AW: JTA transactions support in Tomcat 9 !!

2022-12-14 Thread Thomas Hoffmann (Speed4Trade GmbH) 
Hello,

> -Ursprüngliche Nachricht-
> Von: dineshk 
> Gesendet: Donnerstag, 15. Dezember 2022 06:19
> An: Tomcat Users List 
> Betreff: JTA transactions support in Tomcat 9 !!
> 
> Hi ,
> Could anybody provide the information if JTA transactions are supported or not
> in Tomcat 9.X. If not , is there any way to achieve the JTA transactions ? We 
> are
> using hibernate for our persistence layer. RegardsDinesh

JTA is part of Jakarta EE / Java EE. 
This is not a part Tomcat covers. You need to use Hibernate or Eclipselink 
which implements this standard.
Only the version must match to Tomcat. Like for Jakarta EE you need Tomcat 10 
or above.
This site should answer your question:
https://tomcat.apache.org/whichversion.html

Greetings,
Thomas

JTA transactions support in Tomcat 9 !!

2022-12-14 Thread dineshk 
Hi ,
Could anybody provide the information if JTA transactions are supported or not 
in Tomcat 9.X. If not , is there any way to achieve the JTA transactions ? We 
are using hibernate for our persistence layer. 
RegardsDinesh

Hostheader attack vulnerability

2022-12-14 Thread Ragavendhiran Bhiman (rabhiman) 
Hi All,

I am facing one issue related to host header manipulation changing the host 
header is chaning the url itself. This attack is done via the burp suite tool. 
I have copied the current configuration here as you could see the default 
hostname is defined and apBase is provided.

The attack is happening only before the admin login page. Any pages displayed 
after the login the host header manipulation is not happening. Kindly advise me 
how to fix this problem from apache side.

Re: Embedded Tomcat 9.0.x Classpath Modification Migrating From Java 8 to 17

2022-12-14 Thread Mark Thomas 

On 14/12/2022 03:20, Tim N wrote:

I'm currently using embedded Tomcat 9.0.68 and have encountered the
infamous compatibility issue with ClassLoader.getSystemClassLoader when
upgrading from Java 8 to Java 17.
See
https://stackoverflow.com/questions/46694600/java-9-compatability-issue-with-classloader-getsystemclassloader
for a good summary.


The custom class loader approach described in one of the answers is a 
viable option.



Is it possible to utilise and modify the Tomcat classloader hierarchy for
embedded Tomcat to add to the classpath, specifically:
  - Add some shared libraries as done with the 'shared.loader' for Tomcat
for production and development environments


No. The same class loader hierarchy isn't constructed when running in 
embedded mode.



  - Add another module's classes to the classpath for a web-app for
development environment only (e.g. add "../sub-module/target/classes" to
classpath)


Yes. Each web application still retains its own class loader. You 
configure the web application resources to map static resources, JARs 
and/or directories of classes to the right place in your web app.


For example (totally untested but should give you the idea):

Tomcat tomcat = new Tomcat();
Context context = tomcat.addContext("", "/some/path");
WebResourceRoot root = context.getResources();
DirResourceSet extraJARs = new DirResourceSet(root,
"/WEB-INF/lib", "/path/to/extra/jars", "");
root.addPostResources(extraJARs);


In Java 8 I can achieve this by calling 'addURL' on 'URLClassLoader', but
that is no longer possible in Java 9+.

Is there any official documentation for this?


The docs for configuring this in context.xml are here:

https://tomcat.apache.org/tomcat-9.0-doc/config/resources.html

Javadoc for doing it directly is here:

https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/catalina/webresources/package-summary.html

HTH,

Mark




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org