib/metalnx-web/issues/130

... and updated here
https://github.com/irods-contrib/metalnx-web/issues/143

Re: File size truncated at 1.4GB during download from Tomcat WebApp

2020-10-03 Thread calder

On Sat, Oct 3, 2020, 09:01 Mauro Tridici  wrote:

>
>
> On 3 Oct 2020, at 15:14, Christopher Schultz 
> wrote:
>
> Mauro,
>
> On 10/3/20 08:47, Mauro Tridici wrote
>
> I’m struggling with the problem mentioned in this mail subject.
> When I try to download a 5GB sized file using two different
>
>
 < snip >

In your opinion, if the problem is related to the 32-bit overflow, is there
> something that I can do in order to solve this issue.
> Since I can’t modify any change to these two applications, I would like to
> know if I can do something on the other sides.
>


This issue was reported to the IRODs team, they confirmed it, and pushed a
fix.  You should check your version.

The issue, which is now closed.

https://github.com/irods-contrib/irods-rest/issues/66

Re: Track native memory of a Tomcat application

2020-09-11 Thread calder

On Fri, Sep 11, 2020, 12:07 Arshiya Shariff
 wrote:

> Hi All,
> We have a standalone tomcat web application(Version 9.0.22) which runs on
> Linux . The application is used to process only  a single http request.
> But the physical memory usage of the application has increased to 4GB
> (output from the "top" command of Linux) , of which the heap has only 16 MB
> of live data.
> Is there a way to track the native memory of a tomcat process ?
>


jvisualvm
jconsole
Java Mission Control

Re: Probelm with shutdown script

2020-08-27 Thread calder

On Thu, Aug 27, 2020, 16:16 Christopher Schultz <
ch...@christopherschultz.net> wrote:

[ snip ]

If you want to *kill* the application and it won't shut down on its
> own, SIGKILL is the answer. But that's not a great way to shut down an
> application /in general/ because the application might want/need to do
> something convenient on shutdown (flush caches, save state, etc.).

SIGTERM is the polite way to ask an application to shut down. A JVM will
respond to this signal. (SIGHUP will also initiate a shut down, but TERM is
preferred).  Using TERM will cause the shutdown hooks to initiate.

As Chris states, SIGKILL is a last resort (hooks are not called).

[ snip ]

Re: Tomcat 8.5.(x > 5) & SSL Connections (sun.security.provider.certpath.SunCertPathBuilderException)

2020-08-08 Thread calder

On Sat, Aug 8, 2020, 13:59 David Filip  wrote:

> Hello Everyone!
>
> I spent a large part of yesterday and this morning trying to debug an SSL
> problem on Tomcat 8.5.57 to no avail.  I've seen some discussion on either
> this problem or something related back in 2016, but wanted to confirm what
> the "correct" solution might be, because I got lost in the threads.
>
> I never had this problem with Tomcat 7.0.x, but it started once I upgraded
> to 8.5.57 (same application code), and it is related to making outgoing SSL
> connections to web services.  And this is NOT related to a self-signed, but
> to a commercial (GoDaddy) SSL certificate, albeit on a server that I also
> run in the cloud.
>
> The exception is being thrown when trying to connect to an SSL protected
> web service is:
>
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
> although the exact same code worked (and still works on other servers)
> reliably under Tomcat 7.0.x for several years.
>
> Now, here is the weird part: after Google'ing around, I thought the
> problem might be that Tomcat 8.5.5 and later -- at least this is the gist
> that I got -- no longer finds the 'default' Java certificate store
> (cacerts), so I added the following to /bin/catalina.sh (running on a Mac
> 10.14 / Mojave):
>
> export
> -Djavax.net.ssl.trustStore=/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/cacerts
>
> The weird part is that this appeared to fix the problem, so I thought I
> was done.  Then, I rebooted, and the problem re-appeared!
>
> I stopped and started Tomcat, and the problem was resolved again.  I
> rebooted again, and the problem re-appeared.
>



When you "stopped and started Tomcat", how did restart it?  At the command
line using one of the Tomcat shell scripts?

My thought is, "whatever" fires up Tomcat after an iOS system reboot - that
startup process does not call catalina.sh.

But when you start Tomcat manually, using catalina.sh or startup.sh (which
calls catalina.sh), it works because the Java option is being set.



Previously, when it worked, I refreshed the page several times, and it kept
> working.  When it doesn't work, if I keep refreshing the page, it continues
> to throw the exception.
>
> Does this mean that some "worker threads" can find the certificate store,
> and others can't?  Or am I going down the wrong rabbit hole?
>
> So, any idea?  The intermittent nature is driving me crazy!
>
> And I have can reproduce the problem on two separate servers (both Mac
> 10.14 / Mojave, both Java 1.8.0), one (new server) running 8.5.57 and one
> (slightly older server) running 8.5.35.  But again, I have several 7.0.x
> instances where I've never seen this problem before.
>
> Also, the generic 'SSLPoke' always connects to the service, and it appears
> that if I run (mostly) the same code from the command line outside of
> Tomcat (javac / java) it always works.  And if I paste the web service URL
> into Safari or Chrome, it always works.  And if I use the web service URL
> with curl (just for good measure), it always works.  So it only seems to
> fall under Tomcat 8.5.x.
>
> Thanks in advance for any guidance, as I'm running out of things to Google
> and try.
>

Re: Let's Encrypt cert worked fine in 8.5.57, but connector fails in 8.5.40

2020-08-05 Thread calder

On Wed, Aug 5, 2020, 18:46 James H. H. Lampert 
wrote:

> Ladies and Gentlemen:
>
> I've now proceeded to the "real" server, with the Tomcat portion of the
> procedure refined to give me plenty of "undo" capability. And it turns
> out I need it.
>
> It seems that with the unwanted update to 7.0.57 that happened on
> launching the test spot instances, the Let's Encrypt certs worked just
> fine.
>
> But applying the procedure to the *real* development instance (7.0.40)
> blew up in my face, failing to open the connectors. Here is an excerpt
> from catalina.out, showing the stacktraces.
>
> > 05-Aug-2020 23:00:52.038 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'bufferSize' to '1024' did not find a matching property.
> > 05-Aug-2020 23:00:52.085 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'bufferSize' to '1024' did not find a matching property.
> > 05-Aug-2020 23:00:52.189 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server version:
>   Apache Tomcat/8.5.40
> > 05-Aug-2020 23:00:52.189 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server built:
>   May 2 2019 18:02:51 UTC
> > 05-Aug-2020 23:00:52.194 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server number:
>  8.5.40.0
> > 05-Aug-2020 23:00:52.194 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log OS Name:
>  Linux
> > 05-Aug-2020 23:00:52.194 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log OS Version:
>   4.14.121-85.96.amzn1.x86_64
> > 05-Aug-2020 23:00:52.194 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Architecture:
>   amd64
> > 05-Aug-2020 23:00:52.195 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Java Home:
>  /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.201.b09-0.43.amzn1.x86_64/jre
> > 05-Aug-2020 23:00:52.195 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
>  1.8.0_201-b09
> > 05-Aug-2020 23:00:52.195 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:
>   Oracle Corporation
> > 05-Aug-2020 23:00:52.195 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:
>  /usr/share/tomcat8
> > 05-Aug-2020 23:00:52.196 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
>  /usr/share/tomcat8
> > 05-Aug-2020 23:00:52.196 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Dcatalina.base=/usr/share/tomcat8
> > 05-Aug-2020 23:00:52.196 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Dcatalina.home=/usr/share/tomcat8
> > 05-Aug-2020 23:00:52.197 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djava.endorsed.dirs=
> > 05-Aug-2020 23:00:52.197 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djava.io.tmpdir=/var/cache/tomcat8/temp
> > 05-Aug-2020 23:00:52.197 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument:
> -Djava.util.logging.config.file=/usr/share/tomcat8/conf/logging.properties
> > 05-Aug-2020 23:00:52.197 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> > 05-Aug-2020 23:00:52.198 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based
> Apache Tomcat Native library which allows optimal performance in production
> environments was not found on the java.library.path:
> [/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib]
> > 05-Aug-2020 23:00:52.422 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-8443"]
> > 05-Aug-2020 23:00:52.848 SEVERE [main]
> org.apache.catalina.core.StandardService.initInternal Failed to initialize
> connector [Connector[HTTP/1.1-8443]]
> >  org.apache.catalina.LifecycleException: Failed to initialize component
> [Connector[HTTP/1.1-8443]]
> >   at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
> >   at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
> >   at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> >   at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
> >   at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> >   at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
> >   at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
> >   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >   at
>

Re: Connector works fine with Firefox, but not on speaking terms with Chrome!

2020-08-05 Thread calder

On Wed, Aug 5, 2020, 12:22 James H. H. Lampert 
wrote:

> I've now managed to get an experimental copy of our development AWS EC2
> instance working with a cert from Let's Encrypt, and I've got Tomcat to
> launch with a modified connector that uses the LE certs rather than a
> Java Keystore file.
>
> It looks great from Firefox (except for the still-unanswered riddle of
> the unwanted Tomcat update), but from Chrome, I get (domain name
> "changed to protect the innocent"):
>
> > This site can’t provide a secure connection
> >
> > test.foo.net uses an unsupported protocol.
> >
> > ERR_SSL_VERSION_OR_CIPHER_MISMATCH
> >
> > Unsupported protocol
> >
> > The client and server don't support a common SSL protocol version or
> cipher suite.
>
> The modified connector looks like this:
>
>  protocol="org.apache.coyote.http11.Http11NioProtocol"
> compression="on" compressionMinSize="2048"
> noCompressionUserAgents="gozilla, traviata"
>
>
> compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/x-javascript,application/javascript,application/json"
> maxThreads="1000" socket.appReadBufSize="1024"
> socket.appWriteBufSize="1024" bufferSize="1024" SSLEnabled="true"
> scheme="https" secure="true">
> 
> ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>
>
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>
>
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>
>
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>
>
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
>



  certificateVerificationh="none"


there's one issue (misspelling), though may not be a contributing factor.



sslProtocol="TLS"
> protocols="TLSv1.2">
>certificateFile="/etc/tomcat8/test.foo.net.crt"
> certificateKeyFile="/etc/tomcat8/test.foo.net.key"
>
> certificateChainFile="/etc/tomcat8/test.foo.net.issuer.crt"/>
>
>  
>
>
> Can anybody shed any light on what I did wrong?
>

Re: Best practices for profiling

2020-08-01 Thread calder

On Sat, Aug 1, 2020, 15:16 Aryeh Friedman  wrote:

> On Sat, Aug 1, 2020 at 3:28 PM calder  wrote:
>
> > On Sat, Aug 1, 2020 at 12:53 PM Aryeh Friedman  >
> > wrote:
> > >
> > > What are the best practices for (open source) profiling a JSP (no
> taglibs
> >
> > There's no "one rule" for this
> >
> > > or any EE outside of JSP and JDBC) webapp running on a remote machine
> all
> > > the way down the method level (our main user is complaining about
> > > performance and we have done all the easy fixes that can be done
> without
> > > profiling).   I have played with VisualVM and while it was helpful in
> > > finding the grosser high level stuff it was not the best for
> pinpointing
> > > specific bottlenecks in the actual code.
> >
>
>
> > [1] We prefer to not profile / debug in a client's environment,
> > because there may be "too much going on elsewhere".
> >
>
> Ours is a custom web app (remote cardiac monitoring/record keeping) that
> has only one production server and thus might make the choices narrower.
> The primary problem is it runs just fine on our development machines (even
> under stress tests) because we have more efficent setup then what their
> hosting company is willing to provide (we already use VM's and have them
> backed by local SSD's w/ traditional file systems but the hosting company
> insists on doing networked object storage [which is impossible to model
> outside of that environment]).   When not loaded outside of peak business
> hours it also runs just fine on the hosting company.   Thus it comes down
> to a problem only when it is under a production load and the client is not
> willing to pay for a duplicate setup at the hosting firm (nor would it let
> us see it under load).   Our main goal in profiling is to identify which
> classes/methods that are the bottlenecks.   We are fairly sure it is
> backend I/O driven and just need to see which of the I/O calls are the big
> offenders so we can work out ways of avoiding making them.
>
> As to debugging except for confirming the bug in production and/or using
> its logs to pinpoint the bug we do not do debugging in production.
>

You'll probably want to look at an APM type, such as AppDynamics

Re: Best practices for profiling

2020-08-01 Thread calder

On Sat, Aug 1, 2020 at 12:53 PM Aryeh Friedman  wrote:
>
> What are the best practices for (open source) profiling a JSP (no taglibs

There's no "one rule" for this

> or any EE outside of JSP and JDBC) webapp running on a remote machine all
> the way down the method level (our main user is complaining about
> performance and we have done all the easy fixes that can be done without
> profiling).   I have played with VisualVM and while it was helpful in
> finding the grosser high level stuff it was not the best for pinpointing
> specific bottlenecks in the actual code.

You can't rely on **one single** profiler - we use multiple profilers,
because they each have their strengths and weaknesses.
We write software that is both in our Hosted environment and
installable in the client environment. We support WebLogic, WebSphere,
and Tomcat. There are occasions where we need to profile / debug in
our Hosted environment ... or mimicking a client's environment[1].

Basically, we follow the same pattern:
a) Mission Control and VisualVM and Yourkit - for broad strokes
b) Stackify Prefix (or other Java Agent profiler like XRebel, or maybe
an Aspect type)
c) AppDynamics - APM type

We profile / debug in the steps outlined above - we use (a) to see if
we can nail down the issue - if not, we move to (b) and (c).
Don't take this list of products as gospel - there are others, and
maybe you already have a license for a comparable toolset.

The key is, "don't rely on just one toolset".

[1] We prefer to not profile / debug in a client's environment,
because there may be "too much going on elsewhere".

We create a VM and use their OS, then install our software per our
specs, using the AppServer they have chosen.

If we see better performance in our client-replicated environment (our VM),
than in theirs, we suggest to them to get with their DevOps team to
find the "other source" that is contributing to their performance
issue - that may involve the vendor of said redirector/etc.

** One thing to keep in mind - when you are testing, test directly to
the AppServer (for example, browser <-> AppServer) and do NOT use a
redirector [in front of the AppServer] that the client might be using.
We have discovered 80% of client performance issues ended up being
with their redirector).

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat CVE watch

2020-07-25 Thread calder

On Sat, Jul 25, 2020, 09:55 Darryl Philip Baker <
darryl.ba...@northwestern.edu> wrote:

> We have switched from using the Red Hat supplied version of Tomcat to the
> Apache supplied binary distribution. My management would like me to follow
> any CVE related to Tomcat. I am wondering if there is a mailing list, I can
> subscribe to that will give me just those items.
>

http://tomcat.apache.org/lists.html#tomcat-announce

"The list is used to announce Tomcat releases, security vulnerabilities and
other project announcements."

Re: tomcat can't find suitable driver for mysql

2020-07-13 Thread calder

On Mon, Jul 13, 2020, 15:22 Barry Kimelman 
wrote:

> my system is ubuntu 20.04
> I am running tomcat 9.0.37
>

I can run java based mysql programs from the terminal command line with no
> problems
>

In my build.xml I have the following lines
>

So, you're attempting run in Eclipse?  Or using Maven?

It's also important to note that "things" run differently on Linux vs
Windows.

Re: Can't run manager app under tomcat 9.0.37 under ubuntu 20.04

2020-07-11 Thread calder

On Sat, Jul 11, 2020, 11:46 Barry Kimelman 
wrote:

> I just installed tomcat 9.0.37 on my ubuntu 20.04 system. The install
> worked just fine, no errors of any kind.
>
> I modified the tomcat-users.xml file to have the following content
>
> 
>
> http://tomcat.apache.org/xml;
>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
>   xsi:schemaLocation="http://tomcat.apache.org/xml
> tomcat-users.xsd"
>   version="1.0">



>


  
>   
>   
>   
>   
>

  


roles="admin-gui,manager-gui,manager-script,manager-jmx,manager-status/>
> 
>


Where's the closing quote?


You should also check the "Resource " entry in server.xml.


I stopped and restarted tomcat
>
> When I visit http://localhost:8080 I see the expected page. When I click
> on
> the "Manager App" button I enter the username and password I entered into
> my tomcat users file. But it never accepts my username/password, it just
> keeps re-issuing the prompt. I looked at the files in the logs directory
> and in the cataline logfile I saw the following message
>
> 11-Jul-2020 11:31:12.804 WARNING [http-nio-8080-exec-2]
> org.apache.catalina.realm.LockOutRealm.filterLockedAccounts An attempt was
> made to authenticate the locked user [my_username]
>
>

Re: Tomcat relicts from previous installation - ubuntu

2020-07-09 Thread calder

>
> Am 09.07.2020 um 15:19 schrieb calder :
>
> On Thu, Jul 9, 2020, 06:59 Christoph Kukulies  wrote:.
>
> might try:
> user@machine:~ /> ps systemctl status 
> so in your example
> user@machine:~ /> ps systemctl status 1092
>
>
> systemctl status 1092
>
> worked (without the „ps“) :)
>
> sorry about that ... somehow fat-fingered that in : /
>
> On Thu, Jul 9, 2020, 11:13 Christoph Kukulies  wrote:

Is it an Ubuntu peculiarity that a tomcat.service gets installed? I assume,
I’m getting this automatically when doing an
apt-get install tomcat8, right?

For a distro-specific Tomcat install - meaning the Ubuntu team customized
the packaging and created the expected / related services...
... yes, a service would be automagically configured to start up Tomcat.

Most all distros do that ... if you elect to install the software, but DO
NOT want the service to be automagically started, you'd need to explicitly
stop and / or disable it.

Re: Tomcat relicts from previous installation - ubuntu

2020-07-09 Thread calder

On Thu, Jul 9, 2020, 06:59 Christoph Kukulies  wrote:.

> >
> > might try:
> > user@machine:~ /> ps systemctl status 
> > so in your example
> > user@machine:~ /> ps systemctl status 1092
>
> systemctl status 1092
>


worked (without the „ps“) :)


sorry about that ... somehow fat-fingered that in : /

Re: Tomcat relicts from previous installation - ubuntu

2020-07-09 Thread calder

On Thu, Jul 9, 2020 at 4:48 AM Christoph Kukulies  wrote:
>
> I’m resurrecting tomcat on a server (Ubuntu 18.04.4) on which I had been 
> running tomcat7 some time ago.
> At the moment, when the system has started up, I’m seeing a process:
>
> root@kuku:~# ps ax | grep -i tomcat
>  1092 ?Sl 0:08 /usr/lib/jvm/java-1.11.0-openjdk-i386/bin/java 
> -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties 
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
> -Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom 
> -Djdk.tls.ephemeralDHKeySize=2048 
> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources 
> -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Xms512M -Xmx1024M 
> -server -XX:+UseParallelGC -Dignore.endorsed.dirs= -classpath 
> /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar 
> -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat 
> -Djava.io.tmpdir=/usr/share/tomcat/temp org.apache.catalina.startup.Bootstrap 
> start
>  2079 pts/0S+ 0:00 grep --color=auto -i tomcat

> root@kuku:~#

It's never a good idea to run as root.

> Since I have no tomcat service script in /etc/init.d I have no idea at the 
> moment, who or which script is starting this java process.

might try:
user@machine:~ /> ps systemctl status 
so in your example
user@machine:~ /> ps systemctl status 1092

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat not part of RHEL 8 distro?

2020-07-02 Thread calder

On Thu, Jul 2, 2020 at 3:05 PM Sean Neeley  wrote:
> On Thu, Jul 2, 2020 at 2:57 PM calder  wrote:
> > On Thu, Jul 2, 2020, 14:43 Sean Neeley  wrote:
> >
> > > I heard that tomcat is no longer available for RHEL 8.  Does anyone know
> > > why this is?  What free alternatives are there for java servlets, which
> > > have rpm packages managed by Red Hat?
> >
> > I would fathom a guess that'd be a question for Red Hat?  (as they decide
> > what's available for their distro).
> > .
> > In a pinch, one could download plain vanilla Tomcat and install to "/opt/"
> > [1] ... or you could go through the manual pain to install as it would be
> > deployed on RHEL 7.x
> > .
> > [1] We do this
>
> Thanks.  I know the decision was Red Hat's, but I thought someone here
> might know the reason.

It's quite possible - I am not a member of the official Tomcat team,
so they may chime in if they are privy to that info.

> I may do what you did and install as it was on RHEL 7.x.

To be clear, we do not mimic the install layout as is done in RHEL 7.x
(a splintered install, where various sub-dirs located in different
sub-dir trees)

We install (most all 3rd party software) to the "/opt/" tree, so we
have Tomcat based in:
/opt/tomcat/ ... and TC's native sub-dirs are all encased in that tree, as in:

calder@ren:/opt/tomcat > ls -A1
bin
conf
lib
logs
temp
webapps
work
calder@ren:/opt/tomcat >

The simplest explanation is
(1) create the "/opt/tomcat" sub-dir
(2) unzip the plain-vanilla ZIP there.
There's much more to it for us[1], but that's it in a nutshell.

> The drawback is no automatic updates.
Understood [1]  (we do not allow distro vendor updates).

> Did you package your installation into an rpm that could be shared?
Shared, as in, "with the general public" ? [1]

[1] Because we are a banking institution, we do not allow 3rd party
software to be "maintained by the distro vendor" (for updates, etc).
We are responsible to determine how and "where" the 3rd party
software will be packaged, installed, and updated.
Any software packages or documents (etc) created internally can *not*
leave any machine or our network.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat not part of RHEL 8 distro?

2020-07-02 Thread calder

On Thu, Jul 2, 2020, 14:43 Sean Neeley  wrote:

> I heard that tomcat is no longer available for RHEL 8.  Does anyone know
> why this is?  What free alternatives are there for java servlets, which
> have rpm packages managed by Red Hat?
>

I would fathom a guess that'd be a question for Red Hat?  (as they decide
what's available for their distro).
.
In a pinch, one could download plain vanilla Tomcat and install to "/opt/"
[1] ... or you could go through the manual pain to install as it would be
deployed on RHEL 7.x
.
[1] We do this

>

Re: Having trouble with tomcat 7 installation on RHEL 7.8 power pc

2020-07-01 Thread calder

On Wed, Jul 1, 2020, 15:32 Sean Neeley  wrote:

> I tried switching from Java 1.8 to Java 11 to see if that makes a
> difference.  Now the VM Thread is using a lot less CPU:
>
>   PID USER  PR  NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND
>  2320 tomcat20   0 4659072  47872  19904 R 99.9  0.6  22:15.16 java
>  2326 tomcat20   0 4659072  47872  19904 R  4.6  0.6   0:56.43 VM
> Thread
>
> I tried running jstack on the processes, but I get this:
>
> 2320: Unable to open socket file: target process not responding or HotSpot
> VM not loaded
>

Did you attempt to run the command as the "Tomcat user"?

BTW,  Oracle recommends the use of "jcmd" over "jstack". Personally, I'd
give Mission Control/Flight Recorder a go.

Re: Having trouble with tomcat 7 installation on RHEL 7.8 power pc

2020-07-01 Thread calder

On Wed, Jul 1, 2020, 11:15 Sean Neeley  wrote:

> I just installed tomcat 7 on a Red Hat Enterprise Linux Server 7.8, power
> pc system.  As soon as the service starts, the java process uses 100% cpu.
> Logs get created in /var/log/tomcat, but they all have size 0 bytes.  I
> have not modified the standard configuration (tomcat.conf, server.xml,
> etc).  The tomcat packages that are installed are:
>
> tomcat-7.0.76-12.el7_8.noarch
> tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch
> tomcat-el-2.2-api-7.0.76-12.el7_8.noarch
> tomcat-lib-7.0.76-12.el7_8.noarch
> tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch
>
> Are there any tricks I can use to troubleshoot what is going wrong?


Check "syslog" for clues.

Also, double-check the permissions for  /var/log/tomcat.

Re: SSL error

2020-06-26 Thread calder

In Fri, Jun 26, 2020, 10:37 Beard, Shawn M. 
wrote:

> We are running tomcat-7.0.52(old I know) and java 1.7.0_80.
>

yea, BOTH are very old.

When the app makes calls to an external webservice. It keeps throwing this
> error:
>
> javax.net.ssl.SSLException : javax.net.ssl.SSLException:
> java.lang.RuntimeException: Unexpected error:
> java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty
>
[1]

> I have this in the java options and have confirmed the proper CA certs for
> this webservice is in the truststore. Any ideas?
>
-Djavax.net.ssl.trustStore=/path/to/truststore/tomcatTrustStore.jks
> -Djavax.net.ssl.trustStorePassword=
> -Djavax.net.ssl.trustStoreType=jks
>

Did this runtime EVER work?

If yes, "what" changed?



[1]
https://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

2020-06-23 Thread calder

I did this on my 18.04 [temporary test] system and it now works
(catalina.out is written to)
(the "ls" commands were for visual inspection on progress)

calder@ren: ~$ sudo service tomcat9 stop
calder@ren: ~$ sudo -u tomcat -g adm touch /var/log/tomcat9/catalina.out
calder@ren: ~$ ls -l /var/log/tomcat9/
[...]
calder@ren: ~$ sudo chown tomcat9:syslog /var/log/tomcat9 -R
calder@ren: ~$ sudo chown tomcat:syslog /var/log/tomcat9 -R
calder@ren: ~$ sudo ls -l /var/log
[...]
calder@ren: ~$ sudo chmod g+rwx /var/log/tomcat9/
calder@ren: ~$ sudo chmod g+rw /var/log/tomcat9/ -R
calder@ren: ~$ sudo chmod g+s /var/log/tomcat9/ -R
calder@ren: ~$ sudo service rsyslog restart
calder@ren: ~$ sudo service tomcat9 start
calder@ren: ~$ ls -l /var/log/tomcat9/
[...]
calder@ren: ~$ sudo ls -l /var/log/tomcat9/
-rw-rwS--- 1 tomcat syslog 26276 Jun 23 21:31 catalina.2020-06-23.log
-rw-rwSr-- 1 tomcat syslog  4125 Jun 23 21:31 catalina.out
-rw-rwS--- 1 tomcat syslog 0 Jun 23 19:51 localhost.2020-06-23.log
-rw-rwS--- 1 tomcat syslog  1462 Jun 23 20:53
localhost_access_log.2020-06-23.txt

calder@ren: ~$ sudo cat /var/log/tomcat9/catalina.out

[2020-06-23 21:30:57] [info] Server version name:   Apache
Tomcat/9.0.31 (Ubuntu)
[2020-06-23 21:30:57] [info] Server built:  Feb 24 2020 22:37:00 UTC
[2020-06-23 21:30:57] [info] Server version number: 9.0.31.0
[2020-06-23 21:30:57] [info] OS Name:   Linux
[2020-06-23 21:30:57] [info] OS Version:5.4.0-37-generic
[2020-06-23 21:30:57] [info] Architecture:  amd64
[2020-06-23 21:30:57] [info] Java Home:
/usr/lib/jvm/java-11-openjdk-amd64
[2020-06-23 21:30:57] [info] JVM Version:
11.0.7+10-post-Ubuntu-3ubuntu1
[ . . . ]
[2020-06-23 21:30:59] [info] Deployment of web application archive
[/var/lib/tomcat9/webapps/ourtest.war] has finished in [1,563] ms
[2020-06-23 21:31:00] [info] Starting ProtocolHandler ["http-nio-8080"]
[2020-06-23 21:31:00] [info] Server startup in [2,549] milliseconds

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Strange crash-on-takeoff, Tomcat 7.0.104

2020-06-22 Thread calder

On Mon, Jun 22, 2020, 11:56 James H. H. Lampert 
wrote:

> On 6/20/20 8:41 AM, Mark Thomas wrote:
>
> > 7.0.105 hasn't been released yet. You can use catalina.sh from 7.0
> > 103 or the latest version from source control.
>
> Where would I find "the latest version from source control"?
>

https://gitbox.apache.org/repos/asf?p=tomcat.git


Found at
https://en.m.wikipedia.org/wiki/Apache_Tomcat

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

2020-06-22 Thread calder

On Mon, Jun 22, 2020, 01:04 Brian  wrote

[ snip ]

- For some reason, the people at Ubuntu/Debian/Linux decided that Tomcat's
> log should be found inside syslog, instead of staying independent inside
> "catalina.out". Why is that? I don't know and I don't like it!

[ snip ]
.
Sorry - don't have a specific answer for your Ubuntu implementation.
.
However, this is one reason we do not use "distro-specific" Tomcat
installations (to include implementations of WebSphere and WebLogic).
.
For example, we grab the plain vanilla Tomcat ZIP and extract it to "/opt/"
(as in "/opt/tomcat/") - we now have complete control over its
configuration and runtime instantiation.

Re: broken pipe error keeps increasing open files

2020-06-20 Thread calder

On Fri, Jun 19, 2020, 15:46 Ayub Khan  wrote:

> tomcat 8.5 broken pipe increases open files on ubuntu AWS
>

If there is slow response from db

Might be a good idea to investigate the reason for the "slow response"

I see this stack trace and the open files goes high

[ snip ]

Caused by: java.io.IOException: Broken pipe
> at sun.nio.ch.FileDispatcherImpl.write0(Native Method)

If I remember correctly, we had this issue about three+ years ago.Is
your app using the "dbcp" (1.4) library?  We ended up moving to "dbcp2", in
addition to optimizing the DB queries.

Re: Strange crash-on-takeoff, Tomcat 7.0.104

2020-06-19 Thread calder

On Fri, Jun 19, 2020, 15:33 James H. H. Lampert 
wrote:

> On 6/19/20 1:26 PM, calder wrote:
> > a) are both Tomcat instances installed on that same server?
>
> Yes
>
> > b) if yes, is the 7.0.93 instance running when you launch the 7.0.104
> > instance?
>
> No.
>
> We've done this procedure before: installing a new version, doing the
> setup in the new version, then shutting down the old version, renaming
> both the old and the new versions (so things are where they're expected
> to be), and starting up.

Thanks.

a) it's worth asking the obvious ... are the file permissions correct for
the new TCp installation, i.e , such as read/write in "logs" subdir and
execute permissions for the TC scripts?

b) are you using the same Java instance for both TC's ?

Re: Strange crash-on-takeoff, Tomcat 7.0.104

2020-06-19 Thread calder

On Fri, Jun 19, 2020, 15:15 James H. H. Lampert 
wrote:

> Ladies and Gentlemen:
>
> In preparation for updating a customer box, I installed Tomcat 7.0.104
> on our own AS/400 (64-bit Java 6 JVM).
>
> 7.0.93 works just fine on our box, but 7.0.104 seems to crash on
> takeoff, producing no log files, just a spool file consisting of the
> single line
>

a) are both Tomcat instances installed on that same server?
.
b) if yes, is the 7.0.93 instance running when you launch the 7.0.104
instance?

Re: NullPointerException in CoyoteOutputStream

2020-06-12 Thread calder

On Fri, Jun 12, 2020, 10:36 Mark A. Claassen  wrote:

> We were doing some load testing and we started getting a
> NullPointerException at the stack trace below.  We don't get the NPE all
> the time, so I am guessing some of these objects got corrupted somehow.
> One place the clear() method is called from is the recycle() method in the
> Response object from the same package.
>
> Has anyone seen this before?  My Internet searches did not reveal any
> other reports of this.  Is this something that has already been fixed in
> the course of other changes?
>
> The version of Tomcat is 9.0.12 and we are using the openSSL underneath
> all this.
>
> ---
>  at
> org.apache.catalina.connector.CoyoteOutputStream.checkNonBlockingWrite(CoyoteOutputStream.java:134)
>  at
> org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:95)
>  at
> org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:89)
>  at dsi.core.io
> .ByteCounterOutputStream.write(ByteCounterOutputStream.java:37)
>


Apologies ... but this doesn't look like a complete stack trace, to include
any "caused by" statements (and the originating statement)


 CoyoteOutputStream
> private boolean checkNonBlockingWrite() {
> boolean nonBlocking = !ob.isBlocking(); <-- Line 134
> if (nonBlocking && !ob.isReady()) {
> throw new
> IllegalStateException(sm.getString("coyoteOutputStream.nbNotready"));
> }
> return nonBlocking;
> }
> --- CoyoteOutputStream
> /**
>  * Clear facade.
>  */
> void clear() {
> ob = null;
> }
> --- CoyoteOutputStream
> @Override
> public void close() throws IOException {
> ob.close();
> }
> ---

Re: File access error on Windows Server 2019 after upgrading to Tomcat 8.5.45

2020-06-09 Thread calder

On Tue, Jun 9, 2020 at 8:08 AM Bill Stewart  wrote:
[ snip ]
> Also, "file not found" is not the same as "access denied". You should
> post the exact error line(s) from your log.

A bit off-topic, but wanted to jump in and clear this up, as the Java
error messages are somewhat misleading.
If I write a class to open a read-only file with
java.io.FileOutputStream, I will see this stack trace

calder@stimpy:~/bin> ./jdk180-221/bin/java AccessDenied
java.io.FileNotFoundException: tester.txt (Permission denied)
at java.io.FileOutputStream.open0(Native Method)
...
calder@stimpy:~/bin> ls -l tester.txt
-r--r--r-- 1 calder users 0 Jun  9 10:12 tester.txt

FileOutputStream ctors and methods throw the FileNotFoundException and
the more specific error [in this case] is "Permission denied".
So yea, it's confusing.

If you check the source code for FileNotFoundException, we even see a
comment related to this
[quote]
This exception will be thrown by the {@link FileInputStream}, {@link
 FileOutputStream}, and {@link RandomAccessFile} constructors when a file
 with the specified pathname does not exist.  It will also be thrown by these
 constructors if the file does exist but for some reason is inaccessible, for
 example when an attempt is made to open a read-only file for writing.
[/quote]

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CentOS Tomcat install seems to ignore setenv.sh

2020-05-12 Thread calder

On Tue, May 12, 2020, 21:48 kohmoto  wrote:

> Hi, Calder,
>
> Thank you for your prompt reply.
> I think Tomcat binary files all have root priviledges.
> Should these priviledges should be changed to user priviledges?
>


Yes.

There is a "Tomcat Security" guide at the Tomcat website.  Also, Mulesoft
has a good guide
https://www.mulesoft.com/tcat/tomcat-security


Your truly,
> Kazuhiko Kohmoto
>
> On 2020/05/13 11:17, calder wrote:
> > If TC, running as root, is ever compromised, the compromising user
> > (attacker) can gain access to the whole of the system.  The attacker
> could
> > execute any arbitrary command available on the system.  They could remove
> > files, or install malicious software.
>
>

Re: CentOS Tomcat install seems to ignore setenv.sh

2020-05-12 Thread calder

On Tue, May 12, 2020, 19:58 kohmoto  wrote:

>
> On 2020/05/13 0:47, John Larsen wrote:
> > I wouldnt recommend running tomcat as root
>
> Actually I run Tomcat as root. Your recommendation seems
> against my practice. It would be appreciated if you would
> advice me about points not running as root

This is not a security practice only for Tomcat, but ANY application
running on a Linux system (or any operating system for that matter).

If TC, running as root, is ever compromised, the compromising user
(attacker) can gain access to the whole of the system.  The attacker could
execute any arbitrary command available on the system.  They could remove
files, or install malicious software.

To limit a compromise, one should run the user of the application with the
least privileges (never as the root user)

Read more here
https://en.m.wikipedia.org/wiki/Principle_of_least_privilege

Limiting privileges can also be beneficial for lessening any inadvertent
damage, for example, to the local filesystem.  Let's say the app creates,
reads, writes, and deletes files.

And let's say the app is about to delete all files in a subdirectory path,
but the URI gets munged and the path to be purged is a system path.

Because the app has root privileges, all those system files will be
removed.If the TC app is running as a limited user (something
traditional like "tomcat"), those system files will not be deleted.

Re: CentOS Tomcat install seems to ignore setenv.sh

2020-05-12 Thread calder

On Tue, May 12, 2020 at 4:30 PM Patrick Baldwin
 wrote:
> On Tue, May 12, 2020 at 5:13 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
[snip]

> > There is no catalina.sh that I can find.  When I googled that, I found:
> https://forums.centos.org/viewtopic.php?t=54207

> > You should be able to use systemd for this.

> > If I can get it going that way, I'll definitely try it.

No need to try ... it is running via Systemd : )
>  102$ sudo service tomcat start

That's why catalina.sh isn't used.

This might be helpful as a sort of "tutorial"
https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-centos-7
Pay particular attention to the section, "Install Systemd Unit File"
.. where they show a sample "/etc/systemd/system/tomcat.service"

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CentOS Tomcat install seems to ignore setenv.sh

2020-05-12 Thread calder

On Tue, May 12, 2020, 16:13 Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Patrick,
>
> On 5/12/20 17:08, Patrick Baldwin wrote:
> > 102$ sudo service tomcat start Redirecting to /bin/systemctl start
> > tomcat.service
>
> Uhh, doesn't that just call systemd?
>

Agreed.  In my previous post, I mentioned the config file to use ...
(Systemd is still in use.)


[ previous quote ]
Does their Tomcat use Systemd?
If yes, then look for the Systemd unit file - default should be
/etc/systemd/system/tomcat.service
 that's where they will add an entry like (or modify the existing)
[ ... ]
Environment='CATALINA_OPTS=-server -Xms2048m -Xmx2048m
-XX:PermSize=256m -XX:MaxPermSize=2048m'
[ ... ]

The memory settings need to go in /etc/systemd/system/tomcat.service
(among othe JVM parms)

Re: CentOS Tomcat install seems to ignore setenv.sh

2020-05-12 Thread calder

On Tue, May 12, 2020, 16:08 Patrick Baldwin 
wrote:

> On Tue, May 12, 2020 at 5:07 PM calder  wrote:
>
> > On Tue, May 12, 2020, 15:49 Patrick Baldwin 
> > wrote:
> >
> > > I turned off systemd for tomcat:
> > >
> > > 84$ sudo systemctl disable tomcat
> >
> > [ snip ]
> >
> > > Restarted tomcat,  and it still runs for about 2 minutes then throws
> >
> > that java.lang.OutOfMemoryError: Java heap space error and dies.
> >
> >
> >
> > And how are you starting TC, as now not using Systemd?
>


102$ sudo service tomcat start
> Redirecting to /bin/systemctl start tomcat.service



But setenv.sh is sourced by catalina.sh. so if it isn't executed, setenv.sh
won't.

Re: CentOS Tomcat install seems to ignore setenv.sh

2020-05-12 Thread calder

On Tue, May 12, 2020, 15:49 Patrick Baldwin 
wrote:

> I turned off systemd for tomcat:
>
> 84$ sudo systemctl disable tomcat

[ snip ]

> Restarted tomcat,  and it still runs for about 2 minutes then throws

that java.lang.OutOfMemoryError: Java heap space error and dies.

And how are you starting TC, as now not using Systemd?

Re: CentOS Tomcat install seems to ignore setenv.sh

2020-05-12 Thread calder

On Tue, May 12, 2020, 13:48 calder  wrote:

>
> [ snip ]
>

Does their Tomcat use Systemd?
> If yes, then look for the Systemd unit file - default should be
> /etc/systemd/system/tomcat.service
>  that's where they will add an entry like (or modify the existing)
> [ ... ]
> Environment='CATALINA_OPTS=-server -Xms2048m -Xmx2048m
> -XX:PermSize=256m -XX:MaxPermSize=2048m'
> [ ... ]

My post may have been a bit misleading with my comment about setenv.sh and
then the reference to Systemd.  If using Systemd, setenv.sh will be
ignored, hence the possible use of default JVM memory config, and thus OOME.

Re: CentOS Tomcat install seems to ignore setenv.sh

2020-05-12 Thread calder

On Tue, May 12, 2020 at 10:28 AM Patrick Baldwin
 wrote:
>
> I've gotten passed an odd (to me, anyway) issue with one of our clients 
> CentOS systems.
>
> When our webapp starts running, tomcat dies shortly thereafter with an
> OutOfMemoryError. This apparently just started a few days ago.
>
> System info:
> Tomcat Version: Apache Tomcat/7.0.76
> JVM version: 1.8.0_191-b12
> OS: CentOS Linux release 7.6.1810 (Core)
[ snip ]

> Since there isn’t a setenv.sh in /usr/local/tomcat/bin, we create one:
> 195$ ls -l /usr/local/tomcat/bin/setenv.sh
> -rwxrwxrwx. 1 root tomcat 110 May 11 12:56 /usr/local/tomcat/bin/setenv.sh

---^  have the client correct this (owner/runas root)

> 45$ cat /usr/local/tomcat/bin/setenv.sh
> export CATALINA_OPTS="-server -Xms2048m -Xmx2048m"
> export JAVA_OPTS="-XX:PermSize=256m -XX:MaxPermSize=2048m"

Does their Tomcat use Systemd?
If yes, then look for the Systemd unit file - default should be
/etc/systemd/system/tomcat.service
 that's where they will add an entry like (or modify the existing)
[ ... ]
Environment='CATALINA_OPTS=-server -Xms2048m -Xmx2048m
-XX:PermSize=256m -XX:MaxPermSize=2048m'
[ ... ]

In a pinch, you can check the TC logs to see if the variables are being set.

> System memory before starting tomcat:
> 188$ free -h

"free" doesn't provide a proper memory report for a JVM.
If it were me, I'd run *jvisualvm* or *MissionControl* (jmc) or
*jconsole*.and get a snapshot of the app.
Another option is to use *jmap* or *jcmd*

You could also add this option
-XX:+HeapDumpOnOutOfMemoryError
and optionally this if you want to specify the path of the dump
-XX:HeapDumpPath=
... if you feel like you cant get a proper capture with the GUI tools
listed above

[ snip ]

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat shutdown password complexity

2020-05-10 Thread calder

On Sat, May 9, 2020 at 5:09 PM Christopher Schultz
 wrote:
> On 5/9/20 00:36, calder wrote:
> > On Fri, May 8, 2020 at 9:07 PM calder 

[snip]
> > Keep in mind - some characters won't work like & or ( or ) - at
> > least on Unix-style OSes as the shell may want to interpret them.
>
> What makes you say that? What does the shell have to do with anything?

I asked the DevOps person about the error - turns out it was a
SAXParseException when using the & char in the string. He vaguely
remembers a shell issue with the bang char.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat request hooks

2020-05-09 Thread calder

On Sat, May 9, 2020, 07:16 Vikas Kumar  wrote:

> As per my understanding (using a Spring Boot app with Tomcat server), we
> define:
>
>- Max no. of worker threads (maxThreads, default 200)
>- Tomcat queue size (maxConnections, default 8192 for APR, 1 for
>NIO). When all worker threads are busy, requests are placed into the queue.
>As worker threads free up, queued requests are sent to them in FIFO order
>
>
I'll assume the "steps" are shown in the "broken" image (inline/attached
images are normally dropped) - you'll need the convert whatever text is
contained into actual text and post back.


[image: Untitled Diagram.png]
>
> I can add a hook at step (3) using a servlet filter or
>
[ snip ]

Re: Tomcat shutdown password complexity

2020-05-08 Thread calder

On Fri, May 8, 2020 at 9:07 PM calder  wrote:
>
> On Fri, May 8, 2020, 19:20 Robert Hicks  wrote:
>>
>> I am trying to find what the password complexity can be. I've looked at
>> several hardening guides and they are all "WordsLikeThis". Does the
>> shutdown password take symbols and numbers or at least hyphenated words?
>
>
> We've never had occasion to use the password, because we disable shutdown 
> (the better option).
>
> However, my best guess one could use anything.  One could check the source 
> code, or better yet, set up a Dev instance and give it a quick test - a 15 
> minute exercise at most.

Gave it a test.

In server.xml, we have


and then fire it up

user@stimpy:~/bin/apache-tomcat/bin> ./catalina.sh start  > log.log 2>&1

user@stimpy:~/bin/apache-tomcat/bin> ps aux | grep java
user   7223  531  1.2 21006280 812812 pts/2 Sl   23:22   0:13 /home/ [ ... ]

user@stimpy:~/bin/apache-tomcat/bin> ./shutdown.sh stop

user@stimpy:~/bin/apache-tomcat/bin> ps aux | grep "bin/java"
[ no response ]

If we start up TC and change  server.xml entry to (removed one char at end)

TC won't shut down.

Keep in mind - some characters won't work like & or ( or ) - at least
on Unix-style OSes as the shell may want to interpret them.

Experiment with whatever chars you want.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat shutdown password complexity

2020-05-08 Thread calder

On Fri, May 8, 2020, 19:20 Robert Hicks  wrote:

> I am trying to find what the password complexity can be. I've looked at
> several hardening guides and they are all "WordsLikeThis". Does the
> shutdown password take symbols and numbers or at least hyphenated words?
>

We've never had occasion to use the password, because we disable shutdown
(the better option).

However, my best guess one could use anything.  One could check the source
code, or better yet, set up a Dev instance and give it a quick test - a 15
minute exercise at most.

>

Re: Upgrading from 9.0.20 to 9.0.34 AJP connector issue

2020-05-01 Thread calder

On Fri, May 1, 2020, 13:32 Darryl Philip Baker <
darryl.ba...@northwestern.edu> wrote:

> Continuing the investigation:
>
> I have the two tomcat installation in /opt/tomcat.

I assume  /opt/tomcat  is the BASE subdirectory path, where two different
versions are installed under that named BASE. something like

/opt/tomcat/tomcat9020
/opt/tomcat/tomcat9034

Apache HTTPD references the worker file using a path that has a symbolic
> link that "latest" I can switch to point to either installation of tomcat.

The workers file is defined in httpd.conf as "JkWorkersFile
> /opt/tomcat/latest/conf/jk/workers.properties"
>

So "latest" eventually points to either "20" or "34"

Tomcat 9.0.20 works as expected. Tomcat 9.0.34 fails with just having the
> browser clocking and not returning.
>

Here you state, basically, there's no response at the browser, but
eventually it should, upon timeout.

However the above statement contradicts the "404" statement below.

>

I am trying to browse to one of the JKmount URLs in this case
> https://myserver.northwestern.edu/LmsSync/.

When I point the symbolic link to the 9.0.20 installation, it works fine.

When I point the symbolic link to the 9.0.34 installation, it I get a 404
> error.

This contradicts the above "no response" statement

Here's a test I always request a client to perform during troubleshooting :

"remove the redirector from the equation and test again" .. any issue
now?(ie, go to each Tomcat directly - works?   Yes? Then it's an issue
with the redirector config).

Re: tomcat and ssl

2020-04-27 Thread calder

On Mon, Apr 27, 2020, 16:30 calder  wrote:

>
>
> On Mon, Apr 27, 2020 at 11:22 AM Beard, Shawn M.
>  wrote:
>
>> I have an app running in tomcat 9 that makes an ssl call to an external
>> webservice.
>>
>>
>>
>> It fails with these errors in the logs:
>>
>> ERROR javax.net.ssl.SSLHandshakeException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target
>>
>
> When we've seen that in our logs, it's because self-signed certs are
> being used.
>

Sorry I didn't include the other possible issue that we see with this error
message

It can also be related to using the rwong version of the unlimited
encryption JAR files

Re: tomcat and ssl

2020-04-27 Thread calder

On Mon, Apr 27, 2020 at 11:22 AM Beard, Shawn M.
 wrote:

> I have an app running in tomcat 9 that makes an ssl call to an external
> webservice.
>
>
>
> It fails with these errors in the logs:
>
> ERROR javax.net.ssl.SSLHandshakeException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>

When we've seen that in our logs, it's because self-signed certs are being
used.

Re: Catalina PID file

2020-04-22 Thread calder

On Wed, Apr 22, 2020 at 11:34 AM Rafael Oliveira  wrote:
> Hello everyone during some tests where I ran in my local environment I came
> across an odd behavior on tomcat start
>
> During the start process catalina.sh script create a new PID file using the
> following statement
> *echo $! > "CATALINA_PID"*
>
> $! *Expands to the process **ID** of the job most recently placed into the
> background,* whether executed as an asynchronous command or using the bg
>  builtin

Correct.

> The PID number inside the PID file is different of the tomcat process

Not on my installations - using "./catalina.sh start  > startup.txt 2>&1"

user@stimpy:~/bin/apache-tomcat-9.0.26/bin> cat cat-pid
8732
user@stimpy:~/bin/apache-tomcat-9.0.26/bin> ps -aux | grep tomcat
user8732  1.3  0.2 23279772 161408 pts/1 Sl   00:28   0:05
/usr/lib64/jvm/java/bin/java
-Djava.util.logging.config.file=/home/user/bin/apache-tomcat-9.0.26/

... and using "startup.sh"

user@stimpy:~/bin/apache-tomcat-9.0.26/bin> cat cat-pid
9861
user@stimpy:~/bin/apache-tomcat-9.0.26/bin> ps -aux | grep tomcat
user   9861 18.4  0.2 23277724 148168 pts/1 Sl   00:37   0:04
/usr/lib64/jvm/java/bin/java
-Djava.util.logging.config.file=/home/user/bin/apache-tomcat-9.0.26/

> started which I could verify with:
> ps -ef  | grep 'catalina.base=$CATALINA_HOME'

??

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Removing Tomcat ROOT directory causes the server to hang on startup

2020-04-21 Thread calder

On Tue, Apr 21, 2020, 08:20 Clough, Don  wrote:

> Good Morning,
>
> Tomcat version 8.5.15
>
> Is it possible to remove the tomcat ROOT directory?
>

Yes - not required ... unless you want the functionality provided therein.

Re: blank screen shown under tomcat9 when I attempt to run my app

2020-04-12 Thread calder

On Sun, Apr 12, 2020, 11:58 Barry Kimelman 
wrote:

> my system is a windows 10 64 bit laptop.
> I am running tomcat 9
> Here is the directory of my Java environment
>
>  Directory of C:\Program Files\Java
>
> Sat Jan 25, 2020  06:03 AM  .
> Sat Jan 25, 2020  06:03 AM  ..
> Tue Jan 01, 2019  03:47 PM  jdk1.8.0_191
> Sat Jan 25, 2020  06:02 AM  jre1.8.0_241
>
> I can successfully run my old app which I wrote some time ago. However when
> I try to run my new app


What's the difference between "old" and "new"?

Also, were you running the app on a previous version of Tomcat and / or
Java?

I just get a blank screen.
> When I check the tomcat log it shows a HTTP status code of 421



Can you paste the complete stack trace (including any "caused by"
statements)


which means
> "misdirected request" (i have never seen this code before while running my
> tomcat server)
>
> My new app is structured just like my old app. There is an index.html file
> which automatically redirects to a JSP page.
>
>  1 
>  2 
>



 3 QWLC Data Management/title>
>


Missing the left brace for the "title" closing tag


 4 
>  5 
>  6
>  7 
>  8 If you are looking for the entrance for the qwlc data management,
> you are very close.
>  9 Click here to enter the qwlc data management
> 10
> 11 
> 12 YOU WILL BE REDIRECTED IN 3 SECONDS - If the redirect does not
> work,
> 13 please click on the link above.
> 14
> 15 
> 16 
>
> This error occurs no matter which browser I use. When I type "CTRL-U" in my
> browser to see the HTML code I see the code from my index.html file. I am
> wondering why the redirect did not work for this new app.
>
> One minor difference with what I see from CTRL-U as compared to my old app.
> In the CTRL-U output in my old app the "enter.jsp" is underlined.
>
> Any ideas as to where I can look for the problem ?
>
>

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

2020-04-08 Thread calder

On Wed, Apr 8, 2020, 18:11 James H. H. Lampert 
wrote:

>
> And as to vendor-supplied installations, I agree with you. I'm rather
> irritated with the "Debianism" of splitting Tomcat up so completely that
> webapp contexts can be in at least two different places, and the general
> "Linuxism" of *not* including manager and host-manager (although I've
> never needed the latter) in the basic installation, and sometimes not
> even including a default root.
>

It's not just a Debian thing - it's a Linux distro idiosyncrasy.

And you don't have to use a distro's Tomcat layout / configuration.  We
don't - we download P.V. Tomcat and extract to /opt (obviously, one could
choose to install to /usr/local if building) and use separate CATALINA_BASE
and CATALINA_HOME.

Re: JNI memory leak?

2020-04-06 Thread calder

> On Sat, Apr 4, 2020 at 10:39 AM Thomas Meyer  wrote:
> > April 2020 14:53:17 MESZ schrieb calder  wrote:

[ snip ]
> >So, ultimately, I'm confused why we think Tomcat is "to blame" as
> >there is no evidence it uses JNI.
> >It's my experience JNI memory issues are related to the Java JNI or
> >proprietary native code.
>

> I think jni is used via apr in tomcat.
>
> Do you use apr http connector?

Thomas - thanks for correcting my oversight - I obviously wasn't
thinking about the Native Library

user@stimpy:~/Desktop/tomcat-source/tomcat-native-1.2.23-src> find .
-name "*jni*" -ls
818614714  0 drwxr-xr-x   2 user  users 138 Jun 26  2019
./examples/org/apache/tomcat/jni
544916739  8 -rwxr-xr-x   1 user  users7639 Jun 26  2019
./jnirelease.sh
21107212 12 -rw-r--r--   1 user  users   11352 Jun 26  2019
./native/src/jnilib.c
812313638  0 drwxr-xr-x   2 user  users 150 Jun 26  2019
./test/org/apache/tomcat/jni
25339941  4 drwxr-xr-x   2 user  users4096 Jun 26  2019
./java/org/apache/tomcat/jni

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JNI memory leak?

2020-04-05 Thread calder

On Sat, Apr 4, 2020, 12:02 Mark Boon  wrote:

> I don't have 'proof' Tomcat is to blame. Hence the question-mark. All I
> have managed is narrow it down to this NMT data, which is not very
> informative. I hoped anyone could give me an idea how or where to
> investigate further. Or if someone had run into this before.
>
> The connector of the webapp uses Http11NioProtocol. My understanding is it
> uses direct-byte-buffers backed by native memory for the Nio channels. I
> don't know for sure if that gets allocated through a JNI call, but that was
> my assumption.
>
> I did not consider trying Mission Control or jvisualvm. Isn't Mission
> Control for embedded Java? And AFAIK, jvisualvm is for profiling Java
> memory usage and underneath uses tools like jmap, jstat and jcmd. Through
> GC logs and jmap heap-dumps I can confidently say there's no memory leak on
> the Java side. The NMT data shown comes from jcmd. No type grows beyond
> control and full GC always returns to the same baseline for the heap.
> Anyway, the Java heap is only 360Mb and this memory-block created by
> jni_invoke_static has grown to 700Mb by itself. And I see no out-of-memory
> messages. The only hint of this happening is that the RES memory of the
> Tomcat process keeps growing over time, as shown by 'top'. And it seems GC
> is getting slower over time, but the customers haven't noticed it yet.
> (This is after we switched to ParallelGC. We did see considerable slow-down
> when using G1GC in the ref-processing, but we couldn't figure out why. It
> would slow to a crawl before the memory leak became obvious.)
>
> Anyway, I was mostly fishing for hints or tips that could help me figure
> this out or avoid it.
>
> The application is simple to the point I'm hard-pressed to think of any
> other part making JNI calls. The only library I can think of using JNI is
> BouncyCastle doing the SSL encryption/decryption, so maybe I'll switch my
> focus there.
>

Something else to consider - we should keep in mind that a JVM is loaded
for the native code, but won't be obvious in a process table  : )

Re: JNI memory leak?

2020-04-04 Thread calder

m

On Sat, Apr 4, 2020, 14:14 Frank Tornack  wrote:

> Good evening,
> I have a question about your e-mail address. Why does the address end
> on com.INVALID? How do you get such an address?
>

That question is off topic.

The invalid is too avoid spam email

Re: JNI memory leak?

2020-04-04 Thread calder

On Fri, Apr 3, 2020 at 8:48 PM Mark Boon  wrote:
>
> For the past few months we’ve been trying to trace what looks like gradual 
> memory creep. After some long-running experiments it seems due to memory 
> leaking when
> jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, 
> JNI_ArgumentPusher*, Thread*) is invoked. Somewhere.
>
> My environment is Tomcat running a proxy webapp. It does TLS termination,  
> authentication and then forwards the call to local services. It doesn’t do 
> much else, it’s a relatively small application.
>
> Some (possibly relevant) versions and config parameters:
> Tomcat 8.5
> Java 8u241 (Oracle)
> Heap size = 360Mb
> MAX_ALLOC_ARENA=2
> MALLOC_TRIM_THRESHOLD_=250048
> jdk.nio.maxCachedBufferSize=25600
>
> We couldn’t find any proof of memory leaking on the Java side.
> When we turn on NativeMemoryTracking=detail and we take a snapshot shortly 
> after starting, we see (just one block shown):
>
> [0x03530e462f9a] JNIHandleBlock::allocate_block(Thread*)+0xaa
> [0x03530e3f759a] JavaCallWrapper::JavaCallWrapper(methodHandle, Handle, 
> JavaValue*, Thread*)+0x6a
> [0x03530e3fa000] JavaCalls::call_helper(JavaValue*, methodHandle*, 
> JavaCallArguments*, Thread*)+0x8f0
> [0x03530e4454a1] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, 
> JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) [clone .isra.96] 
> [clone .constprop.117]+0x1e1
>  (malloc=33783KB type=Internal #110876)
>
> Then we run it under heavy load for a few weeks and take another snapshot:
>
> [0x03530e462f9a] JNIHandleBlock::allocate_block(Thread*)+0xaa
> [0x03530e3f759a] JavaCallWrapper::JavaCallWrapper(methodHandle, Handle, 
> JavaValue*, Thread*)+0x6a
> [0x03530e3fa000] JavaCalls::call_helper(JavaValue*, methodHandle*, 
> JavaCallArguments*, Thread*)+0x8f0
> [0x03530e4454a1] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, 
> JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) [clone .isra.96] 
> [clone .constprop.117]+0x1e1
>  (malloc=726749KB type=Internal #2385226)
>
> While other blocks also show some variation, none show growth like this one. 
> When I do some math on the number (726749KB - 33783KB) / (2385226 – 110876) 
> it comes down to a pretty even 312 bytes per allocation.
> And we leaked just under 700Mb. While not immediately problematic, this does 
> not bode well for our customers who run this service for months.
>
> I’d like to avoid telling them they need to restart this service every two 
> weeks to reclaim memory. Has anyone seen something like this? Any way it 
> could be avoided?

I'm a bit confused. Your stated title is "JNI Memory Leak?"
Tomcat, to my intimate knowledge, does not use JNI (correct me if I'm rwong)
( quick check
 user@stimpy:~/Desktop/tomcat-source/apache-tomcat-8.5.53-src> find .
-name *.c -ls
 user@stimpy:~/Desktop/tomcat-source/apache-tomcat-8.5.53-src> find .
-name *.cpp -ls
 user@stimpy:~/Desktop/tomcat-source/apache-tomcat-8.5.53-src> find .
-name *.asm -ls
 user@stimpy:~/Desktop/tomcat-source/apache-tomcat-8.5.53-src> find .
-name *.pas -ls
}

a) for the "snapshots" provided, there is NO reference to their
association, ie, "what" code are those related to?
b) could you run Mission Control or jvisualvm to locate a stack trace for this?

We have two apps that use JNI and run via Tomcat (and another app
server) - one is "so old" that it is limited to 32-bit . the one
memory leak we have encountered was related to the "native side" (for
us, the native-compiled Pascal side of things (we also use Assembly
code) via Java's JNI code).

So, ultimately, I'm confused why we think Tomcat is "to blame" as
there is no evidence it uses JNI.
It's my experience JNI memory issues are related to the Java JNI or
proprietary native code.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Alternate java.security properties file?

2020-04-02 Thread calder

On Thu, Apr 2, 2020 at 5:53 PM James H. H. Lampert
 wrote:
> Question:
>
> I'm looking at the header of a "java.security" properties file. And I see:
> > # This is the "master security properties file".
> > #
> > # An alternate java.security properties file may be specified
> > # from the command line via the system property
> > #
> > #-Djava.security.properties=
>
> Not quite sure I get this. What exactly do I need to set for , in
> order to specify an override that's in the file system? Something
> starting with "file:///"? And why is it a ? That sounds like you
> could set it to use an override file that's on some web server.

This isn't a "Tomcat question", so a bit off-topic ...
This is strictly related to the JVM, so better off seeking answers in
a Java forum.
However, it should be noted, as quoted further in the configuration:
[quote]
if you specify  "-Djava.security.properties==", using two equal
signs, then that properties file completely overrides the master
security properties file."
[/quote]

And furthermore
[quote]
To disable the ability to specify an additional properties file from
the command line, set the key
security.overridePropertiesFile to false
in the master security properties file. It is set to true by default.
[/quote]
For example:
security.overridePropertiesFile=false

The samples I'm using are for OpenJDK 13 (11's the same, as others previous).
As an explicit example (directly answering your question), one might
do this - to append to
java.security.properties=/home/java.security

Or in the scenario where one wants to replace it
java.security.properties==/home/java.security

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to increase Memory available to Tomcat?

2020-04-01 Thread calder

On Tue, Mar 31, 2020 at 10:57 PM o haya  wrote:

> I think I figured out what is going on.  I think that the parameters were
> working all right, but the memory that is shown by the "free" command isn't
> corresponding to the JVM memory.

[ snip ]
You beat me to the punch. Linux "free" cannot be used reliably in some
situations, esp with Java.

(BTW, I hope you're not running TC as the root user.
  I see references to the root user in your CLI output)

You could use the visual (GUI) tools, such as "jvisualvm" or "Mission
Control" (jmc).
Both of these provide a wealth of JVM memory usage, including GC.

You could also query for the info at the command line
* using "jps -lvm" (NOTE: this is without the facility of JMX)
* you could run: java -XX:+PrintFlagsFinal -version | grep -iE
'HeapSize|PermSize|ThreadStackSize'
for example (output)

user@stimpy:~/bin/jdk180-221/bin> java -XX:+PrintFlagsFinal -version |
grep -iE 'HeapSize|PermSize|ThreadStackSize'
intx CompilerThreadStackSize  = 1024
{pd product} {default}
  size_t ErgoHeapSizeLimit= 0
   {product} {default}
  size_t HeapSizePerGCThread  = 43620760
   {product} {default}
  size_t InitialHeapSize  = 1052770304
   {product} {ergonomic}
  size_t LargePageHeapSizeThreshold   = 134217728
   {product} {default}
  size_t MaxHeapSize  = 16835936256
   {product} {ergonomic}
   uintx NonNMethodCodeHeapSize   = 7594288
{pd product} {ergonomic}
   uintx NonProfiledCodeHeapSize  = 122031976
{pd product} {ergonomic}
   uintx ProfiledCodeHeapSize = 122031976
{pd product} {ergonomic}
intx ThreadStackSize  = 1024
{pd product} {default}
intx VMThreadStackSize= 1024
{pd product} {default}
openjdk version "11.0.6" 2020-01-14
OpenJDK Runtime Environment (build 11.0.6+10-suse-2.1-x8664)
OpenJDK 64-Bit Server VM (build 11.0.6+10-suse-2.1-x8664, mixed mode)
user@stimpy:~/bin/jdk180-221/bin>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Support with error in launcher.log

2020-03-30 Thread calder

On Mon, Mar 30, 2020, 05:02 Luigi Tagliafierro 
wrote:

> Hi everybody,
>
> we are experiencing an error :  The bitbucket log
> (/var/atlassian/bitbucket_home/log/launcher.log) constantly repeats this
> error:
>
> "java.lang.IllegalArgumentException: An invalid domain
>


[.code.doxee.com] was specified for this cookie" .
>

Issue:
the domain has a dot (.) at its beginning.


The error has been present in the log for some time and continues to be.
>
> We contacted the support of atlassian, who after an analysis suggested
> that we ask you about the error in question.
> Here the link to the discussion, *and all the info, tests and steps we
> took before contacting you* :
> https://getsupport.atlassian.com/servicedesk/customer/portal/24/SSP-42041
>
> Our Tomcat version is: 8.5.29
>
> In attachment there is the complete error.
>
> We are waiting for an answer that can help you analyze or solve the
> problem,
>
> Thanks a lot,
> Regards,
>
> Luigi
>

>

Re: stdout / stderr on AWS Linux

2020-03-03 Thread calder

On Tue, Mar 3, 2020 at 11:59 AM calder  wrote:
>
> On Tue, Mar 3, 2020, 10:46 Jerry Malcolm  wrote:
>>
>> Where are the stdout and stderr log files written for tomcat in AWS
>> Linux?  On windows, they are just part of the logs folder. But in AWS
>> Linux /var/log/Tomcat I get all of the other log files.  But no
>> stdout/stderr.  Most of the info is also in Catalina.out.  But just
>> curious where stdout and stderr files have gone.
>
>
> Check if the context.xml has this config set
>
> 
> that swallows stdout/err.

(sorry hit Send too soon) 

Also check catalina.sh, for this entry
#   CATALINA_OUT(Optional) Full path to a file where stdout and stderr
#   will be redirected.
#   Default is $CATALINA_BASE/logs/catalina.out

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: stdout / stderr on AWS Linux

2020-03-03 Thread calder

On Tue, Mar 3, 2020, 10:46 Jerry Malcolm  wrote:

> Where are the stdout and stderr log files written for tomcat in AWS
> Linux?  On windows, they are just part of the logs folder. But in AWS
> Linux /var/log/Tomcat I get all of the other log files.  But no
> stdout/stderr.  Most of the info is also in Catalina.out.  But just
> curious where stdout and stderr files have gone.
>

Check if the context.xml has this config set

Re: issue faced in tomcat 8.5.51

2020-02-28 Thread calder

On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra  wrote:

> Hi Team,
>
> I am using below configuration in server.xml for tomcat
>
>  secretRequired="false" secure="false"  address="127.0.0.1"
>tomcatAuthentication="false" enableLookups="false"
> maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1"
>useBodyEncodingForURI="true" URIEncoding="UTF-8"
> backlog="100" packetSize="8192"
>maxThreads="320" minSpareThreads="8"/>
>
> but I got below exception in start up time
>

< snip >

>

Caused by: java.lang.IllegalArgumentException:

The AJP Connector is configured with secretRequired="true" but the secret
> attribute is either null or "". This combination is not valid
>





Please let me know what should I put to fix the issue, it will be very
> helpful for me.
>
> I am stuck because of the above issue, we are using Apache and tomcat for
> serving the request.
>
> Let me know if anything else required from my side.
>

Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat

2020-02-24 Thread calder

On Mon, Feb 24, 2020, 14:19 Ellen Meiselman  wrote:

> Hi,
>
> I’m having a lot of trouble configuring the isapi_redirect connector
> between IIS and Tomcat. I am running out of ideas so it’s time to ask for
> help from the experts. I think the problems remaining are in the tomcat
> configuration area, not the IIS area anymore.
>
> What’s wrong:
> The ISAPI module appears to be working and correctly sending AJP requests
> to Tomcat on port 8009, at which point Tomcat refuses those requests with a
> 403 error. The isapi_redirect.log shows the complete content of the tomcat
> response, and no longer shows any errors - in other words, it thinks it is
> working.
>
> Text of the 403 error:
>
>  HTTP Status 403 – Forbidden
>  Type Status Report
>  Description The server understood the request but refuses to
> authorize it.
>  Apache Tomcat/8.5.51
>


Is IIS returning the 403?  If yes, we should see a "dot error" number, such
as 403.1 or 403.2, and so on.


What does work:
> Requests directly to Tomcat on port 8080 to pages within the
> connector-exposed web application work fine.
> For example, both of these work:
> localhost:8080/exposedApplication/simple.html. (viewed on the server’s
> browser)
> my.servers.domain.com:8080/exposedApplication/simple.html (viewed
> anywhere else)
>
>
> What does not work:
> Requests that go through IIS and the connector to the connector-exposed
> application result in a 403 error.
> For example, this does not work:
> https:my.servers.domain.com/exposedApplication/simple.html
>
>
> This Windows 2019 setup has the following versions of tomcat, windows, etc:
>
> Tomcat version 8.5.51
> Isapi_redirect.dll version 1.2.46.0
> IIS 10/Windows server 2019
>
> I also have two older, similar Windows Server environments that work
> perfectly. They both use these versions:
>
> Tomcat version 8.5.3 (64 bit) as a service
> Isapi_redirect.dll version 1.2.40.0 64 bit
> IIS 8/Windows server 2012R2
>
>
> The component versions between the working and non-working environments
> are slightly different, and I think that might be the source of the problem
> - there are probably new configuration requirements that I need to be aware
> of. I started with the settings used in the working environments and found
> that some things needed to be changed to get the connector to work at alll.
> For example I had to specify an iPv4 address for the connector where I
> didn’t need to before.
>
> My theories at the moment:
> 1. Maybe allowedRequestAttributesPattern is a problem? I saw a note about
> the allowedRequestAttributesPattern attribute for the AJP connector
> possibly causing a 403 error, but I don’t understand how to use it or if it
> is needed.
> 2. It’s possible that something in the Tomcat permissions settings are
> wrong, but I really don’t know where to look.
>
>
> Relevant configuration settings in server.xml, workers.properties and
> uriworkermap.properties:
>
> server.xml
>
>  redirectPort="8443" />
>  requiredSecret="true"  secret=“" redirectPort="8443" />
>
>   autoDeploy="true">
>  directory="logs"
>prefix="localhost_access_log" suffix=".txt"
>pattern="%h %l %u %t %r %s %b" />
>   
>
>   autoDeploy="true">
>  directory="logs"
> prefix="127_0_01_access_log" suffix=".txt"
> pattern="%h %l %u %t %r %s %b" />
>  
>
>
> workers.properties
>
> # Set properties for worker1 (ajp13)
> worker.worker1.type=ajp13
> worker.worker1.host=127.0.0.1
> worker.worker1.port=8009
> worker.worker1.secret=
>
> uriworkermap.properties
> /exposedApplication/*=worker1
>
> Any suggestions or new directions will be welcome.
>


A full stack trace (including any "caused by" statements)  from Tomcat
*and*  IIS would be helpful.

>

Re: Embedding with Tomcat 9

2020-02-18 Thread calder

On Tue, Feb 18, 2020, 14:12 Thad Humphries  wrote:

> I am trying to understand how to build and run an app from local with
> Tomcat 9 embedded using Java 8. I've started with this example written for
> Tomcat 7:
>
> https://www.oracle.com/webfolder/technetwork/tutorials/obe/java/basic_app_embedded_tomcat/basic_app-tomcat-embedded.html#overview
>
> I am able to get it to run with Tomcat 9 after a few changes to the pom.xml
> and one addition to the main() method:
>
> public static void main(String[] args) throws Exception {
>


  String contextPath = "" ;
>

May not be the issue, cause there's other code to consider, but should the
above line be

String contextPath = "/" ;


In the future, you should also check the full stack trace for clues


  String appBase = ".";
>   Tomcat tomcat = new Tomcat();
>   tomcat.setPort(Integer.valueOf(PORT.orElse("") ));
>   // next line added for Tomcat 9
>   tomcat.setConnector(tomcat.getConnector());
>
>   tomcat.setHostname(HOSTNAME.orElse("localhost"));
>   tomcat.getHost().setAppBase(appBase);
>   tomcat.addWebapp(contextPath, appBase);
>   tomcat.start();
>   tomcat.getServer().await();
> }
>
> However although this runs it returns a 404 on /employee. Why?
>
> I've tried variations on other Tomcat 9 examples (such as
> https://nkonev.name/post/101). There main() methods are considerably more
> involved, and I don't follow all that's going on. I've had no success. Some
> don't run, or, in the nkonev example earlier, JSPs aren't processed
> (probably because of "tomcat.setAddDefaultWebXmlToWebapp(false);" but if I
> commnent that out, the Jar won't run).
>
> What's the minimum to get the above main() to serve /employee?
>
>

Re: Tomcat server gets stuck

2020-02-14 Thread calder

On Fri, Feb 14, 2020, 15:05 James H. H. Lampert 
wrote:

> Ladies and Gentlemen of the Tomcat List:
>
> We have a situation.
>
> Earlier today, something (we don't know what) caused the Tomcat (7.0.93)
> server on our AS/400 to go crazy, producing a 70G+ catalina.out file,
> and rendering the machine generally unresponsive.
>
> Once I was able to get a terminal session (through a reserved "console"
> Ethernet interface), I forcibly shut down the Tomcat server.
>
> Then, after saving the enormous catalina.out file, I restarted Tomcat,
> and it brought up all contexts but the ROOT (which was having
> "persistence directory" problems, which I've passed on to our Tomcat
> specialists). I tried stopping and restarting that context, with no
> change in its behavior.
>
> But then, I tried shutting down and restarting Tomcat again, and this
> time, it comes up, and opens the port, but no contexts start, not even
> one that's nothing more than a directory with a static web page in it!
>
> Anybody here have any idea what could be going wrong? It seems to get
> stuck on "Deploying web application archive"
>


Is this the client install where y'all upgraded the JVM from 1.7 to 1.8?

Is there a repeating stack trace in the logs? If yes, what is it?And if
you post it, please include the complete stack trace, including any and all
"Caused by" entries

Re: Error: Cannot start container [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]: Deployable [http://localhost:2990/cargocpc/index.html] failed to finish deploying with

2020-02-13 Thread calder

On Thu, Feb 13, 2020, 05:17  wrote:

> I am trying to run one new plugin of jira using tomcat. But tomcat is not
> getting started due to below error. Can you please let me know how this
> error can be resolved?
>
> I am using Apache Tomcat Version 8.5.35.
>
> Error is as below.
>
> [ERROR] Failed to execute goal
> com.atlassian.maven.plugins:amps-dispatcher-maven-plugin:8.0.2:run
> (default-cli) on project newplugin05: Cannot start container
> [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]:
> Deployable [http://localhost:2990/cargocpc/index.html] failed to finish
> deploying within the timeout period [60]. The Deployable state is thus
> unknown. -> [Help 1
>
(Crosspost removed).

This is not a Tomcat issue, ie, this particular error could be seen on any
other app server.

The issue is with AMPS starting other processes - something *else* is
causing the slow startup (which is 600,000 millis here), thus the Atlassian
SDK (AMPS) cannot fully complete startup.

Check the other Atlassian related servers to see if there are any CPU
intensive tasks running which would throttle startup.

Re: JVM job for Tomcat taking lots and lots of CPU

2020-02-11 Thread calder

On Tue, Feb 11, 2020, 18:40 James H. H. Lampert 
wrote:

> Ladies and Gentlemen:
>
> We have a customer installation in which the JVM job for our Tomcat
> server is frequently using massive amounts of CPU.
>
> It's Tomcat 7.0.67, running on an AS/400, in a 64-bit Java 7 JVM, with
> -Xms3096m and -Xmx5120m JVM arguments.
>
> GC information on the JVM job shows:
> > Garbage collected heap:
> >   Initial heap size  . . . . . . . . . :  3096.000M
> >   Maximum heap size  . . . . . . . . . :  5120.000M
> >   Current heap size  . . . . . . . . . :  4458.562M
> >   Heap in use  . . . . . . . . . . . . :  1907.673M
> > Other memory:
> >   Internal (break) memory size . . . . :   504.982M
> >   JIT memory size  . . . . . . . . . . :74.000M
> >   Shared classes memory size . . . . . : 0.000M
> > General GC information:
> >   Current GC cycle . . . . . . . . . . :   2184
> >   GC policy type . . . . . . . . . . . : GENCON
> >   Current GC cycle time  . . . . . . . :552
> >   Accumulated GC time  . . . . . . . . :5108241
>
> It seems to be doing a lot of garbage-collecting.
>
> Would switching to Java 8 help? Would switching to 7.0.93 help?

Well, End of Public Updates for Java 7 was Apr 2015 (Extended support to
2022).  EOPU for Java 8 was Jan 2019 (Ext support to 2025).

Is this a new client install?  Or has the app been running with no issue
until some time recently?  Does the issue surface with one user; or 20
users;  or 100 users?  How many instances of Tomcat? (on the same machine?)

Have y'all run a profiler (JVisualVM or Mission Control or YourKit, etc) to
narrow down where in the app it's spiking  and to gather more granular GC
stats?

It's always my experience these type of issues are not Tomcat, it's the
app, or something's misconfigured.

Re: Tomcat 9.0.11 cookieprocessor question.

2020-02-07 Thread calder

On Fri, Feb 7, 2020, 09:08 saivenkat thatikonda <
saivenkatthatikon...@gmail.com> wrote:

> Hello all,
>
> I am trying to set *sameSiteCookies = "none"* in *
> *in *server.xml
> *file of tomcat.
>

It's preferred to add this in the META-INF sub-dir in the context.xml file


But I see this in th elog files:
> *WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin
> [SetPropertiesRule]{Server/Service/Engine/Host/Context/CookieProcessor}
> Setting property 'sameSiteCookies' to 'none' did not find a matching
> property*
>


It's my understanding this was merged in 9.0.21 (you state you're using
9.0.11).

>

Re: SOLVED - Re: Aw: Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread calder

On Sun, Feb 2, 2020, 15:49 Peter Rader  wrote:

> The old version of the application had a daemon that have not yet finished
> his execution.
>
> Unfortuantely there is no further logging why the old version not stoped
> yet.
>
> I expected to have the "mvn redeploy" waiting forever for this
> deamon-locked problem. What I can not do is write a bug report because the
> bug was inside my app. But what I might do is to add a feature-request. Not
> sure where, and not sure for what component, maven-tomcat-plugin maybe...
>
>

Please post updates to the original thread.

As suggested in the original thread, it was a permissions issue ...
permission denied because the port was already in use : )

Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread calder

On Sun, Feb 2, 2020, 10:31 Peter Rader  wrote:

> Hi,
>
> I am using maven to redeploy a application.
>
> Maven returning:
> [ERROR] Failed to execute goal
> org.codehaus.mojo:tomcat-maven-plugin:1.1:redeploy (default-cli) on project
> xxx: Cannot invoke Tomcat manager: Error writing to server -> [Help 1]
> org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute
> goal org.codehaus.mojo:tomcat-maven-plugin:1.1:redeploy (default-cli) on
> project XXX: Cannot invoke Tomcat manager
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:215)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:156)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:148)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:117)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:81)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:128)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:282)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:225)
> at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:406)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:347)
> Caused by: org.apache.maven.plugin.MojoExecutionException: Cannot invoke
> Tomcat manager
> at org.codehaus.mojo.tomcat.AbstractCatalinaMojo.execute
> (AbstractCatalinaMojo.java:149)
> at org.codehaus.mojo.tomcat.AbstractWarCatalinaMojo.execute
> (AbstractWarCatalinaMojo.java:70)
> at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:137)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:210)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:156)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:148)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:117)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:81)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:128)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:282)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:225)
> at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:406)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:347)
>


Last "Caused by"


Caused by: java.io.IOException: Error writing to server
> at sun.net.www.protocol.http.HttpURLConnection.writeRequests
> (HttpURLConnection.java:700)
> at sun.net.www.protocol.http.HttpURLConnection.writeRequests
> (HttpURLConnection.java:712)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream0
> (HttpURLConnection.java:1591)
> at

Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?

2020-01-09 Thread calder

Moderators ?



On Wed, Jan 8, 2020, 20:44 Zahid Rahman  wrote:

>
> https://stackoverflow.com/questions/46786046/severe-main-org-apache-catalina-core-standardservice-initinternal-failed-to-in
>
> I went to college and studied IT before finding a job. My teacher explained
> to me that you should always look at the first error and ignore the rest.
>



Then your  "teacher"  has  NO IDEA  what they are talking about, as related
to log interpretation ... and now, YOU foster the same INVALID information.


When one reads a log file, if there are any "Caused by"  statements, locate
the last "Caused by" in the stack trace, and that is the area of root cause.

One can see there are "Caused by's" in the stack trace, so "looking at the
first error"  does NOT apply in this case.



James, do not take Zahid's information as accurate - his knowledge is
lacking.



First error.
> 08-Jan-2020 23:14:09.026 SEVERE [main]
> org.apache.catalina.core.StandardService.initInternal
> Failed to initialize connector [Connector[HTTP/1.1-8443]]
>
>
> Once that has been addressed  then either the remaining  will disappear or
> address the second error which will then be the first error.
>
>
> On Wed, 8 Jan 2020, 23:59 James H. H. Lampert, 
> wrote:
>
> > I wrote:
> > > Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt"
> > > and ".key" files directly, instead of the Java Keystore file?
> >
> > On 12/30/19 1:41 PM, Peter Kreuser wrote:
> > > Correct!
> >
> > I tried an experiment this afternoon:
> >
> > I made a copy of the existing server.xml file, and I changed the active
> > connector from this (keystore file and alias redacted for privacy,
> > ciphers and compressibleMimeTypes clauses redacted because they're quite
> > long, and not relevant here):
> > >  > protocol="org.apache.coyote.http11.Http11NioProtocol"
> > >  compression="on" compressionMinSize="2048"
> > noCompressionUserAgents="gozilla, traviata"
> > >  compressableMimeType="[REDACTED]"
> > >  maxThreads="1000" socket.appReadBufSize="1024"
> > socket.appWriteBufSize="1024" bufferSize="1024"
> > >  SSLEnabled="true" scheme="https" secure="true"
> > >  keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]"
> > >  clientAuth="false" sslProtocol="TLS" />
> >
> > to this:
> > >  > protocol="org.apache.coyote.http11.Http11NioProtocol"
> > >  compression="on" compressionMinSize="2048"
> > noCompressionUserAgents="gozilla, traviata"
> > >  compressableMimeType="[REDACTED]"
> > >  maxThreads="1000" socket.appReadBufSize="1024"
> > socket.appWriteBufSize="1024" bufferSize="1024"
> > >  SSLEnabled="true" scheme="https" secure="true">
> > >> >certificateVerification="none" sslProtocol="TLS">
> > >  > certificateKeyFile="[REDACTED].key"
> > >  certificateChainFile="[REDACTED].ca.crt" />
> > >   
> > > 
> >
> > and restarted Tomcat, and it failed to open the port, producing this in
> > catalina.out:
> > > 08-Jan-2020 23:14:09.026 SEVERE [main]
> > org.apache.catalina.core.StandardService.initInternal Failed to
> initialize
> > connector [Connector[HTTP/1.1-8443]]
> > >  org.apache.catalina.LifecycleException: Failed to initialize component
> > [Connector[HTTP/1.1-8443]]
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
> > > at
> >
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > > at
> >
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > > at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
> > > at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > at java.lang.reflect.Method.invoke(Method.java:498)
> > > at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
> > > at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
> > > Caused by: org.apache.catalina.LifecycleException: Protocol handler
> > initialization failed
> > > at
> > org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > > ... 12 more
> > > Caused by: java.lang.IllegalArgumentException: Cannot store
> > non-PrivateKeys
> > > at org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
> > > at org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
> > >

Re: [OT] Re: Maven Warning. Ubuntu Users

2020-01-08 Thread calder

What does this have to do with Tomcat?

Moderators???



On Wed, Jan 8, 2020, 13:52 Zahid Rahman  wrote:

> Another example of using  maven 2015 version and the impact of unknown
> warning  by MAVEN can have on application development across the Globe.
> Let'sEncrypt guy (Shultz) dismissed as unimportant.
>
> https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.3.9/
>
>
> Mary Zheng
> Posted by: Mary Zheng
>  in Core Java
>  December 27th,
> 2019
>  0
> <
> https://examples.javacodegeeks.com/multiple-inheritance-java-example/#respond
> >
>  433 Views
>
> She works as a senior Software Engineer in the telecommunications sector
> where she acts as a leader and works with others to design, implement, and
> monitor the software solution.
>
> https://examples.javacodegeeks.com/multiple-inheritance-java-example/
>
> 2. Technologies Used
>
> The example code in this article was built and run using:
>
>- Java 11
>- Maven 3.3.9
>- Eclipse Oxygen
>- Junit 4.12
>
>
> On Wed, 8 Jan 2020, 12:36 zahid,  wrote:
>
> > ok
> >
> > Thank you.
> >
> > www.backbutton.co.uk
> > ♡۶¯\_(ツ)_/¯ ♡۶
> > Marriage of loose and tight coupling
> > -> healthy applications
> >♡۶
> > javac Garden/Vegetables/VineVegetable.java
> > java   Garden.Vegetables.VineVegetable
> > What No!  -classpath -class-path even -cp!
> >
> > On 08/01/2020 09:48, Mark Thomas wrote:
> > > On 08/01/2020 08:41, Peter Kreuser wrote:
> > >> Zahid,
> > >>
> > >> you‘re talking to one of the most respected members of the community
> > > like this?
> > >
> > > All participants in Apache communities are expected to follow the code
> > > of conduct:
> > >
> > > http://www.apache.org/foundation/policies/conduct.html
> > >
> > > This is irrespective of whether you are replying to a message from one
> > > of the founders of the ASF or a first time contributor.
> > >
> > >> STFU or leave.
> > > While I understand the frustration, statements like the above are only
> > > going to add heat to an already heated situation. Please try and
> refrain
> > > from such responses.
> > >
> > >> This calls for an ban!
> > > As one of the list moderators, that thought crossed my mind as soon as
> I
> > > saw the off-topic Linux vs Windows post. I hoped that it was a one-off.
> > > When it became clear that it wasn't, I posted my request to keep
> threads
> > > on topic. I hoped that would be sufficient. Clearly it wasn't.
> > >
> > > I would urge everyone not to reply to off-topic posts.
> > >
> > > If you want to bring a post you find problematic to the attention of
> the
> > > moderators then please feel free to mail the list moderators at:
> > > users-ow...@tomcat.apache.org
> > >
> > >>> Am 08.01.2020 um 06:06 schrieb Zahid Rahman :
> > >>>
> > >>> 
> >  A version of what?
> > >>> MAVEN
> > >>> MAVEN
> > >>> MAVEN
> > >>>
> > >>> In light of this video https://youtu.be/idViw4anA6E
> > >>> Of http.
> > >>>
> > >>> You and your let's encrypt must be the longest troll on this line.
> > > No.
> > >
> > > How to configure Apache Tomcat with keys and certificates provided by
> > > Let's Encrypt is entirely on-topic for the Apache Tomcat users' mailing
> > > list.
> > >
> > >>> Take your wares and peddle them somewhere else carpet beggar.
> > > Zahid,
> > >
> > > Please stop this now.
> > >
> > > Please keep your posts to this list on topic.
> > >
> > > Please ensure that any posts are consistent with the Apache Code of
> > Conduct.
> > >
> > > If you continue to disrupt this community with off-topic posts and/or
> > > behaviour that is inconsistent with the Apache Code of Conduct then the
> > > list moderators will either require all your posts to be moderated or
> > > simply block you from posting at all.
> > >
> > > Mark
> > > wearing his list moderator hat
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > --
> > www.backbutton.co.uk
> > ♡۶¯\_(ツ)_/¯ ♡۶
> > Marriage of loose and tight coupling
> > -> healthy applications
> >♡۶
> > java -cp classpath class-path
> >
> >
>

Re: Dates on Linux vs. Windows

2020-01-07 Thread calder

On Tue, Jan 7, 2020, 17:17 Jerry Malcolm  wrote:

>
> > On Tue, 7 Jan 2020, 21:52 ,  wrote:
>

'.  What do I set/change?
> 
> >> Those millisecond values are 6 hours apart, which looks like a timezone
> >> issue.  I happen to be in US Central time, which is 6 hours earlier than
> >> UTC in winter.
> >>
> >> You're right that System.currentTimeMillis() itself is independent of
> >> timezone but Date is not.
>
> That all makes sense.  But at the end of the day, what do I do to make
> it work right?  I am also in Central time.  My Linux OS is set to
> central (at least I tried to set that.  Afterwards my log entries are
> correctly logging in central time instead of gmt.  So I assume it's set
> right).   What do I need to do in Tomcat to 'fix' it so that sql dates
> aren't somehow adjusted?  I simply want a 2019-02-01 in the database to
> appear as 2019-02-01 in java.  And the same code must work identically
> on both OS's.
>


Have you checked the DST setting?

Re: Tomcat 9 does not allow to read file in /tmp folder with 777 permission?

2020-01-06 Thread calder

On Sat, Jan 4, 2020 at 8:36 AM bphamhuu  wrote:
> I have a java web application by Tomcat 9 servlet container which tries to
> read a file in /tmp folder with 777 permission on Ubuntu 18.04
>
> ls -ltr /tmp/test.txt
> -rwxrwxrwx 1 vagrant vagrant 10 Jan  3 17:03 /tmp/test.txt
[snip]

> # Cannot read file. Reason: File '/tmp/test.txt' does not exist

What "user account" is Tomcat executing as?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 9 does not allow to read file in /tmp folder with 777 permission?

2020-01-06 Thread calder

On Sat, Jan 4, 2020 at 7:26 PM zahid  wrote:

> Have ever heard of "*chmod*" in windows ?
No, but that's because the security model in Windows is *different*
than for *nix OSes.
On Win, there's attrib, xcacls, cacls, and icacls, but none of those
truly match was chmod does.
So, one needs to understand the underlying models for *nix and Windows
to properly describe the differences.

> Have ever heard of *which* in windows ?
Yea, no "which" - but have you tried "where" on Win?
Could also use a "for" in Win (if you understand how to do it).

>  or *find* in windows ?
Okay, no "find" but have you tried:  dir /s \ ?

> why is this same unique behaviour in Unix which came after Linux.
Ummm.  Linux came *after* Unix.

> why is there three ways to do same thing  ?
> java - cp
Because it's terse (BTW, the dash is supposed to be connected to "cp", as "-cp")

> java - classpath
Because it's descriptive and self-commenting
(BTW, the dash is supposed to be connected to "classpath", as "-classpath")

> java - class-path
Rwong - Class-Path is used in the Manifest.

You missed one - the CLASSPATH environment variable

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

SSO fails on Tomcat 9

2019-09-03 Thread calder

On Tuesday, September 3, 2019, André Warnier (tomcat)  wrote:
>
>
> Note : why it would work with tomcat8 and not with tomcat9 is still not
> clear to me, unless there have been some changes between the tomcat8 SPNEGO
> Valve and the tomcat9 SPNGEGO Valve, or else maybe in terms of the tomcat
> hostname considerations.

I don't [yet] have an answer, but we have an app that supports SPNEGO and
when we recently did a regression to certify our app for TC 9.x, SPNEGO
broke. (Our app is also supported to run on WebSphere and WebLogic, and
SPNEGO works fine on those).

Installed on exact same server, same domain, configuration, ad nauseum ---
use TC 8.0, no issue - stop 8.0, start TC 9.0 and SPNEGO is a no go.

I did a diff of TC 8.0 / 9.0 source and don't see anything that jumps out
at me to cause the issue, though there are changes.  Anyway, we pushed the
"investigate SPNEGO" Jira ticket to the bottom of the Backlog, so haven't
pursued it further.

Re: Tomcat Bandwidth Utilization Tool

2019-08-30 Thread calder

On Thursday, August 29, 2019, Michael Duffy  wrote:

> Is there a simple tool that will show bandwidth utilization to and from
> the Tomcat server?
>
> I am looking for something that will provide an exact byte count of the
> TCP/IP packets.
>
> I would have thought this would be an easy find; however, after hours of
> Googling around I have not yet been successful.
>
> There are some options here:
> https://www.comparitech.com/net-admin/free-bandwidth-monitoring-tools/
> ,but none of them specifically mention integration with Tomcat.
>
> At the application level, if I just measure the byte flow into and out of
> my application, I will miss the bytes in the TCP/IP headers.
>
> Any suggestions would be greatly appreciated.
>


What problem are you trying to solve?

Re: Profiler for Tomcat

2019-08-27 Thread calder

YourKit, AppDynamics, Mission Control, JProfiler, New Relic, ...

On Tuesday, August 27, 2019, Michael Duffy  wrote:

> I have searched for a good profiler for Tomcat with little success.
>
> I am looking for an application that will profile internal memory and
> bandwidth utilized (data transfer rates from Tomcat).
>
> Any help would be greatly appreciated.
>
> Thx!
>

Re: Question about setting CATALINA_OPTS when starting Tomcat using a Windows Service in Tomcat 7.0.54

2018-08-08 Thread calder

I configured my "Tomcat as a Service" a couple days ago for remote JMC

a) navigate to Tomcat's "bin" subdir
b) execute: tomcat7w  //ES//"type service name here"
c) go to Java tab
d) add the properties in the "Java Options" text area
e) select OK and restart Tomcat Service


On Wednesday, August 8, 2018, Louis Zipes  wrote:

> Thanks for the assistance!  See my comments below:
>
> >You put this to setenv.bat in your bin directory. If the setenv.bat file
> does not exist, create it
>
> -- My problem throughout this is that I'm starting up my Tomcat using
> Windows service so setenv.bat and catalina.bat seems to be ignored in that
> scenario.   Correct me if I'm wrong but everything on Google mentions this.
>
> >Note that you can also set your properties in CATALINA_OPTS directly,
> i.e. you'd delete the line above in setenv.bat and paste in:
>
> -- When you say 'Set Catalina_Opts directly' do you mean the Environment
> variable  or some other location?
>
> -Original Message-
> From: Marek Czernek [mailto:mczer...@redhat.com]
> Sent: Wednesday, August 08, 2018 9:39 AM
> To: users@tomcat.apache.org
> Subject: Re: Question about setting CATALINA_OPTS when starting Tomcat
> using a Windows Service in Tomcat 7.0.54
>
> - - - external message, proceed with caution - - -
>
>
> Hi Louis,
>
> try the following format:
>
> set
> CATALINA_OPTS="-Dcom.sun.management.conf.file=%
> CATALINA_BASE%\conf\abc.efg"
>
> In the above, %CATALINA_BASE% is a bariable that should be resolved by
> Tomcat. If it is not, I made a mistake in the variable name, but I think
> it should work (you could also try %catalina.base%).
>
> You put this to setenv.bat in your bin directory. If the setenv.bat file
> does not exist, create it. Note that you can also set your properties in
> CATALINA_OPTS directly, i.e. you'd delete the line above in setenv.bat
> and paste in:
>
> set CATALINA_OPTS="-Dproperty1=value1 -Dproperty2=value2" etc. When you
> start Tomcat, it should read all the properties in CATALINA_OPTS and
> show you the properties at the beginning of the log.
>
> Hope this helps.
>
> On 08/08/2018 03:10 PM, Louis Zipes wrote:
> > Hi Daniel,
> > I apologize if maybe it is my lack of knowledge but I don't think I
> understand the actual way to write the line 'Set Catalina_Opts ='  in this
> management file that I'm going to reference in the Java window/tabe in the
> Tomcat 7w GUI.
> >
> > In my management.properties file (in the /CONF folder which is where
> also the server.xml file sits) I have the following
> >
> > com.sun.management.jmxremote
> > com.sun.management.jmxremote.port=8008
> > com.sun.management.jmxremote.authenticate=false
> > com.sun.management.jmxremote.ssl=false
> > java.rmi.server.hostname=
> >
> > How do I set these as my CATALINA_OPTS values?  I have tried various
> 'SET CATALINA_OPTS...' options but I can't seem to write it the correct way
> for Windows.  I have even tried to set the CATALINA_OPTS option, pointing
> to the management.properties file in the Java tab in the Tomcat7w GUI but I
> get an error that the Class can't be found so I must be writing it wrong.
> >
> > Thanks for the continued assistance.
> >
> > - Louis
> >
> >
> >
> > -Original Message-
> > From: Daniel Savard [mailto:daniel.sav...@gmail.com]
> > Sent: Friday, August 03, 2018 11:57 PM
> > To: Tomcat Users List
> > Subject: Re: Question about setting CATALINA_OPTS when starting Tomcat
> using a Windows Service in Tomcat 7.0.54
> >
> > - - - external message, proceed with caution - - -
> >
> >
> > Le ven. 3 août 2018 à 12:03, Louis Zipes  a écrit
> :
> >
> >> Good catch!!  I still had 'd' in front of my lines so once I removed
> those
> >> JMX starts up using Management.properties file but as you mentioned it
> >> doesn't really change the behavior at all and the Service still doesn't
> >> stop cleanly.  So is there a way to force the JMX to use CATALINA_OPTS
> in
> >> this file.  Something like SET CATALINA_OPTS = 'JMX settings'?
> >>
> >> That is if the JMX running on CATALINA_OPTS is indeed the answer.
> >> Basically, trying to mimic the setenv file that is not used by the
> Window
> >> Service.
> >>
> >> -Original Message-
> >> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> >> Sent: Friday, August 03, 2018 11:52 AM
> >> To: users@tomcat.apache.org
> >> Subject: Re: Question about setting CATALINA_OPTS when starting Tomcat
> >> using a Windows Service in Tomcat 7.0.54
> >>
> >> - - - external message, proceed with caution - - -
> >>
> >>
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA256
> >>
> >> Louis,
> >>
> >> On 8/3/18 11:32 AM, Louis Zipes wrote:
> >>> Hi Daniel, I tried your suggestion and while I think it is now
> >>> acknowledging the existence of the management.properties file
> >>> (Windows Service wouldn't start if I purposely misspelled
> >>> 'managemenX.properties') but it doesn't seem to be actually working
> >>> (JMX can't connect).
> >>>
> >>> What I did:
> >>>
> >>> I

Re: Tomcat 5.5.17 migration to 6

2018-07-14 Thread calder

Why migrate to a version that is EOL (no doubt why you can't find docs) ?
https://tomcat.apache.org/tomcat-60-eol.html

If I were in the situation, I'd migrate to a more modern version, such as
8.5


On Saturday, July 14, 2018, David Babooram 
wrote:

> Good morning
>
> My intent is to migrate from 5.5.17 to 6 with the intent to upgrade to
> 6.0.48. , mainly due to a vulnerability notice.
>
> I understand the changes listed from the Apache site wrt the migration.
> but I have not gotten any steps on how to proceed.
>
> Is there any proper documentation on how to proceed
>

Re: needed your help very urgent

2017-04-24 Thread calder

On Mon, Apr 24, 2017 at 9:22 AM, Naga Ramesh  wrote:
> Tomcat Team,
>
> Always we are getting the below mentioned errors, please check ASAP and
> guide me if anything missing from our end, this is very urgent, please
> respond asap.
>
> Tomcat Version: apache-tomcat-8.0.33
> Java Version: "1.8.0_77"
>
> Setenv.sh file setting:
> export JAVA_OPTS="$JAVA_OPTS -DR_E_T_A_P_P"
> export CATALINA_OPTS="$CATALINA_OPTS -Xms1024m"
> export CATALINA_OPTS="$CATALINA_OPTS -Xmx4196m"

> #export CATALINA_OPTS="$CATALINA_OPTS -Xss64m"

When reading a stack trace, always look for any "Caused by" entries -
if more than one exists, then find the last "Caused by" entry and that
should clue you as to the issue.

I draw your attention to the line below I marked with asterisks
** - that log entry suggests your -Xss setting is set to low.
Now, look up at the last CATALINA_OPTS line in your setenv.sh - that
last entry is commented out.

Remove the leading pound-sign (#) and set it to a value appropriate
for your application.  Because that line is commented out, the JVM is
using the default value - the default value is different for 32 and 64
bit JVMs.

[snipped]

> Caused by: java.lang.IllegalStateException:
>   Unable to complete the scan for annotations for web application [] due to a 
> StackOverflowError.
>   Possible root causes include a

>** too low setting for -Xss and illegal cyclic inheritance 
> dependencies.

>   The class hierarchy being processed was 
> [org.bouncycastle.asn1.ASN1EncodableVector-org.bouncycastle
>   .asn1.DEREncodableVector-org.bouncycastle.asn1.ASN1EncodableVector]
>at
> org.apache.catalina.startup.ContextConfig.checkHandlesTypes(ContextConfig.java:2097)

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: need help with websocket

2017-03-29 Thread calder

On Tuesday, March 28, 2017, Sharat Jagannath  wrote:

> how do i setup websocket on server side for using wss with tomcat config?
> is there any config i need to do with tomcat? any certification to setup?


>

Read up using the How-to:

https://tomcat.apache.org/tomcat-8.0-doc/web-socket-howto.html


 http://tomcat-configure.blogspot.com/2014/05/tomcat-websocket-example.html

Re: Tomcat 8/Redhat Linux 6.6 /Kernal 2.6.32 - Memory Won't Release

2017-03-20 Thread calder

On Mon, Mar 20, 2017 at 4:46 PM, Eric Chua  wrote:

> siteadm@mavs01web11q:/data/tools/jvmtop $ top -U siteadm
>
> top - 12:41:20 up 19 min,  3 users,  load average: 1.25, 1.24, 0.87
>
> Tasks: 130 total,   1 running, 129 sleeping,   0 stopped,   0 zombie
> Cpu(s): 98.5%us,  1.0%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.5%si,  0.0%st
> Mem:  16334352k total, 15623536k used,   710816k free,84096k buffers
> Swap:  4128764k total,0k used,  4128764k free,   339484k cached
>
>   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 2019 siteadm   20   0 6054m 4.1g  17m S 98.0 26.5  11:29.56 java
> 2523 siteadm   20   0 19288 1452 1080 R  0.3  0.0   0:00.02 top
> 1950 siteadm   20   0  105m 2100 1560 S  0.0  0.0   0:00.14 bash
>
> On Monday, March 20, 2017, 10:21 AM, Eric Chua  wrote:
>
> siteadm   2007 1  7 11:04 pts/000:00:00 
> /data/java/jdk1.8.0_121/bin/java -

[snip]
>
> My kernel is 2.6.32-642.15.1.elf.x86_64
> Memory gets all allocated and  after I kill it only a portion is recovered.  
> Any ideas?
>
> top - 11:18:36 up 16 min,  2 users,  load average: 1.92, 1.39, 0.68
> Tasks: 123 total,   1 running, 122 sleeping,   0 stopped,   0 zombie
> Cpu(s):  0.7%us,  0.0%sy,  0.0%ni, 99.3%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
> Mem:  16334352k total, 11215624k used,  5118728k free,33788k buffers
> Swap:  4128764k total,0k used,  4128764k free,   313940k cached

>   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 1931 siteadm   20   0  105m 2120 1568 S  0.0  0.0   0:00.10 bash
> 2319 siteadm   20   0 19288 1460 1092 R  0.0  0.0   0:00.09 top

Please do not top-post - if that term is unfamiliar to you, please
read this before posting again.
http://www.idallen.com/topposting.html

"top" is simply a "ps" that refreshes its output every so often.
A word of warning - for "ps" (and of course "top"), the output of VSZ
and RSS are almost **always wrong**.If that statement is doubtful
to anyone, choose a process in the ps list and run "pmap -d "
and compare the results - you will see that the ps output is usually
over-inflated (we'll not get into the why's here).

If you are worried about the "Mem: 16334352k total, 11215624k used,
5118728k free" output from ps/top, don't be - Linux will take up RAM
to use for caching, and in many cases, you may see a Linux (or Unix)
system where there is almost NO available memory.  But don't be
alarmed, because Linux will provide memory from the pool at new
processes are launched.

I firmly believe someone is mis-interpreting the output of ps/top on
this machine. I have worked with many a Linux "admins" who don't quite
understand how to interpret the output data of the various utilities
or how the Kernel works.

Let's look at your "before and after" ps output just above. You have a
Java process (PID 2019) running and in the second output, we see the
Java process is now gone (and no zombies).  I think what ya'll are
concerned about is that the "11215624k used" hasn't dropped much.  As
I stated earlier, don't fret over that - that's standard Linux
behavior.

As I stated in my previous post, if you REALLY want to see if there is
some rogue Java process, run
"ps aux | grep java" (best as superuser),
and see if you find more than one Java process.   But it's my opinion
that the ps/top output is confusing folks.

BTW, how are you killing the Java process? "kill -9"? if yes, not the
best way. The best way to stop a Tomcat Java process on a Linux system
is (adjust the shutdown port # if it is not 8005)
$ printf "SHUTDOWN" | nc localhost 8005

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8/Redhat Linux 6.6 /Kernal 2.6.32 - Memory Won't Release

2017-03-19 Thread calder

On Sun, Mar 19, 2017 at 12:48 PM, André Warnier (tomcat)  
wrote:
> On 17.03.2017 14:54, Christopher Schultz wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Eric,
>>
>> On 3/16/17 11:01 PM, Eric Chua wrote:
>>>
>>> I am running tomcat 8.0.121.  When I start my tomcat, it seems to
>>> be eating up all the memory on my system.  I have 16 GB, and it
>>> keeps on going.
>>
>>
>> What are your memory-related parameters when you launch the JVM?
>>
>> Note that Java *never* gives any memory back to the OS, even when the
>> heap-usage goes down. This is a Java thing, not a Tomcat thing.
>>
>>> Then when I try to kill the process, it dies but 12 GB is still
>>> being used even though everything is turn off.
>>
>>
>> That makes no sense at all. Please provide some evidence this is
>> happening.
>>
>>> The only way to reclaim the memory is to reboot.
>>
>>
>> If this is true, then you have some kind of awful kernel bug.
>>
>>> I am running on redhat 6.5 and can't figure out what could be
>>> causing this.  I run the tomcat as a local user, and I know there
>>> aren't any other processes running as the local user.  I am running
>>> a spring MVC 4/Java 8/ struts web application. I have two of them
>>> with the same issue.  Any help would be appreciated. When I try to
>>> view all the running processes I cannot see where most of the 12 gb
>>> are being used.   The system came up with 2.2 gb used and after I
>>> start one web application it goes to 14-15gb.
>>
>>
>> Ok.
>>
>>> The funny thing is that I can kill it to reclaim the memory. Only
>>> a reboot works.
>>
>>
>> You mean you CAN'T kill in to reclaim memory, right?
>>
>>> I am running a VMware instance with vcenter version 6.5.  This
>>> does not happen with Java 7 with tomcat 7. Any help would be
>>> appreciate.
>>
>>
>> Something tells me you are reading or interpreting something
>> incorrectly, here. Can you please share your raw data, and where you
>> got that raw data? Something like reports from free/ps/top/sar/etc.?
>>
>
> The OP might be looking at "memory usage" in the Vmware GUI, and confusing
> "memory allocated to that Virtual Machine", with "memory usage within the OS
> of that Virtual Machine".
> If Vmware at some point allocated more memory to that Virtual Machine, it
> may never reduce it until some other VM wouls need it (or indeed until the
> OS of the VM is rebooted).
>
> With Vmware birtualisation, it can easily get a bit confusing when trying to
> figure out "memory usage". Try figuring out what happens to Linux memory
> swapping for instance.
> (Or "ballooning").

Agreed.

One could easily find any rogue JVMs with a "ps aux | grep java"

Anyway, here's what I would do - as a superuser, run Mission Control -
it will list any JVMs running.
If there are any JVMs running, other than the Mission Control JVM,
connect to the one with the high memory usage to investigate.

If there are no other JVMs running, then there's your answer - there
is no rogue JVM consuming 12-14gb RAM.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 9

2017-03-09 Thread calder

>> From: pina.freder...@gmail.com [mailto:pina.freder...@gmail.com]
>> Subject: Apache Tomcat 9
>
>
>> I'm trying to teach myself Java Web App Development but can't seem to get 
>> this issue resolved.
>
>> Mar 09, 2017 5:44:17 PM org.apache.catalina.core.StandardServer await
>> SEVERE: StandardServer.await: create[localhost:8080]:
>> java.net.BindException: Address already in use: JVM_Bind

>> From: Caldarale, Charles R
>> Sent: Thursday, March 9, 2017 6:16 PM
>> To: Tomcat Users List
> Subject: RE: Apache Tomcat 9
>
> You already have something on your laptop that's using port 8080.  Either 
> stop running that program, or configure your Tomcat to use a different port 
> in the  element of server.xml.
>
>  - Chuck

On Thu, Mar 9, 2017 at 11:24 PM,   wrote:
> How do I stop it ?
>

Please don't top-post. I've fixed your reply.

If the "other" application is running as a Windows Service, then stop
the Service.

If you've run the "other" application from the command-line, then
usually you can do a  at the keyboard to stop the process.

If the application has run off as a rogue process, then use Task
Manager to kill it.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How do I set the logger org.apache.tomcat.util.scan.StandardJarScanner's level to WARN

2017-03-09 Thread calder

On Thu, Mar 9, 2017 at 9:48 PM, Hoa Phan  wrote:
> Hi Chris,
>
> I tried:
>
> org.apache.tomcat.util.scan.StandardJarScanner.level=SERVERE //in the
> logging.properties
>
> -Dorg.apache.tomcat.util.scan.StandardJarScanner.level=SERVERE //on startup
>
> org.apache.tomcat.util.scan.StandardJarScanner.level= SERVERE //as sysprops
>
> But they didn't help either :(, StandardJarScanner still prints WARN msgs...
>
> Any idea?

> Thanks.
> Hoa.

Is "SEVERE" spelled "SERVERE" (as written above) in the properties file?

If yes, then that's the issue

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Best way to find out how many DB connections that are open at any given time

2017-01-10 Thread calder

The fourth column is the "Local Address" (local machine) - in the case, a
machine-name (vs IP address) and the port value (such as 51186) the machine
is listening on. Of course, the machine-name will resolve to an IP address,
so in some netstat output, you might see
tcp  0  0  10.240.100.20:51186  10.240.100.55:1526  ESTABLISHED
- or possibly -
tcp  0  0  0.0.0.0:51186  10.240.100.55:1526  ESTABLISHED
- or possibly -
tcp  0  0  127.0.0.1:51186  10.240.100.55:1526  ESTABLISHED

This Local Address is the address to which the socket in question is bound
to and which it receives connections on.

The fifth column is the "Foreign Address" (destination machine), sometimes
shown with its port# (as is the case here) and a connection is established.


On Tue, Jan 10, 2017 at 5:06 PM, Joleen Barker 
wrote:

> Hi Andre - I played around a little more and ran the command netstat -a |
> grep 1526 which is the port number and received information that looks like
> 11 connections are open at this time. Do you know what the number is that
> follows the machine name in the forth column for example the 51186?
>
> netstat -a | grep 1526
>
> tcp0  0  cpmfttapt21.51186  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.51198  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.51211  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.55213  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.55214  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.55215  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.57493  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.57495  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.35153  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.35154  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> tcp0  0  cpmfttapt21.35157  cpmfttdbt01-vip..1526
> ESTABLISHED
>
> On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker 
> wrote:
>
> > Hello Filippo - I do not have JConsole available and the proposed idea is
> > past my knowledge level.
> >
> > Hello André - This was an interesting idea but it didn't work for me. I
> > only have the ksh available and could only use netstat -p tcp but the
> > output didn't make sense to me.
> >
> > On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) 
> > wrote:
> >
> >> On 10.01.2017 17:10, Joleen Barker wrote:
> >>
> >>> Hello All,
> >>>
> >>> Details:
> >>> Tomcat Version: 7.0.64.0
> >>> Java Version: 1.8.0
> >>> OS: AIX 6.1
> >>> Database: Oracle 11
> >>>
> >>> The web application installed on the server above makes data
> connections
> >>> to
> >>> run file transfers from point A to point B. The default Database
> >>> connection
> >>> setting that are set when the application server comes up are as
> follows:
> >>>
> >>> DataBasePoolingFlag - APACHE
> >>> MaxActive - 400
> >>> MaxIdle - 20
> >>> MinIdle - 10
> >>>
> >>> We had an incident where all these connections were actually used up
> due
> >>> to
> >>> a script someone had that looped. I need to determine at any given
> point
> >>> in
> >>> time how many DB connections exist from the web application to the DB.
> >>> There may be more than one way to do this. I am sure there is a DB
> >>> command
> >>> that could be run against the schema but the schema is pointed to by
> many
> >>> servers. I am  wondering if there is a java command of some kind that I
> >>> could run that may tell me how many connections are open at that time
> or
> >>> possibly a tomcat or apache command.
> >>>
> >>> Thank you for the help in advance.
> >>>
> >>>
> >> Hi.
> >> Maybe an "out of the box" answer, not using java.
> >> I don't know how the following commands fare under AIX, but on a Linux
> >> system, the OS-level command :
> >> ~# netstat -pan --tcp | grep ESTABLISHED
> >> will show you pretty much all TCP connections that are established
> >> between any process and any other, local or remote.
> >>
> >> Sample output :
> >>
> >> tcp6   0  0 127.0.0.1:45095 127.0.0.1:11002
> >>  ESTABLISHED 11096/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53564
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53677
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53659
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53656
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53620
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:8009  127.0.0.1:53608
> >>  ESTABLISHED 2677/java
> >> tcp6   0  0 127.0.0.1:45142 127.0.0.1:11002
> >>  ESTABLISHED 11096/java
> >> tcp6   0  0 127.0.0.1:43558

(TC7+) Why was the Realm argument removed for GenericPrincipal?

2016-11-01 Thread calder

We have an application that runs on Tomcat6. For Tomcat7+, two of our
.java files require modification.   The modifications are mostly
concerned with the invocation of the
org.apache.catalina.realm.GenericPrincipal constructor - see the
MyappRealm class just below - this is the TC6 version. For the TC7+
version, we must remove the "this" (our Realm) argument.

Please see the MyappSpnegoFormAuth class just below - specifically the
invoke() method.
With Tomcat6, the super.invoke() method consumes ~2 milliseconds.
With Tomcat7+, the super.invoke() method consumes ~28 milliseconds.
super.invoke() is a call to org.apache.catalina.authenticator.AuthenticatorBase

We believe, somehow, that the "missing dependency" (admittedly, we
don't know what the catalina GenericPrincipal class does with the
passed-in Realm - ie, our Realm class) is causing the extended
millisecond times.

So, can anyone explain why the Realm arg was removed for the TC7+
GenericPrincipal class?
And just as important, is there a way to match the functionality?
Maybe we missed where our Realm class is passed to catalina code?


(if anyone is curious why we are concerned about the extra 26
milliseconds, it's because this code is used during "report
generation" and is called many times - example, with TC6, the report
runs in 25 seconds, with TC7+, it takes 80 seconds!).

import java.security.Principal;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;

public class MyappRealm extends RealmBase {

  @Override
  protected Principal getPrincipal(String username) {
   // in Tomcat6, all GenericPrincipal ctors required a Realm (1st) argument
   // - Tomcat7+ no Realm arg
return new GenericPrincipal( this, username, getPassword(username), roles);
  }

  public Principal authenticate(String alias, String uname, String creds,...) {
// setup code
   return new GenericPrincipal( this, "myapp " + uname + "blah", creds, roles);
  }

  @Override
  public Principal authenticate(String uname, String creds) {
   // setup code
   return new GenericPrincipal( this, "myapp " +uname +"blah", creds, roles);
  }
}

import org.apache.catalina.Realm;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.realm.GenericPrincipal;

public class MyappSpnegoFormAuth extends FormAuthenticator {
  @Override
  public void invoke(Request request, Response response)
 throws IOException, ServletException {
 // setup code
if( (session = request.getSessionInternal(false)) != null) {
  if( (prince = session.getPrincipal()) != null )
request.setUserPrincipal(prince); // prince is a Principal
}

super.invoke(request, response);
  }

  public boolean realmAuth(HttpServletRequest request,
   String uname, String creds) {
Realm realm = context.getRealm();
Principal prince = realm.authenticate(uname, creds);
if (prince != null) {
  this.register(req, res, prince, "FORM", uname, creds);
  return true;
}
return false;
  }

  @Override
  public boolean authenticate(Request request,
   Response response, LoginConfig cfg)  throws IOException {
// setup code
 // various decisions and calls to super.authenticate() -
// if all are false, this last super call is made
return super.authenticate(request, response, cfg);
  }
}

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

90 matches

Mail list logo