Re: Undefined behaviour with Credential Handler

Yes but that requires implementing your own credential handler. But the default one will still have the bug. Right now I am thinking of using an authentication framework like Apache Shiro. On Thu, Sep 10, 2015 at 1:48 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN

RE: Firefox SSL with APR - losing client certificate

Reported as Bug 58244 - two way SSL loses client certificate after a few requests https://bz.apache.org/bugzilla/show_bug.cgi?id=58244 David Balažic > -Original Message- > From: David Balažic > Sent: 7. August 2015 17:38 > To: users@tomcat.apache.org > Subject: Firefox SSL with APR -

cluster isn't deploying apps to all members

Hi all, I think I "solved" it myself. My problem was that when I deployed a webaap on one of the cluster-members it didn't get deployed on the other member. I did this with the manager web-application. However when I drop a war-file in the watchDir of the farmWarDeployer it gets deployed to the

Re: DNS is hijacked and some filty AD is added at the bottom of our webpage

On 9/9/2015 8:46 AM, shi wrote: Hi gurus, We have a website running at a tomcat. Its web pages looks good. Recently, we, however, find some of web pages contain the filthy AD at the bottom of the page. Here are the ways this could be happening: 1. Your server is compromised and it's your

Re: Undefined behaviour with Credential Handler

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sreyan, On 9/10/15 8:10 AM, Sreyan Chakravarty wrote: > Yes but that requires implementing your own credential handler. Sorry, I thought you had implemented your own credential handler. > But the default one will still have the bug. Oh, I was

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 9/9/15 9:43 PM, Pottinger, Hardy J. wrote: > It doesn't matter which Authenticator is installed, they all behave > the same way. The user name from httpd is used to populate the > remote user name and the user principal and the user

Re: cluster isn't deploying apps to all members

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martijn, On 9/10/15 7:39 AM, Martijn Bos wrote: > I think I "solved" it myself. > > My problem was that when I deployed a webaap on one of the > cluster-members it didn't get deployed on the other member. I did > this with the manager

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, September 09, 2015 1:50 PM > To: Tomcat Users List > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP SIGNED MESSAGE- > Hash:

RE: seeking help with stabilizing the persistence of a JSESSIONID

Hi, in helping a colleague diagnose another problem for another servlet, I was using PsiProbe, and I noticed that it has session diagnostics. Doh! I promptly fired up PsiProbe on my Tomcat server, returning to this JSESSIONID issue, and watched the session get created as part of a password

RE: Multiple JSESSIONID cookies being presented.

> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Subject: RE: Multiple JSESSIONID cookies being presented. > I checked the error.jsp file and it does have session=true set, and if the > icon file > is missing, the error.jsp is definitely being sent. > So it looks like the

Re: cluster isn't deploying apps to all members

On 10-09-15 17:43, Christopher Schultz wrote: > Martijn, > > On 9/10/15 7:39 AM, Martijn Bos wrote: >> I think I "solved" it myself. > >> My problem was that when I deployed a webaap on one of the >> cluster-members it didn't get deployed on the other member. I did >> this with the manager

Intermittent failure while deploying war file on Tomcat 8.0.24

Tomcat version: 8.0.24 OS RHEL 6.6 Just one war file (ascws.war) is deployed under it. We are seeing intermittent failure while deploying war file, tomcat logs indicates (zip file is empty) exception is mentioned below. We have verified file is correct (non zero), and only way to recover from

Re: [somewhat OT] Undefined behaviour with Credential Handler

Hi. I have been following this thread loosely, and I have nothing about Tomcat authentication per se, but maybe now may be the moment to suggest another approach : why not use an Apache httpd as a front-end to Apache Tomcat, do the user authentication/authorization at the Apache httpd level

How to Upgrade Java JDK 7 to JDK8 with Keystore SSL Certificate in Tomcat 7

I have Tomcat 7.0.42 on a Windows 2008R2 server. I’m pretty new to Tomcat. It uses Java JDK and is configured with a standard JSSE SSL certificate. How do I upgrade Java on an existing Tomcat server? All the documentation is for configuring new installations. I can repeat the whole

Re: Undefined behaviour with Credential Handler

"Feel free to do that. You'll have to implement a lot of plumbing code yourself to use Apache Shiro. (It seems like Tomcat ought to support Shiro, eh? Maybe we should get together with them to build an out-of-the-box configurable component in Tomcat)." Well I don't know that but you people could

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/10/15 1:00 PM, Pottinger, Hardy J. wrote: > The session attribute we are creating to hold the flag to indicate > the session is "interrupted"... is not serializable... which I > think means that, when the new session is created as part

RE: seeking help with stabilizing the persistence of a JSESSIONID

>putting Serializable objects in the session is surely a good idea >in general. I agree, especially, as you mention, if we intend to distribute sessions among various containers. >Tomcat's session-fixation-prevention amounts to changing the session >identifier while keeping the session in-tact.

Re: Multiple JSESSIONID cookies being presented.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 9/10/15 12:26 PM, Jeffrey Janner wrote: > Thanks for all the help guys. I think I've sussed out what is > going on here. Now just have to get the Dev guys to address it. > > After spending a good bit of time clearing and watching

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/10/15 3:36 PM, Pottinger, Hardy J. wrote: >> putting Serializable objects in the session is surely a good >> idea in general. > > I agree, especially, as you mention, if we intend to distribute > sessions among various containers. >

RE: seeking help with stabilizing the persistence of a JSESSIONID

I can see in our log files that we log the session ID as part of the authentication process so it's probable that our authentication code needs a bit more work to accommodate the changing session ID. I'll see if I can figure it out. From: Christopher

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/10/15 5:08 PM, Pottinger, Hardy J. wrote: > I can see in our log files that we log the session ID as part of > the authentication process so it's probable that our > authentication code needs a bit more work to accommodate the >