RE: java

[Sanka, Ambica]

Chris,
With jdk 1.8.0.45 our ldap communication is giving results. As soon as we 
change tomcat to use jdk1.8.0_51, I am getting below exception. I am not sure 
security changes in jdk 1.8.0_51 preventing the ldap certificate loaded in 
cacerts in java not communicating properly to our ldap server. People managing 
ldap are mainframe people in our company. I am not able to find root cause so 
that I can give better explanation to them.
Thanks
Ambica.

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Friday, July 15, 2016 3:52 PM
To: Tomcat Users List 
Subject: Re: java

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ambica,

On 7/15/16 3:41 PM, Sanka, Ambica wrote:
> Chris, Seems attachment was not sent properly. Here is the trace
> SEVERE: Naming Exception
> occuredjavax.naming.ServiceUnavailableException:
> ldap.atpco.net:636; socket closed; remaining name 
> 'racfid=X,profiletype=user,cn=RACFLDAP,c=us'
> javax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket 
> closed; remaining name 
> 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' at
> com.sun.jndi.ldap.Connection.readReply(Connection.java:449) at
> com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640) at
> com.sun.jndi.ldap.LdapClient.search(LdapClient.java:563) at
> com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at
> com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) at
> com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) at 
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCont
ext.java:392)
>
> 
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompos
iteDirContext.java:358)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialComp
ositeDirContext.java:341)
>
> 
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:2
67)
> at
> net.atpco.tomcat.racf.service.RacfLDAPService.createLdapInitContext(Ra
cfLDAPService.java:98)
>
> 
at
net.atpco.tomcat.racf.service.TestRacfService.main(TestRacfService.java:
14)
> Jul 15, 2016 3:24:45 PM
> net.atpco.tomcat.racf.service.TestRacfService main INFO: Exception
> occuredjava.lang.Exception: Naming Exception occured

That stack trace doesn't seem to have any Tomcat code in it.

I'm not saying there isn't a Tomcat-related problem.

The core problem seems to be "ServiceUnavailableException". It the LDAP service 
in fact available?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXiT72AAoJEBzwKT+lPKRYiGgQALMrc+/0VcX7SfakY4Hy3Oo4
39bMSvvpCk0NyfvVg/6bFzD7+YiDg/keZK9yfrP1d5M7gx19S4Z52QfQDXU88YGw
AAXLxMBYhMjzfe1HpJEwC3Cone6hRRBrTJRbqi+xQBtnCcwsnacrImRv0ew88YJt
Yi1iL6ItoQv0jvYYuMvqzaDGZ/QTZPtpdyixbhn0o4uqNosZBRHlh36OE7KE9k9I
sbP4kb9LpKJkXbaa2mpkjV58i+gn8H/vI2qZF6sVCvA424LHl7VXmfTUQwoOwqSe
MBiWovK8K6Jo+SmmMwi5gVvzbDZ4KjAVjTcOC8uACACrwnyP+4wD4IdVKyCB/GLw
c7jdmdDZXVQGFWjfI6EsqilRHY/MX8xr1N1Y073Uo9WoanEpFRGfa6FQviSlJ8v8
zcdjslRCTadkCP8cyXflNX+q/AlZmbT83k/Oicnd+HIKrMj7i4u3BSbdqNgEp3qg
lkIw7cGvcN+sE4NxqI/rQ9keYZ7G+AJDmGdthYSOQRprE3H+fgrzGLSjxjNL13D6
Wgp+4psqjv+DwdXkJAG1ipzFJHEu16fl/Gi6D1OF3m5KDzRxX0tFld0RSCK956s1
9MVymExa7Gj1fjkOt0ZfLQ+SRWOWbz5OQuec22ImVbjv1DT8+o8ysFQEVQbgZR3/
qBKkFL1ba2qweVE3gibt
=HtRv
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ambica,

On 7/15/16 3:41 PM, Sanka, Ambica wrote:
> Chris, Seems attachment was not sent properly. Here is the trace 
> SEVERE: Naming Exception
> occuredjavax.naming.ServiceUnavailableException:
> ldap.atpco.net:636; socket closed; remaining name
> 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' 
> javax.naming.ServiceUnavailableException: ldap.atpco.net:636;
> socket closed; remaining name
> 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' at
> com.sun.jndi.ldap.Connection.readReply(Connection.java:449) at
> com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640) at
> com.sun.jndi.ldap.LdapClient.search(LdapClient.java:563) at
> com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at
> com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) at
> com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCont
ext.java:392)
>
> 
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompos
iteDirContext.java:358)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialComp
ositeDirContext.java:341)
>
> 
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:2
67)
> at
> net.atpco.tomcat.racf.service.RacfLDAPService.createLdapInitContext(Ra
cfLDAPService.java:98)
>
> 
at
net.atpco.tomcat.racf.service.TestRacfService.main(TestRacfService.java:
14)
> Jul 15, 2016 3:24:45 PM
> net.atpco.tomcat.racf.service.TestRacfService main INFO: Exception
> occuredjava.lang.Exception: Naming Exception occured

That stack trace doesn't seem to have any Tomcat code in it.

I'm not saying there isn't a Tomcat-related problem.

The core problem seems to be "ServiceUnavailableException". It the
LDAP service in fact available?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXiT72AAoJEBzwKT+lPKRYiGgQALMrc+/0VcX7SfakY4Hy3Oo4
39bMSvvpCk0NyfvVg/6bFzD7+YiDg/keZK9yfrP1d5M7gx19S4Z52QfQDXU88YGw
AAXLxMBYhMjzfe1HpJEwC3Cone6hRRBrTJRbqi+xQBtnCcwsnacrImRv0ew88YJt
Yi1iL6ItoQv0jvYYuMvqzaDGZ/QTZPtpdyixbhn0o4uqNosZBRHlh36OE7KE9k9I
sbP4kb9LpKJkXbaa2mpkjV58i+gn8H/vI2qZF6sVCvA424LHl7VXmfTUQwoOwqSe
MBiWovK8K6Jo+SmmMwi5gVvzbDZ4KjAVjTcOC8uACACrwnyP+4wD4IdVKyCB/GLw
c7jdmdDZXVQGFWjfI6EsqilRHY/MX8xr1N1Y073Uo9WoanEpFRGfa6FQviSlJ8v8
zcdjslRCTadkCP8cyXflNX+q/AlZmbT83k/Oicnd+HIKrMj7i4u3BSbdqNgEp3qg
lkIw7cGvcN+sE4NxqI/rQ9keYZ7G+AJDmGdthYSOQRprE3H+fgrzGLSjxjNL13D6
Wgp+4psqjv+DwdXkJAG1ipzFJHEu16fl/Gi6D1OF3m5KDzRxX0tFld0RSCK956s1
9MVymExa7Gj1fjkOt0ZfLQ+SRWOWbz5OQuec22ImVbjv1DT8+o8ysFQEVQbgZR3/
qBKkFL1ba2qweVE3gibt
=HtRv
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: java

[Sanka, Ambica]

Chris,
Seems attachment was not sent properly. Here is the trace
SEVERE: Naming Exception occuredjavax.naming.ServiceUnavailableException: 
ldap.atpco.net:636; socket closed; remaining name 
'racfid=X,profiletype=user,cn=RACFLDAP,c=us'
javax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket closed; 
remaining name 'racfid=X,profiletype=user,cn=RACFLDAP,c=us'
at com.sun.jndi.ldap.Connection.readReply(Connection.java:449)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:563)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at 
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at 
net.atpco.tomcat.racf.service.RacfLDAPService.createLdapInitContext(RacfLDAPService.java:98)
at 
net.atpco.tomcat.racf.service.TestRacfService.main(TestRacfService.java:14)
Jul 15, 2016 3:24:45 PM net.atpco.tomcat.racf.service.TestRacfService main
INFO: Exception occuredjava.lang.Exception: Naming Exception occured

Thanks
Ambica.
-Original Message-
From: Sanka, Ambica [mailto:asa...@atpco.net] 
Sent: Friday, July 15, 2016 3:30 PM
To: Tomcat Users List 
Subject: RE: java


Chris,
Thank you for the quick response. Please see the attached for the stack trace.
Thanks
Ambica.
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Thursday, July 14, 2016 8:59 PM
To: Tomcat Users List 
Subject: Re: java

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ambica,

On 7/14/16 4:31 PM, Sanka, Ambica wrote:
> Does anyone facing issues with security from jdk1.8.0_51 onwards?
> We wrote a Valve in tomcat that connects to our ldap and gets user 
> roles and groups. We connect ldap through ssl certificate. Our ldap 
> ssl Certificate is working  fine till jdk1.8.0_45. From jdk1.8.0_51 , 
> our applications are failing with below error
> 
> SEVERE: Naming Exception occured
> javax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket 
> closed; remaining name
> 
> I also posted this question in java community. But no response.

Can you post the full stack trace? It also looks like the full error message is 
being truncated: "remaining name" looks like it's incomplete.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAleINUUACgkQ9CaO5/Lv0PA/+wCcDpVgXGxY5FCFUn/pWN2SMJbk
2rAAn3/f9EpIvtFAN8v81pwJTTjeNeiY
=Qkh7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: java

[Sanka, Ambica]

Chris,
Thank you for the quick response. Please see the attached for the stack trace.
Thanks
Ambica.
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Thursday, July 14, 2016 8:59 PM
To: Tomcat Users List 
Subject: Re: java

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ambica,

On 7/14/16 4:31 PM, Sanka, Ambica wrote:
> Does anyone facing issues with security from jdk1.8.0_51 onwards?
> We wrote a Valve in tomcat that connects to our ldap and gets user 
> roles and groups. We connect ldap through ssl certificate. Our ldap 
> ssl Certificate is working  fine till jdk1.8.0_45. From jdk1.8.0_51 , 
> our applications are failing with below error
> 
> SEVERE: Naming Exception occured
> javax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket 
> closed; remaining name
> 
> I also posted this question in java community. But no response.

Can you post the full stack trace? It also looks like the full error message is 
being truncated: "remaining name" looks like it's incomplete.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAleINUUACgkQ9CaO5/Lv0PA/+wCcDpVgXGxY5FCFUn/pWN2SMJbk
2rAAn3/f9EpIvtFAN8v81pwJTTjeNeiY
=Qkh7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

cosign

[MICHELLE RENEE LARSON]

I am running an application called iDashboards on a windows server our
university uses a thing called Cosign for authentication, I am wondering
if anyone has had any luck getting a tomcat on windows app to work with
cosing?

 

Thanks

Michelle

 

 

Michelle larson

Systems Administrator III

Outreach Technology Services

The Pennsylvania State University

The 329 Bldg, Suite 311, Innovation Park

University Park, PA 16802

Phone: 814-863-6612

 

RE: SSL/TLS and ciphers vulnerability

[Robert Sulliman]

Hi All,

Just to add to this, I also have had issues with testing SSL setups in non 
prod environments that are not exposed to the internet.

I've been using testssl.sh for some time now and it has met my needs.

https://github.com/drwetter/testssl.sh

There are other open source solutions for internal scanning with a web front 
end like SSL Decoder, but this script works well if you are comfortable in 
Linux.

Cheers,

Robert Sulliman
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: July 15, 2016 7:49 AM
To: Tomcat Users List 
Subject: Re: SSL/TLS and ciphers vulnerability

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

All,

On 7/14/16 9:22 PM, Christopher Schultz wrote:
> Mark,
>
> On 7/14/16 4:14 PM, Mark Thomas wrote:
>> On 14/07/2016 19:36, uzair rashid wrote:
>>> Jeffrey,
>>>
>>> Working for a corporation that has strict ssl and security
>>> requirements.. There is no way to use the tools you suggested, since
>>> the tomcat URLs are not exposed.
>
>> That doesn't stop you setting up a stand-alone test instance using
>> the same settings (with a different cert if you are especially
>> paranoid) and checking those settings using the excellent ssllabs.
>
>> Keeping your Tomcat and JVM versions up to date will also help.
>> The Tomcat team periodically reviews Tomcat's default TLS
>> configuration and adjusts it accordingly. For details of the most
>> recent review see:
>> https://wiki.apache.org/tomcat/Security/Ciphers
>
> A few thoughts:
>
> [snip]
>
> 6. Qualys has a tool called ssllabs-scan available on GitHub:
> https://github.com/ssllabs/ssllabs-scan/
>
> [snip]
>
> The existence of the ssllabs-scan tool means it's also possible to
> set-up automated periodic scanning of your own site(s). If you expect
> to get an "A" rating and one day you aren't "A" quality any more, you
> should get an alarm without having to remember to manually-run the
> web-based tool when you get around to doing it.

And of course, such a thing already exists:
https://www.unixadm.org/nagios/check_sslscan

This tool uses SSLLabs's online tool so it would be subject to the same 
restrictions as the web-based version (e.g. no internal hosts).

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAleI6bYACgkQ9CaO5/Lv0PDDlgCgprkU2h++wmgOafv+mYsTwZOr
iikAnRyy1gBncREDypbnvb7sk27fypid
=Q6bW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



smime.p7s
Description: S/MIME cryptographic signature

Re: SSL/TLS and ciphers vulnerability

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

All,

On 7/14/16 9:22 PM, Christopher Schultz wrote:
> Mark,
> 
> On 7/14/16 4:14 PM, Mark Thomas wrote:
>> On 14/07/2016 19:36, uzair rashid wrote:
>>> Jeffrey,
>>> 
>>> Working for a corporation that has strict ssl and security 
>>> requirements.. There is no way to use the tools you suggested, 
>>> since the tomcat URLs are not exposed.
> 
>> That doesn't stop you setting up a stand-alone test instance
>> using the same settings (with a different cert if you are
>> especially paranoid) and checking those settings using the
>> excellent ssllabs.
> 
>> Keeping your Tomcat and JVM versions up to date will also help. 
>> The Tomcat team periodically reviews Tomcat's default TLS 
>> configuration and adjusts it accordingly. For details of the
>> most recent review see:
>> https://wiki.apache.org/tomcat/Security/Ciphers
> 
> A few thoughts:
> 
> [snip]
> 
> 6. Qualys has a tool called ssllabs-scan available on GitHub: 
> https://github.com/ssllabs/ssllabs-scan/
> 
> [snip]
> 
> The existence of the ssllabs-scan tool means it's also possible to 
> set-up automated periodic scanning of your own site(s). If you
> expect to get an "A" rating and one day you aren't "A" quality any
> more, you should get an alarm without having to remember to
> manually-run the web-based tool when you get around to doing it.

And of course, such a thing already exists:
https://www.unixadm.org/nagios/check_sslscan

This tool uses SSLLabs's online tool so it would be subject to the
same restrictions as the web-based version (e.g. no internal hosts).

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAleI6bYACgkQ9CaO5/Lv0PDDlgCgprkU2h++wmgOafv+mYsTwZOr
iikAnRyy1gBncREDypbnvb7sk27fypid
=Q6bW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How do I start and stop just the tomcat admin application from a command line?

[Paul Roubekas]

On 7/14/2016 9:54 PM, Christopher Schultz wrote:
> Paul,
>
> On 7/14/16 12:43 PM, Paul Roubekas wrote:
> > How do I start and stop just the tomcat admin application from a
> > command line?  I had someone try to guess the password to my
> > Tomee-Plume server last night. Thankfully I changed the default
> > password and the hacker only tried twice.
>
> Note that there is no default password in current Tomcat versions.
>
> > I want to be able to keep the admin application closed most of the
> > time. On the rare occasion that I need access to the tomcat admin
> > console I would like to start it up only for a brief period of time
> > and then stop it.  Internet searches showed me how to stop other
> > applications using the tomcat admin application.  I want to stop
> > just the Tomcat admin application not the whole server.
>
> $ rm -rf webapps/manager
>
> Or, if you want to be able to put it back:
>
> $ mv webapps/manager .
>
> That's if you have autodeployment enabled. If you don't, you'll have
> to use the manager to undeploy itself. They you're stuck, because you
> can't re-deploy it.
>
> A better solution might be to use the RemoteAddrValve to restrict
> access to the manager application to a select IP range. The default
> configuration for it (shipped disabled) in the
> manager/META-INF/context.xml restricts access to localhost, but it can
> easily be extended to your own local subnet e.g.
> "192\.168\.\d+\.\d+|10\.0\.\d+\.\d+", etc.
Yes, this is a better solution.  It has been implemented.
>
> -chris
Thank you very much Chris



signature.asc
Description: OpenPGP digital signature

Re: Facing issue while configuring SSL

[Ognjen Blagojevic]

Román,

On 15.7.2016 5:01, Román Valoria wrote:

The SSL Certificate was created using the wrong FQDN, which meant that the
hostname to IP address resolution done by the browser was failing. The
telnet command was done using the wrong FQDN, while openssl using
localhost. On top of that, since the FQDN to IP was not working, Devendra
had created a host alias in the local host file, which further complicated
troubleshooting.


Great. Thanks for detailed feedback.

-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_jk errors

[Rainer Jung]

Am 12.07.2016 um 19:44 schrieb Wayne Li:

Hi,

I have a servlet/jsp application running on tomcat 7.0.47. There are no
static html files.
Now I am try to use apache 2.4.7 (Ubuntu)
as the front and forward eveything to tomcat. I installed mod_jk using
Ubuntu's software
center.. Things are working. But I have errors in
/var/log/apache2/mod_jk.log:

[Mon Jul 11 20:19:32.261 2016] [1175:140389159810944] [info]
init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Jul 11 20:19:32.279 2016] [1175:140389159810944] [error]
extension_fix::jk_uri_worker_map.c (564): Could not find worker with name
'jk-manager' in uri map post processing.
[Mon Jul 11 20:19:32.279 2016] [1175:140389159810944] [error]
extension_fix::jk_uri_worker_map.c (564): Could not find worker with name
'jk-status' in uri map post processing.
[Mon Jul 11 20:19:32.386 2016] [1177:140389159810944] [info]
init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Jul 11 20:19:32.386 2016] [1177:140389159810944] [error]
extension_fix::jk_uri_worker_map.c (564): Could not find worker with name
'jk-manager' in uri map post processing.
[Mon Jul 11 20:19:32.386 2016] [1177:140389159810944] [error]
extension_fix::jk_uri_worker_map.c (564): Could not find worker with name
'jk-status' in uri map post processing.

If I add the following lines, the errors go away:

worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true
worker.list=jk-manager
worker.jk-manager.type=status

But the added line read funny. The same thing appears on the left-side of
the equal sign twice.
Are they correct? Do I need these lines? Can I ignore the errors?

Any information would be appreciated. Thanks in advance.


In addition to André's excellent tutorial: mod_jk knows that some 
properties configured via workers.properties take (comma-separated) 
lists as values. Since sometimes maintaining these lists is error-prone, 
it allows you to define the properties multiple times and will collect 
all given values into one big list. That makes maintaining hte list a 
more modular job.


In your case the following is exactly equivalent:

Either:

worker.list=jk-status,jk-manager,myworker

Or:

worker.list=jk-status
#Some more config items concerning jk-status
worker.list=jk-manager
#Some more config items concerning jk-manager
worker.list=myworker
#Some more config items concerning myworker

In both cases the internal value of worker.list after parsing the 
complete file will be "jk-status,jk-manager,myworker".


So what look a bit funny to you was supposed to be helpful ;)

Can you ignore the errors: No.

- If you don't want the jk-status and/or jk-manager worker features, 
then look for the JkMount directives where you referenced them (or 
entried in a uriworkermap.properties file but that's rarely used).


- If you want to use the jk-status and/or jk-manager workers, you need 
to define them in workers.properties like you did above.


Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Http POST request is getting tempered in Tomcat7

[Rahul Singh]

Hello Tomcat Team,

Thanks for your always support !!

We have a Struts 2 application with Tomcat 7 that runs on a proxy network. In 
one partcular case while browsing the application
it was observed that simply navigating one particular screen multiple times 
raised a NoSuchMethodException exception once.

This was observed in IE-10 browser running on Windows 8. It was occuring on a 
single system only and could not be reproduced on other systems..

The request as obatined in Tomcat catalina logs is as follows:
192.168.103.105 - - [14/Jul/2016:15:41:54 +] "POST 
/application/framework/SessionAction.action HTTP/1.1" 200 105
192.168.103.105 - - [14/Jul/2016:15:41:54 +] "POST 
/application/framework/SessionAction.action HTTP/1.1" 200 105
192.168.103.105 - - [14/Jul/2016:15:41:55 +] "CHEDFLAG=TRUEPOST 
/application/framework/SessionAction.action HTTP/1.1" 200 58209

Also when used Internet Explorer to debug the request we get the following 
details for the problem scenario:

Request Headers
Key Value
Request POST http://192.168.133.120/Myapp/application/rpc_SessionAction.action 
HTTP/1.1
Referer http://192.168.133.120:8585/application/
Content-Type application/x-www-form-urlencoded
X-Requested-With XMLHttpRequest
Accept application/json, text/javascript, /
Accept-Language en-IN,en;q=0.8,ja;q=0.6,zh-Hans-CN;q=0.4,zh-Hans;q=0.2
Accept-Encoding gzip, deflate
User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; 
Trident/6.0)
Host 192.168.133.120:8585
Content-Length 26
DNT 1
Proxy-Connection Keep-Alive
Pragma no-cache
Cookie JSESSIONID=7FE4DE04F3558B46B7D8252645ABFB5A; 
JSESSIONID=D4FD5A0D120AD35414A4E16C406DD06F


Request Body
method=fetch=tmpVal

Response Headers
Key Value
Response HTTP/1.0 200 OK
Server Apache-Coyote/1.1
Content-Type text/html;charset=utf-8
Date Thu, 14 Jul 2016 15:41:55 GMT
X-Cache MISS from gateway1
X-Cache-Lookup MISS from gateway1
Via 1.0 gateway1



This request in the Struts filter gives null entry set. Why does the POST 
request get changed in this case and also entry set bencomes null?


Regards,

Rahul Kumar Singh