Manager save text command bug giving path parameter
Hello, following https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html#Save_Configuration documentation, calling save with path parameter is failing giving following error: *FAIL - Encountered exception [javax.management.MBeanException: Cannot find operation store] * looking at Manager source code when path parameter is given org.apache.catalina.manager.ManagerServlet.save(PrintWriter, String, StringManager) is wrongly calling *store *operation with *java.lang.String* argument on JMX MBean *Catalina:type=StoreConfig * There is no such method in this MBean which is implemented in *org.apache.catalina.storeconfig.StoreConfig*, the argument *org.apache.catalina.Context *should be called instead (confirmed by the fact that in source code the given argument is not a java.lang.String but a org.apache.catalina.Context) I think even fixing ManagerServlet, it will probably still fail as it seems there is a typo in *org/apache/catalina/storeconfig/mbeans-descriptors.xml * ** /// // // // / Type is supposed to be /org.apache.catalina.*C*ontext /I guess (wrong case for type) Arnaud //
invoke jmxproxy servlet using argument with a , is not a possible
Hello I am trying to invoke a mbean through jmxproxy servlet. Arguments are separated with , so when one argument itself is containing a coma, it breaks the invocation. It seems there is no way to escape ,. For example trying to save a context configuration fails : curl -u user:pass -G "http://localhost:8080/manager/jmxproxy/; --data-urlencode "invoke=Catalina:type=StoreConfig" --data-urlencode "op=storeContext" --data-urlencode "ps=Catalina:j2eeType=WebModule,name=//localhost/myContext,J2EEApplication=none,J2EEServer=none,true,true" of course it works from jconsole. (By the way as an alternative I tried curl -u user:pass http://localhost:8080/manager/text/save?path=/myContext but it fails with FAIL - Encountered exception [javax.management.MBeanException: Cannot find operation store] ) Arnaud - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Some attribute lost after calling storeConfig
Thanks for you reply, shall I fill a bug for this ? On 12/02/2020 16:43, Rémy Maucherat wrote: On Wed, Feb 12, 2020 at 3:05 PM Arnaud Yahoo wrote: Hello, Recently storeConfig has been fixed thanks to https://github.com/apache/tomcat/commit/010fdb7e458d9d8755e2b67203ac4757d78c2f64 It is very interesting, because it allows to persist across restart configurations made to tomcat itself and deployed webapp through JMX. In my case after saving a configuration to my webapp I lost my cacheMaxSize customization. I had in my context xml file this: and after calling storeConfig It has been changed to this so cacheMaxSize has been reverted to default value. I understand it is because in /org/apache/catalina/storeconfig/server-registry.xml / / /// //allowLinking// //cachingAllowed// //cacheTtl// //cacheMaxSize// //cacheObjectMaxSize// //cached// //caseSensitive// //domain// // / cacheMaxSize is declared as Transient so not saved in updated context xml file. Is it something expected ? or can it be considered as a bug ? The old resources were configured on the Context so that's where this transient attribute list comes from. However, that doesn't work like this anymore with the new resources so the list must be empty except domain. Rémy Thanks, Arnaud - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Some attribute lost after calling storeConfig
Hello, Recently storeConfig has been fixed thanks to https://github.com/apache/tomcat/commit/010fdb7e458d9d8755e2b67203ac4757d78c2f64 It is very interesting, because it allows to persist across restart configurations made to tomcat itself and deployed webapp through JMX. In my case after saving a configuration to my webapp I lost my cacheMaxSize customization. I had in my context xml file this: and after calling storeConfig It has been changed to this so cacheMaxSize has been reverted to default value. I understand it is because in /org/apache/catalina/storeconfig/server-registry.xml / / /// //allowLinking// //cachingAllowed// //cacheTtl// //cacheMaxSize// //cacheObjectMaxSize// //cached// //caseSensitive// //domain// // / cacheMaxSize is declared as Transient so not saved in updated context xml file. Is it something expected ? or can it be considered as a bug ? Thanks, Arnaud
Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?
Hello, I am using a 3rd party valve for OpenId Connect authentication that stop working upgrading from tomcat 8.5.24 to 8.5.46 I managed to isolate the issue behing this and it is caused by a change in org.apache.tomcat.util.codec.binary.Base64 It can be reproduce with a simple test case @Test public void decodeBase64Test() { String str = "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRFZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXcyeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbuuGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q"; assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBase64(str), java.util.Base64.getUrlDecoder().decode(str)); } This test is ok with 8.5.24 but fails with 8.5.46. Are there any known issues with Base64 utility ? Arnaud - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Create a JNDI Datasource through JMX
Hello Luis, thanks for your answer. Connection pool exposes an MBean (jmxEnabled is true by default). Using jconsole, I can see pool defined in server configuration or context configuration, but I cannot see neither change properties of existing pool (maxActive for example). Of course I could register a MBean wrapping the datasource, but I'd prefer to know if it is already possible to avoid to "reinvent the wheel", if tomcat is providing such feature. My goal is to be able to create/configure a datasource dynamically on a running tomcat instance (using JMX Proxy Servlet and curl for example) Arnaud On 04/02/2019 15:30, Luis Rodríguez Fernández wrote: Hello Arnaud, mmm, nothing stops you from create your custom mbean interface that wraps your datasource. From Tomcat 8.5 doc "The connection pool object exposes an MBean that can be registered" [1] Perhaps you could start having a look here. Nevertheless may I ask you what is your use case for this? Hope it helps, Luis [1] https://tomcat.apache.org/tomcat-8.5-doc/jdbc-pool.html#JMX El lun., 4 feb. 2019 a las 11:30, Arnaud Yahoo () escribió: Hello, I would like to know if it is possible to create/configure a Datasource Ressource in tomcat using JMX. I tried with a tomcat 8.5 and jconsole, I managed to create some resource with type javax.sql.Datasource, but I did not find a way to configure the datasource (jdbc driver, url, max active, ...) It seems hard to find informations about that. Thanks, Arnaud - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Create a JNDI Datasource through JMX
Hello, I would like to know if it is possible to create/configure a Datasource Ressource in tomcat using JMX. I tried with a tomcat 8.5 and jconsole, I managed to create some resource with type javax.sql.Datasource, but I did not find a way to configure the datasource (jdbc driver, url, max active, ...) It seems hard to find informations about that. Thanks, Arnaud - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configuration of Tomcat Container to use SAML authentication
Hello, I recently tried (with success) the tomcat Valve from Fediz (Apache CXF) http://cxf.apache.org/fediz-tomcat.html Note tha you need to take a recent 1.4.4 snapshot, because 1.4.3 has some bugs preventing it to work with SAML Hope this help Arnaud On 08/06/2018 21:49, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sandeep, On 6/8/18 10:39 AM, Sandeep Muddamsetty wrote: We are trying to implement SAML SSO configuration on Tomact 8.5.X servers . As we came to know that there is no direct implementation of this authentication process through some of the blogs and need to depend on third party tools to make it possible . As we are seeing so many tools while searching for this but not getting exact information to use which tool . Do we have any apache recommended tools for this ?. I don't have a particular recommendation for you, but if you find something that works well, would you mind sharing your experience with the community? I have implemented SAML SSO myself, but we don't use Tomcat's built-in authentication and authorization framework, so it wouldn't be applicable . You will almost certainly have to implement a Valve (which is a Tomcat-specific component) to accomplish this. You might want to look at the org.apache.catalina.authenticator.FormAuthenticator source code to see how it's done. Much of the heavy-lifting is done by the AuthenticatorBase class, but the doAuthenticate(Request,HttpServletResponse) method is where the "real work" gets done to handle the incoming data, etc. I suspect if you began with that code and started chopping-out pieces and replacing them with parsing of the SAML response, validating and verifying its authenticity, and then obtaining the user's identity through the various SAML attributes sent by the identity provider, you could get quite far on your own. If you want to use an outside authentication system, it wouldn't surprise me to discover that Spring Security already had a plug-in for this kind of thing. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsa3d0ACgkQHPApP6U8 pFgk1A//dRubWfOSrqniOQcUz0kFPtgyCYVOKBus6HLoo2+nWR6yXarLvbA8WG0+ rOcpmrSI4k2hcsjtDCG1GgtzdKVKdQhWJk5ZZOAomEl5Bwyj97geUxtrsnOwgXBY BxY+p1m0IJuTSG5qF8i+zkvdfSRESghPx+wAUwxhf8g/XGucGA+S39HyEUrEGx6y hkgdWvZdj13MIBADidY54yyq7mCqccAz+Qn7D87E5i65D4aM4mBjqUM33U+55t/C 6FQjRSDJVO0ShRrQg4gPLk7r9f1BNibr0gdiy5oCg4P/zbDLEvVNVnViGQV4gjmx P3scgYGhamHLdTyGtmN1Bz19Ls1GFLia9JdA/2AtD41V6wpTIoWoN8wdHDOWTuO6 JTRDzTmLimjI38ca5ze26JJITueKK4MTpSL7eAcRopXfW4qoNi6Rc87hUUA/btT7 UhZGqeDVlyXTGQi5/KdL6BaFan+s6ILG/Ntuy9jCyohx/Jwrwx0XoksbjgTxYhhd zYRlHG8XSEcGt9epHLm5G2Rnk8GfeuzuBtj512+QxsX6VrI2q3sHuIPIgA7Egsa4 LMNntcn156spvvrF2AbsGevCqKp+fka6JL6FT7cT7EHJ60spi93kLpKx+oN1j4wI YInTT9ClPaEvj85EO5eKJdTAMPReB0Hj3ZvUeoj4Kvx1enenTG4= =1Fc/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org