Re: Tomcat 9_Setting property 'digest' to 'SHA-256'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dheeraj, On 2/15/19 04:08, dheeraj joshi wrote: >> I am getting warning “Setting property 'digest' to 'SHA-256' did >> not find a matching property” in tomcat9-stderr.log when I use >> attribute "digest" in realms. >> >> Snip from server.xml that i am using when i get error - >> >> > autoDeploy="true"> >> >> > digest="SHA-256" /> >> >> >> >> If I remove digest="SHA-256" from line > className="org.apache.catalina.realm.MemoryRealm" >> digest="SHA-256" /> and restart tomcat service , I don’t see this >> warning after it. >> >> >> >> I did search for similar error reported by other users on >> internet but couldn’t confirm whether I am doing correct >> configuration. Some people say that digest attribute is removed >> since Tomcat 8.5 while some suggested me to use CredentialHandler >> sub element rather than using digest. >> >> >> >> >> https://stackoverflow.com/questions/41325893/tomcat-form-based-authen tication-datasourcerealm-configuration-errors >> >> , >> https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/ %3c564a60fb.70...@gmail.com%3e >> >> >> >> >> I couldn’t find public documentation from Apache foundation confirming >> that digest should not be used with Tomcat 9 . When I check docu >> provided with Tomcat 9 I don’t see attribute named digest listed >> under Memory Based Realm section >> >> >> >> >> https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Bas ed_Realm_-_org.apache.catalina.realm.MemoryRealm >> >> >> >> >> >> Can you confirm whether digest attribute can be still used in Tomcat 9 i n >> realms, if yes then what should be the correct syntax to use it. >> If the use of digest is deprecated what should I be using >> instead? >> >> >> >> I have been using digest attribute in previous versions of Tomcat >> in realms and it used to work fine , problem is after Tomcat >> upgrade from Tomcat 6 to Tomcat 9. Peter has the correct answer in another reply, but I'd like you to consider whether or not using SHA-256 is something you actually want to do. Using a plain "digest" for password-munging is really insufficient for password-storage these days. Please give this presentation a good read-through to see how you can do a LOT better for your users: http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgra des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxnIAUACgkQHPApP6U8 pFiIkw/+I/OuBZ3VIHWRaWDT1m5clG6mNQd0Rm/BKIQ/xsrHLkpJPAYGH59FdJly W1FTToGLcr/UENP6Mc6m95vj+95B7qx0uNuHiEN2b0GFTbwFTgJOcyOa4GXpA0sl opNXBY5prjHQ/hFyL0P3Zl/xUWgleO1foIjkEozZu476iHfdJj8O8XKPa9Ka4cSk CKf11GSfrJWxhHKDrZnIhPwAHRrHTMKH+GXEVG6QS1xmEG/plZ6mfUdCHoodTMfD SmAhqRmR2V22eTaYYURBRtQccUZkjeOAY1KJDQCiaOISjJ3XVBl24iul4gTzoBir SCEFQwEJNj1S9NKJYYPPrHYkWkr7TCBwL6UczWF7h72xFsT/JwleEcdag4yQun6M e8inr5FPPXMmf+updtiRt3vI4cCozLO7RQZUm1iFqvnInWTmVhfoFUZB4i/lJooI 3tkaY6ua2FcpmpHOtlKPeWRwXxHsGUKMu2QnK1/T7gK9VoNk/XYecu3eHbV3+we2 ur53Gi9wc/AtW5Utyv4AVELCnRg5BQRBRRFOin+SA47hNxqq5uWYlQ3xbjxyA95c VRLuPeNhI9QisA07ymJUKWjHPr7MiOVmmMCdoWH6Nvl9/f4i2cCSATrW532vHE7F EwhTHPYEHSzJPwpdqR/be9xM56RmJIzJFHxdVbmrsAoUQ0tCH7I= =MMrk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat session management with Redisson
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Herb, On 2/14/19 12:41, Herb Burnswell wrote: > Tomcat 8.5.23 RHEL 7.5 > > We are looking to set up session management via Redisson to offload > the CPU consumption of using Tomcat's built in clustering session > management. We have CPU licensing limits and need to conserve as > much CPU as possible. Dumb question: aren't you just going to move the CPU cycles to another system? Another dumb question: do you actually need clustering? > I have never set up a configuration this way, however I have Redis > set up and running as 1 Master, 1 Slave. I seemingly just need to > point our application to it. I have read this doc on how to: > > https://github.com/redisson/redisson/tree/master/redisson-tomcat > > It seems pretty straight forward except for the redisson.conf > configuration: > > Add RedissonSessionManager into tomcat/conf/context.xml > > configPath="${catalina.base}/redisson.conf" readMode="REDIS" > updateMode="DEFAULT"/> I would do this in the application's context.xml file instead of the global/default one. That means modifying the application's META-INF/context.xml file, or, if you deploy via files from outside your WAR/dir application, then conf/[engine]/[hostname]/[appname].xml. > I am more familiar with YAML so plan on configuring the > redisson.conf as such. I have read the referenced configuration > wiki page: > > https://github.com/redisson/redisson/wiki/2.-Configuration > > However, it has a great deal of options and I'm not sure what is > and is not needed. > > I am reaching out here on the Tomcat user group to see if anyone > else is using Redisson for session management and if maybe I can > get some guidance on a basic redisson.conf configuration. I'd also > be interested in comments on if there are better options or things > to watch out for. I don't have any experience with either Redis or Redisson, but what is wrong with the default/sample configuration you have provided above? - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxnHysACgkQHPApP6U8 pFhkyRAAhq0Rw6laOS4mUAgtjWhCW8tvsrfvWmUtQKu0TTmdDuoL1OUEYBiAl45l TBF7sxjtd8Olk9gEqGdzD9srZUF1y9/ajzok4KGZrfDEHKnoqoXPQaRFTT7tWpH6 76uOj2KHzaTdgtz6qVdGdJKJ97VY0pMy/+4AMPwO/I3tygah1MfIGqKjbJ1zZr0O ZT0CRBgRb2pUn5nZTtXyozL0J+3MIRGPC35il86Wb+Wkjw4ks3S+gxTe3Cl7MCO7 wfu8WAI+gKEapdC0Aj9esu/HueYMGgdj3GYvTJCivqg9TGtPpgMaEe09o1VjfMmV JZu4aCjaDq82ZxLlIKFLKkDhlgYhFhnLVYXN1H+2SdITabprpWw+KDdx55jVE3yt W+ZQR/dFqDVvp5uKU1u/2BZACjXn3bRrkvif4bKQJuWpFBoXT6fBJ/37eYuiS58n 7omBRJoGzpcKCOjij1GhwtePKibo9EBm+r/RsGZnxTQHnHKslCwp+TcS5nZFmw9H Y1O0jtIyhcMp7o1mAsuErKK6OSu7bREe+4NrgwJ7OCSXU42keU/fXK2Z8u/MAJE1 uRDyqSk+VbNxP+MCbShr89QD6XVAFoKnVk5QDdEiUZ5asxCbhl5UADNi9P3Nzasr fK7ae3S8kD98k1P2OvguPqnwbUpHd7tVrlwOrs/8LF8w+PeSJWU= =XhoF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9_Setting property 'digest' to 'SHA-256'
Hi, Am 15.02.2019 10:08, schrieb dheeraj joshi: Hi Team, I am getting warning “Setting property 'digest' to 'SHA-256' did not find a matching property” in tomcat9-stderr.log when I use attribute "digest" in realms. Snip from server.xml that i am using when i get error - digest="SHA-256" /> If I remove digest="SHA-256" from line className="org.apache.catalina.realm.MemoryRealm" digest="SHA-256" /> and restart tomcat service , I don’t see this warning after it. That would be expected as it is removed and there is no setter. I did search for similar error reported by other users on internet but couldn’t confirm whether I am doing correct configuration. Some people say that digest attribute is removed since Tomcat 8.5 while some suggested me to use CredentialHandler sub element rather than using digest. well that IS the suggested fix. https://tomcat.apache.org/tomcat-8.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm "This attribute is deprecated. Set the algorithm on a nested CredentialHandler element instead." You could probably always try the migration guide when you do a major version upgrade https://tomcat.apache.org/migration.html Unfortunately each version separate. Hope this helps. Peter https://stackoverflow.com/questions/41325893/tomcat-form-based-authentication-datasourcerealm-configuration-errors , https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/%3c564a60fb.70...@gmail.com%3e I couldn’t find public documentation from Apache foundation confirming that digest should not be used with Tomcat 9 . When I check docu provided with Tomcat 9 I don’t see attribute named digest listed under Memory Based Realm section https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm Can you confirm whether digest attribute can be still used in Tomcat 9 in realms, if yes then what should be the correct syntax to use it. If the use of digest is deprecated what should I be using instead? I have been using digest attribute in previous versions of Tomcat in realms and it used to work fine , problem is after Tomcat upgrade from Tomcat 6 to Tomcat 9. Regards Dheeraj Joshi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9_Setting property 'digest' to 'SHA-256'
> > Hi Team, > > > > I am getting warning “Setting property 'digest' to 'SHA-256' did not find > a matching property” in tomcat9-stderr.log when I use attribute "digest" > in realms. > > Snip from server.xml that i am using when i get error - > > autoDeploy="true"> > > /> > > > > If I remove digest="SHA-256" from line className="org.apache.catalina.realm.MemoryRealm" digest="SHA-256" /> and > restart tomcat service , I don’t see this warning after it. > > > > I did search for similar error reported by other users on internet but > couldn’t confirm whether I am doing correct configuration. Some people say > that digest attribute is removed since Tomcat 8.5 while some suggested me > to use CredentialHandler sub element rather than using digest. > > > > > https://stackoverflow.com/questions/41325893/tomcat-form-based-authentication-datasourcerealm-configuration-errors > , > https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/%3c564a60fb.70...@gmail.com%3e > > > > I couldn’t find public documentation from Apache foundation confirming > that digest should not be used with Tomcat 9 . When I check docu provided > with Tomcat 9 I don’t see attribute named digest listed under Memory > Based Realm section > > > > > https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm > > > > > Can you confirm whether digest attribute can be still used in Tomcat 9 in > realms, if yes then what should be the correct syntax to use it. If the use > of digest is deprecated what should I be using instead? > > > > I have been using digest attribute in previous versions of Tomcat in > realms and it used to work fine , problem is after Tomcat upgrade from > Tomcat 6 to Tomcat 9. > > Regards > Dheeraj Joshi > >>