Re: Tomcat 8.5.2 Beta and HTTP/2

[Sven Schleier]

True, you are right. Do you have any suggestion or sample configuration that 
should work you can share, or anyone else?


On 1/6/16, 9:13 PM, "Mark Thomas"  wrote:

>On 01/06/2016 14:07, Sven Schleier wrote:
>> Yes. That’s possible. I am just missing the “HTTP/1.1 101 Switching 
>> Protocols” so it’s not switching to HTTP/2.
>
>You'll only get that if you try to use HTTP/2 over a non-TLS channel.
>
>When using TLS, ALPN is used to negotiate the protocol.
>
>Mark
>
>
>> 
>> 
>> On 1/6/16, 7:04 PM, "Mark Thomas"  wrote:
>> 
>>> On 01/06/2016 03:16, Sven Schleier wrote:
 Hi mailinglist,

 I just want to play around with the new HTTP/2 implementation of Tomcat
 8.5.2 Beta. The tomcat instance is up and running and the h2 support is
 activated, according to the log during startup:

 01-Jun-2016 01:57:52.544 INFO [main]
 org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
 The ["https-openssl-apr-8443"] connector has been configured to support
 negotiation to [h2] via ALPN


 But when I try to connect via nghttp (command line client for HTTP/2),
 it tells me that h2 is not available.

 ➜  apache-tomcat-8.5.2 nghttp -v https://127.0.0.1:8443
 
>>>
>>> Can you connect via https + HTTP/1.1
>>>
>>> Mark
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>> 
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>

AW: AW: How to cancel download on the server side

[Steffen Heil (Mailinglisten)]

> > That's another story.
> > I tried that. And the internet explorer as well as curl report an error, if 
> > the download stops without the ending 0\r\n.
> >
> > But I had to set "Connection: close" and "Transfer-Encoding: chunked" 
> > myself and encode the chunk headers myself.
> > If I leave these two headers out, tomcat managed the transfer-encoding (as 
> > I set no Content-Length header) which I would prefer.
> > However then I find no way to close the connection. If I call "close()" on 
> > the OutputStream tomcat sends 0\r\n.
> > Even if I throw an exception, tomcat "correctly" closes the stream.
> > I did not find any way to close it without that.
> >
> > Is there any way to do so?
> 
> Tomcat version?

8.0.26


Steffen



smime.p7s
Description: S/MIME cryptographic signature

Re: AW: How to cancel download on the server side

[Mark Thomas]

On 01/06/2016 22:27, Steffen Heil (Mailinglisten) wrote:
> Hi
> 
> 
>> I believe that, while the HTTP specification supports what you want to do, 
>> neither servers nor clients support it. For example, you can
>> use "trailers" (headers end the end of the response) to tell the client what 
>> happened, but I suspect that no client will actually read
>> them or act on them.
> 
> I did not even know such things exist.
> A quick google check seems to indicate that you are right: No real client 
> supports them in a way usable for me.
> 
> 
>> You can always force a disconnect by simply closing the response stream. 
>> Usually, the client will either tell the user that the download
>> failed (connection closed before response - or chunk of response - 
>> completed), more likely just shows the user a blank page or saves
>> an incomplete file.
> 
> That's another story.
> I tried that. And the internet explorer as well as curl report an error, if 
> the download stops without the ending 0\r\n.
> 
> But I had to set "Connection: close" and "Transfer-Encoding: chunked" myself 
> and encode the chunk headers myself.
> If I leave these two headers out, tomcat managed the transfer-encoding (as I 
> set no Content-Length header) which I would prefer.
> However then I find no way to close the connection. If I call "close()" on 
> the OutputStream tomcat sends 0\r\n.
> Even if I throw an exception, tomcat "correctly" closes the stream.
> I did not find any way to close it without that.
> 
> Is there any way to do so?

Tomcat version?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: How to cancel download on the server side

[Steffen Heil (Mailinglisten)]

Hi


> I believe that, while the HTTP specification supports what you want to do, 
> neither servers nor clients support it. For example, you can
> use "trailers" (headers end the end of the response) to tell the client what 
> happened, but I suspect that no client will actually read
> them or act on them.

I did not even know such things exist.
A quick google check seems to indicate that you are right: No real client 
supports them in a way usable for me.


> You can always force a disconnect by simply closing the response stream. 
> Usually, the client will either tell the user that the download
> failed (connection closed before response - or chunk of response - 
> completed), more likely just shows the user a blank page or saves
> an incomplete file.

That's another story.
I tried that. And the internet explorer as well as curl report an error, if the 
download stops without the ending 0\r\n.

But I had to set "Connection: close" and "Transfer-Encoding: chunked" myself 
and encode the chunk headers myself.
If I leave these two headers out, tomcat managed the transfer-encoding (as I 
set no Content-Length header) which I would prefer.
However then I find no way to close the connection. If I call "close()" on the 
OutputStream tomcat sends 0\r\n.
Even if I throw an exception, tomcat "correctly" closes the stream.
I did not find any way to close it without that.

Is there any way to do so?


Regards,
  Steffen



smime.p7s
Description: S/MIME cryptographic signature

AW: How to cancel download on the server side

[Steffen Heil (Mailinglisten)]

Hi


> We had a similar problem. We just added a "preparation" step before the 
> actual download.
> 
> 1. User clicks on "request download" link 2. jQuery sends a request to 
> servlet and instructs it to prepare the download 3. Meanwhile
> the request download link has been changed with Javascript to "preparing 
> download..."
> 4. jQuery periodically asks the servlet if the download is ready or if the 
> preparation has failed 5. If it is ready, the "preparing
> download..." is replaced by "download file" - if it has failed, an error 
> message would be displayed
> 
> This of course will only work if the client supports Javascript. But even if 
> it doesn't you can work with HTTP reloads and/or redirects
> and using unique IDs to identify your client and their download.

Yes, we thought about that. However it still leaves the problem of a lot of 
storage on the server that is used for no reason and increasing the time to 
download the backup..


Regards,
  Steffen



smime.p7s
Description: S/MIME cryptographic signature

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

[Conor Skyler]

Hi Daniel,

Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.

Warm regards,
-Conor


On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa  wrote:

> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler 
> wrote:
>
> > Hello list,
> >
> > I'm trying to install the certificates I bought from GoDaddy into my
> Tomcat
> > server, however so far I've been unsuccessful to achieve this.
> >
> > My system specs are:
> > OS: Amazon Linux (fully updated)
> > Tomcat version: 8.0.32, installed from the repos
> > Java version: $ java -version
> > openjdk version "1.8.0_91"
> > OpenJDK Runtime Environment (build 1.8.0_91-b14)
> > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
> >
> > To install the certificates I followed this tutorial from GoDaddy
> website:
> >
> >
> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
> > which explains how to create a KeyStore and configure the  in
> > the server.xml file.
> >
>
> Follow these instructions.
>
>
> >
> > Now, judging from the official Tomcat documentation in
> > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
> that I
> > first need to conver the .crt files provided by GoDaddy to PKCS12 format
> --
> > I wonder then why the instructions in GoDaddy's website state other
> thing!
> >
>
> There's more than one way to do this.  If you started out by following the
> GoDaddy instructions to generate your CSR, then continue to follow them to
> import your signed certificate.
>
>
> >
> > But then I read this piece of documentation that left me completely
> > bewildered:
> > To import an existing certificate signed by your own CA into a PKCS12
> > keystore using OpenSSL you would execute a command like:
> >
> > openssl pkcs12 -export -in mycert.crt -inkey mykey.key
> >-out mycert.p12 -name tomcat -CAfile myCA.crt
> >-caname root -chain
> >
> > In this example there's a reference to a 'mykey.key' file that I don't
> > have a clue how to obtain it or from where it comes since when I
> > download the certificates provided by GoDaddy, there's no such .key
> > file: I can download several different types of certificates in .crt
> > format but there isn't any .key file to download.
> >
>
> This has to do with the way that you generated the CSR.  The GoDaddy
> instructions have you using keytool and a keystore.  In this case, your
> private key will exist in the keystore, so you won't have a .key file and
> that's OK.
>
>
> >
> > I tried contacting their support and well, they weren't any helpful at
> > all, they pointed me to the repository where all the certificates are
> > stored and told me to 'find someone that knows how to handle them' --
> > thanks for nothing :(
> >
> > Finally I want to say that I have Tomcat running smooth at port 8080,
> > I even configured an administrator user to access the status page
> > which works perfectly, my problem is that I just can't find how to
> > properly install and configure the SSL.
> >
>
> Follow the GoDaddy instructions.  They should work.  If you get stuck on a
> specific step, let us know.
>
> Dan
>
>
> >
> > What I'm not sure though is what part or steps I'm missing, I believe
> > this has to be much more simpler that it's been so far for me but
> > seriously I can't wrap my mind around it.
> >
> > Thank you very much for taking the time to read this n00b's help scream.
> >
> > Best regards,
> > -Conor
> >
>

Re: Embedded Tomcat does not automatically create "webapps" folder

[Fabrizio Cucci]

On 1 June 2016 at 15:38, Mark Thomas  wrote:
>
> On 01/06/2016 15:30, Fabrizio Cucci wrote:
> > Hi everyone,
> >
> > I was playing with embedded Tomcat 8.0.33 and I noticed something
> > unexpected.
> >
> > If I create my embedded Tomcat like this:
> >
> > Tomcat tomcat = new Tomcat();
> > tomcat.setPort(8080);
> > tomcat.setBaseDir("myBaseDir");
> >
> > start the server and then try to programmatically deploy a webapp like this:
> >
> > tomcat.addWebapp(tomcat.getHost(), "/foo", "");
> >
> > I get:
> >
> > java.io.IOException: Unable to create the directory
> > [/my-path/myBaseDir/webapps/foo]
> > at org.apache.catalina.startup.ExpandWar.expand(ExpandWar.java:115)
> > ~[tomcat-embed-core-8.0.33.jar!/:8.0.33]
> > at
> > org.apache.catalina.startup.ContextConfig.fixDocBase(ContextConfig.java:619)
> > [tomcat-embed-core-8.0.33.jar!/:8.0.33]
> > at
> > org.apache.catalina.startup.ContextConfig.beforeStart(ContextConfig.java:752)
> > [tomcat-embed-core-8.0.33.jar!/:8.0.33]
> > ...
> >
> > If I programmatically create the folder "webapps" in my baseDir after
> > starting tomcat but before deploying the webapp everything works fine.
> >
> > So I checked the line of code which throws the exception in the class
> > org.apache.catalina.startup.ExpandWar:
> >
> > [line 113] // Create the new document base directory
> > [line 114] if(!docBase.mkdir() && !docBase.isDirectory()) {
> > [line 115] throw new IOException(sm.getString("expandWar.createFailed",
> > docBase));
> > [line 116] }
> >
> > and I guess if the "mkdirs" method was used instead of "mkdir" everything
> > would work.
> >
> > The questions are:
> > - is it done on purpose? (not creating the webapps folder within the
> > baseDir when needed e.g. when an application is programmatically deployed)
>
> Yes.
>
> > - if yes, what is the reason beyond this technical decision?
>
> The user is expected to define a valid directory for a Host's appBase.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Hi Mark,

thanks a lot for your prompt reply.

What I still find a bit misleading is the fact that, if the user does
not provide a host's appBase, a default value kicks in (i.e. webapps),
but that value is not really useful unless the user manually creates
that folder. So, from a user prospective, the impression I have is
more of a convention-over-configuration not fully implemented.
Personally, I'd rather see Tomcat failing because of a "missing
mandatory configuration: appBase" and/or, at very least, introduce a
condition that checks whether the appBase folder exists on startup and
throw something like "missing mandatory folder: " if not.

But I have a very limited view of the codebase and my considerations
could be completely wrong.

Thanks,
Fabrizio

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[OT] Authentication

[Leo Donahue]

Since the forum just had a question on custom authentication, I thought
this would be a good time to ask.

Does anyone use "micro-services" to perform authentication of web service A
to web service B?

This would be different than authenticating users to web service A or B as
you would be authenticating a service user to another service.  (Think of
service user as the user running a tomcat instance.)

Is anyone choosing to extract authentication into a wsdl service these
days?  Or is that old news.

Leo

Re: using SSLHostConfig on tomcat 9 in order to get 2 SSL certificates

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hardibo,

On 6/1/16 9:48 AM, Hardibo Pierre-Jean wrote:
> Hello, when i add the second, or i put only the second (tomcat2)
> browser doesn't reach the website but doesnt stop with error
> message.

If you connect with openssl s_client, can you see what certificate is
presented with the server handshake?

Depending upon your version of OpenSSL, it may or may not support the
- -servername option, which is the way to trigger the use of SNI.

- -chris

> Le 31/05/2016 18:52, Christopher Schultz a écrit : Hardibo,
> 
> On 5/31/16 10:33 AM, Hardibo Pierre-Jean wrote:
 Hello, i made two startSSL's certificates because i could
 only add 5 domains once.
> ??!
> 
 When i use SSLHostConfig for the domains of the first
 certificate all is working, but when i try to add other
 domains (2° certificate) websites are no more accessible,
 there's few documentation about that and no tutorial so i am
 blocked. Here is my connector (server.xml): >>> port="8443" 
 protocol="org.apache.coyote.http11.Http11NioProtocol" 
 maxThreads="150" SSLEnabled="true" >
> You'll also want to set secure="true" and scheme="https" on your 
> . This might be the only thing you are missing.
> 
> http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-
_S
>
> 
SLHostConfig
> 
  >>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
 certificateKeystorePassword="" type="RSA"/>
  >>> hostName="www.tagdirectory.net"> >>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
 certificateKeystorePassword="" type="RSA"/>
  >>> hostName="www.xn--kzako-bsa.com"> >>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
 certificateKeystorePassword="" type="RSA"/>
  >>> hostName="www.xn--tltravail-b4ab.com"> >>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
 certificateKeystorePassword="" type="RSA"/>
  >>> hostName="www.xn--changedeliens-9gb.com"> >>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
 certificateKeystorePassword="" type="RSA"/>
  >>> hostName="en.tagdirectory.net"> >>> certificateKeystoreFile="/opt/tomcat9/tomcat2" 
 certificateKeystorePassword="" type="RSA"/>
  >>> hostName="www.retrogeekzone.com"> >>> certificateKeystoreFile="/opt/tomcat9/tomcat2" 
 certificateKeystorePassword="" type="RSA"/>
  >>> hostName="en.retrogeekzone.com"> >>> certificateKeystoreFile="/opt/tomcat9/tomcat2" 
 certificateKeystorePassword="" type="RSA"/>
  >>> hostName="www.troc-livres-informatique.com"> >>> certificateKeystoreFile="/opt/tomcat9/tomcat2" 
 certificateKeystorePassword="" type="RSA"/>
  
> Those all look okay to me. What are you using to test? With a
> single  can you establish a connection? When you add
> the second , how do things change?
> 
> -chris
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldPFJ0ACgkQ9CaO5/Lv0PAF6ACfVcTBSYK14jmbTe8Ajs2JBvtT
ZLcAn350K2zMGeVOo8SmAoZgqDt6kGnf
=xtvv
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Embedded Tomcat does not automatically create "webapps" folder

[Mark Thomas]

On 01/06/2016 15:30, Fabrizio Cucci wrote:
> Hi everyone,
> 
> I was playing with embedded Tomcat 8.0.33 and I noticed something
> unexpected.
> 
> If I create my embedded Tomcat like this:
> 
> Tomcat tomcat = new Tomcat();
> tomcat.setPort(8080);
> tomcat.setBaseDir("myBaseDir");
> 
> start the server and then try to programmatically deploy a webapp like this:
> 
> tomcat.addWebapp(tomcat.getHost(), "/foo", "");
> 
> I get:
> 
> java.io.IOException: Unable to create the directory
> [/my-path/myBaseDir/webapps/foo]
> at org.apache.catalina.startup.ExpandWar.expand(ExpandWar.java:115)
> ~[tomcat-embed-core-8.0.33.jar!/:8.0.33]
> at
> org.apache.catalina.startup.ContextConfig.fixDocBase(ContextConfig.java:619)
> [tomcat-embed-core-8.0.33.jar!/:8.0.33]
> at
> org.apache.catalina.startup.ContextConfig.beforeStart(ContextConfig.java:752)
> [tomcat-embed-core-8.0.33.jar!/:8.0.33]
> ...
> 
> If I programmatically create the folder "webapps" in my baseDir after
> starting tomcat but before deploying the webapp everything works fine.
> 
> So I checked the line of code which throws the exception in the class
> org.apache.catalina.startup.ExpandWar:
> 
> [line 113] // Create the new document base directory
> [line 114] if(!docBase.mkdir() && !docBase.isDirectory()) {
> [line 115] throw new IOException(sm.getString("expandWar.createFailed",
> docBase));
> [line 116] }
> 
> and I guess if the "mkdirs" method was used instead of "mkdir" everything
> would work.
> 
> The questions are:
> - is it done on purpose? (not creating the webapps folder within the
> baseDir when needed e.g. when an application is programmatically deployed)

Yes.

> - if yes, what is the reason beyond this technical decision?

The user is expected to define a valid directory for a Host's appBase.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Embedded Tomcat does not automatically create "webapps" folder

[Fabrizio Cucci]

Hi everyone,

I was playing with embedded Tomcat 8.0.33 and I noticed something
unexpected.

If I create my embedded Tomcat like this:

Tomcat tomcat = new Tomcat();
tomcat.setPort(8080);
tomcat.setBaseDir("myBaseDir");

start the server and then try to programmatically deploy a webapp like this:

tomcat.addWebapp(tomcat.getHost(), "/foo", "");

I get:

java.io.IOException: Unable to create the directory
[/my-path/myBaseDir/webapps/foo]
at org.apache.catalina.startup.ExpandWar.expand(ExpandWar.java:115)
~[tomcat-embed-core-8.0.33.jar!/:8.0.33]
at
org.apache.catalina.startup.ContextConfig.fixDocBase(ContextConfig.java:619)
[tomcat-embed-core-8.0.33.jar!/:8.0.33]
at
org.apache.catalina.startup.ContextConfig.beforeStart(ContextConfig.java:752)
[tomcat-embed-core-8.0.33.jar!/:8.0.33]
...

If I programmatically create the folder "webapps" in my baseDir after
starting tomcat but before deploying the webapp everything works fine.

So I checked the line of code which throws the exception in the class
org.apache.catalina.startup.ExpandWar:

[line 113] // Create the new document base directory
[line 114] if(!docBase.mkdir() && !docBase.isDirectory()) {
[line 115] throw new IOException(sm.getString("expandWar.createFailed",
docBase));
[line 116] }

and I guess if the "mkdirs" method was used instead of "mkdir" everything
would work.

The questions are:
- is it done on purpose? (not creating the webapps folder within the
baseDir when needed e.g. when an application is programmatically deployed)
- if yes, what is the reason beyond this technical decision?

Thanks in advance,
Fabrizio

Re: using SSLHostConfig on tomcat 9 in order to get 2 SSL certificates

[Hardibo Pierre-Jean]

Hello, when i add the second, or i put only the second (tomcat2) browser 
doesn't reach the website but doesnt stop with error message.



Le 31/05/2016 18:52, Christopher Schultz a écrit :

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hardibo,

On 5/31/16 10:33 AM, Hardibo Pierre-Jean wrote:

Hello, i made two startSSL's certificates because i could only add
5 domains once.

??!


When i use SSLHostConfig for the domains of the first certificate
all is working, but when i try to add other domains (2°
certificate) websites are no more accessible, there's few
documentation about that and no tutorial so i am blocked. Here is
my connector (server.xml): 

You'll also want to set secure="true" and scheme="https" on your
. This might be the only thing you are missing.

http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_S
SLHostConfig


  
  
  
  

 
  
  
  

 


Those all look okay to me. What are you using to test? With a single
 can you establish a connection? When you add the
second , how do things change?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXTcFCAAoJEBzwKT+lPKRY0JkQAKoHkVmJJ5Gn52BwVolkvZIW
gnnxEmjIIB1+XmemEfpsIYvRNMdPQL4pd0tZcRUzN59yhxPm20XoZguYUlBTOjcg
ocuZN5/Q6otJ27eMOlcN5ZTWqqpuRbItjY103WX+q2fmC3ulGGrV/ZNyJcgbE2+y
2SWO/WAGB/KT1QzL+DNfDyk0zLyl8Poc9ax1NUrPmW/1eM/ubdrAOe+GOyAoY3Et
vZQkXNDfTp+l+yekvUY4YKSNAj3l/Rjd6XQSyLG97bmMRe+3q37pZmIjYyX/BI/7
vnx5WX+UWz8pCrXktgZCpG/CIJC5FLeSmbObmvYKyehUDBFo93AQBgU5SwgkDha2
Uy6apmjjJYqKtJlijz3fA7AFo9SoQntQH/gIu+zdReLidMa5R9Cuu4cTYUrAcCrl
vPE4elwVsfKAaWDg8UZk8CDevLNBG/9LYXFw6e2UVvo19hn9+7gf4YBsj0qHgU9m
lKFThhD3w/IawLpqS2ZS5sXJR+KMO1Yy2mektmWBsN+BaR1gcnUacrc678wtsHGw
3cJFn8mKQdomIhRy85TzNqt6vVjeLtZC8Md1vqOasPM73GiV7c4ijoSkioLZNwM1
uovy0J8v3sE9JpJOoDsRxVc3gsBbHhj84EWlVgYYVnomt7p/z0RS30oCU7l/u0j/
5umswB87kivFp2laHPu3
=jJvc
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need help on upgrading

[Vijay Kumar]

Sure. Will try and let you know.

On Wed, Jun 1, 2016 at 7:05 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Vijay,
>
> On 6/1/16 9:32 AM, Vijay Kumar wrote:
> > Thanks much Chris!
>
> No problem. Once you do this one time, you'll be much more comfortable
> with future upgrades. It's quite easy once you understand the things
> that usually change (e.g. stock Listeners).
>
> Tomcat 8 has many nice features when compared to Tomcat 7 as well.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAldO5IcACgkQ9CaO5/Lv0PBFugCeMcMFeTrkZN3ljRuCghKw8XOe
> tbYAoLj6EFmZeJrLNh7ZiNiwGfR1D0Dp
> =Bj8r
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need help on upgrading

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Vijay,

On 6/1/16 9:32 AM, Vijay Kumar wrote:
> Thanks much Chris!

No problem. Once you do this one time, you'll be much more comfortable
with future upgrades. It's quite easy once you understand the things
that usually change (e.g. stock Listeners).

Tomcat 8 has many nice features when compared to Tomcat 7 as well.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldO5IcACgkQ9CaO5/Lv0PBFugCeMcMFeTrkZN3ljRuCghKw8XOe
tbYAoLj6EFmZeJrLNh7ZiNiwGfR1D0Dp
=Bj8r
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need help on upgrading

[Vijay Kumar]

Thanks much Chris!




Thanks,
Vijay
--
http://www.matchfinder.in
On Wed, Jun 1, 2016 at 6:52 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Vijay,
>
> On 5/31/16 11:03 PM, aramanda vijay wrote:
> > We are hosting our e-commerce application on tomcat 7.0.47 with
> > Apache( Apache/2.2.15) web server for load balancing. There are 2
> > servers on the cluster. I don't remember the exact cluster
> > configuration.
> >
> > There is a requirement to upgrade our tomcat to the latest version
> > 8.0.35. Does the same apache version, cluster setup work the same
> > way on 7.0.47 and 8.0.35 ? Does the apache also need upgrade?
>
> Apache httpd upgrade is not necessary, but if you aren't on 2.4.x, you
> should make plans to upgrade.
>
> The configuration differences between Tomcat 7 and Tomcat 8 are
> minimal, but you should be aware that Tomcat 7's conf/server.xml and
> Tomcat 8's conf/server.xml are completely incompatible.
>
> It would be best to take the stock conf/server.xml from Tomcat 8 and
> make whatever changes you need to get it to match your current one
> (e.g.  and  configurations).
>
> You should definitely read this:
> http://tomcat.apache.org/migration-8.html
>
> ... and possibly pay special attention to this:
> http://tomcat.apache.org/migration-8.html#Upgrading_8.0.x
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAldO4ZYACgkQ9CaO5/Lv0PATZgCgnVvqJvNWe1Sm5EYr0lXPy7w8
> XRcAnA8Gd+YlNQIUbnJcE9i/F7Z3Bhkh
> =WE7O
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Upgrading from tomcat 6 to tomcat 8 | Performance goes down (Http requests)

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Vikas,

On 5/31/16 11:11 PM, vikas chandra yadav wrote:
> Hi, I am upgrading from tomcat 6 to tomcat 8. My throughput get
> decreased by 40%.
> 
> Simple sending http request from jmeter using 40 threads. In tomcat
> 6 it is 11 in tomcat 7(last version) it si 108000 in tomcat 8 -
> 8
> 
> Please suggest if we have to disable any auto enavle feature of do
> tuning.

Please post your  configuration for each version and
explain your testing methodology.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldO45IACgkQ9CaO5/Lv0PAzowCeJsgF5PyKmJR+/IRpdyR4u/3x
JfEAoL7oFwb9562MVYkhJLF2rJsC9a4F
=k7tV
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Custom Authenticator

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas,

On 6/1/16 7:15 AM, Thomas Meyer wrote:
> Hi,
> 
> How do I get a custom mapping set in 
> ContextConfig.setCustomAuthenticators? ( 
> https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/start
up/ContextConfig.html#setCustomAuthenticators(java.util.Map)
>
> 
)
> 
> I want to add a custom mapping for lets say BEARER to a my
> Authenticator. I searched the source code but nobody seems to call
> this method. So how and where should this map be configured?

Do you mean that you want to replace FORM or CLIENT-CERT in web.xml
with BEARER and have it use your authenticator?

Would you be okay if you just ignored the  and installed
your own authenticator? Because you can do that just by registering
your CustomAuthenticatorValve in your valve chain for your application.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldO40AACgkQ9CaO5/Lv0PBKCwCgkPlnOXK1U01agZ152xdQrKbr
NKcAoMI1CZZUZf5cSVLvN4cZ75Ho5+qf
=njpx
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need help on upgrading

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Vijay,

On 5/31/16 11:03 PM, aramanda vijay wrote:
> We are hosting our e-commerce application on tomcat 7.0.47 with 
> Apache( Apache/2.2.15) web server for load balancing. There are 2 
> servers on the cluster. I don't remember the exact cluster 
> configuration.
> 
> There is a requirement to upgrade our tomcat to the latest version 
> 8.0.35. Does the same apache version, cluster setup work the same
> way on 7.0.47 and 8.0.35 ? Does the apache also need upgrade?

Apache httpd upgrade is not necessary, but if you aren't on 2.4.x, you
should make plans to upgrade.

The configuration differences between Tomcat 7 and Tomcat 8 are
minimal, but you should be aware that Tomcat 7's conf/server.xml and
Tomcat 8's conf/server.xml are completely incompatible.

It would be best to take the stock conf/server.xml from Tomcat 8 and
make whatever changes you need to get it to match your current one
(e.g.  and  configurations).

You should definitely read this:
http://tomcat.apache.org/migration-8.html

... and possibly pay special attention to this:
http://tomcat.apache.org/migration-8.html#Upgrading_8.0.x

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldO4ZYACgkQ9CaO5/Lv0PATZgCgnVvqJvNWe1Sm5EYr0lXPy7w8
XRcAnA8Gd+YlNQIUbnJcE9i/F7Z3Bhkh
=WE7O
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.2 Beta and HTTP/2

[Mark Thomas]

On 01/06/2016 14:07, Sven Schleier wrote:
> Yes. That’s possible. I am just missing the “HTTP/1.1 101 Switching 
> Protocols” so it’s not switching to HTTP/2.

You'll only get that if you try to use HTTP/2 over a non-TLS channel.

When using TLS, ALPN is used to negotiate the protocol.

Mark


> 
> 
> On 1/6/16, 7:04 PM, "Mark Thomas"  wrote:
> 
>> On 01/06/2016 03:16, Sven Schleier wrote:
>>> Hi mailinglist,
>>>
>>> I just want to play around with the new HTTP/2 implementation of Tomcat
>>> 8.5.2 Beta. The tomcat instance is up and running and the h2 support is
>>> activated, according to the log during startup:
>>>
>>> 01-Jun-2016 01:57:52.544 INFO [main]
>>> org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
>>> The ["https-openssl-apr-8443"] connector has been configured to support
>>> negotiation to [h2] via ALPN
>>>
>>>
>>> But when I try to connect via nghttp (command line client for HTTP/2),
>>> it tells me that h2 is not available.
>>>
>>> ➜  apache-tomcat-8.5.2 nghttp -v https://127.0.0.1:8443
>>> 
>>
>> Can you connect via https + HTTP/1.1
>>
>> Mark
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.2 Beta and HTTP/2

[Sven Schleier]

Yes. That’s possible. I am just missing the “HTTP/1.1 101 Switching Protocols” 
so it’s not switching to HTTP/2.


On 1/6/16, 7:04 PM, "Mark Thomas"  wrote:

>On 01/06/2016 03:16, Sven Schleier wrote:
>> Hi mailinglist,
>> 
>> I just want to play around with the new HTTP/2 implementation of Tomcat
>> 8.5.2 Beta. The tomcat instance is up and running and the h2 support is
>> activated, according to the log during startup:
>> 
>> 01-Jun-2016 01:57:52.544 INFO [main]
>> org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
>> The ["https-openssl-apr-8443"] connector has been configured to support
>> negotiation to [h2] via ALPN
>> 
>> 
>> But when I try to connect via nghttp (command line client for HTTP/2),
>> it tells me that h2 is not available.
>> 
>> ➜  apache-tomcat-8.5.2 nghttp -v https://127.0.0.1:8443
>> 
>
>Can you connect via https + HTTP/1.1
>
>Mark
>
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>

Custom Authenticator

[Thomas Meyer]

Hi,

How do I get a custom mapping set in  
ContextConfig.setCustomAuthenticators? (  
https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/startup/ContextConfig.html#setCustomAuthenticators(java.util.Map)  
)


I want to add a custom mapping for lets say BEARER to a my Authenticator.
I searched the source code but nobody seems to call this method. So  
how and where should this map be configured?


With kind regards
Thomas


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.2 Beta and HTTP/2

[Mark Thomas]

On 01/06/2016 03:16, Sven Schleier wrote:
> Hi mailinglist,
> 
> I just want to play around with the new HTTP/2 implementation of Tomcat
> 8.5.2 Beta. The tomcat instance is up and running and the h2 support is
> activated, according to the log during startup:
> 
> 01-Jun-2016 01:57:52.544 INFO [main]
> org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
> The ["https-openssl-apr-8443"] connector has been configured to support
> negotiation to [h2] via ALPN
> 
> 
> But when I try to connect via nghttp (command line client for HTTP/2),
> it tells me that h2 is not available.
> 
> ➜  apache-tomcat-8.5.2 nghttp -v https://127.0.0.1:8443
> 

Can you connect via https + HTTP/1.1

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org