Re: [OT] issues with Tomcat to Siteminder communication post mod-proxy setup

Jon, On 7/8/22 16:48, jonmcalexan...@wellsfargo.com.INVALID wrote: Chris, Moving this discussion to here. Yes, it appears that I broke something when setting up the Tomcat Connector for the mod-proxy that is now affecting, somehow, the SSL communication with the Site Minder services. Here is

Re: Package TOMCAT 9.0.54 for Ubuntu 20.04

This was not flagged as a security bug. You originally asked about security bugs, but this one is not listed as a security fix. So it's unlikely to have been back-ported to the Ubuntu repository. -chris -Original Message----- From: Christopher Schultz Sent: Friday, July 8, 20

Re: Secondary Authentication method for application

Tim, On 7/12/22 10:09, Tim K wrote: Hello, I currently have a custom realm in Tomcat 9 that uses form authentication (j_username/j_password POST to j_security_check). I'm looking to create a secondary way to establish an authenticated session. I want to allow trusted sources to be able to POST

Re: [OT] issues with Tomcat to Siteminder communication post mod-proxy setup

he addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message-

Re: *** Payara, GlassFish or Tomcat ***

Amn, On 7/12/22 17:59, Amn wrote: Nu-B here. Reading about Payara, GlassFish and Tomcat, I feel confused as to which would be the best server to learn about when learning Jakarta EE. I would use whichever you can download, install, and launch with the least hassle. For Tomcat, that's just:

Re: SSL configuration for Tomcat 9

Vince, On 7/15/22 19:56, Vince Stewart wrote: My system uses embedded Tomcat to connect to a HttpServlet instance. I have just uprgraded from Tomcat 8.0.2 to 9.0.64 I am implementing SSL for the first time. I created a keystore with no alias. Keytool gave it the alias "mykey". (2nd entry below)

Re: QID 38863 - Cryptographically Weak Key Exchange Size

Saicharan, On 7/18/22 10:45, saicharan.bu...@wellsfargo.com.INVALID wrote: Hi All, A new vulnerability has surfaced regarding TLS and Key Exchange agreement (more specifically the key size.) "The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended. Key ex

Re: Need remedy for the Vulnabilities

Koustav, On 7/19/22 05:49, Naha, Koustav wrote: We have the below vulnerability in recent scan, mentioned below. Environment details: Apache - 2.4.25 version Tomcat - 8.5.5 version Can anyone take a look at the CVEs associated with the scan findings and see if there are workarounds, rath

Re: AW: Publishing Tomcat webapp

Thomas, On 7/17/22 03:07, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello, -Ursprüngliche Nachricht- Von: Aryeh Friedman Gesendet: Sonntag, 17. Juli 2022 08:43 An: Tomcat Users List Betreff: Re: Publishing Tomcat webapp On Sun, Jul 17, 2022 at 2:39 AM Aryeh Friedman wrote: Once yo

Re: Publishing Tomcat webapp

Aryeh, On 7/18/22 09:08, Aryeh Friedman wrote: Here are the steps to installing a SSL cert (it varies slightly based on who your certificate authority [CA] is): Generate a CSR Stop. The OP already has a key, cert, and chain. None of this is necessary. [..] with keytool (it must be key tool

Re: *** Payara, GlassFish or Tomcat ***

Zdenek, On 7/21/22 04:39, Zdeněk Henek wrote: Amn, Our application is tested with Weblogic and Tomcat. I was asked to port our application to any free application server or web container. I picked Tomcat 5.5, now we are on Tomcat 9. I have to say maintaining our app and its installer for Tomcat

Re: AW: Publishing Tomcat webapp

but I want to do the encryption and be able to have https access to my Tomcat. What should I do next? Tell us what you did with the files you have above. -chris čet, 21. srp 2022. u 14:25 Thomas Hoffmann (Speed4Trade GmbH) napisao je: -Ursprüngliche Nachricht----- Von: Christoph

Re: Apache Tomcat 8.5.82 Release Date

Wai Siang, On 7/26/22 00:13, Wai Siang, Chu wrote: Based on the previous email reply, may we have an update regarding the estimated release date for the *Apache Tomcat 8.5.82* ? I expect to begin the release process around 1 August (6 days from today). Please note that upgrading to Tomcat 8.5

Re: Apache Tomcat 8.5.82 Release Date

To whom it may concern, On 8/2/22 01:28, Wai Siang, Chu wrote: Dear Apache Tomcat Team, Based on the previous email reply, may we have an update regarding the estimated release date for the *Apache Tomcat 8.5.82* ? I can accept payments via Venmo if you want to accelerate the release-date of

Re: Tomcat is Automatically Getting Stopped Frequently

Prasenjit, On 8/3/22 03:19, Prasenjit Dey wrote: Tomcat Version: 8.5.81.0 Operating System: Ubuntu 20.04 LTS RAM: 8gb Java Version: 1.8.0_312 Architecture: 64Bit Hi, I am facing a problem regarding our application hosted in Tomcat. Our infrastructure is on Azure Cloud. We have hosted our appl

Re: Tomcat is Automatically Getting Stopped Frequently

Prasenjit, On 8/3/22 11:43, Prasenjit Dey wrote: Can you please tell us which OS logs in Ubuntu I need to check. I am new to this. Please help! Look at CATALINA_BASE/logs/catalina.out and /var/log/messages. You may have to check other /var/log/* files, as each Linux distro tends to put certa

Re: Error during startup

Han, On 8/4/22 00:49, Han Li wrote: Hi Mohan, You can open CATALINA_BASE/conf/catalina.policy file, add following statement within “grant” section: permission java.lang.RuntimePermission "getenv.*"; While this will likely fix the "problem", it may not be the best solution. The OP is runn

Re: Error during startup

Joey, On 8/8/22 09:21, Joey Cochran wrote: Make sure /bin/tomcat-juli.jar is set to 755 (chmod 755 tomcat-juli.jar) Nonsense. This would never cause a permissions problem as described by the OP. Also: 7 = owner read+write+execute 5 = group read+execute 5 = other read+execute NOBODY needs e

Re: End user files uploaded to sftp getting stored in tomcat root directory

Farash, On 8/9/22 04:55, Farash Ahamad wrote: Just to add, the file is getting uploaded to SFTP server, but there is an exact copy in tomcat server as well. Can you give more details? Is a human user pushing via sftp to your Tomcat server? Or is your Tomcat-deployed application pushing via sf

Re: End user files uploaded to sftp getting stored in tomcat root directory

locally) 4. Maybe you don't even need to store the file locally. Does your sftp client library allow you to stream files directly to the remote server? It would be better to never write the file bytes onto the Tomcat server in the first place. Hope that helps, -chris On Tue, Aug 9, 20

Re: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have sslProtocol="TLSv1.2"

James, On 8/10/22 11:57, James H. H. Lampert wrote: Interesting. The new "protocols" parameter. Does this work with the traditional syntax? Can "protocols" and "sslProtocol" coexist in the same Connector? It's pretty important here to specify your Tomcat version number(s). I see you have th

Re: Simple SSL question

Jon, On 8/11/22 11:22, jonmcalexan...@wellsfargo.com.INVALID wrote: Is there a "name" for the new connector style? The old is known as the Coyote Connector. Coyote is just the name of the connector itself, for whatever reason. Both the new and old-style configuration is using the same connector

Re: .deb file to Tomcat 9.0.33

Rhea, On 8/11/22 11:47, Rhea Moubarak wrote: Where can i find the .deb file to tomcat 9.0.33? Probably in a Debian repository? Or Ubuntu? The Apache Tomcat project doesn't formally deal with package-manager-specific artifacts such as .deb files, though there are members of this community wh

Re: Issue with catalina.out not being generated (RHEL 7.9, tomcat 9.0.63)

Paul, On 8/11/22 12:09, Paul Chauvet wrote: Hello all, I haven't been able to figure this out - but a catalina.out file is not being generated for me. Sadly - I'm trying to troubleshoot an issue (with a vendor's saml implementation) which wants to write to that file (and doesn't seem to be w

Re: Tomcat 8 releases - where to get correct key

Petr, Please don't email committers directly. I'm replying to the Tomcat users' mailing list with my response, as it's useful information for everyone. On 8/11/22 09:23, Petr Sumbera wrote: I have a problem where to get correct key for previous version. Can you please advice where to get co

Re: Simple SSL question

ot;the way you do it". So the "new" way is The Way and the old way is ... the Old Way. Use SSLHostConfig. I'm sure you'll sleep better at night after you've switched. -chris -Original Message- From: Christopher Schultz Sent: Thursday, August 11, 2022

Re: Issue with catalina.out not being generated (RHEL 7.9, tomcat 9.0.63)

Paul, On 8/11/22 13:03, Paul Chauvet wrote: Hi Noelette, Thanks for the reponse! It logs to catalina--MM-DD.log, localhost.YY-MM-DD.log, localhost_access_log.-MM-DD.txt - but it doesn't use catalina.out. When I temporarily started Tomcat via startup.sh it did create catalina.out (an

Re: Simple SSL question

Peter, On 8/11/22 17:00, Peter Kreuser wrote: I have tried all the fancy new cert options and they are cool. And I do agree that it's more readable. What would be useful would be one sample how to transfer a simple "old" config to SSLHostConfig. Let's see if a PNG attachment makes it to the

[ANN] Apache Tomcat 8.5.82 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.82. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.82 is a bugfix and fea

Re: Tomcat 9.0.65 Clustering in Azure Kubernetes Service (AKS)

All, If you are havig issues with the CloudMembershipService, I would highly recommend that you continue to have this discussion. The original author (remm) was mostly targeting OpenShift (he works for RedHat, so it's not a surprise) but it doesn't mean that its support cannot expand to incl

Re: Tomcat Native and macOS 10.15.7

Thad, On 8/23/22 10:49, Thad Humphries wrote: On Tue, Aug 23, 2022 at 10:18 AM Mark Thomas wrote: On 23/08/2022 14:12, Thad Humphries wrote: I'm trying to understand a problem I'm having with Tomcat Native since moving from 1.2.x to 2.0. For several years I have been running Tomcat 9.0.12 i

Unexpected double-slash in javax.servlet.forward.request_uri

All, I haven't tried narrowing this down very much yet, but I have a situation where I'm using javax.servlet.forward.request_uri to build a URI and the string I'm pulling from there starts with TWO / characters instead of one. This ends up breaking navigation because the browser interprets t

Re: AW: Unexpected double-slash in javax.servlet.forward.request_uri

__________ Von: Christopher Schultz Gesendet: Mittwoch, 24. August 2022 20:15:25 An: Tomcat Users List Betreff: Unexpected double-slash in javax.servlet.forward.request_uri All, I haven't tried narrowing this down very much yet, but I have a situation where I'm using javax.servle

Re: PGP key missing for 9.0.65

Arno, On 8/26/22 08:50, Arno Hautala wrote: I’m trying to verify the PGP signatures for the 9.0.65 release, but the public key is missing from the KEYS.txt file and it isn’t available on any keyservers that I’ve checked. Can someone point me in the right direction or update the KEYS.txt? Tha

Re: PGP key missing for 9.0.65

Arno, On 8/28/22 22:38, Arno Hautala wrote: You aren't using the KEYS file in the above command. gpg works with keyrings, and you have to import then use it: # Import $ gpg --import --no-default-keyring --primary-keyring apache-9.0-keys < KEYS # Verify against the custom key ring $ gpg --keyri

Re: How to check no of user request coming in tomcat application in a minute

Koustav, On 9/8/22 10:06, Naha, Koustav wrote: Just want to know how can we calculate the number of user request processed by tomcat in a particular minute. Do you want to be able to pick an arbitrary minute, or are you more interested in e.g. "the most recent minute or activity"? Can we

Re: Get more debug information?

Hua, On 9/8/22 10:30, Hua Zhang wrote: Hi Tomcat, I have a question about how to get more debug information in a tomcat log file. Sometimes my websites, which run on tomcat 9.0.43, suddenly all went down without a good reason. You might want to consider an upgrade. That version of Tomcat is 1

Re: How to check no of user request coming in tomcat application in a minute

l) and then use some text-processing tools to collate the information. -chris -Original Message- From: Christopher Schultz Sent: 08 September 2022 20:04 To: users@tomcat.apache.org Subject: Re: How to check no of user request coming in tomcat application in a minute Koustav, On 9/8/

Re: Unexpected double-slash in javax.servlet.forward.request_uri

All, On 8/24/22 14:15, Christopher Schultz wrote: I haven't tried narrowing this down very much yet, but I have a situation where I'm using javax.servlet.forward.request_uri to build a URI and the string I'm pulling from there starts with TWO / characters instead of one.

Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5

Rakesh, On 9/17/22 23:02, rakesh meka wrote: Currently of the application is deplye Don the tomcat 8.5 uses LDAP protocol for AD authentication of sap users. I need to change the LDAP to LDAPS. So I installed domain certificate using keytool. But when i change the port number to 636 I see an err

Re: tomcats starting with 200 threads

Jon, On 9/19/22 10:46, Jonathan Yom-Tov wrote: Sometimes one of our production Tomcats will start with the maximum (200) number of threads in the https pool. That is, it doesn't start with some minimum and works its way up to the maximum, it immediately starts with the maximum. There's no reason

Re: tomcats starting with 200 threads

: On Mon, Sep 19, 2022 at 7:45 PM Christopher Schultz < ch...@christopherschultz.net> wrote: Jon, On 9/19/22 10:46, Jonathan Yom-Tov wrote: Sometimes one of our production Tomcats will start with the maximum (200) number of threads

Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5

Rakesh, On 9/20/22 17:56, rakesh meka wrote: I will just ask the my AD team to provide the CA certificate which is already installed on the AD domain controller and then place it in client (tomcat web server) trust store if it is not official. If you post your configuration, we may be able t

Re: [OT] which missing file prevents tomcat 10 from starting as windows service ?

Chuck lives! On 9/21/22 08:58, Chuck Caldarale wrote: [2022-09-19 13:09:07] [debug] ( javajni.c:817 ) [ 7652] JVM Option[12] -Djava.class.path=c:\Dematic\apache-tomcat-10.0.23\bin\bootstrap.jar;c:\Dematic\apache-tomcat-10.0.23\bin\tomcat-juli.jar [2022-09-19 13:09:07] [debug] ( javajni.c:817 )

Re: Tomcat 8.5.8x patch upgrade failing

Doug, On 9/23/22 11:20 AM, Cannatella, Douglas wrote: We are currently using Tomcat 8.5.53 and tried to upgrade patch 8.5.81 & 8.5.82 using Ivanti Patch tool. Did it work? Our project is using OpenJDK version: 1.8.0_242, Microsoft Framework 4.0.0 running TR/ OneSource Indirect Tax Determinati

Re: certificate re-loading for apache tomcat without the apache restart

Raghavendran, On 9/26/22 7:43 AM, Ragavendhiran Bhiman (rabhiman) wrote: Is there any way to reload new certificates as well with restarting the tomcat services? Yes, but you will have to use JMX to essentially re-configure the connector, and then reload/restart it. The mail below explain

Re: MaxRequestWorkers error

Koustav, On 9/27/22 11:09, Naha, Koustav wrote: We have Tomcat and Apache installed in our production environment since 5/6 years. Everything was going fine until we started getting application not responding status from users, upon checking we found out that there was a MaxRequest error as be

Re: Install CA signed certificate on Tomcat 9

Veni, On 9/29/22 13:21, Janardhanan, Veni wrote: Hi, My Tomcat version is 9. I am trying to install a CA signed certificate on Tomcat, tomcat error log says Invalid Keystore format. Followed instructions given in https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Installing_a_Certificate

Re: Context Name replacement variable for conf/context.xml

Kok Hoor, On 10/1/22 10:20, Chew Kok Hoor wrote: I would like to configure $CATALINA_BASE/conf/context.xml to set up a Manager Don't do this. but would like to add the context name as one of the parameters to the manager (keyPrefix). It's much easier to copy webapps/manager/META-INF/cont

Re: Tomcat Redirect Port 80 to 443 and Block OPTIONS HTTP Method

Bhavesh, On 10/10/22 22:05, Bhavesh Mistry wrote: I figured out the issue by default *mapperContextRootRedirectEnabled is true* hence it was redirecting it. By setting it false, I was able to get controller to filter. At the risk of complicating things, if I were you I would handle this com

Re: Install CA signed certificate on Tomcat 9

Veni, On 9/30/22 09:20, Janardhanan, Veni wrote: C:\>"C:\Program Files\RedHat\java-11-openjdk-11.0.13-1\bin\keytool" -list -keystore C:\SSL\myserver.keystore Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries tomcat, Sep 8, 2022, PrivateKeyEntr

Re: Error during rollback

Mohan, On 10/12/22 03:50, Mohan T wrote: We are using tomcat apache-tomcat- 9.0.65.0 on Red Hat Enterprise Linux release 8.6 (Ootpa) We are hitting the below error and transaction is not getting rolled back. java.sql.SQLException: PooledConnection has already been closed. at org.apache

Re: DB2 database locks

Priyanka, Before I respond further, database lock problems are almost certainly not being caused by Tomcat itself. It's far more likely that the application(s) deployed on Tomcat are responsible for the problem. Please see below for additional comments. On 10/18/22 14:55, Kumawat, Priyanka w

Re: DB2 database locks

Priyanka, On 10/20/22 13:15, Kumawat, Priyanka wrote: Thankyou muck for the explanation for this !!! we have got from below mail that it is likely to be an application coding issue and they needs to fix or use commit etc for long running transactions . The one steps that you have given below to

Re: Using Nashorn in Apache Tomcat

Simon, On 10/20/22 08:13, Simon Besenbäck wrote: Am So., 2. Okt. 2022 um 12:34 Uhr schrieb Simon Besenbäck < simon.besenba...@gmail.com>: Hi! I am using Apache 10.0.23 on Windows 10. I want to use Nashorn for developing JSP's within the Eclipse IDE. Therefore I use OpenJDK 19 and added the ja

Re: BIO connector vs NIO connector

Mark and Terry, On 10/20/22 06:35, Mark Thomas wrote: On 20/10/2022 10:33, Terry ST SY/OGCIO wrote: Hi , Check on the major changes on Tomcat 7 to Tomcat 9. (One of the major change we initially spotted is the BIO connector used in Tomcat 7 for connector setup was removed in Tomcat 9: https

Re: DB2 database locks

y and get them fixed quickly. Hope that helps, -chris -Original Message- From: Christopher Schultz Sent: 21 October 2022 00:50 To: Kumawat, Priyanka ; Tomcat Users List Subject: Re: DB2 database locks Priyanka, On 10/20/22 13:15, Kumawat, Priyanka wrote: Thankyou muck for the explanat

Re: [OT] DB2 database locks

Simon, On 10/21/22 15:12, Simon Matter wrote: Hi, Hello Christopher, Thankyou ! Seems we are not using the connection pooling from Tomcat side , below are the DB configuration parameters on context.xml file, do not see any connection pool details here. Don't forget to change this passwor

Re: Apache Tomcat started, but error 404

Darious, On 10/24/22 02:50, Strib wrote: Hello and thank you, The error message reads as follows: 'org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/APPWARFILE]]' There are two app files trying to start, and both

Re: Apache Tomcat started, but error 404

Darious, On 10/24/22 04:10, Strib wrote: Due to the security echelon of the network, I can not send the entire stacktrace. However, I can say that it also states the web app archives are not starting. (IllegalStateException: Error starting child). Prominent "caused by" lines state bean creation

Re: Compatibility, 32 bit ..

John, On 10/24/22 12:00, John Dale (DB2DOM) wrote: Hi Mark; Tomcat version: 10.0.27 (unzipped, chmod 770 on catalina.sh before cli: catalina.sh run) java version: openjdk version "9-internal" This looks fishy. Version "9-internal"? Is that a real version? How about you post the result of: $

Re: [OT] Compatibility, 32 bit ..

Shawn, On 10/26/22 00:14, Shawn Heisey wrote: The Linux kernel dropped support for 386 and 486 CPUs some time ago. I was reading about this today, actually. Linux is currently actively advocating for dropping 486 support, so it must still be in there. -chris ---

Re: [OT] Compatibility, 32 bit ..

of all of our favorite software if needed. Great. I'm sure the transactions will only take a couple of seconds to commit. No problem ;) -chris On 10/26/22, Christopher Schultz wrote: Shawn, On 10/26/22 00:14, Shawn Heisey wrote: The Linux kernel dropped support for 386 and 486 CPUs s

Re: Compatibility, 32 bit ..

John, On 10/28/22 10:46, John Dale (DB2DOM) wrote: I see .. Mark and/or Christopher - this means that no Tomcat 10, right? https://tomcat.apache.org/whichversion.html Tomcat 10.0, yes. Tomcat 10.1, no. Tomcat 10.0 has been superseded and will not get any further updates, thus you should not

Re: [SECURITY][UPDATE] CVE-2022-42252 Apache Tomcat - Request Smuggling

All, There is a typo in this announcement. The affected versions of Tomcat8.5 are 8.5.0 to 8.0.82, not 8.5.52. Thanks, -chris On 10/31/22 12:46, Mark Thomas wrote: CVE-2022-42252 Apache Tomcat - Request Smuggling Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apach

Re: Partial commit (Transaction rollback )

Mohan, On 10/31/22 08:37, Mohan T wrote: The same piece of code works in tomcat 8.5. with JDK 8 and Oracle DB 12C. Where is the commit occurring? Where is the rollback occurring? Stack traces for both? -chris -Original Message- From: Rob Sargent Sent: 31 October 2022 18:05 To: u

Re: [OT] Compatibility, 32 bit ..

f most graduating high-school seniors. If you are bemoaning the Linux kernel dropping support for i486, you might want to read about /why/ they are doing it. -chris On 11/2/22, Christopher Schultz wrote: John, On 10/27/22 11:03, John Dale (DB2DOM) wrote: Does anyone know of a report de

Re: Compatibility, 32 bit ..

of us were there ;) -chris On 11/2/22, Christopher Schultz wrote: John, On 10/28/22 10:46, John Dale (DB2DOM) wrote: I see .. Mark and/or Christopher - this means that no Tomcat 10, right? https://tomcat.apache.org/whichversion.html Tomcat 10.0, yes. Tomcat 10.1, no. Tomcat 10.0 has

Re: AW: setenv.sh not loaded

Johann, On 11/2/22 14:02, aon.913111...@aon.at wrote: I have installed a Tomcat 9.0.68 now on a CentOS vm, following actual recommendations how to do this on CentOS (means on RHEL as well). Following command, find / -name catalina.sh normally will be able to locate that core Tomcat shell scr

Re: [OT] Compatibility, 32 bit ..

John, On 11/2/22 14:28, John Dale (DB2DOM) wrote: On 11/2/22, Christopher Schultz wrote: If you are bemoaning the Linux kernel dropping support for i486, you might want to read about /why/ they are doing it. Honestly I'm not much of a bomoaner. I am pretty conservative when it com

Re: Compatibility, 32 bit ..

John, On 11/2/22 14:32, John Dale (DB2DOM) wrote: On 11/2/22, Christopher Schultz wrote: John, On 11/2/22 12:44, John Dale (DB2DOM) wrote: I'd like to continue to invest in Raspberry Pi, but also try to put together a functional 32bit build of my software for those poor old negl

Re: AW: TLS configuration TLS for JMX port

Markus, On 11/4/22 06:04, Bärtschi, Markus-MGB wrote: On 04/11/2022 08:06, Bärtschi, Markus-MGB wrote: How can I configure TSL for my JMX port without the keystore information showing up on the command line ? Don't use passwords. Rely on operating system file permissions to limit access to

Re: JNDI resourse name value

Rob, On 11/7/22 14:09, Rob Sargent wrote: Are there any semantics to Resourse name attributes? Or is no more or less valid than As far as Tomcat is concerned, it's basically the Wild West. Some other application servers (usually the "enterprise" ones) are super strict about where things

Re: JNDI resourse name value

Rob, On 11/7/22 16:40, Rob Sargent wrote: On 11/7/22 14:26, Christopher Schultz wrote: Rob, On 11/7/22 14:09, Rob Sargent wrote: Are there any semantics to Resourse name attributes? Or is no more or less valid than As far as Tomcat is concerned, it's basically the Wild West.

Re: FW: Errors in Tomcat logs / application processing

Prabu, On 11/8/22 03:58, Ganesan, Prabu wrote: Could you please help with below errors We have enabled TLS successfully – but after TLS enabled we are facing below issues . > > [snip] The error we are facing is: “SOAP Problems executing transaction LoginApplication via Web Service, underl

Re: Alias name [server] does not identify a key entry + tomcat SSL

Ram, On 11/13/22 22:10, thulasiram k wrote: I have deleted the old certs so only new certs are in the key store. This is probably your problem. Your keystore needs to contain (at least) the server certificate AND ITS key in the keystore. If your keystore contains only certs and no keys, you

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

Angela, On 11/14/22 11:56, Cantor, Angela T. wrote: We just upgraded OpenJDK from 17.0.4.0.8-2.el8_6 to the above version. Now tomcat won't listen on the desired port. Something is wonky with it accessing the keystore. If you all see anything obvious, could you please advise? Especially i

Re: Why does LockOutRealm not support CredentialHandler?

Rémy and Thorsten, On 11/15/22 06:59, Rémy Maucherat wrote: On Tue, Nov 15, 2022 at 11:11 AM Thorsten Schöning wrote: Hi everyone, I have some webapp hosted by Tomcat and need to restrict user access to some part of that. One additional requirement is that this app needs to be CIS benchmark

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Thorsten, On 11/15/22 15:29, Thorsten Schöning wrote: Guten Tag Mark Thomas, am Dienstag, 15. November 2022 um 20:44 schrieben Sie: Assuming digesting passwords with one round of MD5 and no salt isn't acceptable (I'd be surprised if it was) then you are probably looking at HTTPS + BASIC + PBKD

Re: Why does LockOutRealm not support CredentialHandler?

Thorsten, On 11/15/22 05:09, Thorsten Schöning wrote: I have some webapp hosted by Tomcat and need to restrict user access to some part of that. One additional requirement is that this app needs to be CIS benchmark compliant and that requires to use LockOutRealm and restricts to store plain-text

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Thorsten, On 11/16/22 02:36, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:17 schrieben Sie: You should double-check the definition of "compliant to CIS benchmark spec" because there is no way in hell that HTTP DIGEST is required.[...]

Re: Why does LockOutRealm not support CredentialHandler?

Thorsten, On 11/16/22 02:28, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:00 schrieben Sie: Thorsten, what makes you say "it doesn't work" and "LockoutRealm ignores any credential handler"? When you say "it do

Re: Why does LockOutRealm not support CredentialHandler?

Thorsten, On 11/16/22 03:20, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:50 schrieben Sie: That worked right from the start, I had a DIGEST in tomcat-users.xml and was able to login with plain-text password provided to the browser. The

Re: Why does LockOutRealm not support CredentialHandler?

Rémy, On 11/16/22 07:53, Rémy Maucherat wrote: On Wed, Nov 16, 2022 at 1:36 PM Christopher Schultz wrote: Thorsten, On 11/16/22 03:20, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:50 schrieben Sie: That worked right from the start, I

Re: Why does LockOutRealm not support CredentialHandler?

Rémy, On 11/17/22 05:07, Rémy Maucherat wrote: On Wed, Nov 16, 2022 at 6:14 PM Christopher Schultz wrote: Rémy, On 11/16/22 07:53, Rémy Maucherat wrote: On Wed, Nov 16, 2022 at 1:36 PM Christopher Schultz wrote: Thorsten, On 11/16/22 03:20, Thorsten Schöning wrote: Guten Tag

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

ing Java 17... hmm. Are you sure Tomcat is running with your Java 17? Did you build the PKCS12 file using openssl or keytool? IIRC, openssl sometimes does things that are within the spec but aren't handled by Java's implementations of these standards. -chris -Original Message---

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

Angela, On 11/16/22 20:31, Cantor, Angela T. wrote: And one thing I forgot - yes Chris, could you please provide the code you mentioned in case that is the issue? Sure: import java.security.Provider; import java.security.Security; import java.util.*; /** * A crude class for displaying all th

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

-Original Message- From: Christopher Schultz Sent: Tuesday, November 15, 2022 21:50 To: users@tomcat.apache.org Subject: Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade Angela, On 11/14/22 11:56, Cantor, Angela T. wrote: We just upgraded OpenJDK from 17.0.4.0.8

[ANN] Apache Tomcat 8.5.84 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.84. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.84 is a bugfix and fea

Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade

t in the process. :) -chris -----Original Message- From: Christopher Schultz Sent: Friday, November 18, 2022 14:37 To: users@tomcat.apache.org Subject: Re: tomcat and FIPS - PKCS11 CKR_SESSION_READ_ONLY error after OpenJDK upgrade Joey, On 11/17/22 10:52, Joey Cochran wrote: You might

Re: listening all local addresses by default is not security best practice

To whom it may concern, On 11/23/22 14:31, tommydu1...@outlook.com wrote: Hi there, Product: > > [snip] The default behaviour of http connector is listenning all interfaces. False. It is found in the description of "address" in attrib

Re: [Tomcat9][Linux]listening all local addresses by default is not security best practice

Shawn, On 11/23/22 16:19, Shawn Heisey wrote: On 11/23/22 12:43, Robert Turner wrote: My 2 cents: I think that it would be a very strange change to make to a generic product and a "sample" configuration file. If Tomcat was packaged in a distribution, that might be a more reasonable suggestio

Re: Mod_JK vs Mod_Proxy

Cathy, On 12/5/22 15:03, Cathy Spears wrote: Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned end of life for mod_jk or will it continue to be supported for now? Hopefully this will be helpful: https:/

Re: Mod_JK vs Mod_Proxy

Mark, On 12/6/22 08:48, Mark H. Wood wrote: On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote: On 12/5/22 15:03, Cathy Spears wrote: Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned

Re: Mod_JK vs Mod_Proxy

Jon, On 12/6/22 12:36, jonmcalexan...@wellsfargo.com.INVALID wrote: IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not encrypte

Re: Mod_JK vs Mod_Proxy

Jon, On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: What, pray tell, is an encrypted AJP connection? Are you talking AJP over an SSH Tunnel (Stunnel)? Exactly. It's absolutely cheating, but it achieves the goal :) -chris -Original Message- From: Christopher Sc

Re: Mod_JK vs Mod_Proxy

. -chris -Original Message----- From: Christopher Schultz Sent: Wednesday, December 7, 2022 4:54 PM To: Tomcat Users List ; jonmcalexan...@wellsfargo.com.INVALID Subject: Re: Mod_JK vs Mod_Proxy Jon, On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: What, pray tell, is an enc

Re: apache-tomcat-9.0.70 >> JNDI look up fails in a different thread context class loader !!

Dineshk, On 12/12/22 08:30, dineshk wrote: I don't think we should suspect the custom class loader here as its very old code and works fine across all application servers e.g. IBM WebSphere and JBoss EAP 7.X. The custom class loader  is required as our java classes are part of the Database wh

Re: Problems with requests without trailing slash Tomcat 9.0.65

Fedor, On 12/27/22 05:55, Fedor Makarov wrote: proxy for local environment we use the js conf: proxy: {     '/api/': {       target: 'http://localhost:8080/',       changeOrigin: false,     },     '/': {       target: 'http://localhost:8080/lundase',       changeOrigin: false     }   }

Re: Invalid Keystore format error on Tomcat

Veni, On 12/23/22 12:16, Janardhanan, Veni wrote: I’ve a self-signed certificate installed on Tomcat 9 which works fine. This is a Crystal Server SAP BO BI 4.3 box. To make it secure I installed our CA signed certificate. After a restart I brought Tomcat up, the logs show ‘Invalid Keystore for

<    3   4   5   6   7   8   9   10   11   12   >