Re: [OT] Monitoring Tomcat

2016-03-29 Thread Napromsa 


Christopher Schultz  escribió:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Leon,
>
>On 3/29/16 11:25 AM, Leon Rosenberg wrote:
>> On Tue, Mar 29, 2016 at 4:57 PM, Christopher Schultz < 
>> ch...@christopherschultz.net> wrote:
>> 
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>> 
>>> Leon,
>>> 
>>> On 3/28/16 6:34 PM, Leon Rosenberg wrote:
 Of course MoSKito: http://www.moskito.org
 
 Take a look at the step by step guide (start with step 1 not
 0). 
 blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1
>/
>>>
>>>
 
>You
 
>>> should come to ApacheCon and give a presentation about MoSKito 
>>> sometime. I'd love to see it.
>>> 
>> 
>> Thanks for the invitation, I'd actually love to;-) When is the next
>> one (and where;-))
>
>The next one is in May in Vancouver, BC, but the presentation schedule
>for that event is already set.
>
>You can go to http://apachecon.com/ for more information any time,
>though the site isn't terribly informative. For the past few years,
>there have been ApacheCon conferences in North America and Europe
>about one per region per year.
>
>I'm personally much more likely to attend the North American
>conferences, simply because it's cheaper for my employer to send me.
>
>There's always the "hallway track" where you can just come and talk to
>people, too.
>
>- -chris
>-BEGIN PGP SIGNATURE-
>Comment: GPGTools - http://gpgtools.org
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iEYEARECAAYFAlb6pLwACgkQ9CaO5/Lv0PAhMwCgvi8lhICUgtlmXtBYugCLfzkc
>Kf0An0ekcxU015uc7EW7Vvcv9DzY+67A
>=YWS9
>-END PGP SIGNATURE-
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Monitoring Tomcat

2016-03-29 Thread Edwin Quijada 
I am seeing Zabbix but about the secutiry problems with JMX 



From: Leonardo Santagostini 
Sent: Tuesday, March 29, 2016 12:20 AM
To: Tomcat Users List
Subject: Re: Monitoring Tomcat

My two cents:

You can aldo use Zabbix to Monitor your Tomcar using JMX.

Also Zabbix is used from templates. So once you got one machine monitored
as you expected you can easy deployit on other your machine, and the best
of all, you dont nees to use apps like Jolokia. But bear in mind that there
are some security concerns.

Best regards
El mar 28, 2016 8:56 p.m., "Edwin Quijada" 
escribió:

> Thks!
>
> 
> From: Mark Eggers 
> Sent: Monday, March 28, 2016 10:32 PM
> To: Tomcat Users List
> Subject: Re: Monitoring Tomcat
>
> https://tomcat.apache.org/tomcat-7.0-doc/monitoring.html
> https://wiki.apache.org/tomcat/FAQ/Monitoring
>
> Basically enable JMX, then use a wide variety of tools to query an even
> wider variety of information.
>
> Please note that there are security issues when enabling JMX. Read the
> first link above for details.
>
> . . . just my two cents
> /mde/
>
> On 3/28/2016 3:23 PM, Edwin Quijada wrote:
> > Hi!
> > I have an app with Tomcat+Grails+Vaadin+PostgreSQL and I wanna monitor
> the speed and resources of this. I add to 1024mb to Tomcat because the app
> and DB is in the same server.
> >
> > What application can I use to monitor performance of this Tomcat ?
> >
> >
> > TIA
> >
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Monitoring Tomcat

2016-03-29 Thread Edwin Quijada 
Cool!! I dont like the name I am from Caribbean and here the moskitos are F
 :) :)
I will test now!!


From: Leon Rosenberg 
Sent: Monday, March 28, 2016 10:34 PM
To: Tomcat Users List
Subject: Re: Monitoring Tomcat

Of course MoSKito:
http://www.moskito.org

Take a look at the step by step guide (start with step 1 not 0).
blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/

regards
Leon

On Tue, Mar 29, 2016 at 12:23 AM, Edwin Quijada 
wrote:

> Hi!
> I have an app with Tomcat+Grails+Vaadin+PostgreSQL and I wanna monitor the
> speed and resources of this. I add to 1024mb to Tomcat because the app and
> DB is in the same server.
>
> What application can I use to monitor performance of this Tomcat ?
>
>
> TIA
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OpenID Connect with Tomcat 8

2016-03-29 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sebastien,

On 3/29/16 12:57 PM, Sebastian Trost wrote:
> Hi,
> 
> I am looking for a way to use OpenID Connect (authentication AND
> authorization) with Tomcat 8. I found two ways to get
> authentication working, but not authorization. Here's what I tested
> so far:
> 
> Tomcat 8 + https://github.com/boylesoftware/tomcat8-oidcauth This
> extension works very well for authentication. It isn't possible to
> authorize users, though. You can configure a realm which authorizes
> the user against LDAP or a database.
> 
> Apache HTTPD + https://github.com/pingidentity/mod_auth_openidc +
> Tomcat 8 This mod works pretty well, too. But the AJP Connector
> doesn't seem to receive the roles from the web server and also
> relies on the realm to fetch the roles for each user.
> 
> With both methods I failed to read the roles OpenID Connect
> supplies with the id token.
> 
> I experimented a bit with botching around in tomcat8-oidcauth. I
> removed the authenticate()-call and instead built the
> GenericPrincipal object with hard-coded roles on my own. That seems
> to work. But is this safe? Can I just read the token id and assume
> that it is correct and set the roles in the GenericPrincipal? Are
> there any other methods to use both authentication AND
> authorization with tomcat 8?

I haven't looked at any of the above projects but if you want to
authenticate and authorize against a different type of backing
database, then you need to create your own Realm. RealmBase provides
some nice utilities, but you aren't required to actually extend it.

The Realm has complete control over how the Principal objects are
created, so if you have a way to identify the user and their roles,
then you can simply create a GenericPrincipal and return that on
login, and its roles will be used for authentication later.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlb6wd4ACgkQ9CaO5/Lv0PDbYwCaAwKxMmUKPQWU9Vz/86xio4T2
/FwAn3kmrN6wJY1Fik4/Vcp6K62AF/tt
=30NH
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

OpenID Connect with Tomcat 8

2016-03-29 Thread Sebastian Trost 
Hi,

I am looking for a way to use OpenID Connect (authentication AND authorization) 
with Tomcat 8. I found two ways to get authentication working, but not 
authorization. Here's what I tested so far:

Tomcat 8 + https://github.com/boylesoftware/tomcat8-oidcauth
This extension works very well for authentication. It isn't possible to 
authorize users, though. You can configure a realm which authorizes the user 
against LDAP or a database.

Apache HTTPD + https://github.com/pingidentity/mod_auth_openidc + Tomcat 8 
This mod works pretty well, too. But the AJP Connector doesn't seem to receive 
the roles from the web server and also relies on the realm to fetch the roles 
for each user.

With both methods I failed to read the roles OpenID Connect supplies with the 
id token. 

I experimented a bit with botching around in tomcat8-oidcauth. I removed the 
authenticate()-call and instead built the GenericPrincipal object with 
hard-coded roles on my own. That seems to work. But is this safe? Can I just 
read the token id and assume that it is correct and set the roles in the 
GenericPrincipal?
Are there any other methods to use both authentication AND authorization with 
tomcat 8?

Thanks and kind regards
Sebastian


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Monitoring Tomcat

2016-03-29 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Leon,

On 3/29/16 11:25 AM, Leon Rosenberg wrote:
> On Tue, Mar 29, 2016 at 4:57 PM, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>> 
>> Leon,
>> 
>> On 3/28/16 6:34 PM, Leon Rosenberg wrote:
>>> Of course MoSKito: http://www.moskito.org
>>> 
>>> Take a look at the step by step guide (start with step 1 not
>>> 0). 
>>> blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1
/
>>
>>
>>> 
You
>>> 
>> should come to ApacheCon and give a presentation about MoSKito 
>> sometime. I'd love to see it.
>> 
> 
> Thanks for the invitation, I'd actually love to;-) When is the next
> one (and where;-))

The next one is in May in Vancouver, BC, but the presentation schedule
for that event is already set.

You can go to http://apachecon.com/ for more information any time,
though the site isn't terribly informative. For the past few years,
there have been ApacheCon conferences in North America and Europe
about one per region per year.

I'm personally much more likely to attend the North American
conferences, simply because it's cheaper for my employer to send me.

There's always the "hallway track" where you can just come and talk to
people, too.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlb6pLwACgkQ9CaO5/Lv0PAhMwCgvi8lhICUgtlmXtBYugCLfzkc
Kf0An0ekcxU015uc7EW7Vvcv9DzY+67A
=YWS9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 Connection Reset Issue

2016-03-29 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Theo,

On 3/29/16 2:55 AM, Theo Sweeny wrote:
> Yes - that does look like a spring connect timeout - which then 
> passes back to java.net.SocketException: Connection reset. So
> either the client or the server is resetting before the connection
> can complete.
> 
> The only system change to coincide with these connection resets is 
> the new connection pool config as listed above. This implies that 
> there is some conflict within the datasource config.

I don't believe that's the case, unless you are using the same port
numbers for both your JDBC connections and whatever other component is
failing. Have you tried reverting the JNDI configuration only?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlb6o84ACgkQ9CaO5/Lv0PC75QCgiNExQYWamSs9kmnZIoEZEnMP
3FcAoLIBEzB9NpLbvbjwqHH5wdQ/CIe7
=X5ZC
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Monitoring Tomcat

2016-03-29 Thread Leon Rosenberg 
On Tue, Mar 29, 2016 at 4:57 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Leon,
>
> On 3/28/16 6:34 PM, Leon Rosenberg wrote:
> > Of course MoSKito: http://www.moskito.org
> >
> > Take a look at the step by step guide (start with step 1 not 0).
> > blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/
>
> You
> >
> should come to ApacheCon and give a presentation about MoSKito
> sometime. I'd love to see it.
>

Thanks for the invitation, I'd actually love to;-)
When is the next one (and where;-))
Leon


>
>

Re: [OT] Monitoring Tomcat

2016-03-29 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Leon,

On 3/28/16 6:34 PM, Leon Rosenberg wrote:
> Of course MoSKito: http://www.moskito.org
> 
> Take a look at the step by step guide (start with step 1 not 0). 
> blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/

You
> 
should come to ApacheCon and give a presentation about MoSKito
sometime. I'd love to see it.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlb6l9AACgkQ9CaO5/Lv0PBRswCgtSOl3nUk4ZO+QxjtGyrUNHbv
BF8An0iCuwCBigFoKv8TzwRp+HKYgSgy
=mIX7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: isapi_redirect suitable for Windows 7 platform?

2016-03-29 Thread Garcia Aparici, Carlos 
We had a lot of problems with isapi and w2k12. If you are planning that for 
production better stay with Ms ARR or apache httpd.

Enviado desde Outlook en Android



On Tue, Mar 29, 2016 at 5:00 AM -0700, "Martin Molema" 
> wrote:

Hello,

I'm trying to connect Microsoft IIS to Tomcat. I followed this tutorial
(https://tomcat.apache.org/connectors-doc/webserver_howto/iis.html) but
can't get it to work. I keep getting the error 500:
GetFilterVersion with ISAPI-filter
C:\inetpub\wwwroot\jakarta\isapi_redirect.dll failed.

After some time I managed to get IIS to supply Failed Requests Logs. This
mentioned a warning that te isapi_redirect dll needs a 'newer version of
windows'.

I'm working on a normal Windows 7 Professional workstation, 32bit. Could
this be the problem? I downloaded :
- apache-tomcat-7.0.68-windows-x86
- tomcat-connectors-1.2.40-windows-i386-iis

Should I switch to a Windows 2012 server instead to solve this problem? If
need be I can supply the failedrequest logs (XML).

--
Kind Regards,

Martin Molema

W   http://www.molema.org
E   mar...@molema.org
T   0650 - 44 30 70

Linked-In : http://www.linkedin.com/in/martinmolema
Twitter   : http://twitter.com/#!/MartinMolema

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, 
contiene información de carácter confidencial exclusivamente dirigida a su 
destinatario o destinatarios. Si no es vd. el destinatario indicado, queda 
notificado que la lectura, utilización, divulgación y/o copia sin autorización 
está prohibida en virtud de la legislación vigente. En el caso de haber 
recibido este correo electrónico por error, se ruega notificar inmediatamente 
esta circunstancia mediante reenvío a la dirección electrónica del remitente.
Evite imprimir este mensaje si no es estrictamente necesario.

This email and any file attached to it (when applicable) contain(s) 
confidential information that is exclusively addressed to its recipient(s). If 
you are not the indicated recipient, you are informed that reading, using, 
disseminating and/or copying it without authorisation is forbidden in 
accordance with the legislation in effect. If you have received this email by 
mistake, please immediately notify the sender of the situation by resending it 
to their email address.
Avoid printing this message if it is not absolutely necessary.

isapi_redirect suitable for Windows 7 platform?

2016-03-29 Thread Martin Molema 
Hello,

I'm trying to connect Microsoft IIS to Tomcat. I followed this tutorial
(https://tomcat.apache.org/connectors-doc/webserver_howto/iis.html) but
can't get it to work. I keep getting the error 500:
GetFilterVersion with ISAPI-filter
C:\inetpub\wwwroot\jakarta\isapi_redirect.dll failed.

After some time I managed to get IIS to supply Failed Requests Logs. This
mentioned a warning that te isapi_redirect dll needs a 'newer version of
windows'.

I'm working on a normal Windows 7 Professional workstation, 32bit. Could
this be the problem? I downloaded :
- apache-tomcat-7.0.68-windows-x86
- tomcat-connectors-1.2.40-windows-i386-iis

Should I switch to a Windows 2012 server instead to solve this problem? If
need be I can supply the failedrequest logs (XML).

-- 
Kind Regards,

Martin Molema

W   http://www.molema.org
E   mar...@molema.org
T   0650 - 44 30 70

Linked-In : http://www.linkedin.com/in/martinmolema
Twitter   : http://twitter.com/#!/MartinMolema

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting garbled data when making http request on https port

2016-03-29 Thread Mark Thomas 
On 29/03/2016 04:35, Amey Rokde wrote:
> Christoph
> 
> Fair enough that it is not a security leak . Can you throw some light on
> what's happening internally so as to understand why we get this garbled
> data to be downloaded.

What you are seeing are the opening bytes of the TLS handshake. The
client fails to respond correctly (it sends the HTTP request line) and
the connection fails.

Mark


> 
> sorry for pushing
> Amey
> 
> On Mon, Mar 28, 2016 at 10:00 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
> 
>> Amey,
>>
>> On 3/28/16 11:25 AM, Amey Rokde wrote:
>>> May be i didn't explained my question properly. What we have is a single
>>> web application running on https port 7070. This port is configured for
>>> https connection only and that the reason there is single connector. What
>>> we are seeing is if by mistake
>>> or intentionally the user types instead of https://localhost:7070/myapp
>> he
>>> types http://localhost:7070/myapp
>>> the content with some garbled data gets downloaded.  The question is
>>> whether i can prevent the garbled data and if so how i can do that.
>>
>> There is currently no Tomcat-only solution that meets all of your
>> criteria (single connector).
>>
>> Apache httpd can respond with a plaintext response (it's a 400, not a
>> 404), but Apache Tomcat is not yet able to do that.
>>
>> I would like to reiterate that there is no security leak, here.
>>
>> -chris
>>
>>> On Mon, Mar 28, 2016 at 7:15 PM, Christopher Schultz <
>>> ch...@christopherschultz.net> wrote:
>>>
>>> Amey,
>>>
>>> On 3/28/16 3:54 AM, Amey Rokde wrote:
>> Dear Community
>>
>> We are using the apache-tomcat-7.0.55 and have configured only one
>> SSL connector (7070).
>>
>> The SSL connection (https) )works properly and i am able to fetch
>> the request. But if we make http request we get the garbled data to
>> be downloaded in the browser.
>>>
>>> This is expected behavior.
>>>
>> I tried searching over the net but the information available is
>> more about redirect and things around it. What i want is to prevent
>> this garbled data and get more of http 404 not found.
>>>
>>> Then you need to make an HTTP connection, not an HTTPS one. It's easy
>>> to configure an HTTP connector that redirects to HTTPS.
>>>
>> Getting this garbled data is considered more or less security
>> leak.
>>>
>>> Considered a security leak by whom? There is no information leakage.
>>> There are no secrets being transmitted. This is an inconvenience to
>>> the user that you can easily remedy.
>>>
>> I am attaching the sample server xml of the tomcat .
>>>
>>> Thanks, but it wasn't relevant (other than to confirm that you weren't
>>> configuring an HTTPS connector on a standard HTTP port such as 80).
>>>
>> Please advise what needs to be done.
>>>
>>> If you want your users to get a 404, then you should listen on port 80
>>> (for HTTP) and return 404 for all requests. If you want to do better
>>> than that, you should listen on port 80 (for HTTP) and redirect all
>>> requests to the secure port.
>>>
>> PS: the higher tomcat versions namely apache-tomcat-8.0.32 does not
>> show above behaviour.
>>>
>>> It should behave exactly the same way.
>>>
>>> -chris

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: response.sendRedirect is not working in application after upgrade from 7.0.65 to 7.0.67

2016-03-29 Thread Violeta Georgieva 
Hi,

2016-03-29 12:23 GMT+03:00 Utkarsh Dave :
>
> HiVioleta,
> Our application has a very similar problem after upgrade to tomcat
7.0.67/68
> and it seems space in between url attributes was the issue while using
> response.sendRedirect.
> Currently we have hold off the upgrade until all web application teams
find
> the affected pages and rectify there code.
>
> I heard (above) this will be fixed in 7.0.69 ?
> Is that the case? and is there an (rough) estimate of the release
> date/month of 69 release
>

I was thinking about preparing Tomcat 7.0.69 for voting next week.
Please note that this is not final.

Regards,
Violeta

>
> On Thu, Mar 24, 2016 at 12:58 PM, Violeta Georgieva 
> wrote:
>
> > 2016-03-24 9:11 GMT+02:00 Palod, Manish :
> > >
> > > Hi Violeta,
> > > We have tried 7.0.68 also, but same issue.
> >
> > OK
> >
> > We have a fix for something similar
> > http://svn.apache.org/viewvc?view=revision=1734262
> >
> > The fix will be available in 7.0.69
> > Can you build Tomcat 7 trunk and test your scenario?
> >
> > Thanks,
> > Violeta
> >
> > > Regards
> > > Manish
> > > -Original Message-
> > > From: Violeta Georgieva [mailto:miles...@gmail.com]
> > > Sent: Thursday, March 24, 2016 12:36 PM
> > > To: Tomcat Users List 
> > > Subject: Re: response.sendRedirect is not working in application after
> > upgrade from 7.0.65 to 7.0.67
> > >
> > > Hi,
> > >
> > > 2016-03-24 8:18 GMT+02:00 Palod, Manish :
> > > >
> > > > Hello Experts,
> > > > We are using tomcat in our application from many years and things
were
> > > working fine.
> > > >
> > > > After upgrade from tomcat 7.0.65 to 7.0.67, response.sendRedirect is
> > > > not
> > > working properly in application.
> > > >
> > > > We are having spaces in between url attributes all the time ex.
> > > companyName=XYZ Inc=ABC Road etc. and didn't face any issues.
> > > >
> > > > We are encoding the URL's using "response.encodeURL" before passing
> > > > url
> > > param to response.sendRedirect
> > > >
> > > > After upgrade to .67, sendRedirect started failing, hence I tried
> > > changing url encoding using "response.encodeRedirectURL", still
> > redirection didn't work
> > > >
> > > > is this the known issue?
> > > > is there any work around for this?
> > > >
> > >
> > > Please try 7.0.68
> > > This is the last released Tomcat 7 version.
> > >
> > > Regards,
> > > Violeta
> > >
> > > > Thanks
> > > > Manish
> > > >
> >

Re: response.sendRedirect is not working in application after upgrade from 7.0.65 to 7.0.67

2016-03-29 Thread Utkarsh Dave 
HiVioleta,
Our application has a very similar problem after upgrade to tomcat 7.0.67/68
and it seems space in between url attributes was the issue while using
response.sendRedirect.
Currently we have hold off the upgrade until all web application teams find
the affected pages and rectify there code.

I heard (above) this will be fixed in 7.0.69 ?
Is that the case? and is there an (rough) estimate of the release
date/month of 69 release


On Thu, Mar 24, 2016 at 12:58 PM, Violeta Georgieva 
wrote:

> 2016-03-24 9:11 GMT+02:00 Palod, Manish :
> >
> > Hi Violeta,
> > We have tried 7.0.68 also, but same issue.
>
> OK
>
> We have a fix for something similar
> http://svn.apache.org/viewvc?view=revision=1734262
>
> The fix will be available in 7.0.69
> Can you build Tomcat 7 trunk and test your scenario?
>
> Thanks,
> Violeta
>
> > Regards
> > Manish
> > -Original Message-
> > From: Violeta Georgieva [mailto:miles...@gmail.com]
> > Sent: Thursday, March 24, 2016 12:36 PM
> > To: Tomcat Users List 
> > Subject: Re: response.sendRedirect is not working in application after
> upgrade from 7.0.65 to 7.0.67
> >
> > Hi,
> >
> > 2016-03-24 8:18 GMT+02:00 Palod, Manish :
> > >
> > > Hello Experts,
> > > We are using tomcat in our application from many years and things were
> > working fine.
> > >
> > > After upgrade from tomcat 7.0.65 to 7.0.67, response.sendRedirect is
> > > not
> > working properly in application.
> > >
> > > We are having spaces in between url attributes all the time ex.
> > companyName=XYZ Inc=ABC Road etc. and didn't face any issues.
> > >
> > > We are encoding the URL's using "response.encodeURL" before passing
> > > url
> > param to response.sendRedirect
> > >
> > > After upgrade to .67, sendRedirect started failing, hence I tried
> > changing url encoding using "response.encodeRedirectURL", still
> redirection didn't work
> > >
> > > is this the known issue?
> > > is there any work around for this?
> > >
> >
> > Please try 7.0.68
> > This is the last released Tomcat 7 version.
> >
> > Regards,
> > Violeta
> >
> > > Thanks
> > > Manish
> > >
>

Re: [ANN] Apache Tomcat 8.0.33 available

2016-03-29 Thread Johan Compagner 
My bad, i somehow expected to sse .34 (and the date that is reported at the
top is quite some time ago) so i was mixed up.

Re: [ANN] Apache Tomcat 8.0.33 available

2016-03-29 Thread Violeta Georgieva 
Hi,

2016-03-29 10:16 GMT+03:00 Johan Compagner :
>
> the change log is not updated yet.

I can see the changelog.
Can you try to creal the browser cache?

Regards,
Violeta

>
> On 25 March 2016 at 23:04, Mark Thomas  wrote:
>
> > Please refer to the change log for the complete list of changes:
> > http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
> >
>
>
>
>
> --
> Johan Compagner
> Servoy

Re: [ANN] Apache Tomcat 8.0.33 available

2016-03-29 Thread Johan Compagner 
the change log is not updated yet.

On 25 March 2016 at 23:04, Mark Thomas  wrote:

> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
>




-- 
Johan Compagner
Servoy

Re: Tomcat 8 Connection Reset Issue

2016-03-29 Thread Theo Sweeny 
Hi Chris,


From: Christopher Schultz 
Sent: 24 March 2016 19:42
To: Tomcat Users List
Subject: Re: Tomcat 8 Connection Reset Issue

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Theo,

On 3/24/16 1:19 PM, Theo Sweeny wrote:
> Hello - we are running Tomcat v8.0.21 on RH7 with Java7.
>
> Recently we changed the datasource's to use connection pooling but
> as a result we are seeing connection timeouts in the logs as seen
> here -
>
> 2016-03-24 16:27:36,638 14321113 [http-nio-20180-exec-3] INFO
> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
>
>
Correlation-Identifier=77063426-8942-4259-aafd-cd9bc1d03305,
> Timestamp=2016-03-24T14:54:46.084Z - Handling error:
> ResourceAccessException, I/O error on POST request for
> "https://localhost:8080/membership/programmes/ATRP/member-identificati
on":Connection
>
>
reset; nested exception is java.net.SocketException: Connection
> reset

That looks like an error with a Spring-related component, not Tomcat.
(Right?). There are plenty of folks here who might be able to answer
this question, but I think this is actually off-topic for this list.
(No problem; carry on. Just pointing it out).

> The timeouts occur about every 1 in 3 attempts.
>
>
> Here is the new datasource config -
>
>
>  factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
> type="javax.sql.DataSource"
> driverClassName="oracle.jdbc.OracleDriver"
> url="jdbc:oracle:thin:@myhost:1521:MYSID" username="MYUSER"
> password="x" removeAbandoned="True"
> removeAbandonedTimeout="30" logAbandoned="True"
> abandonWhenPercentageFull="0" testOnBorrow="True"
> testOnReturn="False" testWhileIdle="True" maxActive="32"
> initialSize="8" maxIdle="8" minIdle="8"
> minEvictableIdleTimeMillis="15000" validationQuery="select 1 from
> dual" validationInterval="15000" validationQueryTimeout="15"
> timeBetweenEvictionRunsMillis="15000" logValidationErrors="True"
> jdbcInterceptors="ConnectionState;StatementFinalizer;SlowQueryReport(t
hreshold=1500);QueryTimeoutInterceptor(queryTimeout=10),ResetAbandonedTi
mer"
>
>
maxWait="-1"/>
>
> Are there any conflicts within this config that could be resulting
> in this issue?

I don't believe your JNDI DataSource has anything to do with making
outgoing connections to OAuth providers...

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlb0Qx0ACgkQ9CaO5/Lv0PA7KACfYVLubbNfIxKrInh9SNwY/JHf
h+kAnRRevkPjZBdCl0RD53QdtsndtXGe
=h3bQ
-END PGP SIGNATURE-

Thanks for the replay.

Yes - that does look like a spring connect timeout - which then passes back to 
java.net.SocketException: Connection reset. So either the client or the server 
is resetting before the connection can complete.

The only system change to coincide with these connection resets is the new 
connection pool config as listed above. This implies that there is some 
conflict within the datasource config.

Theo
Avios Group (AGL) Ltd is a limited company registered in England (registered 
number 2260073 and VAT number 512566754) whose registered address is Astral 
Towers, Betts Way, London Road, Crawley, West Sussex RH10 9XY . Avios Group 
(AGL) Limited is part of the IAG group of companies This email and any files 
transmitted with it are confidential and intended solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
email in error please notify the system manager.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org