On 24/09/2020 11:02, Nils Breunese wrote:
> - Envoy allows the request based on the /v1/* rule, because it does not
> support path parameters, because they are not part of any recent standard
> (RFC 2396 dropped them in 1998 [1])
Envoy does support path parameters and is correctly doing so
On 23/09/2020 15:50, Berneburg, Cris J. - US wrote:
> Hi Mark
>
> Thanks for taking the time to explain that to me. :-)
>
> A few more questions, if you don't mind.
>
> cjb> TC thinks the stream should be closed when the client
> cjb> thinks the stream is still open? Basically RST_STREAM
>
On 22/09/2020 13:47, Berneburg, Cris J. - US wrote:
> Hi Mark
>
> As with most topics here, I struggle to understand what is being discussed.
> :-) So please bear with me.
>
>> improving how Tomcat handles traffic like this.
>>
>> Looks like Tomcat could prune the closed streams
>> less
On 21/09/2020 15:52, Mark Thomas wrote:
> That doesn't
> exclude, of course, the possibility of improving how Tomcat handles
> traffic like this.
Looks like Tomcat could prune the closed streams less aggressively.
At the moment it waits until there are maxConcurrentStreams + 10% i
On 21/09/2020 13:48, Martin Grigorov wrote:
> Hi Remy,
>
> On Mon, Sep 21, 2020 at 2:56 PM Rémy Maucherat wrote:
>
>
>
>
>>> 2020-09-21 14:25:04.850 DEBUG 232086 --- [https-jsse-nio-18080-exec-8]
>>> o.a.coyote.http11.Http11NioProtocol : Found processor [null] for
>>> socket
On 21/09/2020 10:44, Martin Grigorov wrote:
> On Mon, Sep 21, 2020 at 12:08 PM Martin Grigorov
> wrote:
>> On Mon, Sep 21, 2020 at 11:23 AM Mark Thomas wrote:
>>> RFC 7540 allows the connection to be closed with a protocol error if the
>>> reset is received &qu
On 21/09/2020 08:18, Martin Grigorov wrote:
> On Fri, Sep 18, 2020 at 6:16 PM Mark Thomas wrote:
>
>> On 18/09/2020 14:07, Martin Grigorov wrote:
>>
>>
>>
>>> What is the difference
>>> between org.apache.coyote.http2.StreamStateMachine
On 18/09/2020 14:07, Martin Grigorov wrote:
> What is the difference
> between org.apache.coyote.http2.StreamStateMachine.State#CLOSED_RX
> and org.apache.coyote.http2.StreamStateMachine.State#CLOSED_TX ?
Compare the parameters used to construct the enums.
> I read some parts of
On 17/09/2020 14:06, Beard, Shawn wrote:
> Yes its 9.0.31.0
>
> [mwuser@usilg01-tcd003 ~]$ ./version.sh
> Using CATALINA_BASE: /path/to/catalina_base
> Using CATALINA_HOME: /path/to/catalina_home
> Using CATALINA_TMPDIR: /path/to/catalina_base/temp
> Using JRE_HOME:/
> Using
noCompressionUserAgents="gozilla,traviata" />
I've added that exact configuration (copy and paste) to clean builds of
10.0.x, 9.0.x and 9.0.31 and I don't see the errors you are seeing.
Are you sure you are running 9.0.31?
Have you tested this with a clean 9.0.31 ins
On 16/09/2020 19:46, Beard, Shawn wrote:
> I’m getting these in the log:
>
>
>
> 16-Sep-2020 14:39:42.909 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'compressibleMimeType' to
>
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.58.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.38.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.38 is a bugfix and
On 15/09/2020 12:46, Martin Grigorov wrote:
> On Tue, Sep 15, 2020 at 2:37 PM Martin Grigorov
> wrote:
>
>> Hi,
>>
>> I am running some load tests on Tomcat and I've noticed that when HTTP2 is
>> enabled the throughput drops considerably.
>>
>> Here are the steps to reproduce:
>>
>> 1) Enable
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M8.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
On 14/09/2020 20:22, Lee Jarvis wrote:
> Hi all,
>
> I’m trying to implement SSL and have defined a connector on ports 8080 and
> 8443. I can connect to either port, but I want any incoming HTTP on 8080 to
> be redirected to the HTTPS port on 8443, but that’s not happening as I have
> things
On 14/09/2020 17:44, Darryl Philip Baker wrote:
> Until recently most of our Tomcat installations were using the Red Hat
> distributed version. A version of Tomcat7 with Red Hat backporting security
> and important break fixes. Red Hat has moved their redistribution of Tomcat
> to another
On 14/09/2020 16:57, Christopher Schultz wrote:
> Arshiya,
>
> On 9/14/20 10:54, Arshiya Shariff wrote:
>> Can we please get a tentative release date for 9.0.38 .
>
> The vote was started on 2020-09-11 and usually stays open for at least
> 3 days. There are enough votes for the release-vote to
On 13/09/2020 06:19, Arshiya Shariff wrote:
> Hi All,
>
> The KeepAliveTimeout value is configured to the default value of 20 seconds.
> So when the connection is idle for 20 seconds, tomcat server(Port:1090) is
> sending PING followed by GOAWAY within the same millisecond. The client also
>
On 12/09/2020 00:30, Adam Rauch wrote:
> I have implemented a custom JspWriter and registered it for use by our
> JSPs using the approach described here:
> https://stackoverflow.com/questions/29508245/jsp-using-a-delegate-for-out-jspwriter-with-jsp-includes-to-change-the-beh
>
>
> I created a
On 11/09/2020 21:29, Dave Ford wrote:
> I can't find any useful information in the tomcat logs - is it possible
> to turn up the logging for the manager app to see exactly what
> credentials (well, username) is being passed by Edge to it?
If the user isn't authenticated, the request doesn't
On 10/09/2020 21:23, Brian Harris wrote:
> Thanks Christopher. You just nailed it buddy. I changed them all to \r\n
> and it got a 200. I was completely overlooking that as it had never
caused
> a problem before. Something in 8.5.51 would not allow that anymore.
That is the fix for
For the response, not unless the response is sfficiently big and the
retransmit sufficiently earlier in the response that the TCP buffers
fill and Tomcat is blocked from further writes.
Mark
>
> --Eric
>
>> -Original Message-
>> From: Mark Thomas
>> Sent: Tuesda
On 08/09/2020 21:19, Eric Robinson wrote:
> Hi Mark and Christopher,
>
> For clarification, suppose a client sends and HTTP POST request which
is bigger than the PMTU and has to be broken into multiple packets. It
sounds like you're saying that the request is buffered by the network
stack, and the
On 08/09/2020 18:46, Eric Robinson wrote:
> It is my understanding that the AccessLogValve %D field records the time from
> when the last byte of the client's request is received to when the last byte
> of the server's response is placed on the wire. Is that correct? If so, would
> TCP
On 07/09/2020 09:29, Arshiya Shariff wrote:
> Hi All,
> Tomcat is closing connections abruptly by sending GOAWAY with reason
> Connection [5309], Stream [57,359], An error occurred during processing that
> was fatal to the connection .
>
> Just trying to understand in what scenarios this
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.25 stable.
The key features of this release are:
- Improvements to the build system
- Add an option to allow the OCSP check to be bypassed
Please refer to the change log for the complete list of changes:
On 02/09/2020 09:28, Olaf Kock wrote:
>
> On 02.09.20 10:16, Rathore, Rajendra wrote:
>> Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not,
>> if yes please let me know which release we fixing it.
>
>
> The CVE states:
>
> "A Incorrect Default Permissions
On 01/09/2020 14:01, Christopher Schultz wrote:
> Arshiya,
>
> On 9/1/20 08:13, Arshiya Shariff wrote:
>> Hi all,
>
>> The following reported issue - "HTTP/2 Stream.receivedData method
>> throwing continuous NullPointerException in the logs" has been
>> fixed in the latest tomcat.
>>
On 01/09/2020 08:42, Paul wrote:
> Hi Chris,
>
> First of all tnx for your response.
>
> For my own purpose it was about the conf/[engine]/[host] folder and I'm
> now creating that in my dockerfile and thus I got rid of the error.
>
> However, this question is not so much to solve it for just
On 28/08/2020 20:54, Christopher Schultz wrote:
> Calder,
>
> On 8/27/20 18:23, calder wrote:
>> On Thu, Aug 27, 2020, 16:16 Christopher Schultz <
>> ch...@christopherschultz.net> wrote:
>
>> [ snip ]
>
>> If you want to *kill* the application and it won't shut down on
>> its
>>> own, SIGKILL
On 29/08/2020 22:19, Carles Franquesa wrote:
> IS NOT ALLOWED TO STORE JSPS IN A HIERARCHY OF FOLDERS. ALL JSP FILES MUST
> GO ON THE ROOT WEB FOLDER.
That is not correct. JSPs can be placed anywhere in the web application.
If you provide the simplest possible set of steps to recreate the
On 27/08/2020 19:43, Roger Marquis wrote:
> Mark Thomas wrote:
>> Those are all application issues. The application should shut itself
>> down cleanly. Tomcat is complaining because it hasn't.
>
> I don't know Mark, most Java/Tomcat engineers expect an application to
&g
On 27/08/2020 18:57, David wrote:
> On Thu, Aug 27, 2020 at 12:35 PM Christopher Schultz
> wrote:
Is there a graceful way to script the termination of threads in
case Tomcat isn't able to for whatever reason?
>
> Not really.
What you can do is take a thread dump when this happens so
On 27/08/2020 11:32, Phoenix, Merka wrote:
> The error message returned by the Tomcat service, while certainly helpful to
> the remote client, is returning more information than it should (from a
> security-viewpoint).
What, exactly, are the security concerns here? Your comment suggests
detected and the request redirected as
> appropriate. Maybe the same can be done with the rewrite valve used with
> Tomcat.
This isn't currently possible with Tomcat because of detection of plain
text HTTP when TLS should be used (and the generation of the associated
response) is much, much earlier in
On 26/08/2020 17:50, Christopher Schultz wrote:
> On 8/26/20 05:27, Mark Thomas wrote:
>> On 26/08/2020 08:14, Martin Grigorov wrote:
>>> Hi,
>>>
>>> On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha
>>> wrote:
>>>
>>>> Thanks for r
On 26/08/2020 08:14, Martin Grigorov wrote:
> Hi,
>
> On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha wrote:
>
>> Thanks for reply,
>>
>> Hi Peter - it complains on port 8443 which belongs to Tomcat.
>>
>> Hi Mark - Yes. making HTTP request on HTTPS is wrong. But this security
>> vulnerability
On 25/08/2020 16:40, ratatouille wrote:
> Mark Thomas schrieb am 25.08.20 um 11:31:59 Uhr:
>
>> On 25/08/2020 11:07, ratatouille wrote:
>
>>> I am running openmeetings on a CentOS 8 server and start it with startup.sh
>>> in the bin-folder.
>>>
>
On 04/08/2020 14:47, Christopher Schultz wrote:
>> Enhancement requests for this should go to Commons Daemon. Should
>> be simple enough just to dump current config.
>
> Done.
>
> https://issues.apache.org/jira/browse/DAEMON-422
Done.
It outputs the command to (re-)create the current config
On 25/08/2020 11:14, Pratik Shrestha wrote:
> Hi all,
>
> Tomcat version: 9.0.37
>
> Our website is running on Tomcat. We did Qualys vulnerability scan on our
> site. Scan shows below vulnerability.
>
> Insecure transport
> Group: Information Disclosure
> CWE CWE-319
> OWASP A3 Sensitive Data
On 25/08/2020 11:07, ratatouille wrote:
> Hello!
>
> I am running openmeetings on a CentOS 8 server and start it with startup.sh
> in the bin-folder.
>
> The problem is when I execute shutdown.sh the process still exists after.
> I have to kill it manually.
>
> #
>
On 25/08/2020 09:19, Mark Thomas wrote:
> On 24/08/2020 15:41, Aryeh Friedman wrote:
>
>
>
>> Tried and it gives me /usr/local/apache-tomcat-9.0/webapps as the effective
>> dir. This is *NOT* what I meant by the root dir I meant the one that is
>> the hi
On 24/08/2020 15:41, Aryeh Friedman wrote:
> Tried and it gives me /usr/local/apache-tomcat-9.0/webapps as the effective
> dir. This is *NOT* what I meant by the root dir I meant the one that is
> the highest point in the file system hierarchy (i.e. the one you get when
> at a shell prompt
On 24/08/2020 13:14, Tom Chiverton wrote:
> Am I mis-reading the docs ?
Yes.
The relevant part is:
"Aliases may also use the wildcard form"
Alias is a sub-element of Host. The name element of Host needs to use a
valid host name.
Mark
>
> Tom Chiverton --
> *Tom Chiverton*
> Lead
On 23/08/2020 22:05, Aryeh Friedman wrote:
> In order to allow my developers to quickly access any temporarily produced
> html files created/stored outside of webapps (such as those created by the
> jacoco test coverage tool) I want to allow read only access to the root
> directory of the
On 21/08/2020 11:27, S Abirami wrote:
> Hi All,
>
> In our application, we used to create embedded tomcat instance by taking a
> copy of lib jars from the Deployable Tomcat.
> It's working properly. I have noticed that there is some jars in Embed package
>
>
On 19/08/2020 10:58, Martin Knoblauch wrote:
> Hi,
>
> our customer has the following setup:
>
> Apache/HTTPD(2.4.43)->mod_jk(1.2.48)->Tomcat(9.0.12).
>
> The application hosted by Tomcat has a REST interface that allows file
> upload using POST requests. The problem now is that we get a 500
On 18/08/2020 19:45, Anwar AliKhan wrote:
> I rebooted the machine , then the login box appeared .
> Obviously this is not an ideal solution!
Did you close the browser between tests?
Mark
> On Tue, 18 Aug 2020, 19:07 Anwar AliKhan, wrote:
>
>> Hi,
>> I deployed an app called tomee using the
On 16/08/2020 18:00, James H. H. Lampert wrote:
> Permit me to clarify:
>
> 1. The existing httpd server on this box, and its certbot setup may be
> extended/expanded, but not otherwise disturbed.
>
> 2. Running Tomcat independently of httpd on this box is not an option,
> because *both* are to
a CVE ID for a vulnerability.
Mark
>
> On Fri, Aug 14, 2020 at 4:15 AM Mark Thomas wrote:
>
>> On 13/08/2020 20:52, Nic P wrote:
>>> Hi
>>>
>>> Can anyone help me understand why some CVE's show in the changelog but
>> not
>>> on the security report
On 13/08/2020 20:52, Nic P wrote:
> Hi
>
> Can anyone help me understand why some CVE's show in the changelog but not
> on the security report?
>
> Example is CVE-2016-5388 which shows as fixed in 8.0.37 changelog but
> missing on the security report.
>
> This has come up in a audit and hard
On 12/08/2020 17:50, Suraj Puvvada wrote:
> I'm trying to capture the request and response body for async servlets.
> Currently I'm using a filter to wrap the request and response via the
> HttpServletRequestWrapper and HttpServletResponseWrapper and wrap the
> InputStream and OutputStream objects
On 12/08/2020 16:29, James H. H. Lampert wrote:
> Question:
>
> We are once again having SSL difficulties with our webapp connecting
> with an outside web service: the java.security override that had solved
> the problem in the past (specifically, removing "DESede" from the
>
ert relevant to that virtual host.
Given you had client issues as well, I suspect what you were seeing was
the result of the client sending a different host header and/or the
client connection via localhost vs the public IP or some combination of
the that. And if IPv6 is enabled then that adds another poten
On August 8, 2020 6:59:23 PM UTC, David Filip wrote:
>Hello Everyone!
>
>I spent a large part of yesterday and this morning trying to debug an
>SSL problem on Tomcat 8.5.57 to no avail. I've seen some discussion on
>either this problem or something related back in 2016, but wanted to
>confirm
On August 6, 2020 2:37:34 PM UTC, Barry Roberts wrote:
>I'm having an issue very similar to this one:
>https://marc.info/?l=tomcat-user=159171480518941=2
>
>The only difference is, I'm upgrading my docker from 8.5.51 to 8.5.57.
>My config adds a parameter in the rewrite rule, so I can see in the
On August 6, 2020 1:14:26 PM UTC, Trae McCombs wrote:
>Correct me if I'm wrong but 8.5 is really just a forked 9.x so wouldn't
>they both EOL roughly at the same time?
No.
Every major Tomcat version is a fork from the previous version going back to at
least 4.1.x
The Tomcat teams stated
Operating system?
Are you sure the previous Tomcat process has fully shutdown?
It is a bit of a guess, but something like the following might explain
things if you are on a non-Windows platform:
- start Tomcat
- stop Tomcat
- delete log files
- start Tomcat
If the first "stop Tomcat" hasn't
On July 27, 2020 4:03:04 PM UTC, Christopher Schultz
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>All,
>
>On 7/27/20 10:43, Bill Stewart wrote:
>> On Mon, Jul 27, 2020 at 12:22 AM Hans Schou wrote:
>>
>> Yes I can add and change information, but how can I get the
>> information
On July 25, 2020 3:25:18 PM UTC, John Dale wrote:
>Greetings;
>
>We've wrapped my connection pool interface in a Factory. Can you
>confirm how the current request's thread is used by JDBC connection
>pooling to MySQL?
>
>Sincerely,
>
>John
>
On July 24, 2020 5:46:45 PM UTC, Christopher Schultz
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>All,
>
>I have a JNDI which is a JDBC DataSource. It is set to
>singleton="true" via defaults (not explicitly set).
>
>The JDBC Connections in this DataSource pool (using dbcp2 as
On July 30, 2020 5:49:41 PM UTC, Igal Sapir wrote:
>Hello,
>
>I have the following in web.xml:
>
> - A servlet named Lucee, mapped to by URI pattern "*.cfm"
> - A default servlet from Tomcat, with init-param listings=true
> - A welcome-file of "index.cfm"
>
>My expectation is that for a
George,
As an open source project with an open development process, the Tomcat
security team has a number of challenges to deal with.
First, any commit to address a security issue will be public before the
security issue is announced and before a release is available that
includes the fix. We
On 22/07/2020 15:49, Максим Фастовец wrote:
>> On Wed, Jul 22, 2020 at 3:32 PM Mark Thomas wrote:
>>> On 22/07/2020 13:01, Максим Фастовец wrote:
>>> Can you please tell why Tomcat 8.0.36 compiles huge JSPs fine but
>>> precompiling JSPs with jspc + java
On 22/07/2020 13:01, Максим Фастовец wrote:
> Hi!
>
> We're working on moving an old legacy Servlet/JSP web app from WebSphere to
> Tomcat to cut our expenses. I figured out that the latest version of Tomcat
> where our web app runs without 'The code of method
> _jspService(HttpServletRequest,
r configuration.
Mark
>
> Chirag
>
> On Wed, 22 Jul, 2020, 4:03 pm Mark Thomas, wrote:
>
>> On 22/07/2020 11:18, Chirag Dewan wrote:
>>> Hi,
>>>
>>> Due to some backward compatibility concerns, I need to support both
>>> Jersey-1 and Je
On 22/07/2020 11:18, Chirag Dewan wrote:
> Hi,
>
> Due to some backward compatibility concerns, I need to support both
> Jersey-1 and Jersey-2 on the same Tomcat instance. This is an embedded
> tomcat which runs inside a JVM application.
>
> Since, Jersey-1 and Jersey-2 have different JAXRS
On 20/07/2020 22:43, Jerry Malcolm wrote:
>> Do you have a ROOT web application deployed? If not, this could be
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=64593
> Mark, I do not have a root context. So that very likely is the
> problem. Not 100% sure why the thought is that there
On 19/07/2020 13:55, Christopher Schultz wrote:
> Mark,
>
> On 7/18/20 10:01, Mark Thomas wrote:
>> On 17/07/2020 21:47, James H. H. Lampert wrote:
>>> Running two connectors seems to work just fine, but I'm having
>>> trouble getting one of them to only take TLS
On 20/07/2020 19:24, Jerry Malcolm wrote:
> My next step in moving httd/mod_jk out of the chain is to move my
> rewrite rules to Tomcat. The instructions are pretty straightforward.
> I added the rewrite value to the host in server.xml, and I created
> rewrite.index in the host's folder in
>>> HTTPS ports, and (2) have one of the ports require TLS 1.2, but the
>>> other accept something our AS/400 can use?
>
> On 7/17/20 10:03 AM, Mark Thomas wrote:
>
>> Yes. You need two Connector elements specifying different ports and
>> different protocols. T
On 17/07/2020 17:55, James H. H. Lampert wrote:
> I've got an issue here.
>
> On the one hand, we have a Tomcat server running on Amazon (in a
> Beanstalk cluster). And we have an AS/400 running an old enough OS that,
> so far as I'm aware, cannot be configured to use TLS 1.2 at the current
> OS
On 14/07/2020 21:08, Mark Thomas wrote:
> On 14/07/2020 20:57, Sridhar Rao wrote:
>>
>> We notice a behavior with tomcat where it becomes unresponsive and all
>> http threads go into a timed wait state and the node becomes unresponsive.
>>
>> Tomcat
On 14/07/2020 20:57, Sridhar Rao wrote:
>
> We notice a behavior with tomcat where it becomes unresponsive and all
> http threads go into a timed wait state and the node becomes unresponsive.
>
> Tomcat Version: 8.5.47
> Could this be a tomcat defect?
Possibly.
Let me take a look. I don't
CVE-2020-13935 Apache Tomcat WebSocket Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M1 to 9.0.36
Apache Tomcat 8.5.0 to 8.5.56
Apache Tomcat 7.0.27 to 7.0.104
Description:
The payload
CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M5 to 9.0.36
Apache Tomcat 8.5.1 to 8.5.56
Description:
An h2c direct connection did not release the
On 13/07/2020 18:33, Builder Lynx Demo wrote:
> My tomcat is configured to accept multipart/form-data posts. Here is
> the relevant portion in the WEB-INF/web.xml:
>
> 505242880
> 505242880
> 5000
> /home/pics
>
>
> Assuming both the files are larger than
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.57.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.37.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.37 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M7.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
On 05/07/2020 10:28, Michael Osipov wrote:
> Am 2020-07-02 um 21:30 schrieb Thomas Meyer:
>> Hi,
>>
>> What are your opinions on providing a RFC7807 based ErrorReportValve
>> as part of Tomcat default distribution?
>
> Thomas, this has been bugging me for a while. Let me share some thoughts
> on
On 03/07/2020 20:42, Thomas Meyer wrote:
> Am 2. Juli 2020 21:45:53 MESZ schrieb Mark Thomas :
>> On 02/07/2020 20:30, Thomas Meyer wrote:
>>> Hi,
>>>
>>> What are your opinions on providing a RFC7807 based ErrorReportValve
>> as part of Tomcat
On 04/07/2020 19:54, Thomas Meyer wrote:
> Hi,
>
> a while ago I did write a little POC of how to add a custom
> authenticator scheme to tomcat.
>
> this is what I did come up with:
> https://github.com/thomasmey/BearerTokenAuthenticator
>
> It's rather complicated solution!
> Is there an more
On 06/07/2020 12:25, Mark Thomas wrote:
> On 03/07/2020 13:40, Vitor Medina Cruz wrote:
>> On Thu, Jul 2, 2020 at 11:21 AM Mark Thomas wrote:
>>
>>> On 02/07/2020 14:14, Vitor Medina Cruz wrote:
>>>> On Wed, Jul 1, 2020 at 6:48 PM Mark Thomas wrote:
>&g
On 03/07/2020 13:40, Vitor Medina Cruz wrote:
> On Thu, Jul 2, 2020 at 11:21 AM Mark Thomas wrote:
>
>> On 02/07/2020 14:14, Vitor Medina Cruz wrote:
>>> On Wed, Jul 1, 2020 at 6:48 PM Mark Thomas wrote:
>>
>>
>>
>>>> @WebFiler, @WebLis
On 02/07/2020 20:30, Thomas Meyer wrote:
> Hi,
>
> What are your opinions on providing a RFC7807 based ErrorReportValve as part
> of Tomcat default distribution?
RFC 7807 looks to be application specific so support for that RFC looks
to be better handled at the application level.
Mark
On 02/07/2020 17:38, Hugh Roberts wrote:
> Tomcat 9.0.36
> JDK 1.8.0_251
>
> We are trying to use Tomcat JDBCRealm to access user credentials stored in
> Oracle DB. The user password is hashed with a SALT and stored in a table.
>
> *ISSUE:* We can authenticate using the BASIC auth-method while
On behalf of the Tomcat committers I am pleased to announce that
Raymond Augé (rotty3000) has been voted in as a new Tomcat committer.
Please join me in welcoming him.
Kind regards,
Mark
-
To unsubscribe, e-mail:
On 02/07/2020 14:14, Vitor Medina Cruz wrote:
> On Wed, Jul 1, 2020 at 6:48 PM Mark Thomas wrote:
>> @WebFiler, @WebListener and @WebServlet are deployment annotations so
>> scanning for these is controlled by the JarScanner.
>>
>> If an SCI has an @HandlesTyp
On 01/07/2020 20:28, Vitor Medina Cruz wrote:
> On Wed, Jul 1, 2020 at 3:19 PM Mark Thomas wrote:
>
>> On 01/07/2020 18:09, Vitor Medina Cruz wrote:
>>> On Wed, Jul 1, 2020 at 7:46 AM Mark Thomas wrote:
>>>
>>>> On 30/06/2020 14:19, Vitor Medina Cruz wr
On 01/07/2020 18:09, Vitor Medina Cruz wrote:
> On Wed, Jul 1, 2020 at 7:46 AM Mark Thomas wrote:
>
>> On 30/06/2020 14:19, Vitor Medina Cruz wrote:
>>> Hello,
>>>
>>> I am trying to configure Tomcat in a way that it makes SCI scan only in
>&
On 30/06/2020 14:19, Vitor Medina Cruz wrote:
> Hello,
>
> I am trying to configure Tomcat in a way that it makes SCI scan only in
> jars I explicitly specify to. I followed instructions from
> https://tomcat.apache.org/tomcat-8.5-doc/config/jar-scan-filter.htm, in
> both Tomcat 8 and 9, but
On 01/07/2020 00:41, rugman66 . wrote:
> On Wed, Apr 22, 2020 at 9:21 AM Mark Thomas wrote:
>>
>> On 22/04/2020 00:11, rugman66 . wrote:
>>
>>
>>
>>>Tomcat log (I'm trying to get more debug level logging)
>>> 202
On 01/07/2020 11:19, Thomas Meyer wrote:
> Am 30. Juni 2020 11:07:36 MESZ schrieb Mark Thomas :
>> On 29/06/2020 21:41, Christopher Schultz wrote:
>>> Mark,
>>>
>>> On 6/27/20 05:29, Mark Thomas wrote:
>>>> On 27/06/2020 10:19, Thomas Meyer wrote:
On 30/06/2020 03:12, Bhavesh Mistry wrote:
> Hi Mark,
>
> Thank you for responding. I have one more question. This is spring-boot 2
> application REST API server and it does not accept Cookie or session
> (timeout is set to zero).Auth happens through Authorized header. We
> have set 10mb
On 29/06/2020 21:41, Christopher Schultz wrote:
> Mark,
>
> On 6/27/20 05:29, Mark Thomas wrote:
>> On 27/06/2020 10:19, Thomas Meyer wrote:
>>> Hi,
>>>
>>> A few questions regarding tomcat session replication:
>
>> load-balancing and session
On 28/06/2020 20:14, Bhavesh Mistry wrote:
> Hi All,
>
>
> I am running embedded *tomcat*-embed-core-9.0.36.jar and large payload
> *179292* and HTTPS 1.1 traffic. When I use curl command with
> transfer encoding or without, both request JSON payload is truncated, and
> the application can not
On 27/06/2020 10:19, Thomas Meyer wrote:
> Hi,
>
> A few questions regarding tomcat session replication:
load-balancing and session replication are two separate parts of an
overall clustering solution.
> 1) is the jvmRoute attribute on Engine object necessary for session
> replication to work
On 26/06/2020 12:48, Mark Thomas wrote:
> On 26/06/2020 12:45, Chirag Dewan wrote:
>> Absolutely Mark. Shouldn't take long.
>
> Great. I think I have found a potential root cause. If I am right, NIO
> will show the same issues NIO2 did.
>
> I should have a test bui
1201 - 1300 of 8824 matches
Mail list logo