Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[James H. H. Lampert]

Dear Mr. Schultz:

Delighted to hear from you, and delighted that you weighed in on this. 
You've already earned my undying respect and gratitude. This also allows 
us to drop one more cert that we have to pay for, and I think it could 
lead to an easy way to drop yet another.


On 4/9/20 3:31 PM, Christopher Schultz wrote:
. . .

First of all, definitely use mod_proxy and definitely use
mod_proxy_http (and not mod_proxy_ajp).


It seemed the more straightforward of the two options. And it was 
already there.



0. DO NOT TRY TO USE YOUR PROXY TO RE-WRITE URL-SPACES


And you still don't talk about Fight Club . . . ;P


If you have an application hosted on Tomcat in /foo then map it to
/foo on the proxy.


Done. That was also the advice I got from Mr. Eggers, and with multiple 
contexts, I saw no reason to copy that particular mistake that somewhat 
untrustworthy tutorial page.



1. Configure your Tomcat connector


I left it "stock"; given that I'm going to be removing the extra 
security group that temporarily gave me direct access to the Tomcat 
port, I saw no reason to go with a nonstandard port number.



2. Configure mod_proxy to act as a proxy

   ProxyRequests Off # this is to disable forward-proxying (!!)


Done, but that's the default anyway.


   ProxyPass /context1/ http://localhost:1234/context1/
   ProxyPassReverse /context1/ http://localhost:1234/context1/

3. Celebrate


Not much time for that: I'm still in the process of reconstructing a WAR 
file for one of the contexts. I had to reconstruct an Eclipse project in 
order to do so. And I'm not much more knowledgable about Eclipse than I 
am about httpd.



4. If localhost, use http; otherwise, use https. This requires a TLS
cert, which may be irritating to accomplish with an "internal" host.
Note that httpd isn't terribly picky about the signature on the TLS
certificate of the origin server (Tomcat), so you can self-sign if
you'd like.


It's localhost.


5. Without additional configuration on the Tomcat side, you'll find
that your access logs tell you that all visitors have the same IP
address (surprise! it's your reverse-proxy!). Have a look at the
RemoteIPValve[1] to get that all fixed up.


Not something we pay a lot of attention to.


6. If you have your static content files on the web server, you may be
able to improve performance a bit by NOT proxying requests to the
static content.

Not enough static content to bother with.


7. Adding more origin servers requires a slightly different
configuration.


Not even remotely enough traffic to warrant a load balancer. We have 
another product that's running behind a load balancer, in an Elastic 
Beanstalk stack; outside of torture-testing and some occasional early 
bugs, we haven't actually seen it spawn off a second node. Then again, 
that product is very new.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: 2 questions

[Mark Eggers]

On 4/9/2020 3:45 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Potentially off-topic, sorta, questions.
> 
> 
> 1. How do we get the latest versions of mod-jk.so tomcat connector 1.2.46 
> or 1.2.48? I see the binaries and such for IIS, but not .so versions.
> 
> 2. How, on windows, do we tell what version of mod-jk.so is currently in 
> use on Apache HTTP?
> 
> Asking here as it has to do with connecting to Tomcat. :)
> 
> 
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Asst Vice President
> 
> Middleware Product Engineering
> Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
> 
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
> Tel 515-988-2508 | Cell 515-988-2508
> 
> jonmcalexan...@wellsfargo.com
> 
> 
> This message may contain confidential and/or privileged information. If you 
> are not the addressee or authorized to receive this for the addressee, you 
> must not use, copy, disclose, or take any action based on this message or any 
> information herein. If you have received this message in error, please advise 
> the sender immediately by reply e-mail and delete this message. Thank you for 
> your cooperation.
> 
> 
Normally you have to build those yourself.

Some Linux distributions offer mod_jk in various repositories.

For Windows, you can download them from the Apache Lounge (1.2.46 last I
checked).

For Apache HTTPD, you can tell what's installed by looking at
server-info - ie., http://127.0.0.1/server-info/. This of course depends
on whether it's enabled. It's not by default. It also depends on what
the restrictions are. My Windows 10 machine is set to only allow
127(.0.0.1) in the Require directive.

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

2 questions

[jonmcalexander]

Potentially off-topic, sorta, questions.


1. How do we get the latest versions of mod-jk.so tomcat connector 1.2.46 
or 1.2.48? I see the binaries and such for IIS, but not .so versions.

2. How, on windows, do we tell what version of mod-jk.so is currently in 
use on Apache HTTP?

Asking here as it has to do with connecting to Tomcat. :)


Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President

Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com


This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[James H. H. Lampert]

On 4/9/20 1:37 PM, Peter Kreuser wrote:

It should be sufficient to just do a Location directive and then Require.


   Require 



Dear Herr Kreuser:

Thanks. I was beginning to wonder if Location might be the answer.

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

James,

On 4/6/20 15:53, James H. H. Lampert wrote:
> Here is the situation:
>
> We have an existing Amazon EC2 instance, running Amazon Linux 2,
> with an Apache httpd server already running our web sites (for
> argument's sake, "foo.com," "bar.com," and "baz.com."), and already
> getting its certs from Let's Encrypt, using "foo.com" as the CN,
> with "www.foo.com," "bar.com," "www.bar.com," "baz.com," and
> "www.baz.com" as SANs. And it seems to be working quite nicely.
>
> Now, we want to add a Tomcat server, which would then serve
> several webapp contexts at "qux.baz.com," and maybe also
> "corge.baz.com," running behind the httpd server (which is
> something I've never done before; I've always set up Tomcat
> directly facing the outside world, so with this, I frankly haven't
> a clue what I'm doing).
>
> First of all, which is currently considered the easier/better way
> to get Tomcat running behind httpd, given the above scenario?
> "mod_proxy," or "mod_jk?" Or is there something else I haven't
> heard of?
>
> Second of all, I found this step-by-step procedure.
>
>> https://preview.tinyurl.com/vwnutqj
>
> Is it any good?
>
> Third, am I correct in assuming that all we need to do in order for
> the existing Let's Encrypt setup to cover the new "qux" and
> "corge" subdomains is to add them to the SANs already listed?
>
> Finally, are there any "gotchas" I need to be concerned with?

I've just read through your saga thus-far, and I have some comments
that I hope will help you with your efforts.

First of all, definitely use mod_proxy and definitely use
mod_proxy_http (and not mod_proxy_ajp).

Once you have made those decisions (or had them made for you), it
should be as simple as this:

0. DO NOT TRY TO USE YOUR PROXY TO RE-WRITE URL-SPACES

If you have an application hosted on Tomcat in /foo then map it to
/foo on the proxy. If you want it on /bar, then re-name the darned
thing on the Tomcat side so it's got the context-path you want FIRST,
then map it through the proxy. To do otherwise is to descend into a
whirling maelstrom of unending pain and torture, and you'll get
nothing but "change your application context-path" responses if you
ask for help "fixing" your configuration so it works.

1. Configure your Tomcat connector



2. Configure mod_proxy to act as a proxy

  ProxyRequests Off # this is to disable forward-proxying (!!)

  ProxyPass /context1/ http://localhost:1234/context1/
  ProxyPassReverse /context1/ http://localhost:1234/context1/

3. Celebrate

There are a bunch of other things you can do, too.

Some additional thoughts:

4. If localhost, use http; otherwise, use https. This requires a TLS
cert, which may be irritating to accomplish with an "internal" host.
Note that httpd isn't terribly picky about the signature on the TLS
certificate of the origin server (Tomcat), so you can self-sign if
you'd like.

5. Without additional configuration on the Tomcat side, you'll find
that your access logs tell you that all visitors have the same IP
address (surprise! it's your reverse-proxy!). Have a look at the
RemoteIPValve[1] to get that all fixed up.

6. If you have your static content files on the web server, you may be
able to improve performance a bit by NOT proxying requests to the
static content. Be very careful with this: you probably do NOT want to:

  Alias /context1/ /var/tomcat/webapps/mywebapp/
  ProxyPassMatch /context1/.*\.xml !

With that configuration (which may be invalid; it's just an example),
any remote user can read your application's WEB-INF/web.xml file. Or
whatever else you have laying around. Make sure you secure your
disk-files from the incoming URL space.

7. Adding more origin servers requires a slightly different
configuration. It looks like this:

  
BalancerMember https://host1:1234/context1/
BalancerMember https://host2:1234/context1/
[etc]
  

  ProxyPass /context1/ balancer://context1
  ProxyPassReverse /context1/ balancer://context1

If you intend to use a load-balancer, you should make sure you read
all about the various parameters for the balancer members (like
timeouts, live-checks, ttl, etc.) to maintain a sane configuration.

I hope that helps,
- -chris

PS If ApacheCon NA happens this year, I'm expecting to give a talk on
migrating from mod_jk to mod_proxy if anyone if interested.

[1]
http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valv
e
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6Poj8ACgkQHPApP6U8
pFghpA/8DP8tbNTzoOC12dg1D3JxI9QFEB1psXv8yZcqhNzYy5fr7iWm9aWAQJYC
j5TuBD4lbp3dR2jzjVFu7BKUDX/vwLdqQyZ3+EedBZQbMia5sq4tHDxce9oOzC52
nrAcJfvISuMVcfY6UE6VfYTIaRCO4V3GdRo2r0d2E6+tjnZxYYyIu8HsORZy7BRK
+NVRJOUllbNVM13F7SqCE+JnOqO+v718Suj6ClxwiIDaXwb0POKr9YZgdapeiuYX
k/OMf9iyf74+3IW2Aub4b8/ufT53jrr/LYcn24aQzt+n2lxzoe9bZcAMkDevNjSN

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Peter Kreuser]

Mark, James

> Am 09.04.2020 um 22:14 schrieb Mark Eggers :
> 
> James,
> 
>> On 4/9/2020 12:11 PM, James H. H. Lampert wrote:
>>> On 4/6/20 2:13 PM, Mark Eggers wrote:
>>> # Secure your proxy - localhost for now - this is IMPORTANT
>>> 
>>>Require ip 127
>>> 
>> 

Isn‘t this for CONNECT Requests?
The Backend proxying happens with GET POST PUT to httpd and then apache opens 
the connect to backend.
No Proxying in the sense of the PROXY directive...

>> Dear Mr. Eggers:
>> 
>> It seems I was right about how what you said about this, and what the
>> docs say about it, appeared to contradict each other: with that in the
>> VirtualHost with the ProxyPass and ProxyPassReverse directives, it
>> blocked all outside access through the proxy.
>> 
>> Once I commented out those lines, I got proxied straight to the default
>> ROOT context.
>> 
>> Then, when I reactivated the valve in the manager app, I found that I
>> was still able to get into it via the proxy, but not directly.
>> 
>> I've now put this in
>>> https://qux.baz.com/manager;>
>>>  Require ip xx.yy.zz.qq
>>> 
>>> https://corge.bax.com/manager;>
>>>  Require ip xx.yy.zz.qq
>>> 
>> 

It should be sufficient to just do a Location directive and then Require.


  Require 


Maybe also LocationMatch.

>> where xx.yy.zz.qq is my office IP address. I could get in just fine.
>> Then I changed the IP address to something different, restarted my
>> browser, and I could still get in. I also tried it with "/*" on the ends
>> of the URLs, and with "/html" on the ends, and with "/html/*" on the
>> ends. I also went back to the original "*" on one of them, and it went
>> back to locking me out of everything. Something doesn't seem right here.
>> 
> 
> I'll play with this a little later.

Me too. 
> 
> Please note that when you change Apache HTTPD configurations you must
> restart Apache HTTPD.
> 

An apachectl graceful reloads the config without downtime.

> This is one of the reasons why I prefer mod_jk. I can change the mapped
> URLs on the fly without having to restart Apache HTTPD (albeit with some
> small hit to performance).
> 
> The way that I have things set up for a client is to have a machine with
> two interfaces and use an  directive in server.xml.
> 
> I then run an additional HTTP/1.1 connector and bind it to the internal
> interface only. The internal interface is protected by VPN with a two
> factor authentication.
> 
Interesting idea.


> I could further protect the sensitive applications by using the remote
> address filter and restricting access to the management and build
> systems subnets.
> 
> To access the manager application, you have to connect to the VPN, and
> then browse to the following:
> 
> http://internal.dns.domain.com:port/manager/html
> 
> This will will bring up a manager interface that is appropriate for:
> 
> https://external.dns..domain.com
> 
> and all the applications running there. This is mostly used by the
> client's internal Jenkins build system to publish applications to the
> appropriate Tomcat server. It can also be used by a JMX application for
> Tomcat monitoring.
> 
> My urimapping.properties file contains lines like:
> 
> !/manager|/*=worker_name
> !/jmxmonitor|/*=worker_name
> 
> This blocks proxying the manager and JMX applications by mod_jk.
> 
> This has been running in production since I set it up, and has survived
> both random script kiddie attacks and security audits by the client's
> customers.
> 
> You could look at mimicking this behavior with mod_proxy by using an
> exclamation mark (not tested).
> 
> Something like the following:
> 
> ProxyPass /manager !
> ProxyPass /jmxmonitor !
> 
> per the documentation here:
> 
> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
> 
> Apparently, the documentation would recommend something like the following:
> 
> 
>ProxyPass "!"
> 
> 
>ProxyPass "!"
> 
> 
> I think that the above is probably easier to read and more specific.
> Place the directives in the appropriate virtual host.
> 
> You could also be more expressive with LocationMatch and regular
> expressions.
> 
> Once this is done you could access the manager application directly by
> using the appropriate port and configuring AWS's firewall rules to allow
> your office IP address through the port.
> 
> Again, I have not tried this since I use mod_jk.  Again, please remember
> to restart Apache HTTPD after any configuration changes.
> 
> 
> . . . just my two cents
> /mde/

Peter
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[Mark Eggers]

James,

On 4/9/2020 12:11 PM, James H. H. Lampert wrote:
> On 4/6/20 2:13 PM, Mark Eggers wrote:
>> # Secure your proxy - localhost for now - this is IMPORTANT
>> 
>>    Require ip 127
>> 
> 
> Dear Mr. Eggers:
> 
> It seems I was right about how what you said about this, and what the
> docs say about it, appeared to contradict each other: with that in the
> VirtualHost with the ProxyPass and ProxyPassReverse directives, it
> blocked all outside access through the proxy.
> 
> Once I commented out those lines, I got proxied straight to the default
> ROOT context.
> 
> Then, when I reactivated the valve in the manager app, I found that I
> was still able to get into it via the proxy, but not directly.
> 
> I've now put this in
>> https://qux.baz.com/manager;>
>>  Require ip xx.yy.zz.qq
>> 
>> https://corge.bax.com/manager;>
>>  Require ip xx.yy.zz.qq
>> 
> 
> where xx.yy.zz.qq is my office IP address. I could get in just fine.
> Then I changed the IP address to something different, restarted my
> browser, and I could still get in. I also tried it with "/*" on the ends
> of the URLs, and with "/html" on the ends, and with "/html/*" on the
> ends. I also went back to the original "*" on one of them, and it went
> back to locking me out of everything. Something doesn't seem right here.
> 

I'll play with this a little later.

Please note that when you change Apache HTTPD configurations you must
restart Apache HTTPD.

This is one of the reasons why I prefer mod_jk. I can change the mapped
URLs on the fly without having to restart Apache HTTPD (albeit with some
small hit to performance).

The way that I have things set up for a client is to have a machine with
two interfaces and use an  directive in server.xml.

I then run an additional HTTP/1.1 connector and bind it to the internal
interface only. The internal interface is protected by VPN with a two
factor authentication.

I could further protect the sensitive applications by using the remote
address filter and restricting access to the management and build
systems subnets.

To access the manager application, you have to connect to the VPN, and
then browse to the following:

http://internal.dns.domain.com:port/manager/html

This will will bring up a manager interface that is appropriate for:

https://external.dns..domain.com

and all the applications running there. This is mostly used by the
client's internal Jenkins build system to publish applications to the
appropriate Tomcat server. It can also be used by a JMX application for
Tomcat monitoring.

My urimapping.properties file contains lines like:

!/manager|/*=worker_name
!/jmxmonitor|/*=worker_name

This blocks proxying the manager and JMX applications by mod_jk.

This has been running in production since I set it up, and has survived
both random script kiddie attacks and security audits by the client's
customers.

You could look at mimicking this behavior with mod_proxy by using an
exclamation mark (not tested).

Something like the following:

ProxyPass /manager !
ProxyPass /jmxmonitor !

per the documentation here:

https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass

Apparently, the documentation would recommend something like the following:


ProxyPass "!"


ProxyPass "!"


I think that the above is probably easier to read and more specific.
Place the directives in the appropriate virtual host.

You could also be more expressive with LocationMatch and regular
expressions.

Once this is done you could access the manager application directly by
using the appropriate port and configuring AWS's firewall rules to allow
your office IP address through the port.

Again, I have not tried this since I use mod_jk.  Again, please remember
to restart Apache HTTPD after any configuration changes.


. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

[Manuel Dominguez Sarmiento]

Hi, we're reviewing our logs, are we are ocasionally getting the 
following stack traces:


09-Apr-2020 11:29:19.489 INFO [tomcat-http-81] 
org.apache.coyote.http11.Http11Processor.service Error parsing HTTP 
request header
 Note: further occurrences of HTTP request parsing errors will be 
logged at DEBUG level.
    java.lang.IllegalArgumentException: Invalid character found in 
the request target. The valid characters are defined in RFC 7230 and RFC 
3986
    at 
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:488)
    at 
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
    at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1594)
    at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
    at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
    at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)


We understand this is a consequence of malformed requests, but we cannot 
seem to pinpoint the cause. It seems these are clients outside of our 
control (our servers are public-facing). The AccessLogValve does not log 
these requests, so we cannot figure out what the request line is. Is 
there any way logging could be improved in order to find out what is 
causing this?


BTW, we're on Tomcat 9.0.33

*Manuel Dominguez Sarmiento*

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

[James H. H. Lampert]

On 4/6/20 2:13 PM, Mark Eggers wrote:

# Secure your proxy - localhost for now - this is IMPORTANT

   Require ip 127



Dear Mr. Eggers:

It seems I was right about how what you said about this, and what the 
docs say about it, appeared to contradict each other: with that in the 
VirtualHost with the ProxyPass and ProxyPassReverse directives, it 
blocked all outside access through the proxy.


Once I commented out those lines, I got proxied straight to the default 
ROOT context.


Then, when I reactivated the valve in the manager app, I found that I 
was still able to get into it via the proxy, but not directly.


I've now put this in

https://qux.baz.com/manager;>
 Require ip xx.yy.zz.qq

https://corge.bax.com/manager;>
 Require ip xx.yy.zz.qq



where xx.yy.zz.qq is my office IP address. I could get in just fine. 
Then I changed the IP address to something different, restarted my 
browser, and I could still get in. I also tried it with "/*" on the ends 
of the URLs, and with "/html" on the ends, and with "/html/*" on the 
ends. I also went back to the original "*" on one of them, and it went 
back to locking me out of everything. Something doesn't seem right here.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.34]

[Bill Stewart]

Please see here:

https://github.com/Bill-Stewart/ApacheTomcatSetup

The Setup executable is available on the Releases tab.

Bill

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.34 available

[Bill Stewart]

On Thu, Apr 9, 2020 at 10:54 AM Mark Thomas wrote:

> The correct SHA512 is:
> 2bb67b23dc4fd484026f1a8b382f8fe3693644b45576f835f3822d4627e1c1a5c395b054c66cb7b50a29ac591389bdd6b9d2fe42de9fdfb0f4dd38bdeb58027f

Thank you. The issue was my download had somehow gotten corrupted. I
downloaded the file again and all is well.

(Lesson learned: Verify file hash.)

My apologies for the unnecessary noise in this list.

Bill

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.34 available

[Mark Thomas]

On 09/04/2020 17:50, Bill Stewart wrote:
> On Thu, Apr 9, 2020 at 10:41 AM Bill Stewart wrote:
>>
>> On Thu, Apr 9, 2020 at 10:36 AM Mark Thomas wrote:
>>
>>> Where did you get that zip file from?
>>
>> https://tomcat.apache.org/download-90.cgi
>>
>> (Not sure which specific mirror was used; I since navigated elsewhere)

Hmm. Can you tell me which mirror you get when you try again. That will
at least point me to the correct group of mirrors

>>> What is the SHA512 hash of the zip file you downloaded?
>>
>> DA20C41125C879B193C1B3AE9A6728E3CA5A9C5CF9F97C54AE81585D7D942D91526FD62D663A0A09483373205F8B2745A6F02F9AE441F8979429C59189D4A72E

That SHA512 does not match the SHA512 listed on tomcat.apache.org for
apache-tomcat-9.0.34-windows-x64.zip

The correct SHA512 is:
2bb67b23dc4fd484026f1a8b382f8fe3693644b45576f835f3822d4627e1c1a5c395b054c66cb7b50a29ac591389bdd6b9d2fe42de9fdfb0f4dd38bdeb58027f

>>> Did you download over HTTPS?
>>
>> Yes.
> 
> Also missing: tomcat9.exe

That makes me think something in your network intercepted the zip file
and removed the .dll and .exe content. But downloading over HTTPS should
have prevented that unless you are behind a particular invasive
corporate firewall.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.34 available

[Rémy Maucherat]

On Thu, Apr 9, 2020 at 6:36 PM Mark Thomas  wrote:

> On 09/04/2020 17:27, Mark Thomas wrote:
> > On 09/04/2020 17:16, Bill Stewart wrote:
> >> On Thu, Apr 9, 2020 at 9:08 AM Mark Thomas  wrote:
> >>
> >>> The Apache Tomcat team announces the immediate availability of Apache
> >>> Tomcat 9.0.34.
> >>
> >> Thank you.
> >>
> >> FYI: The file tcnative-1.dll is missing from the
> >> 'apache-tomcat-9.0.34-windows-x64.zip' distribution.
> >
> > That is strange. The release build process is scripted so that sort of
> > thing shouldn't happen. Let me take a look.
>
> Bill,
>
> I'm not seeing this.
>
> The file "tcnative-1.dll" is present in the "bin" directory in the zip
> file generated by the build process (this happens on a dedicated VM and
> I keep the previous build directory until I start the next point release
> for that version).
>

It looks fine for me as well.

Rémy


>
> The file "tcnative-1.dll" is present in the "bin" directory in the zip
> file I downloaded from tomcat.apache.org
>
> I also confirmed that the SHA512 hashes were the same for both zip files
> confirming that nothing changed between the version I built and the file
> that is available on the download page.
>
> Where did you get that zip file from?
> What is the SHA512 hash of the zip file you downloaded?
> Did you download over HTTPS?
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: [ANN] Apache Tomcat 9.0.34 available

[Bill Stewart]

On Thu, Apr 9, 2020 at 10:41 AM Bill Stewart wrote:
>
> On Thu, Apr 9, 2020 at 10:36 AM Mark Thomas wrote:
>
> > Where did you get that zip file from?
>
> https://tomcat.apache.org/download-90.cgi
>
> (Not sure which specific mirror was used; I since navigated elsewhere)
>
> > What is the SHA512 hash of the zip file you downloaded?
>
> DA20C41125C879B193C1B3AE9A6728E3CA5A9C5CF9F97C54AE81585D7D942D91526FD62D663A0A09483373205F8B2745A6F02F9AE441F8979429C59189D4A72E
>
> > Did you download over HTTPS?
>
> Yes.

Also missing: tomcat9.exe

Bill

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.34 available

[Bill Stewart]

On Thu, Apr 9, 2020 at 10:36 AM Mark Thomas  wrote:

> Where did you get that zip file from?

https://tomcat.apache.org/download-90.cgi

(Not sure which specific mirror was used; I since navigated elsewhere)

> What is the SHA512 hash of the zip file you downloaded?

DA20C41125C879B193C1B3AE9A6728E3CA5A9C5CF9F97C54AE81585D7D942D91526FD62D663A0A09483373205F8B2745A6F02F9AE441F8979429C59189D4A72E

> Did you download over HTTPS?

Yes.

Bill

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.34 available

[Mark Thomas]

On 09/04/2020 17:27, Mark Thomas wrote:
> On 09/04/2020 17:16, Bill Stewart wrote:
>> On Thu, Apr 9, 2020 at 9:08 AM Mark Thomas  wrote:
>>
>>> The Apache Tomcat team announces the immediate availability of Apache
>>> Tomcat 9.0.34.
>>
>> Thank you.
>>
>> FYI: The file tcnative-1.dll is missing from the
>> 'apache-tomcat-9.0.34-windows-x64.zip' distribution.
> 
> That is strange. The release build process is scripted so that sort of
> thing shouldn't happen. Let me take a look.

Bill,

I'm not seeing this.

The file "tcnative-1.dll" is present in the "bin" directory in the zip
file generated by the build process (this happens on a dedicated VM and
I keep the previous build directory until I start the next point release
for that version).

The file "tcnative-1.dll" is present in the "bin" directory in the zip
file I downloaded from tomcat.apache.org

I also confirmed that the SHA512 hashes were the same for both zip files
confirming that nothing changed between the version I built and the file
that is available on the download page.

Where did you get that zip file from?
What is the SHA512 hash of the zip file you downloaded?
Did you download over HTTPS?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.34 available

[Mark Thomas]

On 09/04/2020 17:16, Bill Stewart wrote:
> On Thu, Apr 9, 2020 at 9:08 AM Mark Thomas  wrote:
> 
>> The Apache Tomcat team announces the immediate availability of Apache
>> Tomcat 9.0.34.
> 
> Thank you.
> 
> FYI: The file tcnative-1.dll is missing from the
> 'apache-tomcat-9.0.34-windows-x64.zip' distribution.

That is strange. The release build process is scripted so that sort of
thing shouldn't happen. Let me take a look.

Thanks for the heads up.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.34 available

[Bill Stewart]

On Thu, Apr 9, 2020 at 9:08 AM Mark Thomas  wrote:

> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.34.

Thank you.

FYI: The file tcnative-1.dll is missing from the
'apache-tomcat-9.0.34-windows-x64.zip' distribution.

Bill

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] Apache Tomcat 8.5.54 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.54.

Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers technologies.

Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled
forward from the 9.0.x branch. The notable changes since 8.5.53 include:

- Add support for default values when using ${...} property replacement
  in configuration files. Based on a pull request provided by Bernd
  Bohmann.

- When configuring an HTTP Connector, warn if the encoding specified for
  URIEncoding is not a superset of US-ASCII as required by RFC7230.

- Replace the system property
  org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the
  Connector attribute encodedSolidusHandling that adds an additional
  option to pass the %2f sequence through to the application without
  decoding it in addition to rejecting such sequences and decoding such
  sequences.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html


Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 7.x and 8.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] Apache Tomcat 9.0.34 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.34.

Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 9.0.34 is a bugfix and feature release. The notable
changes compared to 9.0.33 include:

- Add support for default values when using ${...} property replacement
  in configuration files. Based on a pull request provided by Bernd
  Bohmann.

- When configuring an HTTP Connector, warn if the encoding specified for
  URIEncoding is not a superset of US-ASCII as required by RFC7230.

- Replace the system property
  org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the
  Connector attribute encodedSolidusHandling that adds an additional
  option to pass the %2f sequence through to the application without
  decoding it in addition to rejecting such sequences and decoding such
  sequences.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html


Downloads:
http://tomcat.apache.org/download-90.cgi

Migration guides from Apache Tomcat 7.x and 8.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] Apache Tomcat 10.0.0-M4 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M4.

Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Users of Tomcat 10 onwards should be aware that, as a result of the move
from Java EE to Jakarta EE as part of the transfer of Java EE to the
Eclipse Foundation, the primary package for all implemented APIs has
changed from javax.* to jakarta.*. This will almost certainly require
code changes to enable applications to migrate from Tomcat 9 and earlier
to Tomcat 10 and later. A migration tool is under development to aid
this process.

Apache Tomcat 10.0.0-M4 is a milestone release of the 10.0.x
branch and has been made to provide users with early access to the new
features in Apache Tomcat 10.0.x so that they may provide feedback. The
notable changes compared to 10.0.0-M3 include:

- Replace configuration via system property with configuration via an
  attribute on the appropriate element where practical. A large number
  of system properties have been replaced.

- Add support for default values when using ${...} property replacement
  in configuration files. Based on a pull request provided by Bernd
  Bohmann.

- Replace the system property
  org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the
  Connector attribute encodedSolidusHandling that adds an additional
  option to pass the %2f sequence through to the application without
  decoding it in addition to rejecting such sequences and decoding such
  sequences.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-10.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-10.cgi

Migration guides from Apache Tomcat 7.0.x, 8.5.x and 9.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Error occurred while upgrading BPM application to Tomcat 8.5.53

[Mark Thomas]

On April 9, 2020 8:49:05 AM UTC, Kushagra Bindal  
wrote:
>Yes Mark. :) This discussion is also going on.
>
>But is there anything configuration changes which I can try at my end
>as
>well.

It is difficult to provide advice on how to fix a broken web application  when 
we don't have access to the application let alone the source code.

It looks like there are multiple versions of the same JAR in WEB-INF/lib or 
possibly elsewhere on the class path. I'd start by removing all the duplicates 
/ older versions. The tricky part will be which ones to keep and which to 
remove. Generally you'll want the latest version and if a version of a JAR is 
in Tomcats lib directory then a version probably needs to be there.

Mark

>
>On Thu, Apr 9, 2020 at 2:14 PM Mark Thomas  wrote:
>
>> On 09/04/2020 09:35, Kushagra Bindal wrote:
>> > Thanks Luis. But we have different vulnerabilities till 8.5.40
>version.
>> >
>> >
>>
>https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/Apache-Tomcat.html
>> >
>> >
>> > That is why we are upgrading to latest 8.5 series version. Can
>someone
>> > please help in resolving this issue?
>>
>> This looks like an issue you'll need to take up with Alfresco
>support.
>>
>> Mark
>>
>>
>> >
>> > On Thu, Apr 9, 2020 at 1:43 PM Luis Rodríguez Fernández <
>> uo67...@gmail.com>
>> > wrote:
>> >
>> >> Hello Kushagra,
>> >>
>> >> Regarding the supported platform matrix [1] it looks like the
>tomcat
>> >> version should be Tomcat 8.5.28
>> >>
>> >> Hope it helps,
>> >>
>> >> Luis
>> >>
>> >> [1]
>> >>
>> >>
>>
>https://docs.alfresco.com/process-services1.10/concepts/supported-platforms.html
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> El jue., 9 abr. 2020 a las 9:53, Kushagra Bindal (<
>> >> bindal.kusha...@gmail.com>)
>> >> escribió:
>> >>
>> >>> Hi,
>> >>>
>> >>> We are currently using Alfresco APS 1.10.0 version. It is working
>> >> smoothly
>> >>> with 8.5.24 version.
>> >>>
>> >>> But while upgrading this to Tomcat 8.5.53 we are encountering
>below
>> >> error.
>> >>>
>> >>> 08-Apr-2020 08:46:07.951 WARNING [localhost-startStop-1]
>> >>> org.apache.catalina.startup.SetContextPropertiesRule.begin
>> >>> [SetContextPropertiesRule]{Context} Setting property 'debug' to
>'100'
>> did
>> >>> not find a matching property.
>> >>> 08-Apr-2020 08:46:13.919 SEVERE [localhost-startStop-1]
>> >>> org.apache.catalina.core.ContainerBase.addChildInternal
>> >>> ContainerBase.addChild: start:
>> >>> org.apache.catalina.LifecycleException: Failed to start component
>> >>>
>> >>>
>> >>
>>
>[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
>> >>> at
>org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
>> >>> at
>> >>
>org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
>> >>> at
>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
>> >>> at
>> >>
>java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>> >>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> >>> at java.lang.Thread.run(Thread.java:745)
>> >>> Caused by: java.lang.IllegalArgumentException: More than one
>fragment
>> >> with
>> >>> the name [spring_web] was found. This is not legal with relative
>> >> ordering.
>> >>> See section 8.2.2 2c of the Servlet specification for details.
>Consider
>> >>> using absolute ordering.
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2200)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2159)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1131)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:776)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
>> >>> at
>> >>>
>> >>>
>> >>
>>
>org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5065)
>> >>> at
>org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
>> >>> ... 10 more
>> >>> 08-Apr-2020 08:46:13.921 

Re: Error occurred while upgrading BPM application to Tomcat 8.5.53

[Kushagra Bindal]

Yes Mark. :) This discussion is also going on.

But is there anything configuration changes which I can try at my end as
well.

On Thu, Apr 9, 2020 at 2:14 PM Mark Thomas  wrote:

> On 09/04/2020 09:35, Kushagra Bindal wrote:
> > Thanks Luis. But we have different vulnerabilities till 8.5.40 version.
> >
> >
> https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/Apache-Tomcat.html
> >
> >
> > That is why we are upgrading to latest 8.5 series version. Can someone
> > please help in resolving this issue?
>
> This looks like an issue you'll need to take up with Alfresco support.
>
> Mark
>
>
> >
> > On Thu, Apr 9, 2020 at 1:43 PM Luis Rodríguez Fernández <
> uo67...@gmail.com>
> > wrote:
> >
> >> Hello Kushagra,
> >>
> >> Regarding the supported platform matrix [1] it looks like the tomcat
> >> version should be Tomcat 8.5.28
> >>
> >> Hope it helps,
> >>
> >> Luis
> >>
> >> [1]
> >>
> >>
> https://docs.alfresco.com/process-services1.10/concepts/supported-platforms.html
> >>
> >>
> >>
> >>
> >>
> >>
> >> El jue., 9 abr. 2020 a las 9:53, Kushagra Bindal (<
> >> bindal.kusha...@gmail.com>)
> >> escribió:
> >>
> >>> Hi,
> >>>
> >>> We are currently using Alfresco APS 1.10.0 version. It is working
> >> smoothly
> >>> with 8.5.24 version.
> >>>
> >>> But while upgrading this to Tomcat 8.5.53 we are encountering below
> >> error.
> >>>
> >>> 08-Apr-2020 08:46:07.951 WARNING [localhost-startStop-1]
> >>> org.apache.catalina.startup.SetContextPropertiesRule.begin
> >>> [SetContextPropertiesRule]{Context} Setting property 'debug' to '100'
> did
> >>> not find a matching property.
> >>> 08-Apr-2020 08:46:13.919 SEVERE [localhost-startStop-1]
> >>> org.apache.catalina.core.ContainerBase.addChildInternal
> >>> ContainerBase.addChild: start:
> >>> org.apache.catalina.LifecycleException: Failed to start component
> >>>
> >>>
> >>
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
> >>> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
> >>> at
> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
> >>> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
> >>> at
> >> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> >>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> >>> at
> >>>
> >>>
> >>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> >>> at
> >>>
> >>>
> >>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> >>> at java.lang.Thread.run(Thread.java:745)
> >>> Caused by: java.lang.IllegalArgumentException: More than one fragment
> >> with
> >>> the name [spring_web] was found. This is not legal with relative
> >> ordering.
> >>> See section 8.2.2 2c of the Servlet specification for details. Consider
> >>> using absolute ordering.
> >>> at
> >>>
> >>>
> >>
> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2200)
> >>> at
> >>>
> >>>
> >>
> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2159)
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1131)
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:776)
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5065)
> >>> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
> >>> ... 10 more
> >>> 08-Apr-2020 08:46:13.921 SEVERE [localhost-startStop-1]
> >>> org.apache.catalina.startup.HostConfig.deployDirectory Error deploying
> >> web
> >>> application directory [/usr/local/tomcat/webapps/bpm-designer]
> >>> java.lang.IllegalStateException: ContainerBase.addChild: start:
> >>> org.apache.catalina.LifecycleException: Failed to start component
> >>>
> >>>
> >>
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
> >>> at
> >>>
> >>>
> >>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:747)
> >>> at
> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
> >>> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
> >>> at
> >>>
> >>>
> >>
> 

Re: Error occurred while upgrading BPM application to Tomcat 8.5.53

[Mark Thomas]

On 09/04/2020 09:35, Kushagra Bindal wrote:
> Thanks Luis. But we have different vulnerabilities till 8.5.40 version.
> 
> https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/Apache-Tomcat.html
> 
> 
> That is why we are upgrading to latest 8.5 series version. Can someone
> please help in resolving this issue?

This looks like an issue you'll need to take up with Alfresco support.

Mark


> 
> On Thu, Apr 9, 2020 at 1:43 PM Luis Rodríguez Fernández 
> wrote:
> 
>> Hello Kushagra,
>>
>> Regarding the supported platform matrix [1] it looks like the tomcat
>> version should be Tomcat 8.5.28
>>
>> Hope it helps,
>>
>> Luis
>>
>> [1]
>>
>> https://docs.alfresco.com/process-services1.10/concepts/supported-platforms.html
>>
>>
>>
>>
>>
>>
>> El jue., 9 abr. 2020 a las 9:53, Kushagra Bindal (<
>> bindal.kusha...@gmail.com>)
>> escribió:
>>
>>> Hi,
>>>
>>> We are currently using Alfresco APS 1.10.0 version. It is working
>> smoothly
>>> with 8.5.24 version.
>>>
>>> But while upgrading this to Tomcat 8.5.53 we are encountering below
>> error.
>>>
>>> 08-Apr-2020 08:46:07.951 WARNING [localhost-startStop-1]
>>> org.apache.catalina.startup.SetContextPropertiesRule.begin
>>> [SetContextPropertiesRule]{Context} Setting property 'debug' to '100' did
>>> not find a matching property.
>>> 08-Apr-2020 08:46:13.919 SEVERE [localhost-startStop-1]
>>> org.apache.catalina.core.ContainerBase.addChildInternal
>>> ContainerBase.addChild: start:
>>> org.apache.catalina.LifecycleException: Failed to start component
>>>
>>>
>> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
>>> at
>>>
>>>
>> org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
>>> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
>>> at
>>>
>>>
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
>>> at
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
>>> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
>>> at
>>>
>>>
>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
>>> at
>>>
>>>
>> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
>>> at
>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>> at
>>>
>>>
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>> at
>>>
>>>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>> at java.lang.Thread.run(Thread.java:745)
>>> Caused by: java.lang.IllegalArgumentException: More than one fragment
>> with
>>> the name [spring_web] was found. This is not legal with relative
>> ordering.
>>> See section 8.2.2 2c of the Servlet specification for details. Consider
>>> using absolute ordering.
>>> at
>>>
>>>
>> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2200)
>>> at
>>>
>>>
>> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2159)
>>> at
>>>
>>>
>> org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1131)
>>> at
>>>
>>>
>> org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:776)
>>> at
>>>
>>>
>> org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
>>> at
>>>
>>>
>> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
>>> at
>>>
>>>
>> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5065)
>>> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
>>> ... 10 more
>>> 08-Apr-2020 08:46:13.921 SEVERE [localhost-startStop-1]
>>> org.apache.catalina.startup.HostConfig.deployDirectory Error deploying
>> web
>>> application directory [/usr/local/tomcat/webapps/bpm-designer]
>>> java.lang.IllegalStateException: ContainerBase.addChild: start:
>>> org.apache.catalina.LifecycleException: Failed to start component
>>>
>>>
>> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
>>> at
>>>
>>>
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:747)
>>> at
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
>>> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
>>> at
>>>
>>>
>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
>>> at
>>>
>>>
>> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
>>> at
>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>> at
>>>
>>>
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>> at
>>>
>>>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>> at java.lang.Thread.run(Thread.java:745)
>>> 08-Apr-2020 

Re: Error occurred while upgrading BPM application to Tomcat 8.5.53

[Kushagra Bindal]

Thanks Luis. But we have different vulnerabilities till 8.5.40 version.

https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/Apache-Tomcat.html


That is why we are upgrading to latest 8.5 series version. Can someone
please help in resolving this issue?

On Thu, Apr 9, 2020 at 1:43 PM Luis Rodríguez Fernández 
wrote:

> Hello Kushagra,
>
> Regarding the supported platform matrix [1] it looks like the tomcat
> version should be Tomcat 8.5.28
>
> Hope it helps,
>
> Luis
>
> [1]
>
> https://docs.alfresco.com/process-services1.10/concepts/supported-platforms.html
>
>
>
>
>
>
> El jue., 9 abr. 2020 a las 9:53, Kushagra Bindal (<
> bindal.kusha...@gmail.com>)
> escribió:
>
> > Hi,
> >
> > We are currently using Alfresco APS 1.10.0 version. It is working
> smoothly
> > with 8.5.24 version.
> >
> > But while upgrading this to Tomcat 8.5.53 we are encountering below
> error.
> >
> > 08-Apr-2020 08:46:07.951 WARNING [localhost-startStop-1]
> > org.apache.catalina.startup.SetContextPropertiesRule.begin
> > [SetContextPropertiesRule]{Context} Setting property 'debug' to '100' did
> > not find a matching property.
> > 08-Apr-2020 08:46:13.919 SEVERE [localhost-startStop-1]
> > org.apache.catalina.core.ContainerBase.addChildInternal
> > ContainerBase.addChild: start:
> > org.apache.catalina.LifecycleException: Failed to start component
> >
> >
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
> > at
> >
> >
> org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
> > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
> > at
> >
> >
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
> > at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
> > at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
> > at
> >
> >
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
> > at
> >
> >
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
> > at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> > at
> >
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> > at
> >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> > at java.lang.Thread.run(Thread.java:745)
> > Caused by: java.lang.IllegalArgumentException: More than one fragment
> with
> > the name [spring_web] was found. This is not legal with relative
> ordering.
> > See section 8.2.2 2c of the Servlet specification for details. Consider
> > using absolute ordering.
> > at
> >
> >
> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2200)
> > at
> >
> >
> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2159)
> > at
> >
> >
> org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1131)
> > at
> >
> >
> org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:776)
> > at
> >
> >
> org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
> > at
> >
> >
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
> > at
> >
> >
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5065)
> > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
> > ... 10 more
> > 08-Apr-2020 08:46:13.921 SEVERE [localhost-startStop-1]
> > org.apache.catalina.startup.HostConfig.deployDirectory Error deploying
> web
> > application directory [/usr/local/tomcat/webapps/bpm-designer]
> > java.lang.IllegalStateException: ContainerBase.addChild: start:
> > org.apache.catalina.LifecycleException: Failed to start component
> >
> >
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
> > at
> >
> >
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:747)
> > at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
> > at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
> > at
> >
> >
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
> > at
> >
> >
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
> > at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> > at
> >
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> > at
> >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> > at java.lang.Thread.run(Thread.java:745)
> > 08-Apr-2020 08:46:13.922 INFO [localhost-startStop-1]
> > org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> > application directory [/usr/local/tomcat/webapps/bpm-designer] has
> finished

Re: Error occurred while upgrading BPM application to Tomcat 8.5.53

[Luis Rodríguez Fernández]

Hello Kushagra,

Regarding the supported platform matrix [1] it looks like the tomcat
version should be Tomcat 8.5.28

Hope it helps,

Luis

[1]
https://docs.alfresco.com/process-services1.10/concepts/supported-platforms.html






El jue., 9 abr. 2020 a las 9:53, Kushagra Bindal ()
escribió:

> Hi,
>
> We are currently using Alfresco APS 1.10.0 version. It is working smoothly
> with 8.5.24 version.
>
> But while upgrading this to Tomcat 8.5.53 we are encountering below error.
>
> 08-Apr-2020 08:46:07.951 WARNING [localhost-startStop-1]
> org.apache.catalina.startup.SetContextPropertiesRule.begin
> [SetContextPropertiesRule]{Context} Setting property 'debug' to '100' did
> not find a matching property.
> 08-Apr-2020 08:46:13.919 SEVERE [localhost-startStop-1]
> org.apache.catalina.core.ContainerBase.addChildInternal
> ContainerBase.addChild: start:
> org.apache.catalina.LifecycleException: Failed to start component
>
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
> at
>
> org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
> at
>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
> at
>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
> at
>
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: More than one fragment with
> the name [spring_web] was found. This is not legal with relative ordering.
> See section 8.2.2 2c of the Servlet specification for details. Consider
> using absolute ordering.
> at
>
> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2200)
> at
>
> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2159)
> at
>
> org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1131)
> at
>
> org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:776)
> at
>
> org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
> at
>
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
> at
>
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5065)
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
> ... 10 more
> 08-Apr-2020 08:46:13.921 SEVERE [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web
> application directory [/usr/local/tomcat/webapps/bpm-designer]
> java.lang.IllegalStateException: ContainerBase.addChild: start:
> org.apache.catalina.LifecycleException: Failed to start component
>
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
> at
>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:747)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
> at
>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
> at
>
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> 08-Apr-2020 08:46:13.922 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> application directory [/usr/local/tomcat/webapps/bpm-designer] has finished
> in [6,051] ms
>
> We explored the same on google and found one solution on stackoverflow :
>
> https://stackoverflow.com/questions/54290263/more-than-one-fragment-with-the-name-spring-web-was-found-this-is-not-legal-w
>
> Now we tried it by setting  in web.xml, but the problem
> persist.
>
> Can someone please suggest the possible solution of this problem.
>
> --
> Regards,
> Kushagra
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

Error occurred while upgrading BPM application to Tomcat 8.5.53

[Kushagra Bindal]

Hi,

We are currently using Alfresco APS 1.10.0 version. It is working smoothly
with 8.5.24 version.

But while upgrading this to Tomcat 8.5.53 we are encountering below error.

08-Apr-2020 08:46:07.951 WARNING [localhost-startStop-1]
org.apache.catalina.startup.SetContextPropertiesRule.begin
[SetContextPropertiesRule]{Context} Setting property 'debug' to '100' did
not find a matching property.
08-Apr-2020 08:46:13.919 SEVERE [localhost-startStop-1]
org.apache.catalina.core.ContainerBase.addChildInternal
ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
at
org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: More than one fragment with
the name [spring_web] was found. This is not legal with relative ordering.
See section 8.2.2 2c of the Servlet specification for details. Consider
using absolute ordering.
at
org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2200)
at
org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2159)
at
org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1131)
at
org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:776)
at
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5065)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
... 10 more
08-Apr-2020 08:46:13.921 SEVERE [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web
application directory [/usr/local/tomcat/webapps/bpm-designer]
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:747)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
08-Apr-2020 08:46:13.922 INFO [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [/usr/local/tomcat/webapps/bpm-designer] has finished
in [6,051] ms

We explored the same on google and found one solution on stackoverflow :
https://stackoverflow.com/questions/54290263/more-than-one-fragment-with-the-name-spring-web-was-found-this-is-not-legal-w

Now we tried it by setting  in web.xml, but the problem
persist.

Can someone please suggest the possible solution of this problem.

-- 
Regards,
Kushagra