subject:"A question."

RE: Write listener question

2024-05-30 Thread joan.balaguero

Trying to simplify the code was a mistake ...

private static final int WRITE_BUFFER_SIZE = 8 * 1024;  <-- with 32K fails on 
this client
 
 private final AsyncContext ac;
 private final ServletResponse sr;
 private ServletOutputStream os;
 private boolean firstTime = true;
 private byte[] response;
 private int responseSize, startIdx, endIdx;
 
 // Constructor
 public WriteListenerImpl(AsyncContext ac, byte[] response) {
  this.ac = ac;
  this.sr = this.ac.getResponse();
  this.response = response;
 }
 
 @Override
 public void onWritePossible() throws IOException
 {
   // If this is the first time we call 'onWritePossible' ...
   if (this.firstTime) {
this.firstTime = false;
this.os = this.sr.getOutputStream();

this.responseSize = this.response.length;
this.startIdx = 0;
this.endIdx = Math.min(this.responseSize, WRITE_BUFFER_SIZE);
   }
   
   // And write the 'response'.
   while (this.startIdx < this.endIdx && this.os.isReady()) {
 this.os.write(this.response, this.startIdx, this.endIdx - this.startIdx);

 this.startIdx = this.endIdx;
 this.endIdx += WRITE_BUFFER_SIZE;
 if (this.endIdx > this.responseSize) this.endIdx = this.responseSize;
   }

   // Just perform the 'postProcess' when response writing is finished (start 
== end)
   if (this.startIdx == this.endIdx) {
this.postProcess(null);
   }
 }
 
  @Override
 public void onError(Throwable t) {
  this.postProcess(t);
 }
 
 private void postProcess(Throwable t) {
  this.ac.complete();
  
  if (t != null) {
   t.printStackeTrace();
  }
 }

-Original Message-
From: Chuck Caldarale  
Sent: Thursday, May 30, 2024 8:01 PM
To: Tomcat Users List 
Subject: Re: Write listener question


> On May 30, 2024, at 12:53,  
>  wrote:
> 
> isFirst is initialized to 'true' when the class is instantiated, so 
> that piece of code is just executed the first time the execution enters the '
> onWritePossible' method. Later, within the same 'if', 'isFirst' is set 
> to false, (not shown in the code, sorry)


If you don’t show us all of the code, then it’s rather difficult to answer your 
question about the implementation being correct.


> Perhaps this one client has a slow network, so isReady() returns false 
> in that environment, but not in other ones.
> --> And how can this be solved?


The slow network possibility was based on the assumption that isFirst was never 
cleared, since that’s what you presented.

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Write listener question

2024-05-30 Thread Chuck Caldarale



> On May 30, 2024, at 12:53,  
>  wrote:
> 
> isFirst is initialized to 'true' when the class is instantiated, so that
> piece of code is just executed the first time the execution enters the '
> onWritePossible' method. Later, within the same 'if', 'isFirst' is set to
> false, (not shown in the code, sorry)


If you don’t show us all of the code, then it’s rather difficult to answer your 
question about the implementation being correct.


> Perhaps this one client has a slow network, so isReady() returns false in
> that environment, but not in other ones.
> --> And how can this be solved?


The slow network possibility was based on the assumption that isFirst was never 
cleared, since that’s what you presented.

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Write listener question

2024-05-30 Thread joan.balaguero

Hi Chuck,

isFirst is initialized to 'true' when the class is instantiated, so that
piece of code is just executed the first time the execution enters the '
onWritePossible' method. Later, within the same 'if', 'isFirst' is set to
false, (not shown in the code, sorry)

Perhaps this one client has a slow network, so isReady() returns false in
that environment, but not in other ones.
--> And how can this be solved?  I mean, no one wants to have a piece of
code that works fine just depending on the network speed. The point is the
whole response is returned back (until the last byte), but not in the
correct order. The responses are xml, so some documents cannot be parsed
correctly, that 's why the alert was thrown on the client side.

This is just a sample, but it's like instead of receiving this:


.
...



The client is receiving this:   



...

el>.


It's like a chunk is received in wrong order.

Thanks!

Joan.

-Original Message-
From: Chuck Caldarale  
Sent: Thursday, May 30, 2024 7:27 PM
To: Tomcat Users List 
Subject: Re: Write listener question


> On May 30, 2024, at 08:47, 
 wrote:
> 
> I have a NIO connector with an asynchronous servlet with its write
listener (working in both tomcat 8.5 and tomcat 10.1.20).
> 
> @Override
> public void onWritePossible() throws IOException {
> 
>  if (this.isFirst) {
>this.os = this.asyncContext.getResponse().getOutputStream();
>this.startIdx = 0;
>this.endIdx = WRITE_BUFFER_SIZE;
>  }


Is there any logic somewhere to clear isFirst? If not, the start and end
indices will be reset every time this method is called should os.isReady()
returns false.


> while (this.startIdx < this.endIdx && this.os.isReady()) {
> this.os.write(this.response, this.startIdx, this.endIdx - 
> this.startIdx);
> 
> this.startIdx = this.endIdx;
> this.endIdx += WRITE_BUFFER_SIZE;
> if (this.endIdx > this.response.length) this.endIdx = 
> this.response.length;  }
> 
>  if (this.startIdx == this.endIdx) {
>this.ac.complete();
>  }
> }
> 
> Only when the response to return is bigger than 32K then:
> 1. Writing the response in chunks of WRITE_BUFFER_SIZE  = 32K, sometimes
our client receives the response in wrong order (complete, all bytes
written, but in different order).
> 2. Setting a WRITE_BUFFER_SIZE  = 8K seems to fix this issue.
> 
> But it's weird, this is only happening in this client, we have other
installations returning responses of megabytes with no issues.


Perhaps this one client has a slow network, so isReady() returns false in
that environment, but not in other ones.

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Write listener question

2024-05-30 Thread Chuck Caldarale



> On May 30, 2024, at 08:47,  
>  wrote:
> 
> I have a NIO connector with an asynchronous servlet with its write listener 
> (working in both tomcat 8.5 and tomcat 10.1.20).
> 
> @Override
> public void onWritePossible() throws IOException {
> 
>  if (this.isFirst) {
>this.os = this.asyncContext.getResponse().getOutputStream();
>this.startIdx = 0;
>this.endIdx = WRITE_BUFFER_SIZE;
>  }


Is there any logic somewhere to clear isFirst? If not, the start and end 
indices will be reset every time this method is called should os.isReady() 
returns false.


> while (this.startIdx < this.endIdx && this.os.isReady()) {
> this.os.write(this.response, this.startIdx, this.endIdx - this.startIdx);
> 
> this.startIdx = this.endIdx;
> this.endIdx += WRITE_BUFFER_SIZE;
> if (this.endIdx > this.response.length) this.endIdx = 
> this.response.length;
>  }
> 
>  if (this.startIdx == this.endIdx) {
>this.ac.complete();
>  }
> }
> 
> Only when the response to return is bigger than 32K then:
> 1. Writing the response in chunks of WRITE_BUFFER_SIZE  = 32K, sometimes our 
> client receives the response in wrong order (complete, all bytes written, but 
> in different order).
> 2. Setting a WRITE_BUFFER_SIZE  = 8K seems to fix this issue.
> 
> But it's weird, this is only happening in this client, we have other 
> installations returning responses of megabytes with no issues.


Perhaps this one client has a slow network, so isReady() returns false in that 
environment, but not in other ones.

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Write listener question

2024-05-30 Thread joan.balaguero

Hello,

Sorry for the previous mail ...

I have a NIO connector with an asynchronous servlet with its write listener 
(working in both tomcat 8.5 and tomcat 10.1.20).

@Override
 public void onWritePossible() throws IOException {

  if (this.isFirst) {
this.os = this.asyncContext.getResponse().getOutputStream();
this.startIdx = 0;
this.endIdx = WRITE_BUFFER_SIZE;
  }
 
 while (this.startIdx < this.endIdx && this.os.isReady()) {
 this.os.write(this.response, this.startIdx, this.endIdx - this.startIdx);

 this.startIdx = this.endIdx;
 this.endIdx += WRITE_BUFFER_SIZE;
 if (this.endIdx > this.response.length) this.endIdx = this.response.length;
  }

  if (this.startIdx == this.endIdx) {
this.ac.complete();
  }
}

Only when the response to return is bigger than 32K then:
1. Writing the response in chunks of WRITE_BUFFER_SIZE  = 32K, sometimes our 
client receives the response in wrong order (complete, all bytes written, but 
in different order).
2. Setting a WRITE_BUFFER_SIZE  = 8K seems to fix this issue.

But it's weird, this is only happening in this client, we have other 
installations returning responses of megabytes with no issues.

So just a couple of questions:

1. Do you think the implementation of the onWritePossible method above is 
correct?
2. Is it worth to provide a buffered implementation of the ServletOuputStream 
to write the response?


Thanks,

Joan.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Write listener question

2024-05-30 Thread Christopher Schultz


Joan,

Please don't hijack threads. Start a new message to the list without 
replying to an existing one.


-chris

On 5/30/24 06:03, joan.balagu...@ventusproxy.com wrote:

Sorry, this issue happens with both Tomcat 8.5.x and 10.1.x.

-Original Message-
From: joan.balagu...@ventusproxy.com 
Sent: Thursday, May 30, 2024 11:57 AM
To: 'Tomcat Users List' 
Subject: Write listener question

Hello,

I have a NIO connector with an asynchronous servlet with its write listener.

@Override
  public void onWritePossible() throws IOException {

   if (this.isFirst) {
 this.os = this.asyncContext.getResponse().getOutputStream();
 this.startIdx = 0;
 this.endIdx = WRITE_BUFFER_SIZE;
   }
  
  while (this.startIdx < this.endIdx && this.os.isReady()) {

  this.os.write(this.response, this.startIdx, this.endIdx - this.startIdx);

  this.startIdx = this.endIdx;
  this.endIdx += WRITE_BUFFER_SIZE;
  if (this.endIdx > this.response.length) this.endIdx = 
this.response.length;
   }

   if (this.startIdx == this.endIdx) {
 this.ac.complete();
   }
}

Only when the response to return is bigger than 32K then:
1. Writing the response in chunks of WRITE_BUFFER_SIZE  = 32K, sometimes our 
client receives the response in wrong order (complete, all bytes written, but 
in different order).
2. Setting a WRITE_BUFFER_SIZE  = 8K seems to fix this issue.

But it's weird, this is only happening in this client, we have other 
installations returning responses of megabytes with no issues.

So just a couple of questions:

1. Do you think the implementation of the onWritePossible method above is 
correct?
2. Is it worth to provide a buffered implementation of the ServletOuputStream 
to write the response?


Thanks,

Joan.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Write listener question

2024-05-30 Thread joan.balaguero

Sorry, this issue happens with both Tomcat 8.5.x and 10.1.x.

-Original Message-
From: joan.balagu...@ventusproxy.com  
Sent: Thursday, May 30, 2024 11:57 AM
To: 'Tomcat Users List' 
Subject: Write listener question

Hello,

I have a NIO connector with an asynchronous servlet with its write listener.

@Override
 public void onWritePossible() throws IOException {

  if (this.isFirst) {
this.os = this.asyncContext.getResponse().getOutputStream();
this.startIdx = 0;
this.endIdx = WRITE_BUFFER_SIZE;
  }

 while (this.startIdx < this.endIdx && this.os.isReady()) {
 this.os.write(this.response, this.startIdx, this.endIdx - this.startIdx);

 this.startIdx = this.endIdx;
 this.endIdx += WRITE_BUFFER_SIZE;
 if (this.endIdx > this.response.length) this.endIdx = this.response.length;
  }

  if (this.startIdx == this.endIdx) {
this.ac.complete();
  }
}

Only when the response to return is bigger than 32K then:
1. Writing the response in chunks of WRITE_BUFFER_SIZE  = 32K, sometimes our 
client receives the response in wrong order (complete, all bytes written, but 
in different order).
2. Setting a WRITE_BUFFER_SIZE  = 8K seems to fix this issue.

But it's weird, this is only happening in this client, we have other 
installations returning responses of megabytes with no issues.

So just a couple of questions:

1. Do you think the implementation of the onWritePossible method above is 
correct?
2. Is it worth to provide a buffered implementation of the ServletOuputStream 
to write the response?

Thanks,

Joan.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Write listener question

2024-05-30 Thread joan.balaguero

Hello,

I have a NIO connector with an asynchronous servlet with its write listener.

@Override
 public void onWritePossible() throws IOException {

  if (this.isFirst) {
this.os = this.asyncContext.getResponse().getOutputStream();
this.startIdx = 0;
this.endIdx = WRITE_BUFFER_SIZE;
  }
 
 while (this.startIdx < this.endIdx && this.os.isReady()) {
 this.os.write(this.response, this.startIdx, this.endIdx - this.startIdx);

 this.startIdx = this.endIdx;
 this.endIdx += WRITE_BUFFER_SIZE;
 if (this.endIdx > this.response.length) this.endIdx = this.response.length;
  }

  if (this.startIdx == this.endIdx) {
this.ac.complete();
  }
}

Only when the response to return is bigger than 32K then:
1. Writing the response in chunks of WRITE_BUFFER_SIZE  = 32K, sometimes our 
client receives the response in wrong order (complete, all bytes written, but 
in different order).
2. Setting a WRITE_BUFFER_SIZE  = 8K seems to fix this issue.

But it's weird, this is only happening in this client, we have other 
installations returning responses of megabytes with no issues.

So just a couple of questions:

1. Do you think the implementation of the onWritePossible method above is 
correct?
2. Is it worth to provide a buffered implementation of the ServletOuputStream 
to write the response?


Thanks,

Joan.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question on the ErrorReportValve

2024-04-18 Thread Christopher Schultz


Jon,

On 4/17/24 13:26, Mcalexander, Jon J. wrote:

Thank you. The documentation makes it somewhat confusing because it
starts out that a Valve can exist in Engine, Host, and Context
Containers, and then in the subsequent valve list is the
ErrorReportValve, but it doesn’t make it clear as to where it can go.
If we put one in the Engine container, does it then also cover the
Host containers since If you are willing to write-up a documentation patch, we can commit it 
for you.


-chris


From: Konstantin Kolinko 
Sent: Wednesday, April 17, 2024 10:44 AM
To: Tomcat Users List 
Subject: Re: Question on the ErrorReportValve

пн, 15 апр. 2024 г. в 19: 37, Mcalexander, Jon J. : > > Hi all! > Quick question on the ErrorReportValve and location within 
the server. xml file. I know that typically this would be inside


пн, 15 апр. 2024 г. в 19:37, Mcalexander, Jon J.

mailto:jonmcalexan...@wellsfargo.com.invalid>>:






Hi all!



Quick question on the ErrorReportValve and location within the server.xml file. I know that 
typically this would be inside the  element, but if you have Multiple 
 elements, do you add the valve to each Host section, or can it be placed at the 
Engine or even Server level?




Unlikely.



A Valve is expected to be in a certain place on the request processing pipeline.



Note that a Host has an attribute named errorReportValveClass. If you

do not specify a Valve explicitly, a default one will be created.



Best regards,

Konstantin Kolinko



-

To unsubscribe, e-mail: 
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>

For additional commands, e-mail: 
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question on the ErrorReportValve

2024-04-17 Thread Mcalexander, Jon J.

Thank you. The documentation makes it somewhat confusing because it starts out 
that a Valve can exist in Engine, Host, and Context Containers, and then in the 
subsequent valve list is the ErrorReportValve, but it doesn’t make it clear as 
to where it can go. If we put one in the Engine container, does it then also 
cover the Host containers since mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

From: Konstantin Kolinko 
Sent: Wednesday, April 17, 2024 10:44 AM
To: Tomcat Users List 
Subject: Re: Question on the ErrorReportValve

пн, 15 апр. 2024 г. в 19: 37, Mcalexander, Jon J. : > > Hi all! > Quick question on the ErrorReportValve and 
location within the server. xml file. I know that typically this would be inside


пн, 15 апр. 2024 г. в 19:37, Mcalexander, Jon J.

mailto:jonmcalexan...@wellsfargo.com.invalid>>:

>

> Hi all!

> Quick question on the ErrorReportValve and location within the server.xml 
> file. I know that typically this would be inside the  
> element, but if you have Multiple  elements, do you add the valve to 
> each Host section, or can it be placed at the Engine or even Server level?



Unlikely.



A Valve is expected to be in a certain place on the request processing pipeline.



Note that a Host has an attribute named errorReportValveClass. If you

do not specify a Valve explicitly, a default one will be created.



Best regards,

Konstantin Kolinko



-

To unsubscribe, e-mail: 
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>

For additional commands, e-mail: 
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>

Re: Question on the ErrorReportValve

2024-04-17 Thread Konstantin Kolinko

пн, 15 апр. 2024 г. в 19:37, Mcalexander, Jon J.
:
>
> Hi all!
> Quick question on the ErrorReportValve and location within the server.xml 
> file. I know that typically this would be inside the  
> element, but if you have Multiple  elements, do you add the valve to 
> each Host section, or can it be placed at the Engine or even Server level?

Unlikely.

A Valve is expected to be in a certain place on the request processing pipeline.

Note that a Host has an attribute named errorReportValveClass. If you
do not specify a Valve explicitly, a default one will be created.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question on the ErrorReportValve

2024-04-15 Thread Mcalexander, Jon J.

Thanks Chris.

Yes, it’s probably academic, but I was mainly looking for opinions from the 
true “experts” out there. 

When I get free time to do so, I’ll play around with it.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

From: Christopher Schultz 
Sent: Monday, April 15, 2024 12:26 PM
To: Tomcat Users List ; Mcalexander, Jon J. 

Subject: Re: Question on the ErrorReportValve

Jon, On 4/15/24 12: 36, Mcalexander, Jon J. wrote: > Quick question on the 
ErrorReportValve and location within the server. xml file. I know that 
typically this would be inside the  element, but if you have 
Multiple

Jon,

On 4/15/24 12:36, Mcalexander, Jon J. wrote:

> Quick question on the ErrorReportValve and location within the server.xml 
> file. I know that typically this would be inside the  
> element, but if you have Multiple  elements, do you add the valve to 
> each Host section, or can it be placed at the Engine or even Server level?

The configuration reference doesn't specify, but the Javadoc says it

"should be" used in  but "should work in ".

I would think you'd want to separately configure them for each ,

anyway.

Is this an academic question? It seems like a very easy think to just

try out and see what happens. :)

-chris

-

To unsubscribe, e-mail: 
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>

For additional commands, e-mail: 
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>

Re: Question on the ErrorReportValve

2024-04-15 Thread Christopher Schultz


Jon,

On 4/15/24 12:36, Mcalexander, Jon J. wrote:

Quick question on the ErrorReportValve and location within the server.xml file. I know that 
typically this would be inside the  element, but if you have Multiple 
 elements, do you add the valve to each Host section, or can it be placed at the 
Engine or even Server level?


The configuration reference doesn't specify, but the Javadoc says it 
"should be" used in  but "should work in ".


I would think you'd want to separately configure them for each , 
anyway.


Is this an academic question? It seems like a very easy think to just 
try out and see what happens. :)


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question on the ErrorReportValve

2024-04-15 Thread Mcalexander, Jon J.

Hi all!
Quick question on the ErrorReportValve and location within the server.xml file. 
I know that typically this would be inside the  element, but if 
you have Multiple  elements, do you add the valve to each Host section, 
or can it be placed at the Engine or even Server level?

Thank you,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

Re: Persistent Manager Implementation Question

2024-02-19 Thread Miguel Vidal

hey one question regarding this topic I'm facing an issue where my old app
is doing a creation of multiple sessions but just one is the correct one or
at least is who contains the data and works fine. the others sessions that
are created contains random data that im not sure yet what information
contains. I saw that some dependencies as javamelody create or trigger the
creation of sessions.







these are the blobs  that were encrypted :
¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹  xp   Â*jƒsq
~ Â*¼£sr java.lang.Integer â ¤÷ ‡8 I valuexq ~   sr java.lang.BooleanÍ
r€Õœúî Z valuexp sq ~ sq ~ Â*¼¥t  E822F1886161BDE64BBAF294330834E0ppsq
~   t
testAttributet testValue

¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹  xp   Â –âsq
~ Â –ãsr java.lang.Integer â ¤÷ ‡8 I valuexq ~   sr java.lang.BooleanÍ
r€Õœúî Z valuexp sq ~ sq ~ Â ™nt  07CED191BB6F3412FF9CF706F8A6CCD3ppsq
~   t org.apache.struts.action.LOCALEsr java.util.Locale~ø `œ0ùì I
hashcodeL countryt Ljava/lang/String;L
extensionsq ~ L languageq ~ L scriptq ~ L variantq ~ xpt USt  t enq ~ q
~ x

The first one is the new application where i was setting a testAttribute a
"testvalue"
but the other one is what im trying to figure out which process is doing
that.
I already turn on the logger with
org.apache.catalina.session.level = ALL
java.util.logging.ConsoleHandler.level=ALL

I can see how the sessions are being moved to stored but is there any way
to print what is saving? or to undo the encript i have a method where im
hitting the bd and getting the data

@GetMapping("/checkB")
public Map checkB() {

logger.log(Level.INFO, "Msg");

Map response = new HashMap<>();
try {
String sql = "SELECT session_data FROM tomcat_sessions WHERE
session_id='130B672C9914E98D4C11FAC8ECA621F8'"; // add your condition
here
String serializedData = jdbcTemplate.queryForObject(sql, String.class);
Object deserializedObject = deserializeData(serializedData);
// Handle the deserialized object as needed

response.put("status", "success");
response.put("message", "Session data deserialized successfully.");
} catch (Exception e) {
e.printStackTrace();
response.put("status", "error");
response.put("message", "Failed to deserialize session data.");
}
return response;
}

private Object deserializeData(String serializedData) throws Exception {
// Decode Base64 encoded serialized data
byte[] serializedBytes = Base64.getDecoder().decode(serializedData);

// Deserialize the data using ObjectInputStream
ByteArrayInputStream bis = new ByteArrayInputStream(serializedBytes);
ObjectInputStream ois = new ObjectInputStream(bis);
Object deserializedObject = ois.readObject();

// Close the input streams
ois.close();
bis.close();

return deserializedObject;
}

but it fails on the function of the decode() . Is there any way to do that?

Any help is appreciate it Thanks!

El lun, 12 feb 2024 a las 9:52, Miguel Vidal ()
escribió:

> Yes both are pointing the same configuration because i was doing some
> testing how it works all of this about session, i wasnt able to get it to
> work in a new application just using spring boot , but i just did it on
> friday. what i was missing it was use the session and not only a getter or
> endpoint without any use of the session.
>  it seems to get it to  work that you need to use the session, the
> configuration is already working
>  maxInactiveInterval="3600" debug="0" saveOnRestart="true"
> maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2" maxIdleBackup="1" >
> dataSourceName="jdbc/tomcat"
>driverName="com.mysql.jdbc.Driver"
>sessionAppCol="app_name"
>sessionDataCol="session_data"
>sessionIdCol="session_id"
>sessionLastAccessedCol="last_access"
>sessionMaxInactiveCol="max_inactive"
>sessionTable="tomcat_sessions"
>sessionValidCol="valid_session"
> />
>
>
>  name="jdbc/tomcat"
> auth="Container"
> type="javax.sql.DataSource"
> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
> validationQuery="select 1"
> testOnBorrow="true"
> removeAbandoned="true"
> logAbandoned="true"
>

Re: Persistent Manager Implementation Question

2024-02-12 Thread Miguel Vidal

Yes both are pointing the same configuration because i was doing some
testing how it works all of this about session, i wasnt able to get it to
work in a new application just using spring boot , but i just did it on
friday. what i was missing it was use the session and not only a getter or
endpoint without any use of the session.
 it seems to get it to  work that you need to use the session, the
configuration is already working


   



jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"
with this configuration my both application are working fine

and also i created in the new application how to test it :

@GetMapping("/create")
public String testSession(HttpSession session) {
// Add a session attribute
session.setAttribute("testAttribute", "testValue");

// Get the session ID
String sessionId = session.getId();

return "Session created with ID: " + sessionId + " and attribute added";
}

@GetMapping("/getse")
public String getSessionAttribute(HttpSession session) {
// Get the session ID

String sessionId = session.getId();

// Retrieve session attribute
String attributeValue = (String) session.getAttribute("testAttribute");

if (attributeValue != null) {
return "Session ID: " + sessionId + ", Attribute value: " +
attributeValue;
} else {
return "Session ID: " + sessionId + ", Attribute not found";
}
}

and also added a filter to validate to create it correctly

@Component
public class SessionValidationFilter extends OncePerRequestFilter {

protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain) throws
ServletException, IOException {
String requestURI = request.getRequestURI();

// Exclude the create-session endpoint from filtering
if (requestURI.equals("/demo/create")) {
filterChain.doFilter(request, response);
return;
}

HttpSession session = request.getSession(false); // Do not
create session if it doesn't exist

if (session != null && session.getId() != null) {
// Session is valid, proceed with the request
filterChain.doFilter(request, response);
} else {
// Session is invalid, return an error response
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Session expired or not authenticated");
}
}
}


El lun, 12 feb 2024 a las 9:18, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> Miguel,
>
> On 2/8/24 15:49, Miguel Vidal wrote:
> > Im trying to configure correctly in 2 different applications : Persistent
> > Manager Implementation using a mysqldb as a datasource.
>
> Do you have both PersistentManager configurations pointing at the same
> database and same set of tables? I think it will be rare to have session
> id collisions, but configuring both applications to use the same storage
> may cause very difficult to discover bugs under high usage.
>
> It will also increase lock contention needlessly across the two
> applications.
>
> -chris
>
> > In one of them that is a legacy project i have some dependencies as
> >
> > 
> >  org.springframework
> >  spring-core
> >  ${spring.framework.version}
> > 
> >
> > 
> >  org.springframework
> >  spring-context
> >  ${spring.framework.version}
> > 
> >
> > and it is already doing the registry of the sessions in my bd.
> > but in the other app im using a spring boot with the same configuration.
> > I'm not able to see any registration of the sessions in my db. After the
> > deploy of my app in a tomcat server and hit any resource example
> > /test/resource im able to see the response correctly but i just want to
> > know if this  Persistent Manager Implementation is only for legacy apps?
> or
> > why is running in one and in the other is not.
> >
> > this is my xml for both
> >
> > 
> >  > reloadable="true" useHttpOnly="true"  cookies="${uses.cookies}" >
> >
> >   > className="org.apache.catalina.session.PersistentManager"
> > maxInactiveInterval="3600" debug="0" saveOnRestart="true"
> > maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2"
> > maxIdleBackup="1" >
> >   > dataSourceName="jdbc/tomcat"
> > driverName="com.mysql.jdbc.Driver"
> > sessionAppCol="app_name"
> > sessionDataCol="session_data"
> > sessionIdCol="session_id"
> > sessionLastAccessedCol="last_access"
> > sessionMaxInactiveCol="max_inactive"
> > sessionTable="tomcat_sessions"
> > sessionValidCol="valid_session"
> >  />
> >  
> >
> >   >  name="jdbc/tomcat"
> >

Re: Persistent Manager Implementation Question

2024-02-12 Thread Christopher Schultz

Miguel,

On 2/8/24 15:49, Miguel Vidal wrote:

Im trying to configure correctly in 2 different applications : Persistent
Manager Implementation using a mysqldb as a datasource.

Do you have both PersistentManager configurations pointing at the same
database and same set of tables? I think it will be rare to have session
id collisions, but configuring both applications to use the same storage
may cause very difficult to discover bugs under high usage.

It will also increase lock contention needlessly across the two
applications.

-chris

In one of them that is a legacy project i have some dependencies as

org.springframework
spring-core
${spring.framework.version}

org.springframework
spring-context
${spring.framework.version}

and it is already doing the registry of the sessions in my bd.
but in the other app im using a spring boot with the same configuration.
I'm not able to see any registration of the sessions in my db. After the
deploy of my app in a tomcat server and hit any resource example
/test/resource im able to see the response correctly but i just want to
know if this Persistent Manager Implementation is only for legacy apps? or
why is running in one and in the other is not.

this is my xml for both

jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"

these 2 are the guides where i learn the mayority how to do it
https://svn.apache.org/repos/asf/tomcat/archive/tc4.1.x/trunk/container/catalina/docs/JDBCStore-howto.html
https://gerrytan.wordpress.com/2013/08/21/tomcat-7-jdbc-session-persistence/

im going to attach the code that im trying to know why is not working.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Persistent Manager Implementation Question

2024-02-08 Thread Mark Thomas


Try turning on ALL logging for the org.apache.catalina.session package.

Mark


On 08/02/2024 20:49, Miguel Vidal wrote:

  demo4.zip
<https://drive.google.com/file/d/1XOUHhw59Djk2XmdFEmkBsusnHf5_yNE7/view?usp=drive_web>
Hello,

Specifications
Windows 10
Tomcat 8.5
this is a configuration question .
the tomcat specification that works :
https://tomcat.apache.org/tomcat-8.0-doc/config/manager.html

Im trying to configure correctly in 2 different applications : Persistent
Manager Implementation using a mysqldb as a datasource.

In one of them that is a legacy project i have some dependencies as


 org.springframework
 spring-core
 ${spring.framework.version}



 org.springframework
 spring-context
 ${spring.framework.version}


and it is already doing the registry of the sessions in my bd.
but in the other app im using a spring boot with the same configuration.
I'm not able to see any registration of the sessions in my db. After the
deploy of my app in a tomcat server and hit any resource example
/test/resource im able to see the response correctly but i just want to
know if this  Persistent Manager Implementation is only for legacy apps? or
why is running in one and in the other is not.

this is my xml for both




 
 
 

 
 jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
 org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
 org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"

these 2  are the guides where i learn the mayority how to do it
https://svn.apache.org/repos/asf/tomcat/archive/tc4.1.x/trunk/container/catalina/docs/JDBCStore-howto.html
https://gerrytan.wordpress.com/2013/08/21/tomcat-7-jdbc-session-persistence/

im going to attach the code that im trying to know why is not working.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Persistent Manager Implementation Question

2024-02-08 Thread Miguel Vidal

 demo4.zip
<https://drive.google.com/file/d/1XOUHhw59Djk2XmdFEmkBsusnHf5_yNE7/view?usp=drive_web>
Hello,

Specifications
Windows 10
Tomcat 8.5
this is a configuration question .
the tomcat specification that works :
https://tomcat.apache.org/tomcat-8.0-doc/config/manager.html

Im trying to configure correctly in 2 different applications : Persistent
Manager Implementation using a mysqldb as a datasource.

In one of them that is a legacy project i have some dependencies as


org.springframework
spring-core
${spring.framework.version}



org.springframework
spring-context
${spring.framework.version}


and it is already doing the registry of the sessions in my bd.
but in the other app im using a spring boot with the same configuration.
I'm not able to see any registration of the sessions in my db. After the
deploy of my app in a tomcat server and hit any resource example
/test/resource im able to see the response correctly but i just want to
know if this  Persistent Manager Implementation is only for legacy apps? or
why is running in one and in the other is not.

this is my xml for both









jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"

these 2  are the guides where i learn the mayority how to do it
https://svn.apache.org/repos/asf/tomcat/archive/tc4.1.x/trunk/container/catalina/docs/JDBCStore-howto.html
https://gerrytan.wordpress.com/2013/08/21/tomcat-7-jdbc-session-persistence/

im going to attach the code that im trying to know why is not working.

Re: security-constraint url-pattern question

2023-12-15 Thread Mark Thomas


On 14/12/2023 17:28, ResSoft wrote:

Chris,

I figured out how to make this work.  It works in my dev dox but not in 
my prod box.  Both have the same version of tomcat.  Here is the web.xml entry. 
 I any ideas would be great.


Those constraints look correct to me and a quick test using the examples 
webapp with a default Tomcat install confirms that.


I think you need to look for differences between dev and prod.




 securedapp
 /*
 
 
   CONFIDENTIAL
 
   

 
  



HTTP-Protected-Resource-1
Description here
/path to directory/*
GET
POST


You *really* don't want to be specifying HTTP methods here.

Google for "uncovered HTTP methods"









Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: security-constraint url-pattern question

2023-12-14 Thread ResSoft

Chris,

I figured out how to make this work.  It works in my dev dox but not in 
my prod box.  Both have the same version of tomcat.  Here is the web.xml entry. 
 I any ideas would be great.



securedapp
/*


  CONFIDENTIAL

  


 


HTTP-Protected-Resource-1
Description here
/path to directory/*
GET
POST



 

Thanks,

Kent Cole


> On Dec 14, 2023, at 10:09 AM, Christopher Schultz 
>  wrote:
> 
> Kent,
> 
> On 12/14/23 09:13, ResSoft wrote:
>> I am currently forcing my app to use https.  Here is what I have in my
>> app web.xml file and it works as intended
>> 
>>  
>>securedapp
>>/*
>>
>>
>>  CONFIDENTIAL
>>
>>  
>> I also now want to restrict the browser from pulling up files in certain =
>> directories.  Search the web I see to use the following=20
>> 
>>  
>>  =
> 
> I hope this is just a stray = added by your email program. If it's not, 
> please remove it.
> 
>> HTTP-Protected-Resource-1
>>  Description here
>>  /path to directory/path to =
>> directory/*
>>  GET
>>  POST
> 
> What about HEAD requests? Or PUT? Or maybe FOO?
> 
> Don't forget that any client can try any HTTP method verb. It doesn't have to 
> make any sense, and most code assumes GET unless it's looking for something 
> else.
> 
>>  
>>  
>> 
>> These both work independently of each other.  What I can't
>> figure out is how to make them work together.  When I try that, all
>> files are forbidden as it appears the /*
>> locks everything down.  But without it, I cannot get tomcat to force
>> http to https.
> 
> Have you set a redirectPort in your HTTP ?
> 
> -chris
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
> 
> For additional commands, e-mail: users-h...@tomcat.apache.org 
>

Re: security-constraint url-pattern question

2023-12-14 Thread ResSoft

Chris,

Thanks for the response, but I think I explained myself wrong.  The 
http redirect to https works when I use just this entry in my web.xml



securedapp
/*


  CONFIDENTIAL

  

But if I want to force http to https and lock the second url pattern from a 
browser accessing files in that directory, it locks down the entire site based 
on the first url-patterm /* and with out the /* the http to https does not work 
at the root directory of the app.



securedapp
/*
/path to directory/*


  CONFIDENTIAL

  

I can’t figure out how to force http to https and lock down a directory from 
being browsed. 

Thanks,

Kent Cole


> On Dec 14, 2023, at 10:09 AM, Christopher Schultz 
>  wrote:
> 
> Kent,
> 
> On 12/14/23 09:13, ResSoft wrote:
>> I am currently forcing my app to use https.  Here is what I have in my
>> app web.xml file and it works as intended
>> 
>>  
>>securedapp
>>/*
>>
>>
>>  CONFIDENTIAL
>>
>>  
>> I also now want to restrict the browser from pulling up files in certain =
>> directories.  Search the web I see to use the following=20
>> 
>>  
>>  =
> 
> I hope this is just a stray = added by your email program. If it's not, 
> please remove it.
> 
>> HTTP-Protected-Resource-1
>>  Description here
>>  /path to directory/path to =
>> directory/*
>>  GET
>>  POST
> 
> What about HEAD requests? Or PUT? Or maybe FOO?
> 
> Don't forget that any client can try any HTTP method verb. It doesn't have to 
> make any sense, and most code assumes GET unless it's looking for something 
> else.
> 
>>  
>>  
>> 
>> These both work independently of each other.  What I can't
>> figure out is how to make them work together.  When I try that, all
>> files are forbidden as it appears the /*
>> locks everything down.  But without it, I cannot get tomcat to force
>> http to https.
> 
> Have you set a redirectPort in your HTTP ?
> 
> -chris
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: security-constraint url-pattern question

2023-12-14 Thread Christopher Schultz


Kent,

On 12/14/23 09:13, ResSoft wrote:

I am currently forcing my app to use https.  Here is what I have in my
app web.xml file and it works as intended



securedapp
/*


  CONFIDENTIAL

  

I also now want to restrict the browser from pulling up files in certain =
directories.  Search the web I see to use the following=20



=


I hope this is just a stray = added by your email program. If it's not, 
please remove it.



HTTP-Protected-Resource-1
Description here
/path to directory/path to =
directory/*
GET
POST


What about HEAD requests? Or PUT? Or maybe FOO?

Don't forget that any client can try any HTTP method verb. It doesn't 
have to make any sense, and most code assumes GET unless it's looking 
for something else.







These both work independently of each other.  What I can't
figure out is how to make them work together.  When I try that, all
files are forbidden as it appears the /*
locks everything down.  But without it, I cannot get tomcat to force
http to https.


Have you set a redirectPort in your HTTP ?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

security-constraint url-pattern question

2023-12-14 Thread ResSoft

I am currently forcing my app to use https.  Here is what I have in my =
app web.xml file and it works as intended



   securedapp
   /*
   
   
 CONFIDENTIAL
   
 

I also now want to restrict the browser from pulling up files in certain =
directories.  Search the web I see to use the following=20



=
HTTP-Protected-Resource-1
Description here
/path to directory/path to =
directory/*
GET
POST




These both work independently of each other.  What I can=E2=80=99t =
figure out is how to make them work together.  When I try that, all =
files are forbidden as it appears the /* =
locks everything down.  But without it, I cannot get tomcat to force =
http to https.

Can anyone help with this?

Thanks,

Kent Cole

Re: Thread Pool Question

2023-12-06 Thread Deepak Lalchandani

Hi Tomcat users,
  Can you share the jsp code of thread pool so
that I can analyse it

Thanks and Regards,
Deepak

On Wed, 6 Dec 2023, 8:46 pm Christopher Schultz, <
ch...@christopherschultz.net> wrote:

> William,
>
> On 12/5/23 14:39, William Crowell wrote:
> > I should clarify the ask here…
> >
> > I have some long running JDBC queries against Oracle, and I do not
> > want to tie up Tomcat’s web thread pool with them.  I would only have
> > between 1-10 threads in this pool.
>
> Executors aren't directly-accessible by applications. If you want to
> off-load processing to another thread, you'll have to maintain your own
> thread-pool.
>
> If you are using plain-old servlet dispatching, then off-loading to
> another thread won't save you anything: your request-processing thread
> will have to wait on your database-processing thread to complete before
> returning a response. It sounds like what you really want is
> servet-async where you put the request to sleep while you do something
> time-consuming and let the request-processing thread go back into the pool.
>
> If you really are running the thread in the background, say, across
> requests, then you can do this with a thread pool that you, say, store
> in the application scope. I've done this myself, and end up storing a
> "progress object" in the user's session so that any subsequent request
> can check on the status of the long-running process.
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Thread Pool Question

2023-12-06 Thread Christopher Schultz


William,

On 12/5/23 14:39, William Crowell wrote:

I should clarify the ask here…

I have some long running JDBC queries against Oracle, and I do not
want to tie up Tomcat’s web thread pool with them.  I would only have
between 1-10 threads in this pool.


Executors aren't directly-accessible by applications. If you want to
off-load processing to another thread, you'll have to maintain your own 
thread-pool.


If you are using plain-old servlet dispatching, then off-loading to 
another thread won't save you anything: your request-processing thread 
will have to wait on your database-processing thread to complete before 
returning a response. It sounds like what you really want is 
servet-async where you put the request to sleep while you do something 
time-consuming and let the request-processing thread go back into the pool.


If you really are running the thread in the background, say, across 
requests, then you can do this with a thread pool that you, say, store 
in the application scope. I've done this myself, and end up storing a 
"progress object" in the user's session so that any subsequent request 
can check on the status of the long-running process.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Thread Pool Question

2023-12-05 Thread John.E.Gregg

You have to refer to it in your connector:

https://tomcat.apache.org/tomcat-10.0-doc/config/http.html


> -Original Message-
> From: William Crowell 
> Sent: Tuesday, December 5, 2023 1:39 PM
> To: Tomcat Users List 
> Subject: Re: Thread Pool Question
> 
> I should clarify the ask here...
> 
> I have some long running JDBC queries against Oracle, and I do not want to
> tie up Tomcat's web thread pool with them.  I would only have between 1-10
> threads in this pool.
> 
> Regards,
> 
> William Crowell
> 
> 
> 
> 
> This e-mail may contain information that is privileged or confidential. If you
> are not the intended recipient, please delete the e-mail and any attachments
> and notify us immediately.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Thread Pool Question

2023-12-05 Thread William Crowell

I should clarify the ask here…

I have some long running JDBC queries against Oracle, and I do not want to tie 
up Tomcat’s web thread pool with them.  I would only have between 1-10 threads 
in this pool.

Regards,

William Crowell




This e-mail may contain information that is privileged or confidential. If you 
are not the intended recipient, please delete the e-mail and any attachments 
and notify us immediately.

Thread Pool Question

2023-12-05 Thread William Crowell

If I create a separate thread pool in Tomcat’s server.xml like this:



Then how do I get a thread to assign any work to it?

Regards,

William Crowell


This e-mail may contain information that is privileged or confidential. If you 
are not the intended recipient, please delete the e-mail and any attachments 
and notify us immediately.

Re: Web.xml file question

2023-11-21 Thread Christopher Schultz


Lance,

On 11/21/23 11:33, Campbell, Lance wrote:

Tomcat 10.1
Java migration from 8 to 11
Eclipse

I am trying to migrate my thirteen tomcat web applications from java 8 to java 
11. And from tomcat 9 to tomcat 10.1 .

I have been using the web.xml file for years with Java 8 and tomcat 9. However, 
when I built my dynamic web application with eclipse I don't see a web.xml 
file. I looked at the example web application in the tomcat 10.1 download. Is 
the below top part of the web.xml file appropriate for java 11 running 10.1


https://jakarta.ee/xml/ns/jakartaee

   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance

   xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee

   https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd;

   version="6.0"

   metadata-complete="true">


It seems so. Here is the default web.xml for that branch of the server:
https://github.com/apache/tomcat/blob/10.1.x/conf/web.xml

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Web.xml file question

2023-11-21 Thread Campbell, Lance

Tomcat 10.1
Java migration from 8 to 11
Eclipse

I am trying to migrate my thirteen tomcat web applications from java 8 to java 
11. And from tomcat 9 to tomcat 10.1 .

I have been using the web.xml file for years with Java 8 and tomcat 9. However, 
when I built my dynamic web application with eclipse I don't see a web.xml 
file. I looked at the example web application in the tomcat 10.1 download. Is 
the below top part of the web.xml file appropriate for java 11 running 10.1


https://jakarta.ee/xml/ns/jakartaee

  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance

  xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee

  https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd;

  version="6.0"

  metadata-complete="true">

Thanks,

Lance

Re: Question about releases available for download

2023-10-19 Thread Christopher Schultz


Jon,

On 10/19/23 11:33, Mcalexander, Jon J. wrote:

Ding Ding Ding. Chris wins! Yes, that was the word.


https://www.youtube.com/watch?v=NtfVgzXTp7Q

-chris


-Original Message-
From: Christopher Schultz 
Sent: Wednesday, October 18, 2023 9:42 PM
To: users@tomcat.apache.org
Subject: Re: Question about releases available for download

Jon,

On 10/18/23 15:39, Mcalexander, Jon J. wrote:

Thanks Mark. I'm sorry if I stated it incorrectly. I meant the issue
with JDBC being broken, etc. the stuff that prompted the immediate new
releases.

I think the word you were looking for was "regression", not "recursion" ;)

-chris


-Original Message-
From: Mark Thomas 
Sent: Wednesday, October 18, 2023 2:04 PM
To: users@tomcat.apache.org
Subject: Re: Question about releases available for download

On 18/10/2023 18:29, Mcalexander, Jon J. wrote:

Hi Mark, et-al,

With the recursion error with these releases in mind, should 8.5.94,
9.0.81,

and 10.1.15 be available for download via the archives? Should they
not be removed and a not placed in the location that they have been
removed due to introduced issues?

Recursion error?

Regardless, all ASF releases will always be available from the ASF archives.
That is ASF policv and I don't see it changing.

Yes, old releases have bugs and/or security issues. Yes, some of
those bugs / security issues are quite nasty. That is why we always
recommend using the latest release of a current supported major version.

Maven Central has a similar policy. Once a release is published to
Maven Central it is pretty much impossible to get it removed.

Mark



Just asking,

Thanks.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508





jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>

This message may contain confidential and/or privileged information.
If you

are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based
on this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply
e-mail and delete this message. Thank you for your cooperation.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question about releases available for download

2023-10-19 Thread Mcalexander, Jon J.

Ding Ding Ding. Chris wins! Yes, that was the word.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

> -Original Message-
> From: Christopher Schultz 
> Sent: Wednesday, October 18, 2023 9:42 PM
> To: users@tomcat.apache.org
> Subject: Re: Question about releases available for download
> 
> Jon,
> 
> On 10/18/23 15:39, Mcalexander, Jon J. wrote:
> > Thanks Mark. I'm sorry if I stated it incorrectly. I meant the issue
> > with JDBC being broken, etc. the stuff that prompted the immediate new
> > releases.
> I think the word you were looking for was "regression", not "recursion" ;)
> 
> -chris
> 
> >> -Original Message-
> >> From: Mark Thomas 
> >> Sent: Wednesday, October 18, 2023 2:04 PM
> >> To: users@tomcat.apache.org
> >> Subject: Re: Question about releases available for download
> >>
> >> On 18/10/2023 18:29, Mcalexander, Jon J. wrote:
> >>> Hi Mark, et-al,
> >>>
> >>> With the recursion error with these releases in mind, should 8.5.94,
> >>> 9.0.81,
> >> and 10.1.15 be available for download via the archives? Should they
> >> not be removed and a not placed in the location that they have been
> >> removed due to introduced issues?
> >>
> >> Recursion error?
> >>
> >> Regardless, all ASF releases will always be available from the ASF 
> >> archives.
> >> That is ASF policv and I don't see it changing.
> >>
> >> Yes, old releases have bugs and/or security issues. Yes, some of
> >> those bugs / security issues are quite nasty. That is why we always
> >> recommend using the latest release of a current supported major version.
> >>
> >> Maven Central has a similar policy. Once a release is published to
> >> Maven Central it is pretty much impossible to get it removed.
> >>
> >> Mark
> >>
> >>>
> >>> Just asking,
> >>>
> >>> Thanks.
> >>>
> >>> Dream * Excel * Explore * Inspire
> >>> Jon McAlexander
> >>> Senior Infrastructure Engineer
> >>> Asst. Vice President
> >>> He/His
> >>>
> >>> Middleware Product Engineering
> >>> Enterprise CIO | EAS | Middleware | Infrastructure Solutions
> >>>
> >>> 8080 Cobblestone Rd | Urbandale, IA 50322
> >>> MAC: F4469-010
> >>> Tel 515-988-2508 | Cell 515-988-2508
> >>>
> >>>
> >>
> jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
> >>> This message may contain confidential and/or privileged information.
> >>> If you
> >> are not the addressee or authorized to receive this for the
> >> addressee, you must not use, copy, disclose, or take any action based
> >> on this message or any information herein. If you have received this
> >> message in error, please advise the sender immediately by reply
> >> e-mail and delete this message. Thank you for your cooperation.
> >>>
> >>>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about releases available for download

2023-10-18 Thread Christopher Schultz


Jon,

On 10/18/23 15:39, Mcalexander, Jon J. wrote:

Thanks Mark. I'm sorry if I stated it incorrectly. I meant the issue
with JDBC being broken, etc. the stuff that prompted the immediate
new releases.

I think the word you were looking for was "regression", not "recursion" ;)

-chris


-Original Message-
From: Mark Thomas 
Sent: Wednesday, October 18, 2023 2:04 PM
To: users@tomcat.apache.org
Subject: Re: Question about releases available for download

On 18/10/2023 18:29, Mcalexander, Jon J. wrote:

Hi Mark, et-al,

With the recursion error with these releases in mind, should 8.5.94, 9.0.81,

and 10.1.15 be available for download via the archives? Should they not be
removed and a not placed in the location that they have been removed due
to introduced issues?

Recursion error?

Regardless, all ASF releases will always be available from the ASF archives.
That is ASF policv and I don't see it changing.

Yes, old releases have bugs and/or security issues. Yes, some of those bugs /
security issues are quite nasty. That is why we always recommend using the
latest release of a current supported major version.

Maven Central has a similar policy. Once a release is published to Maven
Central it is pretty much impossible to get it removed.

Mark



Just asking,

Thanks.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508



jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>

This message may contain confidential and/or privileged information. If you

are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, or take any action based on this message or any
information herein. If you have received this message in error, please advise
the sender immediately by reply e-mail and delete this message. Thank you
for your cooperation.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question about releases available for download

2023-10-18 Thread Mcalexander, Jon J.

Thanks Mark. I'm sorry if I stated it incorrectly. I meant the issue with JDBC 
being broken, etc. the stuff that prompted the immediate new releases.

Thank you!

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

> -Original Message-
> From: Mark Thomas 
> Sent: Wednesday, October 18, 2023 2:04 PM
> To: users@tomcat.apache.org
> Subject: Re: Question about releases available for download
> 
> On 18/10/2023 18:29, Mcalexander, Jon J. wrote:
> > Hi Mark, et-al,
> >
> > With the recursion error with these releases in mind, should 8.5.94, 9.0.81,
> and 10.1.15 be available for download via the archives? Should they not be
> removed and a not placed in the location that they have been removed due
> to introduced issues?
> 
> Recursion error?
> 
> Regardless, all ASF releases will always be available from the ASF archives.
> That is ASF policv and I don't see it changing.
> 
> Yes, old releases have bugs and/or security issues. Yes, some of those bugs /
> security issues are quite nasty. That is why we always recommend using the
> latest release of a current supported major version.
> 
> Maven Central has a similar policy. Once a release is published to Maven
> Central it is pretty much impossible to get it removed.
> 
> Mark
> 
> >
> > Just asking,
> >
> > Thanks.
> >
> > Dream * Excel * Explore * Inspire
> > Jon McAlexander
> > Senior Infrastructure Engineer
> > Asst. Vice President
> > He/His
> >
> > Middleware Product Engineering
> > Enterprise CIO | EAS | Middleware | Infrastructure Solutions
> >
> > 8080 Cobblestone Rd | Urbandale, IA 50322
> > MAC: F4469-010
> > Tel 515-988-2508 | Cell 515-988-2508
> >
> >
> jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
> > This message may contain confidential and/or privileged information. If you
> are not the addressee or authorized to receive this for the addressee, you
> must not use, copy, disclose, or take any action based on this message or any
> information herein. If you have received this message in error, please advise
> the sender immediately by reply e-mail and delete this message. Thank you
> for your cooperation.
> >
> >
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about releases available for download

2023-10-18 Thread Mark Thomas


On 18/10/2023 18:29, Mcalexander, Jon J. wrote:

Hi Mark, et-al,

With the recursion error with these releases in mind, should 8.5.94, 9.0.81, 
and 10.1.15 be available for download via the archives? Should they not be 
removed and a not placed in the location that they have been removed due to 
introduced issues?


Recursion error?

Regardless, all ASF releases will always be available from the ASF 
archives. That is ASF policv and I don't see it changing.


Yes, old releases have bugs and/or security issues. Yes, some of those 
bugs / security issues are quite nasty. That is why we always recommend 
using the latest release of a current supported major version.


Maven Central has a similar policy. Once a release is published to Maven 
Central it is pretty much impossible to get it removed.


Mark



Just asking,

Thanks.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question about releases available for download

2023-10-18 Thread Mcalexander, Jon J.

Hi Mark, et-al,

With the recursion error with these releases in mind, should 8.5.94, 9.0.81, 
and 10.1.15 be available for download via the archives? Should they not be 
removed and a not placed in the location that they have been removed due to 
introduced issues?

Just asking,

Thanks.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

RE: SSLHostConfig question

2023-09-27 Thread Mcalexander, Jon J.

Thank you Chris!

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

> -Original Message-
> From: Christopher Schultz 
> Sent: Tuesday, September 26, 2023 5:49 PM
> To: users@tomcat.apache.org
> Subject: Re: SSLHostConfig question
> 
> Jonm
> 
> On 9/26/23 15:07, Mcalexander, Jon J. wrote:
> > Thank you, but which format of the line is correct?
> >
> > certificateKeystoreType="pkcs12"
> >
> > or
> >
> > certificateKeystore="path to pfx file" type="pkcs12"
> 
> https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0-
> doc/config/http.html*SSL_Support_-
> _Certificate__;Iw!!F9svGWnIaVPGSwU!qCp4SoLLBDygK5Nnm9Rt0079tFHSD
> 5l0E1FK_qlMaNuRe1gzbj65XM4I-eFo2lfYoP_1XSx20Ph_opEI-
> ChtAbTAYVqev6Nm$
> 
> Here are the relevant attributes:
> 
> certificateKeystoreFile : path to your file certificateKeystoreType : type of
> keystore file type : type of /key/ (choose RSA, EC, or DSA - but don't choose
> DSA)
> 
> -chris
> 
> >> -Original Message-
> >> From: Mark Thomas 
> >> Sent: Tuesday, September 26, 2023 11:54 AM
> >> To: users@tomcat.apache.org
> >> Subject: Re: SSLHostConfig question
> >>
> >> On 26/09/2023 16:50, Christopher Schultz wrote:
> >>> Jon,
> >>>
> >>> On 9/26/23 11:32, Mcalexander, Jon J. wrote:
> >>>> I have a question around the SSLHostConfig SSL Connector in Tomcat.
> >>>> In the   section, if the SSL Certificate is in a
> >>>> Windows PFS Keystore, is it appropriate to add
> >>>>
> >>>> certificateKeystoreType="PFX"
> >>>>
> >>>> or
> >>>>
> >>>> certificateKeystore="path to pfx file" type="PFX"
> >>>>
> >>>> I'm finding reference to certificateKeystoreType, but not in
> >>>> regards to PKCS12/PFX types.
> >>>
> >>> I don't think Tomcat supports "PFX" files per-se, but the intertubes
> >>> say that PFX is PKCS12, which IS supported. So try using "PKCS12"
> >>> which I think is the default.
> >>
> >> Default for all keystore types is JKS.
> >>
> >> As Chris says, "pkcs12" should work.
> >>
> >> Mark
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSLHostConfig question

2023-09-26 Thread Christopher Schultz


Jonm

On 9/26/23 15:07, Mcalexander, Jon J. wrote:

Thank you, but which format of the line is correct?

certificateKeystoreType="pkcs12"

or

certificateKeystore="path to pfx file" type="pkcs12"


https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_Certificate

Here are the relevant attributes:

certificateKeystoreFile : path to your file
certificateKeystoreType : type of keystore file
type : type of /key/ (choose RSA, EC, or DSA - but don't choose DSA)

-chris


-Original Message-
From: Mark Thomas 
Sent: Tuesday, September 26, 2023 11:54 AM
To: users@tomcat.apache.org
Subject: Re: SSLHostConfig question

On 26/09/2023 16:50, Christopher Schultz wrote:

Jon,

On 9/26/23 11:32, Mcalexander, Jon J. wrote:

I have a question around the SSLHostConfig SSL Connector in Tomcat.
In the   section, if the SSL Certificate is in a
Windows PFS Keystore, is it appropriate to add

certificateKeystoreType="PFX"

or

certificateKeystore="path to pfx file" type="PFX"

I'm finding reference to certificateKeystoreType, but not in regards
to PKCS12/PFX types.


I don't think Tomcat supports "PFX" files per-se, but the intertubes
say that PFX is PKCS12, which IS supported. So try using "PKCS12"
which I think is the default.


Default for all keystore types is JKS.

As Chris says, "pkcs12" should work.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSLHostConfig question

2023-09-26 Thread Christopher Schultz


Mark,

On 9/26/23 12:54, Mark Thomas wrote:

On 26/09/2023 16:50, Christopher Schultz wrote:

Jon,

On 9/26/23 11:32, Mcalexander, Jon J. wrote:
I have a question around the SSLHostConfig SSL Connector in Tomcat. 
In the   section, if the SSL Certificate is in a

Windows PFS Keystore, is it appropriate to add

certificateKeystoreType="PFX"

or

certificateKeystore="path to pfx file" type="PFX"

I'm finding reference to certificateKeystoreType, but not in regards 
to PKCS12/PFX types.


I don't think Tomcat supports "PFX" files per-se, but the intertubes 
say that PFX is PKCS12, which IS supported. So try using "PKCS12" 
which I think is the default.


Default for all keystore types is JKS.

As Chris says, "pkcs12" should work.


Most recent JVMs will open a JKS file or PKCS12 file regardless of which 
type you actually specify. That was their solution to switching the 
default from JKS to PKCS12.


At this point, Tomcat should probably issue a warning if the type is 
"JKS" and just tell users "stop using JKS, use PKCS12 instead".


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: SSLHostConfig question

2023-09-26 Thread Mcalexander, Jon J.

Thank you, but which format of the line is correct? 

certificateKeystoreType="pkcs12"

or

certificateKeystore="path to pfx file" type="pkcs12"

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

> -Original Message-
> From: Mark Thomas 
> Sent: Tuesday, September 26, 2023 11:54 AM
> To: users@tomcat.apache.org
> Subject: Re: SSLHostConfig question
> 
> On 26/09/2023 16:50, Christopher Schultz wrote:
> > Jon,
> >
> > On 9/26/23 11:32, Mcalexander, Jon J. wrote:
> >> I have a question around the SSLHostConfig SSL Connector in Tomcat.
> >> In the   section, if the SSL Certificate is in a
> >> Windows PFS Keystore, is it appropriate to add
> >>
> >> certificateKeystoreType="PFX"
> >>
> >> or
> >>
> >> certificateKeystore="path to pfx file" type="PFX"
> >>
> >> I'm finding reference to certificateKeystoreType, but not in regards
> >> to PKCS12/PFX types.
> >
> > I don't think Tomcat supports "PFX" files per-se, but the intertubes
> > say that PFX is PKCS12, which IS supported. So try using "PKCS12"
> > which I think is the default.
> 
> Default for all keystore types is JKS.
> 
> As Chris says, "pkcs12" should work.
> 
> Mark
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSLHostConfig question

2023-09-26 Thread Mark Thomas


On 26/09/2023 16:50, Christopher Schultz wrote:

Jon,

On 9/26/23 11:32, Mcalexander, Jon J. wrote:
I have a question around the SSLHostConfig SSL Connector in Tomcat. In 
the   section, if the SSL Certificate is in a

Windows PFS Keystore, is it appropriate to add

certificateKeystoreType="PFX"

or

certificateKeystore="path to pfx file" type="PFX"

I'm finding reference to certificateKeystoreType, but not in regards 
to PKCS12/PFX types.


I don't think Tomcat supports "PFX" files per-se, but the intertubes say 
that PFX is PKCS12, which IS supported. So try using "PKCS12" which I 
think is the default.


Default for all keystore types is JKS.

As Chris says, "pkcs12" should work.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSLHostConfig question

2023-09-26 Thread Christopher Schultz


Jon,

On 9/26/23 11:32, Mcalexander, Jon J. wrote:
I have a question around the SSLHostConfig SSL Connector in Tomcat. 
In the   section, if the SSL Certificate is in a

Windows PFS Keystore, is it appropriate to add

certificateKeystoreType="PFX"

or

certificateKeystore="path to pfx file" type="PFX"

I'm finding reference to certificateKeystoreType, but not in regards to 
PKCS12/PFX types.


I don't think Tomcat supports "PFX" files per-se, but the intertubes say 
that PFX is PKCS12, which IS supported. So try using "PKCS12" which I 
think is the default.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

SSLHostConfig question

2023-09-26 Thread Mcalexander, Jon J.

Good morning Gentle People,

I have a question around the SSLHostConfig SSL Connector in Tomcat. In the 
  section, if the SSL Certificate is in a Windows PFS 
Keystore, is it appropriate to add

certificateKeystoreType="PFX"

or

certificateKeystore="path to pfx file" type="PFX"

I'm finding reference to certificateKeystoreType, but not in regards to 
PKCS12/PFX types.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

Re: question about tomcat manager Server Status page

2023-09-08 Thread Ivano Luberti


Thanks Christopher

Il 08/09/2023 17:51, Christopher Schultz ha scritto:

Ivano,

On 9/8/23 11:17, Ivano Luberti wrote:

Hi, looking at Server Status and Complete Server Status Page

I can see the following line:

Max threads: 200 Current thread count: 11 Current threads busy: 1 
Keep alive sockets count: 1


But looking at the thread list under the line I can count 24 lines.

So what is the number of thread currently instantiated by tomcat? 11 
or 24?


This is a good question. When I check my localhost Manager running 
8.5.x, I see this:


Max threads: -1 Current thread count: 4 Current threads busy: 1 Keep 
alive sockets count: 1


The number of threads shown in the http-nio-host-port section shows 5 
threads, 4 in the R state and one in the S state.


When running jstack against my JVM, I can see that there are only 4 
exec threads running.


So I think the claim that there are only 11 threads in your JVM is 
correct. I believe the 24 lines you are seeing are something buggy in 
the Manager's view. I'll see if I can play around with it a little bit 
to see what's happening.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196

per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 
<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>


dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/

Re: question about tomcat manager Server Status page

2023-09-08 Thread Christopher Schultz


Ivano,

On 9/8/23 11:17, Ivano Luberti wrote:

Hi, looking at Server Status and Complete Server Status Page

I can see the following line:

Max threads: 200 Current thread count: 11 Current threads busy: 1 Keep 
alive sockets count: 1


But looking at the thread list under the line I can count 24 lines.

So what is the number of thread currently instantiated by tomcat? 11 or 24?


This is a good question. When I check my localhost Manager running 
8.5.x, I see this:


Max threads: -1 Current thread count: 4 Current threads busy: 1 Keep 
alive sockets count: 1


The number of threads shown in the http-nio-host-port section shows 5 
threads, 4 in the R state and one in the S state.


When running jstack against my JVM, I can see that there are only 4 exec 
threads running.


So I think the claim that there are only 11 threads in your JVM is 
correct. I believe the 24 lines you are seeing are something buggy in 
the Manager's view. I'll see if I can play around with it a little bit 
to see what's happening.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

question about tomcat manager Server Status page

2023-09-08 Thread Ivano Luberti


Hi, looking at Server Status and Complete Server Status Page

I can see the following line:

Max threads: 200 Current thread count: 11 Current threads busy: 1 Keep 
alive sockets count: 1


But looking at the thread list under the line I can count 24 lines.

So what is the number of thread currently instantiated by tomcat? 11 or 24?



--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196

per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 



dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/

Re: OT: Question regarding the listeners in the upcoming releases.

2023-07-10 Thread Christopher Schultz


Jon,

On 7/7/23 15:46, jonmcalexan...@wellsfargo.com.INVALID wrote:

Thank you Chris. I will look into Manager + JMXProxyServlet. Dumb
question, but does this require the Manager.war to be deployed (Isn't
that just to get to the UI?)
Yes, the Manager application must be deployed. You do not have to allow 
any users to use the GUI, though, if you don't want to give users the 
required role(s).



or does it call the Catalina Manager servlet directly?

The servlet is in the Manager application. It's not in the Tomcat core.


Is there any documentation around this type of setup?


Yep: have a look at the Manager application docs and let me know if 
something isn't clear. The docs are kind of thin, so if you think there 
is room for improvement, I'd be happy to have you augment what's there 
and I can commit a docs-update.


-chris


-Original Message-
From: Christopher Schultz 
Sent: Friday, July 7, 2023 2:05 PM
To: users@tomcat.apache.org
Subject: Re: OT: Question regarding the listeners in the upcoming releases.

Jon,

On 7/7/23 1:06 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:

Yes, I'm aware that JMX may be the easiest method, however to use it
means modifying the JAVA_OPTIONS as well as having a username and
password as well as to meet our internal requirements, an ssl
certificate for the jmx connection.

You can use Manager + JMXProxyServlet which IMHO is way better than
"regular JMX"... for all the reasons you mention above.


What I'm looking for, if possible, is the addition of a
connector/valve, whatever method, in the server.xml. My thinking would
be to have it only accessible via localhost and not on the general
network. Again, something that can query and put the results out for
Elastic to ingest and make use of.

You can do this with Manager + JMXProxyServlet and no new code needs to
be written (other than your script to request the data and push it to Elastic).

-chris


-Original Message-
From: Christopher Schultz 
Sent: Friday, July 7, 2023 8:39 AM
To: users@tomcat.apache.org
Subject: Re: OT: Question regarding the listeners in the upcoming

releases.


Jon,

On 7/6/23 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote:

I have a question which is based around the idea of the new
Listeners that are being introduced in the upcoming releases. This
is based on something I’ve been thinking on for the last 6 to 9 mos.
Would it be possible to have a Listener that could output stats for
the Tomcat Instance, similar to what you would see in the Manager

application?

Not wanting any of the actual Manager functionality, just the status
reporting features. Something that could be consumed by Elastic to
go into a dashboard showing Instance/Application health? I really
don’t want to deploy the Manager Application just to get this type of

data.


Thanks. I know this is a long shot question and this is where NOT
being a developer blows. 


I would do this using JMX from a remote querying agent, at whatever
interval you want. No Listener required.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT: Question regarding the listeners in the upcoming releases.

2023-07-07 Thread jonmcalexander

Thank you Chris. I will look into Manager + JMXProxyServlet. Dumb question, but 
does this require the Manager.war to be deployed (Isn't that just to get to the 
UI?), or does it call the Catalina Manager servlet directly? Is there any 
documentation around this type of setup?

Thanks again and have a great Weekend!

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

> -Original Message-
> From: Christopher Schultz 
> Sent: Friday, July 7, 2023 2:05 PM
> To: users@tomcat.apache.org
> Subject: Re: OT: Question regarding the listeners in the upcoming releases.
> 
> Jon,
> 
> On 7/7/23 1:06 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Yes, I'm aware that JMX may be the easiest method, however to use it
> > means modifying the JAVA_OPTIONS as well as having a username and
> > password as well as to meet our internal requirements, an ssl
> > certificate for the jmx connection.
> You can use Manager + JMXProxyServlet which IMHO is way better than
> "regular JMX"... for all the reasons you mention above.
> 
> > What I'm looking for, if possible, is the addition of a
> > connector/valve, whatever method, in the server.xml. My thinking would
> > be to have it only accessible via localhost and not on the general
> > network. Again, something that can query and put the results out for
> > Elastic to ingest and make use of.
> You can do this with Manager + JMXProxyServlet and no new code needs to
> be written (other than your script to request the data and push it to 
> Elastic).
> 
> -chris
> 
> >> -Original Message-
> >> From: Christopher Schultz 
> >> Sent: Friday, July 7, 2023 8:39 AM
> >> To: users@tomcat.apache.org
> >> Subject: Re: OT: Question regarding the listeners in the upcoming
> releases.
> >>
> >> Jon,
> >>
> >> On 7/6/23 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote:
> >>> I have a question which is based around the idea of the new
> >>> Listeners that are being introduced in the upcoming releases. This
> >>> is based on something I’ve been thinking on for the last 6 to 9 mos.
> >>> Would it be possible to have a Listener that could output stats for
> >>> the Tomcat Instance, similar to what you would see in the Manager
> application?
> >>> Not wanting any of the actual Manager functionality, just the status
> >>> reporting features. Something that could be consumed by Elastic to
> >>> go into a dashboard showing Instance/Application health? I really
> >>> don’t want to deploy the Manager Application just to get this type of
> data.
> >>>
> >>> Thanks. I know this is a long shot question and this is where NOT
> >>> being a developer blows. 
> >>
> >> I would do this using JMX from a remote querying agent, at whatever
> >> interval you want. No Listener required.
> >>
> >> -chris
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OT: Question regarding the listeners in the upcoming releases.

2023-07-07 Thread Christopher Schultz


Jon,

On 7/7/23 1:06 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:

Yes, I'm aware that JMX may be the easiest method, however to use it
means modifying the JAVA_OPTIONS as well as having a username and
password as well as to meet our internal requirements, an ssl
certificate for the jmx connection.
You can use Manager + JMXProxyServlet which IMHO is way better than 
"regular JMX"... for all the reasons you mention above.



What I'm looking for, if possible, is the addition of a
connector/valve, whatever method, in the server.xml. My thinking
would be to have it only accessible via localhost and not on the
general network. Again, something that can query and put the results
out for Elastic to ingest and make use of.
You can do this with Manager + JMXProxyServlet and no new code needs to 
be written (other than your script to request the data and push it to 
Elastic).


-chris


-Original Message-
From: Christopher Schultz 
Sent: Friday, July 7, 2023 8:39 AM
To: users@tomcat.apache.org
Subject: Re: OT: Question regarding the listeners in the upcoming releases.

Jon,

On 7/6/23 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote:

I have a question which is based around the idea of the new Listeners
that are being introduced in the upcoming releases. This is based on
something I’ve been thinking on for the last 6 to 9 mos. Would it be
possible to have a Listener that could output stats for the Tomcat
Instance, similar to what you would see in the Manager application?
Not wanting any of the actual Manager functionality, just the status
reporting features. Something that could be consumed by Elastic to go
into a dashboard showing Instance/Application health? I really don’t
want to deploy the Manager Application just to get this type of data.

Thanks. I know this is a long shot question and this is where NOT
being a developer blows. 


I would do this using JMX from a remote querying agent, at whatever interval
you want. No Listener required.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT: Question regarding the listeners in the upcoming releases.

2023-07-07 Thread jonmcalexander

Hi Chris,

Yes, I'm aware that JMX may be the easiest method, however to use it means 
modifying the JAVA_OPTIONS as well as having a username and password as well as 
to meet our internal requirements, an ssl certificate for the jmx connection.

What I'm looking for, if possible, is the addition of a connector/valve, 
whatever method, in the server.xml. My thinking would be to have it only 
accessible via localhost and not on the general network. Again, something that 
can query and put the results out for Elastic to ingest and make use of.

Note, still just brainstorming, so I don't have all connections fully made here.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

> -Original Message-
> From: Christopher Schultz 
> Sent: Friday, July 7, 2023 8:39 AM
> To: users@tomcat.apache.org
> Subject: Re: OT: Question regarding the listeners in the upcoming releases.
> 
> Jon,
> 
> On 7/6/23 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > I have a question which is based around the idea of the new Listeners
> > that are being introduced in the upcoming releases. This is based on
> > something I’ve been thinking on for the last 6 to 9 mos. Would it be
> > possible to have a Listener that could output stats for the Tomcat
> > Instance, similar to what you would see in the Manager application?
> > Not wanting any of the actual Manager functionality, just the status
> > reporting features. Something that could be consumed by Elastic to go
> > into a dashboard showing Instance/Application health? I really don’t
> > want to deploy the Manager Application just to get this type of data.
> >
> > Thanks. I know this is a long shot question and this is where NOT
> > being a developer blows. 
> 
> I would do this using JMX from a remote querying agent, at whatever interval
> you want. No Listener required.
> 
> -chris
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OT: Question regarding the listeners in the upcoming releases.

2023-07-07 Thread Christopher Schultz


Jon,

On 7/6/23 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote:

I have a question which is based around the idea of the new Listeners
that are being introduced in the upcoming releases. This is based on
something I’ve been thinking on for the last 6 to 9 mos. Would it be
possible to have a Listener that could output stats for the Tomcat
Instance, similar to what you would see in the Manager application?
Not wanting any of the actual Manager functionality, just the status
reporting features. Something that could be consumed by Elastic to go
into a dashboard showing Instance/Application health? I really don’t
want to deploy the Manager Application just to get this type of
data.

Thanks. I know this is a long shot question and this is where NOT
being a developer blows. 


I would do this using JMX from a remote querying agent, at whatever
interval you want. No Listener required.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

OT: Question regarding the listeners in the upcoming releases.

2023-07-06 Thread jonmcalexander

I have a question which is based around the idea of the new Listeners that are 
being introduced in the upcoming releases. This is based on something I’ve been 
thinking on for the last 6 to 9 mos. Would it be possible to have a Listener 
that could output stats for the Tomcat Instance, similar to what you would see 
in the Manager application? Not wanting any of the actual Manager 
functionality, just the status reporting features. Something that could be 
consumed by Elastic to go into a dashboard showing Instance/Application health? 
I really don’t want to deploy the Manager Application just to get this type of 
data.

Thanks. I know this is a long shot question and this is where NOT being a 
developer blows. 

Thank you,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

additional pom to go with w3schools helloworld question (formatted)

2023-07-04 Thread Jim McNamara

Hi -

Here is my formatted pom.

thanks

http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd; 
xmlns="http://maven.apache.org/POM/4.0.0; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;>
  4.0.0
  local
  NewJavaMavenProject
  NewJavaMavenProject
  0.1.0-SNAPSHOT
  war
  
3.8.1
17
17
  
  

  javax.servlet
  javax.servlet-api
  4.0.0
  provided

  
  

  exclude-central-repo
  
true
  
  

  central
  https://repo.maven.apache.org/maven2
  
true
  
  
true
  

  

  
  
src/main/java

  
maven-compiler-plugin

  

  true

  

  
  
org.apache.maven.plugins
maven-war-plugin
3.4.0

  


  
  
org.apache.maven.plugins
maven-jar-plugin

  

  

  

  

  





Sent with Proton Mail secure email.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

plaint text version of question: hello world w3schools (tomcat)

2023-07-04 Thread Jim McNamara



Hi-

I am resending my msg. in plain text wondering how to get tomcat to render my 
servlet for hellworld from code I got at w3schools.

I am trying to follow the guidelines:
TOMCAT 10.1.10 + plain text email!
THANKS 

code and configuration files:

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
 
/**
 * This servlet program is used to print "Hello World" on 
 * client browser by implementing servlet interface.
 * @author w3spoint
 */
 
public class HelloWorld implements Servlet {
private static final long serialVersionUID = 1L;
 
//no-argument constructor.
public HelloWorld() {
 
}
 
ServletConfig config=null;
 
@Override
public void init(ServletConfig config) throws ServletException {
this.config = config;
System.out.println("Do initialization here.");  
}
 
@Override
public void destroy() {
System.out.println("Do clean-up process here.");
}
 
@Override
public ServletConfig getServletConfig() {
return config;
}
 
@Override
public String getServletInfo() {
return "w3spoint.com";
}
 
@Override
public void service(ServletRequest request, ServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
 
out.println("Hello World example using " +
"servlet interface.");
out.close();
}
}


http://java.sun.com/xml/ns/j2ee; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd;>
 

HelloWorld

  HelloWorld


 

HelloWorld
/HelloWorld

 



url:

http://localhost:8080/examples/HelloWorld

 


error msg:

Root Cause

java.lang.ClassCastException: class HelloWorld cannot be cast to class 
jakarta.servlet.Servlet 


Sent with Proton Mail secure email.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Informal CIS Benchmark question

2023-06-13 Thread jonmcalexander

Thank you Mark! I appreciate how your summations on many of these match mine. 
Smh.

:-)

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.


> -Original Message-
> From: Mark Thomas 
> Sent: Monday, June 12, 2023 2:53 PM
> To: users@tomcat.apache.org
> Subject: Re: Informal CIS Benchmark question
> 
> On 12/06/2023 19:13, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > I'm asking because we are doing a review of our base settings. We are
> using the CIS Benchmarks as a verification. One of these states to set
> matadata-complete to true. We have never used this setting in the past and I
> am worried about potential application breakage causing outages if we
> suddenly start setting this setting. Is there any potential issue with using 
> this
> and if so what?
> >
> > I know it's a convoluted question, but trying to mitigate risk as much as
> possible.
> 
> I've just done a quick review of the v1.2.0 benchmark for Tomcat 9.
> 
> 1.1 Whoops. It tells you to delete the default ROOT web application with no
> consideration of whether you might have replaced the default ROOT web
> application with your own.
> 
> 1.2 Incorrectly states the AJP connector is enabled by default. It has been
> disabled by default since Feb 2020. The CIS doc was updated Sept
> 2022 more than 2 years later and it still got it wrong.
> 
> 2.1 Only used in error pages and there are better ways to hide the server
> version if you want to.
> 
> 2.2 Not necessary - it isn't exposed to clients. Changing this will just make
> debugging harder.
> 
> 2.3 See 2.3
> 
> 2.5 There are better ways to do this - configure a default error page.
> 
> 2.6 There is an obvious copy/paste error in the audit section. One wonders
> how thoroughly this document was reviewed / proof-read.
> The remediation is missing critical detail. Depending on what else is in the
> security constraint it may deny access to the entire application to all users 
> or
> it could bypass all other configured constraints and allow all users
> unconstrained access.
> 
> 2.7 Default is to send nothing which is better than the recommendation.
> 
> 6.2-6.4 assumes direct access. If running behind a proxy these could be VERY
> wrong.
> 
> 7.3 An access log per context is "unusual". It will also miss all the requests
> rejected before mapping occurs.
> 
> 9 A recommendation to use a SecurityManager is more likely to break stuff
> then make it more secure.
> 
> 10.1 Only helps on Windows.
> 
> 10.2 No. Per context configuration should be in a context.xml file not
> server.xml.
> 
> 10.3 Already present by default.
> 
> 
> OK. I'm bored of this now. Suffice to say I don't recommend using the CIS
> guide as anything more than a suggestion of things you might want to look at
> but treat their recommendations with a large pinch of salt and check the
> Tomcat docs for the relevant settings first.
> 
> 
> I will skip forward and look at the metadata-complete recommendation
> though...
> 
> 10.18 Hmm. A library that provides a web-fragement.xml is a security concern
> but we'll quietly ignore all the binary code that same JAR file is providing 
> that
> could be doing literally anything. Logically, it makes no sense.
> 
> Personally, I don't like fragments or annotations but it has nothing to do 
> with
> security and everything to do with debugging. When things go wrong it is
> very hard to figure out which filters and servlet a request was mapped to and
> why if you don't have the full configuration in a single web.xml file. For 
> that
> reason, I'd recommend logging the effective web.xml.
> 
> In terms of the recommendation, I'd ignore the metadata-complete
> suggestion. If your application does use fragments and/or annotations stuff
> will break.
> 
> Mark
> 
> 
> >
> > Thanks,
> >
> > Dream * Excel * Explore * Inspire
> > Jon McAlexander
> > Senior Infrastructure Engineer
> > Asst. Vice President
> > He/His
> >
> > Middleware Product Enginee

Re: Informal CIS Benchmark question

2023-06-13 Thread Mark Thomas


On 13/06/2023 15:07, Christopher Schultz wrote:

On 6/12/23 15:52, Mark Thomas wrote:

On 12/06/2023 19:13, jonmcalexan...@wellsfargo.com.INVALID wrote:
I'm asking because we are doing a review of our base settings. We are 
using the CIS Benchmarks as a verification. One of these states to 
set matadata-complete to true. We have never used this setting in the 
past and I am worried about potential application breakage causing 
outages if we suddenly start setting this setting. Is there any 
potential issue with using this and if so what?


I know it's a convoluted question, but trying to mitigate risk as 
much as possible.


I've just done a quick review of the v1.2.0 benchmark for Tomcat 9.




Sounds like 
https://cwiki.apache.org/confluence/display/TOMCAT/Community+Review+of+DISA+STIG


Shall we put together a community response to the CIS benchmarks?


No objection to anything I've written here to being copied to the wiki.

Not sure I'll have too much time to contribute beyond that at the moment.



In terms of the recommendation, I'd ignore the metadata-complete 
suggestion. If your application does use fragments and/or annotations 
stuff will break.


+1

The metadata-complete thing isn't really a security control. IMHO it's 
much more of a performance optimization like "I know for sure I don't 
scatter my configuration around, so don't bother going to scan for it."


Good point. The more often you start the web app, the more impact this 
will have.


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Informal CIS Benchmark question

2023-06-13 Thread Christopher Schultz


Mark,

On 6/12/23 15:52, Mark Thomas wrote:

On 12/06/2023 19:13, jonmcalexan...@wellsfargo.com.INVALID wrote:
I'm asking because we are doing a review of our base settings. We are 
using the CIS Benchmarks as a verification. One of these states to set 
matadata-complete to true. We have never used this setting in the past 
and I am worried about potential application breakage causing outages 
if we suddenly start setting this setting. Is there any potential 
issue with using this and if so what?


I know it's a convoluted question, but trying to mitigate risk as much 
as possible.


I've just done a quick review of the v1.2.0 benchmark for Tomcat 9.

1.1 Whoops. It tells you to delete the default ROOT web application with 
no consideration of whether you might have replaced the default ROOT web 
application with your own.


1.2 Incorrectly states the AJP connector is enabled by default. It has 
been disabled by default since Feb 2020. The CIS doc was updated Sept 
2022 more than 2 years later and it still got it wrong.


2.1 Only used in error pages and there are better ways to hide the 
server version if you want to.


2.2 Not necessary - it isn't exposed to clients. Changing this will just 
make debugging harder.


2.3 See 2.3

2.5 There are better ways to do this - configure a default error page.

2.6 There is an obvious copy/paste error in the audit section. One 
wonders how thoroughly this document was reviewed / proof-read.
The remediation is missing critical detail. Depending on what else is in 
the security constraint it may deny access to the entire application to 
all users or it could bypass all other configured constraints and allow 
all users unconstrained access.


2.7 Default is to send nothing which is better than the recommendation.

6.2-6.4 assumes direct access. If running behind a proxy these could be 
VERY wrong.


7.3 An access log per context is "unusual". It will also miss all the 
requests rejected before mapping occurs.


9 A recommendation to use a SecurityManager is more likely to break 
stuff then make it more secure.


10.1 Only helps on Windows.

10.2 No. Per context configuration should be in a context.xml file not 
server.xml.


10.3 Already present by default.


Sounds like 
https://cwiki.apache.org/confluence/display/TOMCAT/Community+Review+of+DISA+STIG


Shall we put together a community response to the CIS benchmarks?

OK. I'm bored of this now. Suffice to say I don't recommend using the 
CIS guide as anything more than a suggestion of things you might want to 
look at but treat their recommendations with a large pinch of salt and 
check the Tomcat docs for the relevant settings first.



I will skip forward and look at the metadata-complete recommendation 
though...


10.18 Hmm. A library that provides a web-fragement.xml is a security 
concern but we'll quietly ignore all the binary code that same JAR file 
is providing that could be doing literally anything. Logically, it makes 
no sense.


+1

Personally, I don't like fragments or annotations but it has nothing to 
do with security and everything to do with debugging. When things go 
wrong it is very hard to figure out which filters and servlet a request 
was mapped to and why if you don't have the full configuration in a 
single web.xml file. For that reason, I'd recommend logging the 
effective web.xml.


In terms of the recommendation, I'd ignore the metadata-complete 
suggestion. If your application does use fragments and/or annotations 
stuff will break.


+1

The metadata-complete thing isn't really a security control. IMHO it's 
much more of a performance optimization like "I know for sure I don't 
scatter my configuration around, so don't bother going to scan for it."


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Informal CIS Benchmark question

2023-06-12 Thread Mark Thomas


On 12/06/2023 19:13, jonmcalexan...@wellsfargo.com.INVALID wrote:

I'm asking because we are doing a review of our base settings. We are using the 
CIS Benchmarks as a verification. One of these states to set matadata-complete 
to true. We have never used this setting in the past and I am worried about 
potential application breakage causing outages if we suddenly start setting 
this setting. Is there any potential issue with using this and if so what?

I know it's a convoluted question, but trying to mitigate risk as much as 
possible.


I've just done a quick review of the v1.2.0 benchmark for Tomcat 9.

1.1 Whoops. It tells you to delete the default ROOT web application with 
no consideration of whether you might have replaced the default ROOT web 
application with your own.


1.2 Incorrectly states the AJP connector is enabled by default. It has 
been disabled by default since Feb 2020. The CIS doc was updated Sept 
2022 more than 2 years later and it still got it wrong.


2.1 Only used in error pages and there are better ways to hide the 
server version if you want to.


2.2 Not necessary - it isn't exposed to clients. Changing this will just 
make debugging harder.


2.3 See 2.3

2.5 There are better ways to do this - configure a default error page.

2.6 There is an obvious copy/paste error in the audit section. One 
wonders how thoroughly this document was reviewed / proof-read.
The remediation is missing critical detail. Depending on what else is in 
the security constraint it may deny access to the entire application to 
all users or it could bypass all other configured constraints and allow 
all users unconstrained access.


2.7 Default is to send nothing which is better than the recommendation.

6.2-6.4 assumes direct access. If running behind a proxy these could be 
VERY wrong.


7.3 An access log per context is "unusual". It will also miss all the 
requests rejected before mapping occurs.


9 A recommendation to use a SecurityManager is more likely to break 
stuff then make it more secure.


10.1 Only helps on Windows.

10.2 No. Per context configuration should be in a context.xml file not 
server.xml.


10.3 Already present by default.


OK. I'm bored of this now. Suffice to say I don't recommend using the 
CIS guide as anything more than a suggestion of things you might want to 
look at but treat their recommendations with a large pinch of salt and 
check the Tomcat docs for the relevant settings first.



I will skip forward and look at the metadata-complete recommendation 
though...


10.18 Hmm. A library that provides a web-fragement.xml is a security 
concern but we'll quietly ignore all the binary code that same JAR file 
is providing that could be doing literally anything. Logically, it makes 
no sense.


Personally, I don't like fragments or annotations but it has nothing to 
do with security and everything to do with debugging. When things go 
wrong it is very hard to figure out which filters and servlet a request 
was mapped to and why if you don't have the full configuration in a 
single web.xml file. For that reason, I'd recommend logging the 
effective web.xml.


In terms of the recommendation, I'd ignore the metadata-complete 
suggestion. If your application does use fragments and/or annotations 
stuff will break.


Mark




Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Informal CIS Benchmark question

2023-06-12 Thread jonmcalexander

I'm asking because we are doing a review of our base settings. We are using the 
CIS Benchmarks as a verification. One of these states to set matadata-complete 
to true. We have never used this setting in the past and I am worried about 
potential application breakage causing outages if we suddenly start setting 
this setting. Is there any potential issue with using this and if so what?

I know it's a convoluted question, but trying to mitigate risk as much as 
possible.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

Re: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

2023-05-09 Thread Mark Thomas


On 08/05/2023 22:04, Christopher Schultz wrote:

On 5/8/23 10:39, Mark Thomas wrote:




The port the client connects to is irrelevant. All that matters is the 
host in the request line and the host header.


1. The host header MUST be present
2. If a host is present in the request line it MUST be identical (host 
and port) to the host header.


nb the spec says that the URL takes precedence if there is a mismatch, 
but when setting allowHostHeaderMismatch="false" (the current default), 
then Tomcat is being stricter than the spec.


That is not correct. The two requirements stated above have been RFC 
"MUST" requirements since 2014.


RFC 2616 (June 1999) stated that any host in the request line takes 
precedence.


RFC 7230 (June 2014) stated that any host in the request line MUST match 
the host header although there is also language that suggests they might 
be different.


RFC 9112 (June 2022) states that any host in the request line MUST match 
the host header.


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

2023-05-08 Thread Alvaro Garay

Hi,

This makes sense now. Thank you for clarifying.

Best,
Alvaro

From: Christopher Schultz 
Sent: Monday, May 8, 2023 5:04 PM
To: users@tomcat.apache.org 
Subject: [EXTERNAL] Re: Question in regards to the Connector 
allowHostHeaderMismatch when it is set to "false"

Alvaro,

On 5/8/23 10:39, Mark Thomas wrote:
> On 08/05/2023 13:52, Alvaro Garay wrote:
>> Hi Mark,
>>
>> In the example above...the port remains the same (8143). How is it
>> different?
>
> GET http://myhostname.company.com/api/v1/endpoint   HTTP/1.1
>
> The host is "myhostname.company.com"
>
> Host: myhostname.company.com:8143
>
> The host is "myhostname.company.com:8143"
>
> "myhostname.company.com" != "myhostname.company.com:8143"
>
> The port the client connects to is irrelevant. All that matters is the
> host in the request line and the host header.
>
> 1. The host header MUST be present
> 2. If a host is present in the request line it MUST be identical (host
> and port) to the host header.

nb the spec says that the URL takes precedence if there is a mismatch,
but when setting allowHostHeaderMismatch="false" (the current default),
then Tomcat is being stricter than the spec.

The reason Tomcat is being stricter than the spec by default is because
usually Host <> URL host mismatch is an indication that the client is
doing something it should not be doing.

-chris

>> From: Mark Thomas 
>> Sent: Friday, May 5, 2023 4:56 PM
>> To: Tomcat Users List 
>> Subject: [EXTERNAL] Re: Question in regards to the Connector
>> allowHostHeaderMismatch when it is set to "false"
>>
>>
>> 5 May 2023 18:21:02 Alvaro Garay :
>>
>>> Hi,
>>>
>>>
>>> Tomcat version: 9.0.73
>>>
>>> Operating system: Unix z/OS System
>>>
>>>
>>>
>>> I have a question in regard to the Connector attribute
>>> allowHostHeaderMismatch=false which checks the request line is
>>> consistent with the Host Header.
>>>
>>> So in this scenario, I have the request line using the absolute path
>>> with a conflicting host header. The response is 400 Bad Request from
>>> Tomcat, which makes sense.
>>>
>>> telnet myhostname.company.com 8143
>>> GET http://myhostname.company.com/api/v1/endpoint   HTTP/1.1
>>> Host: facebook.com
>>>
>>>
>>> If I define a valid host header now, then the request is a success. So
>>> all is good.
>>>
>>> telnet myhostname.company.com 8143
>>> GET http://myhostname.company.com/api/v1/endpoint   HTTP/1.1
>>> Host: myhostname.company.com
>>>
>>> telnet 1.1.1.1 8143
>>> GET http://1.1.1.1/api/v1/endpoint   HTTP/1.1
>>> Host: 1.1.1.1
>>>
>>> However, as soon as I define a port number in the host header with
>>> syntax : then I get 400 Bad Request from Tomcat.
>>>
>>> telnet myhostname.company.com 8143
>>> GET http://myhostname.company.com/api/v1/endpoint   HTTP/1.1
>>> Host: myhostname.company.com:8143
>>>
>>> HTTP/1.1 400
>>> Content-Type: text/html;charset=utf-8
>>> Content-Language: en
>>> Content-Length: 762
>>> Date: Fri, 05 May 2023 15:27:09 GMT
>>> Connection: close
>>>
>>> HTTP Status 400 \u2013 Bad
>>> Requestbody
>>> {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
>>> {color:white;background-color:#525D76;} h1 {font-size:22px;} h2
>>> {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a
>>> {color:black;} .line
>>> {height:1px;background-color:#525D76;border:none;}HTTP
>>> Status 400 \u2013 Bad RequestType
>>> Status ReportDescription The server cannot or will not
>>> process the request due to something that is perceived to be a client
>>> error (e.g., malformed request syntax, invalid request message framing,
>>> or deceptive request routing).Apache
>>> Tomcat/9.0.73
>>>
>>> This request should be allowed right?
>>
>> No. Different port means a different host so Tomcat correctly rejects the
>> request.
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

2023-05-08 Thread Christopher Schultz


Alvaro,

On 5/8/23 10:39, Mark Thomas wrote:

On 08/05/2023 13:52, Alvaro Garay wrote:

Hi Mark,

In the example above...the port remains the same (8143). How is it 
different?


GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1

The host is "myhostname.company.com"

Host: myhostname.company.com:8143

The host is "myhostname.company.com:8143"

"myhostname.company.com" != "myhostname.company.com:8143"

The port the client connects to is irrelevant. All that matters is the 
host in the request line and the host header.


1. The host header MUST be present
2. If a host is present in the request line it MUST be identical (host 
and port) to the host header.


nb the spec says that the URL takes precedence if there is a mismatch, 
but when setting allowHostHeaderMismatch="false" (the current default), 
then Tomcat is being stricter than the spec.


The reason Tomcat is being stricter than the spec by default is because 
usually Host <> URL host mismatch is an indication that the client is 
doing something it should not be doing.


-chris


From: Mark Thomas 
Sent: Friday, May 5, 2023 4:56 PM
To: Tomcat Users List 
Subject: [EXTERNAL] Re: Question in regards to the Connector 
allowHostHeaderMismatch when it is set to "false"



5 May 2023 18:21:02 Alvaro Garay :


Hi,


Tomcat version: 9.0.73

Operating system: Unix z/OS System



I have a question in regard to the Connector attribute
allowHostHeaderMismatch=false which checks the request line is
consistent with the Host Header.

So in this scenario, I have the request line using the absolute path
with a conflicting host header. The response is 400 Bad Request from
Tomcat, which makes sense.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
Host: facebook.com


If I define a valid host header now, then the request is a success. So
all is good.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
Host: myhostname.company.com

telnet 1.1.1.1 8143
GET http://1.1.1.1/api/v1/endpoint  HTTP/1.1
Host: 1.1.1.1

However, as soon as I define a port number in the host header with
syntax : then I get 400 Bad Request from Tomcat.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
Host: myhostname.company.com:8143

HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 762
Date: Fri, 05 May 2023 15:27:09 GMT
Connection: close

HTTP Status 400 \u2013 Bad
Requestbody
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a
{color:black;} .line
{height:1px;background-color:#525D76;border:none;}HTTP
Status 400 \u2013 Bad RequestType
Status ReportDescription The server cannot or will not
process the request due to something that is perceived to be a client
error (e.g., malformed request syntax, invalid request message framing,
or deceptive request routing).Apache
Tomcat/9.0.73

This request should be allowed right?


No. Different port means a different host so Tomcat correctly rejects the
request.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

2023-05-08 Thread Mark Thomas


On 08/05/2023 13:52, Alvaro Garay wrote:

Hi Mark,

In the example above...the port remains the same (8143). How is it different?


GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1

The host is "myhostname.company.com"

Host: myhostname.company.com:8143

The host is "myhostname.company.com:8143"

"myhostname.company.com" != "myhostname.company.com:8143"

The port the client connects to is irrelevant. All that matters is the 
host in the request line and the host header.


1. The host header MUST be present
2. If a host is present in the request line it MUST be identical (host 
and port) to the host header.


Mark




From: Mark Thomas 
Sent: Friday, May 5, 2023 4:56 PM
To: Tomcat Users List 
Subject: [EXTERNAL] Re: Question in regards to the Connector allowHostHeaderMismatch when 
it is set to "false"


5 May 2023 18:21:02 Alvaro Garay :


Hi,


Tomcat version: 9.0.73

Operating system: Unix z/OS System



I have a question in regard to the Connector attribute
allowHostHeaderMismatch=false which checks the request line is
consistent with the Host Header.

So in this scenario, I have the request line using the absolute path
with a conflicting host header. The response is 400 Bad Request from
Tomcat, which makes sense.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
Host: facebook.com


If I define a valid host header now, then the request is a success. So
all is good.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
Host: myhostname.company.com

telnet 1.1.1.1 8143
GET http://1.1.1.1/api/v1/endpoint  HTTP/1.1
Host: 1.1.1.1

However, as soon as I define a port number in the host header with
syntax : then I get 400 Bad Request from Tomcat.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
Host: myhostname.company.com:8143

HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 762
Date: Fri, 05 May 2023 15:27:09 GMT
Connection: close

HTTP Status 400 \u2013 Bad
Requestbody
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a
{color:black;} .line
{height:1px;background-color:#525D76;border:none;}HTTP
Status 400 \u2013 Bad RequestType
Status ReportDescription The server cannot or will not
process the request due to something that is perceived to be a client
error (e.g., malformed request syntax, invalid request message framing,
or deceptive request routing).Apache
Tomcat/9.0.73

This request should be allowed right?


No. Different port means a different host so Tomcat correctly rejects the
request.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

2023-05-08 Thread Alvaro Garay

Hi Mark,

In the example above...the port remains the same (8143). How is it different?

From: Mark Thomas 
Sent: Friday, May 5, 2023 4:56 PM
To: Tomcat Users List 
Subject: [EXTERNAL] Re: Question in regards to the Connector 
allowHostHeaderMismatch when it is set to "false"


5 May 2023 18:21:02 Alvaro Garay :

> Hi,
>
>
> Tomcat version: 9.0.73
>
> Operating system: Unix z/OS System
>
>
>
> I have a question in regard to the Connector attribute
> allowHostHeaderMismatch=false which checks the request line is
> consistent with the Host Header.
>
> So in this scenario, I have the request line using the absolute path
> with a conflicting host header. The response is 400 Bad Request from
> Tomcat, which makes sense.
>
> telnet myhostname.company.com 8143
> GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
> Host: facebook.com
>
>
> If I define a valid host header now, then the request is a success. So
> all is good.
>
> telnet myhostname.company.com 8143
> GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
> Host: myhostname.company.com
>
> telnet 1.1.1.1 8143
> GET http://1.1.1.1/api/v1/endpoint  HTTP/1.1
> Host: 1.1.1.1
>
> However, as soon as I define a port number in the host header with
> syntax : then I get 400 Bad Request from Tomcat.
>
> telnet myhostname.company.com 8143
> GET http://myhostname.company.com/api/v1/endpoint  HTTP/1.1
> Host: myhostname.company.com:8143
>
> HTTP/1.1 400
> Content-Type: text/html;charset=utf-8
> Content-Language: en
> Content-Length: 762
> Date: Fri, 05 May 2023 15:27:09 GMT
> Connection: close
>
> HTTP Status 400 \u2013 Bad
> Requestbody
> {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
> {color:white;background-color:#525D76;} h1 {font-size:22px;} h2
> {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a
> {color:black;} .line
> {height:1px;background-color:#525D76;border:none;}HTTP
> Status 400 \u2013 Bad RequestType
> Status ReportDescription The server cannot or will not
> process the request due to something that is perceived to be a client
> error (e.g., malformed request syntax, invalid request message framing,
> or deceptive request routing).Apache
> Tomcat/9.0.73
>
> This request should be allowed right?

No. Different port means a different host so Tomcat correctly rejects the
request.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

2023-05-05 Thread Mark Thomas




5 May 2023 18:21:02 Alvaro Garay :


Hi,


Tomcat version: 9.0.73

Operating system: Unix z/OS System



I have a question in regard to the Connector attribute 
allowHostHeaderMismatch=false which checks the request line is 
consistent with the Host Header.


So in this scenario, I have the request line using the absolute path 
with a conflicting host header. The response is 400 Bad Request from 
Tomcat, which makes sense.


telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint HTTP/1.1
Host: facebook.com


If I define a valid host header now, then the request is a success. So 
all is good.


telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint HTTP/1.1
Host: myhostname.company.com

telnet 1.1.1.1 8143
GET http://1.1.1.1/api/v1/endpoint HTTP/1.1
Host: 1.1.1.1

However, as soon as I define a port number in the host header with 
syntax : then I get 400 Bad Request from Tomcat.


telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint HTTP/1.1
Host: myhostname.company.com:8143

HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 762
Date: Fri, 05 May 2023 15:27:09 GMT
Connection: close

HTTP Status 400 \u2013 Bad 
Requestbody 
</tt><tt>{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b 
</tt><tt>{color:white;background-color:#525D76;} h1 {font-size:22px;} h2 
</tt><tt>{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a 
</tt><tt>{color:black;} .line 
</tt><tt>{height:1px;background-color:#525D76;border:none;}HTTP 
Status 400 \u2013 Bad RequestType 
Status ReportDescription The server cannot or will not 
process the request due to something that is perceived to be a client 
error (e.g., malformed request syntax, invalid request message framing, 
or deceptive request routing).Apache 
Tomcat/9.0.73


This request should be allowed right?


No. Different port means a different host so Tomcat correctly rejects the 
request.


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question in regards to the Connector allowHostHeaderMismatch when it is set to "false"

2023-05-05 Thread Alvaro Garay

Hi,


Tomcat version: 9.0.73

Operating system: Unix z/OS System



I have a question in regard to the Connector attribute 
allowHostHeaderMismatch=false which checks the request line is consistent with 
the Host Header.

So in this scenario, I have the request line using the absolute path with a 
conflicting host header. The response is 400 Bad Request from Tomcat, which 
makes sense.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint HTTP/1.1
Host: facebook.com


If I define a valid host header now, then the request is a success. So all is 
good.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint HTTP/1.1
Host: myhostname.company.com

telnet 1.1.1.1 8143
GET http://1.1.1.1/api/v1/endpoint HTTP/1.1
Host: 1.1.1.1

However, as soon as I define a port number in the host header with syntax 
: then I get 400 Bad Request from Tomcat.

telnet myhostname.company.com 8143
GET http://myhostname.company.com/api/v1/endpoint HTTP/1.1
Host: myhostname.company.com:8143

HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 762
Date: Fri, 05 May 2023 15:27:09 GMT
Connection: close

HTTP Status 400 \u2013 Bad 
Requestbody 
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b 
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2 
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} 
.line 
{height:1px;background-color:#525D76;border:none;}HTTP 
Status 400 \u2013 Bad RequestType Status 
ReportDescription The server cannot or will not process the 
request due to something that is perceived to be a client error (e.g., 
malformed request syntax, invalid request message framing, or deceptive request 
routing).Apache Tomcat/9.0.73

This request should be allowed right?


Best,

Alvaro

Re: Question regarding config.ini 'answer file'

2023-03-28 Thread Mark Thomas


On 28/03/2023 20:49, Jason Murray | ROI Solutions wrote:

Hello,

Apologies if my this my first post is misdirected.


It isn't. All is good but thanks for checking.


In a nutshell: my goal is to automate Tomcat 8.5 upgrades on Windows Server as 
much as possible.

More specifically, I have been looking to create a config.ini 'answer' file for 
installing Tomcat 8.5.x as a service on a Windows Server system.


The installer Tomcat provides for Windows might not be the best way to 
do this. Splitting CATALINA_HOME and CATALINA_BASE (see "Advanced 
Configuration - Multiple Tomcat Instances" in RUNNING.txt) and using 
service.bat might be a simpler option.



Specifically, the values I am looking to set are:

   *   Server Shutdown Port
   *   HTTP/1.1 Connector Port
   *   Windows Service Name
   *   Roles
   *   Java path

I couldn't locate them, are they listed anywhere?


https://tomcat.apache.org/tomcat-8.5-doc/setup.html

HTH,

Mark




The install path is also needed, but as I understand it, this is set with the 
/D flag while running the tomcat installer exe, eg:
.\apache-tomcat-8.5.87.exe /S /D={install_directory} /C=config.ini

Thanks for any guidance!




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question regarding config.ini 'answer file'

2023-03-28 Thread Bill Stewart

On Tue, Mar 28, 2023 at 1:50 PM Jason Murray | ROI Solutions wrote:

In a nutshell: my goal is to automate Tomcat 8.5 upgrades on Windows Server
> as much as possible.
>

Are you sure you need Tomcat 8.5?

If you can use 9.x, my recommendation would be to install using this:

https://github.com/Bill-Stewart/ApacheTomcatSetup

It won't configure everything you're asking for, but it should get you most
of the way there.

The build process could be adjusted to accommodate 8.5, but I would think
9.x would be preferable.

Question regarding config.ini 'answer file'

2023-03-28 Thread Jason Murray | ROI Solutions

Hello,

Apologies if my this my first post is misdirected.

In a nutshell: my goal is to automate Tomcat 8.5 upgrades on Windows Server as 
much as possible.

More specifically, I have been looking to create a config.ini 'answer' file for 
installing Tomcat 8.5.x as a service on a Windows Server system.

Specifically, the values I am looking to set are:

  *   Server Shutdown Port
  *   HTTP/1.1 Connector Port
  *   Windows Service Name
  *   Roles
  *   Java path

I couldn't locate them, are they listed anywhere?

The install path is also needed, but as I understand it, this is set with the 
/D flag while running the tomcat installer exe, eg:
.\apache-tomcat-8.5.87.exe /S /D={install_directory} /C=config.ini

Thanks for any guidance!

RE: Quick Question with Tomcat 10.1x

2023-03-22 Thread jonmcalexander

Thank you, the Migration Tool fixed this up lickety-split.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.


> -Original Message-
> From: Christopher Schultz 
> Sent: Monday, March 20, 2023 6:43 PM
> To: users@tomcat.apache.org
> Subject: Re: Quick Question with Tomcat 10.1x
> 
> Jon,
> 
> On 3/16/23 15:19, jonmcalexan...@wellsfargo.com.INVALID wrote:
> >
> >> -Original Message-
> >> From: jonmcalexan...@wellsfargo.com.INVALID
> >> 
> >> Sent: Thursday, March 16, 2023 1:54 PM
> >> To: users@tomcat.apache.org
> >> Subject: RE: Quick Question with Tomcat 10.1x
> >>
> >>> -Original Message-
> >>> From: Torsten Krah 
> >>> Sent: Thursday, March 16, 2023 1:40 PM
> >>> To: Tomcat Users List 
> >>> Subject: Re: Quick Question with Tomcat 10.1x
> >>>
> >>>  schrieb am Do., 16. März
> >>> 2023,
> >>> 19:32:
> >>>
> >> 
> >>>
> >>> Please read
> >>>
> >>
> https://urldefense.com/v3/__https://tomcat.apache.org/whichversion.ht
> >> m
> >>> l
> >>
> __;!!F9svGWnIaVPGSwU!sqrCJdsIe3_3iYLirxu4vrA4Xj8DffbYlvj5JdwcXcILyGX
> >>> yLmBtRF78uePA8eNGJa8ahRawR8Fvw5jflikZzHI$  - you have used the
> >> wrong
> >>> servlet API version in your war file for tomcat 10.1 .
> >>
> >> Thank you so very much. This is exactly what I was looking for.
> >> FWIW, I'm not any type of developer, just slapped something together
> >> for my testing purposes. I'll see if I can figure out how to update my war
> file.
> >>
> >> Thank you,
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> > Another silly add on to this,
> >
> > Is it possible to reference multiple servlet specs? Or can you only 
> > reference
> 1?
> 
> Torsten's reply was technically correct but not entirely helpful.
> 
> Tomcat 10.1 implements the jakarta.servlet APIs but it has a feature would
> allows you to deploy a javax.servlet-based application onto it through one of
> two techniques:
> 
> 1. Use the tomcat-migration-tool [1] to convert your application WAR (or
> exploded WAR-directory) into a jakarta.servlet-compliant application.
> 
> 2. Use the legacyAppBase option[1] on your  ans just drop your
> javax.servlet-compliant application into there in either WAR or expanded-
> WAR format.
> 
> > Again, not a developer, so silly question I know.
> 
> This is not a silly question /at all/. It's quite complicated and I think the
> Tomcat team did a great job building a migration path for developers and
> admins who want to migrate from one major version of these APIs to
> another completely 100% incompatible version in a way that is nearly
> painless.
> 
> Note that you should encourage your development team to begin looking at
> migrating the original source from javax.servlet -> jakarta.servlet for a
> "complete" migration. It's probably not a great idea to just keep running the
> same old application without any changes forever and ever even if the
> servlet container allows you to do so :)
> 
> Hope that helps,
> -chris
> 
> [1] https://urldefense.com/v3/__https://tomcat.apache.org/download-
> migration.cgi__;!!F9svGWnIaVPGSwU!qD-
> Piu69IkRM061f2qi0iC8Oagbo158vkbPSBGRddFRLFfgD4CXcU2w7w9p5NFpkoZ
> PmzRxvhbrSl-svNxCLBFnG9GkRL9nT$
> [2] https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-10.1-
> doc/config/host.html__;!!F9svGWnIaVPGSwU!qD-
> Piu69IkRM061f2qi0iC8Oagbo158vkbPSBGRddFRLFfgD4CXcU2w7w9p5NFpkoZ
> PmzRxvhbrSl-svNxCLBFnG9GcEiYro$
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Quick Question with Tomcat 10.1x

2023-03-20 Thread jonmcalexander

Thank you Chris!

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

> -Original Message-
> From: Christopher Schultz 
> Sent: Monday, March 20, 2023 6:43 PM
> To: users@tomcat.apache.org
> Subject: Re: Quick Question with Tomcat 10.1x
> 
> Jon,
> 
> On 3/16/23 15:19, jonmcalexan...@wellsfargo.com.INVALID wrote:
> >
> >> -Original Message-
> >> From: jonmcalexan...@wellsfargo.com.INVALID
> >> 
> >> Sent: Thursday, March 16, 2023 1:54 PM
> >> To: users@tomcat.apache.org
> >> Subject: RE: Quick Question with Tomcat 10.1x
> >>
> >>> -Original Message-
> >>> From: Torsten Krah 
> >>> Sent: Thursday, March 16, 2023 1:40 PM
> >>> To: Tomcat Users List 
> >>> Subject: Re: Quick Question with Tomcat 10.1x
> >>>
> >>>  schrieb am Do., 16. März
> >>> 2023,
> >>> 19:32:
> >>>
> >> 
> >>>
> >>> Please read
> >>>
> >>
> https://urldefense.com/v3/__https://tomcat.apache.org/whichversion.ht
> >> m
> >>> l
> >>
> __;!!F9svGWnIaVPGSwU!sqrCJdsIe3_3iYLirxu4vrA4Xj8DffbYlvj5JdwcXcILyGX
> >>> yLmBtRF78uePA8eNGJa8ahRawR8Fvw5jflikZzHI$  - you have used the
> >> wrong
> >>> servlet API version in your war file for tomcat 10.1 .
> >>
> >> Thank you so very much. This is exactly what I was looking for.
> >> FWIW, I'm not any type of developer, just slapped something together
> >> for my testing purposes. I'll see if I can figure out how to update my war
> file.
> >>
> >> Thank you,
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> > Another silly add on to this,
> >
> > Is it possible to reference multiple servlet specs? Or can you only 
> > reference
> 1?
> 
> Torsten's reply was technically correct but not entirely helpful.
> 
> Tomcat 10.1 implements the jakarta.servlet APIs but it has a feature would
> allows you to deploy a javax.servlet-based application onto it through one of
> two techniques:
> 
> 1. Use the tomcat-migration-tool [1] to convert your application WAR (or
> exploded WAR-directory) into a jakarta.servlet-compliant application.
> 
> 2. Use the legacyAppBase option[1] on your  ans just drop your
> javax.servlet-compliant application into there in either WAR or expanded-
> WAR format.
> 
> > Again, not a developer, so silly question I know.
> 
> This is not a silly question /at all/. It's quite complicated and I think the
> Tomcat team did a great job building a migration path for developers and
> admins who want to migrate from one major version of these APIs to
> another completely 100% incompatible version in a way that is nearly
> painless.
> 
> Note that you should encourage your development team to begin looking at
> migrating the original source from javax.servlet -> jakarta.servlet for a
> "complete" migration. It's probably not a great idea to just keep running the
> same old application without any changes forever and ever even if the
> servlet container allows you to do so :)
> 
> Hope that helps,
> -chris
> 
> [1] https://urldefense.com/v3/__https://tomcat.apache.org/download-
> migration.cgi__;!!F9svGWnIaVPGSwU!qD-
> Piu69IkRM061f2qi0iC8Oagbo158vkbPSBGRddFRLFfgD4CXcU2w7w9p5NFpkoZ
> PmzRxvhbrSl-svNxCLBFnG9GkRL9nT$
> [2] https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-10.1-
> doc/config/host.html__;!!F9svGWnIaVPGSwU!qD-
> Piu69IkRM061f2qi0iC8Oagbo158vkbPSBGRddFRLFfgD4CXcU2w7w9p5NFpkoZ
> PmzRxvhbrSl-svNxCLBFnG9GcEiYro$
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Quick Question with Tomcat 10.1x

2023-03-20 Thread Christopher Schultz


Jon,

On 3/16/23 15:19, jonmcalexan...@wellsfargo.com.INVALID wrote:



-Original Message-
From: jonmcalexan...@wellsfargo.com.INVALID

Sent: Thursday, March 16, 2023 1:54 PM
To: users@tomcat.apache.org
Subject: RE: Quick Question with Tomcat 10.1x


-Original Message-
From: Torsten Krah 
Sent: Thursday, March 16, 2023 1:40 PM
To: Tomcat Users List 
Subject: Re: Quick Question with Tomcat 10.1x

 schrieb am Do., 16. März 2023,
19:32:





Please read


https://urldefense.com/v3/__https://tomcat.apache.org/whichversion.htm

l

__;!!F9svGWnIaVPGSwU!sqrCJdsIe3_3iYLirxu4vrA4Xj8DffbYlvj5JdwcXcILyGX

yLmBtRF78uePA8eNGJa8ahRawR8Fvw5jflikZzHI$  - you have used the

wrong

servlet API version in your war file for tomcat 10.1 .


Thank you so very much. This is exactly what I was looking for.
FWIW, I'm not any type of developer, just slapped something together for
my testing purposes. I'll see if I can figure out how to update my war file.

Thank you,

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


Another silly add on to this,

Is it possible to reference multiple servlet specs? Or can you only reference 1?


Torsten's reply was technically correct but not entirely helpful.

Tomcat 10.1 implements the jakarta.servlet APIs but it has a feature 
would allows you to deploy a javax.servlet-based application onto it 
through one of two techniques:


1. Use the tomcat-migration-tool [1] to convert your application WAR (or 
exploded WAR-directory) into a jakarta.servlet-compliant application.


2. Use the legacyAppBase option[1] on your  ans just drop your 
javax.servlet-compliant application into there in either WAR or 
expanded-WAR format.



Again, not a developer, so silly question I know.


This is not a silly question /at all/. It's quite complicated and I 
think the Tomcat team did a great job building a migration path for 
developers and admins who want to migrate from one major version of 
these APIs to another completely 100% incompatible version in a way that 
is nearly painless.


Note that you should encourage your development team to begin looking at 
migrating the original source from javax.servlet -> jakarta.servlet for 
a "complete" migration. It's probably not a great idea to just keep 
running the same old application without any changes forever and ever 
even if the servlet container allows you to do so :)


Hope that helps,
-chris

[1] https://tomcat.apache.org/download-migration.cgi
[2] https://tomcat.apache.org/tomcat-10.1-doc/config/host.html


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Quick Question with Tomcat 10.1x

2023-03-16 Thread jonmcalexander


> -Original Message-
> From: jonmcalexan...@wellsfargo.com.INVALID
> 
> Sent: Thursday, March 16, 2023 1:54 PM
> To: users@tomcat.apache.org
> Subject: RE: Quick Question with Tomcat 10.1x
> 
> > -Original Message-
> > From: Torsten Krah 
> > Sent: Thursday, March 16, 2023 1:40 PM
> > To: Tomcat Users List 
> > Subject: Re: Quick Question with Tomcat 10.1x
> >
> >  schrieb am Do., 16. März 2023,
> > 19:32:
> >
> 
> >
> > Please read
> >
> https://urldefense.com/v3/__https://tomcat.apache.org/whichversion.htm
> > l
> __;!!F9svGWnIaVPGSwU!sqrCJdsIe3_3iYLirxu4vrA4Xj8DffbYlvj5JdwcXcILyGX
> > yLmBtRF78uePA8eNGJa8ahRawR8Fvw5jflikZzHI$  - you have used the
> wrong
> > servlet API version in your war file for tomcat 10.1 .
> 
> Thank you so very much. This is exactly what I was looking for.
> FWIW, I'm not any type of developer, just slapped something together for
> my testing purposes. I'll see if I can figure out how to update my war file.
> 
> Thank you,
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Another silly add on to this,

Is it possible to reference multiple servlet specs? Or can you only reference 1?

Again, not a developer, so silly question I know.

Thanks again,



Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Quick Question with Tomcat 10.1x

2023-03-16 Thread jonmcalexander

> -Original Message-
> From: Torsten Krah 
> Sent: Thursday, March 16, 2023 1:40 PM
> To: Tomcat Users List 
> Subject: Re: Quick Question with Tomcat 10.1x
> 
>  schrieb am Do., 16. März 2023,
> 19:32:
> 

> 
> Please read
> https://urldefense.com/v3/__https://tomcat.apache.org/whichversion.html
> __;!!F9svGWnIaVPGSwU!sqrCJdsIe3_3iYLirxu4vrA4Xj8DffbYlvj5JdwcXcILyGX
> yLmBtRF78uePA8eNGJa8ahRawR8Fvw5jflikZzHI$  - you have used the wrong
> servlet API version in your war file for tomcat 10.1 .

Thank you so very much. This is exactly what I was looking for.
FWIW, I'm not any type of developer, just slapped something together for my 
testing purposes. I'll see if I can figure out how to update my war file.

Thank you,

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Quick Question with Tomcat 10.1x

2023-03-16 Thread Torsten Krah

 schrieb am Do., 16. März 2023,
19:32:

> Hi,
> I have a really simple war file I created to "test" that Tomcat is coming
> up and running. It works fine on Tomcat 8.5x, 9.0x, AND 10.0x, however on
> 10.1.7 I am getting this strange stack trace. I'm not able to determine
> just what is being called out.
>
> SEVERE: Servlet.service() for servlet [jsp] in context with path [/pouat]
> threw exception [java.lang.NoClassDefFoundError:
> javax/servlet/ServletResponse] with root cause
> java.lang.ClassNotFoundException: javax.servlet.ServletResponse
> at
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1437)
> at
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1245)
> at
> org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:122)
> at
> org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:58)
> at
> java.base/java.lang.Class.getDeclaredConstructors0(Native Method)
> at
> java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3137)
> at
> java.base/java.lang.Class.getConstructor0(Class.java:3342)
> at
> java.base/java.lang.Class.getConstructor(Class.java:2151)
> at
> org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:160)
> at
> org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:189)
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:410)
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380)
> at
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328)
> at
> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:814)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:223)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
> at
> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:119)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:400)
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:859)
> at org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1734)
> at org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:52)
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.base/java.lang.Thread.run(Thread.java:834)
>
> Any hints on what I should look at?
>
> The test site does have SSL enabled.
>
> Thank you,
>
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Senior Infrastructure Engineer
> Asst. Vice President
> He/His
>
> Middleware Product Engineering
> Enterprise CIO | EAS | Middleware |

Quick Question with Tomcat 10.1x

2023-03-16 Thread jonmcalexander

Hi,
I have a really simple war file I created to "test" that Tomcat is coming up 
and running. It works fine on Tomcat 8.5x, 9.0x, AND 10.0x, however on 10.1.7 I 
am getting this strange stack trace. I'm not able to determine just what is 
being called out.

SEVERE: Servlet.service() for servlet [jsp] in context with path [/pouat] threw 
exception [java.lang.NoClassDefFoundError: javax/servlet/ServletResponse] with 
root cause
java.lang.ClassNotFoundException: javax.servlet.ServletResponse
at 
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1437)
at 
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1245)
at 
org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:122)
at 
org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:58)
at java.base/java.lang.Class.getDeclaredConstructors0(Native 
Method)
at 
java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3137)
at java.base/java.lang.Class.getConstructor0(Class.java:3342)
at java.base/java.lang.Class.getConstructor(Class.java:2151)
at 
org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:160)
at 
org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:189)
at 
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:410)
at 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380)
at 
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328)
at 
jakarta.servlet.http.HttpServlet.service(HttpServlet.java:814)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:223)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
at 
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:119)
at 
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at 
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
at 
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:400)
at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:859)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1734)
at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at 
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at 
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)

Any hints on what I should look at?

The test site does have SSL enabled.

Thank you,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message

Re: Question about Redisson

2023-01-13 Thread Christopher Schultz


Doug,

On 1/12/23 15:51, Doug Whitfield wrote:
Also, Chris's suggesiton to look at 
org.apache.catalina.connector.RECYCLE_FACADES is a good first step.

Note that the value you need for that may not be what you expect.
It needs to be "true" whereas I read the name and think it should
be "false" to disable recycling.


Thanks for coming back to this. This is actually exactly where I
started, but I have not heard back, which is why I didn’t address
it.

BTW, can’t make any promises since not sure how far up things need to
go, but my initial suggestions to marketing about changing that text
on the landing page were met very positively. I’m OOO next week, so
suspect it’ll be a while before you hear anything back, but this
might get fixed next week.


Thank you very much. We do appreciate it, since we really do try to 
provide decent community support here.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about Redisson

2023-01-12 Thread Doug Whitfield

>Also, Chris's suggesiton to look at
>org.apache.catalina.connector.RECYCLE_FACADES is a good first step. Note
> that the value you need for that may not be what you expect. It needs to
> be "true" whereas I read the name and think it should be "false" to
> disable recycling.




Thanks for coming back to this. This is actually exactly where I started, but I 
have not heard back, which is why I didn’t address it.

BTW, can’t make any promises since not sure how far up things need to go, but 
my initial suggestions to marketing about changing that text on the landing 
page were met very positively. I’m OOO next week, so suspect it’ll be a while 
before you hear anything back, but this might get fixed next week.


This e-mail may contain information that is privileged or confidential. If you 
are not the intended recipient, please delete the e-mail and any attachments 
and notify us immediately.

Re: Question about Redisson

2023-01-10 Thread Mark Thomas


Doug,

There were a couple of questions in my original response it would be 
useful to get answers to.


Also, Chris's suggesiton to look at 
org.apache.catalina.connector.RECYCLE_FACADES is a good first step. Note 
that the value you need for that may not be what you expect. It needs to 
be "true" whereas I read the name and think it should be "false" to 
disable recycling.


Mark


On 10/01/2023 19:09, Doug Whitfield wrote:

First off, thanks for the link. I’m bringing this up with my manager who is 
much more likely to be able to make some headway with the marketing folks. 
There’s surely a marketing friendly way to say “Pay for SLA”.


Are you able to reproduce the same problem with a non-Redisson-based
segmented cluster, such as one using Tomcat's BackupManager?


No. I told them this was going to be the answer. In fact, this was our answer, 
but customer really, really thinks it is a Tomcat issue. Maybe it is, but I 
haven’t personally seen the evidence.

In any case, having the words in print rather than in prediction might help get 
us something more useful, like I think a heap dump might be.

Thanks!


This e-mail may contain information that is privileged or confidential. If you 
are not the intended recipient, please delete the e-mail and any attachments 
and notify us immediately.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about Redisson

2023-01-10 Thread Doug Whitfield

First off, thanks for the link. I’m bringing this up with my manager who is 
much more likely to be able to make some headway with the marketing folks. 
There’s surely a marketing friendly way to say “Pay for SLA”.

> Are you able to reproduce the same problem with a non-Redisson-based
> segmented cluster, such as one using Tomcat's BackupManager?

No. I told them this was going to be the answer. In fact, this was our answer, 
but customer really, really thinks it is a Tomcat issue. Maybe it is, but I 
haven’t personally seen the evidence.

In any case, having the words in print rather than in prediction might help get 
us something more useful, like I think a heap dump might be.

Thanks!


This e-mail may contain information that is privileged or confidential. If you 
are not the intended recipient, please delete the e-mail and any attachments 
and notify us immediately.

Re: Question about Redisson

2023-01-09 Thread Christopher Schultz


Doug,

On 1/9/23 15:48, Doug Whitfield wrote:

Interesting. I’m not on the marketing team. What comments are you
talking about? I can certainly try to get them removed.

I think he's talking about this:

"Don’t let your team waste another minute wading through outdated forums 
or online documentation to fix, secure, or maintain your 
mission-critical infrastructure. Get the technical support you need for 
the open source software you use — all in one place."


[https://www.openlogic.com/]


We don’t fork software which means when we find a bug we always work
with upstream to get it fixed. The idea that we don’t work with the
community when necessary is an insane for anything to put on our
website (doesn’t mean I have any power to fix the copy though).
Understood. I think Mark is mostly trying to make a point. He's 
obviously willing to engage on the actual question, as well, as you can see.


One thing I wanted to make perfectly clear, which is something I was 
confused about when first encountering the term "recycling" when it 
comes to certain types of object (like request, response, etc.) in 
Tomcat. When the Tomcat documentation says these objects are "recycled" 
it really means that they are "re-used". That is, assuming a stable 
server where no weird errors occur and the number of connections is 
relatively constant, no new Request and Response objects will be created 
over time. Instead, they will have their various fields blanked-out for 
re-use with a subsequent request. This is a performance optimization to 
avoid GC churn, since request and response objects are usually short-lived.


You can get an application to expose its misuse of request- or 
response-related objects by disabling this recycling in your 
configuration. The result is usually very obvious errors in the log file 
due to NPE or similar.


The first step toward debugging IHMO would be to disable recycling and 
repeat your tests. I'm assuming given your STR that this is trivially 
reproducible?


Are you able to reproduce the same problem with a non-Redisson-based 
segmented cluster, such as one using Tomcat's BackupManager?


-chris


From: Mark Thomas 
Date: Monday, January 9, 2023 at 12:12
To: users@tomcat.apache.org 
Subject: Re: Question about Redisson
Given the disparaging comments OpenLogic makes about obtaining support
for open source projects from a community forum, it is more than a tad
ironic to see an OpenLogic Enterprise Architect asking for help here.

I suggest that OpenLogic replace the text on their home page with
something rather more honest that reflects that OpenLogic turns to the
community forum when their Enterprise Architects need answers (which
you'll find in-line below).

On 09/01/2023 16:55, Doug Whitfield wrote:

Hi Tomcat Community,

We are seeing and issue that manifests as a cross session “bleeding” scenario. 
The issue is this:

1. User A make a new request and the request goes to pod A and gets Session1
2. User A's next request then gets redirected to pod B. The request is 
processed using Session1
3. User B now makes a new request and the request goes to pod B and instead of 
getting a new session, User B gets the same Session1 as User A

We are using https://github.com/redisson/redisson for caching with Tomcat 
9.0.58. Given the fixed bugs in the Tomcat changelog, I have suggested trying 
9.0.66 or later. However, this suggestion has been met with resistance.


Which bugs fixed between 9.0.58 and 9.0.66 do you believe are relevant
to this issue?

The only possibility I could see was "Improve the recycling of Processor
objects to make it more robust" which is the fix for CVE-2021-43980. You
will only hit that issue in specific circumstances that I do not wish to
make public. If you can provide OS/Java version info and the Connector
(and Executor if used) configuration from server.xml I can tell you if
you are likely to be affected by that issue.


For those unfamiliar with Redisson, I think the most important high-level piece 
from their docs is this:
“Redisson's Tomcat Session Manager allows you to store sessions of Apache 
Tomcat in Redis. It empowers you to distribute requests across a cluster of 
Tomcat servers. This is all done in non-sticky session management backed by 
Redis.”

I believe we could take a heap dump and get the answer, but at the moment that 
isn’t something we want to do.

My question, at the moment, is pretty simple. How does this interact with 
Tomcat? Would the session management bugs in Tomcat apply?


Almost certainly.

There are lots of ways to trigger response mix-up. The primary cause is
application bugs. This usually takes the form of the application
retaining a reference to the request and/or response object beyond the
end of processing for a single request/response. Tomcat recycles request
and response objects so these objects can be being used for a new
request while the application is still using them for the ol

Re: Question about Redisson

2023-01-09 Thread Doug Whitfield

Interesting. I’m not on the marketing team. What comments are you talking 
about? I can certainly try to get them removed.

We don’t fork software which means when we find a bug we always work with 
upstream to get it fixed. The idea that we don’t work with the community when 
necessary is an insane for anything to put on our website (doesn’t mean I have 
any power to fix the copy though).

Douglas Whitfield | Enterprise Architect, 
OpenLogic<https://www.openlogic.com/?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2019-common_content=email-signature-link>

From: Mark Thomas 
Date: Monday, January 9, 2023 at 12:12
To: users@tomcat.apache.org 
Subject: Re: Question about Redisson
Given the disparaging comments OpenLogic makes about obtaining support
for open source projects from a community forum, it is more than a tad
ironic to see an OpenLogic Enterprise Architect asking for help here.

I suggest that OpenLogic replace the text on their home page with
something rather more honest that reflects that OpenLogic turns to the
community forum when their Enterprise Architects need answers (which
you'll find in-line below).

On 09/01/2023 16:55, Doug Whitfield wrote:
> Hi Tomcat Community,
>
> We are seeing and issue that manifests as a cross session “bleeding” 
> scenario. The issue is this:
>
> 1. User A make a new request and the request goes to pod A and gets Session1
> 2. User A's next request then gets redirected to pod B. The request is 
> processed using Session1
> 3. User B now makes a new request and the request goes to pod B and instead 
> of getting a new session, User B gets the same Session1 as User A
>
> We are using https://github.com/redisson/redisson for caching with Tomcat 
> 9.0.58. Given the fixed bugs in the Tomcat changelog, I have suggested trying 
> 9.0.66 or later. However, this suggestion has been met with resistance.

Which bugs fixed between 9.0.58 and 9.0.66 do you believe are relevant
to this issue?

The only possibility I could see was "Improve the recycling of Processor
objects to make it more robust" which is the fix for CVE-2021-43980. You
will only hit that issue in specific circumstances that I do not wish to
make public. If you can provide OS/Java version info and the Connector
(and Executor if used) configuration from server.xml I can tell you if
you are likely to be affected by that issue.

> For those unfamiliar with Redisson, I think the most important high-level 
> piece from their docs is this:
> “Redisson's Tomcat Session Manager allows you to store sessions of Apache 
> Tomcat in Redis. It empowers you to distribute requests across a cluster of 
> Tomcat servers. This is all done in non-sticky session management backed by 
> Redis.”
>
> I believe we could take a heap dump and get the answer, but at the moment 
> that isn’t something we want to do.
>
> My question, at the moment, is pretty simple. How does this interact with 
> Tomcat? Would the session management bugs in Tomcat apply?

Almost certainly.

There are lots of ways to trigger response mix-up. The primary cause is
application bugs. This usually takes the form of the application
retaining a reference to the request and/or response object beyond the
end of processing for a single request/response. Tomcat recycles request
and response objects so these objects can be being used for a new
request while the application is still using them for the old request.

The next most frequent cause is Tomcat bugs. Generally, these take the
form of the request/response objects not being recycled correctly and
typically result in the same request and/or response object being used
for multiple concurrent requests/responses. Any bug of this nature will
be treated as a security issue so a CVE reference will be allocated and
it will be listed on the security pages.

Any session manager is going to susceptible to both types of bug
described above.

In theory, session mix-up could occur within a session manager but I
don't recall ever seeing a bug like that either in the Tomcat provided
managers or the various 3rd party managers like Redisson.

HTH,

Mark

>
> Best Regards,
>
> Douglas Whitfield | Enterprise Architect, 
> OpenLogic<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.openlogic.com%2F%3Futm_leadsource%3Demail-signature%26utm_source%3Doutlook-direct-email%26utm_medium%3Demail%26utm_campaign%3D2019-common%26utm_content%3Demail-signature-link=05%7C01%7Cdwhitfield%40perforce.com%7Cd109a4f9f10441e5895c08daf26d103e%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638088847521348881%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=KrMLo05t741I8SJsL24Fgu7gAR%2BUBfNVhbEVikiqZRU%3D=0>
> Perforce 
> Software<http://www.perforce.com/?utm_leadsource=email-signature_source=outlook-direct-email_me

Re: Question about Redisson

2023-01-09 Thread Mark Thomas

Given the disparaging comments OpenLogic makes about obtaining support
for open source projects from a community forum, it is more than a tad
ironic to see an OpenLogic Enterprise Architect asking for help here.

I suggest that OpenLogic replace the text on their home page with
something rather more honest that reflects that OpenLogic turns to the
community forum when their Enterprise Architects need answers (which
you'll find in-line below).

On 09/01/2023 16:55, Doug Whitfield wrote:

Hi Tomcat Community,

We are seeing and issue that manifests as a cross session “bleeding” scenario.
The issue is this:

1. User A make a new request and the request goes to pod A and gets Session1
2. User A's next request then gets redirected to pod B. The request is
processed using Session1
3. User B now makes a new request and the request goes to pod B and instead of
getting a new session, User B gets the same Session1 as User A

We are using https://github.com/redisson/redisson for caching with Tomcat
9.0.58. Given the fixed bugs in the Tomcat changelog, I have suggested trying
9.0.66 or later. However, this suggestion has been met with resistance.

Which bugs fixed between 9.0.58 and 9.0.66 do you believe are relevant
to this issue?

The only possibility I could see was "Improve the recycling of Processor
objects to make it more robust" which is the fix for CVE-2021-43980. You
will only hit that issue in specific circumstances that I do not wish to
make public. If you can provide OS/Java version info and the Connector
(and Executor if used) configuration from server.xml I can tell you if
you are likely to be affected by that issue.

For those unfamiliar with Redisson, I think the most important high-level piece
from their docs is this:
“Redisson's Tomcat Session Manager allows you to store sessions of Apache
Tomcat in Redis. It empowers you to distribute requests across a cluster of
Tomcat servers. This is all done in non-sticky session management backed by
Redis.”

I believe we could take a heap dump and get the answer, but at the moment that
isn’t something we want to do.

My question, at the moment, is pretty simple. How does this interact with
Tomcat? Would the session management bugs in Tomcat apply?

Almost certainly.

There are lots of ways to trigger response mix-up. The primary cause is
application bugs. This usually takes the form of the application
retaining a reference to the request and/or response object beyond the
end of processing for a single request/response. Tomcat recycles request
and response objects so these objects can be being used for a new
request while the application is still using them for the old request.

The next most frequent cause is Tomcat bugs. Generally, these take the
form of the request/response objects not being recycled correctly and
typically result in the same request and/or response object being used
for multiple concurrent requests/responses. Any bug of this nature will
be treated as a security issue so a CVE reference will be allocated and
it will be listed on the security pages.

Any session manager is going to susceptible to both types of bug
described above.

In theory, session mix-up could occur within a session manager but I
don't recall ever seeing a bug like that either in the Tomcat provided
managers or the various 3rd party managers like Redisson.

HTH,

Mark

Best Regards,

Douglas Whitfield | Enterprise Architect,
OpenLogic<https://www.openlogic.com/?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2019-common_content=email-signature-link>
Perforce
Software<http://www.perforce.com/?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>
P: +1 612.517.2100
Visit us on:
LinkedIn<https://www.linkedin.com/company/perforce?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>
|
Twitter<https://twitter.com/perforce?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>
|
Facebook<https://www.facebook.com/perforce/?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>
|
YouTube<https://www.youtube.com/user/perforcesoftware?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>

The Star Tribune recognizes Perforce as a Top Workplace in Minnesota. Read more
><https://www.startribune.com/top-workplaces/571419751/>

This e-mail may contain information that is privileged or confidential. If you
are not the intended recipient, please delete the e-mail and any attachments
and notify us immediately.

-
To unsubscribe, e-m

Question about Redisson

2023-01-09 Thread Doug Whitfield

Hi Tomcat Community,

We are seeing and issue that manifests as a cross session “bleeding” scenario. 
The issue is this:

1. User A make a new request and the request goes to pod A and gets Session1
2. User A's next request then gets redirected to pod B. The request is 
processed using Session1
3. User B now makes a new request and the request goes to pod B and instead of 
getting a new session, User B gets the same Session1 as User A

We are using https://github.com/redisson/redisson for caching with Tomcat 
9.0.58. Given the fixed bugs in the Tomcat changelog, I have suggested trying 
9.0.66 or later. However, this suggestion has been met with resistance.

For those unfamiliar with Redisson, I think the most important high-level piece 
from their docs is this:
“Redisson's Tomcat Session Manager allows you to store sessions of Apache 
Tomcat in Redis. It empowers you to distribute requests across a cluster of 
Tomcat servers. This is all done in non-sticky session management backed by 
Redis.”

I believe we could take a heap dump and get the answer, but at the moment that 
isn’t something we want to do.

My question, at the moment, is pretty simple. How does this interact with 
Tomcat? Would the session management bugs in Tomcat apply?

Best Regards,

Douglas Whitfield | Enterprise Architect, 
OpenLogic<https://www.openlogic.com/?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2019-common_content=email-signature-link>
Perforce 
Software<http://www.perforce.com/?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>
P: +1 612.517.2100 
Visit us on: 
LinkedIn<https://www.linkedin.com/company/perforce?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>
 | 
Twitter<https://twitter.com/perforce?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>
 | 
Facebook<https://www.facebook.com/perforce/?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>
 | 
YouTube<https://www.youtube.com/user/perforcesoftware?utm_leadsource=email-signature_source=outlook-direct-email_medium=email_campaign=2021-common_content=email-signature-link>

The Star Tribune recognizes Perforce as a Top Workplace in Minnesota. Read more 
><https://www.startribune.com/top-workplaces/571419751/>



This e-mail may contain information that is privileged or confidential. If you 
are not the intended recipient, please delete the e-mail and any attachments 
and notify us immediately.

RE: OT: Question on manager app in distro

2022-10-08 Thread jonmcalexander

Thanks!


Thanks,


Sent with BlackBerry Work (www.blackberry.com)

From: Chuck Caldarale 
Sent: Oct 8, 2022 8:57 AM
To: Tomcat Users List 
Subject: Re: OT: Question on manager app in distro


> On 2022 Oct 7, at 21:13, Chuck Caldarale  wrote:
>
>
>> On 2022 Oct 7, at 19:10,  
>>  wrote:
>>
>> If I wanted to possibly take parts of the manager application that comes 
>> with Tomcat and put bits and pieces together for an internal utility app 
>> (status stuff only), or figure out how it's done. Where would I find the 
>> code to do that? I've looked at the exploded war file and see absolutely NO 
>> code, so it must be "built in" to the Tomcat code (or that is my best guess).
>
> Yes, the logic is within the Manager servlet, not the JSP. Download the 
> Tomcat source code for the level you’re interested in:
>
>
> https://urldefense.com/v3/__https://tomcat.apache.org/download-10.cgi__;!!F9svGWnIaVPGSwU!uhyYl3t2YLrcl3M-c0PHAP3xwV-QjCsEAppuRTu7HuBJn4F2vT1Xpl7YrNBCYSDdb6mHsdA5CSaXjOEogITRyg$
>
> https://urldefense.com/v3/__https://tomcat.apache.org/download-90.cgi__;!!F9svGWnIaVPGSwU!uhyYl3t2YLrcl3M-c0PHAP3xwV-QjCsEAppuRTu7HuBJn4F2vT1Xpl7YrNBCYSDdb6mHsdA5CSaXjOH6JbMLTw$
>
> https://urldefense.com/v3/__https://tomcat.apache.org/download-80.cgi__;!!F9svGWnIaVPGSwU!uhyYl3t2YLrcl3M-c0PHAP3xwV-QjCsEAppuRTu7HuBJn4F2vT1Xpl7YrNBCYSDdb6mHsdA5CSaXjOF1w_mtqA$
>
> Look here to start:
>
>
> apache-tomcat-x.y.z-src/java/org/apache/catalina/manager/ManagerServlet.java
>
>  - Chuck
>

Might be easier to use JMX to access the internal Tomcat data, since there are 
JDK tools that can poke around inside Tomcat.

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT: Question on manager app in distro

2022-10-08 Thread jonmcalexander

Thank you Chuck!


Thanks,


Sent with BlackBerry Work (www.blackberry.com)

From: Chuck Caldarale 
Sent: Oct 7, 2022 9:15 PM
To: Tomcat Users List 
Subject: Re: OT: Question on manager app in distro


> On 2022 Oct 7, at 19:10,  
>  wrote:
>
> If I wanted to possibly take parts of the manager application that comes with 
> Tomcat and put bits and pieces together for an internal utility app (status 
> stuff only), or figure out how it's done. Where would I find the code to do 
> that? I've looked at the exploded war file and see absolutely NO code, so it 
> must be "built in" to the Tomcat code (or that is my best guess).

Yes, the logic is within the Manager servlet, not the JSP. Download the Tomcat 
source code for the level you’re interested in:


https://urldefense.com/v3/__https://tomcat.apache.org/download-10.cgi__;!!F9svGWnIaVPGSwU!prH0BytpMdqoquCfEGjqpjIvNONInHiqm23OXY9Y72qEFVM9cblbu55FIIr73Y_FcVrCpPeBgXK0ROzFNFZBjA$

https://urldefense.com/v3/__https://tomcat.apache.org/download-90.cgi__;!!F9svGWnIaVPGSwU!prH0BytpMdqoquCfEGjqpjIvNONInHiqm23OXY9Y72qEFVM9cblbu55FIIr73Y_FcVrCpPeBgXK0ROwSnIdXdA$

https://urldefense.com/v3/__https://tomcat.apache.org/download-80.cgi__;!!F9svGWnIaVPGSwU!prH0BytpMdqoquCfEGjqpjIvNONInHiqm23OXY9Y72qEFVM9cblbu55FIIr73Y_FcVrCpPeBgXK0ROzIEJWdxw$

Look here to start:


apache-tomcat-x.y.z-src/java/org/apache/catalina/manager/ManagerServlet.java

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OT: Question on manager app in distro

2022-10-08 Thread Chuck Caldarale



> On 2022 Oct 7, at 21:13, Chuck Caldarale  wrote:
> 
> 
>> On 2022 Oct 7, at 19:10,  
>>  wrote:
>> 
>> If I wanted to possibly take parts of the manager application that comes 
>> with Tomcat and put bits and pieces together for an internal utility app 
>> (status stuff only), or figure out how it's done. Where would I find the 
>> code to do that? I've looked at the exploded war file and see absolutely NO 
>> code, so it must be "built in" to the Tomcat code (or that is my best guess).
> 
> Yes, the logic is within the Manager servlet, not the JSP. Download the 
> Tomcat source code for the level you’re interested in:
> 
>   https://tomcat.apache.org/download-10.cgi
>   https://tomcat.apache.org/download-90.cgi
>   https://tomcat.apache.org/download-80.cgi
> 
> Look here to start:
> 
>   
> apache-tomcat-x.y.z-src/java/org/apache/catalina/manager/ManagerServlet.java
> 
>  - Chuck
> 

Might be easier to use JMX to access the internal Tomcat data, since there are 
JDK tools that can poke around inside Tomcat.

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OT: Question on manager app in distro

2022-10-07 Thread Chuck Caldarale



> On 2022 Oct 7, at 19:10,  
>  wrote:
> 
> If I wanted to possibly take parts of the manager application that comes with 
> Tomcat and put bits and pieces together for an internal utility app (status 
> stuff only), or figure out how it's done. Where would I find the code to do 
> that? I've looked at the exploded war file and see absolutely NO code, so it 
> must be "built in" to the Tomcat code (or that is my best guess).

Yes, the logic is within the Manager servlet, not the JSP. Download the Tomcat 
source code for the level you’re interested in:

https://tomcat.apache.org/download-10.cgi
https://tomcat.apache.org/download-90.cgi
https://tomcat.apache.org/download-80.cgi

Look here to start:


apache-tomcat-x.y.z-src/java/org/apache/catalina/manager/ManagerServlet.java

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

OT: Question on manager app in distro

2022-10-07 Thread jonmcalexander

Ok, so here I am again with a question that some may roll their eyes at. :)

If I wanted to possibly take parts of the manager application that comes with 
Tomcat and put bits and pieces together for an internal utility app (status 
stuff only), or figure out how it's done. Where would I find the code to do 
that? I've looked at the exploded war file and see absolutely NO code, so it 
must be "built in" to the Tomcat code (or that is my best guess).

Please let me know if it's possible.

Thank you,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.
*)7

Re: Question about upgrade from Tomcat 7 to Tomcat 9.0.67

2022-10-05 Thread Jason Wee

i would normally do a diff between your current version and the next
tomcat version you want to upgrade to and go through the diff slowly.
it is better to be careful and note the changes than sorry later.

On Wed, Oct 5, 2022 at 9:17 PM Mark Thomas  wrote:
>
>
>
> On 05/10/2022 09:17, Terry ST SY/OGCIO wrote:
> > Hi ,
> >
> > we would like to upgrade Tomcat 7 to Tomcat 9.0.67.
> >
> > Check on the major changes on Tomcat 7 to Tomcat 9. (One of the major 
> > change we initially spotted is the BIO connector used in Tomcat 7 for 
> > connector setup was removed in Tomcat 9: 
> > https://tomcat.apache.org/migration-9.html#BIO_connector_removed)
> >
> > For your reference, Http11Protocol was used in Tomcat 7, but since Tomcat 9 
> > removed it, we tried to Http11NioProtocol with same parameters in the 
> > tomcat config in “conf/server.xml. Is it a proper method for migrate the 
> > BIO connector ( Tomcat 7 ) to NIO connector ( Tomcat 9 ) ?
>
> Generally, I'd recommend the following:
>
> 1. Review the server.xml you use for Tomcat 7 and note each deviation
> from the defaults
> 2. Start with the default server.xml for 9.0.x and for each of the
> additional/changed settings noted in step 1, determine if you still
> need to apply it in Tomcat 9.
>
> The HttpNioProtocol is the default in 9.0.x. Generally, the settings
> will translate from 7.0.x but you should still review them to ensure
> they remain appropriate for your environment.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about upgrade from Tomcat 7 to Tomcat 9.0.67

2022-10-05 Thread Mark Thomas





On 05/10/2022 09:17, Terry ST SY/OGCIO wrote:

Hi ,

we would like to upgrade Tomcat 7 to Tomcat 9.0.67.

Check on the major changes on Tomcat 7 to Tomcat 9. (One of the major change we 
initially spotted is the BIO connector used in Tomcat 7 for connector setup was 
removed in Tomcat 9: 
https://tomcat.apache.org/migration-9.html#BIO_connector_removed)

For your reference, Http11Protocol was used in Tomcat 7, but since Tomcat 9 
removed it, we tried to Http11NioProtocol with same parameters in the tomcat 
config in “conf/server.xml. Is it a proper method for migrate the BIO connector 
( Tomcat 7 ) to NIO connector ( Tomcat 9 ) ?


Generally, I'd recommend the following:

1. Review the server.xml you use for Tomcat 7 and note each deviation
   from the defaults
2. Start with the default server.xml for 9.0.x and for each of the
   additional/changed settings noted in step 1, determine if you still
   need to apply it in Tomcat 9.

The HttpNioProtocol is the default in 9.0.x. Generally, the settings 
will translate from 7.0.x but you should still review them to ensure 
they remain appropriate for your environment.


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Question about upgrade from Tomcat 7 to Tomcat 9.0.67

2022-10-05 Thread Suvendu Sekhar Mondal

Hello Terry,

On Wed, Oct 5, 2022, 1:47 PM Terry ST SY/OGCIO 
wrote:

> Hi ,
>
> we would like to upgrade Tomcat 7 to Tomcat 9.0.67.
>
> Check on the major changes on Tomcat 7 to Tomcat 9. (One of the major
> change we initially spotted is the BIO connector used in Tomcat 7 for
> connector setup was removed in Tomcat 9:
> https://tomcat.apache.org/migration-9.html#BIO_connector_removed)
>
> For your reference, Http11Protocol was used in Tomcat 7, but since Tomcat
> 9 removed it, we tried to Http11NioProtocol with same parameters in the
> tomcat config in “conf/server.xml. Is it a proper method for migrate the
> BIO connector ( Tomcat 7 ) to NIO connector ( Tomcat 9 ) ?
>

That is the way to switch to NIO connector. You need to change the value of
protocol attribute of the connector tag like below:

protocol="org.apache.coyote.http11.Http11NioProtocol"

After that if you restart Tomcat, in startup log you'll see that NIO is
initialized. Also in thread dump thread name changes and becomes something
like "http-nio-*".

> Regards,
> Terry
>
>
>

Question about upgrade from Tomcat 7 to Tomcat 9.0.67

2022-10-05 Thread Terry ST SY/OGCIO

Hi ,

we would like to upgrade Tomcat 7 to Tomcat 9.0.67.

Check on the major changes on Tomcat 7 to Tomcat 9. (One of the major change we 
initially spotted is the BIO connector used in Tomcat 7 for connector setup was 
removed in Tomcat 9: 
https://tomcat.apache.org/migration-9.html#BIO_connector_removed)

For your reference, Http11Protocol was used in Tomcat 7, but since Tomcat 9 
removed it, we tried to Http11NioProtocol with same parameters in the tomcat 
config in “conf/server.xml. Is it a proper method for migrate the BIO connector 
( Tomcat 7 ) to NIO connector ( Tomcat 9 ) ?

Regards,
Terry

RE: OT: Question about TomcatX.exe files

2022-09-29 Thread jonmcalexander

Thank you for the additional information André

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.


> -Original Message-
> From: André Warnier (tomcat/perl) 
> Sent: Thursday, September 29, 2022 6:45 AM
> To: users@tomcat.apache.org
> Subject: Re: OT: Question about TomcatX.exe files
> 
> See also :
> https://urldefense.com/v3/__https://cwiki.apache.org/confluence/display/
> TOMCAT/Windows*Windows-
> Q11__;Iw!!F9svGWnIaVPGSwU!oORF3XFMCp_CBwVVxNpA17CA-
> cbuh7bYgIA5XjblWSdvohfeLer4mPk1Ok4Y4oPrAmYAHIWkliopF0lxnw$
> 
> On 28.09.2022 21:41, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Thank you Mark. I mainly wanted to have answers for when I will be
> > invariably questioned about it. :-). I knew about the naming, but
> > understand that these aren't recompiled for each release, so modifying
> > the version wouldn't work. (file/properties)
> >
> > Thanks,
> >
> > Dream * Excel * Explore * Inspire
> > Jon McAlexander
> > Senior Infrastructure Engineer
> > Asst. Vice President
> > He/His
> >
> > Middleware Product Engineering
> > Enterprise CIO | EAS | Middleware | Infrastructure Solutions
> >
> > 8080 Cobblestone Rd | Urbandale, IA 50322
> > MAC: F4469-010
> > Tel 515-988-2508 | Cell 515-988-2508
> >
> > jonmcalexan...@wellsfargo.com
> > This message may contain confidential and/or privileged information. If you
> are not the addressee or authorized to receive this for the addressee, you
> must not use, copy, disclose, or take any action based on this message or any
> information herein. If you have received this message in error, please advise
> the sender immediately by reply e-mail and delete this message. Thank you
> for your cooperation.
> >
> >> -Original Message-
> >> From: Mark Thomas 
> >> Sent: Wednesday, September 28, 2022 1:57 PM
> >> To: users@tomcat.apache.org
> >> Subject: Re: OT: Question about TomcatX.exe files
> >>
> >> On 28/09/2022 18:36, jonmcalexan...@wellsfargo.com.INVALID wrote:
> >>> Ok, this is a silly off-topic question, but is there an underlying
> >>> reason that
> >> the wrapper exe files for Windows Tomcat do not reflect the same file
> >> version as the implementation version found in the manifest of the
> >> bootstrap.jar? That version info matching the release version of the
> >> Tomcat release? I understand if these wrappers aren't recompiled each
> >> release, but if they are, why not make the versions reflect the Tomcat
> release?
> >>>
> >>> This seems to throw a loop at 3rd party software discovery tools
> >>> such as
> >> BigFix, ServiceNow, etc., as well as normalizations performed by
> >> vendors like Flexera.
> >>
> >> Those files are renamed Procrun files from Commons Daemon.
> >>
> >> The filesare never compiled as part of a Tomcat release (we use the
> >> binaries from Commons Daemon) but they can be renamed to anything
> you
> >> want but note the next point.
> >>
> >> The file name reflects the default service name so you don't have to
> >> specify the service name every time you call the executables.
> >>
> >> The default service name is TomcatX where X is the major version.
> >> This allows the service name to stay the same across minor and point
> >> release upgrades. Renaming the service every time you upgrade is
> >> likely to cause other issues - e.g. for software monitoring the service.
> >>
> >> Other naming schemes are possible. The current scheme seems to
> >> provide a reasonable solution for the majority of users. That said,
> >> if the community disagrees, it can always be changed.
> >>
> >> Mark
> >>
> >>
> >>>
> >>> Just curious.
> >>>
> >>> Thank you for your time.
> >>>
> >>> Dream * Excel * Explo

Re: OT: Question about TomcatX.exe files

2022-09-29 Thread tomcat/perl


See also : 
https://cwiki.apache.org/confluence/display/TOMCAT/Windows#Windows-Q11

On 28.09.2022 21:41, jonmcalexan...@wellsfargo.com.INVALID wrote:

Thank you Mark. I mainly wanted to have answers for when I will be invariably 
questioned about it. :-). I knew about the naming, but understand that these 
aren't recompiled for each release, so modifying the version wouldn't work. 
(file/properties)

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.


-Original Message-
From: Mark Thomas 
Sent: Wednesday, September 28, 2022 1:57 PM
To: users@tomcat.apache.org
Subject: Re: OT: Question about TomcatX.exe files

On 28/09/2022 18:36, jonmcalexan...@wellsfargo.com.INVALID wrote:

Ok, this is a silly off-topic question, but is there an underlying reason that

the wrapper exe files for Windows Tomcat do not reflect the same file
version as the implementation version found in the manifest of the
bootstrap.jar? That version info matching the release version of the Tomcat
release? I understand if these wrappers aren't recompiled each release, but
if they are, why not make the versions reflect the Tomcat release?


This seems to throw a loop at 3rd party software discovery tools such as

BigFix, ServiceNow, etc., as well as normalizations performed by vendors like
Flexera.

Those files are renamed Procrun files from Commons Daemon.

The filesare never compiled as part of a Tomcat release (we use the binaries
from Commons Daemon) but they can be renamed to anything you want but
note the next point.

The file name reflects the default service name so you don't have to specify
the service name every time you call the executables.

The default service name is TomcatX where X is the major version. This
allows the service name to stay the same across minor and point release
upgrades. Renaming the service every time you upgrade is likely to cause
other issues - e.g. for software monitoring the service.

Other naming schemes are possible. The current scheme seems to provide a
reasonable solution for the majority of users. That said, if the community
disagrees, it can always be changed.

Mark




Just curious.

Thank you for your time.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508



jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>

This message may contain confidential and/or privileged information. If you

are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, or take any action based on this message or any
information herein. If you have received this message in error, please advise
the sender immediately by reply e-mail and delete this message. Thank you
for your cooperation.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT: Question about TomcatX.exe files

2022-09-28 Thread jonmcalexander

Thank you Mark. I mainly wanted to have answers for when I will be invariably 
questioned about it. :-). I knew about the naming, but understand that these 
aren't recompiled for each release, so modifying the version wouldn't work. 
(file/properties)

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

> -Original Message-
> From: Mark Thomas 
> Sent: Wednesday, September 28, 2022 1:57 PM
> To: users@tomcat.apache.org
> Subject: Re: OT: Question about TomcatX.exe files
> 
> On 28/09/2022 18:36, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Ok, this is a silly off-topic question, but is there an underlying reason 
> > that
> the wrapper exe files for Windows Tomcat do not reflect the same file
> version as the implementation version found in the manifest of the
> bootstrap.jar? That version info matching the release version of the Tomcat
> release? I understand if these wrappers aren't recompiled each release, but
> if they are, why not make the versions reflect the Tomcat release?
> >
> > This seems to throw a loop at 3rd party software discovery tools such as
> BigFix, ServiceNow, etc., as well as normalizations performed by vendors like
> Flexera.
> 
> Those files are renamed Procrun files from Commons Daemon.
> 
> The filesare never compiled as part of a Tomcat release (we use the binaries
> from Commons Daemon) but they can be renamed to anything you want but
> note the next point.
> 
> The file name reflects the default service name so you don't have to specify
> the service name every time you call the executables.
> 
> The default service name is TomcatX where X is the major version. This
> allows the service name to stay the same across minor and point release
> upgrades. Renaming the service every time you upgrade is likely to cause
> other issues - e.g. for software monitoring the service.
> 
> Other naming schemes are possible. The current scheme seems to provide a
> reasonable solution for the majority of users. That said, if the community
> disagrees, it can always be changed.
> 
> Mark
> 
> 
> >
> > Just curious.
> >
> > Thank you for your time.
> >
> > Dream * Excel * Explore * Inspire
> > Jon McAlexander
> > Senior Infrastructure Engineer
> > Asst. Vice President
> > He/His
> >
> > Middleware Product Engineering
> > Enterprise CIO | EAS | Middleware | Infrastructure Solutions
> >
> > 8080 Cobblestone Rd | Urbandale, IA 50322
> > MAC: F4469-010
> > Tel 515-988-2508 | Cell 515-988-2508
> >
> >
> jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
> > This message may contain confidential and/or privileged information. If you
> are not the addressee or authorized to receive this for the addressee, you
> must not use, copy, disclose, or take any action based on this message or any
> information herein. If you have received this message in error, please advise
> the sender immediately by reply e-mail and delete this message. Thank you
> for your cooperation.
> >
> >
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OT: Question about TomcatX.exe files

2022-09-28 Thread Mark Thomas


On 28/09/2022 18:36, jonmcalexan...@wellsfargo.com.INVALID wrote:

Ok, this is a silly off-topic question, but is there an underlying reason that 
the wrapper exe files for Windows Tomcat do not reflect the same file version 
as the implementation version found in the manifest of the bootstrap.jar? That 
version info matching the release version of the Tomcat release? I understand 
if these wrappers aren't recompiled each release, but if they are, why not make 
the versions reflect the Tomcat release?

This seems to throw a loop at 3rd party software discovery tools such as 
BigFix, ServiceNow, etc., as well as normalizations performed by vendors like 
Flexera.


Those files are renamed Procrun files from Commons Daemon.

The filesare never compiled as part of a Tomcat release (we use the 
binaries from Commons Daemon) but they can be renamed to anything you 
want but note the next point.


The file name reflects the default service name so you don't have to 
specify the service name every time you call the executables.


The default service name is TomcatX where X is the major version. This 
allows the service name to stay the same across minor and point release 
upgrades. Renaming the service every time you upgrade is likely to cause 
other issues - e.g. for software monitoring the service.


Other naming schemes are possible. The current scheme seems to provide a 
reasonable solution for the majority of users. That said, if the 
community disagrees, it can always be changed.


Mark




Just curious.

Thank you for your time.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

OT: Question about TomcatX.exe files

2022-09-28 Thread jonmcalexander

Ok, this is a silly off-topic question, but is there an underlying reason that 
the wrapper exe files for Windows Tomcat do not reflect the same file version 
as the implementation version found in the manifest of the bootstrap.jar? That 
version info matching the release version of the Tomcat release? I understand 
if these wrappers aren't recompiled each release, but if they are, why not make 
the versions reflect the Tomcat release?

This seems to throw a loop at 3rd party software discovery tools such as 
BigFix, ServiceNow, etc., as well as normalizations performed by vendors like 
Flexera.

Just curious.

Thank you for your time.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

Re: Question about windows servers support platform for Tomcat 7 and Tomcat 9

2022-09-21 Thread Mark Thomas


On 21/09/2022 09:16, Terry ST SY/OGCIO wrote:

Dear Mark,

Many thanks for your reply.
As there is some limitation/dependence on upgrade Tomcat 7, may I know Tomcat 7 
the windows platform support status before Tomcat 7 end of support.


Tomcat 7 was supported on any Windows platform supported by Microsoft.

Mark



Regards,
Terry


-Original Message-
From: Mark Thomas 
Sent: Wednesday, September 21, 2022 4:10 PM
To: users@tomcat.apache.org
Subject: Re: Question about windows servers support platform for Tomcat 7 and 
Tomcat 9

On 21/09/2022 08:03, Terry ST SY/OGCIO wrote:

Dear Support,

We are using Tomcat 7 with Windows Server 2012 R2 at our servers and planned to 
upgrade tomcat and windows platform.

Can you update us the windows support platform for Tomcat 7 and Tomcat 9 for 
our ease planning.


Apache Tomcat 7 reached end of life 18 months ago and is no longer
supported:

https://tomcat.apache.org/tomcat-70-eol.html

Apache Tomcat 9.0.x is currently supported and, based on support periods for 
previous versions, I'd expect that support to last for a further 4-5 years. The 
end of life date, when decided, will be announced with at least 12 months 
notice.

Apache Tomcat 9 is a special case since it is the last version that implements 
Java EE (Tomcat 10 onwards implement Jakarta EE). The Tomcat community expects 
to provide support for Tomcat 9 for as long as there is a demand for a version 
of Tomcat that supports Java EE.

The exact detail of how extended Tomcat 9 support will work is TBD but it will 
be something like once Tomcat 9.0.x reaches end of life, Tomcat 9.10.x will be 
released which will be Tomcat 10 but with Java EE support. Once Tomcat 10 
reaches end of life, so will 9.10.x and 9.11.x will be released which will be 
Tomcat 11 but with Java EE support and so on.

Apache Tomcat is supported on any Windows platform currently supported by 
Microsoft.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

1 2 3 4 5 6 7 8 9 10 >

1 - 100 of 3906 matches

Mail list logo