RE: Tomcat 8.5.4 and Log4j2

2016-07-28 Thread Chen Levy 
From: Mark Thomas
Sent: Thursday, July 28, 2016 15:32
To: Tomcat Users List
Subject: Re: Tomcat 8.5.4 and Log4j2

On 28/07/2016 20:09, Chen Levy wrote:
> Hello all
> 
> I’ve been using Tomcat 8.0.X with Log4j2, both for Tomcat logging and for my 
> applicative logs, for a long time now.
> It was done using the following jars:
> extras/tomcat-juli.jar
> extras/tomcat-juli-adapters.jar jars
> 
> I’m in the process of upgrading to Tomcat 8.5.4 and according to 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=58588 these jars are no longer 
> distributed.
> 
> I followed the instructions in 
> http://logging.apache.org/log4j/2.0/log4j-jul/index.html and performed the 
> following:
> 1. Added  -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager 
>  to the java command
> 2. Added  log4j-jul-2.6.2.jar  to the classpath
> 
> Other than adding these through setenv.bat, I did not modify anything with 
> the distribution (apache-tomcat-8.5.4-windows-x64.zip)
> 
> Now, when invoking startup.bat, Tomcat starts and exits immediately, without 
> any console or log output

use:
catalina.bat run

to start and report the error message.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Thanks for the hint Mark
There was a ClassNotFoundException where log4j-juli required log4j-api in the 
classpath, then log4-core and finally disruptor.jar
So I moved these jars from Tomcat’s /lib folder, where I used to place them in 
v8.0, to /bin folder, next to tomcat-juli.jar; and added them all to the 
classpath.

I’m no sure if that is the right way, but it’s working. I’m pasting the content 
of my setenv.bat for those who may encounter this issue in the future (I’m 
using a setenv.sh file as well if anyone is interested):


rem Set the classpath for Log4j2
set 
"CLASSPATH=%CLASSPATH%;%CATALINA_HOME%\bin\log4j-jul-2.6.2.jar;%CATALINA_HOME%\bin\log4j-api-2.6.2.jar;%CATALINA_HOME%\bin\log4j-core-2.6.2.jar;%CATALINA_HOME%\bin\disruptor-3.3.4.jar"

rem Log4j2 configuration
set CATALINA_OPTS=%CATALINA_OPTS% 
-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager 
-Dlog4j.configurationFile=file://%CATALINA_HOME%\conf\log4j2.xml


Please let me know if there’s another, better way to do it
Thanks
Chen

tomcat maven plugin sni

2016-07-28 Thread Matthew Broadhead 
is this the right place to ask about tomcat7-maven-plugin v2.2?  i am 
trying to run mvn tomcat:deploy to /manager/text on a host which is 
proxy passed from behind httpd.  several virtual hosts are deployed on 
the server.  SNI works fine through the browser and using openssl 
s_client server-name.


however it doesn't seem to work from tomcat7-maven-plugin.  i get
[ERROR] Failed to execute goal 
org.apache.tomcat.maven:tomcat7-maven-plugin:2.3-SNAPSHOT:redeploy 
(default-cli) on project example: Cannot invoke Tomcat manager: hostname 
in certificate didn't match:  !=  OR 
 OR  -> [Help 1]

i.e. it is reverting to the first host using ssl defined in httpd.conf

i looked at the dependencies and tomcat7-maven-plugin depends on 
common-tomcat-maven-plugin 2.2 which depends on httpclient 4.3.1. 
according to some stuff i read httpclient supports SNI on any version 
after 4.3.1.  are there any updates in the works?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.4 and Log4j2

2016-07-28 Thread Mark Thomas 
On 28/07/2016 20:09, Chen Levy wrote:
> Hello all
> 
> I’ve been using Tomcat 8.0.X with Log4j2, both for Tomcat logging and for my 
> applicative logs, for a long time now.
> It was done using the following jars:
> extras/tomcat-juli.jar
> extras/tomcat-juli-adapters.jar jars
> 
> I’m in the process of upgrading to Tomcat 8.5.4 and according to 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=58588 these jars are no longer 
> distributed.
> 
> I followed the instructions in 
> http://logging.apache.org/log4j/2.0/log4j-jul/index.html and performed the 
> following:
> 1. Added  -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager 
>  to the java command
> 2. Added  log4j-jul-2.6.2.jar  to the classpath
> 
> Other than adding these through setenv.bat, I did not modify anything with 
> the distribution (apache-tomcat-8.5.4-windows-x64.zip)
> 
> Now, when invoking startup.bat, Tomcat starts and exits immediately, without 
> any console or log output

use:
catalina.bat run

to start and report the error message.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8 RemoteIpValve Issues

2016-07-28 Thread Kasa, Nubli 
Abhijit,

  Thank you for your prompt reply. It seems that 
requestAttributesEnabled="true" is required in order to make the valve work. 
Thanks again for your help!

-Nubli

-Original Message-
From: abhij...@apple.com [mailto:abhij...@apple.com] On Behalf Of Abhijit Das
Sent: Thursday, July 28, 2016 12:37 PM
To: Tomcat Users List 
Subject: Re: Tomcat 8 RemoteIpValve Issues

This is how it works for me in Tomcat 8.x (I have hashed out some internal 
values) (some of my pattern may be redundant)

1.2.3.4 will be your LB IP, the IP that is used to talk to the server. 
typically the MIP or the SNIP.





And, this is my access log :

[28/Jul/2016:09:33:57 -0700]-  
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/601.6.16 (KHTML, 
like Gecko) Version/9.1.1 Safari/601.6.16  200 POST  HTTP/1.1 
   443 181 http-nio-8443-exec-13 9

On Jul 28, 2016, at 9:23 AM, Kasa, Nubli  wrote:

Hi,

We have been using RemoteIpValve in Tomcat 7 but it stopped working for us in 
Tomcat 8. Our load balancer will set a header named "X-Cluster-Client-Ip" with 
the client's IP as its value. We expect the client's IP value would be 
overwritten as the "remoteAddr" but it is not. It is working for us currently 
on Tomcat 7 but not on the server with Tomcat 8.

I even created a fresh VM and install fresh apache-tomcat-8.0.36 on Ubuntu and 
added the following settings as a test:


.
.
.



   
   


   


   
   

 


I then use a browser plugin to set X-Cluster-Client-Ip header with value 
"156.56.0.1" and GET the page /Home/Status on the same machine that is hosting 
Tomcat. I got the following results from AccessLogValve:

192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 - 
[27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274

%h is still showing my browser IP - 192.168.56.10 %{X-Cluster-Client-Ip}i 
correctly picks up the header value - 156.56.0.1 %a picks up my browser "Remote 
IP address" - 192.168.56.10 %A just picks up local IP - 127.0.1.1

I have other people verified this issue and we can't seem to figure out if we 
are missing a configuration or if there is a bigger problem. We would 
appreciate any aid you can give us.

Thank you,
Nubli

Tomcat 8.5.4 and Log4j2

2016-07-28 Thread Chen Levy 
Hello all

I’ve been using Tomcat 8.0.X with Log4j2, both for Tomcat logging and for my 
applicative logs, for a long time now.
It was done using the following jars:
extras/tomcat-juli.jar
extras/tomcat-juli-adapters.jar jars

I’m in the process of upgrading to Tomcat 8.5.4 and according to 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58588 these jars are no longer 
distributed.

I followed the instructions in 
http://logging.apache.org/log4j/2.0/log4j-jul/index.html and performed the 
following:
1. Added  -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager  
to the java command
2. Added  log4j-jul-2.6.2.jar  to the classpath

Other than adding these through setenv.bat, I did not modify anything with the 
distribution (apache-tomcat-8.5.4-windows-x64.zip)

Now, when invoking startup.bat, Tomcat starts and exits immediately, without 
any console or log output

Please advise

Thanks in advance
Chen

Compression with APR connector and SSL

2016-07-28 Thread Martinez Maestre, Raul (CIT-IOEP) 
Hi,



I have configured APR with the following versions for components

-APR version 1.5.2

- Open SSL version openssl-1.0.2h

- Apache Tomcat Native library 1.2.7



The HTTPS connector on server.xml is the shown below. All works properly ex= 
cept compression, no way to have contents compressed in client side. Someon= e 
knows what could be missing?





Thanks in advance and best regards!

Raúl

Re: Tomcat 8 RemoteIpValve Issues

2016-07-28 Thread Abhijit Das 
This is how it works for me in Tomcat 8.x (I have hashed out some internal 
values) (some of my pattern may be redundant)

1.2.3.4 will be your LB IP, the IP that is used to talk to the server. 
typically the MIP or the SNIP.





And, this is my access log :

[28/Jul/2016:09:33:57 -0700]-  
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/601.6.16 (KHTML, 
like Gecko) Version/9.1.1 Safari/601.6.16  200 POST  HTTP/1.1 
   443 181 http-nio-8443-exec-13 9

On Jul 28, 2016, at 9:23 AM, Kasa, Nubli  wrote:

Hi,

We have been using RemoteIpValve in Tomcat 7 but it stopped working for us in 
Tomcat 8. Our load balancer will set a header named "X-Cluster-Client-Ip" with 
the client's IP as its value. We expect the client's IP value would be 
overwritten as the "remoteAddr" but it is not. It is working for us currently 
on Tomcat 7 but not on the server with Tomcat 8.

I even created a fresh VM and install fresh apache-tomcat-8.0.36 on Ubuntu and 
added the following settings as a test:


.
.
.



   
   


   


   
   

 


I then use a browser plugin to set X-Cluster-Client-Ip header with value 
"156.56.0.1" and GET the page /Home/Status on the same machine that is hosting 
Tomcat. I got the following results from AccessLogValve:

192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 - 
[27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274

%h is still showing my browser IP - 192.168.56.10
%{X-Cluster-Client-Ip}i correctly picks up the header value - 156.56.0.1
%a picks up my browser "Remote IP address" - 192.168.56.10
%A just picks up local IP - 127.0.1.1

I have other people verified this issue and we can't seem to figure out if we 
are missing a configuration or if there is a bigger problem. We would 
appreciate any aid you can give us.

Thank you,
Nubli

Tomcat 8 RemoteIpValve Issues

2016-07-28 Thread Kasa, Nubli 
Hi,

We have been using RemoteIpValve in Tomcat 7 but it stopped working for us in 
Tomcat 8. Our load balancer will set a header named "X-Cluster-Client-Ip" with 
the client's IP as its value. We expect the client's IP value would be 
overwritten as the "remoteAddr" but it is not. It is working for us currently 
on Tomcat 7 but not on the server with Tomcat 8.

I even created a fresh VM and install fresh apache-tomcat-8.0.36 on Ubuntu and 
added the following settings as a test:


.
.
.













  


I then use a browser plugin to set X-Cluster-Client-Ip header with value 
"156.56.0.1" and GET the page /Home/Status on the same machine that is hosting 
Tomcat. I got the following results from AccessLogValve:

192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 - 
[27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274

%h is still showing my browser IP - 192.168.56.10
%{X-Cluster-Client-Ip}i correctly picks up the header value - 156.56.0.1
%a picks up my browser "Remote IP address" - 192.168.56.10
%A just picks up local IP - 127.0.1.1

I have other people verified this issue and we can't seem to figure out if we 
are missing a configuration or if there is a bigger problem. We would 
appreciate any aid you can give us.

Thank you,
Nubli

Re: (Cross-Posted) Does anybody have any experience with Tomcat 8 on an IBM Midrange (AS/400, iSeries, whatever they're calling it this week) box?

2016-07-28 Thread Mark Thomas 
On 28 July 2016 16:20:33 BST, "James H. H. Lampert"  
wrote:
>On 7/27/16, 7:01 PM, Matthew Herzog wrote:
>> HAHAHAHAHAHA
>
>That was uncalled-for.

Indeed. The Community expects all contributors to abide by the code of conduct.

http://www.apache.org/foundation/policies/conduct

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: (Cross-Posted) Does anybody have any experience with Tomcat 8 on an IBM Midrange (AS/400, iSeries, whatever they're calling it this week) box?

2016-07-28 Thread James H. H. Lampert 

On 7/27/16, 7:01 PM, Matthew Herzog wrote:

HAHAHAHAHAHA


That was uncalled-for.

--
JHHL


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to disable CSRF checks?

2016-07-28 Thread Mark Thomas 
On 28/07/2016 07:55, Robert Alsdorff wrote:
> On 26.07.2016 12:22, Mark Thomas wrote:
>> On 26/07/2016 11:18, Robert Alsdorff wrote:
>>> Hey folks,
>>>
>>> during some tests I had several 403 Validation of CSRF security token
>>> failed errors. Since it's only a testing system I'd like to disable
>>> the CSRF checks but I don't find any information on how to do that.
>>> Has anybody already done that and can help me out?
>>
>> Assuming that the CSRF protection is provided by the standard Tomcat
>> filter, remove the mapping for the CSRF filter in the web.xml of the
>> application.
>>
>> Mark
> 
> I searched the standard web.xml, the standard server.xml and the
> applications
> web.xml for the CSRF filter but non of these have the filter mappings.
> A quick search showed that there are no more web.xml files on my system.
> Where
> else could that filter be enabled or do I have to define the filter in the
> web.xml and set some kind of disabled flag?

The only place that filter will be defined is in web.xml. It has to be
defined for it to be enabled.

It is possible that the CSRF protection is being provided by a component
other than Tomcat. If that is the case, you'll need to figure out which
and then look in the docs for that component to disable it.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat embedded fail to start after upgrade - setDigest is missing

2016-07-28 Thread Abody Zoubi 
in the release of 8.0.x of tomcat embedded I worked with setDigest("SHA-1") , 
and in the 8.5 they removed this method and replaced it by CredentialHandler ,I 
used it like this:

 MessageDigestCredentialHandler handler = new MessageDigestCredentialHandler();
try {
handler.setAlgorithm("SHA1");
setCredentialHandler(handler);
}
catch(NoSuchAlgorithmException ex){
Logger.getLogger(this.getClass()).error("No such algorithim");
}

but my server still off and does not work , I got these exceptions messages:

IDT ERROR [org.apache.catalina.core.StandardService] [main] [ERROR] - Failed to 
initialize connector [Connector[HTTP/1.1-8100]]
org.apache.catalina.LifecycleException: Failed to initialize component 
[Connector[HTTP/1.1-8100]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:111)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:141)
at org.apache.catalina.startup.Tomcat.start(Tomcat.java:356)
at 
com.bmc.aps.commonserver.CommonServerImpl.start(CommonServerImpl.java:597)
at 
com.bmc.aps.commonserver.CommonServerImpl.startAndWait(CommonServerImpl.java:585)
at com.bmc.aps.portal.Portal.startAndWait(Portal.java:228)
at com.bmc.aps.portal.Portal.main(Portal.java:337)
Caused by: org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1012)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)


Caused by: java.io.IOException: Keystore was tampered with, or password was 
incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getStore(JSSEUtil.java:211)
at 
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:283)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:91)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:839)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:196)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)


Any idea how to solve it?

Re: How to disable CSRF checks?

2016-07-28 Thread Robert Alsdorff 

On 26.07.2016 12:22, Mark Thomas wrote:

On 26/07/2016 11:18, Robert Alsdorff wrote:

Hey folks,

during some tests I had several 403 Validation of CSRF security token
failed errors. Since it's only a testing system I'd like to disable
the CSRF checks but I don't find any information on how to do that.
Has anybody already done that and can help me out?


Assuming that the CSRF protection is provided by the standard Tomcat
filter, remove the mapping for the CSRF filter in the web.xml of the
application.

Mark


I searched the standard web.xml, the standard server.xml and the 
applications

web.xml for the CSRF filter but non of these have the filter mappings.
A quick search showed that there are no more web.xml files on my system. 
Where
else could that filter be enabled or do I have to define the filter in 
the

web.xml and set some kind of disabled flag?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org