> -----Original Message----- > From: Salisbury, Richard W DLA CTR INFORMATION OPERATIONS > Sent: Friday, March 06, 2015 16:29 > > Greetings, > > We have found a need to stop and start Tomcat once in a while to allow
How long is a "while"? > Tomcat to connect via HTTPS with some other servers. We think the > restart may be synchronizing the time Tomcat uses with the server OS > system time, and we are looking for ways to prevent having to > stop/start > Tomcat. I want to start with, I am very skeptical to your observations. > > Details: > Our instance of Tomcat 6.0.36 runs on HP-UX B11.31 ia64 with > JVM Version JVM vendor? > 1.7.0.08. It hosts a custom servlet which, when invoked, > connects with > a remote server via HTTPS to retrieve some data. However, The webapp make an outbound HTTPS connection or a client makes a HTTPS connection to the webapp? > after about a > month the timestamp Tomcat sends in the SSL handshake appears to drift > enough for the remote server's time to start rejecting > requests because > the timestamp is too far off (according to our partner's remote > application logs). How far off? > > We have confirmed that our server clock is set correctly and > synced with > NTP, and matches the system clock on the remote server, which > also uses > NTP. So one thing we thought might be happening is that What are the NTP stats? In otherwords, how stable is the system clock. > Tomcat (or the > Java that Tomcat runs on) may be keeping an internal clock, perhaps It all boils down to: public static native long currentTimeMillis(); Even new java.util.Date() -> public Date() { this(System.currentTimeMillis()); } That means all the "time" source in Java, and Tomcat come from the OS. > using a separate thread as a way to speed up the retrieval of time so > that it does not have to go to the OS system clock every time it needs > the current time. And maybe this internal clock is not > synced with the > server time until Tomcat (or the JVM) is restarted. > > If this is the case, would anyone have an idea of how to force Tomcat > (or Java) to use the server's system clock every time instead of using > its own internal clock? We do not care about the performance hit on > this because this is a low-volume application. Or, if we are > misunderstanding Tomcat and it actually uses the system clock > every time > it needs to get the current time, is there something else we should be > looking at? Lets start withm can you add a simple JSP to your web app? <%=System.currentTimeMillis()%> Then periodically: date && date -d "@$(curl -s http://127.0.0.1:8080/date.jsp)" && date > > We have researched on the web, checked the Apache mail archives, read > the Tomcat configuration guide, looked up the Java system options, but > have not studied the Tomcat source code yet. We did find > that there is > a Java Wrapper product out there by Tanuki Software that provides an > option to use system time or a background thread, which is what caused > us to wonder if Tomcat might be doing something similar. > > For more information on what the Tanuki wrapper does, here is > an excerpt > we found on their website > http://wrapper.tanukisoftware.com/doc/english/prop-use-system- > time.html: > "As of Wrapper version 3.1.0, a new timer mechanism was added to the > Wrapper. This new timer was made the default in Wrapper version 3.2.0. > Rather than keeping time by querying the system clock, the Wrapper > creates a background thread which enters a light weight loop and > increments an internal "tick" counter. Internally all timekeeping has > been modified to be based on these "ticks". (If the system > time is being > used, then the tick count at any particular moment is calculated from > the system time rather than from the counter.) " > > Thanks in advance for any ideas that are shared. > Richard -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.
smime.p7s
Description: S/MIME cryptographic signature