Re: Dynamic Configuration on TC startup

2021-02-23 Thread Martynas Jusevičius 
I think this is where you need to wrap your apps into Docker images :)

See this base image for example:
https://hub.docker.com/r/atomgraph/letsencrypt-tomcat
It configures server.xml by using an XSLT stylesheet and environmental
parameters: 
https://github.com/AtomGraph/letsencrypt-tomcat/blob/master/entrypoint.sh#L134

And this image extends it and adds the webapp (as ROOT) in a two-stage
build: https://github.com/AtomGraph/LinkedDataHub/blob/master/Dockerfile#L139

Hope it helps.

On Wed, Feb 24, 2021 at 12:45 AM Jerry Malcolm  wrote:
>
> The server solution I am developing is split across multiple Amazon Web
> Services EC2 instances.  They all use the same TC WAR images.  But each
> server handles a different portion of the functionality
> aaa.mydomain.com is called for one set of function, and bbb.mydomain.com
> is called for another set of function.  This is not load balancing the
> same server.  It's two separate TC "hosts" with two different server
> names, but the same code base.
>
> It hugely simplifies maintenance if I can create one EC2 server image
> (AWS AMI) and clone it to both aaa.mydomain and bbb.mydomain servers.
> But the one issue is the TC configuration.  The TC host name on aaa
> needs to be configured as aaa.mydomain.com and bbb TC host name needs to
> be configured as bbb.mydomain.com.
>
> I figure the brute force method is to clone the AMI to both and then
> scp/ftp one TC config directory to aaa and a different TC config
> directory to bbb.  That will work.  But in my mind it's not elegant, and
> until I write automation scripts, it requires manual intervention.
>
> This may be a short thread if you say that's the way to do it. Fine.
> But I do want to ask if there's any better ways to do this that I'm not
> aware of, such as using RDNS or something at TC boot to identify if I'm
> aaa or bbb based on my ip address and then boot the appropriate Tomcat
> config accordingly.  Ok, maybe I'm just blue skying  But I would
> like a few opinions from people a lot closer to this area than I am.
>
> One other fly in the ointment is that a few of the hosts currently have
> light activity, but may grow.  So in a couple of cases, I have multiple
> virtual TC hosts (ccc.mydomain, ddd.mydomain, and eee.mydomain) on one
> single EC2 instance allowing for the capability to split any one of
> those out to its own EC2 instance in the future as needed.
>
> So EC2-a has aaa, EC2-b has bbb, and EC2-c has ccc, ddd, and eee hosts.
> But again, all of TC hosts run the same WAR packages.
>
> Thanks.
>
> Jerry
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Dynamic Configuration on TC startup

2021-02-23 Thread Jerry Malcolm 
The server solution I am developing is split across multiple Amazon Web 
Services EC2 instances.  They all use the same TC WAR images.  But each 
server handles a different portion of the functionality 
aaa.mydomain.com is called for one set of function, and bbb.mydomain.com 
is called for another set of function.  This is not load balancing the 
same server.  It's two separate TC "hosts" with two different server 
names, but the same code base.


It hugely simplifies maintenance if I can create one EC2 server image 
(AWS AMI) and clone it to both aaa.mydomain and bbb.mydomain servers.  
But the one issue is the TC configuration.  The TC host name on aaa 
needs to be configured as aaa.mydomain.com and bbb TC host name needs to 
be configured as bbb.mydomain.com.


I figure the brute force method is to clone the AMI to both and then 
scp/ftp one TC config directory to aaa and a different TC config 
directory to bbb.  That will work.  But in my mind it's not elegant, and 
until I write automation scripts, it requires manual intervention.


This may be a short thread if you say that's the way to do it. Fine.  
But I do want to ask if there's any better ways to do this that I'm not 
aware of, such as using RDNS or something at TC boot to identify if I'm 
aaa or bbb based on my ip address and then boot the appropriate Tomcat 
config accordingly.  Ok, maybe I'm just blue skying  But I would 
like a few opinions from people a lot closer to this area than I am.


One other fly in the ointment is that a few of the hosts currently have 
light activity, but may grow.  So in a couple of cases, I have multiple 
virtual TC hosts (ccc.mydomain, ddd.mydomain, and eee.mydomain) on one 
single EC2 instance allowing for the capability to split any one of 
those out to its own EC2 instance in the future as needed.


So EC2-a has aaa, EC2-b has bbb, and EC2-c has ccc, ddd, and eee hosts.  
But again, all of TC hosts run the same WAR packages.


Thanks.

Jerry


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TOMCAT 9 Upgrade :--java.lang.NoClassDefFoundError: org/apache/tomcat/util/net/ServerSocketFactory

2021-02-23 Thread Rémy Maucherat 
On Tue, Feb 23, 2021 at 4:47 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Ravi,
>
> On 2/23/21 10:19, Ravi Kumar wrote:
> > Using this Interface , trying to obtain the object of type
> > ServerSocketFactory in my application.
> > Could you please point towards any other viable alternative ?
> >
> > @Override
> > 
> >  public ServerSocketFactory
> > <
> http://java.sun.com/j2se/1%2E5%2E0/docs/api/javax/net/ServerSocketFactory.html
> >
> > getServerSocketFactory(AbstractEndpoint abstractendpoint) {
> >  return new JSSESocketFactory(abstractendpoint);
> >  }
>
> No, that's "how you are doing it". Nobody just wants to get a reference
> to a ServerSocketFactory object because it looks pretty. What are you
> actually trying to accomplish?
>
> (e.g. log the TLS protocol, customize the cipher suites, etc.)
>

I know people who extended this to add features. The problem is that this
had to go following the removal of java.io in Tomcat, and now the SSLEngine
has to be used instead [compatible with NIO and NIO2]. But it's a huge
change.

Rémy


>
> -chris
>
> > On Tue, Feb 23, 2021 at 8:15 PM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> Ravi,
> >>
> >> Please don't email list members directly. I'm happy to offer paid
> >> support if you want to email me directly.
> >>
> >> On 2/23/21 05:11, Ravi Kumar wrote:
> >>> We are upgrading the tomcat web server getting used in our web
> >>> application. Currently we are using tomcat 7 and now migrating to
> TOMCAT
> >>> 9.0.43.
> >>> We have an existing  HTTPS based application created using tomcat 7.
> >>> Now after migration and upgrading to tomcat 9, while starting this same
> >>> https application, we are receiving the error message as mentioned
> below
> >>> *SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
> >>> java.lang.NoClassDefFoundError:
> >>> org/apache/tomcat/util/net/ServerSocketFactory*
> >>> *
> >>> *
> >>>It seems that org.apache.tomcat.util.net
> >>> .*ServerSocketFaactory *class has
> >>> been removed since tomcat 8.5.53 and in Tomcat 9 also.
> >>
> >> Correct.
> >>
> >>> Requesting for the helpful suggestion to make our existing application
> >>> working with Tomcat 9 and to resolve this error.
> >>> Please let me know if more information is required.
> >>
> >> What do you need this class for? Tomcat's socket handling has been
> >> refactored between 7.x and 8.x and that class was no longer necessary.
> >>
> >> If your code uses that class directly, you will have to find another way
> >> to accomplish what you are doing.
> >>
> >> So... what are you trying to do?
> >>
> >> -chris
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: TOMCAT 9 Upgrade :--java.lang.NoClassDefFoundError: org/apache/tomcat/util/net/ServerSocketFactory

2021-02-23 Thread Christopher Schultz 

Ravi,

On 2/23/21 10:19, Ravi Kumar wrote:

Using this Interface , trying to obtain the object of type
ServerSocketFactory in my application.
Could you please point towards any other viable alternative ?

@Override

 public ServerSocketFactory

getServerSocketFactory(AbstractEndpoint abstractendpoint) {
 return new JSSESocketFactory(abstractendpoint);
 }


No, that's "how you are doing it". Nobody just wants to get a reference 
to a ServerSocketFactory object because it looks pretty. What are you 
actually trying to accomplish?


(e.g. log the TLS protocol, customize the cipher suites, etc.)

-chris


On Tue, Feb 23, 2021 at 8:15 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:


Ravi,

Please don't email list members directly. I'm happy to offer paid
support if you want to email me directly.

On 2/23/21 05:11, Ravi Kumar wrote:

We are upgrading the tomcat web server getting used in our web
application. Currently we are using tomcat 7 and now migrating to TOMCAT
9.0.43.
We have an existing  HTTPS based application created using tomcat 7.
Now after migration and upgrading to tomcat 9, while starting this same
https application, we are receiving the error message as mentioned below
*SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
java.lang.NoClassDefFoundError:
org/apache/tomcat/util/net/ServerSocketFactory*
*
*
   It seems that org.apache.tomcat.util.net
.*ServerSocketFaactory *class has
been removed since tomcat 8.5.53 and in Tomcat 9 also.


Correct.


Requesting for the helpful suggestion to make our existing application
working with Tomcat 9 and to resolve this error.
Please let me know if more information is required.


What do you need this class for? Tomcat's socket handling has been
refactored between 7.x and 8.x and that class was no longer necessary.

If your code uses that class directly, you will have to find another way
to accomplish what you are doing.

So... what are you trying to do?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TOMCAT 9 Upgrade :--java.lang.NoClassDefFoundError: org/apache/tomcat/util/net/ServerSocketFactory

2021-02-23 Thread Ravi Kumar 
Using this Interface , trying to obtain the object of type
ServerSocketFactory in my application.
Could you please point towards any other viable alternative ?

@Override

public ServerSocketFactory

getServerSocketFactory(AbstractEndpoint abstractendpoint) {
return new JSSESocketFactory(abstractendpoint);
}

Thanks in Advance,
Regards,
Ravi

On Tue, Feb 23, 2021 at 8:15 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Ravi,
>
> Please don't email list members directly. I'm happy to offer paid
> support if you want to email me directly.
>
> On 2/23/21 05:11, Ravi Kumar wrote:
> > We are upgrading the tomcat web server getting used in our web
> > application. Currently we are using tomcat 7 and now migrating to TOMCAT
> > 9.0.43.
> > We have an existing  HTTPS based application created using tomcat 7.
> > Now after migration and upgrading to tomcat 9, while starting this same
> > https application, we are receiving the error message as mentioned below
> > *SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
> > java.lang.NoClassDefFoundError:
> > org/apache/tomcat/util/net/ServerSocketFactory*
> > *
> > *
> >   It seems that org.apache.tomcat.util.net
> > .*ServerSocketFaactory *class has
> > been removed since tomcat 8.5.53 and in Tomcat 9 also.
>
> Correct.
>
> > Requesting for the helpful suggestion to make our existing application
> > working with Tomcat 9 and to resolve this error.
> > Please let me know if more information is required.
>
> What do you need this class for? Tomcat's socket handling has been
> refactored between 7.x and 8.x and that class was no longer necessary.
>
> If your code uses that class directly, you will have to find another way
> to accomplish what you are doing.
>
> So... what are you trying to do?
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Subclassing RemoteCIDRFilter in an application

2021-02-23 Thread Christopher Schultz 

All,

On 2/23/21 10:08, Christopher Schultz wrote:
Tomcat has both RemoteCIDRFilter and RemoteIPFilter: why re-invent the 
wheel?


Looking at RemoteCIDRFilter (which is much more flexible than 
RemoteIPFilter), I can see these methods:


Oops, I meant RemoteAddressFilter, here, of course

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Subclassing RemoteCIDRFilter in an application

2021-02-23 Thread Christopher Schultz 

All,

A bunch of clients at $work are suddenly asking if they can restrict 
their users to certain IP "addresses" when logging-in. Should be easy 
with a Filter or similar, right?


Tomcat has both RemoteCIRDFilter and RemoteIPFilter: why re-invent the 
wheel?


Looking at RemoteCIDRFilter (which is much more flexible than 
RemoteIPFilter), I can see these methods:


  public void setDeny(String deny);
  public String getDeny();
  public void setAllow(String allow);
  public String getAllow();

At first, I thought "maybe I can simply subclass and override 
getAllow()" but the class's code references its own member directly:



private boolean isAllowed(final String property) {
[...]

for (final NetMask nm : allow) {
if (nm.matches(addr)) {
return true;
}
}

[...]
}

The isAllowed() method itself is private and therefore not overridable.

For the sake of argument, I could change that code to:

for (final NetMask nm : getAllowNetMasks()) {
if (nm.matches(addr)) {
return true;
}
}

... and introduce a new method which returns that member, then override 
it in my subclass.


Since this control needs to be implemented as a per-user setting, the 
existing "allow" and "deny" members would be ignored.


Other than a trivial waste of memory (and the dependence upon 
Tomcat-specific code), can anyone think of a reason not to simply make 
these changes and subclass the Filter in my own application?


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TOMCAT 9 Upgrade :--java.lang.NoClassDefFoundError: org/apache/tomcat/util/net/ServerSocketFactory

2021-02-23 Thread Christopher Schultz 

Ravi,

Please don't email list members directly. I'm happy to offer paid 
support if you want to email me directly.


On 2/23/21 05:11, Ravi Kumar wrote:
We are upgrading the tomcat web server getting used in our web 
application. Currently we are using tomcat 7 and now migrating to TOMCAT 
9.0.43.

We have an existing  HTTPS based application created using tomcat 7.
Now after migration and upgrading to tomcat 9, while starting this same 
https application, we are receiving the error message as mentioned below

*SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
java.lang.NoClassDefFoundError: 
org/apache/tomcat/util/net/ServerSocketFactory*

*
*
  It seems that org.apache.tomcat.util.net 
.*ServerSocketFaactory *class has 
been removed since tomcat 8.5.53 and in Tomcat 9 also.


Correct.

Requesting for the helpful suggestion to make our existing application 
working with Tomcat 9 and to resolve this error.

Please let me know if more information is required.


What do you need this class for? Tomcat's socket handling has been 
refactored between 7.x and 8.x and that class was no longer necessary.


If your code uses that class directly, you will have to find another way 
to accomplish what you are doing.


So... what are you trying to do?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

TOMCAT 9 Upgrade :--java.lang.NoClassDefFoundError: org/apache/tomcat/util/net/ServerSocketFactory

2021-02-23 Thread Ravi Kumar 
Dear Tomcat Team,

We are upgrading the tomcat web server getting used in our web application.
Currently we are using tomcat 7 and now migrating to TOMCAT 9.0.43.
We have an existing  HTTPS based application created using tomcat 7.
Now after migration and upgrading to tomcat 9, while starting this same
https application, we are receiving the error message as mentioned below

*SEVERE: Failed to initialize component
[Connector[HTTP/1.1-8443]]java.lang.NoClassDefFoundError:
org/apache/tomcat/util/net/ServerSocketFactory*

 It seems that org.apache.tomcat.util.net.*ServerSocketFaactory *class has
been removed since tomcat 8.5.53 and in Tomcat 9 also.

Requesting for the helpful suggestion to make our existing application
working with Tomcat 9 and to resolve this error.
Please let me know if more information is required.

Regards,
Ravi