Re: migrate to tomcat 9: application can not write files on system filder
Thanks for all people who replied to my question. I took Emmanuel Bourg's advice that did the trick. It works! On Monday, July 1, 2019, 02:53:11 PM PDT, Emmanuel Bourg wrote: Le 01/07/2019 à 19:55, W a écrit : > Hi,I am migrate from ubuntu 16.04 (server), mysql 5.7 and tomcat 8 to ubuntu > 18.04(server), mysql 8 and tomcat 9. > My application works on old system. Now when my application tries to write a > file on > a directory (permission allowed), there is an > error:java.nio.file.FileSystemException: /photoLogos/PERSON/-_~x: Read-only > file system The tomcat9 package on Debian/Ubuntu uses systemd and leverages its sandboxing feature to limit the write access to the conf, log, work and webapps directories by default. If you look at the package's README file (/usr/share/doc/tomcat9/README.Debian) you'll find the instructions to grant Tomcat write access to other directories: https://salsa.debian.org/java-team/tomcat9/blob/master/debian/README.Debian If write access to other directories is required the service settings have to be overridden. This is done by creating an override.conf file in /etc/systemd/system/tomcat9.service.d/ containing: [Service] ReadWritePaths=/path/to/the/directory/ The service has to be restarted afterward with: systemctl daemon-reload systemctl restart tomcat9 Emmanuel Bourg - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: migrate to tomcat 9: application can not write files on system filder
Le 01/07/2019 à 19:55, W a écrit : > Hi,I am migrate from ubuntu 16.04 (server), mysql 5.7 and tomcat 8 to ubuntu > 18.04(server), mysql 8 and tomcat 9. > My application works on old system. Now when my application tries to write a > file on > a directory (permission allowed), there is an > error:java.nio.file.FileSystemException: /photoLogos/PERSON/-_~x: Read-only > file system The tomcat9 package on Debian/Ubuntu uses systemd and leverages its sandboxing feature to limit the write access to the conf, log, work and webapps directories by default. If you look at the package's README file (/usr/share/doc/tomcat9/README.Debian) you'll find the instructions to grant Tomcat write access to other directories: https://salsa.debian.org/java-team/tomcat9/blob/master/debian/README.Debian If write access to other directories is required the service settings have to be overridden. This is done by creating an override.conf file in /etc/systemd/system/tomcat9.service.d/ containing: [Service] ReadWritePaths=/path/to/the/directory/ The service has to be restarted afterward with: systemctl daemon-reload systemctl restart tomcat9 Emmanuel Bourg - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: migrate to tomcat 9: application can not write files on system filder
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wayne, On 7/1/19 13:55, W wrote: > Hi,I am migrate from ubuntu 16.04 (server), mysql 5.7 and tomcat 8 > to ubuntu 18.04(server), mysql 8 and tomcat 9. My application works > on old system. Now when my application tries to write a file on a > directory (permission allowed), there is an > error:java.nio.file.FileSystemException: /photoLogos/PERSON/-_~x: > Read-only file system Exception: java.nio.file.FileSystemException: > /photoLogos/PERSON/-_~x: Read-only file system > java.nio.file.FileSystemException: /photoLogos/PERSON/-_~x: > Read-only file system at > java.base/sun.nio.fs.UnixException.translateToIOException(UnixExceptio n.java:100) > > at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.ja va:111) > at > java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException. java:116) > > at java.base/sun.nio.fs.UnixCopyFile.copyFile(UnixCopyFile.java:248) > at java.base/sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:493) at > java.base/sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvide r.java:263) > > at java.base/java.nio.file.Files.move(Files.java:1421)I can ssh to the server, manually write/read files on that directory. The directory > is set (for debug) as every one can write/read. So I belief that > the error is due to settings of tomcat 9.I need help. Any > information would be appreciated. Thanks in advance. Wayne > What do you get when you run: $ ls -l '/photoLogos/PERSON/-_~x' What is the euid/egid of the running Tomcat server? - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0aduUACgkQHPApP6U8 pFhwPRAAyQQjY5Q+KfO9GPsgrPDbPYxHDjdW+Rqp2uGXqLDB0FybrEnpEQ44/zYp 6UaysuuWvvZkne3bKXZVLaiMmXVtjVg0XTR8X1WtLgTddbLP+c76Uu80o/TY64py EmkzbOj6O5ZQQ9xEUxPYE/iPcpGGAETl1/QwK73UfYtf9K1VcNajDrE4RZjgmXLp 5QV0trofkQ5sGLBa5PVyf27HkWpy2zkYEXmpybxyQl3bzBJy3pNYZcZje1736Nv8 CrSEso5+bOWSf3BuwfS6xZ2xsc9xrw2+mX5ZN2z1KgRako7Da3HPkyipe4424Hfr hjUd/+CsSiNNO3phP5TSwJYJ+JRQ7pOLB3iw36oypxUi8F1CRAvVfgXhVraDD7vK 34IShRFIFgXDW499J0lQPiDeR0lu5riIlguLvvoKimHl8njs5SMUttSh8ltArhhz J1svJunsarBojjoijhP6CDQwIxQQIoUmh9LOKuMJtMRQMZOIMwPWHE5gzL/+B9pA jghOZPl6OPRZs4sQseb1jA8jl3nGrwcpSqm0gIjAEph4BzgB4Mr/6kAFxiTCvDqe aswp1kDynD2peF8RAfv3/vkVlv6tl4EwfoYXzckxfIvZwtL2BUyPg+B6l9Cz4rZV ZlwItI57c2OXPnw9Ul7115zkFRSA8FnYwvsVooBjcvRztf1Ks4Q= =O61T -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Empty Headers in response from Secure Websocket Upgrade request from Safari
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tom, On 7/1/19 12:17, Tom Kuo wrote: > I'm running Tomcat 8.5.39 on an ubuntu 18.04 server that is > experiencing some weird results when trying to upgrade a secure > websocket request from Safari. Safari is returning an "invalid > utf-8 sequence" in the browser console when processing the request, > looking at the response headers Well, if Safari is encountering an invalid utf-8 sequence, it's probably aborting immediately. > in Safari devTools i see that there are no response headers being > sent back. I also reproduce this Tomcat is being hosted on Windows > as well.> I turned on debugging on in Tomcat but didn't see > anything error out on Tomcat's side. Searching both safari & > tomcat forums didn't yield much about this particular scenario. > What's interesting is that a non ssl request works fine. Also > interestingly enough, when i hit another server using an Apache > reverse proxy to handle the SSL handshake and forward off to Tomcat > that also works. Are you able to put a packet analyzer into the mix? My guess is that part of the TLS handshake is being interpreted by Safari as response dat a. > I tried using the native libs and upgrading to the lastest openssl > but the request still fails. What is your configuration? Does this happen when using NIO+JSSE as well, or only JSSE+OpenSSL (or APR+OpenSSL)? > No other major browser seems to be doing this (Chrome, FF work > fine) I'm kinda at a lost as to why this one particular scenario > seems to be failing, any ideas? - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0adncACgkQHPApP6U8 pFjGTxAAgD6dO6InE5ZTw9PZw5lyif3vmie1UGPwcZhOSJCqZpFO5P4BpECkKtmX xWnlB0wE6EckGx5z7JwqtAukYmVFJHc0AcZTfK8exL2Y3deS6l94ZwGkiLp4Nzla nfa/HXFAeY0ZYInXA7TCMxlCCY+u7l8/4c44hRF1rjKFMB2LgDxxgJk6/tTZCnVX R5V9cD/vFM2LAP088DTy62/JA/7WiJRnoMpDGzCSS18CtCgrjmgvc08YY/+eCZnh eccE0/EOFsWz7cWPRPisfjScuHkYWlAFkOHKqUJPGLQ2U+yu9r80si+xmvlZBGLt 7fBZb7qllBZ6hO7vQlrg617TPHkGTezNyBw8cOKLtqWZiYDSi9G5PP4+UGYFZ6et ljeyDdS/YI2EFr1cN1sac1XWjX9iOXTGxXp+L3jxJP3YCrUS5a8xsn7fqjy5KjXy RxDjzvfyZxY41tWWxx2glCDGmYqAr4ZoaCSblQlpy0aw6NHtHKHUqtr74EuTf3Vo NtEtQVABGaTO7VCnTq/l7C+8BqlCRxBbQJyZJDL56gkB5pVW/ZTqQ8cKLwxN/Rq0 QW4ugljvoyaKG3KYyj89y2tvtdupA1OdCf8//yJTSKyVLQBiESvAwAblxdX1GqJ/ jvfyuitr2/BSEFcgOb+V0RX/dLcUx/scQrE4RT4qf1pzOpDmGkc= =sANa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
migrate to tomcat 9: application can not write files on system filder
Hi,I am migrate from ubuntu 16.04 (server), mysql 5.7 and tomcat 8 to ubuntu 18.04(server), mysql 8 and tomcat 9. My application works on old system. Now when my application tries to write a file on a directory (permission allowed), there is an error:java.nio.file.FileSystemException: /photoLogos/PERSON/-_~x: Read-only file system Exception: java.nio.file.FileSystemException: /photoLogos/PERSON/-_~x: Read-only file system java.nio.file.FileSystemException: /photoLogos/PERSON/-_~x: Read-only file system at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100) at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) at java.base/sun.nio.fs.UnixCopyFile.copyFile(UnixCopyFile.java:248) at java.base/sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:493) at java.base/sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvider.java:263) at java.base/java.nio.file.Files.move(Files.java:1421)I can ssh to the server, manually write/read files on that directory. The directory is set (for debug) as every one can write/read. So I belief that the error is due to settings of tomcat 9.I need help. Any information would be appreciated. Thanks in advance. Wayne
Empty Headers in response from Secure Websocket Upgrade request from Safari
I'm running Tomcat 8.5.39 on an ubuntu 18.04 server that is experiencing some weird results when trying to upgrade a secure websocket request from Safari. Safari is returning an "invalid utf-8 sequence" in the browser console when processing the request, looking at the response headers in Safari devTools i see that there are no response headers being sent back. I also reproduce this Tomcat is being hosted on Windows as well. I turned on debugging on in Tomcat but didn't see anything error out on Tomcat's side. Searching both safari & tomcat forums didn't yield much about this particular scenario. What's interesting is that a non ssl request works fine. Also interestingly enough, when i hit another server using an Apache reverse proxy to handle the SSL handshake and forward off to Tomcat that also works. I tried using the native libs and upgrading to the lastest openssl but the request still fails. No other major browser seems to be doing this (Chrome, FF work fine) I'm kinda at a lost as to why this one particular scenario seems to be failing, any ideas? Thanks, Tom
Re: Unable to start tomcat with Security Manager
Here's the error I see only when starting/using SecurityManager. If I start Tomcat without -secuirty, it loads fine. Greatly appreciated if someone can explain what this means and how I can fix it. TIA. 01-Jul-2019 05:59:21.623 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener javax.xml.parsers.FactoryConfigurationError: Provider org.apache.xerces.jaxp.DocumentBuilderFactoryImpl not found at javax.xml.parsers.DocumentBuilderFactory.newInstance(Unknown Source) at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:694) at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:618) at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:470) at org.apache.log4j.LogManager.(LogManager.java:122) at org.slf4j.impl.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:73) at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:243) at org.apache.commons.logging.impl.SLF4JLogFactory.getInstance(SLF4JLogFactory.java:155) at org.apache.commons.logging.impl.SLF4JLogFactory.getInstance(SLF4JLogFactory.java:131) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:655) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:282) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4710) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5135) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:917) at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1701) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) On Thu, Jun 27, 2019 at 10:12 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Jeff, > > Aha. There is a "SEVERE .. [/supportcentral] startup failed due to > previous errors". If no errors are showing in catalina.out, check the > other log files like perhaps locahost-*.log in your logs directory. > > At some point, the web application is failing to start (probably > because of a SecurityManager thing!) and this ungraceful shutdown is > just a symptom. You should definitely fix the symptom, too, but the > real cause of the failed startup should be in one of those log files. > > - -chris > > > Jeff, > > > > On 6/27/19 09:24, Jeff wrote: > Hello all, > > Hit a roadblock trying to start tomcat with Security Manager > and don't even know where to start looking. Any help would > be appreciated. > > catalina.out: 27-Jun-2019 06:01:57.627 INFO [main] > org.apache.catalina.core.StandardEngine.startInternal > Starting Servlet Engine: Apache Tomcat/8.0.17 27-Jun-2019 > 06:01:57.646 INFO [localhost-startStop-1] > org.apache.catalina.startup.HostConfig.deployDescriptor > Deploying configuration descriptor > /apps/supp/server/tomcat/apache-tomca > t-8.0.17-SupportCentral/conf/Catalina/localhost/host-manager.xml > > > 27-Jun-2019 06:01:58.060 INFO [localhost-startStop-1] > org.apache.jasper.servlet.TldScanner.scanJars At least one > JAR was scanned for TLDs yet contained no TLDs. Enable debug > logging for this logger for a complete list of JARs that were > scanned but no TLDs were found in them. Skipping unneeded > JARs during scanning can improve startup time and JSP > compilation time. 27-Jun-2019 06:01:58.167 INFO > [localhost-startStop-1] > org.apache.catalina.startup.HostConfig.deployDescriptor > Deployment of configuration descriptor >
RE: Login failing on Manager
Hi, Once I was stuck at the login pop up from Tomcat Manager too, and the problem was the credentials being encrypted by the server. I have no clue if you have this too but you can check in your server.xml file if there is a "digest" attribute inside your "realm" element. Then you can delete this attribute and try again to login. Cheers, Victor De : Jerry Malcolm Envoyé : dimanche 30 juin 2019 16:19:18 À : users@tomcat.apache.org Objet : Re: Login failing on Manager Bumping this one back up in the queue. Anybody have any idea what might be going on here? Thanks. Jerry On 6/24/2019 1:50 PM, Jerry Malcolm wrote: > I have several vHosts with 8-10 custom webapps per vHost (Tomcat > 9.0). I'm using SingleSignOn on all of the hosts with > container-managed security. Logging on using any of my own webapps is > rock-solid on all of the vHosts and has worked for years. But if I go > to the Tomcat manager app on any of the vHosts without being logged > in, manager presents its own login popup as I would expect. But it > will not accept my id/pw. If I go back to my main webapp on that > vHost and login there, THEN go to manager, it works fine. > > Yesterday I upgraded to the latest JSPWiki on all of the sites. After > the upgrade, now JSPWiki is doing the same thing. It accepts > credentials and works fine if I'm already logged in using my main site > webapp. But if I go to JSPWiki without logging in and try to login > using the JSPWiki login form, it refuses to log me on. > > What could cause manager and JSPWiki to not accept my login on their > own login screens, but still be completely happy to accept my > credentials if I login on another SingleSignOn webapp on the same > vHost? This one is baffling me > > Thx. > > Jerry > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
