Test valve with tomcat-embed 9?
I would like to test a custom tomcat valve with tomcat-embed and junit. Is
that possible?
Found a few tomcat-embed samples on the web but most seem to only deal with
setting up a webapp - something along the lines:
@BeforeAll
public static void setup() throws LifecycleException {
Tomcat tomcat = new Tomcat();
tomcat.setPort(...);
StandardContext ctx = (StandardContext) tomcat.addWebapp("/", new
File("src/main/webapp/").getAbsolutePath());
What would I need to do to add a valve? And btw. it's a maven project so
the valve is compiled to "target/classes".
JEP 411 Deprecate the Security Manager for removal
Hi All It appears the security manager is going to be removed from a future release of java according to https://openjdk.java.net/jeps/411. When running Tomcat on Linux there are many excellent alternatives to locking down the JVM process with sandboxing/mandatory access control for instance Systemd and AppArmor and various LSM modules or even SELinux for the masochists. But what about Windows - I'm kind of blank here? The primary use case is to prevent Remote Code Execution attacks from spilling out into the OS. These attacks have been plentiful in some web frameworks (for instance struts2) and ĺibraries that are often used with Tomcat. Most of the severe ones we have had in the past fail in the presence of a sandbox because the remote code relies on privileged operations that are typically not permitted by the sandbox. The requirements for a sandbox I believe would be 1. Mandatory Access Control: Central configuration of security properties. Cannot be modified by the JVM process or user. 2. Principle of Least Privilege: Everything is forbidden except for explicit permissions that are granted for operations that are actually needed. 3. Preferably also with some level of app firewall built in. So does this exist for Windows?
Re: systemd tomcat script for Linux EL7
Hi I use this Systemd unit file (from https://sorenpoulsen.com/install-tomcat-8-on-ubuntu) on ubuntu, but it's probably fairly generic as the unit file just calls tomcats start and stop scripts directly. [Unit] Description=Apache Tomcat After=syslog.target network.target [Service] Type=forking Environment=CATALINA_HOME=/usr/local/tomcat ExecStart=/usr/local/tomcat/bin/startup.sh ExecStop=/usr/local/tomcat/bin/shutdown.sh SuccessExitStatus=143 User=tomcat Group=tomcat Umask=027 [Install] WantedBy=multi-user.target >Apologies for dredging this up but I'm having some problems with this. >Any ideas much appreciated.
Re: context doesnt pick up
>> Hi All >> >> When I put the context in server.xml it works fine, but if I put the same >> context tag in a xml file under /conf/Catalina/localhost/test.xml then >> tomcat doesn't pick it up. I would rather want to use the latter. >You need to set deployOnStartup="true" for that to work. And for that to work I would have to grant write access on the webapps folder for tomcat user? On Sun, Feb 21, 2016 at 5:43 PM, Mark Thomas <ma...@apache.org> wrote: > On 20/02/2016 22:40, Me Self wrote: > > Hi All > > > > When I put the context in server.xml it works fine, but if I put the same > > context tag in a xml file under /conf/Catalina/localhost/test.xml then > > tomcat doesn't pick it up. I would rather want to use the latter. > > You need to set deployOnStartup="true" for that to work. > > Mark > > > > > > The test.xml is > > > > > > > > Its a set up where the tomcat user has no write access to /webapps only > > read. The war has been exploded to /webapps/test. Auto deployment is > > disabled. In server.xml I have autoDeploy="false" > deployOnStartup="false", > > unpackWARS="false". The tomcat user only has read access to > > /conf/Catalina/localhost/test.xml. Its tomcat 8 on linux. > > > > What Am I missing? > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: context doesnt pick up
OK thanks. On Sun, Feb 21, 2016 at 12:25 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > > Subject: RE: context doesnt pick up > > > If all you have in the element is the docBase and your webapp > is located > > in the 's appBase directory, you don't need a element at > all. > > Sorry, since you have both deployOnStartup and autoDeploy set to false, > you will need the element inside server.xml - that's the only way > to get a webapp going when you have disabled all the other mechanisms. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail and > its attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: context doesnt pick up
I already tried an empty Context tag and no Context tag, makes no difference. Catalina.out has not error. I tried setting logging level FINE to see if there were anything related to how it scans conf/Catalina/localhost/ but nothing. On Sun, Feb 21, 2016 at 12:11 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Me Self [mailto:wmso...@gmail.com] > > Subject: context doesnt pick up > > > When I put the context in server.xml it works fine, but if I put the same > > context tag in a xml file under /conf/Catalina/localhost/test.xml then > > tomcat doesn't pick it up. I would rather want to use the latter. > > > The test.xml is > > > > > > > What Am I missing? > > Reading the doc, which for the docBase attribute states: > "The value of this field must not be set unless the Context element is > defined in server.xml or the docBase is not located under the Host's > appBase." > > http://tomcat.apache.org/tomcat-8.0-doc/config/context.html > > I suspect that if you examined the logs you would find an error message > related to deployment of the test webapp. > > If all you have in the element is the docBase and your webapp is > located in the 's appBase directory, you don't need a > element at all. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail and > its attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
context doesnt pick up
Hi All When I put the context in server.xml it works fine, but if I put the same context tag in a xml file under /conf/Catalina/localhost/test.xml then tomcat doesn't pick it up. I would rather want to use the latter. The test.xml is Its a set up where the tomcat user has no write access to /webapps only read. The war has been exploded to /webapps/test. Auto deployment is disabled. In server.xml I have autoDeploy="false" deployOnStartup="false", unpackWARS="false". The tomcat user only has read access to /conf/Catalina/localhost/test.xml. Its tomcat 8 on linux. What Am I missing?
Re: 8443 to 443 problem
I can change the redirectPort at runtime through managed bean org.apache.catalina.mbeans.ConnectorMBean to 443. When I do that it works immediately but after server restart the port is back to 8443. On Thu, Apr 15, 2010 at 6:24 PM, Me Self wmso...@gmail.com wrote: I am trying to use port 443 for https - without success so far. I changed from 8443 to 443 in two places in server.xml: Connector protocol=HTTP/1.1 port=80 ... redirectPort=443 / ... Connector protocol=HTTP/1.1 SSLEnabled=true port=443 ... scheme=https secure=true clientAuth=false keystoreFile=... keystorePass=... sslProtocol = TLS / But apparently this is not enough because when I navigate to a confidential part of the web app tomcat sends a http 302 redirect to port 8443 still instead of 443.. What am i missing? -- Mvh Søren Poulsen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 8443 to 443 problem
b) the file that you are changing is not the one that is actually used. I do not use JBoss, so there might be differences with what I know. E.g., you are saying about context.xml, but in Tomcat that is configured in server.xml. I found out jboss uses a hybrid of Tomcats server.xml file and its own central way of setting ports for all its services. The file for central port settings in jboss 5.1.0.ga is /server/default/conf/bindingservice.beans/META-INF/bindings-jboss-beans.xml, but its faily obscure. Inside the bindings-jboss-beans.xml theres a piece of XSLT that transforms and overwrites the Connector tag from the server.xml file. The XSLT works from a base port and theres no direct mention of 8443 which is why I could find the config with find . -exec grep 8443 Some of the XSLT transformation wont match the connector tags in server.xml if the ports have been changed in server.xml and I found lots of posts from people trying that approach - all in all it looks like an extremely flaky way of controlling ports centrally but maybe its just because im doing it wrong. This is what worked for me: Change this line in bindings-jboss-beans.xml : xsl:attribute name=redirectPortxsl:value-of select=$portHttps //xsl:attribute To: xsl:attribute name=redirectPortxsl:value-of select=443 //xsl:attribute (I believe this breaks the general jboss port settings based on having a single base port from which other ports are calculated) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
8443 to 443 problem
I am trying to use port 443 for https - without success so far. I changed from 8443 to 443 in two places in server.xml: Connector protocol=HTTP/1.1 port=80 ... redirectPort=443 / ... Connector protocol=HTTP/1.1 SSLEnabled=true port=443 ... scheme=https secure=true clientAuth=false keystoreFile=... keystorePass=... sslProtocol = TLS / But apparently this is not enough because when I navigate to a confidential part of the web app tomcat sends a http 302 redirect to port 8443 still instead of 443.. What am i missing? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 8443 to 443 problem
1. Tomcat version? 2. Is Tomcat running standalone, or behind another web server, e.g. Apache? 3. There are only these two connectors in your server.xml? Its tomcat 5.5 (i believe) embedded in jboss5.1.0GA running standalone default server. Those are the only 2 connectors in the context.xml file. I removed the AJP connector completely. From the server log when its starting up, notice the change from 8080 to 80 went through but 8443 to 443 had no effect: 18:48:09,605 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-192.168.1.5-80 18:48:09,648 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-192.168.1.5-8443 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 8443 to 443 problem
Many times, also tried reinstalling the server complete. On Thu, Apr 15, 2010 at 6:59 PM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: Did you restart your Tomcat instance? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
getOutputStream() has already been called for this response
Hello
When I include a servlet inside a tagfile then it works:
jsp:include page=/controller/
But if a try to do the same in a tag that subclasses SimpleTagSupport
then tomcat throws the exception mentioned in the subject:
@Override
public void doTag() throws IOException, JspException {
HttpServletRequest request = (HttpServletRequest) ((PageContext) this
.getJspContext()).getRequest();
HttpServletResponse response = (HttpServletResponse) ((PageContext) this
.getJspContext()).getResponse();
RequestDispatcher requestDispatcher = request
.getRequestDispatcher(/controller);
try {
requestDispatcher.include(request, response);
}
catch (ServletException e) {
throw new JspException(Failed to include action, e);
}
}
Why does tomcat not react the same on these?
Btw. Im trying to invoke a controller in the middle of a JSP rather
than before the JSP because I want to
do component-level MVC instead of page-level MVC.
Full stacktrace is here:
exception
org.apache.jasper.JasperException: java.lang.IllegalStateException:
getOutputStream() has already been called for this response
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:515)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:405)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:322)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:249)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
root cause
java.lang.IllegalStateException: getOutputStream() has already been
called for this response
org.apache.catalina.connector.Response.getWriter(Response.java:619)
org.apache.catalina.connector.ResponseFacade.getWriter(ResponseFacade.java:198)
org.apache.jasper.runtime.JspWriterImpl.initOut(JspWriterImpl.java:125)
org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:118)
org.apache.jasper.runtime.PageContextImpl.release(PageContextImpl.java:188)
org.apache.jasper.runtime.JspFactoryImpl.internalReleasePageContext(JspFactoryImpl.java:118)
org.apache.jasper.runtime.JspFactoryImpl.releasePageContext(JspFactoryImpl.java:77)
org.apache.jsp.index_jsp._jspService(index_jsp.java:99)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:369)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:322)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:249)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
Its a tomcat 5.5 i believe embedded in jboss 5.1.0ga.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
