tomcat with laptop + windows sleep

2018-05-22 Thread Alex O'Ree 
I've noticed a behavioral difference from tomcat 7 to 8.5. In v7, I used to
be able to put a computer to "sleep" with tomcat running. On resume,
everything would be just fine. On tomcat 8.5, i'm noticing that all
database connections are basically dropped and do not appear to to
restart/resume when the computer resumes. Actually the whole computer runs
super slow until i kill the tomcat process. I'm not entirely sure what's
going on here. Has anyone else noticed this kind of behavior?

Querying Microsoft LDAP with Java

2018-05-22 Thread Laurie Miller-Cook 
Hi there,

This is a bit of a long shot but I wanted to see if anyone could assist.

I have an installation of SAP Enable Now, which is a war file placed within 
Tomcat.

As part of the installation I need to query the MS LDAP server to get a list of 
the users. I know that the connection to the LDAP server is working as I can 
import a list of Groups into Enable Now, but when I try specifying to pull the 
users from a security group I get nothing.

I use the below LDAP Query, which I have tested in a custom search on the 
Windows server and it does return the list of users that I am after.

(&(objectClass=User)(memberOf:1.2.840.113556.1.4.1914:= 
CN=Users,OU=Distribution Groups,OU=Finance,OU=London Campus,OU=United 
Kingdom,OU=Europe,DC=global,DC=

[cid:image008.jpg@01D1C255.36AD22A0]
t: +44 (0)1252 607220
w: www.larmerbrown.com
8 Murrell Green Business Park, London Road, Hook, Hampshire, RG27 9GR UK
[cid:image009.png@01D1C255.36AD22A0][cid:image010.png@01D1C255.36AD22A0][cid:image011.png@01D1C255.36AD22A0][cid:image012.png@01D1C255.36AD22A0][cid:image013.jpg@01D1C255.36AD22A0][cid:image014.png@01D1C255.36AD22A0]

Re: Updating a working installation

2018-05-22 Thread logo 

Hi,

Am 11.05.2018 15:47, schrieb Mark H. Wood:

"Is there an easy way?"  Depends on what you find easy. :-/

I usually just load old and new server.xml into a maximized Emacs with
two windows, and thoughtfully copy stuff over, after reading the
release notes to learn of stuff to look out for.  Other configuration
I usually don't touch, and webapp.s should just copy over without much
trouble.

As for the keystore:  I've recently moved that out of my Tomcat
configurations into the place where I keep other certificates and
keys, and I configure Tomcat to look for it there.  So I just copy
those settings over and the keystore stays where it was.

I also tend to install the webapp.s elsewhere and just drop in
external Context files to point to them, so copying these is a snap.


Nobody mentioned the usage of CATALINA_BASE vs. CATALINA_HOME

Besides diffing the conf-dirs I just update CATALINA_HOME with the new 
version, restart and then it's done.


Best regards

Peter

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: configuring ciphers for SSL Labs server test

2018-05-22 Thread logo 

Hi Baron,


Am 12.05.2018 05:36, schrieb Baron Fujimoto:

Hmm, I'm now getting an A grade using:



If I'm sufficiently motivated next week, I'll see if I can sort out 
exactly what

the deal was. But for now, it's Friday and pau hana time...

(yes, tomcat 8.5.x and Java 1.8_x)

On Fri, May 11, 2018 at 07:39:25AM +0100, Mark Thomas wrote:

On 11/05/18 03:35, Baron Fujimoto wrote:
Yes, the host is behind an F5 load balacer, but AFAIK it should be 
passing

all the TLS/SSL directly to the real host to handle.


You don't say which Tomcat version is being used. I assume one of the
8.5.x versions since the 8.5.x docs are referenced.

8.5.x should get an A from SSLLabs with the default configuration:
https://wiki.apache.org/tomcat/Security/Ciphers

I recently updated that page but 8.5.x was getting a A two years ago 
as

well.

Are you sure Java 8 is being used?

Mark




On Thu, May 10, 2018 at 11:23:44PM +, Scott Hoenigman wrote:

Are you using a load balancer?



Sent from my T-Mobile 4G LTE Device


 Original message 
From: David Wall 
Date: 5/10/18 6:15 PM (GMT-06:00)
To: users@tomcat.apache.org
Subject: Re: configuring ciphers for SSL Labs server test

We're doing good with this:




On 5/10/18 2:45 PM, Baron Fujimoto wrote:
I'm trying to improve our grade on SSL Labs SSL server test[1] for 
our
Tomcat configuraton. Currently, their report caps our grade at B 
because,
"This server does not support Authenticated encryption (AEAD) 
cipher

suites". They report that we support the following cipher suites:

# TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

# TLS 1.1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

I'm not sure why SSL Labs is seeing such a limited set of ciphers. 
We are

using Java 1.8.0_162, and I believe we have the Java Cryptography
Extension (JCE) properly installed. I have the following connector
defined (this version explicitly lists ciphers I think should 
satisfy the

AEAD cipher requirement[2]):

 protocol="org.apache.coyote.http11.Http11NioProtocol"

address="0.0.0.0"
port="8443"
maxThreads="500"
maxPostSize="10"
scheme="https" secure="true"
defaultSSLHostConfigName="foo.example.edu"
SSLEnabled="true" >
 
ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK

:!TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
:!TLS_DHE_RSA_WITH_AES_128_CBC_SHA
:!TLS_DHE_RSA_WITH_AES_256_CBC_SHA

:!TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

:!TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

:!TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

:!TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

:!TLS_RSA_WITH_AES_128_CBC_SHA
:!TLS_RSA_WITH_AES_256_CBC_SHA
:!TLS_RSA_WITH_AES_128_CBC_SHA256
:!TLS_RSA_WITH_AES_256_CBC_SHA256
:!TLS_RSA_WITH_AES_128_GCM_SHA256
:!TLS_RSA_WITH_AES_256_GCM_SHA384

:!TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

:!TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

:TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384

:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

:TLS_DHE_RSA_WITH_AES_128_CBC_SHA
:TLS_DHE_RSA_WITH_AES_256_CBC_SHA

:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" >

   
certificateKeystoreFile="/home/cas/keystore/foo.pkcs12.keystore" >

Re: log4j

2018-05-22 Thread Luis Rodríguez Fernández 
Hello Chris,

You can have a look here:
https://logging.apache.org/log4j/2.x/log4j-appserver/index.html

Hope it helps,

Luis

2018-05-18 19:55 GMT+02:00 George Stanchev :

> Depends on what you're asking. If you're asking to use log4j to capture
> Tomcat logging, then the answer is - you can't but you can use Log4j2 or
> JULI. If the question is how to use log4j for your apps deployed under
> Tomcat, then answer can be found easily...
>
> From: Cheltenham, Chris 
> Sent: Friday, May 18, 2018 7:50 AM
> To: 'Tomcat Users List' 
> Subject: log4j
>
> Hello,
>
> How do I configure Tomcat 8.5.x to use log4j?
>
> Is there a good document to follow?
>
> I am not very familiar with java but it looks like you configure to logs
> to accept java logging for Tomcat.
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett