Re: Randomly tomcat process create another copy process of it. Now see two PIDs of tomcat running

2017-09-28 Thread Guang Chao 
On Thu, Sep 28, 2017 at 2:50 PM, Naresh Yadav 
wrote:

> my hard requirement is to run tomcat from eclipse only using sysdeo or
> other plugin.
> But yes i can try running from service OR startup bat file also...
>
> Another thing want to highlight is this problem is not consistent and it
> appear randomly...
> my guess is when there is more load on server then someone create another
> tomcat pid.
>

It could be an Eclipse issue not Tomcat issue, because you launch from
Eclipse.


>
> One more information wanted to share is :
>  In this environment we have 2 node tomcat setup running behind
> mod_jk loadbalancer with session replication enabled.
>  right now we observed this problem on one of node only.
>

Do both nodes getting around the same load?  It could be that only one node
is getting all the request, but problem may occur to both.


>
> Please give next level pointers.
>
> On Thu, Sep 28, 2017 at 6:26 AM, Guang Chao 
> wrote:
>
> > On Tue, Sep 26, 2017 at 5:52 PM, Naresh Yadav 
> > wrote:
> >
> > > Hi all,
> > >
> > > Already posted my problem on stackoverflow but not got any respo/nses
> so
> > > thought
> > > of posting here. Please read and help me with possible resolutions ??
> > >
> >
> > Would it be possible one is run as a service and another run using the
> > *.bat file?
> >
> >
> > >
> > > https://stackoverflow.com/questions/46409358/randomly-
> > > tomcat-process-create-another-copy-process-of-it-now-see-two-pids-of-t
> > >
> > > Thanks
> > > Naresh
> > >
> >
> >
> >
> > --
> > Guang  in-java/>
> >
>



-- 
Guang

Re: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Coty Sutherland 
On Thu, Sep 28, 2017 at 12:27 PM, Wang, Jennifer
 wrote:
> NONCONFIDENTIAL // EXTERNAL
> Hi Coty,
>
> I download tcnative-1.dll from tomcat site. I am running on windows 7. I did 
> set " java.library.path" as below.
>
>
>
>
> @SpringBootApplication
> public class Application {
>
> public static void main(String[] args) {
>
> //try both of below
> System.setProperty("java.library.path", 
> "C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64\\tcnative-1.dll");
> //System.setProperty("java.library.path", 
> "C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64");

I think trying to set the library path in code is too late as the JVM
has already initialized. You'll need to set it in the JVM arguments
that start the Application. I got it working using the following
config snippet:

 
 org.springframework.boot
 spring-boot-maven-plugin
 
 
 -Djava.library.path=/path/to/tomcat-native/
 
 

and starting with `mvn spring-boot:run`. I also configured that the
System.setProperty call didn't work.

HTH

>
> SpringApplication.run(Application.class, args);
> }
> }
>
> Thanks!
>
> Jennifer
>
> -Original Message-
> From: Coty Sutherland [mailto:csuth...@redhat.com]
> Sent: Thursday, September 28, 2017 12:16 PM
> To: Tomcat Users List
> Subject: [External] Re: how to set Http11AprProtocol with embedded tomcat
>
> On Thu, Sep 28, 2017 at 11:32 AM, Wang, Jennifer  
> wrote:
>> NONCONFIDENTIAL // EXTERNAL
>> How to set Http11AprProtocol with embedded tomcat in java spring boot app?
>>
>> I keep get below error.
>
> You don't have tomcat-native installed. Resolving the problem should be as 
> simple as installing tomcat-native (which deps on APR) via RPM (assuming 
> you're on linux) so that it's on your library path or updating your JVM's 
> -Djava.library.path system property to point to APR and tomcat-native so that 
> tomcat can use it.
>
>> org.apache.catalina.LifecycleException: Failed to initialize component 
>> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
>>at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>>at 
>> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
>>at 
>> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
>>at 
>> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
>>at 
>> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
>>at 
>> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
>>at 
>> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
>>at 
>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
>>at 
>> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
>>at 
>> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
>>at 
>> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
>>at 
>> org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
>>at 
>> org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
>>at 
>> org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
>>at hello.Application.main(Application.java:13)
>> Caused by: org.apache.catalina.LifecycleException: The configured
>> protocol [org.apache.coyote.http11.Http11AprProtocol] requires the
>> APR/native library which is not available
>>
>> Thanks!
>>
>> Jennifer
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Java 9 support + HSTS for tomcat.apache.org

2017-09-28 Thread Konstantin Kolinko 
2017-09-26 11:57 GMT+03:00 Oliver Heister :
>  2. Currently MITM attacks by evil ISPs or WiFi networks are possible
> against people downloading tomcat from
> http://tomcat.apache.org/download-80.cgi . (The page has links to PGP, md5
> and sha1 hashes for validation, but the links are on a http page that does
> not redirect to https. This means they could be replaced in case of MITM.)
>
> IMO a HTTP 301 redirect to the https version and HSTS headers should be
> added to http://tomcat.apache.org/ .

The recommended way to validate releases it to check the PGP
signature, not the checksums.

It is not so easy to compromise a PGP signature. You cannot generate a
new signature without having a key.


I think that HSTS is an overkill.

Maybe update links to *.cgi pages (in menu and on the site) to use https:

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Wang, Jennifer 
NONCONFIDENTIAL // EXTERNAL
Hi Coty,

I download tcnative-1.dll from tomcat site. I am running on windows 7. I did 
set " java.library.path" as below.




@SpringBootApplication
public class Application {

public static void main(String[] args) {

//try both of below
System.setProperty("java.library.path", 
"C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64\\tcnative-1.dll");
//System.setProperty("java.library.path", 
"C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64");

SpringApplication.run(Application.class, args);
}
}

Thanks!

Jennifer

-Original Message-
From: Coty Sutherland [mailto:csuth...@redhat.com] 
Sent: Thursday, September 28, 2017 12:16 PM
To: Tomcat Users List
Subject: [External] Re: how to set Http11AprProtocol with embedded tomcat

On Thu, Sep 28, 2017 at 11:32 AM, Wang, Jennifer  
wrote:
> NONCONFIDENTIAL // EXTERNAL
> How to set Http11AprProtocol with embedded tomcat in java spring boot app?
>
> I keep get below error.

You don't have tomcat-native installed. Resolving the problem should be as 
simple as installing tomcat-native (which deps on APR) via RPM (assuming you're 
on linux) so that it's on your library path or updating your JVM's 
-Djava.library.path system property to point to APR and tomcat-native so that 
tomcat can use it.

> org.apache.catalina.LifecycleException: Failed to initialize component 
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
>at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
>at 
> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
>at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
>at 
> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
>at 
> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
>at hello.Application.main(Application.java:13)
> Caused by: org.apache.catalina.LifecycleException: The configured 
> protocol [org.apache.coyote.http11.Http11AprProtocol] requires the 
> APR/native library which is not available
>
> Thanks!
>
> Jennifer
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Wang, Jennifer 
NONCONFIDENTIAL // EXTERNAL
Hi Coty,

I download tcnative-1.dll from tomcat site. I am running on windows 7. I did 
set " java.library.path" as below.




@SpringBootApplication
public class Application {

public static void main(String[] args) {

//try both of below
System.setProperty("java.library.path", 
"C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64\\tcnative-1.dll");
//System.setProperty("java.library.path", 
"C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64");

SpringApplication.run(Application.class, args);
}
}

Thanks!

Jennifer

-Original Message-
From: Coty Sutherland [mailto:csuth...@redhat.com] 
Sent: Thursday, September 28, 2017 12:16 PM
To: Tomcat Users List
Subject: [External] Re: how to set Http11AprProtocol with embedded tomcat

On Thu, Sep 28, 2017 at 11:32 AM, Wang, Jennifer  
wrote:
> NONCONFIDENTIAL // EXTERNAL
> How to set Http11AprProtocol with embedded tomcat in java spring boot app?
>
> I keep get below error.

You don't have tomcat-native installed. Resolving the problem should be as 
simple as installing tomcat-native (which deps on APR) via RPM (assuming you're 
on linux) so that it's on your library path or updating your JVM's 
-Djava.library.path system property to point to APR and tomcat-native so that 
tomcat can use it.

> org.apache.catalina.LifecycleException: Failed to initialize component 
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
>at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
>at 
> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
>at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
>at 
> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
>at 
> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
>at hello.Application.main(Application.java:13)
> Caused by: org.apache.catalina.LifecycleException: The configured 
> protocol [org.apache.coyote.http11.Http11AprProtocol] requires the 
> APR/native library which is not available
>
> Thanks!
>
> Jennifer
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Coty Sutherland 
On Thu, Sep 28, 2017 at 11:32 AM, Wang, Jennifer
 wrote:
> NONCONFIDENTIAL // EXTERNAL
> How to set Http11AprProtocol with embedded tomcat in java spring boot app?
>
> I keep get below error.

You don't have tomcat-native installed. Resolving the problem should
be as simple as installing tomcat-native (which deps on APR) via RPM
(assuming you're on linux) so that it's on your library path or
updating your JVM's -Djava.library.path system property to point to
APR and tomcat-native so that tomcat can use it.

> org.apache.catalina.LifecycleException: Failed to initialize component 
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
>at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
>at 
> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
>at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
>at 
> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
>at 
> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
>at hello.Application.main(Application.java:13)
> Caused by: org.apache.catalina.LifecycleException: The configured protocol 
> [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library 
> which is not available
>
> Thanks!
>
> Jennifer
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat ssl setup

2017-09-28 Thread John Ellis 


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List 
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis :
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List 
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis :
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> 
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Regards
> 
> Peter
> 
> Peter I have never seen entries in the "" part of the 
> server.xml file. Does that have to be in there for SSL to work in Tomcat?
> 
That's the way you define one Connector on one port with different certificates 
in TC 8.5 and 9.0.
I guess that's one of the important new features!
> 
> 
> 
> Peter BTW mine still isn't working on the secure port of 8443; I still get a 
> webpage when I go back to the non-secure port of 8080. 
> 
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional

RE: tomcat ssl setup

2017-09-28 Thread John Ellis 


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List 
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis :
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List 
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis :
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> 
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Regards
> 
> Peter
> 
> Peter I have never seen entries in the "" part of the 
> server.xml file. Does that have to be in there for SSL to work in Tomcat?
> 
That's the way you define one Connector on one port with different certificates 
in TC 8.5 and 9.0.
I guess that's one of the important new features!
> 
> 
> 
> Peter I ran the keytool commands again to create all new keystore files, 
> submitted & got back a certificate from Cacert.org and here is how my 
> server.xml file looks now; at least the main parts that I have edited; based 
> on what your looks like-

how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Wang, Jennifer 
NONCONFIDENTIAL // EXTERNAL
How to set Http11AprProtocol with embedded tomcat in java spring boot app?

I keep get below error.


org.apache.catalina.LifecycleException: Failed to initialize component 
[Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
   at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
   at 
org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
   at 
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
   at 
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
   at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
   at 
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
   at 
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
   at hello.Application.main(Application.java:13)
Caused by: org.apache.catalina.LifecycleException: The configured protocol 
[org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library 
which is not available

Thanks!

Jennifer

how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Wang, Jennifer 
NONCONFIDENTIAL // EXTERNAL
How to set Http11AprProtocol with embedded tomcat in java spring boot app?

I keep get below error.


org.apache.catalina.LifecycleException: Failed to initialize component 
[Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
   at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
   at 
org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
   at 
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
   at 
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
   at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
   at 
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
   at 
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
   at hello.Application.main(Application.java:13)
Caused by: org.apache.catalina.LifecycleException: The configured protocol 
[org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library 
which is not available

Thanks!

Jennifer

Re: Java 9 support + HSTS for tomcat.apache.org

2017-09-28 Thread Oliver Heister 
> > IMO a remark regarding Java 9 should be added to
> > http://tomcat.apache.org/whichversion.html .
>
> Sounds good. I don't know of anything specific that does NOT work with
> Java 9, but markt has been following the pre-releases of Java 9 pretty
> closely, and has made adjustments (mostly disabling various
> workarounds for bugs in previous JVMs) accordingly. There may be some
> NEW items that may need to be worked-around -- those usually turn out
> to be various ClassLoader-pinning memory-leaks -- but my guess is that
> most Tomcat versions will work just find under Java 9 without any
> special effort.
>
> Could you try (the latest patch-level of) whatever version of Tomcat
> you are currently using with Java 9 and let us know how things go?

It looks like Tomcat 8.5.23 and Tomcat 9.0.1 Beta will be released
soon and they include the fix mentioned in
https://marc.info/?l=tomcat-dev=150617928913339=2 . So we will
test Tomcat 8.5.23.


> > 2. Currently MITM attacks by evil ISPs or WiFi networks are
> > possible against people downloading tomcat from
> > http://tomcat.apache.org/download-80.cgi . (The page has links to
> > PGP, md5 and sha1 hashes for validation, but the links are on a
> > http page that does not redirect to https. This means they could be
> > replaced in case of MITM.)
> >
> > IMO a HTTP 301 redirect to the https version and HSTS headers
> > should be added to http://tomcat.apache.org/ .
>
> Agreed about the redirect... not so sure about HSTS, as that affects
> the whole domain.

HSTS (RFC 6797) would only affect http://tomcat.apache.org/ .
"HSTS preload" would affect the base domain and all subdomains.


> > Should I try to submit issues in Bugzilla for both?
>
> Yes, please. Post-back with URLs to the BZ issues you raise.

OK.

Regards
Oliver

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat ssl setup

2017-09-28 Thread John Ellis 


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List 
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis :
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List 
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis :
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> 
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Regards
> 
> Peter
> 
> Peter I have never seen entries in the "" part of the 
> server.xml file. Does that have to be in there for SSL to work in Tomcat?
> 
That's the way you define one Connector on one port with different certificates 
in TC 8.5 and 9.0.
I guess that's one of the important new features!
> 
> 
> Wow. I started posting in this forum back on the 19th; specifically about 
> version 9 of Tomcat and yours is the 1st reply where I have seen anything 
> about having to configure
the  "" part of the server.xml. I will give that a try. BTW, do 
you have the exact order and text of the openssl commands

Problem with SSL configuration on Tomcat 7.0.53

2017-09-28 Thread Ravikumar Ganugapanta 
Hi,
OS Version - centos-release-6-5.el6.
Tomcat - tomcat 7.0.53
JDK/JRE - java-1.7.0-openjdk-1.7.0.91.x86_64
I created a self signed keystore and certificate and configured below in
tomcat server.xml  But when I try to
access by https://hostname:8443/  URL I get below exception.
"IOException: SSL handshake failed. Ciper suite in SSL Session is
SSL_NULL_WITH_NULL_NULL"
I even added the certificate to JDK cacerts keystore, but got the same
excpetion. 
I also updated nss library, but that also did not work. By the way how to
check the nss version?
On Windows I was able to easily get it working but on CentOS machine I am
struggling from 1 week but still no success.
Any help will be highly appreciated.
Thanks,
Ravikumar
Disclaimer: This e-mail may contain Privileged/Confidential information and is 
intended
only for the individual(s) named. Any review, retransmission, dissemination or 
other use
of, or taking of any action in reliance upon this information by persons or 
entities
other than the intended recipient is prohibited. Please notify the sender, if 
you have
received this e-mail by mistake and delete it from your system. Information in 
this
message that does not relate to the official business of the company shall be 
understood
as neither given nor endorsed by it. E-mail transmission cannot be guaranteed 
to be
secure or error-free. The sender does not accept liability for any errors or 
omissions in
the contents of this message which arise as a result of e-mail transmission.If
verification is required please request a hard-copy version.
Visit us at http://www.harbingergroup.com/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Randomly tomcat process create another copy process of it. Now see two PIDs of tomcat running

2017-09-28 Thread Naresh Yadav 
my hard requirement is to run tomcat from eclipse only using sysdeo or
other plugin.
But yes i can try running from service OR startup bat file also...

Another thing want to highlight is this problem is not consistent and it
appear randomly...
my guess is when there is more load on server then someone create another
tomcat pid.

One more information wanted to share is :
 In this environment we have 2 node tomcat setup running behind
mod_jk loadbalancer with session replication enabled.
 right now we observed this problem on one of node only.

Please give next level pointers.

On Thu, Sep 28, 2017 at 6:26 AM, Guang Chao 
wrote:

> On Tue, Sep 26, 2017 at 5:52 PM, Naresh Yadav 
> wrote:
>
> > Hi all,
> >
> > Already posted my problem on stackoverflow but not got any respo/nses so
> > thought
> > of posting here. Please read and help me with possible resolutions ??
> >
>
> Would it be possible one is run as a service and another run using the
> *.bat file?
>
>
> >
> > https://stackoverflow.com/questions/46409358/randomly-
> > tomcat-process-create-another-copy-process-of-it-now-see-two-pids-of-t
> >
> > Thanks
> > Naresh
> >
>
>
>
> --
> Guang 
>

Re: Help needed - JPA probem - No connection specified with project

2017-09-28 Thread Karen Goh 


On Thu, 9/28/17, Guang Chao  wrote:

 Subject: Re: Help needed - JPA probem - No connection specified with project
 To: "Tomcat Users List" , "Karen Goh" 

 Date: Thursday, September 28, 2017, 1:25 PM
 
 On Thu, Sep 28, 2017 at 12:57 PM,
 Karen Goh 
 wrote:
 
 >
 >
 
 > On Tue, 9/26/17, Konstantin Kolinko 
 wrote:
 >
 >  Subject:
 Re: Help needed - JPA probem - No connection specified
 with
 > project
 >  To:
 "Tomcat Users List" 
 >  Date: Tuesday, September 26, 2017, 8:52
 AM
 >
 >  2017-09-25
 18:02 GMT+03:00 Karen
 >  Goh :
 >  > Hi Kolinko,
 > 
 >
 >  > I have now removed the
 ResourceLink and
 >  left with Resource
 in my context.xml which is resided at
 > 
 WebContent/META-INF.
 >  >
 >  > And this is C:\Program
 Files\Apache
 >  Software
 Foundation\Tomcat 8.0\conf\context.xml
 >  >
 >  >
   version="1.0"
 encoding="UTF-8"?>
 >  >
 
 >  >
 >  >    
 
 >  >     
 >  >
 > 
 WEB-INF/web.xml
 >  >
 > 
 ${catalina.base}/conf/web.xml
 >  >
 >  >    
 
 >  >     
 > 
 >
 >  >     
 >  >    
 
 >  >
 > 
 
 >  >
 >  >
 >  And
 here's my web.xml :
 >  >
 >  >   encoding="UTF-8"?>
 >  >
 >  http://www.w3.org/2001/XMLSchema-instance;
 >  xmlns="http://xmlns.jcp.org/xml/ns/javaee;
 >  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
 > http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd;
 >  version="3.1">
 >  >
 > 
 Hi5S
 >  >   
 >  >
 > 
 Index.jsp
 >  >   
 >  >   
 >  >     MySQL
 >  Datasource
 >  >
 > 
 jdbc/hi5
 >  >
 > 
 javax.sql.DataSource
 >  >
 > 
 Container
 >  >   
 >  >
 >  >
 
 >  >
 >  > The error remains the
 >  same and my Tomcat failed to start,
 despite I cleaned them
 >  etc etc.
 >  >
 >  > SEVERE:
 A
 >  child container failed during
 start
 >  >
 > 
 java.util.concurrent.ExecutionException:
 >  org.apache.catalina.LifecycleException:
 Failed to start
 >  component
 > 
 [StandardEngine[Catalina].StandardHost[localhost]]
 >  >
 >  > Could
 you advise how
 >  to go about making it
 work ?
 >
 >  Mailing
 list rules:
 >  http://tomcat.apache.org/lists.html#tomcat-users
 >  -> Top-posting is bad.
 >
 > Ok. Tks, now I follow
 your requirements.
 >
 >
 >  1. See a link to
 Eclipse IDE FAQ here:
 >
 >  https://wiki.apache.org/tomcat/FAQ/Developing#Q6
 >
 >
 >  2. See the
 > 
 following thread on how to turn on "Publish module
 >  context
 >  to
 separate XML files" option
 >  in
 Eclipse.
 >
 >  By
 default
 >  (without that option) Eclipse
 IDE places 
 > 
 elements
 >  into server.xml, which is a
 rather
 >  discourage practice.
 >
 >  http://markmail.org/message/7zkyocvph56b6t6q
 >
 >
 >
 OK.  I managed to turn on "Publish module context..but
 my problem of
 > context not bound is
 still there.
 >
 > 
 3.
 >  Documentation on Context:
 >
 >  http://tomcat.apache.org/tomcat-8.0-doc/config/context.html
 >
 >  The 
 element in
 >  your context.xml has a lot
 of attributes that
 >  should not be
 there, starting with
 > 
 "debug". What (bad) example were
 >  they copied from?
 >
 >
 >  4. The current version of
 >  Tomcat 8.0 is 8.0.46.
 >  There were security
 >  fixes in Java as well (8u141 was a
 security update
 >  in July 2017)
 >
 >  Also EOL date for
 Tomcat 8.0 has been
 >  announced. Users
 are advised to
 >  migrate to
 >  8.5.
 >  http://tomcat.apache.org/tomcat-80-eol.html
 >
 > Hi kolinko, I have
 now installed Tomcat 8.5.20 but same problem.
 >
 >
 >
 >
 >  5. Your
 > 
 META-INF/context.xml is broken:
 > 
 [[[
 >    // here is
 rogue
 >  ">", thus your
 Resource has no name (all
 >  the
 following is plain text, not attributes)
 >  and thus NPE happens
 >
 > 
 name="jdbc/hi5"
 >
 >  auth="Container"
 >
 > 
 type="javax.sql.DataSource"
 >
 > 
 maxTotal="8"
 >
 >  maxActive="100"
 >
 > 
 maxIdle="30"
 >
 >  maxWait="-1"
 >
 > 
 username="root"
 >
 >  singleton="true"
 >
 > 
 override="true"
 >
 > 
 factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
 >      password="password"
 >
 > 
 alternateUsernameAllowed="true"
 >
 >   
 driverClassName="com.mysql.jdbc.Driver"
 >
 > 
 url="jdbc:mysql://localhost:3306/hi5" /> 
 //
 >  You either use /> or
 >  ,
 >  not both.
 >   
 
 >  ]]]
 >
 >
 >
 I have changed my context.xml as follows :
 >
 > 
 >  >
 >      
    name="jdbc/hi5"
 >     
    auth="Container"
 >     
    type="javax.sql.DataSource"
 >         maxTotal="8"
 >         maxActive="100"
 >         maxIdle="30"
 >         maxWait="-1"
 >         username="root"
 >         singleton="true"
 >         override="true"
 >        
 factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
 >        
 password="password"
 >     
       alternateUsernameAllowed="true"
 >        
 driverClassName="com.mysql.jdbc.Driver"
 >        
 url="jdbc:mysql://localhost:3306/hi5" />
 >    
 >
 > And my web.xml ;
 >
 > 
 >