Re: Apache Tomcat will close connection on slow file download with non blocking http protocol

[Mark Thomas]

On 29/10/2015 07:53, Pentzlin, David wrote:
> Per default the protocol in server.xml is configured as protocol="HTTP/1.1". 
> with newer tomcat versions this will use a non blocking protocol if possible.
> 
> Problem:
> Setup Tomcat (8.0.28) with default settings. Copy a file in a webapp e.g. 
> webapps/root and download the file with limited speed to simulate a slow 
> modem download.
> wget http://xxx.xxx.xxx.xxx:8080/xxx/7.zip --limit-rate=1k
> Connection will be closed always after 6minutes and 24seconds
> Saving to: '7.zip'
> 7.zip   0%[  ] 767.99K  1.00KB/s   in 6m 24s
> 2015-10-28 17:27:39 (1024 B/s) - Connection closed at byte 786426. Retrying.
> 
> if i change the protocol to (blocking):
>   protocol="org.apache.coyote.http11.Http11Protocol"
> everything is fine and the download will complete with slow speed.
> If the change the speed (default HTTP/1.1) the time after the connection is 
> closed is different (e.g. for 7kb/sec it will always close after 3minutes and 
> 21sec). If the speed is 8kb/sec or higher the download seems to be stable 
> with both protocols.
> What could be the issue?

It depends a lot on how the rate limiting is implemented, what is
buffered where and when stuff times out.

That said, I'd expect the behaviour to be consistent between the
different connector implementations. Timeouts is one of those areas
where differences have crept in. Please open a Bugzilla issue for this
so it doesn't get lost and someone will take a look.

Thanks,

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: Suppress or replace WWW-Authorization header

[tomcat]

On 29.10.2015 10:12, chris derham wrote:

Torsten,

Add an interceptor to AngularJS to detect the 401 and do whatever you
want, e.g. redirect to a login page. Then when you have the
credentials, submit to login rest api, get a token, and then make all
other calls passing this token.

There are loads of examples on how to do this on the internet. This
isn't tomcat specific.

function globalInterceptorResponse($injector, $q) {
 return {
 'response': function (response) {
 return response;
 },
 'responseError': function (rejection) {
 switch (rejection.status) {
...
 case 401:
 console.warn("Hit 401 - redirecting to login");
 window.location = '/login';
 break;
...
 default:
 console.warn(rejection);
 }
 return $q.reject(rejection);
 }
 };
}
globalInterceptorResponse.$inject = ['$injector', '$q'];

then in request config,

$httpProvider.interceptors.push(globalInterceptorResponse);


This won't work because the application doesn't get a chance to do
anything until Tomcat completes its authentication/authorization work.
If the application were handling the authentication/authorization, then
the original Filter would have worked.

-chris


Chris,

I think that you thought the above was server-side java code. The
above was javascript code that runs in the browser. It does work - I
copied it from a project I am working on now.



Hi.

I will not dispute the fact that this solution works for you, and that it could also work 
for Torsten. And I must say that it looks elegant, from a javascript point of view.


I will just submit a personal opinion, based on long experience, that says that any 
solution (for this kind of interacting-with-servers issue) which is browser-based, is 
always more fragile and inherently more unstable, than a solution based on normal HTTP 
interactions and implemented at the server side. (*)
There are always little differences among browsers and browser versions, as to how they 
handle javascript code. And there are many things that a user can do with his browser, 
that can interfere with such things.

And problems on that side will always be very time-consuming to identify and 
debug.
A server-side, protocol-compliant solution on the other hand, will work with any 
HTTP-compliant browser (which does not necessarily include all versions of Internet 
Explorer), and be a lot easier to maintain.


End of opinion.

(*) with an exception for all the marvelous things which you can do with tools like 
jQuery, when used judiciously at the level of the browser-side presentation and user 
interaction.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_jk make error with OSX 10.11.1

[Christopher Schultz]

Rainer,

On 10/29/15 5:31 AM, Rainer Jung wrote:
> Am 29.10.2015 um 03:59 schrieb Christopher Schultz:
>> Youngho,
>>
>> On 10/28/15 10:35 PM, Youngho Cho wrote:
>>>   Just before I upgrade to OSX 10.11.1
>>>
>>>   And try to compile Apache mod_jk 1.2.41.
>>>
>>> But the make is fail.
>>>
>>>   YounghoiMac:native youngho$ sudo make
>>>
>>> Making all in common
>>> usr/share/apr-1/build-1/libtool --silent --mode=compile
>>> /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/cc
>>>
>>> -I. -I/usr/include/apache2 -arch x86_64 -DHAVE_CONFIG_H -DHAVE_APR
>>> -I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/include/apr-1
>>>
>>> -I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/include/apr-1
>>>
>>> -arch x86_64 -DHAVE_CONFIG_H -DDARWIN -DSIGPROCMASK_SETS_THREAD_MASK
>>> -DDARWIN_10
>>> -I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/include/apr-1
>>>
>>> -c jk_ajp12_worker.c -o jk_ajp12_worker.lo
>>> In file included from jk_ajp12_worker.c:26:
>>> In file included from ./jk_ajp12_worker.h:27:
>>> In file included from ./jk_logger.h:27:
>>> ./jk_global.h:78:10: fatal error: 'apr_lib.h' file not found
>>> #include "apr_lib.h"
>>>   ^
>>> 1 error generated.
>>> make[1]: *** [jk_ajp12_worker.lo] Error 1
>>> make: *** [all-recursive] Error 1
>>>
>>> ---
>>>
>>>   How can I fixed it ?
>>>
>>>   Someone also have same trouble
>>>
>>>  
>>> https://stackoverflow.com/questions/33402932/tomcat-connectors-mod-jk-make-error#_=_
>>>
>>
>> When you ran "configure", what options did you choose?
> 
> In addition to that question: when building mod_jk for the Apache web
> server 2.x, it uses the APR libraries, which are also used for the
> Apache web server. During the build it needs the header files for APR.
> Sometimes they must be installed with some developer package for APR.
> From the above it looks like your APR headers files (like apr_lib.h)
> should be located in
> /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/include/apr-1
> but somehow they are not.

This can happen when XCode is updated and the XCode Command-Line tools
are not upgraded at the same time.

This can also happen if OS X / XCode is feeling cranky, and just wants
to break everything because it thinks it's going to be fun. I've had to
deal with OS/XCode upgrades moving things around and generally breaking
command-line-based builds. It's really the only thing that drives me
crazy about OS X.

Try looking in
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/
to see what directories *do* exist. You might have to re-run "configure"
with some additional paths in your CFLAGS.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: Suppress or replace WWW-Authorization header

[Christopher Schultz]

Chris,

On 10/29/15 5:12 AM, chris derham wrote:
>>> Torsten,
>>>
>>> Add an interceptor to AngularJS to detect the 401 and do whatever you
>>> want, e.g. redirect to a login page. Then when you have the
>>> credentials, submit to login rest api, get a token, and then make all
>>> other calls passing this token.
>>>
>>> There are loads of examples on how to do this on the internet. This
>>> isn't tomcat specific.
>>>
>>> function globalInterceptorResponse($injector, $q) {
>>> return {
>>> 'response': function (response) {
>>> return response;
>>> },
>>> 'responseError': function (rejection) {
>>> switch (rejection.status) {
>>> ...
>>> case 401:
>>> console.warn("Hit 401 - redirecting to login");
>>> window.location = '/login';
>>> break;
>>> ...
>>> default:
>>> console.warn(rejection);
>>> }
>>> return $q.reject(rejection);
>>> }
>>> };
>>> }
>>> globalInterceptorResponse.$inject = ['$injector', '$q'];
>>>
>>> then in request config,
>>>
>>> $httpProvider.interceptors.push(globalInterceptorResponse);
>>
>> This won't work because the application doesn't get a chance to do
>> anything until Tomcat completes its authentication/authorization work.
>> If the application were handling the authentication/authorization, then
>> the original Filter would have worked.
>>
>> -chris
> 
> Chris,
> 
> I think that you thought the above was server-side java code. The
> above was javascript code that runs in the browser. It does work - I
> copied it from a project I am working on now.

Yes, I was missing the fact that parts (or all?) of AngularJS run on the
client. Thanks for clarifying that bit.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat answers on port 80, not on 443

[Beyer, Gregory L]

Thank you, Chris.   You've cut it down to the crux which, in my ignorance of 
felix vs Tomcats role,  I didn't understand.  Essentially, chasing the solution 
in Tomcat is a red herring.  Looking at the apps config file, it references 
"org.apache.felix.https" several times which is a strong sign that Felix Is 
_supposed_ to handle the SLL, but it's not working as it should.  I'll go back 
to the app's developer with the problem.

__
Gregory Beyer
gbey...@gatech.edu

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Wednesday, October 28, 2015 3:31 PM
To: Tomcat Users List 
Subject: Re: Tomcat answers on port 80, not on 443

Gregory,

On 10/27/15 1:57 PM, Beyer, Gregory L wrote:
> Still struggling with this.   I'm amazed that implementing SSL in
> Tomcat is so difficult.  It's not in straight Apache, or IIS.  Is 
> Tomcat really so different an animal?

No, Tomcat is not so different an animal. But you aren't using Tomcat.
You are using Apache Felix + your application + who knows what else + Tomcat 
and asking why "Tomcat" won't configure your TLS correctly.

Configuring a  in Tomcat's conf/server.xml file is fairly 
straightforward. Instead, you have decided to create a  with no TLS 
configuration and then expect Tomcat to somehow infer the /real/ TLS 
configuration information from some arbitrary file where you just happen to 
have specified the keystore path on the disk.

This is a question that YOU need to answer before anyone can offer you help 
here: is Apache Felix responsible for configuring Tomcat's TLS connector or 
not? If you don't know the answer, find someone on your team who DOES know the 
answer and I suspect you'll have 50% of the way to your solution.

> I tried changing \\Program files  to \\progra~1\ -- no joy.:-(

This shouldn't matter.

> A question I posed last week that got overlooked -- Am I supposed to 
> import the .keystore into my cacerts file?  When I open the cacerts 
> file that came with the java install,  it contains  30-40 certifs
> (key-pairs?)   that I didn't create.

You should pretty much never modify cacarts.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat will close connection on slow file download with non blocking http protocol

[Christopher Schultz]

Pentzlin,

On 10/29/15 8:41 AM, Mark Thomas wrote:
> On 29/10/2015 07:53, Pentzlin, David wrote:
>> Per default the protocol in server.xml is configured as protocol="HTTP/1.1". 
>> with newer tomcat versions this will use a non blocking protocol if possible.
>>
>> Problem:
>> Setup Tomcat (8.0.28) with default settings. Copy a file in a webapp e.g. 
>> webapps/root and download the file with limited speed to simulate a slow 
>> modem download.
>> wget http://xxx.xxx.xxx.xxx:8080/xxx/7.zip --limit-rate=1k
>> Connection will be closed always after 6minutes and 24seconds
>> Saving to: '7.zip'
>> 7.zip   0%[  ] 767.99K  1.00KB/s   in 6m 24s
>> 2015-10-28 17:27:39 (1024 B/s) - Connection closed at byte 786426. Retrying.
>>
>> if i change the protocol to (blocking):
>>   protocol="org.apache.coyote.http11.Http11Protocol"
>> everything is fine and the download will complete with slow speed.
>> If the change the speed (default HTTP/1.1) the time after the connection is 
>> closed is different (e.g. for 7kb/sec it will always close after 3minutes 
>> and 21sec). If the speed is 8kb/sec or higher the download seems to be 
>> stable with both protocols.
>> What could be the issue?
> 
> It depends a lot on how the rate limiting is implemented, what is
> buffered where and when stuff times out.
> 
> That said, I'd expect the behaviour to be consistent between the
> different connector implementations. Timeouts is one of those areas
> where differences have crept in. Please open a Bugzilla issue for this
> so it doesn't get lost and someone will take a look.

Great test-case, by the way:

1. Starts with "Install a stock Tomcat x.y.z, then modify it in this way"
2. Includes repeatable objective criteria to test, using
easily-available tools
3. Demonstrates the failure (I haven't replicated it myself, but given
the quality of the post, I suspect it will be trivially reproducible)

This is much better than the "Tomcat crashed when I ran my home-spun
client against it what is wrong please help me super rushed deadline
here" reports we get sometimes.

Well done.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: AW: AW: Tomcat 6, DB2 Driver Problems

[Christopher Schultz]

Simon,

On 10/29/15 4:28 AM, simone.rodenbach@devk.de wrote:
> Thx,
> 
> I hope this information helps: (The 
> org.apache.commons.pool.impl.GenericObjectPool starts a timer ... )
> 
> ava.util.TimerThread @ 0xc0772288 
>   |Timer-0|  128 |   384 
> |org.apache.catalina.loader.WebappClassLoader @ 0xc04bed30|true
> |- at java.lang.Object.wait(J)V (Native Method)   
>|   |  |   |   
>   |
> |- at java.util.TimerThread.mainLoop()V (Timer.java:552)  
>|   |  |   |   
>   |
> |- at java.util.TimerThread.run()V (Timer.java:505)   
>|   |  |   |   
>   |
> |  '-  java.util.TimerThread @ 0xc0772288  Timer-0 Thread  
>|   |  128 |   384 |   
>   |
> | |-  class java.util.TimerThread @ 0xc0cd5080 System Class
>|   |0 | 0 |   
>   |
> | |- group java.lang.ThreadGroup @ 0xc048b400  main   
>|   |   48 |   208 |   
>   |
> | |- contextClassLoader org.apache.catalina.loader.WebappClassLoader @ 
> 0xc04bed30|   |  200 | 1.314.384 |
>  |
> | |- , queue java.util.TaskQueue @ 0xc0758a80 Busy Monitor
>|   |   24 | 1.528 |   
>   |
> | |-  java.util.TimerThread @ 0xc0772288  Timer-0 Thread  
>|   |  128 |   384 |   
>   |
> | |- name char[7] @ 0xc0772408  Timer-0   
>|   |   32 |32 |   
>   |
> | |- inheritedAccessControlContext java.security.AccessControlContext @ 
> 0xc0772428   |   |   40 |   104 | 
> |
> | |- inheritableThreadLocals java.lang.ThreadLocal$ThreadLocalMap @ 
> 0xc0772490   |   |   24 |   104 | 
> |
> | |- blockerLock java.lang.Object @ 0xc07724f8
>|   |   16 |16 |   
>   |
> | |-  org.apache.commons.pool.impl.GenericObjectPool$Evictor 
> @ 0xeefe76d0|   |   40 |40 |  
>|
> | |-  java.lang.Object @ 0xeefe76f8   
>|   |   16 |16 |   
>   |
> | '- Total: 11 entries
>|   |  |   |   
>   |
> '- Total: 3 entries   
>|   |  |   |   
>   |
> 

This was very difficult to interpret.

> The stacktrace shows only:
> 
> Timer-1
>   at java.lang.Object.wait(J)V (Native Method)
>   at java.util.TimerThread.mainLoop()V (Timer.java:552)
>   at java.util.TimerThread.run()V (Timer.java:505)

This was not, and it was about what I expected.

Usually when a thread if blocked on a monitor, it will give you the hex
address of the object being used as the monitor, and then you can do
find out what object that is. In the case of the Timer, it might just be
it's waiting on itself.

Once you find out what that timer does when it wakes up, you'll probably
find out who created the timer.

If the timer thread truly is executing the GenericObjectEvictor, then
there may be a bug in Tomcat. I don't see anything in the changelog that
would explain this, but could you re-try your testing with Tomcat 6.0.44?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 7.0.66 expected release date?

[Ryan Fong]

G'day. I'd like to know if there is an expected release date for Tomcat 7.0.66. 
I was unable to locate a build schedule or calendar for Tomcat. Thank you.

X-FRame-Option

[Walsh, Joseph]

good afternoon all...

I have been recently been "relocated" within our IT dept and now tasked with
supporting Apache Tomcat on windows...  Our cyber dept scanner has identified 
my app as vulnerable to clickjacking ...

Anyone have any luck adding the X-Frame-Option in a windows environment?
I have tried using the built in filter with no luck ...seems plenty of fixes 
but all I find seems to be geared towards a Unix install...
currently running Apache Tomcat vers 8.0.26

thanks
JoeW


Email jwa...@bnl.gov

Re: Tomcat 7.0.66 expected release date?

[Mark Thomas]

On 29/10/2015 18:09, Ryan Fong wrote:
> G'day. I'd like to know if there is an expected release date for Tomcat 
> 7.0.66.

No.

Releases happen roughly monthly but that can vary due to a variety of
factors. 7.0.65 was second week of October so probably by the end of
November for 7.0.66. But there is no guarantee on that.

> I was unable to locate a build schedule or calendar for Tomcat.

Correct. No such schedule exists.

Very roughly, 8.0.x releases monthly around end of week 1 / start of
week 2 depending on how long it takes to fix the remaining open bugs
come the end of the month. 7.0.x normally releases a week or so later.
6.0.x releases roughly every 6 months or so.

All of this also depends on the availability of the volunteers acting as
release managers.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: X-FRame-Option

[Konstantin Kolinko]

2015-10-29 22:35 GMT+03:00 Walsh, Joseph :
> good afternoon all...
>
> I have been recently been "relocated" within our IT dept and now tasked with
> supporting Apache Tomcat on windows...  Our cyber dept scanner has identified 
> my app as vulnerable to clickjacking ...
>
> Anyone have any luck adding the X-Frame-Option in a windows environment?
> I have tried using the built in filter with no luck ...seems plenty of fixes 
> but all I find seems to be geared towards a Unix install...
> currently running Apache Tomcat vers 8.0.26


If you expect others to reproduce your result,  you have to provide
exact steps (like in a good bug report) and "what you have seen" and
"what you have expected".

Beware of typos in your configuration.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: X-FRame-Option

[Walsh, Joseph]

Konstantin good afternoon ..

my servers are being scanned by a "security Center" by Tenable--
complaining --server is not returning x-frame-option heading --
I can confirm this with Mozilla firebug..

within the tomcat\conf\web.xml file there is "built in filters"

as I have configured below: (thinking maybe "syntax" in incorrect ? )
I was hoping to see the response header change--and have the x-frame-option 
added to it ...

thank you 
joe
[Apache Tomcat newbie]


  

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  


httpHeaderSecurity

org.apache.catalina.filters.HttpHeaderSecurityFilter
true
true
SAMEORIGIN
true


Joe W
Email jwa...@bnl.gov


-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] 
Sent: Thursday, October 29, 2015 3:43 PM
To: Tomcat Users List
Subject: Re: X-FRame-Option

2015-10-29 22:35 GMT+03:00 Walsh, Joseph :
> good afternoon all...
>
> I have been recently been "relocated" within our IT dept and now 
> tasked with supporting Apache Tomcat on windows...  Our cyber dept scanner 
> has identified my app as vulnerable to clickjacking ...
>
> Anyone have any luck adding the X-Frame-Option in a windows environment?
> I have tried using the built in filter with no luck ...seems plenty of fixes 
> but all I find seems to be geared towards a Unix install...
> currently running Apache Tomcat vers 8.0.26


If you expect others to reproduce your result,  you have to provide exact steps 
(like in a good bug report) and "what you have seen" and "what you have 
expected".

Beware of typos in your configuration.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

80ms delay switching between worker threads

[Farzad Panahi]

Hi,

I am using tomcat 8.0.23 to terminate my websocket connections. I was
looking at my trace logs and noticed that when tomcat worker thread
responsible for processing websocket messages switches to a different
thread, there is about 80ms delay. In my OnMessage implementation I
let the work done for each message by thread from the executor service
thread pool. So onMsg method supposed to return immediately.
Here is the OnMessage implementation and trace log messages. Any ideas
what is causing that delay?


@OnMessage
public void onMsg(Session session, byte[] request) {
LOGGER.trace(COLLECTOR_ENDPOINT_MARKER, "message-trace: in: onMsg:
sessionId: {}, request: {}", () -> session.getId(), () ->
request.hashCode());

executorService.execute(() ->
{
  try {
   ByteBuffer response = ByteBuffer.wrap(getResponse(session, request));
   synchronized (session) {
   session.getBasicRemote().sendBinary(response);
   }
  } catch (Exception e) {
  LOGGER.catching(Level.FATAL, e);
 }
   });
}



23:39:59.723 [http-nio-8080-exec-9] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 61159560
23:39:59.723 [http-nio-8080-exec-9] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1603450534
23:39:59.723 [http-nio-8080-exec-9] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1776164192
23:39:59.723 [http-nio-8080-exec-9] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1289655200
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 2012164707
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1683437101
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1996648771
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1558367554
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1376817303
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 262877862
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1799864953
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 562399886
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 2001150465
23:39:59.804 [http-nio-8080-exec-4] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 565117005
23:39:59.885 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 853722315
23:39:59.885 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 905622955
23:39:59.886 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 524911688
23:39:59.886 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 924137147
23:39:59.886 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 334850062
23:39:59.886 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1942147126
23:39:59.886 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 544895426
23:39:59.886 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1044655000
23:39:59.886 [http-nio-8080-exec-8] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 105480518
23:39:59.967 [http-nio-8080-exec-6] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 263098887
23:39:59.967 [http-nio-8080-exec-6] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 851943979
23:39:59.967 [http-nio-8080-exec-6] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1368132917
23:39:59.967 [http-nio-8080-exec-6] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 62533047
23:39:59.967 [http-nio-8080-exec-6] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 2021636461
23:39:59.967 [http-nio-8080-exec-6] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 1999014579
23:39:59.967 [http-nio-8080-exec-6] TRACE {} CollectorEndPoint -
message-trace: in: onMsg: start: sessionId: 0, request: 

Re: X-FRame-Option

[Konstantin Kolinko]

2015-10-29 23:03 GMT+03:00 Walsh, Joseph :
> Konstantin good afternoon ..
>
> my servers are being scanned by a "security Center" by Tenable--
> complaining --server is not returning x-frame-option heading --
> I can confirm this with Mozilla firebug..
>
> within the tomcat\conf\web.xml file there is "built in filters"
>
> as I have configured below: (thinking maybe "syntax" in incorrect ? )
> I was hoping to see the response header change--and have the x-frame-option 
> added to it ...
>
> thank you
> joe
> [Apache Tomcat newbie]

1. Rules:
http://tomcat.apache.org/lists.html#tomcat-users
-> 6. Don't top-post.

2. The conf/web.xml file provides default values for web.xml files of
web applications. It is much better to configure a filter in a
specific web application.

> 
> httpHeaderSecurity
> 
> org.apache.catalina.filters.HttpHeaderSecurityFilter
> true
> true
> SAMEORIGIN
> true
> 


3. See Servlet Specification on how filters are configured.  A
 element by itself is useless, unless it is accompanied by
 elements.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: X-FRame-Option

[Mark Eggers]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joseph,

As per list conventions, I'm posting at the bottom. I'll copy over the
relevant parts of your XML.


On 10/29/2015 1:03 PM, Walsh, Joseph wrote:
> Konstantin good afternoon ..
> 
> my servers are being scanned by a "security Center" by Tenable-- 
> complaining --server is not returning x-frame-option heading -- I
> can confirm this with Mozilla firebug..
> 
> within the tomcat\conf\web.xml file there is "built in filters"
> 
> as I have configured below: (thinking maybe "syntax" in incorrect ?
> ) I was hoping to see the response header change--and have the
> x-frame-option added to it ...
> 
> thank you joe [Apache Tomcat newbie]
> 
> 
> 
> 
>
> 
>  httpHeaderSecurity 
> org.apache.catalina.filters.HttpHeaderSecurityFilter
>
> 
true
> true 
> SAMEORIGIN 
> true 
> 
> Joe W Email jwa...@bnl.gov
> 
> 
> -Original Message- From: Konstantin Kolinko
> [mailto:knst.koli...@gmail.com] Sent: Thursday, October 29, 2015
> 3:43 PM To: Tomcat Users List Subject: Re: X-FRame-Option
> 
> 2015-10-29 22:35 GMT+03:00 Walsh, Joseph :
>> good afternoon all...
>> 
>> I have been recently been "relocated" within our IT dept and now
>>  tasked with supporting Apache Tomcat on windows... Our cyber
>> dept scanner has identified my app as vulnerable to clickjacking
>> ...
>> 
>> Anyone have any luck adding the X-Frame-Option in a windows
>> environment? I have tried using the built in filter with no luck
>> ...seems plenty of fixes but all I find seems to be geared
>> towards a Unix install... currently running Apache Tomcat vers
>> 8.0.26
> 
> 
> If you expect others to reproduce your result,  you have to provide
> exact steps (like in a good bug report) and "what you have seen"
> and "what you have expected".
> 
> Beware of typos in your configuration.
> 
> Best regards, Konstantin Kolinko

Here is the relevant portion of your web.xml:


  httpHeaderSecurity
  
org.apache.catalina.filters.HttpHeaderSecurityFilter
  
  true
  true   
SAMEORIGIN
  true


Sorry for the formatting, but line wrap messes things up.

The above doesn't follow the 3.1 specification for deployment
descriptors (web.xml) and you should have seen all sorts of error
messages in your log files.

To set up init parameters for a servlet filter, you'll need to set up
the following block for each init parameter






For example:


  AntiClickJackingEnabled>
  true


Note that the above is the default, so it shouldn't have to be specified
.

This block goes in between the  tag set.

That's 1/2 of the issue. You then have to tell the container what URLs
you wish the filter to be applied to. That's done in a
 tag set.

There is one for the httpHeaderSecurity filter already present in the
distributed web.xml. It is commented out.

Uncomment that and with the above changes you should be good to go.

Here's the result on my Windows 7 machine for localhost:8080/ :

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 29 Oct 2015 23:34:46 GMT

Reading the servlet specification is a good thing to do. It's short,
and pretty reasonably written.

just my two cents . . .
/mde/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBAgAGBQJWMq3jAAoJEEFGbsYNeTwtgDIH/jfeFqARTqXsSpBmQmeyp2SJ
EDjw2uRiTUanBcchM0kx3Uc++9sEEbwB3sL5qpgEXrROUXw86xe65GD1zMi1LFQy
z9QFxqm43K6MREiXtQWaAD6B9J7J6IYqI38VJPibjk80fmEk+Fne3wIE+GZdB9l3
JrF4c9veEb+MurnV1uiUFcm+R9Ixw1+hgl5C0bKJYVu4c2Vr7y1z40YaAFyrYyoP
CxGmUPTdZAkIpGwkon/yBKR+lz1BXI2KXbXKXgA+tqd5mfBUUAQPQDAZ8FHFhyYw
RxCgJnWsNnSsJU8DPs6xnwOJ4XOk3drmhjEsMFGUU0HdQkMqDBgL0115Ol7YPJ8=
=a2jm
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Apache Tomcat will close connection on slow file download with non blocking http protocol

[Pentzlin, David]

Per default the protocol in server.xml is configured as protocol="HTTP/1.1". 
with newer tomcat versions this will use a non blocking protocol if possible.

Problem:
Setup Tomcat (8.0.28) with default settings. Copy a file in a webapp e.g. 
webapps/root and download the file with limited speed to simulate a slow modem 
download.
wget http://xxx.xxx.xxx.xxx:8080/xxx/7.zip --limit-rate=1k
Connection will be closed always after 6minutes and 24seconds
Saving to: '7.zip'
7.zip   0%[  ] 767.99K  1.00KB/s   in 6m 24s
2015-10-28 17:27:39 (1024 B/s) - Connection closed at byte 786426. Retrying.

if i change the protocol to (blocking):
  protocol="org.apache.coyote.http11.Http11Protocol"
everything is fine and the download will complete with slow speed.
If the change the speed (default HTTP/1.1) the time after the connection is 
closed is different (e.g. for 7kb/sec it will always close after 3minutes and 
21sec). If the speed is 8kb/sec or higher the download seems to be stable with 
both protocols.
What could be the issue?

Best Regards

AW: AW: Tomcat 6, DB2 Driver Problems

[Simone.Rodenbach.ext]

Hi Christopher,

I attachted some pictures of the threads.

Thx,
 Simone



-Ursprüngliche Nachricht-
Von: Christopher Schultz [mailto:ch...@christopherschultz.net]
Gesendet: Mittwoch, 28. Oktober 2015 15:30
An: Tomcat Users List
Betreff: Re: AW: Tomcat 6, DB2 Driver Problems

Simone,

On 10/28/15 4:02 AM, simone.rodenbach@devk.de wrote:
> I tried to google for the driver and classloader and found nothing that 
> helped me :-(

> I can only provide you with this information:
>
> I configured the datasource in the context.xml
>
>  factory="org.apache.commons.dbcp.BasicDataSourceFactory"

Why are you overriding Tomcat's default DataSourceFactory with another one?

> maxActive="10" minIdle="2" maxIdle="10" maxWait="1"
> minEvictableIdleTimeMillis="12" timeBetweenEvictionRunsMillis="6"
> username="xxx"
> password="xxx"
> driverClassName="com.ibm.db2.jcc.DB2Driver"
> url="xxx;"
> validationQuery="select 1 from sysibm.sysdummy1" />
>
>
> The spring bean
>
>  expected-type="javax.sql.DataSource" />
>
> I created a test project. Because oft hat I'm sure that I don't start a 
> thread.

It doesn't have to be *your code* starting the thread directly. JDBC
drivers have a habit of launching their own cleanup threads and then not
offering any interface to stop them.

> But the log says:
>
> Okt 28, 2015 8:41:15 AM org.apache.catalina.loader.WebappClassLoader 
> clearReferencesThreads
> SCHWERWIEGEND: The web application [/test] appears to have started a thread 
> named [Timer-0] but has failed to stop it. This is very likely to create a 
> memory leak.
>
> I think this thread is started from 
> org.apache.commons.dbcp.BasicDataSourceFactory.

Nope, BasicDataSourceFactory doesn't have the word "thread" anywhere in
its code:
http://svn.apache.org/viewvc/commons/proper/dbcp/tags/DBCP_1_4/src/java/org/apache/commons/dbcp/BasicDataSourceFactory.java?view=markup

> I removed the db2cc4.jar to get an exception to inspect from where the driver 
> is loaded and got:
>
>  Caused by: java.lang.ClassNotFoundException: com.ibm.db2.jcc.DB2Driver
> at 
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1858)
> at 
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1709)
> at 
> org.apache.commons.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1420)

That only tells you where the driver is loaded. It doesn't tell you when
the thread was launched.

After shutting-down your web application (and getting the warning about
the Timer-0 thread), can you take a thread dump and show us the stack
trace for the Timer-0 thread?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Bitte denken Sie an die Umwelt. Müssen Sie diese E-Mail ausdrucken?
Wichtiger Hinweis zum Schutz Ihrer Daten!
 
Der Schutz von Kundendaten ist uns ein wichtiges Anliegen. Aus diesem Grund hat 
sich die DEVK freiwillig verpflichtet, die "Verhaltensregeln für den Umgang mit 
personenbezogenen Daten durch die deutsche Versicherungswirtschaft" (Code of 
Conduct) einzuhalten. Sie regeln die Erhebung, Verarbeitung und Nutzung von 
personenbezogenen Daten. Den vollen Wortlaut des Code of Conduct finden Sie 
unter www.devk.de/datenschutz.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: AW: Tomcat 6, DB2 Driver Problems

[tomcat]

On 29.10.2015 09:09, simone.rodenbach@devk.de wrote:

Hi Christopher,

I attachted some pictures of the threads.

Thx,
  Simone



Hi Simone.
Christopher is in the USA, so it will take some time before he responds.
For the sake of gaining some time however : your attachments did not make it to the list, 
which strips most attachments.

Better : use a text editor to cut and paste the stack trace right here :






-Ursprüngliche Nachricht-
Von: Christopher Schultz [mailto:ch...@christopherschultz.net]
Gesendet: Mittwoch, 28. Oktober 2015 15:30
An: Tomcat Users List
Betreff: Re: AW: Tomcat 6, DB2 Driver Problems

Simone,

On 10/28/15 4:02 AM, simone.rodenbach@devk.de wrote:

I tried to google for the driver and classloader and found nothing that helped 
me :-(



I can only provide you with this information:

I configured the datasource in the context.xml



Why are you overriding Tomcat's default DataSourceFactory with another one?


maxActive="10" minIdle="2" maxIdle="10" maxWait="1"
minEvictableIdleTimeMillis="12" timeBetweenEvictionRunsMillis="6"
username="xxx"
 password="xxx"
driverClassName="com.ibm.db2.jcc.DB2Driver"
url="xxx;"
validationQuery="select 1 from sysibm.sysdummy1" />


The spring bean



I created a test project. Because oft hat I'm sure that I don't start a thread.


It doesn't have to be *your code* starting the thread directly. JDBC
drivers have a habit of launching their own cleanup threads and then not
offering any interface to stop them.


But the log says:

Okt 28, 2015 8:41:15 AM org.apache.catalina.loader.WebappClassLoader 
clearReferencesThreads
SCHWERWIEGEND: The web application [/test] appears to have started a thread 
named [Timer-0] but has failed to stop it. This is very likely to create a 
memory leak.

I think this thread is started from 
org.apache.commons.dbcp.BasicDataSourceFactory.


Nope, BasicDataSourceFactory doesn't have the word "thread" anywhere in
its code:
http://svn.apache.org/viewvc/commons/proper/dbcp/tags/DBCP_1_4/src/java/org/apache/commons/dbcp/BasicDataSourceFactory.java?view=markup


I removed the db2cc4.jar to get an exception to inspect from where the driver 
is loaded and got:

  Caused by: java.lang.ClassNotFoundException: com.ibm.db2.jcc.DB2Driver
at 
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1858)
at 
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1709)
at 
org.apache.commons.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1420)


That only tells you where the driver is loaded. It doesn't tell you when
the thread was launched.

After shutting-down your web application (and getting the warning about
the Timer-0 thread), can you take a thread dump and show us the stack
trace for the Timer-0 thread?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Bitte denken Sie an die Umwelt. Müssen Sie diese E-Mail ausdrucken?
Wichtiger Hinweis zum Schutz Ihrer Daten!

Der Schutz von Kundendaten ist uns ein wichtiges Anliegen. Aus diesem Grund hat sich die 
DEVK freiwillig verpflichtet, die "Verhaltensregeln für den Umgang mit 
personenbezogenen Daten durch die deutsche Versicherungswirtschaft" (Code of 
Conduct) einzuhalten. Sie regeln die Erhebung, Verarbeitung und Nutzung von 
personenbezogenen Daten. Den vollen Wortlaut des Code of Conduct finden Sie unter 
www.devk.de/datenschutz.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: AW: AW: Tomcat 6, DB2 Driver Problems

[Simone.Rodenbach.ext]

Thx,

I hope this information helps: (The 
org.apache.commons.pool.impl.GenericObjectPool starts a timer ... )

ava.util.TimerThread @ 0xc0772288   
|Timer-0|  128 |   384 
|org.apache.catalina.loader.WebappClassLoader @ 0xc04bed30|true
|- at java.lang.Object.wait(J)V (Native Method) 
 |   |  |   |   
  |
|- at java.util.TimerThread.mainLoop()V (Timer.java:552)
 |   |  |   |   
  |
|- at java.util.TimerThread.run()V (Timer.java:505) 
 |   |  |   |   
  |
|  '-  java.util.TimerThread @ 0xc0772288  Timer-0 Thread
 |   |  128 |   384 |   
  |
| |-  class java.util.TimerThread @ 0xc0cd5080 System Class  
 |   |0 | 0 |   
  |
| |- group java.lang.ThreadGroup @ 0xc048b400  main 
 |   |   48 |   208 |   
  |
| |- contextClassLoader org.apache.catalina.loader.WebappClassLoader @ 
0xc04bed30|   |  200 | 1.314.384 |  
   |
| |- , queue java.util.TaskQueue @ 0xc0758a80 Busy Monitor  
 |   |   24 | 1.528 |   
  |
| |-  java.util.TimerThread @ 0xc0772288  Timer-0 Thread
 |   |  128 |   384 |   
  |
| |- name char[7] @ 0xc0772408  Timer-0 
 |   |   32 |32 |   
  |
| |- inheritedAccessControlContext java.security.AccessControlContext @ 
0xc0772428   |   |   40 |   104 |   
  |
| |- inheritableThreadLocals java.lang.ThreadLocal$ThreadLocalMap @ 
0xc0772490   |   |   24 |   104 |   
  |
| |- blockerLock java.lang.Object @ 0xc07724f8  
 |   |   16 |16 |   
  |
| |-  org.apache.commons.pool.impl.GenericObjectPool$Evictor @ 
0xeefe76d0|   |   40 |40 |  
   |
| |-  java.lang.Object @ 0xeefe76f8 
 |   |   16 |16 |   
  |
| '- Total: 11 entries  
 |   |  |   |   
  |
'- Total: 3 entries 
 |   |  |   |   
  |



The stacktrace shows only:

Timer-1
  at java.lang.Object.wait(J)V (Native Method)
  at java.util.TimerThread.mainLoop()V (Timer.java:552)
  at java.util.TimerThread.run()V (Timer.java:505)

Thx, Simone



-Ursprüngliche Nachricht-
Von: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Gesendet: Donnerstag, 29. Oktober 2015 09:17
An: users@tomcat.apache.org
Betreff: Re: AW: AW: Tomcat 6, DB2 Driver Problems

On 29.10.2015 09:09, simone.rodenbach@devk.de wrote:
> Hi Christopher,
>
> I attachted some pictures of the threads.
>
> Thx,
>   Simone
>

Hi Simone.
Christopher is in the USA, so it will take some time before he responds.
For the sake of gaining some time however : your attachments did not make it to 
the list, 
which strips most attachments.
Better : use a text editor to cut and paste the stack trace right here :



>
>
> -Ursprüngliche Nachricht-
> Von: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Gesendet: Mittwoch, 28. Oktober 2015 15:30
> An: Tomcat Users List
> Betreff: Re: AW: Tomcat 6, DB2 Driver Problems
>
> Simone,
>
> On 10/28/15 4:02 AM, simone.rodenbach@devk.de wrote:
>> I tried to google for the driver and classloader and found nothing that 
>> helped me :-(
>
>> I can only provide you with this information:
>>
>> I configured the datasource in the context.xml
>>
>> > 

Re: mod_jk make error with OSX 10.11.1

[Rainer Jung]

Am 29.10.2015 um 03:59 schrieb Christopher Schultz:

Youngho,

On 10/28/15 10:35 PM, Youngho Cho wrote:

  Just before I upgrade to OSX 10.11.1

  And try to compile Apache mod_jk 1.2.41.

But the make is fail.

  YounghoiMac:native youngho$ sudo make

Making all in common
usr/share/apr-1/build-1/libtool --silent --mode=compile
/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/cc
-I. -I/usr/include/apache2 -arch x86_64 -DHAVE_CONFIG_H -DHAVE_APR
-I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/include/apr-1
-I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/include/apr-1
-arch x86_64 -DHAVE_CONFIG_H -DDARWIN -DSIGPROCMASK_SETS_THREAD_MASK
-DDARWIN_10 
-I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/include/apr-1
-c jk_ajp12_worker.c -o jk_ajp12_worker.lo
In file included from jk_ajp12_worker.c:26:
In file included from ./jk_ajp12_worker.h:27:
In file included from ./jk_logger.h:27:
./jk_global.h:78:10: fatal error: 'apr_lib.h' file not found
#include "apr_lib.h"
  ^
1 error generated.
make[1]: *** [jk_ajp12_worker.lo] Error 1
make: *** [all-recursive] Error 1

---

  How can I fixed it ?

  Someone also have same trouble

  
https://stackoverflow.com/questions/33402932/tomcat-connectors-mod-jk-make-error#_=_


When you ran "configure", what options did you choose?


In addition to that question: when building mod_jk for the Apache web 
server 2.x, it uses the APR libraries, which are also used for the 
Apache web server. During the build it needs the header files for APR. 
Sometimes they must be installed with some developer package for APR. 
From the above it looks like your APR headers files (like apr_lib.h) 
should be located in 
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/include/apr-1 
but somehow they are not.


Regards,

Rainer


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: Suppress or replace WWW-Authorization header

[chris derham]

>> Torsten,
>>
>> Add an interceptor to AngularJS to detect the 401 and do whatever you
>> want, e.g. redirect to a login page. Then when you have the
>> credentials, submit to login rest api, get a token, and then make all
>> other calls passing this token.
>>
>> There are loads of examples on how to do this on the internet. This
>> isn't tomcat specific.
>>
>> function globalInterceptorResponse($injector, $q) {
>> return {
>> 'response': function (response) {
>> return response;
>> },
>> 'responseError': function (rejection) {
>> switch (rejection.status) {
>> ...
>> case 401:
>> console.warn("Hit 401 - redirecting to login");
>> window.location = '/login';
>> break;
>> ...
>> default:
>> console.warn(rejection);
>> }
>> return $q.reject(rejection);
>> }
>> };
>> }
>> globalInterceptorResponse.$inject = ['$injector', '$q'];
>>
>> then in request config,
>>
>> $httpProvider.interceptors.push(globalInterceptorResponse);
>
> This won't work because the application doesn't get a chance to do
> anything until Tomcat completes its authentication/authorization work.
> If the application were handling the authentication/authorization, then
> the original Filter would have worked.
>
> -chris

Chris,

I think that you thought the above was server-side java code. The
above was javascript code that runs in the browser. It does work - I
copied it from a project I am working on now.

Chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org