IllegalStateException when using CometConnectionManagerValve
We're writing an application that processes requests using both a normal servlet and a CometProcessor. The normal servlet handles user authentication and logout (among other things). Once the user has been authenticated, the client makes a Comet request, which is open until the server has something to push to the client. When the user decides to log out, we need to stop processing Comet events for that client. I've run into two issues: (1) If the client terminates abnormally, a Comet END event is never generated. Network traces show a RST being sent by the client on the socket; however, we never get an END (or ERROR) event on the server. I've seen this with both the NIO and Apr connectors, on Windows. (Haven't tried other platforms.) If the client resets the socket, shouldn't the CometProcessor get some sort of event? If the client is going to shut down normally, is there a good way to explicitly close the Comet connection? (2) I enabled the CometConnectionManagerValve in context.xml, hoping I would at least get an END event when the session goes away. Instead, I get an IllegalStateException: Mar 10, 2008 2:05:41 PM org.apache.catalina.connector.CoyoteAdapter event SEVERE: An exception or error occurred in the container during the request processing java.lang.IllegalStateException: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:2301) at org.apache.catalina.connector.Request.getSession(Request.java:2075) at org.apache.catalina.valves.CometConnectionManagerValve.event(CometConnectionManagerValve.java:311) at org.apache.catalina.core.StandardHostValve.event(StandardHostValve.java:179) at org.apache.catalina.valves.ValveBase.event(ValveBase.java:200) at org.apache.catalina.core.StandardEngineValve.event(StandardEngineValve.java:128) at org.apache.catalina.connector.CoyoteAdapter.event(CoyoteAdapter.java:198) at org.apache.coyote.http11.Http11NioProcessor.event(Http11NioProcessor.java:749) at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.event(Http11NioProtocol.java:653) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2080) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) at java.lang.Thread.run(Thread.java:619) Presumably my servlet handles the "logout" request, and after sending a response to the client, calls invalidate() on the HttpSession. Subsequently, CometConnectionManagerValue.event() calls request.getSession(true), resulting in the IllegalStateException. I'd be happy to file bugs for these issues with additional supporting information, but I wanted to see if these were known issues or if I might be doing something wrong. Thanks, --Daniel Rabe
RewriteValve and the ROOT webapp
I’m using Tomcat 8.5.20, trying to use the rewrite valve to rewrite a root-level URL (/foo) to a URL in my webapp (/mywebapp/bar). I added the rewrite valve to my server.xml, and I put my rewrite.config in conf/Catalina/localhost. This all works great IF I create an empty “ROOT” directory in webapps. If I remove the ROOT directory, though, accessing /foo just gives me a 404. Questions: 1. Is this by design, or is this a bug? (If it’s by design, then some additional notes in the documentation would be helpful). 2. If in fact I do need to have the ROOT webapp, what security precautions should I take? Security guides such as https://www.owasp.org/index.php/Securing_tomcat recommend removing the ROOT webapp, but without providing reasons or rationale. Thank you! --Dan Rabe
Re: Is JsonAccessLogValve still supported in Tomcat 10.1.x?
Thank you! I am actually using 10.1… I didn’t realize that the page I was looking at was specific to 10.0. My bad! From: Christopher Schultz Date: Saturday, December 14, 2024 at 11:26 AM To: Tomcat Users List , Mark Thomas Subject: Re: Is JsonAccessLogValve still supported in Tomcat 10.1.x? Mark, On 12/14/24 2: 03 AM, Mark Thomas wrote: > 13 Dec 2024 21: 40: 23 Christopher Schultz : > >> Dan, >> >> On 12/13/24 4: 07 PM, Dan Rabe wrote: >>> I noticed that JsonAccessLogValve Mark, On 12/14/24 2:03 AM, Mark Thomas wrote: > 13 Dec 2024 21:40:23 Christopher Schultz : > >> Dan, >> >> On 12/13/24 4:07 PM, Dan Rabe wrote: >>> I noticed that JsonAccessLogValve is documented in the Tomcat 9 >>> configuration docs >>> (https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0-doc/config/__;!!Iz9xO38YGHZK!6ZCI9zuP-lWTLTClVQSzFIfgJIoGF7juaOAOYyD2qfJkcEujQRzmnNUPYRBmy3kj9c0t12JX28lqhpfmYaSRumZ6$<https://urldefense.com/v3/__https:/tomcat.apache.org/tomcat-9.0-doc/config/__;!!Iz9xO38YGHZK!6ZCI9zuP-lWTLTClVQSzFIfgJIoGF7juaOAOYyD2qfJkcEujQRzmnNUPYRBmy3kj9c0t12JX28lqhpfmYaSRumZ6$> >>> valve.html) as well as the Tomcat 11 docs (https:// >>> tomcat.apache.org/tomcat-11.0-doc/config/valve.html )…but is not >>> mentioned in the Tomcat 10 docs >>> (https://urldefense.com/v3/__https://tomcat.apache.org/__;!!Iz9xO38YGHZK!6ZCI9zuP-lWTLTClVQSzFIfgJIoGF7juaOAOYyD2qfJkcEujQRzmnNUPYRBmy3kj9c0t12JX28lqhpfmYbXZ4Ozh$<https://urldefense.com/v3/__https:/tomcat.apache.org/__;!!Iz9xO38YGHZK!6ZCI9zuP-lWTLTClVQSzFIfgJIoGF7juaOAOYyD2qfJkcEujQRzmnNUPYRBmy3kj9c0t12JX28lqhpfmYbXZ4Ozh$> >>> tomcat-10.0-doc/config/valve.html). >>> I’m wondering if JsonAccessLogValve is supported in Tomcat 10? >> >> Likely an oversight. If the class is there, it is supported. >> >> I'll look at getting the documentation corrected. > > Not an oversight. > > It was never added to the now unsupported 10.0.x. > > It was added to 10.1.x (or possibly 11.0.x - I haven't checked) and then > back ported to all supported versions. Thanks for the cross-check. I blindly looked at the documentation links and didn't notice the 10.0 vs 10.1. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Is JsonAccessLogValve still supported in Tomcat 10.1.x?
Hi, I noticed that JsonAccessLogValve is documented in the Tomcat 9 configuration docs (https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html) as well as the Tomcat 11 docs (https://tomcat.apache.org/tomcat-11.0-doc/config/valve.html )…but is not mentioned in the Tomcat 10 docs (https://tomcat.apache.org/tomcat-10.0-doc/config/valve.html). I’m wondering if JsonAccessLogValve is supported in Tomcat 10? Thank you! --Dan
