Re: configuring Tomcat 9.0.85 for debugging

[Mark Eggers]

On 2/26/2024 2:18 PM, Mark Caruso wrote:

If anyone has guidance for configuring Tomcat 9.0.85 for debugging please send 
it along. I am running the program under Ubuntu 20.04. I am not sure the 
guidance on the internet for modifying catalina.sh is right.  My goal is to 
then attach a debugger from Netbeans 16 and debug my web app.
Thank youMark


Mark,

In my opinion, running a service-oriented (systemd for Ubuntu 20.04) or 
package-installed Tomcat for development and debugging is not ideal.


In no particular order, you'll run into:

1. Start / stop issues (you'll need sudo)
2. Log permissions (looking at logs may be an issue)
3. Deployment permissions (more about that below)

Also, NetBeans 21 just came out and is available via snap. Is there any 
reason to run NetBeans 16?


NetBeans allows you to start up a Tomcat instance in normal, debug, or 
profile mode from the IDE. It does this by using the Tomcat-provided 
catalina.(sh/bat) script. That's going to be an issue if you're using a 
package-installed Tomcat.


In the NetBeans server setup, you can either use shared memory or JMX 
(and specify the port) for a Tomcat server. By default, NetBeans will 
use shared memory for a Tomcat running on the same machine.


NetBeans deploys an application to Tomcat that it controls by copying a 
context.xml file over to the appropriate location in a Tomcat installation
($CATALINA_HOME/conf/Catalina/localhost/appname.xml) with an appropriate 
docBase.  For example, if you are running a Maven project, that docBase 
will be:


${project.basedir}/${project.build.directory}/${project.artifactId}-${project.version}

This enables a project to be deployed quickly, as well as enables hot 
reloads if you enable compile on save.


Deploying and redeploying a web application for debugging may run into 
permissions issue if you're using a package-installed version of Tomcat.


So, in summary:

1. Download Tomcat from tomcat.apache.org
2. Extract and install it in a reasonable spot underneath your home 
directory

3. Edit server.xml to change any ports (if necessary)
4. Edit tomcat-users.xml to add a user with a manager-script role (see 
comments in file)

5. Configure NetBeans to use the freshly installed Tomcat

Debugging is then simply starting Tomcat in debug mode. This is how I 
work on Windows, Ubuntu, Fedora, and have people set up on MacOS.


. . . just my two cents
/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Nothing but 404 errors

[Mark Eggers]

On 9/5/2024 8:40 AM, David Rush wrote:

Darryl:

Do you have a script or something that copies the "needed files" from the
previous version to the new version?

Seems like you would need to copy all your webapps and any customizations
in your config files (I sometimes tweak my server.xml and
logging.properties).

David


I tend to set up my Tomcat environments like the following:

/home/tcadmin/Apache/apache-tomcat-9.0.xx
This is the unaltered unpacking of that tar.gz file from tomcat.apache..org

/home/tcadmin/Platforms/serviceName/9.0.xx
This is the location for a particular service's files that are different 
than the stock Tomcat. Things such as altered server.xml, 
tomcat-users.xml, and Tomcat-wide library files go here.


/home/tcadmin/Platforms/serviceName/vhhosts/hostName/webapps
This is the location of a serviceName's virtual host web application 
directory. A particular service can host multiple virtual hosts, so each 
potential virtual host gets its own webapps directory.


To create a service, I use the following structure:

/home/tcadmin/Services/serviceName/CATALINA_HOME
/home/tcadmin/Services/serviceName/CATALINA_BASE

Link CATALINA_HOME to the appropriate 
/home/tcadmin/Apache/apache-tomcat-9.0.xx directory.


Link CATALINA_BASE to the appropriate 
/home/tcadmin/Platforms/serviceName/9.0.xx directory.


server.xml contains a Host node with:

appBase="/home/tcadmin/Platforms/serviceName/vhost/hostName/webapps"

Now to update, all you do is:

1. Unpack a new version of Tomcat in 
/home/tcadmin/Apache/apache-tomcat-9.0.xx

2. Create a new directory i/home/tcadmin/Platforms/serviceName/9.0.xx
3. Copy appropriate files into /home/tcadmin/Platforms/serviceName/9.0.xx
4. Edit the copied files to match the current configuration

Note that the above 4 steps can be done while the environment is 
running. They can also be automated with scripts.


To update, do the following:

1. Shut down the existing Tomcat service
2. Delete the links in /home/tcadmin/Services/serviceName
3. Make new links to the new places created above
4. Start service

Check either /home/tcadmin/Services/serviceName/CATALINA_BASE/logs or
/home/tcadmin/Platforms/serviceName/9.0.xx/logs for issues.

Oh, and on Ubuntu, the following works so that you can create multiple 
Tomcat services:


Environment=CATALINA_HOME=/home/tcadmin/Services/%i/CATALINA_HOME/
Environment=CATALINA_BASE=/home/tcadmin/Services/%i/CATALINA_BASE/
Environment=CATALINA_PID=/var/run/tomcat/%i.pid

Then you can create a template systemd file with a name like 
tomcat-@.service. When you enable the service, use 
tomcat-serviceName.service. That way you can have multiple Tomcat 
services on one platform.


You'll also need to create /var/run/tomcat at boot, since the /var/run 
filesystem is ephemeral.  Something like the following should work:


[Unit]
Description=Create Tomcat PID directory

[Service]
Type=oneshot
RuntimeDirectory=tomcat
User=tcadmin
Group=tcadmin
ExecStart=/bin/true
RemainAfterExit=true

[Install]
WantedBy=multi-user.target

Finally, if you use the Manager application, you'll need to create a 
manager.xml file in every Platform/serviceName/9.0.xx/conf/Catalina/hostName


Change version numbers (9.0.xx) to suit your environment.

The service account (tcadmin) is an unprivileged user account that 
cannot be logged into remotely. You muse log into the remote system, 
then su to that account. I suppose that I could protect it via sudo so 
that sudo -i -u tcadmin would work.


I think that's about it.

. . . just my two cents
/mde/



On Thu, Sep 5, 2024 at 9:29 AM Darryl Baker 
wrote:


My method for updating Tomcat is that it lives behind a symbolic link.
/opt/tomcat/latest points to the version I want to run.
/opt/tomcat/apache-tomcat-9.0.XX when I want to upgrade I untar the latest
version, stop the running version, copy over the needed files to the new
version, repoint the link, and start up the new version. The system control
file use the symbolic link so needs no changes.

Darryl Baker, GSEC, GCLD (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
4th Floor
2020 Ridge Avenue
Evanston, IL 60208-0801
darryl.ba...@northwestern.edu 
(847) 467-6674 




On 9/5/24, 9:56 AM, "David Rush" > wrote:


Sebastian:


I want to keep HOME and BASE separate so that when a new version of Tomcat
comes out it's easy to swap the new binary download in at CATALINA_HOME
without impacting my configuration or webapps in CATALINA_BASE


David


On Thu, Sep 5, 2024 at 8:52 AM Sebastian Trost
mailto:m...@sebastiantrost.de.inva>lid>
wrote:



David,

On 05.09.2024 16:13, David Rush wrote:

My CATALINA_HOME is /opt/tomcat9/home (which is a symlink to
/opt/tomcat9/apache-tomcat-9.0.93)
My CATALINA_BASE is /var/opt/tomcat9

Why are you setting the CATALINA_BASE-variable? If you're running just
one Tomcat instance, this variable is not needed. Also, you point this
variable to a differ

Re: Getting some peculiar TLS results in Tomcat 7

[Mark Eggers]

On 8/13/2021 5:27 PM, James H. H. Lampert wrote:

While we've been systematically updating our customer boxes, a few of
our customer boxes are still on Tomcat 7.

I've got the following Connector tag set up in server.xml:


compressableMimeType="text/html,text/xml,text/plain,text/css,
 text/javascript,text/json,application/x-javascript,  
application/javascript,application/json" />
And yet SSLLabs tells me the box in question is still accepting TLS 1.0 
and TLS 1.1.


Can anybody shed any light on this? (And yes, I know, "alias" should be 
"keyAlias," but it's the only chain in the keystore, so it shouldn't 
make any difference.)


https://tomcat.apache.org/tomcat-7.0-doc/config/http.html

Search for sslEnabledProtocols

. . . just my two cents
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: Getting some peculiar TLS results in Tomcat 7

[Mark Eggers]

Chris,

On 8/16/2021 12:56 PM, Christopher Schultz wrote:

protocol="org.apache.coyote.http11.Http11Protocol" 
sslEnabledProtocols="TLSv1.2"


... and have no other protocol-related configuration settings.


Thanks.

That was my take as well. However, I figured the original author could 
read the documentation and not have it spelled out.


I'm a little out of my field here since we do all of our HTTPS stuff on 
Apache HTTPD or AWS load balancers at $work.


Nexus 3 uses Jetty under the covers, so when I implement a local docker 
repository, I'll have to wade through that (not looking forward to it).




OpenPGP_signature
Description: OpenPGP digital signature

Re: 200 response and redirect for ".../test.jsp"

[Mark Eggers]

Folks,

On 8/24/2021 3:55 PM, Christopher Schultz wrote:

James,

On 8/24/21 17:20, James H. H. Lampert wrote:
I could have sworn I asked about this over a year ago, but I can't 
find any record of having done so.


We've got a low-priority complaint about a security scan looking for 
"test.jsp" on one of our installations, expecting a 404 response, and 
instead getting a 200 response and a redirect to our own error page.


Just a sanity check: this *is* a problem with our ROOT context, not 
with Tomcat itself, right? And it has to be solved within our ROOT 
context, right?


My guess is that the vuln scanner assumes that "GET test.jsp" returning 
a 200 response means "it's got something bad in there". They are 
probably thinking about a *specific* test.jsp file, but you just happen 
to have one, probably as part of your application.


If you haven't deployed any of Tomcat's "example", "docs", or ROOT 
applications (meaning, the ROOT webapp that hosts Tomcat's documentation 
and stuff), then yes, this complaint is being aimed at your application.


You should probably be able to find test.jsp on your disk, or in your 
WAR file if for some reason you aren't exploding WAR files on deployment.


Go read the source for that file and maybe it will give you some insight 
as to where it came from.


-chris


If I understand correctly, the security scanning looks for something 
like this:


/appname/../test.jsp

How that triggers a 200, then generates an application error page I'm 
not certain.


In your application, do you have an  specified for 404 errors?

In your ROOT application (if different from your regular application) do 
you have an  specified?


What my $work environment has are application-specific error pages per 
application, and a generic error page for the ROOT application, which is 
just a placeholder.


Going to /appname/../test.jsp in my $work environment ends up at ROOT, 
which generates a 404 and the generic error page since there is no 
test.jsp page.


My $work environment has front end Apache HTTPD servers connected to 
multiple Tomcats via mod_jk. This may influence the results.


Security scans by various clients of $work have not complained about the 
above setup.


. . . just my two cents
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: Timestamp Error

[Mark Eggers]

Jerry,

On 8/26/2021 6:35 PM, Jerry Malcolm wrote:
I am encountering a weird problem. I'm getting the following SQL error 
on an INSERT command.


com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: 
Incorrect datetime value: '1969-12-31 18:00:00.0' for column...

The column is a TIMESTAMP in mySQL.

I pasted the SQL statement directly out of my log into phpMyAdmin, and 
it worked.  When I change the date to '2021-08-27 01:03:18.1077537'

it also works.

I tried it on my production AWS server.  The server timezone was 
different but same failure with '1970-01-01 00:00:00.0'


I'm running Win10 with latest updates (AWS Linux 2 on production)
TC 9.0.16
mysql-connector-java-8.0.26.jar
mysql5.7.19

I found some discussions on the web from around 2016.  But it just said 
to update the connector and TC. My versions are already way

past 2016 versions.

My biggest concern is that some dates work and some don't.  If I have to 
avoid dates that fail, I can probably do that.  But right now,

I don't know what dates are going to work and what dates are going to fail.

Am I missing something obvious?  I've never had a SQL statement that 
failed consistently on TC but worked when pasted into phpMyAdmin.


Suggestions?

Thanks.

Jerry




https://dev.mysql.com/doc/refman/5.7/en/datetime.html

When you paste from the logs, you're not pasting what the original 
INSERT command is doing. Therefore, it will work, since the error 
message is giving the minimum date back that is supported by MySQL.


. . . just my two cents
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: Timestamp Error

[Mark Eggers]

On 8/27/2021 11:16 AM, Jerry Malcolm wrote:


On 8/27/2021 11:55 AM, Christopher Schultz wrote:

Mark and Jerry,

On 8/26/21 22:03, Mark Eggers wrote:

Jerry,

On 8/26/2021 6:35 PM, Jerry Malcolm wrote:
I am encountering a weird problem. I'm getting the following SQL 
error on an INSERT command.


com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: 
Incorrect datetime value: '1969-12-31 18:00:00.0' for column...

The column is a TIMESTAMP in mySQL.

I pasted the SQL statement directly out of my log into phpMyAdmin, 
and it worked.  When I change the date to '2021-08-27 01:03:18.1077537'

it also works.

I tried it on my production AWS server.  The server timezone was 
different but same failure with '1970-01-01 00:00:00.0'


I'm running Win10 with latest updates (AWS Linux 2 on production)
TC 9.0.16
mysql-connector-java-8.0.26.jar
mysql5.7.19

I found some discussions on the web from around 2016.  But it just 
said to update the connector and TC. My versions are already way

past 2016 versions.

My biggest concern is that some dates work and some don't.  If I 
have to avoid dates that fail, I can probably do that.  But right now,
I don't know what dates are going to work and what dates are going 
to fail.


Am I missing something obvious?  I've never had a SQL statement that 
failed consistently on TC but worked when pasted into phpMyAdmin.


Suggestions?

Thanks.

Jerry


There is a setting in the driver called something like "null means 
zero datetime" which may confuse the heck out of TIMESTAMP columns, 
which expect a UNIX-epoch timestamp value.


The datetime value '1969-12-31 18:00:00.0' you may recognize as the 
start of the UNIX Epoch minus 6 hours, which suggests to me that your 
system is running in Us-Mountain Time, 6 hours behind UTC in the summer.


I would bet that you are trying to insert a NULL into a TIMESTAMP, and 
that your driver is using MDT as your time zone, trying to convert 
NULL -> 1970-01-01 00:00:00 UTC -> 1969-12-31 18:00:00 MDT -> boom, 
since the minimum allowed TIMESTAMP value is 1970-01-01 00:00:00.


Might I ask why you are using a TIMESTAMP field? IMHO they aren't good 
for much...


-chris

Chris,  thanks for the info.  Why timestamp?  Unfortunately, some of 
this code was written 20+ years ago when I was a lot less 
knowledgeable... But too difficult to change now.


I'm not inserting nulls.  Always a quoted date/time string.

You are correct about the timezone.  That's on my dev laptop, and I 
never got around to setting the timezone stuff correctly on my my dev 
machine.  However, my production server (Linux) does have the timezones 
all set correctly.  My insert statement has a value of "new 
Timestamp(0).toString()".  On the production server, this becomes 
'1970-01-01 00:00:00.0' and it still fails on production.


Is the jdbc driver enforcing the minimum timestamp value?  mySQL accepts 
1969-12-31 18:00:00.0 in the insert statement.  mySQL may be adjusting 
the time +6 on my laptop back up the epoch value before storing it.  But 
the situation still remains that the same insert statement works on 
phpMyAdmin and fails on TC.


The timezone thing is just adding unnecessary complexity to the 
problem.  The production server fails on TC with '1970-01-01 00:00:00.0' 
in the insert statement, but works with that value when inserted into 
mySQL pasting the insert statement into phpMyAdmin.


The exception is com.mysql.cj.jdbc.exceptions.MysqlDataTruncation.  Is 
the driver detecting this and generating the exception?  Or does the 
insert statement get all the way to mySQL and mySQL fails back to the 
driver followed by the driver throwing the exception?


Jerry


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



https://docs.oracle.com/javase/8/docs/api/java/sql/Timestamp.html

See the constructor: public Timestamp(long time)

. . . just my two cents
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: server returned HTTP response code 403 during ant install operation

[Mark Eggers]

Barry,

On 9/18/2021 1:31 PM, Barry Kimelman wrote:

I am running tomcat 9.0.52 on ubuntu 20.04 LTS

I am able to compile my application but when I issue the "ant install"
command it fails with the following error message

[barry] /home/barry/tomcat/hockey3 1106 ant install
Buildfile: /home/barry/tomcat/hockey3/build.xml
Trying to override old definition of datatype resources

prepare:

compile:

install:

BUILD FAILED
/home/barry/tomcat/hockey3/build.xml:370: java.io.IOException: Server
returned HTTP response code: 403 for URL:
http://localhost:8080/manager/text/deploy?path=%2Fhockey3&war=file%3A%2F%2F%2Fhome%2Fbarry%2Ftomcat%2Fhockey3%2Fbuild
 at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1924)
 at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
 at
org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:224)
 at org.apache.catalina.ant.DeployTask.execute(DeployTask.java:180)
 at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
 at jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
 at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.base/java.lang.reflect.Method.invoke(Method.java:566)
 at
org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
 at org.apache.tools.ant.Task.perform(Task.java:350)
 at org.apache.tools.ant.Target.execute(Target.java:449)
 at org.apache.tools.ant.Target.performTasks(Target.java:470)
 at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1391)
 at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
 at
org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
 at org.apache.tools.ant.Project.executeTargets(Project.java:1254)
 at org.apache.tools.ant.Main.runBuild(Main.java:830)
 at org.apache.tools.ant.Main.startAnt(Main.java:223)
 at org.apache.tools.ant.launch.Launcher.run(Launcher.java:284)
 at org.apache.tools.ant.launch.Launcher.main(Launcher.java:101)

Total time: 0 seconds

My tomcat-users.xml file has the following content (after the comments are
removed)

  1 
  2
  3 http://tomcat.apache.org/xml";
  4  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  5  xsi:schemaLocation="http://tomcat.apache.org/xml
tomcat-users.xsd"
  6  version="1.0">
  7
  8  
  9  
 10  
 11  
 12  
 13  
 14  
 15
 16 

my build.properties file has the following data

# Context path to install this application on
app.path=/hockey3

# Tomcat 9 installation directory
catalina.home=/opt/tomcat

# Manager webapp username and password
manager.username=admin_user
manager.password=admin_password

I have been busy google searching but nothing usefull has turned up so far.
How can I fix this 403 error problem ?

Thanks.



http://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Executing_Manager_Commands_With_Ant

Fourth bullet point.

Hope this helps.

. . . just my two cents.
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: Apache Tomcat/9.0.52 - New Install has 2 Tomcat Services Running?

[Mark Eggers]

Terrence,

On 9/20/2021 11:49 AM, Terrence Rideau wrote:

I have a new Linux install of Apache Tomcat/9.0.52.   When I start Tomcat using 
"/bin/systemctl start tomcat" it starts with 2 Tomcat services.

My webapp runs but I have a issue importing and the application support team 
thinks it is related to my having 2 Tomcat Services.

How do I remove the 2nd Tomcat service or is this normal?

Terrence


I think that we'll need a lot more information before we can be helpful.

Things like:

1. What platform?
2. How did you install Tomcat?
3. How did you enable Tomcat with systemd / systemctl?
4. What's the content of /etc/systemd/system/multi-user.target.wants?

If this is a custom systemd script, then maybe post that with all 
secrets (passwords, etc.) replaced.


I have two types of systems that use systemd - CentOS 7 and Ubuntu 
20.04. I wrote my own systemctl script and installed Tomcat from 
tomcat.apache.org using the tar.gz file.


My script is sort of hackish, so I'm not really keen to share it. It's 
also different between CentOS 7 and Ubuntu due to the way positional 
parameters seem to be handled in Ubuntu vs. CentOS 7.


Or maybe it's my lack of understanding concerning systemd (more likely).

Anyway, start with that set of questions, and hopefully someone will be 
able to help out.


. . . just my two cents
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: Security Vulnerability Question

[Mark Eggers]

On 10/13/2021 11:16 AM, Kenaw, Seretseab wrote:

Hello,

Our IT team just notified us with a severe security vulnerability on our web 
application with the Tomcat version that we are using (9.0.12). What 
remediations can we use to quickly fix the issue?

Thank you
Seretseab Kenaw

CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may 
contain proprietary and privileged information for the use of the designated 
recipients named above. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.



Update.

Your version of Tomcat is over 3 years old. There are multiple security 
vulnerabilities that have been addressed since then.


See: https://tomcat.apache.org/security-9.html

. . . just my two cents
/mde/


OpenPGP_signature
Description: OpenPGP digital signature

Re: Strange Oracle JDBC Driver error on Application Deployment

[Mark Eggers]

Jon,

On 11/2/2021 3:26 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:

I have an application team that is getting the following stack trace while starting 
Tomcat 8.5.70. I've done some searching but can't find anything. In looking at their 
context.xml it appears that they have jmxEnabled="false" in each of the 
resources.

Any assistance would be grand.

Thanks,

 Stack Trace 

02-Nov-2021 13:01:45.809 SEVERE [localhost-startStop-1] 
org.apache.tomcat.jdbc.pool.DataSource.registerJmx Unable to register JDBC pool 
with JMX
 java.lang.NullPointerException
 at 
org.apache.tomcat.jdbc.pool.DataSource.registerJmx(DataSource.java:129)
 at 
org.apache.tomcat.jdbc.pool.DataSource.preRegister(DataSource.java:98)
 at 
org.apache.tomcat.util.modeler.BaseModelMBean.preRegister(BaseModelMBean.java:927)
 at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.preRegister(DefaultMBeanServerInterceptor.java:1007)
 at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:919)
 at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:900)
 at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:324)
 at 
com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
 at 
org.apache.tomcat.util.modeler.Registry.registerComponent(Registry.java:637)
 at 
org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1014)
 at 
org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:552)
 at 
org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:245)
 at 
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
 at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5130)
 at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
 at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)
 at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:727)
 at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:695)
 at 
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1016)
 at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1903)
 at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
 at 
java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)
02-Nov-2021 13:01:46.066 SEVERE [localhost-startStop-1] 
org.apache.tomcat.jdbc.pool.DataSource.registerJmx Unable to register JDBC pool 
with JMX
 java.lang.NullPointerException
 at 
org.apache.tomcat.jdbc.pool.DataSource.registerJmx(DataSource.java:129)
 at 
org.apache.tomcat.jdbc.pool.DataSource.preRegister(DataSource.java:98)
 at 
org.apache.tomcat.util.modeler.BaseModelMBean.preRegister(BaseModelMBean.java:927)
 at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.preRegister(DefaultMBeanServerInterceptor.java:1007)
 at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:919)
 at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:900)
 at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:324)
 at 
com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
 at 
org.apache.tomcat.util.modeler.Registry.registerComponent(Registry.java:637)
 at 
org.apache.catalina.core.NamingContextListener.addR

Re: How to *properly* create and use a CATALINA_BASE installation

[Mark Eggers]

On 11/17/2021 5:28 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:

We export it. You have to make sure the setenv.sh is calling setenv.sh. it 
works fine for me.­


Thanks,


Sent with BlackBerry Work (www.blackberry.com)

From: Michael B Allen 
Sent: Nov 17, 2021 6:54 PM
To: Tomcat Users List 
Subject: Re: How to *properly* create and use a CATALINA_BASE installation

On Wed, Nov 17, 2021 at 11:04 AM  wrote:

I, in my opinion, find it far easier to set my BASE in the setenv.sh for the 
instance I'm using. As Chris said, you can have multiple instances (BASEs) on a 
server.


Jon,

If you mean you're setting $CATALINA_BASE in setenv.sh, I don't think
that will work because when you run $CATALINA_BASE/bin/startup.sh,
$CATALINA_BASE won't be set yet and so it's going to set
$CATALINA_BASE to $CATALINA_HOME and then source the
$CATALINA_HOME/bin/setenv.sh and not the $CATALINA_BASE specific
setenv.sh. I think that's what Chris was referring to in his first
reply to you.

Although if I'm using a $CATALINA_BASE/bin/run.sh alternative to
startup.sh like in my previous post, I would probably just put ALL the
various environment variables (listed at the top of bin/catalina.sh)
in there too. Using setenv.sh at that point would just be needlessly
spreading config around.

The documentation currently seems to be targeting installations shared
by multiple different users where $CATALINA_HOME and $CATALINA_BASE
get set in the users environment such that different users can have
different bases but share a common installation like in /usr/local or
some such. Then you *would* want to put base specific stuff in
$CATALINA_BASE/bin/setenv.sh. But IMO that's kind of a late 90's way
of doing things. Nowadays, not only do people have their own machines,
but they have multiple instances in VMs and private servers and docker
and so on. So I think the self-contained $CATALINA_BASE/bin/run.sh
method is probably a little better for most cases (although I still
need to study the Windows service use-case which is probably
important).

Mike

--
Michael B Allen
Java Active Directory Integration
https://urldefense.com/v3/__http://www.ioplex.com/__;!!F9svGWnIaVPGSwU!4iBjG2OA7erMr6vPvbqVyxiEd3LfwnDYJHJSyYeYUf-BvIj0XsTET3jr1g4QVb95_R5ATTc$


On Linux with systemd, I put the following in the systemd file:

Environment=CATALINA_HOME=/home/tcadmin/Services/[sname]/CATALINA_HOME/
Environment=CATALINA_BASE=/home/tcadmin/Services/[sname]CATALINA_BASE/
Environment=CATALINA_PID=/var/run/tomcat/[sname].pid

where [sname] is the name of the service.

tcadmin is the unprivileged user that runs all the Tomcats on the system.

Everything else is set in 
/home/tcadmin/Services/[sname]/CATALINA_BASE/bin/setenv.sh


For the old style init.d systems, I put everything in:

/etc/sysconfig/[tomcatx]/[sname]

where [tomcatx] is the base version of Tomcat, and [sname] is the 
service name.


Then there is an init file for each service that reads the
appropriate /etc/sysconfig/[tomcatx]/[sname] file to set the up the 
environment.


CATALINA_HOME and CATALINA_BASE are links to an appropriate Tomcat 
installation, and one configured for that particular service.


Then to upgrade to a new Tomcat, you do the following:

1. Unpack the new reference version of Tomcat somewhere which becomes 
CATALINA_HOME.


2. Create the new service-specific installation of Tomcat which becomes 
CATALINA_BASE.


All of the above can be done without disturbing the existing service.

To upgrade, do the following:

1. Shut down the service
2. Move the links
3. Start up the service

If things blow up in your face, then the roll back is really easy:

1. Shut down the service
2. Restore the links
3. Start up the service

Since the CATALINA_BASE is linked to a version-specific directory, 
you'll have log files to figure out why things didn't go according to 
plan if you have to roll back.


Automate configuring your CATALINA_BASE setup with a couple of Ant 
build.xml files, a couple of property files, with an XSLT file or two, 
and configuring a new version of Tomcat takes a few seconds.


Version the property files to keep track of Tomcat updates, and you can 
keep track of what was changed, by whom, and when. All of that makes a 
sysadmin a happy camper.


Add more or less automation to taste.

This is of course only germane if you're running a traditional IS 
architecture.


. . . just my two cents
/mde/


OpenPGP_signature
Description: OpenPGP digital signature

Re: How to *properly* create and use a CATALINA_BASE installation

[Mark Eggers]

Mike,

On 11/17/2021 7:16 PM, Michael B Allen wrote:

On Wed, Nov 17, 2021 at 9:05 PM Mark Eggers
 wrote:

CATALINA_HOME and CATALINA_BASE are links to an appropriate Tomcat
installation, and one configured for that particular service.

Then to upgrade to a new Tomcat, you do the following:

1. Unpack the new reference version of Tomcat somewhere which becomes
CATALINA_HOME.

2. Create the new service-specific installation of Tomcat which becomes
CATALINA_BASE.

All of the above can be done without disturbing the existing service.

To upgrade, do the following:

1. Shut down the service
2. Move the links
3. Start up the service

If things blow up in your face, then the roll back is really easy:

1. Shut down the service
2. Restore the links
3. Start up the service


This makes me realize my proposed bin/run.sh method is not really
tuned for production. Indeed links could be used to great effect here.
Windows has mklink /d   which is essentially the same
as ln on *nix near as I can tell. Might help with issues like the
catalina.policy file path in the registry when using the Windows
service.

Mike


How well do mklinks work with services? I am not really a Windows 
administrator, so I have no idea.


It's just something to consider, where Windows operates almost, but not 
quite, entirely unlike Linux.


. . . just my two cents
/mde/


OpenPGP_signature
Description: OpenPGP digital signature

Re: How to *properly* create and use a CATALINA_BASE installation

[Mark Eggers]

Jon,

On 11/17/2021 6:54 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:

Sorry about my bad reply order.  Mark, you do a lot of what I do, but most of 
our stuff isn't using initd. I like your use of links, best way to handle 
upgrades, imo.­


Thanks,


Sent with BlackBerry Work (www.blackberry.com)

From: Mark Eggers 
Sent: Nov 17, 2021 8:10 PM
To: users@tomcat.apache.org
Subject: Re: How to *properly* create and use a CATALINA_BASE installation


On 11/17/2021 5:28 PM, 
jonmcalexan...@wellsfargo.com.INVALID<mailto:jonmcalexan...@wellsfargo.com.INVALID>
 wrote:

We export it. You have to make sure the setenv.sh<http://setenv.sh> is calling 
setenv.sh<http://setenv.sh>. it works fine for me.­


Thanks,


Sent with BlackBerry Work (www.blackberry.com<http://www.blackberry.com>)

From: Michael B Allen mailto:iop...@gmail.com>>
Sent: Nov 17, 2021 6:54 PM
To: Tomcat Users List mailto:users@tomcat.apache.org>>
Subject: Re: How to *properly* create and use a CATALINA_BASE installation

On Wed, Nov 17, 2021 at 11:04 AM 
mailto:jonmcalexan...@wellsfargo.com.invalid>>
 wrote:

I, in my opinion, find it far easier to set my BASE in the 
setenv.sh<http://setenv.sh> for the instance I'm using. As Chris said, you can 
have multiple instances (BASEs) on a server.


Jon,

If you mean you're setting $CATALINA_BASE in setenv.sh<http://setenv.sh>, I 
don't think
that will work because when you run 
$CATALINA_BASE/bin/startup.sh<http://startup.sh>,
$CATALINA_BASE won't be set yet and so it's going to set
$CATALINA_BASE to $CATALINA_HOME and then source the
$CATALINA_HOME/bin/setenv.sh<http://setenv.sh> and not the $CATALINA_BASE 
specific
setenv.sh<http://setenv.sh>. I think that's what Chris was referring to in his 
first
reply to you.

Although if I'm using a $CATALINA_BASE/bin/run.sh<http://run.sh> alternative to
startup.sh<http://startup.sh> like in my previous post, I would probably just 
put ALL the
various environment variables (listed at the top of 
bin/catalina.sh<http://catalina.sh>)
in there too. Using setenv.sh<http://setenv.sh> at that point would just be 
needlessly
spreading config around.

The documentation currently seems to be targeting installations shared
by multiple different users where $CATALINA_HOME and $CATALINA_BASE
get set in the users environment such that different users can have
different bases but share a common installation like in /usr/local or
some such. Then you *would* want to put base specific stuff in
$CATALINA_BASE/bin/setenv.sh<http://setenv.sh>. But IMO that's kind of a late 
90's way
of doing things. Nowadays, not only do people have their own machines,
but they have multiple instances in VMs and private servers and docker
and so on. So I think the self-contained 
$CATALINA_BASE/bin/run.sh<http://run.sh>
method is probably a little better for most cases (although I still
need to study the Windows service use-case which is probably
important).

Mike

--
Michael B Allen
Java Active Directory Integration
https://urldefense.com/v3/__http://www.ioplex.com/__;!!F9svGWnIaVPGSwU!4iBjG2OA7erMr6vPvbqVyxiEd3LfwnDYJHJSyYeYUf-BvIj0XsTET3jr1g4QVb95_R5ATTc$
 ;


On Linux with systemd, I put the following in the systemd file:

Environment=CATALINA_HOME=/home/tcadmin/Services/[sname]/CATALINA_HOME/
Environment=CATALINA_BASE=/home/tcadmin/Services/[sname]CATALINA_BASE/
Environment=CATALINA_PID=/var/run/tomcat/[sname].pid

where [sname] is the name of the service.

tcadmin is the unprivileged user that runs all the Tomcats on the system.

Everything else is set in
/home/tcadmin/Services/[sname]/CATALINA_BASE/bin/setenv.sh<http://setenv.sh>

For the old style init.d systems, I put everything in:

/etc/sysconfig/[tomcatx]/[sname]

where [tomcatx] is the base version of Tomcat, and [sname] is the
service name.

Then there is an init file for each service that reads the
appropriate /etc/sysconfig/[tomcatx]/[sname] file to set the up the
environment.

CATALINA_HOME and CATALINA_BASE are links to an appropriate Tomcat
installation, and one configured for that particular service.

Then to upgrade to a new Tomcat, you do the following:

1. Unpack the new reference version of Tomcat somewhere which becomes
CATALINA_HOME.

2. Create the new service-specific installation of Tomcat which becomes
CATALINA_BASE.

All of the above can be done without disturbing the existing service.

To upgrade, do the following:

1. Shut down the service
2. Move the links
3. Start up the service

If things blow up in your face, then the roll back is really easy:

1. Shut down the service
2. Restore the links
3. Start up the service

Since the CATALINA_BASE is linked to a version-specific directory,
you'll have log files to figure out why things didn't go according to
plan if you have t

Re: BasicDataSource restart()

[Mark Eggers]

Jerry,

On 11/30/2021 10:06 PM, Jerry Malcolm wrote:
I'm circling back to this after a few months.  I am building on a 
Windows 10 box with 9.0.52 TC.  But I'm running on an AWS Linux2 with 
8.5.72.  This has never caused any problems so far, or at least as far 
as I can tell.  But I'm hitting something strange with this relatively 
new BasicDataSource.restart() method.   My reference to restart() builds 
fine.  But when I run it on the 8.5.72 server I get: 
java.lang.NoSuchMethodError: 'void 
org.apache.tomcat.dbcp.dbcp2.BasicDataSource.restart()'


Rémy mentioned that it should be in TC 8.5.58+.   This is a relatively 
clean EC2 on AWS, not running much other than Tomcat. And I have not 
done in backdoor (non yum) installs of TC that might have left old jar 
files around.   I noticed that there are 2 dbcp2 jar files in TC's lib. 
One is from the java install.  But the error message above is a tomcat 
path.  So I'm assuming it's tomcat's dbcp2 jar that's being referenced. 
I exploded the jar hoping there would be some version numbers somewhere 
inside telling me if I somehow have a backlevel jar.  But I couldn't 
find anything.  All I know is it's date is 2/25/2021 and it's 286,358 
bytes.


Any other ideas come to mind why it's telling me the restart() method 
doesn't exist?


Thx as always.

Jerry


On 9/7/2021 2:49 PM, Jerry Malcolm wrote:


On 9/7/2021 2:35 PM, Christopher Schultz wrote:

Jerry, Rémy,

On 9/3/21 07:15, Rémy Maucherat wrote:
On Fri, Sep 3, 2021 at 2:46 AM Jerry Malcolm 
 wrote:


I have a requirement to start a new log database on the first of every
month.  I still need to have access to older monthly log 
databases.   I

do not want to create a bunch of hardcoded manually configured
individual datasources, one for each month.  I have a dynamic 
datasource

solution that is completely implemented and working except for one
little thing.

I access the BasicDataSource implementation class for the 
datasource.  I

have an algorithm that substitutes _MM at the appropriate spot in
the configured URL and then updates the url in the datasource. All of
this works great.  I can live with the fact that the datasource can 
only

point to one database at a time.  My concern is that once I transition
to another database, there are existing connections in the pool 
that are

already attached to the old database.  I need to clear those out and
start over.  But I don't have the luxury of bouncing tomcat to 
clean it up.


The apache commons BasicDataSource has a restart() method. But
unfortunately that method is omitted from the Tomcat version. There 
is a

close() method on the BasicDataSource.  But I don't see anything that
will re-open it after closing.  I thought about changing maxActive 
to 0,

and waiting for it to drain, then setting it back to the original
value.  None of these sound like an ideal solution.  Without a 
restart()

method, is there any other way to force all existing connections to
close and start clean?


The code is kept in sync with DBCP (with a bit of lag maybe), so these
lifecycle methods were also added to Tomcat one year ago (9.0.38+ and
8.5.58+).


We are using this at $work to bounce our database connection pools 
after TLS client certificate changes. This is the code we are using 
to reload the pool:


  try
  {
  Context ctx = new InitialContext();

  DataSource ds = (DataSource)ctx.lookup(getJNDIPath());

  if(null == ds)
  throw new ServiceException("Cannot obtain DataSource");

  if(isInstanceOf(ds, 
"org.apache.tomcat.dbcp.dbcp2.BasicDataSource")
 || isInstanceOf(ds, 
"org.apache.commons.dbcp2.BasicDataSource")) {


  return call(ds, "restart");
  }
  } catch (Exception e) {
org.apache.log4j.Logger.getLogger(this.getClass()).error("Failed to 
reload DataSource " + getJNDIPath());

  }

The call() method simply encapsulates all of the work to make a 
reflective method call to BasicDataSource.restart().


As Rémy points out, it requires a Tomcat version 9.0.38+ or 8.5.58+.

Hope that helps,
-chris


Chris,

I'll definitely try this.  But I'm curious about the restart method. 
Is it some sort of a hidden method that's only available to 
reflection?  Seems it would be a lot more straightforward to just make 
the restart method public like it is in the apache version of 
BasicDataSource.  I'm not complaining.  If this works, then fine. Just 
curious.


Thx

Jerry


I haven't been following this thread, so I may be way off.

The last time I used an AWS EC2 instance "out of the box" with an 
AWS-supplied Tomcat, I ran into some very strange behavior.


It turns out that AWS packaged the 8.5.x Tomcat with the older (7.0.x) 
resource pool. I figured this out by looking at logs and seeing the 
complaints about my context.xml.


I raised the issue with AWS, and got silence back.

Ever since then, I package up my own version of Tomcat using releases 
from tomcat.apache.org.


Could you be experiencing some similar issue?

. . .

Re: BasicDataSource restart()

[Mark Eggers]

Jerry,

On 12/8/2021 9:18 PM, Jerry Malcolm wrote:


On 12/1/2021 10:38 AM, Jerry Malcolm wrote:

Mark,

On 12/1/2021 12:21 AM, Mark Eggers wrote:

Jerry,

On 11/30/2021 10:06 PM, Jerry Malcolm wrote:
I'm circling back to this after a few months.  I am building on a 
Windows 10 box with 9.0.52 TC. But I'm running on an AWS Linux2 with 
8.5.72.  This has never caused any problems so far, or at least as 
far as I can tell. But I'm hitting something strange with this 
relatively new BasicDataSource.restart() method.   My reference to 
restart() builds fine.  But when I run it on the 8.5.72 server I 
get: java.lang.NoSuchMethodError: 'void 
org.apache.tomcat.dbcp.dbcp2.BasicDataSource.restart()'


Rémy mentioned that it should be in TC 8.5.58+.   This is a 
relatively clean EC2 on AWS, not running much other than Tomcat. And 
I have not done in backdoor (non yum) installs of TC that might have 
left old jar files around.   I noticed that there are 2 dbcp2 jar 
files in TC's lib. One is from the java install. But the error 
message above is a tomcat path.  So I'm assuming it's tomcat's dbcp2 
jar that's being referenced. I exploded the jar hoping there would 
be some version numbers somewhere inside telling me if I somehow 
have a backlevel jar.  But I couldn't find anything.  All I know is 
it's date is 2/25/2021 and it's 286,358 bytes.


Any other ideas come to mind why it's telling me the restart() 
method doesn't exist?


Thx as always.

Jerry


On 9/7/2021 2:49 PM, Jerry Malcolm wrote:


On 9/7/2021 2:35 PM, Christopher Schultz wrote:

Jerry, Rémy,

On 9/3/21 07:15, Rémy Maucherat wrote:
On Fri, Sep 3, 2021 at 2:46 AM Jerry Malcolm 
 wrote:


I have a requirement to start a new log database on the first of 
every
month.  I still need to have access to older monthly log 
databases.   I

do not want to create a bunch of hardcoded manually configured
individual datasources, one for each month.  I have a dynamic 
datasource

solution that is completely implemented and working except for one
little thing.

I access the BasicDataSource implementation class for the 
datasource.  I
have an algorithm that substitutes _MM at the appropriate 
spot in
the configured URL and then updates the url in the datasource. 
All of
this works great.  I can live with the fact that the datasource 
can only
point to one database at a time.  My concern is that once I 
transition
to another database, there are existing connections in the pool 
that are
already attached to the old database.  I need to clear those out 
and
start over.  But I don't have the luxury of bouncing tomcat to 
clean it up.


The apache commons BasicDataSource has a restart() method. But
unfortunately that method is omitted from the Tomcat version. 
There is a
close() method on the BasicDataSource.  But I don't see anything 
that
will re-open it after closing.  I thought about changing 
maxActive to 0,

and waiting for it to drain, then setting it back to the original
value.  None of these sound like an ideal solution. Without a 
restart()

method, is there any other way to force all existing connections to
close and start clean?


The code is kept in sync with DBCP (with a bit of lag maybe), so 
these
lifecycle methods were also added to Tomcat one year ago (9.0.38+ 
and

8.5.58+).


We are using this at $work to bounce our database connection pools 
after TLS client certificate changes. This is the code we are 
using to reload the pool:


  try
  {
  Context ctx = new InitialContext();

  DataSource ds = (DataSource)ctx.lookup(getJNDIPath());

  if(null == ds)
  throw new ServiceException("Cannot obtain DataSource");

  if(isInstanceOf(ds, 
"org.apache.tomcat.dbcp.dbcp2.BasicDataSource")
 || isInstanceOf(ds, 
"org.apache.commons.dbcp2.BasicDataSource")) {


  return call(ds, "restart");
  }
  } catch (Exception e) {
org.apache.log4j.Logger.getLogger(this.getClass()).error("Failed 
to reload DataSource " + getJNDIPath());

  }

The call() method simply encapsulates all of the work to make a 
reflective method call to BasicDataSource.restart().


As Rémy points out, it requires a Tomcat version 9.0.38+ or 8.5.58+.

Hope that helps,
-chris


Chris,

I'll definitely try this.  But I'm curious about the restart 
method. Is it some sort of a hidden method that's only available to 
reflection?  Seems it would be a lot more straightforward to just 
make the restart method public like it is in the apache version of 
BasicDataSource.  I'm not complaining.  If this works, then fine. 
Just curious.


Thx

Jerry


I haven't been following this thread, so I may be way off.

The last time I used an AWS EC2 instance "out of the box" with an 
AWS-supplied Tomcat, I ran into some very strange behavior.


It turns out that AWS packaged the 8.5.x Tomcat with th

Re: [OT] BasicDataSource restart()

[Mark Eggers]

Chris,

On 12/9/2021 7:35 PM, Christopher Schultz wrote:

Mark,

On 12/9/21 00:54, Mark Eggers wrote:
Then there's clustering without multicast. Right now we don't use 
sessions, so I am not concerned about clustering. However, we will 
have some applications in the near future that will require sessions. 
Clustering across availability zones, and recovering seamlessly from 
region outages remain problems to be solved (preferably inexpensively).


Rémy did a lot of (all?) work on the Kubernetes integration over the 
past few years. You may find that you can migrate to that and never have 
to deal with multicast ever again.


-chris



I've seen that mentioned before. Once I get the applications behaving 
(memory constraints, etc), I will then look at running clusters on 
Kubernetes across multiple regions.


Thanks for the pointer.

. . . just my two cents
/mde/


OpenPGP_signature
Description: OpenPGP digital signature

[OT] Re: Critical Random "Can't read cryptographic policy directory: unlimited"

[Mark Eggers]

Jerry:

On 12/21/2021 4:17 PM, Jerry Malcolm wrote:

Mark,

Thanks for the comments.  I have somewhat of a solution.  I just want to 
document what I learned in case anyone else has this problem.  From what 
I have been able to determine, you are correct about it being an Amazon 
problem.  I don't really understand what is happening.  But here's what 
I found... After a day of testing all types of scenarios, I found that 
it only happens the first time after installing a new ami (image) on a 
brand new EC2 and bringing up the EC2 and auto-starting TC for  the 
first time.  But it fails EVERY time with this scenario. Bouncing TC 
fixed it every time. Bouncing the EC2 never causes it to come back. Only 
booting a brand new EC2 instance causes it. I tried removing the tomcat 
autostart, ran the ami EC2 creation, waited a bit, and went to the 
console and manually started tomcat.  No problem.


So all I can deduce from this is that there's a timing issue. I'm 
suspecting that AWS is starting up the EC2 before it is fully created 
(likely something not complete in the file system setup). I added a 
2-minute sleep in rc.local to delay the startup of tomcat long enough 
for whatever wasn't finished yet to complete. With a 2-min sleep, it now 
works every time.  Pretty ugly fix IMHO.  But working ugly beats not 
working pretty.  I'll probably play around with the 2-min sleep to see 
if I can reduce that.  I may try to talk to Amazon about it.  I may also 
try banging my head against the wall, probably with the same results as 
talking to amazon about this.


The takeaway from this is that AWS appears to be trying to shave a 
little performance delay by jumping the gun on the EC2 boot. The result 
in this case is TC saying the crypto file doesn't exist, but it does 
exist a minute or two later.  Likely nothing to do specifically with the 
crypto file.  That's just likely the first file needed that wasn't ready 
yet.


Moving on the next fire that needs to be put out...

Thx

Jerry


On 12/20/2021 5:22 AM, Mark Thomas wrote:

On 20/12/2021 06:59, Jerry Malcolm wrote:
I'm adding a slight variation to the error I get at times (see bottom 
of stack trace below)


This is the code that throws the root exception:

if (!Files.isDirectory(cryptoPolicyPath)
    || !Files.isReadable(cryptoPolicyPath)) {
    throw new SecurityException(
    "Can't read cryptographic policy directory: " +
    cryptoPolicyProperty);
}


That points very strongly to a file system issue. My recommendation is 
to take this up with AWS support.


Mark




On 12/19/2021 11:55 PM, Jerry Malcolm wrote:
I have a production environment of 10+ AWS EC2 servers all built 
from a single EC2 snapshot image. The master EC2 works fine.  But 
when we propagated the image to all of the production servers, we 
started getting  "Can't read cryptographic policy directory: 
unlimited" errors when I try to get a jdbc connection object from 
the pool.  Full stack trace is below.  The three critical lines in 
the trace are:


java.lang.ExceptionInInitializerError
Caused by: java.lang.SecurityException: Can not initialize 
cryptographic mechanism
Caused by: java.lang.SecurityException: Can't read cryptographic 
policy directory: unlimited


On some machines rebooting the tomcat service fixes the problem and 
it continues to work fine after that.  On other machines, the 
problem is still there after rebooting.  But even on the machines 
that are fixed after TC bounce, if I bounce the full EC2, the 
problem is back.


We've had this environment working for almost two years.  I did a 
minor version upgrade to TC 8.5.73 a month ago.  And I upgraded to 
java 11 probably a year ago.  Otherwise, no changes that I'm aware 
of.  Definitely nothing in the past few days before the error hit 
yesterday.


Everything I can find on google about the error messages says to 
make sure the 'unlimited' folder is present and accessible.  The 
folder is there and has been there untouched.  And I know it's not 
disappearing and reappearing to become accessible after the TC 
reboot that sometimes fixes the problem.


The mySQL RDS all of these instances talk to hasn't changed. And 
other servers that aren't part of this image distribution have no 
problems accessing it.  It just makes no sense that the same EC2 
image that works on one machine started failing on a bunch of 
identical configuration EC2s yesterday.


I know this call goes through layers of tomcat, layers of the mysql 
driver, and then layers of the jvm before it occurs. But can anyone 
help me understand what TC/mySQL might be trying to do with this 
call to JVM crypto code and why it has started failing on all of my 
servers?  Any Java crypto gurus out there?


Stack trace of error:

java.lang.ExceptionInInitializerError
at java.base/javax.crypto.Cipher.getInstance(Cipher.java:540)
at java.base/sun.security.ssl.JsseJce.getCipher(JsseJce.java:185)
at 
java.base/sun.security.ssl.SSLCipher.isTransformationAvailable(S

Re: Do I Need Network NameSpaces to Solve This Tomcat+Connector/J Problem?

[Mark Eggers]

Eric:

On 12/29/2021 1:04 PM, Eric Robinson wrote:

We want to run a large number of tomcat instances on the same server without 
virtualization or containerization. Each instance is executed from its own 
folder tree and listens on its own unique TCP port. Each instance will run code 
that connects to a backend database server to send queries that are triggered 
by JSP calls from users. We've done this successfully with up to 120 instances 
of tomcat running on the same server while avoiding the overhead of 
virtualization and the complexity of containers. Based on our experience over 
the past decade, we know that we could potentially host 500 or more separate 
tomcat instances on the same server without running into performance problems. 
So now we want to make it 500 parallel instances.


Here's the problem. When tomcat initiates an outbound connection (for example, 
with Connector/J to query a backend database) it establishes a socket, and the 
socket has a client port. With thousands of users making requests that require 
the tomcat services to query back end databases, the OS can easily run out of 
available client ports to allocate to sockets. To avoid that problem, we can 
assign multiple IPs to the server and use the localSocketAddress property of 
Connector/J to group tomcats such that only a subset of them each use the same 
source IP. Then each group will have its own range of 64,000-ish client ports. 
I've tested this and it works.



My question is, is there a better way?


Are you using database connection pooling? If you are, wouldn't the 
outbound connections to the database from a particular Tomcat be limited 
to the maxTotal in your context.xml (maxActive in Tomcat 7).


So unless you're using a huge pool, wouldn't the required number of 
outbound ports be fairly small?


. . . just my two cents
/mde/


OpenPGP_signature
Description: OpenPGP digital signature

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

[Mark Eggers]

Just a note:

On 2/8/2022 8:32 AM, Rob Sargent wrote:



On 2/8/22 08:11, Robert Turner wrote:

Okay. Yep, my most recent suspicion was correct -- it's related to the
Docker bind to a local folder containing the webapps. As such, I believe
it's a Docker issue of some sort and not Tomcat specific. However, you 
may

want to understand it more completely in any case.

Thanks for your help Mark, Rob S and Neil.


Is docker the new regexp?  You know: I had a problem. Used docker to 
solve it.  Now I have two problems.


When you attach a volume to a container from a case-insensitive file 
system (Windows, MacOS), then that directory will be case-insensitive.


At least that's what a quick search indicates. I run all of my local 
Docker images from WSL2 (Ubuntu 20.04 LTS) on Windows 10 Pro, so I don't 
experience a case issue.


This may or may not help

. . . just my two cents
/mde/


OpenPGP_signature
Description: OpenPGP digital signature

Re: AW: AW: AW: Question to possible memory leak by Threadlocal variable

[Mark Eggers]

Thomas:

On 3/28/2022 2:01 PM, Thomas Hoffmann (Speed4Trade GmbH) wrote:

Hello Chris,


-Ursprüngliche Nachricht-
Von: Christopher Schultz 
Gesendet: Montag, 28. März 2022 18:48
An: users@tomcat.apache.org
Betreff: Re: AW: AW: Question to possible memory leak by Threadlocal
variable

Thomas,

On 3/25/22 16:59, Thomas Hoffmann (Speed4Trade GmbH) wrote:

-Ursprüngliche Nachricht-
Von: Christopher Schultz 
Gesendet: Freitag, 25. März 2022 14:05
An: users@tomcat.apache.org
Betreff: Re: AW: Question to possible memory leak by Threadlocal
variable

Thomas,

On 3/24/22 05:49, Thomas Hoffmann (Speed4Trade GmbH) wrote:




-Ursprüngliche Nachricht-
Von: Mark Thomas 
Gesendet: Donnerstag, 24. März 2022 09:32
An: users@tomcat.apache.org
Betreff: Re: Question to possible memory leak by Threadlocal
variable

On 24/03/2022 07:57, Thomas Hoffmann (Speed4Trade GmbH) wrote:




Is it correct, that every spawned thread must call tl.remove() to
cleanup all

the references to prevent the logged warning (and not only the main
thread)?

Yes. Or the threads need to exit.


Second question is: How might it cause a memory leak?
The threads are terminated and hold a reference to this static
variable. But

on the other side, that class A is also eligible for garbage
collection after undeployment.

So both, the thread class and the class A are ready to get garbage
collected. Maybe I missed something (?)


It sounds as if the clean-up is happening too late. Tomcat expects
clean-up to be completed once contextDestroyed() has returned for
all ServLetContextListeners. If the clean-up is happening
asynchronously

(e.g.

the call is made to stop the threads but doesn't wait until the
threads have
stopped) you could see this message.

In this case it sounds as if you aren't going to get a memory leak
but Tomcat can't tell that at the point it checks.

Mark

---
-- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


Hello Mark,
thanks for the information.
The shutdown of the framework is currently placed within the
destroy()

method of a servlet (with load on startup).

At least the debugger shows that servlet-->destroy() is executed
before

the method checkThreadLocalMapForLeaks() runs.

I will take a look, whether the threads already exited.


Tomcat only checks its own request-processing threads for
ThreadLocals, so any threads created by the application or that
library are unrelated to the warning you are seeing.

Any library which saves ThreadLocals from request-processing threads
is going to have this problem if the objects are of types loaded by
the webapp ClassLoader.

There are a few ways to mitigate this, but they are ugly and it would
be better if the library didn't use ThreadLocal storage, or if it
would use vanilla classes from java.* and not its own types.

You say that those objects are eligible for GC after the library
shuts down, but that's not true: anything you stick in ThreadLocal storage

is being held ...

by the ThreadLocal storage and won't be GC'd. If an object can't be
collected, the java.lang.Class defining it can't be collected, and
therefore the ClassLoader which loaded it (the webapp
ClassLoader) can't be free'd. We call this a "pinned ClassLoader" and
it still contains all of the java.lang.Class instances that the
ClassLoader ever loaded during its lifetime. If you reload
repeatedly, you'll see un-collectable ClassLoader instances piling up
in memory which is
*definitely* a leak.

The good news for you is that Tomcat has noticed the problem and
will, over time, retire and replace each of the affected Threads in
its request- processing thread pool. As those Thread objects are
garbage-collected, the TheradLocal storage for each is also
collected, etc. and *eventually* your leak will be resolved. But it would be

better not to have one in the first place.


Why not name the library? Why anonymize the object type if it's
org.apache.something?

-chris


Hello Chris,
I didn't want to blame any library 😉 But as you ask for it, I send more

details.


Regarding the ThreadLocal thing:
I thought that the threadlocal variables are stored within the
Thread-class in the member variable "ThreadLocal.ThreadLocalMap
threadLocals":
https://github.com/AdoptOpenJDK/openjdk-

jdk11/blob/master/src/java.bas

e/share/classes/java/lang/Thread.java

So I thought, when the thread dies, these variables will also be
released and automatically removed from the ThreadLocal variable /
instance (?)

This is correct, but if the ThreadLocal is being stored in the request-
processing thread, then when your web application is redeployed, the
request processing threads outlive that event. Maybe you thought your
application gets a private set of threads for its own use, but that's not the
case: Tomcat pools threads across all applications deployed on the server.
You can play some games to

Re: connecting tomcat server to eclipse java ee

[Mark Eggers]

Stephanie,

On 3/9/2023 7:06 PM, Stephanie Panah wrote:

I was able to resolve the issue. I found:

https://stackoverflow.com/questions/62764029/unknown-version-of-tomcat-was-specified-with-tomcat-9-0-37
--you need to open the folder once
--It will ask you for permission to enter after which its contents will be
visible to you as well as Eclipse
--after setting up and installing Tomcat, open the folder & then try
connecting from Eclipse
--Instead of changing permissions, try this

I had to change permissions, and that took some jiggling, but I can open
and access the Tomcat folder, now

You may wish to add this to your documentation

And now, when I tried to start the Tomcat server from Eclipse (even though
it is running in Services)
I am seeing: The server cannot be started because one or more of the ports
are invalid. Open the server editor and correct the invalid ports.
I set the admin port to 8005.

After more searching, I stopped the Tomcat server in Services and tried to
start in eclipse.
omgosh, it worked. good grief.

and, thank you,
Stephanie





On Thu, Mar 9, 2023 at 6:36 PM Stephanie Panah 
wrote:



Help please. I have installed: Java EE, Eclipse and Tomcat.
When I try to connect the server, I encounter:
Unknown version of Tomcat was specified.
I am looking all over. please help

Java EE for web developers
C:\Users\steph> java -fullversion
java full version "17.0.6+9-LTS-190"

and
Eclipse IDE for Enterprise Java and Web Developers
Version: 2022-12 (4.26.0)
Build id: 20221201-1913

and
http://localhost:8080/
Apache Tomcat/10.1.7
If you're seeing this, you've successfully installed Tomcat.
Congratulations!
C:\Program Files\Apache Software Foundation\Tomcat 10.1
and Tomcat is running in Services









If you're doing development, you really do not want to run Tomcat as a 
service.


1. Download the appropriate zip file from tomcat.apache.org
2. Unzip it in a place that you have R/W access
3. Add the runtime to Eclipse

in Window->Preferences->Server->Runtime Environments
a. click on the Add button
b. open up the Apache folder
c. browse to the version of Tomcat that you want
d. select it and click on the Next button

e. click on the Browse button and browse to where you unzipped Apache Tomcat
f. select the folder, leave the default names as is
g. click finish

Now, you'll need to create a new server based on the default runtime. 
This is handy, because you can have several servers based on the default 
runtime. You can run them on different ports, have one set up for 
debugging, choose different JREs, etc.


1. Go to Window->Show View
2. Select Other
3. Type in Server in the search text
4. Select Servers
5. Click on the Open button

It will complain that you have no servers configured. I know, you're 
going why? I configured a server runtime environment, so why no server. 
That's because you can have several servers based on the same runtime 
(see above).


So:

a. create a new server - opens up a Define a New Server dialogue.
b. open the Apache folder, and select the desired Tomcat version (same 
as before)

c. give it a unique name in Server name: field
d. The server runtime environment should be populated with the one added 
above

e. click on the Next button
f. this will show you a list of projects to add - since you don't have 
any, just click Finish


Now you should see a new line in the Servers window that describes your 
server. If you double-click on the line, you'll get a nice configuration 
screen.


There are lots of things to tweak. However, you should note the following:

Server Path: .metadata\.plugins\org.eclipse.wst.server.core\tmp0

If you have more than one server, they'll be located in tmp1, tmp2, etc.

If you need to change anything besides the ports for your Tomcat server, 
create the same directory structure that you see in Tomcat under the 
tmpN directory:


bin
conf
lib
logs
temp
webapps
work

Note, you may only need to create what you need, and probably not 
webapps. It's been a while, and I'm a NetBeans person, not an Eclipse 
person.


You can add things like database drivers in the lib subdirectory. You 
should be able to see logs in the logs directory. I recommend using 
log4j2 in your applications (along with commons-logging) and log to the 
${ sys:catalina.base}/logs directory.


You can also modify the launch configuration and add the database driver 
jar that way:


a. click on Open launch configuration
b. select the Classpath tab
c. click on User Entries
d. Click on the Add External JARS.. button
f. Browse to the JAR containing the database driver and add it

You can now start, stop, and control whether or not the Tomcat server is 
launched in debug mode, all from the IDE.


I hope this is not overwhelming. I worked through some of these while 
writing this up, since I'm an Apache NetBeans person. I don't want to 
get into an IDE war, but I just like NetBeans better.


. . . . just my two cents
/mde/



---

Re: ClassNotFound after upgrade to tomcat 10

[Mark Eggers]

https://jakarta.ee/specifications/tags/3.0/tagdocs/c/tld-summary.html

 . . . just my two cents
/mde/

On 4/17/2023 3:34 PM, Kevin Huntly wrote:

Now i'm getting these:

17-Apr-2023 18:32:03.236 INFO [main]
org.apache.catalina.core.ApplicationContext.log No Spring
WebApplicationInitializer types detected on classpath
17-Apr-2023 18:32:04.904 INFO [main]
org.apache.catalina.core.ApplicationContext.log Initializing Spring
DispatcherServlet 'eSolutions'
17-Apr-2023 18:32:16.844 SEVERE [catalina-exec-1]
org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for
servlet [eSolutions] in context with path [/esolutions] threw exception
[Handler processing failed: java.lang.NoClassDefFoundError:
jakarta/servlet/jsp/jstl/core/Config] with root cause
 java.lang.ClassNotFoundException:
jakarta.servlet.jsp.jstl.core.Config

17-Apr-2023 18:32:16.986 SEVERE [catalina-exec-1]
org.apache.catalina.core.ApplicationDispatcher.invoke Servlet.service() for
servlet [jsp] threw exception
 org.apache.jasper.JasperException:
/theme/cws/html/en/jsp/errHandler.jsp (line: [1], column: [1]) The absolute
uri: [http://java.sun.com/jsp/jstl/core] cannot be resolved in either
web.xml or the jar files deployed with this application

I removed the apache taglibs dependency, clearly that was a mistake.


Kevin Huntly
Email: kmhun...@gmail.com
Cell: 716/424-3311


-BEGIN GEEK CODE BLOCK-
Version: 1.0
GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
G++ e(+) h--- r+++ y+++*
--END GEEK CODE BLOCK--


On Mon, Apr 17, 2023 at 6:26 PM Torsten Krah  wrote:


You should only use https://jakarta.ee/specifications/tags/3.0/ and not
the
old 1.2.5 one, remove that old one.
Why do you have both included?

Kevin Huntly  schrieb am Di., 18. Apr. 2023, 00:19:


6.0.0

1.2.5

3.0.0

3.1.1


Kevin Huntly
Email: kmhun...@gmail.com
Cell: 716/424-3311


-BEGIN GEEK CODE BLOCK-
Version: 1.0
GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
G++ e(+) h--- r+++ y+++*
--END GEEK CODE BLOCK--


On Mon, Apr 17, 2023 at 6:17 PM Torsten Krah  wrote:


All the api ones have to be provided, not compile scope imho. Tomcat

does

provide them, don't package them in your war file and double check the
versions from the guide, there is still a class referencing the old API

and

is causing the exception.

You missed to add the versions you used, add them here please, the
information you provided is lacking those crucial detail.

Kevin Huntly  schrieb am Di., 18. Apr. 2023,

00:12:



Thank you for that... I have the right (I think) dependencies in my

pom:




org.apache.taglibs

taglibs-standard-impl

${taglibs.version}

jar

compile





jakarta.servlet.jsp.jstl

jakarta.servlet.jsp.jstl-api

${jstl.version}

jar

compile





jakarta.servlet.jsp

jakarta.servlet.jsp-api

${jsp-api.version}

jar

compile





jakarta.servlet

jakarta.servlet-api

${jakarta.servlet.version}

jar

provided




I just want to use the jstl tag libraries =(


Kevin Huntly
Email: kmhun...@gmail.com
Cell: 716/424-3311


-BEGIN GEEK CODE BLOCK-
Version: 1.0
GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
G++ e(+) h--- r+++ y+++*
--END GEEK CODE BLOCK--


On Mon, Apr 17, 2023 at 6:07 PM Torsten Krah 

wrote:



Please read

https://tomcat.apache.org/migration-10.html#Server_Pages_3.0

and while you are there, read the whole guide ;-).

Kevin Huntly  schrieb am Mo., 17. Apr. 2023,

23:57:



Hello,

I'm getting the following exception when I try to access my

webapp:


17-Apr-2023 17:52:55.982 SEVERE [catalina-exec-1]
org.apache.catalina.core.ApplicationDispatcher.invoke

Servlet.service()

for

servlet [jsp] threw exception
 java.lang.ClassNotFoundException:
javax.servlet.jsp.tagext.TagLibraryValidator
 at











org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1437)

 at











org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1245)

 at

java.base/java.lang.ClassLoader.defineClass1(Native

Method)
 at


java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1013)

 at











java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:150)

 at











org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2487)

 at











org.apache.cat

Re: Tomcat VAPT Closure

[Mark Eggers]

Pratik,

On 4/24/2023 10:09 PM, PRATIK HUMNABADKAR wrote:

Hi,

We need Tomcat support assistance for closure of our VAPT points for disabling 
SSL TLS 1.0 and 1.1

Please guide us by arranging concerned technician with us for closure.

Tomcat version: 9.0.62
Operating system: Linux

We tried disabling in below way.

Changes done in server.xml
[cid:image001.png@01D9775F.7B492550]

Error received on Tomcat restart:
[cid:image002.png@01D9775F.7B492550]

Regards,
Pratik


DISCLAIMER: This message, including any attachments may contain proprietary, 
confidential and privileged information for the sole use of the intended 
recipient(s), and is protected by law. If you are not the intended recipient, please 
notify the sender immediately and destroy all copies of the original message and 
attachments, if any. Any unauthorized review, use, disclosure, dissemination, 
forwarding, printing or copying of this email or any action taken in reliance on this 
e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its 
group companies reserve the right to record, monitor, and inspect all email 
communications through its internal and external networks. Your messages can be 
subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies 
deem necessary in order to protect their information, interests and reputation. Bajaj 
Finance Ltd. and / or its group companies prohibit and may take steps to prevent 
their information systems from being used to view, store or forward offensive or 
discriminatory material. If this message contains such material, please report it to 
ab...@bflaf.com . Please ensure you have adequate virus 
protection before you open or detach any documents from this transmission. Bajaj 
Finance Ltd. and / or its group companies do not accept any liability for viruses.



The list strips attachments. Please inline your server.xml and your log 
file, removing all sensitive information.


Also, this list consists of volunteers.  We'll do what we can to help 
you if you are willing to work with us and provide the required information.


. . . just my two cent
/mde/

Re: Tomcat VAPT Closure

[Mark Eggers]

 
org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1966)
 at 
org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1998)
 at 
org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1049)
 at 
com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
 at 
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
 at 
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
 at 
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
 at 
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
 at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
 at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
 at 
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
 at 
com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
 at 
com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
 at 
org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
 at 
org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
 at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
 at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at 
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
 at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
 Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig 
elements were provided for the host name [_default_]. Host names must be unique.
 at 
org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
 at 
org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
 at 
org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
 at 
org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at 
org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
 at 
org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
 at 
org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
 ... 20 more
21-Apr-2023 16:37:07.456 SEVERE [main] 
org.apache.catalina.startup.Catalina.start Cannot start server, server instance 
is not configured


Regards,
Pratik

-Original Message-
From: Mark Eggers 
Sent: 25 April 2023 10:45
To: users@tomcat.apache.org
Subject: Re: Tomcat VAPT Closure

Pratik,

On 4/24/2023 10:09 PM, PRATIK HUMNABADKAR wrote:

Hi,

We need Tomcat support assistance for closure of our VAPT points for
disabling SSL TLS 1.0 and 1.1

Please guide us by arranging concerned technician with us for closure.

Tomcat version: 9.0.62
Operating system: Linux

We tried disabling in below way.

Changes done in server.xml
[cid:image001.png@01D9775F.7B492550]

Error received on Tomcat restart:
[cid:image002.png@01D9775F.7B492550]

Regards,
Pratik


DISCLAIMER: This message, including any attachments may contain proprietary, 
confidential and privileged information for the sole use of the intended 
recipient(s), and is protected by law. If you are not the intended recipient, please 
notify the sender immediately and destroy all copies of the original message and 
attachments, if any. Any unauthorized review, use, disclosure, dissemination, 
forwarding, printing or copying of this email or any action taken in reliance on this 
e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its 
group companies reserve the right to record

Re: Tomcat Deployment scripts

[Mark Eggers]

Late to the party, as always.

Anyway, I'll write up in general how we manage things. It's not ideal, 
but it seems to answer most everyone's questions.


See at the end of this message.

On 6/30/2023 12:13 PM, Christopher Schultz wrote:

Alan,

On 6/30/23 06:35, Alan F wrote:

This is great thankyou Thomas. Just wondering how secure this is,
prefer to be able to deploy with a non 'admin' account does this
support a deploy only profile there?
So... you are concerned about security but would like a non-admin 
account to be able to deploy web applications on your server?


Hmm...

-chris


-Original Message-
From: Thomas Hoffmann (Speed4Trade GmbH) 


Sent: 29 June 2023 09:08
To: Tomcat Users List 
Subject: AW: Tomcat Deployment scripts

Hello Alan,


Von: Alan F 
Gesendet: Mittwoch, 28. Juni 2023 18:24
An: users@tomcat.apache.org
Betreff: Tomcat Deployment scripts

Anyone have an example deployment script or method used to deploy a 
simple war and context root, also with rollback preferably.


Thanks


you could use tomcat-manager.
A war file can be deployed using curl for example:
https://stackoverflow.com/questions/4432684/tomcat-manager-remote-deploy-script

Greetings, Thomas


At $work we do the following:

1. Jenkins Maven job for Tomcat deployment

We use the Tomcat Maven plugin. Since we only use the manager-script 
access, the rest of the functionality is not important.


2. We use serially named WAR files (##nn)

This allows us to do the following:

a. The mgr-script username and password are "hidden" in Jenkins' 
settings.xml

b. Jenkins uses global environment variables to specify the target server
c. A nice GUI front end done with a Jenkins plugin allows a person to 
select:

   1. artifact (from Nexus)
   2. artifact version (from Nexus)
   3. target server
d. The Jenkins jobs send email upon completion

This allows us to control who deploys to which server, prevent SNAPSHOT 
versions from being deployed to production (via groovy scripts), and 
most importantly provide a record of what was deployed to what server 
when, and by whom.


We can use this to roll back versions of the application, since the 
serial number on the WAR file is based on the Jenkins' build numbers and 
increases with each run. All that has to be done is to select the 
appropriate artifact version from Nexus. The artifact and version lists 
are built dynamically by groovy scripts when the build (deploy) job is run.


It's clunky, and I need to polish up the groovy scripts, and sometimes 
you need to change database targets or content-security-policy (testing 
versus production), but it seems to work.


At least the developers / admins who use it don't complain (too much), 
and Jenkins is the place of record for all application deployments.


. . . just my two cents.
/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

James,

On 4/6/2020 12:53 PM, James H. H. Lampert wrote:
> Here is the situation:
> 
> We have an existing Amazon EC2 instance, running Amazon Linux 2, with an
> Apache httpd server already running our web sites (for argument's sake,
> "foo.com," "bar.com," and "baz.com."), and already getting its certs
> from Let's Encrypt, using "foo.com" as the CN, with "www.foo.com,"
> "bar.com," "www.bar.com," "baz.com," and "www.baz.com" as SANs. And it
> seems to be working quite nicely.
> 
> Now, we want to add a Tomcat server, which would then serve several
> webapp contexts at "qux.baz.com," and maybe also "corge.baz.com,"
> running behind the httpd server (which is something I've never done
> before; I've always set up Tomcat directly facing the outside world, so
> with this, I frankly haven't a clue what I'm doing).
> 
> First of all, which is currently considered the easier/better way to get
> Tomcat running behind httpd, given the above scenario? "mod_proxy," or
> "mod_jk?" Or is there something else I haven't heard of?
> 
> Second of all, I found this step-by-step procedure.
> 
>> https://preview.tinyurl.com/vwnutqj
> 
>  Is it any good?
> 
> Third, am I correct in assuming that all we need to do in order for the
> existing Let's Encrypt setup to cover the new "qux" and "corge"
> subdomains is to add them to the SANs already listed?
> 
> Finally, are there any "gotchas" I need to be concerned with?
> 
> -- 
> James H. H. Lampert
> Touchtone Corporation

I prefer mod_jk to mod_proxy for a variety of reasons. Chief among those
is its ability to change web applications on the fly (albeit with some
performance loss).

Unfortunately, there is discussion on the dev list indicating that AJP
may be deprecated in the future. Thus, mod_proxy seems to be the way to go.

I've not put together a mod_proxy_http connection before, so I thought
that I would try it on a Windows 10 Professional system with Tomcat
7.0.103 and Apache HTTPD 2.4.38 (yes, yes, I'll upgrade soon).

First of all, I think that the following is very suspicious.


AllowOverride All
Require all granted
Options Indexes FollowSymLinks


This appears to establish a set of Apache HTTPD directives for the
Tomcat - served web applications. This is completely unnecessary. The
entire point of a proxy is to pass information from Apache HTTPD to
Apache Tomcat via a network protocol (in this case HTTP).

Second of all, the proxy_pass statements appear to do some rewriting.
This is in general not a good idea, since cookie paths will get munged.
You'll have to use mod_rewrite in order to straighten out cookie paths,
and you may break website links which would require rewriting. In
general, it's a very good idea to keep the path the same between Apache
HTTPD and Apache Tomcat.

At least the above is the case for mod_ajp.

Third of all, I have no idea why there's a Location directive with
"/webapps" in the configuration. Since there's no DocumentRoot for this
virtual host, I suspect it will be in reference to the parent's
(default) DocumentRoot. What that serves is a mystery to me given the
configuration fragment.

Maybe some Apache HTTPD experts on the list have some ideas.

Also note that this isn't HTTPS. Typically, an HTTPS Apache HTTPD
configuration lives in ssl.conf, and you protect HTTP access by doing a
redirect in httpd.conf to the HTTPS site.

You could terminate HTTPS on Apache HTTPD, and then connect Apache HTTPD
via HTTP to Apache Tomcat.

Also note that referencing Apache Tomcat's webapps directory in Apache
HTTPD is a VERY BAD THING. Apache HTTPD has no concept of WEB-INF or
META-INF, so it's conceivable that you could serve and expose secrets
from appname/META-INF or appname/WEB-INF. It's best to just not do this.

Given the above, I thought that I would hack together a quick and dirty
proxy configuration. Again I use mod_jk, so please let some of the more
experienced people chime in on this.

On UNIX / Linux you could also probably use UNIX sockets instead of
HTTP, HTTPS, or AJP.

# No virtual host for now
# No SSL for now

# enabling proxy and http proxy (note, you could use HTTP/2 as well)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

# Secure your proxy - localhost for now - this is IMPORTANT

  Require ip 127


# Map applications
# You could just use / if you're proxying all requests
# Pick the correct Apache Tomcat port

ProxyPass "/foo" "http://127.0.0.1:8080/foo";
ProxyPassReverse "/foo" "http://127.0.0.1:8080/foo";

This works on my local machine. I hope this is useful.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

Hi Jerry / James,

On 4/6/2020 1:59 PM, Jerry Malcolm wrote:
> Hi James,
> 
> I've been using this precise setup for years, first on a dedicated
> hosted server and recently on EC2/Linux2.  I use mod_jk.
> 
> The first step is to make sure httpd recognizes all of the domain names
> and subdomains.  That includes the vhost definitions of all of the
> domains and subdomains, either as separate virtual hosts or as host
> alias names.  Then, as you described, you need to make sure the
> certificates include all of the domain and subdomain names.  LetsEncrypt
> will 'expand' an existing cert if you just add another host name to the
> LetsEncrypt call.
> 
> You are probably doing this already.  But just for completeness you
> should  support both http://foo.com (port 80) and https://foo.com.  That
> way, users aren't required to enter https.  I just add a 'redirect
> permanent' in the port 80 vhost def to route it to https://foo.com.  
> Once you are 'in' with ssl into httpd at 443 the certificate work is
> done.  No need to set up any certificates into tomcat unless you have a
> specific reason to use ssl/tls between httpd and tomcat (unlikely if you
> running both on the same EC2).
> 
> The biggest area of concentration is setting up the url patterns that
> httpd will route to tomcat via mod_jk.  These are defined in httpd.conf
> as global or in virtual host configuration sections You can explicitly
> list the url patterns to send to tomcat:
> 
>    JkMount /*.json  worker1
>    JkMount /*.jsp   worker1
>    JkMount /*/*.json    worker1
>    JkMount /*/FileUpload    worker1
> 
> or you can send 'all' (*) and define exceptions using JkUnMount
> (example; /css/*).  The mod_jk log is a lifesaver when you are setting
> this up.  Set the mod_jk log level to debug and see how mod_jk is
> deciding whether to pass a url to tomcat or pass it back to httpd for
> processing.
> 
> Once you get to tomcat, you just have to define all of the same host
> domain and subdomains in tomcat's server.xml to ensure tomcat is going
> to accept the requests that mod_jk has decided to send to it.
> 
> Let me know as you encounter issues.  I'll be glad to assist.
> 
> Jerry
> 
> On 4/6/2020 2:53 PM, James H. H. Lampert wrote:
>> Here is the situation:
>>
>> We have an existing Amazon EC2 instance, running Amazon Linux 2, with
>> an Apache httpd server already running our web sites (for argument's
>> sake, "foo.com," "bar.com," and "baz.com."), and already getting its
>> certs from Let's Encrypt, using "foo.com" as the CN, with
>> "www.foo.com," "bar.com," "www.bar.com," "baz.com," and "www.baz.com"
>> as SANs. And it seems to be working quite nicely.
>>
>> Now, we want to add a Tomcat server, which would then serve several
>> webapp contexts at "qux.baz.com," and maybe also "corge.baz.com,"
>> running behind the httpd server (which is something I've never done
>> before; I've always set up Tomcat directly facing the outside world,
>> so with this, I frankly haven't a clue what I'm doing).
>>
>> First of all, which is currently considered the easier/better way to
>> get Tomcat running behind httpd, given the above scenario?
>> "mod_proxy," or "mod_jk?" Or is there something else I haven't heard of?
>>
>> Second of all, I found this step-by-step procedure.
>>
>>> https://preview.tinyurl.com/vwnutqj
>>
>>  Is it any good?
>>
>> Third, am I correct in assuming that all we need to do in order for
>> the existing Let's Encrypt setup to cover the new "qux" and "corge"
>> subdomains is to add them to the SANs already listed?
>>
>> Finally, are there any "gotchas" I need to be concerned with?
>>
>> -- 
>> James H. H. Lampert
>> Touchtone Corporation

I also prefer mod_jk. It's a little bit trickier to set up. You have to
worry about timings, and getting them to agree between
workers.properties and server.xml. Fortunately, there's a very good
sample workers.properties file in the mod_jk source code.

My local setup is as follows:

#
# This file will configure three Tomcat workers
# The Tomcat workers are using differing ports and the same (localhost)
address
#

#
# adding all of the workers in a list at once
# not strictly necessary, since the use of the list is additive
#
worker.list=jk-status,jk-manager,titan

#
# status manager for read-only
# manager manager for read/write
#
worker.jk-status.type=status
worker.jk-status.read_only=true

worker.jk-manager.type=status

#
# template
#
# Notes on configuration
# type   - ajp13 which is the protocol and the default
# socket_connect_timeout - in milliseconds (what happens when Tomcat
#  is started later?
# socket_keepalive   - send keep alive packets when connection is
#  idle
# ping   - how to do the keep alive (see
#  documentation)
# ping_timeout   - default in milliseconds
# minsize- minimum pool size -

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

James,

On 4/6/2020 3:09 PM, James H. H. Lampert wrote:
> First of all, thank you, Mr. Malcom, Herr Kreuser, and Mr. Eggers.
> 
> One thing I will note is that near as I can tell, mod_proxy and
> mod_proxy_http are already present on the system (I can find
> "mod_proxy.so" and "mod_proxy_http.so"), but mod_jk does not appear to
> be present (no sign of a "mod_jk.so" anywhere).
> 
> Second, we do indeed have an "00-ssl.conf" file in conf.modules.d, and
> an "ssl.conf" in conf.d. The conf.d directory also has .conf files for
> all the domain names, in the form domain.conf and domain-le-ssl.conf,
> each containing the VirtualHost configurations for the various domains.
> 
> Now obviously, the very last thing I want to do is disrupt the existing
> web sites being served.
> 
> Mr. Eggers: Not quite sure I understand the "No virtual host for now"
> bit, at the top of your sample proxy configuration; I thought everything
> in httpd had to be in a virtual host.
> 
> Something I just noticed myself: if I go to http://www.baz.com, it
> *doesn't* immediately redirect me to https://www.baz.com, but if I go to
> http://www.foo.com or http://www.bar.com, it *does* immediately switch
> me to https. This seems like some sort of an oversight by my colleague,
> who configured the sites.
> 
> From what I can see, "mod_proxy" seems easier to set up (and one less
> thing to download); what are the disadvantages, if any?
> 
> -- 
> JHHL

I iust meant that my example didn't have a virtual host. In your
requirement, you'd probably put the LoadModule and 
configurations in the main httpd.conf section so it'll be inherited by
the named virtual hosts.

In each named virtual host, you would then place the ProxyPass /
ProxyPassReverse pairs for a targeted (named) host. You could even have
one Apache HTTPD talk to different back-end Tomcats (one for each named
host in domain-le-ssl.conf).

There are a lot of ways to slice and dice this. It all depends on your
requirements.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

{[OT] Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

On 4/6/2020 5:47 PM, James H. H. Lampert wrote:
> As it happens, I'm now struggling with an issue just trying to get a new
> virtual host up and running on the httpd server. I've put it on Server
> Fault, at: https://preview.tinyurl.com/rr3rxwa
> 
> While it may not be necessary to solve this problem in order to get the
> httpd server to proxy the Tomcat server, this certainly *looks* like
> something that might pick a fight with what's being proxied to Tomcat.
> 
> -- 
> JHHL

I don't have enough reputation points to comment on your question on
serverfault.

Is your DocumentRoot (/var/www/html/test) underneath the default
DocumentRoot (normally /var/www/html)?

If so, try moving the DocumentRoot to /var/www/test. I don't know how
Apache HTTPD deals with overlapping DocumentRoots (I suppose I should go
read the docs).

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

James,

On 4/8/2020 3:27 PM, James H. H. Lampert wrote:
> Dear Mr. Eggers, et al.:
> 
> Well, after running test installations of Tomcat on a whole string of
> EC2 spot instances, I went ahead and installed it on the target server.
> I've got it running, and enabled to start automatically, and I've added
> a security group to temporarily open 8080 to my office IP address, so
> that I can reach it directly and verify that it works (it does). And
> I've also verified that mod_proxy and mod_proxy_http are enabled (they
> already were; I didn't have to lift a finger)
> 
> On 4/6/20 2:13 PM, Mark Eggers wrote:
>> # Secure your proxy - localhost for now - this is IMPORTANT
>> 
>>    Require ip 127
>> 
>>
>> # Map applications
>> # You could just use / if you're proxying all requests
>> # Pick the correct Apache Tomcat port
>>
>> ProxyPass "/foo" "http://127.0.0.1:8080/foo";
>> ProxyPassReverse "/foo" "http://127.0.0.1:8080/foo";
> 
> Now I'm not sure I understand the  container and its
> contents. The httpd and Tomcat servers are both running on the same box.
> "Require ip 127" sounds like it's specifying an incomplete IP address.
> 
> I can sort-of understand the ProxyPass and ProxyPassReverse directives.
> Given that all requests to this particular VirtualHost ("qux.baz.com" to
> speak metasyntactically) should be going to Tomcat (which will have a
> root context and at least four [including manager] named contexts),
> would this be:
> 
>     ProxyPass "/" "http://127.0.0.1:8080/";
>     ProxyPassReverse "/" "http://127.0.0.1:8080";
> 
> ???
> 
> Conversely, none of the other VirtualHosts would be proxying Tomcat (or
> anything else), so should all this be within the VirtualHost?
> 
> -- 
> JHHL
> 

See the following for IP address configuration in Apache HTTPD 2.4:

https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html

I think putting the proxy restriction in the virtual host would be OK,
but I'm a belt and suspenders kind of person. Putting it in the default
host makes sure that someone doesn't inadvertently open up your server
later. You can always override it at the virtual host level if you wish.

Finally, one of my pet peeves concerning vendor-supplied Apache HTTPD
installations is that they turn on a lot of modules by default. The
first thing I do with such an installation is to turn off everything
that is not being used in an installation. This usually includes all of
the _dav, _user, and proxy_ modules.

. . . just my two cents
/mde/




signature.asc
Description: OpenPGP digital signature

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

On 4/8/2020 4:11 PM, James H. H. Lampert wrote:
> On 4/8/20 3:52 PM, Mark Eggers wrote:
>>>> 
>>>>     Require ip 127
>>>> 
> 
> Dear Mr. Eggers (et al.):
> 
> I'm still not clear on what that even *does* (and the official docs
> leave me even more confused: "only allow hosts in . . . to access
> content via your proxy"); could you (or somebody else) explain it?
> Remember, while I may be (deservedly or otherwise) a guru on getting
> Tomcat running on an IBM Midrange box, I have no illusions about having
> the slightest clue what I'm doing with httpd. Yesterday, I was tearing
> my hair out because certbot wasn't working, only to discover that I had
> a malformed VirtualHost.
> 
> And as to vendor-supplied installations, I agree with you. I'm rather
> irritated with the "Debianism" of splitting Tomcat up so completely that
> webapp contexts can be in at least two different places, and the general
> "Linuxism" of *not* including manager and host-manager (although I've
> never needed the latter) in the basic installation, and sometimes not
> even including a default root.
> 
> -- 

Basically, the  is applied to all the proxy statements in your
configuration.

See

https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxy

for some examples.

The Require statement means only allow connections from what is required
- in my example 127 gets mapped to 127.0.0.1 (localhost).

So the configuration that I have given restricts all proxy connections
to localhost, which means that no outside proxy connections are
possible. This is a good thing, I think.

So if I remember everything correctly, you could be really specific with
the following:

https://qux.baz.com";>
Require ip 127.0.0.1


Place this inside the virtual host defined in the appropriate ssl.conf
snippet. I think that you have an ssl.conf file per domain, right?

Then in the non-ssl snippet, you would rewrite all the requests to go to
HTTPS.

Again, please verify this with an Apache HTTPD expert, and discuss this
on the Apache HTTPD mailing list. I do all of this with mod_jk, so my
configuration is quite a bit different.

Again, I personally like the broad brush approach and then override
specifics per virtual host. Sort of a combination of least permissions
plus management by exception.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

James,

On 4/8/2020 5:41 PM, James H. H. Lampert wrote:
> On 4/8/20 4:57 PM, Mark Eggers wrote:
>> See
>> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxy
>> for some examples.
> 
> Yes. That's the very point in the documentation that has my head spinning:
>>> For example, the following will allow only hosts in
>>> yournetwork.example.com to access content via your proxy server:
> 
>>>> 
>>>>   Require host yournetwork.example.com
>>>> 
> 
> *Access* content?? I thought the Tomcat server is *serving* content.
> 
>> So if I remember everything correctly, you could be really specific with
>> the following:
>>
>> https://qux.baz.com";>
>> Require ip 127.0.0.1
>> 
>>
>> Place this inside the virtual host defined in the appropriate ssl.conf
>> snippet. I think that you have an ssl.conf file per domain, right?
>>
>> Then in the non-ssl snippet, you would rewrite all the requests to go to
>> HTTPS.
> 
> That part makes sense, although I'm not entirely sure why I would want
> to "be really specific" about the domain in the Proxy container, unless
> it's to keep it from fighting with the other VirtualHosts. And actually,
> I put the SSL and non-SSL VirtualHost blocks for the new domain in a
> single .conf file.
> 

James,

This is going to be way off topic, and may not be completely correct.
While I'm pretty good with Apache Tomcat, I'm still learning about
Apache HTTPD. We should probably have further discussions off the
mailing list.

Anyway from an overview standpoint, think of a proxy as a virtual file
system.

Instead of serving information from a directory subject to 
constraints, Apache HTTPD is serving information from a proxy.

From the browser's standpoint, the information is being served by Apache
HTTPD, even though you're proxying Apache Tomcat.

For example, on my mod_jk connected Apache Tomcat, the server is
reported as:

Server: Apache/2.2.15 (CentOS)

This is what CentOS's patched Apache HTTPD 2.2 server reports, and is
not indicative of the Apache Tomcat that I'm running behind mod_jk.

So Apache HTTPD matches an incoming request to the most specific URL
that it can, and then applies rules.

This allows me to restrict HTTPD methods, do rewrites, and then passes
the results off to Apache Tomcat (if configured to do so).

When Apache Tomcat gets done with whatever it does (renders JSPs,
creates / serves JSON, serves JS/CSS, etc.), it sends this back to
Apache HTTPD.

Apache HTTPD then does things like compress the output, edits / adds
cookies, and edits / adds headers.

Finally, the result gets sent to the browser.

The browser has no idea that the response is generated via Apache
Tomcat. OK, if someone notices a JSESSIONID, the user might have a clue.
Other than that, no.

I proxy behind Apache HTTPD for several reasons. Until recently, SAN
certificates, Java, and Tomcat didn't play nicely together. That's changed.

It's also easier to add some headers and cookies in Apache HTTPD than in
Apache Tomcat. This is especially true for SameSite cookies, where
certain browsers are broken and cannot handle SameSite=None. I have to
do some ugly browser sniffing (fragile, not recommended) so that cookies
generated by Apache Tomcat work inside an iframe.

Now the order that all of this stuff happens is an entirely new
discussion that might be better off-list, or on the Apache HTTPD mailing
list.

Think of Apache HTTPD as a Valve / Filter combination in the Apache
Tomcat sense, if that helps.

Oh, and being specific has some nice benefits. You can create different
rules for different URLs before passing it off to a back end Apache
Tomcat. Access control is just ONE of the things that you can do with
Apache HTTPD sitting in front of Apache Tomcat.

Running all of this in a cloud environment brings its own set of challenges.

. . . just my two cents
/mde/




signature.asc
Description: OpenPGP digital signature

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

On 4/8/2020 6:42 PM, calder wrote:
> On Wed, Apr 8, 2020, 18:11 James H. H. Lampert 
> wrote:
> 
>>
>> And as to vendor-supplied installations, I agree with you. I'm rather
>> irritated with the "Debianism" of splitting Tomcat up so completely that
>> webapp contexts can be in at least two different places, and the general
>> "Linuxism" of *not* including manager and host-manager (although I've
>> never needed the latter) in the basic installation, and sometimes not
>> even including a default root.
>>
> 
> It's not just a Debian thing - it's a Linux distro idiosyncrasy.
> 
> And you don't have to use a distro's Tomcat layout / configuration.  We
> don't - we download P.V. Tomcat and extract to /opt (obviously, one could
> choose to install to /usr/local if building) and use separate CATALINA_BASE
> and CATALINA_HOME.
> 

That's what I do as well. I use Ant scripts plus some property files to
configure things. When a new version is rolled out, I edit a property
file, build the new CATALINA_BASE directories with the Ant scripts, and
I've got the new setup.

To put the new setup into production, I shut down the existing Tomcats,
move some links around, and bring up the new Tomcats. If the new Tomcats
fail to come up properly, I swap the links back, bring up the old
Tomcats, and then take a look at the logs in the appropriate CATALINA_BASE.

The advantage to this setup is that I can do all of my upgrading except
for the link swap at any time. The actual outage time is minutes.

I should script the link swapping as well to shorten the down time and
remove the chance of fat-fingering things.

. . . just my two cents
/mde/





signature.asc
Description: OpenPGP digital signature

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

James,

On 4/9/2020 12:11 PM, James H. H. Lampert wrote:
> On 4/6/20 2:13 PM, Mark Eggers wrote:
>> # Secure your proxy - localhost for now - this is IMPORTANT
>> 
>>    Require ip 127
>> 
> 
> Dear Mr. Eggers:
> 
> It seems I was right about how what you said about this, and what the
> docs say about it, appeared to contradict each other: with that in the
> VirtualHost with the ProxyPass and ProxyPassReverse directives, it
> blocked all outside access through the proxy.
> 
> Once I commented out those lines, I got proxied straight to the default
> ROOT context.
> 
> Then, when I reactivated the valve in the manager app, I found that I
> was still able to get into it via the proxy, but not directly.
> 
> I've now put this in
>> https://qux.baz.com/manager";>
>>  Require ip xx.yy.zz.qq
>> 
>> https://corge.bax.com/manager";>
>>  Require ip xx.yy.zz.qq
>> 
> 
> where xx.yy.zz.qq is my office IP address. I could get in just fine.
> Then I changed the IP address to something different, restarted my
> browser, and I could still get in. I also tried it with "/*" on the ends
> of the URLs, and with "/html" on the ends, and with "/html/*" on the
> ends. I also went back to the original "*" on one of them, and it went
> back to locking me out of everything. Something doesn't seem right here.
> 

I'll play with this a little later.

Please note that when you change Apache HTTPD configurations you must
restart Apache HTTPD.

This is one of the reasons why I prefer mod_jk. I can change the mapped
URLs on the fly without having to restart Apache HTTPD (albeit with some
small hit to performance).

The way that I have things set up for a client is to have a machine with
two interfaces and use an  directive in server.xml.

I then run an additional HTTP/1.1 connector and bind it to the internal
interface only. The internal interface is protected by VPN with a two
factor authentication.

I could further protect the sensitive applications by using the remote
address filter and restricting access to the management and build
systems subnets.

To access the manager application, you have to connect to the VPN, and
then browse to the following:

http://internal.dns.domain.com:port/manager/html

This will will bring up a manager interface that is appropriate for:

https://external.dns..domain.com

and all the applications running there. This is mostly used by the
client's internal Jenkins build system to publish applications to the
appropriate Tomcat server. It can also be used by a JMX application for
Tomcat monitoring.

My urimapping.properties file contains lines like:

!/manager|/*=worker_name
!/jmxmonitor|/*=worker_name

This blocks proxying the manager and JMX applications by mod_jk.

This has been running in production since I set it up, and has survived
both random script kiddie attacks and security audits by the client's
customers.

You could look at mimicking this behavior with mod_proxy by using an
exclamation mark (not tested).

Something like the following:

ProxyPass /manager !
ProxyPass /jmxmonitor !

per the documentation here:

https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass

Apparently, the documentation would recommend something like the following:


ProxyPass "!"


ProxyPass "!"


I think that the above is probably easier to read and more specific.
Place the directives in the appropriate virtual host.

You could also be more expressive with LocationMatch and regular
expressions.

Once this is done you could access the manager application directly by
using the appropriate port and configuring AWS's firewall rules to allow
your office IP address through the port.

Again, I have not tried this since I use mod_jk.  Again, please remember
to restart Apache HTTPD after any configuration changes.


. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: 2 questions

[Mark Eggers]

On 4/9/2020 3:45 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Potentially off-topic, sorta, questions.
> 
> 
> 1. How do we get the latest versions of mod-jk.so tomcat connector 1.2.46 
> or 1.2.48? I see the binaries and such for IIS, but not .so versions.
> 
> 2. How, on windows, do we tell what version of mod-jk.so is currently in 
> use on Apache HTTP?
> 
> Asking here as it has to do with connecting to Tomcat. :)
> 
> 
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Asst Vice President
> 
> Middleware Product Engineering
> Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
> 
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
> Tel 515-988-2508 | Cell 515-988-2508
> 
> jonmcalexan...@wellsfargo.com
> 
> 
> This message may contain confidential and/or privileged information. If you 
> are not the addressee or authorized to receive this for the addressee, you 
> must not use, copy, disclose, or take any action based on this message or any 
> information herein. If you have received this message in error, please advise 
> the sender immediately by reply e-mail and delete this message. Thank you for 
> your cooperation.
> 
> 
Normally you have to build those yourself.

Some Linux distributions offer mod_jk in various repositories.

For Windows, you can download them from the Apache Lounge (1.2.46 last I
checked).

For Apache HTTPD, you can tell what's installed by looking at
server-info - ie., http://127.0.0.1/server-info/. This of course depends
on whether it's enabled. It's not by default. It also depends on what
the restrictions are. My Windows 10 machine is set to only allow
127(.0.0.1) in the Require directive.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: seamless restart

[Mark Eggers]

Jonathan,

On 5/12/2020 8:20 AM, Jonathan Yom-Tov wrote:
> The problem is that my application is running on AWS which apparently
> doesn't support multicasting so I can't use Tomcat's DeltaManager. I
> thought of using one of the Store implementations for
PersistentManager but
> that has the issues which I mentioned earlier. My aim is to get to the
> point where I can add or take away servers from the cluster without
> impacting user experience. Ideally all state would be stored in a central
> location (e.g. Redis). But, since this is difficult because of the way the
> application is built I thought of using one server and only persisting the
> sessions when the server goes down. But I still have to solve the issues I
> mentioned.
>
>
>
>
> On Tue, May 12, 2020 at 6:06 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> Jonathan,
> 
> On 5/12/20 05:51, Jonathan Yom-Tov wrote:
 I have an application which changes the state of user sessions in
 lots of places in the code. Is it possible to do a seamless switch
 of Tomcat servers, preserving all sessions?

 I know I can use PersistentManager to persist sessions and load
 them. I can think of two strategies:

 1. Persist sessions periodically. This is more robust as I might
 not have control of when the server shuts down. 2. Persist sessions
 on server shutdown.


 The problem with the first approach is that I might lose the latest
 changes when the new server comes up. The problem with the second
 is that I'll have to lock access to the session until the old
 server is done saving it, which may make response times very slow.

 Is there a good solution to this that I might have overlooked?
> 
> If you want to solve these problems:
> 
> 1. Seamless (uninterrupted) restarts
> 2. Always up-to-date (well, as much as possible)
> 3. No downtime
> 
> Then you really need a cluster where the sessions are being replicated
> around the cluster.
> 
> This will solve some other problems as well:
> 
> 4. Expected downtime (e.g. OS/Tomcat/application upgrade)
> 5. Unexpected downtime (network outage, hardware fault)
> 6. Scaling-out (either manually or automatically)
> 
> You can do it with as little as two Tomcat instances. If you only care
> about being able to restart your application (and not the whole
> server, for example), then you can even run them side-by-side on the
> same server. You won't get protection against OS upgrades and
> unexpected downtime in that case, but you can get familiar with the
> setup without a whole lot of infrastructure.
> 
> -chris

Could you use the RedissonSessionManager and an AWS - distributed Redis
server?

You could put all of your Tomcat servers in an elastic group, and let
AWS manage that.

The real problem with this approach is deployment. How do you deploy
across an elastic group of Tomcat servers when you may not know the IP
addresses of the servers or how many you have?

I can think of some really kludgy ways to do this with S3 and AWS
events, but I've not worked out the details.

Another way to approach this is to run Docker on AWS (along with Redis),
and then deploy a new version by deploying a new Docker image in a
rolling fashion.

If your session interface changes a lot, that could create issues.

That's one of the advantages of using versioned deployment
(app.war##nnn) with a cluster. Old apps stay around until the session
expires, while new sessions get the new version.

Maybe -- just thinking out loud -- you could use an elastic group, AWS
events, Redis (RedisSessionManager), and numbered WAR files to simulate
a Tomcat cluster.

Another question: Is the database-backed session manager provided with
Tomcat slow? You could use that instead of the third party
RedissonSessionManager.

You should be able to test everything but the deployment locally. Just
run a Docker implementation on your development machine, and then test
either RedissonSessionManager or the JDBC backed session store. Docker
will (can) be set up to mimic AWS elastic group behavior (expansion /
contraction of containers), so the only question will be updates.

Use something like JMeter to test sessions and hammer your Docker
cluster. By default, Docker routes every request to a new container in a
multi-container group. You'll know really quickly if distributed
sessions aren't working.

I need to get back to this for $work, but I've been getting yanked
around a bit. Hopefully, I'll be able to start testing all of these
ideas in the next month or so.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: seamless restart

[Mark Eggers]

Chris,

On 5/12/2020 12:55 PM, Christopher Schultz wrote:
> Jonathan,
> 
> On 5/12/20 11:20, Jonathan Yom-Tov wrote:
>> The problem is that my application is running on AWS which
>> apparently doesn't support multicasting so I can't use Tomcat's
>> DeltaManager.
> 
> The membership-manager is separate from the replication-manager, so
> this has nothing to do with e.g. DeltaManager.
> 
> You don't have to use multicast. You can use static membership if you
> know your node IP addresses.
> 
> Rémy recently added a cloud membership service that uses Kubernetes as
> its default membership service. It looks like he hasn't written any
> documentation for it, but it exists in Tomcat 9 and 10.[1]
> 

This sounds interesting. I wonder how this will play using multiple
availability zones for high availability. It still won't handle region
outages, but there are other approaches for that.

I'll read the link you sent, and maybe play with that locally with a
Kubernetes setup. If I have questions about the set up, would here or
the dev list be the place to ask?

Thanks!

. . . just my two cents
/mde/

>> I thought of using one of the Store implementations for
>> PersistentManager but that has the issues which I mentioned
>> earlier. My aim is to get to the point where I can add or take away
>> servers from the cluster without impacting user experience.
> 
> See above. Sounds like the cloud membership service is what you are
> looking for because it (a) handles dynamic membership and (b) doesn't
> use multicast.
> 
>> Ideally all state would be stored in a central location (e.g.
>> Redis). But, since this is difficult because of the way the
>> application is built I thought of using one server and only
>> persisting the sessions when the server goes down. But I still have
>> to solve the issues I mentioned.
> I would avoid single points of failure if possible. A "central
> location" tends to be a single point of failure. Tomcat clustered with
> e.g. BackupManager and dynamic membership will (a) achieve your goals
> and (b) not require additional products.
> 
> Hope that helps,
> -chris
> 
> [1]
> https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/tr
> ibes/membership/cloud/CloudMembershipService.java#L34
> 
>> On Tue, May 12, 2020 at 6:06 PM Christopher Schultz <
>> ch...@christopherschultz.net> wrote:
> 
>> Jonathan,
> 
>> On 5/12/20 05:51, Jonathan Yom-Tov wrote:
> I have an application which changes the state of user
> sessions in lots of places in the code. Is it possible to do
> a seamless switch of Tomcat servers, preserving all
> sessions?
>
> I know I can use PersistentManager to persist sessions and
> load them. I can think of two strategies:
>
> 1. Persist sessions periodically. This is more robust as I
> might not have control of when the server shuts down. 2.
> Persist sessions on server shutdown.
>
>
> The problem with the first approach is that I might lose the
> latest changes when the new server comes up. The problem with
> the second is that I'll have to lock access to the session
> until the old server is done saving it, which may make
> response times very slow.
>
> Is there a good solution to this that I might have
> overlooked?
> 
>> If you want to solve these problems:
> 
>> 1. Seamless (uninterrupted) restarts 2. Always up-to-date (well, as
>> much as possible) 3. No downtime
> 
>> Then you really need a cluster where the sessions are being
>> replicated around the cluster.
> 
>> This will solve some other problems as well:
> 
>> 4. Expected downtime (e.g. OS/Tomcat/application upgrade) 5.
>> Unexpected downtime (network outage, hardware fault) 6. Scaling-out
>> (either manually or automatically)
> 
>> You can do it with as little as two Tomcat instances. If you only
>> care about being able to restart your application (and not the
>> whole server, for example), then you can even run them side-by-side
>> on the same server. You won't get protection against OS upgrades
>> and unexpected downtime in that case, but you can get familiar with
>> the setup without a whole lot of infrastructure.
> 
>> -chris
>>>
>>> -
>>>
>>>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
> 
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>




signature.asc
Description: OpenPGP digital signature

Re: seamless restart

[Mark Eggers]

Chris,

On 5/12/2020 1:25 PM, Christopher Schultz wrote:
> Mark,
> 
> On 5/12/20 16:14, Mark Eggers wrote:
>> Chris,
> 
>> On 5/12/2020 12:55 PM, Christopher Schultz wrote:
>>> Jonathan,
>>>
>>> On 5/12/20 11:20, Jonathan Yom-Tov wrote:
>>>> The problem is that my application is running on AWS which
>>>> apparently doesn't support multicasting so I can't use
>>>> Tomcat's DeltaManager.
>>>
>>> The membership-manager is separate from the replication-manager,
>>> so this has nothing to do with e.g. DeltaManager.
>>>
>>> You don't have to use multicast. You can use static membership if
>>> you know your node IP addresses.
>>>
>>> Rémy recently added a cloud membership service that uses
>>> Kubernetes as its default membership service. It looks like he
>>> hasn't written any documentation for it, but it exists in Tomcat
>>> 9 and 10.[1]
>>>
> 
>> This sounds interesting. I wonder how this will play using
>> multiple availability zones for high availability. It still won't
>> handle region outages, but there are other approaches for that.
> 
> I have no idea. There doesn't seem to me to be any reason why
> Kubernetes could not be used across regions. Maybe you wouldn't be
> able to use AWS-kube and might have to do it yourself. I have zero
> experience with Kubernetes, and zero experience with complex AWS
> deployments.
> 
>> I'll read the link you sent, and maybe play with that locally with
>> a Kubernetes setup. If I have questions about the set up, would
>> here or the dev list be the place to ask?
> 
> I think here would be better, since the answers will be visible to a
> wider group of people.
> 

That sounds reasonable. I know a lot of the devs read this group, so
hopefully (once I get started) there will be some answers.

> I'd love to see a writeup about this, including "how to set up
> Kubernetes from scratch to manage your Tomcat cluster" because I know
> literally nothing practical about it.

That and tying it into a cloud environment should be interesting. I'll
need to think about this before writing stuff on a mailing list, let
alone a document.

I'm just starting my journey through Docker / Kubernetes. I've put
together some simple images locally, and even have a private repository
set up running on Nexus 3. My experience with Kubernetes clusters is
limited to running "canned" environments.

It looks like an interesting road.

. . . just my two cents.
/mde/

> 
> -chris
> 
>>>> I thought of using one of the Store implementations for
>>>> PersistentManager but that has the issues which I mentioned
>>>> earlier. My aim is to get to the point where I can add or take
>>>> away servers from the cluster without impacting user
>>>> experience.
>>>
>>> See above. Sounds like the cloud membership service is what you
>>> are looking for because it (a) handles dynamic membership and (b)
>>> doesn't use multicast.
>>>
>>>> Ideally all state would be stored in a central location (e.g.
>>>> Redis). But, since this is difficult because of the way the
>>>> application is built I thought of using one server and only
>>>> persisting the sessions when the server goes down. But I still
>>>> have to solve the issues I mentioned.
>>> I would avoid single points of failure if possible. A "central
>>> location" tends to be a single point of failure. Tomcat clustered
>>> with e.g. BackupManager and dynamic membership will (a) achieve
>>> your goals and (b) not require additional products.
>>>
>>> Hope that helps, -chris
>>>
>>> [1]
>>> https://github.com/apache/tomcat/blob/master/java/org/apache/catalina
> /tr
>>>
>>>
> ibes/membership/cloud/CloudMembershipService.java#L34
>>>
>>>> On Tue, May 12, 2020 at 6:06 PM Christopher Schultz <
>>>> ch...@christopherschultz.net> wrote:
>>>
>>>> Jonathan,
>>>
>>>> On 5/12/20 05:51, Jonathan Yom-Tov wrote:
>>>>>>> I have an application which changes the state of user
>>>>>>> sessions in lots of places in the code. Is it possible to
>>>>>>> do a seamless switch of Tomcat servers, preserving all
>>>>>>> sessions?
>>>>>>>
>>>>>>> I know I can use PersistentManager to persist sessions
>>>>>>> and load them. I c

Re: Tomcat and CLoudWatch

[Mark Eggers]

Jake,

On 8/21/2020 10:26 AM, Jake Orel wrote:
> Hey Chris,
> I've been working with Jerry on this. What I had found was to use Collectd
> with the java and genericJMX plugins to gather the Mbeans i wanted to
send.
> After that there was the options of either using a cloudwatchPlugin
>  for collectd or using the
> AWS Cloudwatch agent to collect the metrics from collectd and send
those to
> cloudwatch. I've been able to get basic ec2 metrics (memory-free,
> memory-percent-used, disk-used) from both of those angles but neither one
> has let me send the JMX to cloudwatch. I don't seem to be getting any
error
> messages from either of them and they both tell me they're running.
>

>
> On Fri, Aug 21, 2020 at 11:34 AM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> Jerry,
> 
> On 8/19/20 13:19, Jerry Malcolm wrote:
 Is anyone successfully monitoring Tomcat JMX beans on Amazon
 CloudWatch?  This shouldn't be that difficult.  But we are hitting
 a brick wall.  Can't get anything to work that is recommended on
 forums.
> 
> What have you tried so far?
> 
> -chris

Seems like fluentd would be another approach. I haven't tried it yet,
but the following links look promising.

Cloudwatch - albeit with a Kubernetes cluster
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-logs.html

Fluentd JMX plugin
https://github.com/hidsuzuk/fluent-plugin-jmx/blob/master/README.md

This looks workable, although it may be a bit heavy for a per-EC2
implementation.

I'm slowly working on dockerizing and containerizing a bunch of
applications running on Tomcat. This is the monitoring approach that I'm
considering.

. . . just my two cents
/mde/




signature.asc
Description: OpenPGP digital signature

Re: Class loader does not find class in WEB-INF/classes

[Mark Eggers]

Carles,


On 9/1/2020 11:23 AM, Christopher Schultz wrote:
> Carles,
> 
> On 9/1/20 14:08, Carles Franquesa wrote:
>> This message is a reply to those that asked me for uploading a
>> simple version of my webapp reproducing the problem of not finding
>> classes when a JSP is inside a subfolder, thus not hanging directly
>> from web root directly.
> 
>> I have slimmed down the code as much as possible. You'll see is
>> almost nothing.
> 
>> algorismes.zip
>>  w?usp=drive_web>
> 
> 
> 
>> So, the project's became very simple, but the problem is there:
> 
>> Built with NetBeans 8.0.2 on Windows 10 Tested on local host (so
>> tomcat running on windows), it works My VPS holds a public web
>> domain called algosismes.cat. Tested on my VPS, it depends.
> 
>> Once deploy's done with tomcat 8.5.57 manager app, clicking on its
>> list of sites, it works, since the browser is connecting to the
>> ip:port/algorismes.
> 
>> Setting directly "algorismes.cat" in the browser url, the error is
>> found. Just click to go to the level2.jsp.
> 
>> Lervel2.jsp is a blank page that just declares ann object of class
>> Student to show the problem.
> 
>> Anybody can explain to me what am i doing wrong?
> 
> The ZIP file does not contain a build web application. Can you publish
> your WAR file instead of mixed source/resources?
> 
> It's pretty important how you build the WAR, which is why I'm asking
> for it.
> 
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

There are a lot of issues with your project that have nothing to do with
Tomcat. I'm going to assume that most of your project problems exist
because of how aggressively you stripped down your project.

As a start, you'll need to set up your project correctly in NetBeans.

Instead of just copying the commons-fileupload-1.3.jar and
commons-io-2.2.jar into WEB-INF/lib, you'll need to add them to your
project.

Right-mouse on the project, then:

Properties->Libraries
Click on the Add Jar / Folder button

Browse to your jar files and add them. Then when NetBeans builds the
project, they will be included in the war file.

I've checked, and all of the files are in the proper place in the built
war file.

Now some project notes:

1. Start with using NetBeans 12 - netbeans.apache.org

2. Seriously consider using a Maven-based project instead of an
Ant-based project
This will make dependency management much easier.

3. Seriously consider using the NetBeans built-in CDNJS manager for
JavaScript libraries
This will make JavaScript dependency management much easier.

4. Do not use generic top-level package names. Consider starting
everything with org.franquesa.

5. Do not manage database access on your own. Use JNDI and Tomcat's pooling.
See: http://tomcat.apache.org/tomcat-8.5-doc/jndi-resources-howto.html

See Christopher Schultz's excellent document on how to properly handle
pooled JDBC connections:

https://blog.christopherschultz.net/2009/03/16/properly-handling-pooled-jdbc-connections/

Yes, there are reasons to manage your own database pooling, but there
are not that many use cases for it.

PS: I fixed some obvious typos in your posted project, built it, and ran
it on Tomcat 9.0.37 and JDK 11 on a local internal system (not
localhost). I was able to successfully click on the first page and
navigate to the second page (/appname/folder/level2.jsp).



signature.asc
Description: OpenPGP digital signature

Re: Tomcat SecurityListener

[Mark Eggers]

Shawn,

On 10/12/2020 12:59 PM, Beard, Shawn wrote:

Tomcat 9.0.31.0 loads a org.apache.catalina.security.SecurityListener by 
default in the catalina.sh file.

This SecurityListener also sets the UMASK of files to 0027. This has the effect 
of any file tomcat creates or the app running in tomcat creates with 
permissions or -rw-r-

This is causing a problem for us as it prevents certain people from being able 
to read log files or read any file the application might create. Putting these 
users in the group of the user that tomcat runs as is not an option.

I’ve tried changing the catalina.sh to set the UMASK to something like 0022 but 
that prevents tomcat from starting with an error that it has to me at least as 
restrictive as 0027.

I’ve also tried setting the UMASK to 0022 in the setenv.sh with same results.

I’m hesitant to comment out the loading of the security listener in catalina.sh 
as I don’t want to disable anything else important that it may be doing from a 
security standpoint.

Does anyone have any ideas as to a workaround?
 ​

Shawn   Beard‑ Sr. Systems Engineer

Middleware Engineering

[cid:image624238.png@1BC27BA2.B6427C15]
3840 109th Street   ,   Urbandale   ,   IA  50322

Phone: +1-515-564-2528
Email:  sbe...@wrberkley.com

Website: https://berkleytechnologyservices.com/




[cid:image040736.jpg@BA9411B9.333ADE5A]

Technology Leadership Unleashing Business Potential







CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain 
private, privileged and confidential information belonging to the sender. The 
information therein is solely for the use of the addressee. If your receipt of 
this transmission has occurred as the result of an error, please immediately 
notify us so we can arrange for the return of the documents. In such 
circumstances, you are advised that you may not disclose, copy, distribute or 
take any other action in reliance on the information transmitted.



I don't know what your security or audit requirements are. These are 
some options off the top of my head.


1. Service account for the user that runs Tomcat
You don't run Tomcat as root, correct?

You could then have a list of authorized sudoers, use two factor 
authentication (maybe for both the users and the service account), and 
audit both the service account and the sudoers accounts.


Prevent the service account from being accessed directly.

2. Remote logging
This would take care of needing to access log files on the server, but 
it would not allow anyone to audit application-created files.


Speaking of application-created files, I hope that these are not 
user-provided files that are then directly accessible. Without careful 
auditing, that can lead to some pretty serious security breaches.


. . . just my two cents.
/mde/


OpenPGP_0x41466EC60D793C2D.asc
Description: application/pgp-keys


OpenPGP_signature
Description: OpenPGP digital signature

Re: Strange crash-on-takeoff, Tomcat 7.0.104

[Mark Eggers]

James,

On 11/18/2020 5:06 PM, James H. H. Lampert wrote:

Ladies and Gentlemen:

The same customer installation that required 104 (but with the 103 
catalina.sh, to avoid Bug 64501) back in June is now demanding an update 
to 106 because of the CVE-2020-13935 vulnerability.


Two questions:

1. Is the problem from June fixed in 106?
2. Does 106 take care of CVE-2020-13935?

--
JHHL


http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
http://tomcat.apache.org/security-7.html

. . . just my two cents
/mde/


OpenPGP_0x41466EC60D793C2D.asc
Description: application/pgp-keys


OpenPGP_signature
Description: OpenPGP digital signature

Re: javadoc 404

[Mark Eggers]

Rob,

On 1/10/2021 8:51 PM, Rob Sargent wrote:
While trying to understand why PerUserPoolDataSource doesn't implement 
javax.sql.ConnectionPoolDataSource on



https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/tomcat/dbcp/dbcp2/datasources/package-summary.html 



I get a 404 from anchor cpdsadapter example


https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/package.html 






I went to https://tomcat.apache.org/tomcat-9.0-doc/api/overview-summary.html

and then

https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/package-summary.html 



with no issue. Maybe an internal link is broken?

. . . just my two cents
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: AccessLog implementation via logging subsystem?

[Mark Eggers]

Thomas,

On 1/20/2021 2:59 AM, Thomas Meyer wrote:

Hi,

as far as I can see there seems to be no AccessLog interface implementation 
that is using the standard tomcat logging subsystem.
Is there a reason for this?
I have a use case were I want to forward access log to splunk via http event 
collector endpoint.
The idea is to log access log via tomcat logging and configure tomcat logging 
to use HttpEventCollectorLog4jAppender to forward all access logs to splunk.

mfg
thomas


You could probably configure Tomcat to use log4j2 and its 
SocketAppender to do this. Then it becomes a configuration exercise.


I think there were some notes on how to do the former on the mailing 
list. It's been a couple of years since I've set up Tomcat with log4j2, 
otherwise I'd write up detailed instructions.


I hope that gets you started down a reasonable path.

. . . just my two cents.
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Memory leak with Jersey 2.33

[Mark Eggers]

Folks,

This is probably not a Tomcat issue, but any thoughts on how to resolve 
this would be greatly appreciated.


I am running into an apparent ClassLoader leak with the following 
configuration:


Windows 10 Professional (64 bit, latest updates)
OpenJDK 11.0.10
Apache Tomcat 7.0.107
Jersey Rest 2.33

I have a simple application:

ApplicationConfig:

@ApplicationPath("/service")
public class ApplicationConfig extends Application {

public ApplicationConfig() {
}

@Override
public Set> getClasses(){
Set> resources = new java.util.HashSet<>();


resources.add(org.mdeggers.cplanapi.resource.CostInfoResource.class);

resources.add(org.mdeggers.cplanapi.resource.InstituteInfoResource.class);

resources.add(org.mdeggers.cplanapi.resource.InstituteTypeInfoResource.class);


resources.add(org.mdeggers.cplanapi.mapper.NotFoundExceptionMapper.class);

return resources;
}
}

One of three resources:

@Path("/v1/inst")
public class InstituteInfoResource {

public InstituteInfoResource() {
}

@GET
@Path("/info")
@Produces({MediaType.APPLICATION_JSON})
public InstituteContainer getNationalList() {
InstituteInfo instituteinfo = new InstituteInfo();
return instituteinfo.getNational();
}

@GET
@Path("/info/{ state : [A-Z]{2} }")
@Produces({MediaType.APPLICATION_JSON})
public InstituteContainer getStateList(@PathParam("state") String 
state) {

InstituteInfo instituteinfo = new InstituteInfo();
return instituteinfo.getState(state);
}
}

The InstituteInfo class is a DAO that makes requests into a MySQL 
database and returns a container with the information.


This all works, but on undeploying the Tomcat Manager complains that 
there is a leak after unloading the web application.


Doing a heap dump and looking at it with the following OQL in Eclipse 
MAT shows that the application still resides in memory, with started=false.


SELECT wcl.contextName.toString() AS contextName,
   wcl.started AS started,
   wcl.@retainedHeapSize AS retainedSize
FROM org.apache.catalina.loader.WebappClassLoader wcl

contextName   started  retainedSize
/cplanapi false586,720
/docs true  46,664
/host-manager true  47,288
/manager  true  47,392
/examples true  85,432
  true  46,912

GC roots for cplanapi are:

class com.sun.naming.internal.ResourceManager
'- propertiesCache java.util.WeakHashMap
   '- table java.util.WeakHashMap$Entry[16]
  '- java.util.WeakHashMap$Entry
 '- referent org.apache.catalina.loader.WebappClassLoader

This occurs on both Windows and Linux, and with the above JRE as well as 
Java 1.8.0_202.


. . . just my two cents
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: Memory leak with Jersey 2.33

[Mark Eggers]

On 1/31/2021 9:39 PM, Mark Eggers wrote:

Folks,

This is probably not a Tomcat issue, but any thoughts on how to resolve 
this would be greatly appreciated.


I am running into an apparent ClassLoader leak with the following 
configuration:


Windows 10 Professional (64 bit, latest updates)
OpenJDK 11.0.10
Apache Tomcat 7.0.107
Jersey Rest 2.33

I have a simple application:

ApplicationConfig:

@ApplicationPath("/service")
public class ApplicationConfig extends Application {

     public ApplicationConfig() {
     }

     @Override
     public Set> getClasses(){
     Set> resources = new java.util.HashSet<>();


resources.add(org.mdeggers.cplanapi.resource.CostInfoResource.class);

resources.add(org.mdeggers.cplanapi.resource.InstituteInfoResource.class);

resources.add(org.mdeggers.cplanapi.resource.InstituteTypeInfoResource.class); 




resources.add(org.mdeggers.cplanapi.mapper.NotFoundExceptionMapper.class);

     return resources;
     }
}

One of three resources:

@Path("/v1/inst")
public class InstituteInfoResource {

     public InstituteInfoResource() {
     }

     @GET
     @Path("/info")
     @Produces({MediaType.APPLICATION_JSON})
     public InstituteContainer getNationalList() {
     InstituteInfo instituteinfo = new InstituteInfo();
     return instituteinfo.getNational();
     }

     @GET
     @Path("/info/{ state : [A-Z]{2} }")
     @Produces({MediaType.APPLICATION_JSON})
     public InstituteContainer getStateList(@PathParam("state") String 
state) {

     InstituteInfo instituteinfo = new InstituteInfo();
     return instituteinfo.getState(state);
     }
}

The InstituteInfo class is a DAO that makes requests into a MySQL 
database and returns a container with the information.


This all works, but on undeploying the Tomcat Manager complains that 
there is a leak after unloading the web application.


Doing a heap dump and looking at it with the following OQL in Eclipse 
MAT shows that the application still resides in memory, with started=false.


SELECT wcl.contextName.toString() AS contextName,
    wcl.started AS started,
    wcl.@retainedHeapSize AS retainedSize
FROM org.apache.catalina.loader.WebappClassLoader wcl

contextName   started  retainedSize
/cplanapi false    586,720
/docs true  46,664
/host-manager true  47,288
/manager  true  47,392
/examples true  85,432
   true  46,912

GC roots for cplanapi are:

class com.sun.naming.internal.ResourceManager
'- propertiesCache java.util.WeakHashMap
    '- table java.util.WeakHashMap$Entry[16]
   '- java.util.WeakHashMap$Entry
  '- referent org.apache.catalina.loader.WebappClassLoader

This occurs on both Windows and Linux, and with the above JRE as well as 
Java 1.8.0_202.


. . . just my two cents
/mde/



Please ignore this. Doing two rounds of GC through the manager removed 
the application from memory (as confirmed by a heap dump).


Now I need to figure out how to force a GC, since we had an OOM 
Metaspace issue with repeated deployments of the application.


. . . just my two cents
/mde/



OpenPGP_signature
Description: OpenPGP digital signature

Re: Memory leak with Jersey 2.33

[Mark Eggers]

Mark,

On 2/1/2021 1:33 AM, Mark Thomas wrote:

Is the GC root above the only one? I've seen similar behaviour in the
past where weak references appear to be the cause of a leak but closer
inspection uncovers a strong reference.

Mark


Thanks for putting me on the correct track. I'm using log4j2 2.14.0 and 
Jersey REST 2.33 which includes Jackson 2.11.3.


Analyzing the heap dump using Eclipse MAT and excluding weak references 
led me down a fun rabbit hole.


Leak 1:
https://github.com/FasterXML/jackson-core/issues/400

Fix:
in setenv.(bat/sh) add
-Dcom.fasterxml.jackson.core.util.BufferRecyclers.trackReusableBuffers=true

In a servlet context listener add
int released = releaseBuffers(); // with the proper import, of course

Leak 2:
https://issues.apache.org/jira/browse/LOG4J2-578

Although it's marked as fixed, it apparently is not.

Fix (for now):
in setenv(bat/sh) add
-Dlog4j2.disable.jmx=true

With all of that done, undeploying the web application and doing a heap 
dump shows no traces of the offending app (all WebappClassLoaders have 
started=true).


Again, thanks for the tip.

. . . just my two cents.



OpenPGP_signature
Description: OpenPGP digital signature

Re: Correct manager.xml for Tomcat 8 manager GUI

[Mark Eggers]

On 2/24/2021 9:54 AM, Patrick Baldwin wrote:

Hi, I'm trying to reconfigure a pre-existing dev Tomcat 8 server so folks
can use the manager GUI; so far, I just get the ERR_CONNECTION_REFUSED
message.

I've stripped the tomcat users file down to just:

$ cat /usr/local/tomcat/conf/tomcat-users.xml

  
  


And the  /usr/local/tomcat/conf/Catalina/localhost /manager.xml is
currently:
$ pwd
/usr/local/tomcat/conf/Catalina/localhost
$ cat manager.xml









Not seeing an error in catalina.out about the manager, looks like it's
deploying OK:

24-Feb-2021 12:00:56.070 INFO [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
configuration descriptor
[/usr/local/tomcat/conf/Catalina/localhost/manager.xml]
24-Feb-2021 12:00:56.092 INFO [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of
configuration descriptor
[/usr/local/tomcat/conf/Catalina/localhost/manager.xml] has finished in
[22] ms

Since it's a dev system, I've temporarily turned off the firewall and
selinux to make sure they aren't the issue.

Any thoughts?



What version of Tomcat 8?

For all recent versions of Tomcat (even 7), you'll need the following:

http://tomcat.apache.org/xml";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  xsi:schemaLocation="http://tomcat.apache.org/xml 
tomcat-users.xsd"

  version="1.0">



. . . just my two cents
/mde/






OpenPGP_signature
Description: OpenPGP digital signature

RE: Someone Please: Why Is Tomcat Looking In The Wrong Directory?

[Mark Eggers]

As an additional comment:

Based on earlier comments, it looks like the vendor's
application is using the system property tomcat.home
to   create the file path to open.

As you found out this will prevent using CATALINA_BASE
or creating virtual hosts under one Tomcat.

The vendor might look at using something like:

getServletConfig().getServletContext().getRealPath("virtual")

and then getting "virtual" fed in via a context-param
in the web.xml file.

That should return the real path to the file.  It will
fail when the application is being served from a .war
file, but requiring the war file to be exploded should
be OK.

Just some random thoughts at the end of the thread.

/mde/

--- "Robinson, Eric" <[EMAIL PROTECTED]> wrote:

> Okay, so I finally connected with someone at the
> vendor. Surprise! It
> turns out they do not follow the standard method for
> creating multiple
> instances of tomcat, i.e., by using $CATALINA_BASE.
> Instead, I was
> advised to copy the entire tomcat directory
> structure for each instance.
> I did this and it worked. I also had to create a new
> entry in init.d for
> the new tomcat service and edit a few other files,
> but at least now it
> is working. Talk about brute force! At least its
> good to know I wasn't
> being a complete ninny with the way I was
> configuring it.
> 
> Nonetheless, THANKS VERY MUCH TO ALL for the many
> responses. I am
> completely floored by the amount of help people
> offered. This is a very
> active list, to say the least.
> 
> --
> Eric Robinson
> 
> 
> -Original Message-
> From: David Smith [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, August 01, 2006 11:34 AM
> To: Tomcat Users List
> Subject: Re: Someone Please: Why Is Tomcat Looking
> In The Wrong
> Directory?
> 
> Hmmm. and the plot thickens.  Have you asked the
> vendor about this
> issue?  Can they offer any insights as to how they
> access the
> myapp.properties file?
> 
> --David
> 
> Robinson, Eric wrote:
> 
> >David,
> >
> >I do not know if the 3rd party app has hard-coded
> paths. I grepped for 
> >tomcat in the app directory and below and I see a
> couple of places 
> >where it is doing a
> System.GetProperty("tomcat.home"), but that's about
> it.
> >
> >--
> >Eric Robinson
> >
> >
> >-Original Message-
> >From: David Smith [mailto:[EMAIL PROTECTED]
> >Sent: Tuesday, August 01, 2006 8:55 AM
> >To: Tomcat Users List
> >Subject: Re: Someone Please: Why Is Tomcat Looking
> In The Wrong 
> >Directory?
> >
> >Fair enough.  Are the JSPs, servlets, etc., ... all
> being called from 
> >the /home/myaccount/tomcat5/webapps directory?
> >
> >Here's where I'm going with this: 
> >
> >If resources like this properties file are being
> opened from the wrong 
> >location, but other webapp resources (images, jsps,
> servlets, etc., 
> >...) are being served up from the proper location,
> it could be the 
> >result of bugs in your third party webapp.  Maybe
> it's reliant on a 
> >hard coded path or a relative path to the current
> directory at the time
> 
> >tomcat was started.
> >
> >--David
> >
> >Robinson, Eric wrote:
> >
> >  
> >
> >>Sorry, I cannot answer that question as I am not
> the developer. 
> >>Although I called it "myapp" for simplicty, it is
> really a third-party
> 
> >>application.
> >>
> >>--
> >>Eric Robinson
> >>
> >>
> >>-Original Message-
> >>From: David Smith [mailto:[EMAIL PROTECTED]
> >>Sent: Tuesday, August 01, 2006 8:23 AM
> >>To: Tomcat Users List
> >>Subject: Re: Someone Please: Why Is Tomcat Looking
> In The Wrong 
> >>Directory?
> >>
> >>I'm responding to the first message in the thread,
> but have read all 
> >>of
> >>
> >>
> >
> >  
> >
> >>it.  A thought:
> >>
> >>How are you opening this file?  Hopefully it's via
> 
> >>ServletContext.getResourceAsStream(
> "/myapp/conf/myapp.properties" ) ;
> >>
> >>--David
> >>
> >>Robinson, Eric wrote:
> >>
> >> 
> >>
> >>
> >>
> >>>Hello all,
> >>>
> >>>When I start tomcat, I get several messages like
> these:
> >>>
> >>>  java.io.FileNotFoundException:
>
>>>/usr/local/tomcat5/webapps/myapp/conf/myapp.properties
> (No such file 
> >>>or
> >>>directory)
> >>>
> >>>This file actually exists in
>
>>>/home/myaccount/tomcat5/webapps/myapp/conf/myapp.properties
> >>>
> >>>I have $CATALINA_BASE set to
> /home/myaccount/tomcat5
> >>>
> >>>My instance of tomcat is starting mostly fine. I
> can connect to it on
> 
> >>>my custom port and see my own default page, but
> for some reason 
> >>>tomcat
> >>>  
> >>>
> >
> >  
> >
> >>>is still looking for "myapp" in the directory
> specified by
> >>>   
> >>>
> >>>  
> >>>
> >>$CATALINA_HOME.
> >> 
> >>
> >>
> >>
> >>>Someone please take a moment and give me some
> tips on why this might 
> >>>be
> >>>   
> >>>
> >>>  
> >>>
> >> 
> >>
> >>
> >>
> >>>happening.
> >>>
> >>>Thanks much,
> >>>
> >>>
> >>>--
> >>>Eric Robinson
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>Disclaimer - August 1, 2006
> >>>This email and any files transmitted with it are
>

Re: Connector Problems -

[Mark Eggers]

I just finally moved over to mod_jk from mod_jk2. 
Since this is a development environment on
Windows/2000 Professional, I didn't have the pressure
to move.

Anyway, here's my environment:

Windows/2000 Professional
Apache 2.054 (will upgrade one of these days)
Tomcat 5.5.17
JDK 1.5.0_06-b05

Since I don't like spaces in my file names, everything
is installed under C:\Apache\Apache2 and
C:\Apache\Tomcat.

My workers file looks like the following (I specify a
lot of the defaults).

# only one worker
# a better name is called for
worker.list=worker1

#
# worker1 specs
#
worker.worker1.typw=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.socket_timeout=60

Loading mod_jk in my httpd.conf file:

#
# mod_jk
#
LoadModule jk_module   modules/mod_jk.so
JkWorkersFile  conf/workers.properties
JkLogFile  logs/mod_jk.log

Now I create aliased for each of my web applications
and set up directory controls.  I do that so I can
serve static files from Apache, and dynamic files from
Tomcat.  I could also use JkAutoAlias.


   Options Indexes MultiViews
   AllowOverride None
   Order deny,allow
   Allow from 192.168.1
   Allow from 127.0.0.1


This sets directory access, since the Tomcat webapps
directory is outside my document root.

An Alias and a JkMount finish up the configuration.

# all on one line
Alias /jsp-examples
"C:/Apache/Tomcat/webapps/jsp-examples"

# separate line
JkMount /jsp-examples/*.jsp  worker1

Hope this helps.

/mde/
just my two cents . . . .


--- "M. Goodell" <[EMAIL PROTECTED]> wrote:

> I am unable to get the tomcat connectors to work
> after spending hours 
> reading docs and scouring google in search of
> answers. 
>
> I have seen the problem I am having posted all over
> the web but there 
> are no solutions to it that I have seen.
>
>   Here is the summary of the problem:
>
>   Component information:
>
>   - MS Windows XP
>   - Tomcat-5.5.17
>   - Apache 2.0.58
>   - mod_jk-1.2.18
>
> I define the workers.properties file as specified
> per the 
> documentation which resides in:
>   "C:/Program Files/Apache
> Group/Apache2/conf/workers.properties"
>
>   worker.list = worker1
> worker.worker1.type = ajp13
>   
> (according to the docs "type" is the only mandatory
> element)
>
> And the VirtualHost portion of httpd.conf looks like
> this:
>
> 
>   ServerAdmin [EMAIL PROTECTED]
> DocumentRoot /www/sandbox
> ServerName dummy-host.example.com
> ErrorLog logs/172.27.224.236.error.log
> CustomLog logs/172.27.224.236.access.log common
> LoadModule jk_module "C:/Program Files/Apache 
> Group/Apache2/modules/mod_jk.so"
> JkWorkersFile "C:/Program Files/Apache
> Group/Apache2/conf/workers.properties"
> JkLogFile "C:/Program Files/Apache 
> Group/apache-tomcat-5.5.17/logs/mod_jk.log"
>   JkLogLevel debug
>   JkMount /axis ajp13
> JkMount /axis/* ajp13
>   JkMount /servlets-examples ajp13
> JkMount /servlets-examples/* ajp13
>   JkMount /jsp-examples ajp13
> JkMount /jsp-examples/* ajp13
>   JkMount /MGGWebApp worker1
> JkMount /MGGWebApp/* worker1
>   
> 
>   When I attempt to access
> http://172.27.224.236/MGGWebApp/  I get an 
> "Internal Server Error" page and the error info is
> dumped to the log. The regular ajp13 references work
> perfect.
>
>   Alas, Here is the log entry:
>
>   [Tue Aug 08 12:47:16 2006] [1988:0324] [debug]
> jk_uri_worker_map.c 
> (508): Attempting to map URI '/MGGWebApp/index.jsp'
> from 8 maps
> [Tue Aug 08 12:47:16 2006] [1988:0324] [debug]
> jk_uri_worker_map.c 
> (520): Attempting to map context URI
> '/servlets-examples/*'
> [Tue Aug 08 12:47:16 2006] [1988:0324] [debug]
> jk_uri_worker_map.c 
> (520): Attempting to map context URI
> '/jsp-examples/*'
> [Tue Aug 08 12:47:16 2006] [1988:0324] [debug]
> jk_uri_worker_map.c 
> (520): Attempting to map context URI '/MGGWebApp/*'
> [Tue Aug 08 12:47:16 2006] [1988:0324] [debug]
> jk_uri_worker_map.c 
> (534): Found a wildchar match worker1 ->
> /MGGWebApp/*
> [Tue Aug 08 12:47:16 2006] [1988:0324] [debug]
> mod_jk.c (1832): Into 
> handler jakarta-servlet worker=worker1 r->proxyreq=0
> [Tue Aug 08 12:47:16 2006] [1988:0324] [debug]
> jk_worker.c (111): did 
> not find a worker worker1
> [Tue Aug 08 12:47:16 2006] [1988:0324] [info] 
> mod_jk.c (1986): Could 
> not find a worker for worker name=worker1
>
>  It seems to me, from the log file information, that
> it simply cannot 
> find the workers.properties file. Also, it looks as
> though the mod_jk 
> is loading due to Apaches lack of complaining.
>
>  Any help / direction or chastisment on this would
> be welcomed.
> 
>   Many thanks! 
>
>  M Goodell


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mai

Re: Connector Problems -

[Mark Eggers]

I just checked - it's copied exactly.  Sometimes I
drop characters when copying from emacs to Firefox.

Please see the following link under Mandatory
Directives

http://tomcat.apache.org/connectors-doc/config/workers.html

Also, LoadModule must be used in the server config and
not in the VirtualHost directive.  If you have Apache
and its documentation installed locally, please see:

http://localhost/manual/mod/mod_so.html#loadmodule
http://localhost/manual/mod/directive-dict.html#Context

HTH

/mde/
just my two cents . . . .


--- "M. Goodell" <[EMAIL PROTECTED]> wrote:

> In looking at your config, I see that the word
> "type" is spelled "typw" Was this copied directly
> from your actual config file?
>
>   worker.worker1.typw=ajp13
> 
> Just wondering . . .


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: tomcat JSP Servlet Apache JK2

[Mark Eggers]

There are a lot of issues here, mostly having to do
with how you've structured your virtual hosts. 
However, I think the following should get you up and
running quickly.

In your VirtualHost directive, add the following line:

DirectoryIndex index.html index.html.var login.jsp

That should bring up the login.jsp as a default index
when someone just goes to the directory.

Note, I have not tried this, but I do use this to
serve up .pl and .php index files.

I normally don't have a login.jsp page as the entry
point into my web application.  I normally put an
index.html splash page with a note about the web
application, and then on that page provide a link to
the login page should the user want to log in.

As I said above, there are a lot of potential issues
with the way you've constructed virtual hosts, both
with Apache and Tomcat.  The Tomcat issues are
certainly on topic for this mailing list, but the
Apache issues are probably not.

Hope this helps.

/mde/
just my two cents . . . .

--- jeusdi <[EMAIL PROTECTED]> wrote:

> 
> Hello,
>mmm, I've compiled and linked and configured
> mod_jk with Apache 2.0
> correctly, but I doesn't work correctly. Mmm, if I
> access to
> http://192.168.1.2 explorer continues show me the
> code of my JSP, but if I
> access to http://192.168.1.2/ecommerce/login.jsp it
> shows me correctly the
> JSP formatted or interpreted as simpe HTML file.
> 
> I don't know What more Can I do. Can you say me what
> do I do wrong?
> 
> jk.conf ->
> 
> JkWorkersFile
> "/etc/apache2/properties/workers.properties"
> JkLogFile "/var/log/apache2/jk.log"
> JkLogLevel debug
> 
> 
> workers.properties ->
> 
> 
> #
> # List workers
> worker.list=treb
> #
> # Define work
> worker.treb.tomcat_home=$TOMCAT_HOME
> worker.treb.java_home=$JAVA_HOME
> worker.treb.port=8009
> worker.treb.host=localhost
> worker.treb.type=ajp13
> worker.treb.cachesize=10
> worker.treb.cache_timeout=600
> worker.treb.socket_timeout=300
> worker.treb.lbfactor=1
> 
> 
> And httpd.conf ->
> 
> ServerName 192.168.1.2
> 
> NameVirtualHost 192.168.1.2
> 
> 
> ServerName 192.168.1.2
> ServerAdmin [EMAIL PROTECTED]
> DocumentRoot
> /usr/local/tomcat/webapps/ecommerce
> ErrorLog
> /usr/local/tomcat/webapps/webshop/logs/error_log
> CustomLog
> /usr/local/tomcat/webapps/webshop/logs/access_log
> common
> 
> AllowOverride None
> Deny from all
> 
> JkMount /*.jsp treb
> 
> 
> 
> -- 
> View this message in context:
>
http://www.nabble.com/tomcat-JSP-Servlet-Apache-JK2-tf2071029.html#a5724146
> Sent from the Tomcat - User forum at Nabble.com.
> 
> 
>
-
> To start a new topic, e-mail:
> users@tomcat.apache.org
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Measuring traffic pr. virtualhost

[Mark Eggers]

If you want to do logging on at the Engine, Host, or
Context level, then you can use the access logging
valve in Tomcat.  Configuration information can be
found here:

http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html

Note that if you serve static material with a
front-end Apache server, that will NOT be logged by
the access logging valve (obviously).

If you use mod_jk in Apache 2.0 (or I assume
mod_proxy_ajp in Apache 2.2), then the web server can
log everything.  Just set up a log file per each
VirtualHost.

There is a lot of documentation in the httpd.conf file
and in the Apache manual for setting up logging on
Apache.

The Tomcat logs are in the Apache common format (by
default).  There are many web statistics packages that
will parse and analyze these files.

If you want more detailed help, I would be happy to
correspond with you off the mailing list, since log
configurations for the Apache web server are probably
not on topic here.

/mde/
Just my two cents . . . .


--- Lars Nielsen Lind <[EMAIL PROTECTED]> wrote:

> Hi.
> 
> I need to measure the traffic pr. month/year for
> each virtualhost. How 
> can I do that with Apache/Tomcat?
> 
> Lars Nielsen Lind
> 
>
-
> To start a new topic, e-mail:
> users@tomcat.apache.org
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: workers.properties

[Mark Eggers]

This should be like any other web application.  I just
set it up as a test on my machine and it works fine.

Take a look at: 

http://tomcat.apache.org/connectors-doc/

1) Set up a standard workers.properties file (example)

# only one worker
# a better name is called for
worker.list=myworker

#
# worker1 specs
#
worker.myworker.typw=ajp13
worker.myworker.host=localhost
worker.myworker.port=8009
worker.myworker.socket_timeout=60

2) Load the mod_jk module in httpd.conf
#
# mod_jk
#
LoadModule jk_module   modules/mod_jk.so
JkWorkersFile  conf/workers.properties
JkLogFile  logs/mod_jk.log

3) Set up a JkMount in httpd.conf - something like:

JkMount /mmbase/* myworker

where myworker has been defined in the
workers.properties file.

This basically sends everything from:

www.mydomain.com/mmbase/* to Tomcat.

There are other ways of doing this, but this is sort
of the minimalist approach.

Directory definitions and aliases in httpd.conf can be
useful (for example, to block hosts).

HTH
/mde/
just my two cents . . .

--- "D. Salemink Klikstudio"
<[EMAIL PROTECTED]> wrote:

> Does anybody have experience setting up the
> workers.properties file to
> serve mmbase through apache?
> -- 
> D. Salemink
> Zomerdijkstraat 1-11079WX Amsterdam
> +31207726869 +31651611510
> 
> Nieuwe media cursussen http://www.klikstudio.net
> Webdesign en hosting http://www.klikstudio.nl
> 
>
-
> To start a new topic, e-mail:
> users@tomcat.apache.org
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [SPAM ?]Error in dependencyCheck when using Connection pooling

[Mark Eggers]

>From looking for this error message with Google, it
appears that there is a problem with the manifest
information in your jar file.

Use the following two search items in Google:

java.io.IOException "invalid header field"
error in dependencycheck

What JDBC driver (DB and version), Tomcat version, and
JDK version are you using?

HTH

/mde/
just my two cents . . . .


--- Tom Bednarz <[EMAIL PROTECTED]> wrote:

> I get a very strange error when starting my web-app:
> 
> ---
> 14.08.2006 18:38:25
> org.apache.catalina.core.StandardContext start
> SCHWERWIEGEND: Error in dependencyCheck
> java.io.IOException: invalid header field
> at
> java.util.jar.Attributes.read(Attributes.java:393)
> at
> java.util.jar.Manifest.read(Manifest.java:167)
> at
> java.util.jar.Manifest.(Manifest.java:52)
> at 
>
org.apache.catalina.util.ExtensionValidator.validateApplication(ExtensionValidator.java:152)
> at 
>
org.apache.catalina.core.StandardContext.start(StandardContext.java:3998)
> at
>
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
> at
>
org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
> at
>
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
> at 
>
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
> at 
>
org.apache.catalina.core.StandardService.start(StandardService.java:450)
> at 
>
org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
> at
>
org.apache.catalina.startup.Catalina.start(Catalina.java:536)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at 
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at
> java.lang.reflect.Method.invoke(Method.java:585)
> at
>
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
> at
>
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
> 14.08.2006 18:38:25
> org.apache.catalina.core.StandardContext start
> SCHWERWIEGEND: Error getConfigured
> 14.08.2006 18:38:25
> org.apache.catalina.core.StandardContext start
> SCHWERWIEGEND: Context [/mytrixpert] startup failed
> due to previous errors
> 14.08.2006 18:38:25
> org.apache.catalina.core.StandardContext stop
> -
> 
> This happens since I copied my JDBC driver to
> <%CATALINA_HOME%>/common/lib.
> 
> If the JDBC driver is deployed with my web-app in
> WEB-INF\lib I get an 
> error that the JDBC driver cannot be loaded. It
> seems that the driver 
> needs to be in the common/lib directory of the
> container to make 
> connection pooling work.
> 
> Unfortunately I get now the above error. Any help
> with this would be 
> greatly apreciated, since I am stuck with this
> problem.


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat Crashed - Please Help.

[Mark Eggers]

Are you using Tomcat 5.5.x or Tomcat 5.0.x?

Tomcat 5.5.x requires either JSE 1.5 or JDK 1.4.x with
the JDK compatibility pack.

See the following:

http://www.devlib.org/apache/tomcat/tomcat-5/v5.5.17/README.html

The compatibility pack can be found here:

http://tomcat.apache.org/download-55.cgi

HTH

/mde/
just my two cents . . . .


--- Uday Bhaskar <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> When I start tomcat following is th error message:
> 
> Starting tomcat5: /usr/bin/rebuild-jar-repository:
> error: could not find 
> jdbc-stdext Java extension for this JVM
> /usr/bin/rebuild-jar-repository: error: could not
> find jndi Java 
> extension for this JVM
> /usr/bin/rebuild-jar-repository: error: All detected
> jars were not found 
> for this jvm
> /usr/bin/rebuild-jar-repository: error: could not
> find jaas Java 
> extension for this JVM
> /usr/bin/rebuild-jar-repository: error: All detected
> jars were not found 
> for this jvm
> [ OK ]
> 
> I did not made any changes on SDK (new installations
> etc).
> 
> when I say
> 
> *# sudo /usr/sbin/alternatives --config java*
> 
> Selection Command
> ---
> 1 /usr/share/java/libgcj-java-placeholder.sh
> 2 /usr/lib/jvm/java-1.4.2-ibm-1.4.2.0/jre/bin/java
> 3 /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java
> *+ 4
> /usr/lib/jvm/java-1.4.2-ibm-1.4.2.3/jre/bin/java
> 
> And when I say,
> 
> *$ java -version*
> java version "1.4.2_06"
> Java(TM) 2 Runtime Environment, Standard Edition
> (build 1.4.2_06-b03)
> Java HotSpot(TM) Client VM (build 1.4.2_06-b03,
> mixed mode)
> 
> *Tomcat log :*
> Bootstrap: Class loader creation threw exception
> java.lang.IllegalArgumentException:
> addRepositoryInternal
> at 
>
org.apache.catalina.loader.StandardClassLoader.addRepositoryInternal(StandardClassLoader.java:957)
> at 
>
org.apache.catalina.loader.StandardClassLoader.(StandardClassLoader.java:153)
> at 
>
org.apache.catalina.startup.ClassLoaderFactory.createClassLoader(ClassLoaderFactory.java:207)
> at 
>
org.apache.catalina.startup.Bootstrap.createClassLoader(Bootstrap.java:163)
> at 
>
org.apache.catalina.startup.Bootstrap.initClassLoaders(Bootstrap.java:104)
> at
>
org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:196)
> at
>
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:402)
> Caused by: java.util.zip.ZipException: No such file
> or directory
> at java.util.zip.ZipFile.open(Native Method)
> at
> java.util.zip.ZipFile.(ZipFile.java:112)
> at
> java.util.jar.JarFile.(JarFile.java:127)
> at
> java.util.jar.JarFile.(JarFile.java:65)
> at 
>
org.apache.catalina.loader.StandardClassLoader.addRepositoryInternal(StandardClassLoader.java:944)
> ... 6 more
> 
> 
> Can anyone help me.


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache 5.5 HelloWorldExample 404 error

[Mark Eggers]

If you're talking about the regular Hello World
example in :

http://localhost:8080/servlets-examples/servlet/HelloWorldExample

I don't know why it wouldn't work.  I have a very
vanilla Tomcat 5.5.17 install on Windows/2000
Professional with JDK 1.5.0_08 (just rebuilt the
system), and everything works out of the box.

What changes have you made to the stock Tomcat?  Can
you install a completely changed Tomcat somewhere and
see what happens?

I don't use the invoker servlet.  I edit the web
application's web.xml and reload the application or
build another war file and upgrade the application.

That way when I go to production, there are no
surprises - like forgetting a servlet definition in
web.xml and wondering why things don't work . . . .

Just some random thoughts . . . .

/mde/

--- David Smith <[EMAIL PROTECTED]> wrote:

> My only guess is packageless classes are not
> officially supported.  
> Reality is packageless classes sometime work and
> sometimes not.  If it 
> were in a package, it */might/* work.
> 
> --David
> 
> Steve Willett (Initiative Computing) wrote:
> 
> >Thanks, David, that seems to have got it.
> >
> >Any idea why the default "Hello World (down one)"
> example is not working?
> >
> >Steve 
> >
> >-Original Message-
> >From: David Smith [mailto:[EMAIL PROTECTED] 
> >Sent: Thursday, August 24, 2006 10:59 AM
> >To: Tomcat Users List
> >Subject: Re: Apache 5.5 HelloWorldExample 404 error
> >
> >We have a winner.  Take a look at
> >http://faq.javaranch.com/view?InvokerServlet.
> >
> >The form tag should be:
> >
> > action="servlet/elsewise.ui.user.LoginServlet"
> method=POST>
> >
> >
> >If the package of LoginServlet.class is
> elsewise.ui.user.
> >
> >--David
> >
> >Steve Willett (Initiative Computing) wrote:
> >
> >  
> >
> >>Thanks again, David.
> >>
> >>Since I restarted, the localhost log has:
> >>
> >>Aug 24, 2006 9:31:17 AM
> org.apache.catalina.core.ApplicationContext
> >>log
> >>SEVERE: Error loading WebappClassLoader
> >>  delegate: false
> >>  repositories:
> >>/WEB-INF/classes/
> >>--> Parent Classloader:
> >>
>
[EMAIL PROTECTED]
> >> ui
> >>java.lang.ClassNotFoundException: ui
> >>... 
> >>Aug 24, 2006 9:31:17 AM
> org.apache.catalina.core.ApplicationContext
> >>log
> >>SEVERE: invoker: Cannot allocate servlet instance
> for path 
> >>/elsewise/servlet/ui/user/LoginServlet
> >>javax.servlet.ServletException: Wrapper cannot
> find servlet class ui
> >>
> >>
> >
> >  
> >
> >>or a class it depends on
> >>...
> >>
> >>And
> >>
> >>Aug 24, 2006 9:32:00 AM
> org.apache.catalina.core.ApplicationContext
> >>log
> >>SEVERE: Error loading WebappClassLoader
> >>  delegate: false
> >>  repositories:
> >>/WEB-INF/classes/
> >>--> Parent Classloader:
> >>
>
[EMAIL PROTECTED]
> >> elsewise
> >>java.lang.ClassNotFoundException: elsewise
> >>...
> >>Aug 24, 2006 9:32:00 AM
> org.apache.catalina.core.ApplicationContext
> >>log
> >>SEVERE: invoker: Cannot allocate servlet instance
> for path 
> >>/elsewise/servlet/elsewise/ui/user/LoginServlet
> >>javax.servlet.ServletException: Wrapper cannot
> find servlet class 
> >>elsewise or a class it depends on
> >>...
> >>
> >>However, I shut Tomcat down again, restarted it,
> and tried to access 
> >>the "Hello World (down one)" Servlet Example from
> the default Tomcat home
> >>
> >>
> >page.
> >  
> >
> >>I got no error messages in the log, even though it
> still gives me the 
> >>404, not found error.
> >>
> >>So I guess these two 404 errors are from a
> different cause?
> >>
> >>Steve
> >>
> >>-Original Message-
> >>From: David Smith [mailto:[EMAIL PROTECTED]
> >>Sent: Thursday, August 24, 2006 10:03 AM
> >>To: Tomcat Users List
> >>Subject: Re: Apache 5.5 HelloWorldExample 404
> error
> >>
> >>Ok.
> >>
> >>Have you taken a look at the logs generated by
> tomcat from startup 
> >>through the request?  May have some insight as to
> what's happening (or 
> >>not happening).
> >>
> >>--David
> >>
> >>Steve Willett (Initiative Computing) wrote:
> >>
> >> 
> >>
> >>
> >>
> >>>David, thanks for your quick response to my post!
> >>>
> >>>My reading of the dire warnings about enabling
> the invoker servlet 
> >>>lead me to believe that I should not do so in a
> production environment.
> >>>However, this is a development environment, and I
> don't want to have 
> >>>to modify a web.xml file every time I create a
> new Servlet class.  Am 
> >>>I reading this wrong?
> >>>
> >>>As to the problem - my servlet was in package
> "elsewise.ui.user" (not
> >>>"ui.user") and my class file was in the directory
> you specified.
> >>>
> >>>I just tried moving the class tree down one
> level:
> >>>
> >>>
>
webapps/elsewise/WEB-INF/classes/elsewise/ui/user/LoginServlet.class
> >>>
> >>>and changed the form tag to:
> >>>
> >>> action="servlet/elsewise/ui/user/LoginServlet"
> method=POST>
> >>>
> >>>I got a simi

Re: how to get help if no answer from this list?

[Mark Eggers]

Dr. Exner,

It helps to understand classloading in Tomcat.  I just
got Axis up and running on the following system.

Windows/2000 Professional
Java JDK 1.5.0_04
Tomcat 5.59

I will assume that this works the same on my Linux box
(Fedora Core 4) since Apache is great in making
cross-platform tools.

The reference in the Tomcat documentation you want is
the following:

http://localhost:8080/tomcat-docs/class-loader-howto.html

In particular, the following paragraph:

For classes and resources that must be shared across
all web applications, place unpacked classes and
resources under $CATALINA_BASE/shared/classes, or
place JAR files containing those classes and resources
under $CATALINA_BASE/shared/lib.

For my environment, this is what I did.

1) Downloaded axis-bin-1_3.zip

2) Unzipped it someplace convenient (C:\src\axis-1_3)

3) Copied the axis folder under webapps to my
$CATALINA_HOME\webapps

4) Ran the Axis Happiness Page and noted I needed the
following jars

a) activation.jar
b) mailapi.jar
c) xmlsec.jar

5) Read the instructions and picked up the jars from
the appropriate places.  The first two are from Sun,
and the last one is from Apache.

6) Dropped the jars in $CATALINA_HOME\shared\lib since
I expect to write multiple webapps with Axis

7) Stopped and restated Tomcat

The Axis Happiness Page now reports "happiness".

In general, if you need jars in a single web
application, put them in WEB-INF\lib of the webapp.

If you need to share libraries across all web
applications, put the jar in
$CATALINA_HOME\shared\lib.

If you need to have Tomcat use them as well (for
example, JDBC drivers to set up JNDI datasources),
then you put the jars in $CATALINA_HOME\common\lib
(see
http://localhost:8080/tomcat-docs/jndi-datasource-examples-howto.html)

Hope this helps.

/mde/

--- "Dr. Exner" <[EMAIL PROTECTED]> wrote:

> Thanks for this hint,
> 
> but it did not work. I copied the file into both
> directories but got the 
> same old error on startup.
> May be I did something wrong "from the beginning"?
> But there is not much to 
> configure with the self extracting exe file.
> 
> D. Exner
> 
> 
> - Original Message - 
> From: "Hadraba Petr" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" 
> Sent: Monday, February 20, 2006 11:28 AM
> Subject: Re: how to get help if no answer from this
> list?
> 
> 
> > Hi,
> >
> > did you try to copy the `activation.jar' in the
> common/lib/ (or
> > common/endorsed/ if newer version then in JRE)
> directory? This path is
> > _always_ included in the CLASSPATH by the startup
> scripts...
> >
> > I have there JDBC drivers, xalan, xerces (in the
> common/endorsed-) and
> > it works fine.
> >
> > And the second benefit of this directories is
> platform independence...
> > Simply you copy tomcat directory to UNIX or other
> Windoze with no
> > Control Panel hacking or other problems...
> >
> > PETR
> >
> >
> > On 2/20/06, Richard Schilling
> <[EMAIL PROTECTED]> wrote:
> >> Dr. Exner:
> >>
> >> Don't dismay.  Sometimes it takes this listserve
> of volunteers time to
> >> answer questions.
> >>
> >> You didn't mention what platform you're using,
> but it appears to be
> >> Windows - by you mentioning the Windows control
> panel.
> >>
> >> /WEB-INF/server-config.wsdd was created, but you
> should check it for
> >> settings appropriate for your installation.  If
> it was there to begin
> >> with you might check the path your shortcut
> executes Tomcat in.
> >>
> >> As for the .jar files not being found, you might
> want to try setting the
> >> path that Tomcat starts in in the shortcut link. 
> There's a place to
> >> indicate what directory to run the program from.
> >>
> >> Richard Schilling
> >> Cognition Group, Inc.
> >> Seattle, WA
> >>
> >>
> >>
> >>
> >>
> >> Dr. Exner wrote:
> >> > Hi,
> >> >
> >> > for a course including a short introduction and
> demo on web services I
> >> > have to decide, whether to base it on
> java/tomcat/axis or on C#/.NET.
> >> > Because I'm using xerces-j already in this
> course (and for some other
> >> > reasons), I preffered the java solution.
> However, I hang with the test
> >> > installation and I got no answer to my question
> from this list. Is 
> >> > there
> >> > another chance for support with tomcat/axis or
> is C#/.NET the solution
> >> > to my aim?
> >> >
> >> > The question was:
> >> > 
> >> > with both, the preconfigured version from
> >> > jakarta-tomcat-5.5.9-preconfigured.zip and the
> installation from
> >> > apache-tomcat-5.5.15.exe I get the following
> startup messages:
> >> >
> >> > - "Unable to find config file.  Creating new
> servlet engine config 
> >> > file:
> >> >   /WEB-INF/server-config.wsdd"
> >> > - "Unable to find required classes
> (javax.activation.DataHandler and
> >> >   javax.mail.internet.MimeMultipart). ..."
> >> >
> >> > However, the activation.jar (from jaf-1.0.2) is
> included in the
> >> > CLASSPATH (via Windows Control Panel) correctly
> and a test
> >> > applicatio

Re: users Digest 20 Feb 2006 20:29:12 -0000 Issue 6230

[Mark Eggers]

You might try using existing environment variables.

%HOMEPATH% is the user's home path, but they might not
like having temporary files stuffed into their
Documents and Settings directory.

Maybe "%HOMEPATH%\My Documents" wouldn't be too bad.

Or, you could use the TMP or TEMP environment
variable.

Just type:

set

at a command prompt to see what environment variables
are available to use.

Finally, if you do use one of those environment
variables, it might be nice to rewrite the batch file
so that it creates a subdirectory if one doesn't
exist.

Cleaning up when you shut down would also be nice.

Just some thoughts - I'm not much of a Windows person.

/mde/


--- Alexander E Genaud <[EMAIL PROTECTED]> wrote:

> Thanks for the reply George,
> 
> Scratch directories are not a problem. I am able to
> set the
> workDir="C:\mywork". However, this is not generic
> enough. I've tried
> workDir="~/mywork", but that simply places a
> directory named "~" in
> CATALINA_HOME.
> 
> You suggest creating a CatalinaBase directory. And
> that makes sense to cover
> all the output (work, logs, etc). But the question
> remains; Can I set
> CATALINA_BASE to a generic location (such as the
> user home directory or the
> OS temp space)?
> 
> Thanks in advance,
> Alex
> 
> - Forwarded message --
> From: "George Sexton" <[EMAIL PROTECTED]>
> To: "'Tomcat Users List'" 
> Date: Mon, 20 Feb 2006 11:24:46 -0700
> Subject: RE: Tomcat running from CDROM
> Since the spec requires some directories (work, tmp)
> be writable this won't
> work. The best solution would be to create a stub
> "CatalinaBase" directory
> and put on the workstation in the temp directory,
> and then set CatalinaHome
> to the CDROM and run it that way.
> 
> 
> 
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> > Behalf Of Alexander E Genaud
> > Sent: Monday, February 20, 2006 3:07 AM
> > To: users@tomcat.apache.org
> > Subject: Tomcat running from CDROM
> >
> > Hello,
> >
> > I am attempting to place a web application on a
> CDROM,
> > without requiring further installations by the end
> user.
> > Does anyone have experience doing this?
> >
> > I have been playing with Tomcat and Jetty,
> > but have been most satisfied with Tomcat.
> >
> > Is it possible to make Tomcat run readonly
> > (disable temporary files, scratch directories, or
> logs),
> > or to redirect those written files to the
> > operating system's default temp/scrath area?
> >
> > I have tried to create a Context,
> > but fail to understand where to put the Context
> node
> > (filename nor directory).
> >
> > Modifying the system.xml Host (line 216) was
> successful:
> >
> > ...
> >  >   unpackWARs="true"
> or_rather_unpackWARs="false"
> >   autoDeploy="true"
> >   xmlValidation="false"
> xmlNamespaceAware="false"
> > workDir="myworkdir" or_workDir="C:\myworkdir">
> > ...
> >
> > However, I would need to set something more
> generic
> > (for Unix, Mac OS X, and Windows)
> > such as workDir="$SYSTEM_TEMP_DIR/myworkdir".
> > Is that possible?
> > I expect the same can be done for the Logger(s).
> > Is there anything else that gets written during
> runtime?
> >
> > Thanks in advance,
> > Alex
> >
> > Please send your reply to:
> > ( lx at pobox point com )
> >
> > ===
> >
> > For completeness and posterity:
> >
> > I've converted all JSP's to Servlets,
> > removed all but my webapp, balancer, and static
> pages, and
> > run Tomcat from an alternate JRE (rather than JDK)
> on disk.
> >
> > I have placed a Context in server.xml (line 144)
> to no effect:
> >
> > ...
> >  debug="0">
> >  >
> > ...
> >
> > Anywhere else and Tomcat may fail to start.
> >
> >
> >
> > --
> > Alex
> > --
> > Those who can make you believe absurdities can
> make you
> > commit atrocities
> > -- Fran�ois Marie Arouet (Voltaire)
> > http://cph.blogsome.com
> > http://genaud.org/alex/key.asc
> > --
> > CCC7 D19D D107 F079 2F3D BF97 8443 DB5A 6DB8 9CE1
> >
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Sad: Tomcat 5.5.x crashes almost every single day.

[Mark Eggers]

> enableLookups="true" redirectPort="8443" />

Why enableLookups="true" ???

Also, Cocoon can be very resource-intensive depending
on which blocks you've built.

JSP under Cocoon 2.1.7 and JDK 1.5 is also
problematic, see for example:

http://issues.apache.org/jira/browse/COCOON-1457

I have some ideas as to how to approach this, but I've
not had the time to investigate.

/mde/

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Sad: Tomcat 5.5.x crashes almost every single day.

[Mark Eggers]

I'm confused - but wouldn't an enableLookups on the
AJP connector return the hostname of the remote Apache
server sending the request (and not the remote web
client)?

I don't know since I'm at work, and I always disable
enableLookups since it's a potential performance hit.

/mde/

--- Tomasz Nowak <[EMAIL PROTECTED]> wrote:

> Mark Eggers <[EMAIL PROTECTED]> wrote:
> >
> > > enableLookups="true" redirectPort="8443" />
> > 
> > Why enableLookups="true" ???
> 
> I use request.getRemoteHost in couple of places.



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Invoker servlet

[Mark Eggers]

For a general view:

http://tomcat.apache.org/tomcat-5.5-doc/appdev/deployment.html

For an example web.xml file:

http://tomcat.apache.org/tomcat-5.5-doc/appdev/web.xml.txt

For the specification:

http://www.jcp.org/aboutJava/communityprocess/final/jsr053/

Basically you need to define your servlets in the qwb
application's web.xml as  elements.
 You then need to use
 elements to map
the servlet definitions to URL patterns.

/mde/
--- "Devireddy, Nagendra Reddy (STSD)"
<[EMAIL PROTECTED]> wrote:

> Hi Doug,
> Thanks for your reply.
> I have uncommented that servlet in web.xml
> Will it cause any harm ??
> 
> Thanks 
> 
> -Original Message-
> From: Parsons Technical Services
> [mailto:[EMAIL PROTECTED]
> 
> Sent: Wednesday, March 08, 2006 6:04 PM
> To: Tomcat Users List
> Subject: Re: Invoker servlet
> 
> Do a search on servlet mapping. It will go in your
> web.xml.
> 
> Doug
> 
> 
> - Original Message -
> From: "Devireddy, Nagendra Reddy (STSD)"
> <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: "Tomcat Users List" 
> Sent: Wednesday, March 08, 2006 12:57 AM
> Subject: RE: Invoker servlet
> 
> 
> Hi Wendy,
>  
> Thanks for your reply.
> So it may lead to some security problems.
> How can I avoid this ?
> 
> Any document/link will be of great help.
> 
> Thanks, 
> Nagendra
> 
> -Original Message-
> From: Wendy Smoak [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, March 08, 2006 10:45 AM
> To: Tomcat Users List
> Subject: Re: Invoker servlet
> 
> On 3/7/06, Devireddy, Nagendra Reddy (STSD)
> <[EMAIL PROTECTED]> wrote:
> 
> > As per Our product documentation guideline I have
> uncommented invoker 
> > servlet. Will it lead to any security problems ??
> > By Default its commented in tomcat 5.x.
> 
> http://tomcat.apache.org/faq/misc.html#invoker
> 
> --
> Wendy
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 
> 
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Upgrade to Tomcat 5.5 has broken my jndi

[Mark Eggers]

Document link:

http://tomcat.apache.org/tomcat-5.5-doc/config/globalresources.html

>From the document:

The resources defined in this element are not visible
in the per-web-application contexts unless you
explicitly link them with  elements.

If you use a GlobalNamingResource element, you will
then have to use a  element in the
 element of server.xml.

I think you would then use the name attribute
specified in the  element in your
/WEB-INF/web.xml  or 
elements (specifically  or
).

I'm not at a machine where I can try this, but that's
my reading of the documentation.

Hope this helps.

/mde/

--- ALEX HYDE <[EMAIL PROTECTED]> wrote:

> Thanks for the help. 
>   
>   I seem to be able to get it working when I have a
> context file under my  web-app in the meta-inf
> directory. But I am still unable to properly 
> configure a global datasource. Here is my
> context.xml. very  standard:
>   
>   
>   
>   
>   
>type="javax.sql.DataSource"
> driverClassName="com.mysql.jdbc.Driver" 
>url="jdbc:mysql://localhost:3306/testdb"
> username="me" password="me"  maxActive="30"
> maxIdle="2000" maxWait="120"/>
>   
>   
> 
>   If I remove this and instead add this to
> server.xml
>   
>   
>auth="SERVLET" type="javax.sql.DataSource" 
> driverClassName="com.mysql.jdbc.Driver" 
> url="jdbc:mysql://localhost:3306/testdb"
> username="me" password="me"  maxActive="30"
> maxIdle="2000" maxWait="120"/>
>   
>   
>   It no longer finds the datasource. My web.xml
> looks like this:
>   
>   
>   JNDI Test
>   
>Welcome to JNDI
>
>   
>   hello 
>   jdbc/testdb
>   javax.sql.DataSource
>   SERVLET 
>   
>   
>   
>   I tried this, but it is failing to parse:
>   
>   
>   JNDI Test
>   
>Welcome to JNDI
>
>   
>   hello 
>  
> jdbc/testdb
>  
> javax.sql.DataSource
>   
>   
>   
>   Any input would be great. Thanks alot.
>   
> [EMAIL PROTECTED] wrote:  Follows is to do:
> 
> extract your Resource section from server.xml and
> copy to context.xml. I did the same and my jndi
> works very fine.
> 
> György 
> 
> 
> "Tomcat Users List"  schrieb am 07.03.06 22:58:18:
> > 
> > here are the docs
> >
>
http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html
> > 
> > I don't see them declare the "factory" attribute
> in 5.5, you didn't tell 
> > us what version you were on
> > 
> > Filip
> > 
> > ALEX HYDE wrote:
> > > Hi All,
> > >
> > > I've seen this one all over the user group but I
> seem
> > > to have come to a dead end with this. I have
> upgraded
> > > from tomcat 4 to 5 and I can't seem to get my
> app
> > > working again. 
> > >
> > > The part that has broken is the jndi datasource
> > > look-up. I notice that I'm definitly not the
> first to
> > > experience this problem. Perhaps things might
> have
> > > been made a bit clearer. I thought I had set
> things up
> > > correctly. I have extracted my old context from
> > > server.xml and added it under my web app
> context. 
> > >
> > > 
> > > debug="0" reloadable="true"
> > > crossContext="true">
> > >
> > >   
> > > type="javax.sql.DataSource"
> > >  maxActive="10" maxIdle="7" maxWait="5"
> > > driverClassName="com.mysql.jdbc.Driver"
> > >  url="jdbc:mysql://localhost:1521/testdb"
> > > username="user1" password=""
> > >
>
factory="org.apache.commons.dbcp.BasicDataSourceFactory"
> > >  />
> > >
> > > I now have this error where it had been working
> in
> > > version 4. 
> > >
> > > org.apache.tomcat.dbcp.dbcp.SQLNestedException:
> Cannot
> > > create JDBC driver of cla
> > > ss '' for connect URL 'null'  
> > >
> > > Thanks for your help.
> > >
> > >
> > >   
> > >
>
___
> 
> > > Win a BlackBerry device from O2 with Yahoo!.
> Enter now. http://www.yahoo.co.uk/blackberry
> > >
> > >
>
-
> > > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > >
> > >   
> > 
> > 
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > 
> 
> -- 
> Mit freundlichen Grüßen
> 
> Dr. György Kelemen
> Email: [EMAIL PROTECTED]
> Mobil: 0173 534 5668
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 
> 
>   
> -
> To help you stay safe and secure online, we've
> developed the all new Yahoo! Security Centre.


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---

Re: Tomcat taking too long to cycle through and come back up

[Mark Eggers]

More detail is definitely needed.  In particular, you
might look at what has changed in the application (not
just the context file).

Also, what else has changed in the environment?

Typically, questions such as 1) "this used to work,
but now it doesn't" and 2) "there must be a bug in
Tomcat" don't get answered.

1) Computer performance changes for a reason.  Even if
the reason is not well-understood, the performance
changes for a reason.  Tracking change in an
environment is the key to understanding sudden
behavior changes.  Good system configuration
management, software release management, software
configuration management, and change management
processes are required.

2) Many questions of this ilk have to do with not
understanding the Tomcat documentation.  Tomcat
documentation is typical of complex software
documentation.  This type of documentation is
"descriptive" documentation as opposed to "task"
documentation.  Even though the Tomcat documentation
does try to contain some tasks, most of the material
is descriptive. This places the responsibility of
creating tasks on the user.

In short, in order to use Tomcat you will need to
spend some time organizing the descriptive
documentation into task documentation suited for your
specific task.  This requires more understanding of a
software package than just plug and play.

As far as your particular problem goes, I would use
the following steps to investigate.

a) Determine the last known time a Tomcat restart was
accomplished in a reasonable amount of time (define
reasonable).

b) Note ALL changes to the environment that have been
made since that time.  These changes include (but are
not limited to):
i)   Application changes
ii)  Server changes
iii) Changes to the program that interface to the 
 application
iv)  Network changes

Test each change (one by one if possible).  That which
is left, even if not understood is the problem.

If you're looking for a quick fix to a general problem
like this, there is none that I know of.

Again, in the future good change and configuration
management along with a careful recording of metrics
will make performance problem resolution much easier.

Just my two cents . . . .

/mde/

> >-Original Message-
> >From: Biernesser, Beth 
> >Sent: Tuesday, March 14, 2006 7:33 AM
> >To: 'Tomcat Users List'
> >Subject: Tomcat taking too long to cycle through
> and come back up
> >
> >Does anyone have any idea why tomcat would take 13
> minutes to cycle
> >through and come back up?  The process gets stuck
> on this line:
> >
> >INFO: Processing Context configuration file URL
>
>file:/usr/local/tomcat-5.0.25/conf/Catalina/localhost/appname.xml
> >
> >I really didn't think the process was going to come
> back up, but it
> >finally did.  However, I need to figure out what is
> taking all of the
> >time to try to eliminate it.  Has anyone run into
> this problem?
> >
> >P.S. the context file (appname.xml file) has not
> been modified since
> >it's implementation, and we have only experienced
> this problem recently.
> >Before, the tomcat process would typically take
> only a few minutes to
> >process and come back up.  Thanks for any
> ideas/suggestions/help!
> >
>
>-
> >To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >  
> >
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to reduce bandwidth (meaning message size) with Axis

[Mark Eggers]

XML-RPC and SOAP serve two different areas, but you
might be able to cajole XML-RPC to accomplish what you
want.

. . . just some random thoughts while reading other
documentation.

/mde/

--- David Kerber <[EMAIL PROTECTED]> wrote:

> Are there any adjustments I  can do to my Axis
> settings to reduce the 
> bandwidth usage on my SOAP requests?  In particular,
> I would like to 
> know how I can get rid of the 
>
"xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"";
> items in the 
> argument elements.  I'm using the minimum call
> settings, letting handle 
> as much of it as possible automatically.  If I need
> to set some 
> parameters in code, that's fine, but please tell me
> which ones.  My full 
> SOAP request for a test run is below.
> 
> The reason this is an issue is that this is an
> automated data collection 
> system working over a WAN.  Right now, we get about
> 800,000 data records 
> per day, and are only about 20% deployed for one
> customer.  BW is going 
> to be a significant issue as we continue to roll
> this out.
> 
> Thanks!
> Dave
> 
> 
> 
> 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> 
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> 
> 
> 
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";
> 
>
xmlns:ns1="http://localhost:8081/axis/EddService.jws";>
> 
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
> 1234501
> 
> 
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
> 2/2/2
> 
> 
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
> Wed Mar 15 16:44:57 EST 2006
> 
> 
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
> This is the data line
> 
> 
> 
> 
> 
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: TomCat + mod_jk performance

[Mark Eggers]

There are lots of reasons to run Apache in front of
Tomcat, and lots of reasons not to.

This just depends on your use cases and web site.

At any rate, here's one way to find out in your case
if the Apache --> ajp13 --> Tomcat process is your
bottleneck.

1. Get jmeter at http://jakarta.apache.org/jmeter/
2. Design and run tests against your web site as:
   http://yourhost/yoursite/
3. Design and run test against your web site as:
   http://yourhost:8080/yoursite/

Caveats
1. Your static content will have to be available to 
   Tomcat
2. Tomcat will have to run the http connector on 8080 
   (or another port - check server.xml)
3. You will have to be able to connect to your web 
   site on the port listed in caveat 2.

just some random thoughts . . . .

/mde/


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: help please?

[Mark Eggers]

http://www.wickedlysmart.com/HeadFirst/HeadFirstDesignPatterns/HeadFirstPatternsIndex.html

Grab the examples.  I think the last ones have a full
blown MVC example.  One uses Spring and one is coded
plain.

Of course, any prof worth his or her salt is going to
both read this mailing list and know the online
examples . . . so please use 'em as templates, not
verbatum.

BTW, I've found the Head First series of books to be
really good.  They're more conversational than more
traditional texts, which may help some people to learn
more easily.

I'll skip the editorializing . . . except to say that
a little bit of scheduling might help in the future.

Oh - and a day without sleep is not necessarily a bad
thing.

Just my two cents . . . .

/mde/
--- Asegid Debebe <[EMAIL PROTECTED]> wrote:

> Do you have any suggestion, David?
> 
> Thanks,
> 
> 
> On 3/27/06, David Kerber <[EMAIL PROTECTED]>
> wrote:
> >
> > Waited a bit too long to start your homework, did
> you?  ;-)
> >
> > Asegid Debebe wrote:
> >
> > >Dear all,  I really need to complete a very
> "simple" web application
> > which
> > >demonstrate the MVC architecture fully. I would
> love to do it myself from
> > >scratch but given the time I have, I can't!. I
> really appreciate if
> > someone
> > >can point me where I can find a very simple
> implementation of MVC using
> > >Servlet, JSP on tomcat platform. I promise I will
> never ask such a
> > question
> > >and take your worthy time in the future. I really
> don't have time!! have
> > to
> > >submit it in 24 hours!!
> > >
> > >please?
> > >
> > >Regards,
> > >
> > >Asegid
> > >
> > >
> > >
> >
> >
> >
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Site Configuration on 5.5.15 Pt 2

[Mark Eggers]

There are probably a couple of things going on here.

On the name, do you really need Tomcat
to respond to the host name of www?  You probably just
want Tomcat to respond to www.theuniquepear.com and
theuniquepear.com.  I don't think the
www is necessary.

It looks like www.theuniquepear.com is a CNAME for
theuniquepear.com.  A CNAME is resolved to the
underlying name, so I think the resolution goes like
this:

a) www.theuniquepear.com is a CNAME for 
   theuniquepear.come
b) theuniquepear.com is used to get the address

Google comes back with theuniquepear.com in its search
results.

Instead of a CNAME, you could use a separate A record
to resolve www.theuniquepear.com to your web site. 
That still would leave you with a certificate problem
if someone entered theuniquepear.com in the browser
address bar.

Maybe reversing the CNAME entries is what you need. 
In other words:

www.theuniquepear.com IN A 66.128.124.198
theuniquepear.com IN CNAME www.theuniquepear.com

That would get Google to return www.theuniquepear.com
in irs search results. There would still be a
certificate issue if someone typed theuniquepear.com
in the browser address bar.

Some thoughts on a solution:

a) Not respond to theuniquepear.com as a web site.
b) Virtual host that responds to theuniquepear.com 
   consisting of a single page with a redirect to 
   www.theuniquepear.com.

Just some random thoughts . . . .

/mde/

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL not working on Tomcat

[Mark Eggers]

Did you try this with Firefox?  IE has some problems
with no-cache in the header or as a pragma.  Later
versions of Tomcat 5.5 set this.

There is a mailing list thread concerning this:

http://marc.theaimsgroup.com/?t=11180675668&r=1&w=2

along with some solutions.

Hope this helps.

/mde/
just my two cents . . . .

--- Michael Casale <[EMAIL PROTECTED]> wrote:

> Howdy all,
> 
> I'm struggling through setting up Tomcat with SSL on
> a Windows 2003
> server, and even when I get the server running, with
> no errors in the
> logs when restarting the tomcat service, all I get
> is a "Page Not Found"
> error when I point to the ssl port on the server.
> Pointing to the
> default connector on port 8080 works fine.
> 
> Here's a little background:
> 
> 1.Using keytool, I created a certificate request,
> sent it off to
> Geotrust, and purchased a cert to import. It was
> emailed to me. 
> 2.Following the recommendations of geotrust
>
(http://www.geocerts.com/support/install/install_tomcat.php
> ) , I
> downloaded their root cert, imported it, converted
> their cert to DER
> format (on a separate Linux box), and imported it
> into the keystore.
> 3.I restarted the Tomcat service with no errors,
> see the connector
> started on port 8443:
> 
> Nov 7, 2006 4:55:35 PM
> org.apache.coyote.http11.Http11BaseProtocol init
> 
> INFO: Initializing Coyote HTTP/1.1 on http-8080
> 
> Nov 7, 2006 4:55:35 PM
> org.apache.coyote.http11.Http11BaseProtocol init
> 
> INFO: Initializing Coyote HTTP/1.1 on http-8443
> 
> Nov 7, 2006 4:55:35 PM
> org.apache.catalina.startup.Catalina load
> 
> INFO: Initialization processed in 812 ms
> 
> Nov 7, 2006 4:55:35 PM
> org.apache.catalina.core.StandardService start
> 
> INFO: Starting service Catalina
> 
> Nov 7, 2006 4:55:35 PM
> org.apache.catalina.core.StandardEngine start
> 
> INFO: Starting Servlet Engine: Apache Tomcat/5.5.12
> 
> Nov 7, 2006 4:55:35 PM
> org.apache.catalina.core.StandardHost start
> 
> INFO: XML validation disabled
> 
> Nov 7, 2006 4:55:36 PM
> org.apache.coyote.http11.Http11BaseProtocol start
> 
> INFO: Starting Coyote HTTP/1.1 on http-8080
> 
> Nov 7, 2006 4:55:36 PM
> org.apache.coyote.http11.Http11BaseProtocol start
> 
> INFO: Starting Coyote HTTP/1.1 on http-8443
> 
> Nov 7, 2006 4:55:37 PM
> org.apache.jk.common.ChannelSocket init
> 
> INFO: JK: ajp13 listening on /0.0.0.0:8009
> 
> Nov 7, 2006 4:55:37 PM org.apache.jk.server.JkMain
> start
> 
> INFO: Jk running ID=0 time=0/31  config=null
> 
> Nov 7, 2006 4:55:37 PM
> org.apache.catalina.storeconfig.StoreLoader load
> 
> INFO: Find registry server-registry.xml at classpath
> resource
> 
> Nov 7, 2006 4:55:37 PM
> org.apache.catalina.startup.Catalina start
> 
> INFO: Server startup in 1203 ms
> 
> Now, opening any page on the server at
> http://servername:8080
>   works fine, but
> https://servername:8443
>   doesn't work. All ports
> are opened through
> the firewall, etc. Same for https://localhost:8443
>  .
> 
> Here is the server.xml file entry for the connector:
> 
> 
className="org.apache.coyote.tomcat5.CoyoteConnector"
> 
>   port="8443" minProcessors="5" maxProcessors="20"
> 
>   enableLookups="true" disableUploadTimeout="true"
> 
>   acceptCount="100" debug="0" scheme="https"
> secure="true"
> 
>   sslProtocol="TLS"
> 
>   keystoreFile="c:\files\tomcat"
> 
>   keystorePass="THEPASS"/>
> 
>  
> 
> According to the Tomcat SSL documentation, I need to
> have the root cert
> and the purchased cert in the keystore file, and I
> need to use the
> keyAlias to tell Tomcat which one to use. But
> whenever I add in the
> keyAlias entry it gives me the "Alias name tomcat
> does not identify a
> key entry" error in the logs. 
> 
> If I could find out how to enable better logging I
> may be able to
> troubleshoot this further.




 

Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Virtual Hosts [mostly solved]

[Mark Eggers]

You may find that the default host loads all of the
web applications.

In order to solve this, make sure that each of the
contexts are not some subdirectory of another context.






You can use an absolute path to place this structure
outside of your Tomcat installation.  For large
structures I think this is nice, because then you can
upgrade Tomcat without disturbing your applications. 
Cutover would involve installing a parallel Tomcat,
modifying server.xml. shutting down the old version,
and starting up the new version.  If the new version
failed, recovery is just shutting down the new version
and starting up the old version.

If you want a one-stop place for all of your web
applications, please ignore this comment.

For a root context, I usually set up an
application.xml file in conf/Catalina// with
the appropriate path="" in the Context element, or a
context.xml file in the web application's META-INF
directory with the same context information.

Once you separate each of the virtual hosts so that
subdirectories don't overlap, I think you will find
that multiple manager applications work.  The manager
application will then be specific to the virtual host,
and you'll have to access that manager application by
going to the specific virtual host (ie,
http://:8080/manager/html)

HTH

/mde/
. . . . . just my two cents

--- "Gormley, Josh" <[EMAIL PROTECTED]> wrote:

> With the help of several people on this list, I've
> been able to get my
> server configured [mostly] the way I wanted it
> configured.  Here's my
> solution, hopefully it will be helpful to others
> 
> Goals:
>   * One instance of Tomcat running behind Apache
>   * Multiple VirtualHosts, each pointing to its own
> Tomcat webapp
>   * The ability to hot-deploy an app without
> affecting the other apps
>   * Minimal or no modifications required to
> server.xml for additional
> hosts
>   * A solution that is maintainable and is not a
> hack
> 
> Solution:
>   * Apache with mod_jk
>   * Each domain has a .conf file at
> /etc/httpd/conf.d/vhosts
> * The conf file routes .do and .jsp files to
> tomcat using mod_jk
> JkMount /*.do router
> JkMount /*.jsp router
> * The VirtualHost declaration has the
> DocumentRoot set to the path
>   of the webapp
>   * Tomcat's server.xml file has a host declaration
> for each webapp 
> and a declaration for localhost (though that is
> not necessary)
> 
>  appBase="webapps/foo" />
>  appBase="webapps/bar" />
>  appBase="webapps/eggs" />
>   * Deploy a war file named ROOT.war to the correct
> appBase for each
> application.  This file must be named ROOT.war
>   * GOTCHA: I tried to also include the manager
> webapp for each of the 
> hosts by adding the manager.xml file to 
> $CATALINA_HOME/conf/Catalina/foo.mydomain.com/
> as described here
>
>
http://webtuitive.com/samples/virtual-hosting-howto.jsp
> but by having a context defined in this
> location, I was not able 
> to deploy my applications using Automatic
> Application Deployment
> as defined in the Tomcat docs.  I'm not sure why
> this doesn't work
> but by removing the manager.xml file, I am able
> to hot-deploy my
> apps.
> 
> This is working well for me, and that in itself
> makes me happy.  The 
> only things I'd like to improve upon are:
>   * Not having to modify server.xml directly. 
> According to the Tomcat
> docs, you shouldn't modify this file.  I'm not
> sure how to avoid 
> this.
>   * Being able to include the manager app for each
> host that I define.
> I
> was using ant's tomcat tasks to tie into the
> manager for deploying
> my apps, but now I have to scp the war file into
> the directory.
> This isn't the worst thing that could happen,
> but it seems like 
> there is a solution out there for this.
> 
> Anyway, thanks to everybody who helped out on this.
> 
> Josh Gormley
> 
> 
> 
> -Original Message-
> From: Mikolaj Rydzewski [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, December 28, 2006 9:34 AM
> To: Tomcat Users List
> Subject: Re: Virtual Hosts
> 
> Gormley, Josh wrote:
> > As a side question, is this possible to do without
> modifying the
> > server.xml file every time I want to add a new
> host?  I've read that
> > it's bad practice to modify the server.xml file
> much like it's bad
> > practice to modify the httpd.conf file in Apache. 
> In Apache, I have a
> > vhost directory with .conf files for each host --
> is there a similar
> > method to do this with Tomcat?
> >   
> There is a host-manager webapp which comes with
> Tomcat to allow adding 
> vhosts on the fly (I haven't used it, however). You
> will need user with 
> admin role in tomcat-users.xml to access it.
> 
> -- 
> Mikolaj Rydzewski <[EMAIL PROTECTED]>
> 
> 
> 
>
-
> To start a new topic, e-mail:
> users@tomcat.apache.org
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
>

RE: Newbie Installation Question

[Mark Eggers]

Tomcat comes as a binary.  Just download the binary
distribution.  See:

http://tomcat.apache.org/download-55.cgi#5.5.12

On linux, I normally create a special user for Tomcat
and make it a mamber of the same group that the user
that runs Apache is under.  This is www for Fedora
Core 4.

I usually install Java under /opt or /usr, and then
link the current Java version to /opt/java or
/usr/java.  I then put /opt/java/bin or /usr/java/bin
the path BEFORE /usr/bin, since Fedora Core 4 installs
GNU's Java.  This is not a bad thing, but setting up
the path in /etc/profile is a good thing.

Just a few thoughts.  I hope this gets you started.

/mde/

--- brown wrap <[EMAIL PROTECTED]> wrote:

> I had been trying to avoid actually building Tomcat,
> I
> was trying to use a Linux binary.




__ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: DST Issue

[Mark Eggers]

It's odd that you would have this issue on one server
and not the other.

By one hour off, do you mean the OS (as reported in
the task bar) or some application running in Tomcat?

If it's an application, then there is an issue with
tzupdater that was announced on the Sun site just a
few days before DST.

Here's the link:

http://java.sun.com/developer/technicalArticles/Intl/alert.html

I don't know why this would impact one of your systems
and not the other.

Another possibility could be that your production
Tomcat is not using the JRE/JDK that you think it is?

Again, both guesses are based on the assumption that
an application is showing the incorrect time, and not
the OS.

just my two cents . . . .

--- Will Holmes <[EMAIL PROTECTED]> wrote:

> Mark,
> 
>  I verified the time zone and the patch did apply
> because the time zone info says eastern daylight
> time instead of eastern standard time.
> 
> Anything else you can think of?  This is pretty
> strange!!
> 
> Thanks again!
> Will
> 
> -- Original Message
> --
> From: Mark Thomas <[EMAIL PROTECTED]>
> Reply-To: "Tomcat Users List"
> 
> Date:  Sun, 18 Mar 2007 20:44:44 -0400
> 
> >Will & Kim Holmes wrote:
> >> Hello all,
> >> 
> >>  Just wondered if anyone has had any problems
> with the DST change and
> >> Tomcat.  We are running JDK version 1.4.2.10 and
> Tomcat version 5.0.28. 
> >> I ran Sun's tzupdater DST tool, on our test and
> production servers,  and
> >> verified that it worked.  Our production server
> is one hour off.  I
> >> manually removed the DST change and re-ran the
> tzupdater tool but that
> >> didn't make any difference.  The weird thing is
> that our test server app
> >> has the correct time running the same version of
> Tomcat and JDK.  If you
> >> have any ideas please let me know.
> >
> >I'd check what your production server thinks the
> current timezone is.
> >Maybe the OS patch didn't take (was a reboot
> required?).
> >
> >It is also possible that in all the changes the
> clock got changed by
> >mistake. Check that the server has the right time
> for GMT.
> >
> >Mark
> >
>
>-
> >To start a new topic, e-mail:
> users@tomcat.apache.org
> >To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
>  
> 
> 
> 
> 
>

> Sent via the WebMail system at fmic.com
> 
> 
>  
>
> 
>
-
> To start a new topic, e-mail:
> users@tomcat.apache.org
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 



 

Finding fabulous fares is fun.  
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel 
bargains.
http://farechase.yahoo.com/promo-generic-14795097

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TCNative installation failed

[Mark Eggers]

I basically followed the same set of instructions for Tomcat 5.5.28 on Fedora 
11 for compilation. I use the stock Sun JRE / JDK (1.6.0_18 32 bit), and the 
stock Apache Tomcat 5.5.28 downloaded from tomcat.apache.org.

Compilation went normally, and I put the libraries (with symbolic links) into 
~/Apache/apache-tomcat-5.5.28/bin. I then tried the following four methods to 
load the native libraries.

1. -Djava.library.path set in CATALINA_OPTS in catalina.sh

CATALINA_OPTS="-Djava.library.path=/home/mdeggers/Apache/apache-tomcat-5.5.28/bin"

2. -Djava.library.path set in JAVA_OPTS in catalina.sh

JAVA_OPTS="-Djava.library.path=/home/mdeggers/Apache/apache-tomcat-5.5.28/bin"

3. export LD_LIBRARY_PATH=/home/mdeggers/Apache/apache-tomcat-5.5.28/bin

4. Placing the library in /usr/local/Sun/jre1.6.0_18/lib/i386/ (reported to be 
on the java.library.path)

In all four cases, the tcnative library failed to load. In the first two cases, 
the INFO message indicated that the library was not found in 
/home/mdeggers/Apache/apache-tomcat-5.5.28/bin. In the last two cases, the INFO 
message listed all directories in java.library.path

The same steps were used to build and deploy the tcnative libraries on Tomcat 
6.0.24. Configurations 1 and 3 from above were tried.

Both worked for Tomcat 6.0.24 as indicated by the INFO message:

INFO: Loaded APR based Apache Tomcat Native library 1.1.19.
Jan 21, 2010 5:48:15 PM org.apache.catalina.core..AprLifecycleListener init 
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], 
random [true].

There seems to be an issue with Tomcat 5.5.28 and the tcnative libraries.

I had a similar experience with Tomcat 5.5.28 under Windows/XP Professional 
(same version of JRE/JDK - obviously for Windows) and the binary download of 
the native libraries.

Tomcat 5.5.28 failed to load the libraries when an environment variable was set 
in catalina.bat.

Tomcat 6.0.24 worked with the native libraries (at least they loaded), but on 
shutdown I received the following SEVERE error.

Jan 21, 2010 2:16:09 PM org.apache.tomcat.util.net.AprEndpoint$Acceptor run
SEVERE: Socket accept failed
org.apache.tomcat.jni.Error: A blocking operation was interrupted by a call to 
WSACancelBlockingCall.  
at org.apache.tomcat.jni.Socket.accept(Native Method)
at 
org..apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:
1156)
at java.lang.Thread.run(Thread.java:619)

I guess it's time to set up debug logging on Tomcat and see if I can figure out 
what's going on.

Any thoughts before I wade into megabytes of logs would be appreciated.

/mde/

--- On Tue, 1/19/10, Christopher Schultz  wrote:

> From: Christopher Schultz 
> Subject: Re: TCNative installation failed
> To: "Tomcat Users List" 
> Date: Tuesday, January 19, 2010, 10:57 AM
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Nikolay,
> 
> On 1/19/2010 9:59 AM, Nikolay Diulgerov wrote:
> > I followed this instruction (http://tomcat.apache.org/native-doc/),
> > installed all the required packages for the
> compilation of TCNative
> > (1.1.19),
> > 
> > The configuration, compilation and installation went
> OK.
> 
> Great!
> 
> > Now in my $CATALINA_HOME/lib folder I have
> 
> Where does CATALINA_HOME point?
> 
> > LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib
> > export LD_LIBRARY_PATH
> 
> That looks good.
> 
> > But when I start tomcat, it seems tcnative library
> cannot be found (so
> > not loaded).
> > 
> > Jan 19, 2010 9:54:13 AM
> org.apache.catalina.core.AprLifecycleListener
> > lifecycleEvent
> > 
> > INFO: The Apache Tomcat Native library which allows
> optimal performance
> > in production environments was not found on the
> java.library.path:
> >
> /appsrv/jdk1.6.0_16/jre/lib/amd64/server:/appsrv/jdk1.6.0_16/jre/lib/amd
> >
> 64:/appsrv/jdk1.6.0_16/jre/../lib/amd64::/appsrv/tomcat/lib:/usr/java/pa
> > ckages/lib/amd64:/lib:/usr/lib
> 
> Is CATALINA_HOME set to "/appsrv/tomcat"? If so, then your
> LD_LIBRARY_PATH appears to be set correctly, which is
> good.
> 
> > Now in my $CATALINA_HOME/lib folder I have
> > 
> > drwxr-xr-x  3 niki niki    4096
> 2010-01-19 09:05 .
> > drwxr-xr-x 13 niki niki    4096 2010-01-19
> 08:43 ..
> > -rw-r--r--  1 niki niki 1574152 2010-01-19 09:05
> libtcnative-1.a
> > -rwxr-xr-x  1 niki niki 
>    911 2010-01-19 09:05 libtcnative-1.la
> > lrwxrwxrwx  1 niki niki      23
> 2010-01-19 09:05 libtcnative-1.so ->
> libtcnative-1.so.0.1.19
> > lrwxrwxrwx  1 niki niki      23
> 2010-01-19 09:05 libtcnative-1.so.0 ->
> libtcnative-1.so.0.1.19
> > -rwxr-xr-x  1 niki niki  889278 2010-01-19
> 09:05 libtcnative-1.so.0.1.19
> > drwxr-xr-x  2 niki niki    4096
> 2010-01-19 09:05 pkgconfig
> 
> The file libtcnative-1.so should be all you need (well,
> plus the file to
> which it points). Everything you have done looks correct. I
> have a few
> possibilities I can think of:
> 
> 1. Your tcnative library doesn't match the architecture of
> the JVM
>    

Re: TCNative installation failed

[Mark Eggers]

Bingo and thanks.

Note to the impatient (me) - Bugzilla is your friend..

Thanks again,

/mde/

--- On Thu, 1/21/10, Konstantin Kolinko  wrote:

> From: Konstantin Kolinko 
> Subject: Re: TCNative installation failed
> To: "Tomcat Users List" 
> Date: Thursday, January 21, 2010, 7:12 PM
> 2010/1/22 Mark Eggers :
> >(...)
> > In all four cases, the tcnative library failed to
> load. In the first two cases, the INFO message indicated
> that the library was not found in
> /home/mdeggers/Apache/apache-tomcat-5.5.28/bin. In the last
> two cases, the INFO message listed all directories in
> java.library.path
> >
> > The same steps were used to build and deploy the
> tcnative libraries on Tomcat 6.0.24. Configurations 1 and 3
> from above were tried.
> >
> > Both worked for Tomcat 6.0.24 as indicated by the INFO
> message:
> 
> Ah, 5.5.28.  There is
> https://issues.apache.org/bugzilla/show_bug.cgi?id=47712
> 
> Best regards,
> Konstantin Kolinko
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat dies suddenly

[Mark Eggers]

Carl,

A couple of random thoughts . . .

I'm not familiar with the Slackware monitoring tools, but I am with the various 
tools that come with Fedora / Redhat. One of the things that I've noticed with 
those GUI tools is that they add cache and buffers to the free memory total.

Tools like top and vmstat should give a more complete picture of your memory. 
With vmstat you can watch free, cache, buffers, and swap conveniently. With 
top, you can actually do a command line monitor and watch a particular PID.

From the taroon-list: If you're running a 32 bit Linux and run out of low 
memory, it doesn't matter how much high memory you have, the OOM killer will 
start killing processes off. Since you're running a 64 bit Linux, this should 
not be the problem.

A discussion on stackoverflow.com may be more relevant to your situation. It 
turns out (according to the discussion) that calling 
Runtime.getRuntime().exec() on a busy system can lead to transient memory 
shortages which trigger the OOM killer.

If Runtime.getRuntime().exec() or similar calls do not exist in your 
application, then please skip the following speculation. I've made some 
comments concerning host resolution at the end of this message which might be 
helpful.

If Runtime.getRuntime().exec() is used, the scenario goes like this:

1. call Runtime.getRuntime().exec()
2. fork() gets called and makes a copy of the parent process
3. System runs a different process
   At this point you have two processes with largish memory requirements
   At this point the OOM killer may get triggered
4. exec() gets called on the child process and memory requirements go back down.

At least that's how I read the this reference:

http://stackoverflow.com/questions/209875/from-what-linux-kernel-libc-version-is-java-runtime-exec-safe-with-regards-to-m

Since processes that fork a lot of child processes are high on OOM killer's 
kill list, Tomcat gets killed.

See for example: 
http://prefetch.net/blog/index.php/2009/09/30/how-the-linux-oom-killer-works/

As to why it would happen on the newer production systems and not the older 
system, my only idea concerns the version of the kernel you're using. Memory 
management has been significantly reworked between the 2.4 and 2.6 kernels. If 
you use a 2.4 kernel on your older system, this could explain some of the 
differences with memory allocation.

So, if Runtime.getRuntime().exec() is used, what are some possible solutions?

1. Reducing Xms, Xmx while adding physical memory

If you do this, then the fork() call without the exec() being called directly 
afterwards won't be as expensive. Your application will be able to serve more 
clients without potentially triggering the OOM killer.

Garbage collection may be an issue if this is done, so tuning with JMeter is 
probably a good idea.

2. Create a lightweight process that forks what Runtime.getRuntime().exec() 
calls and communicate with the process over sockets.

This is pretty unpleasant, but you might be able to treat this as a remote 
process server. You could then end up using a custom object, JNDI lookups, and 
pooling, much like database pooling.

As I've said, this is all based on an assumption that the application is 
requesting a transiently large amount of memory caused by 
Runtime.getRuntime().exec() or other similar action. If this is not the case, 
then the above arguments are null and void.

DNS Thoughts

As for the ideas concerning DNS - I've never seen DNS issues actually take down 
an environment. However, I've seen orders of magnitude performance issues 
caused by poorly configured DNS resolution and missing DNS entries.

One way to test DNS performance issues is to set up a client with a static IP 
address, but don't put it in your local DNS. Then run JMeter on this client and 
stress your server. Finally, add the client into DNS and stress your server 
with JMeter. If you notice a difference, then there are some issues with how 
your server uses host resolution.

Make sure that nonexistent address resolution services (nisplus, nis, hesiod) 
are not listed as sources on the host line in /etc/nsswitch.conf (or wherever 
Slackware puts it). At least put a [NOTFOUND=return] entry after dns but before 
all the other services listed on the hosts: line of the nsswitch.conf file.

So, here's a summary to all of this rambling:

1. Monitor memory with vmstat and top to get a better picture of the 
   system memory
2. If Runtime.getRuntime().exec() is used, then transient memory 
   allocations could trigger the OOM killer on a busy system
3. Make sure host resolution works properly, and turn it off in server.xml

OK, enough rambling - hope this is useful.

/mde/

--- On Wed, 2/3/10, Carl  wrote:

> From: Carl 
> Subject: Re: Tomcat dies suddenly
> To: "Tomcat Users List" 
> Date: Wednesday, February 3, 2010, 5:07 PM
> Chris,
> 
> Interesting idea.  I tried over the weekend to force
> that situation with JMeter hitting a simple jsp that did
> some data stuff a

Re: Mod_JK connector configuration Error

[Mark Eggers]

apxs gets configuration information for apr and apr-utils, and httpd among 
other things. It does this by using pkg-config to find the libdir for apr, then 
prefixing that to httpd/build.

For example, pkg-config --variable=libdir apr-1 on my system returns

/usr/lib

Then apxs looks in /usr/lib/httpd/build for a file called config_vars.mk. One 
of the first variables it pulls up and tests is PREFIX (prefix in 
config_vars.mk),

If this doesn't work, then you'll get the message that you received.

What does /opt/dasyedib/apache/bin/apxs -q PREFIX return?

Is there a file config_vars.mk in PREFIX/httpd/build (where PREFIX is the value 
returned in the previous command)?

What are the values for the APR_ and APU_ variables at the bottom of the 
config_vars.mk file?

It sounds like your Apache utilities don't agree with your Apache httpd build / 
installation / configuration.

Just my two cents,

/mde/


--- On Wed, 2/3/10, daulat khan  wrote:

> From: daulat khan 
> Subject: Mod_JK connector configuration Error
> To: "Tomcat Users List" , us...@httpd.apache.org
> Date: Wednesday, February 3, 2010, 6:12 PM
> Hi,
> 
> i am hitting the following error while configuring mod_jk
> connector in
> solaris 10 machine. i am using sun studio tools for
> compiling.
> tomcat connector latest verson 1.2.28
> apache latest  verson 2.2.14
> and tomcat latest version 6.0.20
> 
> configure: error: You must specify a valid --with-apxs
> path
> 
> i am using the following statement while configuring
> 
> ./configure --with-apxs=/opt/dasyedib/apache/bin/apxs
> CFLAGS=-liconv
> 
> and this tried the below statement too
> 
> ./configure --with-apxs2=/opt/dasyedib/apache/bin/apxs
> CFLAGS=-liconv
> 
> Please help.
> 
> Thanks,
> Daulatkhan






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Parameters disappear from PUTs

[Mark Eggers]

As a quick check, can you go into /etc/init.d/tomcat6 and at around line 68 
you'll see:

TOMCAT_SECURITY=yes

If you're allowed to, change that line to:

TOMCAT_SECURITY=no

Then restart tomcat with:

../tomcat6 restart

Of course, you have to be root to do this.

On first glance, I don't see a security policy that would cause this. However, 
if you look at the Ubuntu bugs database, there are many instances of people 
complaining about the security manager being enabled by default.

Just my two cents  . . .

/mde/

--- On Wed, 2/3/10, c...@munat.com  wrote:

> From: c...@munat.com 
> Subject: RE: Parameters disappear from PUTs
> To: "Tomcat Users List" 
> Date: Wednesday, February 3, 2010, 10:43 PM
> OK, turns out my brother has
> wireshark installed. We ran it, and the
> packets are definitely getting to the server with the PUT
> params intact.
> So they arrive at the server, but they are missing from the
> output of the
> valve. Does this mean Tomcat is hosed?
> 
> I thought maybe I'd test 24 on my laptop, but macports is
> still at 20,
> too. Guess I'll have to do it the hard way.
> 
> >>> From: c...@munat.com
> [mailto:c...@munat.com]
> >>> Subject: Parameters disappear from PUTs
> >>>
> >>> When I load my app into Tomcat 6 (Ubuntu), the
> form submission works
> >>> perfectly if I use a POST: the params are
> definitely received. If I
> >>> use a PUT, it works, but the parameters are
> missing
> >>
> >> 1) Tell us your /exact/ Tomcat aversion, and
> whether it's a 3rd-party
> >> repackaged one or a real Tomcat from
> tomcat.apache..org.  (The Ubuntu
> >> flavor of Tomcat gives many people grief, albeit
> not with the symptoms
> >> you
> >> describe.)
> >
> > I don't actually have a Tomcat aversion, which is why
> I'm using it. (It's
> > more of an aversion to computers in general, I'd say.)
> But the Tomcat
> > version is 6.0.20-2ubuntu2.
> >
> >> 2) Tell us the /exact/ JVM version and vendor
> you're using.
> >
> > Looks like Sun JDK 6-15-1..
> >
> >> 3) Take a Wireshark or equivalent trace to verify
> that the parameters
> >> are
> >> being sent over the wire.
> >
> > Wireshark is kind of a bear to use and I'm not at the
> server. If I used
> > Live HTTP Header in Firefox and confirmed that the
> params are going out,
> > is that enough? Because I did and they are. The only
> difference in the
> > headers is that the POST header includes:
> >
> > Pragma: no-cache
> > Cache-Control: no-cache
> >
> >
> >> 4) Enable the Request Dumper Valve to see if the
> parameters are making
> >> it
> >> into Tomcat (but heed the warning about character
> encoding side
> >> effects):
> >> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Request%20Dumper%20Valve
> >
> > I did. If I POST the params are there. If I PUT, they
> are not, repeat,
> > not.
> >
> >> 5) Try the latest Tomcat 6.0.24 download and see
> if the problem
> >> persists.
> >> Note the following bug report:
> >> https://issues.apache.org/bugzilla/show_bug.cgi?id=37794
> >> which was corrected in 6.0.21.  It's for
> handling POST parameters, but
> >> might be related.
> >
> > Sadly, this is not currently possible. Apt-get is
> still at 20, and nothing
> > goes on the server that doesn't go through Apt-get.
> Fortunately, I can
> > work around it by using POST for now, but it would be
> nice to be able to
> > do REST right.
> >
> >
> >
> >
> >
> -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat dies suddenly

[Mark Eggers]

--- On Thu, 2/4/10, Caldarale, Charles R  wrote:

> > 6. Carl was using 32-bit Linux, which he isn't :(
> 
> Correct, which made the whole point moot, so I'm not sure
> why Dan even brought it up.
> 

I just mentioned the 32-bit Linux behavior for completeness. I did state that I 
realized 32-bit Linux is not in play.

> > AFAIK, 64-bit Linux has a wide-open memory addressing
> scheme. Maybe it
> > considers everything under 17 billion GiB to be "low
> memory", now :)
> 
> No, the hardware restrictions don't exist in 64-bit mode.

This is what I've read as well. If you use 64-bit Linux, this problem goes 
away. There are also some ways to build the 32-bit kernel in order to reduce 
this problem.

All this is moot since a 64-bit Linux kernel is being used.

As to the copy-on-write behavior for fork()d processes, it would help if I read 
the man pages:

Under Linux, fork() is implemented using copy-on-write pages, so the only  
penalty that it incurs is the time and memory required to duplicate the 
parent’s page tables, and to create a unique task structure for the child.

It turns out that things are a little bit more complicated than that, in that 
since version 2.3.3 fork is actually a wrapper to clone(2) with the appropriate 
flags to give the same result as a traditional fork(2) call.

All of this is moot however if there is no Runtime.exec() call in the 
application.

I'm a bit curious though about several points:

1. The application runs fine on an older system. Do we have the glibc and 
kernel versions for all systems?

2. Different usage patterns (?) seem to cause the outages at different rates 
(if I remember an account of one Friday). What paths in the application were 
being exercised most heavily during that time?

As for cache / buffer / free - I've seen cases where the cache did not go to 0, 
but swap was in play (slow disk, small amount of memory).

Sorry for chasing down the rabbit hole . . .

/mde/





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat dies suddenly

[Mark Eggers]

--- On Fri, 2/5/10, Carl  wrote:

Carl,

> 1. The application runs fine on an older system. Do we have
> the glibc and kernel versions for all systems?
> 
> The old system: P4.  1GB memory, 1.3GB swap. 
> Uses swap on a regular basis.  kernel is 2.4.25. 
> Java is 1.5.0_01-b08.  Tomcat is 5.5.23.  Glibc is
> version 2.3..1.
> 
> New systems: Server A (Dell T110) is a Xeon 3440, sever B
> (Dell T105) is an AMD.  A has 4GB memory and 19GB swap
> which is never used.  B has 6GB memory and 10GB swap
> which is never used.  A and B both use kernel version
> 2.6.29.6, Java 1.6.0_18-b07 and Tomcat 6.0.24..  Glibc
> version is 4.3.3 for both A and B.

A couple of observations here:

Both the old new kernels end in odd numbers. From memory, I thought the odd 
kernel numbers were experimental, while the even numbers were production or 
mainline. I don't remember when this numbering system took place, but certainly 
by the time the 2.6 kernels were released.

From kernel.org, I didn't see a 2.6.29 release marked as stable.

The thread implementation has changed between the 2.4 and 2.6 kernels. You can 
see the thread implementation change by running:

getconf GNU_LIBPTHREAD_VERSION

I'd be interested in knowing the result of that and

getconf GNU_LIBC_VERSION

on both systems, since I don't recognize 4.3.3 as a glibc version (latest 
stable is 2.11.1, so I'm assuming 2.4.3.3?).

glibc has some thread bugs that were fixed, but not until 2.8 or 2.9. There was 
also a persistent bug for 32-bit systems that bites Java applications (not your 
concern since you're running 64-bit) that wasn't fixed until 2.10.1.

So in short, I'm guessing this may be a glibc NPTL issue.

There are some observations that don't match, in that you're using Java 6 (most 
problems are reported with Java 1.4 and Java 5), and that you've used OpenSuSE 
(kernel, glibc version?) with the same Tomcat failure.

However:

For some of the earlier 2.6 kernels, you could get around NPTL problems by 
setting this environment variable:

export LD_ASSUME_KERNEL=2.4.1

which forces the use of the old linuxthreads model. I don't know if that option 
is available with the 2.6 kernel that you are using.

Another work-around has been posted on the Java bugs forum, albeit for a 
different threading problem and Java 5:

-XX:ParallelGCThreads=1

sets GC to single threads. It's not fixed in the Java bugs database, because 
later versions of RedHat Linux don't exhibit the SIGSEGV problem.

Some people report that single-threading GC solves their problems, while other 
people report that it doesn't.

Some things to try I guess:

1. export LD_ASSUME_KERNEL=2.4.1 (maybe in startup.sh?) if your kernel supports 
this..

2. set -XX:ParallelGCThreads=1 in catalina.sh (JAVA_OPTS). This is an 
experimental switch, not documented here: 
http://java.sun.com/javase/technologies/hotspot/vmoptions.jsp, but documented 
here: http://java.sun.com/javase/technologies/hotspot/gc/gc_tuning_6.html

3. Move to an even-numbered kernel with a glibc of 2.10.1 or better. 2.10 might 
be OK for your environment since the bug fixed in 2.10.1 causes problems for 
32-bit systems only.

just my two cents . . . .

/mde/





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat install/testing help.

[Mark Eggers]

Tom,

I tried responding to you off-line, but alaska.gov does not seem to like your 
mail address.

Basically, it sounds like you have a permissions problem with the account under 
which Tomcat runs.  By default, the Tomcat service runs as the Local System 
account, so that account needs appropriate access to %CATALINA_HOME% (where 
Tomcat is installed), and its subdirectories.

I hope that helps.

/mde/

--- On Fri, 7/17/09, Burton, Tom (DOR sponsored)  wrote:

> From: Burton, Tom (DOR sponsored) 
> Subject: tomcat install/testing help.
> To: users@tomcat.apache.org
> Date: Friday, July 17, 2009, 5:51 PM
> I've been trying to get tomcat and
> netbeans to work properly on my new
> computer.  I'm running a windows XP computer.
> 
> I have been able to get tomcat and netbeans to install
> successfully.
> However I've been unable to get them to work together
> 
> correctly.  I've tried installing from the executable
> and running the
> standalone version.  I've removed the standalone and 
> 
> uninstalled/reinstalled the version with the installer.
> I've tried
> installing some software that works on our production
> servers just fine.
> 
> It currently gives me ServletException when I try to load
> the /
> directory in my browser. I have another strange issue as
> well. The
> servlet
> code examples that come with tomcat work just fine but
> bundled jsp code
> examples do not they all seem to throw an
> AbstractMethodError
> exception.
> 
>  
> 
> Any help and or suggestions would be much appreciated. I'd
> be happy to
> provide some of the trace roots if you think it will help
> in diagnosing 
> what I did wrong in seting everything up.
> 
>  
> 
> Thanks in advance,
> 
> Tom Burton
> 
>  
> 
> 




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Trouble setting up virtual host

[Mark Eggers]

As usual, late to the thread.

I'll use C) then:

> > C) on another workstation :
> > 
> >     - close the browser and re-open it.
> >     - in the browser, find the place where you can "clear the cache".
> >     - do it (clear the cache)
> >     - request the URL :
> >               
>   http://adm138/InfoViewApp
> > 
> >     - indicate the result here :
> > 
> > 
> > A:  Internet Explorer cannot display the webpage

This usually means that the other workstation cannot translate between the name 
you gave the host on the other workstation (adm138) and the IP address of your 
server.

I also noticed that while you use the fully qualified name in the other example 
(www.fmdreports.vcu.edu) you use the short name in your tests (adm138).

There are several things to try here, to see where the breakdown is.  I'll use 
numbers since everyone else is using letters.

1. From another workstation, open a DOS window (if it's Windows) or a UNIX 
shell command (if it's UNIX), and type the following:

ping adm138

1a) If you get:
Ping could not find the host adm138, then the other workstation does not know 
how to translate between the name and the IP address.

1b) If you get:
Four lines with a bunch of numbers, then the other workstation knows how to 
translate between the name and the IP address

2. From another workstation, open a DOS window (if it's Windows) or a UNIX 
shell command (if it's UNIX) and type the following:

ping adm138.fmdreports.vcu.edu

2a) If you get:
Ping could not find the host adm138.fmdreports.vcu.edu, then the other 
workstation does not know how to translate between the name and the IP address.

2b) If you get:
Four lines with a bunch of numbers, then the other workstation knows how to 
translate between the name and the IP address

adm138.fmdreports.vcu.edu may be the fully qualified name, but this depends on 
how your network administrator has set up something called DNS.

Firewall check
==

Windows comes with a built-in firewall.  On XP/Professional it's located in 
Start->Control Panel->Network Connections.  You'll have to single-click on the 
active network (the one your server connects to) to see Change Firewall 
Settings on the left hand side.

Once you click on that (Change Firewall Settings), you should be able to edit 
the settings by selecting Exceptions tab.  Hopefully you'll see two entries for 
Java(TM) Platform SE Binary.  Make sure that the JRE you're using to run Tomcat 
is there (by clicking on edit and reading the properties).

Short term fix (once you've checked your firewall)
==

If you have administrative privileges on the other workstation (Windows) or 
root access (UNIX), you can add some information in a file called hosts.  On 
Windows, it's located in the %windir%\System 32\drivers\etc directory.  In UNIX 
it's located in /etc

The line you need to add is the following:

aaa.bbb.ccc.ddd adm138

where aaa.bbb.ccc.ddd is the IP address of the machine with your Tomcat server.

If the fully qualified name is supposed to be adm138.fmdreports.vcu.edu, then 
add this line instead to the hosts file

aaa.bbb.ccc.ddd adm138 adm138.fmdreports.vcu.edu

where aaa.bbb.ccc.ddd is the IP address of the machine with your Tomcat server.

Long term (proper) fixes
=

There are really two parts to this fix.  The first part is to get your network 
administrator to add this hostname and IP address to your campus DNS server.  
The DNS server is responsible for translating between human-readable names and 
IP addresses.  Once the name you have chosen for your server is in DNS, all 
machines using DNS servers will know how to interpret the name of the host.

The second part of the fix is to alter your virtual host definition in 
server.xml.  In general, it's a good idea to only use fully qualified names in 
the server.xml file.

So, in part, your host element should look like this:





For example:





However, if you want to have this virtual host respond to other names, you can 
add aliases for each name.  To do that, just add an alias element for each name 
you want.


  some-other-name
  still-another-name



For example:


  adm138.fmdreports.vcu.edu
  another.fmdreports.vcu.edu



If you want those aliases to be visible to other select workstations, then you 
will have to edit the hosts file for each workstation like I've shown above.  
Obviously, this is not a permanent fix if you have to edit 1000s of hosts on 
campus.

If you want to have those alias names reachable from workstations that are not 
your server, then tell your network administrator what those names should be.  
Please remember if these names are going to be globally visible, you will have 
to use fully qualified names, not something like adm138.

Host Name Resolution Background
===

Finally, there's a bit of magic happening on your workstation depending on how 
it's configured.  As I've said above, all ho

Re: Frustrating refusal to serve *some* pages, scripts, images.

[Mark Eggers]

--- On Mon, 6/8/09, Zaq Rizer  wrote:


> WARNING: Unable to find configured definition
> '/WEB-INF/tiles.xml'
> Jun 8, 2009 3:35:00 PM
> org.apache.tiles.factory.TilesContainerFactory
> initializeContainer

Just a random thought, which you've alluded to from your iPhone-posted message:

Could there be permissions / file ownership issues?
Also, are there any SE Linux issues outstanding?


  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?

[Mark Eggers]

> From: André Warnier

> David Brown wrote:
>>  Hello, I have found a situation that kills tc on startup within about 3
>>  seconds on a 64-bit cloud running Ubuntu server. localhost resolves
>>  correctly via dig but if we ping localhost it resolves to localhost.com.
> 
> Sorry, but this sounds like hogwash to me.
> Where do you do the "dig", and where do you do the "ping" ?
> Can you paste the output of both here ?


localhost.com is a real host (64.99.64.32).

> What does the local /etc/hosts file have to say about "localhost" ?
> Can you also paste that here ?


Yep, what does /etc/hosts say about localhost.

Also, what does /etc/resolv.conf look like (paste that here)?
Also, what does /etc/nsswitch.conf look like - especially the hosts: line 
(paste that here)?

>>  this in my estimation is causing tc to bail. the tc 7 installed is 64
>>  with a sun-oracle 64 bit jdk all fresh out-of-the-box with no config or
>>  changes. This is a vulnerability in my estimation unless somebody can
>>  prove different.


All this runs happily on my Fedora 15 system (albeit in 32 bit mode).

> That is a very bold statement, which seems made without turning one's tongue 
> into one's mouth 7 times before.. (as my old nanny would have said)


. . . . just my two cents

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_jk under RedHat ?

[Mark Eggers]

- Original Message -

> From: André Warnier 
> To: Tomcat Users List 
> Cc: 
> Sent: Thursday, July 14, 2011 7:34 AM
> Subject: Re: mod_jk under RedHat ?
> 
> Christopher Schultz wrote:
>>  -BEGIN PGP SIGNED MESSAGE-
>>  Hash: SHA1
>> 
>> 
>> 
>>  On 7/14/2011 8:06 AM, André Warnier wrote:
>>>  Would anyone happen to know the "package name" of the mod_jk 
> binary package under RedHat Linux Enterprise 6 ?
>> 
>>  I don't have a RHL box handy, but could it just be "mod_jk"?
>> 
> I don't think so.
> This is for a customer, to which I asked to install mod_jk on their RHEL6 
> system.  The sysadmin just sent me a message asking what "mod_jk" was, 
> as he could not find it on the RedHat repository.  I don't have a copy of 
> RHEL6, that's why I'm asking.


I only have Fedora 15 here, and yum search for mod_jk didn't result in anything 
useful.

However, after a bit of searching, I came up with the following links:

https://www.redhat.com/archives/rhsa-announce/2011-June/msg00022.html

https://rhn.redhat.com/errata/RHSA-2011-0897.html


So maybe it's in a different repository than the normal RedHat ones?

It looks like the three of interest are:

mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm
mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm
mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm

Adjust for your architecture (i386 or x86_64).

It looks like you have to subscribe to the JBoss Enterprise Web Server channel 
to get these RPMs. See:

http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html/Installation_Guide/sec-Subscribing_to_RHN_Channels_and_Installing_EWS_from_RPM_Files-Linux.html


Hope this makes sense.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Binary of mod_jk.so for Apache 2.2.x

[Mark Eggers]

- Original Message -

> From: "Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2" 
> 
> To: Tomcat Users List 
> Cc: 
> Sent: Thursday, July 14, 2011 10:08 AM
> Subject: RE: Binary of mod_jk.so for Apache 2.2.x
> 
> Chris, something DID just dawn on me...
> 
> I have my own account on that Linux server, though not with root access or 
> anything.  Would it be possible for me to compile mod_jk.so into my own space 
> and then tell him where the mod_jk.so is?  If so, would the following steps 
> be 
> how I would generate mod_jk.so (and forgive the "newbie"ness of the 
> question, please)?
> 
> tar -xvzf tomcat-connectors-1.2.30-src.tar.gz
> 
> cd tomcat-connectors-1.2.30-src/native/ # which apxs 
> 
> ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility 
> 
> make 
> 
> make install
> 
> 
> At this point, I think all I want to do is produce a functioning mod_jk.so 
> and 
> let him put it into the modules directory.  Would this do it?
> 
> Thanks again!
> 
> JL
> 
> 
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Sent: Thursday, July 14, 2011 12:34 PM
> To: Tomcat Users List
> Subject: Re: Binary of mod_jk.so for Apache 2.2.x
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Leon,
> 
> On 7/12/2011 7:42 PM, Leon Kolchinsky wrote:
>>  Go to http://tomcat.apache.org/download-connectors.cgi and download
>>  the source code:
>> 
>>  # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz
>> 
>>  Read docs/webserver_howto/apache.html or native/BUILDING.txt for
>>  options.
>> 
>>  # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure
>>  --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make
>>  install
> 
> All that as root? Hmm.
> 
> Also, not everyone has a C compiler, especially on a production machine.
> (The answer, of course, is to build somewhere else and upload.)
> 
> Jonathan, I understand that you want convenience, but there are several
> factors to consider, here:
> 
> 1. Unless you download a binary from a trusted source (i.e. not anyone
>    on this list, but something like something.apache.org, or from your
>    distro's package manager), you should consider yourself compromised.
> 
> 2. If you build your own mod_jk, you know it will work with your exact
>    environment. No weird problems with slight version mismatches between
>    httpd version or other libraries. No questions about which
>    architecture's files you need to download, etc.
> 
> 3. Building mod_jk from source is relatively trivial. See above. Most
>    Linux distros some with a C compiler by default, and all of them
>    can trivially install gcc.
> 
> Consider trying it.
> 
> Recently, the Tomcat team decided to stop providing binaries for *NIX
> platforms because of the above (maybe that was just for tcnative, but I
> wouldn't be surprised if the policy is now to avoid rolling binaries for
> any non-Java components).
> 
> Why? Because if we wanted to provide binaries for, say, mod_jk, we need
> to support (at least) two architectures: x86 and x86_64. Also, there are
> 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes,
> even httpd patch level can affect compatibility (though it really
> shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13
> and wants to know "why no binary?".
> 
> We cannot possibly provide enough binaries to make everyone happy. Since
> it's so easy to build mod_jk, we ask users in *NIX environments to just
> do it.
> 
> We do provide binaries for both 32- and 64-bit Microsoft Windows
> environments for Apache httpd, Microsoft IIS and (wtf?) Netscape,
> because those folks rarely have compilers handy.
> 
> If you have any trouble building mod_jk, please don't hesitate to come
> back for help.
> 
> - -chris


If all the tools are available on the production system (compiler, libraries), 
then you do this as a normal user:

myuser$ tar -xvzf tomcat-connectors-1.2.32-src.tar.gz
myuser$ cd tomcat-connectors-1.2.32-src/native/
myuser$ which apxs  
myuser$ ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility 
myuser$ make 


(where myuser$ is whatever prompt you have for your user id).

Then you tell the system admin where the location is (probably now in 
/home/myuser/tomcat-connectors-1.2.32-src/native/), and have him do as root:

# cd /home/myuser/tomcat-connectors-1.2.32-src/native/
# make install

That should get the mod_jk.so installed. The administrator will then have to 
configure it (see tomcat-connectors-1.2.32-src/conf for examples), and finally 
restart the Apache HTPPD server.

Hopefully the administrator should be able to do that.

. . . . just my two cents
/mde/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Binary of mod_jk.so for Apache 2.2.x

[Mark Eggers]

- Original Message -

> From: Christopher Schultz 
> To: Tomcat Users List 
> Cc: 
> Sent: Thursday, July 14, 2011 11:36 AM
> Subject: Re: Binary of mod_jk.so for Apache 2.2.x
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Jonathan,
> 
> On 7/14/2011 1:08 PM, Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 wrote:
>>  Chris, something DID just dawn on me...
>> 
>>  I have my own account on that Linux server, though not with root 
>>  access or anything. Would it be possible for me to compile mod_jk.so 
>>  into my own space and then tell him where the mod_jk.so is?
> 
> Yes.
> 
>>  If so, would the following steps be how I would generate mod_jk.so 
>>  (and forgive the "newbie"ness of the question, please)?
>> 
>>  tar -xvzf tomcat-connectors-1.2.30-src.tar.gz
>> 
>>  cd tomcat-connectors-1.2.30-src/native/ # which apxs
> 
> The "# which apxs" was intended to be a command to determine the
> location of Apache httpd's "apxs" program, which is a
> configuration-dumping utility to help with building Apache httpd
> modules. apxs if often found in /usr/sbin/apxs so Leon's post was using
> that as an example:
> 
>>  ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility
> 
> Replace /usr/sbin/apxs with whatever the result of "which apxs" is. If
> that doesn't return anything, you may have to have your SA install the
> Apache httpd development package or something. It might also be called
> "apxs2" (that's the case in my Debian Lenny environment).
> 
> Good luck,
> - -chris
>

An addendum concerning building mod_jk on a RedHat based system:

RedHat often (always?) splits libraries from their associated include files and 
development resources. It really doesn't save a lot of space, so I guess the 
only reason is to create a clean production (read, can't build software here) 
environment.

In order to build mod_jk on Fedora (and probably CentOS, RedHat EL), you'll 
need to have the following installed (plus the normal development tools).

httpd-devel (provides /usr/sbin/apxs
apr-devel (provides the appropriate include files)
apr (required by apr-devel)
apr-util-devel (required by httpd-devel)
apr-util (required by apr-util)

There are other requirements buried in the list above, but if your admin 
installed these yum should pull in the requirements.

It's good to have a development system that mirrors the software versions 
running on the production system, with the addition of all the development 
libraries and tools.

. . . . just my two cents.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Binary of mod_jk.so for Apache 2.2.x

[Mark Eggers]

- Original Message -

> From: "Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2" 
> 
> To: Tomcat Users List ; Mark Eggers 
> 
> Cc: 
> Sent: Friday, July 15, 2011 7:53 AM
> Subject: RE: Binary of mod_jk.so for Apache 2.2.x
> 
> There is no "apxs" on the Linux server.  The S.A. confirmed this.  
> That file and nothing closely resembling it are found anywhere on the whole 
> box.  Is it needed to compile mod_jk?

Yes, and you will need a collection of other include files and libraries that 
are probably not installed on your system.

Building mod_jk on a RedHat system is slightly complicated by the fact that 
RedHat breaks up packages.

For example, if you install the apr and apr-util packages, you might expect to 
have all the tools required to build software with Apache's portable runtime 
libraries.

You don't. You will need to install apr-devel and apr-util-devel in order to 
build other software using these libraries. The apr and apr-util packages 
contain only what is required to run software built with these packages.

Building mod_jk on RedHat (at least Fedora), requires a collection of 
development tools and packages. At the top of the requirements chain, these are:

1. httpd-devel
This package provides /usr/sbin/apxs among other things.

2. apr-devel
The include files for building software with the apache portable runtime 
libraries.

3. apr-util-devel
The include files for the utilities library of the apache portable runtime 
libraries

4. Java JDK
Note, the JRE will NOT work. You should download and install this from Oracle, 
although there are ways to get this installed using the RedHat package manager. 
There are include files in $JAVA_HOME/include and $JAVA_HOME/include/linux that 
you will need.

If yum is set up properly (at least on Fedora), the dependencies for the first 
three packages will be pulled in when you request the following (as root):

yum install httpd-devel apr-devel apr-util-devel

In part, you should see the following get installed.

perl (if not installed already - can't imagine why it wouldn't be)
pkgconfig
db4-devel (which requires db4 and db4-cxx)
expat-devel (which requires expat)
openldap-devel (which requires openldap,cyrus-sasl-devel)

cyrus-sasl-devel requires a set of packages as well.
cyrus-sasl
cyrus-sasl-lib

Hopefully everything else should be in place on your system.

Again, in a sane world yum will pull in the required dependencies if you just 
do the following as root:

yum install httpd-devel apr-devel apr-util-devel

Yum will come back with a list of additional packages it needs to install in 
order to meet the requirements.

This is how it works on a Fedora system, which is basically the beta testing 
environment for RedHat EL releases.

For mod_ssl, you shouldn't have to build it. At least on a Fedora system, 
mod_ssl is provided by the mod_ssl package.

Installing that as root with:

yum install mod_ssl

will bring in the openssl package. You will need the openssl package and the 
openssl-devel package in order to build the Tomcat native libraries packaged in 
$CATALINA_HOME/bin/tomcat-native.tar.gz.

Hopefully between you and your system admin, you can decipher the above mail 
message.

. . . . just my two cents.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_jk under RedHat ?

[Mark Eggers]

- Original Message -

> From: Christopher Schultz 
> To: Tomcat Users List 
> Cc: 
> Sent: Friday, July 15, 2011 7:53 AM
> Subject: Re: mod_jk under RedHat ?
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> André,
> 
> On 7/15/2011 3:37 AM, André Warnier wrote:
>>  For both threads : Binary of mod_jk.so for Apache 2.2.x and mod_jk
>>  under RedHat ?
>> 
>>  Here is apparently the deal with mod_jk and Redhat (quoted from my 
>>  competent sysadmin) :
> 
> This is probably worth putting in the wiki somewhere. We could have a
> section where we direct people to get binaries for various platforms if
> we know about them.
> 
> Maybe instead of the wiki, it could go directly into the "binaries"
> folder's README, so they are linked-to from the place people would end
> up if they were trying to download a binary.
> 
> I know that Debian/Ubuntu has a package for mod_jk called
> "libapache2-mod-jk" so you can just do "apt-get install
> libapache2-mod-jk" and it will get all the deps (libc6 (>= 2.7-1),
> apache2.2-common, apache2), etc.
> 
> So we have two data points (RHEL and Debian). Maybe others can also
> contribute.
> 
> - -chris


Andre, it doesn't surprise me that this channel is a paid for support channel. 
Did anyone troll through the JBoss community pages to see if there is a mod_jk 
package? I don't know how sensitive your customer is to using 
community-supported software from JBoss / RedHat (if it exists).

Chris, maybe a pointer on the following pages:

http://tomcat.apache.org/connectors-doc/
http://tomcat.apache.org/download-connectors.cgi 


to a Wiki page detailing third party compiled binaries? Have a disclaimer on 
the above two pages stating that binaries for the connectors are not normally 
supplied, and the Wiki page contains information on binaries for various 
platforms.

There are a lot of potential problems with this, including implied endorsement 
by ASF for third party binaries (would a disclaimer be sufficient?), spam, and 
infected binaries.

Another approach would be to have Wiki pages with detailed build or 
installation instructions for each platform. The pages could then reference 
distribution channels (Debian/Ubuntu/OpenSuse), commercial channels (RedHat), 
requirements for compiling from source (RedHat, CentOS, Fedora).

Just some random thoughts . . . .

/mde/

And yes, I'll try to write up a Fedora compilation one (which should work for 
RedHat, CentOS, Scientific Linux). It may take me a bit, since I'm a software 
pack rat, and this system pretty much has everything under the -hat- installed.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RedHat and mod_jk

[Mark Eggers]

I find it a bit odd as well. It appears that mod_jk was never really a part of 
Fedora. jpackage.org maintained an RPM for Apache 2.0 and RedHat platforms 
until about Fedora 3 or Fedora 4, and then it was dropped. I don't find a 
package in Fedora 14, RHELS 4, or RHELS5.

I guess this could be asked on the Fedora developers' mailing list or IRC 
(which feeds into Fedora, which feeds into RHELS).

I wonder if there's a problem building mod_jk with OpenJDK. I have Oracle's JDK 
installed here, so I don't know.

. . . . just my two cents.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Why we have duplicate JSESSIONIDSSO cookies ?

[Mark Eggers]

- Original Message -

> From: Mathan Karthik 
> To: users 
> Cc: 
> Sent: Friday, July 15, 2011 11:51 AM
> Subject: Why we have duplicate JSESSIONIDSSO cookies ?
> 
> Why tomcat maintaining duplicate JSESSIONIDSSO cookies for the same hostname 
> and 
> context path? Is it a bug?
> 
> Due to this, i have problem in single sign on. 
> 
> Regards,
> Mathan Karthik R
>

http://www.catb.org/~esr/faqs/smart-questions.html


/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How can i change JSESSIONIDSSO cookie name?

[Mark Eggers]

- Original Message -

> From: Mathan Karthik 
> To: users@tomcat.apache.org
> Cc: 
> Sent: Friday, July 15, 2011 5:08 AM
> Subject: How can i change JSESSIONIDSSO cookie name?
> 
> Hi Guys, 
> 
> I have JSESSIONIDSSO cookie related problem. 
> 
> Currently I'm running two web applications in the same machine, but using 
> two different tomcat servers. Both the applications has the same context 
> path, 
> but port numbers are different. 
> 
> I've enabled single sign on feature in in one of the tomcat's 
> application. It is using JSESSIONIDSSO cookie for this feature. 
> 
> 
> If i logged into one of the application, another one get logged out. It 
> happens 
> due to same JSESSIONIDSSO cookie name. To avoid this issue, i want to change 
> JSESSIONIDSSO cookie name in one of the application. So i can avoid this name 
> conflict. 
> 
> 
> I know, i can change JSESSIONID name. Is it possible to change JSESSIONIDSSO 
> name? Any other way to solve this problem? 
> 
> 
> Note: If i change context path of the both the application, It will work. But 
> unfortunately, i can't change. Both the applications are running in same 
> context path but in different ports.
> 
> 
> Regards, 
> Mathan Karthik R 
>

Better, but we still have no idea what version, system, etc.

However, a quick search in the documentation shows:

http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html#Sessions

http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html#Sessions

http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Sessions



/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RedHat and mod_jk

[Mark Eggers]

- Original Message -

> From: Rainer Jung 
> To: users@tomcat.apache.org
> Cc: 
> Sent: Friday, July 15, 2011 12:24 PM
> Subject: Re: RedHat and mod_jk
> 
> On 15.07.2011 20:54, Mark Eggers wrote:
>>  I find it a bit odd as well. It appears that mod_jk was never really a part 
> of Fedora. jpackage.org maintained an RPM for Apache 2.0 and RedHat platforms 
> until about Fedora 3 or Fedora 4, and then it was dropped. I don't find a 
> package in Fedora 14, RHELS 4, or RHELS5.
>> 
>>  I guess this could be asked on the Fedora developers' mailing list or 
> IRC (which feeds into Fedora, which feeds into RHELS).
>> 
>>  I wonder if there's a problem building mod_jk with OpenJDK. I have 
> Oracle's JDK installed here, so I don't know.
> 
> You don't need Java to build mod_jk. Only Apache and APR including dev
> packets.
> 
> Regards,
> 
> Rainer


Oops, right. I was looking at libtcnative to make sure I had all the 
dependencies listed.

Sorry 'bout that :-(

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How can i change JSESSIONIDSSO cookie name?

[Mark Eggers]

- Original Message -

> From: Mathan Karthik 
> To: Tomcat Users List 
> Cc: 
> Sent: Friday, July 15, 2011 1:30 PM
> Subject: Re: How can i change JSESSIONIDSSO cookie name?
> 
> Hi Mark
> 
> Thanks for your swift response. Sorry i missed to mention my tomcat version. 
> One 
> of my application using tomcat_6_0_28 and another application using 
> tomcat_5_0_28. 
> 
> I have added org.apache.catalina.SSO_SESSION_COOKIE_NAME and 
> org.apache.catalina.SESSION_COOKIE_NAME. Now my JSESSIONID cookie name got 
> changed. But JSESSIONIDSSO name didn't get changed. Am i missing anything?
> 
> 
> Regards,
> Mathan Karthik R


A quick look at the docs (and javadocs) seems to indicate that this is not 
possible for 5.0.x. All interesting fields are public static final String. Time 
to upgrade.

For 6.0.28, why did you change both? I was under the impression that you only 
wanted the SSO cookie name changed.

>From the the documentation:

org.apache.catalina.SESSION_COOKIE_NAME

Note that the Servlet specification requires this to be JSESSIONID. You should 
not rely on being able to change this.

How did you set the system property? Did you read this?

http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q29


In particular, it's a good idea to create a setenv.sh file in 
$CATALINA_HOME/bin (or $CATALINA_BASE/bin if you're running several Tomcats 
from a base installation) and add the appropriate setting to CATALINA_OPTS. 
Something like:

#!/bin/bash
CATALINA_OPTS="-Dorg.apache.catalina.SSO_SESSION_COOKIE_NAME=JNONSTANDARDSSO"
export CATALINA_OPTS

might work.


This is based on my reading of the documentation. I've not tried this.

. . . . just my two cents.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RedHat and mod_jk

[Mark Eggers]

- Original Message -

> From: Christopher Schultz 
> To: Tomcat Users List 
> Cc: 
> Sent: Friday, July 15, 2011 12:55 PM
> Subject: Re: RedHat and mod_jk
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Mark,
> 
> On 7/15/2011 2:54 PM, Mark Eggers wrote:
>>  I wonder if there's a problem building mod_jk with OpenJDK. I have 
>>  Oracle's JDK installed here, so I don't know.
> 
> mod_jk does not have any Java components. The tomcat-connectors package
> does have some Java code in it, but it looks like more of a toy than
> anything else. It's not part of the httpd module.
> 
> - -chris


Chris,

Yep, see my previous mea culpa.

Sounds like this is a topic that could be brought up on the Fedora development 
IRC (or mailing list). I imagine the immediate response would be, "If you're 
interested, why don't you build and maintain the package".

I can't see any technical reason for RedHat not to provide a package. The RPMs 
required for building it already exist in the distribution, the actual software 
build is trivial, and they already provide RPMs for things like mod_perl, 
mod_python, and svn.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RedHat and mod_jk

[Mark Eggers]

- Original Message -

> From: Christopher Schultz 
> To: Tomcat Users List 
> Cc: 
> Sent: Friday, July 15, 2011 9:09 PM
> Subject: Re: RedHat and mod_jk
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Thad,
> 
> On 7/15/2011 9:59 PM, Thad Humphries wrote:
>>  If you rely on RedHat, Novell, OpenSuSE, Unbuntu, etc. you can wait
>>  for some things until you are old and gray.
> 
> Sing it. We're stuck on MySQL 5.0 in production because of this very
> fact. Sometimes I pine for the days of Gentoo. Only sometimes.
> 
>>  Worse is to have some update that you haven't screened stomp on 
>>  something you need.
> 
> Most package managers have provisions for holding a package (or the
> whole repo) at a certain level.
> 
> Actually, the really nice thing about Debian, for instance, is that
> their releases are all stable (assuming you don't follow Sid like an
> idiot): you should never get stomped with anything. The bad news is that
> you have to wait for a major upgrade in order to get that next version
> of whatever - like MySQL 5.1 :(
> 
> - -chris


Yep. I think if you have critical requirements (technical, security, business) 
that aren't being met by your distribution's package release you have to roll 
your own. Manage it just like any other software release.

The issues are then mostly management (culpability and support). How those 
issues are dealt with becomes a matter of business culture.

I've been successful in the past in getting permission to build critical 
components locally. I've also been in environments where this was strictly 
forbidden, even at the expense of not meeting business requirements and/or 
exposing the infrastructure to known security risks. Meeting requirements is 
preferred (in my book).

It also appears that more and more admins are uncomfortable with building, 
installing, and then managing systems with locally installed software. This 
goes back to the challenge that the original poster had. Why an admin would 
balk at learning how to do this is another question . . .

Friday night ramblings are worth less than two cents . . . ;-)

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How can i change JSESSIONIDSSO cookie name?

[Mark Eggers]

- Original Message -

> From: Mathan Karthik 
> To: Tomcat Users List 
> Cc: 
> Sent: Saturday, July 16, 2011 12:49 AM
> Subject: Re: How can i change JSESSIONIDSSO cookie name?
> 
> Hi Mark
> 
> Thanks for the response. 
> 
> 
> I have added 
> org.apache.catalina.authenticator.Constants.SSO_SESSION_COOKIE_NAME 
> and org.apache.catalina.SSO_SESSION_COOKIE_NAME in system properties. Gave 
> the 
> same cookie name for the both system properties. Now Its working.
> 
> 
> Is it mandatory to keep both the entries? Please advice.
> 
> 
> Regards,
> Mathan Karthik R
> 


Glad it now works. Also, it's good that you've reported how it works. The next 
time someone comes up with this problem, hopefully they'll search the mail list 
archives and get the question answered a lot easier (and faster).

As to what's required, I suggest that you experiment and find out what works. 
Or you could read the documentation, including the API available for download 
as apache-tomcat-version-fulldocs.tar.gz.

I've never changed the JSESSIONID or JSESSIONIDSSO names, since I've never had 
a requirement that could be met by doing so. All I did was read the 
documentation, which is probably a good suggestion.

If you find the documentation difficult to follow write a Wiki entry or propose 
a documentation patch and attach it to a bugzilla enhancement request. I've 
seen both suggested several times on the list.

. . . . just my two cents.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RedHat and mod_jk

[Mark Eggers]

- Original Message -

> From: André Warnier 
> To: Tomcat Users List 
> Cc: 
> Sent: Monday, July 18, 2011 8:33 AM
> Subject: Re: RedHat and mod_jk
> 
> Christopher Schultz wrote:
>>  -BEGIN PGP SIGNED MESSAGE-
>>  Hash: SHA1
>> 
>>  Mark,
>> 
>>  On 7/16/2011 12:50 AM, Mark Eggers wrote:
>>>  I've been successful in the past in getting permission to build 
> critical components locally. I've also been in environments where this was 
> strictly forbidden, even at the expense of not meeting business requirements 
> and/or exposing the infrastructure to known security risks. Meeting 
> requirements 
> is preferred (in my book).
>>> 
>>>  It also appears that more and more admins are uncomfortable with 
> building, installing, and then managing systems with locally installed 
> software. 
> This goes back to the challenge that the
>>>  original poster had. Why an admin would balk at learning how to do
>>>  this is another question . . .
>> 
>>  Fortunately for me, I'm the admin *and* I get to make these kinds of
>>  decisions.
>> 
>>  I just don't feel like keeping MySQL up-to-date myself. :)
>> 
> 
> A reason why admins "balk" may be because they are asked to take care 
> of more and more systems (due to virtualisation e.g.), and can no longer 
> afford 
> to spend the time to do that.
> 
> Anyway, whatever their reasons, a number of admins will not do it, and the 
> practical consequence in this case will be a decrease of the usage of mod_jk.
> 
> The basic point is : mod_jk is not included in the RedHat standard 
> Apache/Tomcat 
> packages.
> But maybe this is just an oversight of RedHat, and maybe with a little nudge, 
> they may be persuaded to include it again.
> Does anyone know how one would go about trying to nudge them in this 
> direction ?
> 
> Alternatively, what would it take for mod_jk to be (maybe again) part of the 
> standard Apache httpd distribution ? (so that these "packagers" would 
> include it in the next Apache httpd packaged version without even having to 
> think about it).


I noticed that it's not a part of the Fedora (basically RedHat's test platform) 
distribution either.

If it's a part of the Apache HTTPD distribution, more Linux distributions might 
pick it up. Just glancing at my installation, it seems that modules not shipped 
with Fedora's packaging are modules that are separate from Apache HTTPD (with 
the notable exception of mod_ssl).

For RedHat, the process is roughly:

1) Get the new code accepted upstream.
2) Get it included in Fedora.
3) Get it included in Red Hat Enterprise Linux.

This is taken from a RedHat magazine article, and discusses bug fixes, new 
features, and new packages. I'm guessing that item 1) applies to bug fixes and 
new features.

So, possibly getting the Fedora team to accept an RPM for mod_jk would be the 
place to start. They'll probably want a 32-bit, 64-bit, and source packages. 
They'll also probably want a maintainer for those packages.

The IRC channel #fedora-devel on FreeNode might be a good place to start. I 
don't know how other distributions are handled.

Chris, I'm just a lowly systems architect (have been an admin in a former 
life). Building MySQL was always low on my list of things to do. However, it 
never seemed as difficult as building PHP :-p.

Andre, managing lots of configurations is a pain. I've used custom 
processes/tools as well as commercial tools. Nothing seems to work effortlessly 
;-). So mod_jk builds may be the (very lightweight) straw that breaks an 
admin's back.

. . . . just my two cents.

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: URL/ URI/ TC(?) puzzle -- wrong non-error?

[Mark Eggers]

- Original Message -

> From: Dennis de Champeaux 
> To: Tomcat Users List 
> Cc: 
> Sent: Friday, July 22, 2011 3:22 PM
> Subject: Re: URL/ URI/ TC(?) puzzle -- wrong non-error?
> 
>T his is the 2nd response with 
>                      "You have a broken configuration".
> Why are you guys not explaining what is broken?
> I cannot read your mind/ Telepathy does not work here yet. 
> BTW I did do plenty of research on this topic
> Your SNOTTYness is not appreciated ... 
>       Actually I cannot stand this list ...
> Do not tell me again that I get what I paid for                 Ugh


As has been pointed out, your configuration is incorrect. Your
configuration leads to double deployment.

Instead guessing at what you're trying to achieve, what platform
you're running on, what exact version of Tomcat you're running, and
what JRE version you're using, I'm going to point you at some
documentation.

First of all, there's a reasonably detailed discussion on how to set
up virtual hosts in Tomcat here:

http://wiki.apache.org/tomcat/TomcatDevelopmentVirtualHosts

While this is designed for a development environment, it also serves
as a good basis for a production environment.

Once you have that set up, it's time to address your particular host
configuration.

According to the following documentation:

http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

it is NOT RECOMMENDED to place  elements directly in
server.xml

Instead, either place the context element as a file [app-name].xml in
$CATALINA_HOME/conf/[host-name] or in the application's META-INF
directory as context.xml. There are good reasons to choose one or the
other, depending on your use case. The differences are noted here:

http://tomcat.apache.org/tomcat-6.0-doc/config/host.html

under Automatic Application Deployment.

Now that you've ripped the  element out of server.xml, it's
time to address the contents of this element.

Again, I will point you to:

http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

as the reference.

1. There is no debug attribute
2. Don't set docBase UNLESS the application exists outside of appBase
   for the host. This is useful if you're setting up cross-context
   applications (for example, Solr). In any case do NOT set docBase as a
   subdirectory of appBase.
3. Don't set path

If you have problems once you've cleaned up your installation
according to the documentation listed above, come back with specific
questions.

I refer you to:

http://www.catb.org/~esr/faqs/smart-questions.html

as a good resource on how to ask questions on a mailing list. In
particular, it's a good idea to pay attention to the following:

http://www.catb.org/~esr/faqs/smart-questions.html#id478549

. . . . just a happy Tomcat user.

/mde/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fwd: Re: Invalid command 'SHUTDOW' received

[Mark Eggers]

Replies inline:

> From: Frederick Ouimet
> Hi,
> 
> Sorry for the delay in responding.  I think I managed to find the culprit.
> 
> To answer your questions Konstantin:
> 1- Windows 7, JDK and Tomcat are 32-bit
> 2- from command prompt, chcp return code page 850
> 3- I change the shutdown string to "FRED" and the last character was 
> trimmed: invalid command "FRE" received ...


I have a slightly different system than you do for Windows:

Windows XP/Professional
Avast! 6.0.1203

JRE 1.6.0_26
JDK 1.6.0_23
Tomcat 6.0.29
  One installation from the .exe
  One installation from the zip file
NetBeans 6.9.1


I need to do some updating.

> The fact that the last character is chewed up somehow made me go back to an 
> initial theory that something is intercepting the shutdown command before 
> Tomcat 
> receives it.  So I went back to Avast resident shields.  I turned off the 
> Avast 
> shields once again.  It seems to improve shutting down Tomcat a bit, Tomcat 
> responds on the 1st, 2nd, 3rd+ shutdown command instead of 14+.  But it's 
> just not consistent, Tomcat almost never responds on the 1st shutdown.  
> That's why I first concluded that Avast wasn't the problem.  Add the 
> fact that the windows XP PC where Tomcat shuts down fine also runs Avast.
> 
> As a last resort, I decided to completely uninstall Avast.  Guess what, 
> Tomcat 
> now shuts down properly on the 1st try!

I started and stopped Tomcat cleanly while Avast! was running:
  Tomcat as a service
  Tomcat from the DOS command line
  Tomcat from the Cygwin bash command line (complains about PATH syntax, but 
otherwise fine)
  Tomcat from NetBeans 6.9.1

> 
> Must be something with Avast and Windows 7 or corrupted installation.  Maybe 
> it's something else but I started and shut down Tomcat about 10 times so far 
> from command prompt and Eclipse and everything is OK.


I wonder if there is anything in the Avast! reports that would be useful. I'm 
not sure where they would be on Windows 7, but on XP they are in:

All Users\Application Data\Alwil Software\Avast5\report


Change the 5 to 6 if you've not upgraded from 5 to 6 (like I have). If you find 
something, you might post it to the Avast! forums to get a work around or get 
them to fix the bug. It would certainly be useful for those of us who are 
staying on Avast!.

Glad you have it working.

just my two cents . . . .

/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org