Category Archives: Geek Stuff

A Gotcha: Adobe ColdFusion 10, Apache Tomcat, J2EE Sessions

I’ve spent a bit of time over the past month or so playing with setting up a couple of my development systems to run both Railo and Adobe ColdFusion 10 concurrently on a stock install of Apache Tomcat 7. In the case of ACF10, my interest in running on stock Tomcat is based on a desire get away from the custom-built and now out-dated version of Tomcat which Adobe (unwisely, in my opinion) bundles with ACF10. This past week I bumped into a bit of a gotcha that took me quite a bit of time to track down and solve. In the hopes of helping others avoid this same problem and so that I don’t forget it, I’ll share what I ran into and how to solve it.

The symptoms I was seeing were that as soon as I enabled J2EE sessions in the CF administrator and then subsequently stopped Tomcat for any reason, Tomcat would no longer start cleanly, it was no longer bringing up the context running ACF, and because it was not starting cleanly it would also not shutdown cleanly. As weird as this seemed (and sounds, I realize), this was very repeatable. I had it down to something I could reproduce in under 5 minutes: set up a clean new Tomcat install, deploy ACF10 on it via a WAR file, sign into the CF admin, enable J2EE sessions, stop Tomcat… and it would no longer start. There was nothing in the ${CATALINA_BASE}/logs/catalina.out log file indicating what was wrong; it just looked like Tomcat would hang as it was starting. I determined I could install, deploy, and then start/stop Tomcat successfully as many times as I wanted and the problem would not show up until and unless I enabled J2EE sessions in the CF admin. It did not seem to be dependent on whether ACF10 was patched or the specific version of Tomcat.

At one point, I even dug around and figured out how to change the log level used by Catalina, in the hopes that a bit more detail might shed some light on the problem but the bump of one additional level of detail took the log entries on starting Tomcat from under 40 to over 15,000… and while the nature of the problem — in retrospect, of course — might well have been touched on in that blizzard of log entries, I couldn’t find anything even remotely resembling a needle in that sea of haystacks.

It seemed like something specifically related to turning on J2EE sessions in ACF10 was breaking Tomcat. Based on a suggestion from a co-worker, I removed write permissions for the user under which Tomcat was running from all folders under ${CATALINA_BASE} except the ./logs/ and ./webapps/ folders, in an attempt to see if I could determine where the breakage was occurring. On starting Tomcat, I noticed a complaint in the ${CATALINA_BASE}/logs/catalina.out log file about not being able to write to folder ${CATALINA_BASE}/work/Catalina/localhost/_. Looking in that folder, I found a file named SESSIONS.ser. Doing a bit of Googling, I came across a short blog post dealing with session persistence across Tomcat restarts.

I’m not going to pretend that I know why Tomcat would have session persistence enabled across restarts, or why I might want to persist sessions across restarts (I really can’t come up with a scenario where I would want that), or why enabling J2EE sessions in ACF10 would seem to break this persistence… but clearly it does. That file gets written on stopping Tomcat and is then read and removed when Tomcat next starts/restarts. To disable this persistence, the context(s) within Tomcat on which ACF10 is enabled need to include a Tomcat session manager component specifically configured to disable this persistence:

...
<Manager pathname="" />
...

This is touched upon in the Apache Tomcat docs here. That session manager component can occur in any of the supported locations where contexts are configured in Tomcat. Once I confirmed this to solve the problem, I took a quick peek at the context configuration for ACF10 when it is running against the Adobe-provided custom build of Tomcat 7.0.23, and — sure enough — it disables session persistence in precisely this same manner.

The one upside to all of the time I spent tracking this down is that I can now install Tomcat and deploy ACF on it in a matter of just a few minutes in a variety of ways, including multiple virtual hosts under a single Tomcat, multiple Tomcat installs running on different ports, and  a single Tomcat install with multiple instances via use of ${CATALINA_HOME} and ${CATALINA_BASE}. I’m kicking myself for not looking at deploying ACF on stock Tomcat three years ago when I learned of Adobe’s choice with ACF10 to use a non-stock Tomcat that they inexplicably have not updated.

Hey, that’s me!

ActiveState recently stood up a new Web site specifically for Komodo IDE/Edit (which I find encouraging, as I have long felt that it wasn’t featured prominently enough of the ActiveState site) and have been tweeting quite a bit about Komodo the past few weeks (also encouraging). As part of that effort that seems focused on raising the visibility of what I have long felt to be a tremendously powerful general-purpose code IDE/Editor that isn’t horribly bloated and sluggish (yup, that’s looking at you Eclipse!), the Komodo team kicked off a promotion to give away a couple of licenses based on submitting a screenshot of your Komodo set-up.

So I did. And I won…

I am grateful for the license (and their comments about my entry). As a long-time user of Komodo (I use Edit at home, and IDE at work), I have always been impressed by both the product and the quality and level of support provided by the people behind it. And I am glad to see that ActiveState is taking an active role to raise its visibility — that seems to me to bode well for its future.

With some of the recent/upcoming changes to the CFML language from both the Railo and Adobe ColdFusion product updates, I’ll be digging back into my Komodo-CFML language extension for some updates in the coming weeks.

Setting up a HyperSQL Database Server

I’m in the process of rebuilding one of my development boxes at the moment, and when I needed a SQL database engine this weekend to support a bit of quick prototyping, I decided I would take a shot at setting up a HyperSQL database server. This is something I’ve been meaning to look into for other reasons for a while: HyperSQL is small, fast, flexible, provides good SQL coverage (more complete, for instance than Apache Derby), and has the ability to tune its behavior to more closely mirror other SQL engines.

Here is a quick recipe for getting a basic server up and running. This should work equally well on both Mac OS X and Linux (I have used this basic recipe on both platforms).

My system already has a Java 7 JRE/JDK installed, which is really the only prerequisite. For the sake of simplicity, I install HyperSQL in /opt/hsqldb and I keep my database-related files in ~/hsqldb-catalogs/. Commands entered at the shell prompt are shown below starting with $, while commands entered in the HyperSQL CLI are shown below starting with >. Note that some of these commands may appear wrapped below; they should each be entered on a single line when used.

  1. Download the latest version of HyperSQL (version 2.3.1, as of this writing) from hsqldb.org.
  2. Unzip the downloaded file (assumed to be in ~/Downloads/):
    $ cd ~/Downloads
    $ unzip hsqldb-2.3.1.zip
    $ sudo mv ./hsqldb-2.3.1/hsqldb /opt
    $ rmdir hsqldb-2.3.1
  3. Create the folder where the server will store its database files:
    $ mkdir ~/hsqldb-catalogs
  4. Create the properties file that provides basic information for the server, including our test database. Save this file as ~/hsqldb-catalogs/server.properties:
    # File: server.properties
    # =====
    # HSQLDB configuration file
    # Databases:
    server.database.0=file:test/test
    server.dbname.0=testdb
    # =====
    # Other configuration:
    # Port
    server.port=9001
    # Show stuff on the console (change this to true for production):
    server.silent=false
    # Don't show JDBC trace messages on the console:
    server.trace=false
    server.no_system_exit=false
    # Do not allow remote connections to create a database:
    server.remote_open=false
    # =====
  5. Create the configuration file for the CLI HyperSQL tool, describing two different connections to our test database: one as the default system administrative user “SA” and one as a normal administrative user “RON” which we will create in a few minutes. Save this tool as ~/sqltool.rc:
    # File: ~/sqltool.rc
    # =====
    # Connect to testdb on localhost as SA (no password initially):
    urlid localhost-sa
    url jdbc:hsqldb:hsql://localhost/testdb
    username SA
    password
    # Connect to testdb on localhost as RON:
    urlid localhost-ron
    url jdbc:hsqldb:hsql://localhost/testdb
    username RON
    password strong-random-password
    # =====
  6. Start the server. This will create our test database using the following commands in a terminal window:
    $ cd ~/hsqldb-catalogs
    $ sudo java -cp /opt/hsqldb/lib/hsqldb.jar org.hsqldb.server.Server --props ./server.properties
  7. Open a second terminal window and start the HyperSQL CLI “sqltool”, connecting to our test database as user “SA”:
    $ java -jar /opt/hsqldb/lib/sqltool.jar localhost-sa
  8. As a general rule, I don’t like signing in using the system administrator account, so the first thing I typically do is create an administrative user account for my use:
    > create user RON password 'strong-random-password';
    > grant DBA to RON;
    > \q
  9. Make sure you have your “strong-random-password” recorded correctly in ~/sqltool.rc, and restart the HyperSQL CLI:
    $ java -jar /opt/hsqldb/lib/sqltool.jar localhost-ron

You’re done. You have a fully-functional database server, providing a single database called “testdb” for your use.

If you want to play with sample data, consider the following (while connected as either “SA” or your administrative account):
> create schema sampledata authorization DBA;
> set schema sampledata;
> \i /opt/hsqldb/sample/sampledata.sql

When you’re ready to shut down the server, you can do it while connected to the server as a user with DBA role:
> shutdown;

Alternatively, you can shut down the server from the command-line:
$ java -jar /opt/hsqldb/lib/sqltool.jar --sql 'shutdown;' localhost-ron

Some final thoughts:

  1. Read the docs: the user guide and the utilities guide for HyperSQL are good, and provide thorough coverage of what HyperSQL is capable of (which appears to be quite a bit) and how to use it, including connecting via JDBC.
  2. You almost certainly want to set a password for the default “SA” user, and remember to update your ~/sqltool.rc file when you do.
  3. Protect ~/sqltool.rc — obviously this file, with information about catalogs, users, and passwords needs to be protected.

Recap: Adobe ColdFusion Summit 2013

I’m going to try to capture my thoughts on Adobe’s recent inaugural ColdFusion Summit 2013 conference. You’ll find lots of my own opinions here and a bit of rambling. There may or may not be much of value to you as a reader.

Overall Impression

For the first year of a new conference, I felt like the conference organizers did a decent job of pulling it off. Acceptable facilities, good food, good reception, good WiFi, good breadth and depth of topics to choose from and delivered by a combination of both known and previously-unknown (to me, at least) speakers. The conference itself had a few rough spots (more on that below). I came interested primarily in hearing Adobe’s position on ColdFusion’s future and walked away convinced that at least the Adobe CF team itself is convinced CF does have a future. I remain concerned about certain aspects of that future and not entirely convinced in the CF team (but that’s a subject for a separate blog post).

Facilities and Conference Stuff

I should preface this with the statement that I am not a “Las Vegas person” — very little about Las Vegas itself is appealing to me. I’m also not crazy about big resort hotels, and the Mandalay Bay Resort is nothing if not that. I would be perfectly happy in a smaller conference facility somewhere else.

Signage is definitely not the resort’s strong suit, and we spent 45 minutes wandering around Wednesday evening looking for the early check-in location and asking people that seemed to be associated with the hotel and/or convention center where it was before someone finally pointed us in the right direction, only to find out they didn’t have our t-shirts so we gave up and went to get dinner and just waited to check in Thursday morning. Check-in itself on Thursday morning was simple, smooth, and fast. If you are going to offer some sort of early check-in, make it easy to find and have the stuff ready, or don’t bother.

The session and keynote rooms were sufficient but only barely so: sub-par audio, small screens, and poor room layout all made for challenging settings for both speakers and listeners. I’ve had to present in rooms like those, and it is challenging at best. I did like the classroom sort of setting where everyone was sitting at tables, and the decent WiFi coverage was a pleasant surprise. Only one of the rooms had power at the tables; it would have been nice for that to be more widespread. Having all of the presentation venues very close to each other was a plus.

At several points in both the opening keynote and the closing comments delivered by Adobe reps, they touched on having to cap attendance at 500 and how that number was significantly above what they originally had planned for. I left wondering if the juggling to accommodate a larger-than-initially-anticipated group of attendees resulted in some juggling on the facilities side and contributed to room layouts, etc., that left quite a bit to be desired.

I appreciated the single-sheet agenda handed out at check-in, although I would have liked for the single-sheet agenda to have included the names of the speaker(s) for each session. The conference Web site was acceptable, although I never did figure out why they wanted us to set up a schedule there… and the session-scheduling part of the Web site was pretty clumsy. I couldn’t install the conference app on my phone, but no one I talked to using the app on either Android or iOS was impressed with the app or even had much positive to say about it.

In general, the length of the sessions, breaks, and the overall length of each day was about right. Very few of the sessions I sat in on, however, left any time for questions at the end; this may be something the organizers and content committee should touch on with presenters in the future or extend the sessions slightly to accommodate questions. (I would be curious to hear opinions from the presenters themselves on this item.)

My impression is that the conference organizers hadn’t made plans to either record any of the presentations or provide a central place from which presenter slide decks could be downloaded; the second of those two was a particularly surprising decision or oversight.

Some of the stumbles were surprising given that Adobe has been involved in conferences larger that this for many years. If there are to be subsequent versions of this conference — and it seems pretty obvious from the closing wrap-up that the intent is that there will be — and if the conference organizers can retain the generally high quality of most of the content and if the conference organizers can address some of the facility-related shortcomings, this could be a very good conference in the future.

Session Recap

A few thoughts on the sessions I attended…

Day 1 keynote (Ben Forta, others): Disappointing. Ben Forta started with a quick look back at the history of CF and at some of the successes and failures in CF along the way, talked a little about where he sees things headed, that CF has now been dead for more than half its life and continues to grow and evolve in spite of being dead, and finished with a few of his own opinions on what CF’s strengths are and where it should be headed. Ben gave way to a couple members of the Adobe CF team and the keynote — for a keynote, but particularly for a day 1 keynote of a new conference — went off a cliff. It turned into a detailed demo including code, etc., that felt like it had largely been thrown together and had not been rehearsed or screened to fit into the allotted time. This was not opening day keynote stuff, either in content or in presentation. More concerning to me, though, was the contradiction between BF’s take on where things should be heading… immediately followed by lots code and demos of the CF team’s CFCLIENT efforts. I’m not a fan of the CFCLIENT idea, and nothing I heard in sessions or follow-up blog posts has convinced me that CFCLIENT and the effort/resources Adobe is pouring into it are a good choice. To have that contradiction so visible within the content of the opening day keynote reinforced my own concern that Adobe and the CF team don’t see the importance of some of the “soft side” of CF: the value of communication and the importance of getting the message right. I’ve increasingly felt that way for the past couple years and this conference repeatedly reinforced that concern. The keynote itself suffered greatly from the combination of terrible acoustics, high A/V system volume, poor physical layout, small screens, and speakers with accents speaking way too quickly. There were portions, even during BF’s portion, where I simply could not understand what he was saying and it was even more challenging with the other members of the CF team. In watching the #CFSummit2013 twitter feed during and after the keynote, I know I’m not alone in those concerns or in my take on the keynote.

Language enhancements in ColdFusion Splendor (Vamseekrishna N of the Adobe CF team): Poor. Illegible slides (yellow text on white background rendered at a small size, anyone?), almost entirely a repeat of stuff from the keynote (which admittedly should not have been in the keynote in the first place), poorly organized and presented content, and struggles with tools. (Seriously? A CF team member that doesn’t know how to change the font size in Adobe’s flagship CF development tool?) Poor audio, bad room layout, small screens. In terms of the changes coming in the language itself, I see some things I like: member functions, something closer to full coverage of the language’s capabilities in CFSCRIPT, better/more complete JSON handling.

Java Integration (Dave Gallerizzo): Good intro presentation to what you can do with Java both in using existing Java libraries and in invoking CF stuff from within Java. Good presenter. Nothing really earth-shattering or eye-opening for me there.

What’s New and Different in ColdFusion 10 on Tomcat (Charlie Arehart): Very good. Charlie is one of the rare speakers with both extraordinary knowledge and the ability to share that knowledge effectively in the setting of a conference presentation. I’ve used Tomcat for the past couple years outside of just in ColdFusion’s stack, but even so there were a couple of nuggets from his session that were new and potentially valuable to me.

Advanced OO in ColdFusion (Scott Stroz): Very good. Scott’s usual blend of expertise and humor made for an informative and enjoyable session. Despite being assigned to a huge room, Scott has enough presence, clearly is a sufficiently experienced presenter, and structured his slides in a manner that the setting itself did not detract from the presentation.

Preview: ColdFusion Splendor (Rupesh Kumar): Good. Lots of overlap with the technical detail already covered in the keynote and in the earlier session on coming language enhancements, but I felt like Rupesh did a much better job of covering the relevant content at an appropriate level and in an understandable manner. Realistically, though, I think the CF team would have been better served by having this be the primary session touching on what’s coming in the next version of CF here and avoiding the duplication of content in at least three sessions. One slightly surprising thing that came out of this session was when I asked about approximate release dates for the next version, Rupesh’s response indicated that it would be “sometime next year”, representing a pretty significant slip from earlier communications.

Reception: Good. Good setting, free drinks, and decent appetizers for a couple hours in one of the restaurants in the conference resort. Great setting to just sit and talk, as well as to circulate. Enjoyed a short conversation with Elishia Dvorak of the Adobe team, and appreciated the fact that someone from the Adobe team was making an effort to find out who was at the conference and what they were working on.

CFHour session (Scott Stroz and Dave Ferguson): Really poor. I’ve listened to their podcast for the past few months and typically enjoy (or sometimes just tolerate) their mix of information, opinions, commentary, and humor. This one seemed to take a big turn south when it became known that they were not going to be able to record the session. Any apparent attempt to provide value seemed to go out the window at that point. I should have just gone and gotten another beer. Funniest part was Jason Dean’s brief appearance. Some interesting back and forth with the audience when the subject of the recent security event involving someone taking copies of source code for Adobe products was raised, but still no word of any sort from Adobe or the CF team on what was taken, what they are doing in the aftermath of the event, or whether they believe this event represents any sort of additional security concern for CF users.

Side note: Earlier in the day, I had stopped to ask a couple questions of one of the CF team members at their table set up in the hall. I posed the question of when Adobe would be making further information available. The team member immediately turned to look at one of the more senior team members who came over and recited almost verbatim the line that as long as I didn’t have the CFIDE stuff publicly available and had my server locked down, there were no known risks. This isn’t even the question I asked… so clearly they had been directed to simply recite this line and try to move on. When I asked a second question about support for Apache 2.4, I got a shrug and a “we’re not sure”. OK, then… oh-for-two. Time wasted; get some lunch.

Day 2 keynote (Avi Rubin): Good. Interesting discussion of software and information security. Not specifically CF-focused, which generated some Twitter traffic, but still absolutely relevant to those of us working as within the application development space. Very enjoyable change of pace.

NoSQL (Dan Wilson): Very good. Really approachable introduction to NoSQL through MongoDB. Good breadth and depth for an intro. Good mix of technical content, experience anecdotes, and Dan’s dry sense of humor. I’ve never played with a NoSQL back-end for data storage, but after sitting through this session, I plan to look hard at it for certain portions of the less relational information we’re collecting and maintaining in some of our applications. Great slides, even for code content and even taking into account the poorly laid-out presentation space.

Closures (Adam Tuttle): Very good. A great introduction to the concept. Really liked that his preso was based on Reveal.JS and was available for us to follow along with on our laptops while he went through it, completely eliminating any concerns about visibility/legibility of code snippets, etc. I’ve used callbacks and anonymous functions in jQuery more than in CF, and even occasionally some simple closures in JavaScript, so very much enjoyed digging a little deeper into this. Very much liked Adam’s preso deck and appreciated his understated approach in presenting.

Amazon Web Services (Brian Klass): Very, very good. Probably the most eye-opening session for me of the conference. Brian did an incredible job of cramming a very broad and very deep subject into an hour. We’ve not done anything with moving toward AWS or any other cloud-based infrastructure yet but have been toying with a move in that direction for a couple of reasons. This was a real eye-opener for me as to just how different hosting in that environment would be in terms of architecting and maintaining infrastructure compared to just standing up another physical server in our current network DMZ. Great slides in terms of content and legibility, and a very knowledgable, polished presenter.

CF911: Server Troubleshooting (Charlie Arehart): Very good. Typical Charlie Arehart presentation: great content, great slides, great delivery. As has always been the case when I’ve attended one of his sessions, I walked away with several specific items I will go dig into. I’m convinced Charlie is one of real gems of the CF community with his experience, knowledge, ability and willingness to teach and share, and his personality.

Advanced Caching (Rob Brooks-Bilson): Good. I figured this would be sort of a throw-away for me, as I sat in on it simply because there was nothing more interesting on the agenda at that point… but I have to say I was impressed. Very interesting presentation on what’s becoming possible with some new products to enable caching on a huge scale. Not really relevant — at the huge scale discussed in Rob’s presentation — to my current work, but it was interesting enough to keep me awake (despite being exhausted) and convinced me that I do need to look into caching at least a little bit.

Closing remarks (Adobe rep; no idea who he was and he didn’t introduce himself): OK at best. Nothing earthshaking or new to wrap things up. Reiterated that there is growth in the Adobe CF customer base (at least when measured in new customers) and he emphasized that this was new customers, not just new license sales. Also touched on Adobe’s efforts to support the CF community through their and others’ education initiatives.

Summary

The conference itself came off reasonably well and has potential to be even better in the future. I certainly came away feeling like attending was both time and money well-spent. Some very, very good presentations with real value for me and my team. I continue to be concerned about Adobe’s management, support, and vision for the evolution of the CF product, perhaps less so than 6 months ago, but still concerned. I’ll write more on that in the near future.

Spam (again? still?)

Somewhere in the past couple days, we passed last year’s high water mark of 75,333 spam comments on this blog, and now we venture into the last 3.5 months of the calendar in uncharted territory on a pace that should see us clear 100,000 total for the year (if we just do a straight-line extrapolation from the numbers year-to-date).

Awesome.

And three more have come in while I write this…