Re: Documentation difference between Apache Tomcat 8.0 and 8.5

[Konstantin Kolinko]

вт, 12 февр. 2019 г. в 17:28, Christopher Schultz
:
>
> -BEGIN PGP SIGNED MESSAGE-
>
> Maybe so you can use syslog to aggregate all your logs? IFAIK, there
> is not a good way to send JULI logging to syslog, but log4j supports it.

Certainly, there exists a way. I have not used it yet though.

https://stackoverflow.com/questions/2311697/is-there-a-robust-java-util-logging-handler-implementation-of-syslog
http://rusv.github.io/agafua-syslog/

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Documentation difference between Apache Tomcat 8.0 and 8.5

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 2/12/19 05:51, Mark Thomas wrote:
> On 12/02/2019 09:24, Sashidharan Ramamurthy wrote:
>> Hi Tomcat User group,
>> 
>> In the "Logging In Tomcat" page, in 8.0 version, there is a link
>> and section detailing how to use Apache log4j instead of
>> "java.util.logging"
>> 
>> But the same content is not visible in 8.5 version.
>> 
>> My query is whether from 8.5 or above, is the capability of using
>> apache log4j disabled and we have to use only JULI? Also, there
>> is no tomcat-juli-adapters library in extras of apache 8.5
>> version.
>> 
>> We are using tomcat 8.5.33 in our machines.
>> 
>> Kindly answer this please!! Have removed the links where
>> documentation sites are mentioned..
> 
> Apache log4j 1.x is not longer supported so the adapters and
> associated documentation have been removed from 8.5.x onwards.
> 
> If you wish to use Apache log4j 2.x then you should be able to use
> the log4j / java.util.logging bridge although that does beg the
> question why?
> 
> Applications (as they always have been) are free to configure any 
> logging mechanism they wish. Why do you want to change the
> framework Tomcat uses for its internal logging?

Maybe so you can use syslog to aggregate all your logs? IFAIK, there
is not a good way to send JULI logging to syslog, but log4j supports it.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxi1/0ACgkQHPApP6U8
pFjKYhAAgkSOECLgPBximdZJack8Kaf/aStIjhZZrPazhj4BInt0kt6QFfYzPE08
uZiYUs4+G9j+Wv2yGcF8IPtDzdcL+dsDZEuJ/saNVITLeiNJlndJvjJyRNCQZrA8
R5UKzKcgnDeBHMY/phn/h8/josaaPO9jFXx+UwvRwDtQ+elu5n08sOMDJNvi+lWS
B8wjQJGGl25XZo536kqCHjmuObhlVliz2Og53u8o31lN25grCh/5N/FsS6ccoSth
loJLjsyQ4kEYSAk9TD+oMMbJNx1Z5obtY4E0FZMspnS+Y1k5NnSTKLbV+yQtlORx
XY2V+Qc18Tfk1cbcgwnWkBVvpPfkGPpksYxFix/lPt/b8E3V5q7byXBKbAtCeAlG
2ejb48wSY0UOrKpJQcFmm85OrQKKoPa9Juv7V28hRfgEasvHjiJZB59DrNRBkWAl
P9zVYy/eSQTof+FJm37kO9u8rXoU6uV1oNeN/v6QR1xpQyvngWmi3MpLVP3n/A3k
/E1bNP10RrTBtlk9RHWhhVdS/2tjkBdCwUcgAq2+oZMyUXdEyaBjtQIsK3R+GuXI
KnPB2Rp1upLo5SgtGNfgdX+NMVF54nEY8b/AxUXsYMugUbFBk3PcQk6ARBkkAcbK
urt5hAy9T/vImQ8+0CTImTkG9NLsodjVMNIPQkBxf7qJ5tpDThw=
=AhDx
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Documentation difference between Apache Tomcat 8.0 and 8.5

[Mark Thomas]

On 12/02/2019 09:24, Sashidharan Ramamurthy wrote:
> Hi Tomcat User group,
> 
> In the "Logging In Tomcat" page, in 8.0 version, there is a link and section 
> detailing how to use Apache log4j instead of "java.util.logging"
> 
> But the same content is not visible in 8.5 version.
> 
> My query is whether from 8.5 or above, is the capability of using apache 
> log4j disabled and we have to use only JULI? Also, there is no 
> tomcat-juli-adapters library in extras of apache 8.5 version.
> 
> We are using tomcat 8.5.33 in our machines.
> 
> Kindly answer this please!! Have removed the links where documentation sites 
> are mentioned..

Apache log4j 1.x is not longer supported so the adapters and associated
documentation have been removed from 8.5.x onwards.

If you wish to use Apache log4j 2.x then you should be able to use the
log4j / java.util.logging bridge although that does beg the question why?

Applications (as they always have been) are free to configure any
logging mechanism they wish. Why do you want to change the framework
Tomcat uses for its internal logging?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Documentation difference between Apache Tomcat 8.0 and 8.5

[Sashidharan Ramamurthy]

Hi Tomcat User group,

In the "Logging In Tomcat" page, in 8.0 version, there is a link and section 
detailing how to use Apache log4j instead of "java.util.logging"

But the same content is not visible in 8.5 version.

My query is whether from 8.5 or above, is the capability of using apache log4j 
disabled and we have to use only JULI? Also, there is no tomcat-juli-adapters 
library in extras of apache 8.5 version.

We are using tomcat 8.5.33 in our machines.

Kindly answer this please!! Have removed the links where documentation sites 
are mentioned..

Thanks and Regards,
Sashi

Documentation difference between Apache Tomcat 8.0 and 8.5

[Sashidharan Ramamurthy]

Hi Tomcat User group,

In the "Logging In Tomcat" page, in 8.0 version, there is a link and section 
detailing how to use Apache log4j instead of "java.util.logging"

But the same content is not visible in 8.5 version.

Please note both pages reference below.

https://tomcat.apache.org/tomcat-8.0-doc/logging.html#Using_Log4j
https://tomcat.apache.org/tomcat-8.5-doc/logging.html

My query is whether from 8.5 or above, is the capability of using apache log4j 
disabled and we have to use only JULI? Also, there is no tomcat-juli-adapters 
library in extras of apache 8.5 version.

We are using tomcat 8.5.33 in our machines.

Kindly answer this please!!

Thanks and Regards,
Sashi

Re: [tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

[Martynas Jusevičius]

I've solved this by removing the  completely and
doing a 301 redirect to https:// in nginx (which is in front of
Tomcat) instead:
https://nginx.org/en/docs/http/converting_rewrite_rules.html

Also added HTST header as suggested in this thread:
https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#HTTP_Header_Security_Filter

On Fri, Aug 17, 2018 at 8:24 PM, Christopher Schultz
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Mark,
>
> On 8/17/18 11:49 AM, Mark Thomas wrote:
>> On 17/08/18 14:57, Christopher Schultz wrote:
>>> Mark,
>>>
>>> On 8/17/18 4:09 AM, Mark Thomas wrote:
>>>> On 16/08/18 13:40, Martynas Jusevičius wrote:
>>>>> Hi,
>>>>>
>>>>> my initial observations suggest, and SO post [1] seems to
>>>>> confirm, that when
>>>>>
>>>>> 
>>>>> CONFIDENTIAL
>>>>> 
>>>>>
>>>>> is specified on a security-constraint in web.xml, Tomcat does
>>>>> two things: 1. automatically redirects to HTTPS 2. appends
>>>>> Cache-Control: private and Expires: Thu, 01 Jan 1970 01:00:00
>>>>> CET response headers
>>>>>
>>>>> Is that correct?
>>>
>>>> It is broader than that. Tomcat adds those headers to any
>>>> resource that is protected by any security constraint.
>>>
>>>>> I had added the CONFIDENTIAL because I want the redirect to
>>>>> HTTPS. What I don't want is Tomcat overriding my caching
>>>>> headers and effectively disabling browser caching.
>>>
>>>> Those headers shouldn't disable browser caching.
>>>
>>> Expires: 1970 certainly effectively disables browsed caching.
>>
>> My understanding was that the browser caches the resource but marks
>> it as stale which means it needs validation on the next request.
>
> That's essentially the same thing. The server can still return a 304
> response if the browser thinks it has an up-to-date copy, but it's
> still a round-trip to the server that might be avoided.
>
>>>> They will mean the client has to revalidate the request. How
>>>> relatively expensive that is will depend on the resources.
>>>
>>>>> Why in the world would those two things be conflated?
>>>
>>>> Security. Any resource protected by a security constraint
>>>> should not be stored in a shared cache else information
>>>> disclosure could occur.
>>>
>>> I'm curious, too: I can understand the "Cache-Control" header,
>>> but why the "Expires" one? What about some CSS file that can
>>> surely be cached by the browser?
>>
>> Looks like an HTTP/1.0 solution from a very short amount of
>> research. Revalidation for a static file shouldn't be too
>> expensive.
>>
>>> Is it possible for a servlet to override a single header -- say,
>>> the "Expires" header? It might be nice to have a facility to
>>> allow applications to override maybe just this one header (or,
>>> optionally, just one *other* header). I glossed-over the servlet
>>> spec and I don't see much in the way of proscriptions for
>>> precisely how to handle security-constraints e.g. when it comes
>>> to setting headers.
>>
>> It depends when the header is added. In this case the Authenticator
>> adds them before the filter chain is invoked so it should be
>> possible for an application to remove them.
>
> That's very good to know.
>
> There are very few headers that Tomcat automatically adds (at any
> stage). Could those be described somewhere including when/where they
> are added and whether they can be overridden?
>
> For example, I tried (and failed) to override the "Date" response
> header at some point while testing my "replay response" sample code.
> It might be nice to know that Tomcat adds (overwrites) that header
> fairly late in the process.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlt3EskACgkQHPApP6U8
> pFg9TQ/9E2lLXq8ZjBBU1bMvd66jHJ4RgruQYG3sViaTA6xkk0zF1YWmAH0fquZV
> Xnid0102FteOZ7uqsMvzIRNywvnuL6S1nq9ItIvBMIQofZZnTnu275Xetq6smOHR
> j+o51S1sq5WwFP1ypijnYwT1KHmc1eQ9XwubsxmWgxVw33nJNhfsLr2BWMs9xWsT
> lG+iHA1ArIxRjx/oTtjuZAXgyH2PsB5T91huOmrzeR9uXbXfUGj+/qCoS33KcMyq
> +qQT/iDFH/z6i0g50a95fl6dLb3Tizmpwk7xikhd4eZ+D05qJEQAH0Vnyff8a/NA
> leHjeouGgo0ZaSBGWByYDZno1q34QkwOUfv6UGaHD0fw21yGsxWt1mfo6jedHNQ3
> ZhXbEQMhM8uYIHYuKAaMcXSEbOvMkd7SsoqZGRzK6t1HptgtGN6NyRQA9U6hLT8I
> 5eGad3Bdx2nbnR7KDqcizJZ/Ulx5Be6XIQE4pncf2OLgfB6H3EkJ8FUkeU74i6W5
> se0z9vECh7zBxEAaCm0u7bVH1NK5zZKcOgPxzFvtHrkj7bnpBXcN9Qm6G1OkEfjG
> d7rxnQtzG/d38YL0LQy3VsMp+q0Va9sRSztKpmmSU+se2904R/mj4ITz3M7e6VTE
> 1+LhS4WSf4yriC7qmShd5d/CzDW3Pvz0S0uyoV5MduQWtBbnDbQ=
> =8Svp
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 8/17/18 11:49 AM, Mark Thomas wrote:
> On 17/08/18 14:57, Christopher Schultz wrote:
>> Mark,
>> 
>> On 8/17/18 4:09 AM, Mark Thomas wrote:
>>> On 16/08/18 13:40, Martynas Jusevičius wrote:
 Hi,
 
 my initial observations suggest, and SO post [1] seems to 
 confirm, that when
 
  
 CONFIDENTIAL 
 
 
 is specified on a security-constraint in web.xml, Tomcat does
 two things: 1. automatically redirects to HTTPS 2. appends 
 Cache-Control: private and Expires: Thu, 01 Jan 1970 01:00:00
 CET response headers
 
 Is that correct?
>> 
>>> It is broader than that. Tomcat adds those headers to any
>>> resource that is protected by any security constraint.
>> 
 I had added the CONFIDENTIAL because I want the redirect to 
 HTTPS. What I don't want is Tomcat overriding my caching
 headers and effectively disabling browser caching.
>> 
>>> Those headers shouldn't disable browser caching.
>> 
>> Expires: 1970 certainly effectively disables browsed caching.
> 
> My understanding was that the browser caches the resource but marks
> it as stale which means it needs validation on the next request.

That's essentially the same thing. The server can still return a 304
response if the browser thinks it has an up-to-date copy, but it's
still a round-trip to the server that might be avoided.

>>> They will mean the client has to revalidate the request. How 
>>> relatively expensive that is will depend on the resources.
>> 
 Why in the world would those two things be conflated?
>> 
>>> Security. Any resource protected by a security constraint
>>> should not be stored in a shared cache else information
>>> disclosure could occur.
>> 
>> I'm curious, too: I can understand the "Cache-Control" header,
>> but why the "Expires" one? What about some CSS file that can
>> surely be cached by the browser?
> 
> Looks like an HTTP/1.0 solution from a very short amount of
> research. Revalidation for a static file shouldn't be too
> expensive.
> 
>> Is it possible for a servlet to override a single header -- say,
>> the "Expires" header? It might be nice to have a facility to
>> allow applications to override maybe just this one header (or,
>> optionally, just one *other* header). I glossed-over the servlet
>> spec and I don't see much in the way of proscriptions for
>> precisely how to handle security-constraints e.g. when it comes
>> to setting headers.
> 
> It depends when the header is added. In this case the Authenticator
> adds them before the filter chain is invoked so it should be
> possible for an application to remove them.

That's very good to know.

There are very few headers that Tomcat automatically adds (at any
stage). Could those be described somewhere including when/where they
are added and whether they can be overridden?

For example, I tried (and failed) to override the "Date" response
header at some point while testing my "replay response" sample code.
It might be nice to know that Tomcat adds (overwrites) that header
fairly late in the process.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlt3EskACgkQHPApP6U8
pFg9TQ/9E2lLXq8ZjBBU1bMvd66jHJ4RgruQYG3sViaTA6xkk0zF1YWmAH0fquZV
Xnid0102FteOZ7uqsMvzIRNywvnuL6S1nq9ItIvBMIQofZZnTnu275Xetq6smOHR
j+o51S1sq5WwFP1ypijnYwT1KHmc1eQ9XwubsxmWgxVw33nJNhfsLr2BWMs9xWsT
lG+iHA1ArIxRjx/oTtjuZAXgyH2PsB5T91huOmrzeR9uXbXfUGj+/qCoS33KcMyq
+qQT/iDFH/z6i0g50a95fl6dLb3Tizmpwk7xikhd4eZ+D05qJEQAH0Vnyff8a/NA
leHjeouGgo0ZaSBGWByYDZno1q34QkwOUfv6UGaHD0fw21yGsxWt1mfo6jedHNQ3
ZhXbEQMhM8uYIHYuKAaMcXSEbOvMkd7SsoqZGRzK6t1HptgtGN6NyRQA9U6hLT8I
5eGad3Bdx2nbnR7KDqcizJZ/Ulx5Be6XIQE4pncf2OLgfB6H3EkJ8FUkeU74i6W5
se0z9vECh7zBxEAaCm0u7bVH1NK5zZKcOgPxzFvtHrkj7bnpBXcN9Qm6G1OkEfjG
d7rxnQtzG/d38YL0LQy3VsMp+q0Va9sRSztKpmmSU+se2904R/mj4ITz3M7e6VTE
1+LhS4WSf4yriC7qmShd5d/CzDW3Pvz0S0uyoV5MduQWtBbnDbQ=
=8Svp
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

[Mark Thomas]

On 17/08/18 14:57, Christopher Schultz wrote:
> Mark,
> 
> On 8/17/18 4:09 AM, Mark Thomas wrote:
>> On 16/08/18 13:40, Martynas Jusevičius wrote:
>>> Hi,
>>>
>>> my initial observations suggest, and SO post [1] seems to
>>> confirm, that when
>>>
>>>  
>>> CONFIDENTIAL 
>>> 
>>>
>>> is specified on a security-constraint in web.xml, Tomcat does two
>>> things: 1. automatically redirects to HTTPS 2. appends
>>> Cache-Control: private and Expires: Thu, 01 Jan 1970 01:00:00 CET
>>> response headers
>>>
>>> Is that correct?
> 
>> It is broader than that. Tomcat adds those headers to any resource
>> that is protected by any security constraint.
> 
>>> I had added the CONFIDENTIAL because I want the redirect to
>>> HTTPS. What I don't want is Tomcat overriding my caching headers
>>> and effectively disabling browser caching.
> 
>> Those headers shouldn't disable browser caching.
> 
> Expires: 1970 certainly effectively disables browsed caching.

My understanding was that the browser caches the resource but marks it
as stale which means it needs validation on the next request.

>> They will mean the client has to revalidate the request. How 
>> relatively expensive that is will depend on the resources.
> 
>>> Why in the world would those two things be conflated?
> 
>> Security. Any resource protected by a security constraint should
>> not be stored in a shared cache else information disclosure could
>> occur.
> 
> I'm curious, too: I can understand the "Cache-Control" header, but why
> the "Expires" one? What about some CSS file that can surely be cached
> by the browser?

Looks like an HTTP/1.0 solution from a very short amount of research.
Revalidation for a static file shouldn't be too expensive.

> Is it possible for a servlet to override a single header -- say, the
> "Expires" header? It might be nice to have a facility to allow
> applications to override maybe just this one header (or, optionally,
> just one *other* header). I glossed-over the servlet spec and I don't
> see much in the way of proscriptions for precisely how to handle
> security-constraints e.g. when it comes to setting headers.

It depends when the header is added. In this case the Authenticator adds
them before the filter chain is invoked so it should be possible for an
application to remove them.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 8/17/18 4:09 AM, Mark Thomas wrote:
> On 16/08/18 13:40, Martynas Jusevičius wrote:
>> Hi,
>> 
>> my initial observations suggest, and SO post [1] seems to
>> confirm, that when
>> 
>>  
>> CONFIDENTIAL 
>> 
>> 
>> is specified on a security-constraint in web.xml, Tomcat does two
>> things: 1. automatically redirects to HTTPS 2. appends
>> Cache-Control: private and Expires: Thu, 01 Jan 1970 01:00:00 CET
>> response headers
>> 
>> Is that correct?
> 
> It is broader than that. Tomcat adds those headers to any resource
> that is protected by any security constraint.
> 
>> I had added the CONFIDENTIAL because I want the redirect to
>> HTTPS. What I don't want is Tomcat overriding my caching headers
>> and effectively disabling browser caching.
> 
> Those headers shouldn't disable browser caching.

Expires: 1970 certainly effectively disables browsed caching.

> They will mean the client has to revalidate the request. How 
> relatively expensive that is will depend on the resources.
> 
>> Why in the world would those two things be conflated?
> 
> Security. Any resource protected by a security constraint should
> not be stored in a shared cache else information disclosure could
> occur.

I'm curious, too: I can understand the "Cache-Control" header, but why
the "Expires" one? What about some CSS file that can surely be cached
by the browser?

>> And how do I disable this header override behavior?
>> 
>> Does disableProxyCaching attribute need to be set to false to in
>> order to do that? [2]
> 
> That would work. The consequence is that the application has to
> take responsibility for setting all of the caching headers -
> including those served by container servlets such as static
> resources and JSPs.

Is it possible for a servlet to override a single header -- say, the
"Expires" header? It might be nice to have a facility to allow
applications to override maybe just this one header (or, optionally,
just one *other* header). I glossed-over the servlet spec and I don't
see much in the way of proscriptions for precisely how to handle
security-constraints e.g. when it comes to setting headers.

This is an academic question for me... all of our static resources are
served by httpd and not Tomcat, so those headers that are advantageous
for caching are handled there and not in Tomcat.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlt21EkACgkQHPApP6U8
pFiJBRAAx/e2eagrr6OFv8yrX0C3ckxTC3aahSqGISieunlBb1TypdygqAtt0/Ro
P+40LplhT17U+bvFU1HYacq2m4lswYUosaPKRcQEh5lqcP0DXCMPX3kBk0C8Wlw1
g5aJMha/21YDZysITzJzppGiBtqSIsdKH8yIhgOf1yR5U/oMR4UMFMDqZI1cLf4X
vPDROT3f+SNLfmPglXMlGbYvXI2fauel1sHbdjttUNdbneAVJwDS5Szc36uj2Cpq
7SophzD37FbroBfa/Ylxs5yI+p88gQjOHS96ebqNElNtosiidrwK6ysn8qVtgbGb
v4oZeWqahrwkDRBibWAIGJjiNiO0/pB2hLSuxuuBG1JapTOeawZ8WwJLTZ9iiX71
ThI7L7t7iBEIB1I1dpq8KrIUP/dJc6H0ekFlW6Q87cZcvWTyRB45gibNC2tRNxwz
7x2Pm7MU0eB7fihKNJuMmYUY0N+QUlqetMEkwEFbmMrIL4Wn6MGTAYgRu3Y5OqE1
Ctlil/SCEgZHpXEXU86xTTEQVB0gei0k4KbXlld0vuF9dzAxGA/AuwnjygihAigL
PNlbNHhfFmYn+UGMoP2+J3CKYJc9Eu/xZfhrQebEJ80GWK3NPZTEoEu/iz70B/Pf
LqSeENgMi6hQZYDn8xpLSzKm1S4XzmwNb2pW3pfUaeqMclAZylk=
=HIre
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

[Mark Thomas]

On 16/08/18 13:40, Martynas Jusevičius wrote:
> Hi,
> 
> my initial observations suggest, and SO post [1] seems to confirm, that when
> 
> 
> CONFIDENTIAL
> 
> 
> is specified on a security-constraint in web.xml, Tomcat does two things:
> 1. automatically redirects to HTTPS
> 2. appends Cache-Control: private and Expires: Thu, 01 Jan 1970
> 01:00:00 CET response headers
> 
> Is that correct?

It is broader than that. Tomcat adds those headers to any resource that
is protected by any security constraint.

> I had added the CONFIDENTIAL because I want the redirect to HTTPS.
> What I don't want is Tomcat overriding my caching headers and
> effectively disabling browser caching.

Those headers shouldn't disable browser caching. They will mean the
client has to revalidate the request. How relatively expensive that is
will depend on the resources.

> Why in the world would those two things be conflated?

Security. Any resource protected by a security constraint should not be
stored in a shared cache else information disclosure could occur.

> And how do I
> disable this header override behavior?
> 
> Does disableProxyCaching attribute need to be set to false to in order
> to do that? [2]

That would work. The consequence is that the application has to take
responsibility for setting all of the caching headers - including those
served by container servlets such as static resources and JSPs.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

[Olaf Kock]

Hi Martynas,

On 16.08.2018 14:40, Martynas Jusevičius wrote:

Hi,

my initial observations suggest, and SO post [1] seems to confirm, that when

 
 CONFIDENTIAL
 

is specified on a security-constraint in web.xml, Tomcat does two things:
1. automatically redirects to HTTPS
2. appends Cache-Control: private and Expires: Thu, 01 Jan 1970
01:00:00 CET response headers

Is that correct?
Without looking at the code, but with you stating this as an 
observation, I'd say yes, there's a good chance for it to be correct 
(well, you obviously observe it, and I can imagine it being on purpose)

I had added the CONFIDENTIAL because I want the redirect to HTTPS.
What I don't want is Tomcat overriding my caching headers and
effectively disabling browser caching.
There's a better way to redirect to HTTPS, rather than using this 
declaration. You can either do this in a servlet filter, proxy through 
Apache httpd or similar (where you can redirect/rewrite), or just deny 
tomcat to serve on port 80 anyways (just have a static redirect on port 
80). Add a pinch of HSTS, and you're set.


If an application declares CONFIDENTIAL, it might not like the content 
to be stored on any disc cache. Sending expired content will serve that 
purpose beautifully. And you're asking for CONFIDENTIAL, not ENCRYPTED 
(note: the ENCRYPTED declaration doesn't exist AFAIK)

Why in the world would those two things be conflated? And how do I
disable this header override behavior?
My best guess: Because one is not meant to be The Solution (TM) for the 
other.

Does disableProxyCaching attribute need to be set to false to in order
to do that? [2]

I'm running the tomcat:8.0-jre8 on Docker.

Pardon the sneaky comment:
Why on earth would someone ask for security related features on a server 
that has reached its end of life?

(this won't solve your problem, but static redirecting will)

I hope that helps,
Olaf

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

[Martynas Jusevičius]

Hi,

my initial observations suggest, and SO post [1] seems to confirm, that when


CONFIDENTIAL


is specified on a security-constraint in web.xml, Tomcat does two things:
1. automatically redirects to HTTPS
2. appends Cache-Control: private and Expires: Thu, 01 Jan 1970
01:00:00 CET response headers

Is that correct?

I had added the CONFIDENTIAL because I want the redirect to HTTPS.
What I don't want is Tomcat overriding my caching headers and
effectively disabling browser caching.

Why in the world would those two things be conflated? And how do I
disable this header override behavior?

Does disableProxyCaching attribute need to be set to false to in order
to do that? [2]

I'm running the tomcat:8.0-jre8 on Docker.

[1] 
https://stackoverflow.com/questions/21829553/tomcat-security-constraint-impact-cache
[2] 
https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Basic_Authenticator_Valve/Attributes

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: "End of life for Apache Tomcat 8.0.x" page title

[Violeta Georgieva]

Hi,

2017-07-05 1:30 GMT+03:00 Adam Rauch :
>
> I noticed that the current  element for the new EOL page is:
"Apache Tomcat® - End of life for Apache Tomcat 6.0.x". You may want to
adjust the version to "8.0.x."

Thanks for spotting this.
It should be Ok now.

Regards,
Violeta

> Thanks,
> Adam
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

"End of life for Apache Tomcat 8.0.x" page title

[Adam Rauch]

I noticed that the current  element for the new EOL page is: 
"Apache Tomcat® - End of life for Apache Tomcat 6.0.x". You may want to 
adjust the version to "8.0.x."


Thanks,
Adam

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] End of life for Apache Tomcat 8.0.x

[Mark Thomas]

Resending with correct dates. Apologies for the noise.

The Apache Tomcat team announces that support for Apache Tomcat 8.0.x
will end on 30 June 2018.

This means that after 30 June 2018:
- releases from the 8.0.x branch are highly unlikely
- bugs affecting only the 8.0.x branch will not be addressed
- security vulnerability reports will not be checked against the 8.0.x
  branch

Three months later (i.e. after 30 September 2018)
- the 8.0.x download links will be removed
- the latest 8.0.x release will be removed from the mirror system
- the 8.0.x branch in svn will move from /tomcat/tc8.0.x to
  /tomcat/archive/tc8.0.x
- the links to the 8.0.x documentation will be removed from
  tomcat.apache.org

Note that all 8.0.x releases will always be available from the archive.

It is anticipated that the final 8.0.x release will be made shortly
before 30 June 2018.

The Tomcat team is aware that a number of Linux distributions support
Tomcat 8.0.x and that that support for Tomcat 8.0.x is scheduled to
continue in those distributions beyond June 2018. The Tomcat team will
therefore:
- work with those distributions to address any issues preventing the
  update to 8.5.x from 8.0.x
- where an update to 8.5.x is not possible, the Tomcat team will
  endeavour to provide advice on back-porting security fixes to 8.0.x

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] End of life for Apache Tomcat 8.0.x

[Mark Thomas]

On 30/06/17 22:47, Bob Hall wrote:
> On Friday, June 30, 2017 2:32 PM, Mark Thomas <ma...@apache.org> wrote:
>  
> 
>  
> The Apache Tomcat team announces that support for Apache Tomcat 8.0.xwill end 
> on 30 June 2018.
> This means that after 30 June 2018:- releases from the 8.0.x branch are 
> highly unlikely- bugs affecting only the 8.0.x branch will not be addressed- 
> security vulnerability reports will not be checked against the 8.0.x  branch
> Three months later (i.e. after 30 September 2017)- the 8.0.x download links 
> will be removed- the latest 8.0.x release will be removed from the mirror 
> system- the 8.0.x branch in svn will move from /tomcat/tc8.0.x to  
> /tomcat/archive/tc8.0.x- the links to the 8.0.x documentation will be removed 
> from  tomcat.apache.org
> Note that all 8.0.x releases will always be available from the archive.
> It is anticipated that the final 8.0.x release will be made shortlybefore 30 
> June 2016.
> The Tomcat team is aware that a number of Linux distributions supportTomcat 
> 8.0.x and that that support for Tomcat 8.0.x is scheduled tocontinue in those 
> distributions beyond June 2018. The Tomcat team willtherefore:- work with 
> those distributions to address any issues preventing the  update to 8.5.x 
> from 8.0.x- where an update to 8.5.x is not possible, the Tomcat team will  
> endeavour to provide advice on back-porting security fixes to 8.0.x
> 
> ===
> Hi Mark,
> Seems to something amiss with the year values in this EOL message?

Thanks. Copy and paste error on my part. I'll fix that and resend.
Thanks for the heads up.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] End of life for Apache Tomcat 8.0.x

[Bob Hall]

On Friday, June 30, 2017 2:32 PM, Mark Thomas <ma...@apache.org> wrote:
 

 
The Apache Tomcat team announces that support for Apache Tomcat 8.0.xwill end 
on 30 June 2018.
This means that after 30 June 2018:- releases from the 8.0.x branch are highly 
unlikely- bugs affecting only the 8.0.x branch will not be addressed- security 
vulnerability reports will not be checked against the 8.0.x  branch
Three months later (i.e. after 30 September 2017)- the 8.0.x download links 
will be removed- the latest 8.0.x release will be removed from the mirror 
system- the 8.0.x branch in svn will move from /tomcat/tc8.0.x to  
/tomcat/archive/tc8.0.x- the links to the 8.0.x documentation will be removed 
from  tomcat.apache.org
Note that all 8.0.x releases will always be available from the archive.
It is anticipated that the final 8.0.x release will be made shortlybefore 30 
June 2016.
The Tomcat team is aware that a number of Linux distributions supportTomcat 
8.0.x and that that support for Tomcat 8.0.x is scheduled tocontinue in those 
distributions beyond June 2018. The Tomcat team willtherefore:- work with those 
distributions to address any issues preventing the  update to 8.5.x from 8.0.x- 
where an update to 8.5.x is not possible, the Tomcat team will  endeavour to 
provide advice on back-porting security fixes to 8.0.x

===
Hi Mark,
Seems to something amiss with the year values in this EOL message?
- Bob


   

[ANN] End of life for Apache Tomcat 8.0.x

[Mark Thomas]

The Apache Tomcat team announces that support for Apache Tomcat 8.0.x
will end on 30 June 2018.

This means that after 30 June 2018:
- releases from the 8.0.x branch are highly unlikely
- bugs affecting only the 8.0.x branch will not be addressed
- security vulnerability reports will not be checked against the 8.0.x
  branch

Three months later (i.e. after 30 September 2017)
- the 8.0.x download links will be removed
- the latest 8.0.x release will be removed from the mirror system
- the 8.0.x branch in svn will move from /tomcat/tc8.0.x to
  /tomcat/archive/tc8.0.x
- the links to the 8.0.x documentation will be removed from
  tomcat.apache.org

Note that all 8.0.x releases will always be available from the archive.

It is anticipated that the final 8.0.x release will be made shortly
before 30 June 2016.

The Tomcat team is aware that a number of Linux distributions support
Tomcat 8.0.x and that that support for Tomcat 8.0.x is scheduled to
continue in those distributions beyond June 2018. The Tomcat team will
therefore:
- work with those distributions to address any issues preventing the
  update to 8.5.x from 8.0.x
- where an update to 8.5.x is not possible, the Tomcat team will
  endeavour to provide advice on back-porting security fixes to 8.0.x

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.0.x series roadmap

[KK Gupta]

On Fri, Mar 10, 2017 at 11:35 AM, Mark Thomas <ma...@apache.org> wrote:

> On 10/03/2017 16:21, KK Gupta wrote:
> > Hi All,
> >
> > Our product uses Tomcat 8.0.x series and we recently upgraded to tomcat
> > 8.0.41 in our product.
> >
> > http://tomcat.apache.org/whichversion.html shows that 8.0.41 as
> superseded.
> > So, I wanted to understand whether 8.0.x line is actively being
> maintained
> > or not?
>
> For now, yes but the expectation is users will move to 8.5.x sooner
> rather than later.
>
> > We are primarily concerned about security vulnerability fixes and need to
> > understand how long those would continue to be delivered on 8.0.x series.
>
> The initial plan was that these would have stopped already. The most
> likely scenario at the moment s that 8.0.x moves to a 3 to 6 monthly
> release cycle but that depends on there being a release manager to do
> the releases.
>
> Thank you for this information.


> > Moving to 8.5.x requires significant efforts from our side and thus
> trying
> > to understand pros and cons of remaining on 8.0.x line.
>
> Why so much work? 8.0.x to 8.5.x should be a fairly smooth upgrade. If
> there are problems it would help to know what they are.
>

Amit discussed it previously on this thread http://marc.info/?l=tomcat-
user=148703520014730=2

To summarize - we have a custom BIO based connector, where we ended up
extending few of the org.apache.tomcat.util.net and org.apache.coyote.http11
classes
with refactoring in 8.5.x those classes are gone.

For the longer term, we intend to change our architecture and get rid of
custom
connectors completely so that we do not end up in same situation again.
However that's proving to be a significant work.
Therefore, we were hoping that we could continue to use 8.0.x series


>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat 8.0.x series roadmap

[Mark Thomas]

On 10/03/2017 16:21, KK Gupta wrote:
> Hi All,
> 
> Our product uses Tomcat 8.0.x series and we recently upgraded to tomcat
> 8.0.41 in our product.
> 
> http://tomcat.apache.org/whichversion.html shows that 8.0.41 as superseded.
> So, I wanted to understand whether 8.0.x line is actively being maintained
> or not?

For now, yes but the expectation is users will move to 8.5.x sooner
rather than later.

> We are primarily concerned about security vulnerability fixes and need to
> understand how long those would continue to be delivered on 8.0.x series.

The initial plan was that these would have stopped already. The most
likely scenario at the moment s that 8.0.x moves to a 3 to 6 monthly
release cycle but that depends on there being a release manager to do
the releases.

> Moving to 8.5.x requires significant efforts from our side and thus trying
> to understand pros and cons of remaining on 8.0.x line.

Why so much work? 8.0.x to 8.5.x should be a fairly smooth upgrade. If
there are problems it would help to know what they are.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 8.0.x series roadmap

[KK Gupta]

Hi All,

Our product uses Tomcat 8.0.x series and we recently upgraded to tomcat
8.0.41 in our product.

http://tomcat.apache.org/whichversion.html shows that 8.0.41 as superseded.
So, I wanted to understand whether 8.0.x line is actively being maintained
or not?

We are primarily concerned about security vulnerability fixes and need to
understand how long those would continue to be delivered on 8.0.x series.

Moving to 8.5.x requires significant efforts from our side and thus trying
to understand pros and cons of remaining on 8.0.x line.

Thanks,
KK

Re: Handling wildcard domains in Tomcat 8.0

[Nick Johnson]

On Sun, Mar 5, 2017 at 10:56 AM, Mark Thomas  wrote:

>
> >> That is not correct. Tomcat makes no changes to the Host or
> >> X-Forwarded-Host header it receives in the default configuration.
> >
> > Are there any configuration modifications that could cause this behavior
> to
> > manifest?
>
> The RemoteIpValve and RemoteIpFilter will modify the values an
> application sees for those headers.
>

Thanks, I'll investigate further to see if either of those have been set up
in the configuration from my provider, or if they've added some other
customized Valve or Filter which could be mangling the Host header based on
Host or Alias matching.

The behavior I have observed is 100% trivially reproducible, so there must
be something in the configuration that is causing it.

   Nick

Re: Handling wildcard domains in Tomcat 8.0

[Mark Thomas]

On 05/03/17 18:37, Nick Johnson wrote:

Please configure your e-mail client to quote text you reply to. It makes
conversations much easier to follow.

>> On Mar 5, 2017 9:50 AM, "Mark Thomas"  wrote:
>> 
>> On 04/03/17 04:33, Nick Johnson wrote:
>>> Greetings,
>>>
>>> I have observed that with the default configuration where the  name
>>> is 'localhost', Tomcat will change the Host and X-Forwarded-Host headers
>> to
>>> the IP address of the local machine.
>> 
>> That is not correct. Tomcat makes no changes to the Host or
>> X-Forwarded-Host header it receives in the default configuration.
> 
> Are there any configuration modifications that could cause this behavior to
> manifest?

The RemoteIpValve and RemoteIpFilter will modify the values an
application sees for those headers.

> Running nc or tcpdump on the command line, I see the correct Host and
> X-Forwarded-Host headers arriving for Tomcat, but from my application, the
> Host header and X-Forwarded-Host header both contain the IP address of the
> local machine.

How are you obtaining the header values?

> Using the same war file in a different container (Jetty), I do not observe
> this behavior.
> 
> I also do not observe this behavior if the Host header matches either the
>  name or an  name.

Those have no impact on the value of the HTTP Host header.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Handling wildcard domains in Tomcat 8.0

[Nick Johnson]

On Mar 5, 2017 9:50 AM, "Mark Thomas"  wrote:

On 04/03/17 04:33, Nick Johnson wrote:
> Greetings,
>
> I have observed that with the default configuration where the  name
> is 'localhost', Tomcat will change the Host and X-Forwarded-Host headers
to
> the IP address of the local machine.

That is not correct. Tomcat makes no changes to the Host or
X-Forwarded-Host header it receives in the default configuration.


Are there any configuration modifications that could cause this behavior to
manifest?

Running nc or tcpdump on the command line, I see the correct Host and
X-Forwarded-Host headers arriving for Tomcat, but from my application, the
Host header and X-Forwarded-Host header both contain the IP address of the
local machine.

Using the same war file in a different container (Jetty), I do not observe
this behavior.

I also do not observe this behavior if the Host header matches either the
 name or an  name.

   Nick

Re: Handling wildcard domains in Tomcat 8.0

[Mark Thomas]

On 04/03/17 04:33, Nick Johnson wrote:
> Greetings,
> 
> I have observed that with the default configuration where the  name
> is 'localhost', Tomcat will change the Host and X-Forwarded-Host headers to
> the IP address of the local machine.

That is not correct. Tomcat makes no changes to the Host or
X-Forwarded-Host header it receives in the default configuration.

>  For my use case, this is highly
> undesirable behavior, because the hostname is meaningful to my application
> (but one application needs to handle all possible hosts).
> 
> I've used the  entry to convince it not to change the Host headers
> for one FQDN; however, I see that wildcard support in  doesn't exist
> prior to Tomcat 8.5.  As I'm using a hosted service which provides Tomcat
> 8.0, I'm trying to find a workaround for this problem in Tomcat 8 if I can.

The contents of the  element has no impact on the contents of
the HTTP Host header.

> Is there any way to have Tomcat 8.0 have a single virtual host handle all
> of a wildcard domain, or, barring that, is there a way to get it to pass
> through the Host header, unchanged, to the default Host (effectively
> directing ALL traffic at the default Host, unchanged, regardless).

Use the default configuration.

Note: If you use a reverse proxy and/or a distribution of Tomcat from
somewhere other than the ASF (e.g. your favourite Linux distribution)
then all bets are off and you'll need to refer to their documentation so
see what the default behaviour is.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Handling wildcard domains in Tomcat 8.0

[Nick Johnson]

Greetings,

I have observed that with the default configuration where the  name
is 'localhost', Tomcat will change the Host and X-Forwarded-Host headers to
the IP address of the local machine.  For my use case, this is highly
undesirable behavior, because the hostname is meaningful to my application
(but one application needs to handle all possible hosts).

I've used the  entry to convince it not to change the Host headers
for one FQDN; however, I see that wildcard support in  doesn't exist
prior to Tomcat 8.5.  As I'm using a hosted service which provides Tomcat
8.0, I'm trying to find a workaround for this problem in Tomcat 8 if I can.

Is there any way to have Tomcat 8.0 have a single virtual host handle all
of a wildcard domain, or, barring that, is there a way to get it to pass
through the Host header, unchanged, to the default Host (effectively
directing ALL traffic at the default Host, unchanged, regardless).

Re: Migration to Tomcat 8.0 Post/PreResources vs VirtualWebappLoader with optional resources

[Mark Thomas]

On 07/12/2016 09:01, Berg, R. van den (Robin) wrote:
> Hello!
> I have an issue that seems not supported anymore with Tomcat 8.
> The same problem is also posted in the comments on: 
> https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html
> 
> PROBLEM:
> We used the virtualWebAppLoader to get some extra libraries and classes that 
> were on the machine on the classloader.
> The virtualClasspath-property of the virtualWebAppLoader was a ';'-seperated 
> list of directories. If one of them was empty, that was not a problem.
> We used the fact that non-existing/empty directories were not loaded, without 
> any exception. MQ were imported on
> Test-acceptance-production. However, in a local/dev-setup we do not provide 
> these libraries, since MQ-services are stubbed out.
> 
> We used the {Jar|File|Dir}ResourceSet in the context.xml as replacement for 
> the virtualWebAppLoader, as recommended by the migration guide.
> However, these fail when the base-property is non-existent. Therefore, it 
> breaks dev/local.
> 
> In the comments in 
> https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html a solution was 
> posted to extend the {Jar|File|Dir}ResourceSet.
> However, that solution won't work for us, since we can't provide the 
> tomcat-instances on test-acc-prd with an extra class/library with the 
> extended class. (access-rights/cloud-solution only allows default setup).

Can you not simply create an empty directory in the right place for
dev/local ?

Mark

> 
> PREFERRRED SOLUTION:
> Just like the tomcat 7  virtualWebAppLoader we would like the ResourceSet to 
> be optional/non-failing if the resource is not available. Is there any 
> configuration/property I can use to do that?
> 
> Thanks,
> Kind Regards,
> 
> 
> ATTENTION:
> The information in this e-mail is confidential and only meant for the 
> intended recipient. If you are not the intended recipient, don't use or 
> disclose it in any way. Please let the sender know and delete the message 
> immediately.
> --
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Migration to Tomcat 8.0 Post/PreResources vs VirtualWebappLoader with optional resources

[Berg, R. van den (Robin)]

Hi,

No. For the record: I didn't posted the issue on  
https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html. I merely 
stumbled upon somebody having the same issue. I wanted to file an enhancement 
request. But, as also noted by the "what to do before posting a 
bug/enhancement"-page, I wanted to be 
sure there is no solution to this problem yet. 
I was interested whether this was already fixed perhaps, even though I couldn't 
find anything.
Also, maybe somebody knows a 'workaround', which would me because I don't have 
time to wait for the enhancement. Furthermore, I can't even use the 
newest version, unfortunately. That depends on the PAAS party.

Kind Regards,

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Wednesday, December 07, 2016 10:58 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Migration to Tomcat 8.0 Post/PreResources vs VirtualWebappLoader 
with optional resources

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Robin,

On 12/7/16 4:01 AM, Berg, R. van den (Robin) wrote:
> Hello! I have an issue that seems not supported anymore with Tomcat 8. 
> The same problem is also posted in the comments on:
> https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html
> 
> PROBLEM: We used the virtualWebAppLoader to get some extra libraries 
> and classes that were on the machine on the classloader.
> The virtualClasspath-property of the virtualWebAppLoader was a 
> ';'-seperated list of directories. If one of them was empty, that was 
> not a problem. We used the fact that non-existing/empty directories 
> were not loaded, without any exception. MQ were imported on 
> Test-acceptance-production. However, in a local/dev-setup we do not 
> provide these libraries, since MQ-services are stubbed out.
> 
> We used the {Jar|File|Dir}ResourceSet in the context.xml as 
> replacement for the virtualWebAppLoader, as recommended by the 
> migration guide. However, these fail when the base-property is 
> non-existent. Therefore, it breaks dev/local.
> 
> In the comments in
> https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html a 
> solution was posted to extend the {Jar|File|Dir}ResourceSet.
> However, that solution won't work for us, since we can't provide the 
> tomcat-instances on test-acc-prd with an extra class/library with the 
> extended class. (access-rights/cloud-solution only allows default 
> setup).
> 
> PREFERRRED SOLUTION: Just like the tomcat 7  virtualWebAppLoader we 
> would like the ResourceSet to be optional/non-failing if the resource 
> is not available. Is there any configuration/property I can use to do 
> that?

Did you file an enhancement request as suggested by Konstantin all those months 
ago?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYSIXzAAoJEBzwKT+lPKRYRlcP/ip62nstdty643NjIdy8ImN4
/lhGdpw9qUfGTDiGF/wtqfOeAcTOIfoH1f0ZmnNaP9lZFMu917IT6Z0y3+fOwwnE
M3GPKBCZTQne3wY2oHqZujv4WVAiYzmcNlPDxeHljxP/aSiAf6DOyaWwGFLlUIml
7RiGBE+oJGQAMhohulPvSlh1ldSAsF637+xJA0O18DpRdSx9ikgDeeodRtA9Ei1d
R8sbZ9atYTqMH9ee4GBkc8yJDfZqf3Fo1FUjKghB3S4M9yxyjKqLqJORrFm4fOLH
PM4Oq7gkLEJNBWhkzABj6ruMw5/PHXrz4BV+K7rapdCSH7Bg5WXASiX0O0Z/rw1G
nVgd4kVwLRqDnRANjyU8+BnzyDq0sQ0Ndp6EZ/Sw4xBnaopQyYX9jsaqkQ8tqSg2
md4LdkX4axn/w0EhnE/XtVLBmmsjC4L7ALuGFleG+Etp2gh3vKE1rmhphwHUqvXX
GEKjR6HnXbCGKwJHkWt9lawpmK8N+VmI9FSbyx0vh4kheMjIUQmkH7uNnJhGOQc4
FO5GrS+zqEJwuDoBVZny2ZjSeOctu5bPJGfwd2nZa0uG8qra6Qhi8RCLSkG2ZPsq
EABJEpoLZMeiB6U6TFNQrxUFUTn1dtLQgQxKdbq8hUxX4n5KMl/12pZNhyapfor4
/PvNObLiXIy6930k/0Ag
=+++8
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



ATTENTION:
The information in this e-mail is confidential and only meant for the intended 
recipient. If you are not the intended recipient, don't use or disclose it in 
any way. Please let the sender know and delete the message immediately.
--

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Migration to Tomcat 8.0 Post/PreResources vs VirtualWebappLoader with optional resources

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Robin,

On 12/7/16 4:01 AM, Berg, R. van den (Robin) wrote:
> Hello! I have an issue that seems not supported anymore with Tomcat
> 8. The same problem is also posted in the comments on:
> https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html
> 
> PROBLEM: We used the virtualWebAppLoader to get some extra
> libraries and classes that were on the machine on the classloader. 
> The virtualClasspath-property of the virtualWebAppLoader was a
> ';'-seperated list of directories. If one of them was empty, that
> was not a problem. We used the fact that non-existing/empty
> directories were not loaded, without any exception. MQ were
> imported on Test-acceptance-production. However, in a
> local/dev-setup we do not provide these libraries, since
> MQ-services are stubbed out.
> 
> We used the {Jar|File|Dir}ResourceSet in the context.xml as
> replacement for the virtualWebAppLoader, as recommended by the
> migration guide. However, these fail when the base-property is
> non-existent. Therefore, it breaks dev/local.
> 
> In the comments in
> https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html a
> solution was posted to extend the {Jar|File|Dir}ResourceSet. 
> However, that solution won't work for us, since we can't provide
> the tomcat-instances on test-acc-prd with an extra class/library
> with the extended class. (access-rights/cloud-solution only allows
> default setup).
> 
> PREFERRRED SOLUTION: Just like the tomcat 7  virtualWebAppLoader we
> would like the ResourceSet to be optional/non-failing if the
> resource is not available. Is there any configuration/property I
> can use to do that?

Did you file an enhancement request as suggested by Konstantin all
those months ago?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYSIXzAAoJEBzwKT+lPKRYRlcP/ip62nstdty643NjIdy8ImN4
/lhGdpw9qUfGTDiGF/wtqfOeAcTOIfoH1f0ZmnNaP9lZFMu917IT6Z0y3+fOwwnE
M3GPKBCZTQne3wY2oHqZujv4WVAiYzmcNlPDxeHljxP/aSiAf6DOyaWwGFLlUIml
7RiGBE+oJGQAMhohulPvSlh1ldSAsF637+xJA0O18DpRdSx9ikgDeeodRtA9Ei1d
R8sbZ9atYTqMH9ee4GBkc8yJDfZqf3Fo1FUjKghB3S4M9yxyjKqLqJORrFm4fOLH
PM4Oq7gkLEJNBWhkzABj6ruMw5/PHXrz4BV+K7rapdCSH7Bg5WXASiX0O0Z/rw1G
nVgd4kVwLRqDnRANjyU8+BnzyDq0sQ0Ndp6EZ/Sw4xBnaopQyYX9jsaqkQ8tqSg2
md4LdkX4axn/w0EhnE/XtVLBmmsjC4L7ALuGFleG+Etp2gh3vKE1rmhphwHUqvXX
GEKjR6HnXbCGKwJHkWt9lawpmK8N+VmI9FSbyx0vh4kheMjIUQmkH7uNnJhGOQc4
FO5GrS+zqEJwuDoBVZny2ZjSeOctu5bPJGfwd2nZa0uG8qra6Qhi8RCLSkG2ZPsq
EABJEpoLZMeiB6U6TFNQrxUFUTn1dtLQgQxKdbq8hUxX4n5KMl/12pZNhyapfor4
/PvNObLiXIy6930k/0Ag
=+++8
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Migration to Tomcat 8.0 Post/PreResources vs VirtualWebappLoader with optional resources

[Berg, R. van den (Robin)]

Hello!
I have an issue that seems not supported anymore with Tomcat 8.
The same problem is also posted in the comments on: 
https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html

PROBLEM:
We used the virtualWebAppLoader to get some extra libraries and classes that 
were on the machine on the classloader.
The virtualClasspath-property of the virtualWebAppLoader was a ';'-seperated 
list of directories. If one of them was empty, that was not a problem.
We used the fact that non-existing/empty directories were not loaded, without 
any exception. MQ were imported on
Test-acceptance-production. However, in a local/dev-setup we do not provide 
these libraries, since MQ-services are stubbed out.

We used the {Jar|File|Dir}ResourceSet in the context.xml as replacement for the 
virtualWebAppLoader, as recommended by the migration guide.
However, these fail when the base-property is non-existent. Therefore, it 
breaks dev/local.

In the comments in 
https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html a solution was 
posted to extend the {Jar|File|Dir}ResourceSet.
However, that solution won't work for us, since we can't provide the 
tomcat-instances on test-acc-prd with an extra class/library with the extended 
class. (access-rights/cloud-solution only allows default setup).

PREFERRRED SOLUTION:
Just like the tomcat 7  virtualWebAppLoader we would like the ResourceSet to be 
optional/non-failing if the resource is not available. Is there any 
configuration/property I can use to do that?

Thanks,
Kind Regards,


ATTENTION:
The information in this e-mail is confidential and only meant for the intended 
recipient. If you are not the intended recipient, don't use or disclose it in 
any way. Please let the sender know and delete the message immediately.
--

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.0 : Custom server.xml path

[Violeta Georgieva]

Hi,

2016-07-12 12:03 GMT+03:00 Amit Pande :
>
> Any thoughts on this ?

You may try using catalina.base
https://github.com/apache/tomcat/blob/trunk/RUNNING.txt#L84
https://github.com/apache/tomcat/blob/trunk/RUNNING.txt#L230

Regards,
Violeta

>
> On 11/07/16 1:15 pm, "Amit Pande"  wrote:
>
> >Hello all,
> >
> >
> >We have a custom cluster deployment scenario which requires to put config
> >files on a shared disk.
> >
> >With reference to above requirement, we need to put server.xml (and
> >possibly other files from TOMCAT_DIR\conf) on the shared disk.
> >
> >Is there any way to do this ? Possible to do in catalina.properties like:
> >
> >
> >Conf.dir = 
> >
> >
> >Appreciate your help here.
> >
> >Thanks,
> >Amit
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: Tomcat 8.0 : Custom server.xml path

[Amit Pande]

Any thoughts on this ?

On 11/07/16 1:15 pm, "Amit Pande"  wrote:

>Hello all,
>
>
>We have a custom cluster deployment scenario which requires to put config
>files on a shared disk.
>
>With reference to above requirement, we need to put server.xml (and
>possibly other files from TOMCAT_DIR\conf) on the shared disk.
>
>Is there any way to do this ? Possible to do in catalina.properties like:
>
>
>Conf.dir = 
>
>
>Appreciate your help here.
>
>Thanks,
>Amit
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 8.0 : Custom server.xml path

[Amit Pande]

Hello all,


We have a custom cluster deployment scenario which requires to put config
files on a shared disk.

With reference to above requirement, we need to put server.xml (and
possibly other files from TOMCAT_DIR\conf) on the shared disk.

Is there any way to do this ? Possible to do in catalina.properties like:


Conf.dir = 


Appreciate your help here.

Thanks,
Amit


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fwd: tomcat 8.0 session_id resets in AWS

[Mark Thomas]

On 29/06/2016 14:05, Gibu George wrote:
> Hi All,
> 
> I'm trying to get tomcat to work in a cluster with sessions being persisted
> in mysql, in AWS. I have setup two tomcat servers in the clusters using "
> org.apache.catalina.tribes.membership.StaticMember".
> 
> The problem that I am facing is that when a request that containing
> session_id created by tomcat instance1 is send to tomcat instance2, tomcat
> instance2 fails to validate the session_id ( created by instance1 ) and
> send a new session_id, created by instance2 in the response.
> 
> Why is this happening?

Many possible reasons. More investigation is required. Is your web
application cluster enabled? What do the logs tell you is happening with
the cluster?

> Has anyone face such an issue ?

Frequently.

> my tomcat is front ended by nginx
> 
> Part 2: How do I enable logging for session management in tomcat? What do i
> need to add in logging.properties file?

org.apache.catalina.session.level = FINE
org.apache.catalina.tribes.level = FINE

is probably overkill but you can narrow it down once you figure out what
is useful (or not) for your situation.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Fwd: tomcat 8.0 session_id resets in AWS

[Gibu George]

Hi All,

I'm trying to get tomcat to work in a cluster with sessions being persisted
in mysql, in AWS. I have setup two tomcat servers in the clusters using "
org.apache.catalina.tribes.membership.StaticMember".

The problem that I am facing is that when a request that containing
session_id created by tomcat instance1 is send to tomcat instance2, tomcat
instance2 fails to validate the session_id ( created by instance1 ) and
send a new session_id, created by instance2 in the response.

Why is this happening? Has anyone face such an issue ?

my tomcat is front ended by nginx

Part 2: How do I enable logging for session management in tomcat? What do i
need to add in logging.properties file?
-- 
--gibu

Re: Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log

[Igor Cicimov]

On Thu, May 12, 2016 at 4:47 AM, Abhijit Das  wrote:

>
> down vote
>  <>favorite
>  <
> https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#
> >
> I am injecting a header with a rewrite policy on my LB to pass
> X-Forwarded-For header. Have verified that this appears on all the pages in
> the RESPONSE Header.
>
> I have the following config in server.xml , yet i am not able to see the
> Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
>
> What could be the issue?
>
>internalProxies="10\.202\.13\.198"
>   remoteIpHeader="X-Forwarded-For"
>   proxiesHeader="x-forwarded-by"
>   requestAttributesEnabled="true"
> />
>directory="logs"
>   prefix="localhost_access_log"
>   suffix=".txt"
>   pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r
> %q %A %v %p %b %I %D"
>   requestAttributeEnabled="true"
>   resolveHosts="false"/>
> Log ::
>
> [11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action
> - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86
> Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET
> /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72
> http-nio-8443-exec-17 13
>
> As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
>
>
> Snippet of my Resonse Header: showing my LB policy is injecting the
> X-Forwarded-For header.
>
> Cache-Control:private
> Content-Encoding:gzip
> Content-Type:application/json
> Date:Wed, 11 May 2016 17:58:55 GMT
> Expires:Wed, 31 Dec 1969 16:00:00 PST
> Server:Apache-Coyote/1.1
> Strict-Transport-Security:max-age=31536000; includeSubDomains
> Transfer-Encoding:chunked
> Vary:User-Agent
> X-AUSERNAME:admin
> X-App-Cluster-Node:4e77b660
> X-App-Cluster-Node-Name:app_prod_clus_node3
> X-Content-Type-Options:nosniff
> X-Forwarded-For:1.1.1.1
> X-Seraph-LoginReason:OK
>
>
Correct me if I've maybe misunderstood something but I have the same case
and I just chuck %{X-Forwarded-For}i in the pattern to capture the header.

Re: Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log

[Abhijit Das]

RESOLVED … It should be injected in the REQUEST Header, I will now see if case 
matters. 


On May 11, 2016, at 12:07 PM, Abhijit Das  wrote:

Thanks for pointing out, but that didn’t work either .. (I also changed the 
policy on the LB to inject in lower case x-forwarded-for thinking if it was 
case sensitive?) .. Do i need a filter as well in web.xml ? 

The below Header is a RESPONSE header, where i am injecting x-forwarded-for 



mailto:ma...@apache.org>> wrote:

On 11/05/2016 19:47, Abhijit Das wrote:
> 
> down vote
> <>favorite
>   
> >
>
> I am injecting a header with a rewrite policy on my LB to pass 
> X-Forwarded-For header. Have verified that this appears on all the pages in 
> the RESPONSE Header.
> 
> I have the following config in server.xml , yet i am not able to see the 
> Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
> 
> What could be the issue?
> 
>  internalProxies="10\.202\.13\.198"
>  remoteIpHeader="X-Forwarded-For"
>  proxiesHeader="x-forwarded-by"
>  requestAttributesEnabled="true"
>/>
>  directory="logs"
>  prefix="localhost_access_log"
>  suffix=".txt"
>  pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q 
> %A %v %p %b %I %D"
>  requestAttributeEnabled="true"
typo  ^^^

You are missing an 's'

Mark


>  resolveHosts="false"/>
> Log ::
> 
> [11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 
> https:///index.action  - 
> 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 
> 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 
> Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET 
> /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 
> http-nio-8443-exec-17 13
> 
> As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
> 
> 
> Snippet of my Resonse Header: showing my LB policy is injecting the 
> X-Forwarded-For header.
> 
> Cache-Control:private
> Content-Encoding:gzip
> Content-Type:application/json
> Date:Wed, 11 May 2016 17:58:55 GMT
> Expires:Wed, 31 Dec 1969 16:00:00 PST
> Server:Apache-Coyote/1.1
> Strict-Transport-Security:max-age=31536000; includeSubDomains
> Transfer-Encoding:chunked
> Vary:User-Agent
> X-AUSERNAME:admin
> X-App-Cluster-Node:4e77b660
> X-App-Cluster-Node-Name:app_prod_clus_node3
> X-Content-Type-Options:nosniff
> X-Forwarded-For:1.1.1.1
> X-Seraph-LoginReason:OK
> 
> 
> 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 

For additional commands, e-mail: users-h...@tomcat.apache.org 

Re: Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log

[Abhijit Das]

Thanks for pointing out, but that didn’t work either .. (I also changed the 
policy on the LB to inject in lower case x-forwarded-for thinking if it was 
case sensitive?) .. Do i need a filter as well in web.xml ? 

The below Header is a RESPONSE header, where i am injecting x-forwarded-for 



https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>
>
> I am injecting a header with a rewrite policy on my LB to pass 
> X-Forwarded-For header. Have verified that this appears on all the pages in 
> the RESPONSE Header.
> 
> I have the following config in server.xml , yet i am not able to see the 
> Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
> 
> What could be the issue?
> 
>  internalProxies="10\.202\.13\.198"
>  remoteIpHeader="X-Forwarded-For"
>  proxiesHeader="x-forwarded-by"
>  requestAttributesEnabled="true"
>/>
>  directory="logs"
>  prefix="localhost_access_log"
>  suffix=".txt"
>  pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q 
> %A %v %p %b %I %D"
>  requestAttributeEnabled="true"
typo  ^^^

You are missing an 's'

Mark


>  resolveHosts="false"/>
> Log ::
> 
> [11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 
> https:///index.action - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 
> (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) 
> Chrome/50.0.2661.86 Safari/537.36 
> /rest/mywork/latest/status/notification/count 200 GET 
> /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 
> http-nio-8443-exec-17 13
> 
> As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
> 
> 
> Snippet of my Resonse Header: showing my LB policy is injecting the 
> X-Forwarded-For header.
> 
> Cache-Control:private
> Content-Encoding:gzip
> Content-Type:application/json
> Date:Wed, 11 May 2016 17:58:55 GMT
> Expires:Wed, 31 Dec 1969 16:00:00 PST
> Server:Apache-Coyote/1.1
> Strict-Transport-Security:max-age=31536000; includeSubDomains
> Transfer-Encoding:chunked
> Vary:User-Agent
> X-AUSERNAME:admin
> X-App-Cluster-Node:4e77b660
> X-App-Cluster-Node-Name:app_prod_clus_node3
> X-Content-Type-Options:nosniff
> X-Forwarded-For:1.1.1.1
> X-Seraph-LoginReason:OK
> 
> 
> 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log

[Mark Thomas]

On 11/05/2016 19:47, Abhijit Das wrote:
> 
> down vote
>  <>favorite
>  
> 
>   
> I am injecting a header with a rewrite policy on my LB to pass 
> X-Forwarded-For header. Have verified that this appears on all the pages in 
> the RESPONSE Header.
> 
> I have the following config in server.xml , yet i am not able to see the 
> Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
> 
> What could be the issue?
> 
>internalProxies="10\.202\.13\.198"
>   remoteIpHeader="X-Forwarded-For"
>   proxiesHeader="x-forwarded-by"
>   requestAttributesEnabled="true"
> />
>directory="logs"
>   prefix="localhost_access_log"
>   suffix=".txt"
>   pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q 
> %A %v %p %b %I %D"
>   requestAttributeEnabled="true"
typo  ^^^

You are missing an 's'

Mark


>   resolveHosts="false"/>
> Log ::
> 
> [11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 
> https:///index.action - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 
> (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) 
> Chrome/50.0.2661.86 Safari/537.36 
> /rest/mywork/latest/status/notification/count 200 GET 
> /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 
> http-nio-8443-exec-17 13
> 
> As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
> 
> 
> Snippet of my Resonse Header: showing my LB policy is injecting the 
> X-Forwarded-For header.
> 
> Cache-Control:private
> Content-Encoding:gzip
> Content-Type:application/json
> Date:Wed, 11 May 2016 17:58:55 GMT
> Expires:Wed, 31 Dec 1969 16:00:00 PST
> Server:Apache-Coyote/1.1
> Strict-Transport-Security:max-age=31536000; includeSubDomains
> Transfer-Encoding:chunked
> Vary:User-Agent
> X-AUSERNAME:admin
> X-App-Cluster-Node:4e77b660
> X-App-Cluster-Node-Name:app_prod_clus_node3
> X-Content-Type-Options:nosniff
> X-Forwarded-For:1.1.1.1
> X-Seraph-LoginReason:OK
> 
> 
> 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log

[Abhijit Das]

down vote
 <>favorite
 


I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For 
header. Have verified that this appears on all the pages in the RESPONSE Header.

I have the following config in server.xml , yet i am not able to see the Remote 
IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)

What could be the issue?



Log ::

[11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action 
- 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 
10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 
Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET 
/rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 
http-nio-8443-exec-17 13

As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)


Snippet of my Resonse Header: showing my LB policy is injecting the 
X-Forwarded-For header.

Cache-Control:private
Content-Encoding:gzip
Content-Type:application/json
Date:Wed, 11 May 2016 17:58:55 GMT
Expires:Wed, 31 Dec 1969 16:00:00 PST
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Transfer-Encoding:chunked
Vary:User-Agent
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b660
X-App-Cluster-Node-Name:app_prod_clus_node3
X-Content-Type-Options:nosniff
X-Forwarded-For:1.1.1.1
X-Seraph-LoginReason:OK

AW: Tomcat 8.5: Certificate Chain Incomplete - Tomcat 8.0 was fine

[Kreuser, Peter]

Thanks Mark. So once I build Tomcat myself for the protocol issue I will get 
that too!

-Ursprüngliche Nachricht-
Von: Mark Thomas [mailto:ma...@apache.org] 
Gesendet: Mittwoch, 27. April 2016 11:51
An: Tomcat Users List
Betreff: Re: Tomcat 8.5: Certificate Chain Incomplete - Tomcat 8.0 was fine

On 27/04/2016 10:39, Kreuser, Peter wrote:
> Hi all,
> 
> I have a strange problem with Tomcat 8.5. Using the exact same setup as 
> Tomcat 8.0 (connector and keystore) ssllabs will downgrade my setup from A to 
> B because of a missing intermediate certificate.

http://svn.us.apache.org/repos/asf/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Search for chain.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5: Certificate Chain Incomplete - Tomcat 8.0 was fine

[Mark Thomas]

On 27/04/2016 10:39, Kreuser, Peter wrote:
> Hi all,
> 
> I have a strange problem with Tomcat 8.5. Using the exact same setup as 
> Tomcat 8.0 (connector and keystore) ssllabs will downgrade my setup from A to 
> B because of a missing intermediate certificate.

http://svn.us.apache.org/repos/asf/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Search for chain.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 8.5: Certificate Chain Incomplete - Tomcat 8.0 was fine

[Kreuser, Peter]

Hi all,

I have a strange problem with Tomcat 8.5. Using the exact same setup as Tomcat 
8.0 (connector and keystore) ssllabs will downgrade my setup from A to B 
because of a missing intermediate certificate.

I have the two versions working side by side on two ports.



Openssl on the two will give me the following output:

Tomcat 8.0:
openssl s_client -showcerts -connect logopk.no-ip.com:8444
CONNECTED(0003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X1
verify return:1
depth=0 CN = logopk.no-ip.com
verify return:1
---
Certificate chain
0 s:/CN=logopk.no-ip.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
-BEGIN CERTIFICATE-

-END CERTIFICATE-
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-BEGIN CERTIFICATE-

-END CERTIFICATE-
---
Server certificate
subject=/CN=logopk.no-ip.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3483 bytes and written 434 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 572071490E6F469D2C65463A084AD02D737DB2AE3D52A8026129E856735FDBA8
Session-ID-ctx:
Master-Key: 
CB723211640C7C7698A6F490E3EF9C3EBAB403D8C4333A0ED4641BF0F0A998BFA4097491DE12940BF8932C9912579C85
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1461743945
Timeout   : 300 (sec)
Verify return code: 0 (ok)


Tomcat 8.5:
openssl s_client -showcerts -connect logopk.no-ip.com:8443
CONNECTED(0003)
depth=0 CN = logopk.no-ip.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = logopk.no-ip.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=logopk.no-ip.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
-BEGIN CERTIFICATE-

-END CERTIFICATE-
---
Server certificate
subject=/CN=logopk.no-ip.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2459 bytes and written 434 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Session-ID: E5BB5BCF0C1518DD22879C818416A1EA428DE340221D79F1F06957AC2AC7C1EF
Session-ID-ctx:
Master-Key: 
7B069F4782914A0F5F12AEC1EEC97EB469F5AD49FC1E9F7847E510B14314EC40551D8314CA683FC9253B16801E8235CF
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
 - 60 c1 0e c6 02 99 d0 fe-65 22 2f e1 54 ae e4 c4   `...e"/.T...
0010 - c3 f0 50 2d b1 bd e1 e8-f8 24 f6 5e 32 c9 dc 26   ..P-.$.^2..&
0020 - fa 05 70 df 7c d7 b8 1a-17 81 ec 36 d5 66 03 84   ..p.|..6.f..
0030 - 81 7b 48 c8 3c 04 6f eb-da 9c c7 bb 4a 5f 21 22   .{H.<.o.J_!"
0040 - fe b5 4e 95 24 b8 89 c6-2c 12 4a fa bf 0d b8 c0   ..N.$...,.J.
0050 - 45 5d 0d 87 c8 38 cc 36-c4 5b 52 8e 47 ae 8b 8d   E]...8.6.[R.G...
0060 - b0 de e4 6c d6 71 dd d3-67 78 2e 27 a2 ad d0 be   ...l.q..gx.'
0070 - 28 96 a7 71 66 c0 a1 30-b7 5b 9f 37 0b dd 5e 55   (..qf..0.[.7..^U
0080 - ea d2 46 94 1e ee 2a 51-b6 41 77 30 cd e9 26 83   ..F...*Q.Aw0..&.
0090 - 4d 79 2a 7f 32 98 62 e4-26 c9 41 76 f5 56 e6 83   My*.2.b.&.Av.V..

Start Time: 1461744248
Timeout   : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)

Any idea? I have even regenerated the keystore using the setup of 
https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Prepare_the_Certificate_Keystore
The connector setup with openssl (including the intermediate.pem) and the new 
NIO2 does work fine - with an A+.

Thank You. Best regards

Peter

Re: Tomcat 8.0.X - findService("Catalina").getContainer() deprecated. How to retrieve StandardEngine

[Mark Thomas]

On 05/04/2016 18:30, Mariano López wrote:
> Hi all, I'm working with Tomcat 8.0.32 after migrating from 7.0.X.
> 
> When I want to get the host object in Tomcat 7 I did:
> 
>MBeanServer mBeanServer =
> MBeanServerFactory.findMBeanServer(null).get(0);
> ObjectName catalinaNombre = null;
> try {
> catalinaNombre = new ObjectName("Catalina","type","Server");
> servidorTomcat = (Server) mBeanServer.getAttribute(
> catalinaNombre, "managedResource");
>StandardEngine engineTomcat = (StandardEngine)
> servidorTomcat.findService("Catalina").getContainer();
>hostTomcat = (Host) engineTomcat.findChild( "localhost" );
> }
> ...
> 
> Now findService("Catalina").getContainer() is deprecated and don't know how
> to do it.
> 
> Nothing found after long search about this.
> 
> Could anybody help me please ?

You don't need to change anything. Look at the Javadocs for an
explanation of the deprecation.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 8.0.X - findService("Catalina").getContainer() deprecated. How to retrieve StandardEngine

[Mariano López]

Hi all, I'm working with Tomcat 8.0.32 after migrating from 7.0.X.

When I want to get the host object in Tomcat 7 I did:

   MBeanServer mBeanServer =
MBeanServerFactory.findMBeanServer(null).get(0);
ObjectName catalinaNombre = null;
try {
catalinaNombre = new ObjectName("Catalina","type","Server");
servidorTomcat = (Server) mBeanServer.getAttribute(
catalinaNombre, "managedResource");
   StandardEngine engineTomcat = (StandardEngine)
servidorTomcat.findService("Catalina").getContainer();
   hostTomcat = (Host) engineTomcat.findChild( "localhost" );
}
...

Now findService("Catalina").getContainer() is deprecated and don't know how
to do it.

Nothing found after long search about this.

Could anybody help me please ?

Regards,

Mriano

Adding external resources programmatically in tomcat 8.0.x!

[Sriraksha Jain]

Hi All,



Apart from adding external resources using Resources tag in context.xml of 
tomcat 8.0.x, is there any other way through which this can be achieved 
programmatically by extending some classes.
Please provide me with some code snippet/examples for doing the same.





Thanks,
Raksha

Re: Persistance on Tomcat 8.0 and Cluster

[Daniel Mikusa]

On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler adied...@tecracer.de
wrote:

 Hello Daniel,
 That you for your reply. You mean, that session persistance was enabled
 and a failover was recordnized by the loadbalancer and the session was
 still available on the remaining node?


No. I'm just talking about your configuration.  You have two conflicting
things configured.

1.) You have a session store created.  This is going to store your sessions
into the database.  It's *not* clustering (at least by the definition
Tomcat uses), but can be an effective way to share sessions across multiple
Tomcat instances.

2.) You have a cluster defined.  This is going to tell Tomcat to replicate
session data directly between your Tomcat nodes.  As you pointed out
previously, this can be problematic on AWS where they don't support
multicast.  It's also conflicting with #1, which is what the error you
reported is telling you.

In short, remove the Cluster/ tag, the error should go away.

Dan



 -Ursprüngliche Nachricht-
 Von: Daniel Mikusa [mailto:dmik...@pivotal.io]
 Gesendet: Freitag, 27. Februar 2015 14:21
 An: Tomcat Users List
 Betreff: Re: Persistance on Tomcat 8.0 and Cluster

 On Fri, Feb 27, 2015 at 8:15 AM, Alexander Diedler adied...@tecracer.de
 wrote:

  Hello,
  I have to build a two node failover cluster with 2 tomcats 8.0.15
 servers.
  This cluster is on AWS Cloud, so technical we cannot use Mulicast etc.
  so we have to use Persistance stored the Session information in a
 database.
  The application was in grails and was delivered as a war file tot he
  tomcat.
 
  But what I get is this error message in the nodes:
  WARNING [localhost-startStop-1]
  org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [
  org.apache.catalina.session.PersistentManager[]] does not implement
  ClusterManager, addition to cluster has been aborted.
 
  In the global /conf/context.xml is this:
  Resource name=jdbc/sessions auth=Container
 type=javax.sql.DataSource
 username=username 
 password=password
  driverClassName=net.sourceforge.jtds.jdbc.Driver
 
 
 url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer;
  maxActive=1000
  maxIdle=30
  maxWait=3600
  validationQuery=select 1 
  removeAbandoned=true
 removeAbandonedTimeout=60/
 
  Manager className=org.apache.catalina.session.PersistentManager
  distributable=true
  processExpiresFrequency=3
  saveOnRestart=true
  minIdleSwap=1800
  maxIdleSwap=3600
  maxInactiveInterval=3600
  maxIdleBackup=0
  
 
  Store className=org.apache.catalina.session.JDBCStore
  dataSourceName=jdbc/sessions
  sessionAppCol=app_name
  sessionDataCol=session_data
  sessionIdCol=session_id
  sessionLastAccessedCol=last_access
  sessionMaxInactiveCol=max_inactive
  sessionTable=tomcat_sessions
  sessionValidCol=valid_session /
  /Manager
 
 
  And in server.xml we use globally:
  Inside the engine tag
 
Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
   channelSendOptions=8
 
 
  /Cluster
 
  What do we wrong?
 

 If you're using session persistence like a DB to share your sessions
 across multiple nodes, you don't need the Cluster / tag.  That's only
 necessary if you're replicating sessions directly between your cluster
 nodes.

 Dan


 
  Greetings
  Alexander
 
 
 

Persistance on Tomcat 8.0 and Cluster

[Alexander Diedler]

Hello,
I have to build a two node failover cluster with 2 tomcats 8.0.15 servers.
This cluster is on AWS Cloud, so technical we cannot use Mulicast etc. so we 
have to use Persistance stored the Session information in a database.
The application was in grails and was delivered as a war file tot he tomcat.

But what I get is this error message in the nodes:
WARNING [localhost-startStop-1] 
org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [ 
org.apache.catalina.session.PersistentManager[]] does not implement 
ClusterManager, addition to cluster has been aborted.

In the global /conf/context.xml is this:
Resource name=jdbc/sessions auth=Container type=javax.sql.DataSource
   username=username 
   password=password
driverClassName=net.sourceforge.jtds.jdbc.Driver

url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer;
maxActive=1000
maxIdle=30
maxWait=3600
validationQuery=select 1 
removeAbandoned=true
   removeAbandonedTimeout=60/

Manager className=org.apache.catalina.session.PersistentManager
distributable=true
processExpiresFrequency=3
saveOnRestart=true
minIdleSwap=1800
maxIdleSwap=3600
maxInactiveInterval=3600
maxIdleBackup=0


Store className=org.apache.catalina.session.JDBCStore
dataSourceName=jdbc/sessions
sessionAppCol=app_name
sessionDataCol=session_data
sessionIdCol=session_id
sessionLastAccessedCol=last_access
sessionMaxInactiveCol=max_inactive
sessionTable=tomcat_sessions
sessionValidCol=valid_session /
/Manager


And in server.xml we use globally:
Inside the engine tag

  Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
 channelSendOptions=8


/Cluster

What do we wrong?

Greetings
Alexander

Re: Persistance on Tomcat 8.0 and Cluster

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel,

On 2/27/15 9:24 AM, Daniel Mikusa wrote:
 On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler 
 adied...@tecracer.de wrote:
 
 Hello Daniel, That you for your reply. You mean, that session 
 persistance was enabled and a failover was recordnized by the 
 loadbalancer and the session was still available on the
 remaining node?
 
 
 No. I'm just talking about your configuration.  You have two 
 conflicting things configured.
 
 1.) You have a session store created.  This is going to store your 
 sessions into the database.  It's *not* clustering (at least by
 the definition Tomcat uses), but can be an effective way to share 
 sessions across multiple Tomcat instances.
 
 2.) You have a cluster defined.  This is going to tell Tomcat to 
 replicate session data directly between your Tomcat nodes.  As you 
 pointed out previously, this can be problematic on AWS where they 
 don't support multicast.  It's also conflicting with #1, which is 
 what the error you reported is telling you.
 
 In short, remove the Cluster/ tag, the error should go away.

Are you sure that's best? If the goal is uninterrupted fail-over, then
perhaps using the BackupManager or DeltaManager with static membership
is the better strategy.

I guess the real question is for the OP: do you need clustering (i.e.
session replication between nodes) or is it okay if a user has to
login again and possibly re-start a workflow if they get failed-over
to another node?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJU8IGMAAoJEBzwKT+lPKRY5SQQAIPfDPyKNssUyEOJw5ouA9Qw
7chcfdhWVjiF83ecdXbZSxzS9hRi0l4pNdXVmU/LLQGNGfg+idtusrrG+fa4A4iE
xrs36Wt5DCN2+ejCFlWbrW1Ixk58DTLVdXMJ+F67QTIEp59MmKpGOdTXWlWKs8HI
Xgpq8hEJPMJbaUcEPu87iJbLviVoeWJD9i0TEeA/dcjdl0sR+WdH/VGBtS0TaAkX
ZMaR0Tkp/Fx4hLWUwe2s5QFrQ6n8Mpeggr76owXuSSD2+J0PYPkezs/ctvssn7OJ
YhHWPV5OQ52/YY3FFI5e8pEJZeX2D+FT+XS0CzI7EKsJ+UD9RgU/RVRv/iuKnLA9
GImVr2aAAycCnqGZzDyOrMpO0MfHw9SqLttLdliX8HI383WODYNbrKoON6KaAQRK
MSwqbZ/YJcDczXVjzHxJZnggvhg2IYupQ89quSpf47kKL6bBw3607feiURegvSd5
+xiONk3OifRDbcEv/Q3fGwU5rMYzPaf3f/6Jx0/j9jq/ijVKDUI0fvkqaZnCAev4
o7p67AT6iyH31haRtLL72XFWm6/63hLXQ94qecOKyneAxu8/eWh+ajltAi28mMbk
GFI4iqQCcij9gjcGX++dDoNoe9qGsDj5ZIhVTWXC4hEnsZF64yQG+KHJ+Gss9JV7
rbRTDWfS/YlVI/sBMiUz
=KZKi
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Persistance on Tomcat 8.0 and Cluster

[Daniel Mikusa]

On Fri, Feb 27, 2015 at 8:15 AM, Alexander Diedler adied...@tecracer.de
wrote:

 Hello,
 I have to build a two node failover cluster with 2 tomcats 8.0.15 servers.
 This cluster is on AWS Cloud, so technical we cannot use Mulicast etc. so
 we have to use Persistance stored the Session information in a database.
 The application was in grails and was delivered as a war file tot he
 tomcat.

 But what I get is this error message in the nodes:
 WARNING [localhost-startStop-1]
 org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [
 org.apache.catalina.session.PersistentManager[]] does not implement
 ClusterManager, addition to cluster has been aborted.

 In the global /conf/context.xml is this:
 Resource name=jdbc/sessions auth=Container type=javax.sql.DataSource
username=username 
password=password
 driverClassName=net.sourceforge.jtds.jdbc.Driver

 url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer;
 maxActive=1000
 maxIdle=30
 maxWait=3600
 validationQuery=select 1 
 removeAbandoned=true
removeAbandonedTimeout=60/

 Manager className=org.apache.catalina.session.PersistentManager
 distributable=true
 processExpiresFrequency=3
 saveOnRestart=true
 minIdleSwap=1800
 maxIdleSwap=3600
 maxInactiveInterval=3600
 maxIdleBackup=0
 

 Store className=org.apache.catalina.session.JDBCStore
 dataSourceName=jdbc/sessions
 sessionAppCol=app_name
 sessionDataCol=session_data
 sessionIdCol=session_id
 sessionLastAccessedCol=last_access
 sessionMaxInactiveCol=max_inactive
 sessionTable=tomcat_sessions
 sessionValidCol=valid_session /
 /Manager


 And in server.xml we use globally:
 Inside the engine tag

   Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
  channelSendOptions=8


 /Cluster

 What do we wrong?


If you're using session persistence like a DB to share your sessions across
multiple nodes, you don't need the Cluster / tag.  That's only necessary
if you're replicating sessions directly between your cluster nodes.

Dan



 Greetings
 Alexander

AW: Persistance on Tomcat 8.0 and Cluster

[Alexander Diedler]

Hello Daniel,
That you for your reply. You mean, that session persistance was enabled and a 
failover was recordnized by the loadbalancer and the session was still 
available on the remaining node?

Thank you.


-Ursprüngliche Nachricht-
Von: Daniel Mikusa [mailto:dmik...@pivotal.io] 
Gesendet: Freitag, 27. Februar 2015 14:21
An: Tomcat Users List
Betreff: Re: Persistance on Tomcat 8.0 and Cluster

On Fri, Feb 27, 2015 at 8:15 AM, Alexander Diedler adied...@tecracer.de
wrote:

 Hello,
 I have to build a two node failover cluster with 2 tomcats 8.0.15 servers.
 This cluster is on AWS Cloud, so technical we cannot use Mulicast etc. 
 so we have to use Persistance stored the Session information in a database.
 The application was in grails and was delivered as a war file tot he 
 tomcat.

 But what I get is this error message in the nodes:
 WARNING [localhost-startStop-1]
 org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [ 
 org.apache.catalina.session.PersistentManager[]] does not implement 
 ClusterManager, addition to cluster has been aborted.

 In the global /conf/context.xml is this:
 Resource name=jdbc/sessions auth=Container type=javax.sql.DataSource
username=username 
password=password
 driverClassName=net.sourceforge.jtds.jdbc.Driver

 url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer;
 maxActive=1000
 maxIdle=30
 maxWait=3600
 validationQuery=select 1 
 removeAbandoned=true
removeAbandonedTimeout=60/

 Manager className=org.apache.catalina.session.PersistentManager
 distributable=true
 processExpiresFrequency=3
 saveOnRestart=true
 minIdleSwap=1800
 maxIdleSwap=3600
 maxInactiveInterval=3600
 maxIdleBackup=0
 

 Store className=org.apache.catalina.session.JDBCStore
 dataSourceName=jdbc/sessions
 sessionAppCol=app_name
 sessionDataCol=session_data
 sessionIdCol=session_id
 sessionLastAccessedCol=last_access
 sessionMaxInactiveCol=max_inactive
 sessionTable=tomcat_sessions
 sessionValidCol=valid_session /
 /Manager


 And in server.xml we use globally:
 Inside the engine tag

   Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
  channelSendOptions=8


 /Cluster

 What do we wrong?


If you're using session persistence like a DB to share your sessions across 
multiple nodes, you don't need the Cluster / tag.  That's only necessary if 
you're replicating sessions directly between your cluster nodes.

Dan



 Greetings
 Alexander

AW: Persistance on Tomcat 8.0 and Cluster

[Alexander Diedler]

Hello Christian,
The minimum requirement was tob e redirected to a working node after the 
current node where I am on are failing.  - This was covered by a Loadbalancer 
whicht is doing health checks.
The maximum of user friedly was to be stayed logged in into the failover node 
and not to have re-login into the application. 

Best regards
Alexander 

-Ursprüngliche Nachricht-
Von: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Gesendet: Freitag, 27. Februar 2015 15:39
An: Tomcat Users List
Betreff: Re: Persistance on Tomcat 8.0 and Cluster

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel,

On 2/27/15 9:24 AM, Daniel Mikusa wrote:
 On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler 
 adied...@tecracer.de wrote:
 
 Hello Daniel, That you for your reply. You mean, that session 
 persistance was enabled and a failover was recordnized by the 
 loadbalancer and the session was still available on the remaining 
 node?
 
 
 No. I'm just talking about your configuration.  You have two 
 conflicting things configured.
 
 1.) You have a session store created.  This is going to store your 
 sessions into the database.  It's *not* clustering (at least by the 
 definition Tomcat uses), but can be an effective way to share sessions 
 across multiple Tomcat instances.
 
 2.) You have a cluster defined.  This is going to tell Tomcat to 
 replicate session data directly between your Tomcat nodes.  As you 
 pointed out previously, this can be problematic on AWS where they 
 don't support multicast.  It's also conflicting with #1, which is what 
 the error you reported is telling you.
 
 In short, remove the Cluster/ tag, the error should go away.

Are you sure that's best? If the goal is uninterrupted fail-over, then perhaps 
using the BackupManager or DeltaManager with static membership is the better 
strategy.

I guess the real question is for the OP: do you need clustering (i.e.
session replication between nodes) or is it okay if a user has to login again 
and possibly re-start a workflow if they get failed-over to another node?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJU8IGMAAoJEBzwKT+lPKRY5SQQAIPfDPyKNssUyEOJw5ouA9Qw
7chcfdhWVjiF83ecdXbZSxzS9hRi0l4pNdXVmU/LLQGNGfg+idtusrrG+fa4A4iE
xrs36Wt5DCN2+ejCFlWbrW1Ixk58DTLVdXMJ+F67QTIEp59MmKpGOdTXWlWKs8HI
Xgpq8hEJPMJbaUcEPu87iJbLviVoeWJD9i0TEeA/dcjdl0sR+WdH/VGBtS0TaAkX
ZMaR0Tkp/Fx4hLWUwe2s5QFrQ6n8Mpeggr76owXuSSD2+J0PYPkezs/ctvssn7OJ
YhHWPV5OQ52/YY3FFI5e8pEJZeX2D+FT+XS0CzI7EKsJ+UD9RgU/RVRv/iuKnLA9
GImVr2aAAycCnqGZzDyOrMpO0MfHw9SqLttLdliX8HI383WODYNbrKoON6KaAQRK
MSwqbZ/YJcDczXVjzHxJZnggvhg2IYupQ89quSpf47kKL6bBw3607feiURegvSd5
+xiONk3OifRDbcEv/Q3fGwU5rMYzPaf3f/6Jx0/j9jq/ijVKDUI0fvkqaZnCAev4
o7p67AT6iyH31haRtLL72XFWm6/63hLXQ94qecOKyneAxu8/eWh+ajltAi28mMbk
GFI4iqQCcij9gjcGX++dDoNoe9qGsDj5ZIhVTWXC4hEnsZF64yQG+KHJ+Gss9JV7
rbRTDWfS/YlVI/sBMiUz
=KZKi
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Persistance on Tomcat 8.0 and Cluster

[Daniel Mikusa]

On Fri, Feb 27, 2015 at 9:39 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Daniel,

 On 2/27/15 9:24 AM, Daniel Mikusa wrote:
  On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler
  adied...@tecracer.de wrote:
 
  Hello Daniel, That you for your reply. You mean, that session
  persistance was enabled and a failover was recordnized by the
  loadbalancer and the session was still available on the
  remaining node?
 
 
  No. I'm just talking about your configuration.  You have two
  conflicting things configured.
 
  1.) You have a session store created.  This is going to store your
  sessions into the database.  It's *not* clustering (at least by
  the definition Tomcat uses), but can be an effective way to share
  sessions across multiple Tomcat instances.
 
  2.) You have a cluster defined.  This is going to tell Tomcat to
  replicate session data directly between your Tomcat nodes.  As you
  pointed out previously, this can be problematic on AWS where they
  don't support multicast.  It's also conflicting with #1, which is
  what the error you reported is telling you.
 
  In short, remove the Cluster/ tag, the error should go away.

 Are you sure that's best?


My intent was just to answer the question that was asked.  I was trying to
stay out of this part of the discussion :)


 If the goal is uninterrupted fail-over, then
 perhaps using the BackupManager or DeltaManager with static membership
 is the better strategy.


+1 I generally prefer session replication and if static membership will
work I'd agree that's the way to go.  Sometimes that is tricky on AWS
because the IP addresses can change, then your config needs updated and it
can get messy.

On the subject of what's better, when using a shared storage approach for
sessions you'd probably want to go with Redis or Memcached and not a JDBC
backed store.  Performance should be much better.

Dan


 I guess the real question is for the OP: do you need clustering (i.e.
 session replication between nodes) or is it okay if a user has to
 login again and possibly re-start a workflow if they get failed-over
 to another node?

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJU8IGMAAoJEBzwKT+lPKRY5SQQAIPfDPyKNssUyEOJw5ouA9Qw
 7chcfdhWVjiF83ecdXbZSxzS9hRi0l4pNdXVmU/LLQGNGfg+idtusrrG+fa4A4iE
 xrs36Wt5DCN2+ejCFlWbrW1Ixk58DTLVdXMJ+F67QTIEp59MmKpGOdTXWlWKs8HI
 Xgpq8hEJPMJbaUcEPu87iJbLviVoeWJD9i0TEeA/dcjdl0sR+WdH/VGBtS0TaAkX
 ZMaR0Tkp/Fx4hLWUwe2s5QFrQ6n8Mpeggr76owXuSSD2+J0PYPkezs/ctvssn7OJ
 YhHWPV5OQ52/YY3FFI5e8pEJZeX2D+FT+XS0CzI7EKsJ+UD9RgU/RVRv/iuKnLA9
 GImVr2aAAycCnqGZzDyOrMpO0MfHw9SqLttLdliX8HI383WODYNbrKoON6KaAQRK
 MSwqbZ/YJcDczXVjzHxJZnggvhg2IYupQ89quSpf47kKL6bBw3607feiURegvSd5
 +xiONk3OifRDbcEv/Q3fGwU5rMYzPaf3f/6Jx0/j9jq/ijVKDUI0fvkqaZnCAev4
 o7p67AT6iyH31haRtLL72XFWm6/63hLXQ94qecOKyneAxu8/eWh+ajltAi28mMbk
 GFI4iqQCcij9gjcGX++dDoNoe9qGsDj5ZIhVTWXC4hEnsZF64yQG+KHJ+Gss9JV7
 rbRTDWfS/YlVI/sBMiUz
 =KZKi
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Persistance on Tomcat 8.0 and Cluster

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel,

On 2/27/15 10:00 AM, Daniel Mikusa wrote:
 On Fri, Feb 27, 2015 at 9:39 AM, Christopher Schultz  
 ch...@christopherschultz.net wrote:
 
 Daniel,
 
 On 2/27/15 9:24 AM, Daniel Mikusa wrote:
 On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler 
 adied...@tecracer.de wrote:
 
 Hello Daniel, That you for your reply. You mean, that
 session persistance was enabled and a failover was
 recordnized by the loadbalancer and the session was still
 available on the remaining node?
 
 
 No. I'm just talking about your configuration.  You have two 
 conflicting things configured.
 
 1.) You have a session store created.  This is going to store
 your sessions into the database.  It's *not* clustering (at
 least by the definition Tomcat uses), but can be an effective
 way to share sessions across multiple Tomcat instances.
 
 2.) You have a cluster defined.  This is going to tell Tomcat
 to replicate session data directly between your Tomcat nodes.
 As you pointed out previously, this can be problematic on AWS
 where they don't support multicast.  It's also conflicting
 with #1, which is what the error you reported is telling
 you.
 
 In short, remove the Cluster/ tag, the error should go
 away.
 
 Are you sure that's best?
 
 
 My intent was just to answer the question that was asked.  I was
 trying to stay out of this part of the discussion :)
 
 
 If the goal is uninterrupted fail-over, then perhaps using the
 BackupManager or DeltaManager with static membership is the better
 strategy.
 
 
 +1 I generally prefer session replication and if static
 membership will work I'd agree that's the way to go.  Sometimes
 that is tricky on AWS because the IP addresses can change, then
 your config needs updated and it can get messy.

Once booted, the IP address won't change, but you are right: if you
want to be agile on AWS (which is kind of the whole point), then you
have to figure out how to play the IP address game.

One option is using something like n2n to create a network space where
multicast can work. It seems like a total pain in the neck to me, though.

 On the subject of what's better, when using a shared storage
 approach for sessions you'd probably want to go with Redis or
 Memcached and not a JDBC backed store.  Performance should be
 much better.

Although I've neither tried nor benchmarked either of these solutions,
I suspect that you are correct in that some kind of key-value store is
going to give higher performance than a relational database. Note that
Memcached in particular is totally ephemeral (without some heroic
measures) and so your session store can disappear on you if you aren't
careful.

If the OP wants the user's login to follow them, I think formal
clustering is required, depending upon the authentication setup:
without clustering, I think Tomcat will require a re-login on
fail-over unless session replication has been enabled, because certain
authentication information is tied to the session but not in session
attributes (which are the only things stored in the database when
using PersistentStore). Then again, I have zero experience with this
and may be completely incorrect.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJU8JEiAAoJEBzwKT+lPKRYjZYP/ieEXmqG4Kh3MAg+jo6aWzTV
QmFG+iRFme7yV6EU/e7R57RgqqY9NW+RxMOyI9/kxIlQRleDTcMeSDWchymf/KoY
ITdKN7+la/PqUzEvyrehqaO8L7RpNNaaUMnhxSNiVfgD2zlbPq/85XZzSUauUxlA
2aiT7dig1dIT6S729rsg2wNIzMSriVLhP1D2N3rwBvEVarccxehFVXDz//xYdtJU
bWEZVUQLdu4J6Qzx9q8mQSyP3Gho3zi52qQ6YhLglMoIZEJU/v1ImGGpLYlmyr/C
nOg3dKVc469q5xqRPEphwr9XGcM4fM3K6qelDz9L9e0OpbBb3rU5a92D0nAQM8xe
Blr2JahaZdXJrsOvz8gqHzet0SUI4pEgANFhB+66Lw6dZejIHCK6eTdgpvgyBvIY
Mz6zRID+5u6ftaZzhtPUDOzHj7kP5u8zdmrSITF/g9Ryqw4a2lem4DML01UQM++v
LcdfTRujDlwBz9ktr7gVS6mpzMtwoLB0IhEY0D26sBXZIIQkWGr7dYFYJn6Zq79P
/2yy7ZqIwDr0Onh97w0vVto1arr5ivBTMna9wbE565cq+minzIHPi6kTlNFMBH6S
YPca8Wl2G/zm25OF8Y9m8LKDf65wKM6ZOjjCFGOiK2ywnFxj2OuCcuKdNcoe2h5F
FRPI7jfq4mAAcWQRuyKD
=ABjN
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: Persistance on Tomcat 8.0 and Cluster

[Alexander Diedler]

Hello,
Thanks for your ideas and best practises. This solution is for a bank and this 
peoples are very reserved about hip technologies. The only goal ist o have 
High Availability, not load balancing. So we put the session information in a 
different Microsoft SQL 2008 database, that is independent from the application 
database.

Best regards
Alexander


-Ursprüngliche Nachricht-
Von: Daniel Mikusa [mailto:dmik...@pivotal.io] 
Gesendet: Freitag, 27. Februar 2015 16:01
An: Tomcat Users List
Betreff: Re: Persistance on Tomcat 8.0 and Cluster

On Fri, Feb 27, 2015 at 9:39 AM, Christopher Schultz  
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Daniel,

 On 2/27/15 9:24 AM, Daniel Mikusa wrote:
  On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler 
  adied...@tecracer.de wrote:
 
  Hello Daniel, That you for your reply. You mean, that session 
  persistance was enabled and a failover was recordnized by the 
  loadbalancer and the session was still available on the remaining 
  node?
 
 
  No. I'm just talking about your configuration.  You have two 
  conflicting things configured.
 
  1.) You have a session store created.  This is going to store your 
  sessions into the database.  It's *not* clustering (at least by the 
  definition Tomcat uses), but can be an effective way to share 
  sessions across multiple Tomcat instances.
 
  2.) You have a cluster defined.  This is going to tell Tomcat to 
  replicate session data directly between your Tomcat nodes.  As you 
  pointed out previously, this can be problematic on AWS where they 
  don't support multicast.  It's also conflicting with #1, which is 
  what the error you reported is telling you.
 
  In short, remove the Cluster/ tag, the error should go away.

 Are you sure that's best?


My intent was just to answer the question that was asked.  I was trying to stay 
out of this part of the discussion :)


 If the goal is uninterrupted fail-over, then perhaps using the 
 BackupManager or DeltaManager with static membership is the better 
 strategy.


+1 I generally prefer session replication and if static membership will
work I'd agree that's the way to go.  Sometimes that is tricky on AWS because 
the IP addresses can change, then your config needs updated and it can get 
messy.

On the subject of what's better, when using a shared storage approach for 
sessions you'd probably want to go with Redis or Memcached and not a JDBC 
backed store.  Performance should be much better.

Dan


 I guess the real question is for the OP: do you need clustering (i.e.
 session replication between nodes) or is it okay if a user has to 
 login again and possibly re-start a workflow if they get failed-over 
 to another node?

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJU8IGMAAoJEBzwKT+lPKRY5SQQAIPfDPyKNssUyEOJw5ouA9Qw
 7chcfdhWVjiF83ecdXbZSxzS9hRi0l4pNdXVmU/LLQGNGfg+idtusrrG+fa4A4iE
 xrs36Wt5DCN2+ejCFlWbrW1Ixk58DTLVdXMJ+F67QTIEp59MmKpGOdTXWlWKs8HI
 Xgpq8hEJPMJbaUcEPu87iJbLviVoeWJD9i0TEeA/dcjdl0sR+WdH/VGBtS0TaAkX
 ZMaR0Tkp/Fx4hLWUwe2s5QFrQ6n8Mpeggr76owXuSSD2+J0PYPkezs/ctvssn7OJ
 YhHWPV5OQ52/YY3FFI5e8pEJZeX2D+FT+XS0CzI7EKsJ+UD9RgU/RVRv/iuKnLA9
 GImVr2aAAycCnqGZzDyOrMpO0MfHw9SqLttLdliX8HI383WODYNbrKoON6KaAQRK
 MSwqbZ/YJcDczXVjzHxJZnggvhg2IYupQ89quSpf47kKL6bBw3607feiURegvSd5
 +xiONk3OifRDbcEv/Q3fGwU5rMYzPaf3f/6Jx0/j9jq/ijVKDUI0fvkqaZnCAev4
 o7p67AT6iyH31haRtLL72XFWm6/63hLXQ94qecOKyneAxu8/eWh+ajltAi28mMbk
 GFI4iqQCcij9gjcGX++dDoNoe9qGsDj5ZIhVTWXC4hEnsZF64yQG+KHJ+Gss9JV7
 rbRTDWfS/YlVI/sBMiUz
 =KZKi
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.0

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alfonso,

On 3/11/14, 5:31 PM, Gallegos, Alfonso wrote:
 Does anyone have an idea when the first stable version of tomcat 8
 will be released?

When it's ready.

Have you done any personal testing on the latest beta (8.0.3)?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTIGdyAAoJEBzwKT+lPKRYUzEP+gLZQo40ihs/7AU1Yfhpb+hb
UMLhiQci+mCZQAXJAWQbC3eHmQ1Xpkk5hcRGJjGKnNfpmE1V7tDFY0jHbQudvMSA
PAKx8EXGxhfNDdZZdesqatYjcajPuN9uOy1DXDdt8lwGB+EjdPQ2kLOJ4HK0uwm5
9V+UwCaDybcoUDKr+a+0nvIf3flQB+WKSQ7AtRXh0ZuXQ1kOo56v16BcoCNd1WNv
m2IqcOgC1XCgNDa9ZaQxBzRCcQMgNfl0EgLG/h66MvxNamOYCwGCjPPS79318LR0
4WGmCjlGH0YTy6hGWWV69l3nll3tzjJk25J9drMDajVmk2z1wbaMimAuEfbq4M5C
2MXnYYPKnEz2k06vTMcU/8tMBuOCmPuFVGqxPZ54wJSX69msiQH9aJF1I4SJQwhg
0SJACBaY7WVmj3Gv92QYUAUm+s7ydZBLNS63vEv4LEge3M9YkdRs/0+GkQerrzZA
ON/Ih0vYKxomnx69hc2qnMZqbaMhAv+4H5EhKIKx0czVMCMsyV52ysQOyLKXWKFq
dnEt4QnpZr5osdp0GGHV6BAZC1+OHgXOHaaxiXvjGldX9rG6xvmEgE1EH6640waM
iTHuDC9ErEuwo3JdS3ok7dI8V2cd6x9vm2SU9waRLPfO+lYK4DiUsE242ff+ohCL
CypF3Xb5yyQvksSIhOjd
=rbRi
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 8.0

[Gallegos, Alfonso]

Does anyone have an idea when the first stable version of tomcat 8 will be 
released?

Thanks.
Visit us on the Web at mesirowfinancial.com

This communication may contain privileged and/or confidential information. It 
is intended solely for the use of the addressee. If you are not the intended 
recipient, you are strictly prohibited from disclosing, copying, distributing 
or using any of this information. If you received this communication in error, 
please contact the sender immediately and destroy the material in its entirety, 
whether electronic or hard copy. Confidential, proprietary or time-sensitive 
communications should not be transmitted via the Internet, as there can be no 
assurance of actual or timely delivery, receipt and/or confidentiality. This is 
not an offer, or solicitation of any offer to buy or sell any security, 
investment or other product.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Deploy a website downloaded from internet using wget (Tomcat 8.0 RC)

[Vikram Singh]

Hi

I downloaded a website say test.org using wget utility. Now I want to
deploy in Apache Tomcat 8.0 RC. That I have done it.

But I want to do in this manner that I want to access test.org locally
from my browser as if I am browsing on the internet because links in
the test.org refers to itself. Because when I click any link it goes to
Internet
and not to my locally saved website.

I do not know how to do this. I also searched in the Internet.

Please help
Thanks

Vikram

Re: Deploy a website downloaded from internet using wget (Tomcat 8.0 RC)

[Albert Kam]

Why not create a local copy with the links converted ?
Take a look at
http://stackoverflow.com/questions/6348289/download-a-working-local-copy-of-a-webpage


On Wed, Sep 18, 2013 at 12:09 AM, Vikram Singh vsp1...@gmail.com wrote:

 Hi

 I downloaded a website say test.org using wget utility. Now I want to
 deploy in Apache Tomcat 8.0 RC. That I have done it.

 But I want to do in this manner that I want to access test.org locally
 from my browser as if I am browsing on the internet because links in
 the test.org refers to itself. Because when I click any link it goes to
 Internet
 and not to my locally saved website.

 I do not know how to do this. I also searched in the Internet.

 Please help
 Thanks

 Vikram




-- 
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)

Re: Deploy a website downloaded from internet using wget (Tomcat 8.0 RC)

[Nicholas Violi]

Hi Vikram,

 But I want to do in this manner that I want to access test.org locally
 from my browser as if I am browsing on the internet because links in
 the test.org refers to itself. Because when I click any link it goes to
 Internet
 and not to my locally saved website.


You should be able to edit your hosts file by adding a line like
127.0.0.1 test.org
which will override the dns lookup to test.org's true IP address.

See http://en.wikipedia.org/wiki/Hosts_file for the location of the hosts
file on your platform.