Re: Connector bindOnInit=false not behaving as expected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 12/1/16 5:59 PM, Christopher Schultz wrote: > All, > > I'm trying to use JMX to do things with Tomcat Connectors and > ProtocolHandlers. Specifically, I'd like to re-load the keystore > (really certificate) used for an HTTPs connection. > > I'm currently using Tomcat 8.0.30 for my testing. > > It looks like the ProtocolHandler is really the place where the > TLS configuration is taking effect, and not the Connector, so I'm > largely ignoring the Connector for now. Is that the right choice to > make, here? > > It seems that calling the pause()/resume() or stop()/start() on > the ProtocolHandler have no effect on resetting the > SSLServerSockeyFactory, which is what would be required to achieve > my goals (update a certificate for a running Tomcat instance). > > I suspect I'll have to call init(). When I do this without > specifying bindOnInit=false awful things happen. First, calling > init() gets me an error on stdout that the address is already in > use, and then it's basically not possible to restart the > ProtocolHandler after that point: it's dead as far as I can tell, > because you can't call start() or resume() without getting a whole > bunch of errors. > > Does that sound like a problem to anyone? I would think that > failure to call init() would leave the ProtocolHandler in an > uninitialized state, but I'm wondering if trying to RE-initialize > the ProtocolHandler should be something that won't damage a > previously-initialized component. When trying to script these types > of connections, having a non-destructive init() might be useful. > > So, I set bindOnInit="false" which is documented[1] to unbind on > "stop". When calling stop(), the port continues to be bound by > Tomcat. Calling stop() and then start() throws a BindException. :( > Destroying the ProtocolHandler also leaves the port still bound, > and also (unsurprisingly) destroys the ProtocolHandler. > > Stopping the Connector also does not release the port. :( Calling > stop() and then start() also throws a BindException. > > At this point, I think I'm stuck. Is there a bug here? > > I'm going to upgrade to 8.0.latest and repeat my tests, just in > case. I updated to 8.0.39 and noticed that I had moved my keystore out of the way temporarily and so the connector was failing at some point looking for that. I'll be repeating my tests with more attention to detail, but what I think I've noticed is that there are certain errors which can occur that cause the Connector to get itself into a bad state. Specifically, I think that problems with the crypto setup cause the connector to bind to the port, then fail and not unbind. Any later attempt to re-start the Connector fails because the port is still bound. I think the connector should catch (some?) exceptions and unbind the port in those cases when bindOnInit=false. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYQK0sAAoJEBzwKT+lPKRYxEcQAKOnPrSGT12lsaO+Qlk1f0iJ aUjcEcseYN74R91rd0n/vZdrWlx1pigH4bUkzJsqgxt6En14dQiw1AIgh8SY4QDe UZxq4HIunDmcVoOpuOl+GOJRlHoA4LvYIVDM8vDBXqBYt3yBgpeC0DiIB+WfQ2hS bkooGIC1Vkb1BMXv0KOI5NWZ30PoUfm1cfHuoALh1yrPJO2PPYwmaKKka7c5IBKw t2mnT++3k9qGROw8i9koiEXLgdwKlSpKFz/lPZ8Jd+G3Sar3l0rRPxTFAtp5h2nz kJOrKqGNnr0N2cihadbFpOncYCowq12bgx3xAu2ezdE6AdhpbpD4dVntrYICV7Sb gBc4wmNBA3msTzw6dVhf5aDPLOIwHnJJ9oKk/PnVYfvZKjup1ftteYaK//Nty1is TPywDMsOMFZow9I4ywvibLe+3Orf9wv8HuhZB5bl2MU09OwY3V7+lI5Ehk0iNM5v SBfZ0dXeeWg8wRxdyaQyC4NvVueRLm7X1B5Jd3+8AUcI9E4sCwVaMLEZHqlANfjX EGv+Tj7cYvrB8whP0rcZ78emeWDE0P1oR2bbRH5pFBC/MU7ILFeX2g3hcpwQksC3 mODFYFcTBsUdfBrcum5SkpKQL/EjNspztalpLLi712ESd28K4IOSA1VqQAL/MMrl fjXmgcBr+xfTnZl62eUu =1MzW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Connector bindOnInit=false not behaving as expected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm trying to use JMX to do things with Tomcat Connectors and ProtocolHandlers. Specifically, I'd like to re-load the keystore (really certificate) used for an HTTPs connection. I'm currently using Tomcat 8.0.30 for my testing. It looks like the ProtocolHandler is really the place where the TLS configuration is taking effect, and not the Connector, so I'm largely ignoring the Connector for now. Is that the right choice to make, here? It seems that calling the pause()/resume() or stop()/start() on the ProtocolHandler have no effect on resetting the SSLServerSockeyFactory, which is what would be required to achieve my goals (update a certificate for a running Tomcat instance). I suspect I'll have to call init(). When I do this without specifying bindOnInit=false awful things happen. First, calling init() gets me an error on stdout that the address is already in use, and then it's basically not possible to restart the ProtocolHandler after that point: it's dead as far as I can tell, because you can't call start() or resume() without getting a whole bunch of errors. Does that sound like a problem to anyone? I would think that failure to call init() would leave the ProtocolHandler in an uninitialized state, but I'm wondering if trying to RE-initialize the ProtocolHandler should be something that won't damage a previously-initialized component. When trying to script these types of connections, having a non-destructive init() might be useful. So, I set bindOnInit="false" which is documented[1] to unbind on "stop". When calling stop(), the port continues to be bound by Tomcat. Calling stop() and then start() throws a BindException. :( Destroying the ProtocolHandler also leaves the port still bound, and also (unsurprisingly) destroys the ProtocolHandler. Stopping the Connector also does not release the port. :( Calling stop() and then start() also throws a BindException. At this point, I think I'm stuck. Is there a bug here? I'm going to upgrade to 8.0.latest and repeat my tests, just in case. Thanks, - -chris [1] http://tomcat.apache.org/tomcat-8.0-doc/config/http.html -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYQKtEAAoJEBzwKT+lPKRYuIgQAJ9UP58XujGXn8K1ucxNkm4H 2Y+1x+mTHTH1Rkkm6KTRPOPOjY98yIrl+oO91m/hsHrTVQJ/QdQ8y9hIpKCv8S3i KWyi54627RiefiMc9l1p6/iYsXe5Sntysln02ADUEG4sSSnqwmL1mvsoZlIOXvLd A+50PKIAtUyG46tqLugfV1YmzUOqkAMEXzF1son6Z/RcH9Eoct8Ez5eb4U1VMoLu pIlsvrIrEdgrlbvcL0nHHaeR0FjBJprvg80mPe7YaSZiRedAohWizPfJ7kcnVyeZ 8dj9H0MO2GvJOtZCnVcy+6Mlg1WR3DYawNMRL+RKRl32prwdR3A3LkEgF4JVJc+c +KEhLFlDUhgKhv/axTz69dR7fIk7Haswed9IV5t6ZAZP1CY3fkDhMtMqb3k+NhMh UVxd8Wi2uxbRI4HtbxBmwv0Nry5khrQZuFaobOmw5ZCOuOWmdyMQbKRHa0Y0YCLZ TUiQVwP7plXOcOqnk4U8akvjyzV+I3OoFB2SZmeA/sHOj18aA2KMr+vx6phRWMTY MsJ7D4zqsTS43UqQSYEVu0jpcqD1RigaVCpSUldUdd16VvzqethXxtKYQ/OnR5Kl 0nL/MHfTw+HqGEdBXQQXasSoPNBE1fQuyZKGXOA5rzOhlygFMwmzFUzURKSDCvqz DjUn9zF29Fol4gTOKKX0 =xoqM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to get SSL working on Tomcat 8.5
sslEnabledProtocols is now just protocols for one thing. And you have to put your certificate stuff in an sub-section to the connector now. Here's how ours had to be reconfigured (on 8443 instead of 443) using NIO and JSSE: protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" protocols="TLSv1.2"> certificateKeyFile="path-to-cert-keyfile" /> Hope this helps. The parts that are relevant to your certificate are in the section here: https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig but scroll up slightly to get the instructions on how to use this subsection. jim On 12/1/2016 1:26 PM, Bartlett, Todd wrote: Thanks for your reply, unfortunately I know very little about Tomcat beyond the server.xml config below. What are "hooks" and or whats been deprecated related to the below, or is there a new example config for using a .pfx Keystorefile? -Original Message- From: Jim Weill [mailto:moon...@icsi.berkeley.edu] Sent: Thursday, December 01, 2016 2:38 PM To: Tomcat Users ListSubject: Re: Unable to get SSL working on Tomcat 8.5 Are you using the 8.5 reference? https://tomcat.apache.org/tomcat-8.5-doc/config/http.html When we updated to 8.5, we also found things changed with the connector for SSL. The above page is the current guide, and you'll notice several of the hooks have been deprecated since 6.0 jim On 12/1/2016 11:28 AM, Bartlett, Todd wrote: Thanks for replying, some more information. Tomcat 8.0 works fine with this configuration (Ive tested both installs on same server, same .pfx) (note no other changes anywhere, just a fresh install and modifying the server.xml) We have been using this config since 6.0 through 8.0. Something changed in 8.5, it does not seem to recognize or load the .pfx file anymore. Thanks Todd -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, November 30, 2016 8:52 PM To: Tomcat Users List Subject: Re: Unable to get SSL working on Tomcat 8.5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 11/29/16 4:41 PM, Bartlett, Todd wrote: The below settings work fine on 6.0 version (no other changes Im aware of) Error received Failed to initialize component [Connector[HTTP/1.1-443 What's the rest of the error message? Looks okay so far. You need to post more information. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj l9lZDcQlY4Q+sZhDFifa =Op4c -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Unable to get SSL working on Tomcat 8.5
Thanks for your reply, unfortunately I know very little about Tomcat beyond the server.xml config below. What are "hooks" and or whats been deprecated related to the below, or is there a new example config for using a .pfx Keystorefile? -Original Message- From: Jim Weill [mailto:moon...@icsi.berkeley.edu] Sent: Thursday, December 01, 2016 2:38 PM To: Tomcat Users ListSubject: Re: Unable to get SSL working on Tomcat 8.5 Are you using the 8.5 reference? https://tomcat.apache.org/tomcat-8.5-doc/config/http.html When we updated to 8.5, we also found things changed with the connector for SSL. The above page is the current guide, and you'll notice several of the hooks have been deprecated since 6.0 jim On 12/1/2016 11:28 AM, Bartlett, Todd wrote: > Thanks for replying, some more information. > > Tomcat 8.0 works fine with this configuration (Ive tested both > installs on same server, same .pfx) (note no other changes anywhere, > just a fresh install and modifying the server.xml) We have been using this > config since 6.0 through 8.0. > > Something changed in 8.5, it does not seem to recognize or load the .pfx file > anymore. > > Thanks > > Todd > > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, November 30, 2016 8:52 PM > To: Tomcat Users List > Subject: Re: Unable to get SSL working on Tomcat 8.5 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Todd, > > On 11/29/16 4:41 PM, Bartlett, Todd wrote: >> The below settings work fine on 6.0 version (no other changes Im >> aware >> of) Error received Failed to initialize component >> [Connector[HTTP/1.1-443 > What's the rest of the error message? > >> > maxThreads="150" scheme="https" secure="true" >> keystoreFile="C:\.pfx" keystorePass="" >> keystoreType="pkcs12" clientAuth="false" >> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> > Looks okay so far. You need to post more information. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche > ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V > 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg > KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ > XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W > 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf > zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM > IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo > hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz > ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY > 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj > l9lZDcQlY4Q+sZhDFifa > =Op4c > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to get SSL working on Tomcat 8.5
Are you using the 8.5 reference? https://tomcat.apache.org/tomcat-8.5-doc/config/http.html When we updated to 8.5, we also found things changed with the connector for SSL. The above page is the current guide, and you'll notice several of the hooks have been deprecated since 6.0 jim On 12/1/2016 11:28 AM, Bartlett, Todd wrote: Thanks for replying, some more information. Tomcat 8.0 works fine with this configuration (Ive tested both installs on same server, same .pfx) (note no other changes anywhere, just a fresh install and modifying the server.xml) We have been using this config since 6.0 through 8.0. Something changed in 8.5, it does not seem to recognize or load the .pfx file anymore. Thanks Todd -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, November 30, 2016 8:52 PM To: Tomcat Users ListSubject: Re: Unable to get SSL working on Tomcat 8.5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 11/29/16 4:41 PM, Bartlett, Todd wrote: The below settings work fine on 6.0 version (no other changes Im aware of) Error received Failed to initialize component [Connector[HTTP/1.1-443 What's the rest of the error message? Looks okay so far. You need to post more information. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj l9lZDcQlY4Q+sZhDFifa =Op4c -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Unable to get SSL working on Tomcat 8.5
Thanks for replying, some more information. Tomcat 8.0 works fine with this configuration (Ive tested both installs on same server, same .pfx) (note no other changes anywhere, just a fresh install and modifying the server.xml) We have been using this config since 6.0 through 8.0. Something changed in 8.5, it does not seem to recognize or load the .pfx file anymore. Thanks Todd -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, November 30, 2016 8:52 PM To: Tomcat Users ListSubject: Re: Unable to get SSL working on Tomcat 8.5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 11/29/16 4:41 PM, Bartlett, Todd wrote: > The below settings work fine on 6.0 version (no other changes Im aware > of) Error received Failed to initialize component > [Connector[HTTP/1.1-443 What's the rest of the error message? > maxThreads="150" scheme="https" secure="true" > keystoreFile="C:\.pfx" keystorePass="" > keystoreType="pkcs12" clientAuth="false" > sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> Looks okay so far. You need to post more information. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj l9lZDcQlY4Q+sZhDFifa =Op4c -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ClassNotFound while Deserialization of dynamically loaded class via Groovy class loader
Hi, My application with ZK using dynamic Groovy Script to load ZK components. Whole things is working fine with non-clustered environment. Recently I have started testing my application with Clustered Environment. I am testing with ZK 7.0.8 and Tomcat 8.5.8 In my groovy scripts FindPeople is a class [Resembles ZK MVVM viewModel] and SelectOption is inner class [Simple POJO to keep name value pair]. Both of them implements Serializable interface. These groovy script are loaded in my application from database table field. I am getting below exception. Dec 01, 2016 6:02:13 PM org.apache.catalina.ha.session.DeltaManager messageReceived SEVERE: Manager [localhost#/module-backoffice]: Unable to receive message through TCP channel java.lang.ClassNotFoundException: FindPeople$SelectOption at java.net.URLClassLoader$1.run(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Unknown Source) at java.io.ObjectInputStream.resolveClass(Unknown Source) at org.apache.catalina.tribes.io.ReplicationStream.resolveClass(ReplicationStream.java:79) at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source) at java.io.ObjectInputStream.readClassDesc(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at java.io.ObjectInputStream.defaultReadFields(Unknown Source) at java.io.ObjectInputStream.readSerialData(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at java.io.ObjectInputStream.readObject(Unknown Source) at org.zkoss.io.Serializables.smartRead(Serializables.java:88) at org.zkoss.zk.ui.AbstractComponent.readObject(AbstractComponent.java:3128) at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at java.io.ObjectStreamClass.invokeReadObject(Unknown Source) at java.io.ObjectInputStream.readSerialData(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at java.io.ObjectInputStream.readObject(Unknown Source) at java.util.HashMap.readObject(Unknown Source) at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at java.io.ObjectStreamClass.invokeReadObject(Unknown Source) at java.io.ObjectInputStream.readSerialData(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at java.io.ObjectInputStream.defaultReadFields(Unknown Source) at java.io.ObjectInputStream.readSerialData(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at java.io.ObjectInputStream.readObject(Unknown Source) at org.zkoss.io.Serializables.smartRead(Serializables.java:88) at org.zkoss.zk.ui.AbstractComponent.readObject(AbstractComponent.java:3128) at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at java.io.ObjectStreamClass.invokeReadObject(Unknown Source) at java.io.ObjectInputStream.readSerialData(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at java.io.ObjectInputStream.readObject(Unknown Source) at org.zkoss.zk.ui.AbstractComponent.readObject(AbstractComponent.java:3107) at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at java.io.ObjectStreamClass.invokeReadObject(Unknown Source) at java.io.ObjectInputStream.readSerialData(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at java.io.ObjectInputStream.readObject(Unknown Source) at org.zkoss.zk.ui.AbstractComponent.readObject(AbstractComponent.java:3107) at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at java.io.ObjectStreamClass.invokeReadObject(Unknown Source) at java.io.ObjectInputStream.readSerialData(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at
Buffer_overflow : https://bz.apache.org/bugzilla/show_bug.cgi?id=60437
SSL handshake in AsyncChannelWrapperSecure fails with the "javax.net.ssl.SSLException: TODO" error. Its failing because of BUFFER_OVERFLOW during handshake. Caused by: javax.net.ssl.SSLException: TLS handshake returned an unexpected status [BUFFER_OVERFLOW] at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.checkResult(AsyncChannelWrapperSecure.java:430) Seems like tomcat is not handling dynamic buffer resizing for BUFFER_OVERFLOW as recommended in http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html. Its handled and fixed for BUFFER_UNDERFLOW. Temporarily, we increased buffer size of the temporary buffer to 64kb in /org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java and now we are able to have successful handshake. Originally it was 8192 bytes. We have raised issue (https://bz.apache.org/bugzilla/show_bug.cgi?id=60437) to handle BUFFER_OVERFLOW, and attached a sample client that can be used to reproduce the issue. Thanks, Dharmesh Patel This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp