Java App Servers

Java application servers that support the Java EE platform and features include JOnAS from Object Web, WildFly (formerly JBoss AS) from JBoss, Geronimo from Apache, TomEE from Apache, Resin Java Application Server from Caucho Technology, Blazix from Desiderata Software, Enhydra Server from, and GlassFish from Oracle. Commercial Java app servers include WebLogic by Oracle, WebSphere from IBM and the open source JBoss Enterprise Application Platform (JBoss EAP) by Red Hat.

Share tech news, updates, or what's on your mind.

Sign up to Post

We get a lot of repeated errors in Weblogic logs that seem to start at about the same time as when a non-credential (& non-bruteforce) external penetration testing (using Nessus) started:

<Jan 15, 2019 5:12:36 AM SGT> <Warning> <Socket> <BEA-000450> <Socket 1,544 internal data record unavailable (probable closure due idle timeout), event re
ceived -32>
<Jan 15, 2019 5:12:36 AM SGT> <Warning> <Socket> <BEA-000450> <Socket 1,546 internal data record unavailable (probable closure due idle timeout), event re
ceived -32>
Hibernate: SELECT AAAA_CO_CD  from YYYYYY_COMPANY  where CO_CD = ?
Above link (which I don't have a login to Oracle) appears to indicate load testing could trigger BEA-000450 errors :
Anyone encountered this?

a) how can the penetration test proceed further?  By limiting the non-intrusive scan to 1 thread (we've reduced from 10 to 5)?
b) is there any patch or ways to fix this?
C++ 11 Fundamentals
LVL 12
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

We have found Apache Struts Ver 1.x (yes, these are obsolete versions) bundled
with our Oracle Weblogic & Tomcat (& possibly in Oracle Financials which we're

Our apps colleagues said the applications don't make use of the Struts (though
we can't say with 100% certainty if any of the apps modules developed by past
app developers who had left did call the struts.jar).

Does the presence of struts.* mean we are vulnerable or WL or Tomcat have to
call them (or in the codes, there are references to struts) for it to be vulnerable?

What's the best practice?  To deinstall struts (since our apps colleagues said it's
not being used) or to upgrade to current version that offers patches (& keep
patching them)?

To deinstall struts for WL, Tomcat & Oracle Financials, do we just remove the
struts.* files or is there a recommended way to deinstall?  We're on Solaris
10 and RHEL6
hi am having this error when starting intergrated weblogic in in window 7 64 bit

[Waiting for the domain to finish building...]
[06:34:01 PM] IntegratedWebLogicServer Domain is invalid.  Regenerating it...
[06:34:05 PM] Creating IntegratedWebLogicServer Domain...
[06:35:28 PM] ERROR:  An error occurred while building the default domain.
Please see this log file for more details:
The Server Instance cannot be started because the IntegratedWebLogicServer Domain was not built successfully.

Adding environment variable to WLST script USER_MEM_ARGS = -Xms32m -Xmx1024m -XX:MaxPermSize=384m
Log File:      C:\Users\rdp\AppData\Roaming\JDeveloper\system12.\o.j2ee.adrs\BuildDefaultDomain.log
Label:         JDEVADF_12.2.1.PATCHSETS_GENERIC_170820.0914.S
Product Home:  C:\jdeveloper12\jdeveloper\jdev\
Domain:        C:\Users\rdp\AppData\Roaming\JDeveloper\system12.\DefaultDomain      2018-12-20 18:34:05

cmd.exe /c ""C:\jdeveloper12\oracle_common\common\bin\wlst.cmd" "C:\Users\rdp\AppData\Roaming\JDeveloper\system12.\o.j2ee.adrs\""
Process started
wlst > Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option MaxPermSize; support was removed in 8.0
wlst > 
wlst > Initializing WebLogic Scripting Tool (WLST) ...
wlst > 
wlst > WARNING: An …

We are facing issues of transaction declines on our Application Server. After running netstat -ano it is observed that there are many entries find out with "Time_Wait" status. This server has Apache, Java Middleware, Switch & ActiveMQ components installed on it. The transactions are high in volume approximately 2.5 million per day.

We want to know any parameters needs to be checked on registry or in Application to troubleshoot this issue.

I created a  JSP page to upload files from this  example:

I followed this to the T and it comes back with this error message after I click on upload. I have enclosed the complete source int the ZIP with the pom file

Here is the error:

HTTP Status 500 – Internal Server Error
Type Exception Report

Message Error instantiating servlet class [FileUploadHandler]

Description The server encountered an unexpected condition that prevented it from fulfilling the request.


javax.servlet.ServletException: Error instantiating servlet class [FileUploadHandler]
WildFly Full 12.0.0.Final (WildFly Core 4.0.0.Final) - java.lang.OutOfMemoryError: Java heap space Error and crashes.

OS: Centos 7
Java: JDK 8

Problem: Everyday in peak hours, server is stop responding. Getting HEAP error.

JVM OPTS used:
-server -XX:+DoEscapeAnalysis -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:+ExplicitGCInvokesConcurrent -XX:CMSInitiatingOccupancyFraction=80 -XX:CMSIncrementalSafetyFactor=20 -XX:+UseCMSInitiatingOccupancyOnly -verbose:gc -Xloggc:gc.log.`date +%Y%m%d%H%M%S` -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCApplicationStoppedTime -XX:+UseCompressedOops -XX:+UseCompressedClassPointers -XX:CompressedClassSpaceSize=2048M -XX:MetaspaceSize=2048M -XX:MaxMetaspaceSize=2048M -Xmx16G -Xms16G

Open in new window

2018-11-26 09:05:35,740 ERROR [org.jboss.threads.errors] (default task-41) Thread Thread[default task-41,5,main] threw an uncaught exception: java.lang.OutOfMemoryError: Java heap space

2018-11-26 09:08:10,951 ERROR [org.jboss.threads.errors] (default task-12) Thread Thread[default task-12,5,main] threw an uncaught exception: java.lang.OutOfMemoryError: Java heap space

2018-11-26 09:04:21,639 ERROR [org.jboss.threads.errors] (default task-4) Thread Thread[default task-4,5,main] threw an uncaught exception: java.lang.OutOfMemoryError: Java heap space

2018-11-26 09:08:10,950 ERROR [org.jboss.threads.errors] (default task-30) Thread 

Open in new window

How to read real-time cancel appointment in the calendar using Exchanged server managed API
Getting below error: The specified object was not found in the store.
        at com.docasap.ihub.exchangeserverengine.handler.e2d.StreamingAppointmentsHandler.notificationEventDelegate(
I want to take me straight to the java app.
What do I need to do to make that happen? takes me to the Tomcat GUI. takes me to the java app.

i'm using this conf file.  It's the only site enabled.
ProxyRequests off
ProxyPreserveHost on
ProxyPass /
ProxyPassReverse /

The usual stuff. This is not enabled.
<VirtualHost *80>
#ServerName  commented out.
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR]/error.log
CustomLog $[APACHE_LOG_DIR]/access.log combined

#vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Java 1.8.0
Tomcat 9.0.12
Apache 2.4
Debian 9.5

I have read doc's from Apache, and several from Digital Ocean, and others.
I just don't get it.
Hi All,

How to copy some rows of data from excel sheet to new excel sheet in mac using java and if possible throw mail with the attachment of new excel sheet?

Note: Mac office 2011

Whi can iam confirm a java script in any other mobile device and any other emaaddress and run it confidentialy please suggest me that what is the process to run the files that can,t be support the device.thease are the files mean java files or non supported files system can,t be display like zip files,axp,jpg,txt,docx,xisx,pdf,or more forms files.or a video format files that can be have to downloaded queue but system does not support to play and run thank you again
Amazon Web Services
LVL 12
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

please advise the clear steps..
How to make log rotation by file size in apache-tomcat
I have a java project(using struts) running under weblogic app server in production without any problem. however, after i migrate it to the Tomcat app server, it always report the following error message for a specific action.

Error creating form bean of class org.apache.commons.beanutils.LazyDynaBean
java.lang.NoClassDefFoundError: org/apache/commons/validator/ValidatorException
      at org.apache.struts.config.FormBeanConfig.createActionForm(
      at org.apache.struts.util.RequestUtils.createActionForm(
      at org.apache.struts.util.RequestUtils.createActionForm(

the tomcat server enviroment is below:

[root@server85 logs]# cat catalina.out 
01-Sep-2018 19:25:25.637 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/9.0.5
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Feb 6 2018 21:42:23 UTC
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            4.1.12-94.3.9.el7uek.x86_64
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          

Open in new window

What's the criteria / justifications for installing a WAF?
We were asked why there's a need & justify.

So if we have a web server that is served to the public/Internet,
that's when we need one or even if there's applications server
such as java app servers (eg: Weblogic, Glassfish, JBoss), it's
applicable as well?

Or as long as there's "Web application servers", WAF is
applicable & what's a "Web application servers"

It's basically to circumvent applications vulnerabilities (eg: those
listed by OWASP)?  

If applications are already coded strictly according to Secure
Coding (XSS, injection, CSRF, inputs validation, ...), do we still
need a WAF?  I've heard WAF protects against DDoS as well
but the ISP we hosted our web services already offerred
DDoS protection
Hi all,

I have problem to display my PDF file in an existing popup window using spring framework. The workflow is when I click a button from the main page, it popups a new window (child) and showing progress status. After the file finished generating, I set the view in controller and return to jsp. However, the PDF file displays (using DefaultResourceLoader and response.flushBuffer) in the main page instead of the popup window. I want to show in popup. Anything wrong? How can I specify which window the PDF should be displayed?

Please help. Thanks.
how to configure SSL for JBOSS EAP 7.1 in domain.xml
Hi Expert,

I'm getting below Oracle Web-logic application error could anybody please guide me how to fix it!

subsystem is initializing on Server WebWORKS6.>
####<Aug 2, 2018 1:09:38 PM GMT> <Info> <Store> <trpridrps1app6> <WebWORKS6> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1533215378092> <BEA-280008> <Opening the persistent file store "WLS_DIAGNOSTICS" for recovery: directory=D:\Manu\IDRPPSA\srvr6\config\JDADomain\servers\WebWORKS6\data\store\diagnostics requestedWritePolicy="Disabled" fileLockingEnabled=true driver="wlfileio3".>
####<Aug 2, 2018 1:09:38 PM GMT> <Critical> <WebLogicServer> <trpridrps1app6> <WebWORKS6> <Main Thread> <<WLS Kernel>> <> <> <1533215378108> <BEA-000386> <Server subsystem failed. Reason: java.lang.NullPointerException
       at weblogic.diagnostics.archive.DiagnosticStoreRepository.getStore(
       at …

-XX:MaxPermSize=4g \
-Xms8g \
-Denv=live \
-DcreditpalEnv=live \ \ \ \ \ \ \  \ \"

I need to add an additional keyStoreType which will be PKCS7.


-XX:MaxPermSize=4g \
-Xms8g \
-Denv=live \
-DcreditpalEnv=live \ \ \ \ \ \ \ \ \  \ \"

Will the proposed config changes cause any issues?
To hire android app developers, you need to know if the person you are looking for is suited for the job. When you surf the web for “Android app developers for hire” or anything close to that you will find results listing sites where programmers and their data and background is already included.

Expert Comment

by:Jake Lees
Comment Utility
good information
Hi Team,

According to my work, I have to run 7000+ sql statements in DB2 .I have the java code of the same.But by default DB2 java can only run 1338 dynamic statements at one time.
So what I was doing that Split the input data (7000 + ) into mulitiple txt files and run program more than 7 times .Each time I have to change the input path file.

Now  instead of running program 7+ times and manually changing input path everytime,I m trying to dynamically read all the input files from that folder.
Here I am attaching a part of my program only..only the method to read input file.
Below is the code for single input file case. Assume I have files named as a.txt,b.txt,c.txt.....etc.
Text file contains data in the below format:-
Existing code which executes fine  for single input file

declared input file path
static String fileName="C:\\Users\\john\\Desktop\\policies.txt";

Open in new window

main method.
 public static void main(String[] args)
    Pre pd = new Pre();

//other methods as a part of my work

Open in new window

read+policy method
public void read_Policy_list_file (String fileName)
				BufferedReader br = new BufferedReader(new FileReader(fileName));
				try {
				    StringBuilder sb = new StringBuilder();
				    String line = br.readLine();

				    while (line != null) 

Open in new window

Angular Fundamentals
LVL 12
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.


I need to get the values of attributes of VMM config for WebSphere Application Server 8.5.5 ND cells. Looking in the wimconfig.xml file, I can see the attributes/values needed, but no corresponding config types/IDs. The attributes don't map to AdminConfig object types, so the showAttribute command can't be used.

For example:

    <config:repositories xsi:type="config:FileRepositoryType" adapterClassName="" id="InternalFileRepository" supportPaging="false" messageDigestAlgorithm="SHA-1">
       <config:baseEntries name="o=defaultWIMFileBasedRealm"/>
     <config:repositories xsi:type="config:LdapRepositoryType" adapterClassName="" id="USER_REPO" isExtIdUnique="true" supportAsyncMode="false" supportExternalName="false" supportPaging="false" supportSorting="false" supportTransactions="false" supportChangeLog="none" certificateFilter="" certificateMapMode="exactdn" ldapServerType="AD" translateRDN="false">
       <config:baseEntries name="o=USER_REPOAA" nameInRepository="DC=example,DC=domain,DC=com"/>
       <config:ldapServerConfiguration primaryServerQueryTimeInterval="15" returnToPrimaryServer="true" sslConfiguration="CellDefaultSSLSettings">
         <config:ldapServers authentication="simple" bindDN="CN=BIND001, OU=Bind Accounts, OU=Admin Accounts, OU=Middleware, DC=example, DC=domain, …
I was making a spring web application. Where there are lot of handlers for GET request etc.
One thing came to my mind -
Suppose I make a GET request from my chrome browser from a particular tab.
And then in the response i add some values which gets back to this same chrome tab and machine.
How exactly does that happen.
How does a response object gets linked to a particular tab in a chrome broswer.

Also is it possible to send a response object without receiving a request object from spring to a particular machine and application.
I guess it should not be possible... But what makes it impossible.
I am getting
HTTP Status 404 - /host-manager/html

type Status report

message /host-manager/html

description The requested resource is not available.
Apache Tomcat/8.0.32 (Ubuntu)

error while handling apache tomcat
How to Disable OPTIONS Method in GlassFish 3.1 or Payara  while scaning the project, acunetix give the vulnerabilities. Issue is : OPTIONS method is enabled. i'm not tried any solution previously. what is the problem if OPTIONS method is enabled.
How to Disable OPTIONS Method in GlassFish 3.1 or Payara
Can an application use a JDBC driver that can contain the IP to both a primary and Standby instnace, so that the client can switch to standby if the primary IP is no longer reachable.

Or is there some other way an application can perform this

We are using an Oracle DB (Data Guard, primary and standby), but I am asking this from a client application failover to the correct DB instance, as opposed to a db failover

Java App Servers

Java application servers that support the Java EE platform and features include JOnAS from Object Web, WildFly (formerly JBoss AS) from JBoss, Geronimo from Apache, TomEE from Apache, Resin Java Application Server from Caucho Technology, Blazix from Desiderata Software, Enhydra Server from, and GlassFish from Oracle. Commercial Java app servers include WebLogic by Oracle, WebSphere from IBM and the open source JBoss Enterprise Application Platform (JBoss EAP) by Red Hat.