Re: Help needed - JPA probem - No connection specified with project

[Guang Chao]

On Thu, Sep 28, 2017 at 12:57 PM, Karen Goh 
wrote:

>
> 
> On Tue, 9/26/17, Konstantin Kolinko  wrote:
>
>  Subject: Re: Help needed - JPA probem - No connection specified with
> project
>  To: "Tomcat Users List" 
>  Date: Tuesday, September 26, 2017, 8:52 AM
>
>  2017-09-25 18:02 GMT+03:00 Karen
>  Goh :
>  > Hi Kolinko,
>  >
>  > I have now removed the ResourceLink and
>  left with Resource in my context.xml which is resided at
>  WebContent/META-INF.
>  >
>  > And this is C:\Program Files\Apache
>  Software Foundation\Tomcat 8.0\conf\context.xml
>  >
>  >   version="1.0" encoding="UTF-8"?>
>  > 
>  >
>  > 
>  > 
>  >
>  WEB-INF/web.xml
>  >
>  ${catalina.base}/conf/web.xml
>  >
>  > 
>  > 
>  >
>  > 
>  > 
>  >
>  
>  >
>  >
>  And here's my web.xml :
>  >
>  >   encoding="UTF-8"?>
>  >
>  http://www.w3.org/2001/XMLSchema-instance;
>  xmlns="http://xmlns.jcp.org/xml/ns/javaee;
>  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
> http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd;
>  version="3.1">
>  >
>  Hi5S
>  >   
>  >
>  Index.jsp
>  >   
>  >   
>  > MySQL
>  Datasource
>  >
>  jdbc/hi5
>  >
>  javax.sql.DataSource
>  >
>  Container
>  >   
>  >
>  > 
>  >
>  > The error remains the
>  same and my Tomcat failed to start, despite I cleaned them
>  etc etc.
>  >
>  > SEVERE: A
>  child container failed during start
>  >
>  java.util.concurrent.ExecutionException:
>  org.apache.catalina.LifecycleException: Failed to start
>  component
>  [StandardEngine[Catalina].StandardHost[localhost]]
>  >
>  > Could you advise how
>  to go about making it work ?
>
>  Mailing list rules:
>  http://tomcat.apache.org/lists.html#tomcat-users
>  -> Top-posting is bad.
>
> Ok. Tks, now I follow your requirements.
>
>
>  1. See a link to Eclipse IDE FAQ here:
>
>  https://wiki.apache.org/tomcat/FAQ/Developing#Q6
>
>
>  2. See the
>  following thread on how to turn on "Publish module
>  context
>  to separate XML files" option
>  in Eclipse.
>
>  By default
>  (without that option) Eclipse IDE places 
>  elements
>  into server.xml, which is a rather
>  discourage practice.
>
>  http://markmail.org/message/7zkyocvph56b6t6q
>
>
> OK.  I managed to turn on "Publish module context..but my problem of
> context not bound is still there.
>
>  3.
>  Documentation on Context:
>
>  http://tomcat.apache.org/tomcat-8.0-doc/config/context.html
>
>  The  element in
>  your context.xml has a lot of attributes that
>  should not be there, starting with
>  "debug". What (bad) example were
>  they copied from?
>
>
>  4. The current version of
>  Tomcat 8.0 is 8.0.46.
>  There were security
>  fixes in Java as well (8u141 was a security update
>  in July 2017)
>
>  Also EOL date for Tomcat 8.0 has been
>  announced. Users are advised to
>  migrate to
>  8.5.
>  http://tomcat.apache.org/tomcat-80-eol.html
>
> Hi kolinko, I have now installed Tomcat 8.5.20 but same problem.
>
>
>
>
>  5. Your
>  META-INF/context.xml is broken:
>  [[[
>// here is rogue
>  ">", thus your Resource has no name (all
>  the following is plain text, not attributes)
>  and thus NPE happens
>
>  name="jdbc/hi5"
>
>  auth="Container"
>
>  type="javax.sql.DataSource"
>
>  maxTotal="8"
>
>  maxActive="100"
>
>  maxIdle="30"
>
>  maxWait="-1"
>
>  username="root"
>
>  singleton="true"
>
>  override="true"
>
>  factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
>  password="password"
>
>  alternateUsernameAllowed="true"
>
>driverClassName="com.mysql.jdbc.Driver"
>
>  url="jdbc:mysql://localhost:3306/hi5" />  //
>  You either use /> or
>  ,
>  not both.
>
>  ]]]
>
>
> I have changed my context.xml as follows :
>
> 
>  >
>  name="jdbc/hi5"
> auth="Container"
> type="javax.sql.DataSource"
> maxTotal="8"
> maxActive="100"
> maxIdle="30"
> maxWait="-1"
> username="root"
> singleton="true"
> override="true"
> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
> password="password"
>alternateUsernameAllowed="true"
> driverClassName="com.mysql.jdbc.Driver"
> url="jdbc:mysql://localhost:3306/hi5" />
>
>
> And my web.xml ;
>
> 
> http://www.w3.org/2001/XMLSchema-instance; xmlns="
> http://xmlns.jcp.org/xml/ns/javaee; xsi:schemaLocation="http://
> xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/
> javaee/web-app_3_1.xsd" version="3.1">
>   Hi5S
>   
> Index.jsp
>   
>   
> MySQL dataSource
> JDBC/hi5
>

Try add here jdbc/hi5


> javax.sql.DataSource
> Container
>   
>
> util.HibernateSessionFactoryListener
> // I do not know if this is necessary.  Wld like to have your comments. Tks.
> 
> 
>
>  Best
>  regards,
>  Konstantin Kolinko
>
>  -
> 

Re: tomcat7 eol date?

[Rémy Maucherat]

On Mon, Sep 25, 2017 at 9:30 PM, Mark Thomas  wrote:

> On 25/09/17 15:06, Coty Sutherland wrote:
> > On Sat, Sep 23, 2017 at 12:47 PM, Mark Thomas  wrote:
> >> On 23/09/17 13:15, Alex O'Ree wrote:
> >>> Is there an approximate or estimated date in which ASF will stop
> >>> supporting patches for Tomcat7?
> >>
> >> Best guess that is at least two to three years away.
> >>
> >>> I'm assuming that the tomcat major versions are tied to oracle's
> >>> support for the JRE, which implies that when oracle stops supporting
> >>> JRE7 that tomcat7 support will stop around the same time. Is that more
> >>> or less accurate?
> >>
> >> No.
> >>
> >> Tomcat major versions are tied to Java EE versions and we currently
> >> support 3 versions in parallel.
> >>
> >> Java EE 8 -> Tomcat 9
> >> Java EE 7 -> Tomcat 8
> >> Java EE 6 -> Tomcat 7
> >>
> >> Prior to Oracle's announcement of the Java EE donation to Eclipse, my
> >> answer would have been:
> >>
> >> Tomcat 10 will support Java EE 9. Once the release date for Java EE 9
> >> looks fairly certain, we'll announce EOL for Tomcat 7. We will give at
> >> least 12 months notice.
> >>
> >> Oracle's donation of Java EE to Eclipse the name of what Tomcat 10 will
> >> support is uncertain at this point. Timing wise things are also
> >> uncertain at this point. Based on previous Java EE timescales, at least
> >> 2-3 years looks likely.
> >
> > Are we considering shorter lifecycles and more frequent Tomcat major
> > relases to keep up with the potential of faster major releases in java
> > per http://tomcat.10.x6.nabble.com/Moving-Java-Forward-
> Faster-td5067116.html
> > ?
>
> I think the relationship between Tomcat major versions and Java SE
> version is very much TBD.
>
> My expectation is that after the first stable release, we don't increase
> the minimum Java version but we do support newer version as they become
> available.
>
> I also expect Tomcat major versions to be driven by the releases of
> whatever Java EE becomes but even that is only an expectation. It is
> hard to be certain until we see how Java EE at Eclipse evolves.
>
> So I guess that answer is very much wait and see at the moment. The
> eventual answer will be heavily driven by feedback from the community in
> terms of what they want.
>

As long as they actually happen, I'd keep Tomcat major releases in sync
with the Servlet API releases. Of course, if Servlets are declared "done"
at some point, some change to the policy will have to be made !

Rémy

Re: Help needed - JPA probem - No connection specified with project

[Karen Goh]

On Tue, 9/26/17, Konstantin Kolinko  wrote:

 Subject: Re: Help needed - JPA probem - No connection specified with project
 To: "Tomcat Users List" 
 Date: Tuesday, September 26, 2017, 8:52 AM
 
 2017-09-25 18:02 GMT+03:00 Karen
 Goh :
 > Hi Kolinko,
 >
 > I have now removed the ResourceLink and
 left with Resource in my context.xml which is resided at
 WebContent/META-INF.
 >
 > And this is C:\Program Files\Apache
 Software Foundation\Tomcat 8.0\conf\context.xml
 >
 > 
 > 
 >
 >     
 >     
 >    
 WEB-INF/web.xml
 >    
 ${catalina.base}/conf/web.xml
 >
 >     
 >     
 >
 >     
 >     
 >
 
 >
 >
 And here's my web.xml :
 >
 > 
 >
 http://www.w3.org/2001/XMLSchema-instance;
 xmlns="http://xmlns.jcp.org/xml/ns/javaee;
 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd;
 version="3.1">
 >  
 Hi5S
 >   
 >    
 Index.jsp
 >   
 >   
 >     MySQL
 Datasource
 >    
 jdbc/hi5
 >    
 javax.sql.DataSource
 >    
 Container
 >   
 >
 > 
 >
 > The error remains the
 same and my Tomcat failed to start, despite I cleaned them
 etc etc.
 >
 > SEVERE: A
 child container failed during start
 >
 java.util.concurrent.ExecutionException:
 org.apache.catalina.LifecycleException: Failed to start
 component
 [StandardEngine[Catalina].StandardHost[localhost]]
 >
 > Could you advise how
 to go about making it work ?
 
 Mailing list rules:
 http://tomcat.apache.org/lists.html#tomcat-users
 -> Top-posting is bad.

Ok. Tks, now I follow your requirements.

 
 1. See a link to Eclipse IDE FAQ here:
 
 https://wiki.apache.org/tomcat/FAQ/Developing#Q6
 
 
 2. See the
 following thread on how to turn on "Publish module
 context
 to separate XML files" option
 in Eclipse.

 By default
 (without that option) Eclipse IDE places 
 elements
 into server.xml, which is a rather
 discourage practice.
 
 http://markmail.org/message/7zkyocvph56b6t6q


OK.  I managed to turn on "Publish module context..but my problem of context 
not bound is still there. 
 
 3.
 Documentation on Context:
 
 http://tomcat.apache.org/tomcat-8.0-doc/config/context.html
 
 The  element in
 your context.xml has a lot of attributes that
 should not be there, starting with
 "debug". What (bad) example were
 they copied from?
 
 
 4. The current version of
 Tomcat 8.0 is 8.0.46.
 There were security
 fixes in Java as well (8u141 was a security update
 in July 2017)
 
 Also EOL date for Tomcat 8.0 has been
 announced. Users are advised to
 migrate to
 8.5.
 http://tomcat.apache.org/tomcat-80-eol.html

Hi kolinko, I have now installed Tomcat 8.5.20 but same problem.
 


 
 5. Your
 META-INF/context.xml is broken:
 [[[
   // here is rogue
 ">", thus your Resource has no name (all
 the following is plain text, not attributes)
 and thus NPE happens
    
 name="jdbc/hi5"
    
 auth="Container"
    
 type="javax.sql.DataSource"
    
 maxTotal="8"
    
 maxActive="100"
    
 maxIdle="30"
    
 maxWait="-1"
    
 username="root"
    
 singleton="true"
    
 override="true"
    
 factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
     password="password"
      
 alternateUsernameAllowed="true"
  
   driverClassName="com.mysql.jdbc.Driver"
    
 url="jdbc:mysql://localhost:3306/hi5" />  //
 You either use /> or
 ,
 not both.
   
 ]]]
 
 
I have changed my context.xml as follows :



   


And my web.xml ;


http://www.w3.org/2001/XMLSchema-instance; 
xmlns="http://xmlns.jcp.org/xml/ns/javaee; 
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd; version="3.1">
  Hi5S
  
Index.jsp
  
  
MySQL dataSource
JDBC/hi5
javax.sql.DataSource
Container
  
   
util.HibernateSessionFactoryListener 
// I do not know if this is necessary.  Wld like to have your comments. Tks.



 Best
 regards,
 Konstantin Kolinko
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Randomly tomcat process create another copy process of it. Now see two PIDs of tomcat running

[Guang Chao]

On Tue, Sep 26, 2017 at 5:52 PM, Naresh Yadav 
wrote:

> Hi all,
>
> Already posted my problem on stackoverflow but not got any respo/nses so
> thought
> of posting here. Please read and help me with possible resolutions ??
>

Would it be possible one is run as a service and another run using the
*.bat file?


>
> https://stackoverflow.com/questions/46409358/randomly-
> tomcat-process-create-another-copy-process-of-it-now-see-two-pids-of-t
>
> Thanks
> Naresh
>



-- 
Guang 

TomcatCon Where (and when) next?

[Mark Thomas]

All,

TomcatCon London 2017 took place yesterday and was even more successful
than hoped. We sold 16 tickets for a full day of content from 3 Tomcat
committers.

I'd like to take this opportunity to once again thank our sponsors.

Liferay generously provided the venue - including all the associated
organisation. This provided us with a very nice venue, removed a
significant amount of the organisational overhead and also removed all
of the financial risk to the PMC members organising the event.

c2b2 generously purchased 2 tickets and contributed towards the other
expenses (speaker travel expenses, buying a microphone so we could
record some of the sessions, name badges, etc,).

We were able to record 4 out of the 6 sessions and these will be
uploaded to YouTube and linked from the Tomcat website hopefully by the
end of the week.

As planned, the event generated a sufficient surplus to underwrite the
next event. With this in mind, thoughts are already turning to future
events.

We are looking for suggestions for possible locations for the next
event. Please add your suggestions to this thread.

Some points to keep in mind:

- Events close to one or more Tomcat committters will generally have
  lower overheads due to reduced travel costs. At this point that
  probably means Europe if the event runs without sponsorship.

- Sponsorship to cover speaker travel and/or to provide a venue
  increases the options available with regard to location. I was
  serious when I said in a previous thread that the next event could be
  in India if a sponsor offered to provide a venue and cover speaker
  travel.

If you'd like to discuss sponsorship options privately, please feel free
to contact me off-list.

With regards to timing, the aim is to try and organise one of these
events every couple of months. That probably means we need to start
thinking about event N+1 and N+2 in parallel.

I look forward to your suggestions,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat ssl setup

[Peter Kreuser]

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis :
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List 
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis :
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> 
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Regards
> 
> Peter
> 
> Peter I have never seen entries in the "" part of the 
> server.xml file. Does that have to be in there for SSL to work in Tomcat?
> 
That's the way you define one Connector on one port with different certificates 
in TC 8.5 and 9.0.
I guess that's one of the important new features!
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Trouble using SSL with Tomcat 9

[Don Flinn]

Thanks Chuck,

As is obvious, I'm not an experienced admin, but a developer.  I picked
another unused port, 447, and tried again.  I'm not running Tomcat as
root.  I want to get the self signed cert working before purchasing an SSL
certificate.

This WORKED.  Thanks for all the help.  Note that I just picked an unused
port at random, not knowing any better.  I'm sure that there is a more
sophisticated way to pick a port to use.  I'm guessing that if I have
Tomcat grab that port it will keep it while it is running.  But for now I'm
over-joyed,

Don

On Wed, Sep 27, 2017 at 1:24 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Don Flinn [mailto:fl...@alum.mit.edu]
> > Subject: Re: Trouble using SSL with Tomcat 9
>
> > I installed a new download of tomcat 9, established one application with
> > php/java bridge (need php and java access). Set the SSL port to an unused
> > port, 443, and ran my app who's only out put is an H1 message.  This time
> I
> > get the expected error from Chrome with the red warning about bad
> > certificate.  However, the redirect went to https://localhost/Financial/
> > index.php - i.e. NO port number and of course drilling down couldn't find
> > my app which is at port 443, I believe.
>
> Port 443 is the standard HTTPS port, so it won't show up in the https: URL
> since it's the default.
>
> Unless you're running Tomcat as root (a very, very bad idea), you'll need
> to
> use iptables or equivalent to let Tomcat listen on port 443.
> https://wiki.apache.org/tomcat/HowTo#How_to_run_
> Tomcat_without_root_privileg
> es.3F
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>

RE: Trouble using SSL with Tomcat 9

[Caldarale, Charles R]

> From: Don Flinn [mailto:fl...@alum.mit.edu] 
> Subject: Re: Trouble using SSL with Tomcat 9

> I installed a new download of tomcat 9, established one application with
> php/java bridge (need php and java access). Set the SSL port to an unused
> port, 443, and ran my app who's only out put is an H1 message.  This time
I
> get the expected error from Chrome with the red warning about bad
> certificate.  However, the redirect went to https://localhost/Financial/
> index.php - i.e. NO port number and of course drilling down couldn't find
> my app which is at port 443, I believe.

Port 443 is the standard HTTPS port, so it won't show up in the https: URL
since it's the default.

Unless you're running Tomcat as root (a very, very bad idea), you'll need to
use iptables or equivalent to let Tomcat listen on port 443.
https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileg
es.3F

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

Re: Trouble using SSL with Tomcat 9

[Don Flinn]

Hi Andre

I installed a new download of tomcat 9, established one application with
php/java bridge (need php and java access). Set the SSL port to an unused
port, 443, and ran my app who's only out put is an H1 message.  This time I
get the expected error from Chrome with the red warning about bad
certificate.  However, the redirect went to https://localhost/Financial/
index.php - i.e. NO port number and of course drilling down couldn't find
my app which is at port 443, I believe.

Progress, but still no cigar.

The tomcat logs only showed  a 302. -  0:0:0:0:0:0:0:1 - -
[27/Sep/2017:05:08:12 -0400] "GET
/Financials/index.php?XDEBUG_SESSION_START=netbeans-xdebug
HTTP/1.1" 302 -

Don't know what my next step should be - any suggestions.  Your help to
this point has been great.  I greatly appreciate the help you are giving me.

Also, I'm sure you have seen, another user, John Ellis, is having somewhat
similar problems.


Don

On Mon, Sep 25, 2017 at 10:26 AM, André Warnier (tomcat) 
wrote:

> On 25.09.2017 15:57, Don Flinn wrote:
>
>> Andre,
>>
>> I've attached the output from netstat -a.  I see 8080 listening, but not
>> 8443.  I've also
>> attached the screen shot of the result of running my "protected"
>> application in Tomcat.
>>
>
> This list removes most attachments, so we did not get the screenshot.
> You have ti post it to dropbox or so, for us to have a look.
>
> But you should definitely look in the tomcat logfiles (in the subdirectory
> inventively named "logs"), to see why it did not open port 8443 when
> supposedly told to do so.
>
> As I mentioned, when I have Norton Security and it shuts down Windows
>> firewall and runs
>> its own firewall.
>>
>
> Yes, but if port 8443 is not open and listening, that's a secondary
> consideration now. The first is why tomcat does not open that port.
>
> P.S. There are additional options to netstat, which will also print the
> name of the process which "owns" that port. Makes it easier to scan the
> list, because it will say
> "tomcat" next to the ones opened by tomcat.
>
>
>> Don
>>
>> On Sun, Sep 24, 2017 at 5:52 PM, André Warnier (tomcat) > > wrote:
>>
>> On 24.09.2017 16 :08, Don Flinn wrote:
>>
>> Andre,
>>
>> I apologize for not giving all my information. As you perceived,
>> I'm
>> running Windows. Other info, Windows 10, Tomcat 9, java
>> 1.8.0_144.  As you
>> suggested, using netstat and telnet I found that port 8443 is not
>> open.
>> Looking further Windows firewall is controlled by Norton
>> security.  I am
>> now trying to find out how to open ports in Norton security using
>> the
>> Norton blog.
>>
>> Thank you for your help.  As is obvious, I'm a newbee in low
>> level admin
>> work.  I'm hoping that when I get port 8443 open things will
>> work.  I'll
>> let you know.
>>
>> Maybe wait just a second more, before you go digging in the firewall.
>> You say that you found out that "the port is not open".
>> That is not the same thing as
>> - the port /is/ open
>> - but it cannot be connected to
>> If netstat shows the port open and listening, but you cannot connect
>> to it with
>> telnet, it is probably a firewall issue.
>> But if the port is not open, then it is a tomcat issue.
>> Provided that you configured tomcat properly, the port should be
>> open, firewall or no
>> firewall. (A firewall can only block access by a client, to a server
>> port that is
>> open. It cannot prevent a server process to open that port for
>> listening.)
>> If it isn't open, the tomcat logs should tell you why.
>>
>>
>>
>>
>>
>> Don
>>
>>
>>
>> On Sun, Sep 24, 2017 at 6:44 AM, André Warnier (tomcat) <
>> a...@ice-sa.com
>> >
>> wrote:
>>
>> On 24.09.2017 02 :36, Don Flinn wrote:
>>
>> I'm trying to use a self signed certificate generated in
>> keytool.  When I
>> run the application Chrome, Firefox and internet Explorer
>> using
>> localhost:8080/ all the browsers do a redirect to
>> localhost:8443
>> and
>> then return This site can’t be reachedL*ocalhost* refused
>> to connect.
>> There is no red lined out protocol in any of the
>> browsers.  All the Tomcat
>> logs show no errors or warnings.  I can access
>> applications that are not
>> protected and tomcat itself.
>>
>>
>> I would suggest that you first re-read what you wrote above,
>> line by line,
>> and reflect quietly on what each line is telling you.
>>
>> 1) you say "localhost". That means that you are using a
>> browser as client,
>> on the same machine as the one which is running the server.
>> 2) you also say that one of the 

RE: tomcat ssl setup

[John Ellis]

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: l...@kreuser.name [mailto:l...@kreuser.name] 
Sent: Tuesday, September 26, 2017 3:26 PM
To: Tomcat Users List 
Subject: Re: tomcat ssl setup

John,



> Am 26.09.2017 um 21:26 schrieb John Ellis :
> 
> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
> what Jira and/or Confluence would use so I did that and it worked fine on 
> http port of 8080. I then edited the server.xml file again for the SSL port 
> and got the same result as before; never gets to a webpage login using the 
> secure port of 8443 but I can still get the webpage on port 8080. When I look 
> at the Tomcat 8 Catalina log file I see several lines where it says- 
> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
> googling that error and found a couple of posts saying to change from JKS to 
> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
> for the algorithm. Can someone provide me with the proper keytool commands 
> that I need to use to create an SSL certificate for Tomcat?   
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 


We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride a 
dead horse, also SSL setup has changed quite a bit in 8.5/9.0.

So my setup is as follows:

server.xml:

 

 

  

https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
 


I use openssl to create the certs (as let’s encrypt for an official cert will 
generate the same structure) and then convert to JKS:

openssl genrsa -aes256 -out server.key 4096 -subj 
"/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
openssl req -new -key server.key -out server.csr -sha512  -subj 
"/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
#there is more to it to get SAN extensions, but that’s not necessary to get it 
running

openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
server.crt # you may need your own ca and a signing-process to make this work 
in all browsers

#Verify Server Cert
openssl x509 -in server.crt -text -noout

openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts -name 
tomcat keytool -list -v -keystore jssecacerts -storepass changeit


Hope this helps for a start.

Regards

Peter

Peter I have never seen entries in the "" part of the 
server.xml file. Does that have to be in there for SSL to work in Tomcat?












-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: different a thread status in tomcat7,tomcat8

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

박원석,

On 9/26/17 5:29 AM, 박원석 wrote:
> Hello, I'm operating some services under this environment.
> 
> 1. server OS : RHEL 6.x JVM : 1.8.0_x WEB : httpd 2.2.24 WAS :
> tomcat-8.0.44(tomcat-native1.2.14) 2. server OS : RHEL 6.x JVM :
> 1.8.0_x WEB : httpd 2.2.24 WAS :
> tomcat-7.0.75(tomcat-native1.2.14)
> 
>   port="8009" protocol="AJP/1.3" redirectPort="9443" 
> URIEncoding="UTF-8" acceptCount="200" acceptorThreadCount="2"
> maxThreads="300" minSpareThreads="50"
> *connectionTimeout="15000*"/>
> 
> 
> I can see a RUNNABLE thread in my tomcat8.0.44  server that waits
> keep alive timeout(connectionTimeout) status.
> 
> 
> *only tomcat8 ===ajp-apr-8009-exec-8 (RUNNABLE)* - 42 
> 
> 
> org.apache.tomcat.jni.Socket.recvbb(Native Method) 
> org.apache.coyote.ajp.AjpAprProcessor.readSocket(AjpAprProcessor.java:
256)
>
> 
org.apache.coyote.ajp.AjpAprProcessor.read(AjpAprProcessor.java:197)
> org.apache.coyote.ajp.AbstractAjpProcessor.readMessage(AbstractAjpProc
essor.java:1091)
>
> 
org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.
java:804)
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(A
bstractProtocol.java:684)
>
> 
org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(Ap
rEndpoint.java:2458)
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
ava:1142)
>
> 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:617)
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
ead.java:61)
>
> 
java.lang.Thread.run(Thread.java:745)
> 
> 
> but I can't see a RUNNABLE thread in my tomcat7.0.75 server that
> server service a reguest and exactly change to TIMED_WATING status
> . why differnt beetween tomcat7 and tomcat8 ??
> 
> 
> *ajp-apr-8009-exec-5 (TIMED_WAITING)* - 39 
> 
> 
> sun.misc.Unsafe.park(Native Method) 
> java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:215)
>
> 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.aw
aitNanos(AbstractQueuedSynchronizer.java:2078)
> java.util.concurrent.LinkedBlockingQueue.poll(LinkedBlockingQueue.java
:467)
>
> 
org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:85)
> org.apache.tomcat.util.threads.TaskQueue.poll(TaskQueue.java:31) 
> java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.jav
a:1066)
>
> 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.jav
a:1127)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
java:617)
>
> 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThrea
d.java:61)
> java.lang.Thread.run(Thread.java:745)
> 

In Tomcat 8 you appear to be using the APR connector with the tcnative
library. I can tell from this part of your stack trace:

> org.apache.tomcat.jni.Socket.recvbb(Native Method) 
> org.apache.coyote.ajp.AjpAprProcessor.readSocket(AjpAprProcessor.java:
256)
>
> 
org.apache.coyote.ajp.AjpAprProcessor.read(AjpAprProcessor.java:197)
> org.apache.coyote.ajp.AbstractAjpProcessor.readMessage(AbstractAjpProc
essor.java:1091)
>
> 
org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.
java:804)

In your Tomcat 7 environment, you are also using the APR connector
(look at the thread name) but it looks like that particular thread is
waiting for more work (i.e. not in keepalive-wait).

I think you are looking at two different situations, here.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnLtVwACgkQHPApP6U8
pFiqYw//VIhIt2m+3nzczJlR1A949x8l81ODdjbRB0R/vCwUTpHomi1ae7PnrrBK
SEu53i78jIJ8egMmUq2E5DsVfMz7NVKr5lbzXrFKSO3fBAgppZ+YqPGQ59AkVRs0
78rZEhzPh/2xfrjH5/DGH1bNJq+HiZYwcvzBspn/7Yl4fAAecpho5B8Fr2/s2HyS
ysBCvJsPPLpCQrfu1bAygzSHlgAui7l6bvTFIMp/eD9ZDPx4B+aiv45/KdnNJhJP
tOEyWJRPxyCFCxL4n2dLapSGAR/l1fbNaYQlCdJ6ekmEvG8X/QiCqPImAIJdihrp
fYyLB3NN2rddy3dho9bjvoDm5BKyc4PtxBmsMmtdYU8uxi2+xQwGEWtEND2TdlCo
3dAzNMa/tHLERFwrBq4vzz6cUelKcineXbtxOACnvig48JsIjj+O5Ggt0ZQOAWDc
cFteLu+k0E1GfTZVqThMI10sT+FqyAz4Lrfhg5KYyjVg2AYCVmvKEizHVp4lpbqo
ERqpm9hU2/Ri7hU7VJ8RHnQW1b5ge2zbbTTVgMX009cSdzvbHnVbIRZZ3VDRhWqH
9ZB3Jg/2rmuOWhimynfyr4IVDLhppIo+TgtAjoIvN5WBNva9ph4eXGG5fbtWugsz
5Q7T28Y+nl1O3Rq+GZvhcGpZAthl/QCVyVV6IP+q66b0D5mE5Rc=
=F9/o
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Java 9 support + HSTS for tomcat.apache.org

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Oliver,

On 9/26/17 4:57 AM, Oliver Heister wrote:
> I have two suggestions:
> 
> 1. The table on http://tomcat.apache.org/whichversion.html has a
> column “Supported Java Versions” which has entries like “8 and
> later”.  My understanding from e.g. 
> https://marc.info/?l=tomcat-dev=150617891913261=2 is that
> currently no stable tomcat release supports Java 9 yet.
> 
> IMO a remark regarding Java 9 should be added to 
> http://tomcat.apache.org/whichversion.html .

Sounds good. I don't know of anything specific that does NOT work with
Java 9, but markt has been following the pre-releases of Java 9 pretty
closely, and has made adjustments (mostly disabling various
workarounds for bugs in previous JVMs) accordingly. There may be some
NEW items that may need to be worked-around -- those usually turn out
to be various ClassLoader-pinning memory-leaks -- but my guess is that
most Tomcat versions will work just find under Java 9 without any
special effort.

Could you try (the latest patch-level of) whatever version of Tomcat
you are currently using with Java 9 and let us know how things go?

> 2. Currently MITM attacks by evil ISPs or WiFi networks are
> possible against people downloading tomcat from 
> http://tomcat.apache.org/download-80.cgi . (The page has links to
> PGP, md5 and sha1 hashes for validation, but the links are on a
> http page that does not redirect to https. This means they could be
> replaced in case of MITM.)
> 
> IMO a HTTP 301 redirect to the https version and HSTS headers
> should be added to http://tomcat.apache.org/ .

Agreed about the redirect... not so sure about HSTS, as that affects
the whole domain.

> Should I try to submit issues in Bugzilla for both?

Yes, please. Post-back with URLs to the BZ issues you raise.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnLtH8ACgkQHPApP6U8
pFiODA//aTKgTuNYFZ+pLwZmweRXapD5lVfn2c9VWIh8DIaYuCa6LE1nGLNTrX9Z
p8WUj5gubOvjjtYYuoebZmrkLhS1l98tRqy6aUCnSgxkgUYJtoNGyKvMO0cceVg2
5mROW5B1fKhZdwonIWbpO6gGsrye5FC4elTPZE1B/iigPrK/sakhWCHPTARG5xHd
KJkimzppTewV/KExIyS4QeOPWn6RJPjGeZWDFNT5YDDsTEF3VKFqVnf2afLvs+Fp
mGjE47GsWjNJtKFkuQeAyI46zaRvbhW9g6XTtwGquNmZ+e4orJSKNfSjaM+CpkKk
UdmiddlsoyzyC6ZUvftUdLG35l4NPWHnuhTGdnuxAqm6xSRoB5M5zC7EYGoMzYGS
1HXQeqKqQtJG3NlPi7lOH+h7qJwMnGz8GvBlwtWTrxlzbXWKWu9UFwY2SceBEJOa
xavbUirNui5qyxbfWea8cnVVztDVbFEUJNv5G1i2tumQj7CuJjpgg/yr2m8MIU6M
c7sW1iKjrwmtUkr84Ha+C8CQO5zE1oRITCfKQHRcFNE+7xZq1LrNMVrnF9Oj5M++
pkoXh9wKlm+DT1h7Zx/icqOkRuSzgWaEob1Syx76+ixUJJCVd0sn9bUqx9g+URFv
x0bZpqzfMIQ8pO7ZYzhBcr8G/4t28TjZZybEmBPrDovy6kQVwyg=
=phJW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org