Re: Problem with Transfer-Encoding
Hello Users Thanks for all your various input. Terence :- Yes you found the root cause of the issue ,I did same changes in my jsp page and it's worked fine. I was confused with FIREBUG tool but after using HTTPFOX tool it showed me what value going from my browser. Thanks user for your time. On Mon, Jul 7, 2014 at 10:37 PM, Terence M. Bandoian tere...@tmbsw.com wrote: On 7/5/2014 6:36 PM, André Warnier wrote: Sushil Prusty wrote: Dear User Thanks for you input. You're welcome. First, a foreword : I will try my best to help you, but doing this is very difficult, and doing it via email is even more difficult. I was not kidding when I wrote earlier that even looking at the data may make it change. Of course, that is not really true, but the fact of cutting and pasting this data, from your saved HTTPFox trace into an email that you send to the Tomcat list, and then the Tomcat list server forwarding this to other people in a new email, may again decode and re-encode this data several times, and confuse the situation totally. So we need to be very, very systematic, and make sure that what we see is really what we get, ok ? What you should really do, is to save the original HttpFox data to a file, then save that file, then zip that file, then post it somewhere where we can get this zip-file. So that we can download it, unzip it, and then be sure that we are really seeing the same data as you do. In the meantime, a question : I just debugged using HttpFox here is below you find header (Request-Line)POST /test/testUserEditAction.do?dojoIframeSend=true The above request line is triggered by something. By what ? Is that a link or button on a HTML page which is currently loaded in your browser ? If yes, then before you actually click this link, can you in your browser use the View..Character set function, and tells us what the browser thinks about the current page loaded in the browser, before you even send this request to the server ? The reason why I am asking, is that this is the character set which the browser will most probably use to encode the text data that it sends to the server (when you click the link). Then see the note below, in the text. I agree with André about the difficulties of debugging character encodings. A couple of things you might check are the character encodings of the page and the form. The character encoding of the page may be set with the Content-type meta tag: meta http-equiv=Content-type content=text/html;charset=UTF-8/ For the form, I believe the character encoding defaults to the character encoding of the page but may be explicitly set with the accept-charset attribute: form method=post action=action.do accept-charset=utf-8/form Hope that helps. -Terence Bandoian HTTP/1.1 Host** User-AgentMozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Languageen-US,en;q=0.5 Accept-Encodinggzip, deflate Refererhttps://s Action.do?action=loginflashVersion=9.0.47.0 hasCorrectFlashVersion=falseproduct=xyz CookieJSESSIONID=**; doNotShowStartupOnLoad=true Connectionkeep-alive Content-Typemultipart/form-data; boundary=---*** Content-Length4039 In Post body -1550434539176507601876254213 Content-Disposition: form-data; name=disclaimerText Zażółć gęślÄ jaźń! ta funkcjonalność nie jest wspierana The line above may or may not have been further corrupted (compared to the original that you see), by the simple fact of copying this text into your email. But assuming for a moment that it was not, and that it really is what it looks like above, there is some kind of a problem : (You'll have to follow carefully here) If I take the original text line which you posted in your first message : Zażółć gęślą jaźń! ta funkcjonalność nie jest wspierana* and I imagine that internally, this is encoded as UTF-8; Then if I look at that same series of UTF-8 characters, but now examine the *bytes* that compose these characters and view them in ASCII, I should see this : Zażółć gęślÄ… jaźń! ta funkcjonalność nie jest wspierana* But if you compare this carefully, with the string as it appears in your HttpFox trace, you will see that it does not match exactly. For example, look at the last 2 letters of the word funkcjonalność, in both versions. So there appears to be some discrepancy between the character set which your browser is really using (to send data to the server), and the UTF-8 that your server seems to expect. Furthermore (and put this on account of my suspicious nature if you want) : The second part of that message, in Polish, means : This functionality is not supported. Which triggers the question : what kind
Re: Problem with Transfer-Encoding
Dear User Thanks for you input. I just debugged using HttpFox here is below you find header (Request-Line)POST /test/testUserEditAction.do?dojoIframeSend=true HTTP/1.1 Host** User-AgentMozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0 Accepttext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Languageen-US,en;q=0.5 Accept-Encodinggzip, deflate Refererhttps://s Action.do?action=loginflashVersion=9.0.47.0hasCorrectFlashVersion=falseproduct=xyz CookieJSESSIONID=**; doNotShowStartupOnLoad=true Connectionkeep-alive Content-Typemultipart/form-data; boundary=---*** Content-Length4039 In Post body -1550434539176507601876254213 Content-Disposition: form-data; name=disclaimerText ZażóÅÄ gÄÅlÄ jaźÅ! ta funkcjonalnoÅÄ nie jest wspierana -1550434539176507601876254213 I believe psot data got changed before reaching to server . Do you have any ideas what's wrong here, where the error might be ? On Sat, Jul 5, 2014 at 9:08 PM, André Warnier a...@ice-sa.com wrote: Konstantin Kolinko wrote: 2014-07-05 9:24 GMT+04:00 Sushil Prusty sushil.pru...@gmail.com: Hello, summary of my Problem: When a client POSTs Tranfer-Encoding data using browser , my server is not processing the request character encoding properly . I send the following request: Content-Type text/html;charset=UTF-8 Date Sat, 05 Jul 2014 05:10:09 GMT Server Apache-Coyote/1.1 Transfer-Encoding chunked *disclaimerTextZażółć gęślą jaźń! ta funkcjonalność nie jest wspierana* Full details: My application running on apache-tomcat-7.0.40 and Java 1.6.x) in linux box. Below response is changed once it's reach to my controller *ZażóÅÄ gÄÅlÄ jaźÅ! ta funkcjonalnoÅÄ nie jest wspierana* I have below configuration in server.xml Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 maxPostSize=5242880 maxParameterCount=25000/ Connector port=443 protocol=HTTP/1.1 scheme=https noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml,text/javascript, text/css,application/javascript,application/json URIEncoding=UTF-8 / and in my catalina.sh set JAVA_OPTS=-Djavax.servlet.request.encoding=UTF-8 -Dfile.encoding=UTF-8 (...) As a sanity check: 1) That I send the following request listing looks more like a response, not a request. (E.g. the Server Apache-Coyote/1.1 header makes no sense in a request). So you are lying somewhere. There is no point for me to try guessing what you are doing. You may have confused reading with writing somewhere, and without source code one cannot verify your words. You have to provide a step-by-step instruction and enough source code so that a person who is not familiar with your system were able to reproduce your problem. 2) Content-Type says text/html, but that line of text is not a valid HTML document. +1 Character encoding/decoding issues are hell to debug as it is, because they are like quantum physics : even looking at them can change them.(*) So you need to provide *accurate* and raw information, otherwise it is just a loss of time for everyone. Use a browser plugin like HttpFox, LiveHttpHeaders, HttpFox or similar to monitor the requests being sent and responses being received, at the browser level. All these plugins allow you to selectively dump requests/responses to a file. Do that. Also, check in your browser that when you receive a response page back from the server, your browser is really seeing this response in the proper character set (use View.. Character encoding..). Transfer Encoding has nothing to do with the *character encoding* of either the request or the response. The little imprecise data that the OP provided above /suggests/ that there is some double encoding taking place /somewhere/, but so far it could as well be in the email client that he used to post to the list, as anywhere else. (*) with the wrong editor, or the wrong locale e.g. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problem with Transfer-Encoding
Hello, summary of my Problem: When a client POSTs Tranfer-Encoding data using browser , my server is not processing the request character encoding properly . I send the following request: Content-Type text/html;charset=UTF-8 Date Sat, 05 Jul 2014 05:10:09 GMT Server Apache-Coyote/1.1 Transfer-Encoding chunked *disclaimerTextZażółć gęślą jaźń! ta funkcjonalność nie jest wspierana* Full details: My application running on apache-tomcat-7.0.40 and Java 1.6.x) in linux box. Below response is changed once it's reach to my controller *ZażóÅÄ gÄÅlÄ jaźÅ! ta funkcjonalnoÅÄ nie jest wspierana* I have below configuration in server.xml Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 maxPostSize=5242880 maxParameterCount=25000/ Connector port=443 protocol=HTTP/1.1 scheme=https noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml,text/javascript,text/css,application/javascript,application/json URIEncoding=UTF-8 / and in my catalina.sh set JAVA_OPTS=-Djavax.servlet.request.encoding=UTF-8 -Dfile.encoding=UTF-8 I suspect the problem though I'm not sure if this is a Tomcat error or a configuration problem, or a Java-version problem. I searched the Internet for similar problems but could only find either ones where fixed had been introduced into Tomcat 7.x and/or where the problem was with server _response . Do you have any ideas what's wrong here, where the error might be ? Thanks for your help, Sushil
How can i provide clientauth required info in HttpURLConnection
Hi all I have below code which will always throws exception while i am trying to connect because my ClientAuth is true in server.xml of apach/conf.Server.xml. How can i provide clientauth info to below code using Apache api. URL testURL = new URL(https://localhost: 443/app/AppAction.do); HttpURLConnection conn = (HttpURLConnection) testURL.openConnection(); conn.setRequestMethod(HEAD); conn.setInstanceFollowRedirects(false); conn.connect(); Thanks to all in advance.
Re: How can i provide clientauth required info in HttpURLConnection
It's a trustore certificate. On Mon, May 5, 2014 at 10:32 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sushil, On 5/5/14, 12:51 PM, Sushil Prusty wrote: I have below code which will always throws exception while i am trying to connect because my ClientAuth is true in server.xml of apach/conf.Server.xml. How can i provide clientauth info to below code using Apache api. URL testURL = new URL(https://localhost: 443/app/AppAction.do); HttpURLConnection conn = (HttpURLConnection) testURL.openConnection(); conn.setRequestMethod(HEAD); conn.setInstanceFollowRedirects(false); conn.connect(); What kind of client auth do you want to provide? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTZ8QeAAoJEBzwKT+lPKRYdrcP/AxTn2DM1Ny7Y5YSl+ZJy+DM y6sOxoCwxzXZ/PQhTbIZdP+wqA/VUWTvTCgVlIGpsElKG9oK6+sWxany/lFwSRWv ffEh7NppFflN9Vq/XZlrhL7EyyJTC5b9lYK/5yfI3FENbUdOEzrNnzZ8tZRXFZm9 SvfGxoRu1YWiZM6H2B7hGccF3guO0U+tz8I194TRIH74eet4Q/sl8abqqDUv/HCH frvX1slZx3xctyhnL4m0m8nSRIPsKfBd3p1qGUG1pcfOLl0UGQXXzPrzfXeoPybR DPAfcrVhV6tdN8CW61M1sP7Djy3zvHriFjcWWeaxeGrOsMaiTEe4UBtwuGz+lRwC znPicOUcTM8m+F4j2Je7ky5HnY5vIs7rTNz7AR/p4BfRjh6udoS7DugaJwa9kKiN 4iNAZxFGUoAqUqlvbtMjgLeiGlwfLU2Zwiv+rk+sGMSwGSMSHClXNw5AuSS+p02c pet4zbDu6eKAgOP0e93LgJsJGAu/Qk5FEXX9IQ5SEykD04hPZ/AX67hl5z7HLR67 ndtu8ih9slrYhgxoFcjiybT05WikrlXtpxBzTo0fOtN2kWjP0eSY6H4q9vY5d8pr 6Pzd2BHITeNy9HVsUEEF+GFXcsrXkrYaXTviHaADuhLf5TEAZ2XWtraL4DYCq+lu qPuyTKlBNShCZdW3sVmU =EXqd -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to deploy class jar file without restart Apache tomcat 7.0.40 server(Linux OS)
We are running so many application's in Apache tomcat 7.0.40 server .Once i stop my server it will take more then an hour to startup. If i want to deploy a small changes of java file i need to wait more then an hour to server up. SO is there any with out stopping Apache tomcat server java changes will pick up? Thanks in advance.
Re: How to deploy class jar file without restart Apache tomcat 7.0.40 server(Linux OS)
Hi Chuck Thanks, For you reply .Yes i agree tomcat server will be 1 to 2 second to startup,But Once i restart my server so many background task will happen and lot's of task dependent on Network stuff related. If Apache-tomact have a feature like war deployment which is not required to stop and start the server same way in jar deployment it will be more powerful and advantages. On Sat, Feb 1, 2014 at 12:01 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Sushil Prusty [mailto:sushil.pru...@gmail.com] Subject: How to deploy class jar file without restart Apache tomcat 7.0.40 server(Linux OS) We are running so many application's in Apache tomcat 7.0.40 server. Once i stop my server it will take more then an hour to startup. Tomcat itself will restart in one or two seconds on reasonably modern hardware. If you're seeing a startup delay of an hour, it is almost definitely something in your webapp, not Tomcat. You should take thread dumps during that period and find out what's taking so long. In lieu of fixing your webapp, you could try parallel deployment, so you can run both the old and new versions simultaneously. Considerations within your webapp (e.g, needing exclusive use of certain resources) might preclude doing this. http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Parallel_deployment - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to deploy class jar file without restart Apache tomcat 7.0.40 server(Linux OS)
Hi Chris Thanks for your valuable input.But all my application dependent on each other and it's almost 10 year old java based enterprise application. It's not an easy task me to split an application and put into multiple tomact instance. On Sat, Feb 1, 2014 at 12:12 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chuck, On 1/31/14, 1:31 PM, Caldarale, Charles R wrote: From: Sushil Prusty [mailto:sushil.pru...@gmail.com] Subject: How to deploy class jar file without restart Apache tomcat 7.0.40 server(Linux OS) We are running so many application's in Apache tomcat 7.0.40 server. Once i stop my server it will take more then an hour to startup. Tomcat itself will restart in one or two seconds on reasonably modern hardware. If you're seeing a startup delay of an hour, it is almost definitely something in your webapp, not Tomcat. You should take thread dumps during that period and find out what's taking so long. +1 In lieu of fixing your webapp, you could try parallel deployment, so you can run both the old and new versions simultaneously. Considerations within your webapp (e.g, needing exclusive use of certain resources) might preclude doing this. http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Parallel_deployment Another option would be to run multi-instance Tomcat, where you have multiple JVMs, each with a different subset of web applications. If you do that, then you'll probably have a faster startup time plus you won't have to take so many web applications off-line in order to bounce Tomcat if only one application needs an update. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS6+6pAAoJEBzwKT+lPKRYwAAP/3x7yW81iw4aZIzrP7+XJQXl 9INGKHDVlrzKDdQOcrsF2icdWe6rT8hDGdlWiCS6xX7e+DMX6YQFHIXS0jCPxksg cbFVGM+blWJu4PTQdZqgHTiyjIGW0cykJlipIGWqSpculwiHtNiKsQzEDpcwG460 YaWJBQAo9i459N7SUdPFu4HNFx2I+HKrlREm5SZQmIazVJ/3DCFyFtZSolbUD8Qw dJl4VyTaF9MtXiprTAS65wafsIVQATzHD4+rwMZD0KHg32cGEg9pwO6q7YW/hUeZ h+JDNKvVLhU41UdEQEl38pHgB2iFosp4U+Dc/nYXeJ2+LtRvtSFIJv6Hl1D8brjW LZNIkOL3lEg0kbLVUTueYUS7gFmTyxeGr6fObUawC3/o/ut3m7fBRk0jBQWZVbn1 I99RJJvgfNNPLZmsegU1QYiN6raeKBM2o4wiVEB/kXM2q9tYcgIrQi0GSagTfYoa E29mLYfwM2+aFIEM8TjtGSe+vHTxp+V8L5z0x3v2ArqGTd/rDWJAFXQWA3mNllBf 5JT1sDHLhlCwvRpfnNzd2VZ2C0Qyr+tP2DantSO4kUDjGRklnHeFr88SMUOwmph6 unJ7DS4bFRva0+LmHMFgHHpy0Xbp4b5Lrk3XBVmIGT6wjLKdCznTBxsVo51iqnzq A8/rpbCUFLvebqJbV3Ww =w0kL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to deploy class jar file without restart Apache tomcat 7.0.40 server(Linux OS)
Hi Chunk Our web application contains both .war as well as .jar's file. When ever we changes our service layer code it will be in .jar file which also deploying in tomact server. I just want avoid restarting server for changes in .jar file . On Sat, Feb 1, 2014 at 12:22 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chuck, On 1/31/14, 1:47 PM, Caldarale, Charles R wrote: From: Sushil Prusty [mailto:sushil.pru...@gmail.com] Subject: Re: How to deploy class jar file without restart Apache tomcat 7.0.40 server(Linux OS) If Apache-tomact have a feature like war deployment which is not required to stop and start the server same way in jar deployment it will be more powerful and advantages. There's no reason to restart Tomcat just to update a webapp. If you simply replace the .war file, the webapp will be restarted - unless you have explicitly disabled that in your specific configuration. ... and even if you have, you can always use the manager webapp to explicitly reload WAR files (or deploy, undeploy, and redeploy). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS6/DYAAoJEBzwKT+lPKRYpFIP/juB1qiIVLXQ117cz+b/fqMz wKofegpbLr5cngVlvjZTVVGUg64tdj3tTkuvR1Ze5F7U3iiQuWSrg4x5MmVoLGKx tHOZH4HobuUMLt75DMYVC2kwuydCfbwerLE8jmWseh3xhxw1+DI6kHZ3p9gcjTqL cxySDkoVJIlwH2BF7tpFYCNRkTU6oihD4PS241oyIyIjJGQlXhrkx6XlJ1uhci8A ppY+7DN334ec+Od7l/SIjQYoNhjIkZEL3OkVL02zrWmsKXn1iNUy1UhN+knh2e+K pPG9CJhIm+d5seF+21J6JDBkIIkOSL9fnWe/DgvKrujEqMecgRPeDQzEFJmkgo9J 17FwQJ530qJ1BuDbFeuroAzeweZ4psK5m2Tf295LZubHErmNsT7cpESHT+Z/rYeL t0tYRUb8vchMDzZeL8BrPC3uVqy2lNiu1Cjz18xTpgJKRoPYoLiXseO8xGrHpQsM 5URa8eNqbA6qrmYVpTZLxlE/nxj+8aPu3nqiIlD6a3mGzTc+Mun2GetTm4rpeuV2 WjpsDw9rFD5zTrd2c3E+KWbpTpS4NIUwOEpWf3FEObMxMN7yPFUEO4DgzlK4iMZh vYWI5lVOmkB+Wi3Uw4zHMRuvTTbwG6H8v2zEU4Yl9E8VhO+ka4k8/m1Nso1YYkeR W5RmZ4m5cbpGezxN7gwH =3j9V -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
In apache-tomcat-7.0.40 want to set Client auth dynamically
Hi All, In server.xml i need to setup clientauth value dynamically .Is there any java apace api available to set value at runtime or any other alternative option ? Connector clientAuth=false ... Thanks and Regards Sushil Kumar Prusty
Re: Problem with tomcat SSL / HTTPS not working.
HI Prasanth For configuring https you have to create keystore in your java keytool and that you need to coint in your server.xml file . is it corrct one keystoreFile=/etc/tomcat6/.keystore ? where is your keystore password configuration ? On Wed, Sep 11, 2013 at 6:37 PM, Prashant Shinde prashant.shi...@hoonartek.com wrote: Hi I am getting following error when I try with wget OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Unable to establish SSL connection. Thanks Regards, Prashant Shinde Senior Consultant Hoonar Tekwurks Consulting LLP email: prashant.shi...@hoonartek.com | cell: +91 98220 38097| desk: +91 20 4900 5204 -Original Message- From: Prashant Shinde [mailto:prashant.shi...@hoonartek.com] Sent: 11 September 2013 14:44 To: 'Tomcat Users List' Subject: RE: Problem with tomcat SSL / HTTPS not working. Hi We are accessing the URL as https://hostname.co.in:8443 Thanks Regards, Prashant Shinde Senior Consultant Hoonar Tekwurks Consulting LLP email: prashant.shi...@hoonartek.com | cell: +91 98220 38097| desk: +91 20 4900 5204 -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 11 September 2013 13:47 To: Tomcat Users List Subject: Re: Problem with tomcat SSL / HTTPS not working. Prashant Shinde wrote: Hi We are facing problem with Tomcat HTTPS. We are using Apache Tomcat Version 6.0.24. Please find attached server.xml. When we access tomcat URL using https it says Page not Found and otherwise with just http it works fine. Please let us know the possible solution. How *exactly* are you accessing these URLs ? Give us an example of the real URLs which you are using (change the hostname if you want, but not the rest). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
If i configured client certificate at my browser unable to access my web app (Apace Tomcat 7.0.42/CentOs)
Hi All 1)I have configured https to acces my web app . Which is working fine. 2) 2nd i have configured client certificate at my browser (firfox). 3)3rd it's ask me pop message at client side for selecting a certificate. 4)4th once i select a certificate and click ok it will throw below excption Secure Connection Failed An error occurred during a connection to localhost:8443. SSL peer had some unspecified issue with the certificate it received. (Error code: ssl_error_certificate_unknown_alert) Please find server.xml configuration Connector SSLEnabled=true acceptCount=100 clientAuth=want disableUploadTimeout=true enableLookups=false keystoreFile=/LocalDev/software/ssl/server/server.ks keystorePass=password truststoreFile=/LocalDev/software/ssl/server/server.ks truststorePass=password maxThreads=250 port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol scheme=https secure=true sslProtocol=TLS / and in my web.xml file security-constraint web-resource-collection web-resource-namehttps only/web-resource-name url-pattern/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint. NOTE :- IF I REMOVE CLIENT CERTIFICATE FROM BROWSER I CAN ABLE TO ACCESS MY WEB APP THROUGH HTTPS. Please let me know is there any extra configuration required to do in server side to validate client certificate? Please let me know if you want any other information. I have gone thorough all the side but not help full.
Re: If i configured client certificate at my browser unable to access my web app (Apace Tomcat 7.0.42/CentOs)
Hi Chris Sure, I will maintain same thread .Thanks for your input. I just follow below link to generate CA certificate . http://oshogsb.blogspot.in/2007/07/how-to-create-custom-ca-and.html(Whichwill help me te create custom CA certificate using OpenSSL) And i just point those generated file to server.xml file. in step 13. The common name of the client must match a user in Tomcat's user realm (e.g.an entry in conf/tomcat-users.xml) which i missed out. Because of this i am unable to access client certificate? On Wed, Sep 4, 2013 at 5:17 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sushil, Please maintain a single thread when (repeatedly) asking the same questions. On 9/4/13 5:20 AM, Sushil Prusty wrote: Connector SSLEnabled=true acceptCount=100 clientAuth=want disableUploadTimeout=true enableLookups=false keystoreFile=/LocalDev/software/ssl/server/server.ks keystorePass=password truststoreFile=/LocalDev/software/ssl/server/server.ks truststorePass=password maxThreads=250 port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol scheme=https secure=true sslProtocol=TLS / Please let me know is there any extra configuration required to do in server side to validate client certificate? It sounds like you have already configured client certificate validation, but it's not working the way you expected. First off, I usually see configurations where the trust store is separate from the key store. Your keystore should be considered super secret and shouldn't change much. Your trust store, on the other hand, might undergo lots of changes over time to add CA certs, client certs, etc. Second, what do you actually have in your keystore? Since you are using JSSE, your keystore should contain the server's key and certificate, plus any CA certificates and intermediate CA certificates necessary to provide a certificate chain from your server to one the browser trusts (e.g. VeriSign Top-level - VeriSign intermediate - Your cert). What else do you have in there? In order to verify client certificates, you'll need to have either the client certificate itself, or the certificate that signed the client certificate, or a chain similar to the above (e.g. Cert a - Cert b - Cert c - Your client cert). This may be a simple problem of not having the right CA certificate(s) in your trust store. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSJx3RAAoJEBzwKT+lPKRYw9sP+wdGKw7317YDyOKU+OD8eY4O o9FCWwpCmWzURHpkVA8xxPv3h7nR+yGD/banGwU9NhbGOpTri+CV9okiFEipAttT CG+kfi98M46tnjL4SrbRmocQgwTQFBADQhom8Kcr6obUvwkpUaT51jhRfDL7Aw3+ mS/3ZBKpFBrmmHMsRYYsS1+BOsG+AHpZhZso6ErD0qzmtitH9ZFhVPblEPRdZFfs reByDlkeiMGwhqfdQM2PEj53m9uFaLVgN3musZQOb/gZTJ5O0H7SpIg5YWwaFFN+ erC54Qc+2HJ0ejuIx8OYFwzDhGyzaRYY6whc9uzaLhurBQVX2IHxnM3MqWenphXe JC1wkT8ympE1zY4PlFQzGbuAVUaa+HHSNJ4An2RneRamxlDUzIpO0GfH9mK/8tws rJDfKYv01xNXs2Gz4HQKl/nBq8D0/Xj/cUSXvkIfcKVc+VT894anmK7V3GOojjS1 BE9mPLJEg0aN3xptNrS64SUMrFPWDSWBIRzOS1mEthHU4zyNjJFS9Agq+HMKa5kp 2ABYEY6Y0teGeXt4pHFYcACv+tK2+mnKBhzDfVzGYKEz7tzjRk1Fmco5bUnalYLG E/HCnZaKVcr13wOJHOn2DW2tKHsnmsOxLKTB8a06UBGmRhhTn9nQWCcRCESWHtA1 LOQKMPyViSEZsktnh/Oq =eN4a -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to retrieve OCSP Information at server side(In Servlet) Tomact ver 7.0.40/Centos
HI All I want to retrieve OCSP information at server side in servlet . So currently i am using X509Certificate certChain[] = (X509Certificate[]) request.getAttribute(javax.servlet.request.X509Certificate); ans also i have configured below value at /conf/server.xml truststoreFile=/LocalDev/software/ssl/server/server.ks truststorePass=password and clientAuth=want Even though i am unable to retrieve value ,It's giving null. ANy idea is there any extra configuration i need to do at tomcat side?
How to setup httpd in apache tomact 7.0.40/Centos
Unable to start apache tomcat server
Hi all I am using tomcat 7.0.42 and deployed in CentOs . When i start the server i am geting below log in my console . Aug 31, 2013 10:37:59 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /xtd/ser/installation/jdk1.7.0_25/jre/lib/amd64/server:/xtd/ser/installation/jdk1.7.0_25/jre/lib/amd64:/xtd/ser/installation/jdk1.7.0_25/jre/../lib/amd64:/usr/java/jdk1.6.0_45/jre/lib/amd64/server:/usr/java/jdk1.6.0_45/jre/lib/amd64:/usr/java/jdk1.6.0_45/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib Aug 31, 2013 10:37:59 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] Aug 31, 2013 10:37:59 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] Aug 31, 2013 10:37:59 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 730 ms Aug 31, 2013 10:37:59 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina Aug 31, 2013 10:37:59 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.42 Aug 31, 2013 10:38:00 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] Aug 31, 2013 10:38:00 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] Aug 31, 2013 10:38:00 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 370 ms BUT WHEN I AM OPEING THE BROWSER i am geting Unable to connect. I am not sure my server is started or not ? Any body have idea what could be the problem ?
Re: Unable to start apache tomcat server
HI I am using https://localhost:8080. On Sat, Aug 31, 2013 at 11:00 PM, Burghard W.V. Britzke b...@charmides.in-berlin.de wrote: which url did you try? especially which port? tomcat uses port 8080 per default instead of the standard http port 80. Am 31.08.2013 um 19:23 schrieb Sushil Prusty sushil.pru...@gmail.com: Hi all I am using tomcat 7.0.42 and deployed in CentOs . When i start the server i am geting below log in my console . Aug 31, 2013 10:37:59 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /xtd/ser/installation/jdk1.7.0_25/jre/lib/amd64/server:/xtd/ser/installation/jdk1.7.0_25/jre/lib/amd64:/xtd/ser/installation/jdk1.7.0_25/jre/../lib/amd64:/usr/java/jdk1.6.0_45/jre/lib/amd64/server:/usr/java/jdk1.6.0_45/jre/lib/amd64:/usr/java/jdk1.6.0_45/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib Aug 31, 2013 10:37:59 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] Aug 31, 2013 10:37:59 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] Aug 31, 2013 10:37:59 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 730 ms Aug 31, 2013 10:37:59 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina Aug 31, 2013 10:37:59 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.42 Aug 31, 2013 10:38:00 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] Aug 31, 2013 10:38:00 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] Aug 31, 2013 10:38:00 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 370 ms BUT WHEN I AM OPEING THE BROWSER i am geting Unable to connect. I am not sure my server is started or not ? Any body have idea what could be the problem ?
Re: Unable to start apache tomcat server
Hi I am very sorry i am using http://localhost:8080 not https://. I am getting below status when i am opening . HTTP Status 404 - / type Status report message / description The requested resource is not available. Apache Tomcat/7.0.42 On Sat, Aug 31, 2013 at 11:27 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Sushil Prusty [mailto:sushil.pru...@gmail.com] Subject: Re: Unable to start apache tomcat server I am using https://localhost:8080. Use http, not https. If you want to use https, you will need to configure an additional Connector (usually on port 8443), including establishing a server certificate. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start apache tomcat server
Hi Brit/Marc Thanks for your time . Problem got resolved using below url. http://stackoverflow.com/questions/8520267/localhost8080-gives-404-the-requested-resource-is-not-available On Sun, Sep 1, 2013 at 12:08 AM, Burghard W.V. Britzke b...@charmides.in-berlin.de wrote: pardon! the word resource could be confusing - the better expression is web application which is mapped to / so the web application which is mapped to / is missing or is not configured. Am 31.08.2013 um 20:34 schrieb Burghard W.V. Britzke b...@charmides.in-berlin.de: but this means that tomcat is up and running (like Marc stated before). only the resource / is missing. what is the content of your webapps directory? Am 31.08.2013 um 20:03 schrieb Sushil Prusty sushil.pru...@gmail.com: Hi I am very sorry i am using http://localhost:8080 not https://. I am getting below status when i am opening . HTTP Status 404 - / type Status report message / description The requested resource is not available. Apache Tomcat/7.0.42 On Sat, Aug 31, 2013 at 11:27 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Sushil Prusty [mailto:sushil.pru...@gmail.com] Subject: Re: Unable to start apache tomcat server I am using https://localhost:8080. Use http, not https. If you want to use https, you will need to configure an additional Connector (usually on port 8443), including establishing a server certificate. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to start apache tomcat server
Hi Brit/Marc Thanks for your time . Problem got resolved using below url. http://stackoverflow.com/questions/8520267/localhost8080-gives-404-the-requested-resource-is-not-available On Sun, Sep 1, 2013 at 12:08 AM, Burghard W.V. Britzke b...@charmides.in-berlin.de wrote: pardon! the word resource could be confusing - the better expression is web application which is mapped to / so the web application which is mapped to / is missing or is not configured. Am 31.08.2013 um 20:34 schrieb Burghard W.V. Britzke b...@charmides.in-berlin.de: but this means that tomcat is up and running (like Marc stated before). only the resource / is missing. what is the content of your webapps directory? Am 31.08.2013 um 20:03 schrieb Sushil Prusty sushil.pru...@gmail.com: Hi I am very sorry i am using http://localhost:8080 not https://. I am getting below status when i am opening . HTTP Status 404 - / type Status report message / description The requested resource is not available. Apache Tomcat/7.0.42 On Sat, Aug 31, 2013 at 11:27 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Sushil Prusty [mailto:sushil.pru...@gmail.com] Subject: Re: Unable to start apache tomcat server I am using https://localhost:8080. Use http, not https. If you want to use https, you will need to configure an additional Connector (usually on port 8443), including establishing a server certificate. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: (MY Tomcat version :- 7.0.40 and deployed on CentOS
Hi Chris Thanks to show me a light in black dark room. Please just look below work flow and requirement. Before login to my web application, i need to swap data card to access my web application. So data card should be certified by OCSP instead CRL. My java based web application is deployed on apache tomcat 7.0.40 ,so i think i need to integrate OCSP some where in apache tomcat to certify my application? Or do you i need to write any external java program to interact with ocsp responder ? Is there any java api for provided by apache? On Fri, Aug 30, 2013 at 12:34 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sushil, On 8/29/13 2:38 AM, Sushil Prusty wrote: I need to configure OCSP in tomcat for my project and need to test through client browser . I searched every where in all search engine but unable to find out . Please help out on How can we configure OCSP in tomcat. The Tomcat native library must be built with OCSP support built-in or not (it's not runtime selectable). If you want to build with OCSP support, you'll want to use the --enable-ocsp switch when running configure before compiling. Are you using a package managed by RedHat, or did you build tcnative yourself? If you aren't using tcnative -- that is, you are using BIO or NIO connector -- you might just have to set a system property. See these references: http://security.stackexchange.com/questions/33451/does-javas-implementation-of-ocsp-and-crl-checking-handle-intermediate-cas and http://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html#AppC - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSH5tLAAoJEBzwKT+lPKRYVkQP/2sVzBz76gK3NJMZ6BJfL9Vs DUycZGhVfLjZaV/scyYiQfUZkH8Fb6twUjvqMASysOMgeOhiKn3k5dLOvRb8Qc1N EPhCsHhgEL/wd2uii3NFX/qsNPi+gEX+Tq/IPNj01LX2RAvkhSdOZgUSmNAYWLP9 RsT7I8KKJ44ddrntuIg518+qcBBsfAGW1BZiEp3rNEQzLTYOc8rJkoXRO6Ggjj65 78OtbaiQljW4/QhJ6KLvldOM+3WEuJTLGZBYW1FavFOVYEBVx/4P+FqFfKxs9Kvu s23psmTgjm604PCVCZDwGxNK+ncLOWjMLfpjbNFLw0/CUdEWsfLbKw6Q5OggKC6H Nsq9SRabpDH7oEqNZIWqTlLp3iuiKC8RsoFBz0C0XbgZv+0xWMqy7xtmzJAimSJe 50Fg/DRfSlpSmytnWwreVkZmvVlTc1FFyxo4WElD8b+GTFAsLeRAr0BxFrjI5UYw YTTQvVZivUg5ZnitnQDuEO36s0kV1AEkfPMoWl0A3C/IxDcSYbW454x0+hc69QhB 6RyQIgmA8wwkLAeiq1cA8fbmlSlVee4lqCkNCrD3OHDEBLoHArz3h0zd2Fsf0Woa lKZmPw14PSOw4P3AAtSbx/uRKtAobJrjzOviyKL5XvPeD/qQ6HXyK8JeXWhFLUyf FQ53mHbgx3/0KbVvMCjD =ebjb -END PGP SIGNATURE-
(MY Tomcat version :- 7.0.40 and deployed on CentOS)I need to configure OCSP in tomcat for my project and need to test through client browser .
(MY Tomcat version :- 7.0.40 and deployed on CentOS
Hi I need to configure OCSP in tomcat for my project and need to test through client browser . I searched every where in all search engine but unable to find out . Please help out on How can we configure OCSP in tomcat. Thanks and Regards Sushil Kumar Prusty