Re: server.xml setting broken with Tomcat 9.0.81

2024-02-28 Thread Konstantin Kolinko
ср, 28 февр. 2024 г. в 14:42, Jonathan Ho :
>
> I have following connectors in server.xml file and working for a long time 
> with various version of Tomcat 9 until I upgrade to 9.0.81 or newer versions. 
> I verified that 9.0.80 is working.
> What I am getting from 9.0.81 on startup is I will get pass phrase prompt on 
> tomcat start up and following errors in the log.
> I see openssl upgrade by tomcat from 1.x to 3.x in 9.0.81, could that be the 
> problem?
>

1. OpenSSL 1.1.1 has reached End-of-Life,
https://www.openssl.org/blog/blog/2023/09/11/eol-111/

2. If you suspect, that the version of Tomcat Native is the trigger of
this issue:

On Windows it is easy to verify whether it is the cause:
just replace "bin/tcnative-1.dll" with an older version.

> or newer versions.
3. What never versions have you tested?

Have you tested the current Tomcat 9.0.86?
It updates Tomcat Native further, to 1.3.0.

Have you tested 9.0.83 or later?
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
Is not exactly your issue, but of a similar topic.

> I will get pass phrase prompt
4. That prompt is not issued by Tomcat.
Is that prompt expected?
Are you typing the password correctly?
Are you able to decode your key file using openssl.exe from a command line?

Note that a copy of openssl.exe is included with Tomcat Native
binaries downloadable from
https://tomcat.apache.org/download-native.cgi

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Session Cookie Logging

2024-01-26 Thread Konstantin Kolinko
пт, 26 янв. 2024 г. в 04:01, Dan McLaughlin :
>
> Does anyone know what class we would crank the log level up to see why
> Tomcat would ignore cookie-config in our web.xml?
>
> We are using Tomcat 10.1.18. Our app WAR is named secure#Foo.war.  We've
> always depended on the name of the WAR to name the Context Path/Name.
>
> The only reason I'm messing with this is because we can't get the cookie
> path to be anything other than /.  We gave up trying to use the cookie
> settings in the context.xml since we couldn't get the sessionCookiePath to
> use our cookie path /secure/Foo. No matter what we tried, the cookie path
> was always /.
>
> This is what our context.xml looked like before we moved to trying to use
> the web.xml cookie-config.
>
> privileged="false"
>   unpackWAR="true"
>   swallowOutput="true"
>   clearReferencesHttpClientKeepAliveThread="true"
>   clearReferencesStopThreads="false"
>   clearReferencesStopTimerThreads="true"
>   clearReferencesObjectStreamClassCaches="true"
>   clearReferencesRmiTargets="true"
>   clearReferencesThreadLocals="true"
>   renewThreadsWhenStoppingContext="true"
>   antiResourceLocking="false"
>   skipMemoryLeakChecksOnJvmShutdown="false"
>   copyXML="false"
>   unloadDelay="1"
>   useNaming="false"
>   sessionCookieName="__Host-JSESSIONID"
>   sessionCookiePath="/secure/Foo"
>   useHttpOnly="true"
>   cookies="true"
>   logEffectiveWebXml="false">
>   
> 
>
> Since setting the cookie path wasn't working using the context.xml, we
> removed all the cookie settings except for the CookieProcessor so we could
> set sameSite, and we moved to trying to use the cookie-config in web.xml.
>
> In our web.xml, we have default-context-path at the top, and we have
> session-config at the bottom. Everything is in the order defined in the xsd.
>
> /secure/Foo
>
> 
> 30
> 
>   __Host-JSESSIONID
>   /secure/Foo
>   Session Cookie
>   true
>   true
>   -1
> 
> COOKIE
>   
>
> When we try to use the web.xml to set the cookie it's even worse than with
> the context.xml, with the context.xml we at least got a cookie, now we
> don't get a cookie set at all.
>
> I've tried with autodeploy off/on and deployonstartup off/on.
>
> Now I just want to crank up log levels to see what's going on.

1. I think that you can configure an AccessLogValve to log the actual
value of "Set-Cookie" header that is snt with your response, as well
as "Cookie" headers sent by clients.

2. "" setting is not processed by Tomcat.
Only your war name matters,
https://tomcat.apache.org/tomcat-10.1-doc/config/context.html#Naming

"Session Cookie"
Why? What do you expect this is for?
In the old times this would be sent to a browser, but I think nowadays
it is just ignored.

I recommend to validate your web.xml against its schema. (Tomcat can
be configured to do validation at deployment time, but this feature is
off by default).

3. If your scenario is easy to reproduce, I recommend remote debugging.

https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario

Places to look at:
a) the cookie is generated by a CookieProcessor .  Look at the
implementation class that you have configured with your
CookieProcessor element.
b) "sessionCookieName" and other attributes are set on Context, It is
org.apache.catalina.core.StandardContext class.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Regarding Tomcat is creating the zombie processes

2024-01-11 Thread Konstantin Kolinko
пт, 5 янв. 2024 г. в 12:45, Vaidya, Omkar :
>
> Hi Team,
>
>
>
> This is regarding like we have one customer issue where on Linux platform, we 
> have configured our IOT-application (Thingworx), which is using Tomcat as a 
> server.
>
> So we are able to identify that even when we remove our application, Tomcat 
> is creating a zombie (defunct) process, which is creating 200+ processes 
> under the process table, which ultimately occupy all the OS resources and the 
> application goes in a hung state. This issue is also reproducible on the 
> Standalone Tomcat server also.
>
> There are two scenarios mentioned below -
>
> 1.If this is relatable to Tomcat can you please suggest any 
> article or documentation so that we can stop zombie process creation, if this 
> is a known issue or there is only way to clear zombie (defunct) process from 
> Processes table of linux.

The count of "200" sounds a lot like the default value of "maxThreads"
attribute of a . See Configuration Reference,
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html

So it is very likely that your "zombie processes" are just Threads and
not processes.
https://docs.oracle.com/javase/8/docs/api/java/lang/Thread.html

A good way to see what those threads are actually doing is to take a
"Thread dump". It can be done with "jstack" program that comes with
Java.

See also FAQ pages
https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario

https://cwiki.apache.org/confluence/display/TOMCAT/HowTo#HowTo-HowdoIobtainathreaddumpofmyrunningwebapp?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Problems with cross app uploads (migrating from 9.0.35 to 9.0.84)

2024-01-11 Thread Konstantin Kolinko
чт, 11 янв. 2024 г. в 23:08, Aryeh Friedman :
> [...]
> Original code:
>
> Decode form
> Save file to /tmp/[sessId]/[filename]
> Move file from above to images app and rename the file from
> /tmp/[sessId][filename] to [webapp dir]/images/[doc]/1.jpg (simelar if
> it is org policy or a system wide one)
>
> Open21 vs. Open8 weirdness:
>
> Turns out for some wacko reason java.io.File.renameTo() was failing
> silently (i.e. it was return false but being ultra opaque about why
> [no stack traces/etc]) [note I also had to deal with a caching issue
> on the browser first].
>
> But switching to java.nio.Files.move() does work and gives no errors
> or anything (no need to modify ownership or permissions)

Are "/tmp" and "[webapp dir]" on the same filesystem? If they are not,
you need to move the actual bytes from one partition/hard drive to
another and a simple "rename" is not enough.

I wonder why your file ends up in /tmp and not in ${java.io.tmpdir}.
The latter is set by Tomcat startup scripts to be
"${catalina.base}/temp".

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Weird CSRF prevention behavior

2023-12-20 Thread Konstantin Kolinko
пт, 1 дек. 2023 г. в 23:27, Christopher Schultz :
>
> [...]
>
> I build-from-source and launch my custom-build Tomcat with my
> application in it. No logging. Oh, right... logging.properties. So I add
> this to my conf/logging.properties file:
>
> org.apache.catalina.filters.CsrfPreventionFilter.level = FINEST
>
> To be sure there's no funny business, I use "catalina.sh run" and wait
> for the console log to settle down. I make a few requests. No logs. Hmm.
> Oh, the ConsoleAppender is set to FINE and not FINEST.
>
> java.util.logging.ConsoleHandler.level = FINEST
>
> Done. CTRL-C, catalina.sh run. Make some requests.
>
> Nothing. Okay maybe the Filter is just ignoring these for some
> reason.

Regarding the logging issue: It is worth to check
a) If you have a "logging.properties" file in your class path.

I.e. if the web application has its own configuration of logging.
(Usually in lib/classes, but in bad cases one may be present in a
library jar file.)

b) What are the values of "java.util.logging.manager" and
"java.util.logging.config.file" properties.
I.e. whether JULI is used at all.

If nothing else, remote debugging should help. ;)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [External] Re: Tomcat upgrade from 9.0.80 to 9.0.81

2023-10-10 Thread Konstantin Kolinko
ср, 11 окт. 2023 г. в 02:31, Amit Pande :
>
> Thank you Konstantin for the quick update!
>
> Since this release contained multiple security fixes, it's important to 
> upgrade. However, there seem regressions too.
>
> What is the way forward here?  Follow up version coming sooner? Or a version 
> with just security fixes and all other changes can go in subsequent release?

There are workarounds for these regressions:

- Regarding this specific issue: I would just disable the compression.

- Regarding the jdbc-pool issue: it is possible to use tomcat-jdbc.jar
from a previous release. (Either unzipping a release, or pulling the
specific jar from Maven Central).

Release managers were at a conference, maybe are travelling, and
voting for a new release usually takes 3 days.

The vote was unusually shortened due to one of the issues going public
and I guess that it might be widely discussed and (ab)used.

I still do not know how this will be handled, but it may take a few days.

Watch for "VOTE" threads on the dev mailing list. If one could help
with testing release candidates, it would help.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: DBCP exception after Tomcat 10.1.13 -> 10.1.14 upgrade

2023-10-10 Thread Konstantin Kolinko
Hi!

Thank you for the report.
This issue is known and has already been fixed. See
https://bz.apache.org/bugzilla/show_bug.cgi?id=67664

Best regards,
Konstantin Kolinko

вт, 10 окт. 2023 г. в 23:42, Michael Hayes :

>
> I have just upgraded a working Tomcat 10.1.13 installation to Tomcat 10.1.14,
> on Rocky Linux 9.2, PostgreSQL 11.20, JDBC driver 42.6.0, Java 17.0.8.
>
> During startup I get this exception:
>
> java.sql.SQLException
> at 
> org.apache.tomcat.jdbc.pool.ConnectionPool.setupConnection(ConnectionPool.java:351)
> at 
> org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:200)
> at 
> org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:131)
> at fms.lib.Jdbc.open(Jdbc.java:139)
> at fms.lib.Startup.contextInitialized(Startup.java:38)
> at 
> org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4422)
> at 
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4860)
> ... lots more
> Caused by: java.lang.IllegalArgumentException: 
> org.apache.tomcat.jdbc.pool.PooledConnection is not an interface
> at 
> java.base/java.lang.reflect.Proxy$ProxyBuilder.validateProxyInterfaces(Proxy.java:706)
> at 
> java.base/java.lang.reflect.Proxy$ProxyBuilder.(Proxy.java:648)
> at 
> java.base/java.lang.reflect.Proxy.lambda$getProxyConstructor$1(Proxy.java:440)
> at 
> java.base/jdk.internal.loader.AbstractClassLoaderValue$Memoizer.get(AbstractClassLoaderValue.java:329)
> at 
> java.base/jdk.internal.loader.AbstractClassLoaderValue.computeIfAbsent(AbstractClassLoaderValue.java:205)
> at 
> java.base/java.lang.reflect.Proxy.getProxyConstructor(Proxy.java:438)
> at java.base/java.lang.reflect.Proxy.getProxyClass(Proxy.java:398)
> at 
> org.apache.tomcat.jdbc.pool.ConnectionPool.getProxyConstructor(ConnectionPool.java:377)
> at 
> org.apache.tomcat.jdbc.pool.ConnectionPool.setupConnection(ConnectionPool.java:339)
> ... 45 more
>
> Any ideas?
>
> Thanks...
>
> --Mike
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat upgrade from 9.0.80 to 9.0.81

2023-10-10 Thread Konstantin Kolinko
Hi!

Thank you for reporting and investigating the issue.

I added your observation to
https://bz.apache.org/bugzilla/show_bug.cgi?id=67670

Best regards,
Konstantin Kolinko

ср, 11 окт. 2023 г. в 00:01, Amit Pande :

>
> I am still investigating more but after upgrading from Tomcat 9.0.80 to 
> 9.0.81, many of our rest assured based tests are failing with below error ...
>
> Caused by: org.apache.http.ConnectionClosedException: Premature end of 
> Content-Length delimited message body (expected: 4,999; received: 3,040)
>at 
> org.apache.http.impl.io.ContentLengthInputStream.read(ContentLengthInputStream.java:178)
>at io.restassured.internal.util.IOUtils.toByteArray(IOUtils.java:30)
>at 
> io.restassured.internal.http.GZIPEncoding$GZIPDecompressingEntity.getContent(GZIPEncoding.java:69)
>at 
> org.apache.http.conn.BasicManagedEntity.getContent(BasicManagedEntity.java:85)
>at 
> io.restassured.internal.http.HTTPBuilder.parseResponse(HTTPBuilder.java:546)
>at 
> io.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.super$2$parseResponse(RequestSpecificationImpl.groovy)
>at sun.reflect.GeneratedMethodAccessor129.invoke(Unknown Source)
>at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>at java.lang.reflect.Method.invoke(Method.java:498)
>at 
> org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107)
>at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
>at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1268)
>at 
> org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:144)
>
> Has anyone seen this? I will keep everyone posted after debugging more.
>
> Thanks,
> Amit

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: localhost log config?

2023-09-24 Thread Konstantin Kolinko
пт, 22 сент. 2023 г. в 21:59, Baron Fujimoto :
>
>[...]
>
> I have the following defined in our logging.properties file:
>
> 1catalina.org.apache.juli.AsyncFileHandler.rotatable  = false
>
> 2localhost.org.apache.juli.FileHandler.rotatable  = false
>
> [...]
> I'm not sure why this works as expected with the catalina log files, but
not localhost.

Note that "2localhost" setting has a typo:
s/FileHandler/AsyncFileHandler/

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat9 silently ignores web application

2023-07-02 Thread Konstantin Kolinko
вс, 2 июл. 2023 г. в 01:50, Graham Leggett :
>
> Hi all,
>
> I have for a while now been moving various web applications onto a new 
> machine running tomcat9, and things have been working great. I have suddenly 
> reached one web application which is silently ignored.
>
> Tomcat starts up without any error, makes no mention of the webapp. If the 
> webapp points to a bogus directory, tomcat complains very loudly, point 
> tomcat to the correct directory, tomcat ignores the webapp.
>
> Any attempt to hit the webapp returns the dreaded tomcat 404 page. 
> Interestingly hitting /foo/bar returns a redirect to /foo/bar/ (as you would 
> expect it to), but /foo/bar/ returns a tomcat 404.
>
> The webapp is not being newly developed, and works fine on tomcat7 on the old 
> machine.
>
> Is there anything that can be done to coax an error message or any message 
> out of tomcat when it fails to deploy something?
>
> Snip of server.xml looks like this:
>
>unpackWARs="true" autoDeploy="true">
>
> 
> 
>
> 
>  directory="logs"
>prefix="localhost_access_log" suffix=".txt"
>pattern="%h %l %u %t %r %s %b" />
>
> 
>
> 

1. Please read
https://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Defining_a_context

You are injecting a Context into a Host at the time when the
server.xml file is parsed. It does not go through the proper
"deployment" processing at start time.

2. What result did you expect?

The default behaviour is to look for a welcome-file, such as
"index.html". Do you have one?

The possible names of welcome files are configured by
"welcome-file-list" setting in the WEB-INF/web of a web application.
(The defaults, shared by all web applications, are configured with the
conf/web.xml file in Tomcat configuration.)

Alternatively, you may reconfigure the DefaultServlet (by copying its
servlet and servlet-mapping configuration from the conf/web.xml file
into your web application) and enable directory listings. Those are
off by default.

https://tomcat.apache.org/tomcat-9.0-doc/default-servlet.html

Best regards,
Konstantin kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: View Differences for Tomcat Configuration file versions

2023-07-02 Thread Konstantin Kolinko
чт, 29 июн. 2023 г. в 19:39, Nadine Young :
>
>
> From the following page, the View Differences button nolonger lists the 
> differences in versions of the Configuration file selected.
>

[1]  https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x

>
> Is there another way to easily view the differences?
>

1. One way to get the information is to view the history of changes
for the "conf" directory. For Tomcat 9.x that is

https://github.com/apache/tomcat/commits/9.0.x/conf

2. It is possible to use the "git diff" command (if you have a clone
of the source repository, and have Git installed), as documented at
[1].


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat webserver is not logging any DEBUG or FINEST logs in catalina.out even after enabling FINEST in logging.proprties file(tomcat-8.5.79/conf/)

2023-06-15 Thread Konstantin Kolinko
чт, 15 июн. 2023 г. в 13:27, Thomson Waghmare :
>
> I am facing an issue in Linux server that webserver service is restarting
> automatically frequently. I tried to enable debug logs by changing the all
> logging properties in tomcat-8.5.79/conf/logging.proprties. But I see only
> INFO logs but no FINE or FINER or FINEST logs.
>
> *logging.properties*
>
> java.util.logging.ConsoleHandler.level = FINE
> java.util.logging.ConsoleHandler.formatter =
> org.apache.juli.OneLineFormatter
> java.util.logging.ConsoleHandler.encoding = UTF-8


The "level" setting on Handlers is a filter.  It filters what log
messages are printed by this specific handler. But it does not affect
the generation of those messages.

Generation of messages is configured at a logger, using the name of a
logger category and ".level" suffix. The logger categories are a
hierarchy, with levels delimited by a dot. The root of the hierarchy
has the name of an empty string ("") and its logging level is
configured by default as

.level = INFO

(with a leading dot)

See java.util.logging documentation and tutorials for details.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [ANN] Apache Tomcat 9.0.74 available

2023-04-18 Thread Konstantin Kolinko
вт, 18 апр. 2023 г. в 16:27, Maxim Solodovnik :
>
> from mobile (sorry for typos ;)
>
>
> On Tue, Apr 18, 2023, 20:16 Rémy Maucherat  wrote:
>
> > On Tue, Apr 18, 2023 at 2:05 PM Maxim Solodovnik 
> > wrote:
> > >
> > > from mobile (sorry for typos ;)
> > >
> > >
> > > On Tue, Apr 18, 2023, 18:58 Rémy Maucherat  wrote:
> > >
> > > > On Tue, Apr 18, 2023 at 1:49 PM Maxim Solodovnik  > >
> > > > wrote:
> > > > >
> > > > > Hello,
> > > > >
> > > > > For some reason there are no binary artifacts here:
> > > > > https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.74 :(
> > > >
> > > > Please do not use the archive for regular downloads, you should use
> > > > the cdn instead: https://tomcat.apache.org/download-90.cgi or
> > > > https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.74/
> > >
> > >
> > > I wasn't aware archived downloads are available via CDN, thanks for the
> > > pointer!
> > > I'll update our maven build
> >
> > Only the up to date build is available in the CDN. The archive has all
> > older builds but uses the ASF bandwidth (and also needs more time to
> > sync, it is not a bug).
> >
>
> Actually binaries are available in archive since they are uploaded to
> 'release' 
>
> (They are available now)
>
> Maven build should be reproducible, so the only option is to use archive
> 

If you look at "downloadzip-2" and similar targets in the build.xml
file of Tomcat,
and at the following lines in build.properties.default

base-apache.loc.1=https://dlcdn.apache.org
base-apache.loc.2=https://archive.apache.org/dist

You can use it as an example. It tries to download dependencies from
CDN first, and fallbacks to using the archive site.

You can also download from Maven Central. Tomcat releases are also
published there.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can't get RemoteIpValve to work

2023-03-24 Thread Konstantin Kolinko
пт, 24 мар. 2023 г. в 13:30, Leon Rosenberg :
>
> Hi,
>
> we have following setup
> apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 (on
> same host).
> Connection is via apache mod_http/proxy.
>
> Internal IP of the host is 10.138.0.3 (where httpd and docker are running).
> In localhost_access log we see always 10.138.0.3 address.

Your version of Tomcat = ?

If access log is all that you care about, you should note that the default value
of requestAttributesEnabled attribute of AccessLogValve is false.

https://tomcat.apache.org/tomcat-10.1-doc/config/valve.html#Access_Log_Valve

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: javax.naming.NamingException: Could not create resource instance

2023-03-23 Thread Konstantin Kolinko
пт, 24 мар. 2023 г. в 03:47, Kevin Huntly :
>
> Object
> of type [class jakarta.mail.Session] available at JNDI location
> [java:comp/env/mail/MailSession] is not assignable to [jakarta.mail.Session]

Apparently you have two copies of a "jakarta.mail.Session" class,
loaded by different classloaders.

FYI:
https://tomcat.apache.org/tomcat-10.1-doc/class-loader-howto.html

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: javax.naming.NamingException: Could not create resource instance

2023-03-23 Thread Konstantin Kolinko
пт, 24 мар. 2023 г. в 03:09, Konstantin Kolinko :
>
> чт, 23 мар. 2023 г. в 18:38, Kevin Huntly :
> >
> > Hi Everyone,
> >
> > I just migrated one of my apps off javax.servlet and onto jakarta.servlet.
> > I am getting the following exception:
> >
> > 
> > [Time: 23 Mar 2023 11:31:44,134][Thread: main][Log:
> > org.springframework.web.context.support.XmlWebApplicationContext][Level:
> > WARN ] - [File: AbstractApplicationContext.java:591] - Exception
> > encountered during context initialization - cancelling refresh attempt:
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'mailSession': Invocation of init method failed; nested
> > exception is javax.naming.NamingException: Could not create resource
> > instance
> > [Time: 23 Mar 2023 11:31:44,139][Thread: main][Log:
> > org.springframework.web.servlet.DispatcherServlet][Level: ERROR] - [File:
> > FrameworkServlet.java:534] - Context initialization failed
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'mailSession': Invocation of init method failed; nested
> > exception is javax.naming.NamingException: Could not create resource
> > instance
> > at
> > [...]
> > ... 59 more
> > 
> >
> > I've never seen this exception before, and the same code/configuration
> > works on Tomcat 9.0.73. This is coming from 10.1.7 on RHEL 8.7 with SELinux
> > enabled. I know the exception is coming from Spring, but it is definitely
> > related to the JNDI configuration for my mailsession.
> >
> > The base context.xml is largely unchanged, with the exception of this
> > addition:
>
> (You say "the base context.xml." If you were editing the default
> conf/context.xml file shared by all web applications, instead of the
> one that belongs to our own web application, that is a usual
> misunderstanding / misconfiguration. Though not relevant to your
> error.)
>
> Documentation:
> https://tomcat.apache.org/tomcat-10.1-doc/config/context.html#Defining_a_context
>
> > 
> >  > type="javax.mail.Session" description="E-Mail Resource"
> > mail.debug="true" mail.transport.protocol="smtp"
> > mail.smtp.host="localhost" mail.smtp.auth="false" />
> > 
> >
> > Anyone have any ideas?
>
> Have you read the docs on configuring the mail session factory?
> https://tomcat.apache.org/tomcat-10.1-doc/jndi-resources-howto.html#JavaMail_Sessions
>
> Note that
> "4" an implementation library for Mail API is not bundled with Tomcat
> (you have to provide the needed library),  Do you have one?
>
> "3" If the documentation is correct, the name of the package in
> Jakarta EE is "jakarta.mail.", not "javax.mail." (as used in your
> configuration),

Regarding Mail API links in the documentation, see
https://bz.apache.org/bugzilla/show_bug.cgi?id=66542

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: javax.naming.NamingException: Could not create resource instance

2023-03-23 Thread Konstantin Kolinko
чт, 23 мар. 2023 г. в 18:38, Kevin Huntly :
>
> Hi Everyone,
>
> I just migrated one of my apps off javax.servlet and onto jakarta.servlet.
> I am getting the following exception:
>
> 
> [Time: 23 Mar 2023 11:31:44,134][Thread: main][Log:
> org.springframework.web.context.support.XmlWebApplicationContext][Level:
> WARN ] - [File: AbstractApplicationContext.java:591] - Exception
> encountered during context initialization - cancelling refresh attempt:
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'mailSession': Invocation of init method failed; nested
> exception is javax.naming.NamingException: Could not create resource
> instance
> [Time: 23 Mar 2023 11:31:44,139][Thread: main][Log:
> org.springframework.web.servlet.DispatcherServlet][Level: ERROR] - [File:
> FrameworkServlet.java:534] - Context initialization failed
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'mailSession': Invocation of init method failed; nested
> exception is javax.naming.NamingException: Could not create resource
> instance
> at
> [...]
> ... 59 more
> 
>
> I've never seen this exception before, and the same code/configuration
> works on Tomcat 9.0.73. This is coming from 10.1.7 on RHEL 8.7 with SELinux
> enabled. I know the exception is coming from Spring, but it is definitely
> related to the JNDI configuration for my mailsession.
>
> The base context.xml is largely unchanged, with the exception of this
> addition:

(You say "the base context.xml." If you were editing the default
conf/context.xml file shared by all web applications, instead of the
one that belongs to our own web application, that is a usual
misunderstanding / misconfiguration. Though not relevant to your
error.)

Documentation:
https://tomcat.apache.org/tomcat-10.1-doc/config/context.html#Defining_a_context

> 
>  type="javax.mail.Session" description="E-Mail Resource"
> mail.debug="true" mail.transport.protocol="smtp"
> mail.smtp.host="localhost" mail.smtp.auth="false" />
> 
>
> Anyone have any ideas?

Have you read the docs on configuring the mail session factory?
https://tomcat.apache.org/tomcat-10.1-doc/jndi-resources-howto.html#JavaMail_Sessions

Note that
"4" an implementation library for Mail API is not bundled with Tomcat
(you have to provide the needed library),  Do you have one?

"3" If the documentation is correct, the name of the package in
Jakarta EE is "jakarta.mail.", not "javax.mail." (as used in your
configuration),

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 7.0.54

2023-02-24 Thread Konstantin Kolinko
пт, 24 февр. 2023 г. в 00:42, :
>
> Hi all
>
>
>
> Can you tell me if there is a difference between Tomcat 7.0.54 with Oracle
> JRE 1.8.0_221 and OpenJDK 1.8.0_342 from a functional perspective? Can it
> be, that certain DB transactions are handled different between these two
> java versions? Yes, I know, Tomcat 7.0.54 is . old, legacy, vulnerable - but
> still, if someone knows, I would appreciate the reply.

1. Regarding differences between Java 1.8.0_221 and 1.8.0_342, you can
read release notes provided by Oracle.

In general, usually there are the following changes
- updates to the time zone database
- security updates, such as disabling weak ciphers

Though I think that OpenJDK may use the time zone database provided by
the operating system.

2. If your Tomcats run on different systems, or under different user accounts,
I would pay attention to timezone and locale settings for those.

In my country I sometimes see documents (such as receipts) generated
by misconfigured systems, using a different decimal separator
character in numbers (point vs comma), different format for dates, or
having daylight time changes when there should have been none.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Database related performance degradation after upgrading from Tomcat 9.0.33 to Tomcat 9.0.69

2023-02-21 Thread Konstantin Kolinko
ср, 22 февр. 2023 г. в 01:31, Artur Tomusiak - Hannon Hill
:
>
> After upgrading from Tomcat 9.0.33 to Tomcat 9.0.69,

Note that using a binary search (bisection) one could limit the version range.

Alternatively, it is possible to reconfigure the pool to use Apache
Commons DBCP 2 and Apache Commons Pool 2 directly (instead of
package-renamed version used by Tomcat), and bisect their version
ranges.

> [...]
>
> Here is our database connection configuration in context.xml file:
>
>name="jdbc/CascadeDS"
> auth="Container"
> type="javax.sql.DataSource"
> username="@{dbusername}"
> password="@{dbpassword}"
> driverClassName="com.mysql.jdbc.Driver"
>
> url="jdbc:mysql://@{dbhostport}/@{dbname}?useUnicode=truecharacterEncoding=UTF-8useSSL=false"
> maxTotal="250"
> maxIdle="10"

Only 10 idle connections are allowed?

So if you have 250 active connections, only 10 of them can be returned
to the pool, and the other 240 of them have to be closed and reopened.

How many active connections do you usually have? Are those numbers adequate?

> maxWaitMillis="3000"
> removeAbandonedOnBorrow="true"
> removeAbandonedOnMaintenance="true"
> removeAbandonedTimeout="300"
> logAbandoned="true"
> testOnBorrow="true"
> testOnCreate="true"

I do not see a "validationQuery", so you are relying on
connection.isValid() for those tests...

Why do you need a "testOnCreate" ?

>   />

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [solved] How to debug 404s / How to enable error log

2023-01-31 Thread Konstantin Kolinko
ср, 1 февр. 2023 г. в 00:51, Michael B Allen :
>
> ├───conf
> │   │   server.xml
> │   │   tomcat-users.xml
> │   │   web.xml

> > It assumes that you are familiar with java.util.logging.
> >
>
> That's unfortunate.  It would be so much nicer if it was a simple one-liner.

It is configured with logging.properties file, and your configuration is missing
catalina.properties
context.xml
logging.properties

files that are required for proper operation.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: How to debug 404s / How to enable error log

2023-01-31 Thread Konstantin Kolinko
ср, 1 февр. 2023 г. в 00:04, Michael B Allen :
>
> This is embarrassing. I have apparently forgotten how to operate Tomcat.
>

Welcome!

The main help file for running Tomcat is RUNNING.txt,
with additional information in webapps/docs/setup.html and
webapps/docs/windows-service-howto.html

> I just downloaded openjdk 17, Tomcat 10.1.5 to a clean Windows 10, upacked
> everything, created a myapp-base with a .bat like:
>
> --8<-- bin\start.bat --8<--
>
> setlocal
>
> set "JRE_HOME=C:\tmp\java17"
> set "CATALINA_HOME=C:\tmp\tomcat10"
> set "CATALINA_BASE=C:\tmp\myapp-base"
>
> %CATALINA_HOME%\bin\catalina.bat start
>
> --
>
> Copied webapp files into the webapps dir.
>
> On bin\start I get some INFO in the console like:
>
> Jan 31, 2023 3:46:02 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["http-nio-8080"]
> Jan 31, 2023 3:46:02 PM org.apache.catalina.startup.Catalina load
> INFO: Server initialization in [797] milliseconds
> Jan 31, 2023 3:46:02 PM org.apache.catalina.core.StandardService
> startInternal
> INFO: Starting service [Catalina]
> Jan 31, 2023 3:46:02 PM org.apache.catalina.core.StandardEngine
> startInternal
> INFO: Starting Servlet engine: [Apache Tomcat/10.1.5]
> Jan 31, 2023 3:46:02 PM org.apache.catalina.startup.HostConfig
> deployDirectory
> INFO: Deploying web application directory [C:\tmp\myapp-base\webapps\myapp]
> Jan 31, 2023 3:46:02 PM org.apache.catalina.startup.ContextConfig
> getDefaultWebXmlFragment
> INFO: No global web.xml found

The above message is odd.
Essentially, it means that the file %CATALINA_BASE%\conf\web.xml does not exist.

How have you configured your %CATALINA_BASE% directory?


The conf/web.xml configures all the defaults, shared by all web applications.
That includes
- declaration of DefaultServlet
- declaration of JspServlet
- "welcome-file-list"
- "mime-mapping"s

> Jan 31, 2023 3:46:03 PM org.apache.jasper.servlet.TldScanner scanJars
> INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable
> debug logging for this logger for a complete list of JARs that were scanned
> but no TLDs were found in them. Skipping unneeded JARs during scanning can
> improve startup time and JSP compilation time.
> Jan 31, 2023 3:46:03 PM org.apache.catalina.startup.HostConfig
> deployDirectory
> INFO: Deployment of web application directory
> [C:\tmp\myapp-base\webapps\myapp] has finished in [656] ms
> Jan 31, 2023 3:46:03 PM org.apache.coyote.AbstractProtocol start
> INFO: Starting ProtocolHandler ["http-nio-8080"]
> Jan 31, 2023 3:46:03 PM org.apache.catalina.startup.Catalina start
> INFO: Server startup in [765] milliseconds
>
> The myapp servlet filter init runs. A localhost access log is created in
> myapp-base\logs.
>
> But trying to access anything through localhost:8080 or remotely by
> hostname fails with nothing but 404:
>
> 10.22.10.30 - - [31/Jan/2023:15:14:49 -0500] "GET /myapp/ HTTP/1.1" 404 682
> 10.22.10.30 - - [31/Jan/2023:15:14:49 -0500] "GET /favicon.ico HTTP/1.1"
> 404 682
> 0:0:0:0:0:0:0:1 - - [31/Jan/2023:15:22:43 -0500] "GET / HTTP/1.1" 404 682
> 0:0:0:0:0:0:0:1 - - [31/Jan/2023:15:22:43 -0500] "GET /favicon.ico
> HTTP/1.1" 404 682
> 0:0:0:0:0:0:0:1 - - [31/Jan/2023:15:22:49 -0500] "GET /myapp HTTP/1.1" 302 -

At least the web application is there. A 302 redirect happens.

> 0:0:0:0:0:0:0:1 - - [31/Jan/2023:15:22:49 -0500] "GET /myapp/ HTTP/1.1" 404
> 682
> 0:0:0:0:0:0:0:1 - - [31/Jan/2023:15:22:53 -0500] "GET /myapp/index.jsp
> HTTP/1.1" 404 682

No JspServlet (to serve it as a JSP page), nor DefaultServlet (to
serve it as a plain downloadable file) are configured.

> So now I'm just trying to find out how to enable an error log and for the
> life of me I'm completely blanking.
>
> How does one enable a debug log? The documentation about such things is
> pretty cryptic.

It assumes that you are familiar with java.util.logging.

> How can I diagnose this further?
>

BTW,
Note that Tomcat 10+ implements JakartaEE Servlet specification.

If your web application is based on JavaEE Servlet specification,
it cannot be put into webapps as is, and has to be converted.

See Migration guide.
https://tomcat.apache.org/migration-10.html#Specification_APIs

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Compatibility, 32 bit ..

2022-10-28 Thread Konstantin Kolinko
чт, 27 окт. 2022 г. в 18:02, John Dale (DB2DOM) :
>
> I had the same thought when I saw it.  Here is java -version output complete:
>
> openjdk version "9-internal"
> OpenJDK Runtime Environment (build 9-internal+0-2016-04-14-195526.buildd.src)
> OpenJDK Server VM (build 9-internal+0-2016-04-14-195526.buildd.src, mixed 
> mode)

The first official release of Java 9 (GA release) was on 21 September
2017 [1][2]

What you are seeing here (built in 2016) apparently is some early access stuff.

As a whole, Java 9 has already reached its end of life. (LTS releases
are Java 8, 11 and 17).

[1] https://openjdk.org/projects/jdk9/
[2[ https://en.wikipedia.org/wiki/Java_version_history

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat/Java app timezone radomly changes during operation.

2022-10-28 Thread Konstantin Kolinko
чт, 27 окт. 2022 г. в 18:31, David :
>
> Hi all,
>
>   I've experienced an issue since the morning of the 21st that I'm
> hoping to get some direction on for where to look.
>
>   An app uses the date/time to set a timeout for a password reset.
> This had been working fine for years and suddenly it failed.  A restart of
> tomcat allowed it to work for a day, then 12 hours, then 5 hours, then 1 hr
> and now is averaging a 10 minute or so working duration between tomcat
> restarts.
>
> Changing the logging in the app showed that the issue is due to it
> sending UTC to the DB while it is broken.  Restarting Tomcat results in CDT
> being sent for a while until randomly it switches again.
>
> RHEL 7.9, jvm 1.8.0_231-b11, Tomcat 9.0.29

Looking at the changelog since 9.0.29 onwards,
there was the following issue, fixed in 9.0.34 two years ago:

https://bz.apache.org/bugzilla/show_bug.cgi?id=64226
"Tomcat 9 can return HTTP date headers in timezone other than GMT"

Fixed by commit
https://github.com/apache/tomcat/commit/f64a2a7150bff01bca479c7c319b7e8db879df26

It is about how parsing a date time string may affect formatting time
if the same SimpleDateFormat instance is reused. It is triggered by a
client sending a header using a different time zone.


It is unlikely your issue with the database (unless your application
uses Tomcat internal classes such as ConcurrentDateFormat or
FastHttpDateFormat), but it affects HTTP headers generated by Tomcat.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Help with deploying multiple .WAR files in Tomcat

2022-08-05 Thread Konstantin Kolinko
чт, 4 авг. 2022 г. в 22:21, Shakila Rajaiah :
>
> Hello Tomcat users,
> Can someone help me find the correct documentation to deploy more than one 
> war file on Tomcat server. The information available on the web is confusing.
> I followed this instruction

1. This mailing list expects e-mails to be in plain text. As such, any
link that you might have had above, and any yellow highlighting of the
text are lost.

 > and dropped both test1.war and test2.war files in the webapps
folder. Test1.war seems to have deployed correctly. Howeevr I received
multiple error messages with deploying test2.war. The errors are
highlighted in yellow.
> Simply drop both war files into Tomcat's webapps folder. That is all you need 
> to do. By default, Tomcat expands ("explodes" some say) each war (technically 
> a zip file) into a folder and automatically deploys the app for you. This 
> happens on the fly if Tomcat is already running, or on startup when you 
> launch Tomcat.
>
> and this is the error message that I received.
>
> [...]

> org.apache.catalina.startup.HostConfig.deployWAR Deploying web application 
> archive [C:\apache-tomcat-9.0.46\webapps\Test2-0.0.1-SNAPSHOT.war]

2. The above name of a war file means that it will be unpacked as
"Test2-0.0.1-SNAPSHOT". Thus the root URL of your web application will
look like the following:

http://localhost:8080/Test2-0.0.1-SNAPSHOT/

If that is what you are expecting, then OK.

See
https://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Naming

> Caused by: java.lang.IllegalArgumentException: More than one fragment with 
> the name [org_apache_jasper_el] was found. This is not legal with relative 
> ordering. See section 8.2.2 2c of the Servlet specification for details. 
> Consider using absolute ordering.

3.The above message mentions the Servlet Specification.

Links to different versions of the specification may be found here:

https://cwiki.apache.org/confluence/display/TOMCAT/Specifications


4. Regarding "org_apache_jasper_el".

It looks like your war includes a library that provides implementation
of EL (expression language, as used in JSPs).

An implementation of EL is provided by Tomcat. As well as
implementations of the Servlet, JSP and WebSocket APIs.

If your pom.xml file references such dependencies, annotate them with
"provided", so that they are not packed into a war
file.

https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Scope

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat Not coming up in UNIX machine post upgrade

2022-08-05 Thread Konstantin Kolinko
пт, 5 авг. 2022 г. в 10:58, Chandan Singh :
>
> Hi All ,
>
> I am facing issue while upgrading to tomcat 9.063 from 9.011 .  Application 
> is not coming up with 503 error  , neither do I see any error message in logs 
> file .

As you are getting an error 503 and not just a timeout with no
response, it likely means that Tomcat is up and running.

You can verify whether Tomcat is processing requests by looking into
an access log file (as generated by AccessogValve).

https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario

If there are no errors, it likely means that there are some info /
success messages. Do you see the usual log messages that your web
application has started up, and running?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Regarding IPv6 support

2022-08-03 Thread Konstantin Kolinko
ср, 3 авг. 2022 г. в 10:19, Nitish Chitta :
>
> Hello Team,
> I wanted to know if Tomcat 7 supports requests with IPv6 addresses in the
> URL as I am getting an HTTP 404 error when trying to hit the server with an
> IPv6 address.

1. Tomcat 7 has reached  End of Life and is no longer supported.

2. If the server answers with 404 it means that it does work and can answer.

Check your access logs (as generated by AccessLogValve) to see

a.. that the server receives the requests
b. what is the actual IP address of your client, as seen by the server.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Logging "location" header from the HTTP response

2022-05-26 Thread Konstantin Kolinko
чт, 26 мая 2022 г. в 18:19, Robert Hicks :
>
> We would like to start logging the response location in Tomcat. I am not
> sure where to look something like that up.

You are not mentioning the version number, but from other threads I
assume that it is 9.0.x.

Here:
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Log_Valve

Look for "%{xxx}o"

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: How can I stop scanning TLD's?

2022-04-13 Thread Konstantin Kolinko
вт, 12 апр. 2022 г. в 23:31, Blake McBride :
>
> Greetings,
>
> When booting my app, the system takes a long time to get past:
>
> 12-Apr-2022 20:21:18.648 INFO [main]
> org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned
> for TLDs yet contained no TLDs. Enable debug logging for this logger for a
> complete list of JARs that were scanned but no TLDs were found in them.
> Skipping unneeded JARs during scanning can improve startup time and JSP
> compilation time.
>
> [...]
>
>
> I guess it is scanning for TLD's.  I'm not completely sure what that is but
> if possible, I'd like to bypass that step as much as possible.

The FAQ:
https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: PostConstruct annotation in a filter since version 9.0.60

2022-04-03 Thread Konstantin Kolinko
сб, 2 апр. 2022 г. в 00:02, Cherio :
>
> I observed an announced change in behavior in version 9.0.60 (and later).
>
> My application has a Spring class loaded as a javax.servlet.Filter. It has
> a method annotated with a PostConstruct annotation. Up until Tomcat 9.0.59
> the annotation was handled by Spring. Starting with Tomcat 9.0.60 behavior
> changed. Now Tomcat attempts to take action on that method. The attempt
> fails with "java.lang.IllegalArgumentException: Invalid
> javax.annotation.PostConstruct annotation" exception and that results in
> the whole application failing to start.

1. You have to provide a stacktrace for that error.
Without a stacktrace the above are just words.
The stack trace will show whether it is Tomcat code that is failing,
or there is Spring code in the call chain.
Also (if version of Tomcat is known as well), one can match it to
source code and see at what step in the startup sequence it happened.

2. You say that it is a javax.servlet.Filter and it is coded so that
Tomcat will not be able to create an instance of that class - proper
creation of an instance of that filter must be done by Spring, so that
Spring processes those PostConstruct annotations.

Am I understanding you correctly?

If so, then that Filter is not part of the web application itself
(cannot be declared in web.xml, cannot be annotated with
javax.servlet.annotation.WebFilter annotation). It should be
instantiated by Spring and injected into the starting web application.
Right?

3. Annotation scanning is configurable to some extent.
It is possible to turn off some scanning, or configure it to scan/do
not scan some jars.

See the following wiki page for links:
https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp#HowToFasterStartUp-JARscanning


> I use PostConstruct in other Spring modules but it looks like Tomcat cares
> only about classes it deals with directly.
>
> I do not see this change documented anywhere so I assume this may be a
> regression or an undocumented bug fix or feature.
>
> Does anyone have more information about this?
> Thanks!

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Installing Jenkins (WAR) on Tomcat - Corrupts SMTP / Email for Java Apps

2022-04-01 Thread Konstantin Kolinko
чт, 31 мар. 2022 г. в 23:46, Decker, Richard :
>
> Tomcat Users,
>
> Sorry if this is a bit off base, but does anyone have experience with this 
> unusual problem? As soon as I uninstall Jenkins (& restart tomcat), I can 
> send java emails just fine through Tomcat. When I load the Jenkins war it 
> breaks emails being sent immediately, by our other installed (custom) java 
> apps in Tomcat. This server has been around for 6+ years, and the problem 
> just starting occurring on Jan 24th of this year, without me knowing what 
> changed. Looking at the smtp logs, it corrupts the mail before it leaves the 
> system, before it hits the mail server. Replacing the original message with 
> garbage like this example below:
>
>
> --=_Part_3_1832428443.1648744184783--
>

I do not understand your example. (If there was an image, images are
not allowed and are stripped by a mailing list server).

The above line is a valid delimiter for parts of a mime multipart
message. It ends with "--", so it is the final delimiter that ends the
message.


>
> Curiously when I deleted the 'work' dir under tomcat it temporarily solved 
> the problem, allowing emails to be sent properly/correctly, but email 
> eventually became corrupt again, just hours later, and deletion of the 'work' 
> dir does nothing now (tried many times). I removed every mail related plugin 
> in the .jenkins install dir, thinking the JVM was being corrupted with 
> multiple java mail files, with no success/luck on the email send. Searched 
> through the markmail archive, Jenkins forum, and google with nothing really 
> matching the described issue.
>
>
> Env: Oracle Linux 7.9
> Tomcat: 8.5.72  (tried with 8.5.65, when I know it was working)
> Java: jdk1.8.0_311  (tried with 281, when I know it was working)
> Apr: 1.7.0
> Apr-util: 1.6.1
> Openssl: 1.1.1l
> tomcat-native: 1.2.31-src
> Jenkins: 2.332.1 LTS (tried several / various previous versions that I know 
> worked)
> Postfix: 2.10.1-9.el7.x86_64
> Mail Jar: javax.mail-1.6.2.jar

Does every web application come with its own copy of
"javax.mail-1.6.2.jar", or the same library is shared by several web
applications? Sharing can result in side effects.

1. I think that when something weird happens but you can reproduce it,
the fastest way is to try remote debugging. If Tomcat has been started
with certain options you can attach a remote debugger. See

https://cwiki.apache.org/confluence/display/TOMCAT/Debugging
https://cwiki.apache.org/confluence/display/TOMCAT/Developing#Developing-Q1

Also do not forget to look for any strange errors in the log files.

2. When a library is shared by web applications, side effects are
related to the broken life cycle of that library. Essentially they are
likely to lead to a "Perm Gen memory leak".

If you are new to this, it may be hard to explain, but some info is at
https://cwiki.apache.org/confluence/display/TOMCAT/MemoryLeakProtection#MemoryLeakProtection-LogFactory
and there are some presentations at
https://tomcat.apache.org/presentations.html

3.  A web application may illegally call System.setProperty() and thus
affect global configuration. I saw some libraries doing so.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Possibly Silly Question

2022-03-28 Thread Konstantin Kolinko
пт, 25 мар. 2022 г. в 19:17, Robert Hicks :
>
> Just looking the history page says:
>
> *Apache Tomcat 3.0.x*. Initial Apache Tomcat release.
>
> Wikipedia also mentions:
> 2.0 1998 Tomcat started off in November 1998[16]
> <https://en.wikipedia.org/wiki/Apache_Tomcat#cite_note-16> as a
> servlet reference
> implementation
> <https://en.wikipedia.org/wiki/Reference_implementation_(computing)> by James
> Duncan Davidson <https://en.wikipedia.org/wiki/James_Duncan_Davidson>, a
> software architect at Sun Microsystems.
> So that probably means it was "internal" only.

See also
https://tomcat.apache.org/heritage.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: AW: Maybe a stupid (Windows related) question

2022-03-23 Thread Konstantin Kolinko
ср, 23 мар. 2022 г. в 14:12, Rony G. Flatscher (Apache) :
>
> skip...
>
> startup.bat uses start to run catalina.bat in a new cmd window with:
>
> call "%EXECUTABLE%" start %CMD_LINE_ARGS%
>
> catalina.bat then starts Tomcat as:
>
> %_EXECJAVA% %CATALINA_LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS% 
> %CATALINA_OPTS% %DEBUG_OPTS%
> -D%ENDORSED_PROP%="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%"
> -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%"
> -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% 2>&1 1>
> D:\orx.debug\work_rii_tomcat\test.log
>
> This does not work.

(It does not matter, but you somehow lost "%ACTION%" at the end of the
above line.)

If I prefix the above line with "echo" to see what command is being
executed, like this:

echo %_EXECJAVA% %CATALINA_LOGGING_CONFIG% %LOGGING_MANAGER%
%JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS%
-D%ENDORSED_PROP%="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%"
-Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%"
-Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS%
%ACTION% 1>>mylog.txt 2>&1

then I get the following results:

a) After calling "startup.bat" or "catalina.bat start" I see the
following in mylog.txt:

start "Tomcat" "C:\pathtojava\java.exe" .
org.apache.catalina.startup.Bootstrap start

b) After calling "catalina.bat run" I see the following:

"C:\pathtojava\java.exe" . org.apache.catalina.startup.Bootstrap start

Note the difference.

It is the "start" command that creates a new window.  The "call"
command that you mentioned is just a command to execute a different
batch file and return to continue executing the original batch file.

BTW, commands "help start" and "help call" print some reference for
those commands.


Looking at the reference for "start", I think your only option is to
use "catalina.bat run" to start Tomcat. When I do so, the redirection
works as expected.


The following also works, without any modifications to the catalina.bat file:

catalina.bat run 1>>mylog.txt 2>&1

or with remote debugging being enabled:

catalina.bat jpda run 1>>mylog.txt 2>&1

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Maybe a stupid (Windows related) question

2022-03-23 Thread Konstantin Kolinko
вт, 22 мар. 2022 г. в 20:21, Rony G. Flatscher (Apache) :
>
> For debugging purposes I downloaded the zip-version of Tomcat 10.0.18 and 
> start it up using
> %CATALINA_HOME%\bin\startup.bat.
>
> 
>
> Probably I have been doing something wrong in the past hours and not seeing 
> the forest for the trees
> anymore I kindly request help: what is needed to successfully redirect stderr 
> and stdout to
> %CATALINA_HOME%\logs after unzipping Tomcat 10 and starting it on Windows 
> using
> %CATALINA_HOME%\bin\startup.bat?
>
> TIA for any help/pointer!

First, I second Chris's answer

вт, 22 мар. 2022 г. в 22:19, Christopher Schultz :
> 
>
> ... Windows CAN redirect both stdout and stderr to
> two different places, and also to combine them just like you can on *nix:
>
> bin\catalina.bat run 2>&1 > stdout_stderr.log
>
> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb490982(v=technet.10)?redirectedfrom=MSDN
>

Note that
"startup.bat" is an equivalent of calling "catalina.bat start".
"shutdown.bat" is an equivalent of "catalina.bat stop".

The above command (with " run") is a different one:
it starts Tomcat in the same console window, as opposed to " start"
that opens a new console window.

Second,
To redirect java.util.logging output to a file, replace ConsoleHandler
in conf/logging.properties with a FileHandler that writes all those
log lines to a file.

Actually, logging.properties already has such a FileHandler
configured. See the following line:

.handlers = 1catalina.org.apache.juli.AsyncFileHandler,
java.util.logging.ConsoleHandler

It configures handlers for "." (the root). So all the same information
is also being written to a "1catalina" FileHandler. Removing the
"ConsoleHandler" from that line will stop duplicating all those log
messages to the console.

Third,
If you app is actually calling System.err.println(), see about
"swallowOutput" setting here
https://tomcat.apache.org/tomcat-10.0-doc/logging.html#Console
https://tomcat.apache.org/tomcat-10.0-doc/config/context.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Many IllegalStateException when using http2 protocol

2022-03-10 Thread Konstantin Kolinko
чт, 10 мар. 2022 г. в 18:16, Thomas Hoffmann (Speed4Trade GmbH)
:
>
> > -Ursprüngliche Nachricht-
> > Von: Konstantin Kolinko 
> > Gesendet: Mittwoch, 9. März 2022 00:52
> > An: Tomcat Users List 
> > Betreff: Re: Many IllegalStateException when using http2 protocol
> >
> > пн, 7 мар. 2022 г. в 16:26, Thomas Hoffmann (Speed4Trade GmbH)
> > :
> > >
> > > Hello,
> > >
> > > Since upgrading from Tomcat 9.0.56 to Tomcat 10.0.16, the 
> > > localhost-logfile
> > is filling up with stacks of the form:
> > >
> > > 07-Mar-2022 07:24:01.780 SCHWERWIEGEND [https-openssl-nio-443-exec-
> > 21] org.apache.catalina.core.ApplicationDispatcher.invoke Servlet.service()
> > for servlet [jsp] threw exception
> > > java.lang.IllegalStateException: Connection [66], Stream [113], 
> > > Unable
> > to write to stream once it has been closed
> > > at
> > org.apache.coyote.http2.Stream$StreamOutputBuffer.doWrite(Stream.java:
> > 843)
> > > at
> > org.apache.coyote.http11.filters.GzipOutputFilter$FakeOutputStream.write(
> > GzipOutputFilter.java:159)
> > > at
> > java.base/java.util.zip.DeflaterOutputStream.deflate(DeflaterOutputStream.
> > java:252)
> > > at
> > java.base/java.util.zip.DeflaterOutputStream.write(DeflaterOutputStream.ja
> > va:210)
> > > at
> > java.base/java.util.zip.GZIPOutputStream.write(GZIPOutputStream.java:148
> > )
> > > at
> > org.apache.coyote.http11.filters.GzipOutputFilter.doWrite(GzipOutputFilter.
> > java:69)
> > > at
> > org.apache.coyote.http2.Http2OutputBuffer.doWrite(Http2OutputBuffer.jav
> > a:59)
> > > at org.apache.coyote.Response.doWrite(Response.java:625)
> > > at
> > org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.ja
> > va:340)
> > > at
> > org.apache.catalina.connector.OutputBuffer.flushByteBuffer(OutputBuffer.j
> > ava:783)
> > > at
> > org.apache.catalina.connector.OutputBuffer.realWriteChars(OutputBuffer.ja
> > va:453)
> > > at
> > org.apache.catalina.connector.OutputBuffer.flushCharBuffer(OutputBuffer.j
> > ava:788)
> > > at
> > org.apache.catalina.connector.OutputBuffer.append(OutputBuffer.java:727)
> > > at
> > org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:505)
> > > at
> > org.apache.catalina.connector.CoyoteWriter.write(CoyoteWriter.java:148)
> > > at
> > org.apache.catalina.filters.ExpiresFilter$XPrintWriter.write(ExpiresFilter.java:
> > 850)
> > > at
> > org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:275)
> > > at 
> > > java.base/java.io.PrintWriter.write(PrintWriter.java:506)
> > > at
> > org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:275)
> > > at 
> > > java.base/java.io.PrintWriter.write(PrintWriter.java:506)
> > > at
> > org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:112
> > )
> > > at
> > org.apache.jasper.runtime.JspWriterImpl.flush(JspWriterImpl.java:160)
> > > at
> > org.apache.jsp.WEB_002dINF.jsp.businessrelations.ticket_005frelations_inc_
> > jsp._jspService(ticket_005frelations_inc_jsp.java:702)
> > > ...
> > >
> > > The jsp-file varies between the stacktraces, so it is not related to a 
> > > certain
> > jsp-File.
> > > The stream.java looks like (which didn’t change from Tomcat 9 to 10):
> > > @Override
> > >     public final synchronized int doWrite(ByteBuffer chunk) throws
> > IOException {
> > > if (closed) {
> > > throw new IllegalStateException(
> > > sm.getString("stream.closed",
> > > getConnectionId(), getIdAsString()));
> >
> > I wonder why it throws an ISE here, instead of a proper IOException as
> > declared by this method.
> > (It looks like a bug, but I have not investigated the history of this code 
> > yet.)
> >
> > There is nothing suspicious in the stacktrace. An unusual bit of 
> > configuration
> > here is having enabled a GzipOutputFilter.

Re: Many IllegalStateException when using http2 protocol

2022-03-08 Thread Konstantin Kolinko
пн, 7 мар. 2022 г. в 16:26, Thomas Hoffmann (Speed4Trade GmbH)
:
>
> Hello,
>
> Since upgrading from Tomcat 9.0.56 to Tomcat 10.0.16, the localhost-logfile 
> is filling up with stacks of the form:
>
> 07-Mar-2022 07:24:01.780 SCHWERWIEGEND [https-openssl-nio-443-exec-21] 
> org.apache.catalina.core.ApplicationDispatcher.invoke Servlet.service() for 
> servlet [jsp] threw exception
> java.lang.IllegalStateException: Connection [66], Stream [113], 
> Unable to write to stream once it has been closed
> at 
> org.apache.coyote.http2.Stream$StreamOutputBuffer.doWrite(Stream.java:843)
> at 
> org.apache.coyote.http11.filters.GzipOutputFilter$FakeOutputStream.write(GzipOutputFilter.java:159)
> at 
> java.base/java.util.zip.DeflaterOutputStream.deflate(DeflaterOutputStream.java:252)
> at 
> java.base/java.util.zip.DeflaterOutputStream.write(DeflaterOutputStream.java:210)
> at 
> java.base/java.util.zip.GZIPOutputStream.write(GZIPOutputStream.java:148)
> at 
> org.apache.coyote.http11.filters.GzipOutputFilter.doWrite(GzipOutputFilter.java:69)
> at 
> org.apache.coyote.http2.Http2OutputBuffer.doWrite(Http2OutputBuffer.java:59)
> at org.apache.coyote.Response.doWrite(Response.java:625)
> at 
> org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:340)
> at 
> org.apache.catalina.connector.OutputBuffer.flushByteBuffer(OutputBuffer.java:783)
> at 
> org.apache.catalina.connector.OutputBuffer.realWriteChars(OutputBuffer.java:453)
> at 
> org.apache.catalina.connector.OutputBuffer.flushCharBuffer(OutputBuffer.java:788)
> at 
> org.apache.catalina.connector.OutputBuffer.append(OutputBuffer.java:727)
> at 
> org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:505)
> at 
> org.apache.catalina.connector.CoyoteWriter.write(CoyoteWriter.java:148)
> at 
> org.apache.catalina.filters.ExpiresFilter$XPrintWriter.write(ExpiresFilter.java:850)
> at 
> org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:275)
> at java.base/java.io.PrintWriter.write(PrintWriter.java:506)
> at 
> org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:275)
> at java.base/java.io.PrintWriter.write(PrintWriter.java:506)
> at 
> org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:112)
> at 
> org.apache.jasper.runtime.JspWriterImpl.flush(JspWriterImpl.java:160)
> at 
> org.apache.jsp.WEB_002dINF.jsp.businessrelations.ticket_005frelations_inc_jsp._jspService(ticket_005frelations_inc_jsp.java:702)
> ...
>
> The jsp-file varies between the stacktraces, so it is not related to a 
> certain jsp-File.
> The stream.java looks like (which didn’t change from Tomcat 9 to 10):
> @Override
> public final synchronized int doWrite(ByteBuffer chunk) throws 
> IOException {
> if (closed) {
> throw new IllegalStateException(
> sm.getString("stream.closed", getConnectionId(), 
> getIdAsString()));

I wonder why it throws an ISE here, instead of a proper IOException
as declared by this method.
(It looks like a bug, but I have not investigated the history of this code yet.)

There is nothing suspicious in the stacktrace. An unusual bit of
configuration here is having enabled a GzipOutputFilter.

Best regards,
Konstantin Kolinko

> }
>
> The generated java file from the jsp file only catches IOException:
> ...
>   if (!(t instanceof jakarta.servlet.jsp.SkipPageException)){
> out = _jspx_out;
> if (out != null && out.getBufferSize() != 0)
>   try {
> if (response.isCommitted()) {
>   out.flush();
> } else {
>   out.clearBuffer();
> }
>   } catch (java.io.IOException e) {}
> if (_jspx_page_context != null) 
> _jspx_page_context.handlePageException(t);
> else throw new ServletException(t);
>   }
>
> It seems like the browser is sometimes closing the stream and this causes 
> Tomcat to write exceptions in the localhost-logfile.
>
> Is there any way to prevent this?
> It is strange, that it didn’t happen with Tomcat 9 or maybe a Firefox-Update 
> is causing the issue(?) Access-log shows Firefox 97.
>
> Greetings, Thomas

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can't stop tomcat - connection refused

2022-02-16 Thread Konstantin Kolinko
ср, 16 февр. 2022 г. в 13:51, Blake McBride :
>
> Problem solved!
>
> I am quite embarrassed because I've had this problem before, solved it
> (with the help of this list), and documented it.  Here are my notes:
>
> tomcat slow startup
>
> The secure random calls may be blocking as there is not enough entropy to
> feed them in /dev/random.
>
> Change /etc/java-8-openjdk/security/java.security
>
> From:  securerandom.source=file:/dev/random
>
> To:  securerandom.source=file:/dev/urandom
>

https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp
see Entropy Source

Adding
-Djava.security.egd=file:/dev/./urandom
to the JAVA_OPTS environment variable in a
$CATALINA_BASE/bin/setenv.sh file is the usual way to solve this
issue.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat Service Update throws Application System Error - Error Parsing Command Line

2021-12-06 Thread Konstantin Kolinko
пн, 6 дек. 2021 г. в 12:28, Ponnusamy, Prabhakar
:
>
> Tomcat User Community,
>
>
>
> I am trying to update the options of tomcat using the //US command line 
> option, but getting this error - Application System Error - Error Parsing 
> Command Line, below is how I was trying to run the commands, but no success. 
> Both in tomcat7 and tomcat9, I am getting the same error, tried with another 
> machine too.
>
>
>
> tomcat9w.exe //US/Passport --Description="test"
> tomcat9w.exe //US/Passport ++Description="test"
>
> [...]
> Please note that ES option works.

https://tomcat.apache.org/tomcat-9.0-doc/windows-service-howto.html

"//US//" is a command for "tomcat9.exe",
but "//ES//" is for tomcat9w.exe. That is why they are listed in
separate tables in documentation.

BTW,
a) if you look into service.bat file lines 212-232, it uses whitespace
instead of a '=' character to separate option and its value.

b) See also original Commons Daemon documentation at
https://commons.apache.org/proper/commons-daemon/procrun.html


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: More information, Re: Tomcat 8.5.68 failing on takeoff!

2021-08-06 Thread Konstantin Kolinko
пт, 6 авг. 2021 г. в 01:33, James H. H. Lampert
:
> org.xml.sax.SAXNotRecognizedException: Feature:
> http://apache.org/xml/features/allow-java-encodings
> 
> org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213)
> 
> org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143)
> org.apache.crimson.jaxp.SAXParserImpl.(SAXParserImpl.java:126)
> 
> org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113)
> 
> org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141)

Try to find what *.jar file in your system contains the above classes.

E.g. searching for string "crimson" in *.jar files.
That string will be visible in the archive file as it is a name of a directory.

HTH.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 8.5.68 failing on takeoff!

2021-08-03 Thread Konstantin Kolinko
вт, 3 авг. 2021 г. в 02:31, James H. H. Lampert
:
>
> This is beyond my pay grade, I'm afraid. Hopefully somebody here has a
> clue what went wrong.
>
> I installed Tomcat 8.5.68 on an AS/400 with Java 8, that had been
> running Tomcat 7 for years with no problems.
>
> On launching Tomcat 8, if I try to connect to "manager" (the only
> context currently in Webapps), right after:
>
> 02-Aug-2021 18:15:11.655 INFO [main]
> org.apache.catalina.startup.Catalina.load Initialization processed in
> 3271 ms
>
> I'm getting
>
> 02-Aug-2021 18:15:11.707 WARNING [main]
> org.apache.catalina.users.MemoryUserDatabase.open Exception configuring
> digester to permit java encoding names in XML files. Only IANA encoding
> names will be supported.
> org.xml.sax.SAXNotRecognizedException: Feature:
> http://apache.org/xml/features/allow-java-encodings
> at
> org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213)
> at
> org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143)
> at 
> org.apache.crimson.jaxp.SAXParserImpl.(SAXParserImpl.java:126)
> at
> org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113)
> at
> org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141)
> at 
> org.apache.tomcat.util.digester.Digester.setFeature(Digester.java:526)
> at
> org.apache.catalina.users.MemoryUserDatabase.open(MemoryUserDatabase.java:440)

[...]

> at org.apache.catalina.startup.Catalina.start(Catalina.java:688)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
> at java.lang.reflect.Method.invoke(Method.java:508)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)

1. It is a warning, not an error. If you look at
MemoryUserDatabase.java:440 you will see that it is caught and
ignored.

It means that the XML parser does not recognize the
"http://apache.org/xml/features/allow-java-encodings; feature name.


2. The stack trace starts with "Bootstrap.main". I.e. it is the thread
that starts Tomcat.

I.e. this occurs when Tomcat starts up and has nothing to do with your
attempt to access the Manager web application.


3. The stack trace contains "org.apache.crimson".

Apache Crimson project was retired 11 years ago and should not be used nowadays.
https://xml.apache.org/crimson/
https://attic.apache.org/projects/crimson.html

You have that library in Tomcat classpath? Where? Why?

HTH

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: HTML manager

2021-07-30 Thread Konstantin Kolinko
вт, 27 июл. 2021 г. в 17:36, Noelette Stout :
>
> We have an application that needs to have files added to WEB-INF/classes
> each time it's deployed. Without getting into a long story about why we're
> doing things in sub-optimal ways, I need to know if there's a way to run a
> script that would add these files when deploying with the HTML manager. Any
> ideas are appreciated. If the answer is to manually run the script from the
> command line then reload, I can accept that too.
>

Generally,
if you can make changes in your web application

1) PreResources element (with webAppMount="/WEB-INF/classes") can be
used to inject external files into a web application.

https://tomcat.apache.org/tomcat-9.0-doc/config/resources.html

2) A listener can be configured in a web application to do some work
when the web application starts up.

Either at Tomcat level (e.g. at Context), or with standard Servlet API.

https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html

https://tomcat.apache.org/tomcat-9.0-doc/servletapi/javax/servlet/ServletContextListener.html
https://tomcat.apache.org/tomcat-9.0-doc/servletapi/javax/servlet/ServletContainerInitializer.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat 8.5.57 stops killing sessions after some time

2021-07-30 Thread Konstantin Kolinko
> []
> Il 26/07/2021 23:15, Christopher Schultz ha scritto:
> > Ivano,
> >
> > On 7/23/21 02:20, Ivano Luberti wrote:
> >> I have found the issue: one of the webapps has several thread locked
> >> on a MultiThreadedHttpConnectionManager during sessionUnbound and
> >> unboundEvents.
> >>
> >> So the background process killing the sessions is stuck as well.
> >
> > This is a very easy problem to encounter. Session event-handlers
> > really need to be bulletproof and execute very quickly.
> >
> > If you need a long-running process to trigger, use an executor service
> > or something where you can capture the information to be used and
> > off-load it onto another thread. Remember that the session cannot be
> > used after the event-handler completes, so capture whatever
> > information you need from the session FIRST, then dispatch to another
> > thread, then return from the event-handler.
> >
> > -chris
> >
> >> Il 21/07/2021 18:13, Mark Thomas ha scritto:
> >>> On 21/07/2021 16:00, Ivano Luberti wrote:
> >>>>
> >>>> Il 21/07/2021 16:44, Mark Thomas ha scritto:
> >>>>> Take 3 thread dumps 5 seconds apart and post them here.
> >>>>
> >>>> How to take thread dumps?
> >>>>
> >>>>   kill -3  ?
> >>>
> >>> That will work. There are lots of ways. This is most of them:
> >>>
> >>> https://www.baeldung.com/java-thread-dump

I usually refer to troubleshooting pages of Tomcat FAQ:

https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-Techniques

https://cwiki.apache.org/confluence/display/TOMCAT/HowTo#HowTo-HowdoIobtainathreaddumpofmyrunningwebapp?


Additional note: the "backgroundProcessorDelay"  on a Context can be
used to make a web application use its own background thread (instead
of reusing the one inherited from its parent container).  It won't
help with fixing a deadlock in a particular web application,  but it
will isolate the failure so that other web applications on the same
server won't suffer.

https://tomcat.apache.org/tomcat-8.5-doc/config/context.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [ANN] Apache Tomcat 9.0.50 available

2021-07-06 Thread Konstantin Kolinko
Logs from my smoke-testing of Windows installer
(apache-tomcat-9.0.50.exe) a week ago:

28-Jun-2021 16:26:48.587 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version
name:   Apache Tomcat/9.0.50
28-Jun-2021 16:26:48.607 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server built:
  Jun 28 2021 08:46:44 UTC
28-Jun-2021 16:26:48.607 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version
number: 9.0.50.0

The same logs are if I unpack and start apache-tomcat-9.0.50.zip

SHA 512 of that file is
10515ccee311282386bb0549808d646c3c60b584f4c20f4ad577ac6068f0e4eb09ae93abc11df29c1328e2632df2c1c449d4002becdd6464c79766ade506c058
*apache-tomcat-9.0.50.zip

So all is OK. Please check your files.

BTW, the current version of Java 8 is 8u292.

вт, 6 июл. 2021 г. в 17:10, Robert Hicks :
>
> I did a version and there seems to be a mismatch?
>
> PS C:\apache-tomcat-9.0.50> cd bin
> PS C:\apache-tomcat-9.0.50\bin> .\version.bat
> Using CATALINA_BASE:   "C:\apache-tomcat-9.0.50"
> Using CATALINA_HOME:   "C:\apache-tomcat-9.0.50"
> Using CATALINA_TMPDIR: "C:\apache-tomcat-9.0.50\temp"
> Using JRE_HOME:"C:\jdk8u282\jre"
> Using CLASSPATH:
> "C:\apache-tomcat-9.0.50\bin\bootstrap.jar;C:\apache-tomcat-9.0.50\bin\tomcat-juli.jar"
> Using CATALINA_OPTS:   "-server -Xmx1024m -XX:MetaspaceSize=256m
> -XX:MaxMetaspaceSize=256m
> -Dorg.apache.catalina.connector.RECYCLE_FACADES=true
> -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
> -Dorg.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES=true
> -D.org.apache.catalina.connector.ALLOW_BACKSLASH=false
> -Dorg.apache.catalina.connector.response.ENFORCE_ENCODING_IN_GET_WRITER=true"
> Server version: *Apache Tomcat/9.0.48*
> Server built:   *Jun 10 2021 09:22:01 UTC*
> Server number:  *9.0.48.0*
> OS Name:Windows 10
> OS Version: 10.0
> Architecture:   amd64
> JVM Version:1.8.0_282-b08
> JVM Vendor: AdoptOpenJDK
> PS C:\apache-tomcat-9.0.50\bin>
>
> On Mon, Jul 5, 2021 at 4:02 AM Rémy Maucherat  wrote:
>
> > The Apache Tomcat team announces the immediate availability of Apache
> > Tomcat 9.0.50.
> >
> > Apache Tomcat 9 is an open source software implementation of the Java
> > Servlet, JavaServer Pages, Java Unified Expression Language, Java
> > WebSocket and JASPIC technologies.
> >
> > Apache Tomcat 9.0.50 is a bugfix and feature release. The notable
> > changes compared to 9.0.48 include:
> >
> > - Re-work the HTTP/2 overhead protection to reduce the likelihood of
> >false positives. Note that the default overheadCountFactor has changed
> >from 1 to 10 and that the useful range is now 0 to ~20.
> >
> > - Update to Eclipse JDT compiler 4.20.
> >
> > - Fix regressions in JSP compilation in the previous release.
> >
> > Along with lots of other bug fixes and improvements.
> >
> > Please refer to the change log for the complete list of changes:
> > http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
> >
> >
> > Downloads:
> > http://tomcat.apache.org/download-90.cgi
> >
> > Migration guides from Apache Tomcat 7.x and 8.x:
> > http://tomcat.apache.org/migration.html
> >
> > Enjoy!
> >
> > - The Apache Tomcat team
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Question about directory listing sorting ..

2021-07-02 Thread Konstantin Kolinko
пт, 2 июл. 2021 г. в 04:04, John Dale (DB2DOM) :
>
> Doesn't seem to work for me on 9.0.41 (it's an older development box).
>
> I found these interesting:
> ow with patch v3:
> 1. "s=NA" name=asc
> 2. "s=ND" name=dsc
> 3. "s=SA" size=asc
> 4. "s=SD" size=dsc
> 5. "s=MA" modify=asc
> 6. "s=MD" modify=dsc
>
> From here:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=57287
>
> Before I get too far down the road, I thought I would reach out.
> Params don't seem to affect listing sort order.

It is off by default. I updated the BZ issue to point this out.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57287#c12

Parameter names are a bit different.
E.g. with 9.0.50 (I modified DefaultServer configuration, and using
the examples web app):

http://localhost:8080/examples/jsp/cal/?C=N;O=A
http://localhost:8080/examples/jsp/cal/?C=N;O=D

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Strange error with JSP

2021-07-01 Thread Konstantin Kolinko
вт, 29 июн. 2021 г. в 19:35, Christopher Schultz :
>
> Konstantin,
>
> On 6/29/21 10:21, Konstantin Kolinko wrote:
> > ср, 2 июн. 2021 г. в 23:16, Christopher Schultz 
> > :
> [...]
> > Has the page been compiled once, or its modification time is being
> > checked over and over, or even worse: being recompiled?
>
> Probably not being recompiled. The source JSP has a file-date in 2016
> and the generated .java and .class files also have a date in 2016.

File dates do not matter: Tomcat resets them to match the original
file, as that is a way to track the changes. That is why I asked about
the file system and its supported time precision.

The time when the java file was generated is shown with a comment,
"Generated at: " at the top of the file.

Also note "_jspx_dependants.put(...)" lines in the java file. Those
are dependencies whose modification timestamps are checked as well.


> > Are "webapps" and "work" directories on the same kind of file system
> > (with the same supported precision for file modification times)?
>
> Exactly the same filesystem.



Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Strange error with JSP

2021-06-29 Thread Konstantin Kolinko
sources from Java 8u292).



BTW, I wonder whether your JspServlet is configured "for production",
http://tomcat.apache.org/tomcat-8.5-doc/jasper-howto.html#Production_Configuration

Has the page been compiled once, or its modification time is being
checked over and over, or even worse: being recompiled?

Are "webapps" and "work" directories on the same kind of file system
(with the same supported precision for file modification times)?

BTW,
A java.lang.ClassNotFoundException with no "original cause" likely
means that a getResource() call failed. Note that debug logging can be
turned on for that call, as the getResource() method is implemented by
o.a.catalina.loader.WebappClassLoaderBase class.

BTW,
I wonder whether the hard drive is reliable.

It is the only instance of Tomcat that is running with that work directory?

The only instance of web application? (The scratchDir can be
configured. If it has been, several instances of the same web
application may share it.)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Again with the missing headers

2021-04-12 Thread Konstantin Kolinko
пн, 12 апр. 2021 г. в 18:05, Rob Sargent :
> > [...]
>
> The datum of concern is handled via the session.
>
>   //Hold the offset of the first explicit marker in the chased
>   //segment.  That marker at most 16th locus up-stream of
>   //segment. Less at pter.  There are more markers found within the
>   //spanning cliques but these are not at predictable positions
>   private void setRebase(HttpServletRequest req, Integer value) {
> req.getSession().setAttribute("rebase", value);
>   }
>
>   private Integer getRebase(HttpServletRequest req) {
> return (Integer)(req.getSession().getAttribute("rebase"));
>   }
>
> I confess, in preparing this response I noticed that I start sending the 
> first lines of the streamed data then set the header as follows:
>   response.setHeader("rebaseSegment", "" + getRebase(req));
> then the remainder of the stream.  I’ll correct that and see if that plays 
> into the behaviour at all.
>
> The isCommitted() will come in handy too.  Thanks for that.

Ack.

BTW, usage of getSession() has similar limitation as
setHeader/addHeader versus isCommitted:
a session cannot be created when it is tracked via Cookies and
response headers have already been sent.

There is a difference in API though, as getSession() throws an
explicit IllegalStateException.

https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServletRequest.html#getSession-boolean-

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: RemoteIpValve resolving localname is really slow

2021-04-12 Thread Konstantin Kolinko
пн, 12 апр. 2021 г. в 16:50, Bourdais Nicolas
:
>
> We are hosting our tomcats on windows vms behind a reverse proxy and have 
> enabled RemoteIPValve.
> In the same time we have many hardware which talk to tomcat through a vpn.
> Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53) 
> and our apps running on hardware through vpn had difficulties to talk to 
> tomcat.
>
> We identified that these difficulties came from very slow localname 
> resolution in RemoteIpValve when calling through vpn.
> We added vpn IP to hosts file of our tomcat’s vms which resolved our errors.
>
> We found that these behaviour appeared with tomcat 8.5.44 and was a 
> consequence of the new feature in RemoteIPValve and RemoteIpFilter : 'support 
> x-forwarded-host’ id 57665.
> Since this feature the valve begins by resolving localname (along remoteAddr, 
> remoteHost, serverName etc…) which in our case is time consuming (> 5 s) and 
> leads to communication errors
>
> Is this behaviour expected and necessary ?
> Could localName be resolved only if changeLocalName is set to true ?
> Should I comment on bugzilla ?

1. What is the configuration of your valve and your connectors?

By default Tomcat does not perform a DNS lookup and thus there should
not be noticeable timeouts. Can you show a stacktrace, what actually
happens.

https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario

2. If one could confirm your trouble, it would better be filed as a
new issue in Bugzilla.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Again with the missing headers

2021-04-12 Thread Konstantin Kolinko
пн, 12 апр. 2021 г. в 16:20, Rob Sargent :
>
> Thank you.
>
> Can you suggest a way to confirm the problem is size related? Or are you 
> convinced by the numbers shown?

Look at "ServletResponse.isCommitted()"

https://cwiki.apache.org/confluence/display/TOMCAT/Specifications#Specifications-JavaServletSpecifications
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletResponse.html#isCommitted--

> The client is a Java 15 app so there’s a chance I could use trailer headers. 
> I’m not explicitly using chunked encoding currently.
>
> I don’t like the idea of buffering the entire response as this is the part of 
> my setup where there are likely thousands of nearly simultaneous requests and 
> the server isn’t that beefy.
>
> And I take it there is no mechanism in tomcat 9 to force the headers out on 
> an implicit flush?  Or other mechanism which ensures headers are sent?

What are those headers, and what code at what place sets them?

BTW,
an AccessLogValve can be configured to log a value of a response
header with "%{xxx}o" pattern.
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Log_Valve


https://tomcat.apache.org/lists.html#tomcat-users
-> 6. " Top-posting is bad."

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Question ad distributing non-Java-binaries with a webapp ...

2021-04-11 Thread Konstantin Kolinko
сб, 10 апр. 2021 г. в 21:50, Rony G. Flatscher (Apache) :
>
> Is it possible to place and use binaries (including shared libraries) in a 
> webapp? Very much like
> supplying jars to the "lib"-directory?
>
> Use case: if possible, I would like to create a webapp that includes non-Java 
> binaries (executable,
> image and shared libraries) that get interfaced with via JNI.
>
> If this is possible then how so? Any pointers/hints would be highly 
> appreciated!

Hi, Rony!

1) You may look for an inspiration on how Tomcat Navive library is loaded
https://tomcat.apache.org/tomcat-9.0-doc/apr.html
https://tomcat.apache.org/native-doc/

Note that "64-bit Windows zip" binary distribution includes the
library (tcnative-1.dll).
https://tomcat.apache.org/download-90.cgi

In the source code, look at
org.apache.tomcat.jni.Library
org.apache.catalina.core.AprLifecycleListener
and its message resources,
java/org/apache/catalina/core/LocalStrings.properties

You may find examples of System.load(), System.loadLibrary(),
System.mapLibraryName() calls in the Library class.

See also the system property "java.library.path".


2) JVM has a limitation that a library is allowed to be loaded by one
classloader only.

That is why using a web application classloader looks to be a poor
place for loading a library, if you are ever going to use its full
features (parallel deployment of several web applications, a reload /
redeploy without stopping Tomcat, etc.) See
https://tomcat.apache.org/tomcat-9.0-doc/class-loader-howto.html

3) It is possible to load any classes when Apache Tomcat starts:

a) with a custom Listener,

b) abusing a JreMemoryLeakPreventionListener
https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html

c) as a custom resource
https://tomcat.apache.org/tomcat-9.0-doc/jndi-resources-howto.html#Generic_JavaBean_Resources

HTH.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: What exactly does the AJP connector on 8009 do?

2021-04-06 Thread Konstantin Kolinko
пн, 5 апр. 2021 г. в 21:59, James H. H. Lampert :
>
> We've just gotten a complaint about a vulnerability involving AJP (to
> something called "Ghostcat") from a customer. The report from the
> security consultant recommends updating to a more recent version of
> Tomcat, and I note that we've already started rolling out 7.0.108 to
> customers.
>
> Looking at server.xml, the only reference to AJP is in relation to port
> 8009, and that this connector is commented out in 108, but not in 93.
>
> So what exactly *is* this connector, and what purpose does it serve?

A well-configured instance of Apache Tomcat should serve requests
either over "http:"/"https:" or over "ajp:", but not both. The clients
for http: protocol are web browsers. The clients for AJP protocol are
web servers (proxies).

See also
https://tomcat.apache.org/connectors-doc/
https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html
https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Connectors
https://en.wikipedia.org/wiki/Apache_JServ_Protocol

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [OT] programming style or mental process ?

2021-04-06 Thread Konstantin Kolinko
вс, 4 апр. 2021 г. в 13:24, André Warnier (tomcat/perl) :
>
> Hi.
> I have a question which may be totally off-topic for this list, but this has 
> been puzzling
> me for a while and I figure that someone here may be able to provide some 
> clue as to the
> answer, or at least some interesting ponts of view.
>
> In various places (including on this list), I have seen multiple occurrences 
> of a certain
> way to write a test, namely :
>
>if (null == request.getCharacterEncoding()) {
>
> as opposed to
>
>if (request.getCharacterEncoding() == null) {
>
> Granted, the two are equivalent in the end.

Some programming languages have rules, in what order an expression is
evaluated. E.g. the left side is evaluated first, the result is stored
in a register (memory) of a CPU, then the right side is evaluated and
the result is stored, then it is followed by a comparison and a
conditional jump. Thus the two variants are not equivalent.

(Well, as null is a zero and not really a specific value, maybe it
does not need evaluation and a memory register to store it.)

In Java the Java Language Specification dictates the evaluation order,
"15.7.1 Evaluate Left-Hand Operand First". I vaguely remember that in
the C language the evaluation order in such expressions is
unspecified.

https://docs.oracle.com/javase/specs/

If one side of an expression can have unexpected side effects (like a
function call or a null pointer dereference can have), I prefer them
to be evaluated first. Thus my preference is for
"(request.getCharacterEncoding() == null)".


Otherwise, another point of view to consider is readability of the
code. If the function call is some lengthy expression, " (null ==
request.getCharacterEncoding()) " may be more readable when formatting
the code results in wrapping the lengthy expression, splitting it into
several lines.


I think that I should also mention the well-known construct when a
comparison is done by calling the "equals()" method on some constant
value:

   CONSTANT_VALUE.equals(someFunction())

In this case the "CONSTANT_VALUE" is known to be non-null, and thus
calling its method cannot result in a NullPointerException. (In more
complex cases the static method "Objects.equals()" helps to compare
two values in a null-aware way).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Recent charset breakage

2021-04-01 Thread Konstantin Kolinko
чт, 1 апр. 2021 г. в 00:55, Christopher Schultz :
>
> [...]
>
> I've written a tiny JSP to demonstrate the problem.
>
> charecho.jsp
>  CUT 
> <%
>response.setContentType("text/html");
>response.setCharacterEncoding("UTF-8");
> %>
> 
> 

The value above is misspelled. You are missing "charset=" before "UTF-8".
Personally, I usually echo the actual contentType header value when
writing a meta tag. I think that would be


[...]

>
> So, somewhat "mystery solved" although I'd like to understand why
>  didn't work.

Does validating your web.xml file against an xsd schema complete successfully?

request-character-encoding is defined in
(javax|jakarta)/serv/et/resources/web-app_4_0.xsd, which means Tomcat
9 or later. You wrote that you are running Tomcat 8.5.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [OT] Push a static value into digester's CallMethod rule?

2021-02-17 Thread Konstantin Kolinko
ср, 17 февр. 2021 г. в 20:13, Christopher Schultz
:
>
> All,
>
> I asked this over on the commons-user list yesterday but haven't gotten
> a response. Since the digester was born here, maybe someone knows the
> answer to this. I'd be happy to get a response over on commons-user or
> here. I'll reply to my own thread if someone replies here, citing it.
>
> :::
>
> I'd like to invoke a method on the current top-of-the-stack object and
> pass a static string value to it, like this:
>
> digester.push(new MyBean());
> digester.addCallMethod("/Foo/Bar", "setAttribute", 2, new Class[] {
> String.class });
> digester.addCallParam("/Foo/Bar", 0, "MyStaticString");
> digester.addCallParam("/Foo/Bar", 1, "attrName");
> digester.parse(...);
>
> When encountering /Foo/Bar, I'd like this to be called:
>
> myBean.setAttribute("MyStaticString", [value of attribute "attrName"])
>
> Is that kind of thing possible?
>
> I thought I might pull a fast one and push the value "MyStaicString"
> onto the stack and call:
>
> digester.addCallParam("/Foo/Bar", 0, true);
>
> But I it seems I can't push a value onto the stack when a specific path
> is seen: only statically at some specific point (like before parsing
> begins).

You have not said what version you are using.

Looking at Apache Commons Digester 3.2 source code and
searching for "peekParams()" calls (the API used to access the list of
parameters created by CallMethodRule):

1. I see that there exists a ObjectParamRule class that allows
injecting arbitrary values as parameters for the call. It is
documented as "@since 1.4".

2. There exists a Digester.addObjectParam() method. It is "@since 1.6".

HTH

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Standards, specs for URL parameter ordering

2021-02-17 Thread Konstantin Kolinko
ср, 17 февр. 2021 г. в 20:05, Christopher Schultz
:
>
> Konstantin,
>
> [...]
>
> Without being able to rely on form-data ordering, the only way to "know"
> which question was asked first, second, etc. would be to either put a
> hidden form element on the page describing the question-order (back to
> the server) or to have individual hidden elements for each question
> specifying the order. Something like this:
>
>
>
>...

An alternative solution can be to include both question id and order
in the field name. E.g.




Well, your use case is a valid one.

BTW, for the same grounds for forms submitted with mime type of
"multipart/form-data"
the HttpServletRequest.getParts() method could return an ordered
collection (a List).
As of now, the API is specified to return a Collection [1].

[1] 
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServletRequest.html#getParts--

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Standards, specs for URL parameter ordering

2021-02-17 Thread Konstantin Kolinko
ср, 17 февр. 2021 г. в 12:09, Mark Thomas :
>
> On 16/02/2021 14:58, Christopher Schultz wrote:
> > All,
> >
> > I'm sorry for using users@ as my own personal Google but I'm sure
> > someone knows this off the top of their head and can save me a lot of
> > reading.
> >
> > I'm wondering about which specs mention how to handle URL parameters
> > (and POST parameters, for that matter) in terms of ordering. For
> > example, if I have a URL like:
> >
> > https://example.com/context/resource?a=1=2=3=6
> >
> > (Note that I have "a" in there twice)
> >
> > If I call request.getParameterNames(), is there a predictable order in
> > which those parameters will be handed back? I'd love to hear that not
> > only are they returned in "URL order" (that is, the left-most parameter
> > is the first returned in that enumeration) in Tomcat, but either the
> > servlet spec, the CGI spec, or some other spec dictates that order
> > explicitly.
>
> Yes, they will be in that order. (See ApplicationHttpRequest.parameters,
> ParameterMap.delgatedMap and LinkedHashMap
>
> The order isn't explicitly defined in any specification I am aware of.
> However, the Servlet spec does state (3.1) that query string parameters
> should be presented before parameters parsed form the request body.

1. When there are multiple values, the order of values is preserved.

Java Servlet 4.0 spec has an example in its text that shows how the
order of values is preserved (chapter 3.1 "HTTP Protocol Parameters"):

Data from the query string and the post body are aggregated
into the request parameter set. Query string data is presented before
post body data. For example, if a request is made with a query string
of a=hello and a post body of a=goodbye=world, the resulting
parameter set would be ordered a=(hello, goodbye, world)

2. Original specification for url-encoded parameters is not HTTP, but
HTML specification. The place where I first saw it many years ago was
here:

https://tools.ietf.org/html/rfc1866#section-8.2.1
HTML 2.0 spec

> The fields are listed in the order they appear in the document

Personally, I would not rely on the order of names provided by
getParameterNames(), as it would be surprising for a client if
processing of a request depends on the order of parameter names. In
the same way as whether reordering of input fields on a web form could
break its processing.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Weirdest Tomcat Behavior Ever?

2020-10-26 Thread Konstantin Kolinko
вт, 27 окт. 2020 г. в 00:07, Eric Robinson :
>
> > On 26/10/2020 10:26, Mark Thomas wrote:
> > > On 24/10/2020 01:32, Eric Robinson wrote:
> > >
> > > At this point I'd echo Konstantin's recommendation to add the
> > > following system property:
> > > org.apache.catalina.connector.RECYCLE_FACADES=true
> > >
> > > You'd normally do this in $CATALINA_HOME/bin/setenv.sh (creating that
> > > file if necessary) with a line like:
> > >
> > > CATALINA_OPTS="$CATALINA_OPTS
> > > -Dorg.apache.catalina.connector.RECYCLE_FACADES=true"
> > >
> > > You can confirm that the setting has been applied by looking in the
> > > log for the start-up. You should see something like:
> > >
> > > Oct 26, 2020 10:18:45 AM
> > > org.apache.catalina.startup.VersionLoggerListener log
> > > INFO: Command line argument:
> > > -Dorg.apache.catalina.connector.RECYCLE_FACADES=true
> > >
> > >
> > > That option reduces the re-use of request, response and related
> > > objects between requests and, if an application is retaining
> > > references it shouldn't, you usually see a bunch of
> > > NullPointerExceptions in the logs when the application tries to re-use 
> > > those
> > objects.
> > >
> > > Meanwhile, I'm going to work on a custom patch for 7.0.72 to add some
> > > additional logging around the network writes.
> >
> > Patch files and instructions for use:
> >
> > http://home.apache.org/~markt/dev/v7.0.72-custom-patch-v1/
> >
> > Mark
>
> Hi Mark,
>
> A couple of questions.
>
> 1. Now that you have provided this patch, should I still enable 
> RECYCLE_FACADES=true?

Regarding the patch,
there is no source code for it, but I think that it adds debug
logging, nothing more.


RECYCLE_FACADES makes your configuration more safe, protecting Tomcat
from misbehaving web applications. I have that property set on all
Tomcat installations that I care about. Thus I think that you should
set it anyway.

I usually add that property into the conf/catalina.property file.

See the wiki for a more detailed answer.
https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-TroubleshootingunexpectedResponsestateproblems

My thought that you case could be caused by something like the "Java
ImageIO" issue mentioned there. If something in the web application
produces dangling references to java.io.OutputStream and they are
closed during garbage collection, corrupting Tomcat internals.

> 2. [...] Can you think of any potential issues where making this change for 
> one instance could have a negative effect on any of the other instances? 
> Probably not, but just being careful.

I hope that you can cope with the amount of logging that this generates.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Weirdest Tomcat Behavior Ever?

2020-10-24 Thread Konstantin Kolinko
сб, 24 окт. 2020 г. в 03:08, Eric Robinson :
>
> > - Answers to the additional questions would be nice but the access log
> >   %b value for a failed request is the key piece of information required
> >   at this point.
> >
>
> Good news! I enabled that parameter a few days ago and we have already caught 
> some instances of the problem occurring. Here is the logging format...
>
> prefix="localhost_access." suffix=".log" pattern="%h %l %D %u 
> %t %{JSESSIONID}c %{cookie}i %r %s %b %S %q" />

I usually also have the following pattern in my access logs:
[%{org.apache.catalina.parameter_parse_failed}r
%{org.apache.catalina.parameter_parse_failed_reason}r]

It captures whether a request.getParameter() call completed abnormally and why.
That is unlikely your cause, but there may be some other request
attributes that may be of interest, but nothing comes to mind at the
moment.

> Due to some sensitive content in the HTTP requests below, I have globally 
> replaced certain words and addresses with random-ish strings, but I don't 
> think I've done anything to impact the issue.
>
> Following is an example from Wednesday.
>
> This is a request being sent from the nginx proxy to the first of 2 upstream 
> servers, 10.51.14.46
>
> 2020/10/21 15:51:22 [error] 39268#39268: *842342531 upstream prematurely 
> closed connection while reading response header from upstream, client: 
> 99.88.77.66, server: redacted.domain.com, request: "GET 
> /sandhut/jsp/catalog/xml/getWidgets.jsp?eDate=2020-10-21=64438=0=0=Yes=0=75064=322095=8568=0.5650846=21102020155122.472656
>  HTTP/1.1", upstream: 
> "http://10.51.14.46:3016/sandhut/jsp/catalog/xml/getWidgets.jsp?eDate=2020-10-21=64438=0=0=Yes=0=75064=322095=8568=0.5650846=21102020155122.472656;,
>  host: "redacted.domain.com"

I wonder what "CompressXML=Yes" does.


I also recommend to add the following system property to the configuration:
org.apache.catalina.connector.RECYCLE_FACADES=true

https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-TroubleshootingunexpectedResponsestateproblems

> Drat, slight correction. I now recall that although we initially installed 
> 7.0.76 from the CentOS repo, the application vendor made us lower the version 
> to 7.0.72, and I DO NOT know where we got that.

It is possible to compare the files with pristine version from ASF
archive dist site,
https://archive.apache.org/dist/tomcat/tomcat-7/

If it was installed as an RPM package, `rpm -qf` should be able to
answer what installed package those files belong to.
https://stackoverflow.com/questions/1133495/how-do-i-find-which-rpm-package-supplies-a-file-im-looking-for

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: jstl jar location

2020-10-21 Thread Konstantin Kolinko
вт, 20 окт. 2020 г. в 22:31, George Stanchev :
>
>
> I am hoping someone can shed some lights on a question. I did try to search 
> online and SO but haven't had luck in figure it out so hopefully it is a 
> quick answer from the people that know that stuff. We have an uber-lib folder 
> where we keep shared libraries in our TC85-hosted app. If we put jstl-1.2.jar 
> into that directory but not in the application /WEB-INF/lib directory, TC 
> generates [1]. If I move jstl into the application lib folder, it works. I 
> made sure jstl is excluded from jarsToSkip and included in jarsToScan.
>
> Is there any rule or switch that says that the JSP compiler cannot use the 
> parent CL to resolve the jstl URIs?

There is a rule how JSP engine locates Tag Library Descriptor (TLD) files.

See chapters "JSP.7.2 Tag Libraries", "JSP.7.3 The Tag Library Descriptor".
Especially the "order of precedence" list in chapter "JSP.7.3.2 TLD
resource path".

It looks that you are relying on implicit declarations.of TLDs.

https://cwiki.apache.org/confluence/display/TOMCAT/Specifications

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat9 classpath

2020-10-06 Thread Konstantin Kolinko
вт, 6 окт. 2020 г. в 23:11, Christopher Schultz :
>
> Nothing you add or remove from catlaina.properties will change what is
> shown when you run "ps" and look at the command-line used to launch the JVM.
>
> Fortunately, it doesn't matter. Tomcat will configure the "common" and
> "shared" ClassLoaders with the correct list of JARs you specify in
> catalina.properties, and those libraries will be available to the server
> and/or your application(s). The fact that they are not in the "ps"
> output for "-classpath [stuff]" does not matter.

+1

The manual:
https://tomcat.apache.org/tomcat-9.0-doc/class-loader-howto.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Unclear sentence in FailedRequestFilter's javadoc

2020-10-05 Thread Konstantin Kolinko
пн, 5 окт. 2020 г. в 14:16, Martin Grigorov :
>
> Hi,
>
> What is the meaning of "addresses" at
> https://github.com/apache/tomcat/blob/a0fb5f4b42c593fa566878dddfa213e5f3c9c499/java/org/apache/catalina/filters/FailedRequestFilter.java#L40
> ?
>
> "Parameter parsing does check content type of the request, so there should
> not be problems with *addresses* that use
> request.getInputStream() and request.getReader()"
>
> I am not English native speaker, so it might be correct, but it looks like
> the wrong word is used here.

It looks odd for me as well, although from the commit history it looks
that it was my commit that added that sentence [1], 9 years ago.

Essentially, the text should be the same as in description of the
filter in Configuration Reference [2][3]. It talks about "the servlet
protected by this filter".

[1] https://svn.apache.org/viewvc?view=revision=1198707
[2] https://svn.apache.org/viewvc?view=revision=1200107
[3] 
http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Failed_Request_Filter

It looks as if you are the first person who has read that Javadoc in 9 years.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: NullPointerException on statrup - possible bug in Tomcat

2020-06-24 Thread Konstantin Kolinko
ср, 24 июн. 2020 г. в 19:25, :
>
> I have a web application which is failing in RestEasy initialization with an 
> NPE. It worked for many years until I added a large number of jar 
> dependencies because of a new development effort. I've debugged the code by 
> stepping through the Tomcat source to the point I've found where it is 
> failing. It seems to be a Tomcat bug but of course I'm not convinced since it 
> is highly more likely it is my problem.
>
> Tomcat version is 9.0.36, though the failure happens in the Tomcat 8 versions 
> I've tried as well.
>
> The NPE is triggered by a single "return null" statement in 
> org.apache.catalina.core.ApplicationContext line 933. Below is a code snippet 
> of where the return statement is. In my failing scenario the wrapper is NOT 
> null and isOverridable is already returning false. So it falls through to 
> return null.
>
> So here is my question: Why in the world in the code below does the return 
> null statement even exist? It seems like the return null at line 933 is the 
> precondition the code is trying to establish.

This method is documented in the specification of Servlet API (in
their javadoc) to return null if such servlet has already been
registered.
See Java EE 8 javadoc
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#addServlet-java.lang.String-java.lang.Class-

(Following the links from Specifications page
https://cwiki.apache.org/confluence/display/TOMCAT/Specifications

K.Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Reason for failed POST to .../api/tokens in Tomcat 8 and 9?

2020-06-23 Thread Konstantin Kolinko
вт, 23 июн. 2020 г. в 20:08, Victor Norman :
>
> Cookie:
> JSESSIONID=F61EBB3764D21F4A6161304BB9D820EF; 
> JSESSIONID=BA81E2D37D390F411711FAB57F5B8DBF

1) Having two session cookies is not a crime, but why?

(It is not a cause of this issue. Just an odd configuration.)

I see that when I go to http://agora.cs.calvin.edu:8080/
I receive a HTML page with "http://agora.cs.calvin.edu:8080/agora/;>" and a
Set-Cookie header in a response.  That page does not need a session
and thus does not need sending the session cookie.

If that HTML response is generated by a JSP page, use <%@page session="false"%>.

(Also, I wonder whether one needs to return a HTML page? A JSP page
may generate a redirect response with HTTP status code 302 by using <%
response.sendRedirect(...) %> code instead of relying on a "meta
refresh" element of HTML).

2)
> Content-Length:
> 0

The POST request sends no data - the length of content is zero..
Looking at the source code [1], if I figured it correctly, I think
that it actually expects a username and a password.

Why was such a request sent?

[1] 
https://github.com/apache/guacamole-client/blob/master/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java

3) Guacamole is an Apache project, You may better ask on their mailing list,

[2] https://guacamole.apache.org/support/#mailing-lists

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: NullPointerException in CoyoteOutputStream

2020-06-12 Thread Konstantin Kolinko
пт, 12 июн. 2020 г. в 18:36, Mark A. Claassen :
>
> We were doing some load testing and we started getting a NullPointerException 
> at the stack trace below.  We don't get the NPE all the time, so I am 
> guessing some of these objects got corrupted somehow.
> One place the clear() method is called from is the recycle() method in the 
> Response object from the same package.
>
> Has anyone seen this before?  My Internet searches did not reveal any other 
> reports of this.  Is this something that has already been fixed in the course 
> of other changes?
>
> The version of Tomcat is 9.0.12 and we are using the openSSL underneath all 
> this.

Why not the current version (9.0.36)?

Also
https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-TroubleshootingunexpectedResponsestateproblems

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Warning "AJP13 protocol: Reuse is set to false" written logs every second of every day. Please help.

2020-06-12 Thread Konstantin Kolinko
чт, 11 июн. 2020 г. в 18:57, Alfred Bakia :
>
> Description of issue:
> ColdFusion 2018 is an application server that uses Tomcat 9.0.21. Our 
> ColdFusion installation consists of instances. The instances are independent 
> application servers, each with its own Tomcat installation and Java Virtual 
> Machine. The Java version is 11.0.7.
>
> Each ColdFusion instance serves web content via the web server IIS.  We have 
> configured an AJP connector for the communication between Tomcat and IIS. The 
> relevant settings are
>
>
>   *   In server.xml
>
>  protocol="AJP/1.3" tomcatAuthentication="false" maxThreads="500" 
> packetSize="65535"/>

The packetSize has non-default value. The configuration reference [1]
says that the same value should be configured on the other side as
well, mentioning "max_packet_size" for mod_jk. I am not sure how that
is done for IIS.

[1] https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html


> On one of the instances (name: 'sr1studierdr1'), the following WARNING is 
> written to isapi_redirect.log every second or so:
>
>
>   *   [Thu Jun 11 16:44:57.739 2020] [11308:15392] [warn] 
> ajp_process_callback::jk_ajp_common.c (2242): (sr1studierdr1) AJP13 protocol: 
> Reuse is set to false

Searching the sources, the code that writes it appears to be in
native/common/jk_ajp_common.c

https://github.com/apache/tomcat-connectors/blob/master/native/common/jk_ajp_common.c#L2117

It is triggered by a value of a "reuse flag" field in an "END_RESPONSE" packet.

https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html#End_Response

At Tomcat side the END_RESPONSE packet is sent by
AjpProcessor.finishResponse() and can send two kinds of an end
response packet: one with a "reuse" flag value and another with a "no
reuse".

https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/coyote/ajp/AjpProcessor.java#L104
https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/coyote/ajp/AjpProcessor.java#L1049.

If there is a severe error that does not allow reuse of the
connection, the "no reuse" packet is sent. I wonder how you encounter
such an error.

Do you have an access log configured in Tomcat and what does it show?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat shutdown password complexity

2020-05-10 Thread Konstantin Kolinko
вс, 10 мая 2020 г. в 22:20, Mark Thomas :
>
> On May 10, 2020 11:31:02 AM UTC, calder  wrote:
>
> 
>
> >I asked the DevOps person about the error - turns out it was a
> >SAXParseException when using the & char in the string.
>
> That is standard XML. You have to escape reserved characters in the XML.

+1.

XML is a data format.

> > He vaguely
> >remembers a shell issue with the bang char.
>
> I think he is mistaken. There is no issue using ! in XML.
>
> There are no limitations on the characters for the shutdown password. You 
> might need to encode some of them to define the password in XML but that is 
> all.

Control characters (e.g. CR, LF:   and ) - anything with
code less than whitespace(32) and the character with code 127 cannot
be used. Anything else can be.

For reference, the await loop that waits for the shutdown command:
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/core/StandardServer.java#L596

Note lines 546-548:
if (ch < 32 || ch == 127) {
break;
}
command.append((char) ch);

The code that sends the command:
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/startup/Catalina.java#L538

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Catalina PID file

2020-04-24 Thread Konstantin Kolinko
пт, 24 апр. 2020 г. в 05:25, Christopher Schultz :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Rafael,
>
> On 4/23/20 17:18, Rafael Oliveira wrote:
> > I does not happen every time, but it happens, actually it happened
> > twice during a couple of deployments and only in one instance of
> > several that I have.
> >
> > I could not reproduce in a safe and close environment, I got this
> > error in a server with multiple users and multiple tasks and
> > concurred environment.
> >
> > The point is raise a question is this echo $! > "CATALINA_PID" the
> > best approach to get the PID?
>
> It's literally the only way to do it.
>
> $! doesn't get you the PID of some random other process that was
> recently started. It's exactly what it says it is: the PID of the last
> process that was backgrounded by the currently-executing script.
>
> If your pid-file contains the wrong PID, it's probably because
> something overwrite overwrote it after it was initially-generated.
>
> If you try to start Tomcat twice, for example, like this:
>
> $ CATALINA_HOME/bin/startup.sh
> [...]
> $ cat $CATALINA_PID
> 1234
> $ CATALINA_HOME/bin/startup.sh
> [...]
> $ cat $CATALINA_PID
> 2345
> $ ps -ef | grep "catalina.base=$CATALINA_HOME"
> 1234
>
> The startup script will always overwrite the PID file because it can't
> tell if it's going to fail (which it will, since the shutdown port is
> already bound to the first-launched instance).
>
> In the case above, the PID-file is clobbered by the second process
> while the first process continues to run (and be the correct process
> id). There isn't much to be done about that without resorting to
> drastic measures, such as having Tomcat write its own PID file after
> it starts up (enough), and getting the PID from Java isn't
> super-straightforward until Java 9. :(

1. I do not know what version of Tomcat the OP is using, but the
current catalina.sh has some protection from double runs:

  ps -p $PID >/dev/null 2>&1
  if [ $? -eq 0 ] ; then
echo "Tomcat appears to still be running with PID $PID.
Start aborted."
echo "If the following process is not a Tomcat process,
remove the PID file and try again:"
ps -f -p $PID
exit 1
  else

There is some time window between this check and the launch of Java
process (when the PID file is being written out), so there will always
be a race condition here.

2. If one does not like how Tomcat forks a separate shell process for
a java executable, it is possible to start it with "catalina.sh run".
In this case java is started in the same process (and no PID file is
being written) and all control over this process should be done in
your own code  YMMV.

3. Tomcat can be configured as a service (daemon) and started with
Apache Commons Daemon executable (jsvc).  jsvc knows how to manage a
PID file. See daemon.sh for an example.

> and getting the PID from Java isn't super-straightforward until Java 9. :(

4. With our own cat's food: Tomcat-Native has the method:

org.apache.tomcat.jni.Stdlib.getpid()

:)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: 10.0.0-M4 missing PGP signatures?

2020-04-23 Thread Konstantin Kolinko
чт, 23 апр. 2020 г. в 21:18, Mark Thomas :
>
> On 23/04/2020 18:42, Tianon Gravi wrote:
> > Hi!
> >
> > I'm downloading 10.0.0-M4 from the download page[1] and was hoping to
> > be able to use PGP to verify the artifacts (as in other versions), and
> > it seems the link from that page[2] is a 404?
> >
> > [1]: https://tomcat.apache.org/download-10.cgi
> > [2]: 
> > https://downloads.apache.org/tomcat/tomcat-10/v10.0.0-M4/bin/apache-tomcat-10.0.0-M4.tar.gz.asc
> >
> > I've checked a couple other download mirrors and archive.apache.org,
> > and it appears that M3 *did* include a signature file for
> > "apache-tomcat-10.0.0-M3.tar.gz" (but interestingly, M1 did not
> > include one for "apache-tomcat-10.0.0-M1.tar.gz") so perhaps this is
> > just a pipeline hiccup / minor oversight?
>
> Thanks for the heads up.
>
> That part of the release process is fully automated and it includes
> signature generation.
>
> There have been a couple of glitches lately. I'm not sure what is going
> on. I'll try and watch the console for the next set of builds more
> carefully.
>
> I still have the original build outputs locally so I'll generate any
> missing signatures and get them uploaded.

The *.tar.gz and *.zip files are also published to the Maven
repository (as the org.apache.tomcat:tomcat artifact), and they have
the signatures.

I have a copy of Maven staging repository from the time of release vote.
So I verified that those signatures match the files in the release and
uploaded them to dist.a.o.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Practical multipart handling

2020-03-26 Thread Konstantin Kolinko
чт, 26 мар. 2020 г. в 18:03, Christopher Schultz :
>
> All,
>
> I'm developing my first multipart handler since .. I dunno, maybe
> 2005? This is the first time I'll be using the Servlet 3.0 multipart
> handling, of course through Tomcat. Some of these questions may have
> answers which are "implementation-specific", so in this case, I would
> like to know how things will behave in Tomcat specifically. Notes of
> where the spec leaves things up to the implementation will be appreciate
> d.
>
> I'd like to submit a form which has not only a large-ish file part,
> but also some regular fields like . My
> understanding is that I'll have to read those data by calling
> Part.getInputStream(), wrapping the InputStream in an
> InputStreamReader using the right charset, etc.

I think that those are available via the standard
request.getParameter(name) API.

> [...]
>
> Can I rely on the client to send the fields in any particular order?
> I'm not expecting to store the file on the server myself; I'd like to
> process it in a "streaming" fashion and not touch the disk if
> possible. I know that the server may store the file on the disk if it
> decides to. I'm not terribly worried about that. I just don't want to
> have to write the file to the disk TWICE, and I need information from
> those other parameters in order to configure the stream-processing.

Michael already answered this. There is a configurable threshold.
Anything over it will be written to disk as a temporary file.

The JavaDoc for Part.write() says that it can be implemented as moving
the file. "This method is not guaranteed to succeed if called more
than once"

> When iterating over the Collection returned from
> HttpServletRequest.getParts(), am I required to process each part in
> order immediately? Or can I store a reference to a Part for later?
> This kind of goes along with the previous question.

You can store the reference, but your "for later" should be no longer
than until the request processing ends.

> When I'm done with a part, must I explicitly call Part.delete()?

Tomcat deletes the files automatically (I implemented this feature in
Tomcat 7.0.30 - see changelog). In my own web applications I delete
the files explicitly (calling part.delete() in a cycle).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat Wiki Source Code Download

2020-03-24 Thread Konstantin Kolinko
вт, 24 мар. 2020 г. в 10:12, Brian Burch :
>
> I'm quite baffled!
>
> http://tomcat.apache.org/source.html gives me the url:-
>
> http://svn.apache.org/repos/asf/tomcat/site
>
> I made a clean "svn checkout" and referred to the README.txt about the
> source files being xml formatted. I have all the html files, but the
> instructions tell me the real source is the xml. There are a lot of xml
> files, but not for Logging.
>
> Unfortunately, even after trying:-
>
> svn update --set-depth infinity xdocs jk-xdocs native-xdocs
>
> The directory tree does contain several xml files related to logging
> with Tomcat 5, but not the page I want to update.
>
> When I browse:-
>
> http://svn.apache.org/repos/asf/tomcat/site/trunk/xdocs/
>
> There are quite a few xml files, but not the one I would like to modify
> - Logging.xml.
>
> What have I misunderstood?

It would be easier if you mentioned the actual public URL of the page
which source code you are looking for.

It looks that you are mixing up 3 different things:

(a) The Wiki site
(b) tomcat.apache.org web site
(c) Documentation for a specific version of Tomcat.

I guess that you are looking for "(c)". That is the "docs" web
application that is distributed with each release of Tomcat, and its
source code is in webapps/docs directory in Tomcat source code (in
Git).

For convenience, once a version of Tomcat is released, a copy of its
documentation is published under "tomcat-X.Y-doc" onto
tomcat.apache.org web site. E.g.

https://tomcat.apache.org/tomcat-9.0-doc/logging.html
https://github.com/apache/tomcat/blob/9.0.x/webapps/docs/logging.xml

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: /META-INF/resources/ and Chrome's DevTools

2020-03-15 Thread Konstantin Kolinko
вс, 15 мар. 2020 г. в 13:47, Peter Rader :
>
> I have my default.js in a frontend.jar's /META-INF/resources/js/ according to 
> the specs (last paragraph of point 10.10 in 
> https://download.oracle.com/otn-pub/jcp/servlet-3.0-fr-eval-oth-JSpec/servlet-3_0-final-spec.pdf
>  ) it is served successfully. This works great!

1. If you unpack the file into a directory in your web application
(into its /js/ directory),
it will take precedence over the version packed in the framework jar.


2. It is possible to map files from elsewhere on your hard drive into
your web application.
It can be done with "" element in the
META-INF/context.xml file of your web application.

For reference:
http://tomcat.apache.org/tomcat-9.0-doc/config/resources.html


3. If your Tomcat runs on the same computer. you can run the web
application from an expanded directory, without packing it as a war
file.

1) Copy your META-INF/context.xml file as
$CATALINA_BASE/conf/Catalina/localhost/yourwebappname.xml

2) Add docBase attribute to the  element in it.

See
http://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Defining_a_context


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Host based logging

2020-02-29 Thread Konstantin Kolinko
сб, 29 февр. 2020 г. в 15:33, Alexander Curvers :
>
> 

Note the "". Those are comment wrappers in XML.
The above  definition is commented-out and thus is ignored.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Question on HttpSession investigation

2020-02-12 Thread Konstantin Kolinko
пн, 10 февр. 2020 г. в 02:32, M. Manna :
>
> [...], we would like
> to check using JMX whether this is present somewhere in session. Debugging
> has not resulted into a successful outcome.
>
> We appreciate if this is not possible, but just wanted to check if tomcat
> currently emits anything related to this.

The Manager web application (that comes with Tomcat) is able to
display contents of a session:

- Click on the number that shows the count of active sessions in a web
application. You will see a list of active sessions.
- Click on sessionid. You will see a list of all attributes for that session.

You may look into the source code for HTMLManagerServlet to see how
"sessionDetail" command is implemented.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Installing a program designed for Tomcat 5.5 on Tomcat 9

2020-02-09 Thread Konstantin Kolinko
вс, 9 февр. 2020 г. в 02:12, Peter Rader :
>
>
> > I am currently trying to install a program designed to operate on Win XP 32
> > and earlier on to a Win 10 environment. The program extracts to the Shared
> > and Webapps folders of Tomcat 5.5 and uses a SQL database. After converting
> > the database and installing it on SQL 2017 I added the JDBC connector and
> > downloaded and installed tomcat 9 only to find there is no shared folder to
> > extract the shared files to. Any suggestions?
>
> Hm, shared ... do you mean the endorsed folder? From old apps I remember that 
> some jdbc-jars have to be placed in tomcat's endorsed folder.
>
> I am pretty sure that you could use the JVM/JDK's endorsed folder. They 
> usually have their place in \lib\endorsed .

Endorsed folder is a different beast. Please do not put anything there.

Tomcat 5.5 documentation is still available online (if you know the
address to type it in a browser's address bar) [1] The closest analogy
to the "Shared" classloader in current Tomcat is the "Common"
classloader that loads classes from ${catalina.base|/lib.

[1] https://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html#Overview
[2] https://tomcat.apache.org/tomcat-9.0-doc/class-loader-howto.html#Overview

It is possible to reconfigure Tomcat 9 to have a separate Shared
classloader as well, but that is an overkill.

Also, do not forget about Migration Guides [3].

[3] https://tomcat.apache.org/migration.html
[4] https://tomcat.apache.org/migration-6.html#Modified_directory_structure

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [OT] HttpServletRequest.getRemoteAddr() sometimes returns NULL on Tomcat 9.0.30 and HTTP/2 secure requests

2020-02-06 Thread Konstantin Kolinko
ср, 5 февр. 2020 г. в 21:29, Manuel Dominguez Sarmiento :
>
> Yes, there are two reasons:
>
> 1) The Tomcat valves operate on all webapps. We only need/require this
> for one particular webapp without affecting the others.

You can configure a Valve for a specific web application by placing it
into Context configuration for that specific web application (usually
that is the "/META-INF/context.xml" configuration file). [1]

[1] 
http://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Defining_a_context


2. If I understand correctly, the null value from
request.getRemoteAddr() means that the client connection has already
been closed.

Tomcat cannot do much at that point, unless the information has not
already been requested (and thus cached) when the connection was still
alive. (The recent changes to the AccessLogValve are just that: to
request the value earlier.)

It is useless to process a request if the connection has already been closed.

Why do you say that the null value is an invalid one? I do not see
such words in the specification.

3. Just as a note (I would not recommend it for your specific use case)

One known way to detect a closed connection is to trigger parameter
parsing and look whether an error flag (implemented as an attribute of
a Request) was set by it. See the implementation of
org.apache.catalina.filters.FailedRequestFilter for an example.

4. Do you run with the following configuration setting turned on?
org.apache.catalina.connector.RECYCLE_FACADES=true

See 
https://cwiki.apache.org/confluence/x/yColBg#TroubleshootingandDiagnostics-TroubleshootingunexpectedResponsestateproblems

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Expected behavior of calling javax.servlet.ServletRequest#getInputStream after javax.servlet.http.HttpServletRequest#getPart

2019-12-13 Thread Konstantin Kolinko
пт, 13 дек. 2019 г. в 08:18, Behrang Saeedzadeh :
>
> Unless an email, including its signature, is in violation of the mailing
> list policies, no one is in a position to ask participants to format their
> emails in a given way or not to include their email signatures. I suggest
> reading [...] for those that are not
> familiar with these policies.

Thank you for your kind references.

Please note that

1. It is up to PMC to oversee its project and its mailing lists.

2. Please note the rules of this mailing list, as stated in
https://tomcat.apache.org/lists.html#tomcat-users
-> 6.

and also
https://www.apache.org/foundation/policies/conduct.html
-> 6. Be concise

3. The mail signatures like the one that was seen in this mail thread look
a lot like click bait spam or SEO spam that many of us are tired of.

I do not really mind how one likes to present oneself. Though personally
my first reaction to any e-mail that resembles spam is to ignore it.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Not able to generate thread dump in windows

2019-12-12 Thread Konstantin Kolinko
чт, 12 дек. 2019 г. в 12:43, thulasiram k :
>
> Hi,
>
> I tried to generate thread dump for tomcat 7.0.94 in windows 2016.  it
> writes in logs "[10340] Console CTRL+BREAK event signaled" but no dump has
> generated. Can you please guide on this how to generate the thread dump /
> heap dump here.
>
> The reason I'm trying to generate the dump is our tomcat server stop
> working frequently and nothing is writing in logs. Is there any other way
> to check this issue.

Your configuration?

Did you read the official Tomcat FAQ? (Thoubleshooting and
Diagnostics)? It has a number of recipes documented there.

One of them is to use jps.exe and jstack.exe tools from an JDK.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Expected behavior of calling javax.servlet.ServletRequest#getInputStream after javax.servlet.http.HttpServletRequest#getPart

2019-12-11 Thread Konstantin Kolinko
ср, 11 дек. 2019 г. в 13:06, Behrang Saeedzadeh :
>
> Thanks Andre for explaining it much better than I did.
>
> I posted this to Jakarta EE's mailing list too:
> https://www.eclipse.org/lists/jakarta.ee-community/msg01477.html
>
> I think at least the JavaDocs comments and the spec need minor amendments
> to document this expected behaviour clearly.

javax.servlet.ServletRequest#getInputStream() and getParameter()
methods address different use cases. It is rather unusual to try
calling getInputStream() when the Content-Type of the request is the
one handled by parameter parsing.

It is possible to use both getParameter() and getInputStream() if
request body has content-type that is not processed by parameter
parsing. In this case getParameter() returns the parameters parsed
from the query string of the request line and does not process the
body.


E.g. in Tomcat Manager web application it is possible to send a WAR
file in the body of a PUT request. The context path for the uploaded
web application is specified by a parameter in the request URL. Both
getParameter() and getInputStream() are used here.

http://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Deploy_A_New_Application_Archive_(WAR)_Remotely

I think that changing the method getInputStream() to throw an
IllegalStateException (e.g. as a vendor-specific option) may help
developers to detect their programming errors, but does not address
any real use case. On the good side, it also means that it does not
break any real use case.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ServletRequest Obj Randomly not Processing x-www-form-urlencoded parms

2019-12-09 Thread Konstantin Kolinko
вс, 8 дек. 2019 г. в 08:09, Jerry Malcolm :
>
> I have ajax code that sends requests to TC in a REST-style process.  I
> send the parms url-encoded in the body.  This has worked untouched
> literally for years.  I have some new data objects in my db that "should
> be" sending the same type of requests through the same javascript
> routines.  But for some inexplicable reason, the HttpServletRequest
> object is randomly deciding to not process the parms.  When I try to
> enumerate the parms, I get none. Any parm I request comes back not
> found.  I added some code to read the body myself (request.getReader(),
> etc).  When the parms are available as it normally works, the reader is
> empty, which is what I would expect since it's been read by the request
> obj.  But when the request object tells me I have no parms, I can read
> the entire url-encoded parm string from the reader, which if I
> understand things, means the request object never tried to read the
> stream, unless it somehow restores the stream after a read (??).  But
> the important point I determined is that the parms are indeed present in
> the body... just not processed.
>
> [...]

I usually have the following in the pattern of AccessLogValve in my
configurations:

[%{org.apache.catalina.parameter_parse_failed}r
%{org.apache.catalina.parameter_parse_failed_reason}r]

Those request attributes are set in Tomcat whenever a problem is
encountered by parameter parsing, e.g. an IOException if a client
aborts the request. (The methods to process parameters in Servlet API
do not have a way to report any errors). Those attributes can be used
by org.apache.catalina.filters.FailedRequestFilter

http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Failed_Request_Filter

You may look where those attributes are set in the source code.

Mark wrote:
> Issues like this can be caused if a reference to a request or response
> is retained longer than it should be. You can try setting:
> -Dorg.apache.catalina.connector.RECYCLE_FACADES=true

+1.

https://cwiki.apache.org/confluence/x/yColBg
https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario

> I fired up my Windows laptop TC 9.x and got the exact same symptoms.

You may also try with Tomcat 9.0.30 - release candidate is available
and is currently being voted - see dev@ mailing list.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat is throwing an error Invalid byte tag in constant pool:19

2019-12-09 Thread Konstantin Kolinko
пн, 9 дек. 2019 г. в 03:58, Nelligan, Steven M :
>
>
> I am trying to rebuild my applications and all of a sudden, I am getting the 
> following error:
>
> Our backend application (from third party has been updated) It is using Java 
> 11.
>
> My tomcat servers are running version 7.34 of tomcat and version 1.7.0_45.

1.7.0_45 is the version of Java? But you say that those web
applications need at least Java 11?

> I have rebuilt and deploy a large number of our Apps; but there are about 4 
> with the following error:
> SEVERE: Unable to process Jar entry [module-info.class] from Jar 
> [jar:file:/G:/Tomcat7/temp/44-bannertools/WEB-INF/lib/jaxb-api-2.3.0.jar!/] 
> for SEVERE: Unable to process Jar entry [module-info.class] from Jar 
> [jar:file:/G:/Tomcat7/temp/44-bannertools/WEB-INF/lib/jaxb-api-2.3.0.jar!/] 
> for annotations
> org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte tag 
> in constant pool: 19
> at 
> org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:133)

Sounds a lot like this issue that I answered a year ago:
https://stackoverflow.com/questions/52867430/invalid-byte-tag-in-constant-pool-19-error-message

>
> When I first tried this a couple of weeks ago... I needed up trying to 
> upgrade Tomcat to the latest release of 7.0_94

The latest release of Tomcat 7 is 7.0.96, released in July.

> Everything started to fall apart, the javax modules were failing, etc.  I 
> finally realized I was chasing my tail.
> Every time I got one thing working, two more broke.
>
> Restored everything back and went through the rebuild.
>
> I tried to copy the annotation_api.jar file from Tomcat 7.0_94 into tomcat 
> 7.0_45 but nothing would deploy...
>
> I'm at a loss on what could be happening
>
> Any help would be appreciate any guidance.
>
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: override context path for manager application

2019-12-04 Thread Konstantin Kolinko
чт, 5 дек. 2019 г. в 01:20, Guild, Jason A (DOT) :
>
> Hi all:
>
> The context path of the Tomcat manager application is "/manager" by default 
> [0].
> I am trying to change this context path from the default using an override 
> configuration.
>
> I am doing the typical creation of a container using makebase.sh and setting 
> CATALINA_BASE before starting it.
>
> To enable the manager application on these containers, I create a file 
> $CATALINA_BASE/conf/[engine]/[host]/manager.xml with the following content:
> 
>  antiResourceLocking="false" privileged="true">
> 

The usage of "path" attribute above is invalid. It must never be used
in a context xml file and it is ignored there,
because the path is derived from the name of the file.

See
http://tomcat.apache.org/tomcat-9.0-doc/config/context.html

If you want to rename the application, you must do the following:

1) first, rename the file itself, e.g. to

$CATALINA_BASE/conf/[engine]/[host]/dev9#manager.xml

$CATALINA_BASE/conf/[engine]/[host]/mymanager.xml

etc.

2) second, you must move the manager application from
"${catalina.home}/webapps/" to some other directory.

The applications in "webapps/" directory are auto-deployed when Tomcat
starts. If you keep the manager app there, it will be deployed twice,
with the new and with the old name.

> [..]
>
> Why is my override path of "/dev9/manager" ignored?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Unknown protocol: e on Windows

2019-12-04 Thread Konstantin Kolinko
ср, 4 дек. 2019 г. в 22:38, Christopher Schultz :
> Konstantin,
>
> On 12/4/19 13:33, Konstantin Kolinko wrote:
> > ср, 4 дек. 2019 г. в 20:28, Christopher Schultz
> > :
> >>
> >> All,
> >>
> >> I feel like I should be able to figure this out on my own, but
> >> I'm drawing a blank.
> >>
> >> I'm trying to upgrade from Apache Tomcat 8.0.35 to Apache Tomcat
> >> 8.5.35 and I'm getting errors on a certain portion of the
> >> conf/server.xml configuration.
> >>
> >> I copy have a perfect copy/paste of the config file here but
> >> basically this is configuring a keystore for TLS. Something like
> >> this:
> >>
> >> 
> >>
> >> The error is "unknown protocol: e". Clearly,
> >> Tomcat/Java/URL/whatever thinks that "E:" is a protocol. No
> >> problem... this has to be a file URL, so let's make it a file
> >> URL: [...]
> >
> > Chris,
> >
> > 1) Do know where that message is produced? (Stacktrace? What
> > version of Tomcat?)
> >
> > E.g. it may be that the code has several attempts to use the value
> > a) as file path, b) as URL,  and you only see the message from the
> > second attempt b), but it is a) that fails.
>
> I can get all that. I don't have access ATM. This was definitely being
> called through createSSLContext() and getStore() while loading the
> keystore. I'll write back when I have that exact info.
>
> > Is your keystoreFile path correct?
>
> Yes, if you ignore the fact that I cannot figure out how to "spell" it
> properly :)
>
> This works without error on the same Java version but using Tomcat 8.0.35.

Looking at the code, Tomcat 8.5 was refactored to use ConfigFileLoader there.
The message produced by ConfigFileLoader is rather misleading.
It is actually a "new File(location).isFile()" call that returns "false".

Looking at the sources of 8.5.x, the call path is probably the following:
o.a.t.util.net.SSLHostConfigCertificate#getCertificateKeystore():

result = SSLUtilBase.getStore(getCertificateKeystoreType(),
getCertificateKeystoreProvider(),
getCertificateKeystoreFile(),
        getCertificateKeystorePassword());

o.a.t.util.net.SSLUtilBase#getStore(...) L197

istream = ConfigFileLoader.getInputStream(path);

org.apache.tomcat.util.file.ConfigFileLoader

https://github.com/apache/tomcat/blob/8.5.x/java/org/apache/tomcat/util/file/ConfigFileLoader.java#L79

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Unknown protocol: e on Windows

2019-12-04 Thread Konstantin Kolinko
ср, 4 дек. 2019 г. в 20:28, Christopher Schultz :
>
> All,
>
> I feel like I should be able to figure this out on my own, but I'm
> drawing a blank.
>
> I'm trying to upgrade from Apache Tomcat 8.0.35 to Apache Tomcat
> 8.5.35 and I'm getting errors on a certain portion of the
> conf/server.xml configuration.
>
> I copy have a perfect copy/paste of the config file here but basically
> this is configuring a keystore for TLS. Something like this:
>
>  keystoreFile="E:\path\to\keystore.jks"
> [...]
> />
>
> The error is "unknown protocol: e". Clearly, Tomcat/Java/URL/whatever
> thinks that "E:" is a protocol. No problem... this has to be a file
> URL, so let's make it a file URL: [...]

Chris,

1) Do know where that message is produced? (Stacktrace? What version of Tomcat?)

E.g. it may be that the code has several attempts to use the value a)
as file path, b) as URL,  and you only see the message from the second
attempt b), but it is a) that fails.

Is your keystoreFile path correct?

2) Why the settings are specified on a . They will be
translated into / on the fly, but maybe
something is broken.

http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_Certificate
It says that certificateKeystoreFile can be an URI.

3) Does you connector use JSSE or OpenSSL?

There is some code that translates between the two configuration
flavors on the fly, but maybe something is broken.

> I'm using Oracle Java 1.8.0 build 161.

FYI, an up-to-date version of Java 8 for Windows is available from AdoptOpenJDK.
https://adoptopenjdk.net/

It is 8u232 now.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Support for JDK only by Windows Installer?

2019-11-16 Thread Konstantin Kolinko
сб, 16 нояб. 2019 г. в 12:08, Alexander Norz
:
>
> Am 15.11.2019 22:23, schrieb Mark Thomas:
> >
> >
> > Patches welcome.
> >
> > Mark
> >
>
> A patch is nearly ready. I will sent a pull request asap.

I think that you should start with a real reproducible description of
the issue (in Bugzilla).

What JDK are you using, from what vendor, and what are the steps to
reproduce the issue.

> But because of getting no error code and finding no log-file after a failed 
> silent installation.

Generally,

1) Without a JDK the installer cannot really choose whether to install
32-bit or 64-bit binaries.
I think that we can default to 64-bit nowadays.

2) The JDK can be reconfigured later, via configuration manager
(tomcat9w.exe) or by editing the registry.

>From 1) it is odd that the installer does not fail, but from 2) you
can always fix it afterwards (as long as CPU architecture is chosen
correctly and the correct binaries are installed).

> The environment variable JAVA_HOME isn't supported actually.

>From my experience with installing the service with service.bat, the
environment variables are lost when a program runs with elevated
privileges. That is why service.bat was changed to pass all settings
as command line arguments when installing a service (calling
tomcat9[w].exe). You may find a reference to Bugzilla issue in the
commit history of the service.bat file.

Best regards,
Konstantin Kolinko

> Alexander
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Getting Tomcat internal logging working

2019-11-07 Thread Konstantin Kolinko
чт, 7 нояб. 2019 г. в 17:11, Christopher Schultz :
>
> I'm using bin/catalina.sh start to launch Tomcat on Macos. The 'ps'
> command shows the following partial command-line:
>
> [...]
> - -Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties
> - -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager [...]
>
> The file ${CATALINA_BASE}/conf/logging.properties does indeed have the
> changes below.

OK, good.

(I hope that `ps` shows the actual path to logging.properties. There
should not be unexpanded reference to a environment variable above.)

This reminds me: ClassLoaderLogManager allows each web application to
have its own configuration of logging. If you have a
"logging.properties" file elsewhere in classpath of that web
application, it will have precedence over the default one.

The recommended use of this technology is to place your configuration
into WEB-INF/classes/logging.properties file of your web application.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Getting Tomcat internal logging working

2019-11-06 Thread Konstantin Kolinko
чт, 7 нояб. 2019 г. в 05:44, Christopher Schultz :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I can't believe I'm having trouble with this, but I'm struggling with
> enabling logging.
>
> I'm experimenting with the CsrfPreventionFilter, which currently has
> zero logging at all in it. So, first I modified the code to add:
>
> + private final Log log =
> LogFactory.getLog(CsrfPreventionFilter.class);
>
> and, later
>
> if (nonceCache == null || previousNonce == null ||
> !nonceCache.contains(previousNonce)) {
> +   log.trace("nonceCache=" + (null == nonceCache ? "(null)" :
> nonceCache.cache));
> +   log.trace("previousNonce=" + previousNonce);
> +   log.trace("nonceCache.contains=" + (null == nonceCache ?
> "(null)" : nonceCache.contains(previousNonce)));
>
> res.sendError(getDenyStatus());
> return;
> }

Are you modifying the correct file?
(1. At build time it is copied to the output directory. Are you
modifying the source or the copy?

2. The configuration file is enabled via
-Djava.util.logging.config.file= system property that is set by
catalina script.  If you run Tomcat in some other way, that system
property may be not set at all. (E.g. when running Tomcat from within
Eclipse IDE.)
)

> Finally, I modified these lines in $CATALINA_BASE/conf/logging.propertie
> s:

> - - java.util.logging.ConsoleHandler.level = FINE
> + java.util.logging.ConsoleHandler.level = ALL
>
> ...
>
> + org.apache.catalina.filters.level=ALL

Looks OK.  Personally I never use 'ALL', but it should be OK. I prefer
to use FINE, FINER or FINEST.

https://docs.oracle.com/javase/7/docs/api/java/util/logging/Level.html#ALL

> When running, I see no logging when I'm expecting to see things in
> catalina.out. I changed these lines from log.trace() to
> System.err.println() and they do indeed show up.
>
> What am I missing?
>

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Any tutorials or hints about JSP using javax.script engines instead of Java?

2019-10-09 Thread Konstantin Kolinko
вт, 8 окт. 2019 г. в 18:11, Rony G. Flatscher (Apache) :
>
> Does anyone know of any tutorials that would demonstrate how to use any 
> javax.script language in
> JSPs instead of Java (e.g. using Jython or JavaScript instead)?
>
> If not, any advice/hint how to realize/create such a functionality (for then 
> creating such a
> tutorial instead) would be highly appreciated!

1. There is no such feature in Apache Tomcat.

Tomcat implements JSP specification and the specification [1] only
supports language="java" in a JSP declaration.

[1] 
https://cwiki.apache.org/confluence/display/TOMCAT/Specifications#Specifications-JavaServerPagesandExpressionLanguageSpecifications

Support for other language needs some specification document of such a
feature, and I do not know about any such document.

2. Technically, support for JSPs is provided by "Jasper" component of
Tomcat and its org.apache.jasper.servlet.JspServlet

Technically, it should not rely on Tomcat internals and could be
swapped with some other implementation. (Not tested).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

2019-10-08 Thread Konstantin Kolinko
ср, 9 окт. 2019 г. в 00:06, :
>
> How do we get access to the dev list for information around release 
> candidates, etc.?

In the same way as for the current (users) mailing list that you are writing to:
either subscribe or read past messages in an archive.
http://tomcat.apache.org/lists.html

And do not forget to follow the rules. They are the same as for the users list:
http://tomcat.apache.org/lists.html#tomcat-users
6. Top-posting is bad.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

2019-10-08 Thread Konstantin Kolinko
вт, 8 окт. 2019 г. в 12:24, Arnaud Yahoo :
>
> Hello,
>
> I am using a 3rd party valve for OpenId Connect authentication that stop
> working upgrading from tomcat 8.5.24 to 8.5.46
>
> I managed to isolate the issue behing this and it is caused by a change
> in org.apache.tomcat.util.codec.binary.Base64
>
> It can be reproduce with a simple test case
>
> @Test
>  public void decodeBase64Test() {
>  String str =
> "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRFZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXcyeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbuuGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q";
>
> assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBase64(str),
> java.util.Base64.getUrlDecoder().decode(str));
>  }
>
> This test is ok with 8.5.24 but fails with 8.5.46. Are there any known
> issues with Base64 utility ?

Please test with 8.5.47 release candidate that is currently being
voted (see e-mails on the dev@ list for links).

There have been changes in the decoding code between 8.5.46 and .47.

c8fcc65e74d43b8201a50a30f88836264e565f79
709b45b42020d6cbc59940ab04380f5b0134b946
(on 17 and 18 of September)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Acessing static content - Tomcat 7 vs. Tomcat9

2019-10-07 Thread Konstantin Kolinko
пн, 7 окт. 2019 г. в 15:44, Martin Knoblauch :
>
> Hi Konstantin,
>
> On Mon, Oct 7, 2019 at 2:36 PM Konstantin Kolinko 
> wrote:
>
>
> 2. For Tomcat to issue a redirect, the "docs" directory must be
> > present in your web application. It can be empty, but it must be
> > present. (If there is none, Tomcat does not know that the requested
> > resource is a directory).
> >
> >
> OK. The "docs" directory is actually a symbolic link to a directory
> elsewhere.

Symbolic links by default are not allowed inside a web application.
The option to allow them differs between Tomcat 7 and 8.0, due to a
different underlying implementation of Web Application resources.

http://tomcat.apache.org/migration-8.html#Web_application_resources

(As a reminders: symbolic links must never be enabled on a
case-insensitive filesystem such as used by Windows, as it disables
the necessary security checks.)

http://tomcat.apache.org/tomcat-9.0-doc/security-howto.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Acessing static content - Tomcat 7 vs. Tomcat9

2019-10-07 Thread Konstantin Kolinko
пн, 7 окт. 2019 г. в 14:23, Martin Knoblauch :
>
> Dear fellow Tomcat users,
>
>  recently we migrated our application from Tomcat7 to Tomcat9. Most things
> work great so far, but we observed on issue. Basically serving static pages
> has stopped for us.
>
>  Our setup is Tomcat (7.0.62 or 9.0.12) behind Apache HTTPD (2.4.41 using
> mod_jk 1.2.46). Yes, 9.0.12 is not recent, but we are forced to that
> version.
>
> The mod_jk configuration basically looks like:
>
> 
>   LoadModule jk_module modules/mod_jk.so
>
>   JkWorkersFile "conf/cb2/workers.properties"
>   JkShmFile "logs/jk-runtime-status"
>   JkLogFile "logs/mod_jk.log"
>   JkLogLevel info
>   JkWatchdogInterval 60
> 
>
> And then later inside a virtual host:
>
> #
> # CB2 - Portal
> #
> # Mount the "/cb2" application to worker "cb2"
> #
> JkMount /cb2/* cb2
> #
> # Unmount "/cb2/docs" from worker "cb2" to allow static content
> # beeing served by apache. Same for "/cb2/cgi-bin"
> #
> JkUnMount /cb2/docs/* cb2
>
> So we JkUnMount the "/cb2/docs" directory from the application base in
> order to server the content directly from Apache. "docs" itself is a
> symbolic link pointing outside the application base.
>
> With TC7, we observe the following in the apache access_log:
>
> [07/Oct/2019:12:30:47 +0200] [2 ms] 160.46.219.110 - "POST /cb2/docs
> HTTP/1.1" s:302 l:- S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384
> [07/Oct/2019:12:30:47 +0200] [20 ms] 160.46.219.110 - "GET /cb2/docs/
> HTTP/1.1" s:200 l:6367 S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384
>
> So the POST from the application is redirected to the static content, which
> is served OK.

A web server will happily server a static content in response to a
POST request. The redirect happens because you are requesting a
directory and your request URI does not end with a '/'.

> With TC9 we see:
>
> [05/Oct/2019:02:58:13 +0200] [0 ms] #160.46.219.110# - "GET /docs HTTP/1.1"
> s:404 l:196 S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384
>
> As said, the major difference between the setups is TC7 vs. TC9. Any ideas
> for me to follow? I did not find anything in the migration 7->8 or 8->9
> guides.

1. In your access log here I see "GET /docs" instead of "/cb2/docs".
Is it intentional?

2. For Tomcat to issue a redirect, the "docs" directory must be
present in your web application. It can be empty, but it must be
present. (If there is none, Tomcat does not know that the requested
resource is a directory).

3. Starting with some version (January 2016) the default place where
the redirect is issued by Tomcat was moved from Mapper (in earlier
stages of request processing) to the DefaultServlet. This behaviour is
controlled by configuration attributes on a Context (in the file
META-INF/context.xml of your web application). See CVE-2015-5345

http://tomcat.apache.org/security-9.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Invalid HTTP Header - attack?

2019-08-01 Thread Konstantin Kolinko
чт, 1 авг. 2019 г. в 22:11, John Dale :
>
> Great feedback.  Thanks.
>
> I am the network department. :)
>
> This is a public facing service and shortly after I see this in the
> log, I get an OOM exception and server shutdown.  Twice now this
> morning.
>

The exception text is a bit misleading. It says "header", but it
actually caused by sanity checks that are done when parsing the first
line of the request (it precedes all the headers) aka the "request
line". Thus you can see "parseRequestLine()" in the stack trace.

As you may know, starting with HTTP/1.1 a client can send several HTTP
request over the same connection (aka "keep alive", also "request
pipelining"). If the length of the preceding request was not processed
correctly either because the client sent an incorrect value of
Content-Length header or if there is a bug, Tomcat will start parsing
a new request at a wrong place and you will see such an error.

Other cause of similar errors is when a client tries to connect using
https: protocol to a http: connector. A small difference is that in
that case the sanity check will be triggered earlier: when parsing the
HTTP method name (the first component of the request line). In your
case the error message says about the HTTP protocol version (the third
component of the request line).


1. Personally, I always run with
org.apache.catalina.connector.RECYCLE_FACADES=true
as documented in [1].

This property helps if there is a bug in a web application.

2. Make sure that you use an up-to-date version of Tomcat. You didn't
tell us what version of Tomcat 9.0.x you are using.

3. If there is bug that causes Tomcat to incorrectly process a length
of a request (a known way to trigger such a bug), I think that it will
be treated as a security vulnerability that leads to an information
leak.

See CVE-2018-8037 )fixed in 9.0.10), CVE-2017-5651 and CVE-2017-5647
(both fixed in 9.0.0.M19) for an idea.

https://tomcat.apache.org/security-9.html

Maybe you can configure creation of a heap dump during the OOM, so
that it could be diagnosed what is causing a memory leak?

Note that there is a procedure to report security issues [2]. A public
Bugzilla should not be used for such reports.

4. The error message that you saw is printed only once in every 24
hours. The latter occurrences during the same day are suppressed
(logged at DEBUG level) to prevent flooding one's log files. This
behaviour is controlled by system properties [3],

org.apache.juli.logging.UserDataHelper.CONFIG
org.apache.juli.logging.UserDataHelper.SUPPRESSION_TIME

[1] 
https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#System_Properties

[2] https://tomcat.apache.org/security.html

[3] https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html#Logging

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can Tomcat ignore overridden jar

2019-07-29 Thread Konstantin Kolinko
вс, 28 июл. 2019 г. в 09:26, Jmeter Tea :
>
> We are using Tomcat 8.5 *without any hot deploy*,
>
> I assume that classes are loaded to memory and for example if class change
> in jar it will ignore (not hot deploy)

Mark have already answered your question.

Adding to that: I think you should consider using the "parallel
deployment" feature. You can deploy a new version of your application
in parallel with the old one.

http://tomcat.apache.org/tomcat-8.5-doc/config/context.html#Parallel_deployment

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Password is not working properly

2019-07-29 Thread Konstantin Kolinko
чт, 25 июл. 2019 г. в 17:23, Support :
>
> Hi Sir,
>
> I am using tomcat 9 for my application. For my admin page, I have a
> username and password in conf/tomcat-user.xml.
> Using digest.sh, I encrypted my password(sha-256).
>
> password: Password
> encrypted: 5er5akakfkd556546adnfjbkklndkfgbjdb

Even though everyone now knows your password,
but nobody knows what you actually did (step-by-step),
nor what exact version of Tomcat 9.0.xx you are using,
nor how your Realm is configured.

Your "encrypted" value does not look like a correct password digest,
which has format "{salt}${iterations}${digest}"

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Re: HTTP to HTTPS redirect not happening

2019-07-22 Thread Konstantin Kolinko
вс, 21 июл. 2019 г. в 00:09, Richard Huntrods :
>
> I still am having trouble understanding why the web application's
> WEB-INF/web.xml would be the appropriate place to put the change when I
> want to affect ROOT. I would have thought webapps/ROOT/WEB-INF/web.xml
> would have been the correct one.

Every web application has its own set of files, rooted to its own
directory or zipped as war file.

The "WEB-INF/web.xml" file is one of those files.

The "WEB-INF/web.xml" file for the "ROOT" web application is indeed
$CATALINA_BASE/webapps/ROOT/WEB-INF/web.xml.

The file for the "manager" web application is
$CATALINA_BASE/webapps/manager/WEB-INF/web.xml.

and so on.

The global defaults file "$CATALINA_BASE/conf/web.xml" should not be modified.

> which is considered "more elegant" or better

+1 to Martynas's answer.

The web.xml is defined by specification, better understood and better
tested, and is supported by other Servlet Containers besides Apache
Tomcat. In general, there should be more people who are able to help
with it, compared to helping with a RewriteValve.

(Though if there are a lot of Apache HTTPD Server administrators
around you, the rewrite syntax will be more familiar to them).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: WAR file not deploying correctly

2019-07-22 Thread Konstantin Kolinko
пн, 22 июл. 2019 г. в 11:28, Victor WILLART :
>
> 22-Jul-2019 09:36:31.598 SEVERE 
> [ContainerBackgroundProcessor[StandardEngine[Catalina]]] 
> org.apache.catalina.startup.ExpandWar.deleteDir [C:\Program Files\Apache 
> Software Foundation\Tomcat 8.0\webapps\ProductionMetricsApp-0.3.0\config] 
> could not be completely deleted. The presence of the remaining files may 
> cause problems

As you can see from the above log message, Tomcat was unable to delete
the "config" directory. Thus your stopping and undeploying a web
application was not completed.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 9.0.20 : send email on errors

2019-07-22 Thread Konstantin Kolinko
пн, 22 июл. 2019 г. в 20:38, Robert Hicks :
>
> Using the default logging (java.util.logging) is it possible to have Tomcat
> itself (not a jsp or servlet) send an email if it is unable to log or there
> are errors in its log files?

This question reminds me of Zawinski's Law.

Reliable monitoring would better be performed by some external tool.

> The scenario I am thinking of would be if the logging file system is full
> or unavailable due to other issues.

java.util.logging has an internal mechanism to handle fatal errors.

To reference some source code - looking at some version of JDK 8, see
the files in
http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/share/classes/java/util/logging

For example, see how StreamHandler.publish() handles errors (lines of
225-228 of StreamHandler.java). If it is unable to write a message it
does

[[[
} catch (Exception ex) {
 reportError(null, ex, ErrorManager.WRITE_FAILURE);
}
]]]

The actual processing of the error is delegated to a
java.util.logging.ErrorManager.  The default implementation just
prints to System.err once and ignores further errors, but I think it
is configurable.

I hope this helps.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [EXTERNAL] Re: cglib jars always give errors with different versions when start Tomcat 9.0.13

2019-07-22 Thread Konstantin Kolinko
пн, 22 июл. 2019 г. в 23:15, Hua, Gary - Saint Louis, MO - Contractor
:
>
> Chris:
>
> We inherited this web application from previous vendor IBM.The original 
> version of hibernate related jars are: cglib-2.1.jar, ehcache-1.1.jar, 
> hibernate3.jar(3.1.0)
>
> This web application was deployed to WebSphere server and it works fine so 
> far, but now our client need to switch to Tomcat server. The web application 
> works okay in my local Tomcat 9.0.13 server in eclipse, but when I deploy it 
> to our web server, those errors occur when I start the server.

1. Why not the current version of Tomcat 9 (9.0.22) ?

2. Does the class mentioned in a NoClassDefFoundError exist in exactly
one of the jars that you are using (and no more than one jar)?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: WAR file not deploying correctly

2019-07-20 Thread Konstantin Kolinko
пт, 19 июл. 2019 г. в 12:47, Victor WILLART :
>
> Hi everybody,
>
>
> I am using Tomcat 8.0, and I am struggling to replace and deploy a WAR file.
>

Tomcat 8.0 has reached End of Life and should not be used anymore. The
replacements are Tomcat 8.5 and 9.0.

>
> I made a new WAR file, named it like the old one, and replaced it in my 
> webapps folder. But the new generated folder for my application is just 
> containing a single folder "config" which is empty. All the other folders and 
> files are missing … I tried also to deploy it through the Tomcat Manager and 
> it happened the same.
>
>
> I don't think my war file is wrong since I have a back up folder of my app 
> that was working perfectly before trying this, and the back up WAR file isn't 
> working neither.  Only replacing the deployed folder by the deployed folder 
> from back up makes my app work again correctly.
>
>
> If you have any hints or guesses about this, I would gladly try them.
>

1. A WAR file is effectively a ZIP archive (with minor differences
like using UTF-8 to encode file names). The first thing Tomcat does
when you deploy the web application is to unpack the file.  You can
perform this step manually using the "jar"utility from JDK.

If you unpack the file manually, you would better remove the war file
from the webapps directory (or at least rename its extension), so that
auto-deployment does not interfere.

It may be that your war file is broken, or does not contain anything
besides the "config" directory. The "t" command of the jar utility can
be used to test the war file and to list its contents (as suggested by
Christopher).

2. When you undeploy a web application, make sure that all its files
(in webapps and in work directory) are removed. The "config" directory
may remain from an incomplete undeployment.

E.g. if the files in the config directory are owned by root user and
cannot be deleted by the user running Apache Tomcat.

3. I hope that you do not run two copies of Tomcat over the same
webapps directory at the same time.

4. Read the logs.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: HTTP to HTTPS redirect not happening

2019-07-20 Thread Konstantin Kolinko
сб, 20 июл. 2019 г. в 17:47, Richard Huntrods :
>
> OK. That was really weird.
>
> As I said in my message, following the directions on the web did NOT
> work. It didn't force redirection from http to https.
>
> What it DID end up doing was to kill the tomcat servlet application.
> Before the change it was working fine, and after the change it would
> only generate a 404 page.
>
> I reverted to the original /conf/web.xml, restarted tomcat and the
> servlet application is back up and running perfectly.
>
> So this code in /conf/web.xml affected the servlet but not the ROOT
> static web pages.

1. The web.xml file and its behavior are defined in the Servlet Specification.

Some random instructions on the net have to be used carefully.

2. The web.xml file is the one in your web application (WEB-INF/web.xml).

The /conf/web.xml file provides defaults for all web applications, and
SHOULD not be edited. (The /conf/context.xml should not be exited as
well. That is another frequent error.).

Those defaults are merged with the web.xml file of your web
application using merging rules defined in the Servlet Specification.

There is an option, "logEffectiveWebXml" [1] that turns on logging of
the merged web.xml file.

3. Beware of typos.

The tag "" is misspelled.

There is an option, "xmlValidation" [1] that turns on automatic
validation of web.xml against the XML schema specified in that file.

(Personally, I usually run with
org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
and that turns "xmlValidation" on as well).

4. Top-posting is bad.

[1] http://tomcat.apache.org/tomcat-9.0-doc/config/context.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat and openjdk as windows service

2019-07-19 Thread Konstantin Kolinko
пт, 19 июл. 2019 г. в 15:02, Lemke, Michael ST/HZA-ZIC2
:
>
> I have tomcat (9.0.22) running as a service on Windows with Oracle's Java 8. 
> I now want to move this to OpenJdk 12 to keep current and I have quite some 
> problems to have tomcat find the OpenJdk installation. With Oracle it just 
> worked with the Jvm=auto option for the tomcat service. With OpenJdk I only 
> got it to work by messing around with JAVA_HOME, which is no fun especially 
> for services. Without it tomcat doesn't find Java or uses Oracle's if I don't 
> remove it first.
>
> Now is this a tomcat problem or a OpenJdk installation problem?
>
> For OpenJdk I used
>
> https://github.com/ojdkbuild/ojdkbuild/releases/download/12.0.1-1/java-12-openjdk-12.0.1.12-1.windows.ojdkbuild.x86_64.msi
>
> and have the installer set the Windows Registry entries under JavaSoft
>
> HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\JDK\12.0.1
>
> From what I found on the net these Registry settings changed with Java 9.
>

I use OpenJDK 12.0.1 on Windows with Tomcat 9, successfully.

I am using a build of OpenJDK that was packed as a zip file, so that
is from a different vendor than yours.
I cannot comment on all steps of your experience with installer, but
here are a few comments/ pointers


1. I installed Tomcat as a service using "service.bat" file included
with Tomcat.

The JAVA_HOME environment variable is used by "service.bat" file only.
I set it at command prompt before running the service.bat file. E.g.

set JAVA_HOME=C:\Programs\java-12

There is no need to set the variable globally. Your frustration is uncalled for.

2. The path to Java can be edited via a GUI configuration dialog for
the service runner. The dialog is shown when you run "tomcat9w.exe".


3. The service runner is provided by Apache Commons Daemon project and
is used by Apache Tomcat (and other projects) "as is". (The service
runner for Windows is called "Procrun" within that project.)

http://commons.apache.org/proper/commons-daemon/procrun.html

"tomcat9.exe" and "tomcat9w.exe" are renamed copies of "prunsrv.exe"
and "prunmgr.exe" respectively.

I do not remember how procrun searches for Java jvm.dll. I's been a
long time since I studied their source code. If that algorithm could
be improved, it is an issue with Apache Commons Daemon project.

If some documentation is lacking, it could be improved in Apache Tomcat project.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



  1   2   3   4   5   6   7   8   9   10   >