Certificate based database authentication

2018-07-10 Thread Will Nordmeyer
I have an application in Tomcat 7 that connects to an Oracle database.
Currently we are connecting using the username/password which is
embedded in the xml files.  To harden security, we are looking at x509
certificate authentication.

Is there a way to tie a certificate to Tomcat hand have them
authenticate that way?

Will

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Protocol handler initialization failed, Address already in use

2018-07-10 Thread Jäkel , Guido
Dear Sergey,

does this actually happen on a restart situation (with less than about 5min 
pausing time)? Then maybe you have a dangling connection (close/time waiting) 
on the TCP stack from the shutdown  of a client connection (or the reverse 
proxy). Please check if any is still open after closing down Tomcat ...

... or after stopping the Container. If it is bridged, did it use a veth 
device? This also don't closed down before the last connection have closed and 
may prevent to creade a new on (with the same name or the same IP).

Greetings

Guido

>-Original Message-
>From: Sergey Esin [mailto:sergey.e...@jetbrains.com]
>Sent: Monday, July 09, 2018 5:12 PM
>To: users@tomcat.apache.org
>Subject: Protocol handler initialization failed, Address already in use
>
>Hi,
>
>I  have not-100% reproducable issue with the latest Tomcat 8.5.32 (Java
>8u172). It happens only time to time.
>
>It's running in docker container under AWS ECS on a separate machine in ECS
>cluster.
>Brigde networking - so the Tomcat container gets it's own IP address.
>
>I have a number of Nio HTTP/1.1 connectors configured in Tomcat and upon
>container startup I can get such issue for _any_ of configured ports:
>
>09 Jul 2018 16:46:03,570 INFO  [Http11NioProtocol ]
>Initializing ProtocolHandler ["http-nio-8080"]
>09 Jul 2018 16:46:03,598 INFO  [NioSelectorPool   ] Using a
>shared selector for servlet write/read
>09 Jul 2018 16:46:03,609 INFO  [Http11NioProtocol ]
>Initializing ProtocolHandler ["http-nio-49080"]
>09 Jul 2018 16:46:03,610 INFO  [NioSelectorPool   ] Using a
>shared selector for servlet write/read
>09 Jul 2018 16:46:03,611 INFO  [Http11NioProtocol ]
>Initializing ProtocolHandler ["http-nio-50080"]
>09 Jul 2018 16:46:03,612 ERROR [StandardService   ] Failed to
>initialize connector [Connector[HTTP/1.1-50080]]
>org.apache.catalina.LifecycleException: Failed to initialize component
>[Connector[HTTP/1.1-50080]]
>at
>org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>~[catalina.jar:8.5.32]
>at
>org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
>[catalina.jar:8.5.32]
>at
>org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
>[catalina.jar:8.5.32]
>at
>org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
>[catalina.jar:8.5.32]
>at
>org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
>[catalina.jar:8.5.32]
>at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
>[catalina.jar:8.5.32]
>at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
>[catalina.jar:8.5.32]
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>~[?:1.8.0_172]
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>~[?:1.8.0_172]
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>~[?:1.8.0_172]
>at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_172]
>at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
>[bootstrap.jar:8.5.32]
>at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
>[bootstrap.jar:8.5.32]
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>~[?:1.8.0_172]
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>~[?:1.8.0_172]
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>~[?:1.8.0_172]
>at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_172]
>at
>org.tanukisoftware.wrapper.WrapperStartStopApp.run(WrapperStartStopApp.java:400)
>[wrapper.jar:3.5.32]
>at java.lang.Thread.run(Thread.java:748) [?:1.8.0_172]
>Caused by: org.apache.catalina.LifecycleException: Protocol handler
>initialization failed
>at
>org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
>~[catalina.jar:8.5.32]
>at
>org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
>~[catalina.jar:8.5.32]
>... 18 more
>Caused by: java.net.BindException: Address already in use
>at sun.nio.ch.Net.bind0(Native Method) ~[?:1.8.0_172]
>at sun.nio.ch.Net.bind(Net.java:433) ~[?:1.8.0_172]
>at sun.nio.ch.Net.bind(Net.java:425) ~[?:1.8.0_172]
>at
>sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
>~[?:1.8.0_172]
>at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
>~[?:1.8.0_172]
>at
>org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:210)
>~[tomcat-coyote.jar:8.5.32]
>at
>org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086)
>~[tomcat-coyote.jar:8.5.32]
>at
>org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)

Re: Certificate based database authentication

2018-07-10 Thread tomcat

Hi.

On 10.07.2018 15:03, Will Nordmeyer wrote:

I have an application in Tomcat 7 that connects to an Oracle database.
Currently we are connecting using the username/password which is
embedded in the xml files.  To harden security, we are looking at x509
certificate authentication.

Is there a way to tie a certificate to Tomcat hand have them
authenticate that way?



As far as I know, when your application connects to a database (like you do above), it is 
for that
using a driver specific to that database (such as Oracle in your case), and that driver 
code is not a part of Tomcat.
So I believe that your question should be directed at whoever provides (or supports) the 
database driver that you are using. Only they would know the answer to your question.

This is also the sense of the following on-line documentation page :
http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html
(and similar ones for other tomcat versions, e.g.
http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html
)



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



nginx + Tomcat 9

2018-07-10 Thread Giacomo Arru - BETA Technologies
Hi, 
we are using nginx as proxy for our web app deployed in Tomcat 9. 

The app uses websocket. The websocket connection dies after 30/40 seconds and 
we can't figure out why. 

Any suggestions? 



Giacomo 







Non multa, sed multum 
Giacomo Arru 
Direttore commerciale - BETA Technologies 













[ https://betatechnologies.com/?giacomo-arru ] 


BETA Technologies Srl 
Cagliari - Loc. Scala Sa Perda 
ex SS. 131 km 10,8 09028 Sestu 



Re: Certificate based database authentication

2018-07-10 Thread Will Nordmeyer
Thanks Andre - I agree it is an oracle driver based question, but
sometimes here is faster for answers based on people's own life
experience.

On Tue, Jul 10, 2018 at 11:26 AM, André Warnier (tomcat)  
wrote:
> Hi.
>
> On 10.07.2018 15:03, Will Nordmeyer wrote:
>>
>> I have an application in Tomcat 7 that connects to an Oracle database.
>> Currently we are connecting using the username/password which is
>> embedded in the xml files.  To harden security, we are looking at x509
>> certificate authentication.
>>
>> Is there a way to tie a certificate to Tomcat hand have them
>> authenticate that way?
>>
>
> As far as I know, when your application connects to a database (like you do
> above), it is for that
> using a driver specific to that database (such as Oracle in your case), and
> that driver code is not a part of Tomcat.
> So I believe that your question should be directed at whoever provides (or
> supports) the database driver that you are using. Only they would know the
> answer to your question.
> This is also the sense of the following on-line documentation page :
> http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html
> (and similar ones for other tomcat versions, e.g.
> http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html
> )
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



nginx + Tomcat 9

2018-07-10 Thread Mark Thomas
On 10/07/18 17:59, Giacomo Arru - BETA Technologies wrote:
> Hi, 
> we are using nginx as proxy for our web app deployed in Tomcat 9. 
> 
> The app uses websocket. The websocket connection dies after 30/40 seconds and 
> we can't figure out why. 
> 
> Any suggestions?

Turn on debug logging for the org.apache.tomcat.websocket package
Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: nginx + Tomcat 9

2018-07-10 Thread tomcat

On 10.07.2018 18:59, Giacomo Arru - BETA Technologies wrote:

Hi,
we are using nginx as proxy for our web app deployed in Tomcat 9.

The app uses websocket. The websocket connection dies after 30/40 seconds and 
we can't figure out why.

Any suggestions?



- look at the logs ? (of nginx as well as tomcat)
- try to define "dies" a bit more precisely ?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org