RE: RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize
Hi Christopher, Thanks for the reply. We found the solution for the problem. Tomcat Native, we used the same '*.so' compiled in RHEL 7.9. Once compiled with RHEL 8.6 it worked. Regards, Abirami.S -Original Message- From: Christopher Schultz Sent: Thursday, June 22, 2023 7:35 PM To: users@tomcat.apache.org Subject: Re: RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize Hello, On 6/22/23 07:47, S Abirami wrote: > Hi All, > > Our application using embedded tomcat 9.0.62 on RHEL linux environment. > Tomcat native version :1.2.32 > > openssl version OpenSSL 1.1.1k > > After upgrading from RHEL 7.9 to RHEL 8.6 version, embedded tomcat throws an > exception when starting the application for https. > > org.apache.catalina.util.LifecycleBase handleSubClassException > - Failed to start component [cmg.protocols.http.HTTPConnector] > java.lang.NoClassDefFoundError: Could not initialize class > org.apache.tomcat.util.net.openssl.OpenSSLEngine > at > org.apache.tomcat.util.net.openssl.OpenSSLUtil.getImplementedProtocols > (OpenSSLUtil.java:54) > > > Http is working fine without issue. Please help use here to find the solution > for this problem. Is there more to the stack trace? For example, "Caused by..." maybe multiple times? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize
Hi All, Our application using embedded tomcat 9.0.62 on RHEL linux environment. Tomcat native version :1.2.32 openssl version OpenSSL 1.1.1k After upgrading from RHEL 7.9 to RHEL 8.6 version, embedded tomcat throws an exception when starting the application for https. org.apache.catalina.util.LifecycleBase handleSubClassException - Failed to start component [cmg.protocols.http.HTTPConnector] java.lang.NoClassDefFoundError: Could not initialize class org.apache.tomcat.util.net.openssl.OpenSSLEngine at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getImplementedProtocols(OpenSSLUtil.java:54) Http is working fine without issue. Please help use here to find the solution for this problem. Regards, Abirami.S
RE: CVE-2023-24998 : Apache Denial of Service
Thanks Mark -Original Message- From: Mark Thomas Sent: Thursday, March 16, 2023 2:34 PM To: users@tomcat.apache.org Subject: Re: CVE-2023-24998 : Apache Denial of Service On 16/03/2023 05:33, S Abirami wrote: > Hi All, > > Currently, In our product we are using 9.0.65 version of Tomcat. > We are not using FileUpload option in any of our application and in Servlet. > We don't have any config to limit the file uploads also. > > Whether our attacker still able to perform a malicious upload to our server > via url. > Please let me know you input regarding this CVE-2023-24998 vulnerability. > Whether our application is vulnerable (or) not. If the application has not enabled Tomcat's built-in support for processing request bodies with content type "multipart/form-data" then the application is not exposed to CVE-2023-24998. Applications enable this support via the "@MultipartConfig" annotation and/or the "multipart-config" element in web.xml Note that any frameworks you may be using may enable this processing. Check the documentation for the framework. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
CVE-2023-24998 : Apache Denial of Service
Hi All, Currently, In our product we are using 9.0.65 version of Tomcat. We are not using FileUpload option in any of our application and in Servlet. We don't have any config to limit the file uploads also. Whether our attacker still able to perform a malicious upload to our server via url. Please let me know you input regarding this CVE-2023-24998 vulnerability. Whether our application is vulnerable (or) not. Regards, Abirami.S - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
CVE-2023-24998 : Apache Denial of Service
Hi All, Currently, In our product we are using 9.0.65 version of Tomcat. We are not using FileUpload option in any of our application and in Servlet. We don't have any config to limit the file uploads also. Whether our attacker still able to perform a malicious upload to our server via url. Please let me know you input regarding this CVE-2023-24998 vulnerability. Whether our application is vulnerable (or) not. Regards, Abirami.S
RE: xsd version used for web.xml etc
Thanks a lot Mark. -Original Message- From: Mark Thomas Sent: Thursday, October 21, 2021 4:23 PM To: users@tomcat.apache.org Subject: Re: xsd version used for web.xml etc On 21/10/2021 10:37, S Abirami wrote: > Hi Thomas, > > How I can identify whether the schema validation enabled or not. > I checked startup logs and other configuration. > > I am unable to find it. The quick test is to add an unknown element to web.xml and see what happens. If you get an error, validation is enabled. If it is ignored, validation is not enabled. It is typically configured in $CATALINA_BASE/conf/context.xml See https://tomcat.apache.org/tomcat-9.0-doc/config/context.html Of particular interest: xmlNamespaceAware xmlValidation Mark > > Regards, > Abirami.S > > -Original Message- > From: Mark Thomas > Sent: Thursday, October 21, 2021 2:40 PM > To: users@tomcat.apache.org > Subject: Re: xsd version used for web.xml etc > > On 21/10/2021 09:45, S Abirami wrote: >> Hi All, >> >> In web.xml, if we didn't define any xsd schema or dtd schema which version >> of xsd will be loaded for Tomcat 9.0.45. > > By default none - whether a schema is defined or not. Schemas are only loaded > if validation is enabled. > > With validation disabled, Tomcat will treat the content of a web.xml file as > if it is using the schema associated with the Servlet 4.0 specification. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: xsd version used for web.xml etc
Hi Thomas, How I can identify whether the schema validation enabled or not. I checked startup logs and other configuration. I am unable to find it. Regards, Abirami.S -Original Message- From: Mark Thomas Sent: Thursday, October 21, 2021 2:40 PM To: users@tomcat.apache.org Subject: Re: xsd version used for web.xml etc On 21/10/2021 09:45, S Abirami wrote: > Hi All, > > In web.xml, if we didn't define any xsd schema or dtd schema which version of > xsd will be loaded for Tomcat 9.0.45. By default none - whether a schema is defined or not. Schemas are only loaded if validation is enabled. With validation disabled, Tomcat will treat the content of a web.xml file as if it is using the schema associated with the Servlet 4.0 specification. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: xsd version used for web.xml etc
Thanks Thomas. -Original Message- From: Mark Thomas Sent: Thursday, October 21, 2021 2:40 PM To: users@tomcat.apache.org Subject: Re: xsd version used for web.xml etc On 21/10/2021 09:45, S Abirami wrote: > Hi All, > > In web.xml, if we didn't define any xsd schema or dtd schema which version of > xsd will be loaded for Tomcat 9.0.45. By default none - whether a schema is defined or not. Schemas are only loaded if validation is enabled. With validation disabled, Tomcat will treat the content of a web.xml file as if it is using the schema associated with the Servlet 4.0 specification. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: xsd version used for web.xml etc
Hi All, TOMCAT_BASE/conf/web.xml will be constructed by us during installation. So that web.xml also will not have xsd definition. Regards, Abirami.S -Original Message- From: Jean-Pierre Urkens Sent: Thursday, October 21, 2021 2:25 PM To: Tomcat Users List Subject: RE: xsd version used for web.xml etc My guess, the one that is specified in TOMCAT_BASE/conf/web.xml -Original Message- From: S Abirami Sent: donderdag 21 oktober 2021 10:46 To: Tomcat Users List Subject: xsd version used for web.xml etc Hi All, In web.xml, if we didn't define any xsd schema or dtd schema which version of xsd will be loaded for Tomcat 9.0.45. Regards, Abirami.S - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
xsd version used for web.xml etc
Hi All, In web.xml, if we didn't define any xsd schema or dtd schema which version of xsd will be loaded for Tomcat 9.0.45. Regards, Abirami.S
RE: TLSv1.3 Support in Tomcat
Hi ALL, Web UI launched successfully. Using a link in the web UI, we will download and launch a Java Web start Launcher (JNLP). JNLP is not opening, it is due to the problem in Tomcat or it is problem in the JDK. Following exception thrown javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivilegedWithCombiner(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source) at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source) at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source) at com.sun.deploy.net.BasicHttpRequest.doGetRequest(Unknown Source) at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source) at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source) at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source) at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unkn -Original Message- From: Daniel Savard Sent: Tuesday, June 29, 2021 11:33 AM To: Tomcat Users List Subject: Re: TLSv1.3 Support in Tomcat https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites TLSv1.3 supports 5 cipher suites and none is in your list. - Daniel Savard Le mar. 29 juin 2021 à 01:44, S Abirami a écrit : > Hi Christopher, > > Below is my Connector element, sslEnabledProtocols =TLSv1.2 ,TLS 1.3 > it is working fine with TLSv1.2. When sslEnabledProtocols=TLSv1.3, > Tomcat is started but, the browser unable to perform handshake with webapp. > > Is there any dependency with Cipher suites? > > protocol="com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp" > port="" maxThreads="200" scheme="https" secure="true" > SSLEnabled="true" keystoreFile="/opt/cert/keystore" > keystorePass="" clientAuth="false" > maxHttpHeaderSize="8192" server="" xpoweredBy="false" > ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_S > HA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, > TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" > sslEnab
RE: TLSv1.3 Support in Tomcat
Hi Daniel, Thanks for the response. It's working after adding the cipher suites. I have one more question. In JDK 1.8, TLSv1.3 communication mentioned as half duplex policy communication and how about tomcat 9.0.46 whether it is half duplex and full duplex? Regards, Abirami.S -Original Message- From: Daniel Savard Sent: Tuesday, June 29, 2021 11:33 AM To: Tomcat Users List Subject: Re: TLSv1.3 Support in Tomcat https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites TLSv1.3 supports 5 cipher suites and none is in your list. - Daniel Savard Le mar. 29 juin 2021 à 01:44, S Abirami a écrit : > Hi Christopher, > > Below is my Connector element, sslEnabledProtocols =TLSv1.2 ,TLS 1.3 > it is working fine with TLSv1.2. When sslEnabledProtocols=TLSv1.3, > Tomcat is started but, the browser unable to perform handshake with webapp. > > Is there any dependency with Cipher suites? > > protocol="com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp" > port="" maxThreads="200" scheme="https" secure="true" > SSLEnabled="true" keystoreFile="/opt/cert/keystore" > keystorePass="" clientAuth="false" > maxHttpHeaderSize="8192" server="" xpoweredBy="false" > ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_S > HA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, > TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" > sslEnabledProtocols=" TLSv1.3"/> > > > > Regards, > Abirami.S > > -Original Message- > From: Christopher Schultz > Sent: Monday, June 28, 2021 7:27 PM > To: users@tomcat.apache.org > Subject: Re: TLSv1.3 Support in Tomcat > > Abirami, > > On 6/28/21 07:16, S Abirami wrote: > > TLSv1.3 support is available in Tomcat. > > > > I tried just updating server.xml[sslEnabledProtocols=TLSv1.3] and > > restarted tomcat. It doesn't work. > > > > [We are using Tomcat 9.0.46 and JDK 8u291] > > > > Please let me know any other configuration also needs to be changed. > > Can you please post your configuration (minus any secrets)? > > When you say "it doesn't work", what exactly do you mean? > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TLSv1.3 Support in Tomcat
Hi Christopher, Below is my Connector element, sslEnabledProtocols =TLSv1.2 ,TLS 1.3 it is working fine with TLSv1.2. When sslEnabledProtocols=TLSv1.3, Tomcat is started but, the browser unable to perform handshake with webapp. Is there any dependency with Cipher suites? Regards, Abirami.S -Original Message- From: Christopher Schultz Sent: Monday, June 28, 2021 7:27 PM To: users@tomcat.apache.org Subject: Re: TLSv1.3 Support in Tomcat Abirami, On 6/28/21 07:16, S Abirami wrote: > TLSv1.3 support is available in Tomcat. > > I tried just updating server.xml[sslEnabledProtocols=TLSv1.3] and > restarted tomcat. It doesn't work. > > [We are using Tomcat 9.0.46 and JDK 8u291] > > Please let me know any other configuration also needs to be changed. Can you please post your configuration (minus any secrets)? When you say "it doesn't work", what exactly do you mean? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TLSv1.3 Support in Tomcat
Hi All, We are using Tomcat 9.0.46 and JDK 8u291 Regards, Abirami.S -Original Message- From: S Abirami Sent: Monday, June 28, 2021 4:47 PM To: Tomcat Users List Subject: TLSv1.3 Support in Tomcat Hi All, TLSv1.3 support is available in Tomcat. I tried just updating server.xml[sslEnabledProtocols=TLSv1.3] and restarted tomcat. It doesn't work. Please let me know any other configuration also needs to be changed. Regards, Abirami.S - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
TLSv1.3 Support in Tomcat
Hi All, TLSv1.3 support is available in Tomcat. I tried just updating server.xml[sslEnabledProtocols=TLSv1.3] and restarted tomcat. It doesn't work. Please let me know any other configuration also needs to be changed. Regards, Abirami.S
Tomcat JreMemoryLeakPreventionListener Testing scenario
Hi Team, As part of CISCAT Tomcat 9 benchmark, we have added JreMemoryLeakPreventionListener in server.xml. We understood that it prevents memory leak. Do you any tool (or) testcase to test this functionality is working fine in our product? Please let us know, if any input available. Regards, Abirami.S
RE: Embedded Tomcat 9.0.33
Thanks Christopher for detailed explanation with testing tools. -Original Message- From: Christopher Schultz Sent: Sunday, March 21, 2021 9:02 AM To: users@tomcat.apache.org Subject: Re: Embedded Tomcat 9.0.33 Abirami, On 3/20/21 11:36, S Abirami wrote: > We have deployed embedded tomcat in RHEL 7 with jdk 1.8. For sweet32 > vulnerability, we have configured jdk.tls.disabled.algorithm to > remove the encryption cipher have 64bit block size. > > I need a clarification whether JDK configuration is enough for > embedded tomcat to avoid sweet32 attack or through IntrospectionUtils > Whether we need to configure the ciphers list. While disabling the bulk encryption at the JVM level is probably the /safest/ thing to do, I would change the cipher suite string that Tomcat uses for TLS handshaking with its TLE-enabled connectors. Why? Because having configuration elsewhere can be confusing and surprising, and confusion and surprise are not friends of security. If you can disable those cipher suites via a , why bother to disable those algorithms at the JVM level? Well, if you have *outgoing* TLS connections and you aren't sure how to configure them properly[1], then this JVM setting will protect you all around. You shouldn't need IntrospectionUtils for anything. > Whether there is any API to find the default list of cpihers active in > Embedded tomcat similar to SSLSocket.getEnabledCipherSuite? It would be easier to run a TLS scanner against your server, like https://www.ssllabs.com/ssltest/ IF you can't reach your server from the internet (or don't want to use another tool to probe your server for whatever reason(, you can use this tool instead: https://protect2.fireeye.com/v1/url?k=b202f84c-ed99c17d-b202b8d7-86e2237f51fb-a4c999e453446754&q=1&e=e05b690a-668d-4b4d-b65d-1ff9c3a21e8d&u=https%3A%2F%2Fgithub.com%2FChristopherSchultz%2Fssltest Hope that helps, -chris [1] Pro tip: learn how to configure ALL your TLS connections properly, then do it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Embedded Tomcat 9.0.33
Hi ALL, We have deployed embedded tomcat in RHEL 7 with jdk 1.8. For sweet32 vulnerability, we have configured jdk.tls.disabled.algorithm to remove the encryption cipher have 64bit block size. I need a clarification whether JDK configuration is enough for embedded tomcat to avoid sweet32 attack or through IntrospectionUtils Whether we need to configure the ciphers list. Whether there is any API to find the default list of cpihers active in Embedded tomcat similar to SSLSocket.getEnabledCipherSuite? Regards, Abirami.S
RE: Embedded and Standalone Tomcat
Thanks Mark Thomas. -Original Message- From: Mark Thomas Sent: Friday, August 21, 2020 4:03 PM To: users@tomcat.apache.org Subject: Re: Embedded and Standalone Tomcat On 21/08/2020 11:27, S Abirami wrote: > Hi All, > > In our application, we used to create embedded tomcat instance by taking a > copy of lib jars from the Deployable Tomcat. > It's working properly. I have noticed that there is some jars in Embed > package > > https://protect2.fireeye.com/v1/url?k=59001efe-07a0fe6a-59005e65-86d21 > 14eab2f-6f1627f578d88cc1&q=1&e=1dc0b8cc-378f-4476-8415-edc9465d29f9&u= > https%3A%2F%2Fmirrors.estointernet.in%2Fapache%2Ftomcat%2Ftomcat-9%2Fv > 9.0.37%2Fbin%2Fembed%2Fapache-tomcat-9.0.37-embed.tar.gz > > Please let me know the difference between the jars in Core archive and Embed > archive. The classes are the same. The embedded option just packages them in fewer JARs. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Embedded and Standalone Tomcat
Hi All, In our application, we used to create embedded tomcat instance by taking a copy of lib jars from the Deployable Tomcat. It's working properly. I have noticed that there is some jars in Embed package https://mirrors.estointernet.in/apache/tomcat/tomcat-9/v9.0.37/bin/embed/apache-tomcat-9.0.37-embed.tar.gz Please let me know the difference between the jars in Core archive and Embed archive. Regards, Abirami.S
RE: SameSite attribute handling
Hi Christopher, I have used setHeader, addCookie for that also it is getting twice Only after, disabling cookie false in context.xml setHeader for cookie is working. I tried option also Regards, Abirami.S -Original Message- From: Christopher Schultz Sent: Thursday, July 2, 2020 11:07 PM To: Tomcat Users List Subject: Re: SameSite attribute handling -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Abirami, On 7/1/20 03:06, S Abirami wrote: > We can add the samesite attribute in set-cookie header through > context.xml entry in tomcat. Is there any other way, can we add > samesite attribute in response of set-cookie header. Not for Tomcat-generated cookies, and not for cookies added to the response like this: response.addCookie(myCookie); This is because the Servlet API hasn't yet caught up with state-of-the-art. You can, however, craft your own Set-Cookie response header like this: response.addHeader("Set-Cookie", "CookieName=value; SameSite=Strict"); Remember that there are rules about the composition of the cookie's name, value, etc. that Tomcat enforces for you that you will have to handel yourself. > I tried with filter by using setHeader but it is sending two > set-Cookie header. Correct: you will have to use *either* setCookie() or setHeader(). - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://protect2.fireeye.com/v1/url?k=e0a38852-be03323c-e0a3c8c9-86b1886cfa64-a04f2de4a687fd81&q=1&e=a3c49822-9bd3-43bd-ab88-cf37edfe243e&u=https%3A%2F%2Fwww.enigmail.net%2F iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7+GyYACgkQHPApP6U8 pFiSqBAAhG9IHJXD4ec6TQD1F2o9CIbRyHSkVYrAl0miT5cz6BkhuqG7uEnpUw66 8m3oe6CCG1syEliyyHM3A7ySXGEYm54otp4A0GRkcK64kd+RwQKKV5JsSp0xFxtG dqKRtPGKJL7sQ+kaa4Qo2KqAa7ntQFTRVhg44Lofj8usiu/az5Kg6y8gSgQ/3I2Y n75PCchaMHsilvSIm3sztR6MpoeRXevv7/93LfI1xzyN6Rg1mE0xivKReQfryMeT sySwz3S1kZgOb3y+xUgSdL0HNSzT+IoKX58UTrMnmnWRS1hnJ30Fu21Nki+ygyZi iikJCYi8Fv2SjkvQh+klgVMsr/QxYvYIBKof0Tf4n8/gU6ABy9ZVUdiTeezATytT Kh5r2C6I+nk9/Osl9s9pHauqzQ/evwjPe/d0eJXkHILam09KB6wqnJ4m3Gq9NcYc S9f5vjTuScncrVn9+GTvr29onrhI8gh7BRTmYehgHaqt7Hl7alLeNV7ccIOjjYOY qqC+qXDydaHUBBgappAnZnHepNPSKn0kjKhi63gsjoBVXnLmgR7mYUWwmvoPb+/t E3T5PL73/cjxBNPk/THao0JI+3UoDlQG4rsZL/wxo7q1ZGzbtrbUrr+7Q7pDBY+y 3YhzVFu68xHkH0Tch3UxFn2qvPXToPHNCzSXDi9Dm5IuGf49UKc= =97wq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SameSite attribute handling
Hi All, We can add the samesite attribute in set-cookie header through context.xml entry in tomcat. Is there any other way, can we add samesite attribute in response of set-cookie header. Context changes reflecting issue in tenable vulnerable. Hence looking for any other way. I tried with filter by using setHeader but it is sending two set-Cookie header. Regards, Abirami.S
RE: context.xml under META-INF was not working
Hi Mark, We don't have concern regarding the restart of tomcat for the changes in context.xml. As our web application is mainly used to launch only the standalone application. I have updated Cookieprocessor entry under the context tag in server.xml specific to the application context path and it is working fine. But, I could see that tenable detects that all other web application also has the SameSite attribute even though I have mentioned only in the specific application context. It is really surprising me . But, contrast ZAP tool reports for other application it doesn't have SameSite attribute. Regards, Abirami.S -Original Message- From: Mark Thomas Sent: Thursday, June 11, 2020 8:19 PM To: Tomcat Users List Subject: RE: context.xml under META-INF was not working On June 11, 2020 2:32:51 PM UTC, S Abirami wrote: >Hi Mark, > >We are using Apache Tomcat 9.0.33. >I am not seeing any exception regarding it. That isn't what I asked. I asked for the log messages . Fortunately, you have provided the information I was looking for below. >In our application the web-application will not be located under the >CATALINA_HOME/webapps location. >We placed in other location and mentioned the path in context tag with >attributes path and docBase in server.xml . It is strongly recommended you don't define Context elements in server.xml as they only way to change them us to restart Tomcat. > Here ,we mentioned the >deployOnStartUp as false. >Hence, I have created META-INF directory under the App_folder and >created the context.xml and MANIFEST.MF files. That won't work. The Context element in server.xml will be used. Either edit the Context in server.xml or, better, move the Context definitions to $CATALINA_BASE/conf/// Mark > >Regarding logs, I could see only the below messages > >WARNING: Match [Server/Service/Engine/Host/Context] failed to set >property [antiJARLocking] to [false] >WARNING: Match [Context/Manager] failed to set property [randomClass] >to [java.security.SecureRandom] >SEVERE: Unknown default host [localhost] for service >[StandardService[Catalina]]. Tomcat will not be able process HTTP/1.0 >requests that do not specify a host name. > > >Regards, >Abirami.S > >-Original Message- >From: Mark Thomas >Sent: Thursday, June 11, 2020 7:27 PM >To: users@tomcat.apache.org >Subject: Re: context.xml under META-INF was not working > >On 11/06/2020 12:46, S Abirami wrote: >> Hi Mark, >> >> The below is the content of the context.xml >> >> > sameSiteCookies="strict"/> > >That looks OK. > >What Tomcat version are you using? > >What do the logs say when the application is deployed? That will tell >you where it is being deployed from which might suggest why that file >isn't taking effect. > >Mark > > >> >> Regards, >> Abirami.S >> -Original Message- >> From: Mark Thomas >> Sent: Thursday, June 11, 2020 5:12 PM >> To: users@tomcat.apache.org >> Subject: Re: context.xml under META-INF was not working >> >> On 11/06/2020 11:42, S Abirami wrote: >>> Hi All, >>> >>> I want to configure SameSite attribute to the specific >web-application. >>> For that, I have updated the context.xml of specific web application > >>> located in /META-INF/context.xml >>> >>> >>> >>> >>> It is not working. Only the changes in global context.xml is >working. Please guide to solve the issue. >> >> What is the full contents of /META-INF/context.xml >> >> Mark >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > >- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: context.xml under META-INF was not working
Hi Mark, We are using Apache Tomcat 9.0.33. I am not seeing any exception regarding it. In our application the web-application will not be located under the CATALINA_HOME/webapps location. We placed in other location and mentioned the path in context tag with attributes path and docBase in server.xml .Here ,we mentioned the deployOnStartUp as false. Hence, I have created META-INF directory under the App_folder and created the context.xml and MANIFEST.MF files. Regarding logs, I could see only the below messages WARNING: Match [Server/Service/Engine/Host/Context] failed to set property [antiJARLocking] to [false] WARNING: Match [Context/Manager] failed to set property [randomClass] to [java.security.SecureRandom] SEVERE: Unknown default host [localhost] for service [StandardService[Catalina]]. Tomcat will not be able process HTTP/1.0 requests that do not specify a host name. Regards, Abirami.S -Original Message- From: Mark Thomas Sent: Thursday, June 11, 2020 7:27 PM To: users@tomcat.apache.org Subject: Re: context.xml under META-INF was not working On 11/06/2020 12:46, S Abirami wrote: > Hi Mark, > > The below is the content of the context.xml > >sameSiteCookies="strict"/> That looks OK. What Tomcat version are you using? What do the logs say when the application is deployed? That will tell you where it is being deployed from which might suggest why that file isn't taking effect. Mark > > Regards, > Abirami.S > -Original Message- > From: Mark Thomas > Sent: Thursday, June 11, 2020 5:12 PM > To: users@tomcat.apache.org > Subject: Re: context.xml under META-INF was not working > > On 11/06/2020 11:42, S Abirami wrote: >> Hi All, >> >> I want to configure SameSite attribute to the specific web-application. >> For that, I have updated the context.xml of specific web application >> located in /META-INF/context.xml >> >> >> >> >> It is not working. Only the changes in global context.xml is working. Please >> guide to solve the issue. > > What is the full contents of /META-INF/context.xml > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: context.xml under META-INF was not working
Hi Mark, The below is the content of the context.xml Regards, Abirami.S -Original Message- From: Mark Thomas Sent: Thursday, June 11, 2020 5:12 PM To: users@tomcat.apache.org Subject: Re: context.xml under META-INF was not working On 11/06/2020 11:42, S Abirami wrote: > Hi All, > > I want to configure SameSite attribute to the specific web-application. > For that, I have updated the context.xml of specific web application located > in /META-INF/context.xml > > > > > It is not working. Only the changes in global context.xml is working. Please > guide to solve the issue. What is the full contents of /META-INF/context.xml Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: context.xml under META-INF was not working
Hi All, I want to configure SameSite attribute to the specific web-application. For that, I have updated the context.xml of specific web application located in /META-INF/context.xml It is not working. Only the changes in global context.xml is working. Please guide to solve the issue. Regards, Abirami.S
RE: Regarding context.xml changes impact other web service not deployed
Hi Mark Thomas, Thanks a lot for the information. Answers for your question In which context.xml file? The global one, the host one or a web application specific one? I have changed in global context.xml which is located in conf/context.xml. Regards, Abirami.S -Original Message- From: Mark Thomas Sent: Tuesday, June 9, 2020 1:50 PM To: users@tomcat.apache.org Subject: Re: Regarding context.xml changes impact other web service not deployed On 09/06/2020 06:59, S Abirami wrote: > Hi Team, > > In our product to address security vulnerability in context.xml, > we have introduced following entry > > In which context.xml file? The global one, the host one or a web application specific one? > After introducing the above line, I noticed few rest service which is not > deployed in that Tomcat also getting impact. I'd guess not a web application specific one the > Deployment Details > > Deployed :RHEL > Tomcat Installation format : tar.gz > > Hence, interested to know about the internal implementation of the context > in Tomcat to understand the impact. Global web.xml provides defaults for all web applications. Host level provides defaults for all web applications in a given host. Web application provides settings for just that web application. Don't add elements to server.xml Settings in more specific files take priority. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Regarding context.xml changes impact other web service not deployed
Hi Luis, Thanks for the information. My question is mainly whether the changes in context.xml will impact the web application, which is not deployed in the Tomcat. From Mark reply, I understood that the changes in context.xml will impact the web application even though it is not deployed in Tomcat. Regards, Abirami.S -Original Message- From: Luis Rodríguez Fernández Sent: Tuesday, June 9, 2020 12:33 PM To: Tomcat Users List Subject: Re: Regarding context.xml changes impact other web service not deployed Hello Abirami, Well, strict does what it promises, so if those third-party rest services were expecting some cookies that now are not being sent by the browser, it is normal that they do not work as expected. Internal implementation: sure! You can always have a look at the code of the different CookieProcessors [1] & [2] Hope it helps, Luis [1] https://protect2.fireeye.com/v1/url?k=05de6036-5b7ea273-05de20ad-86b568293eb5-4944602a8cd168fc&q=1&e=1f87817f-d293-4635-8855-bd59ff97ee4b&u=https%3A%2F%2Fgithub.com%2Fapache%2Ftomcat%2Fblob%2Ff3c9fdd40bdbc3dc22b512596954e2bc6d424d5a%2Fjava%2Forg%2Fapache%2Ftomcat%2Futil%2Fhttp%2FRfc6265CookieProcessor.java [2] https://protect2.fireeye.com/v1/url?k=1f48aa13-41e86856-1f48ea88-86b568293eb5-6b24c935f0126d6d&q=1&e=1f87817f-d293-4635-8855-bd59ff97ee4b&u=https%3A%2F%2Fgithub.com%2Fapache%2Ftomcat%2Fblob%2F623b2c9d0997481f1c5229135fa2f92e24303e47%2Fjava%2Forg%2Fapache%2Ftomcat%2Futil%2Fhttp%2FLegacyCookieProcessor.java El mar., 9 jun. 2020 a las 7:59, S Abirami () escribió: > Hi Team, > > In our product to address security vulnerability in context.xml, > we have introduced following entry > > > > > After introducing the above line, I noticed few rest service which is > not deployed in that Tomcat also getting impact. > > Deployment Details > > Deployed :RHEL > Tomcat Installation format : tar.gz > > Hence, interested to know about the internal implementation of the > context in Tomcat to understand the impact. > > Thanks in advance for the support. > > Regards, > Abirami.S > > > > > > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett
Regarding context.xml changes impact other web service not deployed
Hi Team, In our product to address security vulnerability in context.xml, we have introduced following entry After introducing the above line, I noticed few rest service which is not deployed in that Tomcat also getting impact. Deployment Details Deployed :RHEL Tomcat Installation format : tar.gz Hence, interested to know about the internal implementation of the context in Tomcat to understand the impact. Thanks in advance for the support. Regards, Abirami.S
RE: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11
Hi Thomas, Thanks for your response still now. It helped me lot. As in earlier mail , I have partial reply . Hence sent both user alias and individual to get the response. I hope ,I sent in a wrong time where your mail expose your mood. I will check on the package org.apache.coyote.http2. I hope we have payed support also. I will check on that aspect also. Sorry if my individual mail troubles you. Regards, Abirami.S -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, October 29, 2018 11:37 PM To: users@tomcat.apache.org Subject: Re: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11 Sending a private email to an individual to try and elicit a response is not viewed as acceptable behaviour on this list. Speaking personally, it will not cause me to answer a question any faster. At best, I'll answer when I'm ready. Catch me in a bad mood and I may choose not to answer at all. If you want replies to questions provided in specific timescales, you'll need to find and pay for commercial support. Given that Tomcat is open source, have you considered looking at the source code? Hint: org.apache.coyote.http2 Mark On 29/10/2018 12:36, S Abirami wrote: > Hi Mark, > > Thanks for response . > > Please confirm whether > > Windows_Update has Window Size Increment (31) is configurable in Tomcat. > SETTINGS_MAX_FRAME_SIZE : Whether this param is configurable in Tomcat and > what is the default value. > > Regards, > Abirami.S > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Monday, October 29, 2018 5:53 PM > To: users@tomcat.apache.org > Subject: Re: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : > Tomcat:9.0.11 > > On 29/10/18 06:21, S Abirami wrote: >> Hi Mark Thomas, >> >> Thanks for response. >> >> Need input on the below param >> >> SETTINGS_MAX_FRAME_SIZE : >> Windows_Update has Window Size Increment (31) ,please share the default >> value in Tomcat. > > 16k > >> Please confirm the below of my assumption for the Setting parameter >> and Windows_Update is correct >> >> SETTINGS_MAX_CONCURRENT_STREAMS : We can use " >> maxConcurrentStreamExecution" > > Correct. > >> SETTINGS_MAX_HEADER_LIST_SIZE : maxHeaderSize > > Incorrect. Defaults to unlimited. Not configurable. Note that Tomcat will > apply other limits, not related to the protocol including maxHeaderSize. > >> SETTINGS_INITIAL_WINDOW_SIZE : initialWindowSize > > Correct. > > Mark > > >> >> >> Regards, >> Abirami.S >> -----Original Message- >> From: Mark Thomas [mailto:ma...@apache.org] >> Sent: Saturday, October 27, 2018 11:24 PM >> To: users@tomcat.apache.org >> Subject: Re: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : >> Tomcat:9.0.11 >> >> On 27/10/18 17:27, S Abirami wrote: >>> Hi All, >>> >>> I want your guidance how to set the below Setting Parameters and >>> Wndows_Update using Tomcat. >>> SETTINGS_HEADER_TABLE_SIZE, >> >> Defaults to 4k. Not configurable. >> >>> SETTINGS_ENABLE_PUSH, >> >> Defaults to true. Not configurable. >> >>> SETTINGS_INITIAL_WINDOW_SIZE >> >> See http://tomcat.apache.org/tomcat-9.0-doc/config/http2.html >> >>> etc which is mentioned 6.5.2 section in RFC 7540 >>> >>> Similarly How to set the Windows_Update using Tomcat which is mentioned in >>> the 6.9 section in RFC 7540. >> >> You don't. Tomcat handles that. >> >> Mark >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11
Hi Mark, Thanks for response . Please confirm whether Windows_Update has Window Size Increment (31) is configurable in Tomcat. SETTINGS_MAX_FRAME_SIZE : Whether this param is configurable in Tomcat and what is the default value. Regards, Abirami.S -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, October 29, 2018 5:53 PM To: users@tomcat.apache.org Subject: Re: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11 On 29/10/18 06:21, S Abirami wrote: > Hi Mark Thomas, > > Thanks for response. > > Need input on the below param > > SETTINGS_MAX_FRAME_SIZE : > Windows_Update has Window Size Increment (31) ,please share the default > value in Tomcat. 16k > Please confirm the below of my assumption for the Setting parameter > and Windows_Update is correct > > SETTINGS_MAX_CONCURRENT_STREAMS : We can use " > maxConcurrentStreamExecution" Correct. > SETTINGS_MAX_HEADER_LIST_SIZE : maxHeaderSize Incorrect. Defaults to unlimited. Not configurable. Note that Tomcat will apply other limits, not related to the protocol including maxHeaderSize. > SETTINGS_INITIAL_WINDOW_SIZE : initialWindowSize Correct. Mark > > > Regards, > Abirami.S > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Saturday, October 27, 2018 11:24 PM > To: users@tomcat.apache.org > Subject: Re: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : > Tomcat:9.0.11 > > On 27/10/18 17:27, S Abirami wrote: >> Hi All, >> >> I want your guidance how to set the below Setting Parameters and >> Wndows_Update using Tomcat. >> SETTINGS_HEADER_TABLE_SIZE, > > Defaults to 4k. Not configurable. > >> SETTINGS_ENABLE_PUSH, > > Defaults to true. Not configurable. > >> SETTINGS_INITIAL_WINDOW_SIZE > > See http://tomcat.apache.org/tomcat-9.0-doc/config/http2.html > >> etc which is mentioned 6.5.2 section in RFC 7540 >> >> Similarly How to set the Windows_Update using Tomcat which is mentioned in >> the 6.9 section in RFC 7540. > > You don't. Tomcat handles that. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11
Hi Mark Thomas, Thanks for response. Need input on the below param SETTINGS_MAX_FRAME_SIZE : Windows_Update has Window Size Increment (31) ,please share the default value in Tomcat. Please confirm the below of my assumption for the Setting parameter and Windows_Update is correct SETTINGS_MAX_CONCURRENT_STREAMS : We can use " maxConcurrentStreamExecution" SETTINGS_MAX_HEADER_LIST_SIZE : maxHeaderSize SETTINGS_INITIAL_WINDOW_SIZE : initialWindowSize Regards, Abirami.S -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Saturday, October 27, 2018 11:24 PM To: users@tomcat.apache.org Subject: Re: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11 On 27/10/18 17:27, S Abirami wrote: > Hi All, > > I want your guidance how to set the below Setting Parameters and > Wndows_Update using Tomcat. > SETTINGS_HEADER_TABLE_SIZE, Defaults to 4k. Not configurable. > SETTINGS_ENABLE_PUSH, Defaults to true. Not configurable. > SETTINGS_INITIAL_WINDOW_SIZE See http://tomcat.apache.org/tomcat-9.0-doc/config/http2.html > etc which is mentioned 6.5.2 section in RFC 7540 > > Similarly How to set the Windows_Update using Tomcat which is mentioned in > the 6.9 section in RFC 7540. You don't. Tomcat handles that. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11
Hi All, I want your guidance how to set the below Setting Parameters and Wndows_Update using Tomcat. SETTINGS_HEADER_TABLE_SIZE, SETTINGS_ENABLE_PUSH, SETTINGS_INITIAL_WINDOW_SIZE etc which is mentioned 6.5.2 section in RFC 7540 Similarly How to set the Windows_Update using Tomcat which is mentioned in the 6.9 section in RFC 7540. We are using jdk 1.8u181 for java. Please help me here. Regards, Abirami.S - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Embedded Tomcat 9.0.11 : Already port in use
Hi All, I have checked the port is not in use before allocating to the connector and started the tomcat. During start , it's mentioning that Port already in use. It is going and binding to the Application Server where this app is deployed. SERVER -- > Ran Embedded tomcat server in that SERVER App. Please help me here. Regards, Abirami.S
RE: Encrypt Keystore password in server.xml 8.0.45
Hi Mark, I followed the below steps as you stated https://wiki.apache.org/tomcat/FAQ/Password still getting the same exception in log. Here also property ${keystore.password} decrypted successfully from encrypted password saved in catalina.properties. but it is giving the same exception and server not started .I have attached the exception for your consideration connector tag as below Setenv.sh Export CATALINA_OPTS=-Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=< CLASS_NAME which implements IntrospectionUtils.PropertySource > Catalina.properties Keystore.password= Please share your input. Regards, Abirami.S -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, September 11, 2017 4:03 PM To: Tomcat Users List Subject: Re: Encrypt Keystore password in server.xml 8.0.45 On 11/09/17 10:11, S Abirami wrote: > > Hi All, > > I have to encrypt keystore password in server.xml. https://wiki.apache.org/tomcat/FAQ/Password Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Sep 11, 2017 7:34:28 PM org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[HTTP/1.1-2309]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-2309]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:581) at org.apache.catalina.startup.Catalina.load(Catalina.java:604) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:962) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... 12 more java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:353) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:606) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:370) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:810) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:476) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120) at org.apache.catalina.connector.Connector.initInternal(Connector.java:960) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:581) at org.apache.catalina.startup.Catalina.load(Catalina.java:604) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.ja
RE: Encrypt Keystore password in server.xml 8.0.45
Hi Thomas, I have encrypted the keystore password using openssl and hardcoded in server.xml. For decrypting , Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and mentioned as below in server.xml mailto:ma...@apache.org] Sent: Monday, September 11, 2017 4:03 PM To: Tomcat Users List Subject: Re: Encrypt Keystore password in server.xml 8.0.45 On 11/09/17 10:11, S Abirami wrote: > > Hi All, > > I have to encrypt keystore password in server.xml. https://wiki.apache.org/tomcat/FAQ/Password Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Encrypt Keystore password in server.xml 8.0.45
Hi All, I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeyStorePass .I could see the encryption happened successfully. But I am getting following error and server is not opening @Override public void setKeystorePass(String s) { try{ System.out.println( "This method called" + s ); byte[] encrypted = s.getBytes(); byte[] data = OpenSSL.decrypt( "aes-256-cbc", key, encrypted ); super.setKeystorePass( new String( data, "UTF-8" ) ); super.endpoint.setKeystorePass( new String( data, "UTF-8" ) ); } Please share your input Sep 11, 2017 10:51:16 AM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio2-2309"] java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:353) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:606) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:313) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:810) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:476) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120) at org.apache.catalina.connector.Connector.initInternal(Connector.java:960) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:581) at org.apache.catalina.startup.Catalina.load(Catalina.java:604) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484) Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ... 26 more Sep 11, 2017 10:51:16 AM org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Encrypt Keystore password in server.xml 8.0.45
Hi All, I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeyStorePass .I could see the encryption happened successfully. But I am getting following error and server is not opening @Override public void setKeystorePass(String s) { try{ System.out.println( "This method called" + s ); byte[] encrypted = s.getBytes(); byte[] data = OpenSSL.decrypt( "aes-256-cbc", key, encrypted ); super.setKeystorePass( new String( data, "UTF-8" ) ); super.endpoint.setKeystorePass( new String( data, "UTF-8" ) ); } Please share your input Sep 11, 2017 10:51:16 AM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio2-2309"] java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:353) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:606) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:313) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:810) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:476) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120) at org.apache.catalina.connector.Connector.initInternal(Connector.java:960) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:581) at org.apache.catalina.startup.Catalina.load(Catalina.java:604) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484) Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ... 26 more Sep 11, 2017 10:51:16 AM org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Encrypt Keystore password in server.xml 8.0.45
Hi All, I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeyStorePass .I could see the encryption happened successfully. But I am getting following error and server is not opening @Override public void setKeystorePass(String s) { try{ System.out.println( "This method called" + s ); byte[] encrypted = s.getBytes(); byte[] data = OpenSSL.decrypt( "aes-256-cbc", key, encrypted ); super.setKeystorePass( new String( data, "UTF-8" ) ); super.endpoint.setKeystorePass( new String( data, "UTF-8" ) ); } Please share your input Sep 11, 2017 10:51:16 AM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio2-2309"] java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:353) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:606) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:313) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:810) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:476) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120) at org.apache.catalina.connector.Connector.initInternal(Connector.java:960) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:581) at org.apache.catalina.startup.Catalina.load(Catalina.java:604) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484) Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ... 26 more Sep 11, 2017 10:51:16 AM org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Encrypt Keystore password in server.xml
Hi All, I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeyStorePass .I could see the encryption happened successfully. But I am getting following error and server is not opening @Override public void setKeystorePass(String s) { try{ System.out.println( "This method called" + s ); byte[] encrypted = s.getBytes(); byte[] data = OpenSSL.decrypt( "aes-256-cbc", key, encrypted ); super.setKeystorePass( new String( data, "UTF-8" ) ); super.endpoint.setKeystorePass( new String( data, "UTF-8" ) ); } Please share your input Sep 11, 2017 10:51:16 AM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio2-2309"] java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:353) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:606) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:313) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:810) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:476) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120) at org.apache.catalina.connector.Connector.initInternal(Connector.java:960) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:581) at org.apache.catalina.startup.Catalina.load(Catalina.java:604) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484) Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ... 26 more Sep 11, 2017 10:51:16 AM org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x
Hi Thomas, Thanks for the response. It worked for me. Regards, Abirami.S -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, August 04, 2017 3:30 PM To: users >> Tomcat Users List Subject: Re: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x On 04/08/17 10:49, S Abirami wrote: > but the method call of = Tomcat.addwebapp(contextpath,docpath); itself > triggering this exception. > So whatever I need to do before addwebapp. From the Javadoc: This is equivalent to adding a web application to Tomcat's webapps directory. The equivalent of the default web.xml will be applied to the web application and any WEB-INF/web.xml and META-INF/context.xml packaged with the application will be processed normally. Normal web fragment and javax.servlet.ServletContainerInitializer processing will be applied. It looks like you either want: To specify more config in META-INF/context.xml which is exactly what you'd do if running on a standard Tomact instance or use: addWebapp(Host, String, String, LifecycleListener) which will give you more control over the configuration because you can provide the LifecycleListener or you want one of the addContext() methods which won't do anything automatically and requires you to set everything programmatically. Mark > > Regards, > Abirami.S > -----Original Message- > From: S Abirami > Sent: Friday, August 04, 2017 3:08 PM > To: Tomcat Users List > Subject: RE: Embedded Tomcat throws FileNotFoundException for > TldScanner upgrade from 8.0.x to 8.0.x > > Hi > > I tried that also .Still it's giving the same error msg. Please help me to > solve the issue. > > Regards, > Abirami.S > > -Original Message- > From: M. Manna [mailto:manme...@gmail.com] > Sent: Friday, August 04, 2017 2:24 PM > To: Tomcat Users List > Subject: Re: Embedded Tomcat throws FileNotFoundException for > TldScanner upgrade from 8.0.x to 8.0.x > > So if you don't want to scan jar, do you still need that Jar scanner in the > context? All you have done in the code above, is disabled the jar scanner. > > Do you want to try without adding the jarscanner to the context? Or > try the > following: > > JarScanner jsc = new JarScanner() { > public void scan(ServletContext arg0, ClassLoader arg1, > JarScannerCallback arg2, Set arg3) { > // DUMMY NOTHING > } > }; > context.setJarScanner(jsc); > > > On 4 August 2017 at 09:35, S Abirami wrote: > >> Hi , >> >> It is contextPath is a String which used to mention my Webapp location. >> Also I don’t want to scan any jar files. >> I want to disable Jarscanner. >> >> Regards, >> Abirami.S >> >> -Original Message- >> From: M. Manna [mailto:manme...@gmail.com] >> Sent: Friday, August 04, 2017 1:26 PM >> To: Tomcat Users List >> Subject: Re: Embedded Tomcat throws FileNotFoundException for >> TldScanner upgrade from 8.0.x to 8.0.x >> >> Okay, where are you getting your contextPath from? The code you >> posted is >> below: >> >> >> 3)Context context= Tomcat.addwebapp(contextpath,docpath); >> StandardJarScanner scanner=new StandardJarScanner(); >> scanner.setScanClassPath( false ); scanner.setScanManifest( false ); >> context.setJarScanner(scanner); >> >> Also, setScanClassPath(false) you sure this is should not be "true"? >> bootstrap scanner is set to "False" by default so I'm not sure if >> this is supposed to work properly. >> >> https://tomcat.apache.org/tomcat-8.0-doc/config/jar-scanner.html >> >> Please update. >> >> Regards, >> >> On 4 August 2017 at 08:50, S Abirami wrote: >> >>> Hi, >>> >>> I am trying to create EmbeddedTomcat so no context.xml created. >>> Tomcat t=new Tomcat(); >>> Everything through object creation. >>> >>> Regards, >>> Abirami.S >>> >>> -Original Message- >>> From: M. Manna [mailto:manme...@gmail.com] >>> Sent: Friday, August 04, 2017 1:18 PM >>> To: Tomcat Users List >>> Subject: Re: Embedded Tomcat throws FileNotFoundException for >>> TldScanner upgrade from 8.0.x to 8.0.x >>> >>> Hi, >>> >>> What is in your context.xml file? You can find it in conf directory. >>> >>> Regards, >>> >>> On 4 August 2017 at 08:43, S Abirami wrote: >>> >>>> Hi , >>>> >>>> I am using Embedded tomcat to create webap
RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x
HI Thomas, Thanks for the response. It worked for me. Regards, Abirami.S -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, August 04, 2017 3:30 PM To: users >> Tomcat Users List Subject: Re: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x On 04/08/17 10:49, S Abirami wrote: > but the method call of = Tomcat.addwebapp(contextpath,docpath); itself > triggering this exception. > So whatever I need to do before addwebapp. From the Javadoc: This is equivalent to adding a web application to Tomcat's webapps directory. The equivalent of the default web.xml will be applied to the web application and any WEB-INF/web.xml and META-INF/context.xml packaged with the application will be processed normally. Normal web fragment and javax.servlet.ServletContainerInitializer processing will be applied. It looks like you either want: To specify more config in META-INF/context.xml which is exactly what you'd do if running on a standard Tomact instance or use: addWebapp(Host, String, String, LifecycleListener) which will give you more control over the configuration because you can provide the LifecycleListener or you want one of the addContext() methods which won't do anything automatically and requires you to set everything programmatically. Mark > > Regards, > Abirami.S > -----Original Message- > From: S Abirami > Sent: Friday, August 04, 2017 3:08 PM > To: Tomcat Users List > Subject: RE: Embedded Tomcat throws FileNotFoundException for > TldScanner upgrade from 8.0.x to 8.0.x > > Hi > > I tried that also .Still it's giving the same error msg. Please help me to > solve the issue. > > Regards, > Abirami.S > > -Original Message- > From: M. Manna [mailto:manme...@gmail.com] > Sent: Friday, August 04, 2017 2:24 PM > To: Tomcat Users List > Subject: Re: Embedded Tomcat throws FileNotFoundException for > TldScanner upgrade from 8.0.x to 8.0.x > > So if you don't want to scan jar, do you still need that Jar scanner in the > context? All you have done in the code above, is disabled the jar scanner. > > Do you want to try without adding the jarscanner to the context? Or > try the > following: > > JarScanner jsc = new JarScanner() { > public void scan(ServletContext arg0, ClassLoader arg1, > JarScannerCallback arg2, Set arg3) { > // DUMMY NOTHING > } > }; > context.setJarScanner(jsc); > > > On 4 August 2017 at 09:35, S Abirami wrote: > >> Hi , >> >> It is contextPath is a String which used to mention my Webapp location. >> Also I don’t want to scan any jar files. >> I want to disable Jarscanner. >> >> Regards, >> Abirami.S >> >> -Original Message- >> From: M. Manna [mailto:manme...@gmail.com] >> Sent: Friday, August 04, 2017 1:26 PM >> To: Tomcat Users List >> Subject: Re: Embedded Tomcat throws FileNotFoundException for >> TldScanner upgrade from 8.0.x to 8.0.x >> >> Okay, where are you getting your contextPath from? The code you >> posted is >> below: >> >> >> 3)Context context= Tomcat.addwebapp(contextpath,docpath); >> StandardJarScanner scanner=new StandardJarScanner(); >> scanner.setScanClassPath( false ); scanner.setScanManifest( false ); >> context.setJarScanner(scanner); >> >> Also, setScanClassPath(false) you sure this is should not be "true"? >> bootstrap scanner is set to "False" by default so I'm not sure if >> this is supposed to work properly. >> >> https://tomcat.apache.org/tomcat-8.0-doc/config/jar-scanner.html >> >> Please update. >> >> Regards, >> >> On 4 August 2017 at 08:50, S Abirami wrote: >> >>> Hi, >>> >>> I am trying to create EmbeddedTomcat so no context.xml created. >>> Tomcat t=new Tomcat(); >>> Everything through object creation. >>> >>> Regards, >>> Abirami.S >>> >>> -Original Message- >>> From: M. Manna [mailto:manme...@gmail.com] >>> Sent: Friday, August 04, 2017 1:18 PM >>> To: Tomcat Users List >>> Subject: Re: Embedded Tomcat throws FileNotFoundException for >>> TldScanner upgrade from 8.0.x to 8.0.x >>> >>> Hi, >>> >>> What is in your context.xml file? You can find it in conf directory. >>> >>> Regards, >>> >>> On 4 August 2017 at 08:43, S Abirami wrote: >>> >>>> Hi , >>>> >>>> I am using Embedded tomcat to create webap
RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x
Hi , To be more clear Context context= Tomcat.addwebapp(contextpath,docpath); JarScanner jsc = new JarScanner() { public void scan(ServletContext arg0, ClassLoader arg1, JarScannerCallback arg2, Set arg3) { // DUMMY NOTHING } }; context.setJarScanner(jsc); but the method call of = Tomcat.addwebapp(contextpath,docpath); itself triggering this exception. So whatever I need to do before addwebapp. Regards, Abirami.S -Original Message- From: S Abirami Sent: Friday, August 04, 2017 3:08 PM To: Tomcat Users List Subject: RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x Hi I tried that also .Still it's giving the same error msg. Please help me to solve the issue. Regards, Abirami.S -Original Message- From: M. Manna [mailto:manme...@gmail.com] Sent: Friday, August 04, 2017 2:24 PM To: Tomcat Users List Subject: Re: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x So if you don't want to scan jar, do you still need that Jar scanner in the context? All you have done in the code above, is disabled the jar scanner. Do you want to try without adding the jarscanner to the context? Or try the following: JarScanner jsc = new JarScanner() { public void scan(ServletContext arg0, ClassLoader arg1, JarScannerCallback arg2, Set arg3) { // DUMMY NOTHING } }; context.setJarScanner(jsc); On 4 August 2017 at 09:35, S Abirami wrote: > Hi , > > It is contextPath is a String which used to mention my Webapp location. > Also I don’t want to scan any jar files. > I want to disable Jarscanner. > > Regards, > Abirami.S > > -Original Message- > From: M. Manna [mailto:manme...@gmail.com] > Sent: Friday, August 04, 2017 1:26 PM > To: Tomcat Users List > Subject: Re: Embedded Tomcat throws FileNotFoundException for > TldScanner upgrade from 8.0.x to 8.0.x > > Okay, where are you getting your contextPath from? The code you posted > is > below: > > > 3)Context context= Tomcat.addwebapp(contextpath,docpath); > StandardJarScanner scanner=new StandardJarScanner(); > scanner.setScanClassPath( false ); scanner.setScanManifest( false ); > context.setJarScanner(scanner); > > Also, setScanClassPath(false) you sure this is should not be "true"? > bootstrap scanner is set to "False" by default so I'm not sure if this > is supposed to work properly. > > https://tomcat.apache.org/tomcat-8.0-doc/config/jar-scanner.html > > Please update. > > Regards, > > On 4 August 2017 at 08:50, S Abirami wrote: > > > Hi, > > > > I am trying to create EmbeddedTomcat so no context.xml created. > > Tomcat t=new Tomcat(); > > Everything through object creation. > > > > Regards, > > Abirami.S > > > > -Original Message- > > From: M. Manna [mailto:manme...@gmail.com] > > Sent: Friday, August 04, 2017 1:18 PM > > To: Tomcat Users List > > Subject: Re: Embedded Tomcat throws FileNotFoundException for > > TldScanner upgrade from 8.0.x to 8.0.x > > > > Hi, > > > > What is in your context.xml file? You can find it in conf directory. > > > > Regards, > > > > On 4 August 2017 at 08:43, S Abirami wrote: > > > > > Hi , > > > > > > I am using Embedded tomcat to create webapp. when I am > > > trying to add web app it is throwing the following exception but > > > Server started successfully. > > > However,I need to eradicate this exception from the log. > > > > > > java.io.FileNotFoundException: /var/lib/jide-grids.jar (No such > > > file or > > > directory) > > > at java.util.zip.ZipFile.open(Native Method) > > > at java.util.zip.ZipFile.(ZipFile.java:219) > > > at java.util.zip.ZipFile.(ZipFile.java:149) > > > at java.util.jar.JarFile.(JarFile.java:166) > > > at java.util.jar.JarFile.(JarFile.java:130) > > > at org.apache.tomcat.util.scan.JarFileUrlJar.( > > > JarFileUrlJar.java:60) > > > at org.apache.tomcat.util.scan.JarFactory.newInstance( > > > JarFactory.java:49) > > > at org.apache.tomcat.util.scan.StandardJarScanner.process( > > > StandardJarScanner.java:334) > > > at org.apache.tomcat.util.scan.StandardJarScanner.scan( > > > StandardJarScanner.java:284) > > > at org.apache.jasper.servlet.TldScanner.scanJars( > > > TldScanner.java:262) > > > at org.apache.jasper.servlet.TldScanner.scan(TldScanner. > > java:106) > > > at org.apache.jasp
RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x
Hi I tried that also .Still it's giving the same error msg. Please help me to solve the issue. Regards, Abirami.S -Original Message- From: M. Manna [mailto:manme...@gmail.com] Sent: Friday, August 04, 2017 2:24 PM To: Tomcat Users List Subject: Re: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x So if you don't want to scan jar, do you still need that Jar scanner in the context? All you have done in the code above, is disabled the jar scanner. Do you want to try without adding the jarscanner to the context? Or try the following: JarScanner jsc = new JarScanner() { public void scan(ServletContext arg0, ClassLoader arg1, JarScannerCallback arg2, Set arg3) { // DUMMY NOTHING } }; context.setJarScanner(jsc); On 4 August 2017 at 09:35, S Abirami wrote: > Hi , > > It is contextPath is a String which used to mention my Webapp location. > Also I don’t want to scan any jar files. > I want to disable Jarscanner. > > Regards, > Abirami.S > > -Original Message- > From: M. Manna [mailto:manme...@gmail.com] > Sent: Friday, August 04, 2017 1:26 PM > To: Tomcat Users List > Subject: Re: Embedded Tomcat throws FileNotFoundException for > TldScanner upgrade from 8.0.x to 8.0.x > > Okay, where are you getting your contextPath from? The code you posted > is > below: > > > 3)Context context= Tomcat.addwebapp(contextpath,docpath); > StandardJarScanner scanner=new StandardJarScanner(); > scanner.setScanClassPath( false ); scanner.setScanManifest( false ); > context.setJarScanner(scanner); > > Also, setScanClassPath(false) you sure this is should not be "true"? > bootstrap scanner is set to "False" by default so I'm not sure if this > is supposed to work properly. > > https://tomcat.apache.org/tomcat-8.0-doc/config/jar-scanner.html > > Please update. > > Regards, > > On 4 August 2017 at 08:50, S Abirami wrote: > > > Hi, > > > > I am trying to create EmbeddedTomcat so no context.xml created. > > Tomcat t=new Tomcat(); > > Everything through object creation. > > > > Regards, > > Abirami.S > > > > -Original Message- > > From: M. Manna [mailto:manme...@gmail.com] > > Sent: Friday, August 04, 2017 1:18 PM > > To: Tomcat Users List > > Subject: Re: Embedded Tomcat throws FileNotFoundException for > > TldScanner upgrade from 8.0.x to 8.0.x > > > > Hi, > > > > What is in your context.xml file? You can find it in conf directory. > > > > Regards, > > > > On 4 August 2017 at 08:43, S Abirami wrote: > > > > > Hi , > > > > > > I am using Embedded tomcat to create webapp. when I am > > > trying to add web app it is throwing the following exception but > > > Server started successfully. > > > However,I need to eradicate this exception from the log. > > > > > > java.io.FileNotFoundException: /var/lib/jide-grids.jar (No such > > > file or > > > directory) > > > at java.util.zip.ZipFile.open(Native Method) > > > at java.util.zip.ZipFile.(ZipFile.java:219) > > > at java.util.zip.ZipFile.(ZipFile.java:149) > > > at java.util.jar.JarFile.(JarFile.java:166) > > > at java.util.jar.JarFile.(JarFile.java:130) > > > at org.apache.tomcat.util.scan.JarFileUrlJar.( > > > JarFileUrlJar.java:60) > > > at org.apache.tomcat.util.scan.JarFactory.newInstance( > > > JarFactory.java:49) > > > at org.apache.tomcat.util.scan.StandardJarScanner.process( > > > StandardJarScanner.java:334) > > > at org.apache.tomcat.util.scan.StandardJarScanner.scan( > > > StandardJarScanner.java:284) > > > at org.apache.jasper.servlet.TldScanner.scanJars( > > > TldScanner.java:262) > > > at org.apache.jasper.servlet.TldScanner.scan(TldScanner. > > java:106) > > > at org.apache.jasper.servlet.JasperInitializer.onStartup( > > > JasperInitializer.java:101) > > > at org.apache.catalina.core.StandardContext.startInternal( > > > StandardContext.java:5303) > > > at org.apache.catalina.util.LifecycleBase.start( > > > LifecycleBase.java:145) > > > at > > > org.apache.catalina.core.ContainerBase.addChildInternal( > > > ContainerBase.java:753) > > > at org.apache.catalina.core.ContainerBase.addChild( > > > ContainerBase.java:729) > > > at org.apache.catalina.core.StandardHost.addChi
RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x
Hi , It is contextPath is a String which used to mention my Webapp location. Also I don’t want to scan any jar files. I want to disable Jarscanner. Regards, Abirami.S -Original Message- From: M. Manna [mailto:manme...@gmail.com] Sent: Friday, August 04, 2017 1:26 PM To: Tomcat Users List Subject: Re: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x Okay, where are you getting your contextPath from? The code you posted is below: 3)Context context= Tomcat.addwebapp(contextpath,docpath); StandardJarScanner scanner=new StandardJarScanner(); scanner.setScanClassPath( false ); scanner.setScanManifest( false ); context.setJarScanner(scanner); Also, setScanClassPath(false) you sure this is should not be "true"? bootstrap scanner is set to "False" by default so I'm not sure if this is supposed to work properly. https://tomcat.apache.org/tomcat-8.0-doc/config/jar-scanner.html Please update. Regards, On 4 August 2017 at 08:50, S Abirami wrote: > Hi, > > I am trying to create EmbeddedTomcat so no context.xml created. > Tomcat t=new Tomcat(); > Everything through object creation. > > Regards, > Abirami.S > > -Original Message- > From: M. Manna [mailto:manme...@gmail.com] > Sent: Friday, August 04, 2017 1:18 PM > To: Tomcat Users List > Subject: Re: Embedded Tomcat throws FileNotFoundException for > TldScanner upgrade from 8.0.x to 8.0.x > > Hi, > > What is in your context.xml file? You can find it in conf directory. > > Regards, > > On 4 August 2017 at 08:43, S Abirami wrote: > > > Hi , > > > > I am using Embedded tomcat to create webapp. when I am trying > > to add web app it is throwing the following exception but Server > > started successfully. > > However,I need to eradicate this exception from the log. > > > > java.io.FileNotFoundException: /var/lib/jide-grids.jar (No such file > > or > > directory) > > at java.util.zip.ZipFile.open(Native Method) > > at java.util.zip.ZipFile.(ZipFile.java:219) > > at java.util.zip.ZipFile.(ZipFile.java:149) > > at java.util.jar.JarFile.(JarFile.java:166) > > at java.util.jar.JarFile.(JarFile.java:130) > > at org.apache.tomcat.util.scan.JarFileUrlJar.( > > JarFileUrlJar.java:60) > > at org.apache.tomcat.util.scan.JarFactory.newInstance( > > JarFactory.java:49) > > at org.apache.tomcat.util.scan.StandardJarScanner.process( > > StandardJarScanner.java:334) > > at org.apache.tomcat.util.scan.StandardJarScanner.scan( > > StandardJarScanner.java:284) > > at org.apache.jasper.servlet.TldScanner.scanJars( > > TldScanner.java:262) > > at org.apache.jasper.servlet.TldScanner.scan(TldScanner. > java:106) > > at org.apache.jasper.servlet.JasperInitializer.onStartup( > > JasperInitializer.java:101) > > at org.apache.catalina.core.StandardContext.startInternal( > > StandardContext.java:5303) > > at org.apache.catalina.util.LifecycleBase.start( > > LifecycleBase.java:145) > > at org.apache.catalina.core.ContainerBase.addChildInternal( > > ContainerBase.java:753) > > at org.apache.catalina.core.ContainerBase.addChild( > > ContainerBase.java:729) > > at org.apache.catalina.core.StandardHost.addChild( > > StandardHost.java:717) > > > > > > The above exception I am getting nearly for 10 jars in that some of > > the jars already have with version in name (Eg: jide-grids-3.3.jar) > > I tried to disable the scan by following steps but none worked out. > > > > 1)tomcat.util.scan.StandardJarScanFilter.jarsToSkip = sonic_*.jarin > > conf/exclusion.list > > > > 2) ContextConfig contextConfig = new ContextConfig() { > > private boolean invoked = false; > > > > @Override > > public void lifecycleEvent(LifecycleEvent event) { > > if (!invoked) { > > StandardJarScanner scanner = new > StandardJarScanner(); > > scanner.setScanClassPath(false); > > scanner.setScanManifest(false); > > ((Context) event.getLifecycle()). > > setJarScanner(scanner); > > invoked = true; > > } > > super.lifecycleEvent(event); > > } > > }; > > Tomcat.getServer().addLifecycleListener(contextconfig); > > Tomcat.addwebapp(contextpath,docpath) > > > > 3)Context context= Tomcat.addwebapp(contextpath,docpath); > > StandardJarScanner scanner=new StandardJarScanner(); > > scanner.setScanClassPath( false ); scanner.setScanManifest( false ); > > context.setJarScanner(scanner); > > > > > > Please help me here to resolve the problem. > > > > Regards, > > Abirami.S > > >
RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x
Hi, I am trying to create EmbeddedTomcat so no context.xml created. Tomcat t=new Tomcat(); Everything through object creation. Regards, Abirami.S -Original Message- From: M. Manna [mailto:manme...@gmail.com] Sent: Friday, August 04, 2017 1:18 PM To: Tomcat Users List Subject: Re: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x Hi, What is in your context.xml file? You can find it in conf directory. Regards, On 4 August 2017 at 08:43, S Abirami wrote: > Hi , > > I am using Embedded tomcat to create webapp. when I am trying to > add web app it is throwing the following exception but Server started > successfully. > However,I need to eradicate this exception from the log. > > java.io.FileNotFoundException: /var/lib/jide-grids.jar (No such file > or > directory) > at java.util.zip.ZipFile.open(Native Method) > at java.util.zip.ZipFile.(ZipFile.java:219) > at java.util.zip.ZipFile.(ZipFile.java:149) > at java.util.jar.JarFile.(JarFile.java:166) > at java.util.jar.JarFile.(JarFile.java:130) > at org.apache.tomcat.util.scan.JarFileUrlJar.( > JarFileUrlJar.java:60) > at org.apache.tomcat.util.scan.JarFactory.newInstance( > JarFactory.java:49) > at org.apache.tomcat.util.scan.StandardJarScanner.process( > StandardJarScanner.java:334) > at org.apache.tomcat.util.scan.StandardJarScanner.scan( > StandardJarScanner.java:284) > at org.apache.jasper.servlet.TldScanner.scanJars( > TldScanner.java:262) > at org.apache.jasper.servlet.TldScanner.scan(TldScanner.java:106) > at org.apache.jasper.servlet.JasperInitializer.onStartup( > JasperInitializer.java:101) > at org.apache.catalina.core.StandardContext.startInternal( > StandardContext.java:5303) > at org.apache.catalina.util.LifecycleBase.start( > LifecycleBase.java:145) > at org.apache.catalina.core.ContainerBase.addChildInternal( > ContainerBase.java:753) > at org.apache.catalina.core.ContainerBase.addChild( > ContainerBase.java:729) > at org.apache.catalina.core.StandardHost.addChild( > StandardHost.java:717) > > > The above exception I am getting nearly for 10 jars in that some of > the jars already have with version in name (Eg: jide-grids-3.3.jar) I > tried to disable the scan by following steps but none worked out. > > 1)tomcat.util.scan.StandardJarScanFilter.jarsToSkip = sonic_*.jarin > conf/exclusion.list > > 2) ContextConfig contextConfig = new ContextConfig() { > private boolean invoked = false; > > @Override > public void lifecycleEvent(LifecycleEvent event) { > if (!invoked) { > StandardJarScanner scanner = new StandardJarScanner(); > scanner.setScanClassPath(false); > scanner.setScanManifest(false); > ((Context) event.getLifecycle()). > setJarScanner(scanner); > invoked = true; > } > super.lifecycleEvent(event); > } > }; > Tomcat.getServer().addLifecycleListener(contextconfig); > Tomcat.addwebapp(contextpath,docpath) > > 3)Context context= Tomcat.addwebapp(contextpath,docpath); > StandardJarScanner scanner=new StandardJarScanner(); > scanner.setScanClassPath( false ); scanner.setScanManifest( false ); > context.setJarScanner(scanner); > > > Please help me here to resolve the problem. > > Regards, > Abirami.S >
Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x
Hi , I am using Embedded tomcat to create webapp. when I am trying to add web app it is throwing the following exception but Server started successfully. However,I need to eradicate this exception from the log. java.io.FileNotFoundException: /var/lib/jide-grids.jar (No such file or directory) at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.(ZipFile.java:219) at java.util.zip.ZipFile.(ZipFile.java:149) at java.util.jar.JarFile.(JarFile.java:166) at java.util.jar.JarFile.(JarFile.java:130) at org.apache.tomcat.util.scan.JarFileUrlJar.(JarFileUrlJar.java:60) at org.apache.tomcat.util.scan.JarFactory.newInstance(JarFactory.java:49) at org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:334) at org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:284) at org.apache.jasper.servlet.TldScanner.scanJars(TldScanner.java:262) at org.apache.jasper.servlet.TldScanner.scan(TldScanner.java:106) at org.apache.jasper.servlet.JasperInitializer.onStartup(JasperInitializer.java:101) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5303) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:729) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) The above exception I am getting nearly for 10 jars in that some of the jars already have with version in name (Eg: jide-grids-3.3.jar) I tried to disable the scan by following steps but none worked out. 1)tomcat.util.scan.StandardJarScanFilter.jarsToSkip = sonic_*.jarin conf/exclusion.list 2) ContextConfig contextConfig = new ContextConfig() { private boolean invoked = false; @Override public void lifecycleEvent(LifecycleEvent event) { if (!invoked) { StandardJarScanner scanner = new StandardJarScanner(); scanner.setScanClassPath(false); scanner.setScanManifest(false); ((Context) event.getLifecycle()).setJarScanner(scanner); invoked = true; } super.lifecycleEvent(event); } }; Tomcat.getServer().addLifecycleListener(contextconfig); Tomcat.addwebapp(contextpath,docpath) 3)Context context= Tomcat.addwebapp(contextpath,docpath); StandardJarScanner scanner=new StandardJarScanner(); scanner.setScanClassPath( false ); scanner.setScanManifest( false ); context.setJarScanner(scanner); Please help me here to resolve the problem. Regards, Abirami.S