Re: How to access the request URL in a custom valve implementation?

[Tim Funk]

It depends on what you are trying to accomplish. ExtendedAccessLogValve is
a
little more flexible where you can write out arbitrary request
attributes but still format the request like the standard access
log. So you could have a filter set the value and not need to
write your own access logger.

-Tim

On Fri, Jan 26, 2024 at 5:47 AM Manak Bisht  wrote:

> Hi,
> I am trying to extend the AccessLogValve to modify logging behaviour for
> certain URLs. However, I don't have access to the request object in the
> AccessLogValve API. So, I am left with regex matching on the
> CharArrayWriter
> message object. Is there a better way to do this?
>

Re: How to access the request URL in a custom valve implementation?

[Tim Funk]

My bad - AccessLogValve also supports that feature too

   - *%{xxx}r* write value of ServletRequest attribute with name xxx (escaped
   if required, value ?? if request is null)

https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Logging

-Tim


On Fri, Jan 26, 2024 at 7:23 AM Tim Funk  wrote:

> It depends on what you are trying to accomplish. ExtendedAccessLogValve is
> a
> little more flexible where you can write out arbitrary request
> attributes but still format the request like the standard access
> log. So you could have a filter set the value and not need to
> write your own access logger.
>
> -Tim
>
> On Fri, Jan 26, 2024 at 5:47 AM Manak Bisht 
> wrote:
>
>> Hi,
>> I am trying to extend the AccessLogValve to modify logging behaviour for
>> certain URLs. However, I don't have access to the request object in the
>> AccessLogValve API. So, I am left with regex matching on the
>> CharArrayWriter
>> message object. Is there a better way to do this?
>>
>

Re: How to access the request URL in a custom valve implementation?

[Tim Funk]

See AbstractAccessLogValve (which AccessLogValve overrides)

Then you could override AbstractAccessLogValve.createAccessLogElement()
which has
case 'q':
return new QueryElement();

To possible do doing something like
case 'q':
return new ObfuscatedQueryElement();

Where ObfuscatedQueryElement is much like the existing QueryElement with
your additional requirements.
 They both would implement AccessLogElement which has access to the
Request object

-Tim

On Fri, Jan 26, 2024 at 7:58 AM Manak Bisht  wrote:

> I want to obfuscate values of query params for certain URLs, however, I
> would still like to log the request. Therefore, I cannot use the existing
> conditionif/conditionunless attributes that AccessLogValve provides.
>
>

Re: Rotating/archiving catalina.out

[Tim Funk]

One option (hacky workaround) is to try using "swallowOutput"
which may mitigate the worst of your issue. (Beyond a rewrite with
a logging framework)

https://tomcat.apache.org/tomcat-9.0-doc/config/context.html

-Tim

On Mon, Jan 29, 2024 at 3:28 PM Aryeh Friedman 
wrote:

> We need to shrink the size of catalina.out but looking at the logging
> documentation I do not see any way to do this with the standard
> logging.properties (or else where).   Due to the nature of the
> production site we never bring it completely down unless we must (life
> critical 24/7/365)
>
> Specifically we have a fair number of System.out.println's with
> debugging information to it and we dumb stack traces into it also.
> And without stopping and restarting tomcat we want to make it so there
> is periodic rotation of catalina.out to some other file?   (note stack
> traces do go to the dated one but not the System.out.println's)
>
>

Re: Operation not permitted errors [EXTERNAL]

[Tim Funk]

Crazy wild guess looking at the stack trace ...
> sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
> at sun.nio.fs.UnixCopyFile.copyFile(UnixCopyFile.java:283) at

A snoop of sun.nio.fs.UnixCopyFile shows its calling the system call
utimes() or futimes()  (probably utimes) - And the CIFS mount
doesn't support that.

A quick test would be to write a "1 liner" java program that uses
java.nio.file.Files.copy with paths in that CIFS  mount

-Tim

On Wed, Feb 7, 2024 at 10:49 AM Beard, Shawn 
wrote:

> It is on a Linux server, The file system mentions is actually a CIFS mount
> from a windows server. Its not creating a directory, only that file. Odd
> thing is that I can manually create a file in that directory as the user
> Tomcat is running as using touch.
>
> 
>
>
>
> On 2/6/24 13:52, Beard, Shawn wrote:
> > An application we have running in Tomcat 9 using Java 8 is throwing
> > this error when trying to create a file:
> >
> > java.nio.file.FileSystemException
> > /path/to/filesystem/202311WEB/040389461310_08_37_246.jpg: Operation
> > not permitted at
> > sun.nio.fs.UnixException.translateToIOException(UnixException.java:91)
> > at
> > sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
> > at
> > sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
> > at sun.nio.fs.UnixCopyFile.copyFile(UnixCopyFile.java:283) at
> > sun.nio.fs.UnixCopyFile.copy(UnixCopyFile.java:581) at
> > sun.nio.fs.UnixFileSystemProvider.copy(UnixFileSystemProvider.java:253
> > ) at java.nio.file.Files.copy(Files.java:1274) at
> > org.apache.commons.io.FileUtils.copyFile(FileUtils.java:850) at
> > org.apache.commons.io.FileUtils.copyFile(FileUtils.java:756) at
>
>

Re: Tomcat Internal Architect for JSP compilation?

[Tim Funk]

One possible workaround is to precompile the JSP's at build time.

https://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html#Web_Application_Compilation

-Tim

On Fri, Mar 22, 2024 at 1:37 AM Subodh Joshi 
wrote:

>
> Why i am doing this exercise?
> In our some of the deployed linux environment many clients are complaining
> about this issue , We tried to monitor who actually deleting these
> /tmp/tomcat folder but still we are not able to figure it out and we are
> not able to reproduce it . So i have to do reproduce it manually deleting
> the /tmp/tomcat directory.
>
>

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

[Tim Funk]

As long as the webapp is reporting 404's - you're in good
shape and probably not exposing hints of new vectors for
attack. (Sometimes 500's errors can provide hints for tweaking
parameters)

But this is really a case study for why people may want to
run a web application firewall. (I do not have a recommended
vendor / solution)

Conversely, this is a good time for the developers to review
their server logging and tune it to be less verbose for these
normal exceptions. As well as implementing logging frameworks
and logging at the appropriate level (fatal through debug)

-Tim

On Mon, Jun 24, 2024 at 12:29 PM James H. H. Lampert
 wrote:

> Over the weekend, one of our customers got hit with what appears to have
> been either a penetration attempt or a DOS attack (or both).
>
> Their catalina.out file contains tens of thousands (probably over 100k)
> of lines reporting that our webapp received a request for a nonexistent
> server object, and issued a 404.
>
> I suggested that the customer ask their network people to check their
> firewall logs, to see if they can find a source, and plug it up, but of
> course that only stops it from the known source IP(s).
>
> Any suggestions on what else can be done? Anything that I should pass on
> to the customer or to our webapp developers?
>
>

Re: Tomcat 9.0.93 Patching | Error- A fatal error has been detected by the Java Runtime Environment | Problematic frame:sigar-amd64-winnt.dll+0x14ed4

[Tim Funk]

"sigar-amd64-winnt.dll" is triggering the error. The details will be
in the core dump.

The vendor which supports "sigar-amd64-winnt.dll" will need to fix it.
Based on the release revisions, I suspect the DLL is using a reference
to a request or response object *after* the request was already completed.
This is not allowed since 9.0.90. In particular - see the notes about
"RECYCLE_FACADES" here
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html


An alternative is removing "sigar-amd64-winnt.dll" from lib (but I suspect
the application will be broken)

-Tim

On Tue, Sep 3, 2024 at 7:08 AM Man Mohan 
wrote:

> Hi Mark
>
>
> Thanks for the reply but same application is working fine with Tomcat
> 9.0.88.
>
> Regards
> Man Mohan
>
> -Original Message-
> From: Mark Thomas 
> Sent: 03 September 2024 18:29
> To: Tomcat Users List 
> Subject: Re: Tomcat 9.0.93 Patching | Error- A fatal error has been
> detected by the Java Runtime Environment | Problematic
> frame:sigar-amd64-winnt.dll+0x14ed4
>
> Not a Tomcat issue. You need to contact whoever provided the file:
>
> C:\Program Files\Apache Software Foundation\Tomcat
> 9.0\webapps\ROOT\WEB-INF\lib\sigar-amd64-winnt.dll
>
> Mark
>
>
> On 03/09/2024 08:33, Man Mohan wrote:
> > Hi Team,
> >
> > Recently I was patching one of my Tomcat server from *9.0.88 to
> > 9.0.90/93* and then  we are getting below issue while starting the
> > tomcat after the patching and it is generating mdmp file after each
> > start and  after that services got stopped.
> >
> > *OS: Window *
> >
> > *JAVA: 1.8.421*
> >
> > *Tomcat : 9.0.90/93* (both having issue)
> >
> > Error:
> >
> > # A fatal error has been detected by the Java Runtime Environment:
> >
> > #
> >
> > #  EXCEPTION_ACCESS_VIOLATION (0xc005) at pc=0x10014ed4,
> > pid=7624, tid=0x0ad0
> >
> > #
> >
> > # JRE version: Java(TM) SE Runtime Environment (8.0_421) (build
> > 1.8.0_421-b09)
> >
> > # Java VM: Java HotSpot(TM) 64-Bit Server VM (25.421-b09 mixed mode
> > windows-amd64 )
> >
> > # Problematic frame:
> >
> > *# C  [sigar-amd64-winnt.dll+0x14ed4]*
> >
> > *#*
> >
> > # Core dump written. Default location: C:\Program Files\Apache
> > Software Foundation\Tomcat 9.0\hs_err_pid7624.mdmp
> >
> > #
> >
> > # If you would like to submit a bug report, please visit:
> >
> > #   http://bugreport.java.com/bugreport/crash.jsp
> >
> > # The crash happened outside the Java Virtual Machine in native code.
> >
> > # See problematic frame for where to report the bug.
>
>

Re: Max parameters limit

[Tim Funk]

I'd guess the "easiest" way is to use the builtin Tomcat functionality for
max
for the smaller number.


Then for the bigger number ... Use a servlet filter for the "special"
urls that slurps the "input stream" and parses the parameters in
application space. And use RequestWrapper to intercept getParameter()
and provide your own parsed value.

-Tim

On Wed, Sep 11, 2024 at 12:31 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> All,
>
> Does anyone know if there is a way to limit the number of HTTP
> parameters in a POST request but explicitly allow more parameters for,
> say, a small set of specific URLs?
>
>

Re: CVE-2021-44228 Log4j 2 Vulnerability -- How does this affect Tomcat?

[Tim Funk]

LOG4J2 allows for multiple keyword types of keyword expansions in the logs.
Keyword expansion is a "great way" to log items possibly only known at run
time. And with trace, debug level logging - Comparing those expanded values
to logged values makes debugging "easier". (The closest you'll get to
breakpoints in production)

The downside (exploit) is when the expansion (lookup) does things a little
too powerfully. Then other folks come along and use that to *chain* other
exploits. Remote LDAP calls were not in mind when the original idea was
presenting a value from "java:comp/env". That's gap #1. Then gap #2 was the
ability for jndi calls via LDAP to allow serialized results to come back.
And the deserialization allowed for arbitrary code execution. WIth a modern
java, the (trivial) de-serialization exploit won't happen. But there are
many other chaining opportunities still out there.

A key takeaway is you might judge individual single exploits not to be bad.
But if you can easily chain multiple ones together, then the black hat
party can begin.

-Tim


On Mon, Dec 13, 2021 at 7:24 PM James H. H. Lampert
 wrote:

>
> I can *barely* wrap my mind around the idea of getting executable code
> from an RMI server, but what legitimate purpose could be served by
> allowing a *logger* to resolve executable code?
>
>

Re: Tomcat 7 - Log4j Vulnerability Guide Request

[Tim Funk]

Out of the box, no version of Apache Tomcat uses any log4j version.

If log4j is used, it is by a specific application (not provided by the ASF)
deployed to Tomcat. (Or an admin changed the default install to add it)

-Tim

On Fri, Jan 28, 2022 at 10:36 AM Samuel Anderson-Burrell | Cloud21
 wrote:

> Good Afternoon Apache
> Hope your well, my name is Samuel I work for a Security firm Cloud 21 and
> we have been working with a client who uses your software in particular
> Tomcat.
> We are looking to see if there is a security patch against log4j. The
> version they are using is tomcat 7, checking your dedicated page for Tomcat
> version 7 Apache Tomcat(r) - Apache Tomcat 7 vulnerabilities<
> https://tomcat.apache.org/security-7.html#Apache_Tomcat_7.x_vulnerabilities>
> there does not appear to be an article to patch against it.
> Forgive me if I'm not looking in the correct area if there is one please
> could you point me in the right direct. I did try and email your security
> mailbox but received an automated message back saying that I needed to be
> on the subscribed list which I have attempted to subscribed too but I have
> not had a response back yet.
>
>

Re: Conditional access logs

[Tim Funk]

I don't think there is a technical reason why it couldn't be added. I think
the hard part is getting the config wording/naming correct

Alternatively, I think an out of the box workaround could also be Tomcat's
RewriteValve where the condition matches on header and sets the
"environment variable"
https://tomcat.apache.org/tomcat-9.0-doc/rewrite.html

You can submit a feature enhancement request in the bug database
https://tomcat.apache.org/bugreport.html#How_to_submit_patches_and_enhancement_requests

-Tim


On Thu, Apr 21, 2022 at 5:08 PM Chris Cheshire  wrote:

> Tomcat 9.
>
> I wanted to separate out access logs for external api calls to log
> different info than the standard access log line. For example, the api key
> used which is set as a request header.
>
> Adding that to the pattern was easy.
>
> However the conditional logging was clunky. I found the ‘conditionIf’ and
> ‘conditionUnless’ attributes for the access log valve, but these only work
> on request attributes, not headers (at least that’s what the documentation
> says).
>
> I have created a filter that copies the values from the request headers to
> equivalent  attributes, just so the condition can work. This is where it
> feels  clunky, especially since the access log valve has replacement
> parameters for logging request headers.
>
> Is there a technical reason why the condition checking can’t work on
> request headers in the valve? If not, can this be considered as a feature
> request please?
>
>
>

Re: hiding tomcat version from error pages

[Tim Funk]

It should a tweak to the ErrorReportValve as documented here: (inside of
server.xml)

https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Error_Report_Valve

You'll want to set showServerInfo and showReport to false

-Tim


On Thu, Sep 17, 2020 at 8:20 AM Rathore, Rajendra  wrote:

> Hi All,
>
>
>
> Please let me know the standard way to hide tomcat version from error
> pages, I tried on google and saying that you need to modify some properties
> inside catelina.jar, but that is not a standard way.
>
>
>
>
>
> Thanks and Regards,
>
> Rajendra Rathore
>
> 9922701491
>
>
>

Re: hiding tomcat version from error pages

[Tim Funk]

It should be ...
http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Error_Report_Valve

On Thu, Sep 17, 2020 at 10:40 AM Rathore, Rajendra  wrote:
>
> Hi Tim,
>
> I am using tomcat 8.5.x, will that available over there?
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Append content to OutputStream after RequestDispatcher#forward

[Tim Funk]

Advice: Redesign since this will be a support nightmare for you in the
future since the design is not in the spirit of how the spec works.

Now onto the real solution (over simplified .. but google can expand
on each sub-idea)

Create a ServletResponseWrapper and pass that to the forward() method
where the ServletResponseWrapper does 2 things
1) Extends all instances of header manipulation (setHeader(...))
2) Extends the output writing capabilities and pushes everything to a buffer

HttpServletResponse wrappedResponse = new
MyHttpServletResponseWrapper(response);
resource.forward(request, wrappedResponse);

// Add code to loop over all headers set during forward() and set them
on response now
response.getWriter().append("prepend string");
response.getWriter().append(wrappedResponse.yourBuffer());
response.getWriter().append("postpend string"); // newly invented word

-Tim


On Tue, Sep 29, 2020 at 5:31 AM Nicolò Boschi  wrote:
>
> Hi all,
> I would like to know how to append (or prepend) some content in a Servlet,
> after RequestDispatcher#forward is called.
>
> @Override
> public void doGet(HttpServletRequest request, HttpServletResponse
> response)
> throws ServletException, IOException {
>
> final String finalUri = ... // compute some resource URI;
> RequestDispatcher resource = request.getRequestDispatcher(finalUri);
>
> response.getWriter().append("prepend string");
> resource.forward(request, response);
> }

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Append content to OutputStream after RequestDispatcher#forward

[Tim Funk]

Forward needed to be used due to this in the original email

> I also tried using RequestDispatcher#include but I need to keep response
> headers, added during the forward

And include() is not allowed to set headers.

-Tim

On Tue, Sep 29, 2020 at 2:27 PM Christopher Schultz
 wrote:
>
> If you want to add content before/after the target, why not use
> include() instead of forward()?
>
> -chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Strange error with JSP

[Tim Funk]

My guess?  ClassNotFoundException is rooted in some other exception. Such
as a different error is thrown during class initiation. Such as a static {
doStuff();} block where doStuff does bad stuff.

Hopefully there is more stack trace out there. If the JSP has static
initializers - wrap them in try {} catch blocks{} even if you think they
don't need wrapped in those blocks.

-Tim

On Wed, Jun 2, 2021 at 1:53 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

>
> I'm getting this error in production, and I can reproduce it every time
> I access the page. Here's the exception stack trace:
>
> java.lang.ClassNotFoundException: org.apache.jsp.admin.SessionSnooper_jsp
> java.net.URLClassLoader.findClass(URLClassLoader.java:382)
> at
> org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:128)
> at
> org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:59)
> at
>
> org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:159)
> at
>
> org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:192)
> at
>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:413)
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:382)
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:330)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
> [...filters, etc...]
>
> This is a relatively simple JSP. There are no tag libraries in use and
> there are 3 imports of JSPs which contain some static utility functions.
>
>

Re: Ip on the diferent apps on Tomcat

[Tim Funk]

tomcat.apache.org/faq/security.html#restrict

-Tim

Julio Rios wrote:

Hello I have one machine with this release:

Información de Servidor
Versión de Tomcat: Apache Tomcat/5.5.17
Versión JVM: 1.4.2_01-b06
Vendedor JVM: Sun Microsystems Inc.
Nombre de SO: Windows XP
Versión de SO: 5.1
Arquitectura de SO: x86

In this server I have two application and one web server using axis.

I want to restrict by Ip the apps and web service. It is possible?

Example:

App1, I want that only the net 192.168.0.0 / 24 can access it

App2, I want that only the next nets 192.168.0.0 / 24 and 192.168.1.0 / 24

Webservice, I want that only the next Ip can access it (192.168.0.1 / 32 
and

100.155.110.55 / 32)

Best regards, Julio.



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Import file > 3gb possible?

[Tim Funk]

It should be. But you cannot use request.getContentLength() to get the length 
of the posted data. You will need to get the Content-Length header and parse 
it to a long. Things like this were done in tomcat5 for serving files larger 
than 2GB. I am unsure if there is anything in the way in tomcat 4.1 to 
prevent uploads greather than 2GB.


-Tim

Terry Orechia wrote:

 Is it possible to import a large file greater than 3 gigabytes to a tomcat web server?   I am running tomcat 4.1 on debian with  Tomcat/Apache JK2 Connector .  I upload a file using multipart/form data on http Post request to servlet.  I have successfully uploaded a file that was just under 2 gb, but am getting "page cannot be displayed" error when I try to upload a file which is 3.1gb.   Is there a limit of  2gb on the size of a POST message in apache2?   There is a parameter LimitRequestBody that can be configured in conf.http in apache2 to limit the size of the post message.  The value of this parameter can be any number from 0 to 2gb.It is not configured so it is defaulting to 0 which is unlimited.   Does "unlimited" mean their is a max size of 2gb?   Is there a way to POST a messeg > 2gb so a file greater than 2gb can be uploaded from the desktop to the webserver? 


I have searched on the web and still do not understand if this can be done?

Thanks for your input,
Terry


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: flushing system.out

[Tim Funk]

I doubt you want to print to system.out in a servlet (or jsp).

Odds are you want flushBuffer
http://tomcat.apache.org/tomcat-5.0-doc/servletapi/javax/servlet/ServletResponseWrapper.html#flushBuffer()

or flush
http://tomcat.apache.org/tomcat-5.0-doc/jspapi/javax/servlet/jsp/JspWriter.html#flush()

-Tim

Nishant Deshpande wrote:

i'm printing stuff out to system.out in tomcat, but it doesn't get
flushed till the end of the request.

(i've tried system.out.flush())

has anyone got solutions to this problem? i'm not sure if its a tomcat
problem or some OS / jvm thing...



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: mod_proxy a risk?

[Tim Funk]

No. It looks like a config problem.

-Tim

Christoph Kukulies wrote:


I wonder whether mod_proxy can be a security risk in Apache2.0.54,
when being enabled in conjunction with tomcat (5.5).

A machine which is open to the world (on port 80 only) is blacklisted
at cbl.abuseat.org and I wonder how come.
 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Critical bug in RequestDispatcher.include(..) in Tomcat 5.5.16 ?

[Tim Funk]

You need to be using


Under the covers getOutputStream during the include. But a getWriter was 
already called. Once you call getWriter - you can't call getOutputStream, or 
you get the ISE.


jsp:include gets aroung this by wrapping the response and wrapping 
getOutputStream to avoid this issue.


-Tim

j.random.programmer wrote:

Is this my imagination or is tomcat really this
retarded and this insanely buggy ? Or am I 
doing something wrong ?


- x.jsp --
foo

<%
RequestDispatcher rd =
request.getRequestDispatcher("/foo.html");
rd.include(request, response);
%>

test;
-end-

- start foo.html 
This is a foo page, with some dummy html
-

Now, when i try to get "x.jsp", I get:

HTTP Status 500 -

type Exception report
message
description The server encountered an internal error
() that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: getOutputStream()
has already been called for this response

org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510)

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:387)

org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)

org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)

javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

root cause
java.lang.IllegalStateException: getOutputStream() has
already been called for this response

org.apache.catalina.connector.Response.getWriter(Response.java:599)

org.apache.catalina.connector.ResponseFacade.getWriter(ResponseFacade.java:195)

org.apache.jasper.runtime.JspWriterImpl.initOut(JspWriterImpl.java:124)

org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:117)

org.apache.jasper.runtime.PageContextImpl.release(PageContextImpl.java:191)

org.apache.jasper.runtime.JspFactoryImpl.internalReleasePageContext(JspFactoryImpl.java:115)

org.apache.jasper.runtime.JspFactoryImpl.releasePageContext(JspFactoryImpl.java:75)
org.apache.jsp.vbb.x_jsp._jspService(x_jsp.java:56)

org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)

org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)

org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)

javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

note The full stack trace of the root cause is
available in the Apache Tomcat/5.5.16 logs.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: tomcat version output in error messages

[Tim Funk]

You can use your own ErrorReportValve.

Look for errorReportValveClass in 
http://tomcat.apache.org/tomcat-5.0-doc/config/host.html


-Tim

Mike Schmelzer wrote:

Hi *!

I'm using Apache 2 and Tomcat 5 to host several websites. For security
reasons I don't want that Tomcat is displaying the Tomcat version in its
error messages (i.e. 404 error message). How can I prevent Tomcat from
displaying those software information?

I know the deal with the  directive within the web.xml but I
don't want to use that. I assume it should be possible to just disable those
software version output of the error messages by editing some include files
our whatever is used to build those error pages.



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to set value to environment variable in xml file in the Tomcat

[Tim Funk]

Use system properties.


Hi,
 
I need to set one of the parameter in the xml configuration file to the

environment variable + some text.
 
eg.







 


where $WEB_DIR is an environment variable.
How can I acheive this?
 
Thanks,

Sangita

  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Loading TLD from JAR file?

[Tim Funk]

If the tld is in the META-INF directory, then you do not need to map it 
web.xml - it will be loaded by tomcat for you. Then in your JSP - use 
the mapping in the tld identified by , for example:

http://java.sun.com/jsp/jstl/core

-Tim

Mike Wannamaker wrote:

Is it possible to have your tld files inside your jar file and then have
them loaded by tomcat?

Example: WEB-INF/lib/my.jar contains meta-inf/my.tld

Could I add an entry to my jsp or web.xml to load it from inside the jar
file on Tomcat 5.5.x?
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSP 2.0 tag files slowing development/deployment

[Tim Funk]

Yes tomcat 5.5.17 would speed things up since the Eclipse compiler is 
used and is faster.
You should ALWAYS precompile your webapp when placing it into 
production. It eliminates any compile penalties as well as validates 
that everything DOES compile before your deploy.

Uploading anything to the work folder is a bad idea.
Using JSP tags would make page compiling faster but there is a tradeoff 
in the easy of use of JSP tags vs .tag files.

Putting your .tag files into a jar will still occur a compile time penalty.
Using a template engine has its own tradeoffs. (Personally - I like 
freemarker if you need to use a template engine)


Good luck

-Tim


John Cherouvim wrote:


The second (big) problem, is when I try to deploy on the client's web 
server (intel xeon with 4 cpus with tomcat 5.0.28). I deploy and 
tomcat starts up in something like 9 seconds. Then I access the 
application for the first time, using a browser, and it takes more 
than an hour to build the 
work\Catalina\localhost\MY-APPLICATION\org\apache\jsp folder. Looking 
at the generated sources of those tag files it seems to me that its 
taking so much because tomcat has to calculate all the dependencies 
between tags. As soon as everything has compiled, the application runs 
smothly as expected. There are 118 tag files, and the 
work\Catalina\localhost\MY-APPLICATION\org\apache\jsp folder ends up 
with 238 files (one for .java and one for .class) and takes up 2.7mb. 
I don't know why such a fast machine needs so much time to generate 
1.47mb of source code, and compile it.


This situation is really bad for me and I'd like to know what can I do 
to improve the situation.

1. Would tomcat 5.5.17 improve anything on this issue?
2. Would precompiling the JSPs and tags improve anything?
3. Can I upload my work\Catalina\localhost\MY-APPLICATION folder to 
the client's server and force that tomcat not to re-compile? I tried 
it and it did start compiling the jsps/tags again.
4. Would changing some tags from tag files to proper Java 
javax.servlet.jsp.tagext.Tag classes improve anything?
5. If I package my tag files into a jar, would then tomcat had to do 
the work thing?

6. Should I change to another templating engine, such as Velocity?




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSP 2.0 tag files slowing development/deployment

[Tim Funk]

http://marc.theaimsgroup.com/?l=tomcat-user&m=108999588415291&w=2

-Tim

John Cherouvim wrote:

Thanks everyone for your replies.

I precompile my JSPs/tags from within netbeans 5.0. It produces a 
"generated" directory inside "build".
Placing the contents of build\generated\classes\org folder in 
work\Catalina\localhost\MYAPP\org does the job, but it's been said 
that messing around with "work" is not a good idea.
Could you please describe me (or point me to a FAQ/tutorial) on how to 
deploy my precompiled JSPs/tags?


thanks,
John

Tim Funk wrote:
Yes tomcat 5.5.17 would speed things up since the Eclipse compiler is 
used and is faster.
You should ALWAYS precompile your webapp when placing it into 
production. It eliminates any compile penalties as well as validates 
that everything DOES compile before your deploy.

Uploading anything to the work folder is a bad idea.
Using JSP tags would make page compiling faster but there is a 
tradeoff in the easy of use of JSP tags vs .tag files.
Putting your .tag files into a jar will still occur a compile time 
penalty.
Using a template engine has its own tradeoffs. (Personally - I like 
freemarker if you need to use a template engine)


Good luck

-Tim


John Cherouvim wrote:


The second (big) problem, is when I try to deploy on the client's 
web server (intel xeon with 4 cpus with tomcat 5.0.28). I deploy and 
tomcat starts up in something like 9 seconds. Then I access the 
application for the first time, using a browser, and it takes more 
than an hour to build the 
work\Catalina\localhost\MY-APPLICATION\org\apache\jsp folder. 
Looking at the generated sources of those tag files it seems to me 
that its taking so much because tomcat has to calculate all the 
dependencies between tags. As soon as everything has compiled, the 
application runs smothly as expected. There are 118 tag files, and 
the work\Catalina\localhost\MY-APPLICATION\org\apache\jsp folder 
ends up with 238 files (one for .java and one for .class) and takes 
up 2.7mb. I don't know why such a fast machine needs so much time to 
generate 1.47mb of source code, and compile it.


This situation is really bad for me and I'd like to know what can I 
do to improve the situation.

1. Would tomcat 5.5.17 improve anything on this issue?
2. Would precompiling the JSPs and tags improve anything?
3. Can I upload my work\Catalina\localhost\MY-APPLICATION folder to 
the client's server and force that tomcat not to re-compile? I tried 
it and it did start compiling the jsps/tags again.
4. Would changing some tags from tag files to proper Java 
javax.servlet.jsp.tagext.Tag classes improve anything?
5. If I package my tag files into a jar, would then tomcat had to do 
the work thing?

6. Should I change to another templating engine, such as Velocity?



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Future Releases

[Tim Funk]

http://tomcat.apache.org/faq/version.html#when

-Tim

[EMAIL PROTECTED] wrote:
What are the future releases of Tomcat and when are they scheduled? Could 
anyone please point me to a link which has this kind of information.


Thanks.
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Future Releases

[Tim Funk]

There is currently a Tomcat 6 in development. It has JSP 2.1 and Servlet 
2.5 spec support. Also a new feature still in development is comet 
support. There hasn't been talk of a release cycle for Tomcat 6 yet. So 
I can't say if there will be one 5 days, weeks, or months from now.


Tomcat 5.5.x will not support JSP2.1, and the 2.5 spec. It will get any 
enhancements such as performance or functionality.


-Tim

Richard Mixon wrote:

Tim,

I don't believe that answers Sridhar's question (or mine). It has been
noticable since the latest J2EE spec was release (with updates to the JSP
and Servlet spec) this past spring - I have not seen any mention of a future
version of Tomcat that might support them. Not asking for a date/when, just
is there any work being accomplished to this end. Or maybe it will just be
slip-streamed into Tomcat 5.5.x?

-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 15, 2006 10:25 AM

To: Tomcat Users List
Subject: Re: Future Releases

http://tomcat.apache.org/faq/version.html#when

-Tim

[EMAIL PROTECTED] wrote:
  
What are the future releases of Tomcat and when are they scheduled? 
Could anyone please point me to a link which has this kind of information.
 



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Logging of request parameters -- how do I turn off

[Tim Funk]

You need to use a custom pattern with the AccessLogValve

pattern='%a %U'

http://tomcat.apache.org/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/valves/AccessLogValve.html

It would be much better to use POST requests when items such as 
passwords are in the URL. This way they will also not be cached by the 
browser or any intermediate proxies.


-Tim

Rob Tanner wrote:
Hi.  I've noticed that request parameters are being written to the 
file catalina.out (using Tomcat 4.1.31).  For the most part I don't 
really care, but when forms include passwords and those plaintext 
password gets written into the file I do.  I've never intentionally 
turned that capability on.  How do I turn it off?


Thanks,
Rob




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Next version of Tomcat (Tomcat 6.0 ?)

[Tim Funk]

If my wording (an understanding) is correct ... Tomcat was never the 
reference implementation. The reference implementation provided by Sun 
was based on Tomcat.


AFAICT - glassfish is now considered the reference implementation for 
any J2EE spec.


-Tim

Leon Rosenberg wrote:

On 8/23/06, David Smith <[EMAIL PROTECTED]> wrote:

As per a recent thread, there is no time frame for 6.0.  I would suspect
it's tied to the final release of Servlet Spec 2.5 given it's the
reference implementation.


is it? I thought tomcat isn't the reference impl anymore since glassfish?
regards
leon



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Avoid chunk response

[Tim Funk]

IIRC - There was a discussion on this a while bakc (in tomcat user, dev, 
or bugzilla).


But I believe the resolution was - there is no configurable way to do so.

If you want no chunking at all - then at a minimum - you need to set the 
content length explicitly. (response.setContentLength()) - but doing so 
requires you to know the size of the content you are sending.


-Tim

COURTAULT Francois wrote:

Hello,
 
I have made some tests and it seems that if the response to a request

exceeds a size limit, the response is chunked.
 
Is there a way to avoid that ? or is there a way to set this limit in a
configuration file ? 
 
Regards.
 

  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: HowTo question: Setting java system properties in web.xml?

[Tim Funk]

There is no way to do this in tomcat. The alternative is the link you 
provided

http://wiki.apache.org/tomcat/HowTo#head-45c3314139cb900ddd43dde2ff671532e6e844bc

OR
Use JNDI to do the lookup. You'll do this via *|* in web.xml 
Then this environment entry can be set in web.xml or overridden in 
tomcat's context config.*|*

http://tomcat.apache.org/tomcat-5.0-doc/jndi-resources-howto.html

-Tim

Bryce Nesbitt wrote:

Hi all;
This is a question about setting java system properties, especially in
web.xml.

I have a legacy application that reads Java system properties:
System.getProperty("com.foo.timezone")

Which were once on the command line:
JAVA_OPTS="-Dcom.foo.timezone=America/Los_Angeles"

Or in resin.conf:


Now that I'm moving to tomcat5, how can I get the same functionality, on
the assumption than I can control only the webapp (not the tomcat
instance)?  I need some file I can tweak on a per-webapp basis.
 
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Log analysis with Apache, mod_jk and 2 Tomcat instances

[Tim Funk]

If apache is serving all the traffic - then tomcat doesn't need to 
record any access logs. (Unless you need monitor how much load went to 
each tomcat) Apache will have every request. If you combine the logs - 
you would double count some of your requests.


-Tim

Frank Niedermann wrote:

Hello,

for a project I had to set up an environment with Apache2, mod_jk and 2 Tomcat
instances. Apache2 / mod_jk will route requests to Tomcat1 and Tomcat2 (load
balancing).

How can I install a log analysis tool like AWstats into this environment?

I mean which log files should I use, Apache2-log, Tomcat1-log or Tomcat2-log?
Can I combine them all together?
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to redirect to a jsp

[Tim Funk]

If I am reading this correctly, an "easier" solution would be to create 
an index.jsp at the root level that forwards to "/jsp/index.jsp"


-Tim

Romain Quilici wrote:

Hi all,
this question seems simple, but I did not figure out how to answer it.

In my web.xml I have defined a default servlet. So it can handle 
requests that does not match other servlets pattern.


  DefaultServlet
  /
   

Then in my DefaultServlet, I want to redirect to a jsp page, so I use
RequestDispatcher dispatcher = 
getServletContext().getRequestDispatcher("/jsp/index.jsp");

   if(dispatcher != null){
   dispatcher.forward(request,response);
   }

But doing that, I reenter in my default servlet's doGet method.

What I want is rather simple, when a user connect to the site 
http://server/myapp/, then the request is handled by the default 
servlet and the jsp page is displayed 



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Looking for someone to review a Tomcat setup.

[Tim Funk]

My first guess would be your database server is taken down for cold 
backups once a week and the JDBC driver is barfing on that. [Assuming 
its pooling driver of some kind]


Good luck

-Tim

Charles P. Killmer wrote:

Is anyone in the Central Minnesota area interested in reviewing a Tomcat
5.5 setup and providing suggestions for proper setup?  I have a number
of production sites running on it and everything was working fine on it.
Now about once a week, one of the sites will stop responding.  I need to
log in and restart IIS 6.0 and Tomcat before it starts working again.
This is a very big headache.

Setup
Windows Server Standard 2003 SP1
IIS 6.0
Tomcat 5.5
SQL Server 7.0 on a separate Server
 
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: the future of Tomcat... (JEE 5 and Tomcat 6)

[Tim Funk]

Tomcat 6.0 is getting polish with respect to the docs at the moment and 
there are other technical discussions as can be found on the dev list.


Tomcat will support JSP2.1. Personally  - I'm not on top of the JSF spec 
but if all it requires is a JSP2.1 container - then you should be good 
to go.


There is no date for release - but inertia seems like there should be an 
alpha release in the coming weeks. (My opinion only - there has been NO 
talk of dates on the dev list at this point)


The building on tomcat 6 is very easy so you can easily check it out 
from SVN and kick the tires.


-Tim

Paulo Alvim wrote:

Hi!

We're heavy TC 5.x users with lots of sucessfull production cases in Brazil
using Hibernate, Struts and others OSS (after bad EJB 2.x experiences like
many companies)...

But now with EJB 3.0 and JSF 1.2 - and lots of improvements in the JEE
specification - we'll have to migrate to a JEE 5 environment.

Our questions are:

Will Tomcat 6.0 really support JSF 1.2 and JSP 2.1? If so, is there any
date?

  


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: CGI vs SMTP vs Tomcat

[Tim Funk]

A CGI run from tomcat is just like any other exe. It runs outside the 
JVM sandbox so it may do as much evil (or good) as it wants. If  Tomcat 
is being run as a service. It could be your PATH and other environment 
variables may not be configured correctly. (Or at all)


-Tim

HALSTEAD SGT WARREN F wrote:

Good Afternoon,

I am running Tomcat 5 with CGI enabled. I am attempting to use
Net::SMTP to send e-mail, and it works fine from the command line, but
not running as a CGI script. I have scoured the internet and found other
people with this problem, but the derisive answer to their pleas for
help has been "Write it in Java dummy!"

I do not have that option, and so I must ask if there is some
security function in Tomcat or a workaround, that allows perl CGI
scripts to make a socket connection to port 25 of another server.
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: AXIS: tomcat always do http compression without watch min size

[Tim Funk]

compressionMinSize only works with fixed file sizes. If axis is NOT 
setting the ContentLength before serving back results - then 
compressionMinSize can't be checked to see if compression can be done. 
And then compression will be done based on the client input headers.


-Tim

wakeup wrote:

Hi,

I have an apache tomcat 5.5.17. In my server.xml file I have put



It run sucessfull with normal html tomcat pages. But when I ask to axis 1.4
webservices it always compress the response althought it be less than 1kb.
Why axis don't respect compressionMinSize parameter?
Thanks
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: specify filter in server.xml

[Tim Funk]

You don't, you were right when you put it in $CATALINA_HOME/conf/web.xml

-Tim

Magnus Bergman wrote:

Hi,
I would like to add a filter to server.xml, to have a 
"server-wide-filter", but it doesn't seem to be registered. It works 
fine if I put it in any-webapp/WEB-INF/web.xml or in 
$CATALINA_HOME/conf/web.xml, but it doesn't work if I put it in 
server.xml? Exact where in server.xml should I specify it?



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: AXIS: tomcat always do http compression without watch min size

[Tim Funk]

you won't be able to disable the chunked encoding.

But you can disable the compression by ensure the client does NOT send a 
"accept-encoding" header with the a value containing "gzip" or by using 
the noCompressionUserAgents, compressableMimeType attributes on the 
connector.


-Tim

wakeup wrote:

Thanks, I think you are right. Axis don't set content-leght because it is
sending response chunked. Where do I have to disable chunk in the axis
server o in the client?

Thankss


Tim Funk wrote:
  
compressionMinSize only works with fixed file sizes. If axis is NOT 
setting the ContentLength before serving back results - then 
compressionMinSize can't be checked to see if compression can be done. 
And then compression will be done based on the client input headers.


-Tim

wakeup wrote:


Hi,

I have an apache tomcat 5.5.17. In my server.xml file I have put



It run sucessfull with normal html tomcat pages. But when I ask to axis
1.4
webservices it always compress the response althought it be less than
1kb.
Why axis don't respect compressionMinSize parameter?
Thanks
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Performance decreasing if access.log enabled

[Tim Funk]

Unless you are max'd on working threads - access logging should not be a 
performance hit. Access logging takes pace after the response is sent to 
the client.


BUT if the access logs are big, AND  you a re low on disk, AND/OR your 
disk is SLW then that could be a problem. The overhead of logging 
the access log is pretty low.


-Tim

Frank Niedermann wrote:

Hi,

my users are experiencing increasing performance if I enable access.log:




Is that possible or do I have another performance issue?

Is there a way to see what Tomcat is doing right now? Maybe the logging is
using too much JVM ressources and therefore steals performance from Tomcat -
but I don't know how to evaluate this.

Regards,
  Frank
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Performance decreasing if access.log enabled

[Tim Funk]

Something seems odd with your system. I have pounded some tomcat 
installations with old unix hardware with and without access logging and 
could hardly tell the difference.


In linux - i was able to tell more of a difference, but not enough to 
turn off logging.


I am at a loss of where the bottleneck is. If your using *nix - your 
system should have some OS benchmarking to see disk utilization or other 
potential bottlenecks.


Good luck.

-Tim

Frank Niedermann wrote:

I've installed LambdaProbe and it tells me that there are not much Threads
(about 50) and most of them are in state of waiting or timed_waiting. So
that seems to be okay - but what if Tomcat sent the response to the first
user request and then does the logging, while the next request or other
users are waiting?

And this:
The log files are under 20 MB, that should be fine, shoundn't it? The disk
is way far from beeing full and it's a RAID1 with SCSI disks so they should
have enough performance.

I'm now totally unsure if I should enable access.log-files (to have
statistics with AWstats) or disable them (to have more performance) ...

Frank


Frank Niedermann wrote:
  

Tim,


Tim Funk wrote:

Unless you are max'd on working threads - access logging should not be a 
performance hit. Access logging takes pace after the response is sent to 
the client.


  
BUT if the access logs are big, AND  you a re low on disk, AND/OR your 
disk is SLW then that could be a problem. The overhead of logging 
the access log is pretty low.





The log files are under 20 MB, that should be fine, shoundn't it? The disk
is way far from beeing full and it's a RAID1 with SCSI disks so they should
have enough performance.

I'm now totally unsure if I should enable access.log-files (to have
statistics with AWstats) or disable them (to have more performance) ...

Frank


  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Performance decreasing if access.log enabled

[Tim Funk]

You can have conditional access logging.
http://tomcat.apache.org/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/valves/AccessLogValve.html

condition='foo'

If set the Valve will look in the ServletRequest for an attribute called 
foo. If it exists then the request is logged. (Of course you can 
substitute any name for foo)


-Tim

Frank Niedermann wrote:

Unfortunately I have to use Windows Server 2003 as the company behind the
application we're using is not supporting UNIX/Linux.

Windows also has performance utilities but they tell me that the server
isn't heavily loaded at all.

A good think would be to have a smaller access log just for statistics, like
only one line per user access and not every file which transferred to the
user (html, images, js and so on) ...

  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: getPageContext returns null

[Tim Funk]

Variables in pageContext scope are only available to the JSP. It looks like 
you should be setting variables in the request scope.


-Tim

Michael Neel wrote:


Hi,

Quick overview, I'm setting some variables in the session from my
servlet to be used in my JSP/JSTL page.  Everything is fine if a JSP
page is called before the servlet, but a call to the servlet first
results in JspFactory.getPageContext to return null.

To reproduce, I restart the Tomcat server, clear the session cookies
from the client, and go to the servlet URL directly.

I found this bug report which is the problem exactly: 
http://issues.apache.org/bugzilla/show_bug.cgi?id=3752


If i go to a jsp page after starting the server, any JSP page, then go
to the servlet url directly everything works as expected.  Like the
bug poster, if this is a no-no I'm curious why the factory and the
call to create the context throw no exceptions.  I'm more curious
though as to what the correct way is for passing information from
servlet to jsp.

Mike

A stripped down version of the code in question:

RequestDispatcher dispat = null;

JspFactory factory = JspFactory.getDefaultFactory();
PageContext pageContext = this.factory.getPageContext( this, request, 
response,
null, false, JspWriter.DEFAULT_BUFFER, true);

// expected URL is something like /AppName/SevrletName/45
// path_info is '/45'
String id = request.getPathInfo().substring(1);

// *snipping* sql-setup to look up 'id'
ResultSet rs = sql.executeQuery();
if(rs != null) {
rs.next();
String title = rs.getString("title");
String preamble = rs.getString("preamble");

pc.setAttribute("title", title, PageContext.REQUEST_SCOPE);
pc.setAttribute("preamble", preamble, 
PageContext.REQUEST_SCOPE);

dispat = getServletContext().getRequestDispatcher('page1.jsp');
}
else {
pc.setAttribute("errorMessage", "ID was not found",
PageContext.REQUEST_SCOPE);
dispat = getServletContext().getRequestDispatcher('error.jsp');
}

factory.releasePageContext(ps);

dispat.forward(request, response);



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Trying to use a filter to redirect to a servlet

[Tim Funk]

You can't run a filter against j_security_check

-Tim

Klotz Jr, Dennis wrote:

What I'm trying to do is once a user is authorized on my server, using FORM 
based authorization, I want a different servlet (other than what the user might 
have originally requested) to be called before any web page is shown to the 
user. The servlet helps manage a user's account and I need to let the servlet 
know as soon as the user has logged in.
 
How can I do this?
 
Here's what I've tried to do writing my own filter.
 
example of my filter:
 
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain)

{
// get authorized by j_security_check


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Trying to use a filter to redirect to a servlet

[Tim Funk]

Ahh - I reread the original.

Once  chain.doFilter(request,response) is called - the response is committed 
and you are probably seeing IllegalStateExceptions in your logs.


You'll want something like this:

if (someCheckForAuth) {
  sendRedirect( ... )
} else {
  chain.doFilter(request,response)
}



-Tim

Klotz Jr, Dennis wrote:


Thanks for the reply.

Sorry, I guess I didn't explain how I'm applying the filter well enough.

The filter is mapped to my JSP pages.
When a user goes to the URL for the JSP page of interest they get a form
to log in. The action of the form is j_security_check. When the filter
is executed it occurs before j_security_check has been called, because
they have tried to request a JSP page that is mapped to a filter and
j_security_check is a servlet from what I understand. Filters as far as
I know are a layer above servlets and the request goes through the
filter first. That's why I need to, in my filter, call
chain.doFilter(request, response). This makes sure that j_security_check
has done its job. Then I can perform my redirect after j_security_check
has done his job.

So that's why I was using the filter. If you have any other ideas I'd
really appreciate it.


Thanks for your time and help.

-Dennis 




-----Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 27, 2005 11:48 AM

To: Tomcat Users List
Subject: Re: Trying to use a filter to redirect to a servlet

You can't run a filter against j_security_check

-Tim

Klotz Jr, Dennis wrote:


What I'm trying to do is once a user is authorized on my server, using


FORM based authorization, I want a different servlet (other than what
the user might have originally requested) to be called before any web
page is shown to the user. The servlet helps manage a user's account and
I need to let the servlet know as soon as the user has logged in.



How can I do this?

Here's what I've tried to do writing my own filter.

example of my filter:

public void doFilter(ServletRequest request,ServletResponse


response,FilterChain chain)


{
   // get authorized by j_security_check



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: barring :8080 to the outside world

[Tim Funk]

To your Connector declaration - add:
address='127.0.0.1'

-Tim

Christoph P. Kukulies wrote:

I'm a bit concerned that I find the customers' site I'm currently working
on being open with port 8080 to the outside world.

What is the standard way to make tomcat safe in that it doesn't present
the jakarta interface and everything on port 8080 to the outside?

(internally it should work though - localhost).



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: A Simple Advice

[Tim Funk]

The last way (the one without the web.xml) should work fine.

-Tim

Alvaro Seixas wrote:

Hello List!!

I need a simple advice from you guys. I'm running TC 4.1 on Win 2K.

I need to share large amounts of static content (image files) between contexts. 
These images will be stored in 12 shared folders (in a NAS storage). What's the 
best approach to do that??

I thought of creating a context - in webapps - and use symlinks, but there's a 
restriction for that on Win enviroments. I know that if I just add a 
'imgapp.xml' file - with docBase=\\x.x.x.x.\img01 - it works since Tomcat uses 
a default 'web.xml'. However, is this right??
Also, do I have to create 12 contexts in order to serve all the images??



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Backing up a web application?

[Tim Funk]

In that case - "an easy way" is to not use the webapps dir for 
autodeployment. Keep 2 copies of your webapp (old and new) somewhere on disk. 
Then change the context declaration file (the file with ) to 
point to the new directory.


-Tim

Larry Mulcahy wrote:


My question is:

Is there a straightforward way to back up a web application in Tomcat 
(5.0.28)?
By this I mean make a copy of a deployed webapp with a different 
application context.


I'd like to deploy a new version of a web application on a production 
server

while retaining the old version in case of problems.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Modifying the Tomcat Cache?

[Tim Funk]

You need to create your own classloader and load your custom class into that 
classloader. Then when it changes - you disregard that classloader (and its 
class). Tomcat is not doing the caching - the jvm is.


-Tim

Michael Vorschütz wrote:


Hello,

My web application generates at runtime a java class and compiles it. If I
change this class and recompile it the application uses the old class from
the tomcat cache and not the new compiled one.

Is there a possibility to delete this cached class manualy or force tomcat
not to cache this class?

I don't want to restart the tomcat or delete the whole cache after the
changing. And I don't want to set the reloadable parameter to true for the
whole web application.

Has somebody an idea how I could implement this?
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: finalize question

[Tim Funk]

See ...
http://opensource2.atlassian.com/confluence/spring/pages/viewpage.action?pageId=2669

(I really need to update the FAQ on this one)

-Tim

Andy Kriger wrote:


I have a webapp that causes Tomcat to die with an OutOfMemoryError due
to PermGen after about 10 reloads. I am trying to determine if there
is a memory leak in my code or maybe even one of our 3rd-party
libraries. I am using AspectJ to log whenever any object's finalize
method is called. Problem is, I'm not seeing any finalize methods
being called. I have a ServletContextListener that calls System.gc to
help force collection (though I realize that's not guaranteed).

As far as Tomcat is concerned, when would objects in a webapp be
finalized? On app stop? On reload? On undeploy?

Any suggestions on how to isolate this memory leak?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: question about web-inf/lib

[Tim Funk]

You can place common library in common/lib. If that class needs to use 
reflection to instantiate any classes in your webapp - it may fail. (But 
since this looks to be a standalone utility - that doesn't seem to be the case)


In the case of the reloads - a dll may only be registered once during the 
life of the JVM. SO you might need a utility class at the common/lib (or 
common/classes) level to handle the registration of that class so that it 
only happens once.


-Tim

John MccLain wrote:

we currently have 1 project in tomcat webapps dir. We want to add another
project there. The problemn is that we would like to have both projects'
web-inf/lib populated with the same set of libraries (jar files). When we
kick off Tomcat with this configuration,The second context fails to load
because as part of context initialization in both apps, we are using JST.dll
and .jar  - A Registry reading utility; It seems that if context1 loads a
.dll, it cannot be reloaded for context2. We are getting  "Native Library
C:\tomcat\webapps\Acuity\Configuration\jst.dll already loaded in another
classloader"

How can we avoid this?

If we place the .dll and .jar in Tomcat/common/lib, and set our System path
to it,  will this solve the problem?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: "Illegal to flush within a custom tag"

[Tim Funk]

It looks like your custom tag is creating its own body content. The body 
content is handed back to the tag so furthur transformations may be done on 
it. So the whole tag needs evaluated and buffered before it may be flushed.


Your tag is returning BodyTag.EVAL_BODY_BUFFERED during doStartTag(). If it 
returns Tag.EVAL_BODY_INCLUDE, then the contents in the tag will be writing 
directly to the current output buffer.


-Tim

Graf László wrote:


Hi
I have some custom tags which can have in body
other custom tag(s). Some of them list the content
of a ResultSet in HTML page. I used flush to force
the output of HTML.

This solution works fine using IAS9i but ported to
JBoss 4.0.3 (what includes Tomcat 5.5.9) it throws

"java.io.IOException: Illegal to flush within a custom tag
   at javax.servlet.jsp.tagext.BodyContent.flush(BodyContent.java:79)".

If I do comment those lines containing 'flush', the
output does not appear. How can I fix this problem?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache filters?

[Tim Funk]

Unless you use a 3rd party authorization package which has a tomcat and 
apache plugin - your out of luck


-Tim

ALEX HYDE wrote:

Hi all,
 
I am using Tomcat to serve up my image content. I was considering moving this static content to Apache itself but I'm stuck on how to do dynamic authorisation of a directory in Apache. In Tomcat I can restrict access to the images directory by adding a filter and in this filter dynamically checking for a valid security pin in the url. But how would I do such a thing in Apache? I know Apache can do it based on user or requesting machine but this is more dynamic.
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Load class from different web app

[Tim Funk]

You are violating the servlet spec. Do not pass go, do not collect $200.

Classes for a webapp need to be in WEB-INF/classes and WEB-INF/lib. Tomcat 
does allow for webapps to share classes via the $CATALINA_HOME/shared and 
$CATALINA_HOME/common directories but you'll need to see the classloader docs 
on any restrictions.


-Tim

Steven Nakhla wrote:


I'm writing a web application (a portal app, to be specific) that needs to
be able to load a class (using Class.forName(...)) that was deployed in a
different web application from the one I am developing. I've deployed the
target web app containing the class I want to load, but whenever I call
Class.forName(), I get a "java.lang.ClassNotFoundException". Is there
anything special I need to do if I want to load this class? It appears it is
a classloader issue, but I don't know enough to determine what the problem
is. Any help is greatly appreciated!

Steve Nakhla



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Load class from different web app

[Tim Funk]

Placing classes jdk/jre/lib/ext puts them into the system classloader. This 
opens a whole class of class not found errors and errors related to tomcat 
not reloading classes. (As well as memory leaks due to Classloaders not being 
freed)


-Tim

Michael Forster wrote:


That is not strictly true, We had an application at work that used JNI and
was part of a Database access library as well as accessing things like the
Machines Hostmac address.

We could not run it from the Tomcat area and had to put it into a jar file
and put the jar file into the JVM jdk/jre/lib/ext dir and then it worked
fine as any classes / libraries in that dir are loaded by the JVM meaning
they are always available - This is also where we put the JDBC driver jar.

Mike.

-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: 04 November 2005 11:32
To: Tomcat Users List
Subject: Re: Load class from different web app


You are violating the servlet spec. Do not pass go, do not collect $200.

Classes for a webapp need to be in WEB-INF/classes and WEB-INF/lib. Tomcat
does allow for webapps to share classes via the $CATALINA_HOME/shared and
$CATALINA_HOME/common directories but you'll need to see the classloader
docs
on any restrictions.

-Tim

Steven Nakhla wrote:



I'm writing a web application (a portal app, to be specific) that needs to
be able to load a class (using Class.forName(...)) that was deployed in a
different web application from the one I am developing. I've deployed the
target web app containing the class I want to load, but whenever I call
Class.forName(), I get a "java.lang.ClassNotFoundException". Is there
anything special I need to do if I want to load this class? It appears it


is


a classloader issue, but I don't know enough to determine what the problem
is. Any help is greatly appreciated!

Steve Nakhla




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.12.8/161 - Release Date: 03/11/2005



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: request.getSession(false) incorrectly creates a session

[Tim Funk]

If you are using jsp - you need <[EMAIL PROTECTED] session='false'%> in your page 
otherwise - a session is created for your whether you use it or not.


-Tim

Andy wrote:

Hi,

When I deploy my web app and call request.getSession(false), according to
the
javadoc, if a session does not exist null is returned. However I'm getting
an
object returned when I have not created a session myself.

The object is an instance of this class -

org.apache.catalina.session.StandardSessionFacade

As a result my unit tests, using mock objects, all work fine, but when I
deploy my  application it breaks because a session is created incorrectly,
it seems to me.

I'm using Tomcat 5.5. Anybody care to enlighten me?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Asking Again: How to create multiple context's linked to the same webapp, without instantiating multiple webapp instances

[Tim Funk]

If the servlet is that simple. I would
1) rewrite it as a filter
2) Put it in the root webapp
3) Map the filter to all requests
4) Use a config file to handle all your mappings
5) make the filter smart enough to re-read the config file 
(servletContext.getResourceAsStream()) to detect changes so you don't have to 
restart the webapp. Timing on how often to detect for changes is your call.

6) Done

If you can keep the config file used by the filter as a file outside of the 
webapp root - then you can replace the config file without touching the webapp.


-Tim

Leon Rosenberg wrote:


asking again...
any ideas, anyone?

thanx
leon

On 11/15/05, Leon Rosenberg <[EMAIL PROTECTED]> wrote:


Hi,

I have following situation:

Business wishes (God knows why) to have a proxy proxying 6 different
context's on our server and fetching context from another server:

http://ourserver/foo/bla.html (internally fetched from )
http://anotherserver/ourname/foo/bla.html
http://ourserver/bar/bla.html -> http://anotherserver/ourname/bar/bla.html
...and so on.

I wrote a small webapp (1 servlet, 1 url-fetcher) which maps the
context and path, fetches the content of the url and delivers it to
the user. Let's say it's xxx webapp. I didn't want to make a copy of
it for any of foo,bar, etc context's, so I droped following xml files
into my $catalina_home/conf/Catalina/localhost:
foo.xml with content:
,
bar.xml with content:
,
and so on, for each context.

Everything is working fine, except, that the webapp is loaded once per
context which makes 6 times for now and probably 60 in half year. I
think it's a waste of resources and am searching for another solution.

Note that I already have a ROOT webapp (otherwise I'd place it under
root with servlet mapping instead of contexts) which I'd like not to
touch, because of different release cycles of both applications.

What is the best strategy to achieve my goal (having multiple context
mappings to one instantiated webapp) ?

Virtual hosts?
URL Rewriting Filter in ROOT webapp?
Something else?

Thanx in advance :-)

Regards
Leon




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Asking Again: How to create multiple context's linked to the same webapp, without instantiating multiple webapp instances

[Tim Funk]

A filter can trap all requests before the servlet is invoked. Thats why I 
like them better for this situation (in the root webapp). You can use a 
filter to rewrite the request to another context with the same code as you 
would do it with a servlet. (Via a cross context forward)


-Tim

Leon Rosenberg wrote:

thanks tim.

What is the benefit of using Filter instead of servlet?
The only thing I see, is that I can reconfigure it without changing
the web.xml and therefore without restarting the server. Anything
else?

I wanted to keep this functionallity out of the root webapp, not to
save the server from a restart, but to keep the release process
simplier. It's quite easy to release a one servlet webapp, as to
release our root webapp with all the tagging, testing and so.
But I think, I have no other choice :-)

Btw. can I rewrite url with a filter, so that the request goes to
another webapp?

regards
Leon

On 11/15/05, Tim Funk <[EMAIL PROTECTED]> wrote:


If the servlet is that simple. I would
1) rewrite it as a filter
2) Put it in the root webapp
3) Map the filter to all requests
4) Use a config file to handle all your mappings
5) make the filter smart enough to re-read the config file
(servletContext.getResourceAsStream()) to detect changes so you don't have to
restart the webapp. Timing on how often to detect for changes is your call.
6) Done

If you can keep the config file used by the filter as a file outside of the
webapp root - then you can replace the config file without touching the webapp.

-Tim

Leon Rosenberg wrote:



asking again...
any ideas, anyone?

thanx
leon

On 11/15/05, Leon Rosenberg <[EMAIL PROTECTED]> wrote:



Hi,

I have following situation:

Business wishes (God knows why) to have a proxy proxying 6 different
context's on our server and fetching context from another server:

http://ourserver/foo/bla.html (internally fetched from )
http://anotherserver/ourname/foo/bla.html
http://ourserver/bar/bla.html -> http://anotherserver/ourname/bar/bla.html
...and so on.

I wrote a small webapp (1 servlet, 1 url-fetcher) which maps the
context and path, fetches the content of the url and delivers it to
the user. Let's say it's xxx webapp. I didn't want to make a copy of
it for any of foo,bar, etc context's, so I droped following xml files
into my $catalina_home/conf/Catalina/localhost:
foo.xml with content:
,
bar.xml with content:
,
and so on, for each context.

Everything is working fine, except, that the webapp is loaded once per
context which makes 6 times for now and probably 60 in half year. I
think it's a waste of resources and am searching for another solution.

Note that I already have a ROOT webapp (otherwise I'd place it under
root with servlet mapping instead of contexts) which I'd like not to
touch, because of different release cycles of both applications.

What is the best strategy to achieve my goal (having multiple context
mappings to one instantiated webapp) ?

Virtual hosts?
URL Rewriting Filter in ROOT webapp?
Something else?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat overwrites error response body

[Tim Funk]

Don't use sendError() - use setStatus(). Also - se the status first as to 
ensure the response is not committed before you send th body of the page. 
Also - once the page is done - try and close the resonse to ensure any error 
handling by tomcat is not done.


-Tim

Anurag Chakravarti wrote:

Hi,

Tomcat sends back a default error HTML page, even when I don't want it
to. I want my servlet to send its own error response body. I am doing
the following in my servlet doPut method.

java.io.PrintWriter pr = resp.getWriter();
pr.println(e.getErrorCode().serialize());
resp.sendError(e.getCode());

This does not work. Tomcat sends me a HTML page which I don't want.
What am I missing here.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Newbie question - How to verify version of Tomcat?

[Tim Funk]

http://tomcat.apache.org/faq/misc.html#version

-Tim

Ritchie Gillam wrote:

Should be an easy questions for the Tomcat users out there.

I know I have Tomcat installed but I did the installation  many moons ago.  Is 
there a command that I can run from Windows that will tell me what version I am 
running (have installed)?

Any help is appreciated.  




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to set restrictions on the retreival of files from some directories

[Tim Funk]

Something is fishy with your server (or configuration) I cannot reproduce 
that issue with 5.0.28 on windows.


-Tim

Brian Buchanan wrote:


Upgrade.  In a short test on two of my servers, 5.0.28 on windows has this
WEB-INF. vulnerability, but 5.5.7 did not.

-Original Message-
From: "Alla Winter" <[EMAIL PROTECTED]>
To: 
Date: Thu, 17 Nov 2005 14:19:13 -0600
Subject: How to set restrictions on the retreival of files from some
directories



BY default it is possible to retrieve files located under the 'WEB-INF'
directory. For example: www.someserver.com/WEB-INF./web.xml or
www.someserver.com/WEB-INF./classes/MySer
 
vlet.class


What needs to be done to prevent it ?   Why such restrictions are not
set by
default?  This vulnerability prevents us to pass the security
certification
test



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSP compilation

[Tim Funk]

TestMe.class is not the file created.

Look in $TOMCAT_INSTALLATION/work/. It'll probably be called TestMe_jsp.class

-Tim

Milan Tomic wrote:

 


I have created simple TestMe.jsp page and when I open it in Tomcat, I can
see it OK. The problem is that I can't find, using WinXP WE search engine,
TestMe.class file. Where is it? Are JSP files compiled?




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: unix user auth within servlets/jsps?

[Tim Funk]

I think there is a JAAS plugin which allows unix password authentication so 
using JaasRealm will probably be the way to go.


I think somewhere on sun.com there are some jsp / servlet mailing lists.

-Tim

Kristian Rink wrote:


- From a Perl programmers point of view, determining which folders to use
might be an easy task doing some black text-processing magic using
/etc/passwd, but that's somehow not the way, I guess. Besides this,
users of course need to login to the site before they may up/download
anything, so I need to authenticate them against the Unix-style user
information stored locally. I'm not yet completely sure how to deal with
this... So, two questions:

* How to link a jsp/servlet-based app to any unix-based user management?
Will I have to take a dive into JAAS for this, or is there a faster way?

* Generally, since this is not really tomcat-related (just to the point
that I'm using tomcat for this): Can anyone recommend a good
mailing-list for j2ee newbies? :)



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 5.0.27 >> java.net.SocketException: Software caused connection abort: recv failed

[Tim Funk]

Not a tomcat issue. Its a mysql driver issue. IIRC - there is an 
autoreconnect option for the mysql driver.


-Tim

Rajiv Singla wrote:


Hi,

I am working on a web application which uses Tomcat-5.0.27 as Application server and MySql 4.1 as DB server. 
The application uses Struts 1.1 and Hibernate 3.0 frameworks.


I am facing a problem with the application. If the servers are kept running 
idle for a long time(7-8 hours or overnight) and then someone tries to login, 
the application does not allow the user to login and throws exceptions.
When I restart the MySql server, the problem still remains but if I restart the Tomcat server, it works fine. 

Could someone tell me what is the problem with the servers and how it could be rectified? 

Here is the full stack trace of errors I get : 

STACKTRACE: 

java.net.SocketException: Software caused connection abort: recv failed 
at java.net.SocketInputStream.socketRead0(Native Method) 
at java.net.SocketInputStream.read(SocketInputStream.java:129) 
at java.io.BufferedInputStream.fill(BufferedInputStream.java:183) 
at java.io.BufferedInputStream.read1(BufferedInputStream.java:222) 
at java.io.BufferedInputStream.read(BufferedInputStream.java:277) 
at com.mysql.jdbc.MysqlIO.readFully(MysqlIO.java:1316) 
at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:1463) 
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:1854) 
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1109) 
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1203) 
at com.mysql.jdbc.Connection.execSQL(Connection.java:2090) 
at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:1496) 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Virtual folders in Tomcat

[Tim Funk]

Create a new Context declaration (in a new xml file under the webapps folder 
of your tomcat installation) that points you there.


-Tim

Roland Rabben wrote:


Hi,
I want to map a "virtual" folder to my Web application. How can I set up
my system so I can have a "data" folder on a different disk than the web
application folder under Tomcat. 


Let's say I install Tomcat and My Web App under
c:\tomcat\webapps\my_web_app\
This would translate to http://myserver.com/my_web_app/

Let's say my "data" folder is on d:\data\

How can I create a mapping that translates to:
http://myserver.com/my_web_app/data/
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: File Download not working for anchor tags

[Tim Funk]

Are you doing this?
http://tomcat.apache.org/faq/misc.html#saveas

-Tim

Mike wrote:


Hello,

I've encountered a bug with the 4.1.31 version of Tomcat. Apparently, when
I use an anchor tag for a file, and I click on the link, it does not 
show the
file download message "Do you want to open or save this file?" with the 
open

and save options. Instead, it displays the file in the browser. I know you
could normally save this information from the browser to a file, but I 
need it

to show the download message because it's easier for users to save their
file. I'm using Internet Explorer version 6, SP2. I've also tried setting
the "Confirm open after download" check box for file types to no avail. It
use to work in Tomcat 4.1.18.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: web.xml question

[Tim Funk]

Security constraints are only imposed on the incoming URL.

Long story short - you'll need to place the entire webapp in SSL. There is no 
clean way to use declarative statements to force the login to be SSL and the 
rest of the webapp be nonssl.


-Tim

Klotz Jr, Dennis wrote:


Hello all. I hope your day is going well.

I need your help.

I cannot get a forms based login page to use SSL when I think I've setup
the web.xml correctly. 


Why doesn't my login.jsp use HTTPS when tomcat is invoking it for
authorization? (more details at the bottom)

Here are the relevant sections of my web.xml:

-


   

  Login page
  /login.jsp
  GET
  POST





  CONFIDENTIAL
  

  

  

  

  
  
   
   FORM
   Application
   
   /login.jsp
   /error_401.html
   
   



  

  VoIP Monitor Applications
  /CallQDiagnostics.jsp
  /report_index.jsp
  /CallQAnalysis.jsp
  /index.jsp
  GET
  POST



  monitor_tier1
  monitor_guest
  monitor_admin
  monitor_tier3





  NONE
  


  

--

So here is what happens. I type the full URL to the CallQAnalsysis.jsp
(for example) and the login.jsp is invoked BUT it has NOT been
redirected to the HTTPS connector (which is enabled and working).

Now if I type the address of the login.jsp directly, then the connection
is redirected over HTTPS. 


Why doesn't the login.jsp use HTTPS when tomcat is invoking it for
authorization?

Any help figuring out what I am doing wrong is greatly appreciated.




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Sharing session across http and https connections

[Tim Funk]

While in https - you'd need to reset the cookie (JSESSIONID) and not have the 
secure flag set.


-Tim

Chris Birch wrote:


Hi,

I'm sure this has been solved and documented already but I can't find 
any information, if anyone can help me or point me in the right 
direction, I'd be very grateful.


I have an Apache->mod_jk->Tomcat installation.  I'm running two sites on 
Apache for the same domain but one is HTTP and the other is HTTPS.  I'd 
like to be able to share a java user session across both the HTTP and 
HTTPS requests from a single user but a separate session is created for 
the secure and unsecure connection.


Does anyone know how to have a single session for a user regardless of 
whether they are connecting to the application via the secure or 
unsecure route?
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: web.xml question

[Tim Funk]

I would bet they are not using security constraints as defined in web.xml. I 
would bet they are using a 3rd party solution implemented as a Servlet Filter 
or something application server specific to handle this login issue. Notice 
they do not use JSESSIONID but something called BV_SessionID as parameter in 
the query string. A quick google search seems to show they use BroadVision.


-Tim

Dean Searle wrote:


Tim,

I'm not an expert with tomcat but how does a site like samsclub.com do
it then? I use their site a lot and it runs jsp's and most of the stuff
is unsecure (http) but when I get ready to do the actual purchase and
log in it is a secure site (https). Is there something that they are
doing, possibly masquerading the url or something?

Again not an expert, but something I have been interested in for some
time myself.

Dean 8-)

-Original Message-----
From: Tim Funk [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 29, 2005 10:34 AM

To: Tomcat Users List
Subject: Re: web.xml question

Security constraints are only imposed on the incoming URL.

Long story short - you'll need to place the entire webapp in SSL. There
is no clean way to use declarative statements to force the login to be
SSL and the rest of the webapp be nonssl.

-Tim 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Java client does not re-use TCP/IP connections.

[Tim Funk]

This has nothing to do with tomcat. Please use the appropriate list.

-Tim

Magyar, Bence wrote:

Sorry,
  I'm quite new with all of this.  I've created a java client to my tomcat web service 
using the Java2WSDL2 utility and WSDL2Java utility.  Correct me if I'm wrong, I believe 
this is called the "stub" client model.  At any rate, my main() function in my 
client looks like:
   
  // get the web service...

   service = new WSDefinitionServiceLocator();
   
   // Now use the service to get a stub to the service

   ws = service.getMyWebService();
  
   Stub s = (Stub) ws;

   s.setMaintainSession(true);
   
  After this is set up, I can correctly call methods on my service such as 
   
  ws.Method1();

  ws.Method2();
   
  For each one of these invocations, my client creates a new TCP/IP connection to the service instead of reusing the existing one.  Am I missing some critical parameter 
  in my Stub class?  I'm not sure how else to configure the client.  If anyone could 
  point me in the right direction, it would be much appreciated. Thanks!


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: web.xml question

[Tim Funk]

I think that can work (if you can ensure the URL flow will adhere to your specs)

-Tim

Robert Palmer wrote:

I was planning on doing this by having Apache handle the SSL and using 
its configuration file to differentiate between SSL'd areas of the site 
and non-SSL'd areas. Is this an option or should i rethink this?


Tim Funk wrote:

I would bet they are not using security constraints as defined in 
web.xml. I would bet they are using a 3rd party solution implemented 
as a Servlet Filter or something application server specific to handle 
this login issue. Notice they do not use JSESSIONID but something 
called BV_SessionID as parameter in the query string. A quick google 
search seems to show they use BroadVision.


-Tim

Dean Searle wrote:


Tim,

I'm not an expert with tomcat but how does a site like samsclub.com do
it then? I use their site a lot and it runs jsp's and most of the stuff
is unsecure (http) but when I get ready to do the actual purchase and
log in it is a secure site (https). Is there something that they are
doing, possibly masquerading the url or something?

Again not an expert, but something I have been interested in for some
time myself.

Dean 8-)

-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 
29, 2005 10:34 AM

To: Tomcat Users List
Subject: Re: web.xml question

Security constraints are only imposed on the incoming URL.

Long story short - you'll need to place the entire webapp in SSL. There
is no clean way to use declarative statements to force the login to be
SSL and the rest of the webapp be nonssl.

-Tim 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: web app to show session state for all server sessions

[Tim Funk]

If I had to do it - I would use MBeans. See the manager application and 
JMXProxy servlet in the manager application for details on querying jmx.


There might be a gotcha. You might run into occasional ClassNotFound 
exceptions or similar when trying to display the value of the attributes in 
sessions since your classloader is a different classloader than the webapp 
where the session lives.


-Tim

John MccLain wrote:


I want to write a webapp that, when a request is made, will display session
state ( a display of attributes and values within a session) for all
sessions running in a Tomcat server. I wish the display to be similar to the
folowing:
App
session
attribute = value


My question is, can this be done - querying other context sessions, and
would it be done with MBeans, or is there a better way? Can someone point me
to documentation on how to do something like this




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: preferred tomcat version

[Tim Funk]

5.5.12
Why? It gets the most developer attention if you find a bug.

-Tim

mukesh wrote:


Hi friends,

I am using Redhat Linux 7.0 and Apache web server (not tomcat). 

 


Which is the preferred version of tomcat I should use to add the
JSP/Servlet to my apache we server (and why)? And that tomcat version must
support mod_jk in order to connect it to apache (thankfully this has been
suggested by someone on this list)



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Recursive Tagfile and JSP Precompilation

[Tim Funk]

IIRC - this is fixed in 5.5. I'm not sure if it was fixed with 5.5.12 - but 
5.5.13 was just tagged and should be available soon. BUT it hasn't been voted 
how stable it is yet. (beta, alpha, stable)


-Tim

Peter L wrote:

Hello,
I'm trying to precompile JSP's for a JBoss(4.0.1) / Tomcat(5.0) server
and everything is cool except I get a ClassNotFoundException when a
Recursive Tagfile is encountered

[jasper2] SEVERE: ERROR-the file
'\WEB-INF\pages\templates\resolveResultsDialog.jsp' generated the
following general exception:
[jasper2] java.lang.ClassNotFoundException:
org.apache.taglibs.standard.tlv.JstlCoreTLV
[jasper2] at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
[jasper2] at java.security.AccessController.doPrivileged(Native Method)
[jasper2] at java.net.URLClassLoader.findClass(URLClassLoader.java:187)
[jasper2] at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
[jasper2] at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
[jasper2] at
org.apache.jasper.compiler.TagLibraryInfoImpl.createValidator(TagLibraryInfoImpl.java:645)
[jasper2] at
org.apache.jasper.compiler.TagLibraryInfoImpl.parseTLD(TagLibraryInfoImpl.java:246)
[jasper2] at
org.apache.jasper.compiler.TagLibraryInfoImpl.(TagLibraryInfoImpl.java:162)
   

If I comment out the actual line of recursion inside the tag file I
can generate, compile, deploy and use all the servlets just fine
(except for the missing functionality).

I understand we use a jstl.jar and a standard.jar that are a little
suspect.  But given that there are no other similar jars available
during the process then it should be fine (That and I upgraded them to
1.1.2 temporarily and got the same result).

Questions:
- Why does dynamic compilation work?  What is Tomcat doing differently?
- Is there a Jasper configuration inside Tomcat I can inspect? (I
couldn't find it in server.xml)

Bonus Questions:
- Is there an easy way to precompile jsp's (for error checking and
initial speed) and retain runtime customizability?
- Will this rash ever go away? 

Thank you in advance for your consideration / help,
Pete

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: confusion of tomcat downloading

[Tim Funk]

Tomcat behind Apache. A PHP parser in java would be a non-trivial exercise.

-Tim

Seak, Teng-Fong wrote:


Caldarale, Charles R wrote:



If JSP and PHP are to be suppoerted in a server, what would
everybody suggest?  Tomcat behind Apache?  Or a PHP parser module
(probably written in Java) running inside Tomcat?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jasper encryption and patents

[Tim Funk]

Jasper does not contain any encryption code which would violate any 
commercial export laws. There are no IP patent suits against tomcat at the 
moment. If this were to happen - we would have the assistance of the 
solicitors for the ASF guide us in a best course of action for resolution.


-Tim

Joan K. Drejer (AH/LMD) wrote:


Hi
 
At Ericsson we are considering using Jasper-runtime and Jasper-compile

in a commercial product.
 
However, we would like to know if the product contains encryption, and

if you possibly know about which ECCN (Export code) to put on it?
Also, do you know if there are any patents which we should be aware of?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Recursive Tagfile and JSP Precompilation

[Tim Funk]

Please create a working (simple) war file which reproduces the error and 
submit it to Bugzilla.


-Tim

Peter L wrote:


Thanks Tim but it doesn't appear to be entirely resolved...

Long story short:
- Tried to precompile using the jbossweb-tomcat55.sar from jboss-4.0.3
- Same problem (I think its Tomcat-5.5.12)
- Upgraded jars to Tomcat-5.5.13
- Got an error during compilation of actual tag file (instead of the
client JSP):
C:\dev\J2EE\libraryserver\build.xml:819: org.apache.jasper.JasperException:
/WEB-INF/tags/jspTags/displayValue.tag(27,88)
Unable to load tag handler class
"org.apache.taglibs.standard.tag.rt.core.SetTag" for tag "c:set"

 - Discovered a workaround and have reverted back to native
jbossweb-tomcat50.sar


Here is the workaround:
 - Need to 'snip' the compile time tracing of recursion by the use of

 - Create a JSP file that simply calls the tag using parameters
supplied in request attribs
 - 'include' this JSP instead of performing a recursive call in the tag file
 - BEWARE CAVEAT: relative paths don't work inside a tagfile

Example JSP:
<[EMAIL PROTECTED] errorPage="/error.jsp"
  %><%@ taglib tagdir="/WEB-INF/tags/jspTags" prefix="slk"
  %> 
defaultValue="${requestScope.recurseParamMap.defaultValue}"/>


Example Tagfile snippet:
<%java.util.Map recurseParamMap = new java.util.HashMap();
recurseParamMap.put("value", SOME_OBJECT);
request.setAttribute("recurseParamMap", recurseParamMap);
%>

Cheers,
Pete

On 12/1/05, Tim Funk <[EMAIL PROTECTED]> wrote:


IIRC - this is fixed in 5.5. I'm not sure if it was fixed with 5.5.12 - but
5.5.13 was just tagged and should be available soon. BUT it hasn't been voted
how stable it is yet. (beta, alpha, stable)

-Tim




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: application scope beans persistence

[Tim Funk]

Application scope is not persisted across restarts.

Sessions can be persisted across restarts. But sessions which contain 
non-serializable attributes will not be persisted. (Because they can't be 
serialized)


-Tim

Khawaja Shams wrote:


Hello all,
   I am wondering when the application/session scoped beans are reset.  Very
often, when I restart tomcat, these variables remain unaffected, but at
other times, they are reset.  Can someone tell me how I ensure that these
are reset/not reset? I am using tomcat with netbeans.  Thanks in advance for
your help.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSP on apache

[Tim Funk]

Now that apache 2.2 is just released - it comes with mod_ajp out of the box 
so there is no need for mod_jk


-Tim

mukesh wrote:


Thanks for your kind response.

Well I am using tomcat 5.5 and I could not find any directory with name
"native" as its mentioned in mod_jk documentation that aforementioned
directory contains mod_jk module.

Please suggest which version of mod_jk should I use and where I can get it
from?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSP on apache

[Tim Funk]

In that case ... http://tomcat.apache.org/connectors-doc/

-Tim

mukesh wrote:


Tim,
I am working on a live server (apache 2.0) which is hosting a
website. So I can not think of downloading any other server. I have to
integrate my tomcat (version 5.5) with existing server only.

-Mukesh


-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 02, 2005 5:30 PM

To: Tomcat Users List
Subject: Re: JSP on apache

Now that apache 2.2 is just released - it comes with mod_ajp out of the box 
so there is no need for mod_jk


-Tim

mukesh wrote:



Thanks for your kind response.

Well I am using tomcat 5.5 and I could not find any directory with name
"native" as its mentioned in mod_jk documentation that aforementioned
directory contains mod_jk module.

Please suggest which version of mod_jk should I use and where I can get it
from?




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache 2.2 and mod_proxy_ajp

[Tim Funk]

Performance (IIRC while reading on the mailing lists) is about the same. 
mod_proxy_ajp should be easier to configure and install since it comes 
bundled with apache and it should be much easier to install than jk.


e wrote:


Hi,

I'm happy to see Apache 2.2 has been released.  I'm curious if anyone has
any insights into the performance of mod_proxy_ajp vs mod_jk?  Is it more
efficient, or just easier to configure?   Are there any sample
configurations available to look at?

Thanks,
E



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSP on apache

[Tim Funk]

Both of those binaries look to be for apache2. My guess is to rename the 
version you are using (apache worker vs prefork) to mod_jk.so.


Place the mod_jk.so libexec directory then add the appropriate so load module 
directives and othr jk config directives. The FAQ should have some links 
(some good, some possibly not so good now) to external how-tos.


-Tim

mukesh wrote:


Tim,
I have downloaded two files
1) jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-prefork.so
2) jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-worker.so

I have gone through documentation. It says that I need mod_jk.so to
complete the task which I could not find anywhere. 


And second documentation say that Tomcat has
TOMCAT_HOME/native/mod_jk  directory structure but its not true in case of
Tomcat 5.5.  Do I need to create the directories manually ?

Third, which file I should use and where ?

I have downloaded above file from
http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk
-1.2.14/ .
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: memory limit for tomcat?

[Tim Funk]

The JVM heap can be as large as you want it. But its up to existing 
implementations on how well the gc implementation is and do you need that 
much heap.


That being said - if your tomcat application runs fine under the current 
memory limits  - you are not adding more webapps (or or memory hogging items) 
to it - there is no need to increase the heap. Let the OS use that memory for 
other resources. Once the JVM grabs the memory - its taken an isn't given 
back. (Unless newer jvms have become smarter to shrink the heap on demand)



-Tim


joon yoo wrote:


Hi,

Currently on our tomcat 5 server (1GB RAM, Win 2000 server SP4), we
have the "initial memory pool" and "max memory pool" values set to
768MB in the apache tomcat properties app.

The server is going to be upgraded to 2GB's of RAM, exactly what is
the limit of the amount of memory that can be allocated to tomcat and
still run stably?
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: HP -UNIX JDK1.2 /TOMCAT 41

[Tim Funk]

This was few years ago - but I suffered using jdk1.2.X jvms on HPUX. They are 
crap. A giant load of crap. A stinky pile of crap. (YMMV). Switch to the 
1.3.x JVM. Hopefully this will solve the issue.


-Tim

Karthik wrote:


Hi Form

 Our development Env is as below

O/s=  Win2000
JDK  = 1.4.1
 TOMCAT =1 4.1.27
 RAM=  1 GB
 ORACLE = 9i
 LOAD on the DB is 150 tx /sec


   Our Production Env is as below

O/s=  HP-UNIX
JRE  = 1.2.2..10
TOMCAT =1 4.1.27
RAM=  1.5 GB
ORACLE = 9i
LOAD on the DB is 700 tx /sec

   In both cases the DB is installed on same server.


  Problems

 1) The Tomcat Hangs for some times in production Server but not for the
same in  Develoment Servrer

 2) Are there any  imcompatabilities  for between the  S/w 's  Installed
between the 2 servers


===
java.lang.IllegalStateException: Cannot create a session after the response
has been committed
at
org.apache.coyote.tomcat4.CoyoteRequest.doGetSession(CoyoteRequest.java:1884
)
at
org.apache.coyote.tomcat4.CoyoteRequest.getSession(CoyoteRequest.java:1731)
at
org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRequestFacade
.java:365)
at
org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRequestFacade
.java:370)
at
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWr
apper.java:268)
at
org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:1
38)
at
org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:11



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: memory limit for tomcat?

[Tim Funk]

Not really. A JVM implementation could queue the extra heap memory to a swap 
disk just like an OS can. But the performance tradeoffs are so bad - that 
writing such a  jvm would be a bad idea. ;)


-Tim


Bruno Georges wrote:


Hi Tim
Correct me if I am wrong, but there is a limit of 2GB in a 32bits 
architecture .

With Best Regards
Bruno Georges

Glencore International AG
Tel. +41 41 709 3204
Fax +41 41 709 3000


- Original Message -
From: Tim Funk [EMAIL PROTECTED]
Sent: 05.12.2005 12:48
To: Tomcat Users List 
Subject: Re: memory limit for tomcat?

The JVM heap can be as large as you want it. But its up to existing 
implementations on how well the gc implementation is and do you need 
that much heap.


That being said - if your tomcat application runs fine under the current 
memory limits  - you are not adding more webapps (or or memory hogging 
items) to it - there is no need to increase the heap. Let the OS use 
that memory for other resources. Once the JVM grabs the memory - its 
taken an isn't given back. (Unless newer jvms have become smarter to 
shrink the heap on demand)
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Question concerning java.lang.NoClassDefFoundError: javax/servlet/ServletContext

[Tim Funk]

See - http://tomcat.apache.org/faq/classnotfound.html

Odds are you have your own servlet-api.jar somewhere in the webapp or system 
classpath and that is conflicting with the one in common/lib (installed by 
tomcat)


-Tim

John Poley wrote:

Please forgive my intrusion if this is not the proper place to post a questoon 
of this sort.  I am new to servlets, and am working on my first deployment- but 
I am running in to a problem that I can't find a solution to.  I have installed 
Tomcat 5.5 and am using Eclipse (as well as a tomcat plugin) to manage my 
project.   A colleague of mine sent me a war file of out working projected, 
which I imported to my IDE.  I start tomcat, which seems to load properly, and 
attempt to run the project on the server- where I am faced with the following:


javax.servlet.ServletException: Servlet.init() for servlet RequestTranslator 
threw exception

root cause 


java.lang.NoClassDefFoundError: javax/servlet/ServletContext
java.lang.Class.getDeclaredConstructors0(Native Method)
java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
java.lang.Class.getConstructor0(Unknown Source)
java.lang.Class.getConstructor(Unknown Source)

freemarker.template.Configuration.setServletContextForTemplateLoading(Configuration.java:331)

verkoopen.boundary.UserInterfaceOutput.(UserInterfaceOutput.java:31)
verkoopen.boundary.RequestTranslator.init(RequestTranslator.java:25)

org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)

org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)

org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)

org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)

org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)

org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)

org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
java.lang.Thread.run(Unknown Source)
I am using the most recent J2RE 5 and I am certain that Tomcat's 
servlet-api.jar is within my application's class path.  I am not sure why the 
source cannot be found.  Any helpin locating my problem would be greatly 
appreciated, and I would be happy to prove more information if needed (I'm not 
entirely sure what would be helpful).  And again, I am sorry if this is not the 
place for this kind of question!Happy coding!John



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSP on apache

[Tim Funk]

If you are using tomcat 5.5 - do not refer to the tomcat 3 docs ;)

http://tomcat.apache.org/connectors-doc/
http://tomcat.apache.org/faq/

-Tim

mukesh wrote:


Hi,
I have tried all the option given in
http://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html#s2. FAQ But I
could not build the 
	 jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-prefork.so

(renamed as mod_jk.so).


if I run "make" command then following message appears
make: Nothing to be done for `mod_jk.so'.


My installation paths are

Tomcat: /usr/local/apache-tomcat-5.5.12
Apache: /usr/local/apache(version is 2.0)
JDK: /usr/local/jdk1.5.0_02

Everything is working fine but no success with mod_jk. I must tell that this
is my first experience with apache and tomcat ( mod_jk too).

Please guide me if someone has already done mod_jk installation on Linux. I
am running Redhat 7.0

Please advice.

Regards,
Mukesh Kumar



-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 02, 2005 7:43 PM

To: Tomcat Users List
Subject: Re: JSP on apache

Both of those binaries look to be for apache2. My guess is to rename the 
version you are using (apache worker vs prefork) to mod_jk.so.


Place the mod_jk.so libexec directory then add the appropriate so load
module 
directives and othr jk config directives. The FAQ should have some links 
(some good, some possibly not so good now) to external how-tos.


-Tim

mukesh wrote:



Tim,
I have downloaded two files
1) jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-prefork.so
2) jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-worker.so

I have gone through documentation. It says that I need mod_jk.so to
complete the task which I could not find anywhere. 


And second documentation say that Tomcat has
TOMCAT_HOME/native/mod_jk  directory structure but its not true in case of
Tomcat 5.5.  Do I need to create the directories manually ?

Third, which file I should use and where ?

I have downloaded above file from



http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Compiling JSPs - how to ignore files with certain extensions.

[Tim Funk]

What tomcat version and commands are you using? IIRC - jspf files by default 
are not precompiled.


-Tim

Chris Wareham wrote:


I have a web app structured as follows:

 myapp/footer.jspf
 myapp/header.jspf
 myapp/index.jsp
 myapp/taglibs.jspf
 myapp/WEB-INF/...

I would like to add a target to my Ant build.xml to precompile the JSPs,
so that I can check they do not reference any unknown custom tags.
However, JspC appears to be trying to compile the files ending in
".jspf" as well as ".jsp". This is causing the compile to fail, as the
jspf files are fragments that are included into index.jsp:

 <%@ include file="taglibs.jspf" %>

 do some stuff that might result in redirects ...

 <%@ include file="header.jspf" %>

 body of the page ...

 <%@ include file="footer.jspf" %>

The taglibs fragment contains the taglib definitions common to all my
pages, while the header and footer contain "boilerplate" HTML common to
all my pages.

Is there anyway to prevent JspC from attempting to compile the fragment
files? I can see in the JspC JavaDocs that you can list and add
extensions that will get compiled, but not remove them.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Compiling JSPs - how to ignore files with certain extensions.

[Tim Funk]

I suspect that you have a file which includes header.jspf - and that parent 
file is not including the fn tag lib. (The (potentially) bad error message is 
another issue)


-Tim

Chris Wareham wrote:


Tim Funk wrote:

What tomcat version and commands are you using? IIRC - jspf files by 
default are not precompiled.




I started with Tomcat 5.0.30, but have switched to 5.5.12. The ant
targets that I am using is similar to the ones in the Tomcat docs:

  


  

  

  

  


  


  





  
  

  


  


  

  

  


  

The "build" target that "init-jsp" depends on builds my Java code and
places it into myapp/WEB-INF/classes.

When I run "ant build-jsp" it fails on the  line with the
following:

BUILD FAILED
/home/chris/myapp/WEB-INF/build.xml:470: 
org.apache.jasper.JasperException: 
file:/home/chris/myapp/header.jspf(49,74) The attribute prefix fn does 
not correspond to any imported tag library


However, in taglibs.jspf, the functions JSTL is included and the jar
file is in myapp/WEB-INF/lib. This is why I suspect that JspC is
trying to compile header.jspf.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Compiling JSPs - how to ignore files with certain extensions.

[Tim Funk]

For the OOM error - you might want to add
compile="false" to your jsp2 task so compilation is not done. (.tag files 
still end up being compiled but thats a different issue) Then for your javac 
task add (increase as appropriate)

  fork='true'
  memoryInitialSize='192m'
  memoryMaximumSize='356m'


-Tim

Chris Wareham wrote:


Tim Funk wrote:

I suspect that you have a file which includes header.jspf - and that 
parent file is not including the fn tag lib. (The (potentially) bad 
error message is another issue)


-Tim



Yes, there was one file with a .jsp extension that didn't include
taglibs.jspf before header.jspf. Now the JspC task causes the JVM to run
out of memory (java.lang.OutOfMemoryError), but it's not complaining
about header.jspf anymore!
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Question concerning java.lang.NoClassDefFoundError: javax/servlet/ServletContext

[Tim Funk]

BINGO!

freemarker.jar does not belong in the system classloader. It belongs in 
WEB-INF/lib.


[ Quick rule of thumb - putting a lib in java/lib/ext will cause problems 99% 
of the time.  ]


-Tim

John Poley wrote:

And as for me, since we seem to be having similar issues, I cut out eclipse
all together, worried that somehow it was cause some kind of issue.   I have
a .war file that was was exported by a colleague who is running the same
.war within tomcat and having no trouble at all with it.  I copy that .war
file into the webapps directory of a freshly installed tomcat where I have
changed no settings.  I start tomcat, and then open a browser to either the
simple HelloServlet file he included in the .war as a test or the actual
servlet we are preparing-  in both cases I get this same
NoClassDefFoundError.   I do not have j2ee on this system, and I have run a
complete search for servlet.jar and j2ee.jar files in the hard drive and
found none other than servlet-api.jar that lies within tomcat/common/lib.
I am using a newly installed J2SE, JDK 5.0 Update 6, with no other java
libraries installed.  The only files I have added to java/lib/ext are
freemarker.jar and and a mysql-connector jar.
Am I missing something somewhere?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Servlet with URL pattern "*." is not working.

[Tim Funk]

You have the invoker enabled. It is evil. Get rid of it.
http://tomcat.apache.org/faq/misc.html#evil

> java.lang.ClassNotFoundException: sa.ca

-Tim

Akhthar Parvez K wrote:

Hello,

I have a tomcat server (ver:- 5.5.9) installed on my server and all jsps and
servlets are working fine except the servlet with URL pattern
"*.". eg:- I have the following entry in my web.xml

=
   
test
  ServletsTestPage



test
  *.ca



test2
HelloWorldServlet



test2
  /test2


==

I am able to access the servlet with the URL pattern /test by the link
http://mydomain.com/servlet/test2. But I am getting the error message "The
requested resource (/servlet/sa.ca) is not available." when I access the
servlet with the URL pattern "*.ca" by the link
http://mydomain.com/servlet/as.ca

I got the following message in catalina.out



Dec 12, 2005 10:17:53 AM org.apache.catalina.core.ApplicationContext log
INFO: Marking servlet org.apache.catalina.INVOKER.sa.ca as unavailable
Dec 12, 2005 10:17:53 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Error loading WebappClassLoader
  delegate: false
  repositories:
/WEB-INF/classes/
--> Parent Classloader:
[EMAIL PROTECTED]
 sa.ca
java.lang.ClassNotFoundException: sa.ca
at org.apache.catalina.loader.WebappClassLoader.loadClass(


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: syntax for RemoteAddrValve and allowing multiple hosts

[Tim Funk]

Its comma seperated.

http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
try: allow='192\.168\.1\..+,^10\..+'

-Tim

Mark wrote:


I want to use the RemoteAddrValve and allow multiple hosts.  What is the
syntax for doing this?


Thank you.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat change in PageContextImpl.setAttribute from 4.1.30 to 4.1.31 makes 4.1.31 unusable... please confirm if it`s a bug ?????

[Tim Funk]

I am guesing it was a fix for spec compliance:

http://tomcat.apache.org/tomcat-4.1-doc/servletapi/javax/servlet/jsp/PageContext.html#setAttribute(java.lang.String,%20java.lang.Object,%20int)

-Tim

David Gagnon wrote:


Hi all,

 I just installed a fresh tomcat 4.1.31 and run into this problem.  From 
4.1.30 to 4.1.31 the PageContexImpl.setAttribute has change in a way 
that make it  unusable.  I cannot set null attribute in the pageContext 
?!?!?!


So the following call throw an exception in 4.1.31:
   pageContext.setAttribute(LOOKUP_GROUP_DATA_KEY + 
enclosingGroup.getGroup(), null, PageContext.REQUEST_SCOPE);


Is that mean I need to check if an attribute is null before putting it 
into the pageContext It desn`t make sense to me?


This change make 4.1.31 totally unusable for me... Any idea on what I 
can do? Or where I'm wrong?


Thanks for your help!

/David



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How use the archives and a TomCat config question

[Tim Funk]

I did notice that http://tomcat.apache.org/faq/tomcatuser.html could use some 
cleaning. I'll try fix that soon. (Unless someone beats me too it)


-Tim

Mark Thomas wrote:

Carl T. Dreher wrote:



I'm sure this has been answered before, but as I said, the archives
aren't much use.  (By the way, it took me TWO DAYS to successfully
subscribe to this list.  The TomCat site has links to pages that list a
variety of mailings lists.  Every one I tried before this one came back
as a mail failure, including, ironically, the "help with this mailing
list" address.  Also, there are zero, and I do mean ZERO, instructions
on just how to subscribe.




http://tomcat.apache.org/lists.html seems clear to me. With the
mailto: links as well all you have to do is click on a link. What
changes would you suggest are required to improve the clarity?

This page also lists MARC as an archive which has a pretty good search
interface (search was disabled for a short while recently after a
system crash but this was the first time I remeber it being down).



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Many questions are left unanswered.

[Tim Funk]

http://tomcat.apache.org/faq/tomcatuser.html#why

-Tim

George Sexton wrote:

That would primarily be because your questions are badly asked. You might
want to read:

http://www.catb.org/~esr/faqs/smart-questions.html

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
  




-Original Message-
From: Prathibha, Bharathi [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 16, 2005 4:48 AM

To: Tomcat Users List
Subject: Many questions are left unanswered.

Hi Mark,
  
	Many questions in this forum are left unanswered . It would be

nice if I , atleast, get a "don't know" answer to some of my mails!



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Which is better Option

[Tim Funk]

jms - JMS can live in the same JVM or be moved to a new JVM without changing 
any servlet code. (Only some config changes)



-Tim

Karthik wrote:


Hi Form

 Please somebody specify

 Which Option [ advantages /limitations ] is Better ?

   1) Using a Servlet to created a seperate Thread for processing a Bulk DB
Task [ Off the limits of session time]
   2) Using JMS to handle the Bulk DB Task.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: ServletContextListener - how to detect http path of web application?

[Tim Funk]

There is no way to detect the contextPath on servletInit. It can only be done 
after the first request. (Using HttpServletRequest.getContextPath())



-Tim

[EMAIL PROTECTED] wrote:

Hi,

Apols for a newbie question, I didn't have much luck with the archives
or in Google.

In my ServletContextListener.contextInitialized method, I need to detect
the public http path of my web app.
i.e. http://servername/approot/

How can I do this?
event.getServletContext().getResource("/") gives me "jndi:/localhost/",
not very helpful.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]