Re: [External] org.apache.catalina.valves.RemoteAddrValve

t;). A backward slash means to treat the character immediately after it normally and not as a special character. So "\d" would mean the literal letter "d". There's more rules, but they're well documented all over the internet, so I won't elaborate. Robert Egan On Thu, Apr 4

Re: [External] org.apache.catalina.valves.RemoteAddrValve

It looks like you need to escape your periods, like you did for 127\. etc... 1\.3\.5 Robert Egan On Thu, Apr 4, 2024 at 1:44 PM Eric Fetzer wrote: > Hi All, > > When I originally set up my tomcat instance, I added the following to allow > manager access under /opt/tomcat/webapps/

Re: HttpSession tracking

istopherschultz.net> wrote: > All, > > On 3/22/24 09:59, Christopher Schultz wrote: > > All, > > > > On 3/22/24 09:33, Robert Turner wrote: > >> On Fri, Mar 22, 2024 at 9:28 AM Christopher Schultz < > >> ch...@christopherschultz.net> wrote: >

Re: HttpSession tracking

On Fri, Mar 22, 2024 at 9:28 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > Robert, > > On 3/21/24 15:31, Robert Turner wrote: > > We receive the sessionWillPassivate and sessionDidActivate callbacks > > on startup. Odd that you are not. That's how we

Re: HttpSession tracking

r a way to query the sessions from the app, but as we know, that's not part of the current Servlet specification, or any extensions Tomcat currently provides. Robert On Thu, Mar 21, 2024 at 3:31 PM Robert Turner wrote: > We receive the sessionWillPassivate and sessionDidActivate callbacks on >

Re: HttpSession tracking

We receive the sessionWillPassivate and sessionDidActivate callbacks on startup. Odd that you are not. That's how we achieve the same. On Thu, Mar 21, 2024 at 3:25 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > All, > > After having written a solution using JMX to do something

Re: Tomcat SMPT TLS1.2

coop.it.invalid. Learn why > this is important at https://aka.ms/LearnAboutSenderIdentification ] > > I had issues in the past connectin to mailserver using TLS and solved them > upgrading the webapplicatio library from mail-1.4.jar to > javax.mail-1.6.2.jar > > Il 11/03/2024 17:

Re: Tomcat SMPT TLS1.2

AFAIK, there is nothing in Tomcat for SMTP. This would be part of the application you are running typically. It's possible (but not guaranteed) that the web application is using the standard Java libraries for SMTP, and as such, you may (but again not guaranteed) be able to configure some of the

Re: [EXTERNAL] Re: Tomcat 9 returning 404 for audio files

It's also possible you may need to support the "Range" HTTP header for fetching parts of the audio file for playback. IIRC, we had to do that to support the HTML 5 audio control properly. On Mon, Mar 11, 2024 at 9:15 AM Joey Cochran wrote: > Thanks for replying!! > > Yes audio files are

Re: Any way to look-up a session from application?

on't think there was a way that we found. Robert On Tue, Feb 27, 2024 at 3:10 PM Olaf Kock wrote: > Hi Chris > > On 27.02.24 15:19, Christopher Schultz wrote: > > All, > > > > I'm looking at building some administrative tools into my application, > > and I'd like to b

Re: Issue Migrating servlets to 10.1

of Java I should use? > > Thanks, > > Lance > > -Original Message- > From: Robert Turner > Sent: Tuesday, November 21, 2023 2:36 PM > To: Tomcat Users List > Subject: Re: Issue Migrating servlets to 10.1 > > Tomcat 10.x and higher require Jakarta namesp

Re: Issue Migrating servlets to 10.1

Tomcat 10.x and higher require Jakarta namespaces versions of the Servlet specifications. Tomcat 9.x is the last Tomcat support javax.servlet namespaces. Refer to the Which Version page for Tomcat for details: https://tomcat.apache.org/whichversion.html On Tue, Nov 21, 2023 at 3:30 PM Campbell,

Re: CIS Tomcat 8 Benchmark (v1.1.0) -- Questions

xplicitly specifying options in catalina.sh, even though there are more appropriate places, like in $CATALINA_HOME/conf files, or in the applications), as well as some items that are somewhat obscure and don't result in improving security in any material way (i.e. obscuring, rather than secur

Re: CIS Tomcat 8 Benchmark (v1.1.0) -- Questions

go on -- suggesting the method of improvement is additive, and possibly not corrective. On Tue, Sep 5, 2023 at 9:36 AM Peter Kreuser wrote: > Robert, > > While Mark Thomas will have a more detailled answer to this... > > The finding behind this test is valid (information disclosure

CIS Tomcat 8 Benchmark (v1.1.0) -- Questions

/ comments from "those in the know"? Thanks, Robert

Re: Tomcat 9.0.x on Windows crashing

You can try adding: -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=C:\HeapDump\java_pid.hprof to the Java options (in "Configure Tomcat") to capture heap dumps on out of memory errors (adjust path to suit your configuration) Robert On Wed, Aug 23, 2023 at 1:03 PM Daniel Savard wr

Re: [External] Re: Client Certificates

I suspect the problem is occurring before I can see the certificate, because the only way the request even reaches my filter is when the is set to auth="none". I have been pulled away from this project for now, but thanks for the answers. Robert Egan -- *VSolvit LLC*, *CMMI (Level 3)

Client Certificates

;. Thanks in advance Robert Egan -- *VSolvit LLC*, *CMMI (Level 3), ISO 9001, ISO 2-1, ISO 27001* *1305 Executive Blvd. Ste. 160 | Chesapeake | VA | 23320* *(617) 455-1425* www.vsolvit.com *VSolvit (We*Solve*it) *is an award winning technology services company that specializes in the areas of

Re: Tomcat links application at the root of the server?

What about the standard / provided Tomcat Manager application? https://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html On Fri, Jul 7, 2023 at 9:26 AM Graham Leggett wrote: > Hi all, > > Is there is application out there that will provide, at / (or a path of > your choosing), a list of

Tomcat Manager App and Federation

Does the manager app support something like Apache CXF to authenticate people to the manager application or is the manager application only accessible through username/password? Robert

Re: GoDaddy SSL certificate not working with Tomcat9

helpful than I...sorry. On Mon, Mar 20, 2023 at 9:14 PM Robert Turner wrote: > I believe the default certificate alias used by Tomcat is "tomcat". I > think you are creating your keystore with the alias "root". > > (see https://tomcat.apache.org/tomcat-9.0-doc/ssl

Re: GoDaddy SSL certificate not working with Tomcat9

I believe the default certificate alias used by Tomcat is "tomcat". I think you are creating your keystore with the alias "root". (see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html for docs on Tomcat SSL configuration -- adjust for the version you are running) On Mon, Mar 20, 2023 at

Re: Tomcat for Apple silicon coming soon?

You can run an aarm64 version of the Java runtime (various distributions exist) and run Tomcat on that -- it works well. No specific version of Tomcat is required as it a Java package. On Mon, Jan 16, 2023 at 3:38 PM m...@cvkimball.com wrote: > > I'd like to run Tomcat on one of the new Apple

Re: [Tomcat9][Linux]listening all local addresses by default is not security best practice

My 2 cents: I think that it would be a very strange change to make to a generic product and a "sample" configuration file. If Tomcat was packaged in a distribution, that might be a more reasonable suggestion. I don't think Tomcat is insecure because of this; binding to addresses/ports is a key

Re: Logging "location" header from the HTTP response

On Thu, May 26, 2022 at 11:37 AM Konstantin Kolinko wrote: > чт, 26 мая 2022 г. в 18:19, Robert Hicks : > > > > We would like to start logging the response location in Tomcat. I am not > > sure where to look something like that up. > > You are not mentioning the ver

Logging "location" header from the HTTP response

We would like to start logging the response location in Tomcat. I am not sure where to look something like that up. Thanks, Bob

Re: Per context heap usage

On Wed, 2022-05-18 at 17:36 -0400, Christopher Schultz wrote: > > > > > Is it possible to find out the per deployed context heap usage in > > > > > tomcat? > > > > > > > > With a profiler you can look at the retained size of the web > > > > application class loader instance associated with a

9.0.60 fix question

- [image: Fix:] Fix potential thread-safety issue that could cause HTTP/1.1 request processing to wait, and potentially timeout, waiting for additional data when the full request has been received. (markt) What would that actually look like? Tomcat spinning its gears and not serving

Re: Tomcat Native on M1 Macs

I think you need to use an ARM-based JVM -- IIRC, you will need Corretto JDK 18 I think, otherwise it will be running in emulation. On Tue, Apr 5, 2022 at 1:56 PM Paquin, Brian wrote: > After compiling Tomcat Native (that comes with Tomcat 9.0.62, version > 1.2.32) on a (ARM) M1 Mac (with

Re: Possibly Silly Question

Just looking the history page says: *Apache Tomcat 3.0.x*. Initial Apache Tomcat release. Wikipedia also mentions: 2.0 1998 Tomcat started off in November 1998[16] as a servlet reference implementation

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

On Thu, Mar 3, 2022 at 1:10 PM Berneburg, Cris J. - US wrote: > > Running Tomcat in a container via Docker Desktop on a Windows host > > with the web application served from a location on the host mounted > > /bound to the container is insecure. > > So the app resides on the "host" OS file

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

Mark, Thanks for continuing to look into it, and producing a detailed record of the issues and the cause (along with intermediate details). Hopefully it will come in useful for others in the future. Robert On Thu, Mar 3, 2022 at 3:11 AM Mark Thomas wrote: > Robert, > >

Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322

ing for a friend... > > On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout > wrote: > > > Based on those errors, it sounds like SHA-1 has been desupported in the > > newer OpenJDK version. > > > > On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks > > wrote: > > &g

Tomcat 9.0.58 and OpenJDK 1.8.0_322

We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 and have no issues. We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG SecureRandom not available" and "SHA MessageDigest not available" and "SHA-1 not available" and others. We downgrade to .40 and _292

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

That's good to know. I suppose the key use case we would have is having the ability to "hot deploy" from an IDE into the webapps folder rather than a full build, package, deploy cycle (which can be time consuming). Robert On Tue, Feb 8, 2022 at 11:41 AM Mark Eggers wrote: >

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

s available in the server logs.Apache Tomcat/9.0.58 And a "working" scenario, replace step 8 with the following: docker run -d -p 8075:8080 tomcat:9.0.58-jre11-openjdk docker cp target/test-e-resolver.war :/usr/local/tomcat/webapps/ Accessing the page with the curl command above will resul

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

option for APFS). I will try to confirm suspicions and provide details in a few hours (hopefully -- got a few meetings today that will get in the way). Thanks again, Robert On Tue, Feb 8, 2022 at 8:51 AM Mark Thomas wrote: > Robert, > > I agree this is something to do with the Docker envi

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

a debugger up on the Expression Resolvers, you will at least narrow it down quickly...) On Tue, Feb 8, 2022 at 7:55 AM Robert Turner wrote: > Thanks Mark. Much appreciated. > > On Tue., Feb. 8, 2022, 04:06 Mark Thomas, wrote: > >> Robert, >> >> Thank yo

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

Thanks Mark. Much appreciated. On Tue., Feb. 8, 2022, 04:06 Mark Thomas, wrote: > Robert, > > Thank you for putting the effort in to debugging this. Narrowing down > the issue to a simple test case is extremely helpful. > > The behaviour you describe looks odd to me. I'd

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

expected. Robert [1] $ cat src/main/webapp/index.jsp <%@page contentType="text/html" pageEncoding="UTF-8" isELIgnored="false" %> <%@page import="com.example.rt.Failing" %> <% final Failing failing = null; pageContext.setA

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

ntext.setAttribute("failing", failing); %> Hello World! field1=${failing.field1} $ cat src/main/java/com/example/rt/Failing.java package com.example.rt; public class Failing { private final String field1 = "field1_value"; public String getField1() { return field

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

they differed in any material way on the different platforms. I hope that helps provide more detail that might be useful... Robert [1] $ unzip -l target/app.war | grep "model\/Organization\.class" 66246 02-07-2022 20:17 WEB-INF/classes/model/Organization.class [2] java.class

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

a trivial application reproduction, along with docker layout, and see if anyone else can reproduce... (assuming anyone else has time to do that of course...) Anyone got any suggestions of what to look into next? On Mon, Feb 7, 2022 at 5:05 PM Rob Sargent wrote: > > > On 2/7/22 14:50, Robert Tu

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

. I'm still working on the class path analysis as suggested by Rob S, even though the class in question should be in the class path in both cases. Thanks for the suggestion though. Robert On Mon, Feb 7, 2022 at 7:16 PM Neil Aggarwal wrote: > Robert: > > > Caused by: java.lang.NoCla

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

containing a class name will be resolved against the static members of the class. So, as to why it is different between the two environments, maybe it's as Rob S suggested (a classpath issue of some sort) -- I will continue looking in this direction On Mon, Feb 7, 2022 at 5:07 PM Robert Turner

Re: Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

M Rob Sargent wrote: > > > On 2/7/22 14:50, Robert Turner wrote: > > All > > > > I'm hoping that someone can point me in the right direction as this issue > > has been baffling me all day, and I'm starting to run out of ideas of > what > > to look at next.

Odd EL resolution issue - java.lang.NoClassDefFoundError: package/Class1 (wrong name: package/class1)

d anything obvious that would suggest what the problem might be. Hopefully someone has encountered this before and can nudge me in the right direction. Thanks in advance, Robert [1] Caused by: java.lang.NoClassDefFoundError: package1/Class1 (wrong name: package1/class1) at java.base/ja

Re: tomcat 7 slow to deploy web applications on m1 mac

On Tue, Jan 4, 2022 at 2:50 PM Mark Thomas wrote: > > > On 04/01/2022 19:23, Robert J. Carr wrote: > > I've been using tomcat for many years but unfortunately I'm stuck on > > version 7 (long story). I recently picked up a new workstation, an Apple > > M1 MacBook (

Re: tomcat 7 slow to deploy web applications on m1 mac

On Tue, Jan 4, 2022 at 2:50 PM Mark Thomas wrote: > > On 04/01/2022 19:23, Robert J. Carr wrote: > > I've been using tomcat for many years but unfortunately I'm stuck on > > version 7 (long story). I recently picked up a new workstation, an Apple > > M1 MacBook (M1

tomcat 7 slow to deploy web applications on m1 mac

now if there's any information that would help, but I tried to provide all of the relevant details I know of. Thanks! Robert

Re: Interesting log capability request

The catalina.out log should capture that information already, right? This is what I see when I shutdown my barebones Tomcat: 07-Oct-2021 15:19:03.276 INFO [main] org.apache.catalina.core.StandardServer.await A valid shutdown command was received via the shutdown port. Stopping the Server

Re: Http TRACE method headers in response body

My issue is that even though TRACE is disabled, we see the "malicious" header in the response. On Wed, 8 Sept 2021 at 17:01, Mark Thomas wrote: > > On 08/09/2021 14:14, Gilles Robert wrote: > > Hi, > > > > Using Spring boot (2.5.4) with Tomcat (9.0.52), the

Http TRACE method headers in response body

Hi, Using Spring boot (2.5.4) with Tomcat (9.0.52), the HTTP TRACE method is disabled by default and returns a 405 method not allowed, which is what I expect security-wise. My issue is that if one gives a malicious header: header: malicious: alert('malicious call'); it's given back in the

Re: [ANN] Apache Tomcat 9.0.50 available

1df29c1328e2632df2c1c449d4002becdd6464c79766ade506c058 > *apache-tomcat-9.0.50.zip > > So all is OK. Please check your files. > > BTW, the current version of Java 8 is 8u292. > > вт, 6 июл. 2021 г. в 17:10, Robert Hicks : > > > > I did a version and there seems to be a

Re: [ANN] Apache Tomcat 9.0.50 available

I did a version and there seems to be a mismatch? PS C:\apache-tomcat-9.0.50> cd bin PS C:\apache-tomcat-9.0.50\bin> .\version.bat Using CATALINA_BASE: "C:\apache-tomcat-9.0.50" Using CATALINA_HOME: "C:\apache-tomcat-9.0.50" Using CATALINA_TMPDIR: "C:\apache-tomcat-9.0.50\temp" Using

Re: Tomcat 9 and FIP-140 mode

ob On Mon, Aug 24, 2020 at 2:49 PM Robert Hicks wrote: > > > On Mon, Aug 24, 2020 at 12:48 PM Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Robert, >> >> On 8/24/2

JEP 411: Deprecate the Security Manager for Removal

Is that the "same" security manager we flip on for Tomcat or just an unfortunate naming coincidence? -- Bob

Tomcat (catalina.jar) Security Question

We are getting evaluated and one of the items that I need to do is change the "ServerInfo.properties" in the catalina.jar to set "server.info" and "server.version" to nonsense (really). I have the following Valve setup as well: At what point would the "ServerInfo.properties" actually show a

Re: [OT] Working with SAML

). As far as I can tell it's free to use as it's an MIT-style License. And at least, one can get at the code and "fix" things if needed. On Tue, Mar 16, 2021 at 4:19 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Robert, > > On 3/16/21 14:33, Rober

Re: [OT] Working with SAML

case. It doesn't do everything by any means, but was considerably smaller and simpler than most packages out there. Robert On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > All, > > I've got a system which is accepting one-legged, signed

Re: Unable to start Tomcat 10.0.4

I suggest you have a read here: https://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support The documentation covers the details you need to correctly configure Tomcat and SSL and links to a related page about SSL configuration. Notice the line: Each secure connector must define at

Re: Unable to start Tomcat 10.0.4

If you look at the stack trace, it tells you what the problem is: Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-openssl-nio-8443] So it no longer looks like you are

Re: Unable to start Tomcat 10.0.4

Your more recent exception log didn't include the "caused by" exception -- which is the actual failure details. Double-check that and make sure it's the same issue. Also, use netstat to confirm you aren't using the ports already. Changing it may just find another conflict (although less likely).

Re: Unable to start Tomcat 10.0.4

It's saying port 80 is already in use. Make sure another process (like IIS) isn't using the port already, or change your configuration to a different port. You can use 'netstat' (with options) to determine which process is using the port already. On Tue., Mar. 16, 2021, 07:36 , wrote: > Dear

Re: Tomcat Manager

#Configuring_Manager_Application_Access and using your choice of command-line tool to interact. I planned to use/test tomcat-manager: https://tomcatmanager.readthedocs.io/en/stable/install.html Best Regards, Robert On Wed, 2021-02-24 at 15:18 -0500, Robert Hicks wrote: > [EXTERNAL EMAIL ALERT]: Verify sender before open

Tomcat Manager

Is there a way (my google-fu is failing) to use the command line version of the manager but not have the front end UI available at all? Thanks, Bob

Re: Out of memory exception

Have you tried enabling heap dumps on OOM exceptions ( https://docs.oracle.com/javase/8/docs/technotes/guides/troubleshoot/clopts001.html ; HeapDumpOnOutOfMemoryError) and then looking at the heap dump? It should help you identify where the allocated heap is going to, and give you some ideas of

Re: Security Vulnerability -Default files

o do the work for you. (I do not have any suggestions on where to look for one though.) Robert On Thu, Jan 21, 2021 at 10:43 PM Nitin Kadam wrote: > Thank you Robert for your reply. > > If we upgrade the tomcat version from the current 8.5.38 to 8.5.61 will > this reme

Re: Security Vulnerability -Default files

also be able to modify the installation settings of the application using Add or Remove Programs in Windows Control Panel to remove the example applications if you'd prefer that approach instead of #1 above, but that might require reinstalling Tomcat again. Best of luck, Robert On Thu, Jan 21, 2

Re: TomCat 9 service failed to start on Windows after TomCat 9 update

I would check permissions on the folders/files. The account running the windows service may not have permissions to execute the programs or maybe access the directories. That's the first thing I would check. (Also check Event Viewer for any related messages). On Fri, Jan 15, 2021 at 8:24 AM Igor

Re: Browser complains of "weak signature algorithm" in cert on a new Tomcat installation. Does anybody here know anything about that sort of thing

You'll want to set the protocols, ciphers, and honorCipherOrder attributes on either the Connector or the SSLHostConfig objects in your server.xml file to restrict the available TLS/SSL protocols and ciphers available to avoid using weak ones. See the documentation here for details:

Re: TLS on Tomcat: Using ECC and RSA certificates together -- invalid intermediate certificate in chain

:56 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Robert, > > On 12/9/20 21:31, Robert Turner wrote: > > Actually, one incorrect statement in my previous response. testssl.sh > > didn't report the details of the certificate chain, only that it w

Re: TLS on Tomcat: Using ECC and RSA certificates together -- invalid intermediate certificate in chain

broken). Sorry about that. Robert On Wed, Dec 9, 2020 at 9:22 PM Robert Turner wrote: > Thanks Chris for replying. > > I'm pretty sure I'm using the APR connector. Without double-checking how > things are configured... the startup logs show: > > 09-Dec-2020 21:05

Re: TLS on Tomcat: Using ECC and RSA certificates together -- invalid intermediate certificate in chain

s: Chain of trust NOT ok (chain incomplete) And when I connect using "openssl s_client -connect :", I see only the initial certificate in the server response, where normally I would see the chain listed out up to the root CA. So unfortunately, it looks like that doesn't quite work properl

TLS on Tomcat: Using ECC and RSA certificates together -- invalid intermediate certificate in chain

for ECC versus RSA). Thanks for any suggestions anyone can provide, Robert

Re: Virtual event focussed on Tomcat Security

On Thu, Oct 15, 2020 at 2:01 PM Mark Thomas wrote: > On 29/09/2020 12:25, Mark Thomas wrote: > > Hi all, > > > > We (the Tomcat community) have some funding from Google to help us > > improve Tomcat security. Our original plan was to use the funding to > > support an in-person security focussed

Re: Tomcat 9 and FIP-140 mode

On Mon, Aug 24, 2020 at 12:48 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Robert, > > On 8/24/20 11:04, Robert Hicks wrote: > > Maybe it's just better to straight up ask. I've found a

Tomcat 9 and FIP-140 mode

Maybe it's just better to straight up ask. I've found a couple of Google searches but nothing for Tomcat 9 and the information seems sporadic, incomplete, or contradictory. How do you enable FIPS-140 for Tomcat 9 (using JDK 8)? Thanks in advance. -- Bob

Re: Tomcat 9 and FIPS-140

GP SIGNED MESSAGE- > Hash: SHA256 > > Robert, > > On 8/18/20 16:19, Robert Hicks wrote: > > Is this article good for enabling FIPS-140 for Tomcat 9? > > [citation needed] > > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using G

Tomcat mod_jk rpm-build for CentOS-8 - exit with error.

@Klaus Trachtler: Managed to build mod_jk RPM for CentOS8. See https://gist.github.com/robertoschwald/3317b4d777f44260fef86c5059955ffc

Tomcat 9 and FIPS-140

Is this article good for enabling FIPS-140 for Tomcat 9? Thanks, Bob

Tomcat shutdown password complexity

I am trying to find what the password complexity can be. I've looked at several hardening guides and they are all "WordsLikeThis". Does the shutdown password take symbols and numbers or at least hyphenated words? Thanks, Bob

RE: [External] After upgraded to Tomcat 9.0.31, ISAPI Redirector is not "working" when SSL enabled in IIS

is not "working" when SSL enabled in IIS thank you very much, it is working now! On Thu, Mar 12, 2020, 11:50 Mills, Robert - CTR [ASM Research] wrote: > Hi KC > > I hit that also. Turns out if I added this: > >allowedRequestAttributesPattern=".*" &g

RE: [External] After upgraded to Tomcat 9.0.31, ISAPI Redirector is not "working" when SSL enabled in IIS

Hi KC I hit that also. Turns out if I added this: allowedRequestAttributesPattern=".*" Then I got past the 403. I think this is supposed to be fixed in the next release of tomcat. Give it a shot. Toby -Original Message- From: KC Mok Sent: Wednesday, March 11, 2020

Re: Tomcat 9 : relaxedQueryChars

On Wed, Mar 4, 2020 at 4:46 PM Mark Thomas wrote: > On 04/03/2020 20:20, Robert Hicks wrote: > > We are getting the following over and over in our catalina.out file: > > > > java.lang.IllegalArgumentException: Invalid character found in the > request > > target. Th

Tomcat 9 : relaxedQueryChars

We are getting the following over and over in our catalina.out file: java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 Our server.xml has the following copied from an online search I think:

FW: Apache Tomcat versions and proof of support

Good morning, I wanted to follow up on my previous email regarding proof of support for earlier versions. Please advise if anyone could ASAP. Regards, Robert Hallstrom Configuration Management Specialist Imagine One Technology & Management, Ltd. 2510 Walmer Ave. Ste. A, Norfolk, VA 2

Apache Tomcat

Good morning, I need documentation to prove that version 8.5.16 is still supported. We use it in supporting a legacy application and need that in order to keep doing so. Do you know where I can find a list of what versions are still supported? Regards, Robert Hallstrom Configuration

Re: Tomcat 9 relaxedQueryChars format

of > > the following characters: " < > [ \ ] ^ ` { | } . Any other characters > > present in the value will be ignored. > > > On Fri, 29 Nov 2019 at 15:39, M. Manna wrote: > > > Robert, > > > > On Fri, 29 Nov 2019 at 15:28, Robert Hicks > wrot

Tomcat 9 relaxedQueryChars format

What is the correct format? I see the following used when I do a search: relaxedQueryChars="[,],{,}.|" relaxedQueryChars="[ ] { } |" relaxedQueryChars="[]|{}^" We use that last one. I am running down this error: java.lang.IllegalArgumentException: Invalid character found in the request

Re: EOL for Tomcat 9.X ?

Thanks! -- Bob On Fri, Oct 18, 2019 at 11:41 AM Olaf Kock wrote: > > On 18.10.19 17:25, Robert Hicks wrote: > > Management is asking me if there is an end of life for Tomcat 9 > reported. I > > don't see anything on the tomcat web site. > > Mark recently answered

EOL for Tomcat 9.X ?

Management is asking me if there is an end of life for Tomcat 9 reported. I don't see anything on the tomcat web site. Thanks, -- Bob

Re: [OT] Re: Question about DirResourceSet?

Hi! On Tue, 2019-10-15 at 14:37 +0100, Mark Thomas wrote: > Generally, no. You've done it in what I'd consider to be the "safer" way > by exposing all the JARs visible to the client to the application's > class loader rather than the other way around. Ok, good to hear, we will try this and

Question about DirResourceSet?

Hi! Some background: We are currently running tomcat (9.0.26) and we serve data to both html/webapp and to our java application. The java application uses a lot of the same jar files that our servlets use. We have had tomcat setup with two directories: 1) webapps//WEB-INF/lib (as usual for

Tomcat 9.0.20 : send email on errors

Using the default logging (java.util.logging) is it possible to have Tomcat itself (not a jsp or servlet) send an email if it is unable to log or there are errors in its log files? The scenario I am thinking of would be if the logging file system is full or unavailable due to other issues.

RE: Number of Web Applications in one Tomcat

We have had a single tomcat with multiple applications (10 or more) for many years (since 2002), and are now separating them. The main reason being that when one application crashes it can bring down the whole tomcat (e.g. oom errors). Robert Purvis robert.pur...@nhs.net<mailto:robert.

Re: inconsistency with session persistence

be able to turn it off if it'd help in diagnosing this problem. Thanks- Robert

Re: inconsistency with session persistence

if that WARNING is causing issues. Thanks for the guidance, but please let me know if there's anything else I can look at. Robert

Re: inconsistency with session persistence

ent with the documentation, so not sure what I'm doing wrong. Thanks- Robert

inconsistency with session persistence

(long story). Thanks for any help! Robert

  1   2   3   4   5   6   >