Tomcat配置、管理和问题解决 | Tomcat Configuration, Manangement and Trouble Shooting - Mark Jiao

时间:2024-03-05 10:53:52

Tomcat配置、管理和问题解决 | Tomcat Configuration, Manangement and Trouble Shooting

Tomcat配置、管理和调优

Tomcat知识

关于tomcat AJP

由于tomcat的html和图片解析功能相对其他服务器如apche等较弱,所以,一般都是集成起来使用,只有jsp和servlet服务交由 tomcat处理,而tomcat和其他服务器的集成,就是通过ajp协议来完成的。AJP协议AJP13是定向包协议。因为性能原因,使用二进制格式来 传输可读性文本。

Tomcat开发模式

Web应用启动时需要加载很多东东,特别是项目使用了Hibernate,耗时比较长,在开发 环境中调 试程序,每次修改class都要重新加载Web应用,很占用时间,要是能只替换修改的类就好了。于是搜索相关资料,Tomcat文档说设置 reloadable=true可以动态加载,但是我试验几次不成功。还有高手说需要研究Tomcat的文件监听机制,重新实现webapp 类加载器,偶 水平有限,看的一头雾水。后来试出一个奇怪的办法,将reloadable设为false,可以使修改后的class生效又不用重启Web应 用。我的环 境:JDK6、Tomcat6、Eclipse3.2、MyEclipse5.1,具体设置:修改server.xml,
<Context path="/cyxt" docBase="D:\ccProject\dz0224_jn_gxx\mshs_cybs\cy_src\WebRoot"
        debug="5" privileged="true" reloadable="false" workDir="D:\tomcat\work\Catalina\localhost\hccy">
</Context>
虽然Tomcat6推荐使用TCD部署,但是server.xml还是起作用的。这样就OK了,无论修改类或jsp都不需重启,可以显著提高 工作效率。

Tomcat启动时候如何加载webapps下的xx.war和web app目录
如果部署的xx.war有同名的web app目录,就不会自动解压war了,也不会更新war到app目录,war里的内容跟app目录不通。

SSL TLS版本,TOMCAT中server.xml sslProtocol配置

SSL:(Secure Socket Layer,安全套接字层),位于可靠的面向连接的网络层协议和应用层协议之间的一种协议层。SSL通过互相认证、使用数字签名确保完整性、使用加密确保 私密性,以实现客户端和服务器之间的安全通讯。该协议由两层组成:SSL记录协议和SSL握手协议。
TLS:(Transport Layer Security,传输层安全协议),用于两个应用程序之间提供保密性和数据完整性。该协议由两层组成:TLS记录协议和TLS握手协议。
SSL是Netscape开发的专门用户保护Web通讯的,目前版本为3.0。最新版本的TLS 1.0是IETF(工程任务组)制定的一种新的协议,它建立在SSL 3.0协议规范之上,是SSL 3.0的后续版本。两者差别极小,可以理解为SSL 3.1,它是写入了RFC的。
TLS记录格式与SSL记录格式相同,但版本号的值不同,TLS的版本1.0使用的版本号为SSLv3.1。?
1) sslProtocol="TLS" will enable SSLv3 and TLSv1
2) sslProtocol="TLSv1.2" will enable SSLv3, TLSv1, TLSv1.1 and TLS v1.2
3) sslProtocol="TLSv1.1" will enable SSLv3, TLSv1, and TLSv1.1
4) sslProtocol="TLSv1" will enable SSLv3 and TLSv1
5) sslProtocol="SSL" will enable SSLv3 and TLSv1
6) sslProtocol="SSLv3" will enable SSLv3 and TLSv1
7) sslProtocol="SSLv2" won\'t work

Tomcat SSL protocol设置和Java Client:

<Connector executor="tomcatThreadPool" port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="/opt/....keystore" keystorePass="soudang123"
               clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>

javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("TLS"); 

http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#getInstance%28java.lang.String%29

http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext

Tomcat 安装

CentOS7 Tomcat安装成系统服务,以非root用户启动

centos7 使用 systemctl 替换了 service命令

# systemctl list-unit-files --type service #查看全部服务命令
# systemctl status name.service #查看服务命令
# systemctl start name.service #启动服务
# systemctl stop name.service #停止服务
# systemctl restart name.service #重启服务
# systemctl enable name.service #增加开机启动
# systemctl disable name.service #删除开机启动
.service 可以省略

tomcat增加启动参数:tomcat 需要增加一个pid文件

# vi tomcat/bin/setenv.sh
#add tomcat pid
CATALINA_PID="$CATALINA_BASE/tomcat.pid"
#add java opts
JAVA_OPTS="-server -XX:MetaspaceSize=256M -XX:MaxMetaspaceSize=1024m -Xms1024M -Xmx2048M -XX:MaxNewSize=256m"

增加tomcat.service

vim /usr/lib/systemd/system/tomcat.service
Unit]
Description=Tomcat
After=syslog.target network.target

[Service]
Type=forking
PIDFile=/opt/tomcat8/tomcat.pid
ExecStart=/opt/tomcat8/bin/startup.sh
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
User=user
Group=user

[Install]
WantedBy=multi-user.target

Tomcat  Service控制

# systemctl enable tomcat
# systemctl start tomcat

tomcat在启动时候,执行start不会启动两个tomcat,保证始终只有一个tomcat服务在运行。

For more, refer to: http://www.jianshu.com/p/29ecd624046f

Tomcat配置管和理

Docs and References

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html

Tomcat Max threads & Thread Pool

Tomcat 7 default Max threads

  • http-bio-8080 Max threads: 200
  • http-bio-8443 Max threads: 200
  • ajp-bio-8009 Max threads: 200

Set up maxThreads

<Connector executor="tomcatThreadPool" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/opt/tomcat-ddtservice/ddtservice.192.168.1.90.keystore" keystorePass="***" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>

Thread Pool

<Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="500" minSpareThreads="20" maxIdleTime="60000" />

<Connector executor="tomcatThreadPool" port="8090" protocol="HTTP/1.1"  connectionTimeout="45000" redirectPort="8443" URIEncoding="UTF-8"/>

<Connector port="8443" executor="tomcatThreadPool" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/opt/tomcat-ddtservice/***.keystore" keystorePass="***"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>

maxThreads vs maxConnections

Tomcat can work in 2 modes:

  • BIO (one thread per connection), or
  • NIO (many more connections than threads).

Tomcat7 is BIO by default, although consensus seems to be "don\'t use Bio because Nio is better in every way". You set this using the "protocol" parameter in the server.xml file - BIO will be "HTTP1.1" or "org.apache.coyote.http11.Http11Protocol" and NIO will be "org.apache.coyote.http11.Http11NioProtocol"

If you\'re using BIO then I believe they should be more or less the same. If you\'re using NIO then actually "maxConnections=1000" and "maxThreads=10" might even be reasonable. The defaults are maxConnections=10,000 and maxThreads=200. With NIO, each thread can server any number of connections, switching back and forth but retaining the connection so you don\'t need to do all the usual handshaking which is especially time-consuming with HTTPS but even an issue with HTTP. You can adjust the "keepAlive" parameter to keep connections around for longer and this should speed everything up.

关于Keep-alive设置

maxKeepAliveRequests    If not specified, this attribute is set to 100.  一般设置100~200.

keepAliveTimeout       The default value is to use the value that has been set for the connectionTimeout attribute.

<Connector executor="tomcatThreadPool" port="8090" protocol="HTTP/1.1" connectionTimeout="45000" redirectPort="8443" URIEncoding="UTF-8"/>

 

Tomcat Manager配置

http://www.365mini.com/page/tomcat-manager-user-configuration.htm

conf/tomcat-users.xml
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
<user username="admin" password="123456" roles="manager-script"/>
</tomcat-users>

Tomcat Manager 4种角色的大致介绍(下面URL中的*为通配符):
manager-gui
    允许访问html接口(即URL路径为/manager/html/*)
manager-script
    允许访问纯文本接口(即URL路径为/manager/text/*)
manager-jmx
    允许访问JMX代理接口(即URL路径为/manager/jmxproxy/*)
manager-status
    允许访问Tomcat只读状态页面(即URL路径为/manager/status/*)

  • manager-gui - allows access to the HTML GUI and the status pages
  • manager-script - allows access to the text interface and the status pages
  • manager-jmx - allows access to the JMX proxy and the status pages
  • manager-status - allows access to the status pages only

The HTML interface is protected against CSRF but the text and JMX interfaces are not. 

Tomcat8 manager 默认本机访问,外部访问403未授权

新建conf/Catalina/localhost/manager.xml 内容如下:无须重启tomcat即可生效
<Context privileged="true" antiResourceLocking="false"
         docBase="${catalina.home}/webapps/manager">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
</Context>

Doc: Each deployed webapp has a context.xml file that lives in $CATALINA_BASE/conf/[enginename]/[hostname] (conf/Catalina/localhost by default) and has the same name as the webapp (manager.xml in this case). If no file is present, default values are used.
So, you need to create a file conf/Catalina/localhost/manager.xml and specify the rule you want to allow remote access.

Host Manager application

 

  • admin-gui - allows access to the HTML GUI and the status pages
  • admin-script - allows access to the text interface and the status pages

Tomcat class不用重启更新的办法

1. tomcat server.xml: 设置reloadable="false"
<Context docBase="DDTService" path="/ddt" reloadable="false" source="org.eclipse.jst.jee.server:DDTService"/>
2. 在eclipse中以debug模式启动Tomcat。

Tomcat控制台中文乱码解决办法

  1. 打开文件/tomcat/bin/catalina.bat
  2. set JAVA_OPTS= 的内容中添加选项-Dfile.encoding=GBK
  3. 重启tomcat即可

(Jenkins console中文乱码也随即解决了)   

Tomcat环境下解决http 的get方式提交的中文乱码问题

Tomcat在处理get和post请求的时候处理方式不同。

POST请求是将参数存放在请求数据包的消息体中

所以使用request.setCharacterEncoding("utf-8");可以处理

但是GET请求是将参数存放在url中,此时setCharacterEncoding就不起作用了,此时我们需要采用手写代码进行转码。

当然我们也可以修改tomcat配置文件来处理get请求的转码

方法一:改代码

String name = new String(request.getParameter("name").getBytes("ISO-8859-1"),"UTF-8");

方法二:改Tomcat下的server.xml配置文件下的Connector元素

添加:URIEncoding="UTF-8"  注1:是URIEncoding而不是URLEncoding

或者添加:useBodyEncodingForURI="true"

设置Java参数

bin\setenv.bat
set JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms256m -Xmx1024m -XX:PermSize=128m -XX:MaxPermSize=512m

or bin/setenv.sh
export JAVA_OPTS="-Dfile.encoding=UTF-8 -Xms512m -Xmx2048m -XX:PermSize=128m -XX:MaxPermSize=768m"

中文设置bin\setenv.bat
set JAVA_OPTS=%JAVA_OPTS% -Dfile.encoding=GBK

JDK8中用metaspace代替permsize,因此在许多我们设置permsize大小的地方同样需要修改配置为metaspace

将-XX:PermSize=200m;-XX:MaxPermSize=256m;

修改为:-XX:MetaspaceSize=200m;-XX:MaxMetaspaceSize=256m;

Tomcat java.lang.OutOfMemoryError: PermGen space

对tomcat,可以在catalina.bat中添加:
 "set CATALINA_OPTS=-Xms128M -Xmx256M
  set JAVA_OPTS=-Xms128M -Xmx256M",或者把%CATALINA_OPTS%和%JAVA_OPTS%代替为-Xms128M -Xmx256M

Tomcat java opts

setenv.bat

set "JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx1024m -XX:MaxPermSize=256m -server"

Tomcat in Eclipse out of memory: PermGen Size

解决方案为通过添加下面的参数增加分配给JVM的内存空间
-Xms256m -Xmx1024m -XX:PermSize=128m -XX:MaxNewSize=256m -XX:MaxPermSize=512m
网上的解决方案多半是针对纯Tomcat的情况,并非通过Eclipse启动的Tomcat。
或者修改eclipse.ini配置文件,不过这些方法都不适合Eclipse运行Tomcat抛出该异常的情况。
修改eclipse.ini配置文件增大的是Ecipse开发平台本身运行的JVM的空间,并非Eclipse启动Tomcat的内存空间。
正确的方法是,点击“Run” – “Run Configurations…”,选中Tomcat Server,进入Arguments分页,在VM arguments中加入提升初始分配空间的参数

解决Tomcat无法shutdown进程

确定是web应用的问题,忽略日志中的严重警告,因为这是关闭tomcat时候引起的,正常情况下不会发生这种内存泄露情况,而且Tomcat6.18以上版本的Tomcat已经 做了内存泄露保护,交给Tomcat完成吧,我们只需要在shutdown.sh之后,补上一个kill -9 pid即可。要是嫌这样太麻烦了,可以如下这样改:

==============================bin/shutdown.sh

exec "$PRGDIR"/"$EXECUTABLE" stop  -force "$@" #加上 -force  

==============================bin/catalina.sh 

在PRGDIR=`dirname "$PRG"`后面加上

if [ -z "$CATALINA_PID" ]; then

      CATALINA_PID=$PRGDIR/CATALINA_PID

      cat $CATALINA_PID

fi

Tomcat解压版注册Windows服务

ependecy:bin\目录下需要service.bat and Tomcat7.exe
    set "USER_INSTALL_DIR=C:\sd\install\DDT3forProduction"
    set "JAVA_HOME=%USER_INSTALL_DIR%\jdk1.6.0_45"   
    set "CATALINA_HOME=%USER_INSTALL_DIR%\apache-tomcat-7.0.52"
    service.bat install DDT3Tomcat
    net start DDT3Tomcat
    net stop DDT3Tomcat
    service.bat uninstall DDT3Tomcat



C:\sd\install\DDT3forProduction\apache-tomcat-7.0.52\bin>service.bat install
Installing the service \'Tomcat7\' ...
Using CATALINA_HOME:    "C:\sd\install\DDT3forProduction\apache-tomcat-7.0.52"
Using CATALINA_BASE:    "C:\sd\install\DDT3forProduction\apache-tomcat-7.0.52"
Using JAVA_HOME:        "C:\sd\install\DDT3forProduction\jdk1.6.0_45"
Using JRE_HOME:         "C:\sd\install\DDT3forProduction\jdk1.6.0_45\jre"
Using JVM:              "C:\sd\install\DDT3forProduction\jdk1.6.0_45\jre\bin\server\jvm.dll"
拒绝访问。
Failed to install serviceFailed installing \'Tomcat7\' service
A: cmd.exe以管理员身份运行

net stop tertonDXTomcat

 

Tomcat undeploy and deploy war

#undeploy
wget --http-user=admin --http-password=admin "http://server206:8080/manager/text/undeploy?path=/ddt" -O -
#deploy
wget --http-user=admin --http-password=admin "http://server206:8080/manager/text/deploy?war=file:C:/Documents and Settings/Administrator/.jenkins/workspace/DDT3/DDTService/ddt.war&path=/ddt" -O -

Wget for Windows:

Source: http://www.gnu.org/software/wget/
Source: http://mirror.hust.edu.cn/gnu/wget/
Binary: http://www.onlinedown.net/softdown/80943_2.htm
Add wget home to system env path, restart tomcat to let Jenkins know the path.

Tomcat修改上传war大小限制

http://server206:8080/manager    admin:admin    deploy war failure:
the request was rejected because its size (120592431) exceeds the configured maximum (52428800)
tomcat/webapps/manager/WEB-INF/web.xml
找到
      <multipart-config>
        <!-- 50MB max -->
        <max-file-size>52428800</max-file-size>
        <max-request-size>52428800</max-request-size>
        <file-size-threshold>0</file-size-threshold>
      </multipart-config>
    </servlet>
    <servlet>
修改为
    <!-- 100MB max -->
       <max-file-size>104758600</max-file-size>
       <max-request-size>104758600</max-request-size>
       <file-size-threshold>0</file-size-threshold>
     </multipart-config>
http://blog.csdn.net/b1412/article/details/7056250

 

Tomcat设置提交参数的最大值

关于maxPostSize,tomcat默认是2M,单位为字节。maxPostSize=”0”则表示不限制大小。

https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html

maxPostSize

The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The limit can be disabled by setting this attribute to a value less than zero. If not specified, this attribute is set to 2097152 (2 megabytes). Note that the FailedRequestFilter can be used to reject requests that exceed this limit.

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" maxPostSize="5120000"/>

 

Tomcat运行状态war增加jar

http://linuxproblems.org/wiki/Add_or_update_files_in_a_war_file

http://blog.omnidarren.com/2013/07/install-jar-command-on-centos-6/

http://www.coderanch.com/t/619252/Tomcat/Tomcat-find-classes-WEB-INF

http://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html

javax.servlet.ServletException: Error instantiating servlet class com.cci.framework.core.servlet.BarCodeServlet

   org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)

        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

        org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)

org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)

org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)

        org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)

        java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

       org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        java.lang.Thread.run(Thread.java:744)

root cause

java.lang.Error: Unresolved compilation problems:

        The import org.jbarcode cannot be resolved

        The import org.jbarcode cannot be resolved

        The import org.jbarcode cannot be resolved

        The import org.jbarcode cannot be resolved

        JBarcode cannot be resolved to a type

        JBarcode cannot be resolved to a type

        Code128Encoder cannot be resolved

。。。

 

C:\Users\Mark>jar -uf C:\sd\releases\Production20151015\20151015_190545\ddt.war C:\sd\eclipse-jee-luna-SR1-win32\eclipse\workspace\DDTService\web\WEB-INF\lib\jbarcode-0.2.8.jar

Tomcat 修改默认ROOT路径

在<host></host>标签之间添加上:
<Context path="" docBase="myjsp" debug="0" reloadable="true" />
path是说明虚拟目录的名字,如果你要只输入ip地址就显示主页,则该键值留为空;
docBase是虚拟目录的路径,它默认的是$tomcat/webapps/ROOT目录,现在我在webapps目录下建了一个myjsp目录,让该目录作为我的默认目录。
debug和reloadable一般都分别设置成0和true。

Tomcat HTPPS设置

https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

Introduction to SSL/TLS

the data being sent is encrypted by one side

two-way process

 

Tips

  1. asked if he or she wishes to accept the Certificate at first time visit
  2. encryption/decryption is a computationally expensive process from a performance standpoint, It is not strictly necessary to run an entire web application over SSL, and indeed a developer can pick and choose which pages require a secure connection and which do not.

sensitive information:

  1.                          i.              login pages
  2.                        ii.              personal information pages
  3.                       iii.              shopping cart checkouts: credit card information
  4. using name-based virtual hosts on a secured connection can be problematic. If the domain names do not match, these browsers will display a warning to the client user.

 

JMX监控Tomcat

set JAVA_OPTS=-Dfile.encoding=GBK -Xms256m -Xmx1024m -XX:PermSize=128m -XX:MaxPermSize=512m -Dcom.sun.management.jmxremote.port=10090 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file="%CATALINA_BASE%\conf\logging.properties"

Linux必须指定erver,否则连不上:
export JAVA_OPTS="-Dfile.encoding=UFT-8 -Xms256m -Xmx1024m -XX:PermSize=128m -XX:MaxPermSize=512m -Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=120.24.88.139 -Dcom.sun.management.jmxremote.port=10090 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"

Tomcat session设置

三种方式优先级:1 < 2 <3
1. [tomcat home]\conf\web.xml:Tomcat默认session超时时间为30分钟,可以根据需要修改,负数或0为不限制session失效时 间。
    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>
2. 在工程的web.xml中设置
    <session-config>
        <session-timeout>20</session-timeout>
    </session-config>
3. 通过java代码设置
session.setMaxInactiveInterval(30*60);//以秒为单位,即 在没有30分钟活动后,session将失效。

防止session超时的编程方法

http://zhumeng8337797.blog.163.com/blog/static/100768914201361622331186/

 

Jenkins in Tomcat

http://server206:8080/jenkins/job/DDT3

http://server206:8080/ddt

Email-ext:

https://wiki.jenkins-ci.org/display/JENKINS/Email-ext+plugin
    email-templates should be put in Jenkins home instead of jenkins directory in tomcat home (Jenkins>Configurations:Home directory)
        Home Directory:    C:\Documents and Settings\Administrator\.jenkins            /home/httpd/jenkins
        Workspace Root Directory: ${JENKINS_HOME}/workspace/${ITEM_FULLNAME}    ${ITEM_ROOTDIR}/workspace
        Build Record Root Directory: ${ITEM_ROOTDIR}/builds        ${ITEM_ROOTDIR}/builds
       
    Global properties
    Environment variables
        rooturl=http://server206:8080/jenkins/
        lang=zh_CN.GBK
    Tool Locations
        Ant home

 

::undeploy

wget --http-user=admin --http-password=admin "http://192.168.1.155:8080/manager/text/undeploy?path=/ddt" -O -

::deploy

wget --http-user=admin --http-password=admin "http://192.168.1.155:8080/manager/text/deploy?war=file:\\server206\Jenkins_workspace\DDT3Service\DDTService\ddt.war&path=/ddt" -O -

 

mount -o username=administrator //192.168.1.206/Jenkins_workspace /mnt

::undeploy

wget --http-user=admin --http-password=admin "http://192.168.1.155:8080/manager/text/undeploy?path=/ddt" -O -

::deploy

wget --http-user=admin --http-password=admin "http://192.168.1.155:8080/manager/text/deploy?war=file:/mnt/DDT3Service/DDTService/ddt.war&path=/ddt" -O –

 

Tomcat错误解决

java.io.NotSerializableException错误解决方法

十二月 24, 2015 8:03:15 下午 org.apache.catalina.session.StandardManager doLoad

严重: IOException while loading persisted sessions: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: com.cci.ddt.gov.view.ViewForShareHolder

java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: com.cci.ddt.gov.view.ViewForShareHolder

        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1354)

http://blog.csdn.net/forandever/article/details/4553447

原因是:tomcat停止时,保存session资源,然后在重启服务后,会尝试恢复session。

在server.xml中Context下添加如下的内容:

<Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false"/>

or

<Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false">

        <Store className="org.apache.catalina.session.FileStore"/>

    </Manager>

 

Tomcat 8

OpenJDK 64-Bit Server VM warning: ignoring option PermSize=512m; support was removed in 8.0

OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=1024m; support was removed in 8.0

 

http://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html

Compatibility Guide for JDK 8 says that in Java 8 the command line flag MaxPermSize has been removed.

The reason is that the permanent generation was removed from the hotspot heap and was moved to native memory.

 

Error parsing HTTP request header: java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

十月 12, 2017 1:52:25 下午 org.apache.coyote.http11.AbstractHttp11Processor process
信息: Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
    at org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:189)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1000)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745) 

Tomcat在 7.0.73, 8.0.39, 8.5.7 版本后,添加了对于http头的验证。

RFC3986文档规定,Url中只允许包含英文字母(a-zA-Z)、数字(0-9)、-_.~4个特殊字符以及所有保留字符。

RFC3986中指定了以下字符为保留字符:

!*\'();:@&=+$,/?#[]

解决办法:
配置tomcat的catalina.properties
添加或者修改:
tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}
当然还有另外一种方法,就是将所有的参数都进行编码

 

 

 

 

Tomcat+java的web程序持续占cpu问题调试解决方法:

1、先用top查看占用cpu的进程id
$ top
top - 12:41:04 up 12 days, 20:46,  3 users,  load average: 4.77, 5.01, 4.95
Tasks: 223 total,   2 running, 221 sleeping,   0 stopped,   0 zombie
%Cpu(s): 93.5 us,  0.2 sy,  0.0 ni,  6.3 id,  0.1 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 16301388 total,  7697092 free,  5016448 used,  3587848 buff/cache
KiB Swap:  8191996 total,  8191996 free,        0 used. 10916832 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                         
27127 user      20   0 7951404 3.337g  14064 S 556.8 21.5 294:12.37 java                                                            
32197 user      20   0 5531164  21744  10256 S   3.7  0.1   0:00.11 jstack                                                          
 1900 mysql     20   0 3580036 499996   8168 S   1.0  3.1  80:09.60 mysqld                                                          
32060 user      20   0  146144   2128   1436 R   0.7  0.0   0:00.84 top                                                             
 2530 user      20   0  470192   5932   3668 S   0.3  0.0   0:07.09 ibus-daemon                                                     
22415 root      20   0       0      0      0 S   0.3  0.0   0:04.50 kworker/4:0                                                     
    1 root      20   0  193092   8444   2612 S   0.0  0.1   1:13.95 systemd                                                         
    2 root      20   0       0      0      0 S   0.0  0.0   0:00.60 kthreadd                                                        
    3 root      20   0       0      0      0 S   0.0  0.0   0:04.79 ksoftirqd/0                                                     
    5 root       0 -20       0      0      0 S   0.0  0.0   0:00.00 kworker/0:0H                                                    
    7 root      rt   0       0      0      0 S   0.0  0.0   0:00.69 migration/0                                                     
    8 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcu_bh                                                          
    9 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/0                                                         
   10 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/1                                                         
   11 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/2                                                         
   12 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/3                                                         
   13 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/4                                                         
   14 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/5                                                         
   15 root      20   0       0      0      0 S   0.0  0.0   3:05.18 rcu_sched                                                       
   16 root      20   0       0      0      0 S   0.0  0.0   0:33.15 rcuos/0
2、再用ps -ef | grep PID定位具体的进程主体;如是否是tomcat启动的java程序
3、用ps -mp pid -o THREAD,tid,time打印出该进程下的线程占用cpu情况: ps -mp 27127 -o THREAD,tid,time
        找到了耗时最高的线程28802,占用CPU时间快两个小时了!
[user@yfddt6Z ~]$ ps -mp 27127 -o THREAD,tid,time
USER     %CPU PRI SCNT WCHAN  USER SYSTEM   TID     TIME
user      4.1   -    - -         -      -     - 05:16:47
user      0.0  19    - futex_    -      - 27127 00:00:00
user      0.0  19    - poll_s    -      - 27128 00:00:00
user      0.5  19    - -         -      - 27130 00:44:40
user      0.5  19    - -         -      - 27131 00:44:40
user      0.5  19    - -         -      - 27132 00:44:40
user      0.5  19    - -         -      - 27133 00:44:40
user      0.5  19    - -         -      - 27134 00:44:39
user      0.5  19    - -         -      - 27135 00:44:39
user      0.0  19    - futex_    -      - 27136 00:03:20
user      0.0  19    - futex_    -      - 27137 00:00:00
user      0.0  19    - futex_    -      - 27138 00:00:03
user      0.0  19    - futex_    -      - 27139 00:00:00
user      0.0  19    - futex_    -      - 27140 00:01:05
user      0.0  19    - futex_    -      - 27141 00:00:47
user      0.0  19    - futex_    -      - 27142 00:00:00
user      0.0  19    - futex_    -      - 27143 00:03:33
user      0.0  19    - futex_    -      - 27144 00:00:00
user      0.0  19    - futex_    -      - 27147 00:00:07

4、其次将需要的线程ID转换为16进制格式:printf "%x\n" tid
printf "%x\n" 27130
5、最后打印线程的堆栈信息:jstack pid | grep tid -A 30
        找到出现问题的代码,并分析具体函数中是否有可能出现死循环的代码段。
        通常问题出现在while, for之类的循环代码片段。
[user@yfddt6Z ~]$ /usr/java/jdk1.7.0_79/bin/jstack 27127 | grep 69fa -A 30
27127: Unable to open socket file: target process not responding or HotSpot VM not loaded
The -F option can be used when the target process is not responding
[user@yfddt6Z ~]$ /usr/java/jdk1.7.0_79/bin/jstack -F 27127 | grep 69fa -A 30
Attaching to process ID 27127, please wait...
Debugger attached successfully.
Server compiler detected.
JVM version is 24.79-b02
        
        
jstack command not found on centos
[root@yfddt5Z logs]# sudo updatedb
[root@yfddt5Z logs]# locate jstack
/usr/java/jdk1.7.0_79/bin/jstack
/usr/java/jdk1.7.0_79/man/ja_JP.UTF-8/man1/jstack.1
/usr/java/jdk1.7.0_79/man/man1/jstack.1

jstack: Unable to open socket file: target process not responding or HotSpot VM not loaded

设置Tomcat tmp目录到linux系统的tmp目录

[user@yfddt6Z tomcat7]$ top
top - 14:53:40 up 176 days,  2:46,  4 users,  load average: 5.28, 4.84, 2.76
Tasks: 230 total,   1 running, 226 sleeping,   2 stopped,   1 zombie
%Cpu(s): 94.0 us,  0.1 sy,  0.0 ni,  5.9 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 16301388 total,   204244 free,  4237368 used, 11859776 buff/cache
KiB Swap:  8191996 total,  8191028 free,      968 used. 11471412 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                         
32119 user      20   0 6735608 2.340g  16612 S 565.7 15.0  67:57.98 java                                                            
    1 root      20   0  206972  22312   2620 S   0.0  0.1  10:29.64 systemd                                                         
    2 root      20   0       0      0      0 S   0.0  0.0   0:04.05 kthreadd                                                        
    3 root      20   0       0      0      0 S   0.0  0.0   0:22.83 ksoftirqd/0                                                     
    5 root       0 -20       0      0      0 S   0.0  0.0   0:00.00 kworker/0:0H                                                    
    7 root      rt   0       0      0      0 S   0.0  0.0   0:03.51 migration/0                                                     
    8 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcu_bh                                                          
    9 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/0                                                         
   10 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/1                                                         
   11 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/2                                                         
   12 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/3                                                         
   13 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/4                                                         
   14 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcuob/5                                                         
   15 root      20   0       0      0      0 S   0.0  0.0  32:05.79 rcu_sched                                                       
   16 root      20   0       0      0      0 S   0.0  0.0   4:52.26 rcuos/0                                                         
   17 root      20   0       0      0      0 S   0.0  0.0   4:55.87 rcuos/1                                                         
   18 root      20   0       0      0      0 S   0.0  0.0   4:54.44 rcuos/2                                                         
   19 root      20   0       0      0      0 S   0.0  0.0   4:57.84 rcuos/3                                                         
   20 root      20   0       0      0      0 S   0.0  0.0   4:52.57 rcuos/4                                                         
   21 root      20   0       0      0      0 S   0.0  0.0   5:15.51 rcuos/5