Re: Can't get RemoteIpValve to work

Leon, On 3/24/23 10:09, Leon Rosenberg wrote: Full log output (dumping out headers, without the valve): 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: host; value: api.myhost.net 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO

Re: Unable to start application

production (our prod is db2) Sounds like: 1. This is dev, so you should fix your key+cert instead of hacking stunnel 2. You are using different databases in different environments. WTH? -chris On Mon, Mar 20, 2023, 20:09 Christopher Schultz < ch...@christopherschultz.net> wrote: Kevin

Re: GoDaddy SSL certificate not working with Tomcat9

Ralph, On 3/21/23 06:38, Ralph Grove wrote: > [snip] > Alias name: tomcat Creation date: Mar 21, 2023 Entry type: trustedCertEntry You created a keystore with no keys. Where is the key you used to generate the CSR? That key needs to be in your keystore under the alias 'tomcat' alongside

Re: Unable to start application

Kevin, On 3/18/23 19:04, Kevin Huntly wrote: I can't use tomcat 10 because of the switch to jakarta for the servlet container - I'd have to rewrite a lot of code. That being said, I got it fixed: All JDBC and JNDI lookups were prefixed with "java:comp/env/" and things worked. Clearly, IBM's

Re: Quick Question with Tomcat 10.1x

Jon, On 3/16/23 15:19, jonmcalexan...@wellsfargo.com.INVALID wrote: -Original Message- From: jonmcalexan...@wellsfargo.com.INVALID Sent: Thursday, March 16, 2023 1:54 PM To: users@tomcat.apache.org Subject: RE: Quick Question with Tomcat 10.1x -Original Message- From:

Re: How to configure and verified chain certificat

Olivier, On 3/14/23 10:07, Olivier Studer wrote: I use Tomcat 9 version. I have configured the server.xml as following to use certificate signed. But I have an error with openssl command to verify it is correctly configured. Command and output: echo | openssl s_client -showcerts -connect

Re: [OT] Issues with XMLDSIG

is /mostly/ applicable. I'm having trouble tarcking-down why this particular provider's SAML responses are failing to validate. Thanks, -chris On Mon, Mar 13, 2023 at 3:27 PM Christopher Schultz < ch...@christopherschultz.net> wrote: All, I'm having a bit of trouble validating

[OT] Issues with XMLDSIG

All, I'm having a bit of trouble validating a SAML response which has been signed by Okta (who know a thing or two about signed XML), and the code I'm using was written by me using the basic Java XML security APIs, so I'm thinking there is something off with what I'm doing. If anyone has

Re: HTTP Error 414. The request URL is too long.

Stefan, On 3/10/23 02:27, Stefan Mayr wrote: Am 10.03.2023 um 07:58 schrieb Thomas Hoffmann (Speed4Trade GmbH): You should keep an eye on this log entry: this is a GET request as your SAMPLE POST already indicated. Maybe you can check back with your developers that they change their code to

Re: Apache Tomcat wire logging does not show POST data payload

Aditya, On 3/9/23 09:29, Aditya Kumar wrote: I edited my log4j2.xml to include these lines: Now in my defined serverlog I see the http wire traffic I am after. However there is one problem. For POST requests from my Tomcat server I can only see request/response HTTP headers. I cannot

Re: catalina.out, was Re: Connector definitions

James, On 3/8/23 17:05, James H. H. Lampert wrote: On 3/8/23 1:34 PM, Zerro wrote: On the Linux box Tomcat is probably started by systemd, therefore no catalina.out Very likely, but can you elaborate on that? I'm much more of a DOS (to the point of having gone to great lengths to set up a

Re: sslHostConfig and ciphers

other end that you are trying to debug, here, then I think you are barking up the wrong tree. -chris -Original Message----- From: Christopher Schultz Sent: Wednesday, March 8, 2023 10:23 AM To: users@tomcat.apache.org Subject: Re: sslHostConfig and ciphers Jon, On 3/8/23 11:04, jo

Re: Connector definitions, Re: Tomcat 8 impending EOL -- what's the minimum Java for Tomcat 9?

James, On 3/7/23 16:09, James H. H. Lampert wrote: (I have the general impression that APR is not an option on IBM Midrange boxes, but I could be mistaken.) It might be. https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=chs-apache-apr-apr-util-libraries-included-withibm-http-server

Re: Connector definitions, Re: Tomcat 8 impending EOL -- what's the minimum Java for Tomcat 9?

Mark, On 3/8/23 03:31, Mark Thomas wrote: On 07/03/2023 21:09, James H. H. Lampert wrote: Dear Mesrs. Thomas, Schultz, et al.: Changing it to "org.apache.coyote.http11.Http11NioProtocol" did the trick. The Tomcat 9 server launched, on our cloud Midrange box, and both it and the webapp

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

Bhavesh, On 3/7/23 22:07, Bhavesh Mistry wrote: Hi Mark Thomas and Tomcat Team, We have a strange issue with Tomcat 9.0.72.  All 204 response does not complete in firefox.  It works in the Chrome browser.  If we downgrade the tomcat version is less than .72. Everything works on all browsers.

Re: AW: sslHostConfig and ciphers

Thomas, On 3/8/23 11:16, Thomas Hoffmann (Speed4Trade GmbH) wrote: the error messages when encryption/decryption fails are often not much helpful. I don't see any evience of encryption or decryption operations failing. -chris -Ursprüngliche Nachricht- Von:

Re: sslHostConfig and ciphers

Jon, On 3/8/23 11:04, jonmcalexan...@wellsfargo.com.INVALID wrote: So, this is giving out this errors: javax.net.ssl|WARNING|01|main|2023-03-03 16:14:43.438 UTC|SSLSocketImpl.java:1468|handling exception ( "throwable" : { java.net.SocketException: Connection reset at

Re: Connector definitions, Re: Tomcat 8 impending EOL -- what's the minimum Java for Tomcat 9?

James, On 3/7/23 03:35, Mark Thomas wrote: On 06/03/2023 23:58, James H. H. Lampert wrote: On 03/03/2023 17:44, I wrote: Ok, another question: will Tomcat 9 accept a "legacy" connector definition in the form as shown below? protocol="org.apache.coyote.http11.Http11Protocol"

[ANN] Apache Tomcat 10.1.7 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.7. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 8.5.87 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.87. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.87 is a bugfix and

Re: Unpackwar

Mark, On 3/2/23 09:39, Mark Thomas wrote: On 02/03/2023 14:20, Devatha Naga Puneeth wrote: Hi, I checked the documentation and only understood that if unpackwar enabled then contents of the application will be extracted in the appBase. What is the use of UnpackWar to false ? When to prefer

Re: Apache Tomcat 10.1.6 is giving me java.lang.ClassNotFoundException: jakarta.servlet.jsp.JspFactory

nd any of its dependencies (but not JSP-API, which is provided by Tomcat). -chris On Thursday, March 2, 2023 at 01:51:56 AM GMT+8, Christopher Schultz wrote: Karen, On 3/1/23 10:21 AM, Karen Goh wrote:   hi Chris, I am following advice from ClassNotFoundException: ja

Re: Apache Tomcat 10.1.6 is giving me java.lang.ClassNotFoundException: jakarta.servlet.jsp.JspFactory

advise me now. Tks. If you are using jetty:run then you are probably not using Tomcat. >:| -chris On Wednesday, March 1, 2023 at 10:19:18 PM GMT+8, Christopher Schultz wrote: Karen, On 3/1/23 09:09, Karen Goh wrote: Hello experts, I need desperate help to

Re: Apache Tomcat 10.1.6 is giving me java.lang.ClassNotFoundException: jakarta.servlet.jsp.JspFactory

Karen, On 3/1/23 09:09, Karen Goh wrote: Hello experts, I need desperate help to fix this java.lang.ClassNotFoundException: jakarta.servlet.jsp.JspFactory Here are my dependencies which I have installed but still Tomcat will still purge out the ClassNotFound error :                      

Re: Tomcat V8.5.85

Nitish, On 2/24/23 13:50, Nitish Khune wrote: Since I upgraded from 8.5.84 to 8.5.85 or later, Any REST API with below header throws a context mismatch exception It would be great if you are able to download the 8.5.87 release-candidate and test whether this problem is resolved for you. If

Re: Database related performance degradation after upgrading from Tomcat 9.0.33 to Tomcat 9.0.69

Artur, On 2/23/23 15:55, Artur Tomusiak - Hannon Hill wrote: Thanks everyone for the information and advice. Thanks to you we were able to track this down to a specific version of Tomcat and DBCP. Simply copying tomcat-dbcp.jar file from Tomcat 9.0.38 to Tomcat 9.0.33 and running Tomcat 9.0.33

[ANN] Apache Tomcat 10.1.6 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.6. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 8.5.86 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.86. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.86 is a bugfix and

Re: Tomcat 10.0.x

Amn, On 2/18/23 14:22, Amn Ojee Uw wrote: But, Debian has no upgrades for Tomcat 11. I am new to Linux and I am using Debian. Should I uninstall Tomcat and then install version 11 of it? Tomcat 11 is a pre-release version of Tomcat. The best version of Tomcat to use depends upon your needs.

Re: AW: AW: Having trouble with Tomcat crashes. Interesting memory numbers in Manager

Shawn, On 2/9/23 17:18, Shawn Heisey wrote: On 2/9/23 12:54, Christopher Schultz wrote: It would be unusual for the OS to reclaim any of that memory from the JVM process. Are you looking at OS heap usage, or "JVM heap" usage? From your description above, it's tough to tell. The tool

Re: AW: AW: Having trouble with Tomcat crashes. Interesting memory numbers in Manager

James, On 2/7/23 20:35, James H. H. Lampert wrote: Monitored the thing all day, taking the CPU usage (via a WRKACTJOB) and the current heap size and heap-in-use (via option 5 of a WRKJVMJOB) every 15 minutes. Heap size was 4925.375M (out of a maximum of 5120M) at 08:45, and the OS took heap

Re: Basic SSL Certificate Usage logging

AM To: users@tomcat.apache.org Subject: Re: Basic SSL Certificate Usage logging On 10/01/2023 13:52, Christopher Schultz wrote: Jon, On 1/9/23 18:17, jonmcalexan...@wellsfargo.com.INVALID wrote: Yes Chris, It's just for during startup. For a particular instance I would like to capture

Re: AW: AW: Having trouble with Tomcat crashes. Interesting memory numbers in Manager

Thomas, James, On 2/6/23 17:00, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello James, -Ursprüngliche Nachricht- Von: James H. H. Lampert Gesendet: Montag, 6. Februar 2023 18:18 An: Tomcat Users List Betreff: Re: AW: Having trouble with Tomcat crashes. Interesting memory numbers in

Re: How can I extend AceessLogValue

Hello, On 2/2/23 08:00, shallowinggg wrote: traceId has in request header, but it is encrypted, I need to parse it. %{xxx}i can get header, but encrypted value How about writing a Filter which takes the value from the header, decrypts it, and then puts the unencrypted value into a

Re: Sending access logs to the syslog server

Devatha, On 2/2/23 13:02, Devatha Naga Puneeth wrote: Apache Tomcat Version : 9.0.65 How to send the access logs of tomcat to the syslog server through log4j.xml ? I have a root logger which is pointing to a syslog appender. But I was not able to see the access logs in the syslog server and

Re: Message from a security scan

James, On 2/2/23 12:38, James H. H. Lampert wrote: That I was "shot down in flames" when I tried to get in from my Chromebook, through the hotspot on my cell phone, makes it unlikely that Tomcat is seeing a proxy IP, especially given that (as I understand it) I would have had to authorize the

Re: [External] : Re: Tomcat as a Windows Service not picking JAVA_OPTS parameter

Rajagopalan, On 2/1/23 10:22, Rajagopalan Hariharan wrote: No it is not working even after setting the same. Can you copy/paste the entire contents (with any secrets removed) of your Java Options section? After changing that, you did both "save" and re-restart the service, right? Did you

Re: Tomcat client certicate authentication

to retrieve the user-id from the certificate and determine their role by using a security product native to the platform on which Tomcat is running Hope that helps, -chris On Mon, 30 Jan 2023 at 15:41, Christopher Schultz < ch...@christopherschultz.net> wrote: Dave, On 1/30/23 04:2

Re: Tomcat client certicate authentication

chain for you, populate the user principal, etc. -chris On Sun, 29 Jan 2023 at 22:21, Christopher Schultz wrote: Dave, On 1/28/23 09:28, Dave Breeze wrote: this is Tomcat 9.0 running embedded I am trying to authorize access by client certificate. I want the servlet response to be tailored

Re: Tomcat client certicate authentication

Dave, On 1/28/23 09:28, Dave Breeze wrote: this is Tomcat 9.0 running embedded I am trying to authorize access by client certificate. I want the servlet response to be tailored to the user's role. In other words I am not looking to deny access by role. The connector has

Re: Tomcat JDBC CP: Exponential backoff?

Thomas, On 1/26/23 03:00, Thomas Meyer wrote: Am 18. Januar 2023 23:20:29 MEZ schrieb Christopher Schultz : Thomas, On 1/17/23 13:33, Thomas Meyer wrote: Does Tomcat's CP support exponential backoff in case DB is unavailable for some reason? I didn't find anything in the documentation

Re: StaticMembers within Multiple Clusters

Tim, On 1/25/23 11:26, Tim K wrote: Can you post the rest of that stack trace? Yes, here are 2 stack traces that were encountered. We basically had the cluster working for a few years. We introduced a new Valve for authentication purposes. Also, with this change we had to set a proxy in

Re: [OT] SSO Token not found with RewriteRules

On 1/24/23 08:04, Berneburg, Cris J. - US wrote: Hey Chris I always include a ROOT context so I don't get nasty errors if there is some kind of misconfiguration at the proxy, etc. It also allows rewrites to be done "outside" of "the application", etc. Out of curiosity, what do you put in

Re: Tomcat for Apple silicon coming soon?

Rob, On 1/23/23 18:27, Rob Sargent wrote: On 1/23/23 12:29, m...@cvkimball.com wrote: Dear Folks, I installed Java JDK 17 and Tomcat 10.1 on my better half's Mac Pro M1-based processor. It ran without problems! You have to admit that that is painfully close to "Works on my box". ;)

Re: AW: Password in Tomcat 9.x

Alex, On 1/19/23 13:31, a.grub...@bluewin.ch wrote: Do you know if in future apache tomcat releases, this will be possible to put a path? It would be the easiest for everyone, my opinion... I believe there are currently two ways to do with with existing Tomcat releases: 1. service binding

Re: AW: AW: AW: Password in Tomcat 9.x

Alex, On 1/21/23 08:24, a.grub...@bluewin.ch wrote: Then how do you manage the webserver certitficate in Tomcat? Where do you store the password? I would like to do it of course always without, but the architecture is like that I have. Webserver certificate.p12 Webserver certificate.p12.pwd

Re: AW: AW: Password in Tomcat 9.x

-Ursprüngliche Nachricht- Von: Christopher Schultz Gesendet: Mittwoch, 18. Januar 2023 23:30 An: users@tomcat.apache.org Betreff: Re: AW: Password in Tomcat 9.x Thomas and Alex, On 1/18/23 16:03, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello Alex, thanks for the clarification. Now I got

Re: Setting java.protocol.handler.pkgs for Tomcat

Mark, On 1/20/23 07:17, Mark Thomas wrote: On 20/01/2023 11:18, Dave Breeze wrote: Many thanks Mark for the answers - appreciated. Just to be clear I am running 9.0.71 simply by invoking startup.sh (currently testing). I am not running embedded. I am not too sure therefore about the "Call

[ANN] Apache Tomcat 8.5.85 available [CORRECTION]

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.85. [This post corrects the previous announcement on 2023-01-19 which contained the wrong version number in the subject line. Both posts refer to the same actual release from 2023-01-19.] Apache Tomcat 8 is an

Re: Tomcat for Apple silicon coming soon?

, Christopher Schultz wrote: James, On 1/18/23 20:05, James H. H. Lampert wrote: On 1/18/23 3:11 PM, Christopher Schultz wrote: Tomcat is pure-Java (okay, except for tcnative, which you evidently don't need) and therefore should run on either x86-84 Java via Rosetta 2 or aarch64 Java natively

[ANN] Apache Tomcat 8.5.84 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.85. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.85 is a bugfix and

Re: Tomcat for Apple silicon coming soon?

James, On 1/18/23 20:05, James H. H. Lampert wrote: On 1/18/23 3:11 PM, Christopher Schultz wrote: Tomcat is pure-Java (okay, except for tcnative, which you evidently don't need) and therefore should run on either x86-84 Java via Rosetta 2 or aarch64 Java natively. You do not need any special

Re: Tomcat for Apple silicon coming soon?

Chris, Bringing this back on-list. Please reply to the list and not to individual members. (See below...) On 1/18/23 06:47, m...@cvkimball.com wrote: I have no idea what tcnative is and how to rebuild it. Christopher Schultz, are you saying I must rebuild tcnative to run Tomcat on AArm64

Re: AW: Password in Tomcat 9.x

Thomas and Alex, On 1/18/23 16:03, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello Alex, thanks for the clarification. Now I got the topic. I don't think that you can use a path there. The options I have in mind are: - Use properties:

Re: [OT] SSO Token not found with RewriteRules

Jerry, On 1/17/23 13:30, Jerry Malcolm wrote: In my philosophy for years (possibly not the best philosophy...), the root was for primarily static stuff.  And any JSPs that might need to be in root were sent to other non-root contexts via a rewrite.  I've been moving away from that philosophy

Re: Tomcat JDBC CP: Exponential backoff?

Thomas, On 1/17/23 13:33, Thomas Meyer wrote: Does Tomcat's CP support exponential backoff in case DB is unavailable for some reason? I didn't find anything in the documentation in this regards. I don't think is supports any such thing. What would be the purpose of exponential back-off...

Re: StaticMembers within Multiple Clusters

Tim, On 1/15/23 12:26, Tim K wrote: I hate to bring back my original thread and I am probably not doing this correctly, but I've been seeing this message occur on my cluster. My tomcat is now at 9.0.70. Possibly there was a breaking change since I first started using the cluster?

Re: How-To apply Tomcat patch

Linwood, On 1/17/23 09:03, Linwood Doty wrote: We have Apache Tomcat 9.0.65 and need to apply .70 patch . 1. Is it necessary to uninstall current Tomcat installation and reinstall with latest target patch - or is there a way to just apply the patch ? environment Windows 2012, Tomcat is used

Re: Tomcat for Apple silicon coming soon?

Mark, On 1/17/23 09:12, Mark Thomas wrote: On 17/01/2023 14:08, Christopher Schultz wrote: Chris and Robert, On 1/16/23 17:08, Mark Thomas wrote: On 16/01/2023 20:40, Robert Turner wrote: You can run an aarm64 version of the Java runtime (various distributions exist) and run Tomcat

Re: Query: HSTS | Tomcat 9.0.50

Deepti, On 1/16/23 23:00, Deepti Sharma S wrote: 1. There is no reverse proxy in between tomcat and UA in my use case. 2. In Tomcat/conf/server.xml I have below connector settings : When I configure HSTS in Tomcat/conf/web.xml and try to access website via HTTPS https://[domain]:8443,

Re: Tomcat for Apple silicon coming soon?

Chris and Robert, On 1/16/23 17:08, Mark Thomas wrote: On 16/01/2023 20:40, Robert Turner wrote: You can run an aarm64 version of the Java runtime (various distributions exist) and run Tomcat on that -- it works well. No specific version of Tomcat is required as it a Java package. +1 I've

Re: Servlet Deployment Issues

. The subject was "Tomcat 10.1.4 HTTP Status 404 and 500 Help". Some of your questions have already been answered. -chris On Friday, January 13, 2023, 8:23 AM, Christopher Schultz wrote: Anthony, On 1/12/23 18:18, Anthony Dell'Anno wrote: Good evening everyone, I am just starting out

Re: Servlet Deployment Issues

Anthony, On 1/12/23 18:18, Anthony Dell'Anno wrote: Good evening everyone, I am just starting out with Java servlets in Tomcat 10.1.4. I’m learning them using a book written in 2010, of which I don’t remember the authors’ names. Just FYI, a book written in 2010 will be using the Java EE or

Re: Question about Redisson

Doug, On 1/12/23 15:51, Doug Whitfield wrote: Also, Chris's suggesiton to look at org.apache.catalina.connector.RECYCLE_FACADES is a good first step. Note that the value you need for that may not be what you expect. It needs to be "true" whereas I read the name and think it should be "false"

Re: Is it possible to add hsts header over http response ?

Shawn, On 1/12/23 20:48, Shawn Heisey wrote: On 1/12/23 01:34, Mark Thomas wrote: On 12/01/2023 08:26, Hiran CHAUDHURI wrote: In that case the Connector would need to be configured with secure="true" to work correctly/securely and the HttpHeaderSecurityFilter would add the HSTS header if

Re: Tomcat is not Coming Up

Prabu, Please don't hijack threads. Start a new thread instead of replying to an old message. Your question will get better visibility that way. Keep reading. On 1/11/23 10:19, Ganesan, Prabu wrote: Our Production Server Was Down, We have not Done any changes on this tomcat Level But we

Re: Tomcat 10.1.4 HTTP Status 404 and 500 Help

Anthony, On 1/10/23 13:58, Anthony Dell'Anno wrote: I'm trying to run my first servlet on Tomcat Welcome! and am continually getting an HTTP Status 404 (I've also gotten 500 previously, with the root cause being an apparent compiler mismatch (it would say that it's being compiled by version

Re: Basic SSL Certificate Usage logging

pe\":\"RSA\", ... }" } Isn't this what logstash is for? -chris -Original Message- From: Christopher Schultz Sent: Tuesday, January 10, 2023 7:52 AM To: users@tomcat.apache.org Subject: Re: Basic SSL Certificate Usage logging Jon, On 1/9/23 18:17, jonmcalexan...@w

Re: Possibilities for fetching config information from Kubernetes

Mark, Rémy, On 1/10/23 09:58, Rémy Maucherat wrote: On Tue, Jan 10, 2023 at 3:11 PM Christopher Schultz wrote: Mark, On 1/10/23 03:22, Mark Thomas wrote: On 09/01/2023 22:17, Christopher Schultz wrote: All, I'm aware that there is a k8s manager for clustering (CloudMembershipService

Re: Basic SSL Certificate Usage logging

Mark, On 1/10/23 09:22, Mark Thomas wrote: On 10/01/2023 13:52, Christopher Schultz wrote: Jon, On 1/9/23 18:17, jonmcalexan...@wellsfargo.com.INVALID wrote: Yes Chris, It's just for during startup. For a particular instance I would like to capture the Certificate Info and Truststore being

Re: Possibilities for fetching config information from Kubernetes

Mark, On 1/10/23 03:22, Mark Thomas wrote: On 09/01/2023 22:17, Christopher Schultz wrote: All, I'm aware that there is a k8s manager for clustering (CloudMembershipService) but I was wondering if / how that could be extended in order to provide any other types of automated configuration

Re: Basic SSL Certificate Usage logging

information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Christopher Schultz Sent: Monday, January 9, 2023 8:10 AM To: users@tomcat.apache.org

Re: Question about Redisson

Doug, On 1/9/23 15:48, Doug Whitfield wrote: Interesting. I’m not on the marketing team. What comments are you talking about? I can certainly try to get them removed. I think he's talking about this: "Don’t let your team waste another minute wading through outdated forums or online

Possibilities for fetching config information from Kubernetes

All, I'm aware that there is a k8s manager for clustering (CloudMembershipService) but I was wondering if / how that could be extended in order to provide any other types of automated configuration information for a Tomcat installation. For example, I'd love to be able to deploy a Tomcat

Re: Apache Tomcat 10.0.27 - UML sequence diagram of the authentication process

Alexander, On 1/9/23 07:21, Alexander Ghyoot wrote: For my thesis, I'm looking into access control in open-source software and am curious how the authentication process works in the Apache Tomcat (10.0.27) architecture. However, the documentation on this seems incomplete. The PNG is a

Re: Problems with requests without trailing slash Tomcat 9.0.65

anent redirect". But you need to remove the mangling of that URL or you will fight against it for years. -chris Вторник, 27 декабря 2022, 22:06 +03:00 от Christopher Schultz : Fedor, On 12/27/22 05:55, Fedor Makarov wrote: proxy for local environment we use the js conf:

Re: Basic SSL Certificate Usage logging

al Message----- From: Christopher Schultz Sent: Friday, January 6, 2023 2:41 PM To: users@tomcat.apache.org Subject: Re: Basic SSL Certificate Usage logging Mark, On 1/6/23 15:00, Mark Thomas wrote: Hi Jon, In a word, no. Sorry. Some sort of info log message probably makes sense for th

Re: Basic SSL Certificate Usage logging

Mark, On 1/6/23 15:00, Mark Thomas wrote: Hi Jon, In a word, no. Sorry. Some sort of info log message probably makes sense for this. SNI makes things a little more complicated but we should be able to do something. What is the minimum info you'd like to see? How about adding a request

Re: Tomcat 10 and Java versions

Evan, On 1/6/23 15:08, Evan Rempel wrote: This must have been covered in a previous discussion but I could not find it. Everything I read about Tomcat 10.1 say it has moved to Jakarta EE, but I also read that Tomcat 10.1 runs on/requires "Java 11+". This does not make sense to me so I have

Re: how to block bad request?

Mark, Jason, On 1/4/23 09:07, Mark Thomas wrote: On 04/01/2023 04:09, Jason Wee wrote: Hi, Happy new year everyone. Background of my production setup. Using tomcat 10 and in linux environment, using the following accesslog valve %a %{X-Forwarded-For}i %h %l %u %t '%r' %s %b '%{Referer}i'

Re: Invalid Keystore format error on Tomcat

e error? -chris From: Christopher Schultz Sent: Friday, December 30, 2022 8:39 PM To: Tomcat Users List Subject: Re: Invalid Keystore format error on Tomcat Veni, On 12/30/22 00: 47, Janardhanan, Veni wrote: > This is the output from C: > keytool -list -keystore > C: \SSL\certnew_pfx. p

Re: Query

Devatha, On 12/31/22 14:13, Devatha Naga Puneeth wrote: How to disable the appending of trailing slash when client requests for the application root context ? I'm curious, why is this a problem for you? Apache Tomcat Version : 9.0.65 I have a sample folder in the webapps. When I access

Re: Jakarta for Beginners

Amn, On 12/30/22 20:39, Amn Ojee Uw wrote: Before going any further, I have never program a Enterprise Web Page. I know a little of  HTML and enough of Java and JavaScript and C++ to find my way around, but I am not expert either. Having said that, I would like to get my toes wet in the

Re: Invalid Keystore format error on Tomcat

5:09:9B:67:36:2A:7A:CB SHA256: 01:B8:6D:AA:FB:78:A8:6F:88:D7:FE:21:15:D6:7D:CF:F5:E3:F5:39:FA:37:A7:D8:BC:79:E2:08:5E:B9:33:DF Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC (secp256r1) key > Am fine with the email based support. ;) -chris *From:*

Re: Invalid Keystore format error on Tomcat

ail-based support for free, at my convenience. If you want me to help you and your team debug something in real-time, I can bill you for my time. -chris From: Christopher Schultz Sent: Wednesday, December 28, 2022 12:49 AM To: users@tomcat.apache.org Subject: Re: Invalid Keystore format er

Re: Invalid Keystore format error on Tomcat

Veni, On 12/23/22 12:16, Janardhanan, Veni wrote: Hi, I’ve a self-signed certificate installed on Tomcat 9 which works fine. This is a Crystal Server SAP BO BI 4.3 box. To make it secure I installed our CA signed certificate. After a restart I brought Tomcat up, the logs show ‘Invalid

Re: Invalid Keystore format error on Tomcat

Veni, On 12/23/22 12:16, Janardhanan, Veni wrote: I’ve a self-signed certificate installed on Tomcat 9 which works fine. This is a Crystal Server SAP BO BI 4.3 box. To make it secure I installed our CA signed certificate. After a restart I brought Tomcat up, the logs show ‘Invalid Keystore

Re: Problems with requests without trailing slash Tomcat 9.0.65

Fedor, On 12/27/22 05:55, Fedor Makarov wrote: proxy for local environment we use the js conf: proxy: {     '/api/': {       target: 'http://localhost:8080/',       changeOrigin: false,     },     '/': {       target: 'http://localhost:8080/lundase',       changeOrigin: false     }  

Re: apache-tomcat-9.0.70 >> JNDI look up fails in a different thread context class loader !!

Dineshk, On 12/12/22 08:30, dineshk wrote: I don't think we should suspect the custom class loader here as its very old code and works fine across all application servers e.g. IBM WebSphere and JBoss EAP 7.X. The custom class loader  is required as our java classes are part of the Database

Re: Mod_JK vs Mod_Proxy

-Original Message- From: Christopher Schultz Sent: Wednesday, December 7, 2022 4:54 PM To: Tomcat Users List ; jonmcalexan...@wellsfargo.com.INVALID Subject: Re: Mod_JK vs Mod_Proxy Jon, On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: What, pray tell, is an encrypted AJP

Re: Mod_JK vs Mod_Proxy

Jon, On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: What, pray tell, is an encrypted AJP connection? Are you talking AJP over an SSH Tunnel (Stunnel)? Exactly. It's absolutely cheating, but it achieves the goal :) -chris -Original Message- From: Christopher Schultz

Re: Mod_JK vs Mod_Proxy

Jon, On 12/6/22 12:36, jonmcalexan...@wellsfargo.com.INVALID wrote: IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not

Re: Mod_JK vs Mod_Proxy

Mark, On 12/6/22 08:48, Mark H. Wood wrote: On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote: On 12/5/22 15:03, Cathy Spears wrote: Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned

Re: Mod_JK vs Mod_Proxy

Cathy, On 12/5/22 15:03, Cathy Spears wrote: Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned end of life for mod_jk or will it continue to be supported for now? Hopefully this will be helpful:

Re: [Tomcat9][Linux]listening all local addresses by default is not security best practice

Shawn, On 11/23/22 16:19, Shawn Heisey wrote: On 11/23/22 12:43, Robert Turner wrote: My 2 cents: I think that it would be a very strange change to make to a generic product and a "sample" configuration file. If Tomcat was packaged in a distribution, that might be a more reasonable

Re: listening all local addresses by default is not security best practice

To whom it may concern, On 11/23/22 14:31, tommydu1...@outlook.com wrote: Hi there, Product: > > [snip] The default behaviour of http connector is listenning all interfaces. False. It is found in the description of "address" in

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

:) -chris -Original Message----- From: Christopher Schultz Sent: Friday, November 18, 2022 14:37 To: users@tomcat.apache.org Subject: Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade Joey, On 11/17/22 10:52, Joey Cochran wrote: You might still have a

[ANN] Apache Tomcat 8.5.84 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.84. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.84 is a bugfix and

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

Message- From: Christopher Schultz Sent: Tuesday, November 15, 2022 21:50 To: users@tomcat.apache.org Subject: Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade Angela, On 11/14/22 11:56, Cantor, Angela T. wrote: We just upgraded OpenJDK from 17.0.4.0.8-2.el8_6

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

Angela, On 11/16/22 20:31, Cantor, Angela T. wrote: And one thing I forgot - yes Chris, could you please provide the code you mentioned in case that is the issue? Sure: import java.security.Provider; import java.security.Security; import java.util.*; /** * A crude class for displaying all

<    1   2   3   4   5   6   7   8   9   10   >