Unexpected double-slash in javax.servlet.forward.request_uri

2022-08-24 Thread Christopher Schultz 

All,

I haven't tried narrowing this down very much yet, but I have a 
situation where I'm using javax.servlet.forward.request_uri to build a 
URI and the string I'm pulling from there starts with TWO / characters 
instead of one.


This ends up breaking navigation because the browser interprets this as 
a protocol-relative URI instead of a host-relative URI and Bar Things 
happen.


Has anyone ever seen anything like this?

Tomcat 8.5.latest.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Native and macOS 10.15.7

2022-08-24 Thread Christopher Schultz 

Thad,

On 8/23/22 10:49, Thad Humphries wrote:

On Tue, Aug 23, 2022 at 10:18 AM Mark Thomas  wrote:


On 23/08/2022 14:12, Thad Humphries wrote:

I'm trying to understand a problem I'm having with Tomcat Native since
moving from 1.2.x to 2.0.

For several years I have been running Tomcat 9.0.12 in Eclipse and 9.0.37
for localhost on my home and office Mac Mini's with macOS 10.15.7

Catalina.

Both use OpenJDK 8 from Amazon. To support development I have a

self-signed

certificate and until recently used Tomcat Native 1.2.x installed with
Homebrew. I added `CATALINA_OPTS="-Xmx1024m
-Djava.library.path=/usr/local/opt/tomcat-native/lib"` to my

bin/setevn.sh


With this configuration I was able to the
connector org.apache.coyote.http11.Http11AprProtocol with UpgradeProtocol
for org.apache.coyote.http2.Http2Protocol

Recently Homebrew replaced Tomcat Native 1.2.x with 2.0.1. Since then

when

Tomcat starts I see in catalina.out "The Apache Tomcat Native library

which

allows using OpenSSL was not found on the java.library.path:
[/usr/local/opt/tomcat-native/lib]". I've had to switch my development to
connector org.apache.coyote.http11.Http11NioProtocol (I need SSL for my
client-server setup).

I've tried using a Tomcat Native 2 I built myself, but get the same "not
found on the java.library.path" message. I tried using a Tomcat Native
1.2.35 I built myself but got the following stacktrace in catalina.out

23-Aug-2022 03:07:29.541 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded

Apache

Tomcat Native library [1.2.35] using APR version [1.7.0].
23-Aug-2022 03:07:29.541 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false],

random

[true].
23-Aug-2022 03:07:29.541 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
configuration: useAprConnector [false], useOpenSSL [true]
23-Aug-2022 03:07:29.544 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been

implemented

on this platform
at org.apache.tomcat.jni.SSL.initialize(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at


sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at


sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)
at


org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:289)

at


org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:136)

at


org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)

at


org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135)
at org.apache.catalina.startup.Catalina.load(Catalina.java:690)
at org.apache.catalina.startup.Catalina.load(Catalina.java:712)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at


sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at


sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)

What is the issue I'm seeing and how might it be corrected if I want to

run

Tomcat Native for the APR protocol?


You can't.

The APR connector has been deprecated and has been removed in Tomcat
10.1.x onwards.

Tomcat Native 2.0.x does not support the APR connectors.

You need to switch to NIO or NIO2. If you want to use OpenSSL for TLS
then you can do so (you'll need Tomcat Native 2.0.x and OpenSSL). Look
at the docs for the sslImplementationName attribute.


BTW, this is not critical to me; I can live with NIO. However I'm the

*only*

person on this team who pays any attention to Tomcat, and I may be having
to explain this to my coworkers and our boss. Others use a mix of Linux,
Windows, and Mac. Most don't use SSL internally but some use the AJP
connector for Apache, and IIRC that needs Tomcat Native, too.


AJP does not require APR/Native. There are NIO and NIO2 implementations
for AJP.

Mark



Thank you, Mark. That all makes sense. I'll look at the docs you've
referenced. I recall once watching some YouTube videos on Tomcat
connectors. I'll find and rewatch those, too.


Some additional details:

tcnative 2.x, while not supporting the APR connector, supports 
everything you need for native cryptographic operations via OpenSSL. It 
likely works with LibreSSL as well but there hasn't been significant 
testing done, there.


Switching from APR to NIO+tcnative+OpenSSL should give you a reasonably 
efficient connector which is slightly "safer" th