Chris
CS> HTTP POST should not be prohibited unless I'm reading
CS> both the code and the CSRF specs incorrectly.
cjb> Pretend that it does. How would you solve that?
CS> You have to manually add the CSRF token in each
CS> in a hidden FORM parameter. It's doable, but it sucks to
CS> have to
Hi Chris
> Any ideas? About EITHER issue?
> Ping. Any ideas?
Yeah, and hopefully you won't gag too much. :-P
[SNIP]
> My application is using log4j2, but that library is only used by the
> application
> and the JAR file is in WEB-INF/lib/. I wouldn't expect that it would interfere
> with
Amit
> -Djava.security.properties=file:/path/to/java_security_properties_file
That "file:" prefix looks like Spring syntax. Is the prefix needed on the JVM
command line?
--
Cris Berneburg
CACI Senior Software Engineer
-Original Message-
From: Amit Pande
Sent: Tuesday, October 31,
Hi Timothy
Sorry, I'm a little late to the party for a reply.
On an older project, when pulling cert info (using javax), we grabbed it from
the session, not the request, even though the attribute name says "request".
HttpSession session = httpRequest.getSession();
Object rawSubject =
Hey Chris
> I always include a ROOT context so I don't get nasty errors if
> there is some kind of misconfiguration at the proxy, etc. It also
> allows rewrites to be done "outside" of "the application", etc.
Out of curiosity, what do you put in that ROOT context? A dummy / placeholder
or the
.
Short note from my side:
WinsxS is the cache for windows updates.
You should not copy from that location and also don't mess around with windows
internal folders
Von: Berneburg, Cris J. - US
mailto:cberneb...@caci.com.INVALID>>
Gesendet:
","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Apache
Software Foundation\Procrun 2.0\Tomcat10\Parameters\Log\LogJniMessages","NAME
NOT FOUND","Length: 16"
"1:39:55.6939013
PM","Tomcat10.exe","12464","RegQueryValue&
Hi Larry
Some general guessing questions:
1. Does the Windows Event Viewer provide any insight into the service failing?
2. Is this possibly one of those issues due to a missing msvcr100.dll?
- Cris B.
-Original Message-
From: Heidt, Larry
Sent: Monday, September 19, 2022 5:15 PM
To:
Terence
> I created an issue for the blank digest messages:
> https://issues.apache.org/jira/browse/INFRA-23675
> which appears to be due a missing CRLF sequence following
> the header section. It's currently "WAITING FOR INFRA" so
> I don't think anyone has had a chance to look at it.
Thanks
> 2. Also, some digest messages are blank for me, but other
> folks' replies to them are not. It's often original messages
> from specific users. Maybe we can compare what we see.
> Not using multiple client apps, I don't know if the blankness
> is due to client app misinterpretation or if the
Hi Terence
I have similar issues.
> First, I was suddenly unable to send e-mail to the list using an
> e-mail address that I have used on the list since at least 2005,
> as mentioned above. I got around this by (re)subscribing to both
> users and users-digest. This may be why you found my e-mail
Congrats Han! :-D
--
Cris Berneburg
CACI Senior Software Engineer
-Original Message-
From: Mark Thomas
Sent: Tuesday, September 6, 2022 3:38 AM
To: Tomcat Developers List ; Tomcat Users List
Subject: [ANN] New committer: Han Li
Please join me in congratulating Han.
Kind regards,
Chris, and the rest of the TC team
cs> Note that Java 10 will auto-migrate older applications for you
cs> without modification. It's kind of a friendly bootstrapping feature
cs> to help developers make the transition to pre-Jakarta-EE to
cs> port-Jakarta-EE.
Thaaanks! :-)
cs> the transition
Mark, et al
> Running Tomcat in a container via Docker Desktop on a Windows host
> with the web application served from a location on the host mounted
> /bound to the container is insecure.
So the app resides on the "host" OS file system and is mounted into the Docker
"guest" container, rather
w> I install tomcat 9 using downloaded installation package. It was installed
successfully.
w> I made tomcat manager working. I deployed my application... Suddenly, tomcat
stopped.
w> Then I try to restart it using windows service. I got error 5: access
denied. I uninstalled
w> tomcat and
Hi Mark
crisb> P.S.: If a documentation update is recommended,
crisb> I would be happy to make the changes,
crisb> but I would probably need guidance for that too. ;-)
markt> Source file is here:
markt> https://github.com/apache/tomcat/blob/main/webapps/docs/config/http.xml
markt> A pull
Thanks Mark :-)
crisb> Is it possible to connect IIS to TC using HTTP instead of AJP?
crisb> Several "Tomcat IIS How-To" articles all mention using AJP
crisb> (not HTTP) using an ISAPI redirector.
markt> In theory, yes. You'd need to find an HTTP reverse proxy component for
IIS.
markt> This
Carsten and Mark
Thanks for the info. :-)
crisb> Weird, when going thru IIS to TC, it's not compressed
c.klein> IIS fetches the requested resource from TC, acting as an HTTP client
(or are you using AJP with IIS?).
markt> IIS will be using AJP to talk to Tomcat which doesn't support
Thanks Mark!
cb> 1. compressionMinSize - What are the units, bytes?
Markt> Yes.
cb> 2. compressibleMimeType - If you specify a type explicitly, [...] Are [the
defaults]
cb> over-ridden, so they need to be specified explicitly too? Or is it
cumulative?
Markt> Default is over-ridden.
OK, that
Hi Ravi :-)
> My web app is based on Tomcat 9.0.45 server. I have migrated from Tomcat 7 to
> Tomcat 9
> and from log4j 1.x to log4j 2.x. I have updated the log4j2.properties as per
> log4j 2.x standard,
> still my tomcat.log file is not getting generated and all the application log
> are
Hi Folks :-)
Got some questions about turning on compression. Looking at the documentation
(I did not read the whole thing, just the portions in question), I still need
some clarification.
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html
1. compressionMinSize - What are the units,
Hi Chris
Was there a final resolution to this?
--
Cris Berneburg
CACI Senior Software Engineer
-Original Message-
From: Christopher Schultz
Sent: Wednesday, June 2, 2021 1:52 PM
To: Tomcat Users List
Subject: Strange error with JSP
All,
I don't do too much work with JSPs, but I do
Eric and Mark
Just curious...
Eric> We can run 75 to 125 instances of tomcat on a single Linux server
Eric, Do you have or need a centralized way of managing all those instances?
It sounds like different support groups connect to their own instances, if I
understand correctly.
Mark> if
Chris
[major snippage]
CS> app/work/Catalina/localhost/[$context]/org/apache/jsp/admin/
CS> SessionSnooper_jsp.java exist and have file-dates from way back
CS> in 2016. (No recent changes)
CS> This is Tomcat 8.5.65 from a stock ASF-distrubuted tarball,
CS> launched using "catalina.sh start".
Thanks Chris
[snip, snip, snippety-snip]
CS> What's the database? And the driver?
Oracle 19, oracle.jdbc.OracleDriver - jdbc:oracle:thin.
CS> MySQL Connector/J used to (still does?) read 100% of the results
CS> into the heap before Statement.executeQuery() returns unless you
CS> specifically
Hi Chris
cs> This is a relatively simple JSP. There are no tag libraries in use and
cs> there are 3 imports of JSPs which contain some static utility functions.
Sorry, no technical suggestions, but some questions...
Can you load those 3 dependent JSP's in a browser via URL (or are they
Hi Chris
[lots of snippage]
cb> One of our web apps is using a "lot" of memory, specifically a big
cb> user query. We'd like to find out why.
cb> 1. Is there a way to analyze uncollected garbage?
cb> * AWS EC2 instance.
cb> * There are other TC instances on the same server.
cb> * Each TC
Hi Raghunath
cb> One of our web apps is using a "lot" of memory,
cb> specifically a big user query. We'd like to find out why.
cb> 1. Is there a way to analyze uncollected garbage?
rm> You could try using the Oracle utility - "jstat" - for analyzing
rm> the GC in an active Java process (PID)
Hi John :-)
cb> 1. Is there a way to analyze uncollected garbage?
cb> 2. Is that a reasonable way to identify potential memory usage problems?
jeg> MAT has an option to "Keep unreachable options." It's under preferences.
Thanks for the suggestion! I did not know about that option.
jeg> It
Hi Amit :-)
cb> 1. Is there a way to analyze uncollected garbage?
cb> 2. Is that a reasonable way to identify potential memory usage problems?
ap> Have you enabled the " Enable 'keep unreachable objects'" setting of MAT?
ap> https://blog.gceasy.io/2015/12/11/eclipse-mat-titbits/
No, I had not
Hi Folks :-)
One of our web apps is using a "lot" of memory, specifically a big user query.
We'd like to find out why.
The Tomcat Web Application Manager Find leaks button said that "No web
applications appear to have triggered a memory leak on stop, reload or
undeploy."
Tomcat Manager
Hi Mark
Thanks for getting back with me. :-)
markt> What is the setting for unpackWARs for Host?
These are the host settings in server.xml:
name="localhost"
appBase="webapps"
unpackWARs="true"
autoDeploy="true"
deployOnStartup="false"
markt> Running directly from a WAR (with
Hi Folks
Sometimes we get strange errors after deployments to our test server. We just
"solved" some weirdness by manually cleaning out the TC temp folder(s) - again.
Googling confirms what I thought about the TC work versus temp folder:
* "work stores compiled JSPs and other assets".
* "temp
Hi Chris
cb> I was thinking of a servlet request (or something) that is called on
cb> startup that could also be called later on-demand(?).
cs> How would you trigger that servlet to be called on startup?
cs> Some kind of script that does catalina.sh && sleep $time
cs> && curl
Hi Thomas
Thanks for the info and your opinion! :-)
cb> 1. Is performing DB heavy-lifting operations in ServletContextListener
cb> a "reasonable" practice?
cb> 2. Is there a "better" way of caching said items at application
cb> startup?
tm> What happens when the DB has problems when the
Hey Chris
cb> 1. Is performing DB heavy-lifting operations in ServletContextListener a
"reasonable" practice?
cb> 2. Is there a "better" way of caching said items at application startup?
cs> IMHO there is no better way than using a ServletContextListener to load
things at startup.
OK, good
Hi Folks
I'm working on an old legacy app and noticed something. It caches a bunch of
info (lookup table data) from the database using a ServletContextListener. I
think opening DB connections in a listener is reasonable. While there is no
business logic in the listener, I'm not sure doing a
Thanks again Mark :-)
mt> how that Map is pruned (it is currently too aggressive)
mt> if Tomcat is processing 10k req/s just keeping track of
mt> the last 30s is potentially 300k streams. How to do that
mt> efficiently for all usage patterns is a problem that
mt> needs some thought.
Sounds a
Hi Mark
Thanks for taking the time to explain that to me. :-)
A few more questions, if you don't mind.
cjb> TC thinks the stream should be closed when the client
cjb> thinks the stream is still open? Basically RST_STREAM
cjb> is a keep-alive?
mt> No. The stream closed cleanly. The client is
Hi Mark
As with most topics here, I struggle to understand what is being discussed.
:-) So please bear with me.
> improving how Tomcat handles traffic like this.
>
> Looks like Tomcat could prune the closed streams
> less aggressively.
>
> At the moment it waits until there are
>
Thanks Chris!
CS> IMO, the JSP effort was a stepping-stone on a path to better
CS> technologies like Velocity, FreeMarker, and others. If I were
CS> king, JSP would just go away. Just my POV of course [...]
cjb> what do you like better about Velocity, FreeMarker, etc.
cjb> more than JSP?
CS> I
Hey Chris
CS> IMO, the JSP effort was a stepping-stone on a path to better
CS> technologies like Velocity, FreeMarker, and others. If I were
CS> king, JSP would just go away. Just my POV of course, you are
CS> welcome to fall in love with JSP. :)
Seeing as I am ever on the trailing edge of
Rony
RF> If possible I would like to write a single tagclass, but use it
RF> for two or more different tags, as the implementation would share
RF> quite a lot of code. Besides, it might be helpful for debugging.
CS> Feel free to build a base class with the shared code and then implement
CS> the
Hi JHHL
> security audit on the Tomcat server we maintain
My condolences. :-) We're gone through several scans over the past couple
years too. Yeah, it's a pain.
If you can get the report details, it may provide enough info to pinpoint the
exact problems. Checkmarx scanning software does,
-Original Message-
From: Christopher Schultz
> "things to look into when I retire and my house is totally clean and
> my kids are finally out of the house" so of course, I'll never get around to
> it.
+1 :-)
--
Cris Berneburg
CACI Lead Software Engineer
Hi Sumit
Please see my response below your question.
-Original Message-
From: Sumit Bhardwaj
Sent: Saturday, July 20, 2019 8:48 AM
To: Tomcat Users List
Subject: Security vulnerabilities with tomcat 9
> Hi,
>
> We are using tomcat 9 and getting following two vulnerabilities in
-- Christopher Schultz (cs) wrote 3/12/19:
-- Rich Bowen (rb) wrote 3/6/19:
rb> * Apache Roadshow DC is in [2] weeks. Register now at
rb> https://apachecon.com/usroadshowdc19/
cs> I'll be speaking at this event, and I'd love to meet some
cs> local Tomcat-ers. It's $25 to attend; schedule
Hi Youness
Please see my comments below
-Original Message-
From: youness.dakk...@bnpparibasfortis.com
Sent: Wednesday, March 6, 2019 7:55 AM
To: Tomcat Users List
Subject: RE: Tomcat 8.5.13 - random issue with HTTPS (blank page) - working
good with HTTP
> This is the content of the
Hi Danyaal
dh> I'm encountering following scan finding errors
dh> and couldn't find way to mitigate this.
dh> Tomcat 8.5.32
dh> 12085
dh> Apache Tomcat Default Files
dh> The following default files were found
dh> :/nessus-check/default-404-error-page.html
dh> Delete the default index page and
Hi Andi
am> Another try on a third Windows Server 2008 R2 that never contained Java or
Tomcat.
am> I am logged in as local administrator.
am> Installed Java 11 and Tomcat 9.
am> And again same error :(
am> I would really appreciate any help.
Sorry you are going through all this trouble. I have
Hi Ralf
am> What I did now:
am> - removed Tomcat services by service.bat
am> - uninstalled all Tomcats (7 and 9)
am> - uninstalled all Java (was only Version 11)
am> - server reboot
am> - Installed Java 11 (File: jdk-11.0.1_windows-x64_bin.exe)
am> - reboot
am> - Installed Tomcat 9 (File:
Thanks André
cjb> I upgraded Java from 8u181 to 8u191 on our dev (JDK) and test
cjb> (JRE) Windows 2012 servers today. After doing so, the Tomcat
cjb> 8.5(.32) Windows services would no longer start. Removing and
cjb> re-adding the service fixed the service.
mt> You need to reconfigure
Thanks Mark
cjb> I upgraded Java from 8u181 to 8u191 on our dev (JDK) and test (JRE)
cjb> Windows 2012 servers today. After doing so, the Tomcat 8.5(.32)
cjb> Windows services would no longer start. Removing and re-adding
cjb> the service fixed the service. I don't remember having to
Hi Folks
I upgraded Java from 8u181 to 8u191 on our dev (JDK) and test (JRE) Windows
2012 servers today. After doing so, the Tomcat 8.5(.32) Windows services would
no longer start. Removing and re-adding the service fixed the service. I
don't remember having to re-install the TC Windows
Chris
cjb> large bureaucracy [...] I would not be
cjb> surprised if there is a policy against dev kits and IDE's on
cjb> production servers for security sake. Tomcat (whisper: with built-in
cjb> compiler) is approved, but is the JDK allowed? Guess I can ask.
cjb> Yeah, it's potentially a
Hey Chris
cjb> RAMBLE: Too bad there can't be an Apache OpenJRE umbrella project,
cjb> with specific Apache OpenJRE [version X] sub-projects, that maintain
cjb> JRE [version X]'s indefinitely. One source (Apache) for all the
cjb> different JRE's for the Java community at large, rather than
Thanks Igal
is> p.s. So happy to see that you finally moved from Tomcat 6 to 8.5.
is> Perhaps you can share that experience in a separate thread and let
is> others know if you ran into any major problems during that process.
Will do. So far we've only run into 3 minor issues.
--
Cris Berneburg
Thanks Igal
mt> OpenJDK is very close to the Oracle JDK these days. I regularly run
mt> Tomcat's unit tests with the latest OpenJDK and have yet to find an
mt> issue that is OpenJDK specific.
is> I asked Gil Tene about this a couple of weeks ago. Gil is a co-
is> founder of Azul Systems, an
Thanks Mark
mt> The argument for a JRE vs a JDK is that the JDK includes
mt> a compiler. The only reason Tomcat can run on a JRE and
mt> still support JSPs (which require compilation) is that
mt> Tomcat includes a Java compiler. I don't think the
mt> security argument holds much water.
I had not
Hi Folks
What has anyone been thinking about the upcoming Oracle Java 11 release /
support stuff? Frankly, I'm confused by it all and am still trying to wrap my
brain around it. I have concerns about the potential implications for my
little project, and also wonder about Tomcat at large.
Mark
cjb> SPECIFIC: The Excel files are [...] accessed only
cjb> once. They don't need to be cached. Is it
cjb> possible to declare only the Excel reports output
cjb> folder as non-cache-able but leave the (default)
cjb> context cache setting as-is so everything else
cjb> can be cached in the
Mark
cjb> RAMBLE: The thing is, it worked in TC 6.0
cjb> but not 8.5. Is it possible a major change
cjb> [...] Did TC 6.0 not cache files?
mt> The resources implementation was completely
mt> re-written for 8.x [...] I'm fairly sure
mt> not found results weren't cached in 6.0.x.
OK, thanks for
Thanks Chris
cjb> of TC 8.5.32 on Java 8u181, report output Excel
cjb> files won't load (immediately). An error is
cjb> displayed to the user. [...]
cjb> 1. What are the ramifications of disabling the cache?
cjb> IOW, what are the potential side-effects? [...]
cjb> 2. Is there a "better" way to
Thanks Mark
cjb> Anyone have advice on, experience with, or
cjb> info about setting cachingAllowed=false?
cjb> [...]
cjb> In our testing of TC 8.5.32 on Java 8u181,
cjb> report output Excel files won't load
cjb> (immediately). An error is displayed to
cjb> the user. These Stack Overflow topics
Mark
cjb> getting the dreaded JasperException in production.
cjb> Don't know what changed to start causing this. Same
cjb> thing happened in the test environment 9/4/18. We
cjb> got around the problem in test by upgrading to Java
cjb> 8u181 and Tomcat 8.5.30.
cjb>
cjb> JRE 8u171, 32 bit
cjb>
Hi Gael
>> >> >> On 03/10/18 12:28, Gael REYNOARD wrote:
>> >> >>> Hello everybody,
>> >> >>>
>> >> >>> OS : Windows 7 Pro x64
>> >> >>> Tomcat : 8.5.31
>> >> >>>
>> >> >>> On a test bench, I reboot Windows to test one of our C#
>> applications.
>> >> >>> Sometimes after starting the OS, my
Hi Folks
Anyone have advice on, experience with, or info about setting
cachingAllowed=false?
BACKGROUND:
Our customer is suddenly getting a JasperException in production. To solve,
we're planning to upgrade Tomcat to 8.5.x. In our testing of TC 8.5.32 on Java
8u181, report output Excel
OK, now we're getting the dreaded JasperException in production. Don't know
what changed to start causing this. Same thing happened in the test
environment 9/4/18. We got around the problem in test by upgrading to Java
8u181 and Tomcat 8.5.30.
JRE 8u171, 32 bit
Tomcat 6.0.32, 32 bit
I just remembered something.
cjb> After reverting Java and our app, the app still
cjb> won't run and still throws compilation errors.
cjb> * Staging Server - after rollback
cjb> JRE 8u171, 32 bit
cjb> Tomcat 6.0.32, 32 bit (unchanged)
cjb> App v3.3.2
cjb> * Partial stack trace:
cjb>
Konstantin, et al
Well, it's all a moot point now. :-)
cjb> After reverting Java and our app, the app still
cjb> won't run and still throws compilation errors.
cjb> * Staging Server - after rollback
cjb> JRE 8u171, 32 bit
cjb> Tomcat 6.0.32, 32 bit (unchanged)
cjb> App v3.3.2
kk> My guess is
Konstantin
Thanks for jumping in to help out. :-)
cjb> After reverting Java and our app, the app still
cjb> won't run and still throws compilation errors.
cjb> * Staging Server - after rollback
cjb> JRE 8u171, 32 bit
cjb> Tomcat 6.0.32, 32 bit (unchanged)
cjb> App v3.3.2
kk> My guess is that
Hi Folks
We can't figure out what's wrong with our staging server. After upgrading Java
and our application, Tomcat started logging "Compilation error" exceptions.
The login JSP page did not display.
After reverting Java and our app, the app still won't run and still throws
compilation
Hi Woonsan
cjb> I'd like to prevent users from requesting JSP pages directly
cjb> a. [...] adding a for each folder.
cjb> b. [...] JSP files under the WEB-INF folder.
wk> c. Implement a servlet filter which is mapped to /* with
wk> dispatcher options: REQUEST, INCLUDE, FORWARD. The filter
Chris
[combining messages]
cjb> Am I mistaken, but does vulnerability scanning software
cjb> seem to feed on that sort of thing?
cs> Most vulnerability scanners just try to detect your server's
cs> version and look-up any publicly-reported vulnerabilities in
cs> e.g. NVD. They are really stupid
Chris (and Mark)
Bingo!
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input scrubbed, JSP's cannot be taken advantage
Hi Mark
Thanks for taking the time to reply. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input scrubbed, JSP's
Hi Woonsan
Thanks for providing an "option C". :-) There is still much for me to learn.
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being
Hi Chris
Thanks for your insight and reply.
cjb> I'd like to prevent users from requesting JSP pages directly,
cjb> except for the login page.
cs> Why except for the login page? I would include the login page
cs> as something that should be fronted with a (non-JSP) servlet,
cs> even if that
Hi Louis
Thanks for replying to my request for help. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input
David
Thanks for taking the time to reply. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like to
cjb> prevent users from requesting JSP pages directly [...]. That way I can
cjb> legitimately claim that all requests are being validated, input scrubbed,
cjb> JSP's
Due to security concerns and general fussiness on my part, I'd like to prevent
users from requesting JSP pages directly, except for the login page. I want
all requests to be handled by servlets. That way I can legitimately claim that
all requests are being validated, input scrubbed, JSP's
Mark
Thanks for taking the time to help. Again, I appreciate it.
cjb> We are getting dinged by a vulnerability scan for the default
cjb> not-found error page being returned by Tomcat for a Status 404.
cjb> [...]
cjb> And we're using Tomcat 6.0.37 (ahem).
MT> And you are worried about returning
Leon, Mark, and Alejandro
Thanks for your time and suggestions. I appreciate it.
cjb> We are getting dinged by a vulnerability scan for the default
cjb> not-found error page being returned by Tomcat for a Status 404.
cjb> [...]
cjb> However, I can't find where the error-page for 404 is defined.
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, May 2, 2018 4:01 PM
To: users@tomcat.apache.org
Subject: Re: tomcat 6 vulnerability scan default error page help
> On 02/05/18 20:51, Leon Rosenberg wrote:
> > Hi Mark,
> >
> > I agree with you that the
We are getting dinged by a vulnerability scan for the default not-found error
page being returned by Tomcat for a Status 404.
On my dev server when requesting an invalid URL, Tomcat returns a Status 404
page that displays the Tomcat version. Right, I need to do something about
that.
However,
Hi Greg
-Original Message-
From: Greg Huber [mailto:gregh3...@gmail.com]
Sent: Thursday, April 26, 2018 4:53 AM
To: Tomcat Users List
Subject: Tomcat 9 ;jsessionid
> Hello,
>
> One thing I have noticed with Tomcat 9.0.x I get alot
> ;jsessionid=xxx appended to
Thanks Mark
[lots of snippage]
MT> https://apache.github.io/tomcat-training/
cjb> Should "Client" actually be "Server" in Step 12: ChangeCipherSpec?
cjb> Or did you already know about that?
MT> It should and I didn't. I've just committed the fix. It should be
MT> live in a few minutes. Thanks
Thanks Mark for making that available! My questions below.
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, April 11, 2018 6:32 PM
To: Tomcat Users List
Subject: Training material is now on-line
> Hi all,
>
> Thanks to the magic
Thanks Chris for taking the time to provide such a detailed and educational
answer.
cjb> Now let's say that we want the Tomcat application to only do
cjb> rendering. It connects to a different server, X, and no longer to the
cjb> DB. The X server connects to the DB. Requests and data flow
Hi Folks
There's a concept I'm trying to wrap my brain around. It's similar to MVC,
separating responsibilities between the display and model/controller layers.
In terms of coding, I know how to make that happen. However, in terms of
server architecture, I do not.
For the purposes of
Chris and Chris
-Original Message-
> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
> Sent: Wednesday, February 28, 2018 8:40 AM
> To: Tomcat Users List
> Subject: RE: Security of AJP
>
> Since AJP is not really needed by Tomcat; If I comment out
Christoph
While my response is late, and you seemed to have solved your problem, if you
don't mind, I would like to attempt to clarify about quotes and spaces in
Windows.
-Original Message-
From: Christoph P.U. Kukulies [mailto:k...@kukulies.org]
Sent: Wednesday, January 10, 2018 6:39
Chris
Thanks again taking the time to help. Please see below.
>>> So I would recommend a separate CATALINA_BASE for each application's
>>> support for a major Tomcat version. Note that you are welcome to
>>> share WAR files for an application.
>>>
>>> Example:
>>>
>>> Tomcat 6
Chris
Thanks for taking the time to explain this to me. I'm still trying to absorb
it all. More below.
> > My question is this. Is it even possible or simply not recommended
> > for both tomcat instances to share the same CATALINA_BASE? The work
> > folder with compiled cache is buried in
I'm thinking about upgrading our tomcat from version 6.x to 8.5.x. Yeah, it's
overdue. :-) In our test environment, I would like to install 8.5 in parallel
with 6 for side-by-side comparison testing.
Having never done it before, I'm also thinking about splitting the tomcat and
document
Darin
> From: dbol...@dsginc.biz [mailto:dbol...@dsginc.biz]
> Sent: Friday, October 20, 2017 9:47 AM
> To: users@tomcat.apache.org
> Subject: TomCat service is running but not responding
>
> I have a TomCat 8.5.23 service running on a Windows 2008 server.
> The service would be running fine but
Chris and Chris (but not Chris)
-Original Message-
From: Chris Cheshire [mailto:yahoono...@gmail.com]
Sent: Friday, September 08, 2017 9:16 PM
To: Tomcat Users List
Subject: Re: 8.5 - multiple host configuration question
On Thu, Sep 7, 2017 at 5:29 PM,
Hey Chris
> From: Christopher Schultz [mailto:chris@...]
> Sent: Friday, July 21, 2017 1:02 PM
> To: users@tomcat.apache.org
> Subject: Re: [OT] Unable to install Tomcat 9 on Windows 10
[SNIP]
> I'm not such a miserable bastard as this thread would indicate
Sounds like a great sig for you.
Ankit
-Original Message-
From: Berneburg, Cris J. - US
Sent: Thursday, April 13, 2017 10:35 AM
To: Tomcat Users List
Subject: RE: Using Log4J2 2.8 (via the 1.2 API Bridge) for Tomcat8 Internal
Logging - RollingFileAppender does not (cannot?) create new Log File
>> The only p
Hi Ankit
-Original Message-
From: Ankit Agarwal [mailto:ankit_agarwal@...]
Sent: Tuesday, April 11, 2017 12:28 PM
To: Tomcat Users List
Subject: Re: Using Log4J2 2.8 (via the 1.2 API Bridge) for Tomcat8 Internal
Logging - RollingFileAppender does not (cannot?) create new Log File
> Hi
1 - 100 of 130 matches
Mail list logo