Re: Again with the missing headers

[Brian Wolfe]

So i'm not too familiar with tomcat 9. However, I did notice that
maxHttpHeaderSize
default is supposed to be 8KB in 9. That is set on the connector. Which
affects both request and response headers.

https://tomcat.apache.org/tomcat-9.0-doc/config/http.html

Did you try that?

If i'm not mistaken about a stream of content. the response headers should
be the first thing that is received by the client. Then the body can be
split and transmitted along the connection.

On Sat, Apr 10, 2021 at 10:06 PM Rob Sargent  wrote:

> I saw this mentioned a couple years ago, on tomcat 7, but don't see
> anything recent on this topic and I'm using 9.0.43.  Of 59 separate
> requests to same servlet three repeatedly do not have the header entry
> added by the servlet to the response.  The remaining 56 all have the
> header/value.  The three consistently lose the header.
>
> Size matters?  The 56 which succeed are on average 203 units in payload
> size while the bad boys are 7K,10K,13K units. (And I'm guessing about
> 100 bytes per unit)
>
> The clients streams the payload from the response, and I've tried
> getting the header both before and after the stream has been read.
>
> Any clues as to where the missing header goes?  Does the servlet not
> send it or is it in some /other/ response?
>
> Thanks,
> rjs
>
>

-- 
Thanks,
Brian Wolfe
https://www.linkedin.com/in/brian-wolfe-3136425a/

Again with the missing headers

[Rob Sargent]

I saw this mentioned a couple years ago, on tomcat 7, but don't see 
anything recent on this topic and I'm using 9.0.43.  Of 59 separate 
requests to same servlet three repeatedly do not have the header entry 
added by the servlet to the response.  The remaining 56 all have the 
header/value.  The three consistently lose the header.


Size matters?  The 56 which succeed are on average 203 units in payload 
size while the bad boys are 7K,10K,13K units. (And I'm guessing about 
100 bytes per unit)


The clients streams the payload from the response, and I've tried 
getting the header both before and after the stream has been read.


Any clues as to where the missing header goes?  Does the servlet not 
send it or is it in some /other/ response?


Thanks,
rjs

Re: version change failure

[dana whitelow]

 
 Thanks. I used  the migration tool.  
The problem is still there. 
I believe this simple *.nix shell script can do a better job
 grep -RiIl 'javax' | xargs sed -i 's/javax/jakarta/g'

Quick grep explanation:

    -R - recursive search
    -i - case-insensitive
    -I - skip binary files (you want text, right?)
    -l - print a simple list as output. Needed for the other commands



danawhite...@aol.com
 
 
-Original Message-
From: Усманов Азат Анварович 
To: Tomcat Users List ; dana whitelow 

Sent: Sat, 10 Apr 2021 20:59
Subject: RE: version change failure

#yiv8603607814 P {margin-top:0;margin-bottom:0;}Dana, Please see the migration 
-guide  (https://tomcat.apache.org/migration-10.html)  here is a quote from it "
Apache Tomcat 10 supports the Jakarta Servlet 5.0, Jakarta Server Pages 3.0, 
Jakarta Expression Language 4.0, JakartaWebSocket 2.0 and Jakarta 
Authentication 2.0 specifications.There is a significant breaking change 
between Tomcat 9.0.x and Tomcat 10.0.x. The Java package used by the 
specification APIs has changed from javax... to jakarta It will be 
necessary to recompile web applications against the new APIs. Alternatively, 
users can convert an existing WAR file from Java EE 8 to Jakarta EE 9 using the 
Apache Tomcat migration tool for Jakarta EE."
С уважением,Азат Усманов 
Отдел разработки программного обеспечения
Казанский инновационный университет имени В.Г.Тимирясова 

От: dana whitelow 
Отправлено: 10 апреля 2021 г. 22:08
Кому: users@tomcat.apache.org 
Тема: version change failure Hi ,
I changed tomcat version
from
8.5.38
to
10.0.5
 
The setup was running without web.xml and it was picking up index.jsp 
automatically
but with the new version there is a connection refused error.
 
what has changed  ?
 
Thanks
 
danawhite...@aol.com

RE: version change failure

[Усманов Азат Анварович]

Dana, Please see the migration -guide  
(https://tomcat.apache.org/migration-10.html)  here is a quote from it "


Apache Tomcat 10 supports the Jakarta Servlet 5.0, Jakarta Server Pages 3.0, 
Jakarta Expression Language 4.0, JakartaWebSocket 2.0 and Jakarta 
Authentication 2.0 
specifications.

There is a significant breaking change between Tomcat 9.0.x and Tomcat 10.0.x. 
The Java package used by the specification APIs has changed from javax... to 
jakarta It will be necessary to recompile web applications against the new 
APIs. Alternatively, users can convert an existing WAR file from Java EE 8 to 
Jakarta EE 9 using the Apache Tomcat migration tool for Jakarta 
EE."

С уважением,
Азат Усманов
Отдел разработки программного обеспечения
Казанский инновационный университет имени В.Г.Тимирясова


От: dana whitelow 
Отправлено: 10 апреля 2021 г. 22:08
Кому: users@tomcat.apache.org 
Тема: version change failure

Hi ,
I changed tomcat version
from
8.5.38
to
10.0.5

The setup was running without web.xml and it was picking up index.jsp 
automatically
but with the new version there is a connection refused error.

what has changed  ?

Thanks

danawhite...@aol.com

version change failure

[dana whitelow]

 Hi ,
I changed tomcat version
from
8.5.38
to
10.0.5
 
The setup was running without web.xml and it was picking up index.jsp 
automatically
but with the new version there is a connection refused error.
 
what has changed  ?
 
Thanks
 
danawhite...@aol.com

Question ad distributing non-Java-binaries with a webapp ...

[Rony G. Flatscher (Apache)]

Is it possible to place and use binaries (including shared libraries) in a 
webapp? Very much like
supplying jars to the "lib"-directory?

Use case: if possible, I would like to create a webapp that includes non-Java 
binaries (executable,
image and shared libraries) that get interfaced with via JNI.

If this is possible then how so? Any pointers/hints would be highly appreciated!

---rony



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat, maybe Apache on Widows 10

[Felix Schumacher]

Am 09.04.21 um 22:31 schrieb Orendt, John:
> Hi
>
> My goal is to set up a web server on Windows 10 that supports TLSv1.3 with 
> mutual authentication.
>
> I have had success with Apache on Ubuntu 20.04. I was able to generate the 
> server and client x509 leaf certs which apache validates up the chain of 
> trust and actually does refuse the connection if a client cert has been 
> revoked. Very nice.
>
> Also, Apache provides these useful environmental variables like REMOTE_ADDR, 
> SSL_CLIENT_VERIFY, SSL_CLIENT_S_DN, and SSL_PROTOCOL.
>
> I'm using ProxyPass, ProxyPassReverse as a connector to Tomcat 9.
>
> Unfortunately, these env vars do not get through to Tomcat 9.

Can you give us more details, what you already tried?

If you want to use those Header variables, you will have to enable the
SSL Valve in Tomcat. The valve is described at
http://tomcat.apache.org/tomcat-10.0-doc/config/valve.html#SSL_Valve

You might want to combine that with the Remote IP Valve
(http://tomcat.apache.org/tomcat-10.0-doc/config/valve.html#Remote_IP_Valve)
and watch out to only accept connections from the httpd and not any
other clients (as you have to trust the values in the header fields
Tomcat will use).

>
> For other reasons, related to TPM, I need to get this to work on Windows 10.
>
> So far, my best three options are :
>
>
>   1.  Use Tomcat 9 standalone and configure TLSv1.3
>   2.  Use Tomcat 10 standalone and configure TLSv1.3
>   3.  Use Apache2 and Tomcat and find a work around to get the environmental 
> variables To Tomcat
>
> For configuring TLS on Tomcat 9 or 10, a working example would be useful.
Which parts are missing on
http://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html ?
>
> Will standalone Tomcat validate certs up the chain of trust and actually  
> refuse the connection if a client cert has been revoked?

I think it should. But it is always a good idea to test it yourself :)

Felix

>
> Please advise.
>
> John Orendt
> john.p.ore...@medtronic.com
> [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is 
> proprietary to Medtronic and is intended for use only by the individual or 
> entity to which it is addressed, and may contain information that is private, 
> privileged, confidential or exempt from disclosure under applicable law. If 
> you are not the intended recipient or it appears that this mail has been 
> forwarded to you without proper authority, you are notified that any use or 
> dissemination of this information in any manner is strictly prohibited. In 
> such cases, please delete this mail from your records. To view this notice in 
> other languages you can either select the following link or manually copy and 
> paste the link into the address bar of a web browser: 
> http://emaildisclaimer.medtronic.com
>



OpenPGP_signature
Description: OpenPGP digital signature