date:20161201

Re: Connector bindOnInit=false not behaving as expected

2016-12-01 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

On 12/1/16 5:59 PM, Christopher Schultz wrote:
> All,
> 
> I'm trying to use JMX to do things with Tomcat Connectors and 
> ProtocolHandlers. Specifically, I'd like to re-load the keystore 
> (really certificate) used for an HTTPs connection.
> 
> I'm currently using Tomcat 8.0.30 for my testing.
> 
> It looks like the ProtocolHandler is really the place where the
> TLS configuration is taking effect, and not the Connector, so I'm
> largely ignoring the Connector for now. Is that the right choice to
> make, here?
> 
> It seems that calling the pause()/resume() or stop()/start() on
> the ProtocolHandler have no effect on resetting the 
> SSLServerSockeyFactory, which is what would be required to achieve
> my goals (update a certificate for a running Tomcat instance).
> 
> I suspect I'll have to call init(). When I do this without
> specifying bindOnInit=false awful things happen. First, calling
> init() gets me an error on stdout that the address is already in
> use, and then it's basically not possible to restart the
> ProtocolHandler after that point: it's dead as far as I can tell,
> because you can't call start() or resume() without getting a whole
> bunch of errors.
> 
> Does that sound like a problem to anyone? I would think that
> failure to call init() would leave the ProtocolHandler in an
> uninitialized state, but I'm wondering if trying to RE-initialize
> the ProtocolHandler should be something that won't damage a 
> previously-initialized component. When trying to script these types
> of connections, having a non-destructive init() might be useful.
> 
> So, I set bindOnInit="false" which is documented[1] to unbind on 
> "stop". When calling stop(), the port continues to be bound by
> Tomcat. Calling stop() and then start() throws a BindException. :(
> Destroying the ProtocolHandler also leaves the port still bound,
> and also (unsurprisingly) destroys the ProtocolHandler.
> 
> Stopping the Connector also does not release the port. :( Calling 
> stop() and then start() also throws a BindException.
> 
> At this point, I think I'm stuck. Is there a bug here?
> 
> I'm going to upgrade to 8.0.latest and repeat my tests, just in
> case.

I updated to 8.0.39 and noticed that I had moved my keystore out of
the way temporarily and so the connector was failing at some point
looking for that. I'll be repeating my tests with more attention to
detail, but what I think I've noticed is that there are certain errors
which can occur that cause the Connector to get itself into a bad state.

Specifically, I think that problems with the crypto setup cause the
connector to bind to the port, then fail and not unbind. Any later
attempt to re-start the Connector fails because the port is still bound.

I think the connector should catch (some?) exceptions and unbind the
port in those cases when bindOnInit=false.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYQK0sAAoJEBzwKT+lPKRYxEcQAKOnPrSGT12lsaO+Qlk1f0iJ
aUjcEcseYN74R91rd0n/vZdrWlx1pigH4bUkzJsqgxt6En14dQiw1AIgh8SY4QDe
UZxq4HIunDmcVoOpuOl+GOJRlHoA4LvYIVDM8vDBXqBYt3yBgpeC0DiIB+WfQ2hS
bkooGIC1Vkb1BMXv0KOI5NWZ30PoUfm1cfHuoALh1yrPJO2PPYwmaKKka7c5IBKw
t2mnT++3k9qGROw8i9koiEXLgdwKlSpKFz/lPZ8Jd+G3Sar3l0rRPxTFAtp5h2nz
kJOrKqGNnr0N2cihadbFpOncYCowq12bgx3xAu2ezdE6AdhpbpD4dVntrYICV7Sb
gBc4wmNBA3msTzw6dVhf5aDPLOIwHnJJ9oKk/PnVYfvZKjup1ftteYaK//Nty1is
TPywDMsOMFZow9I4ywvibLe+3Orf9wv8HuhZB5bl2MU09OwY3V7+lI5Ehk0iNM5v
SBfZ0dXeeWg8wRxdyaQyC4NvVueRLm7X1B5Jd3+8AUcI9E4sCwVaMLEZHqlANfjX
EGv+Tj7cYvrB8whP0rcZ78emeWDE0P1oR2bbRH5pFBC/MU7ILFeX2g3hcpwQksC3
mODFYFcTBsUdfBrcum5SkpKQL/EjNspztalpLLi712ESd28K4IOSA1VqQAL/MMrl
fjXmgcBr+xfTnZl62eUu
=1MzW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Connector bindOnInit=false not behaving as expected

2016-12-01 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

I'm trying to use JMX to do things with Tomcat Connectors and
ProtocolHandlers. Specifically, I'd like to re-load the keystore
(really certificate) used for an HTTPs connection.

I'm currently using Tomcat 8.0.30 for my testing.

It looks like the ProtocolHandler is really the place where the TLS
configuration is taking effect, and not the Connector, so I'm largely
ignoring the Connector for now. Is that the right choice to make, here?

It seems that calling the pause()/resume() or stop()/start() on the
ProtocolHandler have no effect on resetting the
SSLServerSockeyFactory, which is what would be required to achieve my
goals (update a certificate for a running Tomcat instance).

I suspect I'll have to call init(). When I do this without specifying
bindOnInit=false awful things happen. First, calling init() gets me an
error on stdout that the address is already in use, and then it's
basically not possible to restart the ProtocolHandler after that
point: it's dead as far as I can tell, because you can't call start()
or resume() without getting a whole bunch of errors.

Does that sound like a problem to anyone? I would think that failure
to call init() would leave the ProtocolHandler in an uninitialized
state, but I'm wondering if trying to RE-initialize the
ProtocolHandler should be something that won't damage a
previously-initialized component. When trying to script these types of
connections, having a non-destructive init() might be useful.

So, I set bindOnInit="false" which is documented[1] to unbind on
"stop". When calling stop(), the port continues to be bound by Tomcat.
Calling stop() and then start() throws a BindException. :( Destroying
the ProtocolHandler also leaves the port still bound, and also
(unsurprisingly) destroys the ProtocolHandler.

Stopping the Connector also does not release the port. :( Calling
stop() and then start() also throws a BindException.

At this point, I think I'm stuck. Is there a bug here?

I'm going to upgrade to 8.0.latest and repeat my tests, just in case.

Thanks,
- -chris

[1] http://tomcat.apache.org/tomcat-8.0-doc/config/http.html
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYQKtEAAoJEBzwKT+lPKRYuIgQAJ9UP58XujGXn8K1ucxNkm4H
2Y+1x+mTHTH1Rkkm6KTRPOPOjY98yIrl+oO91m/hsHrTVQJ/QdQ8y9hIpKCv8S3i
KWyi54627RiefiMc9l1p6/iYsXe5Sntysln02ADUEG4sSSnqwmL1mvsoZlIOXvLd
A+50PKIAtUyG46tqLugfV1YmzUOqkAMEXzF1son6Z/RcH9Eoct8Ez5eb4U1VMoLu
pIlsvrIrEdgrlbvcL0nHHaeR0FjBJprvg80mPe7YaSZiRedAohWizPfJ7kcnVyeZ
8dj9H0MO2GvJOtZCnVcy+6Mlg1WR3DYawNMRL+RKRl32prwdR3A3LkEgF4JVJc+c
+KEhLFlDUhgKhv/axTz69dR7fIk7Haswed9IV5t6ZAZP1CY3fkDhMtMqb3k+NhMh
UVxd8Wi2uxbRI4HtbxBmwv0Nry5khrQZuFaobOmw5ZCOuOWmdyMQbKRHa0Y0YCLZ
TUiQVwP7plXOcOqnk4U8akvjyzV+I3OoFB2SZmeA/sHOj18aA2KMr+vx6phRWMTY
MsJ7D4zqsTS43UqQSYEVu0jpcqD1RigaVCpSUldUdd16VvzqethXxtKYQ/OnR5Kl
0nL/MHfTw+HqGEdBXQQXasSoPNBE1fQuyZKGXOA5rzOhlygFMwmzFUzURKSDCvqz
DjUn9zF29Fol4gTOKKX0
=xoqM
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to get SSL working on Tomcat 8.5

2016-12-01 Thread Jim Weill

sslEnabledProtocols is now just protocols for one thing. And you have to 
put your certificate stuff in an  sub-section to the 
connector now.  Here's how ours had to be reconfigured (on 8443 instead 
of 443) using NIO and JSSE:


protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" 
SSLEnabled="true" protocols="TLSv1.2">


certificateKeyFile="path-to-cert-keyfile" />




Hope this helps.  The parts that are relevant to your certificate are in 
the section here: 
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig 
but scroll up slightly to get the instructions on how to use this 
subsection.


jim

On 12/1/2016 1:26 PM, Bartlett, Todd wrote:

Thanks for your reply, unfortunately I know very little about Tomcat beyond the 
server.xml config below.
What are "hooks" and or whats been deprecated related to the below, or is there 
a new example config for using a .pfx Keystorefile?



-Original Message-
From: Jim Weill [mailto:moon...@icsi.berkeley.edu]
Sent: Thursday, December 01, 2016 2:38 PM
To: Tomcat Users List 
Subject: Re: Unable to get SSL working on Tomcat 8.5

Are you using the 8.5 reference?
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html

When we updated to 8.5, we also found things changed with the connector for 
SSL.  The above page is the current guide, and you'll notice several of the 
hooks have been deprecated since 6.0

jim

On 12/1/2016 11:28 AM, Bartlett, Todd wrote:

Thanks for replying, some more information.

Tomcat 8.0 works fine with this configuration (Ive tested both
installs on same server, same .pfx) (note no other changes anywhere,
just a fresh install and modifying the server.xml) We have been using this 
config since 6.0 through 8.0.

Something changed in 8.5, it does not seem to recognize or load the .pfx file 
anymore.

Thanks

Todd

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, November 30, 2016 8:52 PM
To: Tomcat Users List 
Subject: Re: Unable to get SSL working on Tomcat 8.5

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Todd,

On 11/29/16 4:41 PM, Bartlett, Todd wrote:

The below settings work fine on 6.0 version (no other changes Im
aware
of)  Error received Failed to initialize component
[Connector[HTTP/1.1-443

What's the rest of the error message?




Looks okay so far. You need to post more information.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche
ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V
7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg
KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/
XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W
169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf
zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM
IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo
hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz
ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY
47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj
l9lZDcQlY4Q+sZhDFifa
=Op4c
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Unable to get SSL working on Tomcat 8.5

2016-12-01 Thread Bartlett, Todd

Thanks for your reply, unfortunately I know very little about Tomcat beyond the 
server.xml config below.  
What are "hooks" and or whats been deprecated related to the below, or is there 
a new example config for using a .pfx Keystorefile? 



-Original Message-
From: Jim Weill [mailto:moon...@icsi.berkeley.edu] 
Sent: Thursday, December 01, 2016 2:38 PM
To: Tomcat Users List 
Subject: Re: Unable to get SSL working on Tomcat 8.5

Are you using the 8.5 reference? 
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html

When we updated to 8.5, we also found things changed with the connector for 
SSL.  The above page is the current guide, and you'll notice several of the 
hooks have been deprecated since 6.0

jim

On 12/1/2016 11:28 AM, Bartlett, Todd wrote:
> Thanks for replying, some more information.
>
> Tomcat 8.0 works fine with this configuration (Ive tested both 
> installs on same server, same .pfx) (note no other changes anywhere, 
> just a fresh install and modifying the server.xml) We have been using this 
> config since 6.0 through 8.0.
>
> Something changed in 8.5, it does not seem to recognize or load the .pfx file 
> anymore.
>
> Thanks
>
> Todd
>
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Wednesday, November 30, 2016 8:52 PM
> To: Tomcat Users List 
> Subject: Re: Unable to get SSL working on Tomcat 8.5
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Todd,
>
> On 11/29/16 4:41 PM, Bartlett, Todd wrote:
>> The below settings work fine on 6.0 version (no other changes Im 
>> aware
>> of)  Error received Failed to initialize component
>> [Connector[HTTP/1.1-443
> What's the rest of the error message?
>
>> > maxThreads="150" scheme="https" secure="true"
>> keystoreFile="C:\.pfx" keystorePass=""
>> keystoreType="pkcs12" clientAuth="false"
>> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." />
> Looks okay so far. You need to post more information.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche
> ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V
> 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg
> KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/
> XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W
> 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf
> zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM
> IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo
> hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz
> ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY
> 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj
> l9lZDcQlY4Q+sZhDFifa
> =Op4c
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to get SSL working on Tomcat 8.5

2016-12-01 Thread Jim Weill

Are you using the 8.5 reference? 
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html


When we updated to 8.5, we also found things changed with the connector 
for SSL.  The above page is the current guide, and you'll notice several 
of the hooks have been deprecated since 6.0


jim

On 12/1/2016 11:28 AM, Bartlett, Todd wrote:

Thanks for replying, some more information.

Tomcat 8.0 works fine with this configuration (Ive tested both installs on same 
server, same .pfx)
(note no other changes anywhere, just a fresh install and modifying the 
server.xml)
We have been using this config since 6.0 through 8.0.

Something changed in 8.5, it does not seem to recognize or load the .pfx file 
anymore.

Thanks

Todd

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, November 30, 2016 8:52 PM
To: Tomcat Users List 
Subject: Re: Unable to get SSL working on Tomcat 8.5

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Todd,

On 11/29/16 4:41 PM, Bartlett, Todd wrote:

The below settings work fine on 6.0 version (no other changes Im aware
of)  Error received Failed to initialize component
[Connector[HTTP/1.1-443

What's the rest of the error message?




Looks okay so far. You need to post more information.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche
ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V
7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg
KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/
XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W
169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf
zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM
IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo
hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz
ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY
47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj
l9lZDcQlY4Q+sZhDFifa
=Op4c
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Unable to get SSL working on Tomcat 8.5

2016-12-01 Thread Bartlett, Todd

Thanks for replying, some more information.  

Tomcat 8.0 works fine with this configuration (Ive tested both installs on same 
server, same .pfx)
(note no other changes anywhere, just a fresh install and modifying the 
server.xml)
We have been using this config since 6.0 through 8.0.

Something changed in 8.5, it does not seem to recognize or load the .pfx file 
anymore.

Thanks

Todd

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Wednesday, November 30, 2016 8:52 PM
To: Tomcat Users List 
Subject: Re: Unable to get SSL working on Tomcat 8.5

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Todd,

On 11/29/16 4:41 PM, Bartlett, Todd wrote:
> The below settings work fine on 6.0 version (no other changes Im aware 
> of)  Error received Failed to initialize component
> [Connector[HTTP/1.1-443

What's the rest of the error message?

>  maxThreads="150" scheme="https" secure="true" 
> keystoreFile="C:\.pfx" keystorePass="" 
> keystoreType="pkcs12" clientAuth="false" 
> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." />

Looks okay so far. You need to post more information.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche
ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V
7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg
KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/
XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W
169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf
zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM
IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo
hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz
ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY
47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj
l9lZDcQlY4Q+sZhDFifa
=Op4c
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

ClassNotFound while Deserialization of dynamically loaded class via Groovy class loader

2016-12-01 Thread Santosh Kumar

Hi,

My application with ZK using dynamic Groovy Script to load ZK components.

Whole things is working fine with non-clustered environment.

Recently I have started testing my application with Clustered Environment.
I am testing with ZK 7.0.8 and Tomcat 8.5.8
In my groovy scripts FindPeople is a class [Resembles ZK MVVM viewModel]
and SelectOption is inner class [Simple POJO to keep name value pair]. Both
of them implements Serializable interface.

These groovy script are loaded in my application from database table field.

I am getting below exception.

Dec 01, 2016 6:02:13 PM org.apache.catalina.ha.session.DeltaManager
messageReceived
SEVERE: Manager [localhost#/module-backoffice]: Unable to receive message
through TCP channel
java.lang.ClassNotFoundException: FindPeople$SelectOption
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at java.io.ObjectInputStream.resolveClass(Unknown Source)
at
org.apache.catalina.tribes.io.ReplicationStream.resolveClass(ReplicationStream.java:79)
at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
at java.io.ObjectInputStream.readClassDesc(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at org.zkoss.io.Serializables.smartRead(Serializables.java:88)
at org.zkoss.zk.ui.AbstractComponent.readObject(AbstractComponent.java:3128)
at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at java.util.HashMap.readObject(Unknown Source)
at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at org.zkoss.io.Serializables.smartRead(Serializables.java:88)
at org.zkoss.zk.ui.AbstractComponent.readObject(AbstractComponent.java:3128)
at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at org.zkoss.zk.ui.AbstractComponent.readObject(AbstractComponent.java:3107)
at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at org.zkoss.zk.ui.AbstractComponent.readObject(AbstractComponent.java:3107)
at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at

Buffer_overflow : https://bz.apache.org/bugzilla/show_bug.cgi?id=60437

2016-12-01 Thread Dharmesh Patel


SSL handshake in AsyncChannelWrapperSecure  fails with the 
"javax.net.ssl.SSLException: TODO" error.
Its failing because of BUFFER_OVERFLOW during handshake.

Caused by: javax.net.ssl.SSLException: TLS handshake returned an unexpected 
status [BUFFER_OVERFLOW]
at 
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.checkResult(AsyncChannelWrapperSecure.java:430)

Seems like tomcat is not handling dynamic buffer resizing for BUFFER_OVERFLOW 
as recommended in 
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html. Its 
handled  and fixed for BUFFER_UNDERFLOW.

Temporarily, we increased buffer size of the temporary buffer to 64kb in  
/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java and now we are able 
to have successful handshake. Originally it was 8192 bytes.

We have raised issue (https://bz.apache.org/bugzilla/show_bug.cgi?id=60437) to 
handle BUFFER_OVERFLOW, and attached a sample client that can be used to 
reproduce the issue.


Thanks,
Dharmesh Patel


This message and the information contained herein is proprietary and 
confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp

Re: Connector bindOnInit=false not behaving as expected

Connector bindOnInit=false not behaving as expected

Re: Unable to get SSL working on Tomcat 8.5

RE: Unable to get SSL working on Tomcat 8.5

Re: Unable to get SSL working on Tomcat 8.5

RE: Unable to get SSL working on Tomcat 8.5

ClassNotFound while Deserialization of dynamically loaded class via Groovy class loader

Buffer_overflow : https://bz.apache.org/bugzilla/show_bug.cgi?id=60437

8 matches

Site Navigation

Mail list logo

Footer information