Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6EFA910476 for ; Fri, 18 Oct 2013 16:56:12 +0000 (UTC) Received: (qmail 93382 invoked by uid 500); 18 Oct 2013 16:56:06 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 93277 invoked by uid 500); 18 Oct 2013 16:56:05 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 93146 invoked by uid 99); 18 Oct 2013 16:56:04 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Oct 2013 16:56:04 +0000 X-ASF-Spam-Status: No, hits=1.6 required=5.0 tests=RCVD_IN_BRBL_LASTEXT,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [79.34.33.2] (HELO elrond.aspix.it) (79.34.33.2) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Oct 2013 16:55:58 +0000 Received: from base-ithilien.local ([192.168.1.20] helo=shadowfax.local) by elrond.aspix.it with esmtp (Exim 4.69) (envelope-from ) id 1VXDDg-0000Hf-1q for users@tomcat.apache.org; Fri, 18 Oct 2013 18:48:12 +0200 Message-ID: <5261680A.6080802@aspix.it> Date: Fri, 18 Oct 2013 18:55:38 +0200 From: Edoardo Panfili User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: [OT] can't connect to manager application References: <5260142A.1030509@aspix.it> <52604BD7.5090200@gmail.com> <5260C86C.10609@aspix.it> <5260D895.3040001@gmail.com> <526132C2.9080009@aspix.it> <5261485E.8090005@ice-sa.com> <52615C03.8000100@aspix.it> <52615F30.60101@christopherschultz.net> <526161AA.10501@aspix.it> <52616422.7060301@ice-sa.com> <5261659E.5070509@aspix.it> <52616777.50902@ice-sa.com> In-Reply-To: <52616777.50902@ice-sa.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Il 18/10/13 18:53, André Warnier ha scritto: > Edoardo Panfili wrote: >> Il 18/10/13 18:38, André Warnier ha scritto: >>> Edoardo Panfili wrote: >>>> Il 18/10/13 18:17, Christopher Schultz ha scritto: >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA256 >>>>> >>>>> Edoardo, >>>>> >>>>> On 10/18/13 12:04 PM, Edoardo Panfili wrote: >>>>>> Il 18/10/13 16:40, André Warnier ha scritto: >>>>>>> Edoardo Panfili wrote: >>>>>>>> Il 18/10/13 08:43, Ognjen Blagojevic ha scritto: >>>>>>>>> On 18.10.2013 7:34, Edoardo Panfili wrote: >>>>>>>>>>> To rule out faulty upgrade, could you try to reproduce >>>>>>>>>>> the problem on clean Tomcat 7.0.42 install? >>>>>>>>>> the problem was surely present with 7.0.39, the 7.0.42 is a >>>>>>>>>> fresh installation for me. >>>>>>>>> >>>>>>>>> Could you please clarify: does the problem exists on 7.0.42, >>>>>>>>> 7.0.39 or both? >>>>>>>> both >>>>>>>> >>>>>>>>> Could you provide steps to reproduce the problem on fresh >>>>>>>>> 7.0.42 installation? >>>>>>>> - unpack tomcat - modify listen port - modify tomcat-users.xml >>>>>>>> - copy jmxremote.access and jmxremote.password (setting >>>>>>>> permissions) - build jsvc - copy configuration files for >>>>>>>> applications (in $tomcat/conf/Catalina/localhost) >>>>>>>> >>>>>>>> thank you for you question: also jmx remote access is not >>>>>>>> working (in both tomcat 7.0.39 and 7.0.42), maybe the two >>>>>>>> problems are related? >>>>>>>> >>>>>>>> >>>>>>>>> I tried to reproduce with the information you provided so >>>>>>>>> far, but I was unable. It works for me. >>>>>>>> Also on my local machine, where jmx is not configured. >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Usually, a good place to look first, are the Tomcat logfiles. >>>>>>> What do they say ? >>>>>> >>>>>> searching for "java.lang.SecurityException: Restricted >>>>>> (ContainerServlet) class >>>>>> org.apache.catalina.manager.ManagerServlet" >>>>>> >>>>>> seem that the solution is to add privileged="true" at >>>>>> $tomcat/conf/context.xml... and the "reoload" command now works. >>>>> >>>>> No no no no no no no no no do not do that: you will make every webapp >>>>> deployed on Tomcat privileged. >>>> ok, right, context.xml is back to the original. >>>> >>>> >>>>> Tomcat's manager should already be set to privileged="true". Are you >>>>> sure you didn't change anything else? >>>> setenv.sh but... removing it nothing changes from this point of view. >>>> >>> >>> Do you need to run with the Java Security Manager enabled ? >> no, there are only trusted applications. >> >> >>> As far as I know, it only really helps when you allow the installation >>> of apps of which you do not know if they are secure or not. >> but the only thing that I changed (for java security management) is >> setenv.sh and removing it nothing changes. Am I missing something? >> >> I will try a step by step install on another machine (can't do this on >> production server) >> > > By the way (and nothing to do with your current problem), I see the > arguments : > -Xmx8192m -Xms2048m > It is usually recommended to set them at the same value, for a server. > It gains some efficiency, by stopping Java from resizing the Heap > regularly. maybe OT but appreciated, thank you Edoardo --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org