Re: Database connection pooling ..

[John Dale (DB2DOM)]

Good info here.

Commons IS very busy, aren't they.

Lots of good tools in there ..

John


On 4/11/23, Christopher Schultz  wrote:
> Bruno,
>
> On 4/11/23 12:51, BRUNO MELLONI wrote:
>> I used org.apache.commons.dbcp2.BasicDataSource as my default
>> DataSource for over a decade in both Tomcat and standalone apps.
>> Very reliable.
> Note that you are talking about commons-dbcp2 and John was asking about
> tomcat-pool (which is a different product).
>
> Tomcat uses commons-dbcp2 by default, but can be configured to use its
> own tomcat-pool as well.
>
> IMHO I would prefer commons-dbcp2 over tomcat-pool just because it has
> such a huge user-base in comparison, and it's got a dedicated team
> working on it. tomcat-pool doesn't get much attention around here...
> it's just kind of "done".
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: just wondering.. encryption in context.xml?

[John Dale (DB2DOM)]

This might be one way to elevate compliance.

If you can read the database password from the database, you win (some
sort of) prizes.  :D

Search for Plain Ol' Java:
http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html

JBoss used to compile the password into a runtime IOC pattern, but it
could still be hacked, but not as likely to have a day-to-day systems
admin stumble upon it.


On 4/8/23, Kevin Huntly  wrote:
> okay that's fair
>
> On Sat, Apr 8, 2023, 14:31 Thomas Hoffmann (Speed4Trade GmbH)
>  wrote:
>
>> Hello,
>>
>> > -Ursprüngliche Nachricht-
>> > Von: Kevin Huntly 
>> > Gesendet: Samstag, 8. April 2023 19:40
>> > An: users@tomcat.apache.org
>> > Betreff: just wondering.. encryption in context.xml?
>> >
>> > is there currently a method for encrypting or otherwise obfuscating
>> passwords
>> > (like for MySQL) in the context.mxl
>> > 
>> >
>> > Kevin Huntly
>> > Email: kmhun...@gmail.com
>> > Cell: 716/424-3311
>> > 
>>
>> You might use environment variables or java system properties.
>> If someone has access to your context.xml, then your server is
>> compromised
>> anyway.
>>
>> Greetings,
>> Thomas
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Database connection pooling ..

[John Dale (DB2DOM)]

Has anyone tried using the Tomcat 10 DBCP from a standalone java app?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Logging

[John Dale (DB2DOM)]

Good coding does customer service.

I wanted to thank whoever put this in the logs. :)

28-Mar-2023 06:56:26.974 WARNING [main]
org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.getObjectInstance
Name = model Property maxActive is not used in DBCP2, use maxTotal
instead. maxTotal default value is 8. You have set value of "100" for
"maxActive" property, which is being ignored.

Sincerely,

John Dale, MS MIS
DB2DOM.COM

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: service() failed with http error 502

[John Dale (DB2DOM)]

yes .. gotta get that port correct.  It's been awhile since I've
needed to run  command line HTTP request.  :)

On 3/22/23, Kevin Huntly  wrote:
> Just wondering, are you able to telnet from your webserver into the Tomcat
> server over the appropriate port? e.g. 8443 or whatnot - whatever is
> configured in Tomcat's server.xml
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Wed, Mar 22, 2023 at 3:22 PM Luis Ramos 
> wrote:
>
>> Hi List.
>> In and around last windows updates for our WIN2019 box, our tomcat
>> connector start to fail with the below error message.
>> Setup is IIS 10->ISAPI connector => Tomcat 9 ->
>> https://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
>> Has someone seen this behaivor?
>> To be able to open the system I am bypassing the connector and listening
>> in port 443 in server.xml directly.
>>
>>
>>
>> [Wed Mar 22 15:08:46.746 2023] [10780:14112] [error]
>> ajp_connection_tcp_get_message::jk_ajp_common.c (1408): (tomcat01) wrong
>> message size 18441 8192 from ::1:8009
>> [Wed Mar 22 15:08:46.751 2023] [10780:14112] [error]
>> ajp_get_reply::jk_ajp_common.c (2285): (tomcat01) Tomcat is down or
>> network
>> problems. Part of the response has already been sent to the client
>> [Wed Mar 22 15:08:46.753 2023] [10780:14112] [info]
>> ajp_service::jk_ajp_common.c (2774): (tomcat01) sending request to tomcat
>> failed (recoverable), because of protocol error (attempt=1)
>> [Wed Mar 22 15:08:46.860 2023] [10780:14112] [error]
>> ajp_connection_tcp_get_message::jk_ajp_common.c (1408): (tomcat01) wrong
>> message size 18441 8192 from ::1:8009
>> [Wed Mar 22 15:08:46.865 2023] [10780:14112] [error]
>> ajp_get_reply::jk_ajp_common.c (2285): (tomcat01) Tomcat is down or
>> network
>> problems. Part of the response has already been sent to the client
>> [Wed Mar 22 15:08:46.868 2023] [10780:14112] [info]
>> ajp_service::jk_ajp_common.c (2774): (tomcat01) sending request to tomcat
>> failed (recoverable), because of protocol error (attempt=2)
>> [Wed Mar 22 15:08:46.871 2023] [10780:14112] [error]
>> ajp_service::jk_ajp_common.c (2795): (tomcat01) connecting to tomcat
>> failed
>> (rc=-11, errors=1, client_errors=0).
>> [Wed Mar 22 15:08:46.873 2023] [10780:14112] [error]
>> HttpExtensionProc::jk_isapi_plugin.c (2123): service() failed with http
>> error 502
>>
>> This e-mail message, including any attachment(s), is confidential and may
>> also be legally privileged. It is intended solely for the addresse(s) and
>> others authorized to receive it. If you are not the intended recipient
>> you
>> are hereby notified that any disclosure, copying, distribution or taking
>> any action in reliance on the contents of this email is strictly
>> prohibited
>> and may be unlawful. If you have received this e-mail in error you are
>> requested to delete it from your system and to notify us by replying to
>> this message immediately. CNT Infotech is not liable for the improper
>> transmission of this message nor for any damage sustained as a result of
>> this message.
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

"WTH" - holy heck!  :D

Polymorphism, abstraction of interfaces .. standar OO, but definitely
not kids stuff to get everything to spec/standard (including the SQL
or proc invocations)!

:)

JDBC has been a very good interface despite/after O/R M challenges met.

Sysadmin is my second language to database design and JSON morphism.


On 3/21/23, Christopher Schultz  wrote:
> Kevin,
>
> On 3/20/23 20:12, Kevin Huntly wrote:
>> I actually fixed (well, figured out) the MySQL problem - it looks like
>> it's
>> hard coded to a 2048b DH key, but I configured my servers for CIS level 2
>> which wants a minimum 3072. I can update the openssl config to utilize a
>> lower security level and it works just fine.
>
> When you say "hard coded" what exactly do you mean? You can change the
> key+cert at any time.
>
>> I don't want to do that, but I don't want to have a nonsecure instance
>> either. so im probably going to go with an ssh tunnel since this is just
>> dev and it won't be going to production (our prod is db2)
>
> Sounds like:
> 1. This is dev, so you should fix your key+cert instead of hacking stunnel
> 2. You are using different databases in different environments. WTH?
>
> -chris
>
>> On Mon, Mar 20, 2023, 20:09 Christopher Schultz <
>> ch...@christopherschultz.net> wrote:
>>
>>> Kevin,
>>>
>>> On 3/18/23 19:04, Kevin Huntly wrote:
>>>> I can't use tomcat 10 because of the switch to jakarta for the servlet
>>>> container - I'd have to rewrite a lot of code. That being said, I got
>>>> it
>>>> fixed:
>>>>
>>>> All JDBC and JNDI lookups were prefixed with "java:comp/env/" and
>>>> things
>>>> worked. Clearly, IBM's WebSphere does this for you, since that's
>>> primarily
>>>> what I develop against...
>>>
>>> I had to read the whole thread to find this ^^^. You are correct, Tomcat
>>> gives you an initial context that is rooted at, well, the root of the
>>> JNDI tree. IMHO any product that locks you into java:comp/env is doing
>>> you a disservice.
>>>
>>> It wasn't clear to me whether you were using Tomcat's "global naming
>>> resources" or per-context resources. Your posted snippets have all
>>> expired so I couldn't look at them.
>>>
>>> But it looks like you have everything working, so ... great!
>>>
>>> You mentioned having a MySQL/MariaDB admin question. Please post that
>>> separately (different thread, different subject) and annotate it with a
>>> "[OT]" prefix to indicate that it's off-topic. We may have answers for
>>> you (I know a lot about MySQL/MariaDB) but this isn't the "correct"
>>> forum for such questions, hence the "off-topic" moniker.
>>>
>>> -chris
>>>
>>>> 
>>>>
>>>> Kevin Huntly
>>>> Email: kmhun...@gmail.com
>>>> Cell: 716/424-3311
>>>> 
>>>>
>>>> -BEGIN GEEK CODE BLOCK-
>>>> Version: 1.0
>>>> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>>>> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>>>> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>>>> G++ e(+) h--- r+++ y+++*
>>>> --END GEEK CODE BLOCK--
>>>>
>>>>
>>>> On Sat, Mar 18, 2023 at 6:31 PM John Dale (DB2DOM) 
>>>> wrote:
>>>>
>>>>> Here's what I use for development:
>>>>>
>>>>> apache-tomcat-10.0.6
>>>>>
>>>>> java --version
>>>>> openjdk 11.0.9.1 2020-11-04
>>>>> OpenJDK Runtime Environment (build 11.0.9.1+1-post-Raspbian-1deb10u2)
>>>>> OpenJDK Server VM (build 11.0.9.1+1-post-Raspbian-1deb10u2, mixed
>>>>> mode)
>>>>>
>>>>> I have tremendous success running this combination.
>>>>>
>>>>> For production ..
>>>>>
>>>>> Raspbian flows through to ubuntu/debian with practically no issues
>>>>> except Pi has a problem with ipchainining and NAT.
>>>>>
>>>>> Start firing away to jcdw...@gmail.com with questions regarding MySQL.
>>>>>
>>>>> I'll do what I can.
>>>>>
>>>>> John
>>>>>
>>>>>
>>>>> On 3/18/23, Kevin Huntly  wrote:
>>>>&g

Re: Unable to start application

[John Dale (DB2DOM)]

Glad to hear this was identified and you have a workaround.

Software sure does get messy sometimes .. most folks don't appreciate
the difficulty of the work.

On 3/20/23, Kevin Huntly  wrote:
> Hey Chris!
>
> I actually fixed (well, figured out) the MySQL problem - it looks like it's
> hard coded to a 2048b DH key, but I configured my servers for CIS level 2
> which wants a minimum 3072. I can update the openssl config to utilize a
> lower security level and it works just fine.
>
> I don't want to do that, but I don't want to have a nonsecure instance
> either. so im probably going to go with an ssh tunnel since this is just
> dev and it won't be going to production (our prod is db2)
>
> On Mon, Mar 20, 2023, 20:09 Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Kevin,
>>
>> On 3/18/23 19:04, Kevin Huntly wrote:
>> > I can't use tomcat 10 because of the switch to jakarta for the servlet
>> > container - I'd have to rewrite a lot of code. That being said, I got
>> > it
>> > fixed:
>> >
>> > All JDBC and JNDI lookups were prefixed with "java:comp/env/" and
>> > things
>> > worked. Clearly, IBM's WebSphere does this for you, since that's
>> primarily
>> > what I develop against...
>>
>> I had to read the whole thread to find this ^^^. You are correct, Tomcat
>> gives you an initial context that is rooted at, well, the root of the
>> JNDI tree. IMHO any product that locks you into java:comp/env is doing
>> you a disservice.
>>
>> It wasn't clear to me whether you were using Tomcat's "global naming
>> resources" or per-context resources. Your posted snippets have all
>> expired so I couldn't look at them.
>>
>> But it looks like you have everything working, so ... great!
>>
>> You mentioned having a MySQL/MariaDB admin question. Please post that
>> separately (different thread, different subject) and annotate it with a
>> "[OT]" prefix to indicate that it's off-topic. We may have answers for
>> you (I know a lot about MySQL/MariaDB) but this isn't the "correct"
>> forum for such questions, hence the "off-topic" moniker.
>>
>> -chris
>>
>> > 
>> >
>> > Kevin Huntly
>> > Email: kmhun...@gmail.com
>> > Cell: 716/424-3311
>> > 
>> >
>> > -BEGIN GEEK CODE BLOCK-
>> > Version: 1.0
>> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> > PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> > G++ e(+) h--- r+++ y+++*
>> > --END GEEK CODE BLOCK--
>> >
>> >
>> > On Sat, Mar 18, 2023 at 6:31 PM John Dale (DB2DOM) 
>> > wrote:
>> >
>> >> Here's what I use for development:
>> >>
>> >> apache-tomcat-10.0.6
>> >>
>> >> java --version
>> >> openjdk 11.0.9.1 2020-11-04
>> >> OpenJDK Runtime Environment (build 11.0.9.1+1-post-Raspbian-1deb10u2)
>> >> OpenJDK Server VM (build 11.0.9.1+1-post-Raspbian-1deb10u2, mixed
>> >> mode)
>> >>
>> >> I have tremendous success running this combination.
>> >>
>> >> For production ..
>> >>
>> >> Raspbian flows through to ubuntu/debian with practically no issues
>> >> except Pi has a problem with ipchainining and NAT.
>> >>
>> >> Start firing away to jcdw...@gmail.com with questions regarding MySQL.
>> >>
>> >> I'll do what I can.
>> >>
>> >> John
>> >>
>> >>
>> >> On 3/18/23, Kevin Huntly  wrote:
>> >>> Hey Everyone,
>> >>>
>> >>> Is this possibly happening because I'm using JDK19 and not 8 or 9?
>> >>> 
>> >>>
>> >>> Kevin Huntly
>> >>> Email: kmhun...@gmail.com
>> >>> Cell: 716/424-3311
>> >>> 
>> >>>
>> >>> -BEGIN GEEK CODE BLOCK-
>> >>> Version: 1.0
>> >>> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> >>> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> >>> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> >>> G++ e(+) h--- r+++ y+++*
>> >>> --END GEEK CODE BLOCK--
>> >>>
&

Re: Unable to start application

[John Dale (DB2DOM)]

Here's what I use for development:

apache-tomcat-10.0.6

java --version
openjdk 11.0.9.1 2020-11-04
OpenJDK Runtime Environment (build 11.0.9.1+1-post-Raspbian-1deb10u2)
OpenJDK Server VM (build 11.0.9.1+1-post-Raspbian-1deb10u2, mixed mode)

I have tremendous success running this combination.

For production ..

Raspbian flows through to ubuntu/debian with practically no issues
except Pi has a problem with ipchainining and NAT.

Start firing away to jcdw...@gmail.com with questions regarding MySQL.

I'll do what I can.

John


On 3/18/23, Kevin Huntly  wrote:
> Hey Everyone,
>
> Is this possibly happening because I'm using JDK19 and not 8 or 9?
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Sat, Mar 18, 2023 at 5:10 PM Kevin Huntly  wrote:
>
>> Hey John - if you're out there can you email me direct? I have a MySQL
>> admin question if you have the time and the inclination
>> 
>>
>> Kevin Huntly
>> Email: kmhun...@gmail.com
>> Cell: 716/424-3311
>> 
>>
>> -BEGIN GEEK CODE BLOCK-
>> Version: 1.0
>> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> G++ e(+) h--- r+++ y+++*
>> --END GEEK CODE BLOCK--
>>
>>
>> On Sat, Mar 18, 2023 at 1:40 PM Kevin Huntly  wrote:
>>
>>> any other ideas guys? I want to migrate a bunch of really awful apps off
>>> our primary application server so they don't cause us headaches anymore.
>>> if
>>> I can't get one app working I have no hope of getting others to work lol
>>>
>>> On Sat, Mar 18, 2023, 09:16 John Dale (DB2DOM) 
>>> wrote:
>>>
>>>> Thanks Mark - are statics reloaded now, too?
>>>>
>>>> I touch web.xml and it's reloaded successfully hundreds of times.
>>>>
>>>> But I don't use war files so I can use git to version and transfer my
>>>> builds ... maybe that's the reason?
>>>>
>>>> John
>>>>
>>>>
>>>> On 3/18/23, Mark Thomas  wrote:
>>>> > On 17/03/2023 23:18, John Dale (DB2DOM) wrote:
>>>> >> ok - "mnet" should be "ment"
>>>> >
>>>> >  From the logs excerpt I saw earlier in the thread, that needs fixing
>>>> > (although it was only a test element). I don't think it will break
>>>> > anything else but better to remove the noise from the logs.
>>>> >
>>>> >> I figured I'd spell that out and behave like a compiler.  :)
>>>> >>
>>>> >> I would also move that configuration into server.xml (it's a major
>>>> >> difference between your configuration and mine).
>>>> >
>>>> > That configuration style is NOT recommended. It means you have no
>>>> choice
>>>> > but to restart Tomcat if you change the Context configuration. If it
>>>> > is
>>>> > in a separate Context file, Tomcat will reload the web application
>>>> > automatically if you change the Context file.
>>>> >
>>>> > Stick with:
>>>> >
>>>> /opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml
>>>> >
>>>> > Do NOT specify a path attribute for the Context. It will be ignored.
>>>> >
>>>> > Where is the JDBC driver located? It needs to be in
>>>> ${CATALINA_BASE}/lib
>>>> > and not part of the WAR.
>>>> >
>>>> > Can we see the full logs from a clean start-up please?
>>>> >
>>>> > Mark
>>>> >
>>>> >
>>>> >>
>>>> >> Lastly, maybe to help debug a future issue, did you compile your
>>>> >> project files against the tomcat libs included with your
>>>> >> distribution,
>>>> >> or did you drop them into this version of tomcat from another
>>>> >> version?
>>>> >>   Probably won'

Re: SSL issue

[John Dale (DB2DOM)]

Noted - excellent!

On 3/18/23, Kevin Huntly  wrote:
> I was able to read the keystore with both openssl and keytool, but for some
> reason the private key within the pkcs#12 file had a different password
> than the keystone password. I ended up just rebuilding the cert and the
> keystore, and it's working now. Thanks !
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Sat, Mar 18, 2023 at 3:27 PM Thomas Hoffmann (Speed4Trade GmbH)
>  wrote:
>
>> Hello,
>>
>> the relevant error is:
>> Caused by: javax.crypto.BadPaddingException: Given final block not
>> properly padded. Such issues can arise if a bad key is used during
>> decryption.
>>
>> It seems there is something wrong with your keystore.
>> Are both, private and public key in the p12 file?
>> Can you check the contents with keytool?
>> Alternatively, you can also use pem files, they are more readable than
>> p12.
>>
>> Greetings, Thomas
>>
>> > -Ursprüngliche Nachricht-
>> > Von: Kevin Huntly 
>> > Gesendet: Samstag, 18. März 2023 19:15
>> > An: users@tomcat.apache.org
>> > Betreff: SSL issue
>> >
>> > Hello Everyone,
>> >
>> > I'm having an issue with my SSL connector:
>> >
>> > 
>> > 18-Mar-2023 14:12:46.996 SEVERE [main]
>> > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
>> > to
>> > initialize component
>> [Connector[org.apache.coyote.http11.Http11Nio2Protocol-
>> > 8443]]
>> > org.apache.catalina.LifecycleException: Protocol handler
>> initialization
>> > failed
>> > at
>> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1014)
>> > at
>> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> > at
>> >
>> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549
>> > )
>> > at
>> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> > at
>> >
>> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1032)
>> > at
>> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> > at
>> > org.apache.catalina.startup.Catalina.load(Catalina.java:724)
>> > at
>> > org.apache.catalina.startup.Catalina.load(Catalina.java:746)
>> > at
>> >
>> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMeth
>> > odHandleAccessor.java:104)
>> > at
>> > java.base/java.lang.reflect.Method.invoke(Method.java:578)
>> > at
>> > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307)
>> > at
>> > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477)
>> > Caused by: java.lang.IllegalArgumentException: Get Key failed:
>> > Given final block not properly padded. Such issues can arise if a bad
>> key is used
>> > during decryption.
>> > at
>> > org.apache.tomcat.util.net
>> .AbstractJsseEndpoint.createSSLContext(AbstractJsse
>> > Endpoint.java:107)
>> > at
>> > org.apache.tomcat.util.net
>> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi
>> > nt.java:71)
>> > at
>> > org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146)
>> > at
>> > org.apache.tomcat.util.net
>> .AbstractEndpoint.bindWithCleanup(AbstractEndpoin
>> > t.java:1302)
>> > at
>> > org.apache.tomcat.util.net
>> .AbstractEndpoint.init(AbstractEndpoint.java:1315)
>> > at
>> > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652)
>> > at
>> >
>> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j
>> > ava:75)
>> > at
>> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1012)
>> > ... 11 more
>> > Caused by: java.security.UnrecoverableKeyException: Get Key
>> failed:
>> > Given final block not properly padded. Such issues can arise if a bad
>> key is used
>> > during decryption.
>> > at
>> >
>> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.j
>> > ava:454)
>> > at
>> >
>> java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator
>> > .java:91)
>> > at
>> > java.base/java.security.KeyStore.getKey(KeyStore.java:1077)
>> > at
>> > org.apache.tomcat.util.net
>> .SSLUtilBase.getKeyManagers(SSLUtilBase.java:353)
>> > at
>> > org.apache.tomcat.util.net
>> .SSLUtilBase.createSSLContext(SSLUtilBase.java:246)
>> > at
>> 

Re: SSL issue

[John Dale (DB2DOM)]

What kind of key are you using?

I generate my certs with certbot.

The result needs to be converted thusly to be used:
openssl pkcs12 -export -out mykey-bundle.pfx -inkey myprivkey.pem -in
cert.pem -certfile chain.pem -password
pass:superdupersecretnoteventhealiensknow

Is this a possible source of the issue?


On 3/18/23, Kevin Huntly  wrote:
> Hello Everyone,
>
> I'm having an issue with my SSL connector:
>
> 
> 18-Mar-2023 14:12:46.996 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component
> [Connector[org.apache.coyote.http11.Http11Nio2Protocol-8443]]
> org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1014)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1032)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:724)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:746)
> at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> at
> java.base/java.lang.reflect.Method.invoke(Method.java:578)
> at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307)
> at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477)
> Caused by: java.lang.IllegalArgumentException: Get Key failed:
> Given final block not properly padded. Such issues can arise if a bad key
> is used during decryption.
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
> at
> org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1302)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1315)
> at
> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1012)
> ... 11 more
> Caused by: java.security.UnrecoverableKeyException: Get Key failed:
> Given final block not properly padded. Such issues can arise if a bad key
> is used during decryption.
> at
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:454)
> at
> java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:91)
> at
> java.base/java.security.KeyStore.getKey(KeyStore.java:1077)
> at
> org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:353)
> at
> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
> ... 18 more
> Caused by: javax.crypto.BadPaddingException: Given final block not
> properly padded. Such issues can arise if a bad key is used during
> decryption.
> at
> java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:861)
> at
> java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:941)
> at
> java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:734)
> at
> java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:310)
> at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2207)
> at
> java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:370)
> at
> java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:257)
> at
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:361)
> ... 23 more
> 
>
> And my SSL config:
>
> 
>  protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
> address="0.0.0.0" port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" 

Re: Unable to start application

[John Dale (DB2DOM)]

Thanks Mark - are statics reloaded now, too?

I touch web.xml and it's reloaded successfully hundreds of times.

But I don't use war files so I can use git to version and transfer my
builds ... maybe that's the reason?

John


On 3/18/23, Mark Thomas  wrote:
> On 17/03/2023 23:18, John Dale (DB2DOM) wrote:
>> ok - "mnet" should be "ment"
>
>  From the logs excerpt I saw earlier in the thread, that needs fixing
> (although it was only a test element). I don't think it will break
> anything else but better to remove the noise from the logs.
>
>> I figured I'd spell that out and behave like a compiler.  :)
>>
>> I would also move that configuration into server.xml (it's a major
>> difference between your configuration and mine).
>
> That configuration style is NOT recommended. It means you have no choice
> but to restart Tomcat if you change the Context configuration. If it is
> in a separate Context file, Tomcat will reload the web application
> automatically if you change the Context file.
>
> Stick with:
> /opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml
>
> Do NOT specify a path attribute for the Context. It will be ignored.
>
> Where is the JDBC driver located? It needs to be in ${CATALINA_BASE}/lib
> and not part of the WAR.
>
> Can we see the full logs from a clean start-up please?
>
> Mark
>
>
>>
>> Lastly, maybe to help debug a future issue, did you compile your
>> project files against the tomcat libs included with your distribution,
>> or did you drop them into this version of tomcat from another version?
>>   Probably won't matter since you should be coded to the interfaces,
>> but one never knows.
>>
>> John
>>
>> On 3/17/23, Kevin Huntly  wrote:
>>> no I think it has something to do with it but I'm not sure. I'll try
>>> taking
>>> out the environment values and see what happens
>>>
>>> On Fri, Mar 17, 2023, 19:11 John Dale (DB2DOM) 
>>> wrote:
>>>
>>>> In the log you sent below, I see a typo:
>>>> Context/Environmnet
>>>>
>>>> Does that have something to do with it, or is this a typo in tomcat
>>>> logging?
>>>>
>>>>
>>>>
>>>>
>>>> On 3/17/23, Kevin Huntly  wrote:
>>>>> yes, under Catalina/localhost
>>>>>
>>>>> On Fri, Mar 17, 2023, 19:07 John Dale (DB2DOM) 
>>>> wrote:
>>>>>
>>>>>> Are you modifying a context.xml file in the conf folder?
>>>>>>
>>>>>> On 3/17/23, Kevin Huntly  wrote:
>>>>>>> Also of note:
>>>>>>>
>>>>>>> 17-Mar-2023 17:25:42.113 INFO [main]
>>>>>>> org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
>>>>>>> deployment descriptor
>>>>>>>
>>>>>>
>>>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
>>>>>>> 17-Mar-2023 17:25:42.174 WARNING [main]
>>>>>>> org.apache.tomcat.util.digester.Digester.endElement No rules found
>>>>>> matching
>>>>>>> [Context/Environmnet]
>>>>>>> 
>>>>>>>
>>>>>>> Kevin Huntly
>>>>>>> Email: kmhun...@gmail.com
>>>>>>> Cell: 716/424-3311
>>>>>>> 
>>>>>>>
>>>>>>> -BEGIN GEEK CODE BLOCK-
>>>>>>> Version: 1.0
>>>>>>> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>>>>>>> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>>>>>>> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>>>>>>> G++ e(+) h--- r+++ y+++*
>>>>>>> --END GEEK CODE BLOCK--
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly 
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Here's my santized server.xml and context.xml
>>>>>>>>
>>>>>>>> server.xml -> https://pastebin.com/Bj6Wh0qU
>>>>>>>> context.xml -> https://pastebin.com/Z3dBf3eK
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> -
>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> -
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: Unable to start application

[John Dale (DB2DOM)]

Still at it I see!  :)

Would you mind clearing and inspecting all logs very closely after reboot?

Maybe it would also be useful to undeploy, capture logs, and diff them
(never tried that, seemed like a good idea)?

Sometimes it's a single word in the log file that triggers the
solution, and doing diligent inspection of the logs after each change
is a good idea to avoid compounding variables.

John


On 3/18/23, Kevin Huntly  wrote:
> morning all,
>
> you are correct, i forgot to chmod 644 the jar when I copied it - I did
> that, restarted, no change, I turned off selinux and restarted, no change.
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Sat, Mar 18, 2023 at 7:16 AM Simon Matter 
> wrote:
>
>> Hi,
>>
>> > On 18/03/2023 10:43, Thomas Hoffmann (Speed4Trade GmbH) wrote:
>> >> Hello,
>> >>
>> >>> -Ursprüngliche Nachricht-
>> >>> Von: Kevin Huntly 
>> >>> Gesendet: Samstag, 18. März 2023 11:10
>> >>> An: Tomcat Users List 
>> >>> Betreff: Re: Unable to start application
>> >>>
>> >>> Here are the logs -
>> >>> https://drive.google.com/file/d/1jBsNaW_bQJ4KcDSvucJ5QWo642He6bgb/view
>> >>> ?usp=sharing
>> >>>
>> >>> The JDBC driver is located under /opt/mysql/, and I added that path
>> >>> to
>> >>> catalina.properties under the common loader. I did try to move it
>> >>> into
>> >>> ${catalina.home}/lib, this did not change anything.
>> >>> 
>> >>
>> >>
>> >> This message looks strange:
>> >> 18-Mar-2023 06:06:13.305 WARNING [main]
>> >> org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem
>> >> with
>> >> JAR file
>> >>
>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/lib/mysql-connector-j-8.0.32.jar],
>> >> exists: [true], canRead: [false]
>> >>
>> >> It seems that it cant load the jdbc driver from that path.
>> >> Could you download the jar again from the mysql website and replace
>> >> it?
>> >> Can you open/unpack the jar without errors?
>> >
>> > More likely a permissions problem. That warning is generated before
>> > Tomcat tries loading the file. It means a call to
>> > java.io.File.canRead()
>> > returned false.
>> >
>> > Mark
>>
>> Since this is on RHEL, it could also be an SELinux problem where access
>> to
>> the JAR is denied.
>>
>> Regards,
>> Simon
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

Some context regarding context.xml

https://serverfault.com/questions/177862/how-to-add-multiple-context-elements-to-conf-context-xml-in-tomcat6

On 3/17/23, Kevin Huntly  wrote:
> no I think it has something to do with it but I'm not sure. I'll try taking
> out the environment values and see what happens
>
> On Fri, Mar 17, 2023, 19:11 John Dale (DB2DOM)  wrote:
>
>> In the log you sent below, I see a typo:
>> Context/Environmnet
>>
>> Does that have something to do with it, or is this a typo in tomcat
>> logging?
>>
>>
>>
>>
>> On 3/17/23, Kevin Huntly  wrote:
>> > yes, under Catalina/localhost
>> >
>> > On Fri, Mar 17, 2023, 19:07 John Dale (DB2DOM) 
>> wrote:
>> >
>> >> Are you modifying a context.xml file in the conf folder?
>> >>
>> >> On 3/17/23, Kevin Huntly  wrote:
>> >> > Also of note:
>> >> >
>> >> > 17-Mar-2023 17:25:42.113 INFO [main]
>> >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
>> >> > deployment descriptor
>> >> >
>> >>
>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
>> >> > 17-Mar-2023 17:25:42.174 WARNING [main]
>> >> > org.apache.tomcat.util.digester.Digester.endElement No rules found
>> >> matching
>> >> > [Context/Environmnet]
>> >> > 
>> >> >
>> >> > Kevin Huntly
>> >> > Email: kmhun...@gmail.com
>> >> > Cell: 716/424-3311
>> >> > 
>> >> >
>> >> > -BEGIN GEEK CODE BLOCK-
>> >> > Version: 1.0
>> >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> >> > G++ e(+) h--- r+++ y+++*
>> >> > --END GEEK CODE BLOCK--
>> >> >
>> >> >
>> >> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly 
>> >> > wrote:
>> >> >
>> >> >> Here's my santized server.xml and context.xml
>> >> >>
>> >> >> server.xml -> https://pastebin.com/Bj6Wh0qU
>> >> >> context.xml -> https://pastebin.com/Z3dBf3eK
>> >> >>
>> >> >
>> >>
>> >> -
>> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> >> For additional commands, e-mail: users-h...@tomcat.apache.org
>> >>
>> >>
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

ok - "mnet" should be "ment"

I figured I'd spell that out and behave like a compiler.  :)

I would also move that configuration into server.xml (it's a major
difference between your configuration and mine).  I have never used
conf/Context.xml to configure my applications.  I've always either put
it into the webapp, or included it in server.xml

Lastly, maybe to help debug a future issue, did you compile your
project files against the tomcat libs included with your distribution,
or did you drop them into this version of tomcat from another version?
 Probably won't matter since you should be coded to the interfaces,
but one never knows.

John

On 3/17/23, Kevin Huntly  wrote:
> no I think it has something to do with it but I'm not sure. I'll try taking
> out the environment values and see what happens
>
> On Fri, Mar 17, 2023, 19:11 John Dale (DB2DOM)  wrote:
>
>> In the log you sent below, I see a typo:
>> Context/Environmnet
>>
>> Does that have something to do with it, or is this a typo in tomcat
>> logging?
>>
>>
>>
>>
>> On 3/17/23, Kevin Huntly  wrote:
>> > yes, under Catalina/localhost
>> >
>> > On Fri, Mar 17, 2023, 19:07 John Dale (DB2DOM) 
>> wrote:
>> >
>> >> Are you modifying a context.xml file in the conf folder?
>> >>
>> >> On 3/17/23, Kevin Huntly  wrote:
>> >> > Also of note:
>> >> >
>> >> > 17-Mar-2023 17:25:42.113 INFO [main]
>> >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
>> >> > deployment descriptor
>> >> >
>> >>
>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
>> >> > 17-Mar-2023 17:25:42.174 WARNING [main]
>> >> > org.apache.tomcat.util.digester.Digester.endElement No rules found
>> >> matching
>> >> > [Context/Environmnet]
>> >> > 
>> >> >
>> >> > Kevin Huntly
>> >> > Email: kmhun...@gmail.com
>> >> > Cell: 716/424-3311
>> >> > 
>> >> >
>> >> > -BEGIN GEEK CODE BLOCK-
>> >> > Version: 1.0
>> >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> >> > G++ e(+) h--- r+++ y+++*
>> >> > --END GEEK CODE BLOCK--
>> >> >
>> >> >
>> >> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly 
>> >> > wrote:
>> >> >
>> >> >> Here's my santized server.xml and context.xml
>> >> >>
>> >> >> server.xml -> https://pastebin.com/Bj6Wh0qU
>> >> >> context.xml -> https://pastebin.com/Z3dBf3eK
>> >> >>
>> >> >
>> >>
>> >> -
>> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> >> For additional commands, e-mail: users-h...@tomcat.apache.org
>> >>
>> >>
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

In the log you sent below, I see a typo:
Context/Environmnet

Does that have something to do with it, or is this a typo in tomcat logging?




On 3/17/23, Kevin Huntly  wrote:
> yes, under Catalina/localhost
>
> On Fri, Mar 17, 2023, 19:07 John Dale (DB2DOM)  wrote:
>
>> Are you modifying a context.xml file in the conf folder?
>>
>> On 3/17/23, Kevin Huntly  wrote:
>> > Also of note:
>> >
>> > 17-Mar-2023 17:25:42.113 INFO [main]
>> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
>> > deployment descriptor
>> >
>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
>> > 17-Mar-2023 17:25:42.174 WARNING [main]
>> > org.apache.tomcat.util.digester.Digester.endElement No rules found
>> matching
>> > [Context/Environmnet]
>> > 
>> >
>> > Kevin Huntly
>> > Email: kmhun...@gmail.com
>> > Cell: 716/424-3311
>> > 
>> >
>> > -BEGIN GEEK CODE BLOCK-
>> > Version: 1.0
>> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> > PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> > G++ e(+) h--- r+++ y+++*
>> > --END GEEK CODE BLOCK--
>> >
>> >
>> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly 
>> > wrote:
>> >
>> >> Here's my santized server.xml and context.xml
>> >>
>> >> server.xml -> https://pastebin.com/Bj6Wh0qU
>> >> context.xml -> https://pastebin.com/Z3dBf3eK
>> >>
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

Are you modifying a context.xml file in the conf folder?

On 3/17/23, Kevin Huntly  wrote:
> Also of note:
>
> 17-Mar-2023 17:25:42.113 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
> deployment descriptor
> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
> 17-Mar-2023 17:25:42.174 WARNING [main]
> org.apache.tomcat.util.digester.Digester.endElement No rules found matching
> [Context/Environmnet]
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly  wrote:
>
>> Here's my santized server.xml and context.xml
>>
>> server.xml -> https://pastebin.com/Bj6Wh0qU
>> context.xml -> https://pastebin.com/Z3dBf3eK
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

Did you try it with your actual context path?

path=""

would work for localhost:8080

path="mypath"

would work for localhost:8080/mypath

Obviously, replacing "mypath" with your path.



On 3/17/23, Kevin Huntly  wrote:
> thank you i really appreciate that - and whats wrong with loonies and
> toonies?! hahaha
>
> haven't figured it out yet, I did add the path="" tag, it didn't help at
> all. its almost like its just ignoring the actual content of the
> context.xml but is reading it, because it is attempting to deploy the app
> based off the context - which is good, but bad that it's not reading the
> resources. so not really sure what to do.
>
> on an unrelated note... I'm running this MySQL server right... lol
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Fri, Mar 17, 2023 at 6:30 PM John Dale (DB2DOM) 
> wrote:
>
>> Because you seem so humble and are willing to ask a lot of questions,
>> I predict you'll be a very good DB2 admin or a very good whatever you
>> choose to do.
>>
>> I do development/design on Oracle, SQL Server, and MariaDB.  I haven't
>> done anything with DB2 since 2003, and it was short lived.  I prefer
>> MariaDB these days, and to offload more risky scalability
>> responsibilities to my middle ware.  I administer MariaDB in the cloud
>> and in our development environments.
>>
>> But since most of the concepts are the same from RDB to RDB, I could
>> probably help you out as long as you don't pay in Canadian dollars.
>>
>> da da, CHING!  :D
>>
>> So, did you figure it out?
>>
>> Sincerely,
>>
>> John
>>
>>
>> On 3/17/23, Kevin Huntly  wrote:
>> > are you a db2 admin? I need one of those too hahaha - I became the db2
>> > admin at my job because I knew the most about it which isn't saying
>> > much
>> > lol
>> >
>> > On Fri, Mar 17, 2023, 18:17 John Dale (DB2DOM) 
>> wrote:
>> >
>> >> I'm not a guru regarding tomcat system ops .. I'm trying to hold down
>> >> the fort until one of the really knowledgeable folks chimes-in if we
>> >> can't figure it out. :)
>> >>
>> >> try setting path = "/mycontext"
>> >>
>> >> Also, I'm not sure how tomcat is going to resolve the names to service
>> >> configurations and whatnot .. I tend to defer to spelling this stuff
>> >> out directly when I can.
>> >>
>> >> Sincerely,
>> >>
>> >> John
>> >>
>> >>
>> >> On 3/17/23, Kevin Huntly  wrote:
>> >> > I assumed the context is driven by the xml name - at least that's
>> >> > what
>> >> I've
>> >> > read. happy to add it if it needs to be there
>> >> >
>> >> > On Fri, Mar 17, 2023, 18:11 John Dale (DB2DOM) 
>> >> wrote:
>> >> >
>> >> >> Did I miss something?
>> >> >>
>> >> >> Isn't there supposed to be a "path" element in your context?
>> >> >>
>> >> >> I'm seeing session cookie path, but not path.
>> >> >>
>> >> >>
>> >> >>
>> >> >> On 3/17/23, Kevin Huntly  wrote:
>> >> >> > Also of note:
>> >> >> >
>> >> >> > 17-Mar-2023 17:25:42.113 INFO [main]
>> >> >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
>> >> >> > deployment descriptor
>> >> >> >
>> >> >>
>> >>
>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
>> >> >> > 17-Mar-2023 17:25:42.174 WARNING [main]
>> >> >> > org.apache.tomcat.util.digester.Digester.endElement No rules
>> >> >> > found
>> >> >> matching
>> >> >> > [Context/Environmnet]
>> >> >> > 
>> >> >> >
>> >> >> > Kevin Huntly
>> >> >> > Email: kmhun...@gmail.com

Re: Unable to start application

[John Dale (DB2DOM)]

Because you seem so humble and are willing to ask a lot of questions,
I predict you'll be a very good DB2 admin or a very good whatever you
choose to do.

I do development/design on Oracle, SQL Server, and MariaDB.  I haven't
done anything with DB2 since 2003, and it was short lived.  I prefer
MariaDB these days, and to offload more risky scalability
responsibilities to my middle ware.  I administer MariaDB in the cloud
and in our development environments.

But since most of the concepts are the same from RDB to RDB, I could
probably help you out as long as you don't pay in Canadian dollars.

da da, CHING!  :D

So, did you figure it out?

Sincerely,

John


On 3/17/23, Kevin Huntly  wrote:
> are you a db2 admin? I need one of those too hahaha - I became the db2
> admin at my job because I knew the most about it which isn't saying much
> lol
>
> On Fri, Mar 17, 2023, 18:17 John Dale (DB2DOM)  wrote:
>
>> I'm not a guru regarding tomcat system ops .. I'm trying to hold down
>> the fort until one of the really knowledgeable folks chimes-in if we
>> can't figure it out. :)
>>
>> try setting path = "/mycontext"
>>
>> Also, I'm not sure how tomcat is going to resolve the names to service
>> configurations and whatnot .. I tend to defer to spelling this stuff
>> out directly when I can.
>>
>> Sincerely,
>>
>> John
>>
>>
>> On 3/17/23, Kevin Huntly  wrote:
>> > I assumed the context is driven by the xml name - at least that's what
>> I've
>> > read. happy to add it if it needs to be there
>> >
>> > On Fri, Mar 17, 2023, 18:11 John Dale (DB2DOM) 
>> wrote:
>> >
>> >> Did I miss something?
>> >>
>> >> Isn't there supposed to be a "path" element in your context?
>> >>
>> >> I'm seeing session cookie path, but not path.
>> >>
>> >>
>> >>
>> >> On 3/17/23, Kevin Huntly  wrote:
>> >> > Also of note:
>> >> >
>> >> > 17-Mar-2023 17:25:42.113 INFO [main]
>> >> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
>> >> > deployment descriptor
>> >> >
>> >>
>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
>> >> > 17-Mar-2023 17:25:42.174 WARNING [main]
>> >> > org.apache.tomcat.util.digester.Digester.endElement No rules found
>> >> matching
>> >> > [Context/Environmnet]
>> >> > 
>> >> >
>> >> > Kevin Huntly
>> >> > Email: kmhun...@gmail.com
>> >> > Cell: 716/424-3311
>> >> > 
>> >> >
>> >> > -BEGIN GEEK CODE BLOCK-
>> >> > Version: 1.0
>> >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> >> > G++ e(+) h--- r+++ y+++*
>> >> > --END GEEK CODE BLOCK--
>> >> >
>> >> >
>> >> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly 
>> >> > wrote:
>> >> >
>> >> >> Here's my santized server.xml and context.xml
>> >> >>
>> >> >> server.xml -> https://pastebin.com/Bj6Wh0qU
>> >> >> context.xml -> https://pastebin.com/Z3dBf3eK
>> >> >>
>> >> >
>> >>
>> >> -
>> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> >> For additional commands, e-mail: users-h...@tomcat.apache.org
>> >>
>> >>
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

All good information - thank you.

In looking over your configuration file, I noticed that "webapps" was specified.

I'm not sure about the "installed apps" folder (never used that).

My preferred deployment model is to put my app outside tomcat and
reference it from server.xml .. I do some limited contexts for file
transfer/uploads in webapps that are accessible on all contexts
(domain1.com/pdf, domain2.com/pdf, etc).

I'm curious what you find out ..

On 3/17/23, Kevin Huntly  wrote:
> also, to answer your other question - the app is installed as an exploded
> war under ${catalina.home}/installed apps as specified in the docbase
>
> On Fri, Mar 17, 2023, 18:12 Kevin Huntly  wrote:
>
>> I assumed the context is driven by the xml name - at least that's what
>> I've read. happy to add it if it needs to be there
>>
>> On Fri, Mar 17, 2023, 18:11 John Dale (DB2DOM)  wrote:
>>
>>> Did I miss something?
>>>
>>> Isn't there supposed to be a "path" element in your context?
>>>
>>> I'm seeing session cookie path, but not path.
>>>
>>>
>>>
>>> On 3/17/23, Kevin Huntly  wrote:
>>> > Also of note:
>>> >
>>> > 17-Mar-2023 17:25:42.113 INFO [main]
>>> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
>>> > deployment descriptor
>>> >
>>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
>>> > 17-Mar-2023 17:25:42.174 WARNING [main]
>>> > org.apache.tomcat.util.digester.Digester.endElement No rules found
>>> matching
>>> > [Context/Environmnet]
>>> > 
>>> >
>>> > Kevin Huntly
>>> > Email: kmhun...@gmail.com
>>> > Cell: 716/424-3311
>>> > 
>>> >
>>> > -BEGIN GEEK CODE BLOCK-
>>> > Version: 1.0
>>> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>>> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>>> > PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>>> > G++ e(+) h--- r+++ y+++*
>>> > --END GEEK CODE BLOCK--
>>> >
>>> >
>>> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly 
>>> wrote:
>>> >
>>> >> Here's my santized server.xml and context.xml
>>> >>
>>> >> server.xml -> https://pastebin.com/Bj6Wh0qU
>>> >> context.xml -> https://pastebin.com/Z3dBf3eK
>>> >>
>>> >
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

I'm not a guru regarding tomcat system ops .. I'm trying to hold down
the fort until one of the really knowledgeable folks chimes-in if we
can't figure it out. :)

try setting path = "/mycontext"

Also, I'm not sure how tomcat is going to resolve the names to service
configurations and whatnot .. I tend to defer to spelling this stuff
out directly when I can.

Sincerely,

John


On 3/17/23, Kevin Huntly  wrote:
> I assumed the context is driven by the xml name - at least that's what I've
> read. happy to add it if it needs to be there
>
> On Fri, Mar 17, 2023, 18:11 John Dale (DB2DOM)  wrote:
>
>> Did I miss something?
>>
>> Isn't there supposed to be a "path" element in your context?
>>
>> I'm seeing session cookie path, but not path.
>>
>>
>>
>> On 3/17/23, Kevin Huntly  wrote:
>> > Also of note:
>> >
>> > 17-Mar-2023 17:25:42.113 INFO [main]
>> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
>> > deployment descriptor
>> >
>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
>> > 17-Mar-2023 17:25:42.174 WARNING [main]
>> > org.apache.tomcat.util.digester.Digester.endElement No rules found
>> matching
>> > [Context/Environmnet]
>> > 
>> >
>> > Kevin Huntly
>> > Email: kmhun...@gmail.com
>> > Cell: 716/424-3311
>> > 
>> >
>> > -BEGIN GEEK CODE BLOCK-
>> > Version: 1.0
>> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> > PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> > G++ e(+) h--- r+++ y+++*
>> > --END GEEK CODE BLOCK--
>> >
>> >
>> > On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly 
>> > wrote:
>> >
>> >> Here's my santized server.xml and context.xml
>> >>
>> >> server.xml -> https://pastebin.com/Bj6Wh0qU
>> >> context.xml -> https://pastebin.com/Z3dBf3eK
>> >>
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

I'm using tomcat 10.x - I have had good luck putting everything into
server.xml as such ..

Engine
  Host
Parameter
Resource
Context


On 3/17/23, Kevin Huntly  wrote:
> Also of note:
>
> 17-Mar-2023 17:25:42.113 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
> deployment descriptor
> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
> 17-Mar-2023 17:25:42.174 WARNING [main]
> org.apache.tomcat.util.digester.Digester.endElement No rules found matching
> [Context/Environmnet]
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly  wrote:
>
>> Here's my santized server.xml and context.xml
>>
>> server.xml -> https://pastebin.com/Bj6Wh0qU
>> context.xml -> https://pastebin.com/Z3dBf3eK
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

Where are you putting your Context file?

Do you have a war file deployed into webapps/some.war?


On 3/17/23, Kevin Huntly  wrote:
> Also of note:
>
> 17-Mar-2023 17:25:42.113 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
> deployment descriptor
> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
> 17-Mar-2023 17:25:42.174 WARNING [main]
> org.apache.tomcat.util.digester.Digester.endElement No rules found matching
> [Context/Environmnet]
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly  wrote:
>
>> Here's my santized server.xml and context.xml
>>
>> server.xml -> https://pastebin.com/Bj6Wh0qU
>> context.xml -> https://pastebin.com/Z3dBf3eK
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

Did I miss something?

Isn't there supposed to be a "path" element in your context?

I'm seeing session cookie path, but not path.



On 3/17/23, Kevin Huntly  wrote:
> Also of note:
>
> 17-Mar-2023 17:25:42.113 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
> deployment descriptor
> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/conf/Catalina/localhost/esolutions.xml]
> 17-Mar-2023 17:25:42.174 WARNING [main]
> org.apache.tomcat.util.digester.Digester.endElement No rules found matching
> [Context/Environmnet]
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Fri, Mar 17, 2023 at 5:24 PM Kevin Huntly  wrote:
>
>> Here's my santized server.xml and context.xml
>>
>> server.xml -> https://pastebin.com/Bj6Wh0qU
>> context.xml -> https://pastebin.com/Z3dBf3eK
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

Also, are you deploying a war file referenced outside of the tomcat
home folder, or are you referencing an expanded directory?

How much have you edited the default server.xml?

Were there xml structural changes in the server.xml file or Context
element from what you used to configure the server.xml and contex.xml
file(s)?

My gut is that there is a detail in your startup logs that will give
us a critical clue.


On 3/17/23, John Dale (DB2DOM)  wrote:
> Did you recursive file search "context.xml" in the tomcat root after
> deployment?
>
> Maybe we can help narrow things down for Chris et al with a little
> back and forth, or perhaps solve it ourselves. :)
>
> Try tailing the catalina, localhost, and other log files in the logs
> directory on startup .. usually it will give you some more detailed
> information about startup errors.
>
> I have luck killing the tomcat java process, then deleting everything
> in the logs folder between test runs.
>
> Sincerely,
>
> John
>
>
>
>
> On 3/17/23, Kevin Huntly  wrote:
>> There's no context.xml in the WAR
>> 
>>
>> Kevin Huntly
>> Email: kmhun...@gmail.com
>> Cell: 716/424-3311
>> 
>>
>> -BEGIN GEEK CODE BLOCK-
>> Version: 1.0
>> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
>> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
>> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
>> G++ e(+) h--- r+++ y+++*
>> --END GEEK CODE BLOCK--
>>
>>
>> On Fri, Mar 17, 2023 at 5:00 PM John Dale (DB2DOM) 
>> wrote:
>>
>>> Dissect your deployment war, but also make sure you aren't defining a
>>> context element in server.xml.  Lastly, if memory serves, Tomcat also
>>> allows context overrides in expanded war files.  I eventually just
>>> started managing server.xml metadata (context etc) to avoid conflicts
>>> and simplify.  "Hope dat heps." -- Rizzo
>>>
>>> On 3/17/23, Kevin Huntly  wrote:
>>> > Hello,
>>> >
>>> > I am unable to start my application on Tomcat 9.0.73 with JDK19 on
>>> > RHEL
>>> > 8.7. It appears to be ignoring everything in my context.xml, for
>>> > example:
>>> >
>>> > >> > override="false" />
>>> >
>>> > Code:
>>> >
>>> > try
>>> >
>>> > {
>>> >
>>> > Context initContext = new InitialContext();
>>> >
>>> > environment = (String) initContext.lookup("environment");
>>> >
>>> > }
>>> >
>>> > catch (final NamingException nx)
>>> >
>>> > {
>>> >
>>> > ERROR_RECORDER.error(nx.getMessage(), nx);
>>> >
>>> > }
>>> >
>>> > Exception:
>>> >
>>> > [2023-03-17T16:47:54.663-0400] GC(3) Concurrent Mark Cycle 89.898ms
>>> > SecurityService: xmlURL provided was valid and found, continuing
>>> > configuration
>>> > Name [jdbc/cwssec] is not bound in this Context. Unable to find
>>> > [jdbc].
>>> > eSolutionsCore: xmlURL provided was valid and found, continuing
>>> > configuration
>>> > Name [jdbc/esolutions] is not bound in this Context. Unable to find
>>> [jdbc].
>>> > [Time: 17 Mar 2023 16:47:55,836][Thread: main][Log:
>>> ERROR_RECORDER.][Level:
>>> > ERROR] - [File: ResponseTimeFilter.java:80] - Name [environment] is
>>> > not
>>> > bound in this Context. Unable to find [environment].
>>> > javax.naming.NameNotFoundException: Name [environment] is not bound in
>>> this
>>> > Context. Unable to find [environment].
>>> >
>>> >
>>> >
>>> > This code works just fine in other containers (for example, IBM
>>> WebSphere),
>>> >
>>> > so I must be doing something wrong with the context file. Can anyone
>>> > assist?
>>> >
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

Did you recursive file search "context.xml" in the tomcat root after deployment?

Maybe we can help narrow things down for Chris et al with a little
back and forth, or perhaps solve it ourselves. :)

Try tailing the catalina, localhost, and other log files in the logs
directory on startup .. usually it will give you some more detailed
information about startup errors.

I have luck killing the tomcat java process, then deleting everything
in the logs folder between test runs.

Sincerely,

John




On 3/17/23, Kevin Huntly  wrote:
> There's no context.xml in the WAR
> 
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> 
>
> -BEGIN GEEK CODE BLOCK-
> Version: 1.0
> GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
> W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
> PGP++(+++) t+ 5-- X-- R+ tv+ b++  DI++ D++
> G++ e(+) h--- r+++ y+++*
> --END GEEK CODE BLOCK--
>
>
> On Fri, Mar 17, 2023 at 5:00 PM John Dale (DB2DOM) 
> wrote:
>
>> Dissect your deployment war, but also make sure you aren't defining a
>> context element in server.xml.  Lastly, if memory serves, Tomcat also
>> allows context overrides in expanded war files.  I eventually just
>> started managing server.xml metadata (context etc) to avoid conflicts
>> and simplify.  "Hope dat heps." -- Rizzo
>>
>> On 3/17/23, Kevin Huntly  wrote:
>> > Hello,
>> >
>> > I am unable to start my application on Tomcat 9.0.73 with JDK19 on RHEL
>> > 8.7. It appears to be ignoring everything in my context.xml, for
>> > example:
>> >
>> > > > override="false" />
>> >
>> > Code:
>> >
>> > try
>> >
>> > {
>> >
>> > Context initContext = new InitialContext();
>> >
>> > environment = (String) initContext.lookup("environment");
>> >
>> > }
>> >
>> > catch (final NamingException nx)
>> >
>> > {
>> >
>> > ERROR_RECORDER.error(nx.getMessage(), nx);
>> >
>> > }
>> >
>> > Exception:
>> >
>> > [2023-03-17T16:47:54.663-0400] GC(3) Concurrent Mark Cycle 89.898ms
>> > SecurityService: xmlURL provided was valid and found, continuing
>> > configuration
>> > Name [jdbc/cwssec] is not bound in this Context. Unable to find [jdbc].
>> > eSolutionsCore: xmlURL provided was valid and found, continuing
>> > configuration
>> > Name [jdbc/esolutions] is not bound in this Context. Unable to find
>> [jdbc].
>> > [Time: 17 Mar 2023 16:47:55,836][Thread: main][Log:
>> ERROR_RECORDER.][Level:
>> > ERROR] - [File: ResponseTimeFilter.java:80] - Name [environment] is not
>> > bound in this Context. Unable to find [environment].
>> > javax.naming.NameNotFoundException: Name [environment] is not bound in
>> this
>> > Context. Unable to find [environment].
>> >
>> >
>> >
>> > This code works just fine in other containers (for example, IBM
>> WebSphere),
>> >
>> > so I must be doing something wrong with the context file. Can anyone
>> > assist?
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to start application

[John Dale (DB2DOM)]

Dissect your deployment war, but also make sure you aren't defining a
context element in server.xml.  Lastly, if memory serves, Tomcat also
allows context overrides in expanded war files.  I eventually just
started managing server.xml metadata (context etc) to avoid conflicts
and simplify.  "Hope dat heps." -- Rizzo

On 3/17/23, Kevin Huntly  wrote:
> Hello,
>
> I am unable to start my application on Tomcat 9.0.73 with JDK19 on RHEL
> 8.7. It appears to be ignoring everything in my context.xml, for example:
>
>  override="false" />
>
> Code:
>
> try
>
> {
>
> Context initContext = new InitialContext();
>
> environment = (String) initContext.lookup("environment");
>
> }
>
> catch (final NamingException nx)
>
> {
>
> ERROR_RECORDER.error(nx.getMessage(), nx);
>
> }
>
> Exception:
>
> [2023-03-17T16:47:54.663-0400] GC(3) Concurrent Mark Cycle 89.898ms
> SecurityService: xmlURL provided was valid and found, continuing
> configuration
> Name [jdbc/cwssec] is not bound in this Context. Unable to find [jdbc].
> eSolutionsCore: xmlURL provided was valid and found, continuing
> configuration
> Name [jdbc/esolutions] is not bound in this Context. Unable to find [jdbc].
> [Time: 17 Mar 2023 16:47:55,836][Thread: main][Log: ERROR_RECORDER.][Level:
> ERROR] - [File: ResponseTimeFilter.java:80] - Name [environment] is not
> bound in this Context. Unable to find [environment].
> javax.naming.NameNotFoundException: Name [environment] is not bound in this
> Context. Unable to find [environment].
>
>
>
> This code works just fine in other containers (for example, IBM WebSphere),
>
> so I must be doing something wrong with the context file. Can anyone
> assist?
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: AW: Having trouble with Tomcat crashes. Interesting memory numbers in Manager

[John Dale (DB2DOM)]

I've tried profilers in the past, but I've never had much luck since
you need a super computer to run them.  Human intelligence rules ..
read the code carefully, review it, step it with a debugger, and look
for memory leak patterns.  Mine have mostly been static and non static
collections and HashMaps that keep growing, or rampant string creation
wherein the GC couldn't keep up under load.

Review the code .. become its master and empath.  Memory leaks cause it pain.

On 2/9/23, James H. H. Lampert  wrote:
> I've obtained some heap and CPU numbers, taking data at 15 minute
> intervals, heap from WRKJVMJOB and CPU from WRKACTJOB. In two days of
> this, I didn't witness any crashes; I did witness a near-miss, in which
> heap-in-use hit 5011.938M (out of 5120).
>
> In discussion with our webapp developer (to whom we sent a catalina.out
> excerpt), he observed that they were running Tomcat on a six-year-old
> JVM (it identifies in a WRKJVMJOB as "1.8.0_151"; on the Manager page,
> it identifies as "8.0.5.5 - pap6480sr5fp5-20171114_01(SR5 FP5)") with a
> known issue (on Github, it's listed as 11493). He suggested that the
> customer ought to try updating to a more recent Java.
>
> I've also asked on the IBM Midrange Java List whether we can go any
> higher on the heap parameters (currently set at -Xms 4096 -Xmx 5120 for
> that particular installation).
>
> --
> JHHL
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Is Tomcat's HTTP/S processing libraries modular and portable?



On 11/3/22, Mark Thomas  wrote:
> On 02/11/2022 18:51, Christopher Schultz wrote:
>> John,
>>
>> On 11/2/22 14:32, John Dale (DB2DOM) wrote:
>>> On 11/2/22, Christopher Schultz  wrote:
>>>> John,
>>>>
>>>> On 11/2/22 12:44, John Dale (DB2DOM) wrote:
>>>>> I'd like to continue to invest in Raspberry Pi, but also try to put
>>>>> together a functional 32bit build of my software for those poor old
>>>>> neglected closeted towers (really, poor things!).
>>>>>
>>>>> I should be able to do it, from the looks of this.
>>>>>
>>>>> Are you guys doing any kind of pruned down version of Tomcat or maybe
>>>>> a configurable Tomcat that will only include some bare bones stuff
>>>>> like request parsing, connection pooling, and (obviously) threading?
>>>>
>>>> You might be surprised to learn that Tomcat is pretty stripped-down
>>>> already. What do you imagine that Tomcat is doing that is beyond what
>>>> you have listed above?
>>>
>>> Isn't there still a lot of J2E code allowing deployment and processing
>>> of J2E standards that aren't necessarily needed?  What else?
>>
>> Well, it supports a few things that you may not use in your
>> application(s), such as WebSocket, asynchronous I/O, JSP/EL, and JASPIC.
>> Maybe you don't use JSPs, so you can throw-out the JSP and EL
>> components. But if you don't use them, they are a few inert kilobytes of
>> data on the disk. Same with JASPIC. Removing them would be more work
>> than simply ignoring them.
>>
>> Tomcat 10.1 requires Java 11 because the specs it follows say that's the
>> minimum required version, for whatever reason.
>>
>> The official Tomcat binary releases will be built using Java 11 and thus
>> they must be run by Java 11 or later.
>>
>> But there's nothing stopping you from trying to use the source to build
>> a Java-8-compatible build of Tomcat 10.1. I don't think we are using any
>> source-level features of Java that actually require anything past Java
>> 8. But if it vomits at runtime because something is missing because you
>> actually /do/ need Java 11, then we're gonna tell you "don't do that."
>
> There are a few things that will break - and some of them are fairly
> fundamental.
>
> The simplest way to see what is going to break is to look at the
> org.apache.tomcat.util.compat package. Then you need to look at the
> JreNCompat classes that have been removed as a result of the increase in
> minimum Java version. For 10.0.x to 10.1.x that is Jre9Compat.
>
> If you want to run 10.1.x on Java 8, in theory you could revert the
> commit that removed Jre9Compat but as Chris says you are very much on
> your own in terms of support if things go wrong.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Greetings - thanks for the pointer below.

Brought up some interesting questions below.

How do changes at Oracle affect Tomcat?  Has OpenJRE sufficiently
insulated the risk?

What would you say is the best O/R M tool for tomcat that still keeps
coding hands-on with respect to connection management and MVC handler
deployment/logic?

What are some good object databases (are there any) that work well with Tomcat?


On 11/3/22, Mark Thomas  wrote:
> On 02/11/2022 18:51, Christopher Schultz wrote:
>> John,
>>
>> On 11/2/22 14:32, John Dale (DB2DOM) wrote:
>>> On 11/2/22, Christopher Schultz  wrote:
>>>> John,
>>>>
>>>> On 11/2/22 12:44, John Dale (DB2DOM) wrote:
>>>>> I'd like to continue to invest in Raspberry Pi, but also try to put
>>>>> together a functional 32bit build of my software for those poor old
>>>>> neglected closeted towers (really, poor things!).
>>>>>
>>>>> I should be able to do it, from the looks of this.
>>>>>
>>>>> Are you guys doing any kind of pruned down version of Tomcat or maybe
>>>>> a configurable Tomcat that will only include some bare bones stuff
>>>>> like request parsing, connection pooling, and (obviously) threading?
>>>>
>>>> You might be surprised to learn that Tomcat is pretty stripped-down
>>>> already. What do you imagine that Tomcat is doing that is beyond what
>>>> you have listed above?
>>>
>>> Isn't there still a lot of J2E code allowing deployment and processing
>>> of J2E standards that aren't necessarily needed?  What else?
>>
>> Well, it supports a few things that you may not use in your
>> application(s), such as WebSocket, asynchronous I/O, JSP/EL, and JASPIC.
>> Maybe you don't use JSPs, so you can throw-out the JSP and EL
>> components. But if you don't use them, they are a few inert kilobytes of
>> data on the disk. Same with JASPIC. Removing them would be more work
>> than simply ignoring them.
>>
>> Tomcat 10.1 requires Java 11 because the specs it follows say that's the
>> minimum required version, for whatever reason.
>>
>> The official Tomcat binary releases will be built using Java 11 and thus
>> they must be run by Java 11 or later.
>>
>> But there's nothing stopping you from trying to use the source to build
>> a Java-8-compatible build of Tomcat 10.1. I don't think we are using any
>> source-level features of Java that actually require anything past Java
>> 8. But if it vomits at runtime because something is missing because you
>> actually /do/ need Java 11, then we're gonna tell you "don't do that."
>
> There are a few things that will break - and some of them are fairly
> fundamental.
>
> The simplest way to see what is going to break is to look at the
> org.apache.tomcat.util.compat package. Then you need to look at the
> JreNCompat classes that have been removed as a result of the increase in
> minimum Java version. For 10.0.x to 10.1.x that is Jre9Compat.
>
> If you want to run 10.1.x on Java 8, in theory you could revert the
> commit that removed Jre9Compat but as Chris says you are very much on
> your own in terms of support if things go wrong.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

On 11/2/22, Christopher Schultz  wrote:
> John,
>
> On 11/2/22 12:44, John Dale (DB2DOM) wrote:
>> I'd like to continue to invest in Raspberry Pi, but also try to put
>> together a functional 32bit build of my software for those poor old
>> neglected closeted towers (really, poor things!).
>>
>> I should be able to do it, from the looks of this.
>>
>> Are you guys doing any kind of pruned down version of Tomcat or maybe
>> a configurable Tomcat that will only include some bare bones stuff
>> like request parsing, connection pooling, and (obviously) threading?
>
> You might be surprised to learn that Tomcat is pretty stripped-down
> already. What do you imagine that Tomcat is doing that is beyond what
> you have listed above?

Isn't there still a lot of J2E code allowing deployment and processing
of J2E standards that aren't necessarily needed?  What else? I agree
that the download is still very reasonable and it's got great support
because of you et al; clearly a good thing in the computing world that
enabled me to create my DB2DOM doodad.  Keep it up and thanks.

>
>> Thanks for the pointers .. I would like to try to meet you guys in
>> person at a conference sometime to swap notes and be pals.
>
> You just missed your first opportunity in 3 years this past month, in
> New Orleans. Well... some of us were there ;)
I need to get to more conferences .. hopefully soon.  I have so many questions.

>
> -chris
>
>> On 11/2/22, Christopher Schultz  wrote:
>>> John,
>>>
>>> On 10/28/22 10:46, John Dale (DB2DOM) wrote:
>>>> I see .. Mark and/or Christopher - this means that no Tomcat 10, right?
>>>
>>> https://tomcat.apache.org/whichversion.html
>>>
>>> Tomcat 10.0, yes.
>>> Tomcat 10.1, no.
>>>
>>> Tomcat 10.0 has been superseded and will not get any further updates,
>>> thus you should not use it for any purpose IMO.
>>>
>>> -chris
>>>
>>>> On 10/28/22, Konstantin Kolinko  wrote:
>>>>> чт, 27 окт. 2022 г. в 18:02, John Dale (DB2DOM) :
>>>>>>
>>>>>> I had the same thought when I saw it.  Here is java -version output
>>>>>> complete:
>>>>>>
>>>>>> openjdk version "9-internal"
>>>>>> OpenJDK Runtime Environment (build
>>>>>> 9-internal+0-2016-04-14-195526.buildd.src)
>>>>>> OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src,
>>>>>> mixed
>>>>>> mode)
>>>>>
>>>>> The first official release of Java 9 (GA release) was on 21 September
>>>>> 2017 [1][2]
>>>>>
>>>>> What you are seeing here (built in 2016) apparently is some early
>>>>> access
>>>>> stuff.
>>>>>
>>>>> As a whole, Java 9 has already reached its end of life. (LTS releases
>>>>> are Java 8, 11 and 17).
>>>>>
>>>>> [1] https://openjdk.org/projects/jdk9/
>>>>> [2[ https://en.wikipedia.org/wiki/Java_version_history
>>>>>
>>>>> Best regards,
>>>>> Konstantin Kolinko
>>>>>
>>>>> -
>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>
>>>>>
>>>>
>>>> -
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Compatibility, 32 bit ..

[John Dale (DB2DOM)]

On 11/2/22, Christopher Schultz  wrote:
> John,
>
> On 11/2/22 12:41, John Dale (DB2DOM) wrote:
>  >
>  > [snip]
>  >
>> I love some of the newer hardware, too, but even Raspberry Pi is not
>> yet 64 bit, is it?
>
> It depends on which one. The Wikipedia article on RPi lists 4 different
> units, 3 of which are 64-bit.
>
>  > [snip]
>  >
>> Can an old 32 bit machine do modern encryption for telecommunications?
>
> Yes.
>
>> Why are we still paying so much for phone service?
>
> Because we (presumably; I do) live in the US. Elsewhere in the world,
> it's much better. We are being charged high rates simply because we fail
> to refuse to do so.
>
>> Why aren't our high school grads capable of re-soldering components
>> from these old boards and assembling them into something better and
>> rewriting the software?
>
> Some of them are, but most of them are not. It takes knowledge and skill
> and desire. Soldering boards isn't on the top-ten list of most
> graduating high-school seniors.
>
> If you are bemoaning the Linux kernel dropping support for i486, you
> might want to read about /why/ they are doing it.


Honestly I'm not much of a bomoaner.  I am pretty conservative when it
comes to throwing away useful stuff (as you can imagine).  Thanks for
the replies and have a good one!  :)

>
> -chris
>
>> On 11/2/22, Christopher Schultz  wrote:
>>> John,
>>>
>>> On 10/27/22 11:03, John Dale (DB2DOM) wrote:
>>>> Does anyone know of a report detailing how much of this older hardware
>>>> is still out there and floating around?
>>>
>>> You mean like a list of all pieced of hardware ever sold and never
>>> scrapped?
>>>
>>> I think that would be practically impossible.
>>>
>>> I have a Palm 7 on a box in my office that has never been inventoried by
>>> anybody and could possibly be plugged back in at any moment. There are
>>> probably warehouses of stuff like what worldwide and you never know when
>>> someone is going to plug-in any one of those devices and start playing
>>> with it again.
>>>
>>>> Big picture:
>>>> It's a lot of computer power in the event manufacturing hits a hiccup,
>>>> I wouldn't want to be caught flat-footed until it could be
>>>> re-established.
>>>
>>> Are you suggesting that Linux should not drop support for i486
>>> architecture because if new machines aren't available due to
>>> supply-chain issues, we might all have to re-rack 486s to keep our
>>> services running? That sounds insane. We would simply do without. I'd
>>> sooner put my old mobile phones into service supporting my applications
>>> than an old i486. They are more powerful and reliable, and use less
>>> electricity.
>>>
>>> There's a reason Linus wants to kill i486 support:
>>>
>>> "At some point, people have them as museum pieces. They might as well
>>> run museum kernels." - Linus Torvalds
>>>
>>>> I like to build distilled portable stuff for that reason.  I think
>>>> DB2DOM could run on some really old versions of all of our favorite
>>>> software if needed.
>>> Great. I'm sure the transactions will only take a couple of seconds to
>>> commit. No problem ;)
>>>
>>> -chris
>>>
>>>> On 10/26/22, Christopher Schultz  wrote:
>>>>> Shawn,
>>>>>
>>>>> On 10/26/22 00:14, Shawn Heisey wrote:
>>>>>> The Linux kernel dropped support for 386 and 486 CPUs some time ago.
>>>>>
>>>>> I was reading about this today, actually. Linux is currently actively
>>>>> advocating for dropping 486 support, so it must still be in there.
>>>>>
>>>>> -chris
>>>>>
>>>>> -
>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>
>>>>>
>>>>
>>>> -
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Excellent!

My confusion was due to the slow-coming 64 bit OS release.

Thanks for clearing that up.

I'm using the 64 bit version on most of my devices.

John


On 11/2/22, Felix Schumacher  wrote:
>
> Am 02.11.22 um 17:41 schrieb John Dale (DB2DOM):
>> Chris enters the room, gazes upon seven orcs, draws his sword, and
>> opens the can of worms.
>>
>> Ooooh .. Philosophy.
>>
>> I love philosophy.
>>
>> :)
>>
>> Good philosophy starts with good questions.
>>
>> I love some of the newer hardware, too, but even Raspberry Pi is not
>> yet 64 bit, is it?
> Raspberry Pi is 64 Bit, (maybe not all of them), I am running an 64 Bit
> OS on an Raspberry Pi 4.
>> The dell computer that I'm working with at the moment is my case study
>> - it's not slow at all.
>
> If it's fast enough and reliable enough for you, I think you can still
> go (for a long time) with an JDK 8 and Tomcat 9.x. If I remember right,
> we settled to support Tomcat 9.x for quite a while and Tomcat has no
> requirements of its own to use 64 Bit.
>
> Felix
>
>>
>> Am I alone in thinking that our technology is trying to leave humanity
>> behind before it is truly not useful anymore?
>>
>> Unlike HAM radio operators, are you one of those crazy people who
>> think we're somehow safe from disaster on planet Earth?
>>
>> I think this universe has much more in store for us.  I also like to
>> wring out every last bit of use from stuff.  I also grind old
>> screwdrivers that are "worn-out".
>>
>> I'll feel more comfortable when our high school grads understand EcE
>> and computer manufacturing upon graduation.
>>
>> If we need faster computers to replace humans, what's the point?
>>
>> Video games?  Meta?  AI?
>>
>> What about baseball, Frisbee, stage productions, and Human Intelligence?
>>
>> Can an old 32 bit machine do modern encryption for telecommunications?
>>
>> Why are we still paying so much for phone service?
>>
>> Why aren't our high school grads capable of re-soldering components
>> from these old boards and assembling them into something better and
>> rewriting the software?
>>
>> So, I think it's a worthwhile discussion that I know many thought was
>> settled as they gaze across fully stocked Wal Mart computer
>> departments and newegg query results.
>>
>> If for no other reason, shouldn't we pry the specs out of the hands of
>> Dell and others to understand and reconfigure and reprogam their
>> machines?  Or, are they afraid of what we'll discover?
>>
>> My working hypothesis is that if we remove what was put in there to do
>> things we don't know about, these machines will speed-up considerably.
>>
>> :)
>>
>> https://en.wikipedia.org/wiki/Clipper_chip
>>
>>
>>
>>
>> On 11/2/22, Christopher Schultz  wrote:
>>> John,
>>>
>>> On 10/27/22 11:03, John Dale (DB2DOM) wrote:
>>>> Does anyone know of a report detailing how much of this older hardware
>>>> is still out there and floating around?
>>> You mean like a list of all pieced of hardware ever sold and never
>>> scrapped?
>>>
>>> I think that would be practically impossible.
>>>
>>> I have a Palm 7 on a box in my office that has never been inventoried by
>>> anybody and could possibly be plugged back in at any moment. There are
>>> probably warehouses of stuff like what worldwide and you never know when
>>> someone is going to plug-in any one of those devices and start playing
>>> with it again.
>>>
>>>> Big picture:
>>>> It's a lot of computer power in the event manufacturing hits a hiccup,
>>>> I wouldn't want to be caught flat-footed until it could be
>>>> re-established.
>>> Are you suggesting that Linux should not drop support for i486
>>> architecture because if new machines aren't available due to
>>> supply-chain issues, we might all have to re-rack 486s to keep our
>>> services running? That sounds insane. We would simply do without. I'd
>>> sooner put my old mobile phones into service supporting my applications
>>> than an old i486. They are more powerful and reliable, and use less
>>> electricity.
>>>
>>> There's a reason Linus wants to kill i486 support:
>>>
>>> "At some point, people have them as museum pieces. They might as well
>>> run museum kernels." - Linus Torvalds
>>>
>>>> I like to build distilled portable stuff for that r

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

I'd like to continue to invest in Raspberry Pi, but also try to put
together a functional 32bit build of my software for those poor old
neglected closeted towers (really, poor things!).

I should be able to do it, from the looks of this.

Are you guys doing any kind of pruned down version of Tomcat or maybe
a configurable Tomcat that will only include some bare bones stuff
like request parsing, connection pooling, and (obviously) threading?

Thanks for the pointers .. I would like to try to meet you guys in
person at a conference sometime to swap notes and be pals.

Anyway, have a great day!

Sincerely,

John


On 11/2/22, Christopher Schultz  wrote:
> John,
>
> On 10/28/22 10:46, John Dale (DB2DOM) wrote:
>> I see .. Mark and/or Christopher - this means that no Tomcat 10, right?
>
> https://tomcat.apache.org/whichversion.html
>
> Tomcat 10.0, yes.
> Tomcat 10.1, no.
>
> Tomcat 10.0 has been superseded and will not get any further updates,
> thus you should not use it for any purpose IMO.
>
> -chris
>
>> On 10/28/22, Konstantin Kolinko  wrote:
>>> чт, 27 окт. 2022 г. в 18:02, John Dale (DB2DOM) :
>>>>
>>>> I had the same thought when I saw it.  Here is java -version output
>>>> complete:
>>>>
>>>> openjdk version "9-internal"
>>>> OpenJDK Runtime Environment (build
>>>> 9-internal+0-2016-04-14-195526.buildd.src)
>>>> OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src,
>>>> mixed
>>>> mode)
>>>
>>> The first official release of Java 9 (GA release) was on 21 September
>>> 2017 [1][2]
>>>
>>> What you are seeing here (built in 2016) apparently is some early access
>>> stuff.
>>>
>>> As a whole, Java 9 has already reached its end of life. (LTS releases
>>> are Java 8, 11 and 17).
>>>
>>> [1] https://openjdk.org/projects/jdk9/
>>> [2[ https://en.wikipedia.org/wiki/Java_version_history
>>>
>>> Best regards,
>>> Konstantin Kolinko
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Chris enters the room, gazes upon seven orcs, draws his sword, and
opens the can of worms.

Ooooh .. Philosophy.

I love philosophy.

:)

Good philosophy starts with good questions.

I love some of the newer hardware, too, but even Raspberry Pi is not
yet 64 bit, is it?

The dell computer that I'm working with at the moment is my case study
- it's not slow at all.

Am I alone in thinking that our technology is trying to leave humanity
behind before it is truly not useful anymore?

Unlike HAM radio operators, are you one of those crazy people who
think we're somehow safe from disaster on planet Earth?

I think this universe has much more in store for us.  I also like to
wring out every last bit of use from stuff.  I also grind old
screwdrivers that are "worn-out".

I'll feel more comfortable when our high school grads understand EcE
and computer manufacturing upon graduation.

If we need faster computers to replace humans, what's the point?

Video games?  Meta?  AI?

What about baseball, Frisbee, stage productions, and Human Intelligence?

Can an old 32 bit machine do modern encryption for telecommunications?

Why are we still paying so much for phone service?

Why aren't our high school grads capable of re-soldering components
from these old boards and assembling them into something better and
rewriting the software?

So, I think it's a worthwhile discussion that I know many thought was
settled as they gaze across fully stocked Wal Mart computer
departments and newegg query results.

If for no other reason, shouldn't we pry the specs out of the hands of
Dell and others to understand and reconfigure and reprogam their
machines?  Or, are they afraid of what we'll discover?

My working hypothesis is that if we remove what was put in there to do
things we don't know about, these machines will speed-up considerably.

:)

https://en.wikipedia.org/wiki/Clipper_chip




On 11/2/22, Christopher Schultz  wrote:
> John,
>
> On 10/27/22 11:03, John Dale (DB2DOM) wrote:
>> Does anyone know of a report detailing how much of this older hardware
>> is still out there and floating around?
>
> You mean like a list of all pieced of hardware ever sold and never
> scrapped?
>
> I think that would be practically impossible.
>
> I have a Palm 7 on a box in my office that has never been inventoried by
> anybody and could possibly be plugged back in at any moment. There are
> probably warehouses of stuff like what worldwide and you never know when
> someone is going to plug-in any one of those devices and start playing
> with it again.
>
>> Big picture:
>> It's a lot of computer power in the event manufacturing hits a hiccup,
>> I wouldn't want to be caught flat-footed until it could be
>> re-established.
>
> Are you suggesting that Linux should not drop support for i486
> architecture because if new machines aren't available due to
> supply-chain issues, we might all have to re-rack 486s to keep our
> services running? That sounds insane. We would simply do without. I'd
> sooner put my old mobile phones into service supporting my applications
> than an old i486. They are more powerful and reliable, and use less
> electricity.
>
> There's a reason Linus wants to kill i486 support:
>
> "At some point, people have them as museum pieces. They might as well
> run museum kernels." - Linus Torvalds
>
>> I like to build distilled portable stuff for that reason.  I think
>> DB2DOM could run on some really old versions of all of our favorite
>> software if needed.
> Great. I'm sure the transactions will only take a couple of seconds to
> commit. No problem ;)
>
> -chris
>
>> On 10/26/22, Christopher Schultz  wrote:
>>> Shawn,
>>>
>>> On 10/26/22 00:14, Shawn Heisey wrote:
>>>> The Linux kernel dropped support for 386 and 486 CPUs some time ago.
>>>
>>> I was reading about this today, actually. Linux is currently actively
>>> advocating for dropping 486 support, so it must still be in there.
>>>
>>> -chris
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

I see .. Mark and/or Christopher - this means that no Tomcat 10, right?

On 10/28/22, Konstantin Kolinko  wrote:
> чт, 27 окт. 2022 г. в 18:02, John Dale (DB2DOM) :
>>
>> I had the same thought when I saw it.  Here is java -version output
>> complete:
>>
>> openjdk version "9-internal"
>> OpenJDK Runtime Environment (build
>> 9-internal+0-2016-04-14-195526.buildd.src)
>> OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src, mixed
>> mode)
>
> The first official release of Java 9 (GA release) was on 21 September
> 2017 [1][2]
>
> What you are seeing here (built in 2016) apparently is some early access
> stuff.
>
> As a whole, Java 9 has already reached its end of life. (LTS releases
> are Java 8, 11 and 17).
>
> [1] https://openjdk.org/projects/jdk9/
> [2[ https://en.wikipedia.org/wiki/Java_version_history
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Does anyone know of a report detailing how much of this older hardware
is still out there and floating around?

Big picture:
It's a lot of computer power in the event manufacturing hits a hiccup,
I wouldn't want to be caught flat-footed until it could be
re-established.  I like to build distilled portable stuff for that
reason.  I think DB2DOM could run on some really old versions of all
of our favorite software if needed.



On 10/26/22, Christopher Schultz  wrote:
> Shawn,
>
> On 10/26/22 00:14, Shawn Heisey wrote:
>> The Linux kernel dropped support for 386 and 486 CPUs some time ago.
>
> I was reading about this today, actually. Linux is currently actively
> advocating for dropping 486 support, so it must still be in there.
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

I had the same thought when I saw it.  Here is java -version output complete:

openjdk version "9-internal"
OpenJDK Runtime Environment (build 9-internal+0-2016-04-14-195526.buildd.src)
OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src, mixed mode)


On 10/26/22, Christopher Schultz  wrote:
> John,
>
> On 10/24/22 12:00, John Dale (DB2DOM) wrote:
>> Hi Mark;
>> Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before
>> cli: catalina.sh run)
>> java version: openjdk version "9-internal"
>
> This looks fishy. Version "9-internal"? Is that a real version?
>
> How about you post the result of:
>
> $ java -version
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Mark and Chris - do you guys have a favorite flavor of Linux that has
yielded good results?

Anyone else?

John


On 10/24/22, Mark Thomas  wrote:
> On 24/10/2022 19:38, John Dale (DB2DOM) wrote:
>> Would Tomcat 10 work with Java 8?
>
> No. Tomcat 10.1.x requires a minimum of Java 11.
>
> Details of Tomcat versions, minimum Java versions and other useful
> information:
>
> https://tomcat.apache.org/whichversion.html
>
> Mark
>
>
>>
>> Thinking I might downgrade the JDK.
>>
>>
>> On 10/24/22, Mark Thomas  wrote:
>>>
>>>
>>> On 24/10/2022 17:00, John Dale (DB2DOM) wrote:
>>>> Hi Mark;
>>>>
>>>> Thanks for taking a look.
>>>>
>>>> Below is more information.
>>>>
>>>> Sincerely,
>>>>
>>>> John Dale, MS MIS
>>>> Spearfish, SD USA
>>>>
>>>> -
>>>>
>>>> Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before
>>>> cli: catalina.sh run)
>>>> java version: openjdk version "9-internal"
>>>> uname -m: i686
>>>> Ubuntu 18.0.4
>>>>
>>>> First error in logs:
>>>> 24-Oct-2022 09:52:24.411 SEVERE [main]
>>>> org.apache.tomcat.util.compat.Jre9Compat. Failed to create
>>>> references to Java 9 classes and methods
>>>>   java.lang.ClassNotFoundException: java.lang.ModuleLayer
>>>
>>> You appear to have a broken JRE. That class should always be present in
>>> Java 9 onwards.
>>>
>>> Mark
>>>
>>>
>>>>   at
>>>> java.net.URLClassLoader.findClass(java.base@9-internal/URLClassLoader.java:384)
>>>>   at
>>>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:486)
>>>>   at
>>>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:419)
>>>>   at
>>>> java.lang.Class.forName0(java.base@9-internal/Native
>>>> Method)
>>>>   at
>>>> java.lang.Class.forName(java.base@9-internal/Class.java:294)
>>>>   at
>>>> org.apache.tomcat.util.compat.Jre9Compat.(Jre9Compat.java:85)
>>>>   at
>>>> org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:72)
>>>>   at
>>>> org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:282)
>>>>   at
>>>> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
>>>>   at
>>>> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
>>>>   at
>>>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135)
>>>>   at
>>>> org.apache.catalina.startup.Catalina.load(Catalina.java:747)
>>>>   at
>>>> org.apache.catalina.startup.Catalina.load(Catalina.java:769)
>>>>   at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native
>>>> Method)
>>>>   at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62)
>>>>   at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43)
>>>>   at
>>>> java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531)
>>>>   at
>>>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
>>>>   at
>>>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
>>>>
>>>>
>>>>
>>>> On 10/24/22, Mark Thomas  wrote:
>>>>> On 24/10/2022 02:01, John Dale (DB2DOM) wrote:
>>>>>> Hi Everyone;
>>>>>>
>>>>>> I've had a few requests to refurbish some old 32 bit dell towers.
>>>>>>
>>>>>> So, I'm throwing ubuntu on them and bringing up a
>>>>>> MySQL->DB2DOM->Tomcat
>>>>>> stack.
>>>>>>
>>>>>> Unfortunately, Tomcat doesn't want to start with openjdk 9 that is
>>>>>> packaged with 32 bit ubuntu.
>>>>>
>>>&g

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Thank you.

Would you agree with me that this should be an ubuntu bug report?  I
installed using apt-get.

John


On 10/24/22, Mark Thomas  wrote:
> On 24/10/2022 19:38, John Dale (DB2DOM) wrote:
>> Would Tomcat 10 work with Java 8?
>
> No. Tomcat 10.1.x requires a minimum of Java 11.
>
> Details of Tomcat versions, minimum Java versions and other useful
> information:
>
> https://tomcat.apache.org/whichversion.html
>
> Mark
>
>
>>
>> Thinking I might downgrade the JDK.
>>
>>
>> On 10/24/22, Mark Thomas  wrote:
>>>
>>>
>>> On 24/10/2022 17:00, John Dale (DB2DOM) wrote:
>>>> Hi Mark;
>>>>
>>>> Thanks for taking a look.
>>>>
>>>> Below is more information.
>>>>
>>>> Sincerely,
>>>>
>>>> John Dale, MS MIS
>>>> Spearfish, SD USA
>>>>
>>>> -
>>>>
>>>> Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before
>>>> cli: catalina.sh run)
>>>> java version: openjdk version "9-internal"
>>>> uname -m: i686
>>>> Ubuntu 18.0.4
>>>>
>>>> First error in logs:
>>>> 24-Oct-2022 09:52:24.411 SEVERE [main]
>>>> org.apache.tomcat.util.compat.Jre9Compat. Failed to create
>>>> references to Java 9 classes and methods
>>>>   java.lang.ClassNotFoundException: java.lang.ModuleLayer
>>>
>>> You appear to have a broken JRE. That class should always be present in
>>> Java 9 onwards.
>>>
>>> Mark
>>>
>>>
>>>>   at
>>>> java.net.URLClassLoader.findClass(java.base@9-internal/URLClassLoader.java:384)
>>>>   at
>>>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:486)
>>>>   at
>>>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:419)
>>>>   at
>>>> java.lang.Class.forName0(java.base@9-internal/Native
>>>> Method)
>>>>   at
>>>> java.lang.Class.forName(java.base@9-internal/Class.java:294)
>>>>   at
>>>> org.apache.tomcat.util.compat.Jre9Compat.(Jre9Compat.java:85)
>>>>   at
>>>> org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:72)
>>>>   at
>>>> org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:282)
>>>>   at
>>>> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
>>>>   at
>>>> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
>>>>   at
>>>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135)
>>>>   at
>>>> org.apache.catalina.startup.Catalina.load(Catalina.java:747)
>>>>   at
>>>> org.apache.catalina.startup.Catalina.load(Catalina.java:769)
>>>>   at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native
>>>> Method)
>>>>   at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62)
>>>>   at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43)
>>>>   at
>>>> java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531)
>>>>   at
>>>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
>>>>   at
>>>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
>>>>
>>>>
>>>>
>>>> On 10/24/22, Mark Thomas  wrote:
>>>>> On 24/10/2022 02:01, John Dale (DB2DOM) wrote:
>>>>>> Hi Everyone;
>>>>>>
>>>>>> I've had a few requests to refurbish some old 32 bit dell towers.
>>>>>>
>>>>>> So, I'm throwing ubuntu on them and bringing up a
>>>>>> MySQL->DB2DOM->Tomcat
>>>>>> stack.
>>>>>>
>>>>>> Unfortunately, Tomcat doesn't want to start with openjdk 9 that is
>>>>>> packaged with 32 bit ubuntu.
>>>>>
>>>&g

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Would Tomcat 10 work with Java 8?

Thinking I might downgrade the JDK.


On 10/24/22, Mark Thomas  wrote:
>
>
> On 24/10/2022 17:00, John Dale (DB2DOM) wrote:
>> Hi Mark;
>>
>> Thanks for taking a look.
>>
>> Below is more information.
>>
>> Sincerely,
>>
>> John Dale, MS MIS
>> Spearfish, SD USA
>>
>> -
>>
>> Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before
>> cli: catalina.sh run)
>> java version: openjdk version "9-internal"
>> uname -m: i686
>> Ubuntu 18.0.4
>>
>> First error in logs:
>> 24-Oct-2022 09:52:24.411 SEVERE [main]
>> org.apache.tomcat.util.compat.Jre9Compat. Failed to create
>> references to Java 9 classes and methods
>>  java.lang.ClassNotFoundException: java.lang.ModuleLayer
>
> You appear to have a broken JRE. That class should always be present in
> Java 9 onwards.
>
> Mark
>
>
>>  at
>> java.net.URLClassLoader.findClass(java.base@9-internal/URLClassLoader.java:384)
>>  at
>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:486)
>>  at
>> java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:419)
>>  at java.lang.Class.forName0(java.base@9-internal/Native
>> Method)
>>  at
>> java.lang.Class.forName(java.base@9-internal/Class.java:294)
>>  at
>> org.apache.tomcat.util.compat.Jre9Compat.(Jre9Compat.java:85)
>>  at
>> org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:72)
>>  at
>> org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:282)
>>  at
>> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
>>  at
>> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
>>  at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135)
>>  at
>> org.apache.catalina.startup.Catalina.load(Catalina.java:747)
>>  at
>> org.apache.catalina.startup.Catalina.load(Catalina.java:769)
>>  at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native
>> Method)
>>  at
>> sun.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62)
>>  at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43)
>>  at
>> java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531)
>>  at
>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
>>  at
>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
>>
>>
>>
>> On 10/24/22, Mark Thomas  wrote:
>>> On 24/10/2022 02:01, John Dale (DB2DOM) wrote:
>>>> Hi Everyone;
>>>>
>>>> I've had a few requests to refurbish some old 32 bit dell towers.
>>>>
>>>> So, I'm throwing ubuntu on them and bringing up a MySQL->DB2DOM->Tomcat
>>>> stack.
>>>>
>>>> Unfortunately, Tomcat doesn't want to start with openjdk 9 that is
>>>> packaged with 32 bit ubuntu.
>>>
>>> Tomcat works happily with 32-bit and 64-bit Java.
>>>
>>>> Can someone give me a pointer to what works best?
>>> Perhaps if you told us what Tomcat version you were using and showed us
>>> what the error message was we'd be able to provide slightly more advice
>>> than "You are doing something wrong. Don't do that".
>>>
>>> Mark
>>>
>>>
>>>> Also, any heads up about missing libs or other nuances would also be
>>>> appreciated (jax mods were most painful).
>>>>
>>>> Sincerely,
>>>>
>>>> John Dale, MS MIS
>>>> Spearfish, SD USA
>>>>
>>>> -
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Hi Mark;

Thanks for taking a look.

Below is more information.

Sincerely,

John Dale, MS MIS
Spearfish, SD USA

-

Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before
cli: catalina.sh run)
java version: openjdk version "9-internal"
uname -m: i686
Ubuntu 18.0.4

First error in logs:
24-Oct-2022 09:52:24.411 SEVERE [main]
org.apache.tomcat.util.compat.Jre9Compat. Failed to create
references to Java 9 classes and methods
java.lang.ClassNotFoundException: java.lang.ModuleLayer
at
java.net.URLClassLoader.findClass(java.base@9-internal/URLClassLoader.java:384)
at
java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:486)
at
java.lang.ClassLoader.loadClass(java.base@9-internal/ClassLoader.java:419)
at java.lang.Class.forName0(java.base@9-internal/Native Method)
at java.lang.Class.forName(java.base@9-internal/Class.java:294)
at
org.apache.tomcat.util.compat.Jre9Compat.(Jre9Compat.java:85)
at
org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:72)
at
org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:282)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135)
at org.apache.catalina.startup.Catalina.load(Catalina.java:747)
at org.apache.catalina.startup.Catalina.load(Catalina.java:769)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native
Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43)
at
java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)



On 10/24/22, Mark Thomas  wrote:
> On 24/10/2022 02:01, John Dale (DB2DOM) wrote:
>> Hi Everyone;
>>
>> I've had a few requests to refurbish some old 32 bit dell towers.
>>
>> So, I'm throwing ubuntu on them and bringing up a MySQL->DB2DOM->Tomcat
>> stack.
>>
>> Unfortunately, Tomcat doesn't want to start with openjdk 9 that is
>> packaged with 32 bit ubuntu.
>
> Tomcat works happily with 32-bit and 64-bit Java.
>
>> Can someone give me a pointer to what works best?
> Perhaps if you told us what Tomcat version you were using and showed us
> what the error message was we'd be able to provide slightly more advice
> than "You are doing something wrong. Don't do that".
>
> Mark
>
>
>> Also, any heads up about missing libs or other nuances would also be
>> appreciated (jax mods were most painful).
>>
>> Sincerely,
>>
>> John Dale, MS MIS
>> Spearfish, SD USA
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Compatibility, 32 bit ..

[John Dale (DB2DOM)]

Hi Everyone;

I've had a few requests to refurbish some old 32 bit dell towers.

So, I'm throwing ubuntu on them and bringing up a MySQL->DB2DOM->Tomcat stack.

Unfortunately, Tomcat doesn't want to start with openjdk 9 that is
packaged with 32 bit ubuntu.

Can someone give me a pointer to what works best?  DB2DOM

Also, any heads up about missing libs or other nuances would also be
appreciated (jax mods were most painful).

Sincerely,

John Dale, MS MIS
Spearfish, SD USA

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about ssl

[John Dale (DB2DOM)]

Hi Chris;

I'm measuring the time taken to process a request as reported by
inspector-network in brave.

SSL time to process through tomcat is 11ms.

Same request for a smaller file using a java SSL socket is taking 50ms
.. like this:

public static SSLServerSocket getServerSocketWithCert(int port,
InputStream pathToCert, String passwordFromCert,
ServerSecureType type) throws IOException,
KeyManagementException, NoSuchAlgorithmException,
CertificateException, KeyStoreException,
UnrecoverableKeyException
{
X509TrustManager[] tmm;
X509KeyManager[] kmm;
KeyStore ks  = KeyStore.getInstance(instance);
ks.load(pathToCert, passwordFromCert.toCharArray());
tmm=tm(ks);
kmm=km(ks, passwordFromCert);
SSLContext ctx = SSLContext.getInstance(type.getType());
ctx.init(kmm, tmm, null);
SSLServerSocketFactory socketFactory =
(SSLServerSocketFactory) ctx.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)
socketFactory.createServerSocket(port);
return ssocket;
}

I'm using the cert at https://db2dom.com

It's still a tenth of a second to process the request with this "hand
rolled" method, but it's several orders of magnitude slower, and I'm
trying to figure out why (I'm obsessive with response times).

Sincerely,

John



On 3/28/22, Christopher Schultz  wrote:
> John,
>
> On 3/26/22 22:29, John Dale (DB2DOM) wrote:
>> Can you help me understand why Tomcat's SSL handling is so much faster
>> than hand rolling it on a regular socket?
>
> I think you'll need to define some terms.
>
> For example, what do you mean when you say "faster", and how are you
> measuring that?
>
> What do you mean when you say "hand-rolling" your SSL and what is a
> "regular socket"?
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question about ssl

[John Dale (DB2DOM)]

Greetings;

Can you help me understand why Tomcat's SSL handling is so much faster
than hand rolling it on a regular socket?

Sincerely,

John

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question about directory listing sorting ..

[John Dale (DB2DOM)]

Doesn't seem to work for me on 9.0.41 (it's an older development box).

I found these interesting:
ow with patch v3:
1. "s=NA" name=asc
2. "s=ND" name=dsc
3. "s=SA" size=asc
4. "s=SD" size=dsc
5. "s=MA" modify=asc
6. "s=MD" modify=dsc

>From here:
https://bz.apache.org/bugzilla/show_bug.cgi?id=57287

Before I get too far down the road, I thought I would reach out.
Params don't seem to affect listing sort order.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Archive or package install

[John Dale (DB2DOM)]

Because of the way the installation is dissected and distributed, I
found it easier to install from a download and use my own service
file.  Having the installation in one place also allows me to run
concurrent instances of Tomcat having different versions, and/or to
save old versions for future reference and know it's all self
contained.  apt-get installations of tomcat required I memorized three
different locations for the installation .. that wasn't good in my
case.  I'm sure others will have alternative opinions.


On 6/18/21, tomcat-li...@thomas.freit.ag  wrote:
> Hi Onno,
>
> On 18.06.21 07:07, Sugar Moose wrote:
>> I am using Ansible role robertdebock.tomcat to install Tomcat. This role
>> uses archives from the Tomcat site to install Tomcat. I have always
>> thought that this is a fine approach but the customer has pointed out that
>> a package install is preferred because it makes installing security
>> updates easier. This customer uses Ubuntu 18.04 and the position of the
>> InfraOps engineers is that installing Tomcat from the official Ubuntu
>> repository is always preferred.
>
> Installing Tomcat directly from the archives is easy and straight forward,
> in my opinion it should be perfectly fine using upstream as source (you
> should at least verify the download).
> Especially, if Tomcat plays a major role of the system (i.e. running some
> business critical applications), I would always stick to the version from
> Tomcat archives. You will end up with a more
> recent version of Tomcat, as it is actively developed, those versions will
> contain all security fixes (directly from the team and without possible
> backporting of security fixes). If you use
> CATALINA_HOME and CATALINA_BASE variables you can easily switch between
> different Tomcat versions, making it very easy to manage updates and
> possible necessary rollbacks.
>
> I would only stick to the distro-provided packages, if it is a small (in
> other words not that important) application running in Tomcat. Just for
> reference: With Ubuntu 18.04, you would end up
> with 9.0.16 vs. 9.0.48 (Tomcat project) or 8.5.39 vs. 8.5.68 (Tomcat
> project), which is about 2 years old software. For any errors you might get
> on distro packages, first hint would most
> likely be to update to a recent Tomcat version. Even if security fixed are
> backported by the distro, you would end up with versions missing a lot of
> fixes and improvements.
>
>> I don't know how exactly using apt packages makes life a lot easier when
>> it comes to security updates. I think it depends. If Ansible manages the
>> version it looks more or less the same to me. The Ansible role would have
>> an var for example tomcat_version and the value would determine the what
>> version is on the system. Updating Tomcat using Ansible would be same
>> proces: update tomcat_version var and provision the node. When Ansible is
>> not managing the version but is used for example only for the initial
>> install using Ansible package module it becomes a bit of a puzzle to
>> figure out how this would work. And also would have some drawbacks.
>> Ansible is good at configuration management and orchestration for example.
>> Apt not really.
>
> Yes, Ansible is much more flexible for managing the configuration and
> deployment-parts. You will need something for that task, even if you use the
> distro-provided packages.
>
>> What is the position / what are the thoughts on this in the Tomcat
>> community? On the Tomcat website I could find no information on package
>> install. I don't think a recommended installation approach is mentioned
>> there.
>
> In short: If your application in Tomcat is important, use the Tomcat archive
> up to date versions, if not distro packages might be sufficient. This might
> be challenging, if Tomcat is managed by
> the infrastructure team (from my experience, there is always a trend towards
> the distro packages, sometimes with the argument support by the distro). It
> might help, if managing the Tomcat can
> be done by the applications support/devops team (however, that might depend
> on the organisation constraints).
>
> hth,
> Thomas
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 10.0.7 available

[John Dale (DB2DOM)]

Awesome!

John


On 6/17/21, Mark Thomas  wrote:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 10.0.7.
>
> This release is targeted at Jakarta EE 9.
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory. This conversion is performed using the Apache Tomcat
> migration tool for Jakarta EE tool which is also available as a separate
> download for off-line use.
>
> Apache Tomcat 10 is an open source software implementation of the
> Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
> Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
> specifications.
>
> The notable changes compared to 10.0.6 include:
>
> - Improve robustness of HTTP/2 HPACK decoding
>
> - Improvements to the handling of the Transfer-Encoding header
>
> - Review code used to generate Java source from JSPs and tags and remove
>code found to be unnecessary.
>
> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/tomcat-10.0-doc/changelog.html
>
> Downloads:
> http://tomcat.apache.org/download-10.cgi
>
> Migration guides from Apache Tomcat 7.0.x, 8.5.x and 9.0.x:
> http://tomcat.apache.org/migration.html
>
> Enjoy!
>
> - The Apache Tomcat team
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Problem posting to Tomcat ssl connector ..

[John Dale (DB2DOM)]

Just to note - this was fixed in the latest release of Tomcat and I'm
humming along again ..

But it would be good to track down what is happening to help folks who
can't just upgrade like me.

Side note - you'll recall that in the last year or so I've been on an
upgrade tear from 7.x to present including Java versions.

So, now I'm all caught up.  This year I would like to integrate major
release versions of Tomcat into my build so I can debug Tomcat source
and help-out more with bugs.

Sincerely,

John


On 6/1/21, Mark H. Wood  wrote:
> On Fri, May 28, 2021 at 01:32:47PM -0600, John Dale wrote:
>> Page loads fine.
>>
>> Other pages load fine.
>>
>> SSL handshakes are working until ..
>>
>> An Ajax post with a base64 encoded image in the data.
>>
>> I debugged up to the request and it's fine.
>>
>> I debugged the server and it's not reaching my component.
>>
>> Tomcat is killing the connection for some reason.
>>
>> Thought it might be maxSavePostSize .. bumped that up in the SSL
>> connector.
>>
>> No dice.
>>
>> Request post is around 300K.
>>
>> What's going on!?
>
> I suppose there's nothing useful in the logs?  Can anyone suggest
> adjustments that might log relevant observations?
>
> --
> Mark H. Wood
> Lead Technology Analyst
>
> University Library
> Indiana University - Purdue University Indianapolis
> 755 W. Michigan Street
> Indianapolis, IN 46202
> 317-274-0749
> www.ulib.iupui.edu
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Pi Based Java Work

[John Dale (DB2DOM)]

The limit query was repeating data at the borders of my pages.  I
whittled it down to a specific case and it was definitely not sorting
properly.  Very strange behavior!

John

On 6/1/21, Christopher Schultz  wrote:
> John,
>
> On 5/28/21 20:21, John Dale wrote:
>> MariaDB has a sorting/limit problem that I haven't reported, yet (had
>> to work around it).
>
> I'm interested in this. What is happening to you?
>
> -chris
>
>> On 5/28/21, Christopher Schultz  wrote:
>>> John,
>>>
>>> On 5/28/21 15:32, John Dale wrote:
>>>> I debugged the server and it's not reaching my component.
>>>>
>>>   > 
>>>   >
>>>> Request post is around 300K.
>>>>
>>>> Tomcat 9 on a raspberry pi 4 (w00t!).
>>>
>>> Maybe you are still just waiting around for that tiny CPU to run all
>>> that bytecode.
>>>
>>> /snark
>>>
>>> Seriously, though, I'd be interested to hear about your pi-based Java
>>> work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't
>>> managed to do anything with besides running EmulationStation (which I
>>> highly recommend for anyone who grew up with an NES. Pew-pew!).
>>>
>>> -chris
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Solved my Problem posting base64 image to Tomcat ssl connector on raspberry pi with JQuery and Ajax ..

[John Dale (DB2DOM)]

I upgraded DB2DOM to 9.0.41 manually, updated systemd and consolidated
all the files that were distributed by apt-get.

Once apps were back up and running, still no luck.

Upgraded DB2DOM to 9.0.46, same result.

Upgraded to 10.0.6, globally searched and replaced javax.websocket and
javax.servlet and rebuilt.  Reviewed and made configuration changes.

It worked-out.

Upgrading my ubuntu cloud instance next, which translates really well
from the pi (systemd, apt-get etc).

Not sure if it was a small configuration change to server.xml's ssl
connector, or libraries that were fixed after the version 10 pop.

I'm a little bummed it broke backward compatibility (without some
gymnastics), but then .. I think DB2DOM doesn't run on really old
versions of Java, either (I'm on 8).

So, I have the Pi 4 running MariaDB, Tomcat 10, now.  So far, all
regression tests are passing and it looks like we've got it all
figured out.

The only browser that would POST a 500k packet was FireFox, which
leans me to believe there was maybe a chunking issue or some other
platform-specific compatibility issue (like HTTP 2 vs 1.2 vs 1.1).

Thanks for the help, John!  /snark

Sincerely,

John
DB2DOM


On 5/28/21, Christopher Schultz  wrote:
> John,
>
> On 5/28/21 15:32, John Dale wrote:
>> I debugged the server and it's not reaching my component.
>>
>  > 
>  >
>> Request post is around 300K.
>>
>> Tomcat 9 on a raspberry pi 4 (w00t!).
>
> Maybe you are still just waiting around for that tiny CPU to run all
> that bytecode.
>
> /snark
>
> Seriously, though, I'd be interested to hear about your pi-based Java
> work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't
> managed to do anything with besides running EmulationStation (which I
> highly recommend for anyone who grew up with an NES. Pew-pew!).
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Pi Based Java Work

[John Dale]

I use ant.

And git hooks (sometimes).

I don't have many dependencies .. pdfbox, some commons http stuff,
mail, jax, jdbc, gson.

Dev build builds local expanded directory deployment, touch web.xml to
reload the app.

Prod build builds the jar/war.

DB2DOM provides persistence, vws, security, and other doodads.  I've
proven the example in a few dozen scenarios including MP3 audio
encoding and video streaming from an underground mine (4000+ feet).

I run tomcat with DB2DOM in dev .. access and modify css, JS, and Java
in a web browser (syntax highlighting is the extent of my coding
assistance, DB2DOM makes things pretty routine so I don't need to know
many libraries, and the compiler gives me detailed information).

I'm doing jdb remote debugging by command line as needed.

I have build, buildProd, deployProd scripts that don't completely
automate to production server (but could very simply, I just don't so
I have some human intervention).

The entire solution including DB2DOM, but not the application code is
around 250K including scripts of my code for build/deploy.

Hey, at least I don't have property files. My properties are stored in the DB.

It's pretty simple, lightweight, and fun to save a CSS/JS file to the
server and immediately test, and to have lowest common denominator
scripts for dev/ops that tend to be easy to troubleshoot (lots of
older school script experts out there).

The entire thing including a web browser runs on a 3B+, even.  It's a
little slow, but in terms of what is usually required to support an
enterprise development environment, DB2DOM does for software what the
CNC machine did for manufacturing (spoiler alert, CNC didn't take over
all manufacturing, but did force multiply design capabilities by being
able to rough-out 90% of the work for a toolmaker).

I create a table, then use a simple API to CRUD tables:

Data.create(connection, "Table", populatedHash, catalog);
Data.findHash(connection, "Table", "sqlLookup", paramsCollection, catalog);

I have created a data navigator that allows me to populate test data
through a web browser that keeps all the ID's in synch.  It handles
blobs, images, audio, boolean, string, and date.  So, I have a graph
crud'er that is fully functional for tables that I just created (and
tables I haven't created, yet).  This has been very valuable for new
applications, to create test data immediately that has relational
integrity.

DB2DOM reads db metadata and maintains an in-memory model to drive
automation of coding tasks and produce other metadata/compilable code
that can be copy/pasted.

I once used DB2DOM to auto-generate a complete set of entity beans for
an entire schema.  It was not a high value proposition, just a
challenge issued to me and the challenge was accepted.

I also used DB2DOM to create the unicorn of information systems
engineering .. the generic entity bean.

But it was redundant.  DB2DOM did everything better and more
lightweight.  But it was a nice proof of concept.

I built this all myself without some super genius middle manager
poking me in the back all the time.

Go figure.

Sincerely,

John


On 5/28/21, Rob Sargent  wrote:
>
>
> On 5/28/21 6:21 PM, John Dale wrote:
>> Tried sending another email .. doesn't appear to have worked.
>> Internet hicupped.
>>
>> It's working just like Ubuntu in the cloud.
>>
>> Pi 4 is very fast, but I'm also running DB2DOM (middleware microkernel
>> miniaturized O/R M, Html5 IDE, and Virtual Web Server).
>>
>> MariaDB has a sorting/limit problem that I haven't reported, yet (had
>> to work around it).
>>
>> Tomcat, OpenJDK, and Raspbian are all humming along together on a 4gig Pi
>> 4.
>>
>> DB2DOM is stateless so load balancing is pretty straightforward.
>>
>> Thinking about extending DB2DOM to use an Object Database (oh yeah, I said
>> it).
>>
>> What are you working on?
>>
>> Hit me back.
>>
>> John
>>
>>
> What build tool(s) are you using?  I'm on an ubu desktop, which may or
> may not have tomcat "installed" but I'm developing a standard 3-tier app
> with embedded tomcat 9.0.46 (which certainly wouldn't be installed by
> apt).  I use gradle to manage dependencies, etc.  I can get what-ever
> version of which-ever shiny object I want.  (Then the whole
> kit-and-kaboodle get deployed at AWS. And it's working!)
>
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Pi Based Java Work

[John Dale]

Tried sending another email .. doesn't appear to have worked.
Internet hicupped.

It's working just like Ubuntu in the cloud.

Pi 4 is very fast, but I'm also running DB2DOM (middleware microkernel
miniaturized O/R M, Html5 IDE, and Virtual Web Server).

MariaDB has a sorting/limit problem that I haven't reported, yet (had
to work around it).

Tomcat, OpenJDK, and Raspbian are all humming along together on a 4gig Pi 4.

DB2DOM is stateless so load balancing is pretty straightforward.

Thinking about extending DB2DOM to use an Object Database (oh yeah, I said it).

What are you working on?

Hit me back.

John



On 5/28/21, Christopher Schultz  wrote:
> John,
>
> On 5/28/21 15:32, John Dale wrote:
>> I debugged the server and it's not reaching my component.
>>
>  > 
>  >
>> Request post is around 300K.
>>
>> Tomcat 9 on a raspberry pi 4 (w00t!).
>
> Maybe you are still just waiting around for that tiny CPU to run all
> that bytecode.
>
> /snark
>
> Seriously, though, I'd be interested to hear about your pi-based Java
> work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't
> managed to do anything with besides running EmulationStation (which I
> highly recommend for anyone who grew up with an NES. Pew-pew!).
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Problem posting to Tomcat ssl connector ..

[John Dale]

ran apt-get install tomcat9 and it upgraded these packages:
 libtomcat9-java tomcat9 tomcat9-common

Still did not resolve the issue, however.

Looking for a guide to manually upgrade a package installed with apt-get.

Suggestions?


On 5/28/21, Christopher Schultz  wrote:
> John,
>
> On 5/28/21 15:32, John Dale wrote:
>> I debugged the server and it's not reaching my component.
>>
>  > 
>  >
>> Request post is around 300K.
>>
>> Tomcat 9 on a raspberry pi 4 (w00t!).
>
> Maybe you are still just waiting around for that tiny CPU to run all
> that bytecode.
>
> /snark
>
> Seriously, though, I'd be interested to hear about your pi-based Java
> work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't
> managed to do anything with besides running EmulationStation (which I
> highly recommend for anyone who grew up with an NES. Pew-pew!).
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Problem posting to Tomcat ssl connector ..

[John Dale]

The thick plottens.

When I do apt-cache show tomcat9:

Package: tomcat9
Version: 9.0.31-1~deb10u4
...

S .. simple and good way to upgrade this via apt-get?

Or will I have to manually be overwriting stuff (yuck).

John




On 5/28/21, Christopher Schultz  wrote:
> John,
>
> On 5/28/21 15:32, John Dale wrote:
>> I debugged the server and it's not reaching my component.
>>
>  > 
>  >
>> Request post is around 300K.
>>
>> Tomcat 9 on a raspberry pi 4 (w00t!).
>
> Maybe you are still just waiting around for that tiny CPU to run all
> that bytecode.
>
> /snark
>
> Seriously, though, I'd be interested to hear about your pi-based Java
> work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't
> managed to do anything with besides running EmulationStation (which I
> highly recommend for anyone who grew up with an NES. Pew-pew!).
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Problem posting to Tomcat ssl connector ..

[John Dale]

definitely related to the post size ..

smaller images work, larger images do not work, but the larger images
are only 500k, so it's not a maxpostsize issue.

I'm running apache-tomcat-9.0.41, so this shouldn't apply:
https://stackoverflow.com/questions/63050276/tomcat-9-long-https-request

John


On 5/28/21, Christopher Schultz  wrote:
> John,
>
> On 5/28/21 15:32, John Dale wrote:
>> I debugged the server and it's not reaching my component.
>>
>  > 
>  >
>> Request post is around 300K.
>>
>> Tomcat 9 on a raspberry pi 4 (w00t!).
>
> Maybe you are still just waiting around for that tiny CPU to run all
> that bytecode.
>
> /snark
>
> Seriously, though, I'd be interested to hear about your pi-based Java
> work in another thread. I have 2 Pi 4s and 2 Pi Zeros that I haven't
> managed to do anything with besides running EmulationStation (which I
> highly recommend for anyone who grew up with an NES. Pew-pew!).
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Problem posting to Tomcat ssl connector ..

[John Dale]

Page loads fine.

Other pages load fine.

SSL handshakes are working until ..

An Ajax post with a base64 encoded image in the data.

I debugged up to the request and it's fine.

I debugged the server and it's not reaching my component.

Tomcat is killing the connection for some reason.

Thought it might be maxSavePostSize .. bumped that up in the SSL connector.

No dice.

Request post is around 300K.

What's going on!?

Tomcat 9 on a raspberry pi 4 (w00t!).








Everything is working fantastically save this one item.

Sincerely,

John

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apology: Sorry ponytail guy

[John Dale]

John from DB2DOM.COM also wishes to apologize on their behalf.

Really sincere and super apologetic regards from South Dakota,

John


On 3/29/21, Som Lima  wrote:
> Hi,
>
> You suggested  using GIT  I thought you were suggesting putting my code on
> github.
>
>
> Zahid  from backbutton.co.uk  wishes to apologise for the misunderstanding.
> My bad.
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat vs simple hand rolled standalone server ..

[John Dale]

Greetings Everyone;

I'm writing for small devices with limited power.

Last year I wrote a simple web server to receive GET requests to do a
handful of commands over the network that included some sound card
interfacing among other things.

It got me thinking about Tomcat in terms of flood/overflow/security
protections.  What is tomcat 9x doing if anything for this?  Are
buffer overflow protections something provided by the JVM/FW/OS alone?
 What other information does tomcat have beyond declarative security
in web archive metadata?

Thanks,

John

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Something I still don't quite understand, Re: Let's Encrypt with Tomcat behind httpd

[John Dale]

I had to write some custom code to look for the lets encrypt headers
then respond appropriately for verification.  It wasn't too bad,
although I don't like having that entity-specific code in there so
I've isolated and commented it.


On 8/25/20, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> James,
>
> On 8/24/20 13:24, James H. H. Lampert wrote:
>> On 8/24/20 9:57 AM, Christopher Schultz wrote:
>>> So your RewriteCond[ition] is expected to always be true? Okay.
>>> Maybe remove it, then? BTW I think your rewrite will strip query
>>> strings and stuff like that. Maybe you just want
>>> RedirectPermanent instead of Rewrite(Cond|Rule)?
>>>
>>> Okay, so everyone gets redirected from http://exmaple.com/ to
>>> https://example.com/. If LE requests
>>> http://example.com/.well-known/uherfhuerhfiu then it will be
>>> redirected to https://example.com/.well-known/uherfhuerhfiu,
>>> presumably locate the correct file and authorize the certificate
>>> request, right?
>>>
>>> But you have said that "everything is unconditionally passed to
>>> Tomcat". You posted some config that definitely passes some
>>> things to Tomcat, but without seeing the rest of the
>>>  configuration it's not possible to know for sure
>>> nothing else is going on.
>>
>> Ok. In the original post, I posted the virtual host configuration
>> as it was at the time, with meaningful domain names and IP
>> addresses redacted, and some commented-out, abandoned-in-place
>> lines removed.
>>
>> Here is what I currently have in place, albeit with names and IP
>> addresses "changed to protect the innocent." I'm sending you the
>> uncensored version off-List.
>>
>>  ServerName foo.frobozz.com # ServerAlias
>> bar.frobozz.com DocumentRoot /var/www/html/test ServerAdmin
>> i...@frobozz.com  AllowOverride All
>>  RewriteEngine on RewriteCond %{HTTP_HOST} !^www\.
>> [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
>> [R=301,L] 
>>
>>   ServerName
>> foo.frobozz.com # ServerAlias bar.frobozz.com DocumentRoot
>> /var/www/html/test ServerAdmin i...@frobozz.com # > /var/www/html/test> # AllowOverride All #  # > "https://foo.frobozz.com/manager/html/*;> #  Require ip
>> aa.bb.cc.dd #  # > "https://bar.frobozz.com/manager/html/*;> #  Require ip
>> aa.bb.cc.dd #Require ip aa.bb.cc.dd
>> ww.xx.yy zz pp.dd.qq.xx  
>> Require ip aa.bb.cc.dd ww.xx.yy zz pp.dd.qq.xx 
>> ProxyPass "/" "http://127.0.0.1:8080/; ProxyPassReverse "/"
>> "http://127.0.0.1:8080/; ProxyRequests Off Include
>> /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile
>> /etc/letsencrypt/live/foo.frobozz.com/fullchain.pem
>> SSLCertificateKeyFile
>> /etc/letsencrypt/live/foo.frobozz.com/privkey.pem 
>> 
>
> Yeah... that''s pretty straightforward. Hmm.
>
> No other VirtualHosts? Non other web servers in the mix (e.g.
> load-balancer which alreaddy redirects to HTTPS), etc.?
>
> That seems pretty mysterious to me, too.
>
> Are you using VH-based authentication with LE? Meaning, you aren't
> using DNS authentication or anything like that?
>
> I think once you have configured the server once with an LE
> certificate, renewals can use the existing certificate as
> proof-of-ownership without having to put the file into /.well-known.
> Or something. I have forgotten the details.
>
> So maybe that's it: you've already bootstrapped the process and so
> it's smoother, now. Maybe?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9FHD0ACgkQHPApP6U8
> pFi58xAAvux94C7QCOUkLj8MLGiQV57/ImcTa85nMme2H2ywpZ7JQozlssU6CSpH
> FAYFCOP3U3EH6A9AzFeSZhW+sKMeBt6uF3QR/2QF3vGmg5/KcB0srcdBcn6eejVc
> KrUnVKx5lcK+hmyXPlIVdGb+koiDl1D1omkeOxdQOaniNfGvW1LgUxouRXpUBTfJ
> JK5oe7yV5U8Ge5Wm+pOIrpf/4Y0JqluNJplQIEVWv3x7EsJtSKVKIoCXfPyGf36g
> aGmFRsh6XvndllaV/FBxx/K9zh5TG1GijkfO+vsl4l3ZXnljJm1h4Vx/1Y6KEUbM
> x9Zv8QgNpXsmZ+ylfi3hK0l9V7rkUB6ZX5mYJa9ABPXYtkE/rvCpG6RijVgY9WA4
> 4LXKW74+QR9R352OLBCgvE2gjRgVTX/KmoGasBrB3mDYd+vELkBCcXlHAQkYBVqw
> KL4UIL3SUEnV4jDfrJ/g2ujyPKd9+ED7EECM91lWg6Lcunc5865qJfPvykIDaBnZ
> kASElxqRGqmTUEi57z+BKJNRBs+ME9f7JOlT8iaoB2wKJC8CrUnGNtrFpvBxhehb
> GY4uPrUZro7NjuJ/jALnb1CeedeL9+OohxqbTYECaoeS4Op8vNNU6/FtUH9BTjWD
> mlaXkhrGr7puf4AjPg9geE/0h5Bg+ltTh8yrK1o+4jrct34S438=
> =6dbK
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question regarding servlet lifecycle and connection pooling ..

[John Dale]

Greetings;

We've wrapped my connection pool interface in a Factory.  Can you
confirm how the current request's thread is used by JDBC connection
pooling to MySQL?

Sincerely,

John

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Why does Tomcat open connections on localhost?

[John Dale]

I always appreciate your depth of knowledge, Chris.

"hand-wavy device supporting NIO for Java"

Could you write us a quick paragraph expanding on this idea?

I'm happy to follow a pointer to a well written article (something up
to your standards).

On 3/31/20, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Frank,
>
> On 3/31/20 09:30, Frank Tornack wrote:
>> Yes, these too are for communication between processes. Only you
>> don't use the network stack. This is a special feature of Unix-like
>> operating systems.
>>
>> DGRAM, unlike STREAM, does not know connection states. Therefore
>> STREAM is comparable to a local TCP connection. Unix domain sockets
>> exist in the file tree as special files. Access is controlled by
>> file permissions, as is usual for files.
>
> Yup. It's helpful to see the column headers for your netstat output,
> André:
>
>> Proto RefCnt Flags   Type   State I-Node
>> PID/Program name Path unix  2  [ ] STREAM
>> CONNECTED 167427210 27514/java unix  2  [ ] STREAM
>> CONNECTED 167423436 27514/java
>
> Each "unix" protocol-connection (UNIX domain socket) has an associated
> inode on the root filesystem, but no path. Basically, it's magic. :)
>
> The nice thing on *NIX is that even though there is a hand-wavy device
> supporting NIO for Java, it doesn't consume pairs of ports (which are
> a limited resource; see our recent discussion on the limits of TCP
> port numbers).
>
> - -chris
>
>> Am Dienstag, den 31.03.2020, 14:29 +0200 schrieb André Warnier
>> (tomcat/perl):
>>> On 31.03.2020 14:20, Mark Thomas wrote:
 On 31/03/2020 11:20, Aditya Kumar wrote:
> Tomcat 9.0.30 on Windows Server 2012 / Java 1.8
>
> I've noticed on a freshly installed version of tomcat 9,
> upon startup there are several connections to and from
> localhost on different ports
>
> For example on my tomcat server there are 4 connections to
> and from localhost (output from netstat)
>
>
> TCP0.0.0.0:8080   0.0.0.0:0
> LISTENING 3972
>
> TCP127.0.0.1:55618127.0.0.1:55619
> ESTABLISHED 3972
>
> TCP127.0.0.1:55619127.0.0.1:55618
> ESTABLISHED 3972
>
> TCP127.0.0.1:55620127.0.0.1:55621
> ESTABLISHED 3972
>
> TCP127.0.0.1:55621127.0.0.1:55620
> ESTABLISHED 3972
>
> TCP[::]:8080  [::]:0
> LISTENING 3972
>
> These can grow to a large number (several thousand) on a
> busy system. What are these connections used for? What caused
> them? What thread are they attributed to?

 The Java NIO implementation on Windows uses TCP for
 intra-process signalling. It opens a pair of self-connected
 sockets for every Selector.

 Mark

>>>
>>> While we're at it, under Linux, are the following for a similar
>>> reason ?
>>>
>>> output of :  netstat -pan | grep 27514   (tomcat's JVM PID =
>>> 27514) [...] unix  2  [ ] STREAM CONNECTED
>>> 167427210 27514/java unix  2  [ ] STREAM
>>> CONNECTED 167423436 27514/java
>>>
>>>
>>>
>>> -
>>>
>>>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>
>>
>> -
>>
>>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6DUP8ACgkQHPApP6U8
> pFgxiBAAkmLWWhwvrLW+RJ5j3ZKEu5cXQ0x3/zsMpFuP2GPok1lemXixa8T91lSO
> eGg6W80DhVb76tDJl4Akt3L8ejN2XNgSxnHgGfEiCvTughYryAmHNXxze3ZMj4BQ
> pvIO8hCc1nSlti71h6C2vEGYLnwkHyMulIolYaHP+SxKX7PSxXcfo4zD6vvpTvnO
> U5Hrk7H8JjXCANrd8LsChN8w8AkWMUJpu/TUXFYy8bWEN9Ui7SdGqfa1t+pwnl8+
> JZqO1moBP9WcMA/XR1msWIbkA8B1r+ICWqlqcdGlvkXrHzkiALdqpxy0WiKAs1Tn
> J+uPp0mAGpXRU3NGibr5NMtHLQ3Kl+X821yHYjF0XjqFwjLgvQNrmdYwblqFCUPB
> 9sIVr6CuWAxPM61QZ9Bi9fT4MrIA6f8iSEa7BDJmUWhARPQMKn6fjIOMd8Cok882
> cGU1WT8O2SrtQV+y7wJbbq4aP4e6vRi/nSqI2hlSFdTBfD1Grj+t5JPHg35AafR4
> +6qum9rVF3AKf47UoJFrXG9smWLkUVVsJuZbdHLofmQEV0ovOMzAPx2GR9oSR2/M
> sCxdUdqrhEW08wwYwIOV59vNa9pn/X/SOEre09yLH/GMV3H03CiQni616luWPrQt
> 0BzFi4+8TPVzKCaq88ThyjJnEMuDU9RNeS7IHScHTXQa6rflB7E=
> =q/Fd
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: cookie configurations for Tomcat 7

[John Dale]

Over the years I found it more productive to manage my own headers for
the most part.

The key for us has been keeping the code clean and manageable.

John


On 1/27/20, Lazar Kirchev  wrote:
> Hello,
>
> In Tomcat >= 8 there is the CookieProcessor in which cookie configurations
> could be made, including for SameSite cookie.
> Is there any way to configure this in Tomcat 7? Or the only way is to
> configure it manually in code?
>
> Kind regards,
> Lazar
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Password encryption in Tomcat 8.5.35

[John Dale]

This is a kind of funny (sorry) "battle of the bulge" problem.

Malicious systems administrators (we assume everyone is guilty and it
drives this kind of issue) will find the password to your database,
and, ignoring everything else on the machine they just exploited, will
go and query your database.

Of course, I suppose that does offer a kind of fly on the wall
opportunity to hide and observe database transactions.

Presuming, however, that they have access to the app server tier, what
might stop them from exploiting the database?

And then .. there's the clipper chip and spectr (spelling?) ..
computer engineering has become pretty demoralizing in a world where a
12 year old can be given the OPM toolkit and sit beyond most
reasonable opportunities to prosecute, all in the name of making us
safer (broken by design) 


On 9/16/19, Olaf Kock  wrote:
>
> On 16.09.19 08:24, Olaf Kock wrote:
>> If someone has access to the old Wiki's information, it'd be a great
>> page to restore.
>>
> "Do you really want to send this mail?" - "Of course" - "so be it" - m(
> Facepalm:
>
> It takes the steps above to think of a way of accessing the old content:
> Here it is, courtesy of the wayback machine:
> https://web.archive.org/web/20180114041103/https://wiki.apache.org/tomcat/FAQ/Password
>
> Cheers,
>
> Olaf
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.24 available

[John Dale]

Does this get included in the apt framework for ubuntu automatically?

John


On 8/19/19, Mark Thomas  wrote:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.24.
>
> Apache Tomcat 9 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expression Language, Java
> WebSocket and JASPIC technologies.
>
> Apache Tomcat 9.0.24 is a bugfix and feature release. The notable
> changes compared to 9.0.22 include:
>
> - Expand Graal native image support to include JNDI, JSPs and JULI
>
> - Expand the HTTP/2 excessive overhead protection to cover various forms
>   of abusive client behaviour and close the connection if any such
>   behaviour is detected.
>
> - Security improvements to the Windows installer including a change in
>   the default user from Local System to Local Service.
>
> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
>
>
> Downloads:
> http://tomcat.apache.org/download-90.cgi
>
> Migration guides from Apache Tomcat 7.x and 8.x:
> http://tomcat.apache.org/migration.html
>
> Enjoy!
>
> - The Apache Tomcat team
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Invalid HTTP Header - attack?

[John Dale]

9.0.16.0 - this is the version installed with apt-get tomcat9 on ubuntu 18.04

Thank you for your feedback.

John


On 8/1/19, Konstantin Kolinko  wrote:
> чт, 1 авг. 2019 г. в 22:11, John Dale :
>>
>> Great feedback.  Thanks.
>>
>> I am the network department. :)
>>
>> This is a public facing service and shortly after I see this in the
>> log, I get an OOM exception and server shutdown.  Twice now this
>> morning.
>>
>
> The exception text is a bit misleading. It says "header", but it
> actually caused by sanity checks that are done when parsing the first
> line of the request (it precedes all the headers) aka the "request
> line". Thus you can see "parseRequestLine()" in the stack trace.
>
> As you may know, starting with HTTP/1.1 a client can send several HTTP
> request over the same connection (aka "keep alive", also "request
> pipelining"). If the length of the preceding request was not processed
> correctly either because the client sent an incorrect value of
> Content-Length header or if there is a bug, Tomcat will start parsing
> a new request at a wrong place and you will see such an error.
>
> Other cause of similar errors is when a client tries to connect using
> https: protocol to a http: connector. A small difference is that in
> that case the sanity check will be triggered earlier: when parsing the
> HTTP method name (the first component of the request line). In your
> case the error message says about the HTTP protocol version (the third
> component of the request line).
>
>
> 1. Personally, I always run with
> org.apache.catalina.connector.RECYCLE_FACADES=true
> as documented in [1].
>
> This property helps if there is a bug in a web application.
>
> 2. Make sure that you use an up-to-date version of Tomcat. You didn't
> tell us what version of Tomcat 9.0.x you are using.
>
> 3. If there is bug that causes Tomcat to incorrectly process a length
> of a request (a known way to trigger such a bug), I think that it will
> be treated as a security vulnerability that leads to an information
> leak.
>
> See CVE-2018-8037 )fixed in 9.0.10), CVE-2017-5651 and CVE-2017-5647
> (both fixed in 9.0.0.M19) for an idea.
>
> https://tomcat.apache.org/security-9.html
>
> Maybe you can configure creation of a heap dump during the OOM, so
> that it could be diagnosed what is causing a memory leak?
>
> Note that there is a procedure to report security issues [2]. A public
> Bugzilla should not be used for such reports.
>
> 4. The error message that you saw is printed only once in every 24
> hours. The latter occurrences during the same day are suppressed
> (logged at DEBUG level) to prevent flooding one's log files. This
> behaviour is controlled by system properties [3],
>
> org.apache.juli.logging.UserDataHelper.CONFIG
> org.apache.juli.logging.UserDataHelper.SUPPRESSION_TIME
>
> [1]
> https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#System_Properties
>
> [2] https://tomcat.apache.org/security.html
>
> [3]
> https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html#Logging
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Invalid HTTP Header - attack?

[John Dale]

Great feedback.  Thanks.

I am the network department. :)

This is a public facing service and shortly after I see this in the
log, I get an OOM exception and server shutdown.  Twice now this
morning.

Hmm .. :\

John


On 8/1/19, Michael Osipov  wrote:
> Am 2019-08-01 um 20:36 schrieb Mark Thomas:
>> On 01/08/2019 19:08, John Dale wrote:
>>> I'm getting this in my logs - is this an attack do you think?
>>
>> Unlikely to be an attack. Most likely a broken client.
>
> There is another scenario:
>
> Regular security scans on all corporate subnets from sec dept. I have
> these almost every day in access.log and via SSH.
>
> Ask your network department who's IP this is and you should get better
> information.
>
> See also: https://bz.apache.org/bugzilla/show_bug.cgi?id=55372
>
> Michael
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Invalid HTTP Header - attack?

[John Dale]

I'm getting this in my logs - is this an attack do you think?  How
might I determine this?

Could this be pushing bytes to the handler and causing a memory issue?

Error parsing HTTP request header
Aug  1 17:37:58 dom1 tomcat9[9793]:  Note: further occurrences of HTTP
request parsing errors will be logged at DEBUG level.
Aug  1 17:37:58 dom1 tomcat9[9793]:
java.lang.IllegalArgumentException: Invalid character found in the
HTTP protocol
Aug  1 17:37:58 dom1 tomcat9[9793]: at
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:531)
Aug  1 17:37:58 dom1 tomcat9[9793]: at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
Aug  1 17:37:58 dom1 tomcat9[9793]: at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
Aug  1 17:37:58 dom1 tomcat9[9793]: at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
Aug  1 17:37:58 dom1 tomcat9[9793]: at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
Aug  1 17:37:58 dom1 tomcat9[9793]: at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
Aug  1 17:37:58 dom1 tomcat9[9793]: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
Aug  1 17:37:58 dom1 tomcat9[9793]: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
Aug  1 17:37:58 dom1 tomcat9[9793]: at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Aug  1 17:37:58 dom1 tomcat9[9793]: at java.lang.Thread.run(Thread.java:748)

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question regarding tomcat random number seeding and startup times

[John Dale]

I changed securerandom.source=file:/dev/random in
/jre/lib/security/java.security, changing this to urandom and it
vastly improved things.  My question is, what will this do?  I don't
really rely on the tomcat generated session affinity ..

On 7/28/19, John Dale  wrote:
> Greetings;
>
> I found this in the logs where it's hanging-up:
>
> 28-Jul-2019 19:05:10.520 WARNING [main]
> org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom
> Creation of SecureRandom instance for session ID generation using
> [SHA1PRNG] took [212,424] milliseconds.
>
> Thoughts?
>
> John
>
>
> On 7/27/19, Christopher Schultz  wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> John,
>>
>> On 7/27/19 19:49, John Dale wrote:
>>> Greetings Everyone;
>>>
>>> A quick update to the folks who I have interacted with on the list
>>> (you know who you are and I thank you).
>>>
>>> I got all of my applications and sites migrated from Tomcat 7.x.x
>>> to Tomcat 9.x running on Ubuntu 18.04 and Java 8.  Lots of fun work
>>> with the firewalls, databases, and email servers (DKIM, SPF, and
>>> DMARC are something else).
>>>
>>> Overall, I was kind of disappointed to find out that Java 11
>>> doesn't include activation and jax libs, but it sure was fast once
>>> I included these things in my lib folder.  That said, I thought it
>>> might be better to revert to Java 8, which bundles and unit tests
>>> these libraries.  So, that's what I did.
>>>
>>> But yikes .. the startup times are now very slow .. sometimes two
>>> minutes.  I understand that this might relate to the need of the
>>> JVM to initialize for random number seeding.  Is this true?
>>
>> What makes you say that? It might be correct, but you are just
>> providing a guess, here.
>>
>>> What other strategies should I be looking at to make the bounce
>>> more zippy?  I deploy two smallish war files (<5MB, about 160KB
>>> Java Services code)
>>
>> Note that the size of the code is largely irrelevant.
>>
>>> I noticed several recommendations for different random number
>>> seeding strategies, but they came with warnings relative to the
>>> quality of encryption.  What else might be done that doesn't
>>> compromise encryption quality?
>>
>> Most modern JVMs (on Linux) use /dev/urandom as a source of entropy by
>> default which is safe enough to use for probably everything but
>> long-loved encryption keys (e.g. multi-year-valid RSA/EC keys, PGP
>> keys, etc.). You probably shouldn't be generating long-lived keys of
>> these kinds from within a Tomcat-hosted application. /dev/urandom is
>> non-blocking so it shouldn't stall when grabbing entropy for things
>> like random-number seeding (which are used by Tomcat for both random
>> session-id generation and random TLS bulk-encryption keys.
>>
>>> I would like to push back my Java 11 upgrade until I have a good
>>> longer term strategy for jax and activation libraries.  Thoughts?
>>
>> Why not simply bundle those required libraries with your application?
>>
>>> Glad to have made it through the upgrade .. it really wasn't very
>>> painful at all.
>>
>> Glad to hear it wasn't painful.
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>>
>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl09KVgACgkQHPApP6U8
>> pFhPew/+JpMBI7y27lkZdvD61QoWWVYQm4VrsVu9iCGMSSznSPdVSROgvupjtF1Z
>> QCuTRLTOGdxWC1RuNMg47chtUiRtUnS/dIaCscN9AYSzqKvyGkGdW97S0cdTZnHy
>> plSRqsep4RkoseyFPBrLHRy3FU8po8Bt+2L3btCSwVK6pcp4GNVkywqF9/gkAJVp
>> uAL5Pyy57SY84sdHyCxxYeo9iO3Jtg3UVVQzGJzaFJ3bhCQcQO/50CNbsTMutGYJ
>> sJFOAWL6vQhnojIH2PAm6fqQ2e0XF+RmZh5Kf0+Jsl3VjBxw1C5wzyixcK9NvKxq
>> vdxG2Cs9YGpYiLLmF5Diz0JU7rTWfz/A0jalNt8Fr6y2HS65rFSlWsTsjlmjpl14
>> b1hEw/o+vtRwJ3e+HEbTelnOXzaZU4HhlaiDkd43EcWOUyicvlEuAToQHMou5N68
>> uKjP5/AdrDvGuSdAxCRrnAmAsOP4P0XMXoG9n6tHoTRy6L+3eh01h931lsFlxlYy
>> dOly8rOzDwE80x5BzugDw9I9Rotg0U0mGzogNzs9thG/1rrBzdUdWNDcWvJLaEkT
>> joKGlScnB/gEisV2NT2DEB4E8q9kf6BoypSVMhzOTQ9KDnIq6cau7dtfXWwusODt
>> St7SCCJtAsxMtici5HihZvuf+CDVpuZ5+PD3KWSuFjSxrwrl1Es=
>> =Qhtz
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question regarding tomcat random number seeding and startup times

[John Dale]

Greetings;

I found this in the logs where it's hanging-up:

28-Jul-2019 19:05:10.520 WARNING [main]
org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom
Creation of SecureRandom instance for session ID generation using
[SHA1PRNG] took [212,424] milliseconds.

Thoughts?

John


On 7/27/19, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> John,
>
> On 7/27/19 19:49, John Dale wrote:
>> Greetings Everyone;
>>
>> A quick update to the folks who I have interacted with on the list
>> (you know who you are and I thank you).
>>
>> I got all of my applications and sites migrated from Tomcat 7.x.x
>> to Tomcat 9.x running on Ubuntu 18.04 and Java 8.  Lots of fun work
>> with the firewalls, databases, and email servers (DKIM, SPF, and
>> DMARC are something else).
>>
>> Overall, I was kind of disappointed to find out that Java 11
>> doesn't include activation and jax libs, but it sure was fast once
>> I included these things in my lib folder.  That said, I thought it
>> might be better to revert to Java 8, which bundles and unit tests
>> these libraries.  So, that's what I did.
>>
>> But yikes .. the startup times are now very slow .. sometimes two
>> minutes.  I understand that this might relate to the need of the
>> JVM to initialize for random number seeding.  Is this true?
>
> What makes you say that? It might be correct, but you are just
> providing a guess, here.
>
>> What other strategies should I be looking at to make the bounce
>> more zippy?  I deploy two smallish war files (<5MB, about 160KB
>> Java Services code)
>
> Note that the size of the code is largely irrelevant.
>
>> I noticed several recommendations for different random number
>> seeding strategies, but they came with warnings relative to the
>> quality of encryption.  What else might be done that doesn't
>> compromise encryption quality?
>
> Most modern JVMs (on Linux) use /dev/urandom as a source of entropy by
> default which is safe enough to use for probably everything but
> long-loved encryption keys (e.g. multi-year-valid RSA/EC keys, PGP
> keys, etc.). You probably shouldn't be generating long-lived keys of
> these kinds from within a Tomcat-hosted application. /dev/urandom is
> non-blocking so it shouldn't stall when grabbing entropy for things
> like random-number seeding (which are used by Tomcat for both random
> session-id generation and random TLS bulk-encryption keys.
>
>> I would like to push back my Java 11 upgrade until I have a good
>> longer term strategy for jax and activation libraries.  Thoughts?
>
> Why not simply bundle those required libraries with your application?
>
>> Glad to have made it through the upgrade .. it really wasn't very
>> painful at all.
>
> Glad to hear it wasn't painful.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl09KVgACgkQHPApP6U8
> pFhPew/+JpMBI7y27lkZdvD61QoWWVYQm4VrsVu9iCGMSSznSPdVSROgvupjtF1Z
> QCuTRLTOGdxWC1RuNMg47chtUiRtUnS/dIaCscN9AYSzqKvyGkGdW97S0cdTZnHy
> plSRqsep4RkoseyFPBrLHRy3FU8po8Bt+2L3btCSwVK6pcp4GNVkywqF9/gkAJVp
> uAL5Pyy57SY84sdHyCxxYeo9iO3Jtg3UVVQzGJzaFJ3bhCQcQO/50CNbsTMutGYJ
> sJFOAWL6vQhnojIH2PAm6fqQ2e0XF+RmZh5Kf0+Jsl3VjBxw1C5wzyixcK9NvKxq
> vdxG2Cs9YGpYiLLmF5Diz0JU7rTWfz/A0jalNt8Fr6y2HS65rFSlWsTsjlmjpl14
> b1hEw/o+vtRwJ3e+HEbTelnOXzaZU4HhlaiDkd43EcWOUyicvlEuAToQHMou5N68
> uKjP5/AdrDvGuSdAxCRrnAmAsOP4P0XMXoG9n6tHoTRy6L+3eh01h931lsFlxlYy
> dOly8rOzDwE80x5BzugDw9I9Rotg0U0mGzogNzs9thG/1rrBzdUdWNDcWvJLaEkT
> joKGlScnB/gEisV2NT2DEB4E8q9kf6BoypSVMhzOTQ9KDnIq6cau7dtfXWwusODt
> St7SCCJtAsxMtici5HihZvuf+CDVpuZ5+PD3KWSuFjSxrwrl1Es=
> =Qhtz
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question regarding tomcat random number seeding and startup times

[John Dale]

Greetings;

On 7/27/19, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> John,
>
> On 7/27/19 19:49, John Dale wrote:
>> Greetings Everyone;
>>
>> A quick update to the folks who I have interacted with on the list
>> (you know who you are and I thank you).
>>
>> I got all of my applications and sites migrated from Tomcat 7.x.x
>> to Tomcat 9.x running on Ubuntu 18.04 and Java 8.  Lots of fun work
>> with the firewalls, databases, and email servers (DKIM, SPF, and
>> DMARC are something else).
>>
>> Overall, I was kind of disappointed to find out that Java 11
>> doesn't include activation and jax libs, but it sure was fast once
>> I included these things in my lib folder.  That said, I thought it
>> might be better to revert to Java 8, which bundles and unit tests
>> these libraries.  So, that's what I did.
>>
>> But yikes .. the startup times are now very slow .. sometimes two
>> minutes.  I understand that this might relate to the need of the
>> JVM to initialize for random number seeding.  Is this true?
>
> What makes you say that? It might be correct, but you are just
> providing a guess, here.

After reading up on the issue and searching around for a few hours, I
found many posts like these folks falling all over themselves
recommending haveged:
https://www.digitalocean.com/community/questions/fresh-tomcat-takes-loong-time-to-start-up

>
>> What other strategies should I be looking at to make the bounce
>> more zippy?  I deploy two smallish war files (<5MB, about 160KB
>> Java Services code)
>
> Note that the size of the code is largely irrelevant.

Correct .. unless there are huge jar files with many many classes to
scan for deployment metadata?  In my case, I have a very robust little
application in a tiny deployable, so I was ruling that out.

>
>> I noticed several recommendations for different random number
>> seeding strategies, but they came with warnings relative to the
>> quality of encryption.  What else might be done that doesn't
>> compromise encryption quality?
>
> Most modern JVMs (on Linux) use /dev/urandom as a source of entropy by
> default which is safe enough to use for probably everything but
> long-loved encryption keys (e.g. multi-year-valid RSA/EC keys, PGP
> keys, etc.). You probably shouldn't be generating long-lived keys of
> these kinds from within a Tomcat-hosted application. /dev/urandom is
> non-blocking so it shouldn't stall when grabbing entropy for things
> like random-number seeding (which are used by Tomcat for both random
> session-id generation and random TLS bulk-encryption keys.

I assume you mean "long-lived"? :D  I don't believe I'm generating
these, but in my survey of online information it seemed to indicate
Tomcat might be doing this for some of its own internal processes.
You would know better than I would if this is true.  At some point I'd
like to get into the Tomcat source code, probably after what I have
now is hardened and virtually unchanging.  But then, that's why we
have you, right?  :)  I'm deploying ssl certs from certbot into a pfx
type deployment.  Maybe this is related to the issue?

>
>> I would like to push back my Java 11 upgrade until I have a good
>> longer term strategy for jax and activation libraries.  Thoughts?
>
> Why not simply bundle those required libraries with your application?
>
>> Glad to have made it through the upgrade .. it really wasn't very
>> painful at all.

Just this startup issue.  I like to be able to make quick changes, and
faster start times are way more fun.  I'm just stumped as to why Java
11 seemed to be so much faster to startup the same code base.  I'll
keep poking around.  If you have any ideas please let me know.

Thanks!

John Dale
DB2DOM


>
> Glad to hear it wasn't painful.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl09KVgACgkQHPApP6U8
> pFhPew/+JpMBI7y27lkZdvD61QoWWVYQm4VrsVu9iCGMSSznSPdVSROgvupjtF1Z
> QCuTRLTOGdxWC1RuNMg47chtUiRtUnS/dIaCscN9AYSzqKvyGkGdW97S0cdTZnHy
> plSRqsep4RkoseyFPBrLHRy3FU8po8Bt+2L3btCSwVK6pcp4GNVkywqF9/gkAJVp
> uAL5Pyy57SY84sdHyCxxYeo9iO3Jtg3UVVQzGJzaFJ3bhCQcQO/50CNbsTMutGYJ
> sJFOAWL6vQhnojIH2PAm6fqQ2e0XF+RmZh5Kf0+Jsl3VjBxw1C5wzyixcK9NvKxq
> vdxG2Cs9YGpYiLLmF5Diz0JU7rTWfz/A0jalNt8Fr6y2HS65rFSlWsTsjlmjpl14
> b1hEw/o+vtRwJ3e+HEbTelnOXzaZU4HhlaiDkd43EcWOUyicvlEuAToQHMou5N68
> uKjP5/AdrDvGuSdAxCRrnAmAsOP4P0XMXoG9n6tHoTRy6L+3eh01h931lsFlxlYy
> dOly8rOzDwE80x5BzugDw9I9Rotg0U0mGzogNzs9thG/1rrBzdUdWNDcWvJLaEkT
> joKGlScnB/gEisV2NT2DEB4E8q9kf6Bo

Question regarding tomcat random number seeding and startup times

[John Dale]

Greetings Everyone;

A quick update to the folks who I have interacted with on the list
(you know who you are and I thank you).

I got all of my applications and sites migrated from Tomcat 7.x.x to
Tomcat 9.x running on Ubuntu 18.04 and Java 8.  Lots of fun work with
the firewalls, databases, and email servers (DKIM, SPF, and DMARC are
something else).

Overall, I was kind of disappointed to find out that Java 11 doesn't
include activation and jax libs, but it sure was fast once I included
these things in my lib folder.  That said, I thought it might be
better to revert to Java 8, which bundles and unit tests these
libraries.  So, that's what I did.

But yikes .. the startup times are now very slow .. sometimes two
minutes.  I understand that this might relate to the need of the JVM
to initialize for random number seeding.  Is this true?

What other strategies should I be looking at to make the bounce more
zippy?  I deploy two smallish war files (<5MB, about 160KB Java
Services code)

I noticed several recommendations for different random number seeding
strategies, but they came with warnings relative to the quality of
encryption.  What else might be done that doesn't compromise
encryption quality?

I would like to push back my Java 11 upgrade until I have a good
longer term strategy for jax and activation libraries.  Thoughts?

Glad to have made it through the upgrade .. it really wasn't very
painful at all.

Sincerely,

John Dale
DB2DOM

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Upgrading .. finally

[John Dale]

Moving ahead with Java 11 and Tomcat 9 on ubuntu 18.04.

It was simple.

Figured out service call for tomcat, too (from my other email).

I don't have any questions or issues at this point .. just glad I went
to so much effort to make my code portable.

Thanks!

John


On 7/17/19, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> John,
>
> On 7/16/19 22:07, John Dale wrote:
>> Greetings;
>>
>> I'm upgrading to Tomcat 9 and (I guess) openjdk 11.
>>
>> Should I consider openjdk 8 instead?
>
> Where are you coming from?
>
> I'd go all the way up, since Java 8 is dead as far as Oracle is
> concerned. The OpenJDK team will likely continue to publish security
> updates, but there is no time like the present to update to the latest.
>
> Since you will want to do a thorough test of your application, you may
> as well do it with Java 11 instead of Java 8.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0vkm4ACgkQHPApP6U8
> pFgw9xAApStphFMe65dEUqko7dBVA9ZWiIIyg4CpSQEZeBVrY2VUHDdWk3Dt9UEn
> g+I3gk512sNFtiDAH01+nV8S9VAWHjOUVsGi1e75nQXgWLNv+Mfgn8T0IryckA/+
> Ez8RZVVPK721UjWNmehC45FN8XC/CfOcRI9B+jTsyVk6qkjEDmT1oBEUSCIvaRVi
> 2Pza3o6GeXGdmBLb4zvy7vaU0J+7Paget/xzkNyDXsdhXDVAnGWyFlVT/iSCDvWz
> KWIzzFE2QNleM5lETzvpt2dWs0u8Kp+9rrCVy25kXIg/SFlhunHxALwWeNUMqEub
> PtEVLsWy72QOs4XuEyAzXiGMcM6hpwwVV5FjRvIDJ+LFJT76abcOuDcmt1g8QjVW
> u8n1qok/6zwlMUY7WC82IbxK+P0OwRuJDSDhPC8bq0kyoNoCctKvlHChncTgZnWC
> 3s31odinIc8Ry6UYimgES+V9kWJwfkr21x2sxkchpkGfHeh4G+QnqnwaxRLnTHG0
> 3I8AdDvnCcBt3HsKgLY7L/noY+LMK6+VtAlg9ymmQ3Nv6kV2J7DtWjiD202l9oIs
> xlhFCN4iZgq3223hO9eac66Ch1DUXIax+N6eBr7QWIdY84/kBi+CBV/Y27E12Ajt
> Exu1E14aPgeUcL4rVSM50e3DXrKRJteFwTGcrQJtUaRW5GHwrhY=
> =h5jt
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Upgrading .. finally

[John Dale]

Greetings;

I'm upgrading to Tomcat 9 and (I guess) openjdk 11.

Should I consider openjdk 8 instead?

John

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question regarding SmartOS

[John Dale]

Greetings;

How is Tomcat 8.x/9.x with SmartOS?

John

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Does Tomcat server printout System.out.print infor?

[John Dale]

It is pretty normal.  If you don't want to deal with the systems
administration of your server, you can lease a tomcat instance and
deploy your war file.   A host will typically help you with some of
the configuration and management, and notify you if you have deployed
some naughty code that is consuming server resources.  This is
somewhere in between a WUSIWUG and a fill cloud server instance of,
say, Linux.

On 5/11/19, Karen Goh  wrote:
> Hello experts,
>
> Currently, I am uploading a new .war file up to my hosting company.
>
> However, I am puzzled how things work and would like to check what is the
> norm out there.
>
> They are using httpd apache server and tomcat.
>
> Basically, I have subscribed a private Tomcat server so I get an instance of
> Tomcat server - 8.0.27.
>
> But, the re-start of server is not in my control.
>
> I would like to know if this is the normal environment in a web hosting
> company ?
>
> Another thing is that, in my newly uploaded war file, I don't get to see any
> System.out.println infor in my code, which I believe it should be printed
> out, as per my last log file indication in the web hosting company.
>
> What they told me is
> "Only if there is system level operation. For example, unloading/reloading a
> war file would have logged."
>
> So, please help me know if it is not possible to see system.out.print infor
> as what I have put in the code in my java class ?
>
> Another thing is that I am going to put in the Tomcat Realm for the log-in
> module and I am wondering where is the privacy since I do not have the full
> control over Tomcat in this web hosting environment ?
>
> Thanks & regards,
> Karen
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Jmx example for adding or removing users?

[John Dale]

You're missing database driven roles based user authentication and
authorization.  :)

I commend you, sir, for attempting the tomcat default user management
save button!

On 5/9/19, Alex O'Ree  wrote:
> Well less than perfect. Tomcat out of the box is setup with the users xml
> file. What's exposed as mbeans is the
> "org.apache.catalina.mbeans.MemoryUserDatabaseMBean".
> I can add uses to it via mbean, however calling the "save" method does not
> update the tomcat-users.xml file. Am i missing something?
>
> On Fri, Apr 26, 2019 at 7:14 PM Alex O'Ree  wrote:
>
>> Ahh perfect, thanks.
>>
>> On Fri, Apr 26, 2019 at 12:34 PM Mark Thomas  wrote:
>>
>>> On 26/04/2019 12:11, Alex O'Ree wrote:
>>> > I am looking for a way to programmatically add or remove user accounts
>>> > using tomcats user xml file as a store without restarting tomcat. Can
>>> this
>>> > be done using jmx?
>>> >
>>>
>>> Yes. Look under Users -> UserDatabase
>>>
>>> Mark
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

This was in the spirit of one of my suggestions and probably how I
would approach the problem to save them/me having to create a Tomcat
request harness .. encapsulate the service in a static method and call
that (cohesive).

Have a super day,

John


On 5/8/19, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Terence and Paul,
>
> On 5/6/19 14:36, Terence M. Bandoian wrote:
>> On 5/6/2019 10:45 AM, Paul Carter-Brown wrote: 2) Can the servlets
>> you want to use be refactored so that the underlying functionality
>> is exposed in a way that doesn't require any context?
>
> I think this is more likely to get you a satisfying solution.
>
> As much fun it is to watch you try to explain to John what you are
> trying to do (which seems straightforward, in principle, to me), I
> think you are barking up a tree which doesn't like dogs.
>
> Is it very important that your "work" actually be invoked via a
> servlet request/response mechanism? Or can you, as Terence suggests,
> call the "meat" of the service directly instead of invoking the "web
> service"?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzTavcACgkQHPApP6U8
> pFifog/+O2rgZGSHOSWYXq53NOXE6aN9byqVMfG2mj+Y2Ms8wvptgW6Dt5U4Slj5
> P+mD3tzBlaQlmDyl6aaLfk8cm2lSmphNUXDv8IKi5AMxMDRBrfAVPi0t0WXIfaDC
> odgE78Mnmztbb/wnCLDzeDEV+G2iDPc6Fy7n+4P1GtU82666vVBeE026Mtwi7PX/
> KwsQjwLSsNzkk0HlTXVPvC0lJeVdK4bCpk5sqhHZaDKaZvRvvR7guEXOG96ga+Xl
> RhTmz4Pe5s6BUImSdXI4ycT4Q9z9P2vZhcbOBBe/oCJivYaYshYgSkjgZ5scaMby
> DjP15t12SXtZiR5/K/OgCjXBFIX0ilc5Avn4bkIvBi2odf+vpaKif0z3XYujD6Ho
> PIauQhKORF5Rb8zOjb3ERnWOwtgv2S5s3zx22nIRV5IpgM9666p3p3mOU4Via4lh
> Eql/A+vT0nxLvoKmVXbw4eMh4c6UJKMk+e47sWbKTb9iwxLL9eyez2Co7YJLuwXr
> I+WeOet8naU6y+jfJ6Z7uuJw9FAeTAuUxHj315qYcovrBdiQWDHxMCFrV5TTZVJc
> oDKBkM86O82z477Ei/aSxxwF0qx9aFf8OtlzGIISkhOjIjzhY4l1ZKueMykAbEgb
> IkBqN7OMrvb5ekuV0c9U61vFTZ9zcmbJiaVidOHmFvRtuMohiIQ=
> =x7LQ
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

I would trace tomcat and recreate a servlet request .. see if I could
hack it in that way (assuming that localhost traffic isn't fast
enough).  Normalizing on HTTP/TCP will be more maintainable, though?

Can somebody suggest a good place for a breakpoint?

Any other suggestions?

John


On 5/6/19, Paul Carter-Brown  wrote:
> Hi John,
>
> See original request. It's pretty much a Kafka/Servlet proxy/gateway:
>
> I'm trying to design a Kafka consumer and producer that will run inside the
> tomcat jvm and pick up messages off a Kafka topic and translate them into a
> servlet request and pass it through tomcat and then when the response is
> complete then translate it into a Kafka message and put it onto another
> topic as a reply. This way I can reuse our existing jax-rs rest services
> and expose them as an async api over Kafka. The idea is to make the Kafka
> messages similar to http in that they would consist of headers and a body.
> The body would be json.
>
>
> On Mon, May 6, 2019 at 6:13 PM John Dale  wrote:
>
>> You could try debugging the tomcat code and find out how, right after
>> it parses the TCP request, it invokes the servlet.  You can then
>> create your own harness for tomcat code after initializing the
>> appropriate context for the request to tomcat.  I don't know off hand
>> where in the tomcat code this cut point can be found.
>>
>> Is this a performance issue, or are you building a proxy?
>>
>> What is the problem you're trying to solve?
>>
>> On 5/6/19, Paul Carter-Brown  wrote:
>> > Yea, but the issue is that only works when calling in the context of a
>> > current servlet call.
>> >
>> > Here is the kind of problem I want to solve:
>> >
>> > @WebServlet(name = "MyExample", urlPatterns = {"/example"},
>> loadOnStartup =
>> > 1)
>> > public class Example extends HttpServlet {
>> >
>> > @PersistenceContext
>> > private EntityManager em;
>> >
>> > @Override
>> > public void init(ServletConfig config) {
>> > Thread t = new Thread(() -> {
>> > while (true) {
>> > try {
>> > // Do a GET to /example/ and get the response
>> > without
>> > going out on localhost and back in
>> > // We cant just call doGet as we want the request
>> > to
>> > flow through the servlet filters, do the entitymanager injection etc
>> > Thread.sleep(1);
>> > } catch (Exception e) {
>> > }
>> > }
>> > });
>> > t.start();
>> >
>> > }
>> >
>> > @Override
>> > protected void doGet(HttpServletRequest req, HttpServletResponse
>> resp)
>> > throws ServletException, IOException {
>> > // do stuff like use em
>> > resp.setStatus(200);
>> > resp.getWriter().write("Hello World");
>> > }
>> >
>> > }
>> >
>> >
>> >
>> >
>> > On Mon, May 6, 2019 at 5:35 PM John Dale  wrote:
>> >
>> >> For reference, I did find this after searching "calling a servlet
>> >> programmatically":
>> >> https://docs.oracle.com/cd/E19146-01/819-2634/abxbn/index.html
>> >>
>> >> On 5/6/19, Paul Carter-Brown  wrote:
>> >> > I think we are completely missing each other. Forget sockets - that
>> was
>> >> > just an example. I have code running in a Tomcat App server which is
>> >> > not
>> >> > managed by Tomcat and is not initiated by anything within Tomcat.
>> >> > That
>> >> code
>> >> > now wants to call a servlet hosted in that very same JVM. Any way to
>> do
>> >> > that without going out and back in on TCP?
>> >> >
>> >> >
>> >> > On Mon, May 6, 2019 at 5:14 PM John Dale  wrote:
>> >> >
>> >> >> Sockets are an implementation of TCP/UDP inherently.
>> >> >>
>> >> >> Perhaps a mountaintop signal fire?
>> >> >>
>> >> >> ;)
>> >> >>
>> >> >> John
>> >> >>
>> >> >>
>> >> >> On 5/6/19, Paul Carter-Brown  wrote:
>> >> >> > lol on the Semaphore Telegraph,
>> >> >> >
>> >> >> > I 

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

You could try debugging the tomcat code and find out how, right after
it parses the TCP request, it invokes the servlet.  You can then
create your own harness for tomcat code after initializing the
appropriate context for the request to tomcat.  I don't know off hand
where in the tomcat code this cut point can be found.

Is this a performance issue, or are you building a proxy?

What is the problem you're trying to solve?

On 5/6/19, Paul Carter-Brown  wrote:
> Yea, but the issue is that only works when calling in the context of a
> current servlet call.
>
> Here is the kind of problem I want to solve:
>
> @WebServlet(name = "MyExample", urlPatterns = {"/example"}, loadOnStartup =
> 1)
> public class Example extends HttpServlet {
>
> @PersistenceContext
> private EntityManager em;
>
> @Override
> public void init(ServletConfig config) {
> Thread t = new Thread(() -> {
> while (true) {
> try {
> // Do a GET to /example/ and get the response without
> going out on localhost and back in
> // We cant just call doGet as we want the request to
> flow through the servlet filters, do the entitymanager injection etc
> Thread.sleep(1);
> } catch (Exception e) {
> }
> }
> });
> t.start();
>
> }
>
> @Override
> protected void doGet(HttpServletRequest req, HttpServletResponse resp)
> throws ServletException, IOException {
> // do stuff like use em
>     resp.setStatus(200);
> resp.getWriter().write("Hello World");
> }
>
> }
>
>
>
>
> On Mon, May 6, 2019 at 5:35 PM John Dale  wrote:
>
>> For reference, I did find this after searching "calling a servlet
>> programmatically":
>> https://docs.oracle.com/cd/E19146-01/819-2634/abxbn/index.html
>>
>> On 5/6/19, Paul Carter-Brown  wrote:
>> > I think we are completely missing each other. Forget sockets - that was
>> > just an example. I have code running in a Tomcat App server which is
>> > not
>> > managed by Tomcat and is not initiated by anything within Tomcat. That
>> code
>> > now wants to call a servlet hosted in that very same JVM. Any way to do
>> > that without going out and back in on TCP?
>> >
>> >
>> > On Mon, May 6, 2019 at 5:14 PM John Dale  wrote:
>> >
>> >> Sockets are an implementation of TCP/UDP inherently.
>> >>
>> >> Perhaps a mountaintop signal fire?
>> >>
>> >> ;)
>> >>
>> >> John
>> >>
>> >>
>> >> On 5/6/19, Paul Carter-Brown  wrote:
>> >> > lol on the Semaphore Telegraph,
>> >> >
>> >> > I can't use a request dispatcher as the request is being initiated
>> from
>> >> > code that has no context. I already have it working with HTTP using
>> >> > asynchttp library, but I want to avoid the overhead. E.g. lets say I
>> >> wrote
>> >> > my own server socket listener on port 1 running in the Tomcat
>> >> > JVM
>> >> > and
>> >> > got some request in some propriatary protocol called X. Now I want
>> >> > to
>> >> call
>> >> > a Tomcat servlet in the current JVM with some info I got over X
>> without
>> >> > going out on TCP and back in
>> >> >
>> >> > On Mon, May 6, 2019 at 4:40 PM John Dale  wrote:
>> >> >
>> >> >> If you're wanting to forward control to another servlet deployed in
>> >> >> the same context:
>> >> >> https://www.javatpoint.com/requestdispatcher-in-servlet
>> >> >>
>> >> >> If you are okay going through TCP to facilitate some future or
>> current
>> >> >> distribution of services, Use HTTPURLConnection (not sure what
>> >> >> you're
>> >> >> wanting to do with the result of the request, if anything):
>> >> >>
>> >> >>
>> >>
>> https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests
>> >> >>
>> >> >> If you need more sophisticated HTTP interactions, Apache maintains
>> >> >> a
>> >> >> very useful library for that:  http://hc.apache.org/
>> >> >>
>> >> >> If these don't work-out for you, rathe

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

For reference, I did find this after searching "calling a servlet
programmatically":
https://docs.oracle.com/cd/E19146-01/819-2634/abxbn/index.html

On 5/6/19, Paul Carter-Brown  wrote:
> I think we are completely missing each other. Forget sockets - that was
> just an example. I have code running in a Tomcat App server which is not
> managed by Tomcat and is not initiated by anything within Tomcat. That code
> now wants to call a servlet hosted in that very same JVM. Any way to do
> that without going out and back in on TCP?
>
>
> On Mon, May 6, 2019 at 5:14 PM John Dale  wrote:
>
>> Sockets are an implementation of TCP/UDP inherently.
>>
>> Perhaps a mountaintop signal fire?
>>
>> ;)
>>
>> John
>>
>>
>> On 5/6/19, Paul Carter-Brown  wrote:
>> > lol on the Semaphore Telegraph,
>> >
>> > I can't use a request dispatcher as the request is being initiated from
>> > code that has no context. I already have it working with HTTP using
>> > asynchttp library, but I want to avoid the overhead. E.g. lets say I
>> wrote
>> > my own server socket listener on port 1 running in the Tomcat JVM
>> > and
>> > got some request in some propriatary protocol called X. Now I want to
>> call
>> > a Tomcat servlet in the current JVM with some info I got over X without
>> > going out on TCP and back in
>> >
>> > On Mon, May 6, 2019 at 4:40 PM John Dale  wrote:
>> >
>> >> If you're wanting to forward control to another servlet deployed in
>> >> the same context:
>> >> https://www.javatpoint.com/requestdispatcher-in-servlet
>> >>
>> >> If you are okay going through TCP to facilitate some future or current
>> >> distribution of services, Use HTTPURLConnection (not sure what you're
>> >> wanting to do with the result of the request, if anything):
>> >>
>> >>
>> https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests
>> >>
>> >> If you need more sophisticated HTTP interactions, Apache maintains a
>> >> very useful library for that:  http://hc.apache.org/
>> >>
>> >> If these don't work-out for you, rather than using .NET, PHP, Python,
>> >> or some other Java facsimile at best, I recommend using the semaphore
>> >> telegraph:
>> >> https://en.wikipedia.org/wiki/Semaphore_telegraph
>> >>
>> >> Sincerely,
>> >>
>> >> John
>> >> DB2DOM
>> >>
>> >> On 5/6/19, Paul Carter-Brown  wrote:
>> >> > Hi John,
>> >> >
>> >> > Thanks for your feedback.
>> >> >
>> >> > The request I'm initiating should not or need not carry any context
>> >> > from
>> >> > the originating code. There is also no session to worry about as its
>> >> > just
>> >> > for rest calls. So basically I have the headers, path and body and
>> need
>> >> to
>> >> > generate a http servlet request and get an http servlet response (or
>> >> > similar) back. I have this working by calling into localhost but
>> >> > ideally
>> >> > want to skip the trombone out and back in.
>> >> >
>> >> > Have you got any basic code examples?
>> >> >
>> >> > Paul
>> >> >
>> >> > On Tue, Apr 30, 2019 at 5:27 PM John Dale  wrote:
>> >> >
>> >> >> Another thought .. you can do some request dispatching, but without
>> >> >> knowing more about the tools you're using, I can't say for sure if
>> >> >> this is the direction you'll want to go.
>> >> >>
>> >> >> On 4/29/19, Paul Carter-Brown  wrote:
>> >> >> > Hi
>> >> >> >
>> >> >> > I'm trying to design a Kafka consumer and producer that will run
>> >> inside
>> >> >> the
>> >> >> > tomcat jvm and pick up messages off a Kafka topic and translate
>> them
>> >> >> into a
>> >> >> > servlet request and pass it through tomcat and then when the
>> >> >> > response
>> >> >> > is
>> >> >> > complete then translate it into a Kafka message and put it onto
>> >> another
>> >> >> > topic as a reply. This way I can reuse our existing ja

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

Another thought is that servlets maintain contextual information and
resources .. that's nice, saves a lot of time.  As soon as you need a
database resource or an extension of your pruned-back HTTP
implementation on the server socket, you'll be rebuilding what Tomcat
has already done?


On 5/6/19, Paul Carter-Brown  wrote:
> lol on the Semaphore Telegraph,
>
> I can't use a request dispatcher as the request is being initiated from
> code that has no context. I already have it working with HTTP using
> asynchttp library, but I want to avoid the overhead. E.g. lets say I wrote
> my own server socket listener on port 1 running in the Tomcat JVM and
> got some request in some propriatary protocol called X. Now I want to call
> a Tomcat servlet in the current JVM with some info I got over X without
> going out on TCP and back in
>
> On Mon, May 6, 2019 at 4:40 PM John Dale  wrote:
>
>> If you're wanting to forward control to another servlet deployed in
>> the same context:
>> https://www.javatpoint.com/requestdispatcher-in-servlet
>>
>> If you are okay going through TCP to facilitate some future or current
>> distribution of services, Use HTTPURLConnection (not sure what you're
>> wanting to do with the result of the request, if anything):
>>
>> https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests
>>
>> If you need more sophisticated HTTP interactions, Apache maintains a
>> very useful library for that:  http://hc.apache.org/
>>
>> If these don't work-out for you, rather than using .NET, PHP, Python,
>> or some other Java facsimile at best, I recommend using the semaphore
>> telegraph:
>> https://en.wikipedia.org/wiki/Semaphore_telegraph
>>
>> Sincerely,
>>
>> John
>> DB2DOM
>>
>> On 5/6/19, Paul Carter-Brown  wrote:
>> > Hi John,
>> >
>> > Thanks for your feedback.
>> >
>> > The request I'm initiating should not or need not carry any context
>> > from
>> > the originating code. There is also no session to worry about as its
>> > just
>> > for rest calls. So basically I have the headers, path and body and need
>> to
>> > generate a http servlet request and get an http servlet response (or
>> > similar) back. I have this working by calling into localhost but
>> > ideally
>> > want to skip the trombone out and back in.
>> >
>> > Have you got any basic code examples?
>> >
>> > Paul
>> >
>> > On Tue, Apr 30, 2019 at 5:27 PM John Dale  wrote:
>> >
>> >> Another thought .. you can do some request dispatching, but without
>> >> knowing more about the tools you're using, I can't say for sure if
>> >> this is the direction you'll want to go.
>> >>
>> >> On 4/29/19, Paul Carter-Brown  wrote:
>> >> > Hi
>> >> >
>> >> > I'm trying to design a Kafka consumer and producer that will run
>> inside
>> >> the
>> >> > tomcat jvm and pick up messages off a Kafka topic and translate them
>> >> into a
>> >> > servlet request and pass it through tomcat and then when the
>> >> > response
>> >> > is
>> >> > complete then translate it into a Kafka message and put it onto
>> another
>> >> > topic as a reply. This way I can reuse our existing jax-rs rest
>> >> > services
>> >> > and expose them as an async api over Kafka. The idea is to make the
>> >> > Kafka
>> >> > messages similar to http in that they would consist of headers and a
>> >> body.
>> >> > The body would be json.
>> >> >
>> >> > Now I know this could be done by calling localhost with an http call
>> to
>> >> > trombone the requests back into tomcat but I'd like to avoid the
>> >> associated
>> >> > latency and overhead. Is it possible to call tomcat directly
>> >> > in-process.
>> >> > This does not need to be portable to other containers so can be
>> >> > proprietary.
>> >> >
>> >> > I'm using tomcat 8. In fact its tomee 8 but guessed this is more a
>> >> > tomcat
>> >> > question than tomee but have sent to both groups just in case.
>> >> >
>> >> > Thanks for any insights.
>> >> >
>> >> > Paul
>> >> >
>> >>
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

Class loaders maintain isolation of contexts, so calling a method on a
different servlet can be tricky, but that is possible.  Although, take
into account that the container maintains pools of servlets, so
something like a static service method, assuming you can crack the
class loader nut, might work.

In the design of your service, you would need to define (possibly
static) methods that encapsulate the functionality you'd like to
execute (reuse).

Without doing something that would be considered a violation of
security principles in computing (SPECTR notwithstanding), I think
you'll have a very difficult time with this requirement.

The JVM may be doing some optimizations for localhost requests that
speed things up, but I can't confirm that at present (and my instincts
say it isn't).

This brings up the point about performance vs scalability.  When you
are proxying network requests like this, scalability can keep your
request/processing times normative (assuming you don't have a database
problem).  Assuming your baseline request/response times are
acceptable, using scalability techniques is generally preferred to
unrelenting performance optimizations not including memory leaks.

That said, I get your sentiment, and applaud your desire to make
things go fast.  Awesome!

On 5/6/19, Paul Carter-Brown  wrote:
> I think we are completely missing each other. Forget sockets - that was
> just an example. I have code running in a Tomcat App server which is not
> managed by Tomcat and is not initiated by anything within Tomcat. That code
> now wants to call a servlet hosted in that very same JVM. Any way to do
> that without going out and back in on TCP?
>
>
> On Mon, May 6, 2019 at 5:14 PM John Dale  wrote:
>
>> Sockets are an implementation of TCP/UDP inherently.
>>
>> Perhaps a mountaintop signal fire?
>>
>> ;)
>>
>> John
>>
>>
>> On 5/6/19, Paul Carter-Brown  wrote:
>> > lol on the Semaphore Telegraph,
>> >
>> > I can't use a request dispatcher as the request is being initiated from
>> > code that has no context. I already have it working with HTTP using
>> > asynchttp library, but I want to avoid the overhead. E.g. lets say I
>> wrote
>> > my own server socket listener on port 1 running in the Tomcat JVM
>> > and
>> > got some request in some propriatary protocol called X. Now I want to
>> call
>> > a Tomcat servlet in the current JVM with some info I got over X without
>> > going out on TCP and back in
>> >
>> > On Mon, May 6, 2019 at 4:40 PM John Dale  wrote:
>> >
>> >> If you're wanting to forward control to another servlet deployed in
>> >> the same context:
>> >> https://www.javatpoint.com/requestdispatcher-in-servlet
>> >>
>> >> If you are okay going through TCP to facilitate some future or current
>> >> distribution of services, Use HTTPURLConnection (not sure what you're
>> >> wanting to do with the result of the request, if anything):
>> >>
>> >>
>> https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests
>> >>
>> >> If you need more sophisticated HTTP interactions, Apache maintains a
>> >> very useful library for that:  http://hc.apache.org/
>> >>
>> >> If these don't work-out for you, rather than using .NET, PHP, Python,
>> >> or some other Java facsimile at best, I recommend using the semaphore
>> >> telegraph:
>> >> https://en.wikipedia.org/wiki/Semaphore_telegraph
>> >>
>> >> Sincerely,
>> >>
>> >> John
>> >> DB2DOM
>> >>
>> >> On 5/6/19, Paul Carter-Brown  wrote:
>> >> > Hi John,
>> >> >
>> >> > Thanks for your feedback.
>> >> >
>> >> > The request I'm initiating should not or need not carry any context
>> >> > from
>> >> > the originating code. There is also no session to worry about as its
>> >> > just
>> >> > for rest calls. So basically I have the headers, path and body and
>> need
>> >> to
>> >> > generate a http servlet request and get an http servlet response (or
>> >> > similar) back. I have this working by calling into localhost but
>> >> > ideally
>> >> > want to skip the trombone out and back in.
>> >> >
>> >> > Have you got any basic code examples?
>> >> >
>> >> > Paul
>> >> >
>> >> > On Tue, Apr 30, 201

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

Sockets are an implementation of TCP/UDP inherently.

Perhaps a mountaintop signal fire?

;)

John


On 5/6/19, Paul Carter-Brown  wrote:
> lol on the Semaphore Telegraph,
>
> I can't use a request dispatcher as the request is being initiated from
> code that has no context. I already have it working with HTTP using
> asynchttp library, but I want to avoid the overhead. E.g. lets say I wrote
> my own server socket listener on port 1 running in the Tomcat JVM and
> got some request in some propriatary protocol called X. Now I want to call
> a Tomcat servlet in the current JVM with some info I got over X without
> going out on TCP and back in
>
> On Mon, May 6, 2019 at 4:40 PM John Dale  wrote:
>
>> If you're wanting to forward control to another servlet deployed in
>> the same context:
>> https://www.javatpoint.com/requestdispatcher-in-servlet
>>
>> If you are okay going through TCP to facilitate some future or current
>> distribution of services, Use HTTPURLConnection (not sure what you're
>> wanting to do with the result of the request, if anything):
>>
>> https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests
>>
>> If you need more sophisticated HTTP interactions, Apache maintains a
>> very useful library for that:  http://hc.apache.org/
>>
>> If these don't work-out for you, rather than using .NET, PHP, Python,
>> or some other Java facsimile at best, I recommend using the semaphore
>> telegraph:
>> https://en.wikipedia.org/wiki/Semaphore_telegraph
>>
>> Sincerely,
>>
>> John
>> DB2DOM
>>
>> On 5/6/19, Paul Carter-Brown  wrote:
>> > Hi John,
>> >
>> > Thanks for your feedback.
>> >
>> > The request I'm initiating should not or need not carry any context
>> > from
>> > the originating code. There is also no session to worry about as its
>> > just
>> > for rest calls. So basically I have the headers, path and body and need
>> to
>> > generate a http servlet request and get an http servlet response (or
>> > similar) back. I have this working by calling into localhost but
>> > ideally
>> > want to skip the trombone out and back in.
>> >
>> > Have you got any basic code examples?
>> >
>> > Paul
>> >
>> > On Tue, Apr 30, 2019 at 5:27 PM John Dale  wrote:
>> >
>> >> Another thought .. you can do some request dispatching, but without
>> >> knowing more about the tools you're using, I can't say for sure if
>> >> this is the direction you'll want to go.
>> >>
>> >> On 4/29/19, Paul Carter-Brown  wrote:
>> >> > Hi
>> >> >
>> >> > I'm trying to design a Kafka consumer and producer that will run
>> inside
>> >> the
>> >> > tomcat jvm and pick up messages off a Kafka topic and translate them
>> >> into a
>> >> > servlet request and pass it through tomcat and then when the
>> >> > response
>> >> > is
>> >> > complete then translate it into a Kafka message and put it onto
>> another
>> >> > topic as a reply. This way I can reuse our existing jax-rs rest
>> >> > services
>> >> > and expose them as an async api over Kafka. The idea is to make the
>> >> > Kafka
>> >> > messages similar to http in that they would consist of headers and a
>> >> body.
>> >> > The body would be json.
>> >> >
>> >> > Now I know this could be done by calling localhost with an http call
>> to
>> >> > trombone the requests back into tomcat but I'd like to avoid the
>> >> associated
>> >> > latency and overhead. Is it possible to call tomcat directly
>> >> > in-process.
>> >> > This does not need to be portable to other containers so can be
>> >> > proprietary.
>> >> >
>> >> > I'm using tomcat 8. In fact its tomee 8 but guessed this is more a
>> >> > tomcat
>> >> > question than tomee but have sent to both groups just in case.
>> >> >
>> >> > Thanks for any insights.
>> >> >
>> >> > Paul
>> >> >
>> >>
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

If you're wanting to forward control to another servlet deployed in
the same context:
https://www.javatpoint.com/requestdispatcher-in-servlet

If you are okay going through TCP to facilitate some future or current
distribution of services, Use HTTPURLConnection (not sure what you're
wanting to do with the result of the request, if anything):
https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests

If you need more sophisticated HTTP interactions, Apache maintains a
very useful library for that:  http://hc.apache.org/

If these don't work-out for you, rather than using .NET, PHP, Python,
or some other Java facsimile at best, I recommend using the semaphore
telegraph:
https://en.wikipedia.org/wiki/Semaphore_telegraph

Sincerely,

John
DB2DOM

On 5/6/19, Paul Carter-Brown  wrote:
> Hi John,
>
> Thanks for your feedback.
>
> The request I'm initiating should not or need not carry any context from
> the originating code. There is also no session to worry about as its just
> for rest calls. So basically I have the headers, path and body and need to
> generate a http servlet request and get an http servlet response (or
> similar) back. I have this working by calling into localhost but ideally
> want to skip the trombone out and back in.
>
> Have you got any basic code examples?
>
> Paul
>
> On Tue, Apr 30, 2019 at 5:27 PM John Dale  wrote:
>
>> Another thought .. you can do some request dispatching, but without
>> knowing more about the tools you're using, I can't say for sure if
>> this is the direction you'll want to go.
>>
>> On 4/29/19, Paul Carter-Brown  wrote:
>> > Hi
>> >
>> > I'm trying to design a Kafka consumer and producer that will run inside
>> the
>> > tomcat jvm and pick up messages off a Kafka topic and translate them
>> into a
>> > servlet request and pass it through tomcat and then when the response
>> > is
>> > complete then translate it into a Kafka message and put it onto another
>> > topic as a reply. This way I can reuse our existing jax-rs rest
>> > services
>> > and expose them as an async api over Kafka. The idea is to make the
>> > Kafka
>> > messages similar to http in that they would consist of headers and a
>> body.
>> > The body would be json.
>> >
>> > Now I know this could be done by calling localhost with an http call to
>> > trombone the requests back into tomcat but I'd like to avoid the
>> associated
>> > latency and overhead. Is it possible to call tomcat directly
>> > in-process.
>> > This does not need to be portable to other containers so can be
>> > proprietary.
>> >
>> > I'm using tomcat 8. In fact its tomee 8 but guessed this is more a
>> > tomcat
>> > question than tomee but have sent to both groups just in case.
>> >
>> > Thanks for any insights.
>> >
>> > Paul
>> >
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

Another thought .. you can do some request dispatching, but without
knowing more about the tools you're using, I can't say for sure if
this is the direction you'll want to go.

On 4/29/19, Paul Carter-Brown  wrote:
> Hi
>
> I'm trying to design a Kafka consumer and producer that will run inside the
> tomcat jvm and pick up messages off a Kafka topic and translate them into a
> servlet request and pass it through tomcat and then when the response is
> complete then translate it into a Kafka message and put it onto another
> topic as a reply. This way I can reuse our existing jax-rs rest services
> and expose them as an async api over Kafka. The idea is to make the Kafka
> messages similar to http in that they would consist of headers and a body.
> The body would be json.
>
> Now I know this could be done by calling localhost with an http call to
> trombone the requests back into tomcat but I'd like to avoid the associated
> latency and overhead. Is it possible to call tomcat directly in-process.
> This does not need to be portable to other containers so can be
> proprietary.
>
> I'm using tomcat 8. In fact its tomee 8 but guessed this is more a tomcat
> question than tomee but have sent to both groups just in case.
>
> Thanks for any insights.
>
> Paul
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Initiating httpservletrequest from inside Tomcat / TomEE

[John Dale]

This is one of my favorite things.

You'll need to retransmit headers, but by and large it's doable.

Management of contexts can be tricky. Don't forget that the target
service will have a difference context (database connection context
has bitten me in the past on this type of task).

I do my session management in the database, bypassing tomcat's session
management.  The session affinity being in the database has proven
VERY useful to me when extending and integrating my code

I'm not sure if you'll have this luxury, though.

This type of Internet plumbing is powerful, but also can allude to
some scary topics.

Good luck!


On 4/29/19, Paul Carter-Brown  wrote:
> Hi
>
> I'm trying to design a Kafka consumer and producer that will run inside the
> tomcat jvm and pick up messages off a Kafka topic and translate them into a
> servlet request and pass it through tomcat and then when the response is
> complete then translate it into a Kafka message and put it onto another
> topic as a reply. This way I can reuse our existing jax-rs rest services
> and expose them as an async api over Kafka. The idea is to make the Kafka
> messages similar to http in that they would consist of headers and a body.
> The body would be json.
>
> Now I know this could be done by calling localhost with an http call to
> trombone the requests back into tomcat but I'd like to avoid the associated
> latency and overhead. Is it possible to call tomcat directly in-process.
> This does not need to be portable to other containers so can be
> proprietary.
>
> I'm using tomcat 8. In fact its tomee 8 but guessed this is more a tomcat
> question than tomee but have sent to both groups just in case.
>
> Thanks for any insights.
>
> Paul
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: unable to serve static files with embedded Tomcat

[John Dale]

Tomcat doesn't seem to timeout one its own unless my DBCP is being
abused in the code.

I'm thinking firewall .. also, double-check your port configuration(s)
in server.xml (or context.xml if that's the route you're going).

On 4/19/19, Garret Wilson  wrote:
> Embedding Tomcat 9 (with OpenJDK 11 on Windows 10) I want to serve
> static files from `/foo/bar`. From scouring the web (primarily
> https://stackoverflow.com/a/15235711/421049 ), the documentation, and
> some books (primarily _Apache Tomcat 7_), I have this:
>
>  Tomcat tomcat = new Tomcat();
>  tomcat.setPort(8080);
>  tomcat.setBaseDir("/foo");
>  Context ctx = tomcat.addContext("", "/foo/bar");
>  final Wrapper defaultServlet = ctx.createWrapper();
>  defaultServlet.setName("default");
> defaultServlet.setServletClass("org.apache.catalina.servlets.DefaultServlet");
>  defaultServlet.addInitParameter("debug", "1");
>  defaultServlet.addInitParameter("listings", "false");
>  defaultServlet.setLoadOnStartup(1);
>  ctx.addChild(defaultServlet);
>  ctx.addServletMappingDecoded("/", "default");
>  ctx.addWelcomeFile("index.html");
>  tomcat.start();
>  tomcat.getServer().await();
>
> Everything looks like it starts up:
>
>  Apr 19, 2019 2:18:09 PM org.apache.catalina.core.StandardService
> startInternal
>  INFO: Starting service [Tomcat]
>  Apr 19, 2019 2:18:09 PM org.apache.catalina.core.StandardEngine
> startInternal
>  INFO: Starting Servlet engine: [Apache Tomcat/9.0.19]
>  Apr 19, 2019 2:18:10 PM
> org.apache.catalina.util.SessionIdGeneratorBase createSecureRandom
>  WARNING: Creation of SecureRandom instance for session ID
> generation using [SHA1PRNG] took [281] milliseconds.
>  Apr 19, 2019 2:18:10 PM org.apache.catalina.core.ApplicationContext
> log
>  INFO: default: DefaultServlet.init:  input buffer size=2048, output
> buffer size=2048
>
> But connections to http://localhost:8080/ time out. (I'm pretty sure but
> not positive that I don't have anything blocking this in the firewall.)
>
> Is there some simple thing I'm missing to connect things together?
>
> Thanks,
>
> Garret
>
> P.S. The documentation on the web for the details of this is
> surprisingly sparse.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Wildcard certificates

[John Dale]

Here is a mostly manual process for integration of certbot with tomcat
7.x.x.  This presupposes you have certbot installed and working (I'm
using Debian):
--

// generate the certificates
./certbot-auto certonly --webroot -w /path/to/certbotauth/

// paste in
domain1.com domain2.com domain3.com domainN.com

// convert key format
openssl pkcs12 -export -out gbsapp-bundle.pfx -inkey privkey.pem -in
cert.pem -certfile chain.pem -password pass:keystorepass

// change folders into the directory where the cert was generated
cd /etc/letsencrypt/live/primarydomain.com/

// copy key and change permissions
cp bundlename-bundle.pfx /pathtotomcat/apache-tomcat-7.x.x/conf/


Here is what I'm using to handle the certbot challenge in my custom MVC:
--

if(request.getPathInfo().indexOf("acme-challenge") > 0)
{
// certbot request
// todo - further validate authenticity of request
// example:
/.well-known/acme-challenge/Z9kDHD-PDvjAPT6pUaeGCoNP2f-GNoLFpXOKoAA_58k:
String certAuthRoot = "certbot/auth/folder/path";
log.info("Cert bot challenge detected.");
File file = new File(certAuthRoot + request.getPathInfo());
FileInputStream fis = new FileInputStream(file);
OutputStream os = response.getOutputStream();
int fileContents;
while((fileContents = fis.read()) != -1)
{
os.write(fileContents);
}
os.flush();
fis.close();
return;
}

Hope this helps,

John


On 4/17/19, Sean Dawson  wrote:
> On Wed, Apr 17, 2019 at 9:20 AM Sean Dawson 
> wrote:
>
>>
>> Hello, I have a widlcard certificate from GoDaddy. Can I use this with
>> Tomcat? (8.5)
>>
>> I have the files crt (primary certificate?), p7b (intermediate?), pfx
>> (private key?), and a .key file. I did not generate a certificate request
>> prior to this.
>>
>> Google is telling me that either I need to generate a certificate request
>> first, or it's telling everything I need to know about wildcard
>> certificates except how to use the above files.
>>
>> This is for Tomcat 8.5 with Java 8 on CentOS 7, and Windows Server 2016.
>>
>> Thank you.
>>
>>
> Ok just for others' benefit if they want to go this way, I was able to get
> it working by concatenating the .key and the .crt file into one .pem. Then
> do this:
>
> openssl pkcs12 -export -in combined.pem -out cert.p12
>
> And then this:
>
> keytool -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12
> -destkeystore cert.jks
>
> (from this page:
> https://stackoverflow.com/questions/22296312/convert-certificate-from-pem-into-jks
> )
>
> Sorry for the earlier top posting.
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Wildcard certificates

[John Dale]

Exactly .. this is part of the solution.  I am having tomcat behave
smartly in response to the certificate validation, and I have a nice
path to develop some cool tools, similar to HTTPD, around certbot (I
love that this is a free service, but I do have some concerns over
centralized CSA, so I do other symmetric key encryption in other areas
to help me sleep at night).

On 4/17/19, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> To whom it may concern,
>
> On 4/17/19 09:44, TurboChargedDad . wrote:
>> We terminated SSL above the tomcat layer using NGINX or Apache to
>> avoid the complexities that come with managing a JKS.  I want to
>> hear all I can on this subject.
>
> It's not necessary to handle JKS files to use Tomcat for TLS termination
> .
>
> You can use PEM-encoded DER files (same as httpd, nginx, etc.) if you
> use any connector along with the OpenSSL engine.
>
> You can also use PKCS12 files (similar to JKS files, but much more
> standard) which openssl knows how to manipulate (as does Java's
> "keytool") with any JSSE-based crypto engine.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3VzcACgkQHPApP6U8
> pFhOwxAAtd5d0UDSp1SEjZWKu+AX970vUTZIc+UxeWAWcwG20MjBeHa4PBzrJFIK
> QVduzNGBJvi2oez9QV3LCnLo2jkIgpZG6EC/+TBQSSfAn8iGrL7lc59vWXg551PC
> 8+llFd9q3M13dqyx824YijMPptwFxH36z0K2pr34ytZOP1g/QDUA07dW5rW2rJKF
> tdOkHIE/QvEE+iSQnrYQbNNknBk/grzbxDwg7lZupSi1UBY080Hc8aPzWknBADKh
> zPKt6942WMvrIDmK8yCQSgkqjG8QWrZfR5QNkvnkRN4rridK4TevYm6Da/QI46w3
> NPSozJeNKGeaUylabH4jTcVBE3eynOcP0oyBJ7/MmMzu1a9jU9ar7mZmTlZEPaEV
> f3jxmfQ5m4AmbypNfwLzudo0ekVQceD33Ba04/VO9wGESMNSQTF6XIz69BSHvj1s
> KsIIFcgdWuVH5ae5UxgirWghecz2xZAu7BHXYtkPdLcmF/RgTR1lQQ34JDlB9VPM
> NdtZuVUWasnlWVGF4YDV6RzQwdhzGk4FUd38ULRzsc+ycyA0LtbdQfyear/N/dxl
> c4s+nPiub1lnggMbd990uPMhoy8AaEGq4GG6NyKXvBz1sUw72n27QO6tCEIinQSe
> E8OOofUgHAcLwuEQxLO/bvVnD77Vx95lxnIoludx51BvEM1ZbbU=
> =M18j
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Wildcard certificates

[John Dale]

On 4/17/19, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> John,
>
> On 4/17/19 10:42, John Dale wrote:
>> My understanding is that the folks at SUN really put their backs
>> into it from the beginning:
>> https://stackoverflow.com/questions/479701/does-java-have-buffer-overf
> lows
>>
>>  Since hot spot compilers have matured, Java is virtually as fast
>> as C/++ (the Java is slow argument falls in my deaf ears, even if
>> it is amazingly repeated still today by members of other
>> programming religions).
>
> Where it really sucks, though, is crypto. When JSSE decides to use
> hardware for crypto, things go really well. But it often does not make
> that decision due to a few bugs here and there that still appear to
> remain in the runtime.
>
> Tomcat benchmarks comparing JSSE versus OpenSSL are at least an order
> of magnitude different, sometimes two, in favor of OpenSSL.
>
> Have a look at any of the slides Jean-Frederic Clere has presented at
> any recent ApacheCon conferences and you can see his benchmarks
> comparing them.
>
> The good news is that Tomcat+OpenSSL is comparable to httpd+OpenSSL,
> so if you are able to use tcnative (required for OpenSSL use from
> Tomcat), then the performance argument is pretty much moot.
>
> I myself always front Tomcat with another web server, but that is for
> other reasons. Security and performance are nice-to-haves but aren't
> really justified IMHO. Flexibility is the primary reason I front my
> Tomcat instances with web servers. Tomcat doesn't make a great
> load-balancer.
>
> - -chris

You mean on its own without modification?  I think Tomcat makes a
great load balancer, but I had to write a little code.

HTTPD has a lot of plugins and ad-ons and a history of integration
with lots of tools from firewall to email and beyond.  It's a crazy
piece of software that is very mature, but I found it to be overkill
for my purposes .. I just use LFD/CFS manually, and I will continue to
improve my DDOS, other exploit mitigation code.



> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3WdkACgkQHPApP6U8
> pFiRrg//QcXdcysOx18yEpadFhuUekcTvogC5BGhZe5lV3AY4fgXeXQH46YZOkeY
> Lit5F6JRFb9qVwFs9Uc9Ot9hwvVt9ldFMKOKAkxMIAp1yxRk8sWuaI99OLiNBAyf
> qKmfwI0bx4H73oR22jhP5mlIITzJShZc86R9apb/v34ofncxQ6bLlAQMxu98Wo7W
> G4kBXTjnn7UzNFtpAXiZLd8t22IeBbN6CDFgM5urhOb3g7rTNdqW8Q28ik7qwenK
> gK5KmSek7+LZTsx5UD3N4WxdRkUKB30ZIvPt+cH1HMntvulQKJ39Giw9XjXHv8Hc
> VIsrh/S+2fbfG+4F0aqYmR5WuEXK30mG76DU3DW2o3v8sZ+pvuJ3C37mc0biWGy7
> fS722Uh3s6tucs4ToQtwwYkhS93NIUm8uLZJnv3FAUW5EOY7THzf0pplv/ZZEQ62
> Sg1bZ4mA7/Tdt25MKM2K04h2ERLTsAiB7Qneh2Ch4yVt3cwnGbZUFCAbXMSq01xE
> TP6j0zfLAtEx3b6Av22WLqnq5NdSDUYbvVzTQPH/TUERf4ztLRadBjHPEN0gM2vL
> zQi7BGiJix2K/fjWLicGkZKTPCWvSnknkwPgQ1JzxZwEQmCUA+hRANaZljp7KVwP
> mObnaRL5QQ/S2NhCRHFdvyLqXMgmbSsMe+FMmN2P8/mADwSdeK8=
> =4xik
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Wildcard certificates

[John Dale]

I manage dozens of contexts/domains using loosely coupled code.

Chris - of course it's amazing.  I would also call it super and profound. :)

I am in the middle of some TI at our office today .. can't really stop
to do this.

I have the code used to identify and validate the certbot requests and
a few scripts that use the certbot to do the work.

Come to think of it,  my certs will need renewal soon.  I'll take a
pass over what I have and send it out after I renew .. thank you for
your patience.

John


On 4/17/19, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> To whom it may concern,
>
> On 4/17/19 10:22, TurboChargedDad . wrote:
>> I would have the opposite feeling.  I would not want a java process
>>  parked out in the internet.  Not saying you're wrong just my
>> personal feeling.
> It would be interesting to compare the number of remotely-exploitable
> vulnerabilities there have been in e.g. httpd versus e.g. Tomcat in a
> given period of time. My guess is that the Java-based servers have had
> a better track record. The difference is that typically if you own a
> web server, you just own the web server. But if you own an application
> server, you typically get access to lots of great stuff like the
> application's database.
>
>> Maybe things have shifted in a different direction over the year.
> Any particular year?
>
>> I do agree that something like that would be helpful to other
>> tomcat admins.  Would you consider putting it into github ?
> certbot does almost everything you need. There is also this:
> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt
> %20Apache%20Tomcat.pdf
>
> So unless John has done something truly amazing, maybe adding more
> tools to what MUST be a secure toolchain isn't a great move.
>
> - -chris
>
>> On Wed, Apr 17, 2019 at 9:18 AM John Dale 
>> wrote:
>>
>>> I have a really nice process that works great with certbot.
>>> Single command to renew all of my certs and I'm finished.
>>>
>>> I get some piece of mind having a Java process guarding the
>>> front door.  Seems to be more impervious to overflows.  What am I
>>> missing?
>>>
>>> I think what I have might be easily developed into something to
>>> help other Tomcat users.
>>>
>>> On 4/17/19, TurboChargedDad .  wrote:
>>>> We terminated SSL above the tomcat layer using NGINX or Apache
>>>> to avoid the complexities that come with managing a JKS.  I
>>>> want to hear all I can on this subject.
>>>>
>>>
>>> -
>>>
>>>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3WFMACgkQHPApP6U8
> pFjFUA//Q5HiqvarK/NO/o2tjtVUVs75RJaTEao7T1eUCwMIf/F9nkpZpNG8TxK7
> slT0zu3GMaB5+Z5PK753M3+vZ9nytbat4ODbUNpUMrqeT1/U0eaF1LdbY0jeUmKH
> hmzQFTtLEtJ9mMYn+KJ3sA8D3sIECWwFuKD+BdYmOkzAZn37HlzyI+1CMr4mEA6C
> LnhlD/hEeG4HiO5FtE4BxRKZ0vcLhBp10/m27E6j6KDiiwT7+tlNfwD53S5P94vv
> f/FbwSP8GJfkFu13ot+ce1IVerMNpMpc6nay1efJmYtT4oHyNP0YUVMZyN8YyCTO
> 5yiLYOj8yXLxLatdKBWJ+1fsqd5DXuOEv0KmaIaqi3pLHg5oJQp5CtsLKTSFVTmV
> FBoWew1JFhh5DBI27uJntGzlwIGjKAq7Cq0qitL2gVCiDr6HFaI/gkvVriDjoZL/
> L3E5JDSpYL/iSzBeBd5qKbGVz7+/bdsHoxdHGRFrvcNYyPZIT871bVoNjvyaSFsM
> KZGYcgZgruzN6hT3+jmJpHHoINb+XQeViM140HvYJP1zrcyCZ9ejqpw1BSB+WbT0
> OutjYugoJwORD2SWFTXAc5g6flP5I6JYogexzlj0UPx6v0969I6OBPkLRyMzyKnr
> RTSLV2mYJifNFjLvJ98blhhRmZG3BgAJR4ussur1NTZzs6I03Bc=
> =4l6s
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Wildcard certificates

[John Dale]

My understanding is that the folks at SUN really put their backs into
it from the beginning:
https://stackoverflow.com/questions/479701/does-java-have-buffer-overflows

Since hot spot compilers have matured, Java is virtually as fast as
C/++ (the Java is slow argument falls in my deaf ears, even if it is
amazingly repeated still today by members of other programming
religions).

Other proxies/balancers also do threat mitigation (DDOS, flooding,
etc).  I have written some of my own code to deal with this .. because
of the way I handle data and MVC, I have a central place to park all
of the heuristics.  I bet these heuristics could become robust and
maintainable over time.

I would be happy to share (would need a little time to isolate and
deliver). I have always wondered how difficult it is to have
Apache/Tomcat evaluate new projects.  Part of  this certbot solution
requires providing some automated validation for the certbot CSA
agent.  This code can stand alone, but I have it integrated with some
other tools that have also proven helpful.  I wonder if I might
attract a sponsorship from someone within ASF for my project?

I call it DB2DOM.COM - it's a "pseudosingularity" because it is used
to extend and maintain itself.

Any ideas I'd love to hear them.

Have a good one,

John


On 4/17/19, TurboChargedDad .  wrote:
>   I would have the opposite feeling.  I would not want a java process
> parked out in the internet.  Not saying you're wrong just my personal
> feeling.  Maybe things have shifted in a different direction over the
> year.  I do agree that something like that would be helpful to other tomcat
> admins.  Would you consider putting it into github ?
>
> Thanks,
> J
>
> On Wed, Apr 17, 2019 at 9:18 AM John Dale  wrote:
>
>> I have a really nice process that works great with certbot.  Single
>> command to renew all of my certs and I'm finished.
>>
>> I get some piece of mind having a Java process guarding the front
>> door.  Seems to be more impervious to overflows.  What am I missing?
>>
>> I think what I have might be easily developed into something to help
>> other Tomcat users.
>>
>> On 4/17/19, TurboChargedDad .  wrote:
>> >   We terminated SSL above the tomcat layer using NGINX or Apache to
>> > avoid
>> > the complexities that come with managing a JKS.  I want to hear all I
>> > can
>> > on this subject.
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Wildcard certificates

[John Dale]

I have a really nice process that works great with certbot.  Single
command to renew all of my certs and I'm finished.

I get some piece of mind having a Java process guarding the front
door.  Seems to be more impervious to overflows.  What am I missing?

I think what I have might be easily developed into something to help
other Tomcat users.

On 4/17/19, TurboChargedDad .  wrote:
>   We terminated SSL above the tomcat layer using NGINX or Apache to avoid
> the complexities that come with managing a JKS.  I want to hear all I can
> on this subject.
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Build Dependencies

[John Dale]

I neglected to appreciate the volume of communication you guys deal with.

Igor - thanks!

Chris - noted.

Have a good one,

John

On 4/15/19, Christopher Schultz  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Igal,
>
> On 4/14/19 13:23, Igal Sapir wrote:
>> John,
>>
>> On Sun, Apr 14, 2019 at 6:50 AM John Dale 
>> wrote:
>>
>>> Hi Mark;
>>>
>>> Do you have an artifact depicting the dependencies in Tomcat?
>>> I'd like to start building, debugging, and helping-out, but I
>>> just like using Ant and using manual methods for dependencies at
>>> compile time.
>>>
>>> Do I have a chance?
>>>
>>
>> I recommend reviewing the build.xml file along with
>> build.properties.default.  They contain everything you need
>> including dependency downloads, IDE skeletons, etc.
>
> Or just:
> http://tomcat.apache.org/tomcat-9.0-doc/building.html
>
>> Also, in the future please rename the subject line when replying in
>> an announcement thread.
>
> No! Don't do that, either. It doesn't break the thread. Instead, send
> a new message to the list.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly0mpkACgkQHPApP6U8
> pFiLVA//UdQC2WkxcmuSJQUsifzFr2DC+Ge56dJuZbqBOCxmFnwl2a4dWBC1yc/Y
> WBiV2qH3O1YvtKPgILlhz54777TW2rTjH94Wfzmd9PXGOkhR3VE9LLUReQIcUdr8
> K1C7UNxUnnXQRq6zzcj6v8v1+HZoYtCONt8cIhOaBF3cUIrx4EGTX/+ju72aY2S9
> tI3dylbBbPMdaVAkbSMkwJn6Cx8YUoe+fTJxKpqMj/WLYb6D1FkMbhc7diz4CclI
> NuIqZxxgy/egBd2ZzTeJy6YabD+TsWzdOhtX3WXltgozyfBPxZikxoyiA8WyKvm2
> 1PbHBHjX4qCmcPrtnOKFGLKq6MqfktILKRl14kLk3VtNpSxYfs58N/ijQiiGB68E
> PR3nT+OLz/FiJeR49VmZmEO2GYjzlI3Vv8sUDWBTIhni/mfUAO6LwRsufvPLn4jH
> IjNwEX7LEkmsDTRnMKLWAvbgh7o/KWeUDnpEmZOulYRoumFtdBjk0jdSz73W7wNN
> lhDsqx0nMjvHKYLokVMGLeROMo4RPvw82T20Ny54zAGK/tx/Gkrcf9ULADw11t5O
> w7KgxLlhq/IUZ8xV9qhBGMSL61VIKJV8rmLoX2lBg/ySbYfpQcHXmdreAEIsAro4
> f8o0dERwywu+F8IfDGVUK6Vq8BlBEHtpy/bYjrNu0eBMnNg3YEI=
> =DVWR
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 8.5.40 available

[John Dale]

Hi Mark;

Do you have an artifact depicting the dependencies in Tomcat?  I'd
like to start building, debugging, and helping-out, but I just like
using Ant and using manual methods for dependencies at compile time.

Do I have a chance?

Sincerely,

John Dale, MS MIS
DB2DOM.COM
Spearfish, SD



On 4/13/19, Mark Thomas  wrote:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 8.5.40.
>
> Apache Tomcat 8 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expression Language, Java
> WebSocket and Java Authentication Service Provider Interface for
> Containers technologies.
>
> Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled
> forward from the 9.0.x branch. The notable changes since 8.5.39 include:
>
> - Fix for CVE-2019-0232, an RCE vulnerability on Windows
>
> - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also
>now supported if used with a ECJ version with support for those  Java
>versions
>
> - Various NIO2 stability improvements
>
>
> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/tomcat-8.5-doc/changelog.html
>
> Downloads:
> http://tomcat.apache.org/download-80.cgi
>
> Migration guides from Apache Tomcat 7.x and 8.0.x:
> http://tomcat.apache.org/migration.html
>
> Enjoy!
>
> - The Apache Tomcat team
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: connectionInitSqls

[John Dale]

Are you using the "*" (splat/star/asterisk) characters below to
highlight the configuration entry for our benefit?

Are you sure you're putting the connectionInitSqls on the correct
Resource element below (noticed you had two)?  Try verifying the JNDI
lookup in your code with the configuration below just to make sure.

Also, logs?

On 4/12/19, Peter Tom  wrote:
> Hi all,
>
> I have third party application installed on Tomcat 8.5.
>
> The application uses DB Oracle connection (ojdbc7) and everything working
> fine.
>
> I would like to set session parameter on first db connect (alter session
> set NLS_NUMERIC_CHARACTERS = '.,')
>
> I added this (connectionInitSqls ="alter session set NLS_NUMERIC_CHARACTERS
> = '.,'") into the context.xml file in the app. META-INF directory:
>
>
>   factory="org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS"
> name="jdbc/ZDB_TESTCPDS"
> type="org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS"
> url="jdbc:oracle:thin:@10.16.43.3:1521:ZDB001"/>
>   dataSourceName="java:/comp/env/jdbc/ZDB_TESTCPDS" defaultMaxActive="10"
> defaultMaxIdle="5" defaultMaxWait="1"
> factory="org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSourceFactory"
> logAbandoned="true" name="jdbc/ZDB_TEST" removeAbandoned="true"
> removeAbandonedTimeout="300" testOnBorrow="false"
> type="org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource"
> validationQuery="select 1 from AnyTable" *connectionInitSqls ="alter
> session set NLS_NUMERIC_CHARACTERS = '.,'"*/>
>  
>
>
> But still not working.
>
> Has somebody idea how to solve it?
>
>
> thank you
> Peter
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Session Persistence Problems

[John Dale]

This is a great information.

I'd like to stray a little off topic if that's okay .. still in the
same ballpark.

I like to invent new doodads in software and see if I can do it better.

Over the years, like many, I built-up a library of things that worked
best for me over the years.  One of those was the delegation of
context management to my own code.  I have Alias and Domain objects in
my database that allow me to map URL's to domains (HTML5 applications
that use some really lightweight server side JSON components).  It
works great and I can change configuration by updating the database.
Awesome for deployment and configuration management.

For now, I put a "deviceId" in localStorage on the browser (I'm only
concerned in supporting modern browsers), and I send that with every
request.  Device is an object in my database as well, and I look up
the device ID at the start of processing, which then can be associated
with any number of other data/field level security measures.  Rest
assured, now, I've worked all this out, and I have developed dozens of
applications that all work great.  I could move deviceId to the header
if I wanted to, or maybe a cookie.  So far, I like it, it's fast, it's
simple, and works great to solve session affinity problems.

Local storage is mapped to the root domain, so I have access to my
deviceId regardless of the context.

My question is this .. how could this come back to bite me?  I've
enjoyed the convenience of SSO for all contexts deployed under a
particular domain, but I would have a little code to write to do
single sign on across domains because of the way the browser manages
localStorage (I would do a simple token exchange to SSO, but I haven't
had that use case, yet).

I have always struggled to shoe-horn some of the session management
into my (sometimes admittedly advanced and unpredictable) application
requirements.

Would love to hear your thoughts.

Have a good one,

John
DB2DOM.COM


On 4/11/19, Jerry Malcolm  wrote:
> On 4/11/2019 4:22 PM, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Jerry,
>>
>> On 4/11/19 15:29, Jerry Malcolm wrote:
>>> Alternatively, if I had a better understanding of how sessions are
>>> managed by both TC and the browser, it might help me figure out
>>> what is going wrong.  I know a session key is generated by TC and
>>> sent back in a response.  And I'm assuming that the browser must
>>> return that session key on subsequent calls.  But if there are
>>> several webapps on domain, how does the browser differentiate which
>>> session key to send back on a subsequent response?  Is it just
>>> understood that the first 'folder' level under the domain (i.e.
>>> context name) is always a different session key?
>>> (myDomain.com/order vs. myDomain/account)?   Or does the browser
>>> send all session keys back per domain and let TC figure out which
>>> one, if any, to use?   Again, just looking for a little education
>>> here
>> Do you know if HTTP cookies or URL-parameters are being used for
>> session-management? If you aren't sure, try logging-in to your
>> application and look at the URLs and cookies.
>>
>> Typically, a web application will use cookies with the name
>> JSESSIONID. If the session identifier is tracked in the URL, then
>> you'll see ";jsessionid=[id]" in your URLs after the path but before
>> the query string.
>>
>> It's very easy to "lose" a URL-tracked session id because every single
>> URL generated by your application must include that parameter. A sinle
>> miss can cause the session to be lost by the client. If you are using
>> SSO (always with a cookie), it can mask the dropping of the session in
>> this way.
>>
>> It's harder to "lose" a session cookie since the browser typically
>> manages that. Cookies are tracked per web-application using each
>> application's path. The browser should only return a single cookie for
>> a given path. If you have applications that share a URL space (e.g.
>> /master and /master/sub and /master/sub2) then things can get very
>> confusing for the browser and the server. It's best not to overlap
>> URL-spaces in this way.
>>
>> Are you using clustering or anything else like that which might also
>> cause session-ids to change?
>>
>> - -chris
>
> Thank you so much for the info... I think we're getting somewhere I
> am definitely using cookies and not url parms for the session id. (no
> clustering).  I went into the firefox debugger and located the cookie
> storage for the site.  I found a cookie for each webapp context that I
> am using.  That makes sense.   I think I know what is happening.
> Correct my assumptions here:
>
> I have a webapp with context /order.  There is a JSESSIONID cookie for
> /order as expected. I assume that every time I send a URL from the
> browser with the /order context, the browser will correctly send the
> /order session cookie.  So far, so good...
>
> But I have a rewrite rule "/storefront" that maps to one 

Re: Session Persistence Problems

[John Dale]

I'm looking forward to hearing from the dev folks on this.  I suspect
it has something to do with the context configuration.

A long time ago, I started doing my own session management, but then I
don't mind building out the pieces I needed for clustering.  In fact,
I decided to store session information in the database (persistent).
That makes scaling easy.


On 4/11/19, Jerry Malcolm  wrote:
> Alternatively, if I had a better understanding of how sessions are
> managed by both TC and the browser, it might help me figure out what is
> going wrong.  I know a session key is generated by TC and sent back in a
> response.  And I'm assuming that the browser must return that session
> key on subsequent calls.  But if there are several webapps on domain,
> how does the browser differentiate which session key to send back on a
> subsequent response?  Is it just understood that the first 'folder'
> level under the domain (i.e. context name) is always a different session
> key? (myDomain.com/order vs. myDomain/account)?   Or does the browser
> send all session keys back per domain and let TC figure out which one,
> if any, to use?   Again, just looking for a little education here
>
> Thx.
>
> Jerry
>
> On 4/11/2019 9:35 AM, Jerry Malcolm wrote:
>> Thanks for the quick response, Luis.  Answers below:
>>
>> On 4/11/2019 3:22 AM, Luis Rodríguez Fernández wrote:
>>> Hello Jerry,
>>>
 I'm using single sign-on
>>> Do you mean tomcat Single Sign On valve? [1], a third party solution or
>>> your custom implementation? That can change the game completely :)
>> Yes, standard Tomcat-provided single sign on valve
>>>
 some RewriteRules in httpd
>>> Can you share them? That could change the game also :)
>>
>> Here's some of my rewrite rules from httpd.conf for this virtualhost:
>>
>>  RewriteRule ^/create_user$
>> /idmanager/jsp/guest/createuser.jsp? [PT]
>>  RewriteRule ^/forgot_password$
>> /idmanager/jsp/guest/forgotpassword.jsp? [PT]
>>  RewriteRule ^/logoff$ /idmanager/jsp/guest/logoff.jsp [PT]
>>  RewriteRule ^/change_password$
>> /idmanager/jsp/user/changepassword.jsp? [PT]
>>  RewriteRule ^/login$ /idmanager/jsp/user/home.jsp [PT]
>>  RewriteRule ^/userhome$ /idmanager/jsp/user/home.jsp? [PT]
>>  RewriteRule ^/cart$ /order/jsp/guest/cart.jsp? [PT,QSA]
>>  RewriteRule ^/checkout$ /order/jsp/guest/checkout.jsp? [PT]
>>  RewriteRule ^/submitOrder$ /order/jsp/guest/orderSubmit.jsp?
>> [PT,QSA]
>>  RewriteRule ^/displayImage$ /order/jsp/guest/productPage.jsp?
>> [PT,QSA]
>>  RewriteRule ^/product$ /order/jsp/guest/productPage.jsp?
>> [PT,QSA]
>>  RewriteRule ^/storeFront$ /order/jsp/guest/storeFront.jsp [PT]
>>  RewriteRule ^/orders$ /order/jsp/user/orderList.jsp? [PT]
>>  RewriteRule ^/pay$ /payment/jsp/user/flcPayProvision.jsp [PT]
>>  RewriteRule ^/projectlist$
>> /projectmanager/jsp/user/projectlist3.jsp? [PT]
>>  RewriteRule ^/about$ /upartyrental/jsp/guest/about.jsp? [PT]
>>  RewriteRule ^/$ /upartyrental/jsp/guest/uprHome.jsp [PT]
>>
>>>
>>> Cheers,
>>>
>>> Luis
>>>
>>> [1]
>>> https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Single_Sign_On_Valve
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> El jue., 11 abr. 2019 a las 5:57, Jerry Malcolm
>>> ()
>>> escribió:
>>>
 I have a TC host that is running about 10 separate webapps that
 interact
 with each other.  I understand that sessions are per-webapp. But within
 one webapp, with the same browser just making different calls to the
 same webapp is starting new sessions about 30% of the time. I've put a
 debug statement at the beginning of all of my JSPs that logs
 session.isNew().  It'll start a new session, then use it for 10 or so
 subsequent calls. But then it'll decide to drop that session and
 start a
 new one that it'll subsequently use for a while. The setup is nothing
 fancy.  It's just calling several different JSPs within the same webapp
 (context).  I am keeping data in the session that really needs to
 persist for the duration of the 'real' session between the user and the
 site.  So this is a serious problem.   (This is happening both with
 Firefox and Chrome).  I'm using TC 9.0.1 on Windows.

 I definitely could have some misunderstandings here.  But my first
 understanding is that once a browser makes a call to a webapp, a
 session
 is created, and that session remains around until invalidated on a
 logout or a timeout occurred, and that webapp uses that session for the
 remainder of the activity between that browser and that webapp.  If
 that's not the case, then please set me straight. If that assumption is
 correct, what could possibly be causing the sessions to keep dropping
 and new ones created?

 Interestingly, logon state is not being dropped with the new sessions.
 I'm using single 

Re: Using WebSockets with a Tapestry WebApp running on Tomcat

[John Dale]

IoC - *shudders*

Can't this be used to "inject" mass surveillance into J2E apps?  It
was curiously missing in the bullet items down the home page of
tapestry.  :p

So, you're expecting to inject dependencies into components
instantiated on a websocket?

By "the rest of the application" below, are you referring to
application code that's in tapestry, early in the chain of execution,
or code that is on/behind your websocket?

So, you're looking for some feature in tapestry that would inject some
kind of remoteable dependencies into/onto your websocket?

This is an interesting question to me .. it to ok me about 10 years,
but I created substitutes for both tapestry and HBN/Cayenne.  I found
that all the source code I needed to deploy ORM/MVC/JSON/HTML5 was
300KB.  I like being able to step through JavaScript, then step
through Java for debugging without having to negotiate etherial stubs
to far off services.

Looking forward to hearing about the resources you're trying to have
injected into your code.

Have a good one,

John
DB2DOM.COM


On 4/8/19, Christopher Dodunski  wrote:
> Hi team,
>
> I have developed a web application using the Apache Tapestry framework and
> deployed on Apache Tomcat.  The application also supports WebSocket
> connections with desktop clent applications.  Following the advice of the
> Tapestry community, I included the server-side endpoint within the
> Tapestry based application, but added the below declaration to the
> AppModule configuration, which basically instructs Tapestry to ignore any
> requests to the endpoint URI, leaving Tomcat to handle the request
> instead.
>
> public static void contributeIgnoredPathsFilter(Configuration
> configuration) {
> configuration.add("/websocket/.*");
> }
>
> The problem is that, as with any IoC based application, my WebSocket
> endpoint relies on dependency injection to interact with the rest of the
> application (ie. injected services).  And it seems, given that Tomcat is
> left to handle WebSocket connections independent of the Tapestry
> application, endpoints get instantiated but without the injected
> dependencies.  So, of course, a null pointer exception occurs once the
> endpoint attempts to invoke a dependency method.
>
> Moreover, presumably Tomcat is instantiating endpoints outside of the
> Tapestry realm, meaning that any class (static) field values are not
> shared across endpoints instantiated by Tapestry itself.
>
> Obviously leaving Tomcat to handle these WebSocket connections independent
> of the Tapestry application isn't working.  Is there a common solution to
> what I imagine is a pretty common scenario?  I'm not aware of how to have
> Tomcat connect to an endpoint instance already instantiated within the
> Tapestry application (one potential solution).
>
> Thanks & regards,
>
> Chris.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Sending post from ajax to servlet

[John Dale]

Debug pause made your request/db connection/other timeout?

On 4/5/19, alejandro.var...@kymsolutions.com
 wrote:
> I have a problem, not always, it happens randomly. Sometimes I send some
> data, ~200KB , using jquery ajax, but when I received the request it came
> null, but before I debugged in Chrome and the data seemed ok.
>
>
>
> I am using Tomcat 8.5, Java 8.201 and Google Chrome on Windows 10.
>
>
>
> I appreciate any help.
>
>
>
> Thanks.
>
>
>
>
>
>
>
>
>
> Alejandro Vargas Mayorga
>
> Gerente Desarrollo C.A. & C.
>
> Tel. 506- 7232-3366
>
> Email: 
> alejandro.var...@kymsolutions.com
>
>   www.kymsolutions.com
>
> Visite nuestra aula virtual!
>
>
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org