Re: websocket: connections not getting closed properly

2017-06-20 Thread Sandeep Dhameshia 
Thanks for your reply Mark,

*log msg*:

Jun 08, 2017 10:13:07 AM
org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer doClose
INFO: Failed to close the ServletOutputStream connection cleanly
java.io.IOException: Broken pipe
at sun.nio.ch.FileDispatcherImpl.write0(Native Method)
at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47)
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)
at sun.nio.ch.IOUtil.write(IOUtil.java:51)
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:492)
at
org.apache.tomcat.util.net.SecureNioChannel.flush(SecureNioChannel.java:141)
at
org.apache.tomcat.util.net.SecureNioChannel.close(SecureNioChannel.java:385)
at
org.apache.tomcat.util.net.SecureNioChannel.close(SecureNioChannel.java:413)
at
org.apache.coyote.http11.upgrade.NioServletOutputStream.doClose(NioServletOutputStream.java:138)
at
org.apache.coyote.http11.upgrade.AbstractServletOutputStream.close(AbstractServletOutputStream.java:129)
at
org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doClose(WsRemoteEndpointImplServer.java:138)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.close(WsRemoteEndpointImplBase.java:696)
at
org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.onWritePossible(WsRemoteEndpointImplServer.java:113)
at
org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doWrite(WsRemoteEndpointImplServer.java:81)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:456)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:344)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:276)
at
org.apache.tomcat.websocket.WsSession.sendCloseMessage(WsSession.java:559)
at org.apache.tomcat.websocket.WsSession.doClose(WsSession.java:465)
at
org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.onError(WsHttpUpgradeHandler.java:162)
at
org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.access$300(WsHttpUpgradeHandler.java:48)
at
org.apache.tomcat.websocket.server.WsHttpUpgradeHandler$WsReadListener.onError(WsHttpUpgradeHandler.java:230)
at
org.apache.tomcat.websocket.server.WsHttpUpgradeHandler$WsReadListener.onDataAvailable(WsHttpUpgradeHandler.java:213)
at
org.apache.coyote.http11.upgrade.AbstractServletInputStream.onDataAvailable(AbstractServletInputStream.java:203)
at
org.apache.coyote.http11.upgrade.AbstractProcessor.upgradeDispatch(AbstractProcessor.java:93)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

*Connector*:



regards

On Wed, Jun 21, 2017 at 12:01 AM, Mark Thomas  wrote:

> On 20/06/2017 18:48, Sandeep Dhameshia wrote:
> > Hello,
> >
> > I don't know about any format in which I should write this mail, so
> please
> > forgive me if there's any format to follow.
> >
> > I am using v8.0.43 in latest Amazon Linux AMI(2017.03), on m4.large
> > instance. I have deployed modified example Chat application.
> >
> > Everything works fine as expected, but I feel websocket connections are
> not
> > getting closed in some instances. I could see INFO logs from
> > org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer, wrt
> > connection not getting closed cleanly.
>
> Example log messages please.
>
> Connector configuration please.
>
> Mark
>
>
> >
> > I've increased limit for no of files to 65536, both hard and soft limits.
> > Num of connections for NIO connector is set to default.
> >
> > Num of files(sockets) opened are increasing, can see it with  "ls
> > /proc/PID/fd | wc -l".
> >
> > Am I missing any config? I understand some clients are not closing
> > connection properly, but is there any way to handle this properly on
> server
> > side?
> >
> > best regards.
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Fwd: tomcat automatically binds it to 0.0.0.0 from 127.0.0.1

2017-06-20 Thread Rakesh Java 
Yes, It doesnt happens everytime and cannot reproducable

Any guess why this is happening ?

On Tue, Jun 20, 2017 at 7:01 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Rakesh,
>
> On 6/19/17 12:43 AM, Rakesh Java wrote:
> > Below is my netstat showing port bindings tcp 0 0 0.0.0.0:1234
> > 0.0.0.0:* LISTEN
>
> That doesn't show the pid or binary bound to port 1234.
>
> With this configuration:
>
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> address="127.0.0.1"
>  secure="false"
> URIEncoding="UTF-8"
>executor="tomcatThreadPool" />
>
> I get a socket bound to 127.0.0.1:8216:
>
> > tcp6   0  0 127.0.0.1:8217  :::*   LISTEN
> > 8183/java
>
> ... but when I use this:
>
> protocol="org.apache.coyote.http11.Http11NioProtocol"
>  secure="false"
> URIEncoding="UTF-8"
>executor="tomcatThreadPool" />
>
> > tcp6   0  0 :::8217 :::*   LISTEN
> > 20591/java
>
> Environment:
> Tomcat 8.5.15
> Oracle Java 1.8.0_101 (most important factor)
> Linux kernel 2.6.32
>
> I'm not sure why it's not working for you. The Tomcat version
> shouldn't matter very much, since everything goes down to the JVM.
>
> - -chris
>
> > On Fri, Jun 16, 2017 at 9:55 PM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Rakesh,
> >
> > On 6/16/17 5:48 AM, Rakesh Java wrote:
>  I have made a port( example 1234) to be bound to the local
>  host 127.0.0.1 .But when i restart tomcat automatically binds
>  it to 0.0.0.0 .
> 
> 
>  And my connector in server.xml contains 127.0.0.1 as address
>  .
> 
>    address="127.0.0.1" protocol="HTTP ...>
> 
>  My Tomcat Version
> 
>  Server version: Apache Tomcat/6.0.48 Server built:   Dec 12
>  2016 14:06:06 UTC Server number:  6.0.48.0 OS Name:
>  Linux JVM Version:1.8.0_111-b15 JVM Vendor: Oracle
>  Corporation
> 
> 
> 
>  Logs in Tomcat
> 
>  May 03, 2017 1:58:19 PM
>  org.apache.coyote.http11.Http11AprProtocol destroy INFO:
>  Stopping Coyote HTTP/1.1 on http-127.0.0.1-1234 ...
>  ... May 03, 2017 1:58:49 PM
>  org.apache.coyote.http11.Http11AprProtocol init INFO:
>  Initializing Coyote HTTP/1.1 on http-0.0.0.0-1234
> 
>  Can some one say why this issue is happening ? Best Regards,
>  Rakesh :-)
> >
> > Please show the netstat showing your port bindings.
> >
> > -chris
> >>
> >> -
> >>
> >>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAllJI8oACgkQHPApP6U8
> pFgLwQ/9H1GT8TKCfrQtyiDJTxYqzEv6u6O/ZFvub1pqgFGuzPN61qUD+QB8Kl2R
> iTM3VoxTYqlH15ZgSV5Roms6l6O9Hw6yZnFG9ooIp7Aerbc7uFJq6y57hmDVf3hd
> t8661gYajju4Z00WJ7y7o6SGTWVox6PUz6yyBHKSOpPmGJkN0Nauxiumh2dk9Mcv
> xPVAmVyzmIwiU8lb4EehCuYRBhviNxC9YvXjlBQ8sf8lswpEq7D6uH++Ye3LfgW9
> GecW0POSU3CpJM5bk6Rm/Dm9f3UBR9VgnGRxb9v5YGJE2JKZ7/n7p0yHr24I81RE
> rTGmA6AThP/nndCFKkc4tOFxDTTNSqXdSCyVrYP21Mgd/Ezx+vZNIN1hDJk3nMlM
> S3e95zQHfaZtrfXscSkBhRKq5bUMxK367vv+t649UWlfk+kY1cp93NIWxaTTES1q
> 7BU2bl67E0hfTj9XtKcFlUJ9e5BCpB8KXXUai1h9/ZCPW9fGdaOrVIhTrC6cPYPW
> 965dxjA+8i+O9suzLSVk/6R185WpKuiRSCsJdRwZt+4buS/8mQ/GmNJwa3mWBRgY
> CNBY9JocEagXvMw1j0VGghcs6pJYd3DISur9Q+zRLInkA8cIWWAK+cai8CxmhpO3
> jYiv6j8NmnVOjKlu4XDflOg3jL5D1DCO6QlgQRtlY6uh7Psym7Y=
> =KCBo
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

RE: Problem enabling SSLv3 in Tomcat 8.5.15

2017-06-20 Thread Marc Dorsa 
On 6/20/2017 4:34 PM, Marc Dorsa wrote:
> Hi Tomcat Users,
> 
> I am having a difficult time trying to enable SSLv3 in Tomcat 8.5.15.  (A 
> 3rd-party component of our product requires SSLv3 and there's no getting 
> around it!)  Our Tomcat is running on a custom Linux distribution based on 
> Centos 7, and we're running Java 1.8.0_131.  Note that I've already (and 
> correctly) enabled SSLv3 support in the JVM and verified that SSLv3 is 
> correctly enabled when running our existing Tomcat 7.0.47.  My guess is that 
> I have an incorrect server.xml configuration (for Tomcat 8), but the Tomcat 
> documentation 
> (https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support) as I 
> read it, seems to say that simply setting the "protocols" attribute of the 
> SSLHostConfig element to include "SSLv3" should do the job.
> 
> Thank you in advance for any help offered!
> Marc
> 
> --
> Here is the server.xml file that correctly enables SSLv3 for Tomcat 7.0.47:
>   shutdown="SHUTDOWN">
> 
>  redirectPort="443" server=" "
>  acceptCount="100" connectionTimeout="66" 
> disableUploadTimeout="true" />
>  enableLookups="false" acceptCount="100"
>   scheme="https" secure="true" connectionTimeout="66" 
> disableUploadTimeout="true" server=" "
>  ciphers="SSL_RSA_WITH_RC4_128_SHA, 
> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, 
> SSL_DHE_RSA_WIT H_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA"
>   clientAuth="false" sslProtocol="TLS" 
> keystoreFile="/etc/.keystore" >
> 
> 
>  unpackWARs="true" autoDeploy="true">
> 
>  className="org.apache.naming.resources.FileDirContext" allowLinking="true" 
> docBase="" />
>  
> 
> 
> 
> 
> 
> Here are the scan results showing that SSLv3 is indeed enabled (and our 
> 3rd-party component works correctly):
> # ./cipherscan MyHostName:443
> prio  ciphersuite   protocolspfs_keysize
> 1 DHE-DSS-AES128-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
> 2 EDH-DSS-DES-CBC3-SHA  SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
> 
> --
> And here is the server.xml file that, unfortunately, does *not* enable SSLv3 
> for Tomcat 8.5.15:
>   shutdown="SHUTDOWN">
> 
>  redirectPort="443" server=" "
>  acceptCount="100" connectionTimeout="66" 
> disableUploadTimeout="true" />
>  enableLookups="false" acceptCount="100" 
>   scheme="https" secure="true" connectionTimeout="66" 
> disableUploadTimeout="true" server=" ">
>  ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, 
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, 
> SSL_DHE_RSA_WITH_DES_CBC_SHA">
>  certificateKeystoreType="JKS" certificateKeystorePassword="changeit" />
> 
> 
> 
> 
>  unpackWARs="true" autoDeploy="true">
> 
> 
> 
> 
> 
> 
> 
> 
> Here are the scan results showing that SSLv3 is *not* enabled (and our 
> 3rd-party component does *not* work):
> # ./cipherscan MyHostName:443
> prio  ciphersuite   protocols  pfs_keysize
> 1 DHE-DSS-AES128-SHATLSv1,TLSv1.1,TLSv1.2  DH,2048bits
> 2 EDH-DSS-DES-CBC3-SHA  TLSv1,TLSv1.1,TLSv1.2  DH,2048bits
> 
> Here is Tomcat's logging at startup (notice the SSLv3 warning):
> ..
> Tomcat started.
> -sh-4.2# Jun 20, 2017 3:38:06 PM org.apache.coyote.AbstractProtocol 
> init
> INFO: Initializing ProtocolHandler ["http-nio-80"] Jun 20, 2017 
> 3:38:06 PM org.apache.tomcat.util.net.NioSelectorPool 
> getSharedSelector
> INFO: Using a shared selector for servlet write/read Jun 20, 2017 
> 3:38:06 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["https-jsse-nio-443"] Jun 20, 2017 
> 3:38:07 PM org.apache.tomcat.util.net.SSLUtilBase getEnabled
> WARNING: Some of the specified [protocols] are not supported by the 
> SSL engine and have been skipped: [[SSLv3]] ..

I've not done this so I'm sure that someone will quickly correct me if I'm 
wrong. I'm basing my answer from the following mailing list thread:

http://marc.info/?t=14933046478=1=2

It seems from the logs that you are using the https-jsse-nio connector.
It appears that you should list all of your desired protocols with a plus 
separating them (and no comma).

Something like this (if I'm reading Mark Thomas's answer

Re: Problem enabling SSLv3 in Tomcat 8.5.15

2017-06-20 Thread Mark Eggers 
Marc,

On 6/20/2017 4:34 PM, Marc Dorsa wrote:
> Hi Tomcat Users,
> 
> I am having a difficult time trying to enable SSLv3 in Tomcat 8.5.15.  (A 
> 3rd-party component of our product requires SSLv3 and there's no getting 
> around it!)  Our Tomcat is running on a custom Linux distribution based on 
> Centos 7, and we're running Java 1.8.0_131.  Note that I've already (and 
> correctly) enabled SSLv3 support in the JVM and verified that SSLv3 is 
> correctly enabled when running our existing Tomcat 7.0.47.  My guess is that 
> I have an incorrect server.xml configuration (for Tomcat 8), but the Tomcat 
> documentation 
> (https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support) as I 
> read it, seems to say that simply setting the "protocols" attribute of the 
> SSLHostConfig element to include "SSLv3" should do the job.
> 
> Thank you in advance for any help offered!
> Marc
> 
> --
> Here is the server.xml file that correctly enables SSLv3 for Tomcat 7.0.47:
> 
> 
> 
>  redirectPort="443" server=" "
>  acceptCount="100" connectionTimeout="66" 
> disableUploadTimeout="true" />
>  enableLookups="false" acceptCount="100"
>   scheme="https" secure="true" connectionTimeout="66" 
> disableUploadTimeout="true" server=" "
>  ciphers="SSL_RSA_WITH_RC4_128_SHA, 
> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, 
> SSL_DHE_RSA_WIT
> H_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA"
>   clientAuth="false" sslProtocol="TLS" 
> keystoreFile="/etc/.keystore" >
> 
> 
>  unpackWARs="true" autoDeploy="true">
> 
>  className="org.apache.naming.resources.FileDirContext" allowLinking="true" 
> docBase="" />
>  
> 
> 
> 
> 
> 
> Here are the scan results showing that SSLv3 is indeed enabled (and our 
> 3rd-party component works correctly):
> # ./cipherscan MyHostName:443
> prio  ciphersuite   protocolspfs_keysize
> 1 DHE-DSS-AES128-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
> 2 EDH-DSS-DES-CBC3-SHA  SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
> 
> --
> And here is the server.xml file that, unfortunately, does *not* enable SSLv3 
> for Tomcat 8.5.15:
> 
> 
> 
>  redirectPort="443" server=" "
>  acceptCount="100" connectionTimeout="66" 
> disableUploadTimeout="true" />
>  enableLookups="false" acceptCount="100" 
>   scheme="https" secure="true" connectionTimeout="66" 
> disableUploadTimeout="true" server=" ">
>  ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, 
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, 
> SSL_DHE_RSA_WITH_DES_CBC_SHA">
>  certificateKeystoreType="JKS" certificateKeystorePassword="changeit" />
> 
> 
> 
> 
>  unpackWARs="true" autoDeploy="true">
> 
> 
> 
> 
> 
> 
> 
> 
> Here are the scan results showing that SSLv3 is *not* enabled (and our 
> 3rd-party component does *not* work):
> # ./cipherscan MyHostName:443
> prio  ciphersuite   protocols  pfs_keysize
> 1 DHE-DSS-AES128-SHATLSv1,TLSv1.1,TLSv1.2  DH,2048bits
> 2 EDH-DSS-DES-CBC3-SHA  TLSv1,TLSv1.1,TLSv1.2  DH,2048bits
> 
> Here is Tomcat's logging at startup (notice the SSLv3 warning):
> ..
> Tomcat started.
> -sh-4.2# Jun 20, 2017 3:38:06 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["http-nio-80"]
> Jun 20, 2017 3:38:06 PM org.apache.tomcat.util.net.NioSelectorPool 
> getSharedSelector
> INFO: Using a shared selector for servlet write/read
> Jun 20, 2017 3:38:06 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["https-jsse-nio-443"]
> Jun 20, 2017 3:38:07 PM org.apache.tomcat.util.net.SSLUtilBase getEnabled
> WARNING: Some of the specified [protocols] are not supported by the SSL 
> engine and have been skipped: [[SSLv3]]
> ..

I've not done this so I'm sure that someone will quickly correct me if
I'm wrong. I'm basing my answer from the following mailing list thread:

http://marc.info/?t=14933046478=1=2

It seems from the logs that you are using the https-jsse-nio connector.
It appears that you should list all of your desired protocols with a
plus separating them (and no comma).

Something like this (if I'm reading Mark Thomas's answer correctly):

Problem enabling SSLv3 in Tomcat 8.5.15

2017-06-20 Thread Marc Dorsa 
Hi Tomcat Users,

I am having a difficult time trying to enable SSLv3 in Tomcat 8.5.15.  (A 
3rd-party component of our product requires SSLv3 and there's no getting around 
it!)  Our Tomcat is running on a custom Linux distribution based on Centos 7, 
and we're running Java 1.8.0_131.  Note that I've already (and correctly) 
enabled SSLv3 support in the JVM and verified that SSLv3 is correctly enabled 
when running our existing Tomcat 7.0.47.  My guess is that I have an incorrect 
server.xml configuration (for Tomcat 8), but the Tomcat documentation 
(https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support) as I 
read it, seems to say that simply setting the "protocols" attribute of the 
SSLHostConfig element to include "SSLv3" should do the job.

Thank you in advance for any help offered!
Marc

--
Here is the server.xml file that correctly enables SSLv3 for Tomcat 7.0.47:










 





Here are the scan results showing that SSLv3 is indeed enabled (and our 
3rd-party component works correctly):
# ./cipherscan MyHostName:443
prio  ciphersuite   protocolspfs_keysize
1 DHE-DSS-AES128-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
2 EDH-DSS-DES-CBC3-SHA  SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits

--
And here is the server.xml file that, unfortunately, does *not* enable SSLv3 
for Tomcat 8.5.15:




















Here are the scan results showing that SSLv3 is *not* enabled (and our 
3rd-party component does *not* work):
# ./cipherscan MyHostName:443
prio  ciphersuite   protocols  pfs_keysize
1 DHE-DSS-AES128-SHATLSv1,TLSv1.1,TLSv1.2  DH,2048bits
2 EDH-DSS-DES-CBC3-SHA  TLSv1,TLSv1.1,TLSv1.2  DH,2048bits

Here is Tomcat's logging at startup (notice the SSLv3 warning):
..
Tomcat started.
-sh-4.2# Jun 20, 2017 3:38:06 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-nio-80"]
Jun 20, 2017 3:38:06 PM org.apache.tomcat.util.net.NioSelectorPool 
getSharedSelector
INFO: Using a shared selector for servlet write/read
Jun 20, 2017 3:38:06 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["https-jsse-nio-443"]
Jun 20, 2017 3:38:07 PM org.apache.tomcat.util.net.SSLUtilBase getEnabled
WARNING: Some of the specified [protocols] are not supported by the SSL engine 
and have been skipped: [[SSLv3]]
..


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: websocket: connections not getting closed properly

2017-06-20 Thread Mark Thomas 
On 20/06/2017 18:48, Sandeep Dhameshia wrote:
> Hello,
> 
> I don't know about any format in which I should write this mail, so please
> forgive me if there's any format to follow.
> 
> I am using v8.0.43 in latest Amazon Linux AMI(2017.03), on m4.large
> instance. I have deployed modified example Chat application.
> 
> Everything works fine as expected, but I feel websocket connections are not
> getting closed in some instances. I could see INFO logs from
> org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer, wrt
> connection not getting closed cleanly.

Example log messages please.

Connector configuration please.

Mark


> 
> I've increased limit for no of files to 65536, both hard and soft limits.
> Num of connections for NIO connector is set to default.
> 
> Num of files(sockets) opened are increasing, can see it with  "ls
> /proc/PID/fd | wc -l".
> 
> Am I missing any config? I understand some clients are not closing
> connection properly, but is there any way to handle this properly on server
> side?
> 
> best regards.
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

websocket: connections not getting closed properly

2017-06-20 Thread Sandeep Dhameshia 
Hello,

I don't know about any format in which I should write this mail, so please
forgive me if there's any format to follow.

I am using v8.0.43 in latest Amazon Linux AMI(2017.03), on m4.large
instance. I have deployed modified example Chat application.

Everything works fine as expected, but I feel websocket connections are not
getting closed in some instances. I could see INFO logs from
org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer, wrt
connection not getting closed cleanly.

I've increased limit for no of files to 65536, both hard and soft limits.
Num of connections for NIO connector is set to default.

Num of files(sockets) opened are increasing, can see it with  "ls
/proc/PID/fd | wc -l".

Am I missing any config? I understand some clients are not closing
connection properly, but is there any way to handle this properly on server
side?

best regards.

Re: RewriteValve forward or redirect ?

2017-06-20 Thread Jérémie Barthés 

RewriteRule ^/visibleURL/(.*)$ /examples/$1/
(missing space between ^/visibleURL/(.*)$ and /examples/$1/)

Le 20/06/2017 à 18:31, Jérémie Barthés a écrit :

please test what i put in my mail :

install a brand new tomcat 9 from archive (last version)

put a RewriteValve in server.xml



in the file /conf/Catalina/localhost/rewrite.config add
RewriteRule ^/visibleURL/(.*)$/examples/$1/

now start tomcat and go to /visibleURL/servlets/
then go to /visibleURL/servlets

you'll see what i'm talking about

Thanks

Jeremie



Le 20/06/2017 à 18:08, Christopher Schultz a écrit :

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jérémie,

On 6/20/17 9:32 AM, Jérémie Barthés wrote:

http://192.168.1.1:8080/visibleURL/servlets/ URL displayed =
http://192.168.1.1:8080/visibleURL/servlets/ page displayed =
http://192.168.1.1:8080/examples/servlets/

http://192.168.1.1:8080/visibleURL/servlets URL displayed =
http://192.168.1.1:8080/examples/servlets/ page displayed =
http://192.168.1.1:8080/examples/servlets/

i don't want http://192.168.1.1:8080/examples/servlets/ to be
displayed !

What do you mean "URL displayed" and "page displayed"? It sounds like
you want the URL to look exactly as it does look.

- -chris


Le 20/06/2017 à 15:26, Jérémie Barthés a écrit :

Hi,

I have some issues with my brand new tomcat 9.0.0.M21

I just unzipped *windows-64 core*

Then i added the *RewriteValve *in *conf/server.xml* / // //  // //
//
//  /

Then i added a rewriteRule in
*/conf/Catalina/localhost/rewrite.config* file : /RewriteRule
^/visibleURL/(.*)$  /examples/$1/

Then i started tomcat with startup.bat (my IP is 192.168.1.1)

in Firefox, i go to
_*http://192.168.1.1:8080/visibleURL/servlets/ *_ The URL
displayed by firefox
is/**//http://192.168.1.1:8080/visibleURL/servlets// and the
page displayed is /http://192.168.1.1:8080/examples/servlets/ /

now i go to *_http://192.168.1.1:8080/visibleURL/servlet__s_ *The
URL displayed by firefox is
/http://192.168.1.1:8080/examples/servlets//**and the page
displayed is /http://192.168.1.1:8080/examples/servlets/ /* *

I really want my users to see "visibleURL" in the URL displayed
by firefox even if they forget to type a "/". I don't want them
to see "examples" Where did i go wrong ?

Please Help

Thanks a lot

Jeremie




-



To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org


-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAllJSJQACgkQHPApP6U8
pFhITA/+OeOSADj+aeTCoCZC2q1n8+uzen6pYGNjI22Kk7iZnf529WueXfNaH9U7
6TqF+mfYf5H2gkHQR9Ht+8zDmUzzJsBLK+fKHyBplxU8o1jeC+QmhxC++OgEBVsI
DwEzqHKexGqsqkY2ua37gZm0EVra5HaQbbrPGP2RLqT3JWbx2rMAdEWlsz+mYn81
RBmLWnT3hr4r3xhE799dP/f2IP5uz0akdh68B+4rEnmsMvy3rHfalGt3Jv2yOClr
ompHO+C4ThRdcH8Zn0Y7MOwjvdkAZ1u9DLh84xpz2a33gHJnzz0I+p7cMtbpQVPf
8Z7S+692z4TD2GD0MSedUnNy3ryNvFG8UQZXBJ/pg83ZjmGNHe2orKnqMKgaTGhk
lplXZp1R6wqe2lLdJfyTsK2Lv75/oj+8FbNClfms4blcodmVPKcQq5c23tOx7QBe
RLZpTarNtzWK+3zEgOOSMlkkuuqXvuPNmgkZ7efachk6Lr+gp4nJ9uPbwMrTrVE/
F/ZHhV8nkE2r13fpoi9g2P32VCl9GSqBtJGeOYC4YHHwmmz6SjtT5XbU14XMj28m
lBMyuRmHeP5OsP6yvuaYUa64tMqaUP95/Rhry1Ne7e6R4LRMSqPR7nwKmZxn0kVu
JpCTkf/p9PRmB/S9752JxgwDeKBfcubajRSNI65sXLB5tljhDSE=
=nU9X
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RewriteValve forward or redirect ?

2017-06-20 Thread Jérémie Barthés 

please test what i put in my mail :

install a brand new tomcat 9 from archive (last version)

put a RewriteValve in server.xml



in the file /conf/Catalina/localhost/rewrite.config add
RewriteRule ^/visibleURL/(.*)$/examples/$1/

now start tomcat and go to /visibleURL/servlets/
then go to /visibleURL/servlets

you'll see what i'm talking about

Thanks

Jeremie



Le 20/06/2017 à 18:08, Christopher Schultz a écrit :

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jérémie,

On 6/20/17 9:32 AM, Jérémie Barthés wrote:

http://192.168.1.1:8080/visibleURL/servlets/ URL displayed =
http://192.168.1.1:8080/visibleURL/servlets/ page displayed =
http://192.168.1.1:8080/examples/servlets/

http://192.168.1.1:8080/visibleURL/servlets URL displayed =
http://192.168.1.1:8080/examples/servlets/ page displayed =
http://192.168.1.1:8080/examples/servlets/

i don't want http://192.168.1.1:8080/examples/servlets/ to be
displayed !

What do you mean "URL displayed" and "page displayed"? It sounds like
you want the URL to look exactly as it does look.

- -chris


Le 20/06/2017 à 15:26, Jérémie Barthés a écrit :

Hi,

I have some issues with my brand new tomcat 9.0.0.M21

I just unzipped *windows-64 core*

Then i added the *RewriteValve *in *conf/server.xml* /  // //  // //
//
//  /

Then i added a rewriteRule in
*/conf/Catalina/localhost/rewrite.config* file : /RewriteRule
^/visibleURL/(.*)$  /examples/$1/

Then i started tomcat with startup.bat (my IP is 192.168.1.1)

in Firefox, i go to
_*http://192.168.1.1:8080/visibleURL/servlets/ *_ The URL
displayed by firefox
is/**//http://192.168.1.1:8080/visibleURL/servlets// and the
page displayed is /http://192.168.1.1:8080/examples/servlets/ /

now i go to *_http://192.168.1.1:8080/visibleURL/servlet__s_ *The
URL displayed by firefox is
/http://192.168.1.1:8080/examples/servlets//**and the page
displayed is /http://192.168.1.1:8080/examples/servlets/ /* *

I really want my users to see "visibleURL" in the URL displayed
by firefox even if they forget to type a "/". I don't want them
to see "examples" Where did i go wrong ?

Please Help

Thanks a lot

Jeremie




-



To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org


-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAllJSJQACgkQHPApP6U8
pFhITA/+OeOSADj+aeTCoCZC2q1n8+uzen6pYGNjI22Kk7iZnf529WueXfNaH9U7
6TqF+mfYf5H2gkHQR9Ht+8zDmUzzJsBLK+fKHyBplxU8o1jeC+QmhxC++OgEBVsI
DwEzqHKexGqsqkY2ua37gZm0EVra5HaQbbrPGP2RLqT3JWbx2rMAdEWlsz+mYn81
RBmLWnT3hr4r3xhE799dP/f2IP5uz0akdh68B+4rEnmsMvy3rHfalGt3Jv2yOClr
ompHO+C4ThRdcH8Zn0Y7MOwjvdkAZ1u9DLh84xpz2a33gHJnzz0I+p7cMtbpQVPf
8Z7S+692z4TD2GD0MSedUnNy3ryNvFG8UQZXBJ/pg83ZjmGNHe2orKnqMKgaTGhk
lplXZp1R6wqe2lLdJfyTsK2Lv75/oj+8FbNClfms4blcodmVPKcQq5c23tOx7QBe
RLZpTarNtzWK+3zEgOOSMlkkuuqXvuPNmgkZ7efachk6Lr+gp4nJ9uPbwMrTrVE/
F/ZHhV8nkE2r13fpoi9g2P32VCl9GSqBtJGeOYC4YHHwmmz6SjtT5XbU14XMj28m
lBMyuRmHeP5OsP6yvuaYUa64tMqaUP95/Rhry1Ne7e6R4LRMSqPR7nwKmZxn0kVu
JpCTkf/p9PRmB/S9752JxgwDeKBfcubajRSNI65sXLB5tljhDSE=
=nU9X
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RewriteValve forward or redirect ?

2017-06-20 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jérémie,

On 6/20/17 9:32 AM, Jérémie Barthés wrote:
> http://192.168.1.1:8080/visibleURL/servlets/ URL displayed =
> http://192.168.1.1:8080/visibleURL/servlets/ page displayed =
> http://192.168.1.1:8080/examples/servlets/
> 
> http://192.168.1.1:8080/visibleURL/servlets URL displayed =
> http://192.168.1.1:8080/examples/servlets/ page displayed =
> http://192.168.1.1:8080/examples/servlets/
> 
> i don't want http://192.168.1.1:8080/examples/servlets/ to be
> displayed !

What do you mean "URL displayed" and "page displayed"? It sounds like
you want the URL to look exactly as it does look.

- -chris

> Le 20/06/2017 à 15:26, Jérémie Barthés a écrit :
>> Hi,
>> 
>> I have some issues with my brand new tomcat 9.0.0.M21
>> 
>> I just unzipped *windows-64 core*
>> 
>> Then i added the *RewriteValve *in *conf/server.xml* /  > name="localhost" appBase="webapps" unpackWARs="true" 
>> autoDeploy="true">// //  // //
>> > className="org.apache.catalina.valves.rewrite.RewriteValve"/>// 
>> //  /
>> 
>> Then i added a rewriteRule in 
>> */conf/Catalina/localhost/rewrite.config* file : /RewriteRule
>> ^/visibleURL/(.*)$  /examples/$1/
>> 
>> Then i started tomcat with startup.bat (my IP is 192.168.1.1)
>> 
>> in Firefox, i go to
>> _*http://192.168.1.1:8080/visibleURL/servlets/ *_ The URL
>> displayed by firefox 
>> is/**//http://192.168.1.1:8080/visibleURL/servlets// and the
>> page displayed is /http://192.168.1.1:8080/examples/servlets/ /
>> 
>> now i go to *_http://192.168.1.1:8080/visibleURL/servlet__s_ *The
>> URL displayed by firefox is 
>> /http://192.168.1.1:8080/examples/servlets//**and the page
>> displayed is /http://192.168.1.1:8080/examples/servlets/ /* *
>> 
>> I really want my users to see "visibleURL" in the URL displayed
>> by firefox even if they forget to type a "/". I don't want them
>> to see "examples" Where did i go wrong ?
>> 
>> Please Help
>> 
>> Thanks a lot
>> 
>> Jeremie
>> 
>> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAllJSJQACgkQHPApP6U8
pFhITA/+OeOSADj+aeTCoCZC2q1n8+uzen6pYGNjI22Kk7iZnf529WueXfNaH9U7
6TqF+mfYf5H2gkHQR9Ht+8zDmUzzJsBLK+fKHyBplxU8o1jeC+QmhxC++OgEBVsI
DwEzqHKexGqsqkY2ua37gZm0EVra5HaQbbrPGP2RLqT3JWbx2rMAdEWlsz+mYn81
RBmLWnT3hr4r3xhE799dP/f2IP5uz0akdh68B+4rEnmsMvy3rHfalGt3Jv2yOClr
ompHO+C4ThRdcH8Zn0Y7MOwjvdkAZ1u9DLh84xpz2a33gHJnzz0I+p7cMtbpQVPf
8Z7S+692z4TD2GD0MSedUnNy3ryNvFG8UQZXBJ/pg83ZjmGNHe2orKnqMKgaTGhk
lplXZp1R6wqe2lLdJfyTsK2Lv75/oj+8FbNClfms4blcodmVPKcQq5c23tOx7QBe
RLZpTarNtzWK+3zEgOOSMlkkuuqXvuPNmgkZ7efachk6Lr+gp4nJ9uPbwMrTrVE/
F/ZHhV8nkE2r13fpoi9g2P32VCl9GSqBtJGeOYC4YHHwmmz6SjtT5XbU14XMj28m
lBMyuRmHeP5OsP6yvuaYUa64tMqaUP95/Rhry1Ne7e6R4LRMSqPR7nwKmZxn0kVu
JpCTkf/p9PRmB/S9752JxgwDeKBfcubajRSNI65sXLB5tljhDSE=
=nU9X
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: from apache-tomcat-7.0.54 to apache-tomcat-7.0.78 performance issues

2017-06-20 Thread Taiichi Fujiwara 
How about change log level?

Taichi

2017-06-20 22:36 GMT+09:00 Mark Thomas :

> On 20/06/2017 13:45, Alireza Fattahi wrote:
> > We switched from apache-tomcat-7.0.54 to apache-tomcat-7.0.78, after
> that we face slow loading if the site, even site first page
> >
> > We are using tomcat datasource.
> > We did not change any application or tomcat parameter during this
> upgrade.
> >
> >
> > Any comments? ~Regards,
>
> Use a profiler.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: from apache-tomcat-7.0.54 to apache-tomcat-7.0.78 performance issues

2017-06-20 Thread Mark Thomas 
On 20/06/2017 13:45, Alireza Fattahi wrote:
> We switched from apache-tomcat-7.0.54 to apache-tomcat-7.0.78, after that we 
> face slow loading if the site, even site first page
> 
> We are using tomcat datasource.
> We did not change any application or tomcat parameter during this upgrade.
> 
> 
> Any comments? ~Regards,

Use a profiler.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RewriteValve forward or redirect ?

2017-06-20 Thread Jérémie Barthés 

http://192.168.1.1:8080/visibleURL/servlets/
URL displayed = http://192.168.1.1:8080/visibleURL/servlets/
page displayed = http://192.168.1.1:8080/examples/servlets/

http://192.168.1.1:8080/visibleURL/servlets
URL displayed = http://192.168.1.1:8080/examples/servlets/
page displayed = http://192.168.1.1:8080/examples/servlets/

i don't want http://192.168.1.1:8080/examples/servlets/ to be displayed !

Le 20/06/2017 à 15:26, Jérémie Barthés a écrit :

Hi,

I have some issues with my brand new tomcat 9.0.0.M21

I just unzipped *windows-64 core*

Then i added the *RewriteValve *in *conf/server.xml*
/  autoDeploy="true">//

//  //
//className="org.apache.catalina.valves.rewrite.RewriteValve"/>//

//  /

Then i added a rewriteRule in 
*/conf/Catalina/localhost/rewrite.config* file :

/RewriteRule ^/visibleURL/(.*)$  /examples/$1/

Then i started tomcat with startup.bat (my IP is 192.168.1.1)

in Firefox, i go to _*http://192.168.1.1:8080/visibleURL/servlets/ *_
The URL displayed by firefox 
is/**//http://192.168.1.1:8080/visibleURL/servlets// and the page 
displayed is /http://192.168.1.1:8080/examples/servlets/ /


now i go to *_http://192.168.1.1:8080/visibleURL/servlet__s_
*The URL displayed by firefox is 
/http://192.168.1.1:8080/examples/servlets//**and the page displayed 
is /http://192.168.1.1:8080/examples/servlets/ /*

*

I really want my users to see "visibleURL" in the URL displayed by 
firefox even if they forget to type a "/". I don't want them to see 
"examples"

Where did i go wrong ?

Please Help

Thanks a lot

Jeremie





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fwd: tomcat automatically binds it to 0.0.0.0 from 127.0.0.1

2017-06-20 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Rakesh,

On 6/19/17 12:43 AM, Rakesh Java wrote:
> Below is my netstat showing port bindings tcp 0 0 0.0.0.0:1234
> 0.0.0.0:* LISTEN

That doesn't show the pid or binary bound to port 1234.

With this configuration:



I get a socket bound to 127.0.0.1:8216:

> tcp6   0  0 127.0.0.1:8217  :::*   LISTEN
> 8183/java

... but when I use this:



> tcp6   0  0 :::8217 :::*   LISTEN
> 20591/java

Environment:
Tomcat 8.5.15
Oracle Java 1.8.0_101 (most important factor)
Linux kernel 2.6.32

I'm not sure why it's not working for you. The Tomcat version
shouldn't matter very much, since everything goes down to the JVM.

- -chris

> On Fri, Jun 16, 2017 at 9:55 PM, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
> Rakesh,
> 
> On 6/16/17 5:48 AM, Rakesh Java wrote:
 I have made a port( example 1234) to be bound to the local
 host 127.0.0.1 .But when i restart tomcat automatically binds
 it to 0.0.0.0 .
 
 
 And my connector in server.xml contains 127.0.0.1 as address
 .
 
 >>> address="127.0.0.1" protocol="HTTP ...>
 
 My Tomcat Version
 
 Server version: Apache Tomcat/6.0.48 Server built:   Dec 12
 2016 14:06:06 UTC Server number:  6.0.48.0 OS Name:
 Linux JVM Version:1.8.0_111-b15 JVM Vendor: Oracle
 Corporation
 
 
 
 Logs in Tomcat
 
 May 03, 2017 1:58:19 PM
 org.apache.coyote.http11.Http11AprProtocol destroy INFO:
 Stopping Coyote HTTP/1.1 on http-127.0.0.1-1234 ...
 ... May 03, 2017 1:58:49 PM 
 org.apache.coyote.http11.Http11AprProtocol init INFO:
 Initializing Coyote HTTP/1.1 on http-0.0.0.0-1234
 
 Can some one say why this issue is happening ? Best Regards,
 Rakesh :-)
> 
> Please show the netstat showing your port bindings.
> 
> -chris
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAllJI8oACgkQHPApP6U8
pFgLwQ/9H1GT8TKCfrQtyiDJTxYqzEv6u6O/ZFvub1pqgFGuzPN61qUD+QB8Kl2R
iTM3VoxTYqlH15ZgSV5Roms6l6O9Hw6yZnFG9ooIp7Aerbc7uFJq6y57hmDVf3hd
t8661gYajju4Z00WJ7y7o6SGTWVox6PUz6yyBHKSOpPmGJkN0Nauxiumh2dk9Mcv
xPVAmVyzmIwiU8lb4EehCuYRBhviNxC9YvXjlBQ8sf8lswpEq7D6uH++Ye3LfgW9
GecW0POSU3CpJM5bk6Rm/Dm9f3UBR9VgnGRxb9v5YGJE2JKZ7/n7p0yHr24I81RE
rTGmA6AThP/nndCFKkc4tOFxDTTNSqXdSCyVrYP21Mgd/Ezx+vZNIN1hDJk3nMlM
S3e95zQHfaZtrfXscSkBhRKq5bUMxK367vv+t649UWlfk+kY1cp93NIWxaTTES1q
7BU2bl67E0hfTj9XtKcFlUJ9e5BCpB8KXXUai1h9/ZCPW9fGdaOrVIhTrC6cPYPW
965dxjA+8i+O9suzLSVk/6R185WpKuiRSCsJdRwZt+4buS/8mQ/GmNJwa3mWBRgY
CNBY9JocEagXvMw1j0VGghcs6pJYd3DISur9Q+zRLInkA8cIWWAK+cai8CxmhpO3
jYiv6j8NmnVOjKlu4XDflOg3jL5D1DCO6QlgQRtlY6uh7Psym7Y=
=KCBo
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RewriteValve forward or redirect ?

2017-06-20 Thread Jérémie Barthés 

Hi,

I have some issues with my brand new tomcat 9.0.0.M21

I just unzipped *windows-64 core*

Then i added the *RewriteValve *in *conf/server.xml*
/  autoDeploy="true">//

//  //
//className="org.apache.catalina.valves.rewrite.RewriteValve"/>//

//  /

Then i added a rewriteRule in */conf/Catalina/localhost/rewrite.config* 
file :

/RewriteRule ^/visibleURL/(.*)$  /examples/$1/

Then i started tomcat with startup.bat (my IP is 192.168.1.1)

in Firefox, i go to _*http://192.168.1.1:8080/visibleURL/servlets/ *_
The URL displayed by firefox 
is/**//http://192.168.1.1:8080/visibleURL/servlets// and the page 
displayed is /http://192.168.1.1:8080/examples/servlets/ /


now i go to *_http://192.168.1.1:8080/visibleURL/servlet__s_
*The URL displayed by firefox is 
/http://192.168.1.1:8080/examples/servlets//**and the page displayed is 
/http://192.168.1.1:8080/examples/servlets/ /*

*

I really want my users to see "visibleURL" in the URL displayed by 
firefox even if they forget to type a "/". I don't want them to see 
"examples"

Where did i go wrong ?

Please Help

Thanks a lot

Jeremie

from apache-tomcat-7.0.54 to apache-tomcat-7.0.78 performance issues

2017-06-20 Thread Alireza Fattahi 
We switched from apache-tomcat-7.0.54 to apache-tomcat-7.0.78, after that we 
face slow loading if the site, even site first page

We are using tomcat datasource.
We did not change any application or tomcat parameter during this upgrade.


Any comments? ~Regards,
~~Alireza Fattahi

Re: security-constraint blocks welcome file with 403

2017-06-20 Thread Greg Huber 
Marks,

Thanks for the info, originally I was using just index.jsp, but this also
gets blocked with a 403:

index.jsp

I will look into the servlet suggestion.

Cheers Greg

On 19 June 2017 at 10:39, Mark Thomas  wrote:

> On 19/06/17 08:24, Greg Huber wrote:
> > Hello,
> >
> > If I add a security constrait to block direct access to jsp outside of
> > /WEB-INF/ it blocks the welcome-file with a 403.  Is there a caveat for
> > using this here?
>
> Your welcome file is invalid. It should be a file name without a path.
> Remember it applies to all directories, not just the web application root.
>
> Security constraints apply to welcome files.
>
> You'll need to use a servlet to do a forward to "WEB-INF/jsps/index.jsp"
>
> Mark
>
>
> >
> > 
> >  
> >  No direct JSP access
> >  
> >  No-JSP
> >  *.jsp
> >  
> >  
> >  no-users
> >  
> >  
> >
> >  
> >  Don't assign users to this role
> >  no-users
> >  
> >
> >  
> >  WEB-INF/jsps/index.jsp
> >  
> >
> > Cheers Greg
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>