Re: 9.0.13 encrypted cluster traffic

2018-12-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Keiichi,

On 12/25/18 02:33, Keiichi Fujino wrote:
> 2018年12月23日(日) 2:10 Christopher Schultz
> :
> 
> Keiichi,
> 
> On 12/21/18 02:58, Keiichi Fujino wrote:
 2018年12月21日(金) 12:11 Christopher Schultz 
 :
 
 Tim,
 
 On 12/20/18 10:18, Tim K wrote:
 
 I just downloaded and tried 9.0.14 but I'm still
 getting the same BadPaddingException upon starting
 the second instance.  I confirmed the encryptionKey
 matches on my two instances.
 
>>> 
>>> Maybe something is wrong with my config?  For this
>>> test, I have both Tomcats on the same server using
>>> different ports:
 
 This is the only thing that matters to the encryption
 interceptor:
 
>>> >> className="org.apache.catalina.tribes.group.interceptors.Encrypt
Int
>
>>> 
erc
 
>>> 
> eptor"
>>> 
>>> 
 encryptionKey="e0f2cdf931e99fdce0453964294f97f3" />
 
 I'm not sure if the order of encrypt/asyncdispatch
 interceptors matters much.
 
 
 
> Hi.
 
> The case of using TcpFailureDetector, there is a case to
> write directly without passing through the interceptor
> chain.
 
> TcpFailureDetector#memberAlive writes the channel data
> directly to outputstream without passing through the
> interceptor chain. However, when receiving this channel
> data, It passes through the interceptor chain. So, it must
> be received by TcpFailureDetector before decrypt of
> EncryptInterceptor. That is, the order is important. The
> order is EncryptInterceptor -> TcpFailureDetector.
> 
> How's this for an update to the EncryptInterceptor documentation:
> 
> " If using the TcpFailureDetector, the 
> EncryptInterceptor must be inserted into the
> interceptor chain before the 
> TcpFailureDetector. This is becuase the 
> TcpFailureDetector writes channel data directly 
> without using the remainder of the interceptor chain, but on the
> receiving side, the message still goes through the chain (in
> reverse). Because of this asymmetry, the
> EncryptInterceptor must execute before the
> TcpFailureDetector on the sender and after it
> on the receiver. "
> 
> 
>> Hi Chris.
> 
>> Writing channel data directly is only for member verification. 
>> Normal message are sent/received via the interceptor chain. So,
>> It may be better to add a sentence that interprets that writing
>> channel data directly is only for member verification. such as,
>> "When TcpFailureDetector validates cluster members..." etc.

How about this:

"
If using the TcpFailureDetector, the
EncryptInterceptor
must be inserted into the interceptor chain before the
TcpFailureDetector. This is becuase when validating cluster
members, TcpFailureDetector writes channel data directly
to the other members without using the remainder of the interceptor chai
n,
but on the receiving side, the message still goes through the chain (in
reverse).
Because of this asymmetry, the EncryptInterceptor must
execute
before the TcpFailureDetector on the sender and
after
it on the receiver, otherwise message corruption will occur.
"

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwo1DkACgkQHPApP6U8
pFj5RxAAhhhMiY//Q5JqJOUSD4whffm64N0jlq1tpmQzVp5bU9Xu6qL36aelFZMP
YH4VTQOvWwcPDyYBirix1feBBYWTIfIHCGtRw26fWj7OilE+EouiMM1gVPyfKSqj
LdrTlDpTzQ7LeZdukkYKIDNpaI02k9EbeYWCNi3AHIp3YCB0dX3XnpN4dmnm7lsw
idwc8B2ExmkdSqy/4Yzn21IIia2DSfAA8BrdHlwlWiAF8VQZyVMO/gkeXk4HQ4Fg
jwKdRtZxNcwyMW4o2S2owYNFdd85pNyPiFihTS7M0+WHoLHRO29kR/c0yeVlBfCf
AijiVpTjKyYZ/Al0cavuBRDty5Cg0AEX0DDwj1PvxUQ+i1Teiv3Y7f8IhpEnwmFI
AFoVFN3lghJ5U/cMkm+TzDjwME2TbTup35zabclzNTpDx7EKjPve66MJmOs4xxoJ
jtKepyt9W5z9/FlhAvxxrLJjj5T3LJSqBrtSw+YUlj0DKqrW92sxf5s3hHoy4tkH
Fji36KYx8Sryj+jQsyd+w7YlZHZ7A6W7wRIKBtqc/zxECowHSD5Q2fpqC9hUTMfN
TB9JPhFvwOBRgDWp5UWTT3JHidOQSiL/0OFdvW2d5RutZq424MpY2gObFJIoRYMp
uRIwO+AU7kyt6kkSYpN/dShScGOJ8sdX0TBK2K9CyrbK8OD5H4U=
=y0zP
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fw: Re: Tomcat Manager keeps asking for Authentication

2018-12-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Karen,

On 12/23/18 01:04, Karen Goh wrote:
> 
> 
> --- On Sun, 12/23/18, Karen Goh  wrote:
> 
>> From: Karen Goh  Subject: Re: Tomcat
>> Manager keeps asking for Authentication To: "Tomcat Users List"
>>  Date: Sunday, December 23, 2018, 1:40
>> PM
>> 
>>  On Sat, 12/22/18,
>> Mark Thomas  wrote:
>> 
>> Subject: Re: Tomcat Manager keeps asking for Authentication To:
>> users@tomcat.apache.org Date: Saturday, December 22, 2018, 7:56
>> PM
>> 
>> On 22/12/2018 09:12, Karen Goh wrote:
>>> 
>>> I am
>> running Netbean 8.2 and am trying to study a web project from
>> github.
>>> 
>>> It
>> was stated that certain pages are constrained by the Tomcat Role,
>> in order to view the Admin panel.
>>> 
>> 
>>> So, what I did was to alter the
>> Tomcat C:\Program Files\Apache Software Foundation\Apache Tomcat 
>> 8.0.27\conf\tomcat-user.xml
>> 
>> Note: 8.0.x has reached end of life and is no longer supported.
>> 
>>> 
>>> And here's what I added:
>>> 
>>> 
>> 
>>> > rolename="tomcat"/>
>>> 
>> 
>>> > rolename="manager-gui"/>
>>> 
>> > username="tomcat"/>
>>> 
>> 
>>> 
>> 
>>> 
>> > username="me"/>
>>> 
>> 
>> 
>> Are you sure the above is not commented out?
>> 
>> Mark
>> 
>> Hello Mark,
>> 
>> Thanks for your reply and thanks for your last reply about the
>> changing the xml file in which I havn't thank you cos I was
>> grappling with so many things...
>> 
>> I just found out that this guy he is using some kind of 'embedded
>> Tomcat' to do the work I am not very sure though.
>> 
>> And so I was trying to edit an external Tomcat server thus it
>> never works.
>> 
>> I am quite new to the way it was done cos eventually I found it
>> inside apache-tomcat inside the AppData !
>> 
>> C:\Users\xxx\\Roaming\NetBeans\8.2\apache-tomcat-8.0.27.0_base\conf\t
omcat-user.xml
>>
>>
>> 
Can I know what is this method about?
>> 
> In addition, I'd like to know how to clean Tomcat directory in this
> case?
> 
> Cos now after examining the server log, I saw an error : The
> reference to entity "ampUseLegacyDatetimeCode" must end with the
> ';' delimiter.)
> 
> So, I edited the persistence.xml to ;
> 
> jdbc:mysql://localhost:3306/music_store?autoReconnect=true;UseLegacyDa
tetimeCode=false;serverTimezone=UTC;seSSL=False"/>

You
> 
want to use  between the parameters. You removed the & which
are important, but since they are in an XML file, they need to be
converted into 

> But, it still gives me the old error.

At this point, I'm not sure what and how many questions you are
asking. Can you post a new thread with your complete question in it?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwo0v4ACgkQHPApP6U8
pFgs4hAAmj/ubFir9RzQ/WfkncOqCzVrIb7R2YNmtIWIxMH8io30/hSH79qhmdsF
Ei6I21qLJWzdsWVuGCmkL2SqD17B/sZy8qXsLFKDo0CbYscf0IdSVQJMpdaWU6Do
gpYzWjWWedwNQrjNaTTxFRQYmsh4gUQKRl2XSqF4Og48dN7oE1ilCkNexy9UBAc7
APWWbZeqwTFMYClHkQXBTAz5UYzUOYe2HJned004rLDE2LSx/LQv1pDNdagG+27v
1FArLzAXV71ENRTltLHmVkw5+SD7DiO4DoFERsJvCUGUUIsC5stbLFaW+R//FW/F
dLCA0D+fWG9oP6hdJUR+aSPtXHSnh+hOwVbKsSlNPmtN6Gf0ArObnbTN1eCzUPVK
q5xN2P/hITblLwyXJypZn4Qm3a50aOxSYcEsRNxl8sUAkKnvWDUc4HNEijNnSW4v
l5l3ol2vyedUeHBIR3JRnWaIIL9ykQsWS+yHCvJ2pEzQ1Eq/Ofm++TUN2gx97cZe
mzXtnfI6D0OOjCgOSANCZsuy4JjdllBWfbQHYPGCk9Tk6Ttp0jtfLRLVKLgMPGLe
71YXkhHvwKy1VL/Lnd5UiT50fz5OH7E4KfwiBnBZWwbUewCQY+clr//Ke8SWkUBr
e+qb/y0OnNKgn6OzwzNn66tAzDk+utoxUrQcM3g3r99Kpn3sEXY=
=U7hg
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org