RE: java
Chris, With jdk 1.8.0.45 our ldap communication is giving results. As soon as we change tomcat to use jdk1.8.0_51, I am getting below exception. I am not sure security changes in jdk 1.8.0_51 preventing the ldap certificate loaded in cacerts in java not communicating properly to our ldap server. People managing ldap are mainframe people in our company. I am not able to find root cause so that I can give better explanation to them. Thanks Ambica. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, July 15, 2016 3:52 PM To: Tomcat Users ListSubject: Re: java -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ambica, On 7/15/16 3:41 PM, Sanka, Ambica wrote: > Chris, Seems attachment was not sent properly. Here is the trace > SEVERE: Naming Exception > occuredjavax.naming.ServiceUnavailableException: > ldap.atpco.net:636; socket closed; remaining name > 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' > javax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket > closed; remaining name > 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' at > com.sun.jndi.ldap.Connection.readReply(Connection.java:449) at > com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640) at > com.sun.jndi.ldap.LdapClient.search(LdapClient.java:563) at > com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at > com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) at > com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCont ext.java:392) > > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompos iteDirContext.java:358) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialComp ositeDirContext.java:341) > > at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:2 67) > at > net.atpco.tomcat.racf.service.RacfLDAPService.createLdapInitContext(Ra cfLDAPService.java:98) > > at net.atpco.tomcat.racf.service.TestRacfService.main(TestRacfService.java: 14) > Jul 15, 2016 3:24:45 PM > net.atpco.tomcat.racf.service.TestRacfService main INFO: Exception > occuredjava.lang.Exception: Naming Exception occured That stack trace doesn't seem to have any Tomcat code in it. I'm not saying there isn't a Tomcat-related problem. The core problem seems to be "ServiceUnavailableException". It the LDAP service in fact available? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXiT72AAoJEBzwKT+lPKRYiGgQALMrc+/0VcX7SfakY4Hy3Oo4 39bMSvvpCk0NyfvVg/6bFzD7+YiDg/keZK9yfrP1d5M7gx19S4Z52QfQDXU88YGw AAXLxMBYhMjzfe1HpJEwC3Cone6hRRBrTJRbqi+xQBtnCcwsnacrImRv0ew88YJt Yi1iL6ItoQv0jvYYuMvqzaDGZ/QTZPtpdyixbhn0o4uqNosZBRHlh36OE7KE9k9I sbP4kb9LpKJkXbaa2mpkjV58i+gn8H/vI2qZF6sVCvA424LHl7VXmfTUQwoOwqSe MBiWovK8K6Jo+SmmMwi5gVvzbDZ4KjAVjTcOC8uACACrwnyP+4wD4IdVKyCB/GLw c7jdmdDZXVQGFWjfI6EsqilRHY/MX8xr1N1Y073Uo9WoanEpFRGfa6FQviSlJ8v8 zcdjslRCTadkCP8cyXflNX+q/AlZmbT83k/Oicnd+HIKrMj7i4u3BSbdqNgEp3qg lkIw7cGvcN+sE4NxqI/rQ9keYZ7G+AJDmGdthYSOQRprE3H+fgrzGLSjxjNL13D6 Wgp+4psqjv+DwdXkJAG1ipzFJHEu16fl/Gi6D1OF3m5KDzRxX0tFld0RSCK956s1 9MVymExa7Gj1fjkOt0ZfLQ+SRWOWbz5OQuec22ImVbjv1DT8+o8ysFQEVQbgZR3/ qBKkFL1ba2qweVE3gibt =HtRv -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ambica, On 7/15/16 3:41 PM, Sanka, Ambica wrote: > Chris, Seems attachment was not sent properly. Here is the trace > SEVERE: Naming Exception > occuredjavax.naming.ServiceUnavailableException: > ldap.atpco.net:636; socket closed; remaining name > 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' > javax.naming.ServiceUnavailableException: ldap.atpco.net:636; > socket closed; remaining name > 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' at > com.sun.jndi.ldap.Connection.readReply(Connection.java:449) at > com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640) at > com.sun.jndi.ldap.LdapClient.search(LdapClient.java:563) at > com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at > com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) at > com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCont ext.java:392) > > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompos iteDirContext.java:358) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialComp ositeDirContext.java:341) > > at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:2 67) > at > net.atpco.tomcat.racf.service.RacfLDAPService.createLdapInitContext(Ra cfLDAPService.java:98) > > at net.atpco.tomcat.racf.service.TestRacfService.main(TestRacfService.java: 14) > Jul 15, 2016 3:24:45 PM > net.atpco.tomcat.racf.service.TestRacfService main INFO: Exception > occuredjava.lang.Exception: Naming Exception occured That stack trace doesn't seem to have any Tomcat code in it. I'm not saying there isn't a Tomcat-related problem. The core problem seems to be "ServiceUnavailableException". It the LDAP service in fact available? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXiT72AAoJEBzwKT+lPKRYiGgQALMrc+/0VcX7SfakY4Hy3Oo4 39bMSvvpCk0NyfvVg/6bFzD7+YiDg/keZK9yfrP1d5M7gx19S4Z52QfQDXU88YGw AAXLxMBYhMjzfe1HpJEwC3Cone6hRRBrTJRbqi+xQBtnCcwsnacrImRv0ew88YJt Yi1iL6ItoQv0jvYYuMvqzaDGZ/QTZPtpdyixbhn0o4uqNosZBRHlh36OE7KE9k9I sbP4kb9LpKJkXbaa2mpkjV58i+gn8H/vI2qZF6sVCvA424LHl7VXmfTUQwoOwqSe MBiWovK8K6Jo+SmmMwi5gVvzbDZ4KjAVjTcOC8uACACrwnyP+4wD4IdVKyCB/GLw c7jdmdDZXVQGFWjfI6EsqilRHY/MX8xr1N1Y073Uo9WoanEpFRGfa6FQviSlJ8v8 zcdjslRCTadkCP8cyXflNX+q/AlZmbT83k/Oicnd+HIKrMj7i4u3BSbdqNgEp3qg lkIw7cGvcN+sE4NxqI/rQ9keYZ7G+AJDmGdthYSOQRprE3H+fgrzGLSjxjNL13D6 Wgp+4psqjv+DwdXkJAG1ipzFJHEu16fl/Gi6D1OF3m5KDzRxX0tFld0RSCK956s1 9MVymExa7Gj1fjkOt0ZfLQ+SRWOWbz5OQuec22ImVbjv1DT8+o8ysFQEVQbgZR3/ qBKkFL1ba2qweVE3gibt =HtRv -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: java
Chris, Seems attachment was not sent properly. Here is the trace SEVERE: Naming Exception occuredjavax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket closed; remaining name 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' javax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket closed; remaining name 'racfid=X,profiletype=user,cn=RACFLDAP,c=us' at com.sun.jndi.ldap.Connection.readReply(Connection.java:449) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:563) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at net.atpco.tomcat.racf.service.RacfLDAPService.createLdapInitContext(RacfLDAPService.java:98) at net.atpco.tomcat.racf.service.TestRacfService.main(TestRacfService.java:14) Jul 15, 2016 3:24:45 PM net.atpco.tomcat.racf.service.TestRacfService main INFO: Exception occuredjava.lang.Exception: Naming Exception occured Thanks Ambica. -Original Message- From: Sanka, Ambica [mailto:asa...@atpco.net] Sent: Friday, July 15, 2016 3:30 PM To: Tomcat Users ListSubject: RE: java Chris, Thank you for the quick response. Please see the attached for the stack trace. Thanks Ambica. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2016 8:59 PM To: Tomcat Users List Subject: Re: java -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ambica, On 7/14/16 4:31 PM, Sanka, Ambica wrote: > Does anyone facing issues with security from jdk1.8.0_51 onwards? > We wrote a Valve in tomcat that connects to our ldap and gets user > roles and groups. We connect ldap through ssl certificate. Our ldap > ssl Certificate is working fine till jdk1.8.0_45. From jdk1.8.0_51 , > our applications are failing with below error > > SEVERE: Naming Exception occured > javax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket > closed; remaining name > > I also posted this question in java community. But no response. Can you post the full stack trace? It also looks like the full error message is being truncated: "remaining name" looks like it's incomplete. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAleINUUACgkQ9CaO5/Lv0PA/+wCcDpVgXGxY5FCFUn/pWN2SMJbk 2rAAn3/f9EpIvtFAN8v81pwJTTjeNeiY =Qkh7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: java
Chris, Thank you for the quick response. Please see the attached for the stack trace. Thanks Ambica. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2016 8:59 PM To: Tomcat Users ListSubject: Re: java -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ambica, On 7/14/16 4:31 PM, Sanka, Ambica wrote: > Does anyone facing issues with security from jdk1.8.0_51 onwards? > We wrote a Valve in tomcat that connects to our ldap and gets user > roles and groups. We connect ldap through ssl certificate. Our ldap > ssl Certificate is working fine till jdk1.8.0_45. From jdk1.8.0_51 , > our applications are failing with below error > > SEVERE: Naming Exception occured > javax.naming.ServiceUnavailableException: ldap.atpco.net:636; socket > closed; remaining name > > I also posted this question in java community. But no response. Can you post the full stack trace? It also looks like the full error message is being truncated: "remaining name" looks like it's incomplete. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAleINUUACgkQ9CaO5/Lv0PA/+wCcDpVgXGxY5FCFUn/pWN2SMJbk 2rAAn3/f9EpIvtFAN8v81pwJTTjeNeiY =Qkh7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
cosign
I am running an application called iDashboards on a windows server our university uses a thing called Cosign for authentication, I am wondering if anyone has had any luck getting a tomcat on windows app to work with cosing? Thanks Michelle Michelle larson Systems Administrator III Outreach Technology Services The Pennsylvania State University The 329 Bldg, Suite 311, Innovation Park University Park, PA 16802 Phone: 814-863-6612
RE: SSL/TLS and ciphers vulnerability
Hi All, Just to add to this, I also have had issues with testing SSL setups in non prod environments that are not exposed to the internet. I've been using testssl.sh for some time now and it has met my needs. https://github.com/drwetter/testssl.sh There are other open source solutions for internal scanning with a web front end like SSL Decoder, but this script works well if you are comfortable in Linux. Cheers, Robert Sulliman -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: July 15, 2016 7:49 AM To: Tomcat Users ListSubject: Re: SSL/TLS and ciphers vulnerability -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 7/14/16 9:22 PM, Christopher Schultz wrote: > Mark, > > On 7/14/16 4:14 PM, Mark Thomas wrote: >> On 14/07/2016 19:36, uzair rashid wrote: >>> Jeffrey, >>> >>> Working for a corporation that has strict ssl and security >>> requirements.. There is no way to use the tools you suggested, since >>> the tomcat URLs are not exposed. > >> That doesn't stop you setting up a stand-alone test instance using >> the same settings (with a different cert if you are especially >> paranoid) and checking those settings using the excellent ssllabs. > >> Keeping your Tomcat and JVM versions up to date will also help. >> The Tomcat team periodically reviews Tomcat's default TLS >> configuration and adjusts it accordingly. For details of the most >> recent review see: >> https://wiki.apache.org/tomcat/Security/Ciphers > > A few thoughts: > > [snip] > > 6. Qualys has a tool called ssllabs-scan available on GitHub: > https://github.com/ssllabs/ssllabs-scan/ > > [snip] > > The existence of the ssllabs-scan tool means it's also possible to > set-up automated periodic scanning of your own site(s). If you expect > to get an "A" rating and one day you aren't "A" quality any more, you > should get an alarm without having to remember to manually-run the > web-based tool when you get around to doing it. And of course, such a thing already exists: https://www.unixadm.org/nagios/check_sslscan This tool uses SSLLabs's online tool so it would be subject to the same restrictions as the web-based version (e.g. no internal hosts). - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAleI6bYACgkQ9CaO5/Lv0PDDlgCgprkU2h++wmgOafv+mYsTwZOr iikAnRyy1gBncREDypbnvb7sk27fypid =Q6bW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Re: SSL/TLS and ciphers vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 7/14/16 9:22 PM, Christopher Schultz wrote: > Mark, > > On 7/14/16 4:14 PM, Mark Thomas wrote: >> On 14/07/2016 19:36, uzair rashid wrote: >>> Jeffrey, >>> >>> Working for a corporation that has strict ssl and security >>> requirements.. There is no way to use the tools you suggested, >>> since the tomcat URLs are not exposed. > >> That doesn't stop you setting up a stand-alone test instance >> using the same settings (with a different cert if you are >> especially paranoid) and checking those settings using the >> excellent ssllabs. > >> Keeping your Tomcat and JVM versions up to date will also help. >> The Tomcat team periodically reviews Tomcat's default TLS >> configuration and adjusts it accordingly. For details of the >> most recent review see: >> https://wiki.apache.org/tomcat/Security/Ciphers > > A few thoughts: > > [snip] > > 6. Qualys has a tool called ssllabs-scan available on GitHub: > https://github.com/ssllabs/ssllabs-scan/ > > [snip] > > The existence of the ssllabs-scan tool means it's also possible to > set-up automated periodic scanning of your own site(s). If you > expect to get an "A" rating and one day you aren't "A" quality any > more, you should get an alarm without having to remember to > manually-run the web-based tool when you get around to doing it. And of course, such a thing already exists: https://www.unixadm.org/nagios/check_sslscan This tool uses SSLLabs's online tool so it would be subject to the same restrictions as the web-based version (e.g. no internal hosts). - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAleI6bYACgkQ9CaO5/Lv0PDDlgCgprkU2h++wmgOafv+mYsTwZOr iikAnRyy1gBncREDypbnvb7sk27fypid =Q6bW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How do I start and stop just the tomcat admin application from a command line?
On 7/14/2016 9:54 PM, Christopher Schultz wrote: > Paul, > > On 7/14/16 12:43 PM, Paul Roubekas wrote: > > How do I start and stop just the tomcat admin application from a > > command line? I had someone try to guess the password to my > > Tomee-Plume server last night. Thankfully I changed the default > > password and the hacker only tried twice. > > Note that there is no default password in current Tomcat versions. > > > I want to be able to keep the admin application closed most of the > > time. On the rare occasion that I need access to the tomcat admin > > console I would like to start it up only for a brief period of time > > and then stop it. Internet searches showed me how to stop other > > applications using the tomcat admin application. I want to stop > > just the Tomcat admin application not the whole server. > > $ rm -rf webapps/manager > > Or, if you want to be able to put it back: > > $ mv webapps/manager . > > That's if you have autodeployment enabled. If you don't, you'll have > to use the manager to undeploy itself. They you're stuck, because you > can't re-deploy it. > > A better solution might be to use the RemoteAddrValve to restrict > access to the manager application to a select IP range. The default > configuration for it (shipped disabled) in the > manager/META-INF/context.xml restricts access to localhost, but it can > easily be extended to your own local subnet e.g. > "192\.168\.\d+\.\d+|10\.0\.\d+\.\d+", etc. Yes, this is a better solution. It has been implemented. > > -chris Thank you very much Chris signature.asc Description: OpenPGP digital signature
Re: Facing issue while configuring SSL
Román, On 15.7.2016 5:01, Román Valoria wrote: The SSL Certificate was created using the wrong FQDN, which meant that the hostname to IP address resolution done by the browser was failing. The telnet command was done using the wrong FQDN, while openssl using localhost. On top of that, since the FQDN to IP was not working, Devendra had created a host alias in the local host file, which further complicated troubleshooting. Great. Thanks for detailed feedback. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk errors
Am 12.07.2016 um 19:44 schrieb Wayne Li: Hi, I have a servlet/jsp application running on tomcat 7.0.47. There are no static html files. Now I am try to use apache 2.4.7 (Ubuntu) as the front and forward eveything to tomcat. I installed mod_jk using Ubuntu's software center.. Things are working. But I have errors in /var/log/apache2/mod_jk.log: [Mon Jul 11 20:19:32.261 2016] [1175:140389159810944] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized [Mon Jul 11 20:19:32.279 2016] [1175:140389159810944] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing. [Mon Jul 11 20:19:32.279 2016] [1175:140389159810944] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing. [Mon Jul 11 20:19:32.386 2016] [1177:140389159810944] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized [Mon Jul 11 20:19:32.386 2016] [1177:140389159810944] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing. [Mon Jul 11 20:19:32.386 2016] [1177:140389159810944] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing. If I add the following lines, the errors go away: worker.list=jk-status worker.jk-status.type=status worker.jk-status.read_only=true worker.list=jk-manager worker.jk-manager.type=status But the added line read funny. The same thing appears on the left-side of the equal sign twice. Are they correct? Do I need these lines? Can I ignore the errors? Any information would be appreciated. Thanks in advance. In addition to André's excellent tutorial: mod_jk knows that some properties configured via workers.properties take (comma-separated) lists as values. Since sometimes maintaining these lists is error-prone, it allows you to define the properties multiple times and will collect all given values into one big list. That makes maintaining hte list a more modular job. In your case the following is exactly equivalent: Either: worker.list=jk-status,jk-manager,myworker Or: worker.list=jk-status #Some more config items concerning jk-status worker.list=jk-manager #Some more config items concerning jk-manager worker.list=myworker #Some more config items concerning myworker In both cases the internal value of worker.list after parsing the complete file will be "jk-status,jk-manager,myworker". So what look a bit funny to you was supposed to be helpful ;) Can you ignore the errors: No. - If you don't want the jk-status and/or jk-manager worker features, then look for the JkMount directives where you referenced them (or entried in a uriworkermap.properties file but that's rarely used). - If you want to use the jk-status and/or jk-manager workers, you need to define them in workers.properties like you did above. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Http POST request is getting tempered in Tomcat7
Hello Tomcat Team, Thanks for your always support !! We have a Struts 2 application with Tomcat 7 that runs on a proxy network. In one partcular case while browsing the application it was observed that simply navigating one particular screen multiple times raised a NoSuchMethodException exception once. This was observed in IE-10 browser running on Windows 8. It was occuring on a single system only and could not be reproduced on other systems.. The request as obatined in Tomcat catalina logs is as follows: 192.168.103.105 - - [14/Jul/2016:15:41:54 +] "POST /application/framework/SessionAction.action HTTP/1.1" 200 105 192.168.103.105 - - [14/Jul/2016:15:41:54 +] "POST /application/framework/SessionAction.action HTTP/1.1" 200 105 192.168.103.105 - - [14/Jul/2016:15:41:55 +] "CHEDFLAG=TRUEPOST /application/framework/SessionAction.action HTTP/1.1" 200 58209 Also when used Internet Explorer to debug the request we get the following details for the problem scenario: Request Headers Key Value Request POST http://192.168.133.120/Myapp/application/rpc_SessionAction.action HTTP/1.1 Referer http://192.168.133.120:8585/application/ Content-Type application/x-www-form-urlencoded X-Requested-With XMLHttpRequest Accept application/json, text/javascript, / Accept-Language en-IN,en;q=0.8,ja;q=0.6,zh-Hans-CN;q=0.4,zh-Hans;q=0.2 Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) Host 192.168.133.120:8585 Content-Length 26 DNT 1 Proxy-Connection Keep-Alive Pragma no-cache Cookie JSESSIONID=7FE4DE04F3558B46B7D8252645ABFB5A; JSESSIONID=D4FD5A0D120AD35414A4E16C406DD06F Request Body method=fetch=tmpVal Response Headers Key Value Response HTTP/1.0 200 OK Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Date Thu, 14 Jul 2016 15:41:55 GMT X-Cache MISS from gateway1 X-Cache-Lookup MISS from gateway1 Via 1.0 gateway1 This request in the Struts filter gives null entry set. Why does the POST request get changed in this case and also entry set bencomes null? Regards, Rahul Kumar Singh