RE: Re: Tomcat 5.5.17 migration to 6.0.53
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, 24 July 2018 12:41 PM To: users@tomcat.apache.org Subject: [EXTERNAL] Re: Tomcat 5.5.17 migration to 6.0.53 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 7/24/18 10:54 AM, David Babooram wrote: > I will try to be as clear as possible. :) > The files that were originally in > /usr/local/tomcat/jakarta-tomcat-5.5.17/webapps/MYAPP/WEB-INF/lib > were copied by default when I migrated the app to > /usr/local/tomcat/apache-tomcat-6.0.53/webapps/ Good, that's what you probably should have done. > When I ran MYAPP I got the error from my previous email. > > I then mv all the files from > /usr/local/tomcat/apache-tomcat-6.0.53/webapps/MYAPP/WEB-INF/lib > into a temp directory , in attempt to make it use the global lib , but > still the same error. Hmm. I'd expect lots of problems when removing all required libraries from your application. Did you copy the "work" directory from the Tomcat 5.5 installation? (I'm guessing not.) > My next idea was to place the files from > /usr/local/tomcat/apache-tomcat-6.0.53/webapps/MYAPP/WEB-INF/lib > into /usr/local/tomcat/apache-tomcat-6.0.53/lib , but with the new > structure I am unsure what belongs where. Definitely undo that... it's likely to break your Tomcat installation. You should basically never add anything other than maybe a JDBC driver to your CATALINA_BASE/lib directory. Definitely nothing application-specific. I'd recommend removing all the files from CATALINA_BASE/lib and re-extracting the distro package you downloaded just to reset things back to the way they were. -> ok I did not place it in CAT/lib yet so everything is in tact. However in the 5.5 there was a server/lib folder that has some jar files what do I do with these? I assume we need to put that in the /lib but not sure server/lib/ catalina-ant.jar catalina.jar commons-modeler.jar servlets-invoker.jar tomcat-ajp.jar tomcat-http.jar catalina-ant-jmx.jar catalina-optional.jar servlets-cgi.renametojar servlets-ssi.renametojar tomcat-apr.jar tomcat-jkstatus-ant.jar catalina-cluster.jar catalina-storeconfig.jar servlets-default.jar servlets-webdav.jar tomcat-coyote.jar tomcat-util.jar > > FYI : in my original /usr/local/tomcat/jakarta-tomcat-5.5.17/common > I have the following directories > > classes endorsed i18n lib > > > > > activation.jar antlr-2.7.2.jar I think something got lost in the copy/paste. If you had files in the "common" loader in Tomcat 5.5 then you might have a bit of work figuring out which files are required by the application and which are expected to be supplied by the container (Tomcat). I'm going to attempt to group these files into 2 categories: things that ought to be in your web application's WEB-INF/lib directory and which files should be ignored (because Tomcat and/or the JVM should be supplying them). Here goes: 1. Files supplied by the JVM and/or Tomcat (and should be ignored from your old installation): > activation.jar (Modern JVMs supply this) > el-api-2.2.1-b04.jar (Tomcat is required to supply the EL APIs) --> Both those files are not present in /lib directory, I recheck the extracted data, this is what is present in /lib ls lib annotations-api.jar catalina-ha.jar catalina-tribes.jar el-api.jar jasper.jar server tomcat-coyote.jar tomcat-i18n-es.jar tomcat-i18n-ja.jar catalina-ant.jar catalina.jar ecj-4.3.1.jar jasper-el.jar jsp-api.jar servlet-api.jar tomcat-dbcp.jar tomcat-i18n-fr.jar A bit strange that you mention it should be in the /lib and its not there by default. So I just moved activations.jar and el-api-2 to /lib and then place back all the webapps libs into its container lib directory , and I THINK its working. At least I got the page to come up > 2. Files that ought to be in WEB-INF/lib in your application: > antlr-2.7.2.jar axis-ant.jar axis.jar bsf-2.3.0.jar > commons-beanutils-1.8.0.jar commons-chain-1.2.jar > commons-codec-1.3.jar commons-collections.jar commons-dbcp-1.2.1.jar > commons-digester-1.8.jar commons-discovery-0.2.jar > commons-fileupload-1.1.1.jar commons-io-1.1.jar commons-lang.jar > commons-logging-1.0.4.jar commons-pool-1.2.jar > commons-validator-1.3.1.jar edtftpj.jar ibatis-common-2.jar > ibatis-dao-2.jar ibatis-sqlmap-2.jar invoice-generator.jar > itext-1.3.jar iText-2.1.0.jar j2ssh-ant-0.2.9.jar > j2ssh-common-0.2.9.jar j2ssh-core-0.2.9.jar j2ssh-daemon-0.2.9.jar > jakarta-oro.jar jaxrpc.jar
Re: Re: Tomcat 5.5.17 migration to 6.0.53
Hey thanks. Before I go through your recommendations with a fine tooth comb, do you think it will be there same amount of work trying to go straight to the latest Apache version? I started thinking of this since your mentioned the vul. Thanks, David On Tue, Jul 24, 2018 at 12:41 PM -0400, "Christopher Schultz" mailto:ch...@christopherschultz.net>> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 7/24/18 10:54 AM, David Babooram wrote: > I will try to be as clear as possible. :) > The files that were originally in > /usr/local/tomcat/jakarta-tomcat-5.5.17/webapps/MYAPP/WEB-INF/lib > were copied by default when I migrated the app to > /usr/local/tomcat/apache-tomcat-6.0.53/webapps/ Good, that's what you probably should have done. > When I ran MYAPP I got the error from my previous email. > > I then mv all the files from > /usr/local/tomcat/apache-tomcat-6.0.53/webapps/MYAPP/WEB-INF/lib > into a temp directory , in attempt to make it use the global lib , > but still the same error. Hmm. I'd expect lots of problems when removing all required libraries from your application. Did you copy the "work" directory from the Tomcat 5.5 installation? (I'm guessing not.) > My next idea was to place the files from > /usr/local/tomcat/apache-tomcat-6.0.53/webapps/MYAPP/WEB-INF/lib > into /usr/local/tomcat/apache-tomcat-6.0.53/lib , but with the new > structure I am unsure what belongs where. Definitely undo that... it's likely to break your Tomcat installation. You should basically never add anything other than maybe a JDBC driver to your CATALINA_BASE/lib directory. Definitely nothing application-specific. I'd recommend removing all the files from CATALINA_BASE/lib and re-extracting the distro package you downloaded just to reset things back to the way they were. > FYI : in my original /usr/local/tomcat/jakarta-tomcat-5.5.17/common > I have the following directories > > classes endorsed i18n lib > > > > > activation.jar antlr-2.7.2.jar I think something got lost in the copy/paste. If you had files in the "common" loader in Tomcat 5.5 then you might have a bit of work figuring out which files are required by the application and which are expected to be supplied by the container (Tomcat). I'm going to attempt to group these files into 2 categories: things that ought to be in your web application's WEB-INF/lib directory and which files should be ignored (because Tomcat and/or the JVM should be supplying them). Here goes: 1. Files supplied by the JVM and/or Tomcat (and should be ignored from your old installation): > activation.jar (Modern JVMs supply this) > el-api-2.2.1-b04.jar (Tomcat is required to supply the EL APIs) 2. Files that ought to be in WEB-INF/lib in your application: > antlr-2.7.2.jar axis-ant.jar axis.jar bsf-2.3.0.jar > commons-beanutils-1.8.0.jar commons-chain-1.2.jar > commons-codec-1.3.jar commons-collections.jar > commons-dbcp-1.2.1.jar commons-digester-1.8.jar > commons-discovery-0.2.jar commons-fileupload-1.1.1.jar > commons-io-1.1.jar commons-lang.jar commons-logging-1.0.4.jar > commons-pool-1.2.jar commons-validator-1.3.1.jar edtftpj.jar > ibatis-common-2.jar ibatis-dao-2.jar ibatis-sqlmap-2.jar > invoice-generator.jar itext-1.3.jar iText-2.1.0.jar > j2ssh-ant-0.2.9.jar j2ssh-common-0.2.9.jar j2ssh-core-0.2.9.jar > j2ssh-daemon-0.2.9.jar jakarta-oro.jar jaxrpc.jar jsch-0.1.20.jar > jstl-1.0.2.jar jstl-1.2.jar junit.jar log4j-1.2.11.jar mailapi.jar > ojdbc14.jar oro-2.0.8.jar poi-2.5.1-final-20040804.jar quartz.jar > saaj.jar smtp.jar standard-1.0.6.jar stringtemplate.jar > struts-core-1.3.10.jar struts-el-1.3.10.jar > struts-extras-1.3.10.jar struts-faces-1.3.10.jar > struts-mailreader-dao-1.3.10.jar struts-scripting-1.3.10.jar > struts-taglib-1.3.10.jar struts-tiles-1.3.10.jar wsdl4j-1.5.1.jar > xmlrpc-2.0.jar 3. Wait, there is another category. You appear to have some conflicts in your existing libraries: > jstl-1.0.2.jar jstl-1.2.jar and > jakarta-oro.jar oro-2.0.8.jar If those files have the same classes in each of them, you might be looking at some problems. Check the contents to see if they are distinct or if you have duplicate libraries. 4. Things you might want to look into. > mailapi.jar Is that javamail? > smtp.jar Is that *also* javamail? > ojdbc14.jar Is that the Oracle JDBC driver? If the container (Tomcat) is managing your connection-pool, then you'll want to put this file into CATALINA_BASE/lib and *nowhere else*. > junit.jar Are you sure you need the junit runtime in your running application? My guess is "no" and you might want to see if things still work is you remove this. But it can wait until later. Finally (and I say this as a proud Apache Struts 1.x user) it's important that you understand that (a) Apache S
RE: Re: Tomcat 5.5.17 migration to 6.0.53
Hi Christopher, I will try to be as clear as possible. The files that were originally in /usr/local/tomcat/jakarta-tomcat-5.5.17/webapps/MYAPP/WEB-INF/lib were copied by default when I migrated the app to /usr/local/tomcat/apache-tomcat-6.0.53/webapps/ When I ran MYAPP I got the error from my previous email. I then mv all the files from /usr/local/tomcat/apache-tomcat-6.0.53/webapps/MYAPP/WEB-INF/lib into a temp directory , in attempt to make it use the global lib , but still the same error. My next idea was to place the files from /usr/local/tomcat/apache-tomcat-6.0.53/webapps/MYAPP/WEB-INF/lib into /usr/local/tomcat/apache-tomcat-6.0.53/lib , but with the new structure I am unsure what belongs where. FYI : in my original /usr/local/tomcat/jakarta-tomcat-5.5.17/common I have the following directories classes endorsed i18n lib activation.jar antlr-2.7.2.jar axis-ant.jar axis.jar bsf-2.3.0.jar commons-beanutils-1.8.0.jar commons-chain-1.2.jar commons-codec-1.3.jar commons-collections.jar commons-dbcp-1.2.1.jar commons-digester-1.8.jar commons-discovery-0.2.jar commons-fileupload-1.1.1.jar commons-io-1.1.jar commons-lang.jar commons-logging-1.0.4.jar commons-pool-1.2.jar commons-validator-1.3.1.jar edtftpj.jar el-api-2.2.1-b04.jar ibatis-common-2.jar ibatis-dao-2.jar ibatis-sqlmap-2.jar invoice-generator.jar itext-1.3.jar iText-2.1.0.jar j2ssh-ant-0.2.9.jar j2ssh-common-0.2.9.jar j2ssh-core-0.2.9.jar j2ssh-daemon-0.2.9.jar jakarta-oro.jar jaxrpc.jar jsch-0.1.20.jar jstl-1.0.2.jar jstl-1.2.jar junit.jar log4j-1.2.11.jar mailapi.jar ojdbc14.jar oro-2.0.8.jar poi-2.5.1-final-20040804.jar quartz.jar saaj.jar smtp.jar standard-1.0.6.jar stringtemplate.jar struts-core-1.3.10.jar struts-el-1.3.10.jar struts-extras-1.3.10.jar struts-faces-1.3.10.jar struts-mailreader-dao-1.3.10.jar struts-scripting-1.3.10.jar struts-taglib-1.3.10.jar struts-tiles-1.3.10.jar wsdl4j-1.5.1.jar xmlrpc-2.0.jar -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, 23 July 2018 2:29 PM To: users@tomcat.apache.org Subject: [EXTERNAL] Re: Tomcat 5.5.17 migration to 6.0.53 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 7/23/18 12:51 PM, David Babooram wrote: > Hello > > I have begun a migration from 5.5 to 6. Yes I know 6 is EOL but the > migration from 5.5 to 6 has some more documentation compared to > 5.5 to the latest version. > > I followed the standard migration of libs and classes from /common > /shared etc to the new /lin directory for 6.. > > The server engine runs and I can see the examples web pages come up. > > When I migrated my production webapps to the 6.0 instance however I > get the following error. > > HTTP Status 500 - java.lang.LinkageError: loader constraint > violation: when resolving interface method > "javax.servlet.jsp.JspApplicationContext.getExpressionFactory()Ljavax/ el/ExpressionFactory;" > > the class loader (instance of org/apache/jasper/servlet/JasperLoader) > of the current class, org/apache/jsp/index_jsp, and the class loader > (instance of org/apache/catalina/loader/StandardClassLoader) > for resolved class, javax/servlet/jsp/JspApplicationContext, have > different Class objects for the type javax/el/ExpressionFactory used > in the signature > > Any insight on this is welcomed. > > I notice in that my app has its own lib directory, does this means > that there is a conflict with the lib files from the base directory ? Possibly. What files do you have in your app's WEB-INF/lib directory? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltWHmYACgkQHPApP6U8 pFi4ow//e1d8mPY8X7K2X1h2X9Maim12GIbKAv0OrvthWMWYMIt6POTrxRepJLg6 BxgQ2Duabf2wCmZhGRRcBotc7++Niyyh3bHPwy11UfsHXkLPQlE1bnfprgYsUI+5 JRUf4ZHLQ+HCXTn3R54U5Z+a6U4ucSotPt2FwpslIGH2lZFrjSjM+lELagNIJvvU gysavLRPZIQSCvDfPw1MeDbmtPalbVlq0XvS4d4szvWJy0oNzF1mRG4u6KWniisz t0ULSmp/2virBNPmQ9SdeoG23avPtfxVOY2BbP1O5IAjKSfhPV+UNhvu48ufq5gj gVYGVf5edxZy241ApGZHZoSSfl5LEiN1vJpIsF1a8HcqffhBTJTwtDzhscQDVxw9 89iiwTGEp5VtugI8vqMNI1hO9b0ESJhAfsCuMwvEvL2sivWWROXRzExsFiSFe0x2 K9tpqXBonXZ+4y+xwQdBoaDcRRjKhUW9rP5CbkNvDOfpttsnyD6c7ff1t/9K3vr/ FnBFCqo0qDRdSLckbtmU5C6/yHUjQiFtMXbMtnEVXwnk3zo0ICJnvxvTINp346nq EiYAMcZF+RemlO3+0whK+B7BKgF9L4baqvQmglJaIEVY2D6w4SmW/xCO55a4V2c4 gRD9xNP6u7M/dlFGs+VaJvdwkh4wNxj319vxYsZ2O2KsdmDdvUw= =YuGP -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Notice of Confidentiality: The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others
Tomcat 5.5.17 migration to 6.0.53
Hello I have begun a migration from 5.5 to 6. Yes I know 6 is EOL but the migration from 5.5 to 6 has some more documentation compared to 5.5 to the latest version. I followed the standard migration of libs and classes from /common /shared etc to the new /lin directory for 6.. The server engine runs and I can see the examples web pages come up. When I migrated my production webapps to the 6.0 instance however I get the following error. HTTP Status 500 - java.lang.LinkageError: loader constraint violation: when resolving interface method "javax.servlet.jsp.JspApplicationContext.getExpressionFactory()Ljavax/el/ExpressionFactory;" the class loader (instance of org/apache/jasper/servlet/JasperLoader) of the current class, org/apache/jsp/index_jsp, and the class loader (instance of org/apache/catalina/loader/StandardClassLoader) for resolved class, javax/servlet/jsp/JspApplicationContext, have different Class objects for the type javax/el/ExpressionFactory used in the signature Any insight on this is welcomed.. I notice in that my app has its own lib directory, does this means that there is a conflict with the lib files from the base directory ? Notice of Confidentiality: The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system.
Re: RE: Re: Tomcat 5.5.17 migration to 6
Alright. I guess the thought the process was to upgrade to 6, then 7, 8 Thanks, David On Sat, Jul 14, 2018 at 3:38 PM -0400, "Caldarale, Charles R" mailto:chuck.caldar...@unisys.com>> wrote: > From: David Babooram [mailto:david.baboo...@digicelgroup.com] > Subject: Re: Re: Tomcat 5.5.17 migration to 6 > But by decision was based on what was presented in the Apache site. In that, upgrade from > 5.5 was known to only go to 6. Seriously, don't even think about "upgrading" to another very dead level. There haven't been updates to Tomcat 6 for over a year; subsequent fixes for known security holes and other issues have been applied to current levels, but none of those will ever be retrofitted to Tomcat 6 (and 7, in the not too distant future). 8.5 or 9.0 are the only sensible choices. > Nevertheless.. is there some official documents on migrating to 8.5? Due to the age of where you're starting from (over 12 years old), you're not going to find anything specific for that level to a current one. What you can do is read all of the Migration Guides linked from here: http://tomcat.apache.org/migration.html and get a sense of the changes needed for your webapp configurations. You may well need to update JVM versions as well; if the one you're using is also 12 years old, it's scary dangerous. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. Notice of Confidentiality: The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system.
Re: Re: Tomcat 5.5.17 migration to 6
Hi Good point. But by decision was based on what was presented in the Apache site. In that, upgrade from 5.5 was known to only go to 6. Nevertheless.. is there some official documents on migrating to 8.5? Thanks, David On Sat, Jul 14, 2018 at 11:05 AM -0400, "calder" mailto:calder@gmail.com>> wrote: Why migrate to a version that is EOL (no doubt why you can't find docs) ? https://urldefense.proofpoint.com/v2/url?u=https-3A__tomcat.apache.org_tomcat-2D60-2Deol.html=DwIBaQ=rgYoxYEBLrFNu7L2jzNzTw=MW5XW3Oy92ra15dUPR3jKJRFG4SYwI8WcMv_vsnkhI8=BBOP12O2WPzudlhwCFnUC4e0DvDT_OfVbr1ORuU60EU=Ph5R4aW_MIkR03OtVE8KeF2sTCSJjI25o_HEqjp2r5k= If I were in the situation, I'd migrate to a more modern version, such as 8.5 On Saturday, July 14, 2018, David Babooram wrote: > Good morning > > My intent is to migrate from 5.5.17 to 6 with the intent to upgrade to > 6.0.48. , mainly due to a vulnerability notice. > > I understand the changes listed from the Apache site wrt the migration. > but I have not gotten any steps on how to proceed. > > Is there any proper documentation on how to proceed > Notice of Confidentiality: The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system.
Tomcat 5.5.17 migration to 6
Good morning My intent is to migrate from 5.5.17 to 6 with the intent to upgrade to 6.0.48. , mainly due to a vulnerability notice. I understand the changes listed from the Apache site wrt the migration. but I have not gotten any steps on how to proceed. Is there any proper documentation on how to proceed with this migration? Thanks, David Notice of Confidentiality: The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system.
