Re: AW: AW: Having trouble with Tomcat crashes. Interesting memory numbers in Manager

2023-02-07 Thread Christopher Schultz
Thomas, James, On 2/6/23 17:00, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello James, -Ursprüngliche Nachricht- Von: James H. H. Lampert Gesendet: Montag, 6. Februar 2023 18:18 An: Tomcat Users List Betreff: Re: AW: Having trouble with Tomcat crashes. Interesting memory numbers in M

Re: How can I extend AceessLogValue

2023-02-03 Thread Christopher Schultz
Hello, On 2/2/23 08:00, shallowinggg wrote: traceId has in request header, but it is encrypted, I need to parse it. %{xxx}i can get header, but encrypted value How about writing a Filter which takes the value from the header, decrypts it, and then puts the unencrypted value into a request-at

Re: Sending access logs to the syslog server

2023-02-03 Thread Christopher Schultz
Devatha, On 2/2/23 13:02, Devatha Naga Puneeth wrote: Apache Tomcat Version : 9.0.65 How to send the access logs of tomcat to the syslog server through log4j.xml ? I have a root logger which is pointing to a syslog appender. But I was not able to see the access logs in the syslog server and wa

Re: Message from a security scan

2023-02-03 Thread Christopher Schultz
James, On 2/2/23 12:38, James H. H. Lampert wrote: That I was "shot down in flames" when I tried to get in from my Chromebook, through the hotspot on my cell phone, makes it unlikely that Tomcat is seeing a proxy IP, especially given that (as I understand it) I would have had to authorize the

Re: [External] : Re: Tomcat as a Windows Service not picking JAVA_OPTS parameter

2023-02-01 Thread Christopher Schultz
Rajagopalan, On 2/1/23 10:22, Rajagopalan Hariharan wrote: No it is not working even after setting the same. Can you copy/paste the entire contents (with any secrets removed) of your Java Options section? After changing that, you did both "save" and re-restart the service, right? Did you e

Re: Tomcat client certicate authentication

2023-02-01 Thread Christopher Schultz
let is to retrieve the user-id from the certificate and determine their role by using a security product native to the platform on which Tomcat is running Hope that helps, -chris On Mon, 30 Jan 2023 at 15:41, Christopher Schultz < ch...@christopherschultz.net> wrote: Dave, On 1/30/2

Re: Tomcat client certicate authentication

2023-01-30 Thread Christopher Schultz
cert chain for you, populate the user principal, etc. -chris On Sun, 29 Jan 2023 at 22:21, Christopher Schultz wrote: Dave, On 1/28/23 09:28, Dave Breeze wrote: this is Tomcat 9.0 running embedded I am trying to authorize access by client certificate. I want the servlet response to be tail

Re: Tomcat client certicate authentication

2023-01-29 Thread Christopher Schultz
Dave, On 1/28/23 09:28, Dave Breeze wrote: this is Tomcat 9.0 running embedded I am trying to authorize access by client certificate. I want the servlet response to be tailored to the user's role. In other words I am not looking to deny access by role. The connector has sslCon.setProperty("cli

Re: Tomcat JDBC CP: Exponential backoff?

2023-01-27 Thread Christopher Schultz
Thomas, On 1/26/23 03:00, Thomas Meyer wrote: Am 18. Januar 2023 23:20:29 MEZ schrieb Christopher Schultz : Thomas, On 1/17/23 13:33, Thomas Meyer wrote: Does Tomcat's CP support exponential backoff in case DB is unavailable for some reason? I didn't find anything in the docume

Re: StaticMembers within Multiple Clusters

2023-01-27 Thread Christopher Schultz
Tim, On 1/25/23 11:26, Tim K wrote: Can you post the rest of that stack trace? Yes, here are 2 stack traces that were encountered. We basically had the cluster working for a few years. We introduced a new Valve for authentication purposes. Also, with this change we had to set a proxy in CATA

Re: [OT] SSO Token not found with RewriteRules

2023-01-27 Thread Christopher Schultz
On 1/24/23 08:04, Berneburg, Cris J. - US wrote: Hey Chris I always include a ROOT context so I don't get nasty errors if there is some kind of misconfiguration at the proxy, etc. It also allows rewrites to be done "outside" of "the application", etc. Out of curiosity, what do you put in t

Re: Tomcat for Apple silicon coming soon?

2023-01-27 Thread Christopher Schultz
Rob, On 1/23/23 18:27, Rob Sargent wrote: On 1/23/23 12:29, m...@cvkimball.com wrote: Dear Folks, I installed Java JDK 17 and Tomcat 10.1 on my better half's Mac Pro M1-based processor. It ran without problems! You have to admit that that is painfully close to "Works on my box". ;) h

Re: AW: Password in Tomcat 9.x

2023-01-21 Thread Christopher Schultz
Alex, On 1/19/23 13:31, a.grub...@bluewin.ch wrote: Do you know if in future apache tomcat releases, this will be possible to put a path? It would be the easiest for everyone, my opinion... I believe there are currently two ways to do with with existing Tomcat releases: 1. service binding pro

Re: AW: AW: AW: Password in Tomcat 9.x

2023-01-21 Thread Christopher Schultz
Alex, On 1/21/23 08:24, a.grub...@bluewin.ch wrote: Then how do you manage the webserver certitficate in Tomcat? Where do you store the password? I would like to do it of course always without, but the architecture is like that I have. Webserver certificate.p12 Webserver certificate.p12.pwd

Re: AW: AW: Password in Tomcat 9.x

2023-01-21 Thread Christopher Schultz
chris -Ursprüngliche Nachricht- Von: Christopher Schultz Gesendet: Mittwoch, 18. Januar 2023 23:30 An: users@tomcat.apache.org Betreff: Re: AW: Password in Tomcat 9.x Thomas and Alex, On 1/18/23 16:03, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello Alex, thanks for the clarification. Now I go

Re: Setting java.protocol.handler.pkgs for Tomcat

2023-01-21 Thread Christopher Schultz
Mark, On 1/20/23 07:17, Mark Thomas wrote: On 20/01/2023 11:18, Dave Breeze wrote: Many thanks Mark for the answers - appreciated. Just to be clear I am running 9.0.71 simply by invoking startup.sh (currently testing). I am not running embedded. I am not too sure therefore about the "Call org.

[ANN] Apache Tomcat 8.5.85 available [CORRECTION]

2023-01-21 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.85. [This post corrects the previous announcement on 2023-01-19 which contained the wrong version number in the subject line. Both posts refer to the same actual release from 2023-01-19.] Apache Tomcat 8 is an op

Re: Tomcat for Apple silicon coming soon?

2023-01-21 Thread Christopher Schultz
10 AM, Christopher Schultz wrote: James, On 1/18/23 20:05, James H. H. Lampert wrote: On 1/18/23 3:11 PM, Christopher Schultz wrote: Tomcat is pure-Java (okay, except for tcnative, which you evidently don't need) and therefore should run on either x86-84 Java via Rosetta 2 or aarch64 Jav

[ANN] Apache Tomcat 8.5.84 available

2023-01-19 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.85. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.85 is a bugfix and fea

Re: Tomcat for Apple silicon coming soon?

2023-01-19 Thread Christopher Schultz
James, On 1/18/23 20:05, James H. H. Lampert wrote: On 1/18/23 3:11 PM, Christopher Schultz wrote: Tomcat is pure-Java (okay, except for tcnative, which you evidently don't need) and therefore should run on either x86-84 Java via Rosetta 2 or aarch64 Java natively. You do not need any sp

Re: Tomcat for Apple silicon coming soon?

2023-01-18 Thread Christopher Schultz
Chris, Bringing this back on-list. Please reply to the list and not to individual members. (See below...) On 1/18/23 06:47, m...@cvkimball.com wrote: I have no idea what tcnative is and how to rebuild it. Christopher Schultz, are you saying I must rebuild tcnative to run Tomcat on AArm64

Re: AW: Password in Tomcat 9.x

2023-01-18 Thread Christopher Schultz
Thomas and Alex, On 1/18/23 16:03, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello Alex, thanks for the clarification. Now I got the topic. I don't think that you can use a path there. The options I have in mind are: - Use properties: https://stackoverflow.com/questions/11926181/environment-

Re: [OT] SSO Token not found with RewriteRules

2023-01-18 Thread Christopher Schultz
Jerry, On 1/17/23 13:30, Jerry Malcolm wrote: In my philosophy for years (possibly not the best philosophy...), the root was for primarily static stuff.  And any JSPs that might need to be in root were sent to other non-root contexts via a rewrite.  I've been moving away from that philosophy i

Re: Tomcat JDBC CP: Exponential backoff?

2023-01-18 Thread Christopher Schultz
Thomas, On 1/17/23 13:33, Thomas Meyer wrote: Does Tomcat's CP support exponential backoff in case DB is unavailable for some reason? I didn't find anything in the documentation in this regards. I don't think is supports any such thing. What would be the purpose of exponential back-off... do

Re: StaticMembers within Multiple Clusters

2023-01-18 Thread Christopher Schultz
Tim, On 1/15/23 12:26, Tim K wrote: I hate to bring back my original thread and I am probably not doing this correctly, but I've been seeing this message occur on my cluster. My tomcat is now at 9.0.70. Possibly there was a breaking change since I first started using the cluster? java.lang.NoC

Re: How-To apply Tomcat patch

2023-01-17 Thread Christopher Schultz
Linwood, On 1/17/23 09:03, Linwood Doty wrote: We have Apache Tomcat 9.0.65 and need to apply .70 patch . 1. Is it necessary to uninstall current Tomcat installation and reinstall with latest target patch - or is there a way to just apply the patch ? environment Windows 2012, Tomcat is used fo

Re: Tomcat for Apple silicon coming soon?

2023-01-17 Thread Christopher Schultz
Mark, On 1/17/23 09:12, Mark Thomas wrote: On 17/01/2023 14:08, Christopher Schultz wrote: Chris and Robert, On 1/16/23 17:08, Mark Thomas wrote: On 16/01/2023 20:40, Robert Turner wrote: You can run an aarm64 version of the Java runtime (various distributions exist) and run Tomcat on that

Re: Query: HSTS | Tomcat 9.0.50

2023-01-17 Thread Christopher Schultz
Deepti, On 1/16/23 23:00, Deepti Sharma S wrote: 1. There is no reverse proxy in between tomcat and UA in my use case. 2. In Tomcat/conf/server.xml I have below connector settings : When I configure HSTS in Tomcat/conf/web.xml and try to access website via HTTPS https://[domain]:8443, HS

Re: Tomcat for Apple silicon coming soon?

2023-01-17 Thread Christopher Schultz
Chris and Robert, On 1/16/23 17:08, Mark Thomas wrote: On 16/01/2023 20:40, Robert Turner wrote: You can run an aarm64 version of the Java runtime (various distributions exist) and run Tomcat on that -- it works well. No specific version of Tomcat is required as it a Java package. +1 I've be

Re: Servlet Deployment Issues

2023-01-13 Thread Christopher Schultz
. The subject was "Tomcat 10.1.4 HTTP Status 404 and 500 Help". Some of your questions have already been answered. -chris On Friday, January 13, 2023, 8:23 AM, Christopher Schultz wrote: Anthony, On 1/12/23 18:18, Anthony Dell'Anno wrote: Good evening everyone, I am just st

Re: Servlet Deployment Issues

2023-01-13 Thread Christopher Schultz
Anthony, On 1/12/23 18:18, Anthony Dell'Anno wrote: Good evening everyone, I am just starting out with Java servlets in Tomcat 10.1.4. I’m learning them using a book written in 2010, of which I don’t remember the authors’ names. Just FYI, a book written in 2010 will be using the Java EE or ol

Re: Question about Redisson

2023-01-13 Thread Christopher Schultz
Doug, On 1/12/23 15:51, Doug Whitfield wrote: Also, Chris's suggesiton to look at org.apache.catalina.connector.RECYCLE_FACADES is a good first step. Note that the value you need for that may not be what you expect. It needs to be "true" whereas I read the name and think it should be "false" to

Re: Is it possible to add hsts header over http response ?

2023-01-13 Thread Christopher Schultz
Shawn, On 1/12/23 20:48, Shawn Heisey wrote: On 1/12/23 01:34, Mark Thomas wrote: On 12/01/2023 08:26, Hiran CHAUDHURI wrote: In that case the Connector would need to be configured with secure="true" to work correctly/securely and the HttpHeaderSecurityFilter would add the HSTS header if conf

Re: Tomcat is not Coming Up

2023-01-13 Thread Christopher Schultz
Prabu, Please don't hijack threads. Start a new thread instead of replying to an old message. Your question will get better visibility that way. Keep reading. On 1/11/23 10:19, Ganesan, Prabu wrote: Our Production Server Was Down, We have not Done any changes on this tomcat Level But we ar

Re: Tomcat 10.1.4 HTTP Status 404 and 500 Help

2023-01-10 Thread Christopher Schultz
Anthony, On 1/10/23 13:58, Anthony Dell'Anno wrote: I'm trying to run my first servlet on Tomcat Welcome! and am continually getting an HTTP Status 404 (I've also gotten 500 previously, with the root cause being an apparent compiler mismatch (it would say that it's being compiled by version

Re: Basic SSL Certificate Usage logging

2023-01-10 Thread Christopher Schultz
pe\":\"RSA\", ... }" } Isn't this what logstash is for? -chris -Original Message- From: Christopher Schultz Sent: Tuesday, January 10, 2023 7:52 AM To: users@tomcat.apache.org Subject: Re: Basic SSL Certificate Usage logging Jon, On 1/9/23 18:17, jonmcalexan...@

Re: Possibilities for fetching config information from Kubernetes

2023-01-10 Thread Christopher Schultz
Mark, Rémy, On 1/10/23 09:58, Rémy Maucherat wrote: On Tue, Jan 10, 2023 at 3:11 PM Christopher Schultz wrote: Mark, On 1/10/23 03:22, Mark Thomas wrote: On 09/01/2023 22:17, Christopher Schultz wrote: All, I'm aware that there is a k8s manager for clustering (CloudMembershipService

Re: Basic SSL Certificate Usage logging

2023-01-10 Thread Christopher Schultz
Mark, On 1/10/23 09:22, Mark Thomas wrote: On 10/01/2023 13:52, Christopher Schultz wrote: Jon, On 1/9/23 18:17, jonmcalexan...@wellsfargo.com.INVALID wrote: Yes Chris, It's just for during startup. For a particular instance I would like to capture the Certificate Info and Truststore

Re: Possibilities for fetching config information from Kubernetes

2023-01-10 Thread Christopher Schultz
Mark, On 1/10/23 03:22, Mark Thomas wrote: On 09/01/2023 22:17, Christopher Schultz wrote: All, I'm aware that there is a k8s manager for clustering (CloudMembershipService) but I was wondering if / how that could be extended in order to provide any other types of automated configur

Re: Basic SSL Certificate Usage logging

2023-01-10 Thread Christopher Schultz
r any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Christopher Schultz Sent: Monday, January 9, 2023 8:10 AM To: users@tomcat.apach

Re: Question about Redisson

2023-01-09 Thread Christopher Schultz
Doug, On 1/9/23 15:48, Doug Whitfield wrote: Interesting. I’m not on the marketing team. What comments are you talking about? I can certainly try to get them removed. I think he's talking about this: "Don’t let your team waste another minute wading through outdated forums or online documentat

Possibilities for fetching config information from Kubernetes

2023-01-09 Thread Christopher Schultz
All, I'm aware that there is a k8s manager for clustering (CloudMembershipService) but I was wondering if / how that could be extended in order to provide any other types of automated configuration information for a Tomcat installation. For example, I'd love to be able to deploy a Tomcat nod

Re: Apache Tomcat 10.0.27 - UML sequence diagram of the authentication process

2023-01-09 Thread Christopher Schultz
Alexander, On 1/9/23 07:21, Alexander Ghyoot wrote: For my thesis, I'm looking into access control in open-source software and am curious how the authentication process works in the Apache Tomcat (10.0.27) architecture. However, the documentation on this seems incomplete. The PNG is a screens

Re: Problems with requests without trailing slash Tomcat 9.0.65

2023-01-09 Thread Christopher Schultz
anent redirect". But you need to remove the mangling of that URL or you will fight against it for years. -chris Вторник, 27 декабря 2022, 22:06 +03:00 от Christopher Schultz : Fedor, On 12/27/22 05:55, Fedor Makarov wrote: proxy for local environment we use the js conf:

Re: Basic SSL Certificate Usage logging

2023-01-09 Thread Christopher Schultz
ooperation. -Original Message- From: Christopher Schultz Sent: Friday, January 6, 2023 2:41 PM To: users@tomcat.apache.org Subject: Re: Basic SSL Certificate Usage logging Mark, On 1/6/23 15:00, Mark Thomas wrote: Hi Jon, In a word, no. Sorry. Some sort of info log message prob

Re: Basic SSL Certificate Usage logging

2023-01-06 Thread Christopher Schultz
Mark, On 1/6/23 15:00, Mark Thomas wrote: Hi Jon, In a word, no. Sorry. Some sort of info log message probably makes sense for this. SNI makes things a little more complicated but we should be able to do something. What is the minimum info you'd like to see? How about adding a request attr

Re: Tomcat 10 and Java versions

2023-01-06 Thread Christopher Schultz
Evan, On 1/6/23 15:08, Evan Rempel wrote: This must have been covered in a previous discussion but I could not find it. Everything I read about Tomcat 10.1 say it has moved to Jakarta EE, but I also read that Tomcat 10.1 runs on/requires "Java 11+". This does not make sense to me so I have

Re: how to block bad request?

2023-01-05 Thread Christopher Schultz
Mark, Jason, On 1/4/23 09:07, Mark Thomas wrote: On 04/01/2023 04:09, Jason Wee wrote: Hi, Happy new year everyone. Background of my production setup. Using tomcat 10 and in linux environment, using the following accesslog valve %a %{X-Forwarded-For}i %h %l %u %t '%r' %s %b '%{Referer}i' '%{

Re: Invalid Keystore format error on Tomcat

2023-01-03 Thread Christopher Schultz
or the error? -chris From: Christopher Schultz Sent: Friday, December 30, 2022 8:39 PM To: Tomcat Users List Subject: Re: Invalid Keystore format error on Tomcat Veni, On 12/30/22 00: 47, Janardhanan, Veni wrote: > This is the output from C: > keytool -list -keystore > C: \SSL\certnew_pfx. 

Re: Query

2023-01-03 Thread Christopher Schultz
Devatha, On 12/31/22 14:13, Devatha Naga Puneeth wrote: How to disable the appending of trailing slash when client requests for the application root context ? I'm curious, why is this a problem for you? Apache Tomcat Version : 9.0.65 I have a sample folder in the webapps. When I access th

Re: Jakarta for Beginners

2023-01-03 Thread Christopher Schultz
Amn, On 12/30/22 20:39, Amn Ojee Uw wrote: Before going any further, I have never program a Enterprise Web Page. I know a little of  HTML and enough of Java and JavaScript and C++ to find my way around, but I am not expert either. Having said that, I would like to get my toes wet in the immense

Re: Invalid Keystore format error on Tomcat

2022-12-30 Thread Christopher Schultz
:D9:65:36:15:00:51:55:09:9B:67:36:2A:7A:CB SHA256: 01:B8:6D:AA:FB:78:A8:6F:88:D7:FE:21:15:D6:7D:CF:F5:E3:F5:39:FA:37:A7:D8:BC:79:E2:08:5E:B9:33:DF Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC (secp256r1) key > Am fine with the email based support.

Re: Invalid Keystore format error on Tomcat

2022-12-29 Thread Christopher Schultz
ve email-based support for free, at my convenience. If you want me to help you and your team debug something in real-time, I can bill you for my time. -chris From: Christopher Schultz Sent: Wednesday, December 28, 2022 12:49 AM To: users@tomcat.apache.org Subject: Re: Invalid Keystore format

Re: Invalid Keystore format error on Tomcat

2022-12-27 Thread Christopher Schultz
Veni, On 12/23/22 12:16, Janardhanan, Veni wrote: Hi, I’ve a self-signed certificate installed on Tomcat 9 which works fine. This is a Crystal Server SAP BO BI 4.3 box. To make it secure I installed our CA signed certificate. After a restart I brought Tomcat up, the logs show ‘Invalid Keystor

Re: Invalid Keystore format error on Tomcat

2022-12-27 Thread Christopher Schultz
Veni, On 12/23/22 12:16, Janardhanan, Veni wrote: I’ve a self-signed certificate installed on Tomcat 9 which works fine. This is a Crystal Server SAP BO BI 4.3 box. To make it secure I installed our CA signed certificate. After a restart I brought Tomcat up, the logs show ‘Invalid Keystore for

Re: Problems with requests without trailing slash Tomcat 9.0.65

2022-12-27 Thread Christopher Schultz
Fedor, On 12/27/22 05:55, Fedor Makarov wrote: proxy for local environment we use the js conf: proxy: {     '/api/': {       target: 'http://localhost:8080/',       changeOrigin: false,     },     '/': {       target: 'http://localhost:8080/lundase',       changeOrigin: false     }   }

Re: apache-tomcat-9.0.70 >> JNDI look up fails in a different thread context class loader !!

2022-12-12 Thread Christopher Schultz
Dineshk, On 12/12/22 08:30, dineshk wrote: I don't think we should suspect the custom class loader here as its very old code and works fine across all application servers e.g. IBM WebSphere and JBoss EAP 7.X. The custom class loader  is required as our java classes are part of the Database wh

Re: Mod_JK vs Mod_Proxy

2022-12-09 Thread Christopher Schultz
. -chris -Original Message----- From: Christopher Schultz Sent: Wednesday, December 7, 2022 4:54 PM To: Tomcat Users List ; jonmcalexan...@wellsfargo.com.INVALID Subject: Re: Mod_JK vs Mod_Proxy Jon, On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: What, pray tell, is an enc

Re: Mod_JK vs Mod_Proxy

2022-12-07 Thread Christopher Schultz
Jon, On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: What, pray tell, is an encrypted AJP connection? Are you talking AJP over an SSH Tunnel (Stunnel)? Exactly. It's absolutely cheating, but it achieves the goal :) -chris -Original Message- From: Christopher Sc

Re: Mod_JK vs Mod_Proxy

2022-12-06 Thread Christopher Schultz
Jon, On 12/6/22 12:36, jonmcalexan...@wellsfargo.com.INVALID wrote: IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not encrypte

Re: Mod_JK vs Mod_Proxy

2022-12-06 Thread Christopher Schultz
Mark, On 12/6/22 08:48, Mark H. Wood wrote: On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote: On 12/5/22 15:03, Cathy Spears wrote: Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned

Re: Mod_JK vs Mod_Proxy

2022-12-05 Thread Christopher Schultz
Cathy, On 12/5/22 15:03, Cathy Spears wrote: Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned end of life for mod_jk or will it continue to be supported for now? Hopefully this will be helpful: https:/

Re: [Tomcat9][Linux]listening all local addresses by default is not security best practice

2022-11-28 Thread Christopher Schultz
Shawn, On 11/23/22 16:19, Shawn Heisey wrote: On 11/23/22 12:43, Robert Turner wrote: My 2 cents: I think that it would be a very strange change to make to a generic product and a "sample" configuration file. If Tomcat was packaged in a distribution, that might be a more reasonable suggestio

Re: listening all local addresses by default is not security best practice

2022-11-28 Thread Christopher Schultz
To whom it may concern, On 11/23/22 14:31, tommydu1...@outlook.com wrote: Hi there, Product: > > [snip] The default behaviour of http connector is listenning all interfaces. False. It is found in the description of "address" in attrib

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

2022-11-22 Thread Christopher Schultz
t in the process. :) -chris -----Original Message- From: Christopher Schultz Sent: Friday, November 18, 2022 14:37 To: users@tomcat.apache.org Subject: Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade Joey, On 11/17/22 10:52, Joey Cochran wrote: You might

[ANN] Apache Tomcat 8.5.84 available

2022-11-22 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.84. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.84 is a bugfix and fea

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

2022-11-18 Thread Christopher Schultz
-Original Message- From: Christopher Schultz Sent: Tuesday, November 15, 2022 21:50 To: users@tomcat.apache.org Subject: Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade Angela, On 11/14/22 11:56, Cantor, Angela T. wrote: We just upgraded OpenJDK from 17.0.4.0.8

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

2022-11-18 Thread Christopher Schultz
Angela, On 11/16/22 20:31, Cantor, Angela T. wrote: And one thing I forgot - yes Chris, could you please provide the code you mentioned in case that is the issue? Sure: import java.security.Provider; import java.security.Security; import java.util.*; /** * A crude class for displaying all th

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

2022-11-18 Thread Christopher Schultz
ing Java 17... hmm. Are you sure Tomcat is running with your Java 17? Did you build the PKCS12 file using openssl or keytool? IIRC, openssl sometimes does things that are within the spec but aren't handled by Java's implementations of these standards. -chris -Original Message---

Re: Why does LockOutRealm not support CredentialHandler?

2022-11-18 Thread Christopher Schultz
Rémy, On 11/17/22 05:07, Rémy Maucherat wrote: On Wed, Nov 16, 2022 at 6:14 PM Christopher Schultz wrote: Rémy, On 11/16/22 07:53, Rémy Maucherat wrote: On Wed, Nov 16, 2022 at 1:36 PM Christopher Schultz wrote: Thorsten, On 11/16/22 03:20, Thorsten Schöning wrote: Guten Tag

Re: Why does LockOutRealm not support CredentialHandler?

2022-11-16 Thread Christopher Schultz
Rémy, On 11/16/22 07:53, Rémy Maucherat wrote: On Wed, Nov 16, 2022 at 1:36 PM Christopher Schultz wrote: Thorsten, On 11/16/22 03:20, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:50 schrieben Sie: That worked right from the start, I

Re: Why does LockOutRealm not support CredentialHandler?

2022-11-16 Thread Christopher Schultz
Thorsten, On 11/16/22 03:20, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:50 schrieben Sie: That worked right from the start, I had a DIGEST in tomcat-users.xml and was able to login with plain-text password provided to the browser. The

Re: Why does LockOutRealm not support CredentialHandler?

2022-11-16 Thread Christopher Schultz
Thorsten, On 11/16/22 02:28, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:00 schrieben Sie: Thorsten, what makes you say "it doesn't work" and "LockoutRealm ignores any credential handler"? When you say "it do

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

2022-11-16 Thread Christopher Schultz
Thorsten, On 11/16/22 02:36, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:17 schrieben Sie: You should double-check the definition of "compliant to CIS benchmark spec" because there is no way in hell that HTTP DIGEST is required.[...]

Re: Why does LockOutRealm not support CredentialHandler?

2022-11-15 Thread Christopher Schultz
Thorsten, On 11/15/22 05:09, Thorsten Schöning wrote: I have some webapp hosted by Tomcat and need to restrict user access to some part of that. One additional requirement is that this app needs to be CIS benchmark compliant and that requires to use LockOutRealm and restricts to store plain-text

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

2022-11-15 Thread Christopher Schultz
Thorsten, On 11/15/22 15:29, Thorsten Schöning wrote: Guten Tag Mark Thomas, am Dienstag, 15. November 2022 um 20:44 schrieben Sie: Assuming digesting passwords with one round of MD5 and no salt isn't acceptable (I'd be surprised if it was) then you are probably looking at HTTPS + BASIC + PBKD

Re: Why does LockOutRealm not support CredentialHandler?

2022-11-15 Thread Christopher Schultz
Rémy and Thorsten, On 11/15/22 06:59, Rémy Maucherat wrote: On Tue, Nov 15, 2022 at 11:11 AM Thorsten Schöning wrote: Hi everyone, I have some webapp hosted by Tomcat and need to restrict user access to some part of that. One additional requirement is that this app needs to be CIS benchmark

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

2022-11-15 Thread Christopher Schultz
Angela, On 11/14/22 11:56, Cantor, Angela T. wrote: We just upgraded OpenJDK from 17.0.4.0.8-2.el8_6 to the above version. Now tomcat won't listen on the desired port. Something is wonky with it accessing the keystore. If you all see anything obvious, could you please advise? Especially i

Re: Alias name [server] does not identify a key entry + tomcat SSL

2022-11-15 Thread Christopher Schultz
Ram, On 11/13/22 22:10, thulasiram k wrote: I have deleted the old certs so only new certs are in the key store. This is probably your problem. Your keystore needs to contain (at least) the server certificate AND ITS key in the keystore. If your keystore contains only certs and no keys, you

Re: FW: Errors in Tomcat logs / application processing

2022-11-08 Thread Christopher Schultz
Prabu, On 11/8/22 03:58, Ganesan, Prabu wrote: Could you please help with below errors We have enabled TLS successfully – but after TLS enabled we are facing below issues . > > [snip] The error we are facing is: “SOAP Problems executing transaction LoginApplication via Web Service, underl

Re: JNDI resourse name value

2022-11-08 Thread Christopher Schultz
Rob, On 11/7/22 16:40, Rob Sargent wrote: On 11/7/22 14:26, Christopher Schultz wrote: Rob, On 11/7/22 14:09, Rob Sargent wrote: Are there any semantics to Resourse name attributes? Or is no more or less valid than As far as Tomcat is concerned, it's basically the Wild West.

Re: JNDI resourse name value

2022-11-07 Thread Christopher Schultz
Rob, On 11/7/22 14:09, Rob Sargent wrote: Are there any semantics to Resourse name attributes? Or is no more or less valid than As far as Tomcat is concerned, it's basically the Wild West. Some other application servers (usually the "enterprise" ones) are super strict about where things

Re: AW: TLS configuration TLS for JMX port

2022-11-07 Thread Christopher Schultz
Markus, On 11/4/22 06:04, Bärtschi, Markus-MGB wrote: On 04/11/2022 08:06, Bärtschi, Markus-MGB wrote: How can I configure TSL for my JMX port without the keystore information showing up on the command line ? Don't use passwords. Rely on operating system file permissions to limit access to

Re: Compatibility, 32 bit ..

2022-11-02 Thread Christopher Schultz
John, On 11/2/22 14:32, John Dale (DB2DOM) wrote: On 11/2/22, Christopher Schultz wrote: John, On 11/2/22 12:44, John Dale (DB2DOM) wrote: I'd like to continue to invest in Raspberry Pi, but also try to put together a functional 32bit build of my software for those poor old negl

Re: [OT] Compatibility, 32 bit ..

2022-11-02 Thread Christopher Schultz
John, On 11/2/22 14:28, John Dale (DB2DOM) wrote: On 11/2/22, Christopher Schultz wrote: If you are bemoaning the Linux kernel dropping support for i486, you might want to read about /why/ they are doing it. Honestly I'm not much of a bomoaner. I am pretty conservative when it com

Re: AW: setenv.sh not loaded

2022-11-02 Thread Christopher Schultz
Johann, On 11/2/22 14:02, aon.913111...@aon.at wrote: I have installed a Tomcat 9.0.68 now on a CentOS vm, following actual recommendations how to do this on CentOS (means on RHEL as well). Following command, find / -name catalina.sh normally will be able to locate that core Tomcat shell scr

Re: Compatibility, 32 bit ..

2022-11-02 Thread Christopher Schultz
of us were there ;) -chris On 11/2/22, Christopher Schultz wrote: John, On 10/28/22 10:46, John Dale (DB2DOM) wrote: I see .. Mark and/or Christopher - this means that no Tomcat 10, right? https://tomcat.apache.org/whichversion.html Tomcat 10.0, yes. Tomcat 10.1, no. Tomcat 10.0 has

Re: [OT] Compatibility, 32 bit ..

2022-11-02 Thread Christopher Schultz
f most graduating high-school seniors. If you are bemoaning the Linux kernel dropping support for i486, you might want to read about /why/ they are doing it. -chris On 11/2/22, Christopher Schultz wrote: John, On 10/27/22 11:03, John Dale (DB2DOM) wrote: Does anyone know of a report de

Re: Partial commit (Transaction rollback )

2022-11-02 Thread Christopher Schultz
Mohan, On 10/31/22 08:37, Mohan T wrote: The same piece of code works in tomcat 8.5. with JDK 8 and Oracle DB 12C. Where is the commit occurring? Where is the rollback occurring? Stack traces for both? -chris -Original Message- From: Rob Sargent Sent: 31 October 2022 18:05 To: u

Re: [SECURITY][UPDATE] CVE-2022-42252 Apache Tomcat - Request Smuggling

2022-11-02 Thread Christopher Schultz
All, There is a typo in this announcement. The affected versions of Tomcat8.5 are 8.5.0 to 8.0.82, not 8.5.52. Thanks, -chris On 10/31/22 12:46, Mark Thomas wrote: CVE-2022-42252 Apache Tomcat - Request Smuggling Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apach

Re: Compatibility, 32 bit ..

2022-11-02 Thread Christopher Schultz
John, On 10/28/22 10:46, John Dale (DB2DOM) wrote: I see .. Mark and/or Christopher - this means that no Tomcat 10, right? https://tomcat.apache.org/whichversion.html Tomcat 10.0, yes. Tomcat 10.1, no. Tomcat 10.0 has been superseded and will not get any further updates, thus you should

Re: [OT] Compatibility, 32 bit ..

2022-11-02 Thread Christopher Schultz
of all of our favorite software if needed. Great. I'm sure the transactions will only take a couple of seconds to commit. No problem ;) -chris On 10/26/22, Christopher Schultz wrote: Shawn, On 10/26/22 00:14, Shawn Heisey wrote: The Linux kernel dropped support for 386 and 486 CPUs s

Re: [OT] Compatibility, 32 bit ..

2022-10-26 Thread Christopher Schultz
Shawn, On 10/26/22 00:14, Shawn Heisey wrote: The Linux kernel dropped support for 386 and 486 CPUs some time ago. I was reading about this today, actually. Linux is currently actively advocating for dropping 486 support, so it must still be in there. -chris ---

Re: Compatibility, 32 bit ..

2022-10-26 Thread Christopher Schultz
John, On 10/24/22 12:00, John Dale (DB2DOM) wrote: Hi Mark; Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before cli: catalina.sh run) java version: openjdk version "9-internal" This looks fishy. Version "9-internal"? Is that a real version? How about you post the result of: $

Re: Apache Tomcat started, but error 404

2022-10-24 Thread Christopher Schultz
Darious, On 10/24/22 04:10, Strib wrote: Due to the security echelon of the network, I can not send the entire stacktrace. However, I can say that it also states the web app archives are not starting. (IllegalStateException: Error starting child). Prominent "caused by" lines state bean creation

Re: Apache Tomcat started, but error 404

2022-10-24 Thread Christopher Schultz
Darious, On 10/24/22 02:50, Strib wrote: Hello and thank you, The error message reads as follows: 'org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/APPWARFILE]]' There are two app files trying to start, and both

Re: [OT] DB2 database locks

2022-10-23 Thread Christopher Schultz
Simon, On 10/21/22 15:12, Simon Matter wrote: Hi, Hello Christopher, Thankyou ! Seems we are not using the connection pooling from Tomcat side , below are the DB configuration parameters on context.xml file, do not see any connection pool details here. Don't forget to change

Re: DB2 database locks

2022-10-21 Thread Christopher Schultz
y and get them fixed quickly. Hope that helps, -chris -Original Message- From: Christopher Schultz Sent: 21 October 2022 00:50 To: Kumawat, Priyanka ; Tomcat Users List Subject: Re: DB2 database locks Priyanka, On 10/20/22 13:15, Kumawat, Priyanka wrote: Thankyou muck for the explanat

Re: BIO connector vs NIO connector

2022-10-20 Thread Christopher Schultz
Mark and Terry, On 10/20/22 06:35, Mark Thomas wrote: On 20/10/2022 10:33, Terry ST SY/OGCIO wrote: Hi , Check on the major changes on Tomcat 7 to Tomcat 9. (One of the major change we initially spotted is the BIO connector used in Tomcat 7 for connector setup was removed in Tomcat 9: https

Re: Using Nashorn in Apache Tomcat

2022-10-20 Thread Christopher Schultz
Simon, On 10/20/22 08:13, Simon Besenbäck wrote: Am So., 2. Okt. 2022 um 12:34 Uhr schrieb Simon Besenbäck < simon.besenba...@gmail.com>: Hi! I am using Apache 10.0.23 on Windows 10. I want to use Nashorn for developing JSP's within the Eclipse IDE. Therefore I use OpenJDK 19 and added the ja

<    2   3   4   5   6   7   8   9   10   11   >