RE: Tomcat 8.5.4 and Log4j2
From: Mark Thomas Sent: Thursday, July 28, 2016 15:32 To: Tomcat Users List Subject: Re: Tomcat 8.5.4 and Log4j2 On 28/07/2016 20:09, Chen Levy wrote: > Hello all > > I’ve been using Tomcat 8.0.X with Log4j2, both for Tomcat logging and for my > applicative logs, for a long time now. > It was done using the following jars: > extras/tomcat-juli.jar > extras/tomcat-juli-adapters.jar jars > > I’m in the process of upgrading to Tomcat 8.5.4 and according to > https://bz.apache.org/bugzilla/show_bug.cgi?id=58588 these jars are no longer > distributed. > > I followed the instructions in > http://logging.apache.org/log4j/2.0/log4j-jul/index.html and performed the > following: > 1. Added -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager > to the java command > 2. Added log4j-jul-2.6.2.jar to the classpath > > Other than adding these through setenv.bat, I did not modify anything with > the distribution (apache-tomcat-8.5.4-windows-x64.zip) > > Now, when invoking startup.bat, Tomcat starts and exits immediately, without > any console or log output use: catalina.bat run to start and report the error message. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Thanks for the hint Mark There was a ClassNotFoundException where log4j-juli required log4j-api in the classpath, then log4-core and finally disruptor.jar So I moved these jars from Tomcat’s /lib folder, where I used to place them in v8.0, to /bin folder, next to tomcat-juli.jar; and added them all to the classpath. I’m no sure if that is the right way, but it’s working. I’m pasting the content of my setenv.bat for those who may encounter this issue in the future (I’m using a setenv.sh file as well if anyone is interested): rem Set the classpath for Log4j2 set "CLASSPATH=%CLASSPATH%;%CATALINA_HOME%\bin\log4j-jul-2.6.2.jar;%CATALINA_HOME%\bin\log4j-api-2.6.2.jar;%CATALINA_HOME%\bin\log4j-core-2.6.2.jar;%CATALINA_HOME%\bin\disruptor-3.3.4.jar" rem Log4j2 configuration set CATALINA_OPTS=%CATALINA_OPTS% -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j.configurationFile=file://%CATALINA_HOME%\conf\log4j2.xml Please let me know if there’s another, better way to do it Thanks Chen
tomcat maven plugin sni
is this the right place to ask about tomcat7-maven-plugin v2.2? i am trying to run mvn tomcat:deploy to /manager/text on a host which is proxy passed from behind httpd. several virtual hosts are deployed on the server. SNI works fine through the browser and using openssl s_client server-name. however it doesn't seem to work from tomcat7-maven-plugin. i get [ERROR] Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.3-SNAPSHOT:redeploy (default-cli) on project example: Cannot invoke Tomcat manager: hostname in certificate didn't match: != OR OR -> [Help 1] i.e. it is reverting to the first host using ssl defined in httpd.conf i looked at the dependencies and tomcat7-maven-plugin depends on common-tomcat-maven-plugin 2.2 which depends on httpclient 4.3.1. according to some stuff i read httpclient supports SNI on any version after 4.3.1. are there any updates in the works? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.5.4 and Log4j2
On 28/07/2016 20:09, Chen Levy wrote: > Hello all > > I’ve been using Tomcat 8.0.X with Log4j2, both for Tomcat logging and for my > applicative logs, for a long time now. > It was done using the following jars: > extras/tomcat-juli.jar > extras/tomcat-juli-adapters.jar jars > > I’m in the process of upgrading to Tomcat 8.5.4 and according to > https://bz.apache.org/bugzilla/show_bug.cgi?id=58588 these jars are no longer > distributed. > > I followed the instructions in > http://logging.apache.org/log4j/2.0/log4j-jul/index.html and performed the > following: > 1. Added -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager > to the java command > 2. Added log4j-jul-2.6.2.jar to the classpath > > Other than adding these through setenv.bat, I did not modify anything with > the distribution (apache-tomcat-8.5.4-windows-x64.zip) > > Now, when invoking startup.bat, Tomcat starts and exits immediately, without > any console or log output use: catalina.bat run to start and report the error message. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 8 RemoteIpValve Issues
Abhijit, Thank you for your prompt reply. It seems that requestAttributesEnabled="true" is required in order to make the valve work. Thanks again for your help! -Nubli -Original Message- From: abhij...@apple.com [mailto:abhij...@apple.com] On Behalf Of Abhijit Das Sent: Thursday, July 28, 2016 12:37 PM To: Tomcat Users ListSubject: Re: Tomcat 8 RemoteIpValve Issues This is how it works for me in Tomcat 8.x (I have hashed out some internal values) (some of my pattern may be redundant) 1.2.3.4 will be your LB IP, the IP that is used to talk to the server. typically the MIP or the SNIP. And, this is my access log : [28/Jul/2016:09:33:57 -0700]- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/601.6.16 (KHTML, like Gecko) Version/9.1.1 Safari/601.6.16 200 POST HTTP/1.1 443 181 http-nio-8443-exec-13 9 On Jul 28, 2016, at 9:23 AM, Kasa, Nubli wrote: Hi, We have been using RemoteIpValve in Tomcat 7 but it stopped working for us in Tomcat 8. Our load balancer will set a header named "X-Cluster-Client-Ip" with the client's IP as its value. We expect the client's IP value would be overwritten as the "remoteAddr" but it is not. It is working for us currently on Tomcat 7 but not on the server with Tomcat 8. I even created a fresh VM and install fresh apache-tomcat-8.0.36 on Ubuntu and added the following settings as a test: . . . I then use a browser plugin to set X-Cluster-Client-Ip header with value "156.56.0.1" and GET the page /Home/Status on the same machine that is hosting Tomcat. I got the following results from AccessLogValve: 192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 - [27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274 %h is still showing my browser IP - 192.168.56.10 %{X-Cluster-Client-Ip}i correctly picks up the header value - 156.56.0.1 %a picks up my browser "Remote IP address" - 192.168.56.10 %A just picks up local IP - 127.0.1.1 I have other people verified this issue and we can't seem to figure out if we are missing a configuration or if there is a bigger problem. We would appreciate any aid you can give us. Thank you, Nubli
Tomcat 8.5.4 and Log4j2
Hello all I’ve been using Tomcat 8.0.X with Log4j2, both for Tomcat logging and for my applicative logs, for a long time now. It was done using the following jars: extras/tomcat-juli.jar extras/tomcat-juli-adapters.jar jars I’m in the process of upgrading to Tomcat 8.5.4 and according to https://bz.apache.org/bugzilla/show_bug.cgi?id=58588 these jars are no longer distributed. I followed the instructions in http://logging.apache.org/log4j/2.0/log4j-jul/index.html and performed the following: 1. Added -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager to the java command 2. Added log4j-jul-2.6.2.jar to the classpath Other than adding these through setenv.bat, I did not modify anything with the distribution (apache-tomcat-8.5.4-windows-x64.zip) Now, when invoking startup.bat, Tomcat starts and exits immediately, without any console or log output Please advise Thanks in advance Chen
Compression with APR connector and SSL
Hi, I have configured APR with the following versions for components -APR version 1.5.2 - Open SSL version openssl-1.0.2h - Apache Tomcat Native library 1.2.7 The HTTPS connector on server.xml is the shown below. All works properly ex= cept compression, no way to have contents compressed in client side. Someon= e knows what could be missing? Thanks in advance and best regards! Raúl
Re: Tomcat 8 RemoteIpValve Issues
This is how it works for me in Tomcat 8.x (I have hashed out some internal values) (some of my pattern may be redundant) 1.2.3.4 will be your LB IP, the IP that is used to talk to the server. typically the MIP or the SNIP. And, this is my access log : [28/Jul/2016:09:33:57 -0700]- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/601.6.16 (KHTML, like Gecko) Version/9.1.1 Safari/601.6.16 200 POST HTTP/1.1 443 181 http-nio-8443-exec-13 9 On Jul 28, 2016, at 9:23 AM, Kasa, Nubliwrote: Hi, We have been using RemoteIpValve in Tomcat 7 but it stopped working for us in Tomcat 8. Our load balancer will set a header named "X-Cluster-Client-Ip" with the client's IP as its value. We expect the client's IP value would be overwritten as the "remoteAddr" but it is not. It is working for us currently on Tomcat 7 but not on the server with Tomcat 8. I even created a fresh VM and install fresh apache-tomcat-8.0.36 on Ubuntu and added the following settings as a test: . . . I then use a browser plugin to set X-Cluster-Client-Ip header with value "156.56.0.1" and GET the page /Home/Status on the same machine that is hosting Tomcat. I got the following results from AccessLogValve: 192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 - [27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274 %h is still showing my browser IP - 192.168.56.10 %{X-Cluster-Client-Ip}i correctly picks up the header value - 156.56.0.1 %a picks up my browser "Remote IP address" - 192.168.56.10 %A just picks up local IP - 127.0.1.1 I have other people verified this issue and we can't seem to figure out if we are missing a configuration or if there is a bigger problem. We would appreciate any aid you can give us. Thank you, Nubli
Tomcat 8 RemoteIpValve Issues
Hi, We have been using RemoteIpValve in Tomcat 7 but it stopped working for us in Tomcat 8. Our load balancer will set a header named "X-Cluster-Client-Ip" with the client's IP as its value. We expect the client's IP value would be overwritten as the "remoteAddr" but it is not. It is working for us currently on Tomcat 7 but not on the server with Tomcat 8. I even created a fresh VM and install fresh apache-tomcat-8.0.36 on Ubuntu and added the following settings as a test: . . . I then use a browser plugin to set X-Cluster-Client-Ip header with value "156.56.0.1" and GET the page /Home/Status on the same machine that is hosting Tomcat. I got the following results from AccessLogValve: 192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 - [27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274 %h is still showing my browser IP - 192.168.56.10 %{X-Cluster-Client-Ip}i correctly picks up the header value - 156.56.0.1 %a picks up my browser "Remote IP address" - 192.168.56.10 %A just picks up local IP - 127.0.1.1 I have other people verified this issue and we can't seem to figure out if we are missing a configuration or if there is a bigger problem. We would appreciate any aid you can give us. Thank you, Nubli
Re: (Cross-Posted) Does anybody have any experience with Tomcat 8 on an IBM Midrange (AS/400, iSeries, whatever they're calling it this week) box?
On 28 July 2016 16:20:33 BST, "James H. H. Lampert"wrote: >On 7/27/16, 7:01 PM, Matthew Herzog wrote: >> HAHAHAHAHAHA > >That was uncalled-for. Indeed. The Community expects all contributors to abide by the code of conduct. http://www.apache.org/foundation/policies/conduct Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: (Cross-Posted) Does anybody have any experience with Tomcat 8 on an IBM Midrange (AS/400, iSeries, whatever they're calling it this week) box?
On 7/27/16, 7:01 PM, Matthew Herzog wrote: HAHAHAHAHAHA That was uncalled-for. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to disable CSRF checks?
On 28/07/2016 07:55, Robert Alsdorff wrote: > On 26.07.2016 12:22, Mark Thomas wrote: >> On 26/07/2016 11:18, Robert Alsdorff wrote: >>> Hey folks, >>> >>> during some tests I had several 403 Validation of CSRF security token >>> failed errors. Since it's only a testing system I'd like to disable >>> the CSRF checks but I don't find any information on how to do that. >>> Has anybody already done that and can help me out? >> >> Assuming that the CSRF protection is provided by the standard Tomcat >> filter, remove the mapping for the CSRF filter in the web.xml of the >> application. >> >> Mark > > I searched the standard web.xml, the standard server.xml and the > applications > web.xml for the CSRF filter but non of these have the filter mappings. > A quick search showed that there are no more web.xml files on my system. > Where > else could that filter be enabled or do I have to define the filter in the > web.xml and set some kind of disabled flag? The only place that filter will be defined is in web.xml. It has to be defined for it to be enabled. It is possible that the CSRF protection is being provided by a component other than Tomcat. If that is the case, you'll need to figure out which and then look in the docs for that component to disable it. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat embedded fail to start after upgrade - setDigest is missing
in the release of 8.0.x of tomcat embedded I worked with setDigest("SHA-1") , and in the 8.5 they removed this method and replaced it by CredentialHandler ,I used it like this: MessageDigestCredentialHandler handler = new MessageDigestCredentialHandler(); try { handler.setAlgorithm("SHA1"); setCredentialHandler(handler); } catch(NoSuchAlgorithmException ex){ Logger.getLogger(this.getClass()).error("No such algorithim"); } but my server still off and does not work , I got these exceptions messages: IDT ERROR [org.apache.catalina.core.StandardService] [main] [ERROR] - Failed to initialize connector [Connector[HTTP/1.1-8100]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8100]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:111) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:141) at org.apache.catalina.startup.Tomcat.start(Tomcat.java:356) at com.bmc.aps.commonserver.CommonServerImpl.start(CommonServerImpl.java:597) at com.bmc.aps.commonserver.CommonServerImpl.startAndWait(CommonServerImpl.java:585) at com.bmc.aps.portal.Portal.startAndWait(Portal.java:228) at com.bmc.aps.portal.Portal.main(Portal.java:337) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.tomcat.util.net.jsse.JSSEUtil.getStore(JSSEUtil.java:211) at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:283) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:91) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:839) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:196) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010) Any idea how to solve it?
Re: How to disable CSRF checks?
On 26.07.2016 12:22, Mark Thomas wrote: On 26/07/2016 11:18, Robert Alsdorff wrote: Hey folks, during some tests I had several 403 Validation of CSRF security token failed errors. Since it's only a testing system I'd like to disable the CSRF checks but I don't find any information on how to do that. Has anybody already done that and can help me out? Assuming that the CSRF protection is provided by the standard Tomcat filter, remove the mapping for the CSRF filter in the web.xml of the application. Mark I searched the standard web.xml, the standard server.xml and the applications web.xml for the CSRF filter but non of these have the filter mappings. A quick search showed that there are no more web.xml files on my system. Where else could that filter be enabled or do I have to define the filter in the web.xml and set some kind of disabled flag? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org