Re: Virtual Thread with Http11Nio2Protocol
Hi,
When the property "useVirtualThreads" is true, Tomcat create a
VirtualThreadExecutor
(https://github.com/apache/tomcat/blob/10.1.x/java/org/apache/tomcat/util/net/AbstractEndpoint.java#L1047)
so a virtual thread is using
(https://github.com/apache/tomcat/blob/10.1.x/java/org/apache/tomcat/util/threads/VirtualThreadExecutor.java#L38)
to execute org.apache.tomcat.util.net.Nio2Endpoint$Nio2Acceptor
but you are right that the AsynchronousServerSocketChannel in Nio2Endpoint is
not using a VirtualThreadExecutor
(https://github.com/apache/tomcat/blob/10.1.x/java/org/apache/tomcat/util/net/Nio2Endpoint.java#L120)
because it is not an ExecutorService but an Executor, so
AsynchronousServerSocketChannel is using a ThreadPoolExecutor.
A code like this is executing AsynchronousServerSocketChannel with Virtual
Threads (fast code, so probably bad) :
if (getExecutor() == null) {
createExecutor();
}
if (getExecutor() instanceof ExecutorService) {
threadGroup = AsynchronousChannelGroup.withThreadPool((ExecutorService)
getExecutor());
} else if (getExecutor() instanceof VirtualThreadExecutor) {
threadGroup =
AsynchronousChannelGroup.withThreadPool(Executors.newVirtualThreadPerTaskExecutor());
}
What do you think about this ? It is a bug or a choice of tomcat teams that
only Nio2Acceptor are on virtual thread and not AsynchronousServerSocketChannel?
To test this, I duplicate the TestMaxConnections test and add
Assert.assertTrue(tomcat.getConnector().setProperty("useVirtualThreads",
"true"));
Regards,
Nicolas
> Le 8 déc. 2023 à 03:49, Han Li a écrit :x
>
> Hi Nicolas,
>
> I took a quick look that Tomcat's VirtualThreadExecutor does not implement
> the ExecutorService interface, which leads to this result.
>
> So I think this is a Tomcat bug.
>
> Han
>
>> On Dec 8, 2023, at 03:55, Nicolas BONAMY wrote:
>>
>> Hi,
>>
>> I try to use virtual thread on Apache Tomcat 10.1.16 with this configuration
>> on macOS or on Linux:
>>
>> > class="org.apache.catalina.core.StandardVirtualThreadExecutor"/>
>>
>> > protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>> connectionTimeout="2"
>> redirectPort="8443"
>> maxParameterCount="1000"
>> useVirtualThreads="true"
>> />
>> But when I make a request, I'm not on a virtual thread :
>> Thread[#76,Thread-14,5,main] . I profiled my application too but no virtual
>> threads are used.
>>
>> If I use a Http11NioProtocol instead of Http11Nio2Protocol, all requests are
>> on virtual thread :
>> VirtualThread[#65,http-nio-8080-virt-0]/runnable@ForkJoinPool-1-worker-1
>>
>> > class="org.apache.catalina.core.StandardVirtualThreadExecutor"/>
>>
>>
>> > protocol="org.apache.coyote.http11.Http11NioProtocol"
>> connectionTimeout="2"
>> redirectPort="8443"
>> maxParameterCount="1000"
>> useVirtualThreads="true"
>> />
>> Http11Nio2Protocol is not working with virtual threads? Has anyone
>> encountered this problem before?
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
Re: Virtual Thread with Http11Nio2Protocol
Hi Mark, Of course I tried with To reference the executor in the connector ;) > Le 8 déc. 2023 à 10:51, Mark Thomas a écrit : > > On 08/12/2023 02:49, Han Li wrote: >> Hi Nicolas, >> I took a quick look that Tomcat's VirtualThreadExecutor does not implement >> the ExecutorService interface, which leads to this result. >> So I think this is a Tomcat bug. > > +1 > >>> On Dec 8, 2023, at 03:55, Nicolas BONAMY >> <mailto:nicolas.bona...@gmail.com>> wrote: >>> >>> Hi, >>> >>> I try to use virtual thread on Apache Tomcat 10.1.16 with this >>> configuration on macOS or on Linux: >>> >>>>> class="org.apache.catalina.core.StandardVirtualThreadExecutor"/> > > Note that the above configuration is a) unnecessary and b) doesn't do > anything as the following Connector does not reference the Executor > > Mark > > >>>>> protocol="org.apache.coyote.http11.Http11Nio2Protocol" >>> connectionTimeout="2" >>> redirectPort="8443" >>> maxParameterCount="1000" >>> useVirtualThreads="true" >>> /> >>> But when I make a request, I'm not on a virtual thread : >>> Thread[#76,Thread-14,5,main] . I profiled my application too but no virtual >>> threads are used. >>> >>> If I use a Http11NioProtocol instead of Http11Nio2Protocol, all requests >>> are on virtual thread : >>> VirtualThread[#65,http-nio-8080-virt-0]/runnable@ForkJoinPool-1-worker-1 >>> >>>>> class="org.apache.catalina.core.StandardVirtualThreadExecutor"/> >>> >>> >>>>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> connectionTimeout="2" >>> redirectPort="8443" >>> maxParameterCount="1000" >>> useVirtualThreads="true" >>> /> >>> Http11Nio2Protocol is not working with virtual threads? Has anyone >>> encountered this problem before? >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > <mailto:users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > <mailto:users-h...@tomcat.apache.org>
Virtual Thread with Http11Nio2Protocol
Hi, I try to use virtual thread on Apache Tomcat 10.1.16 with this configuration on macOS or on Linux: But when I make a request, I'm not on a virtual thread : Thread[#76,Thread-14,5,main] . I profiled my application too but no virtual threads are used. If I use a Http11NioProtocol instead of Http11Nio2Protocol, all requests are on virtual thread : VirtualThread[#65,http-nio-8080-virt-0]/runnable@ForkJoinPool-1-worker-1 Http11Nio2Protocol is not working with virtual threads? Has anyone encountered this problem before?
Re: Virtual Thread with Http11Nio2Protocol
William, I’m using Adoptium Temurin 21.0.1+12 Regards, Nicolas > Le 7 déc. 2023 à 21:00, William Crowell a > écrit : > > Nicolas, > > Which JDK version? > > Regards, > > William Crowell > > From: Nicolas BONAMY > Date: Thursday, December 7, 2023 at 2:55 PM > To: users@tomcat.apache.org > Subject: Virtual Thread with Http11Nio2Protocol > Hi, > > I try to use virtual thread on Apache Tomcat 10.1.16 with this configuration > on macOS or on Linux: > > class="org.apache.catalina.core.StandardVirtualThreadExecutor"/> > > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > connectionTimeout="2" > redirectPort="8443" > maxParameterCount="1000" > useVirtualThreads="true" > /> > But when I make a request, I'm not on a virtual thread : > Thread[#76,Thread-14,5,main] . I profiled my application too but no virtual > threads are used. > > If I use a Http11NioProtocol instead of Http11Nio2Protocol, all requests are > on virtual thread : > VirtualThread[#65,http-nio-8080-virt-0]/runnable@ForkJoinPool-1-worker-1 > > class="org.apache.catalina.core.StandardVirtualThreadExecutor"/> > > > protocol="org.apache.coyote.http11.Http11NioProtocol" > connectionTimeout="2" > redirectPort="8443" > maxParameterCount="1000" > useVirtualThreads="true" > /> > Http11Nio2Protocol is not working with virtual threads? Has anyone > encountered this problem before? > > > CAUTION: This email originated from outside of the organization. Do not click > on links or open attachments unless you recognize the sender and know the > content is safe. > > > This e-mail may contain information that is privileged or confidential. If > you are not the intended recipient, please delete the e-mail and any > attachments and notify us immediately. > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual Thread with Http11Nio2Protocol
Thanks! Nicolas > Le 8 déc. 2023 à 11:35, Mark Thomas a écrit : > > On 08/12/2023 09:51, Mark Thomas wrote: >>> On 08/12/2023 02:49, Han Li wrote: >>> Hi Nicolas, >>> >>> I took a quick look that Tomcat's VirtualThreadExecutor does not implement >>> the ExecutorService interface, which leads to this result. >>> >>> So I think this is a Tomcat bug. >> +1 > > This has been fixed for all versions and will be included in the January > release round (unless a regression is found in the December releases and we > need to re-do them). > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 9.0.61 : service incorrectly installed on windows
Hello everyone We had an issue installing Tomcat as a service on windows after an upgrade to 9.0.62 : many parameters (startup class and method, jvm etc…) where missing. We install tomcat as a service through a bat file which chains some commands to tomcat9.exe For example : tomcat9.exe //IS//BodetServiceTomcat --JavaHome "Path\to\jre" --Classpath="Path\to\apache-tomcat-9.0.62\bin\bootstrap.jar; Path\to\ \apache-tomcat-9.0.62\bin\tomcat-juli.jar" --Jvm " Path\to\jre\bin\server\jvm.dll" --StartClass org.apache.catalina.startup.Bootstrap --StopClass org.apache.catalina.startup.Bootstrap --StartParams start --StopParams stop tomcat9.exe //US//BodetServiceTomcat --Startup=auto --StartMode jvm --StopMode jvm --JvmMx=%BODET_JVM_MX% --JvmMs=%BODET_JVM_MS% tomcat9.exe //US//BodetServiceTomcat --LogPath="%BODET_CATALINA_HOME%\logs" tomcat9.exe //US//BodetServiceTomcat ++JvmOptions "-XX:MaxMetaspaceSize=170m" etc… It turns out that Tomcat 9.0.61 comes with an upgrade of Commons Daemon (1.3.0) which has a bug regarding permissions for default log output : ttps://issues.apache.org/jira/browse/DAEMON-441 As stated in comments’ issue, defining –LogPath in our first command (//IS ..) resolved the issue Nicolas Bourdais Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur par e-mail. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Les communications sur Internet n'etant pas securisees, l'expediteur informe qu'il ne peut accepter aucune responsabilite quant au contenu de ce message. This mail message and attachments (the "message") are solely intended for the addresses. It is confidential in nature. If you receive this message in error, please delete it and immediately notify the sender by e-mail. Any use other than its intended purpose, dissemination or disclosure, either whole or partial, is prohibited except if formal approval is granted. As communication on the Internet is not secure, the sender does not accept responsibility for the content of this message.
RemoteIpValve resolving localname is really slow
We are hosting our tomcats on windows vms behind a reverse proxy and have enabled RemoteIPValve. In the same time we have many hardware which talk to tomcat through a vpn. Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53) and our apps running on hardware through vpn had difficulties to talk to tomcat. We identified that these difficulties came from very slow localname resolution in RemoteIpValve when calling through vpn. We added vpn IP to hosts file of our tomcat’s vms which resolved our errors. We found that these behaviour appeared with tomcat 8.5.44 and was a consequence of the new feature in RemoteIPValve and RemoteIpFilter : 'support x-forwarded-host’ id 57665. Since this feature the valve begins by resolving localname (along remoteAddr, remoteHost, serverName etc…) which in our case is time consuming (> 5 s) and leads to communication errors Is this behaviour expected and necessary ? Could localName be resolved only if changeLocalName is set to true ? Should I comment on bugzilla ? Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur par e-mail. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Les communications sur Internet n'etant pas securisees, l'expediteur informe qu'il ne peut accepter aucune responsabilite quant au contenu de ce message. This mail message and attachments (the "message") are solely intended for the addresses. It is confidential in nature. If you receive this message in error, please delete it and immediately notify the sender by e-mail. Any use other than its intended purpose, dissemination or disclosure, either whole or partial, is prohibited except if formal approval is granted. As communication on the Internet is not secure, the sender does not accept responsibility for the content of this message.
RE: RemoteIpValve resolving localname is really slow
> -Message d'origine- > De : Felix Schumacher > Envoyé : lundi 12 avril 2021 16:55 > À : users@tomcat.apache.org > Objet : Re: RemoteIpValve resolving localname is really slow > > > Am 12.04.21 um 15:49 schrieb Bourdais Nicolas: > > We are hosting our tomcats on windows vms behind a reverse proxy and have > enabled RemoteIPValve. > > In the same time we have many hardware which talk to tomcat through a > vpn. > > Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53) > and our apps running on hardware through vpn had difficulties to talk to > tomcat. > > > > We identified that these difficulties came from very slow localname > resolution in RemoteIpValve when calling through vpn. > > We added vpn IP to hosts file of our tomcat’s vms which resolved our errors. > > > > We found that these behaviour appeared with tomcat 8.5.44 and was a > consequence of the new feature in RemoteIPValve and RemoteIpFilter : > 'support x-forwarded-host’ id 57665. > > Since this feature the valve begins by resolving localname (along > > remoteAddr, remoteHost, serverName etc…) which in our case is time > > consuming (> 5 s) and leads to communication errors > > > > Is this behaviour expected and necessary ? > > Could localName be resolved only if changeLocalName is set to true ? > > How is your connector configured? Has it an attribute enableLookups (set to > true)? > No it doesn't. Here is the configuration: Nicolas > Felix > > > Should I comment on bugzilla ? > > > > > > Ce message et toutes les pieces jointes (ci-apres le "message") sont > > etablis a > l'intention exclusive de ses destinataires. > > Si vous recevez ce message par erreur, merci de le detruire et d'en avertir > immediatement l'expediteur par e-mail. > > Toute utilisation de ce message non conforme a sa destination, toute > diffusion ou toute publication, totale ou partielle, est interdite, sauf > autorisation > expresse. Les communications sur Internet n'etant pas securisees, l'expediteur > informe qu'il ne peut accepter aucune responsabilite quant au contenu de ce > message. > > This mail message and attachments (the "message") are solely intended for > the addresses. It is confidential in nature. > > If you receive this message in error, please delete it and immediately > > notify > the sender by e-mail. > > Any use other than its intended purpose, dissemination or disclosure, either > whole or partial, is prohibited except if formal approval is granted. As > communication on the Internet is not secure, the sender does not accept > responsibility for the content of this message. > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: RemoteIpValve resolving localname is really slow
> -Message d'origine- > De : Konstantin Kolinko > Envoyé : lundi 12 avril 2021 17:10 > À : users@tomcat.apache.org > Objet : Re: RemoteIpValve resolving localname is really slow > > пн, 12 апр. 2021 г. в 16:50, Bourdais Nicolas > : > > > > We are hosting our tomcats on windows vms behind a reverse proxy and have > enabled RemoteIPValve. > > In the same time we have many hardware which talk to tomcat through a > vpn. > > Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53) > and our apps running on hardware through vpn had difficulties to talk to > tomcat. > > > > We identified that these difficulties came from very slow localname > resolution in RemoteIpValve when calling through vpn. > > We added vpn IP to hosts file of our tomcat’s vms which resolved our errors. > > > > We found that these behaviour appeared with tomcat 8.5.44 and was a > consequence of the new feature in RemoteIPValve and RemoteIpFilter : > 'support x-forwarded-host’ id 57665. > > Since this feature the valve begins by resolving localname (along > > remoteAddr, remoteHost, serverName etc…) which in our case is time > > consuming (> 5 s) and leads to communication errors > > > > Is this behaviour expected and necessary ? > > Could localName be resolved only if changeLocalName is set to true ? > > Should I comment on bugzilla ? > > 1. What is the configuration of your valve and your connectors? > Valve configuration is the default one. Here is the full configuration > By default Tomcat does not perform a DNS lookup and thus there should not be > noticeable timeouts. Can you show a stacktrace, what actually happens. > > https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Di > agnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario > I would'nt say that Tomcat perform a DNS lookup. It's a native call that is performed by the following stack. We made a yourkit profiling to find out why requests were longer than a previous tomcat. java.net.Inet6AddressImpl.getHostByAddr(byte[]) Inet6AddressImpl.java (native) java.net.InetAddress$2.getHostByAddr(byte[]) InetAddress.java:933 java.net.InetAddress.getHostFromNameService(InetAddress, boolean) InetAddress.java:618 java.net.InetAddress.getHostName(boolean) InetAddress.java:560 java.net.InetAddress.getHostName() InetAddress.java:532 org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.populateLocalName() NioEndpoint.java:1395 org.apache.tomcat.util.net.SocketWrapperBase.getLocalName() SocketWrapperBase.java:231 org.apache.coyote.AbstractProcessor.action(ActionCode, Object) AbstractProcessor.java:473 org.apache.coyote.Request.action(ActionCode, Object) Request.java:433 org.apache.catalina.connector.Request.getLocalName() Request.java:1335 org.apache.catalina.valves.RemoteIpValve.invoke(Request, Response) RemoteIpValve.java:610 org.apache.catalina.connector.CoyoteAdapter.service(Request, Response) CoyoteAdapter.java:343 org.apache.coyote.http11.Http11Processor.service(SocketWrapperBase) Http11Processor.java:615 org.apache.coyote.AbstractProcessorLight.process(SocketWrapperBase, SocketEvent) AbstractProcessorLight.java:65 org.apache.coyote.AbstractProtocol$ConnectionHandler.process(SocketWrapperBase, SocketEvent) AbstractProtocol.java:818 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun() NioEndpoint.java:1623 org.apache.tomcat.util.net.SocketProcessorBase.run() SocketProcessorBase.java:49 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor$Worker) ThreadPoolExecutor.java:1149 java.util.concurrent.ThreadPoolExecutor$Worker.run() ThreadPoolExecutor.java:624 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run() TaskThread.java:61 java.lang.Thread.run() Thread.java:748 When I try to resolve localname by addr like what is called at java.net.InetAddress$2.getHostByAddr(byte[]) outside of tomcat, in a powershell, I get the same delay as in tomcat. > 2. If one could confirm your trouble, it would better be filed as a new issue > in > Bugzilla. > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Missing Request Parameters
Hi, We are facing the same problem. Sometimes the parameters don't get to tomcat. We've seen this by monitoring our plateform through a servlet simply returning the value of a parameter. We are also using apache+tomcat apache-2.0.54 jakarta-tomcat-5.5.9 It occurs on GET requests, maybe on POST ones but we don't know. The value of the parameter is not long, neither is the value. It appears to occur "randomly" Hope this will help to find a solution to the problem ... -- Nicolas Schwartz Pid a écrit : (i can't see a previous thread for this, new mail setup, so apologies if I'm restating.) Are you using GET or POST? And how many parameters are you submitting? And are there any particularly long bits of data in the parameters? lmelendez wrote: Hi Rache, Well, we are seeing the problem. Our web application seems to *drop* parameters for some requests and we still don't know what it is. We have enabled Valves and Filters and it looks like the parameters never make it to tomcat. The problem is intermitent and we cannot reproduce it at will. The same request might work sometimes and show the problem in others and we were really surprised that nobody else was having similar issues. We are currently using Apache 2.0.55 and Tomcat 5.0.28. I am wondering if you have more information about this. Thanks! Leo. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Request Parameters
I thought it might come from the connector ... Did you already try to change it ? Which version are you using ? Nicolas lmelendez a écrit : Nicolas Schwartz wrote: It occurs on GET requests, maybe on POST ones but we don't know. The value of the parameter is not long, neither is the value. It appears to occur "randomly" Exact same thing in our case. We have seen it in GET requests, not entirely sure about POSTs. We use some URLs that are quite long (more than 255 characters), but we have seen the problem with URLs with four or five parameters only. I'll check to see if we have long bits of data in the parameters. Do you think that is related? We are a bit confused because we started seeing the problem only about a month ago. We checked all changes we did to the product and none of them seem to be causing the issue. Thanks for the help! Leo. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Request Parameters
Hi ! Here is the configuration we have: In our server.xml: ## In our workers.properties: #parametrage de mod_jk workers.apache_log=/usr/local/apache/logs workers.tomcat_home=/usr/local/tomcat workers.java_home=/usr/local/java ps=/ worker.list=ajp13 worker.ajp13.type=ajp13 worker.ajp13.host=81.91.65.146 worker.ajp13.port=7547 worker.ajp13.lbfactor=50 worker.ajp13.cachesize=350 worker.ajp13.cache_timeout=600 worker.ajp13.socket_keepalive=0 worker.ajp13.socket_timeout=600 In our httpd.conf: JkMount /serv/* ajp13 I don't know which version of mod_jk we're using ... I'm looking into it. Nicolas lmelendez a écrit : in mod_jk.conf for apache, we have the following lines: # define the channel JkSet channel.socket:localhost:8009.port 8009 JkSet channel.socket:localhost:8009.host 127.0.0.1 # define the worker JkSet ajp13:localhost:8009.channel channel.socket:localhost:8009 JkUriSet group ajp13:localhost:8009 I'll do some research on how to change the connector and test it to see if there is a change. Leo. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Request Parameters
As I said it happens even on GET requests and very small urls on our side. Since it is a get request, we do see the parameter in the apache log, but we can't get it with the getParameter() method. The parameter is lost somewhere between the connector and tomcat I think. Nicolas Yashwanth CP a écrit : Hi, We are facing a similar issue ( missing parameters intermittently ). Our setup has relatively huge post requests , ( < 4KB) , and about 100-200 parallel connections on a tomcat that has 512MB memory.Some of the parameters just become null randomly. Our guess is ,it is related to size of post requests and number of accept connections. Any clues, anyone? --y - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Request Parameters
Yes I sent them 2 posts ago. However, here they are again : In our server.xml: ## In our workers.properties: workers.apache_log=/usr/local/apache/logs workers.tomcat_home=/usr/local/tomcat workers.java_home=/usr/local/java ps=/ worker.list=ajp13 worker.ajp13.type=ajp13 worker.ajp13.host=XXX.XXX.XXX.XXX worker.ajp13.port= worker.ajp13.lbfactor=50 worker.ajp13.cachesize=350 worker.ajp13.cache_timeout=600 worker.ajp13.socket_keepalive=0 worker.ajp13.socket_timeout=600 In our httpd.conf: JkMount /serv/* ajp13 Do you see something wrong ? Nicolas Pid a écrit : have we seen your connector config, and your apache forwarding setup (JK i assume)? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
System requirements
Hi, I would like to know what are the system requirements for using Tomcat in a production server, with 50-100 users, on a Red Hat Advanced Server 3. Where can I find benchmarks ? Thank you for your advices, Nicolas DEMESY - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: System requirements
Thank you for yours answers. I have one context for a web portal with servlet pages and one context for an axis web server . Sorry for the missing information . Nicolas DEMESY Mikolaj Rydzewski a écrit: DEMESY Nicolas wrote: I would like to know what are the system requirements for using Tomcat in a production server, with 50-100 users, on a Red Hat Advanced Server 3. Where can I find benchmarks ? It depends. Mostly on the application you want to use. But you didn't bother to tell it. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JSP compilation error in Tomcat 5.5 using type Vector
Hi all, I have a problem while trying to migrate an application from Tomcat 4.1 to Tomcat 5.5. I get a JasperException when tomcat try to compile a JSP : The method add(String) is undefined for the type Vector The method iterator() is undefined for the type Vector I've put the complete trace at the end of the message. I'm using tomcat 5.5.15. I've tried with 2 version of Java (JAVA_HOME set to 1.5.0_06 or 1.4.2_04 (with compat package)). I've also tried on 2 different platforms : solaris and linux. The problem is always the same. It seems that the compiler is trying to compile the generated java file with a java 1.1 compatibility. I've read in the documentation that the JDT compiler should work with a 1.4 compatibility by default (I've tried to set the servlet init parameters compilerSourceVM and compilerTargetVM without success). I've found a workaround that consist in using javac compiler instead of JDT compiler but I'd prefer using JDT compiler. Can someone help me and tell me what I'm doing wrong ? Thanks in advance Thibaut exception org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: 4 in the jsp file: /jsp/Test.jsp Generated servlet error: The method add(String) is undefined for the type Vector An error occurred at line: 4 in the jsp file: /jsp/Test.jsp Generated servlet error: The method add(String) is undefined for the type Vector An error occurred at line: 11 in the jsp file: /jsp/Test.jsp Generated servlet error: The method iterator() is undefined for the type Vector org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: 4 in the jsp file: /jsp/Test.jsp Generated servlet error: The method add(String) is undefined for the type Vector An error occurred at line: 4 in the jsp file: /jsp/Test.jsp Generated servlet error: The method add(String) is undefined for the type Vector An error occurred at line: 11 in the jsp file: /jsp/Test.jsp Generated servlet error: The method iterator() is undefined for the type Vector org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:84) org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:328) org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:409) org.apache.jasper.compiler.Compiler.compile(Compiler.java:297) org.apache.jasper.compiler.Compiler.compile(Compiler.java:276) org.apache.jasper.compiler.Compiler.compile(Compiler.java:264) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:303) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP compilation error in Tomcat 5.5 using type Vector
Of course,
Here is the very simple JSP that have written to isolate the error
<%@ page language="java" %>
<%@ page import="java.util.Vector" %>
<%@ page import="java.util.Iterator" %>
<%
Vector v = new Vector();
v.add("Hello");
v.add("World");
%>
<%
Iterator it = v.iterator();
while (it.hasNext()) {
%>
<%=it.next() %>
<%
}
%>
Thibaut
Michael Andreas Omerou a écrit :
Can we have the code that causes this error?
-Original Message-
From: Thibaut Nicolas [mailto:[EMAIL PROTECTED]
Sent: 20 February 2006 16:33
To: users@tomcat.apache.org
Subject: JSP compilation error in Tomcat 5.5 using type Vector
Hi all,
I have a problem while trying to migrate an application from
Tomcat 4.1 to Tomcat 5.5.
I get a JasperException when tomcat try to compile a JSP :
The method add(String) is undefined for the type Vector The
method iterator() is undefined for the type Vector I've put
the complete trace at the end of the message.
I'm using tomcat 5.5.15. I've tried with 2 version of Java
(JAVA_HOME set to 1.5.0_06 or 1.4.2_04 (with compat package)).
I've also tried on 2 different platforms : solaris and linux.
The problem is always the same. It seems that the compiler is
trying to compile the generated java file with a java 1.1
compatibility.
I've read in the documentation that the JDT compiler should work with a
1.4 compatibility by default (I've tried to set the servlet
init parameters compilerSourceVM and compilerTargetVM without success).
I've found a workaround that consist in using javac compiler
instead of JDT compiler but I'd prefer using JDT compiler.
Can someone help me and tell me what I'm doing wrong ?
Thanks in advance
Thibaut
exception
org.apache.jasper.JasperException: Unable to compile class for JSP
An error occurred at line: 4 in the jsp file: /jsp/Test.jsp
Generated servlet error:
The method add(String) is undefined for the type Vector
An error occurred at line: 4 in the jsp file: /jsp/Test.jsp
Generated servlet error:
The method add(String) is undefined for the type Vector
An error occurred at line: 11 in the jsp file: /jsp/Test.jsp
Generated servlet error:
The method iterator() is undefined for the type Vector
org.apache.jasper.servlet.JspServletWrapper.handleJspException(
JspServletWrapper.java:510)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletW
rapper.java:375)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.
java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
root cause
org.apache.jasper.JasperException: Unable to compile class for JSP
An error occurred at line: 4 in the jsp file: /jsp/Test.jsp
Generated servlet error:
The method add(String) is undefined for the type Vector
An error occurred at line: 4 in the jsp file: /jsp/Test.jsp
Generated servlet error:
The method add(String) is undefined for the type Vector
An error occurred at line: 11 in the jsp file: /jsp/Test.jsp
Generated servlet error:
The method iterator() is undefined for the type Vector
org.apache.jasper.compiler.DefaultErrorHandler.javacError(Defau
ltErrorHandler.java:84)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDisp
atcher.java:328)
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompile
r.java:409)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:297)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:276)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:264)
org.apache.jasper.JspCompilationContext.compile(JspCompilationC
ontext.java:563)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletW
rapper.java:303)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.
java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP compilation error in Tomcat 5.5 using type Vector
I've tried to put the sample JSP in webapps/jsp-examples and it works. So the problem may not be linked to the version of tomcat but to the context in which I deployed my application. Maybe there's a problem with my classpath (WEB-APP/lib folder) I'll try to investigate in that way and let you know Thanks for this idea Thibaut Caldarale, Charles R a écrit : From: Thibaut Nicolas [mailto:[EMAIL PROTECTED] Subject: Re: JSP compilation error in Tomcat 5.5 using type Vector Here is the very simple JSP that have written to isolate the error This probably won't help much: your sample JSP works fine for me on nearly stock versions of 5.5.15 and 5.5.12, on different platforms. All I did was drop your code into webapps/jsp-examples/vtest.jsp and hit it with a browser. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP compilation error in Tomcat 5.5 using type Vector
That's it ! I had a library containing java 1.1 classes in my classpath. It seems that JDT uses the classes that are in the classpath instead of those that are in the JRE. This behaviour is a bit different of Sun compiler. Thanks for your help Thibaut Thibaut Nicolas a écrit : I've tried to put the sample JSP in webapps/jsp-examples and it works. So the problem may not be linked to the version of tomcat but to the context in which I deployed my application. Maybe there's a problem with my classpath (WEB-APP/lib folder) I'll try to investigate in that way and let you know Thanks for this idea Thibaut Caldarale, Charles R a écrit : From: Thibaut Nicolas [mailto:[EMAIL PROTECTED] Subject: Re: JSP compilation error in Tomcat 5.5 using type Vector Here is the very simple JSP that have written to isolate the error This probably won't help much: your sample JSP works fine for me on nearly stock versions of 5.5.15 and 5.5.12, on different platforms. All I did was drop your code into webapps/jsp-examples/vtest.jsp and hit it with a browser. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Last Byte Detection
Hi everybody, I'm trying to get the information of sending the last byte of a file through Tomcat. I've done many tests, I've looked in the archives and nothing came up. So I'm thinking that maybe I'm not posting where I should, if it is so, please tell me so and tell me where I could find the info. I know this mailing list is about configuration but here is what I do and the configuration: I'm doing a loop with a FileInputStream and writing each byte to the OutputStream I got from my HttpServletResponse. No Exception or whatever is thrown when I kill the connection once the url has been requested. I use apache and tomcat. They're connected with the ajp13 connector. I've looked in the connector configuration (workers.properties) options but found nothing. Any help, hint , ... would be greatly appreciated :) Thank's in advance, Nicolas Schwartz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Last Byte Detection
Darryl Miles wrote:
> Nicolas Schwartz wrote:
>> I'm trying to get the information of sending the last byte of a file
>> through Tomcat.
>> I've done many tests, I've looked in the archives and nothing came up.
>> So I'm thinking that maybe I'm not posting where I should, if it is
>> so, please tell me so and tell me where I could find the info.
>>
>> I know this mailing list is about configuration but here is what I do
>> and the configuration:
>> I'm doing a loop with a FileInputStream and writing each byte to the
>> OutputStream I got from my HttpServletResponse.
>>
>> No Exception or whatever is thrown when I kill the connection once the
>> url has been requested.
>>
>> I use apache and tomcat. They're connected with the ajp13 connector.
>> I've looked in the connector configuration (workers.properties)
>> options but found nothing.
>>
>> Any help, hint , ... would be greatly appreciated :)
>
>
> I read this to mean you want to emit a file in a HTTP response and the
> APIs are you using are not Tomcat specific.
>
> Check out the InputStream interface at
> http://java.sun.com/j2se/1.4.2/docs/api/java/io/InputStream.html
>
>
> byte[] b = new byte[4096];
> for(;;) {
> int l;
> if((l = fileInputStream.read(b, 0, b.length)) == -1) {
> break;// No more data from file
> }
> response.getOutputStream().write(b, 0, l);
> }
> response.getOutputStream().flush(); // So we see exception in our
> Servlet code
>
>
>
> The "kill the connection" bit is a bit confusing, you mean you are
> testing the premature killing of a client connection of a partically
> downloaded file.
>
> It depends how the connection is killed on when you will see the
> exception, for example if a network socket level reset is performed then
> some form of IOException should be thrown during the
> getOutputStream.print("") or during a flush() or close().
>
> If your servlet does not explicitly do the flush() or close() on the
> data it wrote but terminates the HttpServlet.doGet() method then you
> leave it upto the container to complete the flushing. Then you may not
> see any exception as the container may just deal with it and eat it up.
>
> If you are not killing the connection off at the network level then it
> may take Tomcat sometime to automatically kill it off through normal
> network level dead socket detection (max retry / keepalive failure).
>
>
> HTH
>
> Darryl
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
Hi, thank's for your answer first.
I want to detect if a terminal gets all of the file he wanted to download
through the HTTP connection.
I agree with you that i don't use a specific tomcat api for that but I think
that would help to get a global view of the problem.
I thought that the fact that no exception is thrown maybe comes from the way
tomcat is configured.
To explain this completely, here is a part the main java on the other side:
HttpURLConnection c=(HttpURLConnection)u.openConnection();
InputStream is=c.getInputStream();
FileOutputStream fos=new FileOutputStream(new File("/home/XXX/lbd.3gp"));
for(int i=is.read();i!=-1;i=is.read()){
fos.write(i);
fos.flush();
c.disconnect();//same problem if no disconnect before exit
System.exit(0);
}
So I get only the first byte.
--
On the server side,
I tried what you told but still no exception is thrown.
I was flushing after every bytes written to the outputStream but that seams to
make no difference.
In the apache logs, I see more than the byte received (16376) :(
--
So I thought maybe there is some sort of cache between apache and tomcat and
this came from tomcat configuration ?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: A way to know if file download has ended
> This is one of those issues that just can't be solved > with simple HTTP and HTML. There isn't a response > sent to the server to tell it every single download > was successful (or at least not sent back to the web > application ... TCP makes sure the last bytes get to > the other side successfully or an error occurs, but > the applications on the server side can't tell this or > at least I don't know how). Then to make the > situation more difficult there is no defined event for > tying into the HTTP process for when a certain > download has occurred successfully. So, one has to > use a download manager of some kind to more easily > manage things like this. This could be a signed java > applet or shockwave file or a COM object (not cross > platform so I wouldn't recommend that, but you might > think it's ok if you force IE and windows). One could > more easily tell if an upload had finished because you > at least have a defined form element you can access > through DOM, get the name, and then monitor the upload > progress. > > Wade > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Hi, I agree with Wade about not knowing in Tomcat whether download succeeded or not. I tried many code and discussed about it in the forum and came to the conclusion it is not possible. (subject was "Last Byte Detection", conclusion was: HTTP is not the good level to detect that.) Good luck, Nicolas - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems connecting
Hi, Why don't you try http://62.56.xxx.xxx:8080 with the j2me emulator ? If it works that way we may conclude that you have a j2me issue. If not it may be a tomcat conf problem. You should also access the url through your favorite browser (firefox) ... Tell us the results ! regards, Nicolas [EMAIL PROTECTED] wrote: Hi experts, let me explain the situation first & let me tell you that Im really newbie with application server. What I done is a Java application (J2ME) that works over cellphone, with the java toolkit I got an emulator & my application works properly, I send a request the servlet over Tomcat reply properly... Of course in testing Im working with localhost:8080/blabla/bla The point is when I change localhost with a real ip 62.56.xxx.xxx I cannot connect to the server, but the nice things is if in my cellphone I enter the address http://62.56.xxx.xxx:8080 I got the tipical welcome page of Tomcat. So is not the firewall is not the router.. I guess is something that I have to set up, but trust me I don't know where... Could you help me pls Cheers Roberto - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Form based auth - Not working
Hi, I'm experiencing a problem with the FORM based authentication provided by Tomcat. I've done almost (I think that everything!) that the doc requires to configure a FORM based authentication and doesn't work. I have a DB with users and user-roles tables and data in those tables but every time I try to log in my application it will fail with no reason, nor log either! I started thinking that any kind of authentication wasn't going to work, so I tried using the BASIC based one, which surprisingly worked :) So, I don't know what is my mistake. I'm sending here the content of my context xml file in The db schema has been also configured to let anyone to get a connection to it, so that's not a problem and I've also tried getting data from the DataSource configured from my app and IT works fine! (as u may see, the realm is not a DataSourceRealm because it doesn't work at all, at least in my case!!! Another problem for another thread I guess...) The web.xml of my app is correctly configured and that's not the problem! Does any of you what is my problem? Regards, Nicolas Gonzalez P.S.: OS: Ubuntu 7.0.4 / Tomcat: 5.5 / Java: 5 / DB: MySQL 5 just in case any of u needs that info...
Re: Form based auth - Not working
Hi Mark and David! See my response inline On 10/8/07, Mark Thomas <[EMAIL PROTECTED]> wrote: > > Nicolas Gonzalez wrote: > > I've done almost (I think that everything!) that the doc requires to > > configure a FORM > > based authentication and doesn't work. > > I have a DB with users and user-roles tables and data in those tables > but > > every time I try > > to log in my application it will fail with no reason, nor log either! > > I started thinking that any kind of authentication wasn't going to work, > so > > I tried using the > > BASIC based one, which surprisingly worked :) > > BASIC auth with the realm below or with the MemoryUserDatabaseRealm? With the MemoryUserDatabaseRealm > So, I don't know what is my mistake. > > I'm sending here the content of my context xml file in > > Looks OK at first glance. Looks ok for me too! > (as u may see, the realm is not a DataSourceRealm because it doesn't work > at > > all, at least in my > > case!!! Another problem for another thread I guess...) > > That is probably because you need to specify localDataSource="true" to > tell the Realm the data source is defined in context.xml rather than > globally in server.xml Thx for this information. I didn't know that. I'll try and tell u what happens after with that change! > The web.xml of my app is correctly configured and that's not the problem! > > Can we see it any way, just to confirm please. Sure. Here it is the security part of the xml file: .. Posgrado /* DELETE GET POST PUT admin Administrador de la aplicacion admin FORM Posgrado Realm /login.jsp /autherror.jsp As you may have realized, in the BD there's a user with the role "admin" and (this was requested by David's email) the login.jsp and autherror.jsp are jsps taken from the examples of the tomcat documentation. Every time I try to go to a configured action (Struts action), let's say: main.do or whatever, I'm taken to the login.jsp. After typying in the user and pass (correctly typed) I'm taken to the autherror.jsp instead of the desired action. The jsp is just like the examples of the doc. This is the reason whay I'm not attaching those files to the email, because it's just the same Thanks in advance, Nicolas Gonzalez Buenos Aires - Argentina Mark > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Form based auth - Not working
Hi all, Thx for all the answers. I deleted my context file, the login.jsp, the data from the db and configured everything again (using localDataSource="true" to be able to use the local data source) . Now the auth is working!!! I'm pretty sure, as u said, that I had a problem or in my jsp login file or in the db. I really can't tell what really happened, but i'm sure it was my mistake... Thx again for everything!!! Nicolas Gonzalez Buenos Aires - Argentina On 10/8/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Nicolas, > > Nicolas Gonzalez wrote: > > I have a DB with users and user-roles tables and data in those tables > but > > every time I try > > to log in my application it will fail with no reason, nor log either! > > Care to give us the database schema you are using? Please only show > those tables that are relevant (USERS and USER_ROLES). You might want to > provide sample contents for the user you are using as a test. > > > I started thinking that any kind of authentication wasn't going to work, > so > > I tried using the > > BASIC based one, which surprisingly worked :) > > Well, that's telling. I'm guessing your isn't done correctly. > Would you like to show us the form you are using, or should we keep > guessing? > > > validationQuery="select * from TEST" > > Ouch! I wouldn't do that if I were you. > > > > Since you've got a JNDI connection pool already configured, why not use > that for your Realm (DataSourceRealm) instead of a JDBCRealm. That way, > everything uses the same set of connections instead of one separate one > for logins. > > > (as u may see, the realm is not a DataSourceRealm because it doesn't > work at > > all, at least in my > > case!!! Another problem for another thread I guess...) > > I'm guessing that your form is the problem, not the database. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHCqUw9CaO5/Lv0PARAjlHAJ9PuW+DT9/4KlXsj6px3EDhGVoiiACeIu7+ > 7DkzhMXZechE6HdiRa0Ai88= > =1A0q > -END PGP SIGNATURE- > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
mod_jk problem for post request ended with a ? (question mark)
Hello all, I have apache 2.2 in front of tomcat 6.0.13 and I use mod_jk (1.2.25) as the connector. It seems that whenever a form containing a question mark at the end of the form action parameter is posted, mod_jk is dying silently (but recover) (The resulting url is something like that /mysite/action.do? ). No response at all is sent to the client. Is this something known or is only me experiencing that problem. I know that the url should not really containts the ending "?", but I can't control that. Cheers Nicolas - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk problem for post request ended with a ? (question mark)
Thank you Rainer for taking the time to answer. My comments are below. > > Not a known problem. You can increase log level via "JkLogLevel debug". > There should be a line containing "service" or "Service", which includes > the URI) we send forward to Tomcat. > > The log will also show you, if any of your JkMount directives match, > i.e. if mod_jk thinks it should forward, or it shouldn't. I have set the log level to debug and when I submit that form the only think I can see in the mod_jk log are the following lines: Mod jk [Sat Nov 03 11:00:34 2007] [1936:3085977296] [debug] map_uri_to_worker::jk_uri_worker_map.c (609): Attempting to map context URI '/app/*=ajp13' source 'JkMount' [Sat Nov 03 11:00:34 2007] [1936:3085977296] [debug] map_uri_to_worker::jk_uri_worker_map.c (624): Found a wildchar match '/app/*=ajp13' And then nothing else. Interestingly, at the same time of the request, in the error log of apache, I always have the following: [Sat Nov 03 11:00:34 2007] [notice] child pid 1936 exit signal Segmentation fault (11) On successful requests, I indeed observe the "Service finished " with the status. > You can report your findings back here, but please include configuration > used, and some more details, like how exactly does the problematic URL > look like. Sorry, I did not give enough details. So I just create a simple jsp to reproduce the problem. If I submit the jsp below (which name should be test.jsp), I never receive a response back from the server. (Actually I could observe that the problem is not necessarily linked to the post method. You can reproduce it with a get method if there are no input in the form.) I am running httpd 2.2.3 on CentOS 5. I have compiled my-self mod_jk as the instruction in the BUILD.txt. Mod_jk is talking to tomcat 6.0.13. --BEGIN JSP <%@ page language="java" %> Test --END JSP - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk problem for post request ended with a ? (question mark)
I forgot to mention that the request is sent over https. The https is handled by apache httpd. I am not sure If this has an impact as it would be difficult for me to test it under http. Cheers Nicolas - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk problem for post request ended with a ? (question mark)
> > Your test JSP works fine for me with Apache httpd 2.2.6 and mod_jk > 1.2.25 on Solaris. Since your jk log file ends very early in the request > processing, the tomcat version should not matter (I used 5.5). > > I would guess, that something with your build is broken. It would also > help, if we could see your mod_jk config (you posted parts of it, but it > looks like things are missing). The apache mod_jk configuration is this one. Would you need the workers.properties? LoadModule jk_module modules/mod_jk.so JkWorkersFile /etc/httpd/conf.d/workers.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevel debug JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkOptions +ForwardKeySize JkMount /app/* ajp13 JkMount /app ajp13 These are the exact steps I have taken to build mod_jk: ./configure --enable-debug --with-apxs=/usr/sbin/apxs make clean make and then as root make install > Does the segmentation fault produce a core dump? > If no, start Apache httpd as a non-root user (and use ports above 1024) > and maybe set CoreDumpDirectory. Then it should produce a core, whenever > a segmentation fault appears in the log file. > > A core can then be inspected with gdb. Using gdb you can issue the > command "bt" for backtrace. This will show us, in which mod_jk function > the crash occured. I managed to produce a core, but it does not look like there are any debugging info available. When I run the bt command (using gdb -c /path/to_core), have the following: Using host libthread_db library "/lib/libthread_db.so.1". Core was generated by `/usr/sbin/httpd'. Program terminated with signal 11, Segmentation fault. #0 0x0068dbf2 in ?? () (gdb) bt #0 0x0068dbf2 in ?? () #1 0x08506478 in ?? () #2 0x0068fb6a in ?? () #3 0xbfc5b04c in ?? () #4 0x in ?? () Would that mean the problem is not in mod_jk, or would that mean I did not compile mod_jk in debug mode? Thanks again for your help. Best regards, Nicolas - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[SOLVED] Re: mod_jk problem for post request ended with a ? (question mark)
Thanks again Rainer for guiding me toward the core/gdb/stacktrace approach. After managing to get a meaningfull stacktrace (using gdb httpd core_file) it was easy to see that the problem was NOT in mod_jk but in another module (mod_auth_cas). I'll report this problem to them. Best regards, Nicolas - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
unknown protocol: httpg
Hi,
I would like to contact httpg servers with a servlet host on a tomcat
server and I have an error :
java.net.MalformedURLException: unknown protocol: httpg
at java.net.URL.(URL.java:395)
at java.net.URL.(URL.java:283)
when I do :
SimpleProvider p = new SimpleProvider();
p.deployTransport("httpg", new SimpleTargetedChain(new
org.globus.axis.transport.GSIHTTPSender()));
org.globus.axis.util.Util.registerTransport();
new java.net.URL("httpg","srm-server", 1234, "/srm");
It seems that the httpg registration is not done ...
I use a Tomcat 5 server,
ideas?
Thanks,
Nicolas
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: unknown protocol: httpg
Hi David;
Ok , It works well with the second solution, I put the globus library in
the common/lib directory of Tomcat .
Thanks a lot
Nicolas
David Delbecq a écrit:
Hello Nicolas,
java.net.URL is trying to instanciate a handler for protocol httpg and
fails. Looking at your code, i suppose
org.globus.axis.util.Util.registerTransport() is
supposed to add an handler. This works find in standalone application,
but in J2EE environment the URL class can not see classes inside your
webapp (see tomcat classloader documentation on website for
explanations) and as such can not instanciate them.
I recommend you try using the following URL form:
new URL(URL context, String spec, URLStreamHandler handler)
and you provide a URLStreamHandler for globus.
Another, but ugly, solution is to put globus classes inside system
classloader.
En l'instant précis du 18/09/07 14:42, DEMESY Nicolas s'exprimait en ces
termes:
Hi,
I would like to contact httpg servers with a servlet host on a tomcat
server and I have an error :
java.net.MalformedURLException: unknown protocol: httpg
at java.net.URL.(URL.java:395)
at java.net.URL.(URL.java:283)
when I do :
SimpleProvider p = new SimpleProvider();
p.deployTransport("httpg", new SimpleTargetedChain(new
org.globus.axis.transport.GSIHTTPSender()));
org.globus.axis.util.Util.registerTransport();
new java.net.URL("httpg","srm-server", 1234, "/srm");
It seems that the httpg registration is not done ...
I use a Tomcat 5 server,
ideas?
Thanks,
Nicolas
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Cactus Authentication problem with Tomcat > 5.5.20
Hello all, I am having some difficulties to setup cactus tests using tomcat > 5.5.20 (Everything works fine with 5.5.20). I am using form authentication in cactus tests (as described on the cactus web site). When I look at the generated request, I get the authentication layer called with all the parameters needed for the test (service name, class,...), but when the request for the actual test is generated it is missing all the parameters to run the test. So I am suspecting something must have change in tomcat (nothing has changed in the cactus environment) in the way the authentication calls are handled in tomcat post 5.5.20 (I have tried 5.5.23 and 5.5.25). If I disable authentication all is working fine again. For the authentication layer we use a JDBC Realm. Outside cactus tests the webapp is working fine in 5.5.25. I would really appreciate if anyone would have an idea where I should look at as I am really having a hard time to understand where these parameters get swallowed. Regards Nicolas - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: how to invalidate old sessions when new user access appl on same machine
Thats a problem in your server code... Session is binded to a connection (browser session) basically, not a machine. If you open a second browser (or a second tab) you should get a different session-id. Don't use JSESSIONID in url parameters, but in session cookie (unless you need to cross protocols like http <-> https) For security, you will have to bind an 'ending' date to the session's authentication. Nicolas Romantzoff General Manager Tél.: (+33) 478 53 65 17 -Original Message- From: Vishnu Vardhana Reddy [mailto:vishnu...@gmail.com] Sent: Friday, 19 December, 2008 12:55 To: users@tomcat.apache.org Subject: how to invalidate old sessions when new user access appl on same machine hi all, I am using Mozilla browser to access my web application.User one access my application using his credentials .but i left that browser open.after that I am opening the another Mozilla window and accessing my application using different credentials ex:user2 credentials .user 2 also can access my application.but when i open the first browser ..am automatically getting second user session.how can we avoid this problem. Application is using session identifier(jSessionID) as the URL parameter for session management. is it possible to invalidate the old session when new user access on same machine. thanks, Vishnu -- View this message in context: http://www.nabble.com/how-to-invalidate-old-sessions-when-new-user-access-ap pl-on-same-machine-tp21090090p21090090.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ avast! Antivirus <http://www.avast.com> : Outbound message clean. Virus Database (VPS): 081218-0, 2008-12-18 Tested on: 2008-12-19 13:54:20 avast! - copyright (c) 1988-2008 ALWIL Software. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: .nfsxxx file created when undeploying applications
Hi, I have a Tomcat 5.5.17 run on Solaris. TOMCAT_HOME is on a mounted NFS partition. When doing undeploy of an application, some .nfsxx files are created et dot no allow suppression of repertories. A similar bug for JARs has been opened but not fixed ( https://issues.apache.org/bugzilla/show_bug.cgi?id=39616) and It said that is not a tomcat bug. The workaround (antiResourceLocking set at true) is not acceptable since there are obvious side effects (significantly impact startup time of applications, the disabling of JSP reloading in a running server, applications that are outside the appBase for the Host will cause the application to be *deleted* on Tomcat shutdown). It seems that one process of tomcat still have files opened when trying to remove files and that's why .nfsxxx files are created. So in my point of view it is a Tomcat bug, all processes should close files before removing it on NFS. Have you got any idea of what can I do to fix this problem? Did I open a new bug? Regards, Nico
Re: .nfsxxx file created when undeploying applications
It's for a client too and I don't have acces to the server or applications so I first think it comes from Tomcat and now I'm trying to understand what's happening and what is possible to do. Thanks 2011/10/23 Hassan Schroeder > On Sun, Oct 23, 2011 at 1:56 AM, Nicolas Dordet > wrote: > > > I have a Tomcat 5.5.17 run on Solaris. TOMCAT_HOME is on a mounted NFS > > partition. When doing undeploy of an application, some .nfsxx files are > > created et dot no allow suppression of repertories. > > > It seems that one process of tomcat still have files opened when trying > to > > remove files and that's why .nfsxxx files are created. So in my point of > > view it is a Tomcat bug, all processes should close files before removing > it > > on NFS. > > Wow, I had a client with the exact same problem and -- oh, wait, it > wasn't Tomcat, it was OC4J :-) > > And IIRC those files are artifacts that appear for reasons having > nothing to do with undeployment; it's only that undeployment fails > and makes those artifacts' presence obvious. > > The fix is *not running an app server off an NFS partition*. Really. > > "Doctor, it hurts when I hit myself in the head." > > "Don't do that." > > YMMV, > -- > Hassan Schroeder hassan.schroe...@gmail.com > http://about.me/hassanschroeder > twitter: @hassan > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
mod_jk/1.2.32 - Error connecting to Tomcat only on one page
Hello all, English is not my native language, please excuse typing errors. I met a problem which I do not manage to explain... My environement (one server) : Server version : Apache Tomcat/5.5.26 Server built : Jan 28 2008 01:35:23 Server number : 5.5.26.0 OS Name : Linux (Red Hat Enterprise Linux Server release 5.2 (Tikanga)) OS Version : 2.6.18-92.el5 Architecture : i386 JVM Version : 1.6.0_06-b02 JVM Vendor : Sun Microsystems Inc. Web server version : Apache/2.2.21 (Unix) mod_jk/1.2.32 Web server communicate with application server by AJP/13, module mo_jk. My configuration : Server.xml : [...] [...] worker.properties : # define worker worker.list=ajp13 # Set properties for ajp13 => tomcat worker.ajp13.type=ajp13 worker.ajp13.host=localhost worker.ajp13.port=8011 worker.ajp13.connection_pool_size=1200 worker.ajp13.connection_pool_timeout=600 worker.ajp13.socket_keepalive=true worker.ajp13.socket_timeout=600 My VirtualHost : [...] JkMount /* ajp13 [...] Usually, it's work correctly, but sometime, only on certain pages, woker can't connect to Tomcat. In my logs files, I have : mod_jk.log : [...] [Wed Sep 19 19:23:05 2012][2923:47030846901328] [error] ajp_service::jk_ajp_common.c (2626): (ajp13) connecting to tomcat failed. [Wed Sep 19 19:26:21 2012][2956:47030846901328] [error] ajp_service::jk_ajp_common.c (2626): (ajp13) connecting to tomcat failed. [Wed Sep 19 19:26:27 2012][1941:47030846901328] [error] ajp_service::jk_ajp_common.c (2626): (ajp13) connecting to tomcat failed. [Wed Sep 19 19:26:27 2012][2917:47030846901328] [error] ajp_service::jk_ajp_common.c (2626): (ajp13) connecting to tomcat failed. [Wed Sep 19 19:26:28 2012][1821:47030846901328] [error] ajp_service::jk_ajp_common.c (2626): (ajp13) connecting to tomcat failed. [Wed Sep 19 19:26:29 2012][2906:47030846901328] [error] ajp_service::jk_ajp_common.c (2626): (ajp13) connecting to tomcat failed. [...] [Wed Sep 19 19:27:11 2012][2926:47030846901328] [error] ajp_service::jk_ajp_common.c (2626): (ajp13) connecting to tomcat failed. [...] VirtualHost log file : [...] ipuser1 - - [19/Sep/2012:19:26:06 +0200] "GET /page1 HTTP/1.1" 200 49467 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 162574 ipuser1 - - [19/Sep/2012:19:26:21 +0200] "GET /page2 HTTP/1.1" 500 21 "http://servername/page1"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 104361 ipuser1 - - [19/Sep/2012:19:26:26 +0200] "GET /page2 HTTP/1.1" 500 21 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 105824 ipuser1 - - [19/Sep/2012:19:26:27 +0200] "GET /page2 HTTP/1.1" 500 21 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 105062 ipuser1 - - [19/Sep/2012:19:26:28 +0200] "GET /page2 HTTP/1.1" 500 21 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 106297 ipuser1 - - [19/Sep/2012:19:26:29 +0200] "GET /page2 HTTP/1.1" 500 21 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 105792 ipuser1 - - [19/Sep/2012:19:26:30 +0200] "GET /page2 HTTP/1.1" 500 21 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 104940 [...] ipuser1 - - [19/Sep/2012:19:27:08 +0200] "GET /page1 HTTP/1.1" 200 49095 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 352904 ipuser1 - - [19/Sep/2012:19:27:11 +0200] "GET /page2 HTTP/1.1" 500 21 "http://servername/page1"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 105703 ipuser1 - - [19/Sep/2012:19:27:17 +0200] "GET /page3 HTTP/1.1" 200 8882 "http://servername/page1"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 411922 [...] Take a look on requested pages : - request on "/page1" return HTTP code 200 - request on "/page2" return HTTP code 500, and an error message is logged in mod_jk.log - request on "/page3" return HTTP code 200 I haven't error in applicat
Re: Sticky sessions not working
Hello, Add : worker.node1.route=node1 And : worker.node2.route=node2 To use sticky session. These directives attach name route at the end of JSESSIONID. Best regards, Nicolas SARAZIN Le vendredi 21 septembre 2012, Lou Henry a écrit : > I'm running Apache Tomcat 7.0.14 and Apache 2.2.21 (mod_jk1.2.37). I > am trying to load balance two Tomcat Servers and sticky sessions are > not working. I am running > a two-factor authentication package and it looks like my LB > configuration is directing the user to one Tomcat for part of the > transaction and to the other Tomcat > server for the other part. When I bring down one of the Tomcat > servers, everything works fine; but with both Tomcat servers up, I get > 500 errors. So, I am trying > to stick the webserver session to one particular Tomcat server. > Listed below is my configuration. Also, I tried without the domain > directive also. I am not quite > sure if that's a random name or should it be something specific. > > Can someone please assist? Thank you... > > *workers.properties* > > worker.list=loadbalancer,status > > > > # Define Node1 > > # modify the host as your host IP or DNS name. > > worker.node1.domain=jvm1 > > worker.node1.port= > > worker.node1.host=t*20.x. > > worker.node1.type=ajp13 > > worker.node1.lbfactor=1 > > worker.node1.ping_mode=A > > > > # Define Node2 > > # modify the host as your host IP or DNS name. > > worker.node2.domain=jvm2 > > worker.node2.port= > > worker.node2.host=t*21.x. > > worker.node2.type=ajp13 > > worker.node2.lbfactor=1 > > worker.node2.ping_mode=A > > > > # Load-balancing behaviour > > worker.loadbalancer.type=lb > > worker.loadbalancer.balance_workers=node1,node2 > > worker.loadbalancer.sticky_session=True > > > > # Status worker for managing load balancer > > worker.status.type=status > > > > # Added per Anakam direction 113010 > > worker.node1.socket_keepalive=True > > worker.node1.socket_timeout=300 > > > > # Added per Anakam direction 113010 > > worker.node2.socket_keepalive=True > > worker.node2.socket_keepalive=300 > > > *server.xml on Tomcat Node 1* > > > > *server.xml on Tomcat Node 2* > > >
Re: mod_jk/1.2.32 - Error connecting to Tomcat only on one page
Christopher, Thank you for this fast answer ! Ok for all versions upgrades, I put it in my todo list ! It is a customer environment, I can't make it immediately. >> My VirtualHost : >> >> [...] JkMount /* ajp13 [...] > > Do you have anything else? If not, why bother with Apache httpd? Yes, we have lot of directives (using mod_cache, mod_proxy, ...). In reality, I have about twenty VirtualHost. >> [...] > port="8011" enableLookups="false" redirectPort="8443" debug="0" >> maxThreads="600" keepAlive="true" backlog="8192" >> minSpareThreads="25" maxSpareThreads="250" >> connectionTimeout="60" protocol="AJP/1.3" /> [...] > > That's a huge backlog, especially when you always expect a certain > maximum number of connections coming from Apache httpd. Ok for "backlog". I delete it as soon as possible. >> worker.properties : >> >> # define worker worker.list=ajp13 >> >> # Set properties for ajp13 => tomcat worker.ajp13.type=ajp13 >> worker.ajp13.host=localhost worker.ajp13.port=8011 >> worker.ajp13.connection_pool_size=1200 >> worker.ajp13.connection_pool_timeout=600 >> worker.ajp13.socket_keepalive=true worker.ajp13.socket_timeout=600 > > What MPM are you using? If you are using prefork, then your > connection_pool_size is all wrong. Generally speaking, you should > allow mod_jk to determine its own value for connection_pool_size when > using Apache httpd. > > How many backend Tomcat servers do you have? Looks like one. > > Let's assume you are using threaded MPM in httpd (otherwise the value > for 1200 is insane) and you are using only one backend Tomcat server. > > You have 1200 connections configured in httpd (connection_pool_size), > but Tomcat can only accept 600 of them (maxThreads) at any given time. > You have used backlog=8192 to cover this up so things become even more > confusing. I using prefork. Indeed, in Apache documentation : "Do not use connection_pool_size with values higher then 1 on Apache 2.x prefork or Apache 1.3.x!". It's better to delete it or to put its value to 1 ? What problems can arise with mpm prefork and connection_pool_size > 1 ? >> Usually, it's work correctly, but sometime, only on certain pages, >> woker can't connect to Tomcat. In my logs files, I have : > > I think it's only a coincidence that /page2 consistently gives you > 500-response errors, here. Try looking at a wider section of your > httpd access log to determine if there really is something special > about /page2 (of course, /page2 could be returning 500-response > itself: you might want to check on that). This page was in error 500 in acces log between 19:12:27 and 20:04:39. >> How can we explain this behavior ? > > There are lots of explanations for what you are seeing. > > A few questions: > > 1. Do you really need Apache httpd at all? > 2. Can you configure cping/cpong for connection liveness testing? > 3. Have you tried disabling AJP connection re-use altogether? >localhost communication is fast fast fast. 1 - Yes :) 2 - Yes, but not immediately 3 - I don't, but I am going to test ! Thank you ! 2012/9/20 Christopher Schultz : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Nicolas, > > On 9/20/12 10:37 AM, Nicolas Sarazin wrote: >> English is not my native language, please excuse typing errors. > > Welcome! > >> I met a problem which I do not manage to explain... >> >> My environment (one server) : >> >> Server version : Apache Tomcat/5.5.26 > > You have 10 days to upgrade, at which point you will be flying without > a parachute: Apache support for Tomcat 5.5.x expires in 10 days. I > highly recommend that you get Tomcat 7 or at least Tomcat 6 into your > test environments ASAP. > >> JVM Version : 1.6.0_06-b02 > > You could afford to upgrade that, too. Oracle is on 1.6.0_35. > >> Web server version : Apache/2.2.21 (Unix) mod_jk/1.2.32 > > 2.2.23 and 1.2.37 > >> My VirtualHost : >> >> [...] JkMount /* ajp13 [...] > > Do you have anything else? If not, why bother with Apache httpd? > >> [...] > port="8011" enableLookups="false" redirectPort="8443" debug="0" >> maxThreads="600" keepAlive="true" backlog="8192" >> minSpareThreads="25" maxSpareThreads="250" >> connectionTimeout="60" protocol="AJP/1.3" /> [...] > > That's a huge backlog, especially when you always expect a certain > maximum number of co
Re: mod_jk/1.2.32 - Error connecting to Tomcat only on one page
Hi Christopher, And thank you for this invaluable information ! I shall continue the discussion if the problem persists after the update of my configuration. Nicolas SARAZIN 2012/9/21 Christopher Schultz : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Nicholas, > > On 9/21/12 4:14 AM, Nicolas Sarazin wrote: >> Ok for all versions upgrades, I put it in my todo list ! It is a >> customer environment, I can't make it immediately. > > That's okay, but you need to be ready when your customer says "hey, > Tomcat 5.5.x is no longer supported: we need to upgrade". > >>> Christopher Schultz wrote: >>> >>> Do you have anything else? If not, why bother with Apache httpd? >> >> Yes, we have lot of directives (using mod_cache, mod_proxy, ...). >> In reality, I have about twenty VirtualHost. > > Fair enough: it's always worth asking. Lots of people think that > Apache httpd is, for some reason, required. > >>> What MPM are you using? If you are using prefork, then your >>> connection_pool_size is all wrong. Generally speaking, you >>> should allow mod_jk to determine its own value for >>> connection_pool_size when using Apache httpd. >>> >>> How many backend Tomcat servers do you have? Looks like one. >>> >>> Let's assume you are using threaded MPM in httpd (otherwise the >>> value for 1200 is insane) and you are using only one backend >>> Tomcat server. >>> >>> You have 1200 connections configured in httpd >>> (connection_pool_size), but Tomcat can only accept 600 of them >>> (maxThreads) at any given time. You have used backlog=8192 to >>> cover this up so things become even more confusing. >> >> I using prefork. Indeed, in Apache documentation : "Do not use >> connection_pool_size with values higher then 1 on Apache 2.x >> prefork or Apache 1.3.x!". It's better to delete it or to put its >> value to 1 ? > > I would delete the option altogether - per the documentation - and > allow mod_jk to select the appropriate setting. > >> What problems can arise with mpm prefork and connection_pool_size > >> 1 ? > > A big waste of memory and a lot of needless overhead. I dunno how > mod_jk manages its connections, but it might immediately open 1200 > connections per prefork process to your backend, which can waste a lot > of resources, too. > >>>> Usually, it's work correctly, but sometime, only on certain >>>> pages, woker can't connect to Tomcat. In my logs files, I have >>>> : >>> >>> I think it's only a coincidence that /page2 consistently gives >>> you 500-response errors, here. Try looking at a wider section of >>> your httpd access log to determine if there really is something >>> special about /page2 (of course, /page2 could be returning >>> 500-response itself: you might want to check on that). >> >> This page was in error 500 in acces log between 19:12:27 and >> 20:04:39. >> >>>> How can we explain this behavior ? >>> >>> There are lots of explanations for what you are seeing. >>> >>> A few questions: >>> >>> 1. Do you really need Apache httpd at all? 2. Can you configure >>> cping/cpong for connection liveness testing? 3. Have you tried >>> disabling AJP connection re-use altogether? localhost >>> communication is fast fast fast. >> >> 1 - Yes :) 2 - Yes, but not immediately 3 - I don't, but I am going >> to test ! > > Good luck. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > > iEYEARECAAYFAlBc4BMACgkQ9CaO5/Lv0PA/8gCgm0FxMnBA7t5lxZzB5t5rZMPg > tAkAniqoOQWd7ttK+COk9w0I1g9HHt6R > =59/Q > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk/1.2.32 - Error connecting to Tomcat only on one page
Hello, I want to update Apache with 2.4.2 version. But, on mod_jk download page, we have only "mod_jk-1.2.32-httpd-2.2.21-nw.zip" (for httpd 2.2.21). Is it compatible with Apache httpd 2.4.2 ? Thanks in advance, Nicolas SARAZIN 2012/9/24 Nicolas Sarazin : > Hi Christopher, > > And thank you for this invaluable information ! > > I shall continue the discussion if the problem persists after the > update of my configuration. > > Nicolas SARAZIN > > 2012/9/21 Christopher Schultz : >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Nicholas, >> >> On 9/21/12 4:14 AM, Nicolas Sarazin wrote: >>> Ok for all versions upgrades, I put it in my todo list ! It is a >>> customer environment, I can't make it immediately. >> >> That's okay, but you need to be ready when your customer says "hey, >> Tomcat 5.5.x is no longer supported: we need to upgrade". >> >>>> Christopher Schultz wrote: >>>> >>>> Do you have anything else? If not, why bother with Apache httpd? >>> >>> Yes, we have lot of directives (using mod_cache, mod_proxy, ...). >>> In reality, I have about twenty VirtualHost. >> >> Fair enough: it's always worth asking. Lots of people think that >> Apache httpd is, for some reason, required. >> >>>> What MPM are you using? If you are using prefork, then your >>>> connection_pool_size is all wrong. Generally speaking, you >>>> should allow mod_jk to determine its own value for >>>> connection_pool_size when using Apache httpd. >>>> >>>> How many backend Tomcat servers do you have? Looks like one. >>>> >>>> Let's assume you are using threaded MPM in httpd (otherwise the >>>> value for 1200 is insane) and you are using only one backend >>>> Tomcat server. >>>> >>>> You have 1200 connections configured in httpd >>>> (connection_pool_size), but Tomcat can only accept 600 of them >>>> (maxThreads) at any given time. You have used backlog=8192 to >>>> cover this up so things become even more confusing. >>> >>> I using prefork. Indeed, in Apache documentation : "Do not use >>> connection_pool_size with values higher then 1 on Apache 2.x >>> prefork or Apache 1.3.x!". It's better to delete it or to put its >>> value to 1 ? >> >> I would delete the option altogether - per the documentation - and >> allow mod_jk to select the appropriate setting. >> >>> What problems can arise with mpm prefork and connection_pool_size > >>> 1 ? >> >> A big waste of memory and a lot of needless overhead. I dunno how >> mod_jk manages its connections, but it might immediately open 1200 >> connections per prefork process to your backend, which can waste a lot >> of resources, too. >> >>>>> Usually, it's work correctly, but sometime, only on certain >>>>> pages, woker can't connect to Tomcat. In my logs files, I have >>>>> : >>>> >>>> I think it's only a coincidence that /page2 consistently gives >>>> you 500-response errors, here. Try looking at a wider section of >>>> your httpd access log to determine if there really is something >>>> special about /page2 (of course, /page2 could be returning >>>> 500-response itself: you might want to check on that). >>> >>> This page was in error 500 in acces log between 19:12:27 and >>> 20:04:39. >>> >>>>> How can we explain this behavior ? >>>> >>>> There are lots of explanations for what you are seeing. >>>> >>>> A few questions: >>>> >>>> 1. Do you really need Apache httpd at all? 2. Can you configure >>>> cping/cpong for connection liveness testing? 3. Have you tried >>>> disabling AJP connection re-use altogether? localhost >>>> communication is fast fast fast. >>> >>> 1 - Yes :) 2 - Yes, but not immediately 3 - I don't, but I am going >>> to test ! >> >> Good luck. >> >> - -chris >> -BEGIN PGP SIGNATURE- >> Version: GnuPG/MacGPG2 v2.0.17 (Darwin) >> Comment: GPGTools - http://gpgtools.org >> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ >> >> iEYEARECAAYFAlBc4BMACgkQ9CaO5/Lv0PA/8gCgm0FxMnBA7t5lxZzB5t5rZMPg >> tAkAniqoOQWd7ttK+COk9w0I1g9HHt6R >> =59/Q >> -END PGP SIGNATURE- >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >>
Tomcat 7 & 8 getRemoteHost with enableLookups=true with x-forwarded-for header gets IP instead of hostname
Hello,
I have a web application load balanced in an intranet and I need to get the
hostname of the client from the request (for audit purposes).
I have verified that the load balancer is adding the header
"x-forwarded-for" and I get the correct client IP with the
HttpServletRequest method "getRemoteAddr()". Also, I have enabled the
lookups setting to true "enableLookups" and if I connect from a client to
the server without passing through the load balancer, the hostname of the
client is correctly obtained with "getRemoteHost()".
However when I send a request from a client passing through the
load-balancer the hostname is not resolved, I get only the IP when using
the method "getRemoteHost()".
I have been looking at the source code for Tomcat 7 and Tomcat 8 and I see
that in both classes that seems to handle the x-forwarded-for header, the
hostname is never obtained from IP:
- org.apache.catalina.valves.RemoteIpValve
- org.apache.catalina.filters.RemoteIpFilter
For example in RemoteIpValve (
https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/valves/RemoteIpValve.java),
we have:
*[...]*
if (remoteIp != null) {
request.setRemoteAddr(remoteIp);
request.setRemoteHost(remoteIp);
[...]
And the remote host is never resolved.
Of course I can put a filter in my web application to do search the
hostname from the remote IP using "java.net.InetAddress" for example but I
was wondering if a Tomcat native solution exists.
If not, is there any particular reason for this, or is it because no body
has required that feature.
Thanks,
Yann Nicolas
Re: Tomcat 7 & 8 getRemoteHost with enableLookups=true with x-forwarded-for header gets IP instead of hostname
Thanks a lot André and Mark, I understand your advice on performance degradation due to reverse DNS. It makes sense to me to disable the lookups at Tomcat level and search for the hostname asynchronously when storing logs (we store audit in DB, then it makes even more sense do this async). I will probably go for this solution. This is another topic, but as far as I understand (from Java7 javadoc), InetAddress is already implementing a cache. But it is not clear to me if it is for hosname resolution (obtain the IP from hostname) or reverse DNS (obtain hostname from IP). Perhaps it makes sense to have our own cache of IP -> host mapping. Anyway, as suggested by Mark, I will create an issue in BugZilla because I think it can make sense in some context to do the reverse DNS lookup in Tomcat natively when using a load balancer. However I am not sure if it should be better to have a new Tomcat attribute for this (like enableRemoteIpLookups) instead of using the attribute enableLookups, because perhaps you do not want to lookups of the proxies IP but just the remoteIp (x-forwarded-for). Regards, Yann Nicolas El feb 21, 2014 3:16 AM, "Mark Thomas" escribió: > On 21/02/2014 05:32, Yann Nicolas wrote: > > > Of course I can put a filter in my web application to do search the > > hostname from the remote IP using "java.net.InetAddress" for example but > I > > was wondering if a Tomcat native solution exists. > > There isn't. Please create a Bugzilla issue for this. > > > If not, is there any particular reason for this, or is it because no body > > has required that feature. > > More an omission in the handling of x-forwarded-for I suspect. > > While I don't have any objections to fixing this, I do strongly > recommend reading André's response carefully. He makes a very good point. > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat 7 & 8 getRemoteHost with enableLookups=true with x-forwarded-for header gets IP instead of hostname
Hello, I agree, it doesn't make sense to do DNS resolution on proxy IPs. What I mean is that I do not think it is possible to implement a logic in Tomcat that does the reverse DNS on the IP of the client (or proxy) only if there is no information in the x-forwarded-for header, this is done in different sections of the request flow inside Tomcat. It is why I think if the reverse DNS of the IP provided in x-forwarded-for is implemented, it should be configured using a different attribute than "enableLookups". Regards, Yann Nicolas 2014-02-21 10:11 GMT-06:00 Christopher Schultz : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Yann, > > On 2/21/14, 8:53 AM, Yann Nicolas wrote: > > Thanks a lot André and Mark, > > > > I understand your advice on performance degradation due to reverse > > DNS. It makes sense to me to disable the lookups at Tomcat level > > and search for the hostname asynchronously when storing logs (we > > store audit in DB, then it makes even more sense do this async). I > > will probably go for this solution. > > > > This is another topic, but as far as I understand (from Java7 > > javadoc), InetAddress is already implementing a cache. But it is > > not clear to me if it is for hosname resolution (obtain the IP from > > hostname) or reverse DNS (obtain hostname from IP). Perhaps it > > makes sense to have our own cache of IP -> host mapping. > > > > Anyway, as suggested by Mark, I will create an issue in BugZilla > > because I think it can make sense in some context to do the reverse > > DNS lookup in Tomcat natively when using a load balancer. However I > > am not sure if it should be better to have a new Tomcat attribute > > for this (like enableRemoteIpLookups) instead of using the > > attribute enableLookups, because perhaps you do not want to lookups > > of the proxies IP but just the remoteIp (x-forwarded-for). > > Honestly, it seems kind of silly to do reverse-lookup on your own load > balancers: you should know their IP addresses already and there should > only be a few of them. What's the point in doing DNS resolution on them? > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJTB3rDAAoJEBzwKT+lPKRYETUP/16UThlf328IzqChMez4A/EW > +fjtzmuRuYanUatRQoxVi9Z2ckAeJO22whOMLbD16VhItgmm/YDn3wOO8wWEq5sv > Zyb+xHlyvYpThOQ8hf/ejpx7RzqRmlr8aDZiOmyBBeGop/e84AxEk/2k0fHKRn2w > uz+Zw8oZhhcq8UMhd6xqMk8Xs4VCRgyH6SvUo9OWARw2YkQv9Dj/zw5Pl1m3WM+U > +Uz6NQbC8js5aUe1gZgDUUds7dFN3oLqLiuL9nY614sU8OTk4Qdwoo6i6tPKYArF > m+C5Aya+SlfgKOgLRHyrjaWRNa+hOjldqq2kjxGhEWgtQq904hUhOuj7kWPBI/zt > z6hdG3lmwj/heUpe/mbNXahcZ0A/UFuENT93BHVRj7ZwZHUA6Q8Qnv55Y4yFBqTd > 2w3cZgQzGZSE0z/3qetkYd+ey2DjezLrRXHQZKb3isY3s4rlzDxNZ8dvlGY0JVdi > CVLyzb/sbNe0v6F+EkjVIzhRn3b1iFvvsleD3pmlsWeslNsKHnDTjWDVOKdK/590 > Dyg3xGXFSAF0x3inF5S8z1QLKEem+wml/7TxW0UAC0cGAX/48DU3o1tXVa7qUYLr > cQQUvhs/TAtpg661EQERSI/WUMpZwcyEG7djz+byLVJBppzwn1txf8ZY0H67N+1H > wwOUN5i68TXYlp8/DTrj > =EHo/ > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat 7 & 8 getRemoteHost with enableLookups=true with x-forwarded-for header gets IP instead of hostname
Hello, I created an issue for this: https://issues.apache.org/bugzilla/show_bug.cgi?id=56181 Regards, Yann Nicolas 2014-02-21 3:15 GMT-06:00 Mark Thomas : > On 21/02/2014 05:32, Yann Nicolas wrote: > > > Of course I can put a filter in my web application to do search the > > hostname from the remote IP using "java.net.InetAddress" for example but > I > > was wondering if a Tomcat native solution exists. > > There isn't. Please create a Bugzilla issue for this. > > > If not, is there any particular reason for this, or is it because no body > > has required that feature. > > More an omission in the handling of x-forwarded-for I suspect. > > While I don't have any objections to fixing this, I do strongly > recommend reading André's response carefully. He makes a very good point. > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
HttpServletRequest.login & remoteUser null
Hello, I am using HttpServletRequest.login to authenticate users on an ajax call. This is working fine and the relevant realm is queried. However, on subsequent requests, I have quite often the remote user being null despite having the correct JSESSION cookie set from the login call. This is not happening always, but it is quite frequent. Interestingly, if a set an attribute in the session, that session and attributes are preserved in the subsequent requests. Is there anything else that I should do to preserve authentication information? It is very strange that this process is working intermittently. As a workaround I am wrapping the request and overrides the getRemoteUser/getUserPrinciper/isUserInRole to get this information from the information I am storing in the session, but I would prefer to have this working without this workaround (for example the AccessLogValve does not report the user correctly when using that workaround). Cheers Nicolas
Question related to mutual authentication
Hi! I have successfully set up mutual authentication on a Tomcat 9.0.1 server running on CentOS 6.5. To do my testing, I use a Java program that I wrote to verify my understanding of SSL and the server configuration. My question is about the server-side verification of the client certificate (CertificateRequest part of handshake). I noticed that the hostname/common name in the client certificate did not seem to be validated. I can move that certificate on several machines and the server will always accept it, as long as it is signed by one of the trusted authorities in the server JVM's truststore. I am puzzled by this behavior because I was expecting the hostname to matter. If my certificate was set for a machine, I was not expecting it to work on another machine. My understanding is that when "certificateVerification" is set to "required", the server would perform the same verification as the client does, that is: 1) Verify the incoming certificate is signed by an authority that is part of the local truststore. 2) Verify that the incoming certificate's common name matches the hostname of the peer we are communicating with. Also, should the server behavior be correct, can someone explain to me why it is like that?I find it odd that the client certificate can be copied around and used by anyone and still pass mutual authentication... Thanks in advance, Nicolas Therrien ing. Senior Software Engineer Airbus DS Communications home of VESTA® 200 Boul. de la Technologie, Suite 300 Gatineau, QC J8Z 3H6 Canada 819.931.2139 (DIRECT) www.Airbus-DSComm.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question related to mutual authentication
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, November 9, 2017 11:16 AM To: users@tomcat.apache.org Subject: Re: Question related to mutual authentication Mark, On 11/9/17 5:02 AM, Mark Thomas wrote: > On 8 November 2017 21:09:11 GMT+00:00, Nicolas Therrien > wrote: > > > >> My understanding is that when "certificateVerification" is set to >> "required", the server would perform the same verification as the >> client does, that is: >> >> 1) Verify the incoming certificate is signed by an authority that is >> part of the local truststore. > > Correct. > >> 2) Verify that the incoming certificate's common name matches the >> hostname of the peer we are communicating with. > > Incorrect. > > The client very is intended to prove the identity of the user, not the > host the happen to be using. s/very/cert/ This is also very (sic) dependent upon the URL that the client is using to connect to the server. For example, if you move a certificate with cn=localhost between many servers and access it using https://localhost/ then you will never get any errors. Likewise, if you redefine the DNS name and keep the URL consistent, then you will also connect without any errors. Since you wrote the client, you are ultimately responsible for performing hostname verification. If you use HttpsURLConnection or anything else built-into the JVM like that that uses SSLContext and friends, you should automatically get hostname verification unless you specifically take steps to disable it. But if you are rolling your own connection code, you won't get that kind of protection. - -chris -- Thanks to Christopher and Mark for your responses. Much appreciated! I understand now that when validating the client, we're validating the user, not a machine name. This makes sense. I realize now that both server and client validation are dependent on the context and is not necessarily a foolproof guarantee of identity. This question is now closed :) Nicolas Therrien ing. Senior Software Engineer Airbus DS Communications home of VESTA® 200 Boul. de la Technologie, Suite 300 Gatineau, QC J8Z 3H6 Canada 819.931.2139 (DIRECT) www.Airbus-DSComm.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Trying to understand How Tomcat uses Keystore for SSL
in it. I'm going to assume they gave you a package which contains a private key and a certificate, and that the point was to simplify the process of generating a CSR (Certificate Signing Request). Just know that the fact that the private key was given to you by a third party is a potential security risk to your own security. The NORMAL process is to generate your own private key, generate a CSR, send LetsEncrypt the CSR, obtain a Signed CSR and re-import into your keystore. That has maximum security. Step 3: Make a copy of your original keystore file.Then you can open your keystore with Keystore Explorer and change its format to JKS.Super easy.I think its under the tool menu. You can rename your keystore file so that it ends in *.jks (make sure you saved the keystore using the save button!) Step 4: Copy that jks file to your server under the conf folder of tomcat. Step 4: In your Tomcat server.xml file you need something like this: The alias is just a name used to designate a given certificate in case there are more than one in your keystore. Just a good habit to be specific. You can find what is the alias name for your certificate using Keystore Explorer Voilà! That should give you a valid SSL configuration on your server. If you still get an issue with Chrome warnings, this means the certificate contained in the keystore is not signed properly. You can easily check if a certificate is signed using the Keystore Explorer and right-clicking then view details... see certificate chain.In that chain, you should be able to see some top CA authority signing your cert. If none of those CAs in the chain are approved by chrome, it wont work. You'll need to find another provider. Regards, - Nicolas
RE: Multiple errors
If you have autodeploy set to ON, make sure you clean your webapps from any leftover war files. I would delete the folder contents entirely and redeploy. On 19.11.2017 07:32, Karen Goh wrote: > Hi, > > I am writing to this group as I could not get an answer from anywhere. > > Basically, I do not know what happened cos my Tomcat was running fine and > then I got a bunch of error. > > I did a mvn clean, delete all my dependencies in my .m2 repositotries and > rebuilt, re-installed Tomcat many times but to no avail. > > My tomcat is in my built path in my Eclipse NEON. > > So, I really hope someone can let me know what went wrong. I'm not the expert, but it looks as if one of the .jar files composing tomcat may be corrupt. I am basing this on the following lines below : [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/Hi5S]] ... > Caused by: java.lang.IllegalArgumentException: java.util.zip.ZipException: > invalid LOC header (bad signature) (a .jar file is a zip file containing java programs and libraries) "/Hi5S" does not look like it is any part of a standard tomcat, so maybe it is in your application rather than tomcat itself. > > Here's the error message : > > Nov 19, 2017 2:30:29 PM org.apache.catalina.core.StandardService > startInternal > INFO: Starting service [Catalina] > Nov 19, 2017 2:30:29 PM org.apache.catalina.core.StandardEngine > startInternal > INFO: Starting Servlet Engine: Apache Tomcat/8.5.23 Nov 19, 2017 > 2:30:30 PM org.apache.catalina.core.ContainerBase startInternal > SEVERE: A child container failed during start > java.util.concurrent.ExecutionException: > org.apache.catalina.LifecycleException: Failed to start component > [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/Hi5S]] > at java.util.concurrent.FutureTask.report(Unknown Source) > at java.util.concurrent.FutureTask.get(Unknown Source) > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:939) > at > org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:872) > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1419) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409) > at java.util.concurrent.FutureTask.run(Unknown Source) > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) > at java.lang.Thread.run(Unknown Source) Caused by: > org.apache.catalina.LifecycleException: Failed to start component > [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/Hi5S]] > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) > ... 6 more > Caused by: org.apache.catalina.LifecycleException: Failed to start component > [org.apache.catalina.webresources.StandardRoot@59d0966f] > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) > at > org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4860) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4995) > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > ... 6 more > Caused by: org.apache.catalina.LifecycleException: Failed to initialize > component [org.apache.catalina.webresources.JarResourceSet@38099cbe] > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:113) > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140) > at > org.apache.catalina.webresources.StandardRoot.startInternal(StandardRoot.java:724) > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > ... 9 more > Caused by: java.lang.IllegalArgumentException: java.util.zip.ZipException: > invalid LOC header (bad signature) > at > org.apache.catalina.webresources.AbstractSingleArchiveResourceSet.initInternal(AbstractSingleArchiveResourceSet.java:113) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > ... 12 more > Caused by: java.util.zip.ZipException: invalid LOC header (bad signature) > at java.util.zip.ZipFile.read(Native Method) > at java.util.zip.ZipFile.access$1400(Unknown Source) > at java.util.zip.ZipFile$ZipFileInputStream.read(Unknown Source) > at java.util.zip.ZipFile$ZipFileInflaterInputStream.fill(Unknown Source) > at java.util.zip.InflaterInputStream.read(Unknown Source) > at sun.misc.IOUtils.readFully(Unknown Source) > at java.util.jar.JarFile.getBytes(Unknown Source) > at java.util.jar.JarFile.getManifestFromReference(Unknown Source) > at java.util.jar.JarFile.getManifest(Unknown Source) > at > org.apache.catalina.webresources.AbstractSingleArchiveResourceSet.initInternal
RE: Trying to understand How Tomcat uses Keystore for SSL
" Asymmetric encryption uses a public and a > private encryption key. The public key, which as its name states, is > public, i.e. it is available to all. The private key is and must be > closely guarded. A message encrypted with the private key can be > decrypted by the public key and vis-a-versa." This is not true. The principle of asymmetric encryption is based on the fact that this is a one-way communication channel. Only the public key can encrypt data, and only the private key can decrypt data. This is not reversible. The private key cannot be used to encrypt and the public key cannot be used to decrypt. This is why it is called asymmetric, as opposed to symmetric where both ends can both encrypt and decrypt. Of course this text would require some rewrite, but in my opinion I think that, once fixed, the text would be useful and welcome.I give a lot of training about encryption and SSL within my company and I think there is not enough "end-to-end" articles on the subject. SSL implies a lot of complex concepts all put together so, yes, it is hard and it deserves additional vulgarization. You can send me updates of your text if you need a reviewer. Nicolas Therrien ing. Senior Software Engineer Airbus DS Communications home of VESTA® 200 Boul. de la Technologie, Suite 300 Gatineau, QC J8Z 3H6 Canada 819.931.2139 (DIRECT) www.Airbus-DSComm.com -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, December 4, 2017 2:06 PM To: users@tomcat.apache.org Subject: Re: Trying to understand How Tomcat uses Keystore for SSL -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Don, I haven't really read this, yet, but my first impression is that it provides a lot of background that we have tried NOT to repeat on the Tomcat site. The world doesn't need "another TLS background page." As a beginning user, what would you think about having to be sent to other "background resources" before reading the Tomcat documentation? I'd prefer not to "re-write the wheel", if you know what I mean. - -chris On 12/3/17 10:07 PM, Don Flinn wrote: > Thanks Chuck > > In plain text > > Please comment on the following write-up. > > Setting Up SSL for TomCat 1) Overview of Security for Tomcat > > Security is hard, which by extension means setting up SSL is hard. > One of the things that make this difficult is that there are multiple > layers of specifications. In this explanation we are only go as deep > into the technical description as is necessary for you to understand > what is going on. > > At the bottom layer of security is cryptography, which is based on > encryption. We won’t go into encryption except to say that all > encryption protocols are breakable, except the One Time Pad, which is > impracticable. The principal of computer security is to make it very > difficult to break the encryption. Using a modern desktop computer it > would take a little over 6.4 quadrillion years to crack the encryption > of a 2048 bit RSA certificate. Note: practical quantum computers > large enough to negate this time estimate don't exist, yet > > There are two encryption schemes that are of interest, asymmetric and > symmetric encryption. Asymmetric encryption uses a public and a > private encryption key. The public key, which as its name states, is > public, i.e. it is available to all. The private key is and must be > closely guarded. A message encrypted with the private key can be > decrypted by the public key and vis-a-versa. > > SSL or Secure Sockets Layer, is the high level security layer that we > are attempting to implement for for our implementation of Tomcat. SSL > uses both asymmetric and symmetric encryption, but at the level we are > interested in we only deal with the former, while Tomcat and the other > parties like the browser deal with both. > > In the scenario that we are addressing there are three parties > involved * your installation of Tomcat * the browser with whom you > wish to communicate and * the Certificate Authority or CA, e.g. > letsencrypt, Comodo, etc. > > In cryptography, a certificate authority or certification authority > (CA) is an entity that issues digital certificates. A digital > certificate certifies the ownership of a public key by the named > subject of the certificate. This allows others (relying parties) to > rely upon signatures or on assertions made about the private key that > corresponds to the certified public key. A CA acts as a trusted third > party—trusted both by the subject (owner) of the certificate and by > the party relying upon the certificate. The format of these > certificates is specified by the X.509 standard. > > In
RE: Trying to understand How Tomcat uses Keystore for SSL
Agreed. I was thinking in terms of the TLS exchange during which the client uses the public key to send a symmetric key to the server. I should have read the text further and more literally. Sorry about the confusion. Nicolas Therrien ing. Senior Software Engineer Airbus DS Communications home of VESTA® 200 Boul. de la Technologie, Suite 300 Gatineau, QC J8Z 3H6 Canada 819.931.2139 (DIRECT) www.Airbus-DSComm.com -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, December 4, 2017 2:58 PM To: users@tomcat.apache.org Subject: Re: Trying to understand How Tomcat uses Keystore for SSL On 04/12/17 19:20, Nicolas Therrien wrote: > " Asymmetric encryption uses a public and a >> private encryption key. The public key, which as its name states, is >> public, i.e. it is available to all. The private key is and must be >> closely guarded. A message encrypted with the private key can be >> decrypted by the public key and vis-a-versa." > > This is not true. Yes, it is true. > > The principle of asymmetric encryption is based on the fact that this is a > one-way communication channel. Only the public key can encrypt data, and > only the private key can decrypt data. The above statement is incorrect. > This is not reversible. The private key cannot be used to encrypt and the > public key cannot be used to decrypt. So is the statement above. > This is why it is called asymmetric, as opposed to symmetric where both ends > can both encrypt and decrypt. Again, no. It is called asymmetric because whichever key you use to encrypt, you must use the other key to decrypt. In symmetric encryption there is a single key that encrypts and decrypts. As an aside, encrypting with the private key and decrypting with the public key is a key element of how digital signatures work. I recommend viewing the "Introduction to Tomcat and TLS" presentation from this page: https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_presentations.html&d=DwICaQ&c=V9FsLrJ7wYRfgsJ_KHoq2BENyO08hg3hD97KYyc_QQg&r=ZZk8MXVrcZaLkCc_2C7UFhVW7Nb2LjIIa0VSNP2uvtnzxufjwl_gt-oLYrhgql55&m=-88nWY3ukSpK6pjmbNDfKWWcmr0DUrFdu3QQktOfMLI&s=rGi1lxExpzMxuwq6pykrS5RJosFgcea37gIQJyaFiCg&e= It is a little simplistic, but it covers the basics. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache 2.0.50 - Tomcat 5.0.28 - Mod_jk - .htaccess
Hello, I have apache and tomcat ready. The connector (mod_jk) work well. JkMount /jsps/servlet/* ajp13 JkMount /jsps/*.jsp ajp13 The static content work with apache and .jsp work with tomcat. My problem is that i would like that /jsps work with .htaccess AuthType Basic require valid-user this work with static content but i use url http:///jsps/my_jsp.jsp this url dont ask me login/pass, and show my_jsp.jsp The same configuration in apache 1.3.12 work well. Somebody can help my? How i can configure apache for use authentication system for *.jsp and if the authentication is correct pass the request to tomcat. Thank you.
RE: Apache 2.0.50 - Tomcat 5.0.28 - Mod_jk - .htaccess
This is the configuration httpd.conf LoadModule jk_module modules/mod_jk.so JkWorkersFile "/usr/local/apache/conf/workers.properties" JkLogFile "/usr/local/apache/logs/mod_jk.log" JkLogLevel info JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories JkMount /jsps/ ajp13 JkMount /jsps/servlet/* ajp13 I don't have LoadModule mod_access #httpd -l core.c mod_access.c mod_auth.c mod_include.c mod_log_config.c mod_env.c mod_setenvif.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c Thank you for your help, but i don't understand you. -Mensaje original- De: Joost de Heer [mailto:[EMAIL PROTECTED] Enviado el: martes, 07 de febrero de 2006 12:08 Para: Manuel Nicolas Ortuño CC: users@tomcat.apache.org Asunto: Re: Apache 2.0.50 - Tomcat 5.0.28 - Mod_jk - .htaccess > I have apache and tomcat ready. The connector (mod_jk) work well. > > JkMount /jsps/servlet/* ajp13 > JkMount /jsps/*.jsp ajp13 > > The static content work with apache and .jsp work with tomcat. My problem > is > that i would like that /jsps work with .htaccess > > AuthType Basic > require valid-user > > this work with static content but i use url > http:///jsps/my_jsp.jsp this url dont ask me login/pass, and > show my_jsp.jsp > > The same configuration in apache 1.3.12 work well. > > Somebody can help my? > > How i can configure apache for use authentication system for *.jsp and if > the authentication is correct pass the request to tomcat. Try switching the loadmodule lines for mod_jk and mod_access. Joost - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Apache 2.0.50 - Tomcat 5.0.28 - Mod_jk - .htaccess
There are any form of change the loading order or i would need reinstall apache. Thank you. -Mensaje original- De: Nikola Milutinovic [mailto:[EMAIL PROTECTED] Enviado el: martes, 07 de febrero de 2006 14:38 Para: Tomcat Users List; [EMAIL PROTECTED] Asunto: RE: Apache 2.0.50 - Tomcat 5.0.28 - Mod_jk - .htaccess --- Manuel Nicolas Ortu�o <[EMAIL PROTECTED]> wrote: > > LoadModule jk_module modules/mod_jk.so > Dynamic loading. > I don't have LoadModule mod_access > #httpd -l > core.c > mod_access.c This means mod_access is statically built in and there is no way of turning it off (not that you would want it). It also means you have no influence of the order of module loading and hooking into apache. Personally, I prefer an Apache with the minimum set of modules compiled in, all others dinamically loading. Some Linux distros allow you to tweak the loading order of add-on modules, since their config fragments are stored in files like /etc/http/conf.d/S20_php.conf or something like that. Changing that number will affect the loading order of the module. Of course, Apache's own modules are usually in some other conf fragment and the only way to affect loading order is to edit the fragment. Nix. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Apache 2.0.50 - Tomcat 5.0.28 - Mod_jk - .htaccess
Thank you for your help. I have other Server. This server have apache 2.0.46 and httpd -l are: core.c prefork.c http_core.c mod_so.c I switch the order of LoadModule #-- LoadModule jk_module modules/mod_jk.so LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so JkMount /jsps/servlet/* ajp13 JkMount /jsps/*.jsp ajp13 #-- #-- LoadModule access_module modules/mod_access.so LoadModule jk_module modules/mod_jk.so LoadModule auth_module modules/mod_auth.so JkMount /jsps/servlet/* ajp13 JkMount /jsps/*.jsp ajp13 #-- #-- LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule jk_module modules/mod_jk.so JkMount /jsps/servlet/* ajp13 JkMount /jsps/*.jsp ajp13 #-- But i get the same result: http:///jsps/page.jsp <-- not password needed http:///jsps/page.js <-- password needed You have any idea? -Mensaje original- De: Nikola Milutinovic [mailto:[EMAIL PROTECTED] Enviado el: jueves, 09 de febrero de 2006 10:34 Para: Tomcat Users List; [EMAIL PROTECTED] Asunto: RE: Apache 2.0.50 - Tomcat 5.0.28 - Mod_jk - .htaccess > There are any form of change the loading order or i > would need reinstall apache. Re-intalling will do you no good. You'd still end up with the same Apache. Re-building it, would, but that can be quite a task. Finding a newer version, differently compiled, might also be a good idea. Anyway, I'm not sure what is the loading order of modules, but it appears that staically linked modules load after dynamically built ins. And you have no control over mod_access. Nix. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Location of Tomcat 7 jvm defualt ysettings...
U - Original Message - From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, July 20, 2012 10:53 PM To: Tomcat Users List Subject: Re: Location of Tomcat 7 jvm defualt settings... On 20/07/2012 21:42, Tony Anecito wrote: > Thanks Charles I have found documention for all the below from the > Tomcat group but seemed somewhat outdated. Mark Thomas's name seemed > dominant in most of the presentations I have seen there is even > sections dealing with Tomcat in various Tomcat books I have seen. > > True the tuning is dependent somewhat upon the app but even Mark > mentioned logging levels, threads that run contineously that might > best be tuned off (like checking for new deploys ect). He also > mentioned the xmx xms java tuning and what Tomcat without apps (WARs) > loaded needs although not sure if he mentioned xss parimeters. I am > using the G1 GC by default since that is setup in 1.7.0_05 and the > compressed pointers is also setup by default for that version of > 1.7.0_05. I am also looking at the OS level to remove uneeded > services. I alreadt tuned the network transport parameters as best as > possible. > > FYI I currently am down to the 1-2msec response times as measured at > the exposed web services methods inside of Tomcat 7 using 64-bit > Oracle 1.7.0_05 JDK and that includes database calls to SQL Server > 2012 Express. I have used some of the standard things mentioned by > Mark Thomas which has helped alot and looking for more current tips. I'm pretty sure that I will have said somewhere in each of those presentations words to the effect of "Don't guess where the bottlenecks are. Get yourself a profiler, profile your application and find out where they really are." If the profiler highlights any Tomcat internal code, let us know and we'll take a look. I'll also add something that I picked up at JavaOne a few years ago. Pick any two of "high throughput, small heap, low GC pause times". Whichever two you pick, the other one will suffer. In an ideal world, the GC needs plenty of manoeuvring room and you should aim to provide roughly 5 times the minimum memory your app needs (minimum being defined as the lowest heap usage you can force with lots of manual GC). HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer link. To see it, click the link below, or copy and paste it into your browser's address line. http://www.citco.com/emaildisclaimer.htm - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
