Re: connectionProperties is failing?
Il 23.10.2014 01.49, Christopher Schultz ha scritto: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alessandro, On 10/22/14 1:04 PM, Alessandro Manzoni wrote: I configured a Resource datasouce inside context.xml but the resulting connection is misconfigured. The failing attribute appears as: connectionProperties=sort=table;sort table=QSYS/QASCII but looking at the connection (while debugging) properties are messed up, instead of the above 2 properties I see only 1: sort=table=QSYS/QASCII It looks like the property sort table, with a blank inside the name, was not correctly parsed. It sure does. I'm using jtOpen.jar AS400JDBCDriver that supports a lot of such strange property names: http://www-01.ibm.com/support/knowledgecenter/api/content/ssw_ibm_i_61/rzahh/javadoc/com/ibm/as400/access/doc-files/JDBCProperties.html Aah, AS/400. You are a barrel of laughs. If I try supplying the same properties using the connect(Properties) method, or appending them to the url, all is fine. Is there some special syntax to achieve my goal? I think this is likely a bug. Whose bug it is depends upon which connection pool you are using. Are you using Tomcat's default pool (based upon commons-dbcp) or tomcat-pool. If you don't know, it's probably the former. If the bug belongs to commons-dbcp, you should report it over there and when it gets fixed, we'll consume the changes and then Tomcat should work properly. What version of Tomcat are you using? I did nothing but inserting a Resource element into context.xml with no factory declared, so I think it's Tomcat's default pool fault: Resource name=jdbc/OmniaWebDB2400Pool auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=30 maxWait=1 username=USER password=PASS driverClassName=com.ibm.as400.access.AS400JDBCDriver connectionProperties=sort=table;sort table=QSYS/QASCII; url=jdbc:as400://dbserver/SCHEMA / I tried both 6.037 and 7.056 versions with the same result. Itried 8.014 too, but the prgram stops, just while getting the connection from the datasource, datasource.getConnection() method, with this stack trace: java.lang.AbstractMethodError: com.ibm.as400.access.AS400JDBCConnection.isValid(I)Z org.apache.tomcat.dbcp.dbcp2.DelegatingConnection.isValid(DelegatingConnection.java:913) org.apache.tomcat.dbcp.dbcp2.PoolableConnection.validate(PoolableConnection.java:226) org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory.validateConnection(PoolableConnectionFactory.java:302) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.validateConnectionFactory(BasicDataSource.java:2165) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:2148) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:1902) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.getConnection(BasicDataSource.java:1412) even if I didn't declare any validate query in datasource definition. Basing upon AS400JDBCConnection docs, it's implementing java.sql.Connection interface from JDK 1.4.2, where there was no isValid() method. Maybe this is possibly a bug too, in the sense that org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory could take in account the driver version before validating it, or cathing AbstractMethodError, that's telling that the method is not there. By the way I cannot test tomcat 8.014 at all. Thanks + best regards. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: connectionProperties is failing?
2014-10-23 10:44 GMT+04:00 Alessandro Manzoni manzoni.alessand...@gmail.com: Il 23.10.2014 01.49, Christopher Schultz ha scritto: On 10/22/14 1:04 PM, Alessandro Manzoni wrote: I configured a Resource datasouce inside context.xml but the resulting connection is misconfigured. The failing attribute appears as: connectionProperties=sort=table;sort table=QSYS/QASCII but looking at the connection (while debugging) properties are messed up, instead of the above 2 properties I see only 1: sort=table=QSYS/QASCII It looks like the property sort table, with a blank inside the name, was not correctly parsed. It sure does. I'm using jtOpen.jar AS400JDBCDriver that supports a lot of such strange property names: http://www-01.ibm.com/support/knowledgecenter/api/content/ssw_ibm_i_61/rzahh/javadoc/com/ibm/as400/access/doc-files/JDBCProperties.html Aah, AS/400. You are a barrel of laughs. If I try supplying the same properties using the connect(Properties) method, or appending them to the url, all is fine. Is there some special syntax to achieve my goal? I think this is likely a bug. Whose bug it is depends upon which connection pool you are using. Are you using Tomcat's default pool (based upon commons-dbcp) or tomcat-pool. If you don't know, it's probably the former. If the bug belongs to commons-dbcp, you should report it over there and when it gets fixed, we'll consume the changes and then Tomcat should work properly. What version of Tomcat are you using? I did nothing but inserting a Resource element into context.xml with no factory declared, so I think it's Tomcat's default pool fault: Resource name=jdbc/OmniaWebDB2400Pool auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=30 maxWait=1 username=USER password=PASS driverClassName=com.ibm.as400.access.AS400JDBCDriver connectionProperties=sort=table;sort table=QSYS/QASCII; url=jdbc:as400://dbserver/SCHEMA / I tried both 6.037 and 7.056 versions with the same result. Itried 8.014 too, but the prgram stops, just while getting the connection from the datasource, datasource.getConnection() method, with this stack trace: java.lang.AbstractMethodError: com.ibm.as400.access.AS400JDBCConnection.isValid(I)Z org.apache.tomcat.dbcp.dbcp2.DelegatingConnection.isValid(DelegatingConnection.java:913) org.apache.tomcat.dbcp.dbcp2.PoolableConnection.validate(PoolableConnection.java:226) org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory.validateConnection(PoolableConnectionFactory.java:302) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.validateConnectionFactory(BasicDataSource.java:2165) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:2148) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:1902) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.getConnection(BasicDataSource.java:1412) even if I didn't declare any validate query in datasource definition. Default connection pool = Apache Commons DBCP. Searching Apache Commons DBCP source code for connectionProperties, there a 2 places where that property is parsed: A) BasicDataSource.setConnectionProperties(String) It does String[] entries = connectionProperties.split(;); followed by int index = entry.indexOf('='); It is OK. B) BasicDataSourceFactory.getProperties(String) This is an awful undocumented implementation with a bunch of side effects. /** * pParse properties from the string. Format of the string must be [propertyName=property;]*p * @param propText * @return Properties * @throws Exception */ private static Properties getProperties(String propText) throws Exception { Properties p = new Properties(); if (propText != null) { p.load(new ByteArrayInputStream( propText.replace(';', '\n').getBytes(StandardCharsets.ISO_8859_1))); } return p; } It replaces ';' with '\n' and feeds the string as ISO-8859-1 into Properties.load(). The same implementation of that method is present both in current DBCP2 and in previous DBCP 1.4 used by Tomcat 7. If this implementation is of any use, it must be properly documented. As of now, it does not match its own javadoc which only says that format is [propertyName=property;]*. Neither it is documented at [2]. The format of a properties file [1] is that The key contains all of the characters in the line starting with the first non-white space character and up to, but not including, the first unescaped '=', ':', or white space character other than a line terminator. The workaround for you is to escape the whitespace character in key name with '\'. [1] http://docs.oracle.com/javase/7/docs/api/java/util/Properties.html#load%28java.io.Reader%29 [2] http://commons.apache.org/proper/commons-dbcp/configuration.html Best regards, Konstantin Kolinko
Re: Built-in Tomcat Support for Windows Authentication
On 22/10/2014 10:40, Philippe Wijdh wrote: Hello, We have spent a long time now, trying to set up Apache Tomcat with Windows Authentication. We followed the instructions as per http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html but we cannot make it work properly, the logon dialog keeps appearing and trying to log on fails. Additional to that we tried suggestions, like adding the registry key AllowTgtSessionKey and setting it to 0x01 Seems like we are close but we are missing something (see tomcat output below) Does anyone have a more complete documentation or have any suggestions on how to make this work. The documentation is complete. If you follow the steps in that document then you will end up with a working system. Either you aren't following the documentation or something in your environment differs from that described in the document. Kind regards, Philippe Wijdh Extra information on the setup: Windows 2008 r2 sp1 Apache Tomcat 7.0.54 jdk1.7.0_60 Tomcat is running as a service using account HTTP/v3tcat4ad.assai.nl:8080 (have created spn with and without the port number, does not make a difference) Test is done with user testu...@assai.nlmailto:testu...@assai.nl in IE11 on different machines, with http://v3tcat4ad.assai.nl explicitly added to the Intranet sites. You haven't provided any information on the Realm configuration or how you have secured the page you are trying to test with. You might have hit https://issues.apache.org/bugzilla/show_bug.cgi?id=57022 There are lots of configuration steps listed in the docs you haven't mentioned. Mark Tomcat Output: KeyTabInputStream, readName(): ASSAI.NL KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): v3tcat4ad.assai.nl:8080 KeyTab: load() entry length: 72; type: 23 Java config name: C:\MyPrograms\Tomcat7\conf\krb5.conf Loaded from Java config Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. KdcAccessibility: reset Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=152 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=152 KrbKdcReq send: #bytes read=173 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KdcAccessibility: remove v3dom1.assai.nl:88 KDCRep: init() encoding tag is 126 req type is 11 KRBError: sTime is Wed Oct 22 09:53:56 CEST 2014 1413964436000 suSec is 403143 error code is 25 error Message is Additional pre-authentication required realm is ASSAI.NL sname is krbtgt/ASSAI.NL eData provided. msgType is 30 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=235 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #bytes=235 KrbKdcReq send: #bytes read=1446 KdcAccessibility: remove v3dom1.assai.nl:88 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Search Subject for SPNEGO ACCEPT cred (DEF,
RE: Built-in Tomcat Support for Windows Authentication
Hi, Thank you for the response. The initial setup of the spn and the keytab was without the port-number, the registry key was a suggestion found on internet but this setting does not change the outcome. The command kinit on the Tomcat server returns the following C:\MyPrograms\Tomcat7\confset KRB5_CONFIG=C:\MyPrograms\Tomcat7\conf\krb5.conf C:\MyPrograms\Tomcat7\confc:\MyPrograms\Java\jdk1.7.0_60\bin\kinit -J-Djava.sec urity.krb5.conf=C:\MyPrograms\Tomcat7\conf\krb5.conf -J-Djava.security.auth.logi n.config=C:\MyPrograms\Tomcat7\conf\jaas.conf -J-Dsun.security.krb5.debug=true - k -t C:\MyPrograms\Tomcat7\conf\tomcat8080.keytab HTTP/v3tcat4ad.assai.nl:8080@A SSAI.NL KinitOptions cache name is C:\Users\TestUser\krb5cc_testuser Principal is HTTP/v3tcat4ad.assai.nl:8...@assai.nl Kinit using keytab Kinit keytab file name: C:\MyPrograms\Tomcat7\conf\tomcat8080.keytab Java config name: C:\MyPrograms\Tomcat7\conf\krb5.conf Loaded from Java config Kinit realm name is ASSAI.NL Creating KrbAsReq KrbKdcReq local addresses for V3TCAT4AD are: V3TCAT4AD/10.1.0.67 IPv4 address V3TCAT4AD/fe80:0:0:0:d815:81c0:97e7:11d2%11 IPv6 address KdcAccessibility: reset KeyTabInputStream, readName(): ASSAI.NL KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): v3tcat4ad.assai.nl:8080 KeyTab: load() entry length: 72; type: 23 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=198 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #byt es=198 KrbKdcReq send: #bytes read=173 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KdcAccessibility: remove v3dom1.assai.nl:88 KDCRep: init() encoding tag is 126 req type is 11 KRBError: sTime is Thu Oct 23 10:21:31 CEST 2014 1414052491000 suSec is 776700 error code is 25 error Message is Additional pre-authentication required realm is ASSAI.NL sname is krbtgt/ASSAI.NL eData provided. msgType is 30 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=283 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #byt es=283 KrbKdcReq send: #bytes read=88 KrbKdcReq send: kdc=v3dom1.assai.nl TCP:88, timeout=3, number of retries =3, #bytes=283 KDCCommunication: kdc=v3dom1.assai.nl TCP:88, timeout=3,Attempt =1, #byt es=283 DEBUG: TCPClient reading 1496 bytes KrbKdcReq send: #bytes read=1496 KdcAccessibility: remove v3dom1.assai.nl:88 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 New ticket is stored in cache file C:\Users\TestUser\krb5cc_testuser C:\MyPrograms\Tomcat7\confklist Current LogonId is 0:0x13380b5c Cached Tickets: (0) Kind regards, Philippe Wijdh Senior Programmer Assai software services BV, Parallelweg Oost 13a, 4103 NC, Culemborg, The Netherlands P: +31 (0)345 516 663, E: p.wi...@assai.nl, W: www.assai-software.com -Original Message- From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] Sent: donderdag 23 oktober 2014 7:53 To: Tomcat Users List Subject: Re: Built-in Tomcat Support for Windows Authentication Am 22. Oktober 2014 11:40:56 MESZ, schrieb Philippe Wijdh p.wi...@assai.nl: Hello, We have spent a long time now, trying to set up Apache Tomcat with Windows Authentication. We followed the instructions as per
RE: JDBCStore
You may want to have a look at parallel deployment ( http://tomcat.apache.org/tomcat-7.0-doc/config/context.html). At the moment /Catalina/localhost/ is used as value in column app. It is the root app. Would a war ROOT##2.war use another value? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JDBCStore
Are you using distributed sessions? If so, you'll have to override the internal serialization mechanism and do it all manually in a way that is going to be cross-version-compatible. It's not impossible, but it does take some planning and forethought. OK; thought so. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JDBCStore
Am 23. Oktober 2014 13:34:22 MESZ, schrieb spr...@gmx.eu: You may want to have a look at parallel deployment ( http://tomcat.apache.org/tomcat-7.0-doc/config/context.html). At the moment /Catalina/localhost/ is used as value in column app. It is the root app. Would a war ROOT##2.war use another value? No. Felix - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: connectionProperties is failing?
Il 23.10.2014 10.11, Konstantin Kolinko ha scritto: 2014-10-23 10:44 GMT+04:00 Alessandro Manzoni manzoni.alessand...@gmail.com: Il 23.10.2014 01.49, Christopher Schultz ha scritto: On 10/22/14 1:04 PM, Alessandro Manzoni wrote: I configured a Resource datasouce inside context.xml but the resulting connection is misconfigured. The failing attribute appears as: connectionProperties=sort=table;sort table=QSYS/QASCII but looking at the connection (while debugging) properties are messed up, instead of the above 2 properties I see only 1: sort=table=QSYS/QASCII It looks like the property sort table, with a blank inside the name, was not correctly parsed. It sure does. I'm using jtOpen.jar AS400JDBCDriver that supports a lot of such strange property names: http://www-01.ibm.com/support/knowledgecenter/api/content/ssw_ibm_i_61/rzahh/javadoc/com/ibm/as400/access/doc-files/JDBCProperties.html Aah, AS/400. You are a barrel of laughs. If I try supplying the same properties using the connect(Properties) method, or appending them to the url, all is fine. Is there some special syntax to achieve my goal? I think this is likely a bug. Whose bug it is depends upon which connection pool you are using. Are you using Tomcat's default pool (based upon commons-dbcp) or tomcat-pool. If you don't know, it's probably the former. If the bug belongs to commons-dbcp, you should report it over there and when it gets fixed, we'll consume the changes and then Tomcat should work properly. What version of Tomcat are you using? I did nothing but inserting a Resource element into context.xml with no factory declared, so I think it's Tomcat's default pool fault: Resource name=jdbc/OmniaWebDB2400Pool auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=30 maxWait=1 username=USER password=PASS driverClassName=com.ibm.as400.access.AS400JDBCDriver connectionProperties=sort=table;sort table=QSYS/QASCII; url=jdbc:as400://dbserver/SCHEMA / I tried both 6.037 and 7.056 versions with the same result. Itried 8.014 too, but the prgram stops, just while getting the connection from the datasource, datasource.getConnection() method, with this stack trace: java.lang.AbstractMethodError: com.ibm.as400.access.AS400JDBCConnection.isValid(I)Z org.apache.tomcat.dbcp.dbcp2.DelegatingConnection.isValid(DelegatingConnection.java:913) org.apache.tomcat.dbcp.dbcp2.PoolableConnection.validate(PoolableConnection.java:226) org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory.validateConnection(PoolableConnectionFactory.java:302) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.validateConnectionFactory(BasicDataSource.java:2165) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:2148) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:1902) org.apache.tomcat.dbcp.dbcp2.BasicDataSource.getConnection(BasicDataSource.java:1412) even if I didn't declare any validate query in datasource definition. Default connection pool = Apache Commons DBCP. Searching Apache Commons DBCP source code for connectionProperties, there a 2 places where that property is parsed: A) BasicDataSource.setConnectionProperties(String) It does String[] entries = connectionProperties.split(;); followed by int index = entry.indexOf('='); It is OK. B) BasicDataSourceFactory.getProperties(String) This is an awful undocumented implementation with a bunch of side effects. /** * pParse properties from the string. Format of the string must be [propertyName=property;]*p * @param propText * @return Properties * @throws Exception */ private static Properties getProperties(String propText) throws Exception { Properties p = new Properties(); if (propText != null) { p.load(new ByteArrayInputStream( propText.replace(';', '\n').getBytes(StandardCharsets.ISO_8859_1))); } return p; } It replaces ';' with '\n' and feeds the string as ISO-8859-1 into Properties.load(). The same implementation of that method is present both in current DBCP2 and in previous DBCP 1.4 used by Tomcat 7. If this implementation is of any use, it must be properly documented. As of now, it does not match its own javadoc which only says that format is [propertyName=property;]*. Neither it is documented at [2]. The format of a properties file [1] is that The key contains all of the characters in the line starting with the first non-white space character and up to, but not including, the first unescaped '=', ':', or white space character other than a line terminator. The workaround for you is to escape the whitespace character in key name with '\'. That workaround works fine! In my opinion should be documented inside tomcat doc pages. What do you think about AbstractMethodError problem with tomcat 8? Am I stuck to version 7, having to use jtOpen jdbc Driver? Thanks,
Re: connectionProperties is failing?
On 23/10/2014 13:27, Alessandro Manzoni wrote: What do you think about AbstractMethodError problem with tomcat 8? Set testOnBorrow=false Am I stuck to version 7, having to use jtOpen jdbc Driver? No. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: is normal keep value when tomcat restart after JSESSIONID was create?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 이강우, On 10/23/14 1:56 AM, 이강우(KangWoo Lee) wrote: ok I undertand. - the session identifier should change to prevent session-fixation attacks. but how I can set tomcat to regenerate id value? I was search document, but can't find it I'm not sure what you are asking. Can you ask in a different way? Do you want Tomcat to reject the requested (invalid) session id and generate a new one instead? - -chris 2014-10-22 22:44 GMT+09:00 Christopher Schultz ch...@christopherschultz.net : 이강우, On 10/22/14 4:41 AM, 이강우(KangWoo Lee) wrote: Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache 2.4.10 with mod-jk 1.2.40 1. Tomcat start 2. Client request - JSESSIONID is null 3. tomcat response - JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 is create 4. refresh page - session attribute(name=count, value=count++) is correct. count is increasing. Good so far. 5. Tomcat stop - start (restart) context setting is session is not persist Okay. 6. Client refresh - client request is send JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 7. session attribute(name=count, value=0) is reset. but keeping JSESSIONID question. why tomcat using JSESSIONID set by client request value? is not regenerate? If the client requests a session by id, Tomcat will try to give it to them. If it doesn't exist, it will use that session identifier for the new session. Did the user actually authenticate with Tomcat? Or just get an anonymous session? If the user authenticates with Tomcat, the session identifier should change to prevent session-fixation attacks. is this java spec? I believe the spec says nothing about the generation of session ids. Even the above session-fixation behavior is outside of the spec (but definitely does not violate it). -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUSSGuAAoJEBzwKT+lPKRYHZcP+weLH/AgmnVPs6dxiXG+Qjtg ndtap6eKAuys+LBmHYQCki780cmmnX0UZg8sEVENPJ+GSRRuni3/S8RwixTnA4Lv YbuEov2d0oxTI+ZzH0HSR40nYPSzKY3m/yzMlB4y+JrvA3ousxiIDZ07tkM6LvCq 6Cpn54Bd7InbHWJJJXNyn8iA+snxuJe1QfpxkiFVPrjgZgRFJfsOWCUHN6qsETYG EvydlCTR/9b2yPkqApEiYLULSG+K70Wtupp8pPB0jM0dP1i16qZa1SGMh79lP9kO FZ3H8PoPwnSluSRefyPnQgCTIWQEP89sJ4Q1fCCN4r/axUgyI6OEWuZ/MGOaN4yg Y37sUrcauRCy+Sfh8x7IIJpnVeOZcyPO4sDrmDjySTNKis5hdtpxwNuTY97XxHe+ 2bD3jierVw05T4lj6zOraRo2yrzVVWujd1RUJ8vCMBnx6l3rvzxGp+10sUqePyeF nhc3rWg1vWcdxXDDJ8p853Xb5k1MuR1rQg2kJ9AWJDfMZULi80awPZYQuJOC9O/n TFGKcLsXM0xp6ND0ItdLgzTXlj8xhPDvNGp438KSD16ofm27dWM++btD4Ss3DoVs Vu+xwL2td0nx94+jEJgibi4SVCCVkgNzO5vu/uyxVFE1oBGxo6OSQTnp4UDc5KkY DQ2jHJBmVqVHwxOxS4j7 =wFKq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JDBCStore
You may want to have a look at parallel deployment ( http://tomcat.apache.org/tomcat-7.0-doc/config/context.html). At the moment /Catalina/localhost/ is used as value in column app. It is the root app. Would a war ROOT##2.war use another value? No. OK, then this would not solve the prob. Thx! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: is normal keep value when tomcat restart after JSESSIONID was create?
I found a causes. set the context attribute sessioncookiepath=/ is same affect of emptysessionpath. tomcat document says if set emptysessionpath then yomcat using session id value of client request. I solve it. thanks to your comment. 2014. 10. 24. 오전 12:42에 Christopher Schultz ch...@christopherschultz.net님이 작성: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 이강우, On 10/23/14 1:56 AM, 이강우(KangWoo Lee) wrote: ok I undertand. - the session identifier should change to prevent session-fixation attacks. but how I can set tomcat to regenerate id value? I was search document, but can't find it I'm not sure what you are asking. Can you ask in a different way? Do you want Tomcat to reject the requested (invalid) session id and generate a new one instead? - -chris 2014-10-22 22:44 GMT+09:00 Christopher Schultz ch...@christopherschultz.net : 이강우, On 10/22/14 4:41 AM, 이강우(KangWoo Lee) wrote: Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache 2.4.10 with mod-jk 1.2.40 1. Tomcat start 2. Client request - JSESSIONID is null 3. tomcat response - JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 is create 4. refresh page - session attribute(name=count, value=count++) is correct. count is increasing. Good so far. 5. Tomcat stop - start (restart) context setting is session is not persist Okay. 6. Client refresh - client request is send JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 7. session attribute(name=count, value=0) is reset. but keeping JSESSIONID question. why tomcat using JSESSIONID set by client request value? is not regenerate? If the client requests a session by id, Tomcat will try to give it to them. If it doesn't exist, it will use that session identifier for the new session. Did the user actually authenticate with Tomcat? Or just get an anonymous session? If the user authenticates with Tomcat, the session identifier should change to prevent session-fixation attacks. is this java spec? I believe the spec says nothing about the generation of session ids. Even the above session-fixation behavior is outside of the spec (but definitely does not violate it). -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUSSGuAAoJEBzwKT+lPKRYHZcP+weLH/AgmnVPs6dxiXG+Qjtg ndtap6eKAuys+LBmHYQCki780cmmnX0UZg8sEVENPJ+GSRRuni3/S8RwixTnA4Lv YbuEov2d0oxTI+ZzH0HSR40nYPSzKY3m/yzMlB4y+JrvA3ousxiIDZ07tkM6LvCq 6Cpn54Bd7InbHWJJJXNyn8iA+snxuJe1QfpxkiFVPrjgZgRFJfsOWCUHN6qsETYG EvydlCTR/9b2yPkqApEiYLULSG+K70Wtupp8pPB0jM0dP1i16qZa1SGMh79lP9kO FZ3H8PoPwnSluSRefyPnQgCTIWQEP89sJ4Q1fCCN4r/axUgyI6OEWuZ/MGOaN4yg Y37sUrcauRCy+Sfh8x7IIJpnVeOZcyPO4sDrmDjySTNKis5hdtpxwNuTY97XxHe+ 2bD3jierVw05T4lj6zOraRo2yrzVVWujd1RUJ8vCMBnx6l3rvzxGp+10sUqePyeF nhc3rWg1vWcdxXDDJ8p853Xb5k1MuR1rQg2kJ9AWJDfMZULi80awPZYQuJOC9O/n TFGKcLsXM0xp6ND0ItdLgzTXlj8xhPDvNGp438KSD16ofm27dWM++btD4Ss3DoVs Vu+xwL2td0nx94+jEJgibi4SVCCVkgNzO5vu/uyxVFE1oBGxo6OSQTnp4UDc5KkY DQ2jHJBmVqVHwxOxS4j7 =wFKq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBCStore
Am 23.10.2014 um 19:45 schrieb spr...@gmx.eu: You may want to have a look at parallel deployment ( http://tomcat.apache.org/tomcat-7.0-doc/config/context.html). At the moment /Catalina/localhost/ is used as value in column app. It is the root app. Would a war ROOT##2.war use another value? No. OK, then this would not solve the prob. Well, I think it solves your problem. Old session-ids will get routed to the old version of your webapp and thus will be deserialized without a problem. New sessions will be created in the new version. This will enable a smooth transition from your old version to the new one. Regards Felix Thx! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Built-in Tomcat Support for Windows Authentication
Am 23.10.2014 um 11:07 schrieb Philippe Wijdh: Hi, Thank you for the response. The initial setup of the spn and the keytab was without the port-number, the registry key was a suggestion found on internet but this setting does not change the outcome. The command kinit on the Tomcat server returns the following C:\MyPrograms\Tomcat7\confset KRB5_CONFIG=C:\MyPrograms\Tomcat7\conf\krb5.conf C:\MyPrograms\Tomcat7\confc:\MyPrograms\Java\jdk1.7.0_60\bin\kinit -J-Djava.sec urity.krb5.conf=C:\MyPrograms\Tomcat7\conf\krb5.conf -J-Djava.security.auth.logi n.config=C:\MyPrograms\Tomcat7\conf\jaas.conf -J-Dsun.security.krb5.debug=true - k -t C:\MyPrograms\Tomcat7\conf\tomcat8080.keytab HTTP/v3tcat4ad.assai.nl:8080@A SSAI.NL HTTP/v3tcat4ad.assai.nl:8...@assai.nl is the wrong spn. You have to use one without the port number (as described in the docs). Maybe it would be best to follow Mark's advice and start with a fresh system and follow step for step the documentation. Felix KinitOptions cache name is C:\Users\TestUser\krb5cc_testuser Principal is HTTP/v3tcat4ad.assai.nl:8...@assai.nl Kinit using keytab Kinit keytab file name: C:\MyPrograms\Tomcat7\conf\tomcat8080.keytab Java config name: C:\MyPrograms\Tomcat7\conf\krb5.conf Loaded from Java config Kinit realm name is ASSAI.NL Creating KrbAsReq KrbKdcReq local addresses for V3TCAT4AD are: V3TCAT4AD/10.1.0.67 IPv4 address V3TCAT4AD/fe80:0:0:0:d815:81c0:97e7:11d2%11 IPv6 address KdcAccessibility: reset KeyTabInputStream, readName(): ASSAI.NL KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): v3tcat4ad.assai.nl:8080 KeyTab: load() entry length: 72; type: 23 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=198 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #byt es=198 KrbKdcReq send: #bytes read=173 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KdcAccessibility: remove v3dom1.assai.nl:88 KDCRep: init() encoding tag is 126 req type is 11 KRBError: sTime is Thu Oct 23 10:21:31 CEST 2014 1414052491000 suSec is 776700 error code is 25 error Message is Additional pre-authentication required realm is ASSAI.NL sname is krbtgt/ASSAI.NL eData provided. msgType is 30 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt = Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16 Pre-Authentication Data: PA-DATA type = 15 KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsReq creating message KrbKdcReq send: kdc=v3dom1.assai.nl UDP:88, timeout=3, number of retries =3, #bytes=283 KDCCommunication: kdc=v3dom1.assai.nl UDP:88, timeout=3,Attempt =1, #byt es=283 KrbKdcReq send: #bytes read=88 KrbKdcReq send: kdc=v3dom1.assai.nl TCP:88, timeout=3, number of retries =3, #bytes=283 KDCCommunication: kdc=v3dom1.assai.nl TCP:88, timeout=3,Attempt =1, #byt es=283 DEBUG: TCPClient reading 1496 bytes KrbKdcReq send: #bytes read=1496 KdcAccessibility: remove v3dom1.assai.nl:88 Added key: 23version: 0 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23 18 17. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsRep cons in KrbAsReq.getReply HTTP/v3tcat4ad.assai.nl:8080 New ticket is stored in cache file C:\Users\TestUser\krb5cc_testuser C:\MyPrograms\Tomcat7\confklist Current LogonId is 0:0x13380b5c Cached Tickets: (0) Kind regards, Philippe Wijdh Senior Programmer Assai software services BV, Parallelweg Oost 13a, 4103 NC, Culemborg, The Netherlands P: +31 (0)345 516 663, E: p.wi...@assai.nl, W: www.assai-software.com -Original Message- From: Felix Schumacher
RE: JDBCStore
Well, I think it solves your problem. Old session-ids will get routed to the old version of your webapp and thus will be deserialized without a problem. New sessions will be created in the new version. Yes, but the session persistence will go into the same table rows - chrash while deserialization. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org