John Renne j...@gniffelnieuws.net wrote:
Can I ask you what you consider insecure about AJP by the way?
AJP is, apart from some simple encoding of a few headers which are easily
decoded, a plain text protocol. There is zero encryption. Hence it is not
secure.
I suggest you read the AJP
Rod Macpherson treesp...@gmail.com wrote:
I was under the impression Tomcat 7 supported JAX-RS out of the box.
What gave you that impression?
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional
Christoph Maser christoph.ma...@1und1.de wrote:
Am Donnerstag, den 12.04.2012, 14:02 +0100 schrieb ma...@apache.org:
Christoph Maser christoph.ma...@1und1.de wrote:
Do you see any chance a request for feature in that direction would
be
accpeted?
Right now, no. I don't see a requirement
Peter peterdni...@yahoo.com wrote:
Thanks for the response Mark - it is consistent with both observations
that i noted in the original email (heap post startup was near 0, and
disabling scanning resolves). I looked in the changelog in 26/27 and
did not see anything in there that fits this? If
Violeta Georgieva violet...@apache.org wrote:
Hi,
This mechanism is meant to be a standard way for web frameworks to
extend
the Servlet Container. IMHO this is compliant with the specification:
Your not really humble at all opinion is wrong. This is a Servlet 3.0 feature
and therefore not
Christoph Maser christoph.ma...@1und1.de wrote:
Do you see any chance a request for feature in that direction would be
accpeted?
Right now, no. I don't see a requirement that isn't met by the existing
implementation. If there was a use case that wasn't completely off the wall
that couldn't be
Jim Garrison jim.garri...@troux.com wrote:
I am in an environment where I deploy tomcat via a script. Rather than
keep two entire copies of Tomcat for 32- and 64-bit systems I have the
complete 32-bit download plus the 64-bit tomcat6*.exe files. I'm
upgrading from 6.0.20 to 6.0.35 and my usual
Robinson, Eric eric.robin...@psmnv.com wrote:
Agreed. Anyway, in this case the thread is on a tomcat server that is
only used for scheduled java tasks. Users do not access it directly.
Very puzzling. What's I'd really like is for some well-known tomcat
guru
to say that in our environment, -Xms16M
Dan Tran dant...@gmail.com wrote:
I also notice commons-deamon is upgraded after tomcat 7.0.23
Would this be the main issue?
-D
On Sun, Feb 5, 2012 at 1:40 AM, Dan Tran dant...@gmail.com wrote:
Hello,
Starting tomcat 7.0.25, update windows tomcat server option using
++jmvOptions seems to
Christopher Schultz ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
On 1/21/12 3:02 AM, David Jorm wrote:
Based on reading the advisory and Tomcat patch code, it seems to me
that the issue is simply slow processing when a very large number
of
Violeta Georgieva violet...@apache.org wrote:
Hi,
If the static content is not protected then by default it is cached and
the
corresponding headers are set - see screenshot1 screenshot2.
but when I put it as protected content the following headers are set:
Cache-control:private and Expires
Justin Larose justin.lar...@nexweb.org wrote:
An error occurred at line: 230 in the jsp file: /object_table.jsp
The type Part is ambiguous
227:{
228: //do nothing here - we don't want the filter to be
displayed
for lifecycles
229: }
230: else if
Mark Lim mark_...@symantec.com wrote:
It seems that tomcat is trying the default JSSE implementation despite
the sslImplementationName attribute being set. Are there internal
precedence controls or does the classloader hierarchy matter or what?
No, but what makes you assume what you are trying
Janne Jalkanen janne.jalka...@ecyrd.com wrote:
APR + native. Good catch there, I took apr out and I am no longer
seeing the FD leak.
OK. Sounds like APR/native has an issue. There was a fair bit of refactoring in
7.0.22.
I'll see if I can reproduce it. A simple test case may help.
Mark
Gadi Katsovich gadi_katsov...@yahoo.com wrote:
Hello All,
I am using Tomcat 5.5.30 and am affected by the hashtable collision DoS
vulnerability.
I wanted to know if the Request parameter parsing is always invoked?
Or is it only performed once a servlet asks for a parameter? Meaning if
my
Matthew Tyson matthewcarlty...@gmail.com wrote:
That's right, there is an f5 load balancer. The valve is used to keep
track of whether the request was via HTTPS or not.
What happens if you go direct to Tomcat and bypass the F5?
tcpdump seems to confirm the same. What are you thinking?
Saravanan L saravan...@te-soft.com wrote:
Tomcat does not pass through any proxy. My firefox browser has a proxy
plugin configured which RELAYED this message.
I enabled this plugin because, I wanted to be sure of whats happening.
(I guess I should made it clear)
So the end line is tomcat does
Saravanan L saravan...@te-soft.com wrote:
Please find the server.xml attached.
The real problem is I dont know where to look at.
-There are no error in logs or the linux sys logs.
- I cannot diagnose as the connector(443) does not even connect.
Of course you can diagnose this further.
John Minchuk minchuk.j...@gmail.com wrote:
Quick overview of our setup. Http request
flow from our load
balancers, to
squid proxys, to Apaches, to our Tomcat servers. We migrated to this
setup
from an Oracle App Server.
Apache: 2.2.3
Tomcat: 7.0.11.0
JVM: 1.6.0_22-b04
Linux:
jwklomp janwillem.kl...@gmail.com wrote:
Hello,
I'm migrating existing applications to Tomcat and setting Tomcat up as
described in the 'Security Configuration Benchmark for Apache Tomcat
5.5/6.0' of the Center of Internet Security.
The benchmark recommends enabling the Security Manager.
Jeffrey Janner jeffrey.jan...@polydyne.com wrote:
I might be a little off
You are a long way off and also need to read the Servlet 2.5 spec.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional
of tomcat-7.0.23 are replaced with lib/*.jar
files of
tomcat-7.0.23 - everything works just fine
thank you!
p.s. i think it's an issue of tomcat-7.0.23 not a bug of my app.
but some developer markt ma...@apache.org keeps closing my bug
report,
saying it's a support question, not a bug of tomcat
Christopher Schultz ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill,
On 11/28/11 7:08 PM, Bill Wang wrote:
Here I have the last question, what's the reload option, is it same
as stop/start?
According to markt (who is known to be occasionally trustworthy
Zampani, Michael zamp...@amazon.com wrote:
Hi,
I'm trying to upgrade an existing webapp installation from 7.0.22 -
7.0.23.
On startup, it appears to deadlock, with the threads stuck in
ContainerBase.setRealm
HostConfig.deployDirectories
ContainerBase.startInternal
server.xml and thread dump
Bill Wang bw57...@gmail.com wrote:
Hi Tomcat guru,
I have questions for the tomcat user roles setup.
On-call team (24*7 support) need permission to restart one tomcat
services, if they get call. I think it is maybe possible to let them
restart tomcat throught Tomcat Web Application Manager
Matthew Tyson matthewcarlty...@gmail.com wrote:
I guess what I'm asking is if I just start using the Servlet 3.0
support
for suspending requests out of the box, will it be a thread blocking
implementation I'm using?
That depends what you mean by thread blocking. Once startAsync has been
called
Leo Donahue - PLANDEVX leodona...@mail.maricopa.gov wrote:
Tomcat 6.0.32
When you add a new .war file to the webapps directory (by dragging the
file in there from another directory) and it automaticallyp expands the
web archive, is that any different than what the manager application
does when
Jürgen Link juergen.l...@googlemail.com wrote:
Hi all,
I successfully did set up a tomcat cluster (3 nodes) with session
replication, using the standard DeltaManager.
In order to allow for more nodes, I'd like to switch to BackupManager
for
primary-secondary replication on a dedicated backup
André Warnier a...@ice-sa.com wrote:
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 10/4/2011 1:31 PM, André Warnier wrote:
Or, wasn't there a possibility to place a symlink within the
webapps dir, and have Tomcat /not/ following it when undeploying ?
Russ Michaels r...@michaels.me.uk wrote:
On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Russ,
On 9/8/2011 11:44 AM, Russ Michaels wrote:
ok I have an Apache Tomcat installed via the Railo installer
Christopher Schultz ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 9/7/2011 6:18 PM, Mark Thomas wrote:
Am I missing something?
Yes. You haven't read the docs and you are using the wrong name
for the attribute. Try reading this:
Aristedes Maniatis amania...@apache.org wrote:
I am an enthusiastic user of the new parallel deployment feature of
tomcat 7. But I'm a little unclear about how it interacts with session
replication.
Each version of a webapp is treated as a separate webapp.
If I have a cluster of tomcat
Caldarale, Charles R chuck.caldar...@unisys.com wrote:
From: Bijesh Vijayan [mailto:bijes
v...@gmail.com]
Subject: Re: auth-constraint
Is there a way in tomcat 7 to mention the roles outside of web.xml.
Read section 8 of the servlet 3.0 spec; you might be able to use a
web-fragment.xml to
ranckie frank francki...@gmail.com wrote:
Honestly, I was simply curious why the cryptographically secure
generation
of random unique ids (through java.security.SecureRandom API) is
disabled
by default.
Because it is more expensive. I can't think of a reason why you would need
SecureRandom
Seth Lenzi le...@jimmy.harvard.edu wrote:
I'm using Tomcat v7.0.14, Apache v2.2.17, and mod_jk v1.2.30.
The Servlet I have does not implement CometProcessor. It's just a
regular HttpServlet which creates an AsyncContext from the
HttpServletRequest object. Like the example Servlet at this
Olivier Lefevre lefev...@yahoo.com wrote:
What is the syntax for the maxPostSize Connector parameter:
are notations like 1M or 1G recognized? That would be expected,
even thought the docs:
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
are mum about it.
Thanks,
-- O.L.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.14.
Apache Tomcat 7.0.14 includes bug fixes and the following new features
compared to version 7.0.12:
- new StuckThreadDetectionValve to identify long running requests
- JAAS authentication support for the
the release
candidate
from here:
http://people.apache.org/~markt/dev/tomcat-7/v7.0.14/
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Yes
Stefan Wuschek wusch...@googlemail.com wrote:
Hello,
i am using tomcat 6.0.32 in combination with the eclipse plattform
(helios).
I tried to write a very simple bean just for getting familiar with it.
It is
a simple form [form.jsp] that asks for mail adress and by clicking the
send
button it
tefan Thurnherr st.mailingli...@gmail.com wrote:
Hi
From the Tomcat v7.0.12 changelog [1] :
Don't unpack WAR files if they are not located in the Host's
appBase. (markt)
Why? Couldnt find any issue or other trace relating to this fix...
Because (as per the docs) WARs outside the appBase
Christopher Schultz ch...@christopherschultz.net wrote:
If there is no request content-length, is the amount of data uploaded
to
the server ever checked against this same limit?
Yes, but Tomcat has to count the bytes as they are uploaded so the connection
is dropped later.
Mark
41 matches
Mail list logo