Max Sessions Across whole Server

[Anthony, Clark R [US] (MS)]

Hello,
I'm currently using Tomcat 8.5.14. I'd like to be able to limit the number of 
active sessions across the entire Tomcat server. I saw the "maxActiveSessions" 
value in the Manager configuration component, but that appears to be required 
to be nested inside a Context object. So that would seem to me that it is only 
available on a per-application basis. We have other people deploying into our 
Tomcat instance and we can't depend on them to set this limit properly for 
their app.

Is there a way to limit these sessions globally, for the entire Engine or Host 
server? If not, is this something that might be considered for a new feature 
addition in the future? I'm using the SingleSignOn valve if that helps (or 
hinders).

Thanks,
Clark

Re: how to upgrade tomcat 8.5.x?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 5/24/17 11:50 AM, Mark Eggers wrote:
> True blue-green deployments would take some additional work, but 
> that's not beyond the realm of possibility. I might spend some
> time doing this with Elastic Beanstalk, since $work wishes to move
> to AWS.
This was a presentation that I *really* wanted to get someone to do for
TomcatCon, but we couldn't find anyone to do it.

If you were able to research, prepare, and present this information at
an upcoming conference, I believe it would be well-attended.

I would certainly be there, taking notes.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZJfZ6AAoJEBzwKT+lPKRYnnoQAL54pJjqipUqLyvA7hL3dxzf
qW82ehCxgRsdZLHISRC98ZkIk2eubUX4DhA9fnQIx9y6EF8U/8+GvFOGvOSR7mGj
KhKoUtp1eYYWUNBxofftNFoUHV/Sv0gM+uugQgZBPkwIZu48KZyjajtNjIAwjx8M
R7baBq+fgaF9MzELWBaKStwMgh41aNs5ccHoZsNqafG2z2CeHPtT0nqBVb/cI4FS
YLZF69Icz0vOoRj3Jmvt8tjIkLHCcUUipcmqbU/63D4HwXbgG10YHqYWhaWF7LbL
1E7YRhexaiaPka2dscGE7AQKc1oNGWv1L3AJESoYgRZE/pqYtP33WFT1gaRHzrH4
+s91+jLtIxfotL+UrRaZM49xqoUt2P7SZu24ttabdmrXQRzBwpBUB1Mr5lnFgaCF
j4FgIn5eJOGm7tg4r+jHVYGuvN+4sPVuVu6+5QRwC2MB/K9cvM8JnJn0CCZXOoFi
st20CVSu6o8SVGz+7diVzswaGLcxYm7PhaIT/Cg07nDpy2iANLXiWX9mYGntfZwG
X8WESV8ppn+0619JKZLLQFoAePCWmz9MpT5bzMFu1Q3JuvP6/QfjZUFBG1Wg9+aM
gaC5CVIgpnbiyvhrIIimMszppAGSCwZ10zXNM4QvV3XHHAxt6ntJFP+42X+ZLD6e
D2/yMepIMcNd0aiayk+M
=lt+H
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat 8 windows service logs

[Gili B]

hi

Im using tomcat 8 as a windows service.

Most of the logs are going to .stderr

I use the same logging.config as I use in linux (and it works in linux).


The files are created under logs directory, but are empty.

When I configure tomcat LogLevel to WARNING, I still see INFO messages in 
stderr file.


Please help.


Thanks

-gili

Re: how to upgrade tomcat 8.5.x?

[Mark Eggers]

Chris,

On 5/23/2017 10:55 AM, Christopher Schultz wrote:
> Mark,
> 
> On 5/21/17 8:34 PM, Mark Eggers wrote:
>> I developed my own [build and deployment scripts]. I use the Ant 
>> scripts just for customizing Tomcat installations.> I do have one
>> slight issue with my current Ant scripts. The link task isn't
>> supposed to create a link if it already exists, but it does, and 
>> actually creates a link inside of the existing link. This means
>> that I have a manual cleanup step to do, which is annoying.
> 
>> Also, the Ant xml task doesn't handle namespaces well. I'll have
>> to figure out how to mangle tomcat-users.xml in a better fashion
>> for the 8.x series.
> 
> Which XML task? We use XSLT to for example customize the manager.xml
> deployment file that comes with a stock Tomcat to deploy a manager
> with our protections enabled.
> 
>> I use a custom-built init script for starting, stopping, querying,
>> and getting the version of a Tomcat services. I'll have to build
>> something soon to handle systemd.
> 
>> I use Maven, the Tomcat Maven plugin, and Jenkins to customize a
>> WAR file for a particular environment. Coupled with parallel
>> deployments, this basically allows us to update with no downtime.
> 
> Nice!
> 
> I'd love to see a TomcatCon presentation from the community about
> blue/green deployments with Tomcat. :)
> 
> -chris
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

I use the following for XML editing in Ant:

http://www.oopsconsultancy.com/software/xmltask/

It does a lot of nice things, but there are two issues.

1. It's old - has not been released since 2009
2. Namespace handling - it's an acknowledged issue

I'll try the xslt task and see if I can get the same functionality with
a little effort.

My current setup depends on a lot of things that are either broken
(security issues with a Jenkins plugin) or not available (Nexus 3 no
longer has a REST interface, but it's coming RSN).

I should get involved to see how much effort it would be to a) help
address the security concerns, and b) expose in Nexus 3 the information
needed.

It would also be nice to set this up with other Maven repositories as
well as other CI environments.

True blue-green deployments would take some additional work, but that's
not beyond the realm of possibility. I might spend some time doing this
with Elastic Beanstalk, since $work wishes to move to AWS.

. . . just my (beleaguered) two cents
/mde/



signature.asc
Description: OpenPGP digital signature

issue with tomcat 8.0.43

[Karthik Surya]

 blockquote, div.yahoo_quoted { margin-left: 0 !important; border-left:1px 
#715FFA solid !important; padding-left:1ex !important; background-color:white 
!important; } 
Hello 
 i tried upgrading from 8.0.14 to 8.0.43 and am stuck with an issue of view 
expired issue which is causing session values to be lost.
in tomcat 8.0.14 - it works good
any pointers?
Thanks and Regards
Sent from Yahoo Mail for iPhone

Re: trimSpaces removing whitespace from html

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

David,

Your attachments were stripped from the list. Can you put the text
directly into your post?

Thanks,
- -chris

On 5/24/17 6:29 AM, David Kavanagh wrote:
> Hi Mark,
> 
> Apologies for the delay. I have the files that should reproduce
> the error for you. The imageTopWrapper.jsp loads the
> articleBody.tag. Then inside the articleBody.tag file the
> following section loads class names into the class attributes.
> 
> http://section.name>}${fn:length(item.uri) == 0 ? item.id 
>  : item.detailItem.id
> }" data-mrf-section="${section.name
> }" data-mrf-section-title="${section.title}" 
> data-mrf-sectionId="${linkedItem == null ? section.name 
>  : 'articleLink'}" 
> data-mrf-extracted="${item.isExtracted()}" 
> data-mrf-uri="${item.uri}" data-mrf-layout="${layout}#${position}" 
> data-mrf-headline="${headline}" 
> data-shortcut="navigationLevel:open:details" data-mrf-transitioner="${transitioner}" 
> data-mrf-virtualpageid="${virtualPageId}" 
> class="${articleClass}${imageClassName}${pocketClassName}">
> 
> This is the correct output when the trimSpaces flag is not
> enabled.
> 
> class="mrf-article mrf-article--photo mrf-page mrf-noFillet
> mrf-author mrf-m mrf-image ">
> 
> 
> This is the output after it is enabled
> 
> class="mrf-article mrf-article--photo mrf-page mrf-noFillet
> mrf-author mrf-mmrf-image">
> 
> 
> I have attached the two necessary files. Hopefully this can
> reproduce the error for you
> 
> Thanks
> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZJZZMAAoJEBzwKT+lPKRYXpYP/3ZS4M7eaZ+/13kY09RWe1cP
m9THOTZxZNOuv/8FV5Zysdy1c2c1FWAyyS/JfIt0k2j6mDiEYOi9zjR1Bcrue05Z
sI1UHUeFK4t+uPEQiXmz0NPrH+1Wj/d3QqbZrdhmZ6EJBFf5vZTWeft6ynX1Gjpc
EV20DMMYjblsStwF1NTflJxbWBXkvYD8Kj8CzKpfExZF73AZdpxcScSjXsky3+4V
W2Gm2LkQ9tKBa4Zzz8p0DCt1iHCMb8qUVHWd6zoLW10NcScwTHhd/uSj1ZVqMNv5
P0K0Vvw8tSZ5/TuVnZZeSZgIlhsNwX2JAoIjiqrid0bn0IEM54k5ULZnq7+fBoZP
eeAMybADTZhgjUqOjeKarV5GK3uGTkGble0LVq5NFETTwd3eZIwTij1Xd7YHhPPq
uK44R9GzhWwI+k7CNUMU3l4SXDLBaFklCHevfw+ibpW1tP3hvXMLOiTD23gG9xHS
pn7cjLKps7ovR0WeYFLwLtzFSW6GjlUdU1nvRqIeg0+RpcVI/BZvOvaneuKGKgan
MLUayvdNwhY3b29d7i0e2zV8hVAD7LSTVDlMeLjOfvftuxgPXBrUagQktHjr/6tA
l11RjI86F0TbWX/ZSFvrKfpBkp7OpIsC/ayuovm4bWosCIIK8HzUc3GQUc1G34yD
IyerNligTd2KezQytipB
=uh7o
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Automatic deploy : java.util.zip.ZipException on macosx

[Riccardo Cohen]

Thanks for your quick answer.

I found my mistake, I put the war in a wrong webapps directory, and I 
don't know why there was a symbolic link with the same name in the good 
webapps directory !

Problem solved.
Thanks a lot.


On 24/05/2017 13:39, Simon De Uvarow wrote:

Sorry, the
   "A WAR file may be digitally signed
 in the same way as a
JAR  file in order
to allow others to determine where the source code came from."
 wasn't correct. My bad.

But try searching why your war file doesn't contain the META-INF folder.





"No olvides, no traiciones, lo que llevas bien dentro de ti. No olvides,
no traiciones, lo que siempre te ha hecho vivir."

On Wed, May 24, 2017 at 8:35 AM, Simon De Uvarow > wrote:

Hi Ricardo, it looks like your war files doesn't contain the
META-INF folder.

Check here:
https://en.wikipedia.org/wiki/WAR_(file_format)


"A WAR file may be digitally signed
 in the same way as
a JAR  file in
order to allow others to determine where the source code came from."

https://en.wikipedia.org/wiki/JAR_(file_format)


Hope it helps,


"No olvides, no traiciones, lo que llevas bien dentro de ti. No
olvides, no traiciones, lo que siempre te ha hecho vivir."

On Wed, May 24, 2017 at 8:31 AM, Riccardo Cohen
> wrote:

Hello

I'm new to tomcat and just tried sucessfully a small hello world
with tomcat 8.5.14 on macosx / java 1.8.0_25.

With IntelliJ I created a war thanks to their tomcat plugin. The
war is valid and can be unzipped with no problem:

.../apache-tomcat-8.5.14/webapps> unzip web_war.war
Archive:  web_war.war
  inflating: Basic1.jsp
  inflating: Basic2.jsp
  inflating: header.jspf
   creating: WEB-INF/
   creating: WEB-INF/classes/
   creating: WEB-INF/classes/Basic2/
  inflating: WEB-INF/classes/Basic2/Basic2Servlet.class
  inflating: WEB-INF/web.xml

But when I put it in $CATALINA_HOME/webapps , I have an
exception a launch time :

java.util.zip.ZipException: error in opening zip file

(full log below). I found nothing on googling about this error.
Where should I search ?

Thanks a lot.

--
Riccardo Cohen
+33 6 09 83 64 49 
E5Group
http://www.5flow.com






FULL LOG:
-
Using CATALINA_BASE:   /Users/rc/zdrop/appdata/tomcat
Using CATALINA_HOME:   /Applications/softdev/apache-tomcat-8.5.14
Using CATALINA_TMPDIR: /Users/rc/zdrop/appdata/tomcat/temp
Using JRE_HOME:
/Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home
Using CLASSPATH:

/Applications/softdev/apache-tomcat-8.5.14/bin/bootstrap.jar:/Applications/softdev/apache-tomcat-8.5.14/bin/tomcat-juli.jar
24-May-2017 13:26:38.336 INFO [main]
org.apache.catalina.startup.Ve
rsionLoggerListener.log
Server version:Apache Tomcat/8.5.14
24-May-2017 13:26:38.338 INFO [main]
org.apache.catalina.startup.Ve
rsionLoggerListener.log
Server built:  Apr 13 2017 12:55:45 UTC
24-May-2017 13:26:38.338 INFO [main]
org.apache.catalina.startup.Ve
rsionLoggerListener.log
Server number: 8.5.14.0
24-May-2017 13:26:38.338 INFO [main]
org.apache.catalina.startup.Ve
rsionLoggerListener.log
OS Name:   Mac OS X
24-May-2017 13:26:38.339 INFO [main]
org.apache.catalina.startup.Ve
rsionLoggerListener.log
OS Version:10.12.4
24-May-2017 13:26:38.339 INFO [main]
org.apache.catalina.startup.Ve
rsionLoggerListener.log
Architecture:  x86_64
24-May-2017 13:26:38.339 INFO [main]
org.apache.catalina.startup.Ve
rsionLoggerListener.log
Java Home:
/Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home/jre
24-May-2017 13:26:38.339 INFO [main]
org.apache.catalina.startup.Ve
rsionLoggerListener.log
JVM Version:   1.8.0_25-b17
24-May-2017 

Re: Automatic deploy : java.util.zip.ZipException on macosx

[Simon De Uvarow]

Sorry, the
   "A WAR file may be digitally signed
 in the same way as a JAR
 file in order to
allow others to determine where the source code came from."
 wasn't correct. My bad.

But try searching why your war file doesn't contain the META-INF folder.





"No olvides, no traiciones, lo que llevas bien dentro de ti. No olvides, no
traiciones, lo que siempre te ha hecho vivir."

On Wed, May 24, 2017 at 8:35 AM, Simon De Uvarow 
wrote:

> Hi Ricardo, it looks like your war files doesn't contain the META-INF
> folder.
>
> Check here:
> https://en.wikipedia.org/wiki/WAR_(file_format)
>
> "A WAR file may be digitally signed
>  in the same way as a JAR
>  file in order to
> allow others to determine where the source code came from."
>
> https://en.wikipedia.org/wiki/JAR_(file_format)
>
> Hope it helps,
>
>
> "No olvides, no traiciones, lo que llevas bien dentro de ti. No olvides,
> no traiciones, lo que siempre te ha hecho vivir."
>
> On Wed, May 24, 2017 at 8:31 AM, Riccardo Cohen  > wrote:
>
>> Hello
>>
>> I'm new to tomcat and just tried sucessfully a small hello world with
>> tomcat 8.5.14 on macosx / java 1.8.0_25.
>>
>> With IntelliJ I created a war thanks to their tomcat plugin. The war is
>> valid and can be unzipped with no problem:
>>
>> .../apache-tomcat-8.5.14/webapps> unzip web_war.war
>> Archive:  web_war.war
>>   inflating: Basic1.jsp
>>   inflating: Basic2.jsp
>>   inflating: header.jspf
>>creating: WEB-INF/
>>creating: WEB-INF/classes/
>>creating: WEB-INF/classes/Basic2/
>>   inflating: WEB-INF/classes/Basic2/Basic2Servlet.class
>>   inflating: WEB-INF/web.xml
>>
>> But when I put it in $CATALINA_HOME/webapps , I have an exception a
>> launch time :
>>
>> java.util.zip.ZipException: error in opening zip file
>>
>> (full log below). I found nothing on googling about this error. Where
>> should I search ?
>>
>> Thanks a lot.
>>
>> --
>> Riccardo Cohen
>> +33 6 09 83 64 49 <+33%206%2009%2083%2064%2049>
>> E5Group
>> http://www.5flow.com
>>
>>
>>
>>
>>
>>
>> FULL LOG:
>> -
>> Using CATALINA_BASE:   /Users/rc/zdrop/appdata/tomcat
>> Using CATALINA_HOME:   /Applications/softdev/apache-tomcat-8.5.14
>> Using CATALINA_TMPDIR: /Users/rc/zdrop/appdata/tomcat/temp
>> Using JRE_HOME:/Library/Java/JavaVirtualMachi
>> nes/jdk1.8.0_25.jdk/Contents/Home
>> Using CLASSPATH:   /Applications/softdev/apache-t
>> omcat-8.5.14/bin/bootstrap.jar:/Applications/softdev/apache-
>> tomcat-8.5.14/bin/tomcat-juli.jar
>> 24-May-2017 13:26:38.336 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> Server version:Apache Tomcat/8.5.14
>> 24-May-2017 13:26:38.338 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> Server built:  Apr 13 2017 12:55:45 UTC
>> 24-May-2017 13:26:38.338 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> Server number: 8.5.14.0
>> 24-May-2017 13:26:38.338 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> OS Name:   Mac OS X
>> 24-May-2017 13:26:38.339 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> OS Version:10.12.4
>> 24-May-2017 13:26:38.339 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> Architecture:  x86_64
>> 24-May-2017 13:26:38.339 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> Java Home: /Library/Java/JavaVirtualMachi
>> nes/jdk1.8.0_25.jdk/Contents/Home/jre
>> 24-May-2017 13:26:38.339 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> JVM Version:   1.8.0_25-b17
>> 24-May-2017 13:26:38.339 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> JVM Vendor:Oracle Corporation
>> 24-May-2017 13:26:38.339 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> CATALINA_BASE: /Users/rc/zdrop/appdata/tomcat
>> 24-May-2017 13:26:38.339 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> CATALINA_HOME: /Applications/softdev/apache-tomcat-8.5.14
>> 24-May-2017 13:26:38.340 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> Command line argument: -Djava.util.logging.config.fil
>> e=/Users/rc/zdrop/appdata/tomcat/conf/logging.properties
>> 24-May-2017 13:26:38.340 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> Command line argument: -Djava.util.logging.manager=or
>> g.apache.juli.ClassLoaderLogManager
>> 24-May-2017 13:26:38.340 INFO [main] 
>> org.apache.catalina.startup.VersionLoggerListener.log
>> Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
>> 24-May-2017 13:26:38.340 INFO [main] 
>> 

Re: Automatic deploy : java.util.zip.ZipException on macosx

[Simon De Uvarow]

Hi Ricardo, it looks like your war files doesn't contain the META-INF
folder.

Check here:
https://en.wikipedia.org/wiki/WAR_(file_format)

"A WAR file may be digitally signed
 in the same way as a JAR
 file in order to
allow others to determine where the source code came from."

https://en.wikipedia.org/wiki/JAR_(file_format)

Hope it helps,


"No olvides, no traiciones, lo que llevas bien dentro de ti. No olvides, no
traiciones, lo que siempre te ha hecho vivir."

On Wed, May 24, 2017 at 8:31 AM, Riccardo Cohen 
wrote:

> Hello
>
> I'm new to tomcat and just tried sucessfully a small hello world with
> tomcat 8.5.14 on macosx / java 1.8.0_25.
>
> With IntelliJ I created a war thanks to their tomcat plugin. The war is
> valid and can be unzipped with no problem:
>
> .../apache-tomcat-8.5.14/webapps> unzip web_war.war
> Archive:  web_war.war
>   inflating: Basic1.jsp
>   inflating: Basic2.jsp
>   inflating: header.jspf
>creating: WEB-INF/
>creating: WEB-INF/classes/
>creating: WEB-INF/classes/Basic2/
>   inflating: WEB-INF/classes/Basic2/Basic2Servlet.class
>   inflating: WEB-INF/web.xml
>
> But when I put it in $CATALINA_HOME/webapps , I have an exception a launch
> time :
>
> java.util.zip.ZipException: error in opening zip file
>
> (full log below). I found nothing on googling about this error. Where
> should I search ?
>
> Thanks a lot.
>
> --
> Riccardo Cohen
> +33 6 09 83 64 49 <+33%206%2009%2083%2064%2049>
> E5Group
> http://www.5flow.com
>
>
>
>
>
>
> FULL LOG:
> -
> Using CATALINA_BASE:   /Users/rc/zdrop/appdata/tomcat
> Using CATALINA_HOME:   /Applications/softdev/apache-tomcat-8.5.14
> Using CATALINA_TMPDIR: /Users/rc/zdrop/appdata/tomcat/temp
> Using JRE_HOME:/Library/Java/JavaVirtualMachines/jdk1.8.0_
> 25.jdk/Contents/Home
> Using CLASSPATH:   /Applications/softdev/apache-
> tomcat-8.5.14/bin/bootstrap.jar:/Applications/softdev/
> apache-tomcat-8.5.14/bin/tomcat-juli.jar
> 24-May-2017 13:26:38.336 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Server version:Apache Tomcat/8.5.14
> 24-May-2017 13:26:38.338 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Server built:  Apr 13 2017 12:55:45 UTC
> 24-May-2017 13:26:38.338 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Server number: 8.5.14.0
> 24-May-2017 13:26:38.338 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> OS Name:   Mac OS X
> 24-May-2017 13:26:38.339 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> OS Version:10.12.4
> 24-May-2017 13:26:38.339 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Architecture:  x86_64
> 24-May-2017 13:26:38.339 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Java Home: /Library/Java/JavaVirtualMachines/jdk1.8.0_
> 25.jdk/Contents/Home/jre
> 24-May-2017 13:26:38.339 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> JVM Version:   1.8.0_25-b17
> 24-May-2017 13:26:38.339 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> JVM Vendor:Oracle Corporation
> 24-May-2017 13:26:38.339 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> CATALINA_BASE: /Users/rc/zdrop/appdata/tomcat
> 24-May-2017 13:26:38.339 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> CATALINA_HOME: /Applications/softdev/apache-tomcat-8.5.14
> 24-May-2017 13:26:38.340 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Djava.util.logging.config.
> file=/Users/rc/zdrop/appdata/tomcat/conf/logging.properties
> 24-May-2017 13:26:38.340 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Djava.util.logging.manager=org.apache.juli.
> ClassLoaderLogManager
> 24-May-2017 13:26:38.340 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
> 24-May-2017 13:26:38.340 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.
> webresources
> 24-May-2017 13:26:38.340 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Dcatalina.base=/Users/rc/zdrop/appdata/tomcat
> 24-May-2017 13:26:38.340 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Dcatalina.home=/Applications/
> softdev/apache-tomcat-8.5.14
> 24-May-2017 13:26:38.340 INFO [main] 
> org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Djava.io.tmpdir=/Users/rc/
> zdrop/appdata/tomcat/temp
> 24-May-2017 13:26:38.341 INFO [main] 

Automatic deploy : java.util.zip.ZipException on macosx

[Riccardo Cohen]

Hello

I'm new to tomcat and just tried sucessfully a small hello world with 
tomcat 8.5.14 on macosx / java 1.8.0_25.


With IntelliJ I created a war thanks to their tomcat plugin. The war is 
valid and can be unzipped with no problem:


.../apache-tomcat-8.5.14/webapps> unzip web_war.war
Archive:  web_war.war
  inflating: Basic1.jsp
  inflating: Basic2.jsp
  inflating: header.jspf
   creating: WEB-INF/
   creating: WEB-INF/classes/
   creating: WEB-INF/classes/Basic2/
  inflating: WEB-INF/classes/Basic2/Basic2Servlet.class
  inflating: WEB-INF/web.xml

But when I put it in $CATALINA_HOME/webapps , I have an exception a 
launch time :


java.util.zip.ZipException: error in opening zip file

(full log below). I found nothing on googling about this error. Where 
should I search ?


Thanks a lot.

--
Riccardo Cohen
+33 6 09 83 64 49
E5Group
http://www.5flow.com






FULL LOG:
-
Using CATALINA_BASE:   /Users/rc/zdrop/appdata/tomcat
Using CATALINA_HOME: /Applications/softdev/apache-tomcat-8.5.14
Using CATALINA_TMPDIR: /Users/rc/zdrop/appdata/tomcat/temp
Using JRE_HOME: 
/Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home
Using CLASSPATH: 
/Applications/softdev/apache-tomcat-8.5.14/bin/bootstrap.jar:/Applications/softdev/apache-tomcat-8.5.14/bin/tomcat-juli.jar
24-May-2017 13:26:38.336 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server 
version:Apache Tomcat/8.5.14
24-May-2017 13:26:38.338 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server 
built:  Apr 13 2017 12:55:45 UTC
24-May-2017 13:26:38.338 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server 
number: 8.5.14.0
24-May-2017 13:26:38.338 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS 
Name:   Mac OS X
24-May-2017 13:26:38.339 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS 
Version:10.12.4
24-May-2017 13:26:38.339 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log 
Architecture:  x86_64
24-May-2017 13:26:38.339 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Java Home: 
/Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home/jre
24-May-2017 13:26:38.339 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM 
Version:   1.8.0_25-b17
24-May-2017 13:26:38.339 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM 
Vendor:Oracle Corporation
24-May-2017 13:26:38.339 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log 
CATALINA_BASE: /Users/rc/zdrop/appdata/tomcat
24-May-2017 13:26:38.339 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: 
/Applications/softdev/apache-tomcat-8.5.14
24-May-2017 13:26:38.340 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: 
-Djava.util.logging.config.file=/Users/rc/zdrop/appdata/tomcat/conf/logging.properties
24-May-2017 13:26:38.340 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
24-May-2017 13:26:38.340 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djdk.tls.ephemeralDHKeySize=2048
24-May-2017 13:26:38.340 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
24-May-2017 13:26:38.340 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Dcatalina.base=/Users/rc/zdrop/appdata/tomcat
24-May-2017 13:26:38.340 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Dcatalina.home=/Applications/softdev/apache-tomcat-8.5.14
24-May-2017 13:26:38.340 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djava.io.tmpdir=/Users/rc/zdrop/appdata/tomcat/temp
24-May-2017 13:26:38.341 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR 
based Apache Tomcat Native library which allows optimal performance in 
production environments was not found on the java.library.path: 
/Users/rc/Library/Java/Extensions:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java:.
24-May-2017 13:26:38.462 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["http-nio-8000"]
24-May-2017 13:26:38.491 INFO [main] 
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a 
shared selector for servlet write/read
24-May-2017 13:26:38.493 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["ajp-nio-8009"]
24-May-2017 13:26:38.495 INFO [main] 
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a 
shared selector for servlet write/read
24-May-2017 13:26:38.495 INFO [main] 

Re: Tomcat 8.5: wrong classloader used during context startup?

[Mark Thomas]

On 23/05/17 19:09, Christopher Schultz wrote:
> Mark,
> 
> On 5/21/17 5:49 AM, Mark Thomas wrote:
>> On 21/05/2017 00:30, Christopher Schultz wrote:
>>> Mark,
>>>
>>> On 5/19/17 3:45 PM, Mark Thomas wrote:
 On 19/05/2017 15:25, Christopher Schultz wrote:
> 
> Also, for an untrusted application (admittedly a minority
> use case), having Tomcat parse the app-provided XML with an 
> application-provided XML parser might have security 
> implications.
>>>
 I don't believe it does in this case. The file being parsed is 
 web.xml which is application provided anyway so any
 manipulation a malicious app could do via the parser could just
 be done directly in web.xml.
>>>
>>> That's exactly my point: Tomcat is using an untrusted XML parser
>>> to parse untrusted XML. If the XML parser is trusted, then
>>> parsing the untrusted XML is safe(r).
> 
>> I disagree.
> 
>>> Take for example XML billion laughs or external entity attacks.
>>> These attacks are typically prevented through disabling external
>>> entities or DTDs themselves.
>>>
>>> If the XML parser is provided by the application, those
>>> capabilities can be left enabled even if Tomcat attempts to
>>> disable them by setting the proper properties on the parser.
>>>
>>> If Tomcat (or the JVM) provides the XML parser, then those
>>> security precautions can be relied upon to protect the JVM from
>>> such an application.
> 
>> The threat being considered here is malicious application code.
> 
>> The standard protection against malicious application code is
>> running under a security manager. And even then, there are plenty
>> of things an application can do to harm the server.
> 
>> while (true) { }
> 
>> being one of the simplest.
> 
>> What this quickly boils down to is 'Does placing malicious code in
>> the XML parser enable an attacker to do something they could not
>> otherwise do?' Does it enable them to bypass any of the security
>> constraints imposed by the SecurityManager? I believe the answer to
>> that question is no - hence I believe that using an XML parser
>> provided by the application is not a security threat.
> 
> The reason I think it's a security threat is because, when Tomcat
> calls the XML parser, the XML parser is being run with elevated
> (Tomcat) privileges instead of with the privileges normally associated
> with the application (that is, restricted privileges).

No, it isn't.

If the XML parser has been provide by the application, then restricted
application privileges apply.

> The billion laughs example was just an illustration. If running under
> a SecurityManager, the application (usually) couldn't open the
> /etc/passwd file, but if the app provides an XML parser
> implementation, then it can get Tomcat to read that file for it...
> again perhaps using XML entities.

No, it can't.

>> Note that the previous XXE issues were possible partly because
>> there was a single container level web.xml parser that executed
>> with container permissions.
> 
> What do you mean by "single" here? Do you mean that the parser wasn't
> being re-initialized (or, better yet, re-constructed) and so there may
> have been some carry-over from a previous parse() call?

No. The issue was that it was container (actually JRE) provided so it
ran with container permissions.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: trimSpaces removing whitespace from html

[David Kavanagh]

Hi Mark,

Apologies for the delay. I have the files that should reproduce the error
for you.
The imageTopWrapper.jsp loads the articleBody.tag. Then inside the
articleBody.tag file the following
section loads class names into the class attributes.

data-mrf-transitioner="${transitioner}"
 data-mrf-virtualpageid="${virtualPageId}"
 class="${articleClass} ${imageClassName} ${pocketClassName}">

This is the correct output when the trimSpaces flag is not enabled.

class="mrf-article mrf-article--photo mrf-page mrf-noFillet mrf-author
mrf-m mrf-image ">


This is the output after it is enabled

class="mrf-article mrf-article--photo mrf-page mrf-noFillet mrf-author
mrf-mmrf-image">


I have attached the two necessary files.
Hopefully this can reproduce the error for you

Thanks

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org