RE: How to setup client certificate based authentication in Tomcat 9

[Patkar Omkar Anant]

Hi Christopher,



Thank you for your help. We really appreciate it  ... Apologies for late reply 
though, as I am communicating with my office email id, and we had leaves here I 
could only reply now.



I will provide some more information here so that it is possible to imagine our 
requirement: -



The server A where tomcat is running... it hosts a REST based application (BPMN 
based called Camunda ... it’s a 3rd party application).

For e.g., when an application wants to trigger a workflow or BPMN deployed in 
Camunda, then they will fire the appropriate request to URL that looks 
something like this: -



https:///engine-rest/process-definition/key//start



Now, the requirement is ..., there are several custom processes deployed and 
multiple clients invoke multiple processes available with Camunda,... hence the 
 is the dynamic part here.

We want to apply client certificate authentication only for one of the process 
that only Application B will invoke using the above URL.

Thus, we are looking at: -

1) Applying client certificate authentication to only a particular URL and not 
for all URLs.

2) How to create the trust store ? How is it different from keystore ? can I 
use cacerts of the java that is used by tomcat as the trust store ?

3) Is enabling SSL mandatory for client certificate authentication ? because we 
any ways will import the client certificate in the trust store so is enabling 
SSL and sharing server certificate to client required here ?



Let me know if you need any more information.



Thanks and Regards

Omkar Patkar



-Original Message-
From: Christopher Schultz 
Sent: Wednesday, April 26, 2023 10:28 PM
To: users@tomcat.apache.org
Subject: Re: How to setup client certificate based authentication in Tomcat 9



Parkar,



On 4/26/23 10:34, Patkar Omkar Anant wrote:

> I am a bit newbie to this domain of client certificate-based

> authentication. We have two applications … A(server) and B(client).

>

> Web application A runs on Apache Tomcat 9.0.52. (it’s a REST API based

> application). Application B invokes the rest api of application A.

>

> Now we want to introduce client certificate-based authentication

> between A and B.

Good for you. I wish more and more services would (a) offer this and (b) 
actually use it.



> So far based on information I have gathered from the internet all I

> have got is different pieces, but I am not able to connect the dots

> how to setup or configure tomcat (where A is hosted) to achieve this

> requirement. > I have been provided certificate by application B that

> is going to access our application A.

Good so far. You need to configure Application A (server) with a "trust store" 
which contains that certificate.



> But what are realms, how to map them with the certificate provided to

> us and configure that realm in tomcat, where to store the certificate

> provided by client, how to enforce webapp on system A to go for client

> certificate authentication etc…these dots I am not able to connect.

You are very unlikely to need a Realm at all.



Will you be requiring a client cert for every connection, or is it only for 
some users?



> It would be great and appreciated, if someone can guide me the correct

> sequence and steps I should follow ? … basically, help me to connect

> the dots. 

In order to get Tomcat to request and/or process a client's TLS certificate, 
you need to alter your  to include some of these:



(https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support)



truststoreFile (points to the JKS or P12 (preferred) file that contains your 
trusted certificates)



certificateVerification (choose either "optional" for requesting but not 
requiring it for all clients or "required" to require a certificate to be 
presented by all clients)



If you just want to require all requests to present that certificate, then you 
need:



certificateVerification="required"

truststoreFile="mykeystore.p12"

truststorePassword="secret"



This should do all the checking you need. You should not even have to configure 
your web application to use CLIENT-CERT authentication unless you want to be 
able to identify the caller from within the application.



If you want that, reply and I can explain what happens next.



-chris



-

To unsubscribe, e-mail: 
users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: 
users-h...@tomcat.apache.org

Re: WebappClassLoaderBase error when upgrading Tomcat 8 to 8.5

[Jeremy Nguyen]

I was able to retrieve some logs that might shed some insight on the
parent classloader when running 8.5.87. I'll be frank that I don't quite
understand the mechanics of classloaders in Java.

LogFactory from
> org.eclipse.osgi.internal.loader.EquinoxClassLoader@1628551735] [LOOKUP]
> LogFactory implementation requested for the first time for context
> classloader org.apache.catalina.loader.ParallelWebappClassLoader@1204822967
>
> [LogFactory from
> org.eclipse.osgi.internal.loader.EquinoxClassLoader@1628551735] [LOOKUP]
> org.apache.catalina.loader.ParallelWebappClassLoader@1204822967 ==
> 'ParallelWebappClassLoader
>
> context: cg
>
> delegate: false
>
> --> Parent Classloader:
>
> org.cg.dao.webcontainer.tomcat.WebAppClassLoader@b887730
>
> '
>
> [LogFactory from
> org.eclipse.osgi.internal.loader.EquinoxClassLoader@1628551735] [LOOKUP]
> ClassLoader
> tree:org.apache.catalina.loader.ParallelWebappClassLoader@1204822967 -->
> org.cg.dao.webcontainer.tomcat.WebAppClassLoader@193492784 -->
> jdk.internal.loader.ClassLoaders$AppClassLoader@2085857771 (SYSTEM) -->
> jdk.internal.loader.ClassLoaders$PlatformClassLoader@105966264 --> BOOT
>
> May 02, 2023 7:23:21 PM org.apache.catalina.core.StandardContext
> listenerStart
>
> SEVERE: Exception sending context initialized event to listener instance
> of class [org.springframework.web.context.ContextLoaderListener]
>
> java.lang.NullPointerException
>
> at
> org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.inc(
> WebappClassLoaderBase.java:2775)
>
> at
> org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.hasMoreElements(
> WebappClassLoaderBase.java:2760)
>
> at org.apache.commons.logging.LogFactory.getConfigurationFile(
> LogFactory.java:1366)
>
> at org.apache.commons.logging.LogFactory.getFactory(LogFactory.java:453)
>
> at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:655)
>
> at org.springframework.web.context.ContextLoader.initWebApplicationContext(
> ContextLoader.java:269)
>
> at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(
> ContextLoaderListener.java:103)
>
> at org.apache.catalina.core.StandardContext.listenerStart(
> StandardContext.java:4492)
>
> at org.apache.catalina.core.StandardContext.startInternal(
> StandardContext.java:4950)
>
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
>
> at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:711)
>
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:688)
>
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661)
>
> at org.cg.dao.webcontainer.tomcat.TomcatWrapper.startWebApp(
> TomcatWrapper.java:185)
>
> at org.cg.dao.webcontainer.tomcat.TomcatWrapper.prepareAllWebApps(
> TomcatWrapper.java:140)
>
> at org.cg.dao.webcontainer.tomcat.TomcatWrapper.startServer(
> TomcatWrapper.java:206)
>
> at org.cg.dao.webcontainer.tomcat.Application.start(Application.java:30)
>
> at org.eclipse.equinox.internal.app.EclipseAppHandle.run(
> EclipseAppHandle.java:203)
>
> at
> org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(
> EclipseAppLauncher.java:136)
>
> at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(
> EclipseAppLauncher.java:104)
>
> at org.eclipse.core.runtime.adaptor.EclipseStarter.run(
> EclipseStarter.java:402)
>
> at org.eclipse.core.runtime.adaptor.EclipseStarter.run(
> EclipseStarter.java:255)
>
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
>
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>
> at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:659)
>
> at org.eclipse.equinox.launcher.Main.basicRun(Main.java:596)
>
> at org.eclipse.equinox.launcher.Main.run(Main.java:1467)
>
> at org.eclipse.equinox.launcher.Main.main(Main.java:1440)
>

On Tue, May 2, 2023 at 6:18 PM Jeremy Nguyen  wrote:

>  I picked 8.5.34 because 8.5.35 has that code change while 34 doesn't.
> https://github.com/apache/tomcat/blob/8.5.35/java/org/apache/catalina/loader/WebappClassLoaderBase.java#L1050
>
> I'll do some debugging for the classloader soon. I'm still trying to get
> my application running. I'm wrestling with the following error at runtime.
>
> Caused by: org.apache.jasper.JasperException: Unable to compile class for
>> JSP
>> at
>> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:610)
>> ~[jasper.jar:8.5.34]
>> at
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:382)
>> ~[jasper.jar:8.5.34]
>> at
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:386)
>> ~[jasper.jar:8.5.34]
>> at 

Re: WebappClassLoaderBase error when upgrading Tomcat 8 to 8.5

[Jeremy Nguyen]

 I picked 8.5.34 because 8.5.35 has that code change while 34 doesn't.
https://github.com/apache/tomcat/blob/8.5.35/java/org/apache/catalina/loader/WebappClassLoaderBase.java#L1050

I'll do some debugging for the classloader soon. I'm still trying to get my
application running. I'm wrestling with the following error at runtime.

Caused by: org.apache.jasper.JasperException: Unable to compile class for
> JSP
> at
> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:610)
> ~[jasper.jar:8.5.34]
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:382)
> ~[jasper.jar:8.5.34]
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:386)
> ~[jasper.jar:8.5.34]
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:330)
> ~[jasper.jar:8.5.34]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
> ~[servlet-api.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> ~[catalina.jar:8.5.34]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[catalina.jar:8.5.34]
> at
> com.centrify.platform.service.analytics.filter.GlobalAttributeFilter.doFilter(GlobalAttributeFilter.java:41)
> ~[com.centrify.platform.service.analytics/:?]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
> ~[spring-web-5.1.20.RELEASE.jar:5.1.20.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
> ~[spring-web-5.1.20.RELEASE.jar:5.1.20.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[catalina.jar:8.5.34]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[catalina.jar:8.5.34]
> at
> org.cg.services.core.filter.ExecutionTimeFilter.doFilterInternal(ExecutionTimeFilter.java:29)
> ~[org.cg.services.core/:?]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
> ~[spring-web-5.1.20.RELEASE.jar:5.1.20.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
> ~[spring-web-5.1.20.RELEASE.jar:5.1.20.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
> ~[spring-web-5.1.20.RELEASE.jar:5.1.20.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[catalina.jar:8.5.34]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[catalina.jar:8.5.34]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:112)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> ~[spring-security-web-4.1.0.RELEASE.jar:4.1.0.RELEASE]
> at
> org.pac4j.springframework.security.web.SecurityFilter.lambda$doFilter$1(SecurityFilter.java:52)
> ~[spring-security-pac4j-2.0.0.jar:?]
> at
> org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:136)
> ~[pac4j-core-1.9.1.jar:?]
> ... 34 more
> Caused by: java.lang.NullPointerException
> at
> org.apache.jasper.compiler.Validator$ValidateVisitor.(Validator.java:516)
> ~[jasper.jar:8.5.34]
> at
> 

Fw: AW: Maven tomcat7:redeploy upload reset/retry

[Peter Rader]

> > Hi Folks,
> >
> > I am running a tomcat 8.5.50.
> >
> > I try to upload a webapp using maven-tomcat7-plugin.
> >
> > It worked very good for a couple of years. I did nothing new to the
> > configuration.
> >
> > Then I see broken pipes during build:
> >
> >
> >     [INFO] Deploying war to http://www.foobar.de/manager/de.foobar.xxx-
> > 1.0.0-SNAPSHOT[https://deref-
> > gmx.net/mail/client/1mSXrDjDU9k/dereferrer/?redirectUrl=http%3A%2F%2Fw
> > ww.foobar.de%2Fmanager%2Fde.foobar.xxx-1.0.0-SNAPSHOT]
> >     Uploading: 
> > http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-[http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-]
> > 1.0.0-SNAPSHOT=true[https://deref-
> > gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fw
> > ww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-
> > SNAPSHOT%26update%3Dtrue]
> >     3534/82321 KB
> >     Uploading: 
> > http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-[http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-]
> > 1.0.0-SNAPSHOT=true[https://deref-
> > gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fw
> > ww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-
> > SNAPSHOT%26update%3Dtrue]
> >     3504/82321 KB
> >     Uploading: 
> > http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-[http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-]
> > 1.0.0-SNAPSHOT=true[https://deref-
> > gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fw
> > ww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-
> > SNAPSHOT%26update%3Dtrue]
> >     3684/82321 KB
> >     Uploading: 
> > http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-[http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-]
> > 1.0.0-SNAPSHOT=true[https://deref-
> > gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fw
> > ww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-
> > SNAPSHOT%26update%3Dtrue]
> >     3474/82321 KB
> >
> > The redeployment failed. I checked the free space and there are about 4
> > gigabyte free on the device.
> >
> > I already checked the upload-size in manager/WEB-INF/web.xml I already
> > checked the ip-disclosure in manager/META-INF/context.xml I already checked
> > the connectionTimeout in the http and https connector.
> > I already checked the username and password.
> > I already checked the roles.
> >
> > It have worked successfully until a few days. I changed nothing.
> >
> > Any ideas? (I do not like to update to a new tomcat-version)
> >
> > Kind regards
> >  Peter Rader
> > -- 
> 
> Could you check the tomcat logs?
> Under normal circumstances there should be some information to track down the 
> issue.
> Check all the log files according to the timestamp and post snippets, if you 
> find something related.
> 
> Greetings,
> Thomas
> 
> 

I checked the Tomcat-logs using enabled logging I saw:

02-May-2023 11:56:44.656 FINE [http-nio-80-exec-4] 
org.apache.catalina.realm.RealmBase.hasResourcePermission Role found:  
manager-script
02-May-2023 11:56:44.657 FINE [http-nio-80-exec-4] 
org.apache.catalina.authenticator.AuthenticatorBase.invoke Successfully passed 
all security constraints
02-May-2023 11:56:44.657 FINER [http-nio-80-exec-4] 
org.apache.catalina.core.StandardWrapper.allocate   Returning non-STM instance
02-May-2023 11:56:44.657 INFO [http-nio-80-exec-4] 
org.apache.catalina.core.ApplicationContext.log Manager: deploy: Deploying web 
application 'de.foobar.xxx-1.0.0-SNAPSHOT'
02-May-2023 11:56:44.814 FINE 
[ContainerBackgroundProcessor[StandardEngine[Catalina]]] 
org.apache.catalina.startup.HostConfig.checkResources Checking context[] 
redeploy resource /usr/local/share/apache-tomcat-8.5.50/webapps/ROOT.war
02-May-2023 11:56:44.814 FINE 
[ContainerBackgroundProcessor[StandardEngine[Catalina]]] 
org.apache.catalina.startup.HostConfig.checkResources Checking context[] 
redeploy resource /usr/local/share/apache-tomcat-8.5.50/webapps/ROOT
(last two messages are repeated 50 times the different applications)

As you can see, the authentication completed successfully.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: WebappClassLoaderBase error when upgrading Tomcat 8 to 8.5

[Christopher Schultz]

Jeremy,

On 5/1/23 17:46, Jeremy Nguyen wrote:

I noticed this change was introduced:
https://bz.apache.org/bugzilla/show_bug.cgi?id=62868
https://github.com/apache/tomcat/blame/8.5.x/java/org/apache/catalina/loader/WebappClassLoaderBase.java#L1122

I'll try running 8.5.34 and report back.


Wow that's ancient. What made you pick 8.5.34? That change should have 
gone into 8.5.36. Can you try both 8.5.35 and 8.5.36 and let us know 
which (if either) works?


I wonder if the parent ClassLoader is violating the contract for 
getResources().


Jeremy, can you throw some code into your application that runs early 
(like in org.cg.dao.webcontainer.tomcat.TomcatWrapper.startWebApp) that 
reports the class name of thew parent ClassLoader for the 
WebappClassLoader being used for the webapp?


If you aren't able to do that -- and since you are running from Eclipse 
-- try putting a breakpoint in WebappClassLoaderBase.getResources
 and just inspecting the situation at that point -- you should be able 
to see what the parent ClassLoader is, and even see what 
getParent().getResources() returns.


-chris


On Mon, May 1, 2023 at 2:12 PM Rob Sargent  wrote:




On 5/1/23 14:36, Christopher Schultz wrote:

Jeremy,

On 5/1/23 14:22, Jeremy Nguyen wrote:

I'm trying to upgrade Tomcat 8 to 8.5 and I'm getting a
nullpointerexception within
WebappClassLoaderBase.CombinedEnumeration.inc.
It seems to occur when it's trying to initialize commons-logging
LogFactory
for any class specified in Web.xml, and it's calling
getResources("commons-logging.properties") which I never had. Is it
required in 8.5? Even if I put it in conf/, it's not being picked up.

We're running Tomcat using a wrapper and it's erroring out here:


https://github.com/CodeGerm/osgi-server/blob/master/plugins/org.cg.dao.webcontainer/src/org/cg/dao/webcontainer/tomcat/TomcatWrapper.java#L185



I posted my web.xml and error trace here as well:


https://stackoverflow.com/questions/76139108/web-xml-configuration-is-broken-when-upgrading-to-tomcat-8-5-and-spring-5-1




I have no idea how this is throwing an NPE. The only pointer being
dereferenced by the inc() method is "sources":

2773private boolean inc() {
2774while (index < sources.length) {
2775if (sources[index].hasMoreElements()) {
2776return true;
2777}
2778index++;
2779}
2780return false;
2781}

That member (sources) is instantiated in the one-and-only-one
constructor:

 CombinedEnumeration(Enumeration enum1, Enumeration
enum2) {
 @SuppressWarnings("unchecked")
 Enumeration[] sources = new Enumeration[] { enum1,
enum2 };
 this.sources = sources;
 }

Also weird is that this throws NPE on line 2775 and not 2774. I can't
explain how line 2775 could throw an NPE if line 2774 did not.


:/


Is the null pointer in the index'th position of source, not source itself?



I use Tomcat 8.5.x and I have never had a commons-logging.properties
file, and I use some components which are surely causing
commons-logging LogFactory to initialize, and I've never seen this
problem before.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: WebappClassLoaderBase error when upgrading Tomcat 8 to 8.5

[Christopher Schultz]

Rob,

On 5/1/23 17:12, Rob Sargent wrote:
=> On 5/1/23 14:36, Christopher Schultz wrote:

Jeremy,

On 5/1/23 14:22, Jeremy Nguyen wrote:

I'm trying to upgrade Tomcat 8 to 8.5 and I'm getting a
nullpointerexception within 
WebappClassLoaderBase.CombinedEnumeration.inc.
It seems to occur when it's trying to initialize commons-logging 
LogFactory

for any class specified in Web.xml, and it's calling
getResources("commons-logging.properties") which I never had. Is it
required in 8.5? Even if I put it in conf/, it's not being picked up.

We're running Tomcat using a wrapper and it's erroring out here:
https://github.com/CodeGerm/osgi-server/blob/master/plugins/org.cg.dao.webcontainer/src/org/cg/dao/webcontainer/tomcat/TomcatWrapper.java#L185

I posted my web.xml and error trace here as well:
https://stackoverflow.com/questions/76139108/web-xml-configuration-is-broken-when-upgrading-to-tomcat-8-5-and-spring-5-1


I have no idea how this is throwing an NPE. The only pointer being 
dereferenced by the inc() method is "sources":


2773    private boolean inc() {
2774    while (index < sources.length) {
2775    if (sources[index].hasMoreElements()) {
2776    return true;
2777    }
2778    index++;
2779    }
2780    return false;
2781    }

That member (sources) is instantiated in the one-and-only-one 
constructor:


    CombinedEnumeration(Enumeration enum1, Enumeration 
enum2) {

    @SuppressWarnings("unchecked")
    Enumeration[] sources = new Enumeration[] { enum1, 
enum2 };

    this.sources = sources;
    }

Also weird is that this throws NPE on line 2775 and not 2774. I can't 
explain how line 2775 could throw an NPE if line 2774 did not.


>:/


Is the null pointer in the index'th position of source, not source itself?


Possibly (and it's really the only probable cause), but the 
documentation for getResources() and findResources() (both of which are 
used to assemble the CombinedEnumeration in the first place) say that if 
no resources are found, an empty Enumeration is returned, not null.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: Maven tomcat7:redeploy upload reset/retry

[Thomas Hoffmann (Speed4Trade GmbH)]

Hello Peter,

> -Ursprüngliche Nachricht-
> Von: Peter Rader 
> Gesendet: Dienstag, 2. Mai 2023 12:41
> An: users@tomcat.apache.org
> Betreff: Maven tomcat7:redeploy upload reset/retry
> 
> Hi Folks,
> 
> I am running a tomcat 8.5.50.
> 
> I try to upload a webapp using maven-tomcat7-plugin.
> 
> It worked very good for a couple of years. I did nothing new to the
> configuration.
> 
> Then I see broken pipes during build:
> 
> 
>     [INFO] Deploying war to http://www.foobar.de/manager/de.foobar.xxx-
> 1.0.0-SNAPSHOT[https://deref-
> gmx.net/mail/client/1mSXrDjDU9k/dereferrer/?redirectUrl=http%3A%2F%2Fw
> ww.foobar.de%2Fmanager%2Fde.foobar.xxx-1.0.0-SNAPSHOT]
>     Uploading: http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-
> 1.0.0-SNAPSHOT=true[https://deref-
> gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fw
> ww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-
> SNAPSHOT%26update%3Dtrue]
>     3534/82321 KB
>     Uploading: http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-
> 1.0.0-SNAPSHOT=true[https://deref-
> gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fw
> ww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-
> SNAPSHOT%26update%3Dtrue]
>     3504/82321 KB
>     Uploading: http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-
> 1.0.0-SNAPSHOT=true[https://deref-
> gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fw
> ww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-
> SNAPSHOT%26update%3Dtrue]
>     3684/82321 KB
>     Uploading: http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-
> 1.0.0-SNAPSHOT=true[https://deref-
> gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fw
> ww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-
> SNAPSHOT%26update%3Dtrue]
>     3474/82321 KB
> 
> The redeployment failed. I checked the free space and there are about 4
> gigabyte free on the device.
> 
> I already checked the upload-size in manager/WEB-INF/web.xml I already
> checked the ip-disclosure in manager/META-INF/context.xml I already checked
> the connectionTimeout in the http and https connector.
> I already checked the username and password.
> I already checked the roles.
> 
> It have worked successfully until a few days. I changed nothing.
> 
> Any ideas? (I do not like to update to a new tomcat-version)
> 
> Kind regards
>  Peter Rader
> --

Could you check the tomcat logs?
Under normal circumstances there should be some information to track down the 
issue.
Check all the log files according to the timestamp and post snippets, if you 
find something related.

Greetings,
Thomas

Maven tomcat7:redeploy upload reset/retry

[Peter Rader]

Hi Folks,
 
I am running a tomcat 8.5.50.
 
I try to upload a webapp using maven-tomcat7-plugin.
 
It worked very good for a couple of years. I did nothing new to the 
configuration.
 
Then I see broken pipes during build:
 

    [INFO] Deploying war to 
http://www.foobar.de/manager/de.foobar.xxx-1.0.0-SNAPSHOT[https://deref-gmx.net/mail/client/1mSXrDjDU9k/dereferrer/?redirectUrl=http%3A%2F%2Fwww.foobar.de%2Fmanager%2Fde.foobar.xxx-1.0.0-SNAPSHOT]
  
    Uploading: 
http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-1.0.0-SNAPSHOT=true[https://deref-gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fwww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-SNAPSHOT%26update%3Dtrue]
    3534/82321 KB   
    Uploading: 
http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-1.0.0-SNAPSHOT=true[https://deref-gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fwww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-SNAPSHOT%26update%3Dtrue]
    3504/82321 KB   
    Uploading: 
http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-1.0.0-SNAPSHOT=true[https://deref-gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fwww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-SNAPSHOT%26update%3Dtrue]
    3684/82321 KB   
    Uploading: 
http://www.foobar.de/manager/text/deploy?path=de.foobar.xxx-1.0.0-SNAPSHOT=true[https://deref-gmx.net/mail/client/LgHF_x8BUC4/dereferrer/?redirectUrl=http%3A%2F%2Fwww.foobar.de%2Fmanager%2Ftext%2Fdeploy%3Fpath%3Dde.foobar.xxx-1.0.0-SNAPSHOT%26update%3Dtrue]
    3474/82321 KB   
 
The redeployment failed. I checked the free space and there are about 4 
gigabyte free on the device.
 
I already checked the upload-size in manager/WEB-INF/web.xml
I already checked the ip-disclosure in manager/META-INF/context.xml
I already checked the connectionTimeout in the http and https connector.
I already checked the username and password.
I already checked the roles.
 
It have worked successfully until a few days. I changed nothing.
 
Any ideas? (I do not like to update to a new tomcat-version)
 
Kind regards
 Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
Fax: 0049 (0)30 / 6 29 33 29 6
Handy: 0049 (0)176 / 87 521 576
Handy: 0049 (0)176 / 47 876 303

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org