is normal keep value when tomcat restart after JSESSIONID was create?
Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache 2.4.10 with mod-jk 1.2.40 1. Tomcat start 2. Client request - JSESSIONID is null 3. tomcat response - JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 is create 4. refresh page - session attribute(name=count, value=count++) is correct. count is increasing. 5. Tomcat stop - start (restart) context setting is session is not persist 6. Client refresh - client request is send JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 7. session attribute(name=count, value=0) is reset. but keeping JSESSIONID question. why tomcat using JSESSIONID set by client request value? is not regenerate? is this java spec? thanks.
Built-in Tomcat Support for Windows Authentication
Hello, We have spent a long time now, trying to set up Apache Tomcat with Windows Authentication. We followed the instructions as per http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html but we cannot make it work properly, the logon dialog keeps appearing and trying to log on fails. Additional to that we tried suggestions, like adding the registry key AllowTgtSessionKey and setting it to 0x01 Seems like we are close but we are missing something (see tomcat output below) Does anyone have a more complete documentation or have any suggestions on how to make this work. Kind regards, Philippe Wijdh Extra information on the setup: Windows 2008 r2 sp1 Apache Tomcat 7.0.54 jdk1.7.0_60 Tomcat is running as a service using account HTTP/v3tcat4ad.assai.nl:8080 (have created spn with and without the port number, does not make a difference) Test is done with user testu...@assai.nlmailto:testu...@assai.nl in IE11 on different machines, with http://v3tcat4ad.assai.nl explicitly added to the Intranet sites. Tomcat Output: KeyTabInputStream, readName(): ASSAI.NL KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): v3tcat4ad.assai.nl:8080 KeyTab: load() entry length: 72; type: 23 Java config name: C:\MyPrograms\Tomcat7\conf\krb5.conf Loaded from Java config Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. KdcAccessibility: reset Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=152 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=152 KrbKdcReq send: #bytes read=173 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KdcAccessibility: remove v3dom1.assai.nl:88 KDCRep: init() encoding tag is 126 req type is 11 KRBError: sTime is Wed Oct 22 09:53:56 CEST 2014 1413964436000 suSec is 403143 error code is 25 error Message is Additional pre-authentication required realm is ASSAI.NL sname is krbtgt/ASSAI.NL eData provided. msgType is 30 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=235 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=235 KrbKdcReq send: #bytes read=1446 KdcAccessibility: remove v3dom1.assai.nl:88 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Search Subject for SPNEGO ACCEPT cred (DEF, sun.security.jgss.spnego.SpNegoCredElement) Search Subject for Kerberos V5 ACCEPT cred (DEF, sun.security.jgss.krb5.Krb5AcceptCredential) Found KeyTab Found KerberosKey for HTTP/v3tcat4ad.assai.nl:8...@assai.nl Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=152 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=152 KrbKdcReq send:
Re: Help with Apache Tomcat/7.0.53 SSL issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Edward, On 10/7/14 2:35 PM, Brewer, Edward L wrote: Oh... Here is the entry in our server.xml (probably the most important part) Connector port=Omitted address=Omitted protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA keyAlias=omitted keystoreFile=/app001/shibboleth/idp/epass/current/credentials/idp.jks keystorePass=omitted / So you are using JSSE and haven't specified an sslProtocol, so you are getting the default which is TLS (which, for Java, really means SSLv3, TLSv1, TLSv1.1, and TLSv1.2). You are specifying a very small number of cipher suites (only 3) so perhaps that's the problem. Note that all your cipher suites start with SSL_* and none with TLS_*. That's not in itself a problem, but you are restricting your server to using old cipher suites and not allowing new ones. You can find code in the archives to pull the list of supported and enabled-by-default cipher suites for your JVM. What happens if you lift the restriction on the ciphers list so that JSSE will use its default set? Here is the error that I see from curl curl: (52) SSL read: error::lib(0):func(0):reason(0), errno 104 Try using openssl s_client -- it gives much more information about the connection. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUR7P4AAoJEBzwKT+lPKRY1SEP/1A+8i4Td8xD0xOcUe+P8oBK wA6yjoo76MUqj4Nei0ZghXmzsrIUss/RsuazmLTJFTnJcEg3GThmjh1uKlHloUBR 2dFg6FhUDn4v+7P2sQiDuwtEd9oDx6aFA5j/DxSFCclnR7jq66vU0lxTjFdgd3jw /G0dlF+iBnvBVEM2hojZAbv30qoIsxPAHXdsf7T13vcUQ/bVywmbqUPtoSR8hWzh Mg+B+y7MEYJSUzeZf4JOqHuCe3nLHxOV7XNF7Mw5sZZ8DOvoay+tNU8mmeXmnHY0 zJe/4TICGz6BPYKaZNELwv8PiLZZ76mnu+c9I3Bcv3ZBC6D8p+yISA01apYOujgv 0Mfo9ilm/3E9dORHCX4497FyKLq6KjX3dPnlLD2G0YC7qRU6o1iA8pjFkbt38UgU CeE8AMxu4sgQAyQVXkVlfs9T72JJmUdd3y+Jm5/WUreZoiTjS0gCEhwue9rUDOSo B6wf7V971IlKQbbxMhpiqbf/2TsoS15REPviepsqCHXWVHxoOT/5etTN9V8vP2G6 fxeI4GaBIulGld+tNeVnR1Izi8sHz1GPYbGfD2zhwC1Br18MxiBdEtYQQI++LcTh S2JdWtWmJBzgk/uHPB9Lm8oBwYplQYIHUPrF9XO3WJVBuThdeCDf9l5xfefSJktM 7aOx60/EkV878XIK/8Pm =YDwk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: is normal keep value when tomcat restart after JSESSIONID was create?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 이강우, On 10/22/14 4:41 AM, 이강우(KangWoo Lee) wrote: Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache 2.4.10 with mod-jk 1.2.40 1. Tomcat start 2. Client request - JSESSIONID is null 3. tomcat response - JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 is create 4. refresh page - session attribute(name=count, value=count++) is correct. count is increasing. Good so far. 5. Tomcat stop - start (restart) context setting is session is not persist Okay. 6. Client refresh - client request is send JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 7. session attribute(name=count, value=0) is reset. but keeping JSESSIONID question. why tomcat using JSESSIONID set by client request value? is not regenerate? If the client requests a session by id, Tomcat will try to give it to them. If it doesn't exist, it will use that session identifier for the new session. Did the user actually authenticate with Tomcat? Or just get an anonymous session? If the user authenticates with Tomcat, the session identifier should change to prevent session-fixation attacks. is this java spec? I believe the spec says nothing about the generation of session ids. Even the above session-fixation behavior is outside of the spec (but definitely does not violate it). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUR7S/AAoJEBzwKT+lPKRYdT4P/3HHrY/yEJmZUWFuyAlAIgkG J14ix608FsWkGtsIKwh7RxgArSx3eH7niswJ8FxHljZJQThlasInz8SJlFzGYBvA +++56BziHVRAc+vn00/yOjzO+GW73fm+vjcnL/i6tIYLiX3YT2qd+iWV34YYBnVJ X0ZS6Kz2+YmkbzN9ccGp8ZWq51jqZtVsPSzEpKmdp2mf2s48O3cQlCNiw6Q5CVCr a0IU//ciwnkF50l5T2h4oZOV0L0ZraPgbAzf2lNpazNjSnAF3DpG2uVJc9OLIZXy ZBA3SM+MoLiYDbR5Wv02zx1ifDraMMrVSfeYL6zEpz5tIqeJ4wYSf2iyrkzG2fOr lnCdVDh1s2hRuVOsQlh8UkG86NQecc8eK6QCCviT5bSS02KK202+i/Z8uW8h4SVT wMyNv4vsPBgCauM5mugWiTu8T1Ae8fqIznXOImal7sVyQrE20mePkhEo6LqD6NXf loY55Uul/m0x52fL3/Z9czkJaWhOVd6bRdYgZH/g90CvPVzQZhBBwS15FTgjsxMU /IslHCv+u3aOr5HxwW4Rl83ifFM2b0tf/X/VKAqRekgz6OJF1HP4J4HN79ecdC/J +R+J5eo/L5hlbUbbWaH86X7Qm6rG7XoDwkaFA+6AkDfw/2/Whv11a3C8OlLhltKY oqUECCMeOaec6twMZLG4 =3oOa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Excessive threads crashing tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mitchell, On 10/21/14 8:08 PM, Smith, Mitchell wrote: Tomcat7 Java1.7_025 Thanks for adding the version numbers. How are you configuring Tomcat's thread pool? Either through one or more Connectors or with one or more Executors. Can you post the (sanitized) configurations for any of those that are in CATALINA_BASE/conf/server.xml? On 21 October 2014 20:06, Smith, Mitchell mitchell.sm...@cwc.com wrote: Hi I have an issue where my applicaion servers have recently started failing with OOM - cannot create native thread errors. That's the important part: cannot create native thread. So, you haven't run out of memory, you have run out of threads, file descriptors, or stack space. The solution is to either reduce the number of threads in your JVM or to modify your process's limits to allow more resources to be used. The decision of which action to take depends upon your requirements... However the dump files all show he majority of threads (over 90%) like the following: pool-21088-thread-1 - Thread t@36407 java.lang.Thread.State: WAITING at sun.misc.Unsafe.park(Native Method) - parking to wait for 2bc1d4f0 (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject) at java.util.concurrent.locks.LockSupport.park(LockSupport.java:186) at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2043) at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1079) at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:807) at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1068) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:724) Locked ownable synchronizers: - None My first assumption is that these are for a connection pool, however I am seeing close to 1000 (one thousand) and these never appear to timeout, or close. Yes, these are Tomcat's request-processor threads. 1000 seems like a lot. The default is 250 per connector so you must have modified your configuration. They never time-out or close because they are waiting for work to be done (e.g. for more requests to be handled). If you have many many idle worker threads, perhaps you should reduce the size of your thread pool. I could of course increase the number of threads the OS allows, but this of course has memory implications etc and is not really solving the root cause. The real question is whether or not you need all those threads at all. Are you finding that you have peak-load that your server can't handle? If not, try scaling-back the number of threads you actually use. Do you have any instrumentation in production to see how much traffic your server is actually handling? Do you know how many requests/min or req/sec you are handling? How about max concurrent requests during a certain period of time? Can anyone identify what these are? I see some posts online indicating these are the connection pool waiting for new requests. But this doesnt seem to match my configuation for acceptable connections Post your configuration, and we'll take a look. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUR7ZFAAoJEBzwKT+lPKRYDJwP/R1wWgYUf94H3xHkl/F67LNh VQkceESfamZ9ADNo1jr9oSIyKmHfcy1St7ih8+izdfJSX8tDwbzN/QnFBIoTDrDM j8JkODHR0VKRa1Wyt34kPpwThx8ABRLIfh4jA/8+XDKv/57UPcOAGRpc6YzuaXNW h0IS82qoLsgjLrSFzH/cUGToFKVN1H2RhnMrWCRWNkcqosKIGdddf3VwNxE2gW9F D7vGmxfVUMff88y5craIENmrw7v1q8mQxhQCS0qeUFEzgQA8AVHlE54rk5sGbqXB ItKaMlpkQEllaz5h7FGpcSmA5jrHhy1SiC0gOAad21kmqgXOaiJdMtd91mDBqylE zxd5XGeh8TLSCeKFjRFox326TsovkHxtSonneWOTkTIb1qqpFGeFbdNDjpSMNnlC Q3atlo4hkEgh+QxCH+ntuCzG3ziXWyQuWuvqF4VyHxa9oX+8SkWRaOoqmcADyZbm bHSIcUHBpQ5UihK3j2ViChGF+DKvTMbFXUIRKjGbjS7ey6krkRXM9tJKGDlYWMVn JKDcvmE6aSFpXTehxFRAvPmaNNegneimEPM/QECtw1cAYQmqjUWwugHdM2Gb6rzH OZltocdoUYLRFBIIUwV9yVdJXhlmeFl2s/RvM31kr+ujoKA+zC5DqtUv5b08t9kM DAkZI5/Xtdo+fZ7xjFpV =m7XY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Help with Apache Tomcat/7.0.53 SSL issue
-Original Message- From: Brewer, Edward L [mailto:lee.bre...@vanderbilt.edu] Sent: Tuesday, October 07, 2014 1:36 PM To: Tomcat Users List Subject: RE: Help with Apache Tomcat/7.0.53 SSL issue To all, Oh... Here is the entry in our server.xml (probably the most important part) Connector port=Omitted address=Omitted protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_ DHE_RSA_WITH_3DES_EDE_CBC_SHA keyAlias=omitted keystoreFile=/app001/shibboleth/idp/epass/current/credentials/idp.jks keystorePass=omitted / Connector port=omitted address=omitted protocol=org.apache.coyote.http11.Http11Protocol maxthreads=150 scheme=https SSLEnabled=true secure=true clientAuth=want ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_ DHE_RSA_WITH_3DES_EDE_CBC_SHA keyAlias=omitted keystoreFile=/app001/shibboleth/idp/epass/current/credentials/idp.jks keystorePass=omitted / Users connect directly to first listed connection The second SSL port is not currently used. Thanks, Lee From: Brewer, Edward L [mailto:lee.bre...@vanderbilt.edu] Sent: Tuesday, October 07, 2014 1:31 PM To: users@tomcat.apache.org Subject: Help with Apache Tomcat/7.0.53 SSL issue To all, I am using Apache Tomcat 7.0.53 and I am having an intermittent issue with SSL. I am currently running three environments (Dev, UAT, and Prod. Prod comprises 4 VMs (uname states version as 2.6.32-431.11.2.el6.x86_x86_64 GNU/Linux ) with each containing a local version of Java [ Java(TM) SE Runtime Environment (build 1.7.0_55-b13) Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode) ] As well Tomcat and Java are owned by the user running the app. The VMs are load balanced over two pair of LTMs (LTM1 balances node 1 and node 2; LTM2 balances node 3 and node 4). The test environment is scaled down to just one LTM with two nodes and development is just a single VM. Now, when I deployed dev and test I did not have any issues with SSL everything went as planned. When I deployed into production, I started to get complaints about timeouts to the service. After much troubleshooting... we were able to discern, using curl, that in production the LTM was not getting a response back from the application (using TCPDUMP) intermittently. Our LTMs are configured to server as a SSL proxy. On the VM, TCPDUMP shows that traffic is being presented to the socket but there is no response. As far as I can tell the three environments (TOMCAT and JAVA) are the same. I find nothing in the logs from both access and catalina.out. When I restart the servers the problem goes away for about one hour then it comes back rapidly. Using top and sar I do not see any issues with operating system performance. Also, by going done to one node the problem persists. As well here are the options that are in setenv.sh export JAVA_OPTS=$JAVA_OPTS\ -verbosegc\ -Xms256m\ -XX:+DisableExplicitGC\ -Xmx2g Here is the error that I see from curl curl: (52) SSL read: error::lib(0):func(0):reason(0), errno 104 Help, Lee Brewer Lee, you say you checked the access catalina logs, but did you check the stdout stderr logs? Since the problem goes away for about an hour after you restart, could you be having memory issues? Those are usually reported in the stderr log. Is 2g a valid value for -Xmx? I've always specified it in terms of Megs, that is -Xmx2048m. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Help with Apache Tomcat/7.0.53 SSL issue
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: RE: Help with Apache Tomcat/7.0.53 SSL issue Is 2g a valid value for -Xmx? Yes, at least with the Sun/Oracle JVM. However, on 32-bit systems, that large a heap size will usually fail. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Built-in Tomcat Support for Windows Authentication
On 10/22/2014 4:40 AM, Philippe Wijdh wrote: Hello, We have spent a long time now, trying to set up Apache Tomcat with Windows Authentication. We followed the instructions as per http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html but we cannot make it work properly, the logon dialog keeps appearing and trying to log on fails. Additional to that we tried suggestions, like adding the registry key AllowTgtSessionKey and setting it to 0x01 Seems like we are close but we are missing something (see tomcat output below) Does anyone have a more complete documentation or have any suggestions on how to make this work. Kind regards, Philippe Wijdh Extra information on the setup: Windows 2008 r2 sp1 Apache Tomcat 7.0.54 jdk1.7.0_60 Tomcat is running as a service using account HTTP/v3tcat4ad.assai.nl:8080 (have created spn with and without the port number, does not make a difference) Test is done with user testu...@assai.nlmailto:testu...@assai.nl in IE11 on different machines, with http://v3tcat4ad.assai.nl explicitly added to the Intranet sites. Hi, Philippe- I have not used the built-in Tomcat Windows authentication but have had success using Waffle in a similar configuration. You might try that if all else fails. -Terence Bandoian Tomcat Output: KeyTabInputStream, readName(): ASSAI.NL KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): v3tcat4ad.assai.nl:8080 KeyTab: load() entry length: 72; type: 23 Java config name: C:\MyPrograms\Tomcat7\conf\krb5.conf Loaded from Java config Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. KdcAccessibility: reset Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=152 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=152 KrbKdcReq send: #bytes read=173 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KdcAccessibility: remove v3dom1.assai.nl:88 KDCRep: init() encoding tag is 126 req type is 11 KRBError: sTime is Wed Oct 22 09:53:56 CEST 2014 1413964436000 suSec is 403143 error code is 25 error Message is Additional pre-authentication required realm is ASSAI.NL sname is krbtgt/ASSAI.NL eData provided. msgType is 30 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=235 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=235 KrbKdcReq send: #bytes read=1446 KdcAccessibility: remove v3dom1.assai.nl:88 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Search Subject for SPNEGO ACCEPT cred (DEF, sun.security.jgss.spnego.SpNegoCredElement) Search Subject for Kerberos V5 ACCEPT cred (DEF, sun.security.jgss.krb5.Krb5AcceptCredential) Found KeyTab Found KerberosKey for HTTP/v3tcat4ad.assai.nl:8...@assai.nl Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23
Auto-Re: Built-in Tomcat Support for Windows Authentication
ëN8ãx×}ëÝüßøÔ*'µéíO*^µìmþZw!j»
connectionProperties is failing?
Hi, I configured a Resource datasouce inside context.xml but the resulting connection is misconfigured. The failing attribute appears as: connectionProperties=sort=table;sort table=QSYS/QASCII but looking at the connection (while debugging) properties are messed up, instead of the above 2 properties I see only 1: sort=table=QSYS/QASCII It looks like the property sort table, with a blank inside the name, was not correctly parsed. I'm using jtOpen.jar AS400JDBCDriver that supports a lot of such strange property names: http://www-01.ibm.com/support/knowledgecenter/api/content/ssw_ibm_i_61/rzahh/javadoc/com/ibm/as400/access/doc-files/JDBCProperties.html If I try supplying the same properties using the connect(Properties) method, or appending them to the url, all is fine. Is there some special syntax to achieve my goal? Thanks + kind regards. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JDBCStore
Hi, when I deploy a new app version with incompatible serialization version of same classes I get: java.io.InvalidClassException: org.hibernate.collection.internal.AbstractPersistentCollection; local class incompatible: stream classdesc serialVersionUID = -8914173462748164853, local class serialVersionUID = -7238232378593030571,at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:615), at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1620), at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1515), at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1620), at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1515), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1769), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989), at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989), at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989), at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989), at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370), at org.apache.catalina.session.StandardSession.readObject(StandardSession.java: 1595), at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.j ava:1060), at org.apache.catalina.session.JDBCStore.load(JDBCStore.java:657), at org.apache.catalina.session.StoreBase.processExpires(StoreBase.java:159), at Is there something in Tomcat to configure that can solve this problem? If not, how to handle such a problem? Especially in clusters where servers get updated one by one and not all at once. Thank you - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBCStore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 10/22/14 3:20 PM, spr...@gmx.eu wrote: when I deploy a new app version with incompatible serialization version of same classes I get: java.io.InvalidClassException: org.hibernate.collection.internal.AbstractPersistentCollection; local class incompatible: stream classdesc serialVersionUID = -8914173462748164853, local class serialVersionUID = -7238232378593030571, at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:615), at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1620), at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1515), at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1620), at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1515), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1769), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989), at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989), at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989), at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989), at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913), at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796), at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348), at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370), at org.apache.catalina.session.StandardSession.readObject(StandardSession.java: 1595), at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.j ava:1060), at org.apache.catalina.session.JDBCStore.load(JDBCStore.java:657), at org.apache.catalina.session.StoreBase.processExpires(StoreBase.java:159), at Is there something in Tomcat to configure that can solve this problem? No. You will have to change your code to make it serialization-compatible with the old code if you don't want to have this problem. You can configure Tomcat not to serialize sessions, but then you obviously don't get the benefit of persisting sessions across a restart. If not, how to handle such a problem? Especially in clusters where servers get updated one by one and not all at once. Are you using distributed sessions? If so, you'll have to override the internal serialization mechanism and do it all manually in a way that is going to be cross-version-compatible. It's not impossible, but it does take some planning and forethought. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUSDKhAAoJEBzwKT+lPKRYiSsP/3SBlNzlA86+FU4c6KqsDhcv 5FdM/pkaKd2gQPf+m2PQMDG/LhOzfJUW8S65xTlg2YfTRFx7XBB4O0xHm7SZBH0B /Z0jSsbFHruZDesvdE+NM/5C4c2DjiC90ndk6YK3kHy1CCZQsDWuSGfoXe50IR6u MrCV842trrs0PpBngjbFh4Ha0UDuk8ZpRmw0dJ4V4a3Cta7jNZO3cQY0/vPqhNs+ hJ8GcEYpnqnltSrlwI3Eht5ckuZenarLiHl2o16sV2XL/VLoDwWN2+bajXkT6bb2 DOqMBys3fWUnu5icnCccbtT36GjSPsMqpwPfEStxb5arJzNYi1rz+B3OX8RTAFrX 01QOqz8zMo0tYS6UkCyVFIQ5mSTQjH0ewgnaOyQjfvakvSkbfjF9XFb8p1PH4LXN bmO2K4VaOBCu2FQtwsVe+8l9tjvMLTqHniBlm9U7f9ows/JoZqrt1riXtVuXXgOI QC9gZK4/Xsp9sVpbplc+FLTbsllCUxe/lIsGYV6xEeKHvZroO58cEN3swebYsosm ro4k9mXK1NwaG8l6byd1R2PzBg/0o49+NpLegCnEX7mf634ZuVFiMApmSZxbW6jE G+EJmFaGiTTziOqqaTCT40ZfyttbCSE2Oox0mkUOUVPtzUUkL1B72UXeq9X4Bc9i vuIMhP0bVHwMtPkiCMMh =XjD+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: connectionProperties is failing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alessandro, On 10/22/14 1:04 PM, Alessandro Manzoni wrote: I configured a Resource datasouce inside context.xml but the resulting connection is misconfigured. The failing attribute appears as: connectionProperties=sort=table;sort table=QSYS/QASCII but looking at the connection (while debugging) properties are messed up, instead of the above 2 properties I see only 1: sort=table=QSYS/QASCII It looks like the property sort table, with a blank inside the name, was not correctly parsed. It sure does. I'm using jtOpen.jar AS400JDBCDriver that supports a lot of such strange property names: http://www-01.ibm.com/support/knowledgecenter/api/content/ssw_ibm_i_61/rzahh/javadoc/com/ibm/as400/access/doc-files/JDBCProperties.html Aah, AS/400. You are a barrel of laughs. If I try supplying the same properties using the connect(Properties) method, or appending them to the url, all is fine. Is there some special syntax to achieve my goal? I think this is likely a bug. Whose bug it is depends upon which connection pool you are using. Are you using Tomcat's default pool (based upon commons-dbcp) or tomcat-pool. If you don't know, it's probably the former. If the bug belongs to commons-dbcp, you should report it over there and when it gets fixed, we'll consume the changes and then Tomcat should work properly. What version of Tomcat are you using? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUSEJ4AAoJEBzwKT+lPKRYdkgQALYbanCsf4ItTzg7iLfoqeFd 4/vH/n/l5JuIKf/ImsD6hFxR3WKBXLjwVvFymW7p70AqtAltZav76TwI7E6Mm3yG O+i7NwVdjloi+/W93khHuLoKI6iQQy1TdnN6IaAT5qTabAjeTP8G1h5H7rDuRTsQ O3dcU3Wbmmpqikg9Lo5qToycl4qkTfp8+hnw/oh8E6fokDb6hTbXy5/nq4iTuRs8 YnnDSFm+LTmFZgeWoTuyCJSq8AHOc+y0r/HsUqGHiQbGBPRglBhG+6rq9WXV5DVc pPmdpJS7JzYFpOym5Wlv8mQlYfcHzDjZmJ/6FOuuIE5Iq7KOZBeE9QGooR/85d5b 2Gl5hSBHhzEDBJXhaWFXUM/L/85wqYCaymjDsEOUkzgFjeCjsPKY4vEfu9oM7qdF xE5NuonpItK8sKfY/aOtfMiP8MRb9Yw7eHJQ3wgyR1OFxHiMTXSvZT39sEfZu0Qv Jw80ucHhvoJf3VJ526CHl59yv7zxI8i3x+V+5VVP7Y5wqlYxjITDuZlDGJqkIcEI vlDJ2gNzkg6hKZ13tbhPFsNRp67FDr0ehE9LzeEMHrFyLS8qUi4m7YXmvtm9gS1J aOJo6gei0xYe4dwaUOSiMIQEzLJDe1yrnl5gvev9hCDWsiv5Eidlr8EAP89O8LLL qT3YqSnrvZvpbr7REkws =NYS1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBCStore
Am 22. Oktober 2014 21:20:12 MESZ, schrieb spr...@gmx.eu: Hi, when I deploy a new app version with incompatible serialization version of same classes I get: java.io.InvalidClassException: org.hibernate.collection.internal.AbstractPersistentCollection; local ... Is there something in Tomcat to configure that can solve this problem? You may want to have a look at parallel deployment ( http://tomcat.apache.org/tomcat-7.0-doc/config/context.html). Regards Felix If not, how to handle such a problem? Especially in clusters where servers get updated one by one and not all at once. Thank you - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Built-in Tomcat Support for Windows Authentication
Am 22. Oktober 2014 11:40:56 MESZ, schrieb Philippe Wijdh p.wi...@assai.nl: Hello, We have spent a long time now, trying to set up Apache Tomcat with Windows Authentication. We followed the instructions as per http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html but we cannot make it work properly, the logon dialog keeps appearing and trying to log on fails. Additional to that we tried suggestions, like adding the registry key AllowTgtSessionKey and setting it to 0x01 Haven't seen that recommendation in the tomcat documentation. Seems like we are close but we are missing something (see tomcat output below) Does anyone have a more complete documentation or have any suggestions on how to make this work. Kind regards, Philippe Wijdh Extra information on the setup: Windows 2008 r2 sp1 Apache Tomcat 7.0.54 jdk1.7.0_60 Tomcat is running as a service using account HTTP/v3tcat4ad.assai.nl:8080 (have created spn with and without the port number, does not make a difference) You will have to use the spn without the port. Test is done with user testu...@assai.nlmailto:testu...@assai.nl in IE11 on different machines, with http://v3tcat4ad.assai.nl explicitly added to the Intranet sites. Tomcat Output: KeyTabInputStream, readName(): ASSAI.NL KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): v3tcat4ad.assai.nl:8080 What is inside your keytab? KeyTab: load() entry length: 72; type: 23 Java config name: C:\MyPrograms\Tomcat7\conf\krb5.conf Loaded from Java config Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. KdcAccessibility: reset Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=152 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=152 KrbKdcReq send: #bytes read=173 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KdcAccessibility: remove v3dom1.assai.nl:88 KDCRep: init() encoding tag is 126 req type is 11 KRBError: sTime is Wed Oct 22 09:53:56 CEST 2014 1413964436000 suSec is 403143 error code is 25 error Message is Additional pre-authentication required realm is ASSAI.NL sname is krbtgt/ASSAI.NL eData provided. msgType is 30 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=235 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=235 KrbKdcReq send: #bytes read=1446 KdcAccessibility: remove v3dom1.assai.nl:88 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 This is the wrong spn. The port number should not be there. Regards Felix Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Search Subject for SPNEGO ACCEPT cred (DEF, sun.security.jgss.spnego.SpNegoCredElement) Search Subject for Kerberos V5 ACCEPT cred (DEF, sun.security.jgss.krb5.Krb5AcceptCredential) Found KeyTab Found KerberosKey for HTTP/v3tcat4ad.assai.nl:8...@assai.nl Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18
Re: is normal keep value when tomcat restart after JSESSIONID was create?
ok I undertand. - the session identifier should change to prevent session-fixation attacks. but how I can set tomcat to regenerate id value? I was search document, but can't find it 2014-10-22 22:44 GMT+09:00 Christopher Schultz ch...@christopherschultz.net : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 이강우, On 10/22/14 4:41 AM, 이강우(KangWoo Lee) wrote: Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache 2.4.10 with mod-jk 1.2.40 1. Tomcat start 2. Client request - JSESSIONID is null 3. tomcat response - JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 is create 4. refresh page - session attribute(name=count, value=count++) is correct. count is increasing. Good so far. 5. Tomcat stop - start (restart) context setting is session is not persist Okay. 6. Client refresh - client request is send JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 7. session attribute(name=count, value=0) is reset. but keeping JSESSIONID question. why tomcat using JSESSIONID set by client request value? is not regenerate? If the client requests a session by id, Tomcat will try to give it to them. If it doesn't exist, it will use that session identifier for the new session. Did the user actually authenticate with Tomcat? Or just get an anonymous session? If the user authenticates with Tomcat, the session identifier should change to prevent session-fixation attacks. is this java spec? I believe the spec says nothing about the generation of session ids. Even the above session-fixation behavior is outside of the spec (but definitely does not violate it). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUR7S/AAoJEBzwKT+lPKRYdT4P/3HHrY/yEJmZUWFuyAlAIgkG J14ix608FsWkGtsIKwh7RxgArSx3eH7niswJ8FxHljZJQThlasInz8SJlFzGYBvA +++56BziHVRAc+vn00/yOjzO+GW73fm+vjcnL/i6tIYLiX3YT2qd+iWV34YYBnVJ X0ZS6Kz2+YmkbzN9ccGp8ZWq51jqZtVsPSzEpKmdp2mf2s48O3cQlCNiw6Q5CVCr a0IU//ciwnkF50l5T2h4oZOV0L0ZraPgbAzf2lNpazNjSnAF3DpG2uVJc9OLIZXy ZBA3SM+MoLiYDbR5Wv02zx1ifDraMMrVSfeYL6zEpz5tIqeJ4wYSf2iyrkzG2fOr lnCdVDh1s2hRuVOsQlh8UkG86NQecc8eK6QCCviT5bSS02KK202+i/Z8uW8h4SVT wMyNv4vsPBgCauM5mugWiTu8T1Ae8fqIznXOImal7sVyQrE20mePkhEo6LqD6NXf loY55Uul/m0x52fL3/Z9czkJaWhOVd6bRdYgZH/g90CvPVzQZhBBwS15FTgjsxMU /IslHCv+u3aOr5HxwW4Rl83ifFM2b0tf/X/VKAqRekgz6OJF1HP4J4HN79ecdC/J +R+J5eo/L5hlbUbbWaH86X7Qm6rG7XoDwkaFA+6AkDfw/2/Whv11a3C8OlLhltKY oqUECCMeOaec6twMZLG4 =3oOa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org