Re: Configuring DIGEST auth for manager

2017-11-08 Thread Philippe Mouawad
Hello,
Any feedback on this ?
Thanks

On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
p.moua...@ubik-ingenierie.com> wrote:

> Hello,
> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
> application.
>
> I have done the following:
>
> 1) Edit server.xml and have set MessageDigestCredentialHandler with SHA-256
>   
> 
>  resourceName="*UserDatabase*">
>   
> 
>   
>
> 2) Generated password using:
> ./digest.sh -a *SHA-256* -h 
> org.apache.catalina.realm.MessageDigestCredentialHandler
> -i 1 -s 0 password1234
>
> I also tried :
> ./digest.sh -a SHA-256 -h 
> org.apache.catalina.realm.MessageDigestCredentialHandler
> -i 1 -s 0 tomcat:UserDatabase:password1234
>
> 3) Set the last part of password following "password1234:" in
> tomcat-users.xml
> 
> 
> 
>  roles="manager-gui,admin,manager"/>
>
> 4) Edit /webapps/manager/WEB-INF/web.xml
>
> 
> DIGEST
> UserDatabase
>   
>
> I then try to login to http://localhost:8080/manager/html and enter admin
> and password1234
> it fails.
>
> There must be something I am missing.
>
> Sorry if I misread some documentation or if my question is stupid, these
> are the docs I have seen:
> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
> ndler.html#MessageDigestCredentialHandler Note the start of this part is
> not that clear for me. I think my format is
> *salt$iterationCount$encodedCredential* - a hex encoded salt, iteration
> code and a hex encoded credential, each separated by $
>
> I have also tried solutions described here without success:
> - http://www.techpaste.com/2013/05/enable-password-encryption-
> policy-tomcat-7/
> - https://stackoverflow.com/questions/39967289/how-to-use-dige
> st-authentication-in-tomcat-8-5
> - https://stackoverflow.com/questions/2978884/tomcat-digest-
> with-manager-webapp
>
> Regards
> Philippe
>



-- 
Cordialement.
Philippe Mouawad.
Ubik-Ingénierie

UBIK LOAD PACK Web Site 

UBIK LOAD PACK on TWITTER 


Question related to mutual authentication

2017-11-08 Thread Nicolas Therrien
Hi!

I have successfully set up mutual authentication on a Tomcat 9.0.1 server 
running on CentOS 6.5.  To do my testing, I use a Java program that I wrote to 
verify my understanding of SSL and the server configuration. 

My question is about the server-side verification of the client certificate 
(CertificateRequest part of handshake). I noticed that the hostname/common name 
in the client certificate did not seem to be validated. I can move that 
certificate on several machines and the server will always accept it, as long 
as it is signed by one of the trusted authorities in the server JVM's 
truststore. I am puzzled by this behavior because I was expecting the hostname 
to matter. If my certificate was set for a machine, I was not expecting it to 
work on another machine.

My understanding is that when "certificateVerification" is set to "required", 
the server would perform the same verification as the client does, that is:

1) Verify the incoming certificate is signed by an authority that is part of 
the local truststore.
2) Verify that the incoming certificate's common name matches the hostname of 
the peer we are communicating with.


Also, should the server behavior be correct, can someone explain to me why it 
is like that?I find it odd that the client certificate can be copied around 
and used by anyone and still pass mutual authentication...

Thanks in advance,

Nicolas Therrien ing.
Senior Software Engineer

Airbus DS Communications
home of VESTA®
200 Boul. de la Technologie, Suite 300
Gatineau, QC J8Z 3H6
Canada
819.931.2139  (DIRECT)
www.Airbus-DSComm.com





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: stopping scanning of TLDs

2017-11-08 Thread Ray Holme
this makes it easy in linux or mac land
for i in *.jar; do echo scanning $i; jar tf $i | grep "\.tld"; sleep 1; done
 

On Wednesday, November 8, 2017 3:27 PM, Christopher Schultz 
 wrote:
 

 -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ray,

On 11/8/17 11:24 AM, Ray Holme wrote:
> In a prior post, I asked if there was a way to see if a jar uses  a
> tag library. Chris responded - look for ".tld" in the files.

To clarify, I was responding to a question as to whether a JAR file
*contained* a tag library, not that it used one. Big difference.

> So I looked (turns out ecj.. has no ".tld": $ grep "tld"
> *.jarBinary file catalina-storeconfig.jar matches Binary file
> ecj-4.6.1.jar matches Binary file tomcat-util-scan.jar matches

I agree with Chris Cheshire: check the ZIP contents list and not a
binary check. Though the ZIP filenames are stored (mostly) in the
clear, it's possible that you might get unlucky. Also make sure you
use a case-insensitive check.

> I am just trying to find a reliable way to see if there is TAG
> library.

Searching for .tld files ought to do it.

Have you found a case where this *didn't* work?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloDaJ0dHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgcMQ/8Dv1fKlSVTjyznXD5
cYi2HPYt+enG2bMSzJICEhpQEHn6S0S1Veaf4pGfM1m27KPqvdghDgqGB/yoGt4P
2YU6LF8xa7AHVIvx+TwFtwcyL58NcqpO6uFM1MsUiAa3VYGUTY63R1B4EkTeWHuB
HoEDDIi17hOBGivctsFjkBaNgCKpnN4SUpMg3b9f4SZHgI4DjFIm0AQGUsI5pstQ
NKHzc/QFYu4+qqtb+A41cawf0jpvBtk2mY6SGqPu930SNWGpy8C5iQnyEguBS9ts
ZJVx3uYHBUFDByv+Cjudu7oJ1ceFrGQWWT6IumzMRQwL4RqueKLSjW2nXGR2gYmb
tF23FlKIQ2jljn5YgKkMmfgkQ2MeAbTJcubJBdJBT2LrzAKxK+0Ms2HCjfGBo777
GeRJ5JPHku0h3sn5clnYwsGMP1lcut+353VuNJsHg9NyhltBm7ubHB2240vaEGFF
CxpNBa/VZuMRbu1Jp8OmCTO232sjHWY0b8ySESy0CQXYHx5S3/pCB8IoLfGV8VVh
VQChjyJcsUePa0qmioi6kmKPeluy9J63POXgiPk+UCKUgr3R0Ogc2Fu+sqE3CkqK
0zf4Op/FALSfSqq67LTksy2oz4Ep1QC7CjKR2C/KG0nf6zaAPMVccmpqwccOuGWU
acEI1f6+9qXg6ZZQNneKsqr9Sfw=
=kaCd
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



   

Re: stopping scanning of TLDs

2017-11-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ray,

On 11/8/17 11:24 AM, Ray Holme wrote:
> In a prior post, I asked if there was a way to see if a jar uses  a
> tag library. Chris responded - look for ".tld" in the files.

To clarify, I was responding to a question as to whether a JAR file
*contained* a tag library, not that it used one. Big difference.

> So I looked (turns out ecj.. has no ".tld": $ grep "tld"
> *.jarBinary file catalina-storeconfig.jar matches Binary file
> ecj-4.6.1.jar matches Binary file tomcat-util-scan.jar matches

I agree with Chris Cheshire: check the ZIP contents list and not a
binary check. Though the ZIP filenames are stored (mostly) in the
clear, it's possible that you might get unlucky. Also make sure you
use a case-insensitive check.

> I am just trying to find a reliable way to see if there is TAG
> library.

Searching for .tld files ought to do it.

Have you found a case where this *didn't* work?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloDaJ0dHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgcMQ/8Dv1fKlSVTjyznXD5
cYi2HPYt+enG2bMSzJICEhpQEHn6S0S1Veaf4pGfM1m27KPqvdghDgqGB/yoGt4P
2YU6LF8xa7AHVIvx+TwFtwcyL58NcqpO6uFM1MsUiAa3VYGUTY63R1B4EkTeWHuB
HoEDDIi17hOBGivctsFjkBaNgCKpnN4SUpMg3b9f4SZHgI4DjFIm0AQGUsI5pstQ
NKHzc/QFYu4+qqtb+A41cawf0jpvBtk2mY6SGqPu930SNWGpy8C5iQnyEguBS9ts
ZJVx3uYHBUFDByv+Cjudu7oJ1ceFrGQWWT6IumzMRQwL4RqueKLSjW2nXGR2gYmb
tF23FlKIQ2jljn5YgKkMmfgkQ2MeAbTJcubJBdJBT2LrzAKxK+0Ms2HCjfGBo777
GeRJ5JPHku0h3sn5clnYwsGMP1lcut+353VuNJsHg9NyhltBm7ubHB2240vaEGFF
CxpNBa/VZuMRbu1Jp8OmCTO232sjHWY0b8ySESy0CQXYHx5S3/pCB8IoLfGV8VVh
VQChjyJcsUePa0qmioi6kmKPeluy9J63POXgiPk+UCKUgr3R0Ogc2Fu+sqE3CkqK
0zf4Op/FALSfSqq67LTksy2oz4Ep1QC7CjKR2C/KG0nf6zaAPMVccmpqwccOuGWU
acEI1f6+9qXg6ZZQNneKsqr9Sfw=
=kaCd
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: non www to www URL Rewrite

2017-11-08 Thread tomcat

On 08.11.2017 17:35, RAVIRAJ SHAH wrote:

Sorry for my language
my query with example

Let's say my website domain is "example.com"
Now I want to redirect "example.com" to "www.example.com"
Kindly share how I can achieve it


Well first, you need the 2 entries in the DNS server for "example.com".
You need :
example.com --> public Internet IP address of your server (A)
www.example.com --> public  Internet IP address of your server (B)

and A == B

otherwise it will never work.
Do you have that ?

You can check this by getting a command-line window somewhere and entering :
nslookup example.com
nslookup www.example.com
and both should give the same IP address.





On Wed, Nov 8, 2017, 19:08 André Warnier (tomcat)  wrote:


On 08.11.2017 14:30, RAVIRAJ SHAH wrote:

Anybody please help


I think that you first try to communicate more clearly what you want to
achieve.
"redirect non-www URL to www URL only"
does not appear to make much sense.

Also please send your message to the list as *plain text*, not html.
It will make it easier to read configuration lines below which look like
URL's.




On Tue, Nov 7, 2017, 12:00 RAVIRAJ SHAH  wrote:


Dear All,

Kindly request you to help to resolve this issue

Problem Statement :
we want to redirect non-www URL to www URL only

Current setup :

Defined rewrite valve in server.xml as below






  
/>






Created rewrite.config file in ../conf/Catalina//


*RewriteCond %{HTTP_HOST} !^(.*)\.yourdomain\.com$ [NC] RewriteRule

^(.*)$

http://www.yourdomain.com /$1 [R=301,L]*

*kindly do needful*

Thanks & Regards,
Raviraj Shah







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: stopping scanning of TLDs

2017-11-08 Thread Chris Cheshire
On Wed, Nov 8, 2017 at 11:24 AM, Ray Holme  wrote:
> In a prior post, I asked if there was a way to see if a jar uses  a tag 
> library.
>   Chris responded - look for ".tld" in the files.
> So I looked (turns out ecj.. has no ".tld":
> $ grep "tld" *.jarBinary file catalina-storeconfig.jar matches
> Binary file ecj-4.6.1.jar matches
> Binary file tomcat-util-scan.jar matches
> I am just trying to find a reliable way to see if there is TAG library.
>

Ray, instead of doing a grep on the jar contents as a whole, do it
based upon the file names within the jar and match the files ending in
'.tld'

$ jar tf tomcat-util-scan.jar | grep "\.tld$"
$ jar tf catalina-storeconfig.jar | grep "\.tld$"
$ jar tf ecj-4.6.3.jar | grep "\.tld$"
$ jar tf javax.servlet.jsp.jstl-1.2.1.jar | grep "\.tld$"
META-INF/fmt-1_0-rt.tld
META-INF/scriptfree.tld
META-INF/fmt-1_0.tld
META-INF/x-1_0.tld
META-INF/sql.tld
META-INF/c.tld
META-INF/x-1_0-rt.tld
META-INF/sql-1_0.tld
META-INF/sql-1_0-rt.tld
META-INF/permittedTaglibs.tld
META-INF/x.tld
META-INF/c-1_0-rt.tld
META-INF/c-1_0.tld
META-INF/fn.tld
META-INF/fmt.tld


Chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: non www to www URL Rewrite

2017-11-08 Thread RAVIRAJ SHAH
Sorry for my language
my query with example

Let's say my website domain is "example.com"
Now I want to redirect "example.com" to "www.example.com"
Kindly share how I can achieve it

On Wed, Nov 8, 2017, 19:08 André Warnier (tomcat)  wrote:

> On 08.11.2017 14:30, RAVIRAJ SHAH wrote:
> > Anybody please help
>
> I think that you first try to communicate more clearly what you want to
> achieve.
> "redirect non-www URL to www URL only"
> does not appear to make much sense.
>
> Also please send your message to the list as *plain text*, not html.
> It will make it easier to read configuration lines below which look like
> URL's.
>
>
> >
> > On Tue, Nov 7, 2017, 12:00 RAVIRAJ SHAH  wrote:
> >
> >> Dear All,
> >>
> >> Kindly request you to help to resolve this issue
> >>
> >> Problem Statement :
> >> we want to redirect non-www URL to www URL only
> >>
> >> Current setup :
> >>
> >> Defined rewrite valve in server.xml as below
> >>
> >>
> >>  >> "true">
> >>
> >>
> >>
> >>   />
> >>
> >>
> >>
> >> 
> >>
> >> Created rewrite.config file in ../conf/Catalina//
> >>
> >>
> >> *RewriteCond %{HTTP_HOST} !^(.*)\.yourdomain\.com$ [NC] RewriteRule
> ^(.*)$
> >> http://www.yourdomain.com /$1 [R=301,L]*
> >>
> >> *kindly do needful*
> >>
> >> Thanks & Regards,
> >> Raviraj Shah
> >>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


Re: stopping scanning of TLDs

2017-11-08 Thread Ray Holme
In a prior post, I asked if there was a way to see if a jar uses  a tag library.
  Chris responded - look for ".tld" in the files.
So I looked (turns out ecj.. has no ".tld":
$ grep "tld" *.jarBinary file catalina-storeconfig.jar matches
Binary file ecj-4.6.1.jar matches
Binary file tomcat-util-scan.jar matches 
I am just trying to find a reliable way to see if there is TAG library.

On Wednesday, November 8, 2017 10:29 AM, Mark Thomas  
wrote:
 

 On 08/11/2017 12:59, Ray Holme wrote:



> The following three are interesting as they are in the tomcat distributed 
> list of NOT-TO_SCAN and have .tlds:  catalina-storeconfig.jar; ecj-4.6.1.jar; 
> tomcat-util-scan.jar

No, they don't. What led you to conclude that they did?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



   

Re: Supported callbacks in Tomcat JASPIC implementation

2017-11-08 Thread Lazar Kirchev
Yes, my mistake - 3.5, not 4.5. But the content is the same.

Thanks Mark!

On Wed, Nov 8, 2017 at 5:38 PM, Mark Thomas  wrote:

> On 08/11/2017 12:00, Lazar Kirchev wrote:
> > Hello,
> >
> > According to the JASSPIC spec version 1.1, chapter 4.5, The
> CallbackHandler
> > should support CallerPrincipalCallback, GroupPrincipalCallback,
> > PasswordValidationCallback, as well as CertStoreCallback,
> > PrivateKeyCallback, SecretKeyCallback and TrustStoreCallback.
>
> Chapter 4 is the SOAP profile.
>
> You want to look at Chapter 3 which is the Servlet Container profile.
>
> > However, in Tomcat 8.5.*
> > org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl supports
> only
> > CallerPrincipalCallback and GroupPrincipalCallback. Are there any plans
> to
> > add support for the others?
>
> There are no plans to extend the JASPIC implementation at this time.
>
> Patches welcome.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


Re: Supported callbacks in Tomcat JASPIC implementation

2017-11-08 Thread Mark Thomas
On 08/11/2017 12:00, Lazar Kirchev wrote:
> Hello,
> 
> According to the JASSPIC spec version 1.1, chapter 4.5, The CallbackHandler
> should support CallerPrincipalCallback, GroupPrincipalCallback,
> PasswordValidationCallback, as well as CertStoreCallback,
> PrivateKeyCallback, SecretKeyCallback and TrustStoreCallback.

Chapter 4 is the SOAP profile.

You want to look at Chapter 3 which is the Servlet Container profile.

> However, in Tomcat 8.5.*
> org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl supports only
> CallerPrincipalCallback and GroupPrincipalCallback. Are there any plans to
> add support for the others?

There are no plans to extend the JASPIC implementation at this time.

Patches welcome.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: stopping scanning of TLDs

2017-11-08 Thread Mark Thomas
On 08/11/2017 12:59, Ray Holme wrote:



> The following three are interesting as they are in the tomcat distributed 
> list of NOT-TO_SCAN and have .tlds:  catalina-storeconfig.jar; ecj-4.6.1.jar; 
> tomcat-util-scan.jar

No, they don't. What led you to conclude that they did?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



tomcat-jdbc connection return to pool and SQL Warnings

2017-11-08 Thread Benoit Wiart
Hi,

It looks like Connection#clearWarnings() is not called on the proxied jdbc
connection when the connection is returned to the pool.

Is this something missing or that's a design choice ?

In our use case :
1 - borrow a connection from the pool
2 - use it ->  the driver set a SQLWarning on the connection
3 - return (close) the connection to the pool
4 - borrow a connection from the pool
5 - the connection still has the SQLWarning

Benoit


Re: Start embedded Tomcat 9.0.1 server from java code

2017-11-08 Thread Maxim Solodovnik
Thanks a lot for the review Konstantin,
I have correct our tests :)

Will Also contact CXF project
This code was taken from their tests: [1] :))

[1]
https://github.com/apache/cxf/blob/master/systests/cdi/base/src/main/java/org/apache/cxf/systests/cdi/base/tomcat/AbstractTomcatServer.java#L45


On Wed, Nov 8, 2017 at 6:08 PM, Konstantin Kolinko 
wrote:

> I have several comments on
> [1] https://github.com/apache/openmeetings/blob/master/
> openmeetings-web/src/test/java/org/apache/openmeetings/webservice/
> AbstractWebServiceTest.java#L98
>
>
> 2017-11-07 20:07 GMT+03:00 Tobias Soloschenko
> :
> > Hi Maxim,
> >
> > same for me I just created a simple setup like this:
> >
> > String baseDir =".";
> > String webappDirLocation = "src/main/webapp/";
> > String webxmlDirLocation = "src/main/webapp/WEB-INF/web.xml";
> > Tomcat tomcat = new Tomcat();
> > tomcat.setPort(8080);
>
> 1) Maybe you will want to update the test to use a random port number,
> so that several tests could be run in parallel.
>
> Use connector.setPort(0) to enable random port number feature (see
> TomcatBaseTest.setUp())
> followed by connector.getLocalPort(); after startup  (see
> TomcatBaseTest.getPort())
>
> http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/
> catalina/startup/TomcatBaseTest.java?revision=1812119=markup#l146
>
> An example of a simple test case and use of getPort():
> http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/
> catalina/startup/TestTomcat.java?revision=1769263=markup#l189
>
> 2) Tomcat tests use address="localhost" on connector.
> See TomcatBaseTest.setUp()
>
> Running with localhost avoids opening ports on a public interface.
>
> (When running on Windows its Firewall pops up a dialog and asks
> whether to allow network access for this software.
> Using localhost avoid this dialog.)
>
> > tomcat.setBaseDir(baseDir);
> > tomcat.getHost().setAppBase(baseDir);
> > tomcat.getHost().setDeployOnStartup(true);
> > tomcat.getHost().setAutoDeploy(true);
> > tomcat.enableNaming();
> > StandardContext ctx = (StandardContext)
> tomcat.addWebapp("/project", new File(webappDirLocation).
> getAbsolutePath());
> > File additionWebInfClasses = new File("target/classes");
> > WebResourceRoot resources = new StandardRoot(ctx);
> > resources.addPreResources(new DirResourceSet(resources,
> "/WEB-INF/classes",
> > additionWebInfClasses.getAbsolutePath(), "/"));
> > ctx.setResources(resources);
> > ctx.setDefaultWebXml(new File(webxmlDirLocation).
> getAbsolutePath());
> > tomcat.start();
> > tomcat.getServer().await();
> >
>
> 3) In an automated test both "deployOnStartup" and "autoDeploy" flags
> should be set to "false".
>
> Do you want that any random files and directories created in a
> temporary directory (baseDir) to be auto-deployed
> and exposed as web applications in Tomcat?  I guess that you do not
> want that, so set those flags to false.
>
> Tomcat.addWebapp explicitly configures a web application.
> Auto-deployment is not needed.
>
> > I just placed in a Servlet into my classpath and applied the mapping in
> the web.xml - with the dependencies of tomcat-embed-core and
> tomcat-embed-jasper of version 9.0.1 it is not working and with 8.5.23 it
> does.
> >
> > Here is the log of both.
> > [...]
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
WBR
Maxim aka solomax


Re: non www to www URL Rewrite

2017-11-08 Thread tomcat

On 08.11.2017 14:30, RAVIRAJ SHAH wrote:

Anybody please help


I think that you first try to communicate more clearly what you want to achieve.
"redirect non-www URL to www URL only"
does not appear to make much sense.

Also please send your message to the list as *plain text*, not html.
It will make it easier to read configuration lines below which look like URL's.




On Tue, Nov 7, 2017, 12:00 RAVIRAJ SHAH  wrote:


Dear All,

Kindly request you to help to resolve this issue

Problem Statement :
we want to redirect non-www URL to www URL only

Current setup :

Defined rewrite valve in server.xml as below






 





Created rewrite.config file in ../conf/Catalina//


*RewriteCond %{HTTP_HOST} !^(.*)\.yourdomain\.com$ [NC] RewriteRule ^(.*)$
http://www.yourdomain.com /$1 [R=301,L]*

*kindly do needful*

Thanks & Regards,
Raviraj Shah







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: non www to www URL Rewrite

2017-11-08 Thread RAVIRAJ SHAH
Anybody please help

On Tue, Nov 7, 2017, 12:00 RAVIRAJ SHAH  wrote:

> Dear All,
>
> Kindly request you to help to resolve this issue
>
> Problem Statement :
> we want to redirect non-www URL to www URL only
>
> Current setup :
>
> Defined rewrite valve in server.xml as below
>
>
>  "true">
>
>
>
> 
>
>
>
> 
>
> Created rewrite.config file in ../conf/Catalina//
>
>
> *RewriteCond %{HTTP_HOST} !^(.*)\.yourdomain\.com$ [NC] RewriteRule ^(.*)$
> http://www.yourdomain.com /$1 [R=301,L]*
>
> *kindly do needful*
>
> Thanks & Regards,
> Raviraj Shah
>
>


stopping scanning of TLDs

2017-11-08 Thread Ray Holme
Using Chris's algorithm, I searched for ".tld" in all jars used by both tomcat 
and my application extending it.
The following two were in my .../WEB-INF/lib directory and needed to NOT be in 
the list of NOT-TO_SCAN   i.e. ...  they need to be scanned:  
jasperreports-5.1.0.jar matches;  jstl-impl-1.2.jar matches
The following three are interesting as they are in the tomcat distributed list 
of NOT-TO_SCAN and have .tlds:  catalina-storeconfig.jar; ecj-4.6.1.jar; 
tomcat-util-scan.jar
The latter 3 are more interesting as I am surprised they are there (except for 
the last one :=]]] )


Supported callbacks in Tomcat JASPIC implementation

2017-11-08 Thread Lazar Kirchev
Hello,

According to the JASSPIC spec version 1.1, chapter 4.5, The CallbackHandler
should support CallerPrincipalCallback, GroupPrincipalCallback,
PasswordValidationCallback, as well as CertStoreCallback,
PrivateKeyCallback, SecretKeyCallback and TrustStoreCallback.

However, in Tomcat 8.5.*
org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl supports only
CallerPrincipalCallback and GroupPrincipalCallback. Are there any plans to
add support for the others?

Regards,
Lazar


Re: Start embedded Tomcat 9.0.1 server from java code

2017-11-08 Thread Konstantin Kolinko
I have several comments on
[1] 
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/java/org/apache/openmeetings/webservice/AbstractWebServiceTest.java#L98


2017-11-07 20:07 GMT+03:00 Tobias Soloschenko
:
> Hi Maxim,
>
> same for me I just created a simple setup like this:
>
> String baseDir =".";
> String webappDirLocation = "src/main/webapp/";
> String webxmlDirLocation = "src/main/webapp/WEB-INF/web.xml";
> Tomcat tomcat = new Tomcat();
> tomcat.setPort(8080);

1) Maybe you will want to update the test to use a random port number,
so that several tests could be run in parallel.

Use connector.setPort(0) to enable random port number feature (see
TomcatBaseTest.setUp())
followed by connector.getLocalPort(); after startup  (see
TomcatBaseTest.getPort())

http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java?revision=1812119=markup#l146

An example of a simple test case and use of getPort():
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java?revision=1769263=markup#l189

2) Tomcat tests use address="localhost" on connector.
See TomcatBaseTest.setUp()

Running with localhost avoids opening ports on a public interface.

(When running on Windows its Firewall pops up a dialog and asks
whether to allow network access for this software.
Using localhost avoid this dialog.)

> tomcat.setBaseDir(baseDir);
> tomcat.getHost().setAppBase(baseDir);
> tomcat.getHost().setDeployOnStartup(true);
> tomcat.getHost().setAutoDeploy(true);
> tomcat.enableNaming();
> StandardContext ctx = (StandardContext) tomcat.addWebapp("/project", 
> new File(webappDirLocation).getAbsolutePath());
> File additionWebInfClasses = new File("target/classes");
> WebResourceRoot resources = new StandardRoot(ctx);
> resources.addPreResources(new DirResourceSet(resources, 
> "/WEB-INF/classes",
> additionWebInfClasses.getAbsolutePath(), "/"));
> ctx.setResources(resources);
> ctx.setDefaultWebXml(new File(webxmlDirLocation).getAbsolutePath());
> tomcat.start();
> tomcat.getServer().await();
>

3) In an automated test both "deployOnStartup" and "autoDeploy" flags
should be set to "false".

Do you want that any random files and directories created in a
temporary directory (baseDir) to be auto-deployed
and exposed as web applications in Tomcat?  I guess that you do not
want that, so set those flags to false.

Tomcat.addWebapp explicitly configures a web application.
Auto-deployment is not needed.

> I just placed in a Servlet into my classpath and applied the mapping in the 
> web.xml - with the dependencies of tomcat-embed-core and tomcat-embed-jasper 
> of version 9.0.1 it is not working and with 8.5.23 it does.
>
> Here is the log of both.
> [...]

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org