Re: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Abhishek, On 1/10/17 8:03 AM, Kumar, Abhishek (IT Information Services ) wrote: > Hi Peter, > > Thank You! > > So, the solution would be to switch to the upgraded version for > this fix? You could also completely remove access to the manager application from untrusted IP addresses/ranges. IIRC CSRF tokens are only generated once the user has been allowed to access the application. So using e.g. RemoteAddressFilter before CSRF filter should protect against an unauthenticated attacker from gaining a CSRF token. But your version of Tomcat is quite old (more than 2 years out of date), so upgrading should be on your short list of things to do. http://tomcat.apache.org/security-8.html - -chris > -Original Message- From: Kreuser, Peter > [mailto:pkreu...@airplus.com] Sent: Tuesday, January 10, 2017 5:25 > PM To: Tomcat Users List <users@tomcat.apache.org> Subject: AW: > Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token > > Hi Abishek, > >> -Ursprüngliche Nachricht- Von: Kumar, Abhishek (IT >> Information Services ) >> [mailto:abhishek.kum...@originenergy.com.au] Gesendet: Dienstag, >> 10. Januar 2017 12:17 An: users@tomcat.apache.org Betreff: >> Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token >> >> >> Hi, >> >> The Apache Tomcat web server running on the Load balancer is >> affected by an information disclosure vulnerability in the index >> page of the Manager and Host Manager applications. An >> unauthenticated attacker can exploit this vulnerability to obtain >> a valid cross-site request forgery (CSRF) token during the >> redirect issued when requesting /manager/ or /host-manager/. This >> token can be utilized by an attacker to construct a CSRF attack. >> >> This is a Vulnerability issue with Tomcat 8.0.15. >> >> We have this version of Tomcat installed in our Servers. >> >> As suggested by Tomcat, this has been addressed and fixed after >> 8.0.32 versions. >> >> Restrict access to the /manager URL from unauthorised IP >> addresses by implementing access control lists that only permit >> authorised management stations or subnets. For more information, >> see: >> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org _security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32=DgIFAg=Zg VRmm3mf2P1-XDAyDsu4A=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs=54n d4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I 8Aqk6kymbu3u2k= >> >> >> >> But, We do not want to upgrade the Tomcat right now. >> >> Is there a way to implement this fix in our current Tomcat >> Version. >> >> >> Kind Regards, Abhishek Kumar >> >> Note: This email, including any attachments, is confidential. If >> you have received this email in error, please advise the sender >> and delete it and all copies of it from your system. If you are >> not the intended recipient of this email, you must not use, >> print, distribute, copy or disclose its content to anyone >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > from a security standpoint there is no way around updating. > > Specifically the CSRF attack is executed from the client, so > whoever is at one of the authorized management stations will be > executing the CSRF requests. > > Aside from this one vulnerability all versions up to the current > 8.0.40 fix a whole load of flaws. So whenever you restrict access > to the management console (via RemoteAddrValve), all other > vulnerabilities that are more than Info disclosures will still > persist. > > Best regards > > Peter > > > Peter Kreuser AirPlus International Security Officer - Application > Development > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdUNLAAoJEBzwKT+lPKRYZ80P/3DNa4kW6z8cB1sdmm6GUK8O Y7f0uzEYIIlirTqy091taJI7eH3jXpURtA2gJMy7LXFfTLkLFGOiM4FqPZdSQy
RE: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
Hi Peter, Thank You! So, the solution would be to switch to the upgraded version for this fix? Thanks and Regards, Abhishek Kumar -Original Message- From: Kreuser, Peter [mailto:pkreu...@airplus.com] Sent: Tuesday, January 10, 2017 5:25 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: AW: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token Hi Abishek, > -Ursprüngliche Nachricht- > Von: Kumar, Abhishek (IT Information Services ) > [mailto:abhishek.kum...@originenergy.com.au] > Gesendet: Dienstag, 10. Januar 2017 12:17 > An: users@tomcat.apache.org > Betreff: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token > > > Hi, > > The Apache Tomcat web server running on the Load balancer is affected by an > information disclosure vulnerability in the index page of the Manager and > Host Manager applications. An unauthenticated attacker can exploit this > vulnerability to obtain a valid cross-site request forgery (CSRF) token > during the redirect issued when requesting /manager/ or /host-manager/. This > token can be utilized by an attacker to construct a CSRF attack. > > This is a Vulnerability issue with Tomcat 8.0.15. > > We have this version of Tomcat installed in our Servers. > > As suggested by Tomcat, this has been addressed and fixed after 8.0.32 > versions. > > Restrict access to the /manager URL from unauthorised IP addresses by > implementing access control lists that only permit authorised management > stations or subnets. For more information, see: > > https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32=DgIFAg=ZgVRmm3mf2P1-XDAyDsu4A=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k= > > > But, We do not want to upgrade the Tomcat right now. > > Is there a way to implement this fix in our current Tomcat Version. > > > Kind Regards, > Abhishek Kumar > > Note: This email, including any attachments, is confidential. If you have > received this email in error, please advise the sender and delete it and all > copies of it from your system. If you are not the intended recipient of this > email, you must not use, print, distribute, copy or disclose its content to > anyone > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > from a security standpoint there is no way around updating. Specifically the CSRF attack is executed from the client, so whoever is at one of the authorized management stations will be executing the CSRF requests. Aside from this one vulnerability all versions up to the current 8.0.40 fix a whole load of flaws. So whenever you restrict access to the management console (via RemoteAddrValve), all other vulnerabilities that are more than Info disclosures will still persist. Best regards Peter Peter Kreuser AirPlus International Security Officer - Application Development - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
Hi Abishek, > -Ursprüngliche Nachricht- > Von: Kumar, Abhishek (IT Information Services ) > [mailto:abhishek.kum...@originenergy.com.au] > Gesendet: Dienstag, 10. Januar 2017 12:17 > An: users@tomcat.apache.org > Betreff: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token > > > Hi, > > The Apache Tomcat web server running on the Load balancer is affected by an > information disclosure vulnerability in the index page of the Manager and > Host Manager applications. An unauthenticated attacker can exploit this > vulnerability to obtain a valid cross-site request forgery (CSRF) token > during the redirect issued when requesting /manager/ or /host-manager/. This > token can be utilized by an attacker to construct a CSRF attack. > > This is a Vulnerability issue with Tomcat 8.0.15. > > We have this version of Tomcat installed in our Servers. > > As suggested by Tomcat, this has been addressed and fixed after 8.0.32 > versions. > > Restrict access to the /manager URL from unauthorised IP addresses by > implementing access control lists that only permit authorised management > stations or subnets. For more information, see: > > https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32=DgIFAg=ZgVRmm3mf2P1-XDAyDsu4A=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k= > > > But, We do not want to upgrade the Tomcat right now. > > Is there a way to implement this fix in our current Tomcat Version. > > > Kind Regards, > Abhishek Kumar > > Note: This email, including any attachments, is confidential. If you have > received this email in error, please advise the sender and delete it and all > copies of it from your system. If you are not the intended recipient of this > email, you must not use, print, distribute, copy or disclose its content to > anyone > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > from a security standpoint there is no way around updating. Specifically the CSRF attack is executed from the client, so whoever is at one of the authorized management stations will be executing the CSRF requests. Aside from this one vulnerability all versions up to the current 8.0.40 fix a whole load of flaws. So whenever you restrict access to the management console (via RemoteAddrValve), all other vulnerabilities that are more than Info disclosures will still persist. Best regards Peter Peter Kreuser AirPlus International Security Officer - Application Development - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
Hi, The Apache Tomcat web server running on the Load balancer is affected by an information disclosure vulnerability in the index page of the Manager and Host Manager applications. An unauthenticated attacker can exploit this vulnerability to obtain a valid cross-site request forgery (CSRF) token during the redirect issued when requesting /manager/ or /host-manager/. This token can be utilized by an attacker to construct a CSRF attack. This is a Vulnerability issue with Tomcat 8.0.15. We have this version of Tomcat installed in our Servers. As suggested by Tomcat, this has been addressed and fixed after 8.0.32 versions. Restrict access to the /manager URL from unauthorised IP addresses by implementing access control lists that only permit authorised management stations or subnets. For more information, see: https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32=DgIFAg=ZgVRmm3mf2P1-XDAyDsu4A=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k= But, We do not want to upgrade the Tomcat right now. Is there a way to implement this fix in our current Tomcat Version. Kind Regards, Abhishek Kumar Note: This email, including any attachments, is confidential. If you have received this email in error, please advise the sender and delete it and all copies of it from your system. If you are not the intended recipient of this email, you must not use, print, distribute, copy or disclose its content to anyone - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.15 - error using Web Services
Hi Marina, did you manage to solve your problem? I'm running into the same issue that relative URLs are note resolved while loading the XSD Definitions in Tomcat 8.0.30. Below you'll find my stacktrace. Thanks in advance Joern java.lang.IllegalArgumentException: The resource path [/./../../metadaten/fachlich/fachliche-metadaten.xsd] has been normalized to [null] which is not valid at org.apache.catalina.webresources.StandardRoot.validate(StandardRoot.java:265) ~[tomcat-embed-core-8.0.30.jar:8.0.30] at org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:212) ~[tomcat-embed-core-8.0.30.jar:8.0.30] at org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:206) ~[tomcat-embed-core-8.0.30.jar:8.0.30] at org.apache.catalina.core.ApplicationContext.getResource(ApplicationContext.java:554) ~[tomcat-embed-core-8.0.30.jar:8.0.30] at org.apache.catalina.core.ApplicationContextFacade.getResource(ApplicationContextFacade.java:199) ~[tomcat-embed-core-8.0.30.jar:8.0.30] at org.apache.cxf.transport.servlet.ServletContextResourceResolver.resolve(ServletContextResourceResolver.java:82) ~[cxf-rt-transports-http-3.1.4.jar:3.1.4] at org.apache.cxf.resource.DefaultResourceManager.findResource(DefaultResourceManager.java:113) ~[cxf-core-3.1.4.jar:3.1.4] at org.apache.cxf.resource.DefaultResourceManager.resolveResource(DefaultResourceManager.java:58) ~[cxf-core-3.1.4.jar:3.1.4] at org.apache.cxf.ws.addressing.EndpointReferenceUtils$SchemaLSResourceResolver.resolveResource(EndpointReferenceUtils.java:150) ~[cxf-core-3.1.4.jar:3.1.4] at com.sun.org.apache.xerces.internal.util.DOMEntityResolverWrapper.resolveEntity(DOMEntityResolverWrapper.java:117) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.resolveEntity(XMLEntityManager.java:1082) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.resolveDocument(XMLSchemaLoader.java:657) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.resolveSchema(XSDHandler.java:2048) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.constructTrees(XSDHandler.java:1004) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.constructTrees(XSDHandler.java:1116) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.constructTrees(XSDHandler.java:1116) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.constructTrees(XSDHandler.java:1116) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.parseSchema(XSDHandler.java:616) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadSchema(XMLSchemaLoader.java:613) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar(XMLSchemaLoader.java:572) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar(XMLSchemaLoader.java:538) ~[na:1.8.0_66] at com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory.newSchema(XMLSchemaFactory.java:255) ~[na:1.8.0_66] at org.apache.cxf.ws.addressing.EndpointReferenceUtils.createSchema(EndpointReferenceUtils.java:626) [cxf-core-3.1.4.jar:3.1.4] at org.apache.cxf.ws.addressing.EndpointReferenceUtils.getSchema(EndpointReferenceUtils.java:672) [cxf-core-3.1.4.jar:3.1.4] at org.apache.cxf.interceptor.AbstractInDatabindingInterceptor.setDataReaderValidation(AbstractInDatabindingInterceptor.java:116) [cxf-core-3.1.4.jar:3.1.4] at org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:162) [cxf-rt-wsdl-3.1.4.jar:3.1.4] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.4.jar:3.1.4] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.1.4.jar:3.1.4] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251) [cxf-rt-transports-http-3.1.4.jar:3.1.4] at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.1.4.jar:3.1.4] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.1.4.jar:3.1.4] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.1.4.jar:3.1.4] at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180) [cxf-rt-transports-http-3.1.4.jar:3.1.4] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
Re: Tomcat 8.0.15
On 29/01/2016 18:18, juliesur wrote: > My webapp does show poor performance and stops responding after a while , > with these errors in the log. > I have been unable to replicate the issue in my testing environment during > load testing. > The error appears only in production . > > I haven't tried another connector or diff tomcat version. I want to confirm > this as a bug before suggesting the team to upgrade or make changes. The evidence points to an application bug. You are getting an NPE from the Context. That suggests the Request has been recycled and something in the application is retaining a reference to the Request and trying to use it. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 8.0.15
My webapp does show poor performance and stops responding after a while , with these errors in the log. I have been unable to replicate the issue in my testing environment during load testing. The error appears only in production . I haven't tried another connector or diff tomcat version. I want to confirm this as a bug before suggesting the team to upgrade or make changes. -- View this message in context: http://tomcat.10.x6.nabble.com/Re-Tomcat-8-0-15-tp5044779p5045814.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 8.0.15
> From: Julie Sur [mailto:julie...@gmail.com] > Subject: Re: Tomcat 8.0.15 > I am using tomcat 8.0.15, jdk1.8.0_45 with my application and I am seeing > below errors in my log. Is this a bug with the tomcat version that I am > using ? Could be, but it's more likely an application bug. Try running with the current level (8.0.30). > TomcatLog Error processing request java.lang.NullPointerException > at > org.apache.catalina.connector.Request.notifyAttributeAssigned(Request.java:1492) Is your webapp hanging onto a request or response object after the request has completed? Typical errors include storing the reference in a ThreadLocal, servlet instance field, or static field. > TomcatLog Error finishing response java.lang.NullPointerException > at > org.apache.coyote.http11.InternalNioOutputBuffer.flushBuffer(InternalNioOutputBuffer.java:234) Have you tried one of the other types? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.15
Resending the email as I got failure notification earlier Thanks Julie On Thu, Jan 7, 2016 at 12:44 PM, Julie Sur <julie...@gmail.com> wrote: > Hi, > I am using tomcat 8.0.15, jdk1.8.0_45 with my application and I am seeing > below errors in my log. Is this a bug with the tomcat version that I am > using ? > > TomcatLog Error processing request java.lang.NullPointerException > at > org.apache.catalina.connector.Request.notifyAttributeAssigned(Request.java:1492) > > at > org.apache.catalina.connector.Request.setAttribute(Request.java:1482) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) > > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1085) > > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658) > > at > org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222) > > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1556) > > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1513) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:745) > > and > TomcatLog Error finishing response java.lang.NullPointerException > at > org.apache.coyote.http11.InternalNioOutputBuffer.flushBuffer(InternalNioOutputBuffer.java:234) > > at > org.apache.coyote.http11.InternalNioOutputBuffer.addToBB(InternalNioOutputBuffer.java:189) > > at > org.apache.coyote.http11.InternalNioOutputBuffer.commit(InternalNioOutputBuffer.java:177) > > at > org.apache.coyote.http11.AbstractHttp11Processor.action(AbstractHttp11Processor.java:739) > > at org.apache.coyote.Response.action(Response.java:179) > at > org.apache.coyote.http11.AbstractOutputBuffer.endRequest(AbstractOutputBuffer.java:369) > > at > org.apache.coyote.http11.AbstractHttp11Processor.endRequest(AbstractHttp11Processor.java:1773) > > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1142) > > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658) > > at > org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222) > > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1556) > > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1513) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:745) > > Thank you for looking into this > Julie Sur >
Re: PNG images are served intermittently in Apache Tomcat 8.0.15
On 31/03/2015 10:29, Selvakumar Sellamuthu Ayyavu wrote: Question: Is it a known problem? No. If so, can I get a link from issue tracker? N/A. Can I have a work around? N/A. If you want more info, please let me know... 1. Do you see the issue with Apache Tomcat 8.0.21? 2. If yes, please provide the steps to reproduce the issue from a clean install of Apache Tomcat 8.0.21 downloaded from the ASF. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
PNG images are served intermittently in Apache Tomcat 8.0.15
Hi All, Problem: PNG images are served intermittently from Apache Tomcat 8.0.15 in IE8 Platform: Windows Server 2008 Description: I have recently migrated from Tomcat 7 to Tomcat 8. Everything is working fine in Tomcat 8. Except these PNGs. But when I run WAR in Tomcat 7 these problems are not happening. This happens only with IE8 +tomcat 8 combination. I gone thru server logs and app logs and found no clues. So I was searching for reason and captured network logs . PFA! What I found peculiar is, whenever IE8 didn't show the PNGs, the amount of bytes received where 1 byte and it will have 7577 bytes when IE 8 shows image. CSS code: #header{background:url(../images/header/header.png) #3C4981 left top no-repeat;position:relative;width:960px;} HTML code: div id=header/ Also post a question in http://serverfault.com/questions/679514/png-images-are-truncated-and-served-intermittently-from-apache-tomcat-8-0-15 Question: Is it a known problem? If so, can I get a link from issue tracker? Can I have a work around? If you want more info, please let me know.. Thanks and Regards, Selvakumar.A.S HCL Technologies,Chennai ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. entry pageref0/pageref startedDateTime2015-03-30T16:08:25.690+00:00/startedDateTime time93/time request methodGET/method urlhttps://cit2b.usr51/gsportal/resources/images/header/hsbc-beam-react-blue.png/url httpVersionHTTP/1.1/httpVersion cookies cookie nameJSESSIONID/name valueD3449B609856469C0AF05DBB111D0A85/value /cookie cookie nameGSActive/name valuetrue/value /cookie /cookies headers header nameAccept/name valueimage/png, image/svg+xml, image/*;q=0.8, */*;q=0.5/value /header header nameReferer/name valuehttps://cit2b.usr51/gsportal/portal/home?execution=e1s2amp;1977430702=16-0-6887994D00888A5AA6369FF487640D5B/value /header header nameAccept-Language/name valueen-GB/value /header header nameUser-Agent/name valueMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)/value /header header nameAccept-Encoding/name valuegzip, deflate/value /header header
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Hi, I send you the patch from 8.0.15 Tell me if it doesn't match with what you expected Kind regards, Jérémie Index: RewriteValve.java === --- RewriteValve.java(revision 1661627) +++ RewriteValve.java(working copy) @@ -45,6 +45,11 @@ import org.apache.catalina.connector.Response; import org.apache.catalina.util.LifecycleSupport; import org.apache.catalina.valves.ValveBase; +import org.apache.catalina.valves.rewrite.Resolver; +import org.apache.catalina.valves.rewrite.ResolverImpl; +import org.apache.catalina.valves.rewrite.RewriteCond; +import org.apache.catalina.valves.rewrite.RewriteMap; +import org.apache.catalina.valves.rewrite.RewriteRule; import org.apache.tomcat.util.buf.CharChunk; import org.apache.tomcat.util.buf.MessageBytes; import org.apache.tomcat.util.net.URL; @@ -472,11 +477,31 @@ chunk.append(host.toString()); request.getCoyoteRequest().serverName().toChars(); } + +boolean folderRedirect = false; +try{ +request.getMappingData().recycle(); + request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), +null, request.getMappingData()); + if(request.getMappingData().redirectPath.toString()!=null){ +folderRedirect = true; +} +} catch (Exception e){ +//ignore +} + request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); + +if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ + if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ +String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); +response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); +} +} } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } Le 20/02/2015 18:03, Konstantin Kolinko a écrit : 2015-02-20 19:41 GMT+03:00 Christopher Schultz ch...@christopherschultz.net: Jérémie, On 2/20/15 4:48 AM, Jérémie Barthés wrote: instead of just a snippet of fixed code Sorry Chris,i didn't read this. How do you want me to provide the patch ? Presumably, you have a copy of the source code. If you checked-out from svn, just do this: /path/to/tomcat-8.0.15 $ svn diff patch.file and post the patch file. If you just downloaded the source in e.g. ZIP, tarball, etc., re-fetch a pristine copy of the file and then do: /path/to/tomcat-8.0.15 $ diff path/to/original/RewriteValve.java \ java/org/apache/catalina/valves/rewrite/RewriteValve.java \ patch.file The above command shall use diff -u to generate Unified Diff format. Documentation: http://tomcat.apache.org/bugreport.html#How_to_submit_patches_and_enhancement_requests Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Index: RewriteValve.java === --- RewriteValve.java (revision 1661627) +++ RewriteValve.java (working copy) @@ -45,6 +45,11 @@ import org.apache.catalina.connector.Response; import org.apache.catalina.util.LifecycleSupport; import org.apache.catalina.valves.ValveBase; +import org.apache.catalina.valves.rewrite.Resolver; +import org.apache.catalina.valves.rewrite.ResolverImpl; +import org.apache.catalina.valves.rewrite.RewriteCond; +import org.apache.catalina.valves.rewrite.RewriteMap; +import org.apache.catalina.valves.rewrite.RewriteRule; import org.apache.tomcat.util.buf.CharChunk; import org.apache.tomcat.util.buf.MessageBytes; import org.apache.tomcat.util.net.URL; @@ -472,11 +477,31 @@ chunk.append(host.toString()); request.getCoyoteRequest().serverName().toChars(); } + +boolean folderRedirect = false; +try{ + request.getMappingData().recycle(); + request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Le 20/02/2015 11:22, Rémy Maucherat a écrit : 2015-02-20 10:31 GMT+01:00 Jérémie Barthés j.bart...@oodrive.fr: I send you the patch i did to fix my issue with the RewriteValve (it was for the 8.0.15), The goal of that patch is to block the RewriteValve if a 302 automatic folder '/' redirection occurs. The RewriteValve will rewrite the redirected URL. I think the current behavior is 100% correct, so no patch should be integrated to fix this IMO. The redirection could be useful to avoid relative paths issues. Rémy Weird way to think code. My function ramdomly redirect or forward is 100% correct behavior troll. I had to spend many days of work to find why http://localhost:8080/mypath/async = http://localhost:8080/examples/jsp/async/ http://localhost:8080/mypath/async/ = http://localhost:8080/mypath/async/ And always think that users will consider first it fails because they didn't did configure well rewrite.config or made mistakes in server.xml or any else. Not because there's a 100% correct behavior conflict between RewriteValve and coyote's Adapter mapper redirection if some of your resources are folders. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
2015-02-20 10:31 GMT+01:00 Jérémie Barthés j.bart...@oodrive.fr: I send you the patch i did to fix my issue with the RewriteValve (it was for the 8.0.15), The goal of that patch is to block the RewriteValve if a 302 automatic folder '/' redirection occurs. The RewriteValve will rewrite the redirected URL. I think the current behavior is 100% correct, so no patch should be integrated to fix this IMO. The redirection could be useful to avoid relative paths issues. Rémy
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Am 20.02.2015 08:49, schrieb Rainer Jung: Am 19.02.2015 um 22:13 schrieb Felix Schumacher: Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 Since this is a Valve, it will run before Tomcat attempts to match the URL to an actual directory or webapp. try the followings URLs : 1) http://localhost:8080/mypath/async This matches the rewrite rule, so it will be rewritten to URL /examples/jsp/async Then Tomcat will attempt to match this to a directory or webapp, and find that (catalina_base)/webapps/examples/jsp/async is a directory. It will thus respond to the browser with a 302 re-direct to http://localhost:8080/examples/jsp/async/ which is actually the correct URL. And this is what will be shown in the browser URL bar. This, in my view, is expected behaviour. The server does that, so that when an actual response is generated (for the correct URL http://localhost:8080/examples/jsp/async/), the browser can cache this response under the correct URL. Then the browser re-issues a request for http://localhost:8080/examples/jsp/async/ and that is when Tomcat will actually generate a real response, because this time it is a correct URL. So the response appears to the browser, as coming from http://localhost:8080/examples/jsp/async/ which is correct. 2) http://localhost:8080/mypath/async/ This also matches the rewrite rule, so it gets rewritten to http://localhost:8080/examples/jsp/async/ which is a correct URL. Thus Tomcat will immediately generate a real response (without an intermediate 302 redirect), which will be appear in the browser URL bar as a response to http://localhost:8080/mypath/async/ This is also expected behaviour. I believe that if you do not want to see the first redirect URL http://localhost:8080/examples/jsp/async/ in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. This rewrite.config ... will do the trick. I think -d will not work, since /mypath/async is not existant, it only feels like a directory. Not clear: the implementation for -d is (case 0 below, from file ResolverImpl.java): 148 @Override 149 public boolean resolveResource(int type, String name) { 150 WebResourceRoot resources = request.getContext().getResources(); 151 WebResource resource = resources.getResource(name); 152 if (!resource.exists()) { 153 return false; 154 } else { 155 switch (type) { 156 case 0: 157 return (resource.isDirectory()); 158 case 1: 159 return (resource.isFile()); 160 case 2: 161 return (resource.isFile() resource.getContentLength() 0); 162 default: 163 return false; 164 } 165 } 166 } Since it checks resources and the OP was actually talking about a path that is a folder in his webapp, -d could work. Right, but given the examples and instructions from the op, it seems to me, that async (source) is not a directory. I think the op wants to mimic [P] behaviour, which is not implemented and wants to point out that the valve behaves differently when operating on a directory like url and one that is not. In the former it will do an internal forward in the latter an external redirect. As proxy mode is not supported and documented, I tend to say, that it is a mildly annoying inconsitency, but not a bug per se. Regards Felix Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
I send you the patch i did to fix my issue with the RewriteValve (it was for the 8.0.15), The goal of that patch is to block the RewriteValve if a 302 automatic folder '/' redirection occurs. The RewriteValve will rewrite the redirected URL. first step : http://localhost:8080/mypath/async = rewritten to http://localhost:8080/examples/jsp/async, 302 redirection occurs, rollback and redirect to http://localhost:8080/mypath/async/ second step : now the server receive http://localhost:8080/mypath/async/ = forward to http://localhost:8080/examples/jsp/async/ mission complete The patch may be a little bit dirty since it the first time i add code into tomcat and i don't understand all of this. It starts at the line 481 of the RewriteValve.java //boolean to know if the rewritten resource is a folder and need a redirection boolean folderRedirect = false; try{ request.getMappingData().recycle(); request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), null, request.getMappingData()); if(request.getMappingData().redirectPath.toString()!=null){ folderRedirect = true; } } catch (Exception e){ //ignore } request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); } } } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } Le 20/02/2015 09:34, Felix Schumacher a écrit : Am 20.02.2015 08:49, schrieb Rainer Jung: Am 19.02.2015 um 22:13 schrieb Felix Schumacher: Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 Since this is a Valve, it will run before Tomcat attempts to match the URL to an actual directory or webapp. try the followings URLs : 1) http://localhost:8080/mypath/async This matches the rewrite rule, so it will be rewritten to URL /examples/jsp/async Then Tomcat will attempt to match this to a directory or webapp, and find that (catalina_base)/webapps/examples/jsp/async is a directory. It will thus respond to the browser with a 302 re-direct to http://localhost:8080/examples/jsp/async/ which is actually the correct URL. And this is what will be shown in the browser URL bar. This, in my view, is expected behaviour. The server does that, so that when an actual response is generated (for the correct URL http://localhost:8080/examples/jsp/async/), the browser can cache this response under the correct URL. Then the browser re-issues a request for http://localhost:8080/examples/jsp/async/ and that is when Tomcat will actually generate a real response, because this time it is a correct URL. So the response appears to the browser, as coming from http://localhost:8080/examples/jsp/async/ which is correct. 2) http://localhost:8080/mypath/async/ This also matches the rewrite rule, so it gets rewritten to http://localhost:8080/examples/jsp/async/ which is a correct URL. Thus Tomcat will immediately generate a real response (without an intermediate 302 redirect), which will be appear in the browser URL bar as a response to http://localhost:8080/mypath/async/ This is also expected behaviour. I believe that if you do not want to see the first redirect URL http://localhost:8080/examples/jsp/async/ in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. This rewrite.config ... will do the trick. I think -d will not work, since /mypath/async is not existant, it only feels like a directory. Not clear: the implementation for -d is (case
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
instead of just a snippet of fixed code Sorry Chris,i didn't read this. How do you want me to provide the patch ? Jérémie Le 20/02/2015 10:31, Jérémie Barthés a écrit : I send you the patch i did to fix my issue with the RewriteValve (it was for the 8.0.15), The goal of that patch is to block the RewriteValve if a 302 automatic folder '/' redirection occurs. The RewriteValve will rewrite the redirected URL. first step : http://localhost:8080/mypath/async = rewritten to http://localhost:8080/examples/jsp/async, 302 redirection occurs, rollback and redirect to http://localhost:8080/mypath/async/ second step : now the server receive http://localhost:8080/mypath/async/ = forward to http://localhost:8080/examples/jsp/async/ mission complete The patch may be a little bit dirty since it the first time i add code into tomcat and i don't understand all of this. It starts at the line 481 of the RewriteValve.java //boolean to know if the rewritten resource is a folder and need a redirection boolean folderRedirect = false; try{ request.getMappingData().recycle(); request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), null, request.getMappingData()); if(request.getMappingData().redirectPath.toString()!=null){ folderRedirect = true; } } catch (Exception e){ //ignore } request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); } } } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } Le 20/02/2015 09:34, Felix Schumacher a écrit : Am 20.02.2015 08:49, schrieb Rainer Jung: Am 19.02.2015 um 22:13 schrieb Felix Schumacher: Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 Since this is a Valve, it will run before Tomcat attempts to match the URL to an actual directory or webapp. try the followings URLs : 1) http://localhost:8080/mypath/async This matches the rewrite rule, so it will be rewritten to URL /examples/jsp/async Then Tomcat will attempt to match this to a directory or webapp, and find that (catalina_base)/webapps/examples/jsp/async is a directory. It will thus respond to the browser with a 302 re-direct to http://localhost:8080/examples/jsp/async/ which is actually the correct URL. And this is what will be shown in the browser URL bar. This, in my view, is expected behaviour. The server does that, so that when an actual response is generated (for the correct URL http://localhost:8080/examples/jsp/async/), the browser can cache this response under the correct URL. Then the browser re-issues a request for http://localhost:8080/examples/jsp/async/ and that is when Tomcat will actually generate a real response, because this time it is a correct URL. So the response appears to the browser, as coming from http://localhost:8080/examples/jsp/async/ which is correct. 2) http://localhost:8080/mypath/async/ This also matches the rewrite rule, so it gets rewritten to http://localhost:8080/examples/jsp/async/ which is a correct URL. Thus Tomcat will immediately generate a real response (without an intermediate 302 redirect), which will be appear in the browser URL bar as a response to http://localhost:8080/mypath/async/ This is also expected behaviour. I believe that if you do not want to see the first redirect URL http://localhost:8080/examples/jsp/async/ in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. This
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/20/15 4:48 AM, Jérémie Barthés wrote: instead of just a snippet of fixed code Sorry Chris,i didn't read this. How do you want me to provide the patch ? Presumably, you have a copy of the source code. If you checked-out from svn, just do this: /path/to/tomcat-8.0.15 $ svn diff patch.file and post the patch file. If you just downloaded the source in e.g. ZIP, tarball, etc., re-fetch a pristine copy of the file and then do: /path/to/tomcat-8.0.15 $ diff path/to/original/RewriteValve.java \ java/org/apache/catalina/valves/rewrite/RewriteValve.java \ patch.file - -chris Le 20/02/2015 10:31, Jérémie Barthés a écrit : I send you the patch i did to fix my issue with the RewriteValve (it was for the 8.0.15), The goal of that patch is to block the RewriteValve if a 302 automatic folder '/' redirection occurs. The RewriteValve will rewrite the redirected URL. first step : http://localhost:8080/mypath/async = rewritten to http://localhost:8080/examples/jsp/async, 302 redirection occurs, rollback and redirect to http://localhost:8080/mypath/async/ second step : now the server receive http://localhost:8080/mypath/async/ = forward to http://localhost:8080/examples/jsp/async/ mission complete The patch may be a little bit dirty since it the first time i add code into tomcat and i don't understand all of this. It starts at the line 481 of the RewriteValve.java //boolean to know if the rewritten resource is a folder and need a redirection boolean folderRedirect = false; try{ request.getMappingData().recycle(); request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), null, request.getMappingData()); if(request.getMappingData().redirectPath.toString()!=null){ folderRedirect = true; } } catch (Exception e){ //ignore } request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); } } } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } Le 20/02/2015 09:34, Felix Schumacher a écrit : Am 20.02.2015 08:49, schrieb Rainer Jung: Am 19.02.2015 um 22:13 schrieb Felix Schumacher: Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$ /examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 Since this is a Valve, it will run before Tomcat attempts to match the URL to an actual directory or webapp. try the followings URLs : 1) http://localhost:8080/mypath/async This matches the rewrite rule, so it will be rewritten to URL /examples/jsp/async Then Tomcat will attempt to match this to a directory or webapp, and find that (catalina_base)/webapps/examples/jsp/async is a directory. It will thus respond to the browser with a 302 re-direct to http://localhost:8080/examples/jsp/async/ which is actually the correct URL. And this is what will be shown in the browser URL bar. This, in my view, is expected behaviour. The server does that, so that when an actual response is generated (for the correct URL http://localhost:8080/examples/jsp/async/), the browser can cache this response under the correct URL. Then the browser re-issues a request for http://localhost:8080/examples/jsp/async/ and that is when Tomcat will actually generate a real response, because this time it is a correct URL. So the response appears to the browser, as coming from http://localhost:8080/examples/jsp/async/ which is correct. 2) http://localhost:8080/mypath/async/ This also matches the rewrite rule, so it gets rewritten to http://localhost:8080/examples/jsp/async/ which is a correct URL. Thus Tomcat will immediately generate a real response (without an intermediate 302 redirect), which will be appear in the browser URL bar as a response to http://localhost:8080/mypath/async/ This is also expected behaviour. I believe that if you do not want to see the first redirect URL http://localhost:8080/examples/jsp/async/ in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
2015-02-20 19:41 GMT+03:00 Christopher Schultz ch...@christopherschultz.net: Jérémie, On 2/20/15 4:48 AM, Jérémie Barthés wrote: instead of just a snippet of fixed code Sorry Chris,i didn't read this. How do you want me to provide the patch ? Presumably, you have a copy of the source code. If you checked-out from svn, just do this: /path/to/tomcat-8.0.15 $ svn diff patch.file and post the patch file. If you just downloaded the source in e.g. ZIP, tarball, etc., re-fetch a pristine copy of the file and then do: /path/to/tomcat-8.0.15 $ diff path/to/original/RewriteValve.java \ java/org/apache/catalina/valves/rewrite/RewriteValve.java \ patch.file The above command shall use diff -u to generate Unified Diff format. Documentation: http://tomcat.apache.org/bugreport.html#How_to_submit_patches_and_enhancement_requests Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Jérémie Barthés wrote: ... Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 Since this is a Valve, it will run before Tomcat attempts to match the URL to an actual directory or webapp. try the followings URLs : 1) http://localhost:8080/mypath/async This matches the rewrite rule, so it will be rewritten to URL /examples/jsp/async Then Tomcat will attempt to match this to a directory or webapp, and find that (catalina_base)/webapps/examples/jsp/async is a directory. It will thus respond to the browser with a 302 re-direct to http://localhost:8080/examples/jsp/async/ which is actually the correct URL. And this is what will be shown in the browser URL bar. This, in my view, is expected behaviour. The server does that, so that when an actual response is generated (for the correct URL http://localhost:8080/examples/jsp/async/), the browser can cache this response under the correct URL. Then the browser re-issues a request for http://localhost:8080/examples/jsp/async/ and that is when Tomcat will actually generate a real response, because this time it is a correct URL. So the response appears to the browser, as coming from http://localhost:8080/examples/jsp/async/ which is correct. 2) http://localhost:8080/mypath/async/ This also matches the rewrite rule, so it gets rewritten to http://localhost:8080/examples/jsp/async/ which is a correct URL. Thus Tomcat will immediately generate a real response (without an intermediate 302 redirect), which will be appear in the browser URL bar as a response to http://localhost:8080/mypath/async/ This is also expected behaviour. I believe that if you do not want to see the first redirect URL http://localhost:8080/examples/jsp/async/ in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. But I personally think that there is no need for a patch here. the result i have is : http://localhost:8080/mypath/async = http://localhost:8080/examples/jsp/async/ (visible rewrite) no, it is the *redirect* which is visible, after the rewrite (to http://localhost:8080/examples/jsp/async) has taken place and Tomcat finds that this is a directory. http://localhost:8080/mypath/async/ = http://localhost:8080/mypath/async/ no redirect, so the browser doesn't know, and believes that the response has actually come from the URL http://localhost:8080/mypath/async/. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 Since this is a Valve, it will run before Tomcat attempts to match the URL to an actual directory or webapp. try the followings URLs : 1) http://localhost:8080/mypath/async This matches the rewrite rule, so it will be rewritten to URL /examples/jsp/async Then Tomcat will attempt to match this to a directory or webapp, and find that (catalina_base)/webapps/examples/jsp/async is a directory. It will thus respond to the browser with a 302 re-direct to http://localhost:8080/examples/jsp/async/ which is actually the correct URL. And this is what will be shown in the browser URL bar. This, in my view, is expected behaviour. The server does that, so that when an actual response is generated (for the correct URL http://localhost:8080/examples/jsp/async/), the browser can cache this response under the correct URL. Then the browser re-issues a request for http://localhost:8080/examples/jsp/async/ and that is when Tomcat will actually generate a real response, because this time it is a correct URL. So the response appears to the browser, as coming from http://localhost:8080/examples/jsp/async/ which is correct. 2) http://localhost:8080/mypath/async/ This also matches the rewrite rule, so it gets rewritten to http://localhost:8080/examples/jsp/async/ which is a correct URL. Thus Tomcat will immediately generate a real response (without an intermediate 302 redirect), which will be appear in the browser URL bar as a response to http://localhost:8080/mypath/async/ This is also expected behaviour. I believe that if you do not want to see the first redirect URL http://localhost:8080/examples/jsp/async/ in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. This rewrite.config # if path doesn't end with a slash redirect it to an url with an ending slash RewriteCond%{REQUEST_URI} !^.*/$ RewriteRule^/mypath/(.*)$/mypath/$1/ [R] # every path ending on a slash forward to /examples/... RewriteRule^/mypath/(.*/)$/examples/jsp/$1 will do the trick. I think -d will not work, since /mypath/async is not existant, it only feels like a directory. Felix But I personally think that there is no need for a patch here. the result i have is : http://localhost:8080/mypath/async = http://localhost:8080/examples/jsp/async/ (visible rewrite) no, it is the *redirect* which is visible, after the rewrite (to http://localhost:8080/examples/jsp/async) has taken place and Tomcat finds that this is a directory. http://localhost:8080/mypath/async/ = http://localhost:8080/mypath/async/ no redirect, so the browser doesn't know, and believes that the response has actually come from the URL http://localhost:8080/mypath/async/. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Hi Chris, When an URL target a folder on the server, tomcat automaticly add a / at the end of the URL if missing : myHost.com/myFolder = myHost.com/myFolder/ (automatic tomcat 302 redirection) If you use a rewriteValve to forward myHost.com/myFolder to myHost.com/rewriteTrick/myFolder, the rewriteValve will forward simultaneous with the automatic tomcat redirection. Then the client's browser will catch the rewritten URL (you don't want the rewritten URL to be visible for the client's browser). myHost.com/myFolder redirect to myHost.com/rewriteTrick/myFolder/ (visible) So i made a patch to block the RewriteValve if an automatic 302 tomcat redirection is applied. Then the RewriteValve forward in a second time and the rewritten URL is not visible for the client's Browser : myHost.com/myFolder redirect to myHost.com/myFolder/ forward to myHost/rewriteTrick/myFolder/ (not visible) It may be a configuration mistake of my part. I tried many different configurations to avoid it but i wasn't able without coding a patch. Regards Jérémie Le 17/02/2015 19:39, Christopher Schultz a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/17/15 10:47 AM, Jérémie Barthés wrote: I don't have more to say than : There is a bug using the RewriteValve :If you are targeting a folder and there is no / at the end of the URI, The end of which URI? The one in the rewrite rule? Or the one the client sends in the URL? the rewritten URI is visible for the client browser (302 redirection). Example : http://myhost.com/myFolder = http://myhost.com/rewriteTrick/myFolder/ instead of http://myhost.com/myFolder = http://myhost.com/myFolder/; It looks like in this case, the rewrite rule isn't matching, and the DefaultServlet is performing redirection instead. This sounds like a configuration mistake on your part, not a bug in the rewrite valve. The bug is solved for me. I just wanted to tell developers about it. - -chris Le 17/02/2015 15:34, Christopher Schultz a écrit : Jérémie, On 2/17/15 6:20 AM, Jérémie Barthés wrote: I just installed tomcat 8 and used the RewriteValve to forward some old URLs on my new tomcat8 webapp. I had an issue for URIs targeting a folder: If there is no / at the end of the URI, the rewritten URI is visible for the client browser (302 redirection). Example : http://myhost.com/myFolder = http://myhost.com/rewriteTrick/myFolder/ instead of http://myhost.com/myFolder = http://myhost.com/myFolder/ I made a custom patch on RewriteValve to solve it. I would like to know if it'll be corrected on next releases. (i tried on 8.0.18 but there is still the issue) Regards, Jeremie Barthes Oodrive France Between lines 480 and 500 : boolean folderRedirect = false; try{ request.getMappingData().recycle(); request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), null, request.getMappingData()); if(request.getMappingData().redirectPath.toString()!=null){ folderRedirect = true; } } catch (Exception e){ //ignore } request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); } } } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } The best practice would be to file an enhancement request in Bugzilla, write and attach a test case that demonstrates the problem (or describe it in very great detail... from the above, I don't know what you have changed and why), and attach your changes (as a patch, using svn diff or something similar) to the Bugzilla issue. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU44rQAAoJEBzwKT+lPKRYLwEQAJgAdh33TnTRbkRtBfugTc5D 8VwtHftAfL6ykdbGTYllInSfhxZkWH3fA7gxqBb18TaICqw0sxAVg1TaKIjtEwYb TQzxryNJQsg1fJ97L56EauRJyKikO0OTE7XUT8S5TIr/Z0YuhfQzIOKA+KvzyiUE rDbJ4N4TA41fvgA7aCdeQluDGJ/sOnFVotq5sSp6j41XSCAfWXrg8r+FlVegPJm8 fblHS3E19PTvv/IuJaNDPefafpdLoyiMYnfPgC8MKYbfipUCJLyl30ZTjiBw2Jmi 9SGqPFkk9y2Yk72R5ihL1dExb332nBwV7xZIVJsyDysKWW2OYI/XY7BYwSW8rguA
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Am 20. Februar 2015 00:43:40 MEZ, schrieb André Warnier a...@ice-sa.com: André Warnier wrote: Felix Schumacher wrote: Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... ... in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. This rewrite.config # if path doesn't end with a slash redirect it to an url with an ending slash RewriteCond%{REQUEST_URI} !^.*/$ RewriteRule^/mypath/(.*)$/mypath/$1/ [R] # every path ending on a slash forward to /examples/... RewriteRule^/mypath/(.*/)$/examples/jsp/$1 will do the trick. I think -d will not work, since /mypath/async is not existant, it only feels like a directory. Aaah yes, correct. Good catch. Maybe that is why I sub-consciously inserted the word perhaps above.. ;-) Actually, upon further examination, I don't think that the rules above will work correctly. Because RewriteCond%{REQUEST_URI} !^.*/$ RewriteRule^/mypath/(.*)$/mypath/$1/ [R] would also rewrite /mypath/my-nifty.jsp to /mypath/my-nifty.jsp/ which is probably not what is intended. Back to the drawing board.. You are right. It was too simple. Maybe adding a prior RewriteCond %{REQUEST_URI} !\.(html|jpg|gif|jsp)$ and then RewriteCond%{REQUEST_URI} !^.*/$ RewriteRule^/mypath/(.*)$/mypath/$1/ [R] RewriteRule^/mypath/(.*)$/examples/jsp/$1 would do it ? That will only be done correctly by the one who knows the correct and allowed urls. Maybe they have URLs to .exe, .pdf, .jpeg, etc. I think we should stop here as it seems to turn really quick into a mess. Regards Felix - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Am 19.02.2015 um 22:13 schrieb Felix Schumacher: Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 Since this is a Valve, it will run before Tomcat attempts to match the URL to an actual directory or webapp. try the followings URLs : 1) http://localhost:8080/mypath/async This matches the rewrite rule, so it will be rewritten to URL /examples/jsp/async Then Tomcat will attempt to match this to a directory or webapp, and find that (catalina_base)/webapps/examples/jsp/async is a directory. It will thus respond to the browser with a 302 re-direct to http://localhost:8080/examples/jsp/async/ which is actually the correct URL. And this is what will be shown in the browser URL bar. This, in my view, is expected behaviour. The server does that, so that when an actual response is generated (for the correct URL http://localhost:8080/examples/jsp/async/), the browser can cache this response under the correct URL. Then the browser re-issues a request for http://localhost:8080/examples/jsp/async/ and that is when Tomcat will actually generate a real response, because this time it is a correct URL. So the response appears to the browser, as coming from http://localhost:8080/examples/jsp/async/ which is correct. 2) http://localhost:8080/mypath/async/ This also matches the rewrite rule, so it gets rewritten to http://localhost:8080/examples/jsp/async/ which is a correct URL. Thus Tomcat will immediately generate a real response (without an intermediate 302 redirect), which will be appear in the browser URL bar as a response to http://localhost:8080/mypath/async/ This is also expected behaviour. I believe that if you do not want to see the first redirect URL http://localhost:8080/examples/jsp/async/ in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. This rewrite.config ... will do the trick. I think -d will not work, since /mypath/async is not existant, it only feels like a directory. Not clear: the implementation for -d is (case 0 below, from file ResolverImpl.java): 148 @Override 149 public boolean resolveResource(int type, String name) { 150 WebResourceRoot resources = request.getContext().getResources(); 151 WebResource resource = resources.getResource(name); 152 if (!resource.exists()) { 153 return false; 154 } else { 155 switch (type) { 156 case 0: 157 return (resource.isDirectory()); 158 case 1: 159 return (resource.isFile()); 160 case 2: 161 return (resource.isFile() resource.getContentLength() 0); 162 default: 163 return false; 164 } 165 } 166 } Since it checks resources and the OP was actually talking about a path that is a folder in his webapp, -d could work. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/19/15 4:54 AM, Jérémie Barthés wrote: When an URL target a folder on the server, tomcat automaticly add a / at the end of the URL if missing : myHost.com/myFolder = myHost.com/myFolder/ (automatic tomcat 302 redirection) If you use a rewriteValve to forward myHost.com/myFolder to myHost.com/rewriteTrick/myFolder, the rewriteValve will forward simultaneous with the automatic tomcat redirection. Then the client's browser will catch the rewritten URL (you don't want the rewritten URL to be visible for the client's browser). myHost.com/myFolder redirect to myHost.com/rewriteTrick/myFolder/ (visible) So i made a patch to block the RewriteValve if an automatic 302 tomcat redirection is applied. Then the RewriteValve forward in a second time and the rewritten URL is not visible for the client's Browser : myHost.com/myFolder redirect to myHost.com/myFolder/ forward to myHost/rewriteTrick/myFolder/ (not visible) It may be a configuration mistake of my part. I tried many different configurations to avoid it but i wasn't able without coding a patch. It /may/ be a configuration problem. We won't know until you post your configuration. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU5e/qAAoJEBzwKT+lPKRYPaAP/jtr2XC2ZViVzUDK44Fqcl+P q1LRRKO112Hzv+p35kUAPFQn2YyvJamqH7dnl6rVnBIY5YviBCNqJdpn48fpe78E B/T5nr9WOfdMxg9fBgMG78L+ihJzKgiZpXGgVvR68RLuYgeWPhnur2I3Xcj4rLRc Nd9aWX/vHX3aLoh3ThTUKIWVmaiK8a5JP240W/5g65OE07Tnc/albiBHvTdGbEBQ LoLKmp315mZLDkzzNIsu7Lbbz8DtDrJo+Oaos1Fm3CUBM5ULO0hwcFr1IyxL2Tvk 1S8ZGHaDvFQF0II0pf9P8MgpDfK1st1rGp86k1B3e1KMt7gWFytOZwPgJLwCDqVe VAfgE4VpnJ8aBtVAKc1vTpNpP4X4xuFuKl93OtAbaFa9mBhdfetbeCo7OLogeSB+ UZj3PQnM7rLoyllXtEx4hGSDy+AU3o/S7JqXrJdbHMqt1v/BmEd/ZsdAYCOa+lmb JEkxPUG+EPTMxyiCrw498KjY2q5Z9naA/IecIHdPGa7u2TwIlkMCJazCtBEmSu8d VfDQyxR1f+eExsTa3i8eIjdw+z/hTsgMJYi0qiI2slkWOp99N9xWNdH/W5UdHKWf Qb8fefesWyKQof0voqWPbOXOFdgcJqXs26K1gxRM9rZSzfV990Ooizohg/DfGYjG Y2AZNcubxOPam0aEVct9 =ClXj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Tell me what you need about my configuration : rewrite.config file : RewriteRule^/jamfiles/(.*)$/newapp/jamfiles/$1 RewriteRule^/workspace/(.*)$ /newapp/htdocuments/workspace/$1 RewriteRule ^/([a-zA-Z0-9]+)(\.jsp|\.html|\.txt)$ /newapp/htdocuments/$1$2 tomcat version : 8.0.15 (tried on 8.0.18 too) Operating System : tried on windows 7 and unix Le 19/02/2015 15:15, Christopher Schultz a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/19/15 4:54 AM, Jérémie Barthés wrote: When an URL target a folder on the server, tomcat automaticly add a / at the end of the URL if missing : myHost.com/myFolder = myHost.com/myFolder/ (automatic tomcat 302 redirection) If you use a rewriteValve to forward myHost.com/myFolder to myHost.com/rewriteTrick/myFolder, the rewriteValve will forward simultaneous with the automatic tomcat redirection. Then the client's browser will catch the rewritten URL (you don't want the rewritten URL to be visible for the client's browser). myHost.com/myFolder redirect to myHost.com/rewriteTrick/myFolder/ (visible) So i made a patch to block the RewriteValve if an automatic 302 tomcat redirection is applied. Then the RewriteValve forward in a second time and the rewritten URL is not visible for the client's Browser : myHost.com/myFolder redirect to myHost.com/myFolder/ forward to myHost/rewriteTrick/myFolder/ (not visible) It may be a configuration mistake of my part. I tried many different configurations to avoid it but i wasn't able without coding a patch. It /may/ be a configuration problem. We won't know until you post your configuration. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU5e/qAAoJEBzwKT+lPKRYPaAP/jtr2XC2ZViVzUDK44Fqcl+P q1LRRKO112Hzv+p35kUAPFQn2YyvJamqH7dnl6rVnBIY5YviBCNqJdpn48fpe78E B/T5nr9WOfdMxg9fBgMG78L+ihJzKgiZpXGgVvR68RLuYgeWPhnur2I3Xcj4rLRc Nd9aWX/vHX3aLoh3ThTUKIWVmaiK8a5JP240W/5g65OE07Tnc/albiBHvTdGbEBQ LoLKmp315mZLDkzzNIsu7Lbbz8DtDrJo+Oaos1Fm3CUBM5ULO0hwcFr1IyxL2Tvk 1S8ZGHaDvFQF0II0pf9P8MgpDfK1st1rGp86k1B3e1KMt7gWFytOZwPgJLwCDqVe VAfgE4VpnJ8aBtVAKc1vTpNpP4X4xuFuKl93OtAbaFa9mBhdfetbeCo7OLogeSB+ UZj3PQnM7rLoyllXtEx4hGSDy+AU3o/S7JqXrJdbHMqt1v/BmEd/ZsdAYCOa+lmb JEkxPUG+EPTMxyiCrw498KjY2q5Z9naA/IecIHdPGa7u2TwIlkMCJazCtBEmSu8d VfDQyxR1f+eExsTa3i8eIjdw+z/hTsgMJYi0qiI2slkWOp99N9xWNdH/W5UdHKWf Qb8fefesWyKQof0voqWPbOXOFdgcJqXs26K1gxRM9rZSzfV990Ooizohg/DfGYjG Y2AZNcubxOPam0aEVct9 =ClXj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Hi, I made a scenario to make the issue happens : Use a tomcat 8.0.18 Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 launch the server try the followings URLs : http://localhost:8080/mypath/async http://localhost:8080/mypath/async/ the result i have is : http://localhost:8080/mypath/async = http://localhost:8080/examples/jsp/async/ (visible rewrite) http://localhost:8080/mypath/async/ = http://localhost:8080/mypath/async/ Jérémie Le 19/02/2015 15:25, Jérémie Barthés a écrit : Tell me what you need about my configuration : rewrite.config file : RewriteRule^/jamfiles/(.*)$/newapp/jamfiles/$1 RewriteRule^/workspace/(.*)$ /newapp/htdocuments/workspace/$1 RewriteRule ^/([a-zA-Z0-9]+)(\.jsp|\.html|\.txt)$ /newapp/htdocuments/$1$2 tomcat version : 8.0.15 (tried on 8.0.18 too) Operating System : tried on windows 7 and unix Le 19/02/2015 15:15, Christopher Schultz a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/19/15 4:54 AM, Jérémie Barthés wrote: When an URL target a folder on the server, tomcat automaticly add a / at the end of the URL if missing : myHost.com/myFolder = myHost.com/myFolder/ (automatic tomcat 302 redirection) If you use a rewriteValve to forward myHost.com/myFolder to myHost.com/rewriteTrick/myFolder, the rewriteValve will forward simultaneous with the automatic tomcat redirection. Then the client's browser will catch the rewritten URL (you don't want the rewritten URL to be visible for the client's browser). myHost.com/myFolder redirect to myHost.com/rewriteTrick/myFolder/ (visible) So i made a patch to block the RewriteValve if an automatic 302 tomcat redirection is applied. Then the RewriteValve forward in a second time and the rewritten URL is not visible for the client's Browser : myHost.com/myFolder redirect to myHost.com/myFolder/ forward to myHost/rewriteTrick/myFolder/ (not visible) It may be a configuration mistake of my part. I tried many different configurations to avoid it but i wasn't able without coding a patch. It /may/ be a configuration problem. We won't know until you post your configuration. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU5e/qAAoJEBzwKT+lPKRYPaAP/jtr2XC2ZViVzUDK44Fqcl+P q1LRRKO112Hzv+p35kUAPFQn2YyvJamqH7dnl6rVnBIY5YviBCNqJdpn48fpe78E B/T5nr9WOfdMxg9fBgMG78L+ihJzKgiZpXGgVvR68RLuYgeWPhnur2I3Xcj4rLRc Nd9aWX/vHX3aLoh3ThTUKIWVmaiK8a5JP240W/5g65OE07Tnc/albiBHvTdGbEBQ LoLKmp315mZLDkzzNIsu7Lbbz8DtDrJo+Oaos1Fm3CUBM5ULO0hwcFr1IyxL2Tvk 1S8ZGHaDvFQF0II0pf9P8MgpDfK1st1rGp86k1B3e1KMt7gWFytOZwPgJLwCDqVe VAfgE4VpnJ8aBtVAKc1vTpNpP4X4xuFuKl93OtAbaFa9mBhdfetbeCo7OLogeSB+ UZj3PQnM7rLoyllXtEx4hGSDy+AU3o/S7JqXrJdbHMqt1v/BmEd/ZsdAYCOa+lmb JEkxPUG+EPTMxyiCrw498KjY2q5Z9naA/IecIHdPGa7u2TwIlkMCJazCtBEmSu8d VfDQyxR1f+eExsTa3i8eIjdw+z/hTsgMJYi0qiI2slkWOp99N9xWNdH/W5UdHKWf Qb8fefesWyKQof0voqWPbOXOFdgcJqXs26K1gxRM9rZSzfV990Ooizohg/DfGYjG Y2AZNcubxOPam0aEVct9 =ClXj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/19/15 10:05 AM, Jérémie Barthés wrote: I made a scenario to make the issue happens : Use a tomcat 8.0.18 Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 launch the server try the followings URLs : http://localhost:8080/mypath/async http://localhost:8080/mypath/async/ the result i have is : http://localhost:8080/mypath/async = http://localhost:8080/examples/jsp/async/ (visible rewrite) http://localhost:8080/mypath/async/ = http://localhost:8080/mypath/async/ That's exactly the behavior I'd expect, since you have mapped /mypath/async to /examples/jsp/async, which is a directory. The DefaultServlet tries to serve that directory and redirects the user to the same URL with a / on the end. This isn't necessarily a problem with the RewriteValve, but with a perhaps unexpected result of those two components together. Can you provide a patch to RewriteValve? I'd prefer to see what you actually changed, instead of just a snippet of fixed code. - -chris Le 19/02/2015 15:25, Jérémie Barthés a écrit : Tell me what you need about my configuration : rewrite.config file : RewriteRule^/jamfiles/(.*)$ /newapp/jamfiles/$1 RewriteRule^/workspace/(.*)$ /newapp/htdocuments/workspace/$1 RewriteRule ^/([a-zA-Z0-9]+)(\.jsp|\.html|\.txt)$ /newapp/htdocuments/$1$2 tomcat version : 8.0.15 (tried on 8.0.18 too) Operating System : tried on windows 7 and unix Le 19/02/2015 15:15, Christopher Schultz a écrit : Jérémie, On 2/19/15 4:54 AM, Jérémie Barthés wrote: When an URL target a folder on the server, tomcat automaticly add a / at the end of the URL if missing : myHost.com/myFolder = myHost.com/myFolder/ (automatic tomcat 302 redirection) If you use a rewriteValve to forward myHost.com/myFolder to myHost.com/rewriteTrick/myFolder, the rewriteValve will forward simultaneous with the automatic tomcat redirection. Then the client's browser will catch the rewritten URL (you don't want the rewritten URL to be visible for the client's browser). myHost.com/myFolder redirect to myHost.com/rewriteTrick/myFolder/ (visible) So i made a patch to block the RewriteValve if an automatic 302 tomcat redirection is applied. Then the RewriteValve forward in a second time and the rewritten URL is not visible for the client's Browser : myHost.com/myFolder redirect to myHost.com/myFolder/ forward to myHost/rewriteTrick/myFolder/ (not visible) It may be a configuration mistake of my part. I tried many different configurations to avoid it but i wasn't able without coding a patch. It /may/ be a configuration problem. We won't know until you post your configuration. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU5iJ/AAoJEBzwKT+lPKRYJO8QALg30zvUh0LBMjnQ0bHpNcVh xWJcwbEQMF1L3js1PRJFDLwhW6wARuHHmkg2mUTVkjXzI8B+UFdzK64tef+OuxIe Q5JGGHTHhmoRbqlc5daVgiRjBz3PT2gx4uB87/Ub6qAsVKF1zKqOiz9d6kxRFmu/ t/kcAHaoy+N3cNULn/kpjt47DgNh10eSFrjEfXoBQUIWA9up39kfAfLFabitJcCp QSDtUUD/YODlj2g6jGcIaKvZ0gfAwRCi1wF9ZXVEj9kCHuHWDxStQF8atPB5Rqtx 0wt4dnZvOaEkE2P26T+8K66Tn430bvQFCJl39PD4Hkq6zlWibpLoe4XZmVnzNMRu xDy7IpHaBa2nwVJCFzSk42/uHRt3XzxqR0RTZmF3+tUyK9H30H5HanCeE66yA7kR Blfxyln6I6M1klgBkKB2eFaw9BUzI4Ad2T3k87hzoxgVJnQjr+J0HrphNHu/YbLC n6H9Hjhqdlc2pemaQWal7inh9T1G+juphwQwo27l9ozU5MrZrZjXEm13ILLginV4 dYf9Fo7ZMpA7DFyRgdtRtP2GmtTnw3FP8ovdleruzNgf+F+ZV5tzn6R1/7gzFtBA Eqvq7+qRzScP/zGdbRO8HrIJ9zQsDN/ltal/PfEJAUm2zM3gAsUG8vzF0cHdLArx OfdCrrVkm4sUBrl9YAOX =kGdG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
André Warnier wrote: Felix Schumacher wrote: Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... ... in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. This rewrite.config # if path doesn't end with a slash redirect it to an url with an ending slash RewriteCond%{REQUEST_URI} !^.*/$ RewriteRule^/mypath/(.*)$/mypath/$1/ [R] # every path ending on a slash forward to /examples/... RewriteRule^/mypath/(.*/)$/examples/jsp/$1 will do the trick. I think -d will not work, since /mypath/async is not existant, it only feels like a directory. Aaah yes, correct. Good catch. Maybe that is why I sub-consciously inserted the word perhaps above.. ;-) Actually, upon further examination, I don't think that the rules above will work correctly. Because RewriteCond%{REQUEST_URI} !^.*/$ RewriteRule^/mypath/(.*)$/mypath/$1/ [R] would also rewrite /mypath/my-nifty.jsp to /mypath/my-nifty.jsp/ which is probably not what is intended. Back to the drawing board.. Maybe adding a prior RewriteCond %{REQUEST_URI} !\.(html|jpg|gif|jsp)$ and then RewriteCond%{REQUEST_URI} !^.*/$ RewriteRule^/mypath/(.*)$/mypath/$1/ [R] RewriteRule^/mypath/(.*)$/examples/jsp/$1 would do it ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Felix Schumacher wrote: Am 19.02.2015 um 21:41 schrieb André Warnier: Jérémie Barthés wrote: ... Make a file rewrite.config in conf/Catalina/localhost/ that contains : RewriteRule^/mypath/(.*)$/examples/jsp/$1 copy the line Valve className=org.apache.catalina.valves.rewrite.RewriteValve / in the conf/server.xml file, line 131 Since this is a Valve, it will run before Tomcat attempts to match the URL to an actual directory or webapp. try the followings URLs : 1) http://localhost:8080/mypath/async This matches the rewrite rule, so it will be rewritten to URL /examples/jsp/async Then Tomcat will attempt to match this to a directory or webapp, and find that (catalina_base)/webapps/examples/jsp/async is a directory. It will thus respond to the browser with a 302 re-direct to http://localhost:8080/examples/jsp/async/ which is actually the correct URL. And this is what will be shown in the browser URL bar. This, in my view, is expected behaviour. The server does that, so that when an actual response is generated (for the correct URL http://localhost:8080/examples/jsp/async/), the browser can cache this response under the correct URL. Then the browser re-issues a request for http://localhost:8080/examples/jsp/async/ and that is when Tomcat will actually generate a real response, because this time it is a correct URL. So the response appears to the browser, as coming from http://localhost:8080/examples/jsp/async/ which is correct. 2) http://localhost:8080/mypath/async/ This also matches the rewrite rule, so it gets rewritten to http://localhost:8080/examples/jsp/async/ which is a correct URL. Thus Tomcat will immediately generate a real response (without an intermediate 302 redirect), which will be appear in the browser URL bar as a response to http://localhost:8080/mypath/async/ This is also expected behaviour. I believe that if you do not want to see the first redirect URL http://localhost:8080/examples/jsp/async/ in the browser, you have to modify your rewrite rules, perhaps by using a RewriteCond with the -d flag, to check first if the URL points to an existing directory, and if yes add the terminating / yourself (with a RewriteRule) before other rewrite tests/rules take place. This rewrite.config # if path doesn't end with a slash redirect it to an url with an ending slash RewriteCond%{REQUEST_URI} !^.*/$ RewriteRule^/mypath/(.*)$/mypath/$1/ [R] # every path ending on a slash forward to /examples/... RewriteRule^/mypath/(.*/)$/examples/jsp/$1 will do the trick. I think -d will not work, since /mypath/async is not existant, it only feels like a directory. Aaah yes, correct. Good catch. Maybe that is why I sub-consciously inserted the word perhaps above.. ;-) Incidentally, in the original Apache httpd 2.4 mod_rewrite documentation, there is a beautiful schema of how this actually works (in httpd). Here : http://httpd.apache.org/docs/2.4/rewrite/tech.html (in Ruleset Processing). Could almost have been drawn by Miro.. Felix But I personally think that there is no need for a patch here. the result i have is : http://localhost:8080/mypath/async = http://localhost:8080/examples/jsp/async/ (visible rewrite) no, it is the *redirect* which is visible, after the rewrite (to http://localhost:8080/examples/jsp/async) has taken place and Tomcat finds that this is a directory. http://localhost:8080/mypath/async/ = http://localhost:8080/mypath/async/ no redirect, so the browser doesn't know, and believes that the response has actually come from the URL http://localhost:8080/mypath/async/. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
Hi, I don't have more to say than : There is a bug using the RewriteValve :If you are targeting a folder and there is no / at the end of the URI, the rewritten URI is visible for the client browser (302 redirection). Example : http://myhost.com/myFolder = http://myhost.com/rewriteTrick/myFolder/ instead of http://myhost.com/myFolder = http://myhost.com/myFolder/; The bug is solved for me. I just wanted to tell developpers about it. Regards Jérémie Le 17/02/2015 15:34, Christopher Schultz a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/17/15 6:20 AM, Jérémie Barthés wrote: I just installed tomcat 8 and used the RewriteValve to forward some old URLs on my new tomcat8 webapp. I had an issue for URIs targeting a folder: If there is no / at the end of the URI, the rewritten URI is visible for the client browser (302 redirection). Example : http://myhost.com/myFolder = http://myhost.com/rewriteTrick/myFolder/ instead of http://myhost.com/myFolder = http://myhost.com/myFolder/ I made a custom patch on RewriteValve to solve it. I would like to know if it'll be corrected on next releases. (i tried on 8.0.18 but there is still the issue) Regards, Jeremie Barthes Oodrive France Between lines 480 and 500 : boolean folderRedirect = false; try{ request.getMappingData().recycle(); request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), null, request.getMappingData()); if(request.getMappingData().redirectPath.toString()!=null){ folderRedirect = true; } } catch (Exception e){ //ignore } request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); } } } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } The best practice would be to file an enhancement request in Bugzilla, write and attach a test case that demonstrates the problem (or describe it in very great detail... from the above, I don't know what you have changed and why), and attach your changes (as a patch, using svn diff or something similar) to the Bugzilla issue. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU41FiAAoJEBzwKT+lPKRYJVwP/0txV+MSHwzl4FQjRWd2gaOS V+l0b7CIXI77lHr+xuC6A/OqqpJHNPZjYWIqtCaeDvq/eFc8eVXczV8C6CV1NWN5 b9dQdBTw4/+bC/JNg2XlWkwlbeW08eNqeX77F1zXhSoBEUuZrRcmy/sZXsa4g9x8 XusQqrjpjc5KvZOkUqJbazbKO86o7kRrOuVNVXR0MHtpmBMOkCI0WKht+RpsA3DN fH0Qd+eo0xtmU0YNSMURr6Z8y+yi3v/pNx4tBQ5ijEAHXB8f9SolfObt63OrcTh3 I347ZIEESfkeqxqBqImJkeRsqvlx2pv2ChF0fm638vgiYFXU+a4xYLP45ovR0wg6 c4P0GYK3mE2yieQjio3zAj/Z9Qc4DW39FJNIeU1zYY+73yzkn28CprW6nn9eaRvf cz+vaU2IamD/e4vJgHpiB5vewwaZSx1a81OkpDn8O7xWyO4azp4eViA2K5jwM2Cf LL7/fztfJoapob+polncNECb3Bi3aT/yKeI9tbunb7x8jCHqIBWtGrvKJ0U5q25U XzH1Wk6EZCtYhiYXQvyPoktKmXfDuayMiq+IexdMBic+I/Uqv5scQuFrjEZVlFj+ hSNd9OpPQwXKL7ScFAyznw6R4h5yzPZyW01KtO1jVek1oOOdIRI7PxLRgJReh6j0 78GINeUMF8NCRkYY4/sf =zX1T -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/17/15 6:20 AM, Jérémie Barthés wrote: I just installed tomcat 8 and used the RewriteValve to forward some old URLs on my new tomcat8 webapp. I had an issue for URIs targeting a folder: If there is no / at the end of the URI, the rewritten URI is visible for the client browser (302 redirection). Example : http://myhost.com/myFolder = http://myhost.com/rewriteTrick/myFolder/ instead of http://myhost.com/myFolder = http://myhost.com/myFolder/ I made a custom patch on RewriteValve to solve it. I would like to know if it'll be corrected on next releases. (i tried on 8.0.18 but there is still the issue) Regards, Jeremie Barthes Oodrive France Between lines 480 and 500 : boolean folderRedirect = false; try{ request.getMappingData().recycle(); request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), null, request.getMappingData()); if(request.getMappingData().redirectPath.toString()!=null){ folderRedirect = true; } } catch (Exception e){ //ignore } request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); } } } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } The best practice would be to file an enhancement request in Bugzilla, write and attach a test case that demonstrates the problem (or describe it in very great detail... from the above, I don't know what you have changed and why), and attach your changes (as a patch, using svn diff or something similar) to the Bugzilla issue. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU41FiAAoJEBzwKT+lPKRYJVwP/0txV+MSHwzl4FQjRWd2gaOS V+l0b7CIXI77lHr+xuC6A/OqqpJHNPZjYWIqtCaeDvq/eFc8eVXczV8C6CV1NWN5 b9dQdBTw4/+bC/JNg2XlWkwlbeW08eNqeX77F1zXhSoBEUuZrRcmy/sZXsa4g9x8 XusQqrjpjc5KvZOkUqJbazbKO86o7kRrOuVNVXR0MHtpmBMOkCI0WKht+RpsA3DN fH0Qd+eo0xtmU0YNSMURr6Z8y+yi3v/pNx4tBQ5ijEAHXB8f9SolfObt63OrcTh3 I347ZIEESfkeqxqBqImJkeRsqvlx2pv2ChF0fm638vgiYFXU+a4xYLP45ovR0wg6 c4P0GYK3mE2yieQjio3zAj/Z9Qc4DW39FJNIeU1zYY+73yzkn28CprW6nn9eaRvf cz+vaU2IamD/e4vJgHpiB5vewwaZSx1a81OkpDn8O7xWyO4azp4eViA2K5jwM2Cf LL7/fztfJoapob+polncNECb3Bi3aT/yKeI9tbunb7x8jCHqIBWtGrvKJ0U5q25U XzH1Wk6EZCtYhiYXQvyPoktKmXfDuayMiq+IexdMBic+I/Uqv5scQuFrjEZVlFj+ hSNd9OpPQwXKL7ScFAyznw6R4h5yzPZyW01KtO1jVek1oOOdIRI7PxLRgJReh6j0 78GINeUMF8NCRkYY4/sf =zX1T -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with RewriteValve and folders (tomcat 8.0.15)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jérémie, On 2/17/15 10:47 AM, Jérémie Barthés wrote: I don't have more to say than : There is a bug using the RewriteValve :If you are targeting a folder and there is no / at the end of the URI, The end of which URI? The one in the rewrite rule? Or the one the client sends in the URL? the rewritten URI is visible for the client browser (302 redirection). Example : http://myhost.com/myFolder = http://myhost.com/rewriteTrick/myFolder/ instead of http://myhost.com/myFolder = http://myhost.com/myFolder/; It looks like in this case, the rewrite rule isn't matching, and the DefaultServlet is performing redirection instead. This sounds like a configuration mistake on your part, not a bug in the rewrite valve. The bug is solved for me. I just wanted to tell developers about it. - -chris Le 17/02/2015 15:34, Christopher Schultz a écrit : Jérémie, On 2/17/15 6:20 AM, Jérémie Barthés wrote: I just installed tomcat 8 and used the RewriteValve to forward some old URLs on my new tomcat8 webapp. I had an issue for URIs targeting a folder: If there is no / at the end of the URI, the rewritten URI is visible for the client browser (302 redirection). Example : http://myhost.com/myFolder = http://myhost.com/rewriteTrick/myFolder/ instead of http://myhost.com/myFolder = http://myhost.com/myFolder/ I made a custom patch on RewriteValve to solve it. I would like to know if it'll be corrected on next releases. (i tried on 8.0.18 but there is still the issue) Regards, Jeremie Barthes Oodrive France Between lines 480 and 500 : boolean folderRedirect = false; try{ request.getMappingData().recycle(); request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), null, request.getMappingData()); if(request.getMappingData().redirectPath.toString()!=null){ folderRedirect = true; } } catch (Exception e){ //ignore } request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); } } } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } The best practice would be to file an enhancement request in Bugzilla, write and attach a test case that demonstrates the problem (or describe it in very great detail... from the above, I don't know what you have changed and why), and attach your changes (as a patch, using svn diff or something similar) to the Bugzilla issue. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU44rQAAoJEBzwKT+lPKRYLwEQAJgAdh33TnTRbkRtBfugTc5D 8VwtHftAfL6ykdbGTYllInSfhxZkWH3fA7gxqBb18TaICqw0sxAVg1TaKIjtEwYb TQzxryNJQsg1fJ97L56EauRJyKikO0OTE7XUT8S5TIr/Z0YuhfQzIOKA+KvzyiUE rDbJ4N4TA41fvgA7aCdeQluDGJ/sOnFVotq5sSp6j41XSCAfWXrg8r+FlVegPJm8 fblHS3E19PTvv/IuJaNDPefafpdLoyiMYnfPgC8MKYbfipUCJLyl30ZTjiBw2Jmi 9SGqPFkk9y2Yk72R5ihL1dExb332nBwV7xZIVJsyDysKWW2OYI/XY7BYwSW8rguA 05hdEetI1UFgWavh6imqzWoDpOV35Pi+crYB+ZUDeDHfHCxjhvyxlXhXFtp6QkB+ yODHW4qXA4QPjsSNG+I6letaDA2lvxDNlzjip/iSsjEfwOMj6E6vnqkW7oD92YxF lcNaqI9weDDJwaJZUrra3dxqR4VYj0WcmHsUY/+uqQhh083KKPhpJ6r54xL9Dv4N 1vFdJIRelhX2YxlXTUS5Jx/vhEHGS5P95un92tdP46WyOS9s3Jkutigt5E4I9AaG v9AdGlDZwah9q8sJ00U1tqGdkMwRdY12KHtY9loWRY1T7Gn3pAzPIcNSvvCR8OE2 uCigdMtsLsOMvqIPz5Mh =xqs9 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Issue with RewriteValve and folders (tomcat 8.0.15)
Hi, I just installed tomcat 8 and used the RewriteValve to forward some old URLs on my new tomcat8 webapp. I had an issue for URIs targeting a folder: If there is no / at the end of the URI, the rewritten URI is visible for the client browser (302 redirection). Example : http://myhost.com/myFolder = http://myhost.com/rewriteTrick/myFolder/ instead of http://myhost.com/myFolder = http://myhost.com/myFolder/ I made a custom patch on RewriteValve to solve it. I would like to know if it'll be corrected on next releases. (i tried on 8.0.18 but there is still the issue) Regards, Jeremie Barthes Oodrive France Between lines 480 and 500 : boolean folderRedirect = false; try{ request.getMappingData().recycle(); request.getConnector().getService().getMapper().map(request.getCoyoteRequest().serverName(), request.getCoyoteRequest().requestURI(), null, request.getMappingData()); if(request.getMappingData().redirectPath.toString()!=null){ folderRedirect = true; } } catch (Exception e){ //ignore } request.getMappingData().recycle(); // Reinvoke the whole request recursively try { request.getConnector().getProtocolHandler().getAdapter().service (request.getCoyoteRequest(), response.getCoyoteResponse()); if(folderRedirect response.getCoyoteResponse().getStatus() == 302){ if(!request.getCoyoteRequest().requestURI().getByteChunk().toString().endsWith(/)){ String requestParam = request.getQueryString() == null ? : '?' + request.getQueryString(); response.setHeader(Location, request.getCoyoteRequest().requestURI().getByteChunk().toString() + '/' + requestParam); } } } catch (Exception e) { // This doesn't actually happen in the Catalina adapter implementation } - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.15 - error using Web Services
And the XML file that contains that reference is located where in the web application? This is the package structure that shows the location of the Types.xsd. Types.xsd is included in Account.xsd. ---com test -example --api ---common schemas Types.xsd ---account schemas Account.xsd (xsd:include schemaLocation=../../common/schemas/Types.xsd /) ---consumer schemas Consumer.xsd (xsd:include schemaLocation=../../common/schemas/Types.xsd /) Please let me know if this doesn't answer the question or there is other question/response in this thread that I am missing. Thank you, Marina On Wed, Dec 10, 2014 at 8:42 AM, Mark Thomas ma...@apache.org wrote: On 10/12/2014 14:21, Marina F wrote: Hello, Tomcat 8.0.15 I am getting an error when using web services. (no errors if using Tomcat 7.0.50) Schema: xsd:include schemaLocation=../../common/schemas/Types.xsd / Error: Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Allocate exception for servlet api-ws-soap java.lang.IllegalArgumentException: The resource path [/../../common/schemas/Types.xsd] has been normalized to [null] which is not valid And the XML file that contains that reference is located where in the web application? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.15 - error using Web Services
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/2/15 6:10 PM, Marina F wrote: Hi Mark, I installed Tomcat 8.0.18 and I am still seeing the same error. I am wondering if you have any suggestions? Mark had a suggestion back on 10 January when you posted this question initially. Care to read his response? - -chris On Wed, Dec 10, 2014 at 9:10 AM, Marina F m86...@gmail.com wrote: ---com test -example --api ---common schemas Types.xsd ---account schemas Account.xsd (xsd:include schemaLocation=../../common/schemas/Types.xsd /) ---consumer schemas Consumer.xsd (xsd:include schemaLocation=../../common/schemas/Types.xsd /) On Wed, Dec 10, 2014 at 8:42 AM, Mark Thomas ma...@apache.org wrote: On 10/12/2014 14:21, Marina F wrote: Hello, Tomcat 8.0.15 I am getting an error when using web services. (no errors if using Tomcat 7.0.50) Schema: xsd:include schemaLocation=../../common/schemas/Types.xsd / Error: Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Allocate exception for servlet api-ws-soap java.lang.IllegalArgumentException: The resource path [/../../common/schemas/Types.xsd] has been normalized to [null] which is not valid And the XML file that contains that reference is located where in the web application? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU0S+JAAoJEBzwKT+lPKRYNGoQAKIUuiqislkBLvKlppX+cPFK 7J64UyDf7GnKyHiWYv/hGV0tHi/UVSj6L7LgG0CSaZtLpREoc8SnzXWN7e8EQokR YX1VDd2SibSU0vsspdZUet+PjwRQ8zsipiFj7PEDQiZUc84Dl7xsw+tq4SlZcNIv PkwEqnMuRNtZ6nfopJyzIyGNd3kQRDvA5uB75lWUimfe7fsLPL4fpOzuVLAbk7DQ EyAwABr5DesA4joiHyI/1R+YFGJm+7ZEXtYdxclfGL04tUmVh0XcsQhjLNcSUbhJ sVEp3YZrJFPs1db8/VFrmMvTroNB/W/5FsH1uNYFWsCHjo+ZJHNdlsYfJXl/RHi1 xudswCuEUvF9Flpq7vglESYdjxXfBGLhP9marESHyEbzr0cXMtRhO4iCc8nR8cRl L4ntMaS3CzJf7g7MATKcvWvJZv8TX5u4x5mYIhOez4hmaUdHNtx5b6Ga4QxIqmMm WdYIP1Xe50NkjsLJxQMPEjp56rfaYHM20YD7SYuVWPS9/rgxM1G1Hm9XcdnB4pLG 2Easx1Mo09ykgXAkXYC40dAQl1cdOwYPQXR8kmxtQQff7cCTEAglPnyWjjuPcOlR mo1D3Ne6dXbQOvehYi/ontBgs/pWSpAab8zxHe/v1lfveR1gbHIBb8oCVYvKpvAn BlNdNcE/s+02930dEk6H =qNQg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.15 - error using Web Services
Hi Mark, I installed Tomcat 8.0.18 and I am still seeing the same error. I am wondering if you have any suggestions? Thanks, Marina On Wed, Dec 10, 2014 at 9:10 AM, Marina F m86...@gmail.com wrote: ---com test -example --api ---common schemas Types.xsd ---account schemas Account.xsd (xsd:include schemaLocation=../../common/schemas/Types.xsd /) ---consumer schemas Consumer.xsd (xsd:include schemaLocation=../../common/schemas/Types.xsd /) On Wed, Dec 10, 2014 at 8:42 AM, Mark Thomas ma...@apache.org wrote: On 10/12/2014 14:21, Marina F wrote: Hello, Tomcat 8.0.15 I am getting an error when using web services. (no errors if using Tomcat 7.0.50) Schema: xsd:include schemaLocation=../../common/schemas/Types.xsd / Error: Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Allocate exception for servlet api-ws-soap java.lang.IllegalArgumentException: The resource path [/../../common/schemas/Types.xsd] has been normalized to [null] which is not valid And the XML file that contains that reference is located where in the web application? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JSp dynamic include in tomcat 8.0.15
On 1/25/2015 4:23 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Srikanth, On 1/24/15 12:03 AM, Srikanth Hugar wrote: When i include jsp:include page=/WEB-INF//countries.jsp / It does not work in tomcat 8.0.15. I think there are too many dots in there. It that just an example? What do you mean it does not work? and my included jsp file contents are something like : div class=txt form:select path=country form:option value=US label=US - UNITED STATES OF AMERICA / ... /form:select /div What could be the problem? That depends on what happens when you try the above. I'm not a JSP expert, but you might need to use %@ include instead of jsp:include if you want to include files from within /WEB-INF/. - -chris From the JavaServer Pages Specification: The %@ include file=... % directive is processed at translation time. The included content is parsed by the JSP container. Only static content may be included. The file attribute is interpreted relative to the current JSP file. The jsp:include page=... / action is processed at request time. The included content is not parsed. Static and dynamic content may be included. The page attribute is interpreted relative to the current JSP page. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JSp dynamic include in tomcat 8.0.15
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Srikanth, On 1/24/15 12:03 AM, Srikanth Hugar wrote: When i include jsp:include page=/WEB-INF//countries.jsp / It does not work in tomcat 8.0.15. I think there are too many dots in there. It that just an example? What do you mean it does not work? and my included jsp file contents are something like : div class=txt form:select path=country form:option value=US label=US - UNITED STATES OF AMERICA / ... /form:select /div What could be the problem? That depends on what happens when you try the above. I'm not a JSP expert, but you might need to use %@ include instead of jsp:include if you want to include files from within /WEB-INF/. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUxWztAAoJEBzwKT+lPKRYFWMP/1zd5tzdCmDXEc6nPHuAL8s0 d2726rQNGrCKuPVjWrZ9/2TJWhwLrP5ZYspH5STgL0wf4ja/Z0M4CFt4uw8nNNjT btadOioVkNykElTAtEDQiL+ZNHh8pushE+CIh5twEzQoVRny1WNvN8IeKe/Sg/BZ sa0qbQP1UhZ4Tcp+UO3esrxyLoyTLRx+/ZSGQlr7+7qpQCIR80z986f2QkALXVff rgxzV3tcz+U4b05Vs41bE/BCSdcF5LqiUrGjaR61A53VkICpFpyrb1xU0kupKxNW mq2Vvo7X2hyCNNbdSA/mCTovwKrx84q+uKcOVXzTPAu7S1+nSV6Q9eT8+sDlejro zGdMZ6JZLdggPq2Cm5ecnhEOKIBgsYDAe/S34qmJLAjOCCysShvIW121Hvj01hb0 6c4l0hHRMErWcLgFIKvt7Wr4LYOVkMJ9dJV7UqUPILRoLPd3OYnnMAfTxV9sTuRF mUga+V1SnuGiT9rDEndMDAwBSfLOg98pYWxDMSCuRGhSR5uMvSROWerEK51NQbTz OanOU4ktfwXlA7LVJmlBi/1lMQ11Rb32SlX0Ev0StHRLj3LQOtFNC4kc3HYVMOt0 viXsa1sx0eOjtJ+e1Jv5mAaMvixB1N8hbS8r1NSo63XKaxoHQDZ4Aodpf+d7q+pr ipZSRTiV3s25QPXOv8qb =jE7/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JSp dynamic include in tomcat 8.0.15
When i include jsp:include page=/WEB-INF//countries.jsp / It does not work in tomcat 8.0.15. and my included jsp file contents are something like : div class=txt form:select path=country form:option value=US label=US - UNITED STATES OF AMERICA / ... /form:select /div What could be the problem?
Re: Tomcat 8.0.15, EL Performance
Hmmm. No performance loss with simple single jsp page. I will try to track it down some more. The application has database functionality, many xsl transformations, Solr search and so on. I will first reduce the functionality and hopefully find the bottleneck. Thanks so far. Dirk Am 17.01.2015 02:03 schrieb Mark Thomas ma...@apache.org: On 16/01/2015 16:01, Dirk Högemann wrote: Hello, I am trying to upgrade a JSP-based application, which is usually hosted on Tomcat (currently 7.0.57) to Version 8.0.15. Unfortunately I am facing a massive performance degradation - only 40% of the performance of 7.0.56 is reached when running the exact same JMeter Test with Tomcat8. Relevant value here is: 24 page impressions per second on Tomcat 8.0.15. On Tomcat 7.0.56 it reaches up to 60 PI/s. A sampler captured with JVisual VM shows a hotspot on Class: org.apache.jasper.el.JasperELResolver.getValue - 63,9 % of CPU self time Tomcat 7.0.57: 0,8 % Usage of Java8 or Java7 makes no difference. Any ideas to improve the performance? Not yet. Or is anybody facing similar issues? Not that I recall. Can you simplify this to a single JSP (ideally as simple as possible) that is significantly slower on 8.0.x compared to 7.0.x? With that, we can take a look at what is going on. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 8.0.15, EL Performance
Hello, I am trying to upgrade a JSP-based application, which is usually hosted on Tomcat (currently 7.0.57) to Version 8.0.15. Unfortunately I am facing a massive performance degradation - only 40% of the performance of 7.0.56 is reached when running the exact same JMeter Test with Tomcat8. Relevant value here is: 24 page impressions per second on Tomcat 8.0.15. On Tomcat 7.0.56 it reaches up to 60 PI/s. A sampler captured with JVisual VM shows a hotspot on Class: org.apache.jasper.el.JasperELResolver.getValue - 63,9 % of CPU self time Tomcat 7.0.57: 0,8 % Usage of Java8 or Java7 makes no difference. Any ideas to improve the performance? Or is anybody facing similar issues? Best regards Dirk
Re: Tomcat 8.0.15, EL Performance
On 16/01/2015 16:01, Dirk Högemann wrote: Hello, I am trying to upgrade a JSP-based application, which is usually hosted on Tomcat (currently 7.0.57) to Version 8.0.15. Unfortunately I am facing a massive performance degradation - only 40% of the performance of 7.0.56 is reached when running the exact same JMeter Test with Tomcat8. Relevant value here is: 24 page impressions per second on Tomcat 8.0.15. On Tomcat 7.0.56 it reaches up to 60 PI/s. A sampler captured with JVisual VM shows a hotspot on Class: org.apache.jasper.el.JasperELResolver.getValue - 63,9 % of CPU self time Tomcat 7.0.57: 0,8 % Usage of Java8 or Java7 makes no difference. Any ideas to improve the performance? Not yet. Or is anybody facing similar issues? Not that I recall. Can you simplify this to a single JSP (ideally as simple as possible) that is significantly slower on 8.0.x compared to 7.0.x? With that, we can take a look at what is going on. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Invalid Server SSL Protocol on Tomcat 8.0.15 with Tomcat Native library 1.1.32 and APR 1.5.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 12/17/14 8:12 PM, Mike Wertheim wrote: I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with APR. (I'm using JDK 1.8.0.25 on CentOS.) My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1 while still using Tomcat 7.0.41. This combination works great. My webapp starts up and is accessible using either SSL or non-SSL. Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32 and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of catalina.out are a message that shows that Tomcat Native library 1.1.32 and APR 1.5.1 are indeed in use. My webapp starts up and is accessible using non-SSL requests, but SSL requests don't work. When I saw that SSL wasn't working, I looked in catalina.out and saw this: org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has initialised correctly and that a valid SSLProtocol has been specified at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) [...] Caused by: java.lang.Exception: Invalid Server SSL Protocol (error::lib(0):func(0):reason(0 )) at org.apache.tomcat.jni.SSLContext.make(Native Method) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527) The SSL Connector in server.xml looks like this: Connector port=8443 URIEncoding=utf-8 maxKeepAliveRequests=3 keepAliveTimeout=3000 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/home/scuser/ssl/cert.crt SSLCertificateKeyFile=/home/scuser/ssl/cert.key SSLCertificateChainFile=/home/scuser/ssl/intermediateCA.cer clientAuth=false sslProtocol=TLS/ Can anyone see what might be going wrong? As Konstantin points out, sslProtocol needs to be SSLProtocol for the APR connector, but the APR connector has a default SSLProtocol whose value is all (which is a synonym for TLSv1+TLSv1.1+TLSv1.2). What version of OpenSSL are you using? It's possible that your version of OpenSSL and the combination of protocols requested don't line up. I haven't made a table of behaviors with different inputs, but the native code in make() looks like there are multiple failure scenarios. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUkspKAAoJEBzwKT+lPKRYYyoP/RIzDGMncLX0IDuQEPLGCVnf aNirPO+b9WlwmcXUmL5pznCiWHz+LneN6MydAUWtF+SUbsKR5x6caMBeRsOweeve hYRZxIHP5U58A2feYJ/VYRCDAGKOXMWCWJwgS9JEKF1QsBR1khoXLteCAvMmNIbb QVSByE3FNPD8PHI5Xl8Zo9EAFFUhCco1w4c72efdmCoIP2+sGQAUxX+gw3gKz3lm JZv0LlYUNbKxHVM9NmGDRYWMWs1sZSENkjaNH3jDDR4jonk4oU6kJQ7N+yZZa3HK 7CsekRMr+PId2QyESVxCxWvl7GNMeG/Yl5aUUfDn0xSTLiYcF2nTRNkrMnepmdS1 ljX7zM+k+1h8KsO/X7Y5E4XMTGwD9rbldKP6j+73J9QWUQlU0xA27wdC6mMZlf+I 38lBJsKeBS8rR3RQC6I8rr4gPdV4qrk4HmLFpn0FYHXrDF82tSx2z9BnBTz9vynZ RPkk1TCQuGeQLaDo9D5/wGpfgb69KdAHEQEhRNIq3GHUm6DY/jqcF2cTBM71GZo3 JPJHBnoQ3h33Te5TqoigO3BLmRIxQnaXVOWPRYRwvxrO6wUUBgPO4337hjgxoldL HFHbvORE2iX1KwifWPA9S8ckKSX69Co11oxyHtXo+HDPeHuj4jcP8ojN3nyaosES i3glOCBcF06g2vNn7vcM =wW5G -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Invalid Server SSL Protocol on Tomcat 8.0.15 with Tomcat Native library 1.1.32 and APR 1.5.1
I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with APR. (I'm using JDK 1.8.0.25 on CentOS.) My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1 while still using Tomcat 7.0.41. This combination works great. My webapp starts up and is accessible using either SSL or non-SSL. Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32 and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of catalina.out are a message that shows that Tomcat Native library 1.1.32 and APR 1.5.1 are indeed in use. My webapp starts up and is accessible using non-SSL requests, but SSL requests don't work. When I saw that SSL wasn't working, I looked in catalina.out and saw this: org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has initialised correctly and that a valid SSLProtocol has been specified at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) [...] Caused by: java.lang.Exception: Invalid Server SSL Protocol (error::lib(0):func(0):reason(0 )) at org.apache.tomcat.jni.SSLContext.make(Native Method) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527) The SSL Connector in server.xml looks like this: Connector port=8443 URIEncoding=utf-8 maxKeepAliveRequests=3 keepAliveTimeout=3000 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/home/scuser/ssl/cert.crt SSLCertificateKeyFile=/home/scuser/ssl/cert.key SSLCertificateChainFile=/home/scuser/ssl/intermediateCA.cer clientAuth=false sslProtocol=TLS/ Can anyone see what might be going wrong? Thanks, Mike
Re: Invalid Server SSL Protocol on Tomcat 8.0.15 with Tomcat Native library 1.1.32 and APR 1.5.1
I should have included this in the previous message. The AprLifecycleListener is declared in server.xml like this: Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim m...@hyperreal.org wrote: I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with APR. (I'm using JDK 1.8.0.25 on CentOS.) My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1 while still using Tomcat 7.0.41. This combination works great. My webapp starts up and is accessible using either SSL or non-SSL. Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32 and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of catalina.out are a message that shows that Tomcat Native library 1.1.32 and APR 1.5.1 are indeed in use. My webapp starts up and is accessible using non-SSL requests, but SSL requests don't work. When I saw that SSL wasn't working, I looked in catalina.out and saw this: org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has initialised correctly and that a valid SSLProtocol has been specified at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) [...] Caused by: java.lang.Exception: Invalid Server SSL Protocol (error::lib(0):func(0):reason(0 )) at org.apache.tomcat.jni.SSLContext.make(Native Method) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527) The SSL Connector in server.xml looks like this: Connector port=8443 URIEncoding=utf-8 maxKeepAliveRequests=3 keepAliveTimeout=3000 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/home/scuser/ssl/cert.crt SSLCertificateKeyFile=/home/scuser/ssl/cert.key SSLCertificateChainFile=/home/scuser/ssl/intermediateCA.cer clientAuth=false sslProtocol=TLS/ Can anyone see what might be going wrong? Thanks, Mike
Re: Invalid Server SSL Protocol on Tomcat 8.0.15 with Tomcat Native library 1.1.32 and APR 1.5.1
Hi Mike. here is my working configuration with APR. Connector port=7443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=150 SSLEnabled=true scheme=https secure=true clientAuth=true sslProtocol=TLSv1.2 SSLCertificateFile=/opt/_cdrom_apache/certs/dev-apr.pem SSLCertificateKeyFile=/opt/_cdrom_apache/certs/key.pem SSLCACertificateFile=/opt/_cdrom_apache/certs/CA.pem / I hope this will work for you. Regards, Sanaullah On Thu, Dec 18, 2014 at 6:15 AM, Mike Wertheim m...@hyperreal.org wrote: I should have included this in the previous message. The AprLifecycleListener is declared in server.xml like this: Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim m...@hyperreal.org wrote: I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with APR. (I'm using JDK 1.8.0.25 on CentOS.) My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1 while still using Tomcat 7.0.41. This combination works great. My webapp starts up and is accessible using either SSL or non-SSL. Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32 and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of catalina.out are a message that shows that Tomcat Native library 1.1.32 and APR 1.5.1 are indeed in use. My webapp starts up and is accessible using non-SSL requests, but SSL requests don't work. When I saw that SSL wasn't working, I looked in catalina.out and saw this: org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has initialised correctly and that a valid SSLProtocol has been specified at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) [...] Caused by: java.lang.Exception: Invalid Server SSL Protocol (error::lib(0):func(0):reason(0 )) at org.apache.tomcat.jni.SSLContext.make(Native Method) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527) The SSL Connector in server.xml looks like this: Connector port=8443 URIEncoding=utf-8 maxKeepAliveRequests=3 keepAliveTimeout=3000 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/home/scuser/ssl/cert.crt SSLCertificateKeyFile=/home/scuser/ssl/cert.key SSLCertificateChainFile=/home/scuser/ssl/intermediateCA.cer clientAuth=false sslProtocol=TLS/ Can anyone see what might be going wrong? Thanks, Mike
Re: Invalid Server SSL Protocol on Tomcat 8.0.15 with Tomcat Native library 1.1.32 and APR 1.5.1
Thanks for the suggestion. I made my SSL Connector look more like the Connector you sent, and I am still getting the exact same Invalid Server SSL Protocol error. The changes that I made, which had no effect, were: - added protocol=org.apache.coyote.http11.Http11AprProtocol - changed sslProtocol from TLS to TLSv1.2 - changed SSLCertificateChainFile to SSLCACertificateFile On Wed, Dec 17, 2014 at 6:20 PM, Sanaullah sanaulla...@gmail.com wrote: Hi Mike. here is my working configuration with APR. Connector port=7443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=150 SSLEnabled=true scheme=https secure=true clientAuth=true sslProtocol=TLSv1.2 SSLCertificateFile=/opt/_cdrom_apache/certs/dev-apr.pem SSLCertificateKeyFile=/opt/_cdrom_apache/certs/key.pem SSLCACertificateFile=/opt/_cdrom_apache/certs/CA.pem / I hope this will work for you. Regards, Sanaullah On Thu, Dec 18, 2014 at 6:15 AM, Mike Wertheim m...@hyperreal.org wrote: I should have included this in the previous message. The AprLifecycleListener is declared in server.xml like this: Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim m...@hyperreal.org wrote: I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with APR. (I'm using JDK 1.8.0.25 on CentOS.) My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1 while still using Tomcat 7.0.41. This combination works great. My webapp starts up and is accessible using either SSL or non-SSL. Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32 and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of catalina.out are a message that shows that Tomcat Native library 1.1.32 and APR 1.5.1 are indeed in use. My webapp starts up and is accessible using non-SSL requests, but SSL requests don't work. When I saw that SSL wasn't working, I looked in catalina.out and saw this: org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has initialised correctly and that a valid SSLProtocol has been specified at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) [...] Caused by: java.lang.Exception: Invalid Server SSL Protocol (error::lib(0):func(0):reason(0 )) at org.apache.tomcat.jni.SSLContext.make(Native Method) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527) The SSL Connector in server.xml looks like this: Connector port=8443 URIEncoding=utf-8 maxKeepAliveRequests=3 keepAliveTimeout=3000 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/home/scuser/ssl/cert.crt SSLCertificateKeyFile=/home/scuser/ssl/cert.key SSLCertificateChainFile=/home/scuser/ssl/intermediateCA.cer clientAuth=false sslProtocol=TLS/ Can anyone see what might be going wrong? Thanks, Mike
Re: Invalid Server SSL Protocol on Tomcat 8.0.15 with Tomcat Native library 1.1.32 and APR 1.5.1
2014-12-18 4:12 GMT+03:00 Mike Wertheim m...@hyperreal.org: I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with APR. (I'm using JDK 1.8.0.25 on CentOS.) My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1 while still using Tomcat 7.0.41. This combination works great. My webapp starts up and is accessible using either SSL or non-SSL. Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32 and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of catalina.out are a message that shows that Tomcat Native library 1.1.32 and APR 1.5.1 are indeed in use. My webapp starts up and is accessible using non-SSL requests, but SSL requests don't work. When I saw that SSL wasn't working, I looked in catalina.out and saw this: org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has initialised correctly and that a valid SSLProtocol has been specified at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) [...] Caused by: java.lang.Exception: Invalid Server SSL Protocol (error::lib(0):func(0):reason(0 )) at org.apache.tomcat.jni.SSLContext.make(Native Method) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527) The SSL Connector in server.xml looks like this: Connector port=8443 URIEncoding=utf-8 maxKeepAliveRequests=3 keepAliveTimeout=3000 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/home/scuser/ssl/cert.crt SSLCertificateKeyFile=/home/scuser/ssl/cert.key SSLCertificateChainFile=/home/scuser/ssl/intermediateCA.cer clientAuth=false sslProtocol=TLS/ Can anyone see what might be going wrong? The correct property name for APR connector is SSLProtocol, not sslProtocol. The spelling matters. SSLProtocol=TLSv1+TLSv1.1+TLSv1.2 I think that you would also like to configure SSLCipherSuite http://tomcat.apache.org/tomcat-8.0-doc/config/http.html#SSL_Support_-_APR/Native Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problem At Installing Tomcat 8.0.15...
Hi All.. I've downloaded Apache Tomcat 8.0.15 and facing problem while trying to install it. I'm not able to open tomcat.exe and if I'm trying to do so, command prompt is automatically closes with in a second. Please help me to crack this issue by providing detailed steps. -- Thanks Regards.. *Krishna Chaithanya*
Re: Problem At Installing Tomcat 8.0.15...
try to open tomcat.exe in cmd promt. it will list what the problem is. *Thanks and Regards,* Muralidhar Yaragalla. *http://yaragalla.blogspot.in/ http://yaragalla.blogspot.in/* On Mon, Dec 15, 2014 at 6:55 PM, Krishnachaithanya As krishnachaithanya...@gmail.com wrote: Hi All.. I've downloaded Apache Tomcat 8.0.15 and facing problem while trying to install it. I'm not able to open tomcat.exe and if I'm trying to do so, command prompt is automatically closes with in a second. Please help me to crack this issue by providing detailed steps. -- Thanks Regards.. *Krishna Chaithanya*
Tomcat 8.0.15 - error using Web Services
Hello, Tomcat 8.0.15 I am getting an error when using web services. (no errors if using Tomcat 7.0.50) Schema: xsd:include schemaLocation=../../common/schemas/Types.xsd / Error: Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Allocate exception for servlet api-ws-soap java.lang.IllegalArgumentException: The resource path [/../../common/schemas/Types.xsd] has been normalized to [null] which is not valid at org.apache.catalina.webresources.StandardRoot.validate(StandardRoot.java:265) at org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:212) at org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:206) at org.apache.catalina.core.ApplicationContext.getResource(ApplicationContext.java:533) at org.apache.catalina.core.ApplicationContextFacade.getResource(ApplicationContextFacade.java:199) at org.springframework.web.context.support.ServletContextResource.exists(ServletContextResource.java:102) at org.springframework.xml.xsd.commons.CommonsXsdSchemaCollection$ClasspathUriResolver.resolveEntity(CommonsXsdSchemaCollection.java:239) at org.apache.ws.commons.schema.SchemaBuilder.resolveXmlSchema(SchemaBuilder.java:684) at org.apache.ws.commons.schema.SchemaBuilder.handleInclude(SchemaBuilder.java:573) at org.apache.ws.commons.schema.SchemaBuilder.handleSchemaElementChild(SchemaBuilder.java:1511) at org.apache.ws.commons.schema.SchemaBuilder.handleXmlSchemaElement(SchemaBuilder.java:659) at org.apache.ws.commons.schema.SchemaBuilder.build(SchemaBuilder.java:157) at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:497) at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:706) at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:554) at org.springframework.xml.xsd.commons.CommonsXsdSchemaCollection.afterPropertiesSet(CommonsXsdSchemaCollection.java:137) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:271) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:121) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1360) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1118) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:605) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:925) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:472) at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:631) at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:588) at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645) at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508) at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449) at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133) at javax.servlet.GenericServlet.init(GenericServlet.java:158) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1241) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1154
Re: Tomcat 8.0.15 - error using Web Services
On 10/12/2014 14:21, Marina F wrote: Hello, Tomcat 8.0.15 I am getting an error when using web services. (no errors if using Tomcat 7.0.50) Schema: xsd:include schemaLocation=../../common/schemas/Types.xsd / Error: Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Allocate exception for servlet api-ws-soap java.lang.IllegalArgumentException: The resource path [/../../common/schemas/Types.xsd] has been normalized to [null] which is not valid And the XML file that contains that reference is located where in the web application? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.15 - error using Web Services
---com test -example --api ---common schemas Types.xsd ---account schemas Account.xsd (xsd:include schemaLocation=../../common/schemas/Types.xsd /) ---consumer schemas Consumer.xsd (xsd:include schemaLocation=../../common/schemas/Types.xsd /) On Wed, Dec 10, 2014 at 8:42 AM, Mark Thomas ma...@apache.org wrote: On 10/12/2014 14:21, Marina F wrote: Hello, Tomcat 8.0.15 I am getting an error when using web services. (no errors if using Tomcat 7.0.50) Schema: xsd:include schemaLocation=../../common/schemas/Types.xsd / Error: Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Allocate exception for servlet api-ws-soap java.lang.IllegalArgumentException: The resource path [/../../common/schemas/Types.xsd] has been normalized to [null] which is not valid And the XML file that contains that reference is located where in the web application? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Running Manager App with Security Manager turned on - Tomcat 8.0.15
Hi, I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20. Running with catalina start, /manager app works perfectly. Running catalina start -security will result in not deployed manager app. I would *definitely need* both: running Tomcat with Security Manager turned on, and manager application. (I would like to enable non-trusted people to deploy their applications to my server via manager app) Any idea what to do? Thank you in advance! Error log: 20-Nov-2014 11:28:46.242 SEVERE [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory The web application with context path [/manager] was not deployed because it contained a deployment descriptor [C:\Deployments\SOA\apache-tomcat-8.0.15\webapps\manager\META-INF\context.xml] which may include configuration necessary for the secure deployment of the application but processing of deployment descriptors is prevented by the deployXML setting of this host. An appropriate descriptor should be created at [C:\Deployments\SOA\apache-tomcat-8.0.15\conf\Catalina\localhost\manager.xml] to deploy this application. 20-Nov-2014 11:28:46.258 SEVERE [localhost-startStop-1] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [/manager] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1069) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1719) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: org.apache.catalina.LifecycleException: Failed to process either the global, per-host or context-specific context.xml file therefore the [/manager] Context cannot be started. at org.apache.catalina.startup.FailedContext.startInternal(FailedContext.java:199) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ... 14 more Bests, Luka.
Re: Running Manager App with Security Manager turned on - Tomcat 8.0.15
2014-11-20 14:00 GMT+03:00 Luka Pavlič luka.pav...@gmail.com: Hi, I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20. Running with catalina start, /manager app works perfectly. Running catalina start -security will result in not deployed manager app. I would *definitely need* both: running Tomcat with Security Manager turned on, and manager application. (I would like to enable non-trusted people to deploy their applications to my server via manager app) Any idea what to do? Thank you in advance! Error log: What words in the below message you do not understand? Have you searched the mailing list archive for previous answers? 20-Nov-2014 11:28:46.242 SEVERE [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory The web application with context path [/manager] was not deployed because it contained a deployment descriptor [C:\Deployments\SOA\apache-tomcat-8.0.15\webapps\manager\META-INF\context.xml] which may include configuration necessary for the secure deployment of the application but processing of deployment descriptors is prevented by the deployXML setting of this host. An appropriate descriptor should be created at [C:\Deployments\SOA\apache-tomcat-8.0.15\conf\Catalina\localhost\manager.xml] to deploy this application. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running Manager App with Security Manager turned on - Tomcat 8.0.15
Luka Pavlič wrote: Hi, I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20. Running with catalina start, /manager app works perfectly. Running catalina start -security will result in not deployed manager app. I would *definitely need* both: running Tomcat with Security Manager turned on, and manager application. (I would like to enable non-trusted people to deploy their applications to my server via manager app) Any idea what to do? Thank you in advance! Error log: 20-Nov-2014 11:28:46.242 SEVERE [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory The web application with context path [/manager] was not deployed because it contained a deployment descriptor [C:\Deployments\SOA\apache-tomcat-8.0.15\webapps\manager\META-INF\context.xml] which may include configuration necessary for the secure deployment of the application but processing of deployment descriptors is prevented by the deployXML setting of this host. An appropriate descriptor should be created at [C:\Deployments\SOA\apache-tomcat-8.0.15\conf\Catalina\localhost\manager.xml] to deploy this application. Good idea to copy the error log. It seems that it does provide some clues as to what is happening, which can be examined in the online documentation, here : http://tomcat.apache.org/tomcat-8.0-doc/config/host.html#Standard_Implementation See deployXML. I'm not sure that I fully understand myself what it says there, but maybe you do. I think that the appropriate way to understand that very dense (but probably very precise and accurate) paragraph may be to draw a little logical flowchart of it. In any case, the last phrase seems to say that : - if you start without -security, then the default is true - and if you start with -security, then the default is false Which then matches the thing that the last line of the log above is telling you. It's really nice, when the documentation and the logs match perfectly. And even more when the logs tell you exactly what to do to correct the problem. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running Manager App with Security Manager turned on - Tomcat 8.0.15
On 20/11/2014 12:00, Luka Pavlič wrote: Hi, I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20. Running with catalina start, /manager app works perfectly. Running catalina start -security will result in not deployed manager app. I would *definitely need* both: running Tomcat with Security Manager turned on, and manager application. (I would like to enable non-trusted people to deploy their applications to my server via manager app) Any idea what to do? Read the error message in the logs. snip/ An appropriate descriptor should be created at [C:\Deployments\SOA\apache-tomcat-8.0.15\conf\Catalina\localhost\manager.xml] to deploy this application. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[ANN] Apache Tomcat 8.0.15 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.0.15. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language and Java WebSocket technologies. Apache Tomcat 8.0.15 includes numerous fixes for issues identified in 8.0.14 as well as a number of other enhancements and changes. The notable changes since 8.0.14 include: - Add support for RFC6265 cookie parsing and generation. This is currently disabled by default and may be enabled via the CookieProcessor element of a Context. - Add pluggable password derivation support to the Realms via the new CredentialHandler interface. - Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Šebek. This feature requires Tomcat Native library 1.1.32 or later. - Disable SSLv3 by default for all HTTPS connectors Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-80.cgi Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org