Certificate based database authentication
I have an application in Tomcat 7 that connects to an Oracle database. Currently we are connecting using the username/password which is embedded in the xml files. To harden security, we are looking at x509 certificate authentication. Is there a way to tie a certificate to Tomcat hand have them authenticate that way? Will - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Protocol handler initialization failed, Address already in use
Dear Sergey, does this actually happen on a restart situation (with less than about 5min pausing time)? Then maybe you have a dangling connection (close/time waiting) on the TCP stack from the shutdown of a client connection (or the reverse proxy). Please check if any is still open after closing down Tomcat ... ... or after stopping the Container. If it is bridged, did it use a veth device? This also don't closed down before the last connection have closed and may prevent to creade a new on (with the same name or the same IP). Greetings Guido >-Original Message- >From: Sergey Esin [mailto:sergey.e...@jetbrains.com] >Sent: Monday, July 09, 2018 5:12 PM >To: users@tomcat.apache.org >Subject: Protocol handler initialization failed, Address already in use > >Hi, > >I have not-100% reproducable issue with the latest Tomcat 8.5.32 (Java >8u172). It happens only time to time. > >It's running in docker container under AWS ECS on a separate machine in ECS >cluster. >Brigde networking - so the Tomcat container gets it's own IP address. > >I have a number of Nio HTTP/1.1 connectors configured in Tomcat and upon >container startup I can get such issue for _any_ of configured ports: > >09 Jul 2018 16:46:03,570 INFO [Http11NioProtocol ] >Initializing ProtocolHandler ["http-nio-8080"] >09 Jul 2018 16:46:03,598 INFO [NioSelectorPool ] Using a >shared selector for servlet write/read >09 Jul 2018 16:46:03,609 INFO [Http11NioProtocol ] >Initializing ProtocolHandler ["http-nio-49080"] >09 Jul 2018 16:46:03,610 INFO [NioSelectorPool ] Using a >shared selector for servlet write/read >09 Jul 2018 16:46:03,611 INFO [Http11NioProtocol ] >Initializing ProtocolHandler ["http-nio-50080"] >09 Jul 2018 16:46:03,612 ERROR [StandardService ] Failed to >initialize connector [Connector[HTTP/1.1-50080]] >org.apache.catalina.LifecycleException: Failed to initialize component >[Connector[HTTP/1.1-50080]] >at >org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) >~[catalina.jar:8.5.32] >at >org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) >[catalina.jar:8.5.32] >at >org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >[catalina.jar:8.5.32] >at >org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) >[catalina.jar:8.5.32] >at >org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >[catalina.jar:8.5.32] >at org.apache.catalina.startup.Catalina.load(Catalina.java:632) >[catalina.jar:8.5.32] >at org.apache.catalina.startup.Catalina.load(Catalina.java:655) >[catalina.jar:8.5.32] >at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >~[?:1.8.0_172] >at >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >~[?:1.8.0_172] >at >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >~[?:1.8.0_172] >at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_172] >at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) >[bootstrap.jar:8.5.32] >at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) >[bootstrap.jar:8.5.32] >at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >~[?:1.8.0_172] >at >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >~[?:1.8.0_172] >at >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >~[?:1.8.0_172] >at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_172] >at >org.tanukisoftware.wrapper.WrapperStartStopApp.run(WrapperStartStopApp.java:400) >[wrapper.jar:3.5.32] >at java.lang.Thread.run(Thread.java:748) [?:1.8.0_172] >Caused by: org.apache.catalina.LifecycleException: Protocol handler >initialization failed >at >org.apache.catalina.connector.Connector.initInternal(Connector.java:995) >~[catalina.jar:8.5.32] >at >org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >~[catalina.jar:8.5.32] >... 18 more >Caused by: java.net.BindException: Address already in use >at sun.nio.ch.Net.bind0(Native Method) ~[?:1.8.0_172] >at sun.nio.ch.Net.bind(Net.java:433) ~[?:1.8.0_172] >at sun.nio.ch.Net.bind(Net.java:425) ~[?:1.8.0_172] >at >sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) >~[?:1.8.0_172] >at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) >~[?:1.8.0_172] >at >org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:210) >~[tomcat-coyote.jar:8.5.32] >at >org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086) >~[tomcat-coyote.jar:8.5.32] >at >org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
Re: Certificate based database authentication
Hi. On 10.07.2018 15:03, Will Nordmeyer wrote: I have an application in Tomcat 7 that connects to an Oracle database. Currently we are connecting using the username/password which is embedded in the xml files. To harden security, we are looking at x509 certificate authentication. Is there a way to tie a certificate to Tomcat hand have them authenticate that way? As far as I know, when your application connects to a database (like you do above), it is for that using a driver specific to that database (such as Oracle in your case), and that driver code is not a part of Tomcat. So I believe that your question should be directed at whoever provides (or supports) the database driver that you are using. Only they would know the answer to your question. This is also the sense of the following on-line documentation page : http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html (and similar ones for other tomcat versions, e.g. http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html ) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
nginx + Tomcat 9
Hi, we are using nginx as proxy for our web app deployed in Tomcat 9. The app uses websocket. The websocket connection dies after 30/40 seconds and we can't figure out why. Any suggestions? Giacomo Non multa, sed multum Giacomo Arru Direttore commerciale - BETA Technologies [ https://betatechnologies.com/?giacomo-arru ] BETA Technologies Srl Cagliari - Loc. Scala Sa Perda ex SS. 131 km 10,8 09028 Sestu
Re: Certificate based database authentication
Thanks Andre - I agree it is an oracle driver based question, but sometimes here is faster for answers based on people's own life experience. On Tue, Jul 10, 2018 at 11:26 AM, André Warnier (tomcat) wrote: > Hi. > > On 10.07.2018 15:03, Will Nordmeyer wrote: >> >> I have an application in Tomcat 7 that connects to an Oracle database. >> Currently we are connecting using the username/password which is >> embedded in the xml files. To harden security, we are looking at x509 >> certificate authentication. >> >> Is there a way to tie a certificate to Tomcat hand have them >> authenticate that way? >> > > As far as I know, when your application connects to a database (like you do > above), it is for that > using a driver specific to that database (such as Oracle in your case), and > that driver code is not a part of Tomcat. > So I believe that your question should be directed at whoever provides (or > supports) the database driver that you are using. Only they would know the > answer to your question. > This is also the sense of the following on-line documentation page : > http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html > (and similar ones for other tomcat versions, e.g. > http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html > ) > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
nginx + Tomcat 9
On 10/07/18 17:59, Giacomo Arru - BETA Technologies wrote: > Hi, > we are using nginx as proxy for our web app deployed in Tomcat 9. > > The app uses websocket. The websocket connection dies after 30/40 seconds and > we can't figure out why. > > Any suggestions? Turn on debug logging for the org.apache.tomcat.websocket package Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: nginx + Tomcat 9
On 10.07.2018 18:59, Giacomo Arru - BETA Technologies wrote: Hi, we are using nginx as proxy for our web app deployed in Tomcat 9. The app uses websocket. The websocket connection dies after 30/40 seconds and we can't figure out why. Any suggestions? - look at the logs ? (of nginx as well as tomcat) - try to define "dies" a bit more precisely ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
