Re: Dynamically Create Subdomains - Tomcat 7x
Hi Andre, I need something like, My main landing page www.mysite.com Subdomains I am looking for myfeature1.mysite.com myfeature2.mysite.com myfeature3.mysite.com etc myfeature is a cookie value which comes from www.mysite.com(this is landing page which drops myfeature cookie).. - Kiran On Fri, Sep 4, 2015 at 3:34 AM, André Warnier (tomcat)wrote: > On 04.09.2015 05:31, Kiran Badi wrote: > >> Hi, >> >> I need some help, I need to create subdomains dynamically, Is this >> possible >> ? >> >> I have a site, www.mymainsite.com >> >> on this main site, I drop the zipcode and city cookie and then I forward >> it >> to front controller, and it's this front controller which will point it >> to >> city subdomain. >> >> Can we create subdomains on the fly in tomcat ? >> >> > Kiran, > Can you try to re-phrase your question in terms which people without a > crystal ball would understand ? > > > > Ce qui se conçoit bien s'énonce clairement - Et les mots pour le dire > arrivent aisément. > L'Art poétique (1674) > Nicolas Boileau-Despréaux > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat 8 Session Timeout
Hi Chris - the servlet spec states "If the time out is 0 or less, the container ensures the default behavior of sessions is never to time out." Currently the timeout value is set to 2 minutes. However the problem is persisting - the environment is using Jersery Servlet 1.3 for REST. If we look inside web service stats - Longest session alive time: 183 s / Processing time: 625 ms Longest session alive time: 207 s / Processing time: 232 ms The current session timeout is set to 120 seconds, so neither of these above session times make any sense, unless a dependency is hanging? Theo From: Christopher SchultzTo: Tomcat Users List , Date: 03/09/2015 16:43 Subject:Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/3/15 8:28 AM, theo.swe...@avios.com wrote: > Thanks Chris - that pointer is very helpful. > > Can you clarify by setting session-timeout to 0, implies after 60 > seconds the session will expire or does it imply the same as -1, > that sessions will not timeout? > > 0 > What does the servlet specification say about the values used there? Hint: your assumptions are already wrong. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6GptAAoJEBzwKT+lPKRYNC4P/0cuUR+RAyAHmWXcaQXIExai VgACUHVxqajMxaBPwVjfap/DRH25COmqzvMo2Bj8KtviL3wIRR5CDxySUObVx14A 4skSKdO8L0MvYaSmx2GDFRNTQkRKRe2EoNivbuCwuT06W0dKr1V2gPXyqp2f9Hm8 GIOOiToU43MONBR2n0IM+F/UvbFxaHVLJoWEIXZ3PoGIcVk6scmGVrS8fp6BvXmw xIWa0VWZuVTnJ0E32vVEuWNBnNSdwpnvQyR4dz5r+Ty/OATNeeYi9JiloBGlKPg0 j02bR8to+vZokGgRz+A1qxQZdmGFHxbsxgrWFNGRJz4MVuBT1kimBs4mq6yDWCg4 kC/lBEO/8QWGag2zuNW1s1oCI0jskEqTWd+PipNYAQSv/GGu7Tvpa5N6CUriePmH 3se/rJdiNlcI0S4AVJpnJ3d8kaxzOltlImP8VgBG5ep2FJH5kZ2biTtQRiHxXjUI FCw+hR5mNKauTGiUKfwc4BVswD0QMa3ncDONtKmOcyirpEZDEapTk5Un1bKZ7pso ZrmhcdhLO8BuK0EKyK4IoTiysyA43CJ+4Uu7MK8X8weJR74FyTKGBmg/5OqAypk+ QSc1BcEDv9JMH7tPI1Fcb412jGc0B9y/zMdQDcpSXp9Aw4CKl9bhJXY60GnjcxOH LgyxvMq/UZnoYRAFGRxX =//Bk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. -
Re: Dynamically Create Subdomains - Tomcat 7x
> I need something like, > > My main landing page www.mysite.com > > Subdomains I am looking for > > myfeature1.mysite.com > > myfeature2.mysite.com > > myfeature3.mysite.com > > etc > > myfeature is a cookie value which comes from www.mysite.com(this is > landing page which drops myfeature cookie).. > > - Kiran so if you map *.mysite.com DNS name to a single server, it can do all of that. You are asking a very generic high level question, without providing details of what you have tried, and what isn't working. Hence you really need to open up more and explain. Can a single site handle all of these "features" or do you need isolation between them? Is this a "how can I setup DNS?" or a "how can I setup websesrvers against host names?" kind of question. It really is worded very openly so people will be hard pushed to help Chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat client certificate based authorization
Dear Christoph, thanks, I guess that was the right hint. I now implemented a custom X509UsernameRetriever, created a jar and placed it in $CATALINA_HOME/lib. *** import java.security.cert.X509Certificate; public class X509UsernameRetrieverClass implements org.apache.catalina.realm.X509UsernameRetriever { @Override public String getUsername(X509Certificate cert) { //String name = cert.getSubjectDN().getName(); String name = String.valueOf(cert.getSerialNumber()); return name; } } *** Then I changed the realm configuration in $CATALINA_HOME/conf/server.xml *** X509UsernameRetrieverClassName="xx.xx.xx.X509UsernameRetrieverClass" /> *** When starting Tomcat I get a ClassNotFoundException for my custom class. According to the Class Loader Documentation the Common Loader should load all jars in the lib folder. Is there something else I need to pack into the jar for Tomcat to load the class? kind regards Am 03.09.2015 23:44 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Juls, On 9/3/15 9:41 AM, juls wrote: I need to restrict users to access different resources based on attributes of their client certificate. I found this tutorial which describes the basic idea: http://krishnasblog.com/2012/12/01/enabling-client-cert-based-authoriz ation-on-tomcat/ Apart from not beeing able the get it working as described in the tutorial my question is whether it is possible to use different attributes than just the subject DN. I am thinking of certificate serial number and/or authority key identifier/subject key identifier. While the SubjectDN is the default "username" obtained from the certificate, you can use something else instead. Take a look a the configuration guide and especially at the "X509UsernameRetrieverClassName" attribute for that configuration. http://tomcat.apache.org/tomcat-8.0-doc/config/realm.html You can write a class that uses whatever field (or mixture of fields) you want to identify the user. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6L9TAAoJEBzwKT+lPKRYPsoP/iAT/1gLy64gZzfsFCt1fNP0 hAtArWqJCAUiyIz6V/DrZSI2Okh501777Kx/kbZWBH1Sg9qb6hrfjSU7NLYeky0+ rmKlO0voAXlFwL7un7OWp4VebSw1gLxS6Qz966KodnOcDuMKfFwSD7WcZ6BOsyop W1T/9pO9JBHy3G9/VB+Qgx61Ufr++ZEA5g3MhygPczivopU8JriL7WRa8SH0qvQX mAVIBwGmcgNuATXlKFW5wycf1gjV9NbOr6wF5r342x8JL12Afz+UX12nVo7rFyfN hJyYzlZp/6KUJKuMVQFx5FrGnpJr5JhKlXeK4CpRT2nf8e1baHrc3f6oxAJHN4QF QJKNckA7Qucv7NybGzFXtIYD6JoCjE+JqokEvxaE0q4w9OwpJq++yr0Ypa6R0eFm +wrdx6HhCPNaiA7GsYTrFtUrLGA1fDmjAZhqvEImtUHpngR+3ZsUOhr/WKzxESLP fXFrF76s2tbzfO5u0JglW91xYm2EyKO7+2MCZocJBhtu7eCdnpigh+rHcKSeVSG1 +2YeHG0/ahRfJgeb/fTwcFH9FeiYnhIMhqYtUmrNtA0ck2nZy2O65ZresB3orMg1 tD2cUsR1R9P9iu8RGfrgDsOGk1/pwTzPCwgTkEoJxMkDxGMybLdn6W8aat8Kmxt4 /63mA5DBXX8xfCKZ/X2K =hCnD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Dynamically Create Subdomains - Tomcat 7x
Let me try again Chris, I have this site www.mysite.com ready with some x amount of features in it Now I need to customize this site based on regions,states, and cities.I will most likely go with cities. So I need my main site to redirect to city1.mysite.com etc based on cookie value which I create on mysite.com(This is landing page) what i need is similar to as what www.blogger.com or craiglist does.Ex http://www.quikr.com/all-cities,https://geo.craigslist.org/iso/us when we add a blog, it creates user.blogger.com and for another user, it creates user1.blogger.com I am looking something similar ? Can this be done with just tomcat or I need to front end tomcat with apache ? Is it required to spend extra money on DNS or creating different folder/subdirectory for each region ? I have a single war file, and I intent to do this isolation service layer/DB layer. Does this make sense ? I know its high level generic ask,but I really need some direction. Maybe I am again vague,but I hope examples will give some direction as what I am looking for. - Kiran On Fri, Sep 4, 2015 at 9:03 AM, chris derhamwrote: > > I need something like, > > > > My main landing page www.mysite.com > > > > Subdomains I am looking for > > > > myfeature1.mysite.com > > > > myfeature2.mysite.com > > > > myfeature3.mysite.com > > > > etc > > > > myfeature is a cookie value which comes from www.mysite.com(this is > > landing page which drops myfeature cookie).. > > > > - Kiran > > so if you map *.mysite.com DNS name to a single server, it can do all of > that. > > You are asking a very generic high level question, without providing > details of what you have tried, and what isn't working. Hence you > really need to open up more and explain. Can a single site handle all > of these "features" or do you need isolation between them? Is this a > "how can I setup DNS?" or a "how can I setup websesrvers against host > names?" kind of question. It really is worded very openly so people > will be hard pushed to help > > Chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Multiple JSESSIONID cookies being presented.
Hi folks, I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but I'm also seeing this on Windows (version doesn't matter), with Tomcat 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java 7U51. I have 2 contexts installed in Tomcat, one is ROOT, the other APP2. Both contexts start off at a login screen unique to the context and provided by it (not using container auth). When I connect to ROOT, no problem, but when I connect to APP2, I get 2 JSESSIONID cookies, one with the path "/" and the other with the path "/APP2/". On the Windows implementations, we are not seeing a problem, at least not one being reported. On the Linux implementation, the end user will occasionally get immediately kicked out with an invalid session immediately after providing credentials. The access logs show a single jsessionid=xxx being provided on the POST URL. Amazingly, sometimes that goes through and lets the user login, so my theory is that the browser is sometimes picking the wrong path. (Also, theory, the "/" cookie is being generated by a request for "/favicon.ico" just before the request for the login page.) So my question is: Is there anything I can do from a configuration perspective to get it to NOT send the "/" cookie for APP2? Deployment details: Linux is being fronted by an HaProxy server, but the traffic appears to be staying on one host. Server.xml is essentially the basic one provided with install. Port # and access log information is modified and has RemoteIpValve setup so we can log the end user's IP. Apps are deployed as war files with static context.xml files in Catalina/localhost. Those files all look like: War files do get exploded. I can't find anything in the web.xml files that have anything to do with cookies. Any help here would be appreciated. Jeffrey Janner
Re: Tomcat client certificate based authorization
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Juls, On 9/4/15 10:01 AM, juls wrote: > thanks, I guess that was the right hint. I hope so! > I now implemented a custom X509UsernameRetriever, created a jar > and placed it in $CATALINA_HOME/lib. > > import java.security.cert.X509Certificate; > > public class X509UsernameRetrieverClass implements > org.apache.catalina.realm.X509UsernameRetriever { > > @Override public String getUsername(X509Certificate cert) { > //String name = cert.getSubjectDN().getName(); String name = > String.valueOf(cert.getSerialNumber()); return name; } } > > Then I changed the realm configuration in > $CATALINA_HOME/conf/server.xml > > X509UsernameRetrieverClassName="xx.xx.xx.X509UsernameRetrieverClass" > /> > > > When starting Tomcat I get a ClassNotFoundException for my custom > class. According to the Class Loader Documentation the Common > Loader should load all jars in the lib folder. Correct. > Is there something else I need to pack into the jar for Tomcat to > load the class? You shouldn't need anything else. Can you show the output of: $ unzip -v lib/your-jar.jar ? Also, what's the full stack trace of the CNFE? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6dZwAAoJEBzwKT+lPKRYEgkQAJe5hI+5XF+9ty11l/XKNrSR ypXeGSAOaeGMcjuUrWc+NUJdzPrd3riQ/98VssjKJMG8i4NmAvX4XczibzL2M3xp 3O5V1ywPaKY4piuTs1LDxqqL8s2j1qmDojkZe3oIslr0sVL1XlHthlGV+vfPobIX ARa0FuLBqrhxtaYUxa7qnudBjslvyixpuWQMQnk6uU573+L7Ngyz9SWn2QXDBxag P9QYHWQnYhiANlZ4CNHpWP+RLm1uRIJ8qry/5CyKgPZCeVMKtxoXF4LBu4UBdtKn gTyDpBVmy1VQM6i3yDWEFMob8N1Rw1FWkriR2Ve+E36QN9nNj93jeaSKvWF1ByGj yn/msEitIG5MWLwRySlJpR6h45zY5FojU42vFMhIN2iDbqMt+f2ReCQziDdyiEcL O71IGjT/UFVAVd00W/BCC15auMKH3c4H6ju21GgLRuYU6qTGC27ZjujTuBjpCGU7 KoWFsn/+skW+DqyRjZ+BYqf7NH5sseXfWfw8rpKh3S+M5qqR7BSB4rYtUQFbkhuv r9movEctAn/ZxCRpHGSjfJMLGf4ywtfdl1ZjQuCzN2F89p+tGTjFIRBp7E9YwiuQ 6JEyXVpBeyll4P1lnq/E7aiYaY+DDhjJumjhPmn86sYOqLR8EAEYUyJ7/nX8Ii2S FOF/0sEIwLzucd6f7hUE =dq03 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Dynamically Create Subdomains - Tomcat 7x
Thanks Chris, I have running tomcat with mysite hosted on it.I am trying to extend it and get some extra mileage from my app. I think I can go with hostname approach and see how it goes. I have another query for which I will open another discussion. Thanks everyone. - Kiran On Fri, Sep 4, 2015 at 1:49 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Kiran, > > On 9/4/15 12:25 PM, Kiran Badi wrote: > > Let me try again Chris, I have this site www.mysite.com ready with > > some x amount of features in it > > > > Now I need to customize this site based on regions,states, and > > cities.I will most likely go with cities. > > > > So I need my main site to redirect to city1.mysite.com etc > > based on cookie value which I create on mysite.com(This is landing > > page) > > > > > > > > what i need is similar to as what www.blogger.com or craiglist > > does.Ex > > http://www.quikr.com/all-cities,https://geo.craigslist.org/iso/us > > > > when we add a blog, it creates user.blogger.com and for another > > user, it creates user1.blogger.com > > > > I am looking something similar ? > > > > Can this be done with just tomcat or I need to front end tomcat > > with apache ? > > > > Is it required to spend extra money on DNS or creating different > > folder/subdirectory for each region ? > > > > I have a single war file, and I intent to do this isolation > > service layer/DB layer. > > > > Does this make sense ? > > > > I know its high level generic ask,but I really need some direction. > > Maybe I am again vague,but I hope examples will give some direction > > as what I am looking for. > > I agree with Chris Derham: if you have DNS set up to send *.mysite.com > to your service, then all of those requests will go to your Tomcat > server; it's up to you to decide what to do at that point. > > You *could* add an (programmatically) for every single prefix > you might think of to auto-generate, OR you could just use the default > host for everything and then detect the hostname the user is using in > order to customize some part of your application. > > I wouldn't bother trying to modify the configuration of the running > Tomcat... instead, I'd just use the hostname to decide what to do once > inside the application. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJV6dm/AAoJEBzwKT+lPKRYRkwQAJab8C/me3Uc46+w/8mSy+sH > E25uNcbG5Inkz3X4cFOsjjPMbgPzMBFCY2rGaguO9nAfAt17gfAFyxwWoa+tI/HW > i0US92kJwmlHWCTMgJKGBKQl7ca6BgwffzSvJuyfbdHHbLPeWH4CdgXSHCpgoX/8 > +gdi7Fawnq2elxvC2/xtWLSHfFBW7HkbJ6zKAD/U+zJPd2wh410sB0rZtm4yuFdt > KYKAhOw1lzQ2zTKM2L7PWSLKjYfBtP08Mdi09f5u22yqGG7S63YOUkHZZXfg3+ui > SowpRSuYe8KIfP+wgJxFxspyQ4xYVltaXeitZTgV1TWV760cGx3qbTYuAG6muf5e > xd+QheLD2hWnbRRqLhplJAvlxKgKA8FmqZ8iFR3h9WNiXLePXpEYZlZpNWOSOaQE > ju7lhP9BsNOWPidPv39i3YuOopnk5wyGaRivBwkgNLEzGwxmXkCEePnDf1kWumYQ > 8T6l2OjSw7owkMtDJI97DPs8jSUIYJMCPbxR+PlNXiMs2SzZV+KIiLYPVNwU+IMe > AjHYIOtgmH5G1nivu5tupjDutO4OY2gu66QDi7SzSFpZ0XvXAbml7asU3dwlppoq > RldOZ01zEI8Z6yu0RRlxer1jPaDExZBkGIxin2ILdpxd562yWOUFbGYgBpdOjhI1 > ldoTCter5Kxa0U6CaS1l > =USc4 > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Dynamically Create Subdomains - Tomcat 7x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kiran, On 9/4/15 12:25 PM, Kiran Badi wrote: > Let me try again Chris, I have this site www.mysite.com ready with > some x amount of features in it > > Now I need to customize this site based on regions,states, and > cities.I will most likely go with cities. > > So I need my main site to redirect to city1.mysite.com etc > based on cookie value which I create on mysite.com(This is landing > page) > > > > what i need is similar to as what www.blogger.com or craiglist > does.Ex > http://www.quikr.com/all-cities,https://geo.craigslist.org/iso/us > > when we add a blog, it creates user.blogger.com and for another > user, it creates user1.blogger.com > > I am looking something similar ? > > Can this be done with just tomcat or I need to front end tomcat > with apache ? > > Is it required to spend extra money on DNS or creating different > folder/subdirectory for each region ? > > I have a single war file, and I intent to do this isolation > service layer/DB layer. > > Does this make sense ? > > I know its high level generic ask,but I really need some direction. > Maybe I am again vague,but I hope examples will give some direction > as what I am looking for. I agree with Chris Derham: if you have DNS set up to send *.mysite.com to your service, then all of those requests will go to your Tomcat server; it's up to you to decide what to do at that point. You *could* add an (programmatically) for every single prefix you might think of to auto-generate, OR you could just use the default host for everything and then detect the hostname the user is using in order to customize some part of your application. I wouldn't bother trying to modify the configuration of the running Tomcat... instead, I'd just use the hostname to decide what to do once inside the application. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6dm/AAoJEBzwKT+lPKRYRkwQAJab8C/me3Uc46+w/8mSy+sH E25uNcbG5Inkz3X4cFOsjjPMbgPzMBFCY2rGaguO9nAfAt17gfAFyxwWoa+tI/HW i0US92kJwmlHWCTMgJKGBKQl7ca6BgwffzSvJuyfbdHHbLPeWH4CdgXSHCpgoX/8 +gdi7Fawnq2elxvC2/xtWLSHfFBW7HkbJ6zKAD/U+zJPd2wh410sB0rZtm4yuFdt KYKAhOw1lzQ2zTKM2L7PWSLKjYfBtP08Mdi09f5u22yqGG7S63YOUkHZZXfg3+ui SowpRSuYe8KIfP+wgJxFxspyQ4xYVltaXeitZTgV1TWV760cGx3qbTYuAG6muf5e xd+QheLD2hWnbRRqLhplJAvlxKgKA8FmqZ8iFR3h9WNiXLePXpEYZlZpNWOSOaQE ju7lhP9BsNOWPidPv39i3YuOopnk5wyGaRivBwkgNLEzGwxmXkCEePnDf1kWumYQ 8T6l2OjSw7owkMtDJI97DPs8jSUIYJMCPbxR+PlNXiMs2SzZV+KIiLYPVNwU+IMe AjHYIOtgmH5G1nivu5tupjDutO4OY2gu66QDi7SzSFpZ0XvXAbml7asU3dwlppoq RldOZ01zEI8Z6yu0RRlxer1jPaDExZBkGIxin2ILdpxd562yWOUFbGYgBpdOjhI1 ldoTCter5Kxa0U6CaS1l =USc4 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 Session Timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/4/15 6:14 AM, theo.swe...@avios.com wrote: > Hi Chris - the servlet spec states "If the time out is 0 or less, > the container ensures the default behavior of sessions is never to > time out." > > Currently the timeout value is set to 2 minutes. > > However the problem is persisting - the environment is using > Jersery Servlet 1.3 for REST. > > If we look inside web service stats - > > Longest session alive time: 183 s / Processing time: 625 ms Longest > session alive time: 207 s / Processing time: 232 ms > > The current session timeout is set to 120 seconds, so neither of > these above session times make any sense, unless a dependency is > hanging? Remember that the session timeout is not session age. If you have a process which is touching the session more often than every 2 minutes or so, then the session will live indefinitely. Is the background processing thread still running? If it dies, your sessions will never time out. Also, the background processing thread is the thread that reaps old sessions... if you have the background processor thread set to run infrequently, you'll see the behavior you describe. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6dciAAoJEBzwKT+lPKRYyogP+wfP5lNV8SxFTNDmiwLYxG/9 GnUxSQN8rQmWI6r1pl4UpWU+WFoUtL2BCTfnUuH2qP6Pg0KWn46P4Lon5XnThEqk 4mnHNCe4NYdGlw4rvVYgdy4zTP62hFvSm3ECb/QkZ1gcO1f8w4+0wqZh5k1g+0PQ HkOg9SYSHRAUUKtG2YBPZWbEMnjKnkQKeKO3WjNBDLTbEU9mMyyJgZCsJCC4fmZa sJN8yFW7JcG0jhhsEoBzYznT1dLxNliNs9kMiINoS1wWmIjHLHnHvaTDqDCE4Npd VQh/ZrI7paRdVI4wOJ299CuZ4cpB9lxWEKi4vQAP5Jg/EgZrACrmZFnPMJG5np/v lR2g+KCNxIvIpIlaGLbUOn4Ah0QMrfPEDFsLXHlYjfixdIrDjugbqdNnVYRvSOSt LsR+xZcPOJ/ZiJCnD+2MK8dy8QYgq62oW8xpvald58x/gUk/uR8IuwdvswTIUVTV +5k2YUcL+xcH1uEKHyMK3KCjty8aC+Rq+oEpkJjyFKJA1K0x161PIAdFq8P50VLn rcJUjxTIcMP7hgg3BCQzdXH5qucVnFTlHNwKrX4MoT9LsGiraTOqhRt5EJLWBy+/ oYg3k/Vgkm2HzmRBuMGydv8RMNCq2hZaEXWDKoMtWRRvmYTOKcNC4nUiE/V8Dbr0 KaYwkgTvycLJzzohkMIn =9riB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Multiple JSESSIONID cookies being presented.
> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 12:46 PM > To: Tomcat Users List> Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Jeffrey, > > On 9/4/15 12:37 PM, Jeffrey Janner wrote: > > I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but I'm > > also seeing this on Windows (version doesn't matter), with Tomcat > > 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java 7U51. > > > > I have 2 contexts installed in Tomcat, one is ROOT, the other > > APP2. Both contexts start off at a login screen unique to the > > context and provided by it (not using container auth). > > > > When I connect to ROOT, no problem, but when I connect to APP2, I > > get 2 JSESSIONID cookies, one with the path "/" and the other with > > the path "/APP2/". > > I would expect this behavior: you have one ROOT app (cookie path=/) > and one APP2 app (cookie path=/APP2). Your browser will send both > cookies to /APP2 because / is a prefix of /APP2. > > > On the Windows implementations, we are not seeing a problem, at > > least not one being reported. > > > > On the Linux implementation, the end user will occasionally get > > immediately kicked out with an invalid session immediately after > > providing credentials. The access logs show a single > > jsessionid=xxx being provided on the POST URL. > > The POST to j_security_check? > No > Are you using request.encodeURL() to build the action URL, or > are you building it manually? > EncodeUrl. And a check of a couple of sites, both linux and windows, shows that the jsessionid is being added to the action by EncodeUrl, regardless of cookie settings. So far, it is always the APP2 sessionID. > I believe Tomcat prefers the Cookie-based session id to anything > coming-in from the URL, and I do know it will search all JSESSIONID > cookies for any that match a valid session (not just the first one) in > the current application. So logging-in should ... always work. > > > Amazingly, sometimes that goes through and lets the user login, so > > my theory is that the browser is sometimes picking the wrong path. > > (Also, theory, the "/" cookie is being generated by a request for > > "/favicon.ico" just before the request for the login page.) > > You should make sure that anything that doesn't require authentication > specifically mentions that in web.xml, otherwise you'll get weird > things happening like that. > We don't actually use Tomcat container authentication at all. > > So my question is: Is there anything I can do from a > > configuration perspective to get it to NOT send the "/" cookie for > > APP2? > > Not really... other than changing from ROOT to APP1 or whatever. > Overlapping URL spaces for applications leads to tears. > I could do that, though we'd like to keep it so that if no context is specified we still go to APP1, so the user's don't have to change all of their bookmarks. Perhaps with a redirect? > > Deployment details: > > I think there's nothing in here that would change anything. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJV6di6AAoJEBzwKT+lPKRY77QQAKzjMEDTVHYzqeFfhS9F9XUO > qrIwlcXlxolclLO2CYaBNoYgcPm1CM8UPMc88s3ysmjLU37dohR8rd1Ukkyp9hdG > 0hRV7siKip3t2sj/EDBmslJOKyShlURAqLne14MkQaVvYz/i985MUDrRnlx9zujf > VjR5T0SV+M20ZOXoMN8S1ME09GMJktRajSs5T8rllwvMg+YtdmTo+hWfuerJNrj0 > yRBVFkAVs1UOH64RvHud+M3lYleb2UrrE/ZxofDihBcmipKWNEV6W/fu/7uEQVLc > Hysc6CDh90L7xmoV8ndR6QoqNr4gX04mghRaU+PZiB6uPuPgYpJDaJ1wDITOrFnf > BVkXYRh1KICMzSyW1T2K8ZU+NkG4dp0RVI++IzjOuDy+i/EJ9opnNyRols8NkC0w > QLOueV6EbWZFbo9tZxJmaRS7Y7RObcbg/uk5JE9trK4KGcB/MtJQXWhk4Su5ZokS > 5+knrgBbWbPcgH5x/1ten/BGkndp28C85FDci0AgsAFCbmim7KuuSL1oRRtLM5kw > WNOeWpJzOQ3FAHV6TqPWLiAclo9/1gTMJZKQtxH+sW5OWYEa/9Ch2ZCArewy5Z+m > KaNMfnXBrXlL9MGYyIQKiFVRUCyn/cyKKAlj9nLVbIBIsHeslCE7zq8zE15EOHVn > 7v5mbzif9Ira1ZGLFBjC > =5N0l > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
doDelete Servlet
Hi , I have CRUD Multipart request and I have implemented it correctly works fine at my local host. I have upload upload pdf and tiff files, all this implemented via ajax call using onchange handler on file input multiple tag. The challenge I am having is that doDelete just deletes the file with the request on server, but their is no protection. How do I protect doDelete call from getting misused ? Is their something in Tomcat I can use to protect doDelete vals from getting misused ? - Kiran
Re: doDelete Servlet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kiran, On 9/4/15 3:19 PM, Kiran Badi wrote: > I have CRUD Multipart request and I have implemented it correctly > works fine at my local host. > > I have upload upload pdf and tiff files, all this implemented via > ajax call using onchange handler on file input multiple tag. > > The challenge I am having is that doDelete just deletes the file > with the request on server, but their is no protection. > > How do I protect doDelete call from getting misused ? > > Is their something in Tomcat I can use to protect doDelete vals > from getting misused ? How do you do user authentication and authorization? The doDelete method should be protected by default if you have enabled container-managed authentication and authorization. Also, the default doDelete method should be a no-op and therefore safe. If you have implemented your own doDelete method, you can use whatever safety-checks you with in order to prevent misuse. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6fSSAAoJEBzwKT+lPKRYa60QAJMiKXcobGQ0RK/7e515DKEz DEa34PrMGaiLvrFlw0Y9UwiS3wnUl1isRXycTTuIVFGr6uFUkRvWFcT7d1QM0s2M mm3kIEPbtMQR54Exr0r9zGE1Ds+wWzPz12s/F4B3Wt1WKdqaobPLMTucD1Mvha/M uAOFUBCGNhH7hQnu2w0Vcj9vNoEQnezSrgj8DtovxOT/lfDugJ6P3ToJEIG/tlEn m3qMEkeIqZvGP+fRYHdAxNYoSrOJ3EDvKMxjIOFHWzHNZ/eVBQCn7qg8TaiOPf4f h7q6bS2p0XZzzyXG9vamaMDepVCffXAfiC7Me6gDuPWd+J7/iabAgd8r1qhbKW4B RbzTXKQ7yETYxqIVg3wzTUsCKJ8w/mzmKBz7VierYvrWOI0fu/14MbynZUSySnuq 8fr+tTmAmQddJ34vmiCBfYhhYGBQgNXQM/cL5wS5gpdUufnA5Lzr93rJFEBcAajF DLiOYEkfm+I8XPxP8ih25wceMvdf+y7NCBRu6c6zPb+/aCrjZEMyofS7+b92gK8B AuwK3o2Xhb/vU/NThJXGW/vbzkCQTMJpZuePSP6yMpSjkPuTb7mysKIfqFsmC3dW 6ctigwiYJYkK3xzP8RV4pdNGJTdjxMnWtvx0cDYQ1Zee+55UhJXp5LvKvwTeB8b1 D45cr+g1BxpWZxe4r0Wx =wWvm -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple JSESSIONID cookies being presented.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 9/4/15 3:31 PM, Jeffrey Janner wrote: >> -Original Message- From: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Sent: Friday, September 04, >> 2015 12:46 PM To: Tomcat Users List>> Subject: Re: Multiple JSESSIONID cookies being presented. >> > Jeffrey, > > On 9/4/15 12:37 PM, Jeffrey Janner wrote: I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but I'm also seeing this on Windows (version doesn't matter), with Tomcat 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java 7U51. I have 2 contexts installed in Tomcat, one is ROOT, the other APP2. Both contexts start off at a login screen unique to the context and provided by it (not using container auth). When I connect to ROOT, no problem, but when I connect to APP2, I get 2 JSESSIONID cookies, one with the path "/" and the other with the path "/APP2/". > > I would expect this behavior: you have one ROOT app (cookie > path=/) and one APP2 app (cookie path=/APP2). Your browser will > send both cookies to /APP2 because / is a prefix of /APP2. > On the Windows implementations, we are not seeing a problem, at least not one being reported. On the Linux implementation, the end user will occasionally get immediately kicked out with an invalid session immediately after providing credentials. The access logs show a single jsessionid=xxx being provided on the POST URL. > > The POST to j_security_check? > >> No So... where does the POST go? > Are you using request.encodeURL() to build the action URL, > or are you building it manually? > >> EncodeUrl. And a check of a couple of sites, both linux and >> windows, shows that the jsessionid is being added to the action >> by EncodeUrl, regardless of cookie settings. So far, it is always >> the APP2 sessionID. I'm not surprised that the session id is being added to the URL regardless of cookie settings, because at that point, Tomcat might not know for sure if the client can support cookies. (I'm sure there are cases where it's obvious that cookies are in fact supported, but Tomcat is not detecting it.) I'm surprised that Tomcat would use the "wrong" session id for URL-rewriting when presenting the login screen. Are you saying that, when showing the login page for /APP2, Tomcat will: a. Place a session identifier in the URL with value X b. Return a Set-Cookie response header for JSESSIONID with value Y Where X != Y? > I believe Tomcat prefers the Cookie-based session id to anything > coming-in from the URL, and I do know it will search all > JSESSIONID cookies for any that match a valid session (not just the > first one) in the current application. So logging-in should ... > always work. > Amazingly, sometimes that goes through and lets the user login, so my theory is that the browser is sometimes picking the wrong path. (Also, theory, the "/" cookie is being generated by a request for "/favicon.ico" just before the request for the login page.) > > You should make sure that anything that doesn't require > authentication specifically mentions that in web.xml, otherwise > you'll get weird things happening like that. > >> We don't actually use Tomcat container authentication at all. Okay, that's good information to have. But you do use Tomcat's session-tracking mechanisms, right? So my question is: Is there anything I can do from a configuration perspective to get it to NOT send the "/" cookie for APP2? > > Not really... other than changing from ROOT to APP1 or whatever. > Overlapping URL spaces for applications leads to tears. > >> I could do that, though we'd like to keep it so that if no >> context is specified we still go to APP1, so the user's don't >> have to change all of their bookmarks. Perhaps with a redirect? That kind of thing is tough to do, but possible. Something like this: # Ignore requests to /APP1 RewriteCond %{REQUEST_URI} ^/APP1 RewriteRule .* - [L] # Ignore requests to /APP2 RewriteCond %{REQUEST_URI} ^/APP2 RewriteRule .* - [L] # Re-write other requests RewriteRule (.*) /APP1\1 [R,L] Be very careful with the above: it's completely untested and can put your clients into a redirect loop if you aren't careful and test all cases. Also, the [R] flag will do odd things with POST requests, so either make sure nobody POSTs to one of those URLs or expand the configuration to properly-handle POSTs. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6fcrAAoJEBzwKT+lPKRY38QP/26NhBIE6C9QodiEfzrWpH2O 7oPAIvCNjBb2uDD/gZI6QEMR7es0FHfk/8N0/DsS6PJTO8UIOQP4QBrorviUxBQv Xowwv2rBIfARfYXYUdTAzZemnqYLDAV7eTZVYvnGvXvIpb5C7hInq3TTmMC7KKwh swB2TauBNiLbHRI2TITq51+1c6CBJAp8/sCAA4i/TBkUPJFxareuyhmKNOJKhikK bmQcbe30jkz/G9uRaft1byS/JCJot84qiuDBuW/N2y3xMZDOW/nvKUyzhaC+YrC+
RE: Multiple JSESSIONID cookies being presented.
> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 2:55 PM > To: Tomcat Users List> Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Jeffrey, > > On 9/4/15 3:31 PM, Jeffrey Janner wrote: > >> -Original Message- From: Christopher Schultz > >> [mailto:ch...@christopherschultz.net] Sent: Friday, September 04, > >> 2015 12:46 PM To: Tomcat Users List > >> Subject: Re: Multiple JSESSIONID cookies being presented. > >> > > Jeffrey, > > > > On 9/4/15 12:37 PM, Jeffrey Janner wrote: > I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but > I'm also seeing this on Windows (version doesn't matter), > with Tomcat 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java > 7U51. > > I have 2 contexts installed in Tomcat, one is ROOT, the > other APP2. Both contexts start off at a login screen unique > to the context and provided by it (not using container > auth). > > When I connect to ROOT, no problem, but when I connect to > APP2, I get 2 JSESSIONID cookies, one with the path "/" and > the other with the path "/APP2/". > > > > I would expect this behavior: you have one ROOT app (cookie > > path=/) and one APP2 app (cookie path=/APP2). Your browser will > > send both cookies to /APP2 because / is a prefix of /APP2. > > > On the Windows implementations, we are not seeing a problem, > at least not one being reported. > > On the Linux implementation, the end user will occasionally > get immediately kicked out with an invalid session > immediately after providing credentials. The access logs show > a single jsessionid=xxx being provided on the POST URL. > > > > The POST to j_security_check? > > > >> No > > So... where does the POST go? Direct to back-end processing in the app (as far as I know). > > > Are you using request.encodeURL() to build the action URL, > > or are you building it manually? > > > >> EncodeUrl. And a check of a couple of sites, both linux and > >> windows, shows that the jsessionid is being added to the action > >> by EncodeUrl, regardless of cookie settings. So far, it is always > >> the APP2 sessionID. > > I'm not surprised that the session id is being added to the URL > regardless of cookie settings, because at that point, Tomcat might not > know for sure if the client can support cookies. (I'm sure there are > cases where it's obvious that cookies are in fact supported, but > Tomcat is not detecting it.) > That actually makes sense. > I'm surprised that Tomcat would use the "wrong" session id for > URL-rewriting when presenting the login screen. Are you saying that, > when showing the login page for /APP2, Tomcat will: > > a. Place a session identifier in the URL with value X > b. Return a Set-Cookie response header for JSESSIONID with value Y > > Where X != Y? So far, it looks like it is maintaining an X=Y philosophy. So that's a non-starter. > > > I believe Tomcat prefers the Cookie-based session id to anything > > coming-in from the URL, and I do know it will search all > > JSESSIONID cookies for any that match a valid session (not just the > > first one) in the current application. So logging-in should ... > > always work. > > > Amazingly, sometimes that goes through and lets the user > login, so my theory is that the browser is sometimes picking > the wrong path. (Also, theory, the "/" cookie is being > generated by a request for "/favicon.ico" just before the > request for the login page.) > > > > You should make sure that anything that doesn't require > > authentication specifically mentions that in web.xml, otherwise > > you'll get weird things happening like that. > > > >> We don't actually use Tomcat container authentication at all. > > Okay, that's good information to have. But you do use Tomcat's > session-tracking mechanisms, right? > Yes, and the problem only rears its ugly head on a successful login (app expires old cookie, creates a new one). User never even sees a new page, just an app-generated "session expired" error. Trying to see things in access logs, but nothing there I can see. > So my question is: Is there anything I can do from a > configuration perspective to get it to NOT send the "/" > cookie for APP2? > > > > Not really... other than changing from ROOT to APP1 or whatever. > > Overlapping URL spaces for applications leads to tears. > > > >> I could do that, though we'd like to keep it so that if no > >> context is specified we still go to APP1, so the user's don't > >> have to change all of their bookmarks. Perhaps with a redirect? > > That kind of thing is tough to do, but possible. Something like this: > > # Ignore requests to /APP1 > RewriteCond %{REQUEST_URI} ^/APP1 > RewriteRule .* - [L] > > #
RE: seeking help with stabilizing the persistence of a JSESSIONID
> Are you using AJP or HTTP as your proxy protocol? If AJP, are you > using tomcatAuthentication="false" on your ? I'm not > exactly sure what happens when you do that... you might get a > NonLoginAuthenticator. in our Vhost file, we have this: ProxyPass ajp://127.0.0.1:8009/xmlui retry=1 keepalive=on ProxyPassReverse ajp://127.0.0.1:8009/xmlui ShibUseHeaders On SetEnv proxy-sendchunked 1 in our server.xml file, we have this: So, we're using tomcatAuthentication="false" I will try your suggestion of using NonLoginAuthenticator and see what I get. If it doesn't work, I'll try your suggestion of setting a breakpoint and using a debugger to look at the stack. --Hardy From: Christopher Schultz [ch...@christopherschultz.net] Sent: Thursday, September 03, 2015 4:31 PM To: Tomcat Users List Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote: >> Are you actually using HTTP Basic authentication? You may be >> configuring the wrong authenticator. (I know nothing about >> Shibboleth) > > I'm using Apache HTTPD as a front-end (via mod_proxy) for Tomcat, > since Shibboleth works (mostly) with Apache HTTPD. So, the > authentication happens on the HTTPD side. Are you using AJP or HTTP as your proxy protocol? If AJP, are you using tomcatAuthentication="false" on your ? I'm not exactly sure what happens when you do that... you might get a NonLoginAuthenticator. You could cause any error to occur in your application and then look at the stack trace to find out what kind of authenticator you got (the Valve will be in the stack trace). - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6Lw8AAoJEBzwKT+lPKRYw44QAKJO9pb/0iH1JtQPO1MmRAdE /NbcpF6wKZ1xnDOE41JmP1rf8KymoO0pv0CNKgdrQdFyFCARQMasEN6ujcW/KTpR A3N1zdSnAeM/rW7yoh6JqBjJ14+sw65Ve5lZXVuxebJFXvLZePtTMzxV6Obgx4Tm or+FXM7z7Kl1KsPv0ghYb65/iScpg5Dyi0o+WsOReZjkAivG1Sz0Oz7vHofN/nb+ SpvJD5g8mdQ630Creszmo4vlAUHS6ndvxKdR1xJVCCNwVFKqnAelKa1VUiWRZmb8 529fEh/KHU/GHr1gJ/WXfV5AQXJtMmgGVq+s7jfiyqfHK4b8zmiRgnmJf2M+ItAP QVCIAhKFmA5BXsulcFoZXXduaBEGjtttD7pfOMcglH5kjm5HN0/0O7PoHKce815U JHGSoqnsxjmxNa/s6X2CoTpBYdE2k8sGsr0CqWCMOvn++U9SrXW/l7ppi3TXqW5y I4mlEvfgVG65/Oz2vxmTznTXSXiz+TBf8bcYQf1azKo7wJymxdN7k2qeNuuC7Tp1 p8pUPTF7LQ3u++z02esIP4+BVG6gwjh2Pvj/ghtlGu2wtZVmuSC1L5BvnV6+utgn ybFrSXJvnxgeC1opUQyn9wQlDibH46MC6WLFWPwkgexKWUk2c5pOAQUn599EMKSn UmrliKbkSJw81JWylVcc =7pMV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple JSESSIONID cookies being presented.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 9/4/15 12:37 PM, Jeffrey Janner wrote: > I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but I'm > also seeing this on Windows (version doesn't matter), with Tomcat > 7.0.57 and Java 7u71, and Tomcat 6.0.43 and Java 7U51. > > I have 2 contexts installed in Tomcat, one is ROOT, the other > APP2. Both contexts start off at a login screen unique to the > context and provided by it (not using container auth). > > When I connect to ROOT, no problem, but when I connect to APP2, I > get 2 JSESSIONID cookies, one with the path "/" and the other with > the path "/APP2/". I would expect this behavior: you have one ROOT app (cookie path=/) and one APP2 app (cookie path=/APP2). Your browser will send both cookies to /APP2 because / is a prefix of /APP2. > On the Windows implementations, we are not seeing a problem, at > least not one being reported. > > On the Linux implementation, the end user will occasionally get > immediately kicked out with an invalid session immediately after > providing credentials. The access logs show a single > jsessionid=xxx being provided on the POST URL. The POST to j_security_check? Are you using request.encodeURL() to build the action URL, or are you building it manually? I believe Tomcat prefers the Cookie-based session id to anything coming-in from the URL, and I do know it will search all JSESSIONID cookies for any that match a valid session (not just the first one) in the current application. So logging-in should ... always work. > Amazingly, sometimes that goes through and lets the user login, so > my theory is that the browser is sometimes picking the wrong path. > (Also, theory, the "/" cookie is being generated by a request for > "/favicon.ico" just before the request for the login page.) You should make sure that anything that doesn't require authentication specifically mentions that in web.xml, otherwise you'll get weird things happening like that. > So my question is: Is there anything I can do from a > configuration perspective to get it to NOT send the "/" cookie for > APP2? Not really... other than changing from ROOT to APP1 or whatever. Overlapping URL spaces for applications leads to tears. > Deployment details: I think there's nothing in here that would change anything. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6di6AAoJEBzwKT+lPKRY77QQAKzjMEDTVHYzqeFfhS9F9XUO qrIwlcXlxolclLO2CYaBNoYgcPm1CM8UPMc88s3ysmjLU37dohR8rd1Ukkyp9hdG 0hRV7siKip3t2sj/EDBmslJOKyShlURAqLne14MkQaVvYz/i985MUDrRnlx9zujf VjR5T0SV+M20ZOXoMN8S1ME09GMJktRajSs5T8rllwvMg+YtdmTo+hWfuerJNrj0 yRBVFkAVs1UOH64RvHud+M3lYleb2UrrE/ZxofDihBcmipKWNEV6W/fu/7uEQVLc Hysc6CDh90L7xmoV8ndR6QoqNr4gX04mghRaU+PZiB6uPuPgYpJDaJ1wDITOrFnf BVkXYRh1KICMzSyW1T2K8ZU+NkG4dp0RVI++IzjOuDy+i/EJ9opnNyRols8NkC0w QLOueV6EbWZFbo9tZxJmaRS7Y7RObcbg/uk5JE9trK4KGcB/MtJQXWhk4Su5ZokS 5+knrgBbWbPcgH5x/1ten/BGkndp28C85FDci0AgsAFCbmim7KuuSL1oRRtLM5kw WNOeWpJzOQ3FAHV6TqPWLiAclo9/1gTMJZKQtxH+sW5OWYEa/9Ch2ZCArewy5Z+m KaNMfnXBrXlL9MGYyIQKiFVRUCyn/cyKKAlj9nLVbIBIsHeslCE7zq8zE15EOHVn 7v5mbzif9Ira1ZGLFBjC =5N0l -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
WebappClassLoaderBase.addTransformer and servlet 3.0
Hi, I've recently been looking at using the class transformer functionality in Tomcat 8.0.26 and came across a subtle interaction with servlet 3.0. I am registering my transformer in a ServletContainerInitializer via InstrumentableClassLoader.addTransformer, but couldn't understand why some classes appeared to not undergo transformation. It turned out they were annotated and were being passed in to another ServletContextInitializer by virtue of it using @HandlesTypes. This meant that the class had already been loaded before I had a chance to register the transformer. I can't think of a nice way around this, but was wondering if there there was any appetite for creating a mechanism to register transformers directly after WebAppClassLoader is set up, perhaps via the ServiceLoader mechanism? Or perhaps there is another way of registering the transformer earlier? Ideally I would like to avoid the javaagent route as it will interfere with other wep apps that are deployed on the same tomcat instance and make deployment less easy. Many thanks, Bryn - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Dynamically Create Subdomains - Tomcat 7x
On 04.09.2015 05:31, Kiran Badi wrote: Hi, I need some help, I need to create subdomains dynamically, Is this possible ? I have a site, www.mymainsite.com on this main site, I drop the zipcode and city cookie and then I forward it to front controller, and it's this front controller which will point it to city subdomain. Can we create subdomains on the fly in tomcat ? Kiran, Can you try to re-phrase your question in terms which people without a crystal ball would understand ? Ce qui se conçoit bien s'énonce clairement - Et les mots pour le dire arrivent aisément. L'Art poétique (1674) Nicolas Boileau-Despréaux - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: seeking help with stabilizing the persistence of a JSESSIONID
On 03.09.2015 23:31, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote: Are you actually using HTTP Basic authentication? You may be configuring the wrong authenticator. (I know nothing about Shibboleth) I'm using Apache HTTPD as a front-end (via mod_proxy) for Tomcat, since Shibboleth works (mostly) with Apache HTTPD. So, the authentication happens on the HTTPD side. Are you using AJP or HTTP as your proxy protocol? If AJP, are you using tomcatAuthentication="false" on your ? I'm not exactly sure what happens when you do that... you might get a NonLoginAuthenticator. You could cause any error to occur in your application and then look at the stack trace to find out what kind of authenticator you got (the Valve will be in the stack trace). I believe there may be some confusion here. The things to find out would be : 1) if *all* accesses to the application, go through httpd first. And if yes, by what mechanism does httpd proxy them to Tomcat ? (choices : mod_proxy_http / mod_proxy_ajp / mod_jk) 2) if yes to the above, then : does httpd do the authentication before proxying these calls to Tomcat ? (because if yes to both above, then the issue looks to be more at the httpd level, than at the Tomcat level) In other words, it may be helpful to paste a copy of the httpd configuration here. (Do not attach it, paste it in (after removing anything irrelevant or confidential); the list strips most attachments). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: WebappClassLoaderBase.addTransformer and servlet 3.0
On 04/09/2015 08:22, Bryn Cooke wrote: > Hi, > I've recently been looking at using the class transformer functionality > in Tomcat 8.0.26 and came across a subtle interaction with servlet 3.0. > I am registering my transformer in a ServletContainerInitializer via > InstrumentableClassLoader.addTransformer, but couldn't understand why > some classes appeared to not undergo transformation. It turned out they > were annotated and were being passed in to another > ServletContextInitializer by virtue of it using @HandlesTypes. This > meant that the class had already been loaded before I had a chance to > register the transformer. > > I can't think of a nice way around this, but was wondering if there > there was any appetite for creating a mechanism to register transformers > directly after WebAppClassLoader is set up, perhaps via the > ServiceLoader mechanism? You aren't the first to hit this problem: https://bz.apache.org/bugzilla/show_bug.cgi?id=58143 > Or perhaps there is another way of registering the transformer earlier? Only if you provide a custom class loader implementation (which is also non-trivial for deployment). > Ideally I would like to avoid the javaagent route as it will interfere > with other wep apps that are deployed on the same tomcat instance and > make deployment less easy. The cleanest way to do this would be to add an option to the Context to list the transformer classes that should be applied. I'd suggest re-opening BZ 58143 as an enhancement, documenting your proposal and adding something to the references Spring issue asking for input from the Spring community. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org