Tomcat with half open tcp sockets

[Alex O'Ree]

Does tomcat detect or mitigate against half open tcp connections? I
recently ran into an issue where something in between a java jaxws client
and a jaxws service running in tomcat is interfering with the tcp stream.
Resolving this client side has been a challenge due the transmitting thread
hanging forever waiting to read from the remote server and not being able
to be interrupted or aborted. While troubleshooting this, it dawned on me
that services running in tomcat may run into a similar problem and was
wondering if tomcat has any safe guards for this scenario. If it does, what
is the strategy used? I'm thinking maybe I can something similar client
side.

Re: SSL on Tomcat

[Loai Abdallatif]

Thanks Chris, but how to do it, should I copy the ssl certificate from
Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111
in server.xml .
any idea please

On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Loai,
>
> On 9/27/18 10:50, Loai Abdallatif wrote:
> > Hello,
> >
> > I have Set Apache Load Balancer ( ModJK) with Server IP
> > 192.168.1.120 (Webserver01.epsilon.test)  which forward the traffic
> > to tomcat server .(192.168.1.111 (appserver01.epsilon.test)
> >
> > each tomcat server has three workers ( 0,1,2)
> >
> > I deployed *Central Authentication Service* (CAS)  on Worker0  and
> > its is working with warning related to ssl Certificate, I have
> > another Application on this worker0 called ServiceCatalog
> > unfortunatly it didnt work and gave error as below
> >
> >
> > ERROR org.jasig.cas.client.util.CommonUtils -
> > sun.security.validator.ValidatorException: PKIX path building
> > failed
> >  : sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested
> >  target javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building
> > failed: sun.sec
> >  urity.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target
>
> As Guido says, your client (org.jasig.cas.client) does not trust the
> server it's trying to connect to.
>
> Is the server in this case the one you set up above? It's not clear
> exactly what you are trying to do.
>
> There is nothing you can change with Tomcat to fix this error... you
> must configure your client to trust the server.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluurMsACgkQHPApP6U8
> pFiGARAAk5GnoU7+3tk16yh+cCme1mzPZiEUf0y1uE8CK74zaNB4OXbeF6iuNOEm
> 9OP5MV6zyQC/NxI+DSlUzN32ZUEDLKSw7OUcMmhBfrZs690NEChHTJV9p/EpC7NS
> 8LwMU/r3MFrvpkaLuPQsq+DbzbNRefh6+eOEhGTT3WtwW6SYtXxNUbBz4WmCSTrz
> LHPYGTpUT19CX2BE5sNQeV5F4/ul3fLSMuVp4RryVo4BLQKBwh/rexb1fUbsdxyn
> /v3HyCgreuhFV7DVMF+BuA46sccOm6kScMf7r9LrDioMswZvn79dFGgo9qMDgCWE
> 37j7Dnv72GdtlkkNAkP9sKm413B4LzAhuL56bAyK+3SRRKuiqDPgq+4tcEOsIb4u
> j6j3ZtJbpoojibAuNZWcvR3kjEPfCDUnRa6JSKXu1Y7Bekr3kLYbiGtOVWXi0ozs
> 9zzq8D7lqSDD7b0UhuZ22yuR0OBZMlxn0/ELH0GNikyLuwAd3UrrcNXfL7kpl5P9
> BFSEnpZ8uD7bhXrkVCBdM+ktXrCYS8StEIFNwXe5WeUbLdXoCDNKvlKgZKq2/IkD
> /Zjh44ecYr8TNdfvyNJxL2YGTUZcfwyZETrMX/1ont7VfFU/xHuh1DE6R60vAtfB
> 8nEsqNc+FFocsKlEwQbVyt0XP54DPfPGzXX544NLfbaIr2/2JOk=
> =Bjfw
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>