> Can you post the rest of that stack trace?
Yes, here are 2 stack traces that were encountered. We basically had
the cluster working for a few years. We introduced a new Valve for
authentication purposes. Also, with this change we had to set a proxy
in CATALINA_OPTS, I'm not sure if that
I hate to bring back my original thread and I am probably not doing
this correctly, but I've been seeing this message occur on my cluster.
My tomcat is now at 9.0.70. Possibly there was a breaking change
since I first started using the cluster?
java.lang.NoClassDefFoundError: Could not
On Wed, Jul 13, 2022 at 10:21 AM EXT-Denton, Sam T
wrote:
>
> This may help you:
> https://stackoverflow.com/questions/15742580/how-to-programmatically-login-to-j-security-check
>
> Sam Denton
> Advisor, Solutions Architect
> Mobile (314) 827-4017
> 24x7 SBS Suppot (405) 312-9936
>
Thanks for
Hello,
I currently have a custom realm in Tomcat 9 that uses form
authentication (j_username/j_password POST to j_security_check). I'm
looking to create a secondary way to establish an authenticated
session. I want to allow trusted sources to be able to POST a
username param to a specific URL
On Tue, Apr 13, 2021 at 9:22 PM Tim K wrote:
>
> On Fri, Apr 9, 2021 at 7:48 AM Tim K wrote:
> > As mentioned in that url, doing a pre-login of sorts before calling
> > HttpServletRequest.login() may be a workaround to accomplish this, but
> > then I would need to call m
On Mon, Oct 18, 2021 at 2:51 PM Beard, Shawn
wrote:
> Update to Tomcat 9.0.54. This could be a known security bug that is fixed
> in this version.
>
> https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54
>
I tried updating to that version but it does not appear to be related;
Running 4 balanced nodes of tomcat 9.0.52 in Linux.
While running with production load, memory usage is slowly growing, it
does not appear to really drop unless the OS/tomcat is restarted.
I did a load test locally with just login actions, did a heap dump,
and MAT says:
One instance of
On Fri, Apr 9, 2021 at 7:48 AM Tim K wrote:
> As mentioned in that url, doing a pre-login of sorts before calling
> HttpServletRequest.login() may be a workaround to accomplish this, but
> then I would need to call my backend authentication service twice for
> each login.
>
&g
On Thu, Apr 8, 2021 at 1:38 PM Christopher Schultz
wrote:
>
> I have some sketches of something like this literally on paper somewhere
> around here to create an interface for applications subscribe to
> authentication events. It would, for example, allow you to write a
> "failed login" record to
On Wed, Apr 7, 2021, 3:43 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> You can't, using the existing API.
>
> You might be able to do it with some nasty ThreadLocal solution, but I
> think you are stuck without resorting to legerdemain.
>
> -chris
Would it be possible to
I have a custom realm which I'm receiving custom messages back within
the realm code and I want to display these messages on the login page,
but I have no idea how this can be accomplished with a custom realm
which is overriding the Principle authenticate method. Any help would
be appreciated,
Was the fix for this added to 9.0.28 or 9.0.29 official releases?
Thanks,
Tim
On Thu, Nov 7, 2019, 1:58 PM Mark Thomas wrote:
> On 07/11/2019 18:04, Mark Thomas wrote:
> > On 07/11/2019 16:44, Mark Thomas wrote:
> >> On 07/11/2019 14:14, Tim K wrote:
> >>
> >>
> >>> I pulled the latest code from GitHub, I see the commit
On Thu, Nov 7, 2019, 6:40 AM Mark Thomas wrote:
> On 06/11/2019 20:04, Mark Thomas wrote:
> > I've found the root cause.
> >
> > When checking the timestamps of JSPs, the JSP engine (because it has to
> > access all resources via the Servlet API) requests a URL for the JSP,
> > opens a
On Tue, Nov 5, 2019 at 3:01 AM Mark Thomas wrote:
> This looks like some sort of concurrency issue. In your test
> environment, how likely is it that:
> - there are concurrent (or at least very close together) changes to a
> JSP
> - that there are concurrent requests for a modified JSP?
In my
On Mon, Nov 4, 2019, 6:19 PM M. Manna wrote:
> I’m just trying to understand, is there really a plausible solution here ?
> Unless we have loadbalanced tomcat instances, can we truly ever stop such
> behaviour (or more importantly, does it make sense to do so)?
>
> For my use case, We do it in
On Mon, Nov 4, 2019, 10:30 AM Mark Thomas wrote:
>
> Thanks. That helps as it means the issue should be reproducible on a
> single, stand-alone instance.
>
> Mark
>
I was able to reproduce this behavior with a single server running a
vanilla 9.0.21 using the example hello.jsp file... I was
On Mon, Nov 4, 2019, 10:06 AM Mark Thomas wrote:
>
> How are you distributing the updates to the JSP to all 4 servers?
>
> Is there a shared file system involved? If yes, exactly what is shared
> between the instances?
>
> Mark
>
Common NFS storage included via (DirResourceSet) within the
of
>
> In my tests when hitting it every second, I make a few changes and it
> works fine (all within the same min). Then I'll let it go for a few mins,
> make a change and more often than not, one or more of the servers gets
> stuck on the previous jsp change... I'm pretty sure the class/java
>
On Fri, Nov 1, 2019, 3:11 AM Mark Thomas wrote:
> On 31/10/2019 22:07, Mark Thomas wrote:
> >
> >
> > On 29/10/2019 14:31, Tim K wrote:
> >> I'm on Tomcat 9.0.21 on Linux. I have Jsps that get updated while
> >> Tomcat is running. I believe development mo
I'm on Tomcat 9.0.21 on Linux. I have Jsps that get updated while
Tomcat is running. I believe development mode is set to true by
default, I do not have it set to true or false in the
$CATALINA_BASE/conf/web.xml for the Jsp servlet init-params. I have a
cluster of 4-8 servers across different
On Tue, Feb 12, 2019, 3:17 AM Keiichi Fujino wrote:
>
> Are you using SSO(org.apache.catalina.authenticator.SingleSignOn)?
> DeltaManager/BackupManager replicate sessions. They do not replicate SSO
> entries.
>
> If you want to replicate SSO Entry in cluster, you can use
> ClusterSingleSignOn.
>
On Fri, Jan 18, 2019, 12:44 PM Tim K wrote:
> On Fri, Jan 18, 2019 at 11:05 AM Christopher Schultz
> wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Tim,
> >
> > On 1/18/19 06:38, Tim K wrote:
> > > Thank
On Fri, Jan 18, 2019 at 11:05 AM Christopher Schultz
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Tim,
>
> On 1/18/19 06:38, Tim K wrote:
> > Thanks for this. The video helps explain it a bit better than the
> > documentation. So I set it
On Fri, Jan 18, 2019, 4:55 AM Mark Thomas On 18/01/2019 01:40, Tim K wrote:
> > On Thu, Jan 17, 2019, 3:36 PM Mark Thomas >
> >> On 17/01/2019 15:28, Tim K wrote:
> >>
> >>> With the DeltaManager, instead of it notifying all nodes when sessions
>
On Thu, Jan 17, 2019, 3:36 PM Mark Thomas On 17/01/2019 15:28, Tim K wrote:
>
> > With the DeltaManager, instead of it notifying all nodes when sessions
> get
> > established, is there a way for it to only share that single node's
> > sessions during a shutdown event
On Tue, Jan 15, 2019, 3:14 PM Mark Thomas On 15/01/2019 18:36, Tim K wrote:
>
> > Question: what's considered a "large" cluster I've seen a lot of
> > documentation about small vs large but I'd like to know what is
> considered
> > large. Could the DeltaMana
On Thu, Jan 17, 2019, 8:09 AM Mark Thomas On 17/01/2019 12:46, Tim K wrote:
> > When I dump the session object of an authenticated (JNDIRealm) user on my
> > local dev environment versus my development server, for some reason
> > the javax.security.auth.subject shows up
When I dump the session object of an authenticated (JNDIRealm) user on my
local dev environment versus my development server, for some reason
the javax.security.auth.subject shows up on the dev server but not my
local. I also spun up a docker container with pretty much default tomcat
config and
On Tue, Jan 15, 2019, 12:51 PM Tim K On Tue, Jan 15, 2019, 4:10 AM Keiichi Fujino
>> Hi
>>
>> If you use StaticMembershipInterceptor, you must set the
>> Cluster#channelStartOptions to 3 to avoid starting membershipservice.
>> If you are using Tomcat 9, you can al
shipInterceptor.
>
>
> 2019年1月10日(木) 22:39 Tim K :
>
> > On Wed, Jan 9, 2019, 2:16 PM Christopher Schultz <
> > ch...@christopherschultz.net wrote:
> >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA256
> > >
> > > Tim,
>
On Wed, Jan 9, 2019, 2:16 PM Christopher Schultz <
ch...@christopherschultz.net wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Tim,
>
> On 1/9/19 10:39, Tim K wrote:
> > I'm trying to split 4 separate tomcat instances into 2 clusters
> > (2x2
I'm trying to split 4 separate tomcat instances into 2 clusters (2x2) to
try and avoid the all-to-all traffic, but even when setting up the Receiver
and Static members to only speak to 1 other instance, some still seems to
find and add the other members outside of the defined config to the wrong
On Sat, Dec 22, 2018, 11:56 AM Christopher Schultz <
ch...@christopherschultz.net wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Tim,
>
> On 12/21/18 08:14, Tim K wrote:
> > On Thu, Dec 20, 2018, 10:11 PM Christopher Schultz <
> > ch...@chris
On Thu, Dec 20, 2018, 10:11 PM Christopher Schultz <
ch...@christopherschultz.net wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Tim,
>
> On 12/20/18 10:18, Tim K wrote:
> >>
> >> I just downloaded and tried 9.0.14 but I'm still getting
>
> I just downloaded and tried 9.0.14 but I'm still getting the
> same BadPaddingException upon starting the second instance. I confirmed
> the encryptionKey matches on my two instances.
>
Maybe something is wrong with my config? For this test, I have both
Tomcats on the same server using
On Wed, Dec 19, 2018, 11:00 PM Christopher Schultz <
ch...@christopherschultz.net wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Tim,
>
> Tomcat 9.0.14 is available and should work much better. Would it be
> possible for you to test the latest release with the encrypted clusterin
On Wed, Nov 21, 2018, 9:48 AM Christopher Schultz <
ch...@christopherschultz.net wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Tim,
>
> On 11/20/18 13:36, Tim K wrote:
> > On Tue, Nov 20, 2018, 12:19 PM Christopher Schultz <
> > ch...@chris
On Tue, Nov 20, 2018, 12:19 PM Christopher Schultz <
ch...@christopherschultz.net wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Tim,
>
> On 11/20/18 11:42, Tim K wrote:
> >>
> >> Ignore the secure port. The code behind that setting was n
>
> Ignore the secure port. The code behind that setting was never
> implemented. We really should remove it.
>
> You want:
>
> http://tomcat.apache.org/tomcat-9.0-doc/config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes
>
> Mark
>
>
I see encrypted cluster traffic has been added to 9.0.13, but upon using a
securePort on the NioReceiver and StaticMember, I'm still able to see clear
text information being passed around with Wireshark... Is there some other
config to set to take advantage of this new feature?
Thank you.
Using latest Tomcat 9.0.11. I'm using the securePort attribute for both
the NioReceiver and StaticMembers but when capturing and inspecting the
traffic over the secure ports with WireShark, I'm seeing all my session
data in clear text, even my username as password (user principal)! I tried
On Fri, Sep 7, 2018, 2:35 AM Jäkel, Guido wrote:
> Dear Tim,
>
> maybe you can do an "independent" check using the JGroups lib stand-alone,
> which offers two sets of a cluster demo. This may help to narrow down the
> issue to the Tomcat setup or the "other" (OS or network configuration)
>
>
> Can you post your configuration(s)? Presumably, all 4 are nearly
> identical. Please post one of them (minus any secrets) and describe or
> copy/paste the differences for the other notes.
>
> - -chris
>
>
Here is my cluster config that I got working, all 4 nodes can talk to each
other after I
I'm experimenting with Tomcat 9.0.8 enabling Cluster support. I've
uncommented the line for it within the server.xml. I have 4 separate
servers on different hosts, all with the same config, except unique
jvmRoute values. Upon startup, it appears that server1 and server4 pair up
and server2 and
On Tue, Jul 31, 2018, 7:42 AM Burghard Britzke
wrote:
> that is, what „transient“ means...
> --
> Gruß
> burghard.britzke
> https://britzke.berlin/
>
> Am 31.07.2018 um 13:39 schrieb Tim K :
>
> On Tue, Jul 31, 2018, 7:31 AM Felix Schumacher <
> felix.schumac..
On Tue, Jul 31, 2018, 7:31 AM Felix Schumacher <
felix.schumac...@internetallee.de> wrote:
> Am 30.07.2018 17:57, schrieb Tim K:
> > On Mon, Jul 30, 2018, 4:26 AM Felix Schumacher <
> > felix.schumac...@internetallee.de> wrote:
> >
> >> Am 27.
On Mon, Jul 30, 2018, 4:26 AM Felix Schumacher <
felix.schumac...@internetallee.de> wrote:
> Am 27.07.2018 13:36, schrieb Tim K:
> > Hello,
> >
> > I'm creating a new app under Tomcat 9.0.8 (local dev: windows, live
> > servers: linux).
> >
> &
Hello,
I'm creating a new app under Tomcat 9.0.8 (local dev: windows, live
servers: linux).
I have successfully created a custom JAAS authentication, which works just
fine.
I have SSO enabled at the moment, but not sure if I really need it.
I left the default StandardManager config in place, I
49 matches
Mail list logo
