Request for suggestion

Hi, We are using tomcat 8.5.35 on RHEL. I have a .ear file that has a application.xml file in meta-inf folder. See below the contents of the application.xml file . http://java.sun.com/j2ee/dtds/application_1_2.dtd";> Application WEB RVWJ Application adminWEB.war/hub/app/classic/admin audit

Re: Most recent security-related update to 8.5? And setting up access to Manager?

On Mon, Jun 21, 2021 at 12:42:56PM -0400, Christopher Schultz wrote: > On 6/19/21 11:31, James H. H. Lampert wrote: [snip] > > Also, while I'm here, can somebody point me to an example of how to code > > the Manager's RemoteAddrValve setting to allow access from, say, two or > > three arbitrary I

DB Max Connections with Auto-Scaling Group

I have a TC instance running on an EC2 in an AWS Autoscaling group.  I have a database with 500 max connections.  The default EC2 count is 2 instances in the autoscaling group.  I guess that means that I should set the Tomcat resource config for this datasource to be maxTotal = 250, so if both

Re: Subclassing JNDIRealm to return a custom Principal

Roberto, On 21.06.2021 18:31, Roberto Benedetti wrote: Hello, in our product we subclassed JNDIRealm to return a custom Principal with attributes retrieved from Active Directory (bug 65391 is going to add support for that). We overrode authenticate(DirContext, String, String) to retrieve the

Re: Most recent security-related update to 8.5? And setting up access to Manager?

On 6/21/21 9:42 AM, Christopher Schultz wrote: I think it depends upon your environment, honestly. There were many organizations where the "AJP endpoint is trusting, because that's what it's for" announcement was a real surprise and represented a must-fix issue immediately. That was not the cas

Re: Subclassing JNDIRealm to return a custom Principal

On 21/06/2021 17:31, Roberto Benedetti wrote: Hello, in our product we subclassed JNDIRealm to return a custom Principal with attributes retrieved from Active Directory (bug 65391 is going to add support for that). We overrode authenticate(DirContext, String, String) to retrieve the attributes

Re: Most recent security-related update to 8.5? And setting up access to Manager?

James, On 6/19/21 11:31, James H. H. Lampert wrote: We are finally migrating customer installations from 7 to 8.5. Would anybody happen to know, off the top of his or her head, what the most recent security-related update to 8.5 is? I know that 68 is the most recent release, but what's the m

Subclassing JNDIRealm to return a custom Principal

Hello, in our product we subclassed JNDIRealm to return a custom Principal with attributes retrieved from Active Directory (bug 65391 is going to add support for that). We overrode authenticate(DirContext, String, String) to retrieve the attributes and return the custom Principal. In Tomcat 9.0.