Re: OpenId with apache and tomcat

2020-03-13 Thread tomcat/perl 

On 13.03.2020 17:53, Stephane Passignat wrote:

Hi,

Actually I have Apache2 operating as proxy and authenticate layer (HTTP
Form and HTTP Basic), in front of several Tomcat instances and webapps.
Apache pushes the userId to tomcat through AJP.
On tomcat side, the webapp has a Basic login-module in web.xml.

I'm quite satisfied of the result, authentication and authorization are
out of the application scope. The deployment and maintenance of
application is super easy. The sensitive maintenance of authentication
is made by a dedicated team...

I wish to improve that adding OpenId Authentication, keeping apache as
authentication layer with an openid connector, but the one I saw
doesn't seems to be used a lot and is not available as precompiled for
my os...


Actually, mod_auth_openidc (which I have not used myself), available from
(https://github.com/zmartzone/mod_auth_openidc)
at least on the face of it, seems to be fairly complete, well-documented (with examples), 
supported, and regularly worked on.


Considering your current architecture, and considering that OpenID itself (like anything 
to do with OAuth) is quite a nightmare in terms of readable and 
understandable-by-common-mortals documentation, I would think that you might save yourself 
a lot of time by trying it out.
It seems to have its own help forums too, which may help in terms of obtaining or creating 
the appropriate binaries.




I'm looking also at moving authentication at tomcat level with an
openid Realm. It's not ideal because of the large number of
applications are servers do impact and network configuration to change,


Exactly, see above.
I think that mod_auth_openidc would fit right in (and along) with your existing form and 
Basic authentication in Apache httpd. And you would not have to change anything at the 
Tomcat or applications level.


Just make sure to properly secure your AJP connections.
(see quite a few discussions on that topic in the last month, in the archives 
of this list)


...



Does someone have experience in this architecture ? Do you have some
recommendation for Apache Module or Tomcat Realm to use ?



Make sure that you know exactly what *version* of OpenID you need.
As far as I know, the current version is "OpenID Connect", and anything else is obsolete 
and even worse in terms of documentation.




Thanks
Stephane




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OpenId with apache and tomcat

2020-03-13 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Luis,

On 3/13/20 14:28, Luis Rodríguez Fernández wrote:
> Hello Stephane,
>
>> moving authentication at tomcat level with an openid Realm
>
> If I understand you correctly you want to make the authentication
> process in tomcat instead of delegating in your apache proxy, don't
> you ? I would have a look then at the tomcat keycloak adapter [1].
> Me I am using the SAML one in tomcat 8.5 & 9 and it works like a
> charm!

Unfortunately for the OP, your answer isn't helpful because OpenID
doesn't use SAML. Single-legged SAML is indeed very simple but you
can't achieve OpenID with it.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5r3B8ACgkQHPApP6U8
pFjREhAApEquPGQXiP662k7AFgVDuHKjgb4OWW/BHHh78jr3+TwnkgkJYuoJPXNH
SQmYHfpUyVXSGxMflxYnUk03u2oOY+TPZfpOzZHf8CV4zSwExCsuk9oq/ZGv32yX
GFtNIh/A7T5Bcn+NYrHs9y2Nxf4q0xZcS22R70ok1LxAC8wp6uwTGSDLnzAc+Y3z
PDewwQnOWh7jQnhQDZTJWhNhLQx8w0lK0cNkWtr/QoUQcxJEo7E9PFyEXsFZ9v9o
o2yTv1BclqDSP+SZyCkdbECWcPR1MLtKqaeTiJRZo5qQsMXeElR6xWcq+CbYZR1w
mSKqRCDrttB6hO8u66gVdTpei1a1KWO4Q7aVNp+KulwITk3hOcmGuEzf1d29e1z5
aEDRhqJ+BDTblQnUpGpRXfsuj9DzCkIS6tD5fiqfFJgcpuxz7+O55FrRt8qZ7Hip
fTD1Kifmx/H8lzHEeT9nIVv+ljYMuluwueVMRj1QORCuvzj65wZxjV2ZJYN/r+nm
m0xi5M/MIl328/bc9aBsoFnAARpRvFkyTjx5M+n4mbdKr2/pXQGCYiOpOuUxgq8O
43w16fef18fLptMQ0QxCxkBySU/1qV8Yc7ZgXGs280JEa8EeLg+74V1CW4wgoUVS
AhApnTPEwtUy2+hDBeIpETdIwlmUUF/3rQrVDUnEhxNapLvoWEc=
=YRnI
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Urgent help tomcat 9 and https 8443

2020-03-13 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Siva,

On 3/12/20 23:13, siva.saravanamu...@csl.com.au wrote:
> Below is the catalina.log output
>
> 12-Mar-2020 19:57:18.885 INFO [main]
> org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
> ["https-openssl-apr-8443"] 12-Mar-2020 19:57:18.969 INFO [main]
> org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
> ["https-openssl-apr-8443"] 12-Mar-2020 19:57:18.969 INFO [main]
> org.apache.coyote.AbstractProtocol.destroy Destroying
> ProtocolHandler ["https-openssl-apr-8443"]

You are running an APR connector on 8443.

> 12-Mar-2020 23:05:10.776 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing
> ProtocolHandler ["https-jsse-nio-8443"] 12-Mar-2020 23:05:10.798
> SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException
> Failed to initialize component [Connector[HTTP/1.1-8443]]
> 12-Mar-2020 23:09:23.385 INFO [main]
> org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
> ["https-jsse-nio-8443"] 12-Mar-2020 23:09:23.439 INFO [main]
> org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
> ["https-jsse-nio-8443"] 12-Mar-2020 23:09:23.440 INFO [main]
> org.apache.coyote.AbstractProtocol.destroy Destroying
> ProtocolHandler ["https-jsse-nio-8443"]

You are also trying to run an NIO connector on port 8443.

If these are on the same interface, they cannot both be started at
once: choose one.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5r2JEACgkQHPApP6U8
pFiUsA//WVR3fPMC6LFLwu227cspTIwj3Gj2tVpZTehLChGEqY20dAQz4SS9x0cm
XOQpJJ65fNNlOEgnzUZB0VFv+rgyH3UfzLZiYe7Wu6GuPfGK2ySLuwlZA0Tlbeo5
ddzYIaq2YMelnpf9PFn2IKDpVhPOhpbVtHGfmZgcGfwlg56uKsrc54tuTav1r1B9
f/KHg3vF+mJUiFvaicfTPLN7X+vwJYTUgfeln4/2VONF3qsT3HO7LuUT1Z277ZPJ
9IPkyQHvK/vtcupBy8yx/9JZV/wGkKtKScz0CAwSnVBMUTy7+QUehWqT6QwhDQyC
Kc2OBerWmsFY3e+SByGjouet0bVJDbe6yESNkgCYbOFGWbrcuvqR3px/IfMbsxsN
XjfZXf7DRO8/tdgRf10Ea/v9WYVJjyC05X6HQts4yKNBCH0I/9LThylg1wFZJ1vU
DwhJ28NgrlIfFOWqNizjjEMdaUQ8eV1IVcRI9vW7wXda/d/jxih8ISEOQodJgTzK
wsalOWk0M8kC/+KHu/C3VpAg+CXf9rWEzXmYCeZTr2muQHvU5RRTY4XTwibYKGfb
KR0ouiM25ejyYo0/MUYqC3Jlh5clrvQHUmlSp/ygWAbIJD3Y3RrVaWuJ8YXdo41A
Udu7easgVYZq6VUwnuZqYCp7fJMGoRgJOiO6/87HGDv59SV3364=
=wu1M
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: OpenId with apache and tomcat

2020-03-13 Thread Luis Rodríguez Fernández 
Hello Stephane,

> moving authentication at tomcat level with an openid Realm

If I understand you correctly you want to make the authentication process
in tomcat instead of delegating in your apache proxy, don't you ? I would
have a look then at the tomcat keycloak adapter [1]. Me I am using the SAML
one in tomcat 8.5 & 9 and it works like a charm!

Hope it helps,

Luis

[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_tomcat_adapter






El vie., 13 mar. 2020 a las 17:53, Stephane Passignat (<
passig...@hotmail.com>) escribió:

> Hi,
>
> Actually I have Apache2 operating as proxy and authenticate layer (HTTP
> Form and HTTP Basic), in front of several Tomcat instances and webapps.
> Apache pushes the userId to tomcat through AJP.
> On tomcat side, the webapp has a Basic login-module in web.xml.
>
> I'm quite satisfied of the result, authentication and authorization are
> out of the application scope. The deployment and maintenance of
> application is super easy. The sensitive maintenance of authentication
> is made by a dedicated team...
>
> I wish to improve that adding OpenId Authentication, keeping apache as
> authentication layer with an openid connector, but the one I saw
> doesn't seems to be used a lot and is not available as precompiled for
> my os...
> I'm looking also at moving authentication at tomcat level with an
> openid Realm. It's not ideal because of the large number of
> applications are servers do impact and network configuration to change,
> ...
>
>
>
> Does someone have experience in this architecture ? Do you have some
> recommendation for Apache Module or Tomcat Realm to use ?
>
>
> Thanks
> Stephane
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

OpenId with apache and tomcat

2020-03-13 Thread Stephane Passignat 
Hi,

Actually I have Apache2 operating as proxy and authenticate layer (HTTP
Form and HTTP Basic), in front of several Tomcat instances and webapps.
Apache pushes the userId to tomcat through AJP.
On tomcat side, the webapp has a Basic login-module in web.xml.

I'm quite satisfied of the result, authentication and authorization are
out of the application scope. The deployment and maintenance of
application is super easy. The sensitive maintenance of authentication
is made by a dedicated team...

I wish to improve that adding OpenId Authentication, keeping apache as
authentication layer with an openid connector, but the one I saw
doesn't seems to be used a lot and is not available as precompiled for
my os...
I'm looking also at moving authentication at tomcat level with an
openid Realm. It's not ideal because of the large number of
applications are servers do impact and network configuration to change,
...



Does someone have experience in this architecture ? Do you have some
recommendation for Apache Module or Tomcat Realm to use ?


Thanks
Stephane

Re: ajp connector, nio vs nio2

2020-03-13 Thread Chris Cheshire 
On Fri, Mar 13, 2020 at 10:09 AM Mark Thomas  wrote:
>
> On 13/03/2020 13:54, Chris Cheshire wrote:
> > Using 9.0.31 on Java 8, I have my AJP connector configured as
> >
> >  > secretRequired="false" />
> >
> > According to the logs, this is defaulting to the NIO protocol.
>
> Correct.
>
> > The
> > connector comparison chart [1] implies that NIO2 is used for 8.5x
> > onwards.
>
> No, the Tomcat version line in that chart indicates from which version
> onwards the connector is available.
>
> > Shouldn't the AJP/1.3 protocol alias be using NIO2 by default (I don't
> > have APR/native installed)?
>
> No. It should use NIO.
>
> > What are the fundamental differences
> > between the two protocols?
>
> They work in fundamentally different ways (NIO - Poller vs NIO2 -
> callback) but for AJP, the actual difference in terms of performance,
> scalability etc is minimal. Personally, I'd stick with NIO.
>
> Mark
>
>

Thanks :)

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ajp connector, nio vs nio2

2020-03-13 Thread Mark Thomas 
On 13/03/2020 13:54, Chris Cheshire wrote:
> Using 9.0.31 on Java 8, I have my AJP connector configured as
> 
>  secretRequired="false" />
> 
> According to the logs, this is defaulting to the NIO protocol.

Correct.

> The
> connector comparison chart [1] implies that NIO2 is used for 8.5x
> onwards.

No, the Tomcat version line in that chart indicates from which version
onwards the connector is available.

> Shouldn't the AJP/1.3 protocol alias be using NIO2 by default (I don't
> have APR/native installed)?

No. It should use NIO.

> What are the fundamental differences
> between the two protocols?

They work in fundamentally different ways (NIO - Poller vs NIO2 -
callback) but for AJP, the actual difference in terms of performance,
scalability etc is minimal. Personally, I'd stick with NIO.

Mark


> 
> Chris
> 
> PS Yes I have the AJP port only on localhost and firewalled off :)
> 
> [1] 
> http://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Connector_Comparison
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: uploading multipart messages with Tomat 9.0.31 and TLS not working

2020-03-13 Thread Mark Thomas 
On 13/03/2020 13:52, Heinrich Michael (PS-EC/EBT3) wrote:
> Hello all,
> 
> I found out that I've trouble in uploading multipart messages with TLS in 
> Tomcat 9.0.31 (Windows server 2012/2016, Java 1.8.0_241, also 221). With the 
> same server config in 9.0.30 it works well. Uploading multipart messages in 
> 9.0.31 without TLS works also. This can be reproduced when using the manager 
> app with/without TLS. When using TLS, Tomcat logs below errors in the log 
> file.
> I'm just not sure if this is a bug or a wrong configuration/misunderstanding 
> from my site. Although I've found nothing in the change log for 9.0.31 that 
> makes me think I've to modify my config files.
> Is the problem I describe known to someone else or just a configuration issue?

https://bz.apache.org/bugzilla/show_bug.cgi?id=64195

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

ajp connector, nio vs nio2

2020-03-13 Thread Chris Cheshire 
Using 9.0.31 on Java 8, I have my AJP connector configured as



According to the logs, this is defaulting to the NIO protocol. The
connector comparison chart [1] implies that NIO2 is used for 8.5x
onwards.
Shouldn't the AJP/1.3 protocol alias be using NIO2 by default (I don't
have APR/native installed)? What are the fundamental differences
between the two protocols?

Chris

PS Yes I have the AJP port only on localhost and firewalled off :)

[1] http://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Connector_Comparison

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

uploading multipart messages with Tomat 9.0.31 and TLS not working

2020-03-13 Thread Heinrich Michael (PS-EC/EBT3) 
Hello all,

I found out that I've trouble in uploading multipart messages with TLS in 
Tomcat 9.0.31 (Windows server 2012/2016, Java 1.8.0_241, also 221). With the 
same server config in 9.0.30 it works well. Uploading multipart messages in 
9.0.31 without TLS works also. This can be reproduced when using the manager 
app with/without TLS. When using TLS, Tomcat logs below errors in the log file.
I'm just not sure if this is a bug or a wrong configuration/misunderstanding 
from my site. Although I've found nothing in the change log for 9.0.31 that 
makes me think I've to modify my config files.
Is the problem I describe known to someone else or just a configuration issue?


Catalina.log:
13-Mar-2020 10:32:53.273 INFO [https-openssl-nio-8743-exec-5] 
org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request 
header
 Note: further occurrences of HTTP request parsing errors will be logged at 
DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method 
name. HTTP method names must be tokens
at 
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:416)
at 
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Localhost.log:
13-Mar-2020 10:32:53.273 SEVERE [https-openssl-nio-8743-exec-5] 
org.apache.catalina.core.ApplicationContext.log HTMLManager: FAIL - Deploy 
Upload Failed, Exception: 
[org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException: Processing 
of multipart/form-data request failed. Stream ended unexpectedly]
java.io.IOException: 
org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException: Processing 
of multipart/form-data request failed. Stream ended unexpectedly
at 
org.apache.catalina.connector.Request.parseParts(Request.java:2917)
at 
org.apache.catalina.connector.Request.parseParameters(Request.java:3198)
at 
org.apache.catalina.connector.Request.getParameter(Request.java:1123)
at 
org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:381)
at 
org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:141)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:666)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at 
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at 
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

RE: Re: Urgent help tomcat 9 and https 8443

2020-03-13 Thread Siva.Saravanamuthu 
Mark,

Thanks. You waken my frozen concentration. Yes I was able to identify the error 
which is related APR library and I followed the step as per this article

https://www.openkm.com/wiki/index.php/Tomcat_native_libraries

which made port 8443 listen and able to load the URL with the certificate.

Regards,
Siva

-Original Message-
From: Mark Thomas 
Sent: Friday, 13 March 2020 6:30 PM
To: users@tomcat.apache.org
Subject: [EXT] Re: Urgent help tomcat 9 and https 8443


EXTERNAL:  This email originated from outside of the organization. Do not click 
any links or open any attachments unless you trust the sender and know the 
content is safe.

==
Please provide the complete catalina.log for a clean failed start.

To be specific:
- make sure Tomcat is not running
- delete all the files in the logs directory
- start Tomcat
- wait for start-up to complete
- provide us with the full catalina.log

Mark



On 13/03/2020 03:13, siva.saravanamu...@csl.com.au wrote:
> Below is the catalina.log output
>
> 12-Mar-2020 19:57:18.885 INFO [main]
> org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 19:57:18.969 INFO [main]
> org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 19:57:18.969 INFO [main]
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 20:34:44.758 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> to initialize component
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
> 12-Mar-2020 20:36:34.657 INFO [main]
> org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 20:36:34.704 INFO [1]
> org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 20:36:34.705 INFO [1]
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 20:36:36.981 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> to initialize component
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
> 12-Mar-2020 23:05:08.376 INFO [main]
> org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 23:05:08.426 INFO [main]
> org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 23:05:08.426 INFO [main]
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler
> ["https-openssl-apr-8443"]
> 12-Mar-2020 23:05:10.776 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:05:10.798 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> to initialize component [Connector[HTTP/1.1-8443]]
> 12-Mar-2020 23:09:23.385 INFO [main]
> org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:09:23.439 INFO [main]
> org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:09:23.440 INFO [main]
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:09:25.703 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:09:25.723 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> to initialize component [Connector[HTTP/1.1-8443]]
> 12-Mar-2020 23:10:47.171 INFO [main]
> org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:10:47.225 INFO [main]
> org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:10:47.225 INFO [main]
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:10:49.473 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:10:49.494 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> to initialize component [Connector[HTTP/1.1-8443]]
>
> From: Arvind Kumar (ZNetLive) 
> Sent: Friday, 13 March 2020 12:24 PM
> To: Tomcat Users List 
> Cc: Saravanamuthu, Sivakumar (Siva) AU/PKV
> 
> Subject: [EXT] RE: Urgent help tomcat 9 and https 8443
>
> EXTERNAL: This email originated from outside of the organization. Do not 
> click any links or open any attachments unless you trust the sender and know 
> the content is safe.
>
> 
>
> FYI
> From: Arvind Kumar (ZNetLive)
> Sent: 13 March 2020 06:53
> To: Tomcat Users List
> mailto:users@tomcat.apache.org>>
> Subject: RE: Urgent help

Re: Tomcat 8.5.51 (Linux) issue with the tomcat manager and empty responses of the manager's "stop" command

2020-03-13 Thread Tillmann Schulz 
Hello tomcat user group,
Today I solved my problem with the empty manager responses.The issue does not 
occur any more when using the new Java11-HTTP-Client to call the 
tomcat-manager.My old implmentation of the client was based on very old java 
functionality.

So I do not know whether it was an tomcat issue or not.
Best regards
Tillmann

Re: Tomcat 8.5.51 (Linux) issue with the tomcat manager and empty responses of the manager's "stop" command

2020-03-13 Thread Tillmann Schulz 
>>Are you able to make other /manager requests and get a good response?

YES,all other manager requests work and also the stop command works in some 
cases.
We have a destroy method in our Servlet implemented that needs some seconds 
when the app is stopped. This destroy method can take more time than the 
specified servlet timeout (20s secs). 
This was never not a problem in prior tomcat versions. 


Best regards

Tillmann

Re: Problem with tomcat connector in IIS using tomcat 9.0.31

2020-03-13 Thread Matthias Fechner 
Thanks Christopher,

Am 12.03.2020 um 16:11 schrieb Christopher Schultz:
> The complete new default pattern is:
>
>
> (javax\.servlet\.request\.(cipher_suite|key_size|ssl_session|X509Certifi
> cate)|CERT_(ISSUER|SUBJECT|COOKIE|FLAGS|SERIALNUMBER)|HTTPS_(SERVER_SUBJ
> ECT|SECRETKEYSIZE|SERVER_ISSUER|KEYSIZE))

I tested it with the new pattern successfully.

Gruß
Matthias

-- 

"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook



signature.asc
Description: OpenPGP digital signature

Re: Urgent help tomcat 9 and https 8443

2020-03-13 Thread Mark Thomas 
Please provide the complete catalina.log for a clean failed start.

To be specific:
- make sure Tomcat is not running
- delete all the files in the logs directory
- start Tomcat
- wait for start-up to complete
- provide us with the full catalina.log

Mark



On 13/03/2020 03:13, siva.saravanamu...@csl.com.au wrote:
> Below is the catalina.log output
> 
> 12-Mar-2020 19:57:18.885 INFO [main] org.apache.coyote.AbstractProtocol.pause 
> Pausing ProtocolHandler ["https-openssl-apr-8443"]
> 12-Mar-2020 19:57:18.969 INFO [main] org.apache.coyote.AbstractProtocol.stop 
> Stopping ProtocolHandler ["https-openssl-apr-8443"]
> 12-Mar-2020 19:57:18.969 INFO [main] 
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler 
> ["https-openssl-apr-8443"]
> 12-Mar-2020 20:34:44.758 SEVERE [main] 
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
> initialize component 
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
> 12-Mar-2020 20:36:34.657 INFO [main] org.apache.coyote.AbstractProtocol.pause 
> Pausing ProtocolHandler ["https-openssl-apr-8443"]
> 12-Mar-2020 20:36:34.704 INFO [1] org.apache.coyote.AbstractProtocol.stop 
> Stopping ProtocolHandler ["https-openssl-apr-8443"]
> 12-Mar-2020 20:36:34.705 INFO [1] org.apache.coyote.AbstractProtocol.destroy 
> Destroying ProtocolHandler ["https-openssl-apr-8443"]
> 12-Mar-2020 20:36:36.981 SEVERE [main] 
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
> initialize component 
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
> 12-Mar-2020 23:05:08.376 INFO [main] org.apache.coyote.AbstractProtocol.pause 
> Pausing ProtocolHandler ["https-openssl-apr-8443"]
> 12-Mar-2020 23:05:08.426 INFO [main] org.apache.coyote.AbstractProtocol.stop 
> Stopping ProtocolHandler ["https-openssl-apr-8443"]
> 12-Mar-2020 23:05:08.426 INFO [main] 
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler 
> ["https-openssl-apr-8443"]
> 12-Mar-2020 23:05:10.776 INFO [main] org.apache.coyote.AbstractProtocol.init 
> Initializing ProtocolHandler ["https-jsse-nio-8443"]
> 12-Mar-2020 23:05:10.798 SEVERE [main] 
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
> initialize component [Connector[HTTP/1.1-8443]]
> 12-Mar-2020 23:09:23.385 INFO [main] org.apache.coyote.AbstractProtocol.pause 
> Pausing ProtocolHandler ["https-jsse-nio-8443"]
> 12-Mar-2020 23:09:23.439 INFO [main] org.apache.coyote.AbstractProtocol.stop 
> Stopping ProtocolHandler ["https-jsse-nio-8443"]
> 12-Mar-2020 23:09:23.440 INFO [main] 
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler 
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:09:25.703 INFO [main] org.apache.coyote.AbstractProtocol.init 
> Initializing ProtocolHandler ["https-jsse-nio-8443"]
> 12-Mar-2020 23:09:25.723 SEVERE [main] 
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
> initialize component [Connector[HTTP/1.1-8443]]
> 12-Mar-2020 23:10:47.171 INFO [main] org.apache.coyote.AbstractProtocol.pause 
> Pausing ProtocolHandler ["https-jsse-nio-8443"]
> 12-Mar-2020 23:10:47.225 INFO [main] org.apache.coyote.AbstractProtocol.stop 
> Stopping ProtocolHandler ["https-jsse-nio-8443"]
> 12-Mar-2020 23:10:47.225 INFO [main] 
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler 
> ["https-jsse-nio-8443"]
> 12-Mar-2020 23:10:49.473 INFO [main] org.apache.coyote.AbstractProtocol.init 
> Initializing ProtocolHandler ["https-jsse-nio-8443"]
> 12-Mar-2020 23:10:49.494 SEVERE [main] 
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
> initialize component [Connector[HTTP/1.1-8443]]
> 
> From: Arvind Kumar (ZNetLive) 
> Sent: Friday, 13 March 2020 12:24 PM
> To: Tomcat Users List 
> Cc: Saravanamuthu, Sivakumar (Siva) AU/PKV 
> Subject: [EXT] RE: Urgent help tomcat 9 and https 8443
> 
> EXTERNAL: This email originated from outside of the organization. Do not 
> click any links or open any attachments unless you trust the sender and know 
> the content is safe.
> 
> 
> 
> FYI
> From: Arvind Kumar (ZNetLive)
> Sent: 13 March 2020 06:53
> To: Tomcat Users List 
> mailto:users@tomcat.apache.org>>
> Subject: RE: Urgent help tomcat 9 and https 8443
> 
> Please make sure port 8443 is listing if not try to restart your tomcat once 
> and then check the listing, once you get it is listing, please run below 
> command to allow 8443 to open outside of your server.
> 
> iptables -I INPUT -m tcp -p tcp -s  0.0.0.0/0 --dport 8080 -j ACCEPT
> 
> How to check 8443 Is listing,
> 
> Netstat -tnap | grep 8443
> 
> From: siva.saravanamu...@csl.com.au 
> mailto:siva.saravanamu...@csl.com.au>>
> Sent: 13 March 2020 06:17
> To: users@tomcat.apache.org
> Subject: Urgent help tomcat 9 and https 8443
> 
> Hello Everyone,
> 
> I am new to this group and tomcat.
> 
> I am having issue