Re: Tomcat 8.5.51 fails

2020-02-13 Thread kohmoto 

Thank you for your links.
Now, I fully understand what I should make a change to 
server.xml.


Thank you.

Yours truly,
Kazuhiko Kohmoto

On 2020/02/13 19:17, Olaf Kock wrote:

On 13.02.20 10:36, kohm...@iris.eonet.ne.jp wrote:

On 2020/02/13 18:25, André Warnier (tomcat/perl) wrote:

Check in the file (tomcat_dir)/conf/server.xml, the Connector :

     

The setting is the same as mine.

I have use server.xml used in 8.5.50. In case of 8.5.50, I have no
problem.

Please notice, I have been using Tomcat for 5 years with updates.
Why this time?


Because this time, security relevant defaults changed: See these recent
commits on the git mirror:

https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75#diff-8dc0090e11bd1ca2caa389bb79d52262

https://github.com/apache/tomcat/commit/2becbfd3228942a18b663ca715ee9c9b80743120#diff-8dc0090e11bd1ca2caa389bb79d52262




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.51 fails

2020-02-13 Thread kohmoto 

Thank you for your kind response to my mail.
I read the changinglog. I might understand the contents.

Thank you.

Yours truly,
Kazuhiko Kohmoto

On 2020/02/13 19:26, Olaf Kock wrote:

On 13.02.20 11:17, Olaf Kock wrote:

On 13.02.20 10:36, kohm...@iris.eonet.ne.jp wrote:

On 2020/02/13 18:25, André Warnier (tomcat/perl) wrote:

Check in the file (tomcat_dir)/conf/server.xml, the Connector :

     

The setting is the same as mine.

I have use server.xml used in 8.5.50. In case of 8.5.50, I have no
problem.

Please notice, I have been using Tomcat for 5 years with updates.
Why this time?

Because this time, security relevant defaults changed: See these recent
commits on the git mirror:

https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75#diff-8dc0090e11bd1ca2caa389bb79d52262

https://github.com/apache/tomcat/commit/2becbfd3228942a18b663ca715ee9c9b80743120#diff-8dc0090e11bd1ca2caa389bb79d52262

Or, even better digestible (I hit 'send' too early):

Mark's announcement of the availability contained:


- AJP defaults changed to listen the loopback address, require a

secret and to be disabled in the sample server.xml

And the changelog on
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html for 8.5.51
contains this information on AJP:

   * Update: Disable (comment out in server.xml) the AJP/1.3 connector by
 default. (markt)
   * Update: Change the default bind address for the AJP/1.3 connector to
 be the loopback address. (markt)
   * Add: Rename the |requiredSecret| attribute of the AJP/1.3 Connector
 to |secret| and add a new attribute |secretRequired| that defaults
 to |true|. When |secretRequired| is |true| the AJP/1.3 Connector
 will not start unless the |secret| attribute is configured to a
 non-null, non-zero length String. (markt)
   * Add: Add a new attribute, |allowedRequestAttributesPattern| to the
 AJP/1.3 Connector. Requests with unrecognised attributes will be
 blocked with a 403. (markt)

There's also a discussion on the "Re: [ANN] Apache Tomcat 9.0.31
available" thread on this changed default that might give you some
background.

I hope, this helps,

Olaf





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.51 fails

2020-02-13 Thread kohmoto 

Dear André Warnier,

Thank you for the following-up. I now am understanding what 
I should make a change on server.xml.


Thank you for your kind response and Tomcat Users List's 
conversation.


Yours truly,
Kazuhiko Kohmoto

PS.
Sorry, not response to you quickly, because in Japan time 
was night.

Thank you.



On 2020/02/13 20:21, André Warnier (tomcat/perl) wrote:
In any case, it seems that for now, you will have to 
modify the AJP Connector configuration in server.xml, to 
make it work with 8.5.51 and above, and add an explicit



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JVM job for Tomcat taking lots and lots of CPU

2020-02-13 Thread James H. H. Lampert 
Last night, we switched the customer box in question from running Tomcat 
under Java 7 (64-bit) to Java 8 (64-bit), and all day today, the 
processor load from the Tomcat server has been dramatically lighter. I 
haven't seen the overall CPU over around 70% today, and haven't seen the 
Tomcat's JVM job usage over 30% (as I type this, the overall is at 
48.1%, of which the JVM job is a mere 7.8%), where before, it was 
peaking at full saturation, with the Tomcat JVM job alone accounting for 
as much as 90% or more.


I am cautious about this, but I think maybe just the switch to Java 8 
alone has solved the problem.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

EOL of Apache Tomcat 9

2020-02-13 Thread Reneesh K 
 Team,

What is the EOL Date for Apache Tomcat 9?

Best Regards,
Reneesh K

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Christopher Schultz 

Stafan,

On 2/13/20 14:56, Stefan Mayr wrote:

Hi Chris,

Am 13.02.2020 um 15:31 schrieb Christopher Schultz:

[snip]
The answer to the question "why change the default?" is: "because the
default was essentially insecure, in a way that wasn't obvious to
someone who wasn't paying close attention."

So we are forcing users to pay closer attention. If you want to open
your AJP instance to the "whole world", then you can explicitly bind
to 0.0.0.0/:: just as the previous default. Similarly, if you don't
want to use the "secret" setting, then you can explicitly disable it.
But the defaults will no longer let you be "insecure" without knowing it
.

Obviously, there are ways to have a "secure" installation while using
0.0.0.0/:: and/or secretRequired="false". But having those things in
the configuration right in front of you make it clear that some
decision has been made, rather than hiding (potential) danger behind
insecure defaults.


Okay, security is important. I'm a huge fan of secure by default and
minimal default setups instead all features enabled.
But I still don't understand what makes makes the AJP connector or the
protocol itself so insecure. I really don't know much about it. So far
this has been a technology that just works for me. Is really AJP the
culprit or are you just closing all windows on the "house of tomcat" so
everybody has to use the "front door" http?


If you use the HTTP connector, you can use TLS. There is no TLS 
equivalent for AJP. If you have your proxy on localhost, then there is 
minimal danger (and you can bind to 127.0.0.1 safely, so no problem). If 
your proxy is elsewhere, you *really should* be using HTTPS (for HTTP) 
or something like stunnel. If you are using stunnel, then localhost 
binding is again what you want.


It's much more obvious when you look at the HTTP connector and say "hey, 
that doesn't gave any TLS config on it -- let's fix that". AJP is a 
magic mystery to lots of people and they may think that because it's 
binary, it's secure. It is not.



Because if having an open connector is really the argument the http
connector would also (by default) have to bind to localhost only. Same
as with AJP: you have to make a clear decision in the configuration to
open it to the public. Is this something we have to expect in the future?


The AJP connector also trusts the incoming connection in a way that the 
HTTP connectors do not. For example, you need to configure the 
RemoteIPValve[1] if you want to inherit the client's IP address for 
things like log files when using HTTP, but you get it "for free" with 
AJP. Making the decision to add the RemoteIPValve is a security choice 
that you don't get to make with AJP -- that choice is made for you and 
you can't turn it off.


So it's best to force users to make security choices that they actually 
know about, instead of us making those choices for them in ways that can 
be potentially harmful. Maybe not hideously harmful... wrong IPs in your 
log file? Maybe not a huge deal for you. But for others, it may cause a 
violation of a required security control.



Will this disrupt some environments? Yes, it will. But the path to
fixing it is to make one (or two) small edits to your configuration
files which are surely under revision-control and automatically
pushed-out to these hundreds-of-nodes clusters everyone is worried
about, right? Well, then, change your configs and push them out there
along with your upgrade of Tomcat and all will be well.
[snip]


Automation is the right keyword. Sometimes it is a solution, sometimes
this also causes additional problems. In our specific case the
configuration management system generates server.xml from templates.
Currently it can only use different templates for different major
versions (7,8 or 9). Not having tried that yet I would add the new ajp
connector parameters in those templates to reflect the old defaults.
That would us gain some time to change the configuration management
while rolling out new Tomcat versions without breaking things. Now the
critical question: will this break the previous versions or will they
just ignore unkown parameters?


It's safe to put it in now, in preparation for a future upgrade.

-chris

[1] 
http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valve


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Mark Thomas 
On 13/02/2020 19:56, Stefan Mayr wrote:
> Hi Chris,
> 
> Am 13.02.2020 um 15:31 schrieb Christopher Schultz:
>> [snip]
>> The answer to the question "why change the default?" is: "because the
>> default was essentially insecure, in a way that wasn't obvious to
>> someone who wasn't paying close attention."
>>
>> So we are forcing users to pay closer attention. If you want to open
>> your AJP instance to the "whole world", then you can explicitly bind
>> to 0.0.0.0/:: just as the previous default. Similarly, if you don't
>> want to use the "secret" setting, then you can explicitly disable it.
>> But the defaults will no longer let you be "insecure" without knowing it
>> .
>>
>> Obviously, there are ways to have a "secure" installation while using
>> 0.0.0.0/:: and/or secretRequired="false". But having those things in
>> the configuration right in front of you make it clear that some
>> decision has been made, rather than hiding (potential) danger behind
>> insecure defaults.
> 
> Okay, security is important. I'm a huge fan of secure by default and
> minimal default setups instead all features enabled.
> But I still don't understand what makes makes the AJP connector or the
> protocol itself so insecure. I really don't know much about it. So far
> this has been a technology that just works for me. Is really AJP the
> culprit or are you just closing all windows on the "house of tomcat" so
> everybody has to use the "front door" http?

AJP is fundamentally different to HTTP. AJP assumes that the client is
trusted (and by implication that the network connection between the
client and the server is secure). HTTP does not.

There has been some discussion around the topic "Should we deprecate
support for AJP?" but I don't think we are close to consensus on that.
My own view is that while you can use either AJP or HTTP in any
situation, there are some situations where one is better suited that the
other and for that reason I see us keeping both for now. Might that
position change in the future? Maybe, but it looks to be at least a
couple of major versions away if it happens at all.

> Because if having an open connector is really the argument the http
> connector would also (by default) have to bind to localhost only. Same
> as with AJP: you have to make a clear decision in the configuration to
> open it to the public. Is this something we have to expect in the future?

I don't see similar changes ever being made to the HTTP Connector.

>> [snip]
>>
>> Will this disrupt some environments? Yes, it will. But the path to
>> fixing it is to make one (or two) small edits to your configuration
>> files which are surely under revision-control and automatically
>> pushed-out to these hundreds-of-nodes clusters everyone is worried
>> about, right? Well, then, change your configs and push them out there
>> along with your upgrade of Tomcat and all will be well.
>> [snip]
> 
> Automation is the right keyword. Sometimes it is a solution, sometimes
> this also causes additional problems. In our specific case the
> configuration management system generates server.xml from templates.
> Currently it can only use different templates for different major
> versions (7,8 or 9). Not having tried that yet I would add the new ajp
> connector parameters in those templates to reflect the old defaults.
> That would us gain some time to change the configuration management
> while rolling out new Tomcat versions without breaking things. Now the
> critical question: will this break the previous versions or will they
> just ignore unkown parameters?

You should see a warning about the unrecognised attribute but it should
otherwise be ignored.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Stefan Mayr 
Hi Chris,

Am 13.02.2020 um 15:31 schrieb Christopher Schultz:
> [snip]
> The answer to the question "why change the default?" is: "because the
> default was essentially insecure, in a way that wasn't obvious to
> someone who wasn't paying close attention."
> 
> So we are forcing users to pay closer attention. If you want to open
> your AJP instance to the "whole world", then you can explicitly bind
> to 0.0.0.0/:: just as the previous default. Similarly, if you don't
> want to use the "secret" setting, then you can explicitly disable it.
> But the defaults will no longer let you be "insecure" without knowing it
> .
> 
> Obviously, there are ways to have a "secure" installation while using
> 0.0.0.0/:: and/or secretRequired="false". But having those things in
> the configuration right in front of you make it clear that some
> decision has been made, rather than hiding (potential) danger behind
> insecure defaults.

Okay, security is important. I'm a huge fan of secure by default and
minimal default setups instead all features enabled.
But I still don't understand what makes makes the AJP connector or the
protocol itself so insecure. I really don't know much about it. So far
this has been a technology that just works for me. Is really AJP the
culprit or are you just closing all windows on the "house of tomcat" so
everybody has to use the "front door" http?

Because if having an open connector is really the argument the http
connector would also (by default) have to bind to localhost only. Same
as with AJP: you have to make a clear decision in the configuration to
open it to the public. Is this something we have to expect in the future?

> [snip]
> 
> Will this disrupt some environments? Yes, it will. But the path to
> fixing it is to make one (or two) small edits to your configuration
> files which are surely under revision-control and automatically
> pushed-out to these hundreds-of-nodes clusters everyone is worried
> about, right? Well, then, change your configs and push them out there
> along with your upgrade of Tomcat and all will be well.
> [snip]

Automation is the right keyword. Sometimes it is a solution, sometimes
this also causes additional problems. In our specific case the
configuration management system generates server.xml from templates.
Currently it can only use different templates for different major
versions (7,8 or 9). Not having tried that yet I would add the new ajp
connector parameters in those templates to reflect the old defaults.
That would us gain some time to change the configuration management
while rolling out new Tomcat versions without breaking things. Now the
critical question: will this break the previous versions or will they
just ignore unkown parameters?

Regards,

  Stefan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Olivier Jaquemet 



On 13/02/2020 15:31, Christopher Schultz wrote:

My question would be "why do so many have AJP connectors where no
'address' attribute was specifically configured?"

The answer to the question "why change the default?" is: "because the
default was essentially insecure, in a way that wasn't obvious to
someone who wasn't paying close attention."

So we are forcing users to pay closer attention. If you want to open
your AJP instance to the "whole world", then you can explicitly bind
to 0.0.0.0/:: just as the previous default. Similarly, if you don't
want to use the "secret" setting, then you can explicitly disable it.
But the defaults will no longer let you be "insecure" without knowing it
.

Obviously, there are ways to have a "secure" installation while using
0.0.0.0/:: and/or secretRequired="false". But having those things in
the configuration right in front of you make it clear that some
decision has been made, rather than hiding (potential) danger behind
insecure defaults.

Why make this change in a point-release and not a major one? Because
we felt it was important enough to do so.

Will this disrupt some environments? Yes, it will. But the path to
fixing it is to make one (or two) small edits to your configuration
files which are surely under revision-control and automatically
pushed-out to these hundreds-of-nodes clusters everyone is worried
about, right? Well, then, change your configs and push them out there
along with your upgrade of Tomcat and all will be well.

- -chris



Thank you Christopher for those complements.
And thank you all for your disponibility.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Peter,

On 2/13/20 5:05 AM, logo wrote:
> 
> 
> Am 2020-02-13 10:57, schrieb Olivier Jaquemet:
>> On 13/02/2020 10:32, Rémy Maucherat wrote:
>>> On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
 On 13/02/2020 01:02, Stefan Mayr wrote:
>> - AJP defaults changed to listen the loopback address,
>> require a secret and to be disabled in the sample
>> server.xml
> [snip]
 Am I correct ? Why such a change ? Why no bugzilla issue for
 proper tracking and context ? What are your recommendations
 regarding AJP connector configuration ?
>>> It is obviously best to keep default configurations as stable
>>> as possible. But sometimes things have to change ... As a
>>> result, you'll indeed need to adjust your server.xml according
>>> to your deployment and AJP usage.
>> 
>> Thank you Rémy for taking the time to answer.
>> 
>> I understand the need to introduce a "secured by default" AJP 
>> configuration. However, I question one choice that was made for
>> this change : the default behavior of the AJP connector to listen
>> only on the loopback address.
>> 
> 
> +1
> 
>> This is the change which is, to me, the most questionable one.
>> Because to my understanding, any architecture in which a remote
>> Apache HTTPD is being used will require a *specific IP address of
>> the current host* to be specified in the address attribute of the
>> AJP connector. A specific IP address means that the server.xml is
>> no longer agnostic to the platfom it is being hosted on. Prior to
>> this, a server.xml file could be configured in such way that it
>> would never contain any hard coded value related to the current
>> host. With this change it is no longer possible. (unless I'm
>> missing something). For large deployment configuration, this does
>> seems a bit problematic. Do you understand my concern ? Is there
>> any way to address this ?
> 
> That's really difficult. Specifically in container environments
> where the container is started dynamically and the ip address
> shifts frequently. Access is done through dns or labels.

My question would be "why do so many have AJP connectors where no
'address' attribute was specifically configured?"

The answer to the question "why change the default?" is: "because the
default was essentially insecure, in a way that wasn't obvious to
someone who wasn't paying close attention."

So we are forcing users to pay closer attention. If you want to open
your AJP instance to the "whole world", then you can explicitly bind
to 0.0.0.0/:: just as the previous default. Similarly, if you don't
want to use the "secret" setting, then you can explicitly disable it.
But the defaults will no longer let you be "insecure" without knowing it
.

Obviously, there are ways to have a "secure" installation while using
0.0.0.0/:: and/or secretRequired="false". But having those things in
the configuration right in front of you make it clear that some
decision has been made, rather than hiding (potential) danger behind
insecure defaults.

Why make this change in a point-release and not a major one? Because
we felt it was important enough to do so.

Will this disrupt some environments? Yes, it will. But the path to
fixing it is to make one (or two) small edits to your configuration
files which are surely under revision-control and automatically
pushed-out to these hundreds-of-nodes clusters everyone is worried
about, right? Well, then, change your configs and push them out there
along with your upgrade of Tomcat and all will be well.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5FXaMACgkQHPApP6U8
pFgTYw/+IjsZW/64GZlOTuH2AcQALHGXrEfjSxQqmtG40DefwJegg6PbxwZFenJg
b9lns+vgq7SGmVWbOG8loVJg4yos6d5B2dIkwTD9KFIJU14xygSCkEMwLimP7Syi
lyFR90wH5+2rI5bpP1Iir9Ybt2+GBGPjzkcmRHNb+5E3xikfpZ3g5kE41mey+Y/A
Zx/R8CAqnSw161JMKysRrV4Jm+a30r3YQyll5m2CiGvP2zEc6gt4loQVXG0/ngQH
qUQOk1FMyUdRFgg6fKrm0uHaWyUxt+kNXkEC9d6oEAVziftGKmn91qkb+ywRFgme
hI/JJK+d2OKqXlj2OLHuZLPTojodOEckRzy4vArbSTnAAYO9f3xkb/DBqxYQSOk+
WFFbGYvgGtuwzmu3lliAPVNvUwMLqyu7aBfxDEugttHiwPh4bZUK7CxSoStHhda2
w8qqldItJC3dsxUw+u8czP/JSb1JR93lwo3/ryWIMJHMC0aECdv3W+Um87kjrGF9
FdNgevEmrhNlCBzARK/xJaVb3oHclHi6HRg7nIGdSsvNrrOqTgRCaAVQD/TFSYWh
Ej5x10Ai0MPZfy+4xqiedpc4Tw7sj6JLNBoXDxwlOhZhX4en31p0xuDdgqs6ScWS
ostbxlUJtQHVTa53mFca/yzj0OTDs8Xq/dNOr0y0hnl2UIR9IKY=
=0DJu
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread jonmcalexander 

From: Mark Thomas mailto:ma...@apache.org>>
Date: Thursday, Feb 13, 2020, 7:38 AM
To: users@tomcat.apache.org 
mailto:users@tomcat.apache.org>>
Subject: Re: [ANN] Apache Tomcat 9.0.31 available

On 13/02/2020 12:42, jonmcalexan...@wellsfargo.com.INVALID wrote:



> Can you still use a shared secret, if desired, while “
> You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
> of listening on any address
> “

>Yes.

>Use (or not) of a secret is independent of the listening address.

>Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


Thanks!

Re: Potential bug in StandardSession and DeltaSession

2020-02-13 Thread Klein, Carsten 

Hi,

forget about the potential bug. Sorry for taking your time. Seems like 
that WriteAbortedException is thrown when reading object data 
occasionally. AFAIK I understand it, it's just like a container 
exception; the actual error is stored in the exception's cause. Uh... 
that's odd...


Carsten


Hi there,

Chris, thanks for your fast GIT introduction :) I took this as a 
(mental) starting point for developing the new 'persistAuthentication' 
option of the Managers (Standard and Persistent). Almost there... I will 
push this branch to my GitHub fork as soon as possible (tomorrow?). 
Maybe you (and also Mark) could have a look at it before I open a 
Bugzilla enhancement?


During that, I may have found a bug in both StandardSession and 
DeltaSession. In both classes, there is a doReadObject method, which 
loads the session from storage. When reading session attributes, the 
code expects de-serialization failures for attribute values. Although 
each class does this a bit differently, both classes do catch a 
WriteAbortedException and log/continue if that exception's getCause() 
returns an instance of NotSerializableException. For any other cause, 
the WriteAbortedException gets re-thrown.


AFAIK, those exceptions are never thrown when reading from an 
ObjectInputStream. Maybe that's a copy and paste bug? Method readObject 
should throw ClassNotFoundException and any subclass of 
ObjectStreamException except WriteAbortedException and 
NotSerializableException.


Carsten

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Mark Thomas 
On 13/02/2020 12:42, jonmcalexan...@wellsfargo.com.INVALID wrote:



> Can you still use a shared secret, if desired, while “
> You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
> of listening on any address
> “

Yes.

Use (or not) of a secret is independent of the listening address.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Potential bug in StandardSession and DeltaSession

2020-02-13 Thread Klein, Carsten 

Hi there,

Chris, thanks for your fast GIT introduction :) I took this as a 
(mental) starting point for developing the new 'persistAuthentication' 
option of the Managers (Standard and Persistent). Almost there... I will 
push this branch to my GitHub fork as soon as possible (tomorrow?). 
Maybe you (and also Mark) could have a look at it before I open a 
Bugzilla enhancement?


During that, I may have found a bug in both StandardSession and 
DeltaSession. In both classes, there is a doReadObject method, which 
loads the session from storage. When reading session attributes, the 
code expects de-serialization failures for attribute values. Although 
each class does this a bit differently, both classes do catch a 
WriteAbortedException and log/continue if that exception's getCause() 
returns an instance of NotSerializableException. For any other cause, 
the WriteAbortedException gets re-thrown.


AFAIK, those exceptions are never thrown when reading from an 
ObjectInputStream. Maybe that's a copy and paste bug? Method readObject 
should throw ClassNotFoundException and any subclass of 
ObjectStreamException except WriteAbortedException and 
NotSerializableException.


Carsten

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Error: Cannot start container [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]: Deployable [http://localhost:2990/cargocpc/index.html] failed to finish deploying with

2020-02-13 Thread calder 
On Thu, Feb 13, 2020, 05:17  wrote:

> I am trying to run one new plugin of jira using tomcat. But tomcat is not
> getting started due to below error. Can you please let me know how this
> error can be resolved?
>
> I am using Apache Tomcat Version 8.5.35.
>
> Error is as below.
>
> [ERROR] Failed to execute goal
> com.atlassian.maven.plugins:amps-dispatcher-maven-plugin:8.0.2:run
> (default-cli) on project newplugin05: Cannot start container
> [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]:
> Deployable [http://localhost:2990/cargocpc/index.html] failed to finish
> deploying within the timeout period [60]. The Deployable state is thus
> unknown. -> [Help 1
>
(Crosspost removed).


This is not a Tomcat issue, ie, this particular error could be seen on any
other app server.

The issue is with AMPS starting other processes - something *else* is
causing the slow startup (which is 600,000 millis here), thus the Atlassian
SDK (AMPS) cannot fully complete startup.

Check the other Atlassian related servers to see if there are any CPU
intensive tasks running which would throttle startup.

RE: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread jonmcalexander 

From: Mark Thomas mailto:ma...@apache.org>>
Date: Thursday, Feb 13, 2020, 5:41 AM
To: users@tomcat.apache.org 
mailto:users@tomcat.apache.org>>
Subject: Re: [ANN] Apache Tomcat 9.0.31 available

On 13/02/2020 09:57, Olivier Jaquemet wrote:
> On 13/02/2020 10:32, Rémy Maucherat wrote:
>> On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
>>> On 13/02/2020 01:02, Stefan Mayr wrote:
> - AJP defaults changed to listen the loopback address, require a
> secret
> and to be disabled in the sample server.xml
 [snip]
>>> Am I correct ? Why such a change ? Why no bugzilla issue for proper
>>> tracking and context ?
>>> What are your recommendations regarding AJP connector configuration ?
>> It is obviously best to keep default configurations as stable as
>> possible.
>> But sometimes things have to change ... As a result, you'll indeed
>> need to
>> adjust your server.xml according to your deployment and AJP usage.
>
> Thank you Rémy for taking the time to answer.
>
> I understand the need to introduce a "secured by default" AJP
> configuration.
> However, I question one choice that was made for this change : the
> default behavior of the AJP connector to listen only on the loopback
> address.
>
> This is the change which is, to me, the most questionable one. Because
> to my understanding, any architecture in which a remote Apache HTTPD is
> being used will require a *specific IP address of the current host* to
> be specified in the address attribute of the AJP connector. A specific
> IP address means that the server.xml is no longer agnostic to the
> platfom it is being hosted on. Prior to this, a server.xml file could be
> configured in such way that it would never contain any hard coded value
> related to the current host. With this change it is no longer possible.
> (unless I'm missing something). For large deployment configuration, this
> does seems a bit problematic.
> Do you understand my concern ? Is there any way to address this ?

>You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
of listening on any address.

>Mark

>
> (The secret attribute is less of a problem, because as stated in the
> documentation there is an alternative : secretRequired can be set fo
> false "when the Connector is used on a trusted network".)
>
> Make that such a breaking change in a minor maintenance update is quite
> touchy. I have never seen such drastic change in my usage history of
> Tomcat.
>
> Olivier
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Can you still use a shared secret, if desired, while “
You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
of listening on any address
“

Sent with IPhone@Work
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Mark Thomas 
On 13/02/2020 12:04, Olivier Jaquemet wrote:
> 
> On 13/02/2020 12:41, Mark Thomas wrote:
>> On 13/02/2020 09:57, Olivier Jaquemet wrote:
>>> I understand the need to introduce a "secured by default" AJP
>>> configuration.
>>> However, I question one choice that was made for this change : the
>>> default behavior of the AJP connector to listen only on the loopback
>>> address.
>>>
>>> [...]
>> You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
>> of listening on any address.
>>
>> Mark
> 
> Thank you Mark. This should address this use case.
> 
> Would you consider adding this binding information to the documentation
> (in the documentation of the address attribute) ?

The migration guide might be a better place for that sort of thing. Care
to suggest a suitable change to this section:

http://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_noteable_changes

(we can copy the text to the equivalent sections for 8.5.x and 7.0.x)?


> To sum up :
> When migrating to Tomcat 8.5.51, 9.0.31 (and probably the next 7.0.x as
> I saw you had also backported this change to the 7.0.x branch),

Correct.

> if your server architecture is to expose tomcat with an AJP connector,
> to a remote distant front server, you can :
> 
> either, *secure your installation* (obviously the recommended way on
> untrusted network) :
> 
> - by specifying the valid IP address on which the connector must bind;
> This is done with address attribute of the AJP connector.
> 
> - by specifying a shared secret between the front server and the
> connector ; This is done with the secret attribute of the AJP connector
> 
> 
> or else, if you want your server.xml to be agnostic to the running host
> and remote front server, change your configuration back to the previous
> behavior, *BUT ONLY IF AND ONLY IF you are on trusted network* :
> 
> - by removing explicit bind of AJP connector, by specifying "0.0.0.0"
> (IPv4) or "::" (IPv6) in the address attribute of the AJP connector
> 
> - by removing need for shared secret between front and tomcat ; This is
> done with the secretRequired="false" attribute of the AJP connector.

Correct. Nice summary.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Rémy Maucherat 
On Thu, Feb 13, 2020 at 1:04 PM Olivier Jaquemet <
olivier.jaque...@jalios.com> wrote:

>
> On 13/02/2020 12:41, Mark Thomas wrote:
> > On 13/02/2020 09:57, Olivier Jaquemet wrote:
> >> I understand the need to introduce a "secured by default" AJP
> >> configuration.
> >> However, I question one choice that was made for this change : the
> >> default behavior of the AJP connector to listen only on the loopback
> >> address.
> >>
> >> [...]
> > You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
> > of listening on any address.
> >
> > Mark
>
> Thank you Mark. This should address this use case.
>
> Would you consider adding this binding information to the documentation
> (in the documentation of the address attribute) ?
>

I would say no. These special address values are not specific to Tomcat,
it's like documenting 127.0.0.1 is the IPv4 loopback address [I guess it's
more well known ? hopefully ?].
The address specified on the Connector element goes through
InetAddress.getByName so it's very flexible, it allows more than simple IP
addresses.

Rémy


>
>
> To sum up :
> When migrating to Tomcat 8.5.51, 9.0.31 (and probably the next 7.0.x as
> I saw you had also backported this change to the 7.0.x branch),
> if your server architecture is to expose tomcat with an AJP connector,
> to a remote distant front server, you can :
>
> either, *secure your installation* (obviously the recommended way on
> untrusted network) :
>
> - by specifying the valid IP address on which the connector must bind;
> This is done with address attribute of the AJP connector.
>
> - by specifying a shared secret between the front server and the
> connector ; This is done with the secret attribute of the AJP connector
>
>
> or else, if you want your server.xml to be agnostic to the running host
> and remote front server, change your configuration back to the previous
> behavior, *BUT ONLY IF AND ONLY IF you are on trusted network* :
>
> - by removing explicit bind of AJP connector, by specifying "0.0.0.0"
> (IPv4) or "::" (IPv6) in the address attribute of the AJP connector
>
> - by removing need for shared secret between front and tomcat ; This is
> done with the secretRequired="false" attribute of the AJP connector.
>
> Olivier
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Olivier Jaquemet 



On 13/02/2020 12:41, Mark Thomas wrote:

On 13/02/2020 09:57, Olivier Jaquemet wrote:

I understand the need to introduce a "secured by default" AJP
configuration.
However, I question one choice that was made for this change : the
default behavior of the AJP connector to listen only on the loopback
address.

[...]

You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
of listening on any address.

Mark


Thank you Mark. This should address this use case.

Would you consider adding this binding information to the documentation 
(in the documentation of the address attribute) ?



To sum up :
When migrating to Tomcat 8.5.51, 9.0.31 (and probably the next 7.0.x as 
I saw you had also backported this change to the 7.0.x branch),
if your server architecture is to expose tomcat with an AJP connector, 
to a remote distant front server, you can :


either, *secure your installation* (obviously the recommended way on 
untrusted network) :


- by specifying the valid IP address on which the connector must bind; 
This is done with address attribute of the AJP connector.


- by specifying a shared secret between the front server and the 
connector ; This is done with the secret attribute of the AJP connector



or else, if you want your server.xml to be agnostic to the running host 
and remote front server, change your configuration back to the previous 
behavior, *BUT ONLY IF AND ONLY IF you are on trusted network* :


- by removing explicit bind of AJP connector, by specifying "0.0.0.0" 
(IPv4) or "::" (IPv6) in the address attribute of the AJP connector


- by removing need for shared secret between front and tomcat ; This is 
done with the secretRequired="false" attribute of the AJP connector.


Olivier

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Error: Cannot start container [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]: Deployable [http://localhost:2990/cargocpc/index.html] failed to finish deploying with

2020-02-13 Thread Prasanna.Mahapure 
Hi Mark,

Thanks for your reply.

Jira is properly installed and does not have any issue. Error is only coming 
when running it with tomcat. This issue is specific when deploying application 
using Tomcat. Kindly let me know how this issue can be resolved.

Regards,
Prasanna

-Original Message-
From: Mark Thomas 
Sent: Thursday, February 13, 2020 5:07 PM
To: users@tomcat.apache.org
Subject: Re: Error: Cannot start container 
[org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]: 
Deployable [http://localhost:2990/cargocpc/index.html] failed to finish 
deploying within the timeout period [60].

[External]


Please do not cross-post to multiple lists.

Usage questions belong on the users list.

In this instance, since your issue is with Atlassian Jira, you'll need to 
contact Atlassian support.

Mark


On 13/02/2020 11:17, prasanna.mahap...@cognizant.com wrote:
> Dear Team,
>
> I am trying to run one new plugin of jira using tomcat. But tomcat is not 
> getting started due to below error. Can you please let me know how this error 
> can be resolved?
> If this is not the correct email id for this kind of help, then please route 
> me to the correct email id or support team.
>
> I am using Apache Tomcat Version 8.5.35.
>
> Error is as below.
> [ERROR] Failed to execute goal
> com.atlassian.maven.plugins:amps-dispatcher-maven-plugin:8.0.2:run
> (default-cli) on project newplugin05: Cannot start container
> [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6
> abca7a6]: Deployable [http://localhost:2990/cargocpc/index.html]
> failed to finish deploying within the timeout period [60]. The
> Deployable state is thus unknown. -> [Help 1]
>
> Thank in advance for your help.
>
> Best Regards,
> Prasanna Mahapure
> This e-mail and any files transmitted with it are for the sole use of the 
> intended recipient(s) and may contain confidential and privileged 
> information. If you are not the intended recipient(s), please reply to the 
> sender and destroy all copies of the original message. Any unauthorized 
> review, use, disclosure, dissemination, forwarding, printing or copying of 
> this email, and/or any action taken in reliance on the contents of this 
> e-mail is strictly prohibited and may be unlawful. Where permitted by 
> applicable law, this e-mail and other e-mail communications sent to and from 
> Cognizant e-mail addresses may be monitored. This e-mail and any files 
> transmitted with it are for the sole use of the intended recipient(s) and may 
> contain confidential and privileged information. If you are not the intended 
> recipient(s), please reply to the sender and destroy all copies of the 
> original message. Any unauthorized review, use, disclosure, dissemination, 
> forwarding, printing or copying of this email, and/or any action taken in 
> reliance on the contents of this e-mail is strictly prohibited and may be 
> unlawful. Where permitted by applicable law, this e-mail and other e-mail 
> communications sent to and from Cognizant e-mail addresses may be monitored.
>

B‹CB•È[œÝXœØÜšX™KK[XZ[
ˆ]‹][œÝXœØÜšX™PÛXØ] ˜\XÚK›Ü™ÃB‘›ÜˆY][Û˜[ÛÛ[X[™ËK[XZ[
ˆ]‹Z[ÛXØ] ˜\XÚK›Ü™ÃBƒB
This e-mail and any files transmitted with it are for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
If you are not the intended recipient(s), please reply to the sender and 
destroy all copies of the original message. Any unauthorized review, use, 
disclosure, dissemination, forwarding, printing or copying of this email, 
and/or any action taken in reliance on the contents of this e-mail is strictly 
prohibited and may be unlawful. Where permitted by applicable law, this e-mail 
and other e-mail communications sent to and from Cognizant e-mail addresses may 
be monitored.
This e-mail and any files transmitted with it are for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
If you are not the intended recipient(s), please reply to the sender and 
destroy all copies of the original message. Any unauthorized review, use, 
disclosure, dissemination, forwarding, printing or copying of this email, 
and/or any action taken in reliance on the contents of this e-mail is strictly 
prohibited and may be unlawful. Where permitted by applicable law, this e-mail 
and other e-mail communications sent to and from Cognizant e-mail addresses may 
be monitored.

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Mark Thomas 
On 13/02/2020 09:57, Olivier Jaquemet wrote:
> On 13/02/2020 10:32, Rémy Maucherat wrote:
>> On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
>>> On 13/02/2020 01:02, Stefan Mayr wrote:
> - AJP defaults changed to listen the loopback address, require a
> secret
>     and to be disabled in the sample server.xml
 [snip]
>>> Am I correct ? Why such a change ? Why no bugzilla issue for proper
>>> tracking and context ?
>>> What are your recommendations regarding AJP connector configuration ?
>> It is obviously best to keep default configurations as stable as
>> possible.
>> But sometimes things have to change ... As a result, you'll indeed
>> need to
>> adjust your server.xml according to your deployment and AJP usage.
> 
> Thank you Rémy for taking the time to answer.
> 
> I understand the need to introduce a "secured by default" AJP
> configuration.
> However, I question one choice that was made for this change : the
> default behavior of the AJP connector to listen only on the loopback
> address.
> 
> This is the change which is, to me, the most questionable one. Because
> to my understanding, any architecture in which a remote Apache HTTPD is
> being used will require a *specific IP address of the current host* to
> be specified in the address attribute of the AJP connector. A specific
> IP address means that the server.xml is no longer agnostic to the
> platfom it is being hosted on. Prior to this, a server.xml file could be
> configured in such way that it would never contain any hard coded value
> related to the current host. With this change it is no longer possible.
> (unless I'm missing something). For large deployment configuration, this
> does seems a bit problematic.
> Do you understand my concern ? Is there any way to address this ?

You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
of listening on any address.

Mark

> 
> (The secret attribute is less of a problem, because as stated in the
> documentation there is an alternative : secretRequired can be set fo
> false "when the Connector is used on a trusted network".)
> 
> Make that such a breaking change in a minor maintenance update is quite
> touchy. I have never seen such drastic change in my usage history of
> Tomcat.
> 
> Olivier
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Error: Cannot start container [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]: Deployable [http://localhost:2990/cargocpc/index.html] failed to finish deploying with

2020-02-13 Thread Mark Thomas 
Please do not cross-post to multiple lists.

Usage questions belong on the users list.

In this instance, since your issue is with Atlassian Jira, you'll need
to contact Atlassian support.

Mark


On 13/02/2020 11:17, prasanna.mahap...@cognizant.com wrote:
> Dear Team,
> 
> I am trying to run one new plugin of jira using tomcat. But tomcat is not 
> getting started due to below error. Can you please let me know how this error 
> can be resolved?
> If this is not the correct email id for this kind of help, then please route 
> me to the correct email id or support team.
> 
> I am using Apache Tomcat Version 8.5.35.
> 
> Error is as below.
> [ERROR] Failed to execute goal 
> com.atlassian.maven.plugins:amps-dispatcher-maven-plugin:8.0.2:run 
> (default-cli) on project newplugin05: Cannot start container 
> [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]:
>  Deployable [http://localhost:2990/cargocpc/index.html] failed to finish 
> deploying within the timeout period [60]. The Deployable state is thus 
> unknown. -> [Help 1]
> 
> Thank in advance for your help.
> 
> Best Regards,
> Prasanna Mahapure
> This e-mail and any files transmitted with it are for the sole use of the 
> intended recipient(s) and may contain confidential and privileged 
> information. If you are not the intended recipient(s), please reply to the 
> sender and destroy all copies of the original message. Any unauthorized 
> review, use, disclosure, dissemination, forwarding, printing or copying of 
> this email, and/or any action taken in reliance on the contents of this 
> e-mail is strictly prohibited and may be unlawful. Where permitted by 
> applicable law, this e-mail and other e-mail communications sent to and from 
> Cognizant e-mail addresses may be monitored. This e-mail and any files 
> transmitted with it are for the sole use of the intended recipient(s) and may 
> contain confidential and privileged information. If you are not the intended 
> recipient(s), please reply to the sender and destroy all copies of the 
> original message. Any unauthorized review, use, disclosure, dissemination, 
> forwarding, printing or copying of this email, and/or any action taken in 
> reliance on the contents of this e-mail is strictly prohibited and may be 
> unlawful. Where permitted by applicable law, this e-mail and other e-mail 
> communications sent to and from Cognizant e-mail addresses may be monitored.
>

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread tomcat/perl 



On 13.02.2020 11:05, logo wrote:



Am 2020-02-13 10:57, schrieb Olivier Jaquemet:

On 13/02/2020 10:32, Rémy Maucherat wrote:

On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:

On 13/02/2020 01:02, Stefan Mayr wrote:

- AJP defaults changed to listen the loopback address, require a secret
    and to be disabled in the sample server.xml

[snip]

Am I correct ? Why such a change ? Why no bugzilla issue for proper
tracking and context ?
What are your recommendations regarding AJP connector configuration ?

It is obviously best to keep default configurations as stable as possible.
But sometimes things have to change ... As a result, you'll indeed need to
adjust your server.xml according to your deployment and AJP usage.


Thank you Rémy for taking the time to answer.

I understand the need to introduce a "secured by default" AJP configuration.
However, I question one choice that was made for this change : the
default behavior of the AJP connector to listen only on the loopback
address.



+1


This is the change which is, to me, the most questionable one. Because
to my understanding, any architecture in which a remote Apache HTTPD
is being used will require a *specific IP address of the current host*
to be specified in the address attribute of the AJP connector. A
specific IP address means that the server.xml is no longer agnostic to
the platfom it is being hosted on. Prior to this, a server.xml file
could be configured in such way that it would never contain any hard
coded value related to the current host. With this change it is no
longer possible. (unless I'm missing something). For large deployment
configuration, this does seems a bit problematic.
Do you understand my concern ? Is there any way to address this ?


That's really difficult. Specifically in container environments where the container is 
started dynamically and the ip address shifts frequently. Access is done through dns or 
labels.




(The secret attribute is less of a problem, because as stated in the
documentation there is an alternative : secretRequired can be set fo
false "when the Connector is used on a trusted network".)

Make that such a breaking change in a minor maintenance update is
quite touchy. I have never seen such drastic change in my usage
history of Tomcat.



For info, there is also another thread entitled "Re: Tomcat 8.5.51 fails", which seems 
relevant to this discussion.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.51 fails

2020-02-13 Thread tomcat/perl 

On 13.02.2020 10:36, kohm...@iris.eonet.ne.jp wrote:

On 2020/02/13 18:25, André Warnier (tomcat/perl) wrote:

Check in the file (tomcat_dir)/conf/server.xml, the Connector :

     


The setting is the same as mine.

I have use server.xml used in 8.5.50. In case of 8.5.50, I have no problem.

Please notice, I have been using Tomcat for 5 years with updates.
Why this time?



Yes, you are right, and I am sorry for my previous short answer.
(I thought that you were a "newbie" installing tomcat 8.5 for the firdst time, and that 
you had just not configured the Connector correctly.)


But Remy's answer, and the other thread "Re: [ANN] Apache Tomcat 9.0.31 available" seems 
to indicate that this was due to a *change* in behaviour between 8.5.50 and 8.5.51.


In any case, it seems that for now, you will have to modify the AJP Connector 
configuration in server.xml, to make it work with 8.5.51 and above, and add an explicit


secretRequired="false"

attribute.  And maybe also an explicit listening address..

It looks like these changes are documented here :
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html
--> Coyote


Update:  Disable (comment out in server.xml) the AJP/1.3 connector by default. 
(markt)
Update:  Change the default bind address for the AJP/1.3 connector to be the loopback 
address. (markt)
Add:  Rename the requiredSecret attribute of the AJP/1.3 Connector to secret and add a new 
attribute secretRequired that defaults to true. When secretRequired is true the AJP/1.3 
Connector will not start unless the secret attribute is configured to a non-null, non-zero 
length String. (markt)


I think that the first change above is ok, because it only affects the distribution of 
newly-downloaded server.xml files.


But the other two also impact existing installations just being updated, and in a way that 
is not very clearly indicated in the on-line documentation. That looks a bit more iffy..



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Error: Cannot start container [org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]: Deployable [http://localhost:2990/cargocpc/index.html] failed to finish deploying within t

2020-02-13 Thread Prasanna.Mahapure 
Dear Team,

I am trying to run one new plugin of jira using tomcat. But tomcat is not 
getting started due to below error. Can you please let me know how this error 
can be resolved?
If this is not the correct email id for this kind of help, then please route me 
to the correct email id or support team.

I am using Apache Tomcat Version 8.5.35.

Error is as below.
[ERROR] Failed to execute goal 
com.atlassian.maven.plugins:amps-dispatcher-maven-plugin:8.0.2:run 
(default-cli) on project newplugin05: Cannot start container 
[org.codehaus.cargo.container.tomcat.Tomcat8xInstalledLocalContainer@6abca7a6]: 
Deployable [http://localhost:2990/cargocpc/index.html] failed to finish 
deploying within the timeout period [60]. The Deployable state is thus 
unknown. -> [Help 1]

Thank in advance for your help.

Best Regards,
Prasanna Mahapure
This e-mail and any files transmitted with it are for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
If you are not the intended recipient(s), please reply to the sender and 
destroy all copies of the original message. Any unauthorized review, use, 
disclosure, dissemination, forwarding, printing or copying of this email, 
and/or any action taken in reliance on the contents of this e-mail is strictly 
prohibited and may be unlawful. Where permitted by applicable law, this e-mail 
and other e-mail communications sent to and from Cognizant e-mail addresses may 
be monitored. This e-mail and any files transmitted with it are for the sole 
use of the intended recipient(s) and may contain confidential and privileged 
information. If you are not the intended recipient(s), please reply to the 
sender and destroy all copies of the original message. Any unauthorized review, 
use, disclosure, dissemination, forwarding, printing or copying of this email, 
and/or any action taken in reliance on the contents of this e-mail is strictly 
prohibited and may be unlawful. Where permitted by applicable law, this e-mail 
and other e-mail communications sent to and from Cognizant e-mail addresses may 
be monitored.

Re: Tomcat 8.5.51 fails

2020-02-13 Thread Olaf Kock 

On 13.02.20 11:17, Olaf Kock wrote:
> On 13.02.20 10:36, kohm...@iris.eonet.ne.jp wrote:
>> On 2020/02/13 18:25, André Warnier (tomcat/perl) wrote:
>>> Check in the file (tomcat_dir)/conf/server.xml, the Connector :
>>>
>>>      
>> The setting is the same as mine.
>>
>> I have use server.xml used in 8.5.50. In case of 8.5.50, I have no
>> problem.
>>
>> Please notice, I have been using Tomcat for 5 years with updates.
>> Why this time?
>
> Because this time, security relevant defaults changed: See these recent
> commits on the git mirror:
>
> https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75#diff-8dc0090e11bd1ca2caa389bb79d52262
>
> https://github.com/apache/tomcat/commit/2becbfd3228942a18b663ca715ee9c9b80743120#diff-8dc0090e11bd1ca2caa389bb79d52262

Or, even better digestible (I hit 'send' too early):

Mark's announcement of the availability contained:

> - AJP defaults changed to listen the loopback address, require a
secret and to be disabled in the sample server.xml

And the changelog on
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html for 8.5.51
contains this information on AJP:

  * Update: Disable (comment out in server.xml) the AJP/1.3 connector by
default. (markt)
  * Update: Change the default bind address for the AJP/1.3 connector to
be the loopback address. (markt)
  * Add: Rename the |requiredSecret| attribute of the AJP/1.3 Connector
to |secret| and add a new attribute |secretRequired| that defaults
to |true|. When |secretRequired| is |true| the AJP/1.3 Connector
will not start unless the |secret| attribute is configured to a
non-null, non-zero length String. (markt)
  * Add: Add a new attribute, |allowedRequestAttributesPattern| to the
AJP/1.3 Connector. Requests with unrecognised attributes will be
blocked with a 403. (markt)

There's also a discussion on the "Re: [ANN] Apache Tomcat 9.0.31
available" thread on this changed default that might give you some
background.

I hope, this helps,

Olaf

Re: Tomcat 8.5.51 fails

2020-02-13 Thread Olaf Kock 


On 13.02.20 10:36, kohm...@iris.eonet.ne.jp wrote:
> On 2020/02/13 18:25, André Warnier (tomcat/perl) wrote:
>> Check in the file (tomcat_dir)/conf/server.xml, the Connector :
>>
>>      
>
> The setting is the same as mine.
>
> I have use server.xml used in 8.5.50. In case of 8.5.50, I have no
> problem.
>
> Please notice, I have been using Tomcat for 5 years with updates.
> Why this time?


Because this time, security relevant defaults changed: See these recent
commits on the git mirror:

https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75#diff-8dc0090e11bd1ca2caa389bb79d52262

https://github.com/apache/tomcat/commit/2becbfd3228942a18b663ca715ee9c9b80743120#diff-8dc0090e11bd1ca2caa389bb79d52262




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread logo 




Am 2020-02-13 10:57, schrieb Olivier Jaquemet:

On 13/02/2020 10:32, Rémy Maucherat wrote:

On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:

On 13/02/2020 01:02, Stefan Mayr wrote:
- AJP defaults changed to listen the loopback address, require a 
secret

and to be disabled in the sample server.xml

[snip]

Am I correct ? Why such a change ? Why no bugzilla issue for proper
tracking and context ?
What are your recommendations regarding AJP connector configuration ?
It is obviously best to keep default configurations as stable as 
possible.
But sometimes things have to change ... As a result, you'll indeed 
need to

adjust your server.xml according to your deployment and AJP usage.


Thank you Rémy for taking the time to answer.

I understand the need to introduce a "secured by default" AJP 
configuration.

However, I question one choice that was made for this change : the
default behavior of the AJP connector to listen only on the loopback
address.



+1


This is the change which is, to me, the most questionable one. Because
to my understanding, any architecture in which a remote Apache HTTPD
is being used will require a *specific IP address of the current host*
to be specified in the address attribute of the AJP connector. A
specific IP address means that the server.xml is no longer agnostic to
the platfom it is being hosted on. Prior to this, a server.xml file
could be configured in such way that it would never contain any hard
coded value related to the current host. With this change it is no
longer possible. (unless I'm missing something). For large deployment
configuration, this does seems a bit problematic.
Do you understand my concern ? Is there any way to address this ?


That's really difficult. Specifically in container environments where 
the container is started dynamically and the ip address shifts 
frequently. Access is done through dns or labels.




(The secret attribute is less of a problem, because as stated in the
documentation there is an alternative : secretRequired can be set fo
false "when the Connector is used on a trusted network".)

Make that such a breaking change in a minor maintenance update is
quite touchy. I have never seen such drastic change in my usage
history of Tomcat.

Olivier

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Olivier Jaquemet 

On 13/02/2020 10:32, Rémy Maucherat wrote:

On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:

On 13/02/2020 01:02, Stefan Mayr wrote:

- AJP defaults changed to listen the loopback address, require a secret
and to be disabled in the sample server.xml

[snip]

Am I correct ? Why such a change ? Why no bugzilla issue for proper
tracking and context ?
What are your recommendations regarding AJP connector configuration ?

It is obviously best to keep default configurations as stable as possible.
But sometimes things have to change ... As a result, you'll indeed need to
adjust your server.xml according to your deployment and AJP usage.


Thank you Rémy for taking the time to answer.

I understand the need to introduce a "secured by default" AJP 
configuration.
However, I question one choice that was made for this change : the 
default behavior of the AJP connector to listen only on the loopback 
address.


This is the change which is, to me, the most questionable one. Because 
to my understanding, any architecture in which a remote Apache HTTPD is 
being used will require a *specific IP address of the current host* to 
be specified in the address attribute of the AJP connector. A specific 
IP address means that the server.xml is no longer agnostic to the 
platfom it is being hosted on. Prior to this, a server.xml file could be 
configured in such way that it would never contain any hard coded value 
related to the current host. With this change it is no longer possible. 
(unless I'm missing something). For large deployment configuration, this 
does seems a bit problematic.

Do you understand my concern ? Is there any way to address this ?

(The secret attribute is less of a problem, because as stated in the 
documentation there is an alternative : secretRequired can be set fo 
false "when the Connector is used on a trusted network".)


Make that such a breaking change in a minor maintenance update is quite 
touchy. I have never seen such drastic change in my usage history of Tomcat.


Olivier

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread kohm...@iris.eonet.ne.jp 

On 2020/02/13 18:32, Rémy Maucherat wrote:

It is obviously best to keep default configurations as stable as possible.
But sometimes things have to change ... As a result, you'll indeed need to
adjust your server.xml according to your deployment and AJP usage.

The documentation for the new attributes and updated defaults is here:
http://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Standard_Implementations


Thank you for your advice.
Your advice seems to relate to 9.0 though, could this advice be true 
rative to 8.5?


Thank you.

Yours truly,
Kazuhiko Kohmoto

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.51 fails

2020-02-13 Thread kohm...@iris.eonet.ne.jp 

On 2020/02/13 18:22, Rémy Maucherat wrote:

need to adjust your server.xml to that


I think this time problem seems not due to server.xml.
The server.xml works well with 8.5.50.

Thank you.

Yours truly,
Kazuhiko Kohmoto

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.51 fails

2020-02-13 Thread kohm...@iris.eonet.ne.jp 

On 2020/02/13 18:25, André Warnier (tomcat/perl) wrote:

Check in the file (tomcat_dir)/conf/server.xml, the Connector :

     


The setting is the same as mine.

I have use server.xml used in 8.5.50. In case of 8.5.50, I have no 
problem.


Please notice, I have been using Tomcat for 5 years with updates.
Why this time?

Thank you.


Yours truly,
Kazuhiko Kohmoto

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Rémy Maucherat 
On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet <
olivier.jaque...@jalios.com> wrote:

> On 13/02/2020 01:02, Stefan Mayr wrote:
> > Hi,
> >
> >> - AJP defaults changed to listen the loopback address, require a secret
> >>and to be disabled in the sample server.xml
> > What was the motivation behind this breaking change to require a secret
> > or to explitly disable it? What makes an open AJP connector more unsafe
> > than an open HTTP connector?
> >
> > We have hundreds of Tomcats behind Apache httpd with mod_jk. My
> > interpretation is that upgrading Tomcat 8.5 or 9.0 will break that setup
> > until we disable the secret in all of them (or add a secret in mod_jk
> > and Tomcat).
> > I would understand that for a new major version 10.x but not in the
> > lifecycle of an existing major version.
>
> Hi,
>
> I second those questions.
>
> We also have many tomcat instances behind Apache HTTPD, most of them are
> not the same server.
> It is my understanding that the new default listening behavior on the
> loopback address would break our installation, as the AJP connector
> would no longer be reachable to our remote Apache HTTP server. It would
> requires that we update all our tomcat's server.xml configuration to
> explicitely listen to an additional address by specifying the "address"
> attribute of the AJP connector.
> Am I correct ? Why such a change ? Why no bugzilla issue for proper
> tracking and context ?
> What are your recommendations regarding AJP connector configuration ?
>

It is obviously best to keep default configurations as stable as possible.
But sometimes things have to change ... As a result, you'll indeed need to
adjust your server.xml according to your deployment and AJP usage.

The documentation for the new attributes and updated defaults is here:
http://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Standard_Implementations

Rémy

Re: Tomcat 8.5.51 fails

2020-02-13 Thread tomcat/perl 

On 13.02.2020 10:13, kohmoto wrote:

Hi,

I have install Tomcat 8.5.51 today and found something wrong.

I have been using tomcat for last 5 years and never met this kind of problem.

It would be appreciated if I could be advised.

Thank you.

System:
CentOS 7.7.1908
httpd 2.4.41 (community version)
   httpd.conf:
     (LoadModule proxy_ajp_module lib64/httpd/modules/mod_proxy_ajp.so)
   httpd-proxy.conf:
     
   ProxyPass ajp://localhost:8009/manager/
     
tomcat 8.5.*

error log---
13-Feb-2020 17:13:12.523 重大 [main] 
org.apache.catalina.core.StandardService.startInternal Failed to start connector 
[Connector[AJP/1.3-8009]]
     org.apache.catalina.LifecycleException: プロトコルハンドラの起動に失敗しました ( 
'fail to start protocolhandler' in English )
     at 
org.apache.catalina.connector.Connector.startInternal(Connector.java:1057)

     at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
     at 
org.apache.catalina.core.StandardService.startInternal(StandardService.java:440)

     at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
     at 
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:766)

     at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
     at 
org.apache.catalina.startup.Catalina.start(Catalina.java:688)
     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)
     at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 

     at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 


     at java.base/java.lang.reflect.Method.invoke(Method.java:567)
     at 
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
     at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)
     Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured 
with secretRequired="true" but the secret attribute is either null or "". This combination 
is not valid.
     at 
org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:274)
     at 
org.apache.catalina.connector.Connector.startInternal(Connector.java:1055)

     ... 12 more



Hi.
The log message above :

Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured 
with secretRequired="true" but the secret attribute is either null or "". This combination 
is not valid.


seems pretty clear.

Check in the file (tomcat_dir)/conf/server.xml, the Connector :



and the associated on-line documentation :

http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html

search for "secretRequired".


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.51 fails

2020-02-13 Thread Rémy Maucherat 
On Thu, Feb 13, 2020 at 10:13 AM kohmoto  wrote:

> Hi,
>
> I have install Tomcat 8.5.51 today and found something wrong.
>
> I have been using tomcat for last 5 years and never met this
> kind of problem.
>
> It would be appreciated if I could be advised.
>

Ok, so ...


>  Caused by: java.lang.IllegalArgumentException: The
> AJP Connector is configured with secretRequired="true" but
> the secret attribute is either null or "". This combination
> is not valid.
>
> The error message gives the explanation. The AJP defaults changed so you
need to adjust your server.xml to that.

Rémy

Tomcat 8.5.51 fails

2020-02-13 Thread kohmoto 

Hi,

I have install Tomcat 8.5.51 today and found something wrong.

I have been using tomcat for last 5 years and never met this 
kind of problem.


It would be appreciated if I could be advised.

Thank you.

System:
CentOS 7.7.1908
httpd 2.4.41 (community version)
  httpd.conf:
    (LoadModule proxy_ajp_module 
lib64/httpd/modules/mod_proxy_ajp.so)

  httpd-proxy.conf:
    
  ProxyPass ajp://localhost:8009/manager/
    
tomcat 8.5.*

error log---
13-Feb-2020 17:13:12.523 重大 [main] 
org.apache.catalina.core.StandardService.startInternal 
Failed to start connector [Connector[AJP/1.3-8009]]
    org.apache.catalina.LifecycleException: 
プロトコルハンドラの起動に失敗しました ( 'fail to start 
protocolhandler' in English )
    at 
org.apache.catalina.connector.Connector.startInternal(Connector.java:1057)
    at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
    at 
org.apache.catalina.core.StandardService.startInternal(StandardService.java:440)
    at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
    at 
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:766)
    at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
    at 
org.apache.catalina.startup.Catalina.start(Catalina.java:688)
    at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)
    at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at 
java.base/java.lang.reflect.Method.invoke(Method.java:567)
    at 
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
    at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)
    Caused by: java.lang.IllegalArgumentException: The 
AJP Connector is configured with secretRequired="true" but 
the secret attribute is either null or "". This combination 
is not valid.
    at 
org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:274)
    at 
org.apache.catalina.connector.Connector.startInternal(Connector.java:1055)

    ... 12 more

Yours truly,
Kazuhiko Kohmoto



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.31 available

2020-02-13 Thread Olivier Jaquemet 

On 13/02/2020 01:02, Stefan Mayr wrote:

Hi,


- AJP defaults changed to listen the loopback address, require a secret
   and to be disabled in the sample server.xml

What was the motivation behind this breaking change to require a secret
or to explitly disable it? What makes an open AJP connector more unsafe
than an open HTTP connector?

We have hundreds of Tomcats behind Apache httpd with mod_jk. My
interpretation is that upgrading Tomcat 8.5 or 9.0 will break that setup
until we disable the secret in all of them (or add a secret in mod_jk
and Tomcat).
I would understand that for a new major version 10.x but not in the
lifecycle of an existing major version.


Hi,

I second those questions.

We also have many tomcat instances behind Apache HTTPD, most of them are 
not the same server.
It is my understanding that the new default listening behavior on the 
loopback address would break our installation, as the AJP connector 
would no longer be reachable to our remote Apache HTTP server. It would 
requires that we update all our tomcat's server.xml configuration to 
explicitely listen to an additional address by specifying the "address" 
attribute of the AJP connector.
Am I correct ? Why such a change ? Why no bugzilla issue for proper 
tracking and context ?

What are your recommendations regarding AJP connector configuration ?

Olivier

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: JVM job for Tomcat taking lots and lots of CPU

2020-02-13 Thread Jäkel , Guido 
Dear James, Dear others,

I just get notice of this long thread. Sorry, if already give this suggestion. 
But James: If it's possible, you may use (J)VisualVM with the "VisualGC" Plugin 
to get some live impressions of "what's going on" with the heaps. To my 
experience this visual perceptions is much easy to comprehend as a long list of 
numbers.

If JMX is enabled to use remotely, you may even run the VisualVM-Tool on a 
different machine.

Maybe some JVM-Options like

-XX:+PrintGCDetails
-XX:+PrintGCApplicationStoppedTime
-XX:+PrintAdaptiveSizePolicy
-XX:+PrintTenuringDistribution
-XX:+PrintStringDeduplicationStatistics

may help you to let write down a log of GC activities.


with greetings

Guido 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org