Hi, Calder,
Thank you again for your prompt reply.
I will study these documents you kindly shows.
Thank you.
Yours truly,
Kazuhiko Kohmoto
On 2020/05/13 11:59, calder wrote:
Yes.
There is a "Tomcat Security" guide at the Tomcat website.
Also, Mulesoft has a good guide
On Tue, May 12, 2020, 21:48 kohmoto wrote:
> Hi, Calder,
>
> Thank you for your prompt reply.
> I think Tomcat binary files all have root priviledges.
> Should these priviledges should be changed to user priviledges?
>
Yes.
There is a "Tomcat Security" guide at the Tomcat website. Also,
Hi, Calder,
Thank you for your prompt reply.
I think Tomcat binary files all have root priviledges.
Should these priviledges should be changed to user priviledges?
Your truly,
Kazuhiko Kohmoto
On 2020/05/13 11:17, calder wrote:
If TC, running as root, is ever compromised, the compromising
On Tue, May 12, 2020, 19:58 kohmoto wrote:
>
> On 2020/05/13 0:47, John Larsen wrote:
> > I wouldnt recommend running tomcat as root
>
> Actually I run Tomcat as root. Your recommendation seems
> against my practice. It would be appreciated if you would
> advice me about points not running as
Hi, John,
Actually I run Tomcat as root. Your recommendation seems
against my practice. It would be appreciated if you would
advice me about points not running as root.
Thank you.
Yours truly,
Kazuhiko Kohmto
On 2020/05/13 0:47, John Larsen wrote:
I wouldnt recommend running tomcat as
On Tue, May 12, 2020 at 4:30 PM Patrick Baldwin
wrote:
> On Tue, May 12, 2020 at 5:13 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
[snip]
> > There is no catalina.sh that I can find. When I googled that, I found:
> https://forums.centos.org/viewtopic.php?t=54207
> > You
On Tue, May 12, 2020 at 5:13 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Patrick,
>
> On 5/12/20 17:08, Patrick Baldwin wrote:
> > 102$ sudo service tomcat start Redirecting to /bin/systemctl start
> > tomcat.service
>
>
On Tue, May 12, 2020, 16:13 Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Patrick,
>
> On 5/12/20 17:08, Patrick Baldwin wrote:
> > 102$ sudo service tomcat start Redirecting to /bin/systemctl start
> > tomcat.service
>
> Uhh,
On Tue, May 12, 2020, 16:08 Patrick Baldwin
wrote:
> On Tue, May 12, 2020 at 5:07 PM calder wrote:
>
> > On Tue, May 12, 2020, 15:49 Patrick Baldwin
> > wrote:
> >
> > > I turned off systemd for tomcat:
> > >
> > > 84$ sudo systemctl disable tomcat
> >
> > [ snip ]
> >
> > > Restarted tomcat,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Patrick,
On 5/12/20 17:08, Patrick Baldwin wrote:
> 102$ sudo service tomcat start Redirecting to /bin/systemctl start
> tomcat.service
Uhh, doesn't that just call systemd?
Are you sure it's restarting at all?
If you launch Tomcat with
102$ sudo service tomcat start
Redirecting to /bin/systemctl start tomcat.service
On Tue, May 12, 2020 at 5:07 PM calder wrote:
> On Tue, May 12, 2020, 15:49 Patrick Baldwin
> wrote:
>
> > I turned off systemd for tomcat:
> >
> > 84$ sudo systemctl disable tomcat
>
>
>
> [ snip ]
>
> >
On Tue, May 12, 2020, 15:49 Patrick Baldwin
wrote:
> I turned off systemd for tomcat:
>
> 84$ sudo systemctl disable tomcat
[ snip ]
> Restarted tomcat, and it still runs for about 2 minutes then throws
that java.lang.OutOfMemoryError: Java heap space error and dies.
And how are you
I turned off systemd for tomcat:
84$ sudo systemctl disable tomcat
[sudo] password:
Removed symlink /etc/systemd/system/multi-user.target.wants/tomcat.service.
Verified the setenv.sh file:
93$ ls -l /usr/share/tomcat/bin/setenv.sh
-rw-rw-r--. 1 root tomcat 110 May 11 12:56
Chris,
On 5/12/2020 1:25 PM, Christopher Schultz wrote:
> Mark,
>
> On 5/12/20 16:14, Mark Eggers wrote:
>> Chris,
>
>> On 5/12/2020 12:55 PM, Christopher Schultz wrote:
>>> Jonathan,
>>>
>>> On 5/12/20 11:20, Jonathan Yom-Tov wrote:
The problem is that my application is running on AWS
On Tue, May 12, 2020, 13:48 calder wrote:
>
> [ snip ]
>
Does their Tomcat use Systemd?
> If yes, then look for the Systemd unit file - default should be
> /etc/systemd/system/tomcat.service
> that's where they will add an entry like (or modify the existing)
> [ ... ]
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 5/12/20 16:14, Mark Eggers wrote:
> Chris,
>
> On 5/12/2020 12:55 PM, Christopher Schultz wrote:
>> Jonathan,
>>
>> On 5/12/20 11:20, Jonathan Yom-Tov wrote:
>>> The problem is that my application is running on AWS which
>>> apparently
The permission change is a temporary one while we try and figure out why
this isn't working.
On Tue, May 12, 2020 at 4:07 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> John, Patrick,
>
> On 5/12/20 11:47, John Larsen wrote:
Chris,
On 5/12/2020 12:55 PM, Christopher Schultz wrote:
> Jonathan,
>
> On 5/12/20 11:20, Jonathan Yom-Tov wrote:
>> The problem is that my application is running on AWS which
>> apparently doesn't support multicasting so I can't use Tomcat's
>> DeltaManager.
>
> The membership-manager is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
John, Patrick,
On 5/12/20 11:47, John Larsen wrote:
> Should be chmod 644 and also I wouldnt recommend running tomcat as
> root.
It's not clear that Tomcaat is running as root, but it IS clear that
setenv.sh is writable by ANYBODY and likely run
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/12/20 14:19, Jonathan Yom-Tov wrote:
> Thanks Mark. I've tried to use Redisson, it would've been the
> perfect solution for this except for the fact that my session
> object is a deep tree which is mutated in many areas of the code.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/12/20 11:20, Jonathan Yom-Tov wrote:
> The problem is that my application is running on AWS which
> apparently doesn't support multicasting so I can't use Tomcat's
> DeltaManager.
The membership-manager is separate from the
On Tue, May 12, 2020 at 10:28 AM Patrick Baldwin
wrote:
>
> I've gotten passed an odd (to me, anyway) issue with one of our clients
> CentOS systems.
>
> When our webapp starts running, tomcat dies shortly thereafter with an
> OutOfMemoryError. This apparently just started a few days ago.
>
>
On 12/05/2020 18:38, Jonathan Yom-Tov wrote:
> I'm trying to use PersistentManager with FileStore to load sessions from
> disk. Serialization goes ok but when the session is loaded I get an
> exception deserializing one of my application's classes.
>
> [2020-05-12 09:08:52] [SEVERE] Session:
>
Thanks Mark. I've tried to use Redisson, it would've been the perfect
solution for this except for the fact that my session object is a deep tree
which is mutated in many areas of the code. So what happens is that as one
request is changing the session state another will persist its session to
Jonathan,
On 5/12/2020 8:20 AM, Jonathan Yom-Tov wrote:
> The problem is that my application is running on AWS which apparently
> doesn't support multicasting so I can't use Tomcat's DeltaManager. I
> thought of using one of the Store implementations for
PersistentManager but
> that has the
I'm trying to use PersistentManager with FileStore to load sessions from
disk. Serialization goes ok but when the session is loaded I get an
exception deserializing one of my application's classes.
[2020-05-12 09:08:52] [SEVERE] Session:
6325A48BA1D2FC79105C7F4B0A76CB74.worker1;
Should be chmod 644 and also I wouldnt recommend running tomcat as root.
John Larsen
On Tue, May 12, 2020 at 9:28 AM Patrick Baldwin
wrote:
> I've gotten passed an odd (to me, anyway) issue with one of our clients
> CentOS systems.
>
> When our webapp starts running, tomcat dies shortly
Thanks!
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
I've gotten passed an odd (to me, anyway) issue with one of our clients
CentOS systems.
When our webapp starts running, tomcat dies shortly thereafter with an
OutOfMemoryError. This apparently just started a few days ago.
System info:
Tomcat Version: Apache Tomcat/7.0.76
JVM version:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.55.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
On 12/05/2020 16:12, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Is 8.5.55 also coming today?
It is. Just writing the announcement.
Mark
>
>
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Asst Vice President
>
> Middleware Product Engineering
> Enterprise CIO | Platform Services
The problem is that my application is running on AWS which apparently
doesn't support multicasting so I can't use Tomcat's DeltaManager. I
thought of using one of the Store implementations for PersistentManager but
that has the issues which I mentioned earlier. My aim is to get to the
point where
Is 8.5.55 also coming today?
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell
There is typo in title: should be 9.0.35
(from mobile, sorry for typos)
On Tue, May 12, 2020, 22:09 Mark Thomas wrote:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.35.
>
> Apache Tomcat 9 is an open source software implementation of the Java
> Servlet,
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.35.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.35 is a bugfix and
On 12/05/2020 15:47, Garret Wilson wrote:
> Thanks for the announcement.
>
> Is there any rough timeline or roadmap for a stable and/or release
> version of Tomcat 10? (Sorry if this has been discussed here already.)
That depends on the timeline for Jakarta EE 9. Once that has a final
release
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/12/20 05:51, Jonathan Yom-Tov wrote:
> I have an application which changes the state of user sessions in
> lots of places in the code. Is it possible to do a seamless switch
> of Tomcat servers, preserving all sessions?
>
> I know I
Thanks for the announcement.
Is there any rough timeline or roadmap for a stable and/or release
version of Tomcat 10? (Sorry if this has been discussed here already.)
I'm in no rush. I just have an application with embedded Tomcat which is
due for another release soon, and I wondered whether
It was actually one of mine. I put a jar file under lib/ that I forgot had
the offending class packaged into it.
On Tue, May 12, 2020 at 5:13 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jonathan,
>
> On 5/8/20 15:03,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/8/20 15:03, Jonathan Yom-Tov wrote:
> Got it! Using http://jhades.github.io/ it was quick and easy to
> find out that the offending class was indeed loaded from two
> different jar files. After I removed one of them casting worked
>
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M5.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
I have an application which changes the state of user sessions in lots of
places in the code. Is it possible to do a seamless switch of Tomcat
servers, preserving all sessions?
I know I can use PersistentManager to persist sessions and load them. I can
think of two strategies:
1. Persist
42 matches
Mail list logo
