> Hi There,
>
> We are about to upgrade from tomcat-7.0.65 to tomcat-8.0.XX. and this is
> regarding the loading of same JARs within the different application. to
> understand the scenario, consider below case
>
> Tomcat 8 ---
> webapps
> a.war--> lib--> spring.jar
>
> I want to say thank you all for your help and many different ways to solve
> my problem. I think the most -maybe all- will work in an ideal world without
> hard requirements through legacy client-applications. I don't want to hold
> on BASIC as auth-method because I like it so much, I prefer to
>> Torsten,
>>
>> Add an interceptor to AngularJS to detect the 401 and do whatever you
>> want, e.g. redirect to a login page. Then when you have the
>> credentials, submit to login rest api, get a token, and then make all
>> other calls passing this token.
>>
>> There are loads of examples on
> No, container BASIC authentication should be enabled, the container should
> handle the authentication, but the browser should not show his ugly default
> login dialog when I request resources from the REST-service with wrong
> credentials.
> When the REST-client (web-application in the browser)
> I need something like,
>
> My main landing page www.mysite.com
>
> Subdomains I am looking for
>
> myfeature1.mysite.com
>
> myfeature2.mysite.com
>
> myfeature3.mysite.com
>
> etc
>
> myfeature is a cookie value which comes from www.mysite.com(this is
> landing page which drops myfeature
All,
I still don't quite understand how I ended up in this position, but
when Stephen from the Apache Lounge builds a new tomcat native build
of something, he asks me to inform the tomcat mailing list. I consider
it the very least I can do for the community, but struggle to see how
I am adding
BTW: The reason I'm asking is because that transparent shift from
one app release to the next doesn't play along well with any caches
(browser, caching proxies, CDNs etc.): When a shift to the next app
release occurs, I generally need the client browsers to fetch a
fresh copy of all files
I already have a custom error page. When I detect that a URL returned by
google would return a 404, I exclude it from the search results so that the
user never sees it.
Mitch
Mitch,
Ok I see now what you mean. Sorry your original email was quite clear.
Hmm interesting challenge. Big
Short question: How can I, from within code running under Tomcat, determine
if a given URL request to that tomcat instance would result in a 404 or not,
without calling back to the Tomcat using an HTTP HEAD or GET?
Background: We use google custom search by calling the google server and
then
... how can I share
the result of fiddler to you if the system dosent allow attachments?
Ankur,
Copy/paste the text of the raw response into an email should do it
Chris
-
To unsubscribe, e-mail:
On 13 January 2015 at 11:38, Thone Soungpanya
thone.soungpa...@higherone.com wrote:
Hello,
Can anyone give some advice on what the issue may be? We have a web
application folder in Tomcat that have been slowing the http request's
connection to another third party system when there are high
example with to garbled classes: (3.class being the first, which
must come from SomeClass$3.class and the second one being something
awefully beautiful:
ConfigEdiAtourtAhpepnltiiccaattiioonn$SAtpaptlei$cIadteinotniCfo^@^@iigeLro.acdlLaissstener.class
To prevent decompilation, you can run your
On 6 November 2014 05:36, Vasily Kukhta v.b.kuk...@gmail.com wrote:
I have received additional details - the application starts getting
java.sql.SQLException: Listener refused the connection with the following
error: ORA-12519, TNS:no appropriate service handler found, although the
amount of
On 28 October 2014 11:06, Jason Ricles jgr...@alum.lehigh.edu wrote:
Ok so here is the problem I have been spinning my wheels on for day let me
just lay it out.
I have a daemon written in java running lets call it foo for simpleness on
a linux machine that has the tomcat server running. On
Couldn't you have the daemon write to a database, and have the web app
read from the database?
Then you could pass whatever message you wanted as a string?
Chris
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For
Léa,
Below is what I would like to ask you:
How do you usually protect your Tomcat servers and Webapps from (D)DOS
((Distributed) Denial-of-service) attacks?
If you allow the DOS traffic to make it all the way up to the
application layer before you detect it, then the DOS will still have
an
All,
I had a email thread going a while back -
http://tomcat.10.x6.nabble.com/64bit-windows-mod-jk-connector-download-for-apache-httpd-2-4-td4893904.html.
The thread ended with Christopher Schultz and mladen suggesting that I
ask the maintainer of apache lounge to include builds of mod_jk on his
It is not feasible to determine the difference between a timed-out
session and a user who had no session to begin with.
Couldn't you use the presence/absence of a session id cookie?
Chris
-
To unsubscribe, e-mail:
Aryeh,
I suggest that you take a step from implementations, and define what
you want a little more clearly.
You have a webpage, that is served and loads a java app via jnlp. That
java app uploads some files to the server. At a later point in time,
you want the server to know that the client has
Christopher
On 2/7/14, 4:01 AM, Christoph P.U. Kukulies wrote:
I downloaded tomcat 6.0.39 (64) from tomcat.apache.org, put it
into c:\program files\Apache_Group\Tomcat_6.0.39 and ran the
service.bat which established the service.
As system environment variables I have set:
On 5 February 2014 16:34, javier_esp...@hna.honda.com wrote:
How do I get to the Windows Event Viewer in Windows 7?
http://lmgtfy.com/?q=How+do+I+get+to+the+Windows+Event+Viewer+in+Windows+7
Thanks
Your welcome. Anytime you want something from google, please ask here first
Chris
There are probably lots of reasons for top-posting, and I don't think we can
lay the blame on the MS Outlook world. The people I work with use a mixture
of Thunderbird, web-based interfaces, and Outlook.
Every one of them top-posts :-(.
When you click reply in these email clients, they
Asok,
As I said before, I have no control over the input text. In the test
servlet I am simply reading text from a file and sending it out to the
browser. No other processing has been done to the text by the servlet. The
browser, however, receives a page with CRLF stripped starting from a
Issue: Few packets do not reach the application servlet but tomcat receives
them. The missing packets reach the HTTP layer and thereafter they disappear.
This issue is not frequent but occasionally consistent. For the POSTs of
missing packet I am not able to find the entry in
This email does not have any relation with my activities in ASF and its
projects. Its solely related with my marketing team in which how you get
emails. If I thought that it will be a spam, would I put my email address to
sender? I think no! We thought that you can benefit from this email.
2013/10/22 ANALIA DE PEDRO SANTAMARIA 100074...@alumnos.uc3m.es:
Hello,
I would like to know if is it possible to restrict the use of JDK classes
in Tomcat according to a list given in another file. ¿Is it possible by
creating a new Add-on? If it is possible, where can I find documentation
hi All,
I have added below entry in server.xml to override the context root of my
application i.e from /dummy to /market.
You can add entries to server.xml, but people on this forum generally
advise against it. Please remove that
The problem is now the application is accessible via both
To add to what Daniel is saying, here is a little graphic representation,
for one single client browser :
(browser) -- HTTP -- (httpd + mod_jk) -- AJP -- (tomcat) -- (webapp)
(1)
|
|- (local resources) (2)
When the browser sends a
On Tue, Aug 6, 2013 at 7:52 AM, Martin O'Shea app...@dsl.pipex.com wrote:
This is now resolved. Thanks anyway.
For the benefit of anybody else that hits this issue, care to explain
how it was resolved?
Thanks
Chris
-
To
Stefan,
but I'm not sure which values to tune. Probably the buffers, right?
Any pointers would be great.
If you want to tune an application, first you need to create a
repeatable test load using any tool you like. Then measure the
application under load, and identify where there are problems.
On Thu, Jul 11, 2013 at 11:35 AM, Stefan Magnus Landrø
stefan.lan...@gmail.com wrote:
Den 11. juli 2013 kl. 15:44 skrev chris derham ch...@derham.me.uk:
Stefan,
but I'm not sure which values to tune. Probably the buffers, right?
Any pointers would be great.
If you want to tune
Who says I was using a 3 year old unreleased level?
You did when you set the subject line to Class cast exception when
starting tomcat 7.0.1 Charles was hinting that 7.0.1 wasn't released
Chris
-
To unsubscribe, e-mail:
Please help to trouble shoot this issue.
**
More information on this would be provided as per the request.
** **
Thanks
** **
*Regards*
*Veena B S*
** **
The mailing list strips attachments. Please try again, sending a plain text
email without any attachments
Thanks
I am considering using the Tomcat 7 shared classloader to reduce the memory
footprint of my web apps.
Can you provide some approximate numbers as to what the current memory
footprint is? Also some details of how many tomcat instances you have
running and/or how many versions of the application
When I use the syntax from the samples in the onTextMessage() method, I get
ConcurrentModificationException if I have more than one client sending data
to the server at the same time:
for(MyMessageInbound mmib: mmiList){
CharBuffer buffer = CharBuffer.wrap(cb);
Maybe the first question should be : why do you want to run this with the
Security Manager ?
As far as I understand this, the SM only really helps, if otherwise unsecure
applications can be deployed within your JVM. Is that the case, or do you
know and control all the applications from the
If anyone else wants to chip in with any relevant additions, let me
know. I might be able to have a look at updating the documentation
page later, but being as I'm a developer my linguistic skills have
never really been approved off so not sure any changes will be
approved :-)
HTH
Chris
Thanks for all your feedbacks.
Is multiple versions supported or all instances have to be the same build.
You can have it any which way you wish, e.g. single tomcat in single
catalina_home with multiple instances each with own catalina_base, or
multiple versions of tomcat each in own
But honestly, I am also a bit at a loss now as to how to continue. There is
of course no way for me to prove the validity of the scheme by installing it
on 31 million (20%) of webservers on the Internet and looking at the
resulting bot activity patterns to confirm my suspicions.
Try to enter
Let me just summarise my arguments then :
1) These scans are a burden for all webservers, not just for the vulnerable
ones. Whether we want to or not, we currently all have to invest resources
into countering (or simply responding to) these scans. Obviously, just
ignoring them doesn't stop
Yes. But someone *does* own the botted computers, and their own
operations are slightly affected. I have wondered if there is some
way to make a bot so intrusive that many more owners will ask
themselves, why is my computer so slow/weird/whatever? I'd better
get it looked at. Maybe I
Hi.
Long and thoughtful post. Thanks.
just hope it helps move the discussion forward
Say you have a botnet composed of 100 bots, and you want (collectively) to
have them scan 100,000 hosts in total, each one for 30 known buggy URLs.
These 30 URLs are unrelated to eachother; each one of them
Or, another way of looking at this would be that for every 40 servers
scanned without a 404 delay, the same bot infrastructure within the same
time would only be able to scan 1 server if a 1 s 404 delay was implemented
by 50% of the webservers.
This assumes that the scanning software makes
OK, I'll have to investigate the DB setting more thoroughly. The maximum
sessions and processes in Oracle are higher than we were using for the test
though (several hundred).
We hit a similar situation a year ago. Essentailly Oracle has a TNS
listener process that accepts connections. This is
This thread has been going on for some time now, but why are you using
drive letters? Can't you just use unc paths and remove all of these
issues you are having? I searched the thread for UNC and can't see
that this was asked, but seems like a sensible question.
HTH
Chris
Context
RealmclassName=org.apache.catalina.realm.JNDIRealm
adCompat=true
allRolesMode=authOnly
referrals=follow
connectionURL=ldap://dc01.mydom.local:389;
connectionName=mydom\tcuser
connectionPassword=Pa55w0rd
userBase=dc=mydom,dc=local
If the system is only for testing, or communicates with a limited number of
systems (i.e.,
it is a firewalled backend system that only communicates with a front-end
system), then again,
a self-signed certificate would be fine.
+1
If his organization already uses PKI certificates, then he
I mean I need a tomcat service which can interact with desktop and can
access network resources
Top hit when googling for 'windows service interact with desktop'
http://lostechies.com/keithdahlby/2011/08/13/allowing-a-windows-service-to-interact-with-desktop-without-localsystem/
The basic
The first part (running programs which require a Window) usually doesn't,
because those programs are usually such that they do not work as a
service. It is not usually only the fact that they need a console, but
they need a whole bunch of other environment which a Service does not
provide.
I mean I need a tomcat service which can interact with desktop and can
access network resources
'access network resources' is clear, but please define 'interact with
the desktop' - what do you want the app to do exactly?
Chirs
snip
I simply need a temporary string that is set during the session in
one app to still be able to be displayed when the user goes to another
app.
/snip
snip
Am I missing something obvious here?
/snip
Couldn't you try a cookie?
Chris
In the Java world, most people would only call it a consider it a
cluster if the app servers actually know about each other -- for
instance, if you are using session replication. IMO session
replication is a dog, and there are better ways to achieve similar
goals that yield much higher
To my mind if you deploy the app as ROOT.war, as long as DNS
is configured correctly, that single context will serve
responses to http://app1.com/ and http://app2.com/. This
appears solves the explicit requirement stated above.
But the OP refuses to supply any information about why that's
The documentation for the docBase (a.k.a context root) attribute
states that the docBase attribute should be used to point to the war
or exploded war file. My server's appBase is the default of 'webapps'
and my WAR and exploded WAR are under webapps so I have specified a
relative path of
We have 2 Apps on tomcat with each having independent DB
the credentials in both apps are in synch with the list of authorized users
as per LDAP.
What does that mean? Where is the source of the credentials? When a
user changes a password, where do they change it? You say in synch,
so do the
Is this possible, Is there any material available for me
The links already provided cover all that you request
I have read some where that Apache HTTPD ( ) can do this SSO process,
then the same could be at Httpd instead of Tomcat end .
If so yes plz let me know the process.
I have
Does that mean that Tomcat treats WIA similar to HTTP BASIC (or maybe
DIGEST) unless you've approved a particular domain/host? That's
interesting. Can you just enter anything you'd like? For instance, can
I authenticate to a server that is expecting WIA from a Linux
workstation just by
1) All 3 applications are browser compatible and users may use other then
IE
hence IE alone can be ruled out
Do you mean multiple browsers access these web applications, so we
can't use anything that is IE specific? Assuming that you do, I don't
believe that anybody suggested anything that
Do you need a plug-in or anything like that? Does it need to be
specifically enabled?
No, we use it all the time with IE, Firefox, and I believe Chrome
as well.
Last time I was working in this area a few years ago, it worked by
default in IE and had to be turned on in FF. A rogue website
it's not. maybe it will make things clear if i change the names of the
paths, say:
* when user goes to http://app1.com/ - {thesamewebapp}/app1 path is served
as root path of the domain app1.com
* when user goes to http://app2.com/ - {thesamewebapp}/app2 path is served
as root path of the
Kiran
I want to run it as service.I installed this by running service bat file
from cmd prompt.once installation was success full.I checked local
host:8080.over there I see version 7.0.2 .
in a cmd prompt run netstat -ano. The output will list all processes
and the TCP port they have open.
We have a web server hosted on Apache Tomcat Version 7.0.32.
It is a single Tomcat instance on 64 bit windows. Server.xml has two
connectors: The ssl connector is HTTP NIO and the non-ssl connector is HTTP
BIO.
We are trying to achieve vertical scalability and would like to increase
the
I use mod_jk loadbalancing. (JkMount /WebApp/* loadbalancer )
I want to use only one loadbalancer.
Why are you using load balancing? Why do you want to use only one
loadbalancer?
Can I set specific url after balancing
?
For example, firstly every request will go to loadbalancer.
Then if
Having finally received the actual details of what the OP actually is doing
in email #37 of this thread, I was struck by a simple thought. I have
re-read the whole thread, and don't think/hope that I am about to say
anything completely stupid.
We develop software that routes millions of requests
After upgrading to 7, deploying a new war file often results
in PermGen error, much more often than in 6.(with identical JVM settings)
I have tried all those JVM settings for perm memory but no help.
All those JVM settings for perm memory - could you share which
settings you have tried, and
Today we're about to deploy a simple app that is basically a charts
solution that will run over Tomcat 7.X. Well till there everything is all
right. But since I'm not a heavy user of Tomcat I'm not so sure what could
that be the best settup for my app for not have problems in a first sight
by
The documentation tells, that this could be done by calling tomcat7
//US//Tomcat7 ...
This method works, but it is not practicable for our production
environment, because these settings are stored in the registry.
Matthias - can you please elaborate on exactly what it is not practicable
for
On Wed, Sep 19, 2012 at 10:02 AM, Ragini raginippa...@gmail.com wrote:For
my research work I want to have different attacking scenarios which
exploits vulnerability of JAVA based applications. This java applications
can be just any web-application, desktopapplication or any other.For this,
I was
I am new to Tomcat. What I like to do is to deploy different versions of my
application, for example:
hostname\myappv1
hostname\myappv2
Now I want the ROOT context to be set dynamicly to one of the available
deployed versions. Is this possible? Is there a way to implement this?
Dennie,
Basic what I want is the same functionality which google apps provides. So
I want to be able to have multiple versions of my application online, let
people try the new environment and eventually switch the root context to
the new running version. This enables my clients to try out the new
I found following problem when java application is trying save xml data
into xml column to database.
I found a problem with tomcat which is happening in the version 6.0.32 and
6.0.35 (maybe also in other version), but working really fine with version
6.0.26.
** **
My
| I am 95% certain of what is happenning but haven't tested this. It will
help your understanding if you read the EL specification, specifically the
section in the Javadoc regarding how implementations are discovered.
| Tomcat implements these rules. It is possible for an EL implementation to
be
I have configured the server.xml to run a few sites with HTTP and HTTPS,
HTTP sites work correctly, that HTTPS is not responding, can not display
the page
Massimo Chirivì
Massimo,
Pid's reply was asking you to answer some specific questions. You appear to
have only answered the first one
On Fri, Jul 20, 2012 at 6:31 PM, Tony Anecito adanec...@yahoo.com wrote:
Thanks for the quick reply Mark.
Yes I saw your comments in one of your presentations about profilier and I
am a fan of visualvm and have profiled Tomcat in the past but when down to
1-2msec not sure how much the
Good Evening Pavel Implementing a SSL Connector on Tomcat will prevent
Session Fixation attack
Martin,
This is not correct. Using SSL will not stop session fixation attacks
Chris
On Thu, Jun 28, 2012 at 12:38 PM, Yasser yarafa...@gmail.com wrote:
Yes. It does show that maxactive has reached 100. I also use splunk to get
the connection status at the oracle side.
What I dont understand is that Resin needs just 50 connections to handle
the same load. I am in the process
On Tue, Jun 26, 2012 at 12:46 PM, Cotton, Joseph B
bcot...@dpscs.state.md.us wrote:
I looked at the Realm documentation for a few minutes, but it appears to
be intended for User ID and Password verification.
Joseph,
Ignore Martin's JDBCRealm suggestion - his responses don't seem to relate
Using tomcat 6.0.29.
i want to know is there any parameter in HTTP\AJP connector to set
request time out(i.e if particular request taking long time to complete it
should time out after configured timeout value).?
My web application communicating to some external system where response is
any hint on fast-user-switching or
applications-interacting-with-container-based-authentication are very
welcome.
Dirk,
We had an app where support staff can login, and then on a special form
enter the username of the person to impersonate and their own password (to
prevent abuse), and the
Steffen from apache lounge asked me to forward this to tomcat mailing list
Chris
-- Forwarded message --
From: Steffen i...@apachelounge.com
Date: Wed, May 16, 2012 at 12:10 PM
Subject: Re: mod_jk binary
Chris,
Made 1.2.36 Apache 2.4 Win32/Win64 available.
Maybe you can say
never had this problem when i deployed to SolarisI'll try again
tommorrow when i have a REAL Operating System to deploy my webapp
So you have a web app, serving up web pages, that are being cached in a
browser. The browser is not refreshing, for reasons unknown. You say that
the clock was
Wow, that was fast.
Far better than commercial support IMO
I am grateful too for the above, but since you appear to have a good
connection, and for the sake of symmetry, should not one ask them also for
the 32-bit version ?
I sent one email, and he went for it. I don't really call that
Exactly. Might be better to come from userland
+1
I have emailed the apache lounge contact email asking if they would
consider including a build of mod_jk - lets see what happens
Thanks
Chris
And we have a winner - 64 bit mod_jk now present on
Exactly. Might be better to come from userland
+1
I have emailed the apache lounge contact email asking if they would
consider including a build of mod_jk - lets see what happens
Thanks
Chris
On Wed, Apr 18, 2012 at 5:07 PM, Mladen Turk mt...@apache.org wrote:
On 04/18/2012 02:00 PM, chris derham wrote:
All,
Our setup has apache tomcat running behind apache httpd using mod_jk. I
would like to upgrade to apache 2.4, but for this I need to find a 64bit
mod_jk release for httpd
All,
Our setup has apache tomcat running behind apache httpd using mod_jk. I
would like to upgrade to apache 2.4, but for this I need to find a 64bit
mod_jk release for httpd 2.4. The binaries contained at
http://tomcat.apache.org/download-connectors.cgi 32 bit httpd connectors,
or a 64bit iis
Ofer,
Look at the articles in the link already given -
http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F-
find the bit about sendsignal. Download this program, and run it. This
provides the windows equivalent of sending -3 to a *nix java process, e.g.
http://wiki.apache.org/tomcat/**HowTo#How_do_I_obtain_a_**
thread_dump_of_my_running_**webapp_.3Fhttp://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
for more info, to get a thread dump of tomcat.
I have seen that page but actually can't use the //MS//
i load a spring xml with my own lifecycle listener. Which works pretty
well actually.
In my spring xml i try to get a datasource from the JNDI context. I
put the definition in the server.xml under GlobalNamingResources.
My lifecycle listener is loaded after the
Hi Celso, you signature is in portuguese because that i will talk in
portuguese...
Tenho 12 anos de experiência com Linux e dois livros publicados, nunca
vi um tomcat rodar sem consumir umas cacetadas de megas de memória,
acho que o java, é uma plataforma ruim, mas que todo mundo defende e
I am using Tomcat 7.0.11 and use Form Authentication (via
j_security_check) to authenticate through the Tomcat server.
Currently, two users with the same username can log into my application
from two different computers and concurrently access the app.
Is there a way to prohibit a user from
We thought this would allow us to monitor all contexts with a
single probe install, but it only seems to show a single localhost
context. I assume that the hosts are separated, and that the
context=priviliged setting can allow a web app to access other
webapps in the same context, but
A silly question:
why do you use a ThreadLocal to store a constant value for entire
application? why not a static variable or store into web application
context , by example ?
The string of the date format is constant. However the SimpleDateFormat
class is not threadsafe, so you will hit
All,
Java running on windows 2008 r2 against tomcat 7.0.19
java version 1.6.0_24
Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
Java HotSpot(TM) 64-Bit Server VM (build 19.1-b02, mixed mode)
I have a single war file, and would like to host multiple demo sites of our
app. So ideally users
Host name=demo1.company.com appBase=webapps\demos
unpackWARs=false autoDeploy=false
The appBase I find a little concerning... You don't have any apps
directly place in webapps do you?
So I wasn't 100% sure exactly what to do here. I setup a folder under
webapps called demos. We
But for _transparent_ authentication IIS is required as Christopher
mentioned.
That is not true. You can use SPNEGO to setup transparent authentication
directly to tomcat. You do not need IIS. This means that a browser accesses
a protected url on the server, and the server and browser discuss
On Tue, Nov 15, 2011 at 11:39 AM, Alexander Diedler adied...@tecracer.dewrote:
Hello,
This is no option, this solution means, that the windows session must still
remain opened with a logged in user.
Not true. You can setup tomcat to run under a service account, and have
the service account
Simple i have setup httpd,modjk,tomcat .i want to enable SSL(i.e i can
handle everything on https).
If you have httpd sending traffic via mod_jk to tomcat, you are nearly
there. Just configure httpd to listen over ssl.
If (instead) you want to encrypt the AJP connection between HTTPD and
So to recap, and verify my understanding...
Perhaps I am missing some valve overview.
I understand it is invoked before the filters, but after completion it
would arrive to the filter/servlet container anyway.
So what your saying is that if I build a valve and read information from
IO file
may I know, how to connect to datasource automatically if my DB
machine
is
restarted?? Is it having any specific parameter to connect datasource
automatically??
How does the existing app connect to the database? Can you show the code
please - remove any sensitive passwords
Thanks
1 - 100 of 155 matches
Mail list logo
