Re: User session validation

[Alex O'Ree]

Thanks for the info

On Thu, Mar 29, 2018, 12:30 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Alex,
>
> On 3/28/18 7:20 PM, Alex O'Ree wrote:
> > Does tomcat do any validation on session id's based on up
> > addresses? I'm thinking that if some one intercepts the session
> > token and tries to use it from another ip address,  then it's
> > feasible to detect this and invalidate the session.
>
> This is basically a session-fixation attack[1]. Another flavor of the
> attack is to simply guess a valid session id and take-over the session.
>
> Tomcat does not include any capabilities to mitigate these attacks.
> It's fairly easy to implement such a mitigation by using a Filter that
> does something like this:
>
>
>   void doFilter() {
> session = request.getSession(false);
> if(null != session) {
>   if(!session.storedIP.equals(request.IP))
> response.sendError(403);
> }
> // invoke the filer chain
>   }
>
> There are several problems with this technique, not the least of which
> is that any proxy between you and the client will change the IP
> address of the "client" such that multiple clients can look like a
> single IP address. AOL is famous for all users coming from a small
> number of IP addresses.
>
> Another reason this might be a problem is with mobile devices. IP
> addresses can change for various reasons. Forcing the user to
> re-authenticate may be inconvenient in that setting.
>
> Finally, guessing a valid session identifier is infeasible. Tomcat's
> default 16-byte session id provides
> 340282366920938463463374607431768211456 possible session identifiers.
> Assuming that java.util.SecureRandom provides sufficient entropy to
> make all possible session identifiers equally possible, and an
> attacker can try an Internet-melting 1,000,000,000 (1B) session
> identifiers per second, it would take 10812500537664228356827 years to
> perform an exhaustive search. Most session identifiers are only valid
> for a few minutes or hours, so random guessing is simply infeasible.
>
> As for interception of a valid session identifier, the solution is to
> use TLS so interception is infeasible under most circumstances.
>
> As for mitigations session-fixation specifically (where the attacker
> tricks you into using a known session identifier for authentication),
> Tomcat changes the session identifier when authentication occurs.
> Assuming the attacker cannot see the request/response where the
> authentication occurs (in which case, they could intercept the
> username and password, therefore session-fixation isn't necessary),
> only the legitimate user will see the session-identifier change, and
> the attacker is thwarted.
>
> Hope that helps,
> - -chris
>
> [1] https://en.wikipedia.org/wiki/Session_fixation
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9FJIACgkQHPApP6U8
> pFhIuRAAkaYp2FQ2KeE6wyFeEszMIwZbm1eNwdpYWpxv0sxAu+nDfFZd0+Lej+fK
> 5CrNzR6fimgAmIxH6PEK+rJ6gpELLF1zBfbX34e8/cRkdw6oZP1xajNCXt8DbiPl
> upnCkRDNv6XklkkvNikrW6RPnknEXMNIEayKz3gpLZ7J02PVNjQk8hHC2Z+r8BKC
> C+VGyNMeNQbYegUVs6tf1bR0kbDCn4xr1s5+Urui2KS5ru59EiPN8NIA6uYdE1aq
> HeJAbFRrywsjcK3r6mPzQmXIshOW0SWzNqorBUfiByAcjXVtipvCz5G/zgtKhsqn
> 0wNsZuT7Xd1Af0/5b+FYVd0U12ZTjSX1S77cvGufFw6OIRY2VEkni8Om0cdGiBKz
> Hy88VDhyLSwGclZnxuKaj1GAGKktptv/iPACTZxpZrVUWaHR1f1HvFzDUVV4DWQ7
> s9aRbCNdbRuUkvsLduGtI1EsqD1vmhDWhO01e3kd6OAaa6rCOJ9uXRbFOruwkg9E
> qeqbTxHQTgJ3jC/3h+sQCvVQt29GCjtKHoRwDCCiIeU/oDsygy5kxXTJai9OjoF2
> IaAeTa1XfM+Y+fz9pZOP560k2VtBc4cWucFKuffmMvyi/or8ChKJ3lD/a7mn9Hq3
> vmLstp0MLl0cDSduhYm5YD7VPGf900F9YtcMWCIM6bb1S9lp9ac=
> =1fdw
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

RE: Is the thread status of tomcat 8.0.44 normal?

[이의준]

Thank you, Mr. Christopher Schultz.

If the keepalivetimeout value is the same, it is not the difference between 
tomcat7 and tomcat8 eventually, it is the Thread state corresponding to the 
inflowing request situation, so is normal operation?

What Java versions in each case?

--> Tomcat 7 : jdk 1.7.0.65
--> Tomcat 8 : jdk 1.8.0.131

All settings are the same.

#httpd.conf fragment on apache http server connected to Tomcat 7.

KeepAlive On
KeepAliveTimeout 30
MaxKeepAliveRequests 0
Timeout 60

#Tomcat 7 server.xml fragment



#Tomcat 8 server.xml fragment



#httpd.conf fragment on apache http server connected to Tomcat 8.

KeepAlive On
KeepAliveTimeout 30
MaxKeepAliveRequests 0
Timeout 60

Best regards!

-Original Message-
From: Christopher Schultz  
Sent: Friday, March 30, 2018 1:15 AM
To: users@tomcat.apache.org
Subject: Re: Is the thread status of tomcat 8.0.44 normal?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

이의준,

On 3/28/18 8:28 PM, 이의준 wrote:
> I posted the same question a few days ago, but it was not a 
> satisfactory answer.
> 
> So I ask again.
> 
> 
> 
> Test sequence and inquiry contents
> 
> 1. In the local test, the same load (hp-jmeter) for tomcat 7, 8 5 
> minutes,

What Java versions in each case?

> 2. Thread dump generated after 5 minutes of load termination
> 
> 3. Most Thread in Tomcat 7 is in TIME_WAITING state (normally OK)
> 
> 4. Thread in Tomcat 8 mostly RUNNABLE state (estimated to be
> abnormal)
> 
> Thread Final Stack - Below (reading something)
> 
> at org.apache.tomcat.jni.Socket.recvbb (Native Method)

These threads are blocked, reading from the socket. They are likely in 
"keep-alive" status, meaning that they are waiting for the client to send more 
data. These threads are not "busy".

> 5. Is the thread status of Tomcat 8 normal?

Yes.

> Please let us know if we need additional resources to analyze this 
> issue.

Yous stack traces are showing threads in different states -- not just different 
"thread states" but also doing different things. Some threads are doing 
"nothing", waiting for the thread-pool to use them for something. Other threads 
are waiting on data to arrive on the socket .

If you wait for keepAliveTimeout ms, you should see the "RUNNABLE"
threads to into the "TIME_WAITING" status because they give-up on any 
subsequent keep-alive request.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9EPsACgkQHPApP6U8
pFgP6hAAmprN368RAMi5BZK/zN/X70AaGefuahZhiMdWM01353g3nANMllFSQc65
N70JEpwr6sUJJgGqqqmpXDxn3A/Qj1pePxjB3jPhMcPAKtm61u+yULM4+fwrPftQ
Gw3mi7ULE3ywkUUMcDGW9+Ur3DneDLlwG0Xp6lnUO3Yu90QyLm9WCIsyNIMZhuya
I/+phfra3b5W8TI60S6LitdfdzJidxyjVmhBGI0FVjMWmyYURMHVBbuKZk7xePG4
m7bHlh39ZK1rjcU9oXbo8s4fiMPgmdmVKMOdKmdOEAYoDLHxu1kolCcu1NA1ev0k
v6t3SjSEr3jA2177Gb7kKG9NerFkt/3ZMylHizWTlWPNNi3A1r9N0XJK2Ft+TnI6
xd+Up/eRVZnyCrtQCn47sK6uJDXuoRiAsfsGejBYnF6e6RfDoIoKThn1uWLhe2Nk
KW8YHyPhChK/OeG3A254VelEqk3Qd4lEVMcTcFL8uLciOy0JeqJD7o+F3Y0HMwL4
b2iDgziX/GwqdIxPGmrDvImslmqq/RxC+w/x3ks6DaJiYliCmC7kqPZ1UeANHotq
yTdMieyUJuMa6gHgrFyClhtT/FxxeK+/sPt5t1sjRv+qR11iM7EWAkRGYFT6XET/
2hnQIRJeMksitbkykU6vpm9+tqoUF9Y+TPQM7R3xSvoZMTq0p8U=
=P+uc
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How to offer a link correction for the Tomcat docs?

[charlie arehart]

> From: Christopher Schultz  
>
> Mark,
> 
> On 3/29/18 6:07 PM, Mark Thomas wrote:
> > On 29/03/18 21:38, charlie arehart wrote:
>>> Thanks. I'm guessing someone fixed it before you looked, as I see now 
>>> that it is fixed as well. (And same for the 7 doc.)
>>> 
>>> Now, if you may be tempted to say that you don’t think anyone had 
>>> changed it recently,
>> 
>> That is what version control is for: 
>> http://svn.apache.org/viewvc?rev=1827860=rev
>> 
>> Felix made a bunch of changes to fix this of which the above change is 
>> just the first.
>
>Aha. I even knew "where" I was looking and I still missed it.
>
>- -chris

Well, FWIW, I will say that I did not know, Chris. :-) 

And to Mark, I would ask: how would I have known to look there? I don't mean to 
sound snarky, but I said in my very first post on the subject that I was new to 
the list (though not new to Tomcat, as a user at least).

So mine is a sincere question: is there some way that I, as a mere use of the 
docs, would have even known that they were in that version control resource? 
Let alone what specific one? Are you thinking that there is some resource that 
readily tells us that, as users? If I missed it, I do apologize.

Or might you just have thought that this was discussed often enough here that 
one should have known? Again, I admitted I was a new user, but perhaps you did 
not read that very first message. (No one replied for a few days, which is why 
I pinged about it again today.)

And to that point, and indeed your observation that this was changed by 
Felix...well, he never said so here. Again, that's why I pinged the list on 
this. I do appreciate that it was done, of course!  And also that (like Andre 
said in another thread today) doing doc changes is a thankless enough task. :-) 
I'm just saying a lot of back and forth could have been saved. Browser caching 
of the page clearly kept me from seeing the change on my own.

And again, I am trying to learn the ins and outs here, so as not to be a burden 
to the list. I hope ultimately to "give" far more than "take", over time, if I 
can (as I've done for many years in other forums and lists).


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to offer a link correction for the Tomcat docs?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 3/29/18 6:07 PM, Mark Thomas wrote:
> On 29/03/18 21:38, charlie arehart wrote:
>> Thanks. I'm guessing someone fixed it before you looked, as I see
>> now that it is fixed as well. (And same for the 7 doc.)
>> 
>> Now, if you may be tempted to say that you don’t think anyone
>> had changed it recently,
> 
> That is what version control is for: 
> http://svn.apache.org/viewvc?rev=1827860=rev
> 
> Felix made a bunch of changes to fix this of which the above change
> is just the first.

Aha. I even knew "where" I was looking and I still missed it.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9ZqYACgkQHPApP6U8
pFgv0xAAhLSrvrTYzA7DNXZyy5urQX8+02dY0hs/yHYSSqmLBIqNmKEnFwh13JXR
kg/gP5omvtxMsXK7TqzM7d7ar/o7z0+B9BtKNYSfAnkoWQ/TSePAEP6Xy9UF28yu
djQbCyXeKhlznx1VajlSNiVnWYuHZI/EGMAWRTWTwRpm0WpLjAPekXvvYEY1UCRU
0w6Zmdnpeb80+YwxxtFeLZnNl+nv+O6lAR59hl4nWahp722fmkBNQY2Tk2Zj0nXA
gYKs+nVwHp1hS7mrr3nKFX3Pu1vzRYu9iGr6oADTwB/zOPQcC9vqCXZjAnnuR9tP
MGuRzpZbg3F7DZM/58Qn3vACKHJlZj1Rumyc/o2w5mT3JK8pGE0QoYuEov9NuqQ/
8u6pJhvaajhYcZlk8BJxc3+QSOArgESdKo9YcTqa9gNlHahY+YVvSbXi9KRISFxE
1G/5ShWUOo15roWoKPDC8mWrzkKMcVBFwAojcpywp9uA0lYha0VV3wmEsrngIuuB
TReyWCpjbR2M7kc1f3ifpMOVXHpf8wDvmEJemYFVxJ/ovpvnKsaykMx5ZJnLk2vH
q7bKIFunUVVjBK109lJgYnTjgBZHaGubBZXuDTco0wApH58+AguhmgwEdlMVjDLK
U5ra0IVPk1eZ+hvc+utnY31+YiHRAqj3kc8PGJjnWrZg/56TAAA=
=V+dd
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to offer a link correction for the Tomcat docs?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Charlie,

On 3/29/18 4:38 PM, charlie arehart wrote:
> Thanks. I'm guessing someone fixed it before you looked, as I see
> now that it is fixed as well. (And same for the 7 doc.)

It's possible there was a problem with a specific page, though I think
the build-process puts the same left-panel on every page. *shrug*

> Now, if you may be tempted to say that you don’t think anyone had 
> changed it recently, I would just offer here a screenshot of the 8
> doc page, from the browser where I tripped over the problem (and
> which I had not reloaded since seeing your answer here). It clearly
> shows that it WAS wrong at some point. :-)
> 
> cid:image003.jpg@01D3C773.EB0A17B0

Screenshots are stripped from the list. The conspiracy continues!

> And in case the image doesn’t make it through, here’s a dropbox
> link to it: https://www.dropbox.com/s/k9wivla0vwu91a1/

Looks photoshopped. :D

> I can’t imagine any way I’d see that in my browser other than if
> the link was indeed wrong in the HTML. In fact, I was able to do a
> view source and there is was:
> 
> 17) MBeans
> Descriptors
> 
> (But I realize that for some users it’s possible that the HTML I
> just pasted won’t show up.)
> 
> As always, just trying to help.

Definitely thank you for bringing it to our attention, even if it was
already fixed or whatever. If you hadn't said something, maybe nobody
else would have.

I can't see any recent changes to the svn repo for those pages... I'm
not sure what the problem could have been.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9ZfMACgkQHPApP6U8
pFi6EA/5Ac4cwVnFsuPhhH2LWltSfEWt74GjG9XrO7+QVlBik5I8ycbGLIq8kl8l
xo9Nr8zQ0kn3gHeCZ1SU0kg54LrmsYFtSZ+mRuQLA+YMSBH218joqru9XRO8kyFE
rgyZgkb8KmfVosJs5s67WNo+7OBL/lbWatL2Qx5Ihbbfz3fRvRDgbTjwQZGB7c2e
V9RghcFiBfLsuF7k979GRq0vYfTAPWvWsG593N7Nr5y+xiOvtUkOuMbo4/MIn2Og
uEQ3YR6lo9IkjW3bhFr9Q3BS+vUJ/wyBQrTIF2oPsHIm5Ebb4aGYV5rPxfHwJN40
32zzlidI9kvlLF8vDrk0uqkXEKzRr5coIE6VBB2wgShHCBidFt/NW49a2588Oebz
CqTzXKEjgiWnbw6+WJUytYpbz/HcxspVwexOZTAJMWk4nkNyEe7k52rF2fSLGTxB
8TsNFutIWyzJn9iOVd3950k0ia3utHxdM/4d3P1+q+prMnSNfGYvB6VsR1FXIhPq
9/DSumizCx2BoVWOVYKEry50NAAT3MhRWpA7J52oLXCu7AoHbVk4q+bTz8zGjbOJ
7E7QTF486sYJwU7GSANqaj4VKFDTBrNdTPGxFIUsJ/NK3EjhI10yicbai3MpBTVm
HddDNYPj8w9QUhJ+Zd7moDW2ua5vvUAG3f2aJ8VT0dCIIyvwcJE=
=vVPM
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the property [allow] is not defined

[Mark Thomas]

On 29/03/18 21:53, André Warnier (tomcat) wrote:
> Hi.
> Sorry for top-posting, but maybe a real dev would want to have a look at
> this.

Best to create a Bugzilla issue so it doesn't get lost.

> If you scroll below to the original post, it seems that putting an
> invalid value (a bad regex) in the param-value of the "allow" param,
> triggers an error message that is at least confusing :
> 
>>> Exception starting filter [Remote Host Filter]
> javax.servlet.ServletException: The property [allow] is not defined for
> filters of type [org.apache.catalina.filters.RemoteHostFilter]
>>>   at org.apache.catalina.filters.FilterBase.init(FilterBase.java:52)
> ...
> 
> That was for :
>>>   
>>>   allow
>>>   *\.example\.com
>>>   
> 
> The OP cited Tomcat 8.5.16.

Guessing as I am short on time...

There was an attempt to convert the value to a Pattern. That failed and
threw an exception. The IntrospectionUtils code caught it and assumed
the exception was due to the parameter not existing.

The fix is probably to catch the exception in the setter and log a
useful error message there.

Should be a fix suitable for a beginner.

Mark


> 
> On 29.03.2018 21:50, Scott Shipp wrote:
>> Gah! Well at least it was easy. Thanks Andre that was exactly right
>> and can't believe I overlooked that. Thanks again,
>>
>> Scott
>>
>>
>> 
>> From: André Warnier (tomcat) 
>> Sent: Thursday, March 29, 2018 8:45 AM
>> To: users@tomcat.apache.org
>> Subject: Re: On Tomcat 8.5.16, RemoteHostFilter throwing
>> ServletException the property [allow] is not defined
>>
>> On 29.03.2018 16:36, Scott Shipp wrote:
>>> Hi everyone,
>>>
>>>
>>> I'm having a problem I haven't been able to address after reading the
>>> manual, googling and searching Stack Overflow, and asking around to
>>> other Tomcat users I know.
>>>
>>>
>>> I'm using Tomcat 8.5.16, and trying to set up a RemoteHostFilter.
>>> When I start the application with the RemoteHostFilter, it fails to
>>> startup with the following stack trace:
>>>
>>>
>>> Exception starting filter [Remote Host Filter]
>>> javax.servlet.ServletException: The property [allow] is not defined
>>> for filters of type [org.apache.catalina.filters.RemoteHostFilter]
>>>   at org.apache.catalina.filters.FilterBase.init(FilterBase.java:52)
>>>   at
>>> org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:285)
>>>
>>>   at
>>> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:266)
>>>
>>>   at
>>> org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:108)
>>>
>>>   at
>>> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4590)
>>>
>>>   at
>>> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5233)
>>>
>>>   at
>>> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
>>>   at
>>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
>>>
>>>   at
>>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
>>>   at
>>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
>>>   at
>>> org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:988)
>>>   at
>>> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1860)
>>>
>>>   at
>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>>   at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>>   at
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>>>
>>>   at
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>>>
>>>   at java.lang.Thread.run(Thread.java:748)
>>>
>>> I see the allow property mentioned in both the user guide
>>> documentation (here:
>>> https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#Remote_Host_Filter)
>>> and the javadoc (here:
>>> https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/filters/RemoteHostFilter.html).
>>>
>> Apache Tomcat 8 Configuration Reference (8.5.28
>> ...
>>
>> tomcat.apache.org
>> The HTTP specification is clear that if no character set is specified
>> for media sub-types of the "text" media type, the ISO-8859-1 character
>> set must be used.
>>
>>
>>> RemoteHostFilter (Apache Tomcat 8.5.29 API
>>> Documentation)
>>>
>>> tomcat.apache.org
>>> Extract the desired request property, and pass it (along with the
>>> specified request and response objects and associated filter chain)
>>> to the protected process ...
>>>
>>>
>>>
>>>
>>> To troubleshoot, I set up a RemoteAddrFilter in my application's
>>> WEB-INF/web.xml using identical XML 

[OT] Re: On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the property [allow] is not defined

[tomcat]

On 29.03.2018 23:36, charlie arehart wrote:

(And as I said in another thread, I don't propose these changes as if to say to someone, 
"now go do it". I'm saying it as someone who would try to step in and help, if 
permitted.)


I think that you can do that.
Have a look here :
http://tomcat.apache.org/getinvolved.html
You have already done the first step.
You can do the second step, whenever you want : if you see a question to which you can 
contribute a useful response, please do.
The next step would be the FAQ or Wiki. That's also fairly easy : go to 
https://wiki.apache.org/tomcat/FrontPage

and see the "If you do decide to contribute," paragraph.
(You could for example start by providing some additional examples, as a FAQ article. And 
I am sure that with a simple request on this list, a link to that FAQ could then be easily 
added to the main docs).
If you want to contribute directly by improving the docs, that gets a bit more involved, 
because it requires downloading the code, submitting patches etc. But it can be done (I 
did it once, at a time when I wasn't even sure what "diff" meant).

That will lead you here : http://www.apache.org/dev/contributors.html
(Note: the process for the documentation is exactly the same as for the code; and as a 
contribution, it will be appreciated in the same way - or even more, considering the 
inherent aversion of programmers toward documentation..)

And the ultimate reward (after a few years of hard and consciencious work) 
would be here :
http://tomcat.apache.org/whoweare.html


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to offer a link correction for the Tomcat docs?

[Mark Thomas]

On 29/03/18 21:38, charlie arehart wrote:
> Thanks. I'm guessing someone fixed it before you looked, as I see now
> that it is fixed as well. (And same for the 7 doc.)
> 
> Now, if you may be tempted to say that you don’t think anyone had
> changed it recently,

That is what version control is for:
http://svn.apache.org/viewvc?rev=1827860=rev

Felix made a bunch of changes to fix this of which the above change is
just the first.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the property [allow] is not defined

[charlie arehart]

> -Original Message-
> From: André Warnier (tomcat)  
>
> Hi.
> Sorry for top-posting, but maybe a real dev would want to have a look at this.
> If you scroll below to the original post, it seems that putting an invalid 
> value (a bad
> regex) in the param-value of the "allow" param, triggers an error message 
> that is at least confusing :
> 
> >> Exception starting filter [Remote Host Filter] 
> >> javax.servlet.ServletException: The property [allow] is not defined for 
> >> filters of type [org.apache.catalina.filters.RemoteHostFilter]
>  >>   at org.apache.catalina.filters.FilterBase.init(FilterBase.java:52)
> ...
> 
> That was for :
> >>   
> >>   allow
> >>   *\.example\.com
> >>   
>
> The OP cited Tomcat 8.5.16.

FWIW, I'll throw out as well that the particular section of the doc page about 
that filter doesn't have an example (showing some sample XML for use with the 
filter), while many others (7  of the 14 filters listed) do. 

Of course, if one did read about the others they could see examples and perhaps 
connect dots. I just wonder if, had an example been there, the OP might have 
more readily seen his mistake. (And as I said in another thread, I don't 
propose these changes as if to say to someone, "now go do it". I'm saying it as 
someone who would try to step in and help, if permitted.)

/charlie


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the property [allow] is not defined

[tomcat]

Hi.
Sorry for top-posting, but maybe a real dev would want to have a look at this.
If you scroll below to the original post, it seems that putting an invalid value (a bad 
regex) in the param-value of the "allow" param, triggers an error message that is at least 
confusing :


>> Exception starting filter [Remote Host Filter] javax.servlet.ServletException: The 
property [allow] is not defined for filters of type 
[org.apache.catalina.filters.RemoteHostFilter]

>>   at org.apache.catalina.filters.FilterBase.init(FilterBase.java:52)
...

That was for :
>>   
>>   allow
>>   *\.example\.com
>>   

The OP cited Tomcat 8.5.16.

On 29.03.2018 21:50, Scott Shipp wrote:

Gah! Well at least it was easy. Thanks Andre that was exactly right and can't 
believe I overlooked that. Thanks again,

Scott



From: André Warnier (tomcat) 
Sent: Thursday, March 29, 2018 8:45 AM
To: users@tomcat.apache.org
Subject: Re: On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the 
property [allow] is not defined

On 29.03.2018 16:36, Scott Shipp wrote:

Hi everyone,


I'm having a problem I haven't been able to address after reading the manual, 
googling and searching Stack Overflow, and asking around to other Tomcat users 
I know.


I'm using Tomcat 8.5.16, and trying to set up a RemoteHostFilter. When I start 
the application with the RemoteHostFilter, it fails to startup with the 
following stack trace:


Exception starting filter [Remote Host Filter] javax.servlet.ServletException: 
The property [allow] is not defined for filters of type 
[org.apache.catalina.filters.RemoteHostFilter]
  at org.apache.catalina.filters.FilterBase.init(FilterBase.java:52)
  at 
org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:285)
  at 
org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:266)
  at 
org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:108)
  at 
org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4590)
  at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5233)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
  at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
  at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:988)
  at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1860)
  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
  at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  at java.lang.Thread.run(Thread.java:748)

I see the allow property mentioned in both the user guide documentation (here: 
https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#Remote_Host_Filter) 
and the javadoc (here: 
https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/filters/RemoteHostFilter.html).

Apache Tomcat 8 Configuration Reference (8.5.28 
...
tomcat.apache.org
The HTTP specification is clear that if no character set is specified for media sub-types 
of the "text" media type, the ISO-8859-1 character set must be used.



RemoteHostFilter (Apache Tomcat 8.5.29 API 
Documentation)
tomcat.apache.org
Extract the desired request property, and pass it (along with the specified 
request and response objects and associated filter chain) to the protected 
process ...




To troubleshoot, I set up a RemoteAddrFilter in my application's 
WEB-INF/web.xml using identical XML except for the value of the filter 
(obviously) and it works just fine.


Does anyone know what the "property [allow] is not defined" message means? I would intuit 
that it means there is no "allow" property at all in the RemoteHostFilter code, but I 
suppose it may also mean that the init-param xml tag is not the right one to use or that the value 
is unintelligible to Tomcat somehow.


Also, here's the relevant snippet from the web.xml, that I am trying to use:



  Remote Host Filter
  
org.apache.catalina.filters.RemoteHostFilter
  
  allow
  *\.example\.com
  
  
  denyStatus
  404
  
  

  
Remote Host Filter
/url/path
  



Hi.
I am not familiar with that filter, but I just looked at the doc you are 

RE: How to offer a link correction for the Tomcat docs?

[charlie arehart]

Thanks. I'm guessing someone fixed it before you looked, as I see now that it 
is fixed as well. (And same for the 7 doc.)

Now, if you may be tempted to say that you don’t think anyone had changed it 
recently, I would just offer here a screenshot of the 8 doc page, from the 
browser where I tripped over the problem (and which I had not reloaded since 
seeing your answer here). It clearly shows that it WAS wrong at some point. :-) 




And in case the image doesn’t make it through, here’s a dropbox link to it: 
https://www.dropbox.com/s/k9wivla0vwu91a1/ 

I can’t imagine any way I’d see that in my browser other than if the link was 
indeed wrong in the HTML. In fact, I was able to do a view source and there is 
was:

17) MBeans Descriptors

(But I realize that for some users it’s possible that the HTML I just pasted 
won’t show up.)

As always, just trying to help.

/charlie

 

-Original Message-
> From: Christopher Schultz  
> 

> Charlie,

> 

> 

> Can you give me a page reference? When looking at:

> http://tomcat.apache.org/tomcat-8.0-doc/index.html

> 

> The link has the proper URL.

 



 

> Specific page?   
> http://tomcat.apache.org/tomcat-7.0-doc/index.html looks okay to me.

> 

> - -chris

 

Re: On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the property [allow] is not defined

[Scott Shipp]

Gah! Well at least it was easy. Thanks Andre that was exactly right and can't 
believe I overlooked that. Thanks again,

Scott



From: André Warnier (tomcat) 
Sent: Thursday, March 29, 2018 8:45 AM
To: users@tomcat.apache.org
Subject: Re: On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the 
property [allow] is not defined

On 29.03.2018 16:36, Scott Shipp wrote:
> Hi everyone,
>
>
> I'm having a problem I haven't been able to address after reading the manual, 
> googling and searching Stack Overflow, and asking around to other Tomcat 
> users I know.
>
>
> I'm using Tomcat 8.5.16, and trying to set up a RemoteHostFilter. When I 
> start the application with the RemoteHostFilter, it fails to startup with the 
> following stack trace:
>
>
> Exception starting filter [Remote Host Filter] 
> javax.servlet.ServletException: The property [allow] is not defined for 
> filters of type [org.apache.catalina.filters.RemoteHostFilter]
>  at org.apache.catalina.filters.FilterBase.init(FilterBase.java:52)
>  at 
> org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:285)
>  at 
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:266)
>  at 
> org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:108)
>  at 
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4590)
>  at 
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5233)
>  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
>  at 
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
>  at 
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
>  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
>  at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:988)
>  at 
> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1860)
>  at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748)
>
> I see the allow property mentioned in both the user guide documentation 
> (here: 
> https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#Remote_Host_Filter)
>  and the javadoc (here: 
> https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/filters/RemoteHostFilter.html).
Apache Tomcat 8 Configuration Reference (8.5.28 
...
tomcat.apache.org
The HTTP specification is clear that if no character set is specified for media 
sub-types of the "text" media type, the ISO-8859-1 character set must be used.


> RemoteHostFilter (Apache Tomcat 8.5.29 API 
> Documentation)
> tomcat.apache.org
> Extract the desired request property, and pass it (along with the specified 
> request and response objects and associated filter chain) to the protected 
> process ...
>
>
>
>
> To troubleshoot, I set up a RemoteAddrFilter in my application's 
> WEB-INF/web.xml using identical XML except for the value of the filter 
> (obviously) and it works just fine.
>
>
> Does anyone know what the "property [allow] is not defined" message means? I 
> would intuit that it means there is no "allow" property at all in the 
> RemoteHostFilter code, but I suppose it may also mean that the init-param xml 
> tag is not the right one to use or that the value is unintelligible to Tomcat 
> somehow.
>
>
> Also, here's the relevant snippet from the web.xml, that I am trying to use:
>
>
> 
>  Remote Host Filter
>  
> org.apache.catalina.filters.RemoteHostFilter
>  
>  allow
>  *\.example\.com
>  
>  
>  denyStatus
>  404
>  
>  
>
>  
>Remote Host Filter
>/url/path
>  
>

Hi.
I am not familiar with that filter, but I just looked at the doc you are 
pointing to, and
I believe that the ** that you indicate above is invalid.  It 
should be a
regex, and the leading "*" there is wrong then.
Maybe it is just the error message that is wrong, and it is really complaining 
about the
value ?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting all JDBC configs from the context

[Shawn Heisey]

On 3/29/2018 10:00 AM, Christopher Schultz wrote:
> I don't bother with any of that garbage. I use Tomcat's Manager
> application and the JMXProxyServlet. It's an HTTP-to-JMX bridge, so
> your client just has to speak HTTP.

I'm not sure that the manager application is active on our install.  The
load balancer doesn't mention it, and I haven't seen it in the
Apache/AJP config either.  I think that in order for it to be enabled
and NOT be a potential security risk, access to it would need to be
strictly controlled.  I tried accessing /manager paths in various ways
(even direct to tomcat, bypassing haproxy and apache) and none of those
requests worked.  I didn't find any immediate evidence that it's enabled
under another context path either.  But I am the first to admit that I
am not very familiar with configuring Tomcat!

> You may also run into ClassLoader problems where BasicDataSource (as
> loaded by your ClassLoader) != BasicDataSource (as instantiated by
> Tomcat).

Are these problems mitigated by my usage of the fully qualified class
name in the object declaration and the cast?  That part of the code
actually came from one of our developers ... I probably would have
imported the class and used the bare class name.  Maybe I should use
getCanonicalName instead of getName on the DataSource object.  When I
can finally run the code for the first time, I'll have a better idea of
whether I need to make any changes.

> Have a look. It will probably be (slightly) more efficient than the
> code you wrote, and hey, you'll have less code to babysit. It also
> gives you trivial "shutdown" semantics...

I will do my own searching later, but do you happen to know of some good
documentation that covers the basics of implementing ExecutorService?

> ServletContextListener is the way to go. In fact, you should
> probably be using a ServletContextListener to *launch* this thread in
> the first place. So, in your init() method, create+launch the thread
> (or ExecutorService), and in the destroy() method, shut it all down.

You may have noticed the new reply where I included a paste for new
code, using ServletContextListener.  It's now *complete* code, instead
of a fragment.

Thanks,
Shawn


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: listeners

[Greg Kaszycki]

nevermind - the issue was that they have 2 web.xml files in the source tree
(don't know why) and I changed the wrong one.
BTW thanks for the earlier answers - that cleared up a lot

On Thu, Mar 29, 2018 at 12:31 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Greg,
>
> On 3/29/18 12:25 PM, Greg Kaszycki wrote:
> > On Thu, Mar 29, 2018 at 11:59 AM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >>
> >> Greg,
> >>
> > On 3/29/18 11:16 AM, Greg Kaszycki wrote:
>  Is there a way to query tomcat for registered listeners?
> >>
> >> There are tons of "listeners". What did you have in mind?
> >>
> >> You can get lots of stuff via JMX.
>
> > I am trying to register a listener and it doesn't seem to be
> > getting hit. I am trying to see if it is registered
>
> What kind of listener? How are you registering the listener? How are
> you checking to see if it is "getting hit"?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9FOQACgkQHPApP6U8
> pFh5sA/+P1TEVtufwh3gluxSj1d5bSq0BPluIWgeQY7ms6lsoYP8tucXvRrHeSgi
> OxY5UVmDhQXxvJog/Sjg5+HrcVhzLPh3KdsJh08Bg1V1xmswvNnCF9DeqCf0GXmm
> 2h8jLIihK5Vw7cf6boXHcR2qNTH8vaXtG0kmacbs8hjxkIvBJ5qe33l2tWZsSvAq
> NC2BSOVBGh+kJwIlTFVSffbdSELHbzd8hUU2zx4c/CRdGrmMIF3Kqgw8xJpfwdey
> 03xSIWmTSV9DwfznyQcGq6KfGq6fEJhf7J18Jl0N1P2SJjovpVrS+5NhmhpekxGK
> 1IhcFR0u3sNCxntQEtcoOzD3uZPA/Xey3n1cGqbcViqveJncGLcCSbsTJGQIltDg
> VcV1zpJUnnMdRktjLoiPNC7E2DWa9vJLmZZ5crN1VxQaV1zIbpo+ZJukcydnYi8V
> dLWAgI4VR7zUqTlQh32s/VN99rgabdHVS7mhThVFczHvCeYIlrnH5Uo6QLhunwnD
> vQkeX8ff3w1G2FgoOWhe6jxg2qfX2+j92DmQYxnlJhYiPvQ45R75zn1ew5/1DdP9
> UBchE9I6GV35Bx++M/dQSzr5qYU90hE8aVeK5f65R+g9l9h5ommJjKZJxSfh5Md6
> 0kkBVQv+CYXisnN/pugQxUe7N34xRpV6D76L/oabHMf3t4saXeI=
> =xwk9
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
Greg Kaszycki
919-244-3789

Re: tomcat jmx questions / help

[Rainer Jung]

Hi Chris,

Am 28.03.2018 um 21:06 schrieb Christopher Schultz:

Also, for some background:
https://tomcat.apache.org/presentations.html

Search the page for "jmx".


Good stuff, thanks for the pointer!

Regards,

Rainer


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Last chance for ApacheCon talk suggestions

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

Today is the last day for the CFP for ApacheCon NA.

If anyone would like a particular topic covered in Montréal in
September, NOW IS THE TIME to either sign-up to give your own talk (we
love presentations from the community!) or to request a particular
topic from the community.

If you have a topic, please respond to the CFP!
http://www.apachecon.com/acna18/schedule.html

If you want to see a topic covered, please reply and we'll see if we
can get a presenter to do it.

Thanks,
- -chris

PS I hope to see many of you in Montréal. I'm just excited that it's
in my usual timezone!
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9Kt4ACgkQHPApP6U8
pFjteA//Zeadgh5JpGcXXABF/TkMQb51FhGHc7KbMlOg92sXpSB0zmWwWJdms3iq
Of+F2swSvIEcdfkFaWXso0+3nmcFV45l1H5ugv6pxstWdbEUJf3cHu0fqBUqOoPL
4EOg7778hg2c+bqSqppUGgTiGS+a9DlSZoJw8MlzmmyeyvlglVmtsmyYvyAtS/LZ
/2WWEemkIxnFHt3tUdFancZpmq8MjpH5qQDM0js7rqarBW/LkqAOMtxRYxu+AVjJ
hD+2lZ0eca+2/qUdW4kujVCJWOz5gauOG2dpqhvD2FUa9eu6LLuTH1wlE4vG98q9
DV+sLMVd9OFnJkZefQMElkK0O3TL9a3WXBDSIV9+2raslxt0i2fnPVMXU+ES4mnc
bb0lnKidNAzU3VVmsKRk42vz4vV8Zj94rCyC2DJTMmWrqHTDp/kxf5QRf1+Ag6SG
H7CbgljH0Ko2vpFPpVhpLNG6avpwL/ZBwo8rab+TsbjRj7a4y/hOJxvpgtrCQYCa
K0whwJIFQl7bBldqUG018iGZ38WhGQS1ROfWPVDhbfiNQIYsYam9rBPGxUVr2OX6
sPO1FosOfhRAJgQYZNO29ojNqRkwz30U5sNHgJM/apbfc/XxkaKbVxEHInYdYEf1
BsM9w9U/2qSRLjIBp95cipoy+FZTdzhWUdHjZjPUc4t99YivtOo=
=bZ5V
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting all JDBC configs from the context

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Shawn,

On 3/29/18 12:00 PM, Christopher Schultz wrote:
> Shawn,
> 
> On 3/28/18 4:42 PM, Shawn Heisey wrote:
>> On 3/28/2018 1:18 PM, Christopher Schultz wrote:
 I would like to write a logging thread that can get ALL of
 the datasource objects from the context, and for types that
 it knows, cast them to the appropriate object to log the 
 active/idle connection counts.
>>> 
>>> It might be easier to do this via JMX.
> 
>> Perhaps.  But then I have to figure out how to get the program 
>> started with the sysprops that enable remote JMX.  The system
>> has no GUI, and we don't have any X-Windows infrastructure, so
>> running JDK tools locally on the Linux server is challenging.
>> Not impossible, just requires me to set up things that I don't
>> already have, to do X forwarding over SSH. With the logging
>> thread idea, we just need to update code, recompile, and
>> redeploy.
> 
> I don't bother with any of that garbage. I use Tomcat's Manager 
> application and the JMXProxyServlet. It's an HTTP-to-JMX bridge,
> so your client just has to speak HTTP.
> 
> I use it along with a Nagios plug-in to fetch things like (wait
> for it) DataSource pool stats :)

Have a look at:
http://people.apache.org/~schultz/ApacheCon%20NA%202016/Monitoring%20Apa
che%20Tomcat%20with%20JMX.pdf

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9JZ8ACgkQHPApP6U8
pFjf1A//ctmoJ0Vm8dO+2jyGaUIGIge8teeUd+IeyqH5AQ5mZ1g9mVrLT53Gx0B2
3DKV9XpcaD91sCK/0Xs9su63+IHZNKNvgxQASriQD/iZ4Ebbkv8aLaZcEfR5fBJC
cHU0n7DSKgDtX6vj3gSUb+A4KuNndbsEiXck9nSBxSr57OCJA4TEuTp6QTyXmekO
7Dtv1u0CpljPK4XxrMHJiCTsM7WSdEJQnSRbMQehQTF0fNLNk+wvaLosojBnLdJn
/x4naQh0tHTjyq96+oDIRRhSCFvHqQM1X7/n68eibAEHd2jvSyagleBVVBDyDSzj
bUzGaATkc7P6jkJiTm5nsIE6zrC/AoJcDaSamz5pXj2FTcdOTd9mSQ7Q+roQ70c/
g5VgG+FnZNqQHYG6tToqJiZ3DvPtlxp1o07psCFUOoSc3FRbK2+a0eiUCSbaZbJK
T3kdrN+zZke44EO8JKFtEh45bFF8M9mYeadLfuCgHM2G5T+8ni4HkOX5KPR0PTg7
FqdMk56n+wwEjRV8VDGLo3vASmRKT9DbUYsLpIdGFtAaHuuviPJqVgldd2eukKfm
5LhaB7mfAmk5i5DfBL9lZWqCa+SiGwe/MN5BN1BtVo1zxoRlnG3xdb411V/V69bX
VQFLAcNFV5Y5fMdDHI5eR4cRHF4W/bj72eRZgtLZRmh22fphzs0=
=CRLc
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to offer a link correction for the Tomcat docs?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Charlie,

On 3/29/18 12:41 PM, charlie arehart wrote:
>> From: Christopher Schultz  Sent:
>> Thursday, March 29, 2018 10:59 AM
>> 
> 
>> 
>>> Until that’s resolved, is this or another TC list a good place
>>> to report such a broken link, or other doc suggestion? Thanks.
>> 
>> Here is perfect.
>> 
>> Which link is broken?
>> 
>> - -chris
> 
> Thanks, and yep, I would indeed have preferred to add the
> observation as a comment there if I could have.  I hope someday
> that system is working again.
> 
> So the broken link is the one on the left nav there for "mbeans
> descriptor". While it should go to:
> 
> https://tomcat.apache.org/tomcat-8.0-doc/mbeans-descriptors-howto.html
>
>  It mistakenly tries to go to the following (missing the b in
> mbeans):
> 
> https://tomcat.apache.org/tomcat-8.0-doc/means-descriptors-howto.html

Can
> 
you give me a page reference? When looking at:
http://tomcat.apache.org/tomcat-8.0-doc/index.html

The link has the proper URL.

> FWIW, I have checked the other links on the left of that TC 8 User 
> Guide, and they otherwise do all work as expected.
> 
> Finally, the same error above was in the TC7 docs, if you have 
> ability to change those. Again, thanks for stepping in.

Specific page? http://tomcat.apache.org/tomcat-7.0-doc/index.html
looks okay to me.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9JPkACgkQHPApP6U8
pFhoQA/8DL9ykS4Ctyuc5xKFWnTVa39+KTRZg0+ZChXRgroSiqs6PEywgNQgFe/N
5t17hEyLb2ND54u+jdhu7UDWtF4CiFcDOoLrMCBScubuTv2SZNaDqv2ifCdQaoqL
fZVW/1MsN14j0VX8DeARz0cS+3T90cd3wvasoNCwDq+QpT8QxX+K/qKH/L2kKCQ4
lhXOZP7diHKjWbgzHrFfRmVNNAIRM6wtfHF6Em+e/VM4lZd3+JiyVL8OAy7L17gP
N4/lOFlo2vliHPKAZtrkzvoWvl7tANU6bIynWBuyOIAfoSw9imhSSO9xdvOlf0hc
HumRjnwusI9w8iPP5VkNjTdGYmpciZursbWdn318miuSkTf3prU58mAP+joCLlNp
fM+ZIPGFi4iqKZKACgy8cvrTu1wFgFU7hJIf40Er7YdymRse0KVT3ckvieMKxSu9
WPOTz+cBx8Wlk7UUsI//qS4jIqS/b+3Y9FTGT5RawtAILzloLJeBqYJhNMayahtm
WthJCsa1ZN9VCah+AYSc2K64Gm3dCm+zr6iYCNSNc7DddosINwfbjt0GygLH8z46
TgTu9ASnuoelQo0YBUKWj8n4pI7dBmmJPXNsbIDSCUUVj5b42PI/DR9hG8ZjYhId
XW9akUX5rteT1QvxzGuNF/aLFygEi3mDaCtzf9gYf4Tf9Jbv1As=
=KjY6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How to offer a link correction for the Tomcat docs?

[charlie arehart]

>From: André Warnier (tomcat)  
>
>Hi.
>I think that you are right, there is something not quite right, right now, 
>with the comment section (apparently on all pages).
>As I recall, it used to be that there was an editable section at the bottom of 
>each page, where one could actually write a comment related to the 
>documentation page in question.
>(And that would probably have been the right place to mention the problem).
>
>Now this seems to be replaced everywhere by a fixed message, with links, which 
>don't seem to lead to anywhere one could actually place a comment.
>
>I have no idea if this is intended, but it seems a bit kafka-esque.
>
>Also the top link of the left-hand menu (Docs Home), could be expected to lead 
>to a page covering the docs of all the versions. But instead of that, it seems 
>to loop to the same version on which one already is.

Yep, thanks for the commiseration, André. :-) Hope that comments section will 
someday be working again. There are actually other "opportunities for 
improvement" that I have seen and wanted to suggest, and now it's no wonder 
that such may exist, given the challenge proposing changes (and even with the 
"comment" mechanism it's not clear if anyone took ownership to make changes).

If there's a way to go about getting permission to actually make actual doc 
changes and push them for approval by the doc owner, I'd welcome the opp to 
through that process, to help out.

/charlie


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How to offer a link correction for the Tomcat docs?

[charlie arehart]

>From: Christopher Schultz  
>Sent: Thursday, March 29, 2018 10:59 AM
>

>
> > Until that’s resolved, is this or another TC list a good place to 
> > report such a broken link, or other doc suggestion? Thanks.
>
> Here is perfect.
> 
> Which link is broken?
>
> - -chris

Thanks, and yep, I would indeed have preferred to add the observation as a 
comment there if I could have.  I hope someday that system is working again.

So the broken link is the one on the left nav there for "mbeans descriptor". 
While it should go to:

https://tomcat.apache.org/tomcat-8.0-doc/mbeans-descriptors-howto.html

It mistakenly tries to go to the following (missing the b in mbeans):

https://tomcat.apache.org/tomcat-8.0-doc/means-descriptors-howto.html

FWIW, I have checked the other links on the left of that TC 8 User Guide, and 
they otherwise do all work as expected.

Finally, the same error above was in the TC7 docs, if you have ability to 
change those. Again, thanks for stepping in.

/charlie


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: listeners

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Greg,

On 3/29/18 12:25 PM, Greg Kaszycki wrote:
> On Thu, Mar 29, 2018 at 11:59 AM, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
>> 
>> Greg,
>> 
> On 3/29/18 11:16 AM, Greg Kaszycki wrote:
 Is there a way to query tomcat for registered listeners?
>> 
>> There are tons of "listeners". What did you have in mind?
>> 
>> You can get lots of stuff via JMX.

> I am trying to register a listener and it doesn't seem to be
> getting hit. I am trying to see if it is registered

What kind of listener? How are you registering the listener? How are
you checking to see if it is "getting hit"?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9FOQACgkQHPApP6U8
pFh5sA/+P1TEVtufwh3gluxSj1d5bSq0BPluIWgeQY7ms6lsoYP8tucXvRrHeSgi
OxY5UVmDhQXxvJog/Sjg5+HrcVhzLPh3KdsJh08Bg1V1xmswvNnCF9DeqCf0GXmm
2h8jLIihK5Vw7cf6boXHcR2qNTH8vaXtG0kmacbs8hjxkIvBJ5qe33l2tWZsSvAq
NC2BSOVBGh+kJwIlTFVSffbdSELHbzd8hUU2zx4c/CRdGrmMIF3Kqgw8xJpfwdey
03xSIWmTSV9DwfznyQcGq6KfGq6fEJhf7J18Jl0N1P2SJjovpVrS+5NhmhpekxGK
1IhcFR0u3sNCxntQEtcoOzD3uZPA/Xey3n1cGqbcViqveJncGLcCSbsTJGQIltDg
VcV1zpJUnnMdRktjLoiPNC7E2DWa9vJLmZZ5crN1VxQaV1zIbpo+ZJukcydnYi8V
dLWAgI4VR7zUqTlQh32s/VN99rgabdHVS7mhThVFczHvCeYIlrnH5Uo6QLhunwnD
vQkeX8ff3w1G2FgoOWhe6jxg2qfX2+j92DmQYxnlJhYiPvQ45R75zn1ew5/1DdP9
UBchE9I6GV35Bx++M/dQSzr5qYU90hE8aVeK5f65R+g9l9h5ommJjKZJxSfh5Md6
0kkBVQv+CYXisnN/pugQxUe7N34xRpV6D76L/oabHMf3t4saXeI=
=xwk9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: User session validation

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alex,

On 3/28/18 7:20 PM, Alex O'Ree wrote:
> Does tomcat do any validation on session id's based on up
> addresses? I'm thinking that if some one intercepts the session
> token and tries to use it from another ip address,  then it's
> feasible to detect this and invalidate the session.

This is basically a session-fixation attack[1]. Another flavor of the
attack is to simply guess a valid session id and take-over the session.

Tomcat does not include any capabilities to mitigate these attacks.
It's fairly easy to implement such a mitigation by using a Filter that
does something like this:


  void doFilter() {
session = request.getSession(false);
if(null != session) {
  if(!session.storedIP.equals(request.IP))
response.sendError(403);
}
// invoke the filer chain
  }

There are several problems with this technique, not the least of which
is that any proxy between you and the client will change the IP
address of the "client" such that multiple clients can look like a
single IP address. AOL is famous for all users coming from a small
number of IP addresses.

Another reason this might be a problem is with mobile devices. IP
addresses can change for various reasons. Forcing the user to
re-authenticate may be inconvenient in that setting.

Finally, guessing a valid session identifier is infeasible. Tomcat's
default 16-byte session id provides
340282366920938463463374607431768211456 possible session identifiers.
Assuming that java.util.SecureRandom provides sufficient entropy to
make all possible session identifiers equally possible, and an
attacker can try an Internet-melting 1,000,000,000 (1B) session
identifiers per second, it would take 10812500537664228356827 years to
perform an exhaustive search. Most session identifiers are only valid
for a few minutes or hours, so random guessing is simply infeasible.

As for interception of a valid session identifier, the solution is to
use TLS so interception is infeasible under most circumstances.

As for mitigations session-fixation specifically (where the attacker
tricks you into using a known session identifier for authentication),
Tomcat changes the session identifier when authentication occurs.
Assuming the attacker cannot see the request/response where the
authentication occurs (in which case, they could intercept the
username and password, therefore session-fixation isn't necessary),
only the legitimate user will see the session-identifier change, and
the attacker is thwarted.

Hope that helps,
- -chris

[1] https://en.wikipedia.org/wiki/Session_fixation
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9FJIACgkQHPApP6U8
pFhIuRAAkaYp2FQ2KeE6wyFeEszMIwZbm1eNwdpYWpxv0sxAu+nDfFZd0+Lej+fK
5CrNzR6fimgAmIxH6PEK+rJ6gpELLF1zBfbX34e8/cRkdw6oZP1xajNCXt8DbiPl
upnCkRDNv6XklkkvNikrW6RPnknEXMNIEayKz3gpLZ7J02PVNjQk8hHC2Z+r8BKC
C+VGyNMeNQbYegUVs6tf1bR0kbDCn4xr1s5+Urui2KS5ru59EiPN8NIA6uYdE1aq
HeJAbFRrywsjcK3r6mPzQmXIshOW0SWzNqorBUfiByAcjXVtipvCz5G/zgtKhsqn
0wNsZuT7Xd1Af0/5b+FYVd0U12ZTjSX1S77cvGufFw6OIRY2VEkni8Om0cdGiBKz
Hy88VDhyLSwGclZnxuKaj1GAGKktptv/iPACTZxpZrVUWaHR1f1HvFzDUVV4DWQ7
s9aRbCNdbRuUkvsLduGtI1EsqD1vmhDWhO01e3kd6OAaa6rCOJ9uXRbFOruwkg9E
qeqbTxHQTgJ3jC/3h+sQCvVQt29GCjtKHoRwDCCiIeU/oDsygy5kxXTJai9OjoF2
IaAeTa1XfM+Y+fz9pZOP560k2VtBc4cWucFKuffmMvyi/or8ChKJ3lD/a7mn9Hq3
vmLstp0MLl0cDSduhYm5YD7VPGf900F9YtcMWCIM6bb1S9lp9ac=
=1fdw
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: listeners

[Greg Kaszycki]

I am trying to register a listener and it doesn't seem to be getting hit.
I am trying to see if it is registered

On Thu, Mar 29, 2018 at 11:59 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Greg,
>
> On 3/29/18 11:16 AM, Greg Kaszycki wrote:
> > Is there a way to query tomcat for registered listeners?
>
> There are tons of "listeners". What did you have in mind?
>
> You can get lots of stuff via JMX.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9DXwACgkQHPApP6U8
> pFgw5A/+LgnYaXbo/3Rp1RngjqxEwvhDVn5tw12J3/o2QunjiXSW9X716Jxo/dBE
> +jevPLxvL01vKOzVVFOXlY0GHPJnN18jdEbZx1yLhMZWvjCSFW3JvNSvS66sbOJD
> IMiIc0peeKui9Ly1G4IknMPvbtzQHDbKu1brCUwswvldWWrMW6cPqMya49PFQoHP
> bFDDDvIeuSijDdiZPkGiKt27H6kqARbnuBcoup3ZbnNRVZpgiI7CMHsB19/jxp7E
> SkPfIjWFommxkHUms8UkMug1b/AjLM1PaI9fCMltRuOp4jki6PpDufCexB9uHaTF
> WJsyVHNwln4phjwTYGDW5r4NV11ThfdAx9fRnimCxlJL6w0cMnFYY5cJDn4mmXNQ
> lsDa4Rcbg0NQbmNzM/agPXqtLXY1NQHPGLl7VqXsGonLr2BoetH4Fah696fQOd+r
> c4wmIAu7JB5YOptcA6DbfDoPjISSWMeBQ5xnOu02Hew7nTb8/Zz1D9lMD3D2aqyK
> dfHpaQ204J2ZIeLMJu7N/k4Ol+gx52uzu+uI0Dy2n2LVc7/l2pCluUMRPabwF5Uc
> PlNP+8HYDtb1gdq6GcysbDlCFYXZzRRei/kHy5dgh93q1Tbmc+ImS7DlLTTDsjaM
> E2b+e6fZiFdPVC5lDUh2TPp3B5Fs6jTsJTpH3xP4BQWOAfXPdP4=
> =l/DJ
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
Greg Kaszycki
919-244-3789

Re: Is the thread status of tomcat 8.0.44 normal?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

이의준,

On 3/28/18 8:28 PM, 이의준 wrote:
> I posted the same question a few days ago, but it was not a
> satisfactory answer.
> 
> So I ask again.
> 
> 
> 
> Test sequence and inquiry contents
> 
> 1. In the local test, the same load (hp-jmeter) for tomcat 7, 8 5
> minutes,

What Java versions in each case?

> 2. Thread dump generated after 5 minutes of load termination
> 
> 3. Most Thread in Tomcat 7 is in TIME_WAITING state (normally OK)
> 
> 4. Thread in Tomcat 8 mostly RUNNABLE state (estimated to be
> abnormal)
> 
> Thread Final Stack - Below (reading something)
> 
> at org.apache.tomcat.jni.Socket.recvbb (Native Method)

These threads are blocked, reading from the socket. They are likely in
"keep-alive" status, meaning that they are waiting for the client to
send more data. These threads are not "busy".

> 5. Is the thread status of Tomcat 8 normal?

Yes.

> Please let us know if we need additional resources to analyze this
> issue.

Yous stack traces are showing threads in different states -- not just
different "thread states" but also doing different things. Some
threads are doing "nothing", waiting for the thread-pool to use them
for something. Other threads are waiting on data to arrive on the socket
.

If you wait for keepAliveTimeout ms, you should see the "RUNNABLE"
threads to into the "TIME_WAITING" status because they give-up on any
subsequent keep-alive request.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9EPsACgkQHPApP6U8
pFgP6hAAmprN368RAMi5BZK/zN/X70AaGefuahZhiMdWM01353g3nANMllFSQc65
N70JEpwr6sUJJgGqqqmpXDxn3A/Qj1pePxjB3jPhMcPAKtm61u+yULM4+fwrPftQ
Gw3mi7ULE3ywkUUMcDGW9+Ur3DneDLlwG0Xp6lnUO3Yu90QyLm9WCIsyNIMZhuya
I/+phfra3b5W8TI60S6LitdfdzJidxyjVmhBGI0FVjMWmyYURMHVBbuKZk7xePG4
m7bHlh39ZK1rjcU9oXbo8s4fiMPgmdmVKMOdKmdOEAYoDLHxu1kolCcu1NA1ev0k
v6t3SjSEr3jA2177Gb7kKG9NerFkt/3ZMylHizWTlWPNNi3A1r9N0XJK2Ft+TnI6
xd+Up/eRVZnyCrtQCn47sK6uJDXuoRiAsfsGejBYnF6e6RfDoIoKThn1uWLhe2Nk
KW8YHyPhChK/OeG3A254VelEqk3Qd4lEVMcTcFL8uLciOy0JeqJD7o+F3Y0HMwL4
b2iDgziX/GwqdIxPGmrDvImslmqq/RxC+w/x3ks6DaJiYliCmC7kqPZ1UeANHotq
yTdMieyUJuMa6gHgrFyClhtT/FxxeK+/sPt5t1sjRv+qR11iM7EWAkRGYFT6XET/
2hnQIRJeMksitbkykU6vpm9+tqoUF9Y+TPQM7R3xSvoZMTq0p8U=
=P+uc
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to offer a link correction for the Tomcat docs?

[tomcat]

On 29.03.2018 16:50, charlie arehart wrote:

Anyone have a suggestion of where better to ask this, if not here?


Hi.
I think that you are right, there is something not quite right, right now, with the 
comment section (apparently on all pages).
As I recall, it used to be that there was an editable section at the bottom of each page, 
where one could actually write a comment related to the documentation page in question.

(And that would probably have been the right place to mention the problem).

Now this seems to be replaced everywhere by a fixed message, with links, which don't seem 
to lead to anywhere one could actually place a comment.


I have no idea if this is intended, but it seems a bit kafka-esque.

Also the top link of the left-hand menu (Docs Home), could be expected to lead to a page 
covering the docs of all the versions. But instead of that, it seems to loop to the same 
version on which one already is.




/charlie

-Original Message-
From: charlie arehart 
Sent: Tuesday, March 27, 2018 05:05 PM
To: 'Tomcat Users List' 
Subject: How to offer a link correction for the Tomcat docs?

Greetings. I’m a new list member, though a fairly long-time Tomcat user.

I found a broken link in the Tomcat User Guide (8 and 7), on its left nav bar.  
How would I best go about reporting such a broken link in the Tomcat docs?

To be clear, while there is a comments section at the bottom of the doc pages, 
that points folks to https://tomcat.apache.org/tomcat-8.0-doc/comments.html to 
learn more, which in turn points to https://comments.apache.org/help.html. But 
that gets a 503 service unavailable error. I find a jira discussion indicating 
this is a long-standing issue, which was hoped to be solved by now: 
https://issues.apache.org/jira/browse/INFRA-15947.



Until that’s resolved, is this or another TC list a good place to report such a 
broken link, or other doc suggestion? Thanks.

/charlie



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HOME user folder change & tomcat HOME

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jérôme,

On 3/29/18 4:30 AM, Jérôme Redouté wrote:
> Le 28/03/2018 à 21:21, Christopher Schultz a écrit : Jérôme,
> 
> On 3/27/18 11:27 AM, Jérôme Redouté wrote:
 I've installed tomcat8 on Debian 9, to run a web App (XNAT)
 
 I've a proble concerning the HOME directory of my user
 "xnat".
 
 Before the HOME was, as expected, in /home/xnat
 
 but now (after deploying XNAT app), it moved to
 /var/lib/tomcat8
> Do you mean the HOME environment variable? Or something else?
> 
> Most "services" do not have a "HOME" in the usual sense.
> 
> Why do you need HOME to be something specific?
> 
>> yes, I mean the HOME variable for this user.
> 
>> user xnat is effectively the user that will run tomcat8 service. 
>> I don't need HOME to be specific, I need it to be at its original
>> and classical location "/home/xnat" and not in a tomcat related
>> directory...

Why not? Anything you need to do should probably be specified in a
configuration file that can be loaded without using $HOME. Your
application seems fragile.

>> My question is: who changed this HOME variable and how to reverse
>> it back Thank you

Tomcat itself does not change any environment variables other than:

PRGDIR(for internal use)
CLASSPATH (removes existing value before calling setenv.sh)
CATALINA_HOME (only if unset)
CATALINA_BASE (only if unset)
QIBM_MULTI_THREADED (on OS/400)
JDK_JAVA_OPTIONS (appends)

Any other changes to environment variables are being done by some
other component outside of Tomcat. Note that this could include
something your package-manager (Debian) has done.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9D1oACgkQHPApP6U8
pFg18g/7Bp5AtbreaMkMXe8brUDhQdNwTx/xFbm2dgqUmnyNRDfidbQ+fiS+KBA/
KMdPzTnjfGelbufKSPocOyzWuAbgDsYTXxeQwHXnzvy+axvDyfgRqJx/jemsFHjd
rv/Lfdih7Y2MYS7wa4WWmKfhKAU7xJEe7JU1yl788Iz/rWshQbBDiN4ItGaEiSTw
Uukt++DzHwHMHbbWWprqsUdj9wmlxctovveBxwq3AR02YuO0X64uhS/mdR+4AW6O
LZQAB9MM3xEALsKeKhCNKFptDY4MenXAz4pknEJg910zTcySLKvEX01JnFCrMlrY
USLJ2R931MdUlcvoJn6WYkyTc5ocSSmqBPOs7LD3NkEiGVLT62boklBegzHhVYov
zZCf5sFEqrSUXOIiGq+egBMmzSk8tOzJrFcJihYUofjx6eP3/yx1/gLRtguycgqU
L5iy3aksol4DMWRteGFaxFn9rnRP7RhRtXhfLRztidNJYUF5e6nY136x77wcFhcF
PaVCyyB7v3Ke7+YcotR427wc/OAxkMMky4C+rqKUtasnzzlurneGmCiyYARtqvyy
7Z3/rs9QzYEp7dA1L5Ow4QVrOGy3WbSsifs/7vVuhz2amaiiiSoj36aFM5Rz/2lv
9xaxemL7ZMFjEvh6A0df8LTjJvvTs1pgldlO1OVLYR9PY+nktNc=
=DXSU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting all JDBC configs from the context

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Shawn,

On 3/28/18 4:42 PM, Shawn Heisey wrote:
> On 3/28/2018 1:18 PM, Christopher Schultz wrote:
>>> I would like to write a logging thread that can get ALL of the 
>>> datasource objects from the context, and for types that it
>>> knows, cast them to the appropriate object to log the
>>> active/idle connection counts.
>> 
>> It might be easier to do this via JMX.
> 
> Perhaps.  But then I have to figure out how to get the program
> started with the sysprops that enable remote JMX.  The system has
> no GUI, and we don't have any X-Windows infrastructure, so running
> JDK tools locally on the Linux server is challenging.  Not
> impossible, just requires me to set up things that I don't already
> have, to do X forwarding over SSH. With the logging thread idea, we
> just need to update code, recompile, and redeploy.

I don't bother with any of that garbage. I use Tomcat's Manager
application and the JMXProxyServlet. It's an HTTP-to-JMX bridge, so
your client just has to speak HTTP.

I use it along with a Nagios plug-in to fetch things like (wait for
it) DataSource pool stats :)

>> Since you already have a compile-time dependency upon Tomcat,
>> there's no need to do class-name matching. Instead, just use
>> "instanceof" as before:
> 
> I did the code that way so that I can handle any type of
> DataSource object, even if we change our pool configurations, just
> by adding stanzas to the switch.  And the default case logs the
> class name if it's not handled explicitly, so I know what to add or
> change.  I went looking for a way to write a switch statement that
> utilizes instanceof, didn't find anything.

You're right, you can't. But string-comparisons are fragile.

You may also run into ClassLoader problems where BasicDataSource (as
loaded by your ClassLoader) != BasicDataSource (as instantiated by
Tomcat).

>> Instead of running a single thread that goes to sleep, maybe
>> consider using a ScheduledExecutorService with a simpler runnable
>> object that just logs the status a single time.
> 
> Sounds like a good idea.  That I have absolutely no idea how to 
> implement.  I used the hammer I know. :)

:)

Have a look. It will probably be (slightly) more efficient than the
code you wrote, and hey, you'll have less code to babysit. It also
gives you trivial "shutdown" semantics...

>> Don't forget to terminate the thread (or ExecutorService) when
>> the application is shutting-down, of you'll have a ClassLoader
>> (and a a huge memory) leak.
> 
> I did think about that, but I wasn't sure how to detect a shutdown.
> Is there something available that handles it easily and reliably
> with only a small code change?  Just now, I found the following
> page when I went looking for how to detect that (independent of the
> JVM shutting down):
> 
> http://www.deadcoderising.com/execute-code-on-webapp-startup-and-shutd
own-using-servletcontextlistener/

A
> 
ServletContextListener is the way to go. In fact, you should
probably be using a ServletContextListener to *launch* this thread in
the first place. So, in your init() method, create+launch the thread
(or ExecutorService), and in the destroy() method, shut it all down.

> I think I could use this to create the thread on application
> startup as well as making sure it shuts down cleanly.  It would
> mean that I can just create a new class for one of our applications
> and edit a config file, instead of monkeying with other people's
> code.

That's the idea.

> It's very encouraging to me that you picked up on the lack of
> shutdown handling.  It means I've got more than a sliver of your
> attention!

:)

- -chris

-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9DawACgkQHPApP6U8
pFgLQRAAu5cfpWcgkL7Di/HHuot5r+Hi7XL6PAPbi28GYiVbszLfh3QRaZVhcFx4
AANpVYs4n0y5W1sJZzG8lXdvokm3dY00zWkLTOzU9MW7kuh0b8eV3RXwlyA7dBcz
U+ndeU5o6iqvK7w6Z3kDHvSYbl28YEKz1Ff8SmdQ+GlEUOCSC9OcJlNoQ+dgpSAS
LGW20RHvhk1+j7au4ebMBZpvyh6rsUSdbTt0s6xbqE7raoYPUgQZS2ZmB9iHgGP5
o20Rgaf7F2MQ+LzDBg2uJPMvH0x5QUb3FrDJGgQCRfVJwqeSPruF4lUmS8cktVpK
CHOO/x6MXOGidbrFCBqcq7HN66UnJGVjK0bf/F/wU9RYjnAa9oT12Tn1mxGbP5Qr
8FiSmfA249j+DiMa57vQwD9SUS15V4Npm+sW2+2eamyG5tFbFfv7W/ZKjwzOwQBW
1tkyseCd4BBYPr1yksfvA2+eAE0s0Feamxt4+tF6x/0BZ0l/FA+aN8ZTSfcvM0Dh
5AyRPCJSIY8OpM+86Lk+LBo/hjJVuSiX99cQwb+mPMh9OZLKex8svHUqrJEr4si3
AB+eXA9LtfWWw5UqirXSdx4/oBCZCnegbOp2bw3DYnx8dZyGHTCsUoLkmFzVp4fP
QPbS8WSZVKjqSHIuWvsuhosHH47AsjUpoTE1zX9PJy6lbnZ9RGk=
=OtLy
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: listeners

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Greg,

On 3/29/18 11:16 AM, Greg Kaszycki wrote:
> Is there a way to query tomcat for registered listeners?

There are tons of "listeners". What did you have in mind?

You can get lots of stuff via JMX.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9DXwACgkQHPApP6U8
pFgw5A/+LgnYaXbo/3Rp1RngjqxEwvhDVn5tw12J3/o2QunjiXSW9X716Jxo/dBE
+jevPLxvL01vKOzVVFOXlY0GHPJnN18jdEbZx1yLhMZWvjCSFW3JvNSvS66sbOJD
IMiIc0peeKui9Ly1G4IknMPvbtzQHDbKu1brCUwswvldWWrMW6cPqMya49PFQoHP
bFDDDvIeuSijDdiZPkGiKt27H6kqARbnuBcoup3ZbnNRVZpgiI7CMHsB19/jxp7E
SkPfIjWFommxkHUms8UkMug1b/AjLM1PaI9fCMltRuOp4jki6PpDufCexB9uHaTF
WJsyVHNwln4phjwTYGDW5r4NV11ThfdAx9fRnimCxlJL6w0cMnFYY5cJDn4mmXNQ
lsDa4Rcbg0NQbmNzM/agPXqtLXY1NQHPGLl7VqXsGonLr2BoetH4Fah696fQOd+r
c4wmIAu7JB5YOptcA6DbfDoPjISSWMeBQ5xnOu02Hew7nTb8/Zz1D9lMD3D2aqyK
dfHpaQ204J2ZIeLMJu7N/k4Ol+gx52uzu+uI0Dy2n2LVc7/l2pCluUMRPabwF5Uc
PlNP+8HYDtb1gdq6GcysbDlCFYXZzRRei/kHy5dgh93q1Tbmc+ImS7DlLTTDsjaM
E2b+e6fZiFdPVC5lDUh2TPp3B5Fs6jTsJTpH3xP4BQWOAfXPdP4=
=l/DJ
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to offer a link correction for the Tomcat docs?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Charlie,

On 3/27/18 6:05 PM, charlie arehart wrote:
> Greetings. I’m a new list member, though a fairly long-time Tomcat
> user.
> 
> I found a broken link in the Tomcat User Guide (8 and 7), on its
> left nav bar.  How would I best go about reporting such a broken
> link in the Tomcat docs?
> 
> To be clear, while there is a comments section at the bottom of the
> doc pages, that points folks to
> https://tomcat.apache.org/tomcat-8.0-doc/comments.html to learn
> more, which in turn points to
> https://comments.apache.org/help.html.

Hmm. When I look at that page (comments.html), the "here" link at the
bottom of the page points to "./comments.html" which just takes me
back to the same page. Oops.

> But that gets a 503 service unavailable error. I find a jira
> discussion indicating this is a long-standing issue, which was
> hoped to be solved by now:
> https://issues.apache.org/jira/browse/INFRA-15947.

:(

> Until that’s resolved, is this or another TC list a good place to
> report such a broken link, or other doc suggestion? Thanks.

Here is perfect.

Which link is broken?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq9DS8ACgkQHPApP6U8
pFhodA/9H2TtNfzZ7VO1f4qrNu73k469kbOGJy3PmfETp8iyPFvKG7KxsNC2BX3/
le/CFg3ulchlHnR+sZj9WLfQTR1tU702/7LIud1sbJC7XINgphrde+DeYPcK9/pK
22pfPJ966CA8rGGYCFiGRpLYia/Xkuwm0PVe3Z6vgp2nnSxA8wnp7tuOrG96IFrk
SuR6RMo/ab5O6jIRLcckiGGGia8aYna0TaknUYQswAHI787tP8ta2ClzLycDzv0r
K6Ti8HQnI2rormhogrVV+FGxoL7G2Ujik8tME2Fd9ldHbhIiBshsGxwtpbatkX18
6KiKfO5fqcj5SOzTLNeuWz68u21oNcYYTkppxXnlm480NcBSEnVwhAnpT3AWiILw
Ilazi44chaW95hV6ZwalwhJAw4u7A5SKIMa+JeiJ49LVyA90GWOix2THuQi0YsGx
hKqdGAF9pCoQNwwV17krt1jX2vA0iq4Dg52zEWxVfmeYQD5yYap9fnQ9RtPwXZTf
6BonlMgYUvPrw+o6hhLGQx2HOedmHvwlW2sIlH2OHJgEXD3NG9hy8kseKTx0Uk3M
SQbuDAHXaUGgCBLb71SaJ1qWHQ1eYhJQuIF9Ya/nSxXYlA6XbaZStFaNenDoXSt3
a4z5OyvO+sLk9VL+wFMRj/W3QBNtQ/pD9xp1oB9VhixpLfhKkDk=
=Iloc
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the property [allow] is not defined

[tomcat]

On 29.03.2018 16:36, Scott Shipp wrote:

Hi everyone,


I'm having a problem I haven't been able to address after reading the manual, 
googling and searching Stack Overflow, and asking around to other Tomcat users 
I know.


I'm using Tomcat 8.5.16, and trying to set up a RemoteHostFilter. When I start 
the application with the RemoteHostFilter, it fails to startup with the 
following stack trace:


Exception starting filter [Remote Host Filter] javax.servlet.ServletException: 
The property [allow] is not defined for filters of type 
[org.apache.catalina.filters.RemoteHostFilter]
 at org.apache.catalina.filters.FilterBase.init(FilterBase.java:52)
 at 
org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:285)
 at 
org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:266)
 at 
org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:108)
 at 
org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4590)
 at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5233)
 at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
 at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
 at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
 at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
 at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:988)
 at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1860)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)

I see the allow property mentioned in both the user guide documentation (here: 
https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#Remote_Host_Filter) 
and the javadoc (here: 
https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/filters/RemoteHostFilter.html).
RemoteHostFilter (Apache Tomcat 8.5.29 API 
Documentation)
tomcat.apache.org
Extract the desired request property, and pass it (along with the specified 
request and response objects and associated filter chain) to the protected 
process ...




To troubleshoot, I set up a RemoteAddrFilter in my application's 
WEB-INF/web.xml using identical XML except for the value of the filter 
(obviously) and it works just fine.


Does anyone know what the "property [allow] is not defined" message means? I would intuit 
that it means there is no "allow" property at all in the RemoteHostFilter code, but I 
suppose it may also mean that the init-param xml tag is not the right one to use or that the value 
is unintelligible to Tomcat somehow.


Also, here's the relevant snippet from the web.xml, that I am trying to use:



 Remote Host Filter
 
org.apache.catalina.filters.RemoteHostFilter
 
 allow
 *\.example\.com
 
 
 denyStatus
 404
 
 

 
   Remote Host Filter
   /url/path
 



Hi.
I am not familiar with that filter, but I just looked at the doc you are pointing to, and 
I believe that the ** that you indicate above is invalid.  It should be a 
regex, and the leading "*" there is wrong then.
Maybe it is just the error message that is wrong, and it is really complaining about the 
value ?




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

listeners

[Greg Kaszycki]

Is there a way to query tomcat for registered listeners?

-- 
Greg Kaszycki
919-244-3789

RE: How to offer a link correction for the Tomcat docs?

[charlie arehart]

Anyone have a suggestion of where better to ask this, if not here?

/charlie

-Original Message-
From: charlie arehart  
Sent: Tuesday, March 27, 2018 05:05 PM
To: 'Tomcat Users List' 
Subject: How to offer a link correction for the Tomcat docs?

Greetings. I’m a new list member, though a fairly long-time Tomcat user. 

I found a broken link in the Tomcat User Guide (8 and 7), on its left nav bar.  
How would I best go about reporting such a broken link in the Tomcat docs?

To be clear, while there is a comments section at the bottom of the doc pages, 
that points folks to https://tomcat.apache.org/tomcat-8.0-doc/comments.html to 
learn more, which in turn points to https://comments.apache.org/help.html. But 
that gets a 503 service unavailable error. I find a jira discussion indicating 
this is a long-standing issue, which was hoped to be solved by now: 
https://issues.apache.org/jira/browse/INFRA-15947.



Until that’s resolved, is this or another TC list a good place to report such a 
broken link, or other doc suggestion? Thanks.

/charlie



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

On Tomcat 8.5.16, RemoteHostFilter throwing ServletException the property [allow] is not defined

[Scott Shipp]

Hi everyone,


I'm having a problem I haven't been able to address after reading the manual, 
googling and searching Stack Overflow, and asking around to other Tomcat users 
I know.


I'm using Tomcat 8.5.16, and trying to set up a RemoteHostFilter. When I start 
the application with the RemoteHostFilter, it fails to startup with the 
following stack trace:


Exception starting filter [Remote Host Filter] javax.servlet.ServletException: 
The property [allow] is not defined for filters of type 
[org.apache.catalina.filters.RemoteHostFilter]
at org.apache.catalina.filters.FilterBase.init(FilterBase.java:52)
at 
org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:285)
at 
org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:266)
at 
org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:108)
at 
org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4590)
at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5233)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:988)
at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1860)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

I see the allow property mentioned in both the user guide documentation (here: 
https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#Remote_Host_Filter) 
and the javadoc (here: 
https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/filters/RemoteHostFilter.html).
RemoteHostFilter (Apache Tomcat 8.5.29 API 
Documentation)
tomcat.apache.org
Extract the desired request property, and pass it (along with the specified 
request and response objects and associated filter chain) to the protected 
process ...




To troubleshoot, I set up a RemoteAddrFilter in my application's 
WEB-INF/web.xml using identical XML except for the value of the filter 
(obviously) and it works just fine.


Does anyone know what the "property [allow] is not defined" message means? I 
would intuit that it means there is no "allow" property at all in the 
RemoteHostFilter code, but I suppose it may also mean that the init-param xml 
tag is not the right one to use or that the value is unintelligible to Tomcat 
somehow.


Also, here's the relevant snippet from the web.xml, that I am trying to use:



Remote Host Filter

org.apache.catalina.filters.RemoteHostFilter

allow
*\.example\.com


denyStatus
404




  Remote Host Filter
  /url/path


Scott

java 10 with jpa eclipselink and tomcat 9

[Riccardo Cohen]

Hello
I'm using Tomcat 9.0.6 with java 1.8 and EclipseLink 
org.eclipse.persistence:org.eclipse.persistence.jpa:2.7.1


This works fine !

I try to migrate to java 10:
JAVA_VERSION="10"
JAVA_VERSION_DATE="2018-03-20"
downloaded into my mac today from 
https://download.java.net/java/GA/jdk10/10/binaries/openjdk-10_osx-x64_bin.tar.gz


I had to add 2 libraries :
    javax.activation:activation:1.1.1
    javax.xml.bind:jaxb-api:2.3.0

The server succeded to launch. But at launch time I have the info :

/[EL Warning]: metamodel: 2018-03-28 13:55:44.159--The collection of 
metamodel types is empty. Model classes may not have been found during 
entity search for Java SE and some Java EE container managed persistence 
units. Please verify that your entity classes are referenced in 
persistence.xml using either  elements or a global 
false element/


With java 10, the persistence.xml seems to be ignored. This is the 
content of the file :


http://java.sun.com/xml/ns/persistence;
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
    xsi:schemaLocation="http://java.sun.com/xml/ns/persistence 
http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd;

    version="2.0">
    
org.eclipse.persistence.jpa.PersistenceProvider
        Data.E5User
        Data.E5Witem
        
            value="java:comp/env/jdbc/wfdb"/>

Re: Getting all JDBC configs from the context

[Shawn Heisey]

On 3/28/2018 1:18 PM, Christopher Schultz wrote:

Don't forget to terminate the thread (or ExecutorService) when the
application is shutting-down, of you'll have a ClassLoader (and a a
huge memory) leak.


Here's a new paste, that I think addresses the thread leak problem.

https://paste.apache.org/rqaX

I've created a listener class that handles startup and shutdown.

Thanks,
Shawn


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HOME user folder change & tomcat HOME

[Jérôme Redouté]

Le 28/03/2018 à 21:21, Christopher Schultz a écrit :

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jérôme,

On 3/27/18 11:27 AM, Jérôme Redouté wrote:

I've installed tomcat8 on Debian 9, to run a web App (XNAT)

I've a proble concerning the HOME directory of my user "xnat".

Before the HOME was, as expected, in /home/xnat

but now (after deploying XNAT app), it moved to /var/lib/tomcat8

Do you mean the HOME environment variable? Or something else?

Most "services" do not have a "HOME" in the usual sense.

Why do you need HOME to be something specific?


yes, I mean the HOME variable for this user.

user xnat is effectively the user that will run tomcat8 service.
I don't need HOME to be specific, I need it to be at its original and 
classical location "/home/xnat" and not in a tomcat related directory...

My question is: who changed this HOME variable and how to reverse it back
Thank you






- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq76zgACgkQHPApP6U8
pFgIyA//ZNyQ3dpfRdANup+Gzfn5efwAbjRoEUIlpa/fjNbl6odq2V6pTlm7cyaA
MO77HYA07KaiK7G/MImBSjqIbLodPnFMyicLeBUFFh9A+nurTHT4PfXaHSjvluA3
fKuPjiNciiUuAWxNk2I6rDMcmIskmIFaM2U9CM3NiNk9jInjBSxtragxRh/pD3mB
oc9DShTnW96SW25zJf5ZDUnuS202hhO8F7s07d9dxVDoDXdDdMEbeEhz4eHIcoWk
tSiNwhpPXEoUILtiemYyk/1tA/BJoWY+oqMeeD+4Qf3KV5JX7UjK1tcfqO4qhE4F
O9s3OMP3g9WyHqRCsUz5smZ5zjDLouK5zE7M6DHhnwHmjuhU+MindSBkTBa8nkO3
CMfYieTPcsZPuCiexSiPVVNEewrK9+ijBj5Tf6M4BeLyTEvvN0lob6dGt5vKsnAS
kpxtOmAqZnT5C4hcxdgYXN7tyiSj9OCsYaESw/hl//4Z67/wbbVvdz8FKMQ6KHH8
ccvQ2OSMoOfvyyph1JXG4mC/vKkge7KQGdMx6LNu8dEFyJeKUZZfi9k8dH7Dvm2m
3HT/D28+MdvxV2smlijCgPBSdksc8CcIPPKQDmos2aMDQ9Ehb5ePqNWq5TWwLBRt
FUwm308+Hatdj1zkMQjmWoRvNs4sPTRaFbaPUptrljB5pF8tEPc=
=y8u/
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



--
==
Jérôme Redouté
Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1
Responsable imageur TEP-TDM
CERMEP - Imagerie du vivant
59 Bd Pinel. 69677 Bron - FRANCE
tel : 33 (0)4 72 68 86 18 (bureau)
tel : 33 (0)4 72 68 86 00 (standard)
fax : 33 (0)4 72 68 86 10
==



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org