Expected release date for Tomcat 8.5.5

2016-08-30 Thread Mohit Chugh 
Hi,


I'm waiting on a bug fix that is currently in Tomcat 8.5.5.dev and would 
appreciate any guidance on approximately when Tomcat 8.5.5 is expected to be 
officially released. 

I see that 8.5.5.dev has accumulated quite a few changes but I'm not sure what 
the trigger for releasing a new version is.

Thanks,
Mohit

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Housing and reading internal resources using Tomcat 8.5.4 and JDK 1.8

2016-08-30 Thread Doug Gschwind 
Hi Chris,

Thank you for the responses, yes those both help. I did a lot of reading
yesterday and was unable to get a clear answer at how this should be done
with JEE, where internal resource files are expected to reside (besides
just generally being under WEB-INF) within the deployment, and the String
value that should be given to ClassLoader.getResource(value) to be able to
look them up. Hence why I reached out to the mailing list.

I have in fact created a properties directory under WEB-INF/classes, for
organizing purposes, and ClassLoader.getResource("properties/xyz.txt") does
appear to be working.

Thank you, Doug

On Tue, Aug 30, 2016 at 11:27 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Doug,
>
> On 8/29/16 6:29 PM, Doug Gschwind wrote:
> > Hello everyone,
> >
> > I have a file xyz.txt that is specific to my web application which
> > needs to be located by my web application, and I wish to find that
> > resource via getClass().ClassLoader().getResource("xyz.txt") at
> > runtime. The xyz.txt file has no relation to any particular Java
> > class in our application. This resource is used internally by the
> > application and should not be served directly by the container to
> > inbound HTTP requests, therefore I have it located in the
> > WEB-INF/properties directory of my web app deployment. However, the
> > getResource("xyz.txt") method returns null, even though my xyz.txt
> > file is certainly where it is expected to be found.
> >
> > Where should I place this file ideally, and given that file exists
> > in that location, what is the parameter value I need to pass to
> > getResource() so it returns a non-null value?
>
> - From a servlet, you'll want to to:
>
>URL url =
> getServletContext().getResource("/WEB-INF/properties/xyz.txt");
>
> If you don't have access to any of the servlet API objects, you might
> have to move your properties file into the WEB-INF/classes/ directory,
> or into a JAR file in the WEB-INF/lib/ directory. Then you can do this:
>
> URL url =
> Thread.currentThread().getContextClassLoader().getResource("/xyz.txt");
>
> Then do whatever you want with that URL. For example:
>
> Properties props = new Properties();
> try(InputStream in = url.openStream()) {
>   props.load(in);
> }
>
> // Now use your properties
>
> Hope that helps,
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJXxdAoAAoJEBzwKT+lPKRYCY8QALl8QQcldOeMXYlgDarYtGOH
> lZQbxlhn+nmzMOHROESGZPefqZUoEQaplWSSivUayYDjvNMGE9SkkO4tbZpy/+Ut
> xZhpj4gjnC6E3gRN8S8SZf3gchNQLIOqtxDjXQBNZakm8jAeNhXDxK0CkiSDfumm
> 8XqaUS1TJulEftoWO8WeGJ1/2dOKOdllCM7HoF0H1jbY1YYnpTbPnl8CBAkhHGa6
> 2BSKgP68kuSxeAnzX5fmE9NsNXbDdPnhWErUZ5xmER+Eol/oxTqaUyT+1q7m7L2R
> XSv+gfvSdp/2Y7pZA44zhlZo1AjgxXBSR28NdldZtMoOR/tUws74fx3XGP7AXud8
> zIrHYxFCpSv4rE4npO3Bcwfi2IXpx9t208Dh9k0U0muF/KAjKeZ7EV2pHc4J3ZpE
> Lw89g9RAKPZlg6WCfARrvRGDXELjoPfmz2l3/AFxAiAygjkdDDECdadEdiqtvX9i
> 7YnnT6uXUW9VIySSSuuA4xFdoJFHbsW2RMrgIEXuF6QnTfha88/sq8loYf5lmsRw
> Cg+zSvU3p2WnMn37y60ABosHoXZdlze5Aq7vh4EMHEmVVLbPvK3J9EPtCCmwHJtq
> a70JGkCZf22pMLFj4rLXu6ZNo39pTdd6RCePUdtlFo4/YyL75VF8g8yXgO2OSiRz
> 6IUM9PXjuI4QipZ4xCyH
> =WqVq
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat8 on CentOS - Session-Tomcat

2016-08-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jonathan,

On 8/30/16 1:26 PM, Jonathan Carpenter wrote:
> I have a Tomcat8 (CentOS 7) question. In web.xml under
>  -->  I seen a post on
> stackoverflow that you can set this to -1 to keep the session open
> until the browser is closed. However I cannot find this in the
> documentation. Can anyone verify this or point me in the correct
> direction for a documented solution. The issue is after 30 minutes
> the session times out as configured, but anything over 30 does not 
> work.

See Coty's reply for the -1.

About setting it to more than 30, there are a number of ways that
 could be overridden. You can do it in code, and I
think there are other ways to configure it and I can't remember the
precedence rules.

Can you confirm that the web.xml you are editing is the one actually
being used by Tomcat? Lots of people end up using Eclipse or whatever
that doesn't always do what you expect. Or you forget to copy the
changes into the deployment directory, WAR file, etc.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXxdP7AAoJEBzwKT+lPKRY7pYQAMAwhvxaW3bnfhFDzf/p+lV7
j/TLSmI6g3hcHmNZJjafDKpWDSElh9PudvaO7K4Qispp+l82LYBBQSTFuTUASfZt
Q3lKYkTkQFoMU+rBvqx+ax69XDipNV4BnNmeZrvPUIvfdx8ZME6Ts9udvR5/KKoS
gabZVXHz0TuC/2saabRgqa0n6M4zYEhHUSemPSZJgu6b1Dyv1HLIZR0qS0Qxmplk
ip1NyPNfgsd34V48pKbOF8uHqKbHKQ4EJ6eCHCy7IcTFcZGSjjt3eDbj12DTlXwA
g8gL8b3yYDWxJezwao2W92g9+vlCzV7iwTmvuaTKyfoTP6P9oLwvg+0S1HXIg3BV
8klZB0qYzoc0xTw/7u/X8DLdX28byw4bETbcGrs2oS5z8nGWOzRgzATV4XdlHeGk
vEY5w+eAC56hxFpLxdEptxYCDCsCfoUWTqR1RBerTMzp9bIaPQvs93CZTWuNHL60
+n3oQW2vqrbX5gbouiEWCF5nHOKb2rw1OmSoerSFJhywVv3Xnjs0bau7IZq3rQr7
+KuQ0c66P7LwnfJ3UigaR2VFmvI9SWbdBL4ZwptKdaKEB2O6nL29y8GDep5eaPND
muDvTGPKmSKo5Aazrq7KC5JSkU6qZXeU0R7yMJbqQ8eZ5agOzmvDrT3SO+Z7GE/B
GCrghzu5SPZxFtFUb/7n
=K2pW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: TCNative 1.2.8 with openssl 1.1.0

2016-08-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Peter,

On 8/30/16 10:18 AM, Kreuser, Peter wrote:
>> On 30/08/2016 10:23, Kreuser, Peter wrote:
>> 
>> Hi all,
>> 
>> I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd
>> proves that it is linked). I have set the cipher string to the
>> newly supported ciphers:
>> 
>> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EC
DHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-
>>
>> 
GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE
- -RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-
>> AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RS
A-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:E
>>
>> 
CDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA
- -AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-EC
>> DSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-G
CM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-S
>>
>> 
HA:AES256-SHA:DES-CBC3-SHA:!DSS"
>> 
>> However I cannot connect with eg. ECDHE-ECDSA-CHACHA20-POLY1305.
>> testssl.sh shows only the old ciphers from the plain openssl
>> 1.0.2.
>> 
>> Tomcat Version 8.5.4 Java 1.8.0_102
>> 
>> Anything that I'm missing?
>> 
>> 
>> Without seeing the full Connector config, don't know.
>> 
>> Mark
>> 
> 
> Mark, of course I should have done that:
> 
>  protocol="org.apache.coyote.http11.Http11Nio2Protocol" 
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImple
mentation"
>
> 
server="Apache Tomcat"
> allowTrace="false" maxThreads="150" SSLEnabled="true" 
> defaultSSLHostConfigName="xxx.xxx.net" >  className="org.apache.coyote.http2.Http2Protocol" />  honorCipherOrder="true" insecureRenegotiation="false" 
> hostName="xxx.xxx.net" protocols="TLSv1.1+TLSv1.2" 
> certificateVerification="false" disableCompression="true" 
> disableSessionTickets="false" 
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECD
HE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES25
6-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-R
SA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:E
CDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE
- -ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA
- -AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-S
HA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:
AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-S
HA:AES256-SHA:DES-CBC3-SHA:!DSS">
>
> 
 certificateFile="${catalina.base}/conf/ssl/xxx.pem" type="RSA" /> 
>  

What client are you using? Hopefully openssl s_client with 1.1.0 or
later. You might want to double-check the client is capable.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXxdNoAAoJEBzwKT+lPKRYYh8P/0/B+MlCuoVoVK2zW9MU1BI4
zFKgsKZHljGrqLaf3scOEhKY+tOP79Rg20fvdDh9Azdbu/lKSsy9rNJLID8nVThW
N5fj6UWBMavDc8JCF7JL3tPjOlfzXEV8waOHZxnA6t5oiPid1qtMZp5GwXt9RwUI
qQVkSMbsnxeLO6LCI9kdiInmH/By7stAdFLS/BK2wix7VRNYtaPEdMe1601829bY
R7dwiP1i2iEWg2yk3p0QJkhejb9crXq1OJu6qYwVM7yozWh+2q3XPipEL4eqaye0
pkL/IKUbsTwb9YjFK6jl2rNgjMCXJ1ckABRD8SES6cQg9+purEDKTiP1J+XYYLG2
wzHY3hgfIVee9OInZWkIXN/5Z76t/4G7UC0SNhi5bms6I/PmrX9VBVM2NOVOEGG6
rxuNPgwY6SZk7XD4wP8l9AHAVpWz+gYmpN/Y8GK1lYlgXcC9vt3tjft/3Masdi5D
ZrplIbNVp4pvj+A+BKnB/0NC+b2/qdzXmrDKJhYzrR1FuRlpdlQZpQRSRVknaEDJ
7s1K0FwthRUByfZaMRZslgmn4To4aqV2w50/HZK1F4mZBux6siVAKd1M4/jI3hWt
2/61KYNLA41bEA9n5YMg2xIhx+dp4hha4f8jTDtfZ/qlrC867/ywJVo238fa3C+f
TiTxJHicQbRm3whdQKGG
=ZV7k
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Housing and reading internal resources using Tomcat 8.5.4 and JDK 1.8

2016-08-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Doug,

On 8/29/16 6:29 PM, Doug Gschwind wrote:
> Hello everyone,
> 
> I have a file xyz.txt that is specific to my web application which
> needs to be located by my web application, and I wish to find that
> resource via getClass().ClassLoader().getResource("xyz.txt") at
> runtime. The xyz.txt file has no relation to any particular Java
> class in our application. This resource is used internally by the
> application and should not be served directly by the container to
> inbound HTTP requests, therefore I have it located in the
> WEB-INF/properties directory of my web app deployment. However, the
> getResource("xyz.txt") method returns null, even though my xyz.txt
> file is certainly where it is expected to be found.
> 
> Where should I place this file ideally, and given that file exists
> in that location, what is the parameter value I need to pass to
> getResource() so it returns a non-null value?

- From a servlet, you'll want to to:

   URL url =
getServletContext().getResource("/WEB-INF/properties/xyz.txt");

If you don't have access to any of the servlet API objects, you might
have to move your properties file into the WEB-INF/classes/ directory,
or into a JAR file in the WEB-INF/lib/ directory. Then you can do this:

URL url =
Thread.currentThread().getContextClassLoader().getResource("/xyz.txt");

Then do whatever you want with that URL. For example:

Properties props = new Properties();
try(InputStream in = url.openStream()) {
  props.load(in);
}

// Now use your properties

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXxdAoAAoJEBzwKT+lPKRYCY8QALl8QQcldOeMXYlgDarYtGOH
lZQbxlhn+nmzMOHROESGZPefqZUoEQaplWSSivUayYDjvNMGE9SkkO4tbZpy/+Ut
xZhpj4gjnC6E3gRN8S8SZf3gchNQLIOqtxDjXQBNZakm8jAeNhXDxK0CkiSDfumm
8XqaUS1TJulEftoWO8WeGJ1/2dOKOdllCM7HoF0H1jbY1YYnpTbPnl8CBAkhHGa6
2BSKgP68kuSxeAnzX5fmE9NsNXbDdPnhWErUZ5xmER+Eol/oxTqaUyT+1q7m7L2R
XSv+gfvSdp/2Y7pZA44zhlZo1AjgxXBSR28NdldZtMoOR/tUws74fx3XGP7AXud8
zIrHYxFCpSv4rE4npO3Bcwfi2IXpx9t208Dh9k0U0muF/KAjKeZ7EV2pHc4J3ZpE
Lw89g9RAKPZlg6WCfARrvRGDXELjoPfmz2l3/AFxAiAygjkdDDECdadEdiqtvX9i
7YnnT6uXUW9VIySSSuuA4xFdoJFHbsW2RMrgIEXuF6QnTfha88/sq8loYf5lmsRw
Cg+zSvU3p2WnMn37y60ABosHoXZdlze5Aq7vh4EMHEmVVLbPvK3J9EPtCCmwHJtq
a70JGkCZf22pMLFj4rLXu6ZNo39pTdd6RCePUdtlFo4/YyL75VF8g8yXgO2OSiRz
6IUM9PXjuI4QipZ4xCyH
=WqVq
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 doesn't listen in https

2016-08-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hardibo,

On 8/29/16 6:46 PM, Hardibo Pierre-Jean wrote:
> Le 29/08/2016 à 23:38, James H. H. Lampert a écrit :
>>> "It doesn't work" is not very informative. What does not work
>>> ? What do the Tomcat logfiles say about the problem ?
>> 
>> Does NETSTAT (or WRKTCPSTS, for IBM Midrange Systems, or other
>> tools on other systems) tell you the port actually opened?
>> 
>> Do any of the log files tell you that it didn't, and/or give a
>> reason why?
>> 
>> One thing did jump out at me: in
>>> >> maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
>>> enableLookups="false" disableUploadTimeout="true" 
>>> acceptCount="100" scheme="https" secure="true" 
>>> clientAuth="false" sslProtocol="TLS" />
>> I don't see any "keystoreFile" clauses, or the APR equivalent;
>> my understanding is that for an HTTPS port to open, Tomcat needs
>> to be able to find a keystore of some sort.
> 
> It was memory heap problems i added more memory in
> /etc/default/tomcat8

No it wasn't. It was the missing SSLEngine="on" attribute in your
.

Setting scheme="https" does not enable TLS.
Setting secure="true" does not enable TLS.
Setting sslProtocol="TLS" does not enable TLS.

Setting SSLEnabled="true" DOES enable TLS.

http://tomcat.apache.org/tomcat-8.0-doc/config/http.html

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXxc66AAoJEBzwKT+lPKRYzwcP/3LCslZS0P0YX0or8jzsKUHf
ilc15jGkBNmcGRMxiOo7uztC4xLGpyvm++eyC9U5X7Tgm4UQLkGU+weNg3uXrw0R
tyFUpcvRgYhUH9lJaRGxcvq1vwChY/ECkhtUPritqZFC+0Uj70uo68cRMFBQwXsF
isa5iAtUMgYEOVS3DFZzjcSDghlxXTNLD+Rol7PxZHreBMpm4F45Zgl4yfv4AC0W
zGFBizKr7ymOw4A39YUfCkXhAnXrocnUu6YtTOgc86VIwATQPf/TfnKAd+3OoRN5
I4HPNeKqO/lcMGU7RFVySpOEvZtn+qKNVHduCPmxmEKJi9gshw3rjqFhvTlqNccg
PqArKta/eekRC5iPDiSecYyf3vTaXd75jktZoT0gD/zcQG6pN291UJUlUtisRXxp
K18Pp8BCgYEtS+lWzXGXTrFACVmrCJ5Gm3RSTx5QEOHkqmcEyeioHetJDx9tzOjK
qpU2dTqgjKaYquppdJKKc5xACasjJ1Qg9XjMaa7LCDBMlHtUiBCfdTCOpRUQlTAT
3RqptA4THhbHaOWMqUVBv054eQaLefy7Nlcaz4wOakDTiZNTlGyt/EzGbloFOI6d
wYgseNDnvU/sS1LRjXiPGb1PsIw3oZcDdVQgUzUrAjxnb0QBJh5fghoKHhZCyCI5
S3i3rqVmYdId3EVH2239
=Ga7A
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat8 on CentOS - Session-Tomcat

2016-08-30 Thread Coty Sutherland 
Just following up on our IRC conversation (which happened after this
email) so others can see my response. I was able to find a description
of the session-timeout setting in the XSD here:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/javax/servlet/resources/web-common_3_1.xsd?view=markup#l865

The description there states the following:

"If the timeout is 0 or less, the container ensures the default
behaviour of sessions is never to time out."

So if you set it lower than zero, you're letting the session live
forever (even after the browser closes).

On Tue, Aug 30, 2016 at 1:26 PM, Jonathan Carpenter
 wrote:
>  I have a Tomcat8 (CentOS 7) question. In web.xml under 
> -->  I seen a post on stackoverflow that you can set this
> to -1 to keep the session open until the browser is closed. However I
> cannot find this in the documentation. Can anyone verify this or point me
> in the correct direction for a documented solution. The issue is after 30
> minutes the session times out as configured, but anything over 30 does not
> work.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Increased memory consumption due to url encoding

2016-08-30 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Svetlin,

On 8/28/16 12:57 PM, Svetlin Zarev wrote:
> Hi,
> 
> Today I had some free time, so I implemented a more (memory and
> performance wise) efficient URLEncoder [1]  and I'd like to
> contribute it if there is interest for improvement in that area. My
> encoder has close to zero allocation rate (unless there is very
> high concurrency for the encode() operations, but still will be
> much more memory efficient than the current encoder)  and encodes
> 2-4 times faster than the current implementation. It is available @
> [1]. I'm open for reviews, critiques, questions, suggestions, etc.
> 
> [1] https://github.com/SvetlinZarev/UrlEncoder

Can you post this as a pull request, patch, or similar? Nobody really
wants to download this code, replace their own local code, and then
look at the diffs manually. I suspect that's why nobody has looked at
it, yet.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXxcjVAAoJEBzwKT+lPKRYsCMQAKy/pVLDeSWvcbbHMYwOLwa5
xhBc3R0ev51qt9rMbkBTQhOZM/beM5u9AcOevFNaQlqr6knxui0R2v7fcM7LKxzU
w8iRxe+8w1GxA/nPVmUAXU5geL7Z7gnyIf+GBhOlxn8R4cXfkvRBCOP0shZpIXPr
fF4buxBLGOii3ApiYELdxxM6andEXc8SHd+CoCm9fc3GPMVyR4eFDEg7nNc1Y44t
FWRBOXNCf0nJRHUDswEqK2ZTlTvd1GFTInLAy9m30uJRzkGDa3ytgfikaBE/c/Je
ctCtz/g9xUk715YFhm23ZAmGvzi3bWBj9PZ3yTixf646Oa8WPsWWm7vALjRNZcfG
j8Cy0ugEo1kT9wr1anIdPtr4q22E3k4Gu8SAhEObcO65dFtdZ2kvQ+tJxTceOmjn
vyplST7kVORuhtWf+rj+L+VgHZsRR54+5C8a9Hf1/TSaI1ztWJbFIYuJr+YgnGw5
Z264C/rWPr4fd1BRNCwJz9iHoC24IuTJAiNNcVQHrs7xKn16sW4Sq/hM5AE7oJ/5
RhvpLtZPQmxpqVjvxPallYT0/lMN3CJ26m7A5rf0242MMf9zIsxsnnNUznhh2zNR
gyJsTHJZ2o4tuwEclimzxrwIbO5RxgIeoTdxTbhsE4775oSQ3VHvE07yDPLlqRAh
My3/WOXu8myi0WeLoRzE
=5SJi
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat8 on CentOS - Session-Tomcat

2016-08-30 Thread Jonathan Carpenter 
 I have a Tomcat8 (CentOS 7) question. In web.xml under 
-->  I seen a post on stackoverflow that you can set this
to -1 to keep the session open until the browser is closed. However I
cannot find this in the documentation. Can anyone verify this or point me
in the correct direction for a documented solution. The issue is after 30
minutes the session times out as configured, but anything over 30 does not
work.

ApacheCon Seville CFP closes September 9th

2016-08-30 Thread Rich Bowen 
It's traditional. We wait for the last minute to get our talk proposals
in for conferences.

Well, the last minute has arrived. The CFP for ApacheCon Seville closes
on September 9th, which is less than 2 weeks away. It's time to get your
talks in, so that we can make this the best ApacheCon yet.

It's also time to discuss with your developer and user community whether
there's a track of talks that you might want to propose, so that you
have more complete coverage of your project than a talk or two.

For Apache Big Data, the relevant URLs are:
Event details:
http://events.linuxfoundation.org/events/apache-big-data-europe
CFP:
http://events.linuxfoundation.org/events/apache-big-data-europe/program/cfp

For ApacheCon Europe, the relevant URLs are:
Event details: http://events.linuxfoundation.org/events/apachecon-europe
CFP: http://events.linuxfoundation.org/events/apachecon-europe/program/cfp

This year, we'll be reviewing papers "blind" - that is, looking at the
abstracts without knowing who the speaker is. This has been shown to
eliminate the "me and my buddies" nature of many tech conferences,
producing more diversity, and more new speakers. So make sure your
abstracts clearly explain what you'll be talking about.

For further updated about ApacheCon, follow us on Twitter, @ApacheCon,
or drop by our IRC channel, #apachecon on the Freenode IRC network.

-- 
Rich Bowen
WWW: http://apachecon.com/
Twitter: @ApacheCon

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: TCNative 1.2.8 with openssl 1.1.0

2016-08-30 Thread Kreuser, Peter 
> On 30/08/2016 10:23, Kreuser, Peter wrote:
>
> Hi all,
>
> I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd proves that it 
> is
> linked). I have set the cipher string to the newly supported ciphers:
>
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-
> GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-
> AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:E
> CDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-EC
> DSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-S
> HA:AES256-SHA:DES-CBC3-SHA:!DSS"
>
> However I cannot connect with eg. ECDHE-ECDSA-CHACHA20-POLY1305. testssl.sh
> shows only the old ciphers from the plain openssl 1.0.2.
>
> Tomcat Version 8.5.4
> Java 1.8.0_102
>
> Anything that I'm missing?
>
>
> Without seeing the full Connector config, don't know.
>
> Mark
>

Mark, of course I should have done that:

  


  

  

Thanks.

Peter

Re: High CPU Consumption with Tomcat 8.5.4 NIO and SSL

2016-08-30 Thread Rémy Maucherat 
2016-08-30 15:31 GMT+02:00 Mark Thomas :

> On 30/08/2016 14:27, Rémy Maucherat wrote:
> > 2016-08-30 15:22 GMT+02:00 Mark Thomas :
> >
> >> Either or both of these:
> >> http://bz.apache.org/bugzilla/show_bug.cgi?id=60030
> >>
> > I wasn't 100% sure NIO2 wasn't affected by the SNI IO loop, but it does
> > fine then reading his email.
>
> It isn't. The issue the OP observed with NIO2 were different. They might
> be related to https://bz.apache.org/bugzilla/show_bug.cgi?id=59832
>
> We'll see about other issues when they are identified, I was specifically
interested in knowing if 60030
 applied. So it
doesn't.

Rémy

Re: High CPU Consumption with Tomcat 8.5.4 NIO and SSL

2016-08-30 Thread Mark Thomas 
On 30/08/2016 14:27, Rémy Maucherat wrote:
> 2016-08-30 15:22 GMT+02:00 Mark Thomas :
> 
>> Either or both of these:
>> http://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>>
> I wasn't 100% sure NIO2 wasn't affected by the SNI IO loop, but it does
> fine then reading his email.

It isn't. The issue the OP observed with NIO2 were different. They might
be related to https://bz.apache.org/bugzilla/show_bug.cgi?id=59832

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: High CPU Consumption with Tomcat 8.5.4 NIO and SSL

2016-08-30 Thread Rémy Maucherat 
2016-08-30 15:22 GMT+02:00 Mark Thomas :

> Either or both of these:
> http://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> I wasn't 100% sure NIO2 wasn't affected by the SNI IO loop, but it does
fine then reading his email.

Rémy

Re: High CPU Consumption with Tomcat 8.5.4 NIO and SSL

2016-08-30 Thread Mark Thomas 
On 30/08/2016 14:11, Chen Levy wrote:
> Hello All
> 
> Since Tomcat 8.0.x development is about to be stopped, we’ve decided to 
> switch to 8.5.4, but since are facing the following issue:
> A few hours after startup, the Java process starts consuming 100% CPU, and 
> while Tomcat is still responsive, it is very slow. This is consistent, been 
> going on for a couple of weeks and is only resolved each time by restarting 
> Tomcat.



> I’ll appreciate any insight or advice

Either or both of these:
http://bz.apache.org/bugzilla/show_bug.cgi?id=60030
http://bz.apache.org/bugzilla/show_bug.cgi?id=60035

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

High CPU Consumption with Tomcat 8.5.4 NIO and SSL

2016-08-30 Thread Chen Levy 
Hello All

Since Tomcat 8.0.x development is about to be stopped, we’ve decided to switch 
to 8.5.4, but since are facing the following issue:
A few hours after startup, the Java process starts consuming 100% CPU, and 
while Tomcat is still responsive, it is very slow. This is consistent, been 
going on for a couple of weeks and is only resolved each time by restarting 
Tomcat.

I’ve tried a few things:
Reverted back to Tomcat 8.0.33 -> problem solved
Switched from NIO to NIO2 -> problem solved, but other issues appeared with 
connections ending prematurely, so not a valid option
Switched to the new connector configuration scheme -> problem persists

Setup: 
Current Amazon Linux, Tomcat 8.5.4, Java 1.8.0_92-b14, no APR

  






Analyzing the threads, there’s one which takes all of the CPU time:

"https-jsse-nio-8443-ClientPoller-0" daemon prio=5 RUNNABLE
sun.misc.Unsafe.unpark(Native Method)
java.util.concurrent.locks.LockSupport.unpark(LockSupport.java:141)

java.util.concurrent.locks.AbstractQueuedSynchronizer.unparkSuccessor(AbstractQueuedSynchronizer.java:662)

java.util.concurrent.locks.AbstractQueuedSynchronizer.release(AbstractQueuedSynchronizer.java:1264)
java.util.concurrent.locks.ReentrantLock.unlock(ReentrantLock.java:457)

java.util.concurrent.LinkedBlockingQueue.signalNotEmpty(LinkedBlockingQueue.java:176)

java.util.concurrent.LinkedBlockingQueue.offer(LinkedBlockingQueue.java:430)
org.apache.tomcat.util.threads.TaskQueue.offer(TaskQueue.java:74)
org.apache.tomcat.util.threads.TaskQueue.offer(TaskQueue.java:31)

java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1361)

org.apache.tomcat.util.threads.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:163)

org.apache.tomcat.util.threads.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:141)

org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:828)

org.apache.tomcat.util.net.NioEndpoint$Poller.processKey(NioEndpoint.java:850)
org.apache.tomcat.util.net.NioEndpoint$Poller.run(NioEndpoint.java:826)
java.lang.Thread.run(Thread.java:745)


This is similar to an issue on a Windows machine reported here:
http://marc.info/?l=tomcat-user=147082413626214=2

I’ll appreciate any insight or advice
Thanks in advance
Chen

Re: Trouble setting TOMCAT_USER

2016-08-30 Thread Coty Sutherland 
Based on your usage of /etc/tomcat/tomcat.conf you must be running the
Fedora/EPEL or RHEL-7/CentOS-7 distribution of tomcat. Firstly, the
TOMCAT_USER is tomcat by default; this is configured in the init
script. For tomcat to start and be owned by a user other than tomcat,
you should just need to set TOMCAT_USER in the conf or sysconfig file.
However, given that I don't know what version you're using there could
be some bug preventing this from occurring. Another thing that you
need to ensure is that the new user that you're using has the correct
permissions to view config, write to logs, etc. If it's failing to
start because of those reasons, you should see it in the
service/systemctl output, or the init log (depending on which distro
you're using).

Typically distribution issues (this isn't a problem with core tomcat)
aren't discussed on this list, however if you find me (csutherl) on
freenode (typically in #tomcat) I can help you along with any Red Hat
distributions of tomcat.

On Mon, Aug 29, 2016 at 4:28 PM, Jorge Alfonso  wrote:
> My Apologies again
>
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Monday, August 29, 2016 4:28 PM
> To: users@tomcat.apache.org
> Subject: Re: Trouble setting TOMCAT_USER
>
> Jorge,
> 1) don't top-post
>
> On 29.08.2016 21:50, Jorge Alfonso wrote:
>> In order to setup the users for Tomcat you have to edit the file
>>
>> tomcat-users.xml
>>
>> 
>>   
>>
>>
>>
>>
>>
>> 
>>
>> Once the users are set, and you could have set several users depending
>> your need, shutdown and startup again your Tomcat and you would be
>> able to see it running for your user and managing it.
>>
>
> 2) this has nothing to do with the user under which Tomcat is running.
>
>>
>
> Rebecca,
>
>> -Original Message-
>> From: Maxfield, Rebecca A [mailto:rmaxf...@providence.edu]
>> Sent: Monday, August 29, 2016 2:20 PM
>> To: users@tomcat.apache.org
>> Subject: Trouble setting TOMCAT_USER
>>
>> Hi there!
>>
>> In order to resolve an issue with a Tomcat web app, I'm trying to run
>> Tomcat as a user other than the default user. Following other advice,
>> I looked in the conf file (/etc/tomcat/tomcat.conf) for TOMCAT_USER
>> and saw that it wasn't set; however, my efforts to set it haven't
>> seemed to result in any change.
>>
>> I wrote:
>> TOMCAT_USER="myusername"
>> which is the same syntax as the other variables in the file, JAVA_HOME
>> and so on. (Incidentally, these don't echo in the command line, but
>> Tomcat does seem to be running.) I then restarted, but a look at the
>> process list showed that it was still running as default user "tomcat"
>> rather than as myusername.
>>
>> What am I missing and how can I run Tomcat as another user?
>>
>
> You do not say so, but from the above it is a valid guess that you are
> running tomcat under some flavor of Linux, and that you installed it from
> the package provided by that Linux distribution.
>
> Unfortunately, without more information, it is difficult to know how you are
> really starting tomcat, and what influence that "TOMCAT_USER" line really
> has in the big scheme of things.
>
> Try to be more explicit and provide some details, such as which Linux, what
> command you use to start/restart tomcat, what version of Tomcat that is,
> etc..
> We don't have a crystal ball here, so we don't know those things.
>
>
>
>> Thanks!
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TCNative 1.2.8 with openssl 1.1.0

2016-08-30 Thread Mark Thomas 
On 30/08/2016 10:23, Kreuser, Peter wrote:
> Hi all,
> 
> I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd proves that it 
> is linked). I have set the cipher string to the newly supported ciphers:
> 
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-
> GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-
> AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:E
> CDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-EC
> DSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-S
> HA:AES256-SHA:DES-CBC3-SHA:!DSS"
> 
> However I cannot connect with eg. ECDHE-ECDSA-CHACHA20-POLY1305. testssl.sh 
> shows only the old ciphers from the plain openssl 1.0.2.
> 
> Tomcat Version 8.5.4
> Java 1.8.0_102
> 
> Anything that I'm missing?

Without seeing the full Connector config, don't know.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

TCNative 1.2.8 with openssl 1.1.0

2016-08-30 Thread Kreuser, Peter 
Hi all,

I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd proves that it 
is linked). I have set the cipher string to the newly supported ciphers:

   
ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-
GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-
AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:E
CDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-EC
DSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-S
HA:AES256-SHA:DES-CBC3-SHA:!DSS"

However I cannot connect with eg. ECDHE-ECDSA-CHACHA20-POLY1305. testssl.sh 
shows only the old ciphers from the plain openssl 1.0.2.

Tomcat Version 8.5.4
Java 1.8.0_102

Anything that I'm missing?

Thank You!

Peter

Re: Housing and reading internal resources using Tomcat 8.5.4 and JDK 1.8

2016-08-30 Thread Christoph Nenning 
> Hello everyone,
> 
> I have a file xyz.txt that is specific to my web application which needs 
to
> be located by my web application, and I wish to find that resource via
> getClass().ClassLoader().getResource("xyz.txt") at runtime. The xyz.txt
> file has no relation to any particular Java class in our application. 
This
> resource is used internally by the application and should not be served
> directly by the container to inbound HTTP requests, therefore I have it
> located in the WEB-INF/properties directory of my web app deployment.
> However, the getResource("xyz.txt") method returns null, even though my
> xyz.txt file is certainly where it is expected to be found.
> 
> Where should I place this file ideally, and given that file exists in 
that
> location, what is the parameter value I need to pass to getResource() so 
it
> returns a non-null value?
> 
> Thanks, Doug


Hi,

the file must be present in classpath. For a webapp that means 
WEB-INF/classes. When you place it not in a sub dir you must pass 
"/xyz.txt" to getResource() (note the leading slash).

If you use eclipse for development you can create a "source folder" and 
place it there. eclipse will take care of copying it to WEB-INF/classes. 
Other IDEs or build tools call that a resources dir. In maven it defaults 
to src/main/resources.


Regards,
Christoph

This Email was scanned by Sophos Anti Virus