Re: Number of tomcat downloads

[Igal Sapir]

On Mon, Feb 4, 2019 at 3:58 PM Leon Rosenberg 
wrote:

> Hi,
>
> I vaguely remember Marc naming some figures for number of tomcat downloads
> sofar, but I couldn't find anything in the state of the cat slides.
> I checked on the website, but all I found was this:
>
> " Tomcat has been downloaded more than 10 million times: assuming even a 1%
> production adoption rate results in more than 10 installations. "
> But this is from 2014 and I assume there should be a better number by now.
>

I don't think that it is tracked ATM, unless INFRA aggregates the web
server logs and records the metrics somewhere.

On that note, should we add Google Analytics to the new site?  Obviously it
will only give us information moving forward, but it can be interesting.


>
> Anyone? Asking for a friend ;-)
>

LOL 

Best,

Igal

Number of tomcat downloads

[Leon Rosenberg]

Hi,

I vaguely remember Marc naming some figures for number of tomcat downloads
sofar, but I couldn't find anything in the state of the cat slides.
I checked on the website, but all I found was this:

" Tomcat has been downloaded more than 10 million times: assuming even a 1%
production adoption rate results in more than 10 installations. "
But this is from 2014 and I assume there should be a better number by now.

Anyone? Asking for a friend ;-)

regards
Leon

Re: latest situation with escaped path delimiters in URI

[Garret Wilson]

On 2/4/2019 7:31 PM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Garret,

On 2/3/19 16:20, Garret Wilson wrote:

If we want to look up the thing identified by
https://example.info/foobar, we would need to issue a request to
https://example.com/https%3A%2F%2Fexample.info%2Ffoobar/description

Why
are you %-encoding the slashes at all? They are perfectly legal as-is.



Hmmm… So let's say my RESTful API endpoint is 
https://example.com/{thingURI}/description as I mentioned. (Yes, I know 
that RESTful APIs don't have to be meaningful or structured as long as 
we use HATEOAS, but… a lot of us like them.) So you're saying that to 
request information for the resource https://example.info/foobar, I 
would send a GET request to:


https://example.com/https%3A//example.info/foobar/description

That raises all sorts of questions, such as

 * The double slash is OK? Really!??
 * Is there any RESTful API framework on the planet that would realize
   the URI path "/https%3A//example.info/foobar/description" matched
   "{thingURI}/description"? So if I'm using JAX-RS with a
   @Path("{thingURI}/description") with a string @PathParam("thingURI")
   thing, JAX-RS would set the "thing" parameter to
   "https://example.info/foobar;?? I highly doubt that.

Either I'm missing something and I'm going to learn something cool; or 
you missed some of the details of what I wrote. :) If I'm missing 
something, please explain because I'm ready to learn!


Garret

Re: Tomcat gives 404 for file that exists

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joel,

On 2/4/19 16:35, Joel Griffith wrote:
> I've installed Tomcat 8.0.32 a local Ubuntu 16.04 VM (Oracle
> VirtualBox) and I'm using it to access a webapp through the laptop
> the VM is local to. The VM port-forwards 3081 to 8080, so I can
> access Tomcat as ` http://127.0.0.1:3081/` in my laptop browser.

Are you sure it's going to the Tomcat you think it's going to?

> Accessing `http://127.0.0.1:3081/` gives the default page stored
> in `/var/lib/tomcat8/webapps/ROOT/index.html`.  So, Tomcat is able
> to find and serve from the `webapps/` directory.
> 
> However, if I try to access
> `http://127.0.0.1:3081/myWebapp/index.html`, which exists as
> `/var/lib/tomcat8/webapps/myWebapp/index.html`, Tomcat returns a
> 404, reporting that the requested resource in unavailable.
> 
> `/var/lib/tomcat8/webapps/myWebapp/WEB-INF/web.xml` exists and is
> identical to that used in a functioning setup on a different
> server.  It was originally written for a Tomcat 7 deployment, I
> think, but there's nothing in it that seems to have anything to do
> with these URLs, so I don't think it's a problem with that file.
> Similarly, `/var/lib/tomcat8/conf/server.xml` exists and is
> virtually identical to that used in the other (functioning)
> deployment.
> 
> All of the information I've been able to scrape together from web
> searches over the past two days indicate that the presence of a
> folder within the `webapps/` directory is sufficient for Tomcat to
> recognize and register it as a Context.  I'm at a complete loss for
> what else I need to do to have Tomcat serve the file
> `webapps/myWebapp/index.html`
> 
> What am I missing?  Why can Tomcat find `webapps/ROOT/index.html`
> but not `webapps/myWebapp/index.html`?

Do you have an AccessLogVave enabled for the server? Is it showing
your requests and the 404 response when you make a request?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYs5gACgkQHPApP6U8
pFgDGQ//VQnrKG77d+ciLUx5hgapoTR73DEHIIXD1vrbkPR9XLydjRcgnbTXFWzf
xIH2rB2hROWAsA0T/GjaG87EfqFehlGmqa5isFNLqoah6Ss3wCvjvquwtdS+1OPX
0wxl2uqxgDmFVpMAOgmYGmp3HLi87nP/8h5Rn/Ef/Iqg3Z4CTKjvcUUhKRf3Lupw
CYoPe3AFUOXTG40EKBDqzJ8IW2+Mt0rNfkU3T5v4BUtrKKc3ARof5CygVvgVS+5Q
qpjH/p+hskvXWWuAz9is6+qAgu7WPyoV7KhOq93M9yQQ/bR7fNMfjVYg9q6z+UKO
m6bNf+eQCtXfaHnDJp5Bytied0nUlCfBbHP6tvvNNl9B2jdaV4nT+9ZQIykOXN4E
p64PvpHk8V2v/6GIlJ04E1LNiMwNycu3l24DnSn27sVxD6JKIMoTlyf4dvPK+zsw
Jp8Bguiqog6geBpo+CNU1vzToWpiGHP/8rSwh9pbX7xpyTfWgq3bnvJmzNaVYJQ5
ggPCRiMRFgPurIr5edvvlyaGp8gfeFtb1FgCTKNTg2J9j8yxVI2p30lT8L+I+Rxp
Tpapvum6q1/NAtKigCuq7ylXpN3XQnOmJq7fb1a7+lYwzA0NQ3IC8uooSys4GNBb
ijeTnYsCTJqXNZ9k5BiCkUgMEr5yo4qiAtmppTbelGoNsWno+Jc=
=VZa6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Host manager / manager access.

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Turbo,

On 2/4/19 10:13, TurboChargedDad . wrote:
> Java 8 Tomcat 8.5.20

Thanks.

> I am trying to understand how to get the host manager / manager
> access working from somewhere other than the localhost.  I have
> tried all the various methods out there on the web to no avail.  I
> keep getting the 403 access denied message.   I am at a total loss
> at this point..
> 
> Thanks in advance.
> 
> I hope this is readable as it's hard to tell what it's going to
> look like in this gmail editor.
> 
> I have tried creating the following files.
> 
> $CATALINA_BASE/conf/server.xml 
>   protocol="HTTP/1.1"  redirectPort="8080" setIPVHosts="true" /> 
> 

You shouldn't need any special configuration in conf/server.xml for
this, but it's good to see your connector port.

> $CATALINA_BASE/conf/Catalina/localhost/magager.xml
> 
>   encoding='utf-8'?>
> 
> 
> 
> 
> 
> 
> 
>  docBase="${catalina.home}/webapps/manager">  className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$"
> />  

That looks okay to me, except that the filename is (almost certainly)
wrong. Transcribing typo?

If you are going to "allow all" in the RemoveAddrValve, then you may
as well just remove (or comment-out) the Valve altogether.

> $CATALINA_BASE/webapps/host-manager/WEB-INF/context.xml
> 
>   encoding='utf-8'?>
> 
> 
> 
> 
> 
>  allow=".*" /> 
> 
> 
> 

Same thing, here: just remove RemoteAddrValve if you want to "allow all"
.

> $CATALINA_BASE/webapps/manager/WEB-INF/context.xml
> 
>   encoding='utf-8'?>
> 
> 
> 
> 
> 
>  allow=".*" /> 
> 
> 
> 


Definitely undo your edits to manager/WEB-INF/context.xml if you have
a conf/Catalina/localhost/manager.xml -- the latter file will override
the former one.

> $CATALINA_BASE/conf/ tomcat-users.xml
> 
>
> http://tomcat.apache.org/xml; 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
> xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" 
> version="1.0">
> 
>  
>  roles="manager-script"/>  password="password3" roles="manager-jmx"/>  password="password4" roles="manager-status"/>  username="test5" password=" password5 " roles="admin-gui"/>  username="test6" password="password6" roles="admin-script"/>
> 
> 
> 

So, are you challenged for a username/password when you try to access
the manager? I don't see any  configured for your manager
(etc.) applications.

I think you want to add something like this to
conf/Catalina/localhost/manager.xml (and friends):





- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIyBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYsyUACgkQHPApP6U8
pFifew/40bD3kduI6EeZaWSEAiInz/H3K14pBbSxy+dQ38FiNyJI1/DJuhNFUwlB
OYKkPujVuwzcOtoXgHwAniPAFHITB+9SGfxYmif7/FpF3LbwWl4quQZtjGjqhF4f
cu5JV9r44lwW4qD5HeurzDAuep2VlZEFzT+vV961noRXXGsnTmjuS726j9imqYRR
p9CFDxLnVWUNxHwYC7bUc2591aO+0dCdnhEM5xWhsPJ34Wa+0uvLg/FwSscXhEP5
C3al/DAkl8GhS5b5q4aoWi2W2uBzlWwxDRlw/klN3M1Y0FvRoJex8WJlo/PeCYZR
A27kxSiFu5i7G2cr0rayUt/ejJlTJ73vfGbzeH2kPFa60X7+FtLREQLRdVN9tcVQ
PPP4kGvcXA4kbvaRn/a8lM3bPtbgRI/IqHkVRj3h8y0cmB/V47exfezwuWHhIdiQ
ZdpdMYgM4dpSf8GC//FxCDxwiV5Q7VDUychZdYEnLOLvX4ArpsLQTUqI5hBlkKHZ
wwqj9IHUrWq9d0WRDWQoMFn96o0bRIofjbeQBF2eeu7t14UUoR1CMbX/iCUiP4Gg
KPjtT66Jf6D4WPOnmoVHZt6c33ipKruVrBJfaHXhlxJPuRm+tHFbopdntC7uF38t
tB4AMa9QJp72DE8dqGlbQyWequcFJUK/oDhV6W+FC8u8kJzgvg==
=ETQ/
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: request.getContextPath() behind a proxy (apache/nginx)

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Johan,

On 2/4/19 07:09, Johan Compagner wrote:
> There are many older post for this on stackoverflow and so on 
> https://stackoverflow.com/questions/10050550/why-does-getcontextpath-u
nder-a-proxy-return-the-internal-path-inside-httpserv
>
>  but i wonder what the latest state of that is, we have a lot of
> proxy settings for host and scheme But is there something (a
> header) that a proxy can set so that Tomcat returns the right
> context path on that getContextPath() call?

This is #49 on the list of "why you shouldn't be munging context paths
within a reverse-proxy".

> Or are there headers that we have to check manually?
> 
> If this is not the case then i guess the only way to fix this is to
> make it a configuration in our product something like
> 
> String context = settings.getProperty("context.path", 
> request.getContextPath());
> 
> (get the context from the settings if not there use the default
> value which is from the request)
> 
> So the problem is mostly because of virtual hosts i guess
> 
> where
> 
> Proxy / is mapped to AppServer /Webapp1

How about "don't do that"?

If you want to host your application on /, then host it on / and not
/Webapp1.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYsWIACgkQHPApP6U8
pFhOeA//SmTil/dDz1ewySksqKiI83WjEtkrJ7/1xcaISkrU+t42bMOx8sLS/SOh
VX2O/c0hlLuDy5YfaBClZgd7qLHmy3a5xcLpazUtw9CFZuJD+UTahxlK2AwysOzd
+ns0qlRJEOZrxAxCfJpJ6yUZ9DppbKSHd8fd+XopIiRQyqJ3pWJtCZ61B3zJC7Ln
Vxo7Qpk/1qQht8XhgRdkh1EOB+sJRziowcchu/t0xtpQNVH47czwVC4LpyX9wp43
jMhlfVfwqjNAtgNsvm8YE3zfr8DUw3Q7hxwRk5EzGrRbq8RAoDEFri8F/9RB
zhI+8tPi73JxYaz8/8MzIxGY2A0La6A2P/qCNjNYAoXy0tlzsN0MgUIvXjgnaRJl
bRWwFlpqrOPqRkS7PvBa98rFiXzbC/Ef6uE68hTK7XrV/Ki9Pm4uJ+hbSdurHz7c
KkKwgMmcpJ6nc80lOaXxtviuXbTrcxY1rGivhRiHr1nemRZkxwMzybf0nynhMtaa
nuGFdKC/KGk25FM6xZEVzUuYLX7NV57GWPZcFkmcvfd87gRLwdmti+5vVGMIvC8z
HYMDd4ArfkY3JYOeIlVc76mpTfCWPcFfN6U30G+dVwFEYUqGxOtRM6QY2OFbtpMW
Ah8/FKULkBMCoD2AV0JJvTXz9PZ/v0bYPaitKRrPQZrlyp1CJ5M=
=uP57
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat gives 404 for file that exists

[Joel Griffith]

I've installed Tomcat 8.0.32 a local Ubuntu 16.04 VM (Oracle VirtualBox)
and I'm using it to access a webapp through the laptop the VM is local to.
The VM port-forwards 3081 to 8080, so I can access Tomcat as `
http://127.0.0.1:3081/` in my laptop browser.

Accessing `http://127.0.0.1:3081/` gives the default page stored in
`/var/lib/tomcat8/webapps/ROOT/index.html`.  So, Tomcat is able to find and
serve from the `webapps/` directory.

However, if I try to access `http://127.0.0.1:3081/myWebapp/index.html`,
which exists as `/var/lib/tomcat8/webapps/myWebapp/index.html`, Tomcat
returns a 404, reporting that the requested resource in unavailable.

`/var/lib/tomcat8/webapps/myWebapp/WEB-INF/web.xml` exists and is identical
to that used in a functioning setup on a different server.  It was
originally written for a Tomcat 7 deployment, I think, but there's nothing
in it that seems to have anything to do with these URLs, so I don't think
it's a problem with that file.  Similarly,
`/var/lib/tomcat8/conf/server.xml` exists and is virtually identical to
that used in the other (functioning) deployment.

All of the information I've been able to scrape together from web searches
over the past two days indicate that the presence of a folder within the
`webapps/` directory is sufficient for Tomcat to recognize and register it
as a Context.  I'm at a complete loss for what else I need to do to have
Tomcat serve the file `webapps/myWebapp/index.html`

What am I missing?  Why can Tomcat find `webapps/ROOT/index.html` but not
`webapps/myWebapp/index.html`?

Thanks

Re: latest situation with escaped path delimiters in URI

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Garret,

On 2/3/19 16:20, Garret Wilson wrote:
> If we want to look up the thing identified by 
> https://example.info/foobar, we would need to issue a request to 
> https://example.com/https%3A%2F%2Fexample.info%2Ffoobar/description

Why
> 
are you %-encoding the slashes at all? They are perfectly legal as-is.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYrzkACgkQHPApP6U8
pFjPgw/+O5zgYuqymSO6wh1RMURAEdPcdB8K3phh0W6PqtYWE3IlQHNewdEJEYlW
iNXuvRerdl+L0rthDR4VYOU53yk3ckA2qIrOLsK+BQGZ+mQZFUjSmnaMdGCAmSft
qJJiHmttbzNUgT9z4hzaFYawpBoIYBN+Tb2pfACcyOHiUWzEEgKSa0lqHS+1kT3Q
hLuF9mfe+lppTuLMjlSha4gtPJNeLH3ljTWM9/sek54XjMt5SDSEpl8MY5iDHdOd
rFh2NT3KS/dcfgJtzlhR+ACR/0CpbmWqP5QJ0DVyZeKbedVZ/9i8KCDwGBBPfrjj
tyIQfmtWNusZb7JxaUFcyIO4Am8h+yShbHSmhSaDHS9S8tbVRl1x++9ufgxAtWwE
dUackFAY6lkASSIrN3fKeR02NMderMJw9MIu+AWS3IrZx5KAV9DxDOWBzk8pj3wR
hDeesIVLSKemZT8NPjkQe0Yyv2KejME2IO/JsrFyzoXtgfoxBjs3ghgMExu7Ybna
dkqPVvZK8RKBaE1i8CrdXfESpwIemCydGdW9y3jbKYbubf5+Q5Z8n2H14fQPltvz
iVfO3pby3X2PdhMptT2auHGU8JpF+TdtpEwERgO5ceuIdV2tT6gCDQFTmiujIK+Y
CRlBHEZg/CAOdH+oOdNrFWhWlHj8cQrFvSUc3z2CCiwxpjFnHhY=
=KcBY
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: recommendations for using multiple CRLs

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joseph,

On 2/1/19 15:44, Joseph Dornisch wrote:
> Does this group have any recommendations for merging multiple
> external CRLs into one CRL for use with Tomcat, or just making
> Tomcat aware of multiple CRLs?

Tomcat supports CRLs in two ways:

1. A single file containing all your revoked certs
2. A single directory containing all your certs as separate files

So you will have to pick one. Since you have multiple CRLs already,
what format are they in?

CRLs are usually just PEM-encoded DER files, all concatenated
together. So, merging multiple CRLs is as easy as:

$ cat source/*.crl > mega.crl

Then you use mega.crl in your configuration.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYpFMACgkQHPApP6U8
pFhKIg//YwNLTCACofILCelOqYSEgcaEMCF4rGM+3qSUueTPgd4/mZFVm8Vsv7mR
nEP7dzK4An7sZahv3xYS7l+1tOVWA2s/7YCGRPcqI+ZR1g/3BAXWICi4tUr28END
ZNrv5Wp6G+OONo3qw24p8YC90rmQy5Tr+AmYGrwRpiYo85TUzH6M5caAiQxc6T32
QC4oLmQJUdWcGd/trsMHxO8am8omqN825bF7WhtB0+gNIcVEerlv/NAYnoNTlQ3g
aUzN61/mZop1yViyOm7VacUOximu9USrS8E75XuExB54RLnFGgDoTUVDLHePIeNP
ZNJC/ukbhWstDLMO0v5iPTU5LdLVVotG+f1fe9fLNxuT2kwOLMq10rmHHmEahszr
uvSEUw5FwoYW2xOBuJycxPlJOw5j49oJ+lHSeOdBS8UsVBlm8DIrgFWChviWDPXE
q+fmLlbvIF1Hi1547gv8PzKKStMcnZY9SuHOvggLDPMEG0jkViu6hT0ZvmhwHP44
HBB5pywL6XQFWgMz6fwkBSIgDQMyqGyFZ5I9JK/y+ocHUJ5B7ALdw7vYgA8BPTGX
SN5mQ5Vp1EmGuP5QxoALXqaqJIWM1ucDKqAl4tsGIMVTVvTCDeMt3AsFyya4MHdP
tzU0ceGMilu8BILmhpa8b4RYme0RQ36Za33Q+sSFUXnjU7scTto=
=Clgn
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Create a JNDI Datasource through JMX

[Arnaud Yahoo]

Hello Luis,

thanks for your answer.

Connection pool exposes an MBean (jmxEnabled is true by default).

Using jconsole, I can see pool defined in server configuration or 
context configuration, but I cannot see neither change properties of 
existing pool (maxActive for example).


Of course I could register a MBean wrapping the datasource, but I'd 
prefer to know if it is already possible to avoid to "reinvent the 
wheel", if tomcat is providing such feature.


My goal is to be able to create/configure a datasource dynamically on a 
running tomcat instance (using JMX Proxy Servlet and curl for example)


Arnaud

On 04/02/2019 15:30, Luis Rodríguez Fernández wrote:

Hello Arnaud,

mmm, nothing stops you from create your custom mbean interface that wraps
your datasource.

 From Tomcat 8.5 doc "The connection pool object exposes an MBean that can
be registered" [1] Perhaps you could start having a look here. Nevertheless
may I ask you what is your use case for this?

Hope it helps,

Luis


[1] https://tomcat.apache.org/tomcat-8.5-doc/jdbc-pool.html#JMX






El lun., 4 feb. 2019 a las 11:30, Arnaud Yahoo ()
escribió:


Hello,

I would like to know if it is possible to create/configure a Datasource
Ressource in tomcat using JMX.

I tried with a tomcat 8.5 and jconsole, I managed to create some
resource with type javax.sql.Datasource, but I did not find a way to
configure the datasource (jdbc driver, url, max active, ...)

It seems hard to find informations about that.

Thanks,

Arnaud


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Host manager / manager access.

[TurboChargedDad .]

Java 8
Tomcat 8.5.20

  Hello,

 I am trying to understand how to get the host manager / manager access
working from somewhere other than the localhost.  I have tried all the
various methods out there on the web to no avail.  I keep getting the 403
access denied message.   I am at a total loss at this point..

Thanks in advance.

I hope this is readable as it's hard to tell what it's going to look like
in this gmail editor.

 I have tried creating the following files.

$CATALINA_BASE/conf/server.xml

  


$CATALINA_BASE/conf/Catalina/localhost/magager.xml















$CATALINA_BASE/webapps/host-manager/WEB-INF/context.xml








  





$CATALINA_BASE/webapps/manager/WEB-INF/context.xml








  





$CATALINA_BASE/conf/ tomcat-users.xml




http://tomcat.apache.org/xml;
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
   xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
   version="1.0">

 
 
 
 
 
 

Re: Create a JNDI Datasource through JMX

[Luis Rodríguez Fernández]

Hello Arnaud,

mmm, nothing stops you from create your custom mbean interface that wraps
your datasource.

>From Tomcat 8.5 doc "The connection pool object exposes an MBean that can
be registered" [1] Perhaps you could start having a look here. Nevertheless
may I ask you what is your use case for this?

Hope it helps,

Luis


[1] https://tomcat.apache.org/tomcat-8.5-doc/jdbc-pool.html#JMX






El lun., 4 feb. 2019 a las 11:30, Arnaud Yahoo ()
escribió:

> Hello,
>
> I would like to know if it is possible to create/configure a Datasource
> Ressource in tomcat using JMX.
>
> I tried with a tomcat 8.5 and jconsole, I managed to create some
> resource with type javax.sql.Datasource, but I did not find a way to
> configure the datasource (jdbc driver, url, max active, ...)
>
> It seems hard to find informations about that.
>
> Thanks,
>
> Arnaud
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

Re: APR 1.2.21 with Apache Tomcat 8.5.37

[Mark Thomas]

On 04/02/2019 09:37, M. Manna wrote:
> Hello,
> 
> Is it okay to replace 1.2.19 (packed with Tomcat 8.5.37 Windows 64 bit)
> with the newly released version 1.2.21?

Yes.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

request.getContextPath() behind a proxy (apache/nginx)

[Johan Compagner]

There are many older post for this on stackoverflow and so on
https://stackoverflow.com/questions/10050550/why-does-getcontextpath-under-a-proxy-return-the-internal-path-inside-httpserv

but i wonder what the latest state of that is, we have a lot of proxy
settings for host and scheme
But is there something (a header) that a proxy can set so that Tomcat
returns the right context path on that getContextPath() call?

Or are there headers that we have to check manually?

If this is not the case then i guess the only way to fix this is to make it
a configuration in our product
something like

String context = settings.getProperty("context.path",
request.getContextPath());

(get the context from the settings if not there use the default value which
is from the request)

So the problem is mostly because of virtual hosts i guess

where

Proxy / is mapped to AppServer /Webapp1


-- 
Johan Compagner
Servoy

Create a JNDI Datasource through JMX

[Arnaud Yahoo]

Hello,

I would like to know if it is possible to create/configure a Datasource 
Ressource in tomcat using JMX.


I tried with a tomcat 8.5 and jconsole, I managed to create some 
resource with type javax.sql.Datasource, but I did not find a way to 
configure the datasource (jdbc driver, url, max active, ...)


It seems hard to find informations about that.

Thanks,

Arnaud


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

APR 1.2.21 with Apache Tomcat 8.5.37

[M. Manna]

Hello,

Is it okay to replace 1.2.19 (packed with Tomcat 8.5.37 Windows 64 bit)
with the newly released version 1.2.21? I know that tomcat checks some
mandatory version compatibility during Bootstrap, but not sure if this is
the only check.

I am referring to the windows download here.

http://mirror.ox.ac.uk/sites/rsync.apache.org/tomcat/tomcat-connectors/native/1.2.21/binaries/tomcat-native-1.2.21-openssl-1.0.2q-win32-bin.zip

Thanks,

Re: latest situation with escaped path delimiters in URI

[Rainer Jung]

Am 03.02.2019 um 22:20 schrieb Garret Wilson:
Hi, all. I've stumbled on a situation I need some clarity on. As is 
typical, there's all sorts of information floating around, most of it 
more than a decade old, with no indication of what the current status is.


Our team is creating a RESTful API (using JAX-RS implemented by 
RESTEasy) to a general semantic framework in which each "thing" is 
identified by a URI. (The framework is URF , but that's 
a story for another day. It's analogous to RDF.) Basically we want to 
issue a GET to https://example.com/{thingURI}/description to get back 
info about the "thing".


If we want to look up the thing identified by 
https://example.info/foobar, we would need to issue a request to 
https://example.com/https%3A%2F%2Fexample.info%2Ffoobar/description . 
That should be completely legal and spec-compliant, and has been since 
web time began.


You no doubt already know the problem: Tomcat won't allow encoded 
slashes unless one sets system property 
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH to true. 
Apparently this there was a bug somewhere in Tomcat 6 
 
(back in 2007!) when used behind a proxy, as Mark explained on Stack 
Overflow . Tomcat 6 is 
really old, and Mark's Stack Overflow message seems to hint that it's 
not an issue anymore.


I'm not one to blindly change a setting unless I know what it's doing, 
and complain/advocate for change if it's no longer relevant. So I'm full 
of questions:


  * Is this even an issue anymore? Of not, is there a reason not to make
    org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH default to 
true?

  * If this setting is still needed in some cases, is there any way to
    control it without resorting to a system property? (System
    properties are not very flexible, and Tomcat has many layers of more
    manipulable settings, as you all would know better than me.)
  * If we enable encoded slashes in Tomcat, do we need to do anything in
    Apache to get this to work if we put it in front of Tomcat? One
    really old Stack Overflow post
     indicated that there
    used to be a bug with AllowEncodedSlashes not being inherited by
    Apache virtual hosts. See also
    https://issues.sonatype.org/browse/NEXUS-10570 .


Looking at the code in server/core.c in the current 2.4.x, merging 
config is implemented in merge_core_dir_configs() and indeed the 
sessiongs for AllowEncodedSlashes  are not inherited from the global 
server into virtual hosts but instead overwritten by what is set in the 
virtual host inluding its default values. So yes, you need to explicitly 
set it in virtual hosts. This has been fixed in trunk in 2013 
(r1496339), but was not ported back to 2.4 probably due to compatibility 
reasons.



  * Do we need special configuration of mod_kj? (I haven't connected
    Apache to Tomcat in a while; I'm not sure the current best
    practices. I'll have to read up on that.) The connectors
    documentation
     is
    mentioning things like ForwardURIEscaped, which looks like it may be
    related.


In addition to Mark's response: once your web server config needs to 
change the original URL, e.g. by mod_rewrite, it will likely decode at 
least parts of the URL to operate on a normalized URL. Once that 
happens, there's no obvious way back to an encoded URL that is 
consistent with the original one. Encoding is not really the reverse of 
decoding, eg. when a character does not have to be encoded, but was 
encoded in the original URL, the sequence decode then encode will not 
encode it back.


You might want to set AllowEncodedSlashes NoDecode and test it.

See http://tomcat.apache.org/connectors-doc/common_howto/proxy.html, 
especially "URL Encoding" and for details of some of the 
non-recommeneded options 
http://tomcat.apache.org/connectors-doc/reference/apache.html especially 
"Forwarding".


I'm not even sure I asked all the right questions, but basically: I want 
to uses encoded slashes in my request URIs. What's the latest situation 
on that?


Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: latest situation with escaped path delimiters in URI

[Mark Thomas]

On 03/02/2019 23:58, Garret Wilson wrote:
> On 2/3/2019 3:34 PM, Mark Thomas wrote:
>> ...
>> There is an open question what Tomcat should do with %2F sequences.
> 
> "What Tomcat should do" in what context? The servlet and JAX-RS specs
> may be clear about whether decoded or "raw" APIs should be returned from
> the various API methods. But I guess the issue here is /not/ whether
> JAX-RS should interpret a path segment as decoded or encoded. The issue
> is whether Tomcat has already fiddled with the URI itself to /change
> what constitutes the path segment/.

The Servlet spec is not always clear whether a URI or path that is
returned should be:
- %nn decoded or not
- normalized or not

This gets interesting because if servlet mappings, filter mappings,
security constraints (and all other URI pattern / path) based
configuration don't use a canonical form (i.e. always decoded, always
normalized) then you open up all sorts of issues such as security
constraint bypass.

e.g. if
/private

is protected by security constraints, a request to

/foo/../private
or
/priv%61te

should be subject to the same constraints. Hence you need to normalise
and decode before mapping the request. The question then becomes what to
return for getServletPath(), getPathInfo() and friends?

Tomcat takes the view that since only getRequestURI() states that the
return value is not decoded, all other return values are decoded. Tomcat
also normalises those values.

> Unless an EE specification says to muck around with the URI like this, I
> don't see how the server has any business changing the content of the
> URI. If the escaped path delimiters are decoded early on, then the
> downstream APIs will get different path segments altogether: some will
> have characters missing, and there will moreover be additional path
> segments than intended. It would seem to be that "trying to be helpful
> without being asked" in this case (as in most cases) would probably
> raise security issues, too.
> 
> Further downstream, whether each API method returns encoded or decoded
> information would depend on what the API contracts say, for better or
> for worse.
> 
> 
>> It
>> currently decodes them. Arguably, it should leave them alone.
> 
> That sounds right to me.

The problem is 15+ years of doing something else. Every time we make a
change to this sort of thing - even if is 100% backed by specs that have
been not changed during the lifetime of Tomcat - it ends up breaking
something for some users that rely on the incorrect behaviour.

I'm hoping to get clarification from the Servlet EG for the next release
of the Servlet spec.
https://github.com/eclipse-ee4j/servlet-api/issues/18

My current thinking (assuming no movement from the Servlet EG)  is that
we add an option to Tomcat to control the %nn decoding of reserved
characters with if defaulting to "decode" in 9.0.x (for backwards
compatibility) and changing to "not decode" for 10.0.x onwards.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org