date:20121128

Tomcat 7 SSL Session ID

2012-11-28 Thread Vincent Goelen

Hey,

I'm doing some research about the SSL session tracking / SSL Session id's.

Now I'm having some problems when requests are send to the server in quick
succession, I notice the problem is fixed or at least less occuring when
the keepAlive server setting is set to 0..

When the keepAliveTimeout is not set to 0 I can see in the SSL debug logs
the SSL session get's invalidated after some requests with a Broken Pipe
exception. Is this because there are too many open connections during
the keepAliveTimeout?
It also only happens when processing the requests takes some time (fe.
storing items in database) or when I put the threat to sleep for testing
purpose.

When inspecting the traffic I see some tcp-rst packages (problem is here?)
from previous connections while the current one is being processed.

My question is why these SSL Sessions get invalidated after alot of quick
requests to the server since this gives a problem with my SSL Session
tracking since the id changes then.

I can provide a sample jsp project where the Invalidation occurs if wanted..

PS. I'm running Tomcat 7 on a mac osx Lion 10.7.4
server.xml settings:
Connector
 port=8443 maxHttpHeaderSize=8192
  maxThreads=150
  keepAliveTimeout=0
scheme=https secure=true
  clientAuth=false
  sslProtocol=SSLv3
  SSLEngine=on
  SSLEnabled=true
ciphers = TLS_RSA_WITH_AES_256_CBC_SHA
SSLCipherSuite =TTLS_RSA_WITH_AES_256_CBC_SHA
SSLHonorCipherOrder = true
   keystoreFile=*** keystorePass=***/

Thanks in advance,
Vincent Goelen

Re: tomcat6 with crl doesn't load

2012-11-28 Thread Will Nordmeyer

On Tue, Nov 27, 2012 at 5:12 PM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 27, 2012, at 12:56 PM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 12:24 PM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote:

I have a self signed server certificate - and the user certs have no
association/connection to the server cert.

I apologize, but I'm not exactly sure what you are trying to configure with
the certs and the crl file. Can you take a step back from the problem and
give us some higher level details on what you are trying to achieve with
this configuration?

Dan

OK, I'm am emulating the production enviroment for the application my
development team works on. The production environment is on goverment
facilitiies and equipment. Users authenticate with a Common Access
Card (CAC) PIN. Our current environment has a locally developed PIN
check, which is insufficient going forward. Rather than developing
code to do all of the work, it seems most appropriate to simply
utilize the abilities built into tomcat to do that before our
application even gets accessed.

The development server I stood up is a virtual server, running CentOS
6.3 (64 bit), Tomcat 6.0.35 and openssl 1.0.0-fips. I used openssl to
generate a self-signed certificate, rather than getting an actual SSL
cert from an outside source since this is a closed development system.

With that in mind, we are working to implement Certificate
Authentication Validation within Tomcat. I've got the environment
configured to prompt for the certificate and through the
browser/client enviroment the PIN prompt is triggered without issue as
long as the crlFile parameter isn't set in the connector. That was
easy.

My problem comes when I attempt to implement Certificate Revocation
List checking. The Government has a root certificate and about 20-30
different intermediate certificate authorities that could have issued
the user certificate. I have loaded the root and intermediate
government certificate into my local truststore and am loading it
properly (based on the fact that the user certificates are recognized
and accepted).

I have downloaded all the root certificate CRL data and each
individual CA's CRL data. Through the openssl commands, I converted
them to PEM and then copied them all into one file massive CRL. I
have also, for testing, created a file with the root CRL data and the
CRL data for the CA which issued my Certificate.

When I run the complete CRL, I run out of memory (271 MB CRL). When I
run just the root my CA, it doesn't run out of memory, but it also
doesn't trigger the PIN prompt (I assume the crl check happens before
the PIN is checked?), and just displays Page cannot be displayed.

I know my certificate is OK - when I use it to access other sites that
require that certificate, it works fine.

Does that give you a clear(er) picture? :)

Definitely. A couple suggestions…

1.) You may want to take a look at
org.apache.tomcat.util.net.jsse.JSSESocketFactory. Search for crlFile and
you can see how this is being configured and utilized.

https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_36/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

2.) Maybe try using Tomcat native and the APR connector. This would offload
SSL to openssl which may handle things more efficiently.

Dan

OK - I enabled Tomcat native the APR, but now it doesn't prompt me
for the Client Certificate.

The log file has:

Nov 28, 2012 8:10:36 AM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'clientAuth' to 'true' did not find a matching property.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 with crl doesn't load

2012-11-28 Thread Daniel Mikusa

On Nov 28, 2012, at 8:35 AM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 5:12 PM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 27, 2012, at 12:56 PM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 12:24 PM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote:

I have a self signed server certificate - and the user certs have no
association/connection to the server cert.

I apologize, but I'm not exactly sure what you are trying to configure
with the certs and the crl file. Can you take a step back from the
problem and give us some higher level details on what you are trying to
achieve with this configuration?

Dan

I know my certificate is OK - when I use it to access other sites that
require that certificate, it works fine.

Does that give you a clear(er) picture? :)

Definitely. A couple suggestions…

1.) You may want to take a look at
org.apache.tomcat.util.net.jsse.JSSESocketFactory. Search for crlFile and
you can see how this is being configured and utilized.

https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_36/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

2.) Maybe try using Tomcat native and the APR connector. This would offload
SSL to openssl which may handle things more efficiently.

Dan

OK - I enabled Tomcat native the APR, but now it doesn't prompt me
for the Client Certificate.

The log file has:

clientAuth only works for the BIO / NIO connectors. I think you want
SSLVerifyClient with the APR connector.

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native

Dan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 with crl doesn't load

2012-11-28 Thread Will Nordmeyer

On Wed, Nov 28, 2012 at 8:45 AM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 28, 2012, at 8:35 AM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 5:12 PM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 27, 2012, at 12:56 PM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 12:24 PM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote:

I have a self signed server certificate - and the user certs have no
association/connection to the server cert.

I apologize, but I'm not exactly sure what you are trying to configure
with the certs and the crl file. Can you take a step back from the
problem and give us some higher level details on what you are trying to
achieve with this configuration?

Dan

I know my certificate is OK - when I use it to access other sites that
require that certificate, it works fine.

Does that give you a clear(er) picture? :)

Definitely. A couple suggestions…

1.) You may want to take a look at
org.apache.tomcat.util.net.jsse.JSSESocketFactory. Search for crlFile
and you can see how this is being configured and utilized.

https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_36/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

2.) Maybe try using Tomcat native and the APR connector. This would
offload SSL to openssl which may handle things more efficiently.

Dan

OK - I enabled Tomcat native the APR, but now it doesn't prompt me
for the Client Certificate.

The log file has:

Nov 28, 2012 8:10:36 AM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'clientAuth' to 'true' did not find a matching property.

clientAuth only works for the BIO / NIO connectors. I think you want
SSLVerifyClient with the APR connector.

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native

Dan

OK... thanks. That was purely me and literacy this morning. I looked
RIGHT at that line and decided, nope...must not apply to me. I
changed everything ELSE.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Invocation condition of ErrorReportValve

2012-11-28 Thread Michael-O

Hi,

why does the ErrorReportValve trigger the report on this condition only?

 if ((statusCode  400) || (response.getContentCount()  0))
return;

So, even if I do a reponse.setStatus(404), this valve is executed. According to 
the Javadoc: if setStatus is invoked [1], the response should be left untouched 
in constrast to the sendErroor method. Especially this sentence makes it clear 
If this method is used to set an error code, then the container's error page 
mechanism will not be triggered. 

Shouldn't that include a response.isError() check?

[1] 
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#setStatus%28int%29

Thanks,

Mike

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Nagios plugin script for use with JMXProxy

2012-11-28 Thread Mark H. Wood

On Tue, Nov 27, 2012 at 05:37:18PM -0500, Christopher Schultz wrote:
 I have developed a Perl script that can be used with Nagios to check
 on a Tomcat instance via the manager's JMXProxyServlet. Someone asked
 me to publish it, which I'm happy to do. I'm just wondering what the
 best thing to do is.

Allow me to add my thanks!

 I see several options:
 
 1. Submit a patch to the Tomcat source
 2. Drop the file into the Tomcat wiki
 3. Stick the file on Apache's related-projects stash
-- I have forgotten the address at this point :(
 4. Host it on my own website

Maybe Nagios has a third-party plugins corral?

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
I don't do doorbusters.


pgpnNSX0H6LHV.pgp
Description: PGP signature

Re: Nagios plugin script for use with JMXProxy

2012-11-28 Thread Athanasios Kostopoulos


On 28/11/12 17:19, Mark H. Wood wrote:

On Tue, Nov 27, 2012 at 05:37:18PM -0500, Christopher Schultz wrote:

I have developed a Perl script that can be used with Nagios to check
on a Tomcat instance via the manager's JMXProxyServlet. Someone asked
me to publish it, which I'm happy to do. I'm just wondering what the
best thing to do is.

Allow me to add my thanks!


I see several options:

1. Submit a patch to the Tomcat source
2. Drop the file into the Tomcat wiki
3. Stick the file on Apache's related-projects stash
-- I have forgotten the address at this point :(
4. Host it on my own website

Maybe Nagios has a third-party plugins corral?


Many thanks from me as well.
Indeed Nagios has a third-party plugins corral, you can reach it at

http://exchange.nagios.org/directory/Plugins


There you can also find instruction there on how to submit your own project

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 with crl doesn't load

2012-11-28 Thread Will Nordmeyer

On Wed, Nov 28, 2012 at 9:03 AM, Will Nordmeyer quark...@gmail.com wrote:
 On Wed, Nov 28, 2012 at 8:45 AM, Daniel Mikusa dmik...@vmware.com wrote:
 On Nov 28, 2012, at 8:35 AM, Will Nordmeyer wrote:

 On Tue, Nov 27, 2012 at 5:12 PM, Daniel Mikusa dmik...@vmware.com wrote:
 On Nov 27, 2012, at 12:56 PM, Will Nordmeyer wrote:

 On Tue, Nov 27, 2012 at 12:24 PM, Daniel Mikusa dmik...@vmware.com 
 wrote:
 On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote:


 Does that give you a clear(er) picture?  :)

 Definitely.  A couple suggestions…

 1.) You may want to take a look at 
 org.apache.tomcat.util.net.jsse.JSSESocketFactory.  Search for crlFile 
 and you can see how this is being configured and utilized.

  
 https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_36/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

 2.) Maybe try using Tomcat native and the APR connector.  This would 
 offload SSL to openssl which may handle things more efficiently.

 Dan

 OK - I enabled Tomcat native  the APR, but now it doesn't prompt me
 for the Client Certificate.

 The log file has:

 Nov 28, 2012 8:10:36 AM org.apache.catalina.startup.SetAllPropertiesRule 
 begin
 WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
 property 'clientAuth' to 'true' did not find a matching property.

 clientAuth only works for the BIO / NIO connectors.  I think you want 
 SSLVerifyClient with the APR connector.

 https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native

 Dan

 OK... thanks.  That was purely me and literacy this morning.  I looked
 RIGHT at that line and decided, nope...must not apply to me.  I
 changed everything ELSE.

I've got the tomcat-native  APR configured, but when I add the SSL
Certificate Revocation options, it prompts me for my cert and then
gives a page cannot be displayed.

   Connector port=8443
   protocol=org.apache.coyote.http11.Http11AprProtocol
   SSLEnabled=true
   scheme=https
   maxHttpHeaderSize=8192
   maxThreads=150
   minSpareThreads=25
   maxSpareThreads=75
   enableLookups=false
   acceptCount=100
   disableUploadTimeout=true
   compression=on
   
compressableMimeType=text/html,text/xml,text/plain,text/css,text/
   
javascript,application/xml,application/x-javascript,application/javascript
   connectionTimeout=2
   secure=true
   SSLCertificateFile=/etc/ssl/certs/mycert01.crt
   SSLCertificateKeyFile=/etc/ssl/certs/mykey01.pem
   SSLPassword=dmapsdev
   SSLCACertificateFile=/etc/ssl/certs/root-certs.pem
   SSLVerifyClient=require
   SSLCARevocationFile=/etc/ssl/certs/CRL-bundle.crl
   sslProtocol=TLS  /

Without the SSLCARevocationFile, it prompts for my certificate, gets
the PIN and goes to the app.

How can I test/trace the Revocation File issues.  The CRL-bundle.crl
file has 39 different X509 formatted CRLs, totaling 271 MB of data.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Invocation condition of ErrorReportValve

2012-11-28 Thread Mark Thomas



Michael-O 1983-01...@gmx.net wrote:

Hi,

why does the ErrorReportValve trigger the report on this condition
only?

 if ((statusCode  400) || (response.getContentCount()  0))
return;

So, even if I do a reponse.setStatus(404), this valve is executed.
According to the Javadoc: if setStatus is invoked [1], the response
should be left untouched in constrast to the sendErroor method.
Especially this sentence makes it clear If this method is used to set
an error code, then the container's error page mechanism will not be
triggered. 

Shouldn't that include a response.isError() check?

[1]
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#setStatus%28int%29

Yep. This sort of thing drives me nuts with the Servlet spec. The document is 
mean to be definitive but isn't. Half the requirements are in the Javadoc and 
the Javadoc is no longer included in the specification (for no good reason) and 
the spec lead refuses to add it back in. You used to be able to search one doc 
for a phrase, method, class, whatever and find all the references. Now it is 
right pain to figure out what the expected behaviour is.

Raise a bugzilla entry for this one and it'll get looked at and (assuming there 
is a problem as there does appear to be from the fragment you quoted) it will 
get fixed.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 with crl doesn't load

2012-11-28 Thread Daniel Mikusa

On Nov 28, 2012, at 11:56 AM, Will Nordmeyer wrote:

On Wed, Nov 28, 2012 at 9:03 AM, Will Nordmeyer quark...@gmail.com wrote:
On Wed, Nov 28, 2012 at 8:45 AM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 28, 2012, at 8:35 AM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 5:12 PM, Daniel Mikusa dmik...@vmware.com wrote:
On Nov 27, 2012, at 12:56 PM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 12:24 PM, Daniel Mikusa dmik...@vmware.com
wrote:
On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote:

Does that give you a clear(er) picture? :)

Definitely. A couple suggestions…

1.) You may want to take a look at
org.apache.tomcat.util.net.jsse.JSSESocketFactory. Search for crlFile
and you can see how this is being configured and utilized.

https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_36/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

2.) Maybe try using Tomcat native and the APR connector. This would
offload SSL to openssl which may handle things more efficiently.

Dan

OK - I enabled Tomcat native the APR, but now it doesn't prompt me
for the Client Certificate.

The log file has:

Nov 28, 2012 8:10:36 AM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'clientAuth' to 'true' did not find a matching property.

clientAuth only works for the BIO / NIO connectors. I think you want
SSLVerifyClient with the APR connector.

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native

Dan

OK... thanks. That was purely me and literacy this morning. I looked
RIGHT at that line and decided, nope...must not apply to me. I
changed everything ELSE.

I've got the tomcat-native APR configured, but when I add the SSL
Certificate Revocation options, it prompts me for my cert and then
gives a page cannot be displayed.

You might want to try and capture some traces with Wireshark. This could give
you some more insight into what is happening as the request is made.

Connector port=8443
protocol=org.apache.coyote.http11.Http11AprProtocol
SSLEnabled=true
scheme=https
maxHttpHeaderSize=8192
maxThreads=150
minSpareThreads=25
maxSpareThreads=75
enableLookups=false
acceptCount=100
disableUploadTimeout=true
compression=on

compressableMimeType=text/html,text/xml,text/plain,text/css,text/

javascript,application/xml,application/x-javascript,application/javascript
connectionTimeout=2
secure=true
SSLCertificateFile=/etc/ssl/certs/mycert01.crt
SSLCertificateKeyFile=/etc/ssl/certs/mykey01.pem
SSLPassword=dmapsdev
SSLCACertificateFile=/etc/ssl/certs/root-certs.pem
SSLVerifyClient=require
SSLCARevocationFile=/etc/ssl/certs/CRL-bundle.crl
sslProtocol=TLS /

Without the SSLCARevocationFile, it prompts for my certificate, gets
the PIN and goes to the app.

How can I test/trace the Revocation File issues. The CRL-bundle.crl
file has 39 different X509 formatted CRLs, totaling 271 MB of data.

Couple thoughts…

1.) Check that your certificates and CRL file are all valid and functioning
properly. I'm not an expert with openssl, but I think openssl verify can be
used to test this from the command line.
2.) Perhaps start with a smaller CRL file or create a set of testing certs that
you can use to verify behavior.

Dan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 with crl doesn't load

2012-11-28 Thread André Warnier

Daniel Mikusa wrote:

On Nov 28, 2012, at 11:56 AM, Will Nordmeyer wrote:

On Wed, Nov 28, 2012 at 9:03 AM, Will Nordmeyer quark...@gmail.com wrote:

On Wed, Nov 28, 2012 at 8:45 AM, Daniel Mikusa dmik...@vmware.com wrote:

On Nov 28, 2012, at 8:35 AM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 5:12 PM, Daniel Mikusa dmik...@vmware.com wrote:

On Nov 27, 2012, at 12:56 PM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 12:24 PM, Daniel Mikusa dmik...@vmware.com wrote:

On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote:

Does that give you a clear(er) picture? :)

Definitely. A couple suggestions…

1.) You may want to take a look at org.apache.tomcat.util.net.jsse.JSSESocketFactory.
Search for crlFile and you can see how this is being configured and utilized.

https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_36/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

2.) Maybe try using Tomcat native and the APR connector. This would offload
SSL to openssl which may handle things more efficiently.

Dan

OK - I enabled Tomcat native the APR, but now it doesn't prompt me
for the Client Certificate.

The log file has:

clientAuth only works for the BIO / NIO connectors. I think you want
SSLVerifyClient with the APR connector.

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native

Dan

OK... thanks. That was purely me and literacy this morning. I looked
RIGHT at that line and decided, nope...must not apply to me. I
changed everything ELSE.

I've got the tomcat-native APR configured, but when I add the SSL
Certificate Revocation options, it prompts me for my cert and then
gives a page cannot be displayed.

You might want to try and capture some traces with Wireshark. This could give
you some more insight into what is happening as the request is made.

You may also try with Firefox as a browser, with the HttpFox plugin.
I just ran a quick test with a HTTPS website, and it seems to show a good portion of the
SSL exchanges. It will not be as telling, but is a lot easier to use than Wireshark.

One problem with IE is the friendly error messages option, which hides the real server
responses and displays some built-in page instead, which tells you nothing really about
the problem.

Without the SSLCARevocationFile, it prompts for my certificate, gets
the PIN and goes to the app.

How can I test/trace the Revocation File issues. The CRL-bundle.crl
file has 39 different X509 formatted CRLs, totaling 271 MB of data.

Couple thoughts…

1.) Check that your certificates and CRL file are all valid and functioning properly.
I'm not an expert with openssl, but I think openssl verify can be used to
test this from the command line.
2.) Perhaps start with a smaller CRL file or create a set of testing certs that
you can use to verify behavior.

Dan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat8 Cartridge for OpenShift PaaS

2012-11-28 Thread William DeCoste


Hi all,

Development has begun on supporting Tomcat8 on Red Hat's OpenShift PaaS 
(https://openshift.redhat.com). OpenShift supports various development 
frameworks via cartridges. There are currently cartridges for Tomcat6 
(via JBossEWS1.0) and soon will be a cartridge for Tomcat7 (via 
JBossEWS2.0).


The new Tomcat8 community cartridge will be developed here: 
https://github.com/openshift/origin-community-cartridges


The community project for OpenShift Origin is here: 
https://github.com/openshift


Looking forward to working with the TC8 community.

Thanks -Bill

--
Bill DeCoste
Principal Software Engineer, Red Hat
978-204-0920
wdeco...@redhat.com


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Invocation condition of ErrorReportValve

2012-11-28 Thread Michael-O

Am 2012-11-28 18:26, schrieb Mark Thomas:

Michael-O 1983-01...@gmx.net wrote:

Hi,

why does the ErrorReportValve trigger the report on this condition
only?

if ((statusCode 400) || (response.getContentCount() 0))
return;

So, even if I do a reponse.setStatus(404), this valve is executed.
According to the Javadoc: if setStatus is invoked [1], the
response should be left untouched in constrast to the sendErroor
method. Especially this sentence makes it clear If this method is
used to set an error code, then the container's error page
mechanism will not be triggered.

Shouldn't that include a response.isError() check?

[1]
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#setStatus%28int%29

Yep. This sort of thing drives me nuts with the Servlet spec. The
document is mean to be definitive but isn't. Half the requirements
are in the Javadoc and the Javadoc is no longer included in the
specification (for no good reason) and the spec lead refuses to add
it back in. You used to be able to search one doc for a phrase,
method, class, whatever and find all the references. Now it is right
pain to figure out what the expected behaviour is.

Raise a bugzilla entry for this one and it'll get looked at and
(assuming there is a problem as there does appear to be from the
fragment you quoted) it will get fixed.

Mark,

issue has been created:
https://issues.apache.org/bugzilla/show_bug.cgi?id=54220

I have depicted a new possible condition based on the Javadocs and the
spec. Please have look.

Mike

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Writing to response and issuing sendError

2012-11-28 Thread Michael-O


Hi,

I am having again trouble with the respone.sendError method. The docs 
say that an IllegalStateException is thrown if response has already been 
committed. So this should cause an exception:


protected void doGet(HttpServletRequest request, HttpServletResponse 
response) throws ServletException, IOException {

  PrintWriter out = response.getWriter();
  out.println(ERROR);
  out.flush();
  response.sendError(404);
}

The exception is thrown out to the console but the response is still 
written. If I leave out the flush (which commits the response). The 
error page comes up.


Is this undefined behavior or some missing code path to transform the 
ISE to a HTTP 500 error response?


I am on Tomcat 6.0.35

Thanks,

Mike

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Writing to response and issuing sendError

2012-11-28 Thread Mark Thomas

On 28/11/2012 20:34, Michael-O wrote:
 Hi,
 
 I am having again trouble with the respone.sendError method. The docs
 say that an IllegalStateException is thrown if response has already been
 committed. So this should cause an exception:
 
 protected void doGet(HttpServletRequest request, HttpServletResponse
 response) throws ServletException, IOException {
   PrintWriter out = response.getWriter();
   out.println(ERROR);
   out.flush();
   response.sendError(404);
 }
 
 The exception is thrown out to the console but the response is still
 written. If I leave out the flush (which commits the response). The
 error page comes up.
 
 Is this undefined behavior or some missing code path to transform the
 ISE to a HTTP 500 error response?

Nope. Think about it. Once the response has been committed the response
status line and the headers have been written to the client as well as
at least some if not all of the response body. Tomcat can't take back
the data it has already sent.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Writing to response and issuing sendError

2012-11-28 Thread Caldarale, Charles R

 From: Michael-O [mailto:1983-01...@gmx.net] 
 Subject: Writing to response and issuing sendError

 The exception is thrown out to the console but the response is still 
 written.

As it should be - it's already committed, and may well have been delivered.

 If I leave out the flush (which commits the response). The 
 error page comes up.

Also as it should be.

 Is this undefined behavior

No, it's operating as required by the spec.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Writing to response and issuing sendError

2012-11-28 Thread Michael-O


Am 2012-11-28 21:39, schrieb Mark Thomas:

On 28/11/2012 20:34, Michael-O wrote:

Hi,

I am having again trouble with the respone.sendError method. The docs
say that an IllegalStateException is thrown if response has already been
committed. So this should cause an exception:

protected void doGet(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
   PrintWriter out = response.getWriter();
   out.println(ERROR);
   out.flush();
   response.sendError(404);
}

The exception is thrown out to the console but the response is still
written. If I leave out the flush (which commits the response). The
error page comes up.

Is this undefined behavior or some missing code path to transform the
ISE to a HTTP 500 error response?


Nope. Think about it. Once the response has been committed the response
status line and the headers have been written to the client as well as
at least some if not all of the response body. Tomcat can't take back
the data it has already sent.


Sigh, I forgot that the body has already been sent over the wire. Your 
explanation makes perfectly sense then. sendError is coming too late.


I'd prefer that this ISE would have a message. The source contains a 
commented exception message.


Thanks,

Mike

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Writing to response and issuing sendError

2012-11-28 Thread Michael-O

Am 2012-11-28 21:41, schrieb Caldarale, Charles R:

From: Michael-O [mailto:1983-01...@gmx.net]
Subject: Writing to response and issuing sendError

The exception is thrown out to the console but the response is still
written.

As it should be - it's already committed, and may well have been delivered.

If I leave out the flush (which commits the response). The
error page comes up.

Also as it should be.

Is this undefined behavior

No, it's operating as required by the spec.

Yes, thanks!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat6 with crl doesn't load

2012-11-28 Thread Will Nordmeyer

On Wed, Nov 28, 2012 at 1:39 PM, André Warnier a...@ice-sa.com wrote:
Daniel Mikusa wrote:

On Nov 28, 2012, at 11:56 AM, Will Nordmeyer wrote:

On Wed, Nov 28, 2012 at 9:03 AM, Will Nordmeyer quark...@gmail.com
wrote:

On Wed, Nov 28, 2012 at 8:45 AM, Daniel Mikusa dmik...@vmware.com
wrote:

On Nov 28, 2012, at 8:35 AM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 5:12 PM, Daniel Mikusa dmik...@vmware.com
wrote:

On Nov 27, 2012, at 12:56 PM, Will Nordmeyer wrote:

On Tue, Nov 27, 2012 at 12:24 PM, Daniel Mikusa dmik...@vmware.com
wrote:

On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote:

Does that give you a clear(er) picture? :)

Definitely. A couple suggestions…

1.) You may want to take a look at
org.apache.tomcat.util.net.jsse.JSSESocketFactory. Search for
crlFile and
you can see how this is being configured and utilized.

https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_36/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

2.) Maybe try using Tomcat native and the APR connector. This would
offload SSL to openssl which may handle things more efficiently.

Dan

OK - I enabled Tomcat native the APR, but now it doesn't prompt me
for the Client Certificate.

The log file has:

Nov 28, 2012 8:10:36 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'clientAuth' to 'true' did not find a matching property.

clientAuth only works for the BIO / NIO connectors. I think you want
SSLVerifyClient with the APR connector.

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native

Dan

OK... thanks. That was purely me and literacy this morning. I looked
RIGHT at that line and decided, nope...must not apply to me. I
changed everything ELSE.

I've got the tomcat-native APR configured, but when I add the SSL
Certificate Revocation options, it prompts me for my cert and then
gives a page cannot be displayed.

You might want to try and capture some traces with Wireshark. This could
give you some more insight into what is happening as the request is made.

You may also try with Firefox as a browser, with the HttpFox plugin.
I just ran a quick test with a HTTPS website, and it seems to show a good
portion of the SSL exchanges. It will not be as telling, but is a lot
easier to use than Wireshark.

One problem with IE is the friendly error messages option, which hides the
real server responses and displays some built-in page instead, which tells
you nothing really about the problem.

I ran with Firefox HttpFox - Just gets an NS_ERROR_NET_RESET. The
catalina.out file shows nothing, I don't see any indication that the
server is doing anything with the revocation list when it gets my
certificate.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

2012-11-28 Thread Zorro


Op 27-11-2012 23:56, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harm-Jan,

On 11/27/12 3:32 PM, Zorro wrote:

Op 27-11-2012 20:00, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1

Harm-Jan,

On 11/26/12 3:16 PM, Zorro wrote:

I have now this in my server.xml: For IPv4: Connector
port=80 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 address=0.0.0.0 / For IPv6: Connector
port=80 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 address=::0 /

With this setup I can connect to port 80 over Ipv4 And IPv6 to
my Linux box.

So, a recap:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified

* APR connector binds only to IPv6 interface is IPv6 is
available, otherwise only IPv4

* Linux vs. Windows is not relevant

Do I have that all right? Or does Linux work as expected (bind to
both interfaces) and Windows does not?

Ideally, this should work everywhere:

Connector port=80 protocol=HTTP/1.1 /

... and listen on both 0.0.0.0:80 and :::80

The only configuration shown by Zorro has two connectors and says
that works on Windows.


On a Windows Vista PC I have also installed Tomcat 7.0.32 and
the Windows installation set downloaded from tomcat.apache.org
uses per default the Native Library. I have not changed
anything in the configuration yet and on that PC a telnet
127.0.0.1 80 is ok while a IPv6 telnet ::1 80 fails.

You mean using the above configuration?

So, you have 2 connectors on Windows and one of them doesn't work
at all? Please stop Tomcat, delete all log files, confirm your
(2-connector) configuration, start Tomcat, then re-post your
Connector configuration and the complete catalina.out log file,
plus versions of everything all at once.

Better yet, if you could provide a matrix of configurations that
*do* work versus *don't* work, that would be great, too. I'm
specifically interested in knowing if this is a generic APR
problem, or only APR-on-Windows. Jeffrey Janner has had problems
on Windows (which may be a win32 TCP/IP stack problem) but if it
doesn't work on Linux, either, then perhaps it really is a bug
with APR or tcnative.


Maybe its worth it to include it in the documentation of the
native library.

Maybe it's worth filing a bug report. If I can get you to
cough-up full details, it will make it much easier.

- -chris

Chris,

This is what I observed. Tomcat 7.0.32

1. Linux (Fedora 14, gcc 4.5.1, OpenJDK IcedTea6 1.9.10 java
version 1.6.0_20)

One connector for port 80 defined without the address attribute:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified * APR connector binds only to IPv6 interface if IPv6
is available, otherwise only IPv4

-

2. Windows Vista (java version 1.7.0_09)

One connector for port 80 defined without the address attribute:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified * APR connector binds only to IPv4 interface (not to
IPv6).

What about when specifying two connectors, one for IPV4 and one for IPv6?


Chris, André,

Specifying 2 Connectors in the server.xml:
For IPv4:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=0.0.0.0/

For IPv6:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=::0/


1. Linux

  * APR connector binds for IPv6 to the IPv6 Connector and for IPv4 to 
the IPv4 Connector

* NIO/BIO connector binds to the IPv4 Connector

For NIO/BIO the catalina.log shows exceptions:
SEVERE: Failed to initialize end point associated with ProtocolHandler 
[http-bio-0:0:0:0:0:0:0:0-80]

java.net.BindException: Address already in use /0:0:0:0:0:0:0:0:80
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
...

-

2. Windows Vista

  * APR connector binds for IPv6 to the IPv6 Connector and for IPv4 to 
the IPv4 Connector

* NIO/BIO connector binds to the IPv4 Connector

For NIO/BIO the catalina.log shows exceptions:
28-nov-2012 21:45:55 org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler 
[http-bio-0:0:0:0:0:0:0:0-80]

java.net.BindException: Address already in use: JVM_Bind /0:0:0:0:0:0:0:0:80
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
...

Regards,
Harm-Jan


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

2012-11-28 Thread André Warnier


Zorro wrote:

Op 27-11-2012 23:56, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harm-Jan,

On 11/27/12 3:32 PM, Zorro wrote:

Op 27-11-2012 20:00, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1

Harm-Jan,

On 11/26/12 3:16 PM, Zorro wrote:

I have now this in my server.xml: For IPv4: Connector
port=80 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 address=0.0.0.0 / For IPv6: Connector
port=80 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 address=::0 /

With this setup I can connect to port 80 over Ipv4 And IPv6 to
my Linux box.

So, a recap:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified

* APR connector binds only to IPv6 interface is IPv6 is
available, otherwise only IPv4

* Linux vs. Windows is not relevant

Do I have that all right? Or does Linux work as expected (bind to
both interfaces) and Windows does not?

Ideally, this should work everywhere:

Connector port=80 protocol=HTTP/1.1 /

... and listen on both 0.0.0.0:80 and :::80

The only configuration shown by Zorro has two connectors and says
that works on Windows.


On a Windows Vista PC I have also installed Tomcat 7.0.32 and
the Windows installation set downloaded from tomcat.apache.org
uses per default the Native Library. I have not changed
anything in the configuration yet and on that PC a telnet
127.0.0.1 80 is ok while a IPv6 telnet ::1 80 fails.

You mean using the above configuration?

So, you have 2 connectors on Windows and one of them doesn't work
at all? Please stop Tomcat, delete all log files, confirm your
(2-connector) configuration, start Tomcat, then re-post your
Connector configuration and the complete catalina.out log file,
plus versions of everything all at once.

Better yet, if you could provide a matrix of configurations that
*do* work versus *don't* work, that would be great, too. I'm
specifically interested in knowing if this is a generic APR
problem, or only APR-on-Windows. Jeffrey Janner has had problems
on Windows (which may be a win32 TCP/IP stack problem) but if it
doesn't work on Linux, either, then perhaps it really is a bug
with APR or tcnative.


Maybe its worth it to include it in the documentation of the
native library.

Maybe it's worth filing a bug report. If I can get you to
cough-up full details, it will make it much easier.

- -chris

Chris,

This is what I observed. Tomcat 7.0.32

1. Linux (Fedora 14, gcc 4.5.1, OpenJDK IcedTea6 1.9.10 java
version 1.6.0_20)

One connector for port 80 defined without the address attribute:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified * APR connector binds only to IPv6 interface if IPv6
is available, otherwise only IPv4

-

2. Windows Vista (java version 1.7.0_09)

One connector for port 80 defined without the address attribute:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified * APR connector binds only to IPv4 interface (not to
IPv6).

What about when specifying two connectors, one for IPV4 and one for IPv6?


Chris, André,

Specifying 2 Connectors in the server.xml:
For IPv4:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=0.0.0.0/

For IPv6:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=::0/


1. Linux

  * APR connector binds for IPv6 to the IPv6 Connector and for IPv4 to 
the IPv4 Connector

* NIO/BIO connector binds to the IPv4 Connector

For NIO/BIO the catalina.log shows exceptions:
SEVERE: Failed to initialize end point associated with ProtocolHandler 
[http-bio-0:0:0:0:0:0:0:0-80]

java.net.BindException: Address already in use /0:0:0:0:0:0:0:0:80
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
...

-

2. Windows Vista

  * APR connector binds for IPv6 to the IPv6 Connector and for IPv4 to 
the IPv4 Connector

* NIO/BIO connector binds to the IPv4 Connector

For NIO/BIO the catalina.log shows exceptions:
28-nov-2012 21:45:55 org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler 
[http-bio-0:0:0:0:0:0:0:0-80]
java.net.BindException: Address already in use: JVM_Bind 
/0:0:0:0:0:0:0:0:80

at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
...

Maybe I am interpreting this wrong, but in my view this confirms what I was trying to 
explain before (and again, I am no expert but I go by what I found by Googling).
It goes a bit along these lines (and sorry if I'm mixing up things a bit, I have a cold, 
I'm tired and want to go to bed; but I'm sure you can correct).


- On an O.S. which has a dual-capable IP stack (meaning basically : an IP stack which is 
basically IPv6, but can handle IPv4 also) :
  - java connectors, when not specifying an address, will bind to both ::0 (IPv6) and 
0.0.0.0 (IPv4) (there is no magic there, it's the IP stack who does it).

  - java connectors, when

Re: Tomcat with multiple domains

2012-11-28 Thread Paul van Hoven

Hi!

Thanks for your quick and detailed answers. Actually I think I did all
the things you mentioned but it still does not work. So here are the
changes I made:

1. I checked that the following entries are in the engine tag:
Server port=8005 shutdown=SHUTDOWN
...
Service name=Catalina
...
Engine name=Catalina defaultHost=localhost
Host name=localhost  appBase=webapps
unpackWARs=true autoDeploy=true
Host name=www.my2nddomain.com
appBase=/opt/apache-tomcat-7.0.32/my2nddomain unpackWARs=true
autoDeploy=true xmlValidation=false xmlNamespaceAware=false
/Host
/Engine
  /Service
/Server

2. In the host file I altered the entries to
88.84.140.85www.my2nddomain.com
88.84.140.85www.my1rstdomain.com

3. I actually did not really understand what you meant by
 Also, since you are using the /etc/hosts file instead of the DNS system, the 
 client (browser) also has those entries in its hosts file.  And, as 
 Konstantin pointed out, you don't put the port number in the /etc/hosts file.
 If you are using DNS for the clients, make sure that it has entries for both 
 hosts, pointing to the same IP address.

I'm not shure if I understand the meaning of DNS in this case
correctly. Do you mean a DNS on my local machine or do you mean the
DNS on a remote machine? I've got a pure domain hoster and I set an A
record entry such that the domain is forwarded to my server / ip
address 88.84.140.85. Both domains are actually pointing to this ip
address since both are hosted by the same domain hoster. I do not
explicitly use DNS on my local machine, at least I did not configure
it.

And how can the client (browser) have entries in a host file?


The current status is that when calling www.my1rstdomain.com:8080
points to the webapp installed for www.my2nddomain.com:8080.


2012/11/27 Jeffrey Janner jeffrey.jan...@polydyne.com:
 -Original Message-
 From: Paul van Hoven [mailto:paul.van.ho...@googlemail.com]
 Sent: Tuesday, November 27, 2012 2:13 PM
 To: Tomcat Users List
 Subject: Re: Tomcat with multiple domains

 Thanks for the answer. I followed the tutorial you propose (
 http://wiki.apache.org/tomcat/TomcatDevelopmentVirtualHosts ). But it
 is still not working. Here is my new configuration


 server.xml
 Host name=2nddomain.com
 appBase=/opt/apache-tomcat-7.0.32/2nddomain.com unpackWARs=true
 autoDeploy=true xmlValidation=false xmlNamespaceAware=false
   Alias2nddomain.com/Alias
   Aliaswww.2nddomain.com/Alias
   /Host

 The directory
 /opt/apache-tomcat-7.0.32/2nddomain.com
 contains a ROOT.war file.

 I edited the /etc/hosts file and added the following entries:
 88.84.140.88  www.2nddomain.com:8080
 88.84.140.88  www.1rstdomain.com:8080

 Then I restarted the system and the tomcat server. Entering
 www.2nddomain.com:8080 sends me to 1rstdomain.com. I noticed that the
 file  /opt/apache-tomcat-7.0.32/2nddomain.com/ROOT.war remains
 untouched by tomcat, at least nothing is extracted from the war file.

 So what else am I missing here?

 Make sure that the new Host/Host definition is nested inside the 
 Engine/Engine tags.
 You also do not need the first Alias line.  The name= parameter takes care 
 of that mapping for you.
 In general, the nesting works this way:
 Server ... 
   Service ... 
 Connector ... /
 Connector ... /
 Engine ... 
   Host name=host1.com ... 
 Aliaswww.host1.com/Alias
   /Host
   Host name=www.host2.com ... 
 Aliashost2.com/Alias
   /Host
   Host name=www.myhost.com ... /
 /Engine
   /Service
 /Server

 There are a myriad other tag sets that could be included in there and it's 
 very important that they be nested properly to work properly.

 Also, since you are using the /etc/hosts file instead of the DNS system, the 
 client (browser) also has those entries in its hosts file.  And, as 
 Konstantin pointed out, you don't put the port number in the /etc/hosts file.
 If you are using DNS for the clients, make sure that it has entries for both 
 hosts, pointing to the same IP address.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 7 SSL Session ID

Re: tomcat6 with crl doesn't load

Re: tomcat6 with crl doesn't load

Re: tomcat6 with crl doesn't load

Invocation condition of ErrorReportValve

Re: Nagios plugin script for use with JMXProxy

Re: Nagios plugin script for use with JMXProxy

Re: tomcat6 with crl doesn't load

Re: Invocation condition of ErrorReportValve

Re: tomcat6 with crl doesn't load

Re: tomcat6 with crl doesn't load

Tomcat8 Cartridge for OpenShift PaaS

Re: Invocation condition of ErrorReportValve

Writing to response and issuing sendError

Re: Writing to response and issuing sendError

RE: Writing to response and issuing sendError

Re: Writing to response and issuing sendError

Re: Writing to response and issuing sendError

Re: tomcat6 with crl doesn't load

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

Re: Tomcat with multiple domains

22 matches

Site Navigation

Mail list logo

Footer information