Java Mailing List Archive

http://www.junlu.com/

Home » users-digest.tomcat »

users Digest 15 Mar 2013 19:37:10 -0000 Issue 11299

users-digest-help

2013-03-15


Author LoginPost Reply

users Digest 15 Mar 2013 19:37:10 -0000 Issue 11299

Topics (messages 240439 through 240452)

Re: AJP suddenly Stopps acting: ajp on 7009 and 9009 : connections keept open
 240439 by: Rainer Jung

Re: Standard or OCSP Native Lib?
 240440 by: Mladen Turk
 240444 by: Nick Williams

mail/Session resources lookup fail
 240441 by: Lau, Alex

Re: Tomcat jdbc pool connection failover
 240442 by: amit shah

Re: Changing tomcat connection pool size through jmx
 240443 by: amit shah

Re: tomcat 6.0.35 in production maintaince
 240445 by: Mark H. Wood

Re: JNDI property roleSearchAsUser not working as expected
 240446 by: Felix Schumacher

Re: Embedded Tomcat JavaDoc Not Complete
 240447 by: Christopher Schultz

Re: Deadlock when using jetty 8 JDBCSessionManager and Tomcat 7 JDBC Connector
 240448 by: Christopher Schultz

Re: check load
 240449 by: Christopher Schultz

Re: Running a binary program from a JSP
 240450 by: Christopher Schultz

Re: NullPointerException in MapperListener; Tomcat#start() does not create a Container?
 240451 by: Christopher Schultz

Re: Procrun and Tomcat service/OS shutdown on Windows
 240452 by: Christopher Schultz

Administrivia:

---------------------------------------------------------------------
To post to the list, e-mail: users@(protected)
To unsubscribe, e-mail: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-digest-help@(protected)

----------------------------------------------------------------------


Attachment: users_240439.eml (zipped)
On 15.03.2013 15:44, David Kumar wrote:
> Hey Rainer,
>
> attached you can find a Threaddump. Just rename it to .zip.
> I'm not sure waht all the stuff at the dump means. but I'm sure you know.. :-)

It got stripped by the list. Can you post it somewhere and make the URL
available?

Regards,

Rainer



Attachment: users_240440.eml (zipped)
On 03/15/2013 02:39 AM, Nick Williams wrote:
> Can anyone shed some light on when you would pick standard and when you would pick OCSP?
>

I think that's usage is self explanatory. Use OCSP if you need OCSP :)
Otherwise it'll just slow you down.

Since the current implementation does not have enable/disable configuration
the only way was to make it compile time enabled/disabled.

In future I see those two will become one version with runtime selection.


Regards
--
^TM


Attachment: users_240444.eml (zipped)

On Mar 15, 2013, at 10:21 AM, Mladen Turk wrote:

> Otherwise it'll just slow you down.

That's what I was looking for. I didn't see any indication anywhere that OCSP came with a performance hit, so my thought was, "why wouldn't you just always use the OCSP version?" Thanks for clarifying this.

> Since the current implementation does not have enable/disable configuration
> the only way was to make it compile time enabled/disabled.
>
> In future I see those two will become one version with runtime selection.

That would certainly be an improvement, in my mind. :-)

Thanks,

Nick

Attachment: users_240441.eml (zipped)
I have a typical mail resource set up but my lookup always returns localhost as the smtp host.

My webapp contect.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<context>
<Resource name="mail/Session" auth="Container" type="javax.mail.Session" mail.smtp.host="smtp.mydomain.com" mail.debug="true"></Resource>
</context>

My webapp web.xml has an entry like this:

<resource-ref>
  <description>Resource reference to a factory for javax.mail.Session instances that may be used for sending electronic mail messages, preconfigured to connect to the appropriate SMTP server.</description>
  <res-ref-name>mail/Session</res-ref-name>
  <res-type>javax.mail.Session</res-type>
  <res-auth>Container</res-auth>
</resource-ref>

My webapp code

Context initCtx = new InitialContext();
Context envCtx = (Context) initCtx.lookup("java:comp/env");
javax.mail.Session msession = (javax.mail.Session) envCtx.lookup("mail/Session");
System.out.println("msession to string is " + msession.getProperty("mail.smtp.host"));

For some reasons, this work on my Eclipse/Tomcat set up but when I deploy everything to another server, the getProperty always return localhost as the smtp host. I search for all Tomcat log files but could not find anything.

Any ideas?

Thanks in advance!


Alex


Attachment: users_240442.eml (zipped)
On Wed, Mar 13, 2013 at 12:52 PM, André Warnier <aw@(protected):

> Rainer Frey wrote:
>
>> On 12.03.2013, at 17:14, Christopher Schultz <
>> chris@(protected):
>>
>>> On 3/12/13 7:54 AM, amit shah wrote:
>>>
>>>> I am using Oracle. Oracle JDBC Driver provides the Oracle
>>>> Universal Connection Pool (UCP) which includes this feature<
>>>> http://docs.oracle.**com/cd/E11882_01/java.112/**e16548/fstconfo.htm<http://docs.oracle.com/cd/E11882_01/java.112/e16548/fstconfo.htm>
>>>> >of
>>>>
>>>>
>>>> connection failover but since we use tomcat jdbc connection pool we
>>>
>>>> cannot use UCP.
>>>>
>>> Why not?
>>>
>>
>> Because it would be two-level pooling?
>>
>> Also UCP has lot of synchronized code which leads to blocking
>>>> threads and less concurrency support.
>>>>
>>>> Let me know your suggestions/thoughts.
>>>>
>>> I'm thinking that a low-performance fail-over is preferable to a
>>> zero-performance non-fail-over.
>>>
>>
>> Well, low overall performance, but possibility of failover in the
>> hopefully rare case,
>> may not be acceptable compared to high(er) overall performance and a
>> search for other ways
>> to perform failover.
>>
>>
> I am not sure that I totally follow the arguments here, but it seems that
> there exist
> - a JDBC pool with good performance, but no fail-over
> - a JDBC pool with failover, but bad performance
> Why not move the problem one level higher, and instead of using one tomcat
> with several pools, use several tomcats each with their own pool ?
> Several tomcats can be configured as a "failover pool" of tomcats, no ?
>
>
I am using the tomcat jdbc pool independently by placing the jars in my
web-application. We use glassfish as our application server. So what you
suggest is not an option.


>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@(protected)>
> For additional commands, e-mail: users-help@(protected)
>
>

Attachment: users_240443.eml (zipped)
It indeed works. Thanks !


On Fri, Mar 8, 2013 at 6:40 PM, Daniel Mikusa <dmikusa@(protected):

> On Mar 7, 2013, at 10:11 PM, Amit wrote:
>
> > I tried setting the 'maxActive' attribute by double clicking it and
> modifying the value but the new value does not get set.
>
> What happens? Do you get an error? If so, what does it say?
>
> >
> > The bug 50864 was suppose to provide the flexibility to update the
> connection pool properties through JMX and this is what I was looking for.
> Shouldn't that be the case?
>
> Tested with Tomcat 7.0.37 and it works fine for me.
>
> Steps used to test:
>
> 1.) Configure Global Resource tag using H2 database
> 2.) Start Tomcat 7.0.37
> 3.) Connect using jvisualvm
> 4.) Go to MBeans tab
> 5.) Browse to tomcat.jdbc -> ConnectionPool -> "<pool-name>" ->
> org.apache.tomcat.jdbc.pool.DataSource.
> 6.) Double click "maxActive", change value, press enter.
> 7.) Value is saved. Refreshing shows the new value.
>
> Dan
>
>
> >
> > thanks.
> >
> > On 08-Mar-2013, at 1:40 AM, Daniel Mikusa <dmikusa@(protected):
> >
> >> On Mar 7, 2013, at 12:32 PM, amit shah wrote:
> >>
> >>> I was looking at jmx since that would not need application server
> restart.
> >>>
> >>> I didn't understand what you meant by "Have you tried looking at /
> >>> modifying the attributes" ?
> >>
> >> When you look at an Mbean in jconsole or jvisualvm, you'll see a few
> different tabs but there should be one which lists Attributes (i.e. the
> values exposed through JMX) and one that lists Operations (i.e. functions
> exposed through JMX).
> >>
> >> Attributes list the properties of an mbean and some properties can be
> changed on the fly by double-clicking them and setting a new value. I
> believe that's how you would adjust the connection pool properties. Does
> that work for you?
> >>
> >> Dan
> >>
> >>
> >>>
> >>>
> >>> On Thu, Mar 7, 2013 at 9:50 PM, Daniel Mikusa <dmikusa@(protected)>
> wrote:
> >>>
> >>>> On Mar 7, 2013, at 9:59 AM, amit shah wrote:
> >>>>
> >>>>> Hello,
> >>>>>   I use tomcat connection pool in my web application by using two
> >>>>> jars - tomcat-jdbc-7.0.34.jar and tomcat-juli-7.0.34.jar. I want to
> >>>> change
> >>>>> the connection pool size through jmx but I could not find any
> defined jmx
> >>>>> operation for doing that.
> >>>>
> >>>> Are you strictly looking at JMX operations? Have you tried looking
> at /
> >>>> modifying the attributes?
> >>>>
> >>>> Dan
> >>>>
> >>>>>    I noticed that bug
> >>>>> 50864<https://issues.apache.org/bugzilla/show_bug.cgi?id=50864>
> >>>>> specifies
> >>>>> that tomcat allows updating the connection pool size through jmx from
> >>>>> tomcat 7.0.28 onwards. I use 7.0.34 version for jars. Am I missing
> >>>>> something?
> >>>>>
> >>>>> Thank you
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@(protected)
> >>>> For additional commands, e-mail: users-help@(protected)
> >>>>
> >>>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@(protected)
> >> For additional commands, e-mail: users-help@(protected)
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@(protected)
> > For additional commands, e-mail: users-help@(protected)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>

Attachment: users_240445.eml (zipped)
On Thu, Mar 14, 2013 at 07:13:20AM -0700, fachhoch wrote:
> every few seconds a new session is begin created from an ipaddress , I have
> no clue who owns that ipaddress , how can I find more about that
> ipaddress?

'whois'.

--
Mark H. Wood, Lead System Programmer  mwood@(protected)
There's an app for that: your browser

Attachment: users_240446.eml (zipped)
Am 14.03.2013 15:54, schrieb Eugène Adell:
>> I still wonder, why you are so reluctant to use a technical user. Especially since you have security concerns about the anonymous user.
> To find someone's roles, LDAP only requires a bind + a search in groups. It is a simple ldapsearch command for the ones using command lines.
But you have to know which user is doing the search, right?

Tomcat does not know which user is logging in at start, it will search
for the user with one of the methods 'userSearch' or 'userPattern'.

The first will have to do a search to find the users dn, the second one
could theoretically build the dn and do a bind. But since the
'userPattern' approach can be configured to have more than one dn to
look up, it would have to do more than one login try, which could be
harmful for the performance, if your directory server gives penalty
pauses for wrong credentials.
> But when connecting through Tomcat we also need extra either one more account or allowing anonymous bind. This is not logical to add extra work to anything which could stay simple.
see above.
>
> About security, we can ask any user to change its password on a monthly or quarterly basis. The technical account should be under the same security control with expiring passwords and it is not good practice to stop client applications especially when there are many, or in production environment. The anonymous bind is free from such problem, and it's not much worse than a password stored in a config file.
I don't think, that it is necessary to use the same security enforcement
for technical users as for real users, but every one will have a
different opinion on security policies, so yours is as valid as every
ones :)

On the other hand, given the frequent updates of tomcat itself, you will
have to restart your servers in order to stay updated quite often already...

Regards
Felix
>
> ________________________________________
> De : Felix Schumacher [felix.schumacher@(protected)]
> Envoyé : jeudi 14 mars 2013 15:28
> À : Tomcat Users List
> Objet : RE:RE:JNDI property roleSearchAsUser not working as expected
>
> "Eugène Adell" <Eugene.Adell@(protected):
>
>> Thanks Felix,
>>
>> I will choose the easy way by allowing the anonymous to bind the
>> directory, against all security logics, and strengthen the ACL to
>> forbid anonymous search.
>>
>> Anyway, the bug 19444 is closed saying the new parameter (introduced in
>> 7.0.9 and corrected in 7.0.30) allows role searching with the
>> authenticating user. That's true, but we still need either the
>> anonymous or a technical user for the startup binding. It's not really
>> compliant to real-life LDAP management.
>>
> I still wonder, why you are so reluctant to use a technical user. Especially since you have security concerns about the anonymous user.
>
> Regards
> Felix
>
>> best regards
>>
>>
>>
>> ________________________________________
>> De : Felix Schumacher [felix.schumacher@(protected)]
>> Envoyé : jeudi 14 mars 2013 14:22
>> À : Tomcat Users List
>> Objet : RE:JNDI property roleSearchAsUser not working as expected
>>
>> Am 14.03.2013 13:40, schrieb Eugène Adell:
>>> This doc is self-contradictory because it suggests "to setup a
>>> technical user" when we "don't want to configure a technical user",
>>> and it doesn't give any solution when we are not the admin of the
>>> directory.
>> I can't read that out of the docs for roleSearchAsUser as stated on
>> http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html#JNDI_Directory_Realm_-_org.apache.catalina.realm.JNDIRealm
>>
>> It is just a mechanism to switch from the credentials when searching
>> for roles.
>>
>> That way you can restrict the rights to the anonymous/admin user, so
>> that it doesn't need to be able to lookup groups/roles for a user.
>>
>>> Here we learn that Tomcat JNDI Realm only works in "Administrator
>>> Login Mode" with an administrator login/password (in fact the
>>> "technical user" discussed above) :
>>>
>>> http://tomcat.apache.org/tomcat-7.0-doc/funcspecs/fs-jndi-realm.html
>> I believe the "Administrator Login Mode" is used for retrieving
>> attributes out of an users object and comparing the values to some
>> given
>> credentials. The "User Login Mode" is used when a bind is performed to
>> check the credentials. But either way, you will have to setup a
>> technical user, or open the directory server to allow anonymous binds
>> and searches for the user dn's.
>>
>>> From this, it seems that roleSearchAsUser is only usefull when the
>>> anonymous bind is allowed. It's another contradiction here, because
>> it
>>> seems logical to use this parameter especially when anonymous is not
>>> allowed.
>> You will not get to the point where the role is being searched, since
>> before that there are two points, where your directory is being
>> accessed.
>>  1. initial test of connection (which you reported in your first mail)
>>  2. look up of the user, which wants to login (and since the username
>> to bind with is not known, it will be hard to guess)
>>
>> So as stated before the easiest thing is to just use a technical user
>> to connect to the directory.
>>
>> Regards
>>  Felix
>>>
>>>
>>> ________________________________________
>>> De : Felix Schumacher [felix.schumacher@(protected)]
>>> Envoyé : jeudi 14 mars 2013 12:03
>>> À : Tomcat Users List
>>> Objet : Re: JNDI property roleSearchAsUser not working as expected
>>>
>>> Am 13.03.2013 21:46, schrieb Eugène Adell:
>>>> Hello
>>>>
>>>> I am running the following :
>>>>   java version "1.6.0_25"
>>>>   Java(TM) SE Runtime Environment (build 1.6.0_25-b06)
>>>>   Java HotSpot(TM) Client VM (build 20.0-b11, mixed mode, sharing)
>>>>   Tomcat 7.0.37
>>>>   CentOS release 6.3
>>>>
>>>> with this REALM configuration in server.xml :
>>>>                 <Realm
>>>> className="org.apache.catalina.realm.JNDIRealm"
>>>>                   connectionURL="ldap://***.***.***.***:389"
>>>>
>>>> userPattern="cn={0},ou=users,dc=example,dc=com"
>>>>                   roleBase="ou=groups,dc=example,dc=com"
>>>>                   roleSubtree="true"
>>>>                   roleNested="true"
>>>>                   roleName="cn"
>>>>                   roleSearchAsUser="true"
>>>>                   roleSearch="(uniqueMember={0})" />
>>>>
>>>> and this triggers this error during the startup :
>>>> Mar 13, 2013 8:14:49 PM org.apache.catalina.realm.JNDIRealm open
>>>> WARNING: Exception performing authentication
>>>> javax.naming.AuthenticationNotSupportedException: [LDAP: error code
>>>> 48 - anonymous bind disallowed]
>>>>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode (LdapCtx.java:3032)
>>>>       at
>>>> com.sun.jndi.ldap.LdapCtx.processReturnCode (LdapCtx.java:2987)
>>>>       at
>>>> com.sun.jndi.ldap.LdapCtx.processReturnCode (LdapCtx.java:2789)
>>>>       at com.sun.jndi.ldap.LdapCtx.connect (LdapCtx.java:2703)
>>>>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
>>>>       at
>>>>
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL (LdapCtxFactory.java:175)
>>>>       at
>>>>
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs (LdapCtxFactory.java:193)
>>>>       at
>>>>
>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance (LdapCtxFactory.java:136)
>>>>       at
>>>>
>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
>>>>       at
>>>>
>> javax.naming.spi.NamingManager.getInitialContext (NamingManager.java:667)
>>>>       at
>>>>
>> javax.naming.InitialContext.getDefaultInitCtx (InitialContext.java:288)
>>>>       at javax.naming.InitialContext.init (InitialContext.java:223)
>>>>       at
>>>> javax.naming.InitialContext.<init>(InitialContext.java:197)
>>>>       at
>>>>
>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>>>>       at
>>>> org.apache.catalina.realm.JNDIRealm.open (JNDIRealm.java:2150)
>>>>       at
>>>>
>> org.apache.catalina.realm.JNDIRealm.startInternal (JNDIRealm.java:2241)
>>> ...
>>>>       ... 27 more
>>>> Mar 13, 2013 8:14:49 PM org.apache.catalina.startup.Catalina start
>>>> INFO: Server startup in 34 ms
>>>>
>>>>
>>>> From what I understand, roleSearchAsUser property was designed for
>>>> people who need to bind on any LDAP where anonymous bind is not
>>>> authorized. But it's just impossible to do this if the JNDI Realm
>>>> tries to authenticate anonymously by itself during the startup.
>>> I read the docs as follows:
>>>
>>> If your directory server does not allow to scan for roles as
>> anonymous
>>> user and you don't want to configure a technical user (by specifying
>>> connectionName and connectionPassword) you can delegate the
>>> credentials
>>> of the user that is currently logging in.
>>>
>>> It is not intended to set the user credentials for all ldap
>>> operations.
>>>
>>> The easiest way to fix it, is to setup an technical user inside your
>>> directory, which has no right other than to login and lookup your
>>> users,
>>> which would be the next operation.
>>>
>>> Regards
>>>   Felix
>>>> I suppose it's necessary to investigate further this bug :
>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=19444
>>>>
>>>>
>>>> Thanks
>>>>
>>>>
>> ---------------------------------------------------------------------
>>



Attachment: users_240447.eml (zipped)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Nick,

On 3/13/13 2:19 PM, Nicholas Williams wrote:
> On Wed, Mar 13, 2013 at 12:10 PM, Christopher Schultz
> <chris@(protected):
>> You mean addWebapp methods? They seem fairly self-explanatory.
>
> Yes. I meant addWebapp methods. That was a typo.
>
> There are three of them. Only one is documented. Unfortunately,
> the other two are not "self explanatory." I have no idea what the
> "url," "path," and "name" parameters are (although "host" makes
> sense). The documentation for the lone method that IS documented
> only has "contextPath" and "baseDir" ... that doesn't line up with
> the other two methods.

Yup, it's ugly.

>> Tomcat.addWebapp(String,String) says that the first argument is
>> the context path. The context path for the ROOT webapp is "", not
>> "/".
>
> I didn't know this. I will change it. By the way, I got this code
> from the tutorial at
> https://devcenter.heroku.com/articles/create-a-java-web-application-using-embedded-tomcat.

They
>
should probably update their HOWTO: "/" isn't a valid context
path, though it might actually work since "//" ~= "/" in the URL world.

>> The second argument is a "baseDir" which says (via
>> Context.setDocBase) it can be an absolute pathname, a relative
>> pathname (to the cwd I suppose, or maybe relative to the hosts's
>> appbase), or a URL.
>
> Well there's part of the problem with the documentation. The
> documentation for the method says "Add a webapp using normal
> WEB-INF/web.xml if found." and the documentation for the "baseDir"
> parameter says nothing. There's no information here that would
> have led me to look at the Context#setDocBase() method. Nada. I
> will try out making it a URL.

I was reading the code, not the Javadoc: it makes it a lot easier.
Since the "baseDir" gets passed into Context.setDocBase, I read the
javadoc for that method to get the real story.

>> You are passing a relative path name which probably won't
>> resolve to a resource "inside" the JAR file you are using. Try
>> fetching a resource URL for the "web/" path from the ClassLoader
>> and pass that instead of just "web/".
>
> I will give this a try.
>
>> You didn't say what actually happens: just stated your
>> requirements and showed your code. Does Tomcat fail to start?
>> Does it fail to listen on your port? Does it fail to respond to
>> requests?
>
> My bad. I'm always seeing y'all tell people to explain the
> problem, and here I go not explaining the problem just like all the
> rest of them. :-P ... When I ran the application using the batch
> file generated by the mojo plugin, almost everything was good
> (Tomcat started up, started listening on the right port, found all
> the classes it was supposed to find, etc.). However, I got a
> "severe" error that the web application directory
> (webAppDirLocation) did not exist and the application could not be
> deployed. Understandable, since I didn't know what to use for
> this.

The likely problem is that your appBase was just "web" and Tomcat was
trying to load that from the disk (directly) instead of looking inside
your JAR file. Using a JAR-URL (which the ClassLoader should give you)
should work. The URL should look something like /path/to/your.jar!/web
or something like that.

>>> tomcat.start();
>>
>> You should probably call tomcat.init() first, though some of the
>> Tomcat test cases don't do it so you're probably okay.
>
> Yea, the tutorial I was using didn't say anything about that.
> Interesting that "init" and "start" are separate. If "init" was
> required and "start" didn't call "init" I would think that "start"
> would throw an IllegalStateException. Since it doesn't, my guess
> is that calling "start" is sufficient, though I will certainly add
> "init." I would love to now the semantic difference between "init"
> and "start." The documentation just says "Initialize the server"
> and "Start the server."

Take a look at the Javadoc for LifecycleListener, one of the
interfaces that the Tomcat class implements. The Javadoc for any
implemented yet not documented method from that interface gets
inherited in the javadoc for the implementation class, but the
interface-level documentation is, of course, ignored. Go look at the
javadoc for that interface and you'll see some nice ASCII art that
describes the full lifecycle.

>>> tomcat.getServer().await(); } }
>>
>> I don't think you configured any logging. You might want to set
>> up something to at least dump to the console, and crank-up the
>> log level to DEBUG or something like that. Then you might be able
>> to see what Tomcat is actually doing.
>
> It does seem to automatically dump to the console automatically. I
> got plenty of messages, most of them good (listening on 8973,
> etc.). I will look into logging more, of course. This was just a
> first pass at proof-of-concept.

Cool. Obviously, you're going to want to log to a log file eventually.
If you configure commons-logging at the top-level (that is, your own
code), I think everything will flow through that.

> Since sending this email, I've discovered the "Executable WAR" [2]
> capability of the Tomcat Maven plugin. I'm kind of confused about
> the difference between Embedded Tomcat and Executable WAR. Which
> one do I need? Will they both do what I need, but one might be
> better than the other based on more exact requirements?

I dunno anything about the Tomcat Maven plugin, but I think that an
executable WAR file is exactly what you are trying to build.

> This may be premature (getting it working is my priority), but I
> should mention that performance is important to what I'm doing
> here. I'd like to enable the native code. Some applications and
> libraries include native DLLs/SOs/JNILIBs in their JAR files, copy
> them to a temporary directory at runtime and load them from the
> temporary location (to avoid having to actually "install" the
> native libraries in the OS or JVM directory structure). Is there a
> way to do this with an embedded/executable Tomcat application so
> that the Tomcat classes can take advantage of the native library?

I'm almost sure Java won't load a shared library out of a JAR file, so
you'll have to use this same technique: extract some shared libraries
out of your JAR file and throw them into java.io.tmpdir/pid/shared/*
or whatever and then instruct the JVM to load them from there (or
modify the java.library.path system property to point to that and let
them load naturally).

Just be aware that if you want an executable JAR/WAR that will run
anywhere, you'll have to bundle all possible combinations of
architecture, OS, etc. in order to rely on APR (and it will be a
mess). If you provide a statically-linked tcnative (includes APR and
OpenSSL), you may be able to survive this process, but if you want to
support shared libraries, you're in for a world of hurt.

Also, if APR doesn't load for some reason, you'll have to configure
your SSL Connectors completely differently (using trustStore instead
of SSLCertificateKeyFile, etc.), which could be a real pain.

As for performance itself, you may not actually need APR: if you need
SSL, then APR is probably the way to go. If you don't need SSL, stick
to the NIO connector which provides comparable performance (from the
testing I've done). I dunno if APR provides a faster PRNG than
whatever the JVM provides, but I believe the AprLifecycleListener
configures Tomcat to use the OpenSSL PRNG which may have some
advantages -- I don't actually know.

If it were me, I'd forget about tcnative entirely.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlFDczcACgkQ9CaO5/Lv0PDJjgCfY86CMJ5gQTyM11IKu68X6J9v
J0YAn1eLVP/MjEE57Z4E15XoeAlqimP9
=3Xk5
-----END PGP SIGNATURE-----


Attachment: users_240448.eml (zipped)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Colin,

On 3/14/13 3:41 PM, Colin Ingarfield wrote:
> (Sorry I cannot reply correctly b/c I was on the digest list)
>
> The deadlocked threads: Deadlock Detection:
>
> Found one Java-level deadlock: =============================
>
> "qtp1840392480-3740": waiting to lock Monitor@(protected)
> (Object@(protected)),
> which is held by "PoolCleaner[2009981184:1363034108768]"
> "PoolCleaner[2009981184:1363034108768]": waiting to lock
> Monitor@(protected)
> com/mysql/jdbc/JDBC4ResultSet), which is held by
> "qtp1840392480-3740"
>
> Found a total of 1 deadlock.
>
> Here are the stack traces: Thread 12820: (state = BLOCKED) -
> com.mysql.jdbc.ConnectionImpl.getCharacterSetMetadata() @bci=0,
> line=2851 (Compiled frame) -
> com.mysql.jdbc.Field.getStringFromBytes(int, int) @bci=37,
> line=717 (Compiled frame) - com.mysql.jdbc.Field.getName() @bci=17,
> line=631 (Interpreted frame) -
> com.mysql.jdbc.ResultSetImpl.buildIndexMapping() @bci=78, line=752
> (Compiled frame) -
> com.mysql.jdbc.ResultSetImpl.findColumn(java.lang.String) @bci=12,
> line=1110 (Interpreted frame) -
> com.mysql.jdbc.ResultSetImpl.getString(java.lang.String) @bci=3,
> line=5609 (Interpreted frame) -
> org.eclipse.jetty.server.session.JDBCSessionManager$1.run()
> @bci=111, line=844 (Interpreted frame) -
> org.eclipse.jetty.server.handler.ContextHandler.handle(java.lang.Runnable)
>
>
@bci=53, line=1119 (Interpreted frame)
> -
> org.eclipse.jetty.server.session.JDBCSessionManager.loadSession(java.lang.String,
>
>
java.lang.String, java.lang.String) @bci=61, line=884 (Interpreted
> frame) -
> org.eclipse.jetty.server.session.JDBCSessionManager.getSession(java.lang.String)
>
>
@bci=345, line=518 (Interpreted frame)
> -
> org.eclipse.jetty.server.session.JDBCSessionManager.getSession(java.lang.String)
>
>
@bci=2, line=69 (Interpreted frame)
> -
> org.eclipse.jetty.server.session.AbstractSessionManager.getHttpSession(java.lang.String)
>
>
@bci=13, line=272 (Interpreted frame)
> -
> org.eclipse.jetty.server.session.SessionHandler.checkRequestedSessionId(org.eclipse.jetty.server.Request,
>
>
javax.servlet.http.HttpServletRequest) @bci=192, line=277 (Interpreted
> frame) -
> org.eclipse.jetty.server.session.SessionHandler.doScope(java.lang.String,
>
>
org.eclipse.jetty.server.Request,
> javax.servlet.http.HttpServletRequest,
> javax.servlet.http.HttpServletResponse) @bci=47, line=158
> (Interpreted frame) -
> org.eclipse.jetty.server.handler.ContextHandler.doScope(java.lang.String,
>
>
org.eclipse.jetty.server.Request,
> javax.servlet.http.HttpServletRequest,
> javax.servlet.http.HttpServletResponse) @bci=416, line=999
> (Interpreted frame) -
> org.eclipse.jetty.server.handler.ScopedHandler.handle(java.lang.String,
>
>
org.eclipse.jetty.server.Request,
> javax.servlet.http.HttpServletRequest,
> javax.servlet.http.HttpServletResponse) @bci=13, line=117
> (Interpreted frame) -
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(java.lang.String,
>
>
org.eclipse.jetty.server.Request,
> javax.servlet.http.HttpServletRequest,
> javax.servlet.http.HttpServletResponse) @bci=399, line=250
> (Interpreted frame) -
> org.eclipse.jetty.server.handler.HandlerCollection.handle(java.lang.String,
>
>
org.eclipse.jetty.server.Request,
> javax.servlet.http.HttpServletRequest,
> javax.servlet.http.HttpServletResponse) @bci=42, line=149
> (Compiled frame) -
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(java.lang.String,
>
>
org.eclipse.jetty.server.Request,
> javax.servlet.http.HttpServletRequest,
> javax.servlet.http.HttpServletResponse) @bci=23, line=111
> (Compiled frame) -
> org.eclipse.jetty.server.Server.handle(org.eclipse.jetty.server.AbstractHttpConnection)
>
>
@bci=134, line=350 (Compiled frame)
> - org.eclipse.jetty.server.AbstractHttpConnection.handleRequest()
> @bci=228, line=454 (Compiled frame) -
> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete()
> @bci=448, line=890 (Interpreted frame) -
> java.util.HashMap.get(java.lang.Object) @bci=74, line=320 (Compiled
> frame) -
> org.eclipse.jetty.io.BufferCache.get(org.eclipse.jetty.io.Buffer)
> @bci=5, line=59 (Compiled frame) -
> org.eclipse.jetty.http.HttpParser.parseNext() @bci=625, line=371
> (Compiled frame) -
> org.eclipse.jetty.http.HttpParser.parseAvailable() @bci=1,
> line=230 (Compiled frame) -
> org.eclipse.jetty.server.AsyncHttpConnection.handle() @bci=80,
> line=77 (Compiled frame) -
> org.eclipse.jetty.io.nio.SslConnection.handle() @bci=36, line=191
> (Compiled frame) -
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle() @bci=10,
> line=606 (Compiled frame) -
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run() @bci=4,
> line=46 (Interpreted frame) -
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(java.lang.Runnable)
>
>
@bci=1, line=603 (Compiled frame)
> - org.eclipse.jetty.util.thread.QueuedThreadPool$3.run() @bci=47,
> line=538 (Compiled frame) - java.lang.Thread.run() @bci=11,
> line=679 (Interpreted frame)
>
> Locked ownable synchronizers: - None
>
> Thread 890: (state = BLOCKED) -
> com.mysql.jdbc.ResultSetImpl.realClose(boolean) @bci=0, line=7195
> (Interpreted frame) - com.mysql.jdbc.ResultSetImpl.close() @bci=2,
> line=909 (Interpreted frame) -
> com.mysql.jdbc.StatementImpl.realClose(boolean, boolean) @bci=126,
> line=2478 (Interpreted frame) -
> com.mysql.jdbc.PreparedStatement.realClose(boolean, boolean)
> @bci=71, line=3098 (Interpreted frame) -
> com.mysql.jdbc.ConnectionImpl.closeAllOpenStatements() @bci=90,
> line=1628 (Interpreted frame) -
> com.mysql.jdbc.ConnectionImpl.realClose(boolean, boolean, boolean,
> java.lang.Throwable) @bci=176, line=4388 (Interpreted frame) -
> com.mysql.jdbc.ConnectionImpl.close() @bci=32, line=1601
> (Interpreted frame) -
> org.apache.tomcat.jdbc.pool.PooledConnection.disconnect(boolean)
> @bci=47, line=330 (Interpreted frame) -
> org.apache.tomcat.jdbc.pool.PooledConnection.release() @bci=2,
> line=489 (Interpreted frame) -
> org.apache.tomcat.jdbc.pool.ConnectionPool.release(org.apache.tomcat.jdbc.pool.PooledConnection)
>
>
@bci=10, line=573 (Interpreted frame)
> -
> org.apache.tomcat.jdbc.pool.ConnectionPool.abandon(org.apache.tomcat.jdbc.pool.PooledConnection)
>
>
@bci=82, line=532 (Interpreted frame)
> - org.apache.tomcat.jdbc.pool.ConnectionPool.checkAbandoned()
> @bci=130, line=950 (Interpreted frame) -
> org.apache.tomcat.jdbc.pool.ConnectionPool$PoolCleaner.run()
> @bci=70, line=1340 (Interpreted frame) -
> java.util.TimerThread.mainLoop() @bci=221, line=534 (Compiled
> frame) - java.util.TimerThread.run() @bci=1, line=484 (Interpreted
> frame)
>
> Locked ownable synchronizers: - <0x00000006c01b3860>, (a
> java/util/concurrent/locks/ReentrantReadWriteLock$NonfairSync)
>
>
> Once I dug up these stack traces I started to wonder if the mysql
> driver was the problem (or contributing to the problem.) I was
> using Connector/J version 5.1.19 when the deadlock occurred. I
> found this bug: http://bugs.mysql.com/bug.php?id=61247 which
> sounds a lot like what appears to have happened. I'm interested in
> your thoughts on this.
>
> In the meantime I have upgraded to latest Connector/J which
> includes a fix for this bug. I was running the old driver for
> months before this deadlock, though, so it will be difficult to
> know if it fixes the issue or not.

Looking at that MySQL Connector/J problem and your stack traces above,
I would think that both problems stem from multi-threaded access of
the same java.sql.Connection object... are you grabbing a single
connection from the pool and using it in multiple places? If so, you
are just asking for problems like this.

Your code should:

1. Check-out a connection from the pool
2. Use it
3. Return it to the pool

If you do the above for every request, then you should never have any
connections that suffer deadlock like this.

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlFDdKUACgkQ9CaO5/Lv0PDveACgjyOc0C4xjDMYLlNeaEAPYvZL
LQAAoLYigRP5nekQjINlCPjCSzLTS1zb
=6Eto
-----END PGP SIGNATURE-----


Attachment: users_240449.eml (zipped)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Fachhoch,

On 3/14/13 5:30 PM, fachhoch wrote:
> is there any way I can check load on the server , my loadbabalncer
> calls a web resource to check if server is able to handle request ,
> if time for repononse exceeds specified linit it  launches a new
> server instance to handle request.Please advice me what is the best
> way to detect load on a server ?

What is your definition of "load"?

Wow... you spin-up a new server instance just to handle a single
request? That's certainly going to increase the "load" somewhere
significantly.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlFDdjUACgkQ9CaO5/Lv0PD6qwCfUf3iTzJqZRTqAE0wxGotaBjL
1wUAnRM/sJEsVX5C60RyshZYxgh0wmXl
=harK
-----END PGP SIGNATURE-----


Attachment: users_240450.eml (zipped)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tim,

On 3/14/13 12:34 AM, Tim Gross wrote:
> I want to know if it is possible to execute a binary program
> (written in C) from within a JSP. I would like to do this on the
> server side, not the browser, in Tomcat6. If it is possible, can
> somebody provide an example. Sorry if I am using the wrong mailing
> list. Feel free to redirect me if that is the case.

Do yourself a favor and:

a) Don't do this
b) If you have to do it, do it in a servlet, not a JSP
c) Limit the number of concurrent requests that are allowed to execute
this child process
d) Don't forget to flush/consume all your child-process's streams

If you don't do (d), you'll probably bring your server to a halt
unless nobody ever triggers this particular feature.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlFDdr8ACgkQ9CaO5/Lv0PAADQCgmZccumNZBXYGjh9r57knUKfl
sFkAoJ1BuHia39evFI50mbP03B0T/YHZ
=4/BP
-----END PGP SIGNATURE-----


Attachment: users_240451.eml (zipped)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Konstantin,

On 3/14/13 5:25 PM, Konstantin Kolinko wrote:
> 2013/3/15 Nick Williams <nicholas@(protected)>:
>
>> I resolved the NullPointerException by calling
>> tomcat.getService().setContainer(tomcat.getEngine()) between
>> init() and start(). Everything is working fine now, and I can go
>> to http://localhost:8973/MyServlet and it's working great, but I
>> still suspect I'm doing something wrong, since no documentation
>> or tutorials anywhere mention needing to do that and it seems
>> that the container should automatically be set on the service...
>
> There are a number of working examples in the testsuite.

+1

The Tomcat class is used everywhere in the test suites. They even run
properly ;)

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlFDd0QACgkQ9CaO5/Lv0PAbkgCeMiVWMr2rHTmyKI+kfXQIoUDU
SGIAnA4sBwbGoPzdwIQ62oF4XxLSQrs8
=0saJ
-----END PGP SIGNATURE-----


Attachment: users_240452.eml (zipped)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Steve,

On 3/14/13 1:21 PM, Thomas, Steve wrote:
> Thanks, Jeffrey. That may be a possibility for the long-term.
> --Steve

Did you read Jeffrey's entire reply? He started by top-posting, but
then wrote some much more informative comments at the end of his post.

- -chris

>
> -----Original Message----- From: Harris, Jeffrey E.
> [mailto:Jeffrey.Harris@(protected)
> 12:52 PM To: Tomcat Users List Subject: RE: Procrun and Tomcat
> service/OS shutdown on Windows
>
> Edit the registry so Tomcat depends on the HSQLDB shutdown. This
> only works if HSQLDB is also started as a service.
>
> Jeffrey Harris
>
>> -----Original Message----- From: Thomas, Steve
>> [mailto:sthomas@(protected)
>> 12:00 PM To: users@(protected)
>> service/OS shutdown on Windows
>>
>> Hi -
>>
>> Running Tomcat 7.0.23 or 7.0.37 (32 or 64-bit) installed as a
>> service (either via service.bat or the exe installer) on a
>> Windows 7 64-bit OS, we are seeing an issue where the Windows
>> shutdown kills Tomcat before our webapp shutdown sequence has
>> time to execute fully. (Specifically, we just want to make sure
>> our instance of HSQLDB shuts down correctly, otherwise corruption
>> can ensue.)
>>
>> Details:
>>
>> Initially we were running with 32-bit Tomcat 7.0.23 and saw that
>> our shutdown sequence was not being logged at all when one of our
>> customers shut down his laptop. It looked like the process was
>> just being killed. I found a commons-daemon/procrun bug and
>> corresponding fix that seemed like it should address the issue,
>> namely
>>
>> http://stackoverflow.com/questions/13578196/how-to-gracefully-shutdown
>>
>>
- -
>> procrun/14150785#14150785
>>
>> https://issues.apache.org/jira/browse/DAEMON-274
>>
>> I subsequently upgraded Tomcat to 7.0.36 (32-bit, zip) to get the
>> updated commons-daemon (http://tomcat.apache.org/tomcat-7.0-
>> doc/changelog.html), but to no avail. I thought perhaps the
>> 32-bit Tomcat/64-bit OS might be a disconnect, so I installed the
>> 64-bit version, but got the same result. In short, it looks like
>> we're either doing something wrong with our code, or there's a
>> new wrinkle in the OS-service handshaking, or the bug wasn't
>> fixed correctly...maybe in that order.
>>
>> Details below on how our code manifested the problem as well as
>> other steps to reproduce.
>>
>> Our database shutdown code is located in the destroy() function
>> of a class implementing
>> org.springframework.beans.factory.DisposableBean. I added a
>> Thread.sleep(5 min) call to reproduce it on my machine. As long
>> as I shut down the service through the Services panel on Windows,
>> the shutdown sequence fully executes (and takes 5 min, as
>> expected). But if I just shut down Windows, the sequence is
>> interrupted.
>>
>> (As an aside, I don't expect the shutdown to take anywhere near
>> that long in practice, but wanted to make sure the problem
>> manifested itself so that I could address the bug. We are seeing
>> this with a decent customer test machine, but I can't reproduce
>> it on my machine w/o changes.)
>>
>> Thinking it might be Spring, I moved the shutdown delay to a
>> ServletContextListener. contextDestroyed() method. Same effect.
>>
>> I moved the delay again, and reproduced the same problem in a
>> standalone servlet that overrides HttpServlet.destroy(). I've
>> posted the code at the link below:
>>
>> http://pastebin.com/yYgrQ2sE
>>
>> This is the output recorded in the stdout log file for an OS
>> shutdown, and then a shutdown of the service by hand. We, of
>> course, favor the second. :-)
>>
>> 2013-03-14 10:05:40 Commons Daemon procrun stdout initialized
>> StatusServlet.init() Entering StatusServlet.destroy() Simulating
>> long shutdown sequence.
>>
>> 2013-03-14 10:12:29 Commons Daemon procrun stdout initialized
>> StatusServlet.init() Entering StatusServlet.destroy() Simulating
>> long shutdown sequence. Simulation complete--sequence finished.
>> Exiting StatusServlet.destroy()
>>
>> Can we guarantee that Windows won't just kill our Tomcat process
>> and potentially corrupt our database? That's the question.
>>
>> I'd be grateful for some help on this. Thanks for your time and
>> attention.
>>
>> Steve T This message is intended only for the named recipient. If
>> you are not the intended recipient, you are notified that
>> disclosing, copying, distributing or taking any action based on
>> the contents of this information is strictly prohibited.
>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@(protected)
>> For additional commands, e-mail: users-help@(protected)
>
> Edit the service entry in the registry (under
> HKEY_Local_Machine\system\currentcontrolset\services\<Tomcat
> Service Name>) so Tomcat depends on HSQLDB. This only works if
> HSQLDB is also started as a service. If HSQLDB is started some
> other way (i.e., by the Tomcat web app), you can try and install it
> as a service using the srvany utility (or possibly the sc
> utility).
>
> If you can configure Tomcat to be dependent on HSQLDB, this will
> also force HSQLDB to start before Tomcat.
>
> There is a method discussed at
> http://blogs.technet.com/b/askperf/archive/2008/02/04/ws2008-service-shutdown-and-crash-handling.aspx
> that you might try.
>
> Finally you might also want to try delaying the shutdown timer on
> the system to give Tomcat and/or HSQLDB more time to shutdown. It
> might be possible that it is taking longer than the 12 seconds
> Windows allows by default for a service to shutdown. That timer
> can be changed at
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
> (WaitToKillServiceTimeout value; the data is in milliseconds).
> However, Windows 7 and Windows Server 2008 R2 need a hotfix to
> change this setting (see http://support.microsoft.com/kb/2549760).
>
> Jeffrey Harris
>
> This e-mail and any attachments are intended only for the use of
> the addressee(s) named herein and may contain proprietary
> information. If you are not the intended recipient of this e-mail
> or believe that you received this email in error, please take
> immediate action to notify the sender of the apparent error by
> reply e-mail; permanently delete the e-mail and any attachments
> from your computer; and do not disseminate, distribute, use, or
> copy this message and any attachments.
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
> This message is intended only for the named recipient. If you are
> not the intended recipient, you are notified that disclosing,
> copying, distributing or taking any action based on the contents of
> this information is strictly prohibited.
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlFDeEUACgkQ9CaO5/Lv0PAdiQCgrHcAqArzfODuGUykJJbj3YIx
ZE4AoKg8Ooju4DkHE/Wc74c3lh1NKvci
=ArZV
-----END PGP SIGNATURE-----

©2008 junlu.com - Jax Systems, LLC, U.S.A.