RE: SSL client cert selection dialog not showing up on cloned deployment of tomcat 7 for windows x64

2016-01-11 Thread David Balažic
Wrong system clock?

What does the client say? (about the server certificate. Is it valid? Expired?)

Regards,
David Balažic
Software Engineer
www.comtrade.com

> -Original Message-
> From: Gael Abadin [mailto:gael.aba...@imatia.com]
> Sent: 11. January 2016 10:16
> To: Tomcat Users List
> Subject: SSL client cert selection dialog not showing up on cloned
> deployment of tomcat 7 for windows x64
> Importance: Low
> 
> A colleague was having trouble setting up client cert auth on this web app
> we are developing. He tried the latest tomcat 6 and 7 win32 installs using
> java 6 and 7 SDKs. He was able to bring up the app on HTTPS, launching it
> from eclipse, but even though the SSL connector had clientAuth="want"
> there
> was no client cert request when establishing the SSL connection.
> 
> I had a similar problem before because of an expired self-signed server
> certificate so I sent him my .keystore file with the new cert that I am
> using and he replaced his with mine. Still a no go.
> 
> Then I sent him my own tomcat and eclipse tomcat x64 deployment config
> and
> we switched his runtime to the same as mine (latest Java 8 x64). Same
> problem.
> 
> At this point I don't know what else to try. His setup is exactly the same
> as mine, but I can't get the client auth to work on his.
> 
> Any ideas?
> 
> 
> 
> --
> 
> 
> 
> .
> 
> Alberto Gael Abadin Martinez
> Junior Developer
> 
> [image: IMATIA]
> 
> www.imatia.com
> 
> *Tel: *+34 986 342 774 ext 4531
> 
> *Email: *gael.aba...@imatia.com
> Edificio CITEXVI
> Fonte das Abelleiras, s/n - Local 27
> 36310 Vigo (Pontevedra)
> España
> 
> .
> <http://www.linkedin.com/company/imatia-innovation>
> <http://www.youtube.com/imatiainnovation>
> 
> .
> 
> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
> contener información confidencial, siendo para uso exclusivo del
> destinatario. Queda prohibida su divulgación copia o distribución a
> terceros sin la autorización expresa del remitente. Si usted ha recibido
> este mensaje erróneamente, se ruega lo notifique al remitente y proceda a
> su borrado. Gracias por su colaboración.
> This message, and in the case of any file annexed to it, can have
> confidential information, and it is exclusively for the use of the
> addressee of the message. It is strictly forbidden to spread a copy or
> distribute to third parties, without the express order of the sender. If
> you have received this message mistakenly, we request you to notify to the
> sender, and please be sure to erase it. Thank you for your collaboration.
> 
> .

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: [ANN] Apache Tomcat 8.0.29 available

2015-11-25 Thread David Balažic
Typo on http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

"TLSv1.0 is no an alias"

Should probably be "TLSv1.0 is not an alias"

Regards,
David Balažic

> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: 25. November 2015 17:22
> To: users@tomcat.apache.org
> Cc: d...@tomcat.apache.org; annou...@apache.org;
> annou...@tomcat.apache.org
> Subject: [ANN] Apache Tomcat 8.0.29 available
> Importance: Low
> 
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 8.0.29.
> 
> Apache Tomcat 8 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expression Language and Java
> WebSocket technologies.
> 
> Apache Tomcat 8.0.29 includes fixes for issues identified in 8.0.28 as
> well as other enhancements and changes. The notable changes since 8.0.28
> include:
> 
> - Add an option to control (per context) quoting of EL expressions in
>   JSP attributes
> 
> - Correct a regression in the fix for 56777 that added support for
>   URIs in config file locations
> 
> - Add a new RestCsrfPreventionFilter that provides basic CSRF
>   protection for REST APIs
> 
> -  Use instance manager for WebSocket server endpoint instances
> 
> 
> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
> 
> Downloads:
> http://tomcat.apache.org/download-80.cgi
> 
> Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
> http://tomcat.apache.org/migration.html
> 
> Enjoy!
> 
> - The Apache Tomcat team
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: [OT] RE: 80ms delay switching between worker threads

2015-10-31 Thread David Balažic
Just a note: When most of you say "resolution" what you think about is actually 
called "accuracy".
(also see "precision" , here is a good roundup: 
http://www.tutelman.com/golf/measure/precision.php )

David Balažic
Software Engineer
www.comtrade.com

> -Original Message-
> From: Konstantin Preißer [mailto:kpreis...@apache.org]
> Sent: 31. October 2015 10:27
> To: Tomcat Users List
> Subject: [OT] RE: 80ms delay switching between worker threads
> Importance: Low
> 
> Hi Christopher,
> 
> > -Original Message-
> > From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> > Sent: Saturday, October 31, 2015 3:43 AM
> >
> > What OS are you using? IIRC, the Windows timer has horrible resolution.
> > you can call System.currentTimeNanos all you want, but you won't get
> > anything meaningful lower than some threshold regardless of the actual
> > least significant digits coming back from those calls.
> 
> While that may have been true in ancient versions like XP and Vista, at least
> starting with Win7 QueryPerformanceCounter() uses the processor's TSC [1]
> (where Vista used the HPET if available) so you should have a very high
> resolution here. E.g. running the following Java program:
> 
> int[] iterations = { 100, 120, 150, 250 };
> 
> for (int i = 0; i < iterations.length; i++) {
> for (int j = 0; j < 3; j++) {
> long currentTime = System.nanoTime();
> double startValue = 1000;
> for (int z = 0; z < iterations[i]; z++) {
> startValue = Math.pow(startValue, 0.99);
> }
> long difference = System.nanoTime() - currentTime;
> System.out.println(iterations[i] + " pow iterations ms took " +
> (difference / 1000L) + " µs");
> }
> }
> 
> prints on my system something like:
> 
> 100 pow iterations ms took 25 µs
> 100 pow iterations ms took 7 µs
> 100 pow iterations ms took 7 µs
> 120 pow iterations ms took 8 µs
> 120 pow iterations ms took 9 µs
> 120 pow iterations ms took 8 µs
> 150 pow iterations ms took 11 µs
> 150 pow iterations ms took 10 µs
> 150 pow iterations ms took 13 µs
> 250 pow iterations ms took 18 µs
> 250 pow iterations ms took 17 µs
> 250 pow iterations ms took 17 µs
> 
> 
> So there should at least be a microsecond resolution. On a C# program using
> Stopwatch I get similar results in the range from 5 to 12 µs.
> 
> Note, QueryPerformanceFrequency() [2] can be used to get the frequency
> of the timer which is exposed in .Net through static
> System.Diagnostics.Stopwatch.Frequency field as ticks per second. On my
> system it prints "3323580" so the resolution should be around ~0.3
> microseconds.
> 
> 
> Regards,
> Konstantin Preißer
> 
> [1] https://msdn.microsoft.com/en-
> us/library/windows/desktop/dn553408%28v=vs.85%29.aspx
> [2] https://msdn.microsoft.com/de-
> de/library/windows/desktop/ms644905%28v=vs.85%29.aspx
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Firefox SSL with APR - losing client certificate

2015-09-17 Thread David Balažic
Anyone with experience debugging SSL issues (with APR or from Firefox/Chrome 
side) ?

David Balažic


> -Original Message-
> From: David Balažic [mailto:david.bala...@comtrade.com]
> Sent: 10. September 2015 14:58
> To: users@tomcat.apache.org
> Subject: RE: Firefox SSL with APR - losing client certificate
> Importance: Low
> 
> Reported as Bug 58244 - two way SSL loses client certificate after a few
> requests
> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=58244
> 
> 
> David Balažic
> 
> > -Original Message-
> > From: David Balažic
> > Sent: 7. August 2015 17:38
> > To: users@tomcat.apache.org
> > Subject: Firefox SSL with APR - losing client certificate
> > Importance: Low
> >
> > Hi!
> >
> > I use tomcat 6.0.44 wit APR on Windows x64.
> > I set up SSLVerifyClient="optional" and since then encounter the following
> > problem with Firefox 39.0.03 (IE works OK):
> >
> > On first access Firefox shows the client certificate selection dialog. I 
> > select a
> > certificate and continue. The web application "sees" the selected 
> > certificate
> > and show a proper response page.
> > But on next access (I click a link) the client certificate is not visible 
> > to the
> > application any more. It gets null from the method call
> > HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate")
> >
> > Goggole found https://bz.apache.org/bugzilla/show_bug.cgi?id=37869
> > (similar)
> > And http://grokbase.com/t/tomcat/users/102pdv412y " [Tomcat-users]
> > Client certificate gone after 1 minute timeout (SSL, APR)"
> > (even more similar, except for me it fails on next access without a minute
> of
> > waiting)
> > As suggested in the second link, clearing cache and authentication in the
> > browser is a workaround that works. Kind of as one has to select the
> > certificate again and do it before every click on a link.
> >
> > Strange, just now it worked fine for a few minutes.
> >
> > Is this some known issue?
> >
> > Without APR, using JSSE, it works fine (and did so for years).
> >
> > This started after upgrading yesterday tomcat from 6.0.35_x64 (no APR) to
> > apache-tomcat-6.0.44-windows-x64.zip (with or without APR).
> > I start tomcat from Eclipse, using JRE 1.6.0_45  (each 64 bit version).
> >
> > Firefox version 39.0, today updated to 39.0.3
> >
> > The Connector line from server.xml:
> >
> >  > SSLCertificateFile="C:/key_public.pem"
> > SSLCertificateKeyFile="C:/key_private.pem"
> > SSLEnabled="true" SSLPassword="changeit"
> > SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
> > SSLVerifyClient="optional" URIEncoding="UTF-8" maxThreads="150"
> > port="8443"
> > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > scheme="https"
> > secure="true" />
> >
> >
> > Regards,
> > David Balažic
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Tomcat Session issue - Session not expiring on browser close event

2015-09-14 Thread David Balažic
Kiran Badi wrote:
 
> Is their a way to kill the session after certain period of inactive time
> where user is not doing anything on the site or I need to adjust my timeout
> value ?

The timeout means exactly "kill the session after certain period of inactive 
time", so the answer is yes.

Regards,
David

> 
> On Wed, Sep 9, 2015 at 9:34 AM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
> 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Kiran,
> >
> > On 9/7/15 12:54 PM, Kiran Badi wrote:
> > > I have few attributes saved in session they seems to living for
> > > close to 30 minutes which is session timeout in web xml.
> > >
> > > I need to kill the session once the browser closes on the client
> > > side.
> >
> > You need to free server resources, or you want the client to be
> > disconnected from their (old) session?
> >
> > > Is their a way to do it on server side rather than doing via some
> > > kind of ajax handler.
> >
> > Yes and no.
> >
> > If you have the cookie set with no expiration date (the default with
> > Tomcat's container-managed sessions), then the browser will forget the
> > cookie when it closes.
> >
> > If you *do* have an expiration date on your cookies, then AJAX is the
> > only way, and there's no guarantee that the browser is actually going
> > to send that AJAX message when it's closing the page.
> >
> > If you want the serer to kill the session immediately upon browser
> > close (regardless of "expiration" date), your only hope is AJAX, and I
> > can tell you right now you shouldn't bet on that working.
> >
> > > Doing it via ajax means injecting that code in all my jsp's and
> > > have lot many.
> >
> > Sounds like session cookies are the way to go.
> >
> > Perhaps you should think about using a leaner session, and then
> > sessions living for longer than necessary won't be such a big problem.
> >
> > - -chris
> > -BEGIN PGP SIGNATURE-
> > Comment: GPGTools - http://gpgtools.org
> >
> >
> iQIcBAEBCAAGBQJV8DVQAAoJEBzwKT+lPKRYG4gP/0qOpYTP5D0xmPVZAaHF
> AhFY
> >
> Guz8sdBXxnfWlYwWYDZMcbtpOjpi91i5N9W42X0oeFTttkXH5Dzvfo7TpYo9OP
> nv
> >
> RRNdQZncehtlH0nZKjU7rnDFkiCUBWr6/LiblJikOMleItCZDfDIUpmakX7mgs+w
> >
> P0Y976SgdIPVxFjlqXc+Pgxnup6t8lFcNmrBPe93Jmb9QxzL1o4qcevdTz7KVdwo
> >
> BRKPHOEAGXTawcJM9E14e2tUa/8J+M7kTovoCkxjK5+VQSi+2k5KDmMDlxEd
> n6iO
> >
> HPSwpvsHxNyWd21rREIQhNfWOADYar5+phw5g+ifGtRxfhbY+cGzD2DzfrsUk
> ZQB
> > +a0iGf9OgQb/wFIONWZbbx1zl6IQTiajZjuKuSfA5CXYDLbnyfsIMQ1Y77tlSZIZ
> >
> ZIw6k2NiRzKgMm54Fnms8ixAGtIHX9j7qGaJvGVQjc0ZxIexsrp9DgzWt6+BmRb
> D
> >
> H7gMmcT/pl4UzI6fSlOm9d8E/PtL3sd7pGQhEwVb4Y9U1Ihq/bHlPHrTsn0I14H3
> >
> UYZpDFKGHHH8I7r7OrBiMFSWICNsNL2c4BgRU/uzTvEivCRrnJBUjzVGtWsYscv
> j
> >
> HwwTxUzIMnUOe+Uc09PDmh231vKhFYIWsdFDR1MFPQfZUZ9MYPe49xxmL
> q0rmo4+
> > tqTv8vYdaMtWWbmd+G6B
> > =tPe/
> > -END PGP SIGNATURE-
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Firefox SSL with APR - losing client certificate

2015-09-10 Thread David Balažic
Reported as Bug 58244 - two way SSL loses client certificate after a few 
requests

https://bz.apache.org/bugzilla/show_bug.cgi?id=58244


David Balažic

> -Original Message-
> From: David Balažic
> Sent: 7. August 2015 17:38
> To: users@tomcat.apache.org
> Subject: Firefox SSL with APR - losing client certificate
> Importance: Low
> 
> Hi!
> 
> I use tomcat 6.0.44 wit APR on Windows x64.
> I set up SSLVerifyClient="optional" and since then encounter the following
> problem with Firefox 39.0.03 (IE works OK):
> 
> On first access Firefox shows the client certificate selection dialog. I 
> select a
> certificate and continue. The web application "sees" the selected certificate
> and show a proper response page.
> But on next access (I click a link) the client certificate is not visible to 
> the
> application any more. It gets null from the method call
> HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate")
> 
> Goggole found https://bz.apache.org/bugzilla/show_bug.cgi?id=37869
> (similar)
> And http://grokbase.com/t/tomcat/users/102pdv412y " [Tomcat-users]
> Client certificate gone after 1 minute timeout (SSL, APR)"
> (even more similar, except for me it fails on next access without a minute of
> waiting)
> As suggested in the second link, clearing cache and authentication in the
> browser is a workaround that works. Kind of as one has to select the
> certificate again and do it before every click on a link.
> 
> Strange, just now it worked fine for a few minutes.
> 
> Is this some known issue?
> 
> Without APR, using JSSE, it works fine (and did so for years).
> 
> This started after upgrading yesterday tomcat from 6.0.35_x64 (no APR) to
> apache-tomcat-6.0.44-windows-x64.zip (with or without APR).
> I start tomcat from Eclipse, using JRE 1.6.0_45  (each 64 bit version).
> 
> Firefox version 39.0, today updated to 39.0.3
> 
> The Connector line from server.xml:
> 
>SSLCertificateFile="C:/key_public.pem"
>   SSLCertificateKeyFile="C:/key_private.pem"
>   SSLEnabled="true" SSLPassword="changeit"
> SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
>   SSLVerifyClient="optional" URIEncoding="UTF-8" maxThreads="150"
> port="8443"
>   protocol="org.apache.coyote.http11.Http11AprProtocol"
> scheme="https"
>   secure="true" />
> 
> 
> Regards,
> David Balažic
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Firefox SSL with APR - losing client certificate

2015-08-12 Thread David Balažic
I also happens with latest apache-tomcat-8.0.24-windows-x64.zip
Using this simple webapp:

In the webapps folder create a folder named cert, there create a file named 
ccertA.jsp with contents:

html
body
h3client cert test - page A/h3
User client cert data:
%= ((java.security.cert.X509Certificate[]) 
request.getAttribute(javax.servlet.request.X509Certificate))[0].getSubjectX500Principal().toString()%
p
Check a href=ccertB.jsppage B/a
p
Page served time: %= new java.util.Date().toString() %
/body
/html

Optionally create nother fileccertB.jsp with same content, except the A and 
B letter swapped.

In server.xml add a line:

Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol
secure=true scheme=https maxThreads=150 URIEncoding=UTF-8
SSLVerifyClient=optional SSLProtocol=TLSv1+TLSv1.1+TLSv1.2
SSLPassword=testing SSLEnabled=true
SSLCertificateKeyFile=C:/your_server_key_private.pem
SSLCertificateFile=C:/ your_server_key _public.pem
SSLCACertificateFile=C:/supported_client_CAs.pem /

Then start with startup.bat and open the page 
https://localhost:8443/cert/ccertA.jsp and refresh it or click the link.
After a few click instead of the page an error will be presented:

HTTP Status 500 - An exception occurred processing JSP page /ccertA.jsp at line 
5

type Exception report

message An exception occurred processing JSP page /ccertA.jsp at line 5

description The server encountered an internal error that prevented it from 
fulfilling this request.

exception

org.apache.jasper.JasperException: An exception occurred processing JSP page 
/ccertA.jsp at line 5

2: body
3: h3client cert test - page A/h3
4: User client cert data:
5: %= ((java.security.cert.X509Certificate[]) 
request.getAttribute(javax.servlet.request.X509Certificate))[0].getSubjectX500Principal().toString()%
6: p
7: Check a href=ccertB.jsppage B/a
8: p


Stacktrace:

org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:574)

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

root cause

java.lang.NullPointerException
org.apache.jsp.ccertA_jsp._jspService(ccertA_jsp.java:93)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

note The full stack trace of the root cause is available in the Apache 
Tomcat/8.0.24 logs.
Apache Tomcat/8.0.24


The error occurs in about 30 seconds after first  load (keep refreshing or 
clicking every few seconds or so).

Tested with:
 - Chrome v44
 - Firefox v39.0.3 and v40

The problem does not occur with IE v11.

Regards,
David Balažic
Software Engineer
www.comtrade.com


 -Original Message-
 From: David Balažic [mailto:david.bala...@comtrade.com]
 Sent: 10. August 2015 19:30
 To: Tomcat Users List
 Subject: RE: Firefox SSL with APR - losing client certificate
 Importance: Low
 
  From: David Balažic [mailto:david.bala...@comtrade.com]
 
   From: Christopher Schultz [mailto:ch...@christopherschultz.net]
   Sent: 8. August 2015 14:33
  
   Quick question: this is with Tomcat only and no httpd out in front, righ
   t?
 
  Yes.
 
 It is also the same if run independently (without Eclipse):
  - extract apache-tomcat-6.0.44-windows-x64.zip
  - set JAVA_HOME,CATALINA_HOME, CATALINA_BASE and CATALINA_OPTS
  - copy war file into webapps folder
  - copy ojdbc6_g-11.2.0.2.0.jar into lib folder (my WAR uses an Oracle
 database)
  - execute startup.bat
 
 Java is again 1.6.0_45 (x64).
 
 It also happens with java version 1.8.0_51
 Java(TM) SE Runtime Environment (build 1.8.0_51-b16)
 Java HotSpot(TM) 64-Bit Server VM (build 25.51-b03, mixed mode)
 
 
 I also tested on another system with 32 bit Windows 7, apache-tomcat-
 6.0.44-windows-x86.zip , with
 java version 1.6.0_12
 Java(TM) SE Runtime Environment (build 1.6.0_12-b04)
 Java HotSpot(TM) Client VM (build 11.2-b01, mixed mode, sharing)
 
 Same problem (with FF, while IE works fine).
 
 On the first system I also tried with Chrome: also has the problem.
 
 Interestingly, on one occasion with FF the problem did not surface for long
 time (about 15 minutes of testing).
 Then I cleared the Active Logins (shift-ctrl-del) in Firefox and tried 
 again

RE: Firefox SSL with APR - losing client certificate

2015-08-10 Thread David Balažic
 From: David Balažic [mailto:david.bala...@comtrade.com]
 
  From: Christopher Schultz [mailto:ch...@christopherschultz.net]
  Sent: 8. August 2015 14:33
 
  Quick question: this is with Tomcat only and no httpd out in front, righ
  t?
 
 Yes.

It is also the same if run independently (without Eclipse):
 - extract apache-tomcat-6.0.44-windows-x64.zip
 - set JAVA_HOME,CATALINA_HOME, CATALINA_BASE and CATALINA_OPTS
 - copy war file into webapps folder
 - copy ojdbc6_g-11.2.0.2.0.jar into lib folder (my WAR uses an Oracle database)
 - execute startup.bat

Java is again 1.6.0_45 (x64).

It also happens with java version 1.8.0_51
Java(TM) SE Runtime Environment (build 1.8.0_51-b16)
Java HotSpot(TM) 64-Bit Server VM (build 25.51-b03, mixed mode)


I also tested on another system with 32 bit Windows 7, 
apache-tomcat-6.0.44-windows-x86.zip , with 
java version 1.6.0_12
Java(TM) SE Runtime Environment (build 1.6.0_12-b04)
Java HotSpot(TM) Client VM (build 11.2-b01, mixed mode, sharing)

Same problem (with FF, while IE works fine).

On the first system I also tried with Chrome: also has the problem.

Interestingly, on one occasion with FF the problem did not surface for long 
time (about 15 minutes of testing).
Then I cleared the Active Logins (shift-ctrl-del) in Firefox and tried again: 
the problem occurred right on second HTTP(S) request.

Regards,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Firefox SSL with APR - losing client certificate

2015-08-10 Thread David Balažic
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: 8. August 2015 14:33
 
 Quick question: this is with Tomcat only and no httpd out in front, righ
 t?

Yes.

David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Firefox SSL with APR - losing client certificate

2015-08-07 Thread David Balažic
Hi!

I use tomcat 6.0.44 wit APR on Windows x64.
I set up SSLVerifyClient=optional and since then encounter the following 
problem with Firefox 39.0.03 (IE works OK):

On first access Firefox shows the client certificate selection dialog. I select 
a certificate and continue. The web application sees the selected certificate 
and show a proper response page.
But on next access (I click a link) the client certificate is not visible to 
the application any more. It gets null from the method call
HttpServletRequest.getAttribute(javax.servlet.request.X509Certificate)

Goggole found https://bz.apache.org/bugzilla/show_bug.cgi?id=37869 (similar)
And http://grokbase.com/t/tomcat/users/102pdv412y  [Tomcat-users] Client 
certificate gone after 1 minute timeout (SSL, APR)
(even more similar, except for me it fails on next access without a minute of 
waiting)
As suggested in the second link, clearing cache and authentication in the 
browser is a workaround that works. Kind of as one has to select the 
certificate again and do it before every click on a link.

Strange, just now it worked fine for a few minutes.

Is this some known issue?

Without APR, using JSSE, it works fine (and did so for years).

This started after upgrading yesterday tomcat from 6.0.35_x64 (no APR) to 
apache-tomcat-6.0.44-windows-x64.zip (with or without APR).
I start tomcat from Eclipse, using JRE 1.6.0_45  (each 64 bit version).
 
Firefox version 39.0, today updated to 39.0.3

The Connector line from server.xml:

Connector SSLCACertificateFile=C:/CA_list.pem
SSLCertificateFile=C:/key_public.pem
SSLCertificateKeyFile=C:/key_private.pem
SSLEnabled=true SSLPassword=changeit 
SSLProtocol=TLSv1+TLSv1.1+TLSv1.2
SSLVerifyClient=optional URIEncoding=UTF-8 maxThreads=150 
port=8443
protocol=org.apache.coyote.http11.Http11AprProtocol scheme=https
secure=true /


Regards,
David Balažic

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



HTTP cache control?

2013-11-25 Thread David Balažic
Hi!

Considering that JSP pages are by definition dynamic (different on
each GET), why doesn't Tomcat set the HTTP headers in the line of do
not cache this, it's dynamic! by default for all generated HTML
(*.jsp files and servlet responses)?

Regards,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



synchronizing in tomcat

2009-11-17 Thread David Balažic
Hi!

Does tomcat offer any mechanism for locking servlet executions?

So if one servlet does:
 - get 10 EUR from account 1 (read account 1 balance; substract 10;
store new balance)
 - add 10 EUR to account 2 (...)

How can I make sure no other servlet does (read account 1 balance;
sustract 10; store new balance) at the same
time and cause lost account money?

The account data is in a database, accessed over hibernate (or
directly, if needed).

Regards,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Possible to do async processing?

2009-11-16 Thread David Balažic
Hi!

We are using tomcat 6.0 and now we have the need to trigger from the
service() method of a  servlet.

So:
 - a request arrives
 - the servlet triggers an async event
 - servlet sends response and closes
 - the async task is done (independent of servlet opeartion)

Is there a way to do this?

Or create threads by hand?

Regards,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Possible to do async processing?

2009-11-16 Thread David Balažic
2009/11/16 Joseph Morgan joseph.mor...@ignitesales.com:
 Yes, there is a way, and I suspect you're doing fire-and-forget processing, 
 but, could you give us a better idea as to what you are trying to do?

 Tomcat will handle servlet requests in multiple threads if needed, anyway.  
 So it may not be necessary.  I'm thinking you might want to investigate a 
 messaging system, such as OpenMQ.

 BTW:  To create a thread by hand, look at the Java docs for the Thread class 
 and the Runnable interface. Keep in mind, this could get really out of hand 
 if there are a lot of requests and you don't understand how to properly 
 manage threads in this environment.

Yes, that is why I ask. (I know how to create threads).

So Tomcat has nothing like this in itself? Any trick , shortcut?

It will be something triggered like a few times in an hour and would
take less than a minute to process, to there should be no overload
problems (famous last words...)

Regards,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Version in web.xml

2009-09-07 Thread David Balažic
Hi!

Is the version mismatch in the web-app tag, like this:

web-app version=2.4 xmlns=http://java.sun.com/xml/ns/javaee;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation=http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd;

an error? Or is it valid? Tomcat 6.0.20 appears to accept it.

Regards,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



EL - access to nonexisting property, but no error ?

2009-08-26 Thread David Balažic
versions: Tomcat 5.5.28, Java 1.6.0_15 and Windows XP Pro SP3

Hi!

Can someone explain why does an EL like ${someListobject.a} NOT give
an error ?
someListobject is an attribute of type java.util.List
a is not a property of java.util.List, so according to Servlet 2.4
specs (page I-68),
it should cause an error.
Also a question on the SCWCD exam asks this and the correct answer is
it causes an error.
(from the book Head First Servlets and JSP, Second Edition)

There is also nothing to be seen in the logs. (and the page is sent to
the client,
with full content, no erorrs; the EL above shows up as empty string)

Regards,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: EL - access to nonexisting property, but no error ?

2009-08-26 Thread David Balažic
Martin, I have no isELIgnored=true

But I figured it out.
I had an object (bean), that had a property/method :
List getMyList()

Then I used an EL:
${theBean.myList.a}

This would cause an error , except if getMyList() returns null!
Then it is a null.something EL, which gives no error.

Thanks for your help.

David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org